INN commit: trunk/nnrpd (article.c)
INN Commit
Russ_Allbery at isc.org
Sat Dec 6 08:34:36 UTC 2008
Date: Saturday, December 6, 2008 @ 00:34:35
Author: iulius
Revision: 8209
The check for an invalid newsgroup after successful authentication
should be done only if articles are requested by message-IDs.
Modified:
trunk/nnrpd/article.c
-----------+
article.c | 25 +++++++++++++++----------
1 file changed, 15 insertions(+), 10 deletions(-)
Modified: article.c
===================================================================
--- article.c 2008-12-05 23:29:45 UTC (rev 8208)
+++ article.c 2008-12-06 08:34:35 UTC (rev 8209)
@@ -590,12 +590,14 @@
{
char buff[SMBUF];
SENDDATA *what;
- bool ok;
+ bool mid, ok;
ARTNUM art;
char *msgid;
ARTNUM tart;
- bool final = false;
+ bool final = false;
+ mid = (ac > 1 && IsValidMessageID(av[1]));
+
/* Check the syntax of the arguments first. */
if (ac > 1 && !IsValidArticleNumber(av[1])) {
/* It is better to check for a number before a message-ID because
@@ -604,7 +606,7 @@
if (CTYPE(isdigit, av[1][0])) {
Reply("%d Syntax error in article number\r\n", NNTP_ERR_SYNTAX);
return;
- } else if (!IsValidMessageID(av[1])) {
+ } else if (!mid) {
Reply("%d Syntax error in message-ID\r\n", NNTP_ERR_SYNTAX);
return;
}
@@ -631,15 +633,16 @@
break;
}
- /* Check authorizations. */
- if (!ok || PERMgroupmadeinvalid) {
+ /* Check authorizations. If an article number is requested
+ * (not a message-ID), we check whether the group is still readable. */
+ if (!ok || (!mid && PERMgroupmadeinvalid)) {
Reply("%d Read access denied\r\n",
PERMcanauthenticate ? NNTP_FAIL_AUTH_NEEDED : NNTP_ERR_ACCESS);
return;
}
/* Requesting by message-ID? */
- if (ac == 2 && av[1][0] == '<') {
+ if (mid) {
if (!ARTopenbyid(av[1], &art, final)) {
Reply("%d No such article\r\n", NNTP_FAIL_NOTFOUND);
return;
@@ -908,8 +911,9 @@
}
}
- /* Check authorizations. */
- if (!PERMcanread || PERMgroupmadeinvalid) {
+ /* Check authorizations. If a range is requested (not a message-ID),
+ * we check whether the group is still readable. */
+ if (!PERMcanread || (!mid && PERMgroupmadeinvalid)) {
Reply("%d Read access denied\r\n",
PERMcanauthenticate ? NNTP_FAIL_AUTH_NEEDED : NNTP_ERR_ACCESS);
return;
@@ -1133,8 +1137,9 @@
}
}
- /* Check authorizations. */
- if (!PERMcanread || PERMgroupmadeinvalid) {
+ /* Check authorizations. If a range is requested (not a message-ID),
+ * we check whether the group is still readable. */
+ if (!PERMcanread || (!mid && PERMgroupmadeinvalid)) {
Reply("%d Read access denied\r\n",
PERMcanauthenticate ? NNTP_FAIL_AUTH_NEEDED : NNTP_ERR_ACCESS);
return;
More information about the inn-committers
mailing list