if (((CC->internal_pgm)) && (roombuf->QRflags & QR_INUSE)) {
return (UA_KNOWN | UA_GOTOALLOWED);
}
- /* For mailbox rooms, only allow access to the owner */
- if (roombuf->QRflags & QR_MAILBOX) {
- if (userbuf->usernum != atol(roombuf->QRname)) {
- return(0);
- }
- }
+
/* Locate any applicable user/room relationships */
CtdlGetRelationship(&vbuf, userbuf, roombuf);
}
goto NEWMSG;
}
- /* For mailboxes, we skip all the access stuff (and we've
- * already checked by this point that the mailbox belongs
- * to the user)
- */
- if (roombuf->QRflags & QR_MAILBOX) {
- retval = UA_KNOWN | UA_GOTOALLOWED;
- goto NEWMSG;
- }
+
/* If this is a public room, it's accessible... */
- if ((roombuf->QRflags & QR_PRIVATE) == 0) {
+ if ( ((roombuf->QRflags & QR_PRIVATE) == 0)
+ && ((roombuf->QRflags & QR_MAILBOX) == 0) ) {
retval = retval | UA_KNOWN | UA_GOTOALLOWED;
}
+
/* If this is a preferred users only room, check access level */
if (roombuf->QRflags & QR_PREFONLY) {
if (userbuf->axlevel < 5) {
retval = retval & ~UA_KNOWN & ~UA_GOTOALLOWED;
}
}
+
/* For private rooms, check the generation number matchups */
- if (roombuf->QRflags & QR_PRIVATE) {
+ if ( (roombuf->QRflags & QR_PRIVATE)
+ && ((roombuf->QRflags & QR_MAILBOX) == 0) ) {
/* An explicit match means the user belongs in this room */
if (vbuf.v_flags & V_ACCESS) {
retval = retval | UA_GOTOALLOWED;
}
}
+
+ /* For mailbox rooms, also check the generation number matchups */
+ if (roombuf->QRflags & QR_MAILBOX) {
+ if (userbuf->usernum == atol(roombuf->QRname)) {
+ retval = retval | UA_KNOWN | UA_GOTOALLOWED;
+ }
+ /* An explicit match means the user belongs in this room */
+ if (vbuf.v_flags & V_ACCESS) {
+ retval = retval | UA_KNOWN | UA_GOTOALLOWED;
+ }
+ }
+
/* Check to see if the user has forgotten this room */
if (vbuf.v_flags & V_FORGET) {
retval = retval & ~UA_KNOWN;
- retval = retval | UA_ZAPPED;
+ if ( ( ((roombuf->QRflags & QR_PRIVATE) == 0)
+ && ((roombuf->QRflags & QR_MAILBOX) == 0) )
+ || ( (roombuf->QRflags & QR_MAILBOX)
+ && (atol(roombuf->QRname) == CC->usersupp.usernum))) {
+ retval = retval | UA_ZAPPED;
+ }
}
/* If user is explicitly locked out of this room, deny everything */
if (vbuf.v_flags & V_LOCKOUT) {
retval = retval & ~UA_KNOWN & ~UA_GOTOALLOWED;
}
- /* Aides get access to everything */
- if (userbuf->axlevel >= 6) {
+ /* Aides get access to all private rooms */
+ if ( (userbuf->axlevel >= 6)
+ && ((roombuf->QRflags & QR_MAILBOX) == 0) ) {
if (vbuf.v_flags & V_FORGET) {
retval = retval | UA_GOTOALLOWED;
}
}
}
+ /* On some systems, Aides can gain access to mailboxes as well */
+ if ( (config.c_aide_mailboxes)
+ && (userbuf->axlevel >= 6)
+ && (roombuf->QRflags & QR_MAILBOX) ) {
+ retval = retval | UA_GOTOALLOWED;
+ }
+
NEWMSG: /* By the way, we also check for the presence of new messages */
if (is_msg_in_mset(vbuf.v_seen, roombuf->QRhighest) == 0) {
retval = retval | UA_HASNEWMSGS;
/* If that didn't work, try the user's personal namespace */
if (cdbqr == NULL) {
- sprintf(personal_lowercase_name, "%010ld.%s",
- CC->usersupp.usernum, lowercase_name);
+ snprintf(personal_lowercase_name,
+ sizeof personal_lowercase_name, "%010ld.%s",
+ CC->usersupp.usernum, lowercase_name);
cdbqr = cdb_fetch(CDB_QUICKROOM,
personal_lowercase_name,
strlen(personal_lowercase_name));
{
char truncated_roomname[ROOMNAMELEN];
- /* For mailbox rooms, chop off the owner prefix */
- if (qrbuf->QRflags & QR_MAILBOX) {
+ /* For my own mailbox rooms, chop off the owner prefix */
+ if ( (qrbuf->QRflags & QR_MAILBOX)
+ && (atol(qrbuf->QRname) == CC->usersupp.usernum) ) {
strcpy(truncated_roomname, qrbuf->QRname);
strcpy(truncated_roomname, &truncated_roomname[11]);
cprintf("%s", truncated_roomname);
raideflag = 0;
strcpy(truncated_roomname, CC->quickroom.QRname);
- if (CC->quickroom.QRflags & QR_MAILBOX) {
+ if ( (CC->quickroom.QRflags & QR_MAILBOX)
+ && (atol(CC->quickroom.QRname) == CC->usersupp.usernum) ) {
strcpy(truncated_roomname, &truncated_roomname[11]);
}
if (display_result)
cprintf("%d%c%s|%d|%d|%d|%d|%ld|%ld|%d|%d|%d|%d\n",
- OK, CtdlCheckExpress(),
+ CIT_OK, CtdlCheckExpress(),
truncated_roomname,
new_messages, total_messages,
info, CC->quickroom.QRflags,
/* Then try a mailbox name match */
if (c != 0) {
- MailboxName(augmented_roomname, &CC->usersupp, towhere);
+ MailboxName(augmented_roomname, sizeof augmented_roomname,
+ &CC->usersupp, towhere);
c = getroom(&QRscratch, augmented_roomname);
if (c == 0)
strcpy(towhere, augmented_roomname);
ra = CtdlRoomAccess(&QRscratch, &CC->usersupp);
/* normal clients have to pass through security */
- if (ra & UA_GOTOALLOWED)
+ if (ra & UA_GOTOALLOWED) {
ok = 1;
+ }
if (ok == 1) {
- if ((QRscratch.QRflags & QR_PASSWORDED) &&
+ if ((QRscratch.QRflags & QR_MAILBOX) &&
+ ((ra & UA_GOTOALLOWED))) {
+ usergoto(towhere, 1, NULL, NULL);
+ return;
+ } else if ((QRscratch.QRflags & QR_PASSWORDED) &&
((ra & UA_KNOWN) == 0) &&
(strcasecmp(QRscratch.QRpasswd, password)) &&
(CC->usersupp.axlevel < 6)
((ra & UA_KNOWN) == 0) &&
(CC->usersupp.axlevel < 6)
) {
+ lprintf(9, "Failed to acquire private room\n");
goto NOPE;
} else {
usergoto(towhere, 1, NULL, NULL);
struct cdbdata *cdbus;
getuser(&CC->usersupp, CC->curr_user);
- if (CtdlAccessCheck(ac_room_aide)) return;
+
+ /*
+ * This command is only allowed by aides, room aides,
+ * and room namespace owners
+ */
+ if (is_room_aide()
+ || (atol(CC->quickroom.QRname) == CC->usersupp.usernum) ) {
+ /* access granted */
+ }
+ else {
+ /* access denied */
+ cprintf("%d Higher access or room ownership required.\n",
+ ERROR + HIGHER_ACCESS_REQUIRED);
+ return;
+ }
cprintf("%d Who knows room:\n", LISTING_FOLLOWS);
cdb_rewind(CDB_USERSUPP);
cprintf("%d %s|%s/files/%s\n",
LISTING_FOLLOWS, config.c_fqdn, BBSDIR, CC->quickroom.QRdirname);
- sprintf(buf, "ls %s/files/%s >%s 2> /dev/null",
+ snprintf(buf, sizeof buf, "ls %s/files/%s >%s 2> /dev/null",
BBSDIR, CC->quickroom.QRdirname, CC->temp);
system(buf);
- sprintf(buf, "%s/files/%s/filedir", BBSDIR, CC->quickroom.QRdirname);
+ snprintf(buf, sizeof buf, "%s/files/%s/filedir", BBSDIR, CC->quickroom.QRdirname);
fd = fopen(buf, "r");
if (fd == NULL)
fd = fopen("/dev/null", "r");
while (fgets(flnm, sizeof flnm, ls) != NULL) {
flnm[strlen(flnm) - 1] = 0;
if (strcasecmp(flnm, "filedir")) {
- sprintf(buf, "%s/files/%s/%s",
+ snprintf(buf, sizeof buf, "%s/files/%s/%s",
BBSDIR, CC->quickroom.QRdirname, flnm);
stat(buf, &statbuf);
strcpy(comment, "");
&buf[strlen(flnm) + 1],
sizeof comment);
}
- cprintf("%s|%ld|%s\n", flnm, statbuf.st_size, comment);
+ cprintf("%s|%ld|%s\n", flnm, (long)statbuf.st_size, comment);
}
}
fclose(ls);
getroom(&CC->quickroom, CC->quickroom.QRname);
cprintf("%d%c%s|%s|%s|%d|%d|%d\n",
- OK, CtdlCheckExpress(),
+ CIT_OK, CtdlCheckExpress(),
CC->quickroom.QRname,
((CC->quickroom.QRflags & QR_PASSWORDED) ? CC->quickroom.QRpasswd : ""),
((CC->quickroom.QRflags & QR_DIRECTORY) ? CC->quickroom.QRdirname : ""),
/* create a room directory if necessary */
if (CC->quickroom.QRflags & QR_DIRECTORY) {
- sprintf(buf,
+ snprintf(buf, sizeof buf,
"mkdir ./files/%s </dev/null >/dev/null 2>/dev/null",
CC->quickroom.QRdirname);
system(buf);
}
- sprintf(buf, "%s> edited by %s\n", CC->quickroom.QRname, CC->curr_user);
+ snprintf(buf, sizeof buf, "%s> edited by %s\n", CC->quickroom.QRname, CC->curr_user);
aide_message(buf);
- cprintf("%d Ok\n", OK);
+ cprintf("%d Ok\n", CIT_OK);
}
return;
}
if (getuserbynumber(&usbuf, CC->quickroom.QRroomaide) == 0) {
- cprintf("%d %s\n", OK, usbuf.fullname);
+ cprintf("%d %s\n", CIT_OK, usbuf.fullname);
} else {
- cprintf("%d \n", OK);
+ cprintf("%d \n", CIT_OK);
}
}
* the room table, otherwise it would deadlock!
*/
if (post_notice == 1) {
- sprintf(buf, "%s is now room aide for %s>\n",
+ snprintf(buf, sizeof buf, "%s is now room aide for %s>\n",
usbuf.fullname, CC->quickroom.QRname);
aide_message(buf);
}
- cprintf("%d Ok\n", OK);
+ cprintf("%d Ok\n", CIT_OK);
}
/*
* Generate an associated file name for a room
*/
-void assoc_file_name(char *buf, struct quickroom *qrbuf, char *prefix)
+void assoc_file_name(char *buf, size_t n,
+ struct quickroom *qrbuf, const char *prefix)
{
- sprintf(buf, "./%s/%ld", prefix, qrbuf->QRnumber);
+ snprintf(buf, n, "./%s/%ld", prefix, qrbuf->QRnumber);
}
/*
char buf[SIZ];
FILE *info_fp;
- assoc_file_name(filename, &CC->quickroom, "info");
+ assoc_file_name(filename, sizeof filename, &CC->quickroom, "info");
info_fp = fopen(filename, "r");
if (info_fp == NULL) {
lprintf(9, "Deleting room <%s>\n", qrbuf->QRname);
/* Delete the info file */
- assoc_file_name(filename, qrbuf, "info");
+ assoc_file_name(filename, sizeof filename, qrbuf, "info");
unlink(filename);
/* Delete the image file */
- assoc_file_name(filename, qrbuf, "images");
+ assoc_file_name(filename, sizeof filename, qrbuf, "images");
unlink(filename);
/* Delete the room's network config file */
- assoc_file_name(filename, qrbuf, "netconfigs");
+ assoc_file_name(filename, sizeof filename, qrbuf, "netconfigs");
unlink(filename);
/* Delete the messages in the room
usergoto(BASEROOM, 0, NULL, NULL); /* Return to the Lobby */
/* tell the world what we did */
- sprintf(aaa, "%s> killed by %s\n",
- deleted_room_name, CC->curr_user);
+ snprintf(aaa, sizeof aaa, "%s> killed by %s\n",
+ deleted_room_name, CC->curr_user);
aide_message(aaa);
- cprintf("%d '%s' deleted.\n", OK, deleted_room_name);
+ cprintf("%d '%s' deleted.\n", CIT_OK, deleted_room_name);
} else {
- cprintf("%d ok to delete.\n", OK);
+ cprintf("%d ok to delete.\n", CIT_OK);
}
}
* name accordingly (prepend the user number)
*/
if (new_room_type == 4) {
- MailboxName(qrbuf.QRname, &CC->usersupp, new_room_name);
+ MailboxName(qrbuf.QRname, sizeof qrbuf.QRname, &CC->usersupp, new_room_name);
}
else {
safestrncpy(qrbuf.QRname, new_room_name, sizeof qrbuf.QRname);
int new_room_floor;
char aaa[SIZ];
unsigned newflags;
- struct quickroom qrbuf;
struct floor *fl;
cre8_ok = extract_int(args, 0);
}
if ((strlen(new_room_name) == 0) && (cre8_ok == 0)) {
- cprintf("%d Ok to create rooms.\n", OK);
+ cprintf("%d Ok to create rooms.\n", CIT_OK);
return;
}
new_room_type, new_room_pass, new_room_floor, 0);
if (newflags == 0) {
cprintf("%d '%s' already exists.\n",
- ERROR + ALREADY_EXISTS, qrbuf.QRname);
+ ERROR + ALREADY_EXISTS, new_room_name);
return;
}
if (cre8_ok == 0) {
- cprintf("%d OK to create '%s'\n", OK, new_room_name);
+ cprintf("%d OK to create '%s'\n", CIT_OK, new_room_name);
return;
}
strcat(aaa, "\n");
aide_message(aaa);
- cprintf("%d '%s' has been created.\n", OK, qrbuf.QRname);
+ cprintf("%d '%s' has been created.\n", CIT_OK, new_room_name);
}
if (CtdlAccessCheck(ac_room_aide)) return;
if (atoi(ok) == 0) {
- cprintf("%d Ok.\n", OK);
+ cprintf("%d Ok.\n", CIT_OK);
return;
}
- assoc_file_name(infofilename, &CC->quickroom, "info");
+ assoc_file_name(infofilename, sizeof infofilename, &CC->quickroom, "info");
lprintf(9, "opening\n");
fp = fopen(infofilename, "w");
lprintf(9, "checking\n");
return;
}
if (cflr_ok == 0) {
- cprintf("%d ok to create...\n", OK);
+ cprintf("%d ok to create...\n", CIT_OK);
return;
}
lgetfloor(&flbuf, free_slot);
flbuf.f_ref_count = 0;
safestrncpy(flbuf.f_name, new_floor_name, sizeof flbuf.f_name);
lputfloor(&flbuf, free_slot);
- cprintf("%d %d\n", OK, free_slot);
+ cprintf("%d %d\n", CIT_OK, free_slot);
}
delete_ok = 0;
} else {
if (kflr_ok == 1) {
- cprintf("%d Ok\n", OK);
+ cprintf("%d Ok\n", CIT_OK);
} else {
- cprintf("%d Ok to delete...\n", OK);
+ cprintf("%d Ok to delete...\n", CIT_OK);
}
}
extract(flbuf.f_name, argbuf, 1);
lputfloor(&flbuf, floor_num);
- cprintf("%d Ok\n", OK);
+ cprintf("%d Ok\n", CIT_OK);
}