added permium users, second vuln and minor fixes all around

1 files changed, 118 insertions, 50 deletions

diff --git a/service/src/main.c b/service/src/main.c
index 3d62fc7..959ef58 100644
--- a/service/src/main.c
+++ b/service/src/main.c
@@ -6,6 +6,7 @@
 #include <fcntl.h>
 #include <sys/stat.h>
 #include <time.h>
+#include <errno.h>
 
 #include "stlfile.h"
 #include "util.h"
@@ -14,30 +15,37 @@
 
 struct command {
 	const char *name;
-	void (*func)(char *);
+	void (*func)(const char *);
+	const char *desc;
 };
 
 int save_submission(struct parseinfo *info, char *data, int len);
 
-void cat_cmd(char *arg);
-void list_cmd(char *arg);
-void exit_cmd(char *arg);
-void echo_cmd(char *arg);
-void submit_cmd(char *arg);
-void query_cmd(char *arg);
+void cat_cmd(const char *arg);
+void help_cmd(const char *arg);
+void exit_cmd(const char *arg);
+void echo_cmd(const char *arg);
+void upload_cmd(const char *arg);
+void search_cmd(const char *arg);
+void list_cmd(const char *arg);
+void auth_cmd(const char *arg);
+
+void cleanexit();
 
 struct command commands[] = {
-	{ "cat", cat_cmd },
-	{ "help", list_cmd },
-	{ "exit", exit_cmd },
-	{ "echo", echo_cmd },
-	{ "submit", submit_cmd },
-	{ "query", query_cmd },
+	{ "cat",    cat_cmd,    "Cat cmd go prrrrr." },
+	{ "help",   help_cmd,   "You already know what this does." },
+	{ "exit",   exit_cmd,   "Closes the session." },
+	{ "echo",   echo_cmd,   "Repeat after me!" },
+	{ "upload", upload_cmd, "Upload an STL file to analyze." },
+	{ "search", search_cmd, "Search for an STL file by model name." },
+	{ "list",   list_cmd,   "List your uploaded files." },
+	{ "auth",   auth_cmd,   "Login to upload files to a private dir." }
 };
 
 struct parseinfo cached;
-const char *resultdir;
-int echo = 0;
+char *resultdir;
+int echo = 0, loggedin = 0;
 
 int
 save_submission(struct parseinfo *info, char *stldata, int stlsize)
@@ -46,7 +54,10 @@ save_submission(struct parseinfo *info, char *stldata, int stlsize)
 	FILE *f = NULL;
 	char *dirpath = NULL, *infopath = NULL, *modelpath = NULL;
 
-	dirpath = aprintf("%s/%s-%i", resultdir, info->hash, time(NULL));
+	if (loggedin)
+		dirpath = aprintf("%s/.%s-%i", resultdir, info->hash, time(NULL));
+	else
+		dirpath = aprintf("%s/%s-%i", resultdir, info->hash, time(NULL));
 	if (mkdir(dirpath, S_IRWXU | S_IRWXG | S_IRWXO)) goto fail;
 
 	modelpath = aprintf("%s/%s", dirpath, "model");
@@ -82,7 +93,7 @@ fail:
 }
 
 void
-cat_cmd(char *arg)
+cat_cmd(const char *arg)
 {
 	if (arg && !strncmp(arg, "flag", 4))
 		dump("msgs/cat_flag");
@@ -91,10 +102,19 @@ cat_cmd(char *arg)
 }
 
 void
-list_cmd(char *arg)
+help_cmd(const char *arg)
 {
 	int i;
 
+	if (arg) {
+		for (i = 0; i < ARRSIZE(commands); i++) {
+			if (!strcmp(commands[i].name, arg)) {
+				printf("%s\n", commands[i].desc);
+				return;
+			}
+		}
+	}
+
 	printf("Available commands:\n");
 	for (i = 0; i < ARRSIZE(commands); i++)
 		printf("%s%s", i ? " " : "", commands[i].name);
@@ -102,49 +122,53 @@ list_cmd(char *arg)
 }
 
 void
-exit_cmd(char *arg)
+exit_cmd(const char *arg)
 {
 	exit(0);
 }
 
 void
-echo_cmd(char *arg)
+echo_cmd(const char *arg)
 {
 	echo ^= 1;
 	printf("Echo is %s\n", echo ? "enabled" : "disabled");
 }
 
 void
-submit_cmd(char *arg)
+upload_cmd(const char *arg)
 {
 	const char *bufp;
 	char *end, *contents;
 	size_t len;
 
-	bufp = ask("> How large is your file? ");
+	bufp = ask("How large is your file? ");
 	len = strtoul(bufp, &end, 10);
 	if (len <= 0 || len >= MAXFILESIZE || *end) {
 		fprintf(stderr, "Invalid file length!\n");
 		return;
 	}
 
-	printf("> Ok! Im listening..\n");
+	printf("Ok! Im listening..\n");
 	contents = checkp(malloc(len + 1));
-	fread(contents, 1, len, stdin);
+	if (fread(contents, 1, len, stdin) != len) {
+		fprintf(stderr, "Hm, I'm missing some bytes.. try again!\n");
+		goto cleanup;
+	}
 	contents[len] = '\0';
 
 	if ((cached.valid = parse_file(&cached, contents, len))) {
 		if (save_submission(&cached, contents, len) != OK)
 			fprintf(stderr, "Failed to save your submission!\n");
 		else
-			printf("> Your file was saved with ID %s!\n", cached.hash);
+			printf("Your file was saved with ID %s!\n", cached.hash);
 	}
 
+cleanup:
 	free(contents);
 }
 
 void
-query_cmd(char *arg)
+search_cmd(const char *arg)
 {
 	char *end, *scandir = NULL, *infopath = NULL, *modelpath = NULL;
 	const char *hash;
@@ -161,7 +185,7 @@ query_cmd(char *arg)
 		}
 		hash = cached.hash;
 	} else {
-		hash = mhash(ask("> Model name: "), -1);
+		hash = mhash(arg ? arg : ask("Model name: "), -1);
 	}
 
 	if (!(d = opendir(resultdir))) return;
@@ -178,7 +202,7 @@ query_cmd(char *arg)
 		fprintf(stderr, "Sorry, couldnt find a matching scan result!\n");
 		goto cleanup;
 	} else {
-		which = strtoul(ask("> Which of these results? "), &end, 10);
+		which = strtoul(ask("Which of these results? "), &end, 10);
 		if (which >= i || which < 0 || *end) {
 			fprintf(stderr, "Invalid index!\n");
 			goto cleanup;
@@ -196,8 +220,9 @@ query_cmd(char *arg)
 		}
 	}
 
+	/* file got cleaned up during race condition by background task */
 	if (!scandir) {
-		fprintf(stderr, "Unexpected error!\n");
+		fprintf(stderr, "Selected result spontaneously combusted!\n");
 		goto cleanup;
 	}
 
@@ -210,14 +235,14 @@ query_cmd(char *arg)
 
 	print_info(&cached);
 
-	if (strchr(ask("> Download the model? "), 'y')) {
+	if (strchr(ask("Download the model? "), 'y')) {
 		modelpath = aprintf("%s/%s", scandir, "model");
 		if (!(f = fopen(modelpath, "r"))) goto cleanup;
 		fseek(f, 0, SEEK_END);
 		size = ftell(f);
 		fseek(f, 0, SEEK_SET);
 		if (size > MAXFILESIZE) goto cleanup;
-		printf("> Here you go.. (%liB)\n", size);
+		printf("Here you go.. (%liB)\n", size);
 		while ((i = getc(f)) != EOF)
 			putc(i, stdout);
 		fclose(f);
@@ -233,6 +258,52 @@ cleanup:
 }
 
 void
+list_cmd(const char *arg)
+{
+	DIR *d;
+	struct dirent *de;
+
+	if (!loggedin) {
+		fprintf(stderr, "Not logged in!\n");
+		return;
+	}
+
+	if (!(d = opendir(resultdir))) return;
+
+	while ((de = readdir(d))) {
+		if (*de->d_name == '.' && !strchr(".", de->d_name[1])) {
+			printf("%s\n", de->d_name);
+		}
+	}
+}
+
+void
+auth_cmd(const char *arg)
+{
+	const char *hash;
+	char *ndir;
+
+	if (loggedin) {
+		fprintf(stderr, "Already logged in!\n");
+		return;
+	}
+
+	hash = mhash(arg ? arg : ask("Enter a password: "), -1);
+	ndir = aprintf("%s/.%s", resultdir, hash);
+	if (mkdir(ndir, S_IRWXU | S_IRWXG | S_IRWXO) && errno != EEXIST) {
+		fprintf(stderr, "Auth failed!\n");
+		return;
+	}
+
+	printf("Success!\n");
+
+	free(resultdir);
+	resultdir = ndir;
+	loggedin = 1;
+	cached.valid = 0;
+}
+
+void
 cleanexit()
 {
 	printf("see you later!\n");
@@ -242,11 +313,14 @@ cleanexit()
 int
 main()
 {
-	char linebuf[256], *cp, *arg;
-	int exit, i;
+	const char *cmd;
+	char *cp, *arg;
+	int exit, i, cmdlen;
 
-	if (!(resultdir = getenv("RESULTDIR")))
-		resultdir = "scans";
+	if (!(resultdir = checkp(strdup(getenv("RESULTDIR"))))) {
+		fprintf(stderr, "RESULTDIR not defined\n");
+		return 1;
+	}
 
 	setvbuf(stdin, NULL, _IONBF, 0);
 	setvbuf(stdout, NULL, _IONBF, 0);
@@ -258,30 +332,24 @@ main()
 
 	exit = 0;
 	while (!exit) {
-		memset(linebuf, '\0', sizeof(linebuf));
-
-		printf("$ ");
-		exit = !fgets(linebuf, sizeof(linebuf), stdin);
-		if (exit || !*linebuf) break;
-
-		if (*linebuf == '\n') continue;
-		if (linebuf[strlen(linebuf) - 1] == '\n')
-			linebuf[strlen(linebuf) - 1] = '\0';
-
-		if (echo) printf("%s\n", linebuf);
+		errno = 0;
+		cmd = ask("$ ");
+		if (!*cmd && errno == EBADMSG) break;
+		if (!*cmd) continue;
 
-		cp = strchr(linebuf, ' ');
+		cp = strchr(cmd, ' ');
 		arg = cp ? cp + 1 : NULL;
-		if (cp) *cp = 0;
+		cmdlen = cp ? cp - cmd : strlen(cmd);
 
 		for (i = 0; i < ARRSIZE(commands); i++) {
-			if (!strcmp(commands[i].name, linebuf)) {
+			if (!strncmp(commands[i].name, cmd, cmdlen)
+					&& cmdlen == strlen(commands[i].name)) {
 				commands[i].func(arg);
 				break;
 			}
 		}
 
-		if (i == ARRSIZE(commands) && strlen(linebuf) != 0)
+		if (i == ARRSIZE(commands) && strlen(cmd) != 0)
 			fprintf(stderr, "No such command!\n");
 	}
 }