From a14dc90aa89c9156a81a37238cdf6f5bc8568720 Mon Sep 17 00:00:00 2001 From: David Griffith Date: Wed, 28 Jun 2017 16:29:02 -0700 Subject: [PATCH] Add restricted mode for curses, which is now -R. -L is for loading saves. --- doc/dfrotz.6 | 35 ++++++++++++++++++----------------- doc/frotz.6 | 35 ++++++++++++++++++----------------- src/common/setup.h | 2 +- src/curses/ux_init.c | 37 +++++++++++++++++++------------------ src/curses/ux_input.c | 18 ++++++++++++++++++ src/curses/ux_params.txt | 4 ++-- src/dumb/dumb_init.c | 28 ++++++++++++++-------------- src/dumb/dumb_input.c | 4 ++-- src/dumb/dumb_params.txt | 4 ++-- 9 files changed, 94 insertions(+), 73 deletions(-) diff --git a/doc/dfrotz.6 b/doc/dfrotz.6 index b20ce09..702e303 100644 --- a/doc/dfrotz.6 +++ b/doc/dfrotz.6 @@ -55,6 +55,10 @@ an interpreter that didn't properly check for errors. This option is intended to get around such bugs, but be warned that Strange Things may happen if fatal errors are not caught. +.TP +.B \-L +When the game starts, load this saved game file. + .TP .B \-m Turn off MORE prompts. This can be desirable when using a printing @@ -88,8 +92,20 @@ Z-code. Set runtime options. This option may be used repeatedly. .TP -.B \-R -When the game starts, load this saved game file. +.B \-R +Restricted read/write. Reading and writing files will be restricted +only to the provided path. Ordinarily Frotz will write or read its +saves, transcripts, and move recordings in whatever path or directory +the user provides when the +.B SAVE, +.B SCRIPT, +or +.B RECORDING +commands are given. This can be undesirable if Frotz is run in a +restricted environment, by a front end, or by a chatbot. This option will +cause Frotz to write or read only to the provided path and nowhere else. +Then the controlling process can then watch that directory for changes +and need not worry about someone scribbling or snooping who-knows-where. .TP .B \-s N @@ -133,21 +149,6 @@ Expand the abbreviations "g", "x", and "z" to "again", "examine", and common abbreviations which were introduced in later games. Use it with caution: A few games might use "g", "x" or "z" for different purposes. -.TP -.B \-W -Write or read only to the directory specified by the provided pathname. -Ordinarily Frotz will write or read its saves, transcripts, and move -recordings in whatever path or directory the user provides when the -.B SAVE, -.B SCRIPT, -or -.B RECORDING -commands are given. This can be undesirable if Frotz is run in a -restricted environment -- for example by a chatbot. This option will -cause Frotz to write or read only to the provided path and nowhere else. -Then the controlling process can then watch that directory for changes -and need not worry about someone scribbling or snooping who-knows-where. - .TP .B \-Z N Error checking mode. diff --git a/doc/frotz.6 b/doc/frotz.6 index 33a2717..7f50d6e 100644 --- a/doc/frotz.6 +++ b/doc/frotz.6 @@ -96,6 +96,10 @@ happen if fatal errors are not caught. .B \-l N Sets the left margin, for those who might have specific formatting needs. +.TP +.B \-L +When the game starts, load this saved game file. + .TP .B \-o Watch object movement. This option enables debugging messages from the @@ -130,8 +134,20 @@ noises. Sets the right margin. .TP -.B \-R -When the game starts, load this saved game file. +.B \-R +Restricted read/write. Reading and writing files will be restricted +only to the provided path. Ordinarily Frotz will write or read its +saves, transcripts, and move recordings in whatever path or directory +the user provides when the +.B SAVE, +.B SCRIPT, +or +.B RECORDING +commands are given. This can be undesirable if Frotz is run in a +restricted environment, by a front end, or by a chatbot. This option will +cause Frotz to write or read only to the provided path and nowhere else. +Then the controlling process can then watch that directory for changes +and need not worry about someone scribbling or snooping who-knows-where. .TP .B \-s N @@ -175,21 +191,6 @@ Expand the abbreviations "g", "x", and "z" to "again", "examine", and common abbreviations which were introduced in later games. Use it with caution: A few games might use "g", "x" or "z" for different purposes. -.TP -.B \-W -Write or read only to the directory specified by the provided pathname. -Ordinarily Frotz will write or read its saves, transcripts, and move -recordings in whatever path or directory the user provides when the -.B SAVE, -.B SCRIPT, -or -.B RECORDING -commands are given. This can be undesirable if Frotz is run in a -restricted environment -- for example by a chatbot. This option will -cause Frotz to write or read only to the provided path and nowhere else. -Then the controlling process can then watch that directory for changes -and need not worry about someone scribbling or snooping who-knows-where. - .TP .B \-Z N Error checking mode. diff --git a/src/common/setup.h b/src/common/setup.h index 517ad84..a19ac0f 100644 --- a/src/common/setup.h +++ b/src/common/setup.h @@ -30,7 +30,7 @@ typedef struct frotz_setup_struct { char *aux_name; char *story_path; char *zcode_path; - char *write_path; + char *restricted_path; int restore_mode; /* for a save file passed from command line*/ bool use_blorb; diff --git a/src/curses/ux_init.c b/src/curses/ux_init.c index d1f03bf..7c5e86a 100644 --- a/src/curses/ux_init.c +++ b/src/curses/ux_init.c @@ -62,19 +62,19 @@ static void sigint_handler(int); An interpreter for all Infocom and other Z-Machine games.\n\ \n\ Syntax: frotz [options] story-file\n\ - -a watch attribute setting \t -p plain ASCII output only\n\ - -A watch attribute testing \t -P alter piracy opcode\n\ - -b background color \t -q quiet (disable sound effects)\n\ - -c # context lines \t -r # right margin\n\ - -d disable color \t -R load this save file\n\ - -e enable sound \t -s # random number seed value\n\ - -f foreground color \t -S # transcript width\n\ - -F Force color mode \t -t set Tandy bit\n\ - -h # screen height \t -u # slots for multiple undo\n\ - -i ignore fatal errors \t -v show version information\n\ - -l # left margin \t -w # screen width\n\ - -o watch object movement \t -x expand abbreviations g/x/z\n\ - -O watch object locating\n" + -a watch attribute setting \t -O watch object locating\n\ + -A watch attribute testing \t -p plain ASCII output only\n\ + -b background color \t -P alter piracy opcode\n\ + -c # context lines \t -q quiet (disable sound effects)\n\ + -d disable color \t -r # right margin\n\ + -e enable sound \t -R restricted read/write\n\ + -f foreground color \t -s # random number seed value\n\ + -F Force color mode \t -S # transcript width\n\ + -h # screen height \t -t set Tandy bit\n\ + -i ignore fatal errors \t -u # slots for multiple undo\n\ + -l # left margin \t -v show version information\n\ + -L load this save file \t -w # screen width\n\ + -o watch object movement \t -x expand abbreviations g/x/z\n" /* char stripped_story_name[FILENAME_MAX+1]; @@ -246,7 +246,7 @@ void os_process_arguments (int argc, char *argv[]) /* Parse the options */ do { - c = zgetopt(argc, argv, "-aAb:c:def:Fh:il:oOpPqrR:s:S:tu:vw:xZ:"); + c = zgetopt(argc, argv, "-aAb:c:def:Fh:il:oOpPqrR:s:S:tu:vw:W:xZ:"); switch(c) { case 'a': f_setup.attribute_assignment = 1; break; case 'A': f_setup.attribute_testing = 1; break; @@ -273,16 +273,17 @@ void os_process_arguments (int argc, char *argv[]) case 'h': u_setup.screen_height = atoi(zoptarg); break; case 'i': f_setup.ignore_errors = 1; break; case 'l': f_setup.left_margin = atoi(zoptarg); break; + case 'L': f_setup.restore_mode = 1; + f_setup.tmp_save_name = malloc(FILENAME_MAX * sizeof(char) + 1); + strncpy(f_setup.tmp_save_name, zoptarg, FILENAME_MAX); + break; case 'o': f_setup.object_movement = 1; break; case 'O': f_setup.object_locating = 1; break; case 'p': u_setup.plain_ascii = 1; break; case 'P': f_setup.piracy = 1; break; case 'q': f_setup.sound = 0; break; case 'r': f_setup.right_margin = atoi(zoptarg); break; - case 'R': f_setup.restore_mode = 1; - f_setup.tmp_save_name = malloc(FILENAME_MAX * sizeof(char) + 1); - strncpy(f_setup.tmp_save_name, zoptarg, FILENAME_MAX); - break; + case 'R': f_setup.restricted_path = strndup(zoptarg, PATH_MAX); break; case 's': u_setup.random_seed = atoi(zoptarg); break; case 'S': f_setup.script_cols = atoi(zoptarg); break; case 't': u_setup.tandy_bit = 1; break; diff --git a/src/curses/ux_input.c b/src/curses/ux_input.c index afd12a0..d467b8f 100644 --- a/src/curses/ux_input.c +++ b/src/curses/ux_input.c @@ -651,6 +651,8 @@ int os_read_file_name (char *file_name, const char *default_name, int UNUSED(fla { int saved_replay = istream_replay; int saved_record = ostream_record; + int i; + char *tempname; /* Turn off playback and recording temporarily */ @@ -674,6 +676,22 @@ int os_read_file_name (char *file_name, const char *default_name, int UNUSED(fla if (file_name[0] == 0) strcpy (file_name, default_name); + /* Check if we're restricted to one directory. */ + if (f_setup.restricted_path != NULL) { + for (i = strlen(file_name); i > 0; i--) { + if (file_name[i] == PATH_SEPARATOR) { + i++; + break; + } + } + tempname = strdup(file_name + i); + strcpy(file_name, f_setup.restricted_path); + if (file_name[strlen(file_name)-1] != PATH_SEPARATOR) { + strcat(file_name, "/"); + } + strcat(file_name, tempname); + } + /* Restore state of playback and recording */ istream_replay = saved_replay; diff --git a/src/curses/ux_params.txt b/src/curses/ux_params.txt index d4cf92d..26e18e7 100644 --- a/src/curses/ux_params.txt +++ b/src/curses/ux_params.txt @@ -9,18 +9,18 @@ -h # screen height -i ignore fatal errors -l # left margin +-L load this save file -o watch object movement -O watch object locating -p plain ASCII output only -P alter piracy opcode -q quiet (disable sound effects) -r # right margin --R load this save file +-R restricted read/write -s # random number seed value -S # transcript width -t set Tandy bit -u # slots for multiple undo -v show version information -w # screen width --W write/read only to this path -x expand abbreviations g/x/z diff --git a/src/dumb/dumb_init.c b/src/dumb/dumb_init.c index aadb95e..4d666da 100644 --- a/src/dumb/dumb_init.c +++ b/src/dumb/dumb_init.c @@ -32,15 +32,15 @@ static void print_version(void); An interpreter for all Infocom and other Z-Machine games.\n\ \n\ Syntax: dfrotz [options] story-file\n\ - -a watch attribute setting \t -R load this save file\n\ - -A watch attribute testing \t -s # random number seed value\n\ - -h # screen height \t -S # transcript width\n\ - -i ignore fatal errors \t -t set Tandy bit\n\ - -I # interpreter number \t -u # slots for multiple undo\n\ - -o watch object movement \t -v show version information\n\ - -O watch object locating \t -w # screen width\n\ - -p plain ASCII output only \t -W write/read only to this path\n\ - -P alter piracy opcode \t -x expand abbreviations g/x/z\n\ + -a watch attribute setting \t -P alter piracy opcode\n\ + -A watch attribute testing \t -R restricted read/write\n\ + -h # screen height \t -s # random number seed value\n\ + -i ignore fatal errors \t -S # transcript width\n\ + -I # interpreter number \t -t set Tandy bit\n\ + -o watch object movement \t -u # slots for multiple undo\n\ + -O watch object locating \t -v show version information\n\ + -L load this save file \t -w # screen width\n\ + -p plain ASCII output only \t -x expand abbreviations g/x/z\n\ -r xxx set runtime option \\xxx before starting (can be used repeatedly)\n" /* A unix-like getopt, but with the names changed to avoid any problems. */ @@ -95,29 +95,29 @@ void os_process_arguments(int argc, char *argv[]) do_more_prompts = TRUE; /* Parse the options */ do { - c = zgetopt(argc, argv, "-aAh:iI:moOpPs:r:R:S:tu:vw:W:xZ:"); + c = zgetopt(argc, argv, "-aAh:iI:L:moOpPs:r:R:S:tu:vw:xZ:"); switch(c) { case 'a': f_setup.attribute_assignment = 1; break; case 'A': f_setup.attribute_testing = 1; break; case 'h': user_screen_height = atoi(zoptarg); break; case 'i': f_setup.ignore_errors = 1; break; case 'I': f_setup.interpreter_number = atoi(zoptarg); break; + case 'L': f_setup.restore_mode = 1; + f_setup.tmp_save_name = my_strdup(zoptarg); + break; case 'm': do_more_prompts = FALSE; break; case 'o': f_setup.object_movement = 1; break; case 'O': f_setup.object_locating = 1; break; case 'P': f_setup.piracy = 1; break; case 'p': plain_ascii = 1; break; - case 'R': f_setup.restore_mode = 1; - f_setup.tmp_save_name = my_strdup(zoptarg); - break; case 'r': dumb_handle_setting(zoptarg, FALSE, TRUE); break; + case 'R': f_setup.restricted_path = strndup(zoptarg, PATH_MAX); break; case 's': user_random_seed = atoi(zoptarg); break; case 'S': f_setup.script_cols = atoi(zoptarg); break; case 't': user_tandy_bit = 1; break; case 'u': f_setup.undo_slots = atoi(zoptarg); break; case 'v': print_version(); exit(2); break; case 'w': user_screen_width = atoi(zoptarg); break; - case 'W': f_setup.write_path = strndup(zoptarg, PATH_MAX); break; case 'x': f_setup.expand_abbreviations = 1; break; case 'Z': f_setup.err_report_mode = atoi(zoptarg); if ((f_setup.err_report_mode < ERR_REPORT_NEVER) || diff --git a/src/dumb/dumb_input.c b/src/dumb/dumb_input.c index 0fc7c9c..fb78cda 100644 --- a/src/dumb/dumb_input.c +++ b/src/dumb/dumb_input.c @@ -426,7 +426,7 @@ int os_read_file_name (char *file_name, const char *default_name, int flag) strcpy (file_name, buf[0] ? buf : default_name); /* Check if we're restricted to one directory. */ - if (f_setup.write_path != NULL) { + if (f_setup.restricted_path != NULL) { for (i = strlen(file_name); i > 0; i--) { if (file_name[i] == PATH_SEPARATOR) { i++; @@ -434,7 +434,7 @@ int os_read_file_name (char *file_name, const char *default_name, int flag) } } tempname = strdup(file_name + i); - strcpy(file_name, f_setup.write_path); + strcpy(file_name, f_setup.restricted_path); if (file_name[strlen(file_name)-1] != PATH_SEPARATOR) { strcat(file_name, "/"); } diff --git a/src/dumb/dumb_params.txt b/src/dumb/dumb_params.txt index 8223303..162f5ed 100644 --- a/src/dumb/dumb_params.txt +++ b/src/dumb/dumb_params.txt @@ -5,14 +5,14 @@ -I # interpreter number -o watch object movement -O watch object locating +-L load this save file -p plain ASCII output only -P alter piracy opcode --R load this save file +-R restricted read/write -s # random number seed value -S # transcript width -t set Tandy bit -u # slots for multiple undo -v show version information -w # screen width --W write/read only to this path -x expand abbreviations g/x/z -- 2.34.1