* refuse empty passvoids against host auth

[citadel.git] / citadel / user_ops.c

diff --git a/citadel/user_ops.c b/citadel/user_ops.c
index a144fc0d28b700f961c0d550f5ff6f3f9f9d49b5..7f84fa21eadb893c5bbd51cfe5bc6b8533616702 100644 (file)
--- a/citadel/user_ops.c
+++ b/citadel/user_ops.c
@@ -359,6 +359,8 @@ int CtdlLoginExistingUser(char *authname, char *trythisname)
        char username[SIZ];
        int found_user;
 
+       lprintf(9, "CtdlLoginExistingUser(%s, %s)\n", authname, trythisname);
+
        if ((CC->logged_in)) {
                return login_already_logged_in;
        }
@@ -392,14 +394,18 @@ int CtdlLoginExistingUser(char *authname, char *trythisname)
                lprintf(CTDL_DEBUG, "asking host about <%s>\n", username);
 #ifdef HAVE_GETPWNAM_R
 #ifdef SOLARIS_GETPWUID
+               lprintf(CTDL_DEBUG, "Calling getpwnam_r()\n");
                tempPwdPtr = getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer);
 #else // SOLARIS_GETPWUID
+               lprintf(CTDL_DEBUG, "Calling getpwnam_r()\n");
                getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer, &tempPwdPtr);
 #endif // SOLARIS_GETPWUID
 #else // HAVE_GETPWNAM_R
+               lprintf(CTDL_DEBUG, "SHOULD NEVER GET HERE!!!\n");
                tempPwdPtr = NULL;
 #endif // HAVE_GETPWNAM_R
                if (tempPwdPtr == NULL) {
+                       lprintf(CTDL_DEBUG, "no such user <%s>\n", username);
                        return login_not_found;
                }
        
@@ -407,7 +413,8 @@ int CtdlLoginExistingUser(char *authname, char *trythisname)
                 * If not found, make one attempt to create it.
                 */
                found_user = getuserbyuid(&CC->user, pd.pw_uid);
-               lprintf(CTDL_DEBUG, "found it: uid=%ld, gecos=%s here: %ld\n", (long)pd.pw_uid, pd.pw_gecos, found_user);
+               lprintf(CTDL_DEBUG, "found it: uid=%ld, gecos=%s here: %d\n",
+                       (long)pd.pw_uid, pd.pw_gecos, found_user);
                if (found_user != 0) {
                        create_user(username, 0);
                        found_user = getuserbyuid(&CC->user, pd.pw_uid);
@@ -600,6 +607,10 @@ void logout(struct CitContext *who)
 
        /* Do modular stuff... */
        PerformSessionHooks(EVT_LOGOUT);
+       
+       /* Check to see if the user was deleted whilst logged in and purge them if necessary */
+       if (who->user.axlevel == 0)
+               purge_user(who->user.fullname);
 
        /* Free any output buffers */
        if (who->output_buffer != NULL) {
@@ -614,6 +625,11 @@ static int validpw(uid_t uid, const char *pass)
 {
        char buf[256];
 
+       if (IsEmptyStr(pass)) {
+               lprintf(CTDL_DEBUG, "refusing to check empty password for uid=%d using chkpwd...\n", uid);
+               return 0;
+       }
+
        lprintf(CTDL_DEBUG, "Validating password for uid=%d using chkpwd...\n", uid);
 
        begin_critical_section(S_CHKPWD);
@@ -800,6 +816,10 @@ int purge_user(char pname[])
 
        makeuserkey(usernamekey, pname);
 
+       /* If the name is empty we can't find them in the DB any way so just return */
+       if (IsEmptyStr(pname))
+               return (ERROR + NO_SUCH_USER);
+
        if (getuser(&usbuf, pname) != 0) {
                lprintf(CTDL_ERR, "Cannot purge user <%s> - not found\n", pname);
                return (ERROR + NO_SUCH_USER);
@@ -1653,8 +1673,9 @@ void cmd_asup(char *cmdbuf)
        }
 
        if (deleted) {
-               sprintf(notify, "User \"%s\" has been deleted by %s.\n",
-                       usbuf.fullname, CC->user.fullname);
+               snprintf(notify, SIZ, 
+                        "User \"%s\" has been deleted by %s.\n",
+                        usbuf.fullname, CC->user.fullname);
                aide_message(notify, "User Deletion Message");
        }