@@ -17,6 +17,7 @@

 #include <unistd.h>

 #include "gen_res.h"

 #include "socklib.h"

+#include "loglib.h"

 #include "webkernel.h"

 #include "kakumei.h"

 #include "kakumei_session.h"

@@ -47,22 +48,24 @@ main(int argc, char *argv[])

         }

         port=atoi(argv[1]);

         if((ka->ssel=sselect_init())==NULL) {

-                fprintf(stderr,"ERROR: insufficient memory\n");

+                log_write("INIT","ERROR: insufficient memory");

                 return(1);

         }

         if((ka->web=wk_init(port,ka->ssel,NULL,callback_http,NULL,NULL,ka))==NULL) {

                 sselect_free(ka->ssel),ka->ssel=NULL;

-                fprintf(stderr,"ERROR: couldn't init web server\n");

+                log_write("INIT","ERROR: couldn't init web server");

                 return(2);

         }

         sigint_flag=0;

         signal_init(SIGINT,sigint);

+        log_write("INIT","Server initialized, waiting connections...");

         while(!sigint_flag) {

                 sselect_wait(ka->ssel,timeout);

                 wk_service(ka->web);

         }

         wk_free(ka->web),ka->web=NULL;

         sselect_free(ka->ssel),ka->ssel=NULL;

+        log_write("FINI","SIGINT detected, exiting...");

         return(0);

 }

@@ -134,22 +137,33 @@ callback_http(wk *web, int connid, wk_uri *uri, void *userptr)

         char *ptr;

         if(ka==NULL)

                 return(wkact_finished);

-        printf("http: %s\n",uri->path);

+        /* log without passwords */

+        if(memcmp(uri->path,"/login?",7)==0)

+                log_write("HTTP","Request: /login?...");

+        else if(memcmp(uri->path,"/newuser?",9)==0)

+                log_write("HTTP","Request: /newuser?...");

+        else

+                log_write("HTTP","Request: %s",uri->path);

+        /* check for an in-memory file */

         strncpy(partialpath,uri->path,sizeof(partialpath)-1);

         partialpath[sizeof(partialpath)-1]='\0';

         if((ptr=strchr(partialpath,'?'))!=NULL)

                 *ptr='\0';

+#warning TODO check if the page is a "protected" one and, in that case, check for correct session id

         if((strcmp(uri->path,"/")==0 && (res=res_find(resindexdata,"index.html"))!=NULL) ||

           (partialpath[0]=='/' && (res=res_find(resindexdata,partialpath+1))!=NULL)) {

+                log_write("HTTP","Serving in-memory file %s",partialpath+1);

                 wk_serve_buffer_as_file(web,connid,res->data,res->len,mime_getdefault(res->name,"application/octet-stream"));

                 return(wkact_finished);

         }

+        /* check for actions */

         if(memcmp(uri->path,"/login?",7)==0) {

                 return(http_login(web,connid,uri,userptr));

         } else if(memcmp(uri->path,"/newuser?",9)==0) {

                 return(http_newuser(web,connid,uri,userptr));

         }

-        printf("URI not found: %s\n",uri->path);

+        /* not found */

+        log_write("HTTP","URI not found: %s",uri->path);

         wk_serve_error(web,connid,wkerr_notfound);

         return(wkact_finished);

 }

@@ -179,8 +193,10 @@ http_login(wk *web, int connid, wk_uri *uri, void *userptr)

         char reply[1024];

         char session[SESSIONSIZE];

         kakumei *ka=(kakumei *)userptr;

-        if(web==NULL || connid<0 || uri==NULL || ka==NULL)

+        if(web==NULL || connid<0 || uri==NULL || ka==NULL) {

+                log_write("EINT","%s:%i",__FILE__,__LINE__);

                 return(wkact_finished); /* internal error */

+        }

         if(wk_uri_copyvar(uri,"u",u,sizeof(u))==NULL)

                 u[0]='\0';

         if(wk_uri_copyvar(uri,"p",p,sizeof(p))==NULL)

@@ -192,6 +208,7 @@ http_login(wk *web, int connid, wk_uri *uri, void *userptr)

                 snprintf(reply,sizeof(reply),"/newuser.html?i=%s",p);

                 reply[sizeof(reply)-1]='\0';

                 wk_serve_buffer_as_file(web,connid,reply,strlen(reply),"text/plain");

+                log_write("LGIN","Reply: %s",reply);

                 return(wkact_finished);

         } else if(pass_check(ka,u,p)==0 &&

                   session_new(ka,u,session,sizeof(session))!=NULL) {

@@ -199,8 +216,10 @@ http_login(wk *web, int connid, wk_uri *uri, void *userptr)

                 snprintf(reply,sizeof(reply),"/posts.html?s=%s",session);

                 reply[sizeof(reply)-1]='\0';

                 wk_serve_buffer_as_file(web,connid,reply,strlen(reply),"text/plain");

+                log_write("LGIN","Reply: %s",reply);

                 return(wkact_finished);

         }

+        log_write("LGIN","Serving error");

         wk_serve_error(web,connid,wkerr_internal);

         return(wkact_finished);

 }

@@ -212,10 +231,12 @@ http_newuser(wk *web, int connid, wk_uri *uri, void *userptr)

         char reply[1024];

         char session[SESSIONSIZE];

         kakumei *ka=(kakumei *)userptr;

-        if(web==NULL || connid<0 || uri==NULL || ka==NULL)

+        if(web==NULL || connid<0 || uri==NULL || ka==NULL) {

+                log_write("EINT","%s:%i",__FILE__,__LINE__);

                 return(wkact_finished); /* internal error */

+        }

         /* get vars */

-        if(wk_uri_copyvar(uri,"i",u,sizeof(i))==NULL)

+        if(wk_uri_copyvar(uri,"i",i,sizeof(i))==NULL)

                 i[0]='\0';

         if(wk_uri_copyvar(uri,"u",u,sizeof(u))==NULL)

                 u[0]='\0';

@@ -225,12 +246,14 @@ http_newuser(wk *web, int connid, wk_uri *uri, void *userptr)

         if(kakumei_inviteexists(ka,i)!=0) {

                 /* retry login */

                 wk_serve_buffer_as_file(web,connid,"/",1,"text/plain");

+                log_write("NEWU","invalid invite %s, redirecting to login",i);

                 return(wkact_finished);

         }

         /* create user */

         if(pass_new(ka,u,p)!=0) {

                 /* error with username */

                 wk_serve_error(web,connid,wkerr_internal);

+                log_write("NEWU","invalid user, send error");

                 return(wkact_finished);

         }

         /* delete invitation */

@@ -239,12 +262,14 @@ http_newuser(wk *web, int connid, wk_uri *uri, void *userptr)

         if(session_new(ka,u,session,sizeof(session))==NULL) {

                 /* "autologin" didn't work, ask for login */

                 wk_serve_buffer_as_file(web,connid,"/",1,"text/plain");

+                log_write("NEWU","couldn't generate new session, redirecting to login");

                 return(wkact_finished);

         }

         /* valid login */

         snprintf(reply,sizeof(reply),"/posts.html?s=%s",session);

         reply[sizeof(reply)-1]='\0';

         wk_serve_buffer_as_file(web,connid,reply,strlen(reply),"text/plain");

+        log_write("NEWU","Reply: %s",reply);

         return(wkact_finished);

 }

@@ -14,27 +14,54 @@

 #include <sys/types.h>

 #include <sys/stat.h>

 #include <fcntl.h>

+#include "loglib.h"

 #include "kakumei.h"

 #include "libscrypt.h"

+#define VALUE_N 16384

+#define VALUE_r 8

+#define VALUE_p 1

+

+static int mcf_gen(const char *salt,const char *passwd, char *mcf, int mcfsize);

+static int mcf_check(char *mcf, const char *passwd);

+

 int

 pass_new(kakumei *ka, char *user, char *passwd)

 {

         int fd;

         char filename[1024];

-        char mcf[SCRYPT_MCF_LEN+1];

         int len;

-        if(kakumei_uservalid(ka,user)!=0)

+        int res;

+        static const char mysalt[]={"NFkFsNdzMQ9Jfer"};

+        char mcf[SCRYPT_MCF_LEN];

+        if(kakumei_uservalid(ka,user)!=0) {

+                log_write("PASS","Ilegal username %s",user);

+                return(-1);

+        }

+        memset(mcf,0,sizeof(mcf));

+        if((res=mcf_gen(mysalt,passwd,mcf,sizeof(mcf)))!=0) {

+                log_write("PASS","Couln't create simple hash for user %s",user);

                 return(-1);

+        }

+        if((res=mcf_check(mcf,passwd))!=0) {

+                log_write("EINT","%s:%i",__FILE__,__LINE__);

+                return(-1); /* internal error */

+        }

+        mkdir(DATADIR,0700);

+        mkdir(USERSDIR,0700);

+        snprintf(filename,sizeof(filename)-1,"%s/%s",USERSDIR,user);

+        filename[sizeof(filename)-1]='\0';

+        mkdir(filename,0700);

         snprintf(filename,sizeof(filename)-1,"%s/%s/passwd",USERSDIR,user);

         filename[sizeof(filename)-1]='\0';

-        memset(mcf,0,sizeof(mcf));

-        libscrypt_hash(mcf,passwd,SCRYPT_N,SCRYPT_r,SCRYPT_p);

-        if((fd=open(filename,O_WRONLY|O_TRUNC|O_CREAT,0600))==-1)

+        if((fd=open(filename,O_WRONLY|O_TRUNC|O_CREAT,0600))==-1) {

+                log_write("PASS","Couln't open for writing to %s",filename);

                 return(-1);

+        }

         len=strlen(mcf);

         if(write(fd,mcf,len)!=len) {

                 close(fd),fd=-1;

+                log_write("PASS","Error writing to %s",filename);

                 return(-1);

         }

         close(fd),fd=-1;

@@ -46,17 +73,67 @@ pass_check(kakumei *ka, char *user, char *passwd)

 {

         int fd;

         char filename[1024];

-        char mcf[SCRYPT_MCF_LEN+1];

-        if(kakumei_userexists(ka,user)!=0)

+        char mcf[SCRYPT_MCF_LEN];

+        int res;

+        if(kakumei_userexists(ka,user)!=0) {

+                log_write("PASS","No username %s",user);

                 return(-1);

+        }

         snprintf(filename,sizeof(filename)-1,"%s/%s/passwd",USERSDIR,user);

         filename[sizeof(filename)-1]='\0';

-        if((fd=open(filename,O_RDONLY))==-1)

+        if((fd=open(filename,O_RDONLY))==-1) {

+                log_write("PASS","Couldn't read passwd of user %s",user);

                 return(-1);

+        }

         memset(mcf,0,sizeof(mcf));

         read(fd,mcf,sizeof(mcf)-1);

         close(fd),fd=-1;

-        if(libscrypt_check(mcf,passwd)<=0)

+        if((res=mcf_check(mcf,passwd))!=0) {

+                log_write("PASS","Wrong password trying to login for user %s",user);

+                return(-1);

+        }

+        return(0);

+}

+

+/* utility functions to make libscrypt usable */

+static int

+mcf_gen(const char *salt,const char *passwd, char *mcf, int mcfsize)

+{

+        int res;

+        uint8_t hashbuf[SCRYPT_HASH_LEN];

+        char saltbuf[1024];

+        char outbuf[1024];

+        if(mcfsize<SCRYPT_MCF_LEN)

+                return(-1);

+        if(strlen(salt)>16)

+                return(-1); /* large salts make libscrypt break */

+        if((res=libscrypt_scrypt((uint8_t*)passwd,strlen(passwd),

+          (uint8_t*)salt, strlen(salt), VALUE_N,VALUE_r,VALUE_p, hashbuf, sizeof(hashbuf)))!=0) {

+                log_write("PASS","Couln't create hash");

+                return(-1);

+        }

+        if((res=libscrypt_b64_encode(outbuf, (char*)hashbuf, sizeof(hashbuf)))==-1) {

+                log_write("PASS","Couln't encode hash");

+                return(-1);

+        }

+        if((res=libscrypt_b64_encode(saltbuf, salt, strlen(salt)))==-1) {

+                log_write("PASS","Couln't encode salt");

+                return(-1);

+        }

+        if(!(res=libscrypt_mcf(VALUE_N,VALUE_r,VALUE_p, saltbuf, outbuf, mcf))) {

+                log_write("PASS","Couln't convert to mcf");

+                return(-1);

+        }

+        return(0);

+}

+

+static int

+mcf_check(char *mcf, const char *passwd)

+{

+        char mcftest[SCRYPT_MCF_LEN];

+        int res;

+        memcpy(mcftest,mcf,sizeof(mcftest));

+        if((res=libscrypt_check(mcftest,(char *)passwd))<=0)

                 return(-1);

         return(0);

 }

@@ -51,10 +51,10 @@ session_new(kakumei *ka, char *user, char *session, int sessionsize)

         mhash_deinit(td,&binhash);

         for(i=0;i<sizeof(binhash);i++) {

                 c=(((unsigned char *)binhash)[i]>>4);

-                c=(c>=10)?(c-10+'a'):c;

+                c=(c>=10)?(c-10+'a'):c+'0';

                 session[i<<1]=c;

                 c=(((unsigned char *)binhash)[i]&0xf);

-                c=(c>=10)?(c-10+'a'):c;

+                c=(c>=10)?(c-10+'a'):c+'0';

                 session[(i<<1)+1]=c;

         }

         session[sizeof(binhash)]='\0';

@@ -72,6 +72,8 @@ session_new(kakumei *ka, char *user, char *session, int sessionsize)

         }

         close(fd),fd=-1;

         /* delete the previous session of the user */

+        mkdir(DATADIR,0700);

+        mkdir(USERSDIR,0700);

         snprintf(filename,sizeof(filename)-1,"%s/%s/session",USERSDIR,user);

         filename[sizeof(filename)-1]='\0';

         if((fd=open(filename,O_RDONLY))!=-1) {