void Server_Cmd_USERADD(tClient *Client, char *Args) { char *username; // Parse arguments if( Server_int_ParseArgs(0, Args, &username, NULL) ) { sendf(Client->Socket, "407 USER_ADD takes 1 argument\n"); return ; } // Check authentication if( !Client->bIsAuthed ) { sendf(Client->Socket, "401 Not Authenticated\n"); return ; } // Check permissions if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) ) { sendf(Client->Socket, "403 Not a coke admin\n"); return ; } // Try to create user if( Bank_CreateAcct(username) == -1 ) { sendf(Client->Socket, "404 User exists\n"); return ; } { char *thisName = Bank_GetAcctName(Client->UID); Log_Info("Account '%s' created by '%s'", username, thisName); free(thisName); } sendf(Client->Socket, "200 User Added\n"); }
/* * Authenticate a user */ int Bank_GetUserAuth(const char *Salt, const char *Username, const char *Password) { #if USE_LDAP uint8_t hash[20]; uint8_t h[20]; int ofs = strlen(Username) + strlen(Salt); char input[ ofs + 40 + 1]; char tmp[4 + strlen(Username) + 1]; // uid=%s char *passhash; #endif #if 1 // Only here to shut GCC up (until password auth is implemented) if( Salt == NULL ) return -1; if( Password == NULL ) return -1; #endif #if HACK_TPG_NOAUTH if( strcmp(Username, "tpg") == 0 ) return Bank_GetAcctByName("tpg"); #endif #if HACK_ROOT_NOAUTH if( strcmp(Username, "root") == 0 ) { int ret = Bank_GetAcctByName("root"); if( ret == -1 ) return Bank_CreateAcct("root"); return ret; } #endif #if USE_LDAP HexBin(hash, 20, Password); // Build string to hash strcpy(input, Username); strcpy(input, Salt); // TODO: Get user's SHA-1 hash sprintf(tmp, "uid=%s", Username); printf("tmp = '%s'\n", tmp); passhash = ReadLDAPValue(tmp, "userPassword"); if( !passhash ) { return -1; } printf("LDAP hash '%s'\n", passhash); sprintf(input+ofs, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", h[ 0], h[ 1], h[ 2], h[ 3], h[ 4], h[ 5], h[ 6], h[ 7], h[ 8], h[ 9], h[10], h[11], h[12], h[13], h[14], h[15], h[16], h[17], h[18], h[19] ); // Then create the hash from the provided salt // Compare that with the provided hash # if 1 { int i; printf("Password hash "); for(i=0;i<20;i++) printf("%02x", hash[i]&0xFF); printf("\n"); } # endif #endif return -1; }