Misc changes - Fixed coke, shut up boot, fixed disabled users dispensing

[tpg/opendispense2.git] / src / server / server.c

diff --git a/src/server/server.c b/src/server/server.c
index 3169ca0..1faa6fe 100644 (file)
--- a/src/server/server.c
+++ b/src/server/server.c
@@ -18,8 +18,9 @@
 #include <string.h>
 #include <limits.h>
 #include <stdarg.h>
-#include <signal.h>
-#include <ident.h>
+#include <signal.h>    // Signal handling
+#include <ident.h>     // AUTHIDENT
+#include <time.h>      // time(2)
 
 #define        DEBUG_TRACE_CLIENT      0
 #define HACK_NO_REFUNDS        1
@@ -34,6 +35,9 @@
 
 #define MSG_STR_TOO_LONG       "499 Command too long (limit "EXPSTR(INPUT_BUFFER_SIZE)")\n"
 
+#define IDENT_TRUSTED_NETWORK 0x825F0D00
+#define IDENT_TRUSTED_NETMASK 0xFFFFFFC0
+
 // === TYPES ===
 typedef struct sClient
 {
@@ -163,6 +167,7 @@ void Server_Start(void)
                }
                if( pid != 0 ) {
                        // Parent, quit
+                       printf("Forked child %i\n", pid);
                        exit(0);
                }
                // In child
@@ -175,6 +180,8 @@ void Server_Start(void)
                freopen("/dev/null", "r", stdin);
                freopen(gsServer_LogFile, "a", stdout);
                freopen(gsServer_ErrorLog, "a", stderr);
+               fprintf(stdout, "OpenDispense 2 Server Started at %lld\n", (long long)time(NULL));
+               fprintf(stderr, "OpenDispense 2 Server Started at %lld\n", (long long)time(NULL));
                #endif
        }
 
@@ -541,24 +548,40 @@ void Server_Cmd_AUTHIDENT(tClient *Client, char *Args)
        char    *username;
         int    userflags;
        const int ident_timeout = 5;
+       socklen_t len;
+       struct sockaddr_in client_addr;
+       uint32_t  client_ip;
 
        if( Args != NULL && strlen(Args) ) {
                sendf(Client->Socket, "407 AUTHIDENT takes no arguments\n");
                return ;
        }
 
-       // Check if trusted
-       if( !Client->bIsTrusted ) {
-               if(giDebugLevel)
-                       Debug(Client, "Untrusted client attempting to AUTHIDENT");
-               sendf(Client->Socket, "401 Untrusted\n");
+       // Check if trusted (only works with INET sockets at present)
+       len = sizeof(client_addr);
+       if( getpeername(Client->Socket, (struct sockaddr*)&client_addr, &len) == -1 ) {
+               Debug(Client, "500 getpeername() failed\n");
+               perror("Getting AUTHIDENT peer name");
+               sendf(Client->Socket, "500 getpeername() failed\n");
                return ;
        }
 
+       client_ip = client_addr.sin_addr.s_addr;
+       if(giDebugLevel >= 2) {
+               Debug(Client, "client_ip = %x, ntohl(client_ip) = %x", client_ip, ntohl(client_ip));
+       }
+       if( ntohl(client_ip) != 0x7F000001 && (ntohl(client_ip) & IDENT_TRUSTED_NETMASK) != IDENT_TRUSTED_NETWORK ) {
+                       if(giDebugLevel)
+                               Debug(Client, "Untrusted client attempting to AUTHIDENT");
+                       sendf(Client->Socket, "401 Untrusted\n");
+                       return ;
+       }
+
        // Get username via IDENT
        username = ident_id(Client->Socket, ident_timeout);
-       if (!username) {
+       if( !username ) {
                sendf(Client->Socket, "403 Authentication failure: IDENT auth timed out\n");
+               return ;
        }
 
        // Get UID