aboutsummaryrefslogtreecommitdiffstats
path: root/protocols/jabber
diff options
context:
space:
mode:
Diffstat (limited to 'protocols/jabber')
-rw-r--r--protocols/jabber/conference.c3
-rw-r--r--protocols/jabber/iq.c26
-rw-r--r--protocols/jabber/jabber.c134
-rw-r--r--protocols/jabber/jabber.h17
-rw-r--r--protocols/jabber/jabber_util.c18
-rw-r--r--protocols/jabber/sasl.c238
6 files changed, 350 insertions, 86 deletions
diff --git a/protocols/jabber/conference.c b/protocols/jabber/conference.c
index 0c2db0b3..74561d24 100644
--- a/protocols/jabber/conference.c
+++ b/protocols/jabber/conference.c
@@ -210,6 +210,7 @@ void jabber_chat_pkt_presence( struct im_connection *ic, struct jabber_buddy *bu
struct groupchat *chat;
struct xt_node *c;
char *type = xt_find_attr( node, "type" );
+ struct jabber_data *jd = ic->proto_data;
struct jabber_chat *jc;
char *s;
@@ -251,7 +252,7 @@ void jabber_chat_pkt_presence( struct im_connection *ic, struct jabber_buddy *bu
{
if( bud == jc->me )
{
- bud->ext_jid = jabber_normalize( ic->acc->user );
+ bud->ext_jid = g_strdup( jd->me );
}
else
{
diff --git a/protocols/jabber/iq.c b/protocols/jabber/iq.c
index 0c5671d0..2cdc681e 100644
--- a/protocols/jabber/iq.c
+++ b/protocols/jabber/iq.c
@@ -30,6 +30,7 @@ static xt_status jabber_iq_display_vcard( struct im_connection *ic, struct xt_no
xt_status jabber_pkt_iq( struct xt_node *node, gpointer data )
{
struct im_connection *ic = data;
+ struct jabber_data *jd = ic->proto_data;
struct xt_node *c, *reply = NULL;
char *type, *s;
int st, pack = 1;
@@ -169,10 +170,10 @@ xt_status jabber_pkt_iq( struct xt_node *node, gpointer data )
/* This is a roster push. XMPP servers send this when someone
was added to (or removed from) the buddy list. AFAIK they're
sent even if we added this buddy in our own session. */
- int bare_len = strlen( ic->acc->user );
+ int bare_len = strlen( jd->me );
if( ( s = xt_find_attr( node, "from" ) ) == NULL ||
- ( strncmp( s, ic->acc->user, bare_len ) == 0 &&
+ ( strncmp( s, jd->me, bare_len ) == 0 &&
( s[bare_len] == 0 || s[bare_len] == '/' ) ) )
{
jabber_parse_roster( ic, node, NULL );
@@ -342,8 +343,25 @@ xt_status jabber_pkt_bind_sess( struct im_connection *ic, struct xt_node *node,
if( node && ( c = xt_find_node( node->children, "bind" ) ) )
{
c = xt_find_node( c->children, "jid" );
- if( c && c->text_len && ( s = strchr( c->text, '/' ) ) &&
- strcmp( s + 1, set_getstr( &ic->acc->set, "resource" ) ) != 0 )
+ if( !c || !c->text )
+ {
+ /* Server is crap, but this is no disaster. */
+ }
+ else if( strncmp( jd->me, c->text, strlen( jd->me ) ) != 0 )
+ {
+ s = strchr( c->text, '/' );
+ if( s )
+ *s = '\0';
+ jabber_set_me( ic, c->text );
+ imcb_log( ic, "Server claims your JID is `%s' instead of `%s'. "
+ "This mismatch may cause problems with groupchats "
+ "and possibly other things.",
+ c->text, ic->acc->user );
+ if( s )
+ *s = '/';
+ }
+ else if( c && c->text_len && ( s = strchr( c->text, '/' ) ) &&
+ strcmp( s + 1, set_getstr( &ic->acc->set, "resource" ) ) != 0 )
imcb_log( ic, "Server changed session resource string to `%s'", s + 1 );
}
diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c
index 372d73a9..92256a71 100644
--- a/protocols/jabber/jabber.c
+++ b/protocols/jabber/jabber.c
@@ -31,6 +31,7 @@
#include "xmltree.h"
#include "bitlbee.h"
#include "jabber.h"
+#include "oauth.h"
#include "md5.h"
GSList *jabber_connections;
@@ -59,6 +60,8 @@ static void jabber_init( account_t *acc )
s = set_add( &acc->set, "activity_timeout", "600", set_eval_int, acc );
+ s = set_add( &acc->set, "oauth", "false", set_eval_oauth, acc );
+
g_snprintf( str, sizeof( str ), "%d", jabber_port_list[0] );
s = set_add( &acc->set, "port", str, set_eval_int, acc );
s->flags |= ACC_SET_OFFLINE_ONLY;
@@ -72,6 +75,9 @@ static void jabber_init( account_t *acc )
s = set_add( &acc->set, "resource_select", "activity", NULL, acc );
+ s = set_add( &acc->set, "sasl", "true", set_eval_bool, acc );
+ s->flags |= ACC_SET_OFFLINE_ONLY | SET_HIDDEN_DEFAULT;
+
s = set_add( &acc->set, "server", NULL, set_eval_account, acc );
s->flags |= ACC_SET_NOSAVE | ACC_SET_OFFLINE_ONLY | SET_NULL_OK;
@@ -84,9 +90,6 @@ static void jabber_init( account_t *acc )
s = set_add( &acc->set, "tls_verify", "true", set_eval_bool, acc );
s->flags |= ACC_SET_OFFLINE_ONLY;
- s = set_add( &acc->set, "sasl", "true", set_eval_bool, acc );
- s->flags |= ACC_SET_OFFLINE_ONLY | SET_HIDDEN_DEFAULT;
-
s = set_add( &acc->set, "user_agent", "BitlBee", NULL, acc );
s = set_add( &acc->set, "xmlconsole", "false", set_eval_bool, acc );
@@ -101,9 +104,7 @@ static void jabber_login( account_t *acc )
{
struct im_connection *ic = imcb_new( acc );
struct jabber_data *jd = g_new0( struct jabber_data, 1 );
- struct ns_srv_reply **srvl = NULL, *srv = NULL;
- char *connect_to, *s;
- int i;
+ char *s;
/* For now this is needed in the _connected() handlers if using
GLib event handling, to make sure we're not handling events
@@ -113,8 +114,7 @@ static void jabber_login( account_t *acc )
jd->ic = ic;
ic->proto_data = jd;
- jd->username = g_strdup( acc->user );
- jd->server = strchr( jd->username, '@' );
+ jabber_set_me( ic, acc->user );
jd->fd = jd->r_inpa = jd->w_inpa = -1;
@@ -125,10 +125,6 @@ static void jabber_login( account_t *acc )
return;
}
- /* So don't think of free()ing jd->server.. :-) */
- *jd->server = 0;
- jd->server ++;
-
if( ( s = strchr( jd->server, '/' ) ) )
{
*s = 0;
@@ -140,63 +136,62 @@ static void jabber_login( account_t *acc )
*s = 0;
}
- /* This code isn't really pretty. Backwards compatibility never is... */
- s = acc->server;
- while( s )
+ jd->node_cache = g_hash_table_new_full( g_str_hash, g_str_equal, NULL, jabber_cache_entry_free );
+ jd->buddies = g_hash_table_new( g_str_hash, g_str_equal );
+
+ if( set_getbool( &acc->set, "oauth" ) )
{
- static int had_port = 0;
+ GSList *p_in = NULL;
+ const char *tok;
+
+ jd->fd = jd->r_inpa = jd->w_inpa = -1;
- if( strncmp( s, "ssl", 3 ) == 0 )
+ if( strstr( jd->server, ".live.com" ) )
+ jd->oauth2_service = &oauth2_service_mslive;
+ else if( strstr( jd->server, ".facebook.com" ) )
+ jd->oauth2_service = &oauth2_service_facebook;
+ else
+ jd->oauth2_service = &oauth2_service_google;
+
+ oauth_params_parse( &p_in, ic->acc->pass );
+
+ /* First see if we have a refresh token, in which case any
+ access token we *might* have has probably expired already
+ anyway. */
+ if( ( tok = oauth_params_get( &p_in, "refresh_token" ) ) )
{
- set_setstr( &acc->set, "ssl", "true" );
-
- /* Flush this part so that (if this was the first
- part of the server string) acc->server gets
- flushed. We don't want to have to do this another
- time. :-) */
- *s = 0;
- s ++;
-
- /* Only set this if the user didn't specify a custom
- port number already... */
- if( !had_port )
- set_setint( &acc->set, "port", 5223 );
+ sasl_oauth2_refresh( ic, tok );
}
- else if( isdigit( *s ) )
+ /* If we don't have a refresh token, let's hope the access
+ token is still usable. */
+ else if( ( tok = oauth_params_get( &p_in, "access_token" ) ) )
{
- int i;
-
- /* The first character is a digit. It could be an
- IP address though. Only accept this as a port#
- if there are only digits. */
- for( i = 0; isdigit( s[i] ); i ++ );
-
- /* If the first non-digit character is a colon or
- the end of the string, save the port number
- where it should be. */
- if( s[i] == ':' || s[i] == 0 )
- {
- sscanf( s, "%d", &i );
- set_setint( &acc->set, "port", i );
-
- /* See above. */
- *s = 0;
- s ++;
- }
-
- had_port = 1;
+ jd->oauth2_access_token = g_strdup( tok );
+ jabber_connect( ic );
}
-
- s = strchr( s, ':' );
- if( s )
+ /* If we don't have any, start the OAuth process now. Don't
+ even open an XMPP connection yet. */
+ else
{
- *s = 0;
- s ++;
+ sasl_oauth2_init( ic );
+ ic->flags |= OPT_SLOW_LOGIN;
}
+
+ oauth_params_free( &p_in );
}
-
- jd->node_cache = g_hash_table_new_full( g_str_hash, g_str_equal, NULL, jabber_cache_entry_free );
- jd->buddies = g_hash_table_new( g_str_hash, g_str_equal );
+ else
+ jabber_connect( ic );
+}
+
+/* Separate this from jabber_login() so we can do OAuth first if necessary.
+ Putting this in io.c would probably be more correct. */
+void jabber_connect( struct im_connection *ic )
+{
+ account_t *acc = ic->acc;
+ struct jabber_data *jd = ic->proto_data;
+ int i;
+ char *connect_to;
+ struct ns_srv_reply **srvl = NULL, *srv = NULL;
/* Figure out the hostname to connect to. */
if( acc->server && *acc->server )
@@ -321,8 +316,10 @@ static void jabber_logout( struct im_connection *ic )
xt_free( jd->xt );
+ g_free( jd->oauth2_access_token );
g_free( jd->away_message );
g_free( jd->username );
+ g_free( jd->me );
g_free( jd );
jabber_connections = g_slist_remove( jabber_connections, ic );
@@ -339,6 +336,20 @@ static int jabber_buddy_msg( struct im_connection *ic, char *who, char *message,
if( g_strcasecmp( who, JABBER_XMLCONSOLE_HANDLE ) == 0 )
return jabber_write( ic, message, strlen( message ) );
+ if( g_strcasecmp( who, "jabber_oauth" ) == 0 )
+ {
+ if( sasl_oauth2_get_refresh_token( ic, message ) )
+ {
+ return 1;
+ }
+ else
+ {
+ imcb_error( ic, "OAuth failure" );
+ imc_logout( ic, TRUE );
+ return 0;
+ }
+ }
+
if( ( s = strchr( who, '=' ) ) && jabber_chat_by_jid( ic, s + 1 ) )
bud = jabber_buddy_by_ext_jid( ic, who, 0 );
else
@@ -490,11 +501,12 @@ static void jabber_chat_leave_( struct groupchat *c )
static void jabber_chat_invite_( struct groupchat *c, char *who, char *msg )
{
+ struct jabber_data *jd = c->ic->proto_data;
struct jabber_chat *jc = c->data;
gchar *msg_alt = NULL;
if( msg == NULL )
- msg_alt = g_strdup_printf( "%s invited you to %s", c->ic->acc->user, jc->name );
+ msg_alt = g_strdup_printf( "%s invited you to %s", jd->me, jc->name );
if( c && who )
jabber_chat_invite( c, who, msg ? msg : msg_alt );
diff --git a/protocols/jabber/jabber.h b/protocols/jabber/jabber.h
index 5996c301..76546bde 100644
--- a/protocols/jabber/jabber.h
+++ b/protocols/jabber/jabber.h
@@ -46,6 +46,8 @@ typedef enum
activates all XEP-85 related code. */
JFLAG_XMLCONSOLE = 64, /* If the user added an xmlconsole buddy. */
JFLAG_STARTTLS_DONE = 128, /* If a plaintext session was converted to TLS. */
+
+ JFLAG_SASL_FB = 0x10000, /* Trying Facebook authentication. */
} jabber_flags_t;
typedef enum
@@ -91,6 +93,10 @@ struct jabber_data
char *username; /* USERNAME@server */
char *server; /* username@SERVER -=> server/domain, not hostname */
+ char *me; /* bare jid */
+
+ const struct oauth2_service *oauth2_service;
+ char *oauth2_access_token;
/* After changing one of these two (or the priority setting), call
presence_send_update() to inform the server about the changes. */
@@ -231,6 +237,9 @@ struct jabber_transfer
#define XMLNS_BYTESTREAMS "http://jabber.org/protocol/bytestreams" /* XEP-0065 */
#define XMLNS_IBB "http://jabber.org/protocol/ibb" /* XEP-0047 */
+/* jabber.c */
+void jabber_connect( struct im_connection *ic );
+
/* iq.c */
xt_status jabber_pkt_iq( struct xt_node *node, gpointer data );
int jabber_init_iq_auth( struct im_connection *ic );
@@ -299,6 +308,7 @@ void jabber_buddy_remove_all( struct im_connection *ic );
time_t jabber_get_timestamp( struct xt_node *xt );
struct jabber_error *jabber_error_parse( struct xt_node *node, char *xmlns );
void jabber_error_free( struct jabber_error *err );
+gboolean jabber_set_me( struct im_connection *ic, const char *me );
extern const struct jabber_away_state jabber_away_state_list[];
@@ -315,6 +325,13 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data );
xt_status sasl_pkt_challenge( struct xt_node *node, gpointer data );
xt_status sasl_pkt_result( struct xt_node *node, gpointer data );
gboolean sasl_supported( struct im_connection *ic );
+void sasl_oauth2_init( struct im_connection *ic );
+int sasl_oauth2_get_refresh_token( struct im_connection *ic, const char *msg );
+int sasl_oauth2_refresh( struct im_connection *ic, const char *refresh_token );
+
+extern const struct oauth2_service oauth2_service_google;
+extern const struct oauth2_service oauth2_service_facebook;
+extern const struct oauth2_service oauth2_service_mslive;
/* conference.c */
struct groupchat *jabber_chat_join( struct im_connection *ic, const char *room, const char *nick, const char *password );
diff --git a/protocols/jabber/jabber_util.c b/protocols/jabber/jabber_util.c
index e6b13659..d181b904 100644
--- a/protocols/jabber/jabber_util.c
+++ b/protocols/jabber/jabber_util.c
@@ -760,3 +760,21 @@ void jabber_error_free( struct jabber_error *err )
{
g_free( err );
}
+
+gboolean jabber_set_me( struct im_connection *ic, const char *me )
+{
+ struct jabber_data *jd = ic->proto_data;
+
+ if( strchr( me, '@' ) == NULL )
+ return FALSE;
+
+ g_free( jd->username );
+ g_free( jd->me );
+
+ jd->me = jabber_normalize( me );
+ jd->server = strchr( jd->me, '@' );
+ jd->username = g_strndup( jd->me, jd->server - jd->me );
+ jd->server ++;
+
+ return TRUE;
+}
diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c
index 53248ef3..2f45eb20 100644
--- a/protocols/jabber/sasl.c
+++ b/protocols/jabber/sasl.c
@@ -25,6 +25,36 @@
#include "jabber.h"
#include "base64.h"
+#include "oauth2.h"
+#include "oauth.h"
+
+const struct oauth2_service oauth2_service_google =
+{
+ "https://accounts.google.com/o/oauth2/auth",
+ "https://accounts.google.com/o/oauth2/token",
+ "urn:ietf:wg:oauth:2.0:oob",
+ "https://www.googleapis.com/auth/googletalk",
+ "783993391592.apps.googleusercontent.com",
+ "6C-Zgf7Tr7gEQTPlBhMUgo7R",
+};
+const struct oauth2_service oauth2_service_facebook =
+{
+ "https://www.facebook.com/dialog/oauth",
+ "https://graph.facebook.com/oauth/access_token",
+ "http://www.bitlbee.org/main.php/Facebook/oauth2.html",
+ "offline_access,xmpp_login",
+ "126828914005625",
+ "4b100f0f244d620bf3f15f8b217d4c32",
+};
+const struct oauth2_service oauth2_service_mslive =
+{
+ "https://oauth.live.com/authorize",
+ "https://oauth.live.com/token",
+ "http://www.bitlbee.org/main.php/Messenger/oauth2.html",
+ "wl.offline_access%20wl.messenger",
+ "000000004C06FCD1",
+ "IRKlBPzJJAWcY-TbZjiTEJu9tn7XCFaV",
+};
xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data )
{
@@ -32,7 +62,9 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data )
struct jabber_data *jd = ic->proto_data;
struct xt_node *c, *reply;
char *s;
- int sup_plain = 0, sup_digest = 0;
+ int sup_plain = 0, sup_digest = 0, sup_gtalk = 0, sup_fb = 0, sup_ms = 0;
+ int want_oauth = FALSE;
+ GString *mechs;
if( !sasl_supported( ic ) )
{
@@ -51,28 +83,78 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data )
return XT_ABORT;
}
+ mechs = g_string_new( "" );
c = node->children;
while( ( c = xt_find_node( c, "mechanism" ) ) )
{
if( c->text && g_strcasecmp( c->text, "PLAIN" ) == 0 )
sup_plain = 1;
- if( c->text && g_strcasecmp( c->text, "DIGEST-MD5" ) == 0 )
+ else if( c->text && g_strcasecmp( c->text, "DIGEST-MD5" ) == 0 )
sup_digest = 1;
+ else if( c->text && g_strcasecmp( c->text, "X-OAUTH2" ) == 0 )
+ sup_gtalk = 1;
+ else if( c->text && g_strcasecmp( c->text, "X-FACEBOOK-PLATFORM" ) == 0 )
+ sup_fb = 1;
+ else if( c->text && g_strcasecmp( c->text, "X-MESSENGER-OAUTH2" ) == 0 )
+ sup_ms = 1;
+
+ if( c->text )
+ g_string_append_printf( mechs, " %s", c->text );
c = c->next;
}
- if( !sup_plain && !sup_digest )
+ if( !sup_plain && !sup_digest && !sup_gtalk && !sup_fb && !sup_ms )
{
- imcb_error( ic, "No known SASL authentication schemes supported" );
+ imcb_error( ic, "BitlBee does not support any of the offered SASL "
+ "authentication schemes:%s", mechs->str );
imc_logout( ic, FALSE );
+ g_string_free( mechs, TRUE );
return XT_ABORT;
}
+ g_string_free( mechs, TRUE );
reply = xt_new_node( "auth", NULL, NULL );
xt_add_attr( reply, "xmlns", XMLNS_SASL );
+ want_oauth = set_getbool( &ic->acc->set, "oauth" );
- if( sup_digest )
+ if( sup_gtalk && want_oauth )
+ {
+ int len;
+
+ /* X-OAUTH2 is, not *the* standard OAuth2 SASL/XMPP implementation.
+ It's currently used by GTalk and vaguely documented on
+ http://code.google.com/apis/cloudprint/docs/rawxmpp.html . */
+ xt_add_attr( reply, "mechanism", "X-OAUTH2" );
+
+ len = strlen( jd->username ) + strlen( jd->oauth2_access_token ) + 2;
+ s = g_malloc( len + 1 );
+ s[0] = 0;
+ strcpy( s + 1, jd->username );
+ strcpy( s + 2 + strlen( jd->username ), jd->oauth2_access_token );
+ reply->text = base64_encode( (unsigned char *)s, len );
+ reply->text_len = strlen( reply->text );
+ g_free( s );
+ }
+ else if( sup_ms && want_oauth )
+ {
+ xt_add_attr( reply, "mechanism", "X-MESSENGER-OAUTH2" );
+ reply->text = g_strdup( jd->oauth2_access_token );
+ reply->text_len = strlen( jd->oauth2_access_token );
+ }
+ else if( sup_fb && want_oauth )
+ {
+ xt_add_attr( reply, "mechanism", "X-FACEBOOK-PLATFORM" );
+ jd->flags |= JFLAG_SASL_FB;
+ }
+ else if( want_oauth )
+ {
+ imcb_error( ic, "OAuth requested, but not supported by server" );
+ imc_logout( ic, FALSE );
+ xt_free_node( reply );
+ return XT_ABORT;
+ }
+ else if( sup_digest )
{
xt_add_attr( reply, "mechanism", "DIGEST-MD5" );
@@ -95,7 +177,7 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data )
g_free( s );
}
- if( !jabber_write_packet( ic, reply ) )
+ if( reply && !jabber_write_packet( ic, reply ) )
{
xt_free_node( reply );
return XT_ABORT;
@@ -196,12 +278,12 @@ xt_status sasl_pkt_challenge( struct xt_node *node, gpointer data )
{
struct im_connection *ic = data;
struct jabber_data *jd = ic->proto_data;
- struct xt_node *reply = NULL;
+ struct xt_node *reply_pkt = NULL;
char *nonce = NULL, *realm = NULL, *cnonce = NULL;
unsigned char cnonce_bin[30];
char *digest_uri = NULL;
char *dec = NULL;
- char *s = NULL;
+ char *s = NULL, *reply = NULL;
xt_status ret = XT_ABORT;
if( node->text_len == 0 )
@@ -209,7 +291,33 @@ xt_status sasl_pkt_challenge( struct xt_node *node, gpointer data )
dec = frombase64( node->text );
- if( !( s = sasl_get_part( dec, "rspauth" ) ) )
+ if( jd->flags & JFLAG_SASL_FB )
+ {
+ /* Facebook proprietary authentication. Not as useful as it seemed, but
+ the code's written now, may as well keep it..
+
+ Mechanism is described on http://developers.facebook.com/docs/chat/
+ and in their Python module. It's all mostly useless because the tokens
+ expire after 24h. */
+ GSList *p_in = NULL, *p_out = NULL;
+ char time[33];
+
+ oauth_params_parse( &p_in, dec );
+ oauth_params_add( &p_out, "nonce", oauth_params_get( &p_in, "nonce" ) );
+ oauth_params_add( &p_out, "method", oauth_params_get( &p_in, "method" ) );
+ oauth_params_free( &p_in );
+
+ g_snprintf( time, sizeof( time ), "%lld", (long long) ( gettime() * 1000 ) );
+ oauth_params_add( &p_out, "call_id", time );
+ oauth_params_add( &p_out, "api_key", oauth2_service_facebook.consumer_key );
+ oauth_params_add( &p_out, "v", "1.0" );
+ oauth_params_add( &p_out, "format", "XML" );
+ oauth_params_add( &p_out, "access_token", jd->oauth2_access_token );
+
+ reply = oauth_params_string( p_out );
+ oauth_params_free( &p_out );
+ }
+ else if( !( s = sasl_get_part( dec, "rspauth" ) ) )
{
/* See RFC 2831 for for information. */
md5_state_t A1, A2, H;
@@ -270,23 +378,20 @@ xt_status sasl_pkt_challenge( struct xt_node *node, gpointer data )
sprintf( Hh + i * 2, "%02x", Hr[i] );
/* Now build the SASL response string: */
- g_free( dec );
- dec = g_strdup_printf( "username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"%s\","
- "nc=%08x,qop=auth,digest-uri=\"%s\",response=%s,charset=%s",
- jd->username, realm, nonce, cnonce, 1, digest_uri, Hh, "utf-8" );
- s = tobase64( dec );
+ reply = g_strdup_printf( "username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"%s\","
+ "nc=%08x,qop=auth,digest-uri=\"%s\",response=%s,charset=%s",
+ jd->username, realm, nonce, cnonce, 1, digest_uri, Hh, "utf-8" );
}
else
{
/* We found rspauth, but don't really care... */
- g_free( s );
- s = NULL;
}
- reply = xt_new_node( "response", s, NULL );
- xt_add_attr( reply, "xmlns", XMLNS_SASL );
+ s = reply ? tobase64( reply ) : NULL;
+ reply_pkt = xt_new_node( "response", s, NULL );
+ xt_add_attr( reply_pkt, "xmlns", XMLNS_SASL );
- if( !jabber_write_packet( ic, reply ) )
+ if( !jabber_write_packet( ic, reply_pkt ) )
goto silent_error;
ret = XT_HANDLED;
@@ -300,10 +405,11 @@ silent_error:
g_free( digest_uri );
g_free( cnonce );
g_free( nonce );
+ g_free( reply );
g_free( realm );
g_free( dec );
g_free( s );
- xt_free_node( reply );
+ xt_free_node( reply_pkt );
return ret;
}
@@ -346,3 +452,95 @@ gboolean sasl_supported( struct im_connection *ic )
return ( jd->xt && jd->xt->root && xt_find_attr( jd->xt->root, "version" ) ) != 0;
}
+
+void sasl_oauth2_init( struct im_connection *ic )
+{
+ struct jabber_data *jd = ic->proto_data;
+ char *msg, *url;
+
+ imcb_log( ic, "Starting OAuth authentication" );
+
+ /* Temporary contact, just used to receive the OAuth response. */
+ imcb_add_buddy( ic, "jabber_oauth", NULL );
+ url = oauth2_url( jd->oauth2_service );
+ msg = g_strdup_printf( "Open this URL in your browser to authenticate: %s", url );
+ imcb_buddy_msg( ic, "jabber_oauth", msg, 0, 0 );
+ imcb_buddy_msg( ic, "jabber_oauth", "Respond to this message with the returned "
+ "authorization token.", 0, 0 );
+
+ g_free( msg );
+ g_free( url );
+}
+
+static gboolean sasl_oauth2_remove_contact( gpointer data, gint fd, b_input_condition cond )
+{
+ struct im_connection *ic = data;
+ if( g_slist_find( jabber_connections, ic ) )
+ imcb_remove_buddy( ic, "jabber_oauth", NULL );
+ return FALSE;
+}
+
+static void sasl_oauth2_got_token( gpointer data, const char *access_token, const char *refresh_token );
+
+int sasl_oauth2_get_refresh_token( struct im_connection *ic, const char *msg )
+{
+ struct jabber_data *jd = ic->proto_data;
+ char *code;
+ int ret;
+
+ imcb_log( ic, "Requesting OAuth access token" );
+
+ /* Don't do it here because the caller may get confused if the contact
+ we're currently sending a message to is deleted. */
+ b_timeout_add( 1, sasl_oauth2_remove_contact, ic );
+
+ code = g_strdup( msg );
+ g_strstrip( code );
+ ret = oauth2_access_token( jd->oauth2_service, OAUTH2_AUTH_CODE,
+ code, sasl_oauth2_got_token, ic );
+
+ g_free( code );
+ return ret;
+}
+
+int sasl_oauth2_refresh( struct im_connection *ic, const char *refresh_token )
+{
+ struct jabber_data *jd = ic->proto_data;
+
+ return oauth2_access_token( jd->oauth2_service, OAUTH2_AUTH_REFRESH,
+ refresh_token, sasl_oauth2_got_token, ic );
+}
+
+static void sasl_oauth2_got_token( gpointer data, const char *access_token, const char *refresh_token )
+{
+ struct im_connection *ic = data;
+ struct jabber_data *jd;
+ GSList *auth = NULL;
+
+ if( g_slist_find( jabber_connections, ic ) == NULL )
+ return;
+
+ jd = ic->proto_data;
+
+ if( access_token == NULL )
+ {
+ imcb_error( ic, "OAuth failure (missing access token)" );
+ imc_logout( ic, TRUE );
+ return;
+ }
+
+ oauth_params_parse( &auth, ic->acc->pass );
+ if( refresh_token )
+ oauth_params_set( &auth, "refresh_token", refresh_token );
+ if( access_token )
+ oauth_params_set( &auth, "access_token", access_token );
+
+ g_free( ic->acc->pass );
+ ic->acc->pass = oauth_params_string( auth );
+ oauth_params_free( &auth );
+
+ g_free( jd->oauth2_access_token );
+ jd->oauth2_access_token = g_strdup( access_token );
+
+ jabber_connect( ic );
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 12:48:31 +0000