src/server/server.c

   1 /*
   2  * OpenDispense 2
   3  * UCC (University [of WA] Computer Club) Electronic Accounting System
   4  *
   5  * server.c - Client Server Code
   6  *
   7  * This file is licenced under the 3-clause BSD Licence. See the file
   8  * COPYING for full details.
   9  */
  10 #include <stdio.h>
  11 #include <stdlib.h>
  12 #include "common.h"
  13 #include <sys/socket.h>
  14 #include <netinet/in.h>
  15 #include <arpa/inet.h>
  16 #include <unistd.h>
  17 #include <string.h>
  18 #include <limits.h>
  19 #include <stdarg.h>
  20
  21 #define DEBUG_TRACE_CLIENT      0
  22
  23 // Statistics
  24 #define MAX_CONNECTION_QUEUE    5
  25 #define INPUT_BUFFER_SIZE       256
  26 #define CLIENT_TIMEOUT  10      // Seconds
  27
  28 #define HASH_TYPE       SHA1
  29 #define HASH_LENGTH     20
  30
  31 #define MSG_STR_TOO_LONG        "499 Command too long (limit "EXPSTR(INPUT_BUFFER_SIZE)")\n"
  32
  33 // === TYPES ===
  34 typedef struct sClient
  35 {
  36          int    Socket; // Client socket ID
  37          int    ID;     // Client ID
  38
  39          int    bIsTrusted;     // Is the connection from a trusted host/port
  40
  41         char    *Username;
  42         char    Salt[9];
  43
  44          int    UID;
  45          int    EffectiveUID;
  46          int    bIsAuthed;
  47 }       tClient;
  48
  49 // === PROTOTYPES ===
  50 void    Server_Start(void);
  51 void    Server_Cleanup(void);
  52 void    Server_HandleClient(int Socket, int bTrusted);
  53 void    Server_ParseClientCommand(tClient *Client, char *CommandString);
  54 // --- Commands ---
  55 void    Server_Cmd_USER(tClient *Client, char *Args);
  56 void    Server_Cmd_PASS(tClient *Client, char *Args);
  57 void    Server_Cmd_AUTOAUTH(tClient *Client, char *Args);
  58 void    Server_Cmd_SETEUSER(tClient *Client, char *Args);
  59 void    Server_Cmd_ENUMITEMS(tClient *Client, char *Args);
  60 void    Server_Cmd_ITEMINFO(tClient *Client, char *Args);
  61 void    Server_Cmd_DISPENSE(tClient *Client, char *Args);
  62 void    Server_Cmd_GIVE(tClient *Client, char *Args);
  63 void    Server_Cmd_DONATE(tClient *Client, char *Args);
  64 void    Server_Cmd_ADD(tClient *Client, char *Args);
  65 void    Server_Cmd_SET(tClient *Client, char *Args);
  66 void    Server_Cmd_ENUMUSERS(tClient *Client, char *Args);
  67 void    Server_Cmd_USERINFO(tClient *Client, char *Args);
  68 void    _SendUserInfo(tClient *Client, int UserID);
  69 void    Server_Cmd_USERADD(tClient *Client, char *Args);
  70 void    Server_Cmd_USERFLAGS(tClient *Client, char *Args);
  71 // --- Helpers ---
  72 void    Debug(tClient *Client, const char *Format, ...);
  73  int    sendf(int Socket, const char *Format, ...);
  74  int    Server_int_ParseArgs(int bUseLongArg, char *ArgStr, ...);
  75  int    Server_int_ParseFlags(tClient *Client, const char *Str, int *Mask, int *Value);
  76
  77 // === CONSTANTS ===
  78 // - Commands
  79 const struct sClientCommand {
  80         const char      *Name;
  81         void    (*Function)(tClient *Client, char *Arguments);
  82 }       gaServer_Commands[] = {
  83         {"USER", Server_Cmd_USER},
  84         {"PASS", Server_Cmd_PASS},
  85         {"AUTOAUTH", Server_Cmd_AUTOAUTH},
  86         {"SETEUSER", Server_Cmd_SETEUSER},
  87         {"ENUM_ITEMS", Server_Cmd_ENUMITEMS},
  88         {"ITEM_INFO", Server_Cmd_ITEMINFO},
  89         {"DISPENSE", Server_Cmd_DISPENSE},
  90         {"GIVE", Server_Cmd_GIVE},
  91         {"DONATE", Server_Cmd_DONATE},
  92         {"ADD", Server_Cmd_ADD},
  93         {"SET", Server_Cmd_SET},
  94         {"ENUM_USERS", Server_Cmd_ENUMUSERS},
  95         {"USER_INFO", Server_Cmd_USERINFO},
  96         {"USER_ADD", Server_Cmd_USERADD},
  97         {"USER_FLAGS", Server_Cmd_USERFLAGS}
  98 };
  99 #define NUM_COMMANDS    ((int)(sizeof(gaServer_Commands)/sizeof(gaServer_Commands[0])))
 100
 101 // === GLOBALS ===
 102  int    giServer_Port = 11020;
 103  int    giServer_NextClientID = 1;
 104  int    giServer_Socket;
 105
 106 // === CODE ===
 107 /**
 108  * \brief Open listenting socket and serve connections
 109  */
 110 void Server_Start(void)
 111 {
 112          int    client_socket;
 113         struct sockaddr_in      server_addr, client_addr;
 114
 115         atexit(Server_Cleanup);
 116
 117         // Create Server
 118         giServer_Socket = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
 119         if( giServer_Socket < 0 ) {
 120                 fprintf(stderr, "ERROR: Unable to create server socket\n");
 121                 return ;
 122         }
 123
 124         // Make listen address
 125         memset(&server_addr, 0, sizeof(server_addr));
 126         server_addr.sin_family = AF_INET;       // Internet Socket
 127         server_addr.sin_addr.s_addr = htonl(INADDR_ANY);        // Listen on all interfaces
 128         server_addr.sin_port = htons(giServer_Port);    // Port
 129
 130         // Bind
 131         if( bind(giServer_Socket, (struct sockaddr *) &server_addr, sizeof(server_addr)) < 0 ) {
 132                 fprintf(stderr, "ERROR: Unable to bind to 0.0.0.0:%i\n", giServer_Port);
 133                 perror("Binding");
 134                 return ;
 135         }
 136
 137         // Listen
 138         if( listen(giServer_Socket, MAX_CONNECTION_QUEUE) < 0 ) {
 139                 fprintf(stderr, "ERROR: Unable to listen to socket\n");
 140                 perror("Listen");
 141                 return ;
 142         }
 143
 144         printf("Listening on 0.0.0.0:%i\n", giServer_Port);
 145
 146         for(;;)
 147         {
 148                 uint    len = sizeof(client_addr);
 149                  int    bTrusted = 0;
 150
 151                 // Accept a connection
 152                 client_socket = accept(giServer_Socket, (struct sockaddr *) &client_addr, &len);
 153                 if(client_socket < 0) {
 154                         fprintf(stderr, "ERROR: Unable to accept client connection\n");
 155                         return ;
 156                 }
 157
 158                 // Set a timeout on the user conneciton
 159                 {
 160                         struct timeval tv;
 161                         tv.tv_sec = CLIENT_TIMEOUT;
 162                         tv.tv_usec = 0;
 163                         if( setsockopt(client_socket, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)) )
 164                         {
 165                                 perror("setsockopt");
 166                                 return ;
 167                         }
 168                 }
 169
 170                 // Debug: Print the connection string
 171                 if(giDebugLevel >= 2) {
 172                         char    ipstr[INET_ADDRSTRLEN];
 173                         inet_ntop(AF_INET, &client_addr.sin_addr, ipstr, INET_ADDRSTRLEN);
 174                         printf("Client connection from %s:%i\n",
 175                                 ipstr, ntohs(client_addr.sin_port));
 176                 }
 177
 178                 // Doesn't matter what, localhost is trusted
 179                 if( ntohl( client_addr.sin_addr.s_addr ) == 0x7F000001 )
 180                         bTrusted = 1;
 181
 182                 // Trusted Connections
 183                 if( ntohs(client_addr.sin_port) < 1024 )
 184                 {
 185                         // TODO: Make this runtime configurable
 186                         switch( ntohl( client_addr.sin_addr.s_addr ) )
 187                         {
 188                         case 0x7F000001:        // 127.0.0.1    localhost
 189                 //      case 0x825F0D00:        // 130.95.13.0
 190                         case 0x825F0D07:        // 130.95.13.7  motsugo
 191                         case 0x825F0D11:        // 130.95.13.17 mermaid
 192                         case 0x825F0D12:        // 130.95.13.18 mussel
 193                         case 0x825F0D17:        // 130.95.13.23 martello
 194                         case 0x825F0D42:        // 130.95.13.66 heathred
 195                                 bTrusted = 1;
 196                                 break;
 197                         default:
 198                                 break;
 199                         }
 200                 }
 201
 202                 // TODO: Multithread this?
 203                 Server_HandleClient(client_socket, bTrusted);
 204
 205                 close(client_socket);
 206         }
 207 }
 208
 209 void Server_Cleanup(void)
 210 {
 211         printf("Close(%i)\n", giServer_Socket);
 212         close(giServer_Socket);
 213 }
 214
 215 /**
 216  * \brief Reads from a client socket and parses the command strings
 217  * \param Socket        Client socket number/handle
 218  * \param bTrusted      Is the client trusted?
 219  */
 220 void Server_HandleClient(int Socket, int bTrusted)
 221 {
 222         char    inbuf[INPUT_BUFFER_SIZE];
 223         char    *buf = inbuf;
 224          int    remspace = INPUT_BUFFER_SIZE-1;
 225          int    bytes = -1;
 226         tClient clientInfo;
 227
 228         memset(&clientInfo, 0, sizeof(clientInfo));
 229
 230         // Initialise Client info
 231         clientInfo.Socket = Socket;
 232         clientInfo.ID = giServer_NextClientID ++;
 233         clientInfo.bIsTrusted = bTrusted;
 234         clientInfo.EffectiveUID = -1;
 235
 236         // Read from client
 237         /*
 238          * Notes:
 239          * - The `buf` and `remspace` variables allow a line to span several
 240          *   calls to recv(), if a line is not completed in one recv() call
 241          *   it is saved to the beginning of `inbuf` and `buf` is updated to
 242          *   the end of it.
 243          */
 244         // TODO: Use select() instead (to give a timeout)
 245         while( (bytes = recv(Socket, buf, remspace, 0)) > 0 )
 246         {
 247                 char    *eol, *start;
 248                 buf[bytes] = '\0';      // Allow us to use stdlib string functions on it
 249
 250                 // Split by lines
 251                 start = inbuf;
 252                 while( (eol = strchr(start, '\n')) )
 253                 {
 254                         *eol = '\0';
 255
 256                         Server_ParseClientCommand(&clientInfo, start);
 257
 258                         start = eol + 1;
 259                 }
 260
 261                 // Check if there was an incomplete line
 262                 if( *start != '\0' ) {
 263                          int    tailBytes = bytes - (start-buf);
 264                         // Roll back in buffer
 265                         memcpy(inbuf, start, tailBytes);
 266                         remspace -= tailBytes;
 267                         if(remspace == 0) {
 268                                 send(Socket, MSG_STR_TOO_LONG, sizeof(MSG_STR_TOO_LONG), 0);
 269                                 buf = inbuf;
 270                                 remspace = INPUT_BUFFER_SIZE - 1;
 271                         }
 272                 }
 273                 else {
 274                         buf = inbuf;
 275                         remspace = INPUT_BUFFER_SIZE - 1;
 276                 }
 277         }
 278
 279         // Check for errors
 280         if( bytes < 0 ) {
 281                 fprintf(stderr, "ERROR: Unable to recieve from client on socket %i\n", Socket);
 282                 return ;
 283         }
 284
 285         if(giDebugLevel >= 2) {
 286                 printf("Client %i: Disconnected\n", clientInfo.ID);
 287         }
 288 }
 289
 290 /**
 291  * \brief Parses a client command and calls the required helper function
 292  * \param Client        Pointer to client state structure
 293  * \param CommandString Command from client (single line of the command)
 294  * \return Heap String to return to the client
 295  */
 296 void Server_ParseClientCommand(tClient *Client, char *CommandString)
 297 {
 298         char    *command, *args;
 299          int    i;
 300
 301         if( giDebugLevel >= 2 )
 302                 Debug(Client, "Server_ParseClientCommand: (CommandString = '%s')", CommandString);
 303
 304         if( Server_int_ParseArgs(1, CommandString, &command, &args, NULL) )
 305         {
 306 //              printf("command=%s, args=%s\n", command, args);
 307                 // Is this an error? (just ignore for now)
 308                 //args = "";
 309         }
 310
 311
 312         // Find command
 313         for( i = 0; i < NUM_COMMANDS; i++ )
 314         {
 315                 if(strcmp(command, gaServer_Commands[i].Name) == 0) {
 316                         if( giDebugLevel >= 2 )
 317                                 Debug(Client, "CMD %s - \"%s\"", command, args);
 318                         gaServer_Commands[i].Function(Client, args);
 319                         return ;
 320                 }
 321         }
 322
 323         sendf(Client->Socket, "400 Unknown Command\n");
 324 }
 325
 326 // ---
 327 // Commands
 328 // ---
 329 /**
 330  * \brief Set client username
 331  *
 332  * Usage: USER <username>
 333  */
 334 void Server_Cmd_USER(tClient *Client, char *Args)
 335 {
 336         char    *username;
 337
 338         if( Server_int_ParseArgs(0, Args, &username, NULL) )
 339         {
 340                 sendf(Client->Socket, "407 USER takes 1 argument\n");
 341                 return ;
 342         }
 343
 344         // Debug!
 345         if( giDebugLevel )
 346                 Debug(Client, "Authenticating as '%s'", username);
 347
 348         // Save username
 349         if(Client->Username)
 350                 free(Client->Username);
 351         Client->Username = strdup(username);
 352
 353         #if USE_SALT
 354         // Create a salt (that changes if the username is changed)
 355         // Yes, I know, I'm a little paranoid, but who isn't?
 356         Client->Salt[0] = 0x21 + (rand()&0x3F);
 357         Client->Salt[1] = 0x21 + (rand()&0x3F);
 358         Client->Salt[2] = 0x21 + (rand()&0x3F);
 359         Client->Salt[3] = 0x21 + (rand()&0x3F);
 360         Client->Salt[4] = 0x21 + (rand()&0x3F);
 361         Client->Salt[5] = 0x21 + (rand()&0x3F);
 362         Client->Salt[6] = 0x21 + (rand()&0x3F);
 363         Client->Salt[7] = 0x21 + (rand()&0x3F);
 364
 365         // TODO: Also send hash type to use, (SHA1 or crypt according to [DAA])
 366         sendf(Client->Socket, "100 SALT %s\n", Client->Salt);
 367         #else
 368         sendf(Client->Socket, "100 User Set\n");
 369         #endif
 370 }
 371
 372 /**
 373  * \brief Authenticate as a user
 374  *
 375  * Usage: PASS <hash>
 376  */
 377 void Server_Cmd_PASS(tClient *Client, char *Args)
 378 {
 379         char    *passhash;
 380          int    flags;
 381
 382         if( Server_int_ParseArgs(0, Args, &passhash, NULL) )
 383         {
 384                 sendf(Client->Socket, "407 PASS takes 1 argument\n");
 385                 return ;
 386         }
 387
 388         // Pass on to cokebank
 389         Client->UID = Bank_GetUserAuth(Client->Salt, Client->Username, passhash);
 390
 391         if( Client->UID == -1 ) {
 392                 sendf(Client->Socket, "401 Auth Failure\n");
 393                 return ;
 394         }
 395
 396         flags = Bank_GetFlags(Client->UID);
 397         if( flags & USER_FLAG_DISABLED ) {
 398                 Client->UID = -1;
 399                 sendf(Client->Socket, "403 Account Disabled\n");
 400                 return ;
 401         }
 402         if( flags & USER_FLAG_INTERNAL ) {
 403                 Client->UID = -1;
 404                 sendf(Client->Socket, "403 Internal account\n");
 405                 return ;
 406         }
 407
 408         Client->bIsAuthed = 1;
 409         sendf(Client->Socket, "200 Auth OK\n");
 410 }
 411
 412 /**
 413  * \brief Authenticate as a user without a password
 414  *
 415  * Usage: AUTOAUTH <user>
 416  */
 417 void Server_Cmd_AUTOAUTH(tClient *Client, char *Args)
 418 {
 419         char    *username;
 420          int    userflags;
 421
 422         if( Server_int_ParseArgs(0, Args, &username, NULL) )
 423         {
 424                 sendf(Client->Socket, "407 AUTOAUTH takes 1 argument\n");
 425                 return ;
 426         }
 427
 428         // Check if trusted
 429         if( !Client->bIsTrusted ) {
 430                 if(giDebugLevel)
 431                         Debug(Client, "Untrusted client attempting to AUTOAUTH");
 432                 sendf(Client->Socket, "401 Untrusted\n");
 433                 return ;
 434         }
 435
 436         // Get UID
 437         Client->UID = Bank_GetAcctByName( username );
 438         if( Client->UID < 0 ) {
 439                 if(giDebugLevel)
 440                         Debug(Client, "Unknown user '%s'", username);
 441                 sendf(Client->Socket, "401 Auth Failure\n");
 442                 return ;
 443         }
 444
 445         userflags = Bank_GetFlags(Client->UID);
 446         // You can't be an internal account
 447         if( userflags & USER_FLAG_INTERNAL ) {
 448                 if(giDebugLevel)
 449                         Debug(Client, "Autoauth as '%s', not allowed", username);
 450                 Client->UID = -1;
 451                 sendf(Client->Socket, "403 Account is internal\n");
 452                 return ;
 453         }
 454
 455         // Disabled accounts
 456         if( userflags & USER_FLAG_DISABLED ) {
 457                 Client->UID = -1;
 458                 sendf(Client->Socket, "403 Account disabled\n");
 459                 return ;
 460         }
 461
 462         Client->bIsAuthed = 1;
 463
 464         if(giDebugLevel)
 465                 Debug(Client, "Auto authenticated as '%s' (%i)", username, Client->UID);
 466
 467         sendf(Client->Socket, "200 Auth OK\n");
 468 }
 469
 470 /**
 471  * \brief Set effective user
 472  */
 473 void Server_Cmd_SETEUSER(tClient *Client, char *Args)
 474 {
 475         char    *username;
 476          int    eUserFlags, userFlags;
 477
 478         if( Server_int_ParseArgs(0, Args, &username, NULL) )
 479         {
 480                 sendf(Client->Socket, "407 SETEUSER takes 1 argument\n");
 481                 return ;
 482         }
 483
 484         if( !strlen(Args) ) {
 485                 sendf(Client->Socket, "407 SETEUSER expects an argument\n");
 486                 return ;
 487         }
 488
 489         // Check user permissions
 490         userFlags = Bank_GetFlags(Client->UID);
 491         if( !(userFlags & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) {
 492                 sendf(Client->Socket, "403 Not in coke\n");
 493                 return ;
 494         }
 495
 496         // Set id
 497         Client->EffectiveUID = Bank_GetAcctByName(username);
 498         if( Client->EffectiveUID == -1 ) {
 499                 sendf(Client->Socket, "404 User not found\n");
 500                 return ;
 501         }
 502
 503         // You can't be an internal account
 504         eUserFlags = Bank_GetFlags(Client->EffectiveUID);
 505         if( eUserFlags & USER_FLAG_INTERNAL ) {
 506                 Client->EffectiveUID = -1;
 507                 sendf(Client->Socket, "404 User not found\n");
 508                 return ;
 509         }
 510         // Disabled only avaliable to admins
 511         if( (eUserFlags & USER_FLAG_DISABLED) && !(userFlags & USER_FLAG_ADMIN) ) {
 512                 Client->EffectiveUID = -1;
 513                 sendf(Client->Socket, "403 Account disabled\n");
 514                 return ;
 515         }
 516
 517         sendf(Client->Socket, "200 User set\n");
 518 }
 519
 520 /**
 521  * \brief Send an item status to the client
 522  * \param Client        Who to?
 523  * \param Item  Item to send
 524  */
 525 void Server_int_SendItem(tClient *Client, tItem *Item)
 526 {
 527         char    *status = "avail";
 528
 529         if( Item->Handler->CanDispense )
 530         {
 531                 switch(Item->Handler->CanDispense(Client->UID, Item->ID))
 532                 {
 533                 case  0:        status = "avail";       break;
 534                 case  1:        status = "sold";        break;
 535                 default:
 536                 case -1:        status = "error";       break;
 537                 }
 538         }
 539
 540         sendf(Client->Socket,
 541                 "202 Item %s:%i %s %i %s\n",
 542                 Item->Handler->Name, Item->ID, status, Item->Price, Item->Name
 543                 );
 544 }
 545
 546 /**
 547  * \brief Enumerate the items that the server knows about
 548  */
 549 void Server_Cmd_ENUMITEMS(tClient *Client, char *Args)
 550 {
 551          int    i, count;
 552
 553         if( Args != NULL && strlen(Args) ) {
 554                 sendf(Client->Socket, "407 ENUM_ITEMS takes no arguments\n");
 555                 return ;
 556         }
 557
 558         // Count shown items
 559         count = 0;
 560         for( i = 0; i < giNumItems; i ++ ) {
 561                 if( gaItems[i].bHidden )        continue;
 562                 count ++;
 563         }
 564
 565         sendf(Client->Socket, "201 Items %i\n", count);
 566
 567         for( i = 0; i < giNumItems; i ++ ) {
 568                 if( gaItems[i].bHidden )        continue;
 569                 Server_int_SendItem( Client, &gaItems[i] );
 570         }
 571
 572         sendf(Client->Socket, "200 List end\n");
 573 }
 574
 575 tItem *_GetItemFromString(char *String)
 576 {
 577         tHandler        *handler;
 578         char    *type = String;
 579         char    *colon = strchr(String, ':');
 580          int    num, i;
 581
 582         if( !colon ) {
 583                 return NULL;
 584         }
 585
 586         num = atoi(colon+1);
 587         *colon = '\0';
 588
 589         // Find handler
 590         handler = NULL;
 591         for( i = 0; i < giNumHandlers; i ++ )
 592         {
 593                 if( strcmp(gaHandlers[i]->Name, type) == 0) {
 594                         handler = gaHandlers[i];
 595                         break;
 596                 }
 597         }
 598         if( !handler ) {
 599                 return NULL;
 600         }
 601
 602         // Find item
 603         for( i = 0; i < giNumItems; i ++ )
 604         {
 605                 if( gaItems[i].Handler != handler )     continue;
 606                 if( gaItems[i].ID != num )      continue;
 607                 return &gaItems[i];
 608         }
 609         return NULL;
 610 }
 611
 612 /**
 613  * \brief Fetch information on a specific item
 614  */
 615 void Server_Cmd_ITEMINFO(tClient *Client, char *Args)
 616 {
 617         tItem   *item;
 618         char    *itemname;
 619
 620         if( Server_int_ParseArgs(0, Args, &itemname, NULL) ) {
 621                 sendf(Client->Socket, "407 ITEMINFO takes 1 argument\n");
 622                 return ;
 623         }
 624         item = _GetItemFromString(Args);
 625
 626         if( !item ) {
 627                 sendf(Client->Socket, "406 Bad Item ID\n");
 628                 return ;
 629         }
 630
 631         Server_int_SendItem( Client, item );
 632 }
 633
 634 void Server_Cmd_DISPENSE(tClient *Client, char *Args)
 635 {
 636         tItem   *item;
 637          int    ret;
 638          int    uid;
 639         char    *itemname;
 640
 641         if( Server_int_ParseArgs(0, Args, &itemname, NULL) ) {
 642                 sendf(Client->Socket, "407 DISPENSE takes only 1 argument\n");
 643                 return ;
 644         }
 645
 646         if( !Client->bIsAuthed ) {
 647                 sendf(Client->Socket, "401 Not Authenticated\n");
 648                 return ;
 649         }
 650
 651         item = _GetItemFromString(itemname);
 652         if( !item ) {
 653                 sendf(Client->Socket, "406 Bad Item ID\n");
 654                 return ;
 655         }
 656
 657         if( Client->EffectiveUID != -1 ) {
 658                 uid = Client->EffectiveUID;
 659         }
 660         else {
 661                 uid = Client->UID;
 662         }
 663
 664         switch( ret = DispenseItem( Client->UID, uid, item ) )
 665         {
 666         case 0: sendf(Client->Socket, "200 Dispense OK\n");     return ;
 667         case 1: sendf(Client->Socket, "501 Unable to dispense\n");      return ;
 668         case 2: sendf(Client->Socket, "402 Poor You\n");        return ;
 669         default:
 670                 sendf(Client->Socket, "500 Dispense Error\n");
 671                 return ;
 672         }
 673 }
 674
 675 void Server_Cmd_GIVE(tClient *Client, char *Args)
 676 {
 677         char    *recipient, *ammount, *reason;
 678          int    uid, iAmmount;
 679          int    thisUid;
 680
 681         // Parse arguments
 682         if( Server_int_ParseArgs(1, Args, &recipient, &ammount, &reason, NULL) ) {
 683                 sendf(Client->Socket, "407 GIVE takes only 3 arguments\n");
 684                 return ;
 685         }
 686         // Check for authed
 687         if( !Client->bIsAuthed ) {
 688                 sendf(Client->Socket, "401 Not Authenticated\n");
 689                 return ;
 690         }
 691
 692         // Get recipient
 693         uid = Bank_GetAcctByName(recipient);
 694         if( uid == -1 ) {
 695                 sendf(Client->Socket, "404 Invalid target user\n");
 696                 return ;
 697         }
 698
 699         // You can't alter an internal account
 700 //      if( Bank_GetFlags(uid) & USER_FLAG_INTERNAL ) {
 701 //              sendf(Client->Socket, "404 Invalid target user\n");
 702 //              return ;
 703 //      }
 704
 705         // Parse ammount
 706         iAmmount = atoi(ammount);
 707         if( iAmmount <= 0 ) {
 708                 sendf(Client->Socket, "407 Invalid Argument, ammount must be > zero\n");
 709                 return ;
 710         }
 711
 712         if( Client->EffectiveUID != -1 ) {
 713                 thisUid = Client->EffectiveUID;
 714         }
 715         else {
 716                 thisUid = Client->UID;
 717         }
 718
 719         // Do give
 720         switch( DispenseGive(Client->UID, thisUid, uid, iAmmount, reason) )
 721         {
 722         case 0:
 723                 sendf(Client->Socket, "200 Give OK\n");
 724                 return ;
 725         case 2:
 726                 sendf(Client->Socket, "402 Poor You\n");
 727                 return ;
 728         default:
 729                 sendf(Client->Socket, "500 Unknown error\n");
 730                 return ;
 731         }
 732 }
 733
 734 void Server_Cmd_DONATE(tClient *Client, char *Args)
 735 {
 736         char    *ammount, *reason;
 737          int    iAmmount;
 738          int    thisUid;
 739
 740         // Parse arguments
 741         if( Server_int_ParseArgs(1, Args, &ammount, &reason, NULL) ) {
 742                 sendf(Client->Socket, "407 DONATE takes 2 arguments\n");
 743                 return ;
 744         }
 745
 746         if( !Client->bIsAuthed ) {
 747                 sendf(Client->Socket, "401 Not Authenticated\n");
 748                 return ;
 749         }
 750
 751         // Parse ammount
 752         iAmmount = atoi(ammount);
 753         if( iAmmount <= 0 ) {
 754                 sendf(Client->Socket, "407 Invalid Argument, ammount must be > zero\n");
 755                 return ;
 756         }
 757
 758         // Handle effective users
 759         if( Client->EffectiveUID != -1 ) {
 760                 thisUid = Client->EffectiveUID;
 761         }
 762         else {
 763                 thisUid = Client->UID;
 764         }
 765
 766         // Do give
 767         switch( DispenseDonate(Client->UID, thisUid, iAmmount, reason) )
 768         {
 769         case 0:
 770                 sendf(Client->Socket, "200 Give OK\n");
 771                 return ;
 772         case 2:
 773                 sendf(Client->Socket, "402 Poor You\n");
 774                 return ;
 775         default:
 776                 sendf(Client->Socket, "500 Unknown error\n");
 777                 return ;
 778         }
 779 }
 780
 781 void Server_Cmd_ADD(tClient *Client, char *Args)
 782 {
 783         char    *user, *ammount, *reason;
 784          int    uid, iAmmount;
 785
 786         // Parse arguments
 787         if( Server_int_ParseArgs(1, Args, &user, &ammount, &reason, NULL) ) {
 788                 sendf(Client->Socket, "407 ADD takes 3 arguments\n");
 789                 return ;
 790         }
 791
 792         if( !Client->bIsAuthed ) {
 793                 sendf(Client->Socket, "401 Not Authenticated\n");
 794                 return ;
 795         }
 796
 797         // Check user permissions
 798         if( !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN))  ) {
 799                 sendf(Client->Socket, "403 Not in coke\n");
 800                 return ;
 801         }
 802
 803         // Get recipient
 804         uid = Bank_GetAcctByName(user);
 805         if( uid == -1 ) {
 806                 sendf(Client->Socket, "404 Invalid user\n");
 807                 return ;
 808         }
 809
 810         // You can't alter an internal account
 811         if( Bank_GetFlags(uid) & USER_FLAG_INTERNAL ) {
 812                 sendf(Client->Socket, "404 Invalid user\n");
 813                 return ;
 814         }
 815
 816         // Parse ammount
 817         iAmmount = atoi(ammount);
 818         if( iAmmount == 0 && ammount[0] != '0' ) {
 819                 sendf(Client->Socket, "407 Invalid Argument\n");
 820                 return ;
 821         }
 822
 823         // Do give
 824         switch( DispenseAdd(Client->UID, uid, iAmmount, reason) )
 825         {
 826         case 0:
 827                 sendf(Client->Socket, "200 Add OK\n");
 828                 return ;
 829         case 2:
 830                 sendf(Client->Socket, "402 Poor Guy\n");
 831                 return ;
 832         default:
 833                 sendf(Client->Socket, "500 Unknown error\n");
 834                 return ;
 835         }
 836 }
 837
 838 void Server_Cmd_SET(tClient *Client, char *Args)
 839 {
 840         char    *user, *ammount, *reason;
 841          int    uid, iAmmount;
 842
 843         // Parse arguments
 844         if( Server_int_ParseArgs(1, Args, &user, &ammount, &reason, NULL) ) {
 845                 sendf(Client->Socket, "407 SET takes 3 arguments\n");
 846                 return ;
 847         }
 848
 849         if( !Client->bIsAuthed ) {
 850                 sendf(Client->Socket, "401 Not Authenticated\n");
 851                 return ;
 852         }
 853
 854         // Check user permissions
 855         if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN)  ) {
 856                 sendf(Client->Socket, "403 Not an admin\n");
 857                 return ;
 858         }
 859
 860         // Get recipient
 861         uid = Bank_GetAcctByName(user);
 862         if( uid == -1 ) {
 863                 sendf(Client->Socket, "404 Invalid user\n");
 864                 return ;
 865         }
 866
 867         // You can't alter an internal account
 868         if( Bank_GetFlags(uid) & USER_FLAG_INTERNAL ) {
 869                 sendf(Client->Socket, "404 Invalid user\n");
 870                 return ;
 871         }
 872
 873         // Parse ammount
 874         iAmmount = atoi(ammount);
 875         if( iAmmount == 0 && ammount[0] != '0' ) {
 876                 sendf(Client->Socket, "407 Invalid Argument\n");
 877                 return ;
 878         }
 879
 880         // Do give
 881         switch( DispenseSet(Client->UID, uid, iAmmount, reason) )
 882         {
 883         case 0:
 884                 sendf(Client->Socket, "200 Add OK\n");
 885                 return ;
 886         case 2:
 887                 sendf(Client->Socket, "402 Poor Guy\n");
 888                 return ;
 889         default:
 890                 sendf(Client->Socket, "500 Unknown error\n");
 891                 return ;
 892         }
 893 }
 894
 895 void Server_Cmd_ENUMUSERS(tClient *Client, char *Args)
 896 {
 897          int    i, numRet = 0;
 898         tAcctIterator   *it;
 899          int    maxBal = INT_MAX, minBal = INT_MIN;
 900          int    flagMask = 0, flagVal = 0;
 901          int    sort = BANK_ITFLAG_SORT_NAME;
 902         time_t  lastSeenAfter=0, lastSeenBefore=0;
 903
 904          int    flags;  // Iterator flags
 905          int    balValue;       // Balance value for iterator
 906         time_t  timeValue;      // Time value for iterator
 907
 908         // Parse arguments
 909         if( Args && strlen(Args) )
 910         {
 911                 char    *space = Args, *type, *val;
 912                 do
 913                 {
 914                         type = space;
 915                         while(*type == ' ')     type ++;
 916                         // Get next space
 917                         space = strchr(space, ' ');
 918                         if(space)       *space = '\0';
 919
 920                         // Get type
 921                         val = strchr(type, ':');
 922                         if( val ) {
 923                                 *val = '\0';
 924                                 val ++;
 925
 926                                 // Types
 927                                 // - Minium Balance
 928                                 if( strcmp(type, "min_balance") == 0 ) {
 929                                         minBal = atoi(val);
 930                                 }
 931                                 // - Maximum Balance
 932                                 else if( strcmp(type, "max_balance") == 0 ) {
 933                                         maxBal = atoi(val);
 934                                 }
 935                                 // - Flags
 936                                 else if( strcmp(type, "flags") == 0 ) {
 937                                         if( Server_int_ParseFlags(Client, val, &flagMask, &flagVal) )
 938                                                 return ;
 939                                 }
 940                                 // - Last seen before timestamp
 941                                 else if( strcmp(type, "last_seen_before") == 0 ) {
 942                                         lastSeenAfter = atoll(val);
 943                                 }
 944                                 // - Last seen after timestamp
 945                                 else if( strcmp(type, "last_seen_after") == 0 ) {
 946                                         lastSeenAfter = atoll(val);
 947                                 }
 948                                 // - Sorting
 949                                 else if( strcmp(type, "sort") == 0 ) {
 950                                         char    *dash = strchr(val, '-');
 951                                         if( dash ) {
 952                                                 *dash = '\0';
 953                                                 dash ++;
 954                                         }
 955                                         if( strcmp(val, "name") == 0 ) {
 956                                                 sort = BANK_ITFLAG_SORT_NAME;
 957                                         }
 958                                         else if( strcmp(val, "balance") == 0 ) {
 959                                                 sort = BANK_ITFLAG_SORT_BAL;
 960                                         }
 961                                         else if( strcmp(val, "lastseen") == 0 ) {
 962                                                 sort = BANK_ITFLAG_SORT_LASTSEEN;
 963                                         }
 964                                         else {
 965                                                 sendf(Client->Socket, "407 Unknown sort field ('%s')\n", val);
 966                                                 return ;
 967                                         }
 968                                         // Handle sort direction
 969                                         if( dash ) {
 970                                                 if( strcmp(dash, "desc") == 0 ) {
 971                                                         sort |= BANK_ITFLAG_REVSORT;
 972                                                 }
 973                                                 else {
 974                                                         sendf(Client->Socket, "407 Unknown sort direction '%s'\n", dash);
 975                                                         return ;
 976                                                 }
 977                                                 dash[-1] = '-';
 978                                         }
 979                                 }
 980                                 else {
 981                                         sendf(Client->Socket, "407 Unknown argument to ENUM_USERS '%s:%s'\n", type, val);
 982                                         return ;
 983                                 }
 984
 985                                 val[-1] = ':';
 986                         }
 987                         else {
 988                                 sendf(Client->Socket, "407 Unknown argument to ENUM_USERS '%s'\n", type);
 989                                 return ;
 990                         }
 991
 992                         // Eat whitespace
 993                         if( space ) {
 994                                 *space = ' ';   // Repair (to be nice)
 995                                 space ++;
 996                                 while(*space == ' ')    space ++;
 997                         }
 998                 }       while(space);
 999         }
1000
1001         // Create iterator
1002         if( maxBal != INT_MAX ) {
1003                 flags = sort|BANK_ITFLAG_MAXBALANCE;
1004                 balValue = maxBal;
1005         }
1006         else if( minBal != INT_MIN ) {
1007                 flags = sort|BANK_ITFLAG_MINBALANCE;
1008                 balValue = minBal;
1009         }
1010         else {
1011                 flags = sort;
1012                 balValue = 0;
1013         }
1014         if( lastSeenBefore ) {
1015                 timeValue = lastSeenBefore;
1016                 flags |= BANK_ITFLAG_SEENBEFORE;
1017         }
1018         else if( lastSeenAfter ) {
1019                 timeValue = lastSeenAfter;
1020                 flags |= BANK_ITFLAG_SEENAFTER;
1021         }
1022         else {
1023                 timeValue = 0;
1024         }
1025         it = Bank_Iterator(flagMask, flagVal, flags, balValue, timeValue);
1026
1027         // Get return number
1028         while( (i = Bank_IteratorNext(it)) != -1 )
1029         {
1030                 int bal = Bank_GetBalance(i);
1031
1032                 if( bal == INT_MIN )    continue;
1033
1034                 if( bal < minBal )      continue;
1035                 if( bal > maxBal )      continue;
1036
1037                 numRet ++;
1038         }
1039
1040         Bank_DelIterator(it);
1041
1042         // Send count
1043         sendf(Client->Socket, "201 Users %i\n", numRet);
1044
1045
1046         // Create iterator
1047         it = Bank_Iterator(flagMask, flagVal, flags, balValue, timeValue);
1048
1049         while( (i = Bank_IteratorNext(it)) != -1 )
1050         {
1051                 int bal = Bank_GetBalance(i);
1052
1053                 if( bal == INT_MIN )    continue;
1054
1055                 if( bal < minBal )      continue;
1056                 if( bal > maxBal )      continue;
1057
1058                 _SendUserInfo(Client, i);
1059         }
1060
1061         Bank_DelIterator(it);
1062
1063         sendf(Client->Socket, "200 List End\n");
1064 }
1065
1066 void Server_Cmd_USERINFO(tClient *Client, char *Args)
1067 {
1068          int    uid;
1069         char    *user;
1070
1071         // Parse arguments
1072         if( Server_int_ParseArgs(0, Args, &user, NULL) ) {
1073                 sendf(Client->Socket, "407 USER_INFO takes 1 argument\n");
1074                 return ;
1075         }
1076
1077         if( giDebugLevel )      Debug(Client, "User Info '%s'", user);
1078
1079         // Get recipient
1080         uid = Bank_GetAcctByName(user);
1081
1082         if( giDebugLevel >= 2 ) Debug(Client, "uid = %i", uid);
1083         if( uid == -1 ) {
1084                 sendf(Client->Socket, "404 Invalid user\n");
1085                 return ;
1086         }
1087
1088         _SendUserInfo(Client, uid);
1089 }
1090
1091 void _SendUserInfo(tClient *Client, int UserID)
1092 {
1093         char    *type, *disabled="", *door="";
1094          int    flags = Bank_GetFlags(UserID);
1095
1096         if( flags & USER_FLAG_INTERNAL ) {
1097                 type = "internal";
1098         }
1099         else if( flags & USER_FLAG_COKE ) {
1100                 if( flags & USER_FLAG_ADMIN )
1101                         type = "coke,admin";
1102                 else
1103                         type = "coke";
1104         }
1105         else if( flags & USER_FLAG_ADMIN ) {
1106                 type = "admin";
1107         }
1108         else {
1109                 type = "user";
1110         }
1111
1112         if( flags & USER_FLAG_DISABLED )
1113                 disabled = ",disabled";
1114         if( flags & USER_FLAG_DOORGROUP )
1115                 door = ",door";
1116
1117         // TODO: User flags/type
1118         sendf(
1119                 Client->Socket, "202 User %s %i %s%s%s\n",
1120                 Bank_GetAcctName(UserID), Bank_GetBalance(UserID),
1121                 type, disabled, door
1122                 );
1123 }
1124
1125 void Server_Cmd_USERADD(tClient *Client, char *Args)
1126 {
1127         char    *username;
1128
1129         // Parse arguments
1130         if( Server_int_ParseArgs(0, Args, &username, NULL) ) {
1131                 sendf(Client->Socket, "407 USER_ADD takes 1 argument\n");
1132                 return ;
1133         }
1134
1135         // Check permissions
1136         if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) ) {
1137                 sendf(Client->Socket, "403 Not a coke admin\n");
1138                 return ;
1139         }
1140
1141         // Try to create user
1142         if( Bank_CreateAcct(username) == -1 ) {
1143                 sendf(Client->Socket, "404 User exists\n");
1144                 return ;
1145         }
1146
1147         {
1148                 char    *thisName = Bank_GetAcctName(Client->UID);
1149                 Log_Info("Account '%s' created by '%s'", username, thisName);
1150                 free(thisName);
1151         }
1152
1153         sendf(Client->Socket, "200 User Added\n");
1154 }
1155
1156 void Server_Cmd_USERFLAGS(tClient *Client, char *Args)
1157 {
1158         char    *username, *flags;
1159          int    mask=0, value=0;
1160          int    uid;
1161
1162         // Parse arguments
1163         if( Server_int_ParseArgs(0, Args, &username, &flags, NULL) ) {
1164                 sendf(Client->Socket, "407 USER_FLAGS takes 2 arguments\n");
1165                 return ;
1166         }
1167
1168         // Check permissions
1169         if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) ) {
1170                 sendf(Client->Socket, "403 Not a coke admin\n");
1171                 return ;
1172         }
1173
1174         // Get UID
1175         uid = Bank_GetAcctByName(username);
1176         if( uid == -1 ) {
1177                 sendf(Client->Socket, "404 User '%s' not found\n", username);
1178                 return ;
1179         }
1180
1181         // Parse flags
1182         if( Server_int_ParseFlags(Client, flags, &mask, &value) )
1183                 return ;
1184
1185         if( giDebugLevel )
1186                 Debug(Client, "Set %i(%s) flags to %x (masked %x)\n",
1187                         uid, username, mask, value);
1188
1189         // Apply flags
1190         Bank_SetFlags(uid, mask, value);
1191
1192         // Return OK
1193         sendf(Client->Socket, "200 User Updated\n");
1194 }
1195
1196 // --- INTERNAL HELPERS ---
1197 void Debug(tClient *Client, const char *Format, ...)
1198 {
1199         va_list args;
1200         //printf("%010i [%i] ", (int)time(NULL), Client->ID);
1201         printf("[%i] ", Client->ID);
1202         va_start(args, Format);
1203         vprintf(Format, args);
1204         va_end(args);
1205         printf("\n");
1206 }
1207
1208 int sendf(int Socket, const char *Format, ...)
1209 {
1210         va_list args;
1211          int    len;
1212
1213         va_start(args, Format);
1214         len = vsnprintf(NULL, 0, Format, args);
1215         va_end(args);
1216
1217         {
1218                 char    buf[len+1];
1219                 va_start(args, Format);
1220                 vsnprintf(buf, len+1, Format, args);
1221                 va_end(args);
1222
1223                 #if DEBUG_TRACE_CLIENT
1224                 printf("sendf: %s", buf);
1225                 #endif
1226
1227                 return send(Socket, buf, len, 0);
1228         }
1229 }
1230
1231 // Takes a series of char *'s in
1232 /**
1233  * \brief Parse space-separated entries into
1234  */
1235 int Server_int_ParseArgs(int bUseLongLast, char *ArgStr, ...)
1236 {
1237         va_list args;
1238         char    savedChar;
1239         char    **dest;
1240         va_start(args, ArgStr);
1241
1242         // Check for null
1243         if( !ArgStr )
1244         {
1245                 while( (dest = va_arg(args, char **)) )
1246                         *dest = NULL;
1247                 va_end(args);
1248                 return 1;
1249         }
1250
1251         savedChar = *ArgStr;
1252
1253         while( (dest = va_arg(args, char **)) )
1254         {
1255                 // Trim leading spaces
1256                 while( *ArgStr == ' ' || *ArgStr == '\t' )
1257                         ArgStr ++;
1258
1259                 // ... oops, not enough arguments
1260                 if( *ArgStr == '\0' )
1261                 {
1262                         // NULL unset arguments
1263                         do {
1264                                 *dest = NULL;
1265                         }       while( (dest = va_arg(args, char **)) );
1266                 va_end(args);
1267                         return -1;
1268                 }
1269
1270                 if( *ArgStr == '"' )
1271                 {
1272                         ArgStr ++;
1273                         *dest = ArgStr;
1274                         // Read until quote
1275                         while( *ArgStr && *ArgStr != '"' )
1276                                 ArgStr ++;
1277                 }
1278                 else
1279                 {
1280                         // Set destination
1281                         *dest = ArgStr;
1282                         // Read until a space
1283                         while( *ArgStr && *ArgStr != ' ' && *ArgStr != '\t' )
1284                                 ArgStr ++;
1285                 }
1286                 savedChar = *ArgStr;    // savedChar is used to un-mangle the last string
1287                 *ArgStr = '\0';
1288                 ArgStr ++;
1289         }
1290         va_end(args);
1291
1292         // Oops, extra arguments, and greedy not set
1293         if( (savedChar == ' ' || savedChar == '\t') && !bUseLongLast ) {
1294                 return -1;
1295         }
1296
1297         // Un-mangle last
1298         if(bUseLongLast) {
1299                 ArgStr --;
1300                 *ArgStr = savedChar;
1301         }
1302
1303         return 0;       // Success!
1304 }
1305
1306 int Server_int_ParseFlags(tClient *Client, const char *Str, int *Mask, int *Value)
1307 {
1308         struct {
1309                 const char      *Name;
1310                  int    Mask;
1311                  int    Value;
1312         }       cFLAGS[] = {
1313                  {"disabled", USER_FLAG_DISABLED, USER_FLAG_DISABLED}
1314                 ,{"door", USER_FLAG_DOORGROUP, USER_FLAG_DOORGROUP}
1315                 ,{"coke", USER_FLAG_COKE, USER_FLAG_COKE}
1316                 ,{"admin", USER_FLAG_ADMIN, USER_FLAG_ADMIN}
1317                 ,{"internal", USER_FLAG_INTERNAL, USER_FLAG_INTERNAL}
1318         };
1319         const int       ciNumFlags = sizeof(cFLAGS)/sizeof(cFLAGS[0]);
1320
1321         char    *space;
1322
1323         *Mask = 0;
1324         *Value = 0;
1325
1326         do {
1327                  int    bRemove = 0;
1328                  int    i;
1329                  int    len;
1330
1331                 while( *Str == ' ' )    Str ++; // Eat whitespace
1332                 space = strchr(Str, ',');       // Find the end of the flag
1333                 if(space)
1334                         len = space - Str;
1335                 else
1336                         len = strlen(Str);
1337
1338                 // Check for inversion/removal
1339                 if( *Str == '!' || *Str == '-' ) {
1340                         bRemove = 1;
1341                         Str ++;
1342                 }
1343                 else if( *Str == '+' ) {
1344                         Str ++;
1345                 }
1346
1347                 // Check flag values
1348                 for( i = 0; i < ciNumFlags; i ++ )
1349                 {
1350                         if( strncmp(Str, cFLAGS[i].Name, len) == 0 ) {
1351                                 *Mask |= cFLAGS[i].Mask;
1352                                 *Value &= ~cFLAGS[i].Mask;
1353                                 if( !bRemove )
1354                                         *Value |= cFLAGS[i].Value;
1355                                 break;
1356                         }
1357                 }
1358
1359                 // Error check
1360                 if( i == ciNumFlags ) {
1361                         char    val[len+1];
1362                         strncpy(val, Str, len+1);
1363                         sendf(Client->Socket, "407 Unknown flag value '%s'\n", val);
1364                         return -1;
1365                 }
1366
1367                 Str = space + 1;
1368         } while(space);
1369
1370         return 0;
1371 }