X-Git-Url: https://git.ucc.asn.au/?p=tpg%2Fopendispense2.git;a=blobdiff_plain;f=src%2Fserver%2Fserver.c;h=76b3b44dbde7e6f57f854705b30a9d647d0d474f;hp=79a5c2dded88e002e4b2faba608390dcc853fe37;hb=HEAD;hpb=43d8a3ef5d51f1a1505fb2d1809a87a141f157fd diff --git a/src/server/server.c b/src/server/server.c index 79a5c2d..76b3b44 100644 --- a/src/server/server.c +++ b/src/server/server.c @@ -10,16 +10,24 @@ #include #include #include "common.h" +#include "../common/config.h" #include #include #include #include +#include // O_* #include #include #include -#include +#include // Signal handling +#include // AUTHIDENT +#include // time(2) +#include #define DEBUG_TRACE_CLIENT 0 +#define HACK_NO_REFUNDS 1 + +#define PIDFILE "/var/run/dispsrv.pid" // Statistics #define MAX_CONNECTION_QUEUE 5 @@ -31,13 +39,17 @@ #define MSG_STR_TOO_LONG "499 Command too long (limit "EXPSTR(INPUT_BUFFER_SIZE)")\n" +#define IDENT_TRUSTED_NETWORK 0x825F0D00 +#define IDENT_TRUSTED_NETMASK 0xFFFFFFC0 + // === TYPES === typedef struct sClient { int Socket; // Client socket ID int ID; // Client ID - int bIsTrusted; // Is the connection from a trusted host/port + int bTrustedHost; + int bCanAutoAuth; // Is the connection from a trusted host/port char *Username; char Salt[9]; @@ -50,16 +62,19 @@ typedef struct sClient // === PROTOTYPES === void Server_Start(void); void Server_Cleanup(void); -void Server_HandleClient(int Socket, int bTrusted); +void Server_HandleClient(int Socket, int bTrustedHost, int bRootPort); void Server_ParseClientCommand(tClient *Client, char *CommandString); // --- Commands --- void Server_Cmd_USER(tClient *Client, char *Args); void Server_Cmd_PASS(tClient *Client, char *Args); void Server_Cmd_AUTOAUTH(tClient *Client, char *Args); +void Server_Cmd_AUTHIDENT(tClient *Client, char *Args); +void Server_Cmd_AUTHCARD(tClient* Client, char *Args); void Server_Cmd_SETEUSER(tClient *Client, char *Args); void Server_Cmd_ENUMITEMS(tClient *Client, char *Args); void Server_Cmd_ITEMINFO(tClient *Client, char *Args); void Server_Cmd_DISPENSE(tClient *Client, char *Args); +void Server_Cmd_REFUND(tClient *Client, char *Args); void Server_Cmd_GIVE(tClient *Client, char *Args); void Server_Cmd_DONATE(tClient *Client, char *Args); void Server_Cmd_ADD(tClient *Client, char *Args); @@ -69,12 +84,19 @@ void Server_Cmd_USERINFO(tClient *Client, char *Args); void _SendUserInfo(tClient *Client, int UserID); void Server_Cmd_USERADD(tClient *Client, char *Args); void Server_Cmd_USERFLAGS(tClient *Client, char *Args); +void Server_Cmd_UPDATEITEM(tClient *Client, char *Args); +void Server_Cmd_PINCHECK(tClient *Client, char *Args); +void Server_Cmd_PINSET(tClient *Client, char *Args); +void Server_Cmd_CARDADD(tClient *Client, char *Args); // --- Helpers --- void Debug(tClient *Client, const char *Format, ...); int sendf(int Socket, const char *Format, ...); int Server_int_ParseArgs(int bUseLongArg, char *ArgStr, ...); int Server_int_ParseFlags(tClient *Client, const char *Str, int *Mask, int *Value); +#define CLIENT_DEBUG_LOW(Client, ...) do { if(giDebugLevel>1) Debug(Client, __VA_ARGS__); } while(0) +#define CLIENT_DEBUG(Client, ...) do { if(giDebugLevel) Debug(Client, __VA_ARGS__); } while(0) + // === CONSTANTS === // - Commands const struct sClientCommand { @@ -84,10 +106,13 @@ const struct sClientCommand { {"USER", Server_Cmd_USER}, {"PASS", Server_Cmd_PASS}, {"AUTOAUTH", Server_Cmd_AUTOAUTH}, + {"AUTHIDENT", Server_Cmd_AUTHIDENT}, + {"AUTHCARD", Server_Cmd_AUTHCARD}, {"SETEUSER", Server_Cmd_SETEUSER}, {"ENUM_ITEMS", Server_Cmd_ENUMITEMS}, {"ITEM_INFO", Server_Cmd_ITEMINFO}, {"DISPENSE", Server_Cmd_DISPENSE}, + {"REFUND", Server_Cmd_REFUND}, {"GIVE", Server_Cmd_GIVE}, {"DONATE", Server_Cmd_DONATE}, {"ADD", Server_Cmd_ADD}, @@ -95,7 +120,11 @@ const struct sClientCommand { {"ENUM_USERS", Server_Cmd_ENUMUSERS}, {"USER_INFO", Server_Cmd_USERINFO}, {"USER_ADD", Server_Cmd_USERADD}, - {"USER_FLAGS", Server_Cmd_USERFLAGS} + {"USER_FLAGS", Server_Cmd_USERFLAGS}, + {"UPDATE_ITEM", Server_Cmd_UPDATEITEM}, + {"PIN_CHECK", Server_Cmd_PINCHECK}, + {"PIN_SET", Server_Cmd_PINSET}, + {"CARD_ADD", Server_Cmd_CARDADD}, }; #define NUM_COMMANDS ((int)(sizeof(gaServer_Commands)/sizeof(gaServer_Commands[0]))) @@ -105,6 +134,8 @@ const struct sClientCommand { int gbServer_RunInBackground = 0; char *gsServer_LogFile = "/var/log/dispsrv.log"; char *gsServer_ErrorLog = "/var/log/dispsrv.err"; + int giServer_NumTrustedHosts; +struct in_addr *gaServer_TrustedHosts; // - State variables int giServer_Socket; // Server socket int giServer_NextClientID = 1; // Debug client ID @@ -119,7 +150,19 @@ void Server_Start(void) int client_socket; struct sockaddr_in server_addr, client_addr; - atexit(Server_Cleanup); + // Parse trusted hosts list + giServer_NumTrustedHosts = Config_GetValueCount("trusted_host"); + gaServer_TrustedHosts = malloc(giServer_NumTrustedHosts * sizeof(*gaServer_TrustedHosts)); + for( int i = 0; i < giServer_NumTrustedHosts; i ++ ) + { + const char *addr = Config_GetValue_Idx("trusted_host", i); + + if( inet_aton(addr, &gaServer_TrustedHosts[i]) == 0 ) { + fprintf(stderr, "Invalid IP address '%s'\n", addr); + continue ; + } + } + // Ignore SIGPIPE (stops crashes when the client exits early) signal(SIGPIPE, SIG_IGN); @@ -140,10 +183,11 @@ void Server_Start(void) if( bind(giServer_Socket, (struct sockaddr *) &server_addr, sizeof(server_addr)) < 0 ) { fprintf(stderr, "ERROR: Unable to bind to 0.0.0.0:%i\n", giServer_Port); perror("Binding"); + close(giServer_Socket); return ; } -#if 0 + // Fork into background if( gbServer_RunInBackground ) { int pid = fork(); @@ -154,14 +198,27 @@ void Server_Start(void) } if( pid != 0 ) { // Parent, quit + Debug_Notice("Forked child server as PID %i\n", pid); exit(0); } - // In child, sort out stdin/stdout - reopen(0, "/dev/null", O_READ); - reopen(1, gsServer_LogFile, O_CREAT|O_APPEND); - reopen(2, gsServer_ErrorLog, O_CREAT|O_APPEND); + // In child + // - Sort out stdin/stdout + #if 0 + dup2( open("/dev/null", O_RDONLY, 0644), STDIN_FILENO ); + dup2( open(gsServer_LogFile, O_CREAT|O_APPEND, 0644), STDOUT_FILENO ); + dup2( open(gsServer_ErrorLog, O_CREAT|O_APPEND, 0644), STDERR_FILENO ); + #else + freopen("/dev/null", "r", stdin); + freopen(gsServer_LogFile, "a", stdout); + freopen(gsServer_ErrorLog, "a", stderr); + fprintf(stdout, "OpenDispense 2 Server Started at %lld\n", (long long)time(NULL)); + fprintf(stderr, "OpenDispense 2 Server Started at %lld\n", (long long)time(NULL)); + #endif } -#endif + atexit(Server_Cleanup); + + // Start the helper thread + StartPeriodicThread(); // Listen if( listen(giServer_Socket, MAX_CONNECTION_QUEUE) < 0 ) { @@ -170,19 +227,22 @@ void Server_Start(void) return ; } - printf("Listening on 0.0.0.0:%i\n", giServer_Port); + Debug_Notice("Listening on 0.0.0.0:%i", giServer_Port); // write pidfile { - FILE *fp = fopen("/var/run/dispsrv.pid", "w"); - fprintf(fp, "%i", getpid()); - fclose(fp); + FILE *fp = fopen(PIDFILE, "w"); + if( fp ) { + fprintf(fp, "%i", getpid()); + fclose(fp); + } } for(;;) { uint len = sizeof(client_addr); int bTrusted = 0; + int bRootPort = 0; // Accept a connection client_socket = accept(giServer_Socket, (struct sockaddr *) &client_addr, &len); @@ -207,36 +267,53 @@ void Server_Start(void) if(giDebugLevel >= 2) { char ipstr[INET_ADDRSTRLEN]; inet_ntop(AF_INET, &client_addr.sin_addr, ipstr, INET_ADDRSTRLEN); - printf("Client connection from %s:%i\n", + Debug_Debug("Client connection from %s:%i", ipstr, ntohs(client_addr.sin_port)); } // Doesn't matter what, localhost is trusted if( ntohl( client_addr.sin_addr.s_addr ) == 0x7F000001 ) bTrusted = 1; - - // Trusted Connections + + // Check if the host is on the trusted list + for( int i = 0; i < giServer_NumTrustedHosts; i ++ ) + { + if( memcmp(&client_addr.sin_addr, &gaServer_TrustedHosts[i], sizeof(struct in_addr)) == 0 ) + { + bTrusted = 1; + break; + } + } + + // Root port (can AUTOAUTH if also a trusted machine if( ntohs(client_addr.sin_port) < 1024 ) + bRootPort = 1; + + #if 0 { // TODO: Make this runtime configurable switch( ntohl( client_addr.sin_addr.s_addr ) ) { case 0x7F000001: // 127.0.0.1 localhost // case 0x825F0D00: // 130.95.13.0 + case 0x825F0D04: // 130.95.13.4 merlo + // case 0x825F0D05: // 130.95.13.5 heathred (MR) case 0x825F0D07: // 130.95.13.7 motsugo case 0x825F0D11: // 130.95.13.17 mermaid case 0x825F0D12: // 130.95.13.18 mussel case 0x825F0D17: // 130.95.13.23 martello - case 0x825F0D42: // 130.95.13.66 heathred + case 0x825F0D2A: // 130.95.13.42 meersau + // case 0x825F0D42: // 130.95.13.66 heathred (Clubroom) bTrusted = 1; break; default: break; } } + #endif // TODO: Multithread this? - Server_HandleClient(client_socket, bTrusted); + Server_HandleClient(client_socket, bTrusted, bRootPort); close(client_socket); } @@ -244,9 +321,9 @@ void Server_Start(void) void Server_Cleanup(void) { - printf("\nClose(%i)\n", giServer_Socket); + Debug_Debug("Close(%i)", giServer_Socket); close(giServer_Socket); - unlink("/var/run/dispsrv"); + unlink(PIDFILE); } /** @@ -254,7 +331,7 @@ void Server_Cleanup(void) * \param Socket Client socket number/handle * \param bTrusted Is the client trusted? */ -void Server_HandleClient(int Socket, int bTrusted) +void Server_HandleClient(int Socket, int bTrusted, int bRootPort) { char inbuf[INPUT_BUFFER_SIZE]; char *buf = inbuf; @@ -267,7 +344,8 @@ void Server_HandleClient(int Socket, int bTrusted) // Initialise Client info clientInfo.Socket = Socket; clientInfo.ID = giServer_NextClientID ++; - clientInfo.bIsTrusted = bTrusted; + clientInfo.bTrustedHost = bTrusted; + clientInfo.bCanAutoAuth = bTrusted && bRootPort; clientInfo.EffectiveUID = -1; // Read from client @@ -341,9 +419,7 @@ void Server_ParseClientCommand(tClient *Client, char *CommandString) if( Server_int_ParseArgs(1, CommandString, &command, &args, NULL) ) { if( command == NULL ) return ; -// printf("command=%s, args=%s\n", command, args); // Is this an error? (just ignore for now) - //args = ""; } @@ -407,6 +483,62 @@ void Server_Cmd_USER(tClient *Client, char *Args) #endif } +/// UID: User ID (must be valid) +/// username: Optional username +bool authenticate(tClient* Client, int UID, const char* username) +{ + Client->UID = UID; + + int flags = Bank_GetFlags(Client->UID); + if( flags & USER_FLAG_DISABLED ) { + Client->UID = -1; + sendf(Client->Socket, "403 Authentication failure: account disabled\n"); + return false; + } + // You can't be an internal account + if( flags & USER_FLAG_INTERNAL ) { + if(giDebugLevel) + Debug(Client, "IDENT auth as '%s', not allowed", username); + Client->UID = -1; + sendf(Client->Socket, "403 Authentication failure: that account is internal\n"); + return false; + } + + // Save username + if(Client->Username != username) + { + if(Client->Username) + { + free(Client->Username); + } + + // Fetch username (if not provided) + if( username ) + { + Client->Username = strdup(username); + } + else + { + Client->Username = Bank_GetAcctName(UID); + } + } + + Client->bIsAuthed = 1; + + if(giDebugLevel) + Debug(Client, "Auto authenticated as '%s' (%i)", Client->Username, Client->UID); + return true; +} +bool require_auth(tClient* Client) +{ + // Check authentication + if( !Client->bIsAuthed ) { + sendf(Client->Socket, "401 Not Authenticated\n"); + return false; + } + return true; +} + /** * \brief Authenticate as a user * @@ -415,7 +547,6 @@ void Server_Cmd_USER(tClient *Client, char *Args) void Server_Cmd_PASS(tClient *Client, char *Args) { char *passhash; - int flags; if( Server_int_ParseArgs(0, Args, &passhash, NULL) ) { @@ -424,26 +555,17 @@ void Server_Cmd_PASS(tClient *Client, char *Args) } // Pass on to cokebank - Client->UID = Bank_GetUserAuth(Client->Salt, Client->Username, passhash); - - if( Client->UID == -1 ) { - sendf(Client->Socket, "401 Auth Failure\n"); - return ; - } - - flags = Bank_GetFlags(Client->UID); - if( flags & USER_FLAG_DISABLED ) { - Client->UID = -1; - sendf(Client->Socket, "403 Account Disabled\n"); + int uid = Bank_GetUserAuth(Client->Salt, Client->Username, passhash); + if( uid < 0 ) { + if(giDebugLevel) + Debug(Client, "Unknown user '%s'", Client->Username); + sendf(Client->Socket, "403 Authentication failure: unknown account\n"); return ; } - if( flags & USER_FLAG_INTERNAL ) { - Client->UID = -1; - sendf(Client->Socket, "403 Internal account\n"); - return ; + if( ! authenticate(Client, uid, Client->Username) ) + { + return; } - - Client->bIsAuthed = 1; sendf(Client->Socket, "200 Auth OK\n"); } @@ -455,7 +577,6 @@ void Server_Cmd_PASS(tClient *Client, char *Args) void Server_Cmd_AUTOAUTH(tClient *Client, char *Args) { char *username; - int userflags; if( Server_int_ParseArgs(0, Args, &username, NULL) ) { @@ -464,7 +585,7 @@ void Server_Cmd_AUTOAUTH(tClient *Client, char *Args) } // Check if trusted - if( !Client->bIsTrusted ) { + if( !Client->bCanAutoAuth ) { if(giDebugLevel) Debug(Client, "Untrusted client attempting to AUTOAUTH"); sendf(Client->Socket, "401 Untrusted\n"); @@ -472,39 +593,105 @@ void Server_Cmd_AUTOAUTH(tClient *Client, char *Args) } // Get UID - Client->UID = Bank_GetAcctByName( username ); - if( Client->UID < 0 ) { + int uid = Bank_GetAcctByName( username, /*bCreate=*/0 ); + if( uid < 0 ) { if(giDebugLevel) Debug(Client, "Unknown user '%s'", username); - sendf(Client->Socket, "403 Auth Failure\n"); + sendf(Client->Socket, "403 Authentication failure: unknown account\n"); return ; } + if( ! authenticate(Client, uid, username) ) + { + return; + } - userflags = Bank_GetFlags(Client->UID); - // You can't be an internal account - if( userflags & USER_FLAG_INTERNAL ) { + sendf(Client->Socket, "200 Auth OK\n"); +} + +/** + * \brief Authenticate as a user using the IDENT protocol + * + * Usage: AUTHIDENT + */ +void Server_Cmd_AUTHIDENT(tClient *Client, char *Args) +{ + char *username; + const int IDENT_TIMEOUT = 5; + + if( Args != NULL && strlen(Args) ) { + sendf(Client->Socket, "407 AUTHIDENT takes no arguments\n"); + return ; + } + + // Check if trusted + if( !Client->bTrustedHost ) { if(giDebugLevel) - Debug(Client, "Autoauth as '%s', not allowed", username); - Client->UID = -1; - sendf(Client->Socket, "403 Account is internal\n"); + Debug(Client, "Untrusted client attempting to AUTHIDENT"); + sendf(Client->Socket, "401 Untrusted\n"); return ; } - // Disabled accounts - if( userflags & USER_FLAG_DISABLED ) { - Client->UID = -1; - sendf(Client->Socket, "403 Account disabled\n"); + // Get username via IDENT + username = ident_id(Client->Socket, IDENT_TIMEOUT); + if( !username ) { + perror("AUTHIDENT - IDENT timed out"); + sendf(Client->Socket, "403 Authentication failure: IDENT auth timed out\n"); return ; } - Client->bIsAuthed = 1; - - if(giDebugLevel) - Debug(Client, "Auto authenticated as '%s' (%i)", username, Client->UID); - + int uid = Bank_GetAcctByName(username, /*bCreate=*/0); + if( uid < 0 ) { + if(giDebugLevel) + Debug(Client, "Unknown user '%s'", username); + sendf(Client->Socket, "403 Authentication failure: unknown account\n"); + free(username); + return ; + } + if( ! authenticate(Client, uid, username) ) + { + free(username); + return ; + } + free(username); + sendf(Client->Socket, "200 Auth OK\n"); } +void Server_Cmd_AUTHCARD(tClient* Client, char *Args) +{ + char* card_id; + if( Server_int_ParseArgs(0, Args, &card_id, NULL) ) + { + sendf(Client->Socket, "407 AUTHCARD takes 1 argument\n"); + return ; + } + + // Check if trusted (has to be root) + if( Client->UID != 1 ) + { + if(giDebugLevel) + Debug(Client, "Attempting to use AUTHCARD as non-root"); + sendf(Client->Socket, "401 Untrusted\n"); + return ; + } + + CLIENT_DEBUG(Client, "MIFARE auth with '%s'", card_id); + int uid = Bank_GetAcctByCard(card_id); + if( uid < 0 ) + { + if(giDebugLevel) + Debug(Client, "Unknown MIFARE '%s'", card_id); + sendf(Client->Socket, "403 Authentication failure: unknown MIFARE ID\n"); + return ; + } + if( ! authenticate(Client, uid, NULL) ) + { + return ; + } + + sendf(Client->Socket, "200 Auth Ok, username=%s\n", Client->Username); +} + /** * \brief Set effective user */ @@ -523,6 +710,12 @@ void Server_Cmd_SETEUSER(tClient *Client, char *Args) sendf(Client->Socket, "407 SETEUSER expects an argument\n"); return ; } + + // Check authentication + if( !Client->bIsAuthed ) { + sendf(Client->Socket, "401 Not Authenticated\n"); + return ; + } // Check user permissions userFlags = Bank_GetFlags(Client->UID); @@ -532,13 +725,12 @@ void Server_Cmd_SETEUSER(tClient *Client, char *Args) } // Set id - Client->EffectiveUID = Bank_GetAcctByName(username); + Client->EffectiveUID = Bank_GetAcctByName(username, 0); if( Client->EffectiveUID == -1 ) { sendf(Client->Socket, "404 User not found\n"); return ; } - - // You can't be an internal account + // You can't be an internal account (unless you're an admin) if( !(userFlags & USER_FLAG_ADMIN) ) { eUserFlags = Bank_GetFlags(Client->EffectiveUID); @@ -547,12 +739,15 @@ void Server_Cmd_SETEUSER(tClient *Client, char *Args) sendf(Client->Socket, "404 User not found\n"); return ; } - // Disabled only avaliable to admins - if( eUserFlags & USER_FLAG_DISABLED ) { - Client->EffectiveUID = -1; - sendf(Client->Socket, "403 Account disabled\n"); - return ; - } + } + + // Disabled accounts + // - If disabled and the actual user is not an admin (and not root) + // return 403 + if( (eUserFlags & USER_FLAG_DISABLED) && (Client->UID == 0 || !(userFlags & USER_FLAG_ADMIN)) ) { + Client->EffectiveUID = -1; + sendf(Client->Socket, "403 Account disabled\n"); + return ; } sendf(Client->Socket, "200 User set\n"); @@ -578,6 +773,12 @@ void Server_int_SendItem(tClient *Client, tItem *Item) } } + if( !gbNoCostMode && Item->Price == 0 ) + status = "error"; + // KNOWN HACK: Naming a slot 'dead' disables it + if( strcmp(Item->Name, "dead") == 0 ) + status = "sold"; // Another status? + sendf(Client->Socket, "202 Item %s:%i %s %i %s\n", Item->Handler->Name, Item->ID, status, Item->Price, Item->Name @@ -652,6 +853,8 @@ tItem *_GetItemFromString(char *String) /** * \brief Fetch information on a specific item + * + * Usage: ITEMINFO */ void Server_Cmd_ITEMINFO(tClient *Client, char *Args) { @@ -672,6 +875,11 @@ void Server_Cmd_ITEMINFO(tClient *Client, char *Args) Server_int_SendItem( Client, item ); } +/** + * \brief Dispense an item + * + * Usage: DISPENSE + */ void Server_Cmd_DISPENSE(tClient *Client, char *Args) { tItem *item; @@ -702,17 +910,78 @@ void Server_Cmd_DISPENSE(tClient *Client, char *Args) uid = Client->UID; } +// if( Bank_GetFlags(Client->UID) & USER_FLAG_DISABLED ) { +// } + switch( ret = DispenseItem( Client->UID, uid, item ) ) { case 0: sendf(Client->Socket, "200 Dispense OK\n"); return ; case 1: sendf(Client->Socket, "501 Unable to dispense\n"); return ; case 2: sendf(Client->Socket, "402 Poor You\n"); return ; default: - sendf(Client->Socket, "500 Dispense Error\n"); + sendf(Client->Socket, "500 Dispense Error (%i)\n", ret); + return ; + } +} + +/** + * \brief Refund an item to a user + * + * Usage: REFUND [] + */ +void Server_Cmd_REFUND(tClient *Client, char *Args) +{ + tItem *item; + int uid, price_override = 0; + char *username, *itemname, *price_str; + + if( Server_int_ParseArgs(0, Args, &username, &itemname, &price_str, NULL) ) { + if( !itemname || price_str ) { + sendf(Client->Socket, "407 REFUND takes 2 or 3 arguments\n"); + return ; + } + } + + if( !Client->bIsAuthed ) { + sendf(Client->Socket, "401 Not Authenticated\n"); + return ; + } + + // Check user permissions + if( !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) { + sendf(Client->Socket, "403 Not in coke\n"); + return ; + } + + uid = Bank_GetAcctByName(username, 0); + if( uid == -1 ) { + sendf(Client->Socket, "404 Unknown user\n"); return ; } + + item = _GetItemFromString(itemname); + if( !item ) { + sendf(Client->Socket, "406 Bad Item ID\n"); + return ; + } + + if( price_str ) + price_override = atoi(price_str); + + switch( DispenseRefund( Client->UID, uid, item, price_override ) ) + { + case 0: sendf(Client->Socket, "200 Item Refunded\n"); return ; + default: + sendf(Client->Socket, "500 Dispense Error\n"); + return; + } } +/** + * \brief Transfer money to another account + * + * Usage: GIVE + */ void Server_Cmd_GIVE(tClient *Client, char *Args) { char *recipient, *ammount, *reason; @@ -724,6 +993,7 @@ void Server_Cmd_GIVE(tClient *Client, char *Args) sendf(Client->Socket, "407 GIVE takes only 3 arguments\n"); return ; } + // Check for authed if( !Client->bIsAuthed ) { sendf(Client->Socket, "401 Not Authenticated\n"); @@ -731,7 +1001,7 @@ void Server_Cmd_GIVE(tClient *Client, char *Args) } // Get recipient - uid = Bank_GetAcctByName(recipient); + uid = Bank_GetAcctByName(recipient, 0); if( uid == -1 ) { sendf(Client->Socket, "404 Invalid target user\n"); return ; @@ -841,8 +1111,26 @@ void Server_Cmd_ADD(tClient *Client, char *Args) return ; } + #if !ROOT_CAN_ADD + if( strcmp( Client->Username, "root" ) == 0 ) { + // Allow adding for new users + if( strcmp(reason, "treasurer: new user") != 0 ) { + sendf(Client->Socket, "403 Root may not add\n"); + return ; + } + } + #endif + + #if HACK_NO_REFUNDS + if( strstr(reason, "refund") != NULL || strstr(reason, "misdispense") != NULL ) + { + sendf(Client->Socket, "499 Don't use `dispense acct` for refunds, use `dispense refund` (and `dispense -G` to get item IDs)\n"); + return ; + } + #endif + // Get recipient - uid = Bank_GetAcctByName(user); + uid = Bank_GetAcctByName(user, 0); if( uid == -1 ) { sendf(Client->Socket, "404 Invalid user\n"); return ; @@ -852,7 +1140,7 @@ void Server_Cmd_ADD(tClient *Client, char *Args) if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) ) { if( Bank_GetFlags(uid) & USER_FLAG_INTERNAL ) { - sendf(Client->Socket, "404 Invalid user\n"); + sendf(Client->Socket, "403 Admin only\n"); return ; } // TODO: Maybe disallow changes to disabled? @@ -903,7 +1191,7 @@ void Server_Cmd_SET(tClient *Client, char *Args) } // Get recipient - uid = Bank_GetAcctByName(user); + uid = Bank_GetAcctByName(user, 0); if( uid == -1 ) { sendf(Client->Socket, "404 Invalid user\n"); return ; @@ -916,17 +1204,15 @@ void Server_Cmd_SET(tClient *Client, char *Args) return ; } + int origBalance, rv; // Do give - switch( DispenseSet(Client->UID, uid, iAmmount, reason) ) + switch( rv = DispenseSet(Client->UID, uid, iAmmount, reason, &origBalance) ) { case 0: - sendf(Client->Socket, "200 Add OK\n"); - return ; - case 2: - sendf(Client->Socket, "402 Poor Guy\n"); + sendf(Client->Socket, "200 Add OK (%i)\n", origBalance); return ; default: - sendf(Client->Socket, "500 Unknown error\n"); + sendf(Client->Socket, "500 Unknown error (%i)\n", rv); return ; } } @@ -1116,7 +1402,7 @@ void Server_Cmd_USERINFO(tClient *Client, char *Args) if( giDebugLevel ) Debug(Client, "User Info '%s'", user); // Get recipient - uid = Bank_GetAcctByName(user); + uid = Bank_GetAcctByName(user, 0); if( giDebugLevel >= 2 ) Debug(Client, "uid = %i", uid); if( uid == -1 ) { @@ -1171,6 +1457,12 @@ void Server_Cmd_USERADD(tClient *Client, char *Args) return ; } + // Check authentication + if( !Client->bIsAuthed ) { + sendf(Client->Socket, "401 Not Authenticated\n"); + return ; + } + // Check permissions if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) ) { sendf(Client->Socket, "403 Not a coke admin\n"); @@ -1194,16 +1486,22 @@ void Server_Cmd_USERADD(tClient *Client, char *Args) void Server_Cmd_USERFLAGS(tClient *Client, char *Args) { - char *username, *flags; + char *username, *flags, *reason=NULL; int mask=0, value=0; int uid; // Parse arguments - if( Server_int_ParseArgs(0, Args, &username, &flags, NULL) ) { - sendf(Client->Socket, "407 USER_FLAGS takes 2 arguments\n"); - return ; + if( Server_int_ParseArgs(1, Args, &username, &flags, &reason, NULL) ) { + if( !flags ) { + sendf(Client->Socket, "407 USER_FLAGS takes at least 2 arguments\n"); + return ; + } + reason = ""; } + // Check authentication + if(!require_auth(Client)) return; + // Check permissions if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) ) { sendf(Client->Socket, "403 Not a coke admin\n"); @@ -1211,7 +1509,7 @@ void Server_Cmd_USERFLAGS(tClient *Client, char *Args) } // Get UID - uid = Bank_GetAcctByName(username); + uid = Bank_GetAcctByName(username, 0); if( uid == -1 ) { sendf(Client->Socket, "404 User '%s' not found\n", username); return ; @@ -1227,11 +1525,163 @@ void Server_Cmd_USERFLAGS(tClient *Client, char *Args) // Apply flags Bank_SetFlags(uid, mask, value); + + // Log the change + Log_Info("Updated '%s' with flag set '%s' by '%s' - Reason: %s", + username, flags, Client->Username, reason); // Return OK sendf(Client->Socket, "200 User Updated\n"); } +void Server_Cmd_UPDATEITEM(tClient *Client, char *Args) +{ + char *itemname, *price_str, *description; + int price; + tItem *item; + + if( Server_int_ParseArgs(1, Args, &itemname, &price_str, &description, NULL) ) { + sendf(Client->Socket, "407 UPDATE_ITEM takes 3 arguments\n"); + return ; + } + + if(!require_auth(Client)) return; + + // Check user permissions + if( !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) { + sendf(Client->Socket, "403 Not in coke\n"); + return ; + } + + item = _GetItemFromString(itemname); + if( !item ) { + // TODO: Create item? + sendf(Client->Socket, "406 Bad Item ID\n"); + return ; + } + + price = atoi(price_str); + if( price <= 0 && price_str[0] != '0' ) { + sendf(Client->Socket, "407 Invalid price set\n"); + } + + switch( DispenseUpdateItem( Client->UID, item, description, price ) ) + { + case 0: + // Return OK + sendf(Client->Socket, "200 Item updated\n"); + break; + default: + break; + } +} + +void Server_Cmd_PINCHECK(tClient *Client, char *Args) +{ + char *username, *pinstr; + int pin; + + if( Server_int_ParseArgs(0, Args, &username, &pinstr, NULL) ) { + sendf(Client->Socket, "407 PIN_CHECK takes 2 arguments\n"); + return ; + } + + if( !isdigit(pinstr[0]) || !isdigit(pinstr[1]) || !isdigit(pinstr[2]) || !isdigit(pinstr[3]) || pinstr[4] != '\0' ) { + sendf(Client->Socket, "407 PIN should be four digits\n"); + return ; + } + pin = atoi(pinstr); + + if(!require_auth(Client)) return; + + // Get user + int uid = Bank_GetAcctByName(username, 0); + if( uid == -1 ) { + sendf(Client->Socket, "404 User '%s' not found\n", username); + return ; + } + + // Check user permissions + if( uid != Client->UID && !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) { + sendf(Client->Socket, "403 Not in coke\n"); + return ; + } + + // Get the pin + static time_t last_wrong_pin_time; + static int backoff = 1; + if( time(NULL) - last_wrong_pin_time < backoff ) { + sendf(Client->Socket, "407 Rate limited (%i seconds remaining)\n", + backoff - (time(NULL) - last_wrong_pin_time)); + return ; + } + last_wrong_pin_time = time(NULL); + if( !Bank_IsPinValid(uid, pin) ) + { + sendf(Client->Socket, "401 Pin incorrect\n"); + struct sockaddr_storage addr; + socklen_t len = sizeof(addr); + char ipstr[INET6_ADDRSTRLEN]; + getpeername(Client->Socket, (void*)&addr, &len); + struct sockaddr_in *s = (struct sockaddr_in *)&addr; + inet_ntop(addr.ss_family, &s->sin_addr, ipstr, sizeof(ipstr)); + Debug_Notice("Bad pin from %s for %s by %i", ipstr, username, Client->UID); + if( backoff < 5) + backoff ++; + return ; + } + + last_wrong_pin_time = 0; + backoff = 1; + sendf(Client->Socket, "200 Pin correct\n"); + return ; +} +void Server_Cmd_PINSET(tClient *Client, char *Args) +{ + char *pinstr; + int pin; + + + if( Server_int_ParseArgs(0, Args, &pinstr, NULL) ) { + sendf(Client->Socket, "407 PIN_SET takes 1 argument\n"); + return ; + } + + if( !isdigit(pinstr[0]) || !isdigit(pinstr[1]) || !isdigit(pinstr[2]) || !isdigit(pinstr[3]) || pinstr[4] != '\0' ) { + sendf(Client->Socket, "407 PIN should be four digits\n"); + return ; + } + pin = atoi(pinstr); + + if(!require_auth(Client)) return; + + int uid = Client->EffectiveUID > 0 ? Client->EffectiveUID : Client->UID; + CLIENT_DEBUG(Client, "Setting PIN for UID %i", uid); + // Can only pinset yourself (well, the effective user) + Bank_SetPin(uid, pin); + sendf(Client->Socket, "200 Pin updated\n"); + return ; +} +void Server_Cmd_CARDADD(tClient* Client, char* Args) +{ + char* card_id; + if( Server_int_ParseArgs(0, Args, &card_id, NULL) ) { + sendf(Client->Socket, "407 CARD_ADD takes 1 argument\n"); + return ; + } + + if(!require_auth(Client)) return; + + int uid = Client->EffectiveUID > 0 ? Client->EffectiveUID : Client->UID; + CLIENT_DEBUG(Client, "Add card '%s' to UID %i", card_id, uid); + if( Bank_AddAcctCard(uid, card_id) ) + { + sendf(Client->Socket, "408 Card already exists\n"); + return ; + } + sendf(Client->Socket, "200 Card added\n"); +} + // --- INTERNAL HELPERS --- void Debug(tClient *Client, const char *Format, ...) { @@ -1408,3 +1858,4 @@ int Server_int_ParseFlags(tClient *Client, const char *Str, int *Mask, int *Valu return 0; } +