Art Cancro [Sat, 14 Jun 2008 14:47:32 +0000 (14:47 +0000)]
Changes to serv_network.c:
* The log message which indicates that network processing for a room has
begun, now only prints if there is a netconfig for that room. This
will hopefully make the logs much smaller.
* Any buffer which holds a filename is now of size PATH_MAX, rather than
SIZ or 256 or whatever.
Art Cancro [Tue, 10 Jun 2008 19:58:46 +0000 (19:58 +0000)]
The before-save hook which is called when saving a calendar
event now populates message headers from the calendar object without
the use of an intermediate data structure.
Art Cancro [Fri, 6 Jun 2008 03:50:43 +0000 (03:50 +0000)]
* When not using native auth mode, do not enable the OpenID server command set.
* When self-service new user account creation is disabled, do not allow account creation via OpenID.
Art Cancro [Thu, 5 Jun 2008 02:32:46 +0000 (02:32 +0000)]
* Completed the code for creating a new account, manually specifying
the account name, when an OpenID was verified but the desired nickname
either was not supplied or conflicts with an existing user.
* The SETP command can now be passed a special string that tells it the
client wants the server to auto-generate a random password.
Art Cancro [Tue, 3 Jun 2008 03:41:51 +0000 (03:41 +0000)]
* Removed some cruft from the login code. Combined the
do_login() and session_startup() functions. Moved more duplicated
code into a single code path.
* Completed the OpenID signin process for existing users, and for new
users who have made their preferred nickname available via Simple
Registration Extension (assuming this nickname is available on the
Citadel system). Other sign in flows are forthcoming...
Art Cancro [Mon, 2 Jun 2008 16:09:00 +0000 (16:09 +0000)]
Export format has changed due to the addition of a new
table, so the version number has changed. Also added a serv_info field to
advise the client (e.g. WebCit) whether the server supports OpenID. The
main reason is because we can only do OpenID in native auth mode -- but we
can also use this to temporarily shut off all OpenID features if we need
to complete a new software release before OpenID is finished.
Art Cancro [Mon, 2 Jun 2008 15:03:45 +0000 (15:03 +0000)]
* Began implenmenting OpenID table import/export
* Disabled the code to automatically learn the highest message/user/room numbers
in the event that citadel.control is missing, because if you run it on a virgin
server, it CRASHES.
Art Cancro [Mon, 2 Jun 2008 03:04:23 +0000 (03:04 +0000)]
Completed the delete-user hook to remove any associated
OpenID records. Also completed an auto-purger function to delete any
stale OpenID associations. Still need to add dump/load code. Now I
remember why I tend to avoid adding top-level database tables.
Dave West [Wed, 28 May 2008 15:15:02 +0000 (15:15 +0000)]
Added a step to setup to get a password for the admin user.
Now when setup is run after it starts the server it will attempt to
create the admin user and set its password. This makes things a little
more obvious for new users setting up a Citadel system for the first
time.
Also it has the added effect of closing the small security hole.
On a new installation setup will grab user 1 before anyone else can thus
ensuring user 1 priviledges and/or it will set the password and user for
whoever the system admin is set to thus preventing the unlikely
situation where some attacker gets there first.
Dave West [Wed, 28 May 2008 00:40:47 +0000 (00:40 +0000)]
Now we name all the private contexts.
Auto purger will complain if a user 0 has no name or does not have a
SYS_* type name as this is considered a bug.
upgrade module will try to fix up names of user 0 and will delete any
user 0 that does not fit the criteria without warning.
User name Citadel is no longer reserved but all usernames starting SYS_*
are.
Art Cancro [Tue, 27 May 2008 03:51:38 +0000 (03:51 +0000)]
Worked around a bug in phpMyID. I *think* this completes the
implementation of OpenID 1.1 protocol (though I'm sure we'll find some edge
cases), and now the only thing left to be done is to write the code to glue
it into Citadel and WebCit authentication.
Art Cancro [Sat, 24 May 2008 04:14:51 +0000 (04:14 +0000)]
libcurl is teh r0x0r, it gives us access to the 'effective' URL
after normalization and redirects, which happens to be exactly what we need
in order to use the URL as a Claimed ID. Implemented the code to do this.
Art Cancro [Fri, 23 May 2008 19:42:42 +0000 (19:42 +0000)]
In order to circumvent AOL's broken OpenID server, and save
some time in the process, we're going to implement stateless mode
instead. Began implementation...
Art Cancro [Wed, 21 May 2008 21:43:26 +0000 (21:43 +0000)]
* More work on OpenID 1.1 Relying Party support
* Changed the startup order to put the citadel.control lock check happen *before* the databases
are opened. Otherwise it can corrupt the databases before the lock check shuts it down.
Art Cancro [Wed, 21 May 2008 17:24:41 +0000 (17:24 +0000)]
* Commented out the 'PrintFlat' and 'PrintFile' functions
because they are only used in debug tests that are also commented
out. Silences a compiler warning.
* Removed parse_url() from libcitadel. No longer necessary because
libcurl handles all this stuff for us now.
Art Cancro [Mon, 19 May 2008 03:33:03 +0000 (03:33 +0000)]
Moved all the OpenID Relying Party code that I've written so far
into the Citadel server, with only glue code in WebCit. This
will allow Relying Party support to be implemented without requiring
a highly trusted webcit client, and it also eliminates the need to
link libcurl into webcit.
Art Cancro [Mon, 19 May 2008 01:36:58 +0000 (01:36 +0000)]
RSS client now uses libcurl instead of the crappy built-in
HTTP client I wrote for this purpose. Not only is it more robust,
but it should be able to handle HTTPS as well. Please note that
because of this change, libcurl is now a dependency.
Art Cancro [Sun, 18 May 2008 04:42:58 +0000 (04:42 +0000)]
Some more tinkering with OpenID.
Also changed webcit.c so that if DEBUG_URLSTRINGS is defined,
all urlstrings will be displayed for each transaction, eliminating
the need to uncomment that code.
Dave West [Fri, 16 May 2008 23:22:22 +0000 (23:22 +0000)]
Added code to report Aide messages if there appears to be something
wrong with IGNet configuration.
It now reports connection attempts from unknown nodes or bad passwords.
It also attempts to validate the nodename of the node it is attempting
to connect to by checking the greeting message. In this case the
connection will proceed with an Aide warning message if they differ.
Situations such as this WILL result in duplication of messages but at
least we now get a warning.
Dave West [Fri, 16 May 2008 22:07:46 +0000 (22:07 +0000)]
Sieve will now only process messages that are newer than its script.
This fixes bug #297
To impliment this I created a new API call CtdlGetCurrentMessageNumber()
this returns the message number currently in use IE the last one
allocated. This is good enough for Sieve in this case and probably good
enough for other things too.