/*
* Server functions which perform operations on user objects.
*
- * Copyright (c) 1987-2011 by the citadel.org team
+ * Copyright (c) 1987-2016 by the citadel.org team
*
* This program is open source software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License, version 3.
*/
#include "sysdep.h"
-#include <errno.h>
-#include <stdlib.h>
-#include <unistd.h>
#include <stdio.h>
-#include <fcntl.h>
-#include <signal.h>
-#include <pwd.h>
-#include <ctype.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <syslog.h>
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-
-#if TIME_WITH_SYS_TIME
-# include <sys/time.h>
-# include <time.h>
-#else
-# if HAVE_SYS_TIME_H
-# include <sys/time.h>
-# else
-# include <time.h>
-# endif
-#endif
-
-#include <string.h>
-#include <limits.h>
#include <libcitadel.h>
-#include "auth.h"
-#include "citadel.h"
-#include "server.h"
-#include "database.h"
-#include "sysdep_decls.h"
-#include "support.h"
-#include "room_ops.h"
-#include "file_ops.h"
+
#include "control.h"
-#include "msgbase.h"
-#include "config.h"
+#include "support.h"
#include "citserver.h"
-#include "citadel_dirs.h"
-#include "genstamp.h"
-#include "threads.h"
+#include "config.h"
#include "citadel_ldap.h"
-#include "context.h"
#include "ctdl_module.h"
#include "user_ops.h"
#include "internet_addressing.h"
int chkpwd_read_pipe[2];
-
-/*
- * getuser() - retrieve named user into supplied buffer.
- * returns 0 on success
- */
-int getuser(struct ctdluser *usbuf, char name[])
-{
- return CtdlGetUser(usbuf, name);
-}
-
-
/*
* CtdlGetUser() - retrieve named user into supplied buffer.
* returns 0 on success
return CtdlGetUserLen(usbuf, name, cutuserkey(name));
}
+int CtdlLockGetCurrentUser(void)
+{
+ CitContext *CCC = CC;
+
+ return CtdlGetUserLen(&CCC->user, CCC->curr_user, cutuserkey(CCC->curr_user));
+}
/*
* CtdlGetUserLock() - same as getuser() but locks the record
}
-/*
- * lgetuser() - same as getuser() but locks the record
- */
-int lgetuser(struct ctdluser *usbuf, char *name)
-{
- return CtdlGetUserLock(usbuf, name);
-}
-
-
/*
* CtdlPutUser() - write user buffer into the correct place on disk
*/
}
-
-/*
- * putuser() - write user buffer into the correct place on disk
- */
-void putuser(struct ctdluser *usbuf)
+void CtdlPutCurrentUserLock()
{
- CtdlPutUser(usbuf);
+ CtdlPutUser(&CC->user);
}
}
-/*
- * lputuser() - same as putuser() but locks the record
- */
-void lputuser(struct ctdluser *usbuf)
-{
- CtdlPutUserLock(usbuf);
-}
-
/*
* rename_user() - this is tricky because the user's display name is the database key
else { /* Sanity checks succeeded. Now rename the user. */
if (usbuf.usernum == 0)
{
- CONM_syslog(LOG_DEBUG, "Can not rename user \"Citadel\".\n");
+ syslog(LOG_DEBUG, "Can not rename user \"Citadel\".\n");
retcode = RENAMEUSER_NOT_FOUND;
} else {
- CON_syslog(LOG_DEBUG, "Renaming <%s> to <%s>\n", oldname, newname);
+ syslog(LOG_DEBUG, "Renaming <%s> to <%s>\n", oldname, newname);
cdb_delete(CDB_USERS, oldnamekey, strlen(oldnamekey));
safestrncpy(usbuf.fullname, newname, sizeof usbuf.fullname);
CtdlPutUser(&usbuf);
if (who->axlevel <= AxProbU) return(0);
/* Globally enabled? */
- if (config.c_restrict == 0) return(1);
+ if (CtdlGetConfigInt("c_restrict") == 0) return(1);
/* User flagged ok? */
if (who->flags & US_INTERNET) return(2);
return(0);
}
+/*
+ * Convenience function.
+ */
+int CtdlAccessCheck(int required_level)
+{
+ if (CC->internal_pgm) return(0);
+ if (required_level >= ac_internal) {
+ cprintf("%d This is not a user-level command.\n",
+ ERROR + HIGHER_ACCESS_REQUIRED);
+ return(-1);
+ }
+
+ if ((required_level >= ac_logged_in_or_guest) && (CC->logged_in == 0) && (CtdlGetConfigInt("c_guest_logins") == 0)) {
+ cprintf("%d Not logged in.\n", ERROR + NOT_LOGGED_IN);
+ return(-1);
+ }
+
+ if ((required_level >= ac_logged_in) && (CC->logged_in == 0)) {
+ cprintf("%d Not logged in.\n", ERROR + NOT_LOGGED_IN);
+ return(-1);
+ }
+
+ if (CC->user.axlevel >= AxAideU) return(0);
+ if (required_level >= ac_aide) {
+ cprintf("%d This command requires Admin access.\n",
+ ERROR + HIGHER_ACCESS_REQUIRED);
+ return(-1);
+ }
+
+ if (is_room_aide()) return(0);
+ if (required_level >= ac_room_aide) {
+ cprintf("%d This command requires Admin or Room Admin access.\n",
+ ERROR + HIGHER_ACCESS_REQUIRED);
+ return(-1);
+ }
+
+ /* shhh ... succeed quietly */
+ return(0);
+}
+
+
/*
* Is the user currently logged in an Admin?
cdbun = cdb_fetch(CDB_USERSBYNUMBER, &number, sizeof(long));
if (cdbun == NULL) {
- CON_syslog(LOG_INFO, "User %ld not found\n", number);
+ syslog(LOG_INFO, "User %ld not found\n", number);
return(-1);
}
- CON_syslog(LOG_INFO, "User %ld maps to %s\n", number, cdbun->ptr);
+ syslog(LOG_INFO, "User %ld maps to %s\n", number, cdbun->ptr);
r = CtdlGetUser(usbuf, cdbun->ptr);
cdb_free(cdbun);
return(r);
}
-/*
- * getuserbynumber() - get user by number
- * returns 0 if user was found
- *
- * Note: fetching a user this way requires one additional database operation.
- */
-int getuserbynumber(struct ctdluser *usbuf, long number)
-{
- return CtdlGetUserByNumber(usbuf, number);
-}
-
-
-
/*
* Helper function for rebuild_usersbynumber()
*/
}
while (u != NULL) {
- CON_syslog(LOG_DEBUG, "Rebuilding usersbynumber index %10ld : %s\n",
+ syslog(LOG_DEBUG, "Rebuilding usersbynumber index %10ld : %s\n",
u->usernum, u->username);
cdb_store(CDB_USERSBYNUMBER, &u->usernum, sizeof(long), u->username, strlen(u->username)+1);
int found_user;
long len;
- CON_syslog(LOG_DEBUG, "CtdlLoginExistingUser(%s, %s)\n", authname, trythisname);
+ syslog(LOG_DEBUG, "CtdlLoginExistingUser(%s, %s)\n", authname, trythisname);
if ((CC->logged_in)) {
return login_already_logged_in;
if (!strncasecmp(trythisname, "SYS_", 4))
{
- CON_syslog(LOG_DEBUG, "System user \"%s\" is not allowed to log in.\n", trythisname);
+ syslog(LOG_DEBUG, "System user \"%s\" is not allowed to log in.\n", trythisname);
return login_not_found;
}
/* If a "master user" is defined, handle its authentication if specified */
CC->is_master = 0;
- if (strlen(config.c_master_user) > 0) if (strlen(config.c_master_pass) > 0) if (authname) {
- if (!strcasecmp(authname, config.c_master_user)) {
- CC->is_master = 1;
- }
+ if ( (!IsEmptyStr(CtdlGetConfigStr("c_master_user"))) &&
+ (!IsEmptyStr(CtdlGetConfigStr("c_master_pass"))) &&
+ (authname != NULL) &&
+ (!strcasecmp(authname, CtdlGetConfigStr("c_master_user"))) )
+ {
+ CC->is_master = 1;
}
/* Continue attempting user validation... */
return login_not_found;
}
- if (config.c_auth_mode == AUTHMODE_HOST) {
+ if (CtdlGetConfigInt("c_auth_mode") == AUTHMODE_HOST) {
/* host auth mode */
struct passwd *tempPwdPtr;
char pwdbuffer[256];
- CON_syslog(LOG_DEBUG, "asking host about <%s>\n", username);
+ syslog(LOG_DEBUG, "asking host about <%s>\n", username);
#ifdef HAVE_GETPWNAM_R
#ifdef SOLARIS_GETPWUID
- CON_syslog(LOG_DEBUG, "Calling getpwnam_r()\n");
+ syslog(LOG_DEBUG, "Calling getpwnam_r()\n");
tempPwdPtr = getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer);
#else // SOLARIS_GETPWUID
- CONM_syslog(LOG_DEBUG, "Calling getpwnam_r()\n");
+ syslog(LOG_DEBUG, "Calling getpwnam_r()\n");
getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer, &tempPwdPtr);
#endif // SOLARIS_GETPWUID
#else // HAVE_GETPWNAM_R
- CON_syslog(LOG_DEBUG, "SHOULD NEVER GET HERE!!!\n");
+ syslog(LOG_DEBUG, "SHOULD NEVER GET HERE!!!\n");
tempPwdPtr = NULL;
#endif // HAVE_GETPWNAM_R
if (tempPwdPtr == NULL) {
- CON_syslog(LOG_DEBUG, "no such user <%s>\n", username);
+ syslog(LOG_DEBUG, "no such user <%s>\n", username);
return login_not_found;
}
* If not found, make one attempt to create it.
*/
found_user = getuserbyuid(&CC->user, pd.pw_uid);
- CON_syslog(LOG_DEBUG, "found it: uid=%ld, gecos=%s here: %d\n",
+ syslog(LOG_DEBUG, "found it: uid=%ld, gecos=%s here: %d\n",
(long)pd.pw_uid, pd.pw_gecos, found_user);
if (found_user != 0) {
len = cutuserkey(username);
}
#ifdef HAVE_LDAP
- else if ((config.c_auth_mode == AUTHMODE_LDAP) || (config.c_auth_mode == AUTHMODE_LDAP_AD)) {
+ else if ((CtdlGetConfigInt("c_auth_mode") == AUTHMODE_LDAP) || (CtdlGetConfigInt("c_auth_mode") == AUTHMODE_LDAP_AD)) {
/* LDAP auth mode */
char ldap_cn[256];
char ldap_dn[256];
- found_user = CtdlTryUserLDAP(username, ldap_dn, sizeof ldap_dn, ldap_cn, sizeof ldap_cn, &ldap_uid);
+ found_user = CtdlTryUserLDAP(username, ldap_dn, sizeof ldap_dn, ldap_cn, sizeof ldap_cn, &ldap_uid, 0);
if (found_user != 0) {
return login_not_found;
}
else {
/* native auth mode */
- struct recptypes *valid = NULL;
+ recptypes *valid = NULL;
/* First, try to log in as if the supplied name is a display name */
found_user = CtdlGetUser(&CC->user, username);
struct CitContext *CCC = CC;
CCC->logged_in = 1;
- CON_syslog(LOG_NOTICE, "<%s> logged in\n", CCC->curr_user);
+ syslog(LOG_NOTICE, "<%s> logged in\n", CCC->curr_user);
CtdlGetUserLock(&CCC->user, CCC->curr_user);
++(CCC->user.timescalled);
/* If this user's name is the name of the system administrator
* (as specified in setup), automatically assign access level 6.
*/
- if (!strcasecmp(CCC->user.fullname, config.c_sysadm)) {
+ if (!strcasecmp(CCC->user.fullname, CtdlGetConfigStr("c_sysadm"))) {
CCC->user.axlevel = AxAideU;
}
/* If we're authenticating off the host system, automatically give
* root the highest level of access.
*/
- if (config.c_auth_mode == AUTHMODE_HOST) {
+ if (CtdlGetConfigInt("c_auth_mode") == AUTHMODE_HOST) {
if (CCC->user.uid == 0) {
CCC->user.axlevel = AxAideU;
}
* the vCard module's login hook runs.
*/
snprintf(CCC->cs_inet_email, sizeof CCC->cs_inet_email, "%s@%s",
- CCC->user.fullname, config.c_fqdn);
+ CCC->user.fullname, CtdlGetConfigStr("c_fqdn"));
convert_spaces_to_underscores(CCC->cs_inet_email);
/* Create any personal rooms required by the system.
PerformSessionHooks(EVT_LOGIN);
/* Enter the lobby */
- CtdlUserGoto(config.c_baseroom, 0, 0, NULL, NULL);
+ CtdlUserGoto(CtdlGetConfigStr("c_baseroom"), 0, 0, NULL, NULL, NULL, NULL);
}
{
CitContext *CCC = MyContext();
- CON_syslog(LOG_DEBUG, "CtdlUserLogout() logging out <%s> from session %d",
+ syslog(LOG_DEBUG, "CtdlUserLogout() logging out <%s> from session %d",
CCC->curr_user, CCC->cs_pid
);
- /*
- * If there is a download in progress, abort it.
- */
- if (CCC->download_fp != NULL) {
- fclose(CCC->download_fp);
- CCC->download_fp = NULL;
- }
-
- /*
- * If there is an upload in progress, abort it.
- */
- if (CCC->upload_fp != NULL) {
- abort_upl(CCC);
- }
-
/* Run any hooks registered by modules... */
PerformSessionHooks(EVT_LOGOUT);
int rv = 0;
if (IsEmptyStr(pass)) {
- CON_syslog(LOG_DEBUG, "Refusing to chkpwd for uid=%d with empty password.\n", uid);
+ syslog(LOG_DEBUG, "Refusing to chkpwd for uid=%d with empty password.\n", uid);
return 0;
}
- CON_syslog(LOG_DEBUG, "Validating password for uid=%d using chkpwd...\n", uid);
+ syslog(LOG_DEBUG, "Validating password for uid=%d using chkpwd...\n", uid);
begin_critical_section(S_CHKPWD);
rv = write(chkpwd_write_pipe[1], &uid, sizeof(uid_t));
if (rv == -1) {
- CON_syslog(LOG_EMERG, "Communicatino with chkpwd broken: %s\n", strerror(errno));
+ syslog(LOG_EMERG, "Communicatino with chkpwd broken: %s\n", strerror(errno));
end_critical_section(S_CHKPWD);
return 0;
}
rv = write(chkpwd_write_pipe[1], pass, 256);
if (rv == -1) {
- CON_syslog(LOG_EMERG, "Communicatino with chkpwd broken: %s\n", strerror(errno));
+ syslog(LOG_EMERG, "Communicatino with chkpwd broken: %s\n", strerror(errno));
end_critical_section(S_CHKPWD);
return 0;
}
rv = read(chkpwd_read_pipe[0], buf, 4);
if (rv == -1) {
- CON_syslog(LOG_EMERG, "Communicatino with chkpwd broken: %s\n", strerror(errno));
+ syslog(LOG_EMERG, "Communicatino with chkpwd broken: %s\n", strerror(errno));
end_critical_section(S_CHKPWD);
return 0;
}
end_critical_section(S_CHKPWD);
if (!strncmp(buf, "PASS", 4)) {
- CONM_syslog(LOG_DEBUG, "...pass\n");
+ syslog(LOG_DEBUG, "...pass\n");
return(1);
}
- CONM_syslog(LOG_DEBUG, "...fail\n");
+ syslog(LOG_DEBUG, "...fail\n");
return 0;
}
struct stat filestats;
int i;
- CONM_syslog(LOG_DEBUG, "Starting chkpwd daemon for host authentication mode\n");
+ syslog(LOG_DEBUG, "Starting chkpwd daemon for host authentication mode\n");
if ((stat(file_chkpwd, &filestats)==-1) ||
(filestats.st_size==0)){
abort();
}
if (pipe(chkpwd_write_pipe) != 0) {
- CON_syslog(LOG_EMERG, "Unable to create pipe for chkpwd daemon: %s\n", strerror(errno));
+ syslog(LOG_EMERG, "Unable to create pipe for chkpwd daemon: %s\n", strerror(errno));
abort();
}
if (pipe(chkpwd_read_pipe) != 0) {
- CON_syslog(LOG_EMERG, "Unable to create pipe for chkpwd daemon: %s\n", strerror(errno));
+ syslog(LOG_EMERG, "Unable to create pipe for chkpwd daemon: %s\n", strerror(errno));
abort();
}
chkpwd_pid = fork();
if (chkpwd_pid < 0) {
- CON_syslog(LOG_EMERG, "Unable to fork chkpwd daemon: %s\n", strerror(errno));
+ syslog(LOG_EMERG, "Unable to fork chkpwd daemon: %s\n", strerror(errno));
abort();
}
if (chkpwd_pid == 0) {
- CONM_syslog(LOG_DEBUG, "Now calling dup2() write\n");
+ syslog(LOG_DEBUG, "Now calling dup2() write\n");
dup2(chkpwd_write_pipe[0], 0);
- CONM_syslog(LOG_DEBUG, "Now calling dup2() write\n");
+ syslog(LOG_DEBUG, "Now calling dup2() write\n");
dup2(chkpwd_read_pipe[1], 1);
- CONM_syslog(LOG_DEBUG, "Now closing stuff\n");
+ syslog(LOG_DEBUG, "Now closing stuff\n");
for (i=2; i<256; ++i) close(i);
- CON_syslog(LOG_DEBUG, "Now calling execl(%s)\n", file_chkpwd);
+ syslog(LOG_DEBUG, "Now calling execl(%s)\n", file_chkpwd);
execl(file_chkpwd, file_chkpwd, NULL);
- CON_syslog(LOG_EMERG, "Unable to exec chkpwd daemon: %s\n", strerror(errno));
+ syslog(LOG_EMERG, "Unable to exec chkpwd daemon: %s\n", strerror(errno));
abort();
exit(errno);
}
CitContext *CCC = CC;
if ((CCC->logged_in)) {
- CONM_syslog(LOG_WARNING, "CtdlTryPassword: already logged in\n");
+ syslog(LOG_WARNING, "CtdlTryPassword: already logged in\n");
return pass_already_logged_in;
}
if (!strcmp(CCC->curr_user, NLI)) {
- CONM_syslog(LOG_WARNING, "CtdlTryPassword: no user selected\n");
+ syslog(LOG_WARNING, "CtdlTryPassword: no user selected\n");
return pass_no_user;
}
if (CtdlGetUser(&CCC->user, CCC->curr_user)) {
- CONM_syslog(LOG_ERR, "CtdlTryPassword: internal error\n");
+ syslog(LOG_ERR, "CtdlTryPassword: internal error\n");
return pass_internal_error;
}
if (password == NULL) {
- CONM_syslog(LOG_INFO, "CtdlTryPassword: NULL password string supplied\n");
+ syslog(LOG_INFO, "CtdlTryPassword: NULL password string supplied\n");
return pass_wrong_password;
}
if (CCC->is_master) {
- code = strcmp(password, config.c_master_pass);
+ code = strcmp(password, CtdlGetConfigStr("c_master_pass"));
}
- else if (config.c_auth_mode == AUTHMODE_HOST) {
+ else if (CtdlGetConfigInt("c_auth_mode") == AUTHMODE_HOST) {
/* host auth mode */
}
#ifdef HAVE_LDAP
- else if ((config.c_auth_mode == AUTHMODE_LDAP) || (config.c_auth_mode == AUTHMODE_LDAP_AD)) {
+ else if ((CtdlGetConfigInt("c_auth_mode") == AUTHMODE_LDAP) || (CtdlGetConfigInt("c_auth_mode") == AUTHMODE_LDAP_AD)) {
/* LDAP auth mode */
do_login();
return pass_ok;
} else {
- CON_syslog(LOG_WARNING, "Bad password specified for <%s> Service <%s> Port <%ld> Remote <%s / %s>\n",
+ syslog(LOG_WARNING, "Bad password specified for <%s> Service <%s> Port <%ld> Remote <%s / %s>\n",
CCC->curr_user,
CCC->ServiceName,
CCC->tcp_port,
*/
int purge_user(char pname[])
{
- char filename[64];
struct ctdluser usbuf;
char usernamekey[USERNAME_SIZE];
return (ERROR + NO_SUCH_USER);
if (CtdlGetUser(&usbuf, pname) != 0) {
- CON_syslog(LOG_ERR, "Cannot purge user <%s> - not found\n", pname);
+ syslog(LOG_ERR, "Cannot purge user <%s> - not found\n", pname);
return (ERROR + NO_SUCH_USER);
}
/* Don't delete a user who is currently logged in. Instead, just
* during the next purge.
*/
if (CtdlIsUserLoggedInByNum(usbuf.usernum)) {
- CON_syslog(LOG_WARNING, "User <%s> is logged in; not deleting.\n", pname);
+ syslog(LOG_WARNING, "User <%s> is logged in; not deleting.\n", pname);
usbuf.axlevel = AxDeleted;
CtdlPutUser(&usbuf);
return (1);
}
- CON_syslog(LOG_NOTICE, "Deleting user <%s>\n", pname);
+ syslog(LOG_NOTICE, "Deleting user <%s>\n", pname);
/*
* FIXME:
/* delete the userlog entry */
cdb_delete(CDB_USERS, usernamekey, strlen(usernamekey));
- /* remove the user's bio file */
- snprintf(filename,
- sizeof filename,
- "%s/%ld",
- ctdl_bio_dir,
- usbuf.usernum);
- unlink(filename);
-
- /* remove the user's picture */
- snprintf(filename,
- sizeof filename,
- "%s/%ld.gif",
- ctdl_image_dir,
- usbuf.usernum);
- unlink(filename);
-
return (0);
}
usbuf->timescalled = 0;
usbuf->posted = 0;
- usbuf->axlevel = config.c_initax;
+ usbuf->axlevel = CtdlGetConfigInt("c_initax");
usbuf->lastcall = time(NULL);
/* fetch a new user number */
strproc(username);
- if (config.c_auth_mode == AUTHMODE_HOST) {
+ if (CtdlGetConfigInt("c_auth_mode") == AUTHMODE_HOST) {
/* host auth mode */
}
#ifdef HAVE_LDAP
- if ((config.c_auth_mode == AUTHMODE_LDAP) || (config.c_auth_mode == AUTHMODE_LDAP_AD)) {
- if (CtdlTryUserLDAP(username, NULL, 0, username, sizeof username, &uid) != 0) {
+ if ((CtdlGetConfigInt("c_auth_mode") == AUTHMODE_LDAP) || (CtdlGetConfigInt("c_auth_mode") == AUTHMODE_LDAP_AD)) {
+ if (CtdlTryUserLDAP(username, NULL, 0, username, sizeof username, &uid, 0) != 0) {
return(ERROR + NO_SUCH_USER);
}
}
CC->cs_addr
);
CtdlAideMessage(buf, "User Creation Notice");
- CON_syslog(LOG_NOTICE, "New user <%s> created\n", username);
+ syslog(LOG_NOTICE, "New user <%s> created\n", username);
return (0);
}
CtdlGetUserLock(&CC->user, CC->curr_user);
safestrncpy(CC->user.password, new_pw, sizeof(CC->user.password));
CtdlPutUserLock(&CC->user);
- CON_syslog(LOG_INFO, "Password changed for user <%s>\n", CC->curr_user);
+ syslog(LOG_INFO, "Password changed for user <%s>\n", CC->curr_user);
PerformSessionHooks(EVT_SETPASS);
}
visit vbuf;
/* On some systems, Admins are not allowed to forget rooms */
- if (is_aide() && (config.c_aide_zap == 0)
+ if (is_aide() && (CtdlGetConfigInt("c_aide_zap") == 0)
&& ((CC->room.QRflags & QR_MAILBOX) == 0) ) {
return(1);
}
CtdlPutUserLock(&CC->user);
/* Return to the Lobby, so we don't end up in an undefined room */
- CtdlUserGoto(config.c_baseroom, 0, 0, NULL, NULL);
+ CtdlUserGoto(CtdlGetConfigStr("c_baseroom"), 0, 0, NULL, NULL, NULL, NULL);
return(0);
}