X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fuser_ops.c;h=6851c805937bdf51006c4a0f419925b6885e9d3f;hb=d93eb617b45525ca350d4a35fe3aa98a3569abcf;hp=b78cc592fbdc84410569b7e242517707acbcc716;hpb=4e6233ae0eefb338a0049e29e13d6b7997b9792e;p=citadel.git diff --git a/citadel/user_ops.c b/citadel/user_ops.c index b78cc592f..6851c8059 100644 --- a/citadel/user_ops.c +++ b/citadel/user_ops.c @@ -33,13 +33,14 @@ int chkpwd_read_pipe[2]; /* - * CtdlGetUser() - retrieve named user into supplied buffer. - * returns 0 on success + * CtdlGetUser() retrieve named user into supplied buffer. + * returns 0 on success */ -int CtdlGetUserLen(struct ctdluser *usbuf, const char *name, long len) +int CtdlGetUser(struct ctdluser *usbuf, char *name) { char usernamekey[USERNAME_SIZE]; struct cdbdata *cdbus; + long len = cutuserkey(name); if (usbuf != NULL) { memset(usbuf, 0, sizeof(struct ctdluser)); @@ -52,26 +53,17 @@ int CtdlGetUserLen(struct ctdluser *usbuf, const char *name, long len) return(1); } if (usbuf != NULL) { - memcpy(usbuf, cdbus->ptr, - ((cdbus->len > sizeof(struct ctdluser)) ? - sizeof(struct ctdluser) : cdbus->len)); + memcpy(usbuf, cdbus->ptr, ((cdbus->len > sizeof(struct ctdluser)) ? sizeof(struct ctdluser) : cdbus->len)); } cdb_free(cdbus); - return (0); } -int CtdlGetUser(struct ctdluser *usbuf, char *name) -{ - return CtdlGetUserLen(usbuf, name, cutuserkey(name)); -} - - int CtdlLockGetCurrentUser(void) { CitContext *CCC = CC; - return CtdlGetUserLen(&CCC->user, CCC->curr_user, cutuserkey(CCC->curr_user)); + return CtdlGetUser(&CCC->user, CCC->curr_user); } @@ -375,8 +367,7 @@ int is_room_aide(void) return (0); } - if ((CC->user.axlevel >= AxAideU) - || (CC->room.QRroomaide == CC->user.usernum)) { + if ((CC->user.axlevel >= AxAideU) || (CC->room.QRroomaide == CC->user.usernum)) { return (1); } else { return (0); @@ -458,30 +449,32 @@ void rebuild_usersbynumber(void) { /* - * getuserbyuid() - get user by system uid (for PAM mode authentication) - * returns 0 if user was found - * - * WARNING: don't use this function unless you absolutely have to. It does - * a sequential search and therefore is computationally expensive. + * getuserbyuid() Get user by system uid (for PAM mode authentication) + * Returns 0 if user was found + * This now uses an extauth index. */ int getuserbyuid(struct ctdluser *usbuf, uid_t number) { - struct cdbdata *cdbus; + struct cdbdata *cdbextauth; + long usernum = 0; + StrBuf *claimed_id; + + claimed_id = NewStrBuf(); + StrBufPrintf(claimed_id, "uid:%d", number); + cdbextauth = cdb_fetch(CDB_EXTAUTH, ChrPtr(claimed_id), StrLength(claimed_id)); + FreeStrBuf(&claimed_id); + if (cdbextauth == NULL) { + return(-1); + } - cdb_rewind(CDB_USERS); + memcpy(&usernum, cdbextauth->ptr, sizeof(long)); + cdb_free(cdbextauth); - while (cdbus = cdb_next_item(CDB_USERS), cdbus != NULL) { - memset(usbuf, 0, sizeof(struct ctdluser)); - memcpy(usbuf, cdbus->ptr, - ((cdbus->len > sizeof(struct ctdluser)) ? - sizeof(struct ctdluser) : cdbus->len)); - cdb_free(cdbus); - if (usbuf->uid == number) { - cdb_close_cursor(CDB_USERS); - return (0); - } + if (!CtdlGetUserByNumber(usbuf, usernum)) { + return(0); } - return (-1); + + return(-1); } @@ -494,7 +487,6 @@ int CtdlLoginExistingUser(char *authname, const char *trythisname) { char username[SIZ]; int found_user; - long len; syslog(LOG_DEBUG, "user_ops: CtdlLoginExistingUser(%s, %s)", authname, trythisname); @@ -523,7 +515,6 @@ int CtdlLoginExistingUser(char *authname, const char *trythisname) /* Continue attempting user validation... */ safestrncpy(username, trythisname, sizeof (username)); striplt(username); - len = cutuserkey(username); if (IsEmptyStr(username)) { return login_not_found; @@ -559,12 +550,11 @@ int CtdlLoginExistingUser(char *authname, const char *trythisname) * If not found, make one attempt to create it. */ found_user = getuserbyuid(&CC->user, pd.pw_uid); - syslog(LOG_DEBUG, "user_ops: found it: uid=%ld, gecos=%s here: %d", (long)pd.pw_uid, pd.pw_gecos, found_user); if (found_user != 0) { - len = cutuserkey(username); - create_user(username, len, 0); + create_user(username, CREATE_USER_DO_NOT_BECOME_USER, pd.pw_uid); found_user = getuserbyuid(&CC->user, pd.pw_uid); } + syslog(LOG_DEBUG, "user_ops: found it: uid=%ld, gecos=%s here: %d", (long)pd.pw_uid, pd.pw_gecos, found_user); } @@ -577,14 +567,14 @@ int CtdlLoginExistingUser(char *authname, const char *trythisname) char ldap_cn[256]; char ldap_dn[256]; - found_user = CtdlTryUserLDAP(username, ldap_dn, sizeof ldap_dn, ldap_cn, sizeof ldap_cn, &ldap_uid, 0); + found_user = CtdlTryUserLDAP(username, ldap_dn, sizeof ldap_dn, ldap_cn, sizeof ldap_cn, &ldap_uid); if (found_user != 0) { return login_not_found; } found_user = getuserbyuid(&CC->user, ldap_uid); if (found_user != 0) { - create_user(username, len, 0); + create_user(ldap_cn, CREATE_USER_DO_NOT_BECOME_USER, ldap_uid); found_user = getuserbyuid(&CC->user, ldap_uid); } @@ -604,9 +594,7 @@ int CtdlLoginExistingUser(char *authname, const char *trythisname) /* First, try to log in as if the supplied name is a display name */ found_user = CtdlGetUser(&CC->user, username); - /* If that didn't work, try to log in as if the supplied name - * is an e-mail address - */ + /* If that didn't work, try to log in as if the supplied name * is an e-mail address */ if (found_user != 0) { valid = validate_recipients(username, NULL, 0); if (valid != NULL) { @@ -623,8 +611,7 @@ int CtdlLoginExistingUser(char *authname, const char *trythisname) if (((CC->nologin)) && (CC->user.axlevel < AxAideU)) { return login_too_many_users; } else { - safestrncpy(CC->curr_user, CC->user.fullname, - sizeof CC->curr_user); + safestrncpy(CC->curr_user, CC->user.fullname, sizeof CC->curr_user); return login_ok; } } @@ -663,7 +650,19 @@ void do_login(void) } } - CtdlPutUserLock(&CCC->user); + /* + * If we are using LDAP authentication, extract the user's email addresses from the directory. + */ +#ifdef HAVE_LDAP + if ((CtdlGetConfigInt("c_auth_mode") == AUTHMODE_LDAP) || (CtdlGetConfigInt("c_auth_mode") == AUTHMODE_LDAP_AD)) { + char new_emailaddrs[512]; + if (CtdlGetConfigInt("c_ldap_sync_email_addrs") > 0) { + if (extract_email_addresses_from_ldap(CCC->ldap_dn, new_emailaddrs) == 0) { + CtdlSetEmailAddressesForUser(CCC->user.fullname, new_emailaddrs); + } + } + } +#endif /* * No email address for user? Make one up. @@ -672,6 +671,8 @@ void do_login(void) sprintf(CCC->user.emailaddrs, "cit%ld@%s", CCC->user.usernum, CtdlGetConfigStr("c_fqdn")); } + CtdlPutUserLock(&CCC->user); + /* * Populate cs_inet_email and cs_inet_other_emails with valid email addresses from the user record */ @@ -998,9 +999,9 @@ int purge_user(char pname[]) } -int internal_create_user (const char *username, long len, struct ctdluser *usbuf, uid_t uid) +int internal_create_user(char *username, struct ctdluser *usbuf, uid_t uid) { - if (!CtdlGetUserLen(usbuf, username, len)) { + if (!CtdlGetUser(usbuf, username)) { return (ERROR + ALREADY_EXISTS); } @@ -1025,6 +1026,14 @@ int internal_create_user (const char *username, long len, struct ctdluser *usbuf CtdlPutUser(usbuf); cdb_store(CDB_USERSBYNUMBER, &usbuf->usernum, sizeof(long), usbuf->fullname, strlen(usbuf->fullname)+1); + /* If non-native auth, index by uid */ + if ((usbuf->uid > 0) && (usbuf->uid != NATIVE_AUTH_UID)) { + StrBuf *claimed_id = NewStrBuf(); + StrBufPrintf(claimed_id, "uid:%d", usbuf->uid); + attach_extauth(usbuf, claimed_id); + FreeStrBuf(&claimed_id); + } + return 0; } @@ -1033,64 +1042,23 @@ int internal_create_user (const char *username, long len, struct ctdluser *usbuf * create_user() - back end processing to create a new user * * Set 'newusername' to the desired account name. - * Set 'become_user' to nonzero if this is self-service account creation and we want - * to actually log in as the user we just created, otherwise set it to 0. + * Set 'become_user' to CREATE_USER_BECOME_USER if this is self-service account creation and we want to + * actually log in as the user we just created, otherwise set it to CREATE_USER_DO_NOT_BECOME_USER + * Set 'uid' to some uid_t value to associate the account with an external auth user, or (-1) for native auth */ -int create_user(const char *newusername, long len, int become_user) +int create_user(char *username, int become_user, uid_t uid) { struct ctdluser usbuf; struct ctdlroom qrbuf; - char username[256]; char mailboxname[ROOMNAMELEN]; char buf[SIZ]; int retval; - uid_t uid = (-1); - safestrncpy(username, newusername, sizeof username); strproc(username); - - if (CtdlGetConfigInt("c_auth_mode") == AUTHMODE_HOST) { - - /* host auth mode */ - - struct passwd pd; - struct passwd *tempPwdPtr; - char pwdbuffer[SIZ]; - -#ifdef HAVE_GETPWNAM_R -#ifdef SOLARIS_GETPWUID - tempPwdPtr = getpwnam_r(username, &pd, pwdbuffer, sizeof(pwdbuffer)); -#else // SOLARIS_GETPWUID - getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer, &tempPwdPtr); -#endif // SOLARIS_GETPWUID -#else // HAVE_GETPWNAM_R - tempPwdPtr = NULL; -#endif // HAVE_GETPWNAM_R - if (tempPwdPtr != NULL) { - extract_token(username, pd.pw_gecos, 0, ',', sizeof username); - uid = pd.pw_uid; - if (IsEmptyStr (username)) - { - safestrncpy(username, pd.pw_name, sizeof username); - len = cutuserkey(username); - } - } - else { - return (ERROR + NO_SUCH_USER); - } + if ((retval = internal_create_user(username, &usbuf, uid)) != 0) { + return retval; } -#ifdef HAVE_LDAP - if ((CtdlGetConfigInt("c_auth_mode") == AUTHMODE_LDAP) || (CtdlGetConfigInt("c_auth_mode") == AUTHMODE_LDAP_AD)) { - if (CtdlTryUserLDAP(username, NULL, 0, username, sizeof username, &uid, 0) != 0) { - return(ERROR + NO_SUCH_USER); - } - } -#endif /* HAVE_LDAP */ - - if ((retval = internal_create_user(username, len, &usbuf, uid)) != 0) - return retval; - /* * Give the user a private mailbox and a configuration room. * Make the latter an invisible system room. @@ -1112,7 +1080,7 @@ int create_user(const char *newusername, long len, int become_user) * creating a user, instead of doing self-service account creation */ - if (become_user) { + if (become_user == CREATE_USER_BECOME_USER) { /* Now become the user we just created */ memcpy(&CC->user, &usbuf, sizeof(struct ctdluser)); safestrncpy(CC->curr_user, username, sizeof CC->curr_user);