X-Git-Url: https://git.r.bdr.sh/rbdr/mobius/blobdiff_plain/3c9b1dcdf40474396a3b035d548417b84a123164..0197c3f5f7ac92d83711d28739670cba2e018701:/hotline/transaction_handlers.go

diff --git a/hotline/transaction_handlers.go b/hotline/transaction_handlers.go
index 2c5a930..745cb40 100644
--- a/hotline/transaction_handlers.go
+++ b/hotline/transaction_handlers.go
@@ -5,7 +5,7 @@ import (
 	"encoding/binary"
 	"errors"
 	"fmt"
-	"gopkg.in/yaml.v2"
+	"gopkg.in/yaml.v3"
 	"io/ioutil"
 	"math/big"
 	"os"
@@ -237,8 +237,8 @@ var TransactionHandlers = map[uint16]TransactionType{
 	},
 	tranSendInstantMsg: {
 		Access: accessAlwaysAllow,
-		//Access: accessSendPrivMsg,
-		//DenyMsg: "You are not allowed to send private messages",
+		// Access: accessSendPrivMsg,
+		// DenyMsg: "You are not allowed to send private messages",
 		Name:    "tranSendInstantMsg",
 		Handler: HandleSendInstantMsg,
 		RequiredFields: []requiredField{
@@ -256,13 +256,23 @@ var TransactionHandlers = map[uint16]TransactionType{
 		Name:    "tranSetChatSubject",
 		Handler: HandleSetChatSubject,
 	},
+	tranMakeFileAlias: {
+		Access:  accessAlwaysAllow,
+		Name:    "tranMakeFileAlias",
+		Handler: HandleMakeAlias,
+		RequiredFields: []requiredField{
+			{ID: fieldFileName, minLen: 1},
+			{ID: fieldFilePath, minLen: 1},
+			{ID: fieldFileNewPath, minLen: 1},
+		},
+	},
 	tranSetClientUserInfo: {
 		Access:  accessAlwaysAllow,
 		Name:    "tranSetClientUserInfo",
 		Handler: HandleSetClientUserInfo,
 	},
 	tranSetFileInfo: {
-		Access:  accessAlwaysAllow, // granular access is in the handler
+		Access:  accessAlwaysAllow,
 		Name:    "tranSetFileInfo",
 		Handler: HandleSetFileInfo,
 	},
@@ -274,12 +284,11 @@ var TransactionHandlers = map[uint16]TransactionType{
 	},
 	tranUploadFile: {
 		Access:  accessAlwaysAllow,
-		DenyMsg: "You are not allowed to upload files.",
 		Name:    "tranUploadFile",
 		Handler: HandleUploadFile,
 	},
 	tranUploadFldr: {
-		Access:  accessAlwaysAllow, // TODO: what should this be?
+		Access:  accessAlwaysAllow,
 		Name:    "tranUploadFldr",
 		Handler: HandleUploadFolder,
 	},
@@ -292,6 +301,11 @@ var TransactionHandlers = map[uint16]TransactionType{
 }
 
 func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+	if !authorize(cc.Account.Access, accessSendChat) {
+		res = append(res, cc.NewErrReply(t, "You are not allowed to participate in chat."))
+		return res, err
+	}
+
 	// Truncate long usernames
 	trunc := fmt.Sprintf("%13s", cc.UserName)
 	formattedMsg := fmt.Sprintf("\r%.14s:  %s", trunc, t.GetField(fieldData).Data)
@@ -347,13 +361,13 @@ func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err erro
 //	101	Data	Optional
 //	214	Quoting message	Optional
 //
-//Fields used in the reply:
+// Fields used in the reply:
 // None
 func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 	msg := t.GetField(fieldData)
 	ID := t.GetField(fieldUserID)
 	// TODO: Implement reply quoting
-	//options := transaction.GetField(hotline.fieldOptions)
+	// options := transaction.GetField(hotline.fieldOptions)
 
 	res = append(res,
 		*NewTransaction(
@@ -367,23 +381,18 @@ func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, er
 	)
 	id, _ := byteToInt(ID.Data)
 
-	//keys := make([]uint16, 0, len(cc.Server.Clients))
-	//for k := range cc.Server.Clients {
-	//	keys = append(keys, k)
-	//}
-
 	otherClient := cc.Server.Clients[uint16(id)]
 	if otherClient == nil {
 		return res, errors.New("ohno")
 	}
 
 	// Respond with auto reply if other client has it enabled
-	if len(*otherClient.AutoReply) > 0 {
+	if len(otherClient.AutoReply) > 0 {
 		res = append(res,
 			*NewTransaction(
 				tranServerMsg,
 				cc.ID,
-				NewField(fieldData, *otherClient.AutoReply),
+				NewField(fieldData, otherClient.AutoReply),
 				NewField(fieldUserName, otherClient.UserName),
 				NewField(fieldUserID, *otherClient.ID),
 				NewField(fieldOptions, []byte{0, 1}),
@@ -413,7 +422,7 @@ func HandleGetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err e
 		NewField(fieldFileType, ffo.FlatFileInformationFork.TypeSignature),
 		NewField(fieldFileCreateDate, ffo.FlatFileInformationFork.CreateDate),
 		NewField(fieldFileModifyDate, ffo.FlatFileInformationFork.ModifyDate),
-		NewField(fieldFileSize, ffo.FlatFileDataForkHeader.DataSize),
+		NewField(fieldFileSize, ffo.FlatFileDataForkHeader.DataSize[:]),
 	))
 	return res, err
 }
@@ -440,7 +449,7 @@ func HandleSetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err e
 		return nil, err
 	}
 
-	//fileComment := t.GetField(fieldFileComment).Data
+	// fileComment := t.GetField(fieldFileComment).Data
 	fileNewName := t.GetField(fieldFileNewName).Data
 
 	if fileNewName != nil {
@@ -522,8 +531,8 @@ func HandleMoveFile(cc *ClientConn, t *Transaction) (res []Transaction, err erro
 
 	cc.Server.Logger.Debugw("Move file", "src", filePath+"/"+fileName, "dst", fileNewPath+"/"+fileName)
 
-	path := filePath + "/" + fileName
-	fi, err := os.Stat(path)
+	fp := filePath + "/" + fileName
+	fi, err := os.Stat(fp)
 	if err != nil {
 		return res, err
 	}
@@ -644,16 +653,17 @@ func HandleSetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error
 		}
 	}
 
-	// TODO: If we have just promoted a connected user to admin, notify
-	// connected clients to turn the user red
-
 	res = append(res, cc.NewReply(t))
 	return res, err
 }
 
 func HandleGetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-	userLogin := string(t.GetField(fieldUserLogin).Data)
-	account := cc.Server.Accounts[userLogin]
+	if !authorize(cc.Account.Access, accessOpenUser) {
+		res = append(res, cc.NewErrReply(t, "You are not allowed to view accounts."))
+		return res, err
+	}
+
+	account := cc.Server.Accounts[string(t.GetField(fieldUserLogin).Data)]
 	if account == nil {
 		errorT := cc.NewErrReply(t, "Account does not exist.")
 		res = append(res, errorT)
@@ -706,6 +716,11 @@ func HandleNewUser(cc *ClientConn, t *Transaction) (res []Transaction, err error
 }
 
 func HandleDeleteUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+	if !authorize(cc.Account.Access, accessDeleteUser) {
+		res = append(res, cc.NewErrReply(t, "You are not allowed to delete accounts."))
+		return res, err
+	}
+
 	// TODO: Handle case where account doesn't exist; e.g. delete race condition
 	login := DecodeUserString(t.GetField(fieldUserLogin).Data)
 
@@ -805,21 +820,6 @@ func HandleGetUserNameList(cc *ClientConn, t *Transaction) (res []Transaction, e
 	return res, err
 }
 
-func (cc *ClientConn) notifyNewUserHasJoined() (res []Transaction, err error) {
-	// Notify other ccs that a new user has connected
-	cc.NotifyOthers(
-		*NewTransaction(
-			tranNotifyChangeUser, nil,
-			NewField(fieldUserName, cc.UserName),
-			NewField(fieldUserID, *cc.ID),
-			NewField(fieldUserIconID, *cc.Icon),
-			NewField(fieldUserFlags, *cc.Flags),
-		),
-	)
-
-	return res, nil
-}
-
 func HandleTranAgreed(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 	cc.Agreed = true
 	cc.UserName = t.GetField(fieldUserName).Data
@@ -844,12 +844,20 @@ func HandleTranAgreed(cc *ClientConn, t *Transaction) (res []Transaction, err er
 
 	// Check auto response
 	if optBitmap.Bit(autoResponse) == 1 {
-		*cc.AutoReply = t.GetField(fieldAutomaticResponse).Data
+		cc.AutoReply = t.GetField(fieldAutomaticResponse).Data
 	} else {
-		*cc.AutoReply = []byte{}
+		cc.AutoReply = []byte{}
 	}
 
-	_, _ = cc.notifyNewUserHasJoined()
+	cc.notifyOthers(
+		*NewTransaction(
+			tranNotifyChangeUser, nil,
+			NewField(fieldUserName, cc.UserName),
+			NewField(fieldUserID, *cc.ID),
+			NewField(fieldUserIconID, *cc.Icon),
+			NewField(fieldUserFlags, *cc.Flags),
+		),
+	)
 
 	res = append(res, cc.NewReply(t))
 
@@ -1005,9 +1013,9 @@ func HandleGetNewsArtNameList(cc *ClientConn, t *Transaction) (res []Transaction
 	var cat NewsCategoryListData15
 	cats := cc.Server.ThreadedNews.Categories
 
-	for _, path := range pathStrs {
-		cat = cats[path]
-		cats = cats[path].SubCats
+	for _, fp := range pathStrs {
+		cat = cats[fp]
+		cats = cats[fp].SubCats
 	}
 
 	nald := cat.GetNewsArtListData()
@@ -1018,7 +1026,7 @@ func HandleGetNewsArtNameList(cc *ClientConn, t *Transaction) (res []Transaction
 
 func HandleGetNewsArtData(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 	// Request fields
-	// 325	News path
+	// 325	News fp
 	// 326	News article ID
 	// 327	News article data flavor
 
@@ -1027,9 +1035,9 @@ func HandleGetNewsArtData(cc *ClientConn, t *Transaction) (res []Transaction, er
 	var cat NewsCategoryListData15
 	cats := cc.Server.ThreadedNews.Categories
 
-	for _, path := range pathStrs {
-		cat = cats[path]
-		cats = cats[path].SubCats
+	for _, fp := range pathStrs {
+		cat = cats[fp]
+		cats = cats[fp].SubCats
 	}
 	newsArtID := t.GetField(fieldNewsArtID).Data
 
@@ -1079,8 +1087,8 @@ func HandleDelNewsItem(cc *ClientConn, t *Transaction) (res []Transaction, err e
 
 	delName := pathStrs[len(pathStrs)-1]
 	if len(pathStrs) > 1 {
-		for _, path := range pathStrs[0 : len(pathStrs)-1] {
-			cats = cats[path].SubCats
+		for _, fp := range pathStrs[0 : len(pathStrs)-1] {
+			cats = cats[fp].SubCats
 		}
 	}
 
@@ -1226,7 +1234,7 @@ func HandleDownloadFile(cc *ClientConn, t *Transaction) (res []Transaction, err
 		NewField(fieldRefNum, transactionRef),
 		NewField(fieldWaitingCount, []byte{0x00, 0x00}), // TODO: Implement waiting count
 		NewField(fieldTransferSize, ffo.TransferSize()),
-		NewField(fieldFileSize, ffo.FlatFileDataForkHeader.DataSize),
+		NewField(fieldFileSize, ffo.FlatFileDataForkHeader.DataSize[:]),
 	))
 
 	return res, err
@@ -1276,6 +1284,9 @@ func HandleDownloadFolder(cc *ClientConn, t *Transaction) (res []Transaction, er
 	}
 
 	fullFilePath, err := readPath(cc.Server.Config.FileRoot, t.GetField(fieldFilePath).Data, t.GetField(fieldFileName).Data)
+	if err != nil {
+		return res, err
+	}
 
 	transferSize, err := CalcTotalSize(fullFilePath)
 	if err != nil {
@@ -1305,6 +1316,21 @@ func HandleUploadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err
 	transactionRef := cc.Server.NewTransactionRef()
 	data := binary.BigEndian.Uint32(transactionRef)
 
+	var fp FilePath
+	if t.GetField(fieldFilePath).Data != nil {
+		if err = fp.UnmarshalBinary(t.GetField(fieldFilePath).Data); err != nil {
+			return res, err
+		}
+	}
+
+	// Handle special cases for Upload and Drop Box folders
+	if !authorize(cc.Account.Access, accessUploadAnywhere) {
+		if !fp.IsUploadDir() && !fp.IsDropbox() {
+			res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload of the folder \"%v\" because you are only allowed to upload to the \"Uploads\" folder.", string(t.GetField(fieldFileName).Data))))
+			return res, err
+		}
+	}
+
 	fileTransfer := &FileTransfer{
 		FileName:        t.GetField(fieldFileName).Data,
 		FilePath:        t.GetField(fieldFilePath).Data,
@@ -1319,8 +1345,10 @@ func HandleUploadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err
 	return res, err
 }
 
+// HandleUploadFile
+// Special cases:
+// * If the target directory contains "uploads" (case insensitive)
 func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-	// TODO: add permission handing for upload folders and drop boxes
 	if !authorize(cc.Account.Access, accessUploadFile) {
 		res = append(res, cc.NewErrReply(t, "You are not allowed to upload files."))
 		return res, err
@@ -1329,6 +1357,21 @@ func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err er
 	fileName := t.GetField(fieldFileName).Data
 	filePath := t.GetField(fieldFilePath).Data
 
+	var fp FilePath
+	if filePath != nil {
+		if err = fp.UnmarshalBinary(filePath); err != nil {
+			return res, err
+		}
+	}
+
+	// Handle special cases for Upload and Drop Box folders
+	if !authorize(cc.Account.Access, accessUploadAnywhere) {
+		if !fp.IsUploadDir() && !fp.IsDropbox() {
+			res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload of the file \"%v\" because you are only allowed to upload to the \"Uploads\" folder.", string(fileName))))
+			return res, err
+		}
+	}
+
 	transactionRef := cc.Server.NewTransactionRef()
 	data := binary.BigEndian.Uint32(transactionRef)
 
@@ -1343,13 +1386,6 @@ func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err er
 	return res, err
 }
 
-// User options
-const (
-	refusePM     = 0
-	refuseChat   = 1
-	autoResponse = 2
-)
-
 func HandleSetClientUserInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 	var icon []byte
 	if len(t.GetField(fieldUserIconID).Data) == 4 {
@@ -1367,23 +1403,17 @@ func HandleSetClientUserInfo(cc *ClientConn, t *Transaction) (res []Transaction,
 		optBitmap := big.NewInt(int64(binary.BigEndian.Uint16(options)))
 		flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(*cc.Flags)))
 
-		// Check refuse private PM option
-		if optBitmap.Bit(refusePM) == 1 {
-			flagBitmap.SetBit(flagBitmap, userFlagRefusePM, 1)
-			binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64()))
-		}
+		flagBitmap.SetBit(flagBitmap, userFlagRefusePM, optBitmap.Bit(refusePM))
+		binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64()))
 
-		// Check refuse private chat option
-		if optBitmap.Bit(refuseChat) == 1 {
-			flagBitmap.SetBit(flagBitmap, userFLagRefusePChat, 1)
-			binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64()))
-		}
+		flagBitmap.SetBit(flagBitmap, userFLagRefusePChat, optBitmap.Bit(refuseChat))
+		binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64()))
 
 		// Check auto response
 		if optBitmap.Bit(autoResponse) == 1 {
-			*cc.AutoReply = t.GetField(fieldAutomaticResponse).Data
+			cc.AutoReply = t.GetField(fieldAutomaticResponse).Data
 		} else {
-			*cc.AutoReply = []byte{}
+			cc.AutoReply = []byte{}
 		}
 	}
 
@@ -1418,6 +1448,19 @@ func HandleGetFileNameList(cc *ClientConn, t *Transaction) (res []Transaction, e
 		return res, err
 	}
 
+	var fp FilePath
+	if t.GetField(fieldFilePath).Data != nil {
+		if err = fp.UnmarshalBinary(t.GetField(fieldFilePath).Data); err != nil {
+			return res, err
+		}
+	}
+
+	// Handle special case for drop box folders
+	if fp.IsDropbox() && !authorize(cc.Account.Access, accessViewDropBoxes) {
+		res = append(res, cc.NewReply(t))
+		return res, err
+	}
+
 	fileNames, err := getFileNameList(fullPath)
 	if err != nil {
 		return res, err
@@ -1615,3 +1658,41 @@ func HandleSetChatSubject(cc *ClientConn, t *Transaction) (res []Transaction, er
 
 	return res, err
 }
+
+// HandleMakeAlias makes a file alias using the specified path.
+// Fields used in the request:
+// 201	File name
+// 202	File path
+// 212	File new path	Destination path
+//
+// Fields used in the reply:
+// None
+func HandleMakeAlias(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+	if !authorize(cc.Account.Access, accessMakeAlias) {
+		res = append(res, cc.NewErrReply(t, "You are not allowed to make aliases."))
+		return res, err
+	}
+	fileName := t.GetField(fieldFileName).Data
+	filePath := t.GetField(fieldFilePath).Data
+	fileNewPath := t.GetField(fieldFileNewPath).Data
+
+	fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
+	if err != nil {
+		return res, err
+	}
+
+	fullNewFilePath, err := readPath(cc.Server.Config.FileRoot, fileNewPath, fileName)
+	if err != nil {
+		return res, err
+	}
+
+	cc.Server.Logger.Debugw("Make alias", "src", fullFilePath, "dst", fullNewFilePath)
+
+	if err := FS.Symlink(fullFilePath, fullNewFilePath); err != nil {
+		res = append(res, cc.NewErrReply(t, "Error creating alias"))
+		return res, nil
+	}
+
+	res = append(res, cc.NewReply(t))
+	return res, err
+}