X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=webcit%2Fauth.c;h=80f7ddbb0a8e63d3920d8e1b72625e79804d15ad;hb=85b8087bf603edb5320f0bc9da18ed2294204ca2;hp=94bc438cbdc3130c17293999fee37fb904b4fa53;hpb=5fbe6be7535361f2797b415fd0e32df4918097ec;p=citadel.git diff --git a/webcit/auth.c b/webcit/auth.c index 94bc438cb..80f7ddbb0 100644 --- a/webcit/auth.c +++ b/webcit/auth.c @@ -1,13 +1,31 @@ /* - * $Id$ - * * WebcitAuth; Handles authentication of users to a Citadel server. + * + * Copyright (c) 1996-2010 by the citadel.org team + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include "webcit.h" #include "webserver.h" #include +extern uint32_t hashlittle( const void *key, size_t length, uint32_t initval); + +void display_reg(int during_login); + /* * Access level definitions. This is initialized from a function rather than a * static array so that the strings may be localized. @@ -15,15 +33,28 @@ char *axdefs[7]; void initialize_axdefs(void) { - axdefs[0] = _("Deleted"); /* an erased user */ - axdefs[1] = _("New User"); /* a new user */ - axdefs[2] = _("Problem User"); /* a trouble maker */ - axdefs[3] = _("Local User"); /* user with normal privileges */ - axdefs[4] = _("Network User"); /* a user that may access network resources */ - axdefs[5] = _("Preferred User");/* a moderator */ - axdefs[6] = _("Aide"); /* chief */ -} + /* an erased user */ + axdefs[0] = _("Deleted"); + + /* a new user */ + axdefs[1] = _("New User"); + + /* a trouble maker */ + axdefs[2] = _("Problem User"); + + /* user with normal privileges */ + axdefs[3] = _("Local User"); + + /* a user that may access network resources */ + axdefs[4] = _("Network User"); + + /* a moderator */ + axdefs[5] = _("Preferred User"); + + /* chief */ + axdefs[6] = _("Aide"); +} @@ -31,72 +62,12 @@ void initialize_axdefs(void) { * Display the login screen * mesg = the error message if last attempt failed. */ -void display_login(char *mesg) +void display_login(void) { - char buf[SIZ]; - - output_headers(1, 1, 2, 0, 0, 0); - wprintf("
\n"); - - if (mesg != NULL) if (!IsEmptyStr(mesg)) { - stresc(buf, SIZ, mesg, 0, 0); - svprintf(HKEY("MESG"), WCS_STRING, "%s", buf); - } - - svprintf(HKEY("LOGIN_INSTRUCTIONS"), WCS_STRING, - _(""), - serv_info.serv_humannode - ); - - svput("USERNAME_BOX", WCS_STRING, _("User name:")); - svput("PASSWORD_BOX", WCS_STRING, _("Password:")); - svput("LANGUAGE_BOX", WCS_STRING, _("Language:")); - svput("LOGIN_BUTTON", WCS_STRING, _("Login")); - svput("NEWUSER_BUTTON", WCS_STRING, _("New User")); - svput("EXIT_BUTTON", WCS_STRING, _("Exit")); - svput("HELLO", WCS_SERVCMD, "MESG hello"); - svprintf(HKEY("BOXTITLE"), WCS_STRING, _("%s - powered by Citadel"), - serv_info.serv_humannode); - svcallback("DO_LANGUAGE_BOX", offer_languages); - if (serv_info.serv_newuser_disabled) { - svput("NEWUSER_BUTTON_PRE", WCS_STRING, "
"); - svput("NEWUSER_BUTTON_POST", WCS_STRING, "
"); - } - else { - svput("NEWUSER_BUTTON_PRE", WCS_STRING, ""); - svput("NEWUSER_BUTTON_POST", WCS_STRING, ""); - } - - if (serv_info.serv_supports_openid) { - svprintf(HKEY("OFFER_OPENID_LOGIN"), WCS_STRING, - "
" - "" - "" - "%s" - "
" - , - "Log in using OpenID" - ); - } - else { - svput("OFFER_OPENID_LOGIN", WCS_STRING, ""); - } - - do_template("login"); - - wDumpContent(2); + begin_burst(); + output_headers(1, 0, 0, 0, 1, 0); + do_template("login", NULL); + end_burst(); } @@ -108,87 +79,13 @@ void display_login(char *mesg) */ void display_openid_login(char *mesg) { - char buf[SIZ]; - - output_headers(1, 1, 2, 0, 0, 0); - wprintf("
\n"); - - if (mesg != NULL) if (!IsEmptyStr(mesg)) { - stresc(buf, SIZ, mesg, 0, 0); - svprintf(HKEY("MESG"), WCS_STRING, "%s", buf); - } - - svprintf(HKEY("LOGIN_INSTRUCTIONS"), WCS_STRING, - _("
    " - "
  • Enter your OpenID URL and click "Login"." - "
  • " - "Click here to learn what OpenID is and how Citadel is using it." - "
  • Please log off properly when finished. " - "
  • You must use a browser that supports frames and " - "cookies. " - "
  • Also keep in mind that if your browser is " - "configured to block pop-up windows, you will not be able " - "to receive any instant messages.
    " - "
") - ); - - svput("OPENID_BOX", WCS_STRING, _("OpenID URL:")); - svput("LANGUAGE_BOX", WCS_STRING, _("Language:")); - svput("LOGIN_BUTTON", WCS_STRING, _("Login")); - svput("EXIT_BUTTON", WCS_STRING, _("Exit")); - svput("HELLO", WCS_SERVCMD, "MESG hello"); - svprintf(HKEY("BOXTITLE"), WCS_STRING, _("%s - powered by Citadel"), - serv_info.serv_humannode); - svcallback("DO_LANGUAGE_BOX", offer_languages); - - svprintf(HKEY("OFFER_CONVENTIONAL_LOGIN"), WCS_STRING, - "
" - "" - "%s" - "
" - , - "Log in using a user name and password" - ); - - do_template("openid_login"); - wDumpContent(2); + begin_burst(); + output_headers(1, 0, 0, 0, 1, 0); + do_template("openid_login", NULL); + end_burst(); } -void display_openid_name_request(char *claimed_id, char *username) { - char buf[SIZ]; - - output_headers(1, 1, 2, 0, 0, 0); - wprintf("
\n"); - - stresc(buf, sizeof buf, claimed_id, 0, 0); - svprintf(HKEY("VERIFIED"), WCS_STRING, _("Your OpenID %s was successfully verified."), - claimed_id); - svput("CLAIMED_ID", WCS_STRING, claimed_id); - - - if (!IsEmptyStr(username)) { - stresc(buf, sizeof buf, username, 0, 0); - svprintf(HKEY("REASON"), WCS_STRING, - _("However, the user name '%s' conflicts with an existing user."), username); - } - else { - svput("REASON", WCS_STRING, ""); - } - - svput("ACTION_REQUESTED", WCS_STRING, _("Please specify the user name you would like to use.")); - - svput("USERNAME_BOX", WCS_STRING, _("User name:")); - svput("NEWUSER_BUTTON", WCS_STRING, _("New User")); - svput("EXIT_BUTTON", WCS_STRING, _("Exit")); - - svprintf(HKEY("BOXTITLE"), WCS_STRING, _("%s - powered by Citadel"), - serv_info.serv_humannode); - - do_template("openid_manual_create"); - wDumpContent(2); -} - /* Initialize the session @@ -203,34 +100,57 @@ void display_openid_name_request(char *claimed_id, char *username) { * pass his password * serv_response The parameters returned from a Citadel USER or NEWU command */ -void become_logged_in(char *user, char *pass, char *serv_response) +void become_logged_in(const StrBuf *user, const StrBuf *pass, StrBuf *serv_response) { - char buf[SIZ]; + wcsession *WCC = WC; + StrBuf *Buf; + StrBuf *FloorDiv; + + WCC->logged_in = 1; - WC->logged_in = 1; - extract_token(WC->wc_fullname, &serv_response[4], 0, '|', sizeof WC->wc_fullname); - safestrncpy(WC->wc_username, user, sizeof WC->wc_username); - safestrncpy(WC->wc_password, pass, sizeof WC->wc_password); - WC->axlevel = extract_int(&serv_response[4], 1); - if (WC->axlevel >= 6) { - WC->is_aide = 1; + if (WCC->wc_fullname == NULL) + WCC->wc_fullname = NewStrBufPlain(NULL, StrLength(serv_response)); + StrBufExtract_token(WCC->wc_fullname, serv_response, 0, '|'); + StrBufCutLeft(WCC->wc_fullname, 4 ); + + if (WCC->wc_username == NULL) + WCC->wc_username = NewStrBufDup(user); + else { + FlushStrBuf(WCC->wc_username); + StrBufAppendBuf(WCC->wc_username, user, 0); } - load_preferences(); + if (WCC->wc_password == NULL) + WCC->wc_password = NewStrBufDup(pass); + else { + FlushStrBuf(WCC->wc_password); + StrBufAppendBuf(WCC->wc_password, pass, 0); + } - serv_puts("CHEK"); - serv_getln(buf, sizeof buf); - if (buf[0] == '2') { - WC->new_mail = extract_int(&buf[4], 0); - WC->need_regi = extract_int(&buf[4], 1); - WC->need_vali = extract_int(&buf[4], 2); - extract_token(WC->cs_inet_email, &buf[4], 3, '|', sizeof WC->cs_inet_email); + WCC->axlevel = StrBufExtract_int(serv_response, 1, '|'); + if (WCC->axlevel >= 6) { /* TODO: make this a define, else it might trick us later */ + WCC->is_aide = 1; } - get_preference("current_iconbar", buf, sizeof buf); - WC->current_iconbar = atoi(buf); + load_preferences(); - get_preference("floordiv_expanded", WC->floordiv_expanded, sizeof WC->floordiv_expanded); + Buf = NewStrBuf(); + serv_puts("CHEK"); + StrBuf_ServGetln(Buf); + if (GetServerStatus(Buf, NULL) == 2) { + const char *pch; + + pch = ChrPtr(Buf) + 4; + /*WCC->new_mail =*/ StrBufExtractNext_long(Buf, &pch, '|'); + WCC->need_regi = StrBufExtractNext_long(Buf, &pch, '|'); + WCC->need_vali = StrBufExtractNext_long(Buf, &pch, '|'); + if (WCC->cs_inet_email == NULL) + WCC->cs_inet_email = NewStrBuf(); + StrBufExtract_NextToken(WCC->cs_inet_email, Buf, &pch, '|'); + } + get_preference("floordiv_expanded", &FloorDiv); + WCC->floordiv_expanded = FloorDiv; + FreeStrBuf(&Buf); } @@ -239,7 +159,9 @@ void become_logged_in(char *user, char *pass, char *serv_response) */ void do_login(void) { - char buf[SIZ]; + wcsession *WCC = WC; + StrBuf *Buf; + long ret, rc; if (havebstr("language")) { set_selected_language(bstr("language")); @@ -250,51 +172,74 @@ void do_login(void) do_logout(); return; } + Buf = NewStrBuf(); if (havebstr("login_action")) { serv_printf("USER %s", bstr("name")); - serv_getln(buf, sizeof buf); - if (buf[0] == '3') { + StrBuf_ServGetln(Buf); + rc = GetServerStatus(Buf, &ret); + StrBufCutLeft(Buf, 4); + switch (rc) { + case 3: serv_printf("PASS %s", bstr("pass")); - serv_getln(buf, sizeof buf); - if (buf[0] == '2') { - become_logged_in(bstr("name"), bstr("pass"), buf); + StrBuf_ServGetln(Buf); + if (GetServerStatus(Buf, NULL) == 2) { + become_logged_in(sbstr("name"), sbstr("pass"), Buf); } else { - display_login(&buf[4]); + StrBufCutLeft(Buf, 4); + AppendImportantMessage(SKEY(Buf)); + display_login(); + FreeStrBuf(&Buf); return; } - } else { - display_login(&buf[4]); + break; + case 5: + if (ret == 541) + { + AppendImportantMessage(SKEY(Buf)); + display_main_menu(); + return; + } + default: + AppendImportantMessage(SKEY(Buf)); + display_login(); + FreeStrBuf(&Buf); return; } } if (havebstr("newuser_action")) { if (!havebstr("pass")) { - display_login(_("Blank passwords are not allowed.")); + AppendImportantMessage(_("Blank passwords are not allowed."), -1); + display_login(); + FreeStrBuf(&Buf); return; } serv_printf("NEWU %s", bstr("name")); - serv_getln(buf, sizeof buf); - if (buf[0] == '2') { - become_logged_in(bstr("name"), bstr("pass"), buf); + StrBuf_ServGetln(Buf); + if (GetServerStatus(Buf, NULL) == 2) { + become_logged_in(sbstr("name"), sbstr("pass"), Buf); serv_printf("SETP %s", bstr("pass")); - serv_getln(buf, sizeof buf); + StrBuf_ServGetln(Buf); /* Don't care? */ } else { - display_login(&buf[4]); + StrBufCutLeft(Buf, 4); + AppendImportantMessage(SKEY(Buf)); + display_login(); + FreeStrBuf(&Buf); return; } } - if (WC->logged_in) { - if (WC->need_regi) { + if (WCC->logged_in) { + if (WCC->need_regi) { display_reg(1); - } else if (WC->need_vali) { + } else if (WCC->need_vali) { validate(); } else { do_welcome(); } } else { - display_login(_("Your password was not accepted.")); + AppendImportantMessage(_("Your password was not accepted."), -1); + display_login(); } - + FreeStrBuf(&Buf); } /* @@ -302,21 +247,28 @@ void do_login(void) */ void openid_manual_create(void) { + StrBuf *Buf; + if (havebstr("exit_action")) { do_logout(); return; } - char buf[1024]; if (havebstr("newuser_action")) { + Buf = NewStrBuf(); serv_printf("OIDC %s", bstr("name")); - serv_getln(buf, sizeof buf); - if (buf[0] == '2') { - char gpass[1024] = ""; + StrBuf_ServGetln(Buf); + if (GetServerStatus(Buf, NULL) == 2) { + StrBuf *gpass; + + gpass = NewStrBuf(); serv_puts("SETP GENERATE_RANDOM_PASSWORD"); - serv_getln(gpass, sizeof gpass); - become_logged_in(bstr("name"), &gpass[4], buf); + StrBuf_ServGetln(gpass); + StrBufCutLeft(gpass, 4); + become_logged_in(sbstr("name"), gpass, Buf); + FreeStrBuf(&gpass); } + FreeStrBuf(&Buf); } if (WC->logged_in) { @@ -328,7 +280,15 @@ void openid_manual_create(void) do_welcome(); } } else { - display_openid_name_request(bstr("openid_url"), bstr("name")); + const StrBuf *Buf; + + putbstr("__claimed_id", NewStrBufDup(sbstr("openid_url"))); + Buf = sbstr("name"); + if (StrLength(Buf) > 0) + putbstr("__username", NewStrBufDup(Buf)); + begin_burst(); + do_template("openid_manual_create", NULL); + end_burst(); } } @@ -353,10 +313,10 @@ void do_openid_login(void) } if (havebstr("login_action")) { snprintf(buf, sizeof buf, - "OIDS %s|%s://%s/finalize_openid_login|%s://%s", + "OIDS %s|%s/finalize_openid_login|%s", bstr("openid_url"), - (is_https ? "https" : "http"), WC->http_host, - (is_https ? "https" : "http"), WC->http_host + ChrPtr(site_prefix), + ChrPtr(site_prefix) ); serv_puts(buf); @@ -382,78 +342,83 @@ void do_openid_login(void) */ void finalize_openid_login(void) { - char buf[1024]; - struct wcsession *WCC = WC; + StrBuf *Buf; + wcsession *WCC = WC; int already_logged_in = (WCC->logged_in) ; int linecount = 0; - char result[128] = ""; - char username[128] = ""; - char password[128] = ""; - char logged_in_response[1024] = ""; - char claimed_id[1024] = ""; + StrBuf *result = NULL; + StrBuf *username = NULL; + StrBuf *password = NULL; + StrBuf *logged_in_response = NULL; + StrBuf *claimed_id = NULL; if (havebstr("openid.mode")) { if (!strcasecmp(bstr("openid.mode"), "id_res")) { - + Buf = NewStrBuf(); serv_puts("OIDF"); - serv_getln(buf, sizeof buf); - - if (buf[0] == '8') { + StrBuf_ServGetln(Buf); + if (GetServerStatus(Buf, NULL) == 8) { urlcontent *u; void *U; long HKLen; - char *HKey; + const char *HKey; HashPos *Cursor; - Cursor = GetNewHashPos (); - while (GetNextHashPos(WCC->urlstrings, Cursor, &HKLen, &HKey, &U)) { + Cursor = GetNewHashPos (WCC->Hdr->urlstrings, 0); + while (GetNextHashPos(WCC->Hdr->urlstrings, Cursor, &HKLen, &HKey, &U)) { u = (urlcontent*) U; if (!strncasecmp(u->url_key, "openid.", 7)) { - serv_printf("%s|%s", &u->url_key[7], u->url_data); + serv_printf("%s|%s", &u->url_key[7], ChrPtr(u->url_data)); } } serv_puts("000"); linecount = 0; - while (serv_getln(buf, sizeof buf), strcmp(buf, "000")) { - if (linecount == 0) safestrncpy(result, buf, sizeof result); - if (!strcasecmp(result, "authenticate")) { + while (StrBuf_ServGetln(Buf), strcmp(ChrPtr(Buf), "000")) + { + if (linecount == 0) result = NewStrBufDup(Buf); + if (!strcasecmp(ChrPtr(result), "authenticate")) { if (linecount == 1) { - safestrncpy(username, buf, sizeof username); + username = NewStrBufDup(Buf); } else if (linecount == 2) { - safestrncpy(password, buf, sizeof password); + password = NewStrBufDup(Buf); } else if (linecount == 3) { - safestrncpy(logged_in_response, buf, - sizeof logged_in_response); + logged_in_response = NewStrBufDup(Buf); } } - else if (!strcasecmp(result, "verify_only")) { + else if (!strcasecmp(ChrPtr(result), "verify_only")) { if (linecount == 1) { - safestrncpy(claimed_id, buf, sizeof claimed_id); + claimed_id = NewStrBufDup(Buf); } if (linecount == 2) { - safestrncpy(username, buf, sizeof username); + username = NewStrBufDup(Buf); } } ++linecount; } } + FreeStrBuf(&Buf); } } /* If we were already logged in, this was an attempt to associate an OpenID account */ if (already_logged_in) { display_openids(); + FreeStrBuf(&result); + FreeStrBuf(&username); + FreeStrBuf(&password); + FreeStrBuf(&claimed_id); + FreeStrBuf(&logged_in_response); return; } /* If this operation logged us in, either by connecting with an existing account or by * auto-creating one using Simple Registration Extension, we're already on our way. */ - if (!strcasecmp(result, "authenticate")) { + if (!strcasecmp(ChrPtr(result), "authenticate")) { become_logged_in(username, password, logged_in_response); } @@ -461,12 +426,20 @@ void finalize_openid_login(void) * or conflicts with an existing user. Either way the user will need to specify a new name. */ - else if (!strcasecmp(result, "verify_only")) { - display_openid_name_request(claimed_id, username); + else if (!strcasecmp(ChrPtr(result), "verify_only")) { + putbstr("__claimed_id", claimed_id); + claimed_id = NULL; + if (StrLength(username) > 0) { + putbstr("__username", username); + username = NULL; + } + begin_burst(); + do_template("openid_manual_create", NULL); + end_burst(); } /* Did we manage to log in? If so, continue with the normal flow... */ - if (WC->logged_in) { + else if (WC->logged_in) { if (WC->need_regi) { display_reg(1); } else { @@ -476,6 +449,11 @@ void finalize_openid_login(void) display_openid_login(_("Your password was not accepted.")); } + FreeStrBuf(&result); + FreeStrBuf(&username); + FreeStrBuf(&password); + FreeStrBuf(&claimed_id); + FreeStrBuf(&logged_in_response); } @@ -487,7 +465,7 @@ void finalize_openid_login(void) */ void do_welcome(void) { - char buf[SIZ]; + StrBuf *Buf; #ifdef XXX_NOT_FINISHED_YET_XXX FILE *fp; int i; @@ -529,15 +507,19 @@ void do_welcome(void) /* * Go to the user's preferred start page */ - get_preference("startpage", buf, sizeof buf); - if (IsEmptyStr(buf)) { - safestrncpy(buf, "dotskip&room=_BASEROOM_", sizeof buf); - set_preference("startpage", buf, 1); + if (!get_preference("startpage", &Buf)) { + Buf = NewStrBuf (); + StrBufPrintf(Buf, "dotskip?room=_BASEROOM_"); + set_preference("startpage", Buf, 1); + } + if (ChrPtr(Buf)[0] == '/') { + StrBufCutLeft(Buf, 1); } - if (buf[0] == '/') { - strcpy(buf, &buf[1]); + if (StrLength(Buf) == 0) { + StrBufAppendBufPlain(Buf, "dotgoto?room=_BASEROOM_", -1, 0); } - http_redirect(buf); + lprintf(9, "Redirecting to user's start page: %s\n", ChrPtr(Buf)); + http_redirect(ChrPtr(Buf)); } @@ -545,14 +527,7 @@ void do_welcome(void) * Disconnect from the Citadel server, and end this WebCit session */ void end_webcit_session(void) { - char buf[256]; - - if (WC->logged_in) { - sprintf(buf, "%d", WC->current_iconbar); - set_preference("current_iconbar", buf, 0); - set_preference("floordiv_expanded", WC->floordiv_expanded, 1); - } - + serv_puts("QUIT"); WC->killthis = 1; /* close() of citadel socket will be done by do_housekeeping() */ @@ -563,48 +538,61 @@ void end_webcit_session(void) { */ void do_logout(void) { + wcsession *WCC = WC; char buf[SIZ]; - safestrncpy(WC->wc_username, "", sizeof WC->wc_username); - safestrncpy(WC->wc_password, "", sizeof WC->wc_password); - safestrncpy(WC->wc_roomname, "", sizeof WC->wc_roomname); - safestrncpy(WC->wc_fullname, "", sizeof WC->wc_fullname); + FlushStrBuf(WCC->wc_username); + FlushStrBuf(WCC->wc_password); + FlushStrBuf(WCC->CurRoom.name); + FlushStrBuf(WCC->wc_fullname); + + /* FIXME: this is to suppress the iconbar displaying, because we aren't + actually logged out yet */ + WCC->logged_in = 0; /** Calling output_headers() this way causes the cookies to be un-set */ output_headers(1, 1, 0, 1, 0, 0); - wprintf("
"); - wprintf("
"); - wprintf("
"); - wprintf(_("Log off")); - wprintf("
"); + wc_printf("
"); + wc_printf("
"); + wc_printf("
"); + wc_printf(_("Log off")); + wc_printf("
"); serv_puts("MESG goodbye"); serv_getln(buf, sizeof buf); - if (WC->serv_sock >= 0) { + if (WCC->serv_sock >= 0) { if (buf[0] == '1') { - fmout("CENTER"); + fmout("'CENTER'"); } else { - wprintf("Goodbye\n"); + wc_printf("Goodbye\n"); } } else { - wprintf(_("This program was unable to connect or stay " + wc_printf(_("This program was unable to connect or stay " "connected to the Citadel server. Please report " "this problem to your system administrator.") ); - wprintf("%s", + wc_printf("%s", _("Read More...")); } - wprintf("
" + wc_printf("
" ""); - wprintf(_("Log in again")); - wprintf("   " + wc_printf(_("Log in again")); + wc_printf(""); + + /* The "close window" link is commented out because some browsers don't + * allow it to work. + * + wc_printf("   " ""); - wprintf(_("Close window")); - wprintf("
\n"); + wc_printf(_("Close window")); + wc_printf(""); + */ + + wc_printf("
\n"); wDumpContent(2); end_webcit_session(); } @@ -621,13 +609,13 @@ void validate(void) int a; output_headers(1, 1, 2, 0, 0, 0); - wprintf("
\n"); - wprintf("

"); - wprintf(_("Validate new users")); - wprintf("

"); - wprintf("
\n"); + wc_printf("
\n"); + wc_printf("

"); + wc_printf(_("Validate new users")); + wc_printf("

"); + wc_printf("
\n"); - wprintf("
\n"); + wc_printf("
\n"); /* If the user just submitted a validation, process it... */ safestrncpy(buf, bstr("user"), sizeof buf); @@ -636,7 +624,7 @@ void validate(void) serv_printf("VALI %s|%s", buf, bstr("axlevel")); serv_getln(buf, sizeof buf); if (buf[0] != '2') { - wprintf("%s
\n", &buf[4]); + wc_printf("%s
\n", &buf[4]); } } } @@ -645,21 +633,20 @@ void validate(void) serv_puts("GNUR"); serv_getln(buf, sizeof buf); if (buf[0] == '2') { - wprintf(""); - wprintf(_("No users require validation at this time.")); - wprintf("
\n"); + wc_printf(""); + wc_printf(_("No users require validation at this time.")); + wc_printf("
\n"); wDumpContent(1); return; } if (buf[0] != '3') { - wprintf("%s
\n", &buf[4]); + wc_printf("%s
\n", &buf[4]); wDumpContent(1); return; } - wprintf("
" - "
\n"); - wprintf("
"); + wc_printf("
\n"); + wc_printf("
"); safestrncpy(user, &buf[4], sizeof user); serv_printf("GREG %s", user); @@ -670,7 +657,7 @@ void validate(void) serv_getln(buf, sizeof buf); ++a; if (a == 1) - wprintf("#%s

%s

", + wc_printf("#%s

%s

", buf, &cmd[4]); if (a == 2) { char *pch; @@ -707,41 +694,41 @@ void validate(void) pch = _("strong"); } - wprintf("PW: %s
\n", pch); + wc_printf("PW: %s
\n", pch); } if (a == 3) - wprintf("%s
\n", buf); + wc_printf("%s
\n", buf); if (a == 4) - wprintf("%s
\n", buf); + wc_printf("%s
\n", buf); if (a == 5) - wprintf("%s, ", buf); + wc_printf("%s, ", buf); if (a == 6) - wprintf("%s ", buf); + wc_printf("%s ", buf); if (a == 7) - wprintf("%s
\n", buf); + wc_printf("%s
\n", buf); if (a == 8) - wprintf("%s
\n", buf); + wc_printf("%s
\n", buf); if (a == 9) - wprintf(_("Current access level: %d (%s)\n"), + wc_printf(_("Current access level: %d (%s)\n"), atoi(buf), axdefs[atoi(buf)]); } while (strcmp(buf, "000")); } else { - wprintf("

%s

%s
\n", user, &cmd[4]); + wc_printf("

%s

%s
\n", user, &cmd[4]); } - wprintf("
"); - wprintf(_("Select access level for this user:")); - wprintf("
\n"); + wc_printf("
"); + wc_printf(_("Select access level for this user:")); + wc_printf("
\n"); for (a = 0; a <= 6; ++a) { - wprintf("nonce); + wc_printf("nonce); urlescputs(user); - wprintf("&axlevel=%d\">%s   \n", + wc_printf("&axlevel=%d\">%s   \n", a, axdefs[a]); } - wprintf("
\n"); + wc_printf("
\n"); - wprintf("\n"); - wprintf("
\n"); + wc_printf("\n"); + wc_printf("
\n"); wDumpContent(1); } @@ -755,28 +742,53 @@ void validate(void) */ void display_reg(int during_login) { + folder Room; + StrBuf *Buf; + message_summary *VCMsg = NULL; + wc_mime_attachment *VCAtt = NULL; long vcard_msgnum; - if (goto_config_room() != 0) { - if (during_login) do_welcome(); - else display_main_menu(); + Buf = NewStrBuf(); + memset(&Room, 0, sizeof(folder)); + if (goto_config_room(Buf, &Room) != 0) { + lprintf(9, "display_reg() exiting because goto_config_room() failed\n"); + if (during_login) { + do_welcome(); + } + else { + display_main_menu(); + } + FreeStrBuf(&Buf); + FlushFolder(&Room); return; } + FlushFolder(&Room); - vcard_msgnum = locate_user_vcard(WC->wc_fullname, -1); + FreeStrBuf(&Buf); + vcard_msgnum = locate_user_vcard_in_this_room(&VCMsg, &VCAtt); if (vcard_msgnum < 0L) { - if (during_login) do_welcome(); - else display_main_menu(); + lprintf(9, "display_reg() exiting because locate_user_vcard_in_this_room() failed\n"); + if (during_login) { + do_welcome(); + } + else { + display_main_menu(); + } return; } if (during_login) { - do_edit_vcard(vcard_msgnum, "1", "do_welcome", USERCONFIGROOM); + do_edit_vcard(vcard_msgnum, "1", VCMsg, VCAtt, "do_welcome", USERCONFIGROOM); } else { - do_edit_vcard(vcard_msgnum, "1", "display_main_menu", USERCONFIGROOM); + StrBuf *ReturnTo; + ReturnTo = NewStrBufPlain(HKEY("display_main_menu?gotofirst=")); + StrBufAppendBuf(ReturnTo, WC->CurRoom.name, 0); + do_edit_vcard(vcard_msgnum, "1", VCMsg, VCAtt, ChrPtr(ReturnTo), USERCONFIGROOM); + FreeStrBuf(&ReturnTo); } + /* FIXME - don't we have to free VCMsg and VCAtt ?? */ } @@ -787,15 +799,21 @@ void display_reg(int during_login) */ void display_changepw(void) { + WCTemplputParams SubTP; char buf[SIZ]; - + StrBuf *Buf; output_headers(1, 1, 1, 0, 0, 0); - svput("BOXTITLE", WCS_STRING, _("Change your password")); - do_template("beginbox"); + Buf = NewStrBufPlain(_("Change your password"), -1); + memset(&SubTP, 0, sizeof(WCTemplputParams)); + SubTP.Filter.ContextType = CTX_STRBUF; + SubTP.Context = Buf; + DoTemplate(HKEY("beginbox"), NULL, &SubTP); + + FreeStrBuf(&Buf); if (!IsEmptyStr(WC->ImportantMessage)) { - wprintf("" + wc_printf("" "%s
\n", WC->ImportantMessage); safestrncpy(WC->ImportantMessage, "", sizeof WC->ImportantMessage); } @@ -806,27 +824,27 @@ void display_changepw(void) fmout("CENTER"); } - wprintf("
\n"); - wprintf("\n", WC->nonce); - wprintf("\n"); - wprintf("\n"); - wprintf("
"); - wprintf(_("Enter new password:")); - wprintf(""); - wprintf("
"); - wprintf(_("Enter it again to confirm:")); - wprintf(""); - wprintf("
\n"); - - wprintf("
\n"); - wprintf("", _("Change password")); - wprintf(" "); - wprintf("\n", _("Cancel")); - wprintf("
\n"); - wprintf("
\n"); - - do_template("endbox"); + wc_printf("
\n"); + wc_printf("\n", WC->nonce); + wc_printf("\n"); + wc_printf("\n"); + wc_printf("
"); + wc_printf(_("Enter new password:")); + wc_printf(""); + wc_printf("
"); + wc_printf(_("Enter it again to confirm:")); + wc_printf(""); + wc_printf("
\n"); + + wc_printf("
\n"); + wc_printf("", _("Change password")); + wc_printf(" "); + wc_printf("\n", _("Cancel")); + wc_printf("
\n"); + wc_printf("
\n"); + + do_template("endbox", NULL); wDumpContent(1); } @@ -870,7 +888,12 @@ void changepw(void) serv_getln(buf, sizeof buf); sprintf(WC->ImportantMessage, "%s", &buf[4]); if (buf[0] == '2') { - safestrncpy(WC->wc_password, buf, sizeof WC->wc_password); + if (WC->wc_password == NULL) + WC->wc_password = NewStrBufPlain(buf, -1); + else { + FlushStrBuf(WC->wc_password); + StrBufAppendBufPlain(WC->wc_password, buf, -1, 0); + } display_main_menu(); } else { @@ -878,10 +901,180 @@ void changepw(void) } } +int ConditionalHaveAccessCreateRoom(StrBuf *Target, WCTemplputParams *TP) +{ + StrBuf *Buf; + + Buf = NewStrBuf(); + serv_puts("CRE8 0"); + StrBuf_ServGetln(Buf); + + if (GetServerStatus(Buf, NULL) == 2) { + StrBufCutLeft(Buf, 4); + AppendImportantMessage(SKEY(Buf)); + FreeStrBuf(&Buf); + return 0; + } + FreeStrBuf(&Buf); + return 1; +} + +int ConditionalAide(StrBuf *Target, WCTemplputParams *TP) +{ + wcsession *WCC = WC; + return (WCC != NULL)? (WC->is_aide == 0) : 0; +} + +int ConditionalIsLoggedIn(StrBuf *Target, WCTemplputParams *TP) +{ + wcsession *WCC = WC; + return (WCC != NULL)? (WCC->logged_in == 0) : 0; +} + + +void _display_openid_login(void) { + display_openid_login(NULL); +} + + +void _display_reg(void) { + display_reg(0); +} + + +void Header_HandleAuth(StrBuf *Line, ParsedHttpHdrs *hdr) +{ + if (hdr->HR.got_auth == NO_AUTH) /* don't override cookie auth... */ + { + if (strncasecmp(ChrPtr(Line), "Basic", 5) == 0) { + StrBufCutLeft(Line, 6); + StrBufDecodeBase64(Line); + hdr->HR.plainauth = Line; + hdr->HR.got_auth = AUTH_BASIC; + } + else + lprintf(1, "Authentication scheme not supported! [%s]\n", ChrPtr(Line)); + } +} + +void CheckAuthBasic(ParsedHttpHdrs *hdr) +{ +/* + todo: enable this if we can have other sessions than authenticated ones. + if (hdr->DontNeedAuth) + return; +*/ + StrBufAppendBufPlain(hdr->HR.plainauth, HKEY(":"), 0); + StrBufAppendBuf(hdr->HR.plainauth, hdr->HR.user_agent, 0); + hdr->HR.SessionKey = hashlittle(SKEY(hdr->HR.plainauth), 89479832); +/* + lprintf(1, "CheckAuthBasic: calculated sessionkey %ld\n", + hdr->HR.SessionKey); +*/ +} +void GetAuthBasic(ParsedHttpHdrs *hdr) +{ + const char *Pos = NULL; + if (hdr->c_username == NULL) + hdr->c_username = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_USER)); + if (hdr->c_password == NULL) + hdr->c_password = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_PASS)); + StrBufExtract_NextToken(hdr->c_username, hdr->HR.plainauth, &Pos, ':'); + StrBufExtract_NextToken(hdr->c_password, hdr->HR.plainauth, &Pos, ':'); +} -void InitModule_AUTH(void) +void Header_HandleCookie(StrBuf *Line, ParsedHttpHdrs *hdr) { - WebcitAddUrlHandler(HKEY("do_welcome"), do_welcome, 0); + const char *pch; +/* + todo: enable this if we can have other sessions than authenticated ones. + if (hdr->DontNeedAuth) + return; +*/ + pch = strstr(ChrPtr(Line), "webcit="); + if (pch == NULL) { + return; + } + + hdr->HR.RawCookie = Line; + StrBufCutLeft(hdr->HR.RawCookie, (pch - ChrPtr(hdr->HR.RawCookie)) + 7); + StrBufDecodeHex(hdr->HR.RawCookie); + + cookie_to_stuff(Line, &hdr->HR.desired_session, + hdr->c_username, + hdr->c_password, + hdr->c_roomname, + hdr->c_language + ); + hdr->HR.got_auth = AUTH_COOKIE; +} + +void +HttpNewModule_AUTH +(ParsedHttpHdrs *httpreq) +{ + httpreq->c_username = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_USER)); + httpreq->c_password = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_PASS)); + httpreq->c_roomname = NewStrBuf(); + httpreq->c_language = NewStrBuf(); +} +void +HttpDetachModule_AUTH +(ParsedHttpHdrs *httpreq) +{ + FLUSHStrBuf(httpreq->c_username); + FLUSHStrBuf(httpreq->c_password); + FLUSHStrBuf(httpreq->c_roomname); + FLUSHStrBuf(httpreq->c_language); +} + +void +HttpDestroyModule_AUTH +(ParsedHttpHdrs *httpreq) +{ + FreeStrBuf(&httpreq->c_username); + FreeStrBuf(&httpreq->c_password); + FreeStrBuf(&httpreq->c_roomname); + FreeStrBuf(&httpreq->c_language); +} + +void +InitModule_AUTH +(void) +{ + initialize_axdefs(); + RegisterHeaderHandler(HKEY("COOKIE"), Header_HandleCookie); + RegisterHeaderHandler(HKEY("AUTHORIZATION"), Header_HandleAuth); + + WebcitAddUrlHandler(HKEY(""), "", 0, do_welcome, ANONYMOUS|COOKIEUNNEEDED); /* no url pattern at all? Show login. */ + WebcitAddUrlHandler(HKEY("do_welcome"), "", 0, do_welcome, ANONYMOUS|COOKIEUNNEEDED); + WebcitAddUrlHandler(HKEY("login"), "", 0, do_login, ANONYMOUS|COOKIEUNNEEDED); + WebcitAddUrlHandler(HKEY("display_openid_login"), "", 0, _display_openid_login, ANONYMOUS); + WebcitAddUrlHandler(HKEY("openid_login"), "", 0, do_openid_login, ANONYMOUS); + WebcitAddUrlHandler(HKEY("finalize_openid_login"), "", 0, finalize_openid_login, ANONYMOUS); + WebcitAddUrlHandler(HKEY("openid_manual_create"), "", 0, openid_manual_create, ANONYMOUS); + WebcitAddUrlHandler(HKEY("do_logout"), "", 0, do_logout, ANONYMOUS|COOKIEUNNEEDED|FORCE_SESSIONCLOSE); + WebcitAddUrlHandler(HKEY("validate"), "", 0, validate, 0); + WebcitAddUrlHandler(HKEY("display_reg"), "", 0, _display_reg, 0); + WebcitAddUrlHandler(HKEY("display_changepw"), "", 0, display_changepw, 0); + WebcitAddUrlHandler(HKEY("changepw"), "", 0, changepw, 0); + WebcitAddUrlHandler(HKEY("termquit"), "", 0, do_logout, 0); + + RegisterConditional(HKEY("COND:AIDE"), 2, ConditionalAide, CTX_NONE); + RegisterConditional(HKEY("COND:LOGGEDIN"), 2, ConditionalIsLoggedIn, CTX_NONE); + RegisterConditional(HKEY("COND:MAY_CREATE_ROOM"), 2, ConditionalHaveAccessCreateRoom, CTX_NONE); return ; } + + +void +SessionDestroyModule_AUTH +(wcsession *sess) +{ + FreeStrBuf(&sess->wc_username); + FreeStrBuf(&sess->wc_fullname); + FreeStrBuf(&sess->wc_password); + FreeStrBuf(&sess->httpauth_pass); + FreeStrBuf(&sess->cs_inet_email); +}