From 57b4525653972dc23c8c5ca5ffaa7e44fad64ee9 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Fri, 22 Jul 2011 19:29:25 +0100 Subject: Nothing useful yet, this just generates an auth URL. Things to do: Ability to process the answer. This is hard because the GTalk server will time out very quickly which means we lose our state/scope/etc. (And the ability to even receive the answer, at least if I'd do this the same way the Twitter module does it.) And then, get the access token and use it, of course. :-) --- lib/Makefile | 2 +- lib/oauth2.c | 42 ++++++++++++++++++++++++++++++++++++ lib/oauth2.h | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 112 insertions(+), 1 deletion(-) create mode 100644 lib/oauth2.c create mode 100644 lib/oauth2.h (limited to 'lib') diff --git a/lib/Makefile b/lib/Makefile index 3ae43935..5f24139d 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -12,7 +12,7 @@ SRCDIR := $(SRCDIR)lib/ endif # [SH] Program variables -objects = arc.o base64.o $(DES) $(EVENT_HANDLER) ftutil.o http_client.o ini.o md5.o misc.o oauth.o proxy.o sha1.o $(SSL_CLIENT) url.o xmltree.o +objects = arc.o base64.o $(DES) $(EVENT_HANDLER) ftutil.o http_client.o ini.o md5.o misc.o oauth.o oauth2.o proxy.o sha1.o $(SSL_CLIENT) url.o xmltree.o LFLAGS += -r diff --git a/lib/oauth2.c b/lib/oauth2.c new file mode 100644 index 00000000..eb923795 --- /dev/null +++ b/lib/oauth2.c @@ -0,0 +1,42 @@ +/***************************************************************************\ +* * +* BitlBee - An IRC to IM gateway * +* Simple OAuth client (consumer) implementation. * +* * +* Copyright 2010-2011 Wilmer van der Gaast * +* * +* This program is free software; you can redistribute it and/or modify * +* it under the terms of the GNU General Public License as published by * +* the Free Software Foundation; either version 2 of the License, or * +* (at your option) any later version. * +* * +* This program is distributed in the hope that it will be useful, * +* but WITHOUT ANY WARRANTY; without even the implied warranty of * +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * +* GNU General Public License for more details. * +* * +* You should have received a copy of the GNU General Public License along * +* with this program; if not, write to the Free Software Foundation, Inc., * +* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * +* * +\***************************************************************************/ + +#include +#include "oauth2.h" + +struct oauth2_service oauth2_service_google = +{ + "https://accounts.google.com/o/oauth2/", + "783993391592.apps.googleusercontent.com", + "k5_EV4EQ7jEVCEk3WBwEFfuW", +}; + +char *oauth2_url( const struct oauth2_service *sp, const char *scope ) +{ + return g_strconcat( sp->base_url, "auth" + "?scope=", scope, + "&response_type=code" + "&redirect_uri=urn:ietf:wg:oauth:2.0:oob", + "&client_id=", sp->consumer_key, + NULL ); +} diff --git a/lib/oauth2.h b/lib/oauth2.h new file mode 100644 index 00000000..c2985ef6 --- /dev/null +++ b/lib/oauth2.h @@ -0,0 +1,69 @@ +/***************************************************************************\ +* * +* BitlBee - An IRC to IM gateway * +* Simple OAuth client (consumer) implementation. * +* * +* Copyright 2010-2011 Wilmer van der Gaast * +* * +* This program is free software; you can redistribute it and/or modify * +* it under the terms of the GNU General Public License as published by * +* the Free Software Foundation; either version 2 of the License, or * +* (at your option) any later version. * +* * +* This program is distributed in the hope that it will be useful, * +* but WITHOUT ANY WARRANTY; without even the implied warranty of * +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * +* GNU General Public License for more details. * +* * +* You should have received a copy of the GNU General Public License along * +* with this program; if not, write to the Free Software Foundation, Inc., * +* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * +* * +\***************************************************************************/ + +struct oauth2_info; + +/* Callback function called twice during the access token request process. + Return FALSE if something broke and the process must be aborted. */ +typedef gboolean (*oauth_cb)( struct oauth2_info * ); + +struct oauth2_info +{ + const struct oauth_service *sp; + + oauth_cb func; + void *data; + + struct http_request *http; + +// char *auth_url; +// char *request_token; + +// char *token; +// char *token_secret; +// GSList *params; +}; + +struct oauth2_service +{ + char *base_url; + char *consumer_key; + char *consumer_secret; +}; + +extern struct oauth2_service oauth2_service_google; + +/* http://oauth.net/core/1.0a/#auth_step1 (section 6.1) + Request an initial anonymous token which can be used to construct an + authorization URL for the user. This is passed to the callback function + in a struct oauth2_info. */ +char *oauth2_url( const struct oauth2_service *sp, const char *scope ); + +/* http://oauth.net/core/1.0a/#auth_step3 (section 6.3) + The user gets a PIN or so which we now exchange for the final access + token. This is passed to the callback function in the same + struct oauth2_info. */ +gboolean oauth2_access_token( const char *pin, struct oauth2_info *st ); + +/* Shouldn't normally be required unless the process is aborted by the user. */ +void oauth2_info_free( struct oauth2_info *info ); -- cgit v1.2.3 From 4a5d88504235e1df5d01a3a5701b83dd82d6695d Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Tue, 26 Jul 2011 12:58:38 +0100 Subject: Working OAuth2 support. Needs some more debugging (error handling is not great and imc_logout() gets (rightfully) confused when jabber_data is empty). --- lib/oauth.h | 3 ++ lib/oauth2.c | 139 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ lib/oauth2.h | 50 +++++++-------------- 3 files changed, 158 insertions(+), 34 deletions(-) (limited to 'lib') diff --git a/lib/oauth.h b/lib/oauth.h index 8270a545..5c4ef4b0 100644 --- a/lib/oauth.h +++ b/lib/oauth.h @@ -91,4 +91,7 @@ char *oauth_to_string( struct oauth_info *oi ); struct oauth_info *oauth_from_string( char *in, const struct oauth_service *sp ); /* For reading misc. data. */ +void oauth_params_add( GSList **params, const char *key, const char *value ); +void oauth_params_free( GSList **params ); +char *oauth_params_string( GSList *params ); const char *oauth_params_get( GSList **params, const char *key ); diff --git a/lib/oauth2.c b/lib/oauth2.c index eb923795..d9eefa9f 100644 --- a/lib/oauth2.c +++ b/lib/oauth2.c @@ -22,7 +22,10 @@ \***************************************************************************/ #include +#include "http_client.h" #include "oauth2.h" +#include "oauth.h" +#include "url.h" struct oauth2_service oauth2_service_google = { @@ -40,3 +43,139 @@ char *oauth2_url( const struct oauth2_service *sp, const char *scope ) "&client_id=", sp->consumer_key, NULL ); } + +struct oauth2_access_token_data +{ + oauth2_token_callback func; + gpointer data; +}; + +static char *oauth2_json_dumb_get( const char *json, const char *key ); +static void oauth2_access_token_done( struct http_request *req ); + +int oauth2_access_token( const struct oauth2_service *sp, + const char *auth_type, const char *auth, + oauth2_token_callback func, gpointer data ) +{ + GSList *args = NULL; + char *args_s, *s; + url_t url_p; + struct http_request *req; + struct oauth2_access_token_data *cb_data; + + if( !url_set( &url_p, sp->base_url ) ) + return 0; + + oauth_params_add( &args, "client_id", sp->consumer_key ); + oauth_params_add( &args, "client_secret", sp->consumer_secret ); + oauth_params_add( &args, "grant_type", auth_type ); + if( strcmp( auth_type, OAUTH2_AUTH_CODE ) == 0 ) + { + oauth_params_add( &args, "redirect_uri", "urn:ietf:wg:oauth:2.0:oob" ); + oauth_params_add( &args, "code", auth ); + } + else + { + oauth_params_add( &args, "refresh_token", auth ); + } + args_s = oauth_params_string( args ); + oauth_params_free( &args ); + + s = g_strdup_printf( "POST %s%s HTTP/1.0\r\n" + "Host: %s\r\n" + "Content-Type: application/x-www-form-urlencoded\r\n" + "Content-Length: %zd\r\n" + "Connection: close\r\n" + "\r\n" + "%s", url_p.file, "token", url_p.host, strlen( args_s ), args_s ); + g_free( args_s ); + + cb_data = g_new0( struct oauth2_access_token_data, 1 ); + cb_data->func = func; + cb_data->data = data; + + req = http_dorequest( url_p.host, url_p.port, url_p.proto == PROTO_HTTPS, + s, oauth2_access_token_done, cb_data ); + + g_free( s ); + + if( req == NULL ) + g_free( cb_data ); + + return req != NULL; +} + +static void oauth2_access_token_done( struct http_request *req ) +{ + struct oauth2_access_token_data *cb_data = req->data; + char *atoken = NULL, *rtoken = NULL; + + if( req->status_code == 200 ) + { + atoken = oauth2_json_dumb_get( req->reply_body, "access_token" ); + rtoken = oauth2_json_dumb_get( req->reply_body, "refresh_token" ); + } + cb_data->func( cb_data->data, atoken, rtoken ); + g_free( atoken ); + g_free( rtoken ); + g_free( cb_data ); +} + +/* Super dumb. I absolutely refuse to use/add a complete json parser library + (adding a new dependency to BitlBee for the first time in.. 6 years?) just + to parse 100 bytes of data. So I have to do my own parsing because OAuth2 + dropped support for XML. (GRRR!) This is very dumb and for example won't + work for integer values, nor will it strip/handle backslashes. */ +static char *oauth2_json_dumb_get( const char *json, const char *key ) +{ + int is_key; /* 1 == reading key, 0 == reading value */ + int found_key = 0; + + while( json && *json ) + { + /* Grab strings and see if they're what we're looking for. */ + if( *json == '"' || *json == '\'' ) + { + char q = *json; + const char *str_start; + json ++; + str_start = json; + + while( *json ) + { + /* \' and \" are not string terminators. */ + if( *json == '\\' && json[1] == q ) + json ++; + /* But without a \ it is. */ + else if( *json == q ) + break; + json ++; + } + if( *json == '\0' ) + return NULL; + + if( is_key && strncmp( str_start, key, strlen( key ) ) == 0 ) + { + found_key = 1; + } + else if( !is_key && found_key ) + { + char *ret = g_memdup( str_start, json - str_start + 1 ); + ret[json-str_start] = '\0'; + return ret; + } + + } + else if( *json == '{' || *json == ',' ) + { + found_key = 0; + is_key = 1; + } + else if( *json == ':' ) + is_key = 0; + + json ++; + } + + return NULL; +} diff --git a/lib/oauth2.h b/lib/oauth2.h index c2985ef6..657a0ab3 100644 --- a/lib/oauth2.h +++ b/lib/oauth2.h @@ -1,7 +1,7 @@ /***************************************************************************\ * * * BitlBee - An IRC to IM gateway * -* Simple OAuth client (consumer) implementation. * +* Simple OAuth2 client (consumer) implementation. * * * * Copyright 2010-2011 Wilmer van der Gaast * * * @@ -21,28 +21,10 @@ * * \***************************************************************************/ -struct oauth2_info; +/* Implementation mostly based on my experience with writing the previous OAuth + module, and from http://code.google.com/apis/accounts/docs/OAuth2.html . */ -/* Callback function called twice during the access token request process. - Return FALSE if something broke and the process must be aborted. */ -typedef gboolean (*oauth_cb)( struct oauth2_info * ); - -struct oauth2_info -{ - const struct oauth_service *sp; - - oauth_cb func; - void *data; - - struct http_request *http; - -// char *auth_url; -// char *request_token; - -// char *token; -// char *token_secret; -// GSList *params; -}; +typedef void (*oauth2_token_callback)( gpointer data, const char *atoken, const char *rtoken ); struct oauth2_service { @@ -51,19 +33,19 @@ struct oauth2_service char *consumer_secret; }; +/* Currently suitable for authenticating to Google Talk only, and only for + accounts that have 2-factor authorization enabled. */ extern struct oauth2_service oauth2_service_google; -/* http://oauth.net/core/1.0a/#auth_step1 (section 6.1) - Request an initial anonymous token which can be used to construct an - authorization URL for the user. This is passed to the callback function - in a struct oauth2_info. */ -char *oauth2_url( const struct oauth2_service *sp, const char *scope ); +#define OAUTH2_AUTH_CODE "authorization_code" +#define OAUTH2_AUTH_REFRESH "refresh_token" -/* http://oauth.net/core/1.0a/#auth_step3 (section 6.3) - The user gets a PIN or so which we now exchange for the final access - token. This is passed to the callback function in the same - struct oauth2_info. */ -gboolean oauth2_access_token( const char *pin, struct oauth2_info *st ); +/* Generate a URL the user should open in his/her browser to get an + authorization code. */ +char *oauth2_url( const struct oauth2_service *sp, const char *scope ); -/* Shouldn't normally be required unless the process is aborted by the user. */ -void oauth2_info_free( struct oauth2_info *info ); +/* Exchanges an auth code or refresh token for an access token. + auth_type is one of the two OAUTH2_AUTH_.. constants above. */ +int oauth2_access_token( const struct oauth2_service *sp, + const char *auth_type, const char *auth, + oauth2_token_callback func, gpointer data ); -- cgit v1.2.3 From 1174899c4f299dd020a8e6489d0384ae24771978 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sun, 31 Jul 2011 15:40:41 +0100 Subject: Having written the same stupid code (ASCII MD5 hashes) 205762 times, time to have a function for it.. --- lib/md5.c | 10 ++++++++++ lib/md5.h | 1 + 2 files changed, 11 insertions(+) (limited to 'lib') diff --git a/lib/md5.c b/lib/md5.c index 3c39eccd..e989ac6a 100644 --- a/lib/md5.c +++ b/lib/md5.c @@ -161,6 +161,16 @@ void md5_finish(struct MD5Context *ctx, md5_byte_t digest[16]) memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */ } +void md5_finish_ascii(struct MD5Context *context, char *ascii) +{ + md5_byte_t bin[16]; + int i; + + md5_finish(context, bin); + for (i = 0; i < 16; i ++) + sprintf(ascii + i * 2, "%02x", bin[i]); +} + /* The four core functions - F1 is optimized somewhat */ /* #define F1(x, y, z) (x & y | ~x & z) */ diff --git a/lib/md5.h b/lib/md5.h index 3ba28586..17da99b3 100644 --- a/lib/md5.h +++ b/lib/md5.h @@ -42,5 +42,6 @@ typedef struct MD5Context { G_MODULE_EXPORT void md5_init(struct MD5Context *context); G_MODULE_EXPORT void md5_append(struct MD5Context *context, const md5_byte_t *buf, unsigned int len); G_MODULE_EXPORT void md5_finish(struct MD5Context *context, md5_byte_t digest[16]); +G_MODULE_EXPORT void md5_finish_ascii(struct MD5Context *context, char *ascii); #endif -- cgit v1.2.3 From aa9f1acec3f941cbb6b9fa716db1e775e88005c2 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sun, 31 Jul 2011 15:51:07 +0100 Subject: Export oauth_params_parse(). --- lib/oauth.c | 2 +- lib/oauth.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/oauth.c b/lib/oauth.c index 372a62d3..4131dc97 100644 --- a/lib/oauth.c +++ b/lib/oauth.c @@ -164,7 +164,7 @@ const char *oauth_params_get( GSList **params, const char *key ) return NULL; } -static void oauth_params_parse( GSList **params, char *in ) +void oauth_params_parse( GSList **params, char *in ) { char *amp, *eq, *s; diff --git a/lib/oauth.h b/lib/oauth.h index 5c4ef4b0..b7388503 100644 --- a/lib/oauth.h +++ b/lib/oauth.h @@ -92,6 +92,7 @@ struct oauth_info *oauth_from_string( char *in, const struct oauth_service *sp ) /* For reading misc. data. */ void oauth_params_add( GSList **params, const char *key, const char *value ); +void oauth_params_parse( GSList **params, char *in ); void oauth_params_free( GSList **params ); char *oauth_params_string( GSList *params ); const char *oauth_params_get( GSList **params, const char *key ); -- cgit v1.2.3 From 39a939ce4ef6717d65c36c97e6a7adf05b125cad Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sun, 31 Jul 2011 15:55:00 +0100 Subject: oauth2 changes to address http://twitter.com/Wilmer/status/96715400124968960 --- lib/oauth2.c | 24 +++++++++++++++++------- lib/oauth2.h | 6 +++++- 2 files changed, 22 insertions(+), 8 deletions(-) (limited to 'lib') diff --git a/lib/oauth2.c b/lib/oauth2.c index d9eefa9f..a54ef431 100644 --- a/lib/oauth2.c +++ b/lib/oauth2.c @@ -29,17 +29,27 @@ struct oauth2_service oauth2_service_google = { - "https://accounts.google.com/o/oauth2/", + "https://accounts.google.com/o/oauth2/auth", + "https://accounts.google.com/o/oauth2/token", + "urn:ietf:wg:oauth:2.0:oob", "783993391592.apps.googleusercontent.com", "k5_EV4EQ7jEVCEk3WBwEFfuW", }; +struct oauth2_service oauth2_service_facebook = +{ + "https://www.facebook.com/dialog/oauth", + "https://graph.facebook.com/oauth/access_token", + "http://www.bitlbee.org/main.php/fb.html", + "126828914005625", + "4b100f0f244d620bf3f15f8b217d4c32", +}; char *oauth2_url( const struct oauth2_service *sp, const char *scope ) { - return g_strconcat( sp->base_url, "auth" + return g_strconcat( sp->auth_url, "?scope=", scope, "&response_type=code" - "&redirect_uri=urn:ietf:wg:oauth:2.0:oob", + "&redirect_uri=", sp->redirect_url, "&client_id=", sp->consumer_key, NULL ); } @@ -63,7 +73,7 @@ int oauth2_access_token( const struct oauth2_service *sp, struct http_request *req; struct oauth2_access_token_data *cb_data; - if( !url_set( &url_p, sp->base_url ) ) + if( !url_set( &url_p, sp->token_url ) ) return 0; oauth_params_add( &args, "client_id", sp->consumer_key ); @@ -71,7 +81,7 @@ int oauth2_access_token( const struct oauth2_service *sp, oauth_params_add( &args, "grant_type", auth_type ); if( strcmp( auth_type, OAUTH2_AUTH_CODE ) == 0 ) { - oauth_params_add( &args, "redirect_uri", "urn:ietf:wg:oauth:2.0:oob" ); + oauth_params_add( &args, "redirect_uri", sp->redirect_url ); oauth_params_add( &args, "code", auth ); } else @@ -81,13 +91,13 @@ int oauth2_access_token( const struct oauth2_service *sp, args_s = oauth_params_string( args ); oauth_params_free( &args ); - s = g_strdup_printf( "POST %s%s HTTP/1.0\r\n" + s = g_strdup_printf( "POST %s HTTP/1.0\r\n" "Host: %s\r\n" "Content-Type: application/x-www-form-urlencoded\r\n" "Content-Length: %zd\r\n" "Connection: close\r\n" "\r\n" - "%s", url_p.file, "token", url_p.host, strlen( args_s ), args_s ); + "%s", url_p.file, url_p.host, strlen( args_s ), args_s ); g_free( args_s ); cb_data = g_new0( struct oauth2_access_token_data, 1 ); diff --git a/lib/oauth2.h b/lib/oauth2.h index 657a0ab3..6f56b426 100644 --- a/lib/oauth2.h +++ b/lib/oauth2.h @@ -28,7 +28,9 @@ typedef void (*oauth2_token_callback)( gpointer data, const char *atoken, const struct oauth2_service { - char *base_url; + char *auth_url; + char *token_url; + char *redirect_url; char *consumer_key; char *consumer_secret; }; @@ -37,6 +39,8 @@ struct oauth2_service accounts that have 2-factor authorization enabled. */ extern struct oauth2_service oauth2_service_google; +extern struct oauth2_service oauth2_service_facebook; + #define OAUTH2_AUTH_CODE "authorization_code" #define OAUTH2_AUTH_REFRESH "refresh_token" -- cgit v1.2.3 From e1c926f53750ca288f30f3d62eecdc763b67d642 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sun, 31 Jul 2011 16:44:37 +0100 Subject: Facebook authentication. This isn't really OAuth in the end: FB doesn't really support desktop app OAuth in a way that would work with BitlBee. Plus, it's only OAuth-compliant by, err, name? --- lib/md5.c | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/md5.c b/lib/md5.c index e989ac6a..355f5495 100644 --- a/lib/md5.c +++ b/lib/md5.c @@ -23,6 +23,7 @@ #include #include /* for memcpy() */ +#include #include "md5.h" static void md5_transform(uint32_t buf[4], uint32_t const in[16]); -- cgit v1.2.3 From f138bd25e9184c3033f405a7bbb5734d82a877c7 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sun, 31 Jul 2011 21:27:30 +0100 Subject: OAuth code cleanup. --- lib/oauth.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lib') diff --git a/lib/oauth.c b/lib/oauth.c index 4131dc97..4f431ed6 100644 --- a/lib/oauth.c +++ b/lib/oauth.c @@ -121,6 +121,9 @@ void oauth_params_add( GSList **params, const char *key, const char *value ) { char *item; + if( !key || !value ) + return; + item = g_strdup_printf( "%s=%s", key, value ); *params = g_slist_insert_sorted( *params, item, (GCompareFunc) strcmp ); } -- cgit v1.2.3 From 773219385d7db48c58556210922eb671e24736aa Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Thu, 4 Aug 2011 19:52:53 +0100 Subject: Had to change the OAuth secret for GTalk. --- lib/oauth2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/oauth2.c b/lib/oauth2.c index a54ef431..7cb28105 100644 --- a/lib/oauth2.c +++ b/lib/oauth2.c @@ -33,7 +33,7 @@ struct oauth2_service oauth2_service_google = "https://accounts.google.com/o/oauth2/token", "urn:ietf:wg:oauth:2.0:oob", "783993391592.apps.googleusercontent.com", - "k5_EV4EQ7jEVCEk3WBwEFfuW", + "6C-Zgf7Tr7gEQTPlBhMUgo7R", }; struct oauth2_service oauth2_service_facebook = { -- cgit v1.2.3 From 18c6d369d777a1d38ef450f868c22de1d0ebba2d Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sun, 18 Dec 2011 20:25:44 +0100 Subject: More generic OAuth support now. Should work well for all GTalk accounts now and somewhat for MS Messenger. The fb part needs different parsing of the authorize request, and possibly some other work. --- lib/oauth2.c | 26 +++++++------------------- lib/oauth2.h | 9 ++------- 2 files changed, 9 insertions(+), 26 deletions(-) (limited to 'lib') diff --git a/lib/oauth2.c b/lib/oauth2.c index 7cb28105..93891317 100644 --- a/lib/oauth2.c +++ b/lib/oauth2.c @@ -27,27 +27,10 @@ #include "oauth.h" #include "url.h" -struct oauth2_service oauth2_service_google = -{ - "https://accounts.google.com/o/oauth2/auth", - "https://accounts.google.com/o/oauth2/token", - "urn:ietf:wg:oauth:2.0:oob", - "783993391592.apps.googleusercontent.com", - "6C-Zgf7Tr7gEQTPlBhMUgo7R", -}; -struct oauth2_service oauth2_service_facebook = -{ - "https://www.facebook.com/dialog/oauth", - "https://graph.facebook.com/oauth/access_token", - "http://www.bitlbee.org/main.php/fb.html", - "126828914005625", - "4b100f0f244d620bf3f15f8b217d4c32", -}; - -char *oauth2_url( const struct oauth2_service *sp, const char *scope ) +char *oauth2_url( const struct oauth2_service *sp ) { return g_strconcat( sp->auth_url, - "?scope=", scope, + "?scope=", sp->scope, "&response_type=code" "&redirect_uri=", sp->redirect_url, "&client_id=", sp->consumer_key, @@ -120,10 +103,15 @@ static void oauth2_access_token_done( struct http_request *req ) struct oauth2_access_token_data *cb_data = req->data; char *atoken = NULL, *rtoken = NULL; + if( getenv( "BITLBEE_DEBUG" ) && req->reply_body ) + printf( "%s\n", req->reply_body ); + if( req->status_code == 200 ) { atoken = oauth2_json_dumb_get( req->reply_body, "access_token" ); rtoken = oauth2_json_dumb_get( req->reply_body, "refresh_token" ); + if( getenv( "BITLBEE_DEBUG" ) ) + printf( "Extracted atoken=%s rtoken=%s\n", atoken, rtoken ); } cb_data->func( cb_data->data, atoken, rtoken ); g_free( atoken ); diff --git a/lib/oauth2.h b/lib/oauth2.h index 6f56b426..c8d18963 100644 --- a/lib/oauth2.h +++ b/lib/oauth2.h @@ -31,22 +31,17 @@ struct oauth2_service char *auth_url; char *token_url; char *redirect_url; + char *scope; char *consumer_key; char *consumer_secret; }; -/* Currently suitable for authenticating to Google Talk only, and only for - accounts that have 2-factor authorization enabled. */ -extern struct oauth2_service oauth2_service_google; - -extern struct oauth2_service oauth2_service_facebook; - #define OAUTH2_AUTH_CODE "authorization_code" #define OAUTH2_AUTH_REFRESH "refresh_token" /* Generate a URL the user should open in his/her browser to get an authorization code. */ -char *oauth2_url( const struct oauth2_service *sp, const char *scope ); +char *oauth2_url( const struct oauth2_service *sp ); /* Exchanges an auth code or refresh token for an access token. auth_type is one of the two OAUTH2_AUTH_.. constants above. */ -- cgit v1.2.3 From 9b0ad7e8334c7c01e8d9652aa3b1aaa6c5f6d211 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Mon, 19 Dec 2011 01:00:31 +0100 Subject: Moving msn_findheader() to lib/misc.c as get_rfc822_header() so I can use it in OAuth as well. (Need it to find the Content-Type: header.) --- lib/misc.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ lib/misc.h | 4 +--- 2 files changed, 53 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/misc.c b/lib/misc.c index 711b927c..442f8f19 100644 --- a/lib/misc.c +++ b/lib/misc.c @@ -728,3 +728,55 @@ char **split_command_parts( char *command ) return cmd; } + +char *get_rfc822_header( char *text, char *header, int len ) +{ + int hlen = strlen( header ), i; + char *ret; + + if( len == 0 ) + len = strlen( text ); + + i = 0; + while( ( i + hlen ) < len ) + { + /* Maybe this is a bit over-commented, but I just hate this part... */ + if( g_strncasecmp( text + i, header, hlen ) == 0 ) + { + /* Skip to the (probable) end of the header */ + i += hlen; + + /* Find the first non-[: \t] character */ + while( i < len && ( text[i] == ':' || text[i] == ' ' || text[i] == '\t' ) ) i ++; + + /* Make sure we're still inside the string */ + if( i >= len ) return( NULL ); + + /* Save the position */ + ret = text + i; + + /* Search for the end of this line */ + while( i < len && text[i] != '\r' && text[i] != '\n' ) i ++; + + /* Make sure we're still inside the string */ + if( i >= len ) return( NULL ); + + /* Copy the found data */ + return( g_strndup( ret, text + i - ret ) ); + } + + /* This wasn't the header we were looking for, skip to the next line. */ + while( i < len && ( text[i] != '\r' && text[i] != '\n' ) ) i ++; + while( i < len && ( text[i] == '\r' || text[i] == '\n' ) ) i ++; + + /* End of headers? */ + if( ( i >= 4 && strncmp( text + i - 4, "\r\n\r\n", 4 ) == 0 ) || + ( i >= 2 && ( strncmp( text + i - 2, "\n\n", 2 ) == 0 || + strncmp( text + i - 2, "\r\r", 2 ) == 0 ) ) ) + { + break; + } + } + + return( NULL ); +} diff --git a/lib/misc.h b/lib/misc.h index 83ba9e67..7e03de2d 100644 --- a/lib/misc.h +++ b/lib/misc.h @@ -64,11 +64,9 @@ G_MODULE_EXPORT struct ns_srv_reply **srv_lookup( char *service, char *protocol, G_MODULE_EXPORT void srv_free( struct ns_srv_reply **srv ); G_MODULE_EXPORT char *word_wrap( const char *msg, int line_len ); - G_MODULE_EXPORT gboolean ssl_sockerr_again( void *ssl ); - G_MODULE_EXPORT int md5_verify_password( char *password, char *hash ); - G_MODULE_EXPORT char **split_command_parts( char *command ); +G_MODULE_EXPORT char *get_rfc822_header( char *text, char *header, int len ); #endif -- cgit v1.2.3 From bf57cd1bf1019decd67d7c835060675e6a030cde Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Mon, 19 Dec 2011 01:17:38 +0100 Subject: Facebook OAuth2 should now be fully usable. --- lib/oauth.c | 6 ++++++ lib/oauth2.c | 18 +++++++++++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/oauth.c b/lib/oauth.c index 4f431ed6..23353c61 100644 --- a/lib/oauth.c +++ b/lib/oauth.c @@ -133,6 +133,9 @@ void oauth_params_del( GSList **params, const char *key ) int key_len = strlen( key ); GSList *l, *n; + if( params == NULL ) + return NULL; + for( l = *params; l; l = n ) { n = l->next; @@ -157,6 +160,9 @@ const char *oauth_params_get( GSList **params, const char *key ) int key_len = strlen( key ); GSList *l; + if( params == NULL ) + return NULL; + for( l = *params; l; l = l->next ) { if( strncmp( (char*) l->data, key, key_len ) == 0 && diff --git a/lib/oauth2.c b/lib/oauth2.c index 93891317..4a9d256c 100644 --- a/lib/oauth2.c +++ b/lib/oauth2.c @@ -102,17 +102,33 @@ static void oauth2_access_token_done( struct http_request *req ) { struct oauth2_access_token_data *cb_data = req->data; char *atoken = NULL, *rtoken = NULL; + const char *content_type; if( getenv( "BITLBEE_DEBUG" ) && req->reply_body ) printf( "%s\n", req->reply_body ); - if( req->status_code == 200 ) + content_type = get_rfc822_header( req->reply_headers, "Content-Type", 0 ); + + if( req->status_code != 200 ) + { + } + else if( strstr( content_type, "application/json" ) ) { atoken = oauth2_json_dumb_get( req->reply_body, "access_token" ); rtoken = oauth2_json_dumb_get( req->reply_body, "refresh_token" ); if( getenv( "BITLBEE_DEBUG" ) ) printf( "Extracted atoken=%s rtoken=%s\n", atoken, rtoken ); } + else + { + /* Facebook use their own odd format here, seems to be URL-encoded. */ + GSList *p_in = NULL; + + oauth_params_parse( &p_in, req->reply_body ); + atoken = g_strdup( oauth_params_get( &p_in, "access_token" ) ); + rtoken = g_strdup( oauth_params_get( &p_in, "refresh_token" ) ); + oauth_params_free( &p_in ); + } cb_data->func( cb_data->data, atoken, rtoken ); g_free( atoken ); g_free( rtoken ); -- cgit v1.2.3 From 4be0e3458a001a1c2eb3dd0074d7fd65260f2e6f Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Mon, 19 Dec 2011 01:41:40 +0100 Subject: Give a list of SASL mechanisms supported by a server when reporting we don't support any of them. --- lib/oauth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/oauth.c b/lib/oauth.c index 23353c61..4d7acd97 100644 --- a/lib/oauth.c +++ b/lib/oauth.c @@ -134,7 +134,7 @@ void oauth_params_del( GSList **params, const char *key ) GSList *l, *n; if( params == NULL ) - return NULL; + return; for( l = *params; l; l = n ) { -- cgit v1.2.3 From 36533bf6bfc01f56afd6a8cd7bd3dfa9de87297b Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Mon, 19 Dec 2011 13:54:49 +0100 Subject: When updating the XMPP password field with OAuth data, try harder to preserve existing data. (Like refresh tokens which we'll need again on next login.) --- lib/oauth.h | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/oauth.h b/lib/oauth.h index b7388503..50adc95c 100644 --- a/lib/oauth.h +++ b/lib/oauth.h @@ -95,4 +95,5 @@ void oauth_params_add( GSList **params, const char *key, const char *value ); void oauth_params_parse( GSList **params, char *in ); void oauth_params_free( GSList **params ); char *oauth_params_string( GSList *params ); +void oauth_params_set( GSList **params, const char *key, const char *value ); const char *oauth_params_get( GSList **params, const char *key ); -- cgit v1.2.3 From f9789d46aac59f1ff28bc532d8589c1661fa7c4b Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Tue, 20 Dec 2011 17:42:17 +0100 Subject: NULL-checking in rfc822_get_header() and OAuth response handling. --- lib/misc.c | 5 ++++- lib/oauth2.c | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/misc.c b/lib/misc.c index 442f8f19..a7065757 100644 --- a/lib/misc.c +++ b/lib/misc.c @@ -734,6 +734,9 @@ char *get_rfc822_header( char *text, char *header, int len ) int hlen = strlen( header ), i; char *ret; + if( text == NULL ) + return NULL; + if( len == 0 ) len = strlen( text ); @@ -778,5 +781,5 @@ char *get_rfc822_header( char *text, char *header, int len ) } } - return( NULL ); + return NULL; } diff --git a/lib/oauth2.c b/lib/oauth2.c index 4a9d256c..0348d0d0 100644 --- a/lib/oauth2.c +++ b/lib/oauth2.c @@ -112,7 +112,7 @@ static void oauth2_access_token_done( struct http_request *req ) if( req->status_code != 200 ) { } - else if( strstr( content_type, "application/json" ) ) + else if( content_type && strstr( content_type, "application/json" ) ) { atoken = oauth2_json_dumb_get( req->reply_body, "access_token" ); rtoken = oauth2_json_dumb_get( req->reply_body, "refresh_token" ); -- cgit v1.2.3 From 31db81651fa3ac5d742c3616efaccf43a1ebcaf2 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Wed, 21 Dec 2011 20:03:56 +0100 Subject: Use sha1_hmac() instead of reimplementing the algorithm in oauth_sign(). --- lib/oauth.c | 51 +++++++++------------------------------------------ 1 file changed, 9 insertions(+), 42 deletions(-) (limited to 'lib') diff --git a/lib/oauth.c b/lib/oauth.c index 4d7acd97..acbf433e 100644 --- a/lib/oauth.c +++ b/lib/oauth.c @@ -37,64 +37,31 @@ static char *oauth_sign( const char *method, const char *url, const char *params, struct oauth_info *oi ) { - sha1_state_t sha1; uint8_t hash[sha1_hash_size]; - uint8_t key[HMAC_BLOCK_SIZE+1]; + GString *payload = g_string_new( "" ); + char *key; char *s; - int i; - /* Create K. If our current key is >64 chars we have to hash it, - otherwise just pad. */ - memset( key, 0, HMAC_BLOCK_SIZE ); - i = strlen( oi->sp->consumer_secret ) + 1 + ( oi->token_secret ? strlen( oi->token_secret ) : 0 ); - if( i > HMAC_BLOCK_SIZE ) - { - sha1_init( &sha1 ); - sha1_append( &sha1, (uint8_t*) oi->sp->consumer_secret, strlen( oi->sp->consumer_secret ) ); - sha1_append( &sha1, (uint8_t*) "&", 1 ); - if( oi->token_secret ) - sha1_append( &sha1, (uint8_t*) oi->token_secret, strlen( oi->token_secret ) ); - sha1_finish( &sha1, key ); - } - else - { - g_snprintf( (gchar*) key, HMAC_BLOCK_SIZE + 1, "%s&%s", - oi->sp->consumer_secret, oi->token_secret ? oi->token_secret : "" ); - } - - /* Inner part: H(K XOR 0x36, text) */ - sha1_init( &sha1 ); - - for( i = 0; i < HMAC_BLOCK_SIZE; i ++ ) - key[i] ^= 0x36; - sha1_append( &sha1, key, HMAC_BLOCK_SIZE ); + key = g_strdup_printf( "%s&%s", oi->sp->consumer_secret, oi->token_secret ? oi->token_secret : "" ); - /* OAuth: text = method&url¶ms, all http_encoded. */ - sha1_append( &sha1, (const uint8_t*) method, strlen( method ) ); - sha1_append( &sha1, (const uint8_t*) "&", 1 ); + g_string_append_printf( payload, "%s&", method ); s = g_new0( char, strlen( url ) * 3 + 1 ); strcpy( s, url ); http_encode( s ); - sha1_append( &sha1, (const uint8_t*) s, strlen( s ) ); - sha1_append( &sha1, (const uint8_t*) "&", 1 ); + g_string_append_printf( payload, "%s&", s ); g_free( s ); s = g_new0( char, strlen( params ) * 3 + 1 ); strcpy( s, params ); http_encode( s ); - sha1_append( &sha1, (const uint8_t*) s, strlen( s ) ); + g_string_append( payload, s ); g_free( s ); - sha1_finish( &sha1, hash ); + sha1_hmac( key, 0, payload->str, 0, hash ); - /* Final result: H(K XOR 0x5C, inner stuff) */ - sha1_init( &sha1 ); - for( i = 0; i < HMAC_BLOCK_SIZE; i ++ ) - key[i] ^= 0x36 ^ 0x5c; - sha1_append( &sha1, key, HMAC_BLOCK_SIZE ); - sha1_append( &sha1, hash, sha1_hash_size ); - sha1_finish( &sha1, hash ); + g_free( key ); + g_string_free( payload, TRUE ); /* base64_encode + HTTP escape it (both consumers need it that away) and we're done. */ -- cgit v1.2.3 From e306fbf84aa37ab934c5ea18ccfd75da041af052 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Wed, 21 Dec 2011 20:35:13 +0100 Subject: Fixed a bug that probably (can't test this now since it's down) broke OAuth setup for identi.ca. Turning on oauth for identi.ca accounts by default now. --- lib/oauth.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/oauth.c b/lib/oauth.c index acbf433e..04949e1b 100644 --- a/lib/oauth.c +++ b/lib/oauth.c @@ -308,6 +308,7 @@ static void oauth_request_token_done( struct http_request *req ) st->auth_url = g_strdup_printf( "%s?%s", st->sp->url_authorize, req->reply_body ); oauth_params_parse( ¶ms, req->reply_body ); st->request_token = g_strdup( oauth_params_get( ¶ms, "oauth_token" ) ); + st->token_secret = g_strdup( oauth_params_get( ¶ms, "oauth_token_secret" ) ); oauth_params_free( ¶ms ); } @@ -337,6 +338,7 @@ static void oauth_access_token_done( struct http_request *req ) { oauth_params_parse( &st->params, req->reply_body ); st->token = g_strdup( oauth_params_get( &st->params, "oauth_token" ) ); + g_free( st->token_secret ); st->token_secret = g_strdup( oauth_params_get( &st->params, "oauth_token_secret" ) ); } -- cgit v1.2.3 From 9a1c14d8b636510242f81558f7f0a43918636865 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sat, 24 Dec 2011 19:12:15 +0100 Subject: An empty password is still a password, don't refuse accounts for that. --- lib/arc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/arc.c b/lib/arc.c index fd498454..1bd5cf87 100644 --- a/lib/arc.c +++ b/lib/arc.c @@ -199,7 +199,7 @@ int arc_decode( unsigned char *crypt, int crypt_len, char **clear, char *passwor if( clear_len < 0 ) { *clear = g_strdup( "" ); - return 0; + return -1; } /* Prepare buffers and the key + IV */ -- cgit v1.2.3 From 644b8080349d7d42ca89946acc207592fd0acc2d Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Mon, 26 Dec 2011 11:50:34 +0100 Subject: A few more minor cleanups before merging this into mainline. --- lib/oauth2.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/oauth2.c b/lib/oauth2.c index 0348d0d0..1af63974 100644 --- a/lib/oauth2.c +++ b/lib/oauth2.c @@ -116,8 +116,6 @@ static void oauth2_access_token_done( struct http_request *req ) { atoken = oauth2_json_dumb_get( req->reply_body, "access_token" ); rtoken = oauth2_json_dumb_get( req->reply_body, "refresh_token" ); - if( getenv( "BITLBEE_DEBUG" ) ) - printf( "Extracted atoken=%s rtoken=%s\n", atoken, rtoken ); } else { @@ -129,6 +127,9 @@ static void oauth2_access_token_done( struct http_request *req ) rtoken = g_strdup( oauth_params_get( &p_in, "refresh_token" ) ); oauth_params_free( &p_in ); } + if( getenv( "BITLBEE_DEBUG" ) ) + printf( "Extracted atoken=%s rtoken=%s\n", atoken, rtoken ); + cb_data->func( cb_data->data, atoken, rtoken ); g_free( atoken ); g_free( rtoken ); -- cgit v1.2.3