hfaxd: Adds PrivateJobQ setting to allow for jobq protection

This brings sendq/doneq access settings in line with all the other access
checks in HylaFAX, but only if PrivateJobQ is set.

This allows the admin to control access to jobs to users, and groups of users
based on their uid (and the job qfile's gid, set from the creating users uid)

diff --git a/hfaxd/HylaFAXServer.c++ b/hfaxd/HylaFAXServer.c++
index b868664092308f8bfdb2c1de9c59595642f5de88..e1a37d619f13a54494c8370f1fa33d281e5afd67 100644 (file)
--- a/hfaxd/HylaFAXServer.c++
+++ b/hfaxd/HylaFAXServer.c++
@@ -651,6 +651,7 @@ HylaFAXServer::numbertag HylaFAXServer::numbers[] = {
 };
 HylaFAXServer::booltag HylaFAXServer::booleans[] = {
 { "allowsorting",      &HylaFAXServer::allowSorting,           true },
+{ "publicjobq",                &HylaFAXServer::publicJobQ,             false },
 };
 
 void

diff --git a/hfaxd/HylaFAXServer.h b/hfaxd/HylaFAXServer.h
index 979893b3a50a47ad17145af2a499e88190bae7bb..723bf713f9301ea9148d3ecb5cf83dbb1948df7c 100644 (file)
--- a/hfaxd/HylaFAXServer.h
+++ b/hfaxd/HylaFAXServer.h
@@ -233,6 +233,7 @@ protected:
     time_t     discTime;               // time to disconnect service
     time_t     denyTime;               // time to deny service
     u_int      jobProtection;          // Protection to use on Jobs
+    bool       publicJobQ;             // Public/protection on recvq?
     bool       allowSorting;           // Allow client to make us sort
     /*
      * User authentication and login-related state.

diff --git a/hfaxd/Jobs.c++ b/hfaxd/Jobs.c++
index aad321424884b9767f1babd5089863341e008b64..d9024af0f231dadb7ea23dc4a610f9bad8b610d0 100644 (file)
--- a/hfaxd/Jobs.c++
+++ b/hfaxd/Jobs.c++
@@ -1076,7 +1076,11 @@ HylaFAXServer::findJobOnDisk(const char* jid, fxStr& emsg)
        bool reject;
        if (req->readQFile(reject) && !reject) {
            Sys::close(req->fd), req->fd = -1;
-           if (checkAccess(*req, T_JOB, A_READ) )
+           if (publicJobQ)
+               return (req);
+           if (req->owner == the_user)
+               return (req);
+           if (checkFileRights(A_READ, sb) )
                return (req);
            emsg = "Permission denied";
            delete req;
@@ -1655,12 +1659,12 @@ HylaFAXServer::addPollOp(Job& job, const char* sep, const char* pwd)
  */
 
 bool
-HylaFAXServer::isVisibleSendQFile(const char* filename, const struct stat&)
+HylaFAXServer::isVisibleSendQFile(const char* filename, const struct stat& sb)
 {
     if (filename[0] == 'q') {
        fxStr emsg;
        Job* job = findJob(&filename[1], emsg);
-       if (job && checkAccess(*job, T_JOB, A_READ))
+       if (job && checkFileRights(R_OK, sb) )
            return true;
     }
     return false;