Synchronet now requires the libarchive development package (e.g. libarchive-dev on Debian-based Linux distros, libarchive.org for more info) to build successfully.

Commit 2d34f275 authored by rswindell's avatar rswindell

Allow more JavaScript control over password prompting:

bbs.login() now accepts 2 additional optional arguments: user_pw and sys_pw
if these passwords are supplied, they won't be prompted for by the underlying C
functions. If the password_prompt argument (2nd arg) is not supplied, no prompt
will be displayed, but a password must still be entered.
The default behavior is the same as before.
parent 9094974c
......@@ -8,7 +8,7 @@
* @format.tab-size 4 (Plain Text/Source Code File Header) *
* @format.use-tabs true (see http://www.synchro.net/ptsc_hdr.html) *
* *
* Copyright 2009 Rob Swindell - http://www.synchro.net/copyright.html *
* Copyright Rob Swindell - http://www.synchro.net/copyright.html *
* *
* This program is free software; you can redistribute it and/or *
* modify it under the terms of the GNU General Public License *
......@@ -101,7 +101,7 @@ int sbbs_t::uselect(int add, uint n, const char *title, const char *item, const
/****************************************************************************/
/* Prompts user for System Password. Returns 1 if user entered correct PW */
/****************************************************************************/
bool sbbs_t::chksyspass()
bool sbbs_t::chksyspass(const char* sys_pw)
{
char str[256],str2[256];
......@@ -109,9 +109,13 @@ bool sbbs_t::chksyspass()
logline(LOG_NOTICE,"S!","Remote sysop access disabled");
return(false);
}
bputs(text[SystemPassword]);
getstr(str,40,K_UPPER|K_NOECHO);
CRLF;
if(sys_pw != NULL)
SAFECOPY(str, sys_pw);
else {
bputs(text[SystemPassword]);
getstr(str, 40, K_UPPER | K_NOECHO);
CRLF;
}
if(strcmp(cfg.sys_pass,str)) {
if(cfg.sys_misc&SM_ECHO_PW)
SAFEPRINTF3(str2,"%s #%u System password attempt: '%s'"
......
......@@ -1679,9 +1679,13 @@ js_login(JSContext *cx, uintN argc, jsval *arglist)
{
jsval *argv=JS_ARGV(cx, arglist);
char* name;
char* pw;
char* pw_prompt = NULL;
char* user_pw = NULL;
char* sys_pw = NULL;
JSString* js_name;
JSString* js_pw;
JSString* js_pw_prompt;
JSString* js_user_pw;
JSString* js_sys_pw;
sbbs_t* sbbs;
jsrefcount rc;
......@@ -1696,21 +1700,24 @@ js_login(JSContext *cx, uintN argc, jsval *arglist)
if((js_name=JS_ValueToString(cx, argv[0]))==NULL)
return(JS_FALSE);
if((js_pw=JS_ValueToString(cx, argv[1]))==NULL)
return(JS_FALSE);
js_pw_prompt = JS_ValueToString(cx, argv[1]);
js_user_pw = JS_ValueToString(cx, argv[2]);
js_sys_pw = JS_ValueToString(cx, argv[3]);
JSSTRING_TO_ASTRING(cx, js_name, name, (LEN_ALIAS > LEN_NAME) ? LEN_ALIAS+2 : LEN_NAME+2, NULL);
if(name==NULL)
return(JS_FALSE);
JSSTRING_TO_MSTRING(cx, js_pw, pw, NULL);
if(pw==NULL)
return(JS_FALSE);
JSSTRING_TO_MSTRING(cx, js_pw_prompt, pw_prompt, NULL);
JSSTRING_TO_MSTRING(cx, js_user_pw, user_pw, NULL);
JSSTRING_TO_MSTRING(cx, js_sys_pw, sys_pw, NULL);
rc=JS_SUSPENDREQUEST(cx);
JS_SET_RVAL(cx, arglist, BOOLEAN_TO_JSVAL(sbbs->login(name,pw)==LOGIC_TRUE ? JS_TRUE:JS_FALSE));
JS_SET_RVAL(cx, arglist, BOOLEAN_TO_JSVAL(sbbs->login(name,pw_prompt,user_pw,sys_pw)==LOGIC_TRUE ? JS_TRUE:JS_FALSE));
JS_RESUMEREQUEST(cx, rc);
free(pw);
FREE_AND_NULL(pw_prompt);
FREE_AND_NULL(user_pw);
FREE_AND_NULL(sys_pw);
return(JS_TRUE);
}
......@@ -3521,8 +3528,9 @@ static jsSyncMethodSpec js_bbs_functions[] = {
,JSDOCSTR("interactive new user procedure")
,310
},
{"login", js_login, 2, JSTYPE_BOOLEAN, JSDOCSTR("user_name, password_prompt")
,JSDOCSTR("login with <i>user_name</i>, displaying <i>password_prompt</i> for password (if required)")
{"login", js_login, 4, JSTYPE_BOOLEAN, JSDOCSTR("user_name [,password_prompt] [,user_password] [,system_password]")
,JSDOCSTR("login with <i>user_name</i>, displaying <i>password_prompt</i> for user's password (if required), "
"optionally supplying the user's password and the system password as arguments so as to not be prompted")
,310
},
{"logon", js_logon, 0, JSTYPE_BOOLEAN, JSDOCSTR("")
......
......@@ -36,7 +36,7 @@
#include "sbbs.h"
#include "cmdshell.h"
int sbbs_t::login(char *username, char *pw)
int sbbs_t::login(char *username, char *pw_prompt, const char* user_pw, const char* sys_pw)
{
char str[128];
char tmp[512];
......@@ -76,9 +76,9 @@ int sbbs_t::login(char *username, char *pw)
}
if(!useron.number) {
if(cfg.node_misc&NM_LOGON_P) {
if((cfg.node_misc&NM_LOGON_P) && pw_prompt != NULL) {
SAFECOPY(useron.alias,str);
bputs(pw);
bputs(pw_prompt);
console|=CON_R_ECHOX;
getstr(str,LEN_PASS*2,K_UPPER|K_LOWPRIO|K_TAB);
console&=~(CON_R_ECHOX|CON_L_ECHOX);
......@@ -107,10 +107,15 @@ int sbbs_t::login(char *username, char *pw)
}
if(useron.pass[0] || REALSYSOP) {
bputs(pw);
console|=CON_R_ECHOX;
getstr(str,LEN_PASS*2,K_UPPER|K_LOWPRIO|K_TAB);
console&=~(CON_R_ECHOX|CON_L_ECHOX);
if(user_pw != NULL)
SAFECOPY(str, user_pw);
else {
if(pw_prompt != NULL)
bputs(pw_prompt);
console |= CON_R_ECHOX;
getstr(str, LEN_PASS * 2, K_UPPER | K_LOWPRIO | K_TAB);
console &= ~(CON_R_ECHOX | CON_L_ECHOX);
}
if(!online) {
useron.number=0;
return(LOGIC_FALSE);
......@@ -129,7 +134,7 @@ int sbbs_t::login(char *username, char *pw)
useron.misc=useron_misc;
return(LOGIC_FALSE);
}
if(REALSYSOP && !chksyspass()) {
if(REALSYSOP && !chksyspass(sys_pw)) {
bputs(text[InvalidLogon]);
useron.number=0;
useron.misc=useron_misc;
......
......@@ -730,7 +730,7 @@ public:
int putnodeext(uint number, char * str);
/* login.ccp */
int login(char *str, char *pw);
int login(char *user_name, char *pw_prompt, const char* user_pw = NULL, const char* sys_pw = NULL);
void badlogin(char* user, char* passwd);
/* answer.cpp */
......@@ -785,7 +785,7 @@ public:
void logoffstats(void);
int nopen(char *str, int access);
int mv(char *src, char *dest, char copy); /* fast file move/copy function */
bool chksyspass(void);
bool chksyspass(const char* sys_pw = NULL);
bool chk_ar(const uchar * str, user_t* user, client_t* client); /* checks access requirements */
bool ar_exp(const uchar ** ptrptr, user_t*, client_t*);
void daily_maint(void);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment