X-Git-Url: https://git.r.bdr.sh/rbdr/mobius/blobdiff_plain/decc2fbf5db4a05aec93462ad35d890930bddd04..25f0d77de4489c6759a497617606f2933ca76fc9:/hotline/transaction_handlers.go diff --git a/hotline/transaction_handlers.go b/hotline/transaction_handlers.go index ade846e..c17510a 100644 --- a/hotline/transaction_handlers.go +++ b/hotline/transaction_handlers.go @@ -45,13 +45,10 @@ var TransactionHandlers = map[uint16]TransactionType{ Name: "tranNotifyDeleteUser", }, tranAgreed: { - Access: accessAlwaysAllow, Name: "tranAgreed", Handler: HandleTranAgreed, }, tranChatSend: { - Access: accessSendChat, - DenyMsg: "You are not allowed to participate in chat.", Handler: HandleChatSend, Name: "tranChatSend", RequiredFields: []requiredField{ @@ -68,20 +65,16 @@ var TransactionHandlers = map[uint16]TransactionType{ Handler: HandleDelNewsArt, }, tranDelNewsItem: { - Access: accessAlwaysAllow, // Granular access enforced inside the handler // Has multiple access flags: News Delete Folder (37) or News Delete Category (35) // TODO: Implement inside the handler Name: "tranDelNewsItem", Handler: HandleDelNewsItem, }, tranDeleteFile: { - Access: accessAlwaysAllow, // Granular access enforced inside the handler Name: "tranDeleteFile", Handler: HandleDeleteFile, }, tranDeleteUser: { - Access: accessDeleteUser, - DenyMsg: "You are not allowed to delete accounts.", Name: "tranDeleteUser", Handler: HandleDeleteUser, }, @@ -110,12 +103,10 @@ var TransactionHandlers = map[uint16]TransactionType{ Handler: HandleGetClientConnInfoText, }, tranGetFileInfo: { - Access: accessAlwaysAllow, Name: "tranGetFileInfo", Handler: HandleGetFileInfo, }, tranGetFileNameList: { - Access: accessAlwaysAllow, Name: "tranGetFileNameList", Handler: HandleGetFileNameList, }, @@ -144,13 +135,11 @@ var TransactionHandlers = map[uint16]TransactionType{ Handler: HandleGetNewsCatNameList, }, tranGetUser: { - Access: accessOpenUser, DenyMsg: "You are not allowed to view accounts.", Name: "tranGetUser", Handler: HandleGetUser, }, tranGetUserNameList: { - Access: accessAlwaysAllow, Name: "tranHandleGetUserNameList", Handler: HandleGetUserNameList, }, @@ -167,17 +156,14 @@ var TransactionHandlers = map[uint16]TransactionType{ Handler: HandleInviteToChat, }, tranJoinChat: { - Access: accessAlwaysAllow, Name: "tranJoinChat", Handler: HandleJoinChat, }, tranKeepAlive: { - Access: accessAlwaysAllow, Name: "tranKeepAlive", Handler: HandleKeepAlive, }, tranLeaveChat: { - Access: accessAlwaysAllow, Name: "tranJoinChat", Handler: HandleLeaveChat, }, @@ -231,14 +217,13 @@ var TransactionHandlers = map[uint16]TransactionType{ Handler: HandlePostNewsArt, }, tranRejectChatInvite: { - Access: accessAlwaysAllow, Name: "tranRejectChatInvite", Handler: HandleRejectChatInvite, }, tranSendInstantMsg: { Access: accessAlwaysAllow, - //Access: accessSendPrivMsg, - //DenyMsg: "You are not allowed to send private messages", + // Access: accessSendPrivMsg, + // DenyMsg: "You are not allowed to send private messages", Name: "tranSendInstantMsg", Handler: HandleSendInstantMsg, RequiredFields: []requiredField{ @@ -252,12 +237,10 @@ var TransactionHandlers = map[uint16]TransactionType{ }, }, tranSetChatSubject: { - Access: accessAlwaysAllow, Name: "tranSetChatSubject", Handler: HandleSetChatSubject, }, tranMakeFileAlias: { - Access: accessAlwaysAllow, Name: "tranMakeFileAlias", Handler: HandleMakeAlias, RequiredFields: []requiredField{ @@ -267,12 +250,10 @@ var TransactionHandlers = map[uint16]TransactionType{ }, }, tranSetClientUserInfo: { - Access: accessAlwaysAllow, Name: "tranSetClientUserInfo", Handler: HandleSetClientUserInfo, }, tranSetFileInfo: { - Access: accessAlwaysAllow, // granular access is in the handler Name: "tranSetFileInfo", Handler: HandleSetFileInfo, }, @@ -283,13 +264,10 @@ var TransactionHandlers = map[uint16]TransactionType{ Handler: HandleSetUser, }, tranUploadFile: { - Access: accessAlwaysAllow, - DenyMsg: "You are not allowed to upload files.", Name: "tranUploadFile", Handler: HandleUploadFile, }, tranUploadFldr: { - Access: accessAlwaysAllow, // TODO: what should this be? Name: "tranUploadFldr", Handler: HandleUploadFolder, }, @@ -302,6 +280,11 @@ var TransactionHandlers = map[uint16]TransactionType{ } func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err error) { + if !authorize(cc.Account.Access, accessSendChat) { + res = append(res, cc.NewErrReply(t, "You are not allowed to participate in chat.")) + return res, err + } + // Truncate long usernames trunc := fmt.Sprintf("%13s", cc.UserName) formattedMsg := fmt.Sprintf("\r%.14s: %s", trunc, t.GetField(fieldData).Data) @@ -357,13 +340,13 @@ func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err erro // 101 Data Optional // 214 Quoting message Optional // -//Fields used in the reply: +// Fields used in the reply: // None func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, err error) { msg := t.GetField(fieldData) ID := t.GetField(fieldUserID) // TODO: Implement reply quoting - //options := transaction.GetField(hotline.fieldOptions) + // options := transaction.GetField(hotline.fieldOptions) res = append(res, *NewTransaction( @@ -377,23 +360,18 @@ func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, er ) id, _ := byteToInt(ID.Data) - //keys := make([]uint16, 0, len(cc.Server.Clients)) - //for k := range cc.Server.Clients { - // keys = append(keys, k) - //} - otherClient := cc.Server.Clients[uint16(id)] if otherClient == nil { return res, errors.New("ohno") } // Respond with auto reply if other client has it enabled - if len(*otherClient.AutoReply) > 0 { + if len(otherClient.AutoReply) > 0 { res = append(res, *NewTransaction( tranServerMsg, cc.ID, - NewField(fieldData, *otherClient.AutoReply), + NewField(fieldData, otherClient.AutoReply), NewField(fieldUserName, otherClient.UserName), NewField(fieldUserID, *otherClient.ID), NewField(fieldOptions, []byte{0, 1}), @@ -450,7 +428,7 @@ func HandleSetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err e return nil, err } - //fileComment := t.GetField(fieldFileComment).Data + // fileComment := t.GetField(fieldFileComment).Data fileNewName := t.GetField(fieldFileNewName).Data if fileNewName != nil { @@ -532,8 +510,8 @@ func HandleMoveFile(cc *ClientConn, t *Transaction) (res []Transaction, err erro cc.Server.Logger.Debugw("Move file", "src", filePath+"/"+fileName, "dst", fileNewPath+"/"+fileName) - path := filePath + "/" + fileName - fi, err := os.Stat(path) + fp := filePath + "/" + fileName + fi, err := os.Stat(fp) if err != nil { return res, err } @@ -654,16 +632,17 @@ func HandleSetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error } } - // TODO: If we have just promoted a connected user to admin, notify - // connected clients to turn the user red - res = append(res, cc.NewReply(t)) return res, err } func HandleGetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) { - userLogin := string(t.GetField(fieldUserLogin).Data) - account := cc.Server.Accounts[userLogin] + if !authorize(cc.Account.Access, accessOpenUser) { + res = append(res, cc.NewErrReply(t, "You are not allowed to view accounts.")) + return res, err + } + + account := cc.Server.Accounts[string(t.GetField(fieldUserLogin).Data)] if account == nil { errorT := cc.NewErrReply(t, "Account does not exist.") res = append(res, errorT) @@ -716,6 +695,11 @@ func HandleNewUser(cc *ClientConn, t *Transaction) (res []Transaction, err error } func HandleDeleteUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) { + if !authorize(cc.Account.Access, accessDeleteUser) { + res = append(res, cc.NewErrReply(t, "You are not allowed to delete accounts.")) + return res, err + } + // TODO: Handle case where account doesn't exist; e.g. delete race condition login := DecodeUserString(t.GetField(fieldUserLogin).Data) @@ -815,21 +799,6 @@ func HandleGetUserNameList(cc *ClientConn, t *Transaction) (res []Transaction, e return res, err } -func (cc *ClientConn) notifyNewUserHasJoined() (res []Transaction, err error) { - // Notify other ccs that a new user has connected - cc.NotifyOthers( - *NewTransaction( - tranNotifyChangeUser, nil, - NewField(fieldUserName, cc.UserName), - NewField(fieldUserID, *cc.ID), - NewField(fieldUserIconID, *cc.Icon), - NewField(fieldUserFlags, *cc.Flags), - ), - ) - - return res, nil -} - func HandleTranAgreed(cc *ClientConn, t *Transaction) (res []Transaction, err error) { cc.Agreed = true cc.UserName = t.GetField(fieldUserName).Data @@ -854,12 +823,20 @@ func HandleTranAgreed(cc *ClientConn, t *Transaction) (res []Transaction, err er // Check auto response if optBitmap.Bit(autoResponse) == 1 { - *cc.AutoReply = t.GetField(fieldAutomaticResponse).Data + cc.AutoReply = t.GetField(fieldAutomaticResponse).Data } else { - *cc.AutoReply = []byte{} + cc.AutoReply = []byte{} } - _, _ = cc.notifyNewUserHasJoined() + cc.notifyOthers( + *NewTransaction( + tranNotifyChangeUser, nil, + NewField(fieldUserName, cc.UserName), + NewField(fieldUserID, *cc.ID), + NewField(fieldUserIconID, *cc.Icon), + NewField(fieldUserFlags, *cc.Flags), + ), + ) res = append(res, cc.NewReply(t)) @@ -1015,9 +992,9 @@ func HandleGetNewsArtNameList(cc *ClientConn, t *Transaction) (res []Transaction var cat NewsCategoryListData15 cats := cc.Server.ThreadedNews.Categories - for _, path := range pathStrs { - cat = cats[path] - cats = cats[path].SubCats + for _, fp := range pathStrs { + cat = cats[fp] + cats = cats[fp].SubCats } nald := cat.GetNewsArtListData() @@ -1028,7 +1005,7 @@ func HandleGetNewsArtNameList(cc *ClientConn, t *Transaction) (res []Transaction func HandleGetNewsArtData(cc *ClientConn, t *Transaction) (res []Transaction, err error) { // Request fields - // 325 News path + // 325 News fp // 326 News article ID // 327 News article data flavor @@ -1037,9 +1014,9 @@ func HandleGetNewsArtData(cc *ClientConn, t *Transaction) (res []Transaction, er var cat NewsCategoryListData15 cats := cc.Server.ThreadedNews.Categories - for _, path := range pathStrs { - cat = cats[path] - cats = cats[path].SubCats + for _, fp := range pathStrs { + cat = cats[fp] + cats = cats[fp].SubCats } newsArtID := t.GetField(fieldNewsArtID).Data @@ -1089,8 +1066,8 @@ func HandleDelNewsItem(cc *ClientConn, t *Transaction) (res []Transaction, err e delName := pathStrs[len(pathStrs)-1] if len(pathStrs) > 1 { - for _, path := range pathStrs[0 : len(pathStrs)-1] { - cats = cats[path].SubCats + for _, fp := range pathStrs[0 : len(pathStrs)-1] { + cats = cats[fp].SubCats } } @@ -1286,6 +1263,9 @@ func HandleDownloadFolder(cc *ClientConn, t *Transaction) (res []Transaction, er } fullFilePath, err := readPath(cc.Server.Config.FileRoot, t.GetField(fieldFilePath).Data, t.GetField(fieldFileName).Data) + if err != nil { + return res, err + } transferSize, err := CalcTotalSize(fullFilePath) if err != nil { @@ -1315,6 +1295,21 @@ func HandleUploadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err transactionRef := cc.Server.NewTransactionRef() data := binary.BigEndian.Uint32(transactionRef) + var fp FilePath + if t.GetField(fieldFilePath).Data != nil { + if err = fp.UnmarshalBinary(t.GetField(fieldFilePath).Data); err != nil { + return res, err + } + } + + // Handle special cases for Upload and Drop Box folders + if !authorize(cc.Account.Access, accessUploadAnywhere) { + if !fp.IsUploadDir() && !fp.IsDropbox() { + res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload of the folder \"%v\" because you are only allowed to upload to the \"Uploads\" folder.", string(t.GetField(fieldFileName).Data)))) + return res, err + } + } + fileTransfer := &FileTransfer{ FileName: t.GetField(fieldFileName).Data, FilePath: t.GetField(fieldFilePath).Data, @@ -1329,8 +1324,10 @@ func HandleUploadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err return res, err } +// HandleUploadFile +// Special cases: +// * If the target directory contains "uploads" (case insensitive) func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) { - // TODO: add permission handing for upload folders and drop boxes if !authorize(cc.Account.Access, accessUploadFile) { res = append(res, cc.NewErrReply(t, "You are not allowed to upload files.")) return res, err @@ -1339,6 +1336,21 @@ func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err er fileName := t.GetField(fieldFileName).Data filePath := t.GetField(fieldFilePath).Data + var fp FilePath + if filePath != nil { + if err = fp.UnmarshalBinary(filePath); err != nil { + return res, err + } + } + + // Handle special cases for Upload and Drop Box folders + if !authorize(cc.Account.Access, accessUploadAnywhere) { + if !fp.IsUploadDir() && !fp.IsDropbox() { + res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload of the file \"%v\" because you are only allowed to upload to the \"Uploads\" folder.", string(fileName)))) + return res, err + } + } + transactionRef := cc.Server.NewTransactionRef() data := binary.BigEndian.Uint32(transactionRef) @@ -1353,13 +1365,6 @@ func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err er return res, err } -// User options -const ( - refusePM = 0 - refuseChat = 1 - autoResponse = 2 -) - func HandleSetClientUserInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) { var icon []byte if len(t.GetField(fieldUserIconID).Data) == 4 { @@ -1385,9 +1390,9 @@ func HandleSetClientUserInfo(cc *ClientConn, t *Transaction) (res []Transaction, // Check auto response if optBitmap.Bit(autoResponse) == 1 { - *cc.AutoReply = t.GetField(fieldAutomaticResponse).Data + cc.AutoReply = t.GetField(fieldAutomaticResponse).Data } else { - *cc.AutoReply = []byte{} + cc.AutoReply = []byte{} } } @@ -1422,6 +1427,19 @@ func HandleGetFileNameList(cc *ClientConn, t *Transaction) (res []Transaction, e return res, err } + var fp FilePath + if t.GetField(fieldFilePath).Data != nil { + if err = fp.UnmarshalBinary(t.GetField(fieldFilePath).Data); err != nil { + return res, err + } + } + + // Handle special case for drop box folders + if fp.IsDropbox() && !authorize(cc.Account.Access, accessViewDropBoxes) { + res = append(res, cc.NewReply(t)) + return res, err + } + fileNames, err := getFileNameList(fullPath) if err != nil { return res, err