X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fuser_ops.c;h=a56fddcbeec0b205a9ed08a551e42edfba31548f;hb=d9f0c753cde3bdc98f536eed77308be9434b3ed5;hp=37649cc4c63f3918d5a8ebd78ae6c7e17cc97ec7;hpb=e612033104c17c8adcad19d7dc8efbafa8b33f2e;p=citadel.git

diff --git a/citadel/user_ops.c b/citadel/user_ops.c
index 37649cc4c..a56fddcbe 100644
--- a/citadel/user_ops.c
+++ b/citadel/user_ops.c
@@ -47,7 +47,8 @@
 #include "config.h"
 #include "tools.h"
 #include "citserver.h"
-
+#include "citadel_dirs.h"
+#include "genstamp.h"
 
 /*
  * makeuserkey() - convert a username into the format used as a database key
@@ -71,28 +72,15 @@ int getuser(struct ctdluser *usbuf, char name[])
 {
 
 	char usernamekey[USERNAME_SIZE];
-	char sysuser_name[USERNAME_SIZE];
 	struct cdbdata *cdbus;
-	int using_sysuser = 0;
 
 	if (usbuf != NULL) {
 		memset(usbuf, 0, sizeof(struct ctdluser));
 	}
 
-#ifdef ENABLE_AUTOLOGIN
-	if (CtdlAssociateSystemUser(sysuser_name, name) == 0) {
-		++using_sysuser;
-	}
-#endif
-
-	if (using_sysuser) {
-		makeuserkey(usernamekey, sysuser_name);
-	}
-	else {
-		makeuserkey(usernamekey, name);
-	}
-
+	makeuserkey(usernamekey, name);
 	cdbus = cdb_fetch(CDB_USERS, usernamekey, strlen(usernamekey));
+
 	if (cdbus == NULL) {	/* user not found */
 		return(1);
 	}
@@ -179,7 +167,7 @@ int GenerateRelationshipIndex(char *IndexBuf,
 void put_visit(struct visit *newvisit)
 {
 	char IndexBuf[32];
-	int IndexLen;
+	int IndexLen = 0;
 
 	/* Generate an index */
 	IndexLen = GenerateRelationshipIndex(IndexBuf,
@@ -322,24 +310,30 @@ int getuserbynumber(struct ctdluser *usbuf, long int number)
 
 
 /*
- * See if we can translate a system login name (i.e. from /etc/passwd)
- * to a Citadel screen name.  Returns 0 if one is found.
+ * getuserbyuid()  -     get user by system uid (for PAM mode authentication)
+ *                       returns 0 if user was found
+ *
+ * WARNING: don't use this function unless you absolutely have to.  It does
+ *          a sequential search and therefore is computationally expensive.
  */
-int CtdlAssociateSystemUser(char *screenname, char *loginname) {
-	struct passwd *p;
-	int a;
+int getuserbyuid(struct ctdluser *usbuf, uid_t number)
+{
+	struct cdbdata *cdbus;
 
-	p = (struct passwd *) getpwnam(loginname);
-	if (p != NULL) {
-		strcpy(screenname, p->pw_gecos);
-		for (a = 0; a < strlen(screenname); ++a) {
-			if (screenname[a] == ',') {
-				screenname[a] = 0;
-			}
+	cdb_rewind(CDB_USERS);
+
+	while (cdbus = cdb_next_item(CDB_USERS), cdbus != NULL) {
+		memset(usbuf, 0, sizeof(struct ctdluser));
+		memcpy(usbuf, cdbus->ptr,
+		       ((cdbus->len > sizeof(struct ctdluser)) ?
+			sizeof(struct ctdluser) : cdbus->len));
+		cdb_free(cdbus);
+		if (usbuf->uid == number) {
+			cdb_close_cursor(CDB_USERS);
+			return (0);
 		}
-		return(0);
 	}
-	return(1);
+	return (-1);
 }
 
 
@@ -351,47 +345,70 @@ int CtdlLoginExistingUser(char *trythisname)
 {
 	char username[SIZ];
 	int found_user;
-	struct recptypes *valid = NULL;
+
+	if ((CC->logged_in)) {
+		return login_already_logged_in;
+	}
 
 	if (trythisname == NULL) return login_not_found;
 	safestrncpy(username, trythisname, USERNAME_SIZE);
 	striplt(username);
 
-	if ((CC->logged_in)) {
-		return login_already_logged_in;
+	if (strlen(username) == 0) {
+		return login_not_found;
 	}
 
-	/* First, try to log in as if the supplied name is a display name */
-	found_user = getuser(&CC->user, username);
+	if (config.c_auth_mode == 1) {
 
-	/* If that didn't work, try to log in as if the supplied name
-	 * is an e-mail address
-	 */
-	if (found_user != 0) {
-		valid = validate_recipients(username);
-		if (valid != NULL) {
-			if (valid->num_local == 1) {
-				found_user = getuser(&CC->user,
-						valid->recp_local);
-			}
-			free(valid);
+		/* host auth mode */
+
+		struct passwd pd;
+		struct passwd *tempPwdPtr;
+		char pwdbuffer[256];
+	
+		lprintf(CTDL_DEBUG, "asking host about <%s>\n", username);
+#ifdef SOLARIS_GETPWUID
+		tempPwdPtr = getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer);
+#else
+		getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer, &tempPwdPtr);
+#endif
+		if (tempPwdPtr == NULL) {
+			return login_not_found;
 		}
+		lprintf(CTDL_DEBUG, "found it! uid=%ld, gecos=%s\n", (long)pd.pw_uid, pd.pw_gecos);
+	
+		/* Locate the associated Citadel account.
+		 * If not found, make one attempt to create it.
+		 */
+		found_user = getuserbyuid(&CC->user, pd.pw_uid);
+		if (found_user != 0) {
+			create_user(username, 0);
+			found_user = getuserbyuid(&CC->user, pd.pw_uid);
+		}
+
 	}
 
-#ifdef ENABLE_AUTOLOGIN
-	/* If we haven't found the account yet, and the supplied name
-	 * is a login name on the underlying host system, create the
-	 * account.
-	 */
-	if (found_user != 0) {
-		struct passwd *p = (struct passwd *) getpwnam(username);
+	else {
+		/* native auth mode */
 
-		if (p != NULL) {
-			create_user(username, 0);
-			found_user = getuser(&CC->user, username);
+		struct recptypes *valid = NULL;
+	
+		/* First, try to log in as if the supplied name is a display name */
+		found_user = getuser(&CC->user, username);
+	
+		/* If that didn't work, try to log in as if the supplied name
+	 	* is an e-mail address
+	 	*/
+		if (found_user != 0) {
+			valid = validate_recipients(username);
+			if (valid != NULL) {
+				if (valid->num_local == 1) {
+					found_user = getuser(&CC->user, valid->recp_local);
+				}
+				free_recipients(valid);
+			}
 		}
 	}
-#endif /* ENABLE_AUTOLOGIN */
 
 	/* Did we find something? */
 	if (found_user == 0) {
@@ -450,7 +467,7 @@ void cmd_user(char *cmdbuf)
  */
 void session_startup(void)
 {
-	int i;
+	int i = 0;
 
 	lprintf(CTDL_NOTICE, "<%s> logged in\n", CC->curr_user);
 
@@ -465,6 +482,16 @@ void session_startup(void)
 	if (!strcasecmp(CC->user.fullname, config.c_sysadm)) {
 		CC->user.axlevel = 6;
 	}
+
+	/* If we're authenticating off the host system, automatically give
+	 * root the highest level of access.
+	 */
+	if (config.c_auth_mode == 1) {
+		if (CC->user.uid == 0) {
+			CC->user.axlevel = 6;
+		}
+	}
+
 	lputuser(&CC->user);
 
 	/*
@@ -518,7 +545,6 @@ void logout(struct CitContext *who)
 	 * make that assumption.
 	 */
 	strcpy(who->fake_username, "");
-	strcpy(who->fake_postname, "");
 	strcpy(who->fake_hostname, "");
 	strcpy(who->fake_roomname, "");
 	who->logged_in = 0;
@@ -566,13 +592,13 @@ static int validpw(uid_t uid, const char *pass)
 	char buf[24];
 
 	if (pipe(pipev)) {
-		lprintf(CTDL_ERR, "pipe failed (%s): denying autologin access for "
+		lprintf(CTDL_ERR, "pipe failed (%s): denying host auth access for "
 			"uid %ld\n", strerror(errno), (long)uid);
 		return 0;
 	}
 	switch (pid = fork()) {
 	case -1:
-		lprintf(CTDL_ERR, "fork failed (%s): denying autologin access for "
+		lprintf(CTDL_ERR, "fork failed (%s): denying host auth access for "
 			"uid %ld\n", strerror(errno), (long)uid);
 		close(pipev[0]);
 		close(pipev[1]);
@@ -586,8 +612,8 @@ static int validpw(uid_t uid, const char *pass)
 		}
 		close(pipev[0]);
 
-		execl(CTDLDIR "/chkpwd", CTDLDIR "/chkpwd", NULL);
-		perror(CTDLDIR "/chkpwd");
+		execl(file_chkpwd, file_chkpwd, NULL);
+		perror(file_chkpwd);
 		exit(1);
 	}
 
@@ -600,7 +626,7 @@ static int validpw(uid_t uid, const char *pass)
 
 	while (waitpid(pid, &status, 0) == -1)
 		if (errno != EINTR) {
-			lprintf(CTDL_ERR, "waitpid failed (%s): denying autologin "
+			lprintf(CTDL_ERR, "waitpid failed (%s): denying host auth "
 				"access for uid %ld\n",
 				strerror(errno), (long)uid);
 			return 0;
@@ -641,33 +667,46 @@ int CtdlTryPassword(char *password)
 	}
 	code = (-1);
 
+	if (config.c_auth_mode == 1) {
+
+		/* host auth mode */
 
-#ifdef ENABLE_AUTOLOGIN
-	/* A uid of CTDLUID or -1 indicates that this user exists only in
-	 * Citadel, not in the underlying operating system.
-	 */
-	if ( (CC->user.uid == CTDLUID) || (CC->user.uid == (-1)) ) {
-		strproc(password);
-		strproc(CC->user.password);
-		code = strcasecmp(CC->user.password, password);
-	}
-	/* Any other uid means we have to check the system password database */
-	else {
 		if (validpw(CC->user.uid, password)) {
 			code = 0;
+
+			/*
+			 * sooper-seekrit hack: populate the password field in the
+			 * citadel database with the password that the user typed,
+			 * if it's correct.  This allows most sites to convert from
+			 * host auth to native auth if they want to.  If you think
+			 * this is a security hazard, comment it out.
+			 */
+
 			lgetuser(&CC->user, CC->curr_user);
-			safestrncpy(CC->user.password, password,
-				    sizeof CC->user.password);
+			safestrncpy(CC->user.password, password, sizeof CC->user.password);
 			lputuser(&CC->user);
+
+			/*
+			 * (sooper-seekrit hack ends here)
+			 */
+
+		}
+		else {
+			code = (-1);
 		}
 	}
 
-#else /* ENABLE_AUTOLOGIN */
-	strproc(password);
-	strproc(CC->user.password);
-	code = strcasecmp(CC->user.password, password);
+	else {
 
-#endif /* ENABLE_AUTOLOGIN */
+		/* native auth mode */
+
+		strproc(password);
+		strproc(CC->user.password);
+		code = strcasecmp(CC->user.password, password);
+		strproc(password);
+		strproc(CC->user.password);
+		code = strcasecmp(CC->user.password, password);
+	}
 
 	if (!code) {
 		do_login();
@@ -785,25 +824,33 @@ int create_user(char *newusername, int become_user)
 	struct ctdlroom qrbuf;
 	char username[256];
 	char mailboxname[ROOMNAMELEN];
-	uid_t uid;
+	char buf[SIZ];
+	uid_t uid = (-1);
 
 	safestrncpy(username, newusername, sizeof username);
 	strproc(username);
 
-#ifdef ENABLE_AUTOLOGIN
-	{
-		struct passwd *p = (struct passwd *) getpwnam(username);
+	if (config.c_auth_mode == 1) {
 
-		if (p != NULL) {
-			extract_token(username, p->pw_gecos, 0, ',', sizeof username);
-			uid = p->pw_uid;
-		} else {
-			uid = (-1);
-		}
-	}
+		/* host auth mode */
+
+		struct passwd pd;
+		struct passwd *tempPwdPtr;
+		char pwdbuffer[256];
+	
+#ifdef SOLARIS_GETPWUID
+		tempPwdPtr = getpwnam_r(username, &pd, pwdbuffer, sizeof(pwdbuffer));
 #else
-	uid = (-1);
+		getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer, &tempPwdPtr);
 #endif
+		if (tempPwdPtr != NULL) {
+			extract_token(username, pd.pw_gecos, 0, ',', sizeof username);
+			uid = pd.pw_uid;
+		}
+		else {
+			return (ERROR + NO_SUCH_USER);
+		}
+	}
 
 	if (!getuser(&usbuf, username)) {
 		return (ERROR + ALREADY_EXISTS);
@@ -868,7 +915,14 @@ int create_user(char *newusername, int become_user)
 			return (ERROR + INTERNAL_ERROR);
 		}
 	}
-
+	
+	snprintf(buf, SIZ, 
+		"New user account <%s> has been created, from host %s [%s].\n",
+		username,
+		CC->cs_host,
+		CC->cs_addr
+	);
+	aide_message(buf, "User Creation Notice");
 	lprintf(CTDL_NOTICE, "New user <%s> created\n", username);
 	return (0);
 }
@@ -884,6 +938,12 @@ void cmd_newu(char *cmdbuf)
 	int a;
 	char username[26];
 
+	if (config.c_auth_mode == 1) {
+		cprintf("%d This system does not use native mode authentication.\n",
+			ERROR + NOT_HERE);
+		return;
+	}
+
 	if (config.c_disable_newu) {
 		cprintf("%d Self-service user account creation "
 			"is disabled on this system.\n", ERROR + NOT_HERE);
@@ -1154,7 +1214,7 @@ int CtdlInvtKick(char *iuser, int op) {
 		((op == 1) ? "invited to" : "kicked out of"),
 		CC->room.QRname,
 		CC->user.fullname);
-	aide_message(bbb);
+	aide_message(bbb,"User Admin Message");
 
 	return(0);
 }
@@ -1530,7 +1590,7 @@ void cmd_asup(char *cmdbuf)
 	if (deleted) {
 		sprintf(notify, "User \"%s\" has been deleted by %s.\n",
 			usbuf.fullname, CC->user.fullname);
-		aide_message(notify);
+		aide_message(notify, "User Deletion Message");
 	}
 
 	cprintf("%d Ok", CIT_OK);