* Server functions which perform operations on room objects.
*
*/
+
+#ifdef DLL_EXPORT
+#define IN_LIBCIT
+#endif
+
#include "sysdep.h"
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <sys/stat.h>
#include <string.h>
-#include <time.h>
+
+#if TIME_WITH_SYS_TIME
+# include <sys/time.h>
+# include <time.h>
+#else
+# if HAVE_SYS_TIME_H
+# include <sys/time.h>
+# else
+# include <time.h>
+# endif
+#endif
+
#include <limits.h>
#include <errno.h>
#include "citadel.h"
#include "server.h"
+#include "dynloader.h"
#include "database.h"
#include "config.h"
#include "room_ops.h"
if (((CC->internal_pgm)) && (roombuf->QRflags & QR_INUSE)) {
return (UA_KNOWN | UA_GOTOALLOWED);
}
- /* For mailbox rooms, only allow access to the owner */
- if (roombuf->QRflags & QR_MAILBOX) {
- if (userbuf->usernum != atol(roombuf->QRname)) {
- return (retval);
- }
- }
+
/* Locate any applicable user/room relationships */
CtdlGetRelationship(&vbuf, userbuf, roombuf);
}
goto NEWMSG;
}
- /* For mailboxes, we skip all the access stuff (and we've
- * already checked by this point that the mailbox belongs
- * to the user)
- */
- if (roombuf->QRflags & QR_MAILBOX) {
- retval = UA_KNOWN | UA_GOTOALLOWED;
- goto NEWMSG;
- }
+
/* If this is a public room, it's accessible... */
- if ((roombuf->QRflags & QR_PRIVATE) == 0) {
+ if ( ((roombuf->QRflags & QR_PRIVATE) == 0)
+ && ((roombuf->QRflags & QR_MAILBOX) == 0) ) {
retval = retval | UA_KNOWN | UA_GOTOALLOWED;
}
+
/* If this is a preferred users only room, check access level */
if (roombuf->QRflags & QR_PREFONLY) {
if (userbuf->axlevel < 5) {
retval = retval & ~UA_KNOWN & ~UA_GOTOALLOWED;
}
}
+
/* For private rooms, check the generation number matchups */
- if (roombuf->QRflags & QR_PRIVATE) {
+ if ( (roombuf->QRflags & QR_PRIVATE)
+ && ((roombuf->QRflags & QR_MAILBOX) == 0) ) {
/* An explicit match means the user belongs in this room */
if (vbuf.v_flags & V_ACCESS) {
retval = retval | UA_GOTOALLOWED;
}
}
+
+ /* For mailbox rooms, also check the generation number matchups */
+ if (roombuf->QRflags & QR_MAILBOX) {
+ if (userbuf->usernum == atol(roombuf->QRname)) {
+ retval = retval | UA_KNOWN | UA_GOTOALLOWED;
+ }
+ /* An explicit match means the user belongs in this room */
+ if (vbuf.v_flags & V_ACCESS) {
+ retval = retval | UA_KNOWN | UA_GOTOALLOWED;
+ }
+ }
+
/* Check to see if the user has forgotten this room */
if (vbuf.v_flags & V_FORGET) {
retval = retval & ~UA_KNOWN;
- retval = retval | UA_ZAPPED;
+ if ( ( ((roombuf->QRflags & QR_PRIVATE) == 0)
+ && ((roombuf->QRflags & QR_MAILBOX) == 0) )
+ || ( (roombuf->QRflags & QR_MAILBOX)
+ && (atol(roombuf->QRname) == CC->usersupp.usernum))) {
+ retval = retval | UA_ZAPPED;
+ }
}
/* If user is explicitly locked out of this room, deny everything */
if (vbuf.v_flags & V_LOCKOUT) {
retval = retval & ~UA_KNOWN & ~UA_GOTOALLOWED;
}
- /* Aides get access to everything */
- if (userbuf->axlevel >= 6) {
+ /* Aides get access to all private rooms */
+ if ( (userbuf->axlevel >= 6)
+ && ((roombuf->QRflags & QR_MAILBOX) == 0) ) {
if (vbuf.v_flags & V_FORGET) {
retval = retval | UA_GOTOALLOWED;
}
}
}
+ /* On some systems, Aides can gain access to mailboxes as well */
+ if ( (config.c_aide_mailboxes)
+ && (userbuf->axlevel >= 6)
+ && (roombuf->QRflags & QR_MAILBOX) ) {
+ retval = retval | UA_GOTOALLOWED;
+ }
+
NEWMSG: /* By the way, we also check for the presence of new messages */
- if ((roombuf->QRhighest) > (vbuf.v_lastseen)) {
+ if (is_msg_in_mset(vbuf.v_seen, roombuf->QRhighest) == 0) {
retval = retval | UA_HASNEWMSGS;
}
+
+ /* System rooms never show up in the list. */
+ if (roombuf->QRflags2 & QR2_SYSTEM) {
+ retval = retval & ~UA_KNOWN;
+ }
return (retval);
}
/* If that didn't work, try the user's personal namespace */
if (cdbqr == NULL) {
- sprintf(personal_lowercase_name, "%010ld.%s",
- CC->usersupp.usernum, lowercase_name);
+ snprintf(personal_lowercase_name,
+ sizeof personal_lowercase_name, "%010ld.%s",
+ CC->usersupp.usernum, lowercase_name);
cdbqr = cdb_fetch(CDB_QUICKROOM,
personal_lowercase_name,
strlen(personal_lowercase_name));
struct quickroom qrbuf;
struct cdbdata *cdbqr;
- cdb_begin_transaction();
cdb_rewind(CDB_QUICKROOM);
while (cdbqr = cdb_next_item(CDB_QUICKROOM), cdbqr != NULL) {
if (qrbuf.QRflags & QR_INUSE)
(*CallBack)(&qrbuf, in_data);
}
- cdb_end_transaction();
}
{
char truncated_roomname[ROOMNAMELEN];
- /* For mailbox rooms, chop off the owner prefix */
- if (qrbuf->QRflags & QR_MAILBOX) {
+ /* For my own mailbox rooms, chop off the owner prefix */
+ if ( (qrbuf->QRflags & QR_MAILBOX)
+ && (atol(qrbuf->QRname) == CC->usersupp.usernum) ) {
strcpy(truncated_roomname, qrbuf->QRname);
strcpy(truncated_roomname, &truncated_roomname[11]);
cprintf("%s", truncated_roomname);
if (num_msgs > 0) for (a = 0; a < num_msgs; ++a) {
if (msglist[a] > 0L) {
++total_messages;
- if (msglist[a] > vbuf.v_lastseen) {
+ if (is_msg_in_mset(vbuf.v_seen, msglist[a]) == 0) {
++new_messages;
}
}
raideflag = 0;
strcpy(truncated_roomname, CC->quickroom.QRname);
- if (CC->quickroom.QRflags & QR_MAILBOX) {
+ if ( (CC->quickroom.QRflags & QR_MAILBOX)
+ && (atol(CC->quickroom.QRname) == CC->usersupp.usernum) ) {
strcpy(truncated_roomname, &truncated_roomname[11]);
}
if (display_result)
cprintf("%d%c%s|%d|%d|%d|%d|%ld|%ld|%d|%d|%d|%d\n",
- OK, CtdlCheckExpress(),
+ CIT_OK, CtdlCheckExpress(),
truncated_roomname,
new_messages, total_messages,
info, CC->quickroom.QRflags,
/* Then try a mailbox name match */
if (c != 0) {
- MailboxName(augmented_roomname, &CC->usersupp, towhere);
+ MailboxName(augmented_roomname, sizeof augmented_roomname,
+ &CC->usersupp, towhere);
c = getroom(&QRscratch, augmented_roomname);
if (c == 0)
strcpy(towhere, augmented_roomname);
ra = CtdlRoomAccess(&QRscratch, &CC->usersupp);
/* normal clients have to pass through security */
- if (ra & UA_GOTOALLOWED)
+ if (ra & UA_GOTOALLOWED) {
ok = 1;
+ }
if (ok == 1) {
- if ((QRscratch.QRflags & QR_PASSWORDED) &&
+ if ((QRscratch.QRflags & QR_MAILBOX) &&
+ ((ra & UA_GOTOALLOWED))) {
+ usergoto(towhere, 1, NULL, NULL);
+ return;
+ } else if ((QRscratch.QRflags & QR_PASSWORDED) &&
((ra & UA_KNOWN) == 0) &&
- (strcasecmp(QRscratch.QRpasswd, password))
+ (strcasecmp(QRscratch.QRpasswd, password)) &&
+ (CC->usersupp.axlevel < 6)
) {
cprintf("%d wrong or missing passwd\n",
ERROR + PASSWORD_REQUIRED);
} else if ((QRscratch.QRflags & QR_PRIVATE) &&
((QRscratch.QRflags & QR_PASSWORDED) == 0) &&
((QRscratch.QRflags & QR_GUESSNAME) == 0) &&
- ((ra & UA_KNOWN) == 0)) {
+ ((ra & UA_KNOWN) == 0) &&
+ (CC->usersupp.axlevel < 6)
+ ) {
+ lprintf(9, "Failed to acquire private room\n");
goto NOPE;
} else {
usergoto(towhere, 1, NULL, NULL);
struct usersupp temp;
struct cdbdata *cdbus;
- cdb_begin_transaction();
getuser(&CC->usersupp, CC->curr_user);
- if (CtdlAccessCheck(ac_room_aide)) return;
+
+ /*
+ * This command is only allowed by aides, room aides,
+ * and room namespace owners
+ */
+ if (is_room_aide()
+ || (atol(CC->quickroom.QRname) == CC->usersupp.usernum) ) {
+ /* access granted */
+ }
+ else {
+ /* access denied */
+ cprintf("%d Higher access or room ownership required.\n",
+ ERROR + HIGHER_ACCESS_REQUIRED);
+ return;
+ }
cprintf("%d Who knows room:\n", LISTING_FOLLOWS);
cdb_rewind(CDB_USERSUPP);
)
cprintf("%s\n", temp.fullname);
}
- cdb_end_transaction();
cprintf("000\n");
}
cprintf("%d %s|%s/files/%s\n",
LISTING_FOLLOWS, config.c_fqdn, BBSDIR, CC->quickroom.QRdirname);
- sprintf(buf, "ls %s/files/%s >%s 2> /dev/null",
+ snprintf(buf, sizeof buf, "ls %s/files/%s >%s 2> /dev/null",
BBSDIR, CC->quickroom.QRdirname, CC->temp);
system(buf);
- sprintf(buf, "%s/files/%s/filedir", BBSDIR, CC->quickroom.QRdirname);
+ snprintf(buf, sizeof buf, "%s/files/%s/filedir", BBSDIR, CC->quickroom.QRdirname);
fd = fopen(buf, "r");
if (fd == NULL)
fd = fopen("/dev/null", "r");
while (fgets(flnm, sizeof flnm, ls) != NULL) {
flnm[strlen(flnm) - 1] = 0;
if (strcasecmp(flnm, "filedir")) {
- sprintf(buf, "%s/files/%s/%s",
+ snprintf(buf, sizeof buf, "%s/files/%s/%s",
BBSDIR, CC->quickroom.QRdirname, flnm);
stat(buf, &statbuf);
strcpy(comment, "");
&buf[strlen(flnm) + 1],
sizeof comment);
}
- cprintf("%s|%ld|%s\n", flnm, statbuf.st_size, comment);
+ cprintf("%s|%ld|%s\n", flnm, (long)statbuf.st_size, comment);
}
}
fclose(ls);
getroom(&CC->quickroom, CC->quickroom.QRname);
cprintf("%d%c%s|%s|%s|%d|%d|%d\n",
- OK, CtdlCheckExpress(),
+ CIT_OK, CtdlCheckExpress(),
CC->quickroom.QRname,
((CC->quickroom.QRflags & QR_PASSWORDED) ? CC->quickroom.QRpasswd : ""),
((CC->quickroom.QRflags & QR_DIRECTORY) ? CC->quickroom.QRdirname : ""),
/* create a room directory if necessary */
if (CC->quickroom.QRflags & QR_DIRECTORY) {
- sprintf(buf,
+ snprintf(buf, sizeof buf,
"mkdir ./files/%s </dev/null >/dev/null 2>/dev/null",
CC->quickroom.QRdirname);
system(buf);
}
- sprintf(buf, "%s> edited by %s\n", CC->quickroom.QRname, CC->curr_user);
+ snprintf(buf, sizeof buf, "%s> edited by %s\n", CC->quickroom.QRname, CC->curr_user);
aide_message(buf);
- cprintf("%d Ok\n", OK);
+ cprintf("%d Ok\n", CIT_OK);
}
return;
}
if (getuserbynumber(&usbuf, CC->quickroom.QRroomaide) == 0) {
- cprintf("%d %s\n", OK, usbuf.fullname);
+ cprintf("%d %s\n", CIT_OK, usbuf.fullname);
} else {
- cprintf("%d \n", OK);
+ cprintf("%d \n", CIT_OK);
}
}
* the room table, otherwise it would deadlock!
*/
if (post_notice == 1) {
- sprintf(buf, "%s is now room aide for %s>\n",
+ snprintf(buf, sizeof buf, "%s is now room aide for %s>\n",
usbuf.fullname, CC->quickroom.QRname);
aide_message(buf);
}
- cprintf("%d Ok\n", OK);
+ cprintf("%d Ok\n", CIT_OK);
}
/*
* Generate an associated file name for a room
*/
-void assoc_file_name(char *buf, struct quickroom *qrbuf, char *prefix)
+void assoc_file_name(char *buf, size_t n,
+ struct quickroom *qrbuf, const char *prefix)
{
- sprintf(buf, "./%s/%ld", prefix, qrbuf->QRnumber);
+ snprintf(buf, n, "./%s/%ld", prefix, qrbuf->QRnumber);
}
/*
char buf[SIZ];
FILE *info_fp;
- assoc_file_name(filename, &CC->quickroom, "info");
+ assoc_file_name(filename, sizeof filename, &CC->quickroom, "info");
info_fp = fopen(filename, "r");
if (info_fp == NULL) {
lprintf(9, "Deleting room <%s>\n", qrbuf->QRname);
/* Delete the info file */
- assoc_file_name(filename, qrbuf, "info");
+ assoc_file_name(filename, sizeof filename, qrbuf, "info");
unlink(filename);
/* Delete the image file */
- assoc_file_name(filename, qrbuf, "images");
+ assoc_file_name(filename, sizeof filename, qrbuf, "images");
unlink(filename);
/* Delete the room's network config file */
- assoc_file_name(filename, qrbuf, "netconfigs");
+ assoc_file_name(filename, sizeof filename, qrbuf, "netconfigs");
unlink(filename);
/* Delete the messages in the room
}
+
+/*
+ * Check access control for deleting a room
+ */
+int CtdlDoIHavePermissionToDeleteThisRoom(struct quickroom *qr) {
+
+ if ((!(CC->logged_in)) && (!(CC->internal_pgm))) {
+ return(0);
+ }
+
+ if (is_noneditable(qr)) {
+ return(0);
+ }
+
+ /*
+ * For mailboxes, check stuff
+ */
+ if (qr->QRflags & QR_MAILBOX) {
+
+ if (strlen(qr->QRname) < 12) return(0); /* bad name */
+
+ if (atol(qr->QRname) != CC->usersupp.usernum) {
+ return(0); /* not my room */
+ }
+
+ /* Can't delete your Mail> room */
+ if (!strcasecmp(&qr->QRname[12], MAILROOM)) return(0);
+
+ /* Otherwise it's ok */
+ return(1);
+ }
+
+ /*
+ * For normal rooms, just check for aide or room aide status.
+ */
+ else {
+ return(is_room_aide());
+ }
+
+ /* Should never get to this point, but to keep the compiler quiet... */
+ return(0);
+}
+
/*
* aide command: kill the current room
*/
kill_ok = extract_int(argbuf, 0);
- if (CtdlAccessCheck(ac_room_aide)) return;
-
- if (is_noneditable(&CC->quickroom)) {
- cprintf("%d Can't edit this room.\n", ERROR + NOT_HERE);
+ if (CtdlDoIHavePermissionToDeleteThisRoom(&CC->quickroom) == 0) {
+ cprintf("%d Can't delete this room.\n", ERROR + NOT_HERE);
return;
}
if (kill_ok) {
usergoto(BASEROOM, 0, NULL, NULL); /* Return to the Lobby */
/* tell the world what we did */
- sprintf(aaa, "%s> killed by %s\n",
- deleted_room_name, CC->curr_user);
+ snprintf(aaa, sizeof aaa, "%s> killed by %s\n",
+ deleted_room_name, CC->curr_user);
aide_message(aaa);
- cprintf("%d '%s' deleted.\n", OK, deleted_room_name);
+ cprintf("%d '%s' deleted.\n", CIT_OK, deleted_room_name);
} else {
- cprintf("%d ok to delete.\n", OK);
+ cprintf("%d ok to delete.\n", CIT_OK);
}
}
* name accordingly (prepend the user number)
*/
if (new_room_type == 4) {
- MailboxName(qrbuf.QRname, &CC->usersupp, new_room_name);
+ MailboxName(qrbuf.QRname, sizeof qrbuf.QRname, &CC->usersupp, new_room_name);
}
else {
safestrncpy(qrbuf.QRname, new_room_name, sizeof qrbuf.QRname);
*/
if (!really_create) return (qrbuf.QRflags);
- cdb_begin_transaction();
qrbuf.QRnumber = get_new_room_number();
qrbuf.QRhighest = 0L; /* No messages in this room yet */
time(&qrbuf.QRgen); /* Use a timestamp as the generation number */
lputuser(&CC->usersupp);
/* resume our happy day */
- cdb_end_transaction();
return (qrbuf.QRflags);
}
int new_room_floor;
char aaa[SIZ];
unsigned newflags;
- struct quickroom qrbuf;
struct floor *fl;
cre8_ok = extract_int(args, 0);
}
if ((strlen(new_room_name) == 0) && (cre8_ok == 0)) {
- cprintf("%d Ok to create rooms.\n", OK);
+ cprintf("%d Ok to create rooms.\n", CIT_OK);
return;
}
new_room_type, new_room_pass, new_room_floor, 0);
if (newflags == 0) {
cprintf("%d '%s' already exists.\n",
- ERROR + ALREADY_EXISTS, qrbuf.QRname);
+ ERROR + ALREADY_EXISTS, new_room_name);
return;
}
if (cre8_ok == 0) {
- cprintf("%d OK to create '%s'\n", OK, new_room_name);
+ cprintf("%d OK to create '%s'\n", CIT_OK, new_room_name);
return;
}
strcat(aaa, "\n");
aide_message(aaa);
- cprintf("%d '%s' has been created.\n", OK, qrbuf.QRname);
+ cprintf("%d '%s' has been created.\n", CIT_OK, new_room_name);
}
{ /* enter info file for current room */
FILE *fp;
char infofilename[SIZ];
- char *ibuf;
+ char buf[SIZ];
if (CtdlAccessCheck(ac_room_aide)) return;
if (atoi(ok) == 0) {
- cprintf("%d Ok.\n", OK);
+ cprintf("%d Ok.\n", CIT_OK);
return;
}
- assoc_file_name(infofilename, &CC->quickroom, "info");
+ assoc_file_name(infofilename, sizeof infofilename, &CC->quickroom, "info");
lprintf(9, "opening\n");
fp = fopen(infofilename, "w");
lprintf(9, "checking\n");
cprintf("%d Send info...\n", SEND_LISTING);
do {
- client_gets(&ibuf);
- if (strcmp(ibuf, "000"))
- fprintf(fp, "%s\n", ibuf);
- } while (strcmp(ibuf, "000"));
+ client_gets(buf);
+ if (strcmp(buf, "000"))
+ fprintf(fp, "%s\n", buf);
+ } while (strcmp(buf, "000"));
fclose(fp);
/* now update the room index so people will see our new info */
return;
}
if (cflr_ok == 0) {
- cprintf("%d ok to create...\n", OK);
+ cprintf("%d ok to create...\n", CIT_OK);
return;
}
lgetfloor(&flbuf, free_slot);
flbuf.f_ref_count = 0;
safestrncpy(flbuf.f_name, new_floor_name, sizeof flbuf.f_name);
lputfloor(&flbuf, free_slot);
- cprintf("%d %d\n", OK, free_slot);
+ cprintf("%d %d\n", CIT_OK, free_slot);
}
delete_ok = 0;
} else {
if (kflr_ok == 1) {
- cprintf("%d Ok\n", OK);
+ cprintf("%d Ok\n", CIT_OK);
} else {
- cprintf("%d Ok to delete...\n", OK);
+ cprintf("%d Ok to delete...\n", CIT_OK);
}
}
extract(flbuf.f_name, argbuf, 1);
lputfloor(&flbuf, floor_num);
- cprintf("%d Ok\n", OK);
+ cprintf("%d Ok\n", CIT_OK);
}