# define NONCE_SIZE 16
#endif
+#ifndef CONFIRM_SIZE
+# define CONFIRM_SIZE 10
+#endif
+
int volume_left, volume_right; /* last known volume */
/** @brief Accept all well-formed login attempts
char *cookie;
/** @brief Connection rights */
rights_type rights;
+ /** @brief Next connection */
+ struct conn *next;
};
+/** @brief Linked list of connections */
+static struct conn *connections;
+
static int reader_callback(ev_source *ev,
ev_reader *reader,
void *ptr,
static const char *noyes[] = { "no", "yes" };
+/** @brief Remove a connection from the connection list */
+static void remove_connection(struct conn *c) {
+ struct conn **cc;
+
+ for(cc = &connections; *cc && *cc != c; cc = &(*cc)->next)
+ ;
+ if(*cc)
+ *cc = c->next;
+}
+
/** @brief Called when a connection's writer fails or is shut down
*
* If the connection still has a raeder that is cancelled.
}
c->w = 0;
ev_report(ev);
+ remove_connection(c);
return 0;
}
c->w = 0;
c->r = 0;
ev_report(ev);
+ remove_connection(c);
return 0;
}
c->who = vec[0];
c->rights = rights;
/* currently we only bother logging remote connections */
- if(strcmp(host, "local")) {
+ if(strcmp(host, "local"))
info("S%x %s connected from %s", c->tag, vec[0], host);
+ else
c->rights |= RIGHT__LOCAL;
- }
sink_writes(ev_writer_sink(c->w), "230 OK\n");
return 1;
}
c->w = 0;
}
c->r = 0;
+ remove_connection(c);
}
return 0;
}
c->who = user;
c->cookie = vec[0];
c->rights = rights;
- if(strcmp(host, "local")) {
+ if(strcmp(host, "local"))
info("S%x %s connected with cookie from %s", c->tag, user, host);
+ else
c->rights |= RIGHT__LOCAL;
- }
/* Response contains username so client knows who they are acting as */
sink_printf(ev_writer_sink(c->w), "232 %s\n", quoteutf8(user));
return 1;
static int c_deluser(struct conn *c,
char **vec,
int attribute((unused)) nvec) {
- if(trackdb_deluser(vec[0]))
+ struct conn *d;
+
+ if(trackdb_deluser(vec[0])) {
sink_writes(ev_writer_sink(c->w), "550 Cannot delete user\n");
- else
- sink_writes(ev_writer_sink(c->w), "250 User deleted\n");
+ return 1;
+ }
+ /* Zap connections belonging to deleted user */
+ for(d = connections; d; d = d->next)
+ if(!strcmp(d->who, vec[0]))
+ d->rights = 0;
+ sink_writes(ev_writer_sink(c->w), "250 User deleted\n");
return 1;
}
static int c_edituser(struct conn *c,
char **vec,
int attribute((unused)) nvec) {
+ struct conn *d;
+
/* RIGHT_ADMIN can do anything; otherwise you can only set your own email
* address and password. */
if((c->rights & RIGHT_ADMIN)
|| (!strcmp(c->who, vec[0])
&& (!strcmp(vec[1], "email")
|| !strcmp(vec[1], "password")))) {
- if(trackdb_edituserinfo(vec[0], vec[1], vec[2]))
+ if(trackdb_edituserinfo(vec[0], vec[1], vec[2])) {
sink_writes(ev_writer_sink(c->w), "550 Failed to change setting\n");
- else
- sink_writes(ev_writer_sink(c->w), "250 OK\n");
+ return 1;
+ }
+ if(!strcmp(vec[1], "password")) {
+ /* Zap all connections for this user after a password change */
+ for(d = connections; d; d = d->next)
+ if(!strcmp(d->who, vec[0]))
+ d->rights = 0;
+ } else if(!strcmp(vec[1], "rights")) {
+ /* Update rights for this user */
+ rights_type r;
+
+ if(parse_rights(vec[1], &r, 1))
+ for(d = connections; d; d = d->next)
+ if(!strcmp(d->who, vec[0]))
+ d->rights = r;
+ }
+ sink_writes(ev_writer_sink(c->w), "250 OK\n");
} else {
error(0, "%s attempted edituser but lacks required rights", c->who);
sink_writes(ev_writer_sink(c->w), "510 Restricted to administrators\n");
return 1; /* completed */
}
+/** @brief Base64 mapping table for confirmation strings
+ *
+ * This is used with generic_to_base64() and generic_base64(). We cannot use
+ * the MIME table as that contains '+' and '=' which get quoted when
+ * URL-encoding. (The CGI still does the URL encoding but it is desirable to
+ * avoid it being necessary.)
+ */
+static const char confirm_base64_table[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789/.*";
+
static int c_register(struct conn *c,
char **vec,
int attribute((unused)) nvec) {
int offset;
/* The confirmation string is base64(username;nonce) */
- bufsize = strlen(vec[0]) + NONCE_SIZE + 2;
+ bufsize = strlen(vec[0]) + CONFIRM_SIZE + 2;
buf = xmalloc_noptr(bufsize);
offset = byte_snprintf(buf, bufsize, "%s;", vec[0]);
- gcry_randomize(buf + offset, NONCE_SIZE, GCRY_STRONG_RANDOM);
- cs = mime_to_base64((uint8_t *)buf, offset + NONCE_SIZE);
+ gcry_randomize(buf + offset, CONFIRM_SIZE, GCRY_STRONG_RANDOM);
+ cs = generic_to_base64((uint8_t *)buf, offset + CONFIRM_SIZE,
+ confirm_base64_table);
if(trackdb_adduser(vec[0], vec[1], config->default_rights, vec[2], cs))
sink_writes(ev_writer_sink(c->w), "550 Cannot create user\n");
else
int attribute((unused)) nvec) {
size_t nuser;
char *user, *sep;
+ rights_type rights;
+ const char *host;
- if(!(user = mime_base64(vec[0], &nuser))
+ /* Get some kind of peer identifcation */
+ if(!(host = connection_host(c))) {
+ sink_writes(ev_writer_sink(c->w), "530 Authentication failure\n");
+ return 1;
+ }
+ if(!(user = generic_base64(vec[0], &nuser, confirm_base64_table))
|| !(sep = memchr(user, ';', nuser))) {
sink_writes(ev_writer_sink(c->w), "550 Malformed confirmation string\n");
return 1;
}
*sep = 0;
- if(trackdb_confirm(user, vec[0]))
+ if(trackdb_confirm(user, vec[0], &rights))
sink_writes(ev_writer_sink(c->w), "550 Incorrect confirmation string\n");
- else
- sink_writes(ev_writer_sink(c->w), "250 OK\n");
+ else {
+ c->who = user;
+ c->cookie = 0;
+ c->rights = rights;
+ if(strcmp(host, "local"))
+ info("S%x %s confirmed from %s", c->tag, user, host);
+ else
+ c->rights |= RIGHT__LOCAL;
+ /* Response contains username so client knows who they are acting as */
+ sink_printf(ev_writer_sink(c->w), "232 %s\n", quoteutf8(user));
+ }
return 1;
}
ev_writer_close(c->w);
c->w = 0;
}
+ remove_connection(c);
}
return 0;
}
~mdw / disorder / blobdiff