* Inputs: argv[0] - list_id
* q - query name
* argv[2] - member ID (only for queries "amtl" and "dmfl")
- * cl - client name
+ * argv[7] - group IID (only for query "ulis")
+ * cl - client name
*
* - check that client is a member of the access control list
* - OR, if the query is add_member_to_list or delete_member_from_list
char *argv[];
client *cl;
##{
-## int list_id, acl_id, flags, rowcount;
+## int list_id, acl_id, flags, rowcount, gid;
## char acl_type[9];
char *client_type;
int client_id, status;
list_id = *(int *)argv[0];
## repeat retrieve (acl_id = list.#acl_id, acl_type = list.#acl_type,
-## flags = list.#public)
+## gid = list.#gid, flags = list.#public)
## where list.#list_id = @list_id
## inquire_equel(rowcount = "rowcount")
if (rowcount != 1)
if ((!strcmp("amtl", q->shortname) || !strcmp("dmfl", q->shortname)) &&
(flags && !strcmp("USER", argv[1]))) {
if (*(int *)argv[2] == client_id) return(SMS_SUCCESS);
+ /* if update_list, don't allow them to change the GID */
+ } else if (!strcmp("ulis", q->shortname)) {
+ if ((!strcmp(argv[7], UNIQUE_GID) && (gid != -1)) ||
+ (strcmp(argv[7], UNIQUE_GID) && (gid != atoi(argv[7]))))
+ return(SMS_PERM);
}
/* check for client in access control list */
return(access_visible_list(q, &argv[1], cl));
if (!strcmp(argv[0], "USER") || !strcmp(argv[0], "RUSER")) {
- if (!strcmp(cl->kname.name, argv[1]))
+ if (cl->users_id == *(int *)argv[1])
return(SMS_SUCCESS);
}