-/*
- * Terminate another running session
- */
-void cmd_term(char *cmdbuf)
-{
- int session_num;
- int terminated = 0;
-
- session_num = extract_int(cmdbuf, 0);
-
- terminated = CtdlTerminateOtherSession(session_num);
-
- if (terminated < 0) {
- cprintf("%d You can't kill your own session.\n", ERROR + ILLEGAL_VALUE);
- return;
- }
-
- if (terminated & TERM_FOUND) {
- if (terminated == TERM_KILLED) {
- cprintf("%d Session terminated.\n", CIT_OK);
- }
- else {
- cprintf("%d You are not allowed to do that.\n",
- ERROR + HIGHER_ACCESS_REQUIRED);
- }
- }
- else {
- cprintf("%d No such session.\n", ERROR + ILLEGAL_VALUE);
- }
-}
-
-
-/*
- * get the paginator prompt
- */
-void cmd_more(char *argbuf) {
- cprintf("%d %s\n", CIT_OK, config.c_moreprompt);
-}
-
-
-/*
- * echo
- */
-void cmd_echo(char *etext)
-{
- cprintf("%d %s\n", CIT_OK, etext);
-}
-
-
-/*
- * Perform privilege escalation for an internal program
- */
-void cmd_ipgm(char *argbuf)
-{
- int secret;
-
- secret = extract_int(argbuf, 0);
-
- /* For security reasons, we do NOT allow this command to run
- * over the network. Local sockets only.
- */
- if (!CC->is_local_socket) {
- sleep(5);
- cprintf("%d Authentication failed.\n", ERROR + PASSWORD_REQUIRED);
- }
- else if (secret == config.c_ipgm_secret) {
- CC->internal_pgm = 1;
- strcpy(CC->curr_user, "<internal program>");
- CC->cs_flags = CC->cs_flags|CS_STEALTH;
- cprintf("%d Authenticated as an internal program.\n", CIT_OK);
- }
- else {
- sleep(5);
- cprintf("%d Authentication failed.\n", ERROR + PASSWORD_REQUIRED);
- CtdlLogPrintf(CTDL_ERR, "Warning: ipgm authentication failed.\n");
- CC->kill_me = 1;
- }
-}
-
-
-/*
- * Shut down the server
- */
-void cmd_down(char *argbuf) {
- char *Reply ="%d Shutting down server. Goodbye.\n";
-
- if (CtdlAccessCheck(ac_aide)) return;
-
- if (!IsEmptyStr(argbuf))
- {
- int state = CIT_OK;
- restart_server = extract_int(argbuf, 0);
-
- if (restart_server > 0)
- {
- Reply = "%d citserver will now shut down and automatically restart.\n";
- }
- if ((restart_server > 0) && !running_as_daemon)
- {
- CtdlLogPrintf(CTDL_ERR, "The user requested restart, but not running as daemon! Geronimooooooo!\n");
- Reply = "%d Warning: citserver is not running in daemon mode and is therefore unlikely to restart automatically.\n";
- state = ERROR;
- }
- cprintf(Reply, state);
- }
- else
- {
- cprintf(Reply, CIT_OK + SERVER_SHUTTING_DOWN);
- }
- CC->kill_me = 1; /* Even the DOWN command has to follow correct proceedure when disconecting */
- CtdlThreadStopAll();
-}
-
-
-/*
- * Halt the server without exiting the server process.
- */
-void cmd_halt(char *argbuf) {
-
- if (CtdlAccessCheck(ac_aide)) return;
-
- cprintf("%d Halting server. Goodbye.\n", CIT_OK);
- CtdlThreadStopAll();
- shutdown_and_halt = 1;
-}
-
-
-/*
- * Schedule or cancel a server shutdown
- */
-void cmd_scdn(char *argbuf)
-{
- int new_state;
- int state = CIT_OK;
- char *Reply = "%d %d\n";
-
- if (CtdlAccessCheck(ac_aide)) return;
-
- new_state = extract_int(argbuf, 0);
- if ((new_state == 2) || (new_state == 3))
- {
- restart_server = 1;
- if (!running_as_daemon)
- {
- CtdlLogPrintf(CTDL_ERR, "The user requested restart, but not running as deamon! Geronimooooooo!\n");
- Reply = "%d %d Warning, not running in deamon mode. maybe we will come up again, but don't lean on it.\n";
- state = ERROR;
- }
-
- restart_server = extract_int(argbuf, 0);
- new_state -= 2;
- }
- if ((new_state == 0) || (new_state == 1)) {
- ScheduledShutdown = new_state;
- }
- cprintf(Reply, state, ScheduledShutdown);
-}
-
-
-/*
- * Set or unset asynchronous protocol mode
- */
-void cmd_asyn(char *argbuf)
-{
- int new_state;
-
- new_state = extract_int(argbuf, 0);
- if ((new_state == 0) || (new_state == 1)) {
- CC->is_async = new_state;
- }
- cprintf("%d %d\n", CIT_OK, CC->is_async);
-}
-
-
-/*
- * Generate a "nonce" for APOP-style authentication.
- *
- * RFC 1725 et al specify a PID to be placed in front of the nonce.
- * Quoth BTX: That would be stupid.
- */
-void generate_nonce(CitContext *con) {
- struct timeval tv;
-
- memset(con->cs_nonce, NONCE_SIZE, 0);
- gettimeofday(&tv, NULL);
- memset(con->cs_nonce, NONCE_SIZE, 0);
- snprintf(con->cs_nonce, NONCE_SIZE, "<%d%ld@%s>",
- rand(), (long)tv.tv_usec, config.c_fqdn);
-}
-
-
-/*
- * Back-end function for starting a session
- */
-void begin_session(CitContext *con)
-{
- socklen_t len;
- struct sockaddr_in sin;
-
- /*
- * Initialize some variables specific to our context.
- */
- con->logged_in = 0;
- con->internal_pgm = 0;
- con->download_fp = NULL;
- con->upload_fp = NULL;
- con->FirstExpressMessage = NULL;
- time(&con->lastcmd);
- time(&con->lastidle);
- strcpy(con->lastcmdname, " ");
- strcpy(con->cs_clientname, "(unknown)");
- strcpy(con->curr_user, NLI);
- *con->net_node = '\0';
- *con->fake_username = '\0';
- *con->fake_hostname = '\0';
- *con->fake_roomname = '\0';
- *con->cs_clientinfo = '\0';
- generate_nonce(con);
- safestrncpy(con->cs_host, config.c_fqdn, sizeof con->cs_host);
- safestrncpy(con->cs_addr, "", sizeof con->cs_addr);
- con->cs_UDSclientUID = -1;
- con->cs_host[sizeof con->cs_host - 1] = 0;
- len = sizeof sin;
- if (!CC->is_local_socket) {
- locate_host(con->cs_host, sizeof con->cs_host,
- con->cs_addr, sizeof con->cs_addr,
- con->client_socket
- );
- }
- else {
- con->cs_host[0] = 0;
- con->cs_addr[0] = 0;
-#ifdef HAVE_STRUCT_UCRED
- {
- /* as http://www.wsinnovations.com/softeng/articles/uds.html told us... */
- struct ucred credentials;
- socklen_t ucred_length = sizeof(struct ucred);
-
- /*fill in the user data structure */
- if(getsockopt(con->client_socket, SOL_SOCKET, SO_PEERCRED, &credentials, &ucred_length)) {
- CtdlLogPrintf(CTDL_NOTICE, "could obtain credentials from unix domain socket");
-
- }
- else {
- /* the process ID of the process on the other side of the socket */
- /* credentials.pid; */
-
- /* the effective UID of the process on the other side of the socket */
- con->cs_UDSclientUID = credentials.uid;
-
- /* the effective primary GID of the process on the other side of the socket */
- /* credentials.gid; */
-
- /* To get supplemental groups, we will have to look them up in our account
- database, after a reverse lookup on the UID to get the account name.
- We can take this opportunity to check to see if this is a legit account.
- */
- snprintf(con->cs_clientinfo, sizeof(con->cs_clientinfo),
- "PID: "F_PID_T"; UID: "F_UID_T"; GID: "F_XPID_T" ",
- credentials.pid,
- credentials.uid,
- credentials.gid);
- }
- }
-#endif
- }
- con->cs_flags = 0;
- con->upload_type = UPL_FILE;
- con->dl_is_net = 0;
-
- con->nologin = 0;
- if (((config.c_maxsessions > 0)&&(num_sessions > config.c_maxsessions)) || CtdlWantSingleUser()) {
- con->nologin = 1;
- }
-
- if (!CC->is_local_socket) {
- CtdlLogPrintf(CTDL_NOTICE, "Session (%s) started from %s (%s).\n", con->ServiceName, con->cs_host, con->cs_addr);
- }
- else {
- CtdlLogPrintf(CTDL_NOTICE, "Session (%s) started via local socket UID:%d.\n", con->ServiceName, con->cs_UDSclientUID);
- }
-
- /* Run any session startup routines registered by loadable modules */
- PerformSessionHooks(EVT_START);
-}