Back to index

webcit  8.12-dfsg
auth.c
Go to the documentation of this file.
00001 /*
00002  * These functions handle authentication of users to a Citadel server.
00003  *
00004  * Copyright (c) 1996-2012 by the citadel.org team
00005  *
00006  * This program is open source software: you can redistribute it and/or modify
00007  * it under the terms of the GNU General Public License, version 3.
00008  *
00009  * This program is distributed in the hope that it will be useful,
00010  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00011  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00012  * GNU General Public License for more details.
00013  */
00014 
00015 #include "webcit.h"
00016 #include "webserver.h"
00017 #include <ctype.h>
00018 
00019 extern uint32_t hashlittle( const void *key, size_t length, uint32_t initval);
00020 
00021 /*
00022  * Access level definitions.  This is initialized from a function rather than a
00023  * static array so that the strings may be localized.
00024  */
00025 char *axdefs[7]; 
00026 
00027 void initialize_axdefs(void) {
00028 
00029        /* an erased user */
00030        axdefs[0] = _("Deleted");       
00031 
00032        /* a new user */
00033        axdefs[1] = _("New User");      
00034 
00035        /* a trouble maker */
00036        axdefs[2] = _("Problem User");  
00037 
00038        /* user with normal privileges */
00039        axdefs[3] = _("Local User");    
00040 
00041        /* a user that may access network resources */
00042        axdefs[4] = _("Network User");  
00043 
00044        /* a moderator */
00045        axdefs[5] = _("Preferred User");
00046 
00047        /* chief */
00048        axdefs[6] = _("Aide");          
00049 }
00050 
00051 
00052 
00053 /* 
00054  * Display the login screen
00055  * mesg = the error message if last attempt failed.
00056  */
00057 void display_login(void)
00058 {
00059        begin_burst();
00060        output_headers(1, 0, 0, 0, 1, 0);
00061        do_template("login");
00062        end_burst();
00063 }
00064 
00065 
00066 
00067 
00068 
00069 /* Initialize the session
00070  *
00071  * This function needs to get called whenever the session changes from
00072  * not-logged-in to logged-in, either by an explicit login by the user or
00073  * by a timed-out session automatically re-establishing with a little help
00074  * from the browser cookie.  Either way, we need to load access controls and
00075  * preferences from the server.
00076  *
00077  * user                     the username
00078  * pass                     his password
00079  * serv_response     The parameters returned from a Citadel USER or NEWU command
00080  */
00081 void become_logged_in(const StrBuf *user, const StrBuf *pass, StrBuf *serv_response)
00082 {
00083        wcsession *WCC = WC;
00084        StrBuf *Buf;
00085        StrBuf *FloorDiv;
00086 
00087        WCC->logged_in = 1;
00088 
00089        if (WCC->wc_fullname == NULL)
00090               WCC->wc_fullname = NewStrBufPlain(NULL, StrLength(serv_response));
00091        StrBufExtract_token(WCC->wc_fullname, serv_response, 0, '|');
00092        StrBufCutLeft(WCC->wc_fullname, 4 );
00093        
00094        if (WCC->wc_username == NULL)
00095               WCC->wc_username = NewStrBufDup(user);
00096        else {
00097               FlushStrBuf(WCC->wc_username);
00098               StrBufAppendBuf(WCC->wc_username, user, 0);
00099        }
00100 
00101        if (WCC->wc_password == NULL)
00102               WCC->wc_password = NewStrBufDup(pass);
00103        else {
00104               FlushStrBuf(WCC->wc_password);
00105               StrBufAppendBuf(WCC->wc_password, pass, 0);
00106        }
00107 
00108        WCC->axlevel = StrBufExtract_int(serv_response, 1, '|');
00109        if (WCC->axlevel >= 6) {
00110               WCC->is_aide = 1;
00111        }
00112 
00113        load_preferences();
00114 
00115        Buf = NewStrBuf();
00116        serv_puts("CHEK");
00117        StrBuf_ServGetln(Buf);
00118        if (GetServerStatus(Buf, NULL) == 2) {
00119               const char *pch;
00120 
00121               pch = ChrPtr(Buf) + 4;
00122               /*WCC->new_mail  =*/ StrBufExtractNext_long(Buf, &pch, '|');
00123               WCC->need_regi = StrBufExtractNext_long(Buf, &pch, '|');
00124               WCC->need_vali = StrBufExtractNext_long(Buf, &pch, '|');
00125               if (WCC->cs_inet_email == NULL)
00126                      WCC->cs_inet_email  = NewStrBuf();
00127               StrBufExtract_NextToken(WCC->cs_inet_email, Buf, &pch, '|');
00128        }
00129        get_preference("floordiv_expanded", &FloorDiv);
00130        WCC->floordiv_expanded = FloorDiv;
00131        FreeStrBuf(&Buf);
00132        FlushRoomlist();
00133 }
00134 
00135 
00136 /* 
00137  * modal/ajax version of 'login' (username and password)
00138  */
00139 void ajax_login_username_password(void) {
00140        StrBuf *Buf = NewStrBuf();
00141 
00142        serv_printf("USER %s", bstr("name"));
00143        StrBuf_ServGetln(Buf);
00144        if (GetServerStatus(Buf, NULL) == 3) {
00145               serv_printf("PASS %s", bstr("pass"));
00146               StrBuf_ServGetln(Buf);
00147               if (GetServerStatus(Buf, NULL) == 2) {
00148                      become_logged_in(sbstr("name"), sbstr("pass"), Buf);
00149               }
00150        }
00151 
00152        /* The client is expecting to read back a citadel protocol response */
00153        wc_printf("%s", ChrPtr(Buf));
00154        FreeStrBuf(&Buf);
00155 }
00156 
00157 
00158 
00159 /* 
00160  * modal/ajax version of 'new user' (username and password)
00161  */
00162 void ajax_login_newuser(void) {
00163        StrBuf *NBuf = NewStrBuf();
00164        StrBuf *SBuf = NewStrBuf();
00165 
00166        serv_printf("NEWU %s", bstr("name"));
00167        StrBuf_ServGetln(NBuf);
00168        if (GetServerStatus(NBuf, NULL) == 2) {
00169               become_logged_in(sbstr("name"), sbstr("pass"), NBuf);
00170               serv_printf("SETP %s", bstr("pass"));
00171               StrBuf_ServGetln(SBuf);
00172        }
00173 
00174        /* The client is expecting to read back a citadel protocol response */
00175        wc_printf("%s", ChrPtr(NBuf));
00176        FreeStrBuf(&NBuf);
00177        FreeStrBuf(&SBuf);
00178 }
00179 
00180 
00181 
00182 /* 
00183  * Try to create an account manually after an OpenID was verified
00184  */
00185 void openid_manual_create(void)
00186 {
00187        StrBuf *Buf;
00188 
00189        /* Did the user change his mind?  Pack up and go home. */
00190        if (havebstr("exit_action")) {
00191               begin_burst();
00192               output_headers(1, 0, 0, 0, 1, 0);
00193               do_template("authpopup_finished");
00194               end_burst();
00195               return;
00196        }
00197 
00198 
00199        /* Ok, let's give this a try.  Can we create the new user? */
00200 
00201        Buf = NewStrBuf();
00202        serv_printf("OIDC %s", bstr("name"));
00203        StrBuf_ServGetln(Buf);
00204        if (GetServerStatus(Buf, NULL) == 2) {
00205               StrBuf *gpass;
00206 
00207               gpass = NewStrBuf();
00208               serv_puts("SETP GENERATE_RANDOM_PASSWORD");
00209               StrBuf_ServGetln(gpass);
00210               StrBufCutLeft(gpass, 4);
00211               become_logged_in(sbstr("name"), gpass, Buf);
00212               FreeStrBuf(&gpass);
00213        }
00214        FreeStrBuf(&Buf);
00215 
00216        /* Did we manage to log in?  If so, continue with the normal flow... */
00217        if (WC->logged_in) {
00218               if (WC->logged_in) {
00219                      begin_burst();
00220                      output_headers(1, 0, 0, 0, 1, 0);
00221                      do_template("authpopup_finished");
00222                      end_burst();
00223               }
00224        } else {
00225               /* Still no good!  Go back to teh dialog to select a username */
00226               const StrBuf *Buf;
00227               putbstr("__claimed_id", NewStrBufDup(sbstr("openid_url")));
00228               Buf = sbstr("name");
00229               if (StrLength(Buf) > 0)
00230                      putbstr("__username", NewStrBufDup(Buf));
00231               begin_burst();
00232               output_headers(1, 0, 0, 0, 1, 0);
00233               wc_printf("<html><body>");
00234               do_template("openid_manual_create");
00235               wc_printf("</body></html>");
00236               end_burst();
00237        }
00238 
00239 }
00240 
00241 
00242 /* 
00243  * Perform authentication using OpenID
00244  * assemble the checkid_setup request and then redirect to the user's identity provider
00245  */
00246 void do_openid_login(void)
00247 {
00248        char buf[4096];
00249 
00250        snprintf(buf, sizeof buf,
00251               "OIDS %s|%s/finalize_openid_login|%s",
00252               bstr("openid_url"),
00253               ChrPtr(site_prefix),
00254               ChrPtr(site_prefix)
00255        );
00256 
00257        serv_puts(buf);
00258        serv_getln(buf, sizeof buf);
00259        if (buf[0] == '2') {
00260               syslog(LOG_DEBUG, "OpenID server contacted; redirecting to %s\n", &buf[4]);
00261               http_redirect(&buf[4]);
00262               return;
00263        }
00264 
00265        begin_burst();
00266        output_headers(1, 0, 0, 0, 1, 0);
00267        wc_printf("<html><body>");
00268        escputs(&buf[4]);
00269        wc_printf("</body></html>");
00270        end_burst();
00271 }
00272 
00273 
00274 /* 
00275  * Complete the authentication using OpenID
00276  * This function handles the positive or negative assertion from the user's Identity Provider
00277  */
00278 void finalize_openid_login(void)
00279 {
00280        StrBuf *Buf;
00281        wcsession *WCC = WC;
00282        int linecount = 0;
00283        StrBuf *result = NULL;
00284        StrBuf *username = NULL;
00285        StrBuf *password = NULL;
00286        StrBuf *logged_in_response = NULL;
00287        StrBuf *claimed_id = NULL;
00288 
00289        if (havebstr("openid.mode")) {
00290               if (!strcasecmp(bstr("openid.mode"), "id_res")) {
00291                      Buf = NewStrBuf();
00292                      serv_puts("OIDF");
00293                      StrBuf_ServGetln(Buf);
00294                      if (GetServerStatus(Buf, NULL) == 8) {
00295                             urlcontent *u;
00296                             void *U;
00297                             long HKLen;
00298                             const char *HKey;
00299                             HashPos *Cursor;
00300                             int len;
00301                             
00302                             Cursor = GetNewHashPos (WCC->Hdr->urlstrings, 0);
00303                             while (GetNextHashPos(WCC->Hdr->urlstrings, Cursor, &HKLen, &HKey, &U)) {
00304                                    u = (urlcontent*) U;
00305                                    if (!strncasecmp(u->url_key, "openid.", 7)) {
00306                                           serv_printf("%s|%s", &u->url_key[7], ChrPtr(u->url_data));
00307                                    }
00308                             }
00309 
00310                             serv_puts("000");
00311 
00312                             linecount = 0;
00313                             while (len = StrBuf_ServGetln(Buf), 
00314                                    ((len >= 0) &&
00315                                    ((len != 3) || strcmp(ChrPtr(Buf), "000") )))
00316                             {
00317                                    if (linecount == 0) result = NewStrBufDup(Buf);
00318                                    if (!strcasecmp(ChrPtr(result), "authenticate")) {
00319                                           if (linecount == 1) {
00320                                                  username = NewStrBufDup(Buf);
00321                                           }
00322                                           else if (linecount == 2) {
00323                                                  password = NewStrBufDup(Buf);
00324                                           }
00325                                           else if (linecount == 3) {
00326                                                  logged_in_response = NewStrBufDup(Buf);
00327                                           }
00328                                    }
00329                                    else if (!strcasecmp(ChrPtr(result), "verify_only")) {
00330                                           if (linecount == 1) {
00331                                                  claimed_id = NewStrBufDup(Buf);
00332                                           }
00333                                           if (linecount == 2) {
00334                                                  username = NewStrBufDup(Buf);
00335                                           }
00336                                    }
00337                                    ++linecount;
00338                             }
00339                      }
00340                      FreeStrBuf(&Buf);
00341               }
00342        }
00343 
00344        /*
00345         * Is this an attempt to associate a new OpenID with an account that is already logged in?
00346         */
00347        if ( (WCC->logged_in) && (havebstr("attach_existing")) ) {
00348               display_openids();
00349        }
00350 
00351        /* If this operation logged us in, either by connecting with an existing account or by
00352         * auto-creating one using Simple Registration Extension, we're already on our way.
00353         */
00354        else if (!strcasecmp(ChrPtr(result), "authenticate")) {
00355               become_logged_in(username, password, logged_in_response);
00356 
00357               /* Did we manage to log in?  If so, continue with the normal flow... */
00358               if (WC->logged_in) {
00359                      begin_burst();
00360                      output_headers(1, 0, 0, 0, 1, 0);
00361                      do_template("authpopup_finished");
00362                      end_burst();
00363               } else {
00364                      begin_burst();
00365                      output_headers(1, 0, 0, 0, 1, 0);
00366                      wc_printf("<html><body>");
00367                      wc_printf(_("An error has occurred."));
00368                      wc_printf("</body></html>");
00369                      end_burst();
00370               }
00371        }
00372 
00373        /* The specified OpenID was verified but the desired user name was either not specified via SRE
00374         * or conflicts with an existing user.  Either way the user will need to specify a new name.
00375         */
00376        else if (!strcasecmp(ChrPtr(result), "verify_only")) {
00377               putbstr("__claimed_id", claimed_id);
00378               claimed_id = NULL;
00379               if (StrLength(username) > 0) {
00380                      putbstr("__username", username);
00381                      username = NULL;
00382               }
00383               begin_burst();
00384               output_headers(1, 0, 0, 0, 1, 0);
00385               wc_printf("<html><body>");
00386               do_template("openid_manual_create");
00387               wc_printf("</body></html>");
00388               end_burst();
00389        }
00390 
00391        /* Something went VERY wrong if we get to this point */
00392        else {
00393               syslog(1, "finalize_openid_login() failed to do anything.  This is a code problem.\n");
00394               begin_burst();
00395               output_headers(1, 0, 0, 0, 1, 0);
00396               wc_printf("<html><body>");
00397               wc_printf(_("An error has occurred."));
00398               wc_printf("</body></html>");
00399               end_burst();
00400        }
00401 
00402        FreeStrBuf(&result);
00403        FreeStrBuf(&username);
00404        FreeStrBuf(&password);
00405        FreeStrBuf(&claimed_id);
00406        FreeStrBuf(&logged_in_response);
00407 }
00408 
00409 
00410 /*
00411  * Display a welcome screen to the user.
00412  *
00413  * If this is the first time login, and the web based setup is enabled, 
00414  * lead the user through the setup routines
00415  */
00416 void do_welcome(void)
00417 {
00418        StrBuf *Buf;
00419 #ifdef XXX_NOT_FINISHED_YET_XXX
00420        FILE *fp;
00421        int i;
00422 
00426        if (WC->is_aide) {
00427               if (!setup_wizard) {
00428                      int len;
00429                      sprintf(wizard_filename, "setupwiz.%s.%s",
00430                             abs(HashLittle(ctdlhost, strlen(ctdlhost))),
00431                             abs(HashLittle(ctdlport, strlen(ctdlport)))
00432                      );
00433 
00434                      fp = fopen(wizard_filename, "r");
00435                      if (fp != NULL) {
00436                             fgets(buf, sizeof buf, fp);
00437                             buf[strlen(buf)-1] = 0;
00438                             fclose(fp);
00439                             if (atoi(buf) == serv_info.serv_rev_level) {
00440                                    setup_wizard = 1;    /* already run */
00441                             }
00442                      }
00443               }
00444 
00445               if (!setup_wizard) {
00446                      http_redirect("setup_wizard");
00447               }
00448        }
00449 #endif
00450 
00451        /*
00452         * Go to the user's preferred start page
00453         */
00454        if (!get_preference("startpage", &Buf)) {
00455               Buf = NewStrBuf ();
00456               StrBufPrintf(Buf, "dotskip?room=_BASEROOM_");
00457               set_preference("startpage", Buf, 1);
00458        }
00459        if (ChrPtr(Buf)[0] == '/') {
00460               StrBufCutLeft(Buf, 1);
00461        }
00462        if (StrLength(Buf) == 0) {
00463               StrBufAppendBufPlain(Buf, "dotgoto?room=_BASEROOM_", -1, 0);
00464        }
00465        syslog(9, "Redirecting to user's start page: %s\n", ChrPtr(Buf));
00466        http_redirect(ChrPtr(Buf));
00467 }
00468 
00469 
00470 /*
00471  * Disconnect from the Citadel server, and end this WebCit session
00472  */
00473 void end_webcit_session(void) {
00474        serv_puts("QUIT");
00475        WC->killthis = 1;
00476        /* close() of citadel socket will be done by do_housekeeping() */
00477 }
00478 
00479 
00480 /* 
00481  * Log out the session with the Citadel server
00482  */
00483 void do_logout(void)
00484 {
00485        wcsession *WCC = WC;
00486        char buf[SIZ];
00487 
00488        FlushStrBuf(WCC->wc_username);
00489        FlushStrBuf(WCC->wc_password);
00490        FlushStrBuf(WCC->wc_fullname);
00491        FlushRoomlist();
00492 
00493        serv_puts("LOUT");
00494        serv_getln(buf, sizeof buf);
00495        WCC->logged_in = 0;
00496 
00497        FlushStrBuf(WCC->CurRoom.name);
00498 
00499        /* Calling output_headers() this way causes the cookies to be un-set */
00500        output_headers(1, 1, 0, 1, 0, 0);
00501        do_template("logout");
00502        if (WC->serv_info->serv_supports_guest) {
00503               display_default_landing_page();
00504               return;
00505        }
00506 
00507        wDumpContent(2);
00508        end_webcit_session();
00509 }
00510 
00511 
00512 /* 
00513  * Special page for monitoring scripts etc
00514  */
00515 void monitor(void)
00516 {
00517        output_headers(0, 0, 0, 0, 0, 0);
00518 
00519        hprintf("Content-type: text/plain\r\n"
00520               "Server: " PACKAGE_STRING "\r\n"
00521               "Connection: close\r\n"
00522        );
00523        begin_burst();
00524 
00525        wc_printf("Connection to Citadel server at %s:%s : %s\r\n",
00526               ctdlhost, ctdlport,
00527               (WC->connected ? "SUCCESS" : "FAIL")
00528        );
00529 
00530        wDumpContent(0);
00531 }
00532 
00533 
00534 /*
00535  * validate new users
00536  */
00537 void validate(void)
00538 {
00539        char cmd[SIZ];
00540        char user[SIZ];
00541        char buf[SIZ];
00542        int a;
00543 
00544        output_headers(1, 1, 1, 0, 0, 0);
00545 
00546         do_template("box_begin_1");
00547         StrBufAppendBufPlain(WC->WBuf, _("Validate new users"), -1, 0);
00548         do_template("box_begin_2");
00549 
00550        /* If the user just submitted a validation, process it... */
00551        safestrncpy(buf, bstr("user"), sizeof buf);
00552        if (!IsEmptyStr(buf)) {
00553               if (havebstr("axlevel")) {
00554                      serv_printf("VALI %s|%s", buf, bstr("axlevel"));
00555                      serv_getln(buf, sizeof buf);
00556                      if (buf[0] != '2') {
00557                             wc_printf("<b>%s</b><br>\n", &buf[4]);
00558                      }
00559               }
00560        }
00561 
00562        /* Now see if any more users require validation. */
00563        serv_puts("GNUR");
00564        serv_getln(buf, sizeof buf);
00565        if (buf[0] == '2') {
00566               wc_printf("<b>");
00567               wc_printf(_("No users require validation at this time."));
00568               wc_printf("</b><br>\n");
00569               wDumpContent(1);
00570               return;
00571        }
00572        if (buf[0] != '3') {
00573               wc_printf("<b>%s</b><br>\n", &buf[4]);
00574               wDumpContent(1);
00575               return;
00576        }
00577 
00578        wc_printf("<table class=\"auth_validate\"><tr><td>\n");
00579        wc_printf("<div id=\"validate\">");
00580 
00581        safestrncpy(user, &buf[4], sizeof user);
00582        serv_printf("GREG %s", user);
00583        serv_getln(cmd, sizeof cmd);
00584        if (cmd[0] == '1') {
00585               a = 0;
00586               do {
00587                      serv_getln(buf, sizeof buf);
00588                      ++a;
00589                      if (a == 1)
00590                             wc_printf("#%s<br><H1>%s</H1>",
00591                                    buf, &cmd[4]);
00592                      if (a == 2) {
00593                             char *pch;
00594                             int haveChar = 0;
00595                             int haveNum = 0;
00596                             int haveOther = 0;
00597                             int haveLong = 0;
00598                             pch = buf;
00599                             while (!IsEmptyStr(pch))
00600                             {
00601                                    if (isdigit(*pch))
00602                                           haveNum = 1;
00603                                    else if (isalpha(*pch))
00604                                           haveChar = 1;
00605                                    else
00606                                           haveOther = 1;
00607                                    pch ++;
00608                             }
00609                             if (pch - buf > 7)
00610                                    haveLong = 1;
00611                             switch (haveLong + 
00612                                    haveChar + 
00613                                    haveNum + 
00614                                    haveOther)
00615                             {
00616                             case 0:
00617                                    pch = _("very weak");
00618                                    break;
00619                             case 1:
00620                                    pch = _("weak");
00621                                    break;
00622                             case 2:
00623                                    pch = _("ok");
00624                                    break;
00625                             case 3:
00626                             default:
00627                                    pch = _("strong");
00628                             }
00629 
00630                             wc_printf("PW: %s<br>\n", pch);
00631                      }
00632                      if (a == 3)
00633                             wc_printf("%s<br>\n", buf);
00634                      if (a == 4)
00635                             wc_printf("%s<br>\n", buf);
00636                      if (a == 5)
00637                             wc_printf("%s, ", buf);
00638                      if (a == 6)
00639                             wc_printf("%s ", buf);
00640                      if (a == 7)
00641                             wc_printf("%s<br>\n", buf);
00642                      if (a == 8)
00643                             wc_printf("%s<br>\n", buf);
00644                      if (a == 9)
00645                             wc_printf(_("Current access level: %d (%s)\n"),
00646                                    atoi(buf), axdefs[atoi(buf)]);
00647               } while (strcmp(buf, "000"));
00648        } else {
00649               wc_printf("<H1>%s</H1>%s<br>\n", user, &cmd[4]);
00650        }
00651 
00652        wc_printf("<hr />");
00653        wc_printf(_("Select access level for this user:"));
00654        wc_printf("<br>\n");
00655        for (a = 0; a <= 6; ++a) {
00656               wc_printf("<a href=\"validate?nonce=%d?user=", WC->nonce);
00657               urlescputs(user);
00658               wc_printf("&axlevel=%d\">%s</A>&nbsp;&nbsp;&nbsp;\n",
00659                      a, axdefs[a]);
00660        }
00661        wc_printf("<br>\n");
00662 
00663        wc_printf("</div>\n");
00664        wc_printf("</td></tr></table>\n");
00665        do_template("box_end");
00666        wDumpContent(1);
00667 }
00668 
00669 
00670 /*
00671  * Display form for registration.
00672  *
00673  * (Set during_login to 1 if this registration is being performed during
00674  * new user login and will require chaining to the proper screen.)
00675  */
00676 void display_reg(int during_login)
00677 {
00678        folder Room;
00679        StrBuf *Buf;
00680        message_summary *VCMsg = NULL;
00681        wc_mime_attachment *VCAtt = NULL;
00682        long vcard_msgnum;
00683 
00684        Buf = NewStrBuf();
00685        memset(&Room, 0, sizeof(folder));
00686        if (goto_config_room(Buf, &Room) != 0) {
00687               syslog(9, "display_reg() exiting because goto_config_room() failed\n");
00688               if (during_login) {
00689                      pop_destination();
00690               }
00691               else {
00692                      display_main_menu();
00693               }
00694               FreeStrBuf(&Buf);
00695               FlushFolder(&Room);         
00696               return;
00697        }
00698        FlushFolder(&Room);
00699 
00700        FreeStrBuf(&Buf);
00701        vcard_msgnum = locate_user_vcard_in_this_room(&VCMsg, &VCAtt);
00702        if (vcard_msgnum < 0L) {
00703               syslog(9, "display_reg() exiting because locate_user_vcard_in_this_room() failed\n");
00704               if (during_login) {
00705                      pop_destination();
00706               }
00707               else {
00708                      display_main_menu();
00709               }
00710               return;
00711        }
00712 
00713        if (during_login) {
00714               do_edit_vcard(vcard_msgnum, "1", VCMsg, VCAtt, "pop", USERCONFIGROOM);
00715        }
00716        else {
00717               StrBuf *ReturnTo;
00718               ReturnTo = NewStrBufPlain(HKEY("display_main_menu?go="));
00719               StrBufAppendBuf(ReturnTo, WC->CurRoom.name, 0);
00720               do_edit_vcard(vcard_msgnum, "1", VCMsg, VCAtt, ChrPtr(ReturnTo), USERCONFIGROOM);
00721               FreeStrBuf(&ReturnTo);
00722        }
00723 
00724 }
00725 
00726 /*
00727  * change password
00728  * if passwords match, propagate it to citserver.
00729  */
00730 void changepw(void)
00731 {
00732        StrBuf *Line;
00733        char newpass1[32], newpass2[32];
00734 
00735        if (!havebstr("change_action")) {
00736               AppendImportantMessage(_("Cancelled.  Password was not changed."), -1);
00737               display_main_menu();
00738               return;
00739        }
00740 
00741        safestrncpy(newpass1, bstr("newpass1"), sizeof newpass1);
00742        safestrncpy(newpass2, bstr("newpass2"), sizeof newpass2);
00743 
00744        if (strcasecmp(newpass1, newpass2)) {
00745               AppendImportantMessage(_("They don't match.  Password was not changed."), -1);
00746               do_template("menu_change_pw");
00747               return;
00748        }
00749 
00750        if (IsEmptyStr(newpass1)) {
00751               AppendImportantMessage(_("Blank passwords are not allowed."), -1);
00752               do_template("menu_change_pw");
00753               return;
00754        }
00755 
00756        Line = NewStrBuf();
00757        serv_printf("SETP %s", newpass1);
00758        StrBuf_ServGetln(Line);
00759        if (GetServerStatusMsg(Line, NULL, 1, 0) == 2) {
00760               if (WC->wc_password == NULL)
00761                      WC->wc_password = NewStrBufPlain(
00762                             ChrPtr(Line) + 4, 
00763                             StrLength(Line) - 4);
00764               else {
00765                      FlushStrBuf(WC->wc_password);
00766                      StrBufAppendBufPlain(WC->wc_password,  
00767                                         ChrPtr(Line) + 4, 
00768                                         StrLength(Line) - 4, 0);
00769               }
00770               display_main_menu();
00771        }
00772        else {
00773               do_template("menu_change_pw");
00774        }
00775        FreeStrBuf(&Line);
00776 }
00777 
00778 
00779 int ConditionalHaveAccessCreateRoom(StrBuf *Target, WCTemplputParams *TP)
00780 {
00781        StrBuf *Buf;  
00782 
00783        Buf = NewStrBuf();
00784        serv_puts("CRE8 0");
00785        StrBuf_ServGetln(Buf);
00786 
00787        if (GetServerStatus(Buf, NULL) == 2) {
00788               StrBufCutLeft(Buf, 4);
00789               AppendImportantMessage(SKEY(Buf));
00790               FreeStrBuf(&Buf);
00791               return 0;
00792        }
00793        FreeStrBuf(&Buf);
00794        return 1;
00795 }
00796 
00797 
00798 int ConditionalAide(StrBuf *Target, WCTemplputParams *TP)
00799 {
00800        wcsession *WCC = WC;
00801        return (WCC != NULL) ? ((WCC->logged_in == 0)||(WC->is_aide == 0)) : 0;
00802 }
00803 
00804 
00805 int ConditionalIsLoggedIn(StrBuf *Target, WCTemplputParams *TP) 
00806 {
00807        wcsession *WCC = WC;
00808        return (WCC != NULL) ? (WCC->logged_in == 0) : 0;
00809 
00810 }
00811 
00812 
00813 /* 
00814  * toggle the session over to a different language
00815  */
00816 void switch_language(void) {
00817        set_selected_language(bstr("lang"));
00818        pop_destination();
00819 }
00820 
00821 
00822 void _display_reg(void) {
00823        display_reg(0);
00824 }
00825 
00826 
00827 void Header_HandleAuth(StrBuf *Line, ParsedHttpHdrs *hdr)
00828 {
00829        if (hdr->HR.got_auth == NO_AUTH) /* don't override cookie auth... */
00830        {
00831               if (strncasecmp(ChrPtr(Line), "Basic", 5) == 0) {
00832                      StrBufCutLeft(Line, 6);
00833                      StrBufDecodeBase64(Line);
00834                      hdr->HR.plainauth = Line;
00835                      hdr->HR.got_auth = AUTH_BASIC;
00836               }
00837               else 
00838                      syslog(1, "Authentication scheme not supported! [%s]\n", ChrPtr(Line));
00839        }
00840 }
00841 
00842 
00843 void CheckAuthBasic(ParsedHttpHdrs *hdr)
00844 {
00845 /*
00846   todo: enable this if we can have other sessions than authenticated ones.
00847        if (hdr->DontNeedAuth)
00848               return;
00849 */
00850        StrBufAppendBufPlain(hdr->HR.plainauth, HKEY(":"), 0);
00851        StrBufAppendBuf(hdr->HR.plainauth, hdr->HR.user_agent, 0);
00852 }
00853 
00854 
00855 void GetAuthBasic(ParsedHttpHdrs *hdr)
00856 {
00857        const char *Pos = NULL;
00858        if (hdr->c_username == NULL)
00859               hdr->c_username = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_USER));
00860        if (hdr->c_password == NULL)
00861               hdr->c_password = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_PASS));
00862        StrBufExtract_NextToken(hdr->c_username, hdr->HR.plainauth, &Pos, ':');
00863        StrBufExtract_NextToken(hdr->c_password, hdr->HR.plainauth, &Pos, ':');
00864 }
00865 
00866 
00867 void Header_HandleCookie(StrBuf *Line, ParsedHttpHdrs *hdr)
00868 {
00869        const char *pch;
00870 /*
00871   todo: enable this if we can have other sessions than authenticated ones.
00872        if (hdr->DontNeedAuth)
00873               return;
00874 */
00875        pch = strstr(ChrPtr(Line), "webcit=");
00876        if (pch == NULL) {
00877               return;
00878        }
00879 
00880        hdr->HR.RawCookie = Line;
00881        StrBufCutLeft(hdr->HR.RawCookie, (pch - ChrPtr(hdr->HR.RawCookie)) + 7);
00882        StrBufDecodeHex(hdr->HR.RawCookie);
00883 
00884        cookie_to_stuff(Line, &hdr->HR.desired_session,
00885                      hdr->c_username,
00886                      hdr->c_password,
00887                      hdr->c_roomname,
00888                      hdr->c_language
00889        );
00890        hdr->HR.got_auth = AUTH_COOKIE;
00891 }
00892 
00893 
00894 void 
00895 HttpNewModule_AUTH
00896 (ParsedHttpHdrs *httpreq)
00897 {
00898        httpreq->c_username = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_USER));
00899        httpreq->c_password = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_PASS));
00900        httpreq->c_roomname = NewStrBuf();
00901        httpreq->c_language = NewStrBuf();
00902 }
00903 
00904 
00905 void 
00906 HttpDetachModule_AUTH
00907 (ParsedHttpHdrs *httpreq)
00908 {
00909        FLUSHStrBuf(httpreq->c_username);
00910        FLUSHStrBuf(httpreq->c_password);
00911        FLUSHStrBuf(httpreq->c_roomname);
00912        FLUSHStrBuf(httpreq->c_language);
00913 }
00914 
00915 
00916 void 
00917 HttpDestroyModule_AUTH
00918 (ParsedHttpHdrs *httpreq)
00919 {
00920        FreeStrBuf(&httpreq->c_username);
00921        FreeStrBuf(&httpreq->c_password);
00922        FreeStrBuf(&httpreq->c_roomname);
00923        FreeStrBuf(&httpreq->c_language);
00924 }
00925 
00926 
00927 void 
00928 InitModule_AUTH
00929 (void)
00930 {
00931        initialize_axdefs();
00932        RegisterHeaderHandler(HKEY("COOKIE"), Header_HandleCookie);
00933        RegisterHeaderHandler(HKEY("AUTHORIZATION"), Header_HandleAuth);
00934 
00935        /* no url pattern at all? Show login. */
00936        WebcitAddUrlHandler(HKEY(""), "", 0, do_welcome, ANONYMOUS|COOKIEUNNEEDED);
00937 
00938        WebcitAddUrlHandler(HKEY("do_welcome"), "", 0, do_welcome, ANONYMOUS|COOKIEUNNEEDED);
00939        WebcitAddUrlHandler(HKEY("openid_login"), "", 0, do_openid_login, ANONYMOUS);
00940        WebcitAddUrlHandler(HKEY("finalize_openid_login"), "", 0, finalize_openid_login, ANONYMOUS);
00941        WebcitAddUrlHandler(HKEY("openid_manual_create"), "", 0, openid_manual_create, ANONYMOUS);
00942        WebcitAddUrlHandler(HKEY("validate"), "", 0, validate, 0);
00943        WebcitAddUrlHandler(HKEY("do_welcome"), "", 0, do_welcome, 0);
00944        WebcitAddUrlHandler(HKEY("display_reg"), "", 0, _display_reg, 0);
00945        WebcitAddUrlHandler(HKEY("changepw"), "", 0, changepw, 0);
00946        WebcitAddUrlHandler(HKEY("termquit"), "", 0, do_logout, 0);
00947        WebcitAddUrlHandler(HKEY("do_logout"), "", 0, do_logout, ANONYMOUS|COOKIEUNNEEDED|FORCE_SESSIONCLOSE);
00948        WebcitAddUrlHandler(HKEY("monitor"), "", 0, monitor, ANONYMOUS|COOKIEUNNEEDED|FORCE_SESSIONCLOSE);
00949        WebcitAddUrlHandler(HKEY("ajax_login_username_password"), "", 0, ajax_login_username_password, AJAX|ANONYMOUS);
00950        WebcitAddUrlHandler(HKEY("ajax_login_newuser"), "", 0, ajax_login_newuser, AJAX|ANONYMOUS);
00951        WebcitAddUrlHandler(HKEY("switch_language"), "", 0, switch_language, ANONYMOUS);
00952        RegisterConditional(HKEY("COND:AIDE"), 2, ConditionalAide, CTX_NONE);
00953        RegisterConditional(HKEY("COND:LOGGEDIN"), 2, ConditionalIsLoggedIn, CTX_NONE);
00954        RegisterConditional(HKEY("COND:MAY_CREATE_ROOM"), 2,  ConditionalHaveAccessCreateRoom, CTX_NONE);
00955        return;
00956 }
00957 
00958 
00959 void 
00960 SessionDestroyModule_AUTH
00961 (wcsession *sess)
00962 {
00963        FreeStrBuf(&sess->wc_username);
00964        FreeStrBuf(&sess->wc_fullname);
00965        FreeStrBuf(&sess->wc_password);
00966        FreeStrBuf(&sess->httpauth_pass);
00967        FreeStrBuf(&sess->cs_inet_email);
00968 }