/*
* This file is part of DisOrder.
- * Copyright (C) 2004, 2005, 2006, 2007 Richard Kettlewell
+ * Copyright (C) 2004-2008 Richard Kettlewell
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
#include "split.h"
#include "configuration.h"
#include "hex.h"
+#include "rights.h"
#include "trackdb.h"
#include "table.h"
#include "kvp.h"
#include "defs.h"
#include "cache.h"
#include "unicode.h"
+#include "cookies.h"
+#include "base64.h"
+#include "hash.h"
+#include "mime.h"
+#include "sendmail.h"
+#include "wstat.h"
#ifndef NONCE_SIZE
# define NONCE_SIZE 16
#endif
+#ifndef CONFIRM_SIZE
+# define CONFIRM_SIZE 10
+#endif
+
int volume_left, volume_right; /* last known volume */
/** @brief Accept all well-formed login attempts
struct eventlog_output *lo;
/** @brief Parent listener */
const struct listener *l;
+ /** @brief Login cookie or NULL */
+ char *cookie;
+ /** @brief Connection rights */
+ rights_type rights;
+ /** @brief Next connection */
+ struct conn *next;
};
+/** @brief Linked list of connections */
+static struct conn *connections;
+
static int reader_callback(ev_source *ev,
ev_reader *reader,
void *ptr,
static const char *noyes[] = { "no", "yes" };
+/** @brief Remove a connection from the connection list */
+static void remove_connection(struct conn *c) {
+ struct conn **cc;
+
+ for(cc = &connections; *cc && *cc != c; cc = &(*cc)->next)
+ ;
+ if(*cc)
+ *cc = c->next;
+}
+
/** @brief Called when a connection's writer fails or is shut down
*
* If the connection still has a raeder that is cancelled.
}
c->w = 0;
ev_report(ev);
+ remove_connection(c);
return 0;
}
c->w = 0;
c->r = 0;
ev_report(ev);
+ remove_connection(c);
return 0;
}
-/** @brief Return true if we are talking to a trusted user */
-static int trusted(struct conn *c) {
- int n;
-
- for(n = 0; (n < config->trust.n
- && strcmp(config->trust.s[n], c->who)); ++n)
- ;
- return n < config->trust.n;
-}
-
static int c_disable(struct conn *c, char **vec, int nvec) {
if(nvec == 0)
disable_playing(c->who);
* anything. */
if(q == qhead.next && playing)
prepare(c->ev, q);
- sink_writes(ev_writer_sink(c->w), "250 queued\n");
+ sink_printf(ev_writer_sink(c->w), "252 %s\n", q->id);
/* If the queue was empty but we are for some reason paused then
* unpause. */
if(!playing) resume_playing(0);
sink_writes(ev_writer_sink(c->w), "550 no such track on the queue\n");
return 1;
}
- if(config->restrictions & RESTRICT_REMOVE) {
- /* can only remove tracks that you submitted */
- if(!q->submitter || strcmp(q->submitter, c->who)) {
- sink_writes(ev_writer_sink(c->w), "550 you didn't submit that track!\n");
- return 1;
- }
+ if(!right_removable(c->rights, c->who, q)) {
+ error(0, "%s attempted remove but lacks required rights", c->who);
+ sink_writes(ev_writer_sink(c->w),
+ "510 Not authorized to remove that track\n");
+ return 1;
}
queue_remove(q, c->who);
/* De-prepare the track. */
abandon(c->ev, q);
- /* If we removed the random track then add another one. */
- if(q->state == playing_random)
- add_random_track();
+ /* See about adding a new random track */
+ add_random_track(c->ev);
/* Prepare whatever the next head track is. */
if(qhead.next != &qhead)
prepare(c->ev, qhead.next);
sink_writes(ev_writer_sink(c->w), "250 nothing is playing\n");
return 1; /* completed */
}
- if(config->restrictions & RESTRICT_SCRATCH) {
- /* can only scratch tracks you submitted and randomly selected ones */
- if(playing->submitter && strcmp(playing->submitter, c->who)) {
- sink_writes(ev_writer_sink(c->w), "550 you didn't submit that track!\n");
- return 1;
- }
+ /* TODO there is a bug here: if we specify an ID but it's not the currently
+ * playing track then you will get 550 if you weren't authorized to scratch
+ * the currently playing track. */
+ if(!right_scratchable(c->rights, c->who, playing)) {
+ error(0, "%s attempted scratch but lacks required rights", c->who);
+ sink_writes(ev_writer_sink(c->w),
+ "510 Not authorized to scratch that track\n");
+ return 1;
}
scratch(c->who, nvec == 1 ? vec[0] : 0);
/* If you scratch an unpaused track then it is automatically unpaused */
char attribute((unused)) **vec,
int attribute((unused)) nvec) {
info("S%x rescan by %s", c->tag, c->who);
- trackdb_rescan(c->ev);
+ trackdb_rescan(c->ev, 1/*check*/);
sink_writes(ev_writer_sink(c->w), "250 initiated rescan\n");
return 1; /* completed */
}
char attribute((unused)) **vec,
int attribute((unused)) nvec) {
/* VERSION had better only use the basic character set */
- sink_printf(ev_writer_sink(c->w), "251 %s\n", disorder_version_string);
+ sink_printf(ev_writer_sink(c->w), "251 %s\n", disorder_short_version_string);
return 1; /* completed */
}
return 1; /* completed */
}
-static int c_become(struct conn *c,
- char **vec,
- int attribute((unused)) nvec) {
- c->who = vec[0];
- sink_writes(ev_writer_sink(c->w), "230 OK\n");
- return 1;
-}
-
-static int c_user(struct conn *c,
- char **vec,
- int attribute((unused)) nvec) {
- int n;
- const char *res;
+static const char *connection_host(struct conn *c) {
union {
struct sockaddr sa;
struct sockaddr_in in;
struct sockaddr_in6 in6;
} u;
socklen_t l;
+ int n;
char host[1024];
- if(c->who) {
- sink_writes(ev_writer_sink(c->w), "530 already authenticated\n");
- return 1;
- }
/* get connection data */
l = sizeof u;
if(getpeername(c->fd, &u.sa, &l) < 0) {
error(errno, "S%x error calling getpeername", c->tag);
- sink_writes(ev_writer_sink(c->w), "530 authentication failure\n");
- return 1;
+ return 0;
}
if(c->l->pf != PF_UNIX) {
if((n = getnameinfo(&u.sa, l,
host, sizeof host, 0, 0, NI_NUMERICHOST))) {
error(0, "S%x error calling getnameinfo: %s", c->tag, gai_strerror(n));
- sink_writes(ev_writer_sink(c->w), "530 authentication failure\n");
- return 1;
+ return 0;
}
+ return xstrdup(host);
} else
- strcpy(host, "local");
+ return "local";
+}
+
+static int c_user(struct conn *c,
+ char **vec,
+ int attribute((unused)) nvec) {
+ struct kvp *k;
+ const char *res, *host, *password;
+ rights_type rights;
+
+ if(c->who) {
+ sink_writes(ev_writer_sink(c->w), "530 already authenticated\n");
+ return 1;
+ }
+ /* get connection data */
+ if(!(host = connection_host(c))) {
+ sink_writes(ev_writer_sink(c->w), "530 authentication failure\n");
+ return 1;
+ }
/* find the user */
- for(n = 0; n < config->allow.n
- && strcmp(config->allow.s[n].s[0], vec[0]); ++n)
- ;
- /* if it's a real user check whether the response is right */
- if(n >= config->allow.n) {
- info("S%x unknown user '%s' from %s", c->tag, vec[0], host);
+ k = trackdb_getuserinfo(vec[0]);
+ /* reject nonexistent users */
+ if(!k) {
+ error(0, "S%x unknown user '%s' from %s", c->tag, vec[0], host);
+ sink_writes(ev_writer_sink(c->w), "530 authentication failed\n");
+ return 1;
+ }
+ /* reject unconfirmed users */
+ if(kvp_get(k, "confirmation")) {
+ error(0, "S%x unconfirmed user '%s' from %s", c->tag, vec[0], host);
+ sink_writes(ev_writer_sink(c->w), "530 authentication failed\n");
+ return 1;
+ }
+ password = kvp_get(k, "password");
+ if(!password) password = "";
+ if(parse_rights(kvp_get(k, "rights"), &rights, 1)) {
+ error(0, "error parsing rights for %s", vec[0]);
sink_writes(ev_writer_sink(c->w), "530 authentication failed\n");
return 1;
}
- res = authhash(c->nonce, sizeof c->nonce, config->allow.s[n].s[1],
+ /* check whether the response is right */
+ res = authhash(c->nonce, sizeof c->nonce, password,
config->authorization_algorithm);
if(wideopen || (res && !strcmp(res, vec[1]))) {
c->who = vec[0];
+ c->rights = rights;
/* currently we only bother logging remote connections */
- if(c->l->pf != PF_UNIX)
+ if(strcmp(host, "local"))
info("S%x %s connected from %s", c->tag, vec[0], host);
+ else
+ c->rights |= RIGHT__LOCAL;
sink_writes(ev_writer_sink(c->w), "230 OK\n");
return 1;
}
const char *v;
if(vec[1][0] != '_' && (v = trackdb_get(vec[0], vec[1])))
- sink_printf(ev_writer_sink(c->w), "252 %s\n", v);
+ sink_printf(ev_writer_sink(c->w), "252 %s\n", quoteutf8(v));
else
- sink_writes(ev_writer_sink(c->w), "550 not found\n");
+ sink_writes(ev_writer_sink(c->w), "555 not found\n");
return 1;
}
return 1;
}
if((v = trackdb_get(track, "_length")))
- sink_printf(ev_writer_sink(c->w), "252 %s\n", v);
+ sink_printf(ev_writer_sink(c->w), "252 %s\n", quoteutf8(v));
else
sink_writes(ev_writer_sink(c->w), "550 not found\n");
return 1;
int nvec) {
int l, r, set;
char lb[32], rb[32];
+ rights_type rights;
switch(nvec) {
case 0:
default:
abort();
}
- if(mixer_control(&l, &r, set))
+ rights = set ? RIGHT_VOLUME : RIGHT_READ;
+ if(!(c->rights & rights)) {
+ error(0, "%s attempted to set volume but lacks required rights", c->who);
+ sink_writes(ev_writer_sink(c->w), "510 Prohibited\n");
+ return 1;
+ }
+ if(mixer_control(-1/*as configured*/, &l, &r, set))
sink_writes(ev_writer_sink(c->w), "550 error accessing mixer\n");
else {
sink_printf(ev_writer_sink(c->w), "252 %d %d\n", l, r);
c->w = 0;
}
c->r = 0;
+ remove_connection(c);
}
return 0;
}
return 0;
}
-static void post_move_cleanup(void) {
- struct queue_entry *q;
+/** @brief Test whether a move is allowed
+ * @param c Connection
+ * @param qs List of IDs on queue
+ * @param nqs Number of IDs
+ * @return 0 if move is prohibited, non-0 if it is allowed
+ */
+static int has_move_rights(struct conn *c, struct queue_entry **qs, int nqs) {
+ for(; nqs > 0; ++qs, --nqs) {
+ struct queue_entry *const q = *qs;
- /* If we have caused any random tracks to not be at the end then we make them
- * no longer be random. */
- for(q = qhead.next; q != &qhead; q = q->next)
- if(q->state == playing_random && q->next != &qhead)
- q->state = playing_unplayed;
- /* That might mean we need to add a new random track. */
- add_random_track();
- queue_write();
+ if(!right_movable(c->rights, c->who, q))
+ return 0;
+ }
+ return 1;
}
static int c_move(struct conn *c,
struct queue_entry *q;
int n;
- if(config->restrictions & RESTRICT_MOVE) {
- if(!trusted(c)) {
- sink_writes(ev_writer_sink(c->w),
- "550 only trusted users can move tracks\n");
- return 1;
- }
- }
if(!(q = queue_find(vec[0]))) {
sink_writes(ev_writer_sink(c->w), "550 no such track on the queue\n");
return 1;
}
+ if(!has_move_rights(c, &q, 1)) {
+ error(0, "%s attempted move but lacks required rights", c->who);
+ sink_writes(ev_writer_sink(c->w),
+ "510 Not authorized to move that track\n");
+ return 1;
+ }
n = queue_move(q, atoi(vec[1]), c->who);
- post_move_cleanup();
sink_printf(ev_writer_sink(c->w), "252 %d\n", n);
/* If we've moved to the head of the queue then prepare the track. */
if(q == qhead.next)
struct queue_entry *q, **qs;
int n;
- if(config->restrictions & RESTRICT_MOVE) {
- if(!trusted(c)) {
- sink_writes(ev_writer_sink(c->w),
- "550 only trusted users can move tracks\n");
- return 1;
- }
- }
if(vec[0][0]) {
if(!(q = queue_find(vec[0]))) {
sink_writes(ev_writer_sink(c->w), "550 no such track on the queue\n");
sink_writes(ev_writer_sink(c->w), "550 no such track on the queue\n");
return 1;
}
+ if(!has_move_rights(c, qs, nvec)) {
+ error(0, "%s attempted moveafter but lacks required rights", c->who);
+ sink_writes(ev_writer_sink(c->w),
+ "510 Not authorized to move those tracks\n");
+ return 1;
+ }
queue_moveafter(q, nvec, qs, c->who);
- post_move_cleanup();
sink_printf(ev_writer_sink(c->w), "250 Moved tracks\n");
/* If we've moved to the head of the queue then prepare the track. */
if(q == qhead.next)
char **vec,
int attribute((unused)) nvec) {
sink_printf(ev_writer_sink(c->w), "252 %s\n",
- trackdb_getpart(vec[0], vec[1], vec[2]));
+ quoteutf8(trackdb_getpart(vec[0], vec[1], vec[2])));
return 1;
}
sink_writes(ev_writer_sink(c->w), "550 cannot resolve track\n");
return 1;
}
- sink_printf(ev_writer_sink(c->w), "252 %s\n", track);
+ sink_printf(ev_writer_sink(c->w), "252 %s\n", quoteutf8(track));
return 1;
}
}
sink_writes(ev_writer_sink(c->w), ".\n");
return 1; /* completed */
-
}
static int c_set_global(struct conn *c,
const char *s = trackdb_get_global(vec[0]);
if(s)
- sink_printf(ev_writer_sink(c->w), "252 %s\n", s);
+ sink_printf(ev_writer_sink(c->w), "252 %s\n", quoteutf8(s));
else
- sink_writes(ev_writer_sink(c->w), "550 not found\n");
+ sink_writes(ev_writer_sink(c->w), "555 not found\n");
return 1;
}
static int c_new(struct conn *c,
char **vec,
int nvec) {
- char **tracks = trackdb_new(0, nvec > 0 ? atoi(vec[0]) : INT_MAX);
+ int max, n;
+ char **tracks;
+ if(nvec > 0)
+ max = atoi(vec[0]);
+ else
+ max = INT_MAX;
+ if(max <= 0 || max > config->new_max)
+ max = config->new_max;
+ tracks = trackdb_new(0, max);
sink_printf(ev_writer_sink(c->w), "253 New track list follows\n");
+ n = 0;
while(*tracks) {
sink_printf(ev_writer_sink(c->w), "%s%s\n",
**tracks == '.' ? "." : "", *tracks);
static int c_rtp_address(struct conn *c,
char attribute((unused)) **vec,
int attribute((unused)) nvec) {
- if(config->speaker_backend == BACKEND_NETWORK) {
+ if(config->api == BACKEND_NETWORK) {
sink_printf(ev_writer_sink(c->w), "252 %s %s\n",
quoteutf8(config->broadcast.s[0]),
quoteutf8(config->broadcast.s[1]));
sink_writes(ev_writer_sink(c->w), "550 No RTP\n");
return 1;
}
-
-#define C_AUTH 0001 /* must be authenticated */
-#define C_TRUSTED 0002 /* must be trusted user */
+
+static int c_cookie(struct conn *c,
+ char **vec,
+ int attribute((unused)) nvec) {
+ const char *host;
+ char *user;
+ rights_type rights;
+
+ /* Can't log in twice on the same connection */
+ if(c->who) {
+ sink_writes(ev_writer_sink(c->w), "530 already authenticated\n");
+ return 1;
+ }
+ /* Get some kind of peer identifcation */
+ if(!(host = connection_host(c))) {
+ sink_writes(ev_writer_sink(c->w), "530 authentication failure\n");
+ return 1;
+ }
+ /* Check the cookie */
+ user = verify_cookie(vec[0], &rights);
+ if(!user) {
+ sink_writes(ev_writer_sink(c->w), "530 authentication failure\n");
+ return 1;
+ }
+ /* Log in */
+ c->who = user;
+ c->cookie = vec[0];
+ c->rights = rights;
+ if(strcmp(host, "local"))
+ info("S%x %s connected with cookie from %s", c->tag, user, host);
+ else
+ c->rights |= RIGHT__LOCAL;
+ /* Response contains username so client knows who they are acting as */
+ sink_printf(ev_writer_sink(c->w), "232 %s\n", quoteutf8(user));
+ return 1;
+}
+
+static int c_make_cookie(struct conn *c,
+ char attribute((unused)) **vec,
+ int attribute((unused)) nvec) {
+ const char *cookie = make_cookie(c->who);
+
+ if(cookie)
+ sink_printf(ev_writer_sink(c->w), "252 %s\n", quoteutf8(cookie));
+ else
+ sink_writes(ev_writer_sink(c->w), "550 Cannot create cookie\n");
+ return 1;
+}
+
+static int c_revoke(struct conn *c,
+ char attribute((unused)) **vec,
+ int attribute((unused)) nvec) {
+ if(c->cookie) {
+ revoke_cookie(c->cookie);
+ sink_writes(ev_writer_sink(c->w), "250 OK\n");
+ } else
+ sink_writes(ev_writer_sink(c->w), "550 Did not log in with cookie\n");
+ return 1;
+}
+
+static int c_adduser(struct conn *c,
+ char **vec,
+ int nvec) {
+ const char *rights;
+
+ if(!config->remote_userman && !(c->rights & RIGHT__LOCAL)) {
+ error(0, "S%x: remote adduser", c->tag);
+ sink_writes(ev_writer_sink(c->w), "550 Remote user management is disabled\n");
+ return 1;
+ }
+ if(nvec > 2) {
+ rights = vec[2];
+ if(parse_rights(vec[2], 0, 1)) {
+ sink_writes(ev_writer_sink(c->w), "550 Invalid rights list\n");
+ return -1;
+ }
+ } else
+ rights = config->default_rights;
+ if(trackdb_adduser(vec[0], vec[1], rights,
+ 0/*email*/, 0/*confirmation*/))
+ sink_writes(ev_writer_sink(c->w), "550 Cannot create user\n");
+ else
+ sink_writes(ev_writer_sink(c->w), "250 User created\n");
+ return 1;
+}
+
+static int c_deluser(struct conn *c,
+ char **vec,
+ int attribute((unused)) nvec) {
+ struct conn *d;
+
+ if(!config->remote_userman && !(c->rights & RIGHT__LOCAL)) {
+ error(0, "S%x: remote deluser", c->tag);
+ sink_writes(ev_writer_sink(c->w), "550 Remote user management is disabled\n");
+ return 1;
+ }
+ if(trackdb_deluser(vec[0])) {
+ sink_writes(ev_writer_sink(c->w), "550 Cannot delete user\n");
+ return 1;
+ }
+ /* Zap connections belonging to deleted user */
+ for(d = connections; d; d = d->next)
+ if(!strcmp(d->who, vec[0]))
+ d->rights = 0;
+ sink_writes(ev_writer_sink(c->w), "250 User deleted\n");
+ return 1;
+}
+
+static int c_edituser(struct conn *c,
+ char **vec,
+ int attribute((unused)) nvec) {
+ struct conn *d;
+
+ if(!config->remote_userman && !(c->rights & RIGHT__LOCAL)) {
+ error(0, "S%x: remote edituser", c->tag);
+ sink_writes(ev_writer_sink(c->w), "550 Remote user management is disabled\n");
+ return 1;
+ }
+ /* RIGHT_ADMIN can do anything; otherwise you can only set your own email
+ * address and password. */
+ if((c->rights & RIGHT_ADMIN)
+ || (!strcmp(c->who, vec[0])
+ && (!strcmp(vec[1], "email")
+ || !strcmp(vec[1], "password")))) {
+ if(trackdb_edituserinfo(vec[0], vec[1], vec[2])) {
+ sink_writes(ev_writer_sink(c->w), "550 Failed to change setting\n");
+ return 1;
+ }
+ if(!strcmp(vec[1], "password")) {
+ /* Zap all connections for this user after a password change */
+ for(d = connections; d; d = d->next)
+ if(!strcmp(d->who, vec[0]))
+ d->rights = 0;
+ } else if(!strcmp(vec[1], "rights")) {
+ /* Update rights for this user */
+ rights_type r;
+
+ if(parse_rights(vec[2], &r, 1))
+ for(d = connections; d; d = d->next)
+ if(!strcmp(d->who, vec[0]))
+ d->rights = r;
+ }
+ sink_writes(ev_writer_sink(c->w), "250 OK\n");
+ } else {
+ error(0, "%s attempted edituser but lacks required rights", c->who);
+ sink_writes(ev_writer_sink(c->w), "510 Restricted to administrators\n");
+ }
+ return 1;
+}
+
+static int c_userinfo(struct conn *c,
+ char attribute((unused)) **vec,
+ int attribute((unused)) nvec) {
+ struct kvp *k;
+ const char *value;
+
+ /* We allow remote querying of rights so that clients can figure out what
+ * they're allowed to do */
+ if(!config->remote_userman
+ && !(c->rights & RIGHT__LOCAL)
+ && strcmp(vec[1], "rights")) {
+ error(0, "S%x: remote userinfo %s %s", c->tag, vec[0], vec[1]);
+ sink_writes(ev_writer_sink(c->w), "550 Remote user management is disabled\n");
+ return 1;
+ }
+ /* RIGHT_ADMIN allows anything; otherwise you can only get your own email
+ * address and rights list. */
+ if((c->rights & RIGHT_ADMIN)
+ || (!strcmp(c->who, vec[0])
+ && (!strcmp(vec[1], "email")
+ || !strcmp(vec[1], "rights")))) {
+ if((k = trackdb_getuserinfo(vec[0])))
+ if((value = kvp_get(k, vec[1])))
+ sink_printf(ev_writer_sink(c->w), "252 %s\n", quoteutf8(value));
+ else
+ sink_writes(ev_writer_sink(c->w), "555 Not set\n");
+ else
+ sink_writes(ev_writer_sink(c->w), "550 No such user\n");
+ } else {
+ error(0, "%s attempted userinfo but lacks required rights", c->who);
+ sink_writes(ev_writer_sink(c->w), "510 Restricted to administrators\n");
+ }
+ return 1;
+}
+
+static int c_users(struct conn *c,
+ char attribute((unused)) **vec,
+ int attribute((unused)) nvec) {
+ /* TODO de-dupe with c_tags */
+ char **users = trackdb_listusers();
+
+ sink_writes(ev_writer_sink(c->w), "253 User list follows\n");
+ while(*users) {
+ sink_printf(ev_writer_sink(c->w), "%s%s\n",
+ **users == '.' ? "." : "", *users);
+ ++users;
+ }
+ sink_writes(ev_writer_sink(c->w), ".\n");
+ return 1; /* completed */
+}
+
+/** @brief Base64 mapping table for confirmation strings
+ *
+ * This is used with generic_to_base64() and generic_base64(). We cannot use
+ * the MIME table as that contains '+' and '=' which get quoted when
+ * URL-encoding. (The CGI still does the URL encoding but it is desirable to
+ * avoid it being necessary.)
+ */
+static const char confirm_base64_table[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789/.*";
+
+static int c_register(struct conn *c,
+ char **vec,
+ int attribute((unused)) nvec) {
+ char *buf, *cs;
+ size_t bufsize;
+ int offset;
+
+ /* The confirmation string is base64(username;nonce) */
+ bufsize = strlen(vec[0]) + CONFIRM_SIZE + 2;
+ buf = xmalloc_noptr(bufsize);
+ offset = byte_snprintf(buf, bufsize, "%s;", vec[0]);
+ gcry_randomize(buf + offset, CONFIRM_SIZE, GCRY_STRONG_RANDOM);
+ cs = generic_to_base64((uint8_t *)buf, offset + CONFIRM_SIZE,
+ confirm_base64_table);
+ if(trackdb_adduser(vec[0], vec[1], config->default_rights, vec[2], cs))
+ sink_writes(ev_writer_sink(c->w), "550 Cannot create user\n");
+ else
+ sink_printf(ev_writer_sink(c->w), "252 %s\n", quoteutf8(cs));
+ return 1;
+}
+
+static int c_confirm(struct conn *c,
+ char **vec,
+ int attribute((unused)) nvec) {
+ size_t nuser;
+ char *user, *sep;
+ rights_type rights;
+ const char *host;
+
+ /* Get some kind of peer identifcation */
+ if(!(host = connection_host(c))) {
+ sink_writes(ev_writer_sink(c->w), "530 Authentication failure\n");
+ return 1;
+ }
+ if(!(user = generic_base64(vec[0], &nuser, confirm_base64_table))
+ || !(sep = memchr(user, ';', nuser))) {
+ sink_writes(ev_writer_sink(c->w), "550 Malformed confirmation string\n");
+ return 1;
+ }
+ *sep = 0;
+ if(trackdb_confirm(user, vec[0], &rights))
+ sink_writes(ev_writer_sink(c->w), "550 Incorrect confirmation string\n");
+ else {
+ c->who = user;
+ c->cookie = 0;
+ c->rights = rights;
+ if(strcmp(host, "local"))
+ info("S%x %s confirmed from %s", c->tag, user, host);
+ else
+ c->rights |= RIGHT__LOCAL;
+ /* Response contains username so client knows who they are acting as */
+ sink_printf(ev_writer_sink(c->w), "232 %s\n", quoteutf8(user));
+ }
+ return 1;
+}
+
+static int sent_reminder(ev_source attribute((unused)) *ev,
+ pid_t attribute((unused)) pid,
+ int status,
+ const struct rusage attribute((unused)) *rusage,
+ void *u) {
+ struct conn *const c = u;
+
+ /* Tell the client what went down */
+ if(!status) {
+ sink_writes(ev_writer_sink(c->w), "250 OK\n");
+ } else {
+ error(0, "reminder subprocess %s", wstat(status));
+ sink_writes(ev_writer_sink(c->w), "550 Cannot send a reminder email\n");
+ }
+ /* Re-enable this connection */
+ ev_reader_enable(c->r);
+ return 0;
+}
+
+static int c_reminder(struct conn *c,
+ char **vec,
+ int attribute((unused)) nvec) {
+ struct kvp *k;
+ const char *password, *email, *text, *encoding, *charset, *content_type;
+ const time_t *last;
+ time_t now;
+ pid_t pid;
+
+ static hash *last_reminder;
+
+ if(!config->mail_sender) {
+ error(0, "cannot send password reminders because mail_sender not set");
+ sink_writes(ev_writer_sink(c->w), "550 Cannot send a reminder email\n");
+ return 1;
+ }
+ if(!(k = trackdb_getuserinfo(vec[0]))) {
+ error(0, "reminder for user '%s' who does not exist", vec[0]);
+ sink_writes(ev_writer_sink(c->w), "550 Cannot send a reminder email\n");
+ return 1;
+ }
+ if(!(email = kvp_get(k, "email"))
+ || !strchr(email, '@')) {
+ error(0, "user '%s' has no valid email address", vec[0]);
+ sink_writes(ev_writer_sink(c->w), "550 Cannot send a reminder email\n");
+ return 1;
+ }
+ if(!(password = kvp_get(k, "password"))
+ || !*password) {
+ error(0, "user '%s' has no password", vec[0]);
+ sink_writes(ev_writer_sink(c->w), "550 Cannot send a reminder email\n");
+ return 1;
+ }
+ /* Rate-limit reminders. This hash is bounded in size by the number of
+ * users. If this is actually a problem for anyone then we can periodically
+ * clean it. */
+ if(!last_reminder)
+ last_reminder = hash_new(sizeof (time_t));
+ last = hash_find(last_reminder, vec[0]);
+ time(&now);
+ if(last && now < *last + config->reminder_interval) {
+ error(0, "sent a password reminder to '%s' too recently", vec[0]);
+ sink_writes(ev_writer_sink(c->w), "550 Cannot send a reminder email\n");
+ return 1;
+ }
+ /* Send the reminder */
+ /* TODO this should be templatized and to some extent merged with
+ * the code in act_register() */
+ byte_xasprintf((char **)&text,
+"Someone requested that you be sent a reminder of your DisOrder password.\n"
+"Your password is:\n"
+"\n"
+" %s\n", password);
+ if(!(text = mime_encode_text(text, &charset, &encoding)))
+ fatal(0, "cannot encode email");
+ byte_xasprintf((char **)&content_type, "text/plain;charset=%s",
+ quote822(charset, 0));
+ pid = sendmail_subprocess("", config->mail_sender, email,
+ "DisOrder password reminder",
+ encoding, content_type, text);
+ if(pid < 0) {
+ sink_writes(ev_writer_sink(c->w), "550 Cannot send a reminder email\n");
+ return 1;
+ }
+ hash_add(last_reminder, vec[0], &now, HASH_INSERT_OR_REPLACE);
+ info("sending a passsword reminder to user '%s'", vec[0]);
+ /* We can only continue when the subprocess finishes */
+ ev_child(c->ev, pid, 0, sent_reminder, c);
+ return 0;
+}
static const struct command {
+ /** @brief Command name */
const char *name;
- int minargs, maxargs;
+
+ /** @brief Minimum number of arguments */
+ int minargs;
+
+ /** @brief Maximum number of arguments */
+ int maxargs;
+
+ /** @brief Function to process command */
int (*fn)(struct conn *, char **, int);
- unsigned flags;
+
+ /** @brief Rights required to execute command
+ *
+ * 0 means that the command can be issued without logging in. If multiple
+ * bits are listed here any of those rights will do.
+ */
+ rights_type rights;
} commands[] = {
- { "allfiles", 0, 2, c_allfiles, C_AUTH },
- { "become", 1, 1, c_become, C_AUTH|C_TRUSTED },
- { "dirs", 0, 2, c_dirs, C_AUTH },
- { "disable", 0, 1, c_disable, C_AUTH },
- { "enable", 0, 0, c_enable, C_AUTH },
- { "enabled", 0, 0, c_enabled, C_AUTH },
- { "exists", 1, 1, c_exists, C_AUTH },
- { "files", 0, 2, c_files, C_AUTH },
- { "get", 2, 2, c_get, C_AUTH },
- { "get-global", 1, 1, c_get_global, C_AUTH },
- { "length", 1, 1, c_length, C_AUTH },
- { "log", 0, 0, c_log, C_AUTH },
- { "move", 2, 2, c_move, C_AUTH },
- { "moveafter", 1, INT_MAX, c_moveafter, C_AUTH },
- { "new", 0, 1, c_new, C_AUTH },
- { "nop", 0, 0, c_nop, C_AUTH },
- { "part", 3, 3, c_part, C_AUTH },
- { "pause", 0, 0, c_pause, C_AUTH },
- { "play", 1, 1, c_play, C_AUTH },
- { "playing", 0, 0, c_playing, C_AUTH },
- { "prefs", 1, 1, c_prefs, C_AUTH },
- { "queue", 0, 0, c_queue, C_AUTH },
- { "random-disable", 0, 0, c_random_disable, C_AUTH },
- { "random-enable", 0, 0, c_random_enable, C_AUTH },
- { "random-enabled", 0, 0, c_random_enabled, C_AUTH },
- { "recent", 0, 0, c_recent, C_AUTH },
- { "reconfigure", 0, 0, c_reconfigure, C_AUTH|C_TRUSTED },
- { "remove", 1, 1, c_remove, C_AUTH },
- { "rescan", 0, 0, c_rescan, C_AUTH|C_TRUSTED },
- { "resolve", 1, 1, c_resolve, C_AUTH },
- { "resume", 0, 0, c_resume, C_AUTH },
- { "rtp-address", 0, 0, c_rtp_address, C_AUTH },
- { "scratch", 0, 1, c_scratch, C_AUTH },
- { "search", 1, 1, c_search, C_AUTH },
- { "set", 3, 3, c_set, C_AUTH, },
- { "set-global", 2, 2, c_set_global, C_AUTH },
- { "shutdown", 0, 0, c_shutdown, C_AUTH|C_TRUSTED },
- { "stats", 0, 0, c_stats, C_AUTH },
- { "tags", 0, 0, c_tags, C_AUTH },
- { "unset", 2, 2, c_set, C_AUTH },
- { "unset-global", 1, 1, c_set_global, C_AUTH },
+ { "adduser", 2, 3, c_adduser, RIGHT_ADMIN|RIGHT__LOCAL },
+ { "allfiles", 0, 2, c_allfiles, RIGHT_READ },
+ { "confirm", 1, 1, c_confirm, 0 },
+ { "cookie", 1, 1, c_cookie, 0 },
+ { "deluser", 1, 1, c_deluser, RIGHT_ADMIN|RIGHT__LOCAL },
+ { "dirs", 0, 2, c_dirs, RIGHT_READ },
+ { "disable", 0, 1, c_disable, RIGHT_GLOBAL_PREFS },
+ { "edituser", 3, 3, c_edituser, RIGHT_ADMIN|RIGHT_USERINFO },
+ { "enable", 0, 0, c_enable, RIGHT_GLOBAL_PREFS },
+ { "enabled", 0, 0, c_enabled, RIGHT_READ },
+ { "exists", 1, 1, c_exists, RIGHT_READ },
+ { "files", 0, 2, c_files, RIGHT_READ },
+ { "get", 2, 2, c_get, RIGHT_READ },
+ { "get-global", 1, 1, c_get_global, RIGHT_READ },
+ { "length", 1, 1, c_length, RIGHT_READ },
+ { "log", 0, 0, c_log, RIGHT_READ },
+ { "make-cookie", 0, 0, c_make_cookie, RIGHT_READ },
+ { "move", 2, 2, c_move, RIGHT_MOVE__MASK },
+ { "moveafter", 1, INT_MAX, c_moveafter, RIGHT_MOVE__MASK },
+ { "new", 0, 1, c_new, RIGHT_READ },
+ { "nop", 0, 0, c_nop, 0 },
+ { "part", 3, 3, c_part, RIGHT_READ },
+ { "pause", 0, 0, c_pause, RIGHT_PAUSE },
+ { "play", 1, 1, c_play, RIGHT_PLAY },
+ { "playing", 0, 0, c_playing, RIGHT_READ },
+ { "prefs", 1, 1, c_prefs, RIGHT_READ },
+ { "queue", 0, 0, c_queue, RIGHT_READ },
+ { "random-disable", 0, 0, c_random_disable, RIGHT_GLOBAL_PREFS },
+ { "random-enable", 0, 0, c_random_enable, RIGHT_GLOBAL_PREFS },
+ { "random-enabled", 0, 0, c_random_enabled, RIGHT_READ },
+ { "recent", 0, 0, c_recent, RIGHT_READ },
+ { "reconfigure", 0, 0, c_reconfigure, RIGHT_ADMIN },
+ { "register", 3, 3, c_register, RIGHT_REGISTER|RIGHT__LOCAL },
+ { "reminder", 1, 1, c_reminder, RIGHT__LOCAL },
+ { "remove", 1, 1, c_remove, RIGHT_REMOVE__MASK },
+ { "rescan", 0, 0, c_rescan, RIGHT_RESCAN },
+ { "resolve", 1, 1, c_resolve, RIGHT_READ },
+ { "resume", 0, 0, c_resume, RIGHT_PAUSE },
+ { "revoke", 0, 0, c_revoke, RIGHT_READ },
+ { "rtp-address", 0, 0, c_rtp_address, 0 },
+ { "scratch", 0, 1, c_scratch, RIGHT_SCRATCH__MASK },
+ { "search", 1, 1, c_search, RIGHT_READ },
+ { "set", 3, 3, c_set, RIGHT_PREFS, },
+ { "set-global", 2, 2, c_set_global, RIGHT_GLOBAL_PREFS },
+ { "shutdown", 0, 0, c_shutdown, RIGHT_ADMIN },
+ { "stats", 0, 0, c_stats, RIGHT_READ },
+ { "tags", 0, 0, c_tags, RIGHT_READ },
+ { "unset", 2, 2, c_set, RIGHT_PREFS },
+ { "unset-global", 1, 1, c_set_global, RIGHT_GLOBAL_PREFS },
{ "user", 2, 2, c_user, 0 },
- { "version", 0, 0, c_version, C_AUTH },
- { "volume", 0, 2, c_volume, C_AUTH }
+ { "userinfo", 2, 2, c_userinfo, RIGHT_READ },
+ { "users", 0, 0, c_users, RIGHT_READ },
+ { "version", 0, 0, c_version, RIGHT_READ },
+ { "volume", 0, 2, c_volume, RIGHT_READ|RIGHT_VOLUME }
};
static void command_error(const char *msg, void *u) {
if((n = TABLE_FIND(commands, struct command, name, vec[0])) < 0)
sink_writes(ev_writer_sink(c->w), "500 unknown command\n");
else {
- if((commands[n].flags & C_AUTH) && !c->who) {
- sink_writes(ev_writer_sink(c->w), "530 not authenticated\n");
- return 1;
- }
- if((commands[n].flags & C_TRUSTED) && !trusted(c)) {
- sink_writes(ev_writer_sink(c->w), "530 insufficient privilege\n");
+ if(commands[n].rights
+ && !(c->rights & commands[n].rights)) {
+ error(0, "%s attempted %s but lacks required rights", c->who ? c->who : "NULL",
+ commands[n].name);
+ sink_writes(ev_writer_sink(c->w), "510 Prohibited\n");
return 1;
}
++vec;
ev_writer_close(c->w);
c->w = 0;
}
+ remove_connection(c);
}
return 0;
}
c->fd = fd;
c->reader = reader_callback;
c->l = l;
+ c->rights = 0;
gcry_randomize(c->nonce, sizeof c->nonce, GCRY_STRONG_RANDOM);
- if(!strcmp(config->authorization_algorithm, "sha1")
- || !strcmp(config->authorization_algorithm, "SHA1")) {
- sink_printf(ev_writer_sink(c->w), "231 %s\n",
- hex(c->nonce, sizeof c->nonce));
- } else {
- sink_printf(ev_writer_sink(c->w), "231 %s %s\n",
- config->authorization_algorithm,
- hex(c->nonce, sizeof c->nonce));
- }
+ sink_printf(ev_writer_sink(c->w), "231 %d %s %s\n",
+ 2,
+ config->authorization_algorithm,
+ hex(c->nonce, sizeof c->nonce));
return 0;
}
~mdw / disorder / blobdiff