From: Art Cancro Date: Fri, 28 Jan 2011 16:53:47 +0000 (-0500) Subject: Revert "Updating cmd_euid() to use the CtdlForEachMessage() API fixes the security... X-Git-Tag: v8.11~872 X-Git-Url: https://code.citadel.org/?p=citadel.git;a=commitdiff_plain;h=4b8c94f25a5fc8892bf7d512554513b8d1e52fd7 Revert "Updating cmd_euid() to use the CtdlForEachMessage() API fixes the security check in blog view and saves some code" This reverts commit 4ec6a9dae3de0cf26e3c52d1ba65a1f57038b7a7. --- diff --git a/citadel/euidindex.c b/citadel/euidindex.c index a1d5ec960..8bad12925 100644 --- a/citadel/euidindex.c +++ b/citadel/euidindex.c @@ -217,28 +217,16 @@ void rebuild_euid_index(void) { -struct euid_callback { - long msgnum; - int found_it; -}; - -/* - * callback for cmd_euid - */ -void euid_is_msg_in_room(long msgnum, void *userdata) { - struct euid_callback *ec = (struct euid_callback *) userdata; - - if (msgnum == ec->msgnum) ec->found_it = 1; -} - - /* * Server command to fetch a message number given an euid. */ void cmd_euid(char *cmdbuf) { char euid[256]; long msgnum; - struct euid_callback ec; + struct cdbdata *cdbfr; + long *msglist = NULL; + int num_msgs = 0; + int i; if (CtdlAccessCheck(ac_logged_in_or_guest)) return; @@ -249,21 +237,27 @@ void cmd_euid(char *cmdbuf) { return; } - ec.msgnum = msgnum; - ec.found_it = 0; - CtdlForEachMessage(MSGS_ALL, 0L, NULL, NULL, NULL, euid_is_msg_in_room, (void *)&ec); - - if (ec.found_it) { - cprintf("%d %ld\n", CIT_OK, msgnum); - return; + cdbfr = cdb_fetch(CDB_MSGLISTS, &CC->room.QRnumber, sizeof(long)); + if (cdbfr != NULL) { + num_msgs = cdbfr->len / sizeof(long); + msglist = (long *) cdbfr->ptr; + for (i = 0; i < num_msgs; ++i) { + if (msglist[i] == msgnum) { + cdb_free(cdbfr); + cprintf("%d %ld\n", CIT_OK, msgnum); + return; + } + } + cdb_free(cdbfr); } + cprintf("%d not found\n", ERROR + MESSAGE_NOT_FOUND); } CTDL_MODULE_INIT(euidindex) { if (!threading) { - CtdlRegisterProtoHook(cmd_euid, "EUID", "Fetch the msgnum associated with an EUID"); + CtdlRegisterProtoHook(cmd_euid, "EUID", "Perform operations on Extended IDs for messages"); } /* return our Subversion id for the Log */ return "euidindex"; diff --git a/citadel/msgbase.c b/citadel/msgbase.c index 7f337d3ab..3a12fcc03 100644 --- a/citadel/msgbase.c +++ b/citadel/msgbase.c @@ -654,6 +654,7 @@ int CtdlForEachMessage(int mode, long ref, char *search_string, CC->cached_msglist = msglist; CC->cached_num_msgs = num_msgs; + syslog(LOG_DEBUG, "\033[34m RELOAD \033[0m\n"); } /* @@ -1564,6 +1565,7 @@ int check_cached_msglist(long msgnum) { int max = (CC->cached_num_msgs - 1); while (max >= min) { + syslog(LOG_DEBUG, "\033[35m Checking from %d to %d \033[0m\n", min, max); int middle = min + (max-min) / 2 ; if (msgnum == CC->cached_msglist[middle]) { return om_ok; @@ -1631,25 +1633,13 @@ int CtdlOutputMsg(long msg_num, /* message number (local) to fetch */ } r = check_cached_msglist(msg_num); - if (r != om_ok) { - syslog(LOG_DEBUG, "\033[31m SECURITY CHECK FAIL \033[0m\n"); -/* - * FIXME enable this section when the security check yields no false positives - * - if (do_proto) { - if (r == om_access_denied) { - cprintf("%d Message %ld was not found in this room.\n", - ERROR + MESSAGE_NOT_FOUND, - msg_num - ); - } - else { - cprintf("%d An unknown error has occurred.\n", ERROR); - } - return(r); - } -*/ + if (r == om_ok) { + syslog(LOG_DEBUG, "\033[32m PASS \033[0m\n"); + } + else { + syslog(LOG_DEBUG, "\033[31m FAIL \033[0m\n"); } + /* FIXME after testing, this is where we deny access */ /* * Fetch the message from disk. If we're in HEADERS_FAST mode,