X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fuser_ops.c;h=13e8db773c040a51bbc0c0abf675b325bee75a76;hb=11e722f9406b58f2884d6d63f4acba49b668f53f;hp=2215f58e027da3dff571caf09925df51cfa130b3;hpb=636281f2ce8886ba97256170c2c89f39a4acdc9f;p=citadel.git diff --git a/citadel/user_ops.c b/citadel/user_ops.c index 2215f58e0..2b66fdbe2 100644 --- a/citadel/user_ops.c +++ b/citadel/user_ops.c @@ -1,14 +1,23 @@ /* - * $Id$ - * * Server functions which perform operations on user objects. * + * Copyright (c) 1987-2011 by the citadel.org team + * + * This program is open source software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as published + * by the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef DLL_EXPORT -#define IN_LIBCIT -#endif - #include "sysdep.h" #include #include @@ -17,8 +26,13 @@ #include #include #include +#include #include #include +#include +#ifdef HAVE_SYS_STAT_H +#include +#endif #if TIME_WITH_SYS_TIME # include @@ -32,105 +46,212 @@ #endif #include -#include #include -#ifndef ENABLE_CHKPWD +#include #include "auth.h" -#endif #include "citadel.h" #include "server.h" #include "database.h" -#include "user_ops.h" -#include "dynloader.h" #include "sysdep_decls.h" #include "support.h" #include "room_ops.h" -#include "logging.h" #include "file_ops.h" #include "control.h" #include "msgbase.h" #include "config.h" -#include "tools.h" #include "citserver.h" +#include "citadel_dirs.h" +#include "genstamp.h" +#include "threads.h" +#include "citadel_ldap.h" +#include "context.h" +#include "ctdl_module.h" +#include "user_ops.h" + +/* These pipes are used to talk to the chkpwd daemon, which is forked during startup */ +int chkpwd_write_pipe[2]; +int chkpwd_read_pipe[2]; + /* * getuser() - retrieve named user into supplied buffer. - * returns 0 on success + * returns 0 on success */ -int getuser(struct usersupp *usbuf, char name[]) +int getuser(struct ctdluser *usbuf, char name[]) { + return CtdlGetUser(usbuf, name); +} - char lowercase_name[USERNAME_SIZE]; - int a; + +/* + * CtdlGetUser() - retrieve named user into supplied buffer. + * returns 0 on success + */ +int CtdlGetUserLen(struct ctdluser *usbuf, const char *name, long len) +{ + + char usernamekey[USERNAME_SIZE]; struct cdbdata *cdbus; - memset(usbuf, 0, sizeof(struct usersupp)); - for (a = 0; a <= strlen(name); ++a) { - if (a < sizeof(lowercase_name)) - lowercase_name[a] = tolower(name[a]); + if (usbuf != NULL) { + memset(usbuf, 0, sizeof(struct ctdluser)); } - lowercase_name[sizeof(lowercase_name) - 1] = 0; - cdbus = cdb_fetch(CDB_USERSUPP, lowercase_name, strlen(lowercase_name)); - if (cdbus == NULL) { - return (1); /* user not found */ + makeuserkey(usernamekey, name, len); + cdbus = cdb_fetch(CDB_USERS, usernamekey, strlen(usernamekey)); + + if (cdbus == NULL) { /* user not found */ + return(1); + } + if (usbuf != NULL) { + memcpy(usbuf, cdbus->ptr, + ((cdbus->len > sizeof(struct ctdluser)) ? + sizeof(struct ctdluser) : cdbus->len)); } - memcpy(usbuf, cdbus->ptr, - ((cdbus->len > sizeof(struct usersupp)) ? - sizeof(struct usersupp) : cdbus->len)); cdb_free(cdbus); return (0); } +int CtdlGetUser(struct ctdluser *usbuf, char *name) +{ + return CtdlGetUserLen(usbuf, name, cutuserkey(name)); +} + + /* - * lgetuser() - same as getuser() but locks the record + * CtdlGetUserLock() - same as getuser() but locks the record */ -int lgetuser(struct usersupp *usbuf, char *name) +int CtdlGetUserLock(struct ctdluser *usbuf, char *name) { int retcode; - retcode = getuser(usbuf, name); + retcode = CtdlGetUser(usbuf, name); if (retcode == 0) { - begin_critical_section(S_USERSUPP); + begin_critical_section(S_USERS); } return (retcode); } /* - * putuser() - write user buffer into the correct place on disk + * lgetuser() - same as getuser() but locks the record */ -void putuser(struct usersupp *usbuf) +int lgetuser(struct ctdluser *usbuf, char *name) { - char lowercase_name[USERNAME_SIZE]; - int a; + return CtdlGetUserLock(usbuf, name); +} - for (a = 0; a <= strlen(usbuf->fullname); ++a) { - if (a < sizeof(lowercase_name)) - lowercase_name[a] = tolower(usbuf->fullname[a]); - } - lowercase_name[sizeof(lowercase_name) - 1] = 0; + +/* + * CtdlPutUser() - write user buffer into the correct place on disk + */ +void CtdlPutUser(struct ctdluser *usbuf) +{ + char usernamekey[USERNAME_SIZE]; + + makeuserkey(usernamekey, + usbuf->fullname, + cutuserkey(usbuf->fullname)); usbuf->version = REV_LEVEL; - cdb_store(CDB_USERSUPP, - lowercase_name, strlen(lowercase_name), - usbuf, sizeof(struct usersupp)); + cdb_store(CDB_USERS, + usernamekey, strlen(usernamekey), + usbuf, sizeof(struct ctdluser)); } +/* + * putuser() - write user buffer into the correct place on disk + */ +void putuser(struct ctdluser *usbuf) +{ + CtdlPutUser(usbuf); +} + + +/* + * CtdlPutUserLock() - same as putuser() but locks the record + */ +void CtdlPutUserLock(struct ctdluser *usbuf) +{ + CtdlPutUser(usbuf); + end_critical_section(S_USERS); +} + + /* * lputuser() - same as putuser() but locks the record */ -void lputuser(struct usersupp *usbuf) +void lputuser(struct ctdluser *usbuf) { - putuser(usbuf); - end_critical_section(S_USERSUPP); + CtdlPutUserLock(usbuf); +} + + +/* + * rename_user() - this is tricky because the user's display name is the database key + * + * Returns 0 on success or nonzero if there was an error... + * + */ +int rename_user(char *oldname, char *newname) { + int retcode = RENAMEUSER_OK; + struct ctdluser usbuf; + + char oldnamekey[USERNAME_SIZE]; + char newnamekey[USERNAME_SIZE]; + + /* Create the database keys... */ + makeuserkey(oldnamekey, oldname, cutuserkey(oldname)); + makeuserkey(newnamekey, newname, cutuserkey(newname)); + + /* Lock up and get going */ + begin_critical_section(S_USERS); + + /* We cannot rename a user who is currently logged in */ + if (CtdlIsUserLoggedIn(oldname)) { + end_critical_section(S_USERS); + return RENAMEUSER_LOGGED_IN; + } + + if (CtdlGetUser(&usbuf, newname) == 0) { + retcode = RENAMEUSER_ALREADY_EXISTS; + } + else { + + if (CtdlGetUser(&usbuf, oldname) != 0) { + retcode = RENAMEUSER_NOT_FOUND; + } + + else { /* Sanity checks succeeded. Now rename the user. */ + if (usbuf.usernum == 0) + { + syslog(LOG_DEBUG, "Can not rename user \"Citadel\".\n"); + retcode = RENAMEUSER_NOT_FOUND; + } else { + syslog(LOG_DEBUG, "Renaming <%s> to <%s>\n", oldname, newname); + cdb_delete(CDB_USERS, oldnamekey, strlen(oldnamekey)); + safestrncpy(usbuf.fullname, newname, sizeof usbuf.fullname); + CtdlPutUser(&usbuf); + cdb_store(CDB_USERSBYNUMBER, &usbuf.usernum, sizeof(long), + usbuf.fullname, strlen(usbuf.fullname)+1 ); + + retcode = RENAMEUSER_OK; + } + } + + } + + end_critical_section(S_USERS); + return(retcode); } + + /* * Index-generating function used by Ctdl[Get|Set]Relationship */ @@ -159,11 +280,12 @@ int GenerateRelationshipIndex(char *IndexBuf, /* * Back end for CtdlSetRelationship() */ -void put_visit(struct visit *newvisit) +void put_visit(visit *newvisit) { char IndexBuf[32]; - int IndexLen; + int IndexLen = 0; + memset (IndexBuf, 0, sizeof (IndexBuf)); /* Generate an index */ IndexLen = GenerateRelationshipIndex(IndexBuf, newvisit->v_roomnum, @@ -172,7 +294,7 @@ void put_visit(struct visit *newvisit) /* Store the record */ cdb_store(CDB_VISIT, IndexBuf, IndexLen, - newvisit, sizeof(struct visit) + newvisit, sizeof(visit) ); } @@ -182,9 +304,9 @@ void put_visit(struct visit *newvisit) /* * Define a relationship between a user and a room */ -void CtdlSetRelationship(struct visit *newvisit, - struct usersupp *rel_user, - struct quickroom *rel_room) +void CtdlSetRelationship(visit *newvisit, + struct ctdluser *rel_user, + struct ctdlroom *rel_room) { @@ -201,9 +323,9 @@ void CtdlSetRelationship(struct visit *newvisit, /* * Locate a relationship between a user and a room */ -void CtdlGetRelationship(struct visit *vbuf, - struct usersupp *rel_user, - struct quickroom *rel_room) +void CtdlGetRelationship(visit *vbuf, + struct ctdluser *rel_user, + struct ctdlroom *rel_room) { char IndexBuf[32]; @@ -217,13 +339,13 @@ void CtdlGetRelationship(struct visit *vbuf, rel_user->usernum); /* Clear out the buffer */ - memset(vbuf, 0, sizeof(struct visit)); + memset(vbuf, 0, sizeof(visit)); cdbvisit = cdb_fetch(CDB_VISIT, IndexBuf, IndexLen); if (cdbvisit != NULL) { memcpy(vbuf, cdbvisit->ptr, - ((cdbvisit->len > sizeof(struct visit)) ? - sizeof(struct visit) : cdbvisit->len)); + ((cdbvisit->len > sizeof(visit)) ? + sizeof(visit) : cdbvisit->len)); cdb_free(cdbvisit); } else { @@ -240,7 +362,13 @@ void CtdlGetRelationship(struct visit *vbuf, } -void MailboxName(char *buf, size_t n, const struct usersupp *who, const char *prefix) +void CtdlMailboxName(char *buf, size_t n, const struct ctdluser *who, const char *prefix) +{ + snprintf(buf, n, "%010ld.%s", who->usernum, prefix); +} + + +void MailboxName(char *buf, size_t n, const struct ctdluser *who, const char *prefix) { snprintf(buf, n, "%010ld.%s", who->usernum, prefix); } @@ -251,7 +379,7 @@ void MailboxName(char *buf, size_t n, const struct usersupp *who, const char *pr */ int is_aide(void) { - if (CC->usersupp.axlevel >= 6) + if (CC->user.axlevel >= AxAideU) return (1); else return (0); @@ -268,8 +396,8 @@ int is_room_aide(void) return (0); } - if ((CC->usersupp.axlevel >= 6) - || (CC->quickroom.QRroomaide == CC->usersupp.usernum)) { + if ((CC->user.axlevel >= AxAideU) + || (CC->room.QRroomaide == CC->user.usernum)) { return (1); } else { return (0); @@ -277,67 +405,260 @@ int is_room_aide(void) } /* - * getuserbynumber() - get user by number - * returns 0 if user was found + * CtdlGetUserByNumber() - get user by number + * returns 0 if user was found + * + * Note: fetching a user this way requires one additional database operation. + */ +int CtdlGetUserByNumber(struct ctdluser *usbuf, long number) +{ + struct cdbdata *cdbun; + int r; + + cdbun = cdb_fetch(CDB_USERSBYNUMBER, &number, sizeof(long)); + if (cdbun == NULL) { + syslog(LOG_INFO, "User %ld not found\n", number); + return(-1); + } + + syslog(LOG_INFO, "User %ld maps to %s\n", number, cdbun->ptr); + r = CtdlGetUser(usbuf, cdbun->ptr); + cdb_free(cdbun); + return(r); +} + +/* + * getuserbynumber() - get user by number + * returns 0 if user was found + * + * Note: fetching a user this way requires one additional database operation. + */ +int getuserbynumber(struct ctdluser *usbuf, long number) +{ + return CtdlGetUserByNumber(usbuf, number); +} + + + +/* + * Helper function for rebuild_usersbynumber() + */ +void rebuild_ubn_for_user(struct ctdluser *usbuf, void *data) { + + struct ubnlist { + struct ubnlist *next; + char username[USERNAME_SIZE]; + long usernum; + }; + + static struct ubnlist *u = NULL; + struct ubnlist *ptr = NULL; + + /* Lazy programming here. Call this function as a ForEachUser backend + * in order to queue up the room names, or call it with a null user + * to make it do the processing. + */ + if (usbuf != NULL) { + ptr = (struct ubnlist *) malloc(sizeof (struct ubnlist)); + if (ptr == NULL) return; + + ptr->usernum = usbuf->usernum; + safestrncpy(ptr->username, usbuf->fullname, sizeof ptr->username); + ptr->next = u; + u = ptr; + return; + } + + while (u != NULL) { + syslog(LOG_DEBUG, "Rebuilding usersbynumber index %10ld : %s\n", + u->usernum, u->username); + cdb_store(CDB_USERSBYNUMBER, &u->usernum, sizeof(long), u->username, strlen(u->username)+1); + + ptr = u; + u = u->next; + free(ptr); + } +} + + + +/* + * Rebuild the users-by-number index + */ +void rebuild_usersbynumber(void) { + cdb_trunc(CDB_USERSBYNUMBER); /* delete the old indices */ + ForEachUser(rebuild_ubn_for_user, NULL); /* enumerate the users */ + rebuild_ubn_for_user(NULL, NULL); /* and index them */ +} + + + +/* + * getuserbyuid() - get user by system uid (for PAM mode authentication) + * returns 0 if user was found * * WARNING: don't use this function unless you absolutely have to. It does - * a sequential search and therefore is computationally expensive. + * a sequential search and therefore is computationally expensive. */ -int getuserbynumber(struct usersupp *usbuf, long int number) +int getuserbyuid(struct ctdluser *usbuf, uid_t number) { struct cdbdata *cdbus; - cdb_rewind(CDB_USERSUPP); + cdb_rewind(CDB_USERS); - while (cdbus = cdb_next_item(CDB_USERSUPP), cdbus != NULL) { - memset(usbuf, 0, sizeof(struct usersupp)); + while (cdbus = cdb_next_item(CDB_USERS), cdbus != NULL) { + memset(usbuf, 0, sizeof(struct ctdluser)); memcpy(usbuf, cdbus->ptr, - ((cdbus->len > sizeof(struct usersupp)) ? - sizeof(struct usersupp) : cdbus->len)); + ((cdbus->len > sizeof(struct ctdluser)) ? + sizeof(struct ctdluser) : cdbus->len)); cdb_free(cdbus); - if (usbuf->usernum == number) { - cdb_close_cursor(CDB_USERSUPP); + if (usbuf->uid == number) { + cdb_close_cursor(CDB_USERS); return (0); } } return (-1); } - /* * Back end for cmd_user() and its ilk + * + * NOTE: "authname" should only be used if we are attempting to use the "master user" feature */ -int CtdlLoginExistingUser(char *trythisname) +int CtdlLoginExistingUser(char *authname, const char *trythisname) { char username[SIZ]; - char autoname[SIZ]; - int found_user = 0; - struct passwd *p; - int a; + int found_user; + long len; - if (trythisname == NULL) return login_not_found; - safestrncpy(username, trythisname, sizeof username); - strproc(username); + syslog(LOG_DEBUG, "CtdlLoginExistingUser(%s, %s)\n", authname, trythisname); if ((CC->logged_in)) { return login_already_logged_in; } - found_user = getuser(&CC->usersupp, username); - if (found_user != 0) { - p = (struct passwd *) getpwnam(username); - if (p != NULL) { - strcpy(autoname, p->pw_gecos); - for (a = 0; a < strlen(autoname); ++a) - if (autoname[a] == ',') - autoname[a] = 0; - found_user = getuser(&CC->usersupp, autoname); + + if (trythisname == NULL) return login_not_found; + + if (!strncasecmp(trythisname, "SYS_", 4)) + { + syslog(LOG_DEBUG, "System user \"%s\" is not allowed to log in.\n", trythisname); + return login_not_found; + } + + /* If a "master user" is defined, handle its authentication if specified */ + CC->is_master = 0; + if (strlen(config.c_master_user) > 0) if (strlen(config.c_master_pass) > 0) if (authname) { + if (!strcasecmp(authname, config.c_master_user)) { + CC->is_master = 1; + } + } + + /* Continue attempting user validation... */ + safestrncpy(username, trythisname, sizeof (username)); + striplt(username); + len = cutuserkey(username); + + if (IsEmptyStr(username)) { + return login_not_found; + } + + if (config.c_auth_mode == AUTHMODE_HOST) { + + /* host auth mode */ + + struct passwd pd; + struct passwd *tempPwdPtr; + char pwdbuffer[256]; + + syslog(LOG_DEBUG, "asking host about <%s>\n", username); +#ifdef HAVE_GETPWNAM_R +#ifdef SOLARIS_GETPWUID + syslog(LOG_DEBUG, "Calling getpwnam_r()\n"); + tempPwdPtr = getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer); +#else // SOLARIS_GETPWUID + syslog(LOG_DEBUG, "Calling getpwnam_r()\n"); + getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer, &tempPwdPtr); +#endif // SOLARIS_GETPWUID +#else // HAVE_GETPWNAM_R + syslog(LOG_DEBUG, "SHOULD NEVER GET HERE!!!\n"); + tempPwdPtr = NULL; +#endif // HAVE_GETPWNAM_R + if (tempPwdPtr == NULL) { + syslog(LOG_DEBUG, "no such user <%s>\n", username); + return login_not_found; + } + + /* Locate the associated Citadel account. + * If not found, make one attempt to create it. + */ + found_user = getuserbyuid(&CC->user, pd.pw_uid); + syslog(LOG_DEBUG, "found it: uid=%ld, gecos=%s here: %d\n", + (long)pd.pw_uid, pd.pw_gecos, found_user); + if (found_user != 0) { + len = cutuserkey(username); + create_user(username, len, 0); + found_user = getuserbyuid(&CC->user, pd.pw_uid); + } + + } + +#ifdef HAVE_LDAP + else if ((config.c_auth_mode == AUTHMODE_LDAP) || (config.c_auth_mode == AUTHMODE_LDAP_AD)) { + + /* LDAP auth mode */ + + uid_t ldap_uid; + char ldap_cn[256]; + char ldap_dn[256]; + + found_user = CtdlTryUserLDAP(username, ldap_dn, sizeof ldap_dn, ldap_cn, sizeof ldap_cn, &ldap_uid); + if (found_user != 0) { + return login_not_found; + } + + found_user = getuserbyuid(&CC->user, ldap_uid); + if (found_user != 0) { + create_user(username, len, 0); + found_user = getuserbyuid(&CC->user, ldap_uid); + } + + if (found_user == 0) { + if (CC->ldap_dn != NULL) free(CC->ldap_dn); + CC->ldap_dn = strdup(ldap_dn); + } + + } +#endif + + else { + /* native auth mode */ + + struct recptypes *valid = NULL; + + /* First, try to log in as if the supplied name is a display name */ + found_user = CtdlGetUser(&CC->user, username); + + /* If that didn't work, try to log in as if the supplied name + * is an e-mail address + */ + if (found_user != 0) { + valid = validate_recipients(username, NULL, 0); + if (valid != NULL) { + if (valid->num_local == 1) { + found_user = CtdlGetUser(&CC->user, valid->recp_local); + } + free_recipients(valid); + } } } + + /* Did we find something? */ if (found_user == 0) { - if (((CC->nologin)) && (CC->usersupp.axlevel < 6)) { + if (((CC->nologin)) && (CC->user.axlevel < AxAideU)) { return login_too_many_users; } else { - strcpy(CC->curr_user, CC->usersupp.fullname); + safestrncpy(CC->curr_user, CC->user.fullname, + sizeof CC->curr_user); return login_ok; } } @@ -351,17 +672,19 @@ int CtdlLoginExistingUser(char *trythisname) */ void cmd_user(char *cmdbuf) { - char username[SIZ]; + char username[256]; int a; - extract(username, cmdbuf, 0); - username[25] = 0; - strproc(username); + syslog(LOG_DEBUG, "cmd_user(%s)\n", cmdbuf); + extract_token(username, cmdbuf, 0, '|', sizeof username); + syslog(LOG_DEBUG, "username: %s\n", username); + striplt(username); + syslog(LOG_DEBUG, "username: %s\n", username); - a = CtdlLoginExistingUser(username); + a = CtdlLoginExistingUser(NULL, username); switch (a) { case login_already_logged_in: - cprintf("%d Already logged in.\n", ERROR); + cprintf("%d Already logged in.\n", ERROR + ALREADY_LOGGED_IN); return; case login_too_many_users: cprintf("%d %s: " @@ -375,9 +698,10 @@ void cmd_user(char *cmdbuf) MORE_DATA, CC->curr_user); return; case login_not_found: - cprintf("%d %s not found.\n", ERROR, username); + cprintf("%d %s not found.\n", ERROR + NO_SUCH_USER, username); return; - cprintf("%d Internal error\n", ERROR); + default: + cprintf("%d Internal error\n", ERROR + INTERNAL_ERROR); } } @@ -386,200 +710,315 @@ void cmd_user(char *cmdbuf) /* * session startup code which is common to both cmd_pass() and cmd_newu() */ -void session_startup(void) +void do_login(void) { - syslog(LOG_NOTICE, "session %d: user <%s> logged in", - CC->cs_pid, CC->curr_user); + CC->logged_in = 1; + syslog(LOG_NOTICE, "<%s> logged in\n", CC->curr_user); - lgetuser(&CC->usersupp, CC->curr_user); - ++(CC->usersupp.timescalled); - time(&CC->usersupp.lastcall); + CtdlGetUserLock(&CC->user, CC->curr_user); + ++(CC->user.timescalled); + CC->previous_login = CC->user.lastcall; + time(&CC->user.lastcall); /* If this user's name is the name of the system administrator * (as specified in setup), automatically assign access level 6. */ - if (!strcasecmp(CC->usersupp.fullname, config.c_sysadm)) { - CC->usersupp.axlevel = 6; + if (!strcasecmp(CC->user.fullname, config.c_sysadm)) { + CC->user.axlevel = AxAideU; + } + + /* If we're authenticating off the host system, automatically give + * root the highest level of access. + */ + if (config.c_auth_mode == AUTHMODE_HOST) { + if (CC->user.uid == 0) { + CC->user.axlevel = AxAideU; + } } - lputuser(&CC->usersupp); + + CtdlPutUserLock(&CC->user); + + /* + * Populate CC->cs_inet_email with a default address. This will be + * overwritten with the user's directory address, if one exists, when + * the vCard module's login hook runs. + */ + snprintf(CC->cs_inet_email, sizeof CC->cs_inet_email, "%s@%s", + CC->user.fullname, config.c_fqdn); + convert_spaces_to_underscores(CC->cs_inet_email); /* Create any personal rooms required by the system. * (Technically, MAILROOM should be there already, but just in case...) */ - create_room(MAILROOM, 4, "", 0, 1, 0); - create_room(SENTITEMS, 4, "", 0, 1, 0); + CtdlCreateRoom(MAILROOM, 4, "", 0, 1, 0, VIEW_MAILBOX); + CtdlCreateRoom(SENTITEMS, 4, "", 0, 1, 0, VIEW_MAILBOX); + CtdlCreateRoom(USERTRASHROOM, 4, "", 0, 1, 0, VIEW_MAILBOX); + CtdlCreateRoom(USERDRAFTROOM, 4, "", 0, 1, 0, VIEW_MAILBOX); /* Run any startup routines registered by loadable modules */ PerformSessionHooks(EVT_LOGIN); /* Enter the lobby */ - usergoto(config.c_baseroom, 0, 0, NULL, NULL); - - /* Record this login in the Citadel log */ - rec_log(CL_LOGIN, CC->curr_user); + CtdlUserGoto(config.c_baseroom, 0, 0, NULL, NULL); } void logged_in_response(void) { cprintf("%d %s|%d|%ld|%ld|%u|%ld|%ld\n", - CIT_OK, CC->usersupp.fullname, CC->usersupp.axlevel, - CC->usersupp.timescalled, CC->usersupp.posted, - CC->usersupp.flags, CC->usersupp.usernum, - CC->usersupp.lastcall); + CIT_OK, CC->user.fullname, CC->user.axlevel, + CC->user.timescalled, CC->user.posted, + CC->user.flags, CC->user.usernum, + CC->previous_login); } -/* - * misc things to be taken care of when a user is logged out - */ -void logout(struct CitContext *who) +void CtdlUserLogout(void) { - who->logged_in = 0; + CitContext *CCC = MyContext(); + + syslog(LOG_DEBUG, "CtdlUserLogout() logging out <%s> from session %d", + CCC->curr_user, CCC->cs_pid + ); /* * If there is a download in progress, abort it. */ - if (who->download_fp != NULL) { - fclose(who->download_fp); - who->download_fp = NULL; + if (CCC->download_fp != NULL) { + fclose(CCC->download_fp); + CCC->download_fp = NULL; } /* * If there is an upload in progress, abort it. */ - if (who->upload_fp != NULL) { - abort_upl(who); + if (CCC->upload_fp != NULL) { + abort_upl(CCC); } /* * If we were talking to a network node, we're not anymore... */ - if (strlen(who->net_node) > 0) { - network_talking_to(who->net_node, NTT_REMOVE); + if (!IsEmptyStr(CCC->net_node)) { + network_talking_to(CCC->net_node, NTT_REMOVE); } + /* Run any hooks registered by modules... */ + PerformSessionHooks(EVT_LOGOUT); + /* - * Yes, we really need to free EVERY LAST BYTE we allocated. + * Clear out some session data. Most likely, the CitContext for this + * session is about to get nuked when the session disconnects, but + * since it's possible to log in again without reconnecting, we cannot + * make that assumption. */ - if (who->cs_inet_email != NULL) { - phree(who->cs_inet_email); - who->cs_inet_email = NULL; - } + strcpy(CCC->fake_username, ""); + strcpy(CCC->fake_hostname, ""); + strcpy(CCC->fake_roomname, ""); + CCC->logged_in = 0; + + /* Check to see if the user was deleted whilst logged in and purge them if necessary */ + if ((CCC->user.axlevel == AxDeleted) && (CCC->user.usernum)) + purge_user(CCC->user.fullname); + + /* Clear out the user record in memory so we don't behave like a ghost */ + memset(&CCC->user, 0, sizeof(struct ctdluser)); + CCC->curr_user[0] = 0; + CCC->is_master = 0; + CCC->cs_inet_email[0] = 0; + CCC->cs_inet_other_emails[0] = 0; + CCC->cs_inet_fn[0] = 0; + CCC->fake_username[0] = 0; + CCC->fake_hostname[0] = 0; + CCC->fake_roomname[0] = 0; + - /* Do modular stuff... */ - PerformSessionHooks(EVT_LOGOUT); + /* Free any output buffers */ + unbuffer_output(); } -#ifdef ENABLE_CHKPWD + /* - * an alternate version of validpw() which executes `chkpwd' instead of - * verifying the password directly + * Validate a password on the host unix system by talking to the chkpwd daemon */ static int validpw(uid_t uid, const char *pass) { - pid_t pid; - int status, pipev[2]; - char buf[24]; + char buf[256]; + int rv = 0; - if (pipe(pipev)) { - lprintf(1, "pipe failed (%s): denying autologin access for " - "uid %ld\n", strerror(errno), (long)uid); + if (IsEmptyStr(pass)) { + syslog(LOG_DEBUG, "Refusing to chkpwd for uid=%d with empty password.\n", uid); return 0; } - switch (pid = fork()) { - case -1: - lprintf(1, "fork failed (%s): denying autologin access for " - "uid %ld\n", strerror(errno), (long)uid); - close(pipev[0]); - close(pipev[1]); + + syslog(LOG_DEBUG, "Validating password for uid=%d using chkpwd...\n", uid); + + begin_critical_section(S_CHKPWD); + rv = write(chkpwd_write_pipe[1], &uid, sizeof(uid_t)); + if (rv == -1) { + syslog(LOG_EMERG, "Communicatino with chkpwd broken: %s\n", strerror(errno)); + end_critical_section(S_CHKPWD); return 0; + } + rv = write(chkpwd_write_pipe[1], pass, 256); + if (rv == -1) { + syslog(LOG_EMERG, "Communicatino with chkpwd broken: %s\n", strerror(errno)); + end_critical_section(S_CHKPWD); + return 0; + } + rv = read(chkpwd_read_pipe[0], buf, 4); + if (rv == -1) { + syslog(LOG_EMERG, "Communicatino with chkpwd broken: %s\n", strerror(errno)); + end_critical_section(S_CHKPWD); + return 0; + } + end_critical_section(S_CHKPWD); - case 0: - close(pipev[1]); - if (dup2(pipev[0], 0) == -1) { - perror("dup2"); - exit(1); - } - close(pipev[0]); - - execl(BBSDIR "/chkpwd", BBSDIR "/chkpwd", NULL); - perror(BBSDIR "/chkpwd"); - exit(1); - } - - close(pipev[0]); - write(pipev[1], buf, - snprintf(buf, sizeof buf, "%lu\n", (unsigned long) uid)); - write(pipev[1], pass, strlen(pass)); - write(pipev[1], "\n", 1); - close(pipev[1]); - - while (waitpid(pid, &status, 0) == -1) - if (errno != EINTR) { - lprintf(1, "waitpid failed (%s): denying autologin " - "access for uid %ld\n", - strerror(errno), (long)uid); - return 0; - } - if (WIFEXITED(status) && !WEXITSTATUS(status)) - return 1; + if (!strncmp(buf, "PASS", 4)) { + syslog(LOG_DEBUG, "...pass\n"); + return(1); + } + syslog(LOG_DEBUG, "...fail\n"); return 0; } -#endif -void do_login() -{ - (CC->logged_in) = 1; - session_startup(); +/* + * Start up the chkpwd daemon so validpw() has something to talk to + */ +void start_chkpwd_daemon(void) { + pid_t chkpwd_pid; + struct stat filestats; + int i; + + syslog(LOG_DEBUG, "Starting chkpwd daemon for host authentication mode\n"); + + if ((stat(file_chkpwd, &filestats)==-1) || + (filestats.st_size==0)){ + printf("didn't find chkpwd daemon in %s: %s\n", file_chkpwd, strerror(errno)); + abort(); + } + if (pipe(chkpwd_write_pipe) != 0) { + syslog(LOG_EMERG, "Unable to create pipe for chkpwd daemon: %s\n", strerror(errno)); + abort(); + } + if (pipe(chkpwd_read_pipe) != 0) { + syslog(LOG_EMERG, "Unable to create pipe for chkpwd daemon: %s\n", strerror(errno)); + abort(); + } + + chkpwd_pid = fork(); + if (chkpwd_pid < 0) { + syslog(LOG_EMERG, "Unable to fork chkpwd daemon: %s\n", strerror(errno)); + abort(); + } + if (chkpwd_pid == 0) { + syslog(LOG_DEBUG, "Now calling dup2() write\n"); + dup2(chkpwd_write_pipe[0], 0); + syslog(LOG_DEBUG, "Now calling dup2() write\n"); + dup2(chkpwd_read_pipe[1], 1); + syslog(LOG_DEBUG, "Now closing stuff\n"); + for (i=2; i<256; ++i) close(i); + syslog(LOG_DEBUG, "Now calling execl(%s)\n", file_chkpwd); + execl(file_chkpwd, file_chkpwd, NULL); + syslog(LOG_EMERG, "Unable to exec chkpwd daemon: %s\n", strerror(errno)); + abort(); + exit(errno); + } } -int CtdlTryPassword(char *password) +int CtdlTryPassword(const char *password, long len) { int code; if ((CC->logged_in)) { - lprintf(5, "CtdlTryPassword: already logged in\n"); + syslog(LOG_WARNING, "CtdlTryPassword: already logged in\n"); return pass_already_logged_in; } if (!strcmp(CC->curr_user, NLI)) { - lprintf(5, "CtdlTryPassword: no user selected\n"); + syslog(LOG_WARNING, "CtdlTryPassword: no user selected\n"); return pass_no_user; } - if (getuser(&CC->usersupp, CC->curr_user)) { - lprintf(5, "CtdlTryPassword: internal error\n"); + if (CtdlGetUser(&CC->user, CC->curr_user)) { + syslog(LOG_ERR, "CtdlTryPassword: internal error\n"); return pass_internal_error; } if (password == NULL) { - lprintf(5, "CtdlTryPassword: NULL password string supplied\n"); + syslog(LOG_INFO, "CtdlTryPassword: NULL password string supplied\n"); return pass_wrong_password; } code = (-1); - if (CC->usersupp.uid == BBSUID) { - strproc(password); - strproc(CC->usersupp.password); - code = strcasecmp(CC->usersupp.password, password); + + if (CC->is_master) { + code = strcmp(password, config.c_master_pass); } -#ifdef ENABLE_AUTOLOGIN - else { - if (validpw(CC->usersupp.uid, password)) { + + else if (config.c_auth_mode == AUTHMODE_HOST) { + + /* host auth mode */ + + if (validpw(CC->user.uid, password)) { code = 0; - lgetuser(&CC->usersupp, CC->curr_user); - safestrncpy(CC->usersupp.password, password, - sizeof CC->usersupp.password); - lputuser(&CC->usersupp); + + /* + * sooper-seekrit hack: populate the password field in the + * citadel database with the password that the user typed, + * if it's correct. This allows most sites to convert from + * host auth to native auth if they want to. If you think + * this is a security hazard, comment it out. + */ + + CtdlGetUserLock(&CC->user, CC->curr_user); + safestrncpy(CC->user.password, password, sizeof CC->user.password); + CtdlPutUserLock(&CC->user); + + /* + * (sooper-seekrit hack ends here) + */ + + } + else { + code = (-1); + } + } + +#ifdef HAVE_LDAP + else if ((config.c_auth_mode == AUTHMODE_LDAP) || (config.c_auth_mode == AUTHMODE_LDAP_AD)) { + + /* LDAP auth mode */ + + if ((CC->ldap_dn) && (!CtdlTryPasswordLDAP(CC->ldap_dn, password))) { + code = 0; + } + else { + code = (-1); } } #endif + else { + + /* native auth mode */ + char *pw; + + pw = (char*) malloc(len + 1); + memcpy(pw, password, len + 1); + strproc(pw); + strproc(CC->user.password); + code = strcasecmp(CC->user.password, pw); + strproc(pw); + strproc(CC->user.password); + code = strcasecmp(CC->user.password, pw); + free (pw); + } + if (!code) { do_login(); return pass_ok; } else { - rec_log(CL_BADPW, CC->curr_user); + syslog(LOG_WARNING, "Bad password specified for <%s>\n", CC->curr_user); return pass_wrong_password; } } @@ -589,26 +1028,26 @@ void cmd_pass(char *buf) { char password[SIZ]; int a; + long len; - extract(password, buf, 0); - a = CtdlTryPassword(password); + memset(password, 0, sizeof(password)); + len = extract_token(password, buf, 0, '|', sizeof password); + a = CtdlTryPassword(password, len); switch (a) { case pass_already_logged_in: - cprintf("%d Already logged in.\n", ERROR); + cprintf("%d Already logged in.\n", ERROR + ALREADY_LOGGED_IN); return; case pass_no_user: cprintf("%d You must send a name with USER first.\n", - ERROR); + ERROR + USERNAME_REQUIRED); return; case pass_wrong_password: - cprintf("%d Wrong password.\n", ERROR); + cprintf("%d Wrong password.\n", ERROR + PASSWORD_REQUIRED); return; case pass_ok: logged_in_response(); return; - cprintf("%d Can't find user record!\n", - ERROR + INTERNAL_ERROR); } } @@ -620,61 +1059,105 @@ void cmd_pass(char *buf) int purge_user(char pname[]) { char filename[64]; - struct usersupp usbuf; - char lowercase_name[USERNAME_SIZE]; - int a; - struct CitContext *ccptr; - int user_is_logged_in = 0; + struct ctdluser usbuf; + char usernamekey[USERNAME_SIZE]; - for (a = 0; a <= strlen(pname); ++a) { - lowercase_name[a] = tolower(pname[a]); - } + makeuserkey(usernamekey, pname, cutuserkey(pname)); + + /* If the name is empty we can't find them in the DB any way so just return */ + if (IsEmptyStr(pname)) + return (ERROR + NO_SUCH_USER); - if (getuser(&usbuf, pname) != 0) { - lprintf(5, "Cannot purge user <%s> - not found\n", pname); + if (CtdlGetUser(&usbuf, pname) != 0) { + syslog(LOG_ERR, "Cannot purge user <%s> - not found\n", pname); return (ERROR + NO_SUCH_USER); } /* Don't delete a user who is currently logged in. Instead, just * set the access level to 0, and let the account get swept up * during the next purge. */ - user_is_logged_in = 0; - begin_critical_section(S_SESSION_TABLE); - for (ccptr = ContextList; ccptr != NULL; ccptr = ccptr->next) { - if (ccptr->usersupp.usernum == usbuf.usernum) { - user_is_logged_in = 1; - } - } - end_critical_section(S_SESSION_TABLE); - if (user_is_logged_in == 1) { - lprintf(5, "User <%s> is logged in; not deleting.\n", pname); - usbuf.axlevel = 0; - putuser(&usbuf); + if (CtdlIsUserLoggedInByNum(usbuf.usernum)) { + syslog(LOG_WARNING, "User <%s> is logged in; not deleting.\n", pname); + usbuf.axlevel = AxDeleted; + CtdlPutUser(&usbuf); return (1); } - lprintf(5, "Deleting user <%s>\n", pname); + syslog(LOG_NOTICE, "Deleting user <%s>\n", pname); + +/* + * FIXME: + * This should all be wrapped in a S_USERS mutex. + * Without the mutex the user could log in before we get to the next function + * That would truly mess things up :-( + * I would like to see the S_USERS start before the CtdlIsUserLoggedInByNum() above + * and end after the user has been deleted from the database, below. + * Question is should we enter the EVT_PURGEUSER whilst S_USERS is active? + */ /* Perform any purge functions registered by server extensions */ - PerformUserHooks(usbuf.fullname, usbuf.usernum, EVT_PURGEUSER); + PerformUserHooks(&usbuf, EVT_PURGEUSER); /* delete any existing user/room relationships */ cdb_delete(CDB_VISIT, &usbuf.usernum, sizeof(long)); + /* delete the users-by-number index record */ + cdb_delete(CDB_USERSBYNUMBER, &usbuf.usernum, sizeof(long)); + /* delete the userlog entry */ - cdb_delete(CDB_USERSUPP, lowercase_name, strlen(lowercase_name)); + cdb_delete(CDB_USERS, usernamekey, strlen(usernamekey)); /* remove the user's bio file */ - snprintf(filename, sizeof filename, "./bio/%ld", usbuf.usernum); + snprintf(filename, + sizeof filename, + "%s/%ld", + ctdl_bio_dir, + usbuf.usernum); unlink(filename); /* remove the user's picture */ - snprintf(filename, sizeof filename, "./userpics/%ld.gif", usbuf.usernum); + snprintf(filename, + sizeof filename, + "%s/%ld.gif", + ctdl_image_dir, + usbuf.usernum); unlink(filename); return (0); } +int internal_create_user (const char *username, long len, struct ctdluser *usbuf, uid_t uid) +{ + if (!CtdlGetUserLen(usbuf, username, len)) { + return (ERROR + ALREADY_EXISTS); + } + + /* Go ahead and initialize a new user record */ + memset(usbuf, 0, sizeof(struct ctdluser)); + safestrncpy(usbuf->fullname, username, sizeof usbuf->fullname); + strcpy(usbuf->password, ""); + usbuf->uid = uid; + + /* These are the default flags on new accounts */ + usbuf->flags = US_LASTOLD | US_DISAPPEAR | US_PAGINATOR | US_FLOORS; + + usbuf->timescalled = 0; + usbuf->posted = 0; + usbuf->axlevel = config.c_initax; + usbuf->lastcall = time(NULL); + + /* fetch a new user number */ + usbuf->usernum = get_new_user_number(); + + /* add user to the database */ + CtdlPutUser(usbuf); + cdb_store(CDB_USERSBYNUMBER, &usbuf->usernum, sizeof(long), usbuf->fullname, strlen(usbuf->fullname)+1); + + return 0; +} + + + /* * create_user() - back end processing to create a new user * @@ -682,113 +1165,132 @@ int purge_user(char pname[]) * Set 'become_user' to nonzero if this is self-service account creation and we want * to actually log in as the user we just created, otherwise set it to 0. */ -int create_user(char *newusername, int become_user) +int create_user(const char *newusername, long len, int become_user) { - struct usersupp usbuf; - struct quickroom qrbuf; - struct passwd *p = NULL; - char username[SIZ]; + struct ctdluser usbuf; + struct ctdlroom qrbuf; + char username[256]; char mailboxname[ROOMNAMELEN]; - uid_t uid; + char buf[SIZ]; + int retval; + uid_t uid = (-1); + - strcpy(username, newusername); + safestrncpy(username, newusername, sizeof username); strproc(username); -#ifdef ENABLE_AUTOLOGIN - p = (struct passwd *) getpwnam(username); -#endif - if (p != NULL) { - extract_token(username, p->pw_gecos, 0, ','); - uid = p->pw_uid; - } else { - uid = BBSUID; - } - - if (!getuser(&usbuf, username)) { - return (ERROR + ALREADY_EXISTS); - } - - /* Go ahead and initialize a new user record */ - memset(&usbuf, 0, sizeof(struct usersupp)); - strcpy(usbuf.fullname, username); - strcpy(usbuf.password, ""); - usbuf.uid = uid; - - /* These are the default flags on new accounts */ - usbuf.flags = US_LASTOLD | US_DISAPPEAR | US_PAGINATOR | US_FLOORS; - - usbuf.timescalled = 0; - usbuf.posted = 0; - usbuf.axlevel = config.c_initax; - usbuf.USscreenwidth = 80; - usbuf.USscreenheight = 24; - usbuf.lastcall = time(NULL); + + if (config.c_auth_mode == AUTHMODE_HOST) { - /* fetch a new user number */ - usbuf.usernum = get_new_user_number(); + /* host auth mode */ - /* The very first user created on the system will always be an Aide */ - if (usbuf.usernum == 1L) { - usbuf.axlevel = 6; + struct passwd pd; + struct passwd *tempPwdPtr; + char pwdbuffer[SIZ]; + +#ifdef HAVE_GETPWNAM_R +#ifdef SOLARIS_GETPWUID + tempPwdPtr = getpwnam_r(username, &pd, pwdbuffer, sizeof(pwdbuffer)); +#else // SOLARIS_GETPWUID + getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer, &tempPwdPtr); +#endif // SOLARIS_GETPWUID +#else // HAVE_GETPWNAM_R + tempPwdPtr = NULL; +#endif // HAVE_GETPWNAM_R + if (tempPwdPtr != NULL) { + extract_token(username, pd.pw_gecos, 0, ',', sizeof username); + uid = pd.pw_uid; + if (IsEmptyStr (username)) + { + safestrncpy(username, pd.pw_name, sizeof username); + len = cutuserkey(username); + } + } + else { + return (ERROR + NO_SUCH_USER); + } } - /* add user to userlog */ - putuser(&usbuf); - +#ifdef HAVE_LDAP + if ((config.c_auth_mode == AUTHMODE_LDAP) || (config.c_auth_mode == AUTHMODE_LDAP_AD)) { + if (CtdlTryUserLDAP(username, NULL, 0, username, sizeof username, &uid) != 0) { + return(ERROR + NO_SUCH_USER); + } + } +#endif /* HAVE_LDAP */ + + if ((retval = internal_create_user(username, len, &usbuf, uid)) != 0) + return retval; + /* * Give the user a private mailbox and a configuration room. * Make the latter an invisible system room. */ - MailboxName(mailboxname, sizeof mailboxname, &usbuf, MAILROOM); - create_room(mailboxname, 5, "", 0, 1, 1); + CtdlMailboxName(mailboxname, sizeof mailboxname, &usbuf, MAILROOM); + CtdlCreateRoom(mailboxname, 5, "", 0, 1, 1, VIEW_MAILBOX); - MailboxName(mailboxname, sizeof mailboxname, &usbuf, USERCONFIGROOM); - create_room(mailboxname, 5, "", 0, 1, 1); - if (lgetroom(&qrbuf, USERCONFIGROOM) == 0) { - qrbuf.QRflags2 |= QR2_SYSTEM; - lputroom(&qrbuf); - } + CtdlMailboxName(mailboxname, sizeof mailboxname, &usbuf, USERCONFIGROOM); + CtdlCreateRoom(mailboxname, 5, "", 0, 1, 1, VIEW_BBS); + if (CtdlGetRoomLock(&qrbuf, mailboxname) == 0) { + qrbuf.QRflags2 |= QR2_SYSTEM; + CtdlPutRoomLock(&qrbuf); + } + + /* Perform any create functions registered by server extensions */ + PerformUserHooks(&usbuf, EVT_NEWUSER); /* Everything below this line can be bypassed if administratively - creating a user, instead of doing self-service account creation + * creating a user, instead of doing self-service account creation */ if (become_user) { /* Now become the user we just created */ - memcpy(&CC->usersupp, &usbuf, sizeof(struct usersupp)); - strcpy(CC->curr_user, username); - CC->logged_in = 1; + memcpy(&CC->user, &usbuf, sizeof(struct ctdluser)); + safestrncpy(CC->curr_user, username, sizeof CC->curr_user); + do_login(); /* Check to make sure we're still who we think we are */ - if (getuser(&CC->usersupp, CC->curr_user)) { + if (CtdlGetUser(&CC->user, CC->curr_user)) { return (ERROR + INTERNAL_ERROR); } - - rec_log(CL_NEWUSER, CC->curr_user); } - + + snprintf(buf, SIZ, + "New user account <%s> has been created, from host %s [%s].\n", + username, + CC->cs_host, + CC->cs_addr + ); + CtdlAideMessage(buf, "User Creation Notice"); + syslog(LOG_NOTICE, "New user <%s> created\n", username); return (0); } - /* * cmd_newu() - create a new user account and log in as that user */ void cmd_newu(char *cmdbuf) { int a; + long len; char username[SIZ]; + if (config.c_auth_mode != AUTHMODE_NATIVE) { + cprintf("%d This system does not use native mode authentication.\n", + ERROR + NOT_HERE); + return; + } + if (config.c_disable_newu) { cprintf("%d Self-service user account creation " - "is disabled on this system.\n", ERROR); + "is disabled on this system.\n", ERROR + NOT_HERE); return; } if (CC->logged_in) { - cprintf("%d Already logged in.\n", ERROR); + cprintf("%d Already logged in.\n", ERROR + ALREADY_LOGGED_IN); return; } if (CC->nologin) { @@ -796,26 +1298,25 @@ void cmd_newu(char *cmdbuf) ERROR + MAX_SESSIONS_EXCEEDED, config.c_nodename, config.c_maxsessions); } - extract(username, cmdbuf, 0); - username[25] = 0; + extract_token(username, cmdbuf, 0, '|', sizeof username); strproc(username); + len = cutuserkey(username); - if (strlen(username) == 0) { - cprintf("%d You must supply a user name.\n", ERROR); + if (IsEmptyStr(username)) { + cprintf("%d You must supply a user name.\n", ERROR + USERNAME_REQUIRED); return; } if ((!strcasecmp(username, "bbs")) || (!strcasecmp(username, "new")) || (!strcasecmp(username, "."))) { - cprintf("%d '%s' is an invalid login name.\n", ERROR, username); + cprintf("%d '%s' is an invalid login name.\n", ERROR + ILLEGAL_VALUE, username); return; } - a = create_user(username, 1); + a = create_user(username, len, 1); if (a == 0) { - session_startup(); logged_in_response(); } else if (a == ERROR + ALREADY_EXISTS) { cprintf("%d '%s' already exists.\n", @@ -826,74 +1327,109 @@ void cmd_newu(char *cmdbuf) ERROR + INTERNAL_ERROR); return; } else { - cprintf("%d unknown error\n", ERROR); + cprintf("%d unknown error\n", ERROR + INTERNAL_ERROR); } - rec_log(CL_NEWUSER, CC->curr_user); } +/* + * set password - back end api code + */ +void CtdlSetPassword(char *new_pw) +{ + CtdlGetUserLock(&CC->user, CC->curr_user); + safestrncpy(CC->user.password, new_pw, sizeof(CC->user.password)); + CtdlPutUserLock(&CC->user); + syslog(LOG_INFO, "Password changed for user <%s>\n", CC->curr_user); + PerformSessionHooks(EVT_SETPASS); +} + /* - * set password + * set password - citadel protocol implementation */ void cmd_setp(char *new_pw) { if (CtdlAccessCheck(ac_logged_in)) { return; } - - if (CC->usersupp.uid != BBSUID) { - cprintf("%d Not allowed. Use the 'passwd' command.\n", ERROR); + if ( (CC->user.uid != CTDLUID) && (CC->user.uid != (-1)) ) { + cprintf("%d Not allowed. Use the 'passwd' command.\n", ERROR + NOT_HERE); return; } - strproc(new_pw); - if (strlen(new_pw) == 0) { - cprintf("%d Password unchanged.\n", CIT_OK); + if (CC->is_master) { + cprintf("%d The master prefix password cannot be changed with this command.\n", + ERROR + NOT_HERE); return; } - lgetuser(&CC->usersupp, CC->curr_user); - strcpy(CC->usersupp.password, new_pw); - lputuser(&CC->usersupp); - cprintf("%d Password changed.\n", CIT_OK); - rec_log(CL_PWCHANGE, CC->curr_user); - PerformSessionHooks(EVT_SETPASS); + + if (!strcasecmp(new_pw, "GENERATE_RANDOM_PASSWORD")) { + char random_password[17]; + snprintf(random_password, sizeof random_password, "%08lx%08lx", random(), random()); + CtdlSetPassword(random_password); + cprintf("%d %s\n", CIT_OK, random_password); + } + else { + strproc(new_pw); + if (IsEmptyStr(new_pw)) { + cprintf("%d Password unchanged.\n", CIT_OK); + return; + } + CtdlSetPassword(new_pw); + cprintf("%d Password changed.\n", CIT_OK); + } } /* - * cmd_creu() - administratively create a new user account (do not log in to it) + * cmd_creu() - administratively create a new user account (do not log in to it) */ void cmd_creu(char *cmdbuf) { int a; + long len; char username[SIZ]; + char password[SIZ]; + struct ctdluser tmp; if (CtdlAccessCheck(ac_aide)) { return; } - extract(username, cmdbuf, 0); - username[25] = 0; + extract_token(username, cmdbuf, 0, '|', sizeof username); strproc(username); - - if (strlen(username) == 0) { - cprintf("%d You must supply a user name.\n", ERROR); + strproc(password); + if (IsEmptyStr(username)) { + cprintf("%d You must supply a user name.\n", ERROR + USERNAME_REQUIRED); return; } + len = cutuserkey(username); - a = create_user(username, 0); + + extract_token(password, cmdbuf, 1, '|', sizeof password); + + a = create_user(username, len, 0); if (a == 0) { - cprintf("%d ok\n", CIT_OK); + if (!IsEmptyStr(password)) { + CtdlGetUserLock(&tmp, username); + safestrncpy(tmp.password, password, sizeof(tmp.password)); + CtdlPutUserLock(&tmp); + } + cprintf("%d User '%s' created %s.\n", CIT_OK, username, + (!IsEmptyStr(password)) ? "and password set" : + "with no password"); return; } else if (a == ERROR + ALREADY_EXISTS) { - cprintf("%d '%s' already exists.\n", - ERROR + ALREADY_EXISTS, username); + cprintf("%d '%s' already exists.\n", ERROR + ALREADY_EXISTS, username); + return; + } else if ( (config.c_auth_mode != AUTHMODE_NATIVE) && (a == ERROR + NO_SUCH_USER) ) { + cprintf("%d User accounts are not created within Citadel in host authentication mode.\n", + ERROR + NO_SUCH_USER); return; } else { - cprintf("%d An error occured creating the user account.\n", ERROR); + cprintf("%d An error occurred creating the user account.\n", ERROR + INTERNAL_ERROR); } - rec_log(CL_NEWUSER, username); } @@ -901,19 +1437,17 @@ void cmd_creu(char *cmdbuf) /* * get user parameters */ -void cmd_getu(void) +void cmd_getu(char *cmdbuf) { if (CtdlAccessCheck(ac_logged_in)) return; - getuser(&CC->usersupp, CC->curr_user); - cprintf("%d %d|%d|%d|\n", + CtdlGetUser(&CC->user, CC->curr_user); + cprintf("%d 80|24|%d|\n", CIT_OK, - CC->usersupp.USscreenwidth, - CC->usersupp.USscreenheight, - (CC->usersupp.flags & US_USER_SET) - ); + (CC->user.flags & US_USER_SET) + ); } /* @@ -925,17 +1459,13 @@ void cmd_setu(char *new_parms) return; if (num_parms(new_parms) < 3) { - cprintf("%d Usage error.\n", ERROR); + cprintf("%d Usage error.\n", ERROR + ILLEGAL_VALUE); return; } - lgetuser(&CC->usersupp, CC->curr_user); - CC->usersupp.USscreenwidth = extract_int(new_parms, 0); - CC->usersupp.USscreenheight = extract_int(new_parms, 1); - CC->usersupp.flags = CC->usersupp.flags & (~US_USER_SET); - CC->usersupp.flags = CC->usersupp.flags | - (extract_int(new_parms, 2) & US_USER_SET); - - lputuser(&CC->usersupp); + CtdlGetUserLock(&CC->user, CC->curr_user); + CC->user.flags = CC->user.flags & (~US_USER_SET); + CC->user.flags = CC->user.flags | (extract_int(new_parms, 2) & US_USER_SET); + CtdlPutUserLock(&CC->user); cprintf("%d Ok\n", CIT_OK); } @@ -945,26 +1475,33 @@ void cmd_setu(char *new_parms) void cmd_slrp(char *new_ptr) { long newlr; - struct visit vbuf; + visit vbuf; + visit original_vbuf; if (CtdlAccessCheck(ac_logged_in)) { return; } if (!strncasecmp(new_ptr, "highest", 7)) { - newlr = CC->quickroom.QRhighest; + newlr = CC->room.QRhighest; } else { newlr = atol(new_ptr); } - lgetuser(&CC->usersupp, CC->curr_user); + CtdlGetUserLock(&CC->user, CC->curr_user); - CtdlGetRelationship(&vbuf, &CC->usersupp, &CC->quickroom); + CtdlGetRelationship(&vbuf, &CC->user, &CC->room); + memcpy(&original_vbuf, &vbuf, sizeof(visit)); vbuf.v_lastseen = newlr; snprintf(vbuf.v_seen, sizeof vbuf.v_seen, "*:%ld", newlr); - CtdlSetRelationship(&vbuf, &CC->usersupp, &CC->quickroom); - lputuser(&CC->usersupp); + /* Only rewrite the record if it changed */ + if ( (vbuf.v_lastseen != original_vbuf.v_lastseen) + || (strcmp(vbuf.v_seen, original_vbuf.v_seen)) ) { + CtdlSetRelationship(&vbuf, &CC->user, &CC->room); + } + + CtdlPutUserLock(&CC->user); cprintf("%d %ld\n", CIT_OK, newlr); } @@ -978,120 +1515,139 @@ void cmd_seen(char *argbuf) { } if (num_parms(argbuf) != 2) { - cprintf("%d Invalid parameters\n", ERROR); + cprintf("%d Invalid parameters\n", ERROR + ILLEGAL_VALUE); return; } target_msgnum = extract_long(argbuf, 0); target_setting = extract_int(argbuf, 1); - CtdlSetSeen(target_msgnum, target_setting); + CtdlSetSeen(&target_msgnum, 1, target_setting, + ctdlsetseen_seen, NULL, NULL); cprintf("%d OK\n", CIT_OK); } void cmd_gtsn(char *argbuf) { - char buf[SIZ]; + visit vbuf; if (CtdlAccessCheck(ac_logged_in)) { return; } - CtdlGetSeen(buf); - cprintf("%d %s\n", CIT_OK, buf); + /* Learn about the user and room in question */ + CtdlGetRelationship(&vbuf, &CC->user, &CC->room); + + cprintf("%d ", CIT_OK); + client_write(vbuf.v_seen, strlen(vbuf.v_seen)); + client_write(HKEY("\n")); } +/* + * API function for cmd_invt_kick() and anything else that needs to + * invite or kick out a user to/from a room. + * + * Set iuser to the name of the user, and op to 1=invite or 0=kick + */ +int CtdlInvtKick(char *iuser, int op) { + struct ctdluser USscratch; + visit vbuf; + char bbb[SIZ]; + + if (CtdlGetUser(&USscratch, iuser) != 0) { + return(1); + } + + CtdlGetRelationship(&vbuf, &USscratch, &CC->room); + if (op == 1) { + vbuf.v_flags = vbuf.v_flags & ~V_FORGET & ~V_LOCKOUT; + vbuf.v_flags = vbuf.v_flags | V_ACCESS; + } + if (op == 0) { + vbuf.v_flags = vbuf.v_flags & ~V_ACCESS; + vbuf.v_flags = vbuf.v_flags | V_FORGET | V_LOCKOUT; + } + CtdlSetRelationship(&vbuf, &USscratch, &CC->room); + + /* post a message in Aide> saying what we just did */ + snprintf(bbb, sizeof bbb, "%s has been %s \"%s\" by %s.\n", + iuser, + ((op == 1) ? "invited to" : "kicked out of"), + CC->room.QRname, + CC->user.fullname); + CtdlAideMessage(bbb,"User Admin Message"); + + return(0); +} + /* * INVT and KICK commands */ -void cmd_invt_kick(char *iuser, int op) - /* user name */ -{ /* 1 = invite, 0 = kick out */ - struct usersupp USscratch; - char bbb[SIZ]; - struct visit vbuf; +void cmd_invt_kick(char *iuser, int op) { /* * These commands are only allowed by aides, room aides, * and room namespace owners */ - if (is_room_aide() - || (atol(CC->quickroom.QRname) == CC->usersupp.usernum) ) { + if (is_room_aide()) { + /* access granted */ + } else if ( ((atol(CC->room.QRname) == CC->user.usernum) ) && (CC->user.usernum != 0) ) { /* access granted */ } else { /* access denied */ - cprintf("%d Higher access or room ownership required.\n", - ERROR + HIGHER_ACCESS_REQUIRED); - return; - } + cprintf("%d Higher access or room ownership required.\n", + ERROR + HIGHER_ACCESS_REQUIRED); + return; + } - if (!strncasecmp(CC->quickroom.QRname, config.c_baseroom, + if (!strncasecmp(CC->room.QRname, config.c_baseroom, ROOMNAMELEN)) { cprintf("%d Can't add/remove users from this room.\n", ERROR + NOT_HERE); return; } - if (lgetuser(&USscratch, iuser) != 0) { - cprintf("%d No such user.\n", ERROR); + if (CtdlInvtKick(iuser, op) != 0) { + cprintf("%d No such user.\n", ERROR + NO_SUCH_USER); return; } - CtdlGetRelationship(&vbuf, &USscratch, &CC->quickroom); - - if (op == 1) { - vbuf.v_flags = vbuf.v_flags & ~V_FORGET & ~V_LOCKOUT; - vbuf.v_flags = vbuf.v_flags | V_ACCESS; - } - if (op == 0) { - vbuf.v_flags = vbuf.v_flags & ~V_ACCESS; - vbuf.v_flags = vbuf.v_flags | V_FORGET | V_LOCKOUT; - } - CtdlSetRelationship(&vbuf, &USscratch, &CC->quickroom); - - lputuser(&USscratch); - - /* post a message in Aide> saying what we just did */ - snprintf(bbb, sizeof bbb, "%s %s %s> by %s\n", - iuser, - ((op == 1) ? "invited to" : "kicked out of"), - CC->quickroom.QRname, - CC->usersupp.fullname); - aide_message(bbb); cprintf("%d %s %s %s.\n", CIT_OK, iuser, ((op == 1) ? "invited to" : "kicked out of"), - CC->quickroom.QRname); + CC->room.QRname); return; } +void cmd_invt(char *iuser) {cmd_invt_kick(iuser, 1);} +void cmd_kick(char *iuser) {cmd_invt_kick(iuser, 0);} /* * Forget (Zap) the current room (API call) * Returns 0 on success */ int CtdlForgetThisRoom(void) { - struct visit vbuf; + visit vbuf; /* On some systems, Aides are not allowed to forget rooms */ if (is_aide() && (config.c_aide_zap == 0) - && ((CC->quickroom.QRflags & QR_MAILBOX) == 0) ) { + && ((CC->room.QRflags & QR_MAILBOX) == 0) ) { return(1); } - lgetuser(&CC->usersupp, CC->curr_user); - CtdlGetRelationship(&vbuf, &CC->usersupp, &CC->quickroom); + CtdlGetUserLock(&CC->user, CC->curr_user); + CtdlGetRelationship(&vbuf, &CC->user, &CC->room); vbuf.v_flags = vbuf.v_flags | V_FORGET; vbuf.v_flags = vbuf.v_flags & ~V_ACCESS; - CtdlSetRelationship(&vbuf, &CC->usersupp, &CC->quickroom); - lputuser(&CC->usersupp); + CtdlSetRelationship(&vbuf, &CC->user, &CC->room); + CtdlPutUserLock(&CC->user); /* Return to the Lobby, so we don't end up in an undefined room */ - usergoto(config.c_baseroom, 0, 0, NULL, NULL); + CtdlUserGoto(config.c_baseroom, 0, 0, NULL, NULL); return(0); } @@ -1100,7 +1656,7 @@ int CtdlForgetThisRoom(void) { /* * forget (Zap) the current room */ -void cmd_forg(void) +void cmd_forg(char *argbuf) { if (CtdlAccessCheck(ac_logged_in)) { @@ -1111,17 +1667,17 @@ void cmd_forg(void) cprintf("%d Ok\n", CIT_OK); } else { - cprintf("%d You may not forget this room.\n", ERROR); + cprintf("%d You may not forget this room.\n", ERROR + NOT_HERE); } } /* * Get Next Unregistered User */ -void cmd_gnur(void) +void cmd_gnur(char *argbuf) { struct cdbdata *cdbus; - struct usersupp usbuf; + struct ctdluser usbuf; if (CtdlAccessCheck(ac_aide)) { return; @@ -1132,20 +1688,20 @@ void cmd_gnur(void) return; } - /* There are unvalidated users. Traverse the usersupp database, + /* There are unvalidated users. Traverse the user database, * and return the first user we find that needs validation. */ - cdb_rewind(CDB_USERSUPP); - while (cdbus = cdb_next_item(CDB_USERSUPP), cdbus != NULL) { - memset(&usbuf, 0, sizeof(struct usersupp)); + cdb_rewind(CDB_USERS); + while (cdbus = cdb_next_item(CDB_USERS), cdbus != NULL) { + memset(&usbuf, 0, sizeof(struct ctdluser)); memcpy(&usbuf, cdbus->ptr, - ((cdbus->len > sizeof(struct usersupp)) ? - sizeof(struct usersupp) : cdbus->len)); + ((cdbus->len > sizeof(struct ctdluser)) ? + sizeof(struct ctdluser) : cdbus->len)); cdb_free(cdbus); if ((usbuf.flags & US_NEEDVALID) - && (usbuf.axlevel > 0)) { + && (usbuf.axlevel > AxDeleted)) { cprintf("%d %s\n", MORE_DATA, usbuf.fullname); - cdb_close_cursor(CDB_USERSUPP); + cdb_close_cursor(CDB_USERS); return; } } @@ -1170,18 +1726,20 @@ void cmd_gnur(void) */ void cmd_vali(char *v_args) { - char user[SIZ]; + char user[128]; int newax; - struct usersupp userbuf; + struct ctdluser userbuf; - extract(user, v_args, 0); + extract_token(user, v_args, 0, '|', sizeof user); newax = extract_int(v_args, 1); - if (CtdlAccessCheck(ac_aide)) { + if (CtdlAccessCheck(ac_aide) || + (newax > AxAideU) || + (newax < AxDeleted)) { return; } - if (lgetuser(&userbuf, user) != 0) { + if (CtdlGetUserLock(&userbuf, user) != 0) { cprintf("%d '%s' not found.\n", ERROR + NO_SUCH_USER, user); return; } @@ -1189,7 +1747,7 @@ void cmd_vali(char *v_args) userbuf.axlevel = newax; userbuf.flags = (userbuf.flags & ~US_NEEDVALID); - lputuser(&userbuf); + CtdlPutUserLock(&userbuf); /* If the access level was set to zero, delete the user */ if (newax == 0) { @@ -1206,19 +1764,19 @@ void cmd_vali(char *v_args) /* * Traverse the user file... */ -void ForEachUser(void (*CallBack) (struct usersupp * EachUser, void *out_data), +void ForEachUser(void (*CallBack) (struct ctdluser * EachUser, void *out_data), void *in_data) { - struct usersupp usbuf; + struct ctdluser usbuf; struct cdbdata *cdbus; - cdb_rewind(CDB_USERSUPP); + cdb_rewind(CDB_USERS); - while (cdbus = cdb_next_item(CDB_USERSUPP), cdbus != NULL) { - memset(&usbuf, 0, sizeof(struct usersupp)); + while (cdbus = cdb_next_item(CDB_USERS), cdbus != NULL) { + memset(&usbuf, 0, sizeof(struct ctdluser)); memcpy(&usbuf, cdbus->ptr, - ((cdbus->len > sizeof(struct usersupp)) ? - sizeof(struct usersupp) : cdbus->len)); + ((cdbus->len > sizeof(struct ctdluser)) ? + sizeof(struct ctdluser) : cdbus->len)); cdb_free(cdbus); (*CallBack) (&usbuf, in_data); } @@ -1228,33 +1786,40 @@ void ForEachUser(void (*CallBack) (struct usersupp * EachUser, void *out_data), /* * List one user (this works with cmd_list) */ -void ListThisUser(struct usersupp *usbuf, void *data) +void ListThisUser(struct ctdluser *usbuf, void *data) { - if (usbuf->axlevel > 0) { - if ((CC->usersupp.axlevel >= 6) + char *searchstring; + + searchstring = (char *)data; + if (bmstrcasestr(usbuf->fullname, searchstring) == NULL) { + return; + } + + if (usbuf->axlevel > AxDeleted) { + if ((CC->user.axlevel >= AxAideU) || ((usbuf->flags & US_UNLISTED) == 0) || ((CC->internal_pgm))) { - cprintf("%s|%d|%ld|%ld|%ld|%ld|", + cprintf("%s|%d|%ld|%ld|%ld|%ld||\n", usbuf->fullname, usbuf->axlevel, usbuf->usernum, (long)usbuf->lastcall, usbuf->timescalled, usbuf->posted); - if (CC->usersupp.axlevel >= 6) - cprintf("%s", usbuf->password); - cprintf("\n"); } } } /* - * List users + * List users (searchstring may be empty to list all users) */ -void cmd_list(void) +void cmd_list(char *cmdbuf) { + char searchstring[256]; + extract_token(searchstring, cmdbuf, 0, '|', sizeof searchstring); + striplt(searchstring); cprintf("%d \n", LISTING_FOLLOWS); - ForEachUser(ListThisUser, NULL); + ForEachUser(ListThisUser, (void *)searchstring ); cprintf("000\n"); } @@ -1264,7 +1829,7 @@ void cmd_list(void) /* * assorted info we need to check at login */ -void cmd_chek(void) +void cmd_chek(char *argbuf) { int mail = 0; int regis = 0; @@ -1274,11 +1839,11 @@ void cmd_chek(void) return; } - getuser(&CC->usersupp, CC->curr_user); /* no lock is needed here */ - if ((REGISCALL != 0) && ((CC->usersupp.flags & US_REGIS) == 0)) + CtdlGetUser(&CC->user, CC->curr_user); /* no lock is needed here */ + if ((REGISCALL != 0) && ((CC->user.flags & US_REGIS) == 0)) regis = 1; - if (CC->usersupp.axlevel >= 6) { + if (CC->user.axlevel >= AxAideU) { get_control(); if (CitControl.MMflags & MM_VALID) vali = 1; @@ -1287,7 +1852,7 @@ void cmd_chek(void) /* check for mail */ mail = InitialMailCheck(); - cprintf("%d %d|%d|%d\n", CIT_OK, mail, regis, vali); + cprintf("%d %d|%d|%d|%s|\n", CIT_OK, mail, regis, vali, CC->cs_inet_email); } @@ -1296,9 +1861,9 @@ void cmd_chek(void) */ void cmd_qusr(char *who) { - struct usersupp usbuf; + struct ctdluser usbuf; - if (getuser(&usbuf, who) == 0) { + if (CtdlGetUser(&usbuf, who) == 0) { cprintf("%d %s\n", CIT_OK, usbuf.fullname); } else { cprintf("%d No such user.\n", ERROR + NO_SUCH_USER); @@ -1311,15 +1876,15 @@ void cmd_qusr(char *who) */ void cmd_agup(char *cmdbuf) { - struct usersupp usbuf; - char requested_user[SIZ]; + struct ctdluser usbuf; + char requested_user[128]; if (CtdlAccessCheck(ac_aide)) { return; } - extract(requested_user, cmdbuf, 0); - if (getuser(&usbuf, requested_user) != 0) { + extract_token(requested_user, cmdbuf, 0, '|', sizeof requested_user); + if (CtdlGetUser(&usbuf, requested_user) != 0) { cprintf("%d No such user.\n", ERROR + NO_SUCH_USER); return; } @@ -1343,8 +1908,9 @@ void cmd_agup(char *cmdbuf) */ void cmd_asup(char *cmdbuf) { - struct usersupp usbuf; - char requested_user[SIZ]; + struct ctdluser usbuf; + char requested_user[128]; + char notify[SIZ]; int np; int newax; int deleted = 0; @@ -1352,14 +1918,14 @@ void cmd_asup(char *cmdbuf) if (CtdlAccessCheck(ac_aide)) return; - extract(requested_user, cmdbuf, 0); - if (lgetuser(&usbuf, requested_user) != 0) { + extract_token(requested_user, cmdbuf, 0, '|', sizeof requested_user); + if (CtdlGetUserLock(&usbuf, requested_user) != 0) { cprintf("%d No such user.\n", ERROR + NO_SUCH_USER); return; } np = num_parms(cmdbuf); if (np > 1) - extract(usbuf.password, cmdbuf, 1); + extract_token(usbuf.password, cmdbuf, 1, '|', sizeof usbuf.password); if (np > 2) usbuf.flags = extract_int(cmdbuf, 2); if (np > 3) @@ -1368,8 +1934,8 @@ void cmd_asup(char *cmdbuf) usbuf.posted = extract_int(cmdbuf, 4); if (np > 5) { newax = extract_int(cmdbuf, 5); - if ((newax >= 0) && (newax <= 6)) { - usbuf.axlevel = extract_int(cmdbuf, 5); + if ((newax >= AxDeleted) && (newax <= AxAideU)) { + usbuf.axlevel = newax; } } if (np > 7) { @@ -1378,12 +1944,20 @@ void cmd_asup(char *cmdbuf) if (np > 8) { usbuf.USuserpurge = extract_int(cmdbuf, 8); } - lputuser(&usbuf); - if (usbuf.axlevel == 0) { + CtdlPutUserLock(&usbuf); + if (usbuf.axlevel == AxDeleted) { if (purge_user(requested_user) == 0) { deleted = 1; } } + + if (deleted) { + snprintf(notify, SIZ, + "User \"%s\" has been deleted by %s.\n", + usbuf.fullname, CC->user.fullname); + CtdlAideMessage(notify, "User Deletion Message"); + } + cprintf("%d Ok", CIT_OK); if (deleted) cprintf(" (%s deleted)", requested_user); @@ -1392,26 +1966,6 @@ void cmd_asup(char *cmdbuf) -/* - * Check to see if the user who we just sent mail to is logged in. If yes, - * bump the 'new mail' counter for their session. That enables them to - * receive a new mail notification without having to hit the database. - */ -void BumpNewMailCounter(long which_user) { - struct CitContext *ptr; - - begin_critical_section(S_SESSION_TABLE); - - for (ptr = ContextList; ptr != NULL; ptr = ptr->next) { - if (ptr->usersupp.usernum == which_user) { - ptr->newmail += 1; - } - } - - end_critical_section(S_SESSION_TABLE); -} - - /* * Count the number of new mail messages the user has */ @@ -1431,40 +1985,40 @@ int NewMailCount() */ int InitialMailCheck() { - int num_newmsgs = 0; - int a; - char mailboxname[ROOMNAMELEN]; - struct quickroom mailbox; - struct visit vbuf; - struct cdbdata *cdbfr; - long *msglist = NULL; - int num_msgs = 0; - - MailboxName(mailboxname, sizeof mailboxname, &CC->usersupp, MAILROOM); - if (getroom(&mailbox, mailboxname) != 0) - return (0); - CtdlGetRelationship(&vbuf, &CC->usersupp, &mailbox); - - cdbfr = cdb_fetch(CDB_MSGLISTS, &mailbox.QRnumber, sizeof(long)); - - if (cdbfr != NULL) { - msglist = mallok(cdbfr->len); - memcpy(msglist, cdbfr->ptr, cdbfr->len); - num_msgs = cdbfr->len / sizeof(long); - cdb_free(cdbfr); - } - if (num_msgs > 0) - for (a = 0; a < num_msgs; ++a) { - if (msglist[a] > 0L) { - if (msglist[a] > vbuf.v_lastseen) { - ++num_newmsgs; - } - } - } - if (msglist != NULL) - phree(msglist); - - return (num_newmsgs); + int num_newmsgs = 0; + int a; + char mailboxname[ROOMNAMELEN]; + struct ctdlroom mailbox; + visit vbuf; + struct cdbdata *cdbfr; + long *msglist = NULL; + int num_msgs = 0; + + CtdlMailboxName(mailboxname, sizeof mailboxname, &CC->user, MAILROOM); + if (CtdlGetRoom(&mailbox, mailboxname) != 0) + return (0); + CtdlGetRelationship(&vbuf, &CC->user, &mailbox); + + cdbfr = cdb_fetch(CDB_MSGLISTS, &mailbox.QRnumber, sizeof(long)); + + if (cdbfr != NULL) { + msglist = malloc(cdbfr->len); + memcpy(msglist, cdbfr->ptr, cdbfr->len); + num_msgs = cdbfr->len / sizeof(long); + cdb_free(cdbfr); + } + if (num_msgs > 0) + for (a = 0; a < num_msgs; ++a) { + if (msglist[a] > 0L) { + if (msglist[a] > vbuf.v_lastseen) { + ++num_newmsgs; + } + } + } + if (msglist != NULL) + free(msglist); + + return (num_newmsgs); } @@ -1474,7 +2028,7 @@ int InitialMailCheck() */ void cmd_view(char *cmdbuf) { int requested_view; - struct visit vbuf; + visit vbuf; if (CtdlAccessCheck(ac_logged_in)) { return; @@ -1482,9 +2036,83 @@ void cmd_view(char *cmdbuf) { requested_view = extract_int(cmdbuf, 0); - CtdlGetRelationship(&vbuf, &CC->usersupp, &CC->quickroom); + CtdlGetRelationship(&vbuf, &CC->user, &CC->room); vbuf.v_view = requested_view; - CtdlSetRelationship(&vbuf, &CC->usersupp, &CC->quickroom); + CtdlSetRelationship(&vbuf, &CC->user, &CC->room); cprintf("%d ok\n", CIT_OK); } + + +/* + * Rename a user + */ +void cmd_renu(char *cmdbuf) +{ + int retcode; + char oldname[USERNAME_SIZE]; + char newname[USERNAME_SIZE]; + + if (CtdlAccessCheck(ac_aide)) { + return; + } + + extract_token(oldname, cmdbuf, 0, '|', sizeof oldname); + extract_token(newname, cmdbuf, 1, '|', sizeof newname); + + retcode = rename_user(oldname, newname); + switch(retcode) { + case RENAMEUSER_OK: + cprintf("%d '%s' has been renamed to '%s'.\n", CIT_OK, oldname, newname); + return; + case RENAMEUSER_LOGGED_IN: + cprintf("%d '%s' is currently logged in and cannot be renamed.\n", + ERROR + ALREADY_LOGGED_IN , oldname); + return; + case RENAMEUSER_NOT_FOUND: + cprintf("%d '%s' does not exist.\n", ERROR + NO_SUCH_USER, oldname); + return; + case RENAMEUSER_ALREADY_EXISTS: + cprintf("%d A user named '%s' already exists.\n", ERROR + ALREADY_EXISTS, newname); + return; + } + + cprintf("%d An unknown error occurred.\n", ERROR); +} + + + +/*****************************************************************************/ +/* MODULE INITIALIZATION STUFF */ +/*****************************************************************************/ + + +CTDL_MODULE_INIT(user_ops) +{ + if (!threading) { + CtdlRegisterProtoHook(cmd_user, "USER", "Submit username for login"); + CtdlRegisterProtoHook(cmd_pass, "PASS", "Complete login by submitting a password"); + CtdlRegisterProtoHook(cmd_creu, "CREU", "Create User"); + CtdlRegisterProtoHook(cmd_setp, "SETP", "Set the password for an account"); + CtdlRegisterProtoHook(cmd_getu, "GETU", "Get User parameters"); + CtdlRegisterProtoHook(cmd_setu, "SETU", "Set User parameters"); + CtdlRegisterProtoHook(cmd_slrp, "SLRP", "Set Last Read Pointer"); + CtdlRegisterProtoHook(cmd_invt, "INVT", "Invite a user to a room"); + CtdlRegisterProtoHook(cmd_kick, "KICK", "Kick a user out of a room"); + CtdlRegisterProtoHook(cmd_forg, "FORG", "Forget a room"); + CtdlRegisterProtoHook(cmd_gnur, "GNUR", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_vali, "VALI", "Validate new users"); + CtdlRegisterProtoHook(cmd_list, "LIST", "List users"); + CtdlRegisterProtoHook(cmd_chek, "CHEK", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_qusr, "QUSR", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_agup, "AGUP", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_asup, "ASUP", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_seen, "SEEN", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_gtsn, "GTSN", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_view, "VIEW", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_renu, "RENU", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_newu, "NEWU", "Autoconverted. TODO: document me."); + } + /* return our Subversion id for the Log */ + return "user_ops"; +}