#include <stdio.h>
#include <stdlib.h>
#include "common.h"
+#include "../common/config.h"
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <signal.h> // Signal handling
#include <ident.h> // AUTHIDENT
#include <time.h> // time(2)
+#include <ctype.h>
#define DEBUG_TRACE_CLIENT 0
#define HACK_NO_REFUNDS 1
+#define PIDFILE "/var/run/dispsrv.pid"
+
// Statistics
#define MAX_CONNECTION_QUEUE 5
#define INPUT_BUFFER_SIZE 256
void Server_Cmd_USERADD(tClient *Client, char *Args);
void Server_Cmd_USERFLAGS(tClient *Client, char *Args);
void Server_Cmd_UPDATEITEM(tClient *Client, char *Args);
+void Server_Cmd_PINCHECK(tClient *Client, char *Args);
+void Server_Cmd_PINSET(tClient *Client, char *Args);
// --- Helpers ---
void Debug(tClient *Client, const char *Format, ...);
int sendf(int Socket, const char *Format, ...);
{"USER_INFO", Server_Cmd_USERINFO},
{"USER_ADD", Server_Cmd_USERADD},
{"USER_FLAGS", Server_Cmd_USERFLAGS},
- {"UPDATE_ITEM", Server_Cmd_UPDATEITEM}
+ {"UPDATE_ITEM", Server_Cmd_UPDATEITEM},
+ {"PIN_CHECK", Server_Cmd_PINCHECK},
+ {"PIN_SET", Server_Cmd_PINSET}
};
#define NUM_COMMANDS ((int)(sizeof(gaServer_Commands)/sizeof(gaServer_Commands[0])))
gaServer_TrustedHosts = malloc(giServer_NumTrustedHosts * sizeof(*gaServer_TrustedHosts));
for( int i = 0; i < giServer_NumTrustedHosts; i ++ )
{
- const char *addr = Config_GetValue("trusted_host", i);
+ const char *addr = Config_GetValue_Idx("trusted_host", i);
if( inet_aton(addr, &gaServer_TrustedHosts[i]) == 0 ) {
fprintf(stderr, "Invalid IP address '%s'\n", addr);
}
}
- atexit(Server_Cleanup);
// Ignore SIGPIPE (stops crashes when the client exits early)
signal(SIGPIPE, SIG_IGN);
if( bind(giServer_Socket, (struct sockaddr *) &server_addr, sizeof(server_addr)) < 0 ) {
fprintf(stderr, "ERROR: Unable to bind to 0.0.0.0:%i\n", giServer_Port);
perror("Binding");
+ close(giServer_Socket);
return ;
}
}
if( pid != 0 ) {
// Parent, quit
- printf("Forked child %i\n", pid);
+ Debug_Notice("Forked child server as PID %i\n", pid);
exit(0);
}
// In child
fprintf(stderr, "OpenDispense 2 Server Started at %lld\n", (long long)time(NULL));
#endif
}
+ atexit(Server_Cleanup);
// Start the helper thread
StartPeriodicThread();
return ;
}
- printf("Listening on 0.0.0.0:%i\n", giServer_Port);
+ Debug_Notice("Listening on 0.0.0.0:%i", giServer_Port);
// write pidfile
{
- FILE *fp = fopen("/var/run/dispsrv.pid", "w");
+ FILE *fp = fopen(PIDFILE, "w");
if( fp ) {
fprintf(fp, "%i", getpid());
fclose(fp);
if(giDebugLevel >= 2) {
char ipstr[INET_ADDRSTRLEN];
inet_ntop(AF_INET, &client_addr.sin_addr, ipstr, INET_ADDRSTRLEN);
- printf("Client connection from %s:%i\n",
+ Debug_Debug("Client connection from %s:%i",
ipstr, ntohs(client_addr.sin_port));
}
void Server_Cleanup(void)
{
- printf("\nClose(%i)\n", giServer_Socket);
+ Debug_Debug("Close(%i)", giServer_Socket);
close(giServer_Socket);
- unlink("/var/run/dispsrv.pid");
+ unlink(PIDFILE);
}
/**
sendf(Client->Socket, "404 User not found\n");
return ;
}
-
- // You can't be an internal account
+ // You can't be an internal account (unless you're an admin)
if( !(userFlags & USER_FLAG_ADMIN) )
{
eUserFlags = Bank_GetFlags(Client->EffectiveUID);
sendf(Client->Socket, "404 User not found\n");
return ;
}
- // Disabled only avaliable to admins
- if( eUserFlags & USER_FLAG_DISABLED ) {
- Client->EffectiveUID = -1;
- sendf(Client->Socket, "403 Account disabled\n");
- return ;
- }
}
// Disabled accounts
- if( userFlags & USER_FLAG_DISABLED ) {
- Client->UID = -1;
+ // - If disabled and the actual user is not an admin (and not root)
+ // return 403
+ if( (eUserFlags & USER_FLAG_DISABLED) && (Client->UID == 0 || !(userFlags & USER_FLAG_ADMIN)) ) {
+ Client->EffectiveUID = -1;
sendf(Client->Socket, "403 Account disabled\n");
return ;
}
uid = Client->UID;
}
+// if( Bank_GetFlags(Client->UID) & USER_FLAG_DISABLED ) {
+// }
+
switch( ret = DispenseItem( Client->UID, uid, item ) )
{
case 0: sendf(Client->Socket, "200 Dispense OK\n"); return ;
if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) )
{
if( Bank_GetFlags(uid) & USER_FLAG_INTERNAL ) {
- sendf(Client->Socket, "404 Invalid user\n");
+ sendf(Client->Socket, "403 Admin only\n");
return ;
}
// TODO: Maybe disallow changes to disabled?
return ;
}
+ int origBalance, rv;
// Do give
- switch( DispenseSet(Client->UID, uid, iAmmount, reason) )
+ switch( rv = DispenseSet(Client->UID, uid, iAmmount, reason, &origBalance) )
{
case 0:
- sendf(Client->Socket, "200 Add OK\n");
- return ;
- case 2:
- sendf(Client->Socket, "402 Poor Guy\n");
+ sendf(Client->Socket, "200 Add OK (%i)\n", origBalance);
return ;
default:
- sendf(Client->Socket, "500 Unknown error\n");
+ sendf(Client->Socket, "500 Unknown error (%i)\n", rv);
return ;
}
}
}
}
+void Server_Cmd_PINCHECK(tClient *Client, char *Args)
+{
+ char *username, *pinstr;
+ int pin;
+
+ if( Server_int_ParseArgs(0, Args, &username, &pinstr, NULL) ) {
+ sendf(Client->Socket, "407 PIN_CHECK takes 2 arguments\n");
+ return ;
+ }
+
+ if( !isdigit(pinstr[0]) || !isdigit(pinstr[1]) || !isdigit(pinstr[2]) || !isdigit(pinstr[3]) || pinstr[4] != '\0' ) {
+ sendf(Client->Socket, "407 PIN should be four digits\n");
+ return ;
+ }
+ pin = atoi(pinstr);
+
+ // Not authenticated? go away!
+ if( !Client->bIsAuthed ) {
+ sendf(Client->Socket, "401 Not Authenticated\n");
+ return ;
+ }
+
+ // Get user
+ int uid = Bank_GetAcctByName(username, 0);
+ if( uid == -1 ) {
+ sendf(Client->Socket, "404 User '%s' not found\n", username);
+ return ;
+ }
+
+ // Check user permissions
+ if( uid != Client->UID && !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) {
+ sendf(Client->Socket, "403 Not in coke\n");
+ return ;
+ }
+
+ // Get the pin
+ static time_t last_wrong_pin_time;
+ static int backoff = 1;
+ if( time(NULL) - last_wrong_pin_time < backoff ) {
+ sendf(Client->Socket, "407 Rate limited (%i seconds remaining)\n",
+ backoff - (time(NULL) - last_wrong_pin_time));
+ return ;
+ }
+ last_wrong_pin_time = time(NULL);
+ if( !Bank_IsPinValid(uid, pin) )
+ {
+ sendf(Client->Socket, "201 Pin incorrect\n");
+ struct sockaddr_storage addr;
+ socklen_t len = sizeof(addr);
+ char ipstr[INET6_ADDRSTRLEN];
+ getpeername(Client->Socket, (void*)&addr, &len);
+ struct sockaddr_in *s = (struct sockaddr_in *)&addr;
+ inet_ntop(addr.ss_family, &s->sin_addr, ipstr, sizeof(ipstr));
+ Debug_Notice("Bad pin from %s for %s by %i", ipstr, username, Client->UID);
+ if( backoff < 5)
+ backoff ++;
+ return ;
+ }
+
+ last_wrong_pin_time = 0;
+ backoff = 1;
+ sendf(Client->Socket, "200 Pin correct\n");
+ return ;
+}
+void Server_Cmd_PINSET(tClient *Client, char *Args)
+{
+ char *pinstr;
+ int pin;
+
+
+ if( Server_int_ParseArgs(0, Args, &pinstr, NULL) ) {
+ sendf(Client->Socket, "407 PIN_SET takes 1 argument\n");
+ return ;
+ }
+
+ if( !isdigit(pinstr[0]) || !isdigit(pinstr[1]) || !isdigit(pinstr[2]) || !isdigit(pinstr[3]) || pinstr[4] != '\0' ) {
+ sendf(Client->Socket, "407 PIN should be four digits\n");
+ return ;
+ }
+ pin = atoi(pinstr);
+
+ if( !Client->bIsAuthed ) {
+ sendf(Client->Socket, "401 Not Authenticated\n");
+ return ;
+ }
+
+ int uid = Client->EffectiveUID;
+ if(uid == -1)
+ uid = Client->UID;
+ // Can only pinset yourself (well, the effective user)
+ Bank_SetPin(uid, pin);
+ sendf(Client->Socket, "200 Pin updated\n");
+ return ;
+}
+
// --- INTERNAL HELPERS ---
void Debug(tClient *Client, const char *Format, ...)
{
return 0;
}
+