simplify setup_default_wng()

[paraslash.git] / command.c

diff --git a/command.c b/command.c
index d0d9047b7d3d97dc1061a6c52db158e500d4969c..ffd660d63c0cdd94cd73d952a8785007873f1a97 100644 (file)
--- a/command.c
+++ b/command.c
@@ -34,6 +34,9 @@
 #include "user_list.h"
 #include "server_command_list.h"
 
 #include "user_list.h"
 #include "server_command_list.h"
 

+/** commands including options must be shorter than this */
+#define MAX_COMMAND_LEN 4096
+

 static RC4_KEY rc4_recv_key;
 static RC4_KEY rc4_send_key;
 static unsigned char rc4_buf[2 * RC4_KEY_LEN];
 static RC4_KEY rc4_recv_key;
 static RC4_KEY rc4_send_key;
 static unsigned char rc4_buf[2 * RC4_KEY_LEN];


@@ -788,9 +791,9 @@ static void rc4_send(unsigned long len, const unsigned char *indata,
 int handle_connect(int fd, struct sockaddr_in *addr)
 {
        int numbytes, ret, argc, use_rc4 = 0;
 int handle_connect(int fd, struct sockaddr_in *addr)
 {
        int numbytes, ret, argc, use_rc4 = 0;

-       char buf[STRINGSIZE];
+       char buf[4096];

        unsigned char crypt_buf[MAXLINE];
        unsigned char crypt_buf[MAXLINE];

-       struct user u;
+       struct user *u;

        struct server_command *cmd = NULL;
        long unsigned challenge_nr, chall_response;
        char **argv = NULL;
        struct server_command *cmd = NULL;
        long unsigned challenge_nr, chall_response;
        char **argv = NULL;


@@ -822,16 +825,18 @@ int handle_connect(int fd, struct sockaddr_in *addr)
                goto err_out;
 
        if (numbytes < 9 || strncmp(buf, "auth rc4 ", 9))
                goto err_out;
 
        if (numbytes < 9 || strncmp(buf, "auth rc4 ", 9))

-               u.name = para_strdup(buf + 5); /* client version < 0.2.6 */
+               p = buf + 5; /* client version < 0.2.6 */

        else {
        else {

-               u.name = para_strdup(buf + 9); /* client version >= 0.2.6 */
+               p = buf + 9; /* client version >= 0.2.6 */

                use_rc4 = 1;
        }
        PARA_DEBUG_LOG("received %s request for user %s\n",
                use_rc4 = 1;
        }
        PARA_DEBUG_LOG("received %s request for user %s\n",

-               use_rc4? "rc4" : "auth", u.name);
-       if ((ret = lookup_user(&u)) < 0)
+               use_rc4? "rc4" : "auth", p);
+       ret = -E_BAD_USER;
+       u = lookup_user(p);
+       if (!u)

                goto err_out;
                goto err_out;

-       ret = para_encrypt_challenge(u.rsa, challenge_nr, crypt_buf);
+       ret = para_encrypt_challenge(u->rsa, challenge_nr, crypt_buf);

        if (ret <= 0)
                goto err_out;
        numbytes = ret;
        if (ret <= 0)
                goto err_out;
        numbytes = ret;


@@ -852,11 +857,11 @@ int handle_connect(int fd, struct sockaddr_in *addr)
                        || chall_response != challenge_nr)
                goto err_out;
        /* auth successful. Send 'Proceed' message */
                        || chall_response != challenge_nr)
                goto err_out;
        /* auth successful. Send 'Proceed' message */

-       PARA_INFO_LOG("good auth for %s (%lu)\n", u.name, challenge_nr);
+       PARA_INFO_LOG("good auth for %s (%lu)\n", u->name, challenge_nr);

        sprintf(buf, "%s", PROCEED_MSG);
        if (use_rc4) {
                init_rc4_keys();
        sprintf(buf, "%s", PROCEED_MSG);
        if (use_rc4) {
                init_rc4_keys();

-               ret = para_encrypt_buffer(u.rsa, rc4_buf, 2 * RC4_KEY_LEN,
+               ret = para_encrypt_buffer(u->rsa, rc4_buf, 2 * RC4_KEY_LEN,

                        (unsigned char *)buf + PROCEED_MSG_LEN + 1);
                if (ret <= 0)
                        goto err_out;
                        (unsigned char *)buf + PROCEED_MSG_LEN + 1);
                if (ret <= 0)
                        goto err_out;


@@ -872,7 +877,7 @@ int handle_connect(int fd, struct sockaddr_in *addr)
        while ((numbytes = recv_buffer(fd, buf, sizeof(buf))) > 0) {
 //             PARA_INFO_LOG("recvd: %s (%d)\n", buf, numbytes);
                ret = -E_COMMAND_SYNTAX;
        while ((numbytes = recv_buffer(fd, buf, sizeof(buf))) > 0) {
 //             PARA_INFO_LOG("recvd: %s (%d)\n", buf, numbytes);
                ret = -E_COMMAND_SYNTAX;

-               if (command && numbytes + strlen(command) > STRINGSIZE) /* DOS */
+               if (command && numbytes + strlen(command) > MAX_COMMAND_LEN) /* DOS */

                        goto err_out;
                command = para_strcat(command, buf);
                if ((p = strstr(command, EOC_MSG))) {
                        goto err_out;
                command = para_strcat(command, buf);
                if ((p = strstr(command, EOC_MSG))) {


@@ -888,7 +893,7 @@ int handle_connect(int fd, struct sockaddr_in *addr)
        if (!(cmd = parse_cmd(command)))
                goto err_out;
        /* valid command, check permissions */
        if (!(cmd = parse_cmd(command)))
                goto err_out;
        /* valid command, check permissions */

-       ret = check_perms(u.perms, cmd);
+       ret = check_perms(u->perms, cmd);

        if (ret < 0)
                goto err_out;
        /* valid command and sufficient perms */
        if (ret < 0)
                goto err_out;
        /* valid command and sufficient perms */


@@ -897,7 +902,7 @@ int handle_connect(int fd, struct sockaddr_in *addr)
        mmd_lock();
        mmd->num_commands++;
        mmd_unlock();
        mmd_lock();
        mmd->num_commands++;
        mmd_unlock();

-       PARA_NOTICE_LOG("calling com_%s() for %s@%s\n", cmd->name, u.name,
+       PARA_NOTICE_LOG("calling com_%s() for %s@%s\n", cmd->name, u->name,

                inet_ntoa(addr->sin_addr));
        ret = cmd->handler(fd, argc, argv);
        if (ret >= 0) {
                inet_ntoa(addr->sin_addr));
        ret = cmd->handler(fd, argc, argv);
        if (ret >= 0) {