X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=webcit%2Fauth.c;h=c6ee328e43a785c842d0243eaa4fa94c7c169f1a;hb=HEAD;hp=207d4a9c550ca52703dda2a84ceecfcfadaf923f;hpb=091967d8bc53b1121aee57d9717a257fe3f72d13;p=citadel.git

diff --git a/webcit/auth.c b/webcit/auth.c
index 207d4a9c5..0628d223d 100644
--- a/webcit/auth.c
+++ b/webcit/auth.c
@@ -1,28 +1,21 @@
 /*
  * These functions handle authentication of users to a Citadel server.
  *
- * Copyright (c) 1996-2011 by the citadel.org team
+ * Copyright (c) 1996-2021 by the citadel.org team
  *
- * This program is open source software.  You can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 3 of the
- * License, or (at your option) any later version.
+ * This program is open source software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License, version 3.
  *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  */
 
 #include "webcit.h"
-#include "webserver.h"
+
 #include <ctype.h>
 
-extern uint32_t hashlittle( const void *key, size_t length, uint32_t initval);
 
 /*
  * Access level definitions.  This is initialized from a function rather than a
@@ -51,7 +44,7 @@ void initialize_axdefs(void) {
 	axdefs[5] = _("Preferred User");
 
 	/* chief */
-	axdefs[6] = _("Aide");          
+	axdefs[6] = _("Admin");          
 }
 
 
@@ -64,7 +57,7 @@ void display_login(void)
 {
 	begin_burst();
 	output_headers(1, 0, 0, 0, 1, 0);
-	do_template("login", NULL);
+	do_template("login");
 	end_burst();
 }
 
@@ -135,6 +128,7 @@ void become_logged_in(const StrBuf *user, const StrBuf *pass, StrBuf *serv_respo
 	get_preference("floordiv_expanded", &FloorDiv);
 	WCC->floordiv_expanded = FloorDiv;
 	FreeStrBuf(&Buf);
+	FlushRoomlist();
 }
 
 
@@ -195,7 +189,7 @@ void openid_manual_create(void)
 	if (havebstr("exit_action")) {
 		begin_burst();
 		output_headers(1, 0, 0, 0, 1, 0);
-		do_template("authpopup_finished", NULL);
+		do_template("authpopup_finished");
 		end_burst();
 		return;
 	}
@@ -223,7 +217,7 @@ void openid_manual_create(void)
 		if (WC->logged_in) {
 			begin_burst();
 			output_headers(1, 0, 0, 0, 1, 0);
-			do_template("authpopup_finished", NULL);
+			do_template("authpopup_finished");
 			end_burst();
 		}
 	} else {
@@ -236,7 +230,7 @@ void openid_manual_create(void)
 		begin_burst();
 		output_headers(1, 0, 0, 0, 1, 0);
 		wc_printf("<html><body>");
-		do_template("openid_manual_create", NULL);
+		do_template("openid_manual_create");
 		wc_printf("</body></html>");
 		end_burst();
 	}
@@ -302,6 +296,7 @@ void finalize_openid_login(void)
 				long HKLen;
 				const char *HKey;
 				HashPos *Cursor;
+				int len;
 				
 				Cursor = GetNewHashPos (WCC->Hdr->urlstrings, 0);
 				while (GetNextHashPos(WCC->Hdr->urlstrings, Cursor, &HKLen, &HKey, &U)) {
@@ -314,7 +309,9 @@ void finalize_openid_login(void)
 				serv_puts("000");
 
 				linecount = 0;
-				while (StrBuf_ServGetln(Buf), strcmp(ChrPtr(Buf), "000")) 
+				while (len = StrBuf_ServGetln(Buf), 
+				       ((len >= 0) &&
+					((len != 3) || strcmp(ChrPtr(Buf), "000") )))
 				{
 					if (linecount == 0) result = NewStrBufDup(Buf);
 					if (!strcasecmp(ChrPtr(result), "authenticate")) {
@@ -360,7 +357,7 @@ void finalize_openid_login(void)
 		if (WC->logged_in) {
 			begin_burst();
 			output_headers(1, 0, 0, 0, 1, 0);
-			do_template("authpopup_finished", NULL);
+			do_template("authpopup_finished");
 			end_burst();
 		} else {
 			begin_burst();
@@ -385,14 +382,14 @@ void finalize_openid_login(void)
 		begin_burst();
 		output_headers(1, 0, 0, 0, 1, 0);
 		wc_printf("<html><body>");
-		do_template("openid_manual_create", NULL);
+		do_template("openid_manual_create");
 		wc_printf("</body></html>");
 		end_burst();
 	}
 
 	/* Something went VERY wrong if we get to this point */
 	else {
-		syslog(1, "finalize_openid_login() failed to do anything.  This is a code problem.\n");
+		syslog(LOG_DEBUG, "finalize_openid_login() failed to do anything.  This is a code problem.\n");
 		begin_burst();
 		output_headers(1, 0, 0, 0, 1, 0);
 		wc_printf("<html><body>");
@@ -411,51 +408,9 @@ void finalize_openid_login(void)
 
 /*
  * Display a welcome screen to the user.
- *
- * If this is the first time login, and the web based setup is enabled, 
- * lead the user through the setup routines
  */
-void do_welcome(void)
-{
+void do_welcome(void) {
 	StrBuf *Buf;
-#ifdef XXX_NOT_FINISHED_YET_XXX
-	FILE *fp;
-	int i;
-
-	/**
-	 * See if we have to run the first-time setup wizard
-	 */
-	if (WC->is_aide) {
-		if (!setup_wizard) {
-			int len;
-			sprintf(wizard_filename, "setupwiz.%s.%s",
-				ctdlhost, ctdlport);
-			len = strlen(wizard_filename);
-			for (i=0; i<len; ++i) {
-				if (	(wizard_filename[i]==' ')
-					|| (wizard_filename[i] == '/')
-				) {
-					wizard_filename[i] = '_';
-				}
-			}
-	
-			fp = fopen(wizard_filename, "r");
-			if (fp != NULL) {
-				fgets(buf, sizeof buf, fp);
-				buf[strlen(buf)-1] = 0;
-				fclose(fp);
-				if (atoi(buf) == serv_info.serv_rev_level) {
-					setup_wizard = 1;	/* already run */
-				}
-			}
-		}
-
-		if (!setup_wizard) {
-			http_redirect("setup_wizard");
-		}
-	}
-#endif
-
 	/*
 	 * Go to the user's preferred start page
 	 */
@@ -470,7 +425,7 @@ void do_welcome(void)
 	if (StrLength(Buf) == 0) {
 		StrBufAppendBufPlain(Buf, "dotgoto?room=_BASEROOM_", -1, 0);
 	}
-	syslog(9, "Redirecting to user's start page: %s\n", ChrPtr(Buf));
+	syslog(LOG_DEBUG, "Redirecting to user's start page: %s\n", ChrPtr(Buf));
 	http_redirect(ChrPtr(Buf));
 }
 
@@ -479,7 +434,6 @@ void do_welcome(void)
  * Disconnect from the Citadel server, and end this WebCit session
  */
 void end_webcit_session(void) {
-	
 	serv_puts("QUIT");
 	WC->killthis = 1;
 	/* close() of citadel socket will be done by do_housekeeping() */
@@ -497,56 +451,48 @@ void do_logout(void)
 	FlushStrBuf(WCC->wc_username);
 	FlushStrBuf(WCC->wc_password);
 	FlushStrBuf(WCC->wc_fullname);
+	FlushRoomlist();
 
 	serv_puts("LOUT");
 	serv_getln(buf, sizeof buf);
 	WCC->logged_in = 0;
 
-	if (WC->serv_info->serv_supports_guest) {
-		display_default_landing_page();
-		return;
-	}
-
 	FlushStrBuf(WCC->CurRoom.name);
 
 	/* Calling output_headers() this way causes the cookies to be un-set */
 	output_headers(1, 1, 0, 1, 0, 0);
-
-	wc_printf("<div id=\"logout_screen\">");
-        wc_printf("<div class=\"box\">");
-        wc_printf("<div class=\"boxlabel\">");
-	wc_printf(_("Log off"));
-        wc_printf("</div><div class=\"boxcontent\">");
-	serv_puts("MESG goodbye");
-	serv_getln(buf, sizeof buf);
-
-	if (WCC->serv_sock >= 0) {
-		if (buf[0] == '1') {
-			fmout("'CENTER'");
-		} else {
-			wc_printf("Goodbye\n");
-		}
-	}
-	else {
-		wc_printf(_("This program was unable to connect or stay "
-			"connected to the Citadel server.  Please report "
-			"this problem to your system administrator.")
-		);
-		wc_printf("<a href=\"http://www.citadel.org/doku.php/"
-			"faq:mastering_your_os:net#netstat\">%s</a>",
-			_("Read More..."));
+	do_template("logout");
+	if ((WCC->serv_info != NULL) && WCC->serv_info->serv_supports_guest) {
+		display_default_landing_page();
+		return;
 	}
 
-	wc_printf("<hr /><div class=\"buttons\"> "
-		"<span class=\"button_link\"><a href=\".\">");
-	wc_printf(_("Log in again"));
-	wc_printf("</a></span>");
-	wc_printf("</div></div></div>\n");
 	wDumpContent(2);
 	end_webcit_session();
 }
 
 
+/* 
+ * Special page for monitoring scripts etc
+ */
+void monitor(void)
+{
+	output_headers(0, 0, 0, 0, 0, 0);
+
+	hprintf("Content-type: text/plain\r\n"
+		"Server: " PACKAGE_STRING "\r\n"
+		"Connection: close\r\n"
+	);
+	begin_burst();
+
+	wc_printf("Connection to Citadel server in %s : %s\r\n", ctdl_dir,
+		(WC->connected ? "SUCCESS" : "FAIL")
+	);
+
+	wDumpContent(0);
+}
+
+
 /*
  * validate new users
  */
@@ -557,14 +503,11 @@ void validate(void)
 	char buf[SIZ];
 	int a;
 
-	output_headers(1, 1, 2, 0, 0, 0);
-	wc_printf("<div id=\"banner\">\n");
-	wc_printf("<h1>");
-	wc_printf(_("Validate new users"));
-	wc_printf("</h1>");
-	wc_printf("</div>\n");
+	output_headers(1, 1, 1, 0, 0, 0);
 
-	wc_printf("<div id=\"content\" class=\"service\">\n");
+        do_template("box_begin_1");
+        StrBufAppendBufPlain(WC->WBuf, _("Validate new users"), -1, 0);
+        do_template("box_begin_2");
 
 	/* If the user just submitted a validation, process it... */
 	safestrncpy(buf, bstr("user"), sizeof buf);
@@ -613,7 +556,7 @@ void validate(void)
 				int haveChar = 0;
 				int haveNum = 0;
 				int haveOther = 0;
-				int count = 0;
+				int haveLong = 0;
 				pch = buf;
 				while (!IsEmptyStr(pch))
 				{
@@ -625,10 +568,13 @@ void validate(void)
 						haveOther = 1;
 					pch ++;
 				}
-				count = pch - buf;
-				if (count > 7)
-					count = 0;
-				switch (count){
+				if (pch - buf > 7)
+					haveLong = 1;
+				switch (haveLong + 
+					haveChar + 
+					haveNum + 
+					haveOther)
+				{
 				case 0:
 					pch = _("very weak");
 					break;
@@ -678,6 +624,7 @@ void validate(void)
 
 	wc_printf("</div>\n");
 	wc_printf("</td></tr></table>\n");
+	do_template("box_end");
 	wDumpContent(1);
 }
 
@@ -699,7 +646,7 @@ void display_reg(int during_login)
 	Buf = NewStrBuf();
 	memset(&Room, 0, sizeof(folder));
 	if (goto_config_room(Buf, &Room) != 0) {
-		syslog(9, "display_reg() exiting because goto_config_room() failed\n");
+		syslog(LOG_WARNING, "display_reg() exiting because goto_config_room() failed\n");
 		if (during_login) {
 			pop_destination();
 		}
@@ -715,7 +662,7 @@ void display_reg(int during_login)
 	FreeStrBuf(&Buf);
 	vcard_msgnum = locate_user_vcard_in_this_room(&VCMsg, &VCAtt);
 	if (vcard_msgnum < 0L) {
-		syslog(9, "display_reg() exiting because locate_user_vcard_in_this_room() failed\n");
+		syslog(LOG_WARNING, "display_reg() exiting because locate_user_vcard_in_this_room() failed\n");
 		if (during_login) {
 			pop_destination();
 		}
@@ -738,74 +685,17 @@ void display_reg(int during_login)
 
 }
 
-
-/*
- * display form for changing your password
- */
-void display_changepw(void)
-{
-	WCTemplputParams SubTP;
-	char buf[SIZ];
-	StrBuf *Buf;
-	output_headers(1, 1, 1, 0, 0, 0);
-
-	Buf = NewStrBufPlain(_("Change your password"), -1);
-	memset(&SubTP, 0, sizeof(WCTemplputParams));
-	SubTP.Filter.ContextType = CTX_STRBUF;
-	SubTP.Context = Buf;
-	DoTemplate(HKEY("beginbox"), NULL, &SubTP);
-
-	FreeStrBuf(&Buf);
-
-	if (!IsEmptyStr(WC->ImportantMessage)) {
-		wc_printf("<span class=\"errormsg\">"
-			"%s</span><br>\n", WC->ImportantMessage);
-		safestrncpy(WC->ImportantMessage, "", sizeof WC->ImportantMessage);
-	}
-
-	serv_puts("MESG changepw");
-	serv_getln(buf, sizeof buf);
-	if (buf[0] == '1') {
-		fmout("CENTER");
-	}
-
-	wc_printf("<form name=\"changepwform\" action=\"changepw\" method=\"post\">\n");
-	wc_printf("<input type=\"hidden\" name=\"nonce\" value=\"%d\">\n", WC->nonce);
-	wc_printf("<table class=\"altern\" ");
-	wc_printf("<tr class=\"even\"><td>");
-	wc_printf(_("Enter new password:"));
-	wc_printf("</td><td>");
-	wc_printf("<input type=\"password\" name=\"newpass1\" value=\"\" maxlength=\"20\"></td></tr>\n");
-	wc_printf("<tr class=\"odd\"><td>");
-	wc_printf(_("Enter it again to confirm:"));
-	wc_printf("</td><td>");
-	wc_printf("<input type=\"password\" name=\"newpass2\" value=\"\" maxlength=\"20\"></td></tr>\n");
-	wc_printf("</table>\n");
-
-	wc_printf("<div class=\"buttons\">\n");
-	wc_printf("<input type=\"submit\" name=\"change_action\" value=\"%s\">", _("Change password"));
-	wc_printf("&nbsp;");
-	wc_printf("<input type=\"submit\" name=\"cancel_action\" value=\"%s\">\n", _("Cancel"));
-	wc_printf("</div>\n");
-	wc_printf("</form>\n");
-
-	do_template("endbox", NULL);
-	wDumpContent(1);
-}
-
 /*
  * change password
  * if passwords match, propagate it to citserver.
  */
 void changepw(void)
 {
-	char buf[SIZ];
+	StrBuf *Line;
 	char newpass1[32], newpass2[32];
 
 	if (!havebstr("change_action")) {
-		safestrncpy(WC->ImportantMessage, 
-			_("Cancelled.  Password was not changed."),
-			sizeof WC->ImportantMessage);
+		AppendImportantMessage(_("Cancelled.  Password was not changed."), -1);
 		display_main_menu();
 		return;
 	}
@@ -814,36 +704,37 @@ void changepw(void)
 	safestrncpy(newpass2, bstr("newpass2"), sizeof newpass2);
 
 	if (strcasecmp(newpass1, newpass2)) {
-		safestrncpy(WC->ImportantMessage, 
-			_("They don't match.  Password was not changed."),
-			sizeof WC->ImportantMessage);
-		display_changepw();
+		AppendImportantMessage(_("They don't match.  Password was not changed."), -1);
+		do_template("menu_change_pw");
 		return;
 	}
 
 	if (IsEmptyStr(newpass1)) {
-		safestrncpy(WC->ImportantMessage, 
-			_("Blank passwords are not allowed."),
-			sizeof WC->ImportantMessage);
-		display_changepw();
+		AppendImportantMessage(_("Blank passwords are not allowed."), -1);
+		do_template("menu_change_pw");
 		return;
 	}
 
+	Line = NewStrBuf();
 	serv_printf("SETP %s", newpass1);
-	serv_getln(buf, sizeof buf);
-	sprintf(WC->ImportantMessage, "%s", &buf[4]);
-	if (buf[0] == '2') {
+	StrBuf_ServGetln(Line);
+	if (GetServerStatusMsg(Line, NULL, 1, 0) == 2) {
 		if (WC->wc_password == NULL)
-			WC->wc_password = NewStrBufPlain(buf, -1);
+			WC->wc_password = NewStrBufPlain(
+				ChrPtr(Line) + 4, 
+				StrLength(Line) - 4);
 		else {
 			FlushStrBuf(WC->wc_password);
-			StrBufAppendBufPlain(WC->wc_password,  buf, -1, 0);
+			StrBufAppendBufPlain(WC->wc_password,  
+					     ChrPtr(Line) + 4, 
+					     StrLength(Line) - 4, 0);
 		}
 		display_main_menu();
 	}
 	else {
-		display_changepw();
+		do_template("menu_change_pw");
 	}
+	FreeStrBuf(&Line);
 }
 
 
@@ -906,7 +797,7 @@ void Header_HandleAuth(StrBuf *Line, ParsedHttpHdrs *hdr)
 			hdr->HR.got_auth = AUTH_BASIC;
 		}
 		else 
-			syslog(1, "Authentication scheme not supported! [%s]\n", ChrPtr(Line));
+			syslog(LOG_WARNING, "Authentication scheme not supported! [%s]\n", ChrPtr(Line));
 	}
 }
 
@@ -920,11 +811,6 @@ void CheckAuthBasic(ParsedHttpHdrs *hdr)
 */
 	StrBufAppendBufPlain(hdr->HR.plainauth, HKEY(":"), 0);
 	StrBufAppendBuf(hdr->HR.plainauth, hdr->HR.user_agent, 0);
-	hdr->HR.SessionKey = hashlittle(SKEY(hdr->HR.plainauth), 89479832);
-/*
-	syslog(1, "CheckAuthBasic: calculated sessionkey %ld\n", 
-		hdr->HR.SessionKey);
-*/
 }
 
 
@@ -1018,16 +904,16 @@ InitModule_AUTH
 	WebcitAddUrlHandler(HKEY("validate"), "", 0, validate, 0);
 	WebcitAddUrlHandler(HKEY("do_welcome"), "", 0, do_welcome, 0);
 	WebcitAddUrlHandler(HKEY("display_reg"), "", 0, _display_reg, 0);
-	WebcitAddUrlHandler(HKEY("display_changepw"), "", 0, display_changepw, 0);
 	WebcitAddUrlHandler(HKEY("changepw"), "", 0, changepw, 0);
 	WebcitAddUrlHandler(HKEY("termquit"), "", 0, do_logout, 0);
 	WebcitAddUrlHandler(HKEY("do_logout"), "", 0, do_logout, ANONYMOUS|COOKIEUNNEEDED|FORCE_SESSIONCLOSE);
+	WebcitAddUrlHandler(HKEY("monitor"), "", 0, monitor, ANONYMOUS|COOKIEUNNEEDED|FORCE_SESSIONCLOSE);
 	WebcitAddUrlHandler(HKEY("ajax_login_username_password"), "", 0, ajax_login_username_password, AJAX|ANONYMOUS);
 	WebcitAddUrlHandler(HKEY("ajax_login_newuser"), "", 0, ajax_login_newuser, AJAX|ANONYMOUS);
 	WebcitAddUrlHandler(HKEY("switch_language"), "", 0, switch_language, ANONYMOUS);
-	RegisterConditional(HKEY("COND:AIDE"), 2, ConditionalAide, CTX_NONE);
-	RegisterConditional(HKEY("COND:LOGGEDIN"), 2, ConditionalIsLoggedIn, CTX_NONE);
-	RegisterConditional(HKEY("COND:MAY_CREATE_ROOM"), 2,  ConditionalHaveAccessCreateRoom, CTX_NONE);
+	RegisterConditional("COND:AIDE", 2, ConditionalAide, CTX_NONE);
+	RegisterConditional("COND:LOGGEDIN", 2, ConditionalIsLoggedIn, CTX_NONE);
+	RegisterConditional("COND:MAY_CREATE_ROOM", 2,  ConditionalHaveAccessCreateRoom, CTX_NONE);
 	return;
 }