+/** @brief Base64 mapping table for confirmation strings
+ *
+ * This is used with generic_to_base64() and generic_base64(). We cannot use
+ * the MIME table as that contains '+' and '=' which get quoted when
+ * URL-encoding. (The CGI still does the URL encoding but it is desirable to
+ * avoid it being necessary.)
+ */
+static const char confirm_base64_table[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789/.*";
+
+static int c_register(struct conn *c,
+ char **vec,
+ int attribute((unused)) nvec) {
+ char *buf, *cs;
+ size_t bufsize;
+ int offset;
+
+ /* The confirmation string is base64(username;nonce) */
+ bufsize = strlen(vec[0]) + CONFIRM_SIZE + 2;
+ buf = xmalloc_noptr(bufsize);
+ offset = byte_snprintf(buf, bufsize, "%s;", vec[0]);
+ gcry_randomize(buf + offset, CONFIRM_SIZE, GCRY_STRONG_RANDOM);
+ cs = generic_to_base64((uint8_t *)buf, offset + CONFIRM_SIZE,
+ confirm_base64_table);
+ if(trackdb_adduser(vec[0], vec[1], config->default_rights, vec[2], cs))
+ sink_writes(ev_writer_sink(c->w), "550 Cannot create user\n");
+ else
+ sink_printf(ev_writer_sink(c->w), "252 %s\n", quoteutf8(cs));
+ return 1;
+}
+
+static int c_confirm(struct conn *c,
+ char **vec,
+ int attribute((unused)) nvec) {
+ size_t nuser;
+ char *user, *sep;
+ rights_type rights;
+ const char *host;
+
+ /* Get some kind of peer identifcation */
+ if(!(host = connection_host(c))) {
+ sink_writes(ev_writer_sink(c->w), "530 Authentication failure\n");
+ return 1;
+ }
+ if(!(user = generic_base64(vec[0], &nuser, confirm_base64_table))
+ || !(sep = memchr(user, ';', nuser))) {
+ sink_writes(ev_writer_sink(c->w), "550 Malformed confirmation string\n");
+ return 1;
+ }
+ *sep = 0;
+ if(trackdb_confirm(user, vec[0], &rights))
+ sink_writes(ev_writer_sink(c->w), "550 Incorrect confirmation string\n");
+ else {
+ c->who = user;
+ c->cookie = 0;
+ c->rights = rights;
+ if(strcmp(host, "local"))
+ info("S%x %s confirmed from %s", c->tag, user, host);
+ else
+ c->rights |= RIGHT__LOCAL;
+ /* Response contains username so client knows who they are acting as */
+ sink_printf(ev_writer_sink(c->w), "232 %s\n", quoteutf8(user));
+ }
+ return 1;
+}
+