X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=webcit%2Fauth.c;h=c6ee328e43a785c842d0243eaa4fa94c7c169f1a;hb=HEAD;hp=656dfdc6f40a45a92e5ce953dcb8fe083487dce2;hpb=a15ba5c1ede7c86a85d62ed5b539dcfc9f415bc1;p=citadel.git

diff --git a/webcit/auth.c b/webcit/auth.c
index 656dfdc6f..0628d223d 100644
--- a/webcit/auth.c
+++ b/webcit/auth.c
@@ -1,28 +1,21 @@
 /*
  * These functions handle authentication of users to a Citadel server.
  *
- * Copyright (c) 1996-2011 by the citadel.org team
+ * Copyright (c) 1996-2021 by the citadel.org team
  *
- * This program is open source software.  You can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 3 of the
- * License, or (at your option) any later version.
+ * This program is open source software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License, version 3.
  *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  */
 
 #include "webcit.h"
-#include "webserver.h"
+
 #include <ctype.h>
 
-extern uint32_t hashlittle( const void *key, size_t length, uint32_t initval);
 
 /*
  * Access level definitions.  This is initialized from a function rather than a
@@ -51,7 +44,7 @@ void initialize_axdefs(void) {
 	axdefs[5] = _("Preferred User");
 
 	/* chief */
-	axdefs[6] = _("Aide");          
+	axdefs[6] = _("Admin");          
 }
 
 
@@ -396,7 +389,7 @@ void finalize_openid_login(void)
 
 	/* Something went VERY wrong if we get to this point */
 	else {
-		syslog(1, "finalize_openid_login() failed to do anything.  This is a code problem.\n");
+		syslog(LOG_DEBUG, "finalize_openid_login() failed to do anything.  This is a code problem.\n");
 		begin_burst();
 		output_headers(1, 0, 0, 0, 1, 0);
 		wc_printf("<html><body>");
@@ -415,51 +408,9 @@ void finalize_openid_login(void)
 
 /*
  * Display a welcome screen to the user.
- *
- * If this is the first time login, and the web based setup is enabled, 
- * lead the user through the setup routines
  */
-void do_welcome(void)
-{
+void do_welcome(void) {
 	StrBuf *Buf;
-#ifdef XXX_NOT_FINISHED_YET_XXX
-	FILE *fp;
-	int i;
-
-	/**
-	 * See if we have to run the first-time setup wizard
-	 */
-	if (WC->is_aide) {
-		if (!setup_wizard) {
-			int len;
-			sprintf(wizard_filename, "setupwiz.%s.%s",
-				ctdlhost, ctdlport);
-			len = strlen(wizard_filename);
-			for (i=0; i<len; ++i) {
-				if (	(wizard_filename[i]==' ')
-					|| (wizard_filename[i] == '/')
-				) {
-					wizard_filename[i] = '_';
-				}
-			}
-	
-			fp = fopen(wizard_filename, "r");
-			if (fp != NULL) {
-				fgets(buf, sizeof buf, fp);
-				buf[strlen(buf)-1] = 0;
-				fclose(fp);
-				if (atoi(buf) == serv_info.serv_rev_level) {
-					setup_wizard = 1;	/* already run */
-				}
-			}
-		}
-
-		if (!setup_wizard) {
-			http_redirect("setup_wizard");
-		}
-	}
-#endif
-
 	/*
 	 * Go to the user's preferred start page
 	 */
@@ -474,7 +425,7 @@ void do_welcome(void)
 	if (StrLength(Buf) == 0) {
 		StrBufAppendBufPlain(Buf, "dotgoto?room=_BASEROOM_", -1, 0);
 	}
-	syslog(9, "Redirecting to user's start page: %s\n", ChrPtr(Buf));
+	syslog(LOG_DEBUG, "Redirecting to user's start page: %s\n", ChrPtr(Buf));
 	http_redirect(ChrPtr(Buf));
 }
 
@@ -483,7 +434,6 @@ void do_welcome(void)
  * Disconnect from the Citadel server, and end this WebCit session
  */
 void end_webcit_session(void) {
-	
 	serv_puts("QUIT");
 	WC->killthis = 1;
 	/* close() of citadel socket will be done by do_housekeeping() */
@@ -511,46 +461,8 @@ void do_logout(void)
 
 	/* Calling output_headers() this way causes the cookies to be un-set */
 	output_headers(1, 1, 0, 1, 0, 0);
-
-	/* For sites in guest mode, redirect to the landing page after we're logged out */
-	if (WC->serv_info->serv_supports_guest) {
-		wc_printf("	<script type=\"text/javascript\">	"
-			"	window.location='/';			"
-			"	</script>				"
-		);
-	}
-
-	wc_printf("<div id=\"logout_screen\">");
-        wc_printf("<div class=\"box\">");
-        wc_printf("<div class=\"boxlabel\">");
-	wc_printf(_("Log off"));
-        wc_printf("</div><div class=\"boxcontent\">");
-	serv_puts("MESG goodbye");
-	serv_getln(buf, sizeof buf);
-
-	if (WCC->serv_sock >= 0) {
-		if (buf[0] == '1') {
-			fmout("'CENTER'");
-		} else {
-			wc_printf("Goodbye\n");
-		}
-	}
-	else {
-		wc_printf(_("This program was unable to connect or stay "
-			"connected to the Citadel server.  Please report "
-			"this problem to your system administrator.")
-		);
-		wc_printf("<a href=\"http://www.citadel.org/doku.php/"
-			"faq:mastering_your_os:net#netstat\">%s</a>",
-			_("Read More..."));
-	}
-
-	wc_printf("<hr /><div class=\"buttons\"> "
-		"<span class=\"button_link\"><a href=\".\">");
-	wc_printf(_("Log in again"));
-	wc_printf("</a></span>");
-	wc_printf("</div></div></div>\n");
-	if (WC->serv_info->serv_supports_guest) {
+	do_template("logout");
+	if ((WCC->serv_info != NULL) && WCC->serv_info->serv_supports_guest) {
 		display_default_landing_page();
 		return;
 	}
@@ -565,33 +477,19 @@ void do_logout(void)
  */
 void monitor(void)
 {
-	wcsession *WCC = WC;
-	char buf[SIZ];
+	output_headers(0, 0, 0, 0, 0, 0);
 
-	FlushStrBuf(WCC->wc_username);
-	FlushStrBuf(WCC->wc_password);
-	FlushStrBuf(WCC->wc_fullname);
-	FlushRoomlist();
-
-	serv_puts("LOUT");
-	serv_getln(buf, sizeof buf);
-	WCC->logged_in = 0;
-
-	FlushStrBuf(WCC->CurRoom.name);
-
-	/* Calling output_headers() this way causes the cookies to be un-set */
-	output_headers(1, 0, 0, 1, 1, 0);
+	hprintf("Content-type: text/plain\r\n"
+		"Server: " PACKAGE_STRING "\r\n"
+		"Connection: close\r\n"
+	);
+	begin_burst();
 
-	wc_printf("<html><body><tt>");
-	wc_printf("<strong>WebCit monitoring screen</strong><br>\n");
-	wc_printf("Connection to Citadel server at %s:%s : %s<br>\n",
-		ctdlhost, ctdlport,
+	wc_printf("Connection to Citadel server in %s : %s\r\n", ctdl_dir,
 		(WC->connected ? "SUCCESS" : "FAIL")
 	);
-	wc_printf("</body></html>\n");
 
-	wDumpContent(2);
-	end_webcit_session();
+	wDumpContent(0);
 }
 
 
@@ -748,7 +646,7 @@ void display_reg(int during_login)
 	Buf = NewStrBuf();
 	memset(&Room, 0, sizeof(folder));
 	if (goto_config_room(Buf, &Room) != 0) {
-		syslog(9, "display_reg() exiting because goto_config_room() failed\n");
+		syslog(LOG_WARNING, "display_reg() exiting because goto_config_room() failed\n");
 		if (during_login) {
 			pop_destination();
 		}
@@ -764,7 +662,7 @@ void display_reg(int during_login)
 	FreeStrBuf(&Buf);
 	vcard_msgnum = locate_user_vcard_in_this_room(&VCMsg, &VCAtt);
 	if (vcard_msgnum < 0L) {
-		syslog(9, "display_reg() exiting because locate_user_vcard_in_this_room() failed\n");
+		syslog(LOG_WARNING, "display_reg() exiting because locate_user_vcard_in_this_room() failed\n");
 		if (during_login) {
 			pop_destination();
 		}
@@ -787,74 +685,17 @@ void display_reg(int during_login)
 
 }
 
-
-/*
- * display form for changing your password
- */
-void display_changepw(void)
-{
-	WCTemplputParams SubTP;
-	char buf[SIZ];
-	StrBuf *Buf;
-	output_headers(1, 1, 1, 0, 0, 0);
-
-	Buf = NewStrBufPlain(_("Change your password"), -1);
-	memset(&SubTP, 0, sizeof(WCTemplputParams));
-	SubTP.Filter.ContextType = CTX_STRBUF;
-	SubTP.Context = Buf;
-	DoTemplate(HKEY("box_begin"), NULL, &SubTP);
-
-	FreeStrBuf(&Buf);
-
-	if (!IsEmptyStr(WC->ImportantMessage)) {
-		wc_printf("<span class=\"errormsg\">"
-			"%s</span><br>\n", WC->ImportantMessage);
-		safestrncpy(WC->ImportantMessage, "", sizeof WC->ImportantMessage);
-	}
-
-	serv_puts("MESG changepw");
-	serv_getln(buf, sizeof buf);
-	if (buf[0] == '1') {
-		fmout("CENTER");
-	}
-
-	wc_printf("<form name=\"changepwform\" action=\"changepw\" method=\"post\">\n");
-	wc_printf("<input type=\"hidden\" name=\"nonce\" value=\"%d\">\n", WC->nonce);
-	wc_printf("<table class=\"altern\" ");
-	wc_printf("<tr class=\"even\"><td>");
-	wc_printf(_("Enter new password:"));
-	wc_printf("</td><td>");
-	wc_printf("<input type=\"password\" name=\"newpass1\" value=\"\" maxlength=\"20\"></td></tr>\n");
-	wc_printf("<tr class=\"odd\"><td>");
-	wc_printf(_("Enter it again to confirm:"));
-	wc_printf("</td><td>");
-	wc_printf("<input type=\"password\" name=\"newpass2\" value=\"\" maxlength=\"20\"></td></tr>\n");
-	wc_printf("</table>\n");
-
-	wc_printf("<div class=\"buttons\">\n");
-	wc_printf("<input type=\"submit\" name=\"change_action\" value=\"%s\">", _("Change password"));
-	wc_printf("&nbsp;");
-	wc_printf("<input type=\"submit\" name=\"cancel_action\" value=\"%s\">\n", _("Cancel"));
-	wc_printf("</div>\n");
-	wc_printf("</form>\n");
-
-	do_template("box_end");
-	wDumpContent(1);
-}
-
 /*
  * change password
  * if passwords match, propagate it to citserver.
  */
 void changepw(void)
 {
-	char buf[SIZ];
+	StrBuf *Line;
 	char newpass1[32], newpass2[32];
 
 	if (!havebstr("change_action")) {
-		safestrncpy(WC->ImportantMessage, 
-			_("Cancelled.  Password was not changed."),
-			sizeof WC->ImportantMessage);
+		AppendImportantMessage(_("Cancelled.  Password was not changed."), -1);
 		display_main_menu();
 		return;
 	}
@@ -863,36 +704,37 @@ void changepw(void)
 	safestrncpy(newpass2, bstr("newpass2"), sizeof newpass2);
 
 	if (strcasecmp(newpass1, newpass2)) {
-		safestrncpy(WC->ImportantMessage, 
-			_("They don't match.  Password was not changed."),
-			sizeof WC->ImportantMessage);
-		display_changepw();
+		AppendImportantMessage(_("They don't match.  Password was not changed."), -1);
+		do_template("menu_change_pw");
 		return;
 	}
 
 	if (IsEmptyStr(newpass1)) {
-		safestrncpy(WC->ImportantMessage, 
-			_("Blank passwords are not allowed."),
-			sizeof WC->ImportantMessage);
-		display_changepw();
+		AppendImportantMessage(_("Blank passwords are not allowed."), -1);
+		do_template("menu_change_pw");
 		return;
 	}
 
+	Line = NewStrBuf();
 	serv_printf("SETP %s", newpass1);
-	serv_getln(buf, sizeof buf);
-	sprintf(WC->ImportantMessage, "%s", &buf[4]);
-	if (buf[0] == '2') {
+	StrBuf_ServGetln(Line);
+	if (GetServerStatusMsg(Line, NULL, 1, 0) == 2) {
 		if (WC->wc_password == NULL)
-			WC->wc_password = NewStrBufPlain(buf, -1);
+			WC->wc_password = NewStrBufPlain(
+				ChrPtr(Line) + 4, 
+				StrLength(Line) - 4);
 		else {
 			FlushStrBuf(WC->wc_password);
-			StrBufAppendBufPlain(WC->wc_password,  buf, -1, 0);
+			StrBufAppendBufPlain(WC->wc_password,  
+					     ChrPtr(Line) + 4, 
+					     StrLength(Line) - 4, 0);
 		}
 		display_main_menu();
 	}
 	else {
-		display_changepw();
+		do_template("menu_change_pw");
 	}
+	FreeStrBuf(&Line);
 }
 
 
@@ -955,7 +797,7 @@ void Header_HandleAuth(StrBuf *Line, ParsedHttpHdrs *hdr)
 			hdr->HR.got_auth = AUTH_BASIC;
 		}
 		else 
-			syslog(1, "Authentication scheme not supported! [%s]\n", ChrPtr(Line));
+			syslog(LOG_WARNING, "Authentication scheme not supported! [%s]\n", ChrPtr(Line));
 	}
 }
 
@@ -969,11 +811,6 @@ void CheckAuthBasic(ParsedHttpHdrs *hdr)
 */
 	StrBufAppendBufPlain(hdr->HR.plainauth, HKEY(":"), 0);
 	StrBufAppendBuf(hdr->HR.plainauth, hdr->HR.user_agent, 0);
-	hdr->HR.SessionKey = hashlittle(SKEY(hdr->HR.plainauth), 89479832);
-/*
-	syslog(1, "CheckAuthBasic: calculated sessionkey %ld\n", 
-		hdr->HR.SessionKey);
-*/
 }
 
 
@@ -1067,7 +904,6 @@ InitModule_AUTH
 	WebcitAddUrlHandler(HKEY("validate"), "", 0, validate, 0);
 	WebcitAddUrlHandler(HKEY("do_welcome"), "", 0, do_welcome, 0);
 	WebcitAddUrlHandler(HKEY("display_reg"), "", 0, _display_reg, 0);
-	WebcitAddUrlHandler(HKEY("display_changepw"), "", 0, display_changepw, 0);
 	WebcitAddUrlHandler(HKEY("changepw"), "", 0, changepw, 0);
 	WebcitAddUrlHandler(HKEY("termquit"), "", 0, do_logout, 0);
 	WebcitAddUrlHandler(HKEY("do_logout"), "", 0, do_logout, ANONYMOUS|COOKIEUNNEEDED|FORCE_SESSIONCLOSE);
@@ -1075,9 +911,9 @@ InitModule_AUTH
 	WebcitAddUrlHandler(HKEY("ajax_login_username_password"), "", 0, ajax_login_username_password, AJAX|ANONYMOUS);
 	WebcitAddUrlHandler(HKEY("ajax_login_newuser"), "", 0, ajax_login_newuser, AJAX|ANONYMOUS);
 	WebcitAddUrlHandler(HKEY("switch_language"), "", 0, switch_language, ANONYMOUS);
-	RegisterConditional(HKEY("COND:AIDE"), 2, ConditionalAide, CTX_NONE);
-	RegisterConditional(HKEY("COND:LOGGEDIN"), 2, ConditionalIsLoggedIn, CTX_NONE);
-	RegisterConditional(HKEY("COND:MAY_CREATE_ROOM"), 2,  ConditionalHaveAccessCreateRoom, CTX_NONE);
+	RegisterConditional("COND:AIDE", 2, ConditionalAide, CTX_NONE);
+	RegisterConditional("COND:LOGGEDIN", 2, ConditionalIsLoggedIn, CTX_NONE);
+	RegisterConditional("COND:MAY_CREATE_ROOM", 2,  ConditionalHaveAccessCreateRoom, CTX_NONE);
 	return;
 }