X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/disorder/blobdiff_plain/bd8895a87731c72190ea2012f36583f796d4181a..0126692cf18af76f6cede755f995cb28c44fb331:/server/server.c

diff --git a/server/server.c b/server/server.c
index f0dfeb4..44580c9 100644
--- a/server/server.c
+++ b/server/server.c
@@ -72,6 +72,10 @@
 # define NONCE_SIZE 16
 #endif
 
+#ifndef CONFIRM_SIZE
+# define CONFIRM_SIZE 10
+#endif
+
 int volume_left, volume_right;		/* last known volume */
 
 /** @brief Accept all well-formed login attempts
@@ -114,8 +118,13 @@ struct conn {
   char *cookie;
   /** @brief Connection rights */
   rights_type rights;
+  /** @brief Next connection */
+  struct conn *next;
 };
 
+/** @brief Linked list of connections */
+static struct conn *connections;
+
 static int reader_callback(ev_source *ev,
 			   ev_reader *reader,
 			   void *ptr,
@@ -125,6 +134,16 @@ static int reader_callback(ev_source *ev,
 
 static const char *noyes[] = { "no", "yes" };
 
+/** @brief Remove a connection from the connection list */
+static void remove_connection(struct conn *c) {
+  struct conn **cc;
+
+  for(cc = &connections; *cc && *cc != c; cc = &(*cc)->next)
+    ;
+  if(*cc)
+    *cc = c->next;
+}
+
 /** @brief Called when a connection's writer fails or is shut down
  *
  * If the connection still has a raeder that is cancelled.
@@ -150,6 +169,7 @@ static int writer_error(ev_source attribute((unused)) *ev,
   }
   c->w = 0;
   ev_report(ev);
+  remove_connection(c);
   return 0;
 }
 
@@ -169,6 +189,7 @@ static int reader_error(ev_source attribute((unused)) *ev,
   c->w = 0;
   c->r = 0;
   ev_report(ev);
+  remove_connection(c);
   return 0;
 }
 
@@ -431,10 +452,10 @@ static int c_user(struct conn *c,
     c->who = vec[0];
     c->rights = rights;
     /* currently we only bother logging remote connections */
-    if(strcmp(host, "local")) {
+    if(strcmp(host, "local"))
       info("S%x %s connected from %s", c->tag, vec[0], host);
+    else
       c->rights |= RIGHT__LOCAL;
-    }
     sink_writes(ev_writer_sink(c->w), "230 OK\n");
     return 1;
   }
@@ -781,6 +802,7 @@ static int logging_reader_callback(ev_source attribute((unused)) *ev,
       c->w = 0;
     }
     c->r = 0;
+    remove_connection(c);
   }
   return 0;
 }
@@ -1025,10 +1047,10 @@ static int c_cookie(struct conn *c,
   c->who = user;
   c->cookie = vec[0];
   c->rights = rights;
-  if(strcmp(host, "local")) {
+  if(strcmp(host, "local"))
     info("S%x %s connected with cookie from %s", c->tag, user, host);
+  else
     c->rights |= RIGHT__LOCAL;
-  }
   /* Response contains username so client knows who they are acting as */
   sink_printf(ev_writer_sink(c->w), "232 %s\n", quoteutf8(user));
   return 1;
@@ -1081,26 +1103,50 @@ static int c_adduser(struct conn *c,
 static int c_deluser(struct conn *c,
 		     char **vec,
 		     int attribute((unused)) nvec) {
-  if(trackdb_deluser(vec[0]))
+  struct conn *d;
+
+  if(trackdb_deluser(vec[0])) {
     sink_writes(ev_writer_sink(c->w), "550 Cannot delete user\n");
-  else
-    sink_writes(ev_writer_sink(c->w), "250 User deleted\n");
+    return 1;
+  }
+  /* Zap connections belonging to deleted user */
+  for(d = connections; d; d = d->next)
+    if(!strcmp(d->who, vec[0]))
+      d->rights = 0;
+  sink_writes(ev_writer_sink(c->w), "250 User deleted\n");
   return 1;
 }
 
 static int c_edituser(struct conn *c,
 		      char **vec,
 		      int attribute((unused)) nvec) {
+  struct conn *d;
+
   /* RIGHT_ADMIN can do anything; otherwise you can only set your own email
    * address and password. */
   if((c->rights & RIGHT_ADMIN)
      || (!strcmp(c->who, vec[0])
 	 && (!strcmp(vec[1], "email")
 	     || !strcmp(vec[1], "password")))) {
-    if(trackdb_edituserinfo(vec[0], vec[1], vec[2]))
+    if(trackdb_edituserinfo(vec[0], vec[1], vec[2])) {
       sink_writes(ev_writer_sink(c->w), "550 Failed to change setting\n");
-    else
-      sink_writes(ev_writer_sink(c->w), "250 OK\n");
+      return 1;
+    }
+    if(!strcmp(vec[1], "password")) {
+      /* Zap all connections for this user after a password change */
+      for(d = connections; d; d = d->next)
+	if(!strcmp(d->who, vec[0]))
+	  d->rights = 0;
+    } else if(!strcmp(vec[1], "rights")) {
+      /* Update rights for this user */
+      rights_type r;
+
+      if(parse_rights(vec[1], &r, 1))
+	for(d = connections; d; d = d->next)
+	  if(!strcmp(d->who, vec[0]))
+	    d->rights = r;
+    }
+    sink_writes(ev_writer_sink(c->w), "250 OK\n");
   } else {
     error(0, "%s attempted edituser but lacks required rights", c->who);
     sink_writes(ev_writer_sink(c->w), "510 Restricted to administrators\n");
@@ -1150,6 +1196,16 @@ static int c_users(struct conn *c,
   return 1;				/* completed */
 }
 
+/** @brief Base64 mapping table for confirmation strings
+ *
+ * This is used with generic_to_base64() and generic_base64().  We cannot use
+ * the MIME table as that contains '+' and '=' which get quoted when
+ * URL-encoding.  (The CGI still does the URL encoding but it is desirable to
+ * avoid it being necessary.)
+ */
+static const char confirm_base64_table[] =
+  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789/.*";
+
 static int c_register(struct conn *c,
 		      char **vec,
 		      int attribute((unused)) nvec) {
@@ -1158,11 +1214,12 @@ static int c_register(struct conn *c,
   int offset;
 
   /* The confirmation string is base64(username;nonce) */
-  bufsize = strlen(vec[0]) + NONCE_SIZE + 2;
+  bufsize = strlen(vec[0]) + CONFIRM_SIZE + 2;
   buf = xmalloc_noptr(bufsize);
   offset = byte_snprintf(buf, bufsize, "%s;", vec[0]);
-  gcry_randomize(buf + offset, NONCE_SIZE, GCRY_STRONG_RANDOM);
-  cs = mime_to_base64((uint8_t *)buf, offset + NONCE_SIZE);
+  gcry_randomize(buf + offset, CONFIRM_SIZE, GCRY_STRONG_RANDOM);
+  cs = generic_to_base64((uint8_t *)buf, offset + CONFIRM_SIZE,
+			 confirm_base64_table);
   if(trackdb_adduser(vec[0], vec[1], config->default_rights, vec[2], cs))
     sink_writes(ev_writer_sink(c->w), "550 Cannot create user\n");
   else
@@ -1175,17 +1232,33 @@ static int c_confirm(struct conn *c,
 		     int attribute((unused)) nvec) {
   size_t nuser;
   char *user, *sep;
+  rights_type rights;
+  const char *host;
 
-  if(!(user = mime_base64(vec[0], &nuser))
+  /* Get some kind of peer identifcation */
+  if(!(host = connection_host(c))) {
+    sink_writes(ev_writer_sink(c->w), "530 Authentication failure\n");
+    return 1;
+  }
+  if(!(user = generic_base64(vec[0], &nuser, confirm_base64_table))
      || !(sep = memchr(user, ';', nuser))) {
     sink_writes(ev_writer_sink(c->w), "550 Malformed confirmation string\n");
     return 1;
   }
   *sep = 0;
-  if(trackdb_confirm(user, vec[0]))
+  if(trackdb_confirm(user, vec[0], &rights))
     sink_writes(ev_writer_sink(c->w), "550 Incorrect confirmation string\n");
-  else
-    sink_writes(ev_writer_sink(c->w), "250 OK\n");
+  else {
+    c->who = user;
+    c->cookie = 0;
+    c->rights = rights;
+    if(strcmp(host, "local"))
+      info("S%x %s confirmed from %s", c->tag, user, host);
+    else
+      c->rights |= RIGHT__LOCAL;
+    /* Response contains username so client knows who they are acting as */
+    sink_printf(ev_writer_sink(c->w), "232 %s\n", quoteutf8(user));
+  }
   return 1;
 }
  
@@ -1365,6 +1438,7 @@ static int reader_callback(ev_source attribute((unused)) *ev,
       ev_writer_close(c->w);
       c->w = 0;
     }
+    remove_connection(c);
   }
   return 0;
 }