From 57b4525653972dc23c8c5ca5ffaa7e44fad64ee9 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Fri, 22 Jul 2011 19:29:25 +0100 Subject: Nothing useful yet, this just generates an auth URL. Things to do: Ability to process the answer. This is hard because the GTalk server will time out very quickly which means we lose our state/scope/etc. (And the ability to even receive the answer, at least if I'd do this the same way the Twitter module does it.) And then, get the access token and use it, of course. :-) --- protocols/jabber/jabber.c | 2 ++ protocols/jabber/sasl.c | 17 ++++++++++++++--- 2 files changed, 16 insertions(+), 3 deletions(-) (limited to 'protocols/jabber') diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index 802158c1..91d40a43 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -59,6 +59,8 @@ static void jabber_init( account_t *acc ) s = set_add( &acc->set, "activity_timeout", "600", set_eval_int, acc ); + s = set_add( &acc->set, "oauth", "false", set_eval_bool, acc ); + g_snprintf( str, sizeof( str ), "%d", jabber_port_list[0] ); s = set_add( &acc->set, "port", str, set_eval_int, acc ); s->flags |= ACC_SET_OFFLINE_ONLY; diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index 53248ef3..0bbbae11 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -25,6 +25,7 @@ #include "jabber.h" #include "base64.h" +#include "oauth2.h" xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) { @@ -32,7 +33,7 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) struct jabber_data *jd = ic->proto_data; struct xt_node *c, *reply; char *s; - int sup_plain = 0, sup_digest = 0; + int sup_plain = 0, sup_digest = 0, sup_oauth2 = 0; if( !sasl_supported( ic ) ) { @@ -58,6 +59,8 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) sup_plain = 1; if( c->text && g_strcasecmp( c->text, "DIGEST-MD5" ) == 0 ) sup_digest = 1; + if( c->text && g_strcasecmp( c->text, "X-OAUTH2" ) == 0 ) + sup_oauth2 = 1; c = c->next; } @@ -72,7 +75,15 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) reply = xt_new_node( "auth", NULL, NULL ); xt_add_attr( reply, "xmlns", XMLNS_SASL ); - if( sup_digest ) + if( sup_oauth2 && set_getbool( &ic->acc->set, "oauth" ) ) + { + imcb_log( ic, "Open this URL in your browser to authenticate: %s", + oauth2_url( &oauth2_service_google, + "https://www.googleapis.com/auth/googletalk" ) ); + xt_free_node( reply ); + reply = NULL; + } + else if( sup_digest ) { xt_add_attr( reply, "mechanism", "DIGEST-MD5" ); @@ -95,7 +106,7 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) g_free( s ); } - if( !jabber_write_packet( ic, reply ) ) + if( reply && !jabber_write_packet( ic, reply ) ) { xt_free_node( reply ); return XT_ABORT; -- cgit v1.2.3 From 59c9adb4e3e27ded95ec9ccee4f57cf79490bd12 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Mon, 25 Jul 2011 13:09:30 +0100 Subject: Kill obsolete Jabber server string (SSL, port#s, etc) parsing. --- protocols/jabber/jabber.c | 55 ----------------------------------------------- 1 file changed, 55 deletions(-) (limited to 'protocols/jabber') diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index 91d40a43..bd9bbe23 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -136,61 +136,6 @@ static void jabber_login( account_t *acc ) *s = 0; } - /* This code isn't really pretty. Backwards compatibility never is... */ - s = acc->server; - while( s ) - { - static int had_port = 0; - - if( strncmp( s, "ssl", 3 ) == 0 ) - { - set_setstr( &acc->set, "ssl", "true" ); - - /* Flush this part so that (if this was the first - part of the server string) acc->server gets - flushed. We don't want to have to do this another - time. :-) */ - *s = 0; - s ++; - - /* Only set this if the user didn't specify a custom - port number already... */ - if( !had_port ) - set_setint( &acc->set, "port", 5223 ); - } - else if( isdigit( *s ) ) - { - int i; - - /* The first character is a digit. It could be an - IP address though. Only accept this as a port# - if there are only digits. */ - for( i = 0; isdigit( s[i] ); i ++ ); - - /* If the first non-digit character is a colon or - the end of the string, save the port number - where it should be. */ - if( s[i] == ':' || s[i] == 0 ) - { - sscanf( s, "%d", &i ); - set_setint( &acc->set, "port", i ); - - /* See above. */ - *s = 0; - s ++; - } - - had_port = 1; - } - - s = strchr( s, ':' ); - if( s ) - { - *s = 0; - s ++; - } - } - jd->node_cache = g_hash_table_new_full( g_str_hash, g_str_equal, NULL, jabber_cache_entry_free ); jd->buddies = g_hash_table_new( g_str_hash, g_str_equal ); -- cgit v1.2.3 From 4a5d88504235e1df5d01a3a5701b83dd82d6695d Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Tue, 26 Jul 2011 12:58:38 +0100 Subject: Working OAuth2 support. Needs some more debugging (error handling is not great and imc_logout() gets (rightfully) confused when jabber_data is empty). --- protocols/jabber/jabber.c | 41 +++++++++++++++-- protocols/jabber/jabber.h | 8 ++++ protocols/jabber/sasl.c | 111 +++++++++++++++++++++++++++++++++++++++++++--- 3 files changed, 151 insertions(+), 9 deletions(-) (limited to 'protocols/jabber') diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index bd9bbe23..64858de2 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -97,9 +97,7 @@ static void jabber_login( account_t *acc ) { struct im_connection *ic = imcb_new( acc ); struct jabber_data *jd = g_new0( struct jabber_data, 1 ); - struct ns_srv_reply **srvl = NULL, *srv = NULL; - char *connect_to, *s; - int i; + char *s; /* For now this is needed in the _connected() handlers if using GLib event handling, to make sure we're not handling events @@ -139,6 +137,30 @@ static void jabber_login( account_t *acc ) jd->node_cache = g_hash_table_new_full( g_str_hash, g_str_equal, NULL, jabber_cache_entry_free ); jd->buddies = g_hash_table_new( g_str_hash, g_str_equal ); + if( set_getbool( &acc->set, "oauth" ) ) + { + /* For the first login with OAuth, we have to authenticate via the browser. + For subsequent logins, exchange the refresh token for a valid access + token (even though the last one maybe didn't expire yet). */ + if( strncmp( acc->pass, "refresh_token=", 14 ) != 0 ) + sasl_oauth2_init( ic ); + else + sasl_oauth2_refresh( ic, acc->pass + 14 ); + } + else + jabber_connect( ic ); +} + +/* Separate this from jabber_login() so we can do OAuth first if necessary. + Putting this in io.c would probably be more correct. */ +void jabber_connect( struct im_connection *ic ) +{ + account_t *acc = ic->acc; + struct jabber_data *jd = ic->proto_data; + int i; + char *connect_to; + struct ns_srv_reply **srvl = NULL, *srv = NULL; + /* Figure out the hostname to connect to. */ if( acc->server && *acc->server ) connect_to = acc->server; @@ -280,6 +302,19 @@ static int jabber_buddy_msg( struct im_connection *ic, char *who, char *message, if( g_strcasecmp( who, JABBER_XMLCONSOLE_HANDLE ) == 0 ) return jabber_write( ic, message, strlen( message ) ); + if( g_strcasecmp( who, "jabber_oauth" ) == 0 ) + { + if( sasl_oauth2_get_refresh_token( ic, message ) ) + { + return 1; + } + else + { + imcb_error( ic, "OAuth failure" ); + imc_logout( ic, TRUE ); + } + } + if( ( s = strchr( who, '=' ) ) && jabber_chat_by_jid( ic, s + 1 ) ) bud = jabber_buddy_by_ext_jid( ic, who, 0 ); else diff --git a/protocols/jabber/jabber.h b/protocols/jabber/jabber.h index adf9a291..8d65a7e3 100644 --- a/protocols/jabber/jabber.h +++ b/protocols/jabber/jabber.h @@ -92,6 +92,8 @@ struct jabber_data char *username; /* USERNAME@server */ char *server; /* username@SERVER -=> server/domain, not hostname */ + char *oauth2_access_token; + /* After changing one of these two (or the priority setting), call presence_send_update() to inform the server about the changes. */ const struct jabber_away_state *away_state; @@ -231,6 +233,9 @@ struct jabber_transfer #define XMLNS_BYTESTREAMS "http://jabber.org/protocol/bytestreams" /* XEP-0065 */ #define XMLNS_IBB "http://jabber.org/protocol/ibb" /* XEP-0047 */ +/* jabber.c */ +void jabber_connect( struct im_connection *ic ); + /* iq.c */ xt_status jabber_pkt_iq( struct xt_node *node, gpointer data ); int jabber_init_iq_auth( struct im_connection *ic ); @@ -315,6 +320,9 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ); xt_status sasl_pkt_challenge( struct xt_node *node, gpointer data ); xt_status sasl_pkt_result( struct xt_node *node, gpointer data ); gboolean sasl_supported( struct im_connection *ic ); +void sasl_oauth2_init( struct im_connection *ic ); +int sasl_oauth2_get_refresh_token( struct im_connection *ic, const char *msg ); +int sasl_oauth2_refresh( struct im_connection *ic, const char *refresh_token ); /* conference.c */ struct groupchat *jabber_chat_join( struct im_connection *ic, const char *room, const char *nick, const char *password ); diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index 0bbbae11..a7c3dd6f 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -75,13 +75,31 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) reply = xt_new_node( "auth", NULL, NULL ); xt_add_attr( reply, "xmlns", XMLNS_SASL ); - if( sup_oauth2 && set_getbool( &ic->acc->set, "oauth" ) ) + if( set_getbool( &ic->acc->set, "oauth" ) ) { - imcb_log( ic, "Open this URL in your browser to authenticate: %s", - oauth2_url( &oauth2_service_google, - "https://www.googleapis.com/auth/googletalk" ) ); - xt_free_node( reply ); - reply = NULL; + int len; + + if( !sup_oauth2 ) + { + imcb_error( ic, "OAuth requested, but not supported by server" ); + imc_logout( ic, FALSE ); + xt_free_node( reply ); + return XT_ABORT; + } + + /* X-OAUTH2 is, not *the* standard OAuth2 SASL/XMPP implementation. + It's currently used by GTalk and vaguely documented on + http://code.google.com/apis/cloudprint/docs/rawxmpp.html . */ + xt_add_attr( reply, "mechanism", "X-OAUTH2" ); + + len = strlen( jd->username ) + strlen( jd->oauth2_access_token ) + 2; + s = g_malloc( len + 1 ); + s[0] = 0; + strcpy( s + 1, jd->username ); + strcpy( s + 2 + strlen( jd->username ), jd->oauth2_access_token ); + reply->text = base64_encode( (unsigned char *)s, len ); + reply->text_len = strlen( reply->text ); + g_free( s ); } else if( sup_digest ) { @@ -357,3 +375,84 @@ gboolean sasl_supported( struct im_connection *ic ) return ( jd->xt && jd->xt->root && xt_find_attr( jd->xt->root, "version" ) ) != 0; } + +void sasl_oauth2_init( struct im_connection *ic ) +{ + char *msg, *url; + + imcb_log( ic, "Starting OAuth authentication" ); + + /* Temporary contact, just used to receive the OAuth response. */ + imcb_add_buddy( ic, "jabber_oauth", NULL ); + url = oauth2_url( &oauth2_service_google, + "https://www.googleapis.com/auth/googletalk" ); + msg = g_strdup_printf( "Open this URL in your browser to authenticate: %s", url ); + imcb_buddy_msg( ic, "jabber_oauth", msg, 0, 0 ); + imcb_buddy_msg( ic, "jabber_oauth", "Respond to this message with the returned " + "authorization token.", 0, 0 ); + + g_free( msg ); + g_free( url ); +} + +static gboolean sasl_oauth2_remove_contact( gpointer data, gint fd, b_input_condition cond ) +{ + struct im_connection *ic = data; + imcb_remove_buddy( ic, "jabber_oauth", NULL ); + return FALSE; +} + +static void sasl_oauth2_got_token( gpointer data, const char *access_token, const char *refresh_token ); + +int sasl_oauth2_get_refresh_token( struct im_connection *ic, const char *msg ) +{ + char *code; + int ret; + + imcb_log( ic, "Requesting OAuth access token" ); + + /* Don't do it here because the caller may get confused if the contact + we're currently sending a message to is deleted. */ + b_timeout_add( 1, sasl_oauth2_remove_contact, ic ); + + code = g_strdup( msg ); + g_strstrip( code ); + ret = oauth2_access_token( &oauth2_service_google, OAUTH2_AUTH_CODE, + code, sasl_oauth2_got_token, ic ); + + g_free( code ); + return ret; +} + +int sasl_oauth2_refresh( struct im_connection *ic, const char *refresh_token ) +{ + return oauth2_access_token( &oauth2_service_google, OAUTH2_AUTH_REFRESH, + refresh_token, sasl_oauth2_got_token, ic ); +} + +static void sasl_oauth2_got_token( gpointer data, const char *access_token, const char *refresh_token ) +{ + struct im_connection *ic = data; + struct jabber_data *jd; + + if( g_slist_find( jabber_connections, ic ) == NULL ) + return; + + jd = ic->proto_data; + + if( access_token == NULL ) + { + imcb_error( ic, "OAuth failure (missing access token)" ); + imc_logout( ic, TRUE ); + } + if( refresh_token != NULL ) + { + g_free( ic->acc->pass ); + ic->acc->pass = g_strdup_printf( "refresh_token=%s", refresh_token ); + } + + g_free( jd->oauth2_access_token ); + jd->oauth2_access_token = g_strdup( access_token ); + + jabber_connect( ic ); +} -- cgit v1.2.3 From e1c926f53750ca288f30f3d62eecdc763b67d642 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sun, 31 Jul 2011 16:44:37 +0100 Subject: Facebook authentication. This isn't really OAuth in the end: FB doesn't really support desktop app OAuth in a way that would work with BitlBee. Plus, it's only OAuth-compliant by, err, name? --- protocols/jabber/jabber.h | 2 ++ protocols/jabber/sasl.c | 51 +++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 51 insertions(+), 2 deletions(-) (limited to 'protocols/jabber') diff --git a/protocols/jabber/jabber.h b/protocols/jabber/jabber.h index 8d65a7e3..c68ae343 100644 --- a/protocols/jabber/jabber.h +++ b/protocols/jabber/jabber.h @@ -46,6 +46,8 @@ typedef enum activates all XEP-85 related code. */ JFLAG_XMLCONSOLE = 64, /* If the user added an xmlconsole buddy. */ JFLAG_STARTTLS_DONE = 128, /* If a plaintext session was converted to TLS. */ + + JFLAG_SASL_FB = 0x10000, /* Trying Facebook authentication. */ } jabber_flags_t; typedef enum diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index a7c3dd6f..89571d8d 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -26,6 +26,7 @@ #include "jabber.h" #include "base64.h" #include "oauth2.h" +#include "oauth.h" xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) { @@ -33,7 +34,7 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) struct jabber_data *jd = ic->proto_data; struct xt_node *c, *reply; char *s; - int sup_plain = 0, sup_digest = 0, sup_oauth2 = 0; + int sup_plain = 0, sup_digest = 0, sup_oauth2 = 0, sup_fb = 0; if( !sasl_supported( ic ) ) { @@ -61,6 +62,8 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) sup_digest = 1; if( c->text && g_strcasecmp( c->text, "X-OAUTH2" ) == 0 ) sup_oauth2 = 1; + if( c->text && g_strcasecmp( c->text, "X-FACEBOOK-PLATFORM" ) == 0 ) + sup_fb = 1; c = c->next; } @@ -101,6 +104,11 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) reply->text_len = strlen( reply->text ); g_free( s ); } + else if( sup_fb && strstr( ic->acc->pass, "session_key=" ) ) + { + xt_add_attr( reply, "mechanism", "X-FACEBOOK-PLATFORM" ); + jd->flags |= JFLAG_SASL_FB; + } else if( sup_digest ) { xt_add_attr( reply, "mechanism", "DIGEST-MD5" ); @@ -238,7 +246,45 @@ xt_status sasl_pkt_challenge( struct xt_node *node, gpointer data ) dec = frombase64( node->text ); - if( !( s = sasl_get_part( dec, "rspauth" ) ) ) + if( jd->flags & JFLAG_SASL_FB ) + { + GSList *p_in = NULL, *p_out = NULL, *p; + md5_state_t md5; + char time[33], *fmt, *token; + const char *secret; + + oauth_params_parse( &p_in, dec ); + oauth_params_add( &p_out, "nonce", oauth_params_get( &p_in, "nonce" ) ); + oauth_params_add( &p_out, "method", oauth_params_get( &p_in, "method" ) ); + oauth_params_free( &p_in ); + + token = g_strdup( ic->acc->pass ); + oauth_params_parse( &p_in, token ); + g_free( token ); + oauth_params_add( &p_out, "session_key", oauth_params_get( &p_in, "session_key" ) ); + + g_snprintf( time, sizeof( time ), "%lld", (long long) ( gettime() * 1000 ) ); + oauth_params_add( &p_out, "call_id", time ); + oauth_params_add( &p_out, "api_key", oauth2_service_facebook.consumer_key ); + oauth_params_add( &p_out, "v", "1.0" ); + oauth_params_add( &p_out, "format", "XML" ); + + md5_init( &md5 ); + for( p = p_out; p; p = p->next ) + md5_append( &md5, p->data, strlen( p->data ) ); + + secret = oauth_params_get( &p_in, "secret" ); + md5_append( &md5, (unsigned char*) secret, strlen( secret ) ); + md5_finish_ascii( &md5, time ); + oauth_params_add( &p_out, "sig", time ); + + fmt = oauth_params_string( p_out ); + oauth_params_free( &p_out ); + oauth_params_free( &p_in ); + s = tobase64( fmt ); + g_free( fmt ); + } + else if( !( s = sasl_get_part( dec, "rspauth" ) ) ) { /* See RFC 2831 for for information. */ md5_state_t A1, A2, H; @@ -444,6 +490,7 @@ static void sasl_oauth2_got_token( gpointer data, const char *access_token, cons { imcb_error( ic, "OAuth failure (missing access token)" ); imc_logout( ic, TRUE ); + return; } if( refresh_token != NULL ) { -- cgit v1.2.3 From f138bd25e9184c3033f405a7bbb5734d82a877c7 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sun, 31 Jul 2011 21:27:30 +0100 Subject: OAuth code cleanup. --- protocols/jabber/jabber.c | 3 +++ protocols/jabber/sasl.c | 39 +++++++++++++++++++++------------------ 2 files changed, 24 insertions(+), 18 deletions(-) (limited to 'protocols/jabber') diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index 64858de2..c97adf71 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -139,6 +139,8 @@ static void jabber_login( account_t *acc ) if( set_getbool( &acc->set, "oauth" ) ) { + jd->fd = jd->r_inpa = jd->w_inpa = -1; + /* For the first login with OAuth, we have to authenticate via the browser. For subsequent logins, exchange the refresh token for a valid access token (even though the last one maybe didn't expire yet). */ @@ -284,6 +286,7 @@ static void jabber_logout( struct im_connection *ic ) xt_free( jd->xt ); + g_free( jd->oauth2_access_token ); g_free( jd->away_message ); g_free( jd->username ); g_free( jd ); diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index 89571d8d..f232864b 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -233,12 +233,12 @@ xt_status sasl_pkt_challenge( struct xt_node *node, gpointer data ) { struct im_connection *ic = data; struct jabber_data *jd = ic->proto_data; - struct xt_node *reply = NULL; + struct xt_node *reply_pkt = NULL; char *nonce = NULL, *realm = NULL, *cnonce = NULL; unsigned char cnonce_bin[30]; char *digest_uri = NULL; char *dec = NULL; - char *s = NULL; + char *s = NULL, *reply = NULL; xt_status ret = XT_ABORT; if( node->text_len == 0 ) @@ -248,9 +248,15 @@ xt_status sasl_pkt_challenge( struct xt_node *node, gpointer data ) if( jd->flags & JFLAG_SASL_FB ) { + /* Facebook proprietary authentication. Not as useful as it seemed, but + the code's written now, may as well keep it.. + + Mechanism is described on http://developers.facebook.com/docs/chat/ + and in their Python module. It's all mostly useless because the tokens + expire after 24h. */ GSList *p_in = NULL, *p_out = NULL, *p; md5_state_t md5; - char time[33], *fmt, *token; + char time[33], *token; const char *secret; oauth_params_parse( &p_in, dec ); @@ -274,15 +280,14 @@ xt_status sasl_pkt_challenge( struct xt_node *node, gpointer data ) md5_append( &md5, p->data, strlen( p->data ) ); secret = oauth_params_get( &p_in, "secret" ); - md5_append( &md5, (unsigned char*) secret, strlen( secret ) ); + if( secret ) + md5_append( &md5, (unsigned char*) secret, strlen( secret ) ); md5_finish_ascii( &md5, time ); oauth_params_add( &p_out, "sig", time ); - fmt = oauth_params_string( p_out ); + reply = oauth_params_string( p_out ); oauth_params_free( &p_out ); oauth_params_free( &p_in ); - s = tobase64( fmt ); - g_free( fmt ); } else if( !( s = sasl_get_part( dec, "rspauth" ) ) ) { @@ -345,23 +350,20 @@ xt_status sasl_pkt_challenge( struct xt_node *node, gpointer data ) sprintf( Hh + i * 2, "%02x", Hr[i] ); /* Now build the SASL response string: */ - g_free( dec ); - dec = g_strdup_printf( "username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"%s\"," - "nc=%08x,qop=auth,digest-uri=\"%s\",response=%s,charset=%s", - jd->username, realm, nonce, cnonce, 1, digest_uri, Hh, "utf-8" ); - s = tobase64( dec ); + reply = g_strdup_printf( "username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"%s\"," + "nc=%08x,qop=auth,digest-uri=\"%s\",response=%s,charset=%s", + jd->username, realm, nonce, cnonce, 1, digest_uri, Hh, "utf-8" ); } else { /* We found rspauth, but don't really care... */ - g_free( s ); - s = NULL; } - reply = xt_new_node( "response", s, NULL ); - xt_add_attr( reply, "xmlns", XMLNS_SASL ); + s = reply ? tobase64( reply ) : NULL; + reply_pkt = xt_new_node( "response", s, NULL ); + xt_add_attr( reply_pkt, "xmlns", XMLNS_SASL ); - if( !jabber_write_packet( ic, reply ) ) + if( !jabber_write_packet( ic, reply_pkt ) ) goto silent_error; ret = XT_HANDLED; @@ -375,10 +377,11 @@ silent_error: g_free( digest_uri ); g_free( cnonce ); g_free( nonce ); + g_free( reply ); g_free( realm ); g_free( dec ); g_free( s ); - xt_free_node( reply ); + xt_free_node( reply_pkt ); return ret; } -- cgit v1.2.3 From f988ad3fd0bb29ae8a16f5d921b92fd90b7792a6 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sun, 31 Jul 2011 21:31:37 +0100 Subject: Don't timeout Jabber connections on OAuth initialization. --- protocols/jabber/jabber.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'protocols/jabber') diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index c97adf71..0ae903e2 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -145,7 +145,10 @@ static void jabber_login( account_t *acc ) For subsequent logins, exchange the refresh token for a valid access token (even though the last one maybe didn't expire yet). */ if( strncmp( acc->pass, "refresh_token=", 14 ) != 0 ) + { sasl_oauth2_init( ic ); + ic->flags |= OPT_SLOW_LOGIN; + } else sasl_oauth2_refresh( ic, acc->pass + 14 ); } -- cgit v1.2.3 From 911d97a988d5f3d90c4b15c05adc733ada1fb37a Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Thu, 4 Aug 2011 16:19:54 +0100 Subject: Error handling fixes. Found one double free() bug causing troubles when a buddy_msg() handler takes down the IM connection immediately. --- protocols/jabber/jabber.c | 1 + protocols/jabber/sasl.c | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'protocols/jabber') diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index 0ae903e2..e7692484 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -318,6 +318,7 @@ static int jabber_buddy_msg( struct im_connection *ic, char *who, char *message, { imcb_error( ic, "OAuth failure" ); imc_logout( ic, TRUE ); + return 0; } } diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index f232864b..f21a6706 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -447,7 +447,8 @@ void sasl_oauth2_init( struct im_connection *ic ) static gboolean sasl_oauth2_remove_contact( gpointer data, gint fd, b_input_condition cond ) { struct im_connection *ic = data; - imcb_remove_buddy( ic, "jabber_oauth", NULL ); + if( g_slist_find( jabber_connections, ic ) ) + imcb_remove_buddy( ic, "jabber_oauth", NULL ); return FALSE; } -- cgit v1.2.3 From 18c6d369d777a1d38ef450f868c22de1d0ebba2d Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sun, 18 Dec 2011 20:25:44 +0100 Subject: More generic OAuth support now. Should work well for all GTalk accounts now and somewhat for MS Messenger. The fb part needs different parsing of the authorize request, and possibly some other work. --- protocols/jabber/jabber.c | 7 +++++ protocols/jabber/jabber.h | 5 ++++ protocols/jabber/sasl.c | 74 ++++++++++++++++++++++++++++++++++++----------- 3 files changed, 69 insertions(+), 17 deletions(-) (limited to 'protocols/jabber') diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index 9b94b21d..bf849e2a 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -144,6 +144,13 @@ static void jabber_login( account_t *acc ) { jd->fd = jd->r_inpa = jd->w_inpa = -1; + if( strstr( jd->server, ".live.com" ) ) + jd->oauth2_service = &oauth2_service_mslive; + else if( strstr( jd->server, ".facebook.com" ) ) + jd->oauth2_service = &oauth2_service_facebook; + else + jd->oauth2_service = &oauth2_service_google; + /* For the first login with OAuth, we have to authenticate via the browser. For subsequent logins, exchange the refresh token for a valid access token (even though the last one maybe didn't expire yet). */ diff --git a/protocols/jabber/jabber.h b/protocols/jabber/jabber.h index c68ae343..0a46633e 100644 --- a/protocols/jabber/jabber.h +++ b/protocols/jabber/jabber.h @@ -94,6 +94,7 @@ struct jabber_data char *username; /* USERNAME@server */ char *server; /* username@SERVER -=> server/domain, not hostname */ + const struct oauth2_service *oauth2_service; char *oauth2_access_token; /* After changing one of these two (or the priority setting), call @@ -326,6 +327,10 @@ void sasl_oauth2_init( struct im_connection *ic ); int sasl_oauth2_get_refresh_token( struct im_connection *ic, const char *msg ); int sasl_oauth2_refresh( struct im_connection *ic, const char *refresh_token ); +extern const struct oauth2_service oauth2_service_google; +extern const struct oauth2_service oauth2_service_facebook; +extern const struct oauth2_service oauth2_service_mslive; + /* conference.c */ struct groupchat *jabber_chat_join( struct im_connection *ic, const char *room, const char *nick, const char *password ); struct groupchat *jabber_chat_by_jid( struct im_connection *ic, const char *name ); diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index f21a6706..89ab1337 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -28,13 +28,42 @@ #include "oauth2.h" #include "oauth.h" +const struct oauth2_service oauth2_service_google = +{ + "https://accounts.google.com/o/oauth2/auth", + "https://accounts.google.com/o/oauth2/token", + "urn:ietf:wg:oauth:2.0:oob", + "https://www.googleapis.com/auth/googletalk", + "783993391592.apps.googleusercontent.com", + "6C-Zgf7Tr7gEQTPlBhMUgo7R", +}; +const struct oauth2_service oauth2_service_facebook = +{ + "https://www.facebook.com/dialog/oauth", + "https://graph.facebook.com/oauth/access_token", + "http://www.bitlbee.org/main.php/Facebook/oauth2.html", + "offline_access,xmpp_login", + "126828914005625", + "4b100f0f244d620bf3f15f8b217d4c32", +}; +const struct oauth2_service oauth2_service_mslive = +{ + "https://oauth.live.com/authorize", + "https://oauth.live.com/token", + "http://www.bitlbee.org/main.php/Messenger/oauth2.html", + "wl.messenger", + "000000004C06FCD1", + "IRKlBPzJJAWcY-TbZjiTEJu9tn7XCFaV", +}; + xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) { struct im_connection *ic = data; struct jabber_data *jd = ic->proto_data; struct xt_node *c, *reply; char *s; - int sup_plain = 0, sup_digest = 0, sup_oauth2 = 0, sup_fb = 0; + int sup_plain = 0, sup_digest = 0, sup_gtalk = 0, sup_fb = 0, sup_ms = 0; + int want_oauth = FALSE; if( !sasl_supported( ic ) ) { @@ -61,14 +90,16 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) if( c->text && g_strcasecmp( c->text, "DIGEST-MD5" ) == 0 ) sup_digest = 1; if( c->text && g_strcasecmp( c->text, "X-OAUTH2" ) == 0 ) - sup_oauth2 = 1; + sup_gtalk = 1; if( c->text && g_strcasecmp( c->text, "X-FACEBOOK-PLATFORM" ) == 0 ) sup_fb = 1; + if( c->text && g_strcasecmp( c->text, "X-MESSENGER-OAUTH2" ) == 0 ) + sup_ms = 1; c = c->next; } - if( !sup_plain && !sup_digest ) + if( !sup_plain && !sup_digest && !sup_gtalk && !sup_fb && !sup_ms ) { imcb_error( ic, "No known SASL authentication schemes supported" ); imc_logout( ic, FALSE ); @@ -77,19 +108,12 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) reply = xt_new_node( "auth", NULL, NULL ); xt_add_attr( reply, "xmlns", XMLNS_SASL ); + want_oauth = set_getbool( &ic->acc->set, "oauth" ); - if( set_getbool( &ic->acc->set, "oauth" ) ) + if( sup_gtalk && want_oauth ) { int len; - if( !sup_oauth2 ) - { - imcb_error( ic, "OAuth requested, but not supported by server" ); - imc_logout( ic, FALSE ); - xt_free_node( reply ); - return XT_ABORT; - } - /* X-OAUTH2 is, not *the* standard OAuth2 SASL/XMPP implementation. It's currently used by GTalk and vaguely documented on http://code.google.com/apis/cloudprint/docs/rawxmpp.html . */ @@ -104,11 +128,24 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) reply->text_len = strlen( reply->text ); g_free( s ); } - else if( sup_fb && strstr( ic->acc->pass, "session_key=" ) ) + else if( sup_ms && want_oauth ) + { + xt_add_attr( reply, "mechanism", "X-MESSENGER-OAUTH2" ); + reply->text = g_strdup( jd->oauth2_access_token ); + reply->text_len = strlen( jd->oauth2_access_token ); + } + else if( sup_fb && want_oauth && strstr( ic->acc->pass, "session_key=" ) ) { xt_add_attr( reply, "mechanism", "X-FACEBOOK-PLATFORM" ); jd->flags |= JFLAG_SASL_FB; } + else if( want_oauth ) + { + imcb_error( ic, "OAuth requested, but not supported by server" ); + imc_logout( ic, FALSE ); + xt_free_node( reply ); + return XT_ABORT; + } else if( sup_digest ) { xt_add_attr( reply, "mechanism", "DIGEST-MD5" ); @@ -427,14 +464,14 @@ gboolean sasl_supported( struct im_connection *ic ) void sasl_oauth2_init( struct im_connection *ic ) { + struct jabber_data *jd = ic->proto_data; char *msg, *url; imcb_log( ic, "Starting OAuth authentication" ); /* Temporary contact, just used to receive the OAuth response. */ imcb_add_buddy( ic, "jabber_oauth", NULL ); - url = oauth2_url( &oauth2_service_google, - "https://www.googleapis.com/auth/googletalk" ); + url = oauth2_url( jd->oauth2_service ); msg = g_strdup_printf( "Open this URL in your browser to authenticate: %s", url ); imcb_buddy_msg( ic, "jabber_oauth", msg, 0, 0 ); imcb_buddy_msg( ic, "jabber_oauth", "Respond to this message with the returned " @@ -456,6 +493,7 @@ static void sasl_oauth2_got_token( gpointer data, const char *access_token, cons int sasl_oauth2_get_refresh_token( struct im_connection *ic, const char *msg ) { + struct jabber_data *jd = ic->proto_data; char *code; int ret; @@ -467,7 +505,7 @@ int sasl_oauth2_get_refresh_token( struct im_connection *ic, const char *msg ) code = g_strdup( msg ); g_strstrip( code ); - ret = oauth2_access_token( &oauth2_service_google, OAUTH2_AUTH_CODE, + ret = oauth2_access_token( jd->oauth2_service, OAUTH2_AUTH_CODE, code, sasl_oauth2_got_token, ic ); g_free( code ); @@ -476,7 +514,9 @@ int sasl_oauth2_get_refresh_token( struct im_connection *ic, const char *msg ) int sasl_oauth2_refresh( struct im_connection *ic, const char *refresh_token ) { - return oauth2_access_token( &oauth2_service_google, OAUTH2_AUTH_REFRESH, + struct jabber_data *jd = ic->proto_data; + + return oauth2_access_token( jd->oauth2_service, OAUTH2_AUTH_REFRESH, refresh_token, sasl_oauth2_got_token, ic ); } -- cgit v1.2.3 From 64b663524a465efb7707a2c634be97b9fb6f963b Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sun, 18 Dec 2011 22:56:44 +0100 Subject: Restructured and updated code a little bit to support new-style (much better and "proper" OAuth2) Facebook OAuth support. (And, add wl.offline scope to get tokens that don't expire after an hour.) --- protocols/jabber/jabber.c | 23 +++++++++++++++++------ protocols/jabber/jabber.h | 1 + protocols/jabber/sasl.c | 47 +++++++++++++++++++++-------------------------- 3 files changed, 39 insertions(+), 32 deletions(-) (limited to 'protocols/jabber') diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index bf849e2a..50ee6f2d 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -151,16 +151,27 @@ static void jabber_login( account_t *acc ) else jd->oauth2_service = &oauth2_service_google; - /* For the first login with OAuth, we have to authenticate via the browser. - For subsequent logins, exchange the refresh token for a valid access - token (even though the last one maybe didn't expire yet). */ - if( strncmp( acc->pass, "refresh_token=", 14 ) != 0 ) + /* First see if we have a refresh token, in which case any + access token we *might* have has probably expired already + anyway. */ + if( strstr( acc->pass, "refresh_token=" ) ) + { + sasl_oauth2_refresh( ic, acc->pass + 14 ); + } + /* If we don't have a refresh token, let's hope the access + token is still usable. */ + else if( strstr( acc->pass, "access_token=" ) ) + { + sasl_oauth2_load_access_token( ic ); + jabber_connect( ic ); + } + /* If we don't have any, start the OAuth process now. Don't + even open an XMPP connection yet. */ + else { sasl_oauth2_init( ic ); ic->flags |= OPT_SLOW_LOGIN; } - else - sasl_oauth2_refresh( ic, acc->pass + 14 ); } else jabber_connect( ic ); diff --git a/protocols/jabber/jabber.h b/protocols/jabber/jabber.h index 0a46633e..57f01695 100644 --- a/protocols/jabber/jabber.h +++ b/protocols/jabber/jabber.h @@ -326,6 +326,7 @@ gboolean sasl_supported( struct im_connection *ic ); void sasl_oauth2_init( struct im_connection *ic ); int sasl_oauth2_get_refresh_token( struct im_connection *ic, const char *msg ); int sasl_oauth2_refresh( struct im_connection *ic, const char *refresh_token ); +int sasl_oauth2_load_access_token( struct im_connection *ic ); extern const struct oauth2_service oauth2_service_google; extern const struct oauth2_service oauth2_service_facebook; diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index 89ab1337..622bff74 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -51,7 +51,7 @@ const struct oauth2_service oauth2_service_mslive = "https://oauth.live.com/authorize", "https://oauth.live.com/token", "http://www.bitlbee.org/main.php/Messenger/oauth2.html", - "wl.messenger", + "wl.offline_access%20wl.messenger", "000000004C06FCD1", "IRKlBPzJJAWcY-TbZjiTEJu9tn7XCFaV", }; @@ -87,13 +87,13 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) { if( c->text && g_strcasecmp( c->text, "PLAIN" ) == 0 ) sup_plain = 1; - if( c->text && g_strcasecmp( c->text, "DIGEST-MD5" ) == 0 ) + else if( c->text && g_strcasecmp( c->text, "DIGEST-MD5" ) == 0 ) sup_digest = 1; - if( c->text && g_strcasecmp( c->text, "X-OAUTH2" ) == 0 ) + else if( c->text && g_strcasecmp( c->text, "X-OAUTH2" ) == 0 ) sup_gtalk = 1; - if( c->text && g_strcasecmp( c->text, "X-FACEBOOK-PLATFORM" ) == 0 ) + else if( c->text && g_strcasecmp( c->text, "X-FACEBOOK-PLATFORM" ) == 0 ) sup_fb = 1; - if( c->text && g_strcasecmp( c->text, "X-MESSENGER-OAUTH2" ) == 0 ) + else if( c->text && g_strcasecmp( c->text, "X-MESSENGER-OAUTH2" ) == 0 ) sup_ms = 1; c = c->next; @@ -134,7 +134,7 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) reply->text = g_strdup( jd->oauth2_access_token ); reply->text_len = strlen( jd->oauth2_access_token ); } - else if( sup_fb && want_oauth && strstr( ic->acc->pass, "session_key=" ) ) + else if( sup_fb && want_oauth ) { xt_add_attr( reply, "mechanism", "X-FACEBOOK-PLATFORM" ); jd->flags |= JFLAG_SASL_FB; @@ -291,40 +291,23 @@ xt_status sasl_pkt_challenge( struct xt_node *node, gpointer data ) Mechanism is described on http://developers.facebook.com/docs/chat/ and in their Python module. It's all mostly useless because the tokens expire after 24h. */ - GSList *p_in = NULL, *p_out = NULL, *p; - md5_state_t md5; - char time[33], *token; - const char *secret; + GSList *p_in = NULL, *p_out = NULL; + char time[33]; oauth_params_parse( &p_in, dec ); oauth_params_add( &p_out, "nonce", oauth_params_get( &p_in, "nonce" ) ); oauth_params_add( &p_out, "method", oauth_params_get( &p_in, "method" ) ); oauth_params_free( &p_in ); - token = g_strdup( ic->acc->pass ); - oauth_params_parse( &p_in, token ); - g_free( token ); - oauth_params_add( &p_out, "session_key", oauth_params_get( &p_in, "session_key" ) ); - g_snprintf( time, sizeof( time ), "%lld", (long long) ( gettime() * 1000 ) ); oauth_params_add( &p_out, "call_id", time ); oauth_params_add( &p_out, "api_key", oauth2_service_facebook.consumer_key ); oauth_params_add( &p_out, "v", "1.0" ); oauth_params_add( &p_out, "format", "XML" ); - - md5_init( &md5 ); - for( p = p_out; p; p = p->next ) - md5_append( &md5, p->data, strlen( p->data ) ); - - secret = oauth_params_get( &p_in, "secret" ); - if( secret ) - md5_append( &md5, (unsigned char*) secret, strlen( secret ) ); - md5_finish_ascii( &md5, time ); - oauth_params_add( &p_out, "sig", time ); + oauth_params_add( &p_out, "access_token", jd->oauth2_access_token ); reply = oauth_params_string( p_out ); oauth_params_free( &p_out ); - oauth_params_free( &p_in ); } else if( !( s = sasl_get_part( dec, "rspauth" ) ) ) { @@ -520,6 +503,18 @@ int sasl_oauth2_refresh( struct im_connection *ic, const char *refresh_token ) refresh_token, sasl_oauth2_got_token, ic ); } +int sasl_oauth2_load_access_token( struct im_connection *ic ) +{ + struct jabber_data *jd = ic->proto_data; + GSList *p_in = NULL; + + oauth_params_parse( &p_in, ic->acc->pass ); + jd->oauth2_access_token = g_strdup( oauth_params_get( &p_in, "access_token" ) ); + oauth_params_free( &p_in ); + + return jd->oauth2_access_token != NULL; +} + static void sasl_oauth2_got_token( gpointer data, const char *access_token, const char *refresh_token ) { struct im_connection *ic = data; -- cgit v1.2.3 From 4be0e3458a001a1c2eb3dd0074d7fd65260f2e6f Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Mon, 19 Dec 2011 01:41:40 +0100 Subject: Give a list of SASL mechanisms supported by a server when reporting we don't support any of them. --- protocols/jabber/sasl.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'protocols/jabber') diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index 622bff74..8727212f 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -64,6 +64,7 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) char *s; int sup_plain = 0, sup_digest = 0, sup_gtalk = 0, sup_fb = 0, sup_ms = 0; int want_oauth = FALSE; + GString *mechs; if( !sasl_supported( ic ) ) { @@ -82,6 +83,7 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) return XT_ABORT; } + mechs = g_string_new( "" ); c = node->children; while( ( c = xt_find_node( c, "mechanism" ) ) ) { @@ -96,15 +98,21 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) else if( c->text && g_strcasecmp( c->text, "X-MESSENGER-OAUTH2" ) == 0 ) sup_ms = 1; + if( c->text ) + g_string_append_printf( mechs, " %s", c->text ); + c = c->next; } if( !sup_plain && !sup_digest && !sup_gtalk && !sup_fb && !sup_ms ) { - imcb_error( ic, "No known SASL authentication schemes supported" ); + imcb_error( ic, "BitlBee does not support any of the offered SASL " + "authentication schemes:%s", mechs->str ); imc_logout( ic, FALSE ); + g_string_free( mechs, TRUE ); return XT_ABORT; } + g_string_free( mechs, TRUE ); reply = xt_new_node( "auth", NULL, NULL ); xt_add_attr( reply, "xmlns", XMLNS_SASL ); @@ -536,6 +544,14 @@ static void sasl_oauth2_got_token( gpointer data, const char *access_token, cons g_free( ic->acc->pass ); ic->acc->pass = g_strdup_printf( "refresh_token=%s", refresh_token ); } + /* Should do this, but only in the Facebook case where we get an access + token that never expires. Shouldn't overwrite a refresh token with + an access token. + else + { + g_free( ic->acc->pass ); + ic->acc->pass = g_strdup_printf( "access_token=%s", access_token ); + } */ g_free( jd->oauth2_access_token ); jd->oauth2_access_token = g_strdup( access_token ); -- cgit v1.2.3 From 36533bf6bfc01f56afd6a8cd7bd3dfa9de87297b Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Mon, 19 Dec 2011 13:54:49 +0100 Subject: When updating the XMPP password field with OAuth data, try harder to preserve existing data. (Like refresh tokens which we'll need again on next login.) --- protocols/jabber/sasl.c | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) (limited to 'protocols/jabber') diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index 8727212f..06dda8a8 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -527,6 +527,7 @@ static void sasl_oauth2_got_token( gpointer data, const char *access_token, cons { struct im_connection *ic = data; struct jabber_data *jd; + GSList *auth = NULL; if( g_slist_find( jabber_connections, ic ) == NULL ) return; @@ -539,19 +540,16 @@ static void sasl_oauth2_got_token( gpointer data, const char *access_token, cons imc_logout( ic, TRUE ); return; } - if( refresh_token != NULL ) - { - g_free( ic->acc->pass ); - ic->acc->pass = g_strdup_printf( "refresh_token=%s", refresh_token ); - } - /* Should do this, but only in the Facebook case where we get an access - token that never expires. Shouldn't overwrite a refresh token with - an access token. - else - { - g_free( ic->acc->pass ); - ic->acc->pass = g_strdup_printf( "access_token=%s", access_token ); - } */ + + oauth_params_parse( &auth, ic->acc->pass ); + if( refresh_token ) + oauth_params_set( &auth, "refresh_token", refresh_token ); + if( access_token ) + oauth_params_set( &auth, "access_token", access_token ); + + g_free( ic->acc->pass ); + ic->acc->pass = oauth_params_string( auth ); + oauth_params_free( &auth ); g_free( jd->oauth2_access_token ); jd->oauth2_access_token = g_strdup( access_token ); -- cgit v1.2.3 From 68286eb08dbb6c2aad555f155da6f16ee6f061e8 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Tue, 20 Dec 2011 17:45:53 +0100 Subject: Detect JID changes at login time and warn the user about them. --- protocols/jabber/conference.c | 3 ++- protocols/jabber/iq.c | 26 ++++++++++++++++++++++---- protocols/jabber/jabber.c | 11 ++++------- protocols/jabber/jabber.h | 2 ++ protocols/jabber/jabber_util.c | 18 ++++++++++++++++++ 5 files changed, 48 insertions(+), 12 deletions(-) (limited to 'protocols/jabber') diff --git a/protocols/jabber/conference.c b/protocols/jabber/conference.c index 0c2db0b3..74561d24 100644 --- a/protocols/jabber/conference.c +++ b/protocols/jabber/conference.c @@ -210,6 +210,7 @@ void jabber_chat_pkt_presence( struct im_connection *ic, struct jabber_buddy *bu struct groupchat *chat; struct xt_node *c; char *type = xt_find_attr( node, "type" ); + struct jabber_data *jd = ic->proto_data; struct jabber_chat *jc; char *s; @@ -251,7 +252,7 @@ void jabber_chat_pkt_presence( struct im_connection *ic, struct jabber_buddy *bu { if( bud == jc->me ) { - bud->ext_jid = jabber_normalize( ic->acc->user ); + bud->ext_jid = g_strdup( jd->me ); } else { diff --git a/protocols/jabber/iq.c b/protocols/jabber/iq.c index 0c5671d0..2cdc681e 100644 --- a/protocols/jabber/iq.c +++ b/protocols/jabber/iq.c @@ -30,6 +30,7 @@ static xt_status jabber_iq_display_vcard( struct im_connection *ic, struct xt_no xt_status jabber_pkt_iq( struct xt_node *node, gpointer data ) { struct im_connection *ic = data; + struct jabber_data *jd = ic->proto_data; struct xt_node *c, *reply = NULL; char *type, *s; int st, pack = 1; @@ -169,10 +170,10 @@ xt_status jabber_pkt_iq( struct xt_node *node, gpointer data ) /* This is a roster push. XMPP servers send this when someone was added to (or removed from) the buddy list. AFAIK they're sent even if we added this buddy in our own session. */ - int bare_len = strlen( ic->acc->user ); + int bare_len = strlen( jd->me ); if( ( s = xt_find_attr( node, "from" ) ) == NULL || - ( strncmp( s, ic->acc->user, bare_len ) == 0 && + ( strncmp( s, jd->me, bare_len ) == 0 && ( s[bare_len] == 0 || s[bare_len] == '/' ) ) ) { jabber_parse_roster( ic, node, NULL ); @@ -342,8 +343,25 @@ xt_status jabber_pkt_bind_sess( struct im_connection *ic, struct xt_node *node, if( node && ( c = xt_find_node( node->children, "bind" ) ) ) { c = xt_find_node( c->children, "jid" ); - if( c && c->text_len && ( s = strchr( c->text, '/' ) ) && - strcmp( s + 1, set_getstr( &ic->acc->set, "resource" ) ) != 0 ) + if( !c || !c->text ) + { + /* Server is crap, but this is no disaster. */ + } + else if( strncmp( jd->me, c->text, strlen( jd->me ) ) != 0 ) + { + s = strchr( c->text, '/' ); + if( s ) + *s = '\0'; + jabber_set_me( ic, c->text ); + imcb_log( ic, "Server claims your JID is `%s' instead of `%s'. " + "This mismatch may cause problems with groupchats " + "and possibly other things.", + c->text, ic->acc->user ); + if( s ) + *s = '/'; + } + else if( c && c->text_len && ( s = strchr( c->text, '/' ) ) && + strcmp( s + 1, set_getstr( &ic->acc->set, "resource" ) ) != 0 ) imcb_log( ic, "Server changed session resource string to `%s'", s + 1 ); } diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index 50ee6f2d..f631a74e 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -110,8 +110,7 @@ static void jabber_login( account_t *acc ) jd->ic = ic; ic->proto_data = jd; - jd->username = g_strdup( acc->user ); - jd->server = strchr( jd->username, '@' ); + jabber_set_me( ic, acc->user ); jd->fd = jd->r_inpa = jd->w_inpa = -1; @@ -122,10 +121,6 @@ static void jabber_login( account_t *acc ) return; } - /* So don't think of free()ing jd->server.. :-) */ - *jd->server = 0; - jd->server ++; - if( ( s = strchr( jd->server, '/' ) ) ) { *s = 0; @@ -313,6 +308,7 @@ static void jabber_logout( struct im_connection *ic ) g_free( jd->oauth2_access_token ); g_free( jd->away_message ); g_free( jd->username ); + g_free( jd->me ); g_free( jd ); jabber_connections = g_slist_remove( jabber_connections, ic ); @@ -494,11 +490,12 @@ static void jabber_chat_leave_( struct groupchat *c ) static void jabber_chat_invite_( struct groupchat *c, char *who, char *msg ) { + struct jabber_data *jd = c->ic->proto_data; struct jabber_chat *jc = c->data; gchar *msg_alt = NULL; if( msg == NULL ) - msg_alt = g_strdup_printf( "%s invited you to %s", c->ic->acc->user, jc->name ); + msg_alt = g_strdup_printf( "%s invited you to %s", jd->me, jc->name ); if( c && who ) jabber_chat_invite( c, who, msg ? msg : msg_alt ); diff --git a/protocols/jabber/jabber.h b/protocols/jabber/jabber.h index 57f01695..85bcfafe 100644 --- a/protocols/jabber/jabber.h +++ b/protocols/jabber/jabber.h @@ -93,6 +93,7 @@ struct jabber_data char *username; /* USERNAME@server */ char *server; /* username@SERVER -=> server/domain, not hostname */ + char *me; /* bare jid */ const struct oauth2_service *oauth2_service; char *oauth2_access_token; @@ -307,6 +308,7 @@ void jabber_buddy_remove_all( struct im_connection *ic ); time_t jabber_get_timestamp( struct xt_node *xt ); struct jabber_error *jabber_error_parse( struct xt_node *node, char *xmlns ); void jabber_error_free( struct jabber_error *err ); +gboolean jabber_set_me( struct im_connection *ic, const char *me ); extern const struct jabber_away_state jabber_away_state_list[]; diff --git a/protocols/jabber/jabber_util.c b/protocols/jabber/jabber_util.c index e6b13659..d181b904 100644 --- a/protocols/jabber/jabber_util.c +++ b/protocols/jabber/jabber_util.c @@ -760,3 +760,21 @@ void jabber_error_free( struct jabber_error *err ) { g_free( err ); } + +gboolean jabber_set_me( struct im_connection *ic, const char *me ) +{ + struct jabber_data *jd = ic->proto_data; + + if( strchr( me, '@' ) == NULL ) + return FALSE; + + g_free( jd->username ); + g_free( jd->me ); + + jd->me = jabber_normalize( me ); + jd->server = strchr( jd->me, '@' ); + jd->username = g_strndup( jd->me, jd->server - jd->me ); + jd->server ++; + + return TRUE; +} -- cgit v1.2.3 From e14b47b826594772e4f3d0dbec1bf17153aa92b1 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Wed, 21 Dec 2011 11:48:08 +0100 Subject: Fix parsing of acc->pass. Use oauth_params_ functions instead of string magic, fixes escaping issues. --- protocols/jabber/jabber.c | 16 ++++++++++++---- protocols/jabber/jabber.h | 1 - protocols/jabber/sasl.c | 12 ------------ 3 files changed, 12 insertions(+), 17 deletions(-) (limited to 'protocols/jabber') diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index f631a74e..11980d13 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -31,6 +31,7 @@ #include "xmltree.h" #include "bitlbee.h" #include "jabber.h" +#include "oauth.h" #include "md5.h" GSList *jabber_connections; @@ -137,6 +138,9 @@ static void jabber_login( account_t *acc ) if( set_getbool( &acc->set, "oauth" ) ) { + GSList *p_in = NULL; + const char *tok; + jd->fd = jd->r_inpa = jd->w_inpa = -1; if( strstr( jd->server, ".live.com" ) ) @@ -146,18 +150,20 @@ static void jabber_login( account_t *acc ) else jd->oauth2_service = &oauth2_service_google; + oauth_params_parse( &p_in, ic->acc->pass ); + /* First see if we have a refresh token, in which case any access token we *might* have has probably expired already anyway. */ - if( strstr( acc->pass, "refresh_token=" ) ) + if( ( tok = oauth_params_get( &p_in, "refresh_token" ) ) ) { - sasl_oauth2_refresh( ic, acc->pass + 14 ); + sasl_oauth2_refresh( ic, tok ); } /* If we don't have a refresh token, let's hope the access token is still usable. */ - else if( strstr( acc->pass, "access_token=" ) ) + else if( ( tok = oauth_params_get( &p_in, "access_token" ) ) ) { - sasl_oauth2_load_access_token( ic ); + jd->oauth2_access_token = g_strdup( tok ); jabber_connect( ic ); } /* If we don't have any, start the OAuth process now. Don't @@ -167,6 +173,8 @@ static void jabber_login( account_t *acc ) sasl_oauth2_init( ic ); ic->flags |= OPT_SLOW_LOGIN; } + + oauth_params_free( &p_in ); } else jabber_connect( ic ); diff --git a/protocols/jabber/jabber.h b/protocols/jabber/jabber.h index 85bcfafe..49cfe8ee 100644 --- a/protocols/jabber/jabber.h +++ b/protocols/jabber/jabber.h @@ -328,7 +328,6 @@ gboolean sasl_supported( struct im_connection *ic ); void sasl_oauth2_init( struct im_connection *ic ); int sasl_oauth2_get_refresh_token( struct im_connection *ic, const char *msg ); int sasl_oauth2_refresh( struct im_connection *ic, const char *refresh_token ); -int sasl_oauth2_load_access_token( struct im_connection *ic ); extern const struct oauth2_service oauth2_service_google; extern const struct oauth2_service oauth2_service_facebook; diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index 06dda8a8..2f45eb20 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -511,18 +511,6 @@ int sasl_oauth2_refresh( struct im_connection *ic, const char *refresh_token ) refresh_token, sasl_oauth2_got_token, ic ); } -int sasl_oauth2_load_access_token( struct im_connection *ic ) -{ - struct jabber_data *jd = ic->proto_data; - GSList *p_in = NULL; - - oauth_params_parse( &p_in, ic->acc->pass ); - jd->oauth2_access_token = g_strdup( oauth_params_get( &p_in, "access_token" ) ); - oauth_params_free( &p_in ); - - return jd->oauth2_access_token != NULL; -} - static void sasl_oauth2_got_token( gpointer data, const char *access_token, const char *refresh_token ) { struct im_connection *ic = data; -- cgit v1.2.3 From ce199b726735374aca84b2111bb19ec103478ebc Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Wed, 21 Dec 2011 12:21:04 +0100 Subject: Make it easier to add OAuth-authenticated accounts without having to type a bogus password. --- protocols/jabber/jabber.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'protocols/jabber') diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index 11980d13..71287842 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -60,7 +60,7 @@ static void jabber_init( account_t *acc ) s = set_add( &acc->set, "activity_timeout", "600", set_eval_int, acc ); - s = set_add( &acc->set, "oauth", "false", set_eval_bool, acc ); + s = set_add( &acc->set, "oauth", "false", set_eval_oauth, acc ); g_snprintf( str, sizeof( str ), "%d", jabber_port_list[0] ); s = set_add( &acc->set, "port", str, set_eval_int, acc ); @@ -75,6 +75,9 @@ static void jabber_init( account_t *acc ) s = set_add( &acc->set, "resource_select", "activity", NULL, acc ); + s = set_add( &acc->set, "sasl", "true", set_eval_bool, acc ); + s->flags |= ACC_SET_OFFLINE_ONLY | SET_HIDDEN_DEFAULT; + s = set_add( &acc->set, "server", NULL, set_eval_account, acc ); s->flags |= ACC_SET_NOSAVE | ACC_SET_OFFLINE_ONLY | SET_NULL_OK; @@ -83,9 +86,6 @@ static void jabber_init( account_t *acc ) s = set_add( &acc->set, "tls", "try", set_eval_tls, acc ); s->flags |= ACC_SET_OFFLINE_ONLY; - - s = set_add( &acc->set, "sasl", "true", set_eval_bool, acc ); - s->flags |= ACC_SET_OFFLINE_ONLY | SET_HIDDEN_DEFAULT; s = set_add( &acc->set, "user_agent", "BitlBee", NULL, acc ); -- cgit v1.2.3 From 34ded90e19635c7ebf2afd184f36b03abc879bec Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sat, 24 Dec 2011 19:09:05 +0100 Subject: Slight cleanup: Use a constant instead of just "jabber_oauth" everywhere, and added some safeguards to keep the user from messaging it when we're not actually doing OAuth setup. --- protocols/jabber/jabber.c | 5 +++-- protocols/jabber/jabber.h | 1 + protocols/jabber/sasl.c | 10 +++++----- 3 files changed, 9 insertions(+), 7 deletions(-) (limited to 'protocols/jabber') diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index 92256a71..41ce509b 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -89,7 +89,7 @@ static void jabber_init( account_t *acc ) s = set_add( &acc->set, "tls_verify", "true", set_eval_bool, acc ); s->flags |= ACC_SET_OFFLINE_ONLY; - + s = set_add( &acc->set, "user_agent", "BitlBee", NULL, acc ); s = set_add( &acc->set, "xmlconsole", "false", set_eval_bool, acc ); @@ -336,7 +336,8 @@ static int jabber_buddy_msg( struct im_connection *ic, char *who, char *message, if( g_strcasecmp( who, JABBER_XMLCONSOLE_HANDLE ) == 0 ) return jabber_write( ic, message, strlen( message ) ); - if( g_strcasecmp( who, "jabber_oauth" ) == 0 ) + if( g_strcasecmp( who, JABBER_OAUTH_HANDLE ) == 0 && + !( jd->flags & OPT_LOGGED_IN ) && jd->fd == -1 ) { if( sasl_oauth2_get_refresh_token( ic, message ) ) { diff --git a/protocols/jabber/jabber.h b/protocols/jabber/jabber.h index 76546bde..046741a3 100644 --- a/protocols/jabber/jabber.h +++ b/protocols/jabber/jabber.h @@ -193,6 +193,7 @@ struct jabber_transfer }; #define JABBER_XMLCONSOLE_HANDLE "xmlconsole" +#define JABBER_OAUTH_HANDLE "jabber_oauth" /* Prefixes to use for packet IDs (mainly for IQ packets ATM). Usually the first one should be used, but when storing a packet in the cache, a diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index 2f45eb20..b4eb4eb8 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -461,12 +461,12 @@ void sasl_oauth2_init( struct im_connection *ic ) imcb_log( ic, "Starting OAuth authentication" ); /* Temporary contact, just used to receive the OAuth response. */ - imcb_add_buddy( ic, "jabber_oauth", NULL ); + imcb_add_buddy( ic, JABBER_OAUTH_HANDLE, NULL ); url = oauth2_url( jd->oauth2_service ); msg = g_strdup_printf( "Open this URL in your browser to authenticate: %s", url ); - imcb_buddy_msg( ic, "jabber_oauth", msg, 0, 0 ); - imcb_buddy_msg( ic, "jabber_oauth", "Respond to this message with the returned " - "authorization token.", 0, 0 ); + imcb_buddy_msg( ic, JABBER_OAUTH_HANDLE, msg, 0, 0 ); + imcb_buddy_msg( ic, JABBER_OAUTH_HANDLE, "Respond to this message with the returned " + "authorization token.", 0, 0 ); g_free( msg ); g_free( url ); @@ -476,7 +476,7 @@ static gboolean sasl_oauth2_remove_contact( gpointer data, gint fd, b_input_cond { struct im_connection *ic = data; if( g_slist_find( jabber_connections, ic ) ) - imcb_remove_buddy( ic, "jabber_oauth", NULL ); + imcb_remove_buddy( ic, JABBER_OAUTH_HANDLE, NULL ); return FALSE; } -- cgit v1.2.3 From 644b8080349d7d42ca89946acc207592fd0acc2d Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Mon, 26 Dec 2011 11:50:34 +0100 Subject: A few more minor cleanups before merging this into mainline. --- protocols/jabber/sasl.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'protocols/jabber') diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index b4eb4eb8..d08890a6 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -104,10 +104,14 @@ xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) c = c->next; } - if( !sup_plain && !sup_digest && !sup_gtalk && !sup_fb && !sup_ms ) + if( !sup_plain && !sup_digest ) { - imcb_error( ic, "BitlBee does not support any of the offered SASL " - "authentication schemes:%s", mechs->str ); + if( !sup_gtalk && !sup_fb && !sup_ms ) + imcb_error( ic, "This server requires OAuth " + "(supported schemes:%s)", mechs->str ); + else + imcb_error( ic, "BitlBee does not support any of the offered SASL " + "authentication schemes:%s", mechs->str ); imc_logout( ic, FALSE ); g_string_free( mechs, TRUE ); return XT_ABORT; @@ -293,12 +297,8 @@ xt_status sasl_pkt_challenge( struct xt_node *node, gpointer data ) if( jd->flags & JFLAG_SASL_FB ) { - /* Facebook proprietary authentication. Not as useful as it seemed, but - the code's written now, may as well keep it.. - - Mechanism is described on http://developers.facebook.com/docs/chat/ - and in their Python module. It's all mostly useless because the tokens - expire after 24h. */ + /* New-style Facebook OAauth2 support. Instead of sending a refresh + token, they just send an access token that should never expire. */ GSList *p_in = NULL, *p_out = NULL; char time[33]; -- cgit v1.2.3