* nonce (for APOP-style auth) is now generated when a context is created

  instead of during protocol greeting functions.
* Moved Citadel protocol nonce output from greeting to INFO

diff --git a/citadel/ChangeLog b/citadel/ChangeLog
index 4586edfba7afeb831f81036e287b009e6379cb6e..de4f01b7953a393566eeb8a29588632953342dc8 100644 (file)
--- a/citadel/ChangeLog
+++ b/citadel/ChangeLog
@@ -1,4 +1,9 @@
  $Log$
+ Revision 572.27  2000/08/22 02:31:47  ajc
+ * nonce (for APOP-style auth) is now generated when a context is created
+   instead of during protocol greeting functions.
+ * Moved Citadel protocol nonce output from greeting to INFO
+
  Revision 572.26  2000/08/18 21:09:36  ajc
  * Added a little more mailing list code to serv_network.c
 
@@ -1994,4 +1999,3 @@ Sat Jul 11 00:20:48 EDT 1998 Nathan Bryant <bryant@cs.usm.maine.edu>
 
 Fri Jul 10 1998 Art Cancro <ajc@uncnsrd.mt-kisco.ny.us>
        * Initial CVS import 
-

diff --git a/citadel/citserver.c b/citadel/citserver.c
index 95085d2e8417987562996a803a29f172678db899..b0b046332eaf118e612b4bc14493f26ae22a5280 100644 (file)
--- a/citadel/citserver.c
+++ b/citadel/citserver.c
@@ -305,21 +305,22 @@ void CtdlReallocUserData(unsigned long requested_sym, size_t num_bytes)
  * cmd_info()  -  tell the client about this server
  */
 void cmd_info(void) {
-       cprintf("%d Server info:\n",LISTING_FOLLOWS);
-       cprintf("%d\n",CC->cs_pid);
-       cprintf("%s\n",config.c_nodename);
-       cprintf("%s\n",config.c_humannode);
-       cprintf("%s\n",config.c_fqdn);
-       cprintf("%s\n",CITADEL);
-       cprintf("%d\n",REV_LEVEL);
-       cprintf("%s\n",config.c_bbs_city);
-       cprintf("%s\n",config.c_sysadm);
-       cprintf("%d\n",SERVER_TYPE);
-       cprintf("%s\n",config.c_moreprompt);
+       cprintf("%d Server info:\n", LISTING_FOLLOWS);
+       cprintf("%d\n", CC->cs_pid);
+       cprintf("%s\n", config.c_nodename);
+       cprintf("%s\n", config.c_humannode);
+       cprintf("%s\n", config.c_fqdn);
+       cprintf("%s\n", CITADEL);
+       cprintf("%d\n", REV_LEVEL);
+       cprintf("%s\n", config.c_bbs_city);
+       cprintf("%s\n", config.c_sysadm);
+       cprintf("%d\n", SERVER_TYPE);
+       cprintf("%s\n", config.c_moreprompt);
        cprintf("1\n"); /* 1 = yes, this system supports floors */
        cprintf("1\n"); /* 1 = we support the extended paging options */
+       cprintf("%s\n", CC->cs_nonce);
        cprintf("000\n");
-       }
+}
 
 
 /*
@@ -731,6 +732,25 @@ void cmd_scdn(char *argbuf)
        }
 
 
+/*
+ * Generate a "nonce" for APOP-style authentication.
+ *
+ * RFC 1725 et al specify a PID to be placed in front of the nonce.
+ * Quoth BTX: That would be stupid.
+ */
+void generate_nonce(struct CitContext *con) {
+       struct timeval tv;
+
+       memset(con->cs_nonce, NONCE_SIZE, 0);
+       gettimeofday(&tv, NULL);
+       memset(con->cs_nonce, NONCE_SIZE, 0);
+       snprintf(con->cs_nonce, NONCE_SIZE, "<%d%ld@%s>",
+               rand(), tv.tv_usec, config.c_fqdn);
+}
+
+
+
+
 /*
  * Back-end function for starting a session
  */
@@ -753,11 +773,11 @@ void begin_session(struct CitContext *con)
        strcpy(con->cs_clientname, "(unknown)");
        strcpy(con->curr_user, NLI);
        strcpy(con->net_node,"");
-       con->fake_username[0] = '\0';
-       con->fake_postname[0] = '\0';
-       con->fake_hostname[0] = '\0';
-       con->fake_roomname[0] = '\0';
-       memset(con->cs_nonce, NONCE_SIZE, 0);
+       strcpy(con->fake_username, "");
+       strcpy(con->fake_postname, "");
+       strcpy(con->fake_hostname, "");
+       strcpy(con->fake_roomname, "");
+       generate_nonce(con);
        snprintf(con->temp, sizeof con->temp, tmpnam(NULL));
        safestrncpy(con->cs_host, config.c_fqdn, sizeof con->cs_host);
        con->cs_host[sizeof con->cs_host - 1] = 0;
@@ -789,8 +809,6 @@ void begin_session(struct CitContext *con)
 
 
 void citproto_begin_session() {
-       struct timeval  tv;
-       
        if (CC->nologin==1) {
                cprintf("%d %s: Too many users are already online "
                        "(maximum is %d)\n",
@@ -798,16 +816,8 @@ void citproto_begin_session() {
                        config.c_nodename, config.c_maxsessions);
                }
        else {
-               gettimeofday(&tv, NULL);
-               memset(CC->cs_nonce, NONCE_SIZE, 0);
-               snprintf(CC->cs_nonce, NONCE_SIZE, "<%d%ld@%s>", rand(), tv.tv_usec, config.c_nodename);
-
-/* RFC 1725 et al specify a PID to be placed in front of the nonce.
- * Quoth BTX: That would be stupid.
- */
-               
-               cprintf("%d %s Citadel/UX server ready %s.\n",
-                       OK, config.c_nodename, CC->cs_nonce);
+               cprintf("%d %s Citadel/UX server ready.\n",
+                       OK, config.c_nodename);
                }
 }
 

diff --git a/citadel/serv_pop3.c b/citadel/serv_pop3.c
index 715445e8e41e9e7651636482f4ce67804fac8ca3..9ba67f9f6eb541b5ae1589750f110c58f824e251 100644 (file)
--- a/citadel/serv_pop3.c
+++ b/citadel/serv_pop3.c
@@ -83,12 +83,7 @@ void pop3_cleanup_function(void) {
  * Here's where our POP3 session begins its happy day.
  */
 void pop3_greeting(void) {
-       struct timeval  tv;
-       
        strcpy(CC->cs_clientname, "POP3 session");
-       gettimeofday(&tv, NULL);
-       memset(CC->cs_nonce, NONCE_SIZE, 0);
-       snprintf(CC->cs_nonce, NONCE_SIZE, "<%d%ld@%s>", rand(), tv.tv_usec, config.c_fqdn);
        CC->internal_pgm = 1;
        CtdlAllocUserData(SYM_POP3, sizeof(struct citpop3));
        POP3->msgs = NULL;

diff --git a/citadel/techdoc/session.txt b/citadel/techdoc/session.txt
index 4246ec257484f239aa0fc2a2ee1bf41e82f443f5..abe1d0ef1488d036f1b779affcc82303790207ef 100644 (file)
--- a/citadel/techdoc/session.txt
+++ b/citadel/techdoc/session.txt
@@ -525,6 +525,9 @@ parts of the listing:
  Line 12 - Paging level.  0 if the system only supports inline paging,
            1 if the system supports "extended" paging (check-only and
            multiline modes).  See the SEXP command for further information.
+ Line 13 - The "nonce" for this session, for support of APOP-style
+           authentication.  If this field is present, clients may authenticate
+           in this manner.
  
  *** NOTE! ***   The "server type" code is intended to promote global
 compatibility in a scenario in which developers have added proprietary