* refuse empty passvoids against host auth

* use the mime guesser to check the picture type.

diff --git a/citadel/citadel.h b/citadel/citadel.h
index 468845ca5f66b41fd1d66896aa1386e4033dfc07..9b2ebe98b6f7f5ae1e3b4d928408cbc863ef15f4 100644 (file)
--- a/citadel/citadel.h
+++ b/citadel/citadel.h
@@ -50,7 +50,7 @@ extern "C" {
 #define REV_LEVEL      730             /* This version */
 #define REV_MIN                591             /* Oldest compatible database */
 #define EXPORT_REV_MIN 725             /* Oldest compatible export files */
-#define LIBCITADEL_MIN 103             /* Minimum required version of libcitadel */
+#define LIBCITADEL_MIN 104             /* Minimum required version of libcitadel */
 
 #define SERVER_TYPE 0                  /* zero for stock Citadel; other developers please
                                           obtain SERVER_TYPE codes for your implementations */

diff --git a/citadel/file_ops.c b/citadel/file_ops.c
index d9c3ab149926b5e41880d82440cb855b1de86397..cc0e1afebf8c9271b94a99833edee49edc24a180 100644 (file)
--- a/citadel/file_ops.c
+++ b/citadel/file_ops.c
@@ -322,7 +322,7 @@ void cmd_netf(char *cmdbuf)
  * It examines the file and displays the OK result code and some information
  * about the file.  NOTE: this stuff is Unix dependent.
  */
-void OpenCmdResult(char *filename, char *mime_type)
+void OpenCmdResult(char *filename, const char *mime_type)
 {
        struct stat statbuf;
        time_t modtime;
@@ -396,6 +396,7 @@ void cmd_oimg(char *cmdbuf)
 {
        char filename[256];
        char pathname[PATH_MAX];
+       char MimeTestBuf[32];
        struct ctdluser usbuf;
        char which_user[USERNAME_SIZE];
        int which_floor;
@@ -423,13 +424,13 @@ void cmd_oimg(char *cmdbuf)
                        return;
                }
                snprintf(pathname, sizeof pathname, 
-                                "%s/%ld.gif",
+                                "%s/%ld",
                                 ctdl_usrpic_dir,
                                 usbuf.usernum);
        } else if (!strcasecmp(filename, "_floorpic_")) {
                which_floor = extract_int(cmdbuf, 1);
                snprintf(pathname, sizeof pathname,
-                                "%s/floor.%d.gif",
+                                "%s/floor.%d",
                                 ctdl_image_dir, which_floor);
        } else if (!strcasecmp(filename, "_roompic_")) {
                assoc_file_name(pathname, sizeof pathname, &CC->room, ctdl_image_dir);
@@ -441,19 +442,24 @@ void cmd_oimg(char *cmdbuf)
                        }
                }
                snprintf(pathname, sizeof pathname,
-                                "%s/%s.gif",
+                                "%s/%s",
                                 ctdl_image_dir,
                                 filename);
        }
 
        CC->download_fp = fopen(pathname, "rb");
+       if (CC->download_fp == NULL) {
+               strcat(pathname, ".gif");
+               CC->download_fp = fopen(pathname, "rb");
+       }
        if (CC->download_fp == NULL) {
                cprintf("%d Cannot open %s: %s\n",
                        ERROR + FILE_NOT_FOUND, pathname, strerror(errno));
                return;
        }
-
-       OpenCmdResult(pathname, "image/gif");
+       fread(&MimeTestBuf[0], 1, 32, CC->download_fp);
+       rewind (CC->download_fp);
+       OpenCmdResult(pathname, GuessMimeType(&MimeTestBuf[0], 32));
 }
 
 /*

diff --git a/citadel/file_ops.h b/citadel/file_ops.h
index 9b3c47be77bb0b037cbf75eb343f59290f65bc93..f2110caab8d96a1dfd9eb3e4c92572a4f2aa0325 100644 (file)
--- a/citadel/file_ops.h
+++ b/citadel/file_ops.h
@@ -2,7 +2,7 @@
 void cmd_delf (char *filename);
 void cmd_movf (char *cmdbuf);
 void cmd_netf (char *cmdbuf);
-void OpenCmdResult (char *, char *);
+void OpenCmdResult (char *, const char *);
 void cmd_open (char *cmdbuf);
 void cmd_oimg (char *cmdbuf);
 void cmd_uopn (char *cmdbuf);

diff --git a/citadel/user_ops.c b/citadel/user_ops.c
index 10fcb3f47d1fc605cf9e07674734e8354679bc52..7f84fa21eadb893c5bbd51cfe5bc6b8533616702 100644 (file)
--- a/citadel/user_ops.c
+++ b/citadel/user_ops.c
@@ -625,6 +625,11 @@ static int validpw(uid_t uid, const char *pass)
 {
        char buf[256];
 
+       if (IsEmptyStr(pass)) {
+               lprintf(CTDL_DEBUG, "refusing to check empty password for uid=%d using chkpwd...\n", uid);
+               return 0;
+       }
+
        lprintf(CTDL_DEBUG, "Validating password for uid=%d using chkpwd...\n", uid);
 
        begin_critical_section(S_CHKPWD);