/* $Id$ */
-/* needed to properly enable crypt() stuff on some systems */
-#define _XOPEN_SOURCE
-/* needed for str[n]casecmp() on some systems if the above is defined */
-#define _XOPEN_SOURCE_EXTENDED
-/* needed to enable threads on some systems if the above are defined */
-#define _POSIX_C_SOURCE 199506L
-
+#include "sysdep.h"
+#include <errno.h>
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <signal.h>
#include <pwd.h>
#include <sys/types.h>
+#include <sys/wait.h>
#include <sys/time.h>
#include <string.h>
#include <syslog.h>
#include <limits.h>
-#include <pthread.h>
+#ifndef ENABLE_CHKPWD
+#include "auth.h"
+#endif
#include "citadel.h"
#include "server.h"
#include "database.h"
#include "msgbase.h"
#include "config.h"
#include "dynloader.h"
-#include "sysdep.h"
+#include "tools.h"
/*
int a;
struct cdbdata *cdbus;
- bzero(usbuf, sizeof(struct usersupp));
+ memset(usbuf, 0, sizeof(struct usersupp));
for (a=0; a<=strlen(name); ++a) {
- lowercase_name[a] = tolower(name[a]);
+ if (a < sizeof(lowercase_name))
+ lowercase_name[a] = tolower(name[a]);
}
+ lowercase_name[sizeof(lowercase_name)-1] = 0;
cdbus = cdb_fetch(CDB_USERSUPP, lowercase_name, strlen(lowercase_name));
if (cdbus == NULL) {
/*
* putuser() - write user buffer into the correct place on disk
*/
-void putuser(struct usersupp *usbuf, char *name)
+void putuser(struct usersupp *usbuf)
{
char lowercase_name[32];
int a;
- for (a=0; a<=strlen(name); ++a) {
- lowercase_name[a] = tolower(name[a]);
+ for (a=0; a<=strlen(usbuf->fullname); ++a) {
+ if (a < sizeof(lowercase_name))
+ lowercase_name[a] = tolower(usbuf->fullname[a]);
}
+ lowercase_name[sizeof(lowercase_name)-1] = 0;
+ usbuf->version = config.c_setup_level;
cdb_store(CDB_USERSUPP,
lowercase_name, strlen(lowercase_name),
usbuf, sizeof(struct usersupp));
/*
* lputuser() - same as putuser() but locks the record
*/
-void lputuser(struct usersupp *usbuf, char *name) {
- putuser(usbuf,name);
+void lputuser(struct usersupp *usbuf) {
+ putuser(usbuf);
end_critical_section(S_USERSUPP);
}
* Index-generating function used by Ctdl[Get|Set]Relationship
*/
int GenerateRelationshipIndex( char *IndexBuf,
- struct usersupp *rel_user,
- struct quickroom *rel_room) {
+ long RoomID,
+ long RoomGen,
+ long UserID) {
struct {
- long RoomID;
- long RoomGen;
- long UserID;
+ long iRoomID;
+ long iRoomGen;
+ long iUserID;
} TheIndex;
- TheIndex.RoomID = rel_room->QRnumber;
- TheIndex.RoomGen = rel_room->QRgen;
- TheIndex.UserID = rel_user->usernum;
+ TheIndex.iRoomID = RoomID;
+ TheIndex.iRoomGen = RoomGen;
+ TheIndex.iUserID = UserID;
memcpy(IndexBuf, &TheIndex, sizeof(TheIndex));
return(sizeof(TheIndex));
newvisit->v_usernum = rel_user->usernum;
/* Generate an index */
- IndexLen = GenerateRelationshipIndex(IndexBuf, rel_user, rel_room);
+ IndexLen = GenerateRelationshipIndex(IndexBuf,
+ rel_room->QRnumber,
+ rel_room->QRgen,
+ rel_user->usernum);
/* Store the record */
cdb_store(CDB_VISIT, IndexBuf, IndexLen,
struct cdbdata *cdbvisit;
/* Generate an index */
- IndexLen = GenerateRelationshipIndex(IndexBuf, rel_user, rel_room);
+ IndexLen = GenerateRelationshipIndex(IndexBuf,
+ rel_room->QRnumber,
+ rel_room->QRgen,
+ rel_user->usernum);
/* Clear out the buffer */
- bzero(vbuf, sizeof(struct visit));
+ memset(vbuf, 0, sizeof(struct visit));
cdbvisit = cdb_fetch(CDB_VISIT, IndexBuf, IndexLen);
if (cdbvisit != NULL) {
}
-void PurgeStaleRelationships(void) {
-
- /********* REWRITE THIS FOR GLOBAL USE AND MOVE IT TO THE PURGE MODULE
- struct cdbdata *cdbvisit;
- struct visit *visits;
- struct quickroom qrbuf;
- int num_visits;
- int a, purge;
-
- cdbvisit = cdb_fetch(CDB_VISIT, &CC->usersupp.usernum, sizeof(long));
- if (cdbvisit != NULL) {
- if ((num_visits = cdbvisit->len / sizeof(struct visit)) == 0) {
- cdb_free(cdbvisit);
- return;
- }
- visits = (struct visit *)
- malloc(num_visits * sizeof(struct visit));
- memcpy(visits, cdbvisit->ptr,
- (num_visits * sizeof(struct visit)));
- cdb_free(cdbvisit);
- }
- else return;
-
- for (a=0; a<num_visits; ++a) {
- if (getroom(&qrbuf, visits[a].v_roomname)!=0) {
- purge = 1;
- }
- else if (qrbuf.QRgen != visits[a].v_generation) {
- purge = 1;
- }
- else {
- purge = 0;
- }
-
- if (purge) {
- memcpy(&visits[a], &visits[a+1],
- (((num_visits-a)-1) * sizeof(struct visit)) );
- --num_visits;
- }
-
- }
-
- cdb_store(CDB_VISIT, &CC->usersupp.usernum, sizeof(long),
- visits, (num_visits * sizeof(struct visit)));
- free(visits);
- **************/
- }
-
-
-
void MailboxName(char *buf, struct usersupp *who, char *prefix) {
sprintf(buf, "%010ld.%s", who->usernum, prefix);
}
cdb_rewind(CDB_USERSUPP);
while(cdbus = cdb_next_item(CDB_USERSUPP), cdbus != NULL) {
- bzero(usbuf, sizeof(struct usersupp));
+ memset(usbuf, 0, sizeof(struct usersupp));
memcpy(usbuf, cdbus->ptr,
( (cdbus->len > sizeof(struct usersupp)) ?
sizeof(struct usersupp) : cdbus->len) );
CC->fake_postname[0] = '\0';
CC->fake_hostname[0] = '\0';
CC->fake_roomname[0] = '\0';
- CC->last_pager[0] = '\0';
time(&CC->usersupp.lastcall);
/* If this user's name is the name of the system administrator
CC->usersupp.axlevel = 6;
}
- lputuser(&CC->usersupp,CC->curr_user);
+ lputuser(&CC->usersupp);
/* Run any cleanup routines registered by loadable modules */
PerformSessionHooks(EVT_LOGIN);
PerformSessionHooks(EVT_LOGOUT);
}
+#ifdef ENABLE_CHKPWD
+/*
+ * an alternate version of validpw() which executes `chkpwd' instead of
+ * verifying the password directly
+ */
+static int validpw(uid_t uid, const char *pass)
+{
+ pid_t pid;
+ int status, pipev[2];
+ char buf[24];
+
+ if (pipe(pipev)) {
+ lprintf(1, "pipe failed (%s): denying autologin access for "
+ "uid %u\n", strerror(errno), uid);
+ return 0;
+ }
+
+ switch (pid = fork()) {
+ case -1:
+ lprintf(1, "fork failed (%s): denying autologin access for "
+ "uid %u\n", strerror(errno), uid);
+ close(pipev[0]);
+ close(pipev[1]);
+ return 0;
+
+ case 0:
+ close(pipev[1]);
+ if (dup2(pipev[0], 0) == -1) {
+ perror("dup2");
+ exit(1);
+ }
+ close(pipev[0]);
+
+ execl(BBSDIR "/chkpwd", BBSDIR "/chkpwd", NULL);
+ perror(BBSDIR "/chkpwd");
+ exit(1);
+ }
+
+ close(pipev[0]);
+ write(pipev[1], buf, sprintf(buf, "%u\n", uid));
+ write(pipev[1], pass, strlen(pass));
+ write(pipev[1], "\n", 1);
+ close(pipev[1]);
+
+ while (waitpid(pid, &status, 0) == -1)
+ if (errno != EINTR) {
+ lprintf(1, "waitpid failed (%s): denying autologin "
+ "access for uid %u\n",
+ strerror(errno), uid);
+ return 0;
+ }
+
+ if (WIFEXITED(status) && !WEXITSTATUS(status))
+ return 1;
+
+ return 0;
+ }
+#endif
void cmd_pass(char *buf)
{
char password[256];
int code;
- struct passwd *p;
extract(password,buf,0);
}
code = (-1);
- if (CC->usersupp.USuid == BBSUID) {
+ if (CC->usersupp.uid == BBSUID) {
strproc(password);
strproc(CC->usersupp.password);
code = strcasecmp(CC->usersupp.password,password);
}
- else {
- p = (struct passwd *)getpwuid(CC->usersupp.USuid);
#ifdef ENABLE_AUTOLOGIN
- if (p!=NULL) {
- if (!strcmp(p->pw_passwd,
- (char *)crypt(password,p->pw_passwd))) {
- code = 0;
- lgetuser(&CC->usersupp, CC->curr_user);
- strcpy(CC->usersupp.password, password);
- lputuser(&CC->usersupp, CC->curr_user);
- }
+ else {
+ if (validpw(CC->usersupp.uid, password)) {
+ code = 0;
+ lgetuser(&CC->usersupp, CC->curr_user);
+ safestrncpy(CC->usersupp.password, password,
+ sizeof CC->usersupp.password);
+ lputuser(&CC->usersupp);
}
-#endif
}
+#endif
if (!code) {
(CC->logged_in) = 1;
*/
int purge_user(char pname[]) {
char filename[64];
- char mailboxname[ROOMNAMELEN];
struct usersupp usbuf;
- struct quickroom qrbuf;
char lowercase_name[32];
int a;
+ struct CitContext *ccptr;
+ int user_is_logged_in = 0;
for (a=0; a<=strlen(pname); ++a) {
lowercase_name[a] = tolower(pname[a]);
return(ERROR+NO_SUCH_USER);
}
- lprintf(5, "Deleting user <%s>\n", pname);
+ /* Don't delete a user who is currently logged in. Instead, just
+ * set the access level to 0, and let the account get swept up
+ * during the next purge.
+ */
+ user_is_logged_in = 0;
+ begin_critical_section(S_SESSION_TABLE);
+ for (ccptr=ContextList; ccptr!=NULL; ccptr=ccptr->next) {
+ if (ccptr->usersupp.usernum == usbuf.usernum) {
+ user_is_logged_in = 1;
+ }
+ }
+ end_critical_section(S_SESSION_TABLE);
+ if (user_is_logged_in == 1) {
+ lprintf(5, "User <%s> is logged in; not deleting.\n", pname);
+ usbuf.axlevel = 0;
+ putuser(&usbuf);
+ return(1);
+ }
- /* FIX Don't delete a user who is currently logged in. */
+ lprintf(5, "Deleting user <%s>\n", pname);
/* Perform any purge functions registered by server extensions */
PerformUserHooks(usbuf.fullname, usbuf.usernum, EVT_PURGEUSER);
/* delete any existing user/room relationships */
cdb_delete(CDB_VISIT, &usbuf.usernum, sizeof(long));
- /* Delete the user's mailbox and its contents */
- MailboxName(mailboxname, &usbuf, MAILROOM);
- if (getroom(&qrbuf, mailboxname)==0) {
- delete_room(&qrbuf);
- }
-
/* delete the userlog entry */
cdb_delete(CDB_USERSUPP, lowercase_name, strlen(lowercase_name));
for (a=0; a<strlen(username); ++a) {
if (username[a] == ',') username[a] = 0;
}
- CC->usersupp.USuid = p->pw_uid;
+ CC->usersupp.uid = p->pw_uid;
}
else {
- CC->usersupp.USuid = BBSUID;
+ CC->usersupp.uid = BBSUID;
}
if (!getuser(&usbuf,username)) {
CC->usersupp.USscreenwidth = 80;
CC->usersupp.USscreenheight = 24;
time(&CC->usersupp.lastcall);
- strcpy(CC->usersupp.USname, "");
- strcpy(CC->usersupp.USaddr, "");
- strcpy(CC->usersupp.UScity, "");
- strcpy(CC->usersupp.USstate, "");
- strcpy(CC->usersupp.USzip, "");
- strcpy(CC->usersupp.USphone, "");
/* fetch a new user number */
CC->usersupp.usernum = get_new_user_number();
}
/* add user to userlog */
- putuser(&CC->usersupp,CC->curr_user);
+ putuser(&CC->usersupp);
if (getuser(&CC->usersupp,CC->curr_user)) {
return(ERROR+INTERNAL_ERROR);
}
cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
return;
}
- if (CC->usersupp.USuid != BBSUID) {
+ if (CC->usersupp.uid != BBSUID) {
cprintf("%d Not allowed. Use the 'passwd' command.\n",ERROR);
return;
}
}
lgetuser(&CC->usersupp,CC->curr_user);
strcpy(CC->usersupp.password,new_pw);
- lputuser(&CC->usersupp,CC->curr_user);
+ lputuser(&CC->usersupp);
cprintf("%d Password changed.\n",OK);
rec_log(CL_PWCHANGE,CC->curr_user);
PerformSessionHooks(EVT_SETPASS);
CC->usersupp.flags = CC->usersupp.flags & (~US_USER_SET);
CC->usersupp.flags = CC->usersupp.flags |
(extract_int(new_parms,2) & US_USER_SET);
- lputuser(&CC->usersupp,CC->curr_user);
+ lputuser(&CC->usersupp);
cprintf("%d Ok\n",OK);
}
vbuf.v_lastseen = newlr;
CtdlSetRelationship(&vbuf, &CC->usersupp, &CC->quickroom);
- lputuser(&CC->usersupp, CC->curr_user);
+ lputuser(&CC->usersupp);
cprintf("%d %ld\n",OK,newlr);
}
CtdlSetRelationship(&vbuf, &USscratch, &CC->quickroom);
- lputuser(&USscratch,iuser);
+ lputuser(&USscratch);
/* post a message in Aide> saying what we just did */
- sprintf(bbb,"%s %s %s> by %s",
+ sprintf(bbb,"%s %s %s> by %s\n",
iuser,
((op == 1) ? "invited to" : "kicked out of"),
CC->quickroom.QRname,
CtdlGetRelationship(&vbuf, &CC->usersupp, &CC->quickroom);
vbuf.v_flags = vbuf.v_flags | V_FORGET;
+ vbuf.v_flags = vbuf.v_flags & ~V_ACCESS;
CtdlSetRelationship(&vbuf, &CC->usersupp, &CC->quickroom);
- lputuser(&CC->usersupp,CC->curr_user);
+ lputuser(&CC->usersupp);
cprintf("%d Ok\n",OK);
usergoto(BASEROOM, 0);
}
*/
cdb_rewind(CDB_USERSUPP);
while (cdbus = cdb_next_item(CDB_USERSUPP), cdbus != NULL) {
- bzero(&usbuf, sizeof(struct usersupp));
+ memset(&usbuf, 0, sizeof(struct usersupp));
memcpy(&usbuf, cdbus->ptr,
( (cdbus->len > sizeof(struct usersupp)) ?
sizeof(struct usersupp) : cdbus->len) );
}
-/*
- * get registration info for a user
- */
-void cmd_greg(char *who)
-{
- struct usersupp usbuf;
- int a,b;
- char pbuf[32];
-
- if (!(CC->logged_in)) {
- cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
- return;
- }
-
- if (!strcasecmp(who,"_SELF_")) strcpy(who,CC->curr_user);
-
- if ((CC->usersupp.axlevel < 6) && (strcasecmp(who,CC->curr_user))) {
- cprintf("%d Higher access required.\n",
- ERROR+HIGHER_ACCESS_REQUIRED);
- return;
- }
-
- if (getuser(&usbuf,who) != 0) {
- cprintf("%d '%s' not found.\n",ERROR+NO_SUCH_USER,who);
- return;
- }
-
- cprintf("%d %s\n",LISTING_FOLLOWS,usbuf.fullname);
- cprintf("%ld\n",usbuf.usernum);
- cprintf("%s\n",usbuf.password);
- cprintf("%s\n",usbuf.USname);
- cprintf("%s\n",usbuf.USaddr);
- cprintf("%s\n%s\n%s\n",
- usbuf.UScity,usbuf.USstate,usbuf.USzip);
- strcpy(pbuf,usbuf.USphone);
- usbuf.USphone[0]=0;
- for (a=0; a<strlen(pbuf); ++a) {
- if ((pbuf[a]>='0')&&(pbuf[a]<='9')) {
- b=strlen(usbuf.USphone);
- usbuf.USphone[b]=pbuf[a];
- usbuf.USphone[b+1]=0;
- }
- }
- while(strlen(usbuf.USphone)<10) {
- strcpy(pbuf,usbuf.USphone);
- strcpy(usbuf.USphone," ");
- strcat(usbuf.USphone,pbuf);
- }
-
- cprintf("(%c%c%c) %c%c%c-%c%c%c%c\n",
- usbuf.USphone[0],usbuf.USphone[1],
- usbuf.USphone[2],usbuf.USphone[3],
- usbuf.USphone[4],usbuf.USphone[5],
- usbuf.USphone[6],usbuf.USphone[7],
- usbuf.USphone[8],usbuf.USphone[9]);
-
- cprintf("%d\n",usbuf.axlevel);
- cprintf("%s\n",usbuf.USemail);
- cprintf("000\n");
- }
-
/*
* validate a user
*/
userbuf.axlevel = newax;
userbuf.flags = (userbuf.flags & ~US_NEEDVALID);
- lputuser(&userbuf,user);
+ lputuser(&userbuf);
/* If the access level was set to zero, delete the user */
if (newax == 0) {
cdb_rewind(CDB_USERSUPP);
while(cdbus = cdb_next_item(CDB_USERSUPP), cdbus != NULL) {
- bzero(&usbuf, sizeof(struct usersupp));
+ memset(&usbuf, 0, sizeof(struct usersupp));
memcpy(&usbuf, cdbus->ptr,
( (cdbus->len > sizeof(struct usersupp)) ?
sizeof(struct usersupp) : cdbus->len) );
}
-/*
- * enter registration info
- */
-void cmd_regi(void) {
- int a,b,c;
- char buf[256];
-
- char tmpname[256];
- char tmpaddr[256];
- char tmpcity[256];
- char tmpstate[256];
- char tmpzip[256];
- char tmpphone[256];
- char tmpemail[256];
-
- if (!(CC->logged_in)) {
- cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
- return;
- }
-
- strcpy(tmpname,"");
- strcpy(tmpaddr,"");
- strcpy(tmpcity,"");
- strcpy(tmpstate,"");
- strcpy(tmpzip,"");
- strcpy(tmpphone,"");
- strcpy(tmpemail,"");
-
- cprintf("%d Send registration...\n",SEND_LISTING);
- a=0;
- while (client_gets(buf), strcmp(buf,"000")) {
- if (a==0) strcpy(tmpname,buf);
- if (a==1) strcpy(tmpaddr,buf);
- if (a==2) strcpy(tmpcity,buf);
- if (a==3) strcpy(tmpstate,buf);
- if (a==4) {
- for (c=0; c<strlen(buf); ++c) {
- if ((buf[c]>='0')&&(buf[c]<='9')) {
- b=strlen(tmpzip);
- tmpzip[b]=buf[c];
- tmpzip[b+1]=0;
- }
- }
- }
- if (a==5) {
- for (c=0; c<strlen(buf); ++c) {
- if ((buf[c]>='0')&&(buf[c]<='9')) {
- b=strlen(tmpphone);
- tmpphone[b]=buf[c];
- tmpphone[b+1]=0;
- }
- }
- }
- if (a==6) strncpy(tmpemail,buf,31);
- ++a;
- }
-
- tmpname[29]=0;
- tmpaddr[24]=0;
- tmpcity[14]=0;
- tmpstate[2]=0;
- tmpzip[9]=0;
- tmpphone[10]=0;
- tmpemail[31]=0;
-
- lgetuser(&CC->usersupp,CC->curr_user);
- strcpy(CC->usersupp.USname,tmpname);
- strcpy(CC->usersupp.USaddr,tmpaddr);
- strcpy(CC->usersupp.UScity,tmpcity);
- strcpy(CC->usersupp.USstate,tmpstate);
- strcpy(CC->usersupp.USzip,tmpzip);
- strcpy(CC->usersupp.USphone,tmpphone);
- strcpy(CC->usersupp.USemail,tmpemail);
- CC->usersupp.flags=(CC->usersupp.flags|US_REGIS|US_NEEDVALID);
- lputuser(&CC->usersupp,CC->curr_user);
-
- /* set global flag calling for validation */
- begin_critical_section(S_CONTROL);
- get_control();
- CitControl.MMflags = CitControl.MMflags | MM_VALID ;
- put_control();
- end_critical_section(S_CONTROL);
- cprintf("%d *** End of registration.\n",OK);
- }
/*
usbuf.USuserpurge = extract_int(cmdbuf, 8);
}
- lputuser(&usbuf, requested_user);
+ lputuser(&usbuf);
if (usbuf.axlevel == 0) {
if (purge_user(requested_user)==0) {
cprintf("%d %s deleted.\n", OK, requested_user);
int NewMailCount() {
int num_newmsgs = 0;
int a;
- char mailboxname[32];
+ char mailboxname[ROOMNAMELEN];
struct quickroom mailbox;
struct visit vbuf;
+ struct cdbdata *cdbfr;
+ long *msglist = NULL;
+ int num_msgs = 0;
MailboxName(mailboxname, &CC->usersupp, MAILROOM);
if (getroom(&mailbox, mailboxname)!=0) return(0);
CtdlGetRelationship(&vbuf, &CC->usersupp, &mailbox);
- get_msglist(&mailbox);
- for (a=0; a<CC->num_msgs; ++a) {
- if (MessageFromList(a)>0L) {
- if (MessageFromList(a) > vbuf.v_lastseen) {
+ cdbfr = cdb_fetch(CDB_MSGLISTS, &mailbox.QRnumber, sizeof(long));
+
+ if (cdbfr != NULL) {
+ msglist = mallok(cdbfr->len);
+ memcpy(msglist, cdbfr->ptr, cdbfr->len);
+ num_msgs = cdbfr->len / sizeof(long);
+ cdb_free(cdbfr);
+ }
+
+ if (num_msgs > 0) for (a=0; a<num_msgs; ++a) {
+ if (msglist[a]>0L) {
+ if (msglist[a] > vbuf.v_lastseen) {
++num_newmsgs;
}
}
}
+ if (msglist != NULL) phree(msglist);
+
return(num_newmsgs);
}
projects / citadel.git / blobdiff