/*
* Implements the message store.
*
- * Copyright (c) 1987-2010 by the citadel.org team
+ * Copyright (c) 1987-2011 by the citadel.org team
*
- * This program is free software; you can redistribute it and/or modify
+ * This program is open source software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include "sysdep.h"
}
+
+/* store a value in the binary tree */
+void seenit_store(struct seenit **si, long msgnum) {
+ struct seenit *this_si;
+
+ if (*si == NULL) { /* store now */
+ *si = malloc(sizeof(struct seenit));
+ this_si = *si;
+ this_si->l = NULL;
+ this_si->r = NULL;
+ this_si->msgnum = msgnum;
+ return;
+ }
+
+ this_si = *si;
+ if (msgnum < this_si->msgnum) {
+ seenit_store(&this_si->l, msgnum);
+ }
+ else if (msgnum > this_si->msgnum) {
+ seenit_store(&this_si->r, msgnum);
+ }
+ else {
+ return;
+ }
+}
+
+
+/* search for a value in the binary tree */
+int seenit_isthere(struct seenit *si, long msgnum) {
+ if (!si) return(0); /* not there */
+ if (msgnum < si->msgnum) return(seenit_isthere(si->l, msgnum));
+ if (msgnum > si->msgnum) return(seenit_isthere(si->r, msgnum));
+ return(1); /* found it */
+}
+
+
+/* free the binary tree */
+void seenit_free(struct seenit **si) {
+ struct seenit *this_si = *si;
+ if (!this_si) return;
+ seenit_free(&this_si->l);
+ seenit_free(&this_si->r);
+ free(this_si);
+ *si = NULL;
+}
+
+
+
+
+
/*
* API function to perform an operation for each qualifying message in the
* current room. (Returns the number of messages processed.)
/* Load the message list */
cdbfr = cdb_fetch(CDB_MSGLISTS, &CC->room.QRnumber, sizeof(long));
- if (cdbfr != NULL) {
- msglist = (long *) cdbfr->ptr;
- num_msgs = cdbfr->len / sizeof(long);
- } else {
+ if (cdbfr == NULL) {
if (need_to_free_re) regfree(&re);
return 0; /* No messages at all? No further action. */
}
+ msglist = (long *) cdbfr->ptr;
+ num_msgs = cdbfr->len / sizeof(long);
+
+ cdbfr->ptr = NULL; /* clear this so that cdb_free() doesn't free it */
+ cdb_free(cdbfr); /* we own this memory now */
/*
* Now begin the traversal.
*/
if (num_msgs > 0) for (a = 0; a < num_msgs; ++a) {
+ /*
+ * cache the msgnums we've seen in order to perform security checks later
+ */
+ if (CC->client_socket > 0) {
+ seenit_store(&CC->cached_msglist, msglist[a]);
+ }
+
/* If the caller is looking for a specific MIME type, filter
* out all messages which are not of the type requested.
*/
++num_processed;
}
}
- cdb_free(cdbfr); /* Clean up */
if (need_to_free_re) regfree(&re);
+ free(msglist);
return num_processed;
}
}
}
-#ifdef MESSAGE_IN_ROOM
-/*
- * Check if a message is in the current room.
- * This is used by CtdlFetchMessage to prevent random picking
- * of messages from users private rooms
- *
- * The message list should probably be cached against the CC->room
- */
-int CtdlMessageInRoom(long msgnum)
-{
- visit vbuf;
- struct cdbdata *cdbfr;
-
- /* Learn about the user and room in question */
- CtdlGetUser(&CC->user, CC->curr_user);
- CtdlGetRelationship(&vbuf, &CC->user, &CC->room);
-
- /* Load the message list */
- cdbfr = cdb_fetch(CDB_MSGLISTS, &CC->room.QRnumber, sizeof(long));
- if (cdbfr != NULL) {
- long *msglist = NULL;
- int num_msgs = 0;
- int i;
- int r = 0;
-
- msglist = (long *) cdbfr->ptr;
- num_msgs = cdbfr->len / sizeof(long);
-
- /* search for message msgnum */
- for (i=0; i<num_msgs; i++) {
- if (msglist[i] == msgnum) {
- r = 1;
- break;
- }
- }
-
- cdb_free(cdbfr);
- return r;
- } else {
- return 0;
- }
-}
-#endif
/*
* Load a message from disk into memory.
cit_uint8_t field_header;
syslog(LOG_DEBUG, "CtdlFetchMessage(%ld, %d)\n", msgnum, with_body);
-
-#ifdef MESSAGE_IN_ROOM
- if (!CtdlMessageInRoom(msgnum)) {
- syslog(LOG_DEBUG, "Message %ld not in current room\n", msgnum);
- return NULL;
- }
-#endif
-
dmsgtext = cdb_fetch(CDB_MSGMAIN, &msgnum, sizeof(long));
if (dmsgtext == NULL) {
return NULL;
}
+/*
+ * Determine whether the specified message exists in the cached_msglist
+ * (This is a security check)
+ */
+int check_cached_msglist(long msgnum) {
+
+ /* cases in which we skip the check */
+ if (!CC) return om_ok; /* not a session */
+ if (CC->client_socket <= 0) return om_ok; /* not a client session */
+ if (CC->cached_msglist == NULL) return om_access_denied; /* no msglist fetched */
+
+ if (seenit_isthere(CC->cached_msglist, msgnum)) {
+ return om_ok;
+ }
+
+ return om_access_denied;
+}
+
+
/*
* Determine whether the currently logged in session has permission to read
* messages in the current room.
return(r);
}
-#ifdef MESSAGE_IN_ROOM
- if (!CtdlMessageInRoom(msg_num)) {
- syslog(LOG_DEBUG, "Message %ld not in current room\n", msg_num);
- if (do_proto) cprintf("%d Can't locate msg %ld in room\n",
- ERROR + MESSAGE_NOT_FOUND, msg_num);
- return(om_no_such_msg);
+ r = check_cached_msglist(msg_num);
+ if (r != om_ok) {
+ syslog(LOG_DEBUG, "Denying access to message %ld - not yet listed\n", msg_num);
+ if (do_proto) {
+ if (r == om_access_denied) {
+ cprintf("%d Message %ld was not found in this room.\n",
+ ERROR + MESSAGE_NOT_FOUND,
+ msg_num
+ );
+ }
+ else {
+ cprintf("%d An unknown error has occurred.\n", ERROR);
+ }
+ return(r);
+ }
}
-#endif
/*
* Fetch the message from disk. If we're in HEADERS_FAST mode,
projects / citadel.git / blobdiff