Display PASS/FAIL syslog msgs for the new security check.

This determines whether a requested message actually exists in the current room,
preventing unauthorized msgnum sweeps.  We do not actually fail the message yet; I
will add that when the security check yields no false positives.

diff --git a/citadel/citserver.c b/citadel/citserver.c
index 3f9ac42ab5acd01ca8ac6a4b6bb7e726fa760b10..86bd0687c9fe4caea3a9ca93aebccca24d3179d2 100644 (file)
--- a/citadel/citserver.c
+++ b/citadel/citserver.c
@@ -907,6 +907,7 @@ void begin_session(CitContext *con)
        con->download_fp = NULL;
        con->upload_fp = NULL;
        con->cached_msglist = NULL;
+       con->cached_num_msgs = 0;
        con->FirstExpressMessage = NULL;
        time(&con->lastcmd);
        time(&con->lastidle);

diff --git a/citadel/context.h b/citadel/context.h
index 4c7c117a5dee4488b4d089522917ead43f6c495a..224b468f920f208bc2f18ce006db8eb791654f7b 100644 (file)
--- a/citadel/context.h
+++ b/citadel/context.h
@@ -136,6 +136,7 @@ struct CitContext {
        void (*h_greeting_function) (void) ;    /* greeting function for session startup */
 
        long *cached_msglist;                   /* results of the previous CtdlForEachMessage() */
+       int cached_num_msgs;
 };
 
 typedef struct CitContext CitContext;

diff --git a/citadel/msgbase.c b/citadel/msgbase.c
index be46195a4509a7583495ed8e7807d76c131faf2b..9c86ba9ff4bbdbacc48efd9b6c187a283033a8f5 100644 (file)
--- a/citadel/msgbase.c
+++ b/citadel/msgbase.c
@@ -653,6 +653,7 @@ int CtdlForEachMessage(int mode, long ref, char *search_string,
                }
        
                CC->cached_msglist = msglist;
+               CC->cached_num_msgs = num_msgs;
        }
 
        /*
@@ -1545,6 +1546,29 @@ void extract_encapsulated_message(char *name, char *filename, char *partnum, cha
 }
 
 
+/*
+ * Determine whether the specified message exists in the cached_msglist
+ * (This is a security check)
+ */
+int check_cached_msglist(long msgnum) {
+
+       /* cases in which we skip the check */
+       if (!CC) return om_ok;                                          /* not a session */
+       if (CC->client_socket <= 0) return om_ok;                       /* not a client session */
+       if (CC->cached_msglist == NULL) return om_access_denied;        /* no msglist fetched */
+       if (CC->cached_num_msgs == 0) return om_access_denied;          /* nothing to check */
+
+
+       /* FIXME FIXME SLOW SEARCH DO NOT LET THIS GO INTO PRODUCTION */
+       int i;
+       for (i=0; i < CC->cached_num_msgs ; ++i) {
+               if (CC->cached_msglist[i] == msgnum) return om_ok;
+       }
+
+       return om_access_denied;
+}
+
+
 /* 
  * Determine whether the currently logged in session has permission to read
  * messages in the current room.
@@ -1595,6 +1619,15 @@ int CtdlOutputMsg(long msg_num,          /* message number (local) to fetch */
                return(r);
        }
 
+       r = check_cached_msglist(msg_num);
+       if (r == om_ok) {
+               syslog(LOG_DEBUG, "\033[32m PASS \033[0m\n");
+       }
+       else {
+               syslog(LOG_DEBUG, "\033[31m FAIL \033[0m\n");
+       }
+       /* FIXME after testing, this is where we deny access */
+
        /*
         * Fetch the message from disk.  If we're in HEADERS_FAST mode,
         * request that we don't even bother loading the body into memory.

diff --git a/citadel/msgbase.h b/citadel/msgbase.h
index 20c6ee76eacf4f4ad0cfd5428eec00b42340f05f..3171fbd753754612019287b9b690f8911af07c30 100644 (file)
--- a/citadel/msgbase.h
+++ b/citadel/msgbase.h
@@ -28,7 +28,8 @@ enum {
        om_ok,
        om_not_logged_in,
        om_no_such_msg,
-       om_mime_error
+       om_mime_error,
+       om_access_denied
 };
 
 /*