Commit c1e08a06 authored by David Byers's avatar David Byers

Server

        Corrected privilege-related problems. Many functions now
        take a Connection instead of a Pers_no/Person combo.

        Added defensive code to protect the server in situations
        where active_connection is unexpectedly NULL.

        Added checks to most RPC handlers to make sure they are only
        called when there is an active connection.

        The added_by field for a person's membership in its letterbox
        conference is not the person itself, not 0.

Testing
        Removed all new expected fails from the testsuite.
parent b6868a3b
1999-05-31 David Byers <davby@ida.liu.se>
* src/server/server-config.c: Removed duplicate regexps use
collate table.
* src/server/manipulate.h (CHK_LOGIN): Check for NULL
active_connection.
(ENA): Survive a NULL active_connection.
(HAVE_PRIV): Take a Person argument.
1999-05-30 David Byers <davby@ida.liu.se>
* src/server/text-garb.c (garb_text): Reset deleted_texts after
sending the debug message.
1999-05-30 David Byers <davby@ida.liu.se>
* src/server/testsuite/lyskomd.0/09.exp (1015): Data sent to
client 2 contained secret recipient. Fixed.
* src/server/testsuite/lyskomd.0/05.exp: Fixed added_by field in
Membership and Member
* src/server/testsuite/lyskomd.0/03.exp: (1349,1350, 1351, 2001,
2006): Fixed added_by field in Membership and Member
* src/server/testsuite/lyskomd.0/01.exp: (1116): Fixed added_by
field in Membership
* src/server/regex-match.c (lookup_regexp): Copy the collate table
before putting it into the pattern buffer.
* src/server/testsuite/lyskomd.0/00.exp (1038): Person 6 added
himself to his letterbox.
* src/server/membership.c (do_add_member): Take added_by as an
argument.
(add_member_common): Call do_add_member with explicit added_by.
* src/server/person.c (create_person_generic): The person adding
the mailbox membership is the same as the creator of the person.
Fixed problems related to permission checking
* src/server/membership.c (fast_access_perm): Take a connection
argument instead of a person and pers_stat combo.
(access_perm): Same here.
(copy_public_confs): Same here.
* src/server/text.c (ok_to_create_next_text): Same here.
* src/server/regex-match.c (lookup_regexp): Test for
param.regex_use_collate_table was inverted.
(lookup_regexp): Added connection argument.
* src/server/text.c (filter_secret_info): Take a connection
argument instead of viewer and viewer_p
(send_async_deleted_text): Call filter_secret_info with connection
argument.
(get_text_stat_old): Same here.
(get_text_stat): Same here.
(send_async_new_text_old): Same here.
(send_async_new_text): Same here.
(person_text_read_access): Check that active_connection is set
before attempting to use it.
(text_read_access): Take a connection as an argument.
* src/server/conference.c (get_conf_stat): Call
filter_aux_item_list with active_connection instead of ACTPERS and
ACT_P.
* src/server/admin.c (get_info): Call filter_aux_item_list with
active_connection instead of ACTPERS and ACT_P.
* src/server/session.c (leave_conf): New parameter for connection
to remove dependency on active_connection.
* src/server/internal-connections.c (get_conn_by_number):
Defensive check on active_connection. Restart server if
active_connection is unset and no session number is specified
since callers of this function expect to get something sensible
out of it.
* src/server/manipulate.h (CHK_CONNECTION): New macro. Call this
at the head of every RPC function.
* src/server/admin.c (shutdown_kom): Signal internal error if we
don't have an active connection.
1999-05-30 Per Cederqvist <ceder@lysator.liu.se>
Improve the test suite.
......
......@@ -3,30 +3,11 @@ server.
* Showstoppers
** Fix lyskomd.0/09.exp
** Fix this. active_connection is NULL and ENA is mis-used.
#0 0x2f064 in fast_access_perm (victim=4975, viewer=119, viewer_p=0x13c70f0)
at membership.c:776
#1 0x2b610 in filter_secret_info (result=0xeffffa80, original=0x2f003a8,
viewer=0, viewer_p=0x13c70f0, output_bcc=TRUE) at text.c:1238
#2 0x2b89c in send_async_deleted_text (text_no=2014215, text_s=0x2f003a8)
at text.c:1350
#3 0x2bd50 in do_delete_text (text_no=2014215, text_s=0x2f003a8)
at text.c:1609
#4 0x398bc in garb_text () at text-garb.c:245
#5 0x2809c in end_of_atomic (idle=TRUE) at disk-end-of-atomic.c:81
#6 0x29ef8 in toploop () at connections.c:713
#7 0x1d524 in main (argc=1, argv=0xeffffd7c) at ramkomd.c:535
** Remove all setup_xfail
** If ay_sub_recipient is on, but ay_deleted_text is not on, we need
to decide which async messages to send before we start subtracting
things from the text. The best solution is probably to never send
ay_sub_recipient when texts are deleted.
** Regex matching with the collate table does not work.
The test for param.regexps_use_collate_table is inverted.
It doesn't work anyway. Results are *strange*.
** Add CHK_CONNECTION to remaining RPC handlers.
* High priority, but they can wait until after the next release.
......@@ -722,6 +703,35 @@ server.
per atomic call.
DONE
** Fix lyskomd.0/09.exp
DONE.
** Fix this. active_connection is NULL and ENA is mis-used.
#0 0x2f064 in fast_access_perm (victim=4975, viewer=119, viewer_p=0x13c70f0)
at membership.c:776
#1 0x2b610 in filter_secret_info (result=0xeffffa80, original=0x2f003a8,
viewer=0, viewer_p=0x13c70f0, output_bcc=TRUE) at text.c:1238
#2 0x2b89c in send_async_deleted_text (text_no=2014215, text_s=0x2f003a8)
at text.c:1350
#3 0x2bd50 in do_delete_text (text_no=2014215, text_s=0x2f003a8)
at text.c:1609
#4 0x398bc in garb_text () at text-garb.c:245
#5 0x2809c in end_of_atomic (idle=TRUE) at disk-end-of-atomic.c:81
#6 0x29ef8 in toploop () at connections.c:713
#7 0x1d524 in main (argc=1, argv=0xeffffd7c) at ramkomd.c:535
DONE.
** Remove all setup_xfail
DONE
** If ay_sub_recipient is on, but ay_deleted_text is not on, we need
to decide which async messages to send before we start subtracting
things from the text. The best solution is probably to never send
ay_sub_recipient when texts are deleted.
DONE
* In progress
** Document aux-items for mail import/export. (3229403)
......
/*
* $Id: admin.c,v 0.38 1999/05/24 09:34:17 ceder Exp $
* $Id: admin.c,v 0.39 1999/05/31 12:17:01 byers Exp $
* Copyright (C) 1991, 1993-1999 Lysator Academic Computer Association.
*
* This file is part of the LysKOM server.
......@@ -33,7 +33,7 @@
#endif
static const char *
rcsid = "$Id: admin.c,v 0.38 1999/05/24 09:34:17 ceder Exp $";
rcsid = "$Id: admin.c,v 0.39 1999/05/31 12:17:01 byers Exp $";
#include "rcs.h"
USE(rcsid);
......@@ -50,10 +50,10 @@ USE(rcsid);
#include "misc-types.h"
#include "s-string.h"
#include "kom-types.h"
#include "manipulate.h"
#include "com.h"
#include "async.h"
#include "connections.h"
#include "manipulate.h"
#include "kom-errno.h"
#include "cache.h"
#include "kom-config.h"
......@@ -107,11 +107,11 @@ get_info( Info *result )
{
Aux_item_list filtered;
CHK_CONNECTION(FAILURE);
*result = kom_info;
filter_aux_item_list(&result->aux_item_list,
&filtered,
ACTPERS,
ACT_P);
active_connection);
result->aux_item_list = filtered;
return OK;
}
......@@ -135,7 +135,7 @@ set_info(Info *info)
Success tmp;
CHK_LOGIN(FAILURE);
if ( !ENA(admin, 1) )
if ( !ENA(admin, 1) ) /* OK -- in an RPC call */
{
err_stat = 0;
kom_errno = KOM_PERM;
......@@ -174,7 +174,7 @@ set_motd_of_lyskom (Text_no motd)
CHK_LOGIN(FAILURE);
if ( !ENA(admin, 1) )
if ( !ENA(admin, 1) ) /* OK -- In an RPC call */
{
err_stat = 0;
kom_errno = KOM_PERM;
......@@ -250,6 +250,7 @@ send_message (Conf_no recipient,
unsigned short ix;
Success retval;
CHK_CONNECTION(FAILURE);
CHK_LOGIN(FAILURE);
/* Check that the message is not too long */
......@@ -269,7 +270,7 @@ send_message (Conf_no recipient,
/* Check that the conference is not secret */
if (access_perm(recipient, conf_c, ACTPERS, ACT_P) <= none)
if (access_perm(recipient, conf_c, active_connection) <= none)
{
err_stat = recipient;
kom_errno = KOM_UNDEF_CONF;
......@@ -296,7 +297,7 @@ send_message (Conf_no recipient,
recipient,
ACTPERS,
message,
ENA(admin, 1)) == OK)
ENA(admin, 1)) == OK)
{
retval = OK;
}
......@@ -323,7 +324,7 @@ sync_kom (void)
if (!param.permissive_sync)
{
CHK_LOGIN(FAILURE);
if ( !ENA(admin, 1) )
if ( !ENA(admin, 1) ) /* OK -- In an RPC call */
{
err_stat = 0;
kom_errno = KOM_PERM;
......@@ -346,8 +347,9 @@ shutdown_kom (int UNUSED(exit_val))
char *user;
char *host;
CHK_CONNECTION(FAILURE);
CHK_LOGIN(FAILURE);
if ( !ENA(admin, 1) )
if ( !ENA(admin, 1) ) /* OK -- In an RPC call */
{
err_stat = 0;
kom_errno = KOM_PERM;
......@@ -358,7 +360,7 @@ shutdown_kom (int UNUSED(exit_val))
user = s_crea_c_str (active_connection->ident_user);
host = s_crea_c_str (active_connection->hostname);
kom_log("shutdown initiated by person %d (%s) via %s@%s.\n",
ACTPERS, name, user, host);
ACTPERS, name, user, host);
string_free(host);
string_free(user);
string_free(name);
......@@ -371,6 +373,7 @@ extern Success
modify_server_info(Number_list *items_to_delete,
Aux_item_list *items_to_add)
{
CHK_CONNECTION(FAILURE);
CHK_LOGIN(FAILURE);
if (items_to_delete->length > param.max_delete_aux)
......@@ -387,7 +390,7 @@ modify_server_info(Number_list *items_to_delete,
return FAILURE;
}
if ( !ENA(admin, 1) )
if ( !ENA(admin, 1) ) /* OK -- in an RPC call */
{
err_stat = 0;
kom_errno = KOM_PERM;
......@@ -423,6 +426,7 @@ modify_server_info(Number_list *items_to_delete,
extern Success
get_collate_table (String * result)
{
CHK_CONNECTION(FAILURE);
result->string = DEFAULT_COLLAT_TAB;
result->len = COLLAT_TAB_SIZE;
return OK;
......
%{
/*
* $Id: aux-item-def-parse.y,v 1.8 1999/05/24 09:34:18 ceder Exp $
* $Id: aux-item-def-parse.y,v 1.9 1999/05/31 12:17:02 byers Exp $
* Copyright (C) 1994-1996, 1999 Lysator Academic Computer Association.
*
* This file is part of the LysKOM server.
......@@ -83,8 +83,12 @@
# include <stdarg.h>
#endif
#include <malloc.h>
#include <setjmp.h>
#include "kom-types.h"
#include "com.h"
#include "async.h"
#include "connections.h"
#include "aux-items.h"
#include "s-string.h"
#include "server/smalloc.h"
......
/*
* $Id: aux-items.c,v 1.14 1999/05/24 09:34:18 ceder Exp $
* $Id: aux-items.c,v 1.15 1999/05/31 12:17:03 byers Exp $
* Copyright (C) 1994-1999 Lysator Academic Computer Association.
*
* This file is part of the LysKOM server.
......@@ -39,13 +39,13 @@
#include <assert.h>
#include "kom-types.h"
#include "com.h"
#include "async.h"
#include "connections.h"
#include "manipulate.h"
#include "aux-items.h"
#include "kom-errno.h"
#include "kom-memory.h"
#include "async.h"
#include "com.h"
#include "connections.h"
#include "server/smalloc.h"
#include "cache.h"
#include "s-string.h"
......@@ -1101,7 +1101,7 @@ aux_item_add_perm(Aux_item *item,
owner_check &&
object_creator != item_creator &&
!is_strictly_supervisor(object_creator, NULL, item_creator, NULL) &&
!(item_creator == ACTPERS && ENA(wheel, 8)))
!(item_creator == ACTPERS && ENA(wheel, 8))) /* NOT OK! */
{
kom_errno = KOM_AUX_PERM;
return FALSE;
......@@ -1110,7 +1110,7 @@ aux_item_add_perm(Aux_item *item,
if (def->supervisor_only &&
owner_check &&
!is_strictly_supervisor(object_creator, NULL, item_creator, NULL) &&
!(item_creator == ACTPERS && ENA(wheel,8)))
!(item_creator == ACTPERS && ENA(wheel,8))) /* NOT OK! */
{
kom_errno = KOM_AUX_PERM;
return FALSE;
......@@ -1272,11 +1272,12 @@ aux_inherit_items(Aux_item_list *target,
void
filter_aux_item_list(Aux_item_list *original,
Aux_item_list *result,
Pers_no viewer,
Person *viewer_p)
Connection *viewer_conn)
{
Aux_item *orig_aux;
unsigned long from, to;
/* Pers_no viewer;
Person *viewer_p;*/
result->items = tmp_alloc(original->length * sizeof (Aux_item));
result->length = 0;
......@@ -1286,15 +1287,17 @@ filter_aux_item_list(Aux_item_list *original,
{
orig_aux = &original->items[from];
if ( orig_aux->flags.secret &&
!is_supervisor(orig_aux->creator,NULL, viewer, viewer_p) &&
!ENA(admin, 4) )
!is_supervisor(orig_aux->creator, NULL,
viewer_conn->pers_no, viewer_conn->person) &&
!ENA_C(viewer_conn, admin, 4))
continue;
result->items[to] = *orig_aux;
if (orig_aux->flags.hide_creator &&
!is_supervisor(orig_aux->creator,NULL, viewer, viewer_p) &&
!ENA(admin, 4) )
!is_supervisor(orig_aux->creator, NULL,
viewer_conn->pers_no, viewer_conn->person) &&
!ENA_C(viewer_conn, admin, 4))
result->items[to].creator = 0;
result->length += 1;
......@@ -1339,10 +1342,10 @@ check_delete_aux_item_list(Number_list *items_to_delete,
def = find_aux_item_definition(item);
if ((def == NULL) ||
(def->may_not_delete) ||
(item->creator == 0 && !ENA(wheel, 8)) ||
(item->creator != ACTPERS &&
!is_supervisor(item->creator, NULL, ACTPERS, NULL) &&
!ENA(wheel,8)))
(item->creator == 0 && !ENA(wheel, 8)) || /* NOT OK! */
(item->creator != ACTPERS && /* NOT OK! */
!is_supervisor(item->creator, NULL, ACTPERS, NULL) && /* NOT OK! */
!ENA(wheel,8))) /* NOT OK! */
{
kom_errno = KOM_AUX_PERM;
err_stat = i;
......
/*
* $Id: aux-items.h,v 1.11 1999/05/24 09:34:19 ceder Exp $
* $Id: aux-items.h,v 1.12 1999/05/31 12:17:04 byers Exp $
* Copyright (C) 1994-1999 Lysator Academic Computer Association.
*
* This file is part of the LysKOM server.
......@@ -223,8 +223,7 @@ Aux_item *find_aux_item(Aux_item_list *list, unsigned long aux_no);
void filter_aux_item_list(Aux_item_list *original,
Aux_item_list *result,
Pers_no viewer,
Person *viewer_p);
Connection *conn);
/* delete items_to_delete from list_to_delete_from
......
This diff is collapsed.
/*
* $Id: dbck.c,v 0.52 1999/05/24 13:07:45 ceder Exp $
* $Id: dbck.c,v 0.53 1999/05/31 12:17:06 byers Exp $
* Copyright (C) 1991-1999 Lysator Academic Computer Association.
*
* This file is part of the LysKOM server.
......@@ -35,7 +35,7 @@
static const char *
rcsid = "$Id: dbck.c,v 0.52 1999/05/24 13:07:45 ceder Exp $";
rcsid = "$Id: dbck.c,v 0.53 1999/05/31 12:17:06 byers Exp $";
#include "rcs.h"
USE(rcsid);
......@@ -58,6 +58,7 @@ USE(rcsid);
# include <string.h>
#endif
#include <assert.h>
#include <setjmp.h>
#include "getopt.h"
#include "misc-types.h"
......@@ -73,6 +74,9 @@ USE(rcsid);
#include "dbck-cache.h"
#include "param.h"
#include "server-config.h"
#include "async.h"
#include "com.h"
#include "connections.h"
#include "manipulate.h"
#include "version-info.h"
#include "ram-output.h"
......
/*
* $Id: internal-connections.c,v 0.39 1999/05/24 09:34:25 ceder Exp $
* $Id: internal-connections.c,v 0.40 1999/05/31 12:17:07 byers Exp $
* Copyright (C) 1991-1994, 1996-1999 Lysator Academic Computer Association.
*
* This file is part of the LysKOM server.
......@@ -35,7 +35,7 @@
static const char *
rcsid = "$Id: internal-connections.c,v 0.39 1999/05/24 09:34:25 ceder Exp $";
rcsid = "$Id: internal-connections.c,v 0.40 1999/05/31 12:17:07 byers Exp $";
#include "rcs.h"
USE(rcsid);
......@@ -341,7 +341,13 @@ get_conn_by_number (Session_no session_no)
end = last_conn;
if (session_no == 0)
{
if (active_connection == NULL)
{
restart_kom("get_conn_by_number: No session-no and no active connection");
}
session_no = active_connection->session_no;
}
do
{
......
/*
* $Id: manipulate.h,v 0.22 1999/05/24 09:34:28 ceder Exp $
* $Id: manipulate.h,v 0.23 1999/05/31 12:17:08 byers Exp $
* Copyright (C) 1991-1994, 1996-1999 Lysator Academic Computer Association.
*
* This file is part of the LysKOM server.
......@@ -23,7 +23,7 @@
* Please mail bug reports to bug-lyskom@lysator.liu.se.
*/
/*
* $Id: manipulate.h,v 0.22 1999/05/24 09:34:28 ceder Exp $
* $Id: manipulate.h,v 0.23 1999/05/31 12:17:08 byers Exp $
*
* manipulate.h
*
......@@ -42,14 +42,26 @@
/* many functions can only be used if ACTPERS is logged in */
#define CHK_LOGIN(errortype) \
{ \
if ( ! ACTPERS ) \
{ \
err_stat = 0; \
kom_errno = KOM_LOGIN; \
return errortype; \
} \
#define CHK_CONNECTION(errortype) \
{ \
if (active_connection == NULL) \
{ \
err_stat = 0; \
kom_errno = KOM_INTERNAL_ERROR; \
return errortype; \
} \
}
#define CHK_LOGIN(errortype) \
{ \
if ( !active_connection || !ACTPERS ) \
{ \
if (!active_connection) \
kom_log("CHK_LOGIN: active_connection == NULL"); \
err_stat = 0; \
kom_errno = KOM_LOGIN; \
return errortype; \
} \
}
......@@ -141,7 +153,8 @@
*/
#define ENA(privtype, req_lev) \
(active_connection->ena_level >=(req_lev) && \
(active_connection && \
active_connection->ena_level >=(req_lev) && \
(ACT_P)->privileges.privtype)
#define ENA_C(conn, privtype, req_lev) \
......@@ -149,7 +162,7 @@
(conn)->person && \
((conn)->person)->privileges.privtype)
#define HAVE_PRIV(privtype) ((ACT_P)->privileges.privtype)
#define HAVE_PRIV(pers, privtype) (pers && pers->privileges.privtype)
/*
......@@ -260,7 +273,7 @@ is_strictly_supervisor(Conf_no conf,
*/
extern void
leave_conf(void);
leave_conf(Connection *conn);
/*
......@@ -325,6 +338,7 @@ do_add_member(Conf_no conf_no, /* Conference to add a new member to. */
Conference * conf_c, /* Conf. status. Must NOT be NULL. */
Pers_no pers_no, /* Person to be added. */
Person * pers_p, /* Pers. status. Must NOT be NULL. */
Pers_no added_by, /* Person doing the adding */
unsigned char priority, /* Priority to assign to this conf */
unsigned short where, /* Sequence number in the list */
Membership_type * type, /* Membership type */
......@@ -332,13 +346,13 @@ do_add_member(Conf_no conf_no, /* Conference to add a new member to. */
);
/*
* Return TRUE if ACTPERS has enough privileges to access VICTIM's data.
* Return TRUE if VIEWER_CONN has enough privileges to access VICTIM's data.
* VICTIM is a person or a conference.
* Meaning of return values:
* unlimited: ACTPERS is supervisor of VICTIM, or ACTPERS is admin,
* unlimited: VIEWER_CONN is supervisor of VICTIM, or ACTPERS is admin,
* or ACTPERS is VICTIM
* none: VICTIM is secret, and ACTPERS is not a member
* member: ACTPERS is a member in VICTIM, but doesn't have unlimited
* none: VICTIM is secret, and VIEWER_CONN is not a member
* member: VIEWER_CONN is a member in VICTIM, but doesn't have unlimited
* access.
* limited: otherwise.
* error: see kom_errno
......@@ -347,8 +361,7 @@ do_add_member(Conf_no conf_no, /* Conference to add a new member to. */
extern Access
access_perm(Conf_no victim,
Conference * victim_c, /* May be NULL */
Pers_no viewer,
Person * viewer_p); /* May be NULL */
Connection * viewer_conn);
/*
* Fast version of access_perm. This function does not check if ATCPERS is a
......@@ -359,17 +372,16 @@ access_perm(Conf_no victim,
* BUG: If a person is supervisor of a secret conf he is not member in the
* result will be 'none'.
*
* unlimited: ACTPERS is admin, or ACTPERS is VICTIM
* unlimited: viewer_conn is admin, or viewer_conn is VICTIM
* none: VICTIM is secret, and ACTPERS is not a member
* member: ACTPERS is a member in VICTIM, but doesn't have unlimited
* member: viewer_conn is a member in VICTIM, but doesn't have unlimited
* access.
* limited: otherwise.
* error: see kom_errno
*/
Access
fast_access_perm(Conf_no victim,
Pers_no viewer,
Person *viewer_p);
Connection *viewer_conn);
/*
......@@ -416,8 +428,9 @@ do_sub_member(Conf_no conf_no, /* Conf to delete member from. */
*/
extern Bool
text_read_access(Text_no text_no,
Text_stat * text_stat);
text_read_access(Connection * conn,
Text_no text_no,
Text_stat * text_stat);
extern Bool
person_text_read_access(Text_no text_no,
......
This diff is collapsed.
/*
* $Id: person.c,v 0.51 1999/05/24 09:34:30 ceder Exp $
* $Id: person.c,v 0.52 1999/05/31 12:17:10 byers Exp $
* Copyright (C) 1991-1999 Lysator Academic Computer Association.
*
* This file is part of the LysKOM server.
......@@ -36,7 +35,7 @@
#endif
static const char *
rcsid = "$Id: person.c,v 0.51 1999/05/24 09:34:30 ceder Exp $";
rcsid = "$Id: person.c,v 0.52 1999/05/31 12:17:10 byers Exp $";
#include "rcs.h"
USE(rcsid);
......@@ -65,14 +64,14 @@ USE(rcsid);
#include "s-string.h"
#include "kom-types.h"
#include "services.h"
#include "com.h"
#include "async.h"
#include "connections.h"
#include "manipulate.h"
#include "string-malloc.h"
#include "debug.h"
#include "cache.h"
#include "kom-errno.h"
#include "com.h"
#include "async.h"
#include "connections.h"
#include "server/smalloc.h"
#include "kom-config.h"
#include "log.h"
......@@ -476,11 +475,12 @@ mark_text(Text_no text_no, /* Will fail if the user is not */
{
Text_stat *text_s = NULL;
CHK_CONNECTION(FAILURE);
CHK_LOGIN(FAILURE);
/* Check