X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/disorder/blobdiff_plain/b4a80f69edc156b91cd19c2175078b7cc940ed0f..8f9616f198b617214724183e32d598339c3bbbc4:/server/server.c diff --git a/server/server.c b/server/server.c index 8d49193..a7dee99 100644 --- a/server/server.c +++ b/server/server.c @@ -72,6 +72,10 @@ # define NONCE_SIZE 16 #endif +#ifndef CONFIRM_SIZE +# define CONFIRM_SIZE 10 +#endif + int volume_left, volume_right; /* last known volume */ /** @brief Accept all well-formed login attempts @@ -114,8 +118,13 @@ struct conn { char *cookie; /** @brief Connection rights */ rights_type rights; + /** @brief Next connection */ + struct conn *next; }; +/** @brief Linked list of connections */ +static struct conn *connections; + static int reader_callback(ev_source *ev, ev_reader *reader, void *ptr, @@ -125,6 +134,16 @@ static int reader_callback(ev_source *ev, static const char *noyes[] = { "no", "yes" }; +/** @brief Remove a connection from the connection list */ +static void remove_connection(struct conn *c) { + struct conn **cc; + + for(cc = &connections; *cc && *cc != c; cc = &(*cc)->next) + ; + if(*cc) + *cc = c->next; +} + /** @brief Called when a connection's writer fails or is shut down * * If the connection still has a raeder that is cancelled. @@ -150,6 +169,7 @@ static int writer_error(ev_source attribute((unused)) *ev, } c->w = 0; ev_report(ev); + remove_connection(c); return 0; } @@ -169,6 +189,7 @@ static int reader_error(ev_source attribute((unused)) *ev, c->w = 0; c->r = 0; ev_report(ev); + remove_connection(c); return 0; } @@ -233,20 +254,13 @@ static int c_play(struct conn *c, char **vec, static int c_remove(struct conn *c, char **vec, int attribute((unused)) nvec) { struct queue_entry *q; - rights_type r; if(!(q = queue_find(vec[0]))) { sink_writes(ev_writer_sink(c->w), "550 no such track on the queue\n"); return 1; } - if(q->submitter) - if(!strcmp(q->submitter, c->who)) - r = RIGHT_REMOVE_MINE; - else - r = RIGHT_REMOVE_ANY; - else - r = RIGHT_REMOVE_RANDOM; - if(!(c->rights & r)) { + if(!right_removable(c->rights, c->who, q)) { + error(0, "%s attempted remove but lacks required rights", c->who); sink_writes(ev_writer_sink(c->w), "510 Not authorized to remove that track\n"); return 1; @@ -268,8 +282,6 @@ static int c_remove(struct conn *c, char **vec, static int c_scratch(struct conn *c, char **vec, int nvec) { - rights_type r; - if(!playing) { sink_writes(ev_writer_sink(c->w), "250 nothing is playing\n"); return 1; /* completed */ @@ -277,14 +289,8 @@ static int c_scratch(struct conn *c, /* TODO there is a bug here: if we specify an ID but it's not the currently * playing track then you will get 550 if you weren't authorized to scratch * the currently playing track. */ - if(playing->submitter) - if(!strcmp(playing->submitter, c->who)) - r = RIGHT_SCRATCH_MINE; - else - r = RIGHT_SCRATCH_ANY; - else - r = RIGHT_SCRATCH_RANDOM; - if(!(c->rights & r)) { + if(!right_scratchable(c->rights, c->who, playing)) { + error(0, "%s attempted scratch but lacks required rights", c->who); sink_writes(ev_writer_sink(c->w), "510 Not authorized to scratch that track\n"); return 1; @@ -350,7 +356,7 @@ static int c_rescan(struct conn *c, char attribute((unused)) **vec, int attribute((unused)) nvec) { info("S%x rescan by %s", c->tag, c->who); - trackdb_rescan(c->ev); + trackdb_rescan(c->ev, 1/*check*/); sink_writes(ev_writer_sink(c->w), "250 initiated rescan\n"); return 1; /* completed */ } @@ -446,10 +452,10 @@ static int c_user(struct conn *c, c->who = vec[0]; c->rights = rights; /* currently we only bother logging remote connections */ - if(strcmp(host, "local")) { + if(strcmp(host, "local")) info("S%x %s connected from %s", c->tag, vec[0], host); + else c->rights |= RIGHT__LOCAL; - } sink_writes(ev_writer_sink(c->w), "230 OK\n"); return 1; } @@ -754,6 +760,7 @@ static int c_volume(struct conn *c, } rights = set ? RIGHT_VOLUME : RIGHT_READ; if(!(c->rights & rights)) { + error(0, "%s attempted to set volume but lacks required rights", c->who); sink_writes(ev_writer_sink(c->w), "510 Prohibited\n"); return 1; } @@ -795,6 +802,7 @@ static int logging_reader_callback(ev_source attribute((unused)) *ev, c->w = 0; } c->r = 0; + remove_connection(c); } return 0; } @@ -849,20 +857,13 @@ static int c_log(struct conn *c, * @return 0 if move is prohibited, non-0 if it is allowed */ static int has_move_rights(struct conn *c, struct queue_entry **qs, int nqs) { - rights_type r = 0; - for(; nqs > 0; ++qs, --nqs) { struct queue_entry *const q = *qs; - if(q->submitter) - if(!strcmp(q->submitter, c->who)) - r |= RIGHT_MOVE_MINE; - else - r |= RIGHT_MOVE_ANY; - else - r |= RIGHT_MOVE_RANDOM; + if(!right_movable(c->rights, c->who, q)) + return 0; } - return (c->rights & r) == r; + return 1; } static int c_move(struct conn *c, @@ -876,6 +877,7 @@ static int c_move(struct conn *c, return 1; } if(!has_move_rights(c, &q, 1)) { + error(0, "%s attempted move but lacks required rights", c->who); sink_writes(ev_writer_sink(c->w), "510 Not authorized to move that track\n"); return 1; @@ -910,6 +912,7 @@ static int c_moveafter(struct conn *c, return 1; } if(!has_move_rights(c, qs, nvec)) { + error(0, "%s attempted moveafter but lacks required rights", c->who); sink_writes(ev_writer_sink(c->w), "510 Not authorized to move those tracks\n"); return 1; @@ -1008,7 +1011,7 @@ static int c_new(struct conn *c, static int c_rtp_address(struct conn *c, char attribute((unused)) **vec, int attribute((unused)) nvec) { - if(config->speaker_backend == BACKEND_NETWORK) { + if(config->api == BACKEND_NETWORK) { sink_printf(ev_writer_sink(c->w), "252 %s %s\n", quoteutf8(config->broadcast.s[0]), quoteutf8(config->broadcast.s[1])); @@ -1044,10 +1047,10 @@ static int c_cookie(struct conn *c, c->who = user; c->cookie = vec[0]; c->rights = rights; - if(strcmp(host, "local")) { + if(strcmp(host, "local")) info("S%x %s connected with cookie from %s", c->tag, user, host); + else c->rights |= RIGHT__LOCAL; - } /* Response contains username so client knows who they are acting as */ sink_printf(ev_writer_sink(c->w), "232 %s\n", quoteutf8(user)); return 1; @@ -1100,28 +1103,54 @@ static int c_adduser(struct conn *c, static int c_deluser(struct conn *c, char **vec, int attribute((unused)) nvec) { - if(trackdb_deluser(vec[0])) + struct conn *d; + + if(trackdb_deluser(vec[0])) { sink_writes(ev_writer_sink(c->w), "550 Cannot delete user\n"); - else - sink_writes(ev_writer_sink(c->w), "250 User deleted\n"); + return 1; + } + /* Zap connections belonging to deleted user */ + for(d = connections; d; d = d->next) + if(!strcmp(d->who, vec[0])) + d->rights = 0; + sink_writes(ev_writer_sink(c->w), "250 User deleted\n"); return 1; } static int c_edituser(struct conn *c, char **vec, int attribute((unused)) nvec) { + struct conn *d; + /* RIGHT_ADMIN can do anything; otherwise you can only set your own email * address and password. */ if((c->rights & RIGHT_ADMIN) || (!strcmp(c->who, vec[0]) && (!strcmp(vec[1], "email") || !strcmp(vec[1], "password")))) { - if(trackdb_edituserinfo(vec[0], vec[1], vec[2])) + if(trackdb_edituserinfo(vec[0], vec[1], vec[2])) { sink_writes(ev_writer_sink(c->w), "550 Failed to change setting\n"); - else - sink_writes(ev_writer_sink(c->w), "250 OK\n"); - } else + return 1; + } + if(!strcmp(vec[1], "password")) { + /* Zap all connections for this user after a password change */ + for(d = connections; d; d = d->next) + if(!strcmp(d->who, vec[0])) + d->rights = 0; + } else if(!strcmp(vec[1], "rights")) { + /* Update rights for this user */ + rights_type r; + + if(parse_rights(vec[1], &r, 1)) + for(d = connections; d; d = d->next) + if(!strcmp(d->who, vec[0])) + d->rights = r; + } + sink_writes(ev_writer_sink(c->w), "250 OK\n"); + } else { + error(0, "%s attempted edituser but lacks required rights", c->who); sink_writes(ev_writer_sink(c->w), "510 Restricted to administrators\n"); + } return 1; } @@ -1144,8 +1173,10 @@ static int c_userinfo(struct conn *c, sink_writes(ev_writer_sink(c->w), "555 Not set\n"); else sink_writes(ev_writer_sink(c->w), "550 No such user\n"); - } else + } else { + error(0, "%s attempted userinfo but lacks required rights", c->who); sink_writes(ev_writer_sink(c->w), "510 Restricted to administrators\n"); + } return 1; } @@ -1165,6 +1196,16 @@ static int c_users(struct conn *c, return 1; /* completed */ } +/** @brief Base64 mapping table for confirmation strings + * + * This is used with generic_to_base64() and generic_base64(). We cannot use + * the MIME table as that contains '+' and '=' which get quoted when + * URL-encoding. (The CGI still does the URL encoding but it is desirable to + * avoid it being necessary.) + */ +static const char confirm_base64_table[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789/.*"; + static int c_register(struct conn *c, char **vec, int attribute((unused)) nvec) { @@ -1173,11 +1214,12 @@ static int c_register(struct conn *c, int offset; /* The confirmation string is base64(username;nonce) */ - bufsize = strlen(vec[0]) + NONCE_SIZE + 2; + bufsize = strlen(vec[0]) + CONFIRM_SIZE + 2; buf = xmalloc_noptr(bufsize); offset = byte_snprintf(buf, bufsize, "%s;", vec[0]); - gcry_randomize(buf + offset, NONCE_SIZE, GCRY_STRONG_RANDOM); - cs = mime_to_base64((uint8_t *)buf, offset + NONCE_SIZE); + gcry_randomize(buf + offset, CONFIRM_SIZE, GCRY_STRONG_RANDOM); + cs = generic_to_base64((uint8_t *)buf, offset + CONFIRM_SIZE, + confirm_base64_table); if(trackdb_adduser(vec[0], vec[1], config->default_rights, vec[2], cs)) sink_writes(ev_writer_sink(c->w), "550 Cannot create user\n"); else @@ -1190,17 +1232,33 @@ static int c_confirm(struct conn *c, int attribute((unused)) nvec) { size_t nuser; char *user, *sep; + rights_type rights; + const char *host; - if(!(user = mime_base64(vec[0], &nuser)) + /* Get some kind of peer identifcation */ + if(!(host = connection_host(c))) { + sink_writes(ev_writer_sink(c->w), "530 Authentication failure\n"); + return 1; + } + if(!(user = generic_base64(vec[0], &nuser, confirm_base64_table)) || !(sep = memchr(user, ';', nuser))) { sink_writes(ev_writer_sink(c->w), "550 Malformed confirmation string\n"); return 1; } *sep = 0; - if(trackdb_confirm(user, vec[0])) + if(trackdb_confirm(user, vec[0], &rights)) sink_writes(ev_writer_sink(c->w), "550 Incorrect confirmation string\n"); - else - sink_writes(ev_writer_sink(c->w), "250 OK\n"); + else { + c->who = user; + c->cookie = 0; + c->rights = rights; + if(strcmp(host, "local")) + info("S%x %s confirmed from %s", c->tag, user, host); + else + c->rights |= RIGHT__LOCAL; + /* Response contains username so client knows who they are acting as */ + sink_printf(ev_writer_sink(c->w), "232 %s\n", quoteutf8(user)); + } return 1; } @@ -1309,6 +1367,8 @@ static int command(struct conn *c, char *line) { else { if(commands[n].rights && !(c->rights & commands[n].rights)) { + error(0, "%s attempted %s but lacks required rights", c->who ? c->who : "NULL", + commands[n].name); sink_writes(ev_writer_sink(c->w), "510 Prohibited\n"); return 1; } @@ -1378,6 +1438,7 @@ static int reader_callback(ev_source attribute((unused)) *ev, ev_writer_close(c->w); c->w = 0; } + remove_connection(c); } return 0; }