/*
* This file is part of DisOrder.
- * Copyright (C) 2004, 2005, 2006, 2007 Richard Kettlewell
+ * Copyright (C) 2004-2008 Richard Kettlewell
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
#include "unicode.h"
#include "cookies.h"
#include "base64.h"
+#include "hash.h"
+#include "mime.h"
+#include "sendmail.h"
+#include "wstat.h"
#ifndef NONCE_SIZE
# define NONCE_SIZE 16
#endif
+#ifndef CONFIRM_SIZE
+# define CONFIRM_SIZE 10
+#endif
+
int volume_left, volume_right; /* last known volume */
/** @brief Accept all well-formed login attempts
char *cookie;
/** @brief Connection rights */
rights_type rights;
+ /** @brief Next connection */
+ struct conn *next;
};
+/** @brief Linked list of connections */
+static struct conn *connections;
+
static int reader_callback(ev_source *ev,
ev_reader *reader,
void *ptr,
static const char *noyes[] = { "no", "yes" };
+/** @brief Remove a connection from the connection list */
+static void remove_connection(struct conn *c) {
+ struct conn **cc;
+
+ for(cc = &connections; *cc && *cc != c; cc = &(*cc)->next)
+ ;
+ if(*cc)
+ *cc = c->next;
+}
+
/** @brief Called when a connection's writer fails or is shut down
*
* If the connection still has a raeder that is cancelled.
}
c->w = 0;
ev_report(ev);
+ remove_connection(c);
return 0;
}
c->w = 0;
c->r = 0;
ev_report(ev);
+ remove_connection(c);
return 0;
}
static int c_remove(struct conn *c, char **vec,
int attribute((unused)) nvec) {
struct queue_entry *q;
- rights_type r;
if(!(q = queue_find(vec[0]))) {
sink_writes(ev_writer_sink(c->w), "550 no such track on the queue\n");
return 1;
}
- if(q->submitter)
- if(!strcmp(q->submitter, c->who))
- r = RIGHT_REMOVE_MINE;
- else
- r = RIGHT_REMOVE_ANY;
- else
- r = RIGHT_REMOVE_RANDOM;
- if(!(c->rights & r)) {
+ if(!right_removable(c->rights, c->who, q)) {
+ error(0, "%s attempted remove but lacks required rights", c->who);
sink_writes(ev_writer_sink(c->w),
- "550 Not authorized to remove that track\n");
+ "510 Not authorized to remove that track\n");
return 1;
}
queue_remove(q, c->who);
/* De-prepare the track. */
abandon(c->ev, q);
- /* If we removed a random track then add another one. */
- if(q->state == playing_random)
- add_random_track();
+ /* See about adding a new random track */
+ add_random_track(c->ev);
/* Prepare whatever the next head track is. */
if(qhead.next != &qhead)
prepare(c->ev, qhead.next);
static int c_scratch(struct conn *c,
char **vec,
int nvec) {
- rights_type r;
-
if(!playing) {
sink_writes(ev_writer_sink(c->w), "250 nothing is playing\n");
return 1; /* completed */
/* TODO there is a bug here: if we specify an ID but it's not the currently
* playing track then you will get 550 if you weren't authorized to scratch
* the currently playing track. */
- if(playing->submitter)
- if(!strcmp(playing->submitter, c->who))
- r = RIGHT_SCRATCH_MINE;
- else
- r = RIGHT_SCRATCH_ANY;
- else
- r = RIGHT_SCRATCH_RANDOM;
- if(!(c->rights & r)) {
+ if(!right_scratchable(c->rights, c->who, playing)) {
+ error(0, "%s attempted scratch but lacks required rights", c->who);
sink_writes(ev_writer_sink(c->w),
- "550 Not authorized to scratch that track\n");
+ "510 Not authorized to scratch that track\n");
return 1;
}
scratch(c->who, nvec == 1 ? vec[0] : 0);
char attribute((unused)) **vec,
int attribute((unused)) nvec) {
info("S%x rescan by %s", c->tag, c->who);
- trackdb_rescan(c->ev);
+ trackdb_rescan(c->ev, 1/*check*/);
sink_writes(ev_writer_sink(c->w), "250 initiated rescan\n");
return 1; /* completed */
}
c->who = vec[0];
c->rights = rights;
/* currently we only bother logging remote connections */
- if(strcmp(host, "local")) {
+ if(strcmp(host, "local"))
info("S%x %s connected from %s", c->tag, vec[0], host);
+ else
c->rights |= RIGHT__LOCAL;
- }
sink_writes(ev_writer_sink(c->w), "230 OK\n");
return 1;
}
}
rights = set ? RIGHT_VOLUME : RIGHT_READ;
if(!(c->rights & rights)) {
- sink_writes(ev_writer_sink(c->w), "530 Prohibited\n");
+ error(0, "%s attempted to set volume but lacks required rights", c->who);
+ sink_writes(ev_writer_sink(c->w), "510 Prohibited\n");
return 1;
}
- if(mixer_control(&l, &r, set))
+ if(mixer_control(-1/*as configured*/, &l, &r, set))
sink_writes(ev_writer_sink(c->w), "550 error accessing mixer\n");
else {
sink_printf(ev_writer_sink(c->w), "252 %d %d\n", l, r);
c->w = 0;
}
c->r = 0;
+ remove_connection(c);
}
return 0;
}
* @return 0 if move is prohibited, non-0 if it is allowed
*/
static int has_move_rights(struct conn *c, struct queue_entry **qs, int nqs) {
- rights_type r = 0;
-
for(; nqs > 0; ++qs, --nqs) {
struct queue_entry *const q = *qs;
- if(q->submitter)
- if(!strcmp(q->submitter, c->who))
- r |= RIGHT_MOVE_MINE;
- else
- r |= RIGHT_MOVE_ANY;
- else
- r |= RIGHT_MOVE_RANDOM;
+ if(!right_movable(c->rights, c->who, q))
+ return 0;
}
- return (c->rights & r) == r;
+ return 1;
}
static int c_move(struct conn *c,
return 1;
}
if(!has_move_rights(c, &q, 1)) {
+ error(0, "%s attempted move but lacks required rights", c->who);
sink_writes(ev_writer_sink(c->w),
- "550 Not authorized to move that track\n");
+ "510 Not authorized to move that track\n");
return 1;
}
n = queue_move(q, atoi(vec[1]), c->who);
return 1;
}
if(!has_move_rights(c, qs, nvec)) {
+ error(0, "%s attempted moveafter but lacks required rights", c->who);
sink_writes(ev_writer_sink(c->w),
- "550 Not authorized to move those tracks\n");
+ "510 Not authorized to move those tracks\n");
return 1;
}
queue_moveafter(q, nvec, qs, c->who);
static int c_new(struct conn *c,
char **vec,
int nvec) {
- char **tracks = trackdb_new(0, nvec > 0 ? atoi(vec[0]) : INT_MAX);
+ int max, n;
+ char **tracks;
+ if(nvec > 0)
+ max = atoi(vec[0]);
+ else
+ max = INT_MAX;
+ if(max <= 0 || max > config->new_max)
+ max = config->new_max;
+ tracks = trackdb_new(0, max);
sink_printf(ev_writer_sink(c->w), "253 New track list follows\n");
+ n = 0;
while(*tracks) {
sink_printf(ev_writer_sink(c->w), "%s%s\n",
**tracks == '.' ? "." : "", *tracks);
static int c_rtp_address(struct conn *c,
char attribute((unused)) **vec,
int attribute((unused)) nvec) {
- if(config->speaker_backend == BACKEND_NETWORK) {
+ if(config->api == BACKEND_NETWORK) {
sink_printf(ev_writer_sink(c->w), "252 %s %s\n",
quoteutf8(config->broadcast.s[0]),
quoteutf8(config->broadcast.s[1]));
c->who = user;
c->cookie = vec[0];
c->rights = rights;
- if(strcmp(host, "local")) {
+ if(strcmp(host, "local"))
info("S%x %s connected with cookie from %s", c->tag, user, host);
+ else
c->rights |= RIGHT__LOCAL;
- }
/* Response contains username so client knows who they are acting as */
sink_printf(ev_writer_sink(c->w), "232 %s\n", quoteutf8(user));
return 1;
int nvec) {
const char *rights;
+ if(!config->remote_userman && !(c->rights & RIGHT__LOCAL)) {
+ error(0, "S%x: remote adduser", c->tag);
+ sink_writes(ev_writer_sink(c->w), "550 Remote user management is disabled\n");
+ return 1;
+ }
if(nvec > 2) {
rights = vec[2];
if(parse_rights(vec[2], 0, 1)) {
static int c_deluser(struct conn *c,
char **vec,
int attribute((unused)) nvec) {
- if(trackdb_deluser(vec[0]))
+ struct conn *d;
+
+ if(!config->remote_userman && !(c->rights & RIGHT__LOCAL)) {
+ error(0, "S%x: remote deluser", c->tag);
+ sink_writes(ev_writer_sink(c->w), "550 Remote user management is disabled\n");
+ return 1;
+ }
+ if(trackdb_deluser(vec[0])) {
sink_writes(ev_writer_sink(c->w), "550 Cannot delete user\n");
- else
- sink_writes(ev_writer_sink(c->w), "250 User deleted\n");
+ return 1;
+ }
+ /* Zap connections belonging to deleted user */
+ for(d = connections; d; d = d->next)
+ if(!strcmp(d->who, vec[0]))
+ d->rights = 0;
+ sink_writes(ev_writer_sink(c->w), "250 User deleted\n");
return 1;
}
static int c_edituser(struct conn *c,
char **vec,
int attribute((unused)) nvec) {
+ struct conn *d;
+
+ if(!config->remote_userman && !(c->rights & RIGHT__LOCAL)) {
+ error(0, "S%x: remote edituser", c->tag);
+ sink_writes(ev_writer_sink(c->w), "550 Remote user management is disabled\n");
+ return 1;
+ }
/* RIGHT_ADMIN can do anything; otherwise you can only set your own email
* address and password. */
if((c->rights & RIGHT_ADMIN)
|| (!strcmp(c->who, vec[0])
&& (!strcmp(vec[1], "email")
|| !strcmp(vec[1], "password")))) {
- if(trackdb_edituserinfo(vec[0], vec[1], vec[2]))
+ if(trackdb_edituserinfo(vec[0], vec[1], vec[2])) {
sink_writes(ev_writer_sink(c->w), "550 Failed to change setting\n");
- else
- sink_writes(ev_writer_sink(c->w), "250 OK\n");
- } else
- sink_writes(ev_writer_sink(c->w), "550 Restricted to administrators\n");
+ return 1;
+ }
+ if(!strcmp(vec[1], "password")) {
+ /* Zap all connections for this user after a password change */
+ for(d = connections; d; d = d->next)
+ if(!strcmp(d->who, vec[0]))
+ d->rights = 0;
+ } else if(!strcmp(vec[1], "rights")) {
+ /* Update rights for this user */
+ rights_type r;
+
+ if(parse_rights(vec[2], &r, 1))
+ for(d = connections; d; d = d->next)
+ if(!strcmp(d->who, vec[0]))
+ d->rights = r;
+ }
+ sink_writes(ev_writer_sink(c->w), "250 OK\n");
+ } else {
+ error(0, "%s attempted edituser but lacks required rights", c->who);
+ sink_writes(ev_writer_sink(c->w), "510 Restricted to administrators\n");
+ }
return 1;
}
struct kvp *k;
const char *value;
+ /* We allow remote querying of rights so that clients can figure out what
+ * they're allowed to do */
+ if(!config->remote_userman
+ && !(c->rights & RIGHT__LOCAL)
+ && strcmp(vec[1], "rights")) {
+ error(0, "S%x: remote userinfo %s %s", c->tag, vec[0], vec[1]);
+ sink_writes(ev_writer_sink(c->w), "550 Remote user management is disabled\n");
+ return 1;
+ }
/* RIGHT_ADMIN allows anything; otherwise you can only get your own email
- * address and righst list. */
+ * address and rights list. */
if((c->rights & RIGHT_ADMIN)
|| (!strcmp(c->who, vec[0])
&& (!strcmp(vec[1], "email")
sink_writes(ev_writer_sink(c->w), "555 Not set\n");
else
sink_writes(ev_writer_sink(c->w), "550 No such user\n");
- } else
- sink_writes(ev_writer_sink(c->w), "550 Restricted to administrators\n");
+ } else {
+ error(0, "%s attempted userinfo but lacks required rights", c->who);
+ sink_writes(ev_writer_sink(c->w), "510 Restricted to administrators\n");
+ }
return 1;
}
return 1; /* completed */
}
+/** @brief Base64 mapping table for confirmation strings
+ *
+ * This is used with generic_to_base64() and generic_base64(). We cannot use
+ * the MIME table as that contains '+' and '=' which get quoted when
+ * URL-encoding. (The CGI still does the URL encoding but it is desirable to
+ * avoid it being necessary.)
+ */
+static const char confirm_base64_table[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789/.*";
+
static int c_register(struct conn *c,
char **vec,
int attribute((unused)) nvec) {
int offset;
/* The confirmation string is base64(username;nonce) */
- bufsize = strlen(vec[0]) + NONCE_SIZE + 2;
+ bufsize = strlen(vec[0]) + CONFIRM_SIZE + 2;
buf = xmalloc_noptr(bufsize);
offset = byte_snprintf(buf, bufsize, "%s;", vec[0]);
- gcry_randomize(buf + offset, NONCE_SIZE, GCRY_STRONG_RANDOM);
- cs = mime_to_base64((uint8_t *)buf, offset + NONCE_SIZE);
+ gcry_randomize(buf + offset, CONFIRM_SIZE, GCRY_STRONG_RANDOM);
+ cs = generic_to_base64((uint8_t *)buf, offset + CONFIRM_SIZE,
+ confirm_base64_table);
if(trackdb_adduser(vec[0], vec[1], config->default_rights, vec[2], cs))
sink_writes(ev_writer_sink(c->w), "550 Cannot create user\n");
else
int attribute((unused)) nvec) {
size_t nuser;
char *user, *sep;
+ rights_type rights;
+ const char *host;
- if(!(user = mime_base64(vec[0], &nuser))
+ /* Get some kind of peer identifcation */
+ if(!(host = connection_host(c))) {
+ sink_writes(ev_writer_sink(c->w), "530 Authentication failure\n");
+ return 1;
+ }
+ if(!(user = generic_base64(vec[0], &nuser, confirm_base64_table))
|| !(sep = memchr(user, ';', nuser))) {
sink_writes(ev_writer_sink(c->w), "550 Malformed confirmation string\n");
return 1;
}
*sep = 0;
- if(trackdb_confirm(user, vec[0]))
+ if(trackdb_confirm(user, vec[0], &rights))
sink_writes(ev_writer_sink(c->w), "550 Incorrect confirmation string\n");
- else
- sink_writes(ev_writer_sink(c->w), "250 OK\n");
+ else {
+ c->who = user;
+ c->cookie = 0;
+ c->rights = rights;
+ if(strcmp(host, "local"))
+ info("S%x %s confirmed from %s", c->tag, user, host);
+ else
+ c->rights |= RIGHT__LOCAL;
+ /* Response contains username so client knows who they are acting as */
+ sink_printf(ev_writer_sink(c->w), "232 %s\n", quoteutf8(user));
+ }
return 1;
}
-
+
+static int sent_reminder(ev_source attribute((unused)) *ev,
+ pid_t attribute((unused)) pid,
+ int status,
+ const struct rusage attribute((unused)) *rusage,
+ void *u) {
+ struct conn *const c = u;
+
+ /* Tell the client what went down */
+ if(!status) {
+ sink_writes(ev_writer_sink(c->w), "250 OK\n");
+ } else {
+ error(0, "reminder subprocess %s", wstat(status));
+ sink_writes(ev_writer_sink(c->w), "550 Cannot send a reminder email\n");
+ }
+ /* Re-enable this connection */
+ ev_reader_enable(c->r);
+ return 0;
+}
+
+static int c_reminder(struct conn *c,
+ char **vec,
+ int attribute((unused)) nvec) {
+ struct kvp *k;
+ const char *password, *email, *text, *encoding, *charset, *content_type;
+ const time_t *last;
+ time_t now;
+ pid_t pid;
+
+ static hash *last_reminder;
+
+ if(!config->mail_sender) {
+ error(0, "cannot send password reminders because mail_sender not set");
+ sink_writes(ev_writer_sink(c->w), "550 Cannot send a reminder email\n");
+ return 1;
+ }
+ if(!(k = trackdb_getuserinfo(vec[0]))) {
+ error(0, "reminder for user '%s' who does not exist", vec[0]);
+ sink_writes(ev_writer_sink(c->w), "550 Cannot send a reminder email\n");
+ return 1;
+ }
+ if(!(email = kvp_get(k, "email"))
+ || !strchr(email, '@')) {
+ error(0, "user '%s' has no valid email address", vec[0]);
+ sink_writes(ev_writer_sink(c->w), "550 Cannot send a reminder email\n");
+ return 1;
+ }
+ if(!(password = kvp_get(k, "password"))
+ || !*password) {
+ error(0, "user '%s' has no password", vec[0]);
+ sink_writes(ev_writer_sink(c->w), "550 Cannot send a reminder email\n");
+ return 1;
+ }
+ /* Rate-limit reminders. This hash is bounded in size by the number of
+ * users. If this is actually a problem for anyone then we can periodically
+ * clean it. */
+ if(!last_reminder)
+ last_reminder = hash_new(sizeof (time_t));
+ last = hash_find(last_reminder, vec[0]);
+ time(&now);
+ if(last && now < *last + config->reminder_interval) {
+ error(0, "sent a password reminder to '%s' too recently", vec[0]);
+ sink_writes(ev_writer_sink(c->w), "550 Cannot send a reminder email\n");
+ return 1;
+ }
+ /* Send the reminder */
+ /* TODO this should be templatized and to some extent merged with
+ * the code in act_register() */
+ byte_xasprintf((char **)&text,
+"Someone requested that you be sent a reminder of your DisOrder password.\n"
+"Your password is:\n"
+"\n"
+" %s\n", password);
+ if(!(text = mime_encode_text(text, &charset, &encoding)))
+ fatal(0, "cannot encode email");
+ byte_xasprintf((char **)&content_type, "text/plain;charset=%s",
+ quote822(charset, 0));
+ pid = sendmail_subprocess("", config->mail_sender, email,
+ "DisOrder password reminder",
+ encoding, content_type, text);
+ if(pid < 0) {
+ sink_writes(ev_writer_sink(c->w), "550 Cannot send a reminder email\n");
+ return 1;
+ }
+ hash_add(last_reminder, vec[0], &now, HASH_INSERT_OR_REPLACE);
+ info("sending a passsword reminder to user '%s'", vec[0]);
+ /* We can only continue when the subprocess finishes */
+ ev_child(c->ev, pid, 0, sent_reminder, c);
+ return 0;
+}
+
static const struct command {
/** @brief Command name */
const char *name;
{ "recent", 0, 0, c_recent, RIGHT_READ },
{ "reconfigure", 0, 0, c_reconfigure, RIGHT_ADMIN },
{ "register", 3, 3, c_register, RIGHT_REGISTER|RIGHT__LOCAL },
+ { "reminder", 1, 1, c_reminder, RIGHT__LOCAL },
{ "remove", 1, 1, c_remove, RIGHT_REMOVE__MASK },
{ "rescan", 0, 0, c_rescan, RIGHT_RESCAN },
{ "resolve", 1, 1, c_resolve, RIGHT_READ },
else {
if(commands[n].rights
&& !(c->rights & commands[n].rights)) {
- sink_writes(ev_writer_sink(c->w), "530 Prohibited\n");
+ error(0, "%s attempted %s but lacks required rights", c->who ? c->who : "NULL",
+ commands[n].name);
+ sink_writes(ev_writer_sink(c->w), "510 Prohibited\n");
return 1;
}
++vec;
ev_writer_close(c->w);
c->w = 0;
}
+ remove_connection(c);
}
return 0;
}
~mdw / disorder / blobdiff