3 * UCC (University [of WA] Computer Club) Electronic Accounting System
5 * server.c - Client Server Code
7 * This file is licenced under the 3-clause BSD Licence. See the file
8 * COPYING for full details.
13 #include <sys/socket.h>
14 #include <netinet/in.h>
15 #include <arpa/inet.h>
17 #include <fcntl.h> // O_*
21 #include <signal.h> // Signal handling
22 #include <ident.h> // AUTHIDENT
23 #include <time.h> // time(2)
26 #define DEBUG_TRACE_CLIENT 0
27 #define HACK_NO_REFUNDS 1
29 #define PIDFILE "/var/run/dispsrv.pid"
31 #define Debug_Notice(msg, v...) printf("%08llun: "msg"\n", (unsigned long long)time(NULL) ,##v)
32 #define Debug_Debug(msg, v...) printf("%08llud: "msg"\n", (unsigned long long)time(NULL) ,##v)
35 #define MAX_CONNECTION_QUEUE 5
36 #define INPUT_BUFFER_SIZE 256
37 #define CLIENT_TIMEOUT 10 // Seconds
39 #define HASH_TYPE SHA1
40 #define HASH_LENGTH 20
42 #define MSG_STR_TOO_LONG "499 Command too long (limit "EXPSTR(INPUT_BUFFER_SIZE)")\n"
44 #define IDENT_TRUSTED_NETWORK 0x825F0D00
45 #define IDENT_TRUSTED_NETMASK 0xFFFFFFC0
48 typedef struct sClient
50 int Socket; // Client socket ID
54 int bCanAutoAuth; // Is the connection from a trusted host/port
65 void Server_Start(void);
66 void Server_Cleanup(void);
67 void Server_HandleClient(int Socket, int bTrustedHost, int bRootPort);
68 void Server_ParseClientCommand(tClient *Client, char *CommandString);
70 void Server_Cmd_USER(tClient *Client, char *Args);
71 void Server_Cmd_PASS(tClient *Client, char *Args);
72 void Server_Cmd_AUTOAUTH(tClient *Client, char *Args);
73 void Server_Cmd_AUTHIDENT(tClient *Client, char *Args);
74 void Server_Cmd_SETEUSER(tClient *Client, char *Args);
75 void Server_Cmd_ENUMITEMS(tClient *Client, char *Args);
76 void Server_Cmd_ITEMINFO(tClient *Client, char *Args);
77 void Server_Cmd_DISPENSE(tClient *Client, char *Args);
78 void Server_Cmd_REFUND(tClient *Client, char *Args);
79 void Server_Cmd_GIVE(tClient *Client, char *Args);
80 void Server_Cmd_DONATE(tClient *Client, char *Args);
81 void Server_Cmd_ADD(tClient *Client, char *Args);
82 void Server_Cmd_SET(tClient *Client, char *Args);
83 void Server_Cmd_ENUMUSERS(tClient *Client, char *Args);
84 void Server_Cmd_USERINFO(tClient *Client, char *Args);
85 void _SendUserInfo(tClient *Client, int UserID);
86 void Server_Cmd_USERADD(tClient *Client, char *Args);
87 void Server_Cmd_USERFLAGS(tClient *Client, char *Args);
88 void Server_Cmd_UPDATEITEM(tClient *Client, char *Args);
89 void Server_Cmd_PINCHECK(tClient *Client, char *Args);
90 void Server_Cmd_PINSET(tClient *Client, char *Args);
92 void Debug(tClient *Client, const char *Format, ...);
93 int sendf(int Socket, const char *Format, ...);
94 int Server_int_ParseArgs(int bUseLongArg, char *ArgStr, ...);
95 int Server_int_ParseFlags(tClient *Client, const char *Str, int *Mask, int *Value);
99 const struct sClientCommand {
101 void (*Function)(tClient *Client, char *Arguments);
102 } gaServer_Commands[] = {
103 {"USER", Server_Cmd_USER},
104 {"PASS", Server_Cmd_PASS},
105 {"AUTOAUTH", Server_Cmd_AUTOAUTH},
106 {"AUTHIDENT", Server_Cmd_AUTHIDENT},
107 {"SETEUSER", Server_Cmd_SETEUSER},
108 {"ENUM_ITEMS", Server_Cmd_ENUMITEMS},
109 {"ITEM_INFO", Server_Cmd_ITEMINFO},
110 {"DISPENSE", Server_Cmd_DISPENSE},
111 {"REFUND", Server_Cmd_REFUND},
112 {"GIVE", Server_Cmd_GIVE},
113 {"DONATE", Server_Cmd_DONATE},
114 {"ADD", Server_Cmd_ADD},
115 {"SET", Server_Cmd_SET},
116 {"ENUM_USERS", Server_Cmd_ENUMUSERS},
117 {"USER_INFO", Server_Cmd_USERINFO},
118 {"USER_ADD", Server_Cmd_USERADD},
119 {"USER_FLAGS", Server_Cmd_USERFLAGS},
120 {"UPDATE_ITEM", Server_Cmd_UPDATEITEM},
121 {"PIN_CHECK", Server_Cmd_PINCHECK},
122 {"PIN_SET", Server_Cmd_PINSET}
124 #define NUM_COMMANDS ((int)(sizeof(gaServer_Commands)/sizeof(gaServer_Commands[0])))
128 int giServer_Port = 11020;
129 int gbServer_RunInBackground = 0;
130 char *gsServer_LogFile = "/var/log/dispsrv.log";
131 char *gsServer_ErrorLog = "/var/log/dispsrv.err";
132 int giServer_NumTrustedHosts;
133 struct in_addr *gaServer_TrustedHosts;
135 int giServer_Socket; // Server socket
136 int giServer_NextClientID = 1; // Debug client ID
141 * \brief Open listenting socket and serve connections
143 void Server_Start(void)
146 struct sockaddr_in server_addr, client_addr;
148 // Parse trusted hosts list
149 giServer_NumTrustedHosts = Config_GetValueCount("trusted_host");
150 gaServer_TrustedHosts = malloc(giServer_NumTrustedHosts * sizeof(*gaServer_TrustedHosts));
151 for( int i = 0; i < giServer_NumTrustedHosts; i ++ )
153 const char *addr = Config_GetValue("trusted_host", i);
155 if( inet_aton(addr, &gaServer_TrustedHosts[i]) == 0 ) {
156 fprintf(stderr, "Invalid IP address '%s'\n", addr);
161 // Ignore SIGPIPE (stops crashes when the client exits early)
162 signal(SIGPIPE, SIG_IGN);
165 giServer_Socket = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
166 if( giServer_Socket < 0 ) {
167 fprintf(stderr, "ERROR: Unable to create server socket\n");
171 // Make listen address
172 memset(&server_addr, 0, sizeof(server_addr));
173 server_addr.sin_family = AF_INET; // Internet Socket
174 server_addr.sin_addr.s_addr = htonl(INADDR_ANY); // Listen on all interfaces
175 server_addr.sin_port = htons(giServer_Port); // Port
178 if( bind(giServer_Socket, (struct sockaddr *) &server_addr, sizeof(server_addr)) < 0 ) {
179 fprintf(stderr, "ERROR: Unable to bind to 0.0.0.0:%i\n", giServer_Port);
181 close(giServer_Socket);
185 // Fork into background
186 if( gbServer_RunInBackground )
190 fprintf(stderr, "ERROR: Unable to fork\n");
191 perror("fork background");
196 Debug_Notice("Forked child server as PID %i\n", pid);
200 // - Sort out stdin/stdout
202 dup2( open("/dev/null", O_RDONLY, 0644), STDIN_FILENO );
203 dup2( open(gsServer_LogFile, O_CREAT|O_APPEND, 0644), STDOUT_FILENO );
204 dup2( open(gsServer_ErrorLog, O_CREAT|O_APPEND, 0644), STDERR_FILENO );
206 freopen("/dev/null", "r", stdin);
207 freopen(gsServer_LogFile, "a", stdout);
208 freopen(gsServer_ErrorLog, "a", stderr);
209 fprintf(stdout, "OpenDispense 2 Server Started at %lld\n", (long long)time(NULL));
210 fprintf(stderr, "OpenDispense 2 Server Started at %lld\n", (long long)time(NULL));
213 atexit(Server_Cleanup);
215 // Start the helper thread
216 StartPeriodicThread();
219 if( listen(giServer_Socket, MAX_CONNECTION_QUEUE) < 0 ) {
220 fprintf(stderr, "ERROR: Unable to listen to socket\n");
225 Debug_Notice("Listening on 0.0.0.0:%i", giServer_Port);
229 FILE *fp = fopen(PIDFILE, "w");
231 fprintf(fp, "%i", getpid());
238 uint len = sizeof(client_addr);
242 // Accept a connection
243 client_socket = accept(giServer_Socket, (struct sockaddr *) &client_addr, &len);
244 if(client_socket < 0) {
245 fprintf(stderr, "ERROR: Unable to accept client connection\n");
249 // Set a timeout on the user conneciton
252 tv.tv_sec = CLIENT_TIMEOUT;
254 if( setsockopt(client_socket, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)) )
256 perror("setsockopt");
261 // Debug: Print the connection string
262 if(giDebugLevel >= 2) {
263 char ipstr[INET_ADDRSTRLEN];
264 inet_ntop(AF_INET, &client_addr.sin_addr, ipstr, INET_ADDRSTRLEN);
265 Debug_Debug("Client connection from %s:%i",
266 ipstr, ntohs(client_addr.sin_port));
269 // Doesn't matter what, localhost is trusted
270 if( ntohl( client_addr.sin_addr.s_addr ) == 0x7F000001 )
273 // Check if the host is on the trusted list
274 for( int i = 0; i < giServer_NumTrustedHosts; i ++ )
276 if( memcmp(&client_addr.sin_addr, &gaServer_TrustedHosts[i], sizeof(struct in_addr)) == 0 )
283 // Root port (can AUTOAUTH if also a trusted machine
284 if( ntohs(client_addr.sin_port) < 1024 )
289 // TODO: Make this runtime configurable
290 switch( ntohl( client_addr.sin_addr.s_addr ) )
292 case 0x7F000001: // 127.0.0.1 localhost
293 // case 0x825F0D00: // 130.95.13.0
294 case 0x825F0D04: // 130.95.13.4 merlo
295 // case 0x825F0D05: // 130.95.13.5 heathred (MR)
296 case 0x825F0D07: // 130.95.13.7 motsugo
297 case 0x825F0D11: // 130.95.13.17 mermaid
298 case 0x825F0D12: // 130.95.13.18 mussel
299 case 0x825F0D17: // 130.95.13.23 martello
300 case 0x825F0D2A: // 130.95.13.42 meersau
301 // case 0x825F0D42: // 130.95.13.66 heathred (Clubroom)
310 // TODO: Multithread this?
311 Server_HandleClient(client_socket, bTrusted, bRootPort);
313 close(client_socket);
317 void Server_Cleanup(void)
319 Debug_Debug("Close(%i)", giServer_Socket);
320 close(giServer_Socket);
325 * \brief Reads from a client socket and parses the command strings
326 * \param Socket Client socket number/handle
327 * \param bTrusted Is the client trusted?
329 void Server_HandleClient(int Socket, int bTrusted, int bRootPort)
331 char inbuf[INPUT_BUFFER_SIZE];
333 int remspace = INPUT_BUFFER_SIZE-1;
337 memset(&clientInfo, 0, sizeof(clientInfo));
339 // Initialise Client info
340 clientInfo.Socket = Socket;
341 clientInfo.ID = giServer_NextClientID ++;
342 clientInfo.bTrustedHost = bTrusted;
343 clientInfo.bCanAutoAuth = bTrusted && bRootPort;
344 clientInfo.EffectiveUID = -1;
349 * - The `buf` and `remspace` variables allow a line to span several
350 * calls to recv(), if a line is not completed in one recv() call
351 * it is saved to the beginning of `inbuf` and `buf` is updated to
354 // TODO: Use select() instead (to give a timeout)
355 while( (bytes = recv(Socket, buf, remspace, 0)) > 0 )
358 buf[bytes] = '\0'; // Allow us to use stdlib string functions on it
362 while( (eol = strchr(start, '\n')) )
366 Server_ParseClientCommand(&clientInfo, start);
371 // Check if there was an incomplete line
372 if( *start != '\0' ) {
373 int tailBytes = bytes - (start-buf);
374 // Roll back in buffer
375 memcpy(inbuf, start, tailBytes);
376 remspace -= tailBytes;
378 send(Socket, MSG_STR_TOO_LONG, sizeof(MSG_STR_TOO_LONG), 0);
380 remspace = INPUT_BUFFER_SIZE - 1;
385 remspace = INPUT_BUFFER_SIZE - 1;
391 fprintf(stderr, "ERROR: Unable to recieve from client on socket %i\n", Socket);
395 if(giDebugLevel >= 2) {
396 printf("Client %i: Disconnected\n", clientInfo.ID);
401 * \brief Parses a client command and calls the required helper function
402 * \param Client Pointer to client state structure
403 * \param CommandString Command from client (single line of the command)
404 * \return Heap String to return to the client
406 void Server_ParseClientCommand(tClient *Client, char *CommandString)
408 char *command, *args;
411 if( giDebugLevel >= 2 )
412 Debug(Client, "Server_ParseClientCommand: (CommandString = '%s')", CommandString);
414 if( Server_int_ParseArgs(1, CommandString, &command, &args, NULL) )
416 if( command == NULL ) return ;
417 // Is this an error? (just ignore for now)
422 for( i = 0; i < NUM_COMMANDS; i++ )
424 if(strcmp(command, gaServer_Commands[i].Name) == 0) {
425 if( giDebugLevel >= 2 )
426 Debug(Client, "CMD %s - \"%s\"", command, args);
427 gaServer_Commands[i].Function(Client, args);
432 sendf(Client->Socket, "400 Unknown Command\n");
439 * \brief Set client username
441 * Usage: USER <username>
443 void Server_Cmd_USER(tClient *Client, char *Args)
447 if( Server_int_ParseArgs(0, Args, &username, NULL) )
449 sendf(Client->Socket, "407 USER takes 1 argument\n");
455 Debug(Client, "Authenticating as '%s'", username);
459 free(Client->Username);
460 Client->Username = strdup(username);
463 // Create a salt (that changes if the username is changed)
464 // Yes, I know, I'm a little paranoid, but who isn't?
465 Client->Salt[0] = 0x21 + (rand()&0x3F);
466 Client->Salt[1] = 0x21 + (rand()&0x3F);
467 Client->Salt[2] = 0x21 + (rand()&0x3F);
468 Client->Salt[3] = 0x21 + (rand()&0x3F);
469 Client->Salt[4] = 0x21 + (rand()&0x3F);
470 Client->Salt[5] = 0x21 + (rand()&0x3F);
471 Client->Salt[6] = 0x21 + (rand()&0x3F);
472 Client->Salt[7] = 0x21 + (rand()&0x3F);
474 // TODO: Also send hash type to use, (SHA1 or crypt according to [DAA])
475 sendf(Client->Socket, "100 SALT %s\n", Client->Salt);
477 sendf(Client->Socket, "100 User Set\n");
482 * \brief Authenticate as a user
486 void Server_Cmd_PASS(tClient *Client, char *Args)
491 if( Server_int_ParseArgs(0, Args, &passhash, NULL) )
493 sendf(Client->Socket, "407 PASS takes 1 argument\n");
497 // Pass on to cokebank
498 Client->UID = Bank_GetUserAuth(Client->Salt, Client->Username, passhash);
500 if( Client->UID == -1 ) {
501 sendf(Client->Socket, "401 Auth Failure\n");
505 flags = Bank_GetFlags(Client->UID);
506 if( flags & USER_FLAG_DISABLED ) {
508 sendf(Client->Socket, "403 Account Disabled\n");
511 if( flags & USER_FLAG_INTERNAL ) {
513 sendf(Client->Socket, "403 Internal account\n");
517 Client->bIsAuthed = 1;
518 sendf(Client->Socket, "200 Auth OK\n");
522 * \brief Authenticate as a user without a password
524 * Usage: AUTOAUTH <user>
526 void Server_Cmd_AUTOAUTH(tClient *Client, char *Args)
531 if( Server_int_ParseArgs(0, Args, &username, NULL) )
533 sendf(Client->Socket, "407 AUTOAUTH takes 1 argument\n");
538 if( !Client->bCanAutoAuth ) {
540 Debug(Client, "Untrusted client attempting to AUTOAUTH");
541 sendf(Client->Socket, "401 Untrusted\n");
546 Client->UID = Bank_GetAcctByName( username, 0 );
547 if( Client->UID < 0 ) {
549 Debug(Client, "Unknown user '%s'", username);
550 sendf(Client->Socket, "403 Auth Failure\n");
554 userflags = Bank_GetFlags(Client->UID);
555 // You can't be an internal account
556 if( userflags & USER_FLAG_INTERNAL ) {
558 Debug(Client, "Autoauth as '%s', not allowed", username);
560 sendf(Client->Socket, "403 Account is internal\n");
565 if( userflags & USER_FLAG_DISABLED ) {
567 sendf(Client->Socket, "403 Account disabled\n");
573 free(Client->Username);
574 Client->Username = strdup(username);
576 Client->bIsAuthed = 1;
579 Debug(Client, "Auto authenticated as '%s' (%i)", username, Client->UID);
581 sendf(Client->Socket, "200 Auth OK\n");
585 * \brief Authenticate as a user using the IDENT protocol
589 void Server_Cmd_AUTHIDENT(tClient *Client, char *Args)
593 const int ident_timeout = 5;
595 if( Args != NULL && strlen(Args) ) {
596 sendf(Client->Socket, "407 AUTHIDENT takes no arguments\n");
601 if( !Client->bTrustedHost ) {
603 Debug(Client, "Untrusted client attempting to AUTHIDENT");
604 sendf(Client->Socket, "401 Untrusted\n");
608 // Get username via IDENT
609 username = ident_id(Client->Socket, ident_timeout);
611 perror("AUTHIDENT - IDENT timed out");
612 sendf(Client->Socket, "403 Authentication failure: IDENT auth timed out\n");
617 Client->UID = Bank_GetAcctByName( username, 0 );
618 if( Client->UID < 0 ) {
620 Debug(Client, "Unknown user '%s'", username);
621 sendf(Client->Socket, "403 Authentication failure: unknown account\n");
626 userflags = Bank_GetFlags(Client->UID);
627 // You can't be an internal account
628 if( userflags & USER_FLAG_INTERNAL ) {
630 Debug(Client, "IDENT auth as '%s', not allowed", username);
632 sendf(Client->Socket, "403 Authentication failure: that account is internal\n");
638 if( userflags & USER_FLAG_DISABLED ) {
640 sendf(Client->Socket, "403 Authentication failure: account disabled\n");
647 free(Client->Username);
648 Client->Username = strdup(username);
650 Client->bIsAuthed = 1;
653 Debug(Client, "IDENT authenticated as '%s' (%i)", username, Client->UID);
656 sendf(Client->Socket, "200 Auth OK\n");
660 * \brief Set effective user
662 void Server_Cmd_SETEUSER(tClient *Client, char *Args)
665 int eUserFlags, userFlags;
667 if( Server_int_ParseArgs(0, Args, &username, NULL) )
669 sendf(Client->Socket, "407 SETEUSER takes 1 argument\n");
673 if( !strlen(Args) ) {
674 sendf(Client->Socket, "407 SETEUSER expects an argument\n");
678 // Check authentication
679 if( !Client->bIsAuthed ) {
680 sendf(Client->Socket, "401 Not Authenticated\n");
684 // Check user permissions
685 userFlags = Bank_GetFlags(Client->UID);
686 if( !(userFlags & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) {
687 sendf(Client->Socket, "403 Not in coke\n");
692 Client->EffectiveUID = Bank_GetAcctByName(username, 0);
693 if( Client->EffectiveUID == -1 ) {
694 sendf(Client->Socket, "404 User not found\n");
697 // You can't be an internal account (unless you're an admin)
698 if( !(userFlags & USER_FLAG_ADMIN) )
700 eUserFlags = Bank_GetFlags(Client->EffectiveUID);
701 if( eUserFlags & USER_FLAG_INTERNAL ) {
702 Client->EffectiveUID = -1;
703 sendf(Client->Socket, "404 User not found\n");
709 // - If disabled and the actual user is not an admin (and not root)
711 if( (eUserFlags & USER_FLAG_DISABLED) && (Client->UID == 0 || !(userFlags & USER_FLAG_ADMIN)) ) {
712 Client->EffectiveUID = -1;
713 sendf(Client->Socket, "403 Account disabled\n");
717 sendf(Client->Socket, "200 User set\n");
721 * \brief Send an item status to the client
722 * \param Client Who to?
723 * \param Item Item to send
725 void Server_int_SendItem(tClient *Client, tItem *Item)
727 char *status = "avail";
729 if( Item->Handler->CanDispense )
731 switch(Item->Handler->CanDispense(Client->UID, Item->ID))
733 case 0: status = "avail"; break;
734 case 1: status = "sold"; break;
736 case -1: status = "error"; break;
740 if( !gbNoCostMode && Item->Price == 0 )
742 // KNOWN HACK: Naming a slot 'dead' disables it
743 if( strcmp(Item->Name, "dead") == 0 )
744 status = "sold"; // Another status?
746 sendf(Client->Socket,
747 "202 Item %s:%i %s %i %s\n",
748 Item->Handler->Name, Item->ID, status, Item->Price, Item->Name
753 * \brief Enumerate the items that the server knows about
755 void Server_Cmd_ENUMITEMS(tClient *Client, char *Args)
759 if( Args != NULL && strlen(Args) ) {
760 sendf(Client->Socket, "407 ENUM_ITEMS takes no arguments\n");
766 for( i = 0; i < giNumItems; i ++ ) {
767 if( gaItems[i].bHidden ) continue;
771 sendf(Client->Socket, "201 Items %i\n", count);
773 for( i = 0; i < giNumItems; i ++ ) {
774 if( gaItems[i].bHidden ) continue;
775 Server_int_SendItem( Client, &gaItems[i] );
778 sendf(Client->Socket, "200 List end\n");
781 tItem *_GetItemFromString(char *String)
785 char *colon = strchr(String, ':');
797 for( i = 0; i < giNumHandlers; i ++ )
799 if( strcmp(gaHandlers[i]->Name, type) == 0) {
800 handler = gaHandlers[i];
809 for( i = 0; i < giNumItems; i ++ )
811 if( gaItems[i].Handler != handler ) continue;
812 if( gaItems[i].ID != num ) continue;
819 * \brief Fetch information on a specific item
821 * Usage: ITEMINFO <item ID>
823 void Server_Cmd_ITEMINFO(tClient *Client, char *Args)
828 if( Server_int_ParseArgs(0, Args, &itemname, NULL) ) {
829 sendf(Client->Socket, "407 ITEMINFO takes 1 argument\n");
832 item = _GetItemFromString(Args);
835 sendf(Client->Socket, "406 Bad Item ID\n");
839 Server_int_SendItem( Client, item );
843 * \brief Dispense an item
845 * Usage: DISPENSE <Item ID>
847 void Server_Cmd_DISPENSE(tClient *Client, char *Args)
854 if( Server_int_ParseArgs(0, Args, &itemname, NULL) ) {
855 sendf(Client->Socket, "407 DISPENSE takes only 1 argument\n");
859 if( !Client->bIsAuthed ) {
860 sendf(Client->Socket, "401 Not Authenticated\n");
864 item = _GetItemFromString(itemname);
866 sendf(Client->Socket, "406 Bad Item ID\n");
870 if( Client->EffectiveUID != -1 ) {
871 uid = Client->EffectiveUID;
877 // if( Bank_GetFlags(Client->UID) & USER_FLAG_DISABLED ) {
880 switch( ret = DispenseItem( Client->UID, uid, item ) )
882 case 0: sendf(Client->Socket, "200 Dispense OK\n"); return ;
883 case 1: sendf(Client->Socket, "501 Unable to dispense\n"); return ;
884 case 2: sendf(Client->Socket, "402 Poor You\n"); return ;
886 sendf(Client->Socket, "500 Dispense Error (%i)\n", ret);
892 * \brief Refund an item to a user
894 * Usage: REFUND <user> <item id> [<price>]
896 void Server_Cmd_REFUND(tClient *Client, char *Args)
899 int uid, price_override = 0;
900 char *username, *itemname, *price_str;
902 if( Server_int_ParseArgs(0, Args, &username, &itemname, &price_str, NULL) ) {
903 if( !itemname || price_str ) {
904 sendf(Client->Socket, "407 REFUND takes 2 or 3 arguments\n");
909 if( !Client->bIsAuthed ) {
910 sendf(Client->Socket, "401 Not Authenticated\n");
914 // Check user permissions
915 if( !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) {
916 sendf(Client->Socket, "403 Not in coke\n");
920 uid = Bank_GetAcctByName(username, 0);
922 sendf(Client->Socket, "404 Unknown user\n");
926 item = _GetItemFromString(itemname);
928 sendf(Client->Socket, "406 Bad Item ID\n");
933 price_override = atoi(price_str);
935 switch( DispenseRefund( Client->UID, uid, item, price_override ) )
937 case 0: sendf(Client->Socket, "200 Item Refunded\n"); return ;
939 sendf(Client->Socket, "500 Dispense Error\n");
945 * \brief Transfer money to another account
947 * Usage: GIVE <dest> <ammount> <reason...>
949 void Server_Cmd_GIVE(tClient *Client, char *Args)
951 char *recipient, *ammount, *reason;
956 if( Server_int_ParseArgs(1, Args, &recipient, &ammount, &reason, NULL) ) {
957 sendf(Client->Socket, "407 GIVE takes only 3 arguments\n");
962 if( !Client->bIsAuthed ) {
963 sendf(Client->Socket, "401 Not Authenticated\n");
968 uid = Bank_GetAcctByName(recipient, 0);
970 sendf(Client->Socket, "404 Invalid target user\n");
974 // You can't alter an internal account
975 // if( Bank_GetFlags(uid) & USER_FLAG_INTERNAL ) {
976 // sendf(Client->Socket, "404 Invalid target user\n");
981 iAmmount = atoi(ammount);
982 if( iAmmount <= 0 ) {
983 sendf(Client->Socket, "407 Invalid Argument, ammount must be > zero\n");
987 if( Client->EffectiveUID != -1 ) {
988 thisUid = Client->EffectiveUID;
991 thisUid = Client->UID;
995 switch( DispenseGive(Client->UID, thisUid, uid, iAmmount, reason) )
998 sendf(Client->Socket, "200 Give OK\n");
1001 sendf(Client->Socket, "402 Poor You\n");
1004 sendf(Client->Socket, "500 Unknown error\n");
1009 void Server_Cmd_DONATE(tClient *Client, char *Args)
1011 char *ammount, *reason;
1016 if( Server_int_ParseArgs(1, Args, &ammount, &reason, NULL) ) {
1017 sendf(Client->Socket, "407 DONATE takes 2 arguments\n");
1021 if( !Client->bIsAuthed ) {
1022 sendf(Client->Socket, "401 Not Authenticated\n");
1027 iAmmount = atoi(ammount);
1028 if( iAmmount <= 0 ) {
1029 sendf(Client->Socket, "407 Invalid Argument, ammount must be > zero\n");
1033 // Handle effective users
1034 if( Client->EffectiveUID != -1 ) {
1035 thisUid = Client->EffectiveUID;
1038 thisUid = Client->UID;
1042 switch( DispenseDonate(Client->UID, thisUid, iAmmount, reason) )
1045 sendf(Client->Socket, "200 Give OK\n");
1048 sendf(Client->Socket, "402 Poor You\n");
1051 sendf(Client->Socket, "500 Unknown error\n");
1056 void Server_Cmd_ADD(tClient *Client, char *Args)
1058 char *user, *ammount, *reason;
1062 if( Server_int_ParseArgs(1, Args, &user, &ammount, &reason, NULL) ) {
1063 sendf(Client->Socket, "407 ADD takes 3 arguments\n");
1067 if( !Client->bIsAuthed ) {
1068 sendf(Client->Socket, "401 Not Authenticated\n");
1072 // Check user permissions
1073 if( !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) {
1074 sendf(Client->Socket, "403 Not in coke\n");
1079 if( strcmp( Client->Username, "root" ) == 0 ) {
1080 // Allow adding for new users
1081 if( strcmp(reason, "treasurer: new user") != 0 ) {
1082 sendf(Client->Socket, "403 Root may not add\n");
1089 if( strstr(reason, "refund") != NULL || strstr(reason, "misdispense") != NULL )
1091 sendf(Client->Socket, "499 Don't use `dispense acct` for refunds, use `dispense refund` (and `dispense -G` to get item IDs)\n");
1097 uid = Bank_GetAcctByName(user, 0);
1099 sendf(Client->Socket, "404 Invalid user\n");
1103 // You can't alter an internal account
1104 if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) )
1106 if( Bank_GetFlags(uid) & USER_FLAG_INTERNAL ) {
1107 sendf(Client->Socket, "403 Admin only\n");
1110 // TODO: Maybe disallow changes to disabled?
1114 iAmmount = atoi(ammount);
1115 if( iAmmount == 0 && ammount[0] != '0' ) {
1116 sendf(Client->Socket, "407 Invalid Argument\n");
1121 switch( DispenseAdd(Client->UID, uid, iAmmount, reason) )
1124 sendf(Client->Socket, "200 Add OK\n");
1127 sendf(Client->Socket, "402 Poor Guy\n");
1130 sendf(Client->Socket, "500 Unknown error\n");
1135 void Server_Cmd_SET(tClient *Client, char *Args)
1137 char *user, *ammount, *reason;
1141 if( Server_int_ParseArgs(1, Args, &user, &ammount, &reason, NULL) ) {
1142 sendf(Client->Socket, "407 SET takes 3 arguments\n");
1146 if( !Client->bIsAuthed ) {
1147 sendf(Client->Socket, "401 Not Authenticated\n");
1151 // Check user permissions
1152 if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) ) {
1153 sendf(Client->Socket, "403 Not an admin\n");
1158 uid = Bank_GetAcctByName(user, 0);
1160 sendf(Client->Socket, "404 Invalid user\n");
1165 iAmmount = atoi(ammount);
1166 if( iAmmount == 0 && ammount[0] != '0' ) {
1167 sendf(Client->Socket, "407 Invalid Argument\n");
1172 switch( DispenseSet(Client->UID, uid, iAmmount, reason) )
1175 sendf(Client->Socket, "200 Add OK\n");
1178 sendf(Client->Socket, "402 Poor Guy\n");
1181 sendf(Client->Socket, "500 Unknown error\n");
1186 void Server_Cmd_ENUMUSERS(tClient *Client, char *Args)
1190 int maxBal = INT_MAX, minBal = INT_MIN;
1191 int flagMask = 0, flagVal = 0;
1192 int sort = BANK_ITFLAG_SORT_NAME;
1193 time_t lastSeenAfter=0, lastSeenBefore=0;
1195 int flags; // Iterator flags
1196 int balValue; // Balance value for iterator
1197 time_t timeValue; // Time value for iterator
1200 if( Args && strlen(Args) )
1202 char *space = Args, *type, *val;
1206 while(*type == ' ') type ++;
1208 space = strchr(space, ' ');
1209 if(space) *space = '\0';
1212 val = strchr(type, ':');
1219 if( strcmp(type, "min_balance") == 0 ) {
1222 // - Maximum Balance
1223 else if( strcmp(type, "max_balance") == 0 ) {
1227 else if( strcmp(type, "flags") == 0 ) {
1228 if( Server_int_ParseFlags(Client, val, &flagMask, &flagVal) )
1231 // - Last seen before timestamp
1232 else if( strcmp(type, "last_seen_before") == 0 ) {
1233 lastSeenAfter = atoll(val);
1235 // - Last seen after timestamp
1236 else if( strcmp(type, "last_seen_after") == 0 ) {
1237 lastSeenAfter = atoll(val);
1240 else if( strcmp(type, "sort") == 0 ) {
1241 char *dash = strchr(val, '-');
1246 if( strcmp(val, "name") == 0 ) {
1247 sort = BANK_ITFLAG_SORT_NAME;
1249 else if( strcmp(val, "balance") == 0 ) {
1250 sort = BANK_ITFLAG_SORT_BAL;
1252 else if( strcmp(val, "lastseen") == 0 ) {
1253 sort = BANK_ITFLAG_SORT_LASTSEEN;
1256 sendf(Client->Socket, "407 Unknown sort field ('%s')\n", val);
1259 // Handle sort direction
1261 if( strcmp(dash, "desc") == 0 ) {
1262 sort |= BANK_ITFLAG_REVSORT;
1265 sendf(Client->Socket, "407 Unknown sort direction '%s'\n", dash);
1272 sendf(Client->Socket, "407 Unknown argument to ENUM_USERS '%s:%s'\n", type, val);
1279 sendf(Client->Socket, "407 Unknown argument to ENUM_USERS '%s'\n", type);
1285 *space = ' '; // Repair (to be nice)
1287 while(*space == ' ') space ++;
1293 if( maxBal != INT_MAX ) {
1294 flags = sort|BANK_ITFLAG_MAXBALANCE;
1297 else if( minBal != INT_MIN ) {
1298 flags = sort|BANK_ITFLAG_MINBALANCE;
1305 if( lastSeenBefore ) {
1306 timeValue = lastSeenBefore;
1307 flags |= BANK_ITFLAG_SEENBEFORE;
1309 else if( lastSeenAfter ) {
1310 timeValue = lastSeenAfter;
1311 flags |= BANK_ITFLAG_SEENAFTER;
1316 it = Bank_Iterator(flagMask, flagVal, flags, balValue, timeValue);
1318 // Get return number
1319 while( (i = Bank_IteratorNext(it)) != -1 )
1321 int bal = Bank_GetBalance(i);
1323 if( bal == INT_MIN ) continue;
1325 if( bal < minBal ) continue;
1326 if( bal > maxBal ) continue;
1331 Bank_DelIterator(it);
1334 sendf(Client->Socket, "201 Users %i\n", numRet);
1338 it = Bank_Iterator(flagMask, flagVal, flags, balValue, timeValue);
1340 while( (i = Bank_IteratorNext(it)) != -1 )
1342 int bal = Bank_GetBalance(i);
1344 if( bal == INT_MIN ) continue;
1346 if( bal < minBal ) continue;
1347 if( bal > maxBal ) continue;
1349 _SendUserInfo(Client, i);
1352 Bank_DelIterator(it);
1354 sendf(Client->Socket, "200 List End\n");
1357 void Server_Cmd_USERINFO(tClient *Client, char *Args)
1363 if( Server_int_ParseArgs(0, Args, &user, NULL) ) {
1364 sendf(Client->Socket, "407 USER_INFO takes 1 argument\n");
1368 if( giDebugLevel ) Debug(Client, "User Info '%s'", user);
1371 uid = Bank_GetAcctByName(user, 0);
1373 if( giDebugLevel >= 2 ) Debug(Client, "uid = %i", uid);
1375 sendf(Client->Socket, "404 Invalid user\n");
1379 _SendUserInfo(Client, uid);
1382 void _SendUserInfo(tClient *Client, int UserID)
1384 char *type, *disabled="", *door="";
1385 int flags = Bank_GetFlags(UserID);
1387 if( flags & USER_FLAG_INTERNAL ) {
1390 else if( flags & USER_FLAG_COKE ) {
1391 if( flags & USER_FLAG_ADMIN )
1392 type = "coke,admin";
1396 else if( flags & USER_FLAG_ADMIN ) {
1403 if( flags & USER_FLAG_DISABLED )
1404 disabled = ",disabled";
1405 if( flags & USER_FLAG_DOORGROUP )
1408 // TODO: User flags/type
1410 Client->Socket, "202 User %s %i %s%s%s\n",
1411 Bank_GetAcctName(UserID), Bank_GetBalance(UserID),
1412 type, disabled, door
1416 void Server_Cmd_USERADD(tClient *Client, char *Args)
1421 if( Server_int_ParseArgs(0, Args, &username, NULL) ) {
1422 sendf(Client->Socket, "407 USER_ADD takes 1 argument\n");
1426 // Check authentication
1427 if( !Client->bIsAuthed ) {
1428 sendf(Client->Socket, "401 Not Authenticated\n");
1432 // Check permissions
1433 if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) ) {
1434 sendf(Client->Socket, "403 Not a coke admin\n");
1438 // Try to create user
1439 if( Bank_CreateAcct(username) == -1 ) {
1440 sendf(Client->Socket, "404 User exists\n");
1445 char *thisName = Bank_GetAcctName(Client->UID);
1446 Log_Info("Account '%s' created by '%s'", username, thisName);
1450 sendf(Client->Socket, "200 User Added\n");
1453 void Server_Cmd_USERFLAGS(tClient *Client, char *Args)
1455 char *username, *flags, *reason=NULL;
1456 int mask=0, value=0;
1460 if( Server_int_ParseArgs(1, Args, &username, &flags, &reason, NULL) ) {
1462 sendf(Client->Socket, "407 USER_FLAGS takes at least 2 arguments\n");
1468 // Check authentication
1469 if( !Client->bIsAuthed ) {
1470 sendf(Client->Socket, "401 Not Authenticated\n");
1474 // Check permissions
1475 if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) ) {
1476 sendf(Client->Socket, "403 Not a coke admin\n");
1481 uid = Bank_GetAcctByName(username, 0);
1483 sendf(Client->Socket, "404 User '%s' not found\n", username);
1488 if( Server_int_ParseFlags(Client, flags, &mask, &value) )
1492 Debug(Client, "Set %i(%s) flags to %x (masked %x)\n",
1493 uid, username, mask, value);
1496 Bank_SetFlags(uid, mask, value);
1499 Log_Info("Updated '%s' with flag set '%s' by '%s' - Reason: %s",
1500 username, flags, Client->Username, reason);
1503 sendf(Client->Socket, "200 User Updated\n");
1506 void Server_Cmd_UPDATEITEM(tClient *Client, char *Args)
1508 char *itemname, *price_str, *description;
1512 if( Server_int_ParseArgs(1, Args, &itemname, &price_str, &description, NULL) ) {
1513 sendf(Client->Socket, "407 UPDATE_ITEM takes 3 arguments\n");
1517 if( !Client->bIsAuthed ) {
1518 sendf(Client->Socket, "401 Not Authenticated\n");
1522 // Check user permissions
1523 if( !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) {
1524 sendf(Client->Socket, "403 Not in coke\n");
1528 item = _GetItemFromString(itemname);
1530 // TODO: Create item?
1531 sendf(Client->Socket, "406 Bad Item ID\n");
1535 price = atoi(price_str);
1536 if( price <= 0 && price_str[0] != '0' ) {
1537 sendf(Client->Socket, "407 Invalid price set\n");
1540 switch( DispenseUpdateItem( Client->UID, item, description, price ) )
1544 sendf(Client->Socket, "200 Item updated\n");
1551 void Server_Cmd_PINCHECK(tClient *Client, char *Args)
1553 char *username, *pinstr;
1556 if( Server_int_ParseArgs(0, Args, &username, &pinstr, NULL) ) {
1557 sendf(Client->Socket, "407 PIN_CHECK takes 2 arguments\n");
1561 if( !isdigit(pinstr[0]) || !isdigit(pinstr[1]) || !isdigit(pinstr[2]) || !isdigit(pinstr[3]) || pinstr[4] != '\0' ) {
1562 sendf(Client->Socket, "407 PIN should be four digits\n");
1567 // Not authenticated? go away!
1568 if( !Client->bIsAuthed ) {
1569 sendf(Client->Socket, "401 Not Authenticated\n");
1574 int uid = Bank_GetAcctByName(username, 0);
1576 sendf(Client->Socket, "404 User '%s' not found\n", username);
1580 // Check user permissions
1581 if( uid != Client->UID && !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) {
1582 sendf(Client->Socket, "403 Not in coke\n");
1587 static time_t last_wrong_pin_time;
1588 static int backoff = 1;
1589 if( time(NULL) - last_wrong_pin_time < backoff ) {
1590 sendf(Client->Socket, "407 Rate limited (%i seconds remaining)\n",
1591 backoff - (time(NULL) - last_wrong_pin_time));
1594 last_wrong_pin_time = time(NULL);
1595 if( !Bank_IsPinValid(uid, pin) )
1597 sendf(Client->Socket, "201 Pin incorrect\n");
1598 struct sockaddr_storage addr;
1599 socklen_t len = sizeof(addr);
1600 char ipstr[INET6_ADDRSTRLEN];
1601 getpeername(Client->Socket, (void*)&addr, &len);
1602 struct sockaddr_in *s = (struct sockaddr_in *)&addr;
1603 inet_ntop(addr.ss_family, &s->sin_addr, ipstr, sizeof(ipstr));
1604 Debug_Notice("Bad pin from %s for %s by %i", ipstr, username, Client->UID);
1610 last_wrong_pin_time = 0;
1612 sendf(Client->Socket, "200 Pin correct\n");
1615 void Server_Cmd_PINSET(tClient *Client, char *Args)
1621 if( Server_int_ParseArgs(0, Args, &pinstr, NULL) ) {
1622 sendf(Client->Socket, "407 PIN_SET takes 1 argument\n");
1626 if( !isdigit(pinstr[0]) || !isdigit(pinstr[1]) || !isdigit(pinstr[2]) || !isdigit(pinstr[3]) || pinstr[4] != '\0' ) {
1627 sendf(Client->Socket, "407 PIN should be four digits\n");
1632 if( !Client->bIsAuthed ) {
1633 sendf(Client->Socket, "401 Not Authenticated\n");
1637 int uid = Client->EffectiveUID;
1640 // Can only pinset yourself (well, the effective user)
1641 Bank_SetPin(uid, pin);
1642 sendf(Client->Socket, "200 Pin updated\n");
1646 // --- INTERNAL HELPERS ---
1647 void Debug(tClient *Client, const char *Format, ...)
1650 //printf("%010i [%i] ", (int)time(NULL), Client->ID);
1651 printf("[%i] ", Client->ID);
1652 va_start(args, Format);
1653 vprintf(Format, args);
1658 int sendf(int Socket, const char *Format, ...)
1663 va_start(args, Format);
1664 len = vsnprintf(NULL, 0, Format, args);
1669 va_start(args, Format);
1670 vsnprintf(buf, len+1, Format, args);
1673 #if DEBUG_TRACE_CLIENT
1674 printf("sendf: %s", buf);
1677 return send(Socket, buf, len, 0);
1681 // Takes a series of char *'s in
1683 * \brief Parse space-separated entries into
1685 int Server_int_ParseArgs(int bUseLongLast, char *ArgStr, ...)
1690 va_start(args, ArgStr);
1695 while( (dest = va_arg(args, char **)) )
1701 savedChar = *ArgStr;
1703 while( (dest = va_arg(args, char **)) )
1705 // Trim leading spaces
1706 while( *ArgStr == ' ' || *ArgStr == '\t' )
1709 // ... oops, not enough arguments
1710 if( *ArgStr == '\0' )
1712 // NULL unset arguments
1715 } while( (dest = va_arg(args, char **)) );
1720 if( *ArgStr == '"' )
1725 while( *ArgStr && *ArgStr != '"' )
1732 // Read until a space
1733 while( *ArgStr && *ArgStr != ' ' && *ArgStr != '\t' )
1736 savedChar = *ArgStr; // savedChar is used to un-mangle the last string
1742 // Oops, extra arguments, and greedy not set
1743 if( (savedChar == ' ' || savedChar == '\t') && !bUseLongLast ) {
1750 *ArgStr = savedChar;
1753 return 0; // Success!
1756 int Server_int_ParseFlags(tClient *Client, const char *Str, int *Mask, int *Value)
1763 {"disabled", USER_FLAG_DISABLED, USER_FLAG_DISABLED}
1764 ,{"door", USER_FLAG_DOORGROUP, USER_FLAG_DOORGROUP}
1765 ,{"coke", USER_FLAG_COKE, USER_FLAG_COKE}
1766 ,{"admin", USER_FLAG_ADMIN, USER_FLAG_ADMIN}
1767 ,{"internal", USER_FLAG_INTERNAL, USER_FLAG_INTERNAL}
1769 const int ciNumFlags = sizeof(cFLAGS)/sizeof(cFLAGS[0]);
1781 while( *Str == ' ' ) Str ++; // Eat whitespace
1782 space = strchr(Str, ','); // Find the end of the flag
1788 // Check for inversion/removal
1789 if( *Str == '!' || *Str == '-' ) {
1793 else if( *Str == '+' ) {
1797 // Check flag values
1798 for( i = 0; i < ciNumFlags; i ++ )
1800 if( strncmp(Str, cFLAGS[i].Name, len) == 0 ) {
1801 *Mask |= cFLAGS[i].Mask;
1802 *Value &= ~cFLAGS[i].Mask;
1804 *Value |= cFLAGS[i].Value;
1810 if( i == ciNumFlags ) {
1812 strncpy(val, Str, len+1);
1813 sendf(Client->Socket, "407 Unknown flag value '%s'\n", val);
git.ucc.asn.au / tpg / opendispense2.git / blob
UCC git Repository :: git.ucc.asn.au