* First cut at Solaris fixes. There may still be some *printf("%s", NULL)

[citadel.git] / citadel / user_ops.c
diff --git a/citadel/user_ops.c b/citadel/user_ops.c

index 3fe6a140b9ad12b2f5078745cf778a129b131b15..6e69ef068a494213248394790714b97e9c9262b4 100644 (file)
--- a/citadel/user_ops.c
+++ b/citadel/user_ops.c
@@ -1,8 +1,7 @@
-/* needed to properly enable crypt() stuff on some systems */
-#define _XOPEN_SOURCE
-/* needed for str[n]casecmp() on some systems if the above is defined */
-#define _XOPEN_SOURCE_EXTENDED
+/* $Id$ */
  
+#include "sysdep.h"
+#include <errno.h>
  #include <stdlib.h>
  #include <unistd.h>
  #include <stdio.h>
@@ -10,36 +9,28 @@
  #include <signal.h>
  #include <pwd.h>
  #include <sys/types.h>
+#include <sys/wait.h>
  #include <sys/time.h>
  #include <string.h>
  #include <syslog.h>
-#include <pthread.h>
+#include <limits.h>
+#ifndef ENABLE_CHKPWD
+#include "auth.h"
+#endif
  #include "citadel.h"
  #include "server.h"
  #include "database.h"
  #include "user_ops.h"
  #include "sysdep_decls.h"
  #include "support.h"
-#include "hooks.h"
  #include "room_ops.h"
  #include "logging.h"
  #include "file_ops.h"
  #include "control.h"
  #include "msgbase.h"
  #include "config.h"
-
-
-/*
- * hash()  -  hash table function for user lookup
- */
-int hash(char *str)
-{
-       int h = 0;
-       int i;
-
-       for (i=0; i<strlen(str); ++i) h=h+((i+1)*tolower(str[i]));
-       return(h);
-       }
+#include "dynloader.h"
+#include "tools.h"
  
  
  /*
@@ -52,10 +43,12 @@ int getuser(struct usersupp *usbuf, char name[]) {
         int a;
         struct cdbdata *cdbus;
  
-       bzero(usbuf, sizeof(struct usersupp));
+       memset(usbuf, 0, sizeof(struct usersupp));
         for (a=0; a<=strlen(name); ++a) {
-               lowercase_name[a] = tolower(name[a]);
+               if (a < sizeof(lowercase_name))
+                       lowercase_name[a] = tolower(name[a]);
                 }
+       lowercase_name[sizeof(lowercase_name)-1] = 0;
  
         cdbus = cdb_fetch(CDB_USERSUPP, lowercase_name, strlen(lowercase_name));
         if (cdbus == NULL) {
@@ -88,15 +81,18 @@ int lgetuser(struct usersupp *usbuf, char *name)
  /*
   * putuser()  -  write user buffer into the correct place on disk
   */
-void putuser(struct usersupp *usbuf, char *name)
+void putuser(struct usersupp *usbuf)
  {
         char lowercase_name[32];
         int a;
  
-       for (a=0; a<=strlen(name); ++a) {
-               lowercase_name[a] = tolower(name[a]);
+       for (a=0; a<=strlen(usbuf->fullname); ++a) {
+               if (a < sizeof(lowercase_name))
+                       lowercase_name[a] = tolower(usbuf->fullname[a]);
                 }
+       lowercase_name[sizeof(lowercase_name)-1] = 0;
  
+       usbuf->version = config.c_setup_level;
         cdb_store(CDB_USERSUPP,
                 lowercase_name, strlen(lowercase_name),
                 usbuf, sizeof(struct usersupp));
@@ -107,12 +103,98 @@ void putuser(struct usersupp *usbuf, char *name)
  /*
   * lputuser()  -  same as putuser() but locks the record
   */
-void lputuser(struct usersupp *usbuf, char *name) {
-       putuser(usbuf,name);
+void lputuser(struct usersupp *usbuf) {
+       putuser(usbuf);
         end_critical_section(S_USERSUPP);
         }
  
+/*
+ * Index-generating function used by Ctdl[Get|Set]Relationship
+ */
+int GenerateRelationshipIndex( char *IndexBuf,
+                               long RoomID,
+                               long RoomGen,
+                               long UserID) {
+
+       struct {
+               long iRoomID;
+               long iRoomGen;
+               long iUserID;
+               } TheIndex;
+
+       TheIndex.iRoomID = RoomID;
+       TheIndex.iRoomGen = RoomGen;
+       TheIndex.iUserID = UserID;
+
+       memcpy(IndexBuf, &TheIndex, sizeof(TheIndex));
+       return(sizeof(TheIndex));
+       }
+
+/*
+ * Define a relationship between a user and a room
+ */
+void CtdlSetRelationship(struct visit *newvisit,
+                       struct usersupp *rel_user,
+                       struct quickroom *rel_room) {
+
+       char IndexBuf[32];
+       int IndexLen;
+
+       /* We don't use these in Citadel because they're implicit by the
+        * index, but they must be present if the database is exported.
+        */
+        newvisit->v_roomnum = rel_room->QRnumber;
+        newvisit->v_roomgen = rel_room->QRgen;
+        newvisit->v_usernum = rel_user->usernum;
+
+       /* Generate an index */
+       IndexLen = GenerateRelationshipIndex(IndexBuf,
+               rel_room->QRnumber,
+               rel_room->QRgen,
+               rel_user->usernum);
+
+       /* Store the record */
+       cdb_store(CDB_VISIT, IndexBuf, IndexLen,
+               newvisit, sizeof(struct visit)
+               );
+       }
+
+/*
+ * Locate a relationship between a user and a room
+ */
+void CtdlGetRelationship(struct visit *vbuf,
+                       struct usersupp *rel_user,
+                       struct quickroom *rel_room) {
+
+       char IndexBuf[32];
+       int IndexLen;
+       struct cdbdata *cdbvisit;
+
+       /* Generate an index */
+       IndexLen = GenerateRelationshipIndex(IndexBuf,
+               rel_room->QRnumber,
+               rel_room->QRgen,
+               rel_user->usernum);
+
+       /* Clear out the buffer */
+       memset(vbuf, 0, sizeof(struct visit));
+
+       cdbvisit = cdb_fetch(CDB_VISIT, IndexBuf, IndexLen);
+       if (cdbvisit != NULL) {
+               memcpy(vbuf, cdbvisit->ptr,
+                       ( (cdbvisit->len > sizeof(struct visit)) ?
+                       sizeof(struct visit) : cdbvisit->len) );
+               cdb_free(cdbvisit);
+               return;
+               }
+       }
+
  
+void MailboxName(char *buf, struct usersupp *who, char *prefix) {
+       sprintf(buf, "%010ld.%s", who->usernum, prefix);
+       }
+
+       
  /*
   * Is the user currently logged in an Aide?
   */
@@ -146,7 +228,7 @@ int getuserbynumber(struct usersupp *usbuf, long int number)
         cdb_rewind(CDB_USERSUPP);
  
         while(cdbus = cdb_next_item(CDB_USERSUPP), cdbus != NULL) {
-               bzero(usbuf, sizeof(struct usersupp));
+               memset(usbuf, 0, sizeof(struct usersupp));
                 memcpy(usbuf, cdbus->ptr,
                         ( (cdbus->len > sizeof(struct usersupp)) ?
                         sizeof(struct usersupp) : cdbus->len) );
@@ -160,24 +242,21 @@ int getuserbynumber(struct usersupp *usbuf, long int number)
  
  
  /*
- * USER cmd
+ * Back end for cmd_user() and its ilk
   */
-void cmd_user(char *cmdbuf)
+int CtdlLoginExistingUser(char *username)
  {
-       char username[256];
         char autoname[256];
         int found_user = 0;
         struct passwd *p;
         int a;
  
-       extract(username,cmdbuf,0);
         username[25] = 0;
         strproc(username);
  
         if ((CC->logged_in)) {
-               cprintf("%d Already logged in.\n",ERROR);
-               return;
-               }
+               return login_already_logged_in;
+       }
  
         found_user = getuser(&CC->usersupp,username);
         if (found_user != 0) {
@@ -187,24 +266,56 @@ void cmd_user(char *cmdbuf)
                         for (a=0; a<strlen(autoname); ++a)
                                 if (autoname[a]==',') autoname[a]=0;
                         found_user = getuser(&CC->usersupp,autoname);
-                       }
                 }
+       }
         if (found_user == 0) {
                 if (((CC->nologin)) && (CC->usersupp.axlevel < 6)) {
-                       cprintf("%d %s: Too many users are already online (maximum is %d)\n",
-                       ERROR+MAX_SESSIONS_EXCEEDED,
-                       config.c_nodename,config.c_maxsessions);
-                       }
+                       return login_too_many_users;
+               }
                 else {
                         strcpy(CC->curr_user,CC->usersupp.fullname);
+                       return login_ok;
+               }
+       }
+       return login_not_found;
+}
+
+
+
+/*
+ * USER cmd
+ */
+void cmd_user(char *cmdbuf)
+{
+       char username[256];
+       int a;
+
+       extract(username,cmdbuf,0);
+       username[25] = 0;
+       strproc(username);
+
+       a = CtdlLoginExistingUser(username);
+       switch(a) {
+               case login_already_logged_in:
+                       cprintf("%d Already logged in.\n",ERROR);
+                       return;
+               case login_too_many_users:
+                       cprintf("%d %s: "
+                               "Too many users are already online "
+                               "(maximum is %d)\n",
+                               ERROR+MAX_SESSIONS_EXCEEDED,
+                               config.c_nodename,config.c_maxsessions);
+                       return;
+               case login_ok:
                         cprintf("%d Password required for %s\n",
                                 MORE_DATA,CC->curr_user);
-                       }
-               }
-       else {
-               cprintf("%d %s not found.\n",ERROR,username);
-               }
+                       return;
+               case login_not_found:
+                       cprintf("%d %s not found.\n", ERROR, username);
+                       return;
+               cprintf("%d Internal error\n", ERROR);
         }
+}
  
  
  
@@ -212,18 +323,14 @@ void cmd_user(char *cmdbuf)
   * session startup code which is common to both cmd_pass() and cmd_newu()
   */
  void session_startup(void) {
-       int a;
-       struct quickroom qr;
-
         syslog(LOG_NOTICE,"user <%s> logged in",CC->curr_user);
-       hook_user_login(CC->cs_pid, CC->curr_user);
+
         lgetuser(&CC->usersupp,CC->curr_user);
         ++(CC->usersupp.timescalled);
         CC->fake_username[0] = '\0';
         CC->fake_postname[0] = '\0';
         CC->fake_hostname[0] = '\0';
         CC->fake_roomname[0] = '\0';
-       CC->last_pager[0] = '\0';
         time(&CC->usersupp.lastcall);
  
         /* If this user's name is the name of the system administrator
@@ -233,28 +340,25 @@ void session_startup(void) {
                 CC->usersupp.axlevel = 6;
                 }
  
-/* A room's generation number changes each time it is recycled. Users are kept
- * out of private rooms or forget rooms by matching the generation numbers. To
- * avoid an accidental matchup, unmatched numbers are set to -1 here.
- */
-       for (a=0; a<MAXROOMS; ++a) {
-               getroom(&qr,a);
-               if (CC->usersupp.generation[a] != qr.QRgen)
-                                       CC->usersupp.generation[a]=(-1);
-               if (CC->usersupp.forget[a] != qr.QRgen)
-                                       CC->usersupp.forget[a]=(-1);
-               }
+       lputuser(&CC->usersupp);
  
-       lputuser(&CC->usersupp,CC->curr_user);
+        /* Run any cleanup routines registered by loadable modules */
+       PerformSessionHooks(EVT_LOGIN);
  
-       cprintf("%d %s|%d|%d|%d|%u|%ld\n",OK,CC->usersupp.fullname,CC->usersupp.axlevel,
-               CC->usersupp.timescalled,CC->usersupp.posted,CC->usersupp.flags,
-               CC->usersupp.usernum);
-       usergoto(0,0);          /* Enter the lobby */   
+       usergoto(BASEROOM,0);           /* Enter the lobby */   
         rec_log(CL_LOGIN,CC->curr_user);
         }
  
  
+void logged_in_response(void) {
+       cprintf("%d %s|%d|%d|%d|%u|%ld\n",
+               OK, CC->usersupp.fullname, CC->usersupp.axlevel,
+               CC->usersupp.timescalled, CC->usersupp.posted,
+               CC->usersupp.flags,
+               CC->usersupp.usernum);
+}
+
+
  
  /* 
   * misc things to be taken care of when a user is logged out
@@ -269,96 +373,194 @@ void logout(struct CitContext *who)
         if (who->upload_fp != NULL) {
                 abort_upl(who);
                 }
+
+       /* Do modular stuff... */
+       PerformSessionHooks(EVT_LOGOUT);
         }
  
+#ifdef ENABLE_CHKPWD
+/*
+ * an alternate version of validpw() which executes `chkpwd' instead of
+ * verifying the password directly
+ */
+static int validpw(uid_t uid, const char *pass)
+{
+       pid_t pid;
+       int status, pipev[2];
+       char buf[24];
+
+       if (pipe(pipev)) {
+               lprintf(1, "pipe failed (%s): denying autologin access for "
+                          "uid %u\n", strerror(errno), uid);
+               return 0;
+               }
+
+       switch (pid = fork()) {
+           case -1:
+               lprintf(1, "fork failed (%s): denying autologin access for "
+                          "uid %u\n", strerror(errno), uid);
+               close(pipev[0]);
+               close(pipev[1]);
+               return 0;
+
+           case 0:
+               close(pipev[1]);
+               if (dup2(pipev[0], 0) == -1) {
+                       perror("dup2");
+                       exit(1);
+                       }
+               close(pipev[0]);
+
+               execl(BBSDIR "/chkpwd", BBSDIR "/chkpwd", NULL);
+               perror(BBSDIR "/chkpwd");
+               exit(1);
+               }
  
-void cmd_pass(char *buf)
+       close(pipev[0]);
+       write(pipev[1], buf, sprintf(buf, "%lu\n", (unsigned long)uid));
+       write(pipev[1], pass, strlen(pass));
+       write(pipev[1], "\n", 1);
+       close(pipev[1]);
+
+       while (waitpid(pid, &status, 0) == -1)
+               if (errno != EINTR) {
+                       lprintf(1, "waitpid failed (%s): denying autologin "
+                                  "access for uid %u\n",
+                               strerror(errno), uid);
+                       return 0;
+                       }
+
+       if (WIFEXITED(status) && !WEXITSTATUS(status))
+               return 1;
+
+       return 0;
+       }
+#endif
+
+
+
+int CtdlTryPassword(char *password)
  {
-       char password[256];
         int code;
-       struct passwd *p;
-
-       extract(password,buf,0);
  
         if ((CC->logged_in)) {
-               cprintf("%d Already logged in.\n",ERROR);
-               return;
+               return pass_already_logged_in;
                 }
-       if (!strcmp(CC->curr_user,"")) {
-               cprintf("%d You must send a name with USER first.\n",ERROR);
-               return;
+       if (!strcmp(CC->curr_user, NLI)) {
+               return pass_no_user;
                 }
-       if (getuser(&CC->usersupp,CC->curr_user)) {
-               cprintf("%d Can't find user record!\n",ERROR+INTERNAL_ERROR);
-               return;
+       if (getuser(&CC->usersupp, CC->curr_user)) {
+               return pass_internal_error;
                 }
  
         code = (-1);
-       if (CC->usersupp.USuid == BBSUID) {
+       if (CC->usersupp.uid == BBSUID) {
                 strproc(password);
                 strproc(CC->usersupp.password);
                 code = strcasecmp(CC->usersupp.password,password);
                 }
-       else {
-               p = (struct passwd *)getpwuid(CC->usersupp.USuid);
  #ifdef ENABLE_AUTOLOGIN
-               if (p!=NULL) {
-                       if (!strcmp(p->pw_passwd,
-                          (char *)crypt(password,p->pw_passwd))) {
-                               code = 0;
-                               lgetuser(&CC->usersupp, CC->curr_user);
-                               strcpy(CC->usersupp.password, password);
-                               lputuser(&CC->usersupp, CC->curr_user);
-                               }
+       else {
+               if (validpw(CC->usersupp.uid, password)) {
+                       code = 0;
+                       lgetuser(&CC->usersupp, CC->curr_user);
+                       safestrncpy(CC->usersupp.password, password,
+                                   sizeof CC->usersupp.password);
+                       lputuser(&CC->usersupp);
                         }
-#endif
                 }
+#endif
  
         if (!code) {
                 (CC->logged_in) = 1;
                 session_startup();
+               return pass_ok;
                 }
         else {
-               cprintf("%d Wrong password.\n",ERROR);
                 rec_log(CL_BADPW,CC->curr_user);
+               return pass_wrong_password;
                 }
         }
  
  
+void cmd_pass(char *buf)
+{
+       char password[256];
+       int a;
+
+       extract(password, buf, 0);
+       a = CtdlTryPassword(password);
+
+       switch (a) {
+               case pass_already_logged_in:
+                       cprintf("%d Already logged in.\n",ERROR);
+                       return;
+               case pass_no_user:
+                       cprintf("%d You must send a name with USER first.\n",
+                               ERROR);
+                       return;
+               case pass_wrong_password:
+                       cprintf("%d Wrong password.\n", ERROR);
+                       return;
+               case pass_ok:
+                       logged_in_response();
+                       return;
+               cprintf("%d Can't find user record!\n",
+                       ERROR+INTERNAL_ERROR);
+       }
+}
+
+
+
  /*
   * Delete a user record *and* all of its related resources.
   */
-int purge_user(char *pname) {
+int purge_user(char pname[]) {
         char filename[64];
         struct usersupp usbuf;
+       char lowercase_name[32];
         int a;
-       struct cdbdata *cdbmb;
-       long *mailbox;
-       int num_mails;
+       struct CitContext *ccptr;
+       int user_is_logged_in = 0;
+
+       for (a=0; a<=strlen(pname); ++a) {
+               lowercase_name[a] = tolower(pname[a]);
+               }
  
         if (getuser(&usbuf, pname) != 0) {
                 lprintf(5, "Cannot purge user <%s> - not found\n", pname);
-               return(1);
+               return(ERROR+NO_SUCH_USER);
                 }
  
-       /* FIX   Don't delete a user who is currently logged in. */
-
-       /* delete any messages in the user's mailbox */
-       cdbmb = cdb_fetch(CDB_MAILBOXES, &usbuf.usernum, sizeof(long));
-       if (cdbmb != NULL) {
-               num_mails = cdbmb->len / sizeof(long);
-               mailbox = (long *) cdbmb->ptr;
-               if (num_mails > 0) for (a=0; a<num_mails; ++a) {
-                       cdb_delete(CDB_MSGMAIN, &mailbox[a], sizeof(long));
+       /* Don't delete a user who is currently logged in.  Instead, just
+        * set the access level to 0, and let the account get swept up
+        * during the next purge.
+        */
+       user_is_logged_in = 0;
+       begin_critical_section(S_SESSION_TABLE);
+       for (ccptr=ContextList; ccptr!=NULL; ccptr=ccptr->next) {
+               if (ccptr->usersupp.usernum == usbuf.usernum) {
+                       user_is_logged_in = 1;
                         }
-               cdb_free(cdbmb);
-               /* now delete the mailbox itself */
-               cdb_delete(CDB_MAILBOXES, &usbuf.usernum, sizeof(long));
+               }
+       end_critical_section(S_SESSION_TABLE);
+       if (user_is_logged_in == 1) {
+               lprintf(5, "User <%s> is logged in; not deleting.\n", pname);
+               usbuf.axlevel = 0;
+               putuser(&usbuf);
+               return(1);
                 }
  
+       lprintf(5, "Deleting user <%s>\n", pname);
+
+       /* Perform any purge functions registered by server extensions */
+       PerformUserHooks(usbuf.fullname, usbuf.usernum, EVT_PURGEUSER);
+
+       /* delete any existing user/room relationships */
+       cdb_delete(CDB_VISIT, &usbuf.usernum, sizeof(long));
  
         /* delete the userlog entry */
-       cdb_delete(CDB_USERSUPP, pname, strlen(pname));
+       cdb_delete(CDB_USERSUPP, lowercase_name, strlen(lowercase_name));
  
         /* remove the user's bio file */        
         sprintf(filename, "./bio/%ld", usbuf.usernum);
@@ -381,6 +583,7 @@ int create_user(char *newusername)
         int a;
         struct passwd *p = NULL;
         char username[64];
+       char mailboxname[ROOMNAMELEN];
  
         strcpy(username, newusername);
         strproc(username);
@@ -393,10 +596,10 @@ int create_user(char *newusername)
                 for (a=0; a<strlen(username); ++a) {
                         if (username[a] == ',') username[a] = 0;
                         }
-               CC->usersupp.USuid = p->pw_uid;
+               CC->usersupp.uid = p->pw_uid;
                 }
         else {
-               CC->usersupp.USuid = BBSUID;
+               CC->usersupp.uid = BBSUID;
                 }
  
         if (!getuser(&usbuf,username)) {
@@ -405,14 +608,8 @@ int create_user(char *newusername)
  
         strcpy(CC->curr_user,username);
         strcpy(CC->usersupp.fullname,username);
-       (CC->logged_in) = 1;
-
-       for (a=0; a<MAXROOMS; ++a) {
-               CC->usersupp.lastseen[a]=0L;
-               CC->usersupp.generation[a]=(-1);
-               CC->usersupp.forget[a]=(-1);
-               }
         strcpy(CC->usersupp.password,"");
+       (CC->logged_in) = 1;
  
         /* These are the default flags on new accounts */
         CC->usersupp.flags =
@@ -420,16 +617,10 @@ int create_user(char *newusername)
  
         CC->usersupp.timescalled = 0;
         CC->usersupp.posted = 0;
-       CC->usersupp.axlevel = INITAX;
+       CC->usersupp.axlevel = config.c_initax;
         CC->usersupp.USscreenwidth = 80;
         CC->usersupp.USscreenheight = 24;
         time(&CC->usersupp.lastcall);
-       strcpy(CC->usersupp.USname, "");
-       strcpy(CC->usersupp.USaddr, "");
-       strcpy(CC->usersupp.UScity, "");
-       strcpy(CC->usersupp.USstate, "");
-       strcpy(CC->usersupp.USzip, "");
-       strcpy(CC->usersupp.USphone, "");
  
         /* fetch a new user number */
         CC->usersupp.usernum = get_new_user_number();
@@ -439,10 +630,15 @@ int create_user(char *newusername)
                 }
  
         /* add user to userlog */
-       putuser(&CC->usersupp,CC->curr_user);
+       putuser(&CC->usersupp);
         if (getuser(&CC->usersupp,CC->curr_user)) {
                 return(ERROR+INTERNAL_ERROR);
                 }
+
+       /* give the user a private mailbox */
+       MailboxName(mailboxname, &CC->usersupp, MAILROOM);
+       create_room(mailboxname, 4, "", 0);
+
         rec_log(CL_NEWUSER,CC->curr_user);
         return(0);
         }
@@ -498,6 +694,7 @@ void cmd_newu(char *cmdbuf)
                 }
         else if (a==0) {
                 session_startup();
+               logged_in_response();
                 }
         else {
                 cprintf("%d unknown error\n",ERROR);
@@ -516,7 +713,7 @@ void cmd_setp(char *new_pw)
                 cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
                 return;
                 }
-       if (CC->usersupp.USuid != BBSUID) {
+       if (CC->usersupp.uid != BBSUID) {
                 cprintf("%d Not allowed.  Use the 'passwd' command.\n",ERROR);
                 return;
                 }
@@ -527,9 +724,10 @@ void cmd_setp(char *new_pw)
                 }
         lgetuser(&CC->usersupp,CC->curr_user);
         strcpy(CC->usersupp.password,new_pw);
-       lputuser(&CC->usersupp,CC->curr_user);
+       lputuser(&CC->usersupp);
         cprintf("%d Password changed.\n",OK);
         rec_log(CL_PWCHANGE,CC->curr_user);
+       PerformSessionHooks(EVT_SETPASS);
         }
  
  /*
@@ -569,7 +767,7 @@ void cmd_setu(char *new_parms)
         CC->usersupp.flags = CC->usersupp.flags & (~US_USER_SET);
         CC->usersupp.flags = CC->usersupp.flags | 
                 (extract_int(new_parms,2) & US_USER_SET);
-       lputuser(&CC->usersupp,CC->curr_user);
+       lputuser(&CC->usersupp);
         cprintf("%d Ok\n",OK);
         }
  
@@ -579,17 +777,13 @@ void cmd_setu(char *new_parms)
  void cmd_slrp(char *new_ptr)
  {
         long newlr;
+       struct visit vbuf;
  
         if (!(CC->logged_in)) {
                 cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
                 return;
                 }
  
-       if (CC->curr_rm < 0) {
-               cprintf("%d No current room.\n",ERROR);
-               return;
-               }
-
         if (!strncasecmp(new_ptr,"highest",7)) {
                 newlr = CC->quickroom.QRhighest;
                 }
@@ -598,8 +792,12 @@ void cmd_slrp(char *new_ptr)
                 }
  
         lgetuser(&CC->usersupp, CC->curr_user);
-       CC->usersupp.lastseen[CC->curr_rm] = newlr;
-       lputuser(&CC->usersupp, CC->curr_user);
+
+       CtdlGetRelationship(&vbuf, &CC->usersupp, &CC->quickroom);
+       vbuf.v_lastseen = newlr;
+       CtdlSetRelationship(&vbuf, &CC->usersupp, &CC->quickroom);
+
+       lputuser(&CC->usersupp);
         cprintf("%d %ld\n",OK,newlr);
         }
  
@@ -612,59 +810,52 @@ void cmd_invt_kick(char *iuser, int op)
          {              /* 1 = invite, 0 = kick out */
         struct usersupp USscratch;
         char bbb[256];
+       struct visit vbuf;
  
         if (!(CC->logged_in)) {
                 cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
                 return;
                 }
  
-       if (CC->curr_rm < 0) {
-               cprintf("%d No current room.\n",ERROR);
-               return;
-               }
-
         if (is_room_aide()==0) {
                 cprintf("%d Higher access required.\n",
                         ERROR+HIGHER_ACCESS_REQUIRED);
                 return;
                 }
  
-       if ( (op==1) && ((CC->quickroom.QRflags&QR_PRIVATE)==0) ) {
-               cprintf("%d Not a private room.\n",ERROR+NOT_HERE);
-               return;
-               }
-
         if (lgetuser(&USscratch,iuser)!=0) {
                 cprintf("%d No such user.\n",ERROR);
                 return;
                 }
  
+       CtdlGetRelationship(&vbuf, &USscratch, &CC->quickroom);
+
         if (op==1) {
-               USscratch.generation[CC->curr_rm]=CC->quickroom.QRgen;
-               USscratch.forget[CC->curr_rm]=(-1);
+               vbuf.v_flags = vbuf.v_flags & ~V_FORGET & ~V_LOCKOUT;
+               vbuf.v_flags = vbuf.v_flags | V_ACCESS;
                 }
  
         if (op==0) {
-               USscratch.generation[CC->curr_rm]=(-1);
-               USscratch.forget[CC->curr_rm]=CC->quickroom.QRgen;
+               vbuf.v_flags = vbuf.v_flags & ~V_ACCESS;
+               vbuf.v_flags = vbuf.v_flags | V_FORGET | V_LOCKOUT;
                 }
  
-       lputuser(&USscratch,iuser);
+       CtdlSetRelationship(&vbuf, &USscratch, &CC->quickroom);
+
+       lputuser(&USscratch);
  
         /* post a message in Aide> saying what we just did */
-       sprintf(bbb,"%s %s %s> by %s",
+       sprintf(bbb,"%s %s %s> by %s\n",
                 iuser,
                 ((op == 1) ? "invited to" : "kicked out of"),
                 CC->quickroom.QRname,
                 CC->usersupp.fullname);
         aide_message(bbb);
  
-       if ((op==0)&&((CC->quickroom.QRflags&QR_PRIVATE)==0)) {
-               cprintf("%d Ok. (Not a private room, <Z>ap effect only)\n",OK);
-               }
-       else {
-               cprintf("%d Ok.\n",OK);
-               }
+       cprintf("%d %s %s %s.\n",
+               OK, iuser,
+               ((op == 1) ? "invited to" : "kicked out of"),
+               CC->quickroom.QRname);
         return;
         }
  
@@ -673,32 +864,28 @@ void cmd_invt_kick(char *iuser, int op)
   * forget (Zap) the current room
   */
  void cmd_forg(void) {
+       struct visit vbuf;
+
         if (!(CC->logged_in)) {
                 cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
                 return;
                 }
  
-       if (CC->curr_rm < 0) {
-               cprintf("%d No current room.\n",ERROR);
-               return;
-               }
-
-       if (CC->curr_rm < 3) {
-               cprintf("%d You cannot forget this room.\n",ERROR+NOT_HERE);
-               return;
-               }
-
         if (is_aide()) {
                 cprintf("%d Aides cannot forget rooms.\n",ERROR);
                 return;
                 }
  
         lgetuser(&CC->usersupp,CC->curr_user);
-       CC->usersupp.forget[CC->curr_rm] = CC->quickroom.QRgen;
-       CC->usersupp.generation[CC->curr_rm] = (-1);
-       lputuser(&CC->usersupp,CC->curr_user);
+       CtdlGetRelationship(&vbuf, &CC->usersupp, &CC->quickroom);
+
+       vbuf.v_flags = vbuf.v_flags | V_FORGET;
+       vbuf.v_flags = vbuf.v_flags & ~V_ACCESS;
+
+       CtdlSetRelationship(&vbuf, &CC->usersupp, &CC->quickroom);
+       lputuser(&CC->usersupp);
         cprintf("%d Ok\n",OK);
-       CC->curr_rm = (-1);
+       usergoto(BASEROOM, 0);
         }
  
  /*
@@ -729,7 +916,7 @@ void cmd_gnur(void) {
          */
         cdb_rewind(CDB_USERSUPP);
         while (cdbus = cdb_next_item(CDB_USERSUPP), cdbus != NULL) {
-               bzero(&usbuf, sizeof(struct usersupp));
+               memset(&usbuf, 0, sizeof(struct usersupp));
                 memcpy(&usbuf, cdbus->ptr,
                         ( (cdbus->len > sizeof(struct usersupp)) ?
                         sizeof(struct usersupp) : cdbus->len) );
@@ -756,67 +943,6 @@ void cmd_gnur(void) {
         }
  
  
-/*
- * get registration info for a user
- */
-void cmd_greg(char *who)
-{
-       struct usersupp usbuf;
-       int a,b;
-       char pbuf[32];
-
-       if (!(CC->logged_in)) {
-               cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
-               return;
-               }
-
-       if (!strcasecmp(who,"_SELF_")) strcpy(who,CC->curr_user);
-
-       if ((CC->usersupp.axlevel < 6) && (strcasecmp(who,CC->curr_user))) {
-               cprintf("%d Higher access required.\n",
-                       ERROR+HIGHER_ACCESS_REQUIRED);
-               return;
-               }
-
-       if (getuser(&usbuf,who) != 0) {
-               cprintf("%d '%s' not found.\n",ERROR+NO_SUCH_USER,who);
-               return;
-               }
-
-       cprintf("%d %s\n",LISTING_FOLLOWS,usbuf.fullname);
-       cprintf("%ld\n",usbuf.usernum);
-       cprintf("%s\n",usbuf.password);
-       cprintf("%s\n",usbuf.USname);
-       cprintf("%s\n",usbuf.USaddr);
-       cprintf("%s\n%s\n%s\n",
-               usbuf.UScity,usbuf.USstate,usbuf.USzip);
-       strcpy(pbuf,usbuf.USphone);
-       usbuf.USphone[0]=0;
-       for (a=0; a<strlen(pbuf); ++a) {
-               if ((pbuf[a]>='0')&&(pbuf[a]<='9')) {
-                       b=strlen(usbuf.USphone);
-                       usbuf.USphone[b]=pbuf[a];
-                       usbuf.USphone[b+1]=0;
-                       }
-               }
-       while(strlen(usbuf.USphone)<10) {
-               strcpy(pbuf,usbuf.USphone);
-               strcpy(usbuf.USphone," ");
-               strcat(usbuf.USphone,pbuf);
-               }
-
-       cprintf("(%c%c%c) %c%c%c-%c%c%c%c\n",
-               usbuf.USphone[0],usbuf.USphone[1],
-               usbuf.USphone[2],usbuf.USphone[3],
-               usbuf.USphone[4],usbuf.USphone[5],
-               usbuf.USphone[6],usbuf.USphone[7],
-               usbuf.USphone[8],usbuf.USphone[9]);
-
-       cprintf("%d\n",usbuf.axlevel);
-       cprintf("%s\n",usbuf.USemail);
-       cprintf("000\n");
-       }
-
  /*
   * validate a user
   */
@@ -848,7 +974,7 @@ void cmd_vali(char *v_args)
         userbuf.axlevel = newax;
         userbuf.flags = (userbuf.flags & ~US_NEEDVALID);
  
-       lputuser(&userbuf,user);
+       lputuser(&userbuf);
  
         /* If the access level was set to zero, delete the user */
         if (newax == 0) {
@@ -864,125 +990,58 @@ void cmd_vali(char *v_args)
  
  
  /* 
- *  List users
+ *  Traverse the user file...
   */
-void cmd_list(void) {
+void ForEachUser(void (*CallBack)(struct usersupp *EachUser, void *out_data),
+               void *in_data) {
         struct usersupp usbuf;
         struct cdbdata *cdbus;
  
         cdb_rewind(CDB_USERSUPP);
-       cprintf("%d \n",LISTING_FOLLOWS);
  
         while(cdbus = cdb_next_item(CDB_USERSUPP), cdbus != NULL) {
-               bzero(&usbuf, sizeof(struct usersupp));
+               memset(&usbuf, 0, sizeof(struct usersupp));
                 memcpy(&usbuf, cdbus->ptr,
                         ( (cdbus->len > sizeof(struct usersupp)) ?
                         sizeof(struct usersupp) : cdbus->len) );
                 cdb_free(cdbus);
+               (*CallBack)(&usbuf, in_data);
+               }
+       }
  
-           if (usbuf.axlevel > 0) {
+
+/*
+ * List one user (this works with cmd_list)
+ */
+void ListThisUser(struct usersupp *usbuf, void *data) {
+       if (usbuf->axlevel > 0) {
                 if ((CC->usersupp.axlevel>=6)
-                  ||((usbuf.flags&US_UNLISTED)==0)
+                  ||((usbuf->flags&US_UNLISTED)==0)
                    ||((CC->internal_pgm))) {
                         cprintf("%s|%d|%ld|%ld|%d|%d|",
-                               usbuf.fullname,
-                               usbuf.axlevel,
-                               usbuf.usernum,
-                               usbuf.lastcall,
-                               usbuf.timescalled,
-                               usbuf.posted);
-                       if (CC->usersupp.axlevel >= 6) cprintf("%s",usbuf.password);
+                               usbuf->fullname,
+                               usbuf->axlevel,
+                               usbuf->usernum,
+                               usbuf->lastcall,
+                               usbuf->timescalled,
+                               usbuf->posted);
+                       if (CC->usersupp.axlevel >= 6)
+                               cprintf("%s",usbuf->password);
                         cprintf("\n");
                         }
-                   }
                 }
-       cprintf("000\n");
         }
  
-/*
- * enter registration info
+/* 
+ *  List users
   */
-void cmd_regi(void) {
-       int a,b,c;
-       char buf[256];
-
-       char tmpname[256];
-       char tmpaddr[256];
-       char tmpcity[256];
-       char tmpstate[256];
-       char tmpzip[256];
-       char tmpphone[256];
-       char tmpemail[256];
-
-       if (!(CC->logged_in)) {
-               cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
-               return;
-               }
-
-       strcpy(tmpname,"");
-       strcpy(tmpaddr,"");
-       strcpy(tmpcity,"");
-       strcpy(tmpstate,"");
-       strcpy(tmpzip,"");
-       strcpy(tmpphone,"");
-       strcpy(tmpemail,"");
-
-       cprintf("%d Send registration...\n",SEND_LISTING);
-       a=0;
-       while (client_gets(buf), strcmp(buf,"000")) {
-               if (a==0) strcpy(tmpname,buf);
-               if (a==1) strcpy(tmpaddr,buf);
-               if (a==2) strcpy(tmpcity,buf);
-               if (a==3) strcpy(tmpstate,buf);
-               if (a==4) {
-                       for (c=0; c<strlen(buf); ++c) {
-                               if ((buf[c]>='0')&&(buf[c]<='9')) {
-                                       b=strlen(tmpzip);
-                                       tmpzip[b]=buf[c];
-                                       tmpzip[b+1]=0;
-                                       }
-                               }
-                       }
-               if (a==5) {
-                       for (c=0; c<strlen(buf); ++c) {
-                               if ((buf[c]>='0')&&(buf[c]<='9')) {
-                                       b=strlen(tmpphone);
-                                       tmpphone[b]=buf[c];
-                                       tmpphone[b+1]=0;
-                                       }
-                               }
-                       }
-               if (a==6) strncpy(tmpemail,buf,31);
-               ++a;
-               }
+void cmd_list(void) {
+       cprintf("%d \n",LISTING_FOLLOWS);
+       ForEachUser(ListThisUser, NULL);
+       cprintf("000\n");
+       }
  
-       tmpname[29]=0;
-       tmpaddr[24]=0;
-       tmpcity[14]=0;
-       tmpstate[2]=0;
-       tmpzip[9]=0;
-       tmpphone[10]=0;
-       tmpemail[31]=0;
  
-       lgetuser(&CC->usersupp,CC->curr_user);
-       strcpy(CC->usersupp.USname,tmpname);
-       strcpy(CC->usersupp.USaddr,tmpaddr);
-       strcpy(CC->usersupp.UScity,tmpcity);
-       strcpy(CC->usersupp.USstate,tmpstate);
-       strcpy(CC->usersupp.USzip,tmpzip);
-       strcpy(CC->usersupp.USphone,tmpphone);
-       strcpy(CC->usersupp.USemail,tmpemail);
-       CC->usersupp.flags=(CC->usersupp.flags|US_REGIS|US_NEEDVALID);
-       lputuser(&CC->usersupp,CC->curr_user);
-
-       /* set global flag calling for validation */
-       begin_critical_section(S_CONTROL);
-       get_control();
-       CitControl.MMflags = CitControl.MMflags | MM_VALID ;
-       put_control();
-       end_critical_section(S_CONTROL);
-       cprintf("%d *** End of registration.\n",OK);
-       }
  
  
  /*
@@ -992,12 +1051,7 @@ void cmd_chek(void) {
         int mail = 0;
         int regis = 0;
         int vali = 0;
-       int a;
-       struct cdbdata *cdbmb;
-       long *mailbox;
-       int num_mails;
         
-
         if (!(CC->logged_in)) {
                 cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
                 return;
@@ -1013,17 +1067,7 @@ void cmd_chek(void) {
  
  
         /* check for mail */
-       mail = 0;
-       cdbmb = cdb_fetch(CDB_MAILBOXES, &CC->usersupp.usernum, sizeof(long));
-       if (cdbmb != NULL) {
-               num_mails = cdbmb->len / sizeof(long);
-               mailbox = (long *) cdbmb->ptr;
-               if (num_mails > 0) for (a=0; a<num_mails; ++a) {
-                       if (mailbox[a] > (CC->usersupp.lastseen[1])) ++mail;
-                       }
-               cdb_free(cdbmb);
-               }
-
+       mail = NewMailCount();
  
         cprintf("%d %d|%d|%d\n",OK,mail,regis,vali);
         }
@@ -1045,82 +1089,6 @@ void cmd_qusr(char *who)
         }
  
  
-/*
- * enter user bio
- */
-void cmd_ebio(void) {
-       char buf[256];
-       FILE *fp;
-
-       if (!(CC->logged_in)) {
-               cprintf("%d Not logged in.\n",ERROR+NOT_LOGGED_IN);
-               return;
-               }
-
-       sprintf(buf,"./bio/%ld",CC->usersupp.usernum);
-       fp = fopen(buf,"w");
-       if (fp == NULL) {
-               cprintf("%d Cannot create file\n",ERROR);
-               return;
-               }
-       cprintf("%d  \n",SEND_LISTING);
-       while(client_gets(buf), strcmp(buf,"000")) {
-               fprintf(fp,"%s\n",buf);
-               }
-       fclose(fp);
-       }
-
-/*
- * read user bio
- */
-void cmd_rbio(char *cmdbuf)
-{
-       struct usersupp ruser;
-       char buf[256];
-       FILE *fp;
-
-       extract(buf,cmdbuf,0);
-       if (getuser(&ruser,buf)!=0) {
-               cprintf("%d No such user.\n",ERROR+NO_SUCH_USER);
-               return;
-               }
-       sprintf(buf,"./bio/%ld",ruser.usernum);
-       
-       fp = fopen(buf,"r");
-       if (fp == NULL) {
-               cprintf("%d %s has no bio on file.\n",
-                       ERROR+FILE_NOT_FOUND,ruser.fullname);
-               return;
-               }
-       cprintf("%d  \n",LISTING_FOLLOWS);
-       while (fgets(buf,256,fp)!=NULL) cprintf("%s",buf);
-       fclose(fp);
-       cprintf("000\n");
-       }
-
-/*
- * list of users who have entered bios
- */
-void cmd_lbio(void) {
-       char buf[256];
-       FILE *ls;
-       struct usersupp usbuf;
-
-       ls=popen("cd ./bio; ls","r");
-       if (ls==NULL) {
-               cprintf("%d Cannot open listing.\n",ERROR+FILE_NOT_FOUND);
-               return;
-               }
-
-       cprintf("%d\n",LISTING_FOLLOWS);
-       while (fgets(buf,255,ls)!=NULL)
-               if (getuserbynumber(&usbuf,atol(buf))==0)
-                       cprintf("%s\n",usbuf.fullname);
-       pclose(ls);
-       cprintf("000\n");
-       }
-
-
  /*
   * Administrative Get User Parameters
   */
@@ -1141,7 +1109,7 @@ void cmd_agup(char *cmdbuf) {
                 return;
                 }
  
-       cprintf("%d %s|%s|%u|%d|%d|%d|%ld\n", 
+       cprintf("%d %s|%s|%u|%d|%d|%d|%ld|%ld|%d\n", 
                 OK,
                 usbuf.fullname,
                 usbuf.password,
@@ -1149,8 +1117,9 @@ void cmd_agup(char *cmdbuf) {
                 usbuf.timescalled,
                 usbuf.posted,
                 (int)usbuf.axlevel,
-               usbuf.usernum);
-
+               usbuf.usernum,
+               usbuf.lastcall,
+               usbuf.USuserpurge);
         }
  
  
@@ -1163,6 +1132,7 @@ void cmd_asup(char *cmdbuf) {
         char requested_user[256];
         int np;
         int newax;
+       int deleted = 0;
         
         if ( (CC->internal_pgm==0)
            && ( (CC->logged_in == 0) || (is_aide()==0) ) ) {
@@ -1188,12 +1158,60 @@ void cmd_asup(char *cmdbuf) {
                         usbuf.axlevel = extract_int(cmdbuf, 5);
                         }
                 }
+       if (np > 7) {
+               usbuf.lastcall = extract_long(cmdbuf, 7);
+               }
+       if (np > 8) {
+               usbuf.USuserpurge = extract_int(cmdbuf, 8);
+               }
  
-       lputuser(&usbuf, requested_user);
+       lputuser(&usbuf);
         if (usbuf.axlevel == 0) {
                 if (purge_user(requested_user)==0) {
-                       cprintf("%d %s deleted.\n", OK, requested_user);
+                       deleted = 1;
                         }
                 }
-       cprintf("%d Ok\n", OK);
+       cprintf("%d Ok", OK);
+       if (deleted) cprintf(" (%s deleted)", requested_user);
+       cprintf("\n");
+       }
+
+
+/*
+ * Count the number of new mail messages the user has
+ */
+int NewMailCount() {
+       int num_newmsgs = 0;
+       int a;
+       char mailboxname[ROOMNAMELEN];
+       struct quickroom mailbox;
+       struct visit vbuf;
+        struct cdbdata *cdbfr;
+       long *msglist = NULL;
+       int num_msgs = 0;
+
+       MailboxName(mailboxname, &CC->usersupp, MAILROOM);
+       if (getroom(&mailbox, mailboxname)!=0) return(0);
+       CtdlGetRelationship(&vbuf, &CC->usersupp, &mailbox);
+
+        cdbfr = cdb_fetch(CDB_MSGLISTS, &mailbox.QRnumber, sizeof(long));
+
+        if (cdbfr != NULL) {
+               msglist = mallok(cdbfr->len);
+               memcpy(msglist, cdbfr->ptr, cdbfr->len);
+               num_msgs = cdbfr->len / sizeof(long);
+               cdb_free(cdbfr);
+       }
+
+       if (num_msgs > 0) for (a=0; a<num_msgs; ++a) {
+               if (msglist[a]>0L) {
+                       if (msglist[a] > vbuf.v_lastseen) {
+                               ++num_newmsgs;
+                               }
+                       }
+               }
+
+       if (msglist != NULL) phree(msglist);
+
+       return(num_newmsgs);
         }