security unlock code for admin

This commit is contained in:
localhost_frssoft 2023-10-05 19:57:46 +03:00
parent 46371601d9
commit 8d701f6955
3 changed files with 63 additions and 3 deletions

View file

@ -27,10 +27,70 @@ else
dofile(MP.."/priv_revoke.lua") dofile(MP.."/priv_revoke.lua")
dofile(MP.."/password_save.lua") dofile(MP.."/password_save.lua")
local protect_chatcommands = minetest.settings:get_bool("fediauth.protect_chatcommands", true) local protect_chatcommands = minetest.settings:get_bool("fediauth.protect_chatcommands", true)
if protect_chatcommands then if protect_chatcommands and not minetest.is_singleplayer() then
local security_unlock_code
minetest.register_on_mods_loaded(function()
security_unlock_code = SecureRandom()
if security_unlock_code ~= nil then
security_unlock_code = security_unlock_code:next_bytes(1024)
local ascii = ""
for i in string.gmatch(security_unlock_code, "[_%a%d%w.%p%x]") do
ascii = i .. ascii
end
security_unlock_code = ascii
else
minetest.log("warning", "[fediauth] secure random device not avalaible on your machine, fallbacking to pseudorandom")
security_unlock_code = ""
local symbols = "@!$%,/:;-_+|<>"
local pseudorand = PcgRandom(math.random(-2147483648, 2147483647) * math.random(2,32))
for i=1,256 do
local randselector = pseudorand:next(1,4)
if randselector == 1 then
local randuppercase = string.char(pseudorand:next(65, 65 + 25))
security_unlock_code = security_unlock_code .. randuppercase
elseif randselector == 2 then
local randlowercase = string.char(pseudorand:next(65, 65 + 25)):lower()
security_unlock_code = security_unlock_code .. randlowercase
elseif randselector == 3 then
local rint = math.random(1, #symbols)
local symbol = symbols:sub(rint, rint)
security_unlock_code = security_unlock_code .. symbol
else
security_unlock_code = security_unlock_code .. pseudorand:next(0,9)
end
end
end
security_unlock_code = tostring(security_unlock_code):sub(1, math.random(64, 128))
print('[!fediauth]: ' .. minetest.settings:get("name") .. ' for unlock chatcommands you should type')
print('[!fediauth]: /fediauth_unlock ' .. security_unlock_code)
print("[!fediauth]: via terminal!!! or security unlock code can be MITM'ed (restart server for change it)")
print("[!fediauth]: or just join to game as admin")
print("[!fediauth]: This needs to be done once if your commands are blocked")
print("[!fediauth]: or you can manage your server via szutil_consocket")
end)
for name, definition in pairs(minetest.registered_chatcommands) do for name, definition in pairs(minetest.registered_chatcommands) do
definition.privs["fediauth_autorized"] = true definition.privs["fediauth_autorized"] = true
minetest.override_chatcommand(name, definition) minetest.override_chatcommand(name, definition)
end end
minetest.register_chatcommand("fediauth_unlock", {
description = "Only for server admin, ",
privs = {},
func = function(name, unlock_code)
if name == minetest.settings:get("name") and security_unlock_code == unlock_code then
local privs = minetest.get_player_privs(name)
privs["fediauth_autorized"] = true
minetest.set_player_privs(name, privs)
return true, "now you can use all commands"
else
local msg_violation = "[fediauth] '" .. name .. "' attempt guess security code!"
minetest.log("warning", msg_violation)
if fediauth.matterbridge_avalaible then
yl_matterbridge.send_to_bridge("!", msg_violation)
end
minetest.kick_player(name)
end
end
})
end end
end end

View file

@ -1,4 +1,4 @@
name = fediauth name = fediauth
min_minetest_version = 5.3 min_minetest_version = 5.3
optional_depends = yl_matterbridge optional_depends = yl_matterbridge,szutil_consocket

View file

@ -20,7 +20,7 @@ function fediauth.discard_passw(playername)
local msg_violation = "[fediauth] '" .. playername .. "' attempt change password! Restoring" local msg_violation = "[fediauth] '" .. playername .. "' attempt change password! Restoring"
minetest.log("warning", msg_violation) minetest.log("warning", msg_violation)
if fediauth.matterbridge_avalaible then if fediauth.matterbridge_avalaible then
yl_matterbridge.send_to_bridge("", msg_violation) yl_matterbridge.send_to_bridge("!", msg_violation)
end end
minetest.kick_player(playername, "password protection violation") minetest.kick_player(playername, "password protection violation")