X-Git-Url: https://git.ucc.asn.au/?p=tpg%2Fopendispense2.git;a=blobdiff_plain;f=src%2Fserver%2Fserver.c;h=974efca34166c503ca7927852a6560389c963320;hp=6266bc8284d57183a998319457339cb842d29778;hb=24654ef0078320798912a273508e37f9ce921ba7;hpb=4aa65cd965da5a07c2f86e839d4bb1ad1b7692c7 diff --git a/src/server/server.c b/src/server/server.c index 6266bc8..974efca 100644 --- a/src/server/server.c +++ b/src/server/server.c @@ -99,7 +99,7 @@ const struct sClientCommand { #define NUM_COMMANDS ((int)(sizeof(gaServer_Commands)/sizeof(gaServer_Commands[0]))) // === GLOBALS === - int giServer_Port = 1020; + int giServer_Port = 11020; int giServer_NextClientID = 1; int giServer_Socket; @@ -143,6 +143,13 @@ void Server_Start(void) printf("Listening on 0.0.0.0:%i\n", giServer_Port); + // write pidfile +// { +// FILE *fp = fopen("/var/run/dispsrv.pid", "w"); +// fprintf(fp, "%i", getpid()); +// fclose(fp); +// } + for(;;) { uint len = sizeof(client_addr); @@ -303,7 +310,7 @@ void Server_ParseClientCommand(tClient *Client, char *CommandString) if( Server_int_ParseArgs(1, CommandString, &command, &args, NULL) ) { - printf("command=%s, args=%s\n", command, args); +// printf("command=%s, args=%s\n", command, args); // Is this an error? (just ignore for now) //args = ""; } @@ -377,7 +384,8 @@ void Server_Cmd_USER(tClient *Client, char *Args) void Server_Cmd_PASS(tClient *Client, char *Args) { char *passhash; - + int flags; + if( Server_int_ParseArgs(0, Args, &passhash, NULL) ) { sendf(Client->Socket, "407 PASS takes 1 argument\n"); @@ -387,13 +395,25 @@ void Server_Cmd_PASS(tClient *Client, char *Args) // Pass on to cokebank Client->UID = Bank_GetUserAuth(Client->Salt, Client->Username, passhash); - if( Client->UID != -1 ) { - Client->bIsAuthed = 1; - sendf(Client->Socket, "200 Auth OK\n"); + if( Client->UID == -1 ) { + sendf(Client->Socket, "401 Auth Failure\n"); + return ; + } + + flags = Bank_GetFlags(Client->UID); + if( flags & USER_FLAG_DISABLED ) { + Client->UID = -1; + sendf(Client->Socket, "403 Account Disabled\n"); + return ; + } + if( flags & USER_FLAG_INTERNAL ) { + Client->UID = -1; + sendf(Client->Socket, "403 Internal account\n"); return ; } - sendf(Client->Socket, "401 Auth Failure\n"); + Client->bIsAuthed = 1; + sendf(Client->Socket, "200 Auth OK\n"); } /** @@ -404,6 +424,7 @@ void Server_Cmd_PASS(tClient *Client, char *Args) void Server_Cmd_AUTOAUTH(tClient *Client, char *Args) { char *username; + int userflags; if( Server_int_ParseArgs(0, Args, &username, NULL) ) { @@ -424,16 +445,24 @@ void Server_Cmd_AUTOAUTH(tClient *Client, char *Args) if( Client->UID < 0 ) { if(giDebugLevel) Debug(Client, "Unknown user '%s'", username); - sendf(Client->Socket, "401 Auth Failure\n"); + sendf(Client->Socket, "403 Auth Failure\n"); return ; } + userflags = Bank_GetFlags(Client->UID); // You can't be an internal account - if( Bank_GetFlags(Client->UID) & USER_FLAG_INTERNAL ) { + if( userflags & USER_FLAG_INTERNAL ) { if(giDebugLevel) Debug(Client, "Autoauth as '%s', not allowed", username); Client->UID = -1; - sendf(Client->Socket, "401 Auth Failure\n"); + sendf(Client->Socket, "403 Account is internal\n"); + return ; + } + + // Disabled accounts + if( userflags & USER_FLAG_DISABLED ) { + Client->UID = -1; + sendf(Client->Socket, "403 Account disabled\n"); return ; } @@ -451,6 +480,7 @@ void Server_Cmd_AUTOAUTH(tClient *Client, char *Args) void Server_Cmd_SETEUSER(tClient *Client, char *Args) { char *username; + int eUserFlags, userFlags; if( Server_int_ParseArgs(0, Args, &username, NULL) ) { @@ -464,7 +494,8 @@ void Server_Cmd_SETEUSER(tClient *Client, char *Args) } // Check user permissions - if( !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) { + userFlags = Bank_GetFlags(Client->UID); + if( !(userFlags & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) { sendf(Client->Socket, "403 Not in coke\n"); return ; } @@ -477,11 +508,18 @@ void Server_Cmd_SETEUSER(tClient *Client, char *Args) } // You can't be an internal account - if( Bank_GetFlags(Client->EffectiveUID) & USER_FLAG_INTERNAL ) { + eUserFlags = Bank_GetFlags(Client->EffectiveUID); + if( eUserFlags & USER_FLAG_INTERNAL ) { Client->EffectiveUID = -1; sendf(Client->Socket, "404 User not found\n"); return ; } + // Disabled only avaliable to admins + if( (eUserFlags & USER_FLAG_DISABLED) && !(userFlags & USER_FLAG_ADMIN) ) { + Client->EffectiveUID = -1; + sendf(Client->Socket, "403 Account disabled\n"); + return ; + } sendf(Client->Socket, "200 User set\n"); } @@ -497,7 +535,7 @@ void Server_int_SendItem(tClient *Client, tItem *Item) if( Item->Handler->CanDispense ) { - switch(Item->Handler->CanDispense(Item->ID, Client->UID)) + switch(Item->Handler->CanDispense(Client->UID, Item->ID)) { case 0: status = "avail"; break; case 1: status = "sold"; break; @@ -666,10 +704,10 @@ void Server_Cmd_GIVE(tClient *Client, char *Args) } // You can't alter an internal account - if( Bank_GetFlags(uid) & USER_FLAG_INTERNAL ) { - sendf(Client->Socket, "404 Invalid target user\n"); - return ; - } +// if( Bank_GetFlags(uid) & USER_FLAG_INTERNAL ) { +// sendf(Client->Socket, "404 Invalid target user\n"); +// return ; +// } // Parse ammount iAmmount = atoi(ammount); @@ -1221,7 +1259,6 @@ int Server_int_ParseArgs(int bUseLongLast, char *ArgStr, ...) while( (dest = va_arg(args, char **)) ) { - printf(" dest = %p\n", dest); // Trim leading spaces while( *ArgStr == ' ' || *ArgStr == '\t' ) ArgStr ++;