X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fuser_ops.c;h=9f867f9711059d67521badb68b483140ba355f66;hb=c1b1936458ccd0d517148615a6ed753f6a3e30c2;hp=9637c14c99654cbef94792f0ae467999be023a14;hpb=f19de702becb27c97166db25a831df9ffe111cdc;p=citadel.git diff --git a/citadel/user_ops.c b/citadel/user_ops.c index 9637c14c9..9f867f971 100644 --- a/citadel/user_ops.c +++ b/citadel/user_ops.c @@ -16,6 +16,9 @@ #include #include #include +#ifdef HAVE_SYS_STAT_H +#include +#endif #if TIME_WITH_SYS_TIME # include @@ -30,14 +33,12 @@ #include #include -#ifndef ENABLE_CHKPWD +#include #include "auth.h" -#endif #include "citadel.h" #include "server.h" #include "database.h" #include "user_ops.h" -#include "serv_extensions.h" #include "sysdep_decls.h" #include "support.h" #include "room_ops.h" @@ -45,18 +46,33 @@ #include "control.h" #include "msgbase.h" #include "config.h" -#include "tools.h" #include "citserver.h" +#include "citadel_dirs.h" #include "genstamp.h" +#include "threads.h" +#include "citadel_ldap.h" + +#include "ctdl_module.h" + +/* These pipes are used to talk to the chkpwd daemon, which is forked during startup */ +int chkpwd_write_pipe[2]; +int chkpwd_read_pipe[2]; /* * makeuserkey() - convert a username into the format used as a database key - * (it's just the username converted into lower case) + * (it's just the username converted into lower case) */ -static INLINE void makeuserkey(char *key, char *username) { +INLINE void makeuserkey(char *key, char *username) { int i, len; len = strlen(username); + if (len >= USERNAME_SIZE) + { + CtdlLogPrintf (CTDL_EMERG, "Username to long: %s", username); + cit_backtrace (); + len = USERNAME_SIZE - 1; + username[USERNAME_SIZE - 1]='\0'; + } for (i=0; i<=len; ++i) { key[i] = tolower(username[i]); } @@ -65,7 +81,7 @@ static INLINE void makeuserkey(char *key, char *username) { /* * getuser() - retrieve named user into supplied buffer. - * returns 0 on success + * returns 0 on success */ int getuser(struct ctdluser *usbuf, char name[]) { @@ -135,6 +151,69 @@ void lputuser(struct ctdluser *usbuf) end_critical_section(S_USERS); } + +/* + * rename_user() - this is tricky because the user's display name is the database key + * + * Returns 0 on success or nonzero if there was an error... + * + */ +int rename_user(char *oldname, char *newname) { + struct CitContext *cptr; + int retcode = RENAMEUSER_OK; + struct ctdluser usbuf; + + char oldnamekey[USERNAME_SIZE]; + char newnamekey[USERNAME_SIZE]; + + /* We cannot rename a user who is currently logged in */ + for (cptr = ContextList; cptr != NULL; cptr = cptr->next) { + if (!strcasecmp(cptr->user.fullname, oldname)) { + return(RENAMEUSER_LOGGED_IN); + } + } + + /* Create the database keys... */ + makeuserkey(oldnamekey, oldname); + makeuserkey(newnamekey, newname); + + /* Lock up and get going */ + begin_critical_section(S_USERS); + + if (getuser(&usbuf, newname) == 0) { + retcode = RENAMEUSER_ALREADY_EXISTS; + } + else { + + if (getuser(&usbuf, oldname) != 0) { + retcode = RENAMEUSER_NOT_FOUND; + } + + else { /* Sanity checks succeeded. Now rename the user. */ + if (usbuf.usernum == 0) + { + CtdlLogPrintf (CTDL_DEBUG, "Can not rename user \"Citadel\".\n"); + retcode = RENAMEUSER_NOT_FOUND; + } else { + CtdlLogPrintf(CTDL_DEBUG, "Renaming <%s> to <%s>\n", oldname, newname); + cdb_delete(CDB_USERS, oldnamekey, strlen(oldnamekey)); + safestrncpy(usbuf.fullname, newname, sizeof usbuf.fullname); + putuser(&usbuf); + cdb_store(CDB_USERSBYNUMBER, &usbuf.usernum, sizeof(long), + usbuf.fullname, strlen(usbuf.fullname)+1 ); + + retcode = RENAMEUSER_OK; + } + } + + } + + end_critical_section(S_USERS); + return(retcode); +} + + + /* * Index-generating function used by Ctdl[Get|Set]Relationship */ @@ -166,8 +245,9 @@ int GenerateRelationshipIndex(char *IndexBuf, void put_visit(struct visit *newvisit) { char IndexBuf[32]; - int IndexLen; + int IndexLen = 0; + memset (IndexBuf, 0, sizeof (IndexBuf)); /* Generate an index */ IndexLen = GenerateRelationshipIndex(IndexBuf, newvisit->v_roomnum, @@ -281,39 +361,89 @@ int is_room_aide(void) } /* - * getuserbynumber() - get user by number - * returns 0 if user was found + * getuserbynumber() - get user by number + * returns 0 if user was found * - * WARNING: don't use this function unless you absolutely have to. It does - * a sequential search and therefore is computationally expensive. + * Note: fetching a user this way requires one additional database operation. */ -int getuserbynumber(struct ctdluser *usbuf, long int number) +int getuserbynumber(struct ctdluser *usbuf, long number) { - struct cdbdata *cdbus; + struct cdbdata *cdbun; + int r; - cdb_rewind(CDB_USERS); + cdbun = cdb_fetch(CDB_USERSBYNUMBER, &number, sizeof(long)); + if (cdbun == NULL) { + CtdlLogPrintf(CTDL_INFO, "User %ld not found\n", number); + return(-1); + } - while (cdbus = cdb_next_item(CDB_USERS), cdbus != NULL) { - memset(usbuf, 0, sizeof(struct ctdluser)); - memcpy(usbuf, cdbus->ptr, - ((cdbus->len > sizeof(struct ctdluser)) ? - sizeof(struct ctdluser) : cdbus->len)); - cdb_free(cdbus); - if (usbuf->usernum == number) { - cdb_close_cursor(CDB_USERS); - return (0); - } + CtdlLogPrintf(CTDL_INFO, "User %ld maps to %s\n", number, cdbun->ptr); + r = getuser(usbuf, cdbun->ptr); + cdb_free(cdbun); + return(r); +} + + + +/* + * Helper function for rebuild_usersbynumber() + */ +void rebuild_ubn_for_user(struct ctdluser *usbuf, void *data) { + + struct ubnlist { + struct ubnlist *next; + char username[USERNAME_SIZE]; + long usernum; + }; + + static struct ubnlist *u = NULL; + struct ubnlist *ptr = NULL; + + /* Lazy programming here. Call this function as a ForEachUser backend + * in order to queue up the room names, or call it with a null user + * to make it do the processing. + */ + if (usbuf != NULL) { + ptr = (struct ubnlist *) malloc(sizeof (struct ubnlist)); + if (ptr == NULL) return; + + ptr->usernum = usbuf->usernum; + safestrncpy(ptr->username, usbuf->fullname, sizeof ptr->username); + ptr->next = u; + u = ptr; + return; + } + + while (u != NULL) { + CtdlLogPrintf(CTDL_DEBUG, "Rebuilding usersbynumber index %10ld : %s\n", + u->usernum, u->username); + cdb_store(CDB_USERSBYNUMBER, &u->usernum, sizeof(long), u->username, strlen(u->username)+1); + + ptr = u; + u = u->next; + free(ptr); } - return (-1); } + +/* + * Rebuild the users-by-number index + */ +void rebuild_usersbynumber(void) { + cdb_trunc(CDB_USERSBYNUMBER); /* delete the old indices */ + ForEachUser(rebuild_ubn_for_user, NULL); /* enumerate the users */ + rebuild_ubn_for_user(NULL, NULL); /* and index them */ +} + + + /* * getuserbyuid() - get user by system uid (for PAM mode authentication) - * returns 0 if user was found + * returns 0 if user was found * * WARNING: don't use this function unless you absolutely have to. It does - * a sequential search and therefore is computationally expensive. + * a sequential search and therefore is computationally expensive. */ int getuserbyuid(struct ctdluser *usbuf, uid_t number) { @@ -335,29 +465,47 @@ int getuserbyuid(struct ctdluser *usbuf, uid_t number) return (-1); } - - /* * Back end for cmd_user() and its ilk + * + * NOTE: "authname" should only be used if we are attempting to use the "master user" feature */ -int CtdlLoginExistingUser(char *trythisname) +int CtdlLoginExistingUser(char *authname, char *trythisname) { char username[SIZ]; int found_user; + CtdlLogPrintf(9, "CtdlLoginExistingUser(%s, %s)\n", authname, trythisname); + if ((CC->logged_in)) { return login_already_logged_in; } if (trythisname == NULL) return login_not_found; + + if (!strncasecmp(trythisname, "SYS_", 4)) + { + CtdlLogPrintf(CTDL_DEBUG, "System user \"%s\" is not allowed to log in.\n", trythisname); + return login_not_found; + } + + /* If a "master user" is defined, handle its authentication if specified */ + CC->is_master = 0; + if (strlen(config.c_master_user) > 0) if (strlen(config.c_master_pass) > 0) if (authname) { + if (!strcasecmp(authname, config.c_master_user)) { + CC->is_master = 1; + } + } + + /* Continue attempting user validation... */ safestrncpy(username, trythisname, USERNAME_SIZE); striplt(username); - if (strlen(username) == 0) { + if (IsEmptyStr(username)) { return login_not_found; } - if (config.c_auth_mode == 1) { + if (config.c_auth_mode == AUTHMODE_HOST) { /* host auth mode */ @@ -365,17 +513,30 @@ int CtdlLoginExistingUser(char *trythisname) struct passwd *tempPwdPtr; char pwdbuffer[256]; - lprintf(CTDL_DEBUG, "asking host about <%s>\n", username); + CtdlLogPrintf(CTDL_DEBUG, "asking host about <%s>\n", username); +#ifdef HAVE_GETPWNAM_R +#ifdef SOLARIS_GETPWUID + CtdlLogPrintf(CTDL_DEBUG, "Calling getpwnam_r()\n"); + tempPwdPtr = getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer); +#else // SOLARIS_GETPWUID + CtdlLogPrintf(CTDL_DEBUG, "Calling getpwnam_r()\n"); getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer, &tempPwdPtr); +#endif // SOLARIS_GETPWUID +#else // HAVE_GETPWNAM_R + CtdlLogPrintf(CTDL_DEBUG, "SHOULD NEVER GET HERE!!!\n"); + tempPwdPtr = NULL; +#endif // HAVE_GETPWNAM_R if (tempPwdPtr == NULL) { + CtdlLogPrintf(CTDL_DEBUG, "no such user <%s>\n", username); return login_not_found; } - lprintf(CTDL_DEBUG, "found it! uid=%d, gecos=%s\n", pd.pw_uid, pd.pw_gecos); /* Locate the associated Citadel account. * If not found, make one attempt to create it. */ found_user = getuserbyuid(&CC->user, pd.pw_uid); + CtdlLogPrintf(CTDL_DEBUG, "found it: uid=%ld, gecos=%s here: %d\n", + (long)pd.pw_uid, pd.pw_gecos, found_user); if (found_user != 0) { create_user(username, 0); found_user = getuserbyuid(&CC->user, pd.pw_uid); @@ -383,6 +544,34 @@ int CtdlLoginExistingUser(char *trythisname) } +#ifdef HAVE_LDAP + else if ((config.c_auth_mode == AUTHMODE_LDAP) || (config.c_auth_mode == AUTHMODE_LDAP_AD)) { + + /* LDAP auth mode */ + + uid_t ldap_uid; + char ldap_cn[256]; + char ldap_dn[256]; + + found_user = CtdlTryUserLDAP(username, ldap_dn, sizeof ldap_dn, ldap_cn, sizeof ldap_cn, &ldap_uid); + if (found_user != 0) { + return login_not_found; + } + + found_user = getuserbyuid(&CC->user, ldap_uid); + if (found_user != 0) { + create_user(trythisname, 0); + found_user = getuserbyuid(&CC->user, ldap_uid); + } + + if (found_user == 0) { + if (CC->ldap_dn != NULL) free(CC->ldap_dn); + CC->ldap_dn = strdup(ldap_dn); + } + + } +#endif + else { /* native auth mode */ @@ -395,12 +584,12 @@ int CtdlLoginExistingUser(char *trythisname) * is an e-mail address */ if (found_user != 0) { - valid = validate_recipients(username); + valid = validate_recipients(username, NULL, 0); if (valid != NULL) { if (valid->num_local == 1) { found_user = getuser(&CC->user, valid->recp_local); } - free(valid); + free_recipients(valid); } } } @@ -428,10 +617,13 @@ void cmd_user(char *cmdbuf) char username[256]; int a; + CtdlLogPrintf(CTDL_DEBUG, "cmd_user(%s)\n", cmdbuf); extract_token(username, cmdbuf, 0, '|', sizeof username); + CtdlLogPrintf(CTDL_DEBUG, "username: %s\n", username); striplt(username); + CtdlLogPrintf(CTDL_DEBUG, "username: %s\n", username); - a = CtdlLoginExistingUser(username); + a = CtdlLoginExistingUser(NULL, username); switch (a) { case login_already_logged_in: cprintf("%d Already logged in.\n", ERROR + ALREADY_LOGGED_IN); @@ -460,11 +652,10 @@ void cmd_user(char *cmdbuf) /* * session startup code which is common to both cmd_pass() and cmd_newu() */ -void session_startup(void) +void do_login(void) { - int i; - - lprintf(CTDL_NOTICE, "<%s> logged in\n", CC->curr_user); + CC->logged_in = 1; + CtdlLogPrintf(CTDL_NOTICE, "<%s> logged in\n", CC->curr_user); lgetuser(&CC->user, CC->curr_user); ++(CC->user.timescalled); @@ -481,7 +672,7 @@ void session_startup(void) /* If we're authenticating off the host system, automatically give * root the highest level of access. */ - if (config.c_auth_mode == 1) { + if (config.c_auth_mode == AUTHMODE_HOST) { if (CC->user.uid == 0) { CC->user.axlevel = 6; } @@ -496,24 +687,21 @@ void session_startup(void) */ snprintf(CC->cs_inet_email, sizeof CC->cs_inet_email, "%s@%s", CC->user.fullname, config.c_fqdn); - for (i=0; ics_inet_email); ++i) { - if (isspace(CC->cs_inet_email[i])) { - CC->cs_inet_email[i] = '_'; - } - } + convert_spaces_to_underscores(CC->cs_inet_email); /* Create any personal rooms required by the system. * (Technically, MAILROOM should be there already, but just in case...) */ - create_room(MAILROOM, 4, "", 0, 1, 0, VIEW_MAILBOX); - create_room(SENTITEMS, 4, "", 0, 1, 0, VIEW_MAILBOX); - create_room(USERTRASHROOM, 4, "", 0, 1, 0, VIEW_MAILBOX); + CtdlCreateRoom(MAILROOM, 4, "", 0, 1, 0, VIEW_MAILBOX); + CtdlCreateRoom(SENTITEMS, 4, "", 0, 1, 0, VIEW_MAILBOX); + CtdlCreateRoom(USERTRASHROOM, 4, "", 0, 1, 0, VIEW_MAILBOX); + /* CtdlCreateRoom(USERDRAFTROOM, 4, "", 0, 1, 0, VIEW_MAILBOX); temporarily disabled for 7.60 */ /* Run any startup routines registered by loadable modules */ PerformSessionHooks(EVT_LOGIN); /* Enter the lobby */ - usergoto(config.c_baseroom, 0, 0, NULL, NULL); + CtdlUserGoto(config.c_baseroom, 0, 0, NULL, NULL); } @@ -531,113 +719,125 @@ void logged_in_response(void) /* * misc things to be taken care of when a user is logged out */ -void logout(struct CitContext *who) +void logout(void) { - /* - * Clear out some session data. Most likely, the CitContext for this - * session is about to get nuked when the session disconnects, but - * since it's possible to log in again without reconnecting, we cannot - * make that assumption. - */ - strcpy(who->fake_username, ""); - strcpy(who->fake_postname, ""); - strcpy(who->fake_hostname, ""); - strcpy(who->fake_roomname, ""); - who->logged_in = 0; - + struct CitContext *CCC = CC; /* CachedCitContext - performance boost */ /* * If there is a download in progress, abort it. */ - if (who->download_fp != NULL) { - fclose(who->download_fp); - who->download_fp = NULL; + if (CCC->download_fp != NULL) { + fclose(CCC->download_fp); + CCC->download_fp = NULL; } /* * If there is an upload in progress, abort it. */ - if (who->upload_fp != NULL) { - abort_upl(who); + if (CCC->upload_fp != NULL) { + abort_upl(CCC); } /* * If we were talking to a network node, we're not anymore... */ - if (strlen(who->net_node) > 0) { - network_talking_to(who->net_node, NTT_REMOVE); + if (!IsEmptyStr(CCC->net_node)) { + network_talking_to(CCC->net_node, NTT_REMOVE); } - /* Do modular stuff... */ + /* Run any hooks registered by modules... */ PerformSessionHooks(EVT_LOGOUT); + + /* + * Clear out some session data. Most likely, the CitContext for this + * session is about to get nuked when the session disconnects, but + * since it's possible to log in again without reconnecting, we cannot + * make that assumption. + */ + strcpy(CCC->fake_username, ""); + strcpy(CCC->fake_hostname, ""); + strcpy(CCC->fake_roomname, ""); + CCC->logged_in = 0; + + /* Check to see if the user was deleted whilst logged in and purge them if necessary */ + if ((CCC->user.axlevel == 0) && (CCC->user.usernum)) + purge_user(CCC->user.fullname); /* Free any output buffers */ - if (who->output_buffer != NULL) { - unbuffer_output(); - } + unbuffer_output(); } -#ifdef ENABLE_CHKPWD /* - * an alternate version of validpw() which executes `chkpwd' instead of - * verifying the password directly + * Validate a password on the host unix system by talking to the chkpwd daemon */ static int validpw(uid_t uid, const char *pass) { - pid_t pid; - int status, pipev[2]; - char buf[24]; + char buf[256]; + int rv = 0; - if (pipe(pipev)) { - lprintf(CTDL_ERR, "pipe failed (%s): denying host auth access for " - "uid %ld\n", strerror(errno), (long)uid); + if (IsEmptyStr(pass)) { + CtdlLogPrintf(CTDL_DEBUG, "refusing to check empty password for uid=%d using chkpwd...\n", uid); return 0; } - switch (pid = fork()) { - case -1: - lprintf(CTDL_ERR, "fork failed (%s): denying host auth access for " - "uid %ld\n", strerror(errno), (long)uid); - close(pipev[0]); - close(pipev[1]); - return 0; - case 0: - close(pipev[1]); - if (dup2(pipev[0], 0) == -1) { - perror("dup2"); - exit(1); - } - close(pipev[0]); - - execl(CTDLDIR "/chkpwd", CTDLDIR "/chkpwd", NULL); - perror(CTDLDIR "/chkpwd"); - exit(1); - } - - close(pipev[0]); - write(pipev[1], buf, - snprintf(buf, sizeof buf, "%lu\n", (unsigned long) uid)); - write(pipev[1], pass, strlen(pass)); - write(pipev[1], "\n", 1); - close(pipev[1]); - - while (waitpid(pid, &status, 0) == -1) - if (errno != EINTR) { - lprintf(CTDL_ERR, "waitpid failed (%s): denying host auth " - "access for uid %ld\n", - strerror(errno), (long)uid); - return 0; - } - if (WIFEXITED(status) && !WEXITSTATUS(status)) - return 1; + CtdlLogPrintf(CTDL_DEBUG, "Validating password for uid=%d using chkpwd...\n", uid); + + begin_critical_section(S_CHKPWD); + rv = write(chkpwd_write_pipe[1], &uid, sizeof(uid_t)); + rv = write(chkpwd_write_pipe[1], pass, 256); + rv = read(chkpwd_read_pipe[0], buf, 4); + end_critical_section(S_CHKPWD); + if (!strncmp(buf, "PASS", 4)) { + CtdlLogPrintf(CTDL_DEBUG, "...pass\n"); + return(1); + } + + CtdlLogPrintf(CTDL_DEBUG, "...fail\n"); return 0; } -#endif -void do_login() -{ - (CC->logged_in) = 1; - session_startup(); +/* + * Start up the chkpwd daemon so validpw() has something to talk to + */ +void start_chkpwd_daemon(void) { + pid_t chkpwd_pid; + struct stat filestats; + int i; + + CtdlLogPrintf(CTDL_DEBUG, "Starting chkpwd daemon for host authentication mode\n"); + + if ((stat(file_chkpwd, &filestats)==-1) || + (filestats.st_size==0)){ + printf("didn't find chkpwd daemon in %s: %s\n", file_chkpwd, strerror(errno)); + abort(); + } + if (pipe(chkpwd_write_pipe) != 0) { + CtdlLogPrintf(CTDL_EMERG, "Unable to create pipe for chkpwd daemon: %s\n", strerror(errno)); + abort(); + } + if (pipe(chkpwd_read_pipe) != 0) { + CtdlLogPrintf(CTDL_EMERG, "Unable to create pipe for chkpwd daemon: %s\n", strerror(errno)); + abort(); + } + + chkpwd_pid = fork(); + if (chkpwd_pid < 0) { + CtdlLogPrintf(CTDL_EMERG, "Unable to fork chkpwd daemon: %s\n", strerror(errno)); + abort(); + } + if (chkpwd_pid == 0) { + CtdlLogPrintf(CTDL_DEBUG, "Now calling dup2() write\n"); + dup2(chkpwd_write_pipe[0], 0); + CtdlLogPrintf(CTDL_DEBUG, "Now calling dup2() write\n"); + dup2(chkpwd_read_pipe[1], 1); + CtdlLogPrintf(CTDL_DEBUG, "Now closing stuff\n"); + for (i=2; i<256; ++i) close(i); + CtdlLogPrintf(CTDL_DEBUG, "Now calling execl(%s)\n", file_chkpwd); + execl(file_chkpwd, file_chkpwd, NULL); + CtdlLogPrintf(CTDL_EMERG, "Unable to exec chkpwd daemon: %s\n", strerror(errno)); + abort(); + exit(errno); + } } @@ -646,24 +846,28 @@ int CtdlTryPassword(char *password) int code; if ((CC->logged_in)) { - lprintf(CTDL_WARNING, "CtdlTryPassword: already logged in\n"); + CtdlLogPrintf(CTDL_WARNING, "CtdlTryPassword: already logged in\n"); return pass_already_logged_in; } if (!strcmp(CC->curr_user, NLI)) { - lprintf(CTDL_WARNING, "CtdlTryPassword: no user selected\n"); + CtdlLogPrintf(CTDL_WARNING, "CtdlTryPassword: no user selected\n"); return pass_no_user; } if (getuser(&CC->user, CC->curr_user)) { - lprintf(CTDL_ERR, "CtdlTryPassword: internal error\n"); + CtdlLogPrintf(CTDL_ERR, "CtdlTryPassword: internal error\n"); return pass_internal_error; } if (password == NULL) { - lprintf(CTDL_INFO, "CtdlTryPassword: NULL password string supplied\n"); + CtdlLogPrintf(CTDL_INFO, "CtdlTryPassword: NULL password string supplied\n"); return pass_wrong_password; } code = (-1); - if (config.c_auth_mode == 1) { + if (CC->is_master) { + code = strcmp(password, config.c_master_pass); + } + + else if (config.c_auth_mode == AUTHMODE_HOST) { /* host auth mode */ @@ -692,6 +896,20 @@ int CtdlTryPassword(char *password) } } +#ifdef HAVE_LDAP + else if ((config.c_auth_mode == AUTHMODE_LDAP) || (config.c_auth_mode == AUTHMODE_LDAP_AD)) { + + /* LDAP auth mode */ + + if ((CC->ldap_dn) && (!CtdlTryPasswordLDAP(CC->ldap_dn, password))) { + code = 0; + } + else { + code = (-1); + } + } +#endif + else { /* native auth mode */ @@ -708,7 +926,7 @@ int CtdlTryPassword(char *password) do_login(); return pass_ok; } else { - lprintf(CTDL_WARNING, "Bad password specified for <%s>\n", CC->curr_user); + CtdlLogPrintf(CTDL_WARNING, "Bad password specified for <%s>\n", CC->curr_user); return pass_wrong_password; } } @@ -719,6 +937,7 @@ void cmd_pass(char *buf) char password[256]; int a; + memset(password, 0, sizeof(password)); extract_token(password, buf, 0, '|', sizeof password); a = CtdlTryPassword(password); @@ -754,8 +973,12 @@ int purge_user(char pname[]) makeuserkey(usernamekey, pname); + /* If the name is empty we can't find them in the DB any way so just return */ + if (IsEmptyStr(pname)) + return (ERROR + NO_SUCH_USER); + if (getuser(&usbuf, pname) != 0) { - lprintf(CTDL_ERR, "Cannot purge user <%s> - not found\n", pname); + CtdlLogPrintf(CTDL_ERR, "Cannot purge user <%s> - not found\n", pname); return (ERROR + NO_SUCH_USER); } /* Don't delete a user who is currently logged in. Instead, just @@ -771,12 +994,12 @@ int purge_user(char pname[]) } end_critical_section(S_SESSION_TABLE); if (user_is_logged_in == 1) { - lprintf(CTDL_WARNING, "User <%s> is logged in; not deleting.\n", pname); + CtdlLogPrintf(CTDL_WARNING, "User <%s> is logged in; not deleting.\n", pname); usbuf.axlevel = 0; putuser(&usbuf); return (1); } - lprintf(CTDL_NOTICE, "Deleting user <%s>\n", pname); + CtdlLogPrintf(CTDL_NOTICE, "Deleting user <%s>\n", pname); /* Perform any purge functions registered by server extensions */ PerformUserHooks(&usbuf, EVT_PURGEUSER); @@ -784,6 +1007,9 @@ int purge_user(char pname[]) /* delete any existing user/room relationships */ cdb_delete(CDB_VISIT, &usbuf.usernum, sizeof(long)); + /* delete the users-by-number index record */ + cdb_delete(CDB_USERSBYNUMBER, &usbuf.usernum, sizeof(long)); + /* delete the userlog entry */ cdb_delete(CDB_USERS, usernamekey, strlen(usernamekey)); @@ -807,6 +1033,40 @@ int purge_user(char pname[]) } +int internal_create_user (char *username, struct ctdluser *usbuf, uid_t uid) +{ + if (!getuser(usbuf, username)) { + return (ERROR + ALREADY_EXISTS); + } + + /* Go ahead and initialize a new user record */ + memset(usbuf, 0, sizeof(struct ctdluser)); + safestrncpy(usbuf->fullname, username, sizeof usbuf->fullname); + strcpy(usbuf->password, ""); + usbuf->uid = uid; + + /* These are the default flags on new accounts */ + usbuf->flags = US_LASTOLD | US_DISAPPEAR | US_PAGINATOR | US_FLOORS; + + usbuf->timescalled = 0; + usbuf->posted = 0; + usbuf->axlevel = config.c_initax; + usbuf->USscreenwidth = 80; + usbuf->USscreenheight = 24; + usbuf->lastcall = time(NULL); + + /* fetch a new user number */ + usbuf->usernum = get_new_user_number(); + + /* add user to the database */ + putuser(usbuf); + cdb_store(CDB_USERSBYNUMBER, &usbuf->usernum, sizeof(long), usbuf->fullname, strlen(usbuf->fullname)+1); + + return 0; +} + + + /* * create_user() - back end processing to create a new user * @@ -821,12 +1081,15 @@ int create_user(char *newusername, int become_user) char username[256]; char mailboxname[ROOMNAMELEN]; char buf[SIZ]; + int retval; uid_t uid = (-1); + safestrncpy(username, newusername, sizeof username); strproc(username); - if (config.c_auth_mode == 1) { + + if (config.c_auth_mode == AUTHMODE_HOST) { /* host auth mode */ @@ -834,60 +1097,52 @@ int create_user(char *newusername, int become_user) struct passwd *tempPwdPtr; char pwdbuffer[256]; +#ifdef HAVE_GETPWNAM_R +#ifdef SOLARIS_GETPWUID + tempPwdPtr = getpwnam_r(username, &pd, pwdbuffer, sizeof(pwdbuffer)); +#else // SOLARIS_GETPWUID getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer, &tempPwdPtr); +#endif // SOLARIS_GETPWUID +#else // HAVE_GETPWNAM_R + tempPwdPtr = NULL; +#endif // HAVE_GETPWNAM_R if (tempPwdPtr != NULL) { extract_token(username, pd.pw_gecos, 0, ',', sizeof username); uid = pd.pw_uid; + if (IsEmptyStr (username)) + { + safestrncpy(username, pd.pw_name, sizeof username); + } } else { return (ERROR + NO_SUCH_USER); } } - if (!getuser(&usbuf, username)) { - return (ERROR + ALREADY_EXISTS); - } - - /* Go ahead and initialize a new user record */ - memset(&usbuf, 0, sizeof(struct ctdluser)); - safestrncpy(usbuf.fullname, username, sizeof usbuf.fullname); - strcpy(usbuf.password, ""); - usbuf.uid = uid; - - /* These are the default flags on new accounts */ - usbuf.flags = US_LASTOLD | US_DISAPPEAR | US_PAGINATOR | US_FLOORS; - - usbuf.timescalled = 0; - usbuf.posted = 0; - usbuf.axlevel = config.c_initax; - usbuf.USscreenwidth = 80; - usbuf.USscreenheight = 24; - usbuf.lastcall = time(NULL); - - /* fetch a new user number */ - usbuf.usernum = get_new_user_number(); - - /* The very first user created on the system will always be an Aide */ - if (usbuf.usernum == 1L) { - usbuf.axlevel = 6; +#ifdef HAVE_LDAP + if ((config.c_auth_mode == AUTHMODE_LDAP) || (config.c_auth_mode == AUTHMODE_LDAP_AD)) { + if (CtdlTryUserLDAP(username, NULL, 0, username, sizeof username, &uid) != 0) { + return(ERROR + NO_SUCH_USER); + } } - - /* add user to userlog */ - putuser(&usbuf); - +#endif /* HAVE_LDAP */ + + if ((retval = internal_create_user(username, &usbuf, uid)) != 0) + return retval; + /* * Give the user a private mailbox and a configuration room. * Make the latter an invisible system room. */ MailboxName(mailboxname, sizeof mailboxname, &usbuf, MAILROOM); - create_room(mailboxname, 5, "", 0, 1, 1, VIEW_MAILBOX); + CtdlCreateRoom(mailboxname, 5, "", 0, 1, 1, VIEW_MAILBOX); MailboxName(mailboxname, sizeof mailboxname, &usbuf, USERCONFIGROOM); - create_room(mailboxname, 5, "", 0, 1, 1, VIEW_BBS); - if (lgetroom(&qrbuf, mailboxname) == 0) { - qrbuf.QRflags2 |= QR2_SYSTEM; - lputroom(&qrbuf); - } + CtdlCreateRoom(mailboxname, 5, "", 0, 1, 1, VIEW_BBS); + if (CtdlGetRoomLock(&qrbuf, mailboxname) == 0) { + qrbuf.QRflags2 |= QR2_SYSTEM; + CtdlPutRoomLock(&qrbuf); + } /* Perform any create functions registered by server extensions */ PerformUserHooks(&usbuf, EVT_NEWUSER); @@ -900,7 +1155,7 @@ int create_user(char *newusername, int become_user) /* Now become the user we just created */ memcpy(&CC->user, &usbuf, sizeof(struct ctdluser)); safestrncpy(CC->curr_user, username, sizeof CC->curr_user); - CC->logged_in = 1; + do_login(); /* Check to make sure we're still who we think we are */ if (getuser(&CC->user, CC->curr_user)) { @@ -915,13 +1170,12 @@ int create_user(char *newusername, int become_user) CC->cs_addr ); aide_message(buf, "User Creation Notice"); - lprintf(CTDL_NOTICE, "New user <%s> created\n", username); + CtdlLogPrintf(CTDL_NOTICE, "New user <%s> created\n", username); return (0); } - /* * cmd_newu() - create a new user account and log in as that user */ @@ -930,7 +1184,7 @@ void cmd_newu(char *cmdbuf) int a; char username[26]; - if (config.c_auth_mode == 1) { + if (config.c_auth_mode != AUTHMODE_NATIVE) { cprintf("%d This system does not use native mode authentication.\n", ERROR + NOT_HERE); return; @@ -955,7 +1209,7 @@ void cmd_newu(char *cmdbuf) username[25] = 0; strproc(username); - if (strlen(username) == 0) { + if (IsEmptyStr(username)) { cprintf("%d You must supply a user name.\n", ERROR + USERNAME_REQUIRED); return; } @@ -970,7 +1224,6 @@ void cmd_newu(char *cmdbuf) a = create_user(username, 1); if (a == 0) { - session_startup(); logged_in_response(); } else if (a == ERROR + ALREADY_EXISTS) { cprintf("%d '%s' already exists.\n", @@ -986,12 +1239,26 @@ void cmd_newu(char *cmdbuf) } +/* + * set password - back end api code + */ +void CtdlSetPassword(char *new_pw) +{ + lgetuser(&CC->user, CC->curr_user); + safestrncpy(CC->user.password, new_pw, sizeof(CC->user.password)); + lputuser(&CC->user); + CtdlLogPrintf(CTDL_INFO, "Password changed for user <%s>\n", CC->curr_user); + PerformSessionHooks(EVT_SETPASS); +} + /* - * set password + * set password - citadel protocol implementation */ void cmd_setp(char *new_pw) { + int generate_random_password = 0; + if (CtdlAccessCheck(ac_logged_in)) { return; } @@ -999,17 +1266,28 @@ void cmd_setp(char *new_pw) cprintf("%d Not allowed. Use the 'passwd' command.\n", ERROR + NOT_HERE); return; } - strproc(new_pw); - if (strlen(new_pw) == 0) { - cprintf("%d Password unchanged.\n", CIT_OK); + if (CC->is_master) { + cprintf("%d The master prefix password cannot be changed with this command.\n", + ERROR + NOT_HERE); return; } - lgetuser(&CC->user, CC->curr_user); - safestrncpy(CC->user.password, new_pw, sizeof(CC->user.password)); - lputuser(&CC->user); - cprintf("%d Password changed.\n", CIT_OK); - lprintf(CTDL_INFO, "Password changed for user <%s>\n", CC->curr_user); - PerformSessionHooks(EVT_SETPASS); + + if (!strcasecmp(new_pw, "GENERATE_RANDOM_PASSWORD")) { + char random_password[17]; + generate_random_password = 1; + snprintf(random_password, sizeof random_password, "%08lx%08lx", random(), random()); + CtdlSetPassword(random_password); + cprintf("%d %s\n", CIT_OK, random_password); + } + else { + strproc(new_pw); + if (IsEmptyStr(new_pw)) { + cprintf("%d Password unchanged.\n", CIT_OK); + return; + } + CtdlSetPassword(new_pw); + cprintf("%d Password changed.\n", CIT_OK); + } } @@ -1034,7 +1312,7 @@ void cmd_creu(char *cmdbuf) strproc(username); strproc(password); - if (strlen(username) == 0) { + if (IsEmptyStr(username)) { cprintf("%d You must supply a user name.\n", ERROR + USERNAME_REQUIRED); return; } @@ -1042,21 +1320,24 @@ void cmd_creu(char *cmdbuf) a = create_user(username, 0); if (a == 0) { - if (strlen(password) > 0) { + if (!IsEmptyStr(password)) { lgetuser(&tmp, username); safestrncpy(tmp.password, password, sizeof(tmp.password)); lputuser(&tmp); } cprintf("%d User '%s' created %s.\n", CIT_OK, username, - (strlen(password) > 0) ? "and password set" : + (!IsEmptyStr(password)) ? "and password set" : "with no password"); return; } else if (a == ERROR + ALREADY_EXISTS) { - cprintf("%d '%s' already exists.\n", - ERROR + ALREADY_EXISTS, username); + cprintf("%d '%s' already exists.\n", ERROR + ALREADY_EXISTS, username); + return; + } else if ( (config.c_auth_mode != AUTHMODE_NATIVE) && (a == ERROR + NO_SUCH_USER) ) { + cprintf("%d User accounts are not created within Citadel in host authentication mode.\n", + ERROR + NO_SUCH_USER); return; } else { - cprintf("%d An error occured creating the user account.\n", ERROR + INTERNAL_ERROR); + cprintf("%d An error occurred creating the user account.\n", ERROR + INTERNAL_ERROR); } } @@ -1065,7 +1346,7 @@ void cmd_creu(char *cmdbuf) /* * get user parameters */ -void cmd_getu(void) +void cmd_getu(char *cmdbuf) { if (CtdlAccessCheck(ac_logged_in)) @@ -1226,10 +1507,10 @@ void cmd_invt_kick(char *iuser, int op) { /* access granted */ } else { /* access denied */ - cprintf("%d Higher access or room ownership required.\n", - ERROR + HIGHER_ACCESS_REQUIRED); - return; - } + cprintf("%d Higher access or room ownership required.\n", + ERROR + HIGHER_ACCESS_REQUIRED); + return; + } if (!strncasecmp(CC->room.QRname, config.c_baseroom, ROOMNAMELEN)) { @@ -1250,6 +1531,8 @@ void cmd_invt_kick(char *iuser, int op) { return; } +void cmd_invt(char *iuser) {cmd_invt_kick(iuser, 1);} +void cmd_kick(char *iuser) {cmd_invt_kick(iuser, 0);} /* * Forget (Zap) the current room (API call) @@ -1274,7 +1557,7 @@ int CtdlForgetThisRoom(void) { lputuser(&CC->user); /* Return to the Lobby, so we don't end up in an undefined room */ - usergoto(config.c_baseroom, 0, 0, NULL, NULL); + CtdlUserGoto(config.c_baseroom, 0, 0, NULL, NULL); return(0); } @@ -1283,7 +1566,7 @@ int CtdlForgetThisRoom(void) { /* * forget (Zap) the current room */ -void cmd_forg(void) +void cmd_forg(char *argbuf) { if (CtdlAccessCheck(ac_logged_in)) { @@ -1301,7 +1584,7 @@ void cmd_forg(void) /* * Get Next Unregistered User */ -void cmd_gnur(void) +void cmd_gnur(char *argbuf) { struct cdbdata *cdbus; struct ctdluser usbuf; @@ -1424,16 +1707,13 @@ void ListThisUser(struct ctdluser *usbuf, void *data) if ((CC->user.axlevel >= 6) || ((usbuf->flags & US_UNLISTED) == 0) || ((CC->internal_pgm))) { - cprintf("%s|%d|%ld|%ld|%ld|%ld|", + cprintf("%s|%d|%ld|%ld|%ld|%ld||\n", usbuf->fullname, usbuf->axlevel, usbuf->usernum, (long)usbuf->lastcall, usbuf->timescalled, usbuf->posted); - if (CC->user.axlevel >= 6) - cprintf("%s", usbuf->password); - cprintf("\n"); } } } @@ -1457,7 +1737,7 @@ void cmd_list(char *cmdbuf) /* * assorted info we need to check at login */ -void cmd_chek(void) +void cmd_chek(char *argbuf) { int mail = 0; int regis = 0; @@ -1580,8 +1860,9 @@ void cmd_asup(char *cmdbuf) } if (deleted) { - sprintf(notify, "User \"%s\" has been deleted by %s.\n", - usbuf.fullname, CC->user.fullname); + snprintf(notify, SIZ, + "User \"%s\" has been deleted by %s.\n", + usbuf.fullname, CC->user.fullname); aide_message(notify, "User Deletion Message"); } @@ -1632,40 +1913,40 @@ int NewMailCount() */ int InitialMailCheck() { - int num_newmsgs = 0; - int a; - char mailboxname[ROOMNAMELEN]; - struct ctdlroom mailbox; - struct visit vbuf; - struct cdbdata *cdbfr; - long *msglist = NULL; - int num_msgs = 0; - - MailboxName(mailboxname, sizeof mailboxname, &CC->user, MAILROOM); - if (getroom(&mailbox, mailboxname) != 0) - return (0); - CtdlGetRelationship(&vbuf, &CC->user, &mailbox); - - cdbfr = cdb_fetch(CDB_MSGLISTS, &mailbox.QRnumber, sizeof(long)); - - if (cdbfr != NULL) { - msglist = malloc(cdbfr->len); - memcpy(msglist, cdbfr->ptr, cdbfr->len); - num_msgs = cdbfr->len / sizeof(long); - cdb_free(cdbfr); - } - if (num_msgs > 0) - for (a = 0; a < num_msgs; ++a) { - if (msglist[a] > 0L) { - if (msglist[a] > vbuf.v_lastseen) { - ++num_newmsgs; - } - } - } - if (msglist != NULL) - free(msglist); - - return (num_newmsgs); + int num_newmsgs = 0; + int a; + char mailboxname[ROOMNAMELEN]; + struct ctdlroom mailbox; + struct visit vbuf; + struct cdbdata *cdbfr; + long *msglist = NULL; + int num_msgs = 0; + + MailboxName(mailboxname, sizeof mailboxname, &CC->user, MAILROOM); + if (CtdlGetRoom(&mailbox, mailboxname) != 0) + return (0); + CtdlGetRelationship(&vbuf, &CC->user, &mailbox); + + cdbfr = cdb_fetch(CDB_MSGLISTS, &mailbox.QRnumber, sizeof(long)); + + if (cdbfr != NULL) { + msglist = malloc(cdbfr->len); + memcpy(msglist, cdbfr->ptr, cdbfr->len); + num_msgs = cdbfr->len / sizeof(long); + cdb_free(cdbfr); + } + if (num_msgs > 0) + for (a = 0; a < num_msgs; ++a) { + if (msglist[a] > 0L) { + if (msglist[a] > vbuf.v_lastseen) { + ++num_newmsgs; + } + } + } + if (msglist != NULL) + free(msglist); + + return (num_newmsgs); } @@ -1689,3 +1970,75 @@ void cmd_view(char *cmdbuf) { cprintf("%d ok\n", CIT_OK); } + + +/* + * Rename a user + */ +void cmd_renu(char *cmdbuf) +{ + int retcode; + char oldname[USERNAME_SIZE]; + char newname[USERNAME_SIZE]; + + if (CtdlAccessCheck(ac_aide)) { + return; + } + + extract_token(oldname, cmdbuf, 0, '|', sizeof oldname); + extract_token(newname, cmdbuf, 1, '|', sizeof newname); + + retcode = rename_user(oldname, newname); + switch(retcode) { + case RENAMEUSER_OK: + cprintf("%d '%s' has been renamed to '%s'.\n", CIT_OK, oldname, newname); + return; + case RENAMEUSER_LOGGED_IN: + cprintf("%d '%s' is currently logged in and cannot be renamed.\n", + ERROR + ALREADY_LOGGED_IN , oldname); + return; + case RENAMEUSER_NOT_FOUND: + cprintf("%d '%s' does not exist.\n", ERROR + NO_SUCH_USER, oldname); + return; + case RENAMEUSER_ALREADY_EXISTS: + cprintf("%d A user named '%s' already exists.\n", ERROR + ALREADY_EXISTS, newname); + return; + } + + cprintf("%d An unknown error occurred.\n", ERROR); +} + + + +/*****************************************************************************/ +/* MODULE INITIALIZATION STUFF */ +/*****************************************************************************/ + + +CTDL_MODULE_INIT(user_ops) +{ + CtdlRegisterProtoHook(cmd_user, "USER", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_pass, "PASS", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_creu, "CREU", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_setp, "SETP", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_getu, "GETU", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_setu, "SETU", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_slrp, "SLRP", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_invt, "INVT", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_kick, "KICK", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_forg, "FORG", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_gnur, "GNUR", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_vali, "VALI", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_list, "LIST", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_chek, "CHEK", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_qusr, "QUSR", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_agup, "AGUP", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_asup, "ASUP", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_seen, "SEEN", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_gtsn, "GTSN", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_view, "VIEW", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_renu, "RENU", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_newu, "NEWU", "Autoconverted. TODO: document me."); + /* return our Subversion id for the Log */ + return "$Id$"; +}