"encoding/binary"
"errors"
"fmt"
- "gopkg.in/yaml.v2"
+ "gopkg.in/yaml.v3"
"io/ioutil"
"math/big"
"os"
Name: "tranNotifyDeleteUser",
},
tranAgreed: {
+ Access: accessAlwaysAllow,
Name: "tranAgreed",
Handler: HandleTranAgreed,
},
tranChatSend: {
+ Access: accessAlwaysAllow,
Handler: HandleChatSend,
Name: "tranChatSend",
RequiredFields: []requiredField{
Handler: HandleDelNewsArt,
},
tranDelNewsItem: {
+ Access: accessAlwaysAllow, // Granular access enforced inside the handler
// Has multiple access flags: News Delete Folder (37) or News Delete Category (35)
// TODO: Implement inside the handler
Name: "tranDelNewsItem",
Handler: HandleDelNewsItem,
},
tranDeleteFile: {
+ Access: accessAlwaysAllow, // Granular access enforced inside the handler
Name: "tranDeleteFile",
Handler: HandleDeleteFile,
},
tranDeleteUser: {
+ Access: accessAlwaysAllow,
Name: "tranDeleteUser",
Handler: HandleDeleteUser,
},
Handler: HandleDisconnectUser,
},
tranDownloadFile: {
- Access: accessDownloadFile,
- DenyMsg: "You are not allowed to download files.",
+ Access: accessAlwaysAllow,
Name: "tranDownloadFile",
Handler: HandleDownloadFile,
},
Handler: HandleGetClientConnInfoText,
},
tranGetFileInfo: {
+ Access: accessAlwaysAllow,
Name: "tranGetFileInfo",
Handler: HandleGetFileInfo,
},
tranGetFileNameList: {
+ Access: accessAlwaysAllow,
Name: "tranGetFileNameList",
Handler: HandleGetFileNameList,
},
tranGetMsgs: {
- Access: accessNewsReadArt,
- DenyMsg: "You are not allowed to read news.",
+ Access: accessAlwaysAllow,
Name: "tranGetMsgs",
Handler: HandleGetMsgs,
},
Handler: HandleGetNewsCatNameList,
},
tranGetUser: {
- DenyMsg: "You are not allowed to view accounts.",
+ Access: accessAlwaysAllow,
Name: "tranGetUser",
Handler: HandleGetUser,
},
tranGetUserNameList: {
+ Access: accessAlwaysAllow,
Name: "tranHandleGetUserNameList",
Handler: HandleGetUserNameList,
},
Handler: HandleInviteToChat,
},
tranJoinChat: {
+ Access: accessAlwaysAllow,
Name: "tranJoinChat",
Handler: HandleJoinChat,
},
tranKeepAlive: {
+ Access: accessAlwaysAllow,
Name: "tranKeepAlive",
Handler: HandleKeepAlive,
},
tranLeaveChat: {
+ Access: accessAlwaysAllow,
Name: "tranJoinChat",
Handler: HandleLeaveChat,
},
-
tranListUsers: {
- Access: accessOpenUser,
- DenyMsg: "You are not allowed to view accounts.",
+ Access: accessAlwaysAllow,
Name: "tranListUsers",
Handler: HandleListUsers,
},
Handler: HandleNewNewsFldr,
},
tranNewUser: {
- Access: accessCreateUser,
- DenyMsg: "You are not allowed to create new accounts.",
+ Access: accessAlwaysAllow,
Name: "tranNewUser",
Handler: HandleNewUser,
},
+ tranUpdateUser: {
+ Access: accessAlwaysAllow,
+ Name: "tranUpdateUser",
+ Handler: HandleUpdateUser,
+ },
tranOldPostNews: {
Access: accessNewsPostArt,
DenyMsg: "You are not allowed to post news.",
Handler: HandlePostNewsArt,
},
tranRejectChatInvite: {
+ Access: accessAlwaysAllow,
Name: "tranRejectChatInvite",
Handler: HandleRejectChatInvite,
},
},
},
tranSetChatSubject: {
+ Access: accessAlwaysAllow,
Name: "tranSetChatSubject",
Handler: HandleSetChatSubject,
},
tranMakeFileAlias: {
+ Access: accessAlwaysAllow,
Name: "tranMakeFileAlias",
Handler: HandleMakeAlias,
RequiredFields: []requiredField{
},
},
tranSetClientUserInfo: {
+ Access: accessAlwaysAllow,
Name: "tranSetClientUserInfo",
Handler: HandleSetClientUserInfo,
},
tranSetFileInfo: {
+ Access: accessAlwaysAllow,
Name: "tranSetFileInfo",
Handler: HandleSetFileInfo,
},
Handler: HandleSetUser,
},
tranUploadFile: {
+ Access: accessAlwaysAllow,
Name: "tranUploadFile",
Handler: HandleUploadFile,
},
tranUploadFldr: {
+ Access: accessAlwaysAllow,
Name: "tranUploadFldr",
Handler: HandleUploadFolder,
},
chatInt := binary.BigEndian.Uint32(chatID)
privChat := cc.Server.PrivateChats[chatInt]
+ clients := sortedClients(privChat.ClientConn)
+
// send the message to all connected clients of the private chat
- for _, c := range privChat.ClientConn {
+ for _, c := range clients {
res = append(res, *NewTransaction(
tranChatMsg,
c.ID,
func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
msg := t.GetField(fieldData)
ID := t.GetField(fieldUserID)
- // TODO: Implement reply quoting
- // options := transaction.GetField(hotline.fieldOptions)
- res = append(res,
- *NewTransaction(
- tranServerMsg,
- &ID.Data,
- NewField(fieldData, msg.Data),
- NewField(fieldUserName, cc.UserName),
- NewField(fieldUserID, *cc.ID),
- NewField(fieldOptions, []byte{0, 1}),
- ),
+ reply := *NewTransaction(
+ tranServerMsg,
+ &ID.Data,
+ NewField(fieldData, msg.Data),
+ NewField(fieldUserName, cc.UserName),
+ NewField(fieldUserID, *cc.ID),
+ NewField(fieldOptions, []byte{0, 1}),
)
- id, _ := byteToInt(ID.Data)
+ // Later versions of Hotline include the original message in the fieldQuotingMsg field so
+ // the receiving client can display both the received message and what it is in reply to
+ if t.GetField(fieldQuotingMsg).Data != nil {
+ reply.Fields = append(reply.Fields, NewField(fieldQuotingMsg, t.GetField(fieldQuotingMsg).Data))
+ }
+
+ res = append(res, reply)
+
+ id, _ := byteToInt(ID.Data)
otherClient := cc.Server.Clients[uint16(id)]
if otherClient == nil {
return res, errors.New("ohno")
fileName := t.GetField(fieldFileName).Data
filePath := t.GetField(fieldFilePath).Data
- ffo, err := NewFlattenedFileObject(cc.Server.Config.FileRoot, filePath, fileName)
+ ffo, err := NewFlattenedFileObject(cc.Server.Config.FileRoot, filePath, fileName, 0)
if err != nil {
return res, err
}
account.Password = hashAndSalt(t.GetField(fieldUserPassword).Data)
}
- file := cc.Server.ConfigDir + "Users/" + login + ".yaml"
out, err := yaml.Marshal(&account)
if err != nil {
return res, err
}
- if err := ioutil.WriteFile(file, out, 0666); err != nil {
+ if err := os.WriteFile(cc.Server.ConfigDir+"Users/"+login+".yaml", out, 0666); err != nil {
return res, err
}
account := cc.Server.Accounts[string(t.GetField(fieldUserLogin).Data)]
if account == nil {
- errorT := cc.NewErrReply(t, "Account does not exist.")
- res = append(res, errorT)
+ res = append(res, cc.NewErrReply(t, "Account does not exist."))
return res, err
}
}
func HandleListUsers(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+ if !authorize(cc.Account.Access, accessOpenUser) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to view accounts."))
+ return res, err
+ }
+
var userFields []Field
- // TODO: make order deterministic
for _, acc := range cc.Server.Accounts {
userField := acc.MarshalBinary()
userFields = append(userFields, NewField(fieldData, userField))
return res, err
}
+// HandleUpdateUser is used by the v1.5+ multi-user editor to perform account editing for multiple users at a time.
+// An update can be a mix of these actions:
+// * Create user
+// * Delete user
+// * Modify user (including renaming the account login)
+//
+// The Transaction sent by the client includes one data field per user that was modified. This data field in turn
+// contains another data field encoded in its payload with a varying number of sub fields depending on which action is
+// performed. This seems to be the only place in the Hotline protocol where a data field contains another data field.
+func HandleUpdateUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+ for _, field := range t.Fields {
+ subFields, err := ReadFields(field.Data[0:2], field.Data[2:])
+ if err != nil {
+ return res, err
+ }
+
+ if len(subFields) == 1 {
+ login := DecodeUserString(getField(fieldData, &subFields).Data)
+ cc.Server.Logger.Infow("DeleteUser", "login", login)
+
+ if !authorize(cc.Account.Access, accessDeleteUser) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to delete accounts."))
+ return res, err
+ }
+
+ if err := cc.Server.DeleteUser(login); err != nil {
+ return res, err
+ }
+ continue
+ }
+
+ login := DecodeUserString(getField(fieldUserLogin, &subFields).Data)
+
+ // check if the login exists; if so, we know we are updating an existing user
+ if acc, ok := cc.Server.Accounts[login]; ok {
+ cc.Server.Logger.Infow("UpdateUser", "login", login)
+
+ // account exists, so this is an update action
+ if !authorize(cc.Account.Access, accessModifyUser) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to modify accounts."))
+ return res, err
+ }
+
+ if getField(fieldUserPassword, &subFields) != nil {
+ newPass := getField(fieldUserPassword, &subFields).Data
+ acc.Password = hashAndSalt(newPass)
+ } else {
+ acc.Password = hashAndSalt([]byte(""))
+ }
+
+ if getField(fieldUserAccess, &subFields) != nil {
+ acc.Access = &getField(fieldUserAccess, &subFields).Data
+ }
+
+ err = cc.Server.UpdateUser(
+ DecodeUserString(getField(fieldData, &subFields).Data),
+ DecodeUserString(getField(fieldUserLogin, &subFields).Data),
+ string(getField(fieldUserName, &subFields).Data),
+ acc.Password,
+ *acc.Access,
+ )
+ if err != nil {
+ return res, err
+ }
+ } else {
+ cc.Server.Logger.Infow("CreateUser", "login", login)
+
+ if !authorize(cc.Account.Access, accessCreateUser) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to create new accounts."))
+ return res, err
+ }
+
+ err := cc.Server.NewUser(
+ login,
+ string(getField(fieldUserName, &subFields).Data),
+ string(getField(fieldUserPassword, &subFields).Data),
+ getField(fieldUserAccess, &subFields).Data,
+ )
+ if err != nil {
+ return []Transaction{}, err
+ }
+ }
+ }
+
+ res = append(res, cc.NewReply(t))
+ return res, err
+}
+
// HandleNewUser creates a new user account
func HandleNewUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+ if !authorize(cc.Account.Access, accessCreateUser) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to create new accounts."))
+ return res, err
+ }
+
login := DecodeUserString(t.GetField(fieldUserLogin).Data)
// If the account already exists, reply with an error
- // TODO: make order deterministic
if _, ok := cc.Server.Accounts[login]; ok {
res = append(res, cc.NewErrReply(t, "Cannot create account "+login+" because there is already an account with that login."))
return res, err
// HandleGetMsgs returns the flat news data
func HandleGetMsgs(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+ if !authorize(cc.Account.Access, accessNewsReadArt) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to read news."))
+ return res, err
+ }
+
res = append(res, cc.NewReply(t, NewField(fieldData, cc.Server.FlatNews)))
return res, err
}
func HandleDownloadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+ if !authorize(cc.Account.Access, accessDownloadFile) {
+ res = append(res, cc.NewErrReply(t, "You are not allowed to download files."))
+ return res, err
+ }
+
fileName := t.GetField(fieldFileName).Data
filePath := t.GetField(fieldFilePath).Data
+ // 2 bytes
+ // transferOptions := t.GetField(fieldFileTransferOptions).Data
+ resumeData := t.GetField(fieldFileResumeData).Data
+
+ var dataOffset int64
+ var frd FileResumeData
+ if resumeData != nil {
+ if err := frd.UnmarshalBinary(t.GetField(fieldFileResumeData).Data); err != nil {
+ return res, err
+ }
+ dataOffset = int64(binary.BigEndian.Uint32(frd.ForkInfoList[0].DataSize[:]))
+ }
+
var fp FilePath
err = fp.UnmarshalBinary(filePath)
if err != nil {
return res, err
}
- ffo, err := NewFlattenedFileObject(cc.Server.Config.FileRoot, filePath, fileName)
+ ffo, err := NewFlattenedFileObject(cc.Server.Config.FileRoot, filePath, fileName, dataOffset)
if err != nil {
return res, err
}
Type: FileDownload,
}
+ if resumeData != nil {
+ var frd FileResumeData
+ frd.UnmarshalBinary(t.GetField(fieldFileResumeData).Data)
+ ft.fileResumeData = &frd
+ }
+
cc.Server.FileTransfers[data] = ft
cc.Transfers[FileDownload] = append(cc.Transfers[FileDownload], ft)
}
// HandleUploadFile
-// Special cases:
-// * If the target directory contains "uploads" (case insensitive)
+// Fields used in the request:
+// 201 File name
+// 202 File path
+// 204 File transfer options "Optional
+// Used only to resume download, currently has value 2"
+// 108 File transfer size "Optional used if download is not resumed"
func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
if !authorize(cc.Account.Access, accessUploadFile) {
res = append(res, cc.NewErrReply(t, "You are not allowed to upload files."))
fileName := t.GetField(fieldFileName).Data
filePath := t.GetField(fieldFilePath).Data
+ transferOptions := t.GetField(fieldFileTransferOptions).Data
+
+ // TODO: is this field useful for anything?
+ // transferSize := t.GetField(fieldTransferSize).Data
+
var fp FilePath
if filePath != nil {
if err = fp.UnmarshalBinary(filePath); err != nil {
Type: FileUpload,
}
- res = append(res, cc.NewReply(t, NewField(fieldRefNum, transactionRef)))
+ replyT := cc.NewReply(t, NewField(fieldRefNum, transactionRef))
+
+ // client has requested to resume a partially transfered file
+ if transferOptions != nil {
+ fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
+ if err != nil {
+ return res, err
+ }
+
+ fileInfo, err := FS.Stat(fullFilePath + incompleteFileSuffix)
+ if err != nil {
+ return res, err
+ }
+
+ offset := make([]byte, 4)
+ binary.BigEndian.PutUint32(offset, uint32(fileInfo.Size()))
+
+ fileResumeData := NewFileResumeData([]ForkInfoList{
+ *NewForkInfoList(offset),
+ })
+
+ b, _ := fileResumeData.BinaryMarshal()
+
+ replyT.Fields = append(replyT.Fields, NewField(fieldFileResumeData, b))
+ }
+
+ res = append(res, replyT)
return res, err
}
git.r.bdr.sh / rbdr / mobius / blobdiff