X-Git-Url: https://git.r.bdr.sh/rbdr/mobius/blobdiff_plain/16a4ad707a05df25c9d12b8cc89fb3a9e3be0dba..a322be023434b4fbdfdc607b73212089ce7d077c:/hotline/transaction_handlers.go diff --git a/hotline/transaction_handlers.go b/hotline/transaction_handlers.go index ec7910a..85879a4 100644 --- a/hotline/transaction_handlers.go +++ b/hotline/transaction_handlers.go @@ -10,14 +10,13 @@ import ( "math/big" "os" "path" + "path/filepath" "sort" "strings" "time" ) type TransactionType struct { - Access int // Specifies access privilege required to perform the transaction - DenyMsg string // The error reply message when user does not have access Handler func(*ClientConn, *Transaction) ([]Transaction, error) // function for handling the transaction type Name string // Name of transaction as it will appear in logging RequiredFields []requiredField @@ -45,14 +44,12 @@ var TransactionHandlers = map[uint16]TransactionType{ Name: "tranNotifyDeleteUser", }, tranAgreed: { - Access: accessAlwaysAllow, Name: "tranAgreed", Handler: HandleTranAgreed, }, tranChatSend: { - Access: accessAlwaysAllow, - Handler: HandleChatSend, Name: "tranChatSend", + Handler: HandleChatSend, RequiredFields: []requiredField{ { ID: fieldData, @@ -61,176 +58,130 @@ var TransactionHandlers = map[uint16]TransactionType{ }, }, tranDelNewsArt: { - Access: accessNewsDeleteArt, - DenyMsg: "You are not allowed to delete news articles.", Name: "tranDelNewsArt", Handler: HandleDelNewsArt, }, tranDelNewsItem: { - Access: accessAlwaysAllow, // Granular access enforced inside the handler - // Has multiple access flags: News Delete Folder (37) or News Delete Category (35) - // TODO: Implement inside the handler Name: "tranDelNewsItem", Handler: HandleDelNewsItem, }, tranDeleteFile: { - Access: accessAlwaysAllow, // Granular access enforced inside the handler Name: "tranDeleteFile", Handler: HandleDeleteFile, }, tranDeleteUser: { - Access: accessAlwaysAllow, Name: "tranDeleteUser", Handler: HandleDeleteUser, }, tranDisconnectUser: { - Access: accessDisconUser, - DenyMsg: "You are not allowed to disconnect users.", Name: "tranDisconnectUser", Handler: HandleDisconnectUser, }, tranDownloadFile: { - Access: accessAlwaysAllow, Name: "tranDownloadFile", Handler: HandleDownloadFile, }, tranDownloadFldr: { - Access: accessDownloadFile, // There is no specific access flag for folder vs file download - DenyMsg: "You are not allowed to download files.", Name: "tranDownloadFldr", Handler: HandleDownloadFolder, }, tranGetClientInfoText: { - Access: accessGetClientInfo, - DenyMsg: "You are not allowed to get client info", Name: "tranGetClientInfoText", - Handler: HandleGetClientConnInfoText, + Handler: HandleGetClientInfoText, }, tranGetFileInfo: { - Access: accessAlwaysAllow, Name: "tranGetFileInfo", Handler: HandleGetFileInfo, }, tranGetFileNameList: { - Access: accessAlwaysAllow, Name: "tranGetFileNameList", Handler: HandleGetFileNameList, }, tranGetMsgs: { - Access: accessAlwaysAllow, Name: "tranGetMsgs", Handler: HandleGetMsgs, }, tranGetNewsArtData: { - Access: accessNewsReadArt, - DenyMsg: "You are not allowed to read news.", Name: "tranGetNewsArtData", Handler: HandleGetNewsArtData, }, tranGetNewsArtNameList: { - Access: accessNewsReadArt, - DenyMsg: "You are not allowed to read news.", Name: "tranGetNewsArtNameList", Handler: HandleGetNewsArtNameList, }, tranGetNewsCatNameList: { - Access: accessNewsReadArt, - DenyMsg: "You are not allowed to read news.", Name: "tranGetNewsCatNameList", Handler: HandleGetNewsCatNameList, }, tranGetUser: { - Access: accessAlwaysAllow, Name: "tranGetUser", Handler: HandleGetUser, }, tranGetUserNameList: { - Access: accessAlwaysAllow, Name: "tranHandleGetUserNameList", Handler: HandleGetUserNameList, }, tranInviteNewChat: { - Access: accessOpenChat, - DenyMsg: "You are not allowed to request private chat.", Name: "tranInviteNewChat", Handler: HandleInviteNewChat, }, tranInviteToChat: { - Access: accessOpenChat, - DenyMsg: "You are not allowed to request private chat.", Name: "tranInviteToChat", Handler: HandleInviteToChat, }, tranJoinChat: { - Access: accessAlwaysAllow, Name: "tranJoinChat", Handler: HandleJoinChat, }, tranKeepAlive: { - Access: accessAlwaysAllow, Name: "tranKeepAlive", Handler: HandleKeepAlive, }, tranLeaveChat: { - Access: accessAlwaysAllow, Name: "tranJoinChat", Handler: HandleLeaveChat, }, tranListUsers: { - Access: accessAlwaysAllow, Name: "tranListUsers", Handler: HandleListUsers, }, tranMoveFile: { - Access: accessMoveFile, - DenyMsg: "You are not allowed to move files.", Name: "tranMoveFile", Handler: HandleMoveFile, }, tranNewFolder: { - Access: accessCreateFolder, - DenyMsg: "You are not allow to create folders.", Name: "tranNewFolder", Handler: HandleNewFolder, }, tranNewNewsCat: { - Access: accessNewsCreateCat, - DenyMsg: "You are not allowed to create news categories.", Name: "tranNewNewsCat", Handler: HandleNewNewsCat, }, tranNewNewsFldr: { - Access: accessNewsCreateFldr, - DenyMsg: "You are not allowed to create news folders.", Name: "tranNewNewsFldr", Handler: HandleNewNewsFldr, }, tranNewUser: { - Access: accessAlwaysAllow, Name: "tranNewUser", Handler: HandleNewUser, }, + tranUpdateUser: { + Name: "tranUpdateUser", + Handler: HandleUpdateUser, + }, tranOldPostNews: { - Access: accessNewsPostArt, - DenyMsg: "You are not allowed to post news.", Name: "tranOldPostNews", Handler: HandleTranOldPostNews, }, tranPostNewsArt: { - Access: accessNewsPostArt, - DenyMsg: "You are not allowed to post news articles.", Name: "tranPostNewsArt", Handler: HandlePostNewsArt, }, tranRejectChatInvite: { - Access: accessAlwaysAllow, Name: "tranRejectChatInvite", Handler: HandleRejectChatInvite, }, tranSendInstantMsg: { - Access: accessAlwaysAllow, - // Access: accessSendPrivMsg, - // DenyMsg: "You are not allowed to send private messages", Name: "tranSendInstantMsg", Handler: HandleSendInstantMsg, RequiredFields: []requiredField{ @@ -244,12 +195,10 @@ var TransactionHandlers = map[uint16]TransactionType{ }, }, tranSetChatSubject: { - Access: accessAlwaysAllow, Name: "tranSetChatSubject", Handler: HandleSetChatSubject, }, tranMakeFileAlias: { - Access: accessAlwaysAllow, Name: "tranMakeFileAlias", Handler: HandleMakeAlias, RequiredFields: []requiredField{ @@ -259,37 +208,33 @@ var TransactionHandlers = map[uint16]TransactionType{ }, }, tranSetClientUserInfo: { - Access: accessAlwaysAllow, Name: "tranSetClientUserInfo", Handler: HandleSetClientUserInfo, }, tranSetFileInfo: { - Access: accessAlwaysAllow, Name: "tranSetFileInfo", Handler: HandleSetFileInfo, }, tranSetUser: { - Access: accessModifyUser, - DenyMsg: "You are not allowed to modify accounts.", Name: "tranSetUser", Handler: HandleSetUser, }, tranUploadFile: { - Access: accessAlwaysAllow, Name: "tranUploadFile", Handler: HandleUploadFile, }, tranUploadFldr: { - Access: accessAlwaysAllow, Name: "tranUploadFldr", Handler: HandleUploadFolder, }, tranUserBroadcast: { - Access: accessBroadcast, - DenyMsg: "You are not allowed to send broadcast messages.", Name: "tranUserBroadcast", Handler: HandleUserBroadcast, }, + tranDownloadBanner: { + Name: "tranDownloadBanner", + Handler: HandleDownloadBanner, + }, } func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err error) { @@ -309,10 +254,6 @@ func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err erro formattedMsg = fmt.Sprintf("\r*** %s %s", cc.UserName, t.GetField(fieldData).Data) } - if bytes.Equal(t.GetField(fieldData).Data, []byte("/stats")) { - formattedMsg = strings.Replace(cc.Server.Stats.String(), "\n", "\r", -1) - } - chatID := t.GetField(fieldChatID).Data // a non-nil chatID indicates the message belongs to a private chat if chatID != nil { @@ -358,10 +299,15 @@ func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err erro // Fields used in the reply: // None func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, err error) { + if !cc.Authorize(accessSendPrivMsg) { + res = append(res, cc.NewErrReply(t, "You are not allowed to send private messages.")) + return res, err + } + msg := t.GetField(fieldData) ID := t.GetField(fieldUserID) - reply := *NewTransaction( + reply := NewTransaction( tranServerMsg, &ID.Data, NewField(fieldData, msg.Data), @@ -376,12 +322,12 @@ func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, er reply.Fields = append(reply.Fields, NewField(fieldQuotingMsg, t.GetField(fieldQuotingMsg).Data)) } - res = append(res, reply) + res = append(res, *reply) id, _ := byteToInt(ID.Data) - otherClient := cc.Server.Clients[uint16(id)] - if otherClient == nil { - return res, errors.New("ohno") + otherClient, ok := cc.Server.Clients[uint16(id)] + if !ok { + return res, errors.New("invalid client ID") } // Respond with auto reply if other client has it enabled @@ -407,26 +353,30 @@ func HandleGetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err e fileName := t.GetField(fieldFileName).Data filePath := t.GetField(fieldFilePath).Data - ffo, err := NewFlattenedFileObject(cc.Server.Config.FileRoot, filePath, fileName, 0) + fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName) + if err != nil { + return res, err + } + + fw, err := newFileWrapper(cc.Server.FS, fullFilePath, 0) if err != nil { return res, err } res = append(res, cc.NewReply(t, - NewField(fieldFileName, fileName), - NewField(fieldFileTypeString, ffo.FlatFileInformationFork.TypeSignature), - NewField(fieldFileCreatorString, ffo.FlatFileInformationFork.CreatorSignature), - NewField(fieldFileComment, ffo.FlatFileInformationFork.Comment), - NewField(fieldFileType, ffo.FlatFileInformationFork.TypeSignature), - NewField(fieldFileCreateDate, ffo.FlatFileInformationFork.CreateDate), - NewField(fieldFileModifyDate, ffo.FlatFileInformationFork.ModifyDate), - NewField(fieldFileSize, ffo.FlatFileDataForkHeader.DataSize[:]), + NewField(fieldFileName, []byte(fw.name)), + NewField(fieldFileTypeString, fw.ffo.FlatFileInformationFork.friendlyType()), + NewField(fieldFileCreatorString, fw.ffo.FlatFileInformationFork.friendlyCreator()), + NewField(fieldFileComment, fw.ffo.FlatFileInformationFork.Comment), + NewField(fieldFileType, fw.ffo.FlatFileInformationFork.TypeSignature), + NewField(fieldFileCreateDate, fw.ffo.FlatFileInformationFork.CreateDate), + NewField(fieldFileModifyDate, fw.ffo.FlatFileInformationFork.ModifyDate), + NewField(fieldFileSize, fw.totalSize()), )) return res, err } // HandleSetFileInfo updates a file or folder name and/or comment from the Get Info window -// TODO: Implement support for comments // Fields used in the request: // * 201 File name // * 202 File path Optional @@ -442,36 +392,79 @@ func HandleSetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err e return res, err } + fi, err := cc.Server.FS.Stat(fullFilePath) + if err != nil { + return res, err + } + + hlFile, err := newFileWrapper(cc.Server.FS, fullFilePath, 0) + if err != nil { + return res, err + } + if t.GetField(fieldFileComment).Data != nil { + switch mode := fi.Mode(); { + case mode.IsDir(): + if !authorize(cc.Account.Access, accessSetFolderComment) { + res = append(res, cc.NewErrReply(t, "You are not allowed to set comments for folders.")) + return res, err + } + case mode.IsRegular(): + if !authorize(cc.Account.Access, accessSetFileComment) { + res = append(res, cc.NewErrReply(t, "You are not allowed to set comments for files.")) + return res, err + } + } + + if err := hlFile.ffo.FlatFileInformationFork.setComment(t.GetField(fieldFileComment).Data); err != nil { + return res, err + } + w, err := hlFile.infoForkWriter() + if err != nil { + return res, err + } + _, err = w.Write(hlFile.ffo.FlatFileInformationFork.MarshalBinary()) + if err != nil { + return res, err + } + } + fullNewFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, t.GetField(fieldFileNewName).Data) if err != nil { return nil, err } - // fileComment := t.GetField(fieldFileComment).Data fileNewName := t.GetField(fieldFileNewName).Data if fileNewName != nil { - fi, err := FS.Stat(fullFilePath) - if err != nil { - return res, err - } switch mode := fi.Mode(); { case mode.IsDir(): if !authorize(cc.Account.Access, accessRenameFolder) { res = append(res, cc.NewErrReply(t, "You are not allowed to rename folders.")) return res, err } + err = os.Rename(fullFilePath, fullNewFilePath) + if os.IsNotExist(err) { + res = append(res, cc.NewErrReply(t, "Cannot rename folder "+string(fileName)+" because it does not exist or cannot be found.")) + return res, err + } case mode.IsRegular(): if !authorize(cc.Account.Access, accessRenameFile) { res = append(res, cc.NewErrReply(t, "You are not allowed to rename files.")) return res, err } - } - - err = os.Rename(fullFilePath, fullNewFilePath) - if os.IsNotExist(err) { - res = append(res, cc.NewErrReply(t, "Cannot rename file "+string(fileName)+" because it does not exist or cannot be found.")) - return res, err + fileDir, err := readPath(cc.Server.Config.FileRoot, filePath, []byte{}) + if err != nil { + return nil, err + } + hlFile.name = string(fileNewName) + err = hlFile.move(fileDir) + if os.IsNotExist(err) { + res = append(res, cc.NewErrReply(t, "Cannot rename file "+string(fileName)+" because it does not exist or cannot be found.")) + return res, err + } + if err != nil { + panic(err) + } } } @@ -493,13 +486,17 @@ func HandleDeleteFile(cc *ClientConn, t *Transaction) (res []Transaction, err er return res, err } - cc.Server.Logger.Debugw("Delete file", "src", fullFilePath) + hlFile, err := newFileWrapper(cc.Server.FS, fullFilePath, 0) + if err != nil { + return res, err + } - fi, err := os.Stat(fullFilePath) + fi, err := hlFile.dataFile() if err != nil { res = append(res, cc.NewErrReply(t, "Cannot delete file "+string(fileName)+" because it does not exist or cannot be found.")) return res, nil } + switch mode := fi.Mode(); { case mode.IsDir(): if !authorize(cc.Account.Access, accessDeleteFolder) { @@ -513,7 +510,7 @@ func HandleDeleteFile(cc *ClientConn, t *Transaction) (res []Transaction, err er } } - if err := os.RemoveAll(fullFilePath); err != nil { + if err := hlFile.delete(); err != nil { return res, err } @@ -524,13 +521,29 @@ func HandleDeleteFile(cc *ClientConn, t *Transaction) (res []Transaction, err er // HandleMoveFile moves files or folders. Note: seemingly not documented func HandleMoveFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) { fileName := string(t.GetField(fieldFileName).Data) - filePath := cc.Server.Config.FileRoot + ReadFilePath(t.GetField(fieldFilePath).Data) - fileNewPath := cc.Server.Config.FileRoot + ReadFilePath(t.GetField(fieldFileNewPath).Data) - cc.Server.Logger.Debugw("Move file", "src", filePath+"/"+fileName, "dst", fileNewPath+"/"+fileName) + filePath, err := readPath(cc.Server.Config.FileRoot, t.GetField(fieldFilePath).Data, t.GetField(fieldFileName).Data) + if err != nil { + return res, err + } + + fileNewPath, err := readPath(cc.Server.Config.FileRoot, t.GetField(fieldFileNewPath).Data, nil) + if err != nil { + return res, err + } + + cc.logger.Infow("Move file", "src", filePath+"/"+fileName, "dst", fileNewPath+"/"+fileName) + + hlFile, err := newFileWrapper(cc.Server.FS, filePath, 0) + if err != nil { + return res, err + } - fp := filePath + "/" + fileName - fi, err := os.Stat(fp) + fi, err := hlFile.dataFile() + if err != nil { + res = append(res, cc.NewErrReply(t, "Cannot delete file "+fileName+" because it does not exist or cannot be found.")) + return res, err + } if err != nil { return res, err } @@ -546,27 +559,26 @@ func HandleMoveFile(cc *ClientConn, t *Transaction) (res []Transaction, err erro return res, err } } - - err = os.Rename(filePath+"/"+fileName, fileNewPath+"/"+fileName) - if os.IsNotExist(err) { - res = append(res, cc.NewErrReply(t, "Cannot delete file "+fileName+" because it does not exist or cannot be found.")) + if err := hlFile.move(fileNewPath); err != nil { return res, err } - if err != nil { - return []Transaction{}, err - } - // TODO: handle other possible errors; e.g. file delete fails due to file permission issue + // TODO: handle other possible errors; e.g. fileWrapper delete fails due to fileWrapper permission issue res = append(res, cc.NewReply(t)) return res, err } func HandleNewFolder(cc *ClientConn, t *Transaction) (res []Transaction, err error) { - newFolderPath := cc.Server.Config.FileRoot + if !authorize(cc.Account.Access, accessCreateFolder) { + res = append(res, cc.NewErrReply(t, "You are not allowed to create folders.")) + return res, err + } folderName := string(t.GetField(fieldFileName).Data) folderName = path.Join("/", folderName) + var subPath string + // fieldFilePath is only present for nested paths if t.GetField(fieldFilePath).Data != nil { var newFp FilePath @@ -574,20 +586,23 @@ func HandleNewFolder(cc *ClientConn, t *Transaction) (res []Transaction, err err if err != nil { return nil, err } - newFolderPath += newFp.String() + + for _, pathItem := range newFp.Items { + subPath = filepath.Join("/", subPath, string(pathItem.Name)) + } } - newFolderPath = path.Join(newFolderPath, folderName) + newFolderPath := path.Join(cc.Server.Config.FileRoot, subPath, folderName) // TODO: check path and folder name lengths - if _, err := FS.Stat(newFolderPath); !os.IsNotExist(err) { + if _, err := cc.Server.FS.Stat(newFolderPath); !os.IsNotExist(err) { msg := fmt.Sprintf("Cannot create folder \"%s\" because there is already a file or folder with that name.", folderName) return []Transaction{cc.NewErrReply(t, msg)}, nil } // TODO: check for disallowed characters to maintain compatibility for original client - if err := FS.Mkdir(newFolderPath, 0777); err != nil { + if err := cc.Server.FS.Mkdir(newFolderPath, 0777); err != nil { msg := fmt.Sprintf("Cannot create folder \"%s\" because an error occurred.", folderName) return []Transaction{cc.NewErrReply(t, msg)}, nil } @@ -597,6 +612,11 @@ func HandleNewFolder(cc *ClientConn, t *Transaction) (res []Transaction, err err } func HandleSetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) { + if !authorize(cc.Account.Access, accessModifyUser) { + res = append(res, cc.NewErrReply(t, "You are not allowed to modify accounts.")) + return res, err + } + login := DecodeUserString(t.GetField(fieldUserLogin).Data) userName := string(t.GetField(fieldUserName).Data) @@ -615,12 +635,11 @@ func HandleSetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error account.Password = hashAndSalt(t.GetField(fieldUserPassword).Data) } - file := cc.Server.ConfigDir + "Users/" + login + ".yaml" out, err := yaml.Marshal(&account) if err != nil { return res, err } - if err := ioutil.WriteFile(file, out, 0666); err != nil { + if err := os.WriteFile(filepath.Join(cc.Server.ConfigDir, "Users", login+".yaml"), out, 0666); err != nil { return res, err } @@ -631,22 +650,22 @@ func HandleSetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error newT := NewTransaction(tranUserAccess, c.ID, NewField(fieldUserAccess, newAccessLvl)) res = append(res, *newT) - flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(*c.Flags))) + flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(c.Flags))) if authorize(c.Account.Access, accessDisconUser) { flagBitmap.SetBit(flagBitmap, userFlagAdmin, 1) } else { flagBitmap.SetBit(flagBitmap, userFlagAdmin, 0) } - binary.BigEndian.PutUint16(*c.Flags, uint16(flagBitmap.Int64())) + binary.BigEndian.PutUint16(c.Flags, uint16(flagBitmap.Int64())) c.Account.Access = account.Access cc.sendAll( tranNotifyChangeUser, NewField(fieldUserID, *c.ID), - NewField(fieldUserFlags, *c.Flags), + NewField(fieldUserFlags, c.Flags), NewField(fieldUserName, c.UserName), - NewField(fieldUserIconID, *c.Icon), + NewField(fieldUserIconID, c.Icon), ) } } @@ -683,16 +702,108 @@ func HandleListUsers(cc *ClientConn, t *Transaction) (res []Transaction, err err } var userFields []Field - // TODO: make order deterministic for _, acc := range cc.Server.Accounts { - userField := acc.MarshalBinary() - userFields = append(userFields, NewField(fieldData, userField)) + b := make([]byte, 0, 100) + n, err := acc.Read(b) + if err != nil { + return res, err + } + + userFields = append(userFields, NewField(fieldData, b[:n])) } res = append(res, cc.NewReply(t, userFields...)) return res, err } +// HandleUpdateUser is used by the v1.5+ multi-user editor to perform account editing for multiple users at a time. +// An update can be a mix of these actions: +// * Create user +// * Delete user +// * Modify user (including renaming the account login) +// +// The Transaction sent by the client includes one data field per user that was modified. This data field in turn +// contains another data field encoded in its payload with a varying number of sub fields depending on which action is +// performed. This seems to be the only place in the Hotline protocol where a data field contains another data field. +func HandleUpdateUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) { + for _, field := range t.Fields { + subFields, err := ReadFields(field.Data[0:2], field.Data[2:]) + if err != nil { + return res, err + } + + if len(subFields) == 1 { + login := DecodeUserString(getField(fieldData, &subFields).Data) + cc.logger.Infow("DeleteUser", "login", login) + + if !authorize(cc.Account.Access, accessDeleteUser) { + res = append(res, cc.NewErrReply(t, "You are not allowed to delete accounts.")) + return res, err + } + + if err := cc.Server.DeleteUser(login); err != nil { + return res, err + } + continue + } + + login := DecodeUserString(getField(fieldUserLogin, &subFields).Data) + + // check if the login dataFile; if so, we know we are updating an existing user + if acc, ok := cc.Server.Accounts[login]; ok { + cc.logger.Infow("UpdateUser", "login", login) + + // account dataFile, so this is an update action + if !authorize(cc.Account.Access, accessModifyUser) { + res = append(res, cc.NewErrReply(t, "You are not allowed to modify accounts.")) + return res, err + } + + if getField(fieldUserPassword, &subFields) != nil { + newPass := getField(fieldUserPassword, &subFields).Data + acc.Password = hashAndSalt(newPass) + } else { + acc.Password = hashAndSalt([]byte("")) + } + + if getField(fieldUserAccess, &subFields) != nil { + acc.Access = &getField(fieldUserAccess, &subFields).Data + } + + err = cc.Server.UpdateUser( + DecodeUserString(getField(fieldData, &subFields).Data), + DecodeUserString(getField(fieldUserLogin, &subFields).Data), + string(getField(fieldUserName, &subFields).Data), + acc.Password, + *acc.Access, + ) + if err != nil { + return res, err + } + } else { + cc.logger.Infow("CreateUser", "login", login) + + if !authorize(cc.Account.Access, accessCreateUser) { + res = append(res, cc.NewErrReply(t, "You are not allowed to create new accounts.")) + return res, err + } + + err := cc.Server.NewUser( + login, + string(getField(fieldUserName, &subFields).Data), + string(getField(fieldUserPassword, &subFields).Data), + getField(fieldUserAccess, &subFields).Data, + ) + if err != nil { + return []Transaction{}, err + } + } + } + + res = append(res, cc.NewReply(t)) + return res, err +} + // HandleNewUser creates a new user account func HandleNewUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !authorize(cc.Account.Access, accessCreateUser) { @@ -702,7 +813,7 @@ func HandleNewUser(cc *ClientConn, t *Transaction) (res []Transaction, err error login := DecodeUserString(t.GetField(fieldUserLogin).Data) - // If the account already exists, reply with an error + // If the account already dataFile, reply with an error if _, ok := cc.Server.Accounts[login]; ok { res = append(res, cc.NewErrReply(t, "Cannot create account "+login+" because there is already an account with that login.")) return res, err @@ -740,6 +851,11 @@ func HandleDeleteUser(cc *ClientConn, t *Transaction) (res []Transaction, err er // HandleUserBroadcast sends an Administrator Message to all connected clients of the server func HandleUserBroadcast(cc *ClientConn, t *Transaction) (res []Transaction, err error) { + if !authorize(cc.Account.Access, accessBroadcast) { + res = append(res, cc.NewErrReply(t, "You are not allowed to send broadcast messages.")) + return res, err + } + cc.sendAll( tranServerMsg, NewField(fieldData, t.GetField(tranGetMsgs).Data), @@ -761,60 +877,29 @@ func byteToInt(bytes []byte) (int, error) { return 0, errors.New("unknown byte length") } -func HandleGetClientConnInfoText(cc *ClientConn, t *Transaction) (res []Transaction, err error) { +// HandleGetClientInfoText returns user information for the specific user. +// +// Fields used in the request: +// 103 User ID +// +// Fields used in the reply: +// 102 User name +// 101 Data User info text string +func HandleGetClientInfoText(cc *ClientConn, t *Transaction) (res []Transaction, err error) { + if !authorize(cc.Account.Access, accessGetClientInfo) { + res = append(res, cc.NewErrReply(t, "You are not allowed to get client info.")) + return res, err + } + clientID, _ := byteToInt(t.GetField(fieldUserID).Data) clientConn := cc.Server.Clients[uint16(clientID)] if clientConn == nil { - return res, errors.New("invalid client") + return append(res, cc.NewErrReply(t, "User not found.")), err } - // TODO: Implement non-hardcoded values - template := `Nickname: %s -Name: %s -Account: %s -Address: %s - --------- File Downloads --------- - -%s - -------- Folder Downloads -------- - -None. - ---------- File Uploads ---------- - -None. - --------- Folder Uploads --------- - -None. - -------- Waiting Downloads ------- - -None. - - ` - - activeDownloads := clientConn.Transfers[FileDownload] - activeDownloadList := "None." - for _, dl := range activeDownloads { - activeDownloadList += dl.String() + "\n" - } - - template = fmt.Sprintf( - template, - clientConn.UserName, - clientConn.Account.Name, - clientConn.Account.Login, - clientConn.Connection.RemoteAddr().String(), - activeDownloadList, - ) - template = strings.Replace(template, "\n", "\r", -1) - res = append(res, cc.NewReply(t, - NewField(fieldData, []byte(template)), + NewField(fieldData, []byte(clientConn.String())), NewField(fieldUserName, clientConn.UserName), )) return res, err @@ -828,24 +913,35 @@ func HandleGetUserNameList(cc *ClientConn, t *Transaction) (res []Transaction, e func HandleTranAgreed(cc *ClientConn, t *Transaction) (res []Transaction, err error) { cc.Agreed = true - cc.UserName = t.GetField(fieldUserName).Data - *cc.Icon = t.GetField(fieldUserIconID).Data + + if t.GetField(fieldUserName).Data != nil { + if cc.Authorize(accessAnyName) { + cc.UserName = t.GetField(fieldUserName).Data + } else { + cc.UserName = []byte(cc.Account.Name) + } + } + + cc.Icon = t.GetField(fieldUserIconID).Data + + cc.logger = cc.logger.With("name", string(cc.UserName)) + cc.logger.Infow("Login successful", "clientVersion", fmt.Sprintf("%x", cc.Version)) options := t.GetField(fieldOptions).Data optBitmap := big.NewInt(int64(binary.BigEndian.Uint16(options))) - flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(*cc.Flags))) + flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(cc.Flags))) // Check refuse private PM option if optBitmap.Bit(refusePM) == 1 { flagBitmap.SetBit(flagBitmap, userFlagRefusePM, 1) - binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64())) + binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64())) } // Check refuse private chat option if optBitmap.Bit(refuseChat) == 1 { flagBitmap.SetBit(flagBitmap, userFLagRefusePChat, 1) - binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64())) + binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64())) } // Check auto response @@ -855,15 +951,20 @@ func HandleTranAgreed(cc *ClientConn, t *Transaction) (res []Transaction, err er cc.AutoReply = []byte{} } - cc.notifyOthers( + trans := cc.notifyOthers( *NewTransaction( tranNotifyChangeUser, nil, NewField(fieldUserName, cc.UserName), NewField(fieldUserID, *cc.ID), - NewField(fieldUserIconID, *cc.Icon), - NewField(fieldUserFlags, *cc.Flags), + NewField(fieldUserIconID, cc.Icon), + NewField(fieldUserFlags, cc.Flags), ), ) + res = append(res, trans...) + + if cc.Server.Config.BannerFile != "" { + res = append(res, *NewTransaction(tranServerBanner, cc.ID, NewField(fieldBannerType, []byte("JPEG")))) + } res = append(res, cc.NewReply(t)) @@ -883,6 +984,11 @@ __________________________________________________________` // Fields used in this request: // 101 Data func HandleTranOldPostNews(cc *ClientConn, t *Transaction) (res []Transaction, err error) { + if !authorize(cc.Account.Access, accessNewsPostArt) { + res = append(res, cc.NewErrReply(t, "You are not allowed to post news.")) + return res, err + } + cc.Server.flatNewsMux.Lock() defer cc.Server.flatNewsMux.Unlock() @@ -918,6 +1024,11 @@ func HandleTranOldPostNews(cc *ClientConn, t *Transaction) (res []Transaction, e } func HandleDisconnectUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) { + if !authorize(cc.Account.Access, accessDisconUser) { + res = append(res, cc.NewErrReply(t, "You are not allowed to disconnect users.")) + return res, err + } + clientConn := cc.Server.Clients[binary.BigEndian.Uint16(t.GetField(fieldUserID).Data)] if authorize(clientConn.Account.Access, accessCannotBeDiscon) { @@ -925,20 +1036,58 @@ func HandleDisconnectUser(cc *ClientConn, t *Transaction) (res []Transaction, er return res, err } - if err := clientConn.Connection.Close(); err != nil { - return res, err + // If fieldOptions is set, then the client IP is banned in addition to disconnected. + // 00 01 = temporary ban + // 00 02 = permanent ban + if t.GetField(fieldOptions).Data != nil { + switch t.GetField(fieldOptions).Data[1] { + case 1: + // send message: "You are temporarily banned on this server" + cc.logger.Infow("Disconnect & temporarily ban " + string(clientConn.UserName)) + + res = append(res, *NewTransaction( + tranServerMsg, + clientConn.ID, + NewField(fieldData, []byte("You are temporarily banned on this server")), + NewField(fieldChatOptions, []byte{0, 0}), + )) + + banUntil := time.Now().Add(tempBanDuration) + cc.Server.banList[strings.Split(clientConn.RemoteAddr, ":")[0]] = &banUntil + cc.Server.writeBanList() + case 2: + // send message: "You are permanently banned on this server" + cc.logger.Infow("Disconnect & ban " + string(clientConn.UserName)) + + res = append(res, *NewTransaction( + tranServerMsg, + clientConn.ID, + NewField(fieldData, []byte("You are permanently banned on this server")), + NewField(fieldChatOptions, []byte{0, 0}), + )) + + cc.Server.banList[strings.Split(clientConn.RemoteAddr, ":")[0]] = nil + cc.Server.writeBanList() + } } - res = append(res, cc.NewReply(t)) - return res, err + // TODO: remove this awful hack + go func() { + time.Sleep(1 * time.Second) + clientConn.Disconnect() + }() + + return append(res, cc.NewReply(t)), err } +// HandleGetNewsCatNameList returns a list of news categories for a path +// Fields used in the request: +// 325 News path (Optional) func HandleGetNewsCatNameList(cc *ClientConn, t *Transaction) (res []Transaction, err error) { - // Fields used in the request: - // 325 News path (Optional) - - newsPath := t.GetField(fieldNewsPath).Data - cc.Server.Logger.Infow("NewsPath: ", "np", string(newsPath)) + if !authorize(cc.Account.Access, accessNewsReadArt) { + res = append(res, cc.NewErrReply(t, "You are not allowed to read news.")) + return res, err + } pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data) cats := cc.Server.GetNewsCatByPath(pathStrs) @@ -967,6 +1116,11 @@ func HandleGetNewsCatNameList(cc *ClientConn, t *Transaction) (res []Transaction } func HandleNewNewsCat(cc *ClientConn, t *Transaction) (res []Transaction, err error) { + if !authorize(cc.Account.Access, accessNewsCreateCat) { + res = append(res, cc.NewErrReply(t, "You are not allowed to create news categories.")) + return res, err + } + name := string(t.GetField(fieldNewsCatName).Data) pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data) @@ -985,14 +1139,19 @@ func HandleNewNewsCat(cc *ClientConn, t *Transaction) (res []Transaction, err er return res, err } +// Fields used in the request: +// 322 News category name +// 325 News path func HandleNewNewsFldr(cc *ClientConn, t *Transaction) (res []Transaction, err error) { - // Fields used in the request: - // 322 News category name - // 325 News path + if !authorize(cc.Account.Access, accessNewsCreateFldr) { + res = append(res, cc.NewErrReply(t, "You are not allowed to create news folders.")) + return res, err + } + name := string(t.GetField(fieldFileName).Data) pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data) - cc.Server.Logger.Infof("Creating new news folder %s", name) + cc.logger.Infof("Creating new news folder %s", name) cats := cc.Server.GetNewsCatByPath(pathStrs) cats[name] = NewsCategoryListData15{ @@ -1014,6 +1173,10 @@ func HandleNewNewsFldr(cc *ClientConn, t *Transaction) (res []Transaction, err e // Reply fields: // 321 News article list data Optional func HandleGetNewsArtNameList(cc *ClientConn, t *Transaction) (res []Transaction, err error) { + if !authorize(cc.Account.Access, accessNewsReadArt) { + res = append(res, cc.NewErrReply(t, "You are not allowed to read news.")) + return res, err + } pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data) var cat NewsCategoryListData15 @@ -1031,6 +1194,11 @@ func HandleGetNewsArtNameList(cc *ClientConn, t *Transaction) (res []Transaction } func HandleGetNewsArtData(cc *ClientConn, t *Transaction) (res []Transaction, err error) { + if !authorize(cc.Account.Access, accessNewsReadArt) { + res = append(res, cc.NewErrReply(t, "You are not allowed to read news.")) + return res, err + } + // Request fields // 325 News fp // 326 News article ID @@ -1081,13 +1249,14 @@ func HandleGetNewsArtData(cc *ClientConn, t *Transaction) (res []Transaction, er } func HandleDelNewsItem(cc *ClientConn, t *Transaction) (res []Transaction, err error) { - // Access: News Delete Folder (37) or News Delete Category (35) + // Has multiple access flags: News Delete Folder (37) or News Delete Category (35) + // TODO: Implement pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data) // TODO: determine if path is a Folder (Bundle) or Category and check for permission - cc.Server.Logger.Infof("DelNewsItem %v", pathStrs) + cc.logger.Infof("DelNewsItem %v", pathStrs) cats := cc.Server.ThreadedNews.Categories @@ -1112,6 +1281,11 @@ func HandleDelNewsItem(cc *ClientConn, t *Transaction) (res []Transaction, err e } func HandleDelNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err error) { + if !authorize(cc.Account.Access, accessNewsDeleteArt) { + res = append(res, cc.NewErrReply(t, "You are not allowed to delete news articles.")) + return res, err + } + // Request Fields // 325 News path // 326 News article ID @@ -1136,14 +1310,18 @@ func HandleDelNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err er return res, err } +// Request fields +// 325 News path +// 326 News article ID ID of the parent article? +// 328 News article title +// 334 News article flags +// 327 News article data flavor Currently “text/plain” +// 333 News article data func HandlePostNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err error) { - // Request fields - // 325 News path - // 326 News article ID ID of the parent article? - // 328 News article title - // 334 News article flags - // 327 News article data flavor Currently “text/plain” - // 333 News article data + if !authorize(cc.Account.Access, accessNewsPostArt) { + res = append(res, cc.NewErrReply(t, "You are not allowed to post news articles.")) + return res, err + } pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data) cats := cc.Server.GetNewsCatByPath(pathStrs[:len(pathStrs)-1]) @@ -1221,9 +1399,6 @@ func HandleDownloadFile(cc *ClientConn, t *Transaction) (res []Transaction, err fileName := t.GetField(fieldFileName).Data filePath := t.GetField(fieldFilePath).Data - - // 2 bytes - // transferOptions := t.GetField(fieldFileTransferOptions).Data resumeData := t.GetField(fieldFileResumeData).Data var dataOffset int64 @@ -1232,89 +1407,55 @@ func HandleDownloadFile(cc *ClientConn, t *Transaction) (res []Transaction, err if err := frd.UnmarshalBinary(t.GetField(fieldFileResumeData).Data); err != nil { return res, err } + // TODO: handle rsrc fork offset dataOffset = int64(binary.BigEndian.Uint32(frd.ForkInfoList[0].DataSize[:])) } - var fp FilePath - err = fp.UnmarshalBinary(filePath) + fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName) if err != nil { return res, err } - ffo, err := NewFlattenedFileObject(cc.Server.Config.FileRoot, filePath, fileName, dataOffset) + hlFile, err := newFileWrapper(cc.Server.FS, fullFilePath, dataOffset) if err != nil { return res, err } - transactionRef := cc.Server.NewTransactionRef() - data := binary.BigEndian.Uint32(transactionRef) + xferSize := hlFile.ffo.TransferSize(0) - ft := &FileTransfer{ - FileName: fileName, - FilePath: filePath, - ReferenceNumber: transactionRef, - Type: FileDownload, - } + ft := cc.newFileTransfer(FileDownload, fileName, filePath, xferSize) + // TODO: refactor to remove this if resumeData != nil { var frd FileResumeData - frd.UnmarshalBinary(t.GetField(fieldFileResumeData).Data) + if err := frd.UnmarshalBinary(t.GetField(fieldFileResumeData).Data); err != nil { + return res, err + } ft.fileResumeData = &frd } - cc.Server.FileTransfers[data] = ft - cc.Transfers[FileDownload] = append(cc.Transfers[FileDownload], ft) + // Optional field for when a HL v1.5+ client requests file preview + // Used only for TEXT, JPEG, GIFF, BMP or PICT files + // The value will always be 2 + if t.GetField(fieldFileTransferOptions).Data != nil { + ft.options = t.GetField(fieldFileTransferOptions).Data + xferSize = hlFile.ffo.FlatFileDataForkHeader.DataSize[:] + } res = append(res, cc.NewReply(t, - NewField(fieldRefNum, transactionRef), + NewField(fieldRefNum, ft.refNum[:]), NewField(fieldWaitingCount, []byte{0x00, 0x00}), // TODO: Implement waiting count - NewField(fieldTransferSize, ffo.TransferSize()), - NewField(fieldFileSize, ffo.FlatFileDataForkHeader.DataSize[:]), + NewField(fieldTransferSize, xferSize), + NewField(fieldFileSize, hlFile.ffo.FlatFileDataForkHeader.DataSize[:]), )) return res, err } // Download all files from the specified folder and sub-folders -// response example -// -// 00 -// 01 -// 00 00 -// 00 00 00 11 -// 00 00 00 00 -// 00 00 00 18 -// 00 00 00 18 -// -// 00 03 -// -// 00 6c // transfer size -// 00 04 // len -// 00 0f d5 ae -// -// 00 dc // field Folder item count -// 00 02 // len -// 00 02 -// -// 00 6b // ref number -// 00 04 // len -// 00 03 64 b1 func HandleDownloadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err error) { - transactionRef := cc.Server.NewTransactionRef() - data := binary.BigEndian.Uint32(transactionRef) - - fileTransfer := &FileTransfer{ - FileName: t.GetField(fieldFileName).Data, - FilePath: t.GetField(fieldFilePath).Data, - ReferenceNumber: transactionRef, - Type: FolderDownload, - } - cc.Server.FileTransfers[data] = fileTransfer - cc.Transfers[FolderDownload] = append(cc.Transfers[FolderDownload], fileTransfer) - - var fp FilePath - err = fp.UnmarshalBinary(t.GetField(fieldFilePath).Data) - if err != nil { + if !authorize(cc.Account.Access, accessDownloadFile) { + res = append(res, cc.NewErrReply(t, "You are not allowed to download folders.")) return res, err } @@ -1331,8 +1472,17 @@ func HandleDownloadFolder(cc *ClientConn, t *Transaction) (res []Transaction, er if err != nil { return res, err } + + fileTransfer := cc.newFileTransfer(FolderDownload, t.GetField(fieldFileName).Data, t.GetField(fieldFilePath).Data, transferSize) + + var fp FilePath + err = fp.UnmarshalBinary(t.GetField(fieldFilePath).Data) + if err != nil { + return res, err + } + res = append(res, cc.NewReply(t, - NewField(fieldRefNum, transactionRef), + NewField(fieldRefNum, fileTransfer.ReferenceNumber), NewField(fieldTransferSize, transferSize), NewField(fieldFolderItemCount, itemCount), NewField(fieldWaitingCount, []byte{0x00, 0x00}), // TODO: Implement waiting count @@ -1348,9 +1498,6 @@ func HandleDownloadFolder(cc *ClientConn, t *Transaction) (res []Transaction, er // 220 Folder item count // 204 File transfer options "Optional Currently set to 1" (TODO: ??) func HandleUploadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err error) { - transactionRef := cc.Server.NewTransactionRef() - data := binary.BigEndian.Uint32(transactionRef) - var fp FilePath if t.GetField(fieldFilePath).Data != nil { if err = fp.UnmarshalBinary(t.GetField(fieldFilePath).Data); err != nil { @@ -1366,17 +1513,15 @@ func HandleUploadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err } } - fileTransfer := &FileTransfer{ - FileName: t.GetField(fieldFileName).Data, - FilePath: t.GetField(fieldFilePath).Data, - ReferenceNumber: transactionRef, - Type: FolderUpload, - FolderItemCount: t.GetField(fieldFolderItemCount).Data, - TransferSize: t.GetField(fieldTransferSize).Data, - } - cc.Server.FileTransfers[data] = fileTransfer + fileTransfer := cc.newFileTransfer(FolderUpload, + t.GetField(fieldFileName).Data, + t.GetField(fieldFilePath).Data, + t.GetField(fieldTransferSize).Data, + ) - res = append(res, cc.NewReply(t, NewField(fieldRefNum, transactionRef))) + fileTransfer.FolderItemCount = t.GetField(fieldFolderItemCount).Data + + res = append(res, cc.NewReply(t, NewField(fieldRefNum, fileTransfer.ReferenceNumber))) return res, err } @@ -1395,11 +1540,8 @@ func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err er fileName := t.GetField(fieldFileName).Data filePath := t.GetField(fieldFilePath).Data - transferOptions := t.GetField(fieldFileTransferOptions).Data - - // TODO: is this field useful for anything? - // transferSize := t.GetField(fieldTransferSize).Data + transferSize := t.GetField(fieldTransferSize).Data // not sent for resume var fp FilePath if filePath != nil { @@ -1415,27 +1557,24 @@ func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err er return res, err } } + fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName) + if err != nil { + return res, err + } - transactionRef := cc.Server.NewTransactionRef() - data := binary.BigEndian.Uint32(transactionRef) - - cc.Server.FileTransfers[data] = &FileTransfer{ - FileName: fileName, - FilePath: filePath, - ReferenceNumber: transactionRef, - Type: FileUpload, + if _, err := cc.Server.FS.Stat(fullFilePath); err == nil { + res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload because there is already a file named \"%v\". Try choosing a different name.", string(fileName)))) + return res, err } - replyT := cc.NewReply(t, NewField(fieldRefNum, transactionRef)) + ft := cc.newFileTransfer(FileUpload, fileName, filePath, transferSize) - // client has requested to resume a partially transfered file + replyT := cc.NewReply(t, NewField(fieldRefNum, ft.ReferenceNumber)) + + // client has requested to resume a partially transferred file if transferOptions != nil { - fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName) - if err != nil { - return res, err - } - fileInfo, err := FS.Stat(fullFilePath + incompleteFileSuffix) + fileInfo, err := cc.Server.FS.Stat(fullFilePath + incompleteFileSuffix) if err != nil { return res, err } @@ -1449,6 +1588,8 @@ func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err er b, _ := fileResumeData.BinaryMarshal() + ft.TransferSize = offset + replyT.Fields = append(replyT.Fields, NewField(fieldFileResumeData, b)) } @@ -1457,27 +1598,26 @@ func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err er } func HandleSetClientUserInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) { - var icon []byte if len(t.GetField(fieldUserIconID).Data) == 4 { - icon = t.GetField(fieldUserIconID).Data[2:] + cc.Icon = t.GetField(fieldUserIconID).Data[2:] } else { - icon = t.GetField(fieldUserIconID).Data + cc.Icon = t.GetField(fieldUserIconID).Data + } + if cc.Authorize(accessAnyName) { + cc.UserName = t.GetField(fieldUserName).Data } - *cc.Icon = icon - cc.UserName = t.GetField(fieldUserName).Data // the options field is only passed by the client versions > 1.2.3. options := t.GetField(fieldOptions).Data - if options != nil { optBitmap := big.NewInt(int64(binary.BigEndian.Uint16(options))) - flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(*cc.Flags))) + flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(cc.Flags))) flagBitmap.SetBit(flagBitmap, userFlagRefusePM, optBitmap.Bit(refusePM)) - binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64())) + binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64())) flagBitmap.SetBit(flagBitmap, userFLagRefusePChat, optBitmap.Bit(refuseChat)) - binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64())) + binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64())) // Check auto response if optBitmap.Bit(autoResponse) == 1 { @@ -1487,14 +1627,16 @@ func HandleSetClientUserInfo(cc *ClientConn, t *Transaction) (res []Transaction, } } - // Notify all clients of updated user info - cc.sendAll( - tranNotifyChangeUser, - NewField(fieldUserID, *cc.ID), - NewField(fieldUserIconID, *cc.Icon), - NewField(fieldUserFlags, *cc.Flags), - NewField(fieldUserName, cc.UserName), - ) + for _, c := range sortedClients(cc.Server.Clients) { + res = append(res, *NewTransaction( + tranNotifyChangeUser, + c.ID, + NewField(fieldUserID, *cc.ID), + NewField(fieldUserIconID, cc.Icon), + NewField(fieldUserFlags, cc.Flags), + NewField(fieldUserName, cc.UserName), + )) + } return res, err } @@ -1527,11 +1669,11 @@ func HandleGetFileNameList(cc *ClientConn, t *Transaction) (res []Transaction, e // Handle special case for drop box folders if fp.IsDropbox() && !authorize(cc.Account.Access, accessViewDropBoxes) { - res = append(res, cc.NewReply(t)) + res = append(res, cc.NewErrReply(t, "You are not allowed to view drop boxes.")) return res, err } - fileNames, err := getFileNameList(fullPath) + fileNames, err := getFileNameList(fullPath, cc.Server.Config.IgnoreFiles) if err != nil { return res, err } @@ -1555,6 +1697,11 @@ func HandleGetFileNameList(cc *ClientConn, t *Transaction) (res []Transaction, e // HandleInviteNewChat invites users to new private chat func HandleInviteNewChat(cc *ClientConn, t *Transaction) (res []Transaction, err error) { + if !authorize(cc.Account.Access, accessOpenChat) { + res = append(res, cc.NewErrReply(t, "You are not allowed to request private chat.")) + return res, err + } + // Client to Invite targetID := t.GetField(fieldUserID).Data newChatID := cc.Server.NewPrivateChat(cc) @@ -1574,8 +1721,8 @@ func HandleInviteNewChat(cc *ClientConn, t *Transaction) (res []Transaction, err NewField(fieldChatID, newChatID), NewField(fieldUserName, cc.UserName), NewField(fieldUserID, *cc.ID), - NewField(fieldUserIconID, *cc.Icon), - NewField(fieldUserFlags, *cc.Flags), + NewField(fieldUserIconID, cc.Icon), + NewField(fieldUserFlags, cc.Flags), ), ) @@ -1583,6 +1730,11 @@ func HandleInviteNewChat(cc *ClientConn, t *Transaction) (res []Transaction, err } func HandleInviteToChat(cc *ClientConn, t *Transaction) (res []Transaction, err error) { + if !authorize(cc.Account.Access, accessOpenChat) { + res = append(res, cc.NewErrReply(t, "You are not allowed to request private chat.")) + return res, err + } + // Client to Invite targetID := t.GetField(fieldUserID).Data chatID := t.GetField(fieldChatID).Data @@ -1602,8 +1754,8 @@ func HandleInviteToChat(cc *ClientConn, t *Transaction) (res []Transaction, err NewField(fieldChatID, chatID), NewField(fieldUserName, cc.UserName), NewField(fieldUserID, *cc.ID), - NewField(fieldUserIconID, *cc.Icon), - NewField(fieldUserFlags, *cc.Flags), + NewField(fieldUserIconID, cc.Icon), + NewField(fieldUserFlags, cc.Flags), ), ) @@ -1652,8 +1804,8 @@ func HandleJoinChat(cc *ClientConn, t *Transaction) (res []Transaction, err erro NewField(fieldChatID, chatID), NewField(fieldUserName, cc.UserName), NewField(fieldUserID, *cc.ID), - NewField(fieldUserIconID, *cc.Icon), - NewField(fieldUserFlags, *cc.Flags), + NewField(fieldUserIconID, cc.Icon), + NewField(fieldUserFlags, cc.Flags), ), ) } @@ -1664,8 +1816,8 @@ func HandleJoinChat(cc *ClientConn, t *Transaction) (res []Transaction, err erro for _, c := range sortedClients(privChat.ClientConn) { user := User{ ID: *c.ID, - Icon: *c.Icon, - Flags: *c.Flags, + Icon: c.Icon, + Flags: c.Flags, Name: string(c.UserName), } @@ -1684,7 +1836,10 @@ func HandleLeaveChat(cc *ClientConn, t *Transaction) (res []Transaction, err err chatID := t.GetField(fieldChatID).Data chatInt := binary.BigEndian.Uint32(chatID) - privChat := cc.Server.PrivateChats[chatInt] + privChat, ok := cc.Server.PrivateChats[chatInt] + if !ok { + return res, nil + } delete(privChat.ClientConn, cc.uint16ID()) @@ -1729,7 +1884,7 @@ func HandleSetChatSubject(cc *ClientConn, t *Transaction) (res []Transaction, er return res, err } -// HandleMakeAlias makes a file alias using the specified path. +// HandleMakeAlias makes a filer alias using the specified path. // Fields used in the request: // 201 File name // 202 File path @@ -1756,9 +1911,9 @@ func HandleMakeAlias(cc *ClientConn, t *Transaction) (res []Transaction, err err return res, err } - cc.Server.Logger.Debugw("Make alias", "src", fullFilePath, "dst", fullNewFilePath) + cc.logger.Debugw("Make alias", "src", fullFilePath, "dst", fullNewFilePath) - if err := FS.Symlink(fullFilePath, fullNewFilePath); err != nil { + if err := cc.Server.FS.Symlink(fullFilePath, fullNewFilePath); err != nil { res = append(res, cc.NewErrReply(t, "Error creating alias")) return res, nil } @@ -1766,3 +1921,21 @@ func HandleMakeAlias(cc *ClientConn, t *Transaction) (res []Transaction, err err res = append(res, cc.NewReply(t)) return res, err } + +func HandleDownloadBanner(cc *ClientConn, t *Transaction) (res []Transaction, err error) { + fi, err := cc.Server.FS.Stat(filepath.Join(cc.Server.ConfigDir, cc.Server.Config.BannerFile)) + if err != nil { + return res, err + } + + ft := cc.newFileTransfer(bannerDownload, []byte{}, []byte{}, make([]byte, 4)) + + binary.BigEndian.PutUint32(ft.TransferSize, uint32(fi.Size())) + + res = append(res, cc.NewReply(t, + NewField(fieldRefNum, ft.refNum[:]), + NewField(fieldTransferSize, ft.TransferSize), + )) + + return res, err +}