From 0f0202036386f2ed2909fd5660d65fd5778e137d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Wilfried=20G=C3=B6esgens?= Date: Fri, 8 Feb 2008 21:46:14 +0000 Subject: [PATCH] * refuse empty passvoids against host auth * use the mime guesser to check the picture type. --- citadel/citadel.h | 2 +- citadel/file_ops.c | 18 ++++++++++++------ citadel/file_ops.h | 2 +- citadel/user_ops.c | 5 +++++ 4 files changed, 19 insertions(+), 8 deletions(-) diff --git a/citadel/citadel.h b/citadel/citadel.h index 468845ca5..9b2ebe98b 100644 --- a/citadel/citadel.h +++ b/citadel/citadel.h @@ -50,7 +50,7 @@ extern "C" { #define REV_LEVEL 730 /* This version */ #define REV_MIN 591 /* Oldest compatible database */ #define EXPORT_REV_MIN 725 /* Oldest compatible export files */ -#define LIBCITADEL_MIN 103 /* Minimum required version of libcitadel */ +#define LIBCITADEL_MIN 104 /* Minimum required version of libcitadel */ #define SERVER_TYPE 0 /* zero for stock Citadel; other developers please obtain SERVER_TYPE codes for your implementations */ diff --git a/citadel/file_ops.c b/citadel/file_ops.c index d9c3ab149..cc0e1afeb 100644 --- a/citadel/file_ops.c +++ b/citadel/file_ops.c @@ -322,7 +322,7 @@ void cmd_netf(char *cmdbuf) * It examines the file and displays the OK result code and some information * about the file. NOTE: this stuff is Unix dependent. */ -void OpenCmdResult(char *filename, char *mime_type) +void OpenCmdResult(char *filename, const char *mime_type) { struct stat statbuf; time_t modtime; @@ -396,6 +396,7 @@ void cmd_oimg(char *cmdbuf) { char filename[256]; char pathname[PATH_MAX]; + char MimeTestBuf[32]; struct ctdluser usbuf; char which_user[USERNAME_SIZE]; int which_floor; @@ -423,13 +424,13 @@ void cmd_oimg(char *cmdbuf) return; } snprintf(pathname, sizeof pathname, - "%s/%ld.gif", + "%s/%ld", ctdl_usrpic_dir, usbuf.usernum); } else if (!strcasecmp(filename, "_floorpic_")) { which_floor = extract_int(cmdbuf, 1); snprintf(pathname, sizeof pathname, - "%s/floor.%d.gif", + "%s/floor.%d", ctdl_image_dir, which_floor); } else if (!strcasecmp(filename, "_roompic_")) { assoc_file_name(pathname, sizeof pathname, &CC->room, ctdl_image_dir); @@ -441,19 +442,24 @@ void cmd_oimg(char *cmdbuf) } } snprintf(pathname, sizeof pathname, - "%s/%s.gif", + "%s/%s", ctdl_image_dir, filename); } CC->download_fp = fopen(pathname, "rb"); + if (CC->download_fp == NULL) { + strcat(pathname, ".gif"); + CC->download_fp = fopen(pathname, "rb"); + } if (CC->download_fp == NULL) { cprintf("%d Cannot open %s: %s\n", ERROR + FILE_NOT_FOUND, pathname, strerror(errno)); return; } - - OpenCmdResult(pathname, "image/gif"); + fread(&MimeTestBuf[0], 1, 32, CC->download_fp); + rewind (CC->download_fp); + OpenCmdResult(pathname, GuessMimeType(&MimeTestBuf[0], 32)); } /* diff --git a/citadel/file_ops.h b/citadel/file_ops.h index 9b3c47be7..f2110caab 100644 --- a/citadel/file_ops.h +++ b/citadel/file_ops.h @@ -2,7 +2,7 @@ void cmd_delf (char *filename); void cmd_movf (char *cmdbuf); void cmd_netf (char *cmdbuf); -void OpenCmdResult (char *, char *); +void OpenCmdResult (char *, const char *); void cmd_open (char *cmdbuf); void cmd_oimg (char *cmdbuf); void cmd_uopn (char *cmdbuf); diff --git a/citadel/user_ops.c b/citadel/user_ops.c index 10fcb3f47..7f84fa21e 100644 --- a/citadel/user_ops.c +++ b/citadel/user_ops.c @@ -625,6 +625,11 @@ static int validpw(uid_t uid, const char *pass) { char buf[256]; + if (IsEmptyStr(pass)) { + lprintf(CTDL_DEBUG, "refusing to check empty password for uid=%d using chkpwd...\n", uid); + return 0; + } + lprintf(CTDL_DEBUG, "Validating password for uid=%d using chkpwd...\n", uid); begin_critical_section(S_CHKPWD); -- 2.30.2