X-Git-Url: https://git.r.bdr.sh/rbdr/mobius/blobdiff_plain/92a7e455a347e5be7fb69b6846b9f27ca698ae12..85767504e4dc622c5ff469733e49c0cebcee57f1:/hotline/transaction_handlers.go diff --git a/hotline/transaction_handlers.go b/hotline/transaction_handlers.go index ea6d087..992dcec 100644 --- a/hotline/transaction_handlers.go +++ b/hotline/transaction_handlers.go @@ -45,13 +45,10 @@ var TransactionHandlers = map[uint16]TransactionType{ Name: "tranNotifyDeleteUser", }, tranAgreed: { - Access: accessAlwaysAllow, Name: "tranAgreed", Handler: HandleTranAgreed, }, tranChatSend: { - Access: accessSendChat, - DenyMsg: "You are not allowed to participate in chat.", Handler: HandleChatSend, Name: "tranChatSend", RequiredFields: []requiredField{ @@ -68,20 +65,16 @@ var TransactionHandlers = map[uint16]TransactionType{ Handler: HandleDelNewsArt, }, tranDelNewsItem: { - Access: accessAlwaysAllow, // Granular access enforced inside the handler // Has multiple access flags: News Delete Folder (37) or News Delete Category (35) // TODO: Implement inside the handler Name: "tranDelNewsItem", Handler: HandleDelNewsItem, }, tranDeleteFile: { - Access: accessAlwaysAllow, // Granular access enforced inside the handler Name: "tranDeleteFile", Handler: HandleDeleteFile, }, tranDeleteUser: { - Access: accessDeleteUser, - DenyMsg: "You are not allowed to delete accounts.", Name: "tranDeleteUser", Handler: HandleDeleteUser, }, @@ -110,12 +103,10 @@ var TransactionHandlers = map[uint16]TransactionType{ Handler: HandleGetClientConnInfoText, }, tranGetFileInfo: { - Access: accessAlwaysAllow, Name: "tranGetFileInfo", Handler: HandleGetFileInfo, }, tranGetFileNameList: { - Access: accessAlwaysAllow, Name: "tranGetFileNameList", Handler: HandleGetFileNameList, }, @@ -144,13 +135,11 @@ var TransactionHandlers = map[uint16]TransactionType{ Handler: HandleGetNewsCatNameList, }, tranGetUser: { - Access: accessOpenUser, DenyMsg: "You are not allowed to view accounts.", Name: "tranGetUser", Handler: HandleGetUser, }, tranGetUserNameList: { - Access: accessAlwaysAllow, Name: "tranHandleGetUserNameList", Handler: HandleGetUserNameList, }, @@ -167,17 +156,14 @@ var TransactionHandlers = map[uint16]TransactionType{ Handler: HandleInviteToChat, }, tranJoinChat: { - Access: accessAlwaysAllow, Name: "tranJoinChat", Handler: HandleJoinChat, }, tranKeepAlive: { - Access: accessAlwaysAllow, Name: "tranKeepAlive", Handler: HandleKeepAlive, }, tranLeaveChat: { - Access: accessAlwaysAllow, Name: "tranJoinChat", Handler: HandleLeaveChat, }, @@ -231,14 +217,13 @@ var TransactionHandlers = map[uint16]TransactionType{ Handler: HandlePostNewsArt, }, tranRejectChatInvite: { - Access: accessAlwaysAllow, Name: "tranRejectChatInvite", Handler: HandleRejectChatInvite, }, tranSendInstantMsg: { Access: accessAlwaysAllow, - //Access: accessSendPrivMsg, - //DenyMsg: "You are not allowed to send private messages", + // Access: accessSendPrivMsg, + // DenyMsg: "You are not allowed to send private messages", Name: "tranSendInstantMsg", Handler: HandleSendInstantMsg, RequiredFields: []requiredField{ @@ -252,17 +237,23 @@ var TransactionHandlers = map[uint16]TransactionType{ }, }, tranSetChatSubject: { - Access: accessAlwaysAllow, Name: "tranSetChatSubject", Handler: HandleSetChatSubject, }, + tranMakeFileAlias: { + Name: "tranMakeFileAlias", + Handler: HandleMakeAlias, + RequiredFields: []requiredField{ + {ID: fieldFileName, minLen: 1}, + {ID: fieldFilePath, minLen: 1}, + {ID: fieldFileNewPath, minLen: 1}, + }, + }, tranSetClientUserInfo: { - Access: accessAlwaysAllow, Name: "tranSetClientUserInfo", Handler: HandleSetClientUserInfo, }, tranSetFileInfo: { - Access: accessAlwaysAllow, // granular access is in the handler Name: "tranSetFileInfo", Handler: HandleSetFileInfo, }, @@ -273,13 +264,10 @@ var TransactionHandlers = map[uint16]TransactionType{ Handler: HandleSetUser, }, tranUploadFile: { - Access: accessUploadFile, - DenyMsg: "You are not allowed to upload files.", Name: "tranUploadFile", Handler: HandleUploadFile, }, tranUploadFldr: { - Access: accessAlwaysAllow, // TODO: what should this be? Name: "tranUploadFldr", Handler: HandleUploadFolder, }, @@ -292,6 +280,11 @@ var TransactionHandlers = map[uint16]TransactionType{ } func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err error) { + if !authorize(cc.Account.Access, accessSendChat) { + res = append(res, cc.NewErrReply(t, "You are not allowed to participate in chat.")) + return res, err + } + // Truncate long usernames trunc := fmt.Sprintf("%13s", cc.UserName) formattedMsg := fmt.Sprintf("\r%.14s: %s", trunc, t.GetField(fieldData).Data) @@ -347,13 +340,13 @@ func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err erro // 101 Data Optional // 214 Quoting message Optional // -//Fields used in the reply: +// Fields used in the reply: // None func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, err error) { msg := t.GetField(fieldData) ID := t.GetField(fieldUserID) // TODO: Implement reply quoting - //options := transaction.GetField(hotline.fieldOptions) + // options := transaction.GetField(hotline.fieldOptions) res = append(res, *NewTransaction( @@ -367,23 +360,18 @@ func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, er ) id, _ := byteToInt(ID.Data) - //keys := make([]uint16, 0, len(cc.Server.Clients)) - //for k := range cc.Server.Clients { - // keys = append(keys, k) - //} - otherClient := cc.Server.Clients[uint16(id)] if otherClient == nil { return res, errors.New("ohno") } // Respond with auto reply if other client has it enabled - if len(*otherClient.AutoReply) > 0 { + if len(otherClient.AutoReply) > 0 { res = append(res, *NewTransaction( tranServerMsg, cc.ID, - NewField(fieldData, *otherClient.AutoReply), + NewField(fieldData, otherClient.AutoReply), NewField(fieldUserName, otherClient.UserName), NewField(fieldUserID, *otherClient.ID), NewField(fieldOptions, []byte{0, 1}), @@ -413,7 +401,7 @@ func HandleGetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err e NewField(fieldFileType, ffo.FlatFileInformationFork.TypeSignature), NewField(fieldFileCreateDate, ffo.FlatFileInformationFork.CreateDate), NewField(fieldFileModifyDate, ffo.FlatFileInformationFork.ModifyDate), - NewField(fieldFileSize, ffo.FlatFileDataForkHeader.DataSize), + NewField(fieldFileSize, ffo.FlatFileDataForkHeader.DataSize[:]), )) return res, err } @@ -440,7 +428,7 @@ func HandleSetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err e return nil, err } - //fileComment := t.GetField(fieldFileComment).Data + // fileComment := t.GetField(fieldFileComment).Data fileNewName := t.GetField(fieldFileNewName).Data if fileNewName != nil { @@ -522,8 +510,8 @@ func HandleMoveFile(cc *ClientConn, t *Transaction) (res []Transaction, err erro cc.Server.Logger.Debugw("Move file", "src", filePath+"/"+fileName, "dst", fileNewPath+"/"+fileName) - path := filePath + "/" + fileName - fi, err := os.Stat(path) + fp := filePath + "/" + fileName + fi, err := os.Stat(fp) if err != nil { return res, err } @@ -644,16 +632,17 @@ func HandleSetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error } } - // TODO: If we have just promoted a connected user to admin, notify - // connected clients to turn the user red - res = append(res, cc.NewReply(t)) return res, err } func HandleGetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) { - userLogin := string(t.GetField(fieldUserLogin).Data) - account := cc.Server.Accounts[userLogin] + if !authorize(cc.Account.Access, accessOpenUser) { + res = append(res, cc.NewErrReply(t, "You are not allowed to view accounts.")) + return res, err + } + + account := cc.Server.Accounts[string(t.GetField(fieldUserLogin).Data)] if account == nil { errorT := cc.NewErrReply(t, "Account does not exist.") res = append(res, errorT) @@ -706,6 +695,11 @@ func HandleNewUser(cc *ClientConn, t *Transaction) (res []Transaction, err error } func HandleDeleteUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) { + if !authorize(cc.Account.Access, accessDeleteUser) { + res = append(res, cc.NewErrReply(t, "You are not allowed to delete accounts.")) + return res, err + } + // TODO: Handle case where account doesn't exist; e.g. delete race condition login := DecodeUserString(t.GetField(fieldUserLogin).Data) @@ -805,27 +799,9 @@ func HandleGetUserNameList(cc *ClientConn, t *Transaction) (res []Transaction, e return res, err } -func (cc *ClientConn) notifyNewUserHasJoined() (res []Transaction, err error) { - // Notify other ccs that a new user has connected - cc.NotifyOthers( - *NewTransaction( - tranNotifyChangeUser, nil, - NewField(fieldUserName, cc.UserName), - NewField(fieldUserID, *cc.ID), - NewField(fieldUserIconID, *cc.Icon), - NewField(fieldUserFlags, *cc.Flags), - ), - ) - - return res, nil -} - func HandleTranAgreed(cc *ClientConn, t *Transaction) (res []Transaction, err error) { - bs := make([]byte, 2) - binary.BigEndian.PutUint16(bs, *cc.Server.NextGuestID) - + cc.Agreed = true cc.UserName = t.GetField(fieldUserName).Data - *cc.ID = bs *cc.Icon = t.GetField(fieldUserIconID).Data options := t.GetField(fieldOptions).Data @@ -847,12 +823,20 @@ func HandleTranAgreed(cc *ClientConn, t *Transaction) (res []Transaction, err er // Check auto response if optBitmap.Bit(autoResponse) == 1 { - *cc.AutoReply = t.GetField(fieldAutomaticResponse).Data + cc.AutoReply = t.GetField(fieldAutomaticResponse).Data } else { - *cc.AutoReply = []byte{} + cc.AutoReply = []byte{} } - _, _ = cc.notifyNewUserHasJoined() + cc.notifyOthers( + *NewTransaction( + tranNotifyChangeUser, nil, + NewField(fieldUserName, cc.UserName), + NewField(fieldUserID, *cc.ID), + NewField(fieldUserIconID, *cc.Icon), + NewField(fieldUserFlags, *cc.Flags), + ), + ) res = append(res, cc.NewReply(t)) @@ -1008,9 +992,9 @@ func HandleGetNewsArtNameList(cc *ClientConn, t *Transaction) (res []Transaction var cat NewsCategoryListData15 cats := cc.Server.ThreadedNews.Categories - for _, path := range pathStrs { - cat = cats[path] - cats = cats[path].SubCats + for _, fp := range pathStrs { + cat = cats[fp] + cats = cats[fp].SubCats } nald := cat.GetNewsArtListData() @@ -1021,7 +1005,7 @@ func HandleGetNewsArtNameList(cc *ClientConn, t *Transaction) (res []Transaction func HandleGetNewsArtData(cc *ClientConn, t *Transaction) (res []Transaction, err error) { // Request fields - // 325 News path + // 325 News fp // 326 News article ID // 327 News article data flavor @@ -1030,9 +1014,9 @@ func HandleGetNewsArtData(cc *ClientConn, t *Transaction) (res []Transaction, er var cat NewsCategoryListData15 cats := cc.Server.ThreadedNews.Categories - for _, path := range pathStrs { - cat = cats[path] - cats = cats[path].SubCats + for _, fp := range pathStrs { + cat = cats[fp] + cats = cats[fp].SubCats } newsArtID := t.GetField(fieldNewsArtID).Data @@ -1082,8 +1066,8 @@ func HandleDelNewsItem(cc *ClientConn, t *Transaction) (res []Transaction, err e delName := pathStrs[len(pathStrs)-1] if len(pathStrs) > 1 { - for _, path := range pathStrs[0 : len(pathStrs)-1] { - cats = cats[path].SubCats + for _, fp := range pathStrs[0 : len(pathStrs)-1] { + cats = cats[fp].SubCats } } @@ -1143,7 +1127,7 @@ func HandlePostNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err e newArt := NewsArtData{ Title: string(t.GetField(fieldNewsArtTitle).Data), Poster: string(cc.UserName), - Date: NewsDate(), + Date: toHotlineTime(time.Now()), PrevArt: []byte{0, 0, 0, 0}, NextArt: []byte{0, 0, 0, 0}, ParentArt: append([]byte{0, 0}, t.GetField(fieldNewsArtID).Data...), @@ -1229,7 +1213,7 @@ func HandleDownloadFile(cc *ClientConn, t *Transaction) (res []Transaction, err NewField(fieldRefNum, transactionRef), NewField(fieldWaitingCount, []byte{0x00, 0x00}), // TODO: Implement waiting count NewField(fieldTransferSize, ffo.TransferSize()), - NewField(fieldFileSize, ffo.FlatFileDataForkHeader.DataSize), + NewField(fieldFileSize, ffo.FlatFileDataForkHeader.DataSize[:]), )) return res, err @@ -1279,6 +1263,9 @@ func HandleDownloadFolder(cc *ClientConn, t *Transaction) (res []Transaction, er } fullFilePath, err := readPath(cc.Server.Config.FileRoot, t.GetField(fieldFilePath).Data, t.GetField(fieldFileName).Data) + if err != nil { + return res, err + } transferSize, err := CalcTotalSize(fullFilePath) if err != nil { @@ -1308,6 +1295,21 @@ func HandleUploadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err transactionRef := cc.Server.NewTransactionRef() data := binary.BigEndian.Uint32(transactionRef) + var fp FilePath + if t.GetField(fieldFilePath).Data != nil { + if err = fp.UnmarshalBinary(t.GetField(fieldFilePath).Data); err != nil { + return res, err + } + } + + // Handle special cases for Upload and Drop Box folders + if !authorize(cc.Account.Access, accessUploadAnywhere) { + if !fp.IsUploadDir() && !fp.IsDropbox() { + res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload of the folder \"%v\" because you are only allowed to upload to the \"Uploads\" folder.", string(t.GetField(fieldFileName).Data)))) + return res, err + } + } + fileTransfer := &FileTransfer{ FileName: t.GetField(fieldFileName).Data, FilePath: t.GetField(fieldFilePath).Data, @@ -1322,33 +1324,47 @@ func HandleUploadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err return res, err } +// HandleUploadFile +// Special cases: +// * If the target directory contains "uploads" (case insensitive) func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) { + if !authorize(cc.Account.Access, accessUploadFile) { + res = append(res, cc.NewErrReply(t, "You are not allowed to upload files.")) + return res, err + } + fileName := t.GetField(fieldFileName).Data filePath := t.GetField(fieldFilePath).Data + var fp FilePath + if filePath != nil { + if err = fp.UnmarshalBinary(filePath); err != nil { + return res, err + } + } + + // Handle special cases for Upload and Drop Box folders + if !authorize(cc.Account.Access, accessUploadAnywhere) { + if !fp.IsUploadDir() && !fp.IsDropbox() { + res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload of the file \"%v\" because you are only allowed to upload to the \"Uploads\" folder.", string(fileName)))) + return res, err + } + } + transactionRef := cc.Server.NewTransactionRef() data := binary.BigEndian.Uint32(transactionRef) - fileTransfer := &FileTransfer{ + cc.Server.FileTransfers[data] = &FileTransfer{ FileName: fileName, FilePath: filePath, ReferenceNumber: transactionRef, Type: FileUpload, } - cc.Server.FileTransfers[data] = fileTransfer - res = append(res, cc.NewReply(t, NewField(fieldRefNum, transactionRef))) return res, err } -// User options -const ( - refusePM = 0 - refuseChat = 1 - autoResponse = 2 -) - func HandleSetClientUserInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) { var icon []byte if len(t.GetField(fieldUserIconID).Data) == 4 { @@ -1366,23 +1382,17 @@ func HandleSetClientUserInfo(cc *ClientConn, t *Transaction) (res []Transaction, optBitmap := big.NewInt(int64(binary.BigEndian.Uint16(options))) flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(*cc.Flags))) - // Check refuse private PM option - if optBitmap.Bit(refusePM) == 1 { - flagBitmap.SetBit(flagBitmap, userFlagRefusePM, 1) - binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64())) - } + flagBitmap.SetBit(flagBitmap, userFlagRefusePM, optBitmap.Bit(refusePM)) + binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64())) - // Check refuse private chat option - if optBitmap.Bit(refuseChat) == 1 { - flagBitmap.SetBit(flagBitmap, userFLagRefusePChat, 1) - binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64())) - } + flagBitmap.SetBit(flagBitmap, userFLagRefusePChat, optBitmap.Bit(refuseChat)) + binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64())) // Check auto response if optBitmap.Bit(autoResponse) == 1 { - *cc.AutoReply = t.GetField(fieldAutomaticResponse).Data + cc.AutoReply = t.GetField(fieldAutomaticResponse).Data } else { - *cc.AutoReply = []byte{} + cc.AutoReply = []byte{} } } @@ -1398,9 +1408,9 @@ func HandleSetClientUserInfo(cc *ClientConn, t *Transaction) (res []Transaction, return res, err } -// HandleKeepAlive response to keepalive transactions with an empty reply -// HL 1.9.2 Client sends keepalive msg every 3 minutes -// HL 1.2.3 Client doesn't send keepalives +// HandleKeepAlive responds to keepalive transactions with an empty reply +// * HL 1.9.2 Client sends keepalive msg every 3 minutes +// * HL 1.2.3 Client doesn't send keepalives func HandleKeepAlive(cc *ClientConn, t *Transaction) (res []Transaction, err error) { res = append(res, cc.NewReply(t)) @@ -1417,6 +1427,19 @@ func HandleGetFileNameList(cc *ClientConn, t *Transaction) (res []Transaction, e return res, err } + var fp FilePath + if t.GetField(fieldFilePath).Data != nil { + if err = fp.UnmarshalBinary(t.GetField(fieldFilePath).Data); err != nil { + return res, err + } + } + + // Handle special case for drop box folders + if fp.IsDropbox() && !authorize(cc.Account.Access, accessViewDropBoxes) { + res = append(res, cc.NewReply(t)) + return res, err + } + fileNames, err := getFileNameList(fullPath) if err != nil { return res, err @@ -1614,3 +1637,41 @@ func HandleSetChatSubject(cc *ClientConn, t *Transaction) (res []Transaction, er return res, err } + +// HandleMakeAlias makes a file alias using the specified path. +// Fields used in the request: +// 201 File name +// 202 File path +// 212 File new path Destination path +// +// Fields used in the reply: +// None +func HandleMakeAlias(cc *ClientConn, t *Transaction) (res []Transaction, err error) { + if !authorize(cc.Account.Access, accessMakeAlias) { + res = append(res, cc.NewErrReply(t, "You are not allowed to make aliases.")) + return res, err + } + fileName := t.GetField(fieldFileName).Data + filePath := t.GetField(fieldFilePath).Data + fileNewPath := t.GetField(fieldFileNewPath).Data + + fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName) + if err != nil { + return res, err + } + + fullNewFilePath, err := readPath(cc.Server.Config.FileRoot, fileNewPath, fileName) + if err != nil { + return res, err + } + + cc.Server.Logger.Debugw("Make alias", "src", fullFilePath, "dst", fullNewFilePath) + + if err := FS.Symlink(fullFilePath, fullNewFilePath); err != nil { + res = append(res, cc.NewErrReply(t, "Error creating alias")) + return res, nil + } + + res = append(res, cc.NewReply(t)) + return res, err +}