src/server/server.c

   1 /*
   2  * OpenDispense 2
   3  * UCC (University [of WA] Computer Club) Electronic Accounting System
   4  *
   5  * server.c - Client Server Code
   6  *
   7  * This file is licenced under the 3-clause BSD Licence. See the file
   8  * COPYING for full details.
   9  */
  10 #include <stdio.h>
  11 #include <stdlib.h>
  12 #include "common.h"
  13 #include <sys/socket.h>
  14 #include <netinet/in.h>
  15 #include <arpa/inet.h>
  16 #include <unistd.h>
  17 #include <string.h>
  18 #include <limits.h>
  19 #include <stdarg.h>
  20
  21 #define DEBUG_TRACE_CLIENT      0
  22
  23 // Statistics
  24 #define MAX_CONNECTION_QUEUE    5
  25 #define INPUT_BUFFER_SIZE       256
  26 #define CLIENT_TIMEOUT  10      // Seconds
  27
  28 #define HASH_TYPE       SHA1
  29 #define HASH_LENGTH     20
  30
  31 #define MSG_STR_TOO_LONG        "499 Command too long (limit "EXPSTR(INPUT_BUFFER_SIZE)")\n"
  32
  33 // === TYPES ===
  34 typedef struct sClient
  35 {
  36          int    Socket; // Client socket ID
  37          int    ID;     // Client ID
  38
  39          int    bIsTrusted;     // Is the connection from a trusted host/port
  40
  41         char    *Username;
  42         char    Salt[9];
  43
  44          int    UID;
  45          int    EffectiveUID;
  46          int    bIsAuthed;
  47 }       tClient;
  48
  49 // === PROTOTYPES ===
  50 void    Server_Start(void);
  51 void    Server_Cleanup(void);
  52 void    Server_HandleClient(int Socket, int bTrusted);
  53 void    Server_ParseClientCommand(tClient *Client, char *CommandString);
  54 // --- Commands ---
  55 void    Server_Cmd_USER(tClient *Client, char *Args);
  56 void    Server_Cmd_PASS(tClient *Client, char *Args);
  57 void    Server_Cmd_AUTOAUTH(tClient *Client, char *Args);
  58 void    Server_Cmd_SETEUSER(tClient *Client, char *Args);
  59 void    Server_Cmd_ENUMITEMS(tClient *Client, char *Args);
  60 void    Server_Cmd_ITEMINFO(tClient *Client, char *Args);
  61 void    Server_Cmd_DISPENSE(tClient *Client, char *Args);
  62 void    Server_Cmd_GIVE(tClient *Client, char *Args);
  63 void    Server_Cmd_DONATE(tClient *Client, char *Args);
  64 void    Server_Cmd_ADD(tClient *Client, char *Args);
  65 void    Server_Cmd_SET(tClient *Client, char *Args);
  66 void    Server_Cmd_ENUMUSERS(tClient *Client, char *Args);
  67 void    Server_Cmd_USERINFO(tClient *Client, char *Args);
  68 void    _SendUserInfo(tClient *Client, int UserID);
  69 void    Server_Cmd_USERADD(tClient *Client, char *Args);
  70 void    Server_Cmd_USERFLAGS(tClient *Client, char *Args);
  71 // --- Helpers ---
  72 void    Debug(tClient *Client, const char *Format, ...);
  73  int    sendf(int Socket, const char *Format, ...);
  74  int    Server_int_ParseArgs(int bUseLongArg, char *ArgStr, ...);
  75  int    Server_int_ParseFlags(tClient *Client, const char *Str, int *Mask, int *Value);
  76
  77 // === CONSTANTS ===
  78 // - Commands
  79 const struct sClientCommand {
  80         const char      *Name;
  81         void    (*Function)(tClient *Client, char *Arguments);
  82 }       gaServer_Commands[] = {
  83         {"USER", Server_Cmd_USER},
  84         {"PASS", Server_Cmd_PASS},
  85         {"AUTOAUTH", Server_Cmd_AUTOAUTH},
  86         {"SETEUSER", Server_Cmd_SETEUSER},
  87         {"ENUM_ITEMS", Server_Cmd_ENUMITEMS},
  88         {"ITEM_INFO", Server_Cmd_ITEMINFO},
  89         {"DISPENSE", Server_Cmd_DISPENSE},
  90         {"GIVE", Server_Cmd_GIVE},
  91         {"DONATE", Server_Cmd_DONATE},
  92         {"ADD", Server_Cmd_ADD},
  93         {"SET", Server_Cmd_SET},
  94         {"ENUM_USERS", Server_Cmd_ENUMUSERS},
  95         {"USER_INFO", Server_Cmd_USERINFO},
  96         {"USER_ADD", Server_Cmd_USERADD},
  97         {"USER_FLAGS", Server_Cmd_USERFLAGS}
  98 };
  99 #define NUM_COMMANDS    ((int)(sizeof(gaServer_Commands)/sizeof(gaServer_Commands[0])))
 100
 101 // === GLOBALS ===
 102  int    giServer_Port = 11020;
 103  int    giServer_NextClientID = 1;
 104  int    giServer_Socket;
 105
 106 // === CODE ===
 107 /**
 108  * \brief Open listenting socket and serve connections
 109  */
 110 void Server_Start(void)
 111 {
 112          int    client_socket;
 113         struct sockaddr_in      server_addr, client_addr;
 114
 115         atexit(Server_Cleanup);
 116
 117         // Create Server
 118         giServer_Socket = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
 119         if( giServer_Socket < 0 ) {
 120                 fprintf(stderr, "ERROR: Unable to create server socket\n");
 121                 return ;
 122         }
 123
 124         // Make listen address
 125         memset(&server_addr, 0, sizeof(server_addr));
 126         server_addr.sin_family = AF_INET;       // Internet Socket
 127         server_addr.sin_addr.s_addr = htonl(INADDR_ANY);        // Listen on all interfaces
 128         server_addr.sin_port = htons(giServer_Port);    // Port
 129
 130         // Bind
 131         if( bind(giServer_Socket, (struct sockaddr *) &server_addr, sizeof(server_addr)) < 0 ) {
 132                 fprintf(stderr, "ERROR: Unable to bind to 0.0.0.0:%i\n", giServer_Port);
 133                 perror("Binding");
 134                 return ;
 135         }
 136
 137         // Listen
 138         if( listen(giServer_Socket, MAX_CONNECTION_QUEUE) < 0 ) {
 139                 fprintf(stderr, "ERROR: Unable to listen to socket\n");
 140                 perror("Listen");
 141                 return ;
 142         }
 143
 144         printf("Listening on 0.0.0.0:%i\n", giServer_Port);
 145
 146         // write pidfile
 147         {
 148                 FILE *fp = fopen("/var/run/dispsrv.pid", "w");
 149                 fprintf(fp, "%i", getpid());
 150                 fclose(fp);
 151         }
 152
 153         for(;;)
 154         {
 155                 uint    len = sizeof(client_addr);
 156                  int    bTrusted = 0;
 157
 158                 // Accept a connection
 159                 client_socket = accept(giServer_Socket, (struct sockaddr *) &client_addr, &len);
 160                 if(client_socket < 0) {
 161                         fprintf(stderr, "ERROR: Unable to accept client connection\n");
 162                         return ;
 163                 }
 164
 165                 // Set a timeout on the user conneciton
 166                 {
 167                         struct timeval tv;
 168                         tv.tv_sec = CLIENT_TIMEOUT;
 169                         tv.tv_usec = 0;
 170                         if( setsockopt(client_socket, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)) )
 171                         {
 172                                 perror("setsockopt");
 173                                 return ;
 174                         }
 175                 }
 176
 177                 // Debug: Print the connection string
 178                 if(giDebugLevel >= 2) {
 179                         char    ipstr[INET_ADDRSTRLEN];
 180                         inet_ntop(AF_INET, &client_addr.sin_addr, ipstr, INET_ADDRSTRLEN);
 181                         printf("Client connection from %s:%i\n",
 182                                 ipstr, ntohs(client_addr.sin_port));
 183                 }
 184
 185                 // Doesn't matter what, localhost is trusted
 186                 if( ntohl( client_addr.sin_addr.s_addr ) == 0x7F000001 )
 187                         bTrusted = 1;
 188
 189                 // Trusted Connections
 190                 if( ntohs(client_addr.sin_port) < 1024 )
 191                 {
 192                         // TODO: Make this runtime configurable
 193                         switch( ntohl( client_addr.sin_addr.s_addr ) )
 194                         {
 195                         case 0x7F000001:        // 127.0.0.1    localhost
 196                 //      case 0x825F0D00:        // 130.95.13.0
 197                         case 0x825F0D07:        // 130.95.13.7  motsugo
 198                         case 0x825F0D11:        // 130.95.13.17 mermaid
 199                         case 0x825F0D12:        // 130.95.13.18 mussel
 200                         case 0x825F0D17:        // 130.95.13.23 martello
 201                         case 0x825F0D42:        // 130.95.13.66 heathred
 202                                 bTrusted = 1;
 203                                 break;
 204                         default:
 205                                 break;
 206                         }
 207                 }
 208
 209                 // TODO: Multithread this?
 210                 Server_HandleClient(client_socket, bTrusted);
 211
 212                 close(client_socket);
 213         }
 214 }
 215
 216 void Server_Cleanup(void)
 217 {
 218         printf("\nClose(%i)\n", giServer_Socket);
 219         close(giServer_Socket);
 220         unlink("/var/run/dispsrv");
 221 }
 222
 223 /**
 224  * \brief Reads from a client socket and parses the command strings
 225  * \param Socket        Client socket number/handle
 226  * \param bTrusted      Is the client trusted?
 227  */
 228 void Server_HandleClient(int Socket, int bTrusted)
 229 {
 230         char    inbuf[INPUT_BUFFER_SIZE];
 231         char    *buf = inbuf;
 232          int    remspace = INPUT_BUFFER_SIZE-1;
 233          int    bytes = -1;
 234         tClient clientInfo;
 235
 236         memset(&clientInfo, 0, sizeof(clientInfo));
 237
 238         // Initialise Client info
 239         clientInfo.Socket = Socket;
 240         clientInfo.ID = giServer_NextClientID ++;
 241         clientInfo.bIsTrusted = bTrusted;
 242         clientInfo.EffectiveUID = -1;
 243
 244         // Read from client
 245         /*
 246          * Notes:
 247          * - The `buf` and `remspace` variables allow a line to span several
 248          *   calls to recv(), if a line is not completed in one recv() call
 249          *   it is saved to the beginning of `inbuf` and `buf` is updated to
 250          *   the end of it.
 251          */
 252         // TODO: Use select() instead (to give a timeout)
 253         while( (bytes = recv(Socket, buf, remspace, 0)) > 0 )
 254         {
 255                 char    *eol, *start;
 256                 buf[bytes] = '\0';      // Allow us to use stdlib string functions on it
 257
 258                 // Split by lines
 259                 start = inbuf;
 260                 while( (eol = strchr(start, '\n')) )
 261                 {
 262                         *eol = '\0';
 263
 264                         Server_ParseClientCommand(&clientInfo, start);
 265
 266                         start = eol + 1;
 267                 }
 268
 269                 // Check if there was an incomplete line
 270                 if( *start != '\0' ) {
 271                          int    tailBytes = bytes - (start-buf);
 272                         // Roll back in buffer
 273                         memcpy(inbuf, start, tailBytes);
 274                         remspace -= tailBytes;
 275                         if(remspace == 0) {
 276                                 send(Socket, MSG_STR_TOO_LONG, sizeof(MSG_STR_TOO_LONG), 0);
 277                                 buf = inbuf;
 278                                 remspace = INPUT_BUFFER_SIZE - 1;
 279                         }
 280                 }
 281                 else {
 282                         buf = inbuf;
 283                         remspace = INPUT_BUFFER_SIZE - 1;
 284                 }
 285         }
 286
 287         // Check for errors
 288         if( bytes < 0 ) {
 289                 fprintf(stderr, "ERROR: Unable to recieve from client on socket %i\n", Socket);
 290                 return ;
 291         }
 292
 293         if(giDebugLevel >= 2) {
 294                 printf("Client %i: Disconnected\n", clientInfo.ID);
 295         }
 296 }
 297
 298 /**
 299  * \brief Parses a client command and calls the required helper function
 300  * \param Client        Pointer to client state structure
 301  * \param CommandString Command from client (single line of the command)
 302  * \return Heap String to return to the client
 303  */
 304 void Server_ParseClientCommand(tClient *Client, char *CommandString)
 305 {
 306         char    *command, *args;
 307          int    i;
 308
 309         if( giDebugLevel >= 2 )
 310                 Debug(Client, "Server_ParseClientCommand: (CommandString = '%s')", CommandString);
 311
 312         if( Server_int_ParseArgs(1, CommandString, &command, &args, NULL) )
 313         {
 314                 if( command == NULL )   return ;
 315 //              printf("command=%s, args=%s\n", command, args);
 316                 // Is this an error? (just ignore for now)
 317                 //args = "";
 318         }
 319
 320
 321         // Find command
 322         for( i = 0; i < NUM_COMMANDS; i++ )
 323         {
 324                 if(strcmp(command, gaServer_Commands[i].Name) == 0) {
 325                         if( giDebugLevel >= 2 )
 326                                 Debug(Client, "CMD %s - \"%s\"", command, args);
 327                         gaServer_Commands[i].Function(Client, args);
 328                         return ;
 329                 }
 330         }
 331
 332         sendf(Client->Socket, "400 Unknown Command\n");
 333 }
 334
 335 // ---
 336 // Commands
 337 // ---
 338 /**
 339  * \brief Set client username
 340  *
 341  * Usage: USER <username>
 342  */
 343 void Server_Cmd_USER(tClient *Client, char *Args)
 344 {
 345         char    *username;
 346
 347         if( Server_int_ParseArgs(0, Args, &username, NULL) )
 348         {
 349                 sendf(Client->Socket, "407 USER takes 1 argument\n");
 350                 return ;
 351         }
 352
 353         // Debug!
 354         if( giDebugLevel )
 355                 Debug(Client, "Authenticating as '%s'", username);
 356
 357         // Save username
 358         if(Client->Username)
 359                 free(Client->Username);
 360         Client->Username = strdup(username);
 361
 362         #if USE_SALT
 363         // Create a salt (that changes if the username is changed)
 364         // Yes, I know, I'm a little paranoid, but who isn't?
 365         Client->Salt[0] = 0x21 + (rand()&0x3F);
 366         Client->Salt[1] = 0x21 + (rand()&0x3F);
 367         Client->Salt[2] = 0x21 + (rand()&0x3F);
 368         Client->Salt[3] = 0x21 + (rand()&0x3F);
 369         Client->Salt[4] = 0x21 + (rand()&0x3F);
 370         Client->Salt[5] = 0x21 + (rand()&0x3F);
 371         Client->Salt[6] = 0x21 + (rand()&0x3F);
 372         Client->Salt[7] = 0x21 + (rand()&0x3F);
 373
 374         // TODO: Also send hash type to use, (SHA1 or crypt according to [DAA])
 375         sendf(Client->Socket, "100 SALT %s\n", Client->Salt);
 376         #else
 377         sendf(Client->Socket, "100 User Set\n");
 378         #endif
 379 }
 380
 381 /**
 382  * \brief Authenticate as a user
 383  *
 384  * Usage: PASS <hash>
 385  */
 386 void Server_Cmd_PASS(tClient *Client, char *Args)
 387 {
 388         char    *passhash;
 389          int    flags;
 390
 391         if( Server_int_ParseArgs(0, Args, &passhash, NULL) )
 392         {
 393                 sendf(Client->Socket, "407 PASS takes 1 argument\n");
 394                 return ;
 395         }
 396
 397         // Pass on to cokebank
 398         Client->UID = Bank_GetUserAuth(Client->Salt, Client->Username, passhash);
 399
 400         if( Client->UID == -1 ) {
 401                 sendf(Client->Socket, "401 Auth Failure\n");
 402                 return ;
 403         }
 404
 405         flags = Bank_GetFlags(Client->UID);
 406         if( flags & USER_FLAG_DISABLED ) {
 407                 Client->UID = -1;
 408                 sendf(Client->Socket, "403 Account Disabled\n");
 409                 return ;
 410         }
 411         if( flags & USER_FLAG_INTERNAL ) {
 412                 Client->UID = -1;
 413                 sendf(Client->Socket, "403 Internal account\n");
 414                 return ;
 415         }
 416
 417         Client->bIsAuthed = 1;
 418         sendf(Client->Socket, "200 Auth OK\n");
 419 }
 420
 421 /**
 422  * \brief Authenticate as a user without a password
 423  *
 424  * Usage: AUTOAUTH <user>
 425  */
 426 void Server_Cmd_AUTOAUTH(tClient *Client, char *Args)
 427 {
 428         char    *username;
 429          int    userflags;
 430
 431         if( Server_int_ParseArgs(0, Args, &username, NULL) )
 432         {
 433                 sendf(Client->Socket, "407 AUTOAUTH takes 1 argument\n");
 434                 return ;
 435         }
 436
 437         // Check if trusted
 438         if( !Client->bIsTrusted ) {
 439                 if(giDebugLevel)
 440                         Debug(Client, "Untrusted client attempting to AUTOAUTH");
 441                 sendf(Client->Socket, "401 Untrusted\n");
 442                 return ;
 443         }
 444
 445         // Get UID
 446         Client->UID = Bank_GetAcctByName( username );
 447         if( Client->UID < 0 ) {
 448                 if(giDebugLevel)
 449                         Debug(Client, "Unknown user '%s'", username);
 450                 sendf(Client->Socket, "403 Auth Failure\n");
 451                 return ;
 452         }
 453
 454         userflags = Bank_GetFlags(Client->UID);
 455         // You can't be an internal account
 456         if( userflags & USER_FLAG_INTERNAL ) {
 457                 if(giDebugLevel)
 458                         Debug(Client, "Autoauth as '%s', not allowed", username);
 459                 Client->UID = -1;
 460                 sendf(Client->Socket, "403 Account is internal\n");
 461                 return ;
 462         }
 463
 464         // Disabled accounts
 465         if( userflags & USER_FLAG_DISABLED ) {
 466                 Client->UID = -1;
 467                 sendf(Client->Socket, "403 Account disabled\n");
 468                 return ;
 469         }
 470
 471         Client->bIsAuthed = 1;
 472
 473         if(giDebugLevel)
 474                 Debug(Client, "Auto authenticated as '%s' (%i)", username, Client->UID);
 475
 476         sendf(Client->Socket, "200 Auth OK\n");
 477 }
 478
 479 /**
 480  * \brief Set effective user
 481  */
 482 void Server_Cmd_SETEUSER(tClient *Client, char *Args)
 483 {
 484         char    *username;
 485          int    eUserFlags, userFlags;
 486
 487         if( Server_int_ParseArgs(0, Args, &username, NULL) )
 488         {
 489                 sendf(Client->Socket, "407 SETEUSER takes 1 argument\n");
 490                 return ;
 491         }
 492
 493         if( !strlen(Args) ) {
 494                 sendf(Client->Socket, "407 SETEUSER expects an argument\n");
 495                 return ;
 496         }
 497
 498         // Check user permissions
 499         userFlags = Bank_GetFlags(Client->UID);
 500         if( !(userFlags & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) {
 501                 sendf(Client->Socket, "403 Not in coke\n");
 502                 return ;
 503         }
 504
 505         // Set id
 506         Client->EffectiveUID = Bank_GetAcctByName(username);
 507         if( Client->EffectiveUID == -1 ) {
 508                 sendf(Client->Socket, "404 User not found\n");
 509                 return ;
 510         }
 511
 512         // You can't be an internal account
 513         if( !(userFlags & USER_FLAG_ADMIN) )
 514         {
 515                 eUserFlags = Bank_GetFlags(Client->EffectiveUID);
 516                 if( eUserFlags & USER_FLAG_INTERNAL ) {
 517                         Client->EffectiveUID = -1;
 518                         sendf(Client->Socket, "404 User not found\n");
 519                         return ;
 520                 }
 521                 // Disabled only avaliable to admins
 522                 if( eUserFlags & USER_FLAG_DISABLED ) {
 523                         Client->EffectiveUID = -1;
 524                         sendf(Client->Socket, "403 Account disabled\n");
 525                         return ;
 526                 }
 527         }
 528
 529         sendf(Client->Socket, "200 User set\n");
 530 }
 531
 532 /**
 533  * \brief Send an item status to the client
 534  * \param Client        Who to?
 535  * \param Item  Item to send
 536  */
 537 void Server_int_SendItem(tClient *Client, tItem *Item)
 538 {
 539         char    *status = "avail";
 540
 541         if( Item->Handler->CanDispense )
 542         {
 543                 switch(Item->Handler->CanDispense(Client->UID, Item->ID))
 544                 {
 545                 case  0:        status = "avail";       break;
 546                 case  1:        status = "sold";        break;
 547                 default:
 548                 case -1:        status = "error";       break;
 549                 }
 550         }
 551
 552         sendf(Client->Socket,
 553                 "202 Item %s:%i %s %i %s\n",
 554                 Item->Handler->Name, Item->ID, status, Item->Price, Item->Name
 555                 );
 556 }
 557
 558 /**
 559  * \brief Enumerate the items that the server knows about
 560  */
 561 void Server_Cmd_ENUMITEMS(tClient *Client, char *Args)
 562 {
 563          int    i, count;
 564
 565         if( Args != NULL && strlen(Args) ) {
 566                 sendf(Client->Socket, "407 ENUM_ITEMS takes no arguments\n");
 567                 return ;
 568         }
 569
 570         // Count shown items
 571         count = 0;
 572         for( i = 0; i < giNumItems; i ++ ) {
 573                 if( gaItems[i].bHidden )        continue;
 574                 count ++;
 575         }
 576
 577         sendf(Client->Socket, "201 Items %i\n", count);
 578
 579         for( i = 0; i < giNumItems; i ++ ) {
 580                 if( gaItems[i].bHidden )        continue;
 581                 Server_int_SendItem( Client, &gaItems[i] );
 582         }
 583
 584         sendf(Client->Socket, "200 List end\n");
 585 }
 586
 587 tItem *_GetItemFromString(char *String)
 588 {
 589         tHandler        *handler;
 590         char    *type = String;
 591         char    *colon = strchr(String, ':');
 592          int    num, i;
 593
 594         if( !colon ) {
 595                 return NULL;
 596         }
 597
 598         num = atoi(colon+1);
 599         *colon = '\0';
 600
 601         // Find handler
 602         handler = NULL;
 603         for( i = 0; i < giNumHandlers; i ++ )
 604         {
 605                 if( strcmp(gaHandlers[i]->Name, type) == 0) {
 606                         handler = gaHandlers[i];
 607                         break;
 608                 }
 609         }
 610         if( !handler ) {
 611                 return NULL;
 612         }
 613
 614         // Find item
 615         for( i = 0; i < giNumItems; i ++ )
 616         {
 617                 if( gaItems[i].Handler != handler )     continue;
 618                 if( gaItems[i].ID != num )      continue;
 619                 return &gaItems[i];
 620         }
 621         return NULL;
 622 }
 623
 624 /**
 625  * \brief Fetch information on a specific item
 626  */
 627 void Server_Cmd_ITEMINFO(tClient *Client, char *Args)
 628 {
 629         tItem   *item;
 630         char    *itemname;
 631
 632         if( Server_int_ParseArgs(0, Args, &itemname, NULL) ) {
 633                 sendf(Client->Socket, "407 ITEMINFO takes 1 argument\n");
 634                 return ;
 635         }
 636         item = _GetItemFromString(Args);
 637
 638         if( !item ) {
 639                 sendf(Client->Socket, "406 Bad Item ID\n");
 640                 return ;
 641         }
 642
 643         Server_int_SendItem( Client, item );
 644 }
 645
 646 void Server_Cmd_DISPENSE(tClient *Client, char *Args)
 647 {
 648         tItem   *item;
 649          int    ret;
 650          int    uid;
 651         char    *itemname;
 652
 653         if( Server_int_ParseArgs(0, Args, &itemname, NULL) ) {
 654                 sendf(Client->Socket, "407 DISPENSE takes only 1 argument\n");
 655                 return ;
 656         }
 657
 658         if( !Client->bIsAuthed ) {
 659                 sendf(Client->Socket, "401 Not Authenticated\n");
 660                 return ;
 661         }
 662
 663         item = _GetItemFromString(itemname);
 664         if( !item ) {
 665                 sendf(Client->Socket, "406 Bad Item ID\n");
 666                 return ;
 667         }
 668
 669         if( Client->EffectiveUID != -1 ) {
 670                 uid = Client->EffectiveUID;
 671         }
 672         else {
 673                 uid = Client->UID;
 674         }
 675
 676         switch( ret = DispenseItem( Client->UID, uid, item ) )
 677         {
 678         case 0: sendf(Client->Socket, "200 Dispense OK\n");     return ;
 679         case 1: sendf(Client->Socket, "501 Unable to dispense\n");      return ;
 680         case 2: sendf(Client->Socket, "402 Poor You\n");        return ;
 681         default:
 682                 sendf(Client->Socket, "500 Dispense Error\n");
 683                 return ;
 684         }
 685 }
 686
 687 void Server_Cmd_GIVE(tClient *Client, char *Args)
 688 {
 689         char    *recipient, *ammount, *reason;
 690          int    uid, iAmmount;
 691          int    thisUid;
 692
 693         // Parse arguments
 694         if( Server_int_ParseArgs(1, Args, &recipient, &ammount, &reason, NULL) ) {
 695                 sendf(Client->Socket, "407 GIVE takes only 3 arguments\n");
 696                 return ;
 697         }
 698         // Check for authed
 699         if( !Client->bIsAuthed ) {
 700                 sendf(Client->Socket, "401 Not Authenticated\n");
 701                 return ;
 702         }
 703
 704         // Get recipient
 705         uid = Bank_GetAcctByName(recipient);
 706         if( uid == -1 ) {
 707                 sendf(Client->Socket, "404 Invalid target user\n");
 708                 return ;
 709         }
 710
 711         // You can't alter an internal account
 712 //      if( Bank_GetFlags(uid) & USER_FLAG_INTERNAL ) {
 713 //              sendf(Client->Socket, "404 Invalid target user\n");
 714 //              return ;
 715 //      }
 716
 717         // Parse ammount
 718         iAmmount = atoi(ammount);
 719         if( iAmmount <= 0 ) {
 720                 sendf(Client->Socket, "407 Invalid Argument, ammount must be > zero\n");
 721                 return ;
 722         }
 723
 724         if( Client->EffectiveUID != -1 ) {
 725                 thisUid = Client->EffectiveUID;
 726         }
 727         else {
 728                 thisUid = Client->UID;
 729         }
 730
 731         // Do give
 732         switch( DispenseGive(Client->UID, thisUid, uid, iAmmount, reason) )
 733         {
 734         case 0:
 735                 sendf(Client->Socket, "200 Give OK\n");
 736                 return ;
 737         case 2:
 738                 sendf(Client->Socket, "402 Poor You\n");
 739                 return ;
 740         default:
 741                 sendf(Client->Socket, "500 Unknown error\n");
 742                 return ;
 743         }
 744 }
 745
 746 void Server_Cmd_DONATE(tClient *Client, char *Args)
 747 {
 748         char    *ammount, *reason;
 749          int    iAmmount;
 750          int    thisUid;
 751
 752         // Parse arguments
 753         if( Server_int_ParseArgs(1, Args, &ammount, &reason, NULL) ) {
 754                 sendf(Client->Socket, "407 DONATE takes 2 arguments\n");
 755                 return ;
 756         }
 757
 758         if( !Client->bIsAuthed ) {
 759                 sendf(Client->Socket, "401 Not Authenticated\n");
 760                 return ;
 761         }
 762
 763         // Parse ammount
 764         iAmmount = atoi(ammount);
 765         if( iAmmount <= 0 ) {
 766                 sendf(Client->Socket, "407 Invalid Argument, ammount must be > zero\n");
 767                 return ;
 768         }
 769
 770         // Handle effective users
 771         if( Client->EffectiveUID != -1 ) {
 772                 thisUid = Client->EffectiveUID;
 773         }
 774         else {
 775                 thisUid = Client->UID;
 776         }
 777
 778         // Do give
 779         switch( DispenseDonate(Client->UID, thisUid, iAmmount, reason) )
 780         {
 781         case 0:
 782                 sendf(Client->Socket, "200 Give OK\n");
 783                 return ;
 784         case 2:
 785                 sendf(Client->Socket, "402 Poor You\n");
 786                 return ;
 787         default:
 788                 sendf(Client->Socket, "500 Unknown error\n");
 789                 return ;
 790         }
 791 }
 792
 793 void Server_Cmd_ADD(tClient *Client, char *Args)
 794 {
 795         char    *user, *ammount, *reason;
 796          int    uid, iAmmount;
 797
 798         // Parse arguments
 799         if( Server_int_ParseArgs(1, Args, &user, &ammount, &reason, NULL) ) {
 800                 sendf(Client->Socket, "407 ADD takes 3 arguments\n");
 801                 return ;
 802         }
 803
 804         if( !Client->bIsAuthed ) {
 805                 sendf(Client->Socket, "401 Not Authenticated\n");
 806                 return ;
 807         }
 808
 809         // Check user permissions
 810         if( !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN))  ) {
 811                 sendf(Client->Socket, "403 Not in coke\n");
 812                 return ;
 813         }
 814
 815         // Get recipient
 816         uid = Bank_GetAcctByName(user);
 817         if( uid == -1 ) {
 818                 sendf(Client->Socket, "404 Invalid user\n");
 819                 return ;
 820         }
 821
 822         // You can't alter an internal account
 823         if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) )
 824         {
 825                 if( Bank_GetFlags(uid) & USER_FLAG_INTERNAL ) {
 826                         sendf(Client->Socket, "404 Invalid user\n");
 827                         return ;
 828                 }
 829                 // TODO: Maybe disallow changes to disabled?
 830         }
 831
 832         // Parse ammount
 833         iAmmount = atoi(ammount);
 834         if( iAmmount == 0 && ammount[0] != '0' ) {
 835                 sendf(Client->Socket, "407 Invalid Argument\n");
 836                 return ;
 837         }
 838
 839         // Do give
 840         switch( DispenseAdd(Client->UID, uid, iAmmount, reason) )
 841         {
 842         case 0:
 843                 sendf(Client->Socket, "200 Add OK\n");
 844                 return ;
 845         case 2:
 846                 sendf(Client->Socket, "402 Poor Guy\n");
 847                 return ;
 848         default:
 849                 sendf(Client->Socket, "500 Unknown error\n");
 850                 return ;
 851         }
 852 }
 853
 854 void Server_Cmd_SET(tClient *Client, char *Args)
 855 {
 856         char    *user, *ammount, *reason;
 857          int    uid, iAmmount;
 858
 859         // Parse arguments
 860         if( Server_int_ParseArgs(1, Args, &user, &ammount, &reason, NULL) ) {
 861                 sendf(Client->Socket, "407 SET takes 3 arguments\n");
 862                 return ;
 863         }
 864
 865         if( !Client->bIsAuthed ) {
 866                 sendf(Client->Socket, "401 Not Authenticated\n");
 867                 return ;
 868         }
 869
 870         // Check user permissions
 871         if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN)  ) {
 872                 sendf(Client->Socket, "403 Not an admin\n");
 873                 return ;
 874         }
 875
 876         // Get recipient
 877         uid = Bank_GetAcctByName(user);
 878         if( uid == -1 ) {
 879                 sendf(Client->Socket, "404 Invalid user\n");
 880                 return ;
 881         }
 882
 883         // Parse ammount
 884         iAmmount = atoi(ammount);
 885         if( iAmmount == 0 && ammount[0] != '0' ) {
 886                 sendf(Client->Socket, "407 Invalid Argument\n");
 887                 return ;
 888         }
 889
 890         // Do give
 891         switch( DispenseSet(Client->UID, uid, iAmmount, reason) )
 892         {
 893         case 0:
 894                 sendf(Client->Socket, "200 Add OK\n");
 895                 return ;
 896         case 2:
 897                 sendf(Client->Socket, "402 Poor Guy\n");
 898                 return ;
 899         default:
 900                 sendf(Client->Socket, "500 Unknown error\n");
 901                 return ;
 902         }
 903 }
 904
 905 void Server_Cmd_ENUMUSERS(tClient *Client, char *Args)
 906 {
 907          int    i, numRet = 0;
 908         tAcctIterator   *it;
 909          int    maxBal = INT_MAX, minBal = INT_MIN;
 910          int    flagMask = 0, flagVal = 0;
 911          int    sort = BANK_ITFLAG_SORT_NAME;
 912         time_t  lastSeenAfter=0, lastSeenBefore=0;
 913
 914          int    flags;  // Iterator flags
 915          int    balValue;       // Balance value for iterator
 916         time_t  timeValue;      // Time value for iterator
 917
 918         // Parse arguments
 919         if( Args && strlen(Args) )
 920         {
 921                 char    *space = Args, *type, *val;
 922                 do
 923                 {
 924                         type = space;
 925                         while(*type == ' ')     type ++;
 926                         // Get next space
 927                         space = strchr(space, ' ');
 928                         if(space)       *space = '\0';
 929
 930                         // Get type
 931                         val = strchr(type, ':');
 932                         if( val ) {
 933                                 *val = '\0';
 934                                 val ++;
 935
 936                                 // Types
 937                                 // - Minium Balance
 938                                 if( strcmp(type, "min_balance") == 0 ) {
 939                                         minBal = atoi(val);
 940                                 }
 941                                 // - Maximum Balance
 942                                 else if( strcmp(type, "max_balance") == 0 ) {
 943                                         maxBal = atoi(val);
 944                                 }
 945                                 // - Flags
 946                                 else if( strcmp(type, "flags") == 0 ) {
 947                                         if( Server_int_ParseFlags(Client, val, &flagMask, &flagVal) )
 948                                                 return ;
 949                                 }
 950                                 // - Last seen before timestamp
 951                                 else if( strcmp(type, "last_seen_before") == 0 ) {
 952                                         lastSeenAfter = atoll(val);
 953                                 }
 954                                 // - Last seen after timestamp
 955                                 else if( strcmp(type, "last_seen_after") == 0 ) {
 956                                         lastSeenAfter = atoll(val);
 957                                 }
 958                                 // - Sorting
 959                                 else if( strcmp(type, "sort") == 0 ) {
 960                                         char    *dash = strchr(val, '-');
 961                                         if( dash ) {
 962                                                 *dash = '\0';
 963                                                 dash ++;
 964                                         }
 965                                         if( strcmp(val, "name") == 0 ) {
 966                                                 sort = BANK_ITFLAG_SORT_NAME;
 967                                         }
 968                                         else if( strcmp(val, "balance") == 0 ) {
 969                                                 sort = BANK_ITFLAG_SORT_BAL;
 970                                         }
 971                                         else if( strcmp(val, "lastseen") == 0 ) {
 972                                                 sort = BANK_ITFLAG_SORT_LASTSEEN;
 973                                         }
 974                                         else {
 975                                                 sendf(Client->Socket, "407 Unknown sort field ('%s')\n", val);
 976                                                 return ;
 977                                         }
 978                                         // Handle sort direction
 979                                         if( dash ) {
 980                                                 if( strcmp(dash, "desc") == 0 ) {
 981                                                         sort |= BANK_ITFLAG_REVSORT;
 982                                                 }
 983                                                 else {
 984                                                         sendf(Client->Socket, "407 Unknown sort direction '%s'\n", dash);
 985                                                         return ;
 986                                                 }
 987                                                 dash[-1] = '-';
 988                                         }
 989                                 }
 990                                 else {
 991                                         sendf(Client->Socket, "407 Unknown argument to ENUM_USERS '%s:%s'\n", type, val);
 992                                         return ;
 993                                 }
 994
 995                                 val[-1] = ':';
 996                         }
 997                         else {
 998                                 sendf(Client->Socket, "407 Unknown argument to ENUM_USERS '%s'\n", type);
 999                                 return ;
1000                         }
1001
1002                         // Eat whitespace
1003                         if( space ) {
1004                                 *space = ' ';   // Repair (to be nice)
1005                                 space ++;
1006                                 while(*space == ' ')    space ++;
1007                         }
1008                 }       while(space);
1009         }
1010
1011         // Create iterator
1012         if( maxBal != INT_MAX ) {
1013                 flags = sort|BANK_ITFLAG_MAXBALANCE;
1014                 balValue = maxBal;
1015         }
1016         else if( minBal != INT_MIN ) {
1017                 flags = sort|BANK_ITFLAG_MINBALANCE;
1018                 balValue = minBal;
1019         }
1020         else {
1021                 flags = sort;
1022                 balValue = 0;
1023         }
1024         if( lastSeenBefore ) {
1025                 timeValue = lastSeenBefore;
1026                 flags |= BANK_ITFLAG_SEENBEFORE;
1027         }
1028         else if( lastSeenAfter ) {
1029                 timeValue = lastSeenAfter;
1030                 flags |= BANK_ITFLAG_SEENAFTER;
1031         }
1032         else {
1033                 timeValue = 0;
1034         }
1035         it = Bank_Iterator(flagMask, flagVal, flags, balValue, timeValue);
1036
1037         // Get return number
1038         while( (i = Bank_IteratorNext(it)) != -1 )
1039         {
1040                 int bal = Bank_GetBalance(i);
1041
1042                 if( bal == INT_MIN )    continue;
1043
1044                 if( bal < minBal )      continue;
1045                 if( bal > maxBal )      continue;
1046
1047                 numRet ++;
1048         }
1049
1050         Bank_DelIterator(it);
1051
1052         // Send count
1053         sendf(Client->Socket, "201 Users %i\n", numRet);
1054
1055
1056         // Create iterator
1057         it = Bank_Iterator(flagMask, flagVal, flags, balValue, timeValue);
1058
1059         while( (i = Bank_IteratorNext(it)) != -1 )
1060         {
1061                 int bal = Bank_GetBalance(i);
1062
1063                 if( bal == INT_MIN )    continue;
1064
1065                 if( bal < minBal )      continue;
1066                 if( bal > maxBal )      continue;
1067
1068                 _SendUserInfo(Client, i);
1069         }
1070
1071         Bank_DelIterator(it);
1072
1073         sendf(Client->Socket, "200 List End\n");
1074 }
1075
1076 void Server_Cmd_USERINFO(tClient *Client, char *Args)
1077 {
1078          int    uid;
1079         char    *user;
1080
1081         // Parse arguments
1082         if( Server_int_ParseArgs(0, Args, &user, NULL) ) {
1083                 sendf(Client->Socket, "407 USER_INFO takes 1 argument\n");
1084                 return ;
1085         }
1086
1087         if( giDebugLevel )      Debug(Client, "User Info '%s'", user);
1088
1089         // Get recipient
1090         uid = Bank_GetAcctByName(user);
1091
1092         if( giDebugLevel >= 2 ) Debug(Client, "uid = %i", uid);
1093         if( uid == -1 ) {
1094                 sendf(Client->Socket, "404 Invalid user\n");
1095                 return ;
1096         }
1097
1098         _SendUserInfo(Client, uid);
1099 }
1100
1101 void _SendUserInfo(tClient *Client, int UserID)
1102 {
1103         char    *type, *disabled="", *door="";
1104          int    flags = Bank_GetFlags(UserID);
1105
1106         if( flags & USER_FLAG_INTERNAL ) {
1107                 type = "internal";
1108         }
1109         else if( flags & USER_FLAG_COKE ) {
1110                 if( flags & USER_FLAG_ADMIN )
1111                         type = "coke,admin";
1112                 else
1113                         type = "coke";
1114         }
1115         else if( flags & USER_FLAG_ADMIN ) {
1116                 type = "admin";
1117         }
1118         else {
1119                 type = "user";
1120         }
1121
1122         if( flags & USER_FLAG_DISABLED )
1123                 disabled = ",disabled";
1124         if( flags & USER_FLAG_DOORGROUP )
1125                 door = ",door";
1126
1127         // TODO: User flags/type
1128         sendf(
1129                 Client->Socket, "202 User %s %i %s%s%s\n",
1130                 Bank_GetAcctName(UserID), Bank_GetBalance(UserID),
1131                 type, disabled, door
1132                 );
1133 }
1134
1135 void Server_Cmd_USERADD(tClient *Client, char *Args)
1136 {
1137         char    *username;
1138
1139         // Parse arguments
1140         if( Server_int_ParseArgs(0, Args, &username, NULL) ) {
1141                 sendf(Client->Socket, "407 USER_ADD takes 1 argument\n");
1142                 return ;
1143         }
1144
1145         // Check permissions
1146         if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) ) {
1147                 sendf(Client->Socket, "403 Not a coke admin\n");
1148                 return ;
1149         }
1150
1151         // Try to create user
1152         if( Bank_CreateAcct(username) == -1 ) {
1153                 sendf(Client->Socket, "404 User exists\n");
1154                 return ;
1155         }
1156
1157         {
1158                 char    *thisName = Bank_GetAcctName(Client->UID);
1159                 Log_Info("Account '%s' created by '%s'", username, thisName);
1160                 free(thisName);
1161         }
1162
1163         sendf(Client->Socket, "200 User Added\n");
1164 }
1165
1166 void Server_Cmd_USERFLAGS(tClient *Client, char *Args)
1167 {
1168         char    *username, *flags;
1169          int    mask=0, value=0;
1170          int    uid;
1171
1172         // Parse arguments
1173         if( Server_int_ParseArgs(0, Args, &username, &flags, NULL) ) {
1174                 sendf(Client->Socket, "407 USER_FLAGS takes 2 arguments\n");
1175                 return ;
1176         }
1177
1178         // Check permissions
1179         if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) ) {
1180                 sendf(Client->Socket, "403 Not a coke admin\n");
1181                 return ;
1182         }
1183
1184         // Get UID
1185         uid = Bank_GetAcctByName(username);
1186         if( uid == -1 ) {
1187                 sendf(Client->Socket, "404 User '%s' not found\n", username);
1188                 return ;
1189         }
1190
1191         // Parse flags
1192         if( Server_int_ParseFlags(Client, flags, &mask, &value) )
1193                 return ;
1194
1195         if( giDebugLevel )
1196                 Debug(Client, "Set %i(%s) flags to %x (masked %x)\n",
1197                         uid, username, mask, value);
1198
1199         // Apply flags
1200         Bank_SetFlags(uid, mask, value);
1201
1202         // Return OK
1203         sendf(Client->Socket, "200 User Updated\n");
1204 }
1205
1206 // --- INTERNAL HELPERS ---
1207 void Debug(tClient *Client, const char *Format, ...)
1208 {
1209         va_list args;
1210         //printf("%010i [%i] ", (int)time(NULL), Client->ID);
1211         printf("[%i] ", Client->ID);
1212         va_start(args, Format);
1213         vprintf(Format, args);
1214         va_end(args);
1215         printf("\n");
1216 }
1217
1218 int sendf(int Socket, const char *Format, ...)
1219 {
1220         va_list args;
1221          int    len;
1222
1223         va_start(args, Format);
1224         len = vsnprintf(NULL, 0, Format, args);
1225         va_end(args);
1226
1227         {
1228                 char    buf[len+1];
1229                 va_start(args, Format);
1230                 vsnprintf(buf, len+1, Format, args);
1231                 va_end(args);
1232
1233                 #if DEBUG_TRACE_CLIENT
1234                 printf("sendf: %s", buf);
1235                 #endif
1236
1237                 return send(Socket, buf, len, 0);
1238         }
1239 }
1240
1241 // Takes a series of char *'s in
1242 /**
1243  * \brief Parse space-separated entries into
1244  */
1245 int Server_int_ParseArgs(int bUseLongLast, char *ArgStr, ...)
1246 {
1247         va_list args;
1248         char    savedChar;
1249         char    **dest;
1250         va_start(args, ArgStr);
1251
1252         // Check for null
1253         if( !ArgStr )
1254         {
1255                 while( (dest = va_arg(args, char **)) )
1256                         *dest = NULL;
1257                 va_end(args);
1258                 return 1;
1259         }
1260
1261         savedChar = *ArgStr;
1262
1263         while( (dest = va_arg(args, char **)) )
1264         {
1265                 // Trim leading spaces
1266                 while( *ArgStr == ' ' || *ArgStr == '\t' )
1267                         ArgStr ++;
1268
1269                 // ... oops, not enough arguments
1270                 if( *ArgStr == '\0' )
1271                 {
1272                         // NULL unset arguments
1273                         do {
1274                                 *dest = NULL;
1275                         }       while( (dest = va_arg(args, char **)) );
1276                 va_end(args);
1277                         return -1;
1278                 }
1279
1280                 if( *ArgStr == '"' )
1281                 {
1282                         ArgStr ++;
1283                         *dest = ArgStr;
1284                         // Read until quote
1285                         while( *ArgStr && *ArgStr != '"' )
1286                                 ArgStr ++;
1287                 }
1288                 else
1289                 {
1290                         // Set destination
1291                         *dest = ArgStr;
1292                         // Read until a space
1293                         while( *ArgStr && *ArgStr != ' ' && *ArgStr != '\t' )
1294                                 ArgStr ++;
1295                 }
1296                 savedChar = *ArgStr;    // savedChar is used to un-mangle the last string
1297                 *ArgStr = '\0';
1298                 ArgStr ++;
1299         }
1300         va_end(args);
1301
1302         // Oops, extra arguments, and greedy not set
1303         if( (savedChar == ' ' || savedChar == '\t') && !bUseLongLast ) {
1304                 return -1;
1305         }
1306
1307         // Un-mangle last
1308         if(bUseLongLast) {
1309                 ArgStr --;
1310                 *ArgStr = savedChar;
1311         }
1312
1313         return 0;       // Success!
1314 }
1315
1316 int Server_int_ParseFlags(tClient *Client, const char *Str, int *Mask, int *Value)
1317 {
1318         struct {
1319                 const char      *Name;
1320                  int    Mask;
1321                  int    Value;
1322         }       cFLAGS[] = {
1323                  {"disabled", USER_FLAG_DISABLED, USER_FLAG_DISABLED}
1324                 ,{"door", USER_FLAG_DOORGROUP, USER_FLAG_DOORGROUP}
1325                 ,{"coke", USER_FLAG_COKE, USER_FLAG_COKE}
1326                 ,{"admin", USER_FLAG_ADMIN, USER_FLAG_ADMIN}
1327                 ,{"internal", USER_FLAG_INTERNAL, USER_FLAG_INTERNAL}
1328         };
1329         const int       ciNumFlags = sizeof(cFLAGS)/sizeof(cFLAGS[0]);
1330
1331         char    *space;
1332
1333         *Mask = 0;
1334         *Value = 0;
1335
1336         do {
1337                  int    bRemove = 0;
1338                  int    i;
1339                  int    len;
1340
1341                 while( *Str == ' ' )    Str ++; // Eat whitespace
1342                 space = strchr(Str, ',');       // Find the end of the flag
1343                 if(space)
1344                         len = space - Str;
1345                 else
1346                         len = strlen(Str);
1347
1348                 // Check for inversion/removal
1349                 if( *Str == '!' || *Str == '-' ) {
1350                         bRemove = 1;
1351                         Str ++;
1352                 }
1353                 else if( *Str == '+' ) {
1354                         Str ++;
1355                 }
1356
1357                 // Check flag values
1358                 for( i = 0; i < ciNumFlags; i ++ )
1359                 {
1360                         if( strncmp(Str, cFLAGS[i].Name, len) == 0 ) {
1361                                 *Mask |= cFLAGS[i].Mask;
1362                                 *Value &= ~cFLAGS[i].Mask;
1363                                 if( !bRemove )
1364                                         *Value |= cFLAGS[i].Value;
1365                                 break;
1366                         }
1367                 }
1368
1369                 // Error check
1370                 if( i == ciNumFlags ) {
1371                         char    val[len+1];
1372                         strncpy(val, Str, len+1);
1373                         sendf(Client->Socket, "407 Unknown flag value '%s'\n", val);
1374                         return -1;
1375                 }
1376
1377                 Str = space + 1;
1378         } while(space);
1379
1380         return 0;
1381 }