auth via ssl

- move the config file to sysconfdir/skyped/skyped.conf as there will other config files there, too
- autogenerate the ssl paths in skyped.conf.dist
- skype plugin: connect via ssl
- skyped: listen via ssl

6 files changed, 50 insertions, 22 deletions

diff --git a/skype/Makefile b/skype/Makefile
index a117dd71..46165b1d 100644
--- a/skype/Makefile
+++ b/skype/Makefile
@@ -11,7 +11,7 @@ install: skype.so skyped.py
 	$(INSTALL) -d $(DESTDIR)$(sysconfdir)
 	$(INSTALL) skype.so $(DESTDIR)$(plugindir)
 	$(INSTALL) skyped.py $(DESTDIR)$(bindir)/skyped
-	sed -i 's|/etc|$(sysconfdir)|' $(DESTDIR)$(bindir)/skyped
+	sed -i 's|/usr/local/etc/skyped|$(sysconfdir)|' $(DESTDIR)$(bindir)/skyped
 	$(INSTALL) -m644 skyped.conf.dist $(DESTDIR)$(sysconfdir)/skyped.conf
 
 client: client.c
diff --git a/skype/config.mak.in b/skype/config.mak.in
index 4dd6ac47..7a63bf35 100644
--- a/skype/config.mak.in
+++ b/skype/config.mak.in
@@ -2,7 +2,7 @@ CFLAGS = @CFLAGS@
 LDFLAGS = @LDFLAGS@
 INSTALL = @INSTALL@
 prefix = @prefix@
-sysconfdir = @sysconfdir@
+sysconfdir = @sysconfdir@/skyped
 exec_prefix = @exec_prefix@
 bindir = @bindir@
 libdir = @libdir@
diff --git a/skype/configure.ac b/skype/configure.ac
index 36c4fdcd..08ba6f91 100644
--- a/skype/configure.ac
+++ b/skype/configure.ac
@@ -16,3 +16,4 @@ PKG_CHECK_MODULES(BITLBEE, bitlbee)
 CFLAGS="$CFLAGS $BITLBEE_CFLAGS"
 LDFLAGS="$LDFLAGS $BITLBEE_LIBS"
 AC_OUTPUT(config.mak)
+AC_OUTPUT(skyped.conf.dist)
diff --git a/skype/skype.c b/skype/skype.c
index f9dbf0f5..7f5be9e7 100644
--- a/skype/skype.c
+++ b/skype/skype.c
@@ -27,6 +27,7 @@
 #include <stdio.h>
 #include <poll.h>
 #include <bitlbee.h>
+#include <bitlbee/ssl_client.h>
 #include <glib.h>
 
 #define SKYPE_DEFAULT_SERVER "localhost"
@@ -62,6 +63,8 @@ struct skype_data
 	/* File descriptor returned by bitlbee. we store it so we know when
 	 * we're connected and when we aren't. */
 	int bfd;
+	/* ssl_getfd() uses this to get the file desciptor. */
+	void *ssl;
 	/* When we receive a new message id, we query the properties, finally
 	 * the chatname. Store the properties here so that we can use
 	 * imcb_buddy_msg() when we got the chatname. */
@@ -145,11 +148,10 @@ int skype_write( struct im_connection *ic, char *buf, int len )
 	poll(pfd, 1, 1000);
 	if(pfd[0].revents & POLLHUP)
 	{
-		imcb_error( ic, "Could not connect to server" );
 		imc_logout( ic, TRUE );
 		return FALSE;
 	}
-	write( sd->fd, buf, len );
+	ssl_write( sd->ssl, buf, len );
 
 	return TRUE;
 }
@@ -209,7 +211,7 @@ static gboolean skype_read_callback( gpointer data, gint fd, b_input_condition c
 	if( !sd || sd->fd == -1 )
 		return FALSE;
 	/* Read the whole data. */
-	st = read( sd->fd, buf, sizeof( buf ) );
+	st = ssl_read( sd->ssl, buf, sizeof( buf ) );
 	if( st > 0 )
 	{
 		buf[st] = '\0';
@@ -719,6 +721,16 @@ static gboolean skype_read_callback( gpointer data, gint fd, b_input_condition c
 					}
 				}
 			}
+			else if(!strncmp(line, "PASSWORD ", 9))
+			{
+				if(!strncmp(line+9, "OK", 2))
+					imcb_connected(ic);
+				else
+				{
+					imcb_error(ic, "Authentication Failed");
+					imc_logout( ic, TRUE );
+				}
+			}
 			lineptr++;
 		}
 		g_strfreev(lines);
@@ -765,10 +777,18 @@ gboolean skype_start_stream( struct im_connection *ic )
 	return st;
 }
 
-gboolean skype_connected( gpointer data, gint source, b_input_condition cond )
+gboolean skype_connected( gpointer data, void *source, b_input_condition cond )
 {
 	struct im_connection *ic = data;
-	imcb_connected(ic);
+	struct skype_data *sd = ic->proto_data;
+	if(!source)
+	{
+		sd->ssl = NULL;
+		imcb_error( ic, "Could not connect to server" );
+		imc_logout( ic, TRUE );
+		return FALSE;
+	}
+	imcb_log( ic, "Connected to server, logging in" );
 	return skype_start_stream(ic);
 }
 
@@ -780,7 +800,8 @@ static void skype_login( account_t *acc )
 	ic->proto_data = sd;
 
 	imcb_log( ic, "Connecting" );
-	sd->fd = proxy_connect(set_getstr( &acc->set, "server" ), set_getint( &acc->set, "port" ), skype_connected, ic );
+	sd->ssl = ssl_connect(set_getstr( &acc->set, "server" ), set_getint( &acc->set, "port" ), skype_connected, ic );
+	sd->fd = sd->ssl ? ssl_getfd( sd->ssl ) : -1;
 	sd->username = g_strdup( acc->user );
 
 	sd->ic = ic;
diff --git a/skype/skyped.conf.dist b/skype/skyped.conf.dist.in
index 43faa0c6..a98d5ec8 100644
--- a/skype/skyped.conf.dist
+++ b/skype/skyped.conf.dist.in
@@ -2,3 +2,5 @@
 username = john
 # use `echo -n foo|sha1sum` to generate this hash for your password
 password = 0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33
+cert = @sysconfdir@/skyped/skyped.cert.pem
+key  = @sysconfdir@/skyped/skyped.key.pem
diff --git a/skype/skyped.py b/skype/skyped.py
index c2b102a3..5e80a433 100644
--- a/skype/skyped.py
+++ b/skype/skyped.py
@@ -36,6 +36,7 @@ import Skype4Py
 import threading
 import sha
 from ConfigParser import ConfigParser
+from OpenSSL import SSL
 
 __version__ = "0.1.1"
 
@@ -66,7 +67,12 @@ def idle_handler(skype):
 	return True
 
 def server(host, port):
-	sock = socket.socket()
+	global options
+
+	ctx = SSL.Context(SSL.TLSv1_METHOD)
+	ctx.use_privatekey_file(options.config.sslkey)
+	ctx.use_certificate_file(options.config.sslcert)
+	sock = SSL.Connection(ctx, socket.socket())
 	sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
 	sock.bind((host, port))
 	sock.listen(1)
@@ -75,25 +81,21 @@ def server(host, port):
 def listener(sock, *args):
 	global options
 	options.conn, addr = sock.accept()
-	lines = options.conn.recv(512).split('\n')
 	ret = 0
-	nlines = []
-	for i in lines:
-		if i.startswith("USERNAME") and i.split(' ')[1].strip() == options.config.username:
-			ret += 1
-		elif i.startswith("PASSWORD") and sha.sha(i.split(' ')[1].strip()).hexdigest() == options.config.password:
-			ret += 1
-		else:
-			nlines.append(i)
-	del lines
+	line = options.conn.recv(1024)
+	if line.startswith("USERNAME") and line.split(' ')[1].strip() == options.config.username:
+		ret += 1
+	line = options.conn.recv(1024)
+	if line.startswith("PASSWORD") and sha.sha(line.split(' ')[1].strip()).hexdigest() == options.config.password:
+		ret += 1
 	if ret == 2:
 		dprint("Username and password OK.")
-		options.buf = nlines
-		input_handler(None, None)
+		options.conn.send("PASSWORD OK\n")
 		gobject.io_add_watch(options.conn, gobject.IO_IN, input_handler)
 		return True
 	else:
 		dprint("Username and/or password WRONG.")
+		options.conn.send("PASSWORD KO\n")
 		return False
 
 def dprint(msg):
@@ -152,7 +154,7 @@ class SkypeApi():
 
 class Options:
 	def __init__(self):
-		self.cfgpath = "/etc/skyped.conf"
+		self.cfgpath = "/usr/local/etc/skyped/skyped.conf"
 		self.daemon = True
 		self.debug = False
 		self.help = False
@@ -216,6 +218,8 @@ if __name__=='__main__':
 	options.config.read(options.cfgpath)
 	options.config.username = options.config.get('skyped', 'username').split('#')[0]
 	options.config.password = options.config.get('skyped', 'password').split('#')[0]
+	options.config.sslkey = options.config.get('skyped', 'key').split('#')[0]
+	options.config.sslcert = options.config.get('skyped', 'cert').split('#')[0]
 	dprint("Parsing config file '%s' done, username is '%s'." % (options.cfgpath, options.config.username))
 	if options.daemon:
 		pid = os.fork()