From a78e3c7b6ac2ad0fb3f89036459cf7053dbe8496 Mon Sep 17 00:00:00 2001 From: John Hodge Date: Sat, 19 Feb 2011 21:32:09 +0800 Subject: [PATCH] Cleaning up - Fixed autoauth - Removed debug manual auth hack - Fixed server argument parsing - Disabled negative --- src/client/main.c | 21 ++- src/cokebank_sqlite/main.c | 2 +- src/server/dispense.c | 4 +- src/server/server.c | 291 ++++++++++++++++++------------------- 4 files changed, 162 insertions(+), 156 deletions(-) diff --git a/src/client/main.c b/src/client/main.c index 9b0f746..46e1259 100644 --- a/src/client/main.c +++ b/src/client/main.c @@ -27,6 +27,7 @@ #define USE_NCURSES_INTERFACE 0 #define DEBUG_TRACE_SERVER 0 +#define USE_AUTOAUTH 1 // === TYPES === typedef struct sItem { @@ -65,7 +66,7 @@ char *trim(char *string); void CompileRegex(regex_t *regex, const char *pattern, int flags); // === GLOBALS === -char *gsDispenseServer = "localhost"; +char *gsDispenseServer = "heathred"; int giDispensePort = 11020; tItem *gaItems; @@ -678,16 +679,24 @@ int OpenConnection(const char *Host, int Port) return -1; } - #if USE_AUTOAUTH + if( geteuid() == 0 ) { + int i; struct sockaddr_in localAddr; memset(&localAddr, 0, sizeof(localAddr)); localAddr.sin_family = AF_INET; // IPv4 - localAddr.sin_port = 1023; // IPv4 - // Attempt to bind to low port for autoauth - bind(sock, &localAddr, sizeof(localAddr)); + + // Loop through all the top ports until one is avaliable + for( i = 1001; i < 1024; i ++) + { + localAddr.sin_port = htons(i); // IPv4 + // Attempt to bind to low port for autoauth + if( bind(sock, (struct sockaddr*)&localAddr, sizeof(localAddr)) == 0 ) + break; + } + if( i == 1024 ) + printf("Warning: AUTOAUTH unavaliable\n"); } - #endif if( connect(sock, (struct sockaddr *) &serverAddr, sizeof(serverAddr)) < 0 ) { fprintf(stderr, "Failed to connect to server\n"); diff --git a/src/cokebank_sqlite/main.c b/src/cokebank_sqlite/main.c index ef87b7b..c386ee9 100644 --- a/src/cokebank_sqlite/main.c +++ b/src/cokebank_sqlite/main.c @@ -456,7 +456,7 @@ int Bank_GetUserAuth(const char *Salt, const char *Username, const char *Passwor { Salt = Password = Username; // Shut up GCC // DEBUG HACKS! - #if 1 + #if 0 return Bank_GetAcctByName(Username); #else return -1; diff --git a/src/server/dispense.c b/src/server/dispense.c index c631bed..3fb5652 100644 --- a/src/server/dispense.c +++ b/src/server/dispense.c @@ -197,10 +197,10 @@ int _GetMinBalance(int Account) if( flags & USER_FLAG_INTERNAL ) return INT_MIN; // Admin to -$10 - if( flags & USER_FLAG_ADMIN ) return -1000; + //if( flags & USER_FLAG_ADMIN ) return -1000; // Coke to -$5 - if( flags & USER_FLAG_COKE ) return -500; + //if( flags & USER_FLAG_COKE ) return -500; // Anyone else, non-negative return 0; diff --git a/src/server/server.c b/src/server/server.c index cd69224..04f1c39 100644 --- a/src/server/server.c +++ b/src/server/server.c @@ -70,8 +70,9 @@ void Server_Cmd_USERADD(tClient *Client, char *Args); void Server_Cmd_USERFLAGS(tClient *Client, char *Args); // --- Helpers --- void Debug(tClient *Client, const char *Format, ...); - int Server_int_ParseFlags(tClient *Client, const char *Str, int *Mask, int *Value); int sendf(int Socket, const char *Format, ...); + int Server_int_ParseArgs(int bUseLongArg, char *ArgStr, ...); + int Server_int_ParseFlags(tClient *Client, const char *Str, int *Mask, int *Value); // === CONSTANTS === // - Commands @@ -185,8 +186,9 @@ void Server_Start(void) switch( ntohl( client_addr.sin_addr.s_addr ) ) { case 0x7F000001: // 127.0.0.1 localhost - //case 0x825E0D00: // 130.95.13.0 + // case 0x825E0D00: // 130.95.13.0 case 0x825E0D07: // 130.95.13.7 motsugo + case 0x825E0D11: // 130.95.13.17 mermaid case 0x825E0D12: // 130.95.13.18 mussel case 0x825E0D17: // 130.95.13.23 martello bTrusted = 1; @@ -292,40 +294,17 @@ void Server_HandleClient(int Socket, int bTrusted) */ void Server_ParseClientCommand(tClient *Client, char *CommandString) { - char *space, *args; + char *command, *args; int i; #if 0 char **argList; int numArgs = 0; #endif - // Split at first space - space = strchr(CommandString, ' '); - if(space == NULL) { - args = NULL; - } - else { - *space = '\0'; - args = space + 1; - while( *space == ' ' ) space ++; - - #if 0 - // Count arguments - numArgs = 1; - for( i = 0; args[i]; ) - { - while( CommandString[i] != ' ' ) { - if( CommandString[i] == '"' ) { - while( !(CommandString[i] != '\\' CommandString[i+1] == '"' ) ) - i ++; - i ++; - } - i ++; - } - numArgs ++; - while( CommandString[i] == ' ' ) i ++; - } - #endif + if( Server_int_ParseArgs(1, CommandString, &command, &args, NULL) ) + { + // Is this an error? (just ignore for now) + args = ""; } @@ -351,17 +330,18 @@ void Server_ParseClientCommand(tClient *Client, char *CommandString) */ void Server_Cmd_USER(tClient *Client, char *Args) { - char *space = strchr(Args, ' '); - if(space) *space = '\0'; // Remove characters after the ' ' + char *username; + + Server_int_ParseArgs(0, Args, &username, NULL); // Debug! if( giDebugLevel ) - Debug(Client, "Authenticating as '%s'", Args); + Debug(Client, "Authenticating as '%s'", username); // Save username if(Client->Username) free(Client->Username); - Client->Username = strdup(Args); + Client->Username = strdup(username); #if USE_SALT // Create a salt (that changes if the username is changed) @@ -389,11 +369,12 @@ void Server_Cmd_USER(tClient *Client, char *Args) */ void Server_Cmd_PASS(tClient *Client, char *Args) { - char *space = strchr(Args, ' '); - if(space) *space = '\0'; // Remove characters after the ' ' + char *passhash; + + Server_int_ParseArgs(0, Args, &passhash, NULL); // Pass on to cokebank - Client->UID = Bank_GetUserAuth(Client->Salt, Client->Username, Args); + Client->UID = Bank_GetUserAuth(Client->Salt, Client->Username, passhash); if( Client->UID != -1 ) { Client->bIsAuthed = 1; @@ -411,8 +392,9 @@ void Server_Cmd_PASS(tClient *Client, char *Args) */ void Server_Cmd_AUTOAUTH(tClient *Client, char *Args) { - char *space = strchr(Args, ' '); - if(space) *space = '\0'; // Remove characters after the ' ' + char *username; + + Server_int_ParseArgs(0, Args, &username, NULL); // Check if trusted if( !Client->bIsTrusted ) { @@ -423,10 +405,10 @@ void Server_Cmd_AUTOAUTH(tClient *Client, char *Args) } // Get UID - Client->UID = Bank_GetAcctByName( Args ); + Client->UID = Bank_GetAcctByName( username ); if( Client->UID < 0 ) { if(giDebugLevel) - Debug(Client, "Unknown user '%s'", Args); + Debug(Client, "Unknown user '%s'", username); sendf(Client->Socket, "401 Auth Failure\n"); return ; } @@ -441,7 +423,7 @@ void Server_Cmd_AUTOAUTH(tClient *Client, char *Args) Client->bIsAuthed = 1; if(giDebugLevel) - Debug(Client, "Auto authenticated as '%s' (%i)", Args, Client->UID); + Debug(Client, "Auto authenticated as '%s' (%i)", username, Client->UID); sendf(Client->Socket, "200 Auth OK\n"); } @@ -451,11 +433,9 @@ void Server_Cmd_AUTOAUTH(tClient *Client, char *Args) */ void Server_Cmd_SETEUSER(tClient *Client, char *Args) { - char *space; - - space = strchr(Args, ' '); + char *username; - if(space) *space = '\0'; + Server_int_ParseArgs(0, Args, &username, NULL); if( !strlen(Args) ) { sendf(Client->Socket, "407 SETEUSER expects an argument\n"); @@ -469,7 +449,7 @@ void Server_Cmd_SETEUSER(tClient *Client, char *Args) } // Set id - Client->EffectiveUID = Bank_GetAcctByName(Args); + Client->EffectiveUID = Bank_GetAcctByName(username); if( Client->EffectiveUID == -1 ) { sendf(Client->Socket, "404 User not found\n"); return ; @@ -559,7 +539,14 @@ tItem *_GetItemFromString(char *String) */ void Server_Cmd_ITEMINFO(tClient *Client, char *Args) { - tItem *item = _GetItemFromString(Args); + tItem *item; + char *itemname; + + if( Server_int_ParseArgs(0, Args, &itemname, NULL) ) { + sendf(Client->Socket, "407 ITEMINFO takes 1 argument\n"); + return ; + } + item = _GetItemFromString(Args); if( !item ) { sendf(Client->Socket, "406 Bad Item ID\n"); @@ -577,13 +564,19 @@ void Server_Cmd_DISPENSE(tClient *Client, char *Args) tItem *item; int ret; int uid; + char *itemname; + + if( Server_int_ParseArgs(0, Args, &itemname, NULL) ) { + sendf(Client->Socket, "407 DISPENSE takes only 1 argument\n"); + return ; + } if( !Client->bIsAuthed ) { sendf(Client->Socket, "401 Not Authenticated\n"); return ; } - item = _GetItemFromString(Args); + item = _GetItemFromString(itemname); if( !item ) { sendf(Client->Socket, "406 Bad Item ID\n"); return ; @@ -613,28 +606,16 @@ void Server_Cmd_GIVE(tClient *Client, char *Args) int uid, iAmmount; int thisUid; - if( !Client->bIsAuthed ) { - sendf(Client->Socket, "401 Not Authenticated\n"); - return ; - } - - recipient = Args; - - ammount = strchr(Args, ' '); - if( !ammount ) { - sendf(Client->Socket, "407 Invalid Argument, expected 3 parameters, 1 encountered\n"); + // Parse arguments + if( Server_int_ParseArgs(1, Args, &recipient, &ammount, &reason, NULL) ) { + sendf(Client->Socket, "407 GIVE takes only 3 arguments\n"); return ; } - *ammount = '\0'; - ammount ++; - - reason = strchr(ammount, ' '); - if( !reason ) { - sendf(Client->Socket, "407 Invalid Argument, expected 3 parameters, 2 encountered\n"); + // Check for authed + if( !Client->bIsAuthed ) { + sendf(Client->Socket, "401 Not Authenticated\n"); return ; } - *reason = '\0'; - reason ++; // Get recipient uid = Bank_GetAcctByName(recipient); @@ -684,25 +665,14 @@ void Server_Cmd_DONATE(tClient *Client, char *Args) int iAmmount; int thisUid; - if( !Client->bIsAuthed ) { - sendf(Client->Socket, "401 Not Authenticated\n"); - return ; - } - - ammount = Args; - - // Get the start of the reason - reason = strchr(Args, ' '); - if( !ammount ) { - sendf(Client->Socket, "407 Invalid Argument, expected 2 parameters, 1 encountered\n"); + // Parse arguments + if( Server_int_ParseArgs(1, Args, &ammount, &reason, NULL) ) { + sendf(Client->Socket, "407 DONATE takes 2 arguments\n"); return ; } - *reason = '\0'; - reason ++; - // Check the end of the reason - if( strchr(reason, ' ') ) { - sendf(Client->Socket, "407 Invalid Argument, expected 2 parameters, more encountered\n"); + if( !Client->bIsAuthed ) { + sendf(Client->Socket, "401 Not Authenticated\n"); return ; } @@ -741,28 +711,16 @@ void Server_Cmd_ADD(tClient *Client, char *Args) char *user, *ammount, *reason; int uid, iAmmount; - if( !Client->bIsAuthed ) { - sendf(Client->Socket, "401 Not Authenticated\n"); - return ; - } - - user = Args; - - ammount = strchr(Args, ' '); - if( !ammount ) { - sendf(Client->Socket, "407 Invalid Argument, expected 3 parameters, 1 encountered\n"); + // Parse arguments + if( Server_int_ParseArgs(1, Args, &user, &ammount, &reason, NULL) ) { + sendf(Client->Socket, "407 ADD takes 3 arguments\n"); return ; } - *ammount = '\0'; - ammount ++; - - reason = strchr(ammount, ' '); - if( !reason ) { - sendf(Client->Socket, "407 Invalid Argument, expected 3 parameters, 2 encountered\n"); + + if( !Client->bIsAuthed ) { + sendf(Client->Socket, "401 Not Authenticated\n"); return ; } - *reason = '\0'; - reason ++; // Check user permissions if( !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) { @@ -810,28 +768,16 @@ void Server_Cmd_SET(tClient *Client, char *Args) char *user, *ammount, *reason; int uid, iAmmount; - if( !Client->bIsAuthed ) { - sendf(Client->Socket, "401 Not Authenticated\n"); - return ; - } - - user = Args; - - ammount = strchr(Args, ' '); - if( !ammount ) { - sendf(Client->Socket, "407 Invalid Argument, expected 3 parameters, 1 encountered\n"); + // Parse arguments + if( Server_int_ParseArgs(1, Args, &user, &ammount, &reason, NULL) ) { + sendf(Client->Socket, "407 SET takes 3 arguments\n"); return ; } - *ammount = '\0'; - ammount ++; - - reason = strchr(ammount, ' '); - if( !reason ) { - sendf(Client->Socket, "407 Invalid Argument, expected 3 parameters, 2 encountered\n"); + + if( !Client->bIsAuthed ) { + sendf(Client->Socket, "401 Not Authenticated\n"); return ; } - *reason = '\0'; - reason ++; // Check user permissions if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) ) { @@ -894,6 +840,7 @@ void Server_Cmd_ENUMUSERS(tClient *Client, char *Args) do { type = space; + while(*type == ' ') type ++; // Get next space space = strchr(space, ' '); if(space) *space = '\0'; @@ -1047,11 +994,13 @@ void Server_Cmd_ENUMUSERS(tClient *Client, char *Args) void Server_Cmd_USERINFO(tClient *Client, char *Args) { int uid; - char *user = Args; - char *space; + char *user; - space = strchr(user, ' '); - if(space) *space = '\0'; + // Parse arguments + if( Server_int_ParseArgs(0, Args, &user, NULL) ) { + sendf(Client->Socket, "407 USER_INFO takes 1 argument\n"); + return ; + } if( giDebugLevel ) Debug(Client, "User Info '%s'", user); @@ -1103,7 +1052,13 @@ void _SendUserInfo(tClient *Client, int UserID) void Server_Cmd_USERADD(tClient *Client, char *Args) { - char *username, *space; + char *username; + + // Parse arguments + if( Server_int_ParseArgs(0, Args, &username, NULL) ) { + sendf(Client->Socket, "407 USER_ADD takes 1 argument\n"); + return ; + } // Check permissions if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) ) { @@ -1111,12 +1066,6 @@ void Server_Cmd_USERADD(tClient *Client, char *Args) return ; } - // Read arguments - username = Args; - while( *username == ' ' ) username ++; - space = strchr(username, ' '); - if(space) *space = '\0'; - // Try to create user if( Bank_CreateAcct(username) == -1 ) { sendf(Client->Socket, "404 User exists\n"); @@ -1135,31 +1084,20 @@ void Server_Cmd_USERADD(tClient *Client, char *Args) void Server_Cmd_USERFLAGS(tClient *Client, char *Args) { char *username, *flags; - char *space; int mask=0, value=0; int uid; - // Check permissions - if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) ) { - sendf(Client->Socket, "403 Not a coke admin\n"); + // Parse arguments + if( Server_int_ParseArgs(0, Args, &username, &flags, NULL) ) { + sendf(Client->Socket, "407 USER_FLAGS takes 2 arguments\n"); return ; } - // Read arguments - // - Username - username = Args; - while( *username == ' ' ) username ++; - space = strchr(username, ' '); - if(!space) { - sendf(Client->Socket, "407 USER_FLAGS requires 2 arguments, 1 given\n"); + // Check permissions + if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) ) { + sendf(Client->Socket, "403 Not a coke admin\n"); return ; } - *space = '\0'; - // - Flags - flags = space + 1; - while( *flags == ' ' ) flags ++; - space = strchr(flags, ' '); - if(space) *space = '\0'; // Get UID uid = Bank_GetAcctByName(username); @@ -1218,6 +1156,65 @@ int sendf(int Socket, const char *Format, ...) } } +// Takes a series of char *'s in +/** + * \brief Parse space-separated entries into + */ +int Server_int_ParseArgs(int bUseLongLast, char *ArgStr, ...) +{ + va_list args; + char savedChar = *ArgStr; + char **dest; + va_start(args, ArgStr); + + while( (dest = va_arg(args, char **)) ) + { + // Trim leading spaces + while( *ArgStr == ' ' || *ArgStr == '\t' ) + ArgStr ++; + + // ... oops, not enough arguments + if( *ArgStr == '\0' ) + { + // NULL unset arguments + do { + *dest = NULL; + } while( (dest = va_arg(args, char **)) ); + return -1; + } + + // Set destination + *dest = ArgStr; + + if( *ArgStr == '"' ) + { + // Read until quote + while( *ArgStr && *ArgStr != '"' ) + ArgStr ++; + } + else + { + // Read until a space + while( *ArgStr && *ArgStr != ' ' && *ArgStr != '\t' ) + ArgStr ++; + } + savedChar = *ArgStr; // savedChar is used to un-mangle the last string + *ArgStr = '\0'; + } + + // Oops, extra arguments, and greedy not set + if( savedChar == ' ' && bUseLongLast ) + return -1; + + // Un-mangle last + if(bUseLongLast) + *ArgStr = savedChar; + + va_end(args); + + return 0; // Success! +} + int Server_int_ParseFlags(tClient *Client, const char *Str, int *Mask, int *Value) { struct { -- 2.20.1