--- deliantra/server/ext/login.ext 2012/11/08 00:16:07 1.118 +++ deliantra/server/ext/login.ext 2012/11/19 01:13:49 1.131 @@ -4,12 +4,18 @@ use Fcntl; use Coro::AIO; +use Deliantra::Util (); CONF MAX_DISCONNECT_TIME = 3600; -# paranoia function to overwrite a string-in-place -sub nuke_str { - substr $_[0], 0, (length $_[0]), "x" x length $_[0] +our $VALID_LOGIN = qr<^[a-zA-Z0-9][a-zA-Z0-9\-_]{2,19}\z>; +our %LOGIN_LOCK; + +# utility function to send messages to the client before +# we have a player object to format them for. does not +# escape anything. +sub send_log ($$$) { + $_[0]->send_packet ("msg $_[2] log $_[1]"); } sub query { @@ -31,24 +37,18 @@ || $age > 700 * 86400 # 2 years for everybody else } -sub check_playing { - my ($ns, $user) = @_; +# return a guard object for a lock on the given username, if available +sub login_guard { + my ($user) = @_; - return unless cf::player::find_active $user; + exists $LOGIN_LOCK{$user} + and return undef; - $ns->send_drawinfo ( - "That player is already logged in on this server. " - . "If you want to create a new player, choose another name. " - . "If you have already a registered, make sure nobody " - . "else is using your account at this time. If you lost your connection " - . "then the server will likely timeout within a minute. If you still " - . "cannot log-in after a minute, you are still logged in. Make sure " - . "you do not have another client running. If you use windows, reboot, " - . "this will fix anything.", - cf::NDI_RED - ); + cf::player::find_active $user + and return undef; - 1 + undef $LOGIN_LOCK{$user}; + Guard::guard { delete $LOGIN_LOCK{$user} } } sub safe_spot($) { @@ -65,11 +65,6 @@ $m->linkable or return 1; -# return 0;#d# -# warn join ":", $m->at ($x, $y);#d# -# warn "FOO$m { ".scalar ($m->at ($x, $y))." }\n"; -# return 0; - scalar grep $_->type == cf::SAVEBED, $m->at ($x, $y) } @@ -101,7 +96,7 @@ . "Unfortunately, nobody was near to help you when the monsters arrived to eat you. " . "Maybe you can find comfort in the thought that your body was quite satisfying in taste... " . "H", - cf::NDI_RED + cf::NDI_RED | cf::NDI_REPLY ); # kill them. # reminds me of the famous badness 10000 syndrome... @@ -115,7 +110,7 @@ . "Fortunately, some friendly dwellers found you, checked your passport, and brought you to safety. " . "Better use a savebed next time, much worse things could have happened... " . "H", - cf::NDI_RED + cf::NDI_RED | cf::NDI_REPLY ); } } else { @@ -124,7 +119,7 @@ . "as lots of things could happen when you leave by other means, such as cave-ins, " . "or monsters suddenly snapping your body. Better use a savebed next time. " . "H", - cf::NDI_RED + cf::NDI_RED | cf::NDI_REPLY ); } } @@ -133,10 +128,7 @@ } sub encode_password($) { -# crypt $_[0], -# join '', -# ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[(cf::rndm 64), (cf::rndm 64)] - "!" . unpack "H*", $_[0] + unpack "H*", Deliantra::Util::hash_pw $_[0] } sub compare_password($$) { @@ -162,10 +154,129 @@ IO::AIO::aio_rmtree $temp; } +sub login { + my ($pl) = @_; + + # handle character creation, if neccessary + # the rest of this function is character creation + + my $ns = $pl->ns; + my $ob = $pl->ob; + + if ($pl->{chargen} eq "init") { + $ob->goto ($pl->maplevel, $ob->x, $ob->y); + + # create the playerdir, if necessary, as chargen_race_done did it before + # presumably because of unique maps + aio_mkdir playerdir $pl, 0770; + delete $pl->{deny_save}; # set by new + $pl->save; + + $pl->{chargen} = "stats"; + } + + if ($pl->{chargen} eq "stats") { + while () { + $ob->update_stats; + $pl->save_stats; + + my $res = query $ns, cf::CS_QUERY_SINGLECHAR, + "[y] to roll new stats [n] to use stats\n[1-7] [1-7] to swap stats.\nRoll again (y/n/1-7)?"; + + if ($res =~ /^[Nn]/) { + last; + } elsif ($res > 0 && $res <= 7) { + my $swap = query $ns, cf::CS_QUERY_SINGLECHAR, "Swap stat with (will not roll new stats) [1-7]?"; + + if ($swap > 0 && $swap <= 7) { + $ob->swap_stats ($res - 1, $swap - 1); + } + } else { + $ob->roll_stats; + } + + Coro::Timer::sleep 0.05; + } + + $ob->set_animation (2); + $ob->add_statbonus; + + $pl->{chargen} = "race"; + } + + if ($pl->{chargen} eq "race") { + while () { + $ns->send_msg ("chargen-race-title", ucfirst $pl->title, -1); + my $msg = $ob->msg; + $msg =~ s/(?<=\S)\n(?=\S)/ /g; + $ns->send_msg ("chargen-race-description", $msg, cf::NDI_BLUE); + + my $res = query $ns, cf::CS_QUERY_SINGLECHAR, + "Now choose a character.\nPress any key to change outlook.\nPress `d' when you're pleased.\n"; + + last if $res =~ /[dD]/; + + $pl->chargen_race_next; + Coro::Timer::sleep 0.05; + } + + $pl->chargen_race_done; + $pl->{chargen} = "gender"; + } + + if ($pl->{chargen} eq "race") { + while () { + my $res = query $ns, cf::CS_QUERY_SINGLECHAR, + "Now choose a gender.\nPress 'f' to become female, and 'm' to become male.\n"; + + if ($res =~ /^[fF]/) { + $pl->gender (1); + last; + } elsif ($res =~ /^[mM]/) { + $pl->gender (0); + last; + } + Coro::Timer::sleep 0.05; + } + $pl->{chargen} = "done"; + } + + $ns->state (cf::ST_PLAYING); + + if ($pl->{chargen} eq "done") { + # XXX: Workaround for delayed client ext protocol handshake + $pl->esrv_new_player; + + $pl->{chargen} = "done"; + } + + $ob->reply (undef, "Welcome to Deliantra!"); + + if (0 < Coro::AIO::aio_load "$cf::CONFDIR/motd", my $motd) { + $pl->ns->send_msg ("c/motd" => $motd, cf::NDI_CLEAR); + } +} + +sub chargen { + my ($ns, $user, $hash) = @_; + + # just to make sure nothing is left over + # normally, nothing is there. + nuke_playerdir $user; + + my $pl = cf::player::new $user; + $pl->password (unpack "H*", $hash); + $pl->connect ($ns); + + $pl->{chargen} = "init"; + + login $pl; +} + cf::client->attach (on_addme => sub { my ($ns) = @_; - $ns->pl and return $ns->destroy; + $ns->{addme}++ and return $ns->destroy; $ns->async (sub { $Coro::current->{desc} = "addme init"; @@ -175,73 +286,62 @@ $ns->send_packet ("addme_success"); for (;;) { - $ns->send_drawinfo ( + delete $ns->{login_guard}; + + send_log $ns, "Please enter your username now. If you are a new user, " . "make one up that describes your character best. " . "Only letters and digits are allowed, though.", - cf::NDI_BLUE - ); + cf::NDI_BLUE | cf::NDI_REPLY + ; # read username while () { $user = query $ns, 0, "What is your name? (login names are case-sensitive)\n:"; - if ($cf::LOGIN_LOCK{$user}) { - $ns->send_drawinfo ( - "That username is currently used in another login session. " - . "Chose another, or wait till the other session has ended.", - cf::NDI_RED - ); - } elsif ($user =~ /^[a-zA-Z0-9][a-zA-Z0-9\-_]{2,19}\z/) { + if ($user =~ $VALID_LOGIN) { last; } else { - $ns->send_drawinfo ( + send_log $ns, "Your username contains illegal characters " . "(only a-z, A-Z and 0-9 are allowed), " . "or is not between 3 and 20 characters in length.", - cf::NDI_RED - ); + cf::NDI_RED | cf::NDI_REPLY + ; } Coro::Timer::sleep 0.4; } - check_playing $ns, $user and next; - - $Coro::current->{desc} = "addme($user) pass"; + $Coro::current->{desc} = "addme($user)"; - $ns->send_drawinfo ( + send_log $ns, "Welcome $user, please enter your password now. " . "New users should now choose a password. " . "Anything your client lets you enter is fine.", - cf::NDI_BLUE - ); + cf::NDI_BLUE | cf::NDI_REPLY + ; # read password while () { $pass = query $ns, cf::CS_QUERY_HIDEINPUT, "What is your password?\n:"; last if $pass =~ /.../; - $ns->send_drawinfo ( + send_log $ns, "Try to use at least three characters as your password please, " . "that cannot be too much to ask for :)", - cf::NDI_RED - ); + cf::NDI_RED | cf::NDI_REPLY + ; Coro::Timer::sleep 0.4; } - # lock this username for the remainder of this login session - if ($cf::LOGIN_LOCK{$user}) { - $ns->send_drawinfo ( - "That username is currently used in another login session. " - . "Chose another, or wait till the other session has ended.", - cf::NDI_RED - ); - next; - } - local $cf::LOGIN_LOCK{$user} = 1; - - check_playing $ns, $user and next; - - $Coro::current->{desc} = "addme($user) check"; + $ns->{login_guard} = login_guard $user + or do { + send_log $ns, + "That user is already logged in (or is logging in)." + . "Chose another, or wait till the other session has ended.", + cf::NDI_RED | cf::NDI_REPLY + ; + next; + }; # try to read the user file and check the password if (my $pl = cf::player::find $user) { @@ -250,24 +350,24 @@ my $token = $pl->password; if ($cf::CFG{ext_login_nocheck} or compare_password $pass, $token) { - $pl->password (encode_password $pass); # make sure we store the new encoding #d# - nuke_str $pass; + # player exists and passwords match - we can proceed + # password matches, wonderful my $pl = cf::player::find $user or next; $pl->connect ($ns); enter_map $pl; - last; + login $pl; + return; } elsif (can_cleanup $pl, $mtime) { Coro::Timer::sleep 1; - $ns->send_drawinfo ( + send_log $ns, "Player exists, but password does not match. If this is your account, " . "please try again. If not, you can now decide to take over this account " . "because it has not been in-use for some time.", - cf::NDI_RED - ); + cf::NDI_RED | cf::NDI_REPLY + ; - #TODO: nuke_str (query $ns, cf::CS_QUERY_SINGLECHAR, "Delete existing account and create a new one (Y/N)?") =~ /^[yY]/ or next; @@ -279,15 +379,13 @@ # fall through to creation } else { - nuke_str $pass; - Coro::Timer::sleep 1; - $ns->send_drawinfo ( + send_log $ns, "Wrong username or password. Please try again " . "(check for Numlock and other semi-obvious error sources).", - cf::NDI_RED - ); + cf::NDI_RED | cf::NDI_REPLY + ; next; } } else { @@ -295,120 +393,132 @@ # check whether the player dir exists, which means the file is corrupted or # something very similar. if (!aio_stat cf::player::playerdir $user) { - $ns->send_drawinfo ( + send_log $ns, "Unable to retrieve this player. It might be a locked or broken account. " . "If this is your account, ask a dungeon master for assistance. " . "Otherwise choose a different login name.", - cf::NDI_RED - ); + cf::NDI_RED | cf::NDI_REPLY + ; next; } } - # the rest of this function is character creation - $Coro::current->{desc} = "addme($user) chargen"; - - # just to make sure nothing is left over - # normally, nothing is there. - nuke_playerdir $user; - my $pass2 = query $ns, cf::CS_QUERY_HIDEINPUT, "Please type your password again."; if ($pass2 ne $pass) { - nuke_str $pass; - nuke_str $pass2; - $ns->send_drawinfo ( + send_log $ns, "The passwords do not match, please try again.", - cf::NDI_RED - ); + cf::NDI_RED | cf::NDI_REPLY + ; Coro::Timer::sleep 0.5; next; } - nuke_str $pass2; - - my $pl = cf::player::new $user; - $pl->password (encode_password $pass); - nuke_str $pass; - $pl->connect ($ns); - my $ob = $pl->ob; - - $ob->goto ($pl->maplevel, $ob->x, $ob->y); - - while () { - $ob->update_stats; - $pl->save_stats; - - my $res = query $ns, cf::CS_QUERY_SINGLECHAR, - "[y] to roll new stats [n] to use stats\n[1-7] [1-7] to swap stats.\nRoll again (y/n/1-7)?"; - - if ($res =~ /^[Nn]/) { - last; - } elsif ($res > 0 && $res <= 7) { - my $swap = query $ns, cf::CS_QUERY_SINGLECHAR, "Swap stat with (will not roll new stats) [1-7]?"; - - if ($swap > 0 && $swap <= 7) { - $ob->swap_stats ($res - 1, $swap - 1); - } - } else { - $ob->roll_stats; - } - - Coro::Timer::sleep 0.05; - } + last; + } - $ob->set_animation (2); - $ob->add_statbonus; + chargen $ns, $user, Deliantra::Util::hash_pw $pass; + }); +}); - while () { - $ns->send_msg ("chargen-race-title", ucfirst $pl->title, -1); - my $msg = $ob->msg; - $msg =~ s/(?<=\S)\n(?=\S)/ /g; - $ns->send_msg ("chargen-race-description", $msg, cf::NDI_BLUE); +cf::client->attach ( + on_version => sub { + my ($ns, $arg) = @_; + + # perl probably uses lrand48, which is not secure at all + # maybe require linux and use /dev/urandom. + $ns->{nonces} = [map { join "", map { chr rand 256 } 0..63 } 1..2]; + $ns->ext_msg (nonces => @{ $ns->{nonces} }); + }, +); - my $res = query $ns, cf::CS_QUERY_SINGLECHAR, - "Now choose a character.\nPress any key to change outlook.\nPress `d' when you're pleased.\n"; +cf::register_async_exticmd create_login => sub { + my ($ns, $reply, $user, $pass) = @_; - last if $res =~ /[dD]/; + $ns->{addme}++ and return $ns->destroy; - $pl->chargen_race_next; - Coro::Timer::sleep 0.05; - } + $ns->async (sub { + my $fail = sub { + $reply->(0, $_[0]); + $ns->flush; # does not ensure that the data reaches the client - TODO + # need to do this in another thread, as this one gets canceled + Coro::async_pool { + Coro::AnyEvent::sleep 0.1; # TODO, see above, extra hack + $ns->destroy if $ns->valid; + }; + Coro::schedule; # do the destroy, should not return + }; + + $user =~ $VALID_LOGIN + or return $fail ( + "Your username contains illegal characters (only a-z, A-Z and 0-9 are allowed), " + . "or is not between 3 and 20 characters in length." + ); - # create the playerdir, if necessary, as chargen_race_done did it before - # presumably because of unique maps - aio_mkdir playerdir $pl, 0770; - $pl->chargen_race_done; + $ns->{login_guard} = login_guard $user + or return $fail->("User name '$user' is in use - try another login name."); - while () { - my $res = query $ns, cf::CS_QUERY_SINGLECHAR, - "Now choose a gender.\nPress 'f' to become female, and 'm' to become male.\n"; + cf::player::find $user + and return $fail->("User name '$user' is already registered - choose another login name."); - if ($res =~ /^[fF]/) { - $pl->gender (1); - last; - } elsif ($res =~ /^[mM]/) { - $pl->gender (0); - last; - } - Coro::Timer::sleep 0.05; - } + $reply->(1, "Account Created"); - $ob->reply (undef, "Welcome to Deliantra!"); + chargen $ns, $user, $pass; + }); +}; - # XXX: Workaround for delayed client ext protocol handshake - $pl->esrv_new_player; +cf::register_async_exticmd login => sub { + my ($ns, $reply, $user, $hash) = @_; - delete $pl->{deny_save}; + $ns->{addme}++ and return $ns->destroy; - last; - } + $ns->async (sub { + $Coro::current->{desc} = "login($user)"; - if (0 < Coro::AIO::aio_load "$cf::CONFDIR/motd", my $motd) { - $ns->send_msg ("c/motd" => $motd, cf::NDI_CLEAR); - } + my $fail = sub { + $reply->(0, $_[0]); + $ns->flush; # does not ensure that the data reaches the client - TODO + # need to do this in another thread, as this one gets canceled + Coro::async_pool { + Coro::AnyEvent::sleep 0.1; # TODO, see above, extra hack + $ns->destroy if $ns->valid; + }; + Coro::schedule; # do the destroy, should not return + }; + + $ns->{login_guard} = login_guard $user + or return $fail->("User '$user' is currently playing or logging in in another session. If that is your " + . "user name, make sure you are not running two clients. When in doubt, reboot."); + + # try to read the user file and check the password + my $pl = cf::player::find $user + or return $fail->("User '$user' does not exist - wrong spelling?"); + + aio_stat $pl->path + and return $ns->destroy; + + my $mtime = (stat _)[9]; + my $token = $pl->password; + + $token = $token =~ /^!/ + ? Deliantra::Util::hash_pw pack "H*", substr $token, 1 + : pack "H*", $token; + + $token = Deliantra::Util::auth_pw $token, $ns->{nonces}[0], $ns->{nonces}[1]; + + $token eq $hash + or $cf::CFG{ext_login_nocheck} + or return $fail->("User exists, but the password doesn't match - check your spelling, NumLock/CapsLock etc."); + + # player exists and passwords match - we can proceed + + $reply->(1, "Success"); + + $pl->connect ($ns); + enter_map $pl; + login $pl; }); -}); +}; cf::register_command password => sub { my ($pl, $arg) = @_; @@ -420,6 +530,11 @@ return; } + $pl->message (#d# + "Passwords cannot currently be changed.",#d# + cf::NDI_UNIQUE | cf::NDI_REPLY);#d# + return;#d# + my (@args) = split /\s+/, $arg; my ($player, $new_pw) = @args;