+ sink_writes(ev_writer_sink(c->w), "555 not found\n");
+ return 1;
+}
+
+static int c_nop(struct conn *c,
+ char attribute((unused)) **vec,
+ int attribute((unused)) nvec) {
+ sink_printf(ev_writer_sink(c->w), "250 Quack\n");
+ return 1;
+}
+
+static int c_new(struct conn *c,
+ char **vec,
+ int nvec) {
+ int max, n;
+ char **tracks;
+
+ if(nvec > 0)
+ max = atoi(vec[0]);
+ else
+ max = INT_MAX;
+ if(max <= 0 || max > config->new_max)
+ max = config->new_max;
+ tracks = trackdb_new(0, max);
+ sink_printf(ev_writer_sink(c->w), "253 New track list follows\n");
+ n = 0;
+ while(*tracks) {
+ sink_printf(ev_writer_sink(c->w), "%s%s\n",
+ **tracks == '.' ? "." : "", *tracks);
+ ++tracks;
+ }
+ sink_writes(ev_writer_sink(c->w), ".\n");
+ return 1; /* completed */
+
+}
+
+static int c_rtp_address(struct conn *c,
+ char attribute((unused)) **vec,
+ int attribute((unused)) nvec) {
+ if(config->api == BACKEND_NETWORK) {
+ sink_printf(ev_writer_sink(c->w), "252 %s %s\n",
+ quoteutf8(config->broadcast.s[0]),
+ quoteutf8(config->broadcast.s[1]));
+ } else
+ sink_writes(ev_writer_sink(c->w), "550 No RTP\n");
+ return 1;
+}
+
+static int c_cookie(struct conn *c,
+ char **vec,
+ int attribute((unused)) nvec) {
+ const char *host;
+ char *user;
+ rights_type rights;
+
+ /* Can't log in twice on the same connection */
+ if(c->who) {
+ sink_writes(ev_writer_sink(c->w), "530 already authenticated\n");
+ return 1;
+ }
+ /* Get some kind of peer identifcation */
+ if(!(host = connection_host(c))) {
+ sink_writes(ev_writer_sink(c->w), "530 authentication failure\n");
+ return 1;
+ }
+ /* Check the cookie */
+ user = verify_cookie(vec[0], &rights);
+ if(!user) {
+ sink_writes(ev_writer_sink(c->w), "530 authentication failure\n");
+ return 1;
+ }
+ /* Log in */
+ c->who = user;
+ c->cookie = vec[0];
+ c->rights = rights;
+ if(strcmp(host, "local"))
+ info("S%x %s connected with cookie from %s", c->tag, user, host);
+ else
+ c->rights |= RIGHT__LOCAL;
+ /* Response contains username so client knows who they are acting as */
+ sink_printf(ev_writer_sink(c->w), "232 %s\n", quoteutf8(user));
+ return 1;
+}
+
+static int c_make_cookie(struct conn *c,
+ char attribute((unused)) **vec,
+ int attribute((unused)) nvec) {
+ const char *cookie = make_cookie(c->who);
+
+ if(cookie)
+ sink_printf(ev_writer_sink(c->w), "252 %s\n", quoteutf8(cookie));
+ else
+ sink_writes(ev_writer_sink(c->w), "550 Cannot create cookie\n");
+ return 1;
+}
+
+static int c_revoke(struct conn *c,
+ char attribute((unused)) **vec,
+ int attribute((unused)) nvec) {
+ if(c->cookie) {
+ revoke_cookie(c->cookie);
+ sink_writes(ev_writer_sink(c->w), "250 OK\n");
+ } else
+ sink_writes(ev_writer_sink(c->w), "550 Did not log in with cookie\n");
+ return 1;
+}
+
+static int c_adduser(struct conn *c,
+ char **vec,
+ int nvec) {
+ const char *rights;
+
+ if(!config->remote_userman && !(c->rights & RIGHT__LOCAL)) {
+ error(0, "S%x: remote adduser", c->tag);
+ sink_writes(ev_writer_sink(c->w), "550 Remote user management is disabled\n");
+ return 1;
+ }
+ if(nvec > 2) {
+ rights = vec[2];
+ if(parse_rights(vec[2], 0, 1)) {
+ sink_writes(ev_writer_sink(c->w), "550 Invalid rights list\n");
+ return -1;
+ }
+ } else
+ rights = config->default_rights;
+ if(trackdb_adduser(vec[0], vec[1], rights,
+ 0/*email*/, 0/*confirmation*/))
+ sink_writes(ev_writer_sink(c->w), "550 Cannot create user\n");
+ else
+ sink_writes(ev_writer_sink(c->w), "250 User created\n");
+ return 1;
+}
+
+static int c_deluser(struct conn *c,
+ char **vec,
+ int attribute((unused)) nvec) {
+ struct conn *d;
+
+ if(!config->remote_userman && !(c->rights & RIGHT__LOCAL)) {
+ error(0, "S%x: remote deluser", c->tag);
+ sink_writes(ev_writer_sink(c->w), "550 Remote user management is disabled\n");
+ return 1;
+ }
+ if(trackdb_deluser(vec[0])) {
+ sink_writes(ev_writer_sink(c->w), "550 Cannot delete user\n");
+ return 1;
+ }
+ /* Zap connections belonging to deleted user */
+ for(d = connections; d; d = d->next)
+ if(!strcmp(d->who, vec[0]))
+ d->rights = 0;
+ sink_writes(ev_writer_sink(c->w), "250 User deleted\n");
+ return 1;
+}
+
+static int c_edituser(struct conn *c,
+ char **vec,
+ int attribute((unused)) nvec) {
+ struct conn *d;
+
+ if(!config->remote_userman && !(c->rights & RIGHT__LOCAL)) {
+ error(0, "S%x: remote edituser", c->tag);
+ sink_writes(ev_writer_sink(c->w), "550 Remote user management is disabled\n");
+ return 1;
+ }
+ /* RIGHT_ADMIN can do anything; otherwise you can only set your own email
+ * address and password. */
+ if((c->rights & RIGHT_ADMIN)
+ || (!strcmp(c->who, vec[0])
+ && (!strcmp(vec[1], "email")
+ || !strcmp(vec[1], "password")))) {
+ if(trackdb_edituserinfo(vec[0], vec[1], vec[2])) {
+ sink_writes(ev_writer_sink(c->w), "550 Failed to change setting\n");
+ return 1;
+ }
+ if(!strcmp(vec[1], "password")) {
+ /* Zap all connections for this user after a password change */
+ for(d = connections; d; d = d->next)
+ if(!strcmp(d->who, vec[0]))
+ d->rights = 0;
+ } else if(!strcmp(vec[1], "rights")) {
+ /* Update rights for this user */
+ rights_type r;
+
+ if(parse_rights(vec[2], &r, 1))
+ for(d = connections; d; d = d->next)
+ if(!strcmp(d->who, vec[0]))
+ d->rights = r;
+ }
+ sink_writes(ev_writer_sink(c->w), "250 OK\n");
+ } else {
+ error(0, "%s attempted edituser but lacks required rights", c->who);
+ sink_writes(ev_writer_sink(c->w), "510 Restricted to administrators\n");
+ }
+ return 1;
+}
+
+static int c_userinfo(struct conn *c,
+ char attribute((unused)) **vec,
+ int attribute((unused)) nvec) {
+ struct kvp *k;
+ const char *value;
+
+ /* We allow remote querying of rights so that clients can figure out what
+ * they're allowed to do */
+ if(!config->remote_userman
+ && !(c->rights & RIGHT__LOCAL)
+ && strcmp(vec[1], "rights")) {
+ error(0, "S%x: remote userinfo %s %s", c->tag, vec[0], vec[1]);
+ sink_writes(ev_writer_sink(c->w), "550 Remote user management is disabled\n");
+ return 1;
+ }
+ /* RIGHT_ADMIN allows anything; otherwise you can only get your own email
+ * address and rights list. */
+ if((c->rights & RIGHT_ADMIN)
+ || (!strcmp(c->who, vec[0])
+ && (!strcmp(vec[1], "email")
+ || !strcmp(vec[1], "rights")))) {
+ if((k = trackdb_getuserinfo(vec[0])))
+ if((value = kvp_get(k, vec[1])))
+ sink_printf(ev_writer_sink(c->w), "252 %s\n", quoteutf8(value));
+ else
+ sink_writes(ev_writer_sink(c->w), "555 Not set\n");
+ else
+ sink_writes(ev_writer_sink(c->w), "550 No such user\n");
+ } else {
+ error(0, "%s attempted userinfo but lacks required rights", c->who);
+ sink_writes(ev_writer_sink(c->w), "510 Restricted to administrators\n");
+ }
+ return 1;
+}
+
+static int c_users(struct conn *c,
+ char attribute((unused)) **vec,
+ int attribute((unused)) nvec) {
+ /* TODO de-dupe with c_tags */
+ char **users = trackdb_listusers();
+
+ sink_writes(ev_writer_sink(c->w), "253 User list follows\n");
+ while(*users) {
+ sink_printf(ev_writer_sink(c->w), "%s%s\n",
+ **users == '.' ? "." : "", *users);
+ ++users;
+ }
+ sink_writes(ev_writer_sink(c->w), ".\n");
+ return 1; /* completed */
+}
+
+/** @brief Base64 mapping table for confirmation strings
+ *
+ * This is used with generic_to_base64() and generic_base64(). We cannot use
+ * the MIME table as that contains '+' and '=' which get quoted when
+ * URL-encoding. (The CGI still does the URL encoding but it is desirable to
+ * avoid it being necessary.)
+ */
+static const char confirm_base64_table[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789/.*";
+
+static int c_register(struct conn *c,
+ char **vec,
+ int attribute((unused)) nvec) {
+ char *buf, *cs;
+ size_t bufsize;
+ int offset;
+
+ /* The confirmation string is base64(username;nonce) */
+ bufsize = strlen(vec[0]) + CONFIRM_SIZE + 2;
+ buf = xmalloc_noptr(bufsize);
+ offset = byte_snprintf(buf, bufsize, "%s;", vec[0]);
+ gcry_randomize(buf + offset, CONFIRM_SIZE, GCRY_STRONG_RANDOM);
+ cs = generic_to_base64((uint8_t *)buf, offset + CONFIRM_SIZE,
+ confirm_base64_table);
+ if(trackdb_adduser(vec[0], vec[1], config->default_rights, vec[2], cs))
+ sink_writes(ev_writer_sink(c->w), "550 Cannot create user\n");
+ else
+ sink_printf(ev_writer_sink(c->w), "252 %s\n", quoteutf8(cs));