*/
int CtdlTryUserLDAP(char *username, char *found_dn, int found_dn_size, char *fullname, int fullname_size, uid_t *found_uid);
-int CtdlTryPasswordLDAP(char *user_dn, char *password);
+int CtdlTryPasswordLDAP(char *user_dn, const char *password);
int Ctdl_LDAP_to_vCard(char *ldap_dn, struct vCard *v);
#include <sys/socket.h>
#include <syslog.h>
#include <sys/syslog.h>
+/*
+#include <sys/syscall.h>
+*/
#if TIME_WITH_SYS_TIME
# include <sys/time.h>
*/
void CtdlFillSystemContext(CitContext *context, char *name)
{
- char sysname[USERNAME_SIZE];
+ char sysname[SIZ];
+ long len;
memset(context, 0, sizeof(CitContext));
context->internal_pgm = 1;
context->cs_pid = 0;
strcpy (sysname, "SYS_");
strcat (sysname, name);
+ len = cutuserkey(sysname);
/* internal_create_user has the side effect of loading the user regardless of wether they
* already existed or needed to be created
*/
- internal_create_user (sysname, &(context->user), -1) ;
+ internal_create_user (sysname, len, &(context->user), -1) ;
/* Check to see if the system user needs upgrading */
if (context->user.usernum == 0)
* Bind a thread to a context. (It's inline merely to speed things up.)
*/
INLINE void become_session(CitContext *which_con) {
+/*
+ pid_t tid = syscall(SYS_gettid);
+*/
citthread_setspecific(MyConKey, (void *)which_con );
+/*
+ CtdlLogPrintf(CTDL_DEBUG, "[%d]: Now doing %s\n",
+ (int) tid,
+ ((which_con != NULL) && (which_con->ServiceName != NULL)) ?
+ which_con->ServiceName:"");
+*/
}
/*
* Expose API calls from user_ops.c
*/
-int CtdlGetUser(struct ctdluser *usbuf, const char *name);
+int CtdlGetUser(struct ctdluser *usbuf, char *name);
+int CtdlGetUserLen(struct ctdluser *usbuf, const char *name, long len);
int CtdlGetUserLock(struct ctdluser *usbuf, char *name);
void CtdlPutUser(struct ctdluser *usbuf);
void CtdlPutUserLock(struct ctdluser *usbuf);
pass_wrong_password
};
-int CtdlTryPassword(char *password);
+int CtdlTryPassword(const char *password, long len);
/*
* Values which may be returned by CtdlTryPassword()
*/
}
-int CtdlTryPasswordLDAP(char *user_dn, char *password)
+int CtdlTryPasswordLDAP(char *user_dn, const char *password)
{
LDAP *ldserver = NULL;
int i = (-1);
}
case 4:
if (CtdlLoginExistingUser(NULL, Params[2].Key) == login_ok) {
- if (CtdlTryPassword(Params[3].Key) == pass_ok) {
+ if (CtdlTryPassword(Params[3].Key, Params[3].len) == pass_ok) {
cprintf("%s OK [", Params[0].Key);
imap_output_capability_string();
cprintf("] Hello, %s\r\n", CC->user.fullname);
char user[256];
char pass[256];
int result;
+ long len;
memset(pass, 0, sizeof(pass));
StrBufDecodeBase64(IMAP->Cmd.CmdBuf);
decoded_authstring = ChrPtr(IMAP->Cmd.CmdBuf);
safestrncpy(ident, decoded_authstring, sizeof ident);
safestrncpy(user, &decoded_authstring[strlen(ident) + 1], sizeof user);
- safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass);
+ len = safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass);
+ if (len < 0)
+ len = sizeof(pass) - 1;
IMAP->authstate = imap_as_normal;
}
if (result == login_ok) {
- if (CtdlTryPassword(pass) == pass_ok) {
+ if (CtdlTryPassword(pass, len) == pass_ok) {
cprintf("%s OK authentication succeeded\r\n", IMAP->authseq);
return;
}
{
citimap *Imap = IMAP;
const char *pass = NULL;
+ long len = 0;
switch (state) {
default:
case imap_as_expecting_password:
StrBufDecodeBase64(Imap->Cmd.CmdBuf);
pass = ChrPtr(Imap->Cmd.CmdBuf);
+ len = StrLength(Imap->Cmd.CmdBuf);
break;
case imap_as_expecting_multilinepassword:
pass = ChrPtr(Imap->Cmd.CmdBuf);
+ len = StrLength(Imap->Cmd.CmdBuf);
break;
}
- if (CtdlTryPassword(pass) == pass_ok) {
+ if (len > USERNAME_SIZE)
+ StrBufCutAt(Imap->Cmd.CmdBuf, USERNAME_SIZE, NULL);
+
+ if (CtdlTryPassword(pass, len) == pass_ok) {
cprintf("%s OK authentication succeeded\r\n", IMAP->authseq);
} else {
cprintf("%s NO authentication failed\r\n", IMAP->authseq);
if (login_ok == CtdlLoginExistingUser(NULL, username))
{
char *pass;
+
pass = &(auth[strlen(auth)+1]);
/* for some reason the php script sends us the username twice. y? */
pass = &(pass[strlen(pass)+1]);
- if (pass_ok == CtdlTryPassword(pass))
+ if (pass_ok == CtdlTryPassword(pass, strlen(pass)))
{
MGSVE->command_state = mgsve_password;
cprintf("OK\r\n");
{
char *desired_name = NULL;
char new_password[32];
+ long len;
if (config.c_auth_mode != AUTHMODE_NATIVE) return(1);
if (config.c_disable_newu) return(2);
CtdlLogPrintf(CTDL_DEBUG, "The desired account name is <%s>\n", desired_name);
+ len = cutuserkey(desired_name);
if (!CtdlGetUser(&CC->user, desired_name)) {
CtdlLogPrintf(CTDL_DEBUG, "<%s> is already taken by another user.\n", desired_name);
memset(&CC->user, 0, sizeof(struct ctdluser));
}
/* The desired account name is available. Create the account and log it in! */
- if (create_user(desired_name, 1)) return(6);
+ if (create_user(desired_name, len, 1)) return(6);
snprintf(new_password, sizeof new_password, "%08lx%08lx", random(), random());
CtdlSetPassword(new_password);
* Finalize an OpenID authentication
*/
void cmd_oidf(char *argbuf) {
+ long len;
char buf[2048];
char thiskey[1024];
char thisdata[1024];
cprintf("%d Transmit OpenID data now\n", START_CHAT_MODE);
while (client_getln(buf, sizeof buf), strcmp(buf, "000")) {
- extract_token(thiskey, buf, 0, '|', sizeof thiskey);
+ len = extract_token(thiskey, buf, 0, '|', sizeof thiskey);
+ if (len < 0)
+ len = sizeof(thiskey) - 1;
extract_token(thisdata, buf, 1, '|', sizeof thisdata);
CtdlLogPrintf(CTDL_DEBUG, "%s: [%d] %s\n", thiskey, strlen(thisdata), thisdata);
- Put(keys, thiskey, strlen(thiskey), strdup(thisdata), NULL);
+ Put(keys, thiskey, len, strdup(thisdata), NULL);
}
void pop3_pass(char *argbuf) {
char password[SIZ];
- strcpy(password, argbuf);
+ safestrncpy(password, argbuf, sizeof password);
striplt(password);
/* CtdlLogPrintf(CTDL_DEBUG, "Trying <%s>\n", password); */
- if (CtdlTryPassword(password) == pass_ok) {
+ if (CtdlTryPassword(password, strlen(password)) == pass_ok) {
pop3_login();
}
else {
*/
void smtp_get_pass(char *argbuf) {
char password[SIZ];
+ long len;
memset(password, 0, sizeof(password));
- CtdlDecodeBase64(password, argbuf, SIZ);
+ len = CtdlDecodeBase64(password, argbuf, SIZ);
/* CtdlLogPrintf(CTDL_DEBUG, "Trying <%s>\n", password); */
- if (CtdlTryPassword(password) == pass_ok) {
+ if (CtdlTryPassword(password, len) == pass_ok) {
smtp_auth_greeting();
}
else {
char user[256];
char pass[256];
int result;
+ long len;
CtdlDecodeBase64(decoded_authstring, encoded_authstring, strlen(encoded_authstring) );
safestrncpy(ident, decoded_authstring, sizeof ident);
safestrncpy(user, &decoded_authstring[strlen(ident) + 1], sizeof user);
- safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass);
+ len = safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass);
+ if (len == -1)
+ len = sizeof(pass) - 1;
SMTP->command_state = smtp_command;
}
if (result == login_ok) {
- if (CtdlTryPassword(pass) == pass_ok) {
+ if (CtdlTryPassword(pass, len) == pass_ok) {
smtp_auth_greeting();
return;
}
{
if (strncmp(usbuf.fullname, "SYS_", 4))
{ /** Delete any user 0 that doesn't start with SYS_ */
- makeuserkey(usernamekey, usbuf.fullname);
+ makeuserkey(usernamekey,
+ usbuf.fullname,
+ cutuserkey(usbuf.fullname));
cdb_delete(CDB_USERS, usernamekey, strlen(usernamekey));
}
else
char user[256];
char pass[256];
int result;
+ long len;
/* Take apart the authentication string */
CtdlDecodeBase64(decoded_authstring, authstring, strlen(authstring));
safestrncpy(ident, decoded_authstring, sizeof ident);
safestrncpy(user, &decoded_authstring[strlen(ident) + 1], sizeof user);
- safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass);
-
+ len = safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass);
+ if (len < 0)
+ len = -len;
/* If there are underscores in either string, change them to spaces. Some clients
* do not allow spaces so we can tell the user to substitute underscores if their
}
if (result == login_ok) {
- if (CtdlTryPassword(pass) == pass_ok) {
+ if (CtdlTryPassword(pass, len) == pass_ok) {
return(0); /* success */
}
}
result = CtdlLoginExistingUser(NULL, username);
if (result == login_ok) {
- result = CtdlTryPassword(password);
+ result = CtdlTryPassword(password, strlen(password));
if (result == pass_ok) {
cprintf("<iq type=\"result\" id=\"%s\"></iq>", xmlesc(xmlbuf, iq_id, sizeof xmlbuf)); /* success */
return;
int chkpwd_write_pipe[2];
int chkpwd_read_pipe[2];
+
+INLINE long cutuserkey(char *username) {
+ long len;
+ len = strlen(username);
+ if (len >= USERNAME_SIZE)
+ {
+ CtdlLogPrintf (CTDL_EMERG, "Username to long: %s", username);
+ cit_backtrace ();
+ len = USERNAME_SIZE - 1;
+ ((char*)username)[USERNAME_SIZE - 1]='\0';
+ }
+ return len;
+}
+
/*
* makeuserkey() - convert a username into the format used as a database key
* (it's just the username converted into lower case)
*/
-INLINE void makeuserkey(char *key, const char *username) {
- int i, len;
+INLINE void makeuserkey(char *key, const char *username, long len) {
+ int i;
- len = strlen(username);
if (len >= USERNAME_SIZE)
{
CtdlLogPrintf (CTDL_EMERG, "Username to long: %s", username);
cit_backtrace ();
len = USERNAME_SIZE - 1;
- /* WHOOPSI! whats that??? todo. */
- ((char*)username)[USERNAME_SIZE - 1]='\0';
}
for (i=0; i<=len; ++i) {
key[i] = tolower(username[i]);
* CtdlGetUser() - retrieve named user into supplied buffer.
* returns 0 on success
*/
-int CtdlGetUser(struct ctdluser *usbuf, const char *name)
+int CtdlGetUserLen(struct ctdluser *usbuf, const char *name, long len)
{
char usernamekey[USERNAME_SIZE];
memset(usbuf, 0, sizeof(struct ctdluser));
}
- makeuserkey(usernamekey, name);
+ makeuserkey(usernamekey, name, len);
cdbus = cdb_fetch(CDB_USERS, usernamekey, strlen(usernamekey));
if (cdbus == NULL) { /* user not found */
}
+int CtdlGetUser(struct ctdluser *usbuf, char *name)
+{
+ return CtdlGetUserLen(usbuf, name, cutuserkey(name));
+}
+
+
/*
* CtdlGetUserLock() - same as getuser() but locks the record
*/
{
char usernamekey[USERNAME_SIZE];
- makeuserkey(usernamekey, usbuf->fullname);
+ makeuserkey(usernamekey,
+ usbuf->fullname,
+ cutuserkey(usbuf->fullname));
usbuf->version = REV_LEVEL;
cdb_store(CDB_USERS,
char newnamekey[USERNAME_SIZE];
/* Create the database keys... */
- makeuserkey(oldnamekey, oldname);
- makeuserkey(newnamekey, newname);
+ makeuserkey(oldnamekey, oldname, cutuserkey(oldname));
+ makeuserkey(newnamekey, newname, cutuserkey(newname));
/* Lock up and get going */
begin_critical_section(S_USERS);
{
char username[SIZ];
int found_user;
+ long len;
CtdlLogPrintf(9, "CtdlLoginExistingUser(%s, %s)\n", authname, trythisname);
}
/* Continue attempting user validation... */
- safestrncpy(username, trythisname, USERNAME_SIZE);
+ safestrncpy(username, trythisname, sizeof (username));
striplt(username);
+ len = cutuserkey(username);
if (IsEmptyStr(username)) {
return login_not_found;
CtdlLogPrintf(CTDL_DEBUG, "found it: uid=%ld, gecos=%s here: %d\n",
(long)pd.pw_uid, pd.pw_gecos, found_user);
if (found_user != 0) {
- create_user(username, 0);
+ len = cutuserkey(username);
+ create_user(username, len, 0);
found_user = getuserbyuid(&CC->user, pd.pw_uid);
}
found_user = getuserbyuid(&CC->user, ldap_uid);
if (found_user != 0) {
- create_user(trythisname, 0);
+ create_user(username, len, 0);
found_user = getuserbyuid(&CC->user, ldap_uid);
}
}
-int CtdlTryPassword(char *password)
+int CtdlTryPassword(const char *password, long len)
{
int code;
else {
/* native auth mode */
+ char *pw;
- strproc(password);
+ pw = (char*) malloc(len + 1);
+ memcpy(pw, password, len + 1);
+ strproc(pw);
strproc(CC->user.password);
- code = strcasecmp(CC->user.password, password);
- strproc(password);
+ code = strcasecmp(CC->user.password, pw);
+ strproc(pw);
strproc(CC->user.password);
- code = strcasecmp(CC->user.password, password);
+ code = strcasecmp(CC->user.password, pw);
}
if (!code) {
void cmd_pass(char *buf)
{
- char password[256];
+ char password[SIZ];
int a;
+ long len;
memset(password, 0, sizeof(password));
- extract_token(password, buf, 0, '|', sizeof password);
- a = CtdlTryPassword(password);
+ len = extract_token(password, buf, 0, '|', sizeof password);
+ a = CtdlTryPassword(password, len);
switch (a) {
case pass_already_logged_in:
struct ctdluser usbuf;
char usernamekey[USERNAME_SIZE];
- makeuserkey(usernamekey, pname);
+ makeuserkey(usernamekey, pname, cutuserkey(pname));
/* If the name is empty we can't find them in the DB any way so just return */
if (IsEmptyStr(pname))
}
-int internal_create_user (const char *username, struct ctdluser *usbuf, uid_t uid)
+int internal_create_user (const char *username, long len, struct ctdluser *usbuf, uid_t uid)
{
- if (!CtdlGetUser(usbuf, username)) {
+ if (!CtdlGetUserLen(usbuf, username, len)) {
return (ERROR + ALREADY_EXISTS);
}
* Set 'become_user' to nonzero if this is self-service account creation and we want
* to actually log in as the user we just created, otherwise set it to 0.
*/
-int create_user(const char *newusername, int become_user)
+int create_user(const char *newusername, long len, int become_user)
{
struct ctdluser usbuf;
struct ctdlroom qrbuf;
struct passwd pd;
struct passwd *tempPwdPtr;
- char pwdbuffer[256];
+ char pwdbuffer[SIZ];
#ifdef HAVE_GETPWNAM_R
#ifdef SOLARIS_GETPWUID
if (IsEmptyStr (username))
{
safestrncpy(username, pd.pw_name, sizeof username);
+ len = cutuserkey(username);
}
}
else {
}
#endif /* HAVE_LDAP */
- if ((retval = internal_create_user(username, &usbuf, uid)) != 0)
+ if ((retval = internal_create_user(username, len, &usbuf, uid)) != 0)
return retval;
/*
void cmd_newu(char *cmdbuf)
{
int a;
+ long len;
char username[26];
if (config.c_auth_mode != AUTHMODE_NATIVE) {
config.c_nodename, config.c_maxsessions);
}
extract_token(username, cmdbuf, 0, '|', sizeof username);
- username[25] = 0;
strproc(username);
+ len = cutuserkey(username);
if (IsEmptyStr(username)) {
cprintf("%d You must supply a user name.\n", ERROR + USERNAME_REQUIRED);
return;
}
- a = create_user(username, 1);
+ a = create_user(username, len, 1);
if (a == 0) {
logged_in_response();
void cmd_creu(char *cmdbuf)
{
int a;
- char username[26];
- char password[32];
+ long len;
+ char username[SIZ];
+ char password[SIZ];
struct ctdluser tmp;
if (CtdlAccessCheck(ac_aide)) {
extract_token(username, cmdbuf, 0, '|', sizeof username);
extract_token(password, cmdbuf, 1, '|', sizeof password);
- username[25] = 0;
- password[31] = 0;
+ ////username[25] = 0;
+ //password[31] = 0;
strproc(username);
strproc(password);
+ len = cutuserkey(username);
if (IsEmptyStr(username)) {
cprintf("%d You must supply a user name.\n", ERROR + USERNAME_REQUIRED);
return;
}
- a = create_user(username, 0);
+ a = create_user(username, len, 0);
if (a == 0) {
if (!IsEmptyStr(password)) {
/* logout() is deprecated use CtdlUserLogout() instead */
void logout (void) __attribute__ ((deprecated));
int purge_user (char *pname);
-int create_user (const char *newusername, int become_user);
+int create_user (const char *newusername, long len, int become_user);
void do_login(void);
int CtdlInvtKick(char *iuser, int op);
void ForEachUser(void (*CallBack)(struct ctdluser *EachUser, void *out_data),
#define RENAMEUSER_ALREADY_EXISTS 3 /* An account with the desired new name already exists */
int rename_user(char *oldname, char *newname);
-INLINE void makeuserkey(char *key, const char *username);
-int internal_create_user (const char *username, struct ctdluser *usbuf, uid_t uid);
+INLINE void makeuserkey(char *key, const char *username, long len);
+INLINE long cutuserkey(char *username);
+
+int internal_create_user (const char *username, long len, struct ctdluser *usbuf, uid_t uid);