Commit c1e08a06 authored by David Byers's avatar David Byers

Server

        Corrected privilege-related problems. Many functions now
        take a Connection instead of a Pers_no/Person combo.

        Added defensive code to protect the server in situations
        where active_connection is unexpectedly NULL.

        Added checks to most RPC handlers to make sure they are only
        called when there is an active connection.

        The added_by field for a person's membership in its letterbox
        conference is not the person itself, not 0.

Testing
        Removed all new expected fails from the testsuite.
parent b6868a3b
1999-05-31 David Byers <davby@ida.liu.se>
* src/server/server-config.c: Removed duplicate regexps use
collate table.
* src/server/manipulate.h (CHK_LOGIN): Check for NULL
active_connection.
(ENA): Survive a NULL active_connection.
(HAVE_PRIV): Take a Person argument.
1999-05-30 David Byers <davby@ida.liu.se>
* src/server/text-garb.c (garb_text): Reset deleted_texts after
sending the debug message.
1999-05-30 David Byers <davby@ida.liu.se>
* src/server/testsuite/lyskomd.0/09.exp (1015): Data sent to
client 2 contained secret recipient. Fixed.
* src/server/testsuite/lyskomd.0/05.exp: Fixed added_by field in
Membership and Member
* src/server/testsuite/lyskomd.0/03.exp: (1349,1350, 1351, 2001,
2006): Fixed added_by field in Membership and Member
* src/server/testsuite/lyskomd.0/01.exp: (1116): Fixed added_by
field in Membership
* src/server/regex-match.c (lookup_regexp): Copy the collate table
before putting it into the pattern buffer.
* src/server/testsuite/lyskomd.0/00.exp (1038): Person 6 added
himself to his letterbox.
* src/server/membership.c (do_add_member): Take added_by as an
argument.
(add_member_common): Call do_add_member with explicit added_by.
* src/server/person.c (create_person_generic): The person adding
the mailbox membership is the same as the creator of the person.
Fixed problems related to permission checking
* src/server/membership.c (fast_access_perm): Take a connection
argument instead of a person and pers_stat combo.
(access_perm): Same here.
(copy_public_confs): Same here.
* src/server/text.c (ok_to_create_next_text): Same here.
* src/server/regex-match.c (lookup_regexp): Test for
param.regex_use_collate_table was inverted.
(lookup_regexp): Added connection argument.
* src/server/text.c (filter_secret_info): Take a connection
argument instead of viewer and viewer_p
(send_async_deleted_text): Call filter_secret_info with connection
argument.
(get_text_stat_old): Same here.
(get_text_stat): Same here.
(send_async_new_text_old): Same here.
(send_async_new_text): Same here.
(person_text_read_access): Check that active_connection is set
before attempting to use it.
(text_read_access): Take a connection as an argument.
* src/server/conference.c (get_conf_stat): Call
filter_aux_item_list with active_connection instead of ACTPERS and
ACT_P.
* src/server/admin.c (get_info): Call filter_aux_item_list with
active_connection instead of ACTPERS and ACT_P.
* src/server/session.c (leave_conf): New parameter for connection
to remove dependency on active_connection.
* src/server/internal-connections.c (get_conn_by_number):
Defensive check on active_connection. Restart server if
active_connection is unset and no session number is specified
since callers of this function expect to get something sensible
out of it.
* src/server/manipulate.h (CHK_CONNECTION): New macro. Call this
at the head of every RPC function.
* src/server/admin.c (shutdown_kom): Signal internal error if we
don't have an active connection.
1999-05-30 Per Cederqvist <ceder@lysator.liu.se>
Improve the test suite.
......
......@@ -3,30 +3,11 @@ server.
* Showstoppers
** Fix lyskomd.0/09.exp
** Fix this. active_connection is NULL and ENA is mis-used.
#0 0x2f064 in fast_access_perm (victim=4975, viewer=119, viewer_p=0x13c70f0)
at membership.c:776
#1 0x2b610 in filter_secret_info (result=0xeffffa80, original=0x2f003a8,
viewer=0, viewer_p=0x13c70f0, output_bcc=TRUE) at text.c:1238
#2 0x2b89c in send_async_deleted_text (text_no=2014215, text_s=0x2f003a8)
at text.c:1350
#3 0x2bd50 in do_delete_text (text_no=2014215, text_s=0x2f003a8)
at text.c:1609
#4 0x398bc in garb_text () at text-garb.c:245
#5 0x2809c in end_of_atomic (idle=TRUE) at disk-end-of-atomic.c:81
#6 0x29ef8 in toploop () at connections.c:713
#7 0x1d524 in main (argc=1, argv=0xeffffd7c) at ramkomd.c:535
** Remove all setup_xfail
** If ay_sub_recipient is on, but ay_deleted_text is not on, we need
to decide which async messages to send before we start subtracting
things from the text. The best solution is probably to never send
ay_sub_recipient when texts are deleted.
** Regex matching with the collate table does not work.
The test for param.regexps_use_collate_table is inverted.
It doesn't work anyway. Results are *strange*.
** Add CHK_CONNECTION to remaining RPC handlers.
* High priority, but they can wait until after the next release.
......@@ -722,6 +703,35 @@ server.
per atomic call.
DONE
** Fix lyskomd.0/09.exp
DONE.
** Fix this. active_connection is NULL and ENA is mis-used.
#0 0x2f064 in fast_access_perm (victim=4975, viewer=119, viewer_p=0x13c70f0)
at membership.c:776
#1 0x2b610 in filter_secret_info (result=0xeffffa80, original=0x2f003a8,
viewer=0, viewer_p=0x13c70f0, output_bcc=TRUE) at text.c:1238
#2 0x2b89c in send_async_deleted_text (text_no=2014215, text_s=0x2f003a8)
at text.c:1350
#3 0x2bd50 in do_delete_text (text_no=2014215, text_s=0x2f003a8)
at text.c:1609
#4 0x398bc in garb_text () at text-garb.c:245
#5 0x2809c in end_of_atomic (idle=TRUE) at disk-end-of-atomic.c:81
#6 0x29ef8 in toploop () at connections.c:713
#7 0x1d524 in main (argc=1, argv=0xeffffd7c) at ramkomd.c:535
DONE.
** Remove all setup_xfail
DONE
** If ay_sub_recipient is on, but ay_deleted_text is not on, we need
to decide which async messages to send before we start subtracting
things from the text. The best solution is probably to never send
ay_sub_recipient when texts are deleted.
DONE
* In progress
** Document aux-items for mail import/export. (3229403)
......
/*
* $Id: admin.c,v 0.38 1999/05/24 09:34:17 ceder Exp $
* $Id: admin.c,v 0.39 1999/05/31 12:17:01 byers Exp $
* Copyright (C) 1991, 1993-1999 Lysator Academic Computer Association.
*
* This file is part of the LysKOM server.
......@@ -33,7 +33,7 @@
#endif
static const char *
rcsid = "$Id: admin.c,v 0.38 1999/05/24 09:34:17 ceder Exp $";
rcsid = "$Id: admin.c,v 0.39 1999/05/31 12:17:01 byers Exp $";
#include "rcs.h"
USE(rcsid);
......@@ -50,10 +50,10 @@ USE(rcsid);
#include "misc-types.h"
#include "s-string.h"
#include "kom-types.h"
#include "manipulate.h"
#include "com.h"
#include "async.h"
#include "connections.h"
#include "manipulate.h"
#include "kom-errno.h"
#include "cache.h"
#include "kom-config.h"
......@@ -107,11 +107,11 @@ get_info( Info *result )
{
Aux_item_list filtered;
CHK_CONNECTION(FAILURE);
*result = kom_info;
filter_aux_item_list(&result->aux_item_list,
&filtered,
ACTPERS,
ACT_P);
active_connection);
result->aux_item_list = filtered;
return OK;
}
......@@ -135,7 +135,7 @@ set_info(Info *info)
Success tmp;
CHK_LOGIN(FAILURE);
if ( !ENA(admin, 1) )
if ( !ENA(admin, 1) ) /* OK -- in an RPC call */
{
err_stat = 0;
kom_errno = KOM_PERM;
......@@ -174,7 +174,7 @@ set_motd_of_lyskom (Text_no motd)
CHK_LOGIN(FAILURE);
if ( !ENA(admin, 1) )
if ( !ENA(admin, 1) ) /* OK -- In an RPC call */
{
err_stat = 0;
kom_errno = KOM_PERM;
......@@ -250,6 +250,7 @@ send_message (Conf_no recipient,
unsigned short ix;
Success retval;
CHK_CONNECTION(FAILURE);
CHK_LOGIN(FAILURE);
/* Check that the message is not too long */
......@@ -269,7 +270,7 @@ send_message (Conf_no recipient,
/* Check that the conference is not secret */
if (access_perm(recipient, conf_c, ACTPERS, ACT_P) <= none)
if (access_perm(recipient, conf_c, active_connection) <= none)
{
err_stat = recipient;
kom_errno = KOM_UNDEF_CONF;
......@@ -296,7 +297,7 @@ send_message (Conf_no recipient,
recipient,
ACTPERS,
message,
ENA(admin, 1)) == OK)
ENA(admin, 1)) == OK)
{
retval = OK;
}
......@@ -323,7 +324,7 @@ sync_kom (void)
if (!param.permissive_sync)
{
CHK_LOGIN(FAILURE);
if ( !ENA(admin, 1) )
if ( !ENA(admin, 1) ) /* OK -- In an RPC call */
{
err_stat = 0;
kom_errno = KOM_PERM;
......@@ -346,8 +347,9 @@ shutdown_kom (int UNUSED(exit_val))
char *user;
char *host;
CHK_CONNECTION(FAILURE);
CHK_LOGIN(FAILURE);
if ( !ENA(admin, 1) )
if ( !ENA(admin, 1) ) /* OK -- In an RPC call */
{
err_stat = 0;
kom_errno = KOM_PERM;
......@@ -358,7 +360,7 @@ shutdown_kom (int UNUSED(exit_val))
user = s_crea_c_str (active_connection->ident_user);
host = s_crea_c_str (active_connection->hostname);
kom_log("shutdown initiated by person %d (%s) via %s@%s.\n",
ACTPERS, name, user, host);
ACTPERS, name, user, host);
string_free(host);
string_free(user);
string_free(name);
......@@ -371,6 +373,7 @@ extern Success
modify_server_info(Number_list *items_to_delete,
Aux_item_list *items_to_add)
{
CHK_CONNECTION(FAILURE);
CHK_LOGIN(FAILURE);
if (items_to_delete->length > param.max_delete_aux)
......@@ -387,7 +390,7 @@ modify_server_info(Number_list *items_to_delete,
return FAILURE;
}
if ( !ENA(admin, 1) )
if ( !ENA(admin, 1) ) /* OK -- in an RPC call */
{
err_stat = 0;
kom_errno = KOM_PERM;
......@@ -423,6 +426,7 @@ modify_server_info(Number_list *items_to_delete,
extern Success
get_collate_table (String * result)
{
CHK_CONNECTION(FAILURE);
result->string = DEFAULT_COLLAT_TAB;
result->len = COLLAT_TAB_SIZE;
return OK;
......
%{
/*
* $Id: aux-item-def-parse.y,v 1.8 1999/05/24 09:34:18 ceder Exp $
* $Id: aux-item-def-parse.y,v 1.9 1999/05/31 12:17:02 byers Exp $
* Copyright (C) 1994-1996, 1999 Lysator Academic Computer Association.
*
* This file is part of the LysKOM server.
......@@ -83,8 +83,12 @@
# include <stdarg.h>
#endif
#include <malloc.h>
#include <setjmp.h>
#include "kom-types.h"
#include "com.h"
#include "async.h"
#include "connections.h"
#include "aux-items.h"
#include "s-string.h"
#include "server/smalloc.h"
......
/*
* $Id: aux-items.c,v 1.14 1999/05/24 09:34:18 ceder Exp $
* $Id: aux-items.c,v 1.15 1999/05/31 12:17:03 byers Exp $
* Copyright (C) 1994-1999 Lysator Academic Computer Association.
*
* This file is part of the LysKOM server.
......@@ -39,13 +39,13 @@
#include <assert.h>
#include "kom-types.h"
#include "com.h"
#include "async.h"
#include "connections.h"
#include "manipulate.h"
#include "aux-items.h"
#include "kom-errno.h"
#include "kom-memory.h"
#include "async.h"
#include "com.h"
#include "connections.h"
#include "server/smalloc.h"
#include "cache.h"
#include "s-string.h"
......@@ -1101,7 +1101,7 @@ aux_item_add_perm(Aux_item *item,
owner_check &&
object_creator != item_creator &&
!is_strictly_supervisor(object_creator, NULL, item_creator, NULL) &&
!(item_creator == ACTPERS && ENA(wheel, 8)))
!(item_creator == ACTPERS && ENA(wheel, 8))) /* NOT OK! */
{
kom_errno = KOM_AUX_PERM;
return FALSE;
......@@ -1110,7 +1110,7 @@ aux_item_add_perm(Aux_item *item,
if (def->supervisor_only &&
owner_check &&
!is_strictly_supervisor(object_creator, NULL, item_creator, NULL) &&
!(item_creator == ACTPERS && ENA(wheel,8)))
!(item_creator == ACTPERS && ENA(wheel,8))) /* NOT OK! */
{
kom_errno = KOM_AUX_PERM;
return FALSE;
......@@ -1272,11 +1272,12 @@ aux_inherit_items(Aux_item_list *target,
void
filter_aux_item_list(Aux_item_list *original,
Aux_item_list *result,
Pers_no viewer,
Person *viewer_p)
Connection *viewer_conn)
{
Aux_item *orig_aux;
unsigned long from, to;
/* Pers_no viewer;
Person *viewer_p;*/
result->items = tmp_alloc(original->length * sizeof (Aux_item));
result->length = 0;
......@@ -1286,15 +1287,17 @@ filter_aux_item_list(Aux_item_list *original,
{
orig_aux = &original->items[from];
if ( orig_aux->flags.secret &&
!is_supervisor(orig_aux->creator,NULL, viewer, viewer_p) &&
!ENA(admin, 4) )
!is_supervisor(orig_aux->creator, NULL,
viewer_conn->pers_no, viewer_conn->person) &&
!ENA_C(viewer_conn, admin, 4))
continue;
result->items[to] = *orig_aux;
if (orig_aux->flags.hide_creator &&
!is_supervisor(orig_aux->creator,NULL, viewer, viewer_p) &&
!ENA(admin, 4) )
!is_supervisor(orig_aux->creator, NULL,
viewer_conn->pers_no, viewer_conn->person) &&
!ENA_C(viewer_conn, admin, 4))
result->items[to].creator = 0;
result->length += 1;
......@@ -1339,10 +1342,10 @@ check_delete_aux_item_list(Number_list *items_to_delete,
def = find_aux_item_definition(item);
if ((def == NULL) ||
(def->may_not_delete) ||
(item->creator == 0 && !ENA(wheel, 8)) ||
(item->creator != ACTPERS &&
!is_supervisor(item->creator, NULL, ACTPERS, NULL) &&
!ENA(wheel,8)))
(item->creator == 0 && !ENA(wheel, 8)) || /* NOT OK! */
(item->creator != ACTPERS && /* NOT OK! */
!is_supervisor(item->creator, NULL, ACTPERS, NULL) && /* NOT OK! */
!ENA(wheel,8))) /* NOT OK! */
{
kom_errno = KOM_AUX_PERM;
err_stat = i;
......
/*
* $Id: aux-items.h,v 1.11 1999/05/24 09:34:19 ceder Exp $
* $Id: aux-items.h,v 1.12 1999/05/31 12:17:04 byers Exp $
* Copyright (C) 1994-1999 Lysator Academic Computer Association.
*
* This file is part of the LysKOM server.
......@@ -223,8 +223,7 @@ Aux_item *find_aux_item(Aux_item_list *list, unsigned long aux_no);
void filter_aux_item_list(Aux_item_list *original,
Aux_item_list *result,
Pers_no viewer,
Person *viewer_p);
Connection *conn);
/* delete items_to_delete from list_to_delete_from
......
/*
* $Id: conference.c,v 0.50 1999/05/24 09:34:21 ceder Exp $
* $Id: conference.c,v 0.51 1999/05/31 12:17:05 byers Exp $
* Copyright (C) 1991-1999 Lysator Academic Computer Association.
*
* This file is part of the LysKOM server.
......@@ -35,7 +35,7 @@
static const char *
rcsid = "$Id: conference.c,v 0.50 1999/05/24 09:34:21 ceder Exp $";
rcsid = "$Id: conference.c,v 0.51 1999/05/31 12:17:05 byers Exp $";
#include "rcs.h"
USE(rcsid);
......@@ -56,13 +56,13 @@ USE(rcsid);
#include "cache.h"
#include "misc-types.h"
#include "s-collat-tabs.h"
#include "com.h"
#include "async.h"
#include "connections.h"
#include "manipulate.h"
#include "server/smalloc.h"
#include "kom-config.h"
#include "parser.h"
#include "com.h"
#include "async.h"
#include "connections.h"
#include "internal-connections.h"
#include "kom-errno.h"
#include "lyskomd.h"
......@@ -388,10 +388,11 @@ change_name (Conf_no conf_no,
Conference * conf_c;
Access acc;
CHK_CONNECTION(FAILURE);
CHK_LOGIN(FAILURE);
GET_C_STAT(conf_c, conf_no, FAILURE);
acc = access_perm (conf_no, conf_c, ACTPERS, ACT_P);
acc = access_perm (conf_no, conf_c, active_connection);
if ( acc <= none )
{
......@@ -401,7 +402,7 @@ change_name (Conf_no conf_no,
}
if ( !ACT_P->privileges.change_name
|| (acc != unlimited && !ENA(admin, 3)))
|| (acc != unlimited && !ENA(admin, 3))) /* OK -- In an RPC call */
{
err_stat = conf_no;
kom_errno = KOM_PERM;
......@@ -452,10 +453,11 @@ create_conf_generic(const String name,
{
Conf_no conf_no;
CHK_CONNECTION(0);
CHK_LOGIN(0);
if (param.anyone_can_create_new_confs == FALSE
&& !HAVE_PRIV(create_conf) )
&& !HAVE_PRIV(ACT_P, create_conf))
{
err_stat = 0;
kom_errno = KOM_PERM;
......@@ -556,10 +558,11 @@ delete_conf (Conf_no conf_no )
Conference * conf_c;
Access acc;
CHK_CONNECTION(FAILURE);
CHK_LOGIN(FAILURE);
GET_C_STAT(conf_c, conf_no, FAILURE);
acc = access_perm (conf_no, conf_c, ACTPERS, ACT_P);
acc = access_perm (conf_no, conf_c, active_connection);
if ( acc != unlimited )
{
......@@ -598,6 +601,7 @@ lookup_name (const String name,
Conf_type * type, *type_copy;
int i;
CHK_CONNECTION(FAILURE);
if ( cached_lookup_name( name, result ) != OK )
return FAILURE;
......@@ -606,7 +610,7 @@ lookup_name (const String name,
for ( i = result->no_of_conf_nos; i > 0; i-- )
{
if ( fast_access_perm (*no, ACTPERS, ACT_P) <= none )
if ( fast_access_perm (*no, active_connection) <= none )
--result->no_of_conf_nos;
else
{
......@@ -633,6 +637,7 @@ lookup_z_name (const String name,
int n_filtered;
Conf_list_old raw_matches;
CHK_CONNECTION(FAILURE);
if (cached_lookup_name(name, &raw_matches) != OK)
return FAILURE;
......@@ -645,7 +650,7 @@ lookup_z_name (const String name,
restart_kom("Internal error detected in lookup_z_name");
if ((type->letter_box ? want_persons : want_confs) == 0
|| fast_access_perm(*no, ACTPERS, ACT_P) <= none)
|| fast_access_perm(*no, active_connection) <= none)
{
*no = 0;
n_filtered--;
......@@ -680,7 +685,8 @@ lookup_z_name (const String name,
}
static Success
do_lookup (const String name,
do_lookup (Connection *conn,
const String name,
Conf_no_list * result,
Bool want_persons)
{
......@@ -718,8 +724,7 @@ do_lookup (const String name,
for (i = 0; i < raw_match.no_of_conf_nos; i++)
{
if (raw_match.type_of_conf[i].letter_box == want_persons
&& fast_access_perm (raw_match.conf_nos[i],
ACTPERS, ACT_P) > none )
&& fast_access_perm (raw_match.conf_nos[i], conn) > none )
{
result->conf_nos[result->no_of_confs++] = raw_match.conf_nos[i];
if (result->no_of_confs > retsize)
......@@ -734,14 +739,16 @@ extern Success
lookup_person (const String pattern,
Conf_no_list *result)
{
return do_lookup(pattern, result, TRUE);
CHK_CONNECTION(FAILURE);
return do_lookup(active_connection, pattern, result, TRUE);
}
extern Success
lookup_conf (const String pattern,
Conf_no_list *result)
{
return do_lookup(pattern, result, FALSE);
CHK_CONNECTION(FAILURE);
return do_lookup(active_connection, pattern, result, FALSE);
}
......@@ -756,12 +763,12 @@ get_conf_stat(Conf_no conf_no,
{
Aux_item_list filtered;
CHK_CONNECTION(FAILURE);
if (get_conf_stat_old(conf_no, result) == OK)
{
filter_aux_item_list(&result->aux_item_list,
&filtered,
ACTPERS,
ACT_P);
active_connection);
result->aux_item_list = filtered;
return OK;
}
......@@ -776,9 +783,10 @@ get_conf_stat_old (Conf_no conf_no,
Conference * conf_c;
Access acc;
CHK_CONNECTION(FAILURE);
GET_C_STAT(conf_c, conf_no, FAILURE);
acc = access_perm (conf_no, conf_c, ACTPERS, ACT_P);
acc = access_perm (conf_no, conf_c, active_connection);
if ( acc == error )
return FAILURE;
......@@ -809,9 +817,10 @@ get_uconf_stat (Conf_no conf_no,
Access acc;
Small_conf * conf_c;
CHK_CONNECTION(FAILURE);
conf_c = cached_get_small_conf_stat(conf_no);
if (conf_c != NULL)
acc = fast_access_perm (conf_no, ACTPERS, ACT_P);
acc = fast_access_perm (conf_no, active_connection);
else
acc = error;
......@@ -837,9 +846,10 @@ get_conf_stat_older (Conf_no conf_no,
Conference * conf_c;
Access acc;
CHK_CONNECTION(FAILURE);
GET_C_STAT(conf_c, conf_no, FAILURE);
acc = access_perm (conf_no, conf_c, ACTPERS, ACT_P);
acc = access_perm (conf_no, conf_c, active_connection);
if ( acc == error )
return FAILURE;
......@@ -888,10 +898,11 @@ set_presentation (Conf_no conf_no,
Conference * conf_c;
Access acc;
CHK_CONNECTION(FAILURE);
CHK_LOGIN(FAILURE);
GET_C_STAT(conf_c, conf_no, FAILURE);
acc = access_perm(conf_no, conf_c, ACTPERS, ACT_P);
acc = access_perm(conf_no, conf_c, active_connection);
if ( acc < unlimited )
{
......@@ -919,10 +930,11 @@ set_etc_motd( Conf_no conf_no,
Conference * conf_c;
Access acc;
CHK_CONNECTION(FAILURE);
CHK_LOGIN(FAILURE);
GET_C_STAT(conf_c, conf_no, FAILURE);
if ( (acc = access_perm(conf_no, conf_c, ACTPERS, ACT_P)) < unlimited )
if ( (acc = access_perm(conf_no, conf_c, active_connection)) < unlimited )
{
err_stat = conf_no;
kom_errno = (acc <= none ) ? KOM_UNDEF_CONF : KOM_PERM;
......@@ -950,14 +962,15 @@ set_supervisor( Conf_no conf_no,
{
Conference * conf_c;
CHK_CONNECTION(FAILURE);
CHK_LOGIN(FAILURE);
GET_C_STAT(conf_c, conf_no, FAILURE);
if (new_super != 0)
CHK_EXIST(new_super, FAILURE);
if ( !is_strictly_supervisor(conf_no, conf_c, ACTPERS, ACT_P) &&
!ENA(wheel, 8) &&
!ENA(admin, 6) )
!ENA(wheel, 8) && /* OK -- in an RPC call */
!ENA(admin, 6) ) /* OK -- in an RPC call */
{