X-Git-Url: https://git.ucc.asn.au/?a=blobdiff_plain;f=server%2Flogin.c;h=f3209facc74f15c2de5e692941893569ef456920;hb=1a161f17021f8c954aa041f4bb19a5e01bf2e5b7;hp=ecc081197899bb36035c65c2d5dd3fe242c76a22;hpb=1b3737962d2abeb9359d92de0977d0ca108ff05b;p=matches%2FMCTX3420.git diff --git a/server/login.c b/server/login.c index ecc0811..f3209fa 100644 --- a/server/login.c +++ b/server/login.c @@ -110,7 +110,12 @@ UserType Login_MySQL(const char * user, const char * pass, Log(LOGERR, "No user matching %s", user); } - + //TODO: Handle administrator users somehow better than this + // UserCake stores the permission level in a seperate table to the username/password, which is annoying + if (user_type != USER_UNAUTH && strcmp(user, "admin") == 0) + { + user_type = USER_ADMIN; + } mysql_free_result(result); mysql_close(con); return user_type; @@ -165,6 +170,8 @@ UserType Login_Shadow(const char * user, const char * pass, const char * shadow) passwd_index = -1; } + fclose(f); + if (passwd_index <= 0) { //Log(LOGDEBUG,"No user found matching %s\n", user); @@ -281,7 +288,10 @@ void Logout_Handler(FCGIContext * context, char * params) /** * Handle a Login Request * @param context - The context - * @param params - Parameter string, should contain username and password + * @param params - Parameter string, should contain username and password. + * NOTE: Care should be taken when using params, as it is + * completely unescaped. Do not log or use it without + * suitable escaping. */ void Login_Handler(FCGIContext * context, char * params) { @@ -323,7 +333,7 @@ void Login_Handler(FCGIContext * context, char * params) case AUTH_LDAP: { - if (strlen(pass) <= 0) + if (*pass == '\0') { FCGI_RejectJSON(context, "No password supplied."); return; @@ -368,7 +378,7 @@ void Login_Handler(FCGIContext * context, char * params) { //WARNING: C string manipulation code approaching! // Non reentrent; uses strsep and modifies g_options.auth_options - // If problems happen, try strdup ... + // If problems happen, try strdup first ... static char * db_opts[] = {"root", "", "users", "uc_users"}; static bool db_init_opts = false; if (!db_init_opts) @@ -387,7 +397,7 @@ void Login_Handler(FCGIContext * context, char * params) break; } } - Log(LOGDEBUG, "MySQL: user %s pass %s name %s table %s", db_opts[0], db_opts[1], db_opts[2], db_opts[3]); + //Log(LOGDEBUG, "MySQL: user %s pass %s name %s table %s", db_opts[0], db_opts[1], db_opts[2], db_opts[3]); } user_type = Login_MySQL(user, pass, g_options.auth_uri, db_opts[0],db_opts[1], db_opts[2], db_opts[3]);