X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fuser_ops.c;h=7f84fa21eadb893c5bbd51cfe5bc6b8533616702;hb=e96b8a7ee7627f35d18722616f030101c149cb2a;hp=ff56484ca016121f1f2fc7bab6be967f0fd3d679;hpb=11219dbc3e638e7ee47feffbbb7d63588d7dd77f;p=citadel.git diff --git a/citadel/user_ops.c b/citadel/user_ops.c index ff56484ca..7f84fa21e 100644 --- a/citadel/user_ops.c +++ b/citadel/user_ops.c @@ -16,6 +16,9 @@ #include #include #include +#ifdef HAVE_SYS_STAT_H +#include +#endif #if TIME_WITH_SYS_TIME # include @@ -30,14 +33,12 @@ #include #include -#ifndef ENABLE_CHKPWD +#include #include "auth.h" -#endif #include "citadel.h" #include "server.h" #include "database.h" #include "user_ops.h" -#include "serv_extensions.h" #include "sysdep_decls.h" #include "support.h" #include "room_ops.h" @@ -45,18 +46,30 @@ #include "control.h" #include "msgbase.h" #include "config.h" -#include "tools.h" #include "citserver.h" +#include "citadel_dirs.h" +#include "genstamp.h" +#include "threads.h" +/* These pipes are used to talk to the chkpwd daemon, which is forked during startup */ +int chkpwd_write_pipe[2]; +int chkpwd_read_pipe[2]; /* * makeuserkey() - convert a username into the format used as a database key - * (it's just the username converted into lower case) + * (it's just the username converted into lower case) */ static INLINE void makeuserkey(char *key, char *username) { int i, len; len = strlen(username); + if (len >= USERNAME_SIZE) + { + lprintf (CTDL_EMERG, "Username to long: %s", username); + cit_backtrace (); + len = USERNAME_SIZE - 1; + username[USERNAME_SIZE - 1]='\0'; + } for (i=0; i<=len; ++i) { key[i] = tolower(username[i]); } @@ -65,7 +78,7 @@ static INLINE void makeuserkey(char *key, char *username) { /* * getuser() - retrieve named user into supplied buffer. - * returns 0 on success + * returns 0 on success */ int getuser(struct ctdluser *usbuf, char name[]) { @@ -166,8 +179,9 @@ int GenerateRelationshipIndex(char *IndexBuf, void put_visit(struct visit *newvisit) { char IndexBuf[32]; - int IndexLen; + int IndexLen = 0; + memset (IndexBuf, 0, sizeof (IndexBuf)); /* Generate an index */ IndexLen = GenerateRelationshipIndex(IndexBuf, newvisit->v_roomnum, @@ -282,10 +296,10 @@ int is_room_aide(void) /* * getuserbynumber() - get user by number - * returns 0 if user was found + * returns 0 if user was found * * WARNING: don't use this function unless you absolutely have to. It does - * a sequential search and therefore is computationally expensive. + * a sequential search and therefore is computationally expensive. */ int getuserbynumber(struct ctdluser *usbuf, long int number) { @@ -308,13 +322,12 @@ int getuserbynumber(struct ctdluser *usbuf, long int number) } -#ifdef ENABLE_AUTOLOGIN /* * getuserbyuid() - get user by system uid (for PAM mode authentication) - * returns 0 if user was found + * returns 0 if user was found * * WARNING: don't use this function unless you absolutely have to. It does - * a sequential search and therefore is computationally expensive. + * a sequential search and therefore is computationally expensive. */ int getuserbyuid(struct ctdluser *usbuf, uid_t number) { @@ -335,77 +348,102 @@ int getuserbyuid(struct ctdluser *usbuf, uid_t number) } return (-1); } -#endif /* ENABLE_AUTOLOGIN */ - - /* * Back end for cmd_user() and its ilk + * + * NOTE: "authname" should only be used if we are attempting to use the "master user" feature */ -int CtdlLoginExistingUser(char *trythisname) +int CtdlLoginExistingUser(char *authname, char *trythisname) { char username[SIZ]; int found_user; + lprintf(9, "CtdlLoginExistingUser(%s, %s)\n", authname, trythisname); + if ((CC->logged_in)) { return login_already_logged_in; } if (trythisname == NULL) return login_not_found; + + /* If a "master user" is defined, handle its authentication if specified */ + CC->is_master = 0; + if (strlen(config.c_master_user) > 0) if (strlen(config.c_master_pass) > 0) if (authname) { + if (!strcasecmp(authname, config.c_master_user)) { + CC->is_master = 1; + } + } + + /* Continue attempting user validation... */ safestrncpy(username, trythisname, USERNAME_SIZE); striplt(username); - if (strlen(username) == 0) { + if (IsEmptyStr(username)) { return login_not_found; } -#ifdef ENABLE_AUTOLOGIN - - /* If this is an autologin build, the only valid auth source is the - * host operating system. - */ - struct passwd pd; - struct passwd *tempPwdPtr; - char pwdbuffer[256]; + if (config.c_auth_mode == AUTHMODE_HOST) { - lprintf(CTDL_DEBUG, "asking host about <%s>\n", username); - getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer, &tempPwdPtr); - if (tempPwdPtr == NULL) { - return login_not_found; - } - lprintf(CTDL_DEBUG, "found it! uid=%d, gecos=%s\n", pd.pw_uid, pd.pw_gecos); + /* host auth mode */ - /* Locate the associated Citadel account. - * If not found, make one attempt to create it. - */ - found_user = getuserbyuid(&CC->user, pd.pw_uid); - if (found_user != 0) { - create_user(username, 0); + struct passwd pd; + struct passwd *tempPwdPtr; + char pwdbuffer[256]; + + lprintf(CTDL_DEBUG, "asking host about <%s>\n", username); +#ifdef HAVE_GETPWNAM_R +#ifdef SOLARIS_GETPWUID + lprintf(CTDL_DEBUG, "Calling getpwnam_r()\n"); + tempPwdPtr = getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer); +#else // SOLARIS_GETPWUID + lprintf(CTDL_DEBUG, "Calling getpwnam_r()\n"); + getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer, &tempPwdPtr); +#endif // SOLARIS_GETPWUID +#else // HAVE_GETPWNAM_R + lprintf(CTDL_DEBUG, "SHOULD NEVER GET HERE!!!\n"); + tempPwdPtr = NULL; +#endif // HAVE_GETPWNAM_R + if (tempPwdPtr == NULL) { + lprintf(CTDL_DEBUG, "no such user <%s>\n", username); + return login_not_found; + } + + /* Locate the associated Citadel account. + * If not found, make one attempt to create it. + */ found_user = getuserbyuid(&CC->user, pd.pw_uid); - } + lprintf(CTDL_DEBUG, "found it: uid=%ld, gecos=%s here: %d\n", + (long)pd.pw_uid, pd.pw_gecos, found_user); + if (found_user != 0) { + create_user(username, 0); + found_user = getuserbyuid(&CC->user, pd.pw_uid); + } -#else /* ENABLE_AUTOLOGIN */ - struct recptypes *valid = NULL; + } - /* First, try to log in as if the supplied name is a display name */ - found_user = getuser(&CC->user, username); + else { + /* native auth mode */ - /* If that didn't work, try to log in as if the supplied name - * is an e-mail address - */ - if (found_user != 0) { - valid = validate_recipients(username); - if (valid != NULL) { - if (valid->num_local == 1) { - found_user = getuser(&CC->user, - valid->recp_local); + struct recptypes *valid = NULL; + + /* First, try to log in as if the supplied name is a display name */ + found_user = getuser(&CC->user, username); + + /* If that didn't work, try to log in as if the supplied name + * is an e-mail address + */ + if (found_user != 0) { + valid = validate_recipients(username, NULL, 0); + if (valid != NULL) { + if (valid->num_local == 1) { + found_user = getuser(&CC->user, valid->recp_local); + } + free_recipients(valid); } - free(valid); } } -#endif /* ENABLE_AUTOLOGIN */ - /* Did we find something? */ if (found_user == 0) { if (((CC->nologin)) && (CC->user.axlevel < 6)) { @@ -432,7 +470,7 @@ void cmd_user(char *cmdbuf) extract_token(username, cmdbuf, 0, '|', sizeof username); striplt(username); - a = CtdlLoginExistingUser(username); + a = CtdlLoginExistingUser(NULL, username); switch (a) { case login_already_logged_in: cprintf("%d Already logged in.\n", ERROR + ALREADY_LOGGED_IN); @@ -463,7 +501,7 @@ void cmd_user(char *cmdbuf) */ void session_startup(void) { - int i; + int i = 0; lprintf(CTDL_NOTICE, "<%s> logged in\n", CC->curr_user); @@ -479,14 +517,14 @@ void session_startup(void) CC->user.axlevel = 6; } -#ifdef ENABLE_AUTOLOGIN /* If we're authenticating off the host system, automatically give * root the highest level of access. */ - if (CC->user.uid == 0) { - CC->user.axlevel = 6; + if (config.c_auth_mode == AUTHMODE_HOST) { + if (CC->user.uid == 0) { + CC->user.axlevel = 6; + } } -#endif lputuser(&CC->user); @@ -497,7 +535,7 @@ void session_startup(void) */ snprintf(CC->cs_inet_email, sizeof CC->cs_inet_email, "%s@%s", CC->user.fullname, config.c_fqdn); - for (i=0; ics_inet_email); ++i) { + for (i=0; !IsEmptyStr(&CC->cs_inet_email[i]); ++i) { if (isspace(CC->cs_inet_email[i])) { CC->cs_inet_email[i] = '_'; } @@ -541,7 +579,6 @@ void logout(struct CitContext *who) * make that assumption. */ strcpy(who->fake_username, ""); - strcpy(who->fake_postname, ""); strcpy(who->fake_hostname, ""); strcpy(who->fake_roomname, ""); who->logged_in = 0; @@ -564,12 +601,16 @@ void logout(struct CitContext *who) /* * If we were talking to a network node, we're not anymore... */ - if (strlen(who->net_node) > 0) { + if (!IsEmptyStr(who->net_node)) { network_talking_to(who->net_node, NTT_REMOVE); } /* Do modular stuff... */ PerformSessionHooks(EVT_LOGOUT); + + /* Check to see if the user was deleted whilst logged in and purge them if necessary */ + if (who->user.axlevel == 0) + purge_user(who->user.fullname); /* Free any output buffers */ if (who->output_buffer != NULL) { @@ -577,63 +618,79 @@ void logout(struct CitContext *who) } } -#ifdef ENABLE_CHKPWD /* - * an alternate version of validpw() which executes `chkpwd' instead of - * verifying the password directly + * Validate a password on the host unix system by talking to the chkpwd daemon */ static int validpw(uid_t uid, const char *pass) { - pid_t pid; - int status, pipev[2]; - char buf[24]; + char buf[256]; - if (pipe(pipev)) { - lprintf(CTDL_ERR, "pipe failed (%s): denying autologin access for " - "uid %ld\n", strerror(errno), (long)uid); + if (IsEmptyStr(pass)) { + lprintf(CTDL_DEBUG, "refusing to check empty password for uid=%d using chkpwd...\n", uid); return 0; } - switch (pid = fork()) { - case -1: - lprintf(CTDL_ERR, "fork failed (%s): denying autologin access for " - "uid %ld\n", strerror(errno), (long)uid); - close(pipev[0]); - close(pipev[1]); - return 0; - case 0: - close(pipev[1]); - if (dup2(pipev[0], 0) == -1) { - perror("dup2"); - exit(1); - } - close(pipev[0]); - - execl(CTDLDIR "/chkpwd", CTDLDIR "/chkpwd", NULL); - perror(CTDLDIR "/chkpwd"); - exit(1); - } - - close(pipev[0]); - write(pipev[1], buf, - snprintf(buf, sizeof buf, "%lu\n", (unsigned long) uid)); - write(pipev[1], pass, strlen(pass)); - write(pipev[1], "\n", 1); - close(pipev[1]); - - while (waitpid(pid, &status, 0) == -1) - if (errno != EINTR) { - lprintf(CTDL_ERR, "waitpid failed (%s): denying autologin " - "access for uid %ld\n", - strerror(errno), (long)uid); - return 0; - } - if (WIFEXITED(status) && !WEXITSTATUS(status)) - return 1; + lprintf(CTDL_DEBUG, "Validating password for uid=%d using chkpwd...\n", uid); + begin_critical_section(S_CHKPWD); + write(chkpwd_write_pipe[1], &uid, sizeof(uid_t)); + write(chkpwd_write_pipe[1], pass, 256); + read(chkpwd_read_pipe[0], buf, 4); + end_critical_section(S_CHKPWD); + + if (!strncmp(buf, "PASS", 4)) { + lprintf(CTDL_DEBUG, "...pass\n"); + return(1); + } + + lprintf(CTDL_DEBUG, "...fail\n"); return 0; } -#endif + +/* + * Start up the chkpwd daemon so validpw() has something to talk to + */ +void start_chkpwd_daemon(void) { + pid_t chkpwd_pid; + struct stat filestats; + int i; + + lprintf(CTDL_DEBUG, "Starting chkpwd daemon for host authentication mode\n"); + + if ((stat(file_chkpwd, &filestats)==-1) || + (filestats.st_size==0)){ + printf("didn't find chkpwd daemon in %s: %s\n", file_chkpwd, strerror(errno)); + abort(); + } + if (pipe(chkpwd_write_pipe) != 0) { + lprintf(CTDL_EMERG, "Unable to create pipe for chkpwd daemon: %s\n", strerror(errno)); + abort(); + } + if (pipe(chkpwd_read_pipe) != 0) { + lprintf(CTDL_EMERG, "Unable to create pipe for chkpwd daemon: %s\n", strerror(errno)); + abort(); + } + + chkpwd_pid = fork(); + if (chkpwd_pid < 0) { + lprintf(CTDL_EMERG, "Unable to fork chkpwd daemon: %s\n", strerror(errno)); + abort(); + } + if (chkpwd_pid == 0) { + lprintf(CTDL_DEBUG, "Now calling dup2() write\n"); + dup2(chkpwd_write_pipe[0], 0); + lprintf(CTDL_DEBUG, "Now calling dup2() write\n"); + dup2(chkpwd_read_pipe[1], 1); + lprintf(CTDL_DEBUG, "Now closing stuff\n"); + for (i=2; i<256; ++i) close(i); + lprintf(CTDL_DEBUG, "Now calling execl(%s)\n", file_chkpwd); + execl(file_chkpwd, file_chkpwd, NULL); + lprintf(CTDL_EMERG, "Unable to exec chkpwd daemon: %s\n", strerror(errno)); + abort(); + exit(errno); + } +} + void do_login() { @@ -664,31 +721,50 @@ int CtdlTryPassword(char *password) } code = (-1); + if (CC->is_master) { + code = strcmp(password, config.c_master_pass); + } -#ifdef ENABLE_AUTOLOGIN + else if (config.c_auth_mode == AUTHMODE_HOST) { - if (validpw(CC->user.uid, password)) { - code = 0; - /* we could get rid of this */ - lgetuser(&CC->user, CC->curr_user); - safestrncpy(CC->user.password, password, sizeof CC->user.password); - lputuser(&CC->user); - /* */ - } - else { - code = (-1); + /* host auth mode */ + + if (validpw(CC->user.uid, password)) { + code = 0; + + /* + * sooper-seekrit hack: populate the password field in the + * citadel database with the password that the user typed, + * if it's correct. This allows most sites to convert from + * host auth to native auth if they want to. If you think + * this is a security hazard, comment it out. + */ + + lgetuser(&CC->user, CC->curr_user); + safestrncpy(CC->user.password, password, sizeof CC->user.password); + lputuser(&CC->user); + + /* + * (sooper-seekrit hack ends here) + */ + + } + else { + code = (-1); + } } -#else /* ENABLE_AUTOLOGIN */ + else { - strproc(password); - strproc(CC->user.password); - code = strcasecmp(CC->user.password, password); - strproc(password); - strproc(CC->user.password); - code = strcasecmp(CC->user.password, password); + /* native auth mode */ -#endif /* ENABLE_AUTOLOGIN */ + strproc(password); + strproc(CC->user.password); + code = strcasecmp(CC->user.password, password); + strproc(password); + strproc(CC->user.password); + code = strcasecmp(CC->user.password, password); + } if (!code) { do_login(); @@ -740,6 +816,10 @@ int purge_user(char pname[]) makeuserkey(usernamekey, pname); + /* If the name is empty we can't find them in the DB any way so just return */ + if (IsEmptyStr(pname)) + return (ERROR + NO_SUCH_USER); + if (getuser(&usbuf, pname) != 0) { lprintf(CTDL_ERR, "Cannot purge user <%s> - not found\n", pname); return (ERROR + NO_SUCH_USER); @@ -806,25 +886,48 @@ int create_user(char *newusername, int become_user) struct ctdlroom qrbuf; char username[256]; char mailboxname[ROOMNAMELEN]; + char buf[SIZ]; uid_t uid = (-1); safestrncpy(username, newusername, sizeof username); strproc(username); -#ifdef ENABLE_AUTOLOGIN - struct passwd pd; - struct passwd *tempPwdPtr; - char pwdbuffer[256]; + if (config.c_auth_mode == AUTHMODE_HOST) { - getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer, &tempPwdPtr); - if (tempPwdPtr != NULL) { - extract_token(username, pd.pw_gecos, 0, ',', sizeof username); - uid = pd.pw_uid; - } - else { - return (ERROR + NO_SUCH_USER); + /* host auth mode */ + + struct passwd pd; + struct passwd *tempPwdPtr; + char pwdbuffer[256]; + +#ifdef HAVE_GETPWNAM_R +#ifdef SOLARIS_GETPWUID + tempPwdPtr = getpwnam_r(username, &pd, pwdbuffer, sizeof(pwdbuffer)); +#else // SOLARIS_GETPWUID + getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer, &tempPwdPtr); +#endif // SOLARIS_GETPWUID +#else // HAVE_GETPWNAM_R + tempPwdPtr = NULL; +#endif // HAVE_GETPWNAM_R + if (tempPwdPtr != NULL) { + extract_token(username, pd.pw_gecos, 0, ',', sizeof username); + uid = pd.pw_uid; + if (IsEmptyStr (username)) + { + lprintf (CTDL_EMERG, + "Can't find Realname for user %s [%d] in the Host Auth Database; giving up.\n", + newusername, pd.pw_uid); + snprintf(buf, SIZ, + "Can't find Realname for user %s [%d] in the Host Auth Database; giving up.\n", + newusername, pd.pw_uid); + aide_message(buf, "User Creation Failure Notice"); + + } + } + else { + return (ERROR + NO_SUCH_USER); + } } -#endif if (!getuser(&usbuf, username)) { return (ERROR + ALREADY_EXISTS); @@ -866,10 +969,10 @@ int create_user(char *newusername, int become_user) MailboxName(mailboxname, sizeof mailboxname, &usbuf, USERCONFIGROOM); create_room(mailboxname, 5, "", 0, 1, 1, VIEW_BBS); - if (lgetroom(&qrbuf, mailboxname) == 0) { - qrbuf.QRflags2 |= QR2_SYSTEM; - lputroom(&qrbuf); - } + if (lgetroom(&qrbuf, mailboxname) == 0) { + qrbuf.QRflags2 |= QR2_SYSTEM; + lputroom(&qrbuf); + } /* Perform any create functions registered by server extensions */ PerformUserHooks(&usbuf, EVT_NEWUSER); @@ -889,7 +992,14 @@ int create_user(char *newusername, int become_user) return (ERROR + INTERNAL_ERROR); } } - + + snprintf(buf, SIZ, + "New user account <%s> has been created, from host %s [%s].\n", + username, + CC->cs_host, + CC->cs_addr + ); + aide_message(buf, "User Creation Notice"); lprintf(CTDL_NOTICE, "New user <%s> created\n", username); return (0); } @@ -905,11 +1015,11 @@ void cmd_newu(char *cmdbuf) int a; char username[26]; -#ifdef ENABLE_AUTOLOGIN - cprintf("%d This system does not use native mode authentication.\n", - ERROR + NOT_HERE); - return; -#endif /* ENABLE_AUTOLOGIN */ + if (config.c_auth_mode != AUTHMODE_NATIVE) { + cprintf("%d This system does not use native mode authentication.\n", + ERROR + NOT_HERE); + return; + } if (config.c_disable_newu) { cprintf("%d Self-service user account creation " @@ -930,7 +1040,7 @@ void cmd_newu(char *cmdbuf) username[25] = 0; strproc(username); - if (strlen(username) == 0) { + if (IsEmptyStr(username)) { cprintf("%d You must supply a user name.\n", ERROR + USERNAME_REQUIRED); return; } @@ -974,8 +1084,13 @@ void cmd_setp(char *new_pw) cprintf("%d Not allowed. Use the 'passwd' command.\n", ERROR + NOT_HERE); return; } + if (CC->is_master) { + cprintf("%d The master prefix password cannot be changed with this command.\n", + ERROR + NOT_HERE); + return; + } strproc(new_pw); - if (strlen(new_pw) == 0) { + if (IsEmptyStr(new_pw)) { cprintf("%d Password unchanged.\n", CIT_OK); return; } @@ -1009,7 +1124,7 @@ void cmd_creu(char *cmdbuf) strproc(username); strproc(password); - if (strlen(username) == 0) { + if (IsEmptyStr(username)) { cprintf("%d You must supply a user name.\n", ERROR + USERNAME_REQUIRED); return; } @@ -1017,21 +1132,24 @@ void cmd_creu(char *cmdbuf) a = create_user(username, 0); if (a == 0) { - if (strlen(password) > 0) { + if (!IsEmptyStr(password)) { lgetuser(&tmp, username); safestrncpy(tmp.password, password, sizeof(tmp.password)); lputuser(&tmp); } cprintf("%d User '%s' created %s.\n", CIT_OK, username, - (strlen(password) > 0) ? "and password set" : + (!IsEmptyStr(password)) ? "and password set" : "with no password"); return; } else if (a == ERROR + ALREADY_EXISTS) { - cprintf("%d '%s' already exists.\n", - ERROR + ALREADY_EXISTS, username); + cprintf("%d '%s' already exists.\n", ERROR + ALREADY_EXISTS, username); + return; + } else if ( (config.c_auth_mode != AUTHMODE_NATIVE) && (a == ERROR + NO_SUCH_USER) ) { + cprintf("%d User accounts are not created within Citadel in host authentication mode.\n", + ERROR + NO_SUCH_USER); return; } else { - cprintf("%d An error occured creating the user account.\n", ERROR + INTERNAL_ERROR); + cprintf("%d An error occurred creating the user account.\n", ERROR + INTERNAL_ERROR); } } @@ -1201,10 +1319,10 @@ void cmd_invt_kick(char *iuser, int op) { /* access granted */ } else { /* access denied */ - cprintf("%d Higher access or room ownership required.\n", - ERROR + HIGHER_ACCESS_REQUIRED); - return; - } + cprintf("%d Higher access or room ownership required.\n", + ERROR + HIGHER_ACCESS_REQUIRED); + return; + } if (!strncasecmp(CC->room.QRname, config.c_baseroom, ROOMNAMELEN)) { @@ -1555,8 +1673,9 @@ void cmd_asup(char *cmdbuf) } if (deleted) { - sprintf(notify, "User \"%s\" has been deleted by %s.\n", - usbuf.fullname, CC->user.fullname); + snprintf(notify, SIZ, + "User \"%s\" has been deleted by %s.\n", + usbuf.fullname, CC->user.fullname); aide_message(notify, "User Deletion Message"); } @@ -1607,40 +1726,40 @@ int NewMailCount() */ int InitialMailCheck() { - int num_newmsgs = 0; - int a; - char mailboxname[ROOMNAMELEN]; - struct ctdlroom mailbox; - struct visit vbuf; - struct cdbdata *cdbfr; - long *msglist = NULL; - int num_msgs = 0; - - MailboxName(mailboxname, sizeof mailboxname, &CC->user, MAILROOM); - if (getroom(&mailbox, mailboxname) != 0) - return (0); - CtdlGetRelationship(&vbuf, &CC->user, &mailbox); - - cdbfr = cdb_fetch(CDB_MSGLISTS, &mailbox.QRnumber, sizeof(long)); - - if (cdbfr != NULL) { - msglist = malloc(cdbfr->len); - memcpy(msglist, cdbfr->ptr, cdbfr->len); - num_msgs = cdbfr->len / sizeof(long); - cdb_free(cdbfr); - } - if (num_msgs > 0) - for (a = 0; a < num_msgs; ++a) { - if (msglist[a] > 0L) { - if (msglist[a] > vbuf.v_lastseen) { - ++num_newmsgs; - } - } - } - if (msglist != NULL) - free(msglist); - - return (num_newmsgs); + int num_newmsgs = 0; + int a; + char mailboxname[ROOMNAMELEN]; + struct ctdlroom mailbox; + struct visit vbuf; + struct cdbdata *cdbfr; + long *msglist = NULL; + int num_msgs = 0; + + MailboxName(mailboxname, sizeof mailboxname, &CC->user, MAILROOM); + if (getroom(&mailbox, mailboxname) != 0) + return (0); + CtdlGetRelationship(&vbuf, &CC->user, &mailbox); + + cdbfr = cdb_fetch(CDB_MSGLISTS, &mailbox.QRnumber, sizeof(long)); + + if (cdbfr != NULL) { + msglist = malloc(cdbfr->len); + memcpy(msglist, cdbfr->ptr, cdbfr->len); + num_msgs = cdbfr->len / sizeof(long); + cdb_free(cdbfr); + } + if (num_msgs > 0) + for (a = 0; a < num_msgs; ++a) { + if (msglist[a] > 0L) { + if (msglist[a] > vbuf.v_lastseen) { + ++num_newmsgs; + } + } + } + if (msglist != NULL) + free(msglist); + + return (num_newmsgs); }