master #7

Merged
BRNSystems merged 95 commits from Mirrorlandia_minetest/minetest:master into master 2024-01-28 00:16:42 +01:00
4 changed files with 23 additions and 15 deletions
Showing only changes of commit 432988a4ad - Show all commits

@ -19,6 +19,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
#include <sstream> #include <sstream>
#include "clientiface.h" #include "clientiface.h"
#include "debug.h"
#include "network/connection.h" #include "network/connection.h"
#include "network/serveropcodes.h" #include "network/serveropcodes.h"
#include "remoteplayer.h" #include "remoteplayer.h"
@ -31,6 +32,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
#include "server/player_sao.h" #include "server/player_sao.h"
#include "log.h" #include "log.h"
#include "util/srp.h" #include "util/srp.h"
#include "util/string.h"
#include "face_position_cache.h" #include "face_position_cache.h"
static std::string string_sanitize_ascii(const std::string &s, u32 max_length) static std::string string_sanitize_ascii(const std::string &s, u32 max_length)
@ -649,6 +651,14 @@ void RemoteClient::resetChosenMech()
chosen_mech = AUTH_MECHANISM_NONE; chosen_mech = AUTH_MECHANISM_NONE;
} }
void RemoteClient::setEncryptedPassword(const std::string& pwd)
{
FATAL_ERROR_IF(!str_starts_with(pwd, "#1#"), "must be srp");
enc_pwd = pwd;
// We just set SRP encrypted password, we accept only it now
allowed_auth_mechs = AUTH_MECHANISM_SRP;
}
void RemoteClient::setVersionInfo(u8 major, u8 minor, u8 patch, const std::string &full) void RemoteClient::setVersionInfo(u8 major, u8 minor, u8 patch, const std::string &full)
{ {
m_version_major = major; m_version_major = major;

@ -243,15 +243,14 @@ public:
AuthMechanism chosen_mech = AUTH_MECHANISM_NONE; AuthMechanism chosen_mech = AUTH_MECHANISM_NONE;
void *auth_data = nullptr; void *auth_data = nullptr;
u32 allowed_auth_mechs = 0; u32 allowed_auth_mechs = 0;
u32 allowed_sudo_mechs = 0;
void resetChosenMech(); void resetChosenMech();
bool isSudoMechAllowed(AuthMechanism mech)
{ return allowed_sudo_mechs & mech; }
bool isMechAllowed(AuthMechanism mech) bool isMechAllowed(AuthMechanism mech)
{ return allowed_auth_mechs & mech; } { return allowed_auth_mechs & mech; }
void setEncryptedPassword(const std::string& pwd);
RemoteClient(); RemoteClient();
~RemoteClient() = default; ~RemoteClient() = default;

@ -1515,8 +1515,7 @@ void Server::handleCommand_FirstSrp(NetworkPacket* pkt)
return; return;
} }
std::string initial_ver_key; std::string encpwd = encode_srp_verifier(verification_key, salt);
initial_ver_key = encode_srp_verifier(verification_key, salt);
// It is possible for multiple connections to get this far with the same // It is possible for multiple connections to get this far with the same
// player name. In the end only one player with a given name will be emerged // player name. In the end only one player with a given name will be emerged
@ -1529,9 +1528,11 @@ void Server::handleCommand_FirstSrp(NetworkPacket* pkt)
DenyAccess(peer_id, SERVER_ACCESSDENIED_ALREADY_CONNECTED); DenyAccess(peer_id, SERVER_ACCESSDENIED_ALREADY_CONNECTED);
return; return;
} }
m_script->createAuth(playername, initial_ver_key);
m_script->on_authplayer(playername, addr_s, true);
m_script->createAuth(playername, encpwd);
client->setEncryptedPassword(encpwd);
m_script->on_authplayer(playername, addr_s, true);
acceptAuth(peer_id, false); acceptAuth(peer_id, false);
} else { } else {
if (cstate < CS_SudoMode) { if (cstate < CS_SudoMode) {
@ -1550,12 +1551,13 @@ void Server::handleCommand_FirstSrp(NetworkPacket* pkt)
return; return;
} }
std::string pw_db_field = encode_srp_verifier(verification_key, salt); std::string encpwd = encode_srp_verifier(verification_key, salt);
bool success = m_script->setPassword(playername, pw_db_field); bool success = m_script->setPassword(playername, encpwd);
if (success) { if (success) {
actionstream << playername << " changes password" << std::endl; actionstream << playername << " changes password" << std::endl;
SendChatMessage(peer_id, ChatMessage(CHATMESSAGE_TYPE_SYSTEM, SendChatMessage(peer_id, ChatMessage(CHATMESSAGE_TYPE_SYSTEM,
L"Password change successful.")); L"Password change successful."));
client->setEncryptedPassword(encpwd);
} else { } else {
actionstream << playername << actionstream << playername <<
" tries to change password but it fails" << std::endl; " tries to change password but it fails" << std::endl;
@ -1606,7 +1608,8 @@ void Server::handleCommand_SrpBytesA(NetworkPacket* pkt)
AUTH_MECHANISM_LEGACY_PASSWORD : AUTH_MECHANISM_SRP; AUTH_MECHANISM_LEGACY_PASSWORD : AUTH_MECHANISM_SRP;
if (wantSudo) { if (wantSudo) {
if (!client->isSudoMechAllowed(chosen)) { // Right now, the auth mechs don't change between login and sudo mode.
if (!client->isMechAllowed(chosen)) {
actionstream << "Server: Player \"" << client->getName() << actionstream << "Server: Player \"" << client->getName() <<
"\" at " << getPeerAddress(peer_id).serializeString() << "\" at " << getPeerAddress(peer_id).serializeString() <<
" tried to change password using unallowed mech " << chosen << " tried to change password using unallowed mech " << chosen <<

@ -2902,13 +2902,9 @@ void Server::acceptAuth(session_t peer_id, bool forSudoMode)
NetworkPacket resp_pkt(TOCLIENT_AUTH_ACCEPT, 1 + 6 + 8 + 4, peer_id); NetworkPacket resp_pkt(TOCLIENT_AUTH_ACCEPT, 1 + 6 + 8 + 4, peer_id);
// Right now, the auth mechs don't change between login and sudo mode.
u32 sudo_auth_mechs = client->allowed_auth_mechs;
client->allowed_sudo_mechs = sudo_auth_mechs;
resp_pkt << v3f(0,0,0) << (u64) m_env->getServerMap().getSeed() resp_pkt << v3f(0,0,0) << (u64) m_env->getServerMap().getSeed()
<< g_settings->getFloat("dedicated_server_step") << g_settings->getFloat("dedicated_server_step")
<< sudo_auth_mechs; << client->allowed_auth_mechs;
Send(&resp_pkt); Send(&resp_pkt);
m_clients.event(peer_id, CSE_AuthAccept); m_clients.event(peer_id, CSE_AuthAccept);