The asyncronous messages sent when a new text is created could

previously contain information about secret conferences. This has now
been fixed.

src/server/ChangeLog

+Mon Dec 16 15:32:57 1991  Per Cederqvist  (ceder at ruben)
+
+	* All the changes below fixes one single bug. When a text is
+	  created that has both a secret and a public conference as
+	  recipient the asynchronous messages that were sent out did not
+	  filter away the secret conference. This has how been fixed.
+
+	* conference.c (lookup_name): Use the new fast_access_perm().
+
+	* membership.c manipulate.h (fast_access_perm): New arguments:
+	  viewer and viewer_p.
+
+	* membership.c (copy_public_confs): Use the new fast_access_perm().
+
+	* send-async.c, text.c (is_member_in_recpt): Moved from
+	  send-async.c to text.c.
+
+	* send-async.h, send-async.c (async_new_text): Sends to a
+	  specified connection.
+
+	* text.c (create_text, create_anonymous_text): Use
+	  send_async_new_text.
+
+	* text.c (send_async_new_text): New function.
+
+	* text.c (get_text_stat): Use filter_secret_info.
+
+	* text.c (filter_secret_info): New function that given a text-stat
+	  and a person number yields a new text-stat that only contains
+	  tha recipients that the viewer is allowed to know about.
+
 Mon Nov 11 01:08:09 1991  Per Cederqvist  (ceder at ruben)
 
 	* fncdef.txt, prot-a.c, text.c: Added create_anonymous_text.

src/server/conference.c

 /*
- * $Id: conference.c,v 0.13 1991/10/16 17:23:24 ceder Exp $
+ * $Id: conference.c,v 0.14 1991/12/16 16:44:03 ceder Exp $
  * Copyright (C) 1991  Lysator Academic Computer Association.
  *
  * This file is part of the LysKOM server.
@@ -28,7 +28,7 @@
  * All atomic calls that deals with conferences.
  */
 
-static char *rcsid = "$Id: conference.c,v 0.13 1991/10/16 17:23:24 ceder Exp $";
+static char *rcsid = "$Id: conference.c,v 0.14 1991/12/16 16:44:03 ceder Exp $";
 
 
 #include <time.h>
@@ -499,7 +499,7 @@ lookup_name (const String    name,
 
     for ( i = result->no_of_conf_nos; i > 0; i-- )
     {
-	if ( fast_access_perm( *no ) <= none )
+	if ( fast_access_perm (*no, ACTPERS, ACT_P) <= none )
 	    --result->no_of_conf_nos;
 	else
 	{

src/server/manipulate.h

 /*
- * $Id: manipulate.h,v 0.3 1991/09/15 10:31:20 linus Exp $
+ * $Id: manipulate.h,v 0.4 1991/12/16 16:44:00 ceder Exp $
  * Copyright (C) 1991  Lysator Academic Computer Association.
  *
  * This file is part of the LysKOM server.
@@ -23,7 +23,7 @@
  * Please mail bug reports to bug-lyskom@lysator.liu.se. 
  */
 /*
- * $Id: manipulate.h,v 0.3 1991/09/15 10:31:20 linus Exp $
+ * $Id: manipulate.h,v 0.4 1991/12/16 16:44:00 ceder Exp $
  *
  * manipulate.h
  *
@@ -392,7 +392,9 @@ access_perm(Conf_no 	  victim,
  *	error:	   see kom_errno
  */
 Access
-fast_access_perm(Conf_no victim);
+fast_access_perm(Conf_no  victim,
+		 Pers_no  viewer,
+		 Person  *viewer_p);
 
 
 /*

src/server/membership.c

 /*
- * $Id: membership.c,v 0.6 1991/09/21 13:07:01 ceder Exp $
+ * $Id: membership.c,v 0.7 1991/12/16 16:43:58 ceder Exp $
  * Copyright (C) 1991  Lysator Academic Computer Association.
  *
  * This file is part of the LysKOM server.
@@ -29,7 +29,7 @@
  * (The person/conf relation).
  */
 
-static char *rcsid = "$Id: membership.c,v 0.6 1991/09/21 13:07:01 ceder Exp $";
+static char *rcsid = "$Id: membership.c,v 0.7 1991/12/16 16:43:58 ceder Exp $";
 
 #include <time.h>
 #include <stdlib.h>
@@ -88,7 +88,7 @@ copy_public_confs (Person   * censor_p,	/* The censored Person-struct */
 
     for ( i = 0; i < orig_p->conferences.no_of_confs; i++, orig_m++ )
     {
-	if ( fast_access_perm( orig_m->conf_no ) > none )
+	if ( fast_access_perm (orig_m->conf_no, ACTPERS, ACT_P) > none )
 	{
 	    *censor_m = *orig_m;
 
@@ -634,20 +634,31 @@ access_perm(Conf_no 	  victim,
 /*
  * Fast version of access_perm. See comment in file server/manipulate.h
  * where Access is defined.
+ *
+ * Check if viewer is allowed to look at victiom. viewer_p, if
+ * supplied, should be a pointer to the pers-stat of viewer.
  */
 Access
-fast_access_perm(Conf_no victim)
+fast_access_perm(Conf_no  victim,
+		 Pers_no  viewer,
+		 Person  *viewer_p) /* May be NULL. */
 {
     Conf_type conf_type;
 
     if ( !cached_conf_exists(victim) )
 	return error;
 
-    if ( ACTPERS != 0 && (ENA(admin, 2) || ENA(wheel,8) || ACTPERS == victim) )
+    if ( viewer != 0 && (ENA(admin, 2) || ENA(wheel,8) || viewer == victim) )
     	return unlimited;
 
-    if ( ACTPERS != 0 && locate_membership( victim, ACT_P ) != NULL )
-    	return member;
+    if ( viewer != 0 )
+    {
+	if ( viewer_p == NULL )
+	    GET_P_STAT(viewer_p, viewer, error);
+
+	if ( locate_membership( victim, viewer_p ) != NULL )
+	    return member;
+    }
 
     if ( (conf_type=cached_get_conf_type( victim )).secret )
 	return access_perm(victim, NULL); /* Only read in conference struct

src/server/send-async.c

 /*
- * $Id: send-async.c,v 0.3 1991/09/15 10:29:22 linus Exp $
+ * $Id: send-async.c,v 0.4 1991/12/16 16:43:56 ceder Exp $
  * Copyright (C) 1991  Lysator Academic Computer Association.
  *
  * This file is part of the LysKOM server.
@@ -28,7 +28,7 @@
  * Written by Per Cederqvist 1990-07-22--23
  */
 
-static char *rcsid = "$Id: send-async.c,v 0.3 1991/09/15 10:29:22 linus Exp $";
+static char *rcsid = "$Id: send-async.c,v 0.4 1991/12/16 16:43:56 ceder Exp $";
 
 
 #include <stdio.h>
@@ -49,87 +49,24 @@ static char *rcsid = "$Id: send-async.c,v 0.3 1991/09/15 10:29:22 linus Exp $";
 extern Bool		  send_async_messages;
 
 
-/*
- * Check if person is a member in any of the recipients or cc_recipients
- * of text_s
- */
-static  Bool
-is_member_in_recpt(Person    * person,
-		   Text_stat * text_s)
-{
-    int i;
-
-    for ( i = 0; i < text_s->no_of_misc; i++ )
-    {
-	switch(text_s->misc_items[ i ].type)
-	{
-	case recpt:
-	    if ( locate_membership(text_s->misc_items[ i ].datum.recipient,
-				   person) != NULL )
-	    {
-		return TRUE;
-	    }
-	    break;
-
-	case cc_recpt:
-	    if ( locate_membership(text_s->misc_items[ i ].datum.cc_recipient,
-				   person) != NULL )
-	    {
-		return TRUE;
-	    }
-	    break;
-
-	case comm_to:
-	case comm_in:
-	case footn_to:
-	case footn_in:
-	case loc_no:
-	case rec_time:
-	case sent_by:
-	case sent_at:
-	    break;
-
-#ifndef COMPILE_CHECKS
-	default:
-	    log(__FILE__ ": is_member_in_recpt(): bad misc_item.\n");
-	    break;
-#endif
-	}
-    }
-
-    return FALSE;
-}
-
 void
-async_new_text(Text_no    text_no, 
-	       Text_stat *text_s)
+async_new_text(struct connection *cptr,
+	       Text_no    	  text_no, 
+	       Text_stat         *text_s)
 {
-    Connection *cptr;
-    Session_no i = 0;
-
     if (!send_async_messages)
 	return;
 
-    while ( (i = traverse_connections(i)) != 0 )
+    switch(cptr->protocol)
     {
-	cptr = get_conn_by_number(i);
-	       
-	if ( cptr->person != NULL
-	    && is_member_in_recpt( cptr->person, text_s ) )
-	{
-	    switch(cptr->protocol)
-	    {
-	    case 0:
-		break;
-	    case 'A':
-		prot_a_async_new_text(cptr, text_no, text_s);
-		break;
-	    default:
-		restart_kom("async_new_text(): bad protocol.\n");
-		break;
-	    }
-	    
-	}
+    case 0:
+	break;
+    case 'A':
+	prot_a_async_new_text(cptr, text_no, text_s);
+	break;
+    default:
+	restart_kom("async_new_text(): bad protocol.\n");
+	break;
     }
 }
 

src/server/send-async.h

 /*
- * $Id: send-async.h,v 0.3 1991/09/15 10:29:19 linus Exp $
+ * $Id: send-async.h,v 0.4 1991/12/16 16:43:54 ceder Exp $
  * Copyright (C) 1991  Lysator Academic Computer Association.
  *
  * This file is part of the LysKOM server.
@@ -23,11 +23,12 @@
  * Please mail bug reports to bug-lyskom@lysator.liu.se. 
  */
 /*
- * $Id: send-async.h,v 0.3 1991/09/15 10:29:19 linus Exp $
+ * $Id: send-async.h,v 0.4 1991/12/16 16:43:54 ceder Exp $
  *
  */
 extern void
-async_new_text(Text_no text_no, 
+async_new_text(Connection *cptr,
+	       Text_no text_no, 
 	       Text_stat *text_s);
 
 extern void

src/server/text.c

 /*
- * $Id: text.c,v 0.10 1991/11/11 00:27:17 ceder Exp $
+ * $Id: text.c,v 0.11 1991/12/16 16:43:51 ceder Exp $
  * Copyright (C) 1991  Lysator Academic Computer Association.
  *
  * This file is part of the LysKOM server.
@@ -28,7 +28,7 @@
  * All atomic calls that deals with texts.
  */
 
-static char *rcsid = "$Id: text.c,v 0.10 1991/11/11 00:27:17 ceder Exp $";
+static char *rcsid = "$Id: text.c,v 0.11 1991/12/16 16:43:51 ceder Exp $";
 
 #include <time.h>
 #include <stdlib.h>
@@ -47,6 +47,7 @@ static char *rcsid = "$Id: text.c,v 0.10 1991/11/11 00:27:17 ceder Exp $";
 #include "connections.h"
 #include "send-async.h"
 #include "admin.h"
+#include "internal-connections.h"
 
 /*
  * Static functions
@@ -1266,49 +1267,96 @@ get_text (Text_no       text_no,
     return OK;
 }
 
+
+
 /*
- * Get text status.
- *
- * If there are recipients of the text that are secret confs
- * those misc-items will be censored.
+ * Check if person is a member in any of the recipients or cc_recipients
+ * of text_s
  */
-extern Success
-get_text_stat (Text_no	  text_no,
-	       Text_stat *result )
+static  Bool
+is_member_in_recpt(Person    *person,
+		   Text_stat *text_s)
 {
-    Text_stat	* text_stat;
-    Misc_info	* orig;
-    Misc_info	* copy;		/* Censored Misc_infos */
+    int i;
 
-    GET_T_STAT(text_stat, text_no, FAILURE);
-    
-    if ( !text_read_access(text_no, text_stat) && !ENA(admin, 2))
+    for ( i = 0; i < text_s->no_of_misc; i++ )
     {
-	kom_errno = KOM_NO_SUCH_TEXT;
-	return FAILURE;
+	switch(text_s->misc_items[ i ].type)
+	{
+	case recpt:
+	    if ( locate_membership(text_s->misc_items[ i ].datum.recipient,
+				   person) != NULL )
+	    {
+		return TRUE;
+	    }
+	    break;
+
+	case cc_recpt:
+	    if ( locate_membership(text_s->misc_items[ i ].datum.cc_recipient,
+				   person) != NULL )
+	    {
+		return TRUE;
+	    }
+	    break;
+
+	case comm_to:
+	case comm_in:
+	case footn_to:
+	case footn_in:
+	case loc_no:
+	case rec_time:
+	case sent_by:
+	case sent_at:
+	    break;
+
+#ifndef COMPILE_CHECKS
+	default:
+	    log(__FILE__ ": is_member_in_recpt(): bad misc_item.\n");
+	    break;
+#endif
+	}
     }
 
-    *result = *text_stat;
-    
-    /* Delete secret confs */
+    return FALSE;
+}
+
+
+/*
+ * Copy the text_stat original into result, but only those part
+ * that viewer is allowed to see. (Censor away information about
+ * conferences that viewer is not allowed to know about).
+ *
+ * All memory is allocated via tmp_alloc().
+ */
+static void
+filter_secret_info(Text_stat *result,
+		   Text_stat *original,
+		   Pers_no    viewer,
+		   Person    *viewer_p)	/* May be NULL. */
+{
+    Misc_info	* orig;
+    Misc_info	* copy;		/* Censored Misc_infos */
 
     /* ^^^ Possible optimisation:
        No need to copy unless there is a secret conf among the recipients. */
 
+    *result = *original;
+
     result->misc_items = tmp_alloc(result->no_of_misc * sizeof ( Misc_info));
     result->no_of_misc = 0;
     copy = result->misc_items;
-    orig = text_stat->misc_items;    
+    orig = original->misc_items;    
     
-    while ( orig < text_stat->misc_items + text_stat->no_of_misc )
+    while ( orig < original->misc_items + original->no_of_misc )
     {
 	switch( orig->type )
 	{
 	case recpt:
-	    if ( fast_access_perm( orig->datum.recipient ) <= none 
+	    if ( (fast_access_perm (orig->datum.recipient, viewer, viewer_p)
+		  <= none )
 		&& !ENA(admin, 4))
 	    {
-		skip_recp ( &orig, text_stat );
+		skip_recp ( &orig, original );
 	    }
 	    else
 	    {
@@ -1318,10 +1366,11 @@ get_text_stat (Text_no	  text_no,
 	    break;
 
 	case cc_recpt:
-	    if ( fast_access_perm( orig->datum.cc_recipient ) <= none
+	    if ( (fast_access_perm (orig->datum.cc_recipient, viewer, viewer_p)
+		  <= none)
 		&& !ENA(admin, 4))
 	    {
-		skip_recp ( &orig, text_stat );
+		skip_recp ( &orig, original );
 	    }
 	    else
 	    {
@@ -1344,10 +1393,33 @@ get_text_stat (Text_no	  text_no,
 
 #ifndef COMPILE_CHECKS
 	default:
-	    restart_kom("get_text_stat() - illegal misc_item!\n");    
+	    restart_kom("filter_secret_info() - illegal misc_item!\n");    
 #endif
 	}
     }
+}
+
+/*
+ * Get text status.
+ *
+ * If there are recipients of the text that are secret confs
+ * those misc-items will be censored.
+ */
+extern Success
+get_text_stat (Text_no	  text_no,
+	       Text_stat *result )
+{
+    Text_stat	* text_stat;
+
+    GET_T_STAT(text_stat, text_no, FAILURE);
+    
+    if ( !text_read_access(text_no, text_stat) && !ENA(admin, 2))
+    {
+	kom_errno = KOM_NO_SUCH_TEXT;
+	return FAILURE;
+    }
+
+    filter_secret_info(result, text_stat, ACTPERS, ACT_P);
     return OK;
 }
 
@@ -1634,6 +1706,39 @@ create_text_add_miscs(Text_no     new_text,
     return OK;
 }
 
+/*
+ * Send an asynchronous message, but filter any secret information.
+ */
+
+static void
+send_async_new_text (Text_no text_no,
+		     Text_stat *text_s)
+{
+    Connection *cptr;
+    Session_no i = 0;
+    Text_stat filtered = EMPTY_TEXT_STAT;
+
+    while ( (i = traverse_connections(i)) != 0 )
+    {
+	cptr = get_conn_by_number(i);
+
+	/*
+	 * filter_secret_info copies the text-stat to filtered, but
+	 * since it is allocated with tmp_alloc we do not need to free
+	 * the memory now.
+	 */
+	filter_secret_info(&filtered, text_s, 
+			   cptr->pers_no, cptr->person);
+
+	if ( cptr->person != NULL
+	    && is_member_in_recpt (cptr->person, &filtered) )
+	{
+	    async_new_text (cptr, text_no, &filtered);
+	}
+    }
+}
+    
+
 /*
  * Create a text.
  *
@@ -1697,10 +1802,10 @@ create_text(String	  message,
     ACT_P->created_lines += t_stat->no_of_lines;
     ACT_P->created_bytes += t_stat->no_of_chars;
 
-    mark_person_as_changed( ACTPERS );
-    mark_text_as_changed( text );
+    mark_person_as_changed (ACTPERS);
+    mark_text_as_changed (text);
 
-    async_new_text( text, t_stat );	/* Send asynchronous message. */
+    send_async_new_text (text, t_stat);     /* Send asynchronous message. */
 
     return text;
 }
@@ -1763,10 +1868,10 @@ create_anonymous_text(String	  message,
 	return 0;
     }
 
-    mark_text_as_changed( text );
+    mark_text_as_changed (text);
     /* Don't add this person to create - we want true anonymity! */
 
-    async_new_text( text, t_stat );	/* Send asynchronous message. */
+    send_async_new_text (text, t_stat);
 
     return text;
 }