X-Git-Url: https://code.citadel.org/?p=citadel.git;a=blobdiff_plain;f=citadel%2Fuser_ops.c;h=bfd2660b65d69c0f2946a459c0a3f51015f0986f;hp=4ae077862c857a8e0ef58770a017bacc205de25b;hb=1cf98031e3530393ec5fb753567bf496c6277ab3;hpb=15054b0f11409cfc68102560fe4ab5a4e2bf4ea0

diff --git a/citadel/user_ops.c b/citadel/user_ops.c
index 4ae077862..bfd2660b6 100644
--- a/citadel/user_ops.c
+++ b/citadel/user_ops.c
@@ -1,7 +1,7 @@
 /* 
  * Server functions which perform operations on user objects.
  *
- * Copyright (c) 1987-2011 by the citadel.org team
+ * Copyright (c) 1987-2017 by the citadel.org team
  *
  * This program is open source software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License, version 3.
@@ -12,10 +12,12 @@
  * GNU General Public License for more details.
  */
 
+#include <stdlib.h>
+#include <unistd.h>
 #include "sysdep.h"
 #include <stdio.h>
+#include <sys/stat.h>
 #include <libcitadel.h>
-
 #include "control.h"
 #include "support.h"
 #include "citserver.h"
@@ -31,14 +33,14 @@ int chkpwd_read_pipe[2];
 
 
 /*
- * CtdlGetUser()  -  retrieve named user into supplied buffer.
- *	       returns 0 on success
+ * CtdlGetUser()	retrieve named user into supplied buffer.
+ *			returns 0 on success
  */
-int CtdlGetUserLen(struct ctdluser *usbuf, const char *name, long len)
+int CtdlGetUser(struct ctdluser *usbuf, char *name)
 {
-
 	char usernamekey[USERNAME_SIZE];
 	struct cdbdata *cdbus;
+	long len = cutuserkey(name);
 
 	if (usbuf != NULL) {
 		memset(usbuf, 0, sizeof(struct ctdluser));
@@ -51,28 +53,20 @@ int CtdlGetUserLen(struct ctdluser *usbuf, const char *name, long len)
 		return(1);
 	}
 	if (usbuf != NULL) {
-		memcpy(usbuf, cdbus->ptr,
-			((cdbus->len > sizeof(struct ctdluser)) ?
-			 sizeof(struct ctdluser) : cdbus->len));
+		memcpy(usbuf, cdbus->ptr, ((cdbus->len > sizeof(struct ctdluser)) ?  sizeof(struct ctdluser) : cdbus->len));
 	}
 	cdb_free(cdbus);
-
 	return (0);
 }
 
 
-int CtdlGetUser(struct ctdluser *usbuf, char *name)
-{
-	return CtdlGetUserLen(usbuf, name, cutuserkey(name));
-}
-
 int CtdlLockGetCurrentUser(void)
 {
 	CitContext *CCC = CC;
-
-	return CtdlGetUserLen(&CCC->user, CCC->curr_user, cutuserkey(CCC->curr_user));
+	return CtdlGetUser(&CCC->user, CCC->curr_user);
 }
 
+
 /*
  * CtdlGetUserLock()  -  same as getuser() but locks the record
  */
@@ -95,17 +89,12 @@ void CtdlPutUser(struct ctdluser *usbuf)
 {
 	char usernamekey[USERNAME_SIZE];
 
-	makeuserkey(usernamekey, 
-		    usbuf->fullname, 
-		    cutuserkey(usbuf->fullname));
-
+	makeuserkey(usernamekey, usbuf->fullname, cutuserkey(usbuf->fullname));
 	usbuf->version = REV_LEVEL;
-	cdb_store(CDB_USERS,
-		  usernamekey, strlen(usernamekey),
-		  usbuf, sizeof(struct ctdluser));
-
+	cdb_store(CDB_USERS, usernamekey, strlen(usernamekey), usbuf, sizeof(struct ctdluser));
 }
 
+
 void CtdlPutCurrentUserLock()
 {
 	CtdlPutUser(&CC->user);
@@ -122,7 +111,6 @@ void CtdlPutUserLock(struct ctdluser *usbuf)
 }
 
 
-
 /*
  * rename_user()  -  this is tricky because the user's display name is the database key
  *
@@ -161,16 +149,14 @@ int rename_user(char *oldname, char *newname) {
 		else {		/* Sanity checks succeeded.  Now rename the user. */
 			if (usbuf.usernum == 0)
 			{
-				CONM_syslog(LOG_DEBUG, "Can not rename user \"Citadel\".\n");
+				syslog(LOG_DEBUG, "user_ops: can not rename user \"Citadel\".");
 				retcode = RENAMEUSER_NOT_FOUND;
 			} else {
-				CON_syslog(LOG_DEBUG, "Renaming <%s> to <%s>\n", oldname, newname);
+				syslog(LOG_DEBUG, "user_ops: renaming <%s> to <%s>", oldname, newname);
 				cdb_delete(CDB_USERS, oldnamekey, strlen(oldnamekey));
 				safestrncpy(usbuf.fullname, newname, sizeof usbuf.fullname);
 				CtdlPutUser(&usbuf);
-				cdb_store(CDB_USERSBYNUMBER, &usbuf.usernum, sizeof(long),
-					usbuf.fullname, strlen(usbuf.fullname)+1 );
-
+				cdb_store(CDB_USERSBYNUMBER, &usbuf.usernum, sizeof(long), usbuf.fullname, strlen(usbuf.fullname)+1 );
 				retcode = RENAMEUSER_OK;
 			}
 		}
@@ -182,7 +168,6 @@ int rename_user(char *oldname, char *newname) {
 }
 
 
-
 /*
  * Index-generating function used by Ctdl[Get|Set]Relationship
  */
@@ -207,7 +192,6 @@ int GenerateRelationshipIndex(char *IndexBuf,
 }
 
 
-
 /*
  * Back end for CtdlSetRelationship()
  */
@@ -218,10 +202,7 @@ void put_visit(visit *newvisit)
 
 	memset (IndexBuf, 0, sizeof (IndexBuf));
 	/* Generate an index */
-	IndexLen = GenerateRelationshipIndex(IndexBuf,
-					     newvisit->v_roomnum,
-					     newvisit->v_roomgen,
-					     newvisit->v_usernum);
+	IndexLen = GenerateRelationshipIndex(IndexBuf, newvisit->v_roomnum, newvisit->v_roomgen, newvisit->v_usernum);
 
 	/* Store the record */
 	cdb_store(CDB_VISIT, IndexBuf, IndexLen,
@@ -230,8 +211,6 @@ void put_visit(visit *newvisit)
 }
 
 
-
-
 /*
  * Define a relationship between a user and a room
  */
@@ -239,8 +218,6 @@ void CtdlSetRelationship(visit *newvisit,
 			 struct ctdluser *rel_user,
 			 struct ctdlroom *rel_room)
 {
-
-
 	/* We don't use these in Citadel because they're implicit by the
 	 * index, but they must be present if the database is exported.
 	 */
@@ -251,6 +228,7 @@ void CtdlSetRelationship(visit *newvisit,
 	put_visit(newvisit);
 }
 
+
 /*
  * Locate a relationship between a user and a room
  */
@@ -258,7 +236,6 @@ void CtdlGetRelationship(visit *vbuf,
 			 struct ctdluser *rel_user,
 			 struct ctdlroom *rel_room)
 {
-
 	char IndexBuf[32];
 	int IndexLen;
 	struct cdbdata *cdbvisit;
@@ -327,6 +304,7 @@ int CtdlCheckInternetMailPermission(struct ctdluser *who) {
 	return(0);
 }
 
+
 /*
  * Convenience function.
  */
@@ -334,8 +312,7 @@ int CtdlAccessCheck(int required_level)
 {
 	if (CC->internal_pgm) return(0);
 	if (required_level >= ac_internal) {
-		cprintf("%d This is not a user-level command.\n",
-			ERROR + HIGHER_ACCESS_REQUIRED);
+		cprintf("%d This is not a user-level command.\n", ERROR + HIGHER_ACCESS_REQUIRED);
 		return(-1);
 	}
 
@@ -368,7 +345,6 @@ int CtdlAccessCheck(int required_level)
 }
 
 
-
 /*
  * Is the user currently logged in an Admin?
  */
@@ -391,14 +367,14 @@ int is_room_aide(void)
 		return (0);
 	}
 
-	if ((CC->user.axlevel >= AxAideU)
-	    || (CC->room.QRroomaide == CC->user.usernum)) {
+	if ((CC->user.axlevel >= AxAideU) || (CC->room.QRroomaide == CC->user.usernum)) {
 		return (1);
 	} else {
 		return (0);
 	}
 }
 
+
 /*
  * CtdlGetUserByNumber() -	get user by number
  * 			returns 0 if user was found
@@ -412,16 +388,17 @@ int CtdlGetUserByNumber(struct ctdluser *usbuf, long number)
 
 	cdbun = cdb_fetch(CDB_USERSBYNUMBER, &number, sizeof(long));
 	if (cdbun == NULL) {
-		CON_syslog(LOG_INFO, "User %ld not found\n", number);
+		syslog(LOG_INFO, "user_ops: %ld not found", number);
 		return(-1);
 	}
 
-	CON_syslog(LOG_INFO, "User %ld maps to %s\n", number, cdbun->ptr);
+	syslog(LOG_INFO, "user_ops: %ld maps to %s", number, cdbun->ptr);
 	r = CtdlGetUser(usbuf, cdbun->ptr);
 	cdb_free(cdbun);
 	return(r);
 }
 
+
 /*
  * Helper function for rebuild_usersbynumber()
  */
@@ -452,10 +429,8 @@ void rebuild_ubn_for_user(struct ctdluser *usbuf, void *data) {
 	}
 
 	while (u != NULL) {
-		CON_syslog(LOG_DEBUG, "Rebuilding usersbynumber index %10ld : %s\n",
-			u->usernum, u->username);
+		syslog(LOG_DEBUG, "user_ops: rebuilding usersbynumber index %10ld : %s", u->usernum, u->username);
 		cdb_store(CDB_USERSBYNUMBER, &u->usernum, sizeof(long), u->username, strlen(u->username)+1);
-
 		ptr = u;
 		u = u->next;
 		free(ptr);
@@ -463,7 +438,6 @@ void rebuild_ubn_for_user(struct ctdluser *usbuf, void *data) {
 }
 
 
-
 /*
  * Rebuild the users-by-number index
  */
@@ -474,13 +448,14 @@ void rebuild_usersbynumber(void) {
 }
 
 
-
 /*
  * getuserbyuid()  -     get user by system uid (for PAM mode authentication)
  *		       returns 0 if user was found
  *
- * WARNING: don't use this function unless you absolutely have to.  It does
- *	  a sequential search and therefore is computationally expensive.
+ * WARNING:	don't use this function unless you absolutely have to.  It does
+ *		a sequential search and therefore is computationally expensive.
+ *
+ * FIXME:	build an index, dummy.
  */
 int getuserbyuid(struct ctdluser *usbuf, uid_t number)
 {
@@ -502,6 +477,7 @@ int getuserbyuid(struct ctdluser *usbuf, uid_t number)
 	return (-1);
 }
 
+
 /*
  * Back end for cmd_user() and its ilk
  *
@@ -511,9 +487,8 @@ int CtdlLoginExistingUser(char *authname, const char *trythisname)
 {
 	char username[SIZ];
 	int found_user;
-	long len;
 
-	CON_syslog(LOG_DEBUG, "CtdlLoginExistingUser(%s, %s)\n", authname, trythisname);
+	syslog(LOG_DEBUG, "user_ops: CtdlLoginExistingUser(%s, %s)", authname, trythisname);
 
 	if ((CC->logged_in)) {
 		return login_already_logged_in;
@@ -523,14 +498,14 @@ int CtdlLoginExistingUser(char *authname, const char *trythisname)
 	
 	if (!strncasecmp(trythisname, "SYS_", 4))
 	{
-		CON_syslog(LOG_DEBUG, "System user \"%s\" is not allowed to log in.\n", trythisname);
+		syslog(LOG_DEBUG, "user_ops: system user \"%s\" is not allowed to log in.", trythisname);
 		return login_not_found;
 	}
 
 	/* If a "master user" is defined, handle its authentication if specified */
 	CC->is_master = 0;
-	if (	(strlen(CtdlGetConfigStr("c_master_user")) > 0) && 
-	    	(strlen(CtdlGetConfigStr("c_master_pass")) > 0) &&
+	if (	(!IsEmptyStr(CtdlGetConfigStr("c_master_user"))) && 
+	    	(!IsEmptyStr(CtdlGetConfigStr("c_master_pass"))) &&
 		(authname != NULL) &&
 		(!strcasecmp(authname, CtdlGetConfigStr("c_master_user"))) )
 	{
@@ -540,7 +515,6 @@ int CtdlLoginExistingUser(char *authname, const char *trythisname)
 	/* Continue attempting user validation... */
 	safestrncpy(username, trythisname, sizeof (username));
 	striplt(username);
-	len = cutuserkey(username);
 
 	if (IsEmptyStr(username)) {
 		return login_not_found;
@@ -554,21 +528,21 @@ int CtdlLoginExistingUser(char *authname, const char *trythisname)
 		struct passwd *tempPwdPtr;
 		char pwdbuffer[256];
 	
-		CON_syslog(LOG_DEBUG, "asking host about <%s>\n", username);
+		syslog(LOG_DEBUG, "user_ops: asking host about <%s>", username);
 #ifdef HAVE_GETPWNAM_R
 #ifdef SOLARIS_GETPWUID
-		CON_syslog(LOG_DEBUG, "Calling getpwnam_r()\n");
+		syslog(LOG_DEBUG, "user_ops: calling getpwnam_r()");
 		tempPwdPtr = getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer);
 #else // SOLARIS_GETPWUID
-		CONM_syslog(LOG_DEBUG, "Calling getpwnam_r()\n");
+		syslog(LOG_DEBUG, "user_ops: calling getpwnam_r()");
 		getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer, &tempPwdPtr);
 #endif // SOLARIS_GETPWUID
 #else // HAVE_GETPWNAM_R
-		CON_syslog(LOG_DEBUG, "SHOULD NEVER GET HERE!!!\n");
+		syslog(LOG_DEBUG, "user_ops: SHOULD NEVER GET HERE!!!");
 		tempPwdPtr = NULL;
 #endif // HAVE_GETPWNAM_R
 		if (tempPwdPtr == NULL) {
-			CON_syslog(LOG_DEBUG, "no such user <%s>\n", username);
+			syslog(LOG_DEBUG, "user_ops: no such user <%s>", username);
 			return login_not_found;
 		}
 	
@@ -576,13 +550,11 @@ int CtdlLoginExistingUser(char *authname, const char *trythisname)
 		 * If not found, make one attempt to create it.
 		 */
 		found_user = getuserbyuid(&CC->user, pd.pw_uid);
-		CON_syslog(LOG_DEBUG, "found it: uid=%ld, gecos=%s here: %d\n",
-			(long)pd.pw_uid, pd.pw_gecos, found_user);
 		if (found_user != 0) {
-			len = cutuserkey(username);
-			create_user(username, len, 0);
+			create_user(username, CREATE_USER_DO_NOT_BECOME_USER, pd.pw_uid);
 			found_user = getuserbyuid(&CC->user, pd.pw_uid);
 		}
+		syslog(LOG_DEBUG, "user_ops: found it: uid=%ld, gecos=%s here: %d", (long)pd.pw_uid, pd.pw_gecos, found_user);
 
 	}
 
@@ -595,14 +567,14 @@ int CtdlLoginExistingUser(char *authname, const char *trythisname)
 		char ldap_cn[256];
 		char ldap_dn[256];
 
-		found_user = CtdlTryUserLDAP(username, ldap_dn, sizeof ldap_dn, ldap_cn, sizeof ldap_cn, &ldap_uid, 0);
+		found_user = CtdlTryUserLDAP(username, ldap_dn, sizeof ldap_dn, ldap_cn, sizeof ldap_cn, &ldap_uid);
 		if (found_user != 0) {
 			return login_not_found;
 		}
 
 		found_user = getuserbyuid(&CC->user, ldap_uid);
 		if (found_user != 0) {
-			create_user(username, len, 0);
+			create_user(ldap_cn, CREATE_USER_DO_NOT_BECOME_USER, ldap_uid);
 			found_user = getuserbyuid(&CC->user, ldap_uid);
 		}
 
@@ -641,8 +613,7 @@ int CtdlLoginExistingUser(char *authname, const char *trythisname)
 		if (((CC->nologin)) && (CC->user.axlevel < AxAideU)) {
 			return login_too_many_users;
 		} else {
-			safestrncpy(CC->curr_user, CC->user.fullname,
-					sizeof CC->curr_user);
+			safestrncpy(CC->curr_user, CC->user.fullname, sizeof CC->curr_user);
 			return login_ok;
 		}
 	}
@@ -650,9 +621,6 @@ int CtdlLoginExistingUser(char *authname, const char *trythisname)
 }
 
 
-
-
-
 /*
  * session startup code which is common to both cmd_pass() and cmd_newu()
  */
@@ -661,7 +629,7 @@ void do_login(void)
 	struct CitContext *CCC = CC;
 
 	CCC->logged_in = 1;
-	CON_syslog(LOG_NOTICE, "<%s> logged in\n", CCC->curr_user);
+	syslog(LOG_NOTICE, "user_ops: <%s> logged in", CCC->curr_user);
 
 	CtdlGetUserLock(&CCC->user, CCC->curr_user);
 	++(CCC->user.timescalled);
@@ -684,16 +652,40 @@ void do_login(void)
 		}
 	}
 
+	/*
+	 * If we are using LDAP authentication, extract the user's email addresses from the directory.
+	 * FIXME make this a site configurable setting
+	 */
+	#ifdef HAVE_LDAP
+		if ((CtdlGetConfigInt("c_auth_mode") == AUTHMODE_LDAP) || (CtdlGetConfigInt("c_auth_mode") == AUTHMODE_LDAP_AD)) {
+			char new_emailaddrs[512];
+			if (extract_email_addresses_from_ldap(CCC->ldap_dn, new_emailaddrs) == 0) {
+				strcpy(CCC->user.emailaddrs, new_emailaddrs);
+			}
+		}
+	#endif
+
+	/*
+	 * No email address for user?  Make one up.
+	 */
+	if (IsEmptyStr(CCC->user.emailaddrs)) {
+		sprintf(CCC->user.emailaddrs, "cit%ld@%s", CCC->user.usernum, CtdlGetConfigStr("c_fqdn"));
+	}
+	
 	CtdlPutUserLock(&CCC->user);
 
 	/*
-	 * Populate CCC->cs_inet_email with a default address.  This will be
-	 * overwritten with the user's directory address, if one exists, when
-	 * the vCard module's login hook runs.
+	 * Populate cs_inet_email and cs_inet_other_emails with valid email addresses from the user record
 	 */
-	snprintf(CCC->cs_inet_email, sizeof CCC->cs_inet_email, "%s@%s",
-		CCC->user.fullname, CtdlGetConfigStr("c_fqdn"));
-	convert_spaces_to_underscores(CCC->cs_inet_email);
+	strcpy(CCC->cs_inet_email, CCC->user.emailaddrs);
+	char *firstsep = strstr(CCC->cs_inet_email, "|");
+	if (firstsep) {
+		strcpy(CCC->cs_inet_other_emails, firstsep+1);
+		*firstsep = 0;
+	}
+	else {
+		CCC->cs_inet_other_emails[0] = 0;
+	}
 
 	/* Create any personal rooms required by the system.
 	 * (Technically, MAILROOM should be there already, but just in case...)
@@ -717,18 +709,16 @@ void logged_in_response(void)
 		CIT_OK, CC->user.fullname, CC->user.axlevel,
 		CC->user.timescalled, CC->user.posted,
 		CC->user.flags, CC->user.usernum,
-		CC->previous_login);
+		CC->previous_login
+	);
 }
 
 
-
 void CtdlUserLogout(void)
 {
 	CitContext *CCC = MyContext();
 
-	CON_syslog(LOG_DEBUG, "CtdlUserLogout() logging out <%s> from session %d",
-		   CCC->curr_user, CCC->cs_pid
-	);
+	syslog(LOG_DEBUG, "user_ops: CtdlUserLogout() logging out <%s> from session %d", CCC->curr_user, CCC->cs_pid);
 
 	/* Run any hooks registered by modules... */
 	PerformSessionHooks(EVT_LOGOUT);
@@ -745,8 +735,9 @@ void CtdlUserLogout(void)
 	CCC->logged_in = 0;
 
 	/* Check to see if the user was deleted whilst logged in and purge them if necessary */
-	if ((CCC->user.axlevel == AxDeleted) && (CCC->user.usernum))
+	if ((CCC->user.axlevel == AxDeleted) && (CCC->user.usernum)) {
 		purge_user(CCC->user.fullname);
+	}
 
 	/* Clear out the user record in memory so we don't behave like a ghost */
 	memset(&CCC->user, 0, sizeof(struct ctdluser));
@@ -758,7 +749,6 @@ void CtdlUserLogout(void)
 	CCC->fake_username[0] = 0;
 	CCC->fake_hostname[0] = 0;
 	CCC->fake_roomname[0] = 0;
-	
 
 	/* Free any output buffers */
 	unbuffer_output();
@@ -774,42 +764,43 @@ static int validpw(uid_t uid, const char *pass)
 	int rv = 0;
 
 	if (IsEmptyStr(pass)) {
-		CON_syslog(LOG_DEBUG, "Refusing to chkpwd for uid=%d with empty password.\n", uid);
+		syslog(LOG_DEBUG, "user_ops: refusing to chkpwd for uid=%d with empty password", uid);
 		return 0;
 	}
 
-	CON_syslog(LOG_DEBUG, "Validating password for uid=%d using chkpwd...\n", uid);
+	syslog(LOG_DEBUG, "user_ops: validating password for uid=%d using chkpwd...", uid);
 
 	begin_critical_section(S_CHKPWD);
 	rv = write(chkpwd_write_pipe[1], &uid, sizeof(uid_t));
 	if (rv == -1) {
-		CON_syslog(LOG_EMERG, "Communicatino with chkpwd broken: %s\n", strerror(errno));
+		syslog(LOG_ERR, "user_ops: communication with chkpwd broken: %m");
 		end_critical_section(S_CHKPWD);
 		return 0;
 	}
 	rv = write(chkpwd_write_pipe[1], pass, 256);
 	if (rv == -1) {
-		CON_syslog(LOG_EMERG, "Communicatino with chkpwd broken: %s\n", strerror(errno));
+		syslog(LOG_ERR, "user_ops: communication with chkpwd broken: %m");
 		end_critical_section(S_CHKPWD);
 		return 0;
 	}
 	rv = read(chkpwd_read_pipe[0], buf, 4);
 	if (rv == -1) {
-		CON_syslog(LOG_EMERG, "Communicatino with chkpwd broken: %s\n", strerror(errno));
+		syslog(LOG_ERR, "user_ops: ommunication with chkpwd broken: %m");
 		end_critical_section(S_CHKPWD);
 		return 0;
 	}
 	end_critical_section(S_CHKPWD);
 
 	if (!strncmp(buf, "PASS", 4)) {
-		CONM_syslog(LOG_DEBUG, "...pass\n");
+		syslog(LOG_DEBUG, "user_ops: chkpwd pass");
 		return(1);
 	}
 
-	CONM_syslog(LOG_DEBUG, "...fail\n");
+	syslog(LOG_DEBUG, "user_ops: chkpwd fail");
 	return 0;
 }
 
+
 /* 
  * Start up the chkpwd daemon so validpw() has something to talk to
  */
@@ -818,37 +809,32 @@ void start_chkpwd_daemon(void) {
 	struct stat filestats;
 	int i;
 
-	CONM_syslog(LOG_DEBUG, "Starting chkpwd daemon for host authentication mode\n");
+	syslog(LOG_DEBUG, "user_ops: starting chkpwd daemon for host authentication mode");
 
-	if ((stat(file_chkpwd, &filestats)==-1) ||
-	    (filestats.st_size==0)){
-		printf("didn't find chkpwd daemon in %s: %s\n", file_chkpwd, strerror(errno));
+	if ((stat(file_chkpwd, &filestats)==-1) || (filestats.st_size==0)) {
+		syslog(LOG_ERR, "user_ops: %s: %m", file_chkpwd);
 		abort();
 	}
 	if (pipe(chkpwd_write_pipe) != 0) {
-		CON_syslog(LOG_EMERG, "Unable to create pipe for chkpwd daemon: %s\n", strerror(errno));
+		syslog(LOG_ERR, "user_ops: unable to create pipe for chkpwd daemon: %m");
 		abort();
 	}
 	if (pipe(chkpwd_read_pipe) != 0) {
-		CON_syslog(LOG_EMERG, "Unable to create pipe for chkpwd daemon: %s\n", strerror(errno));
+		syslog(LOG_ERR, "user_ops: unable to create pipe for chkpwd daemon: %m");
 		abort();
 	}
 
 	chkpwd_pid = fork();
 	if (chkpwd_pid < 0) {
-		CON_syslog(LOG_EMERG, "Unable to fork chkpwd daemon: %s\n", strerror(errno));
+		syslog(LOG_ERR, "user_ops: unable to fork chkpwd daemon: %m");
 		abort();
 	}
 	if (chkpwd_pid == 0) {
-		CONM_syslog(LOG_DEBUG, "Now calling dup2() write\n");
 		dup2(chkpwd_write_pipe[0], 0);
-		CONM_syslog(LOG_DEBUG, "Now calling dup2() write\n");
 		dup2(chkpwd_read_pipe[1], 1);
-		CONM_syslog(LOG_DEBUG, "Now closing stuff\n");
 		for (i=2; i<256; ++i) close(i);
-		CON_syslog(LOG_DEBUG, "Now calling execl(%s)\n", file_chkpwd);
 		execl(file_chkpwd, file_chkpwd, NULL);
-		CON_syslog(LOG_EMERG, "Unable to exec chkpwd daemon: %s\n", strerror(errno));
+		syslog(LOG_ERR, "user_ops: unable to exec chkpwd daemon: %m");
 		abort();
 		exit(errno);
 	}
@@ -861,19 +847,19 @@ int CtdlTryPassword(const char *password, long len)
 	CitContext *CCC = CC;
 
 	if ((CCC->logged_in)) {
-		CONM_syslog(LOG_WARNING, "CtdlTryPassword: already logged in\n");
+		syslog(LOG_WARNING, "user_ops: CtdlTryPassword: already logged in");
 		return pass_already_logged_in;
 	}
 	if (!strcmp(CCC->curr_user, NLI)) {
-		CONM_syslog(LOG_WARNING, "CtdlTryPassword: no user selected\n");
+		syslog(LOG_WARNING, "user_ops: CtdlTryPassword: no user selected");
 		return pass_no_user;
 	}
 	if (CtdlGetUser(&CCC->user, CCC->curr_user)) {
-		CONM_syslog(LOG_ERR, "CtdlTryPassword: internal error\n");
+		syslog(LOG_ERR, "user_ops: CtdlTryPassword: internal error");
 		return pass_internal_error;
 	}
 	if (password == NULL) {
-		CONM_syslog(LOG_INFO, "CtdlTryPassword: NULL password string supplied\n");
+		syslog(LOG_INFO, "user_ops: CtdlTryPassword: NULL password string supplied");
 		return pass_wrong_password;
 	}
 
@@ -903,7 +889,6 @@ int CtdlTryPassword(const char *password, long len)
 			/*
 			 * (sooper-seekrit hack ends here)
 			 */
-
 		}
 		else {
 			code = (-1);
@@ -945,30 +930,25 @@ int CtdlTryPassword(const char *password, long len)
 	if (!code) {
 		do_login();
 		return pass_ok;
-	} else {
-		CON_syslog(LOG_WARNING, "Bad password specified for <%s> Service <%s> Port <%ld> Remote <%s / %s>\n",
-			   CCC->curr_user,
-			   CCC->ServiceName,
-			   CCC->tcp_port,
-			   CCC->cs_host,
-			   CCC->cs_addr);
-
-
-//citserver[5610]: Bad password specified for <willi> Service <citadel-TCP> Remote <PotzBlitz / >
-
+	}
+	else {
+		syslog(LOG_WARNING, "user_ops: bad password specified for <%s> Service <%s> Port <%ld> Remote <%s / %s>",
+			CCC->curr_user,
+			CCC->ServiceName,
+			CCC->tcp_port,
+			CCC->cs_host,
+			CCC->cs_addr
+		);
 		return pass_wrong_password;
 	}
 }
 
 
-
-
 /*
  * Delete a user record *and* all of its related resources.
  */
 int purge_user(char pname[])
 {
-	char filename[64];
 	struct ctdluser usbuf;
 	char usernamekey[USERNAME_SIZE];
 
@@ -979,7 +959,7 @@ int purge_user(char pname[])
 		return (ERROR + NO_SUCH_USER);
 
 	if (CtdlGetUser(&usbuf, pname) != 0) {
-		CON_syslog(LOG_ERR, "Cannot purge user <%s> - not found\n", pname);
+		syslog(LOG_ERR, "user_ops: cannot purge user <%s> - not found", pname);
 		return (ERROR + NO_SUCH_USER);
 	}
 	/* Don't delete a user who is currently logged in.  Instead, just
@@ -987,12 +967,12 @@ int purge_user(char pname[])
 	 * during the next purge.
 	 */
 	if (CtdlIsUserLoggedInByNum(usbuf.usernum)) {
-		CON_syslog(LOG_WARNING, "User <%s> is logged in; not deleting.\n", pname);
+		syslog(LOG_WARNING, "user_ops: <%s> is logged in; not deleting", pname);
 		usbuf.axlevel = AxDeleted;
 		CtdlPutUser(&usbuf);
 		return (1);
 	}
-	CON_syslog(LOG_NOTICE, "Deleting user <%s>\n", pname);
+	syslog(LOG_NOTICE, "user_ops: deleting <%s>", pname);
 
 /*
  * FIXME:
@@ -1001,7 +981,7 @@ int purge_user(char pname[])
  * That would truly mess things up :-(
  * I would like to see the S_USERS start before the CtdlIsUserLoggedInByNum() above
  * and end after the user has been deleted from the database, below.
- * Question is should we enter the EVT_PURGEUSER whilst S_USERS is active?
+ * Question is should we enter the EVT_PURGEUSER while S_USERS is active?
  */
 
 	/* Perform any purge functions registered by server extensions */
@@ -1016,29 +996,13 @@ int purge_user(char pname[])
 	/* delete the userlog entry */
 	cdb_delete(CDB_USERS, usernamekey, strlen(usernamekey));
 
-	/* remove the user's bio file */
-	snprintf(filename, 
-			 sizeof filename, 
-			 "%s/%ld",
-			 ctdl_bio_dir,
-			 usbuf.usernum);
-	unlink(filename);
-
-	/* remove the user's picture */
-	snprintf(filename, 
-			 sizeof filename, 
-			 "%s/%ld.gif",
-			 ctdl_image_dir,
-			 usbuf.usernum);
-	unlink(filename);
-
 	return (0);
 }
 
 
-int internal_create_user (const char *username, long len, struct ctdluser *usbuf, uid_t uid)
+int internal_create_user(char *username, struct ctdluser *usbuf, uid_t uid)
 {
-	if (!CtdlGetUserLen(usbuf, username, len)) {
+	if (!CtdlGetUser(usbuf, username)) {
 		return (ERROR + ALREADY_EXISTS);
 	}
 
@@ -1067,71 +1031,27 @@ int internal_create_user (const char *username, long len, struct ctdluser *usbuf
 }
 
 
-
 /*
  * create_user()  -  back end processing to create a new user
  *
  * Set 'newusername' to the desired account name.
- * Set 'become_user' to nonzero if this is self-service account creation and we want
- * to actually log in as the user we just created, otherwise set it to 0.
+ * Set 'become_user' to CREATE_USER_BECOME_USER if this is self-service account creation and we want to
+ *                   actually log in as the user we just created, otherwise set it to CREATE_USER_DO_NOT_BECOME_USER
+ * Set 'uid' to some uid_t value to associate the account with an external auth user, or (-1) for native auth
  */
-int create_user(const char *newusername, long len, int become_user)
+int create_user(char *username, int become_user, uid_t uid)
 {
 	struct ctdluser usbuf;
 	struct ctdlroom qrbuf;
-	char username[256];
 	char mailboxname[ROOMNAMELEN];
 	char buf[SIZ];
 	int retval;
-	uid_t uid = (-1);
-	
 
-	safestrncpy(username, newusername, sizeof username);
 	strproc(username);
-
-	
-	if (CtdlGetConfigInt("c_auth_mode") == AUTHMODE_HOST) {
-
-		/* host auth mode */
-
-		struct passwd pd;
-		struct passwd *tempPwdPtr;
-		char pwdbuffer[SIZ];
-	
-#ifdef HAVE_GETPWNAM_R
-#ifdef SOLARIS_GETPWUID
-		tempPwdPtr = getpwnam_r(username, &pd, pwdbuffer, sizeof(pwdbuffer));
-#else // SOLARIS_GETPWUID
-		getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer, &tempPwdPtr);
-#endif // SOLARIS_GETPWUID
-#else // HAVE_GETPWNAM_R
-		tempPwdPtr = NULL;
-#endif // HAVE_GETPWNAM_R
-		if (tempPwdPtr != NULL) {
-			extract_token(username, pd.pw_gecos, 0, ',', sizeof username);
-			uid = pd.pw_uid;
-			if (IsEmptyStr (username))
-			{
-				safestrncpy(username, pd.pw_name, sizeof username);
-				len = cutuserkey(username);
-			}
-		}
-		else {
-			return (ERROR + NO_SUCH_USER);
-		}
+	if ((retval = internal_create_user(username, &usbuf, uid)) != 0) {
+		return retval;
 	}
 
-#ifdef HAVE_LDAP
-	if ((CtdlGetConfigInt("c_auth_mode") == AUTHMODE_LDAP) || (CtdlGetConfigInt("c_auth_mode") == AUTHMODE_LDAP_AD)) {
-		if (CtdlTryUserLDAP(username, NULL, 0, username, sizeof username, &uid, 0) != 0) {
-			return(ERROR + NO_SUCH_USER);
-		}
-	}
-#endif /* HAVE_LDAP */
-	
-	if ((retval = internal_create_user(username, len, &usbuf, uid)) != 0)
-		return retval;
-	
 	/*
 	 * Give the user a private mailbox and a configuration room.
 	 * Make the latter an invisible system room.
@@ -1153,7 +1073,7 @@ int create_user(const char *newusername, long len, int become_user)
 	 * creating a user, instead of doing self-service account creation
 	 */
 
-	if (become_user) {
+	if (become_user == CREATE_USER_BECOME_USER) {
 		/* Now become the user we just created */
 		memcpy(&CC->user, &usbuf, sizeof(struct ctdluser));
 		safestrncpy(CC->curr_user, username, sizeof CC->curr_user);
@@ -1172,12 +1092,11 @@ int create_user(const char *newusername, long len, int become_user)
 		CC->cs_addr
 	);
 	CtdlAideMessage(buf, "User Creation Notice");
-	CON_syslog(LOG_NOTICE, "New user <%s> created\n", username);
+	syslog(LOG_NOTICE, "user_ops: <%s> created", username);
 	return (0);
 }
 
 
-
 /*
  * set password - back end api code
  */
@@ -1186,13 +1105,11 @@ void CtdlSetPassword(char *new_pw)
 	CtdlGetUserLock(&CC->user, CC->curr_user);
 	safestrncpy(CC->user.password, new_pw, sizeof(CC->user.password));
 	CtdlPutUserLock(&CC->user);
-	CON_syslog(LOG_INFO, "Password changed for user <%s>\n", CC->curr_user);
+	syslog(LOG_INFO, "user_ops: password changed for <%s>", CC->curr_user);
 	PerformSessionHooks(EVT_SETPASS);
 }
 
 
-
-
 /*
  * API function for cmd_invt_kick() and anything else that needs to
  * invite or kick out a user to/from a room.
@@ -1261,8 +1178,6 @@ int CtdlForgetThisRoom(void) {
 }
 
 
-
-
 /* 
  *  Traverse the user file...
  */
@@ -1313,8 +1228,6 @@ void ListThisUser(struct ctdluser *usbuf, void *data)
 }
 
 
-
-
 /*
  * Count the number of new mail messages the user has
  */
@@ -1369,7 +1282,3 @@ int InitialMailCheck()
 
 	return (num_newmsgs);
 }
-
-
-
-