From 064d34f72d3faff6967bb2aa0b0e7e664512761a Mon Sep 17 00:00:00 2001
From: Art Cancro <ajc@citadel.org>
Date: Wed, 26 Jan 2011 21:36:19 -0500
Subject: [PATCH] Display PASS/FAIL syslog msgs for the new security check.
 This determines whether a requested message actually exists in the current
 room, preventing unauthorized msgnum sweeps.  We do not actually fail the
 message yet; I will add that when the security check yields no false
 positives.

---
 citadel/citserver.c |  1 +
 citadel/context.h   |  1 +
 citadel/msgbase.c   | 33 +++++++++++++++++++++++++++++++++
 citadel/msgbase.h   |  3 ++-
 4 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/citadel/citserver.c b/citadel/citserver.c
index 3f9ac42ab..86bd0687c 100644
--- a/citadel/citserver.c
+++ b/citadel/citserver.c
@@ -907,6 +907,7 @@ void begin_session(CitContext *con)
 	con->download_fp = NULL;
 	con->upload_fp = NULL;
 	con->cached_msglist = NULL;
+	con->cached_num_msgs = 0;
 	con->FirstExpressMessage = NULL;
 	time(&con->lastcmd);
 	time(&con->lastidle);
diff --git a/citadel/context.h b/citadel/context.h
index 4c7c117a5..224b468f9 100644
--- a/citadel/context.h
+++ b/citadel/context.h
@@ -136,6 +136,7 @@ struct CitContext {
 	void (*h_greeting_function) (void) ;	/* greeting function for session startup */
 
 	long *cached_msglist;			/* results of the previous CtdlForEachMessage() */
+	int cached_num_msgs;
 };
 
 typedef struct CitContext CitContext;
diff --git a/citadel/msgbase.c b/citadel/msgbase.c
index be46195a4..9c86ba9ff 100644
--- a/citadel/msgbase.c
+++ b/citadel/msgbase.c
@@ -653,6 +653,7 @@ int CtdlForEachMessage(int mode, long ref, char *search_string,
 		}
 	
 		CC->cached_msglist = msglist;
+		CC->cached_num_msgs = num_msgs;
 	}
 
 	/*
@@ -1545,6 +1546,29 @@ void extract_encapsulated_message(char *name, char *filename, char *partnum, cha
 }
 
 
+/*
+ * Determine whether the specified message exists in the cached_msglist
+ * (This is a security check)
+ */
+int check_cached_msglist(long msgnum) {
+
+	/* cases in which we skip the check */
+	if (!CC) return om_ok;						/* not a session */
+	if (CC->client_socket <= 0) return om_ok;			/* not a client session */
+	if (CC->cached_msglist == NULL) return om_access_denied;	/* no msglist fetched */
+	if (CC->cached_num_msgs == 0) return om_access_denied;		/* nothing to check */
+
+
+	/* FIXME FIXME SLOW SEARCH DO NOT LET THIS GO INTO PRODUCTION */
+	int i;
+	for (i=0; i < CC->cached_num_msgs ; ++i) {
+		if (CC->cached_msglist[i] == msgnum) return om_ok;
+	}
+
+	return om_access_denied;
+}
+
+
 /* 
  * Determine whether the currently logged in session has permission to read
  * messages in the current room.
@@ -1595,6 +1619,15 @@ int CtdlOutputMsg(long msg_num,		/* message number (local) to fetch */
 		return(r);
 	}
 
+	r = check_cached_msglist(msg_num);
+	if (r == om_ok) {
+		syslog(LOG_DEBUG, "\033[32m PASS \033[0m\n");
+	}
+	else {
+		syslog(LOG_DEBUG, "\033[31m FAIL \033[0m\n");
+	}
+	/* FIXME after testing, this is where we deny access */
+
 	/*
 	 * Fetch the message from disk.  If we're in HEADERS_FAST mode,
 	 * request that we don't even bother loading the body into memory.
diff --git a/citadel/msgbase.h b/citadel/msgbase.h
index 20c6ee76e..3171fbd75 100644
--- a/citadel/msgbase.h
+++ b/citadel/msgbase.h
@@ -28,7 +28,8 @@ enum {
 	om_ok,
 	om_not_logged_in,
 	om_no_such_msg,
-	om_mime_error
+	om_mime_error,
+	om_access_denied
 };
 
 /*
-- 
2.30.2