From 482a8369d0a18a6191d5792701909a29bc6ca69c Mon Sep 17 00:00:00 2001 From: Per Cederqvist <ceder@lysator.liu.se> Date: Sun, 3 Sep 2000 19:45:26 +0000 Subject: [PATCH] (send_async_sub_recipient): Use filter_secret_info() so that the exact same visibility is used by async-sub-recipient and get-text-stat. (filter_secret_info): Don't allow the author of a text to see bcc-recpt which are secret to him. Simplify the code slightly. (send_async_add_recipient): Use filter_secret_info() so that the exact same visibility is used by async-add-recipient and get-text-stat. --- src/server/text.c | 129 +++++++++++++++++----------------------------- 1 file changed, 47 insertions(+), 82 deletions(-) diff --git a/src/server/text.c b/src/server/text.c index 6ce5f44e0..40e49326d 100644 --- a/src/server/text.c +++ b/src/server/text.c @@ -1,5 +1,5 @@ /* - * $Id: text.c,v 0.78 2000/09/02 20:06:15 ceder Exp $ + * $Id: text.c,v 0.79 2000/09/03 19:45:26 ceder Exp $ * Copyright (C) 1991-1999 Lysator Academic Computer Association. * * This file is part of the LysKOM server. @@ -34,7 +34,7 @@ #endif static const char * -rcsid = "$Id: text.c,v 0.78 2000/09/02 20:06:15 ceder Exp $"; +rcsid = "$Id: text.c,v 0.79 2000/09/03 19:45:26 ceder Exp $"; #include "rcs.h" USE(rcsid); @@ -83,6 +83,11 @@ do_create_text(const String message, Bool anonymous, Text_stat **ret_stat); +static void +filter_secret_info(Text_stat *result, + const Text_stat *original, + const Connection *viewer_conn, + Bool output_bcc); /* * Static functions @@ -592,43 +597,23 @@ send_async_sub_recipient(Text_no text_no, { Connection *cptr; Session_no i = 0; - Membership *mship; - if (type != bcc_recpt) - { - while ((i = traverse_connections(i)) != 0) - { - cptr = get_conn_by_number(i); - /* - * Send messate if connection is logged on, the user is a member - * in a recipient and the subtracted recipient is visible to the - * user - */ - if (cptr->person != NULL - && is_member_in_recpt(cptr->person, text_s, TRUE) == TRUE - && access_perm(conf_no, cptr, read_protected) > none) - { - async_sub_recipient(cptr, text_no, conf_no, type); - } - } - } - else + while ((i = traverse_connections(i)) != 0) { - while ((i = traverse_connections(i)) != 0) - { - cptr = get_conn_by_number(i); - if (cptr->person != NULL) + cptr = get_conn_by_number(i); + if (cptr->person != NULL + && is_member_in_recpt(cptr->person, text_s, TRUE) == TRUE) + { + Text_stat copy; + + filter_secret_info(©, text_s, cptr, TRUE); + if (find_recipient(conf_no, ©) != -1 + && is_member_in_recpt(cptr->person, ©, TRUE) == TRUE) { - mship = locate_membership(conf_no, cptr->person); - if (mship != NULL - && !mship->type.passive - && access_perm(conf_no, cptr, read_protected) > none) - { - async_sub_recipient(cptr, text_no, conf_no, type); - } - } - } - } + async_sub_recipient(cptr, text_no, conf_no, type); + } + } + } } /* @@ -1256,11 +1241,12 @@ filter_secret_info(Text_stat *result, case bcc_recpt: /* - * We will send this if ... - * The viewer is the recipient or - * The recipient is an open conference - * The viewer sent the BCC - * The viewer is the author + * We will send this if any of the following is true: + * - The viewer is the recipient. + * - The recipient is an open conference. + * - The viewer sent the BCC. + * - The viewer is supervisor of the author, and allowed + * to know that the recipient exists. */ if (viewer_p != NULL @@ -1271,21 +1257,15 @@ filter_secret_info(Text_stat *result, || recp_sent_by( orig, original->misc_items + original->no_of_misc, viewer, viewer_p) - || is_supervisor(original->author, viewer, viewer_p))) + || (is_supervisor(original->author, viewer, viewer_p) + && (access_perm(orig->datum.bcc_recipient, + viewer_conn, read_protected) + >= read_protected)))) { + *copy++ = *orig++; + ++result->no_of_misc; if (!output_bcc) - { - *copy = *orig; - copy->type = cc_recpt; - copy++; - orig++; - ++result->no_of_misc; - } - else - { - *copy++ = *orig++; - ++result->no_of_misc; - } + copy[-1].type = cc_recpt; } else { @@ -2819,38 +2799,23 @@ send_async_add_recipient(Text_no text_no, Info_type type) { Connection *cptr; - Membership *mship; Session_no i = 0; - if (type != bcc_recpt) - { - while ((i = traverse_connections(i)) != 0) - { - cptr = get_conn_by_number(i); - if (cptr->person != NULL - && is_member_in_recpt(cptr->person, text_s, TRUE) == TRUE - && access_perm(conf_no, cptr, read_protected) > none) - { - async_new_recipient(cptr, text_no, conf_no, type); - } - } - } - else + while ((i = traverse_connections(i)) != 0) { - while ((i = traverse_connections(i)) != 0) - { - cptr = get_conn_by_number(i); - if (cptr->person != NULL) + cptr = get_conn_by_number(i); + if (cptr->person != NULL + && is_member_in_recpt(cptr->person, text_s, TRUE) == TRUE) + { + Text_stat copy; + + filter_secret_info(©, text_s, cptr, TRUE); + if (find_recipient(conf_no, ©) != -1 + && is_member_in_recpt(cptr->person, ©, TRUE) == TRUE) { - mship = locate_membership(conf_no, cptr->person); - if (mship != NULL - && !mship->type.passive - && access_perm(conf_no, cptr, read_protected) > none) - { - async_new_recipient(cptr, text_no, conf_no, type); - } - } - } + async_new_recipient(cptr, text_no, conf_no, type); + } + } } } -- GitLab