X-Git-Url: https://git.ucc.asn.au/?p=tpg%2Fopendispense2.git;a=blobdiff_plain;f=src%2Fserver%2Fserver.c;h=76b3b44dbde7e6f57f854705b30a9d647d0d474f;hp=16c4d293995de8170fced0ba5ddb454ae8dda1a8;hb=HEAD;hpb=fdfc7639fefe12a26463634a776c070d00ebf1b8 diff --git a/src/server/server.c b/src/server/server.c index 16c4d29..76b3b44 100644 --- a/src/server/server.c +++ b/src/server/server.c @@ -10,86 +10,136 @@ #include #include #include "common.h" +#include "../common/config.h" #include #include #include #include +#include // O_* #include #include #include +#include // Signal handling +#include // AUTHIDENT +#include // time(2) +#include -// HACKS -#define HACK_TPG_NOAUTH 1 -#define HACK_ROOT_NOAUTH 1 +#define DEBUG_TRACE_CLIENT 0 +#define HACK_NO_REFUNDS 1 -#define DEBUG_TRACE_CLIENT 1 +#define PIDFILE "/var/run/dispsrv.pid" // Statistics #define MAX_CONNECTION_QUEUE 5 #define INPUT_BUFFER_SIZE 256 +#define CLIENT_TIMEOUT 10 // Seconds #define HASH_TYPE SHA1 #define HASH_LENGTH 20 #define MSG_STR_TOO_LONG "499 Command too long (limit "EXPSTR(INPUT_BUFFER_SIZE)")\n" +#define IDENT_TRUSTED_NETWORK 0x825F0D00 +#define IDENT_TRUSTED_NETMASK 0xFFFFFFC0 + // === TYPES === typedef struct sClient { int Socket; // Client socket ID int ID; // Client ID - int bIsTrusted; // Is the connection from a trusted host/port + int bTrustedHost; + int bCanAutoAuth; // Is the connection from a trusted host/port char *Username; char Salt[9]; int UID; + int EffectiveUID; int bIsAuthed; } tClient; // === PROTOTYPES === void Server_Start(void); void Server_Cleanup(void); -void Server_HandleClient(int Socket, int bTrusted); +void Server_HandleClient(int Socket, int bTrustedHost, int bRootPort); void Server_ParseClientCommand(tClient *Client, char *CommandString); // --- Commands --- void Server_Cmd_USER(tClient *Client, char *Args); void Server_Cmd_PASS(tClient *Client, char *Args); void Server_Cmd_AUTOAUTH(tClient *Client, char *Args); +void Server_Cmd_AUTHIDENT(tClient *Client, char *Args); +void Server_Cmd_AUTHCARD(tClient* Client, char *Args); +void Server_Cmd_SETEUSER(tClient *Client, char *Args); void Server_Cmd_ENUMITEMS(tClient *Client, char *Args); void Server_Cmd_ITEMINFO(tClient *Client, char *Args); void Server_Cmd_DISPENSE(tClient *Client, char *Args); +void Server_Cmd_REFUND(tClient *Client, char *Args); void Server_Cmd_GIVE(tClient *Client, char *Args); +void Server_Cmd_DONATE(tClient *Client, char *Args); void Server_Cmd_ADD(tClient *Client, char *Args); +void Server_Cmd_SET(tClient *Client, char *Args); void Server_Cmd_ENUMUSERS(tClient *Client, char *Args); void Server_Cmd_USERINFO(tClient *Client, char *Args); +void _SendUserInfo(tClient *Client, int UserID); +void Server_Cmd_USERADD(tClient *Client, char *Args); +void Server_Cmd_USERFLAGS(tClient *Client, char *Args); +void Server_Cmd_UPDATEITEM(tClient *Client, char *Args); +void Server_Cmd_PINCHECK(tClient *Client, char *Args); +void Server_Cmd_PINSET(tClient *Client, char *Args); +void Server_Cmd_CARDADD(tClient *Client, char *Args); // --- Helpers --- +void Debug(tClient *Client, const char *Format, ...); int sendf(int Socket, const char *Format, ...); - int GetUserAuth(const char *Salt, const char *Username, const uint8_t *Hash); -void HexBin(uint8_t *Dest, char *Src, int BufSize); + int Server_int_ParseArgs(int bUseLongArg, char *ArgStr, ...); + int Server_int_ParseFlags(tClient *Client, const char *Str, int *Mask, int *Value); -// === GLOBALS === - int giServer_Port = 1020; - int giServer_NextClientID = 1; +#define CLIENT_DEBUG_LOW(Client, ...) do { if(giDebugLevel>1) Debug(Client, __VA_ARGS__); } while(0) +#define CLIENT_DEBUG(Client, ...) do { if(giDebugLevel) Debug(Client, __VA_ARGS__); } while(0) + +// === CONSTANTS === // - Commands -struct sClientCommand { - char *Name; +const struct sClientCommand { + const char *Name; void (*Function)(tClient *Client, char *Arguments); } gaServer_Commands[] = { {"USER", Server_Cmd_USER}, {"PASS", Server_Cmd_PASS}, {"AUTOAUTH", Server_Cmd_AUTOAUTH}, + {"AUTHIDENT", Server_Cmd_AUTHIDENT}, + {"AUTHCARD", Server_Cmd_AUTHCARD}, + {"SETEUSER", Server_Cmd_SETEUSER}, {"ENUM_ITEMS", Server_Cmd_ENUMITEMS}, {"ITEM_INFO", Server_Cmd_ITEMINFO}, {"DISPENSE", Server_Cmd_DISPENSE}, + {"REFUND", Server_Cmd_REFUND}, {"GIVE", Server_Cmd_GIVE}, + {"DONATE", Server_Cmd_DONATE}, {"ADD", Server_Cmd_ADD}, + {"SET", Server_Cmd_SET}, {"ENUM_USERS", Server_Cmd_ENUMUSERS}, - {"USER_INFO", Server_Cmd_USERINFO} + {"USER_INFO", Server_Cmd_USERINFO}, + {"USER_ADD", Server_Cmd_USERADD}, + {"USER_FLAGS", Server_Cmd_USERFLAGS}, + {"UPDATE_ITEM", Server_Cmd_UPDATEITEM}, + {"PIN_CHECK", Server_Cmd_PINCHECK}, + {"PIN_SET", Server_Cmd_PINSET}, + {"CARD_ADD", Server_Cmd_CARDADD}, }; -#define NUM_COMMANDS (sizeof(gaServer_Commands)/sizeof(gaServer_Commands[0])) - int giServer_Socket; +#define NUM_COMMANDS ((int)(sizeof(gaServer_Commands)/sizeof(gaServer_Commands[0]))) + +// === GLOBALS === +// - Configuration + int giServer_Port = 11020; + int gbServer_RunInBackground = 0; +char *gsServer_LogFile = "/var/log/dispsrv.log"; +char *gsServer_ErrorLog = "/var/log/dispsrv.err"; + int giServer_NumTrustedHosts; +struct in_addr *gaServer_TrustedHosts; +// - State variables + int giServer_Socket; // Server socket + int giServer_NextClientID = 1; // Debug client ID + // === CODE === /** @@ -100,7 +150,21 @@ void Server_Start(void) int client_socket; struct sockaddr_in server_addr, client_addr; - atexit(Server_Cleanup); + // Parse trusted hosts list + giServer_NumTrustedHosts = Config_GetValueCount("trusted_host"); + gaServer_TrustedHosts = malloc(giServer_NumTrustedHosts * sizeof(*gaServer_TrustedHosts)); + for( int i = 0; i < giServer_NumTrustedHosts; i ++ ) + { + const char *addr = Config_GetValue_Idx("trusted_host", i); + + if( inet_aton(addr, &gaServer_TrustedHosts[i]) == 0 ) { + fprintf(stderr, "Invalid IP address '%s'\n", addr); + continue ; + } + } + + // Ignore SIGPIPE (stops crashes when the client exits early) + signal(SIGPIPE, SIG_IGN); // Create Server giServer_Socket = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); @@ -119,8 +183,42 @@ void Server_Start(void) if( bind(giServer_Socket, (struct sockaddr *) &server_addr, sizeof(server_addr)) < 0 ) { fprintf(stderr, "ERROR: Unable to bind to 0.0.0.0:%i\n", giServer_Port); perror("Binding"); + close(giServer_Socket); return ; } + + // Fork into background + if( gbServer_RunInBackground ) + { + int pid = fork(); + if( pid == -1 ) { + fprintf(stderr, "ERROR: Unable to fork\n"); + perror("fork background"); + exit(-1); + } + if( pid != 0 ) { + // Parent, quit + Debug_Notice("Forked child server as PID %i\n", pid); + exit(0); + } + // In child + // - Sort out stdin/stdout + #if 0 + dup2( open("/dev/null", O_RDONLY, 0644), STDIN_FILENO ); + dup2( open(gsServer_LogFile, O_CREAT|O_APPEND, 0644), STDOUT_FILENO ); + dup2( open(gsServer_ErrorLog, O_CREAT|O_APPEND, 0644), STDERR_FILENO ); + #else + freopen("/dev/null", "r", stdin); + freopen(gsServer_LogFile, "a", stdout); + freopen(gsServer_ErrorLog, "a", stderr); + fprintf(stdout, "OpenDispense 2 Server Started at %lld\n", (long long)time(NULL)); + fprintf(stderr, "OpenDispense 2 Server Started at %lld\n", (long long)time(NULL)); + #endif + } + atexit(Server_Cleanup); + + // Start the helper thread + StartPeriodicThread(); // Listen if( listen(giServer_Socket, MAX_CONNECTION_QUEUE) < 0 ) { @@ -129,45 +227,93 @@ void Server_Start(void) return ; } - printf("Listening on 0.0.0.0:%i\n", giServer_Port); + Debug_Notice("Listening on 0.0.0.0:%i", giServer_Port); + // write pidfile + { + FILE *fp = fopen(PIDFILE, "w"); + if( fp ) { + fprintf(fp, "%i", getpid()); + fclose(fp); + } + } + for(;;) { uint len = sizeof(client_addr); int bTrusted = 0; + int bRootPort = 0; + // Accept a connection client_socket = accept(giServer_Socket, (struct sockaddr *) &client_addr, &len); if(client_socket < 0) { fprintf(stderr, "ERROR: Unable to accept client connection\n"); return ; } + // Set a timeout on the user conneciton + { + struct timeval tv; + tv.tv_sec = CLIENT_TIMEOUT; + tv.tv_usec = 0; + if( setsockopt(client_socket, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)) ) + { + perror("setsockopt"); + return ; + } + } + + // Debug: Print the connection string if(giDebugLevel >= 2) { char ipstr[INET_ADDRSTRLEN]; inet_ntop(AF_INET, &client_addr.sin_addr, ipstr, INET_ADDRSTRLEN); - printf("Client connection from %s:%i\n", + Debug_Debug("Client connection from %s:%i", ipstr, ntohs(client_addr.sin_port)); } - // Trusted Connections + // Doesn't matter what, localhost is trusted + if( ntohl( client_addr.sin_addr.s_addr ) == 0x7F000001 ) + bTrusted = 1; + + // Check if the host is on the trusted list + for( int i = 0; i < giServer_NumTrustedHosts; i ++ ) + { + if( memcmp(&client_addr.sin_addr, &gaServer_TrustedHosts[i], sizeof(struct in_addr)) == 0 ) + { + bTrusted = 1; + break; + } + } + + // Root port (can AUTOAUTH if also a trusted machine if( ntohs(client_addr.sin_port) < 1024 ) + bRootPort = 1; + + #if 0 { // TODO: Make this runtime configurable switch( ntohl( client_addr.sin_addr.s_addr ) ) { case 0x7F000001: // 127.0.0.1 localhost - //case 0x825E0D00: // 130.95.13.0 - case 0x825E0D12: // 130.95.13.18 mussel - case 0x825E0D17: // 130.95.13.23 martello + // case 0x825F0D00: // 130.95.13.0 + case 0x825F0D04: // 130.95.13.4 merlo + // case 0x825F0D05: // 130.95.13.5 heathred (MR) + case 0x825F0D07: // 130.95.13.7 motsugo + case 0x825F0D11: // 130.95.13.17 mermaid + case 0x825F0D12: // 130.95.13.18 mussel + case 0x825F0D17: // 130.95.13.23 martello + case 0x825F0D2A: // 130.95.13.42 meersau + // case 0x825F0D42: // 130.95.13.66 heathred (Clubroom) bTrusted = 1; break; default: break; } } + #endif // TODO: Multithread this? - Server_HandleClient(client_socket, bTrusted); + Server_HandleClient(client_socket, bTrusted, bRootPort); close(client_socket); } @@ -175,8 +321,9 @@ void Server_Start(void) void Server_Cleanup(void) { - printf("Close(%i)\n", giServer_Socket); + Debug_Debug("Close(%i)", giServer_Socket); close(giServer_Socket); + unlink(PIDFILE); } /** @@ -184,18 +331,22 @@ void Server_Cleanup(void) * \param Socket Client socket number/handle * \param bTrusted Is the client trusted? */ -void Server_HandleClient(int Socket, int bTrusted) +void Server_HandleClient(int Socket, int bTrusted, int bRootPort) { char inbuf[INPUT_BUFFER_SIZE]; char *buf = inbuf; int remspace = INPUT_BUFFER_SIZE-1; int bytes = -1; - tClient clientInfo = {0}; + tClient clientInfo; + + memset(&clientInfo, 0, sizeof(clientInfo)); // Initialise Client info clientInfo.Socket = Socket; clientInfo.ID = giServer_NextClientID ++; - clientInfo.bIsTrusted = bTrusted; + clientInfo.bTrustedHost = bTrusted; + clientInfo.bCanAutoAuth = bTrusted && bRootPort; + clientInfo.EffectiveUID = -1; // Read from client /* @@ -205,6 +356,7 @@ void Server_HandleClient(int Socket, int bTrusted) * it is saved to the beginning of `inbuf` and `buf` is updated to * the end of it. */ + // TODO: Use select() instead (to give a timeout) while( (bytes = recv(Socket, buf, remspace, 0)) > 0 ) { char *eol, *start; @@ -258,23 +410,25 @@ void Server_HandleClient(int Socket, int bTrusted) */ void Server_ParseClientCommand(tClient *Client, char *CommandString) { - char *space, *args; + char *command, *args; int i; - // Split at first space - space = strchr(CommandString, ' '); - if(space == NULL) { - args = NULL; - } - else { - *space = '\0'; - args = space + 1; + if( giDebugLevel >= 2 ) + Debug(Client, "Server_ParseClientCommand: (CommandString = '%s')", CommandString); + + if( Server_int_ParseArgs(1, CommandString, &command, &args, NULL) ) + { + if( command == NULL ) return ; + // Is this an error? (just ignore for now) } + // Find command for( i = 0; i < NUM_COMMANDS; i++ ) { - if(strcmp(CommandString, gaServer_Commands[i].Name) == 0) { + if(strcmp(command, gaServer_Commands[i].Name) == 0) { + if( giDebugLevel >= 2 ) + Debug(Client, "CMD %s - \"%s\"", command, args); gaServer_Commands[i].Function(Client, args); return ; } @@ -292,15 +446,23 @@ void Server_ParseClientCommand(tClient *Client, char *CommandString) * Usage: USER */ void Server_Cmd_USER(tClient *Client, char *Args) -{ +{ + char *username; + + if( Server_int_ParseArgs(0, Args, &username, NULL) ) + { + sendf(Client->Socket, "407 USER takes 1 argument\n"); + return ; + } + // Debug! if( giDebugLevel ) - printf("Client %i authenticating as '%s'\n", Client->ID, Args); + Debug(Client, "Authenticating as '%s'", username); // Save username if(Client->Username) free(Client->Username); - Client->Username = strdup(Args); + Client->Username = strdup(username); #if USE_SALT // Create a salt (that changes if the username is changed) @@ -321,6 +483,62 @@ void Server_Cmd_USER(tClient *Client, char *Args) #endif } +/// UID: User ID (must be valid) +/// username: Optional username +bool authenticate(tClient* Client, int UID, const char* username) +{ + Client->UID = UID; + + int flags = Bank_GetFlags(Client->UID); + if( flags & USER_FLAG_DISABLED ) { + Client->UID = -1; + sendf(Client->Socket, "403 Authentication failure: account disabled\n"); + return false; + } + // You can't be an internal account + if( flags & USER_FLAG_INTERNAL ) { + if(giDebugLevel) + Debug(Client, "IDENT auth as '%s', not allowed", username); + Client->UID = -1; + sendf(Client->Socket, "403 Authentication failure: that account is internal\n"); + return false; + } + + // Save username + if(Client->Username != username) + { + if(Client->Username) + { + free(Client->Username); + } + + // Fetch username (if not provided) + if( username ) + { + Client->Username = strdup(username); + } + else + { + Client->Username = Bank_GetAcctName(UID); + } + } + + Client->bIsAuthed = 1; + + if(giDebugLevel) + Debug(Client, "Auto authenticated as '%s' (%i)", Client->Username, Client->UID); + return true; +} +bool require_auth(tClient* Client) +{ + // Check authentication + if( !Client->bIsAuthed ) { + sendf(Client->Socket, "401 Not Authenticated\n"); + return false; + } + return true; +} + /** * \brief Authenticate as a user * @@ -328,30 +546,27 @@ void Server_Cmd_USER(tClient *Client, char *Args) */ void Server_Cmd_PASS(tClient *Client, char *Args) { - uint8_t clienthash[HASH_LENGTH] = {0}; - - // Read user's hash - HexBin(clienthash, Args, HASH_LENGTH); - - // TODO: Decrypt password passed - - Client->UID = GetUserAuth(Client->Salt, Client->Username, clienthash); + char *passhash; - if( Client->UID != -1 ) { - Client->bIsAuthed = 1; - sendf(Client->Socket, "200 Auth OK\n"); + if( Server_int_ParseArgs(0, Args, &passhash, NULL) ) + { + sendf(Client->Socket, "407 PASS takes 1 argument\n"); return ; } - - if( giDebugLevel ) { - int i; - printf("Client %i: Password hash ", Client->ID); - for(i=0;iSocket, "401 Auth Failure\n"); + // Pass on to cokebank + int uid = Bank_GetUserAuth(Client->Salt, Client->Username, passhash); + if( uid < 0 ) { + if(giDebugLevel) + Debug(Client, "Unknown user '%s'", Client->Username); + sendf(Client->Socket, "403 Authentication failure: unknown account\n"); + return ; + } + if( ! authenticate(Client, uid, Client->Username) ) + { + return; + } + sendf(Client->Socket, "200 Auth OK\n"); } /** @@ -361,46 +576,242 @@ void Server_Cmd_PASS(tClient *Client, char *Args) */ void Server_Cmd_AUTOAUTH(tClient *Client, char *Args) { - char *spos = strchr(Args, ' '); - if(spos) *spos = '\0'; // Remove characters after the ' ' + char *username; + + if( Server_int_ParseArgs(0, Args, &username, NULL) ) + { + sendf(Client->Socket, "407 AUTOAUTH takes 1 argument\n"); + return ; + } // Check if trusted - if( !Client->bIsTrusted ) { + if( !Client->bCanAutoAuth ) { if(giDebugLevel) - printf("Client %i: Untrusted client attempting to AUTOAUTH\n", Client->ID); + Debug(Client, "Untrusted client attempting to AUTOAUTH"); sendf(Client->Socket, "401 Untrusted\n"); return ; } // Get UID - Client->UID = GetUserID( Args ); - if( Client->UID < 0 ) { + int uid = Bank_GetAcctByName( username, /*bCreate=*/0 ); + if( uid < 0 ) { if(giDebugLevel) - printf("Client %i: Unknown user '%s'\n", Client->ID, Args); - sendf(Client->Socket, "401 Auth Failure\n"); + Debug(Client, "Unknown user '%s'", username); + sendf(Client->Socket, "403 Authentication failure: unknown account\n"); return ; } + if( ! authenticate(Client, uid, username) ) + { + return; + } - if(giDebugLevel) - printf("Client %i: Authenticated as '%s' (%i)\n", Client->ID, Args, Client->UID); - sendf(Client->Socket, "200 Auth OK\n"); } +/** + * \brief Authenticate as a user using the IDENT protocol + * + * Usage: AUTHIDENT + */ +void Server_Cmd_AUTHIDENT(tClient *Client, char *Args) +{ + char *username; + const int IDENT_TIMEOUT = 5; + + if( Args != NULL && strlen(Args) ) { + sendf(Client->Socket, "407 AUTHIDENT takes no arguments\n"); + return ; + } + + // Check if trusted + if( !Client->bTrustedHost ) { + if(giDebugLevel) + Debug(Client, "Untrusted client attempting to AUTHIDENT"); + sendf(Client->Socket, "401 Untrusted\n"); + return ; + } + + // Get username via IDENT + username = ident_id(Client->Socket, IDENT_TIMEOUT); + if( !username ) { + perror("AUTHIDENT - IDENT timed out"); + sendf(Client->Socket, "403 Authentication failure: IDENT auth timed out\n"); + return ; + } + + int uid = Bank_GetAcctByName(username, /*bCreate=*/0); + if( uid < 0 ) { + if(giDebugLevel) + Debug(Client, "Unknown user '%s'", username); + sendf(Client->Socket, "403 Authentication failure: unknown account\n"); + free(username); + return ; + } + if( ! authenticate(Client, uid, username) ) + { + free(username); + return ; + } + free(username); + + sendf(Client->Socket, "200 Auth OK\n"); +} + +void Server_Cmd_AUTHCARD(tClient* Client, char *Args) +{ + char* card_id; + if( Server_int_ParseArgs(0, Args, &card_id, NULL) ) + { + sendf(Client->Socket, "407 AUTHCARD takes 1 argument\n"); + return ; + } + + // Check if trusted (has to be root) + if( Client->UID != 1 ) + { + if(giDebugLevel) + Debug(Client, "Attempting to use AUTHCARD as non-root"); + sendf(Client->Socket, "401 Untrusted\n"); + return ; + } + + CLIENT_DEBUG(Client, "MIFARE auth with '%s'", card_id); + int uid = Bank_GetAcctByCard(card_id); + if( uid < 0 ) + { + if(giDebugLevel) + Debug(Client, "Unknown MIFARE '%s'", card_id); + sendf(Client->Socket, "403 Authentication failure: unknown MIFARE ID\n"); + return ; + } + if( ! authenticate(Client, uid, NULL) ) + { + return ; + } + + sendf(Client->Socket, "200 Auth Ok, username=%s\n", Client->Username); +} + +/** + * \brief Set effective user + */ +void Server_Cmd_SETEUSER(tClient *Client, char *Args) +{ + char *username; + int eUserFlags, userFlags; + + if( Server_int_ParseArgs(0, Args, &username, NULL) ) + { + sendf(Client->Socket, "407 SETEUSER takes 1 argument\n"); + return ; + } + + if( !strlen(Args) ) { + sendf(Client->Socket, "407 SETEUSER expects an argument\n"); + return ; + } + + // Check authentication + if( !Client->bIsAuthed ) { + sendf(Client->Socket, "401 Not Authenticated\n"); + return ; + } + + // Check user permissions + userFlags = Bank_GetFlags(Client->UID); + if( !(userFlags & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) { + sendf(Client->Socket, "403 Not in coke\n"); + return ; + } + + // Set id + Client->EffectiveUID = Bank_GetAcctByName(username, 0); + if( Client->EffectiveUID == -1 ) { + sendf(Client->Socket, "404 User not found\n"); + return ; + } + // You can't be an internal account (unless you're an admin) + if( !(userFlags & USER_FLAG_ADMIN) ) + { + eUserFlags = Bank_GetFlags(Client->EffectiveUID); + if( eUserFlags & USER_FLAG_INTERNAL ) { + Client->EffectiveUID = -1; + sendf(Client->Socket, "404 User not found\n"); + return ; + } + } + + // Disabled accounts + // - If disabled and the actual user is not an admin (and not root) + // return 403 + if( (eUserFlags & USER_FLAG_DISABLED) && (Client->UID == 0 || !(userFlags & USER_FLAG_ADMIN)) ) { + Client->EffectiveUID = -1; + sendf(Client->Socket, "403 Account disabled\n"); + return ; + } + + sendf(Client->Socket, "200 User set\n"); +} + +/** + * \brief Send an item status to the client + * \param Client Who to? + * \param Item Item to send + */ +void Server_int_SendItem(tClient *Client, tItem *Item) +{ + char *status = "avail"; + + if( Item->Handler->CanDispense ) + { + switch(Item->Handler->CanDispense(Client->UID, Item->ID)) + { + case 0: status = "avail"; break; + case 1: status = "sold"; break; + default: + case -1: status = "error"; break; + } + } + + if( !gbNoCostMode && Item->Price == 0 ) + status = "error"; + // KNOWN HACK: Naming a slot 'dead' disables it + if( strcmp(Item->Name, "dead") == 0 ) + status = "sold"; // Another status? + + sendf(Client->Socket, + "202 Item %s:%i %s %i %s\n", + Item->Handler->Name, Item->ID, status, Item->Price, Item->Name + ); +} + /** * \brief Enumerate the items that the server knows about */ void Server_Cmd_ENUMITEMS(tClient *Client, char *Args) { - int i; + int i, count; - sendf(Client->Socket, "201 Items %i", giNumItems); + if( Args != NULL && strlen(Args) ) { + sendf(Client->Socket, "407 ENUM_ITEMS takes no arguments\n"); + return ; + } + + // Count shown items + count = 0; + for( i = 0; i < giNumItems; i ++ ) { + if( gaItems[i].bHidden ) continue; + count ++; + } + + sendf(Client->Socket, "201 Items %i\n", count); for( i = 0; i < giNumItems; i ++ ) { - sendf(Client->Socket, " %s:%i", gaItems[i].Handler->Name, gaItems[i].ID); + if( gaItems[i].bHidden ) continue; + Server_int_SendItem( Client, &gaItems[i] ); } - sendf(Client->Socket, "\n"); + sendf(Client->Socket, "200 List end\n"); } tItem *_GetItemFromString(char *String) @@ -442,141 +853,298 @@ tItem *_GetItemFromString(char *String) /** * \brief Fetch information on a specific item + * + * Usage: ITEMINFO */ void Server_Cmd_ITEMINFO(tClient *Client, char *Args) { - tItem *item = _GetItemFromString(Args); + tItem *item; + char *itemname; + + if( Server_int_ParseArgs(0, Args, &itemname, NULL) ) { + sendf(Client->Socket, "407 ITEMINFO takes 1 argument\n"); + return ; + } + item = _GetItemFromString(Args); if( !item ) { sendf(Client->Socket, "406 Bad Item ID\n"); return ; } - sendf(Client->Socket, - "202 Item %s:%i %i %s\n", - item->Handler->Name, item->ID, item->Price, item->Name - ); + Server_int_SendItem( Client, item ); } +/** + * \brief Dispense an item + * + * Usage: DISPENSE + */ void Server_Cmd_DISPENSE(tClient *Client, char *Args) { tItem *item; int ret; + int uid; + char *itemname; + + if( Server_int_ParseArgs(0, Args, &itemname, NULL) ) { + sendf(Client->Socket, "407 DISPENSE takes only 1 argument\n"); + return ; + } + if( !Client->bIsAuthed ) { sendf(Client->Socket, "401 Not Authenticated\n"); return ; } - item = _GetItemFromString(Args); + item = _GetItemFromString(itemname); if( !item ) { sendf(Client->Socket, "406 Bad Item ID\n"); return ; } + + if( Client->EffectiveUID != -1 ) { + uid = Client->EffectiveUID; + } + else { + uid = Client->UID; + } - switch( ret = DispenseItem( Client->UID, item ) ) +// if( Bank_GetFlags(Client->UID) & USER_FLAG_DISABLED ) { +// } + + switch( ret = DispenseItem( Client->UID, uid, item ) ) { case 0: sendf(Client->Socket, "200 Dispense OK\n"); return ; case 1: sendf(Client->Socket, "501 Unable to dispense\n"); return ; case 2: sendf(Client->Socket, "402 Poor You\n"); return ; default: - sendf(Client->Socket, "500 Dispense Error\n"); + sendf(Client->Socket, "500 Dispense Error (%i)\n", ret); return ; } } -void Server_Cmd_GIVE(tClient *Client, char *Args) +/** + * \brief Refund an item to a user + * + * Usage: REFUND [] + */ +void Server_Cmd_REFUND(tClient *Client, char *Args) { - char *recipient, *ammount, *reason; - int uid, iAmmount; - - if( !Client->bIsAuthed ) { - sendf(Client->Socket, "401 Not Authenticated\n"); - return ; - } + tItem *item; + int uid, price_override = 0; + char *username, *itemname, *price_str; - recipient = Args; + if( Server_int_ParseArgs(0, Args, &username, &itemname, &price_str, NULL) ) { + if( !itemname || price_str ) { + sendf(Client->Socket, "407 REFUND takes 2 or 3 arguments\n"); + return ; + } + } - ammount = strchr(Args, ' '); - if( !ammount ) { - sendf(Client->Socket, "407 Invalid Argument, expected 3 parameters, 1 encountered\n"); + if( !Client->bIsAuthed ) { + sendf(Client->Socket, "401 Not Authenticated\n"); return ; } - *ammount = '\0'; - ammount ++; - reason = strchr(ammount, ' '); - if( !reason ) { - sendf(Client->Socket, "407 Invalid Argument, expected 3 parameters, 2 encountered\n"); + // Check user permissions + if( !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) { + sendf(Client->Socket, "403 Not in coke\n"); return ; } - *reason = '\0'; - reason ++; - // Get recipient - uid = GetUserID(recipient); + uid = Bank_GetAcctByName(username, 0); if( uid == -1 ) { - sendf(Client->Socket, "404 Invalid target user"); + sendf(Client->Socket, "404 Unknown user\n"); return ; } - - // Parse ammount - iAmmount = atoi(ammount); - if( iAmmount <= 0 ) { - sendf(Client->Socket, "407 Invalid Argument, ammount must be > zero\n"); + + item = _GetItemFromString(itemname); + if( !item ) { + sendf(Client->Socket, "406 Bad Item ID\n"); return ; } - // Do give - switch( DispenseGive(Client->UID, uid, iAmmount, reason) ) + if( price_str ) + price_override = atoi(price_str); + + switch( DispenseRefund( Client->UID, uid, item, price_override ) ) { - case 0: - sendf(Client->Socket, "200 Give OK\n"); - return ; - case 2: - sendf(Client->Socket, "402 Poor You\n"); - return ; + case 0: sendf(Client->Socket, "200 Item Refunded\n"); return ; default: - sendf(Client->Socket, "500 Unknown error\n"); - return ; + sendf(Client->Socket, "500 Dispense Error\n"); + return; } } -void Server_Cmd_ADD(tClient *Client, char *Args) +/** + * \brief Transfer money to another account + * + * Usage: GIVE + */ +void Server_Cmd_GIVE(tClient *Client, char *Args) { - char *user, *ammount, *reason; + char *recipient, *ammount, *reason; int uid, iAmmount; + int thisUid; + + // Parse arguments + if( Server_int_ParseArgs(1, Args, &recipient, &ammount, &reason, NULL) ) { + sendf(Client->Socket, "407 GIVE takes only 3 arguments\n"); + return ; + } + + // Check for authed + if( !Client->bIsAuthed ) { + sendf(Client->Socket, "401 Not Authenticated\n"); + return ; + } + + // Get recipient + uid = Bank_GetAcctByName(recipient, 0); + if( uid == -1 ) { + sendf(Client->Socket, "404 Invalid target user\n"); + return ; + } + + // You can't alter an internal account +// if( Bank_GetFlags(uid) & USER_FLAG_INTERNAL ) { +// sendf(Client->Socket, "404 Invalid target user\n"); +// return ; +// } + + // Parse ammount + iAmmount = atoi(ammount); + if( iAmmount <= 0 ) { + sendf(Client->Socket, "407 Invalid Argument, ammount must be > zero\n"); + return ; + } + + if( Client->EffectiveUID != -1 ) { + thisUid = Client->EffectiveUID; + } + else { + thisUid = Client->UID; + } + + // Do give + switch( DispenseGive(Client->UID, thisUid, uid, iAmmount, reason) ) + { + case 0: + sendf(Client->Socket, "200 Give OK\n"); + return ; + case 2: + sendf(Client->Socket, "402 Poor You\n"); + return ; + default: + sendf(Client->Socket, "500 Unknown error\n"); + return ; + } +} + +void Server_Cmd_DONATE(tClient *Client, char *Args) +{ + char *ammount, *reason; + int iAmmount; + int thisUid; + + // Parse arguments + if( Server_int_ParseArgs(1, Args, &ammount, &reason, NULL) ) { + sendf(Client->Socket, "407 DONATE takes 2 arguments\n"); + return ; + } if( !Client->bIsAuthed ) { sendf(Client->Socket, "401 Not Authenticated\n"); return ; } - user = Args; + // Parse ammount + iAmmount = atoi(ammount); + if( iAmmount <= 0 ) { + sendf(Client->Socket, "407 Invalid Argument, ammount must be > zero\n"); + return ; + } + + // Handle effective users + if( Client->EffectiveUID != -1 ) { + thisUid = Client->EffectiveUID; + } + else { + thisUid = Client->UID; + } - ammount = strchr(Args, ' '); - if( !ammount ) { - sendf(Client->Socket, "407 Invalid Argument, expected 3 parameters, 1 encountered\n"); + // Do give + switch( DispenseDonate(Client->UID, thisUid, iAmmount, reason) ) + { + case 0: + sendf(Client->Socket, "200 Give OK\n"); + return ; + case 2: + sendf(Client->Socket, "402 Poor You\n"); + return ; + default: + sendf(Client->Socket, "500 Unknown error\n"); return ; } - *ammount = '\0'; - ammount ++; +} - reason = strchr(ammount, ' '); - if( !reason ) { - sendf(Client->Socket, "407 Invalid Argument, expected 3 parameters, 2 encountered\n"); +void Server_Cmd_ADD(tClient *Client, char *Args) +{ + char *user, *ammount, *reason; + int uid, iAmmount; + + // Parse arguments + if( Server_int_ParseArgs(1, Args, &user, &ammount, &reason, NULL) ) { + sendf(Client->Socket, "407 ADD takes 3 arguments\n"); + return ; + } + + if( !Client->bIsAuthed ) { + sendf(Client->Socket, "401 Not Authenticated\n"); return ; } - *reason = '\0'; - reason ++; - // TODO: Check if the current user is in coke/higher + // Check user permissions + if( !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) { + sendf(Client->Socket, "403 Not in coke\n"); + return ; + } + + #if !ROOT_CAN_ADD + if( strcmp( Client->Username, "root" ) == 0 ) { + // Allow adding for new users + if( strcmp(reason, "treasurer: new user") != 0 ) { + sendf(Client->Socket, "403 Root may not add\n"); + return ; + } + } + #endif + + #if HACK_NO_REFUNDS + if( strstr(reason, "refund") != NULL || strstr(reason, "misdispense") != NULL ) + { + sendf(Client->Socket, "499 Don't use `dispense acct` for refunds, use `dispense refund` (and `dispense -G` to get item IDs)\n"); + return ; + } + #endif // Get recipient - uid = GetUserID(user); + uid = Bank_GetAcctByName(user, 0); if( uid == -1 ) { - sendf(Client->Socket, "404 Invalid user"); + sendf(Client->Socket, "404 Invalid user\n"); return ; } + + // You can't alter an internal account + if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) ) + { + if( Bank_GetFlags(uid) & USER_FLAG_INTERNAL ) { + sendf(Client->Socket, "403 Admin only\n"); + return ; + } + // TODO: Maybe disallow changes to disabled? + } // Parse ammount iAmmount = atoi(ammount); @@ -586,7 +1154,7 @@ void Server_Cmd_ADD(tClient *Client, char *Args) } // Do give - switch( DispenseAdd(uid, Client->UID, iAmmount, reason) ) + switch( DispenseAdd(Client->UID, uid, iAmmount, reason) ) { case 0: sendf(Client->Socket, "200 Add OK\n"); @@ -600,19 +1168,191 @@ void Server_Cmd_ADD(tClient *Client, char *Args) } } +void Server_Cmd_SET(tClient *Client, char *Args) +{ + char *user, *ammount, *reason; + int uid, iAmmount; + + // Parse arguments + if( Server_int_ParseArgs(1, Args, &user, &ammount, &reason, NULL) ) { + sendf(Client->Socket, "407 SET takes 3 arguments\n"); + return ; + } + + if( !Client->bIsAuthed ) { + sendf(Client->Socket, "401 Not Authenticated\n"); + return ; + } + + // Check user permissions + if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) ) { + sendf(Client->Socket, "403 Not an admin\n"); + return ; + } + + // Get recipient + uid = Bank_GetAcctByName(user, 0); + if( uid == -1 ) { + sendf(Client->Socket, "404 Invalid user\n"); + return ; + } + + // Parse ammount + iAmmount = atoi(ammount); + if( iAmmount == 0 && ammount[0] != '0' ) { + sendf(Client->Socket, "407 Invalid Argument\n"); + return ; + } + + int origBalance, rv; + // Do give + switch( rv = DispenseSet(Client->UID, uid, iAmmount, reason, &origBalance) ) + { + case 0: + sendf(Client->Socket, "200 Add OK (%i)\n", origBalance); + return ; + default: + sendf(Client->Socket, "500 Unknown error (%i)\n", rv); + return ; + } +} + void Server_Cmd_ENUMUSERS(tClient *Client, char *Args) { int i, numRet = 0; + tAcctIterator *it; int maxBal = INT_MAX, minBal = INT_MIN; - int numUsr = GetMaxID(); + int flagMask = 0, flagVal = 0; + int sort = BANK_ITFLAG_SORT_NAME; + time_t lastSeenAfter=0, lastSeenBefore=0; + + int flags; // Iterator flags + int balValue; // Balance value for iterator + time_t timeValue; // Time value for iterator // Parse arguments - //minBal = atoi(Args); + if( Args && strlen(Args) ) + { + char *space = Args, *type, *val; + do + { + type = space; + while(*type == ' ') type ++; + // Get next space + space = strchr(space, ' '); + if(space) *space = '\0'; + + // Get type + val = strchr(type, ':'); + if( val ) { + *val = '\0'; + val ++; + + // Types + // - Minium Balance + if( strcmp(type, "min_balance") == 0 ) { + minBal = atoi(val); + } + // - Maximum Balance + else if( strcmp(type, "max_balance") == 0 ) { + maxBal = atoi(val); + } + // - Flags + else if( strcmp(type, "flags") == 0 ) { + if( Server_int_ParseFlags(Client, val, &flagMask, &flagVal) ) + return ; + } + // - Last seen before timestamp + else if( strcmp(type, "last_seen_before") == 0 ) { + lastSeenAfter = atoll(val); + } + // - Last seen after timestamp + else if( strcmp(type, "last_seen_after") == 0 ) { + lastSeenAfter = atoll(val); + } + // - Sorting + else if( strcmp(type, "sort") == 0 ) { + char *dash = strchr(val, '-'); + if( dash ) { + *dash = '\0'; + dash ++; + } + if( strcmp(val, "name") == 0 ) { + sort = BANK_ITFLAG_SORT_NAME; + } + else if( strcmp(val, "balance") == 0 ) { + sort = BANK_ITFLAG_SORT_BAL; + } + else if( strcmp(val, "lastseen") == 0 ) { + sort = BANK_ITFLAG_SORT_LASTSEEN; + } + else { + sendf(Client->Socket, "407 Unknown sort field ('%s')\n", val); + return ; + } + // Handle sort direction + if( dash ) { + if( strcmp(dash, "desc") == 0 ) { + sort |= BANK_ITFLAG_REVSORT; + } + else { + sendf(Client->Socket, "407 Unknown sort direction '%s'\n", dash); + return ; + } + dash[-1] = '-'; + } + } + else { + sendf(Client->Socket, "407 Unknown argument to ENUM_USERS '%s:%s'\n", type, val); + return ; + } + + val[-1] = ':'; + } + else { + sendf(Client->Socket, "407 Unknown argument to ENUM_USERS '%s'\n", type); + return ; + } + + // Eat whitespace + if( space ) { + *space = ' '; // Repair (to be nice) + space ++; + while(*space == ' ') space ++; + } + } while(space); + } + + // Create iterator + if( maxBal != INT_MAX ) { + flags = sort|BANK_ITFLAG_MAXBALANCE; + balValue = maxBal; + } + else if( minBal != INT_MIN ) { + flags = sort|BANK_ITFLAG_MINBALANCE; + balValue = minBal; + } + else { + flags = sort; + balValue = 0; + } + if( lastSeenBefore ) { + timeValue = lastSeenBefore; + flags |= BANK_ITFLAG_SEENBEFORE; + } + else if( lastSeenAfter ) { + timeValue = lastSeenAfter; + flags |= BANK_ITFLAG_SEENAFTER; + } + else { + timeValue = 0; + } + it = Bank_Iterator(flagMask, flagVal, flags, balValue, timeValue); // Get return number - for( i = 0; i < numUsr; i ++ ) + while( (i = Bank_IteratorNext(it)) != -1 ) { - int bal = GetBalance(i); + int bal = Bank_GetBalance(i); if( bal == INT_MIN ) continue; @@ -622,87 +1362,338 @@ void Server_Cmd_ENUMUSERS(tClient *Client, char *Args) numRet ++; } + Bank_DelIterator(it); + // Send count sendf(Client->Socket, "201 Users %i\n", numRet); - for( i = 0; i < numUsr; i ++ ) + + // Create iterator + it = Bank_Iterator(flagMask, flagVal, flags, balValue, timeValue); + + while( (i = Bank_IteratorNext(it)) != -1 ) { - int bal = GetBalance(i); + int bal = Bank_GetBalance(i); if( bal == INT_MIN ) continue; if( bal < minBal ) continue; if( bal > maxBal ) continue; - // TODO: User flags - sendf(Client->Socket, "202 User %s %i user\n", GetUserName(i), GetBalance(i)); + _SendUserInfo(Client, i); } + Bank_DelIterator(it); + sendf(Client->Socket, "200 List End\n"); } void Server_Cmd_USERINFO(tClient *Client, char *Args) { int uid; - char *user = Args; - char *space; + char *user; - space = strchr(user, ' '); - if(space) *space = '\0'; + // Parse arguments + if( Server_int_ParseArgs(0, Args, &user, NULL) ) { + sendf(Client->Socket, "407 USER_INFO takes 1 argument\n"); + return ; + } + + if( giDebugLevel ) Debug(Client, "User Info '%s'", user); // Get recipient - uid = GetUserID(user); + uid = Bank_GetAcctByName(user, 0); + + if( giDebugLevel >= 2 ) Debug(Client, "uid = %i", uid); if( uid == -1 ) { - sendf(Client->Socket, "404 Invalid user"); + sendf(Client->Socket, "404 Invalid user\n"); return ; } + + _SendUserInfo(Client, uid); +} +void _SendUserInfo(tClient *Client, int UserID) +{ + char *type, *disabled="", *door=""; + int flags = Bank_GetFlags(UserID); + + if( flags & USER_FLAG_INTERNAL ) { + type = "internal"; + } + else if( flags & USER_FLAG_COKE ) { + if( flags & USER_FLAG_ADMIN ) + type = "coke,admin"; + else + type = "coke"; + } + else if( flags & USER_FLAG_ADMIN ) { + type = "admin"; + } + else { + type = "user"; + } + + if( flags & USER_FLAG_DISABLED ) + disabled = ",disabled"; + if( flags & USER_FLAG_DOORGROUP ) + door = ",door"; + // TODO: User flags/type - sendf(Client->Socket, "202 User %s %i user\n", user, GetBalance(uid)); + sendf( + Client->Socket, "202 User %s %i %s%s%s\n", + Bank_GetAcctName(UserID), Bank_GetBalance(UserID), + type, disabled, door + ); } -/** - * \brief Authenticate a user - * \return User ID, or -1 if authentication failed - */ -int GetUserAuth(const char *Salt, const char *Username, const uint8_t *ProvidedHash) +void Server_Cmd_USERADD(tClient *Client, char *Args) { - #if 0 - uint8_t h[20]; - int ofs = strlen(Username) + strlen(Salt); - char input[ ofs + 40 + 1]; - char tmp[4 + strlen(Username) + 1]; // uid=%s - #endif + char *username; - #if HACK_TPG_NOAUTH - if( strcmp(Username, "tpg") == 0 ) - return GetUserID("tpg"); - #endif - #if HACK_ROOT_NOAUTH - if( strcmp(Username, "root") == 0 ) - return GetUserID("root"); - #endif + // Parse arguments + if( Server_int_ParseArgs(0, Args, &username, NULL) ) { + sendf(Client->Socket, "407 USER_ADD takes 1 argument\n"); + return ; + } - #if 0 - // - strcpy(input, Username); - strcpy(input, Salt); - // TODO: Get user's SHA-1 hash - sprintf(tmp, "uid=%s", Username); - ldap_search_s(ld, "", LDAP_SCOPE_BASE, tmp, "userPassword", 0, res); - - sprintf(input+ofs, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", - h[ 0], h[ 1], h[ 2], h[ 3], h[ 4], h[ 5], h[ 6], h[ 7], h[ 8], h[ 9], - h[10], h[11], h[12], h[13], h[14], h[15], h[16], h[17], h[18], h[19] - ); - // Then create the hash from the provided salt - // Compare that with the provided hash - #endif + // Check authentication + if( !Client->bIsAuthed ) { + sendf(Client->Socket, "401 Not Authenticated\n"); + return ; + } + + // Check permissions + if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) ) { + sendf(Client->Socket, "403 Not a coke admin\n"); + return ; + } + + // Try to create user + if( Bank_CreateAcct(username) == -1 ) { + sendf(Client->Socket, "404 User exists\n"); + return ; + } + + { + char *thisName = Bank_GetAcctName(Client->UID); + Log_Info("Account '%s' created by '%s'", username, thisName); + free(thisName); + } + + sendf(Client->Socket, "200 User Added\n"); +} + +void Server_Cmd_USERFLAGS(tClient *Client, char *Args) +{ + char *username, *flags, *reason=NULL; + int mask=0, value=0; + int uid; + + // Parse arguments + if( Server_int_ParseArgs(1, Args, &username, &flags, &reason, NULL) ) { + if( !flags ) { + sendf(Client->Socket, "407 USER_FLAGS takes at least 2 arguments\n"); + return ; + } + reason = ""; + } + + // Check authentication + if(!require_auth(Client)) return; + + // Check permissions + if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) ) { + sendf(Client->Socket, "403 Not a coke admin\n"); + return ; + } + + // Get UID + uid = Bank_GetAcctByName(username, 0); + if( uid == -1 ) { + sendf(Client->Socket, "404 User '%s' not found\n", username); + return ; + } + + // Parse flags + if( Server_int_ParseFlags(Client, flags, &mask, &value) ) + return ; + + if( giDebugLevel ) + Debug(Client, "Set %i(%s) flags to %x (masked %x)\n", + uid, username, mask, value); + + // Apply flags + Bank_SetFlags(uid, mask, value); + + // Log the change + Log_Info("Updated '%s' with flag set '%s' by '%s' - Reason: %s", + username, flags, Client->Username, reason); + + // Return OK + sendf(Client->Socket, "200 User Updated\n"); +} + +void Server_Cmd_UPDATEITEM(tClient *Client, char *Args) +{ + char *itemname, *price_str, *description; + int price; + tItem *item; + + if( Server_int_ParseArgs(1, Args, &itemname, &price_str, &description, NULL) ) { + sendf(Client->Socket, "407 UPDATE_ITEM takes 3 arguments\n"); + return ; + } + + if(!require_auth(Client)) return; + + // Check user permissions + if( !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) { + sendf(Client->Socket, "403 Not in coke\n"); + return ; + } + + item = _GetItemFromString(itemname); + if( !item ) { + // TODO: Create item? + sendf(Client->Socket, "406 Bad Item ID\n"); + return ; + } + + price = atoi(price_str); + if( price <= 0 && price_str[0] != '0' ) { + sendf(Client->Socket, "407 Invalid price set\n"); + } + + switch( DispenseUpdateItem( Client->UID, item, description, price ) ) + { + case 0: + // Return OK + sendf(Client->Socket, "200 Item updated\n"); + break; + default: + break; + } +} + +void Server_Cmd_PINCHECK(tClient *Client, char *Args) +{ + char *username, *pinstr; + int pin; + + if( Server_int_ParseArgs(0, Args, &username, &pinstr, NULL) ) { + sendf(Client->Socket, "407 PIN_CHECK takes 2 arguments\n"); + return ; + } + + if( !isdigit(pinstr[0]) || !isdigit(pinstr[1]) || !isdigit(pinstr[2]) || !isdigit(pinstr[3]) || pinstr[4] != '\0' ) { + sendf(Client->Socket, "407 PIN should be four digits\n"); + return ; + } + pin = atoi(pinstr); + + if(!require_auth(Client)) return; + + // Get user + int uid = Bank_GetAcctByName(username, 0); + if( uid == -1 ) { + sendf(Client->Socket, "404 User '%s' not found\n", username); + return ; + } + + // Check user permissions + if( uid != Client->UID && !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) { + sendf(Client->Socket, "403 Not in coke\n"); + return ; + } + + // Get the pin + static time_t last_wrong_pin_time; + static int backoff = 1; + if( time(NULL) - last_wrong_pin_time < backoff ) { + sendf(Client->Socket, "407 Rate limited (%i seconds remaining)\n", + backoff - (time(NULL) - last_wrong_pin_time)); + return ; + } + last_wrong_pin_time = time(NULL); + if( !Bank_IsPinValid(uid, pin) ) + { + sendf(Client->Socket, "401 Pin incorrect\n"); + struct sockaddr_storage addr; + socklen_t len = sizeof(addr); + char ipstr[INET6_ADDRSTRLEN]; + getpeername(Client->Socket, (void*)&addr, &len); + struct sockaddr_in *s = (struct sockaddr_in *)&addr; + inet_ntop(addr.ss_family, &s->sin_addr, ipstr, sizeof(ipstr)); + Debug_Notice("Bad pin from %s for %s by %i", ipstr, username, Client->UID); + if( backoff < 5) + backoff ++; + return ; + } + + last_wrong_pin_time = 0; + backoff = 1; + sendf(Client->Socket, "200 Pin correct\n"); + return ; +} +void Server_Cmd_PINSET(tClient *Client, char *Args) +{ + char *pinstr; + int pin; + + + if( Server_int_ParseArgs(0, Args, &pinstr, NULL) ) { + sendf(Client->Socket, "407 PIN_SET takes 1 argument\n"); + return ; + } + + if( !isdigit(pinstr[0]) || !isdigit(pinstr[1]) || !isdigit(pinstr[2]) || !isdigit(pinstr[3]) || pinstr[4] != '\0' ) { + sendf(Client->Socket, "407 PIN should be four digits\n"); + return ; + } + pin = atoi(pinstr); + + if(!require_auth(Client)) return; - return -1; + int uid = Client->EffectiveUID > 0 ? Client->EffectiveUID : Client->UID; + CLIENT_DEBUG(Client, "Setting PIN for UID %i", uid); + // Can only pinset yourself (well, the effective user) + Bank_SetPin(uid, pin); + sendf(Client->Socket, "200 Pin updated\n"); + return ; +} +void Server_Cmd_CARDADD(tClient* Client, char* Args) +{ + char* card_id; + if( Server_int_ParseArgs(0, Args, &card_id, NULL) ) { + sendf(Client->Socket, "407 CARD_ADD takes 1 argument\n"); + return ; + } + + if(!require_auth(Client)) return; + + int uid = Client->EffectiveUID > 0 ? Client->EffectiveUID : Client->UID; + CLIENT_DEBUG(Client, "Add card '%s' to UID %i", card_id, uid); + if( Bank_AddAcctCard(uid, card_id) ) + { + sendf(Client->Socket, "408 Card already exists\n"); + return ; + } + sendf(Client->Socket, "200 Card added\n"); } // --- INTERNAL HELPERS --- +void Debug(tClient *Client, const char *Format, ...) +{ + va_list args; + //printf("%010i [%i] ", (int)time(NULL), Client->ID); + printf("[%i] ", Client->ID); + va_start(args, Format); + vprintf(Format, args); + va_end(args); + printf("\n"); +} + int sendf(int Socket, const char *Format, ...) { va_list args; @@ -726,79 +1717,145 @@ int sendf(int Socket, const char *Format, ...) } } -// TODO: Move to another file -void HexBin(uint8_t *Dest, char *Src, int BufSize) +// Takes a series of char *'s in +/** + * \brief Parse space-separated entries into + */ +int Server_int_ParseArgs(int bUseLongLast, char *ArgStr, ...) { - int i; - for( i = 0; i < BufSize; i ++ ) + va_list args; + char savedChar; + char **dest; + va_start(args, ArgStr); + + // Check for null + if( !ArgStr ) { - uint8_t val = 0; + while( (dest = va_arg(args, char **)) ) + *dest = NULL; + va_end(args); + return 1; + } + + savedChar = *ArgStr; + + while( (dest = va_arg(args, char **)) ) + { + // Trim leading spaces + while( *ArgStr == ' ' || *ArgStr == '\t' ) + ArgStr ++; - if('0' <= *Src && *Src <= '9') - val |= (*Src-'0') << 4; - else if('A' <= *Src && *Src <= 'F') - val |= (*Src-'A'+10) << 4; - else if('a' <= *Src && *Src <= 'f') - val |= (*Src-'a'+10) << 4; - else - break; - Src ++; + // ... oops, not enough arguments + if( *ArgStr == '\0' ) + { + // NULL unset arguments + do { + *dest = NULL; + } while( (dest = va_arg(args, char **)) ); + va_end(args); + return -1; + } - if('0' <= *Src && *Src <= '9') - val |= (*Src-'0'); - else if('A' <= *Src && *Src <= 'F') - val |= (*Src-'A'+10); - else if('a' <= *Src && *Src <= 'f') - val |= (*Src-'a'+10); + if( *ArgStr == '"' ) + { + ArgStr ++; + *dest = ArgStr; + // Read until quote + while( *ArgStr && *ArgStr != '"' ) + ArgStr ++; + } else - break; - Src ++; - - Dest[i] = val; + { + // Set destination + *dest = ArgStr; + // Read until a space + while( *ArgStr && *ArgStr != ' ' && *ArgStr != '\t' ) + ArgStr ++; + } + savedChar = *ArgStr; // savedChar is used to un-mangle the last string + *ArgStr = '\0'; + ArgStr ++; } - for( ; i < BufSize; i++ ) - Dest[i] = 0; + va_end(args); + + // Oops, extra arguments, and greedy not set + if( (savedChar == ' ' || savedChar == '\t') && !bUseLongLast ) { + return -1; + } + + // Un-mangle last + if(bUseLongLast) { + ArgStr --; + *ArgStr = savedChar; + } + + return 0; // Success! } -/** - * \brief Decode a Base64 value - */ -int UnBase64(uint8_t *Dest, char *Src, int BufSize) -{ - uint32_t val; - int i, j; - char *start_src = Src; - - for( i = 0; i+2 < BufSize; i += 3 ) - { - val = 0; - for( j = 0; j < 4; j++, Src ++ ) { - if('A' <= *Src && *Src <= 'Z') - val |= (*Src - 'A') << ((3-j)*6); - else if('a' <= *Src && *Src <= 'z') - val |= (*Src - 'a' + 26) << ((3-j)*6); - else if('0' <= *Src && *Src <= '9') - val |= (*Src - '0' + 52) << ((3-j)*6); - else if(*Src == '+') - val |= 62 << ((3-j)*6); - else if(*Src == '/') - val |= 63 << ((3-j)*6); - else if(!*Src) +int Server_int_ParseFlags(tClient *Client, const char *Str, int *Mask, int *Value) +{ + struct { + const char *Name; + int Mask; + int Value; + } cFLAGS[] = { + {"disabled", USER_FLAG_DISABLED, USER_FLAG_DISABLED} + ,{"door", USER_FLAG_DOORGROUP, USER_FLAG_DOORGROUP} + ,{"coke", USER_FLAG_COKE, USER_FLAG_COKE} + ,{"admin", USER_FLAG_ADMIN, USER_FLAG_ADMIN} + ,{"internal", USER_FLAG_INTERNAL, USER_FLAG_INTERNAL} + }; + const int ciNumFlags = sizeof(cFLAGS)/sizeof(cFLAGS[0]); + + char *space; + + *Mask = 0; + *Value = 0; + + do { + int bRemove = 0; + int i; + int len; + + while( *Str == ' ' ) Str ++; // Eat whitespace + space = strchr(Str, ','); // Find the end of the flag + if(space) + len = space - Str; + else + len = strlen(Str); + + // Check for inversion/removal + if( *Str == '!' || *Str == '-' ) { + bRemove = 1; + Str ++; + } + else if( *Str == '+' ) { + Str ++; + } + + // Check flag values + for( i = 0; i < ciNumFlags; i ++ ) + { + if( strncmp(Str, cFLAGS[i].Name, len) == 0 ) { + *Mask |= cFLAGS[i].Mask; + *Value &= ~cFLAGS[i].Mask; + if( !bRemove ) + *Value |= cFLAGS[i].Value; break; - else if(*Src != '=') - j --; // Ignore invalid characters + } } - Dest[i ] = (val >> 16) & 0xFF; - Dest[i+1] = (val >> 8) & 0xFF; - Dest[i+2] = val & 0xFF; - if(j != 4) break; - } - - // Finish things off - if(i < BufSize) - Dest[i] = (val >> 16) & 0xFF; - if(i+1 < BufSize) - Dest[i+1] = (val >> 8) & 0xFF; + + // Error check + if( i == ciNumFlags ) { + char val[len+1]; + strncpy(val, Str, len+1); + sendf(Client->Socket, "407 Unknown flag value '%s'\n", val); + return -1; + } + + Str = space + 1; + } while(space); - return Src - start_src; + return 0; } +