From 4583cc48c475fe3a2a24a72c1c9a54fe5598ca01 Mon Sep 17 00:00:00 2001
From: Art Cancro <ajc@citadel.org>
Date: Wed, 26 Jan 2011 22:59:23 -0500
Subject: [PATCH] Updating cmd_euid() to use the CtdlForEachMessage() API fixes
 the security check in blog view and saves some code

---
 citadel/euidindex.c | 42 ++++++++++++++++++++++++------------------
 citadel/msgbase.c   | 26 ++++++++++++++++++--------
 2 files changed, 42 insertions(+), 26 deletions(-)

diff --git a/citadel/euidindex.c b/citadel/euidindex.c
index 8bad12925..a1d5ec960 100644
--- a/citadel/euidindex.c
+++ b/citadel/euidindex.c
@@ -217,16 +217,28 @@ void rebuild_euid_index(void) {
 
 
 
+struct euid_callback {
+	long msgnum;
+	int found_it;
+};
+
+/*
+ * callback for cmd_euid
+ */
+void euid_is_msg_in_room(long msgnum, void *userdata) {
+	struct euid_callback *ec = (struct euid_callback *) userdata;
+
+	if (msgnum == ec->msgnum) ec->found_it = 1;
+}
+
+
 /*
  * Server command to fetch a message number given an euid.
  */
 void cmd_euid(char *cmdbuf) {
 	char euid[256];
 	long msgnum;
-        struct cdbdata *cdbfr;
-        long *msglist = NULL;
-        int num_msgs = 0;
-	int i;
+	struct euid_callback ec;
 
 	if (CtdlAccessCheck(ac_logged_in_or_guest)) return;
 
@@ -237,27 +249,21 @@ void cmd_euid(char *cmdbuf) {
 		return;
 	}
 
-        cdbfr = cdb_fetch(CDB_MSGLISTS, &CC->room.QRnumber, sizeof(long));
-	if (cdbfr != NULL) {
-                num_msgs = cdbfr->len / sizeof(long);
-                msglist = (long *) cdbfr->ptr;
-                for (i = 0; i < num_msgs; ++i) {
-                        if (msglist[i] == msgnum) {
-				cdb_free(cdbfr);
-				cprintf("%d %ld\n", CIT_OK, msgnum);
-				return;
-			}
-		}
-                cdb_free(cdbfr);
-	}
+	ec.msgnum = msgnum;
+	ec.found_it = 0;
+	CtdlForEachMessage(MSGS_ALL, 0L, NULL, NULL, NULL, euid_is_msg_in_room, (void *)&ec);
 
+	if (ec.found_it) {
+		cprintf("%d %ld\n", CIT_OK, msgnum);
+		return;
+	}
 	cprintf("%d not found\n", ERROR + MESSAGE_NOT_FOUND);
 }
 
 CTDL_MODULE_INIT(euidindex)
 {
 	if (!threading) {
-		CtdlRegisterProtoHook(cmd_euid, "EUID", "Perform operations on Extended IDs for messages");
+		CtdlRegisterProtoHook(cmd_euid, "EUID", "Fetch the msgnum associated with an EUID");
 	}
 	/* return our Subversion id for the Log */
 	return "euidindex";
diff --git a/citadel/msgbase.c b/citadel/msgbase.c
index 3a12fcc03..7f337d3ab 100644
--- a/citadel/msgbase.c
+++ b/citadel/msgbase.c
@@ -654,7 +654,6 @@ int CtdlForEachMessage(int mode, long ref, char *search_string,
 	
 		CC->cached_msglist = msglist;
 		CC->cached_num_msgs = num_msgs;
-		syslog(LOG_DEBUG, "\033[34m RELOAD \033[0m\n");
 	}
 
 	/*
@@ -1565,7 +1564,6 @@ int check_cached_msglist(long msgnum) {
 	int max = (CC->cached_num_msgs - 1);
 
 	while (max >= min) {
-		syslog(LOG_DEBUG, "\033[35m Checking from %d to %d \033[0m\n", min, max);
 		int middle = min + (max-min) / 2 ;
 		if (msgnum == CC->cached_msglist[middle]) {
 			return om_ok;
@@ -1633,13 +1631,25 @@ int CtdlOutputMsg(long msg_num,		/* message number (local) to fetch */
 	}
 
 	r = check_cached_msglist(msg_num);
-	if (r == om_ok) {
-		syslog(LOG_DEBUG, "\033[32m PASS \033[0m\n");
-	}
-	else {
-		syslog(LOG_DEBUG, "\033[31m FAIL \033[0m\n");
+	if (r != om_ok) {
+		syslog(LOG_DEBUG, "\033[31m SECURITY CHECK FAIL \033[0m\n");
+/*
+ * FIXME enable this section when the security check yields no false positives
+ *
+		if (do_proto) {
+			if (r == om_access_denied) {
+				cprintf("%d Message %ld was not found in this room.\n",
+					ERROR + MESSAGE_NOT_FOUND,
+					msg_num
+				);
+			}
+			else {
+				cprintf("%d An unknown error has occurred.\n", ERROR);
+			}
+		return(r);
+		}
+*/
 	}
-	/* FIXME after testing, this is where we deny access */
 
 	/*
 	 * Fetch the message from disk.  If we're in HEADERS_FAST mode,
-- 
2.30.2