/*
* This file is part of DisOrder.
- * Copyright (C) 2004-2008 Richard Kettlewell
+ * Copyright (C) 2004-2009 Richard Kettlewell
*
- * This program is free software; you can redistribute it and/or modify
+ * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
+ * the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
* You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
- * USA
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "disorder-server.h"
+#include "basen.h"
#ifndef NONCE_SIZE
# define NONCE_SIZE 16
#endif
#ifndef CONFIRM_SIZE
-# define CONFIRM_SIZE 10
+/** @brief Size of nonce in confirmation string in 32-bit words
+ *
+ * 64 bits gives 11 digits (in base 62).
+ */
+# define CONFIRM_SIZE 2
#endif
int volume_left, volume_right; /* last known volume */
sink_writes(ev_writer_sink(c->w), "550 cannot resolve track\n");
return 1;
}
- q = queue_add(track, c->who, WHERE_BEFORE_RANDOM);
+ q = queue_add(track, c->who, WHERE_BEFORE_RANDOM, origin_picked);
queue_write();
/* If we added the first track, and something is playing, then prepare the
* new track. If nothing is playing then we don't bother as it wouldn't gain
sink_writes(ev_writer_sink(c->w), "510 Prohibited\n");
return 1;
}
- if(mixer_control(-1/*as configured*/, &l, &r, set))
+ if(!api || !api->set_volume) {
sink_writes(ev_writer_sink(c->w), "550 error accessing mixer\n");
- else {
- sink_printf(ev_writer_sink(c->w), "252 %d %d\n", l, r);
- if(l != volume_left || r != volume_right) {
- volume_left = l;
- volume_right = r;
- snprintf(lb, sizeof lb, "%d", l);
- snprintf(rb, sizeof rb, "%d", r);
- eventlog("volume", lb, rb, (char *)0);
- }
+ return 1;
+ }
+ (set ? api->set_volume : api->get_volume)(&l, &r);
+ sink_printf(ev_writer_sink(c->w), "252 %d %d\n", l, r);
+ if(l != volume_left || r != volume_right) {
+ volume_left = l;
+ volume_right = r;
+ snprintf(lb, sizeof lb, "%d", l);
+ snprintf(rb, sizeof rb, "%d", r);
+ eventlog("volume", lb, rb, (char *)0);
}
return 1;
}
if(!c->w || !c->r) {
/* This connection has gone up in smoke for some reason */
eventlog_remove(c->lo);
+ c->lo = 0;
return;
}
+ /* user_* messages are restricted */
+ if(!strncmp(msg, "user_", 5)) {
+ /* They are only sent to admin users */
+ if(!(c->rights & RIGHT_ADMIN))
+ return;
+ /* They are not sent over TCP connections unless remote user-management is
+ * enabled */
+ if(!config->remote_userman && !(c->rights & RIGHT__LOCAL))
+ return;
+ }
sink_printf(ev_writer_sink(c->w), "%"PRIxMAX" %s\n",
(uintmax_t)time(0), msg);
}
static int c_rtp_address(struct conn *c,
char attribute((unused)) **vec,
int attribute((unused)) nvec) {
- if(config->api == BACKEND_NETWORK) {
+ if(api == &uaudio_rtp) {
+ char **addr;
+
+ netaddress_format(&config->broadcast, NULL, &addr);
sink_printf(ev_writer_sink(c->w), "252 %s %s\n",
- quoteutf8(config->broadcast.s[0]),
- quoteutf8(config->broadcast.s[1]));
+ quoteutf8(addr[1]),
+ quoteutf8(addr[2]));
} else
sink_writes(ev_writer_sink(c->w), "550 No RTP\n");
return 1;
/* Update rights for this user */
rights_type r;
- if(parse_rights(vec[2], &r, 1))
- for(d = connections; d; d = d->next)
- if(!strcmp(d->who, vec[0]))
+ if(!parse_rights(vec[2], &r, 1)) {
+ const char *new_rights = rights_string(r);
+ for(d = connections; d; d = d->next) {
+ if(!strcmp(d->who, vec[0])) {
+ /* Update rights */
d->rights = r;
+ /* Notify any log connections */
+ if(d->lo)
+ sink_printf(ev_writer_sink(d->w),
+ "%"PRIxMAX" rights_changed %s\n",
+ (uintmax_t)time(0),
+ quoteutf8(new_rights));
+ }
+ }
+ }
}
sink_writes(ev_writer_sink(c->w), "250 OK\n");
} else {
return 1; /* completed */
}
-/** @brief Base64 mapping table for confirmation strings
- *
- * This is used with generic_to_base64() and generic_base64(). We cannot use
- * the MIME table as that contains '+' and '=' which get quoted when
- * URL-encoding. (The CGI still does the URL encoding but it is desirable to
- * avoid it being necessary.)
- */
-static const char confirm_base64_table[] =
- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789/.*";
-
static int c_register(struct conn *c,
char **vec,
int attribute((unused)) nvec) {
- char *buf, *cs;
- size_t bufsize;
- int offset;
-
- /* The confirmation string is base64(username;nonce) */
- bufsize = strlen(vec[0]) + CONFIRM_SIZE + 2;
- buf = xmalloc_noptr(bufsize);
- offset = byte_snprintf(buf, bufsize, "%s;", vec[0]);
- gcry_randomize(buf + offset, CONFIRM_SIZE, GCRY_STRONG_RANDOM);
- cs = generic_to_base64((uint8_t *)buf, offset + CONFIRM_SIZE,
- confirm_base64_table);
+ char *cs;
+ uint32_t nonce[CONFIRM_SIZE];
+ char nonce_str[(32 * CONFIRM_SIZE) / 5 + 1];
+
+ /* The confirmation string is username/base62(nonce). The confirmation
+ * process will pick the username back out to identify them but the _whole_
+ * string is used as the confirmation string. Base 62 means we used only
+ * letters and digits, minimizing the chance of the URL being mispasted. */
+ gcry_randomize(nonce, sizeof nonce, GCRY_STRONG_RANDOM);
+ if(basen(nonce, CONFIRM_SIZE, nonce_str, sizeof nonce_str, 62)) {
+ error(0, "buffer too small encoding confirmation string");
+ sink_writes(ev_writer_sink(c->w), "550 Cannot create user\n");
+ }
+ byte_xasprintf(&cs, "%s/%s", vec[0], nonce_str);
if(trackdb_adduser(vec[0], vec[1], config->default_rights, vec[2], cs))
sink_writes(ev_writer_sink(c->w), "550 Cannot create user\n");
else
static int c_confirm(struct conn *c,
char **vec,
int attribute((unused)) nvec) {
- size_t nuser;
char *user, *sep;
rights_type rights;
const char *host;
sink_writes(ev_writer_sink(c->w), "530 Authentication failure\n");
return 1;
}
- if(!(user = generic_base64(vec[0], &nuser, confirm_base64_table))
- || !(sep = memchr(user, ';', nuser))) {
+ /* Picking the LAST / means we don't (here) rule out slashes in usernames. */
+ if(!(sep = strrchr(vec[0], '/'))) {
sink_writes(ev_writer_sink(c->w), "550 Malformed confirmation string\n");
return 1;
}
- *sep = 0;
+ user = xstrndup(vec[0], sep - vec[0]);
if(trackdb_confirm(user, vec[0], &rights))
sink_writes(ev_writer_sink(c->w), "550 Incorrect confirmation string\n");
else {
return 1;
}
if(!(email = kvp_get(k, "email"))
- || !strchr(email, '@')) {
+ || !email_valid(email)) {
error(0, "user '%s' has no valid email address", vec[0]);
sink_writes(ev_writer_sink(c->w), "550 Cannot send a reminder email\n");
return 1;
return 1;
}
+static int c_adopt(struct conn *c,
+ char **vec,
+ int attribute((unused)) nvec) {
+ struct queue_entry *q;
+
+ if(!c->who) {
+ sink_writes(ev_writer_sink(c->w), "550 no identity\n");
+ return 1;
+ }
+ if(!(q = queue_find(vec[0]))) {
+ sink_writes(ev_writer_sink(c->w), "550 no such track on the queue\n");
+ return 1;
+ }
+ if(q->origin != origin_random) {
+ sink_writes(ev_writer_sink(c->w), "550 not a random track\n");
+ return 1;
+ }
+ q->origin = origin_adopted;
+ q->submitter = xstrdup(c->who);
+ eventlog("adopted", q->id, q->submitter, (char *)0);
+ queue_write();
+ sink_writes(ev_writer_sink(c->w), "250 OK\n");
+ return 1;
+}
+
static const struct command {
/** @brief Command name */
const char *name;
rights_type rights;
} commands[] = {
{ "adduser", 2, 3, c_adduser, RIGHT_ADMIN|RIGHT__LOCAL },
+ { "adopt", 1, 1, c_adopt, RIGHT_PLAY },
{ "allfiles", 0, 2, c_allfiles, RIGHT_READ },
{ "confirm", 1, 1, c_confirm, 0 },
{ "cookie", 1, 1, c_cookie, 0 },
D(("server listen_callback fd %d (%s)", fd, l->name));
nonblock(fd);
cloexec(fd);
+ c->next = connections;
c->tag = tags++;
c->ev = ev;
c->w = ev_writer_new(ev, fd, writer_error, c,
"client writer");
+ if(!c->w) {
+ error(0, "ev_writer_new for file inbound connection (fd=%d) failed",
+ fd);
+ close(fd);
+ return 0;
+ }
c->r = ev_reader_new(ev, fd, redirect_reader_callback, reader_error, c,
"client reader");
+ if(!c->r)
+ /* Main reason for failure is the FD is too big and that will already have
+ * been handled */
+ fatal(0, "ev_reader_new for file inbound connection (fd=%d) failed", fd);
ev_tie(c->r, c->w);
c->fd = fd;
c->reader = reader_callback;
c->l = l;
c->rights = 0;
+ connections = c;
gcry_randomize(c->nonce, sizeof c->nonce, GCRY_STRONG_RANDOM);
sink_printf(ev_writer_sink(c->w), "231 %d %s %s\n",
2,
l->pf = pf;
if(ev_listen(ev, fd, listen_callback, l, "server listener"))
exit(EXIT_FAILURE);
+ info("listening on %s", name);
return fd;
}