X-Git-Url: https://code.citadel.org/?p=citadel.git;a=blobdiff_plain;f=citadel%2Fuser_ops.c;h=2b66fdbe24029a51e77fd6896008977b5ebc31c1;hp=965cec625563650f19cd964248c2c8d5bc41eda3;hb=11e722f9406b58f2884d6d63f4acba49b668f53f;hpb=be8d2e8c65b70b7caa227f794c3c849ef2367954 diff --git a/citadel/user_ops.c b/citadel/user_ops.c index 965cec625..2b66fdbe2 100644 --- a/citadel/user_ops.c +++ b/citadel/user_ops.c @@ -1,8 +1,21 @@ /* - * $Id$ - * * Server functions which perform operations on user objects. * + * Copyright (c) 1987-2011 by the citadel.org team + * + * This program is open source software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as published + * by the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include "sysdep.h" @@ -16,6 +29,7 @@ #include #include #include +#include #ifdef HAVE_SYS_STAT_H #include #endif @@ -38,7 +52,6 @@ #include "citadel.h" #include "server.h" #include "database.h" -#include "user_ops.h" #include "sysdep_decls.h" #include "support.h" #include "room_ops.h" @@ -52,32 +65,13 @@ #include "threads.h" #include "citadel_ldap.h" #include "context.h" - #include "ctdl_module.h" +#include "user_ops.h" /* These pipes are used to talk to the chkpwd daemon, which is forked during startup */ int chkpwd_write_pipe[2]; int chkpwd_read_pipe[2]; -/* - * makeuserkey() - convert a username into the format used as a database key - * (it's just the username converted into lower case) - */ -INLINE void makeuserkey(char *key, char *username) { - int i, len; - - len = strlen(username); - if (len >= USERNAME_SIZE) - { - CtdlLogPrintf (CTDL_EMERG, "Username to long: %s", username); - cit_backtrace (); - len = USERNAME_SIZE - 1; - username[USERNAME_SIZE - 1]='\0'; - } - for (i=0; i<=len; ++i) { - key[i] = tolower(username[i]); - } -} /* @@ -94,7 +88,7 @@ int getuser(struct ctdluser *usbuf, char name[]) * CtdlGetUser() - retrieve named user into supplied buffer. * returns 0 on success */ -int CtdlGetUser(struct ctdluser *usbuf, char name[]) +int CtdlGetUserLen(struct ctdluser *usbuf, const char *name, long len) { char usernamekey[USERNAME_SIZE]; @@ -104,7 +98,7 @@ int CtdlGetUser(struct ctdluser *usbuf, char name[]) memset(usbuf, 0, sizeof(struct ctdluser)); } - makeuserkey(usernamekey, name); + makeuserkey(usernamekey, name, len); cdbus = cdb_fetch(CDB_USERS, usernamekey, strlen(usernamekey)); if (cdbus == NULL) { /* user not found */ @@ -121,6 +115,12 @@ int CtdlGetUser(struct ctdluser *usbuf, char name[]) } +int CtdlGetUser(struct ctdluser *usbuf, char *name) +{ + return CtdlGetUserLen(usbuf, name, cutuserkey(name)); +} + + /* * CtdlGetUserLock() - same as getuser() but locks the record */ @@ -152,7 +152,9 @@ void CtdlPutUser(struct ctdluser *usbuf) { char usernamekey[USERNAME_SIZE]; - makeuserkey(usernamekey, usbuf->fullname); + makeuserkey(usernamekey, + usbuf->fullname, + cutuserkey(usbuf->fullname)); usbuf->version = REV_LEVEL; cdb_store(CDB_USERS, @@ -204,8 +206,8 @@ int rename_user(char *oldname, char *newname) { char newnamekey[USERNAME_SIZE]; /* Create the database keys... */ - makeuserkey(oldnamekey, oldname); - makeuserkey(newnamekey, newname); + makeuserkey(oldnamekey, oldname, cutuserkey(oldname)); + makeuserkey(newnamekey, newname, cutuserkey(newname)); /* Lock up and get going */ begin_critical_section(S_USERS); @@ -228,10 +230,10 @@ int rename_user(char *oldname, char *newname) { else { /* Sanity checks succeeded. Now rename the user. */ if (usbuf.usernum == 0) { - CtdlLogPrintf (CTDL_DEBUG, "Can not rename user \"Citadel\".\n"); + syslog(LOG_DEBUG, "Can not rename user \"Citadel\".\n"); retcode = RENAMEUSER_NOT_FOUND; } else { - CtdlLogPrintf(CTDL_DEBUG, "Renaming <%s> to <%s>\n", oldname, newname); + syslog(LOG_DEBUG, "Renaming <%s> to <%s>\n", oldname, newname); cdb_delete(CDB_USERS, oldnamekey, strlen(oldnamekey)); safestrncpy(usbuf.fullname, newname, sizeof usbuf.fullname); CtdlPutUser(&usbuf); @@ -278,7 +280,7 @@ int GenerateRelationshipIndex(char *IndexBuf, /* * Back end for CtdlSetRelationship() */ -void put_visit(struct visit *newvisit) +void put_visit(visit *newvisit) { char IndexBuf[32]; int IndexLen = 0; @@ -292,7 +294,7 @@ void put_visit(struct visit *newvisit) /* Store the record */ cdb_store(CDB_VISIT, IndexBuf, IndexLen, - newvisit, sizeof(struct visit) + newvisit, sizeof(visit) ); } @@ -302,7 +304,7 @@ void put_visit(struct visit *newvisit) /* * Define a relationship between a user and a room */ -void CtdlSetRelationship(struct visit *newvisit, +void CtdlSetRelationship(visit *newvisit, struct ctdluser *rel_user, struct ctdlroom *rel_room) { @@ -321,7 +323,7 @@ void CtdlSetRelationship(struct visit *newvisit, /* * Locate a relationship between a user and a room */ -void CtdlGetRelationship(struct visit *vbuf, +void CtdlGetRelationship(visit *vbuf, struct ctdluser *rel_user, struct ctdlroom *rel_room) { @@ -337,13 +339,13 @@ void CtdlGetRelationship(struct visit *vbuf, rel_user->usernum); /* Clear out the buffer */ - memset(vbuf, 0, sizeof(struct visit)); + memset(vbuf, 0, sizeof(visit)); cdbvisit = cdb_fetch(CDB_VISIT, IndexBuf, IndexLen); if (cdbvisit != NULL) { memcpy(vbuf, cdbvisit->ptr, - ((cdbvisit->len > sizeof(struct visit)) ? - sizeof(struct visit) : cdbvisit->len)); + ((cdbvisit->len > sizeof(visit)) ? + sizeof(visit) : cdbvisit->len)); cdb_free(cdbvisit); } else { @@ -377,7 +379,7 @@ void MailboxName(char *buf, size_t n, const struct ctdluser *who, const char *pr */ int is_aide(void) { - if (CC->user.axlevel >= 6) + if (CC->user.axlevel >= AxAideU) return (1); else return (0); @@ -394,7 +396,7 @@ int is_room_aide(void) return (0); } - if ((CC->user.axlevel >= 6) + if ((CC->user.axlevel >= AxAideU) || (CC->room.QRroomaide == CC->user.usernum)) { return (1); } else { @@ -415,11 +417,11 @@ int CtdlGetUserByNumber(struct ctdluser *usbuf, long number) cdbun = cdb_fetch(CDB_USERSBYNUMBER, &number, sizeof(long)); if (cdbun == NULL) { - CtdlLogPrintf(CTDL_INFO, "User %ld not found\n", number); + syslog(LOG_INFO, "User %ld not found\n", number); return(-1); } - CtdlLogPrintf(CTDL_INFO, "User %ld maps to %s\n", number, cdbun->ptr); + syslog(LOG_INFO, "User %ld maps to %s\n", number, cdbun->ptr); r = CtdlGetUser(usbuf, cdbun->ptr); cdb_free(cdbun); return(r); @@ -468,7 +470,7 @@ void rebuild_ubn_for_user(struct ctdluser *usbuf, void *data) { } while (u != NULL) { - CtdlLogPrintf(CTDL_DEBUG, "Rebuilding usersbynumber index %10ld : %s\n", + syslog(LOG_DEBUG, "Rebuilding usersbynumber index %10ld : %s\n", u->usernum, u->username); cdb_store(CDB_USERSBYNUMBER, &u->usernum, sizeof(long), u->username, strlen(u->username)+1); @@ -523,12 +525,13 @@ int getuserbyuid(struct ctdluser *usbuf, uid_t number) * * NOTE: "authname" should only be used if we are attempting to use the "master user" feature */ -int CtdlLoginExistingUser(char *authname, char *trythisname) +int CtdlLoginExistingUser(char *authname, const char *trythisname) { char username[SIZ]; int found_user; + long len; - CtdlLogPrintf(9, "CtdlLoginExistingUser(%s, %s)\n", authname, trythisname); + syslog(LOG_DEBUG, "CtdlLoginExistingUser(%s, %s)\n", authname, trythisname); if ((CC->logged_in)) { return login_already_logged_in; @@ -538,7 +541,7 @@ int CtdlLoginExistingUser(char *authname, char *trythisname) if (!strncasecmp(trythisname, "SYS_", 4)) { - CtdlLogPrintf(CTDL_DEBUG, "System user \"%s\" is not allowed to log in.\n", trythisname); + syslog(LOG_DEBUG, "System user \"%s\" is not allowed to log in.\n", trythisname); return login_not_found; } @@ -551,8 +554,9 @@ int CtdlLoginExistingUser(char *authname, char *trythisname) } /* Continue attempting user validation... */ - safestrncpy(username, trythisname, USERNAME_SIZE); + safestrncpy(username, trythisname, sizeof (username)); striplt(username); + len = cutuserkey(username); if (IsEmptyStr(username)) { return login_not_found; @@ -566,21 +570,21 @@ int CtdlLoginExistingUser(char *authname, char *trythisname) struct passwd *tempPwdPtr; char pwdbuffer[256]; - CtdlLogPrintf(CTDL_DEBUG, "asking host about <%s>\n", username); + syslog(LOG_DEBUG, "asking host about <%s>\n", username); #ifdef HAVE_GETPWNAM_R #ifdef SOLARIS_GETPWUID - CtdlLogPrintf(CTDL_DEBUG, "Calling getpwnam_r()\n"); + syslog(LOG_DEBUG, "Calling getpwnam_r()\n"); tempPwdPtr = getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer); #else // SOLARIS_GETPWUID - CtdlLogPrintf(CTDL_DEBUG, "Calling getpwnam_r()\n"); + syslog(LOG_DEBUG, "Calling getpwnam_r()\n"); getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer, &tempPwdPtr); #endif // SOLARIS_GETPWUID #else // HAVE_GETPWNAM_R - CtdlLogPrintf(CTDL_DEBUG, "SHOULD NEVER GET HERE!!!\n"); + syslog(LOG_DEBUG, "SHOULD NEVER GET HERE!!!\n"); tempPwdPtr = NULL; #endif // HAVE_GETPWNAM_R if (tempPwdPtr == NULL) { - CtdlLogPrintf(CTDL_DEBUG, "no such user <%s>\n", username); + syslog(LOG_DEBUG, "no such user <%s>\n", username); return login_not_found; } @@ -588,10 +592,11 @@ int CtdlLoginExistingUser(char *authname, char *trythisname) * If not found, make one attempt to create it. */ found_user = getuserbyuid(&CC->user, pd.pw_uid); - CtdlLogPrintf(CTDL_DEBUG, "found it: uid=%ld, gecos=%s here: %d\n", + syslog(LOG_DEBUG, "found it: uid=%ld, gecos=%s here: %d\n", (long)pd.pw_uid, pd.pw_gecos, found_user); if (found_user != 0) { - create_user(username, 0); + len = cutuserkey(username); + create_user(username, len, 0); found_user = getuserbyuid(&CC->user, pd.pw_uid); } @@ -613,7 +618,7 @@ int CtdlLoginExistingUser(char *authname, char *trythisname) found_user = getuserbyuid(&CC->user, ldap_uid); if (found_user != 0) { - create_user(trythisname, 0); + create_user(username, len, 0); found_user = getuserbyuid(&CC->user, ldap_uid); } @@ -649,7 +654,7 @@ int CtdlLoginExistingUser(char *authname, char *trythisname) /* Did we find something? */ if (found_user == 0) { - if (((CC->nologin)) && (CC->user.axlevel < 6)) { + if (((CC->nologin)) && (CC->user.axlevel < AxAideU)) { return login_too_many_users; } else { safestrncpy(CC->curr_user, CC->user.fullname, @@ -670,11 +675,11 @@ void cmd_user(char *cmdbuf) char username[256]; int a; - CtdlLogPrintf(CTDL_DEBUG, "cmd_user(%s)\n", cmdbuf); + syslog(LOG_DEBUG, "cmd_user(%s)\n", cmdbuf); extract_token(username, cmdbuf, 0, '|', sizeof username); - CtdlLogPrintf(CTDL_DEBUG, "username: %s\n", username); + syslog(LOG_DEBUG, "username: %s\n", username); striplt(username); - CtdlLogPrintf(CTDL_DEBUG, "username: %s\n", username); + syslog(LOG_DEBUG, "username: %s\n", username); a = CtdlLoginExistingUser(NULL, username); switch (a) { @@ -708,7 +713,7 @@ void cmd_user(char *cmdbuf) void do_login(void) { CC->logged_in = 1; - CtdlLogPrintf(CTDL_NOTICE, "<%s> logged in\n", CC->curr_user); + syslog(LOG_NOTICE, "<%s> logged in\n", CC->curr_user); CtdlGetUserLock(&CC->user, CC->curr_user); ++(CC->user.timescalled); @@ -719,7 +724,7 @@ void do_login(void) * (as specified in setup), automatically assign access level 6. */ if (!strcasecmp(CC->user.fullname, config.c_sysadm)) { - CC->user.axlevel = 6; + CC->user.axlevel = AxAideU; } /* If we're authenticating off the host system, automatically give @@ -727,7 +732,7 @@ void do_login(void) */ if (config.c_auth_mode == AUTHMODE_HOST) { if (CC->user.uid == 0) { - CC->user.axlevel = 6; + CC->user.axlevel = AxAideU; } } @@ -748,7 +753,7 @@ void do_login(void) CtdlCreateRoom(MAILROOM, 4, "", 0, 1, 0, VIEW_MAILBOX); CtdlCreateRoom(SENTITEMS, 4, "", 0, 1, 0, VIEW_MAILBOX); CtdlCreateRoom(USERTRASHROOM, 4, "", 0, 1, 0, VIEW_MAILBOX); - /* CtdlCreateRoom(USERDRAFTROOM, 4, "", 0, 1, 0, VIEW_MAILBOX); temporarily disabled for 7.60 */ + CtdlCreateRoom(USERDRAFTROOM, 4, "", 0, 1, 0, VIEW_MAILBOX); /* Run any startup routines registered by loadable modules */ PerformSessionHooks(EVT_LOGIN); @@ -769,18 +774,14 @@ void logged_in_response(void) -/* - * misc things to be taken care of when a user is logged out - */ -void logout(void) +void CtdlUserLogout(void) { - CtdlUserLogout(); -} + CitContext *CCC = MyContext(); + syslog(LOG_DEBUG, "CtdlUserLogout() logging out <%s> from session %d", + CCC->curr_user, CCC->cs_pid + ); -void CtdlUserLogout(void) -{ - CitContext *CCC = CC; /* CachedCitContext - performance boost */ /* * If there is a download in progress, abort it. */ @@ -818,13 +819,26 @@ void CtdlUserLogout(void) CCC->logged_in = 0; /* Check to see if the user was deleted whilst logged in and purge them if necessary */ - if ((CCC->user.axlevel == 0) && (CCC->user.usernum)) + if ((CCC->user.axlevel == AxDeleted) && (CCC->user.usernum)) purge_user(CCC->user.fullname); + /* Clear out the user record in memory so we don't behave like a ghost */ + memset(&CCC->user, 0, sizeof(struct ctdluser)); + CCC->curr_user[0] = 0; + CCC->is_master = 0; + CCC->cs_inet_email[0] = 0; + CCC->cs_inet_other_emails[0] = 0; + CCC->cs_inet_fn[0] = 0; + CCC->fake_username[0] = 0; + CCC->fake_hostname[0] = 0; + CCC->fake_roomname[0] = 0; + + /* Free any output buffers */ unbuffer_output(); } + /* * Validate a password on the host unix system by talking to the chkpwd daemon */ @@ -834,24 +848,39 @@ static int validpw(uid_t uid, const char *pass) int rv = 0; if (IsEmptyStr(pass)) { - CtdlLogPrintf(CTDL_DEBUG, "refusing to check empty password for uid=%d using chkpwd...\n", uid); + syslog(LOG_DEBUG, "Refusing to chkpwd for uid=%d with empty password.\n", uid); return 0; } - CtdlLogPrintf(CTDL_DEBUG, "Validating password for uid=%d using chkpwd...\n", uid); + syslog(LOG_DEBUG, "Validating password for uid=%d using chkpwd...\n", uid); begin_critical_section(S_CHKPWD); rv = write(chkpwd_write_pipe[1], &uid, sizeof(uid_t)); + if (rv == -1) { + syslog(LOG_EMERG, "Communicatino with chkpwd broken: %s\n", strerror(errno)); + end_critical_section(S_CHKPWD); + return 0; + } rv = write(chkpwd_write_pipe[1], pass, 256); + if (rv == -1) { + syslog(LOG_EMERG, "Communicatino with chkpwd broken: %s\n", strerror(errno)); + end_critical_section(S_CHKPWD); + return 0; + } rv = read(chkpwd_read_pipe[0], buf, 4); + if (rv == -1) { + syslog(LOG_EMERG, "Communicatino with chkpwd broken: %s\n", strerror(errno)); + end_critical_section(S_CHKPWD); + return 0; + } end_critical_section(S_CHKPWD); if (!strncmp(buf, "PASS", 4)) { - CtdlLogPrintf(CTDL_DEBUG, "...pass\n"); + syslog(LOG_DEBUG, "...pass\n"); return(1); } - CtdlLogPrintf(CTDL_DEBUG, "...fail\n"); + syslog(LOG_DEBUG, "...fail\n"); return 0; } @@ -863,7 +892,7 @@ void start_chkpwd_daemon(void) { struct stat filestats; int i; - CtdlLogPrintf(CTDL_DEBUG, "Starting chkpwd daemon for host authentication mode\n"); + syslog(LOG_DEBUG, "Starting chkpwd daemon for host authentication mode\n"); if ((stat(file_chkpwd, &filestats)==-1) || (filestats.st_size==0)){ @@ -871,53 +900,53 @@ void start_chkpwd_daemon(void) { abort(); } if (pipe(chkpwd_write_pipe) != 0) { - CtdlLogPrintf(CTDL_EMERG, "Unable to create pipe for chkpwd daemon: %s\n", strerror(errno)); + syslog(LOG_EMERG, "Unable to create pipe for chkpwd daemon: %s\n", strerror(errno)); abort(); } if (pipe(chkpwd_read_pipe) != 0) { - CtdlLogPrintf(CTDL_EMERG, "Unable to create pipe for chkpwd daemon: %s\n", strerror(errno)); + syslog(LOG_EMERG, "Unable to create pipe for chkpwd daemon: %s\n", strerror(errno)); abort(); } chkpwd_pid = fork(); if (chkpwd_pid < 0) { - CtdlLogPrintf(CTDL_EMERG, "Unable to fork chkpwd daemon: %s\n", strerror(errno)); + syslog(LOG_EMERG, "Unable to fork chkpwd daemon: %s\n", strerror(errno)); abort(); } if (chkpwd_pid == 0) { - CtdlLogPrintf(CTDL_DEBUG, "Now calling dup2() write\n"); + syslog(LOG_DEBUG, "Now calling dup2() write\n"); dup2(chkpwd_write_pipe[0], 0); - CtdlLogPrintf(CTDL_DEBUG, "Now calling dup2() write\n"); + syslog(LOG_DEBUG, "Now calling dup2() write\n"); dup2(chkpwd_read_pipe[1], 1); - CtdlLogPrintf(CTDL_DEBUG, "Now closing stuff\n"); + syslog(LOG_DEBUG, "Now closing stuff\n"); for (i=2; i<256; ++i) close(i); - CtdlLogPrintf(CTDL_DEBUG, "Now calling execl(%s)\n", file_chkpwd); + syslog(LOG_DEBUG, "Now calling execl(%s)\n", file_chkpwd); execl(file_chkpwd, file_chkpwd, NULL); - CtdlLogPrintf(CTDL_EMERG, "Unable to exec chkpwd daemon: %s\n", strerror(errno)); + syslog(LOG_EMERG, "Unable to exec chkpwd daemon: %s\n", strerror(errno)); abort(); exit(errno); } } -int CtdlTryPassword(char *password) +int CtdlTryPassword(const char *password, long len) { int code; if ((CC->logged_in)) { - CtdlLogPrintf(CTDL_WARNING, "CtdlTryPassword: already logged in\n"); + syslog(LOG_WARNING, "CtdlTryPassword: already logged in\n"); return pass_already_logged_in; } if (!strcmp(CC->curr_user, NLI)) { - CtdlLogPrintf(CTDL_WARNING, "CtdlTryPassword: no user selected\n"); + syslog(LOG_WARNING, "CtdlTryPassword: no user selected\n"); return pass_no_user; } if (CtdlGetUser(&CC->user, CC->curr_user)) { - CtdlLogPrintf(CTDL_ERR, "CtdlTryPassword: internal error\n"); + syslog(LOG_ERR, "CtdlTryPassword: internal error\n"); return pass_internal_error; } if (password == NULL) { - CtdlLogPrintf(CTDL_INFO, "CtdlTryPassword: NULL password string supplied\n"); + syslog(LOG_INFO, "CtdlTryPassword: NULL password string supplied\n"); return pass_wrong_password; } code = (-1); @@ -972,20 +1001,24 @@ int CtdlTryPassword(char *password) else { /* native auth mode */ + char *pw; - strproc(password); + pw = (char*) malloc(len + 1); + memcpy(pw, password, len + 1); + strproc(pw); strproc(CC->user.password); - code = strcasecmp(CC->user.password, password); - strproc(password); + code = strcasecmp(CC->user.password, pw); + strproc(pw); strproc(CC->user.password); - code = strcasecmp(CC->user.password, password); + code = strcasecmp(CC->user.password, pw); + free (pw); } if (!code) { do_login(); return pass_ok; } else { - CtdlLogPrintf(CTDL_WARNING, "Bad password specified for <%s>\n", CC->curr_user); + syslog(LOG_WARNING, "Bad password specified for <%s>\n", CC->curr_user); return pass_wrong_password; } } @@ -993,12 +1026,13 @@ int CtdlTryPassword(char *password) void cmd_pass(char *buf) { - char password[256]; + char password[SIZ]; int a; + long len; memset(password, 0, sizeof(password)); - extract_token(password, buf, 0, '|', sizeof password); - a = CtdlTryPassword(password); + len = extract_token(password, buf, 0, '|', sizeof password); + a = CtdlTryPassword(password, len); switch (a) { case pass_already_logged_in: @@ -1027,38 +1061,38 @@ int purge_user(char pname[]) char filename[64]; struct ctdluser usbuf; char usernamekey[USERNAME_SIZE]; - CitContext *ccptr; - int user_is_logged_in = 0; - makeuserkey(usernamekey, pname); + makeuserkey(usernamekey, pname, cutuserkey(pname)); /* If the name is empty we can't find them in the DB any way so just return */ if (IsEmptyStr(pname)) return (ERROR + NO_SUCH_USER); if (CtdlGetUser(&usbuf, pname) != 0) { - CtdlLogPrintf(CTDL_ERR, "Cannot purge user <%s> - not found\n", pname); + syslog(LOG_ERR, "Cannot purge user <%s> - not found\n", pname); return (ERROR + NO_SUCH_USER); } /* Don't delete a user who is currently logged in. Instead, just * set the access level to 0, and let the account get swept up * during the next purge. */ - user_is_logged_in = 0; - begin_critical_section(S_SESSION_TABLE); - for (ccptr = ContextList; ccptr != NULL; ccptr = ccptr->next) { - if (ccptr->user.usernum == usbuf.usernum) { - user_is_logged_in = 1; - } - } - end_critical_section(S_SESSION_TABLE); - if (user_is_logged_in == 1) { - CtdlLogPrintf(CTDL_WARNING, "User <%s> is logged in; not deleting.\n", pname); - usbuf.axlevel = 0; + if (CtdlIsUserLoggedInByNum(usbuf.usernum)) { + syslog(LOG_WARNING, "User <%s> is logged in; not deleting.\n", pname); + usbuf.axlevel = AxDeleted; CtdlPutUser(&usbuf); return (1); } - CtdlLogPrintf(CTDL_NOTICE, "Deleting user <%s>\n", pname); + syslog(LOG_NOTICE, "Deleting user <%s>\n", pname); + +/* + * FIXME: + * This should all be wrapped in a S_USERS mutex. + * Without the mutex the user could log in before we get to the next function + * That would truly mess things up :-( + * I would like to see the S_USERS start before the CtdlIsUserLoggedInByNum() above + * and end after the user has been deleted from the database, below. + * Question is should we enter the EVT_PURGEUSER whilst S_USERS is active? + */ /* Perform any purge functions registered by server extensions */ PerformUserHooks(&usbuf, EVT_PURGEUSER); @@ -1092,9 +1126,9 @@ int purge_user(char pname[]) } -int internal_create_user (char *username, struct ctdluser *usbuf, uid_t uid) +int internal_create_user (const char *username, long len, struct ctdluser *usbuf, uid_t uid) { - if (!CtdlGetUser(usbuf, username)) { + if (!CtdlGetUserLen(usbuf, username, len)) { return (ERROR + ALREADY_EXISTS); } @@ -1110,8 +1144,6 @@ int internal_create_user (char *username, struct ctdluser *usbuf, uid_t uid) usbuf->timescalled = 0; usbuf->posted = 0; usbuf->axlevel = config.c_initax; - usbuf->USscreenwidth = 80; - usbuf->USscreenheight = 24; usbuf->lastcall = time(NULL); /* fetch a new user number */ @@ -1133,7 +1165,7 @@ int internal_create_user (char *username, struct ctdluser *usbuf, uid_t uid) * Set 'become_user' to nonzero if this is self-service account creation and we want * to actually log in as the user we just created, otherwise set it to 0. */ -int create_user(char *newusername, int become_user) +int create_user(const char *newusername, long len, int become_user) { struct ctdluser usbuf; struct ctdlroom qrbuf; @@ -1154,7 +1186,7 @@ int create_user(char *newusername, int become_user) struct passwd pd; struct passwd *tempPwdPtr; - char pwdbuffer[256]; + char pwdbuffer[SIZ]; #ifdef HAVE_GETPWNAM_R #ifdef SOLARIS_GETPWUID @@ -1171,6 +1203,7 @@ int create_user(char *newusername, int become_user) if (IsEmptyStr (username)) { safestrncpy(username, pd.pw_name, sizeof username); + len = cutuserkey(username); } } else { @@ -1186,7 +1219,7 @@ int create_user(char *newusername, int become_user) } #endif /* HAVE_LDAP */ - if ((retval = internal_create_user(username, &usbuf, uid)) != 0) + if ((retval = internal_create_user(username, len, &usbuf, uid)) != 0) return retval; /* @@ -1229,7 +1262,7 @@ int create_user(char *newusername, int become_user) CC->cs_addr ); CtdlAideMessage(buf, "User Creation Notice"); - CtdlLogPrintf(CTDL_NOTICE, "New user <%s> created\n", username); + syslog(LOG_NOTICE, "New user <%s> created\n", username); return (0); } @@ -1241,7 +1274,8 @@ int create_user(char *newusername, int become_user) void cmd_newu(char *cmdbuf) { int a; - char username[26]; + long len; + char username[SIZ]; if (config.c_auth_mode != AUTHMODE_NATIVE) { cprintf("%d This system does not use native mode authentication.\n", @@ -1265,8 +1299,8 @@ void cmd_newu(char *cmdbuf) config.c_nodename, config.c_maxsessions); } extract_token(username, cmdbuf, 0, '|', sizeof username); - username[25] = 0; strproc(username); + len = cutuserkey(username); if (IsEmptyStr(username)) { cprintf("%d You must supply a user name.\n", ERROR + USERNAME_REQUIRED); @@ -1280,7 +1314,7 @@ void cmd_newu(char *cmdbuf) return; } - a = create_user(username, 1); + a = create_user(username, len, 1); if (a == 0) { logged_in_response(); @@ -1306,7 +1340,7 @@ void CtdlSetPassword(char *new_pw) CtdlGetUserLock(&CC->user, CC->curr_user); safestrncpy(CC->user.password, new_pw, sizeof(CC->user.password)); CtdlPutUserLock(&CC->user); - CtdlLogPrintf(CTDL_INFO, "Password changed for user <%s>\n", CC->curr_user); + syslog(LOG_INFO, "Password changed for user <%s>\n", CC->curr_user); PerformSessionHooks(EVT_SETPASS); } @@ -1316,8 +1350,6 @@ void CtdlSetPassword(char *new_pw) */ void cmd_setp(char *new_pw) { - int generate_random_password = 0; - if (CtdlAccessCheck(ac_logged_in)) { return; } @@ -1333,7 +1365,6 @@ void cmd_setp(char *new_pw) if (!strcasecmp(new_pw, "GENERATE_RANDOM_PASSWORD")) { char random_password[17]; - generate_random_password = 1; snprintf(random_password, sizeof random_password, "%08lx%08lx", random(), random()); CtdlSetPassword(random_password); cprintf("%d %s\n", CIT_OK, random_password); @@ -1356,8 +1387,9 @@ void cmd_setp(char *new_pw) void cmd_creu(char *cmdbuf) { int a; - char username[26]; - char password[32]; + long len; + char username[SIZ]; + char password[SIZ]; struct ctdluser tmp; if (CtdlAccessCheck(ac_aide)) { @@ -1365,18 +1397,18 @@ void cmd_creu(char *cmdbuf) } extract_token(username, cmdbuf, 0, '|', sizeof username); - extract_token(password, cmdbuf, 1, '|', sizeof password); - username[25] = 0; - password[31] = 0; strproc(username); strproc(password); - if (IsEmptyStr(username)) { cprintf("%d You must supply a user name.\n", ERROR + USERNAME_REQUIRED); return; } + len = cutuserkey(username); - a = create_user(username, 0); + + extract_token(password, cmdbuf, 1, '|', sizeof password); + + a = create_user(username, len, 0); if (a == 0) { if (!IsEmptyStr(password)) { @@ -1412,12 +1444,10 @@ void cmd_getu(char *cmdbuf) return; CtdlGetUser(&CC->user, CC->curr_user); - cprintf("%d %d|%d|%d|\n", + cprintf("%d 80|24|%d|\n", CIT_OK, - CC->user.USscreenwidth, - CC->user.USscreenheight, (CC->user.flags & US_USER_SET) - ); + ); } /* @@ -1433,12 +1463,8 @@ void cmd_setu(char *new_parms) return; } CtdlGetUserLock(&CC->user, CC->curr_user); - CC->user.USscreenwidth = extract_int(new_parms, 0); - CC->user.USscreenheight = extract_int(new_parms, 1); CC->user.flags = CC->user.flags & (~US_USER_SET); - CC->user.flags = CC->user.flags | - (extract_int(new_parms, 2) & US_USER_SET); - + CC->user.flags = CC->user.flags | (extract_int(new_parms, 2) & US_USER_SET); CtdlPutUserLock(&CC->user); cprintf("%d Ok\n", CIT_OK); } @@ -1449,8 +1475,8 @@ void cmd_setu(char *new_parms) void cmd_slrp(char *new_ptr) { long newlr; - struct visit vbuf; - struct visit original_vbuf; + visit vbuf; + visit original_vbuf; if (CtdlAccessCheck(ac_logged_in)) { return; @@ -1465,7 +1491,7 @@ void cmd_slrp(char *new_ptr) CtdlGetUserLock(&CC->user, CC->curr_user); CtdlGetRelationship(&vbuf, &CC->user, &CC->room); - memcpy(&original_vbuf, &vbuf, sizeof(struct visit)); + memcpy(&original_vbuf, &vbuf, sizeof(visit)); vbuf.v_lastseen = newlr; snprintf(vbuf.v_seen, sizeof vbuf.v_seen, "*:%ld", newlr); @@ -1503,14 +1529,18 @@ void cmd_seen(char *argbuf) { void cmd_gtsn(char *argbuf) { - char buf[SIZ]; + visit vbuf; if (CtdlAccessCheck(ac_logged_in)) { return; } - CtdlGetSeen(buf, ctdlsetseen_seen); - cprintf("%d %s\n", CIT_OK, buf); + /* Learn about the user and room in question */ + CtdlGetRelationship(&vbuf, &CC->user, &CC->room); + + cprintf("%d ", CIT_OK); + client_write(vbuf.v_seen, strlen(vbuf.v_seen)); + client_write(HKEY("\n")); } @@ -1522,7 +1552,7 @@ void cmd_gtsn(char *argbuf) { */ int CtdlInvtKick(char *iuser, int op) { struct ctdluser USscratch; - struct visit vbuf; + visit vbuf; char bbb[SIZ]; if (CtdlGetUser(&USscratch, iuser) != 0) { @@ -1561,8 +1591,9 @@ void cmd_invt_kick(char *iuser, int op) { * These commands are only allowed by aides, room aides, * and room namespace owners */ - if (is_room_aide() - || (atol(CC->room.QRname) == CC->user.usernum) ) { + if (is_room_aide()) { + /* access granted */ + } else if ( ((atol(CC->room.QRname) == CC->user.usernum) ) && (CC->user.usernum != 0) ) { /* access granted */ } else { /* access denied */ @@ -1598,7 +1629,7 @@ void cmd_kick(char *iuser) {cmd_invt_kick(iuser, 0);} * Returns 0 on success */ int CtdlForgetThisRoom(void) { - struct visit vbuf; + visit vbuf; /* On some systems, Aides are not allowed to forget rooms */ if (is_aide() && (config.c_aide_zap == 0) @@ -1668,7 +1699,7 @@ void cmd_gnur(char *argbuf) sizeof(struct ctdluser) : cdbus->len)); cdb_free(cdbus); if ((usbuf.flags & US_NEEDVALID) - && (usbuf.axlevel > 0)) { + && (usbuf.axlevel > AxDeleted)) { cprintf("%d %s\n", MORE_DATA, usbuf.fullname); cdb_close_cursor(CDB_USERS); return; @@ -1702,7 +1733,9 @@ void cmd_vali(char *v_args) extract_token(user, v_args, 0, '|', sizeof user); newax = extract_int(v_args, 1); - if (CtdlAccessCheck(ac_aide)) { + if (CtdlAccessCheck(ac_aide) || + (newax > AxAideU) || + (newax < AxDeleted)) { return; } @@ -1762,8 +1795,8 @@ void ListThisUser(struct ctdluser *usbuf, void *data) return; } - if (usbuf->axlevel > 0) { - if ((CC->user.axlevel >= 6) + if (usbuf->axlevel > AxDeleted) { + if ((CC->user.axlevel >= AxAideU) || ((usbuf->flags & US_UNLISTED) == 0) || ((CC->internal_pgm))) { cprintf("%s|%d|%ld|%ld|%ld|%ld||\n", @@ -1810,7 +1843,7 @@ void cmd_chek(char *argbuf) if ((REGISCALL != 0) && ((CC->user.flags & US_REGIS) == 0)) regis = 1; - if (CC->user.axlevel >= 6) { + if (CC->user.axlevel >= AxAideU) { get_control(); if (CitControl.MMflags & MM_VALID) vali = 1; @@ -1901,8 +1934,8 @@ void cmd_asup(char *cmdbuf) usbuf.posted = extract_int(cmdbuf, 4); if (np > 5) { newax = extract_int(cmdbuf, 5); - if ((newax >= 0) && (newax <= 6)) { - usbuf.axlevel = extract_int(cmdbuf, 5); + if ((newax >= AxDeleted) && (newax <= AxAideU)) { + usbuf.axlevel = newax; } } if (np > 7) { @@ -1912,7 +1945,7 @@ void cmd_asup(char *cmdbuf) usbuf.USuserpurge = extract_int(cmdbuf, 8); } CtdlPutUserLock(&usbuf); - if (usbuf.axlevel == 0) { + if (usbuf.axlevel == AxDeleted) { if (purge_user(requested_user) == 0) { deleted = 1; } @@ -1933,26 +1966,6 @@ void cmd_asup(char *cmdbuf) -/* - * Check to see if the user who we just sent mail to is logged in. If yes, - * bump the 'new mail' counter for their session. That enables them to - * receive a new mail notification without having to hit the database. - */ -void BumpNewMailCounter(long which_user) { - CitContext *ptr; - - begin_critical_section(S_SESSION_TABLE); - - for (ptr = ContextList; ptr != NULL; ptr = ptr->next) { - if (ptr->user.usernum == which_user) { - ptr->newmail += 1; - } - } - - end_critical_section(S_SESSION_TABLE); -} - - /* * Count the number of new mail messages the user has */ @@ -1976,7 +1989,7 @@ int InitialMailCheck() int a; char mailboxname[ROOMNAMELEN]; struct ctdlroom mailbox; - struct visit vbuf; + visit vbuf; struct cdbdata *cdbfr; long *msglist = NULL; int num_msgs = 0; @@ -2015,7 +2028,7 @@ int InitialMailCheck() */ void cmd_view(char *cmdbuf) { int requested_view; - struct visit vbuf; + visit vbuf; if (CtdlAccessCheck(ac_logged_in)) { return; @@ -2077,19 +2090,19 @@ void cmd_renu(char *cmdbuf) CTDL_MODULE_INIT(user_ops) { if (!threading) { - CtdlRegisterProtoHook(cmd_user, "USER", "Autoconverted. TODO: document me."); - CtdlRegisterProtoHook(cmd_pass, "PASS", "Autoconverted. TODO: document me."); - CtdlRegisterProtoHook(cmd_creu, "CREU", "Autoconverted. TODO: document me."); - CtdlRegisterProtoHook(cmd_setp, "SETP", "Autoconverted. TODO: document me."); - CtdlRegisterProtoHook(cmd_getu, "GETU", "Autoconverted. TODO: document me."); - CtdlRegisterProtoHook(cmd_setu, "SETU", "Autoconverted. TODO: document me."); - CtdlRegisterProtoHook(cmd_slrp, "SLRP", "Autoconverted. TODO: document me."); - CtdlRegisterProtoHook(cmd_invt, "INVT", "Autoconverted. TODO: document me."); - CtdlRegisterProtoHook(cmd_kick, "KICK", "Autoconverted. TODO: document me."); - CtdlRegisterProtoHook(cmd_forg, "FORG", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_user, "USER", "Submit username for login"); + CtdlRegisterProtoHook(cmd_pass, "PASS", "Complete login by submitting a password"); + CtdlRegisterProtoHook(cmd_creu, "CREU", "Create User"); + CtdlRegisterProtoHook(cmd_setp, "SETP", "Set the password for an account"); + CtdlRegisterProtoHook(cmd_getu, "GETU", "Get User parameters"); + CtdlRegisterProtoHook(cmd_setu, "SETU", "Set User parameters"); + CtdlRegisterProtoHook(cmd_slrp, "SLRP", "Set Last Read Pointer"); + CtdlRegisterProtoHook(cmd_invt, "INVT", "Invite a user to a room"); + CtdlRegisterProtoHook(cmd_kick, "KICK", "Kick a user out of a room"); + CtdlRegisterProtoHook(cmd_forg, "FORG", "Forget a room"); CtdlRegisterProtoHook(cmd_gnur, "GNUR", "Autoconverted. TODO: document me."); - CtdlRegisterProtoHook(cmd_vali, "VALI", "Autoconverted. TODO: document me."); - CtdlRegisterProtoHook(cmd_list, "LIST", "Autoconverted. TODO: document me."); + CtdlRegisterProtoHook(cmd_vali, "VALI", "Validate new users"); + CtdlRegisterProtoHook(cmd_list, "LIST", "List users"); CtdlRegisterProtoHook(cmd_chek, "CHEK", "Autoconverted. TODO: document me."); CtdlRegisterProtoHook(cmd_qusr, "QUSR", "Autoconverted. TODO: document me."); CtdlRegisterProtoHook(cmd_agup, "AGUP", "Autoconverted. TODO: document me."); @@ -2101,5 +2114,5 @@ CTDL_MODULE_INIT(user_ops) CtdlRegisterProtoHook(cmd_newu, "NEWU", "Autoconverted. TODO: document me."); } /* return our Subversion id for the Log */ - return "$Id$"; + return "user_ops"; }