#include <stdio.h>
#include <stdlib.h>
#include "common.h"
+#include "../common/config.h"
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>
+#include <fcntl.h> // O_*
#include <string.h>
#include <limits.h>
#include <stdarg.h>
+#include <signal.h> // Signal handling
+#include <ident.h> // AUTHIDENT
+#include <time.h> // time(2)
+#include <ctype.h>
#define DEBUG_TRACE_CLIENT 0
+#define HACK_NO_REFUNDS 1
+
+#define PIDFILE "/var/run/dispsrv.pid"
// Statistics
#define MAX_CONNECTION_QUEUE 5
#define MSG_STR_TOO_LONG "499 Command too long (limit "EXPSTR(INPUT_BUFFER_SIZE)")\n"
+#define IDENT_TRUSTED_NETWORK 0x825F0D00
+#define IDENT_TRUSTED_NETMASK 0xFFFFFFC0
+
// === TYPES ===
typedef struct sClient
{
int Socket; // Client socket ID
int ID; // Client ID
- int bIsTrusted; // Is the connection from a trusted host/port
+ int bTrustedHost;
+ int bCanAutoAuth; // Is the connection from a trusted host/port
char *Username;
char Salt[9];
// === PROTOTYPES ===
void Server_Start(void);
void Server_Cleanup(void);
-void Server_HandleClient(int Socket, int bTrusted);
+void Server_HandleClient(int Socket, int bTrustedHost, int bRootPort);
void Server_ParseClientCommand(tClient *Client, char *CommandString);
// --- Commands ---
void Server_Cmd_USER(tClient *Client, char *Args);
void Server_Cmd_PASS(tClient *Client, char *Args);
void Server_Cmd_AUTOAUTH(tClient *Client, char *Args);
+void Server_Cmd_AUTHIDENT(tClient *Client, char *Args);
void Server_Cmd_SETEUSER(tClient *Client, char *Args);
void Server_Cmd_ENUMITEMS(tClient *Client, char *Args);
void Server_Cmd_ITEMINFO(tClient *Client, char *Args);
void Server_Cmd_DISPENSE(tClient *Client, char *Args);
+void Server_Cmd_REFUND(tClient *Client, char *Args);
void Server_Cmd_GIVE(tClient *Client, char *Args);
void Server_Cmd_DONATE(tClient *Client, char *Args);
void Server_Cmd_ADD(tClient *Client, char *Args);
void _SendUserInfo(tClient *Client, int UserID);
void Server_Cmd_USERADD(tClient *Client, char *Args);
void Server_Cmd_USERFLAGS(tClient *Client, char *Args);
+void Server_Cmd_UPDATEITEM(tClient *Client, char *Args);
+void Server_Cmd_PINCHECK(tClient *Client, char *Args);
+void Server_Cmd_PINSET(tClient *Client, char *Args);
// --- Helpers ---
void Debug(tClient *Client, const char *Format, ...);
int sendf(int Socket, const char *Format, ...);
{"USER", Server_Cmd_USER},
{"PASS", Server_Cmd_PASS},
{"AUTOAUTH", Server_Cmd_AUTOAUTH},
+ {"AUTHIDENT", Server_Cmd_AUTHIDENT},
{"SETEUSER", Server_Cmd_SETEUSER},
{"ENUM_ITEMS", Server_Cmd_ENUMITEMS},
{"ITEM_INFO", Server_Cmd_ITEMINFO},
{"DISPENSE", Server_Cmd_DISPENSE},
+ {"REFUND", Server_Cmd_REFUND},
{"GIVE", Server_Cmd_GIVE},
{"DONATE", Server_Cmd_DONATE},
{"ADD", Server_Cmd_ADD},
{"ENUM_USERS", Server_Cmd_ENUMUSERS},
{"USER_INFO", Server_Cmd_USERINFO},
{"USER_ADD", Server_Cmd_USERADD},
- {"USER_FLAGS", Server_Cmd_USERFLAGS}
+ {"USER_FLAGS", Server_Cmd_USERFLAGS},
+ {"UPDATE_ITEM", Server_Cmd_UPDATEITEM},
+ {"PIN_CHECK", Server_Cmd_PINCHECK},
+ {"PIN_SET", Server_Cmd_PINSET}
};
#define NUM_COMMANDS ((int)(sizeof(gaServer_Commands)/sizeof(gaServer_Commands[0])))
int gbServer_RunInBackground = 0;
char *gsServer_LogFile = "/var/log/dispsrv.log";
char *gsServer_ErrorLog = "/var/log/dispsrv.err";
+ int giServer_NumTrustedHosts;
+struct in_addr *gaServer_TrustedHosts;
// - State variables
int giServer_Socket; // Server socket
int giServer_NextClientID = 1; // Debug client ID
int client_socket;
struct sockaddr_in server_addr, client_addr;
- atexit(Server_Cleanup);
+ // Parse trusted hosts list
+ giServer_NumTrustedHosts = Config_GetValueCount("trusted_host");
+ gaServer_TrustedHosts = malloc(giServer_NumTrustedHosts * sizeof(*gaServer_TrustedHosts));
+ for( int i = 0; i < giServer_NumTrustedHosts; i ++ )
+ {
+ const char *addr = Config_GetValue_Idx("trusted_host", i);
+
+ if( inet_aton(addr, &gaServer_TrustedHosts[i]) == 0 ) {
+ fprintf(stderr, "Invalid IP address '%s'\n", addr);
+ continue ;
+ }
+ }
+
+ // Ignore SIGPIPE (stops crashes when the client exits early)
+ signal(SIGPIPE, SIG_IGN);
// Create Server
giServer_Socket = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
if( bind(giServer_Socket, (struct sockaddr *) &server_addr, sizeof(server_addr)) < 0 ) {
fprintf(stderr, "ERROR: Unable to bind to 0.0.0.0:%i\n", giServer_Port);
perror("Binding");
+ close(giServer_Socket);
return ;
}
-#if 0
+ // Fork into background
if( gbServer_RunInBackground )
{
int pid = fork();
}
if( pid != 0 ) {
// Parent, quit
+ Debug_Notice("Forked child server as PID %i\n", pid);
exit(0);
}
- // In child, sort out stdin/stdout
- reopen(0, "/dev/null", O_READ);
- reopen(1, gsServer_LogFile, O_CREAT|O_APPEND);
- reopen(2, gsServer_ErrorLog, O_CREAT|O_APPEND);
+ // In child
+ // - Sort out stdin/stdout
+ #if 0
+ dup2( open("/dev/null", O_RDONLY, 0644), STDIN_FILENO );
+ dup2( open(gsServer_LogFile, O_CREAT|O_APPEND, 0644), STDOUT_FILENO );
+ dup2( open(gsServer_ErrorLog, O_CREAT|O_APPEND, 0644), STDERR_FILENO );
+ #else
+ freopen("/dev/null", "r", stdin);
+ freopen(gsServer_LogFile, "a", stdout);
+ freopen(gsServer_ErrorLog, "a", stderr);
+ fprintf(stdout, "OpenDispense 2 Server Started at %lld\n", (long long)time(NULL));
+ fprintf(stderr, "OpenDispense 2 Server Started at %lld\n", (long long)time(NULL));
+ #endif
}
-#endif
+ atexit(Server_Cleanup);
+
+ // Start the helper thread
+ StartPeriodicThread();
// Listen
if( listen(giServer_Socket, MAX_CONNECTION_QUEUE) < 0 ) {
return ;
}
- printf("Listening on 0.0.0.0:%i\n", giServer_Port);
+ Debug_Notice("Listening on 0.0.0.0:%i", giServer_Port);
// write pidfile
{
- FILE *fp = fopen("/var/run/dispsrv.pid", "w");
- fprintf(fp, "%i", getpid());
- fclose(fp);
+ FILE *fp = fopen(PIDFILE, "w");
+ if( fp ) {
+ fprintf(fp, "%i", getpid());
+ fclose(fp);
+ }
}
for(;;)
{
uint len = sizeof(client_addr);
int bTrusted = 0;
+ int bRootPort = 0;
// Accept a connection
client_socket = accept(giServer_Socket, (struct sockaddr *) &client_addr, &len);
if(giDebugLevel >= 2) {
char ipstr[INET_ADDRSTRLEN];
inet_ntop(AF_INET, &client_addr.sin_addr, ipstr, INET_ADDRSTRLEN);
- printf("Client connection from %s:%i\n",
+ Debug_Debug("Client connection from %s:%i",
ipstr, ntohs(client_addr.sin_port));
}
// Doesn't matter what, localhost is trusted
if( ntohl( client_addr.sin_addr.s_addr ) == 0x7F000001 )
bTrusted = 1;
-
- // Trusted Connections
+
+ // Check if the host is on the trusted list
+ for( int i = 0; i < giServer_NumTrustedHosts; i ++ )
+ {
+ if( memcmp(&client_addr.sin_addr, &gaServer_TrustedHosts[i], sizeof(struct in_addr)) == 0 )
+ {
+ bTrusted = 1;
+ break;
+ }
+ }
+
+ // Root port (can AUTOAUTH if also a trusted machine
if( ntohs(client_addr.sin_port) < 1024 )
+ bRootPort = 1;
+
+ #if 0
{
// TODO: Make this runtime configurable
switch( ntohl( client_addr.sin_addr.s_addr ) )
{
case 0x7F000001: // 127.0.0.1 localhost
// case 0x825F0D00: // 130.95.13.0
+ case 0x825F0D04: // 130.95.13.4 merlo
+ // case 0x825F0D05: // 130.95.13.5 heathred (MR)
case 0x825F0D07: // 130.95.13.7 motsugo
case 0x825F0D11: // 130.95.13.17 mermaid
case 0x825F0D12: // 130.95.13.18 mussel
case 0x825F0D17: // 130.95.13.23 martello
- case 0x825F0D42: // 130.95.13.66 heathred
+ case 0x825F0D2A: // 130.95.13.42 meersau
+ // case 0x825F0D42: // 130.95.13.66 heathred (Clubroom)
bTrusted = 1;
break;
default:
break;
}
}
+ #endif
// TODO: Multithread this?
- Server_HandleClient(client_socket, bTrusted);
+ Server_HandleClient(client_socket, bTrusted, bRootPort);
close(client_socket);
}
void Server_Cleanup(void)
{
- printf("\nClose(%i)\n", giServer_Socket);
+ Debug_Debug("Close(%i)", giServer_Socket);
close(giServer_Socket);
- unlink("/var/run/dispsrv");
+ unlink(PIDFILE);
}
/**
* \param Socket Client socket number/handle
* \param bTrusted Is the client trusted?
*/
-void Server_HandleClient(int Socket, int bTrusted)
+void Server_HandleClient(int Socket, int bTrusted, int bRootPort)
{
char inbuf[INPUT_BUFFER_SIZE];
char *buf = inbuf;
// Initialise Client info
clientInfo.Socket = Socket;
clientInfo.ID = giServer_NextClientID ++;
- clientInfo.bIsTrusted = bTrusted;
+ clientInfo.bTrustedHost = bTrusted;
+ clientInfo.bCanAutoAuth = bTrusted && bRootPort;
clientInfo.EffectiveUID = -1;
// Read from client
if( Server_int_ParseArgs(1, CommandString, &command, &args, NULL) )
{
if( command == NULL ) return ;
-// printf("command=%s, args=%s\n", command, args);
// Is this an error? (just ignore for now)
- //args = "";
}
}
// Check if trusted
- if( !Client->bIsTrusted ) {
+ if( !Client->bCanAutoAuth ) {
if(giDebugLevel)
Debug(Client, "Untrusted client attempting to AUTOAUTH");
sendf(Client->Socket, "401 Untrusted\n");
}
// Get UID
- Client->UID = Bank_GetAcctByName( username );
+ Client->UID = Bank_GetAcctByName( username, 0 );
if( Client->UID < 0 ) {
if(giDebugLevel)
Debug(Client, "Unknown user '%s'", username);
return ;
}
+ // Save username
+ if(Client->Username)
+ free(Client->Username);
+ Client->Username = strdup(username);
+
Client->bIsAuthed = 1;
if(giDebugLevel)
sendf(Client->Socket, "200 Auth OK\n");
}
+/**
+ * \brief Authenticate as a user using the IDENT protocol
+ *
+ * Usage: AUTHIDENT
+ */
+void Server_Cmd_AUTHIDENT(tClient *Client, char *Args)
+{
+ char *username;
+ int userflags;
+ const int ident_timeout = 5;
+
+ if( Args != NULL && strlen(Args) ) {
+ sendf(Client->Socket, "407 AUTHIDENT takes no arguments\n");
+ return ;
+ }
+
+ // Check if trusted
+ if( !Client->bTrustedHost ) {
+ if(giDebugLevel)
+ Debug(Client, "Untrusted client attempting to AUTHIDENT");
+ sendf(Client->Socket, "401 Untrusted\n");
+ return ;
+ }
+
+ // Get username via IDENT
+ username = ident_id(Client->Socket, ident_timeout);
+ if( !username ) {
+ perror("AUTHIDENT - IDENT timed out");
+ sendf(Client->Socket, "403 Authentication failure: IDENT auth timed out\n");
+ return ;
+ }
+
+ // Get UID
+ Client->UID = Bank_GetAcctByName( username, 0 );
+ if( Client->UID < 0 ) {
+ if(giDebugLevel)
+ Debug(Client, "Unknown user '%s'", username);
+ sendf(Client->Socket, "403 Authentication failure: unknown account\n");
+ free(username);
+ return ;
+ }
+
+ userflags = Bank_GetFlags(Client->UID);
+ // You can't be an internal account
+ if( userflags & USER_FLAG_INTERNAL ) {
+ if(giDebugLevel)
+ Debug(Client, "IDENT auth as '%s', not allowed", username);
+ Client->UID = -1;
+ sendf(Client->Socket, "403 Authentication failure: that account is internal\n");
+ free(username);
+ return ;
+ }
+
+ // Disabled accounts
+ if( userflags & USER_FLAG_DISABLED ) {
+ Client->UID = -1;
+ sendf(Client->Socket, "403 Authentication failure: account disabled\n");
+ free(username);
+ return ;
+ }
+
+ // Save username
+ if(Client->Username)
+ free(Client->Username);
+ Client->Username = strdup(username);
+
+ Client->bIsAuthed = 1;
+
+ if(giDebugLevel)
+ Debug(Client, "IDENT authenticated as '%s' (%i)", username, Client->UID);
+ free(username);
+
+ sendf(Client->Socket, "200 Auth OK\n");
+}
+
/**
* \brief Set effective user
*/
sendf(Client->Socket, "407 SETEUSER expects an argument\n");
return ;
}
+
+ // Check authentication
+ if( !Client->bIsAuthed ) {
+ sendf(Client->Socket, "401 Not Authenticated\n");
+ return ;
+ }
// Check user permissions
userFlags = Bank_GetFlags(Client->UID);
}
// Set id
- Client->EffectiveUID = Bank_GetAcctByName(username);
+ Client->EffectiveUID = Bank_GetAcctByName(username, 0);
if( Client->EffectiveUID == -1 ) {
sendf(Client->Socket, "404 User not found\n");
return ;
}
-
- // You can't be an internal account
+ // You can't be an internal account (unless you're an admin)
if( !(userFlags & USER_FLAG_ADMIN) )
{
eUserFlags = Bank_GetFlags(Client->EffectiveUID);
sendf(Client->Socket, "404 User not found\n");
return ;
}
- // Disabled only avaliable to admins
- if( eUserFlags & USER_FLAG_DISABLED ) {
- Client->EffectiveUID = -1;
- sendf(Client->Socket, "403 Account disabled\n");
- return ;
- }
+ }
+
+ // Disabled accounts
+ // - If disabled and the actual user is not an admin (and not root)
+ // return 403
+ if( (eUserFlags & USER_FLAG_DISABLED) && (Client->UID == 0 || !(userFlags & USER_FLAG_ADMIN)) ) {
+ Client->EffectiveUID = -1;
+ sendf(Client->Socket, "403 Account disabled\n");
+ return ;
}
sendf(Client->Socket, "200 User set\n");
}
}
+ if( !gbNoCostMode && Item->Price == 0 )
+ status = "error";
+ // KNOWN HACK: Naming a slot 'dead' disables it
+ if( strcmp(Item->Name, "dead") == 0 )
+ status = "sold"; // Another status?
+
sendf(Client->Socket,
"202 Item %s:%i %s %i %s\n",
Item->Handler->Name, Item->ID, status, Item->Price, Item->Name
/**
* \brief Fetch information on a specific item
+ *
+ * Usage: ITEMINFO <item ID>
*/
void Server_Cmd_ITEMINFO(tClient *Client, char *Args)
{
Server_int_SendItem( Client, item );
}
+/**
+ * \brief Dispense an item
+ *
+ * Usage: DISPENSE <Item ID>
+ */
void Server_Cmd_DISPENSE(tClient *Client, char *Args)
{
tItem *item;
uid = Client->UID;
}
+// if( Bank_GetFlags(Client->UID) & USER_FLAG_DISABLED ) {
+// }
+
switch( ret = DispenseItem( Client->UID, uid, item ) )
{
case 0: sendf(Client->Socket, "200 Dispense OK\n"); return ;
case 1: sendf(Client->Socket, "501 Unable to dispense\n"); return ;
case 2: sendf(Client->Socket, "402 Poor You\n"); return ;
default:
- sendf(Client->Socket, "500 Dispense Error\n");
+ sendf(Client->Socket, "500 Dispense Error (%i)\n", ret);
return ;
}
}
+/**
+ * \brief Refund an item to a user
+ *
+ * Usage: REFUND <user> <item id> [<price>]
+ */
+void Server_Cmd_REFUND(tClient *Client, char *Args)
+{
+ tItem *item;
+ int uid, price_override = 0;
+ char *username, *itemname, *price_str;
+
+ if( Server_int_ParseArgs(0, Args, &username, &itemname, &price_str, NULL) ) {
+ if( !itemname || price_str ) {
+ sendf(Client->Socket, "407 REFUND takes 2 or 3 arguments\n");
+ return ;
+ }
+ }
+
+ if( !Client->bIsAuthed ) {
+ sendf(Client->Socket, "401 Not Authenticated\n");
+ return ;
+ }
+
+ // Check user permissions
+ if( !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) {
+ sendf(Client->Socket, "403 Not in coke\n");
+ return ;
+ }
+
+ uid = Bank_GetAcctByName(username, 0);
+ if( uid == -1 ) {
+ sendf(Client->Socket, "404 Unknown user\n");
+ return ;
+ }
+
+ item = _GetItemFromString(itemname);
+ if( !item ) {
+ sendf(Client->Socket, "406 Bad Item ID\n");
+ return ;
+ }
+
+ if( price_str )
+ price_override = atoi(price_str);
+
+ switch( DispenseRefund( Client->UID, uid, item, price_override ) )
+ {
+ case 0: sendf(Client->Socket, "200 Item Refunded\n"); return ;
+ default:
+ sendf(Client->Socket, "500 Dispense Error\n");
+ return;
+ }
+}
+
+/**
+ * \brief Transfer money to another account
+ *
+ * Usage: GIVE <dest> <ammount> <reason...>
+ */
void Server_Cmd_GIVE(tClient *Client, char *Args)
{
char *recipient, *ammount, *reason;
sendf(Client->Socket, "407 GIVE takes only 3 arguments\n");
return ;
}
+
// Check for authed
if( !Client->bIsAuthed ) {
sendf(Client->Socket, "401 Not Authenticated\n");
}
// Get recipient
- uid = Bank_GetAcctByName(recipient);
+ uid = Bank_GetAcctByName(recipient, 0);
if( uid == -1 ) {
sendf(Client->Socket, "404 Invalid target user\n");
return ;
return ;
}
+ #if !ROOT_CAN_ADD
+ if( strcmp( Client->Username, "root" ) == 0 ) {
+ // Allow adding for new users
+ if( strcmp(reason, "treasurer: new user") != 0 ) {
+ sendf(Client->Socket, "403 Root may not add\n");
+ return ;
+ }
+ }
+ #endif
+
+ #if HACK_NO_REFUNDS
+ if( strstr(reason, "refund") != NULL || strstr(reason, "misdispense") != NULL )
+ {
+ sendf(Client->Socket, "499 Don't use `dispense acct` for refunds, use `dispense refund` (and `dispense -G` to get item IDs)\n");
+ return ;
+ }
+ #endif
+
// Get recipient
- uid = Bank_GetAcctByName(user);
+ uid = Bank_GetAcctByName(user, 0);
if( uid == -1 ) {
sendf(Client->Socket, "404 Invalid user\n");
return ;
if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) )
{
if( Bank_GetFlags(uid) & USER_FLAG_INTERNAL ) {
- sendf(Client->Socket, "404 Invalid user\n");
+ sendf(Client->Socket, "403 Admin only\n");
return ;
}
// TODO: Maybe disallow changes to disabled?
}
// Get recipient
- uid = Bank_GetAcctByName(user);
+ uid = Bank_GetAcctByName(user, 0);
if( uid == -1 ) {
sendf(Client->Socket, "404 Invalid user\n");
return ;
return ;
}
+ int origBalance, rv;
// Do give
- switch( DispenseSet(Client->UID, uid, iAmmount, reason) )
+ switch( rv = DispenseSet(Client->UID, uid, iAmmount, reason, &origBalance) )
{
case 0:
- sendf(Client->Socket, "200 Add OK\n");
- return ;
- case 2:
- sendf(Client->Socket, "402 Poor Guy\n");
+ sendf(Client->Socket, "200 Add OK (%i)\n", origBalance);
return ;
default:
- sendf(Client->Socket, "500 Unknown error\n");
+ sendf(Client->Socket, "500 Unknown error (%i)\n", rv);
return ;
}
}
if( giDebugLevel ) Debug(Client, "User Info '%s'", user);
// Get recipient
- uid = Bank_GetAcctByName(user);
+ uid = Bank_GetAcctByName(user, 0);
if( giDebugLevel >= 2 ) Debug(Client, "uid = %i", uid);
if( uid == -1 ) {
return ;
}
+ // Check authentication
+ if( !Client->bIsAuthed ) {
+ sendf(Client->Socket, "401 Not Authenticated\n");
+ return ;
+ }
+
// Check permissions
if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) ) {
sendf(Client->Socket, "403 Not a coke admin\n");
void Server_Cmd_USERFLAGS(tClient *Client, char *Args)
{
- char *username, *flags;
+ char *username, *flags, *reason=NULL;
int mask=0, value=0;
int uid;
// Parse arguments
- if( Server_int_ParseArgs(0, Args, &username, &flags, NULL) ) {
- sendf(Client->Socket, "407 USER_FLAGS takes 2 arguments\n");
+ if( Server_int_ParseArgs(1, Args, &username, &flags, &reason, NULL) ) {
+ if( !flags ) {
+ sendf(Client->Socket, "407 USER_FLAGS takes at least 2 arguments\n");
+ return ;
+ }
+ reason = "";
+ }
+
+ // Check authentication
+ if( !Client->bIsAuthed ) {
+ sendf(Client->Socket, "401 Not Authenticated\n");
return ;
}
}
// Get UID
- uid = Bank_GetAcctByName(username);
+ uid = Bank_GetAcctByName(username, 0);
if( uid == -1 ) {
sendf(Client->Socket, "404 User '%s' not found\n", username);
return ;
// Apply flags
Bank_SetFlags(uid, mask, value);
+
+ // Log the change
+ Log_Info("Updated '%s' with flag set '%s' by '%s' - Reason: %s",
+ username, flags, Client->Username, reason);
// Return OK
sendf(Client->Socket, "200 User Updated\n");
}
+void Server_Cmd_UPDATEITEM(tClient *Client, char *Args)
+{
+ char *itemname, *price_str, *description;
+ int price;
+ tItem *item;
+
+ if( Server_int_ParseArgs(1, Args, &itemname, &price_str, &description, NULL) ) {
+ sendf(Client->Socket, "407 UPDATE_ITEM takes 3 arguments\n");
+ return ;
+ }
+
+ if( !Client->bIsAuthed ) {
+ sendf(Client->Socket, "401 Not Authenticated\n");
+ return ;
+ }
+
+ // Check user permissions
+ if( !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) {
+ sendf(Client->Socket, "403 Not in coke\n");
+ return ;
+ }
+
+ item = _GetItemFromString(itemname);
+ if( !item ) {
+ // TODO: Create item?
+ sendf(Client->Socket, "406 Bad Item ID\n");
+ return ;
+ }
+
+ price = atoi(price_str);
+ if( price <= 0 && price_str[0] != '0' ) {
+ sendf(Client->Socket, "407 Invalid price set\n");
+ }
+
+ switch( DispenseUpdateItem( Client->UID, item, description, price ) )
+ {
+ case 0:
+ // Return OK
+ sendf(Client->Socket, "200 Item updated\n");
+ break;
+ default:
+ break;
+ }
+}
+
+void Server_Cmd_PINCHECK(tClient *Client, char *Args)
+{
+ char *username, *pinstr;
+ int pin;
+
+ if( Server_int_ParseArgs(0, Args, &username, &pinstr, NULL) ) {
+ sendf(Client->Socket, "407 PIN_CHECK takes 2 arguments\n");
+ return ;
+ }
+
+ if( !isdigit(pinstr[0]) || !isdigit(pinstr[1]) || !isdigit(pinstr[2]) || !isdigit(pinstr[3]) || pinstr[4] != '\0' ) {
+ sendf(Client->Socket, "407 PIN should be four digits\n");
+ return ;
+ }
+ pin = atoi(pinstr);
+
+ // Not authenticated? go away!
+ if( !Client->bIsAuthed ) {
+ sendf(Client->Socket, "401 Not Authenticated\n");
+ return ;
+ }
+
+ // Get user
+ int uid = Bank_GetAcctByName(username, 0);
+ if( uid == -1 ) {
+ sendf(Client->Socket, "404 User '%s' not found\n", username);
+ return ;
+ }
+
+ // Check user permissions
+ if( uid != Client->UID && !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) {
+ sendf(Client->Socket, "403 Not in coke\n");
+ return ;
+ }
+
+ // Get the pin
+ static time_t last_wrong_pin_time;
+ static int backoff = 1;
+ if( time(NULL) - last_wrong_pin_time < backoff ) {
+ sendf(Client->Socket, "407 Rate limited (%i seconds remaining)\n",
+ backoff - (time(NULL) - last_wrong_pin_time));
+ return ;
+ }
+ last_wrong_pin_time = time(NULL);
+ if( !Bank_IsPinValid(uid, pin) )
+ {
+ sendf(Client->Socket, "201 Pin incorrect\n");
+ struct sockaddr_storage addr;
+ socklen_t len = sizeof(addr);
+ char ipstr[INET6_ADDRSTRLEN];
+ getpeername(Client->Socket, (void*)&addr, &len);
+ struct sockaddr_in *s = (struct sockaddr_in *)&addr;
+ inet_ntop(addr.ss_family, &s->sin_addr, ipstr, sizeof(ipstr));
+ Debug_Notice("Bad pin from %s for %s by %i", ipstr, username, Client->UID);
+ if( backoff < 5)
+ backoff ++;
+ return ;
+ }
+
+ last_wrong_pin_time = 0;
+ backoff = 1;
+ sendf(Client->Socket, "200 Pin correct\n");
+ return ;
+}
+void Server_Cmd_PINSET(tClient *Client, char *Args)
+{
+ char *pinstr;
+ int pin;
+
+
+ if( Server_int_ParseArgs(0, Args, &pinstr, NULL) ) {
+ sendf(Client->Socket, "407 PIN_SET takes 1 argument\n");
+ return ;
+ }
+
+ if( !isdigit(pinstr[0]) || !isdigit(pinstr[1]) || !isdigit(pinstr[2]) || !isdigit(pinstr[3]) || pinstr[4] != '\0' ) {
+ sendf(Client->Socket, "407 PIN should be four digits\n");
+ return ;
+ }
+ pin = atoi(pinstr);
+
+ if( !Client->bIsAuthed ) {
+ sendf(Client->Socket, "401 Not Authenticated\n");
+ return ;
+ }
+
+ int uid = Client->EffectiveUID;
+ if(uid == -1)
+ uid = Client->UID;
+ // Can only pinset yourself (well, the effective user)
+ Bank_SetPin(uid, pin);
+ sendf(Client->Socket, "200 Pin updated\n");
+ return ;
+}
+
// --- INTERNAL HELPERS ---
void Debug(tClient *Client, const char *Format, ...)
{
return 0;
}
+