citadel/user_ops.c

   1 /* needed to properly enable crypt() stuff on some systems */
   2 #define _XOPEN_SOURCE
   3 /* needed for str[n]casecmp() on some systems if the above is defined */
   4 #define _XOPEN_SOURCE_EXTENDED
   5
   6 #include <stdlib.h>
   7 #include <unistd.h>
   8 #include <stdio.h>
   9 #include <fcntl.h>
  10 #include <signal.h>
  11 #include <pwd.h>
  12 #include <sys/types.h>
  13 #include <sys/time.h>
  14 #include <string.h>
  15 #include <syslog.h>
  16 #include <pthread.h>
  17 #include "citadel.h"
  18 #include "server.h"
  19 #include "database.h"
  20 #include "user_ops.h"
  21 #include "sysdep_decls.h"
  22 #include "support.h"
  23 #include "hooks.h"
  24 #include "room_ops.h"
  25 #include "logging.h"
  26 #include "file_ops.h"
  27 #include "control.h"
  28 #include "msgbase.h"
  29
  30 extern struct config config;
  31
  32
  33 /*
  34  * hash()  -  hash table function for user lookup
  35  */
  36 int hash(char *str)
  37 {
  38         int h = 0;
  39         int i;
  40
  41         for (i=0; i<strlen(str); ++i) h=h+((i+1)*tolower(str[i]));
  42         return(h);
  43         }
  44
  45
  46 /*
  47  * getuser()  -  retrieve named user into supplied buffer.
  48  *               returns 0 on success
  49  */
  50 int getuser(struct usersupp *usbuf, char name[]) {
  51
  52         char lowercase_name[32];
  53         int a;
  54         struct cdbdata *cdbus;
  55
  56         bzero(usbuf, sizeof(struct usersupp));
  57         for (a=0; a<=strlen(name); ++a) {
  58                 lowercase_name[a] = tolower(name[a]);
  59                 }
  60
  61         cdbus = cdb_fetch(CDB_USERSUPP, lowercase_name, strlen(lowercase_name));
  62         if (cdbus == NULL) {
  63                 return(1);      /* user not found */
  64                 }
  65
  66         memcpy(usbuf, cdbus->ptr,
  67                 ( (cdbus->len > sizeof(struct usersupp)) ?
  68                 sizeof(struct usersupp) : cdbus->len) );
  69         cdb_free(cdbus);
  70         return(0);
  71         }
  72
  73
  74 /*
  75  * lgetuser()  -  same as getuser() but locks the record
  76  */
  77 int lgetuser(struct usersupp *usbuf, char *name)
  78 {
  79         int retcode;
  80
  81         retcode = getuser(usbuf,name);
  82         if (retcode == 0) {
  83                 begin_critical_section(S_USERSUPP);
  84                 }
  85         return(retcode);
  86         }
  87
  88
  89 /*
  90  * putuser()  -  write user buffer into the correct place on disk
  91  */
  92 void putuser(struct usersupp *usbuf, char *name)
  93 {
  94         char lowercase_name[32];
  95         int a;
  96
  97         for (a=0; a<=strlen(name); ++a) {
  98                 lowercase_name[a] = tolower(name[a]);
  99                 }
 100
 101         cdb_store(CDB_USERSUPP,
 102                 lowercase_name, strlen(lowercase_name),
 103                 usbuf, sizeof(struct usersupp));
 104
 105         }
 106
 107
 108 /*
 109  * lputuser()  -  same as putuser() but locks the record
 110  */
 111 void lputuser(struct usersupp *usbuf, char *name) {
 112         putuser(usbuf,name);
 113         end_critical_section(S_USERSUPP);
 114         }
 115
 116
 117 /*
 118  * Is the user currently logged in an Aide?
 119  */
 120 int is_aide(void) {
 121         if (CC->usersupp.axlevel >= 6) return(1);
 122         else return(0);
 123         }
 124
 125
 126 /*
 127  * Is the user currently logged in an Aide *or* the room aide for this room?
 128  */
 129 int is_room_aide(void) {
 130         if ( (CC->usersupp.axlevel >= 6)
 131            || (CC->quickroom.QRroomaide == CC->usersupp.usernum) ) {
 132                 return(1);
 133                 }
 134         else {
 135                 return(0);
 136                 }
 137         }
 138
 139 /*
 140  * getuserbynumber()  -  get user by number
 141  *                       returns 0 if user was found
 142  */
 143 int getuserbynumber(struct usersupp *usbuf, long int number)
 144 {
 145         struct cdbdata *cdbus;
 146
 147         cdb_rewind(CDB_USERSUPP);
 148
 149         while(cdbus = cdb_next_item(CDB_USERSUPP), cdbus != NULL) {
 150                 bzero(usbuf, sizeof(struct usersupp));
 151                 memcpy(usbuf, cdbus->ptr,
 152                         ( (cdbus->len > sizeof(struct usersupp)) ?
 153                         sizeof(struct usersupp) : cdbus->len) );
 154                 cdb_free(cdbus);
 155                 if (usbuf->usernum == number) {
 156                         return(0);
 157                         }
 158                 }
 159         return(-1);
 160         }
 161
 162
 163 /*
 164  * USER cmd
 165  */
 166 void cmd_user(char *cmdbuf)
 167 {
 168         char username[256];
 169         char autoname[256];
 170         int found_user = 0;
 171         struct passwd *p;
 172         int a;
 173
 174         extract(username,cmdbuf,0);
 175         username[25] = 0;
 176         strproc(username);
 177
 178         if ((CC->logged_in)) {
 179                 cprintf("%d Already logged in.\n",ERROR);
 180                 return;
 181                 }
 182
 183         found_user = getuser(&CC->usersupp,username);
 184         if (found_user != 0) {
 185                 p = (struct passwd *)getpwnam(username);
 186                 if (p!=NULL) {
 187                         strcpy(autoname,p->pw_gecos);
 188                         for (a=0; a<strlen(autoname); ++a)
 189                                 if (autoname[a]==',') autoname[a]=0;
 190                         found_user = getuser(&CC->usersupp,autoname);
 191                         }
 192                 }
 193         if (found_user == 0) {
 194                 if (((CC->nologin)) && (CC->usersupp.axlevel < 6)) {
 195                         cprintf("%d %s: Too many users are already online (maximum is %d)\n",
 196                         ERROR+MAX_SESSIONS_EXCEEDED,
 197                         config.c_nodename,config.c_maxsessions);
 198                         }
 199                 else {
 200                         strcpy(CC->curr_user,CC->usersupp.fullname);
 201                         cprintf("%d Password required for %s\n",
 202                                 MORE_DATA,CC->curr_user);
 203                         }
 204                 }
 205         else {
 206                 cprintf("%d %s not found.\n",ERROR,username);
 207                 }
 208         }
 209
 210
 211
 212 /*
 213  * session startup code which is common to both cmd_pass() and cmd_newu()
 214  */
 215 void session_startup(void) {
 216         int a;
 217         struct quickroom qr;
 218
 219         syslog(LOG_NOTICE,"user <%s> logged in",CC->curr_user);
 220         hook_user_login(CC->cs_pid, CC->curr_user);
 221         lgetuser(&CC->usersupp,CC->curr_user);
 222         ++(CC->usersupp.timescalled);
 223         CC->fake_username[0] = '\0';
 224         CC->fake_postname[0] = '\0';
 225         CC->fake_hostname[0] = '\0';
 226         CC->fake_roomname[0] = '\0';
 227         CC->last_pager[0] = '\0';
 228         time(&CC->usersupp.lastcall);
 229
 230         /* If this user's name is the name of the system administrator
 231          * (as specified in setup), automatically assign access level 6.
 232          */
 233         if (!strcasecmp(CC->usersupp.fullname, config.c_sysadm)) {
 234                 CC->usersupp.axlevel = 6;
 235                 }
 236
 237 /* A room's generation number changes each time it is recycled. Users are kept
 238  * out of private rooms or forget rooms by matching the generation numbers. To
 239  * avoid an accidental matchup, unmatched numbers are set to -1 here.
 240  */
 241         for (a=0; a<MAXROOMS; ++a) {
 242                 getroom(&qr,a);
 243                 if (CC->usersupp.generation[a] != qr.QRgen)
 244                                         CC->usersupp.generation[a]=(-1);
 245                 if (CC->usersupp.forget[a] != qr.QRgen)
 246                                         CC->usersupp.forget[a]=(-1);
 247                 }
 248
 249         lputuser(&CC->usersupp,CC->curr_user);
 250
 251         cprintf("%d %s|%d|%d|%d|%u|%ld\n",OK,CC->usersupp.fullname,CC->usersupp.axlevel,
 252                 CC->usersupp.timescalled,CC->usersupp.posted,CC->usersupp.flags,
 253                 CC->usersupp.usernum);
 254         usergoto(0,0);          /* Enter the lobby */
 255         rec_log(CL_LOGIN,CC->curr_user);
 256         }
 257
 258
 259
 260 /*
 261  * misc things to be taken care of when a user is logged out
 262  */
 263 void logout(struct CitContext *who)
 264 {
 265         who->logged_in = 0;
 266         if (who->download_fp != NULL) {
 267                 fclose(who->download_fp);
 268                 who->download_fp = NULL;
 269                 }
 270         if (who->upload_fp != NULL) {
 271                 abort_upl(who);
 272                 }
 273         }
 274
 275
 276 void cmd_pass(char *buf)
 277 {
 278         char password[256];
 279         int code;
 280         struct passwd *p;
 281
 282         extract(password,buf,0);
 283
 284         if ((CC->logged_in)) {
 285                 cprintf("%d Already logged in.\n",ERROR);
 286                 return;
 287                 }
 288         if (!strcmp(CC->curr_user,"")) {
 289                 cprintf("%d You must send a name with USER first.\n",ERROR);
 290                 return;
 291                 }
 292         if (getuser(&CC->usersupp,CC->curr_user)) {
 293                 cprintf("%d Can't find user record!\n",ERROR+INTERNAL_ERROR);
 294                 return;
 295                 }
 296
 297         code = (-1);
 298         if (CC->usersupp.USuid == BBSUID) {
 299                 strproc(password);
 300                 strproc(CC->usersupp.password);
 301                 code = strcasecmp(CC->usersupp.password,password);
 302                 }
 303         else {
 304                 p = (struct passwd *)getpwuid(CC->usersupp.USuid);
 305 #ifdef ENABLE_AUTOLOGIN
 306                 if (p!=NULL) {
 307                         if (!strcmp(p->pw_passwd,
 308                            (char *)crypt(password,p->pw_passwd))) {
 309                                 code = 0;
 310                                 lgetuser(&CC->usersupp, CC->curr_user);
 311                                 strcpy(CC->usersupp.password, password);
 312                                 lputuser(&CC->usersupp, CC->curr_user);
 313                                 }
 314                         }
 315 #endif
 316                 }
 317
 318         if (!code) {
 319                 (CC->logged_in) = 1;
 320                 session_startup();
 321                 }
 322         else {
 323                 cprintf("%d Wrong password.\n",ERROR);
 324                 rec_log(CL_BADPW,CC->curr_user);
 325                 }
 326         }
 327
 328
 329 /*
 330  * Delete a user record *and* all of its related resources.
 331  */
 332 int purge_user(char *pname) {
 333         char filename[64];
 334         struct usersupp usbuf;
 335         int a;
 336         struct cdbdata *cdbmb;
 337         long *mailbox;
 338         int num_mails;
 339
 340         if (getuser(&usbuf, pname) != 0) {
 341                 lprintf(5, "Cannot purge user <%s> - not found\n", pname);
 342                 return(1);
 343                 }
 344
 345         /* FIX   Don't delete a user who is currently logged in. */
 346
 347         /* delete any messages in the user's mailbox */
 348         cdbmb = cdb_fetch(CDB_MAILBOXES, &usbuf.usernum, sizeof(long));
 349         if (cdbmb != NULL) {
 350                 num_mails = cdbmb->len / sizeof(long);
 351                 mailbox = (long *) cdbmb->ptr;
 352                 if (num_mails > 0) for (a=0; a<num_mails; ++a) {
 353                         cdb_delete(CDB_MSGMAIN, &mailbox[a], sizeof(long));
 354                         }
 355                 cdb_free(cdbmb);
 356                 /* now delete the mailbox itself */
 357                 cdb_delete(CDB_MAILBOXES, &usbuf.usernum, sizeof(long));
 358                 }
 359
 360
 361         /* delete the userlog entry */
 362         cdb_delete(CDB_USERSUPP, pname, strlen(pname));
 363
 364         /* remove the user's bio file */
 365         sprintf(filename, "./bio/%ld", usbuf.usernum);
 366         unlink(filename);
 367
 368         /* remove the user's picture */
 369         sprintf(filename, "./userpics/%ld.gif", usbuf.usernum);
 370         unlink(filename);
 371
 372         return(0);
 373         }
 374
 375
 376 /*
 377  * create_user()  -  back end processing to create a new user
 378  */
 379 int create_user(char *newusername)
 380 {
 381         struct usersupp usbuf;
 382         int a;
 383         struct passwd *p = NULL;
 384         char username[64];
 385
 386         strcpy(username, newusername);
 387         strproc(username);
 388
 389 #ifdef ENABLE_AUTOLOGIN
 390         p = (struct passwd *)getpwnam(username);
 391 #endif
 392         if (p != NULL) {
 393                 strcpy(username, p->pw_gecos);
 394                 for (a=0; a<strlen(username); ++a) {
 395                         if (username[a] == ',') username[a] = 0;
 396                         }
 397                 CC->usersupp.USuid = p->pw_uid;
 398                 }
 399         else {
 400                 CC->usersupp.USuid = BBSUID;
 401                 }
 402
 403         if (!getuser(&usbuf,username)) {
 404                 return(ERROR+ALREADY_EXISTS);
 405                 }
 406
 407         strcpy(CC->curr_user,username);
 408         strcpy(CC->usersupp.fullname,username);
 409         (CC->logged_in) = 1;
 410
 411         for (a=0; a<MAXROOMS; ++a) {
 412                 CC->usersupp.lastseen[a]=0L;
 413                 CC->usersupp.generation[a]=(-1);
 414                 CC->usersupp.forget[a]=(-1);
 415                 }
 416         strcpy(CC->usersupp.password,"");
 417
 418         /* These are the default flags on new accounts */
 419         CC->usersupp.flags =
 420                 US_NEEDVALID|US_LASTOLD|US_DISAPPEAR|US_PAGINATOR|US_FLOORS;
 421
 422         CC->usersupp.timescalled = 0;
 423         CC->usersupp.posted = 0;
 424         CC->usersupp.axlevel = INITAX;
 425         CC->usersupp.USscreenwidth = 80;
 426         CC->usersupp.USscreenheight = 24;
 427         time(&CC->usersupp.lastcall);
 428         strcpy(CC->usersupp.USname, "");
 429         strcpy(CC->usersupp.USaddr, "");
 430         strcpy(CC->usersupp.UScity, "");
 431         strcpy(CC->usersupp.USstate, "");
 432         strcpy(CC->usersupp.USzip, "");
 433         strcpy(CC->usersupp.USphone, "");
 434
 435         /* fetch a new user number */
 436         CC->usersupp.usernum = get_new_user_number();
 437
 438         if (CC->usersupp.usernum == 1L) {
 439                 CC->usersupp.axlevel = 6;
 440                 }
 441
 442         /* add user to userlog */
 443         putuser(&CC->usersupp,CC->curr_user);
 444         if (getuser(&CC->usersupp,CC->curr_user)) {
 445                 return(ERROR+INTERNAL_ERROR);
 446                 }
 447         rec_log(CL_NEWUSER,CC->curr_user);
 448         return(0);
 449         }
 450
 451
 452
 453
 454 /*
 455  * cmd_newu()  -  create a new user account
 456  */
 457 void cmd_newu(char *cmdbuf)
 458 {
 459         int a;
 460         char username[256];
 461
 462         if ((CC->logged_in)) {
 463                 cprintf("%d Already logged in.\n",ERROR);
 464                 return;
 465                 }
 466
 467         if ((CC->nologin)) {
 468                 cprintf("%d %s: Too many users are already online (maximum is %d)\n",
 469                 ERROR+MAX_SESSIONS_EXCEEDED,
 470                 config.c_nodename,config.c_maxsessions);
 471                 }
 472
 473         extract(username,cmdbuf,0);
 474         username[25] = 0;
 475         strproc(username);
 476
 477         if (strlen(username)==0) {
 478                 cprintf("%d You must supply a user name.\n",ERROR);
 479                 return;
 480                 }
 481
 482         a = create_user(username);
 483         if ((!strcasecmp(username, "bbs")) ||
 484             (!strcasecmp(username, "new")) ||
 485             (!strcasecmp(username, ".")))
 486         {
 487            cprintf("%d '%s' is an invalid login name.\n", ERROR);
 488            return;
 489         }
 490         if (a==ERROR+ALREADY_EXISTS) {
 491                 cprintf("%d '%s' already exists.\n",
 492                         ERROR+ALREADY_EXISTS,username);
 493                 return;
 494                 }
 495         else if (a==ERROR+INTERNAL_ERROR) {
 496                 cprintf("%d Internal error - user record disappeared?\n",
 497                         ERROR+INTERNAL_ERROR);
 498                 return;
 499                 }
 500         else if (a==0) {
 501                 session_startup();
 502                 }
 503         else {
 504                 cprintf("%d unknown error\n",ERROR);
 505                 }
 506         rec_log(CL_NEWUSER,CC->curr_user);
 507         }
 508
 509
 510
 511 /*
 512  * set password
 513  */
 514 void cmd_setp(char *new_pw)
 515 {
 516         if (!(CC->logged_in)) {
 517                 cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
 518                 return;
 519                 }
 520         if (CC->usersupp.USuid != BBSUID) {
 521                 cprintf("%d Not allowed.  Use the 'passwd' command.\n",ERROR);
 522                 return;
 523                 }
 524         strproc(new_pw);
 525         if (strlen(new_pw)==0) {
 526                 cprintf("%d Password unchanged.\n",OK);
 527                 return;
 528                 }
 529         lgetuser(&CC->usersupp,CC->curr_user);
 530         strcpy(CC->usersupp.password,new_pw);
 531         lputuser(&CC->usersupp,CC->curr_user);
 532         cprintf("%d Password changed.\n",OK);
 533         rec_log(CL_PWCHANGE,CC->curr_user);
 534         }
 535
 536 /*
 537  * get user parameters
 538  */
 539 void cmd_getu(void) {
 540         if (!(CC->logged_in)) {
 541                 cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
 542                 return;
 543                 }
 544         getuser(&CC->usersupp,CC->curr_user);
 545         cprintf("%d %d|%d|%d\n",
 546                 OK,
 547                 CC->usersupp.USscreenwidth,
 548                 CC->usersupp.USscreenheight,
 549                 (CC->usersupp.flags & US_USER_SET)
 550                 );
 551         }
 552
 553 /*
 554  * set user parameters
 555  */
 556 void cmd_setu(char *new_parms)
 557 {
 558
 559         if (num_parms(new_parms)!=3) {
 560                 cprintf("%d Usage error.\n",ERROR);
 561                 return;
 562                 }
 563         if (!(CC->logged_in)) {
 564                 cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
 565                 return;
 566                 }
 567         lgetuser(&CC->usersupp,CC->curr_user);
 568         CC->usersupp.USscreenwidth = extract_int(new_parms,0);
 569         CC->usersupp.USscreenheight = extract_int(new_parms,1);
 570         CC->usersupp.flags = CC->usersupp.flags & (~US_USER_SET);
 571         CC->usersupp.flags = CC->usersupp.flags |
 572                 (extract_int(new_parms,2) & US_USER_SET);
 573         lputuser(&CC->usersupp,CC->curr_user);
 574         cprintf("%d Ok\n",OK);
 575         }
 576
 577 /*
 578  * set last read pointer
 579  */
 580 void cmd_slrp(char *new_ptr)
 581 {
 582         long newlr;
 583
 584         if (!(CC->logged_in)) {
 585                 cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
 586                 return;
 587                 }
 588
 589         if (CC->curr_rm < 0) {
 590                 cprintf("%d No current room.\n",ERROR);
 591                 return;
 592                 }
 593
 594         if (!strncasecmp(new_ptr,"highest",7)) {
 595                 newlr = CC->quickroom.QRhighest;
 596                 }
 597         else {
 598                 newlr = atol(new_ptr);
 599                 }
 600
 601         lgetuser(&CC->usersupp, CC->curr_user);
 602         CC->usersupp.lastseen[CC->curr_rm] = newlr;
 603         lputuser(&CC->usersupp, CC->curr_user);
 604         cprintf("%d %ld\n",OK,newlr);
 605         }
 606
 607
 608 /*
 609  * INVT and KICK commands
 610  */
 611 void cmd_invt_kick(char *iuser, int op)
 612                         /* user name */
 613         {               /* 1 = invite, 0 = kick out */
 614         struct usersupp USscratch;
 615         char bbb[256];
 616
 617         if (!(CC->logged_in)) {
 618                 cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
 619                 return;
 620                 }
 621
 622         if (CC->curr_rm < 0) {
 623                 cprintf("%d No current room.\n",ERROR);
 624                 return;
 625                 }
 626
 627         if (is_room_aide()==0) {
 628                 cprintf("%d Higher access required.\n",
 629                         ERROR+HIGHER_ACCESS_REQUIRED);
 630                 return;
 631                 }
 632
 633         if ( (op==1) && ((CC->quickroom.QRflags&QR_PRIVATE)==0) ) {
 634                 cprintf("%d Not a private room.\n",ERROR+NOT_HERE);
 635                 return;
 636                 }
 637
 638         if (lgetuser(&USscratch,iuser)!=0) {
 639                 cprintf("%d No such user.\n",ERROR);
 640                 return;
 641                 }
 642
 643         if (op==1) {
 644                 USscratch.generation[CC->curr_rm]=CC->quickroom.QRgen;
 645                 USscratch.forget[CC->curr_rm]=(-1);
 646                 }
 647
 648         if (op==0) {
 649                 USscratch.generation[CC->curr_rm]=(-1);
 650                 USscratch.forget[CC->curr_rm]=CC->quickroom.QRgen;
 651                 }
 652
 653         lputuser(&USscratch,iuser);
 654
 655         /* post a message in Aide> saying what we just did */
 656         sprintf(bbb,"%s %s %s> by %s",
 657                 iuser,
 658                 ((op == 1) ? "invited to" : "kicked out of"),
 659                 CC->quickroom.QRname,
 660                 CC->usersupp.fullname);
 661         aide_message(bbb);
 662
 663         if ((op==0)&&((CC->quickroom.QRflags&QR_PRIVATE)==0)) {
 664                 cprintf("%d Ok. (Not a private room, <Z>ap effect only)\n",OK);
 665                 }
 666         else {
 667                 cprintf("%d Ok.\n",OK);
 668                 }
 669         return;
 670         }
 671
 672
 673 /*
 674  * forget (Zap) the current room
 675  */
 676 void cmd_forg(void) {
 677         if (!(CC->logged_in)) {
 678                 cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
 679                 return;
 680                 }
 681
 682         if (CC->curr_rm < 0) {
 683                 cprintf("%d No current room.\n",ERROR);
 684                 return;
 685                 }
 686
 687         if (CC->curr_rm < 3) {
 688                 cprintf("%d You cannot forget this room.\n",ERROR+NOT_HERE);
 689                 return;
 690                 }
 691
 692         if (is_aide()) {
 693                 cprintf("%d Aides cannot forget rooms.\n",ERROR);
 694                 return;
 695                 }
 696
 697         lgetuser(&CC->usersupp,CC->curr_user);
 698         CC->usersupp.forget[CC->curr_rm] = CC->quickroom.QRgen;
 699         CC->usersupp.generation[CC->curr_rm] = (-1);
 700         lputuser(&CC->usersupp,CC->curr_user);
 701         cprintf("%d Ok\n",OK);
 702         CC->curr_rm = (-1);
 703         }
 704
 705 /*
 706  * Get Next Unregistered User
 707  */
 708 void cmd_gnur(void) {
 709         struct cdbdata *cdbus;
 710         struct usersupp usbuf;
 711
 712         if (!(CC->logged_in)) {
 713                 cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
 714                 return;
 715                 }
 716
 717         if (CC->usersupp.axlevel < 6) {
 718                 cprintf("%d Higher access required.\n",
 719                         ERROR+HIGHER_ACCESS_REQUIRED);
 720                 return;
 721                 }
 722
 723         if ((CitControl.MMflags&MM_VALID)==0) {
 724                 cprintf("%d There are no unvalidated users.\n",OK);
 725                 return;
 726                 }
 727
 728         /* There are unvalidated users.  Traverse the usersupp database,
 729          * and return the first user we find that needs validation.
 730          */
 731         cdb_rewind(CDB_USERSUPP);
 732         while (cdbus = cdb_next_item(CDB_USERSUPP), cdbus != NULL) {
 733                 bzero(&usbuf, sizeof(struct usersupp));
 734                 memcpy(&usbuf, cdbus->ptr,
 735                         ( (cdbus->len > sizeof(struct usersupp)) ?
 736                         sizeof(struct usersupp) : cdbus->len) );
 737                 cdb_free(cdbus);
 738                 if ((usbuf.flags & US_NEEDVALID)
 739                    &&(usbuf.axlevel > 0)) {
 740                         cprintf("%d %s\n",MORE_DATA,usbuf.fullname);
 741                         return;
 742                         }
 743                 }
 744
 745         /* If we get to this point, there are no more unvalidated users.
 746          * Therefore we clear the "users need validation" flag.
 747          */
 748
 749         begin_critical_section(S_CONTROL);
 750         get_control();
 751         CitControl.MMflags = CitControl.MMflags&(~MM_VALID);
 752         put_control();
 753         end_critical_section(S_CONTROL);
 754         cprintf("%d *** End of registration.\n",OK);
 755
 756
 757         }
 758
 759
 760 /*
 761  * get registration info for a user
 762  */
 763 void cmd_greg(char *who)
 764 {
 765         struct usersupp usbuf;
 766         int a,b;
 767         char pbuf[32];
 768
 769         if (!(CC->logged_in)) {
 770                 cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
 771                 return;
 772                 }
 773
 774         if (!strcasecmp(who,"_SELF_")) strcpy(who,CC->curr_user);
 775
 776         if ((CC->usersupp.axlevel < 6) && (strcasecmp(who,CC->curr_user))) {
 777                 cprintf("%d Higher access required.\n",
 778                         ERROR+HIGHER_ACCESS_REQUIRED);
 779                 return;
 780                 }
 781
 782         if (getuser(&usbuf,who) != 0) {
 783                 cprintf("%d '%s' not found.\n",ERROR+NO_SUCH_USER,who);
 784                 return;
 785                 }
 786
 787         cprintf("%d %s\n",LISTING_FOLLOWS,usbuf.fullname);
 788         cprintf("%ld\n",usbuf.usernum);
 789         cprintf("%s\n",usbuf.password);
 790         cprintf("%s\n",usbuf.USname);
 791         cprintf("%s\n",usbuf.USaddr);
 792         cprintf("%s\n%s\n%s\n",
 793                 usbuf.UScity,usbuf.USstate,usbuf.USzip);
 794         strcpy(pbuf,usbuf.USphone);
 795         usbuf.USphone[0]=0;
 796         for (a=0; a<strlen(pbuf); ++a) {
 797                 if ((pbuf[a]>='0')&&(pbuf[a]<='9')) {
 798                         b=strlen(usbuf.USphone);
 799                         usbuf.USphone[b]=pbuf[a];
 800                         usbuf.USphone[b+1]=0;
 801                         }
 802                 }
 803         while(strlen(usbuf.USphone)<10) {
 804                 strcpy(pbuf,usbuf.USphone);
 805                 strcpy(usbuf.USphone," ");
 806                 strcat(usbuf.USphone,pbuf);
 807                 }
 808
 809         cprintf("(%c%c%c) %c%c%c-%c%c%c%c\n",
 810                 usbuf.USphone[0],usbuf.USphone[1],
 811                 usbuf.USphone[2],usbuf.USphone[3],
 812                 usbuf.USphone[4],usbuf.USphone[5],
 813                 usbuf.USphone[6],usbuf.USphone[7],
 814                 usbuf.USphone[8],usbuf.USphone[9]);
 815
 816         cprintf("%d\n",usbuf.axlevel);
 817         cprintf("%s\n",usbuf.USemail);
 818         cprintf("000\n");
 819         }
 820
 821 /*
 822  * validate a user
 823  */
 824 void cmd_vali(char *v_args)
 825 {
 826         char user[256];
 827         int newax;
 828         struct usersupp userbuf;
 829
 830         extract(user,v_args,0);
 831         newax = extract_int(v_args,1);
 832
 833         if (!(CC->logged_in)) {
 834                 cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
 835                 return;
 836                 }
 837
 838         if (CC->usersupp.axlevel < 6) {
 839                 cprintf("%d Higher access required.\n",
 840                         ERROR+HIGHER_ACCESS_REQUIRED);
 841                 return;
 842                 }
 843
 844         if (lgetuser(&userbuf,user)!=0) {
 845                 cprintf("%d '%s' not found.\n",ERROR+NO_SUCH_USER,user);
 846                 return;
 847                 }
 848
 849         userbuf.axlevel = newax;
 850         userbuf.flags = (userbuf.flags & ~US_NEEDVALID);
 851
 852         lputuser(&userbuf,user);
 853
 854         /* If the access level was set to zero, delete the user */
 855         if (newax == 0) {
 856                 if (purge_user(user)==0) {
 857                         cprintf("%d %s Deleted.\n", OK, userbuf.fullname);
 858                         return;
 859                         }
 860                 }
 861
 862         cprintf("%d ok\n",OK);
 863         }
 864
 865
 866
 867 /*
 868  *  List users
 869  */
 870 void cmd_list(void) {
 871         struct usersupp usbuf;
 872         struct cdbdata *cdbus;
 873
 874         cdb_rewind(CDB_USERSUPP);
 875         cprintf("%d \n",LISTING_FOLLOWS);
 876
 877         while(cdbus = cdb_next_item(CDB_USERSUPP), cdbus != NULL) {
 878                 bzero(&usbuf, sizeof(struct usersupp));
 879                 memcpy(&usbuf, cdbus->ptr,
 880                         ( (cdbus->len > sizeof(struct usersupp)) ?
 881                         sizeof(struct usersupp) : cdbus->len) );
 882                 cdb_free(cdbus);
 883
 884             if (usbuf.axlevel > 0) {
 885                 if ((CC->usersupp.axlevel>=6)
 886                    ||((usbuf.flags&US_UNLISTED)==0)
 887                    ||((CC->internal_pgm))) {
 888                         cprintf("%s|%d|%ld|%ld|%d|%d|",
 889                                 usbuf.fullname,
 890                                 usbuf.axlevel,
 891                                 usbuf.usernum,
 892                                 usbuf.lastcall,
 893                                 usbuf.timescalled,
 894                                 usbuf.posted);
 895                         if (CC->usersupp.axlevel >= 6) cprintf("%s",usbuf.password);
 896                         cprintf("\n");
 897                         }
 898                     }
 899                 }
 900         cprintf("000\n");
 901         }
 902
 903 /*
 904  * enter registration info
 905  */
 906 void cmd_regi(void) {
 907         int a,b,c;
 908         char buf[256];
 909
 910         char tmpname[256];
 911         char tmpaddr[256];
 912         char tmpcity[256];
 913         char tmpstate[256];
 914         char tmpzip[256];
 915         char tmpphone[256];
 916         char tmpemail[256];
 917
 918         if (!(CC->logged_in)) {
 919                 cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
 920                 return;
 921                 }
 922
 923         strcpy(tmpname,"");
 924         strcpy(tmpaddr,"");
 925         strcpy(tmpcity,"");
 926         strcpy(tmpstate,"");
 927         strcpy(tmpzip,"");
 928         strcpy(tmpphone,"");
 929         strcpy(tmpemail,"");
 930
 931         cprintf("%d Send registration...\n",SEND_LISTING);
 932         a=0;
 933         while (client_gets(buf), strcmp(buf,"000")) {
 934                 if (a==0) strcpy(tmpname,buf);
 935                 if (a==1) strcpy(tmpaddr,buf);
 936                 if (a==2) strcpy(tmpcity,buf);
 937                 if (a==3) strcpy(tmpstate,buf);
 938                 if (a==4) {
 939                         for (c=0; c<strlen(buf); ++c) {
 940                                 if ((buf[c]>='0')&&(buf[c]<='9')) {
 941                                         b=strlen(tmpzip);
 942                                         tmpzip[b]=buf[c];
 943                                         tmpzip[b+1]=0;
 944                                         }
 945                                 }
 946                         }
 947                 if (a==5) {
 948                         for (c=0; c<strlen(buf); ++c) {
 949                                 if ((buf[c]>='0')&&(buf[c]<='9')) {
 950                                         b=strlen(tmpphone);
 951                                         tmpphone[b]=buf[c];
 952                                         tmpphone[b+1]=0;
 953                                         }
 954                                 }
 955                         }
 956                 if (a==6) strncpy(tmpemail,buf,31);
 957                 ++a;
 958                 }
 959
 960         tmpname[29]=0;
 961         tmpaddr[24]=0;
 962         tmpcity[14]=0;
 963         tmpstate[2]=0;
 964         tmpzip[9]=0;
 965         tmpphone[10]=0;
 966         tmpemail[31]=0;
 967
 968         lgetuser(&CC->usersupp,CC->curr_user);
 969         strcpy(CC->usersupp.USname,tmpname);
 970         strcpy(CC->usersupp.USaddr,tmpaddr);
 971         strcpy(CC->usersupp.UScity,tmpcity);
 972         strcpy(CC->usersupp.USstate,tmpstate);
 973         strcpy(CC->usersupp.USzip,tmpzip);
 974         strcpy(CC->usersupp.USphone,tmpphone);
 975         strcpy(CC->usersupp.USemail,tmpemail);
 976         CC->usersupp.flags=(CC->usersupp.flags|US_REGIS|US_NEEDVALID);
 977         lputuser(&CC->usersupp,CC->curr_user);
 978
 979         /* set global flag calling for validation */
 980         begin_critical_section(S_CONTROL);
 981         get_control();
 982         CitControl.MMflags = CitControl.MMflags | MM_VALID ;
 983         put_control();
 984         end_critical_section(S_CONTROL);
 985         cprintf("%d *** End of registration.\n",OK);
 986         }
 987
 988
 989 /*
 990  * assorted info we need to check at login
 991  */
 992 void cmd_chek(void) {
 993         int mail = 0;
 994         int regis = 0;
 995         int vali = 0;
 996         int a;
 997         struct cdbdata *cdbmb;
 998         long *mailbox;
 999         int num_mails;
1000
1001
1002         if (!(CC->logged_in)) {
1003                 cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
1004                 return;
1005                 }
1006
1007         getuser(&CC->usersupp,CC->curr_user); /* no lock is needed here */
1008         if ((REGISCALL!=0)&&((CC->usersupp.flags&US_REGIS)==0)) regis = 1;
1009
1010         if (CC->usersupp.axlevel >= 6) {
1011                 get_control();
1012                 if (CitControl.MMflags&MM_VALID) vali = 1;
1013                 }
1014
1015
1016         /* check for mail */
1017         mail = 0;
1018         cdbmb = cdb_fetch(CDB_MAILBOXES, &CC->usersupp.usernum, sizeof(long));
1019         if (cdbmb != NULL) {
1020                 num_mails = cdbmb->len / sizeof(long);
1021                 mailbox = (long *) cdbmb->ptr;
1022                 if (num_mails > 0) for (a=0; a<num_mails; ++a) {
1023                         if (mailbox[a] > (CC->usersupp.lastseen[1])) ++mail;
1024                         }
1025                 cdb_free(cdbmb);
1026                 }
1027
1028
1029         cprintf("%d %d|%d|%d\n",OK,mail,regis,vali);
1030         }
1031
1032
1033 /*
1034  * check to see if a user exists
1035  */
1036 void cmd_qusr(char *who)
1037 {
1038         struct usersupp usbuf;
1039
1040         if (getuser(&usbuf,who) == 0) {
1041                 cprintf("%d %s\n",OK,usbuf.fullname);
1042                 }
1043         else {
1044                 cprintf("%d No such user.\n",ERROR+NO_SUCH_USER);
1045                 }
1046         }
1047
1048
1049 /*
1050  * enter user bio
1051  */
1052 void cmd_ebio(void) {
1053         char buf[256];
1054         FILE *fp;
1055
1056         if (!(CC->logged_in)) {
1057                 cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
1058                 return;
1059                 }
1060
1061         sprintf(buf,"./bio/%ld",CC->usersupp.usernum);
1062         fp = fopen(buf,"w");
1063         if (fp == NULL) {
1064                 cprintf("%d Cannot create file\n",ERROR);
1065                 return;
1066                 }
1067         cprintf("%d  \n",SEND_LISTING);
1068         while(client_gets(buf), strcmp(buf,"000")) {
1069                 fprintf(fp,"%s\n",buf);
1070                 }
1071         fclose(fp);
1072         }
1073
1074 /*
1075  * read user bio
1076  */
1077 void cmd_rbio(char *cmdbuf)
1078 {
1079         struct usersupp ruser;
1080         char buf[256];
1081         FILE *fp;
1082
1083         extract(buf,cmdbuf,0);
1084         if (getuser(&ruser,buf)!=0) {
1085                 cprintf("%d No such user.\n",ERROR+NO_SUCH_USER);
1086                 return;
1087                 }
1088         sprintf(buf,"./bio/%ld",ruser.usernum);
1089
1090         fp = fopen(buf,"r");
1091         if (fp == NULL) {
1092                 cprintf("%d %s has no bio on file.\n",
1093                         ERROR+FILE_NOT_FOUND,ruser.fullname);
1094                 return;
1095                 }
1096         cprintf("%d  \n",LISTING_FOLLOWS);
1097         while (fgets(buf,256,fp)!=NULL) cprintf("%s",buf);
1098         fclose(fp);
1099         cprintf("000\n");
1100         }
1101
1102 /*
1103  * list of users who have entered bios
1104  */
1105 void cmd_lbio(void) {
1106         char buf[256];
1107         FILE *ls;
1108         struct usersupp usbuf;
1109
1110         ls=popen("cd ./bio; ls","r");
1111         if (ls==NULL) {
1112                 cprintf("%d Cannot open listing.\n",ERROR+FILE_NOT_FOUND);
1113                 return;
1114                 }
1115
1116         cprintf("%d\n",LISTING_FOLLOWS);
1117         while (fgets(buf,255,ls)!=NULL)
1118                 if (getuserbynumber(&usbuf,atol(buf))==0)
1119                         cprintf("%s\n",usbuf.fullname);
1120         pclose(ls);
1121         cprintf("000\n");
1122         }
1123
1124
1125 /*
1126  * Administrative Get User Parameters
1127  */
1128 void cmd_agup(char *cmdbuf) {
1129         struct usersupp usbuf;
1130         char requested_user[256];
1131
1132         if ( (CC->internal_pgm==0)
1133            && ( (CC->logged_in == 0) || (is_aide()==0) ) ) {
1134                 cprintf("%d Higher access required.\n",
1135                         ERROR + HIGHER_ACCESS_REQUIRED);
1136                 return;
1137                 }
1138
1139         extract(requested_user, cmdbuf, 0);
1140         if (getuser(&usbuf, requested_user) != 0) {
1141                 cprintf("%d No such user.\n", ERROR + NO_SUCH_USER);
1142                 return;
1143                 }
1144
1145         cprintf("%d %s|%s|%u|%d|%d|%d|%ld\n",
1146                 OK,
1147                 usbuf.fullname,
1148                 usbuf.password,
1149                 usbuf.flags,
1150                 usbuf.timescalled,
1151                 usbuf.posted,
1152                 (int)usbuf.axlevel,
1153                 usbuf.usernum);
1154
1155         }
1156
1157
1158
1159 /*
1160  * Administrative Set User Parameters
1161  */
1162 void cmd_asup(char *cmdbuf) {
1163         struct usersupp usbuf;
1164         char requested_user[256];
1165         int np;
1166         int newax;
1167
1168         if ( (CC->internal_pgm==0)
1169            && ( (CC->logged_in == 0) || (is_aide()==0) ) ) {
1170                 cprintf("%d Higher access required.\n",
1171                         ERROR + HIGHER_ACCESS_REQUIRED);
1172                 return;
1173                 }
1174
1175         extract(requested_user, cmdbuf, 0);
1176         if (lgetuser(&usbuf, requested_user) != 0) {
1177                 cprintf("%d No such user.\n", ERROR + NO_SUCH_USER);
1178                 return;
1179                 }
1180
1181         np = num_parms(cmdbuf);
1182         if (np > 1) extract(usbuf.password, cmdbuf, 1);
1183         if (np > 2) usbuf.flags = extract_int(cmdbuf, 2);
1184         if (np > 3) usbuf.timescalled = extract_int(cmdbuf, 3);
1185         if (np > 4) usbuf.posted = extract_int(cmdbuf, 4);
1186         if (np > 5) {
1187                 newax = extract_int(cmdbuf, 5);
1188                 if ((newax >=0) && (newax <= 6)) {
1189                         usbuf.axlevel = extract_int(cmdbuf, 5);
1190                         }
1191                 }
1192
1193         lputuser(&usbuf, requested_user);
1194         if (usbuf.axlevel == 0) {
1195                 if (purge_user(requested_user)==0) {
1196                         cprintf("%d %s deleted.\n", OK, requested_user);
1197                         }
1198                 }
1199         cprintf("%d Ok\n", OK);
1200         }