X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/disorder/blobdiff_plain/1011401782de9fc44636e88f4b3e4bceb0de4e04..91370169de7f552f3a54e5ef9e079a202a5efbfa:/server/server.c diff --git a/server/server.c b/server/server.c index a09025e..67b1fdc 100644 --- a/server/server.c +++ b/server/server.c @@ -1,6 +1,6 @@ /* * This file is part of DisOrder. - * Copyright (C) 2004, 2005, 2006, 2007 Richard Kettlewell + * Copyright (C) 2004-2008 Richard Kettlewell * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -67,6 +67,10 @@ #include "unicode.h" #include "cookies.h" #include "base64.h" +#include "hash.h" +#include "mime.h" +#include "sendmail.h" +#include "wstat.h" #ifndef NONCE_SIZE # define NONCE_SIZE 16 @@ -118,8 +122,13 @@ struct conn { char *cookie; /** @brief Connection rights */ rights_type rights; + /** @brief Next connection */ + struct conn *next; }; +/** @brief Linked list of connections */ +static struct conn *connections; + static int reader_callback(ev_source *ev, ev_reader *reader, void *ptr, @@ -129,6 +138,16 @@ static int reader_callback(ev_source *ev, static const char *noyes[] = { "no", "yes" }; +/** @brief Remove a connection from the connection list */ +static void remove_connection(struct conn *c) { + struct conn **cc; + + for(cc = &connections; *cc && *cc != c; cc = &(*cc)->next) + ; + if(*cc) + *cc = c->next; +} + /** @brief Called when a connection's writer fails or is shut down * * If the connection still has a raeder that is cancelled. @@ -154,6 +173,7 @@ static int writer_error(ev_source attribute((unused)) *ev, } c->w = 0; ev_report(ev); + remove_connection(c); return 0; } @@ -173,6 +193,7 @@ static int reader_error(ev_source attribute((unused)) *ev, c->w = 0; c->r = 0; ev_report(ev); + remove_connection(c); return 0; } @@ -339,7 +360,7 @@ static int c_rescan(struct conn *c, char attribute((unused)) **vec, int attribute((unused)) nvec) { info("S%x rescan by %s", c->tag, c->who); - trackdb_rescan(c->ev); + trackdb_rescan(c->ev, 1/*check*/); sink_writes(ev_writer_sink(c->w), "250 initiated rescan\n"); return 1; /* completed */ } @@ -435,10 +456,10 @@ static int c_user(struct conn *c, c->who = vec[0]; c->rights = rights; /* currently we only bother logging remote connections */ - if(strcmp(host, "local")) { + if(strcmp(host, "local")) info("S%x %s connected from %s", c->tag, vec[0], host); + else c->rights |= RIGHT__LOCAL; - } sink_writes(ev_writer_sink(c->w), "230 OK\n"); return 1; } @@ -785,6 +806,7 @@ static int logging_reader_callback(ev_source attribute((unused)) *ev, c->w = 0; } c->r = 0; + remove_connection(c); } return 0; } @@ -977,9 +999,18 @@ static int c_nop(struct conn *c, static int c_new(struct conn *c, char **vec, int nvec) { - char **tracks = trackdb_new(0, nvec > 0 ? atoi(vec[0]) : INT_MAX); + int max, n; + char **tracks; + if(nvec > 0) + max = atoi(vec[0]); + else + max = INT_MAX; + if(max <= 0 || max > config->new_max) + max = config->new_max; + tracks = trackdb_new(0, max); sink_printf(ev_writer_sink(c->w), "253 New track list follows\n"); + n = 0; while(*tracks) { sink_printf(ev_writer_sink(c->w), "%s%s\n", **tracks == '.' ? "." : "", *tracks); @@ -1029,10 +1060,10 @@ static int c_cookie(struct conn *c, c->who = user; c->cookie = vec[0]; c->rights = rights; - if(strcmp(host, "local")) { + if(strcmp(host, "local")) info("S%x %s connected with cookie from %s", c->tag, user, host); + else c->rights |= RIGHT__LOCAL; - } /* Response contains username so client knows who they are acting as */ sink_printf(ev_writer_sink(c->w), "232 %s\n", quoteutf8(user)); return 1; @@ -1085,26 +1116,50 @@ static int c_adduser(struct conn *c, static int c_deluser(struct conn *c, char **vec, int attribute((unused)) nvec) { - if(trackdb_deluser(vec[0])) + struct conn *d; + + if(trackdb_deluser(vec[0])) { sink_writes(ev_writer_sink(c->w), "550 Cannot delete user\n"); - else - sink_writes(ev_writer_sink(c->w), "250 User deleted\n"); + return 1; + } + /* Zap connections belonging to deleted user */ + for(d = connections; d; d = d->next) + if(!strcmp(d->who, vec[0])) + d->rights = 0; + sink_writes(ev_writer_sink(c->w), "250 User deleted\n"); return 1; } static int c_edituser(struct conn *c, char **vec, int attribute((unused)) nvec) { + struct conn *d; + /* RIGHT_ADMIN can do anything; otherwise you can only set your own email * address and password. */ if((c->rights & RIGHT_ADMIN) || (!strcmp(c->who, vec[0]) && (!strcmp(vec[1], "email") || !strcmp(vec[1], "password")))) { - if(trackdb_edituserinfo(vec[0], vec[1], vec[2])) + if(trackdb_edituserinfo(vec[0], vec[1], vec[2])) { sink_writes(ev_writer_sink(c->w), "550 Failed to change setting\n"); - else - sink_writes(ev_writer_sink(c->w), "250 OK\n"); + return 1; + } + if(!strcmp(vec[1], "password")) { + /* Zap all connections for this user after a password change */ + for(d = connections; d; d = d->next) + if(!strcmp(d->who, vec[0])) + d->rights = 0; + } else if(!strcmp(vec[1], "rights")) { + /* Update rights for this user */ + rights_type r; + + if(parse_rights(vec[2], &r, 1)) + for(d = connections; d; d = d->next) + if(!strcmp(d->who, vec[0])) + d->rights = r; + } + sink_writes(ev_writer_sink(c->w), "250 OK\n"); } else { error(0, "%s attempted edituser but lacks required rights", c->who); sink_writes(ev_writer_sink(c->w), "510 Restricted to administrators\n"); @@ -1154,6 +1209,16 @@ static int c_users(struct conn *c, return 1; /* completed */ } +/** @brief Base64 mapping table for confirmation strings + * + * This is used with generic_to_base64() and generic_base64(). We cannot use + * the MIME table as that contains '+' and '=' which get quoted when + * URL-encoding. (The CGI still does the URL encoding but it is desirable to + * avoid it being necessary.) + */ +static const char confirm_base64_table[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789/.*"; + static int c_register(struct conn *c, char **vec, int attribute((unused)) nvec) { @@ -1166,7 +1231,8 @@ static int c_register(struct conn *c, buf = xmalloc_noptr(bufsize); offset = byte_snprintf(buf, bufsize, "%s;", vec[0]); gcry_randomize(buf + offset, CONFIRM_SIZE, GCRY_STRONG_RANDOM); - cs = mime_to_base64((uint8_t *)buf, offset + CONFIRM_SIZE); + cs = generic_to_base64((uint8_t *)buf, offset + CONFIRM_SIZE, + confirm_base64_table); if(trackdb_adduser(vec[0], vec[1], config->default_rights, vec[2], cs)) sink_writes(ev_writer_sink(c->w), "550 Cannot create user\n"); else @@ -1179,20 +1245,126 @@ static int c_confirm(struct conn *c, int attribute((unused)) nvec) { size_t nuser; char *user, *sep; + rights_type rights; + const char *host; - if(!(user = mime_base64(vec[0], &nuser)) + /* Get some kind of peer identifcation */ + if(!(host = connection_host(c))) { + sink_writes(ev_writer_sink(c->w), "530 Authentication failure\n"); + return 1; + } + if(!(user = generic_base64(vec[0], &nuser, confirm_base64_table)) || !(sep = memchr(user, ';', nuser))) { sink_writes(ev_writer_sink(c->w), "550 Malformed confirmation string\n"); return 1; } *sep = 0; - if(trackdb_confirm(user, vec[0])) + if(trackdb_confirm(user, vec[0], &rights)) sink_writes(ev_writer_sink(c->w), "550 Incorrect confirmation string\n"); - else - sink_writes(ev_writer_sink(c->w), "250 OK\n"); + else { + c->who = user; + c->cookie = 0; + c->rights = rights; + if(strcmp(host, "local")) + info("S%x %s confirmed from %s", c->tag, user, host); + else + c->rights |= RIGHT__LOCAL; + /* Response contains username so client knows who they are acting as */ + sink_printf(ev_writer_sink(c->w), "232 %s\n", quoteutf8(user)); + } return 1; } - + +static int sent_reminder(ev_source attribute((unused)) *ev, + pid_t attribute((unused)) pid, + int status, + const struct rusage attribute((unused)) *rusage, + void *u) { + struct conn *const c = u; + + /* Tell the client what went down */ + if(!status) { + sink_writes(ev_writer_sink(c->w), "250 OK\n"); + } else { + error(0, "reminder subprocess %s", wstat(status)); + sink_writes(ev_writer_sink(c->w), "550 Cannot send a reminder email\n"); + } + /* Re-enable this connection */ + ev_reader_enable(c->r); + return 0; +} + +static int c_reminder(struct conn *c, + char **vec, + int attribute((unused)) nvec) { + struct kvp *k; + const char *password, *email, *text, *encoding, *charset, *content_type; + const time_t *last; + time_t now; + pid_t pid; + + static hash *last_reminder; + + if(!config->mail_sender) { + error(0, "cannot send password reminders because mail_sender not set"); + sink_writes(ev_writer_sink(c->w), "550 Cannot send a reminder email\n"); + return 1; + } + if(!(k = trackdb_getuserinfo(vec[0]))) { + error(0, "reminder for user '%s' who does not exist", vec[0]); + sink_writes(ev_writer_sink(c->w), "550 Cannot send a reminder email\n"); + return 1; + } + if(!(email = kvp_get(k, "email")) + || !strchr(email, '@')) { + error(0, "user '%s' has no valid email address", vec[0]); + sink_writes(ev_writer_sink(c->w), "550 Cannot send a reminder email\n"); + return 1; + } + if(!(password = kvp_get(k, "password")) + || !*password) { + error(0, "user '%s' has no password", vec[0]); + sink_writes(ev_writer_sink(c->w), "550 Cannot send a reminder email\n"); + return 1; + } + /* Rate-limit reminders. This hash is bounded in size by the number of + * users. If this is actually a problem for anyone then we can periodically + * clean it. */ + if(!last_reminder) + last_reminder = hash_new(sizeof (time_t)); + last = hash_find(last_reminder, vec[0]); + time(&now); + if(last && now < *last + config->reminder_interval) { + error(0, "sent a password reminder to '%s' too recently", vec[0]); + sink_writes(ev_writer_sink(c->w), "550 Cannot send a reminder email\n"); + return 1; + } + /* Send the reminder */ + /* TODO this should be templatized and to some extent merged with + * the code in act_register() */ + byte_xasprintf((char **)&text, +"Someone requested that you be sent a reminder of your DisOrder password.\n" +"Your password is:\n" +"\n" +" %s\n", password); + if(!(text = mime_encode_text(text, &charset, &encoding))) + fatal(0, "cannot encode email"); + byte_xasprintf((char **)&content_type, "text/plain;charset=%s", + quote822(charset, 0)); + pid = sendmail_subprocess("", config->mail_sender, email, + "DisOrder password reminder", + encoding, content_type, text); + if(pid < 0) { + sink_writes(ev_writer_sink(c->w), "550 Cannot send a reminder email\n"); + return 1; + } + hash_add(last_reminder, vec[0], &now, HASH_INSERT_OR_REPLACE); + info("sending a passsword reminder to user '%s'", vec[0]); + /* We can only continue when the subprocess finishes */ + ev_child(c->ev, pid, 0, sent_reminder, c); + return 0; +} + static const struct command { /** @brief Command name */ const char *name; @@ -1246,6 +1418,7 @@ static const struct command { { "recent", 0, 0, c_recent, RIGHT_READ }, { "reconfigure", 0, 0, c_reconfigure, RIGHT_ADMIN }, { "register", 3, 3, c_register, RIGHT_REGISTER|RIGHT__LOCAL }, + { "reminder", 1, 1, c_reminder, RIGHT__LOCAL }, { "remove", 1, 1, c_remove, RIGHT_REMOVE__MASK }, { "rescan", 0, 0, c_rescan, RIGHT_RESCAN }, { "resolve", 1, 1, c_resolve, RIGHT_READ }, @@ -1369,6 +1542,7 @@ static int reader_callback(ev_source attribute((unused)) *ev, ev_writer_close(c->w); c->w = 0; } + remove_connection(c); } return 0; }