Display PASS/FAIL syslog msgs for the new security check.

This determines whether a requested message actually exists in the current room,
preventing unauthorized msgnum sweeps.  We do not actually fail the message yet; I
will add that when the security check yields no false positives.

diff --git a/citadel/citserver.c b/citadel/citserver.c
index d2dee4a04ebf1973d7c8f3923c3bcd0d23cab8c8..2a7e335a54687eb928ac7dfb2724dd81fe0e3963 100644 (file)
--- a/citadel/citserver.c
+++ b/citadel/citserver.c
@@ -881,6 +881,7 @@ void begin_session(CitContext *con)
        con->download_fp = NULL;
        con->upload_fp = NULL;
        con->cached_msglist = NULL;
+       con->cached_num_msgs = 0;
        con->FirstExpressMessage = NULL;
        time(&con->lastcmd);
        time(&con->lastidle);

diff --git a/citadel/context.h b/citadel/context.h
index c29e582002ca92efb6b64f326f0d409ad20e808f..005ac358519a8d875660a935aac10469cbc1c3d5 100644 (file)
--- a/citadel/context.h
+++ b/citadel/context.h
@@ -115,6 +115,7 @@ struct CitContext {
        void (*h_greeting_function) (void) ;    /* greeting function for session startup */
 
        long *cached_msglist;                   /* results of the previous CtdlForEachMessage() */
+       int cached_num_msgs;
 };
 
 typedef struct CitContext CitContext;

diff --git a/citadel/msgbase.c b/citadel/msgbase.c
index 608d2a114820b96c610b5599d5b818f89216b2a0..876b4e57bb660ce8c88ec528ec74906b7776236e 100644 (file)
--- a/citadel/msgbase.c
+++ b/citadel/msgbase.c
@@ -653,6 +653,7 @@ int CtdlForEachMessage(int mode, long ref, char *search_string,
                }
        
                CC->cached_msglist = msglist;
+               CC->cached_num_msgs = num_msgs;
        }
 
        /*
@@ -1513,6 +1514,29 @@ void extract_encapsulated_message(char *name, char *filename, char *partnum, cha
 }
 
 
+/*
+ * Determine whether the specified message exists in the cached_msglist
+ * (This is a security check)
+ */
+int check_cached_msglist(long msgnum) {
+
+       /* cases in which we skip the check */
+       if (!CC) return om_ok;                                          /* not a session */
+       if (CC->client_socket <= 0) return om_ok;                       /* not a client session */
+       if (CC->cached_msglist == NULL) return om_access_denied;        /* no msglist fetched */
+       if (CC->cached_num_msgs == 0) return om_access_denied;          /* nothing to check */
+
+
+       /* FIXME FIXME SLOW SEARCH DO NOT LET THIS GO INTO PRODUCTION */
+       int i;
+       for (i=0; i < CC->cached_num_msgs ; ++i) {
+               if (CC->cached_msglist[i] == msgnum) return om_ok;
+       }
+
+       return om_access_denied;
+}
+
+
 /* 
  * Determine whether the currently logged in session has permission to read
  * messages in the current room.
@@ -1563,6 +1587,15 @@ int CtdlOutputMsg(long msg_num,          /* message number (local) to fetch */
                return(r);
        }
 
+       r = check_cached_msglist(msg_num);
+       if (r == om_ok) {
+               syslog(LOG_DEBUG, "\033[32m PASS \033[0m\n");
+       }
+       else {
+               syslog(LOG_DEBUG, "\033[31m FAIL \033[0m\n");
+       }
+       /* FIXME after testing, this is where we deny access */
+
        /*
         * Fetch the message from disk.  If we're in HEADERS_FAST mode,
         * request that we don't even bother loading the body into memory.

diff --git a/citadel/msgbase.h b/citadel/msgbase.h
index b2a8bccbdc721594f5c20a5f2b9f858b8b2ea09a..f28a2397a4a611212a984da3d1740f8cdf614d2d 100644 (file)
--- a/citadel/msgbase.h
+++ b/citadel/msgbase.h
@@ -28,7 +28,8 @@ enum {
        om_ok,
        om_not_logged_in,
        om_no_such_msg,
-       om_mime_error
+       om_mime_error,
+       om_access_denied
 };
 
 /*