Time Nick Message 07:08 dievri Hello. I'm struggling with custom auth handler. I store password remotely. If it is no password, I return null both in geth_auth and create_auth. But for the very first time, it is possible to login for everyone, every name/pass pair. Or in which function I need to return is user is succeeded to login? 08:11 dievri or, at least, how to access player new password hash outside create_auth function? 09:13 sfan5 doesn't the engine store the new password after the player successfully logs in? 10:22 dievri as far as I understood, If both get_auth and create_auth return nil, then player successfully logs in. 14:57 specing Is it possible to control tool use in CSMs? 14:57 specing i.e. to implement a crude client-side worldedit? 15:01 specing all I saw were chat mods and stuff 15:10 sfan5 I don't know exactly what you are referring to but I'm pretty sure the answer is no 15:18 MTDiscord <11I​hrFussel> Can someone explain to me in what cases it's possible in 5.1 to execute functions inside minetest.deserialize()? 15:18 MTDiscord <11I​hrFussel> I mean malicious code execution 15:19 MTDiscord <11I​hrFussel> Example: I have a command and accept an arbitrary string from it and store that in my file to later retrieve it as a table value again...is an exploit ossible there? 15:20 sfan5 you only have an issue if you put something an user wrote into minetest.deserialize 15:20 specing sfan5: I'd like to write a script to place blocks in a pattern 15:20 sfan5 of course this doesn't apply if you serialize user input and then deserialize it at some point later 15:21 specing sfan5: with switching of inventory stacks and occasional consumption of food 15:21 sfan5 definitely not possible with CSM 15:21 specing D: 15:21 MTDiscord <11I​hrFussel> Okay so ANY user input via a command is safe from exploitation? 15:22 sfan5 if you don't do weird things like wanting the user to enter a lua table, sure 15:23 sfan5 by the way the only possible exploit with unsafe deserialize is to freeze your server 15:24 MTDiscord <11I​hrFussel> I basically just store param from register_chatcommand() in a table and write that to a file and on restart I load that file to turn the string into a table again...so no matter what my users enter as 'param' I can safely process it right? 15:24 sfan5 yes 15:24 specing sfan5: are there any plans to make that possible in CSMs? 15:26 sfan5 specing: unlikely, automated client-side behaviour is easily abused 15:26 sfan5 and making such things possible isn't the long term goal of CSM 15:27 specing What is the long term goal? 15:28 sfan5 letting the server improve the experience by having server mods that provide a component to run on the client 15:31 specing sfan5: how hard would it be to modify minetest to add the required api for this? 15:31 sfan5 not hard 15:32 sfan5 in fact, a hack/cheat client I'm aware of has already done this 15:32 specing excellent 15:32 specing where can one get those patches? 15:34 sfan5 ... 15:35 specing ? 16:28 dievri How to prevent automatic login aftrer create_auth? 16:30 Krock return as string here: https://github.com/minetest/minetest/blob/master/doc/lua_api.txt#L4578 16:30 Krock s/ as / a / 16:32 dievri I can call this func myself? 16:35 Krock you register a callback in one of your mods 16:38 IronOxidizer[m] How do I build devtest? When I build minetest, it says `Game specified in default_game [minetest] is inavlid` 16:38 Krock you don't need to build Lua code 16:38 Krock devtest is a game for the Minetest engine 16:38 Krock which is now called "minimal", and is integrated in 5.3.0 or newer 16:39 IronOxidizer[m] How do I specifiy it? 16:39 Krock https://github.com/minetest/minetest/blob/master/minetest.conf.example#L1274 16:39 Krock minetest.conf : default_game = devtest 16:39 IronOxidizer[m] Ah, thanks 16:39 IronOxidizer[m] Missed that 16:39 Krock !next 16:39 MinetestBot Another satisfied customer. Next! 16:42 IronOxidizer[m] Hmm, still says the same error `Game specified in default_game [minetest] is inavlid` 16:43 Krock which minetest.conf did you edit? 16:44 Krock did you close all minetest(server) instances prior editing? 16:44 IronOxidizer[m] Nvm I wrote it to the wrong dir 16:44 IronOxidizer[m] I'm guessing I need to build minetest with a server to play locally 16:44 Krock the minetest client includes a server 16:44 IronOxidizer[m] Cause now i don't get any errors, but nothing happns 16:45 Krock otherwise you couldn't play singleplayer mode 16:45 IronOxidizer[m] Yeah, I'm building with `BUILD_SERVER=NO` in cmake 16:45 Krock doesn't matter. it's forced to YES when building a client 16:46 IronOxidizer[m] I wonder what's happening then 16:46 Krock actually. I'm not sure about that. there's for sure server code in the client, but I don't know whether that's in direct relation to BUILD_SERVER 16:46 Krock anyway 16:46 Krock minetest --server --worldname "mycoolworld" should start a server 16:47 Krock and minetest --go --address "" joins a local server (if you're using <5.3.0) 16:48 IronOxidizer[m] Hmm, the client starts then instantly closes with no errors 16:48 IronOxidizer[m] The server is running fine though 16:49 Krock well then.. use the GUI to join it manually 16:49 IronOxidizer[m] The GUI is launched by simply running ./minetest correct? 16:50 Krock yes... just try it 16:50 IronOxidizer[m] I've tried that already, no window appears 16:50 IronOxidizer[m] And it exits with no errors 16:50 dievri In create_auth I have some condition, if not met, I would not like user create account. But, whatever I do (returning nil, false, invalid pass), user actually logs in to the server.... 16:50 Krock what OS are you using? 16:50 Krock ChromeOS: https://github.com/minetest/minetest/issues/10216 16:51 IronOxidizer[m] aarch64 musl postmarketOS 16:51 sfan5 is that a phone or? 16:51 IronOxidizer[m] Yeah 16:52 Krock dievri: all you could try is to kick the player, but it's really not the right place to perform such checks 16:53 sfan5 it probably fails to create the irrlicht device or some stupid thing and there's no log message 16:53 dievri where I can check? 16:53 Krock dievri: in on_prejoinplayer. you can check whether the player is already registered there - using the auth functions, and skip your checks for existing accounts 16:54 dievri but I need to check a password hash, which is just in create_auth accessable to me 16:55 dievri oh, wait ... 16:55 Krock why? 16:55 Krock there's also default_password to restrict access by defualt: https://github.com/minetest/minetest/blob/master/minetest.conf.example#L1314 16:56 Krock though players will have to rejoin in order to change their password (known issue) 16:58 sfan5 IronOxidizer[m]: does it say anything useful when ran with --verbose 16:59 dievri in create_auth info I use user credentials to login to external resource, where I also store their info. If response it ok, than they are allowed to login to minetest server. 17:02 Krock async login process... uh, I have no idea how to approach this 17:03 Krock I'd perhaps send a request on joinplayer, and remove the auth if a denying answer arrives from the remote service 17:03 Krock which the results in the player being kicked, or having reduced privileges 17:04 dievri now way stop login from create_auth? 17:04 dievri *no 17:05 Krock I don't think so 17:05 IronOxidizer[m] sfan5: Looks like everything works fine until a random `Irrlicht: Quit messaged recieved` and everything stops 17:05 Krock at least I never tried that. perhaps there's a way, but I cannot help you further there 17:06 Krock IronOxidizer[m]: was a debug.txt file created? do you have gdb installed (by any chance?)? 17:06 Krock might also be worth trying Lua instead of LuaJIT (if that was used) 17:06 IronOxidizer[m] A debug.txt was created but no useful information was given other than `2020-09-23 18:48:09: [Main]: Automatically selecting world at [/home/user/minetest/bin/../worlds/world] 17:06 IronOxidizer[m] ` 17:07 Krock seems to be the output from minetest --server 17:14 MinetestBot 02[git] 04v-rob -> 03minetest/minetest: Replace MyEventReceiver KeyList with std::unordered_set (#10419) 13787561b https://git.io/JUgHw (152020-09-23T17:12:20Z) 17:14 MinetestBot 02[git] 04tenplus1 -> 03minetest/minetest: Ability to remove minetest.after once set (#10103) 1334e3ede https://git.io/JUgHr (152020-09-23T17:11:56Z) 17:36 IronOxidizer[m] Sweet, I got it working. The issue was irrlicht isn't compatible with xwayland so I had to switch over to openbox 17:36 IronOxidizer[m] 1 major problem, I'm in game and I hear sounds and everything perfectly, but I can't get the debug menu (f5) to showup and I don't see any blocks or particle effects. Just the skybox 17:37 IronOxidizer[m] Actually, I don't know if it's a skybox, just blue when I look up, and dark grey when I look down 17:38 Krock if you can change your view, F5 must work too 17:38 Krock means the server has troubles with mapgen. check debug.txt for new logs 17:38 IronOxidizer[m] I force enabled it in adanved settings 17:38 IronOxidizer[m] Works 17:38 IronOxidizer[m] ~12 FPS, nice 17:39 Krock ouch 17:39 IronOxidizer[m] Still not blocks rendering though 17:39 Krock how about joining other servers? does that work? 17:39 IronOxidizer[m] I mean, I am playing on a PinePhone. Just getting this work is pretty nice 17:39 IronOxidizer[m] Yeah, I joined other servers, still no block rendering 17:39 Krock disable shaders? 17:39 IronOxidizer[m] They are disabled 17:40 IronOxidizer[m] Tried both enabled and disabled 17:41 IronOxidizer[m] I can see the block info in the debug stats, I can hear the grass sounds when walking, and I can see my fps go up when I look at the floor or ceiling. 17:41 IronOxidizer[m] So something weird is going on 17:41 Krock try the "software" render 17:42 Krock interesting 17:43 IronOxidizer[m] Oh, lol. I checked the logs. ALl the textures are "fully transparent" 17:44 IronOxidizer[m] Where do I get textures from? 17:49 IronOxidizer[m] Nvm, regardless of the texturepack I use, the textures are invisible 18:00 Elon_Sat0shi so i just heard that among us has cheaters now, sounds like imposter cheaters can disable the kill cooldown and kill all the crewmates instantly 18:00 Elon_Sat0shi I hope the devs implement a server-side timer or something 18:01 Elon_Sat0shi It reminded me about how Minetest is more secure about not trusting the user 18:04 dievri Why player still online, when get_auth returning nil? 18:04 Elon_Sat0shi hmm, no clue 18:06 rubenwardy the auth data isn't continuely checked 18:06 rubenwardy like, the player doesn't continuously authenticate 18:06 rubenwardy once they're connected, that's it 18:06 rubenwardy you can kick them 18:08 dievri get_auth gets called constantly 18:09 dievri I put return nil both in create_auth and get_auth, and player still logs in 18:13 Krock return values are sometimes simply ignored 18:14 Krock handled return values are documented. 18:15 dievri I can't understand logic or flow of the auth 18:19 rubenwardy seems weird for it to be called constantly 18:19 rubenwardy wait, privileges 18:19 rubenwardy get_auth contains privileges 18:19 rubenwardy privileges will be checked almost constantly 18:22 dievri I don't quite understand, how to stop player login process, if create_auth fails. 18:22 Krock perhaps create_auth must not fail 18:23 dievri hmm, it's true also for get_auth 20:58 MinetestBot 02[git] 04orbea -> 03minetest/minetest_game: Furnace: Start the timer on on_metadata_inventory_take (#2639) 13dd91a1b https://git.io/JUgAN (152020-09-23T20:58:09Z) 23:12 MinetestBot 02[git] 04paramat -> 03minetest/minetest: Fix horizontal/vertical merging bug of hardware-colored framed glass … 139bff154 https://git.io/JUgjX (152020-09-23T23:10:50Z)