#include <string.h>
#include <limits.h>
#include <stdarg.h>
-#include <signal.h>
-#include <ident.h>
+#include <signal.h> // Signal handling
+#include <ident.h> // AUTHIDENT
+#include <time.h> // time(2)
#define DEBUG_TRACE_CLIENT 0
#define HACK_NO_REFUNDS 1
#define MSG_STR_TOO_LONG "499 Command too long (limit "EXPSTR(INPUT_BUFFER_SIZE)")\n"
+#define IDENT_TRUSTED_NETWORK 0x825F0D00
+#define IDENT_TRUSTED_NETMASK 0xFFFFFFC0
+
// === TYPES ===
typedef struct sClient
{
int Socket; // Client socket ID
int ID; // Client ID
- int bIsTrusted; // Is the connection from a trusted host/port
+ int bTrustedHost;
+ int bCanAutoAuth; // Is the connection from a trusted host/port
char *Username;
char Salt[9];
// === PROTOTYPES ===
void Server_Start(void);
void Server_Cleanup(void);
-void Server_HandleClient(int Socket, int bTrusted);
+void Server_HandleClient(int Socket, int bTrustedHost, int bRootPort);
void Server_ParseClientCommand(tClient *Client, char *CommandString);
// --- Commands ---
void Server_Cmd_USER(tClient *Client, char *Args);
int gbServer_RunInBackground = 0;
char *gsServer_LogFile = "/var/log/dispsrv.log";
char *gsServer_ErrorLog = "/var/log/dispsrv.err";
+ int giServer_NumTrustedHosts;
+struct in_addr *gaServer_TrustedHosts;
// - State variables
int giServer_Socket; // Server socket
int giServer_NextClientID = 1; // Debug client ID
int client_socket;
struct sockaddr_in server_addr, client_addr;
+ // Parse trusted hosts list
+ giServer_NumTrustedHosts = Config_GetValueCount("trusted_host");
+ gaServer_TrustedHosts = malloc(giServer_NumTrustedHosts * sizeof(*gaServer_TrustedHosts));
+ for( int i = 0; i < giServer_NumTrustedHosts; i ++ )
+ {
+ const char *addr = Config_GetValue("trusted_host", i);
+
+ if( inet_aton(addr, &gaServer_TrustedHosts[i]) == 0 ) {
+ fprintf(stderr, "Invalid IP address '%s'\n", addr);
+ continue ;
+ }
+ }
+
atexit(Server_Cleanup);
// Ignore SIGPIPE (stops crashes when the client exits early)
signal(SIGPIPE, SIG_IGN);
}
if( pid != 0 ) {
// Parent, quit
+ printf("Forked child %i\n", pid);
exit(0);
}
// In child
freopen("/dev/null", "r", stdin);
freopen(gsServer_LogFile, "a", stdout);
freopen(gsServer_ErrorLog, "a", stderr);
+ fprintf(stdout, "OpenDispense 2 Server Started at %lld\n", (long long)time(NULL));
+ fprintf(stderr, "OpenDispense 2 Server Started at %lld\n", (long long)time(NULL));
#endif
}
{
uint len = sizeof(client_addr);
int bTrusted = 0;
+ int bRootPort = 0;
// Accept a connection
client_socket = accept(giServer_Socket, (struct sockaddr *) &client_addr, &len);
// Doesn't matter what, localhost is trusted
if( ntohl( client_addr.sin_addr.s_addr ) == 0x7F000001 )
bTrusted = 1;
-
- // Trusted Connections
+
+ // Check if the host is on the trusted list
+ for( int i = 0; i < giServer_NumTrustedHosts; i ++ )
+ {
+ if( memcmp(&client_addr.sin_addr, &gaServer_TrustedHosts[i], sizeof(struct in_addr)) == 0 )
+ {
+ bTrusted = 1;
+ break;
+ }
+ }
+
+ // Root port (can AUTOAUTH if also a trusted machine
if( ntohs(client_addr.sin_port) < 1024 )
+ bRootPort = 1;
+
+ #if 0
{
// TODO: Make this runtime configurable
switch( ntohl( client_addr.sin_addr.s_addr ) )
break;
}
}
+ #endif
// TODO: Multithread this?
- Server_HandleClient(client_socket, bTrusted);
+ Server_HandleClient(client_socket, bTrusted, bRootPort);
close(client_socket);
}
* \param Socket Client socket number/handle
* \param bTrusted Is the client trusted?
*/
-void Server_HandleClient(int Socket, int bTrusted)
+void Server_HandleClient(int Socket, int bTrusted, int bRootPort)
{
char inbuf[INPUT_BUFFER_SIZE];
char *buf = inbuf;
// Initialise Client info
clientInfo.Socket = Socket;
clientInfo.ID = giServer_NextClientID ++;
- clientInfo.bIsTrusted = bTrusted;
+ clientInfo.bTrustedHost = bTrusted;
+ clientInfo.bCanAutoAuth = bTrusted && bRootPort;
clientInfo.EffectiveUID = -1;
// Read from client
}
// Check if trusted
- if( !Client->bIsTrusted ) {
+ if( !Client->bCanAutoAuth ) {
if(giDebugLevel)
Debug(Client, "Untrusted client attempting to AUTOAUTH");
sendf(Client->Socket, "401 Untrusted\n");
}
// Check if trusted
- if( !Client->bIsTrusted ) {
+ if( !Client->bTrustedHost ) {
if(giDebugLevel)
Debug(Client, "Untrusted client attempting to AUTHIDENT");
sendf(Client->Socket, "401 Untrusted\n");
// Get username via IDENT
username = ident_id(Client->Socket, ident_timeout);
- if (!username) {
+ if( !username ) {
sendf(Client->Socket, "403 Authentication failure: IDENT auth timed out\n");
+ return ;
}
// Get UID
return ;
}
}
+
+ // Disabled accounts
+ if( userFlags & USER_FLAG_DISABLED ) {
+ Client->UID = -1;
+ sendf(Client->Socket, "403 Account disabled\n");
+ return ;
+ }
sendf(Client->Socket, "200 User set\n");
}
}
}
+ if( Item->Price == 0 )
+ status = "error";
// KNOWN HACK: Naming a slot 'dead' disables it
if( strcmp(Item->Name, "dead") == 0 )
status = "sold"; // Another status?
git.ucc.asn.au / tpg / opendispense2.git / blobdiff
UCC git Repository :: git.ucc.asn.au