3 * UCC (University [of WA] Computer Club) Electronic Accounting System
5 * server.c - Client Server Code
7 * This file is licenced under the 3-clause BSD Licence. See the file
8 * COPYING for full details.
13 #include <sys/socket.h>
14 #include <netinet/in.h>
15 #include <arpa/inet.h>
20 #define HACK_TPG_NOAUTH 1
23 #define MAX_CONNECTION_QUEUE 5
24 #define INPUT_BUFFER_SIZE 256
26 #define HASH_TYPE SHA1
27 #define HASH_LENGTH 20
29 #define MSG_STR_TOO_LONG "499 Command too long (limit "EXPSTR(INPUT_BUFFER_SIZE)")\n"
32 typedef struct sClient
36 int bIsTrusted; // Is the connection from a trusted host/port
46 void Server_Start(void);
47 void Server_Cleanup(void);
48 void Server_HandleClient(int Socket, int bTrusted);
49 char *Server_ParseClientCommand(tClient *Client, char *CommandString);
51 char *Server_Cmd_USER(tClient *Client, char *Args);
52 char *Server_Cmd_PASS(tClient *Client, char *Args);
53 char *Server_Cmd_AUTOAUTH(tClient *Client, char *Args);
54 char *Server_Cmd_ENUMITEMS(tClient *Client, char *Args);
55 char *Server_Cmd_ITEMINFO(tClient *Client, char *Args);
56 char *Server_Cmd_DISPENSE(tClient *Client, char *Args);
58 int GetUserAuth(const char *Salt, const char *Username, const uint8_t *Hash);
59 void HexBin(uint8_t *Dest, char *Src, int BufSize);
62 int giServer_Port = 1020;
63 int giServer_NextClientID = 1;
65 struct sClientCommand {
67 char *(*Function)(tClient *Client, char *Arguments);
68 } gaServer_Commands[] = {
69 {"USER", Server_Cmd_USER},
70 {"PASS", Server_Cmd_PASS},
71 {"AUTOAUTH", Server_Cmd_AUTOAUTH},
72 {"ENUM_ITEMS", Server_Cmd_ENUMITEMS},
73 {"ITEM_INFO", Server_Cmd_ITEMINFO},
74 {"DISPENSE", Server_Cmd_DISPENSE}
76 #define NUM_COMMANDS (sizeof(gaServer_Commands)/sizeof(gaServer_Commands[0]))
81 * \brief Open listenting socket and serve connections
83 void Server_Start(void)
86 struct sockaddr_in server_addr, client_addr;
88 atexit(Server_Cleanup);
91 giServer_Socket = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
92 if( giServer_Socket < 0 ) {
93 fprintf(stderr, "ERROR: Unable to create server socket\n");
97 // Make listen address
98 memset(&server_addr, 0, sizeof(server_addr));
99 server_addr.sin_family = AF_INET; // Internet Socket
100 server_addr.sin_addr.s_addr = htonl(INADDR_ANY); // Listen on all interfaces
101 server_addr.sin_port = htons(giServer_Port); // Port
104 if( bind(giServer_Socket, (struct sockaddr *) &server_addr, sizeof(server_addr)) < 0 ) {
105 fprintf(stderr, "ERROR: Unable to bind to 0.0.0.0:%i\n", giServer_Port);
111 if( listen(giServer_Socket, MAX_CONNECTION_QUEUE) < 0 ) {
112 fprintf(stderr, "ERROR: Unable to listen to socket\n");
117 printf("Listening on 0.0.0.0:%i\n", giServer_Port);
121 uint len = sizeof(client_addr);
124 client_socket = accept(giServer_Socket, (struct sockaddr *) &client_addr, &len);
125 if(client_socket < 0) {
126 fprintf(stderr, "ERROR: Unable to accept client connection\n");
130 if(giDebugLevel >= 2) {
131 char ipstr[INET_ADDRSTRLEN];
132 inet_ntop(AF_INET, &client_addr.sin_addr, ipstr, INET_ADDRSTRLEN);
133 printf("Client connection from %s:%i\n",
134 ipstr, ntohs(client_addr.sin_port));
137 // Trusted Connections
138 if( ntohs(client_addr.sin_port) < 1024 )
140 // TODO: Make this runtime configurable
141 switch( ntohl( client_addr.sin_addr.s_addr ) )
143 case 0x7F000001: // 127.0.0.1 localhost
144 //case 0x825E0D00: // 130.95.13.0
145 case 0x825E0D12: // 130.95.13.18 mussel
146 case 0x825E0D17: // 130.95.13.23 martello
154 // TODO: Multithread this?
155 Server_HandleClient(client_socket, bTrusted);
157 close(client_socket);
161 void Server_Cleanup(void)
163 printf("Close(%i)\n", giServer_Socket);
164 close(giServer_Socket);
168 * \brief Reads from a client socket and parses the command strings
169 * \param Socket Client socket number/handle
170 * \param bTrusted Is the client trusted?
172 void Server_HandleClient(int Socket, int bTrusted)
174 char inbuf[INPUT_BUFFER_SIZE];
176 int remspace = INPUT_BUFFER_SIZE-1;
178 tClient clientInfo = {0};
180 // Initialise Client info
181 clientInfo.ID = giServer_NextClientID ++;
182 clientInfo.bIsTrusted = bTrusted;
187 * - The `buf` and `remspace` variables allow a line to span several
188 * calls to recv(), if a line is not completed in one recv() call
189 * it is saved to the beginning of `inbuf` and `buf` is updated to
192 while( (bytes = recv(Socket, buf, remspace, 0)) > 0 )
195 buf[bytes] = '\0'; // Allow us to use stdlib string functions on it
199 while( (eol = strchr(start, '\n')) )
203 ret = Server_ParseClientCommand(&clientInfo, start);
204 // `ret` is a string on the heap
205 send(Socket, ret, strlen(ret), 0);
210 // Check if there was an incomplete line
211 if( *start != '\0' ) {
212 int tailBytes = bytes - (start-buf);
213 // Roll back in buffer
214 memcpy(inbuf, start, tailBytes);
215 remspace -= tailBytes;
217 send(Socket, MSG_STR_TOO_LONG, sizeof(MSG_STR_TOO_LONG), 0);
219 remspace = INPUT_BUFFER_SIZE - 1;
224 remspace = INPUT_BUFFER_SIZE - 1;
230 fprintf(stderr, "ERROR: Unable to recieve from client on socket %i\n", Socket);
234 if(giDebugLevel >= 2) {
235 printf("Client %i: Disconnected\n", clientInfo.ID);
240 * \brief Parses a client command and calls the required helper function
241 * \param Client Pointer to client state structure
242 * \param CommandString Command from client (single line of the command)
243 * \return Heap String to return to the client
245 char *Server_ParseClientCommand(tClient *Client, char *CommandString)
250 // Split at first space
251 space = strchr(CommandString, ' ');
261 for( i = 0; i < NUM_COMMANDS; i++ )
263 if(strcmp(CommandString, gaServer_Commands[i].Name) == 0)
264 return gaServer_Commands[i].Function(Client, args);
267 return strdup("400 Unknown Command\n");
274 * \brief Set client username
276 * Usage: USER <username>
278 char *Server_Cmd_USER(tClient *Client, char *Args)
284 printf("Client %i authenticating as '%s'\n", Client->ID, Args);
288 free(Client->Username);
289 Client->Username = strdup(Args);
292 // Create a salt (that changes if the username is changed)
293 // Yes, I know, I'm a little paranoid, but who isn't?
294 Client->Salt[0] = 0x21 + (rand()&0x3F);
295 Client->Salt[1] = 0x21 + (rand()&0x3F);
296 Client->Salt[2] = 0x21 + (rand()&0x3F);
297 Client->Salt[3] = 0x21 + (rand()&0x3F);
298 Client->Salt[4] = 0x21 + (rand()&0x3F);
299 Client->Salt[5] = 0x21 + (rand()&0x3F);
300 Client->Salt[6] = 0x21 + (rand()&0x3F);
301 Client->Salt[7] = 0x21 + (rand()&0x3F);
303 // TODO: Also send hash type to use, (SHA1 or crypt according to [DAA])
304 // "100 Salt xxxxXXXX\n"
305 ret = strdup("100 SALT xxxxXXXX\n");
306 sprintf(ret, "100 SALT %s\n", Client->Salt);
308 ret = strdup("100 User Set\n");
314 * \brief Authenticate as a user
318 char *Server_Cmd_PASS(tClient *Client, char *Args)
320 uint8_t clienthash[HASH_LENGTH] = {0};
323 HexBin(clienthash, Args, HASH_LENGTH);
325 // TODO: Decrypt password passed
327 Client->UID = GetUserAuth(Client->Salt, Client->Username, clienthash);
329 if( Client->UID != -1 ) {
330 Client->bIsAuthed = 1;
331 return strdup("200 Auth OK\n");
336 printf("Client %i: Password hash ", Client->ID);
337 for(i=0;i<HASH_LENGTH;i++)
338 printf("%02x", clienthash[i]&0xFF);
342 return strdup("401 Auth Failure\n");
346 * \brief Authenticate as a user without a password
348 * Usage: AUTOAUTH <user>
350 char *Server_Cmd_AUTOAUTH(tClient *Client, char *Args)
352 char *spos = strchr(Args, ' ');
353 if(spos) *spos = '\0'; // Remove characters after the ' '
356 if( !Client->bIsTrusted ) {
358 printf("Client %i: Untrusted client attempting to AUTOAUTH\n", Client->ID);
359 return strdup("401 Untrusted\n");
363 Client->UID = GetUserID( Args );
364 if( Client->UID < 0 ) {
366 printf("Client %i: Unknown user '%s'\n", Client->ID, Args);
367 return strdup("401 Auth Failure\n");
371 printf("Client %i: Authenticated as '%s' (%i)\n", Client->ID, Args, Client->UID);
373 return strdup("200 Auth OK\n");
377 * \brief Enumerate the items that the server knows about
379 char *Server_Cmd_ENUMITEMS(tClient *Client, char *Args)
381 // int nItems = giNumItems;
386 retLen = snprintf(NULL, 0, "201 Items %i", giNumItems);
388 for( i = 0; i < giNumItems; i ++ )
390 retLen += snprintf(NULL, 0, " %s:%i", gaItems[i].Handler->Name, gaItems[i].ID);
393 ret = malloc(retLen+1);
395 retLen += sprintf(ret+retLen, "201 Items %i", giNumItems);
397 for( i = 0; i < giNumItems; i ++ ) {
398 retLen += sprintf(ret+retLen, " %s:%i", gaItems[i].Handler->Name, gaItems[i].ID);
406 tItem *_GetItemFromString(char *String)
410 char *colon = strchr(String, ':');
422 for( i = 0; i < giNumHandlers; i ++ )
424 if( strcmp(gaHandlers[i]->Name, type) == 0) {
425 handler = gaHandlers[i];
434 for( i = 0; i < giNumItems; i ++ )
436 if( gaItems[i].Handler != handler ) continue;
437 if( gaItems[i].ID != num ) continue;
444 * \brief Fetch information on a specific item
446 char *Server_Cmd_ITEMINFO(tClient *Client, char *Args)
450 tItem *item = _GetItemFromString(Args);
453 return strdup("406 Bad Item ID\n");
457 retLen = snprintf(NULL, 0, "202 Item %s:%i %i %s\n",
458 item->Handler->Name, item->ID, item->Price, item->Name);
459 ret = malloc(retLen+1);
460 sprintf(ret, "202 Item %s:%i %i %s\n",
461 item->Handler->Name, item->ID, item->Price, item->Name);
466 char *Server_Cmd_DISPENSE(tClient *Client, char *Args)
469 if( !Client->bIsAuthed ) return strdup("401 Not Authenticated\n");
471 item = _GetItemFromString(Args);
473 return strdup("406 Bad Item ID\n");
476 switch( DispenseItem( Client->UID, item ) )
478 case 0: return strdup("200 Dispense OK\n");
479 case 1: return strdup("501 Unable to dispense\n");
480 case 2: return strdup("402 Poor You\n");
482 return strdup("500 Dispense Error\n");
486 char *Server_Cmd_GIVE(tClient *Client, char *Args)
488 char *recipient, *ammount, *reason;
491 if( !Client->bIsAuthed ) return strdup("401 Not Authenticated\n");
495 ammount = strchr(Args, ' ');
496 if( !ammount ) return strdup("407 Invalid Argument, expected 3 parameters, 1 encountered\n");
500 reason = strchr(ammount, ' ');
501 if( !reason ) return strdup("407 Invalid Argument, expected 3 parameters, 2 encountered\n");
506 uid = GetUserID(recipient);
507 if( uid == -1 ) return strdup("404 Invalid target user");
510 iAmmount = atoi(ammount);
511 if( iAmmount <= 0 ) return strdup("407 Invalid Argument, ammount must be > zero\n");
514 switch( Transfer(Client->UID, uid, iAmmount, reason) )
517 return strdup("200 Give OK\n");
519 return strdup("402 Poor You\n");
524 * \brief Authenticate a user
525 * \return User ID, or -1 if authentication failed
527 int GetUserAuth(const char *Salt, const char *Username, const uint8_t *ProvidedHash)
531 int ofs = strlen(Username) + strlen(Salt);
532 char input[ ofs + 40 + 1];
533 char tmp[4 + strlen(Username) + 1]; // uid=%s
537 if( strcmp(Username, "tpg") == 0 )
538 return GetUserID("tpg");
543 strcpy(input, Username);
545 // TODO: Get user's SHA-1 hash
546 sprintf(tmp, "uid=%s", Username);
547 ldap_search_s(ld, "", LDAP_SCOPE_BASE, tmp, "userPassword", 0, res);
549 sprintf(input+ofs, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
550 h[ 0], h[ 1], h[ 2], h[ 3], h[ 4], h[ 5], h[ 6], h[ 7], h[ 8], h[ 9],
551 h[10], h[11], h[12], h[13], h[14], h[15], h[16], h[17], h[18], h[19]
553 // Then create the hash from the provided salt
554 // Compare that with the provided hash
560 // --- INTERNAL HELPERS ---
561 // TODO: Move to another file
562 void HexBin(uint8_t *Dest, char *Src, int BufSize)
565 for( i = 0; i < BufSize; i ++ )
569 if('0' <= *Src && *Src <= '9')
570 val |= (*Src-'0') << 4;
571 else if('A' <= *Src && *Src <= 'F')
572 val |= (*Src-'A'+10) << 4;
573 else if('a' <= *Src && *Src <= 'f')
574 val |= (*Src-'a'+10) << 4;
579 if('0' <= *Src && *Src <= '9')
581 else if('A' <= *Src && *Src <= 'F')
582 val |= (*Src-'A'+10);
583 else if('a' <= *Src && *Src <= 'f')
584 val |= (*Src-'a'+10);
591 for( ; i < BufSize; i++ )
596 * \brief Decode a Base64 value
598 int UnBase64(uint8_t *Dest, char *Src, int BufSize)
602 char *start_src = Src;
604 for( i = 0; i+2 < BufSize; i += 3 )
607 for( j = 0; j < 4; j++, Src ++ ) {
608 if('A' <= *Src && *Src <= 'Z')
609 val |= (*Src - 'A') << ((3-j)*6);
610 else if('a' <= *Src && *Src <= 'z')
611 val |= (*Src - 'a' + 26) << ((3-j)*6);
612 else if('0' <= *Src && *Src <= '9')
613 val |= (*Src - '0' + 52) << ((3-j)*6);
615 val |= 62 << ((3-j)*6);
617 val |= 63 << ((3-j)*6);
621 j --; // Ignore invalid characters
623 Dest[i ] = (val >> 16) & 0xFF;
624 Dest[i+1] = (val >> 8) & 0xFF;
625 Dest[i+2] = val & 0xFF;
631 Dest[i] = (val >> 16) & 0xFF;
633 Dest[i+1] = (val >> 8) & 0xFF;
635 return Src - start_src;