X-Git-Url: https://git.ucc.asn.au/?a=blobdiff_plain;ds=sidebyside;f=src%2Fserver%2Fserver.c;h=2afd1a7b9d73fdf5126ffd9a4ee72f63e3cfe683;hb=afc4569cb98d4cc498e78ebb51767e5521ba2ea8;hp=9bf9eba2a71715dce302032a3bd83288460b7f44;hpb=d08f812d7f468b5678ab12e59da35ccb585ab772;p=tpg%2Fopendispense2.git

diff --git a/src/server/server.c b/src/server/server.c
index 9bf9eba..2afd1a7 100644
--- a/src/server/server.c
+++ b/src/server/server.c
@@ -699,16 +699,12 @@ void Server_Cmd_SETEUSER(tClient *Client, char *Args)
 			sendf(Client->Socket, "404 User not found\n");
 			return ;
 		}
-		// Disabled only avaliable to admins
-		if( eUserFlags & USER_FLAG_DISABLED ) {
-			Client->EffectiveUID = -1;
-			sendf(Client->Socket, "403 Account disabled\n");
-			return ;
-		}
 	}
 
 	// Disabled accounts
-	if( userFlags & USER_FLAG_DISABLED ) {
+	// - If disabled and the actual user is not an admin (and not root)
+	//   return 403
+	if( (eUserFlags & USER_FLAG_DISABLED) && (Client->UID == 0 || !(userFlags & USER_FLAG_ADMIN)) ) {
 		Client->EffectiveUID = -1;
 		sendf(Client->Socket, "403 Account disabled\n");
 		return ;
@@ -874,6 +870,9 @@ void Server_Cmd_DISPENSE(tClient *Client, char *Args)
 		uid = Client->UID;
 	}
 
+//	if( Bank_GetFlags(Client->UID) & USER_FLAG_DISABLED  ) {
+//	}
+
 	switch( ret = DispenseItem( Client->UID, uid, item ) )
 	{
 	case 0:	sendf(Client->Socket, "200 Dispense OK\n");	return ;
@@ -1567,12 +1566,6 @@ void Server_Cmd_PINCHECK(tClient *Client, char *Args)
 		return ;
 	}
 	
-	// Check user permissions
-	if( !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN))  ) {
-		sendf(Client->Socket, "403 Not in coke\n");
-		return ;
-	}
-	
 	// Get user
 	int uid = Bank_GetAcctByName(username, 0);
 	if( uid == -1 ) {
@@ -1580,6 +1573,12 @@ void Server_Cmd_PINCHECK(tClient *Client, char *Args)
 		return ;
 	}
 	
+	// Check user permissions
+	if( uid != Client->UID && !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN))  ) {
+		sendf(Client->Socket, "403 Not in coke\n");
+		return ;
+	}
+	
 	// Get the pin
 	static time_t	last_wrong_pin_time;
 	static int	backoff = 1;
@@ -1591,7 +1590,7 @@ void Server_Cmd_PINCHECK(tClient *Client, char *Args)
 	last_wrong_pin_time = time(NULL);
 	if( !Bank_IsPinValid(uid, pin) )
 	{
-		sendf(Client->Socket, "403 Pin incorrect\n");
+		sendf(Client->Socket, "201 Pin incorrect\n");
 		if( backoff < 5)
 			backoff ++;
 		return ;