-/* needed to properly enable crypt() stuff on some systems */
-#define _XOPEN_SOURCE
-/* needed for str[n]casecmp() on some systems if the above is defined */
-#define _XOPEN_SOURCE_EXTENDED
+/* $Id$ */
+#include "sysdep.h"
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <signal.h>
#include <pwd.h>
#include <sys/types.h>
+#include <sys/wait.h>
#include <sys/time.h>
#include <string.h>
#include <syslog.h>
+#include <limits.h>
+#ifdef HAVE_PTHREAD_H
#include <pthread.h>
+#endif
+#ifndef ENABLE_CHKPWD
+#include "auth.h"
+#endif
#include "citadel.h"
#include "server.h"
#include "database.h"
#include "msgbase.h"
#include "config.h"
#include "dynloader.h"
+#include "tools.h"
/*
int a;
struct cdbdata *cdbus;
- bzero(usbuf, sizeof(struct usersupp));
+ memset(usbuf, 0, sizeof(struct usersupp));
for (a=0; a<=strlen(name); ++a) {
- lowercase_name[a] = tolower(name[a]);
+ if (a < sizeof(lowercase_name))
+ lowercase_name[a] = tolower(name[a]);
}
+ lowercase_name[sizeof(lowercase_name)-1] = 0;
cdbus = cdb_fetch(CDB_USERSUPP, lowercase_name, strlen(lowercase_name));
if (cdbus == NULL) {
int a;
for (a=0; a<=strlen(name); ++a) {
- lowercase_name[a] = tolower(name[a]);
+ if (a < sizeof(lowercase_name))
+ lowercase_name[a] = tolower(name[a]);
}
+ lowercase_name[sizeof(lowercase_name)-1] = 0;
cdb_store(CDB_USERSUPP,
lowercase_name, strlen(lowercase_name),
end_critical_section(S_USERSUPP);
}
+/*
+ * Index-generating function used by Ctdl[Get|Set]Relationship
+ */
+int GenerateRelationshipIndex( char *IndexBuf,
+ long RoomID,
+ long RoomGen,
+ long UserID) {
+
+ struct {
+ long iRoomID;
+ long iRoomGen;
+ long iUserID;
+ } TheIndex;
+
+ TheIndex.iRoomID = RoomID;
+ TheIndex.iRoomGen = RoomGen;
+ TheIndex.iUserID = UserID;
+
+ memcpy(IndexBuf, &TheIndex, sizeof(TheIndex));
+ return(sizeof(TheIndex));
+ }
+
+/*
+ * Define a relationship between a user and a room
+ */
+void CtdlSetRelationship(struct visit *newvisit,
+ struct usersupp *rel_user,
+ struct quickroom *rel_room) {
+
+ char IndexBuf[32];
+ int IndexLen;
+
+ /* We don't use these in Citadel because they're implicit by the
+ * index, but they must be present if the database is exported.
+ */
+ newvisit->v_roomnum = rel_room->QRnumber;
+ newvisit->v_roomgen = rel_room->QRgen;
+ newvisit->v_usernum = rel_user->usernum;
+
+ /* Generate an index */
+ IndexLen = GenerateRelationshipIndex(IndexBuf,
+ rel_room->QRnumber,
+ rel_room->QRgen,
+ rel_user->usernum);
+
+ /* Store the record */
+ cdb_store(CDB_VISIT, IndexBuf, IndexLen,
+ newvisit, sizeof(struct visit)
+ );
+ }
+/*
+ * Locate a relationship between a user and a room
+ */
+void CtdlGetRelationship(struct visit *vbuf,
+ struct usersupp *rel_user,
+ struct quickroom *rel_room) {
+
+ char IndexBuf[32];
+ int IndexLen;
+ struct cdbdata *cdbvisit;
+
+ /* Generate an index */
+ IndexLen = GenerateRelationshipIndex(IndexBuf,
+ rel_room->QRnumber,
+ rel_room->QRgen,
+ rel_user->usernum);
+
+ /* Clear out the buffer */
+ memset(vbuf, 0, sizeof(struct visit));
+
+ cdbvisit = cdb_fetch(CDB_VISIT, IndexBuf, IndexLen);
+ if (cdbvisit != NULL) {
+ memcpy(vbuf, cdbvisit->ptr,
+ ( (cdbvisit->len > sizeof(struct visit)) ?
+ sizeof(struct visit) : cdbvisit->len) );
+ cdb_free(cdbvisit);
+ return;
+ }
+ }
+
+
+void MailboxName(char *buf, struct usersupp *who, char *prefix) {
+ sprintf(buf, "%010ld.%s", who->usernum, prefix);
+ }
+
+
/*
* Is the user currently logged in an Aide?
*/
cdb_rewind(CDB_USERSUPP);
while(cdbus = cdb_next_item(CDB_USERSUPP), cdbus != NULL) {
- bzero(usbuf, sizeof(struct usersupp));
+ memset(usbuf, 0, sizeof(struct usersupp));
memcpy(usbuf, cdbus->ptr,
( (cdbus->len > sizeof(struct usersupp)) ?
sizeof(struct usersupp) : cdbus->len) );
* session startup code which is common to both cmd_pass() and cmd_newu()
*/
void session_startup(void) {
- int a;
- struct quickroom qr;
-
syslog(LOG_NOTICE,"user <%s> logged in",CC->curr_user);
lgetuser(&CC->usersupp,CC->curr_user);
CC->fake_postname[0] = '\0';
CC->fake_hostname[0] = '\0';
CC->fake_roomname[0] = '\0';
- CC->last_pager[0] = '\0';
time(&CC->usersupp.lastcall);
/* If this user's name is the name of the system administrator
CC->usersupp.axlevel = 6;
}
-/* A room's generation number changes each time it is recycled. Users are kept
- * out of private rooms or forget rooms by matching the generation numbers. To
- * avoid an accidental matchup, unmatched numbers are set to -1 here.
- */
- for (a=0; a<MAXROOMS; ++a) {
- getroom(&qr,a);
- if (CC->usersupp.generation[a] != qr.QRgen)
- CC->usersupp.generation[a]=(-1);
- if (CC->usersupp.forget[a] != qr.QRgen)
- CC->usersupp.forget[a]=(-1);
- }
-
lputuser(&CC->usersupp,CC->curr_user);
/* Run any cleanup routines registered by loadable modules */
cprintf("%d %s|%d|%d|%d|%u|%ld\n",OK,CC->usersupp.fullname,CC->usersupp.axlevel,
CC->usersupp.timescalled,CC->usersupp.posted,CC->usersupp.flags,
CC->usersupp.usernum);
- usergoto(0,0); /* Enter the lobby */
+ usergoto(BASEROOM,0); /* Enter the lobby */
rec_log(CL_LOGIN,CC->curr_user);
}
PerformSessionHooks(EVT_LOGOUT);
}
+#ifdef ENABLE_CHKPWD
+/*
+ * an alternate version of validpw() which executes `chkpwd' instead of
+ * verifying the password directly
+ */
+static int validpw(uid_t uid, const char *pass)
+{
+ pid_t pid;
+ int status, pipev[2];
+ char buf[24];
+
+ if (pipe(pipev)) {
+ lprintf(1, "pipe failed (%s): denying autologin access for "
+ "uid %u\n", strerror(errno), uid);
+ return 0;
+ }
+
+ switch (pid = fork()) {
+ case -1:
+ lprintf(1, "fork failed (%s): denying autologin access for "
+ "uid %u\n", strerror(errno), uid);
+ close(pipev[0]);
+ close(pipev[1]);
+ return 0;
+
+ case 0:
+ close(pipev[1]);
+ if (dup2(pipev[0], 0) == -1) {
+ perror("dup2");
+ exit(1);
+ }
+ close(pipev[0]);
+
+ execl(BBSDIR "/chkpwd", BBSDIR "/chkpwd", NULL);
+ perror(BBSDIR "/chkpwd");
+ exit(1);
+ }
+
+ close(pipev[0]);
+ write(pipev[1], buf, sprintf(buf, "%u\n", uid));
+ write(pipev[1], pass, strlen(pass));
+ write(pipev[1], "\n", 1);
+ close(pipev[1]);
+
+ while (waitpid(pid, &status, 0) == -1)
+ if (errno != EINTR) {
+ lprintf(1, "waitpid failed (%s): denying autologin "
+ "access for uid %u\n",
+ strerror(errno), uid);
+ return 0;
+ }
+
+ if (WIFEXITED(status) && !WEXITSTATUS(status))
+ return 1;
+
+ return 0;
+ }
+#endif
void cmd_pass(char *buf)
{
char password[256];
int code;
- struct passwd *p;
extract(password,buf,0);
strproc(CC->usersupp.password);
code = strcasecmp(CC->usersupp.password,password);
}
- else {
- p = (struct passwd *)getpwuid(CC->usersupp.USuid);
#ifdef ENABLE_AUTOLOGIN
- if (p!=NULL) {
- if (!strcmp(p->pw_passwd,
- (char *)crypt(password,p->pw_passwd))) {
- code = 0;
- lgetuser(&CC->usersupp, CC->curr_user);
- strcpy(CC->usersupp.password, password);
- lputuser(&CC->usersupp, CC->curr_user);
- }
+ else {
+ if (validpw(CC->usersupp.USuid, password)) {
+ code = 0;
+ lgetuser(&CC->usersupp, CC->curr_user);
+ safestrncpy(CC->usersupp.password, password,
+ sizeof CC->usersupp.password);
+ lputuser(&CC->usersupp, CC->curr_user);
}
-#endif
}
+#endif
if (!code) {
(CC->logged_in) = 1;
/*
* Delete a user record *and* all of its related resources.
*/
-int purge_user(char *pname) {
+int purge_user(char pname[]) {
char filename[64];
+ char mailboxname[ROOMNAMELEN];
struct usersupp usbuf;
+ struct quickroom qrbuf;
+ char lowercase_name[32];
int a;
- struct cdbdata *cdbmb;
- long *mailbox;
- int num_mails;
+ struct CitContext *ccptr;
+ int user_is_logged_in = 0;
+
+ for (a=0; a<=strlen(pname); ++a) {
+ lowercase_name[a] = tolower(pname[a]);
+ }
if (getuser(&usbuf, pname) != 0) {
lprintf(5, "Cannot purge user <%s> - not found\n", pname);
return(ERROR+NO_SUCH_USER);
}
- /* FIX Don't delete a user who is currently logged in. */
+ /* Don't delete a user who is currently logged in. Instead, just
+ * set the access level to 0, and let the account get swept up
+ * during the next purge.
+ */
+ user_is_logged_in = 0;
+ begin_critical_section(S_SESSION_TABLE);
+ for (ccptr=ContextList; ccptr!=NULL; ccptr=ccptr->next) {
+ if (ccptr->usersupp.usernum == usbuf.usernum) {
+ user_is_logged_in = 1;
+ }
+ }
+ end_critical_section(S_SESSION_TABLE);
+ if (user_is_logged_in == 1) {
+ lprintf(5, "User <%s> is logged in; not deleting.\n", pname);
+ usbuf.axlevel = 0;
+ putuser(&usbuf, pname);
+ return(1);
+ }
+
+ lprintf(5, "Deleting user <%s>\n", pname);
/* Perform any purge functions registered by server extensions */
PerformUserHooks(usbuf.fullname, usbuf.usernum, EVT_PURGEUSER);
- /* delete any messages in the user's mailbox */
- cdbmb = cdb_fetch(CDB_MAILBOXES, &usbuf.usernum, sizeof(long));
- if (cdbmb != NULL) {
- num_mails = cdbmb->len / sizeof(long);
- mailbox = (long *) cdbmb->ptr;
- if (num_mails > 0) for (a=0; a<num_mails; ++a) {
- cdb_delete(CDB_MSGMAIN, &mailbox[a], sizeof(long));
- }
- cdb_free(cdbmb);
- /* now delete the mailbox itself */
- cdb_delete(CDB_MAILBOXES, &usbuf.usernum, sizeof(long));
+ /* delete any existing user/room relationships */
+ cdb_delete(CDB_VISIT, &usbuf.usernum, sizeof(long));
+
+ /* Delete the user's mailbox and its contents */
+ MailboxName(mailboxname, &usbuf, MAILROOM);
+ if (getroom(&qrbuf, mailboxname)==0) {
+ delete_room(&qrbuf);
}
/* delete the userlog entry */
- cdb_delete(CDB_USERSUPP, pname, strlen(pname));
+ cdb_delete(CDB_USERSUPP, lowercase_name, strlen(lowercase_name));
/* remove the user's bio file */
sprintf(filename, "./bio/%ld", usbuf.usernum);
int a;
struct passwd *p = NULL;
char username[64];
+ char mailboxname[ROOMNAMELEN];
strcpy(username, newusername);
strproc(username);
strcpy(CC->curr_user,username);
strcpy(CC->usersupp.fullname,username);
- (CC->logged_in) = 1;
-
- for (a=0; a<MAXROOMS; ++a) {
- CC->usersupp.lastseen[a]=0L;
- CC->usersupp.generation[a]=(-1);
- CC->usersupp.forget[a]=(-1);
- }
strcpy(CC->usersupp.password,"");
+ (CC->logged_in) = 1;
/* These are the default flags on new accounts */
CC->usersupp.flags =
if (getuser(&CC->usersupp,CC->curr_user)) {
return(ERROR+INTERNAL_ERROR);
}
+
+ /* give the user a private mailbox */
+ MailboxName(mailboxname, &CC->usersupp, MAILROOM);
+ create_room(mailboxname, 4, "", 0);
+
rec_log(CL_NEWUSER,CC->curr_user);
return(0);
}
void cmd_slrp(char *new_ptr)
{
long newlr;
+ struct visit vbuf;
if (!(CC->logged_in)) {
cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
return;
}
- if (CC->curr_rm < 0) {
- cprintf("%d No current room.\n",ERROR);
- return;
- }
-
if (!strncasecmp(new_ptr,"highest",7)) {
newlr = CC->quickroom.QRhighest;
-/* FIX ... if the current room is 1 (Mail), newlr needs to be set to the
- * number of the highest mail message
- */
}
else {
newlr = atol(new_ptr);
}
lgetuser(&CC->usersupp, CC->curr_user);
- CC->usersupp.lastseen[CC->curr_rm] = newlr;
+
+ CtdlGetRelationship(&vbuf, &CC->usersupp, &CC->quickroom);
+ vbuf.v_lastseen = newlr;
+ CtdlSetRelationship(&vbuf, &CC->usersupp, &CC->quickroom);
+
lputuser(&CC->usersupp, CC->curr_user);
cprintf("%d %ld\n",OK,newlr);
}
{ /* 1 = invite, 0 = kick out */
struct usersupp USscratch;
char bbb[256];
+ struct visit vbuf;
if (!(CC->logged_in)) {
cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
return;
}
- if (CC->curr_rm < 0) {
- cprintf("%d No current room.\n",ERROR);
- return;
- }
-
if (is_room_aide()==0) {
cprintf("%d Higher access required.\n",
ERROR+HIGHER_ACCESS_REQUIRED);
return;
}
- if ( (op==1) && ((CC->quickroom.QRflags&QR_PRIVATE)==0) ) {
- cprintf("%d Not a private room.\n",ERROR+NOT_HERE);
- return;
- }
-
if (lgetuser(&USscratch,iuser)!=0) {
cprintf("%d No such user.\n",ERROR);
return;
}
+ CtdlGetRelationship(&vbuf, &USscratch, &CC->quickroom);
+
if (op==1) {
- USscratch.generation[CC->curr_rm]=CC->quickroom.QRgen;
- USscratch.forget[CC->curr_rm]=(-1);
+ vbuf.v_flags = vbuf.v_flags & ~V_FORGET & ~V_LOCKOUT;
+ vbuf.v_flags = vbuf.v_flags | V_ACCESS;
}
if (op==0) {
- USscratch.generation[CC->curr_rm]=(-1);
- USscratch.forget[CC->curr_rm]=CC->quickroom.QRgen;
+ vbuf.v_flags = vbuf.v_flags & ~V_ACCESS;
+ vbuf.v_flags = vbuf.v_flags | V_FORGET | V_LOCKOUT;
}
+ CtdlSetRelationship(&vbuf, &USscratch, &CC->quickroom);
+
lputuser(&USscratch,iuser);
/* post a message in Aide> saying what we just did */
CC->usersupp.fullname);
aide_message(bbb);
- if ((op==0)&&((CC->quickroom.QRflags&QR_PRIVATE)==0)) {
- cprintf("%d Ok. (Not a private room, <Z>ap effect only)\n",OK);
- }
- else {
- cprintf("%d Ok.\n",OK);
- }
+ cprintf("%d %s %s %s.\n",
+ OK, iuser,
+ ((op == 1) ? "invited to" : "kicked out of"),
+ CC->quickroom.QRname);
return;
}
* forget (Zap) the current room
*/
void cmd_forg(void) {
+ struct visit vbuf;
+
if (!(CC->logged_in)) {
cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
return;
}
- if (CC->curr_rm < 0) {
- cprintf("%d No current room.\n",ERROR);
- return;
- }
-
- if (CC->curr_rm < 3) {
- cprintf("%d You cannot forget this room.\n",ERROR+NOT_HERE);
- return;
- }
-
if (is_aide()) {
cprintf("%d Aides cannot forget rooms.\n",ERROR);
return;
}
lgetuser(&CC->usersupp,CC->curr_user);
- CC->usersupp.forget[CC->curr_rm] = CC->quickroom.QRgen;
- CC->usersupp.generation[CC->curr_rm] = (-1);
+ CtdlGetRelationship(&vbuf, &CC->usersupp, &CC->quickroom);
+
+ vbuf.v_flags = vbuf.v_flags | V_FORGET;
+ vbuf.v_flags = vbuf.v_flags & ~V_ACCESS;
+
+ CtdlSetRelationship(&vbuf, &CC->usersupp, &CC->quickroom);
lputuser(&CC->usersupp,CC->curr_user);
cprintf("%d Ok\n",OK);
- CC->curr_rm = (-1);
+ usergoto(BASEROOM, 0);
}
/*
*/
cdb_rewind(CDB_USERSUPP);
while (cdbus = cdb_next_item(CDB_USERSUPP), cdbus != NULL) {
- bzero(&usbuf, sizeof(struct usersupp));
+ memset(&usbuf, 0, sizeof(struct usersupp));
memcpy(&usbuf, cdbus->ptr,
( (cdbus->len > sizeof(struct usersupp)) ?
sizeof(struct usersupp) : cdbus->len) );
cdb_rewind(CDB_USERSUPP);
while(cdbus = cdb_next_item(CDB_USERSUPP), cdbus != NULL) {
- bzero(&usbuf, sizeof(struct usersupp));
+ memset(&usbuf, 0, sizeof(struct usersupp));
memcpy(&usbuf, cdbus->ptr,
( (cdbus->len > sizeof(struct usersupp)) ?
sizeof(struct usersupp) : cdbus->len) );
CitControl.MMflags = CitControl.MMflags | MM_VALID ;
put_control();
end_critical_section(S_CONTROL);
- cprintf("%d *** End of registration.\n",OK);
}
return;
}
- cprintf("%d %s|%s|%u|%d|%d|%d|%ld\n",
+ cprintf("%d %s|%s|%u|%d|%d|%d|%ld|%ld|%d\n",
OK,
usbuf.fullname,
usbuf.password,
usbuf.timescalled,
usbuf.posted,
(int)usbuf.axlevel,
- usbuf.usernum);
-
+ usbuf.usernum,
+ usbuf.lastcall,
+ usbuf.USuserpurge);
}
usbuf.axlevel = extract_int(cmdbuf, 5);
}
}
+ if (np > 7) {
+ usbuf.lastcall = extract_long(cmdbuf, 7);
+ }
+ if (np > 8) {
+ usbuf.USuserpurge = extract_int(cmdbuf, 8);
+ }
lputuser(&usbuf, requested_user);
if (usbuf.axlevel == 0) {
*/
int NewMailCount() {
int num_newmsgs = 0;
- struct cdbdata *cdbmb;
- int num_mails;
- long *mailbox;
int a;
-
- cdbmb = cdb_fetch(CDB_MAILBOXES, &CC->usersupp.usernum, sizeof(long));
- if (cdbmb != NULL) {
- num_mails = cdbmb->len / sizeof(long);
- mailbox = (long *) cdbmb->ptr;
- if (num_mails > 0) for (a=0; a<num_mails; ++a) {
- if (mailbox[a] > (CC->usersupp.lastseen[1]))
+ char mailboxname[32];
+ struct quickroom mailbox;
+ struct visit vbuf;
+
+ MailboxName(mailboxname, &CC->usersupp, MAILROOM);
+ if (getroom(&mailbox, mailboxname)!=0) return(0);
+ CtdlGetRelationship(&vbuf, &CC->usersupp, &mailbox);
+
+ get_msglist(&mailbox);
+ for (a=0; a<CC->num_msgs; ++a) {
+ if (MessageFromList(a)>0L) {
+ if (MessageFromList(a) > vbuf.v_lastseen) {
++num_newmsgs;
+ }
}
- cdb_free(cdbmb);
}
+
return(num_newmsgs);
}