Synchronet now requires the libarchive development package (e.g. libarchive-dev on Debian-based Linux distros, libarchive.org for more info) to build successfully.

login.cpp 6.13 KB
Newer Older
1 2
/* Synchronet user login routine */

3
/* $Id: login.cpp,v 1.31 2020/04/26 06:32:05 rswindell Exp $ */
4 5 6 7 8

/****************************************************************************
 * @format.tab-size 4		(Plain Text/Source Code File Header)			*
 * @format.use-tabs true	(see http://www.synchro.net/ptsc_hdr.html)		*
 *																			*
9
 * Copyright Rob Swindell - http://www.synchro.net/copyright.html			*
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38
 *																			*
 * This program is free software; you can redistribute it and/or			*
 * modify it under the terms of the GNU General Public License				*
 * as published by the Free Software Foundation; either version 2			*
 * of the License, or (at your option) any later version.					*
 * See the GNU General Public License for more details: gpl.txt or			*
 * http://www.fsf.org/copyleft/gpl.html										*
 *																			*
 * Anonymous FTP access to the most recent released source is available at	*
 * ftp://vert.synchro.net, ftp://cvs.synchro.net and ftp://ftp.synchro.net	*
 *																			*
 * Anonymous CVS access to the development source and modification history	*
 * is available at cvs.synchro.net:/cvsroot/sbbs, example:					*
 * cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs login			*
 *     (just hit return, no password is necessary)							*
 * cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs checkout src		*
 *																			*
 * For Synchronet coding style and modification guidelines, see				*
 * http://www.synchro.net/source.html										*
 *																			*
 * You are encouraged to submit any modifications (preferably in Unix diff	*
 * format) via e-mail to mods@synchro.net									*
 *																			*
 * Note: If this box doesn't appear square, then you need to fix your tabs.	*
 ****************************************************************************/

#include "sbbs.h"
#include "cmdshell.h"

39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54
char* sbbs_t::parse_login(char* str)
{
	sys_status &= ~(SS_QWKLOGON|SS_FASTLOGON);

	if(*str == '*') {
		sys_status |= SS_QWKLOGON;
		return str + 1;
	}

	if(*str == '!') {
		sys_status |= SS_FASTLOGON;
		return str + 1;
	}
	return str;
}

55
int sbbs_t::login(char *username, char *pw_prompt, const char* user_pw, const char* sys_pw)
56
{
57
	char	str[128];
58 59
	char 	tmp[512];
	long	useron_misc=useron.misc;
60 61

	useron.number=0;
62
	username = parse_login(username);
63

64
	if(!(cfg.node_misc&NM_NO_NUM) && IS_DIGIT(username[0])) {
65
		useron.number=atoi(username);
66 67
		getuserdat(&cfg,&useron);
		if(useron.number && useron.misc&(DELETED|INACTIVE))
68 69
			useron.number=0; 
	}
70 71

	if(!useron.number) {
72
		useron.number=matchuser(&cfg,username,FALSE);
73
		if(!useron.number && (uchar)username[0]<0x7f && username[1]
74
			&& IS_ALPHA(username[0]) && strchr(username,' ') && cfg.node_misc&NM_LOGON_R)
75
			useron.number=userdatdupe(0,U_NAME,LEN_NAME,username);
76 77 78
		if(useron.number) {
			getuserdat(&cfg,&useron);
			if(useron.number && useron.misc&(DELETED|INACTIVE))
79 80
				useron.number=0; } 
	}
81 82

	if(!useron.number) {
83
		if((cfg.node_misc&NM_LOGON_P) && pw_prompt != NULL) {
84
			SAFECOPY(useron.alias,username);
85
			bputs(pw_prompt);
86
			console|=CON_R_ECHOX;
87
			getstr(str,LEN_PASS*2,K_UPPER|K_LOWPRIO|K_TAB);
88
			console&=~(CON_R_ECHOX|CON_L_ECHOX);
89
			badlogin(useron.alias, str);
90 91 92 93 94 95 96
			bputs(text[InvalidLogon]);	/* why does this always fail? */
			if(cfg.sys_misc&SM_ECHO_PW) 
				sprintf(tmp,"(%04u)  %-25s  FAILED Password attempt: '%s'"
					,0,useron.alias,str);
			else
				sprintf(tmp,"(%04u)  %-25s  FAILED Password attempt"
					,0,useron.alias);
97
			logline(LOG_NOTICE,"+!",tmp); 
98
		} else {
99
			badlogin(username, NULL);
100
			bputs(text[UnknownUser]);
101
			sprintf(tmp,"Unknown User '%s'",username);
102
			logline(LOG_NOTICE,"+!",tmp); 
103
		}
104
		useron.misc=useron_misc;
105 106
		return(LOGIC_FALSE); 
	}
107 108 109

	if(!online) {
		useron.number=0;
110 111
		return(LOGIC_FALSE); 
	}
112

113
	if(useron.pass[0] || REALSYSOP) {
114 115 116 117 118 119 120 121 122
		if(user_pw != NULL)
			SAFECOPY(str, user_pw);
		else {
			if(pw_prompt != NULL)
				bputs(pw_prompt);
			console |= CON_R_ECHOX;
			getstr(str, LEN_PASS * 2, K_UPPER | K_LOWPRIO | K_TAB);
			console &= ~(CON_R_ECHOX | CON_L_ECHOX);
		}
123 124
		if(!online) {
			useron.number=0;
125 126
			return(LOGIC_FALSE); 
		}
127
		if(stricmp(useron.pass,str)) {
128
			badlogin(useron.alias, str);
129
			bputs(text[InvalidLogon]);
130 131 132 133 134 135
			if(cfg.sys_misc&SM_ECHO_PW) 
				sprintf(tmp,"(%04u)  %-25s  FAILED Password: '%s' Attempt: '%s'"
					,useron.number,useron.alias,useron.pass,str);
			else
				sprintf(tmp,"(%04u)  %-25s  FAILED Password attempt"
					,useron.number,useron.alias);
136
			logline(LOG_NOTICE,"+!",tmp);
137 138
			useron.number=0;
			useron.misc=useron_misc;
139 140
			return(LOGIC_FALSE); 
		}
141
		if(REALSYSOP && (cfg.sys_misc&SM_SYSPASSLOGIN) && !chksyspass(sys_pw)) {
142 143 144
			bputs(text[InvalidLogon]);
			useron.number=0;
			useron.misc=useron_misc;
145 146
			return(LOGIC_FALSE); 
		} 
147
	}
148

149
#ifdef _WIN32
150
	if(startup->sound.login[0] && !sound_muted(&cfg))
151 152 153
		PlaySound(startup->sound.login, NULL, SND_ASYNC|SND_FILENAME);
#endif

154 155
	return(LOGIC_TRUE);
}
156

157
void sbbs_t::badlogin(char* user, char* passwd, const char* protocol, xp_sockaddr* addr, bool delay)
158 159
{
	char reason[128];
160
	char host_name[128];
161 162
	ulong count;

163 164 165 166 167
	if(protocol == NULL)
		protocol = connection;
	if(addr == NULL)
		addr = &client_addr;

168
	SAFECOPY(host_name, STR_NO_HOSTNAME);
169 170 171 172 173 174
	socklen_t addr_len = sizeof(*addr);
	SAFEPRINTF(reason,"%s LOGIN", protocol);
	count=loginFailure(startup->login_attempt_list, addr, protocol, user, passwd);
	if(user!=NULL && startup->login_attempt.hack_threshold && count>=startup->login_attempt.hack_threshold) {
		getnameinfo(&addr->addr, addr_len, host_name, sizeof(host_name), NULL, 0, NI_NAMEREQD);
		::hacklog(&cfg, reason, user, passwd, host_name, addr);
175
#ifdef _WIN32
176
		if(startup->sound.hack[0] && !sound_muted(&cfg))
177 178
			PlaySound(startup->sound.hack, NULL, SND_ASYNC|SND_FILENAME);
#endif
179 180 181 182 183 184 185 186
	}
	if(startup->login_attempt.filter_threshold && count>=startup->login_attempt.filter_threshold) {
		char ipaddr[INET6_ADDRSTRLEN];
		inet_addrtop(addr, ipaddr, sizeof(ipaddr));
		getnameinfo(&addr->addr, addr_len, host_name, sizeof(host_name), NULL, 0, NI_NAMEREQD);
		SAFEPRINTF(reason, "- TOO MANY CONSECUTIVE FAILED LOGIN ATTEMPTS (%lu)", count);
		filter_ip(&cfg, protocol, reason, host_name, ipaddr, user, /* fname: */NULL);
	}
187

188 189
	if(delay)
		mswait(startup->login_attempt.delay);
190
}