Re: [hylafax-users] JobPermission and received faxes

To: Lee Howard <faxguy@xxxxxxxxxxxxxxxx>, Giuseppe Sacco <giuseppe@xxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [hylafax-users] JobPermission and received faxes
From: Aidan Van Dyk <aidan@xxxxxxxx>
Cc: hylafax-users@xxxxxxxxxxx
Date: Mon, 22 Oct 2007 11:47:35 -0400

* Lee Howard <faxguy@xxxxxxxxxxxxxxxx> [071022 11:15]:
> Giuseppe Sacco wrote:
> 
> >Is there any parameter, like JobPermission, that filter all incoming
> >faxes I mean: is there a way to make sure a user may not list incoming
> >faxes?
> >
> 
> In HylaFAX+ there is the new "RecvqProtection" hfaxd configuration 
> parameter which allows it similar functionality for the receive queue as 
> JobPermission does for the outbound queues.  It requires that 
> FaxDispatch (or faxrcvd or whatever)  use chown/chgrp to set the gid on 
> the file equivalent to the hfaxd-uid of the user.

Is there any reason JobProtection wasn't extended to cover both (and
maybe renamed to QueueProtection with a JobProtection alias)?  I can't
see a situation where an administrator would be concerned that a user
can know jobs are in the queue, but not faxes, or vice versa?

Something like the following simple patch (without docs/compat):


diff --git a/hfaxd/HylaFAXServer.c++ b/hfaxd/HylaFAXServer.c++
index aa514b4..481e02f 100644
--- a/hfaxd/HylaFAXServer.c++
+++ b/hfaxd/HylaFAXServer.c++
@@ -626,7 +626,7 @@ HylaFAXServer::numbertag HylaFAXServer::numbers[] = {
 { "maxloginattempts",	&HylaFAXServer::maxLoginAttempts,	5 },
 { "maxadminattempts",	&HylaFAXServer::maxAdminAttempts,	5 },
 { "maxconsecutivebadcmds",&HylaFAXServer::maxConsecutiveBadCmds,10 },
-{ "jobprotection",	&HylaFAXServer::jobProtection,		0444 },
+{ "queueprotection",	&HylaFAXServer::queueProtection,		0444 },
 };
 
 void
diff --git a/hfaxd/HylaFAXServer.h b/hfaxd/HylaFAXServer.h
index 9f4b230..9147201 100644
--- a/hfaxd/HylaFAXServer.h
+++ b/hfaxd/HylaFAXServer.h
@@ -205,7 +205,7 @@ protected:
     time_t	lastTime;		// time of last shutdown notification
     time_t	discTime;		// time to disconnect service
     time_t	denyTime;		// time to deny service
-    u_int	jobProtection;		// Protection to use on Jobs
+    u_int	queueProtection;	// Protection to use on queues
     /*
      * User authentication and login-related state.
      */
@@ -613,4 +613,11 @@ struct SpoolDir {
 
 #define	IS(x)	((state & (S_##x)) != 0)
 
+/*
+ * Job permision bits - mapped from the UNIX stat mode 
+ */
+#define	A_READ	 004
+#define	A_WRITE	 002
+#define	A_MODIFY 001
+
 #endif /* _HylaFAXServer_ */
diff --git a/hfaxd/Jobs.c++ b/hfaxd/Jobs.c++
index 843eec1..1818a38 100644
--- a/hfaxd/Jobs.c++
+++ b/hfaxd/Jobs.c++
@@ -93,10 +93,6 @@ fxIMPLEMENT_StrKeyPtrValueDictionary(JobDict, Job*)
 #define	A_WOTH	0002	// abitrary write permission: other
 #define	A_MOTH	0001	// restricted write permission: other
 
-#define	A_READ	 004
-#define	A_WRITE	 002
-#define	A_MODIFY 001
-
 #define	N(a)		(sizeof (a) / sizeof (a[0]))
 
 static const struct {
@@ -180,7 +176,7 @@ HylaFAXServer::checkAccess(const Job& job, Token t, u_int op)
 {
     u_int m = 0;
     if (t == T_JOB) {
-    	m = jobProtection;
+    	m = queueProtection;
     } else {
 	u_int n = N(params)-1;
 	u_int i = 0;
diff --git a/hfaxd/RecvQueue.c++ b/hfaxd/RecvQueue.c++
index 8c542c1..dc064e9 100644
--- a/hfaxd/RecvQueue.c++
+++ b/hfaxd/RecvQueue.c++
@@ -210,9 +210,19 @@ HylaFAXServer::getRecvDocStatus(RecvInfo& ri)
 }
 
 bool
-HylaFAXServer::isVisibleRecvQFile(const char* filename, const struct stat&)
+HylaFAXServer::isVisibleRecvQFile(const char* filename, const struct stat& sb)
 {
-    return (strncmp(filename, "fax", 3) == 0);
+    u_int m = queueProtection;
+    if (strncmp(filename, "fax", 3) == 0)
+    {
+	if (m & A_READ)
+	    return true;
+	if (IS(PRIVILEGED) && ((m>>3)&A_READ))	// administrative access
+	    return true;
+	if ( (sb.st_gid == uid) &&  ((m>>6) & A_READ))
+	    return true;
+    }
+    return false;
 }
 
 RecvInfo*
@@ -251,11 +261,12 @@ HylaFAXServer::listRecvQ(FILE* fd, const SpoolDir& sd, DIR* dir)
     struct dirent* dp;
     while ((dp = readdir(dir))) {
 	struct stat sb;
-	if (!isVisibleRecvQFile(dp->d_name, sb))
-	    continue;
 	fxStr qfile(path | dp->d_name);
-	RecvInfo* rip;
-	if (FileCache::update(qfile, sb) && (rip = getRecvInfo(qfile, sb))) {
+	if ( ! (FileCache::update(qfile, sb) &&
+		    isVisibleRecvQFile(dp->d_name, sb)) )
+	    continue;
+	RecvInfo* rip = getRecvInfo(qfile, sb);
+	if (rip) {
 	    Rprintf(fd, recvFormat, *rip, sb);
 	    fputs("\r\n", fd);
 	}

a.

-- 
Aidan Van Dyk                                             aidan@xxxxxxxx
Senior Software Developer                          +1 215 825-8700 x8103
iFAX Solutions, Inc.                                http://www.ifax.com/


____________________ HylaFAX(tm) Users Mailing List _______________________
  To subscribe/unsubscribe, click http://lists.hylafax.org/cgi-bin/lsg2.cgi
 On UNIX: mail -s unsubscribe hylafax-users-request@xxxxxxxxxxx < /dev/null
  *To learn about commercial HylaFAX(tm) support, mail sales@xxxxxxxxx*

Follow-Ups:
- Re: [hylafax-users] JobPermission and received faxes
  - From: Lee Howard

References:
- [hylafax-users] JobPermission and received faxes
  - From: Giuseppe Sacco
- Re: [hylafax-users] JobPermission and received faxes
  - From: Lee Howard

Prev by Date: Re: [hylafax-users] Hylafax Mail Headers
Next by Date: Re: [hylafax-users] Text => Postscript converson in faxmail
Previous by thread: Re: [hylafax-users] JobPermission and received faxes
Next by thread: Re: [hylafax-users] JobPermission and received faxes
Index(es):
- Main
- Thread

Project hosted by iFAX Solutions