diff options
| author | Franklin Wei <git@fwei.tk> | 2015-12-05 11:42:14 -0500 |
|---|---|---|
| committer | Franklin Wei <git@fwei.tk> | 2015-12-05 11:42:14 -0500 |
| commit | 9df8091c0a30276b181796993b883f7e3b8f609a (patch) | |
| tree | df725b4475226e89628b7e912f019ec7ae636893 /src/client.c | |
| parent | bbeb7cda3071c7a872ee9c5127e02983b25efda0 (diff) | |
| download | netcosm-9df8091c0a30276b181796993b883f7e3b8f609a.zip netcosm-9df8091c0a30276b181796993b883f7e3b8f609a.tar.gz netcosm-9df8091c0a30276b181796993b883f7e3b8f609a.tar.bz2 netcosm-9df8091c0a30276b181796993b883f7e3b8f609a.tar.xz | |
fix auth again
Diffstat (limited to 'src/client.c')
| -rw-r--r-- | src/client.c | 115 |
1 files changed, 106 insertions, 9 deletions
diff --git a/src/client.c b/src/client.c index b49498f..d836467 100644 --- a/src/client.c +++ b/src/client.c @@ -17,7 +17,9 @@ void __attribute__((format(printf,1,2))) out(const char *fmt, ...) char *client_read(void) { - char *buf = malloc(BUFSZ); + char *buf; +tryagain: + buf = malloc(BUFSZ); memset(buf, 0, BUFSZ); if(read(client_fd, buf, BUFSZ - 1) < 0) error("lost connection"); @@ -27,9 +29,27 @@ char *client_read(void) if(!memcmp(buf, ctrlc, sizeof(ctrlc))) exit(0); + printf("Read '%s'\n", buf); + if(buf[0] & 0x80) + { + free(buf); + goto tryagain; + } + return buf; } +void all_upper(char *s) +{ + while(*s) + { + *s = toupper(*s); + s++; + } +} + +#define WSPACE " \t\r\n" + void client_main(int fd, struct sockaddr_in *addr, int total) { client_fd = fd; @@ -50,17 +70,19 @@ void client_main(int fd, struct sockaddr_in *addr, int total) int authlevel; + char *current_user; + /* auth loop */ while(1) { out("login: "); - char *user = client_read(); + current_user = client_read(); out("Password: "); char *pass = client_read(); - printf("pass is %s\n", pass); - struct authinfo_t auth = auth_check(user, pass); - free(user); + struct authinfo_t auth = auth_check(current_user, pass); + memset(pass, 0, strlen(pass)); free(pass); + authlevel = auth.authlevel; if(auth.success) { @@ -69,26 +91,101 @@ void client_main(int fd, struct sockaddr_in *addr, int total) } else { + free(current_user); out("Access Denied.\n\n"); if(++failures >= MAX_FAILURES) return; } } + /* something has gone wrong, but we are here for some reason */ + if(authlevel == PRIV_NONE) + return; + + bool admin = (authlevel == PRIV_ADMIN); + /* authenticated */ while(1) { out(">> "); char *cmd = client_read(); - char *tok = strtok(cmd, " \t\r\n"); + char *save = NULL; + + char *tok = strtok_r(cmd, WSPACE, &save); + + all_upper(tok); - if(!strcmp(tok, "USER")) + if(admin) { - void change_user(const char *name2, const char *pass2, int level); - add_user("admin", "test", 0); + if(!strcmp(tok, "USER")) + { + char *what = strtok_r(NULL, WSPACE, &save); + all_upper(what); + + if(!strcmp(what, "DEL")) + { + char *user = strtok_r(NULL, WSPACE, &save); + if(user) + { + if(strcmp(user, current_user) && auth_remove(user)) + out("Success.\n"); + else + out("Failure.\n"); + } + else + { + out("Usage: USER DEL <USERNAME>\n"); + } + } + else if(!strcmp(what, "ADD") || !strcmp(what, "PASS")) + { + char *user = strtok_r(NULL, WSPACE, &save); + if(user) + { + if(!strcmp(user, current_user)) + { + out("Do not modify your own password using USER. User CHPASS instead.\n"); + goto next_cmd; + } + + out("Editing user '%s'\n", user); + + out("New Password (_DO_NOT_USE_A_VALUABLE_PASSWORD_): "); + + /* BAD BAD BAD BAD BAD BAD BAD CLEARTEXT PASSWORDS!!! */ + char *pass = client_read(); + + out("Admin privileges [y/N]? "); + char *allow_admin = client_read(); + int priv = PRIV_USER; + if(toupper(allow_admin[0]) == 'Y') + priv = PRIV_ADMIN; + + if(add_change_user(user, pass, priv)) + out("Success.\n"); + else + out("Failure.\n"); + memset(pass, 0, strlen(pass)); + free(pass); + } + else + out("Usage: USER ADD|CHANGE <USERNAME>\n"); + } + } } + if(!strcmp(tok, "QUIT")) + { + free(cmd); + goto done; + } + + next_cmd: + free(cmd); } + +done: + free(current_user); } |