f63b78f6d9bf64198cd708b17c9762b4172156bb
[citadel.git] / webcit / auth.c
1 /*
2  * These functions handle authentication of users to a Citadel server.
3  *
4  * Copyright (c) 1996-2012 by the citadel.org team
5  *
6  * This program is open source software: you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License, version 3.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12  * GNU General Public License for more details.
13  */
14
15 #include "webcit.h"
16 #include "webserver.h"
17 #include <ctype.h>
18
19 extern uint32_t hashlittle( const void *key, size_t length, uint32_t initval);
20
21 /*
22  * Access level definitions.  This is initialized from a function rather than a
23  * static array so that the strings may be localized.
24  */
25 char *axdefs[7]; 
26
27 void initialize_axdefs(void) {
28
29         /* an erased user */
30         axdefs[0] = _("Deleted");       
31
32         /* a new user */
33         axdefs[1] = _("New User");      
34
35         /* a trouble maker */
36         axdefs[2] = _("Problem User");  
37
38         /* user with normal privileges */
39         axdefs[3] = _("Local User");    
40
41         /* a user that may access network resources */
42         axdefs[4] = _("Network User");  
43
44         /* a moderator */
45         axdefs[5] = _("Preferred User");
46
47         /* chief */
48         axdefs[6] = _("Admin");          
49 }
50
51
52
53 /* 
54  * Display the login screen
55  * mesg = the error message if last attempt failed.
56  */
57 void display_login(void)
58 {
59         begin_burst();
60         output_headers(1, 0, 0, 0, 1, 0);
61         do_template("login");
62         end_burst();
63 }
64
65
66
67
68
69 /* Initialize the session
70  *
71  * This function needs to get called whenever the session changes from
72  * not-logged-in to logged-in, either by an explicit login by the user or
73  * by a timed-out session automatically re-establishing with a little help
74  * from the browser cookie.  Either way, we need to load access controls and
75  * preferences from the server.
76  *
77  * user                 the username
78  * pass                 his password
79  * serv_response        The parameters returned from a Citadel USER or NEWU command
80  */
81 void become_logged_in(const StrBuf *user, const StrBuf *pass, StrBuf *serv_response)
82 {
83         wcsession *WCC = WC;
84         StrBuf *Buf;
85         StrBuf *FloorDiv;
86
87         WCC->logged_in = 1;
88
89         if (WCC->wc_fullname == NULL)
90                 WCC->wc_fullname = NewStrBufPlain(NULL, StrLength(serv_response));
91         StrBufExtract_token(WCC->wc_fullname, serv_response, 0, '|');
92         StrBufCutLeft(WCC->wc_fullname, 4 );
93         
94         if (WCC->wc_username == NULL)
95                 WCC->wc_username = NewStrBufDup(user);
96         else {
97                 FlushStrBuf(WCC->wc_username);
98                 StrBufAppendBuf(WCC->wc_username, user, 0);
99         }
100
101         if (WCC->wc_password == NULL)
102                 WCC->wc_password = NewStrBufDup(pass);
103         else {
104                 FlushStrBuf(WCC->wc_password);
105                 StrBufAppendBuf(WCC->wc_password, pass, 0);
106         }
107
108         WCC->axlevel = StrBufExtract_int(serv_response, 1, '|');
109         if (WCC->axlevel >= 6) {
110                 WCC->is_aide = 1;
111         }
112
113         load_preferences();
114
115         Buf = NewStrBuf();
116         serv_puts("CHEK");
117         StrBuf_ServGetln(Buf);
118         if (GetServerStatus(Buf, NULL) == 2) {
119                 const char *pch;
120
121                 pch = ChrPtr(Buf) + 4;
122                 /*WCC->new_mail  =*/ StrBufExtractNext_long(Buf, &pch, '|');
123                 WCC->need_regi = StrBufExtractNext_long(Buf, &pch, '|');
124                 WCC->need_vali = StrBufExtractNext_long(Buf, &pch, '|');
125                 if (WCC->cs_inet_email == NULL)
126                         WCC->cs_inet_email  = NewStrBuf();
127                 StrBufExtract_NextToken(WCC->cs_inet_email, Buf, &pch, '|');
128         }
129         get_preference("floordiv_expanded", &FloorDiv);
130         WCC->floordiv_expanded = FloorDiv;
131         FreeStrBuf(&Buf);
132         FlushRoomlist();
133 }
134
135
136 /* 
137  * modal/ajax version of 'login' (username and password)
138  */
139 void ajax_login_username_password(void) {
140         StrBuf *Buf = NewStrBuf();
141
142         serv_printf("USER %s", bstr("name"));
143         StrBuf_ServGetln(Buf);
144         if (GetServerStatus(Buf, NULL) == 3) {
145                 serv_printf("PASS %s", bstr("pass"));
146                 StrBuf_ServGetln(Buf);
147                 if (GetServerStatus(Buf, NULL) == 2) {
148                         become_logged_in(sbstr("name"), sbstr("pass"), Buf);
149                 }
150         }
151
152         /* The client is expecting to read back a citadel protocol response */
153         wc_printf("%s", ChrPtr(Buf));
154         FreeStrBuf(&Buf);
155 }
156
157
158
159 /* 
160  * modal/ajax version of 'new user' (username and password)
161  */
162 void ajax_login_newuser(void) {
163         StrBuf *NBuf = NewStrBuf();
164         StrBuf *SBuf = NewStrBuf();
165
166         serv_printf("NEWU %s", bstr("name"));
167         StrBuf_ServGetln(NBuf);
168         if (GetServerStatus(NBuf, NULL) == 2) {
169                 become_logged_in(sbstr("name"), sbstr("pass"), NBuf);
170                 serv_printf("SETP %s", bstr("pass"));
171                 StrBuf_ServGetln(SBuf);
172         }
173
174         /* The client is expecting to read back a citadel protocol response */
175         wc_printf("%s", ChrPtr(NBuf));
176         FreeStrBuf(&NBuf);
177         FreeStrBuf(&SBuf);
178 }
179
180
181
182 /* 
183  * Try to create an account manually after an OpenID was verified
184  */
185 void openid_manual_create(void)
186 {
187         StrBuf *Buf;
188
189         /* Did the user change his mind?  Pack up and go home. */
190         if (havebstr("exit_action")) {
191                 begin_burst();
192                 output_headers(1, 0, 0, 0, 1, 0);
193                 do_template("authpopup_finished");
194                 end_burst();
195                 return;
196         }
197
198
199         /* Ok, let's give this a try.  Can we create the new user? */
200
201         Buf = NewStrBuf();
202         serv_printf("OIDC %s", bstr("name"));
203         StrBuf_ServGetln(Buf);
204         if (GetServerStatus(Buf, NULL) == 2) {
205                 StrBuf *gpass;
206
207                 gpass = NewStrBuf();
208                 serv_puts("SETP GENERATE_RANDOM_PASSWORD");
209                 StrBuf_ServGetln(gpass);
210                 StrBufCutLeft(gpass, 4);
211                 become_logged_in(sbstr("name"), gpass, Buf);
212                 FreeStrBuf(&gpass);
213         }
214         FreeStrBuf(&Buf);
215
216         /* Did we manage to log in?  If so, continue with the normal flow... */
217         if (WC->logged_in) {
218                 if (WC->logged_in) {
219                         begin_burst();
220                         output_headers(1, 0, 0, 0, 1, 0);
221                         do_template("authpopup_finished");
222                         end_burst();
223                 }
224         } else {
225                 /* Still no good!  Go back to teh dialog to select a username */
226                 const StrBuf *Buf;
227                 putbstr("__claimed_id", NewStrBufDup(sbstr("openid_url")));
228                 Buf = sbstr("name");
229                 if (StrLength(Buf) > 0)
230                         putbstr("__username", NewStrBufDup(Buf));
231                 begin_burst();
232                 output_headers(1, 0, 0, 0, 1, 0);
233                 wc_printf("<html><body>");
234                 do_template("openid_manual_create");
235                 wc_printf("</body></html>");
236                 end_burst();
237         }
238
239 }
240
241
242 /* 
243  * Perform authentication using OpenID
244  * assemble the checkid_setup request and then redirect to the user's identity provider
245  */
246 void do_openid_login(void)
247 {
248         char buf[4096];
249
250         snprintf(buf, sizeof buf,
251                 "OIDS %s|%s/finalize_openid_login|%s",
252                 bstr("openid_url"),
253                 ChrPtr(site_prefix),
254                 ChrPtr(site_prefix)
255         );
256
257         serv_puts(buf);
258         serv_getln(buf, sizeof buf);
259         if (buf[0] == '2') {
260                 syslog(LOG_DEBUG, "OpenID server contacted; redirecting to %s\n", &buf[4]);
261                 http_redirect(&buf[4]);
262                 return;
263         }
264
265         begin_burst();
266         output_headers(1, 0, 0, 0, 1, 0);
267         wc_printf("<html><body>");
268         escputs(&buf[4]);
269         wc_printf("</body></html>");
270         end_burst();
271 }
272
273
274 /* 
275  * Complete the authentication using OpenID
276  * This function handles the positive or negative assertion from the user's Identity Provider
277  */
278 void finalize_openid_login(void)
279 {
280         StrBuf *Buf;
281         wcsession *WCC = WC;
282         int linecount = 0;
283         StrBuf *result = NULL;
284         StrBuf *username = NULL;
285         StrBuf *password = NULL;
286         StrBuf *logged_in_response = NULL;
287         StrBuf *claimed_id = NULL;
288
289         if (havebstr("openid.mode")) {
290                 if (!strcasecmp(bstr("openid.mode"), "id_res")) {
291                         Buf = NewStrBuf();
292                         serv_puts("OIDF");
293                         StrBuf_ServGetln(Buf);
294                         if (GetServerStatus(Buf, NULL) == 8) {
295                                 urlcontent *u;
296                                 void *U;
297                                 long HKLen;
298                                 const char *HKey;
299                                 HashPos *Cursor;
300                                 int len;
301                                 
302                                 Cursor = GetNewHashPos (WCC->Hdr->urlstrings, 0);
303                                 while (GetNextHashPos(WCC->Hdr->urlstrings, Cursor, &HKLen, &HKey, &U)) {
304                                         u = (urlcontent*) U;
305                                         if (!strncasecmp(u->url_key, "openid.", 7)) {
306                                                 serv_printf("%s|%s", &u->url_key[7], ChrPtr(u->url_data));
307                                         }
308                                 }
309
310                                 serv_puts("000");
311
312                                 linecount = 0;
313                                 while (len = StrBuf_ServGetln(Buf), 
314                                        ((len >= 0) &&
315                                         ((len != 3) || strcmp(ChrPtr(Buf), "000") )))
316                                 {
317                                         if (linecount == 0) result = NewStrBufDup(Buf);
318                                         if (!strcasecmp(ChrPtr(result), "authenticate")) {
319                                                 if (linecount == 1) {
320                                                         username = NewStrBufDup(Buf);
321                                                 }
322                                                 else if (linecount == 2) {
323                                                         password = NewStrBufDup(Buf);
324                                                 }
325                                                 else if (linecount == 3) {
326                                                         logged_in_response = NewStrBufDup(Buf);
327                                                 }
328                                         }
329                                         else if (!strcasecmp(ChrPtr(result), "verify_only")) {
330                                                 if (linecount == 1) {
331                                                         claimed_id = NewStrBufDup(Buf);
332                                                 }
333                                                 if (linecount == 2) {
334                                                         username = NewStrBufDup(Buf);
335                                                 }
336                                         }
337                                         ++linecount;
338                                 }
339                         }
340                         FreeStrBuf(&Buf);
341                 }
342         }
343
344         /*
345          * Is this an attempt to associate a new OpenID with an account that is already logged in?
346          */
347         if ( (WCC->logged_in) && (havebstr("attach_existing")) ) {
348                 display_openids();
349         }
350
351         /* If this operation logged us in, either by connecting with an existing account or by
352          * auto-creating one using Simple Registration Extension, we're already on our way.
353          */
354         else if (!strcasecmp(ChrPtr(result), "authenticate")) {
355                 become_logged_in(username, password, logged_in_response);
356
357                 /* Did we manage to log in?  If so, continue with the normal flow... */
358                 if (WC->logged_in) {
359                         begin_burst();
360                         output_headers(1, 0, 0, 0, 1, 0);
361                         do_template("authpopup_finished");
362                         end_burst();
363                 } else {
364                         begin_burst();
365                         output_headers(1, 0, 0, 0, 1, 0);
366                         wc_printf("<html><body>");
367                         wc_printf(_("An error has occurred."));
368                         wc_printf("</body></html>");
369                         end_burst();
370                 }
371         }
372
373         /* The specified OpenID was verified but the desired user name was either not specified via SRE
374          * or conflicts with an existing user.  Either way the user will need to specify a new name.
375          */
376         else if (!strcasecmp(ChrPtr(result), "verify_only")) {
377                 putbstr("__claimed_id", claimed_id);
378                 claimed_id = NULL;
379                 if (StrLength(username) > 0) {
380                         putbstr("__username", username);
381                         username = NULL;
382                 }
383                 begin_burst();
384                 output_headers(1, 0, 0, 0, 1, 0);
385                 wc_printf("<html><body>");
386                 do_template("openid_manual_create");
387                 wc_printf("</body></html>");
388                 end_burst();
389         }
390
391         /* Something went VERY wrong if we get to this point */
392         else {
393                 syslog(LOG_DEBUG, "finalize_openid_login() failed to do anything.  This is a code problem.\n");
394                 begin_burst();
395                 output_headers(1, 0, 0, 0, 1, 0);
396                 wc_printf("<html><body>");
397                 wc_printf(_("An error has occurred."));
398                 wc_printf("</body></html>");
399                 end_burst();
400         }
401
402         FreeStrBuf(&result);
403         FreeStrBuf(&username);
404         FreeStrBuf(&password);
405         FreeStrBuf(&claimed_id);
406         FreeStrBuf(&logged_in_response);
407 }
408
409
410 /*
411  * Display a welcome screen to the user.
412  */
413 void do_welcome(void) {
414         StrBuf *Buf;
415         /*
416          * Go to the user's preferred start page
417          */
418         if (!get_preference("startpage", &Buf)) {
419                 Buf = NewStrBuf ();
420                 StrBufPrintf(Buf, "dotskip?room=_BASEROOM_");
421                 set_preference("startpage", Buf, 1);
422         }
423         if (ChrPtr(Buf)[0] == '/') {
424                 StrBufCutLeft(Buf, 1);
425         }
426         if (StrLength(Buf) == 0) {
427                 StrBufAppendBufPlain(Buf, "dotgoto?room=_BASEROOM_", -1, 0);
428         }
429         syslog(LOG_DEBUG, "Redirecting to user's start page: %s\n", ChrPtr(Buf));
430         http_redirect(ChrPtr(Buf));
431 }
432
433
434 /*
435  * Disconnect from the Citadel server, and end this WebCit session
436  */
437 void end_webcit_session(void) {
438         serv_puts("QUIT");
439         WC->killthis = 1;
440         /* close() of citadel socket will be done by do_housekeeping() */
441 }
442
443
444 /* 
445  * Log out the session with the Citadel server
446  */
447 void do_logout(void)
448 {
449         wcsession *WCC = WC;
450         char buf[SIZ];
451
452         FlushStrBuf(WCC->wc_username);
453         FlushStrBuf(WCC->wc_password);
454         FlushStrBuf(WCC->wc_fullname);
455         FlushRoomlist();
456
457         serv_puts("LOUT");
458         serv_getln(buf, sizeof buf);
459         WCC->logged_in = 0;
460
461         FlushStrBuf(WCC->CurRoom.name);
462
463         /* Calling output_headers() this way causes the cookies to be un-set */
464         output_headers(1, 1, 0, 1, 0, 0);
465         do_template("logout");
466         if ((WCC->serv_info != NULL) && WCC->serv_info->serv_supports_guest) {
467                 display_default_landing_page();
468                 return;
469         }
470
471         wDumpContent(2);
472         end_webcit_session();
473 }
474
475
476 /* 
477  * Special page for monitoring scripts etc
478  */
479 void monitor(void)
480 {
481         output_headers(0, 0, 0, 0, 0, 0);
482
483         hprintf("Content-type: text/plain\r\n"
484                 "Server: " PACKAGE_STRING "\r\n"
485                 "Connection: close\r\n"
486         );
487         begin_burst();
488
489         wc_printf("Connection to Citadel server at %s:%s : %s\r\n",
490                 ctdlhost, ctdlport,
491                 (WC->connected ? "SUCCESS" : "FAIL")
492         );
493
494         wDumpContent(0);
495 }
496
497
498 /*
499  * validate new users
500  */
501 void validate(void)
502 {
503         char cmd[SIZ];
504         char user[SIZ];
505         char buf[SIZ];
506         int a;
507
508         output_headers(1, 1, 1, 0, 0, 0);
509
510         do_template("box_begin_1");
511         StrBufAppendBufPlain(WC->WBuf, _("Validate new users"), -1, 0);
512         do_template("box_begin_2");
513
514         /* If the user just submitted a validation, process it... */
515         safestrncpy(buf, bstr("user"), sizeof buf);
516         if (!IsEmptyStr(buf)) {
517                 if (havebstr("axlevel")) {
518                         serv_printf("VALI %s|%s", buf, bstr("axlevel"));
519                         serv_getln(buf, sizeof buf);
520                         if (buf[0] != '2') {
521                                 wc_printf("<b>%s</b><br>\n", &buf[4]);
522                         }
523                 }
524         }
525
526         /* Now see if any more users require validation. */
527         serv_puts("GNUR");
528         serv_getln(buf, sizeof buf);
529         if (buf[0] == '2') {
530                 wc_printf("<b>");
531                 wc_printf(_("No users require validation at this time."));
532                 wc_printf("</b><br>\n");
533                 wDumpContent(1);
534                 return;
535         }
536         if (buf[0] != '3') {
537                 wc_printf("<b>%s</b><br>\n", &buf[4]);
538                 wDumpContent(1);
539                 return;
540         }
541
542         wc_printf("<table class=\"auth_validate\"><tr><td>\n");
543         wc_printf("<div id=\"validate\">");
544
545         safestrncpy(user, &buf[4], sizeof user);
546         serv_printf("GREG %s", user);
547         serv_getln(cmd, sizeof cmd);
548         if (cmd[0] == '1') {
549                 a = 0;
550                 do {
551                         serv_getln(buf, sizeof buf);
552                         ++a;
553                         if (a == 1)
554                                 wc_printf("#%s<br><H1>%s</H1>",
555                                         buf, &cmd[4]);
556                         if (a == 2) {
557                                 char *pch;
558                                 int haveChar = 0;
559                                 int haveNum = 0;
560                                 int haveOther = 0;
561                                 int haveLong = 0;
562                                 pch = buf;
563                                 while (!IsEmptyStr(pch))
564                                 {
565                                         if (isdigit(*pch))
566                                                 haveNum = 1;
567                                         else if (isalpha(*pch))
568                                                 haveChar = 1;
569                                         else
570                                                 haveOther = 1;
571                                         pch ++;
572                                 }
573                                 if (pch - buf > 7)
574                                         haveLong = 1;
575                                 switch (haveLong + 
576                                         haveChar + 
577                                         haveNum + 
578                                         haveOther)
579                                 {
580                                 case 0:
581                                         pch = _("very weak");
582                                         break;
583                                 case 1:
584                                         pch = _("weak");
585                                         break;
586                                 case 2:
587                                         pch = _("ok");
588                                         break;
589                                 case 3:
590                                 default:
591                                         pch = _("strong");
592                                 }
593
594                                 wc_printf("PW: %s<br>\n", pch);
595                         }
596                         if (a == 3)
597                                 wc_printf("%s<br>\n", buf);
598                         if (a == 4)
599                                 wc_printf("%s<br>\n", buf);
600                         if (a == 5)
601                                 wc_printf("%s, ", buf);
602                         if (a == 6)
603                                 wc_printf("%s ", buf);
604                         if (a == 7)
605                                 wc_printf("%s<br>\n", buf);
606                         if (a == 8)
607                                 wc_printf("%s<br>\n", buf);
608                         if (a == 9)
609                                 wc_printf(_("Current access level: %d (%s)\n"),
610                                         atoi(buf), axdefs[atoi(buf)]);
611                 } while (strcmp(buf, "000"));
612         } else {
613                 wc_printf("<H1>%s</H1>%s<br>\n", user, &cmd[4]);
614         }
615
616         wc_printf("<hr />");
617         wc_printf(_("Select access level for this user:"));
618         wc_printf("<br>\n");
619         for (a = 0; a <= 6; ++a) {
620                 wc_printf("<a href=\"validate?nonce=%d?user=", WC->nonce);
621                 urlescputs(user);
622                 wc_printf("&axlevel=%d\">%s</A>&nbsp;&nbsp;&nbsp;\n",
623                         a, axdefs[a]);
624         }
625         wc_printf("<br>\n");
626
627         wc_printf("</div>\n");
628         wc_printf("</td></tr></table>\n");
629         do_template("box_end");
630         wDumpContent(1);
631 }
632
633
634 /*
635  * Display form for registration.
636  *
637  * (Set during_login to 1 if this registration is being performed during
638  * new user login and will require chaining to the proper screen.)
639  */
640 void display_reg(int during_login)
641 {
642         folder Room;
643         StrBuf *Buf;
644         message_summary *VCMsg = NULL;
645         wc_mime_attachment *VCAtt = NULL;
646         long vcard_msgnum;
647
648         Buf = NewStrBuf();
649         memset(&Room, 0, sizeof(folder));
650         if (goto_config_room(Buf, &Room) != 0) {
651                 syslog(LOG_WARNING, "display_reg() exiting because goto_config_room() failed\n");
652                 if (during_login) {
653                         pop_destination();
654                 }
655                 else {
656                         display_main_menu();
657                 }
658                 FreeStrBuf(&Buf);
659                 FlushFolder(&Room);             
660                 return;
661         }
662         FlushFolder(&Room);
663
664         FreeStrBuf(&Buf);
665         vcard_msgnum = locate_user_vcard_in_this_room(&VCMsg, &VCAtt);
666         if (vcard_msgnum < 0L) {
667                 syslog(LOG_WARNING, "display_reg() exiting because locate_user_vcard_in_this_room() failed\n");
668                 if (during_login) {
669                         pop_destination();
670                 }
671                 else {
672                         display_main_menu();
673                 }
674                 return;
675         }
676
677         if (during_login) {
678                 do_edit_vcard(vcard_msgnum, "1", VCMsg, VCAtt, "pop", USERCONFIGROOM);
679         }
680         else {
681                 StrBuf *ReturnTo;
682                 ReturnTo = NewStrBufPlain(HKEY("display_main_menu?go="));
683                 StrBufAppendBuf(ReturnTo, WC->CurRoom.name, 0);
684                 do_edit_vcard(vcard_msgnum, "1", VCMsg, VCAtt, ChrPtr(ReturnTo), USERCONFIGROOM);
685                 FreeStrBuf(&ReturnTo);
686         }
687
688 }
689
690 /*
691  * change password
692  * if passwords match, propagate it to citserver.
693  */
694 void changepw(void)
695 {
696         StrBuf *Line;
697         char newpass1[32], newpass2[32];
698
699         if (!havebstr("change_action")) {
700                 AppendImportantMessage(_("Cancelled.  Password was not changed."), -1);
701                 display_main_menu();
702                 return;
703         }
704
705         safestrncpy(newpass1, bstr("newpass1"), sizeof newpass1);
706         safestrncpy(newpass2, bstr("newpass2"), sizeof newpass2);
707
708         if (strcasecmp(newpass1, newpass2)) {
709                 AppendImportantMessage(_("They don't match.  Password was not changed."), -1);
710                 do_template("menu_change_pw");
711                 return;
712         }
713
714         if (IsEmptyStr(newpass1)) {
715                 AppendImportantMessage(_("Blank passwords are not allowed."), -1);
716                 do_template("menu_change_pw");
717                 return;
718         }
719
720         Line = NewStrBuf();
721         serv_printf("SETP %s", newpass1);
722         StrBuf_ServGetln(Line);
723         if (GetServerStatusMsg(Line, NULL, 1, 0) == 2) {
724                 if (WC->wc_password == NULL)
725                         WC->wc_password = NewStrBufPlain(
726                                 ChrPtr(Line) + 4, 
727                                 StrLength(Line) - 4);
728                 else {
729                         FlushStrBuf(WC->wc_password);
730                         StrBufAppendBufPlain(WC->wc_password,  
731                                              ChrPtr(Line) + 4, 
732                                              StrLength(Line) - 4, 0);
733                 }
734                 display_main_menu();
735         }
736         else {
737                 do_template("menu_change_pw");
738         }
739         FreeStrBuf(&Line);
740 }
741
742
743 int ConditionalHaveAccessCreateRoom(StrBuf *Target, WCTemplputParams *TP)
744 {
745         StrBuf *Buf;    
746
747         Buf = NewStrBuf();
748         serv_puts("CRE8 0");
749         StrBuf_ServGetln(Buf);
750
751         if (GetServerStatus(Buf, NULL) == 2) {
752                 StrBufCutLeft(Buf, 4);
753                 AppendImportantMessage(SKEY(Buf));
754                 FreeStrBuf(&Buf);
755                 return 0;
756         }
757         FreeStrBuf(&Buf);
758         return 1;
759 }
760
761
762 int ConditionalAide(StrBuf *Target, WCTemplputParams *TP)
763 {
764         wcsession *WCC = WC;
765         return (WCC != NULL) ? ((WCC->logged_in == 0)||(WC->is_aide == 0)) : 0;
766 }
767
768
769 int ConditionalIsLoggedIn(StrBuf *Target, WCTemplputParams *TP) 
770 {
771         wcsession *WCC = WC;
772         return (WCC != NULL) ? (WCC->logged_in == 0) : 0;
773
774 }
775
776
777 /* 
778  * toggle the session over to a different language
779  */
780 void switch_language(void) {
781         set_selected_language(bstr("lang"));
782         pop_destination();
783 }
784
785
786 void _display_reg(void) {
787         display_reg(0);
788 }
789
790
791 void Header_HandleAuth(StrBuf *Line, ParsedHttpHdrs *hdr)
792 {
793         if (hdr->HR.got_auth == NO_AUTH) /* don't override cookie auth... */
794         {
795                 if (strncasecmp(ChrPtr(Line), "Basic", 5) == 0) {
796                         StrBufCutLeft(Line, 6);
797                         StrBufDecodeBase64(Line);
798                         hdr->HR.plainauth = Line;
799                         hdr->HR.got_auth = AUTH_BASIC;
800                 }
801                 else 
802                         syslog(LOG_WARNING, "Authentication scheme not supported! [%s]\n", ChrPtr(Line));
803         }
804 }
805
806
807 void CheckAuthBasic(ParsedHttpHdrs *hdr)
808 {
809 /*
810   todo: enable this if we can have other sessions than authenticated ones.
811         if (hdr->DontNeedAuth)
812                 return;
813 */
814         StrBufAppendBufPlain(hdr->HR.plainauth, HKEY(":"), 0);
815         StrBufAppendBuf(hdr->HR.plainauth, hdr->HR.user_agent, 0);
816 }
817
818
819 void GetAuthBasic(ParsedHttpHdrs *hdr)
820 {
821         const char *Pos = NULL;
822         if (hdr->c_username == NULL)
823                 hdr->c_username = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_USER));
824         if (hdr->c_password == NULL)
825                 hdr->c_password = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_PASS));
826         StrBufExtract_NextToken(hdr->c_username, hdr->HR.plainauth, &Pos, ':');
827         StrBufExtract_NextToken(hdr->c_password, hdr->HR.plainauth, &Pos, ':');
828 }
829
830
831 void Header_HandleCookie(StrBuf *Line, ParsedHttpHdrs *hdr)
832 {
833         const char *pch;
834 /*
835   todo: enable this if we can have other sessions than authenticated ones.
836         if (hdr->DontNeedAuth)
837                 return;
838 */
839         pch = strstr(ChrPtr(Line), "webcit=");
840         if (pch == NULL) {
841                 return;
842         }
843
844         hdr->HR.RawCookie = Line;
845         StrBufCutLeft(hdr->HR.RawCookie, (pch - ChrPtr(hdr->HR.RawCookie)) + 7);
846         StrBufDecodeHex(hdr->HR.RawCookie);
847
848         cookie_to_stuff(Line, &hdr->HR.desired_session,
849                         hdr->c_username,
850                         hdr->c_password,
851                         hdr->c_roomname,
852                         hdr->c_language
853         );
854         hdr->HR.got_auth = AUTH_COOKIE;
855 }
856
857
858 void 
859 HttpNewModule_AUTH
860 (ParsedHttpHdrs *httpreq)
861 {
862         httpreq->c_username = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_USER));
863         httpreq->c_password = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_PASS));
864         httpreq->c_roomname = NewStrBuf();
865         httpreq->c_language = NewStrBuf();
866 }
867
868
869 void 
870 HttpDetachModule_AUTH
871 (ParsedHttpHdrs *httpreq)
872 {
873         FLUSHStrBuf(httpreq->c_username);
874         FLUSHStrBuf(httpreq->c_password);
875         FLUSHStrBuf(httpreq->c_roomname);
876         FLUSHStrBuf(httpreq->c_language);
877 }
878
879
880 void 
881 HttpDestroyModule_AUTH
882 (ParsedHttpHdrs *httpreq)
883 {
884         FreeStrBuf(&httpreq->c_username);
885         FreeStrBuf(&httpreq->c_password);
886         FreeStrBuf(&httpreq->c_roomname);
887         FreeStrBuf(&httpreq->c_language);
888 }
889
890
891 void 
892 InitModule_AUTH
893 (void)
894 {
895         initialize_axdefs();
896         RegisterHeaderHandler(HKEY("COOKIE"), Header_HandleCookie);
897         RegisterHeaderHandler(HKEY("AUTHORIZATION"), Header_HandleAuth);
898
899         /* no url pattern at all? Show login. */
900         WebcitAddUrlHandler(HKEY(""), "", 0, do_welcome, ANONYMOUS|COOKIEUNNEEDED);
901
902         WebcitAddUrlHandler(HKEY("do_welcome"), "", 0, do_welcome, ANONYMOUS|COOKIEUNNEEDED);
903         WebcitAddUrlHandler(HKEY("openid_login"), "", 0, do_openid_login, ANONYMOUS);
904         WebcitAddUrlHandler(HKEY("finalize_openid_login"), "", 0, finalize_openid_login, ANONYMOUS);
905         WebcitAddUrlHandler(HKEY("openid_manual_create"), "", 0, openid_manual_create, ANONYMOUS);
906         WebcitAddUrlHandler(HKEY("validate"), "", 0, validate, 0);
907         WebcitAddUrlHandler(HKEY("do_welcome"), "", 0, do_welcome, 0);
908         WebcitAddUrlHandler(HKEY("display_reg"), "", 0, _display_reg, 0);
909         WebcitAddUrlHandler(HKEY("changepw"), "", 0, changepw, 0);
910         WebcitAddUrlHandler(HKEY("termquit"), "", 0, do_logout, 0);
911         WebcitAddUrlHandler(HKEY("do_logout"), "", 0, do_logout, ANONYMOUS|COOKIEUNNEEDED|FORCE_SESSIONCLOSE);
912         WebcitAddUrlHandler(HKEY("monitor"), "", 0, monitor, ANONYMOUS|COOKIEUNNEEDED|FORCE_SESSIONCLOSE);
913         WebcitAddUrlHandler(HKEY("ajax_login_username_password"), "", 0, ajax_login_username_password, AJAX|ANONYMOUS);
914         WebcitAddUrlHandler(HKEY("ajax_login_newuser"), "", 0, ajax_login_newuser, AJAX|ANONYMOUS);
915         WebcitAddUrlHandler(HKEY("switch_language"), "", 0, switch_language, ANONYMOUS);
916         RegisterConditional("COND:AIDE", 2, ConditionalAide, CTX_NONE);
917         RegisterConditional("COND:LOGGEDIN", 2, ConditionalIsLoggedIn, CTX_NONE);
918         RegisterConditional("COND:MAY_CREATE_ROOM", 2,  ConditionalHaveAccessCreateRoom, CTX_NONE);
919         return;
920 }
921
922
923 void 
924 SessionDestroyModule_AUTH
925 (wcsession *sess)
926 {
927         FreeStrBuf(&sess->wc_username);
928         FreeStrBuf(&sess->wc_fullname);
929         FreeStrBuf(&sess->wc_password);
930         FreeStrBuf(&sess->httpauth_pass);
931         FreeStrBuf(&sess->cs_inet_email);
932 }