From afc4569cb98d4cc498e78ebb51767e5521ba2ea8 Mon Sep 17 00:00:00 2001 From: John Hodge Date: Sat, 12 Jan 2013 21:09:57 +0800 Subject: [PATCH] Pin checks and disabled account behavior --- src/client/Makefile | 2 +- src/client/protocol.c | 60 ++++++++++++++++++++++++++++++++++++++++--- src/server/server.c | 27 ++++++++++--------- 3 files changed, 70 insertions(+), 19 deletions(-) diff --git a/src/client/Makefile b/src/client/Makefile index 8c1cda4..8d261aa 100644 --- a/src/client/Makefile +++ b/src/client/Makefile @@ -1,5 +1,5 @@ -CFLAGS := -Wall -Werror -g +CFLAGS := -Wall -Werror -g -std=gnu99 LDFLAGS := -g -lncurses # -lssl diff --git a/src/client/protocol.c b/src/client/protocol.c index 483ee57..ad8a6bf 100644 --- a/src/client/protocol.c +++ b/src/client/protocol.c @@ -55,8 +55,6 @@ int OpenConnection(const char *Host, int Port) return -1; } -// printf("geteuid() = %i, getuid() = %i\n", geteuid(), getuid()); - if( geteuid() == 0 || getuid() == 0 ) { int i; @@ -74,8 +72,6 @@ int OpenConnection(const char *Host, int Port) } if( i == 1024 ) printf("Warning: AUTOAUTH unavaliable\n"); -// else -// printf("Bound to 0.0.0.0:%i\n", i); } if( connect(sock, (struct sockaddr *) &serverAddr, sizeof(serverAddr)) < 0 ) { @@ -514,6 +510,62 @@ int Dispense_ItemInfo(int Socket, const char *Type, int ID) return 0; } +int DispenseCheckPin(int Socket, const char *Username, const char *Pin) +{ + int ret, responseCode; + char *buf; + + if( strlen(Pin) != 4 ) { + fprintf(stderr, "Pin format incorrect (not 4 characters long)\n"); + return RV_ARGUMENTS; + } + + for( int i = 0; i < 4; i ++ ) + if( !isdigit(Pin[i]) ) { + fprintf(stderr, "Pin format incorrect (character %i not a digit)\n", i); + return RV_ARGUMENTS; + } + } + + sendf(Socket, "CHECK_PIN %s %s\n", Username, Pin); + buf = ReadLine(Socket); + + responseCode = atoi(buf); + switch( responseCode ) + { + case 200: // Pin correct + printf("Pin OK\n"); + ret = 0; + break; + case 201: + printf("Pin incorrect\n"); + ret = RV_INVALID_USER; + break; + case 401: + printf("Not authenticated\n"); + ret = RV_PERMISSIONS; + break; + case 403: + printf("Only coke members can check accounts other than their own\n"); + ret = RV_PERMISSIONS; + break; + case 404: + printf("User '%s' not found\n", Username); + ret = RV_INVALID_USER; + break; + case 407: + printf("Rate limited or client-server disagree on pin format\n"); + ret = RV_SERVER_ERROR; + break; + default: + printf("Unknown response code %i ('%s')\n", responseCode, buf); + ret = RV_UNKNOWN_ERROR; + break; + } + free(buf); + return ret; +} + /** * \brief Dispense an item * \return Boolean Failure diff --git a/src/server/server.c b/src/server/server.c index 9bf9eba..2afd1a7 100644 --- a/src/server/server.c +++ b/src/server/server.c @@ -699,16 +699,12 @@ void Server_Cmd_SETEUSER(tClient *Client, char *Args) sendf(Client->Socket, "404 User not found\n"); return ; } - // Disabled only avaliable to admins - if( eUserFlags & USER_FLAG_DISABLED ) { - Client->EffectiveUID = -1; - sendf(Client->Socket, "403 Account disabled\n"); - return ; - } } // Disabled accounts - if( userFlags & USER_FLAG_DISABLED ) { + // - If disabled and the actual user is not an admin (and not root) + // return 403 + if( (eUserFlags & USER_FLAG_DISABLED) && (Client->UID == 0 || !(userFlags & USER_FLAG_ADMIN)) ) { Client->EffectiveUID = -1; sendf(Client->Socket, "403 Account disabled\n"); return ; @@ -874,6 +870,9 @@ void Server_Cmd_DISPENSE(tClient *Client, char *Args) uid = Client->UID; } +// if( Bank_GetFlags(Client->UID) & USER_FLAG_DISABLED ) { +// } + switch( ret = DispenseItem( Client->UID, uid, item ) ) { case 0: sendf(Client->Socket, "200 Dispense OK\n"); return ; @@ -1567,12 +1566,6 @@ void Server_Cmd_PINCHECK(tClient *Client, char *Args) return ; } - // Check user permissions - if( !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) { - sendf(Client->Socket, "403 Not in coke\n"); - return ; - } - // Get user int uid = Bank_GetAcctByName(username, 0); if( uid == -1 ) { @@ -1580,6 +1573,12 @@ void Server_Cmd_PINCHECK(tClient *Client, char *Args) return ; } + // Check user permissions + if( uid != Client->UID && !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) { + sendf(Client->Socket, "403 Not in coke\n"); + return ; + } + // Get the pin static time_t last_wrong_pin_time; static int backoff = 1; @@ -1591,7 +1590,7 @@ void Server_Cmd_PINCHECK(tClient *Client, char *Args) last_wrong_pin_time = time(NULL); if( !Bank_IsPinValid(uid, pin) ) { - sendf(Client->Socket, "403 Pin incorrect\n"); + sendf(Client->Socket, "201 Pin incorrect\n"); if( backoff < 5) backoff ++; return ; -- 2.20.1