projects / citadel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ab3adea)
Fixed security problem relating to private rooms
authorArt Cancro <ajc@citadel.org>
Fri, 1 Jan 1999 06:02:21 +0000 (06:02 +0000)
committerArt Cancro <ajc@citadel.org>
Fri, 1 Jan 1999 06:02:21 +0000 (06:02 +0000)
citadel/ChangeLog patch | blob | history
citadel/room_ops.c patch | blob | history
citadel/user_ops.c patch | blob | history

diff --git a/citadel/ChangeLog b/citadel/ChangeLog
index 564e01f58823e1b81f19c9e0c0955b5540548cc6..5485c094061c51c60a4ed652b9dfc9a173393318 100644 (file)
--- a/citadel/ChangeLog
+++ b/citadel/ChangeLog
@@ -1,3 +1,6 @@
+Fri Jan  1 01:01:45 EST 1999 Art Cancro <ajc@uncnsrd.mt-kisco.ny.us>
+       * Fixed security problem relating to private rooms
+
 Wed Dec 30 20:10:52 EST 1998 Art Cancro <ajc@uncnsrd.mt-kisco.ny.us>
        * sysdep.c: put a bigger string buffer into lprintf() to avoid overruns
 
diff --git a/citadel/room_ops.c b/citadel/room_ops.c
index f1bf82cb81d1799db551eeb8308d104ed8bebe96..2bdd6ed30eb483719b12cadd31a2f925f1d61397 100644 (file)
--- a/citadel/room_ops.c
+++ b/citadel/room_ops.c
@@ -794,6 +794,12 @@ void cmd_goto(char *gargs)
                                                ERROR+PASSWORD_REQUIRED);
                                        return;
                                        }
+                       else if ( (QRscratch.QRflags&QR_PRIVATE) &&
+                                 ((QRscratch.QRflags&QR_PASSWORDED)==0) &&
+                                 ((QRscratch.QRflags&QR_GUESSNAME)==0) &&
+                                 ((ra & UA_KNOWN) == 0) ) {
+                                       goto NOPE;
+                               }
                        else {
                                usergoto(towhere, 1);
                                return;
@@ -801,7 +807,7 @@ void cmd_goto(char *gargs)
                        }
                }
 
-       cprintf("%d room '%s' not found\n",ERROR+ROOM_NOT_FOUND,towhere);
+NOPE:  cprintf("%d room '%s' not found\n",ERROR+ROOM_NOT_FOUND,towhere);
        }
 
 
diff --git a/citadel/user_ops.c b/citadel/user_ops.c
index fb3913dcec821efc1dd8e7a7ada398345772fcb6..c5cc377e25b1b12152ce5a35a4bcb8dd2954b53d 100644 (file)
--- a/citadel/user_ops.c
+++ b/citadel/user_ops.c
@@ -776,6 +776,7 @@ void cmd_forg(void) {
        CtdlGetRelationship(&vbuf, &CC->usersupp, &CC->quickroom);
 
        vbuf.v_flags = vbuf.v_flags | V_FORGET;
+       vbuf.v_flags = vbuf.v_flags & ~V_ACCESS;
 
        CtdlSetRelationship(&vbuf, &CC->usersupp, &CC->quickroom);
        lputuser(&CC->usersupp,CC->curr_user);
Citadel server, clients, utilities