1 | /* |
---|
2 | ################################# |
---|
3 | # # |
---|
4 | # ORS_SERVER: USERDB # |
---|
5 | # manage user database # |
---|
6 | # # |
---|
7 | ################################# */ |
---|
8 | #include <stdio.h> |
---|
9 | #include <string.h> |
---|
10 | #include <stdlib.h> |
---|
11 | #include <memory.h> |
---|
12 | |
---|
13 | #include <ors_server.h> |
---|
14 | #include <ors_lib.h> |
---|
15 | #include <arbdb.h> |
---|
16 | #include <arbdbt.h> |
---|
17 | |
---|
18 | #include "ors_s_common.hxx" |
---|
19 | #include "ors_s_proto.hxx" |
---|
20 | |
---|
21 | #define ROOT_USERPATH "/" |
---|
22 | |
---|
23 | GBDATA *gb_userdb; |
---|
24 | |
---|
25 | // class functions |
---|
26 | //void ugl_struct::clear(void){ |
---|
27 | // memset((char *)this,0,sizeof(ugl_struct)); |
---|
28 | //} |
---|
29 | // contructor |
---|
30 | //ugl_struct::ugl_struct(void){ |
---|
31 | // clear(); |
---|
32 | //} |
---|
33 | // |
---|
34 | //ugl_struct user_gl; |
---|
35 | |
---|
36 | // loeschen mit user_gl.clear(); |
---|
37 | |
---|
38 | /************************************************************************************* |
---|
39 | open the user database |
---|
40 | *************************************************************************************/ |
---|
41 | GB_ERROR OS_open_userdb(void){ |
---|
42 | |
---|
43 | char *name = ORS_read_a_line_in_a_file(ORS_LIB_PATH "CONFIG","USER_DB"); //arb.user.db |
---|
44 | if (!name) ORS_export_error("Missing 'USER_DB' in '" ORS_LIB_PATH "CONFIG'"); |
---|
45 | |
---|
46 | gb_userdb = GB_open(name,"rwc"); |
---|
47 | if (!gb_userdb) return GB_get_error(); |
---|
48 | return 0; |
---|
49 | } |
---|
50 | |
---|
51 | /************************************************************************************* |
---|
52 | close the user database (save changes) |
---|
53 | *************************************************************************************/ |
---|
54 | extern "C" GB_ERROR OS_save_userdb(void){ |
---|
55 | static long last_saved=0; |
---|
56 | last_saved = GB_read_clock(gb_userdb); |
---|
57 | return GB_save(gb_userdb,0,"a"); |
---|
58 | } |
---|
59 | |
---|
60 | /***************************************************************************** |
---|
61 | CAN READ USER?? Return true or false |
---|
62 | *****************************************************************************/ |
---|
63 | int OS_can_read_user(ORS_local *locs) { |
---|
64 | static char *userpath = 0; |
---|
65 | delete userpath; |
---|
66 | userpath = OS_read_user_info_string(locs->userpath,"userpath"); |
---|
67 | if (!userpath) { |
---|
68 | delete locs->error; |
---|
69 | locs->error = strdup(ORS_export_error("user '%s' does not exist.",locs->userpath)); |
---|
70 | return 0; |
---|
71 | } |
---|
72 | return 1; |
---|
73 | } |
---|
74 | |
---|
75 | /***************************************************************************** |
---|
76 | CAN READ SEL_USER?? Return true or false |
---|
77 | *****************************************************************************/ |
---|
78 | int OS_can_read_sel_user(ORS_local *locs) { |
---|
79 | static char *userpath = 0; |
---|
80 | delete userpath; |
---|
81 | userpath = OS_read_user_info_string(locs->sel_userpath,"userpath"); |
---|
82 | if (!userpath) { |
---|
83 | delete locs->error; |
---|
84 | locs->error = strdup(ORS_export_error("sel_user '%s' does not exist.",locs->sel_userpath)); |
---|
85 | return 0; |
---|
86 | } |
---|
87 | return 1; |
---|
88 | } |
---|
89 | |
---|
90 | /***************************************************************************** |
---|
91 | USER EXISTS?? Return true or false |
---|
92 | *****************************************************************************/ |
---|
93 | int OS_user_exists_in_userdb(char *userpath) { |
---|
94 | static char *user = 0; |
---|
95 | delete user; |
---|
96 | user = OS_read_user_info_string(userpath,"userpath"); |
---|
97 | if (!user) return 0; |
---|
98 | else return 1; |
---|
99 | } |
---|
100 | |
---|
101 | /************************************************************************************* |
---|
102 | INSERT NEW USER into user database |
---|
103 | no authorisation here! |
---|
104 | *************************************************************************************/ |
---|
105 | char *OS_new_user(ORS_local *locs) { |
---|
106 | |
---|
107 | if (!locs->sel_user || !*(locs->sel_user)) return strdup("sel_user not set."); |
---|
108 | if (!locs->sel_par_userpath || !*(locs->sel_par_userpath)) return strdup("You have to select a parent user."); |
---|
109 | |
---|
110 | char *new_userpath = OS_construct_sel_userpath(locs->sel_par_userpath, locs->sel_user); |
---|
111 | |
---|
112 | GB_begin_transaction(gb_userdb); |
---|
113 | GBDATA *gb_userpath = GB_find(gb_userdb,"userpath",new_userpath,down_2_level); |
---|
114 | if (gb_userpath){ |
---|
115 | GB_abort_transaction(gb_userdb); |
---|
116 | delete new_userpath; |
---|
117 | return ORS_export_error("user %s already exists",new_userpath); |
---|
118 | } |
---|
119 | if (OS_find_user_and_password(locs->sel_user, locs->sel_password)) { |
---|
120 | GB_abort_transaction(gb_userdb); |
---|
121 | delete new_userpath; |
---|
122 | return ORS_export_error("entered password is reserved - please choose a different one.",new_userpath); |
---|
123 | } |
---|
124 | |
---|
125 | |
---|
126 | GBDATA *gb_user = GB_create_container(gb_userdb,"user"); |
---|
127 | GBDATA *gb_field; |
---|
128 | |
---|
129 | gb_field = GB_create(gb_user,"userpath",GB_STRING); //! unique user identification as path /user1/user2/... |
---|
130 | GB_write_string(gb_field,new_userpath); |
---|
131 | |
---|
132 | gb_field = GB_create(gb_user,"user",GB_STRING); //! login name (unique together with password); equal to last element of userpath |
---|
133 | GB_write_string(gb_field,locs->sel_user); |
---|
134 | |
---|
135 | gb_field = GB_create(gb_user,"username",GB_STRING); //! user's full name |
---|
136 | GB_write_string(gb_field,locs->sel_username); |
---|
137 | |
---|
138 | gb_field = GB_create(gb_user,"password",GB_STRING); //! user's password |
---|
139 | GB_write_string(gb_field,locs->sel_password); |
---|
140 | |
---|
141 | gb_field = GB_create(gb_user,"is_author",GB_INT); //! author gets development environment |
---|
142 | GB_write_int(gb_field,locs->sel_is_author); |
---|
143 | |
---|
144 | gb_field = GB_create(gb_user,"is_superuser",GB_INT); //! superuser may access any user |
---|
145 | GB_write_int(gb_field,locs->sel_is_superuser); |
---|
146 | |
---|
147 | gb_field = GB_create(gb_user,"user_info",GB_STRING); //! info string, set by father |
---|
148 | GB_write_string(gb_field,locs->sel_user_info); |
---|
149 | |
---|
150 | gb_field = GB_create(gb_user,"user_own_info",GB_STRING); //! info string, set by user |
---|
151 | GB_write_string(gb_field,""); |
---|
152 | |
---|
153 | gb_field = GB_create(gb_user,"mail_addr",GB_STRING); //! mail addresses, seperated by newline |
---|
154 | GB_write_string(gb_field,locs->sel_mail_addr); |
---|
155 | |
---|
156 | gb_field = GB_create(gb_user,"www_home",GB_STRING); //! www home page |
---|
157 | GB_write_string(gb_field,locs->sel_www_home); |
---|
158 | |
---|
159 | gb_field = GB_create(gb_user,"pub_exist_max",GB_STRING); //! maximum existance level for probe data |
---|
160 | GB_write_string(gb_field,locs->sel_pub_exist_max); |
---|
161 | |
---|
162 | gb_field = GB_create(gb_user,"pub_content_max",GB_STRING); //! maximum content level for probe data |
---|
163 | GB_write_string(gb_field,locs->sel_pub_content_max); |
---|
164 | |
---|
165 | gb_field = GB_create(gb_user,"pub_exist_def",GB_STRING); //! default existance level for probe data |
---|
166 | GB_write_string(gb_field,new_userpath); // def=me |
---|
167 | |
---|
168 | gb_field = GB_create(gb_user,"pub_content_def",GB_STRING); //! default content level for probe data |
---|
169 | GB_write_string(gb_field,new_userpath); // def=me |
---|
170 | |
---|
171 | gb_field = GB_create(gb_user,"max_users",GB_INT); //! maximum number of sub users |
---|
172 | GB_write_int(gb_field,locs->sel_max_users); |
---|
173 | |
---|
174 | gb_field = GB_create(gb_user,"max_user_depth",GB_INT); //! maximum depth of sub user tree |
---|
175 | GB_write_int(gb_field,locs->sel_max_user_depth); |
---|
176 | |
---|
177 | gb_field = GB_create(gb_user,"curr_users",GB_INT); //! current number of users |
---|
178 | GB_write_int(gb_field,0); |
---|
179 | |
---|
180 | gb_field = GB_create(gb_user,"ta_id",GB_INT); //! transaction number |
---|
181 | GB_write_int(gb_field,0); |
---|
182 | |
---|
183 | GB_commit_transaction(gb_userdb); |
---|
184 | delete new_userpath; |
---|
185 | return strdup(""); |
---|
186 | } |
---|
187 | |
---|
188 | /************************************************************************************* |
---|
189 | UPDATE USER DATA in user database (PREFERENCES) |
---|
190 | return error message |
---|
191 | no authorisation here! |
---|
192 | *************************************************************************************/ |
---|
193 | char * OS_update_user(ORS_local *locs ) { |
---|
194 | GB_transaction dummy(gb_userdb); // keep transaction open until var scope ends |
---|
195 | |
---|
196 | if (!locs->userpath || !*(locs->userpath)) return strdup("userpath not set."); |
---|
197 | |
---|
198 | GBDATA *gb_userpath = GB_find(gb_userdb,"userpath",locs->userpath,down_2_level); |
---|
199 | if (!gb_userpath) return strdup("User not found (update_user)"); |
---|
200 | GBDATA *gb_user = GB_get_father(gb_userpath); |
---|
201 | GBDATA *gb_field; |
---|
202 | |
---|
203 | gb_field = GB_find(gb_user,"ta_id",0,down_level); |
---|
204 | int read_ta_id = GB_read_int(gb_field); |
---|
205 | if (read_ta_id != locs->user_ta_id) return strdup("User data has been changed in the meantime. Please reload update page."); |
---|
206 | |
---|
207 | static char *empty_pw = 0; |
---|
208 | delete empty_pw; |
---|
209 | empty_pw = ORS_crypt(""); |
---|
210 | |
---|
211 | if (locs->password && *locs->password && ORS_strcmp(locs->password, empty_pw)) |
---|
212 | OS_write_gb_user_info_string(gb_user,"password", locs->password); |
---|
213 | if (locs->username && *locs->username) OS_write_gb_user_info_string(gb_user,"username", locs->username); |
---|
214 | if (locs->user_own_info && *locs->user_own_info) OS_write_gb_user_info_string(gb_user,"user_own_info", locs->user_own_info); |
---|
215 | if (locs->mail_addr && *locs->mail_addr) OS_write_gb_user_info_string(gb_user,"mail_addr", locs->mail_addr); |
---|
216 | if (locs->www_home && *locs->www_home) OS_write_gb_user_info_string(gb_user,"www_home", locs->www_home); |
---|
217 | if (locs->pub_exist_def && *locs->pub_exist_def) OS_write_gb_user_info_string(gb_user,"pub_exist_def", locs->pub_exist_def); |
---|
218 | if (locs->pub_content_def && *locs->pub_content_def) OS_write_gb_user_info_string(gb_user,"pub_content_def", locs->pub_content_def); |
---|
219 | |
---|
220 | OS_write_gb_user_info_int(gb_user,"is_author", locs->is_author); |
---|
221 | OS_write_gb_user_info_int(gb_user,"is_superuser", locs->is_superuser); |
---|
222 | OS_write_gb_user_info_int(gb_user,"ta_id", ++read_ta_id); |
---|
223 | |
---|
224 | return strdup(""); |
---|
225 | } |
---|
226 | |
---|
227 | /************************************************************************************* |
---|
228 | UPDATE SEL_USER DATA in user database |
---|
229 | return strdup(error message) |
---|
230 | no authorisation here! |
---|
231 | *************************************************************************************/ |
---|
232 | char * OS_update_sel_user(ORS_local *locs ) { |
---|
233 | GB_transaction dummy(gb_userdb); // keep transaction open until var scope ends |
---|
234 | |
---|
235 | if (!locs->sel_userpath || !*(locs->sel_userpath)) return strdup("sel_userpath not set."); |
---|
236 | |
---|
237 | GBDATA *gb_userpath = GB_find(gb_userdb,"userpath",locs->sel_userpath,down_2_level); |
---|
238 | if (!gb_userpath) return strdup("User not found (update_sel_user)"); |
---|
239 | GBDATA *gb_user = GB_get_father(gb_userpath); |
---|
240 | GBDATA *gb_field; |
---|
241 | |
---|
242 | gb_field = GB_find(gb_user,"ta_id",0,down_level); |
---|
243 | int read_ta_id = GB_read_int(gb_field); |
---|
244 | if (read_ta_id != locs->sel_user_ta_id) |
---|
245 | return strdup("User data has been changed in the meantime. Please reload your update page."); |
---|
246 | |
---|
247 | // parent was changed |
---|
248 | static char *new_userpath = 0; |
---|
249 | delete new_userpath; |
---|
250 | if (locs->sel_par_userpath && *locs->sel_par_userpath) { |
---|
251 | new_userpath = OS_construct_sel_userpath(locs->sel_par_userpath, locs->sel_user); |
---|
252 | |
---|
253 | if (strcmp(locs->sel_userpath,new_userpath)) { // parent was changed |
---|
254 | GBDATA *gb_does_exist = GB_find(gb_userdb,"userpath",new_userpath,down_2_level); |
---|
255 | if (gb_does_exist){ |
---|
256 | return ORS_export_error("You can not change parent to %s, because user %s already exists.", |
---|
257 | locs->sel_par_userpath, new_userpath); |
---|
258 | } |
---|
259 | |
---|
260 | return OS_change_sel_parent_user(locs, locs->sel_userpath, new_userpath); |
---|
261 | } |
---|
262 | } |
---|
263 | |
---|
264 | static char *empty_pw = 0; |
---|
265 | delete empty_pw; |
---|
266 | empty_pw = ORS_crypt(""); |
---|
267 | |
---|
268 | static char *read_data = 0; |
---|
269 | delete read_data; |
---|
270 | |
---|
271 | if (locs->sel_password && *locs->sel_password && ORS_strcmp(locs->sel_password, empty_pw)) |
---|
272 | OS_write_gb_user_info_string(gb_user,"password", locs->sel_password); |
---|
273 | if (locs->sel_username && *locs->sel_username) OS_write_gb_user_info_string(gb_user,"username", locs->sel_username); |
---|
274 | if (locs->sel_user_info && *locs->sel_user_info) OS_write_gb_user_info_string(gb_user,"user_info", locs->sel_user_info); |
---|
275 | if (locs->sel_mail_addr && *locs->sel_mail_addr) OS_write_gb_user_info_string(gb_user,"mail_addr", locs->sel_mail_addr); |
---|
276 | if (locs->sel_www_home && *locs->sel_www_home) OS_write_gb_user_info_string(gb_user,"www_home", locs->sel_www_home); |
---|
277 | if (locs->sel_pub_exist_max && *locs->sel_pub_exist_max) { |
---|
278 | OS_write_gb_user_info_string(gb_user,"pub_exist_max", locs->sel_pub_exist_max); |
---|
279 | if (!ORS_is_parent_or_equal(locs->sel_pub_exist_max, read_data=OS_read_user_info_string(new_userpath, "pub_exist_def") ) ) |
---|
280 | OS_write_gb_user_info_string(gb_user,"pub_exist_def", locs->sel_pub_exist_max); |
---|
281 | } |
---|
282 | if (locs->sel_pub_content_max && *locs->sel_pub_content_max) { |
---|
283 | OS_write_gb_user_info_string(gb_user,"pub_content_max", locs->sel_pub_content_max); |
---|
284 | if (!ORS_is_parent_or_equal(locs->sel_pub_content_max, read_data=OS_read_user_info_string(new_userpath, "pub_content_def") ) ) |
---|
285 | OS_write_gb_user_info_string(gb_user,"pub_content_def", locs->sel_pub_content_max); |
---|
286 | } |
---|
287 | |
---|
288 | OS_write_gb_user_info_int(gb_user,"max_users", locs->sel_max_users); |
---|
289 | OS_write_gb_user_info_int(gb_user,"max_user_depth", locs->sel_max_user_depth); |
---|
290 | OS_write_gb_user_info_int(gb_user,"is_author", locs->sel_is_author); |
---|
291 | OS_write_gb_user_info_int(gb_user,"is_superuser", locs->sel_is_superuser); |
---|
292 | OS_write_gb_user_info_int(gb_user,"ta_id", ++read_ta_id); |
---|
293 | |
---|
294 | return strdup(""); |
---|
295 | } |
---|
296 | |
---|
297 | /************************************************************************************* |
---|
298 | CHANGE PARENT of SEL_USER in user database |
---|
299 | return error message |
---|
300 | no authorisation here! |
---|
301 | *************************************************************************************/ |
---|
302 | char * OS_change_sel_parent_user(ORS_local *locs, char *old_userpath, char *new_userpath) { |
---|
303 | GB_transaction dummy(gb_userdb); // keep transaction open until var scope ends |
---|
304 | |
---|
305 | GBDATA *gb_userpath = GB_find(gb_userdb,"userpath",old_userpath,down_2_level); |
---|
306 | if (!gb_userpath) return strdup("User not found (change_sel_par)"); |
---|
307 | GBDATA *gb_user = GB_get_father(gb_userpath); |
---|
308 | |
---|
309 | // change all authors and owners of all probes |
---|
310 | OS_probe_user_transfer(locs, old_userpath, new_userpath, "*"); |
---|
311 | |
---|
312 | // change user itself |
---|
313 | GBDATA *gb_field = GB_find(gb_user,"userpath",0,down_level); |
---|
314 | GB_write_string(gb_field,new_userpath); |
---|
315 | |
---|
316 | return strdup(""); |
---|
317 | } |
---|
318 | |
---|
319 | /************************************************************************************* |
---|
320 | DELETE SEL_USER DATA from user database |
---|
321 | return error message |
---|
322 | no authorisation here! |
---|
323 | *************************************************************************************/ |
---|
324 | char * OS_delete_sel_user(ORS_local *locs ) { |
---|
325 | GB_transaction dummy(gb_userdb); // keep transaction open until var scope ends |
---|
326 | |
---|
327 | if (!locs->sel_userpath || !*(locs->sel_userpath)) return strdup("sel_userpath not set."); |
---|
328 | |
---|
329 | GBDATA *gb_userpath = GB_find(gb_userdb,"userpath",locs->sel_userpath,down_2_level); |
---|
330 | if (!gb_userpath) return strdup("User not found (update_sel_user)"); |
---|
331 | GBDATA *gb_user = GB_get_father(gb_userpath); |
---|
332 | |
---|
333 | GB_delete(gb_user); |
---|
334 | return 0; |
---|
335 | } |
---|
336 | |
---|
337 | /************************************************************************************* |
---|
338 | READ USER FIELD INFORMATION from user database (INTEGER) |
---|
339 | return data or -1 |
---|
340 | no authorisation here! |
---|
341 | *************************************************************************************/ |
---|
342 | int OS_read_user_info_int(char *userpath, char *fieldname){ |
---|
343 | GB_transaction dummy(gb_userdb); // keep transaction open until var scope ends |
---|
344 | GBDATA *gb_userpath = GB_find(gb_userdb,"userpath",userpath,down_2_level); |
---|
345 | if (!gb_userpath) return -1; |
---|
346 | GBDATA *gb_user = GB_get_father(gb_userpath); |
---|
347 | GBDATA *gb_field = GB_find(gb_user,fieldname,0,down_level); |
---|
348 | if (!gb_field) return -1; |
---|
349 | return GB_read_int(gb_field); |
---|
350 | } |
---|
351 | |
---|
352 | /************************************************************************************* |
---|
353 | READ USER FIELD INFORMATION from user database |
---|
354 | return data or NULL |
---|
355 | no authorisation here! |
---|
356 | *************************************************************************************/ |
---|
357 | char * OS_read_user_info_string(char *userpath, char *fieldname){ |
---|
358 | GB_transaction dummy(gb_userdb); // keep transaction open until var scope ends |
---|
359 | GBDATA *gb_userpath = GB_find(gb_userdb,"userpath",userpath,down_2_level); |
---|
360 | if (!gb_userpath) return NULL; |
---|
361 | GBDATA *gb_user = GB_get_father(gb_userpath); |
---|
362 | GBDATA *gb_field = GB_find(gb_user,fieldname,0,down_level); |
---|
363 | if (!gb_field) return NULL; |
---|
364 | return GB_read_string(gb_field); |
---|
365 | } |
---|
366 | /************************************************************************************* |
---|
367 | FIND USER via USER + PASSWORD from user database |
---|
368 | return userpath or NULL |
---|
369 | *************************************************************************************/ |
---|
370 | char * OS_find_user_and_password(char *user, char *password){ |
---|
371 | GB_transaction dummy(gb_userdb); // keep transaction open until var scope ends |
---|
372 | |
---|
373 | //char *userpath=0; |
---|
374 | GBDATA *gb_userpath; |
---|
375 | GBDATA *gb_user; |
---|
376 | GBDATA *gb_field; |
---|
377 | |
---|
378 | // slash contained: look for full userpath |
---|
379 | if (strchr(user,'/')) { |
---|
380 | gb_userpath = GB_find(gb_userdb,"userpath",user,down_2_level); |
---|
381 | if (!gb_userpath) return NULL; |
---|
382 | gb_user = GB_get_father(gb_userpath); |
---|
383 | gb_field = GB_find(gb_user,"password",0,down_level); |
---|
384 | if (!gb_field) return NULL; |
---|
385 | if (strcmp(GB_read_string(gb_field),password)) return NULL; |
---|
386 | return strdup(user); |
---|
387 | } |
---|
388 | |
---|
389 | // user + password: look for a record with both matching |
---|
390 | for (gb_userpath = GB_find(gb_userdb,"user",user,down_2_level); |
---|
391 | gb_userpath; |
---|
392 | gb_userpath = GB_find(gb_user,"user",user,down_level|search_next) ) { |
---|
393 | |
---|
394 | gb_user = GB_get_father(gb_userpath); |
---|
395 | gb_field = GB_find(gb_user,"password",0,down_level); |
---|
396 | if (!strcmp(GB_read_string(gb_field),password)) { |
---|
397 | gb_user = GB_get_father(gb_userpath); |
---|
398 | gb_field = GB_find(gb_user,"userpath",0,down_level); |
---|
399 | return GB_read_string(gb_field); |
---|
400 | } |
---|
401 | } |
---|
402 | return NULL; |
---|
403 | } |
---|
404 | |
---|
405 | /************************************************************************************* |
---|
406 | WRITE USER FIELD INFORMATION into user database |
---|
407 | a non existing field is being created |
---|
408 | return error message or NULL |
---|
409 | no authorisation here! |
---|
410 | *************************************************************************************/ |
---|
411 | GB_ERROR OS_write_user_info_string(char *userpath, char *fieldname, char *content){ |
---|
412 | GB_transaction dummy(gb_userdb); // keep transaction open until var scope ends |
---|
413 | GBDATA *gb_userpath = GB_find(gb_userdb,"userpath",userpath,down_2_level); |
---|
414 | if (!gb_userpath) return "Userpath not found (1)!!"; |
---|
415 | |
---|
416 | GBDATA *gb_user = GB_get_father(gb_userpath); |
---|
417 | GBDATA *gb_field = GB_find(gb_user,fieldname,0,down_level); |
---|
418 | if (!gb_field) gb_field = GB_create(gb_user,fieldname,GB_STRING); |
---|
419 | |
---|
420 | return GB_write_string(gb_field,content); |
---|
421 | } |
---|
422 | /************************************************************************************* |
---|
423 | WRITE USER FIELD INFORMATION (INTEGER) into user database |
---|
424 | a non existing field is being created |
---|
425 | return error message or NULL |
---|
426 | no authorisation here! |
---|
427 | *************************************************************************************/ |
---|
428 | GB_ERROR OS_write_user_info_int(char *userpath, char *fieldname, int content){ |
---|
429 | GB_transaction dummy(gb_userdb); // keep transaction open until var scope ends |
---|
430 | GBDATA *gb_userpath = GB_find(gb_userdb,"userpath",userpath,down_2_level); |
---|
431 | if (!gb_userpath) return "userpath not found (2)!!"; |
---|
432 | |
---|
433 | GBDATA *gb_user = GB_get_father(gb_userpath); |
---|
434 | GBDATA *gb_field = GB_find(gb_user,fieldname,0,down_level); |
---|
435 | if (!gb_field) gb_field = GB_create(gb_user,fieldname,GB_INT); |
---|
436 | |
---|
437 | return GB_write_int(gb_field,content); |
---|
438 | } |
---|
439 | /************************************************************************************* |
---|
440 | WRITE USER FIELD INFORMATION into user database WITH EXISTING GB_USER |
---|
441 | a non existing field is being created |
---|
442 | return error message or NULL |
---|
443 | no authorisation here! |
---|
444 | *************************************************************************************/ |
---|
445 | GB_ERROR OS_write_gb_user_info_string(GBDATA *gb_user, char *fieldname, char *content){ |
---|
446 | GB_transaction dummy(gb_userdb); // keep transaction open until var scope ends |
---|
447 | |
---|
448 | GBDATA *gb_field = GB_find(gb_user,fieldname,0,down_level); |
---|
449 | if (!gb_field) gb_field = GB_create(gb_user,fieldname,GB_STRING); |
---|
450 | |
---|
451 | return GB_write_string(gb_field,content); |
---|
452 | } |
---|
453 | /************************************************************************************* |
---|
454 | WRITE USER FIELD INFORMATION INT into user database WITH EXISTING GB_USER |
---|
455 | a non existing field is being created |
---|
456 | return error message or NULL |
---|
457 | no authorisation here! |
---|
458 | *************************************************************************************/ |
---|
459 | GB_ERROR OS_write_gb_user_info_int(GBDATA *gb_user, char *fieldname, int content){ |
---|
460 | GB_transaction dummy(gb_userdb); // keep transaction open until var scope ends |
---|
461 | |
---|
462 | GBDATA *gb_field = GB_find(gb_user,fieldname,0,down_level); |
---|
463 | if (!gb_field) gb_field = GB_create(gb_user,fieldname,GB_INT); |
---|
464 | |
---|
465 | return GB_write_int(gb_field,content); |
---|
466 | } |
---|
467 | |
---|
468 | /************************************************************************************* |
---|
469 | validate dailypw and return user data if valid |
---|
470 | *************************************************************************************/ |
---|
471 | char * OS_read_dailypw_info(char *dailypw, char *fieldname){ |
---|
472 | GB_transaction dummy(gb_userdb); // keep transaction open until var scope ends |
---|
473 | GBDATA *gb_dailypw = GB_find(gb_userdb,"dailypw",dailypw,down_2_level); |
---|
474 | if (!gb_dailypw) return ORS_export_error("Dailypw %s does not exists",dailypw); |
---|
475 | |
---|
476 | GBDATA *gb_user = GB_get_father(gb_dailypw); |
---|
477 | GBDATA *gb_date = GB_find(gb_user,"dailypw_date",0,down_level); |
---|
478 | if (!gb_date) return ORS_export_error("Dailypw_date does not exist"); |
---|
479 | GB_read_string(gb_date); |
---|
480 | // TODO: if (gb_date < today) |
---|
481 | |
---|
482 | GBDATA *gb_field = GB_find(gb_user,fieldname,0,down_level); |
---|
483 | if (!gb_field) return 0; |
---|
484 | return GB_read_string(gb_field); |
---|
485 | } |
---|
486 | |
---|
487 | /***************************************************************************** |
---|
488 | RETURN LIST OF SUBUSERS of a userpath |
---|
489 | "levels" levels down, excluding "exclude", |
---|
490 | excluding all down from "exclude_from" |
---|
491 | list has format as follows: name 1 name 1 ... 0 |
---|
492 | *****************************************************************************/ |
---|
493 | char *OS_list_of_subusers(char *userpath, int levels, char *exclude, char *exclude_from){ |
---|
494 | GB_transaction dummy(gb_userdb); // keep transaction open until var scope ends |
---|
495 | |
---|
496 | GBDATA *gb_userpath = GB_find(gb_userdb,"userpath",userpath,down_2_level); |
---|
497 | if (!gb_userpath) return ""; // ORS_export_error("User %s does not exists",userpath); |
---|
498 | |
---|
499 | char *users[500]; |
---|
500 | int num_users=0; |
---|
501 | GBDATA *subuser; |
---|
502 | GBDATA *subuser_name; |
---|
503 | char *newpath, *read_data; |
---|
504 | int my_level_count = ORS_str_char_count(userpath,'/'), |
---|
505 | level_count, |
---|
506 | exclude_from_len; |
---|
507 | |
---|
508 | if (!strcmp(userpath,"/")) newpath = "/*"; // finds userpath |
---|
509 | else { |
---|
510 | newpath = GBS_string_eval(userpath,"*=*1/\\*",0); |
---|
511 | if (!exclude || strcmp(userpath,exclude)) |
---|
512 | users[num_users++]=strdup(userpath); // can't GB_find userpath |
---|
513 | } |
---|
514 | |
---|
515 | // search all users matching "userpath/*" |
---|
516 | if (exclude_from && !*exclude_from) exclude_from=NULL; |
---|
517 | if (exclude_from) exclude_from_len=strlen(exclude_from); |
---|
518 | for ( subuser_name = GB_find(gb_userdb, "userpath", newpath, down_2_level); |
---|
519 | subuser_name; |
---|
520 | // search 1 level down but parallel |
---|
521 | subuser_name = GB_find(subuser,"userpath", newpath, down_level | search_next) ) { |
---|
522 | |
---|
523 | read_data=GB_read_string(subuser_name); |
---|
524 | level_count=ORS_str_char_count(read_data,'/'); |
---|
525 | // exclude |
---|
526 | if (level_count <= my_level_count + levels |
---|
527 | && (!exclude || strcmp(read_data,exclude)) |
---|
528 | && (!exclude_from || strncmp(read_data,exclude_from,exclude_from_len)) |
---|
529 | ) { |
---|
530 | users[num_users++]=read_data; |
---|
531 | } |
---|
532 | if (num_users >= 500) break; |
---|
533 | |
---|
534 | subuser = GB_get_father(subuser_name); |
---|
535 | } |
---|
536 | |
---|
537 | // sort array names |
---|
538 | GBT_quicksort( (void **)users, 0, num_users, (long (*)(void *, void *, char *cd )) strcmp,0); |
---|
539 | |
---|
540 | // convert array into 1 string (seperated by 1) |
---|
541 | int length=0, i; |
---|
542 | static char *result = 0; |
---|
543 | delete result; |
---|
544 | for (i=0; i<num_users; i++) length+=strlen(users[i]); // count length |
---|
545 | result = (char *)calloc(sizeof(char *),length+num_users+2); |
---|
546 | char *write=result; |
---|
547 | for (i=0; i<num_users; i++) { // append strings |
---|
548 | strcpy(write,users[i]); |
---|
549 | delete(users[i]); |
---|
550 | write+=strlen(users[i])+1; |
---|
551 | if (i<num_users-1) *(write-1)=1; |
---|
552 | } |
---|
553 | |
---|
554 | return result; |
---|
555 | } |
---|
556 | |
---|
557 | |
---|
558 | /*********************** |
---|
559 | set dailypw for user |
---|
560 | ***********************/ |
---|
561 | char *OS_set_dailypw(char */*userpath*/, char */*dailypw*/) { |
---|
562 | |
---|
563 | return "not implemented: set dailypw for user"; |
---|
564 | } |
---|
565 | |
---|
566 | /***************************************************************************** |
---|
567 | ALLOWED TO CREATE USER? |
---|
568 | test user and all parent users for needed rights |
---|
569 | (max_users and max_user_depth) |
---|
570 | returns error message or NULL |
---|
571 | *****************************************************************************/ |
---|
572 | char * OS_allowed_to_create_user(char *userpath, char *new_son) { |
---|
573 | GB_transaction dummy(gb_userdb); // keep transaction open until var scope ends |
---|
574 | |
---|
575 | int superuser = OS_read_user_info_int(userpath,"is_superuser"); |
---|
576 | if (superuser) return 0; // superuser has all rights |
---|
577 | |
---|
578 | int max_users = OS_read_user_info_int(userpath,"max_users"); |
---|
579 | if (max_users == 0) return strdup("You are not allowed to create a user."); |
---|
580 | |
---|
581 | int curr_users = OS_read_user_info_int(userpath,"curr_users"); |
---|
582 | if (max_users <= curr_users) return strdup("You have already created your maximum number of users."); |
---|
583 | |
---|
584 | int my_slashes = ORS_str_char_count(userpath,'/'); |
---|
585 | if (my_slashes == 0) return strdup("You have to be part of the user hierarchie to create a sub-user!"); |
---|
586 | |
---|
587 | int new_slashes = ORS_str_char_count(new_son,'/'); |
---|
588 | if (new_slashes <= my_slashes) return strdup("This sub-user is not allowed."); |
---|
589 | |
---|
590 | int new_depth = new_slashes - my_slashes; |
---|
591 | int max_user_depth = OS_read_user_info_int(userpath,"max_user_depth"); |
---|
592 | if (new_depth > max_user_depth) return strdup("You are not allowed to create a sub-user in such a depth of hierarchie."); |
---|
593 | |
---|
594 | while (1) { |
---|
595 | userpath=ORS_get_parent_of(userpath); |
---|
596 | new_depth++; // one level up |
---|
597 | if (!userpath) break; // no more daddies |
---|
598 | max_users = OS_read_user_info_int(userpath,"max_users"); |
---|
599 | curr_users = OS_read_user_info_int(userpath,"curr_users"); |
---|
600 | max_user_depth = OS_read_user_info_int(userpath,"max_user_depth"); |
---|
601 | if (max_users <= curr_users) return ORS_export_error("Your parent user %s is not allowed to create more users.", userpath); |
---|
602 | if (new_depth > max_user_depth) |
---|
603 | return ORS_export_error("Your parent user %s is not allowed to have users down to that hierarchie depth.", userpath); |
---|
604 | } |
---|
605 | return 0; |
---|
606 | } |
---|
607 | |
---|
608 | /***************************************************************************** |
---|
609 | CONSTRUCT SEL_USERPATH |
---|
610 | add a parent path and a name |
---|
611 | return strdup |
---|
612 | *****************************************************************************/ |
---|
613 | char *OS_construct_sel_userpath(char *sel_par_userpath, char *sel_user) { |
---|
614 | if (!strcmp(sel_par_userpath,"/")) |
---|
615 | return strdup(GBS_global_string("/%s",sel_user)); |
---|
616 | return strdup(GBS_global_string("%s/%s", sel_par_userpath, sel_user)); |
---|
617 | } |
---|
618 | |
---|
619 | /***************************************************************************** |
---|
620 | WHO: list of logged in users |
---|
621 | returns list |
---|
622 | *****************************************************************************/ |
---|
623 | void *who_file; |
---|
624 | ORS_main *who_pm; |
---|
625 | char *who_userpath; // strdup of userpath |
---|
626 | |
---|
627 | //****** sub function for hash_loop: all users |
---|
628 | long OS_who_loop_all(const char *key, long val) { |
---|
629 | return OS_who_loop(key, val, 0); |
---|
630 | } |
---|
631 | long OS_who_loop_user(const char *key, long val) { |
---|
632 | return OS_who_loop(key, val, 1); |
---|
633 | } |
---|
634 | |
---|
635 | long OS_who_loop(const char */*key*/, long val, int mode) { // mode = 0 : all, mode = 1 : my_users only |
---|
636 | static char *time_string=0; |
---|
637 | struct passwd_struct *pws = (struct passwd_struct *)val; |
---|
638 | |
---|
639 | if ((unsigned long)(pws->last_access_time) < (GB_time_of_day() - (3600 * 2))) { |
---|
640 | printf("User %s expired.\n", pws->userpath/*, time_string*/); |
---|
641 | return 0; // remove old user |
---|
642 | } |
---|
643 | if (val) { |
---|
644 | if (mode == 0 || // all users |
---|
645 | ORS_is_parent_or_equal(who_userpath, pws->userpath) ) { // or sub-users and me |
---|
646 | GBS_strcat(who_file, pws->userpath); |
---|
647 | GBS_chrcat(who_file, 1); |
---|
648 | delete time_string; |
---|
649 | time_string = ORS_time_and_date_string(DATE_TIME, pws->login_time); |
---|
650 | GBS_strcat(who_file, time_string); |
---|
651 | GBS_chrcat(who_file, 1); |
---|
652 | delete time_string; |
---|
653 | time_string = ORS_time_and_date_string(DATE_TIME, pws->last_access_time); |
---|
654 | GBS_strcat(who_file, time_string); |
---|
655 | GBS_chrcat(who_file, 1); |
---|
656 | GBS_strcat(who_file, pws->remote_host); |
---|
657 | GBS_chrcat(who_file, 1); |
---|
658 | } |
---|
659 | } |
---|
660 | |
---|
661 | return val; // do NOT remove item from list! |
---|
662 | } |
---|
663 | |
---|
664 | //************************* |
---|
665 | char * OS_who(ORS_local *locs, char *userpath) { |
---|
666 | static char *str = 0; |
---|
667 | who_pm = (ORS_main *)locs->mh.parent->parent; |
---|
668 | who_file=GBS_stropen(10000); // open memory file |
---|
669 | if (userpath) { |
---|
670 | if (ORS_str_char_count(userpath, '/') >= 2) |
---|
671 | who_userpath = ORS_get_parent_of(userpath); |
---|
672 | else who_userpath = strdup(userpath); |
---|
673 | GBS_hash_do_loop((GB_HASH*)who_pm->pwds, OS_who_loop_user); |
---|
674 | delete who_userpath; |
---|
675 | } |
---|
676 | else |
---|
677 | GBS_hash_do_loop((GB_HASH*)who_pm->pwds, OS_who_loop_all); |
---|
678 | delete str; |
---|
679 | str = GBS_strclose(who_file,0); |
---|
680 | return str; // ...return it |
---|
681 | } |
---|
682 | |
---|
683 | /***************************************************************************** |
---|
684 | USER HAS SUB-USERS? |
---|
685 | return 1 if has, otherwise 0 |
---|
686 | *****************************************************************************/ |
---|
687 | int OS_user_has_sub_users(char *userpath) { |
---|
688 | GB_transaction dummy(gb_userdb); // keep transaction open until var scope ends |
---|
689 | |
---|
690 | char *user_pattern = ORS_sprintf("%s/*",userpath); |
---|
691 | GBDATA *sub_userpath = GB_find(gb_userdb,"userpath",user_pattern,down_2_level); |
---|
692 | delete user_pattern; |
---|
693 | if (sub_userpath) return 1; |
---|
694 | return 0; |
---|
695 | } |
---|
696 | |
---|
697 | /***************************************************************************** |
---|
698 | CHANGE SUB-USER COUNT for a sel_userpath |
---|
699 | change all parents |
---|
700 | *****************************************************************************/ |
---|
701 | void OS_change_curr_user_counts(char *sel_userpath, int additor) { |
---|
702 | GB_transaction dummy(gb_userdb); // keep transaction open until var scope ends |
---|
703 | |
---|
704 | while (1) { |
---|
705 | sel_userpath=ORS_get_parent_of(sel_userpath); |
---|
706 | if (!sel_userpath) break; // no more daddies |
---|
707 | int curr_users = OS_read_user_info_int(sel_userpath,"curr_users"); |
---|
708 | if ((additor < 0) && (curr_users < 1)) curr_users = 0; |
---|
709 | else curr_users = curr_users + additor; |
---|
710 | OS_write_user_info_int(sel_userpath,"curr_users",curr_users); |
---|
711 | } |
---|
712 | return; |
---|
713 | } |
---|