INN commit: trunk/nnrpd (article.c)

INN Commit Russ_Allbery at isc.org
Sat Dec 6 08:34:36 UTC 2008


    Date: Saturday, December 6, 2008 @ 00:34:35
  Author: iulius
Revision: 8209

The check for an invalid newsgroup after successful authentication
should be done only if articles are requested by message-IDs.

Modified:
  trunk/nnrpd/article.c

-----------+
 article.c |   25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

Modified: article.c
===================================================================
--- article.c	2008-12-05 23:29:45 UTC (rev 8208)
+++ article.c	2008-12-06 08:34:35 UTC (rev 8209)
@@ -590,12 +590,14 @@
 {
     char		buff[SMBUF];
     SENDDATA		*what;
-    bool		ok;
+    bool                mid, ok;
     ARTNUM		art;
     char		*msgid;
     ARTNUM		tart;
-    bool final = false;
+    bool                final = false;
 
+    mid = (ac > 1 && IsValidMessageID(av[1]));
+
     /* Check the syntax of the arguments first. */
     if (ac > 1 && !IsValidArticleNumber(av[1])) {
         /* It is better to check for a number before a message-ID because
@@ -604,7 +606,7 @@
         if (CTYPE(isdigit, av[1][0])) {
             Reply("%d Syntax error in article number\r\n", NNTP_ERR_SYNTAX);
             return;
-        } else if (!IsValidMessageID(av[1])) {
+        } else if (!mid) {
             Reply("%d Syntax error in message-ID\r\n", NNTP_ERR_SYNTAX);
             return;
         }
@@ -631,15 +633,16 @@
 	break;
     }
 
-    /* Check authorizations. */
-    if (!ok || PERMgroupmadeinvalid) {
+    /* Check authorizations.  If an article number is requested
+     * (not a message-ID), we check whether the group is still readable. */
+    if (!ok || (!mid && PERMgroupmadeinvalid)) {
 	Reply("%d Read access denied\r\n",
               PERMcanauthenticate ? NNTP_FAIL_AUTH_NEEDED : NNTP_ERR_ACCESS);
 	return;
     }
 
     /* Requesting by message-ID? */
-    if (ac == 2 && av[1][0] == '<') {
+    if (mid) {
 	if (!ARTopenbyid(av[1], &art, final)) {
 	    Reply("%d No such article\r\n", NNTP_FAIL_NOTFOUND);
 	    return;
@@ -908,8 +911,9 @@
         }   
     }
 
-    /* Check authorizations. */
-    if (!PERMcanread || PERMgroupmadeinvalid) {
+    /* Check authorizations.  If a range is requested (not a message-ID),
+     * we check whether the group is still readable. */
+    if (!PERMcanread || (!mid && PERMgroupmadeinvalid)) {
 	Reply("%d Read access denied\r\n",
               PERMcanauthenticate ? NNTP_FAIL_AUTH_NEEDED : NNTP_ERR_ACCESS);
 	return;
@@ -1133,8 +1137,9 @@
         }
     }
 
-    /* Check authorizations. */
-    if (!PERMcanread || PERMgroupmadeinvalid) {
+    /* Check authorizations.  If a range is requested (not a message-ID),
+     * we check whether the group is still readable. */
+    if (!PERMcanread || (!mid && PERMgroupmadeinvalid)) {
         Reply("%d Read access denied\r\n",
               PERMcanauthenticate ? NNTP_FAIL_AUTH_NEEDED : NNTP_ERR_ACCESS);
         return;




More information about the inn-committers mailing list