X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=webcit%2Fauth.c;h=c6ee328e43a785c842d0243eaa4fa94c7c169f1a;hb=HEAD;hp=5e01bb5fe53f86ce3a0d827f6e56e25279bd2fc5;hpb=f857cbc7229f56f3fa8de4b30233136de853b5ec;p=citadel.git diff --git a/webcit/auth.c b/webcit/auth.c index 5e01bb5fe..0628d223d 100644 --- a/webcit/auth.c +++ b/webcit/auth.c @@ -1,28 +1,21 @@ /* * These functions handle authentication of users to a Citadel server. * - * Copyright (c) 1996-2011 by the citadel.org team + * Copyright (c) 1996-2021 by the citadel.org team * - * This program is open source software. You can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation; either version 3 of the - * License, or (at your option) any later version. + * This program is open source software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License, version 3. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include "webcit.h" -#include "webserver.h" + #include -extern uint32_t hashlittle( const void *key, size_t length, uint32_t initval); /* * Access level definitions. This is initialized from a function rather than a @@ -51,7 +44,7 @@ void initialize_axdefs(void) { axdefs[5] = _("Preferred User"); /* chief */ - axdefs[6] = _("Aide"); + axdefs[6] = _("Admin"); } @@ -64,7 +57,7 @@ void display_login(void) { begin_burst(); output_headers(1, 0, 0, 0, 1, 0); - do_template("login", NULL); + do_template("login"); end_burst(); } @@ -112,7 +105,7 @@ void become_logged_in(const StrBuf *user, const StrBuf *pass, StrBuf *serv_respo } WCC->axlevel = StrBufExtract_int(serv_response, 1, '|'); - if (WCC->axlevel >= 6) { /* TODO: make this a define, else it might trick us later */ + if (WCC->axlevel >= 6) { WCC->is_aide = 1; } @@ -135,6 +128,7 @@ void become_logged_in(const StrBuf *user, const StrBuf *pass, StrBuf *serv_respo get_preference("floordiv_expanded", &FloorDiv); WCC->floordiv_expanded = FloorDiv; FreeStrBuf(&Buf); + FlushRoomlist(); } @@ -191,45 +185,53 @@ void openid_manual_create(void) { StrBuf *Buf; + /* Did the user change his mind? Pack up and go home. */ if (havebstr("exit_action")) { - do_logout(); + begin_burst(); + output_headers(1, 0, 0, 0, 1, 0); + do_template("authpopup_finished"); + end_burst(); return; } - if (havebstr("newuser_action")) { - Buf = NewStrBuf(); - serv_printf("OIDC %s", bstr("name")); - StrBuf_ServGetln(Buf); - if (GetServerStatus(Buf, NULL) == 2) { - StrBuf *gpass; - - gpass = NewStrBuf(); - serv_puts("SETP GENERATE_RANDOM_PASSWORD"); - StrBuf_ServGetln(gpass); - StrBufCutLeft(gpass, 4); - become_logged_in(sbstr("name"), gpass, Buf); - FreeStrBuf(&gpass); - } - FreeStrBuf(&Buf); + + /* Ok, let's give this a try. Can we create the new user? */ + + Buf = NewStrBuf(); + serv_printf("OIDC %s", bstr("name")); + StrBuf_ServGetln(Buf); + if (GetServerStatus(Buf, NULL) == 2) { + StrBuf *gpass; + + gpass = NewStrBuf(); + serv_puts("SETP GENERATE_RANDOM_PASSWORD"); + StrBuf_ServGetln(gpass); + StrBufCutLeft(gpass, 4); + become_logged_in(sbstr("name"), gpass, Buf); + FreeStrBuf(&gpass); } + FreeStrBuf(&Buf); + /* Did we manage to log in? If so, continue with the normal flow... */ if (WC->logged_in) { - if (WC->need_regi) { - display_reg(1); - } else if (WC->need_vali) { - validate(); - } else { - do_welcome(); + if (WC->logged_in) { + begin_burst(); + output_headers(1, 0, 0, 0, 1, 0); + do_template("authpopup_finished"); + end_burst(); } } else { + /* Still no good! Go back to teh dialog to select a username */ const StrBuf *Buf; - putbstr("__claimed_id", NewStrBufDup(sbstr("openid_url"))); Buf = sbstr("name"); if (StrLength(Buf) > 0) putbstr("__username", NewStrBufDup(Buf)); begin_burst(); - do_template("openid_manual_create", NULL); + output_headers(1, 0, 0, 0, 1, 0); + wc_printf(""); + do_template("openid_manual_create"); + wc_printf(""); end_burst(); } @@ -294,6 +296,7 @@ void finalize_openid_login(void) long HKLen; const char *HKey; HashPos *Cursor; + int len; Cursor = GetNewHashPos (WCC->Hdr->urlstrings, 0); while (GetNextHashPos(WCC->Hdr->urlstrings, Cursor, &HKLen, &HKey, &U)) { @@ -306,7 +309,9 @@ void finalize_openid_login(void) serv_puts("000"); linecount = 0; - while (StrBuf_ServGetln(Buf), strcmp(ChrPtr(Buf), "000")) + while (len = StrBuf_ServGetln(Buf), + ((len >= 0) && + ((len != 3) || strcmp(ChrPtr(Buf), "000") ))) { if (linecount == 0) result = NewStrBufDup(Buf); if (!strcasecmp(ChrPtr(result), "authenticate")) { @@ -340,28 +345,33 @@ void finalize_openid_login(void) */ if ( (WCC->logged_in) && (havebstr("attach_existing")) ) { display_openids(); - FreeStrBuf(&result); - FreeStrBuf(&username); - FreeStrBuf(&password); - FreeStrBuf(&claimed_id); - FreeStrBuf(&logged_in_response); - return; } /* If this operation logged us in, either by connecting with an existing account or by * auto-creating one using Simple Registration Extension, we're already on our way. */ - if (!strcasecmp(ChrPtr(result), "authenticate")) { + else if (!strcasecmp(ChrPtr(result), "authenticate")) { become_logged_in(username, password, logged_in_response); + + /* Did we manage to log in? If so, continue with the normal flow... */ + if (WC->logged_in) { + begin_burst(); + output_headers(1, 0, 0, 0, 1, 0); + do_template("authpopup_finished"); + end_burst(); + } else { + begin_burst(); + output_headers(1, 0, 0, 0, 1, 0); + wc_printf(""); + wc_printf(_("An error has occurred.")); + wc_printf(""); + end_burst(); + } } /* The specified OpenID was verified but the desired user name was either not specified via SRE * or conflicts with an existing user. Either way the user will need to specify a new name. */ - -/* - * FIXME make this work again!!!! - * else if (!strcasecmp(ChrPtr(result), "verify_only")) { putbstr("__claimed_id", claimed_id); claimed_id = NULL; @@ -370,20 +380,16 @@ void finalize_openid_login(void) username = NULL; } begin_burst(); - do_template("openid_manual_create", NULL); + output_headers(1, 0, 0, 0, 1, 0); + wc_printf(""); + do_template("openid_manual_create"); + wc_printf(""); end_burst(); } -*/ - - - /* Did we manage to log in? If so, continue with the normal flow... */ - if (WC->logged_in) { - begin_burst(); - output_headers(1, 0, 0, 0, 1, 0); - do_template("authpopup_finished", NULL); - end_burst(); - } else { + /* Something went VERY wrong if we get to this point */ + else { + syslog(LOG_DEBUG, "finalize_openid_login() failed to do anything. This is a code problem.\n"); begin_burst(); output_headers(1, 0, 0, 0, 1, 0); wc_printf(""); @@ -402,51 +408,9 @@ void finalize_openid_login(void) /* * Display a welcome screen to the user. - * - * If this is the first time login, and the web based setup is enabled, - * lead the user through the setup routines */ -void do_welcome(void) -{ +void do_welcome(void) { StrBuf *Buf; -#ifdef XXX_NOT_FINISHED_YET_XXX - FILE *fp; - int i; - - /** - * See if we have to run the first-time setup wizard - */ - if (WC->is_aide) { - if (!setup_wizard) { - int len; - sprintf(wizard_filename, "setupwiz.%s.%s", - ctdlhost, ctdlport); - len = strlen(wizard_filename); - for (i=0; ikillthis = 1; /* close() of citadel socket will be done by do_housekeeping() */ } + /* - * execute the logout + * Log out the session with the Citadel server */ void do_logout(void) { @@ -487,56 +451,48 @@ void do_logout(void) FlushStrBuf(WCC->wc_username); FlushStrBuf(WCC->wc_password); FlushStrBuf(WCC->wc_fullname); + FlushRoomlist(); serv_puts("LOUT"); serv_getln(buf, sizeof buf); WCC->logged_in = 0; - if (WC->serv_info->serv_supports_guest) { - display_default_landing_page(); - return; - } - FlushStrBuf(WCC->CurRoom.name); /* Calling output_headers() this way causes the cookies to be un-set */ output_headers(1, 1, 0, 1, 0, 0); - - wc_printf("
"); - wc_printf("
"); - wc_printf("
"); - wc_printf(_("Log off")); - wc_printf("
"); - serv_puts("MESG goodbye"); - serv_getln(buf, sizeof buf); - - if (WCC->serv_sock >= 0) { - if (buf[0] == '1') { - fmout("'CENTER'"); - } else { - wc_printf("Goodbye\n"); - } + do_template("logout"); + if ((WCC->serv_info != NULL) && WCC->serv_info->serv_supports_guest) { + display_default_landing_page(); + return; } - else { - wc_printf(_("This program was unable to connect or stay " - "connected to the Citadel server. Please report " - "this problem to your system administrator.") - ); - wc_printf("%s", - _("Read More...")); - } - - wc_printf("
" - ""); - wc_printf(_("Log in again")); - wc_printf(""); - wc_printf("
\n"); + wDumpContent(2); end_webcit_session(); } +/* + * Special page for monitoring scripts etc + */ +void monitor(void) +{ + output_headers(0, 0, 0, 0, 0, 0); + + hprintf("Content-type: text/plain\r\n" + "Server: " PACKAGE_STRING "\r\n" + "Connection: close\r\n" + ); + begin_burst(); + + wc_printf("Connection to Citadel server in %s : %s\r\n", ctdl_dir, + (WC->connected ? "SUCCESS" : "FAIL") + ); + + wDumpContent(0); +} + + /* * validate new users */ @@ -547,14 +503,11 @@ void validate(void) char buf[SIZ]; int a; - output_headers(1, 1, 2, 0, 0, 0); - wc_printf("
\n"); - wc_printf("

"); - wc_printf(_("Validate new users")); - wc_printf("

"); - wc_printf("
\n"); + output_headers(1, 1, 1, 0, 0, 0); - wc_printf("
\n"); + do_template("box_begin_1"); + StrBufAppendBufPlain(WC->WBuf, _("Validate new users"), -1, 0); + do_template("box_begin_2"); /* If the user just submitted a validation, process it... */ safestrncpy(buf, bstr("user"), sizeof buf); @@ -603,7 +556,7 @@ void validate(void) int haveChar = 0; int haveNum = 0; int haveOther = 0; - int count = 0; + int haveLong = 0; pch = buf; while (!IsEmptyStr(pch)) { @@ -615,10 +568,13 @@ void validate(void) haveOther = 1; pch ++; } - count = pch - buf; - if (count > 7) - count = 0; - switch (count){ + if (pch - buf > 7) + haveLong = 1; + switch (haveLong + + haveChar + + haveNum + + haveOther) + { case 0: pch = _("very weak"); break; @@ -668,11 +624,11 @@ void validate(void) wc_printf("
\n"); wc_printf("\n"); + do_template("box_end"); wDumpContent(1); } - /* * Display form for registration. * @@ -690,7 +646,7 @@ void display_reg(int during_login) Buf = NewStrBuf(); memset(&Room, 0, sizeof(folder)); if (goto_config_room(Buf, &Room) != 0) { - syslog(9, "display_reg() exiting because goto_config_room() failed\n"); + syslog(LOG_WARNING, "display_reg() exiting because goto_config_room() failed\n"); if (during_login) { pop_destination(); } @@ -706,7 +662,7 @@ void display_reg(int during_login) FreeStrBuf(&Buf); vcard_msgnum = locate_user_vcard_in_this_room(&VCMsg, &VCAtt); if (vcard_msgnum < 0L) { - syslog(9, "display_reg() exiting because locate_user_vcard_in_this_room() failed\n"); + syslog(LOG_WARNING, "display_reg() exiting because locate_user_vcard_in_this_room() failed\n"); if (during_login) { pop_destination(); } @@ -729,76 +685,17 @@ void display_reg(int during_login) } - - - -/* - * display form for changing your password - */ -void display_changepw(void) -{ - WCTemplputParams SubTP; - char buf[SIZ]; - StrBuf *Buf; - output_headers(1, 1, 1, 0, 0, 0); - - Buf = NewStrBufPlain(_("Change your password"), -1); - memset(&SubTP, 0, sizeof(WCTemplputParams)); - SubTP.Filter.ContextType = CTX_STRBUF; - SubTP.Context = Buf; - DoTemplate(HKEY("beginbox"), NULL, &SubTP); - - FreeStrBuf(&Buf); - - if (!IsEmptyStr(WC->ImportantMessage)) { - wc_printf("" - "%s
\n", WC->ImportantMessage); - safestrncpy(WC->ImportantMessage, "", sizeof WC->ImportantMessage); - } - - serv_puts("MESG changepw"); - serv_getln(buf, sizeof buf); - if (buf[0] == '1') { - fmout("CENTER"); - } - - wc_printf("
\n"); - wc_printf("\n", WC->nonce); - wc_printf("\n"); - wc_printf("\n"); - wc_printf("
"); - wc_printf(_("Enter new password:")); - wc_printf(""); - wc_printf("
"); - wc_printf(_("Enter it again to confirm:")); - wc_printf(""); - wc_printf("
\n"); - - wc_printf("
\n"); - wc_printf("", _("Change password")); - wc_printf(" "); - wc_printf("\n", _("Cancel")); - wc_printf("
\n"); - wc_printf("
\n"); - - do_template("endbox", NULL); - wDumpContent(1); -} - /* * change password * if passwords match, propagate it to citserver. */ void changepw(void) { - char buf[SIZ]; + StrBuf *Line; char newpass1[32], newpass2[32]; if (!havebstr("change_action")) { - safestrncpy(WC->ImportantMessage, - _("Cancelled. Password was not changed."), - sizeof WC->ImportantMessage); + AppendImportantMessage(_("Cancelled. Password was not changed."), -1); display_main_menu(); return; } @@ -807,38 +704,40 @@ void changepw(void) safestrncpy(newpass2, bstr("newpass2"), sizeof newpass2); if (strcasecmp(newpass1, newpass2)) { - safestrncpy(WC->ImportantMessage, - _("They don't match. Password was not changed."), - sizeof WC->ImportantMessage); - display_changepw(); + AppendImportantMessage(_("They don't match. Password was not changed."), -1); + do_template("menu_change_pw"); return; } if (IsEmptyStr(newpass1)) { - safestrncpy(WC->ImportantMessage, - _("Blank passwords are not allowed."), - sizeof WC->ImportantMessage); - display_changepw(); + AppendImportantMessage(_("Blank passwords are not allowed."), -1); + do_template("menu_change_pw"); return; } + Line = NewStrBuf(); serv_printf("SETP %s", newpass1); - serv_getln(buf, sizeof buf); - sprintf(WC->ImportantMessage, "%s", &buf[4]); - if (buf[0] == '2') { + StrBuf_ServGetln(Line); + if (GetServerStatusMsg(Line, NULL, 1, 0) == 2) { if (WC->wc_password == NULL) - WC->wc_password = NewStrBufPlain(buf, -1); + WC->wc_password = NewStrBufPlain( + ChrPtr(Line) + 4, + StrLength(Line) - 4); else { FlushStrBuf(WC->wc_password); - StrBufAppendBufPlain(WC->wc_password, buf, -1, 0); + StrBufAppendBufPlain(WC->wc_password, + ChrPtr(Line) + 4, + StrLength(Line) - 4, 0); } display_main_menu(); } else { - display_changepw(); + do_template("menu_change_pw"); } + FreeStrBuf(&Line); } + int ConditionalHaveAccessCreateRoom(StrBuf *Target, WCTemplputParams *TP) { StrBuf *Buf; @@ -857,12 +756,14 @@ int ConditionalHaveAccessCreateRoom(StrBuf *Target, WCTemplputParams *TP) return 1; } + int ConditionalAide(StrBuf *Target, WCTemplputParams *TP) { wcsession *WCC = WC; return (WCC != NULL) ? ((WCC->logged_in == 0)||(WC->is_aide == 0)) : 0; } + int ConditionalIsLoggedIn(StrBuf *Target, WCTemplputParams *TP) { wcsession *WCC = WC; @@ -871,6 +772,14 @@ int ConditionalIsLoggedIn(StrBuf *Target, WCTemplputParams *TP) } +/* + * toggle the session over to a different language + */ +void switch_language(void) { + set_selected_language(bstr("lang")); + pop_destination(); +} + void _display_reg(void) { display_reg(0); @@ -888,10 +797,11 @@ void Header_HandleAuth(StrBuf *Line, ParsedHttpHdrs *hdr) hdr->HR.got_auth = AUTH_BASIC; } else - syslog(1, "Authentication scheme not supported! [%s]\n", ChrPtr(Line)); + syslog(LOG_WARNING, "Authentication scheme not supported! [%s]\n", ChrPtr(Line)); } } + void CheckAuthBasic(ParsedHttpHdrs *hdr) { /* @@ -901,13 +811,9 @@ void CheckAuthBasic(ParsedHttpHdrs *hdr) */ StrBufAppendBufPlain(hdr->HR.plainauth, HKEY(":"), 0); StrBufAppendBuf(hdr->HR.plainauth, hdr->HR.user_agent, 0); - hdr->HR.SessionKey = hashlittle(SKEY(hdr->HR.plainauth), 89479832); -/* - syslog(1, "CheckAuthBasic: calculated sessionkey %ld\n", - hdr->HR.SessionKey); -*/ } + void GetAuthBasic(ParsedHttpHdrs *hdr) { const char *Pos = NULL; @@ -919,6 +825,7 @@ void GetAuthBasic(ParsedHttpHdrs *hdr) StrBufExtract_NextToken(hdr->c_password, hdr->HR.plainauth, &Pos, ':'); } + void Header_HandleCookie(StrBuf *Line, ParsedHttpHdrs *hdr) { const char *pch; @@ -945,6 +852,7 @@ void Header_HandleCookie(StrBuf *Line, ParsedHttpHdrs *hdr) hdr->HR.got_auth = AUTH_COOKIE; } + void HttpNewModule_AUTH (ParsedHttpHdrs *httpreq) @@ -954,6 +862,8 @@ HttpNewModule_AUTH httpreq->c_roomname = NewStrBuf(); httpreq->c_language = NewStrBuf(); } + + void HttpDetachModule_AUTH (ParsedHttpHdrs *httpreq) @@ -964,6 +874,7 @@ HttpDetachModule_AUTH FLUSHStrBuf(httpreq->c_language); } + void HttpDestroyModule_AUTH (ParsedHttpHdrs *httpreq) @@ -974,6 +885,7 @@ HttpDestroyModule_AUTH FreeStrBuf(&httpreq->c_language); } + void InitModule_AUTH (void) @@ -985,7 +897,6 @@ InitModule_AUTH /* no url pattern at all? Show login. */ WebcitAddUrlHandler(HKEY(""), "", 0, do_welcome, ANONYMOUS|COOKIEUNNEEDED); - /* some of these will be removed soon */ WebcitAddUrlHandler(HKEY("do_welcome"), "", 0, do_welcome, ANONYMOUS|COOKIEUNNEEDED); WebcitAddUrlHandler(HKEY("openid_login"), "", 0, do_openid_login, ANONYMOUS); WebcitAddUrlHandler(HKEY("finalize_openid_login"), "", 0, finalize_openid_login, ANONYMOUS); @@ -993,15 +904,16 @@ InitModule_AUTH WebcitAddUrlHandler(HKEY("validate"), "", 0, validate, 0); WebcitAddUrlHandler(HKEY("do_welcome"), "", 0, do_welcome, 0); WebcitAddUrlHandler(HKEY("display_reg"), "", 0, _display_reg, 0); - WebcitAddUrlHandler(HKEY("display_changepw"), "", 0, display_changepw, 0); WebcitAddUrlHandler(HKEY("changepw"), "", 0, changepw, 0); WebcitAddUrlHandler(HKEY("termquit"), "", 0, do_logout, 0); WebcitAddUrlHandler(HKEY("do_logout"), "", 0, do_logout, ANONYMOUS|COOKIEUNNEEDED|FORCE_SESSIONCLOSE); + WebcitAddUrlHandler(HKEY("monitor"), "", 0, monitor, ANONYMOUS|COOKIEUNNEEDED|FORCE_SESSIONCLOSE); WebcitAddUrlHandler(HKEY("ajax_login_username_password"), "", 0, ajax_login_username_password, AJAX|ANONYMOUS); WebcitAddUrlHandler(HKEY("ajax_login_newuser"), "", 0, ajax_login_newuser, AJAX|ANONYMOUS); - RegisterConditional(HKEY("COND:AIDE"), 2, ConditionalAide, CTX_NONE); - RegisterConditional(HKEY("COND:LOGGEDIN"), 2, ConditionalIsLoggedIn, CTX_NONE); - RegisterConditional(HKEY("COND:MAY_CREATE_ROOM"), 2, ConditionalHaveAccessCreateRoom, CTX_NONE); + WebcitAddUrlHandler(HKEY("switch_language"), "", 0, switch_language, ANONYMOUS); + RegisterConditional("COND:AIDE", 2, ConditionalAide, CTX_NONE); + RegisterConditional("COND:LOGGEDIN", 2, ConditionalIsLoggedIn, CTX_NONE); + RegisterConditional("COND:MAY_CREATE_ROOM", 2, ConditionalHaveAccessCreateRoom, CTX_NONE); return; }