diff --git a/src/clientiface.h b/src/clientiface.h index ec6ba9e9..f6c4294e 100644 --- a/src/clientiface.h +++ b/src/clientiface.h @@ -232,6 +232,7 @@ public: /* Authentication information */ std::string enc_pwd; + bool create_player_on_auth_success; AuthMechanism chosen_mech; void * auth_data; u32 allowed_auth_mechs; @@ -246,6 +247,7 @@ public: peer_id(PEER_ID_INEXISTENT), serialization_version(SER_FMT_VER_INVALID), net_proto_version(0), + create_player_on_auth_success(false), chosen_mech(AUTH_MECHANISM_NONE), auth_data(NULL), m_time_from_building(9999), diff --git a/src/network/serverpackethandler.cpp b/src/network/serverpackethandler.cpp index 5493dfec..f756d80e 100644 --- a/src/network/serverpackethandler.cpp +++ b/src/network/serverpackethandler.cpp @@ -263,6 +263,8 @@ void Server::handleCommand_Init(NetworkPacket* pkt) // Take care of default passwords. client->enc_pwd = getSRPVerifier(playerName, default_password); auth_mechs |= AUTH_MECHANISM_SRP; + // Create auth, but only on successful login + client->create_player_on_auth_success = true; } } @@ -1858,14 +1860,8 @@ void Server::handleCommand_FirstSrp(NetworkPacket* pkt) } std::string initial_ver_key; - std::string raw_default_password = g_settings->get("default_password"); - // If default_password is empty, allow any initial password - if (raw_default_password.length() == 0) { - initial_ver_key = encodeSRPVerifier(verification_key, salt); - } else { - initial_ver_key = getSRPVerifier(playername, raw_default_password); - } + initial_ver_key = encodeSRPVerifier(verification_key, salt); m_script->createAuth(playername, initial_ver_key); acceptAuth(pkt->getPeerId(), false); @@ -2072,5 +2068,19 @@ void Server::handleCommand_SrpBytesM(NetworkPacket* pkt) } } + if (client->create_player_on_auth_success) { + std::string playername = client->getName(); + m_script->createAuth(playername, client->enc_pwd); + + std::string checkpwd; // not used, but needed for passing something + if (!m_script->getAuth(playername, &checkpwd, NULL)) { + actionstream << "Server: " << playername << " cannot be authenticated" + << " (auth handler does not work?)" << std::endl; + DenyAccess(pkt->getPeerId(), SERVER_ACCESSDENIED_SERVER_FAIL); + return; + } + client->create_player_on_auth_success = false; + } + acceptAuth(pkt->getPeerId(), wantSudo); }