Implementing .blashrc and chmod

commands/chmod.json

@@ -0,0 +1,66 @@
+{
+	"name" : "chmod",
+
+	"info" :  {
+		"syntax" : "chmod <perms> <file|directory>",
+		"brief" : "Change the access permissions to a file or directory for one or more users or groups, for example chmod user1,user2,@group1,@group2+r"
+	},
+
+	"action" : function ( arg )
+	{
+		var out = '';
+
+		if ( !arg.match ( /^\s*([^+|-]*)(\+|\-)((r|w)+)\s+(.+)\s*$/ ))
+		{
+			return "Usage: " + this.info.syntax + "<br/>\n";
+		}
+
+		shell.auto_prompt_refresh = false;
+
+		var userlist = RegExp.$1;
+		var resource = RegExp.$5;
+		var perm_string = RegExp.$3;
+		var perms = 0;
+
+		// Unset R/W perms: 011. Unset R perms: 010. Unset W perms: 001
+		// Set R/W perms: 111. Set R perms: 110. Set W perms: 101
+		perms |= (( RegExp.$2 == '+' ) ? 4 : 0 );
+		perms |= (( perm_string.match ( 'r' )) ? 2 : 0 );
+		perms |= (( perm_string.match ( 'w' )) ? 1 : 0 );
+		resource = shell.expandPath ( resource );
+
+		var users_php = window.location.href;
+		users_php = users_php.replace ( /\/([a-zA-Z\.]+)$/, '/modules/users/users.php' );
+		params = 'action=chmod&resource=' + escape ( resource ) + '&perms=' + escape ( perms.toString() );
+
+		if ( userlist )
+		{
+			params += '&userlist=' + escape ( userlist );
+		}
+
+		var http = new XMLHttpRequest();
+		http.open ( "POST", users_php, true );
+		http.setRequestHeader( "Content-type", "application/x-www-form-urlencoded" );
+		http.setRequestHeader( "Content-length", params.length );
+		http.setRequestHeader( "Connection", "close" );
+
+		http.onreadystatechange = function ()
+		{
+			if ( http.readyState == 4 && http.status == 200 )
+			{
+				if ( http.responseText.length > 0 )
+				{
+					shell.cmdOut.innerHTML = http.responseText;
+				}
+
+				shell.auto_prompt_refresh = true;
+				shell.refreshPrompt ( false, false );
+			}
+		}
+
+		http.send ( params );
+		shell.cmdOut.innerHTML = '';
+		return out;
+	}
+}
+

commands/echo.json

@@ -9,6 +9,10 @@
 	"action" : function ( arg )
 	{
 		var out = arg + "<br/>\n";
+		out = out.replace ( /(^|[^\\])"/g, '$1' );
+		out = out.replace ( /(^|[^\\])'/g, '$1' );
+		out = out.replace ( /\\"/g, '"' );
+		out = out.replace ( /\\'/g, "'" );
 		return out;
 	},
 }

commands/logout.json

@@ -81,6 +81,22 @@
 
 		http.send ( params );
 		shell.path = shell.json.basepath;
+
+		var json_config = window.location.href;
+		json_config = json_config.replace ( /\/([a-zA-Z_\.]+)$/, '/system/blash.json' );
+
+		var http2 = new XMLHttpRequest();
+		http2.open ( "GET", json_config, true );
+
+		http2.onreadystatechange = function ()
+		{
+			if ( http2.readyState == 4 && http2.status == 200 )
+			{
+				shell.json = eval ( '(' + http2.responseText + ')' );
+			}
+		}
+
+		http2.send ( null );
 		return out;
 	},
 }

commands/nano.json

@@ -118,8 +118,8 @@
 				if ( file.content.length > 0 )
 				{
 					var content = file.content.replace ( /<br\/?>/g, "\n" );
-					content = content.replace ( '&lt;', '<' );
+					content = content.replace ( /&lt;/g, '<' );
-					content = content.replace ( '&gt;', '>' );
+					content = content.replace ( /&gt;/g, '>' );
 					editor.value = content;
 					has_content = true;
 				}

commands/su.json

@@ -135,6 +135,33 @@
 								shell.auto_prompt_focus = true;
 								shell.auto_prompt_refresh = true;
 								shell.refreshPrompt ( false, false );
+
+								blashrcIndex = -1; // Index of .blashrc file
+
+								for ( var i in shell.files )
+								{
+									if ( shell.files[i].path.match ( new RegExp ( '^' + shell.home + '/.blashrc$' )))
+									{
+										blashrcIndex = i;
+										break;
+									}
+								}
+
+								if ( blashrcIndex > 0 )
+								{
+									var blashrc = shell.files[blashrcIndex].content.replace ( /<br\/?>/g, ' ' );
+									blashrc = eval ( '(' + blashrc + ')' );
+
+									if ( !blashrc )
+									{
+										return false;
+									}
+
+									for ( var i in blashrc )
+									{
+										shell.json[i] = blashrc[i];
+									}
+								}
 							}
 						}
 

commands/whoami.json

@@ -15,7 +15,6 @@
 			return "guest<br/>\n";
 		}
 
-		
 		if ( arg )
 		{
 			return "whoami: extra operand `" + arg + "'<br/>\n";

modules/users/user_utils.php

@@ -34,6 +34,26 @@ function getUser ()
 	return "guest";
 }
 
+function userExists ( $user )
+{
+	include 'userlist.php';
+
+	if ( !( $xml = new SimpleXMLElement ( $xmlcontent )))
+	{
+		return "Unable to open the users XML file\n";
+	}
+
+	for ( $i = 0; $i < count ( $xml->user ); $i++ )
+	{
+		if ( !strcmp ( $xml->user[$i]['name'], $user ))
+		{
+			return true;
+		}
+	}
+
+	return false;
+}
+
 function getHome ()
 {
 	include 'userlist.php';
@@ -305,6 +325,147 @@ function __json_encode( $data ) {
 	return $json;
 } 
 
+function __chmod ( $resource, $userlist, $perms )
+{
+	include "../../system/files_json.php";
+	$user = getUser();
+	$file_index = -1;
+
+	if ( !$files_json || strlen ( $files_json ) == 0 )
+	{
+		return 'Error: Empty JSON file container';
+	}
+
+	$json = json_decode ( $files_json, true );
+
+	if ( !$json )
+	{
+		return 'Error: Empty JSON file container';
+	}
+
+	for ( $i=0; $i < count ( $json ) && $file_index == -1; $i++ )
+	{
+		if ( $json[$i]['path'] == $resource )
+		{
+			$file_index = $i;
+		}
+	}
+
+	if ( $file_index == -1 )
+	{
+		return "chmod: No such file or directory";
+	}
+
+	$perm = json_decode ( getPerms ( $json[$file_index]['path'] ), true );
+
+	if ( !$perm['write'] )
+	{
+		return "chmod: Permission denied";
+	}
+
+	if ( $userlist )
+	{
+		$userlist = preg_split ( '/,\s*/', $userlist );
+	} else {
+		$userlist = array();
+		$userlist[0] = $user;
+	}
+
+	$can = array();
+	$perm = array();
+	$perm['set'] = ( $perms & 0x4 ) ? true : false;
+	$perm['read'] = ( $perms & 0x2 ) ? true : false;
+	$perm['write'] = ( $perms & 0x1 ) ? true : false;
+
+	foreach ( array ( 'read', 'write' ) as $action )
+	{
+		if ( $perm['set'] )
+		{
+			if ( $perm[$action] )
+			{
+				if ( !$json[$file_index]['can_'.$action] )
+				{
+					$json[$file_index]['can_'.$action] = join ( ", ", $userlist );
+				} else {
+					$out = '';
+					$can[$action] = preg_split ( '/,\s*/', $json[$file_index]['can_'.$action] );
+
+					for ( $i=0; $i < count ( $userlist ); $i++ )
+					{
+						if ( !userExists ( $userlist[$i] ) && !preg_match ( '/^\s*@/', $userlist[$i] ))
+						{
+							continue;
+						}
+
+						$user_found = false;
+
+						for ( $j=0; $j < count ( $can[$action] ) && !$user_found; $j++ )
+						{
+							if ( $userlist[$i] == $can[$action][$j] )
+							{
+								$user_found = true;
+							}
+						}
+
+						if ( !$user_found )
+						{
+							if ( strlen ( $out ) == 0 )
+							{
+								$out .= $userlist[$i];
+							} else {
+								$out .= ', '.$userlist[$i];
+							}
+						}
+					}
+
+					if ( strlen ( $out ) > 0 )
+					{
+						$json[$file_index]['can_'.$action] .= ', '.$out;
+					}
+				}
+			}
+		} else {
+			if ( $perm[$action] )
+			{
+				if ( !$json[$file_index]['can_'.$action] )
+				{
+					continue;
+				} else {
+					for ( $i=0; $i < count ( $userlist ); $i++ )
+					{
+						if ( preg_match ( '/(,?\s*)'.$userlist[$i].'(,?)/', $json[$file_index]['can_'.$action], $matches ))
+						{
+							$replace = '';
+
+							if ( preg_match ( '/^\s*$/', $matches[1] ) || preg_match ( '/^\s*$/', $matches[2] ))
+							{
+								$replace = '';
+							} else {
+								$replace = ", ";
+							}
+
+							$json[$file_index]['can_'.$action] = preg_replace ( '/(,?\s*)'.$userlist[$i].'(,?)/', $replace, $json[$file_index]['can_'.$action] );
+						}
+					}
+
+					if ( strlen ( $json[$file_index]['can_'.$action] ) == 0 )
+					{
+						unset ( $json[$file_index]['can_'.$action] );
+					}
+				}
+			}
+		}
+	}
+
+	if ( !( $fp = fopen ( "../../system/files_json.php", "w" )))
+	{
+		return "Unable to write on directories file\n";
+	}
+
+	fwrite ( $fp, "<?php\n\n\$files_json = <<<JSON\n".__json_encode ( $json )."\nJSON;\n\n?>");
+	fclose ( $fp );
+}
+
 function set_content ( $file, $content )
 {
 	$perms = json_decode ( getPerms ( $file ), true );

modules/users/userlist.php

@@ -3,7 +3,7 @@
 $xmlcontent = <<<XML
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <users>
-<user name="root" pass="3c7f506040bffb0aada69cfd5b101f4b" home="/root"/><user name="blacklight" pass="5f4dcc3b5aa765d61d8327deb882cf99" home="/home/blacklight"/></users>
+<user name="root" pass="3c7f506040bffb0aada69cfd5b101f4b" home="/root"/></users>
 
 XML;
 

modules/users/users.php

@@ -71,6 +71,7 @@ switch ( $action )
 
 		$GLOBALS['sudo_cmd'] = true;
 		print __mkdir ( '/home/'.$username, $perms )."<br/>\n";
+		set_content ( '/home/'.$username.'/.blashrc', file_get_contents ( '../../system/default_blashrc.json' ));
 		$GLOBALS['sudo_cmd'] = false;
 
 		print 'User "'.$username.'" successfully added, home directory set to "/home/'.$username."\"\n";
@@ -241,6 +242,19 @@ switch ( $action )
 		print __rm ( $file );
 		break;
 
+	case 'chmod':
+		$resource = $_REQUEST['resource'];
+		$perms = $_REQUEST['perms'];
+		$userlist = $_REQUEST['userlist'];
+
+		if ( !( $resource && $perms ))
+		{
+			return false;
+		}
+
+		print __chmod ( $resource, (( $userlist ) ? $userlist : null ), $perms );
+		break;
+
 	case 'set_content':
 		$file = $_REQUEST['file'];
 		$content = $_REQUEST['content'];
@@ -251,6 +265,12 @@ switch ( $action )
 		}
 
 		print set_content ( $file, $content );
+
+		// If this was a sudo command, for example for creating .blashrc file,
+		// revoke sudo permissions now
+		if ( $GLOBALS['sudo_cmd'] == true )
+			$GLOBALS['sudo_cmd'] = false;
+
 		break;
 
 	default :

system/blash.js

@@ -74,7 +74,7 @@ function blash ()
 	this.loadCommand = function ( cmd )
 	{
 		var cmd_file = window.location.href;
-		cmd_file = cmd_file.replace ( /\/([a-zA-Z\.]+)$/, '/commands/' + cmd  + ".json" );
+		cmd_file = cmd_file.replace ( /\/([a-zA-Z_\.]+)$/, '/commands/' + cmd  + ".json" );
 
 		var http = new XMLHttpRequest();
 		http.open ( "GET", cmd_file, true );
@@ -97,7 +97,7 @@ function blash ()
 			this.user = RegExp.$1;
 			var params = 'action=getuser';
 			var users_php = window.location.href;
-			users_php = users_php.replace ( /\/([a-zA-Z\.]+)$/, '/modules/users/users.php' );
+			users_php = users_php.replace ( /\/([a-zA-Z_\.]+)$/, '/modules/users/users.php' );
 
 			var xml = new XMLHttpRequest();
 			xml.open ( "POST", users_php, true );
@@ -148,7 +148,7 @@ function blash ()
 	this.prompt.focus();
 
 	var json_config = window.location.href;
-	json_config = json_config.replace ( /\/([a-zA-Z\.]+)$/, '/system/blash.json' );
+	json_config = json_config.replace ( /\/([a-zA-Z_\.]+)$/, '/system/blash.json' );
 
 	var http = new XMLHttpRequest();
 	http.open ( "GET", json_config, true );
@@ -197,9 +197,9 @@ function blash ()
 
 			if ( shell.has_users )
 			{
-				shell.files_json = shell.files_json.replace ( /\/([a-zA-Z\.]+)$/, '/modules/users/files.php' );
+				shell.files_json = shell.files_json.replace ( /\/([a-zA-Z_\.]+)$/, '/modules/users/files.php' );
 			} else {
-				shell.files_json = shell.files_json.replace ( /\/([a-zA-Z\.]+)$/, '/system/files.json' );
+				shell.files_json = shell.files_json.replace ( /\/([a-zA-Z_\.]+)$/, '/system/files.json' );
 			}
 
 			var http2 = new XMLHttpRequest();
@@ -233,6 +233,32 @@ function blash ()
 					}
 
 					shell.files = tmp;
+					blashrcIndex = -1; // Index of .blashrc file
+
+					for ( var i in shell.files )
+					{
+						if ( shell.files[i].path.match ( new RegExp ( '^' + shell.home + '/.blashrc$' )))
+						{
+							blashrcIndex = i;
+							break;
+						}
+					}
+
+					if ( blashrcIndex > 0 )
+					{
+						var blashrc = shell.files[blashrcIndex].content.replace ( /<br\/?>/g, ' ' );
+						blashrc = eval ( '(' + blashrc + ')' );
+
+						if ( !blashrc )
+						{
+							return false;
+						}
+
+						for ( var i in blashrc )
+						{
+							shell.json[i] = blashrc[i];
+						}
+					}
 				}
 			}
 

system/blash.json

@@ -55,6 +55,7 @@
 	"commands" : [
 		"cat",
 		"cd",
+		"chmod",
 		"clear",
 		"echo",
 		"eval",

system/default_blashrc.json

@@ -0,0 +1,18 @@
+/**
+ * Sample configuration and contents
+ */
+
+{
+	"banner" : "Welcome back to blash<br/><br/>",
+	"machine" : "localhost",
+
+	/**
+	 * Macros for promptText:
+	 * #{xxx} or #{xxxxxx} - use the specified HTML colour
+	 * %n - username
+	 * %m - machine name
+	 * %W - current working directory
+	 */
+	"promptText" : "[#{800}%n#{888}@#{800}%m#{888} %W] $ "
+}
+

system/files_json.php

@@ -10,8 +10,6 @@ $files_json = <<<JSON
 , {"path": "/software", "type": "directory"}
 , {"path": "/etc", "type": "directory"}
 , {"path": "/home", "type": "directory"}
-, {"path": "/home/guest", "type": "directory"}
-, {"path": "/home/guest/mbox", "type": "file", "content": "No new mail"}
 , {"path": "/google", "type": "file", "href": "http://www.google.com"}
 , {"path": "/blog/post1", "type": "file", "content": "This is my first post"}
 , {"path": "/blog/post2", "type": "file", "content": "This is my second post"}
@@ -30,11 +28,9 @@ $files_json = <<<JSON
 , {"path": "/aboutme", "type": "file", "content": "Luke, I am your father"}
 , {"path": "/contacts", "type": "file", "content": "Contact me at spam@montypython.com"}
 , {"path": "/irc", "type": "file", "content": "IRC channel at #thegame@irc.randomstuff.com"}
-, {"path": "/root", "type": "directory", "can_read": "root", "can_write": "root"}
+, {"path": "/root", "type": "directory", "can_write": "root", "can_read": "root"}
-, {"path": "/home/blacklight", "type": "directory", "owner": "blacklight", "can_read": "blacklight", "can_write": "blacklight"}
-, {"path": "/home/blacklight/lol", "type": "file", "owner": "blacklight", "can_read": "@all", "can_write": "blacklight", "content": "#include &lt;stdio.h&gt;<br/><br/>int main () {<br/>  printf ( 'loln' );<br/>}"}
 ]
 
 JSON;
 
-?>
+?>