}
}
- atexit(Server_Cleanup);
// Ignore SIGPIPE (stops crashes when the client exits early)
signal(SIGPIPE, SIG_IGN);
if( bind(giServer_Socket, (struct sockaddr *) &server_addr, sizeof(server_addr)) < 0 ) {
fprintf(stderr, "ERROR: Unable to bind to 0.0.0.0:%i\n", giServer_Port);
perror("Binding");
+ close(giServer_Socket);
return ;
}
}
if( pid != 0 ) {
// Parent, quit
- printf("Forked child %i\n", pid);
+ Debug_Notice("Forked child server as PID %i\n", pid);
exit(0);
}
// In child
fprintf(stderr, "OpenDispense 2 Server Started at %lld\n", (long long)time(NULL));
#endif
}
+ atexit(Server_Cleanup);
// Start the helper thread
StartPeriodicThread();
return ;
}
- printf("Listening on 0.0.0.0:%i\n", giServer_Port);
+ Debug_Notice("Listening on 0.0.0.0:%i", giServer_Port);
// write pidfile
{
if(giDebugLevel >= 2) {
char ipstr[INET_ADDRSTRLEN];
inet_ntop(AF_INET, &client_addr.sin_addr, ipstr, INET_ADDRSTRLEN);
- printf("Client connection from %s:%i\n",
+ Debug_Debug("Client connection from %s:%i",
ipstr, ntohs(client_addr.sin_port));
}
void Server_Cleanup(void)
{
- printf("\nClose(%i)\n", giServer_Socket);
+ Debug_Debug("Close(%i)", giServer_Socket);
close(giServer_Socket);
unlink(PIDFILE);
}
sendf(Client->Socket, "404 User not found\n");
return ;
}
- // Disabled only avaliable to admins
- if( eUserFlags & USER_FLAG_DISABLED ) {
- Client->EffectiveUID = -1;
- sendf(Client->Socket, "403 Account disabled\n");
- return ;
- }
}
// Disabled accounts
- if( userFlags & USER_FLAG_DISABLED ) {
+ // - If disabled and the actual user is not an admin (and not root)
+ // return 403
+ if( (eUserFlags & USER_FLAG_DISABLED) && (Client->UID == 0 || !(userFlags & USER_FLAG_ADMIN)) ) {
Client->EffectiveUID = -1;
sendf(Client->Socket, "403 Account disabled\n");
return ;
uid = Client->UID;
}
+// if( Bank_GetFlags(Client->UID) & USER_FLAG_DISABLED ) {
+// }
+
switch( ret = DispenseItem( Client->UID, uid, item ) )
{
case 0: sendf(Client->Socket, "200 Dispense OK\n"); return ;
if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) )
{
if( Bank_GetFlags(uid) & USER_FLAG_INTERNAL ) {
- sendf(Client->Socket, "404 Invalid user\n");
+ sendf(Client->Socket, "403 Admin only\n");
return ;
}
// TODO: Maybe disallow changes to disabled?
}
pin = atoi(pinstr);
- // Not strictly needed, but ensures that randoms don't do brute forcing
+ // Not authenticated? go away!
if( !Client->bIsAuthed ) {
sendf(Client->Socket, "401 Not Authenticated\n");
return ;
}
- // Check user permissions
- if( !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) {
- sendf(Client->Socket, "403 Not in coke\n");
- return ;
- }
-
// Get user
int uid = Bank_GetAcctByName(username, 0);
if( uid == -1 ) {
return ;
}
+ // Check user permissions
+ if( uid != Client->UID && !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) {
+ sendf(Client->Socket, "403 Not in coke\n");
+ return ;
+ }
+
// Get the pin
static time_t last_wrong_pin_time;
static int backoff = 1;
last_wrong_pin_time = time(NULL);
if( !Bank_IsPinValid(uid, pin) )
{
- sendf(Client->Socket, "403 Pin incorrect\n");
+ sendf(Client->Socket, "201 Pin incorrect\n");
+ struct sockaddr_storage addr;
+ socklen_t len = sizeof(addr);
+ char ipstr[INET6_ADDRSTRLEN];
+ getpeername(Client->Socket, (void*)&addr, &len);
+ struct sockaddr_in *s = (struct sockaddr_in *)&addr;
+ inet_ntop(addr.ss_family, &s->sin_addr, ipstr, sizeof(ipstr));
+ Debug_Notice("Bad pin from %s for %s by %i", ipstr, username, Client->UID);
if( backoff < 5)
backoff ++;
return ;
if( Server_int_ParseArgs(0, Args, &pinstr, NULL) ) {
- sendf(Client->Socket, "407 PIN_SET takes 2 arguments\n");
+ sendf(Client->Socket, "407 PIN_SET takes 1 argument\n");
return ;
}
}
pin = atoi(pinstr);
- // Not strictly needed, but ensures that randoms don't do brute forcing
if( !Client->bIsAuthed ) {
sendf(Client->Socket, "401 Not Authenticated\n");
return ;
git.ucc.asn.au / tpg / opendispense2.git / blobdiff
UCC git Repository :: git.ucc.asn.au