X-Git-Url: https://git.r.bdr.sh/rbdr/mobius/blobdiff_plain/aeb97482e923b5c441dd59e3ca4a7e275ac2b4c2..a6216dd89252fa01dc176f98f1e4ecfd3f637566:/hotline/transaction_handlers.go diff --git a/hotline/transaction_handlers.go b/hotline/transaction_handlers.go index 137b2a0..3accf2c 100644 --- a/hotline/transaction_handlers.go +++ b/hotline/transaction_handlers.go @@ -6,6 +6,7 @@ import ( "errors" "fmt" "gopkg.in/yaml.v3" + "io" "math/big" "os" "path" @@ -305,7 +306,7 @@ func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err erro func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessSendPrivMsg) { res = append(res, cc.NewErrReply(t, "You are not allowed to send private messages.")) - return res, err + return res, errors.New("user is not allowed to send private messages") } msg := t.GetField(FieldData) @@ -326,7 +327,10 @@ func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, er reply.Fields = append(reply.Fields, NewField(FieldQuotingMsg, t.GetField(FieldQuotingMsg).Data)) } - id, _ := byteToInt(ID.Data) + id, err := byteToInt(ID.Data) + if err != nil { + return res, errors.New("invalid client ID") + } otherClient, ok := cc.Server.Clients[uint16(id)] if !ok { return res, errors.New("invalid client ID") @@ -334,7 +338,7 @@ func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, er // Check if target user has "Refuse private messages" flag flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(otherClient.Flags))) - if flagBitmap.Bit(userFLagRefusePChat) == 1 { + if flagBitmap.Bit(UserFlagRefusePM) == 1 { res = append(res, *NewTransaction( TranServerMsg, @@ -382,16 +386,31 @@ func HandleGetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err e return res, err } - res = append(res, cc.NewReply(t, - NewField(FieldFileName, []byte(fw.name)), + encodedName, err := txtEncoder.String(fw.name) + if err != nil { + return res, fmt.Errorf("invalid filepath encoding: %w", err) + } + + fields := []Field{ + NewField(FieldFileName, []byte(encodedName)), NewField(FieldFileTypeString, fw.ffo.FlatFileInformationFork.friendlyType()), NewField(FieldFileCreatorString, fw.ffo.FlatFileInformationFork.friendlyCreator()), - NewField(FieldFileComment, fw.ffo.FlatFileInformationFork.Comment), NewField(FieldFileType, fw.ffo.FlatFileInformationFork.TypeSignature), NewField(FieldFileCreateDate, fw.ffo.FlatFileInformationFork.CreateDate), NewField(FieldFileModifyDate, fw.ffo.FlatFileInformationFork.ModifyDate), - NewField(FieldFileSize, fw.totalSize()), - )) + } + + // Include the optional FileComment field if there is a comment. + if len(fw.ffo.FlatFileInformationFork.Comment) != 0 { + fields = append(fields, NewField(FieldFileComment, fw.ffo.FlatFileInformationFork.Comment)) + } + + // Include the FileSize field for files. + if !bytes.Equal(fw.ffo.FlatFileInformationFork.TypeSignature, []byte{0x66, 0x6c, 0x64, 0x72}) { + fields = append(fields, NewField(FieldFileSize, fw.totalSize())) + } + + res = append(res, cc.NewReply(t, fields...)) return res, err } @@ -441,7 +460,7 @@ func HandleSetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err e if err != nil { return res, err } - _, err = w.Write(hlFile.ffo.FlatFileInformationFork.MarshalBinary()) + _, err = io.Copy(w, &hlFile.ffo.FlatFileInformationFork) if err != nil { return res, err } @@ -475,7 +494,11 @@ func HandleSetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err e if err != nil { return nil, err } - hlFile.name = string(fileNewName) + hlFile.name, err = txtDecoder.String(string(fileNewName)) + if err != nil { + return res, fmt.Errorf("invalid filepath encoding: %w", err) + } + err = hlFile.move(fileDir) if os.IsNotExist(err) { res = append(res, cc.NewErrReply(t, "Cannot rename file "+string(fileName)+" because it does not exist or cannot be found.")) @@ -551,7 +574,7 @@ func HandleMoveFile(cc *ClientConn, t *Transaction) (res []Transaction, err erro return res, err } - cc.logger.Infow("Move file", "src", filePath+"/"+fileName, "dst", fileNewPath+"/"+fileName) + cc.logger.Info("Move file", "src", filePath+"/"+fileName, "dst", fileNewPath+"/"+fileName) hlFile, err := newFileWrapper(cc.Server.FS, filePath, 0) if err != nil { @@ -563,9 +586,6 @@ func HandleMoveFile(cc *ClientConn, t *Transaction) (res []Transaction, err erro res = append(res, cc.NewErrReply(t, "Cannot delete file "+fileName+" because it does not exist or cannot be found.")) return res, err } - if err != nil { - return res, err - } switch mode := fi.Mode(); { case mode.IsDir(): if !cc.Authorize(accessMoveFolder) { @@ -611,6 +631,10 @@ func HandleNewFolder(cc *ClientConn, t *Transaction) (res []Transaction, err err } } newFolderPath := path.Join(cc.Server.Config.FileRoot, subPath, folderName) + newFolderPath, err = txtDecoder.String(newFolderPath) + if err != nil { + return res, fmt.Errorf("invalid filepath encoding: %w", err) + } // TODO: check path and folder name lengths @@ -619,8 +643,6 @@ func HandleNewFolder(cc *ClientConn, t *Transaction) (res []Transaction, err err return []Transaction{cc.NewErrReply(t, msg)}, nil } - // TODO: check for disallowed characters to maintain compatibility for original client - if err := cc.Server.FS.Mkdir(newFolderPath, 0777); err != nil { msg := fmt.Sprintf("Cannot create folder \"%s\" because an error occurred.", folderName) return []Transaction{cc.NewErrReply(t, msg)}, nil @@ -636,12 +658,15 @@ func HandleSetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error return res, err } - login := DecodeUserString(t.GetField(FieldUserLogin).Data) + login := string(encodeString(t.GetField(FieldUserLogin).Data)) userName := string(t.GetField(FieldUserName).Data) newAccessLvl := t.GetField(FieldUserAccess).Data account := cc.Server.Accounts[login] + if account == nil { + return append(res, cc.NewErrReply(t, "Account not found.")), nil + } account.Name = userName copy(account.Access[:], newAccessLvl) @@ -650,7 +675,8 @@ func HandleSetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error if t.GetField(FieldUserPassword).Data == nil { account.Password = hashAndSalt([]byte("")) } - if len(t.GetField(FieldUserPassword).Data) > 1 { + + if !bytes.Equal([]byte{0}, t.GetField(FieldUserPassword).Data) { account.Password = hashAndSalt(t.GetField(FieldUserPassword).Data) } @@ -671,9 +697,9 @@ func HandleSetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(c.Flags))) if c.Authorize(accessDisconUser) { - flagBitmap.SetBit(flagBitmap, userFlagAdmin, 1) + flagBitmap.SetBit(flagBitmap, UserFlagAdmin, 1) } else { - flagBitmap.SetBit(flagBitmap, userFlagAdmin, 0) + flagBitmap.SetBit(flagBitmap, UserFlagAdmin, 0) } binary.BigEndian.PutUint16(c.Flags, uint16(flagBitmap.Int64())) @@ -707,7 +733,7 @@ func HandleGetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error res = append(res, cc.NewReply(t, NewField(FieldUserName, []byte(account.Name)), - NewField(FieldUserLogin, negateString(t.GetField(FieldUserLogin).Data)), + NewField(FieldUserLogin, encodeString(t.GetField(FieldUserLogin).Data)), NewField(FieldUserPassword, []byte(account.Password)), NewField(FieldUserAccess, account.Access[:]), )) @@ -722,13 +748,12 @@ func HandleListUsers(cc *ClientConn, t *Transaction) (res []Transaction, err err var userFields []Field for _, acc := range cc.Server.Accounts { - b := make([]byte, 0, 100) - n, err := acc.Read(b) + b, err := io.ReadAll(acc) if err != nil { return res, err } - userFields = append(userFields, NewField(FieldData, b[:n])) + userFields = append(userFields, NewField(FieldData, b)) } res = append(res, cc.NewReply(t, userFields...)) @@ -751,36 +776,63 @@ func HandleUpdateUser(cc *ClientConn, t *Transaction) (res []Transaction, err er return res, err } + // If there's only one subfield, that indicates this is a delete operation for the login in FieldData if len(subFields) == 1 { - login := DecodeUserString(getField(FieldData, &subFields).Data) - cc.logger.Infow("DeleteUser", "login", login) - if !cc.Authorize(accessDeleteUser) { res = append(res, cc.NewErrReply(t, "You are not allowed to delete accounts.")) return res, err } + login := string(encodeString(getField(FieldData, &subFields).Data)) + cc.logger.Info("DeleteUser", "login", login) + if err := cc.Server.DeleteUser(login); err != nil { return res, err } continue } - login := DecodeUserString(getField(FieldUserLogin, &subFields).Data) + // login of the account to update + var accountToUpdate, loginToRename string - // check if the login dataFile; if so, we know we are updating an existing user - if acc, ok := cc.Server.Accounts[login]; ok { - cc.logger.Infow("UpdateUser", "login", login) + // If FieldData is included, this is a rename operation where FieldData contains the login of the existing + // account and FieldUserLogin contains the new login. + if getField(FieldData, &subFields) != nil { + loginToRename = string(encodeString(getField(FieldData, &subFields).Data)) + } + userLogin := string(encodeString(getField(FieldUserLogin, &subFields).Data)) + if loginToRename != "" { + accountToUpdate = loginToRename + } else { + accountToUpdate = userLogin + } + + // Check if accountToUpdate has an existing account. If so, we know we are updating an existing user. + if acc, ok := cc.Server.Accounts[accountToUpdate]; ok { + if loginToRename != "" { + cc.logger.Info("RenameUser", "prevLogin", accountToUpdate, "newLogin", userLogin) + } else { + cc.logger.Info("UpdateUser", "login", accountToUpdate) + } - // account dataFile, so this is an update action + // account exists, so this is an update action if !cc.Authorize(accessModifyUser) { res = append(res, cc.NewErrReply(t, "You are not allowed to modify accounts.")) - return res, err + return res, nil } + // This part is a bit tricky. There are three possibilities: + // 1) The transaction is intended to update the password. + // In this case, FieldUserPassword is sent with the new password. + // 2) The transaction is intended to remove the password. + // In this case, FieldUserPassword is not sent. + // 3) The transaction updates the users access bits, but not the password. + // In this case, FieldUserPassword is sent with zero as the only byte. if getField(FieldUserPassword, &subFields) != nil { newPass := getField(FieldUserPassword, &subFields).Data - acc.Password = hashAndSalt(newPass) + if !bytes.Equal([]byte{0}, newPass) { + acc.Password = hashAndSalt(newPass) + } } else { acc.Password = hashAndSalt([]byte("")) } @@ -790,8 +842,8 @@ func HandleUpdateUser(cc *ClientConn, t *Transaction) (res []Transaction, err er } err = cc.Server.UpdateUser( - DecodeUserString(getField(FieldData, &subFields).Data), - DecodeUserString(getField(FieldUserLogin, &subFields).Data), + string(encodeString(getField(FieldData, &subFields).Data)), + string(encodeString(getField(FieldUserLogin, &subFields).Data)), string(getField(FieldUserName, &subFields).Data), acc.Password, acc.Access, @@ -800,13 +852,13 @@ func HandleUpdateUser(cc *ClientConn, t *Transaction) (res []Transaction, err er return res, err } } else { - cc.logger.Infow("CreateUser", "login", login) - if !cc.Authorize(accessCreateUser) { res = append(res, cc.NewErrReply(t, "You are not allowed to create new accounts.")) - return res, err + return res, nil } + cc.logger.Info("CreateUser", "login", userLogin) + newAccess := accessBitmap{} copy(newAccess[:], getField(FieldUserAccess, &subFields).Data) @@ -814,14 +866,14 @@ func HandleUpdateUser(cc *ClientConn, t *Transaction) (res []Transaction, err er for i := 0; i < 64; i++ { if newAccess.IsSet(i) { if !cc.Authorize(i) { - return append(res, cc.NewErrReply(t, "Cannot create account with more access than yourself.")), err + return append(res, cc.NewErrReply(t, "Cannot create account with more access than yourself.")), nil } } } - err := cc.Server.NewUser(login, string(getField(FieldUserName, &subFields).Data), string(getField(FieldUserPassword, &subFields).Data), newAccess) + err = cc.Server.NewUser(userLogin, string(getField(FieldUserName, &subFields).Data), string(getField(FieldUserPassword, &subFields).Data), newAccess) if err != nil { - return []Transaction{}, err + return append(res, cc.NewErrReply(t, "Cannot create account because there is already an account with that login.")), nil } } } @@ -837,7 +889,7 @@ func HandleNewUser(cc *ClientConn, t *Transaction) (res []Transaction, err error return res, err } - login := DecodeUserString(t.GetField(FieldUserLogin).Data) + login := string(encodeString(t.GetField(FieldUserLogin).Data)) // If the account already dataFile, reply with an error if _, ok := cc.Server.Accounts[login]; ok { @@ -859,7 +911,8 @@ func HandleNewUser(cc *ClientConn, t *Transaction) (res []Transaction, err error } if err := cc.Server.NewUser(login, string(t.GetField(FieldUserName).Data), string(t.GetField(FieldUserPassword).Data), newAccess); err != nil { - return []Transaction{}, err + res = append(res, cc.NewErrReply(t, "Cannot create account because there is already an account with that login.")) + return res, err } res = append(res, cc.NewReply(t)) @@ -869,11 +922,10 @@ func HandleNewUser(cc *ClientConn, t *Transaction) (res []Transaction, err error func HandleDeleteUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) { if !cc.Authorize(accessDeleteUser) { res = append(res, cc.NewErrReply(t, "You are not allowed to delete accounts.")) - return res, err + return res, nil } - // TODO: Handle case where account doesn't exist; e.g. delete race condition - login := DecodeUserString(t.GetField(FieldUserLogin).Data) + login := string(encodeString(t.GetField(FieldUserLogin).Data)) if err := cc.Server.DeleteUser(login); err != nil { return res, err @@ -946,7 +998,7 @@ func HandleTranAgreed(cc *ClientConn, t *Transaction) (res []Transaction, err er cc.Icon = t.GetField(FieldUserIconID).Data cc.logger = cc.logger.With("name", string(cc.UserName)) - cc.logger.Infow("Login successful", "clientVersion", fmt.Sprintf("%v", func() int { i, _ := byteToInt(cc.Version); return i }())) + cc.logger.Info("Login successful", "clientVersion", fmt.Sprintf("%v", func() int { i, _ := byteToInt(cc.Version); return i }())) options := t.GetField(FieldOptions).Data optBitmap := big.NewInt(int64(binary.BigEndian.Uint16(options))) @@ -955,13 +1007,13 @@ func HandleTranAgreed(cc *ClientConn, t *Transaction) (res []Transaction, err er // Check refuse private PM option if optBitmap.Bit(refusePM) == 1 { - flagBitmap.SetBit(flagBitmap, userFlagRefusePM, 1) + flagBitmap.SetBit(flagBitmap, UserFlagRefusePM, 1) binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64())) } // Check refuse private chat option if optBitmap.Bit(refuseChat) == 1 { - flagBitmap.SetBit(flagBitmap, userFLagRefusePChat, 1) + flagBitmap.SetBit(flagBitmap, UserFlagRefusePChat, 1) binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64())) } @@ -1015,7 +1067,7 @@ func HandleTranOldPostNews(cc *ClientConn, t *Transaction) (res []Transaction, e } newsPost := fmt.Sprintf(newsTemplate+"\r", cc.UserName, time.Now().Format(newsDateTemplate), t.GetField(FieldData).Data) - newsPost = strings.Replace(newsPost, "\n", "\r", -1) + newsPost = strings.ReplaceAll(newsPost, "\n", "\r") // update news in memory cc.Server.FlatNews = append([]byte(newsPost), cc.Server.FlatNews...) @@ -1055,7 +1107,7 @@ func HandleDisconnectUser(cc *ClientConn, t *Transaction) (res []Transaction, er switch t.GetField(FieldOptions).Data[1] { case 1: // send message: "You are temporarily banned on this server" - cc.logger.Infow("Disconnect & temporarily ban " + string(clientConn.UserName)) + cc.logger.Info("Disconnect & temporarily ban " + string(clientConn.UserName)) res = append(res, *NewTransaction( TranServerMsg, @@ -1066,10 +1118,9 @@ func HandleDisconnectUser(cc *ClientConn, t *Transaction) (res []Transaction, er banUntil := time.Now().Add(tempBanDuration) cc.Server.banList[strings.Split(clientConn.RemoteAddr, ":")[0]] = &banUntil - cc.Server.writeBanList() case 2: // send message: "You are permanently banned on this server" - cc.logger.Infow("Disconnect & ban " + string(clientConn.UserName)) + cc.logger.Info("Disconnect & ban " + string(clientConn.UserName)) res = append(res, *NewTransaction( TranServerMsg, @@ -1079,7 +1130,11 @@ func HandleDisconnectUser(cc *ClientConn, t *Transaction) (res []Transaction, er )) cc.Server.banList[strings.Split(clientConn.RemoteAddr, ":")[0]] = nil - cc.Server.writeBanList() + } + + err := cc.Server.writeBanList() + if err != nil { + return res, err } } @@ -1139,7 +1194,7 @@ func HandleNewNewsCat(cc *ClientConn, t *Transaction) (res []Transaction, err er cats := cc.Server.GetNewsCatByPath(pathStrs) cats[name] = NewsCategoryListData15{ Name: name, - Type: []byte{0, 3}, + Type: [2]byte{0, 3}, Articles: map[uint32]*NewsArtData{}, SubCats: make(map[string]NewsCategoryListData15), } @@ -1163,12 +1218,10 @@ func HandleNewNewsFldr(cc *ClientConn, t *Transaction) (res []Transaction, err e name := string(t.GetField(FieldFileName).Data) pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data) - cc.logger.Infof("Creating new news folder %s", name) - cats := cc.Server.GetNewsCatByPath(pathStrs) cats[name] = NewsCategoryListData15{ Name: name, - Type: []byte{0, 2}, + Type: [2]byte{0, 2}, Articles: map[uint32]*NewsArtData{}, SubCats: make(map[string]NewsCategoryListData15), } @@ -1203,7 +1256,12 @@ func HandleGetNewsArtNameList(cc *ClientConn, t *Transaction) (res []Transaction nald := cat.GetNewsArtListData() - res = append(res, cc.NewReply(t, NewField(FieldNewsArtListData, nald.Payload()))) + b, err := io.ReadAll(&nald) + if err != nil { + + } + + res = append(res, cc.NewReply(t, NewField(FieldNewsArtListData, b))) return res, err } @@ -1282,7 +1340,7 @@ func HandleDelNewsItem(cc *ClientConn, t *Transaction) (res []Transaction, err e } } - if bytes.Equal(cats[delName].Type, []byte{0, 3}) { + if cats[delName].Type == [2]byte{0, 3} { if !cc.Authorize(accessNewsDeleteCat) { return append(res, cc.NewErrReply(t, "You are not allowed to delete news categories.")), nil } @@ -1644,10 +1702,10 @@ func HandleSetClientUserInfo(cc *ClientConn, t *Transaction) (res []Transaction, optBitmap := big.NewInt(int64(binary.BigEndian.Uint16(options))) flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(cc.Flags))) - flagBitmap.SetBit(flagBitmap, userFlagRefusePM, optBitmap.Bit(refusePM)) + flagBitmap.SetBit(flagBitmap, UserFlagRefusePM, optBitmap.Bit(refusePM)) binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64())) - flagBitmap.SetBit(flagBitmap, userFLagRefusePChat, optBitmap.Bit(refuseChat)) + flagBitmap.SetBit(flagBitmap, UserFlagRefusePChat, optBitmap.Bit(refuseChat)) binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64())) // Check auto response @@ -1742,7 +1800,7 @@ func HandleInviteNewChat(cc *ClientConn, t *Transaction) (res []Transaction, err targetClient := cc.Server.Clients[binary.BigEndian.Uint16(targetID)] flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(targetClient.Flags))) - if flagBitmap.Bit(userFLagRefusePChat) == 1 { + if flagBitmap.Bit(UserFlagRefusePChat) == 1 { res = append(res, *NewTransaction( TranServerMsg, @@ -1863,14 +1921,17 @@ func HandleJoinChat(cc *ClientConn, t *Transaction) (res []Transaction, err erro replyFields := []Field{NewField(FieldChatSubject, []byte(privChat.Subject))} for _, c := range sortedClients(privChat.ClientConn) { - user := User{ + + b, err := io.ReadAll(&User{ ID: *c.ID, Icon: c.Icon, Flags: c.Flags, Name: string(c.UserName), + }) + if err != nil { + return res, nil } - - replyFields = append(replyFields, NewField(FieldUsernameWithInfo, user.Payload())) + replyFields = append(replyFields, NewField(FieldUsernameWithInfo, b)) } res = append(res, cc.NewReply(t, replyFields...)) @@ -1961,7 +2022,7 @@ func HandleMakeAlias(cc *ClientConn, t *Transaction) (res []Transaction, err err return res, err } - cc.logger.Debugw("Make alias", "src", fullFilePath, "dst", fullNewFilePath) + cc.logger.Debug("Make alias", "src", fullFilePath, "dst", fullNewFilePath) if err := cc.Server.FS.Symlink(fullFilePath, fullNewFilePath); err != nil { res = append(res, cc.NewErrReply(t, "Error creating alias"))