Commit 11223e22 authored by Per Cederqvist's avatar Per Cederqvist
Browse files

The asyncronous messages sent when a new text is created could

previously contain information about secret conferences. This has now
been fixed.
parent d21bfca5
Mon Dec 16 15:32:57 1991 Per Cederqvist (ceder at ruben)
* All the changes below fixes one single bug. When a text is
created that has both a secret and a public conference as
recipient the asynchronous messages that were sent out did not
filter away the secret conference. This has how been fixed.
* conference.c (lookup_name): Use the new fast_access_perm().
* membership.c manipulate.h (fast_access_perm): New arguments:
viewer and viewer_p.
* membership.c (copy_public_confs): Use the new fast_access_perm().
* send-async.c, text.c (is_member_in_recpt): Moved from
send-async.c to text.c.
* send-async.h, send-async.c (async_new_text): Sends to a
specified connection.
* text.c (create_text, create_anonymous_text): Use
send_async_new_text.
* text.c (send_async_new_text): New function.
* text.c (get_text_stat): Use filter_secret_info.
* text.c (filter_secret_info): New function that given a text-stat
and a person number yields a new text-stat that only contains
tha recipients that the viewer is allowed to know about.
Mon Nov 11 01:08:09 1991 Per Cederqvist (ceder at ruben)
* fncdef.txt, prot-a.c, text.c: Added create_anonymous_text.
......
/*
* $Id: conference.c,v 0.13 1991/10/16 17:23:24 ceder Exp $
* $Id: conference.c,v 0.14 1991/12/16 16:44:03 ceder Exp $
* Copyright (C) 1991 Lysator Academic Computer Association.
*
* This file is part of the LysKOM server.
......@@ -28,7 +28,7 @@
* All atomic calls that deals with conferences.
*/
static char *rcsid = "$Id: conference.c,v 0.13 1991/10/16 17:23:24 ceder Exp $";
static char *rcsid = "$Id: conference.c,v 0.14 1991/12/16 16:44:03 ceder Exp $";
#include <time.h>
......@@ -499,7 +499,7 @@ lookup_name (const String name,
for ( i = result->no_of_conf_nos; i > 0; i-- )
{
if ( fast_access_perm( *no ) <= none )
if ( fast_access_perm (*no, ACTPERS, ACT_P) <= none )
--result->no_of_conf_nos;
else
{
......
/*
* $Id: manipulate.h,v 0.3 1991/09/15 10:31:20 linus Exp $
* $Id: manipulate.h,v 0.4 1991/12/16 16:44:00 ceder Exp $
* Copyright (C) 1991 Lysator Academic Computer Association.
*
* This file is part of the LysKOM server.
......@@ -23,7 +23,7 @@
* Please mail bug reports to bug-lyskom@lysator.liu.se.
*/
/*
* $Id: manipulate.h,v 0.3 1991/09/15 10:31:20 linus Exp $
* $Id: manipulate.h,v 0.4 1991/12/16 16:44:00 ceder Exp $
*
* manipulate.h
*
......@@ -392,7 +392,9 @@ access_perm(Conf_no victim,
* error: see kom_errno
*/
Access
fast_access_perm(Conf_no victim);
fast_access_perm(Conf_no victim,
Pers_no viewer,
Person *viewer_p);
/*
......
/*
* $Id: membership.c,v 0.6 1991/09/21 13:07:01 ceder Exp $
* $Id: membership.c,v 0.7 1991/12/16 16:43:58 ceder Exp $
* Copyright (C) 1991 Lysator Academic Computer Association.
*
* This file is part of the LysKOM server.
......@@ -29,7 +29,7 @@
* (The person/conf relation).
*/
static char *rcsid = "$Id: membership.c,v 0.6 1991/09/21 13:07:01 ceder Exp $";
static char *rcsid = "$Id: membership.c,v 0.7 1991/12/16 16:43:58 ceder Exp $";
#include <time.h>
#include <stdlib.h>
......@@ -88,7 +88,7 @@ copy_public_confs (Person * censor_p, /* The censored Person-struct */
for ( i = 0; i < orig_p->conferences.no_of_confs; i++, orig_m++ )
{
if ( fast_access_perm( orig_m->conf_no ) > none )
if ( fast_access_perm (orig_m->conf_no, ACTPERS, ACT_P) > none )
{
*censor_m = *orig_m;
......@@ -634,20 +634,31 @@ access_perm(Conf_no victim,
/*
* Fast version of access_perm. See comment in file server/manipulate.h
* where Access is defined.
*
* Check if viewer is allowed to look at victiom. viewer_p, if
* supplied, should be a pointer to the pers-stat of viewer.
*/
Access
fast_access_perm(Conf_no victim)
fast_access_perm(Conf_no victim,
Pers_no viewer,
Person *viewer_p) /* May be NULL. */
{
Conf_type conf_type;
if ( !cached_conf_exists(victim) )
return error;
if ( ACTPERS != 0 && (ENA(admin, 2) || ENA(wheel,8) || ACTPERS == victim) )
if ( viewer != 0 && (ENA(admin, 2) || ENA(wheel,8) || viewer == victim) )
return unlimited;
if ( ACTPERS != 0 && locate_membership( victim, ACT_P ) != NULL )
return member;
if ( viewer != 0 )
{
if ( viewer_p == NULL )
GET_P_STAT(viewer_p, viewer, error);
if ( locate_membership( victim, viewer_p ) != NULL )
return member;
}
if ( (conf_type=cached_get_conf_type( victim )).secret )
return access_perm(victim, NULL); /* Only read in conference struct
......
/*
* $Id: send-async.c,v 0.3 1991/09/15 10:29:22 linus Exp $
* $Id: send-async.c,v 0.4 1991/12/16 16:43:56 ceder Exp $
* Copyright (C) 1991 Lysator Academic Computer Association.
*
* This file is part of the LysKOM server.
......@@ -28,7 +28,7 @@
* Written by Per Cederqvist 1990-07-22--23
*/
static char *rcsid = "$Id: send-async.c,v 0.3 1991/09/15 10:29:22 linus Exp $";
static char *rcsid = "$Id: send-async.c,v 0.4 1991/12/16 16:43:56 ceder Exp $";
#include <stdio.h>
......@@ -49,87 +49,24 @@ static char *rcsid = "$Id: send-async.c,v 0.3 1991/09/15 10:29:22 linus Exp $";
extern Bool send_async_messages;
/*
* Check if person is a member in any of the recipients or cc_recipients
* of text_s
*/
static Bool
is_member_in_recpt(Person * person,
Text_stat * text_s)
{
int i;
for ( i = 0; i < text_s->no_of_misc; i++ )
{
switch(text_s->misc_items[ i ].type)
{
case recpt:
if ( locate_membership(text_s->misc_items[ i ].datum.recipient,
person) != NULL )
{
return TRUE;
}
break;
case cc_recpt:
if ( locate_membership(text_s->misc_items[ i ].datum.cc_recipient,
person) != NULL )
{
return TRUE;
}
break;
case comm_to:
case comm_in:
case footn_to:
case footn_in:
case loc_no:
case rec_time:
case sent_by:
case sent_at:
break;
#ifndef COMPILE_CHECKS
default:
log(__FILE__ ": is_member_in_recpt(): bad misc_item.\n");
break;
#endif
}
}
return FALSE;
}
void
async_new_text(Text_no text_no,
Text_stat *text_s)
async_new_text(struct connection *cptr,
Text_no text_no,
Text_stat *text_s)
{
Connection *cptr;
Session_no i = 0;
if (!send_async_messages)
return;
while ( (i = traverse_connections(i)) != 0 )
switch(cptr->protocol)
{
cptr = get_conn_by_number(i);
if ( cptr->person != NULL
&& is_member_in_recpt( cptr->person, text_s ) )
{
switch(cptr->protocol)
{
case 0:
break;
case 'A':
prot_a_async_new_text(cptr, text_no, text_s);
break;
default:
restart_kom("async_new_text(): bad protocol.\n");
break;
}
}
case 0:
break;
case 'A':
prot_a_async_new_text(cptr, text_no, text_s);
break;
default:
restart_kom("async_new_text(): bad protocol.\n");
break;
}
}
......
/*
* $Id: send-async.h,v 0.3 1991/09/15 10:29:19 linus Exp $
* $Id: send-async.h,v 0.4 1991/12/16 16:43:54 ceder Exp $
* Copyright (C) 1991 Lysator Academic Computer Association.
*
* This file is part of the LysKOM server.
......@@ -23,11 +23,12 @@
* Please mail bug reports to bug-lyskom@lysator.liu.se.
*/
/*
* $Id: send-async.h,v 0.3 1991/09/15 10:29:19 linus Exp $
* $Id: send-async.h,v 0.4 1991/12/16 16:43:54 ceder Exp $
*
*/
extern void
async_new_text(Text_no text_no,
async_new_text(Connection *cptr,
Text_no text_no,
Text_stat *text_s);
extern void
......
/*
* $Id: text.c,v 0.10 1991/11/11 00:27:17 ceder Exp $
* $Id: text.c,v 0.11 1991/12/16 16:43:51 ceder Exp $
* Copyright (C) 1991 Lysator Academic Computer Association.
*
* This file is part of the LysKOM server.
......@@ -28,7 +28,7 @@
* All atomic calls that deals with texts.
*/
static char *rcsid = "$Id: text.c,v 0.10 1991/11/11 00:27:17 ceder Exp $";
static char *rcsid = "$Id: text.c,v 0.11 1991/12/16 16:43:51 ceder Exp $";
#include <time.h>
#include <stdlib.h>
......@@ -47,6 +47,7 @@ static char *rcsid = "$Id: text.c,v 0.10 1991/11/11 00:27:17 ceder Exp $";
#include "connections.h"
#include "send-async.h"
#include "admin.h"
#include "internal-connections.h"
/*
* Static functions
......@@ -1266,49 +1267,96 @@ get_text (Text_no text_no,
return OK;
}
/*
* Get text status.
*
* If there are recipients of the text that are secret confs
* those misc-items will be censored.
* Check if person is a member in any of the recipients or cc_recipients
* of text_s
*/
extern Success
get_text_stat (Text_no text_no,
Text_stat *result )
static Bool
is_member_in_recpt(Person *person,
Text_stat *text_s)
{
Text_stat * text_stat;
Misc_info * orig;
Misc_info * copy; /* Censored Misc_infos */
int i;
GET_T_STAT(text_stat, text_no, FAILURE);
if ( !text_read_access(text_no, text_stat) && !ENA(admin, 2))
for ( i = 0; i < text_s->no_of_misc; i++ )
{
kom_errno = KOM_NO_SUCH_TEXT;
return FAILURE;
switch(text_s->misc_items[ i ].type)
{
case recpt:
if ( locate_membership(text_s->misc_items[ i ].datum.recipient,
person) != NULL )
{
return TRUE;
}
break;
case cc_recpt:
if ( locate_membership(text_s->misc_items[ i ].datum.cc_recipient,
person) != NULL )
{
return TRUE;
}
break;
case comm_to:
case comm_in:
case footn_to:
case footn_in:
case loc_no:
case rec_time:
case sent_by:
case sent_at:
break;
#ifndef COMPILE_CHECKS
default:
log(__FILE__ ": is_member_in_recpt(): bad misc_item.\n");
break;
#endif
}
}
*result = *text_stat;
/* Delete secret confs */
return FALSE;
}
/*
* Copy the text_stat original into result, but only those part
* that viewer is allowed to see. (Censor away information about
* conferences that viewer is not allowed to know about).
*
* All memory is allocated via tmp_alloc().
*/
static void
filter_secret_info(Text_stat *result,
Text_stat *original,
Pers_no viewer,
Person *viewer_p) /* May be NULL. */
{
Misc_info * orig;
Misc_info * copy; /* Censored Misc_infos */
/* ^^^ Possible optimisation:
No need to copy unless there is a secret conf among the recipients. */
*result = *original;
result->misc_items = tmp_alloc(result->no_of_misc * sizeof ( Misc_info));
result->no_of_misc = 0;
copy = result->misc_items;
orig = text_stat->misc_items;
orig = original->misc_items;
while ( orig < text_stat->misc_items + text_stat->no_of_misc )
while ( orig < original->misc_items + original->no_of_misc )
{
switch( orig->type )
{
case recpt:
if ( fast_access_perm( orig->datum.recipient ) <= none
if ( (fast_access_perm (orig->datum.recipient, viewer, viewer_p)
<= none )
&& !ENA(admin, 4))
{
skip_recp ( &orig, text_stat );
skip_recp ( &orig, original );
}
else
{
......@@ -1318,10 +1366,11 @@ get_text_stat (Text_no text_no,
break;
case cc_recpt:
if ( fast_access_perm( orig->datum.cc_recipient ) <= none
if ( (fast_access_perm (orig->datum.cc_recipient, viewer, viewer_p)
<= none)
&& !ENA(admin, 4))
{
skip_recp ( &orig, text_stat );
skip_recp ( &orig, original );
}
else
{
......@@ -1344,10 +1393,33 @@ get_text_stat (Text_no text_no,
#ifndef COMPILE_CHECKS
default:
restart_kom("get_text_stat() - illegal misc_item!\n");
restart_kom("filter_secret_info() - illegal misc_item!\n");
#endif
}
}
}
/*
* Get text status.
*
* If there are recipients of the text that are secret confs
* those misc-items will be censored.
*/
extern Success
get_text_stat (Text_no text_no,
Text_stat *result )
{
Text_stat * text_stat;
GET_T_STAT(text_stat, text_no, FAILURE);
if ( !text_read_access(text_no, text_stat) && !ENA(admin, 2))
{
kom_errno = KOM_NO_SUCH_TEXT;
return FAILURE;
}
filter_secret_info(result, text_stat, ACTPERS, ACT_P);
return OK;
}
......@@ -1634,6 +1706,39 @@ create_text_add_miscs(Text_no new_text,
return OK;
}
/*
* Send an asynchronous message, but filter any secret information.
*/
static void
send_async_new_text (Text_no text_no,
Text_stat *text_s)
{
Connection *cptr;
Session_no i = 0;
Text_stat filtered = EMPTY_TEXT_STAT;
while ( (i = traverse_connections(i)) != 0 )
{
cptr = get_conn_by_number(i);
/*
* filter_secret_info copies the text-stat to filtered, but
* since it is allocated with tmp_alloc we do not need to free
* the memory now.
*/
filter_secret_info(&filtered, text_s,
cptr->pers_no, cptr->person);
if ( cptr->person != NULL
&& is_member_in_recpt (cptr->person, &filtered) )
{
async_new_text (cptr, text_no, &filtered);
}
}
}
/*
* Create a text.
*
......@@ -1697,10 +1802,10 @@ create_text(String message,
ACT_P->created_lines += t_stat->no_of_lines;
ACT_P->created_bytes += t_stat->no_of_chars;
mark_person_as_changed( ACTPERS );
mark_text_as_changed( text );
mark_person_as_changed (ACTPERS);
mark_text_as_changed (text);
async_new_text( text, t_stat ); /* Send asynchronous message. */
send_async_new_text (text, t_stat); /* Send asynchronous message. */
return text;
}
......@@ -1763,10 +1868,10 @@ create_anonymous_text(String message,
return 0;
}
mark_text_as_changed( text );
mark_text_as_changed (text);
/* Don't add this person to create - we want true anonymity! */
async_new_text( text, t_stat ); /* Send asynchronous message. */
send_async_new_text (text, t_stat);
return text;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment