X-Git-Url: https://git.r.bdr.sh/rbdr/mobius/blobdiff_plain/1efbb15f239d7da32dadcc121a8b6db5061d297f..9cf66aeafbcbb9237fedc2efc97cc2856eb60f7f:/hotline/transaction_handlers.go diff --git a/hotline/transaction_handlers.go b/hotline/transaction_handlers.go index 1ef8ad3..4bb956a 100644 --- a/hotline/transaction_handlers.go +++ b/hotline/transaction_handlers.go @@ -6,6 +6,7 @@ import ( "errors" "fmt" "gopkg.in/yaml.v3" + "io" "math/big" "os" "path" @@ -459,7 +460,7 @@ func HandleSetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err e if err != nil { return res, err } - _, err = w.Write(hlFile.ffo.FlatFileInformationFork.MarshalBinary()) + _, err = io.Copy(w, &hlFile.ffo.FlatFileInformationFork) if err != nil { return res, err } @@ -663,6 +664,9 @@ func HandleSetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error newAccessLvl := t.GetField(FieldUserAccess).Data account := cc.Server.Accounts[login] + if account == nil { + return append(res, cc.NewErrReply(t, "Account not found.")), nil + } account.Name = userName copy(account.Access[:], newAccessLvl) @@ -671,7 +675,8 @@ func HandleSetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error if t.GetField(FieldUserPassword).Data == nil { account.Password = hashAndSalt([]byte("")) } - if len(t.GetField(FieldUserPassword).Data) > 1 { + + if !bytes.Equal([]byte{0}, t.GetField(FieldUserPassword).Data) { account.Password = hashAndSalt(t.GetField(FieldUserPassword).Data) } @@ -743,13 +748,12 @@ func HandleListUsers(cc *ClientConn, t *Transaction) (res []Transaction, err err var userFields []Field for _, acc := range cc.Server.Accounts { - b := make([]byte, 0, 100) - n, err := acc.Read(b) + b, err := io.ReadAll(acc) if err != nil { return res, err } - userFields = append(userFields, NewField(FieldData, b[:n])) + userFields = append(userFields, NewField(FieldData, b)) } res = append(res, cc.NewReply(t, userFields...)) @@ -772,36 +776,63 @@ func HandleUpdateUser(cc *ClientConn, t *Transaction) (res []Transaction, err er return res, err } + // If there's only one subfield, that indicates this is a delete operation for the login in FieldData if len(subFields) == 1 { - login := decodeString(getField(FieldData, &subFields).Data) - cc.logger.Infow("DeleteUser", "login", login) - if !cc.Authorize(accessDeleteUser) { res = append(res, cc.NewErrReply(t, "You are not allowed to delete accounts.")) return res, err } + login := decodeString(getField(FieldData, &subFields).Data) + cc.logger.Infow("DeleteUser", "login", login) + if err := cc.Server.DeleteUser(login); err != nil { return res, err } continue } - login := decodeString(getField(FieldUserLogin, &subFields).Data) + // login of the account to update + var accountToUpdate, loginToRename string + + // If FieldData is included, this is a rename operation where FieldData contains the login of the existing + // account and FieldUserLogin contains the new login. + if getField(FieldData, &subFields) != nil { + loginToRename = decodeString(getField(FieldData, &subFields).Data) + } + userLogin := decodeString(getField(FieldUserLogin, &subFields).Data) + if loginToRename != "" { + accountToUpdate = loginToRename + } else { + accountToUpdate = userLogin + } - // check if the login dataFile; if so, we know we are updating an existing user - if acc, ok := cc.Server.Accounts[login]; ok { - cc.logger.Infow("UpdateUser", "login", login) + // Check if accountToUpdate has an existing account. If so, we know we are updating an existing user. + if acc, ok := cc.Server.Accounts[accountToUpdate]; ok { + if loginToRename != "" { + cc.logger.Infow("RenameUser", "prevLogin", accountToUpdate, "newLogin", userLogin) + } else { + cc.logger.Infow("UpdateUser", "login", accountToUpdate) + } - // account dataFile, so this is an update action + // account exists, so this is an update action if !cc.Authorize(accessModifyUser) { res = append(res, cc.NewErrReply(t, "You are not allowed to modify accounts.")) - return res, err + return res, nil } + // This part is a bit tricky. There are three possibilities: + // 1) The transaction is intended to update the password. + // In this case, FieldUserPassword is sent with the new password. + // 2) The transaction is intended to remove the password. + // In this case, FieldUserPassword is not sent. + // 3) The transaction updates the users access bits, but not the password. + // In this case, FieldUserPassword is sent with zero as the only byte. if getField(FieldUserPassword, &subFields) != nil { newPass := getField(FieldUserPassword, &subFields).Data - acc.Password = hashAndSalt(newPass) + if !bytes.Equal([]byte{0}, newPass) { + acc.Password = hashAndSalt(newPass) + } } else { acc.Password = hashAndSalt([]byte("")) } @@ -821,13 +852,13 @@ func HandleUpdateUser(cc *ClientConn, t *Transaction) (res []Transaction, err er return res, err } } else { - cc.logger.Infow("CreateUser", "login", login) - if !cc.Authorize(accessCreateUser) { res = append(res, cc.NewErrReply(t, "You are not allowed to create new accounts.")) - return res, err + return res, nil } + cc.logger.Infow("CreateUser", "login", userLogin) + newAccess := accessBitmap{} copy(newAccess[:], getField(FieldUserAccess, &subFields).Data) @@ -835,14 +866,14 @@ func HandleUpdateUser(cc *ClientConn, t *Transaction) (res []Transaction, err er for i := 0; i < 64; i++ { if newAccess.IsSet(i) { if !cc.Authorize(i) { - return append(res, cc.NewErrReply(t, "Cannot create account with more access than yourself.")), err + return append(res, cc.NewErrReply(t, "Cannot create account with more access than yourself.")), nil } } } - err := cc.Server.NewUser(login, string(getField(FieldUserName, &subFields).Data), string(getField(FieldUserPassword, &subFields).Data), newAccess) + err = cc.Server.NewUser(userLogin, string(getField(FieldUserName, &subFields).Data), string(getField(FieldUserPassword, &subFields).Data), newAccess) if err != nil { - return []Transaction{}, err + return append(res, cc.NewErrReply(t, "Cannot create account because there is already an account with that login.")), nil } } } @@ -880,7 +911,8 @@ func HandleNewUser(cc *ClientConn, t *Transaction) (res []Transaction, err error } if err := cc.Server.NewUser(login, string(t.GetField(FieldUserName).Data), string(t.GetField(FieldUserPassword).Data), newAccess); err != nil { - return []Transaction{}, err + res = append(res, cc.NewErrReply(t, "Cannot create account because there is already an account with that login.")) + return res, err } res = append(res, cc.NewReply(t)) @@ -890,10 +922,9 @@ func HandleNewUser(cc *ClientConn, t *Transaction) (res []Transaction, err error func HandleDeleteUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessDeleteUser) { res = append(res, cc.NewErrReply(t, "You are not allowed to delete accounts.")) - return res, err + return res, nil } - // TODO: Handle case where account doesn't exist; e.g. delete race condition login := decodeString(t.GetField(FieldUserLogin).Data) if err := cc.Server.DeleteUser(login); err != nil { @@ -1163,7 +1194,7 @@ func HandleNewNewsCat(cc *ClientConn, t *Transaction) (res []Transaction, err er cats := cc.Server.GetNewsCatByPath(pathStrs) cats[name] = NewsCategoryListData15{ Name: name, - Type: []byte{0, 3}, + Type: [2]byte{0, 3}, Articles: map[uint32]*NewsArtData{}, SubCats: make(map[string]NewsCategoryListData15), } @@ -1192,7 +1223,7 @@ func HandleNewNewsFldr(cc *ClientConn, t *Transaction) (res []Transaction, err e cats := cc.Server.GetNewsCatByPath(pathStrs) cats[name] = NewsCategoryListData15{ Name: name, - Type: []byte{0, 2}, + Type: [2]byte{0, 2}, Articles: map[uint32]*NewsArtData{}, SubCats: make(map[string]NewsCategoryListData15), } @@ -1227,7 +1258,12 @@ func HandleGetNewsArtNameList(cc *ClientConn, t *Transaction) (res []Transaction nald := cat.GetNewsArtListData() - res = append(res, cc.NewReply(t, NewField(FieldNewsArtListData, nald.Payload()))) + b, err := io.ReadAll(&nald) + if err != nil { + + } + + res = append(res, cc.NewReply(t, NewField(FieldNewsArtListData, b))) return res, err } @@ -1306,7 +1342,7 @@ func HandleDelNewsItem(cc *ClientConn, t *Transaction) (res []Transaction, err e } } - if bytes.Equal(cats[delName].Type, []byte{0, 3}) { + if cats[delName].Type == [2]byte{0, 3} { if !cc.Authorize(accessNewsDeleteCat) { return append(res, cc.NewErrReply(t, "You are not allowed to delete news categories.")), nil } @@ -1887,14 +1923,17 @@ func HandleJoinChat(cc *ClientConn, t *Transaction) (res []Transaction, err erro replyFields := []Field{NewField(FieldChatSubject, []byte(privChat.Subject))} for _, c := range sortedClients(privChat.ClientConn) { - user := User{ + + b, err := io.ReadAll(&User{ ID: *c.ID, Icon: c.Icon, Flags: c.Flags, Name: string(c.UserName), + }) + if err != nil { + return res, nil } - - replyFields = append(replyFields, NewField(FieldUsernameWithInfo, user.Payload())) + replyFields = append(replyFields, NewField(FieldUsernameWithInfo, b)) } res = append(res, cc.NewReply(t, replyFields...))