* Removed all of the thread cancellation cruft that is no longer necessary

[citadel.git] / citadel / user_ops.c

diff --git a/citadel/user_ops.c b/citadel/user_ops.c
index 6f6df898a47c33d6183b70ab4e1ce9e709eefc76..5cf386354cdb7c410d70e23e92b7f7c4b1da78b9 100644 (file)
--- a/citadel/user_ops.c
+++ b/citadel/user_ops.c
@@ -1,6 +1,7 @@
-/* needed to properly enable crypt() stuff on some systems */
-#define _XOPEN_SOURCE
+/* $Id$ */
 
+#include "sysdep.h"
+#include <errno.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <stdio.h>
@@ -8,38 +9,28 @@
 #include <signal.h>
 #include <pwd.h>
 #include <sys/types.h>
+#include <sys/wait.h>
 #include <sys/time.h>
 #include <string.h>
 #include <syslog.h>
-#include <pthread.h>
+#include <limits.h>
+#ifndef ENABLE_CHKPWD
+#include "auth.h"
+#endif
 #include "citadel.h"
 #include "server.h"
-#include "proto.h"
-
-extern struct config config;
-
-
-/*
- * pwcrypt()  -  simple password encryption
- */
-void pwcrypt(char *text, int code)
-{
-       int a;
-       for (a=0; a<strlen(text); ++a) text[a]=(text[a]^(((code|128)^a)&0xFF));
-       }
-
-
-/*
- * hash()  -  hash table function for user lookup
- */
-int hash(char *str)
-{
-       int h = 0;
-       int i;
-
-       for (i=0; i<strlen(str); ++i) h=h+((i+1)*tolower(str[i]));
-       return(h);
-       }
+#include "database.h"
+#include "user_ops.h"
+#include "sysdep_decls.h"
+#include "support.h"
+#include "room_ops.h"
+#include "logging.h"
+#include "file_ops.h"
+#include "control.h"
+#include "msgbase.h"
+#include "config.h"
+#include "dynloader.h"
+#include "tools.h"
 
 
 /*
@@ -52,17 +43,21 @@ int getuser(struct usersupp *usbuf, char name[]) {
        int a;
        struct cdbdata *cdbus;
 
-       bzero(usbuf, sizeof(struct usersupp));
+       memset(usbuf, 0, sizeof(struct usersupp));
        for (a=0; a<=strlen(name); ++a) {
-               lowercase_name[a] = tolower(name[a]);
+               if (a < sizeof(lowercase_name))
+                       lowercase_name[a] = tolower(name[a]);
                }
+       lowercase_name[sizeof(lowercase_name)-1] = 0;
 
        cdbus = cdb_fetch(CDB_USERSUPP, lowercase_name, strlen(lowercase_name));
-       if (cdbus == NULL) {    /* not found */
-               return(1);
+       if (cdbus == NULL) {
+               return(1);      /* user not found */
                }
 
-       memcpy(usbuf, cdbus->ptr, cdbus->len);
+       memcpy(usbuf, cdbus->ptr,
+               ( (cdbus->len > sizeof(struct usersupp)) ?
+               sizeof(struct usersupp) : cdbus->len) );
        cdb_free(cdbus);
        return(0);
        }
@@ -86,16 +81,20 @@ int lgetuser(struct usersupp *usbuf, char *name)
 /*
  * putuser()  -  write user buffer into the correct place on disk
  */
-void putuser(struct usersupp *usbuf, char *name)
+void putuser(struct usersupp *usbuf)
 {
        char lowercase_name[32];
        int a;
 
-       for (a=0; a<=strlen(name); ++a) {
-               lowercase_name[a] = tolower(name[a]);
+       for (a=0; a<=strlen(usbuf->fullname); ++a) {
+               if (a < sizeof(lowercase_name))
+                       lowercase_name[a] = tolower(usbuf->fullname[a]);
                }
+       lowercase_name[sizeof(lowercase_name)-1] = 0;
 
-       cdb_store(CDB_USERSUPP, lowercase_name, strlen(lowercase_name),
+       usbuf->version = config.c_setup_level;
+       cdb_store(CDB_USERSUPP,
+               lowercase_name, strlen(lowercase_name),
                usbuf, sizeof(struct usersupp));
 
        }
@@ -104,13 +103,98 @@ void putuser(struct usersupp *usbuf, char *name)
 /*
  * lputuser()  -  same as putuser() but locks the record
  */
-void lputuser(struct usersupp *usbuf, char *name)
-{
-       putuser(usbuf,name);
+void lputuser(struct usersupp *usbuf) {
+       putuser(usbuf);
        end_critical_section(S_USERSUPP);
        }
 
+/*
+ * Index-generating function used by Ctdl[Get|Set]Relationship
+ */
+int GenerateRelationshipIndex( char *IndexBuf,
+                               long RoomID,
+                               long RoomGen,
+                               long UserID) {
+
+       struct {
+               long iRoomID;
+               long iRoomGen;
+               long iUserID;
+               } TheIndex;
+
+       TheIndex.iRoomID = RoomID;
+       TheIndex.iRoomGen = RoomGen;
+       TheIndex.iUserID = UserID;
+
+       memcpy(IndexBuf, &TheIndex, sizeof(TheIndex));
+       return(sizeof(TheIndex));
+       }
 
+/*
+ * Define a relationship between a user and a room
+ */
+void CtdlSetRelationship(struct visit *newvisit,
+                       struct usersupp *rel_user,
+                       struct quickroom *rel_room) {
+
+       char IndexBuf[32];
+       int IndexLen;
+
+       /* We don't use these in Citadel because they're implicit by the
+        * index, but they must be present if the database is exported.
+        */
+        newvisit->v_roomnum = rel_room->QRnumber;
+        newvisit->v_roomgen = rel_room->QRgen;
+        newvisit->v_usernum = rel_user->usernum;
+
+       /* Generate an index */
+       IndexLen = GenerateRelationshipIndex(IndexBuf,
+               rel_room->QRnumber,
+               rel_room->QRgen,
+               rel_user->usernum);
+
+       /* Store the record */
+       cdb_store(CDB_VISIT, IndexBuf, IndexLen,
+               newvisit, sizeof(struct visit)
+               );
+       }
+
+/*
+ * Locate a relationship between a user and a room
+ */
+void CtdlGetRelationship(struct visit *vbuf,
+                       struct usersupp *rel_user,
+                       struct quickroom *rel_room) {
+
+       char IndexBuf[32];
+       int IndexLen;
+       struct cdbdata *cdbvisit;
+
+       /* Generate an index */
+       IndexLen = GenerateRelationshipIndex(IndexBuf,
+               rel_room->QRnumber,
+               rel_room->QRgen,
+               rel_user->usernum);
+
+       /* Clear out the buffer */
+       memset(vbuf, 0, sizeof(struct visit));
+
+       cdbvisit = cdb_fetch(CDB_VISIT, IndexBuf, IndexLen);
+       if (cdbvisit != NULL) {
+               memcpy(vbuf, cdbvisit->ptr,
+                       ( (cdbvisit->len > sizeof(struct visit)) ?
+                       sizeof(struct visit) : cdbvisit->len) );
+               cdb_free(cdbvisit);
+               return;
+               }
+       }
+
+
+void MailboxName(char *buf, struct usersupp *who, char *prefix) {
+       sprintf(buf, "%010ld.%s", who->usernum, prefix);
+       }
+
+       
 /*
  * Is the user currently logged in an Aide?
  */
@@ -125,8 +209,12 @@ int is_aide(void) {
  */
 int is_room_aide(void) {
        if ( (CC->usersupp.axlevel >= 6)
-               || (CC->quickroom.QRroomaide == CC->usersupp.usernum) ) return(1);
-       else return(0);
+          || (CC->quickroom.QRroomaide == CC->usersupp.usernum) ) {
+               return(1);
+               }
+       else {
+               return(0);
+               }
        }
 
 /*
@@ -140,8 +228,10 @@ int getuserbynumber(struct usersupp *usbuf, long int number)
        cdb_rewind(CDB_USERSUPP);
 
        while(cdbus = cdb_next_item(CDB_USERSUPP), cdbus != NULL) {
-               bzero(usbuf, sizeof(struct usersupp));
-               memcpy(usbuf, cdbus->ptr, cdbus->len);
+               memset(usbuf, 0, sizeof(struct usersupp));
+               memcpy(usbuf, cdbus->ptr,
+                       ( (cdbus->len > sizeof(struct usersupp)) ?
+                       sizeof(struct usersupp) : cdbus->len) );
                cdb_free(cdbus);
                if (usbuf->usernum == number) {
                        return(0);
@@ -204,52 +294,36 @@ void cmd_user(char *cmdbuf)
  * session startup code which is common to both cmd_pass() and cmd_newu()
  */
 void session_startup(void) {
-       int a;
-       struct quickroom qr;
-
        syslog(LOG_NOTICE,"user <%s> logged in",CC->curr_user);
-       hook_user_login(CC->cs_pid, CC->curr_user);
+
        lgetuser(&CC->usersupp,CC->curr_user);
        ++(CC->usersupp.timescalled);
-       /* <bc> */
        CC->fake_username[0] = '\0';
        CC->fake_postname[0] = '\0';
        CC->fake_hostname[0] = '\0';
        CC->fake_roomname[0] = '\0';
-       CC->last_pager[0] = '\0';
-       /* <bc> */
        time(&CC->usersupp.lastcall);
 
        /* If this user's name is the name of the system administrator
         * (as specified in setup), automatically assign access level 6.
         */
-       if (!strucmp(CC->usersupp.fullname, config.c_sysadm)) {
+       if (!strcasecmp(CC->usersupp.fullname, config.c_sysadm)) {
                CC->usersupp.axlevel = 6;
                }
 
-/* A room's generation number changes each time it is recycled. Users are kept
- * out of private rooms or forget rooms by matching the generation numbers. To
- * avoid an accidental matchup, unmatched numbers are set to -1 here.
- */
-       for (a=0; a<MAXROOMS; ++a) {
-               getroom(&qr,a);
-               if (CC->usersupp.generation[a] != qr.QRgen)
-                                       CC->usersupp.generation[a]=(-1);
-               if (CC->usersupp.forget[a] != qr.QRgen)
-                                       CC->usersupp.forget[a]=(-1);
-               }
+       lputuser(&CC->usersupp);
 
-       lputuser(&CC->usersupp,CC->curr_user);
+        /* Run any cleanup routines registered by loadable modules */
+       PerformSessionHooks(EVT_LOGIN);
 
        cprintf("%d %s|%d|%d|%d|%u|%ld\n",OK,CC->usersupp.fullname,CC->usersupp.axlevel,
                CC->usersupp.timescalled,CC->usersupp.posted,CC->usersupp.flags,
                CC->usersupp.usernum);
-       usergoto(0,0);          /* Enter the lobby */   
+       usergoto(BASEROOM,0);           /* Enter the lobby */   
        rec_log(CL_LOGIN,CC->curr_user);
        }
 
 
-
 /* 
  * misc things to be taken care of when a user is logged out
  */
@@ -263,14 +337,74 @@ void logout(struct CitContext *who)
        if (who->upload_fp != NULL) {
                abort_upl(who);
                }
+
+       /* Do modular stuff... */
+       PerformSessionHooks(EVT_LOGOUT);
        }
 
+#ifdef ENABLE_CHKPWD
+/*
+ * an alternate version of validpw() which executes `chkpwd' instead of
+ * verifying the password directly
+ */
+static int validpw(uid_t uid, const char *pass)
+{
+       pid_t pid;
+       int status, pipev[2];
+       char buf[24];
+
+       if (pipe(pipev)) {
+               lprintf(1, "pipe failed (%s): denying autologin access for "
+                          "uid %u\n", strerror(errno), uid);
+               return 0;
+               }
+
+       switch (pid = fork()) {
+           case -1:
+               lprintf(1, "fork failed (%s): denying autologin access for "
+                          "uid %u\n", strerror(errno), uid);
+               close(pipev[0]);
+               close(pipev[1]);
+               return 0;
+
+           case 0:
+               close(pipev[1]);
+               if (dup2(pipev[0], 0) == -1) {
+                       perror("dup2");
+                       exit(1);
+                       }
+               close(pipev[0]);
+
+               execl(BBSDIR "/chkpwd", BBSDIR "/chkpwd", NULL);
+               perror(BBSDIR "/chkpwd");
+               exit(1);
+               }
+
+       close(pipev[0]);
+       write(pipev[1], buf, sprintf(buf, "%u\n", uid));
+       write(pipev[1], pass, strlen(pass));
+       write(pipev[1], "\n", 1);
+       close(pipev[1]);
+
+       while (waitpid(pid, &status, 0) == -1)
+               if (errno != EINTR) {
+                       lprintf(1, "waitpid failed (%s): denying autologin "
+                                  "access for uid %u\n",
+                               strerror(errno), uid);
+                       return 0;
+                       }
+
+       if (WIFEXITED(status) && !WEXITSTATUS(status))
+               return 1;
+
+       return 0;
+       }
+#endif
 
 void cmd_pass(char *buf)
 {
        char password[256];
        int code;
-       struct passwd *p;
 
        extract(password,buf,0);
 
@@ -288,28 +422,22 @@ void cmd_pass(char *buf)
                }
 
        code = (-1);
-       if (CC->usersupp.USuid == BBSUID) {
+       if (CC->usersupp.uid == BBSUID) {
                strproc(password);
-               pwcrypt(CC->usersupp.password,config.c_pwcrypt);
                strproc(CC->usersupp.password);
-               code = strucmp(CC->usersupp.password,password);
-               pwcrypt(CC->usersupp.password,config.c_pwcrypt);
+               code = strcasecmp(CC->usersupp.password,password);
                }
-       else {
-               p = (struct passwd *)getpwuid(CC->usersupp.USuid);
 #ifdef ENABLE_AUTOLOGIN
-               if (p!=NULL) {
-                       if (!strcmp(p->pw_passwd,
-                          (char *)crypt(password,p->pw_passwd))) {
-                               code = 0;
-                               lgetuser(&CC->usersupp, CC->curr_user);
-                               strcpy(CC->usersupp.password, password);
-                               pwcrypt(CC->usersupp.password, config.c_pwcrypt);
-                               lputuser(&CC->usersupp, CC->curr_user);
-                               }
+       else {
+               if (validpw(CC->usersupp.uid, password)) {
+                       code = 0;
+                       lgetuser(&CC->usersupp, CC->curr_user);
+                       safestrncpy(CC->usersupp.password, password,
+                                   sizeof CC->usersupp.password);
+                       lputuser(&CC->usersupp);
                        }
-#endif
                }
+#endif
 
        if (!code) {
                (CC->logged_in) = 1;
@@ -323,28 +451,54 @@ void cmd_pass(char *buf)
 
 
 /*
- * purge related files when removing or overwriting a user record
+ * Delete a user record *and* all of its related resources.
  */
-void purge_user(char *pname) {
+int purge_user(char pname[]) {
        char filename[64];
        struct usersupp usbuf;
+       char lowercase_name[32];
        int a;
+       struct CitContext *ccptr;
+       int user_is_logged_in = 0;
+
+       for (a=0; a<=strlen(pname); ++a) {
+               lowercase_name[a] = tolower(pname[a]);
+               }
 
        if (getuser(&usbuf, pname) != 0) {
                lprintf(5, "Cannot purge user <%s> - not found\n", pname);
-               return;
+               return(ERROR+NO_SUCH_USER);
                }
 
-       /* delete any messages in the user's mailbox */
-       for (a=0; a<MAILSLOTS; ++a) {
-               if (usbuf.mailnum[a] > 0L) {
-                       cdb_delete(CDB_MSGMAIN, &usbuf.mailnum[a],
-                                       sizeof(long));
+       /* Don't delete a user who is currently logged in.  Instead, just
+        * set the access level to 0, and let the account get swept up
+        * during the next purge.
+        */
+       user_is_logged_in = 0;
+       begin_critical_section(S_SESSION_TABLE);
+       for (ccptr=ContextList; ccptr!=NULL; ccptr=ccptr->next) {
+               if (ccptr->usersupp.usernum == usbuf.usernum) {
+                       user_is_logged_in = 1;
                        }
                }
+       end_critical_section(S_SESSION_TABLE);
+       if (user_is_logged_in == 1) {
+               lprintf(5, "User <%s> is logged in; not deleting.\n", pname);
+               usbuf.axlevel = 0;
+               putuser(&usbuf);
+               return(1);
+               }
+
+       lprintf(5, "Deleting user <%s>\n", pname);
+
+       /* Perform any purge functions registered by server extensions */
+       PerformUserHooks(usbuf.fullname, usbuf.usernum, EVT_PURGEUSER);
+
+       /* delete any existing user/room relationships */
+       cdb_delete(CDB_VISIT, &usbuf.usernum, sizeof(long));
 
        /* delete the userlog entry */
-       cdb_delete(CDB_USERSUPP, pname, strlen(pname));
+       cdb_delete(CDB_USERSUPP, lowercase_name, strlen(lowercase_name));
 
        /* remove the user's bio file */        
        sprintf(filename, "./bio/%ld", usbuf.usernum);
@@ -353,7 +507,8 @@ void purge_user(char *pname) {
        /* remove the user's picture */
        sprintf(filename, "./userpics/%ld.gif", usbuf.usernum);
        unlink(filename);
-       
+
+       return(0);
        }
 
 
@@ -366,6 +521,7 @@ int create_user(char *newusername)
        int a;
        struct passwd *p = NULL;
        char username[64];
+       char mailboxname[ROOMNAMELEN];
 
        strcpy(username, newusername);
        strproc(username);
@@ -378,10 +534,10 @@ int create_user(char *newusername)
                for (a=0; a<strlen(username); ++a) {
                        if (username[a] == ',') username[a] = 0;
                        }
-               CC->usersupp.USuid = p->pw_uid;
+               CC->usersupp.uid = p->pw_uid;
                }
        else {
-               CC->usersupp.USuid = BBSUID;
+               CC->usersupp.uid = BBSUID;
                }
 
        if (!getuser(&usbuf,username)) {
@@ -390,17 +546,8 @@ int create_user(char *newusername)
 
        strcpy(CC->curr_user,username);
        strcpy(CC->usersupp.fullname,username);
-       (CC->logged_in) = 1;
-
-       for (a=0; a<MAXROOMS; ++a) {
-               CC->usersupp.lastseen[a]=0L;
-               CC->usersupp.generation[a]=(-1);
-               CC->usersupp.forget[a]=(-1);
-               }
-       for (a=0; a<MAILSLOTS; ++a) {
-               CC->usersupp.mailnum[a]=0L;
-               }
        strcpy(CC->usersupp.password,"");
+       (CC->logged_in) = 1;
 
        /* These are the default flags on new accounts */
        CC->usersupp.flags =
@@ -408,16 +555,10 @@ int create_user(char *newusername)
 
        CC->usersupp.timescalled = 0;
        CC->usersupp.posted = 0;
-       CC->usersupp.axlevel = INITAX;
+       CC->usersupp.axlevel = config.c_initax;
        CC->usersupp.USscreenwidth = 80;
        CC->usersupp.USscreenheight = 24;
        time(&CC->usersupp.lastcall);
-       strcpy(CC->usersupp.USname, "");
-       strcpy(CC->usersupp.USaddr, "");
-       strcpy(CC->usersupp.UScity, "");
-       strcpy(CC->usersupp.USstate, "");
-       strcpy(CC->usersupp.USzip, "");
-       strcpy(CC->usersupp.USphone, "");
 
        /* fetch a new user number */
        CC->usersupp.usernum = get_new_user_number();
@@ -427,10 +568,15 @@ int create_user(char *newusername)
                }
 
        /* add user to userlog */
-       putuser(&CC->usersupp,CC->curr_user);
+       putuser(&CC->usersupp);
        if (getuser(&CC->usersupp,CC->curr_user)) {
                return(ERROR+INTERNAL_ERROR);
                }
+
+       /* give the user a private mailbox */
+       MailboxName(mailboxname, &CC->usersupp, MAILROOM);
+       create_room(mailboxname, 4, "", 0);
+
        rec_log(CL_NEWUSER,CC->curr_user);
        return(0);
        }
@@ -467,9 +613,9 @@ void cmd_newu(char *cmdbuf)
                }
 
        a = create_user(username);
-       if ((!strucmp(username, "bbs")) ||
-           (!strucmp(username, "new")) ||
-           (!strucmp(username, ".")))
+       if ((!strcasecmp(username, "bbs")) ||
+           (!strcasecmp(username, "new")) ||
+           (!strcasecmp(username, ".")))
        {
           cprintf("%d '%s' is an invalid login name.\n", ERROR);
           return;
@@ -504,7 +650,7 @@ void cmd_setp(char *new_pw)
                cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
                return;
                }
-       if (CC->usersupp.USuid != BBSUID) {
+       if (CC->usersupp.uid != BBSUID) {
                cprintf("%d Not allowed.  Use the 'passwd' command.\n",ERROR);
                return;
                }
@@ -515,10 +661,10 @@ void cmd_setp(char *new_pw)
                }
        lgetuser(&CC->usersupp,CC->curr_user);
        strcpy(CC->usersupp.password,new_pw);
-       pwcrypt(CC->usersupp.password,config.c_pwcrypt);
-       lputuser(&CC->usersupp,CC->curr_user);
+       lputuser(&CC->usersupp);
        cprintf("%d Password changed.\n",OK);
        rec_log(CL_PWCHANGE,CC->curr_user);
+       PerformSessionHooks(EVT_SETPASS);
        }
 
 /*
@@ -530,8 +676,12 @@ void cmd_getu(void) {
                return;
                }
        getuser(&CC->usersupp,CC->curr_user);
-       cprintf("%d %d|%d|%d\n",OK,CC->usersupp.USscreenwidth,
-               CC->usersupp.USscreenheight,(CC->usersupp.flags & US_USER_SET));
+       cprintf("%d %d|%d|%d\n",
+               OK,
+               CC->usersupp.USscreenwidth,
+               CC->usersupp.USscreenheight,
+               (CC->usersupp.flags & US_USER_SET)
+               );
        }
 
 /*
@@ -554,7 +704,7 @@ void cmd_setu(char *new_parms)
        CC->usersupp.flags = CC->usersupp.flags & (~US_USER_SET);
        CC->usersupp.flags = CC->usersupp.flags | 
                (extract_int(new_parms,2) & US_USER_SET);
-       lputuser(&CC->usersupp,CC->curr_user);
+       lputuser(&CC->usersupp);
        cprintf("%d Ok\n",OK);
        }
 
@@ -564,18 +714,14 @@ void cmd_setu(char *new_parms)
 void cmd_slrp(char *new_ptr)
 {
        long newlr;
+       struct visit vbuf;
 
        if (!(CC->logged_in)) {
                cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
                return;
                }
 
-       if (CC->curr_rm < 0) {
-               cprintf("%d No current room.\n",ERROR);
-               return;
-               }
-
-       if (!struncmp(new_ptr,"highest",7)) {
+       if (!strncasecmp(new_ptr,"highest",7)) {
                newlr = CC->quickroom.QRhighest;
                }
        else {
@@ -583,8 +729,12 @@ void cmd_slrp(char *new_ptr)
                }
 
        lgetuser(&CC->usersupp, CC->curr_user);
-       CC->usersupp.lastseen[CC->curr_rm] = newlr;
-       lputuser(&CC->usersupp, CC->curr_user);
+
+       CtdlGetRelationship(&vbuf, &CC->usersupp, &CC->quickroom);
+       vbuf.v_lastseen = newlr;
+       CtdlSetRelationship(&vbuf, &CC->usersupp, &CC->quickroom);
+
+       lputuser(&CC->usersupp);
        cprintf("%d %ld\n",OK,newlr);
        }
 
@@ -597,59 +747,52 @@ void cmd_invt_kick(char *iuser, int op)
         {              /* 1 = invite, 0 = kick out */
        struct usersupp USscratch;
        char bbb[256];
+       struct visit vbuf;
 
        if (!(CC->logged_in)) {
                cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
                return;
                }
 
-       if (CC->curr_rm < 0) {
-               cprintf("%d No current room.\n",ERROR);
-               return;
-               }
-
        if (is_room_aide()==0) {
                cprintf("%d Higher access required.\n",
                        ERROR+HIGHER_ACCESS_REQUIRED);
                return;
                }
 
-       if ( (op==1) && ((CC->quickroom.QRflags&QR_PRIVATE)==0) ) {
-               cprintf("%d Not a private room.\n",ERROR+NOT_HERE);
-               return;
-               }
-
        if (lgetuser(&USscratch,iuser)!=0) {
                cprintf("%d No such user.\n",ERROR);
                return;
                }
 
+       CtdlGetRelationship(&vbuf, &USscratch, &CC->quickroom);
+
        if (op==1) {
-               USscratch.generation[CC->curr_rm]=CC->quickroom.QRgen;
-               USscratch.forget[CC->curr_rm]=(-1);
+               vbuf.v_flags = vbuf.v_flags & ~V_FORGET & ~V_LOCKOUT;
+               vbuf.v_flags = vbuf.v_flags | V_ACCESS;
                }
 
        if (op==0) {
-               USscratch.generation[CC->curr_rm]=(-1);
-               USscratch.forget[CC->curr_rm]=CC->quickroom.QRgen;
+               vbuf.v_flags = vbuf.v_flags & ~V_ACCESS;
+               vbuf.v_flags = vbuf.v_flags | V_FORGET | V_LOCKOUT;
                }
 
-       lputuser(&USscratch,iuser);
+       CtdlSetRelationship(&vbuf, &USscratch, &CC->quickroom);
+
+       lputuser(&USscratch);
 
        /* post a message in Aide> saying what we just did */
-       sprintf(bbb,"%s %s %s> by %s",
+       sprintf(bbb,"%s %s %s> by %s\n",
                iuser,
                ((op == 1) ? "invited to" : "kicked out of"),
                CC->quickroom.QRname,
                CC->usersupp.fullname);
        aide_message(bbb);
 
-       if ((op==0)&&((CC->quickroom.QRflags&QR_PRIVATE)==0)) {
-               cprintf("%d Ok. (Not a private room, <Z>ap effect only)\n",OK);
-               }
-       else {
-               cprintf("%d Ok.\n",OK);
-               }
+       cprintf("%d %s %s %s.\n",
+               OK, iuser,
+               ((op == 1) ? "invited to" : "kicked out of"),
+               CC->quickroom.QRname);
        return;
        }
 
@@ -658,32 +801,28 @@ void cmd_invt_kick(char *iuser, int op)
  * forget (Zap) the current room
  */
 void cmd_forg(void) {
+       struct visit vbuf;
+
        if (!(CC->logged_in)) {
                cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
                return;
                }
 
-       if (CC->curr_rm < 0) {
-               cprintf("%d No current room.\n",ERROR);
-               return;
-               }
-
-       if (CC->curr_rm < 3) {
-               cprintf("%d You cannot forget this room.\n",ERROR+NOT_HERE);
-               return;
-               }
-
        if (is_aide()) {
                cprintf("%d Aides cannot forget rooms.\n",ERROR);
                return;
                }
 
        lgetuser(&CC->usersupp,CC->curr_user);
-       CC->usersupp.forget[CC->curr_rm] = CC->quickroom.QRgen;
-       CC->usersupp.generation[CC->curr_rm] = (-1);
-       lputuser(&CC->usersupp,CC->curr_user);
+       CtdlGetRelationship(&vbuf, &CC->usersupp, &CC->quickroom);
+
+       vbuf.v_flags = vbuf.v_flags | V_FORGET;
+       vbuf.v_flags = vbuf.v_flags & ~V_ACCESS;
+
+       CtdlSetRelationship(&vbuf, &CC->usersupp, &CC->quickroom);
+       lputuser(&CC->usersupp);
        cprintf("%d Ok\n",OK);
-       CC->curr_rm = (-1);
+       usergoto(BASEROOM, 0);
        }
 
 /*
@@ -714,8 +853,10 @@ void cmd_gnur(void) {
         */
        cdb_rewind(CDB_USERSUPP);
        while (cdbus = cdb_next_item(CDB_USERSUPP), cdbus != NULL) {
-               bzero(&usbuf, sizeof(struct usersupp));
-               memcpy(&usbuf, cdbus->ptr, cdbus->len);
+               memset(&usbuf, 0, sizeof(struct usersupp));
+               memcpy(&usbuf, cdbus->ptr,
+                       ( (cdbus->len > sizeof(struct usersupp)) ?
+                       sizeof(struct usersupp) : cdbus->len) );
                cdb_free(cdbus);
                if ((usbuf.flags & US_NEEDVALID)
                   &&(usbuf.axlevel > 0)) {
@@ -739,68 +880,6 @@ void cmd_gnur(void) {
        }
 
 
-/*
- * get registration info for a user
- */
-void cmd_greg(char *who)
-{
-       struct usersupp usbuf;
-       int a,b;
-       char pbuf[32];
-
-       if (!(CC->logged_in)) {
-               cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
-               return;
-               }
-
-       if (!strucmp(who,"_SELF_")) strcpy(who,CC->curr_user);
-
-       if ((CC->usersupp.axlevel < 6) && (strucmp(who,CC->curr_user))) {
-               cprintf("%d Higher access required.\n",
-                       ERROR+HIGHER_ACCESS_REQUIRED);
-               return;
-               }
-
-       if (getuser(&usbuf,who) != 0) {
-               cprintf("%d '%s' not found.\n",ERROR+NO_SUCH_USER,who);
-               return;
-               }
-
-       cprintf("%d %s\n",LISTING_FOLLOWS,usbuf.fullname);
-       cprintf("%ld\n",usbuf.usernum);
-       pwcrypt(usbuf.password,PWCRYPT);
-       cprintf("%s\n",usbuf.password);
-       cprintf("%s\n",usbuf.USname);
-       cprintf("%s\n",usbuf.USaddr);
-       cprintf("%s\n%s\n%s\n",
-               usbuf.UScity,usbuf.USstate,usbuf.USzip);
-       strcpy(pbuf,usbuf.USphone);
-       usbuf.USphone[0]=0;
-       for (a=0; a<strlen(pbuf); ++a) {
-               if ((pbuf[a]>='0')&&(pbuf[a]<='9')) {
-                       b=strlen(usbuf.USphone);
-                       usbuf.USphone[b]=pbuf[a];
-                       usbuf.USphone[b+1]=0;
-                       }
-               }
-       while(strlen(usbuf.USphone)<10) {
-               strcpy(pbuf,usbuf.USphone);
-               strcpy(usbuf.USphone," ");
-               strcat(usbuf.USphone,pbuf);
-               }
-
-       cprintf("(%c%c%c) %c%c%c-%c%c%c%c\n",
-               usbuf.USphone[0],usbuf.USphone[1],
-               usbuf.USphone[2],usbuf.USphone[3],
-               usbuf.USphone[4],usbuf.USphone[5],
-               usbuf.USphone[6],usbuf.USphone[7],
-               usbuf.USphone[8],usbuf.USphone[9]);
-
-       cprintf("%d\n",usbuf.axlevel);
-       cprintf("%s\n",usbuf.USemail);
-       cprintf("000\n");
-       }
-
 /*
  * validate a user
  */
@@ -832,13 +911,14 @@ void cmd_vali(char *v_args)
        userbuf.axlevel = newax;
        userbuf.flags = (userbuf.flags & ~US_NEEDVALID);
 
-       lputuser(&userbuf,user);
+       lputuser(&userbuf);
 
        /* If the access level was set to zero, delete the user */
        if (newax == 0) {
-               purge_user(user);
-               cprintf("%d %s Deleted.\n", OK, userbuf.fullname);
-               return;
+               if (purge_user(user)==0) {
+                       cprintf("%d %s Deleted.\n", OK, userbuf.fullname);
+                       return;
+                       }
                }
 
        cprintf("%d ok\n",OK);
@@ -847,124 +927,57 @@ void cmd_vali(char *v_args)
 
 
 /* 
- *  List users
+ *  Traverse the user file...
  */
-void cmd_list(void) {
+void ForEachUser(void (*CallBack)(struct usersupp *EachUser)) {
        struct usersupp usbuf;
        struct cdbdata *cdbus;
 
        cdb_rewind(CDB_USERSUPP);
-       cprintf("%d \n",LISTING_FOLLOWS);
 
        while(cdbus = cdb_next_item(CDB_USERSUPP), cdbus != NULL) {
-               bzero(&usbuf, sizeof(struct usersupp));
-               memcpy(&usbuf, cdbus->ptr, cdbus->len);
+               memset(&usbuf, 0, sizeof(struct usersupp));
+               memcpy(&usbuf, cdbus->ptr,
+                       ( (cdbus->len > sizeof(struct usersupp)) ?
+                       sizeof(struct usersupp) : cdbus->len) );
                cdb_free(cdbus);
+               (*CallBack)(&usbuf);
+               }
+       }
 
-           if (usbuf.axlevel > 0) {
+
+/*
+ * List one user (this works with cmd_list)
+ */
+void ListThisUser(struct usersupp *usbuf) {
+       if (usbuf->axlevel > 0) {
                if ((CC->usersupp.axlevel>=6)
-                  ||((usbuf.flags&US_UNLISTED)==0)
+                  ||((usbuf->flags&US_UNLISTED)==0)
                   ||((CC->internal_pgm))) {
                        cprintf("%s|%d|%ld|%ld|%d|%d|",
-                               usbuf.fullname,
-                               usbuf.axlevel,
-                               usbuf.usernum,
-                               usbuf.lastcall,
-                               usbuf.timescalled,
-                               usbuf.posted);
-                       pwcrypt(usbuf.password,config.c_pwcrypt);
-                       if (CC->usersupp.axlevel >= 6) cprintf("%s",usbuf.password);
+                               usbuf->fullname,
+                               usbuf->axlevel,
+                               usbuf->usernum,
+                               usbuf->lastcall,
+                               usbuf->timescalled,
+                               usbuf->posted);
+                       if (CC->usersupp.axlevel >= 6)
+                               cprintf("%s",usbuf->password);
                        cprintf("\n");
                        }
-                   }
                }
-       cprintf("000\n");
        }
 
-/*
- * enter registration info
+/* 
+ *  List users
  */
-void cmd_regi(void) {
-       int a,b,c;
-       char buf[256];
-
-       char tmpname[256];
-       char tmpaddr[256];
-       char tmpcity[256];
-       char tmpstate[256];
-       char tmpzip[256];
-       char tmpphone[256];
-       char tmpemail[256];
+void cmd_list(void) {
+       cprintf("%d \n",LISTING_FOLLOWS);
+       ForEachUser(ListThisUser);
+       cprintf("000\n");
+       }
 
-       if (!(CC->logged_in)) {
-               cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
-               return;
-               }
 
-       strcpy(tmpname,"");
-       strcpy(tmpaddr,"");
-       strcpy(tmpcity,"");
-       strcpy(tmpstate,"");
-       strcpy(tmpzip,"");
-       strcpy(tmpphone,"");
-       strcpy(tmpemail,"");
-
-       cprintf("%d Send registration...\n",SEND_LISTING);
-       a=0;
-       while (client_gets(buf), strcmp(buf,"000")) {
-               if (a==0) strcpy(tmpname,buf);
-               if (a==1) strcpy(tmpaddr,buf);
-               if (a==2) strcpy(tmpcity,buf);
-               if (a==3) strcpy(tmpstate,buf);
-               if (a==4) {
-                       for (c=0; c<strlen(buf); ++c) {
-                               if ((buf[c]>='0')&&(buf[c]<='9')) {
-                                       b=strlen(tmpzip);
-                                       tmpzip[b]=buf[c];
-                                       tmpzip[b+1]=0;
-                                       }
-                               }
-                       }
-               if (a==5) {
-                       for (c=0; c<strlen(buf); ++c) {
-                               if ((buf[c]>='0')&&(buf[c]<='9')) {
-                                       b=strlen(tmpphone);
-                                       tmpphone[b]=buf[c];
-                                       tmpphone[b+1]=0;
-                                       }
-                               }
-                       }
-               if (a==6) strncpy(tmpemail,buf,31);
-               ++a;
-               }
-
-       tmpname[29]=0;
-       tmpaddr[24]=0;
-       tmpcity[14]=0;
-       tmpstate[2]=0;
-       tmpzip[9]=0;
-       tmpphone[10]=0;
-       tmpemail[31]=0;
-
-       lgetuser(&CC->usersupp,CC->curr_user);
-       strcpy(CC->usersupp.USname,tmpname);
-       strcpy(CC->usersupp.USaddr,tmpaddr);
-       strcpy(CC->usersupp.UScity,tmpcity);
-       strcpy(CC->usersupp.USstate,tmpstate);
-       strcpy(CC->usersupp.USzip,tmpzip);
-       strcpy(CC->usersupp.USphone,tmpphone);
-       strcpy(CC->usersupp.USemail,tmpemail);
-       CC->usersupp.flags=(CC->usersupp.flags|US_REGIS|US_NEEDVALID);
-       lputuser(&CC->usersupp,CC->curr_user);
-
-       /* set global flag calling for validation */
-       begin_critical_section(S_CONTROL);
-       get_control();
-       CitControl.MMflags = CitControl.MMflags | MM_VALID ;
-       put_control();
-       end_critical_section(S_CONTROL);
-       cprintf("%d *** End of registration.\n",OK);
-       }
 
 
 /*
@@ -974,8 +987,7 @@ void cmd_chek(void) {
        int mail = 0;
        int regis = 0;
        int vali = 0;
-       int a;
-
+       
        if (!(CC->logged_in)) {
                cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
                return;
@@ -989,10 +1001,9 @@ void cmd_chek(void) {
                if (CitControl.MMflags&MM_VALID) vali = 1;
                }
 
-       mail=0;                         /* check for mail */
-       for (a=0; a<MAILSLOTS; ++a)
-               if ((CC->usersupp.mailnum[a])>(CC->usersupp.lastseen[1]))
-                       ++mail;
+
+       /* check for mail */
+       mail = NewMailCount();
 
        cprintf("%d %d|%d|%d\n",OK,mail,regis,vali);
        }
@@ -1088,3 +1099,128 @@ void cmd_lbio(void) {
        pclose(ls);
        cprintf("000\n");
        }
+
+
+/*
+ * Administrative Get User Parameters
+ */
+void cmd_agup(char *cmdbuf) {
+       struct usersupp usbuf;
+       char requested_user[256];
+
+       if ( (CC->internal_pgm==0)
+          && ( (CC->logged_in == 0) || (is_aide()==0) ) ) {
+               cprintf("%d Higher access required.\n", 
+                       ERROR + HIGHER_ACCESS_REQUIRED);
+               return;
+               }
+
+       extract(requested_user, cmdbuf, 0);
+       if (getuser(&usbuf, requested_user) != 0) {
+               cprintf("%d No such user.\n", ERROR + NO_SUCH_USER);
+               return;
+               }
+
+       cprintf("%d %s|%s|%u|%d|%d|%d|%ld|%ld|%d\n", 
+               OK,
+               usbuf.fullname,
+               usbuf.password,
+               usbuf.flags,
+               usbuf.timescalled,
+               usbuf.posted,
+               (int)usbuf.axlevel,
+               usbuf.usernum,
+               usbuf.lastcall,
+               usbuf.USuserpurge);
+       }
+
+
+
+/*
+ * Administrative Set User Parameters
+ */
+void cmd_asup(char *cmdbuf) {
+       struct usersupp usbuf;
+       char requested_user[256];
+       int np;
+       int newax;
+       
+       if ( (CC->internal_pgm==0)
+          && ( (CC->logged_in == 0) || (is_aide()==0) ) ) {
+               cprintf("%d Higher access required.\n", 
+                       ERROR + HIGHER_ACCESS_REQUIRED);
+               return;
+               }
+
+       extract(requested_user, cmdbuf, 0);
+       if (lgetuser(&usbuf, requested_user) != 0) {
+               cprintf("%d No such user.\n", ERROR + NO_SUCH_USER);
+               return;
+               }
+
+       np = num_parms(cmdbuf);
+       if (np > 1) extract(usbuf.password, cmdbuf, 1);
+       if (np > 2) usbuf.flags = extract_int(cmdbuf, 2);
+       if (np > 3) usbuf.timescalled = extract_int(cmdbuf, 3);
+       if (np > 4) usbuf.posted = extract_int(cmdbuf, 4);
+       if (np > 5) {
+               newax = extract_int(cmdbuf, 5);
+               if ((newax >=0) && (newax <= 6)) {
+                       usbuf.axlevel = extract_int(cmdbuf, 5);
+                       }
+               }
+       if (np > 7) {
+               usbuf.lastcall = extract_long(cmdbuf, 7);
+               }
+       if (np > 8) {
+               usbuf.USuserpurge = extract_int(cmdbuf, 8);
+               }
+
+       lputuser(&usbuf);
+       if (usbuf.axlevel == 0) {
+               if (purge_user(requested_user)==0) {
+                       cprintf("%d %s deleted.\n", OK, requested_user);
+                       }
+               }
+       cprintf("%d Ok\n", OK);
+       }
+
+
+/*
+ * Count the number of new mail messages the user has
+ */
+int NewMailCount() {
+       int num_newmsgs = 0;
+       int a;
+       char mailboxname[ROOMNAMELEN];
+       struct quickroom mailbox;
+       struct visit vbuf;
+        struct cdbdata *cdbfr;
+       long *msglist = NULL;
+       int num_msgs = 0;
+
+       MailboxName(mailboxname, &CC->usersupp, MAILROOM);
+       if (getroom(&mailbox, mailboxname)!=0) return(0);
+       CtdlGetRelationship(&vbuf, &CC->usersupp, &mailbox);
+
+        cdbfr = cdb_fetch(CDB_MSGLISTS, &mailbox.QRnumber, sizeof(long));
+
+        if (cdbfr != NULL) {
+               msglist = mallok(cdbfr->len);
+               memcpy(msglist, cdbfr->ptr, cdbfr->len);
+               num_msgs = cdbfr->len / sizeof(long);
+               cdb_free(cdbfr);
+       }
+
+       if (num_msgs > 0) for (a=0; a<num_msgs; ++a) {
+               if (msglist[a]>0L) {
+                       if (msglist[a] > vbuf.v_lastseen) {
+                               ++num_newmsgs;
+                               }
+                       }
+               }
+
+       if (msglist != NULL) phree(msglist);
+
+       return(num_newmsgs);
+       }