-struct euid_callback {
- long msgnum;
- int found_it;
-};
-
-/*
- * callback for cmd_euid
- */
-void euid_is_msg_in_room(long msgnum, void *userdata) {
- struct euid_callback *ec = (struct euid_callback *) userdata;
-
- if (msgnum == ec->msgnum) ec->found_it = 1;
-}
-
-
/*
* Server command to fetch a message number given an euid.
*/
void cmd_euid(char *cmdbuf) {
char euid[256];
long msgnum;
- struct euid_callback ec;
+ struct cdbdata *cdbfr;
+ long *msglist = NULL;
+ int num_msgs = 0;
+ int i;
if (CtdlAccessCheck(ac_logged_in_or_guest)) return;
return;
}
- ec.msgnum = msgnum;
- ec.found_it = 0;
- CtdlForEachMessage(MSGS_ALL, 0L, NULL, NULL, NULL, euid_is_msg_in_room, (void *)&ec);
-
- if (ec.found_it) {
- cprintf("%d %ld\n", CIT_OK, msgnum);
- return;
+ cdbfr = cdb_fetch(CDB_MSGLISTS, &CC->room.QRnumber, sizeof(long));
+ if (cdbfr != NULL) {
+ num_msgs = cdbfr->len / sizeof(long);
+ msglist = (long *) cdbfr->ptr;
+ for (i = 0; i < num_msgs; ++i) {
+ if (msglist[i] == msgnum) {
+ cdb_free(cdbfr);
+ cprintf("%d %ld\n", CIT_OK, msgnum);
+ return;
+ }
+ }
+ cdb_free(cdbfr);
}
+
cprintf("%d not found\n", ERROR + MESSAGE_NOT_FOUND);
}
CTDL_MODULE_INIT(euidindex)
{
if (!threading) {
- CtdlRegisterProtoHook(cmd_euid, "EUID", "Fetch the msgnum associated with an EUID");
+ CtdlRegisterProtoHook(cmd_euid, "EUID", "Perform operations on Extended IDs for messages");
}
/* return our Subversion id for the Log */
return "euidindex";
cdb_free(cdbfr); /* we own this memory now */
/*
+<<<<<<< HEAD
+=======
+ * We cache the most recent msglist in order to do security checks later
+ */
+ if (CC->client_socket > 0) {
+ if (CC->cached_msglist != NULL) {
+ free(CC->cached_msglist);
+ }
+
+ CC->cached_msglist = msglist;
+ CC->cached_num_msgs = num_msgs;
+ syslog(LOG_DEBUG, "\033[34m RELOAD \033[0m\n");
+ }
+
+ /*
+>>>>>>> parent of 4ec6a9d... Updating cmd_euid() to use the CtdlForEachMessage() API fixes the security check in blog view and saves some code
* Now begin the traversal.
*/
if (num_msgs > 0) for (a = 0; a < num_msgs; ++a) {
if (CC->client_socket <= 0) return om_ok; /* not a client session */
if (CC->cached_msglist == NULL) return om_access_denied; /* no msglist fetched */
+<<<<<<< HEAD
if (seenit_isthere(CC->cached_msglist, msgnum)) {
return om_ok;
+=======
+ /* Do a binary search within the cached_msglist for the requested msgnum */
+ int min = 0;
+ int max = (CC->cached_num_msgs - 1);
+
+ while (max >= min) {
+ syslog(LOG_DEBUG, "\033[35m Checking from %d to %d \033[0m\n", min, max);
+ int middle = min + (max-min) / 2 ;
+ if (msgnum == CC->cached_msglist[middle]) {
+ return om_ok;
+ }
+ if (msgnum > CC->cached_msglist[middle]) {
+ min = middle + 1;
+ }
+ else {
+ max = middle - 1;
+ }
+>>>>>>> parent of 4ec6a9d... Updating cmd_euid() to use the CtdlForEachMessage() API fixes the security check in blog view and saves some code
}
return om_access_denied;
}
r = check_cached_msglist(msg_num);
+<<<<<<< HEAD
if (r != om_ok) {
syslog(LOG_DEBUG, "Denying access to message %ld - not yet listed\n", msg_num);
if (do_proto) {
}
return(r);
}
+=======
+ if (r == om_ok) {
+ syslog(LOG_DEBUG, "\033[32m PASS \033[0m\n");
+ }
+ else {
+ syslog(LOG_DEBUG, "\033[31m FAIL \033[0m\n");
+>>>>>>> parent of 4ec6a9d... Updating cmd_euid() to use the CtdlForEachMessage() API fixes the security check in blog view and saves some code
}
+ /* FIXME after testing, this is where we deny access */
/*
* Fetch the message from disk. If we're in HEADERS_FAST mode,