webcit/auth.c

   1 /*
   2  * $Id$
   3  *
   4  * Handles authentication of users to a Citadel server.
   5  *
   6  */
   7
   8
   9 #include <ctype.h>
  10 #include <stdlib.h>
  11 #include <unistd.h>
  12 #include <stdio.h>
  13 #include <fcntl.h>
  14 #include <signal.h>
  15 #include <sys/types.h>
  16 #include <sys/wait.h>
  17 #include <sys/socket.h>
  18 #include <sys/time.h>
  19 #include <limits.h>
  20 #include <netinet/in.h>
  21 #include <netdb.h>
  22 #include <string.h>
  23 #include <pwd.h>
  24 #include <errno.h>
  25 #include <stdarg.h>
  26 #include <pthread.h>
  27 #include <signal.h>
  28 #include "webcit.h"
  29
  30 char *axdefs[] =
  31 {
  32         "Deleted",
  33         "New User",
  34         "Problem User",
  35         "Local User",
  36         "Network User",
  37         "Preferred User",
  38         "Aide"
  39 };
  40
  41 /*
  42  * Display the login screen
  43  */
  44 void display_login(char *mesg)
  45 {
  46         char buf[SIZ];
  47
  48         output_headers(1, 1, 2, 0, 0, 0, 0);
  49         //wprintf("<div id=\"content\">\n");
  50         wprintf("<div>\n");
  51
  52         if (mesg != NULL) if (strlen(mesg) > 0) {
  53                 stresc(buf, mesg, 0, 0);
  54                 svprintf("mesg", WCS_STRING, "%s", buf);
  55         }
  56
  57         svprintf("hello", WCS_SERVCMD, "MESG hello");
  58         svprintf("BOXTITLE", WCS_STRING, "%s - powered by Citadel",
  59                 serv_info.serv_humannode);
  60
  61         do_template("login");
  62
  63         wDumpContent(2);
  64 }
  65
  66
  67
  68
  69 /*
  70  * This function needs to get called whenever the session changes from
  71  * not-logged-in to logged-in, either by an explicit login by the user or
  72  * by a timed-out session automatically re-establishing with a little help
  73  * from the browser cookie.  Either way, we need to load access controls and
  74  * preferences from the server.
  75  */
  76 void become_logged_in(char *user, char *pass, char *serv_response)
  77 {
  78         char buf[SIZ];
  79
  80         WC->logged_in = 1;
  81         extract(WC->wc_username, &serv_response[4], 0);
  82         strcpy(WC->wc_password, pass);
  83         WC->axlevel = extract_int(&serv_response[4], 1);
  84         if (WC->axlevel >= 6) {
  85                 WC->is_aide = 1;
  86         }
  87
  88         load_preferences();
  89
  90         serv_puts("CHEK");
  91         serv_gets(buf);
  92         if (buf[0] == '2') {
  93                 WC->new_mail = extract_int(&buf[4], 0);
  94                 WC->need_regi = extract_int(&buf[4], 1);
  95                 WC->need_vali = extract_int(&buf[4], 2);
  96                 extract(WC->cs_inet_email, &buf[4], 3);
  97         }
  98 }
  99
 100
 101 void do_login(void)
 102 {
 103         char buf[SIZ];
 104
 105         if (!strcasecmp(bstr("action"), "Exit")) {
 106                 do_logout();
 107                 return;
 108         }
 109         if (!strcasecmp(bstr("action"), "Login")) {
 110                 serv_printf("USER %s", bstr("name"));
 111                 serv_gets(buf);
 112                 if (buf[0] == '3') {
 113                         serv_printf("PASS %s", bstr("pass"));
 114                         serv_gets(buf);
 115                         if (buf[0] == '2') {
 116                                 become_logged_in(bstr("name"),
 117                                                  bstr("pass"), buf);
 118                         } else {
 119                                 display_login(&buf[4]);
 120                                 return;
 121                         }
 122                 } else {
 123                         display_login(&buf[4]);
 124                         return;
 125                 }
 126         }
 127         if (!strcasecmp(bstr("action"), "New User")) {
 128                 if (strlen(bstr("pass")) == 0) {
 129                         display_login("Blank passwords are not allowed.");
 130                         return;
 131                 }
 132                 serv_printf("NEWU %s", bstr("name"));
 133                 serv_gets(buf);
 134                 if (buf[0] == '2') {
 135                         become_logged_in(bstr("name"), bstr("pass"), buf);
 136                         serv_printf("SETP %s", bstr("pass"));
 137                         serv_gets(buf);
 138                 } else {
 139                         display_login(&buf[4]);
 140                         return;
 141                 }
 142         }
 143         if (WC->logged_in) {
 144                 if (WC->need_regi) {
 145                         display_reg(1);
 146                 } else {
 147                         do_welcome();
 148                 }
 149         } else {
 150                 display_login("Your password was not accepted.");
 151         }
 152
 153 }
 154
 155 void do_welcome(void)
 156 {
 157         char startpage[SIZ];
 158
 159         get_preference("startpage", startpage);
 160         if (strlen(startpage)==0) {
 161                 strcpy(startpage, "/dotskip&room=_BASEROOM_");
 162                 set_preference("startpage", startpage);
 163         }
 164
 165         http_redirect(startpage);
 166 }
 167
 168
 169 /*
 170  * Disconnect from the Citadel server, and end this WebCit session
 171  */
 172 void end_webcit_session(void) {
 173         serv_puts("QUIT");
 174         WC->killthis = 1;
 175         /* close() of citadel socket will be done by do_housekeeping() */
 176 }
 177
 178
 179 void do_logout(void)
 180 {
 181         char buf[SIZ];
 182
 183         strcpy(WC->wc_username, "");
 184         strcpy(WC->wc_password, "");
 185         strcpy(WC->wc_roomname, "");
 186
 187         /* Calling output_headers() this way causes the cookies to be un-set */
 188         output_headers(1, 1, 0, 1, 0, 0, 0);
 189
 190         wprintf("<center>");
 191         serv_puts("MESG goodbye");
 192         serv_gets(buf);
 193
 194         if (WC->serv_sock >= 0) {
 195                 if (buf[0] == '1') {
 196                         fmout(NULL, "CENTER");
 197                 } else {
 198                         wprintf("Goodbye\n");
 199                 }
 200         }
 201         else {
 202                 wprintf("This program was unable to connect or stay "
 203                         "connected to the Citadel server.  Please report "
 204                         "this problem to your system administrator."
 205                 );
 206         }
 207
 208         wprintf("<hr /><a href=\"/\">Log in again</A>&nbsp;&nbsp;&nbsp;"
 209                 "<a href=\"javascript:window.close();\">Close window</A>"
 210                 "</center>\n");
 211         wDumpContent(2);
 212         end_webcit_session();
 213 }
 214
 215
 216 /*
 217  * validate new users
 218  */
 219 void validate(void)
 220 {
 221         char cmd[SIZ];
 222         char user[SIZ];
 223         char buf[SIZ];
 224         int a;
 225
 226         output_headers(1, 1, 2, 0, 0, 0, 0);
 227         wprintf("<div id=\"banner\">\n"
 228                 "<TABLE WIDTH=100%% BORDER=0 BGCOLOR=\"#444455\"><TR><TD>"
 229                 "<SPAN CLASS=\"titlebar\">Validate new users</SPAN>"
 230                 "</TD></TR></TABLE>\n"
 231                 "</div>\n<div id=\"content\">\n"
 232         );
 233
 234         strcpy(buf, bstr("user"));
 235         if (strlen(buf) > 0)
 236                 if (strlen(bstr("axlevel")) > 0) {
 237                         serv_printf("VALI %s|%s", buf, bstr("axlevel"));
 238                         serv_gets(buf);
 239                         if (buf[0] != '2') {
 240                                 wprintf("<b>%s</b><br />\n", &buf[4]);
 241                         }
 242                 }
 243         serv_puts("GNUR");
 244         serv_gets(buf);
 245
 246         if (buf[0] != '3') {
 247                 wprintf("<b>%s</b><br />\n", &buf[4]);
 248                 wDumpContent(1);
 249                 return;
 250         }
 251
 252         wprintf("<center><table border=0 width=99%% bgcolor=\"#ffffff\"><tr><td>\n");
 253         wprintf("<center>");
 254
 255         strcpy(user, &buf[4]);
 256         serv_printf("GREG %s", user);
 257         serv_gets(cmd);
 258         if (cmd[0] == '1') {
 259                 a = 0;
 260                 do {
 261                         serv_gets(buf);
 262                         ++a;
 263                         if (a == 1)
 264                                 wprintf("User #%s<br /><H1>%s</H1>",
 265                                         buf, &cmd[4]);
 266                         if (a == 2)
 267                                 wprintf("PW: %s<br />\n", buf);
 268                         if (a == 3)
 269                                 wprintf("%s<br />\n", buf);
 270                         if (a == 4)
 271                                 wprintf("%s<br />\n", buf);
 272                         if (a == 5)
 273                                 wprintf("%s, ", buf);
 274                         if (a == 6)
 275                                 wprintf("%s ", buf);
 276                         if (a == 7)
 277                                 wprintf("%s<br />\n", buf);
 278                         if (a == 8)
 279                                 wprintf("%s<br />\n", buf);
 280                         if (a == 9)
 281                                 wprintf("Current access level: %d (%s)\n",
 282                                         atoi(buf), axdefs[atoi(buf)]);
 283                 } while (strcmp(buf, "000"));
 284         } else {
 285                 wprintf("<H1>%s</H1>%s<br />\n", user, &cmd[4]);
 286         }
 287
 288         wprintf("<hr />Select access level for this user:<br />\n");
 289         for (a = 0; a <= 6; ++a) {
 290                 wprintf("<A HREF=\"/validate&user=");
 291                 urlescputs(user);
 292                 wprintf("&axlevel=%d\">%s</A>&nbsp;&nbsp;&nbsp;\n",
 293                         a, axdefs[a]);
 294         }
 295         wprintf("<br />\n");
 296
 297         wprintf("</CENTER>\n");
 298         wprintf("</td></tr></table></center>\n");
 299         wDumpContent(1);
 300 }
 301
 302
 303
 304 /*
 305  * Display form for registration.
 306  * (Set during_login to 1 if this registration is being performed during
 307  * new user login and will require chaining to the proper screen.)
 308  */
 309 void display_reg(int during_login)
 310 {
 311         long vcard_msgnum;
 312
 313         if (goto_config_room() != 0) {
 314                 if (during_login) do_welcome();
 315                 else display_main_menu();
 316                 return;
 317         }
 318
 319         vcard_msgnum = locate_user_vcard(WC->wc_username, -1);
 320         if (vcard_msgnum < 0L) {
 321                 if (during_login) do_welcome();
 322                 else display_main_menu();
 323                 return;
 324         }
 325
 326         if (during_login) {
 327                 do_edit_vcard(vcard_msgnum, "1", "/do_welcome");
 328         }
 329         else {
 330                 do_edit_vcard(vcard_msgnum, "1", "/display_main_menu");
 331         }
 332
 333 }
 334
 335
 336
 337
 338 /*
 339  * display form for changing your password
 340  */
 341 void display_changepw(void)
 342 {
 343         char buf[SIZ];
 344
 345         output_headers(1, 1, 2, 0, 0, 0, 0);
 346         wprintf("<div id=\"banner\">\n"
 347                 "<TABLE WIDTH=100%% BORDER=0 BGCOLOR=\"#444455\"><TR><TD>"
 348                 "<SPAN CLASS=\"titlebar\">Change your password</SPAN>"
 349                 "</TD></TR></TABLE>\n"
 350                 "</div>\n<div id=\"content\">\n"
 351         );
 352
 353         if (strlen(WC->ImportantMessage) > 0) {
 354                 do_template("beginbox_nt");
 355                 wprintf("<SPAN CLASS=\"errormsg\">"
 356                         "%s</SPAN><br />\n", WC->ImportantMessage);
 357                 do_template("endbox");
 358                 strcpy(WC->ImportantMessage, "");
 359         }
 360
 361         wprintf("<center><table border=0 width=99%% bgcolor=\"#ffffff\"><tr><td>\n");
 362
 363         wprintf("<CENTER><br />");
 364         serv_puts("MESG changepw");
 365         serv_gets(buf);
 366         if (buf[0] == '1') {
 367                 fmout(NULL, "CENTER");
 368         }
 369
 370         wprintf("<form name=\"changepwform\" action=\"changepw\" method=\"post\">\n");
 371         wprintf("<CENTER>"
 372                 "<table border=\"0\" cellspacing=\"5\" cellpadding=\"5\" "
 373                 "BGCOLOR=\"#EEEEEE\">"
 374                 "<TR><TD>Enter new password:</TD>\n");
 375         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass1\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
 376         wprintf("<TR><TD>Enter it again to confirm:</TD>\n");
 377         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass2\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
 378
 379         wprintf("</TABLE><br />\n");
 380         wprintf("<INPUT type=\"submit\" name=\"action\" value=\"Change\">"
 381                 "&nbsp;"
 382                 "<INPUT type=\"submit\" name=\"action\" value=\"Cancel\">\n");
 383         wprintf("</form></center>\n");
 384         wprintf("</td></tr></table></center>\n");
 385         wDumpContent(1);
 386 }
 387
 388 /*
 389  * change password
 390  */
 391 void changepw(void)
 392 {
 393         char buf[SIZ];
 394         char newpass1[32], newpass2[32];
 395
 396         if (strcmp(bstr("action"), "Change")) {
 397                 strcpy(WC->ImportantMessage,
 398                         "Cancelled.  Password was not changed.");
 399                 display_main_menu();
 400                 return;
 401         }
 402
 403         strcpy(newpass1, bstr("newpass1"));
 404         strcpy(newpass2, bstr("newpass2"));
 405
 406         if (strcasecmp(newpass1, newpass2)) {
 407                 strcpy(WC->ImportantMessage,
 408                         "They don't match.  Password was not changed.");
 409                 display_changepw();
 410                 return;
 411         }
 412
 413         if (strlen(newpass1) == 0) {
 414                 strcpy(WC->ImportantMessage,
 415                         "Blank passwords are not allowed.");
 416                 display_changepw();
 417                 return;
 418         }
 419
 420         serv_printf("SETP %s", newpass1);
 421         serv_gets(buf);
 422         sprintf(WC->ImportantMessage, "%s", &buf[4]);
 423         if (buf[0] == '2') {
 424                 display_main_menu();
 425         }
 426         else {
 427                 display_changepw();
 428         }
 429 }