* added message subject to all those tiny messages

[citadel.git] / citadel / user_ops.c

diff --git a/citadel/user_ops.c b/citadel/user_ops.c
index 7da967bc5730a9af9f7256d5927f9520568a485d..ff56484ca016121f1f2fc7bab6be967f0fd3d679 100644 (file)
--- a/citadel/user_ops.c
+++ b/citadel/user_ops.c
@@ -5,10 +5,6 @@
  *
  */
 
-#ifdef DLL_EXPORT
-#define IN_LIBCIT
-#endif
-
 #include "sysdep.h"
 #include <errno.h>
 #include <stdlib.h>
@@ -75,32 +71,23 @@ int getuser(struct ctdluser *usbuf, char name[])
 {
 
        char usernamekey[USERNAME_SIZE];
-       char sysuser_name[USERNAME_SIZE];
        struct cdbdata *cdbus;
-       int using_sysuser = 0;
-
-       memset(usbuf, 0, sizeof(struct ctdluser));
 
-#ifdef ENABLE_AUTOLOGIN
-       if (CtdlAssociateSystemUser(sysuser_name, name) == 0) {
-               ++using_sysuser;
-       }
-#endif
-
-       if (using_sysuser) {
-               makeuserkey(usernamekey, sysuser_name);
-       }
-       else {
-               makeuserkey(usernamekey, name);
+       if (usbuf != NULL) {
+               memset(usbuf, 0, sizeof(struct ctdluser));
        }
 
+       makeuserkey(usernamekey, name);
        cdbus = cdb_fetch(CDB_USERS, usernamekey, strlen(usernamekey));
+
        if (cdbus == NULL) {    /* user not found */
                return(1);
        }
-       memcpy(usbuf, cdbus->ptr,
-              ((cdbus->len > sizeof(struct ctdluser)) ?
-               sizeof(struct ctdluser) : cdbus->len));
+       if (usbuf != NULL) {
+               memcpy(usbuf, cdbus->ptr,
+                       ((cdbus->len > sizeof(struct ctdluser)) ?
+                        sizeof(struct ctdluser) : cdbus->len));
+       }
        cdb_free(cdbus);
 
        return (0);
@@ -321,26 +308,34 @@ int getuserbynumber(struct ctdluser *usbuf, long int number)
 }
 
 
+#ifdef ENABLE_AUTOLOGIN
 /*
- * See if we can translate a system login name (i.e. from /etc/passwd)
- * to a Citadel screen name.  Returns 0 if one is found.
+ * getuserbyuid()  -     get user by system uid (for PAM mode authentication)
+ *                       returns 0 if user was found
+ *
+ * WARNING: don't use this function unless you absolutely have to.  It does
+ *          a sequential search and therefore is computationally expensive.
  */
-int CtdlAssociateSystemUser(char *screenname, char *loginname) {
-       struct passwd *p;
-       int a;
+int getuserbyuid(struct ctdluser *usbuf, uid_t number)
+{
+       struct cdbdata *cdbus;
 
-       p = (struct passwd *) getpwnam(loginname);
-       if (p != NULL) {
-               strcpy(screenname, p->pw_gecos);
-               for (a = 0; a < strlen(screenname); ++a) {
-                       if (screenname[a] == ',') {
-                               screenname[a] = 0;
-                       }
+       cdb_rewind(CDB_USERS);
+
+       while (cdbus = cdb_next_item(CDB_USERS), cdbus != NULL) {
+               memset(usbuf, 0, sizeof(struct ctdluser));
+               memcpy(usbuf, cdbus->ptr,
+                      ((cdbus->len > sizeof(struct ctdluser)) ?
+                       sizeof(struct ctdluser) : cdbus->len));
+               cdb_free(cdbus);
+               if (usbuf->uid == number) {
+                       cdb_close_cursor(CDB_USERS);
+                       return (0);
                }
-               return(0);
        }
-       return(1);
+       return (-1);
 }
+#endif /* ENABLE_AUTOLOGIN */
 
 
 
@@ -351,16 +346,47 @@ int CtdlLoginExistingUser(char *trythisname)
 {
        char username[SIZ];
        int found_user;
-       struct recptypes *valid = NULL;
-
-       if (trythisname == NULL) return login_not_found;
-       safestrncpy(username, trythisname, sizeof username);
-       strproc(username);
 
        if ((CC->logged_in)) {
                return login_already_logged_in;
        }
 
+       if (trythisname == NULL) return login_not_found;
+       safestrncpy(username, trythisname, USERNAME_SIZE);
+       striplt(username);
+
+       if (strlen(username) == 0) {
+               return login_not_found;
+       }
+
+#ifdef ENABLE_AUTOLOGIN
+
+       /* If this is an autologin build, the only valid auth source is the
+        * host operating system.
+        */
+       struct passwd pd;
+       struct passwd *tempPwdPtr;
+       char pwdbuffer[256];
+
+       lprintf(CTDL_DEBUG, "asking host about <%s>\n", username);
+       getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer, &tempPwdPtr);
+       if (tempPwdPtr == NULL) {
+               return login_not_found;
+       }
+       lprintf(CTDL_DEBUG, "found it! uid=%d, gecos=%s\n", pd.pw_uid, pd.pw_gecos);
+
+       /* Locate the associated Citadel account.
+        * If not found, make one attempt to create it.
+        */
+       found_user = getuserbyuid(&CC->user, pd.pw_uid);
+       if (found_user != 0) {
+               create_user(username, 0);
+               found_user = getuserbyuid(&CC->user, pd.pw_uid);
+       }
+
+#else /* ENABLE_AUTOLOGIN */
+       struct recptypes *valid = NULL;
+
        /* First, try to log in as if the supplied name is a display name */
        found_user = getuser(&CC->user, username);
 
@@ -368,16 +394,18 @@ int CtdlLoginExistingUser(char *trythisname)
         * is an e-mail address
         */
        if (found_user != 0) {
-               valid = validate_recipients(trythisname);
+               valid = validate_recipients(username);
                if (valid != NULL) {
                        if (valid->num_local == 1) {
                                found_user = getuser(&CC->user,
                                                valid->recp_local);
                        }
-                       phree(valid);
+                       free(valid);
                }
        }
 
+#endif /* ENABLE_AUTOLOGIN */
+
        /* Did we find something? */
        if (found_user == 0) {
                if (((CC->nologin)) && (CC->user.axlevel < 6)) {
@@ -398,10 +426,10 @@ int CtdlLoginExistingUser(char *trythisname)
  */
 void cmd_user(char *cmdbuf)
 {
-       char username[SIZ];
+       char username[256];
        int a;
 
-       extract(username, cmdbuf, 0);
+       extract_token(username, cmdbuf, 0, '|', sizeof username);
        striplt(username);
 
        a = CtdlLoginExistingUser(username);
@@ -423,6 +451,7 @@ void cmd_user(char *cmdbuf)
        case login_not_found:
                cprintf("%d %s not found.\n", ERROR + NO_SUCH_USER, username);
                return;
+       default:
                cprintf("%d Internal error\n", ERROR + INTERNAL_ERROR);
        }
 }
@@ -436,7 +465,7 @@ void session_startup(void)
 {
        int i;
 
-       lprintf(3, "<%s> logged in\n", CC->curr_user);
+       lprintf(CTDL_NOTICE, "<%s> logged in\n", CC->curr_user);
 
        lgetuser(&CC->user, CC->curr_user);
        ++(CC->user.timescalled);
@@ -449,6 +478,16 @@ void session_startup(void)
        if (!strcasecmp(CC->user.fullname, config.c_sysadm)) {
                CC->user.axlevel = 6;
        }
+
+#ifdef ENABLE_AUTOLOGIN
+       /* If we're authenticating off the host system, automatically give
+        * root the highest level of access.
+        */
+       if (CC->user.uid == 0) {
+               CC->user.axlevel = 6;
+       }
+#endif
+
        lputuser(&CC->user);
 
        /*
@@ -467,8 +506,9 @@ void session_startup(void)
        /* Create any personal rooms required by the system.
         * (Technically, MAILROOM should be there already, but just in case...)
         */
-       create_room(MAILROOM, 4, "", 0, 1, 0);
-       create_room(SENTITEMS, 4, "", 0, 1, 0);
+       create_room(MAILROOM, 4, "", 0, 1, 0, VIEW_MAILBOX);
+       create_room(SENTITEMS, 4, "", 0, 1, 0, VIEW_MAILBOX);
+       create_room(USERTRASHROOM, 4, "", 0, 1, 0, VIEW_MAILBOX);
 
        /* Run any startup routines registered by loadable modules */
        PerformSessionHooks(EVT_LOGIN);
@@ -549,13 +589,13 @@ static int validpw(uid_t uid, const char *pass)
        char buf[24];
 
        if (pipe(pipev)) {
-               lprintf(1, "pipe failed (%s): denying autologin access for "
+               lprintf(CTDL_ERR, "pipe failed (%s): denying autologin access for "
                        "uid %ld\n", strerror(errno), (long)uid);
                return 0;
        }
        switch (pid = fork()) {
        case -1:
-               lprintf(1, "fork failed (%s): denying autologin access for "
+               lprintf(CTDL_ERR, "fork failed (%s): denying autologin access for "
                        "uid %ld\n", strerror(errno), (long)uid);
                close(pipev[0]);
                close(pipev[1]);
@@ -569,8 +609,8 @@ static int validpw(uid_t uid, const char *pass)
                }
                close(pipev[0]);
 
-               execl(BBSDIR "/chkpwd", BBSDIR "/chkpwd", NULL);
-               perror(BBSDIR "/chkpwd");
+               execl(CTDLDIR "/chkpwd", CTDLDIR "/chkpwd", NULL);
+               perror(CTDLDIR "/chkpwd");
                exit(1);
        }
 
@@ -583,7 +623,7 @@ static int validpw(uid_t uid, const char *pass)
 
        while (waitpid(pid, &status, 0) == -1)
                if (errno != EINTR) {
-                       lprintf(1, "waitpid failed (%s): denying autologin "
+                       lprintf(CTDL_ERR, "waitpid failed (%s): denying autologin "
                                "access for uid %ld\n",
                                strerror(errno), (long)uid);
                        return 0;
@@ -607,45 +647,43 @@ int CtdlTryPassword(char *password)
        int code;
 
        if ((CC->logged_in)) {
-               lprintf(5, "CtdlTryPassword: already logged in\n");
+               lprintf(CTDL_WARNING, "CtdlTryPassword: already logged in\n");
                return pass_already_logged_in;
        }
        if (!strcmp(CC->curr_user, NLI)) {
-               lprintf(5, "CtdlTryPassword: no user selected\n");
+               lprintf(CTDL_WARNING, "CtdlTryPassword: no user selected\n");
                return pass_no_user;
        }
        if (getuser(&CC->user, CC->curr_user)) {
-               lprintf(5, "CtdlTryPassword: internal error\n");
+               lprintf(CTDL_ERR, "CtdlTryPassword: internal error\n");
                return pass_internal_error;
        }
        if (password == NULL) {
-               lprintf(5, "CtdlTryPassword: NULL password string supplied\n");
+               lprintf(CTDL_INFO, "CtdlTryPassword: NULL password string supplied\n");
                return pass_wrong_password;
        }
        code = (-1);
 
 
 #ifdef ENABLE_AUTOLOGIN
-       /* A uid of BBSUID or -1 indicates that this user exists only in
-        * Citadel, not in the underlying operating system.
-        */
-       if ( (CC->user.uid == BBSUID) || (CC->user.uid == (-1)) ) {
-               strproc(password);
-               strproc(CC->user.password);
-               code = strcasecmp(CC->user.password, password);
+
+       if (validpw(CC->user.uid, password)) {
+               code = 0;
+               /* we could get rid of this */
+               lgetuser(&CC->user, CC->curr_user);
+               safestrncpy(CC->user.password, password, sizeof CC->user.password);
+               lputuser(&CC->user);
+               /*                          */
        }
-       /* Any other uid means we have to check the system password database */
        else {
-               if (validpw(CC->user.uid, password)) {
-                       code = 0;
-                       lgetuser(&CC->user, CC->curr_user);
-                       safestrncpy(CC->user.password, password,
-                                   sizeof CC->user.password);
-                       lputuser(&CC->user);
-               }
+               code = (-1);
        }
 
 #else /* ENABLE_AUTOLOGIN */
+
+       strproc(password);
+       strproc(CC->user.password);
+       code = strcasecmp(CC->user.password, password);
        strproc(password);
        strproc(CC->user.password);
        code = strcasecmp(CC->user.password, password);
@@ -656,7 +694,7 @@ int CtdlTryPassword(char *password)
                do_login();
                return pass_ok;
        } else {
-               lprintf(3, "Bad password specified for <%s>\n", CC->curr_user);
+               lprintf(CTDL_WARNING, "Bad password specified for <%s>\n", CC->curr_user);
                return pass_wrong_password;
        }
 }
@@ -664,10 +702,10 @@ int CtdlTryPassword(char *password)
 
 void cmd_pass(char *buf)
 {
-       char password[SIZ];
+       char password[256];
        int a;
 
-       extract(password, buf, 0);
+       extract_token(password, buf, 0, '|', sizeof password);
        a = CtdlTryPassword(password);
 
        switch (a) {
@@ -684,8 +722,6 @@ void cmd_pass(char *buf)
        case pass_ok:
                logged_in_response();
                return;
-               cprintf("%d Can't find user record!\n",
-                       ERROR + INTERNAL_ERROR);
        }
 }
 
@@ -705,7 +741,7 @@ int purge_user(char pname[])
        makeuserkey(usernamekey, pname);
 
        if (getuser(&usbuf, pname) != 0) {
-               lprintf(5, "Cannot purge user <%s> - not found\n", pname);
+               lprintf(CTDL_ERR, "Cannot purge user <%s> - not found\n", pname);
                return (ERROR + NO_SUCH_USER);
        }
        /* Don't delete a user who is currently logged in.  Instead, just
@@ -721,15 +757,15 @@ int purge_user(char pname[])
        }
        end_critical_section(S_SESSION_TABLE);
        if (user_is_logged_in == 1) {
-               lprintf(5, "User <%s> is logged in; not deleting.\n", pname);
+               lprintf(CTDL_WARNING, "User <%s> is logged in; not deleting.\n", pname);
                usbuf.axlevel = 0;
                putuser(&usbuf);
                return (1);
        }
-       lprintf(5, "Deleting user <%s>\n", pname);
+       lprintf(CTDL_NOTICE, "Deleting user <%s>\n", pname);
 
        /* Perform any purge functions registered by server extensions */
-       PerformUserHooks(usbuf.fullname, usbuf.usernum, EVT_PURGEUSER);
+       PerformUserHooks(&usbuf, EVT_PURGEUSER);
 
        /* delete any existing user/room relationships */
        cdb_delete(CDB_VISIT, &usbuf.usernum, sizeof(long));
@@ -738,11 +774,19 @@ int purge_user(char pname[])
        cdb_delete(CDB_USERS, usernamekey, strlen(usernamekey));
 
        /* remove the user's bio file */
-       snprintf(filename, sizeof filename, "./bio/%ld", usbuf.usernum);
+       snprintf(filename, 
+                        sizeof filename, 
+                        "%s/%ld",
+                        ctdl_bio_dir,
+                        usbuf.usernum);
        unlink(filename);
 
        /* remove the user's picture */
-       snprintf(filename, sizeof filename, "./userpics/%ld.gif", usbuf.usernum);
+       snprintf(filename, 
+                        sizeof filename, 
+                        "%s/%ld.gif",
+                        ctdl_image_dir,
+                        usbuf.usernum);
        unlink(filename);
 
        return (0);
@@ -760,24 +804,26 @@ int create_user(char *newusername, int become_user)
 {
        struct ctdluser usbuf;
        struct ctdlroom qrbuf;
-       struct passwd *p = NULL;
-       char username[SIZ];
+       char username[256];
        char mailboxname[ROOMNAMELEN];
-       uid_t uid;
+       uid_t uid = (-1);
 
        safestrncpy(username, newusername, sizeof username);
        strproc(username);
 
 #ifdef ENABLE_AUTOLOGIN
-       p = (struct passwd *) getpwnam(username);
-       if (p != NULL) {
-               extract_token(username, p->pw_gecos, 0, ',');
-               uid = p->pw_uid;
-       } else {
-               uid = (-1);
+       struct passwd pd;
+       struct passwd *tempPwdPtr;
+       char pwdbuffer[256];
+
+       getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer, &tempPwdPtr);
+       if (tempPwdPtr != NULL) {
+               extract_token(username, pd.pw_gecos, 0, ',', sizeof username);
+               uid = pd.pw_uid;
+       }
+       else {
+               return (ERROR + NO_SUCH_USER);
        }
-#else
-       uid = (-1);
 #endif
 
        if (!getuser(&usbuf, username)) {
@@ -816,17 +862,20 @@ int create_user(char *newusername, int become_user)
         * Make the latter an invisible system room.
         */
        MailboxName(mailboxname, sizeof mailboxname, &usbuf, MAILROOM);
-       create_room(mailboxname, 5, "", 0, 1, 1);
+       create_room(mailboxname, 5, "", 0, 1, 1, VIEW_MAILBOX);
 
        MailboxName(mailboxname, sizeof mailboxname, &usbuf, USERCONFIGROOM);
-       create_room(mailboxname, 5, "", 0, 1, 1);
+       create_room(mailboxname, 5, "", 0, 1, 1, VIEW_BBS);
         if (lgetroom(&qrbuf, mailboxname) == 0) {
                 qrbuf.QRflags2 |= QR2_SYSTEM;
                 lputroom(&qrbuf);
         }
 
+       /* Perform any create functions registered by server extensions */
+       PerformUserHooks(&usbuf, EVT_NEWUSER);
+
        /* Everything below this line can be bypassed if administratively
-          creating a user, instead of doing self-service account creation
+        * creating a user, instead of doing self-service account creation
         */
 
        if (become_user) {
@@ -841,7 +890,7 @@ int create_user(char *newusername, int become_user)
                }
        }
 
-       lprintf(3, "New user <%s> created\n", username);
+       lprintf(CTDL_NOTICE, "New user <%s> created\n", username);
        return (0);
 }
 
@@ -854,7 +903,13 @@ int create_user(char *newusername, int become_user)
 void cmd_newu(char *cmdbuf)
 {
        int a;
-       char username[SIZ];
+       char username[26];
+
+#ifdef ENABLE_AUTOLOGIN
+       cprintf("%d This system does not use native mode authentication.\n",
+               ERROR + NOT_HERE);
+       return;
+#endif /* ENABLE_AUTOLOGIN */
 
        if (config.c_disable_newu) {
                cprintf("%d Self-service user account creation "
@@ -871,7 +926,7 @@ void cmd_newu(char *cmdbuf)
                        ERROR + MAX_SESSIONS_EXCEEDED,
                        config.c_nodename, config.c_maxsessions);
        }
-       extract(username, cmdbuf, 0);
+       extract_token(username, cmdbuf, 0, '|', sizeof username);
        username[25] = 0;
        strproc(username);
 
@@ -915,7 +970,7 @@ void cmd_setp(char *new_pw)
        if (CtdlAccessCheck(ac_logged_in)) {
                return;
        }
-       if ( (CC->user.uid != BBSUID) && (CC->user.uid != (-1)) ) {
+       if ( (CC->user.uid != CTDLUID) && (CC->user.uid != (-1)) ) {
                cprintf("%d Not allowed.  Use the 'passwd' command.\n", ERROR + NOT_HERE);
                return;
        }
@@ -928,7 +983,7 @@ void cmd_setp(char *new_pw)
        safestrncpy(CC->user.password, new_pw, sizeof(CC->user.password));
        lputuser(&CC->user);
        cprintf("%d Password changed.\n", CIT_OK);
-       lprintf(3, "Password changed for user <%s>\n", CC->curr_user);
+       lprintf(CTDL_INFO, "Password changed for user <%s>\n", CC->curr_user);
        PerformSessionHooks(EVT_SETPASS);
 }
 
@@ -939,16 +994,16 @@ void cmd_setp(char *new_pw)
 void cmd_creu(char *cmdbuf)
 {
        int a;
-       char username[SIZ];
-       char password[SIZ];
+       char username[26];
+       char password[32];
        struct ctdluser tmp;
 
        if (CtdlAccessCheck(ac_aide)) {
                return;
        }
 
-       extract(username, cmdbuf, 0);
-       extract(password, cmdbuf, 1);
+       extract_token(username, cmdbuf, 0, '|', sizeof username);
+       extract_token(password, cmdbuf, 1, '|', sizeof password);
        username[25] = 0;
        password[31] = 0;
        strproc(username);
@@ -1076,7 +1131,8 @@ void cmd_seen(char *argbuf) {
        target_msgnum = extract_long(argbuf, 0);
        target_setting = extract_int(argbuf, 1);
 
-       CtdlSetSeen(target_msgnum, target_setting, ctdlsetseen_seen);
+       CtdlSetSeen(&target_msgnum, 1, target_setting,
+                       ctdlsetseen_seen, NULL, NULL);
        cprintf("%d OK\n", CIT_OK);
 }
 
@@ -1093,16 +1149,48 @@ void cmd_gtsn(char *argbuf) {
 }
 
 
-
 /*
- * INVT and KICK commands
+ * API function for cmd_invt_kick() and anything else that needs to
+ * invite or kick out a user to/from a room.
+ * 
+ * Set iuser to the name of the user, and op to 1=invite or 0=kick
  */
-void cmd_invt_kick(char *iuser, int op)
-                       /* user name */
-{                              /* 1 = invite, 0 = kick out */
+int CtdlInvtKick(char *iuser, int op) {
        struct ctdluser USscratch;
-       char bbb[SIZ];
        struct visit vbuf;
+       char bbb[SIZ];
+
+       if (getuser(&USscratch, iuser) != 0) {
+               return(1);
+       }
+
+       CtdlGetRelationship(&vbuf, &USscratch, &CC->room);
+       if (op == 1) {
+               vbuf.v_flags = vbuf.v_flags & ~V_FORGET & ~V_LOCKOUT;
+               vbuf.v_flags = vbuf.v_flags | V_ACCESS;
+       }
+       if (op == 0) {
+               vbuf.v_flags = vbuf.v_flags & ~V_ACCESS;
+               vbuf.v_flags = vbuf.v_flags | V_FORGET | V_LOCKOUT;
+       }
+       CtdlSetRelationship(&vbuf, &USscratch, &CC->room);
+
+       /* post a message in Aide> saying what we just did */
+       snprintf(bbb, sizeof bbb, "%s has been %s \"%s\" by %s.\n",
+               iuser,
+               ((op == 1) ? "invited to" : "kicked out of"),
+               CC->room.QRname,
+               CC->user.fullname);
+       aide_message(bbb,"User Admin Message");
+
+       return(0);
+}
+
+
+/*
+ * INVT and KICK commands
+ */
+void cmd_invt_kick(char *iuser, int op) {
 
        /*
         * These commands are only allowed by aides, room aides,
@@ -1125,31 +1213,10 @@ void cmd_invt_kick(char *iuser, int op)
                return;
        }
 
-       if (lgetuser(&USscratch, iuser) != 0) {
+       if (CtdlInvtKick(iuser, op) != 0) {
                cprintf("%d No such user.\n", ERROR + NO_SUCH_USER);
                return;
        }
-       CtdlGetRelationship(&vbuf, &USscratch, &CC->room);
-
-       if (op == 1) {
-               vbuf.v_flags = vbuf.v_flags & ~V_FORGET & ~V_LOCKOUT;
-               vbuf.v_flags = vbuf.v_flags | V_ACCESS;
-       }
-       if (op == 0) {
-               vbuf.v_flags = vbuf.v_flags & ~V_ACCESS;
-               vbuf.v_flags = vbuf.v_flags | V_FORGET | V_LOCKOUT;
-       }
-       CtdlSetRelationship(&vbuf, &USscratch, &CC->room);
-
-       lputuser(&USscratch);
-
-       /* post a message in Aide> saying what we just did */
-       snprintf(bbb, sizeof bbb, "%s %s %s> by %s\n",
-               iuser,
-               ((op == 1) ? "invited to" : "kicked out of"),
-               CC->room.QRname,
-               CC->user.fullname);
-       aide_message(bbb);
 
        cprintf("%d %s %s %s.\n",
                CIT_OK, iuser,
@@ -1261,11 +1328,11 @@ void cmd_gnur(void)
  */
 void cmd_vali(char *v_args)
 {
-       char user[SIZ];
+       char user[128];
        int newax;
        struct ctdluser userbuf;
 
-       extract(user, v_args, 0);
+       extract_token(user, v_args, 0, '|', sizeof user);
        newax = extract_int(v_args, 1);
 
        if (CtdlAccessCheck(ac_aide)) {
@@ -1321,6 +1388,13 @@ void ForEachUser(void (*CallBack) (struct ctdluser * EachUser, void *out_data),
  */
 void ListThisUser(struct ctdluser *usbuf, void *data)
 {
+       char *searchstring;
+
+       searchstring = (char *)data;
+       if (bmstrcasestr(usbuf->fullname, searchstring) == NULL) {
+               return;
+       }
+
        if (usbuf->axlevel > 0) {
                if ((CC->user.axlevel >= 6)
                    || ((usbuf->flags & US_UNLISTED) == 0)
@@ -1340,12 +1414,15 @@ void ListThisUser(struct ctdluser *usbuf, void *data)
 }
 
 /* 
- *  List users
+ *  List users (searchstring may be empty to list all users)
  */
-void cmd_list(void)
+void cmd_list(char *cmdbuf)
 {
+       char searchstring[256];
+       extract_token(searchstring, cmdbuf, 0, '|', sizeof searchstring);
+       striplt(searchstring);
        cprintf("%d \n", LISTING_FOLLOWS);
-       ForEachUser(ListThisUser, NULL);
+       ForEachUser(ListThisUser, (void *)searchstring );
        cprintf("000\n");
 }
 
@@ -1403,13 +1480,13 @@ void cmd_qusr(char *who)
 void cmd_agup(char *cmdbuf)
 {
        struct ctdluser usbuf;
-       char requested_user[SIZ];
+       char requested_user[128];
 
        if (CtdlAccessCheck(ac_aide)) {
                return;
        }
 
-       extract(requested_user, cmdbuf, 0);
+       extract_token(requested_user, cmdbuf, 0, '|', sizeof requested_user);
        if (getuser(&usbuf, requested_user) != 0) {
                cprintf("%d No such user.\n", ERROR + NO_SUCH_USER);
                return;
@@ -1435,7 +1512,7 @@ void cmd_agup(char *cmdbuf)
 void cmd_asup(char *cmdbuf)
 {
        struct ctdluser usbuf;
-       char requested_user[SIZ];
+       char requested_user[128];
        char notify[SIZ];
        int np;
        int newax;
@@ -1444,14 +1521,14 @@ void cmd_asup(char *cmdbuf)
        if (CtdlAccessCheck(ac_aide))
                return;
 
-       extract(requested_user, cmdbuf, 0);
+       extract_token(requested_user, cmdbuf, 0, '|', sizeof requested_user);
        if (lgetuser(&usbuf, requested_user) != 0) {
                cprintf("%d No such user.\n", ERROR + NO_SUCH_USER);
                return;
        }
        np = num_parms(cmdbuf);
        if (np > 1)
-               extract(usbuf.password, cmdbuf, 1);
+               extract_token(usbuf.password, cmdbuf, 1, '|', sizeof usbuf.password);
        if (np > 2)
                usbuf.flags = extract_int(cmdbuf, 2);
        if (np > 3)
@@ -1478,9 +1555,9 @@ void cmd_asup(char *cmdbuf)
        }
 
        if (deleted) {
-               sprintf(notify, "User <%s> deleted by %s\n",
+               sprintf(notify, "User \"%s\" has been deleted by %s.\n",
                        usbuf.fullname, CC->user.fullname);
-               aide_message(notify);
+               aide_message(notify, "User Deletion Message");
        }
 
        cprintf("%d Ok", CIT_OK);
@@ -1547,7 +1624,7 @@ int InitialMailCheck()
         cdbfr = cdb_fetch(CDB_MSGLISTS, &mailbox.QRnumber, sizeof(long));
 
         if (cdbfr != NULL) {
-                msglist = mallok(cdbfr->len);
+                msglist = malloc(cdbfr->len);
                 memcpy(msglist, cdbfr->ptr, cdbfr->len);
                 num_msgs = cdbfr->len / sizeof(long);
                 cdb_free(cdbfr);
@@ -1561,7 +1638,7 @@ int InitialMailCheck()
                         }
                 }
         if (msglist != NULL)
-                phree(msglist);
+                free(msglist);
 
         return (num_newmsgs);
 }