X-Git-Url: https://git.r.bdr.sh/rbdr/mobius/blobdiff_plain/d29edb0a25c577f6490f21844fa13e13ba3e731e..f0e5040e02adc26e25cb54cd345fd3989b25f0a3:/hotline/transaction_handlers.go?ds=inline diff --git a/hotline/transaction_handlers.go b/hotline/transaction_handlers.go index 46fe362..6816456 100644 --- a/hotline/transaction_handlers.go +++ b/hotline/transaction_handlers.go @@ -253,9 +253,10 @@ func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err erro formattedMsg = fmt.Sprintf("\r*** %s %s", cc.UserName, t.GetField(fieldData).Data) } + // The ChatID field is used to identify messages as belonging to a private chat. + // All clients *except* Frogblast omit this field for public chat, but Frogblast sends a value of 00 00 00 00. chatID := t.GetField(fieldChatID).Data - // a non-nil chatID indicates the message belongs to a private chat - if chatID != nil { + if chatID != nil && !bytes.Equal([]byte{0, 0, 0, 0}, chatID) { chatInt := binary.BigEndian.Uint32(chatID) privChat := cc.Server.PrivateChats[chatInt] @@ -321,14 +322,29 @@ func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, er reply.Fields = append(reply.Fields, NewField(fieldQuotingMsg, t.GetField(fieldQuotingMsg).Data)) } - res = append(res, *reply) - id, _ := byteToInt(ID.Data) otherClient, ok := cc.Server.Clients[uint16(id)] if !ok { return res, errors.New("invalid client ID") } + // Check if target user has "Refuse private messages" flag + flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(otherClient.Flags))) + if flagBitmap.Bit(userFLagRefusePChat) == 1 { + res = append(res, + *NewTransaction( + tranServerMsg, + cc.ID, + NewField(fieldData, []byte(string(otherClient.UserName)+" does not accept private messages.")), + NewField(fieldUserName, otherClient.UserName), + NewField(fieldUserID, *otherClient.ID), + NewField(fieldOptions, []byte{0, 2}), + ), + ) + } else { + res = append(res, *reply) + } + // Respond with auto reply if other client has it enabled if len(otherClient.AutoReply) > 0 { res = append(res, @@ -790,6 +806,15 @@ func HandleUpdateUser(cc *ClientConn, t *Transaction) (res []Transaction, err er newAccess := accessBitmap{} copy(newAccess[:], getField(fieldUserAccess, &subFields).Data[:]) + // Prevent account from creating new account with greater permission + for i := 0; i < 64; i++ { + if newAccess.IsSet(i) { + if !cc.Authorize(i) { + return append(res, cc.NewErrReply(t, "Cannot create account with more access than yourself.")), err + } + } + } + err := cc.Server.NewUser(login, string(getField(fieldUserName, &subFields).Data), string(getField(fieldUserPassword, &subFields).Data), newAccess) if err != nil { return []Transaction{}, err @@ -819,6 +844,16 @@ func HandleNewUser(cc *ClientConn, t *Transaction) (res []Transaction, err error newAccess := accessBitmap{} copy(newAccess[:], t.GetField(fieldUserAccess).Data[:]) + // Prevent account from creating new account with greater permission + for i := 0; i < 64; i++ { + if newAccess.IsSet(i) { + if !cc.Authorize(i) { + res = append(res, cc.NewErrReply(t, "Cannot create account with more access than yourself.")) + return res, err + } + } + } + if err := cc.Server.NewUser(login, string(t.GetField(fieldUserName).Data), string(t.GetField(fieldUserPassword).Data), newAccess); err != nil { return []Transaction{}, err } @@ -1000,14 +1035,14 @@ func HandleTranOldPostNews(cc *ClientConn, t *Transaction) (res []Transaction, e newsPost := fmt.Sprintf(newsTemplate+"\r", cc.UserName, time.Now().Format(newsDateTemplate), t.GetField(fieldData).Data) newsPost = strings.Replace(newsPost, "\n", "\r", -1) + // update news in memory + cc.Server.FlatNews = append([]byte(newsPost), cc.Server.FlatNews...) + // update news on disk if err := cc.Server.FS.WriteFile(filepath.Join(cc.Server.ConfigDir, "MessageBoard.txt"), cc.Server.FlatNews, 0644); err != nil { return res, err } - // update news in memory - cc.Server.FlatNews = append([]byte(newsPost), cc.Server.FlatNews...) - // Notify all clients of updated news cc.sendAll( tranNewMsg, @@ -1259,7 +1294,7 @@ func HandleDelNewsItem(cc *ClientConn, t *Transaction) (res []Transaction, err e } } - if bytes.Compare(cats[delName].Type, []byte{0, 3}) == 0 { + if bytes.Equal(cats[delName].Type, []byte{0, 3}) { if !cc.Authorize(accessNewsDeleteCat) { return append(res, cc.NewErrReply(t, "You are not allowed to delete news categories.")), nil }