From 4efa5ce4d0778c841f957c2beb3458f9e76c5534 Mon Sep 17 00:00:00 2001 From: Alex Miller Date: Sun, 18 Dec 2011 14:44:11 -0600 Subject: Don't use the C++ keyword 'new' as a variable name. --- protocols/bee.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'protocols') diff --git a/protocols/bee.h b/protocols/bee.h index 49ea6fb5..24f5824e 100644 --- a/protocols/bee.h +++ b/protocols/bee.h @@ -122,7 +122,7 @@ typedef struct bee_ui_funcs gboolean (*chat_msg)( bee_t *bee, struct groupchat *c, bee_user_t *bu, const char *msg, time_t sent_at ); gboolean (*chat_add_user)( bee_t *bee, struct groupchat *c, bee_user_t *bu ); gboolean (*chat_remove_user)( bee_t *bee, struct groupchat *c, bee_user_t *bu ); - gboolean (*chat_topic)( bee_t *bee, struct groupchat *c, const char *new, bee_user_t *bu ); + gboolean (*chat_topic)( bee_t *bee, struct groupchat *c, const char *new_topic, bee_user_t *bu ); gboolean (*chat_name_hint)( bee_t *bee, struct groupchat *c, const char *name ); gboolean (*chat_invite)( bee_t *bee, bee_user_t *bu, const char *name, const char *msg ); -- cgit v1.2.3 From 486ddb53b93b6677dc3feeb4afaad2ea93a71a81 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Mon, 19 Dec 2011 15:50:58 +0100 Subject: Initial merge of tls_verify patch from AopicieR. --- protocols/jabber/io.c | 53 ++++++++++++++++++++++++++++++++++++++++++++--- protocols/jabber/jabber.c | 3 +++ protocols/jabber/jabber.h | 2 +- protocols/skype/skype.c | 2 +- 4 files changed, 55 insertions(+), 5 deletions(-) (limited to 'protocols') diff --git a/protocols/jabber/io.c b/protocols/jabber/io.c index a28eea90..9e55e3f9 100644 --- a/protocols/jabber/io.c +++ b/protocols/jabber/io.c @@ -275,7 +275,7 @@ gboolean jabber_connected_plain( gpointer data, gint source, b_input_condition c return jabber_start_stream( ic ); } -gboolean jabber_connected_ssl( gpointer data, void *source, b_input_condition cond ) +gboolean jabber_connected_ssl( gpointer data, int returncode, void *source, b_input_condition cond ) { struct im_connection *ic = data; struct jabber_data *jd; @@ -292,6 +292,43 @@ gboolean jabber_connected_ssl( gpointer data, void *source, b_input_condition co jd->ssl = NULL; imcb_error( ic, "Could not connect to server" ); + if (returncode == OPENSSL_VERIFY_ERROR ) + { + imcb_error( ic, "This BitlBee server is built agains the OpenSSL library." ); + imcb_error( ic, "Unfortunately certificate verification is only supported when built against GnuTLS for now." ); + imc_logout( ic, FALSE ); + } + else if (returncode == NSS_VERIFY_ERROR ) + { + imcb_error( ic, "This BitlBee server is built agains the NSS library." ); + imcb_error( ic, "Unfortunately certificate verification is only supported when built against GnuTLS for now." ); + imc_logout( ic, FALSE ); + } + else if (returncode == VERIFY_CERT_ERROR ) + { + imcb_error( ic, "An error occured during the certificate verification." ); + imc_logout( ic, FALSE ); + } + else if (returncode & VERIFY_CERT_INVALID) + { + imcb_error( ic, "Unable to verify peer's certificate." ); + if (returncode & VERIFY_CERT_REVOKED) + imcb_error( ic, "The certificate has been revoked." ); + if (returncode & VERIFY_CERT_SIGNER_NOT_FOUND) + imcb_error( ic, "The certificate hasn't got a known issuer." ); + if (returncode & VERIFY_CERT_SIGNER_NOT_CA) + imcb_error( ic, "The certificate's issuer is not a CA." ); + if (returncode & VERIFY_CERT_INSECURE_ALGORITHM) + imcb_error( ic, "The certificate uses an insecure algorithm." ); + if (returncode & VERIFY_CERT_NOT_ACTIVATED) + imcb_error( ic, "The certificate has not been activated." ); + if (returncode & VERIFY_CERT_EXPIRED) + imcb_error( ic, "The certificate has expired." ); + if (returncode & VERIFY_CERT_WRONG_HOSTNAME) + imcb_error( ic, "The hostname specified in the certificate doesn't match the server name." ); + imc_logout( ic, FALSE ); + } + else imc_logout( ic, TRUE ); return FALSE; } @@ -396,7 +433,7 @@ static xt_status jabber_pkt_proceed_tls( struct xt_node *node, gpointer data ) { struct im_connection *ic = data; struct jabber_data *jd = ic->proto_data; - char *xmlns; + char *xmlns, *tlsname; xmlns = xt_find_attr( node, "xmlns" ); @@ -422,7 +459,17 @@ static xt_status jabber_pkt_proceed_tls( struct xt_node *node, gpointer data ) imcb_log( ic, "Converting stream to TLS" ); jd->flags |= JFLAG_STARTTLS_DONE; - jd->ssl = ssl_starttls( jd->fd, jabber_connected_ssl, ic ); + + /* If the user specified a server for the account, use this server as the + * hostname in the certificate verification. Else we use the domain from + * the username. */ + if( ic->acc->server && *ic->acc->server ) + tlsname = ic->acc->server; + else + tlsname = jd->server; + + jd->ssl = ssl_starttls( jd->fd, tlsname, set_getbool( &ic->acc->set, "tls_verify" ), + jabber_connected_ssl, ic ); return XT_HANDLED; } diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index 7d9547ab..dd2f0866 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -81,6 +81,9 @@ static void jabber_init( account_t *acc ) s = set_add( &acc->set, "tls", "try", set_eval_tls, acc ); s->flags |= ACC_SET_OFFLINE_ONLY; + s = set_add( &acc->set, "tls_verify", "true", set_eval_bool, acc ); + s->flags |= ACC_SET_OFFLINE_ONLY; + s = set_add( &acc->set, "sasl", "true", set_eval_bool, acc ); s->flags |= ACC_SET_OFFLINE_ONLY | SET_HIDDEN_DEFAULT; diff --git a/protocols/jabber/jabber.h b/protocols/jabber/jabber.h index adf9a291..5996c301 100644 --- a/protocols/jabber/jabber.h +++ b/protocols/jabber/jabber.h @@ -306,7 +306,7 @@ extern const struct jabber_away_state jabber_away_state_list[]; int jabber_write_packet( struct im_connection *ic, struct xt_node *node ); int jabber_write( struct im_connection *ic, char *buf, int len ); gboolean jabber_connected_plain( gpointer data, gint source, b_input_condition cond ); -gboolean jabber_connected_ssl( gpointer data, void *source, b_input_condition cond ); +gboolean jabber_connected_ssl( gpointer data, int returncode, void *source, b_input_condition cond ); gboolean jabber_start_stream( struct im_connection *ic ); void jabber_end_stream( struct im_connection *ic ); diff --git a/protocols/skype/skype.c b/protocols/skype/skype.c index 5b1a6c30..10f355a6 100644 --- a/protocols/skype/skype.c +++ b/protocols/skype/skype.c @@ -1156,7 +1156,7 @@ gboolean skype_start_stream(struct im_connection *ic) return st; } -gboolean skype_connected(gpointer data, void *source, b_input_condition cond) +gboolean skype_connected(gpointer data, int returncode, void *source, b_input_condition cond) { struct im_connection *ic = data; struct skype_data *sd = ic->proto_data; -- cgit v1.2.3 From 78b840187cc1e2d370dd758e6a73c21e510107b5 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Mon, 19 Dec 2011 18:22:37 +0100 Subject: Move conversion of status codes to status messages into SSL libs. --- protocols/jabber/io.c | 43 +++++++++---------------------------------- 1 file changed, 9 insertions(+), 34 deletions(-) (limited to 'protocols') diff --git a/protocols/jabber/io.c b/protocols/jabber/io.c index 9e55e3f9..5ff8052c 100644 --- a/protocols/jabber/io.c +++ b/protocols/jabber/io.c @@ -291,45 +291,20 @@ gboolean jabber_connected_ssl( gpointer data, int returncode, void *source, b_in already, set it to NULL here to prevent a double cleanup: */ jd->ssl = NULL; - imcb_error( ic, "Could not connect to server" ); - if (returncode == OPENSSL_VERIFY_ERROR ) - { - imcb_error( ic, "This BitlBee server is built agains the OpenSSL library." ); - imcb_error( ic, "Unfortunately certificate verification is only supported when built against GnuTLS for now." ); - imc_logout( ic, FALSE ); - } - else if (returncode == NSS_VERIFY_ERROR ) - { - imcb_error( ic, "This BitlBee server is built agains the NSS library." ); - imcb_error( ic, "Unfortunately certificate verification is only supported when built against GnuTLS for now." ); - imc_logout( ic, FALSE ); - } - else if (returncode == VERIFY_CERT_ERROR ) + if( returncode & VERIFY_CERT_INVALID) { - imcb_error( ic, "An error occured during the certificate verification." ); + char *err = ssl_verify_strerror( returncode ); + imcb_error( ic, "Certificate verification problem 0x%x: %s", + returncode, err ? err : "Unknown" ); + g_free( err ); imc_logout( ic, FALSE ); } - else if (returncode & VERIFY_CERT_INVALID) + else { - imcb_error( ic, "Unable to verify peer's certificate." ); - if (returncode & VERIFY_CERT_REVOKED) - imcb_error( ic, "The certificate has been revoked." ); - if (returncode & VERIFY_CERT_SIGNER_NOT_FOUND) - imcb_error( ic, "The certificate hasn't got a known issuer." ); - if (returncode & VERIFY_CERT_SIGNER_NOT_CA) - imcb_error( ic, "The certificate's issuer is not a CA." ); - if (returncode & VERIFY_CERT_INSECURE_ALGORITHM) - imcb_error( ic, "The certificate uses an insecure algorithm." ); - if (returncode & VERIFY_CERT_NOT_ACTIVATED) - imcb_error( ic, "The certificate has not been activated." ); - if (returncode & VERIFY_CERT_EXPIRED) - imcb_error( ic, "The certificate has expired." ); - if (returncode & VERIFY_CERT_WRONG_HOSTNAME) - imcb_error( ic, "The hostname specified in the certificate doesn't match the server name." ); - imc_logout( ic, FALSE ); + imcb_error( ic, "Could not connect to server" ); + imc_logout( ic, TRUE ); } - else - imc_logout( ic, TRUE ); + return FALSE; } -- cgit v1.2.3 From a72dc2bb447e754295f8efc6f44fc6572f0f8511 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Mon, 19 Dec 2011 18:57:20 +0100 Subject: Add verify argument to ssl_connect() so HTTPS-based stuff is also secure. (Think of Twitter, but also MSN/Yahoo! authentication.) --- protocols/jabber/jabber.c | 2 +- protocols/skype/skype.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'protocols') diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index dd2f0866..372d73a9 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -235,7 +235,7 @@ static void jabber_login( account_t *acc ) non-standard ports... */ if( set_getbool( &acc->set, "ssl" ) ) { - jd->ssl = ssl_connect( connect_to, set_getint( &acc->set, "port" ), jabber_connected_ssl, ic ); + jd->ssl = ssl_connect( connect_to, set_getint( &acc->set, "port" ), FALSE, jabber_connected_ssl, ic ); jd->fd = jd->ssl ? ssl_getfd( jd->ssl ) : -1; } else diff --git a/protocols/skype/skype.c b/protocols/skype/skype.c index 10f355a6..760aeb3d 100644 --- a/protocols/skype/skype.c +++ b/protocols/skype/skype.c @@ -1184,7 +1184,7 @@ static void skype_login(account_t *acc) imcb_log(ic, "Connecting"); sd->ssl = ssl_connect(set_getstr(&acc->set, "server"), - set_getint(&acc->set, "port"), skype_connected, ic); + set_getint(&acc->set, "port"), FALSE, skype_connected, ic); sd->fd = sd->ssl ? ssl_getfd(sd->ssl) : -1; sd->username = g_strdup(acc->user); -- cgit v1.2.3 From 9f958f794a1710f17eaae79c64f90f1f66134094 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Mon, 19 Dec 2011 19:09:11 +0100 Subject: Pass the SSL errors through another layer of indirection (Passport SOAP code). --- protocols/msn/soap.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'protocols') diff --git a/protocols/msn/soap.c b/protocols/msn/soap.c index 7d9f3791..d9804f49 100644 --- a/protocols/msn/soap.c +++ b/protocols/msn/soap.c @@ -59,6 +59,7 @@ struct msn_soap_req_data void *data; struct im_connection *ic; int ttl; + char *error; char *url, *action, *payload; struct http_request *http_req; @@ -157,13 +158,17 @@ static void msn_soap_handle_response( struct http_request *http_req ) xt_free( parser ); } + if( http_req->status_code != 200 ) + soap_req->error = g_strdup( http_req->status_string ); + st = soap_req->handle_response( soap_req ); fail: g_free( soap_req->url ); g_free( soap_req->action ); g_free( soap_req->payload ); - soap_req->url = soap_req->action = soap_req->payload = NULL; + g_free( soap_req->error ); + soap_req->url = soap_req->action = soap_req->payload = soap_req->error = NULL; if( st == MSN_SOAP_RETRY && --soap_req->ttl ) { @@ -252,6 +257,7 @@ static void msn_soap_free( struct msn_soap_req_data *soap_req ) g_free( soap_req->url ); g_free( soap_req->action ); g_free( soap_req->payload ); + g_free( soap_req->error ); g_free( soap_req ); } @@ -409,7 +415,7 @@ static int msn_soap_passport_sso_handle_response( struct msn_soap_req_data *soap if( sd->secret == NULL ) { - msn_auth_got_passport_token( ic, NULL, sd->error ); + msn_auth_got_passport_token( ic, NULL, sd->error ? sd->error : soap_req->error ); return MSN_SOAP_OK; } -- cgit v1.2.3 From 41658da57b611d17030dc7e2c3feb54f99b668ac Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Mon, 19 Dec 2011 19:45:53 +0100 Subject: Just check if verification code != 0 instead of checking for one specific bit. Any non-0 failure means a problem. --- protocols/jabber/io.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'protocols') diff --git a/protocols/jabber/io.c b/protocols/jabber/io.c index 5ff8052c..5b9149af 100644 --- a/protocols/jabber/io.c +++ b/protocols/jabber/io.c @@ -291,7 +291,7 @@ gboolean jabber_connected_ssl( gpointer data, int returncode, void *source, b_in already, set it to NULL here to prevent a double cleanup: */ jd->ssl = NULL; - if( returncode & VERIFY_CERT_INVALID) + if( returncode != 0 ) { char *err = ssl_verify_strerror( returncode ); imcb_error( ic, "Certificate verification problem 0x%x: %s", -- cgit v1.2.3 From ad46e4d3ed1997e6b3f718a7a8be9a37eb63388d Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Thu, 22 Dec 2011 12:23:18 +0100 Subject: Use initgroups() as well when dropping privileges. Closes bug #852. --- protocols/jabber/io.c | 3 +++ protocols/jabber/jabber.c | 32 +++++++++++++++++++++++++++++++- protocols/jabber/jabber.h | 2 ++ 3 files changed, 36 insertions(+), 1 deletion(-) (limited to 'protocols') diff --git a/protocols/jabber/io.c b/protocols/jabber/io.c index a28eea90..d3383375 100644 --- a/protocols/jabber/io.c +++ b/protocols/jabber/io.c @@ -172,6 +172,9 @@ static gboolean jabber_read_callback( gpointer data, gint fd, b_input_condition if( st > 0 ) { + if( jd->flags & JFLAG_MOCK ) + return TRUE; + /* Parse. */ if( xt_feed( jd->xt, buf, st ) < 0 ) { diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index 7d9547ab..fae55ffe 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -335,6 +335,25 @@ static int jabber_buddy_msg( struct im_connection *ic, char *who, char *message, if( g_strcasecmp( who, JABBER_XMLCONSOLE_HANDLE ) == 0 ) return jabber_write( ic, message, strlen( message ) ); + + if( g_strcasecmp( who, JABBER_MOCK_HANDLE ) == 0 ) + { + /* Parse. */ + if( xt_feed( jd->xt, message, strlen( message ) ) < 0 ) + { + imcb_error( ic, "XML stream error" ); + imc_logout( ic, TRUE ); + return FALSE; + } + + /* Execute all handlers. */ + if( !xt_handle( jd->xt, NULL, 1 ) ) + { + /* Don't do anything, the handlers should have + aborted the connection already. */ + return FALSE; + } + } if( ( s = strchr( who, '=' ) ) && jabber_chat_by_jid( ic, s + 1 ) ) bud = jabber_buddy_by_ext_jid( ic, who, 0 ); @@ -425,7 +444,13 @@ static void jabber_add_buddy( struct im_connection *ic, char *who, char *group ) if( g_strcasecmp( who, JABBER_XMLCONSOLE_HANDLE ) == 0 ) { jd->flags |= JFLAG_XMLCONSOLE; - imcb_add_buddy( ic, JABBER_XMLCONSOLE_HANDLE, NULL ); + imcb_add_buddy( ic, who, NULL ); + return; + } + else if( g_strcasecmp( who, JABBER_MOCK_HANDLE ) == 0 ) + { + jd->flags |= JFLAG_MOCK; + imcb_add_buddy( ic, who, NULL ); return; } @@ -447,6 +472,11 @@ static void jabber_remove_buddy( struct im_connection *ic, char *who, char *grou */ return; } + else if( g_strcasecmp( who, JABBER_MOCK_HANDLE ) == 0 ) + { + jd->flags &= ~JFLAG_MOCK; + return; + } /* We should always do this part. Clean up our administration a little bit. */ jabber_buddy_remove_bare( ic, who ); diff --git a/protocols/jabber/jabber.h b/protocols/jabber/jabber.h index adf9a291..364d561c 100644 --- a/protocols/jabber/jabber.h +++ b/protocols/jabber/jabber.h @@ -46,6 +46,7 @@ typedef enum activates all XEP-85 related code. */ JFLAG_XMLCONSOLE = 64, /* If the user added an xmlconsole buddy. */ JFLAG_STARTTLS_DONE = 128, /* If a plaintext session was converted to TLS. */ + JFLAG_MOCK = 256, /* If the user added a mock buddy. */ } jabber_flags_t; typedef enum @@ -187,6 +188,7 @@ struct jabber_transfer }; #define JABBER_XMLCONSOLE_HANDLE "xmlconsole" +#define JABBER_MOCK_HANDLE "mock" /* Prefixes to use for packet IDs (mainly for IQ packets ATM). Usually the first one should be used, but when storing a packet in the cache, a -- cgit v1.2.3 From 96f954df218e81f5580257c319b91217dac2f4bf Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sat, 24 Dec 2011 18:49:12 +0100 Subject: Removing unfinished debugging stuff accidentally committed in changeset:devel,856. --- protocols/jabber/io.c | 3 --- protocols/jabber/jabber.c | 32 +------------------------------- protocols/jabber/jabber.h | 2 -- 3 files changed, 1 insertion(+), 36 deletions(-) (limited to 'protocols') diff --git a/protocols/jabber/io.c b/protocols/jabber/io.c index 385c45c4..5b9149af 100644 --- a/protocols/jabber/io.c +++ b/protocols/jabber/io.c @@ -172,9 +172,6 @@ static gboolean jabber_read_callback( gpointer data, gint fd, b_input_condition if( st > 0 ) { - if( jd->flags & JFLAG_MOCK ) - return TRUE; - /* Parse. */ if( xt_feed( jd->xt, buf, st ) < 0 ) { diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index 2856f1b6..372d73a9 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -338,25 +338,6 @@ static int jabber_buddy_msg( struct im_connection *ic, char *who, char *message, if( g_strcasecmp( who, JABBER_XMLCONSOLE_HANDLE ) == 0 ) return jabber_write( ic, message, strlen( message ) ); - - if( g_strcasecmp( who, JABBER_MOCK_HANDLE ) == 0 ) - { - /* Parse. */ - if( xt_feed( jd->xt, message, strlen( message ) ) < 0 ) - { - imcb_error( ic, "XML stream error" ); - imc_logout( ic, TRUE ); - return FALSE; - } - - /* Execute all handlers. */ - if( !xt_handle( jd->xt, NULL, 1 ) ) - { - /* Don't do anything, the handlers should have - aborted the connection already. */ - return FALSE; - } - } if( ( s = strchr( who, '=' ) ) && jabber_chat_by_jid( ic, s + 1 ) ) bud = jabber_buddy_by_ext_jid( ic, who, 0 ); @@ -447,13 +428,7 @@ static void jabber_add_buddy( struct im_connection *ic, char *who, char *group ) if( g_strcasecmp( who, JABBER_XMLCONSOLE_HANDLE ) == 0 ) { jd->flags |= JFLAG_XMLCONSOLE; - imcb_add_buddy( ic, who, NULL ); - return; - } - else if( g_strcasecmp( who, JABBER_MOCK_HANDLE ) == 0 ) - { - jd->flags |= JFLAG_MOCK; - imcb_add_buddy( ic, who, NULL ); + imcb_add_buddy( ic, JABBER_XMLCONSOLE_HANDLE, NULL ); return; } @@ -475,11 +450,6 @@ static void jabber_remove_buddy( struct im_connection *ic, char *who, char *grou */ return; } - else if( g_strcasecmp( who, JABBER_MOCK_HANDLE ) == 0 ) - { - jd->flags &= ~JFLAG_MOCK; - return; - } /* We should always do this part. Clean up our administration a little bit. */ jabber_buddy_remove_bare( ic, who ); diff --git a/protocols/jabber/jabber.h b/protocols/jabber/jabber.h index aa552558..5996c301 100644 --- a/protocols/jabber/jabber.h +++ b/protocols/jabber/jabber.h @@ -46,7 +46,6 @@ typedef enum activates all XEP-85 related code. */ JFLAG_XMLCONSOLE = 64, /* If the user added an xmlconsole buddy. */ JFLAG_STARTTLS_DONE = 128, /* If a plaintext session was converted to TLS. */ - JFLAG_MOCK = 256, /* If the user added a mock buddy. */ } jabber_flags_t; typedef enum @@ -188,7 +187,6 @@ struct jabber_transfer }; #define JABBER_XMLCONSOLE_HANDLE "xmlconsole" -#define JABBER_MOCK_HANDLE "mock" /* Prefixes to use for packet IDs (mainly for IQ packets ATM). Usually the first one should be used, but when storing a packet in the cache, a -- cgit v1.2.3