[Client Mod][WIP] Password manager

[est31]

A password manager mod, mostly targeted at people not afraid from the commandline and editing bare files. THIS IS A CLIENT MOD READ MORE BELOW

Installation
1. Get the 0.4.12 zip file, or the git master zip file if you run the latest minetest git.
2. Find a directory called "builtin". Its the directory the minetest executable resides.
2. Backup that directory to a safe place to not have to download minetest again if installation doesn't succeed, or your version isn't supported.
3. extract the zip file you downloaded, so that the directory "mainmenu" from the zip overlaps with the residing under "builtin", and the "pwmanager" directory is under "builtin". You will overwrite 2 files.
4. Write a password file called "password_list.txt". Save it into the "client" directory, which resides right next to your "worlds" and "mods" directories. Example see here.
How to use
Just set up your details in the password_list.txt, set the username, and log in with leaving the password entry blank.
Uninstallation
simply remove the "pwmanager" directory from the builtin directory. Note that this doesn't remove all traces, but as long as your version is supported, there are no functional changes. You remove all traces (except the "password_list.txt" by replacing the "builtin" directory with your backup.
Supported Minetest versions
Please run 0.4.12 for this client mod, or the latest git. Using with earlier versions will result in an error. Please be sure to make a backup of your "builtin" directory for fast uninstallation if the mod doesn't work.

Client mod
This isn't the usual server mod for minetest, its actually changing the client. Therefore this mod can't use usual deployment methods. Extracting it into the "mods" directory has no effect.

Other notes
License: LGPL v2.1+, source here.

Local server logins where the server runs in the same instance as the client aren't supported (yet).
The reason for making this as a mod and not a pull request is, that my hopes are low that this will get merged.

If there is a parsing error in the password_list.txt, the mod will note this, like other errors too, on the GUI and in the stdout.

Logins that should have a blank password don't work (yet), as the mod doesn't speak over the UI. You can set up those in the password_list.txt though, this should work.

The password_list.txt contains all your passwords in clear format and everybody that can open it can take your passwords.

If you have problems finding the right place for the password_list.txt, you can also change the location its stored by setting the "pwfile" value inside minetest.conf
Also, the default error message if the password file wasn't found will include something like "some_directory\mods\..\client\". The two dots ".." indicate that the real path to store them is "some_directory\client\".

You see, its still alot of WIP. I've posted this because I think it might be useful already now for some people, and I'm also happy to see any input on this.

Mod versions
0.1 first one
0.2 Show errors on GUI too
0.3 New password file format, please update. Also fixes error when logging in with a password without using the pwm.

[Xanthin]

Hello est31,
having a bunch of longer passwords for a longer list of servers I was curious to test your mod :)

I had some problems with it before I successfuly joined a server with it.
I tested on winXP with minetest-0.4.11-1702c34-win32 (latest sfan5 build).

I followed your instruction, wrote the password list and got at my first try this:

Code: Select all

The password file wasn't at the position on D:\Spielerchen\minetest-0.4.11-1702c34-win32\mods\..\client\password_list.txt
or some other error occured while reading the file.

The mod path startled me (as well as the different name for "password_list.txt" without the plural, obviously a typo). The client directory for me is at

Code: Select all

...\minetest-0.4.11-1702c34-win32\client

(right next to world, mods, etc. like you wrote).

I changed in the pwmanager init.lua the modpath line into this:

Code: Select all

pwfilename = core.get_modpath() .. DIR_DELIM .. "client" .. DIR_DELIM .."password_list.txt"

created a client folder in mods and stored the password_list.txt there.
Maybe I made something other wrong at the beginning (I don't really have a clue about all this tech stuff, I am just trying and guessing), for example I knew where to store the mainmenu directory but didn't really knew where to put the pwmanager directory from the zip file (I just put it also into builtin). But now it found the password list without a warning. :)

But, haha, there is a limitation, it doesn't work with Umlauts like ä,ö,ü. After changing my password at the server, it now works like expected: Name in the name field, select server, start, play.
Now I have to figure out how I can add the other different servers with their own different password for the same user to the list. I wish the mod would simply do this for me. :D

When the list is complete it will be useful for me. No "wrong password" message because I typed wrong with tired eyes and fingers and, because there is no second check for the password creation at the first join to a server, I will not exclude my account from the server because I made a typo in the password. Nice.

[rubenwardy]

The ../ wasn't a mistake. It means go back a level. foo/bar/../ is the same as foo/
It is used because you can't just get the root Minetest directory, you have to get the mods directory and go back up.

You don't need to modify mods/. The error message is probably because it hasn't been created yet.

Also, as a note to everyone, the passwords are stored in plaintext in a file. (From what I've read) You could just read the file. Ideally you'd salt the passwords before you stored them.

[Krock]

I would prefer hashed passwords as replacement of the raw text.

[est31]

Xanthin: Yes, sorry the additional s was a typo.

Now I have to figure out how I can add the other different servers with their own different password for the same user to the list.

You can add different servers. The example I linked above (and updated now) includes the following logins:

Username "user1" on address "digitalaudioconcepts.com" port 30001 password "12345secretpassword" (ID 33)
Username "user1" on address "0.0.0.0" port 30000 password "42world" (ID 42)
Username "user1" on address "m.ayntest.net" port 30000 password "anothersupersecretpassword" (ID 34)
Username "user1" on server "VanessaE's Survival Server" password "12345secretpassword" (ID 33)
Username "usertester" on address "0.0.0.0" port 30000 password "42world" (ID 42)

Krock: I agree it would be better to have hashes, but I want a pure lua solution, and that only has access to un-hashed passwords.
Rubenwardy: Good to point that out, I'll add that (passwords stored in plain text) to notes. Unfortunately they cannot be stored salted. Also, salting is more a thing to do Server side than by the client.

[rubenwardy]

Not in Minetest. They're done client side, to stop a malicious server from getting the plaintext. I know you currently can't specify a hash, only a plaintext password. That's why I said ideally.

[u34]

how do I set details in the password_list.txt?

when I input username and password and enable connect nothing happens to me, nothing output of error-message.

[est31]

cHyper: you can inspect the example I've linked to, everything you need is in there, the file should be self-explaining. The error message is output to the console, and to debug.txt. Its WIP, GUI errors will be added later on.

[est31]

Errors now shown in GUI, too.

[u34]

Xanthin: Yes, sorry the additional s was a typo.

Now I have to figure out how I can add the other different servers with their own different password for the same user to the list.

You can add different servers. The example I linked above (and updated now) includes the following logins:

Username "user1" on address "digitalaudioconcepts.com" port 30001 password "12345secretpassword" (ID 33)
Username "user1" on address "0.0.0.0" port 30000 password "42world" (ID 42)
Username "user1" on address "m.ayntest.net" port 30000 password "anothersupersecretpassword" (ID 34)
Username "user1" on server "VanessaE's Survival Server" password "12345secretpassword" (ID 33)
Username "usertester" on address "0.0.0.0" port 30000 password "42world" (ID 42)

what is the exactly Format of a server-entry to be stored in the txt-file?

error-msg is much better now, thank you.

[est31]

cHyper: See this (EDIT: outdated, use this one instead) example. There are different "fields", one "password", where you enter the passwords, and give every password a unique ID. The second main field is "lu", where every username has one entry. Every username has two fields addr_lu and select_srv_lu. You can enter a server in one or both of the fields, but I'd suggest to use addr_lu for security. select_srv_lu should only be used for servers where the ip address changes often. addr_lu contains the ip (or hostname) and port of the servers, and maps to one password ID each, while select_srv_lu contains the "name" of the servers. With name I mean that appearing in the public server list.

I see, the format is very complicated, and I also think that IDs aren't very useful. I think I'll make a new format for that file.

[est31]

Version 0.3: New password_list.txt file format. If there is demand, I can make it automatically convert to new format.

[u34]

great job u made. +1

[Xanthin]

@rubenwardy Thanks for the response, I think I understood what you said. And today I found that my password list had, however it happend, a wrong ending (.txt.txt), so I ! made a mistake there. :D

@est31 I used the latest version today. The list is much easier now for me to understand (the structure and examples) and to fill out. And it works smooth like expected.Thank you :)