- // We're not authenticated if the connection has just opened
- gbIsAuthenticated = 0;
-
- return sock;
-}
-
-/**
- * \brief Authenticate with the server
- * \return Boolean Failure
- */
-int Authenticate(int Socket)
-{
- struct passwd *pwd;
- char *buf;
- int responseCode;
- #if ATTEMPT_PASSWORD_AUTH
- char salt[32];
- int i;
- regmatch_t matches[4];
- #endif
-
- if( gbIsAuthenticated ) return 0;
-
- // Get user name
- pwd = getpwuid( getuid() );
-
- // Attempt automatic authentication
- sendf(Socket, "AUTOAUTH %s\n", pwd->pw_name);
-
- // Check if it worked
- buf = ReadLine(Socket);
-
- responseCode = atoi(buf);
- switch( responseCode )
- {
- case 200: // Autoauth succeeded, return
- free(buf);
- break;
-
- case 401: // Untrusted, attempt password authentication
- free(buf);
-
- #if ATTEMPT_PASSWORD_AUTH
- sendf(Socket, "USER %s\n", pwd->pw_name);
- printf("Using username %s\n", pwd->pw_name);
-
- buf = ReadLine(Socket);
-
- // TODO: Get Salt
- // Expected format: 100 SALT <something> ...
- // OR : 100 User Set
- RunRegex(&gSaltRegex, buf, 4, matches, "Malformed server response");
- responseCode = atoi(buf);
- if( responseCode != 100 ) {
- fprintf(stderr, "Unknown repsonse code %i from server\n%s\n", responseCode, buf);
- free(buf);
- return RV_UNKNOWN_ERROR; // ERROR
- }
-
- // Check for salt
- if( memcmp( buf+matches[2].rm_so, "SALT", matches[2].rm_eo - matches[2].rm_so) == 0) {
- // Store it for later
- memcpy( salt, buf + matches[3].rm_so, matches[3].rm_eo - matches[3].rm_so );
- salt[ matches[3].rm_eo - matches[3].rm_so ] = 0;
- }
- free(buf);
-
- // Give three attempts
- for( i = 0; i < 3; i ++ )
- {
- int ofs = strlen(pwd->pw_name)+strlen(salt);
- char tmpBuf[42];
- char tmp[ofs+20];
- char *pass = getpass("Password: ");
- uint8_t h[20];
-
- // Create hash string
- // <username><salt><hash>
- strcpy(tmp, pwd->pw_name);
- strcat(tmp, salt);
- SHA1( (unsigned char*)pass, strlen(pass), h );
- memcpy(tmp+ofs, h, 20);
-
- // Hash all that
- SHA1( (unsigned char*)tmp, ofs+20, h );
- sprintf(tmpBuf, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
- h[ 0], h[ 1], h[ 2], h[ 3], h[ 4], h[ 5], h[ 6], h[ 7], h[ 8], h[ 9],
- h[10], h[11], h[12], h[13], h[14], h[15], h[16], h[17], h[18], h[19]
- );
-
- // Send password
- sendf(Socket, "PASS %s\n", tmpBuf);
- buf = ReadLine(Socket);
-
- responseCode = atoi(buf);
- // Auth OK?
- if( responseCode == 200 ) break;
- // Bad username/password
- if( responseCode == 401 ) continue;
-
- fprintf(stderr, "Unknown repsonse code %i from server\n%s\n", responseCode, buf);
- free(buf);
- return RV_UNKNOWN_ERROR;
- }
- free(buf);
- if( i == 3 )
- return RV_INVALID_USER; // 2 = Bad Password
-
- #else
- fprintf(stderr, "Untrusted host, AUTOAUTH unavaliable\n");
- return RV_INVALID_USER;
- #endif
- break;
-
- case 404: // Bad Username
- fprintf(stderr, "Bad Username '%s'\n", pwd->pw_name);
- free(buf);
- return RV_INVALID_USER;
-
- default:
- fprintf(stderr, "Unkown response code %i from server\n", responseCode);
- printf("%s\n", buf);
- free(buf);
- return RV_UNKNOWN_ERROR;
- }
-
- // Set effective user
- if( gsEffectiveUser ) {
- sendf(Socket, "SETEUSER %s\n", gsEffectiveUser);
-
- buf = ReadLine(Socket);
- responseCode = atoi(buf);
-
- switch(responseCode)
- {
- case 200:
- printf("Running as '%s' by '%s'\n", gsEffectiveUser, pwd->pw_name);
- break;
-
- case 403:
- printf("Only coke members can use `dispense -u`\n");
- free(buf);
- return RV_PERMISSIONS;
-
- case 404:
- printf("Invalid user selected\n");
- free(buf);
- return RV_INVALID_USER;
-
- default:
- fprintf(stderr, "Unkown response code %i from server\n", responseCode);
- printf("%s\n", buf);
- free(buf);
- return RV_UNKNOWN_ERROR;
- }
-
- free(buf);
- }
-
- gbIsAuthenticated = 1;
-
- return 0;
-}
-
-int GetUserBalance(int Socket)
-{
- regmatch_t matches[6];
- struct passwd *pwd;
- char *buf;
- int responseCode;
-
- if( !gsUserName )
- {
- if( gsEffectiveUser ) {
- gsUserName = gsEffectiveUser;
- }
- else {
- pwd = getpwuid( getuid() );
- gsUserName = strdup(pwd->pw_name);
- }
- }
-
- sendf(Socket, "USER_INFO %s\n", gsUserName);
- buf = ReadLine(Socket);
- responseCode = atoi(buf);
- switch(responseCode)
- {
- case 202: break; // Ok
-
- case 404:
- printf("Invalid user? (USER_INFO failed)\n");
- free(buf);
- return RV_INVALID_USER;
-
- default:
- fprintf(stderr, "Unkown response code %i from server\n", responseCode);
- printf("%s\n", buf);
- free(buf);
- return RV_UNKNOWN_ERROR;
- }
-
- RunRegex(&gUserInfoRegex, buf, 6, matches, "Malformed server response");
-
- giUserBalance = atoi( buf + matches[4].rm_so );
- gsUserFlags = strdup( buf + matches[5].rm_so );
-
- free(buf);
-
- return 0;
-}
-
-/**
- * \brief Read an item info response from the server
- * \param Dest Destination for the read item (strings will be on the heap)
- */
-int ReadItemInfo(int Socket, tItem *Dest)
-{
- char *buf;
- int responseCode;
-
- regmatch_t matches[8];
- char *statusStr;
-
- // Get item info
- buf = ReadLine(Socket);
- responseCode = atoi(buf);
-
- switch(responseCode)
- {
- case 202: break;
-
- case 406:
- printf("Bad item name\n");
- free(buf);
- return RV_BAD_ITEM;
-
- default:
- fprintf(stderr, "Unknown response from dispense server (Response Code %i)\n%s", responseCode, buf);
- free(buf);
- return RV_UNKNOWN_ERROR;
- }
-
- RunRegex(&gItemRegex, buf, 8, matches, "Malformed server response");
-
- buf[ matches[3].rm_eo ] = '\0';
- buf[ matches[5].rm_eo ] = '\0';
- buf[ matches[7].rm_eo ] = '\0';
-
- statusStr = &buf[ matches[5].rm_so ];
-
- Dest->ID = atoi( buf + matches[4].rm_so );
-
- if( strcmp(statusStr, "avail") == 0 )
- Dest->Status = 0;
- else if( strcmp(statusStr, "sold") == 0 )
- Dest->Status = 1;
- else if( strcmp(statusStr, "error") == 0 )
- Dest->Status = -1;
- else {
- fprintf(stderr, "Unknown response from dispense server (status '%s')\n",
- statusStr);
- return RV_UNKNOWN_ERROR;
- }
- Dest->Price = atoi( buf + matches[6].rm_so );
-
- // Hack a little to reduce heap fragmentation
- {
- char tmpType[strlen(buf + matches[3].rm_so) + 1];
- char tmpDesc[strlen(buf + matches[7].rm_so) + 1];
- strcpy(tmpType, buf + matches[3].rm_so);
- strcpy(tmpDesc, buf + matches[7].rm_so);
- free(buf);
- Dest->Type = strdup( tmpType );
- Dest->Desc = strdup( tmpDesc );
- }
-
- return 0;
-}
-
-/**
- * \brief Fill the item information structure
- * \return Boolean Failure
- */
-void PopulateItemList(int Socket)
-{
- char *buf;
- int responseCode;
-
- char *itemType, *itemStart;
- int count, i;
- regmatch_t matches[4];
-
- // Ask server for stock list
- send(Socket, "ENUM_ITEMS\n", 11, 0);
- buf = ReadLine(Socket);
-
- //printf("Output: %s\n", buf);
-
- responseCode = atoi(buf);
- if( responseCode != 201 ) {
- fprintf(stderr, "Unknown response from dispense server (Response Code %i)\n", responseCode);
- exit(RV_UNKNOWN_ERROR);
- }
-
- // - Get item list -
-
- // Expected format:
- // 201 Items <count>
- // 202 Item <count>
- RunRegex(&gArrayRegex, buf, 4, matches, "Malformed server response");
-
- itemType = &buf[ matches[2].rm_so ]; buf[ matches[2].rm_eo ] = '\0';
- count = atoi( &buf[ matches[3].rm_so ] );
-
- // Check array type
- if( strcmp(itemType, "Items") != 0 ) {
- // What the?!
- fprintf(stderr, "Unexpected array type, expected 'Items', got '%s'\n",
- itemType);
- exit(RV_UNKNOWN_ERROR);
- }
-
- itemStart = &buf[ matches[3].rm_eo ];
-
- free(buf);
-
- giNumItems = count;
- gaItems = malloc( giNumItems * sizeof(tItem) );
-
- // Fetch item information
- for( i = 0; i < giNumItems; i ++ )
- {
- ReadItemInfo( Socket, &gaItems[i] );
- }
-
- // Read end of list
- buf = ReadLine(Socket);
- responseCode = atoi(buf);
-
- if( responseCode != 200 ) {
- fprintf(stderr, "Unknown response from dispense server %i\n'%s'",
- responseCode, buf
- );
- exit(-1);
- }
-
- free(buf);
-}
-
-
-/**
- * \brief Get information on an item
- * \return Boolean Failure
- */
-int Dispense_ItemInfo(int Socket, const char *Type, int ID)
-{
- tItem item;
- int ret;
-
- // Query
- sendf(Socket, "ITEM_INFO %s:%i\n", Type, ID);
-
- ret = ReadItemInfo(Socket, &item);
- if(ret) return ret;
-
- printf("%8s:%-2i %2i.%02i %s\n",
- item.Type, item.ID,
- item.Price/100, item.Price%100,
- item.Desc);
-
- free(item.Type);
- free(item.Desc);
-
- return 0;
-}
-
-/**
- * \brief Dispense an item
- * \return Boolean Failure
- */
-int DispenseItem(int Socket, const char *Type, int ID)
-{
- int ret, responseCode;
- char *buf;
-
- // Check for a dry run
- if( gbDryRun ) {
- printf("Dry Run - No action\n");
- return 0;
- }
-
- // Dispense!
- sendf(Socket, "DISPENSE %s:%i\n", Type, ID);
- buf = ReadLine(Socket);
-
- responseCode = atoi(buf);
- switch( responseCode )
- {
- case 200:
- printf("Dispense OK\n");
- ret = 0;
- break;
- case 401:
- printf("Not authenticated\n");
- ret = RV_PERMISSIONS;
- break;
- case 402:
- printf("Insufficient balance\n");
- ret = RV_BALANCE;
- break;
- case 406:
- printf("Bad item name\n");
- ret = RV_BAD_ITEM;
- break;
- case 500:
- printf("Item failed to dispense, is the slot empty?\n");
- ret = 1;
- break;
- case 501:
- printf("Dispense not possible (slot empty/permissions)\n");
- ret = 1;
- break;
- default:
- printf("Unknown response code %i ('%s')\n", responseCode, buf);
- ret = RV_UNKNOWN_ERROR;
- break;
- }
-
- free(buf);
- return ret;
-}
-
-/**
- * \brief Alter a user's balance
- */
-int Dispense_AlterBalance(int Socket, const char *Username, int Ammount, const char *Reason)
-{
- char *buf;
- int responseCode;
-
- // Check for a dry run
- if( gbDryRun ) {
- printf("Dry Run - No action\n");
- return 0;
- }
-
- // Sanity
- if( Ammount == 0 ) {
- printf("An ammount would be nice\n");
- return RV_ARGUMENTS;
- }
-
- sendf(Socket, "ADD %s %i %s\n", Username, Ammount, Reason);
- buf = ReadLine(Socket);
-
- responseCode = atoi(buf);
- free(buf);
-
- switch(responseCode)
- {
- case 200: return 0; // OK
- case 402:
- fprintf(stderr, "Insufficient balance\n");
- return 1;
- case 403: // Not in coke
- fprintf(stderr, "You are not in coke (sucker)\n");
- return 1;
- case 404: // Unknown user
- fprintf(stderr, "Unknown user '%s'\n", Username);
- return 2;
- default:
- fprintf(stderr, "Unknown response code %i\n", responseCode);
- return -1;
- }
-
- return -1;
-}
-
-/**
- * \brief Set a user's balance
- * \note Only avaliable to dispense admins
- */
-int Dispense_SetBalance(int Socket, const char *Username, int Balance, const char *Reason)
-{
- char *buf;
- int responseCode;
-
- // Check for a dry run
- if( gbDryRun ) {
- printf("Dry Run - No action\n");
- return 0;
- }
-
- sendf(Socket, "SET %s %i %s\n", Username, Balance, Reason);
- buf = ReadLine(Socket);
-
- responseCode = atoi(buf);
- free(buf);
-
- switch(responseCode)
- {
- case 200: return 0; // OK
- case 403: // Not in coke
- fprintf(stderr, "You are not an admin\n");
- return 1;
- case 404: // Unknown user
- fprintf(stderr, "Unknown user '%s'\n", Username);
- return 2;
- default:
- fprintf(stderr, "Unknown response code %i\n", responseCode);
- return -1;
- }
-
- return -1;
-}
-
-/**
- * \brief Give money to another user
- */
-int Dispense_Give(int Socket, const char *Username, int Ammount, const char *Reason)
-{
- char *buf;
- int responseCode;
-
- if( Ammount < 0 ) {
- printf("Sorry, you can only give, you can't take.\n");
- return 1;
- }
-
- // Fast return on zero
- if( Ammount == 0 ) {
- printf("Are you actually going to give any?\n");
- return 1;
- }
-
- // Check for a dry run
- if( gbDryRun ) {
- printf("Dry Run - No action\n");
- return 0;
- }
-
- sendf(Socket, "GIVE %s %i %s\n", Username, Ammount, Reason);
-
- buf = ReadLine(Socket);
- responseCode = atoi(buf);
- free(buf);
- switch(responseCode)
- {
- case 200:
- printf("Give succeeded\n");
- return 0; // OK
-
- case 402:
- fprintf(stderr, "Insufficient balance\n");
- return 1;
-
- case 404: // Unknown user
- fprintf(stderr, "Unknown user '%s'\n", Username);
- return 2;
-
- default:
- fprintf(stderr, "Unknown response code %i\n", responseCode);
- return -1;
- }
-
- return -1;
-}
-
-int Dispense_Refund(int Socket, const char *Username, const char *Item, int PriceOverride)
-{
- char *buf;
- int responseCode, ret = -1;
-
- // Check item id
- if( RunRegex(&gUserItemIdentRegex, Item, 0, NULL, NULL) != 0 )
- {
- fprintf(stderr, "Error: Invalid item ID passed (should be <type>:<num>)\n");
- return RV_ARGUMENTS;
- }
-
- // Check username (quick)
- if( strchr(Username, ' ') || strchr(Username, '\n') )
- {
- fprintf(stderr, "Error: Username is invalid (no spaces or newlines please)\n");
- return RV_ARGUMENTS;
- }
-
- // Send the query
- sendf(Socket, "REFUND %s %s %i", Username, Item, PriceOverride);
-
- buf = ReadLine(Socket);
- responseCode = atoi(buf);
- switch(responseCode)
- {
- case 200:
- Dispense_ShowUser(Socket, Username); // Show destination account
- ret = 0;
- break;
- case 403:
- fprintf(stderr, "Refund access is only avaliable to coke members\n");
- ret = RV_PERMISSIONS;
- break;
- case 404:
- fprintf(stderr, "Unknown user '%s' passed\n", Username);
- ret = RV_INVALID_USER;
- break;
- case 406:
- fprintf(stderr, "Invalid item '%s' passed\n", Item);
- ret = RV_BAD_ITEM;
- break;
- default:
- fprintf(stderr, "Unknown response from server %i\n%s\n", responseCode, buf);
- ret = -1;
- break;
- }
- free(buf);
- return ret;
-}
-
-/**
- * \brief Donate money to the club
- */
-int Dispense_Donate(int Socket, int Ammount, const char *Reason)
-{
- char *buf;
- int responseCode;
-
- if( Ammount < 0 ) {
- printf("Sorry, you can only give, you can't take.\n");
- return -1;
- }
-
- // Fast return on zero
- if( Ammount == 0 ) {
- printf("Are you actually going to give any?\n");
- return 1;
- }
-
- // Check for a dry run
- if( gbDryRun ) {
- printf("Dry Run - No action\n");
- return 0;
- }
-
- sendf(Socket, "DONATE %i %s\n", Ammount, Reason);
- buf = ReadLine(Socket);
-
- responseCode = atoi(buf);
- free(buf);
-
- switch(responseCode)
- {
- case 200: return 0; // OK
-
- case 402:
- fprintf(stderr, "Insufficient balance\n");
- return 1;
-
- default:
- fprintf(stderr, "Unknown response code %i\n", responseCode);
- return -1;
- }
-
- return -1;
-}
-
-/**
- * \brief Enumerate users
- */
-int Dispense_EnumUsers(int Socket)
-{
- char *buf;
- int responseCode;
- int nUsers;
- regmatch_t matches[4];
-
- if( giMinimumBalance != INT_MIN ) {
- if( giMaximumBalance != INT_MAX ) {
- sendf(Socket, "ENUM_USERS min_balance:%i max_balance:%i\n", giMinimumBalance, giMaximumBalance);
- }
- else {
- sendf(Socket, "ENUM_USERS min_balance:%i\n", giMinimumBalance);
- }
- }
- else {
- if( giMaximumBalance != INT_MAX ) {
- sendf(Socket, "ENUM_USERS max_balance:%i\n", giMaximumBalance);
- }
- else {
- sendf(Socket, "ENUM_USERS\n");
- }
- }
- buf = ReadLine(Socket);
- responseCode = atoi(buf);
-
- switch(responseCode)
- {
- case 201: break; // Ok, length follows
-
- default:
- fprintf(stderr, "Unknown response code %i\n%s\n", responseCode, buf);
- free(buf);
- return -1;
- }
-
- // Get count (not actually used)
- RunRegex(&gArrayRegex, buf, 4, matches, "Malformed server response");
- nUsers = atoi( buf + matches[3].rm_so );
- printf("%i users returned\n", nUsers);
-
- // Free string
- free(buf);
-
- // Read returned users
- do {
- buf = ReadLine(Socket);
- responseCode = atoi(buf);
-
- if( responseCode != 202 ) break;
-
- _PrintUserLine(buf);
- free(buf);
- } while(responseCode == 202);
-
- // Check final response
- if( responseCode != 200 ) {
- fprintf(stderr, "Unknown response code %i\n%s\n", responseCode, buf);
- free(buf);
- return -1;
- }
-
- free(buf);
-
- return 0;
-}
-
-int Dispense_ShowUser(int Socket, const char *Username)
-{
- char *buf;
- int responseCode, ret;
-
- sendf(Socket, "USER_INFO %s\n", Username);
- buf = ReadLine(Socket);
-
- responseCode = atoi(buf);
-
- switch(responseCode)
- {
- case 202:
- _PrintUserLine(buf);
- ret = 0;
- break;
-
- case 404:
- printf("Unknown user '%s'\n", Username);
- ret = 1;
- break;
-
- default:
- fprintf(stderr, "Unknown response code %i '%s'\n", responseCode, buf);
- ret = -1;
- break;
- }
-
- free(buf);
-
- return ret;
-}
-
-void _PrintUserLine(const char *Line)
-{
- regmatch_t matches[6];
- int bal;
-
- RunRegex(&gUserInfoRegex, Line, 6, matches, "Malformed server response");
- // 3: Username
- // 4: Balance
- // 5: Flags
- {
- int usernameLen = matches[3].rm_eo - matches[3].rm_so;
- char username[usernameLen + 1];
- int flagsLen = matches[5].rm_eo - matches[5].rm_so;
- char flags[flagsLen + 1];
-
- memcpy(username, Line + matches[3].rm_so, usernameLen);
- username[usernameLen] = '\0';
- memcpy(flags, Line + matches[5].rm_so, flagsLen);
- flags[flagsLen] = '\0';
-
- bal = atoi(Line + matches[4].rm_so);
- printf("%-15s: $%4i.%02i (%s)\n", username, bal/100, abs(bal)%100, flags);
- }
-}
-
-int Dispense_AddUser(int Socket, const char *Username)
-{
- char *buf;
- int responseCode, ret;
-
- // Check for a dry run
- if( gbDryRun ) {
- printf("Dry Run - No action\n");
- return 0;
- }
-
- sendf(Socket, "USER_ADD %s\n", Username);
-
- buf = ReadLine(Socket);
- responseCode = atoi(buf);
-
- switch(responseCode)
- {
- case 200:
- printf("User '%s' added\n", Username);
- ret = 0;
- break;
-
- case 403:
- printf("Only wheel can add users\n");
- ret = 1;
- break;
-
- case 404:
- printf("User '%s' already exists\n", Username);
- ret = 0;
- break;
-
- default:
- fprintf(stderr, "Unknown response code %i '%s'\n", responseCode, buf);
- ret = -1;
- break;
- }
-
- free(buf);
-
- return ret;
-}
-
-int Dispense_SetUserType(int Socket, const char *Username, const char *TypeString)
-{
- char *buf;
- int responseCode, ret;
-
- // Check for a dry run
- if( gbDryRun ) {
- printf("Dry Run - No action\n");
- return 0;
- }
-
- // TODO: Pre-validate the string
-
- sendf(Socket, "USER_FLAGS %s %s\n", Username, TypeString);
-
- buf = ReadLine(Socket);
- responseCode = atoi(buf);
-
- switch(responseCode)
- {
- case 200:
- printf("User '%s' updated\n", Username);
- ret = 0;
- break;
-
- case 403:
- printf("Only wheel can modify users\n");
- ret = 1;
- break;
-
- case 404:
- printf("User '%s' does not exist\n", Username);
- ret = 0;
- break;
-
- case 407:
- printf("Flag string is invalid\n");
- ret = 0;
- break;
-
- default:
- fprintf(stderr, "Unknown response code %i '%s'\n", responseCode, buf);
- ret = -1;
- break;
- }
-
- free(buf);
-
- return ret;