From 57b4525653972dc23c8c5ca5ffaa7e44fad64ee9 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Fri, 22 Jul 2011 19:29:25 +0100 Subject: Nothing useful yet, this just generates an auth URL. Things to do: Ability to process the answer. This is hard because the GTalk server will time out very quickly which means we lose our state/scope/etc. (And the ability to even receive the answer, at least if I'd do this the same way the Twitter module does it.) And then, get the access token and use it, of course. :-) --- lib/Makefile | 2 +- lib/oauth2.c | 42 +++++++++++++++++++++++++++++ lib/oauth2.h | 69 +++++++++++++++++++++++++++++++++++++++++++++++ protocols/jabber/jabber.c | 2 ++ protocols/jabber/sasl.c | 17 +++++++++--- 5 files changed, 128 insertions(+), 4 deletions(-) create mode 100644 lib/oauth2.c create mode 100644 lib/oauth2.h diff --git a/lib/Makefile b/lib/Makefile index 3ae43935..5f24139d 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -12,7 +12,7 @@ SRCDIR := $(SRCDIR)lib/ endif # [SH] Program variables -objects = arc.o base64.o $(DES) $(EVENT_HANDLER) ftutil.o http_client.o ini.o md5.o misc.o oauth.o proxy.o sha1.o $(SSL_CLIENT) url.o xmltree.o +objects = arc.o base64.o $(DES) $(EVENT_HANDLER) ftutil.o http_client.o ini.o md5.o misc.o oauth.o oauth2.o proxy.o sha1.o $(SSL_CLIENT) url.o xmltree.o LFLAGS += -r diff --git a/lib/oauth2.c b/lib/oauth2.c new file mode 100644 index 00000000..eb923795 --- /dev/null +++ b/lib/oauth2.c @@ -0,0 +1,42 @@ +/***************************************************************************\ +* * +* BitlBee - An IRC to IM gateway * +* Simple OAuth client (consumer) implementation. * +* * +* Copyright 2010-2011 Wilmer van der Gaast * +* * +* This program is free software; you can redistribute it and/or modify * +* it under the terms of the GNU General Public License as published by * +* the Free Software Foundation; either version 2 of the License, or * +* (at your option) any later version. * +* * +* This program is distributed in the hope that it will be useful, * +* but WITHOUT ANY WARRANTY; without even the implied warranty of * +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * +* GNU General Public License for more details. * +* * +* You should have received a copy of the GNU General Public License along * +* with this program; if not, write to the Free Software Foundation, Inc., * +* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * +* * +\***************************************************************************/ + +#include +#include "oauth2.h" + +struct oauth2_service oauth2_service_google = +{ + "https://accounts.google.com/o/oauth2/", + "783993391592.apps.googleusercontent.com", + "k5_EV4EQ7jEVCEk3WBwEFfuW", +}; + +char *oauth2_url( const struct oauth2_service *sp, const char *scope ) +{ + return g_strconcat( sp->base_url, "auth" + "?scope=", scope, + "&response_type=code" + "&redirect_uri=urn:ietf:wg:oauth:2.0:oob", + "&client_id=", sp->consumer_key, + NULL ); +} diff --git a/lib/oauth2.h b/lib/oauth2.h new file mode 100644 index 00000000..c2985ef6 --- /dev/null +++ b/lib/oauth2.h @@ -0,0 +1,69 @@ +/***************************************************************************\ +* * +* BitlBee - An IRC to IM gateway * +* Simple OAuth client (consumer) implementation. * +* * +* Copyright 2010-2011 Wilmer van der Gaast * +* * +* This program is free software; you can redistribute it and/or modify * +* it under the terms of the GNU General Public License as published by * +* the Free Software Foundation; either version 2 of the License, or * +* (at your option) any later version. * +* * +* This program is distributed in the hope that it will be useful, * +* but WITHOUT ANY WARRANTY; without even the implied warranty of * +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * +* GNU General Public License for more details. * +* * +* You should have received a copy of the GNU General Public License along * +* with this program; if not, write to the Free Software Foundation, Inc., * +* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * +* * +\***************************************************************************/ + +struct oauth2_info; + +/* Callback function called twice during the access token request process. + Return FALSE if something broke and the process must be aborted. */ +typedef gboolean (*oauth_cb)( struct oauth2_info * ); + +struct oauth2_info +{ + const struct oauth_service *sp; + + oauth_cb func; + void *data; + + struct http_request *http; + +// char *auth_url; +// char *request_token; + +// char *token; +// char *token_secret; +// GSList *params; +}; + +struct oauth2_service +{ + char *base_url; + char *consumer_key; + char *consumer_secret; +}; + +extern struct oauth2_service oauth2_service_google; + +/* http://oauth.net/core/1.0a/#auth_step1 (section 6.1) + Request an initial anonymous token which can be used to construct an + authorization URL for the user. This is passed to the callback function + in a struct oauth2_info. */ +char *oauth2_url( const struct oauth2_service *sp, const char *scope ); + +/* http://oauth.net/core/1.0a/#auth_step3 (section 6.3) + The user gets a PIN or so which we now exchange for the final access + token. This is passed to the callback function in the same + struct oauth2_info. */ +gboolean oauth2_access_token( const char *pin, struct oauth2_info *st ); + +/* Shouldn't normally be required unless the process is aborted by the user. */ +void oauth2_info_free( struct oauth2_info *info ); diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index 802158c1..91d40a43 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -59,6 +59,8 @@ static void jabber_init( account_t *acc ) s = set_add( &acc->set, "activity_timeout", "600", set_eval_int, acc ); + s = set_add( &acc->set, "oauth", "false", set_eval_bool, acc ); + g_snprintf( str, sizeof( str ), "%d", jabber_port_list[0] ); s = set_add( &acc->set, "port", str, set_eval_int, acc ); s->flags |= ACC_SET_OFFLINE_ONLY; diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index 53248ef3..0bbbae11 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -25,6 +25,7 @@ #include "jabber.h" #include "base64.h" +#include "oauth2.h" xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) { @@ -32,7 +33,7 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) struct jabber_data *jd = ic->proto_data; struct xt_node *c, *reply; char *s; - int sup_plain = 0, sup_digest = 0; + int sup_plain = 0, sup_digest = 0, sup_oauth2 = 0; if( !sasl_supported( ic ) ) { @@ -58,6 +59,8 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) sup_plain = 1; if( c->text && g_strcasecmp( c->text, "DIGEST-MD5" ) == 0 ) sup_digest = 1; + if( c->text && g_strcasecmp( c->text, "X-OAUTH2" ) == 0 ) + sup_oauth2 = 1; c = c->next; } @@ -72,7 +75,15 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) reply = xt_new_node( "auth", NULL, NULL ); xt_add_attr( reply, "xmlns", XMLNS_SASL ); - if( sup_digest ) + if( sup_oauth2 && set_getbool( &ic->acc->set, "oauth" ) ) + { + imcb_log( ic, "Open this URL in your browser to authenticate: %s", + oauth2_url( &oauth2_service_google, + "https://www.googleapis.com/auth/googletalk" ) ); + xt_free_node( reply ); + reply = NULL; + } + else if( sup_digest ) { xt_add_attr( reply, "mechanism", "DIGEST-MD5" ); @@ -95,7 +106,7 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) g_free( s ); } - if( !jabber_write_packet( ic, reply ) ) + if( reply && !jabber_write_packet( ic, reply ) ) { xt_free_node( reply ); return XT_ABORT; -- cgit v1.2.3 From 59c9adb4e3e27ded95ec9ccee4f57cf79490bd12 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Mon, 25 Jul 2011 13:09:30 +0100 Subject: Kill obsolete Jabber server string (SSL, port#s, etc) parsing. --- protocols/jabber/jabber.c | 55 ----------------------------------------------- 1 file changed, 55 deletions(-) diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index 91d40a43..bd9bbe23 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -136,61 +136,6 @@ static void jabber_login( account_t *acc ) *s = 0; } - /* This code isn't really pretty. Backwards compatibility never is... */ - s = acc->server; - while( s ) - { - static int had_port = 0; - - if( strncmp( s, "ssl", 3 ) == 0 ) - { - set_setstr( &acc->set, "ssl", "true" ); - - /* Flush this part so that (if this was the first - part of the server string) acc->server gets - flushed. We don't want to have to do this another - time. :-) */ - *s = 0; - s ++; - - /* Only set this if the user didn't specify a custom - port number already... */ - if( !had_port ) - set_setint( &acc->set, "port", 5223 ); - } - else if( isdigit( *s ) ) - { - int i; - - /* The first character is a digit. It could be an - IP address though. Only accept this as a port# - if there are only digits. */ - for( i = 0; isdigit( s[i] ); i ++ ); - - /* If the first non-digit character is a colon or - the end of the string, save the port number - where it should be. */ - if( s[i] == ':' || s[i] == 0 ) - { - sscanf( s, "%d", &i ); - set_setint( &acc->set, "port", i ); - - /* See above. */ - *s = 0; - s ++; - } - - had_port = 1; - } - - s = strchr( s, ':' ); - if( s ) - { - *s = 0; - s ++; - } - } - jd->node_cache = g_hash_table_new_full( g_str_hash, g_str_equal, NULL, jabber_cache_entry_free ); jd->buddies = g_hash_table_new( g_str_hash, g_str_equal ); -- cgit v1.2.3 From 4a5d88504235e1df5d01a3a5701b83dd82d6695d Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Tue, 26 Jul 2011 12:58:38 +0100 Subject: Working OAuth2 support. Needs some more debugging (error handling is not great and imc_logout() gets (rightfully) confused when jabber_data is empty). --- lib/oauth.h | 3 + lib/oauth2.c | 139 ++++++++++++++++++++++++++++++++++++++++++++++ lib/oauth2.h | 50 ++++++----------- protocols/jabber/jabber.c | 41 +++++++++++++- protocols/jabber/jabber.h | 8 +++ protocols/jabber/sasl.c | 111 ++++++++++++++++++++++++++++++++++-- 6 files changed, 309 insertions(+), 43 deletions(-) diff --git a/lib/oauth.h b/lib/oauth.h index 8270a545..5c4ef4b0 100644 --- a/lib/oauth.h +++ b/lib/oauth.h @@ -91,4 +91,7 @@ char *oauth_to_string( struct oauth_info *oi ); struct oauth_info *oauth_from_string( char *in, const struct oauth_service *sp ); /* For reading misc. data. */ +void oauth_params_add( GSList **params, const char *key, const char *value ); +void oauth_params_free( GSList **params ); +char *oauth_params_string( GSList *params ); const char *oauth_params_get( GSList **params, const char *key ); diff --git a/lib/oauth2.c b/lib/oauth2.c index eb923795..d9eefa9f 100644 --- a/lib/oauth2.c +++ b/lib/oauth2.c @@ -22,7 +22,10 @@ \***************************************************************************/ #include +#include "http_client.h" #include "oauth2.h" +#include "oauth.h" +#include "url.h" struct oauth2_service oauth2_service_google = { @@ -40,3 +43,139 @@ char *oauth2_url( const struct oauth2_service *sp, const char *scope ) "&client_id=", sp->consumer_key, NULL ); } + +struct oauth2_access_token_data +{ + oauth2_token_callback func; + gpointer data; +}; + +static char *oauth2_json_dumb_get( const char *json, const char *key ); +static void oauth2_access_token_done( struct http_request *req ); + +int oauth2_access_token( const struct oauth2_service *sp, + const char *auth_type, const char *auth, + oauth2_token_callback func, gpointer data ) +{ + GSList *args = NULL; + char *args_s, *s; + url_t url_p; + struct http_request *req; + struct oauth2_access_token_data *cb_data; + + if( !url_set( &url_p, sp->base_url ) ) + return 0; + + oauth_params_add( &args, "client_id", sp->consumer_key ); + oauth_params_add( &args, "client_secret", sp->consumer_secret ); + oauth_params_add( &args, "grant_type", auth_type ); + if( strcmp( auth_type, OAUTH2_AUTH_CODE ) == 0 ) + { + oauth_params_add( &args, "redirect_uri", "urn:ietf:wg:oauth:2.0:oob" ); + oauth_params_add( &args, "code", auth ); + } + else + { + oauth_params_add( &args, "refresh_token", auth ); + } + args_s = oauth_params_string( args ); + oauth_params_free( &args ); + + s = g_strdup_printf( "POST %s%s HTTP/1.0\r\n" + "Host: %s\r\n" + "Content-Type: application/x-www-form-urlencoded\r\n" + "Content-Length: %zd\r\n" + "Connection: close\r\n" + "\r\n" + "%s", url_p.file, "token", url_p.host, strlen( args_s ), args_s ); + g_free( args_s ); + + cb_data = g_new0( struct oauth2_access_token_data, 1 ); + cb_data->func = func; + cb_data->data = data; + + req = http_dorequest( url_p.host, url_p.port, url_p.proto == PROTO_HTTPS, + s, oauth2_access_token_done, cb_data ); + + g_free( s ); + + if( req == NULL ) + g_free( cb_data ); + + return req != NULL; +} + +static void oauth2_access_token_done( struct http_request *req ) +{ + struct oauth2_access_token_data *cb_data = req->data; + char *atoken = NULL, *rtoken = NULL; + + if( req->status_code == 200 ) + { + atoken = oauth2_json_dumb_get( req->reply_body, "access_token" ); + rtoken = oauth2_json_dumb_get( req->reply_body, "refresh_token" ); + } + cb_data->func( cb_data->data, atoken, rtoken ); + g_free( atoken ); + g_free( rtoken ); + g_free( cb_data ); +} + +/* Super dumb. I absolutely refuse to use/add a complete json parser library + (adding a new dependency to BitlBee for the first time in.. 6 years?) just + to parse 100 bytes of data. So I have to do my own parsing because OAuth2 + dropped support for XML. (GRRR!) This is very dumb and for example won't + work for integer values, nor will it strip/handle backslashes. */ +static char *oauth2_json_dumb_get( const char *json, const char *key ) +{ + int is_key; /* 1 == reading key, 0 == reading value */ + int found_key = 0; + + while( json && *json ) + { + /* Grab strings and see if they're what we're looking for. */ + if( *json == '"' || *json == '\'' ) + { + char q = *json; + const char *str_start; + json ++; + str_start = json; + + while( *json ) + { + /* \' and \" are not string terminators. */ + if( *json == '\\' && json[1] == q ) + json ++; + /* But without a \ it is. */ + else if( *json == q ) + break; + json ++; + } + if( *json == '\0' ) + return NULL; + + if( is_key && strncmp( str_start, key, strlen( key ) ) == 0 ) + { + found_key = 1; + } + else if( !is_key && found_key ) + { + char *ret = g_memdup( str_start, json - str_start + 1 ); + ret[json-str_start] = '\0'; + return ret; + } + + } + else if( *json == '{' || *json == ',' ) + { + found_key = 0; + is_key = 1; + } + else if( *json == ':' ) + is_key = 0; + + json ++; + } + + return NULL; +} diff --git a/lib/oauth2.h b/lib/oauth2.h index c2985ef6..657a0ab3 100644 --- a/lib/oauth2.h +++ b/lib/oauth2.h @@ -1,7 +1,7 @@ /***************************************************************************\ * * * BitlBee - An IRC to IM gateway * -* Simple OAuth client (consumer) implementation. * +* Simple OAuth2 client (consumer) implementation. * * * * Copyright 2010-2011 Wilmer van der Gaast * * * @@ -21,28 +21,10 @@ * * \***************************************************************************/ -struct oauth2_info; +/* Implementation mostly based on my experience with writing the previous OAuth + module, and from http://code.google.com/apis/accounts/docs/OAuth2.html . */ -/* Callback function called twice during the access token request process. - Return FALSE if something broke and the process must be aborted. */ -typedef gboolean (*oauth_cb)( struct oauth2_info * ); - -struct oauth2_info -{ - const struct oauth_service *sp; - - oauth_cb func; - void *data; - - struct http_request *http; - -// char *auth_url; -// char *request_token; - -// char *token; -// char *token_secret; -// GSList *params; -}; +typedef void (*oauth2_token_callback)( gpointer data, const char *atoken, const char *rtoken ); struct oauth2_service { @@ -51,19 +33,19 @@ struct oauth2_service char *consumer_secret; }; +/* Currently suitable for authenticating to Google Talk only, and only for + accounts that have 2-factor authorization enabled. */ extern struct oauth2_service oauth2_service_google; -/* http://oauth.net/core/1.0a/#auth_step1 (section 6.1) - Request an initial anonymous token which can be used to construct an - authorization URL for the user. This is passed to the callback function - in a struct oauth2_info. */ -char *oauth2_url( const struct oauth2_service *sp, const char *scope ); +#define OAUTH2_AUTH_CODE "authorization_code" +#define OAUTH2_AUTH_REFRESH "refresh_token" -/* http://oauth.net/core/1.0a/#auth_step3 (section 6.3) - The user gets a PIN or so which we now exchange for the final access - token. This is passed to the callback function in the same - struct oauth2_info. */ -gboolean oauth2_access_token( const char *pin, struct oauth2_info *st ); +/* Generate a URL the user should open in his/her browser to get an + authorization code. */ +char *oauth2_url( const struct oauth2_service *sp, const char *scope ); -/* Shouldn't normally be required unless the process is aborted by the user. */ -void oauth2_info_free( struct oauth2_info *info ); +/* Exchanges an auth code or refresh token for an access token. + auth_type is one of the two OAUTH2_AUTH_.. constants above. */ +int oauth2_access_token( const struct oauth2_service *sp, + const char *auth_type, const char *auth, + oauth2_token_callback func, gpointer data ); diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index bd9bbe23..64858de2 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -97,9 +97,7 @@ static void jabber_login( account_t *acc ) { struct im_connection *ic = imcb_new( acc ); struct jabber_data *jd = g_new0( struct jabber_data, 1 ); - struct ns_srv_reply **srvl = NULL, *srv = NULL; - char *connect_to, *s; - int i; + char *s; /* For now this is needed in the _connected() handlers if using GLib event handling, to make sure we're not handling events @@ -139,6 +137,30 @@ static void jabber_login( account_t *acc ) jd->node_cache = g_hash_table_new_full( g_str_hash, g_str_equal, NULL, jabber_cache_entry_free ); jd->buddies = g_hash_table_new( g_str_hash, g_str_equal ); + if( set_getbool( &acc->set, "oauth" ) ) + { + /* For the first login with OAuth, we have to authenticate via the browser. + For subsequent logins, exchange the refresh token for a valid access + token (even though the last one maybe didn't expire yet). */ + if( strncmp( acc->pass, "refresh_token=", 14 ) != 0 ) + sasl_oauth2_init( ic ); + else + sasl_oauth2_refresh( ic, acc->pass + 14 ); + } + else + jabber_connect( ic ); +} + +/* Separate this from jabber_login() so we can do OAuth first if necessary. + Putting this in io.c would probably be more correct. */ +void jabber_connect( struct im_connection *ic ) +{ + account_t *acc = ic->acc; + struct jabber_data *jd = ic->proto_data; + int i; + char *connect_to; + struct ns_srv_reply **srvl = NULL, *srv = NULL; + /* Figure out the hostname to connect to. */ if( acc->server && *acc->server ) connect_to = acc->server; @@ -280,6 +302,19 @@ static int jabber_buddy_msg( struct im_connection *ic, char *who, char *message, if( g_strcasecmp( who, JABBER_XMLCONSOLE_HANDLE ) == 0 ) return jabber_write( ic, message, strlen( message ) ); + if( g_strcasecmp( who, "jabber_oauth" ) == 0 ) + { + if( sasl_oauth2_get_refresh_token( ic, message ) ) + { + return 1; + } + else + { + imcb_error( ic, "OAuth failure" ); + imc_logout( ic, TRUE ); + } + } + if( ( s = strchr( who, '=' ) ) && jabber_chat_by_jid( ic, s + 1 ) ) bud = jabber_buddy_by_ext_jid( ic, who, 0 ); else diff --git a/protocols/jabber/jabber.h b/protocols/jabber/jabber.h index adf9a291..8d65a7e3 100644 --- a/protocols/jabber/jabber.h +++ b/protocols/jabber/jabber.h @@ -92,6 +92,8 @@ struct jabber_data char *username; /* USERNAME@server */ char *server; /* username@SERVER -=> server/domain, not hostname */ + char *oauth2_access_token; + /* After changing one of these two (or the priority setting), call presence_send_update() to inform the server about the changes. */ const struct jabber_away_state *away_state; @@ -231,6 +233,9 @@ struct jabber_transfer #define XMLNS_BYTESTREAMS "http://jabber.org/protocol/bytestreams" /* XEP-0065 */ #define XMLNS_IBB "http://jabber.org/protocol/ibb" /* XEP-0047 */ +/* jabber.c */ +void jabber_connect( struct im_connection *ic ); + /* iq.c */ xt_status jabber_pkt_iq( struct xt_node *node, gpointer data ); int jabber_init_iq_auth( struct im_connection *ic ); @@ -315,6 +320,9 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ); xt_status sasl_pkt_challenge( struct xt_node *node, gpointer data ); xt_status sasl_pkt_result( struct xt_node *node, gpointer data ); gboolean sasl_supported( struct im_connection *ic ); +void sasl_oauth2_init( struct im_connection *ic ); +int sasl_oauth2_get_refresh_token( struct im_connection *ic, const char *msg ); +int sasl_oauth2_refresh( struct im_connection *ic, const char *refresh_token ); /* conference.c */ struct groupchat *jabber_chat_join( struct im_connection *ic, const char *room, const char *nick, const char *password ); diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index 0bbbae11..a7c3dd6f 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -75,13 +75,31 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) reply = xt_new_node( "auth", NULL, NULL ); xt_add_attr( reply, "xmlns", XMLNS_SASL ); - if( sup_oauth2 && set_getbool( &ic->acc->set, "oauth" ) ) + if( set_getbool( &ic->acc->set, "oauth" ) ) { - imcb_log( ic, "Open this URL in your browser to authenticate: %s", - oauth2_url( &oauth2_service_google, - "https://www.googleapis.com/auth/googletalk" ) ); - xt_free_node( reply ); - reply = NULL; + int len; + + if( !sup_oauth2 ) + { + imcb_error( ic, "OAuth requested, but not supported by server" ); + imc_logout( ic, FALSE ); + xt_free_node( reply ); + return XT_ABORT; + } + + /* X-OAUTH2 is, not *the* standard OAuth2 SASL/XMPP implementation. + It's currently used by GTalk and vaguely documented on + http://code.google.com/apis/cloudprint/docs/rawxmpp.html . */ + xt_add_attr( reply, "mechanism", "X-OAUTH2" ); + + len = strlen( jd->username ) + strlen( jd->oauth2_access_token ) + 2; + s = g_malloc( len + 1 ); + s[0] = 0; + strcpy( s + 1, jd->username ); + strcpy( s + 2 + strlen( jd->username ), jd->oauth2_access_token ); + reply->text = base64_encode( (unsigned char *)s, len ); + reply->text_len = strlen( reply->text ); + g_free( s ); } else if( sup_digest ) { @@ -357,3 +375,84 @@ gboolean sasl_supported( struct im_connection *ic ) return ( jd->xt && jd->xt->root && xt_find_attr( jd->xt->root, "version" ) ) != 0; } + +void sasl_oauth2_init( struct im_connection *ic ) +{ + char *msg, *url; + + imcb_log( ic, "Starting OAuth authentication" ); + + /* Temporary contact, just used to receive the OAuth response. */ + imcb_add_buddy( ic, "jabber_oauth", NULL ); + url = oauth2_url( &oauth2_service_google, + "https://www.googleapis.com/auth/googletalk" ); + msg = g_strdup_printf( "Open this URL in your browser to authenticate: %s", url ); + imcb_buddy_msg( ic, "jabber_oauth", msg, 0, 0 ); + imcb_buddy_msg( ic, "jabber_oauth", "Respond to this message with the returned " + "authorization token.", 0, 0 ); + + g_free( msg ); + g_free( url ); +} + +static gboolean sasl_oauth2_remove_contact( gpointer data, gint fd, b_input_condition cond ) +{ + struct im_connection *ic = data; + imcb_remove_buddy( ic, "jabber_oauth", NULL ); + return FALSE; +} + +static void sasl_oauth2_got_token( gpointer data, const char *access_token, const char *refresh_token ); + +int sasl_oauth2_get_refresh_token( struct im_connection *ic, const char *msg ) +{ + char *code; + int ret; + + imcb_log( ic, "Requesting OAuth access token" ); + + /* Don't do it here because the caller may get confused if the contact + we're currently sending a message to is deleted. */ + b_timeout_add( 1, sasl_oauth2_remove_contact, ic ); + + code = g_strdup( msg ); + g_strstrip( code ); + ret = oauth2_access_token( &oauth2_service_google, OAUTH2_AUTH_CODE, + code, sasl_oauth2_got_token, ic ); + + g_free( code ); + return ret; +} + +int sasl_oauth2_refresh( struct im_connection *ic, const char *refresh_token ) +{ + return oauth2_access_token( &oauth2_service_google, OAUTH2_AUTH_REFRESH, + refresh_token, sasl_oauth2_got_token, ic ); +} + +static void sasl_oauth2_got_token( gpointer data, const char *access_token, const char *refresh_token ) +{ + struct im_connection *ic = data; + struct jabber_data *jd; + + if( g_slist_find( jabber_connections, ic ) == NULL ) + return; + + jd = ic->proto_data; + + if( access_token == NULL ) + { + imcb_error( ic, "OAuth failure (missing access token)" ); + imc_logout( ic, TRUE ); + } + if( refresh_token != NULL ) + { + g_free( ic->acc->pass ); + ic->acc->pass = g_strdup_printf( "refresh_token=%s", refresh_token ); + } + + g_free( jd->oauth2_access_token ); + jd->oauth2_access_token = g_strdup( access_token ); + + jabber_connect( ic ); +} -- cgit v1.2.3 From 1174899c4f299dd020a8e6489d0384ae24771978 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sun, 31 Jul 2011 15:40:41 +0100 Subject: Having written the same stupid code (ASCII MD5 hashes) 205762 times, time to have a function for it.. --- lib/md5.c | 10 ++++++++++ lib/md5.h | 1 + 2 files changed, 11 insertions(+) diff --git a/lib/md5.c b/lib/md5.c index 3c39eccd..e989ac6a 100644 --- a/lib/md5.c +++ b/lib/md5.c @@ -161,6 +161,16 @@ void md5_finish(struct MD5Context *ctx, md5_byte_t digest[16]) memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */ } +void md5_finish_ascii(struct MD5Context *context, char *ascii) +{ + md5_byte_t bin[16]; + int i; + + md5_finish(context, bin); + for (i = 0; i < 16; i ++) + sprintf(ascii + i * 2, "%02x", bin[i]); +} + /* The four core functions - F1 is optimized somewhat */ /* #define F1(x, y, z) (x & y | ~x & z) */ diff --git a/lib/md5.h b/lib/md5.h index 3ba28586..17da99b3 100644 --- a/lib/md5.h +++ b/lib/md5.h @@ -42,5 +42,6 @@ typedef struct MD5Context { G_MODULE_EXPORT void md5_init(struct MD5Context *context); G_MODULE_EXPORT void md5_append(struct MD5Context *context, const md5_byte_t *buf, unsigned int len); G_MODULE_EXPORT void md5_finish(struct MD5Context *context, md5_byte_t digest[16]); +G_MODULE_EXPORT void md5_finish_ascii(struct MD5Context *context, char *ascii); #endif -- cgit v1.2.3 From aa9f1acec3f941cbb6b9fa716db1e775e88005c2 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sun, 31 Jul 2011 15:51:07 +0100 Subject: Export oauth_params_parse(). --- lib/oauth.c | 2 +- lib/oauth.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/oauth.c b/lib/oauth.c index 372a62d3..4131dc97 100644 --- a/lib/oauth.c +++ b/lib/oauth.c @@ -164,7 +164,7 @@ const char *oauth_params_get( GSList **params, const char *key ) return NULL; } -static void oauth_params_parse( GSList **params, char *in ) +void oauth_params_parse( GSList **params, char *in ) { char *amp, *eq, *s; diff --git a/lib/oauth.h b/lib/oauth.h index 5c4ef4b0..b7388503 100644 --- a/lib/oauth.h +++ b/lib/oauth.h @@ -92,6 +92,7 @@ struct oauth_info *oauth_from_string( char *in, const struct oauth_service *sp ) /* For reading misc. data. */ void oauth_params_add( GSList **params, const char *key, const char *value ); +void oauth_params_parse( GSList **params, char *in ); void oauth_params_free( GSList **params ); char *oauth_params_string( GSList *params ); const char *oauth_params_get( GSList **params, const char *key ); -- cgit v1.2.3 From 39a939ce4ef6717d65c36c97e6a7adf05b125cad Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sun, 31 Jul 2011 15:55:00 +0100 Subject: oauth2 changes to address http://twitter.com/Wilmer/status/96715400124968960 --- lib/oauth2.c | 24 +++++++++++++++++------- lib/oauth2.h | 6 +++++- 2 files changed, 22 insertions(+), 8 deletions(-) diff --git a/lib/oauth2.c b/lib/oauth2.c index d9eefa9f..a54ef431 100644 --- a/lib/oauth2.c +++ b/lib/oauth2.c @@ -29,17 +29,27 @@ struct oauth2_service oauth2_service_google = { - "https://accounts.google.com/o/oauth2/", + "https://accounts.google.com/o/oauth2/auth", + "https://accounts.google.com/o/oauth2/token", + "urn:ietf:wg:oauth:2.0:oob", "783993391592.apps.googleusercontent.com", "k5_EV4EQ7jEVCEk3WBwEFfuW", }; +struct oauth2_service oauth2_service_facebook = +{ + "https://www.facebook.com/dialog/oauth", + "https://graph.facebook.com/oauth/access_token", + "http://www.bitlbee.org/main.php/fb.html", + "126828914005625", + "4b100f0f244d620bf3f15f8b217d4c32", +}; char *oauth2_url( const struct oauth2_service *sp, const char *scope ) { - return g_strconcat( sp->base_url, "auth" + return g_strconcat( sp->auth_url, "?scope=", scope, "&response_type=code" - "&redirect_uri=urn:ietf:wg:oauth:2.0:oob", + "&redirect_uri=", sp->redirect_url, "&client_id=", sp->consumer_key, NULL ); } @@ -63,7 +73,7 @@ int oauth2_access_token( const struct oauth2_service *sp, struct http_request *req; struct oauth2_access_token_data *cb_data; - if( !url_set( &url_p, sp->base_url ) ) + if( !url_set( &url_p, sp->token_url ) ) return 0; oauth_params_add( &args, "client_id", sp->consumer_key ); @@ -71,7 +81,7 @@ int oauth2_access_token( const struct oauth2_service *sp, oauth_params_add( &args, "grant_type", auth_type ); if( strcmp( auth_type, OAUTH2_AUTH_CODE ) == 0 ) { - oauth_params_add( &args, "redirect_uri", "urn:ietf:wg:oauth:2.0:oob" ); + oauth_params_add( &args, "redirect_uri", sp->redirect_url ); oauth_params_add( &args, "code", auth ); } else @@ -81,13 +91,13 @@ int oauth2_access_token( const struct oauth2_service *sp, args_s = oauth_params_string( args ); oauth_params_free( &args ); - s = g_strdup_printf( "POST %s%s HTTP/1.0\r\n" + s = g_strdup_printf( "POST %s HTTP/1.0\r\n" "Host: %s\r\n" "Content-Type: application/x-www-form-urlencoded\r\n" "Content-Length: %zd\r\n" "Connection: close\r\n" "\r\n" - "%s", url_p.file, "token", url_p.host, strlen( args_s ), args_s ); + "%s", url_p.file, url_p.host, strlen( args_s ), args_s ); g_free( args_s ); cb_data = g_new0( struct oauth2_access_token_data, 1 ); diff --git a/lib/oauth2.h b/lib/oauth2.h index 657a0ab3..6f56b426 100644 --- a/lib/oauth2.h +++ b/lib/oauth2.h @@ -28,7 +28,9 @@ typedef void (*oauth2_token_callback)( gpointer data, const char *atoken, const struct oauth2_service { - char *base_url; + char *auth_url; + char *token_url; + char *redirect_url; char *consumer_key; char *consumer_secret; }; @@ -37,6 +39,8 @@ struct oauth2_service accounts that have 2-factor authorization enabled. */ extern struct oauth2_service oauth2_service_google; +extern struct oauth2_service oauth2_service_facebook; + #define OAUTH2_AUTH_CODE "authorization_code" #define OAUTH2_AUTH_REFRESH "refresh_token" -- cgit v1.2.3 From e1c926f53750ca288f30f3d62eecdc763b67d642 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sun, 31 Jul 2011 16:44:37 +0100 Subject: Facebook authentication. This isn't really OAuth in the end: FB doesn't really support desktop app OAuth in a way that would work with BitlBee. Plus, it's only OAuth-compliant by, err, name? --- lib/md5.c | 1 + protocols/jabber/jabber.h | 2 ++ protocols/jabber/sasl.c | 51 +++++++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 52 insertions(+), 2 deletions(-) diff --git a/lib/md5.c b/lib/md5.c index e989ac6a..355f5495 100644 --- a/lib/md5.c +++ b/lib/md5.c @@ -23,6 +23,7 @@ #include #include /* for memcpy() */ +#include #include "md5.h" static void md5_transform(uint32_t buf[4], uint32_t const in[16]); diff --git a/protocols/jabber/jabber.h b/protocols/jabber/jabber.h index 8d65a7e3..c68ae343 100644 --- a/protocols/jabber/jabber.h +++ b/protocols/jabber/jabber.h @@ -46,6 +46,8 @@ typedef enum activates all XEP-85 related code. */ JFLAG_XMLCONSOLE = 64, /* If the user added an xmlconsole buddy. */ JFLAG_STARTTLS_DONE = 128, /* If a plaintext session was converted to TLS. */ + + JFLAG_SASL_FB = 0x10000, /* Trying Facebook authentication. */ } jabber_flags_t; typedef enum diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index a7c3dd6f..89571d8d 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -26,6 +26,7 @@ #include "jabber.h" #include "base64.h" #include "oauth2.h" +#include "oauth.h" xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) { @@ -33,7 +34,7 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) struct jabber_data *jd = ic->proto_data; struct xt_node *c, *reply; char *s; - int sup_plain = 0, sup_digest = 0, sup_oauth2 = 0; + int sup_plain = 0, sup_digest = 0, sup_oauth2 = 0, sup_fb = 0; if( !sasl_supported( ic ) ) { @@ -61,6 +62,8 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) sup_digest = 1; if( c->text && g_strcasecmp( c->text, "X-OAUTH2" ) == 0 ) sup_oauth2 = 1; + if( c->text && g_strcasecmp( c->text, "X-FACEBOOK-PLATFORM" ) == 0 ) + sup_fb = 1; c = c->next; } @@ -101,6 +104,11 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) reply->text_len = strlen( reply->text ); g_free( s ); } + else if( sup_fb && strstr( ic->acc->pass, "session_key=" ) ) + { + xt_add_attr( reply, "mechanism", "X-FACEBOOK-PLATFORM" ); + jd->flags |= JFLAG_SASL_FB; + } else if( sup_digest ) { xt_add_attr( reply, "mechanism", "DIGEST-MD5" ); @@ -238,7 +246,45 @@ xt_status sasl_pkt_challenge( struct xt_node *node, gpointer data ) dec = frombase64( node->text ); - if( !( s = sasl_get_part( dec, "rspauth" ) ) ) + if( jd->flags & JFLAG_SASL_FB ) + { + GSList *p_in = NULL, *p_out = NULL, *p; + md5_state_t md5; + char time[33], *fmt, *token; + const char *secret; + + oauth_params_parse( &p_in, dec ); + oauth_params_add( &p_out, "nonce", oauth_params_get( &p_in, "nonce" ) ); + oauth_params_add( &p_out, "method", oauth_params_get( &p_in, "method" ) ); + oauth_params_free( &p_in ); + + token = g_strdup( ic->acc->pass ); + oauth_params_parse( &p_in, token ); + g_free( token ); + oauth_params_add( &p_out, "session_key", oauth_params_get( &p_in, "session_key" ) ); + + g_snprintf( time, sizeof( time ), "%lld", (long long) ( gettime() * 1000 ) ); + oauth_params_add( &p_out, "call_id", time ); + oauth_params_add( &p_out, "api_key", oauth2_service_facebook.consumer_key ); + oauth_params_add( &p_out, "v", "1.0" ); + oauth_params_add( &p_out, "format", "XML" ); + + md5_init( &md5 ); + for( p = p_out; p; p = p->next ) + md5_append( &md5, p->data, strlen( p->data ) ); + + secret = oauth_params_get( &p_in, "secret" ); + md5_append( &md5, (unsigned char*) secret, strlen( secret ) ); + md5_finish_ascii( &md5, time ); + oauth_params_add( &p_out, "sig", time ); + + fmt = oauth_params_string( p_out ); + oauth_params_free( &p_out ); + oauth_params_free( &p_in ); + s = tobase64( fmt ); + g_free( fmt ); + } + else if( !( s = sasl_get_part( dec, "rspauth" ) ) ) { /* See RFC 2831 for for information. */ md5_state_t A1, A2, H; @@ -444,6 +490,7 @@ static void sasl_oauth2_got_token( gpointer data, const char *access_token, cons { imcb_error( ic, "OAuth failure (missing access token)" ); imc_logout( ic, TRUE ); + return; } if( refresh_token != NULL ) { -- cgit v1.2.3 From f138bd25e9184c3033f405a7bbb5734d82a877c7 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sun, 31 Jul 2011 21:27:30 +0100 Subject: OAuth code cleanup. --- lib/oauth.c | 3 +++ protocols/jabber/jabber.c | 3 +++ protocols/jabber/sasl.c | 39 +++++++++++++++++++++------------------ 3 files changed, 27 insertions(+), 18 deletions(-) diff --git a/lib/oauth.c b/lib/oauth.c index 4131dc97..4f431ed6 100644 --- a/lib/oauth.c +++ b/lib/oauth.c @@ -121,6 +121,9 @@ void oauth_params_add( GSList **params, const char *key, const char *value ) { char *item; + if( !key || !value ) + return; + item = g_strdup_printf( "%s=%s", key, value ); *params = g_slist_insert_sorted( *params, item, (GCompareFunc) strcmp ); } diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index 64858de2..c97adf71 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -139,6 +139,8 @@ static void jabber_login( account_t *acc ) if( set_getbool( &acc->set, "oauth" ) ) { + jd->fd = jd->r_inpa = jd->w_inpa = -1; + /* For the first login with OAuth, we have to authenticate via the browser. For subsequent logins, exchange the refresh token for a valid access token (even though the last one maybe didn't expire yet). */ @@ -284,6 +286,7 @@ static void jabber_logout( struct im_connection *ic ) xt_free( jd->xt ); + g_free( jd->oauth2_access_token ); g_free( jd->away_message ); g_free( jd->username ); g_free( jd ); diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index 89571d8d..f232864b 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -233,12 +233,12 @@ xt_status sasl_pkt_challenge( struct xt_node *node, gpointer data ) { struct im_connection *ic = data; struct jabber_data *jd = ic->proto_data; - struct xt_node *reply = NULL; + struct xt_node *reply_pkt = NULL; char *nonce = NULL, *realm = NULL, *cnonce = NULL; unsigned char cnonce_bin[30]; char *digest_uri = NULL; char *dec = NULL; - char *s = NULL; + char *s = NULL, *reply = NULL; xt_status ret = XT_ABORT; if( node->text_len == 0 ) @@ -248,9 +248,15 @@ xt_status sasl_pkt_challenge( struct xt_node *node, gpointer data ) if( jd->flags & JFLAG_SASL_FB ) { + /* Facebook proprietary authentication. Not as useful as it seemed, but + the code's written now, may as well keep it.. + + Mechanism is described on http://developers.facebook.com/docs/chat/ + and in their Python module. It's all mostly useless because the tokens + expire after 24h. */ GSList *p_in = NULL, *p_out = NULL, *p; md5_state_t md5; - char time[33], *fmt, *token; + char time[33], *token; const char *secret; oauth_params_parse( &p_in, dec ); @@ -274,15 +280,14 @@ xt_status sasl_pkt_challenge( struct xt_node *node, gpointer data ) md5_append( &md5, p->data, strlen( p->data ) ); secret = oauth_params_get( &p_in, "secret" ); - md5_append( &md5, (unsigned char*) secret, strlen( secret ) ); + if( secret ) + md5_append( &md5, (unsigned char*) secret, strlen( secret ) ); md5_finish_ascii( &md5, time ); oauth_params_add( &p_out, "sig", time ); - fmt = oauth_params_string( p_out ); + reply = oauth_params_string( p_out ); oauth_params_free( &p_out ); oauth_params_free( &p_in ); - s = tobase64( fmt ); - g_free( fmt ); } else if( !( s = sasl_get_part( dec, "rspauth" ) ) ) { @@ -345,23 +350,20 @@ xt_status sasl_pkt_challenge( struct xt_node *node, gpointer data ) sprintf( Hh + i * 2, "%02x", Hr[i] ); /* Now build the SASL response string: */ - g_free( dec ); - dec = g_strdup_printf( "username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"%s\"," - "nc=%08x,qop=auth,digest-uri=\"%s\",response=%s,charset=%s", - jd->username, realm, nonce, cnonce, 1, digest_uri, Hh, "utf-8" ); - s = tobase64( dec ); + reply = g_strdup_printf( "username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"%s\"," + "nc=%08x,qop=auth,digest-uri=\"%s\",response=%s,charset=%s", + jd->username, realm, nonce, cnonce, 1, digest_uri, Hh, "utf-8" ); } else { /* We found rspauth, but don't really care... */ - g_free( s ); - s = NULL; } - reply = xt_new_node( "response", s, NULL ); - xt_add_attr( reply, "xmlns", XMLNS_SASL ); + s = reply ? tobase64( reply ) : NULL; + reply_pkt = xt_new_node( "response", s, NULL ); + xt_add_attr( reply_pkt, "xmlns", XMLNS_SASL ); - if( !jabber_write_packet( ic, reply ) ) + if( !jabber_write_packet( ic, reply_pkt ) ) goto silent_error; ret = XT_HANDLED; @@ -375,10 +377,11 @@ silent_error: g_free( digest_uri ); g_free( cnonce ); g_free( nonce ); + g_free( reply ); g_free( realm ); g_free( dec ); g_free( s ); - xt_free_node( reply ); + xt_free_node( reply_pkt ); return ret; } -- cgit v1.2.3 From f988ad3fd0bb29ae8a16f5d921b92fd90b7792a6 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sun, 31 Jul 2011 21:31:37 +0100 Subject: Don't timeout Jabber connections on OAuth initialization. --- protocols/jabber/jabber.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index c97adf71..0ae903e2 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -145,7 +145,10 @@ static void jabber_login( account_t *acc ) For subsequent logins, exchange the refresh token for a valid access token (even though the last one maybe didn't expire yet). */ if( strncmp( acc->pass, "refresh_token=", 14 ) != 0 ) + { sasl_oauth2_init( ic ); + ic->flags |= OPT_SLOW_LOGIN; + } else sasl_oauth2_refresh( ic, acc->pass + 14 ); } -- cgit v1.2.3 From 911d97a988d5f3d90c4b15c05adc733ada1fb37a Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Thu, 4 Aug 2011 16:19:54 +0100 Subject: Error handling fixes. Found one double free() bug causing troubles when a buddy_msg() handler takes down the IM connection immediately. --- irc_im.c | 8 +++++--- protocols/jabber/jabber.c | 1 + protocols/jabber/sasl.c | 3 ++- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/irc_im.c b/irc_im.c index 6add08dd..986693aa 100644 --- a/irc_im.c +++ b/irc_im.c @@ -450,9 +450,13 @@ static gboolean bee_irc_user_privmsg( irc_user_t *iu, const char *msg ) static gboolean bee_irc_user_privmsg_cb( gpointer data, gint fd, b_input_condition cond ) { irc_user_t *iu = data; - char *msg = g_string_free( iu->pastebuf, FALSE ); + char *msg; GSList *l; + msg = g_string_free( iu->pastebuf, FALSE ); + iu->pastebuf = NULL; + iu->pastebuf_timer = 0; + for( l = irc_plugins; l; l = l->next ) { irc_plugin_t *p = l->data; @@ -478,8 +482,6 @@ static gboolean bee_irc_user_privmsg_cb( gpointer data, gint fd, b_input_conditi bee_user_msg( iu->irc->b, iu->bu, msg, 0 ); g_free( msg ); - iu->pastebuf = NULL; - iu->pastebuf_timer = 0; return FALSE; } diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index 0ae903e2..e7692484 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -318,6 +318,7 @@ static int jabber_buddy_msg( struct im_connection *ic, char *who, char *message, { imcb_error( ic, "OAuth failure" ); imc_logout( ic, TRUE ); + return 0; } } diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index f232864b..f21a6706 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -447,7 +447,8 @@ void sasl_oauth2_init( struct im_connection *ic ) static gboolean sasl_oauth2_remove_contact( gpointer data, gint fd, b_input_condition cond ) { struct im_connection *ic = data; - imcb_remove_buddy( ic, "jabber_oauth", NULL ); + if( g_slist_find( jabber_connections, ic ) ) + imcb_remove_buddy( ic, "jabber_oauth", NULL ); return FALSE; } -- cgit v1.2.3 From 773219385d7db48c58556210922eb671e24736aa Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Thu, 4 Aug 2011 19:52:53 +0100 Subject: Had to change the OAuth secret for GTalk. --- lib/oauth2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/oauth2.c b/lib/oauth2.c index a54ef431..7cb28105 100644 --- a/lib/oauth2.c +++ b/lib/oauth2.c @@ -33,7 +33,7 @@ struct oauth2_service oauth2_service_google = "https://accounts.google.com/o/oauth2/token", "urn:ietf:wg:oauth:2.0:oob", "783993391592.apps.googleusercontent.com", - "k5_EV4EQ7jEVCEk3WBwEFfuW", + "6C-Zgf7Tr7gEQTPlBhMUgo7R", }; struct oauth2_service oauth2_service_facebook = { -- cgit v1.2.3 From 87dddee3a14d7755204d6fc4b321729bad02ce4e Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Mon, 1 Aug 2011 10:53:48 +0100 Subject: Doc update, OAuth is available for more than just Twitter now. --- doc/user-guide/commands.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/user-guide/commands.xml b/doc/user-guide/commands.xml index 74310d5e..a3b68fa9 100644 --- a/doc/user-guide/commands.xml +++ b/doc/user-guide/commands.xml @@ -1125,15 +1125,15 @@ - This enables OAuth authentication for Twitter accounts. From June 2010 this will be mandatory. + This enables OAuth authentication for accounts that support it; right now Twitter and Google Talk (if you have 2-factor authentication enabled on your account) support it. - With OAuth enabled, you shouldn't tell BitlBee your Twitter password. Just add your account with a bogus password and type account on. BitlBee will then give you a URL to authenticate with Twitter. If this succeeds, Twitter will return a PIN code which you can give back to BitlBee to finish the process. + With OAuth enabled, you shouldn't tell BitlBee your Twitter password. Just add your account with a bogus password and type account on. BitlBee will then give you a URL to authenticate with the service. If this succeeds, you will get a PIN code which you can give back to BitlBee to finish the process. - The resulting access token will be saved permanently, so you have to do this only once. + The resulting access token will be saved permanently, so you have to do this only once. If for any reason you want to/have to reauthenticate, you can use account set to reset the account password to something random. -- cgit v1.2.3 From 18c6d369d777a1d38ef450f868c22de1d0ebba2d Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sun, 18 Dec 2011 20:25:44 +0100 Subject: More generic OAuth support now. Should work well for all GTalk accounts now and somewhat for MS Messenger. The fb part needs different parsing of the authorize request, and possibly some other work. --- lib/oauth2.c | 26 +++++------------ lib/oauth2.h | 9 ++---- protocols/jabber/jabber.c | 7 +++++ protocols/jabber/jabber.h | 5 ++++ protocols/jabber/sasl.c | 74 ++++++++++++++++++++++++++++++++++++----------- 5 files changed, 78 insertions(+), 43 deletions(-) diff --git a/lib/oauth2.c b/lib/oauth2.c index 7cb28105..93891317 100644 --- a/lib/oauth2.c +++ b/lib/oauth2.c @@ -27,27 +27,10 @@ #include "oauth.h" #include "url.h" -struct oauth2_service oauth2_service_google = -{ - "https://accounts.google.com/o/oauth2/auth", - "https://accounts.google.com/o/oauth2/token", - "urn:ietf:wg:oauth:2.0:oob", - "783993391592.apps.googleusercontent.com", - "6C-Zgf7Tr7gEQTPlBhMUgo7R", -}; -struct oauth2_service oauth2_service_facebook = -{ - "https://www.facebook.com/dialog/oauth", - "https://graph.facebook.com/oauth/access_token", - "http://www.bitlbee.org/main.php/fb.html", - "126828914005625", - "4b100f0f244d620bf3f15f8b217d4c32", -}; - -char *oauth2_url( const struct oauth2_service *sp, const char *scope ) +char *oauth2_url( const struct oauth2_service *sp ) { return g_strconcat( sp->auth_url, - "?scope=", scope, + "?scope=", sp->scope, "&response_type=code" "&redirect_uri=", sp->redirect_url, "&client_id=", sp->consumer_key, @@ -120,10 +103,15 @@ static void oauth2_access_token_done( struct http_request *req ) struct oauth2_access_token_data *cb_data = req->data; char *atoken = NULL, *rtoken = NULL; + if( getenv( "BITLBEE_DEBUG" ) && req->reply_body ) + printf( "%s\n", req->reply_body ); + if( req->status_code == 200 ) { atoken = oauth2_json_dumb_get( req->reply_body, "access_token" ); rtoken = oauth2_json_dumb_get( req->reply_body, "refresh_token" ); + if( getenv( "BITLBEE_DEBUG" ) ) + printf( "Extracted atoken=%s rtoken=%s\n", atoken, rtoken ); } cb_data->func( cb_data->data, atoken, rtoken ); g_free( atoken ); diff --git a/lib/oauth2.h b/lib/oauth2.h index 6f56b426..c8d18963 100644 --- a/lib/oauth2.h +++ b/lib/oauth2.h @@ -31,22 +31,17 @@ struct oauth2_service char *auth_url; char *token_url; char *redirect_url; + char *scope; char *consumer_key; char *consumer_secret; }; -/* Currently suitable for authenticating to Google Talk only, and only for - accounts that have 2-factor authorization enabled. */ -extern struct oauth2_service oauth2_service_google; - -extern struct oauth2_service oauth2_service_facebook; - #define OAUTH2_AUTH_CODE "authorization_code" #define OAUTH2_AUTH_REFRESH "refresh_token" /* Generate a URL the user should open in his/her browser to get an authorization code. */ -char *oauth2_url( const struct oauth2_service *sp, const char *scope ); +char *oauth2_url( const struct oauth2_service *sp ); /* Exchanges an auth code or refresh token for an access token. auth_type is one of the two OAUTH2_AUTH_.. constants above. */ diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index 9b94b21d..bf849e2a 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -144,6 +144,13 @@ static void jabber_login( account_t *acc ) { jd->fd = jd->r_inpa = jd->w_inpa = -1; + if( strstr( jd->server, ".live.com" ) ) + jd->oauth2_service = &oauth2_service_mslive; + else if( strstr( jd->server, ".facebook.com" ) ) + jd->oauth2_service = &oauth2_service_facebook; + else + jd->oauth2_service = &oauth2_service_google; + /* For the first login with OAuth, we have to authenticate via the browser. For subsequent logins, exchange the refresh token for a valid access token (even though the last one maybe didn't expire yet). */ diff --git a/protocols/jabber/jabber.h b/protocols/jabber/jabber.h index c68ae343..0a46633e 100644 --- a/protocols/jabber/jabber.h +++ b/protocols/jabber/jabber.h @@ -94,6 +94,7 @@ struct jabber_data char *username; /* USERNAME@server */ char *server; /* username@SERVER -=> server/domain, not hostname */ + const struct oauth2_service *oauth2_service; char *oauth2_access_token; /* After changing one of these two (or the priority setting), call @@ -326,6 +327,10 @@ void sasl_oauth2_init( struct im_connection *ic ); int sasl_oauth2_get_refresh_token( struct im_connection *ic, const char *msg ); int sasl_oauth2_refresh( struct im_connection *ic, const char *refresh_token ); +extern const struct oauth2_service oauth2_service_google; +extern const struct oauth2_service oauth2_service_facebook; +extern const struct oauth2_service oauth2_service_mslive; + /* conference.c */ struct groupchat *jabber_chat_join( struct im_connection *ic, const char *room, const char *nick, const char *password ); struct groupchat *jabber_chat_by_jid( struct im_connection *ic, const char *name ); diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index f21a6706..89ab1337 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -28,13 +28,42 @@ #include "oauth2.h" #include "oauth.h" +const struct oauth2_service oauth2_service_google = +{ + "https://accounts.google.com/o/oauth2/auth", + "https://accounts.google.com/o/oauth2/token", + "urn:ietf:wg:oauth:2.0:oob", + "https://www.googleapis.com/auth/googletalk", + "783993391592.apps.googleusercontent.com", + "6C-Zgf7Tr7gEQTPlBhMUgo7R", +}; +const struct oauth2_service oauth2_service_facebook = +{ + "https://www.facebook.com/dialog/oauth", + "https://graph.facebook.com/oauth/access_token", + "http://www.bitlbee.org/main.php/Facebook/oauth2.html", + "offline_access,xmpp_login", + "126828914005625", + "4b100f0f244d620bf3f15f8b217d4c32", +}; +const struct oauth2_service oauth2_service_mslive = +{ + "https://oauth.live.com/authorize", + "https://oauth.live.com/token", + "http://www.bitlbee.org/main.php/Messenger/oauth2.html", + "wl.messenger", + "000000004C06FCD1", + "IRKlBPzJJAWcY-TbZjiTEJu9tn7XCFaV", +}; + xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) { struct im_connection *ic = data; struct jabber_data *jd = ic->proto_data; struct xt_node *c, *reply; char *s; - int sup_plain = 0, sup_digest = 0, sup_oauth2 = 0, sup_fb = 0; + int sup_plain = 0, sup_digest = 0, sup_gtalk = 0, sup_fb = 0, sup_ms = 0; + int want_oauth = FALSE; if( !sasl_supported( ic ) ) { @@ -61,14 +90,16 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) if( c->text && g_strcasecmp( c->text, "DIGEST-MD5" ) == 0 ) sup_digest = 1; if( c->text && g_strcasecmp( c->text, "X-OAUTH2" ) == 0 ) - sup_oauth2 = 1; + sup_gtalk = 1; if( c->text && g_strcasecmp( c->text, "X-FACEBOOK-PLATFORM" ) == 0 ) sup_fb = 1; + if( c->text && g_strcasecmp( c->text, "X-MESSENGER-OAUTH2" ) == 0 ) + sup_ms = 1; c = c->next; } - if( !sup_plain && !sup_digest ) + if( !sup_plain && !sup_digest && !sup_gtalk && !sup_fb && !sup_ms ) { imcb_error( ic, "No known SASL authentication schemes supported" ); imc_logout( ic, FALSE ); @@ -77,19 +108,12 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) reply = xt_new_node( "auth", NULL, NULL ); xt_add_attr( reply, "xmlns", XMLNS_SASL ); + want_oauth = set_getbool( &ic->acc->set, "oauth" ); - if( set_getbool( &ic->acc->set, "oauth" ) ) + if( sup_gtalk && want_oauth ) { int len; - if( !sup_oauth2 ) - { - imcb_error( ic, "OAuth requested, but not supported by server" ); - imc_logout( ic, FALSE ); - xt_free_node( reply ); - return XT_ABORT; - } - /* X-OAUTH2 is, not *the* standard OAuth2 SASL/XMPP implementation. It's currently used by GTalk and vaguely documented on http://code.google.com/apis/cloudprint/docs/rawxmpp.html . */ @@ -104,11 +128,24 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) reply->text_len = strlen( reply->text ); g_free( s ); } - else if( sup_fb && strstr( ic->acc->pass, "session_key=" ) ) + else if( sup_ms && want_oauth ) + { + xt_add_attr( reply, "mechanism", "X-MESSENGER-OAUTH2" ); + reply->text = g_strdup( jd->oauth2_access_token ); + reply->text_len = strlen( jd->oauth2_access_token ); + } + else if( sup_fb && want_oauth && strstr( ic->acc->pass, "session_key=" ) ) { xt_add_attr( reply, "mechanism", "X-FACEBOOK-PLATFORM" ); jd->flags |= JFLAG_SASL_FB; } + else if( want_oauth ) + { + imcb_error( ic, "OAuth requested, but not supported by server" ); + imc_logout( ic, FALSE ); + xt_free_node( reply ); + return XT_ABORT; + } else if( sup_digest ) { xt_add_attr( reply, "mechanism", "DIGEST-MD5" ); @@ -427,14 +464,14 @@ gboolean sasl_supported( struct im_connection *ic ) void sasl_oauth2_init( struct im_connection *ic ) { + struct jabber_data *jd = ic->proto_data; char *msg, *url; imcb_log( ic, "Starting OAuth authentication" ); /* Temporary contact, just used to receive the OAuth response. */ imcb_add_buddy( ic, "jabber_oauth", NULL ); - url = oauth2_url( &oauth2_service_google, - "https://www.googleapis.com/auth/googletalk" ); + url = oauth2_url( jd->oauth2_service ); msg = g_strdup_printf( "Open this URL in your browser to authenticate: %s", url ); imcb_buddy_msg( ic, "jabber_oauth", msg, 0, 0 ); imcb_buddy_msg( ic, "jabber_oauth", "Respond to this message with the returned " @@ -456,6 +493,7 @@ static void sasl_oauth2_got_token( gpointer data, const char *access_token, cons int sasl_oauth2_get_refresh_token( struct im_connection *ic, const char *msg ) { + struct jabber_data *jd = ic->proto_data; char *code; int ret; @@ -467,7 +505,7 @@ int sasl_oauth2_get_refresh_token( struct im_connection *ic, const char *msg ) code = g_strdup( msg ); g_strstrip( code ); - ret = oauth2_access_token( &oauth2_service_google, OAUTH2_AUTH_CODE, + ret = oauth2_access_token( jd->oauth2_service, OAUTH2_AUTH_CODE, code, sasl_oauth2_got_token, ic ); g_free( code ); @@ -476,7 +514,9 @@ int sasl_oauth2_get_refresh_token( struct im_connection *ic, const char *msg ) int sasl_oauth2_refresh( struct im_connection *ic, const char *refresh_token ) { - return oauth2_access_token( &oauth2_service_google, OAUTH2_AUTH_REFRESH, + struct jabber_data *jd = ic->proto_data; + + return oauth2_access_token( jd->oauth2_service, OAUTH2_AUTH_REFRESH, refresh_token, sasl_oauth2_got_token, ic ); } -- cgit v1.2.3 From 64b663524a465efb7707a2c634be97b9fb6f963b Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sun, 18 Dec 2011 22:56:44 +0100 Subject: Restructured and updated code a little bit to support new-style (much better and "proper" OAuth2) Facebook OAuth support. (And, add wl.offline scope to get tokens that don't expire after an hour.) --- protocols/jabber/jabber.c | 23 +++++++++++++++++------ protocols/jabber/jabber.h | 1 + protocols/jabber/sasl.c | 47 +++++++++++++++++++++-------------------------- 3 files changed, 39 insertions(+), 32 deletions(-) diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index bf849e2a..50ee6f2d 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -151,16 +151,27 @@ static void jabber_login( account_t *acc ) else jd->oauth2_service = &oauth2_service_google; - /* For the first login with OAuth, we have to authenticate via the browser. - For subsequent logins, exchange the refresh token for a valid access - token (even though the last one maybe didn't expire yet). */ - if( strncmp( acc->pass, "refresh_token=", 14 ) != 0 ) + /* First see if we have a refresh token, in which case any + access token we *might* have has probably expired already + anyway. */ + if( strstr( acc->pass, "refresh_token=" ) ) + { + sasl_oauth2_refresh( ic, acc->pass + 14 ); + } + /* If we don't have a refresh token, let's hope the access + token is still usable. */ + else if( strstr( acc->pass, "access_token=" ) ) + { + sasl_oauth2_load_access_token( ic ); + jabber_connect( ic ); + } + /* If we don't have any, start the OAuth process now. Don't + even open an XMPP connection yet. */ + else { sasl_oauth2_init( ic ); ic->flags |= OPT_SLOW_LOGIN; } - else - sasl_oauth2_refresh( ic, acc->pass + 14 ); } else jabber_connect( ic ); diff --git a/protocols/jabber/jabber.h b/protocols/jabber/jabber.h index 0a46633e..57f01695 100644 --- a/protocols/jabber/jabber.h +++ b/protocols/jabber/jabber.h @@ -326,6 +326,7 @@ gboolean sasl_supported( struct im_connection *ic ); void sasl_oauth2_init( struct im_connection *ic ); int sasl_oauth2_get_refresh_token( struct im_connection *ic, const char *msg ); int sasl_oauth2_refresh( struct im_connection *ic, const char *refresh_token ); +int sasl_oauth2_load_access_token( struct im_connection *ic ); extern const struct oauth2_service oauth2_service_google; extern const struct oauth2_service oauth2_service_facebook; diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index 89ab1337..622bff74 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -51,7 +51,7 @@ const struct oauth2_service oauth2_service_mslive = "https://oauth.live.com/authorize", "https://oauth.live.com/token", "http://www.bitlbee.org/main.php/Messenger/oauth2.html", - "wl.messenger", + "wl.offline_access%20wl.messenger", "000000004C06FCD1", "IRKlBPzJJAWcY-TbZjiTEJu9tn7XCFaV", }; @@ -87,13 +87,13 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) { if( c->text && g_strcasecmp( c->text, "PLAIN" ) == 0 ) sup_plain = 1; - if( c->text && g_strcasecmp( c->text, "DIGEST-MD5" ) == 0 ) + else if( c->text && g_strcasecmp( c->text, "DIGEST-MD5" ) == 0 ) sup_digest = 1; - if( c->text && g_strcasecmp( c->text, "X-OAUTH2" ) == 0 ) + else if( c->text && g_strcasecmp( c->text, "X-OAUTH2" ) == 0 ) sup_gtalk = 1; - if( c->text && g_strcasecmp( c->text, "X-FACEBOOK-PLATFORM" ) == 0 ) + else if( c->text && g_strcasecmp( c->text, "X-FACEBOOK-PLATFORM" ) == 0 ) sup_fb = 1; - if( c->text && g_strcasecmp( c->text, "X-MESSENGER-OAUTH2" ) == 0 ) + else if( c->text && g_strcasecmp( c->text, "X-MESSENGER-OAUTH2" ) == 0 ) sup_ms = 1; c = c->next; @@ -134,7 +134,7 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) reply->text = g_strdup( jd->oauth2_access_token ); reply->text_len = strlen( jd->oauth2_access_token ); } - else if( sup_fb && want_oauth && strstr( ic->acc->pass, "session_key=" ) ) + else if( sup_fb && want_oauth ) { xt_add_attr( reply, "mechanism", "X-FACEBOOK-PLATFORM" ); jd->flags |= JFLAG_SASL_FB; @@ -291,40 +291,23 @@ xt_status sasl_pkt_challenge( struct xt_node *node, gpointer data ) Mechanism is described on http://developers.facebook.com/docs/chat/ and in their Python module. It's all mostly useless because the tokens expire after 24h. */ - GSList *p_in = NULL, *p_out = NULL, *p; - md5_state_t md5; - char time[33], *token; - const char *secret; + GSList *p_in = NULL, *p_out = NULL; + char time[33]; oauth_params_parse( &p_in, dec ); oauth_params_add( &p_out, "nonce", oauth_params_get( &p_in, "nonce" ) ); oauth_params_add( &p_out, "method", oauth_params_get( &p_in, "method" ) ); oauth_params_free( &p_in ); - token = g_strdup( ic->acc->pass ); - oauth_params_parse( &p_in, token ); - g_free( token ); - oauth_params_add( &p_out, "session_key", oauth_params_get( &p_in, "session_key" ) ); - g_snprintf( time, sizeof( time ), "%lld", (long long) ( gettime() * 1000 ) ); oauth_params_add( &p_out, "call_id", time ); oauth_params_add( &p_out, "api_key", oauth2_service_facebook.consumer_key ); oauth_params_add( &p_out, "v", "1.0" ); oauth_params_add( &p_out, "format", "XML" ); - - md5_init( &md5 ); - for( p = p_out; p; p = p->next ) - md5_append( &md5, p->data, strlen( p->data ) ); - - secret = oauth_params_get( &p_in, "secret" ); - if( secret ) - md5_append( &md5, (unsigned char*) secret, strlen( secret ) ); - md5_finish_ascii( &md5, time ); - oauth_params_add( &p_out, "sig", time ); + oauth_params_add( &p_out, "access_token", jd->oauth2_access_token ); reply = oauth_params_string( p_out ); oauth_params_free( &p_out ); - oauth_params_free( &p_in ); } else if( !( s = sasl_get_part( dec, "rspauth" ) ) ) { @@ -520,6 +503,18 @@ int sasl_oauth2_refresh( struct im_connection *ic, const char *refresh_token ) refresh_token, sasl_oauth2_got_token, ic ); } +int sasl_oauth2_load_access_token( struct im_connection *ic ) +{ + struct jabber_data *jd = ic->proto_data; + GSList *p_in = NULL; + + oauth_params_parse( &p_in, ic->acc->pass ); + jd->oauth2_access_token = g_strdup( oauth_params_get( &p_in, "access_token" ) ); + oauth_params_free( &p_in ); + + return jd->oauth2_access_token != NULL; +} + static void sasl_oauth2_got_token( gpointer data, const char *access_token, const char *refresh_token ) { struct im_connection *ic = data; -- cgit v1.2.3 From 9b0ad7e8334c7c01e8d9652aa3b1aaa6c5f6d211 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Mon, 19 Dec 2011 01:00:31 +0100 Subject: Moving msn_findheader() to lib/misc.c as get_rfc822_header() so I can use it in OAuth as well. (Need it to find the Content-Type: header.) --- lib/misc.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++ lib/misc.h | 4 +--- protocols/msn/msn.h | 1 - protocols/msn/msn_util.c | 52 ------------------------------------------------ protocols/msn/ns.c | 14 ++++++------- protocols/msn/sb.c | 8 ++++---- 6 files changed, 64 insertions(+), 67 deletions(-) diff --git a/lib/misc.c b/lib/misc.c index 711b927c..442f8f19 100644 --- a/lib/misc.c +++ b/lib/misc.c @@ -728,3 +728,55 @@ char **split_command_parts( char *command ) return cmd; } + +char *get_rfc822_header( char *text, char *header, int len ) +{ + int hlen = strlen( header ), i; + char *ret; + + if( len == 0 ) + len = strlen( text ); + + i = 0; + while( ( i + hlen ) < len ) + { + /* Maybe this is a bit over-commented, but I just hate this part... */ + if( g_strncasecmp( text + i, header, hlen ) == 0 ) + { + /* Skip to the (probable) end of the header */ + i += hlen; + + /* Find the first non-[: \t] character */ + while( i < len && ( text[i] == ':' || text[i] == ' ' || text[i] == '\t' ) ) i ++; + + /* Make sure we're still inside the string */ + if( i >= len ) return( NULL ); + + /* Save the position */ + ret = text + i; + + /* Search for the end of this line */ + while( i < len && text[i] != '\r' && text[i] != '\n' ) i ++; + + /* Make sure we're still inside the string */ + if( i >= len ) return( NULL ); + + /* Copy the found data */ + return( g_strndup( ret, text + i - ret ) ); + } + + /* This wasn't the header we were looking for, skip to the next line. */ + while( i < len && ( text[i] != '\r' && text[i] != '\n' ) ) i ++; + while( i < len && ( text[i] == '\r' || text[i] == '\n' ) ) i ++; + + /* End of headers? */ + if( ( i >= 4 && strncmp( text + i - 4, "\r\n\r\n", 4 ) == 0 ) || + ( i >= 2 && ( strncmp( text + i - 2, "\n\n", 2 ) == 0 || + strncmp( text + i - 2, "\r\r", 2 ) == 0 ) ) ) + { + break; + } + } + + return( NULL ); +} diff --git a/lib/misc.h b/lib/misc.h index 83ba9e67..7e03de2d 100644 --- a/lib/misc.h +++ b/lib/misc.h @@ -64,11 +64,9 @@ G_MODULE_EXPORT struct ns_srv_reply **srv_lookup( char *service, char *protocol, G_MODULE_EXPORT void srv_free( struct ns_srv_reply **srv ); G_MODULE_EXPORT char *word_wrap( const char *msg, int line_len ); - G_MODULE_EXPORT gboolean ssl_sockerr_again( void *ssl ); - G_MODULE_EXPORT int md5_verify_password( char *password, char *hash ); - G_MODULE_EXPORT char **split_command_parts( char *command ); +G_MODULE_EXPORT char *get_rfc822_header( char *text, char *header, int len ); #endif diff --git a/protocols/msn/msn.h b/protocols/msn/msn.h index da9430ab..bf7cdfa8 100644 --- a/protocols/msn/msn.h +++ b/protocols/msn/msn.h @@ -233,7 +233,6 @@ int msn_logged_in( struct im_connection *ic ); int msn_buddy_list_add( struct im_connection *ic, msn_buddy_flags_t list, const char *who, const char *realname_, const char *group ); int msn_buddy_list_remove( struct im_connection *ic, msn_buddy_flags_t list, const char *who, const char *group ); void msn_buddy_ask( bee_user_t *bu ); -char *msn_findheader( char *text, char *header, int len ); char **msn_linesplit( char *line ); int msn_handler( struct msn_handler_data *h ); void msn_msgq_purge( struct im_connection *ic, GSList **list ); diff --git a/protocols/msn/msn_util.c b/protocols/msn/msn_util.c index 7fa68915..d5a74a47 100644 --- a/protocols/msn/msn_util.c +++ b/protocols/msn/msn_util.c @@ -227,58 +227,6 @@ void msn_buddy_ask( bee_user_t *bu ) imcb_ask( bu->ic, buf, bla, msn_buddy_ask_yes, msn_buddy_ask_no ); } -char *msn_findheader( char *text, char *header, int len ) -{ - int hlen = strlen( header ), i; - char *ret; - - if( len == 0 ) - len = strlen( text ); - - i = 0; - while( ( i + hlen ) < len ) - { - /* Maybe this is a bit over-commented, but I just hate this part... */ - if( g_strncasecmp( text + i, header, hlen ) == 0 ) - { - /* Skip to the (probable) end of the header */ - i += hlen; - - /* Find the first non-[: \t] character */ - while( i < len && ( text[i] == ':' || text[i] == ' ' || text[i] == '\t' ) ) i ++; - - /* Make sure we're still inside the string */ - if( i >= len ) return( NULL ); - - /* Save the position */ - ret = text + i; - - /* Search for the end of this line */ - while( i < len && text[i] != '\r' && text[i] != '\n' ) i ++; - - /* Make sure we're still inside the string */ - if( i >= len ) return( NULL ); - - /* Copy the found data */ - return( g_strndup( ret, text + i - ret ) ); - } - - /* This wasn't the header we were looking for, skip to the next line. */ - while( i < len && ( text[i] != '\r' && text[i] != '\n' ) ) i ++; - while( i < len && ( text[i] == '\r' || text[i] == '\n' ) ) i ++; - - /* End of headers? */ - if( ( i >= 4 && strncmp( text + i - 4, "\r\n\r\n", 4 ) == 0 ) || - ( i >= 2 && ( strncmp( text + i - 2, "\n\n", 2 ) == 0 || - strncmp( text + i - 2, "\r\r", 2 ) == 0 ) ) ) - { - break; - } - } - - return( NULL ); -} - /* *NOT* thread-safe, but that's not a problem for now... */ char **msn_linesplit( char *line ) { diff --git a/protocols/msn/ns.c b/protocols/msn/ns.c index e144a8d2..0fa49ecb 100644 --- a/protocols/msn/ns.c +++ b/protocols/msn/ns.c @@ -608,7 +608,7 @@ static int msn_ns_message( struct msn_handler_data *handler, char *msg, int msgl { if( g_strcasecmp( cmd[1], "Hotmail" ) == 0 ) { - char *ct = msn_findheader( msg, "Content-Type:", msglen ); + char *ct = get_rfc822_header( msg, "Content-Type:", msglen ); if( !ct ) return( 1 ); @@ -621,8 +621,8 @@ static int msn_ns_message( struct msn_handler_data *handler, char *msg, int msgl if( !body ) return( 1 ); - mtype = msn_findheader( body, "Type:", blen ); - arg1 = msn_findheader( body, "Arg1:", blen ); + mtype = get_rfc822_header( body, "Type:", blen ); + arg1 = get_rfc822_header( body, "Arg1:", blen ); if( mtype && strcmp( mtype, "1" ) == 0 ) { @@ -641,8 +641,8 @@ static int msn_ns_message( struct msn_handler_data *handler, char *msg, int msgl { if( set_getbool( &ic->acc->set, "mail_notifications" ) ) { - char *inbox = msn_findheader( body, "Inbox-Unread:", blen ); - char *folders = msn_findheader( body, "Folders-Unread:", blen ); + char *inbox = get_rfc822_header( body, "Inbox-Unread:", blen ); + char *folders = get_rfc822_header( body, "Folders-Unread:", blen ); if( inbox && folders ) imcb_log( ic, "INBOX contains %s new messages, plus %s messages in other folders.", inbox, folders ); @@ -655,8 +655,8 @@ static int msn_ns_message( struct msn_handler_data *handler, char *msg, int msgl { if( set_getbool( &ic->acc->set, "mail_notifications" ) ) { - char *from = msn_findheader( body, "From-Addr:", blen ); - char *fromname = msn_findheader( body, "From:", blen ); + char *from = get_rfc822_header( body, "From-Addr:", blen ); + char *fromname = get_rfc822_header( body, "From:", blen ); if( from && fromname ) imcb_log( ic, "Received an e-mail message from %s <%s>.", fromname, from ); diff --git a/protocols/msn/sb.c b/protocols/msn/sb.c index 69114469..ccd65e49 100644 --- a/protocols/msn/sb.c +++ b/protocols/msn/sb.c @@ -681,7 +681,7 @@ static int msn_sb_message( struct msn_handler_data *handler, char *msg, int msgl if( strcmp( cmd[0], "MSG" ) == 0 ) { - char *ct = msn_findheader( msg, "Content-Type:", msglen ); + char *ct = get_rfc822_header( msg, "Content-Type:", msglen ); if( !ct ) return( 1 ); @@ -710,8 +710,8 @@ static int msn_sb_message( struct msn_handler_data *handler, char *msg, int msgl // Disable MSN ft support for now. else if( g_strncasecmp( ct, "text/x-msmsgsinvite", 19 ) == 0 ) { - char *command = msn_findheader( body, "Invitation-Command:", blen ); - char *cookie = msn_findheader( body, "Invitation-Cookie:", blen ); + char *command = get_rfc822_header( body, "Invitation-Command:", blen ); + char *cookie = get_rfc822_header( body, "Invitation-Cookie:", blen ); unsigned int icookie; g_free( ct ); @@ -749,7 +749,7 @@ static int msn_sb_message( struct msn_handler_data *handler, char *msg, int msgl } else if( g_strncasecmp( ct, "text/x-msmsgscontrol", 20 ) == 0 ) { - char *who = msn_findheader( msg, "TypingUser:", msglen ); + char *who = get_rfc822_header( msg, "TypingUser:", msglen ); if( who ) { -- cgit v1.2.3 From bf57cd1bf1019decd67d7c835060675e6a030cde Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Mon, 19 Dec 2011 01:17:38 +0100 Subject: Facebook OAuth2 should now be fully usable. --- lib/oauth.c | 6 ++++++ lib/oauth2.c | 18 +++++++++++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/lib/oauth.c b/lib/oauth.c index 4f431ed6..23353c61 100644 --- a/lib/oauth.c +++ b/lib/oauth.c @@ -133,6 +133,9 @@ void oauth_params_del( GSList **params, const char *key ) int key_len = strlen( key ); GSList *l, *n; + if( params == NULL ) + return NULL; + for( l = *params; l; l = n ) { n = l->next; @@ -157,6 +160,9 @@ const char *oauth_params_get( GSList **params, const char *key ) int key_len = strlen( key ); GSList *l; + if( params == NULL ) + return NULL; + for( l = *params; l; l = l->next ) { if( strncmp( (char*) l->data, key, key_len ) == 0 && diff --git a/lib/oauth2.c b/lib/oauth2.c index 93891317..4a9d256c 100644 --- a/lib/oauth2.c +++ b/lib/oauth2.c @@ -102,17 +102,33 @@ static void oauth2_access_token_done( struct http_request *req ) { struct oauth2_access_token_data *cb_data = req->data; char *atoken = NULL, *rtoken = NULL; + const char *content_type; if( getenv( "BITLBEE_DEBUG" ) && req->reply_body ) printf( "%s\n", req->reply_body ); - if( req->status_code == 200 ) + content_type = get_rfc822_header( req->reply_headers, "Content-Type", 0 ); + + if( req->status_code != 200 ) + { + } + else if( strstr( content_type, "application/json" ) ) { atoken = oauth2_json_dumb_get( req->reply_body, "access_token" ); rtoken = oauth2_json_dumb_get( req->reply_body, "refresh_token" ); if( getenv( "BITLBEE_DEBUG" ) ) printf( "Extracted atoken=%s rtoken=%s\n", atoken, rtoken ); } + else + { + /* Facebook use their own odd format here, seems to be URL-encoded. */ + GSList *p_in = NULL; + + oauth_params_parse( &p_in, req->reply_body ); + atoken = g_strdup( oauth_params_get( &p_in, "access_token" ) ); + rtoken = g_strdup( oauth_params_get( &p_in, "refresh_token" ) ); + oauth_params_free( &p_in ); + } cb_data->func( cb_data->data, atoken, rtoken ); g_free( atoken ); g_free( rtoken ); -- cgit v1.2.3 From 4be0e3458a001a1c2eb3dd0074d7fd65260f2e6f Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Mon, 19 Dec 2011 01:41:40 +0100 Subject: Give a list of SASL mechanisms supported by a server when reporting we don't support any of them. --- lib/oauth.c | 2 +- protocols/jabber/sasl.c | 18 +++++++++++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/lib/oauth.c b/lib/oauth.c index 23353c61..4d7acd97 100644 --- a/lib/oauth.c +++ b/lib/oauth.c @@ -134,7 +134,7 @@ void oauth_params_del( GSList **params, const char *key ) GSList *l, *n; if( params == NULL ) - return NULL; + return; for( l = *params; l; l = n ) { diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index 622bff74..8727212f 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -64,6 +64,7 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) char *s; int sup_plain = 0, sup_digest = 0, sup_gtalk = 0, sup_fb = 0, sup_ms = 0; int want_oauth = FALSE; + GString *mechs; if( !sasl_supported( ic ) ) { @@ -82,6 +83,7 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) return XT_ABORT; } + mechs = g_string_new( "" ); c = node->children; while( ( c = xt_find_node( c, "mechanism" ) ) ) { @@ -96,15 +98,21 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) else if( c->text && g_strcasecmp( c->text, "X-MESSENGER-OAUTH2" ) == 0 ) sup_ms = 1; + if( c->text ) + g_string_append_printf( mechs, " %s", c->text ); + c = c->next; } if( !sup_plain && !sup_digest && !sup_gtalk && !sup_fb && !sup_ms ) { - imcb_error( ic, "No known SASL authentication schemes supported" ); + imcb_error( ic, "BitlBee does not support any of the offered SASL " + "authentication schemes:%s", mechs->str ); imc_logout( ic, FALSE ); + g_string_free( mechs, TRUE ); return XT_ABORT; } + g_string_free( mechs, TRUE ); reply = xt_new_node( "auth", NULL, NULL ); xt_add_attr( reply, "xmlns", XMLNS_SASL ); @@ -536,6 +544,14 @@ static void sasl_oauth2_got_token( gpointer data, const char *access_token, cons g_free( ic->acc->pass ); ic->acc->pass = g_strdup_printf( "refresh_token=%s", refresh_token ); } + /* Should do this, but only in the Facebook case where we get an access + token that never expires. Shouldn't overwrite a refresh token with + an access token. + else + { + g_free( ic->acc->pass ); + ic->acc->pass = g_strdup_printf( "access_token=%s", access_token ); + } */ g_free( jd->oauth2_access_token ); jd->oauth2_access_token = g_strdup( access_token ); -- cgit v1.2.3 From 36533bf6bfc01f56afd6a8cd7bd3dfa9de87297b Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Mon, 19 Dec 2011 13:54:49 +0100 Subject: When updating the XMPP password field with OAuth data, try harder to preserve existing data. (Like refresh tokens which we'll need again on next login.) --- lib/oauth.h | 1 + protocols/jabber/sasl.c | 24 +++++++++++------------- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/lib/oauth.h b/lib/oauth.h index b7388503..50adc95c 100644 --- a/lib/oauth.h +++ b/lib/oauth.h @@ -95,4 +95,5 @@ void oauth_params_add( GSList **params, const char *key, const char *value ); void oauth_params_parse( GSList **params, char *in ); void oauth_params_free( GSList **params ); char *oauth_params_string( GSList *params ); +void oauth_params_set( GSList **params, const char *key, const char *value ); const char *oauth_params_get( GSList **params, const char *key ); diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index 8727212f..06dda8a8 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -527,6 +527,7 @@ static void sasl_oauth2_got_token( gpointer data, const char *access_token, cons { struct im_connection *ic = data; struct jabber_data *jd; + GSList *auth = NULL; if( g_slist_find( jabber_connections, ic ) == NULL ) return; @@ -539,19 +540,16 @@ static void sasl_oauth2_got_token( gpointer data, const char *access_token, cons imc_logout( ic, TRUE ); return; } - if( refresh_token != NULL ) - { - g_free( ic->acc->pass ); - ic->acc->pass = g_strdup_printf( "refresh_token=%s", refresh_token ); - } - /* Should do this, but only in the Facebook case where we get an access - token that never expires. Shouldn't overwrite a refresh token with - an access token. - else - { - g_free( ic->acc->pass ); - ic->acc->pass = g_strdup_printf( "access_token=%s", access_token ); - } */ + + oauth_params_parse( &auth, ic->acc->pass ); + if( refresh_token ) + oauth_params_set( &auth, "refresh_token", refresh_token ); + if( access_token ) + oauth_params_set( &auth, "access_token", access_token ); + + g_free( ic->acc->pass ); + ic->acc->pass = oauth_params_string( auth ); + oauth_params_free( &auth ); g_free( jd->oauth2_access_token ); jd->oauth2_access_token = g_strdup( access_token ); -- cgit v1.2.3 From 4b53c65a82eaf2be3741a9551435432d051e2734 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Mon, 19 Dec 2011 14:39:10 +0100 Subject: Update help text for "set oauth" with what's supported now. Also adding a "make testhelp" target to easily see if the current helpfile is loadable. --- Makefile | 15 ++++++++++++--- doc/user-guide/commands.xml | 4 ++-- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 45e858cf..d751b1a5 100644 --- a/Makefile +++ b/Makefile @@ -26,12 +26,14 @@ endif # Expansion of variables subdirobjs = $(foreach dir,$(subdirs),$(dir)/$(dir).o) -all: $(OUTFILE) $(OTR_PI) $(SKYPE_PI) systemd - $(MAKE) -C doc +all: $(OUTFILE) $(OTR_PI) $(SKYPE_PI) doc systemd ifdef SKYPE_PI $(MAKE) -C protocols/skype doc endif +doc: + $(MAKE) -C doc + uninstall: uninstall-bin uninstall-doc @echo -e '\nmake uninstall does not remove files in '$(DESTDIR)$(ETCDIR)', you can use make uninstall-etc to do that.\n' @@ -42,7 +44,7 @@ install: install-bin install-doc install-plugins install-systemd .PHONY: install install-bin install-etc install-doc install-plugins install-systemd \ uninstall uninstall-bin uninstall-etc uninstall-doc \ - all clean distclean tar $(subdirs) + all clean distclean tar $(subdirs) doc Makefile.settings: @echo @@ -188,5 +190,12 @@ ctags: helloworld: @echo Hello World +# Check if we can load the helpfile. (This fails if some article is >1KB.) +# If print returns a NULL pointer, the file is unusable. +testhelp: doc + gdb --eval-command='b main' --eval-command='r' \ + --eval-command='print help_init(&global->helpfile, "doc/user-guide/help.txt")' \ + $(OUTFILE) < /dev/null + -include .depend/*.d # DO NOT DELETE diff --git a/doc/user-guide/commands.xml b/doc/user-guide/commands.xml index 3329c9b3..9bb2b9c8 100644 --- a/doc/user-guide/commands.xml +++ b/doc/user-guide/commands.xml @@ -1125,11 +1125,11 @@ - This enables OAuth authentication for accounts that support it; right now Twitter and Google Talk (if you have 2-factor authentication enabled on your account) support it. + This enables OAuth authentication for an IM account; right now the Twitter (working for Twitter only) and Jabber (for Google Talk, Facebook and MSN Messenger) module support it. - With OAuth enabled, you shouldn't tell BitlBee your Twitter password. Just add your account with a bogus password and type account on. BitlBee will then give you a URL to authenticate with the service. If this succeeds, you will get a PIN code which you can give back to BitlBee to finish the process. + With OAuth enabled, you shouldn't tell BitlBee your account password. Just add your account with a bogus password and type account on. BitlBee will then give you a URL to authenticate with the service. If this succeeds, you will get a PIN code which you can give back to BitlBee to finish the process. -- cgit v1.2.3 From f9789d46aac59f1ff28bc532d8589c1661fa7c4b Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Tue, 20 Dec 2011 17:42:17 +0100 Subject: NULL-checking in rfc822_get_header() and OAuth response handling. --- lib/misc.c | 5 ++++- lib/oauth2.c | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/misc.c b/lib/misc.c index 442f8f19..a7065757 100644 --- a/lib/misc.c +++ b/lib/misc.c @@ -734,6 +734,9 @@ char *get_rfc822_header( char *text, char *header, int len ) int hlen = strlen( header ), i; char *ret; + if( text == NULL ) + return NULL; + if( len == 0 ) len = strlen( text ); @@ -778,5 +781,5 @@ char *get_rfc822_header( char *text, char *header, int len ) } } - return( NULL ); + return NULL; } diff --git a/lib/oauth2.c b/lib/oauth2.c index 4a9d256c..0348d0d0 100644 --- a/lib/oauth2.c +++ b/lib/oauth2.c @@ -112,7 +112,7 @@ static void oauth2_access_token_done( struct http_request *req ) if( req->status_code != 200 ) { } - else if( strstr( content_type, "application/json" ) ) + else if( content_type && strstr( content_type, "application/json" ) ) { atoken = oauth2_json_dumb_get( req->reply_body, "access_token" ); rtoken = oauth2_json_dumb_get( req->reply_body, "refresh_token" ); -- cgit v1.2.3 From 68286eb08dbb6c2aad555f155da6f16ee6f061e8 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Tue, 20 Dec 2011 17:45:53 +0100 Subject: Detect JID changes at login time and warn the user about them. --- protocols/jabber/conference.c | 3 ++- protocols/jabber/iq.c | 26 ++++++++++++++++++++++---- protocols/jabber/jabber.c | 11 ++++------- protocols/jabber/jabber.h | 2 ++ protocols/jabber/jabber_util.c | 18 ++++++++++++++++++ 5 files changed, 48 insertions(+), 12 deletions(-) diff --git a/protocols/jabber/conference.c b/protocols/jabber/conference.c index 0c2db0b3..74561d24 100644 --- a/protocols/jabber/conference.c +++ b/protocols/jabber/conference.c @@ -210,6 +210,7 @@ void jabber_chat_pkt_presence( struct im_connection *ic, struct jabber_buddy *bu struct groupchat *chat; struct xt_node *c; char *type = xt_find_attr( node, "type" ); + struct jabber_data *jd = ic->proto_data; struct jabber_chat *jc; char *s; @@ -251,7 +252,7 @@ void jabber_chat_pkt_presence( struct im_connection *ic, struct jabber_buddy *bu { if( bud == jc->me ) { - bud->ext_jid = jabber_normalize( ic->acc->user ); + bud->ext_jid = g_strdup( jd->me ); } else { diff --git a/protocols/jabber/iq.c b/protocols/jabber/iq.c index 0c5671d0..2cdc681e 100644 --- a/protocols/jabber/iq.c +++ b/protocols/jabber/iq.c @@ -30,6 +30,7 @@ static xt_status jabber_iq_display_vcard( struct im_connection *ic, struct xt_no xt_status jabber_pkt_iq( struct xt_node *node, gpointer data ) { struct im_connection *ic = data; + struct jabber_data *jd = ic->proto_data; struct xt_node *c, *reply = NULL; char *type, *s; int st, pack = 1; @@ -169,10 +170,10 @@ xt_status jabber_pkt_iq( struct xt_node *node, gpointer data ) /* This is a roster push. XMPP servers send this when someone was added to (or removed from) the buddy list. AFAIK they're sent even if we added this buddy in our own session. */ - int bare_len = strlen( ic->acc->user ); + int bare_len = strlen( jd->me ); if( ( s = xt_find_attr( node, "from" ) ) == NULL || - ( strncmp( s, ic->acc->user, bare_len ) == 0 && + ( strncmp( s, jd->me, bare_len ) == 0 && ( s[bare_len] == 0 || s[bare_len] == '/' ) ) ) { jabber_parse_roster( ic, node, NULL ); @@ -342,8 +343,25 @@ xt_status jabber_pkt_bind_sess( struct im_connection *ic, struct xt_node *node, if( node && ( c = xt_find_node( node->children, "bind" ) ) ) { c = xt_find_node( c->children, "jid" ); - if( c && c->text_len && ( s = strchr( c->text, '/' ) ) && - strcmp( s + 1, set_getstr( &ic->acc->set, "resource" ) ) != 0 ) + if( !c || !c->text ) + { + /* Server is crap, but this is no disaster. */ + } + else if( strncmp( jd->me, c->text, strlen( jd->me ) ) != 0 ) + { + s = strchr( c->text, '/' ); + if( s ) + *s = '\0'; + jabber_set_me( ic, c->text ); + imcb_log( ic, "Server claims your JID is `%s' instead of `%s'. " + "This mismatch may cause problems with groupchats " + "and possibly other things.", + c->text, ic->acc->user ); + if( s ) + *s = '/'; + } + else if( c && c->text_len && ( s = strchr( c->text, '/' ) ) && + strcmp( s + 1, set_getstr( &ic->acc->set, "resource" ) ) != 0 ) imcb_log( ic, "Server changed session resource string to `%s'", s + 1 ); } diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index 50ee6f2d..f631a74e 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -110,8 +110,7 @@ static void jabber_login( account_t *acc ) jd->ic = ic; ic->proto_data = jd; - jd->username = g_strdup( acc->user ); - jd->server = strchr( jd->username, '@' ); + jabber_set_me( ic, acc->user ); jd->fd = jd->r_inpa = jd->w_inpa = -1; @@ -122,10 +121,6 @@ static void jabber_login( account_t *acc ) return; } - /* So don't think of free()ing jd->server.. :-) */ - *jd->server = 0; - jd->server ++; - if( ( s = strchr( jd->server, '/' ) ) ) { *s = 0; @@ -313,6 +308,7 @@ static void jabber_logout( struct im_connection *ic ) g_free( jd->oauth2_access_token ); g_free( jd->away_message ); g_free( jd->username ); + g_free( jd->me ); g_free( jd ); jabber_connections = g_slist_remove( jabber_connections, ic ); @@ -494,11 +490,12 @@ static void jabber_chat_leave_( struct groupchat *c ) static void jabber_chat_invite_( struct groupchat *c, char *who, char *msg ) { + struct jabber_data *jd = c->ic->proto_data; struct jabber_chat *jc = c->data; gchar *msg_alt = NULL; if( msg == NULL ) - msg_alt = g_strdup_printf( "%s invited you to %s", c->ic->acc->user, jc->name ); + msg_alt = g_strdup_printf( "%s invited you to %s", jd->me, jc->name ); if( c && who ) jabber_chat_invite( c, who, msg ? msg : msg_alt ); diff --git a/protocols/jabber/jabber.h b/protocols/jabber/jabber.h index 57f01695..85bcfafe 100644 --- a/protocols/jabber/jabber.h +++ b/protocols/jabber/jabber.h @@ -93,6 +93,7 @@ struct jabber_data char *username; /* USERNAME@server */ char *server; /* username@SERVER -=> server/domain, not hostname */ + char *me; /* bare jid */ const struct oauth2_service *oauth2_service; char *oauth2_access_token; @@ -307,6 +308,7 @@ void jabber_buddy_remove_all( struct im_connection *ic ); time_t jabber_get_timestamp( struct xt_node *xt ); struct jabber_error *jabber_error_parse( struct xt_node *node, char *xmlns ); void jabber_error_free( struct jabber_error *err ); +gboolean jabber_set_me( struct im_connection *ic, const char *me ); extern const struct jabber_away_state jabber_away_state_list[]; diff --git a/protocols/jabber/jabber_util.c b/protocols/jabber/jabber_util.c index e6b13659..d181b904 100644 --- a/protocols/jabber/jabber_util.c +++ b/protocols/jabber/jabber_util.c @@ -760,3 +760,21 @@ void jabber_error_free( struct jabber_error *err ) { g_free( err ); } + +gboolean jabber_set_me( struct im_connection *ic, const char *me ) +{ + struct jabber_data *jd = ic->proto_data; + + if( strchr( me, '@' ) == NULL ) + return FALSE; + + g_free( jd->username ); + g_free( jd->me ); + + jd->me = jabber_normalize( me ); + jd->server = strchr( jd->me, '@' ); + jd->username = g_strndup( jd->me, jd->server - jd->me ); + jd->server ++; + + return TRUE; +} -- cgit v1.2.3 From e14b47b826594772e4f3d0dbec1bf17153aa92b1 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Wed, 21 Dec 2011 11:48:08 +0100 Subject: Fix parsing of acc->pass. Use oauth_params_ functions instead of string magic, fixes escaping issues. --- protocols/jabber/jabber.c | 16 ++++++++++++---- protocols/jabber/jabber.h | 1 - protocols/jabber/sasl.c | 12 ------------ 3 files changed, 12 insertions(+), 17 deletions(-) diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index f631a74e..11980d13 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -31,6 +31,7 @@ #include "xmltree.h" #include "bitlbee.h" #include "jabber.h" +#include "oauth.h" #include "md5.h" GSList *jabber_connections; @@ -137,6 +138,9 @@ static void jabber_login( account_t *acc ) if( set_getbool( &acc->set, "oauth" ) ) { + GSList *p_in = NULL; + const char *tok; + jd->fd = jd->r_inpa = jd->w_inpa = -1; if( strstr( jd->server, ".live.com" ) ) @@ -146,18 +150,20 @@ static void jabber_login( account_t *acc ) else jd->oauth2_service = &oauth2_service_google; + oauth_params_parse( &p_in, ic->acc->pass ); + /* First see if we have a refresh token, in which case any access token we *might* have has probably expired already anyway. */ - if( strstr( acc->pass, "refresh_token=" ) ) + if( ( tok = oauth_params_get( &p_in, "refresh_token" ) ) ) { - sasl_oauth2_refresh( ic, acc->pass + 14 ); + sasl_oauth2_refresh( ic, tok ); } /* If we don't have a refresh token, let's hope the access token is still usable. */ - else if( strstr( acc->pass, "access_token=" ) ) + else if( ( tok = oauth_params_get( &p_in, "access_token" ) ) ) { - sasl_oauth2_load_access_token( ic ); + jd->oauth2_access_token = g_strdup( tok ); jabber_connect( ic ); } /* If we don't have any, start the OAuth process now. Don't @@ -167,6 +173,8 @@ static void jabber_login( account_t *acc ) sasl_oauth2_init( ic ); ic->flags |= OPT_SLOW_LOGIN; } + + oauth_params_free( &p_in ); } else jabber_connect( ic ); diff --git a/protocols/jabber/jabber.h b/protocols/jabber/jabber.h index 85bcfafe..49cfe8ee 100644 --- a/protocols/jabber/jabber.h +++ b/protocols/jabber/jabber.h @@ -328,7 +328,6 @@ gboolean sasl_supported( struct im_connection *ic ); void sasl_oauth2_init( struct im_connection *ic ); int sasl_oauth2_get_refresh_token( struct im_connection *ic, const char *msg ); int sasl_oauth2_refresh( struct im_connection *ic, const char *refresh_token ); -int sasl_oauth2_load_access_token( struct im_connection *ic ); extern const struct oauth2_service oauth2_service_google; extern const struct oauth2_service oauth2_service_facebook; diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index 06dda8a8..2f45eb20 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -511,18 +511,6 @@ int sasl_oauth2_refresh( struct im_connection *ic, const char *refresh_token ) refresh_token, sasl_oauth2_got_token, ic ); } -int sasl_oauth2_load_access_token( struct im_connection *ic ) -{ - struct jabber_data *jd = ic->proto_data; - GSList *p_in = NULL; - - oauth_params_parse( &p_in, ic->acc->pass ); - jd->oauth2_access_token = g_strdup( oauth_params_get( &p_in, "access_token" ) ); - oauth_params_free( &p_in ); - - return jd->oauth2_access_token != NULL; -} - static void sasl_oauth2_got_token( gpointer data, const char *access_token, const char *refresh_token ) { struct im_connection *ic = data; -- cgit v1.2.3 From ce199b726735374aca84b2111bb19ec103478ebc Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Wed, 21 Dec 2011 12:21:04 +0100 Subject: Make it easier to add OAuth-authenticated accounts without having to type a bogus password. --- protocols/jabber/jabber.c | 8 ++++---- protocols/twitter/twitter.c | 4 ++-- root_commands.c | 24 +++++++++++++++++++++--- set.c | 28 +++++++--------------------- set.h | 4 +++- 5 files changed, 37 insertions(+), 31 deletions(-) diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index 11980d13..71287842 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -60,7 +60,7 @@ static void jabber_init( account_t *acc ) s = set_add( &acc->set, "activity_timeout", "600", set_eval_int, acc ); - s = set_add( &acc->set, "oauth", "false", set_eval_bool, acc ); + s = set_add( &acc->set, "oauth", "false", set_eval_oauth, acc ); g_snprintf( str, sizeof( str ), "%d", jabber_port_list[0] ); s = set_add( &acc->set, "port", str, set_eval_int, acc ); @@ -75,6 +75,9 @@ static void jabber_init( account_t *acc ) s = set_add( &acc->set, "resource_select", "activity", NULL, acc ); + s = set_add( &acc->set, "sasl", "true", set_eval_bool, acc ); + s->flags |= ACC_SET_OFFLINE_ONLY | SET_HIDDEN_DEFAULT; + s = set_add( &acc->set, "server", NULL, set_eval_account, acc ); s->flags |= ACC_SET_NOSAVE | ACC_SET_OFFLINE_ONLY | SET_NULL_OK; @@ -83,9 +86,6 @@ static void jabber_init( account_t *acc ) s = set_add( &acc->set, "tls", "try", set_eval_tls, acc ); s->flags |= ACC_SET_OFFLINE_ONLY; - - s = set_add( &acc->set, "sasl", "true", set_eval_bool, acc ); - s->flags |= ACC_SET_OFFLINE_ONLY | SET_HIDDEN_DEFAULT; s = set_add( &acc->set, "user_agent", "BitlBee", NULL, acc ); diff --git a/protocols/twitter/twitter.c b/protocols/twitter/twitter.c index 76ccc3eb..1cf0b0b5 100644 --- a/protocols/twitter/twitter.c +++ b/protocols/twitter/twitter.c @@ -239,12 +239,12 @@ static void twitter_init(account_t * acc) s = set_add(&acc->set, "mode", "chat", set_eval_mode, acc); s->flags |= ACC_SET_OFFLINE_ONLY; + s = set_add(&acc->set, "oauth", def_oauth, set_eval_oauth, acc); + s = set_add(&acc->set, "show_ids", "false", set_eval_bool, acc); s->flags |= ACC_SET_OFFLINE_ONLY; s = set_add(&acc->set, "show_old_mentions", "true", set_eval_bool, acc); - - s = set_add(&acc->set, "oauth", def_oauth, set_eval_bool, acc); } /** diff --git a/root_commands.c b/root_commands.c index 734cb0e8..f8f2e578 100644 --- a/root_commands.c +++ b/root_commands.c @@ -442,9 +442,27 @@ static void cmd_account( irc_t *irc, char **cmd ) set_setstr( &a->set, "server", cmd[5] ); } - irc_rootmsg( irc, "Account successfully added with tag %s%s", - a->tag, cmd[4] ? "" : - ", now use /OPER to enter the password" ); + irc_rootmsg( irc, "Account successfully added with tag %s", a->tag ); + + if( cmd[4] == NULL ) + { + set_t *oauth = set_find( &a->set, "oauth" ); + if( oauth && bool2int( set_value( oauth ) ) ) + { + *a->pass = '\0'; + irc_rootmsg( irc, "No need to enter a password for this " + "account since it's using OAuth" ); + } + else + { + irc_rootmsg( irc, "You can now use the /OPER command to " + "enter the password" ); + if( oauth ) + irc_rootmsg( irc, "Alternatively, enable oauth if " + "the account supports it: account %s " + "set oauth on", a->tag ); + } + } return; } diff --git a/set.c b/set.c index b35be708..a1eb9f03 100644 --- a/set.c +++ b/set.c @@ -84,7 +84,7 @@ char *set_getstr( set_t **head, const char *key ) if( !s || ( !s->value && !s->def ) ) return NULL; - return s->value ? s->value : s->def; + return set_value( s ); } int set_getint( set_t **head, const char *key ) @@ -249,26 +249,12 @@ char *set_eval_to_char( set_t *set, char *value ) return s; } -/* -char *set_eval_ops( set_t *set, char *value ) +char *set_eval_oauth( set_t *set, char *value ) { - irc_t *irc = set->data; - - if( g_strcasecmp( value, "user" ) == 0 ) - irc_write( irc, ":%s!%s@%s MODE %s %s %s %s", irc->mynick, irc->mynick, irc->myhost, - irc->channel, "+o-o", irc->nick, irc->mynick ); - else if( g_strcasecmp( value, "root" ) == 0 ) - irc_write( irc, ":%s!%s@%s MODE %s %s %s %s", irc->mynick, irc->mynick, irc->myhost, - irc->channel, "-o+o", irc->nick, irc->mynick ); - else if( g_strcasecmp( value, "both" ) == 0 ) - irc_write( irc, ":%s!%s@%s MODE %s %s %s %s", irc->mynick, irc->mynick, irc->myhost, - irc->channel, "+oo", irc->nick, irc->mynick ); - else if( g_strcasecmp( value, "none" ) == 0 ) - irc_write( irc, ":%s!%s@%s MODE %s %s %s %s", irc->mynick, irc->mynick, irc->myhost, - irc->channel, "-oo", irc->nick, irc->mynick ); - else - return SET_INVALID; + account_t *acc = set->data; - return value; + if( bool2int( value ) && strcmp( acc->pass, PASSWORD_PENDING ) == 0 ) + *acc->pass = '\0'; + + return set_eval_bool( set, value ); } -*/ diff --git a/set.h b/set.h index f4f56f88..d4915546 100644 --- a/set.h +++ b/set.h @@ -76,6 +76,8 @@ typedef struct set struct set *next; } set_t; +#define set_value( set ) ((set)->value) ? ((set)->value) : ((set)->def) + /* Should be pretty clear. */ set_t *set_add( set_t **head, const char *key, const char *def, set_eval eval, void *data ); @@ -110,6 +112,6 @@ char *set_eval_list( set_t *set, char *value ); /* Some not very generic evaluators that really shouldn't be here... */ char *set_eval_to_char( set_t *set, char *value ); -char *set_eval_ops( set_t *set, char *value ); +char *set_eval_oauth( set_t *set, char *value ); #endif /* __SET_H__ */ -- cgit v1.2.3 From 0dd65708997f53a829a9830fc584c99ca2e3e57e Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Wed, 21 Dec 2011 12:41:13 +0100 Subject: Add a helpful message on what to do with OAuth login issues. --- protocols/nogaim.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/protocols/nogaim.c b/protocols/nogaim.c index a47e0e84..773e3877 100644 --- a/protocols/nogaim.c +++ b/protocols/nogaim.c @@ -326,6 +326,21 @@ void imc_logout( struct im_connection *ic, int allow_reconnect ) imcb_log( ic, "Signing off.." ); + /* TBH I don't remember anymore why I didn't just use ic->acc... */ + for( a = bee->accounts; a; a = a->next ) + if( a->ic == ic ) + break; + + if( a && !allow_reconnect && !( ic->flags & OPT_LOGGED_IN ) && + set_getbool( &a->set, "oauth" ) ) + { + /* If this account supports OAuth, we're not logged in yet and + not allowed to retry, assume there were auth issues. Give a + helpful message on what might be necessary to fix this. */ + imcb_log( ic, "If you're having problems logging in, try re-requesting " + "an OAuth token: account %s set password \"\"", a->tag ); + } + for( l = bee->users; l; ) { bee_user_t *bu = l->data; @@ -347,10 +362,6 @@ void imc_logout( struct im_connection *ic, int allow_reconnect ) query_del_by_conn( (irc_t*) ic->bee->ui_data, ic ); - for( a = bee->accounts; a; a = a->next ) - if( a->ic == ic ) - break; - if( !a ) { /* Uhm... This is very sick. */ -- cgit v1.2.3 From 31db81651fa3ac5d742c3616efaccf43a1ebcaf2 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Wed, 21 Dec 2011 20:03:56 +0100 Subject: Use sha1_hmac() instead of reimplementing the algorithm in oauth_sign(). --- lib/oauth.c | 51 +++++++++------------------------------------------ 1 file changed, 9 insertions(+), 42 deletions(-) diff --git a/lib/oauth.c b/lib/oauth.c index 4d7acd97..acbf433e 100644 --- a/lib/oauth.c +++ b/lib/oauth.c @@ -37,64 +37,31 @@ static char *oauth_sign( const char *method, const char *url, const char *params, struct oauth_info *oi ) { - sha1_state_t sha1; uint8_t hash[sha1_hash_size]; - uint8_t key[HMAC_BLOCK_SIZE+1]; + GString *payload = g_string_new( "" ); + char *key; char *s; - int i; - /* Create K. If our current key is >64 chars we have to hash it, - otherwise just pad. */ - memset( key, 0, HMAC_BLOCK_SIZE ); - i = strlen( oi->sp->consumer_secret ) + 1 + ( oi->token_secret ? strlen( oi->token_secret ) : 0 ); - if( i > HMAC_BLOCK_SIZE ) - { - sha1_init( &sha1 ); - sha1_append( &sha1, (uint8_t*) oi->sp->consumer_secret, strlen( oi->sp->consumer_secret ) ); - sha1_append( &sha1, (uint8_t*) "&", 1 ); - if( oi->token_secret ) - sha1_append( &sha1, (uint8_t*) oi->token_secret, strlen( oi->token_secret ) ); - sha1_finish( &sha1, key ); - } - else - { - g_snprintf( (gchar*) key, HMAC_BLOCK_SIZE + 1, "%s&%s", - oi->sp->consumer_secret, oi->token_secret ? oi->token_secret : "" ); - } - - /* Inner part: H(K XOR 0x36, text) */ - sha1_init( &sha1 ); - - for( i = 0; i < HMAC_BLOCK_SIZE; i ++ ) - key[i] ^= 0x36; - sha1_append( &sha1, key, HMAC_BLOCK_SIZE ); + key = g_strdup_printf( "%s&%s", oi->sp->consumer_secret, oi->token_secret ? oi->token_secret : "" ); - /* OAuth: text = method&url¶ms, all http_encoded. */ - sha1_append( &sha1, (const uint8_t*) method, strlen( method ) ); - sha1_append( &sha1, (const uint8_t*) "&", 1 ); + g_string_append_printf( payload, "%s&", method ); s = g_new0( char, strlen( url ) * 3 + 1 ); strcpy( s, url ); http_encode( s ); - sha1_append( &sha1, (const uint8_t*) s, strlen( s ) ); - sha1_append( &sha1, (const uint8_t*) "&", 1 ); + g_string_append_printf( payload, "%s&", s ); g_free( s ); s = g_new0( char, strlen( params ) * 3 + 1 ); strcpy( s, params ); http_encode( s ); - sha1_append( &sha1, (const uint8_t*) s, strlen( s ) ); + g_string_append( payload, s ); g_free( s ); - sha1_finish( &sha1, hash ); + sha1_hmac( key, 0, payload->str, 0, hash ); - /* Final result: H(K XOR 0x5C, inner stuff) */ - sha1_init( &sha1 ); - for( i = 0; i < HMAC_BLOCK_SIZE; i ++ ) - key[i] ^= 0x36 ^ 0x5c; - sha1_append( &sha1, key, HMAC_BLOCK_SIZE ); - sha1_append( &sha1, hash, sha1_hash_size ); - sha1_finish( &sha1, hash ); + g_free( key ); + g_string_free( payload, TRUE ); /* base64_encode + HTTP escape it (both consumers need it that away) and we're done. */ -- cgit v1.2.3 From e306fbf84aa37ab934c5ea18ccfd75da041af052 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Wed, 21 Dec 2011 20:35:13 +0100 Subject: Fixed a bug that probably (can't test this now since it's down) broke OAuth setup for identi.ca. Turning on oauth for identi.ca accounts by default now. --- lib/oauth.c | 2 ++ protocols/twitter/twitter.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/oauth.c b/lib/oauth.c index acbf433e..04949e1b 100644 --- a/lib/oauth.c +++ b/lib/oauth.c @@ -308,6 +308,7 @@ static void oauth_request_token_done( struct http_request *req ) st->auth_url = g_strdup_printf( "%s?%s", st->sp->url_authorize, req->reply_body ); oauth_params_parse( ¶ms, req->reply_body ); st->request_token = g_strdup( oauth_params_get( ¶ms, "oauth_token" ) ); + st->token_secret = g_strdup( oauth_params_get( ¶ms, "oauth_token_secret" ) ); oauth_params_free( ¶ms ); } @@ -337,6 +338,7 @@ static void oauth_access_token_done( struct http_request *req ) { oauth_params_parse( &st->params, req->reply_body ); st->token = g_strdup( oauth_params_get( &st->params, "oauth_token" ) ); + g_free( st->token_secret ); st->token_secret = g_strdup( oauth_params_get( &st->params, "oauth_token_secret" ) ); } diff --git a/protocols/twitter/twitter.c b/protocols/twitter/twitter.c index 1cf0b0b5..ef49e83a 100644 --- a/protocols/twitter/twitter.c +++ b/protocols/twitter/twitter.c @@ -219,7 +219,7 @@ static void twitter_init(account_t * acc) def_oauth = "true"; } else { /* if( strcmp( acc->prpl->name, "identica" ) == 0 ) */ def_url = IDENTICA_API_URL; - def_oauth = "false"; + def_oauth = "true"; } s = set_add(&acc->set, "auto_reply_timeout", "10800", set_eval_int, acc); -- cgit v1.2.3 From 34ded90e19635c7ebf2afd184f36b03abc879bec Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sat, 24 Dec 2011 19:09:05 +0100 Subject: Slight cleanup: Use a constant instead of just "jabber_oauth" everywhere, and added some safeguards to keep the user from messaging it when we're not actually doing OAuth setup. --- protocols/jabber/jabber.c | 5 +++-- protocols/jabber/jabber.h | 1 + protocols/jabber/sasl.c | 10 +++++----- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index 92256a71..41ce509b 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -89,7 +89,7 @@ static void jabber_init( account_t *acc ) s = set_add( &acc->set, "tls_verify", "true", set_eval_bool, acc ); s->flags |= ACC_SET_OFFLINE_ONLY; - + s = set_add( &acc->set, "user_agent", "BitlBee", NULL, acc ); s = set_add( &acc->set, "xmlconsole", "false", set_eval_bool, acc ); @@ -336,7 +336,8 @@ static int jabber_buddy_msg( struct im_connection *ic, char *who, char *message, if( g_strcasecmp( who, JABBER_XMLCONSOLE_HANDLE ) == 0 ) return jabber_write( ic, message, strlen( message ) ); - if( g_strcasecmp( who, "jabber_oauth" ) == 0 ) + if( g_strcasecmp( who, JABBER_OAUTH_HANDLE ) == 0 && + !( jd->flags & OPT_LOGGED_IN ) && jd->fd == -1 ) { if( sasl_oauth2_get_refresh_token( ic, message ) ) { diff --git a/protocols/jabber/jabber.h b/protocols/jabber/jabber.h index 76546bde..046741a3 100644 --- a/protocols/jabber/jabber.h +++ b/protocols/jabber/jabber.h @@ -193,6 +193,7 @@ struct jabber_transfer }; #define JABBER_XMLCONSOLE_HANDLE "xmlconsole" +#define JABBER_OAUTH_HANDLE "jabber_oauth" /* Prefixes to use for packet IDs (mainly for IQ packets ATM). Usually the first one should be used, but when storing a packet in the cache, a diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index 2f45eb20..b4eb4eb8 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -461,12 +461,12 @@ void sasl_oauth2_init( struct im_connection *ic ) imcb_log( ic, "Starting OAuth authentication" ); /* Temporary contact, just used to receive the OAuth response. */ - imcb_add_buddy( ic, "jabber_oauth", NULL ); + imcb_add_buddy( ic, JABBER_OAUTH_HANDLE, NULL ); url = oauth2_url( jd->oauth2_service ); msg = g_strdup_printf( "Open this URL in your browser to authenticate: %s", url ); - imcb_buddy_msg( ic, "jabber_oauth", msg, 0, 0 ); - imcb_buddy_msg( ic, "jabber_oauth", "Respond to this message with the returned " - "authorization token.", 0, 0 ); + imcb_buddy_msg( ic, JABBER_OAUTH_HANDLE, msg, 0, 0 ); + imcb_buddy_msg( ic, JABBER_OAUTH_HANDLE, "Respond to this message with the returned " + "authorization token.", 0, 0 ); g_free( msg ); g_free( url ); @@ -476,7 +476,7 @@ static gboolean sasl_oauth2_remove_contact( gpointer data, gint fd, b_input_cond { struct im_connection *ic = data; if( g_slist_find( jabber_connections, ic ) ) - imcb_remove_buddy( ic, "jabber_oauth", NULL ); + imcb_remove_buddy( ic, JABBER_OAUTH_HANDLE, NULL ); return FALSE; } -- cgit v1.2.3 From 9a1c14d8b636510242f81558f7f0a43918636865 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sat, 24 Dec 2011 19:12:15 +0100 Subject: An empty password is still a password, don't refuse accounts for that. --- lib/arc.c | 2 +- storage_xml.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/arc.c b/lib/arc.c index fd498454..1bd5cf87 100644 --- a/lib/arc.c +++ b/lib/arc.c @@ -199,7 +199,7 @@ int arc_decode( unsigned char *crypt, int crypt_len, char **clear, char *passwor if( clear_len < 0 ) { *clear = g_strdup( "" ); - return 0; + return -1; } /* Prepare buffers and the key + IV */ diff --git a/storage_xml.c b/storage_xml.c index af77190e..0525fef5 100644 --- a/storage_xml.c +++ b/storage_xml.c @@ -149,7 +149,7 @@ static void xml_start_element( GMarkupParseContext *ctx, const gchar *element_na g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT, "Unknown protocol: %s", protocol ); else if( ( pass_len = base64_decode( pass_b64, (unsigned char**) &pass_cr ) ) && - arc_decode( pass_cr, pass_len, &password, xd->given_pass ) ) + arc_decode( pass_cr, pass_len, &password, xd->given_pass ) >= 0 ) { xd->current_account = account_add( irc->b, prpl, handle, password ); if( server ) -- cgit v1.2.3 From 644b8080349d7d42ca89946acc207592fd0acc2d Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Mon, 26 Dec 2011 11:50:34 +0100 Subject: A few more minor cleanups before merging this into mainline. --- lib/oauth2.c | 5 +++-- protocols/jabber/sasl.c | 18 +++++++++--------- root_commands.c | 2 +- 3 files changed, 13 insertions(+), 12 deletions(-) diff --git a/lib/oauth2.c b/lib/oauth2.c index 0348d0d0..1af63974 100644 --- a/lib/oauth2.c +++ b/lib/oauth2.c @@ -116,8 +116,6 @@ static void oauth2_access_token_done( struct http_request *req ) { atoken = oauth2_json_dumb_get( req->reply_body, "access_token" ); rtoken = oauth2_json_dumb_get( req->reply_body, "refresh_token" ); - if( getenv( "BITLBEE_DEBUG" ) ) - printf( "Extracted atoken=%s rtoken=%s\n", atoken, rtoken ); } else { @@ -129,6 +127,9 @@ static void oauth2_access_token_done( struct http_request *req ) rtoken = g_strdup( oauth_params_get( &p_in, "refresh_token" ) ); oauth_params_free( &p_in ); } + if( getenv( "BITLBEE_DEBUG" ) ) + printf( "Extracted atoken=%s rtoken=%s\n", atoken, rtoken ); + cb_data->func( cb_data->data, atoken, rtoken ); g_free( atoken ); g_free( rtoken ); diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index b4eb4eb8..d08890a6 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -104,10 +104,14 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) c = c->next; } - if( !sup_plain && !sup_digest && !sup_gtalk && !sup_fb && !sup_ms ) + if( !sup_plain && !sup_digest ) { - imcb_error( ic, "BitlBee does not support any of the offered SASL " - "authentication schemes:%s", mechs->str ); + if( !sup_gtalk && !sup_fb && !sup_ms ) + imcb_error( ic, "This server requires OAuth " + "(supported schemes:%s)", mechs->str ); + else + imcb_error( ic, "BitlBee does not support any of the offered SASL " + "authentication schemes:%s", mechs->str ); imc_logout( ic, FALSE ); g_string_free( mechs, TRUE ); return XT_ABORT; @@ -293,12 +297,8 @@ xt_status sasl_pkt_challenge( struct xt_node *node, gpointer data ) if( jd->flags & JFLAG_SASL_FB ) { - /* Facebook proprietary authentication. Not as useful as it seemed, but - the code's written now, may as well keep it.. - - Mechanism is described on http://developers.facebook.com/docs/chat/ - and in their Python module. It's all mostly useless because the tokens - expire after 24h. */ + /* New-style Facebook OAauth2 support. Instead of sending a refresh + token, they just send an access token that should never expire. */ GSList *p_in = NULL, *p_out = NULL; char time[33]; diff --git a/root_commands.c b/root_commands.c index f8f2e578..fcf6f66e 100644 --- a/root_commands.c +++ b/root_commands.c @@ -458,7 +458,7 @@ static void cmd_account( irc_t *irc, char **cmd ) irc_rootmsg( irc, "You can now use the /OPER command to " "enter the password" ); if( oauth ) - irc_rootmsg( irc, "Alternatively, enable oauth if " + irc_rootmsg( irc, "Alternatively, enable OAuth if " "the account supports it: account %s " "set oauth on", a->tag ); } -- cgit v1.2.3