Context Navigation

source: otr.c @ 1dd3470

Last change on this file since 1dd3470 was 1dd3470, checked in by Sven Moritz Hallberg <pesco@…>, at 2010-06-03T21:47:53Z
add an option to disable otr on twitter (and other unsuitable protocols)
Property mode set to `100644`
File size: 45.4 KB

Line
1	/********************************************************************\
2	* BitlBee -- An IRC to other IM-networks gateway *
3	* *
4	* Copyright 2002-2008 Wilmer van der Gaast and others *
5	\********************************************************************/
6
7	/*
8	OTR support (cf. http://www.cypherpunks.ca/otr/)
9
10	2008, Sven Moritz Hallberg <pesco@khjk.org>
11	(c) and funded by stonedcoder.org
12
13	files used to store OTR data:
14	<configdir>/<nick>.otr_keys
15	<configdir>/<nick>.otr_fprints
16
17	top-level todos: (search for TODO for more ;-))
18	integrate otr_load/otr_save with existing storage backends
19	per-account policy settings
20	per-user policy settings
21	*/
22
23	/*
24	This program is free software; you can redistribute it and/or modify
25	it under the terms of the GNU General Public License as published by
26	the Free Software Foundation; either version 2 of the License, or
27	(at your option) any later version.
28
29	This program is distributed in the hope that it will be useful,
30	but WITHOUT ANY WARRANTY; without even the implied warranty of
31	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
32	GNU General Public License for more details.
33
34	You should have received a copy of the GNU General Public License with
35	the Debian GNU/Linux distribution in /usr/share/common-licenses/GPL;
36	if not, write to the Free Software Foundation, Inc., 59 Temple Place,
37	Suite 330, Boston, MA 02111-1307 USA
38	*/
39
40	#include "bitlbee.h"
41	#ifdef WITH_OTR
42	#include "irc.h"
43	#include "otr.h"
44	#include <sys/types.h>
45	#include <sys/wait.h>
46	#include <unistd.h>
47	#include <assert.h>
48	#include <signal.h>
49
50
51	/ OTR interface routines for the OtrlMessageAppOps struct: /
52
53	OtrlPolicy op_policy(void opdata, ConnContext context);
54
55	void op_create_privkey(void opdata, const char accountname, const char *protocol);
56
57	int op_is_logged_in(void opdata, const char accountname, const char *protocol,
58	const char *recipient);
59
60	void op_inject_message(void opdata, const char accountname, const char *protocol,
61	const char recipient, const char message);
62
63	int op_display_otr_message(void opdata, const char accountname, const char *protocol,
64	const char username, const char msg);
65
66	void op_new_fingerprint(void opdata, OtrlUserState us, const char accountname,
67	const char protocol, const char username, unsigned char fingerprint[20]);
68
69	void op_write_fingerprints(void *opdata);
70
71	void op_gone_secure(void opdata, ConnContext context);
72
73	void op_gone_insecure(void opdata, ConnContext context);
74
75	void op_still_secure(void opdata, ConnContext context, int is_reply);
76
77	void op_log_message(void opdata, const char message);
78
79	int op_max_message_size(void opdata, ConnContext context);
80
81	const char op_account_name(void opdata, const char account, const char protocol);
82
83
84	/ otr sub-command handlers: /
85
86	void cmd_otr_connect(irc_t irc, char *args);
87	void cmd_otr_disconnect(irc_t irc, char *args);
88	void cmd_otr_smp(irc_t irc, char *args);
89	void cmd_otr_trust(irc_t irc, char *args);
90	void cmd_otr_info(irc_t irc, char *args);
91	void cmd_otr_keygen(irc_t irc, char *args);
92	void cmd_otr_forget(irc_t irc, char *args);
93
94	const command_t otr_commands[] = {
95	{ "connect", 1, &cmd_otr_connect, 0 },
96	{ "disconnect", 1, &cmd_otr_disconnect, 0 },
97	{ "smp", 2, &cmd_otr_smp, 0 },
98	{ "trust", 6, &cmd_otr_trust, 0 },
99	{ "info", 0, &cmd_otr_info, 0 },
100	{ "keygen", 1, &cmd_otr_keygen, 0 },
101	{ "forget", 2, &cmd_otr_forget, 0 },
102	{ NULL }
103	};
104
105	typedef struct {
106	void *fst;
107	void *snd;
108	} pair_t;
109
110
111	/ misc. helpers/subroutines: /
112
113	/* check whether we are already generating a key for a given account */
114	int keygen_in_progress(irc_t irc, const char handle, const char *protocol);
115
116	/* start background process to generate a (new) key for a given account */
117	void otr_keygen(irc_t irc, const char handle, const char *protocol);
118
119	/* main function for the forked keygen slave */
120	void keygen_child_main(OtrlUserState us, int infd, int outfd);
121
122	/* mainloop handler for when a keygen finishes */
123	gboolean keygen_finish_handler(gpointer data, gint fd, b_input_condition cond);
124
125	/* copy the contents of file a to file b, overwriting it if it exists */
126	void copyfile(const char a, const char b);
127
128	/* read one line of input from a stream, excluding trailing newline */
129	void myfgets(char s, int size, FILE stream);
130
131	/* some yes/no handlers */
132	void yes_keygen(void *data);
133	void yes_forget_fingerprint(void *data);
134	void yes_forget_context(void *data);
135	void yes_forget_key(void *data);
136
137	/* helper to make sure accountname and protocol match the incoming "opdata" */
138	struct im_connection check_imc(void opdata, const char *accountname,
139	const char *protocol);
140
141	/* determine the nick for a given handle/protocol pair
142	returns "handle/protocol" if not found */
143	const char peernick(irc_t irc, const char handle, const char protocol);
144
145	/* turn a hexadecimal digit into its numerical value */
146	int hexval(char a);
147
148	/* determine the user_t for a given handle/protocol pair
149	returns NULL if not found */
150	user_t peeruser(irc_t irc, const char handle, const char protocol);
151
152	/* handle SMP TLVs from a received message */
153	void otr_handle_smp(struct im_connection ic, const char handle, OtrlTLV *tlvs);
154
155	/* update op/voice flag of given user according to encryption state and settings
156	returns 0 if neither op_buddies nor voice_buddies is set to "encrypted",
157	i.e. msgstate should be announced seperately */
158	int otr_update_modeflags(irc_t irc, user_t u);
159
160	/* show general info about the OTR subsystem; called by 'otr info' */
161	void show_general_otr_info(irc_t *irc);
162
163	/* show info about a given OTR context */
164	void show_otr_context_info(irc_t irc, ConnContext ctx);
165
166	/* show the list of fingerprints associated with a given context */
167	void show_fingerprints(irc_t irc, ConnContext ctx);
168
169	/* find a fingerprint by prefix (given as any number of hex strings) */
170	Fingerprint match_fingerprint(irc_t irc, ConnContext ctx, const char *args);
171
172	/* find a private key by fingerprint prefix (given as any number of hex strings) */
173	OtrlPrivKey match_privkey(irc_t irc, const char **args);
174
175
176	/* routines declared in otr.h: */
177
178	void otr_init(void)
179	{
180	OTRL_INIT;
181
182	/* fill global OtrlMessageAppOps */
183	global.otr_ops.policy = &op_policy;
184	global.otr_ops.create_privkey = &op_create_privkey;
185	global.otr_ops.is_logged_in = &op_is_logged_in;
186	global.otr_ops.inject_message = &op_inject_message;
187	global.otr_ops.notify = NULL;
188	global.otr_ops.display_otr_message = &op_display_otr_message;
189	global.otr_ops.update_context_list = NULL;
190	global.otr_ops.protocol_name = NULL;
191	global.otr_ops.protocol_name_free = NULL;
192	global.otr_ops.new_fingerprint = &op_new_fingerprint;
193	global.otr_ops.write_fingerprints = &op_write_fingerprints;
194	global.otr_ops.gone_secure = &op_gone_secure;
195	global.otr_ops.gone_insecure = &op_gone_insecure;
196	global.otr_ops.still_secure = &op_still_secure;
197	global.otr_ops.log_message = &op_log_message;
198	global.otr_ops.max_message_size = &op_max_message_size;
199	global.otr_ops.account_name = &op_account_name;
200	global.otr_ops.account_name_free = NULL;
201	}
202
203	otr_t *otr_new(void)
204	{
205	otr_t *otr = g_new0(otr_t, 1);
206
207	otr->us = otrl_userstate_create();
208
209	return otr;
210	}
211
212	void otr_free(otr_t *otr)
213	{
214	otrl_userstate_free(otr->us);
215	if(otr->keygen) {
216	kill(otr->keygen, SIGTERM);
217	waitpid(otr->keygen, NULL, 0);
218	/* TODO: remove stale keygen tempfiles */
219	}
220	if(otr->to)
221	fclose(otr->to);
222	if(otr->from)
223	fclose(otr->from);
224	while(otr->todo) {
225	kg_t *p = otr->todo;
226	otr->todo = p->next;
227	g_free(p);
228	}
229	g_free(otr);
230	}
231
232	void otr_load(irc_t *irc)
233	{
234	char s[512];
235	account_t *a;
236	gcry_error_t e;
237	gcry_error_t enoent = gcry_error_from_errno(ENOENT);
238	int kg=0;
239
240	g_snprintf(s, 511, "%s%s.otr_keys", global.conf->configdir, irc->nick);
241	e = otrl_privkey_read(irc->otr->us, s);
242	if(e && e!=enoent) {
243	irc_usermsg(irc, "otr load: %s: %s", s, gcry_strerror(e));
244	}
245	g_snprintf(s, 511, "%s%s.otr_fprints", global.conf->configdir, irc->nick);
246	e = otrl_privkey_read_fingerprints(irc->otr->us, s, NULL, NULL);
247	if(e && e!=enoent) {
248	irc_usermsg(irc, "otr load: %s: %s", s, gcry_strerror(e));
249	}
250
251	/* check for otr keys on all accounts */
252	for(a=irc->accounts; a; a=a->next) {
253	kg = otr_check_for_key(a) \|\| kg;
254	}
255	if(kg) {
256	irc_usermsg(irc, "Notice: "
257	"The accounts above do not have OTR encryption keys associated with them, yet. "
258	"These keys are now being generated in the background. "
259	"You will be notified as they are completed. "
260	"It is not necessary to wait; "
261	"BitlBee can be used normally during key generation. "
262	"You may safely ignore this message if you don't know what OTR is. ;)");
263	}
264	}
265
266	void otr_save(irc_t *irc)
267	{
268	char s[512];
269	gcry_error_t e;
270
271	g_snprintf(s, 511, "%s%s.otr_fprints", global.conf->configdir, irc->nick);
272	e = otrl_privkey_write_fingerprints(irc->otr->us, s);
273	if(e) {
274	irc_usermsg(irc, "otr save: %s: %s", s, gcry_strerror(e));
275	}
276	chmod(s, 0600);
277	}
278
279	void otr_remove(const char *nick)
280	{
281	char s[512];
282
283	g_snprintf(s, 511, "%s%s.otr_keys", global.conf->configdir, nick);
284	unlink(s);
285	g_snprintf(s, 511, "%s%s.otr_fprints", global.conf->configdir, nick);
286	unlink(s);
287	}
288
289	void otr_rename(const char onick, const char nnick)
290	{
291	char s[512], t[512];
292
293	g_snprintf(s, 511, "%s%s.otr_keys", global.conf->configdir, onick);
294	g_snprintf(t, 511, "%s%s.otr_keys", global.conf->configdir, nnick);
295	rename(s,t);
296	g_snprintf(s, 511, "%s%s.otr_fprints", global.conf->configdir, onick);
297	g_snprintf(t, 511, "%s%s.otr_fprints", global.conf->configdir, nnick);
298	rename(s,t);
299	}
300
301	int otr_check_for_key(account_t *a)
302	{
303	irc_t *irc = a->irc;
304	OtrlPrivKey *k;
305
306	/* don't do OTR on certain (not classic IM) protocols, e.g. twitter */
307	if(a->prpl->options & OPT_NOOTR) {
308	return 0;
309	}
310
311	k = otrl_privkey_find(irc->otr->us, a->user, a->prpl->name);
312	if(k) {
313	irc_usermsg(irc, "otr: %s/%s ready", a->user, a->prpl->name);
314	return 0;
315	} if(keygen_in_progress(irc, a->user, a->prpl->name)) {
316	irc_usermsg(irc, "otr: keygen for %s/%s already in progress", a->user, a->prpl->name);
317	return 0;
318	} else {
319	irc_usermsg(irc, "otr: starting background keygen for %s/%s", a->user, a->prpl->name);
320	otr_keygen(irc, a->user, a->prpl->name);
321	return 1;
322	}
323	}
324
325	char otr_handle_message(struct im_connection ic, const char handle, const char msg)
326	{
327	int ignore_msg;
328	char *newmsg = NULL;
329	OtrlTLV *tlvs = NULL;
330	char *colormsg;
331
332	/* don't do OTR on certain (not classic IM) protocols, e.g. twitter */
333	if(ic->acc->prpl->options & OPT_NOOTR) {
334	return (g_strdup(msg));
335	}
336
337	ignore_msg = otrl_message_receiving(ic->irc->otr->us, &global.otr_ops, ic,
338	ic->acc->user, ic->acc->prpl->name, handle, msg, &newmsg,
339	&tlvs, NULL, NULL);
340
341	otr_handle_smp(ic, handle, tlvs);
342
343	if(ignore_msg) {
344	/* this was an internal OTR protocol message */
345	return NULL;
346	} else if(!newmsg) {
347	/* this was a non-OTR message */
348	return g_strdup(msg);
349	} else {
350	/* OTR has processed this message */
351	ConnContext *context = otrl_context_find(ic->irc->otr->us, handle,
352	ic->acc->user, ic->acc->prpl->name, 0, NULL, NULL, NULL);
353	if(context && context->msgstate == OTRL_MSGSTATE_ENCRYPTED &&
354	set_getbool(&ic->irc->set, "color_encrypted")) {
355	/* color according to f'print trust */
356	int color;
357	const char *trust = context->active_fingerprint->trust;
358	if(trust && trust[0] != '\0')
359	color=3; /* green */
360	else
361	color=5; /* red */
362
363	if(newmsg[0] == ',') {
364	/* could be a problem with the color code */
365	/* insert a space between color spec and message */
366	colormsg = g_strdup_printf("\x03%.2d %s\x0F", color, newmsg);
367	} else {
368	colormsg = g_strdup_printf("\x03%.2d%s\x0F", color, newmsg);
369	}
370	} else {
371	colormsg = g_strdup(newmsg);
372	}
373	otrl_message_free(newmsg);
374	return colormsg;
375	}
376	}
377
378	int otr_send_message(struct im_connection ic, const char handle, const char *msg, int flags)
379	{
380	int st;
381	char *otrmsg = NULL;
382	ConnContext *ctx = NULL;
383
384	/* don't do OTR on certain (not classic IM) protocols, e.g. twitter */
385	if(ic->acc->prpl->options & OPT_NOOTR) {
386	return (ic->acc->prpl->buddy_msg(ic, handle, msg, flags));
387	}
388
389	st = otrl_message_sending(ic->irc->otr->us, &global.otr_ops, ic,
390	ic->acc->user, ic->acc->prpl->name, handle,
391	msg, NULL, &otrmsg, NULL, NULL);
392	if(st) {
393	return st;
394	}
395
396	ctx = otrl_context_find(ic->irc->otr->us,
397	handle, ic->acc->user, ic->acc->prpl->name,
398	1, NULL, NULL, NULL);
399
400	if(otrmsg) {
401	if(!ctx) {
402	otrl_message_free(otrmsg);
403	return 1;
404	}
405	st = otrl_message_fragment_and_send(&global.otr_ops, ic, ctx,
406	otrmsg, OTRL_FRAGMENT_SEND_ALL, NULL);
407	otrl_message_free(otrmsg);
408	} else {
409	/* note: otrl_message_sending handles policy, so that if REQUIRE_ENCRYPTION is set,
410	this case does not occur */
411	st = ic->acc->prpl->buddy_msg( ic, (char )handle, (char )msg, flags );
412	}
413
414	return st;
415	}
416
417	void cmd_otr(irc_t irc, char *args)
418	{
419	const command_t *cmd;
420
421	if(!args[0])
422	return;
423
424	if(!args[1])
425	return;
426
427	for(cmd=otr_commands; cmd->command; cmd++) {
428	if(strcmp(cmd->command, args[1]) == 0)
429	break;
430	}
431
432	if(!cmd->command) {
433	irc_usermsg(irc, "%s: unknown subcommand \"%s\", see \x02help otr\x02",
434	args[0], args[1]);
435	return;
436	}
437
438	if(!args[cmd->required_parameters+1]) {
439	irc_usermsg(irc, "%s %s: not enough arguments (%d req.)",
440	args[0], args[1], cmd->required_parameters);
441	return;
442	}
443
444	cmd->execute(irc, args+1);
445	}
446
447
448	/* OTR "MessageAppOps" callbacks for global.otr_ui: */
449
450	OtrlPolicy op_policy(void opdata, ConnContext context)
451	{
452	struct im_connection *ic = check_imc(opdata, context->accountname, context->protocol);
453	const char *p;
454
455	/* policy override during keygen: if we're missing the key for context but are currently
456	generating it, then that's as much as we can do. => temporarily return NEVER. */
457	if(keygen_in_progress(ic->irc, context->accountname, context->protocol) &&
458	!otrl_privkey_find(ic->irc->otr->us, context->accountname, context->protocol))
459	return OTRL_POLICY_NEVER;
460
461	p = set_getstr(&ic->irc->set, "otr_policy");
462	if(!strcmp(p, "never"))
463	return OTRL_POLICY_NEVER;
464	if(!strcmp(p, "opportunistic"))
465	return OTRL_POLICY_OPPORTUNISTIC;
466	if(!strcmp(p, "manual"))
467	return OTRL_POLICY_MANUAL;
468	if(!strcmp(p, "always"))
469	return OTRL_POLICY_ALWAYS;
470
471	return OTRL_POLICY_OPPORTUNISTIC;
472	}
473
474	void op_create_privkey(void opdata, const char accountname,
475	const char *protocol)
476	{
477	struct im_connection *ic = check_imc(opdata, accountname, protocol);
478
479	/* will fail silently if keygen already in progress */
480	otr_keygen(ic->irc, accountname, protocol);
481	}
482
483	int op_is_logged_in(void opdata, const char accountname,
484	const char protocol, const char recipient)
485	{
486	struct im_connection *ic = check_imc(opdata, accountname, protocol);
487	user_t *u;
488
489	/* lookup the user_t for the given recipient */
490	u = user_findhandle(ic, recipient);
491	if(u) {
492	if(u->online)
493	return 1;
494	else
495	return 0;
496	} else {
497	return -1;
498	}
499	}
500
501	void op_inject_message(void opdata, const char accountname,
502	const char protocol, const char recipient, const char *message)
503	{
504	struct im_connection *ic = check_imc(opdata, accountname, protocol);
505
506	if (strcmp(accountname, recipient) == 0) {
507	/* huh? injecting messages to myself? */
508	irc_usermsg(ic->irc, "note to self: %s", message);
509	} else {
510	/* need to drop some consts here :-( */
511	/* TODO: get flags into op_inject_message?! */
512	ic->acc->prpl->buddy_msg(ic, (char )recipient, (char )message, 0);
513	/* ignoring return value :-/ */
514	}
515	}
516
517	int op_display_otr_message(void opdata, const char accountname,
518	const char protocol, const char username, const char *message)
519	{
520	struct im_connection *ic = check_imc(opdata, accountname, protocol);
521	char *msg = g_strdup(message);
522
523	strip_html(msg);
524	irc_usermsg(ic->irc, "otr: %s", msg);
525
526	g_free(msg);
527	return 0;
528	}
529
530	void op_new_fingerprint(void *opdata, OtrlUserState us,
531	const char accountname, const char protocol,
532	const char *username, unsigned char fingerprint[20])
533	{
534	struct im_connection *ic = check_imc(opdata, accountname, protocol);
535	char hunam[45]; /* anybody looking? ;-) */
536
537	otrl_privkey_hash_to_human(hunam, fingerprint);
538	irc_usermsg(ic->irc, "new fingerprint for %s: %s",
539	peernick(ic->irc, username, protocol), hunam);
540	}
541
542	void op_write_fingerprints(void *opdata)
543	{
544	struct im_connection ic = (struct im_connection )opdata;
545
546	otr_save(ic->irc);
547	}
548
549	void op_gone_secure(void opdata, ConnContext context)
550	{
551	struct im_connection *ic =
552	check_imc(opdata, context->accountname, context->protocol);
553	user_t *u;
554	const char *trust;
555
556	u = peeruser(ic->irc, context->username, context->protocol);
557	if(!u) {
558	log_message(LOGLVL_ERROR,
559	"BUG: otr.c: op_gone_secure: user_t for %s/%s/%s not found!",
560	context->username, context->protocol, context->accountname);
561	return;
562	}
563
564	trust = context->active_fingerprint->trust;
565	if(trust && trust[0])
566	u->encrypted = 2;
567	else
568	u->encrypted = 1;
569	if(!otr_update_modeflags(ic->irc, u))
570	irc_usermsg(ic->irc, "conversation with %s is now off the record", u->nick);
571	}
572
573	void op_gone_insecure(void opdata, ConnContext context)
574	{
575	struct im_connection *ic =
576	check_imc(opdata, context->accountname, context->protocol);
577	user_t *u;
578
579	u = peeruser(ic->irc, context->username, context->protocol);
580	if(!u) {
581	log_message(LOGLVL_ERROR,
582	"BUG: otr.c: op_gone_insecure: user_t for %s/%s/%s not found!",
583	context->username, context->protocol, context->accountname);
584	return;
585	}
586	u->encrypted = 0;
587	if(!otr_update_modeflags(ic->irc, u))
588	irc_usermsg(ic->irc, "conversation with %s is now in the clear", u->nick);
589	}
590
591	void op_still_secure(void opdata, ConnContext context, int is_reply)
592	{
593	struct im_connection *ic =
594	check_imc(opdata, context->accountname, context->protocol);
595	user_t *u;
596
597	u = peeruser(ic->irc, context->username, context->protocol);
598	if(!u) {
599	log_message(LOGLVL_ERROR,
600	"BUG: otr.c: op_still_secure: user_t for %s/%s/%s not found!",
601	context->username, context->protocol, context->accountname);
602	return;
603	}
604	if(context->active_fingerprint->trust[0])
605	u->encrypted = 2;
606	else
607	u->encrypted = 1;
608	if(!otr_update_modeflags(ic->irc, u))
609	irc_usermsg(ic->irc, "otr connection with %s has been refreshed", u->nick);
610	}
611
612	void op_log_message(void opdata, const char message)
613	{
614	char *msg = g_strdup(message);
615
616	strip_html(msg);
617	log_message(LOGLVL_INFO, "otr: %s", msg);
618	g_free(msg);
619	}
620
621	int op_max_message_size(void opdata, ConnContext context)
622	{
623	struct im_connection *ic =
624	check_imc(opdata, context->accountname, context->protocol);
625
626	return ic->acc->prpl->mms;
627	}
628
629	const char op_account_name(void opdata, const char account, const char protocol)
630	{
631	struct im_connection ic = (struct im_connection )opdata;
632
633	return peernick(ic->irc, account, protocol);
634	}
635
636
637	/* OTR sub-command handlers */
638
639	void cmd_otr_disconnect(irc_t irc, char *args)
640	{
641	user_t *u;
642
643	u = user_find(irc, args[1]);
644	if(!u \|\| !u->ic) {
645	irc_usermsg(irc, "%s: unknown user", args[1]);
646	return;
647	}
648
649	otrl_message_disconnect(irc->otr->us, &global.otr_ops,
650	u->ic, u->ic->acc->user, u->ic->acc->prpl->name, u->handle);
651
652	/* for some reason, libotr (3.1.0) doesn't do this itself: */
653	if(u->encrypted) {
654	ConnContext *ctx;
655	ctx = otrl_context_find(irc->otr->us, u->handle, u->ic->acc->user,
656	u->ic->acc->prpl->name, 0, NULL, NULL, NULL);
657	if(ctx)
658	op_gone_insecure(u->ic, ctx);
659	else /* huh? */
660	u->encrypted = 0;
661	}
662	}
663
664	void cmd_otr_connect(irc_t irc, char *args)
665	{
666	user_t *u;
667
668	u = user_find(irc, args[1]);
669	if(!u \|\| !u->ic) {
670	irc_usermsg(irc, "%s: unknown user", args[1]);
671	return;
672	}
673	if(!u->online) {
674	irc_usermsg(irc, "%s is offline", args[1]);
675	return;
676	}
677
678	imc_buddy_msg(u->ic, u->handle, "?OTR?", 0);
679	}
680
681	void cmd_otr_smp(irc_t irc, char *args)
682	{
683	user_t *u;
684	ConnContext *ctx;
685
686	u = user_find(irc, args[1]);
687	if(!u \|\| !u->ic) {
688	irc_usermsg(irc, "%s: unknown user", args[1]);
689	return;
690	}
691	if(!u->online) {
692	irc_usermsg(irc, "%s is offline", args[1]);
693	return;
694	}
695
696	ctx = otrl_context_find(irc->otr->us, u->handle,
697	u->ic->acc->user, u->ic->acc->prpl->name, 1, NULL, NULL, NULL);
698	if(!ctx) {
699	/* huh? out of memory or what? */
700	return;
701	}
702
703	if(ctx->smstate->nextExpected != OTRL_SMP_EXPECT1) {
704	log_message(LOGLVL_INFO,
705	"SMP already in phase %d, sending abort before reinitiating",
706	ctx->smstate->nextExpected+1);
707	otrl_message_abort_smp(irc->otr->us, &global.otr_ops, u->ic, ctx);
708	otrl_sm_state_free(ctx->smstate);
709	}
710
711	/* warning: the following assumes that smstates are cleared whenever an SMP
712	is completed or aborted! */
713	if(ctx->smstate->secret == NULL) {
714	irc_usermsg(irc, "smp: initiating with %s...", u->nick);
715	otrl_message_initiate_smp(irc->otr->us, &global.otr_ops,
716	u->ic, ctx, (unsigned char *)args[2], strlen(args[2]));
717	/* smp is now in EXPECT2 */
718	} else {
719	/* if we're still in EXPECT1 but smstate is initialized, we must have
720	received the SMP1, so let's issue a response */
721	irc_usermsg(irc, "smp: responding to %s...", u->nick);
722	otrl_message_respond_smp(irc->otr->us, &global.otr_ops,
723	u->ic, ctx, (unsigned char *)args[2], strlen(args[2]));
724	/* smp is now in EXPECT3 */
725	}
726	}
727
728	void cmd_otr_trust(irc_t irc, char *args)
729	{
730	user_t *u;
731	ConnContext *ctx;
732	unsigned char raw[20];
733	Fingerprint *fp;
734	int i,j;
735
736	u = user_find(irc, args[1]);
737	if(!u \|\| !u->ic) {
738	irc_usermsg(irc, "%s: unknown user", args[1]);
739	return;
740	}
741
742	ctx = otrl_context_find(irc->otr->us, u->handle,
743	u->ic->acc->user, u->ic->acc->prpl->name, 0, NULL, NULL, NULL);
744	if(!ctx) {
745	irc_usermsg(irc, "%s: no otr context with user", args[1]);
746	return;
747	}
748
749	/* convert given fingerprint to raw representation */
750	for(i=0; i<5; i++) {
751	for(j=0; j<4; j++) {
752	char p = args[2+i]+(2j);
753	char *q = p+1;
754	int x, y;
755
756	if(!p \|\| !q) {
757	irc_usermsg(irc, "failed: truncated fingerprint block %d", i+1);
758	return;
759	}
760
761	x = hexval(*p);
762	y = hexval(*q);
763	if(x<0) {
764	irc_usermsg(irc, "failed: %d. hex digit of block %d out of range", 2*j+1, i+1);
765	return;
766	}
767	if(y<0) {
768	irc_usermsg(irc, "failed: %d. hex digit of block %d out of range", 2*j+2, i+1);
769	return;
770	}
771
772	raw[i4+j] = x16 + y;
773	}
774	}
775	fp = otrl_context_find_fingerprint(ctx, raw, 0, NULL);
776	if(!fp) {
777	irc_usermsg(irc, "failed: no such fingerprint for %s", args[1]);
778	} else {
779	char *trust = args[7] ? args[7] : "affirmed";
780	otrl_context_set_trust(fp, trust);
781	irc_usermsg(irc, "fingerprint match, trust set to \"%s\"", trust);
782	if(u->encrypted)
783	u->encrypted = 2;
784	otr_update_modeflags(irc, u);
785	}
786	}
787
788	void cmd_otr_info(irc_t irc, char *args)
789	{
790	if(!args[1]) {
791	show_general_otr_info(irc);
792	} else {
793	char *arg = g_strdup(args[1]);
794	char myhandle, handle=NULL, *protocol;
795	ConnContext *ctx;
796
797	/* interpret arg as 'user/protocol/account' if possible */
798	protocol = strchr(arg, '/');
799	myhandle = NULL;
800	if(protocol) {
801	*(protocol++) = '\0';
802	myhandle = strchr(protocol, '/');
803	}
804	if(protocol && myhandle) {
805	*(myhandle++) = '\0';
806	handle = arg;
807	ctx = otrl_context_find(irc->otr->us, handle, myhandle, protocol, 0, NULL, NULL, NULL);
808	if(!ctx) {
809	irc_usermsg(irc, "no such context");
810	g_free(arg);
811	return;
812	}
813	} else {
814	user_t *u = user_find(irc, args[1]);
815	if(!u \|\| !u->ic) {
816	irc_usermsg(irc, "%s: unknown user", args[1]);
817	g_free(arg);
818	return;
819	}
820	ctx = otrl_context_find(irc->otr->us, u->handle, u->ic->acc->user,
821	u->ic->acc->prpl->name, 0, NULL, NULL, NULL);
822	if(!ctx) {
823	irc_usermsg(irc, "no otr context with %s", args[1]);
824	g_free(arg);
825	return;
826	}
827	}
828
829	/* show how we resolved the (nick) argument, if we did */
830	if(handle!=arg) {
831	irc_usermsg(irc, "%s is %s/%s; we are %s/%s to them", args[1],
832	ctx->username, ctx->protocol, ctx->accountname, ctx->protocol);
833	}
834	show_otr_context_info(irc, ctx);
835	g_free(arg);
836	}
837	}
838
839	void cmd_otr_keygen(irc_t irc, char *args)
840	{
841	int i, n;
842	account_t *a;
843
844	n = atoi(args[1]);
845	if(n<0 \|\| (!n && strcmp(args[1], "0"))) {
846	irc_usermsg(irc, "%s: invalid account number", args[1]);
847	return;
848	}
849
850	a = irc->accounts;
851	for(i=0; i<n && a; i++, a=a->next);
852	if(!a) {
853	irc_usermsg(irc, "%s: no such account", args[1]);
854	return;
855	}
856
857	if(keygen_in_progress(irc, a->user, a->prpl->name)) {
858	irc_usermsg(irc, "keygen for account %d already in progress", n);
859	return;
860	}
861
862	if(otrl_privkey_find(irc->otr->us, a->user, a->prpl->name)) {
863	char *s = g_strdup_printf("account %d already has a key, replace it?", n);
864	query_add(irc, NULL, s, yes_keygen, NULL, a);
865	g_free(s);
866	} else {
867	otr_keygen(irc, a->user, a->prpl->name);
868	}
869	}
870
871	void yes_forget_fingerprint(void *data)
872	{
873	pair_t p = (pair_t )data;
874	irc_t irc = (irc_t )p->fst;
875	Fingerprint fp = (Fingerprint )p->snd;
876
877	g_free(p);
878
879	if(fp == fp->context->active_fingerprint) {
880	irc_usermsg(irc, "that fingerprint is active, terminate otr connection first");
881	return;
882	}
883
884	otrl_context_forget_fingerprint(fp, 0);
885	}
886
887	void yes_forget_context(void *data)
888	{
889	pair_t p = (pair_t )data;
890	irc_t irc = (irc_t )p->fst;
891	ConnContext ctx = (ConnContext )p->snd;
892
893	g_free(p);
894
895	if(ctx->msgstate == OTRL_MSGSTATE_ENCRYPTED) {
896	irc_usermsg(irc, "active otr connection with %s, terminate it first",
897	peernick(irc, ctx->username, ctx->protocol));
898	return;
899	}
900
901	if(ctx->msgstate == OTRL_MSGSTATE_FINISHED)
902	otrl_context_force_plaintext(ctx);
903	otrl_context_forget(ctx);
904	}
905
906	void yes_forget_key(void *data)
907	{
908	OtrlPrivKey key = (OtrlPrivKey )data;
909
910	otrl_privkey_forget(key);
911	/* Hm, libotr doesn't seem to offer a function for explicitly /writing/
912	keyfiles. So the key will be back on the next load... */
913	/* TODO: Actually erase forgotten keys from storage? */
914	}
915
916	void cmd_otr_forget(irc_t irc, char *args)
917	{
918	if(!strcmp(args[1], "fingerprint"))
919	{
920	user_t *u;
921	ConnContext *ctx;
922	Fingerprint *fp;
923	char human[54];
924	char *s;
925	pair_t *p;
926
927	if(!args[3]) {
928	irc_usermsg(irc, "otr %s %s: not enough arguments (2 req.)", args[0], args[1]);
929	return;
930	}
931
932	/* TODO: allow context specs ("user/proto/account") in 'otr forget fingerprint'? */
933	u = user_find(irc, args[2]);
934	if(!u \|\| !u->ic) {
935	irc_usermsg(irc, "%s: unknown user", args[2]);
936	return;
937	}
938
939	ctx = otrl_context_find(irc->otr->us, u->handle, u->ic->acc->user,
940	u->ic->acc->prpl->name, 0, NULL, NULL, NULL);
941	if(!ctx) {
942	irc_usermsg(irc, "no otr context with %s", args[2]);
943	return;
944	}
945
946	fp = match_fingerprint(irc, ctx, ((const char **)args)+3);
947	if(!fp) {
948	/* match_fingerprint does error messages */
949	return;
950	}
951
952	if(fp == ctx->active_fingerprint) {
953	irc_usermsg(irc, "that fingerprint is active, terminate otr connection first");
954	return;
955	}
956
957	otrl_privkey_hash_to_human(human, fp->fingerprint);
958	s = g_strdup_printf("about to forget fingerprint %s, are you sure?", human);
959	p = g_malloc(sizeof(pair_t));
960	if(!p)
961	return;
962	p->fst = irc;
963	p->snd = fp;
964	query_add(irc, NULL, s, yes_forget_fingerprint, NULL, p);
965	g_free(s);
966	}
967
968	else if(!strcmp(args[1], "context"))
969	{
970	user_t *u;
971	ConnContext *ctx;
972	char *s;
973	pair_t *p;
974
975	/* TODO: allow context specs ("user/proto/account") in 'otr forget contex'? */
976	u = user_find(irc, args[2]);
977	if(!u \|\| !u->ic) {
978	irc_usermsg(irc, "%s: unknown user", args[2]);
979	return;
980	}
981
982	ctx = otrl_context_find(irc->otr->us, u->handle, u->ic->acc->user,
983	u->ic->acc->prpl->name, 0, NULL, NULL, NULL);
984	if(!ctx) {
985	irc_usermsg(irc, "no otr context with %s", args[2]);
986	return;
987	}
988
989	if(ctx->msgstate == OTRL_MSGSTATE_ENCRYPTED) {
990	irc_usermsg(irc, "active otr connection with %s, terminate it first", args[2]);
991	return;
992	}
993
994	s = g_strdup_printf("about to forget otr data about %s, are you sure?", args[2]);
995	p = g_malloc(sizeof(pair_t));
996	if(!p)
997	return;
998	p->fst = irc;
999	p->snd = ctx;
1000	query_add(irc, NULL, s, yes_forget_context, NULL, p);
1001	g_free(s);
1002	}
1003
1004	else if(!strcmp(args[1], "key"))
1005	{
1006	OtrlPrivKey *key;
1007	char *s;
1008
1009	key = match_privkey(irc, ((const char **)args)+2);
1010	if(!key) {
1011	/* match_privkey does error messages */
1012	return;
1013	}
1014
1015	s = g_strdup_printf("about to forget the private key for %s/%s, are you sure?",
1016	key->accountname, key->protocol);
1017	query_add(irc, NULL, s, yes_forget_key, NULL, key);
1018	g_free(s);
1019	}
1020
1021	else
1022	{
1023	irc_usermsg(irc, "otr %s: unknown subcommand \"%s\", see \x02help otr forget\x02",
1024	args[0], args[1]);
1025	}
1026	}
1027
1028
1029	/* local helpers / subroutines: */
1030
1031	/* Socialist Millionaires' Protocol */
1032	void otr_handle_smp(struct im_connection ic, const char handle, OtrlTLV *tlvs)
1033	{
1034	irc_t *irc = ic->irc;
1035	OtrlUserState us = irc->otr->us;
1036	OtrlMessageAppOps *ops = &global.otr_ops;
1037	OtrlTLV *tlv = NULL;
1038	ConnContext *context;
1039	NextExpectedSMP nextMsg;
1040	user_t *u;
1041
1042	u = user_findhandle(ic, handle);
1043	if(!u) return;
1044	context = otrl_context_find(us, handle,
1045	ic->acc->user, ic->acc->prpl->name, 1, NULL, NULL, NULL);
1046	if(!context) {
1047	/* huh? out of memory or what? */
1048	return;
1049	}
1050	nextMsg = context->smstate->nextExpected;
1051
1052	tlv = otrl_tlv_find(tlvs, OTRL_TLV_SMP1);
1053	if (tlv) {
1054	if (nextMsg != OTRL_SMP_EXPECT1) {
1055	irc_usermsg(irc, "smp %s: spurious SMP1 received, aborting", u->nick);
1056	otrl_message_abort_smp(us, ops, u->ic, context);
1057	otrl_sm_state_free(context->smstate);
1058	} else {
1059	irc_usermsg(irc, "smp: initiated by %s"
1060	" - respond with \x02otr smp %s <secret>\x02",
1061	u->nick, u->nick);
1062	/* smp stays in EXPECT1 until user responds */
1063	}
1064	}
1065	tlv = otrl_tlv_find(tlvs, OTRL_TLV_SMP2);
1066	if (tlv) {
1067	if (nextMsg != OTRL_SMP_EXPECT2) {
1068	irc_usermsg(irc, "smp %s: spurious SMP2 received, aborting", u->nick);
1069	otrl_message_abort_smp(us, ops, u->ic, context);
1070	otrl_sm_state_free(context->smstate);
1071	} else {
1072	/* SMP2 received, otrl_message_receiving will have sent SMP3 */
1073	context->smstate->nextExpected = OTRL_SMP_EXPECT4;
1074	}
1075	}
1076	tlv = otrl_tlv_find(tlvs, OTRL_TLV_SMP3);
1077	if (tlv) {
1078	if (nextMsg != OTRL_SMP_EXPECT3) {
1079	irc_usermsg(irc, "smp %s: spurious SMP3 received, aborting", u->nick);
1080	otrl_message_abort_smp(us, ops, u->ic, context);
1081	otrl_sm_state_free(context->smstate);
1082	} else {
1083	/* SMP3 received, otrl_message_receiving will have sent SMP4 and set fp trust */
1084	const char *trust = context->active_fingerprint->trust;
1085	if(!trust \|\| trust[0]=='\0') {
1086	irc_usermsg(irc, "smp %s: secrets did not match, fingerprint not trusted",
1087	u->nick);
1088	} else {
1089	irc_usermsg(irc, "smp %s: secrets proved equal, fingerprint trusted",
1090	u->nick);
1091	}
1092	otrl_sm_state_free(context->smstate);
1093	/* smp is in back in EXPECT1 */
1094	}
1095	}
1096	tlv = otrl_tlv_find(tlvs, OTRL_TLV_SMP4);
1097	if (tlv) {
1098	if (nextMsg != OTRL_SMP_EXPECT4) {
1099	irc_usermsg(irc, "smp %s: spurious SMP4 received, aborting", u->nick);
1100	otrl_message_abort_smp(us, ops, u->ic, context);
1101	otrl_sm_state_free(context->smstate);
1102	} else {
1103	/* SMP4 received, otrl_message_receiving will have set fp trust */
1104	const char *trust = context->active_fingerprint->trust;
1105	if(!trust \|\| trust[0]=='\0') {
1106	irc_usermsg(irc, "smp %s: secrets did not match, fingerprint not trusted",
1107	u->nick);
1108	} else {
1109	irc_usermsg(irc, "smp %s: secrets proved equal, fingerprint trusted",
1110	u->nick);
1111	}
1112	otrl_sm_state_free(context->smstate);
1113	/* smp is in back in EXPECT1 */
1114	}
1115	}
1116	tlv = otrl_tlv_find(tlvs, OTRL_TLV_SMP_ABORT);
1117	if (tlv) {
1118	irc_usermsg(irc, "smp: received abort from %s", u->nick);
1119	otrl_sm_state_free(context->smstate);
1120	/* smp is in back in EXPECT1 */
1121	}
1122	}
1123
1124	/* helper to assert that account and protocol names given to ops below always
1125	match the im_connection passed through as opdata */
1126	struct im_connection check_imc(void opdata, const char *accountname,
1127	const char *protocol)
1128	{
1129	struct im_connection ic = (struct im_connection )opdata;
1130
1131	if (strcmp(accountname, ic->acc->user) != 0) {
1132	log_message(LOGLVL_WARNING,
1133	"otr: internal account name mismatch: '%s' vs '%s'",
1134	accountname, ic->acc->user);
1135	}
1136	if (strcmp(protocol, ic->acc->prpl->name) != 0) {
1137	log_message(LOGLVL_WARNING,
1138	"otr: internal protocol name mismatch: '%s' vs '%s'",
1139	protocol, ic->acc->prpl->name);
1140	}
1141
1142	return ic;
1143	}
1144
1145	user_t peeruser(irc_t irc, const char handle, const char protocol)
1146	{
1147	user_t *u;
1148
1149	for(u=irc->users; u; u=u->next) {
1150	struct prpl *prpl;
1151	if(!u->ic \|\| !u->handle)
1152	continue;
1153	prpl = u->ic->acc->prpl;
1154	if(strcmp(prpl->name, protocol) == 0
1155	&& prpl->handle_cmp(u->handle, handle) == 0) {
1156	return u;
1157	}
1158	}
1159
1160	return NULL;
1161	}
1162
1163	int hexval(char a)
1164	{
1165	int x=tolower(a);
1166
1167	if(x>='a' && x<='f')
1168	x = x - 'a' + 10;
1169	else if(x>='0' && x<='9')
1170	x = x - '0';
1171	else
1172	return -1;
1173
1174	return x;
1175	}
1176
1177	const char peernick(irc_t irc, const char handle, const char protocol)
1178	{
1179	static char fallback[512];
1180
1181	user_t *u = peeruser(irc, handle, protocol);
1182	if(u) {
1183	return u->nick;
1184	} else {
1185	g_snprintf(fallback, 511, "%s/%s", handle, protocol);
1186	return fallback;
1187	}
1188	}
1189
1190	int otr_update_modeflags(irc_t irc, user_t u)
1191	{
1192	char *vb = set_getstr(&irc->set, "voice_buddies");
1193	char *hb = set_getstr(&irc->set, "halfop_buddies");
1194	char *ob = set_getstr(&irc->set, "op_buddies");
1195	int encrypted = u->encrypted;
1196	int trusted = u->encrypted > 1;
1197	char flags[7];
1198	int nflags=0;
1199	char *p = flags;
1200	char *from;
1201	int i;
1202
1203	if(!strcmp(vb, "encrypted")) {
1204	*(p++) = encrypted ? '+' : '-';
1205	*(p++) = 'v';
1206	nflags++;
1207	} else if(!strcmp(vb, "trusted")) {
1208	*(p++) = trusted ? '+' : '-';
1209	*(p++) = 'v';
1210	nflags++;
1211	}
1212	if(!strcmp(hb, "encrypted")) {
1213	*(p++) = encrypted ? '+' : '-';
1214	*(p++) = 'h';
1215	nflags++;
1216	} else if(!strcmp(hb, "trusted")) {
1217	*(p++) = trusted ? '+' : '-';
1218	*(p++) = 'h';
1219	nflags++;
1220	}
1221	if(!strcmp(ob, "encrypted")) {
1222	*(p++) = encrypted ? '+' : '-';
1223	*(p++) = 'o';
1224	nflags++;
1225	} else if(!strcmp(ob, "trusted")) {
1226	*(p++) = trusted ? '+' : '-';
1227	*(p++) = 'o';
1228	nflags++;
1229	}
1230	*p = '\0';
1231
1232	p = g_malloc(nflags * (strlen(u->nick)+1) + 1);
1233	*p = '\0';
1234	if(!p)
1235	return 0;
1236	for(i=0; i<nflags; i++) {
1237	strcat(p, " ");
1238	strcat(p, u->nick);
1239	}
1240	if(set_getbool(&irc->set, "simulate_netsplit"))
1241	from = g_strdup(irc->myhost);
1242	else
1243	from = g_strdup_printf("%s!%s@%s", irc->mynick, irc->mynick, irc->myhost);
1244	irc_write(irc, ":%s MODE %s %s%s", from, irc->channel, flags, p);
1245	g_free(from);
1246	g_free(p);
1247
1248	return 1;
1249	}
1250
1251	void show_fingerprints(irc_t irc, ConnContext ctx)
1252	{
1253	char human[45];
1254	Fingerprint *fp;
1255	const char *trust;
1256	int count=0;
1257
1258	for(fp=&ctx->fingerprint_root; fp; fp=fp->next) {
1259	if(!fp->fingerprint)
1260	continue;
1261	count++;
1262	otrl_privkey_hash_to_human(human, fp->fingerprint);
1263	if(!fp->trust \|\| fp->trust[0] == '\0') {
1264	trust="untrusted";
1265	} else {
1266	trust=fp->trust;
1267	}
1268	if(fp == ctx->active_fingerprint) {
1269	irc_usermsg(irc, " \x02%s (%s)\x02", human, trust);
1270	} else {
1271	irc_usermsg(irc, " %s (%s)", human, trust);
1272	}
1273	}
1274	if(count==0)
1275	irc_usermsg(irc, " (none)");
1276	}
1277
1278	Fingerprint match_fingerprint(irc_t irc, ConnContext ctx, const char *args)
1279	{
1280	Fingerprint fp, fp2;
1281	char human[45];
1282	char prefix[45], *p;
1283	int n;
1284	int i,j;
1285
1286	/* assemble the args into a prefix in standard "human" form */
1287	n=0;
1288	p=prefix;
1289	for(i=0; args[i]; i++) {
1290	for(j=0; args[i][j]; j++) {
1291	char c = toupper(args[i][j]);
1292
1293	if(n>=40) {
1294	irc_usermsg(irc, "too many fingerprint digits given, expected at most 40");
1295	return NULL;
1296	}
1297
1298	if( (c>='A' && c<='F') \|\| (c>='0' && c<='9') ) {
1299	*(p++) = c;
1300	} else {
1301	irc_usermsg(irc, "invalid hex digit '%c' in block %d", args[i][j], i+1);
1302	return NULL;
1303	}
1304
1305	n++;
1306	if(n%8 == 0)
1307	*(p++) = ' ';
1308	}
1309	}
1310	*p = '\0';
1311
1312	/* find first fingerprint with the given prefix */
1313	n = strlen(prefix);
1314	for(fp=&ctx->fingerprint_root; fp; fp=fp->next) {
1315	if(!fp->fingerprint)
1316	continue;
1317	otrl_privkey_hash_to_human(human, fp->fingerprint);
1318	if(!strncmp(prefix, human, n))
1319	break;
1320	}
1321	if(!fp) {
1322	irc_usermsg(irc, "%s: no match", prefix);
1323	return NULL;
1324	}
1325
1326	/* make sure the match, if any, is unique */
1327	for(fp2=fp->next; fp2; fp2=fp2->next) {
1328	if(!fp2->fingerprint)
1329	continue;
1330	otrl_privkey_hash_to_human(human, fp2->fingerprint);
1331	if(!strncmp(prefix, human, n))
1332	break;
1333	}
1334	if(fp2) {
1335	irc_usermsg(irc, "%s: multiple matches", prefix);
1336	return NULL;
1337	}
1338
1339	return fp;
1340	}
1341
1342	OtrlPrivKey match_privkey(irc_t irc, const char **args)
1343	{
1344	OtrlPrivKey k, k2;
1345	char human[45];
1346	char prefix[45], *p;
1347	int n;
1348	int i,j;
1349
1350	/* assemble the args into a prefix in standard "human" form */
1351	n=0;
1352	p=prefix;
1353	for(i=0; args[i]; i++) {
1354	for(j=0; args[i][j]; j++) {
1355	char c = toupper(args[i][j]);
1356
1357	if(n>=40) {
1358	irc_usermsg(irc, "too many fingerprint digits given, expected at most 40");
1359	return NULL;
1360	}
1361
1362	if( (c>='A' && c<='F') \|\| (c>='0' && c<='9') ) {
1363	*(p++) = c;
1364	} else {
1365	irc_usermsg(irc, "invalid hex digit '%c' in block %d", args[i][j], i+1);
1366	return NULL;
1367	}
1368
1369	n++;
1370	if(n%8 == 0)
1371	*(p++) = ' ';
1372	}
1373	}
1374	*p = '\0';
1375
1376	/* find first key which matches the given prefix */
1377	n = strlen(prefix);
1378	for(k=irc->otr->us->privkey_root; k; k=k->next) {
1379	p = otrl_privkey_fingerprint(irc->otr->us, human, k->accountname, k->protocol);
1380	if(!p) /* gah! :-P */
1381	continue;
1382	if(!strncmp(prefix, human, n))
1383	break;
1384	}
1385	if(!k) {
1386	irc_usermsg(irc, "%s: no match", prefix);
1387	return NULL;
1388	}
1389
1390	/* make sure the match, if any, is unique */
1391	for(k2=k->next; k2; k2=k2->next) {
1392	p = otrl_privkey_fingerprint(irc->otr->us, human, k2->accountname, k2->protocol);
1393	if(!p) /* gah! :-P */
1394	continue;
1395	if(!strncmp(prefix, human, n))
1396	break;
1397	}
1398	if(k2) {
1399	irc_usermsg(irc, "%s: multiple matches", prefix);
1400	return NULL;
1401	}
1402
1403	return k;
1404	}
1405
1406	void show_general_otr_info(irc_t *irc)
1407	{
1408	ConnContext *ctx;
1409	OtrlPrivKey *key;
1410	char human[45];
1411	kg_t *kg;
1412
1413	/* list all privkeys (including ones being generated) */
1414	irc_usermsg(irc, "\x1fprivate keys:\x1f");
1415	for(key=irc->otr->us->privkey_root; key; key=key->next) {
1416	const char *hash;
1417
1418	switch(key->pubkey_type) {
1419	case OTRL_PUBKEY_TYPE_DSA:
1420	irc_usermsg(irc, " %s/%s - DSA", key->accountname, key->protocol);
1421	break;
1422	default:
1423	irc_usermsg(irc, " %s/%s - type %d", key->accountname, key->protocol,
1424	key->pubkey_type);
1425	}
1426
1427	/* No, it doesn't make much sense to search for the privkey again by
1428	account/protocol, but libotr currently doesn't provide a direct routine
1429	for hashing a given 'OtrlPrivKey'... */
1430	hash = otrl_privkey_fingerprint(irc->otr->us, human, key->accountname, key->protocol);
1431	if(hash) /* should always succeed */
1432	irc_usermsg(irc, " %s", human);
1433	}
1434	if(irc->otr->sent_accountname) {
1435	irc_usermsg(irc, " %s/%s - DSA", irc->otr->sent_accountname,
1436	irc->otr->sent_protocol);
1437	irc_usermsg(irc, " (being generated)");
1438	}
1439	for(kg=irc->otr->todo; kg; kg=kg->next) {
1440	irc_usermsg(irc, " %s/%s - DSA", kg->accountname, kg->protocol);
1441	irc_usermsg(irc, " (queued)");
1442	}
1443	if(key == irc->otr->us->privkey_root &&
1444	!irc->otr->sent_accountname &&
1445	kg == irc->otr->todo)
1446	irc_usermsg(irc, " (none)");
1447
1448	/* list all contexts */
1449	irc_usermsg(irc, "%s", "");
1450	irc_usermsg(irc, "\x1f" "connection contexts:\x1f (bold=currently encrypted)");
1451	for(ctx=irc->otr->us->context_root; ctx; ctx=ctx->next) {\
1452	user_t *u;
1453	char *userstring;
1454
1455	u = peeruser(irc, ctx->username, ctx->protocol);
1456	if(u)
1457	userstring = g_strdup_printf("%s/%s/%s (%s)",
1458	ctx->username, ctx->protocol, ctx->accountname, u->nick);
1459	else
1460	userstring = g_strdup_printf("%s/%s/%s",
1461	ctx->username, ctx->protocol, ctx->accountname);
1462
1463	if(ctx->msgstate == OTRL_MSGSTATE_ENCRYPTED) {
1464	irc_usermsg(irc, " \x02%s\x02", userstring);
1465	} else {
1466	irc_usermsg(irc, " %s", userstring);
1467	}
1468
1469	g_free(userstring);
1470	}
1471	if(ctx == irc->otr->us->context_root)
1472	irc_usermsg(irc, " (none)");
1473	}
1474
1475	void show_otr_context_info(irc_t irc, ConnContext ctx)
1476	{
1477	switch(ctx->otr_offer) {
1478	case OFFER_NOT:
1479	irc_usermsg(irc, " otr offer status: none sent");
1480	break;
1481	case OFFER_SENT:
1482	irc_usermsg(irc, " otr offer status: awaiting reply");
1483	break;
1484	case OFFER_ACCEPTED:
1485	irc_usermsg(irc, " otr offer status: accepted our offer");
1486	break;
1487	case OFFER_REJECTED:
1488	irc_usermsg(irc, " otr offer status: ignored our offer");
1489	break;
1490	default:
1491	irc_usermsg(irc, " otr offer status: %d", ctx->otr_offer);
1492	}
1493
1494	switch(ctx->msgstate) {
1495	case OTRL_MSGSTATE_PLAINTEXT:
1496	irc_usermsg(irc, " connection state: cleartext");
1497	break;
1498	case OTRL_MSGSTATE_ENCRYPTED:
1499	irc_usermsg(irc, " connection state: encrypted (v%d)", ctx->protocol_version);
1500	break;
1501	case OTRL_MSGSTATE_FINISHED:
1502	irc_usermsg(irc, " connection state: shut down");
1503	break;
1504	default:
1505	irc_usermsg(irc, " connection state: %d", ctx->msgstate);
1506	}
1507
1508	irc_usermsg(irc, " fingerprints: (bold=active)");
1509	show_fingerprints(irc, ctx);
1510	}
1511
1512	int keygen_in_progress(irc_t irc, const char handle, const char *protocol)
1513	{
1514	kg_t *kg;
1515
1516	if(!irc->otr->sent_accountname \|\| !irc->otr->sent_protocol)
1517	return 0;
1518
1519	/* are we currently working on this key? */
1520	if(!strcmp(handle, irc->otr->sent_accountname) &&
1521	!strcmp(protocol, irc->otr->sent_protocol))
1522	return 1;
1523
1524	/* do we have it queued for later? */
1525	for(kg=irc->otr->todo; kg; kg=kg->next) {
1526	if(!strcmp(handle, kg->accountname) &&
1527	!strcmp(protocol, kg->protocol))
1528	return 1;
1529	}
1530
1531	return 0;
1532	}
1533
1534	void otr_keygen(irc_t irc, const char handle, const char *protocol)
1535	{
1536	/* do nothing if a key for the requested account is already being generated */
1537	if(keygen_in_progress(irc, handle, protocol))
1538	return;
1539
1540	/* see if we already have a keygen child running. if not, start one and put a
1541	handler on its output. */
1542	if(!irc->otr->keygen \|\| waitpid(irc->otr->keygen, NULL, WNOHANG)) {
1543	pid_t p;
1544	int to[2], from[2];
1545	FILE tof, fromf;
1546
1547	if(pipe(to) < 0 \|\| pipe(from) < 0) {
1548	irc_usermsg(irc, "otr keygen: couldn't create pipe: %s", strerror(errno));
1549	return;
1550	}
1551
1552	tof = fdopen(to[1], "w");
1553	fromf = fdopen(from[0], "r");
1554	if(!tof \|\| !fromf) {
1555	irc_usermsg(irc, "otr keygen: couldn't streamify pipe: %s", strerror(errno));
1556	return;
1557	}
1558
1559	p = fork();
1560	if(p<0) {
1561	irc_usermsg(irc, "otr keygen: couldn't fork: %s", strerror(errno));
1562	return;
1563	}
1564
1565	if(!p) {
1566	/* child process */
1567	signal(SIGTERM, exit);
1568	keygen_child_main(irc->otr->us, to[0], from[1]);
1569	exit(0);
1570	}
1571
1572	irc->otr->keygen = p;
1573	irc->otr->to = tof;
1574	irc->otr->from = fromf;
1575	irc->otr->sent_accountname = NULL;
1576	irc->otr->sent_protocol = NULL;
1577	irc->otr->todo = NULL;
1578	b_input_add(from[0], GAIM_INPUT_READ, keygen_finish_handler, irc);
1579	}
1580
1581	/* is the keygen slave currently working? */
1582	if(irc->otr->sent_accountname) {
1583	/* enqueue our job for later transmission */
1584	kg_t **kg = &irc->otr->todo;
1585	while(*kg)
1586	kg=&((*kg)->next);
1587	*kg = g_new0(kg_t, 1);
1588	(*kg)->accountname = g_strdup(handle);
1589	(*kg)->protocol = g_strdup(protocol);
1590	} else {
1591	/* send our job over and remember it */
1592	fprintf(irc->otr->to, "%s\n%s\n", handle, protocol);
1593	fflush(irc->otr->to);
1594	irc->otr->sent_accountname = g_strdup(handle);
1595	irc->otr->sent_protocol = g_strdup(protocol);
1596	}
1597	}
1598
1599	void keygen_child_main(OtrlUserState us, int infd, int outfd)
1600	{
1601	FILE input, output;
1602	char filename[128], accountname[512], protocol[512];
1603	gcry_error_t e;
1604	int tempfd;
1605
1606	input = fdopen(infd, "r");
1607	output = fdopen(outfd, "w");
1608
1609	while(!feof(input) && !ferror(input) && !feof(output) && !ferror(output)) {
1610	myfgets(accountname, 512, input);
1611	myfgets(protocol, 512, input);
1612
1613	strncpy(filename, "/tmp/bitlbee-XXXXXX", 128);
1614	tempfd = mkstemp(filename);
1615	close(tempfd);
1616
1617	e = otrl_privkey_generate(us, filename, accountname, protocol);
1618	if(e) {
1619	fprintf(output, "\n"); /* this means failure */
1620	fprintf(output, "otr keygen: %s\n", gcry_strerror(e));
1621	unlink(filename);
1622	} else {
1623	fprintf(output, "%s\n", filename);
1624	fprintf(output, "otr keygen for %s/%s complete\n", accountname, protocol);
1625	}
1626	fflush(output);
1627	}
1628
1629	fclose(input);
1630	fclose(output);
1631	}
1632
1633	gboolean keygen_finish_handler(gpointer data, gint fd, b_input_condition cond)
1634	{
1635	irc_t irc = (irc_t )data;
1636	char filename[512], msg[512];
1637
1638	myfgets(filename, 512, irc->otr->from);
1639	myfgets(msg, 512, irc->otr->from);
1640
1641	irc_usermsg(irc, "%s", msg);
1642	if(filename[0]) {
1643	char *kf = g_strdup_printf("%s%s.otr_keys", global.conf->configdir, irc->nick);
1644	char *tmp = g_strdup_printf("%s.new", kf);
1645	copyfile(filename, tmp);
1646	unlink(filename);
1647	rename(tmp,kf);
1648	otrl_privkey_read(irc->otr->us, kf);
1649	g_free(kf);
1650	g_free(tmp);
1651	}
1652
1653	/* forget this job */
1654	g_free(irc->otr->sent_accountname);
1655	g_free(irc->otr->sent_protocol);
1656	irc->otr->sent_accountname = NULL;
1657	irc->otr->sent_protocol = NULL;
1658
1659	/* see if there are any more in the queue */
1660	if(irc->otr->todo) {
1661	kg_t *p = irc->otr->todo;
1662	/* send the next one over */
1663	fprintf(irc->otr->to, "%s\n%s\n", p->accountname, p->protocol);
1664	fflush(irc->otr->to);
1665	irc->otr->sent_accountname = p->accountname;
1666	irc->otr->sent_protocol = p->protocol;
1667	irc->otr->todo = p->next;
1668	g_free(p);
1669	return TRUE; /* keep watching */
1670	} else {
1671	/* okay, the slave is idle now, so kill him */
1672	fclose(irc->otr->from);
1673	fclose(irc->otr->to);
1674	kill(irc->otr->keygen, SIGTERM);
1675	waitpid(irc->otr->keygen, NULL, 0);
1676	irc->otr->keygen = 0;
1677	return FALSE; /* unregister ourselves */
1678	}
1679	}
1680
1681	void copyfile(const char a, const char b)
1682	{
1683	int fda, fdb;
1684	int n;
1685	char buf[1024];
1686
1687	fda = open(a, O_RDONLY);
1688	fdb = open(b, O_WRONLY \| O_CREAT \| O_TRUNC, 0600);
1689
1690	while((n=read(fda, buf, 1024)) > 0)
1691	write(fdb, buf, n);
1692
1693	close(fda);
1694	close(fdb);
1695	}
1696
1697	void myfgets(char s, int size, FILE stream)
1698	{
1699	if(!fgets(s, size, stream)) {
1700	s[0] = '\0';
1701	} else {
1702	int n = strlen(s);
1703	if(n>0 && s[n-1] == '\n')
1704	s[n-1] = '\0';
1705	}
1706	}
1707
1708	void yes_keygen(void *data)
1709	{
1710	account_t acc = (account_t )data;
1711
1712	if(keygen_in_progress(acc->irc, acc->user, acc->prpl->name)) {
1713	irc_usermsg(acc->irc, "keygen for %s/%s already in progress",
1714	acc->user, acc->prpl->name);
1715	} else {
1716	irc_usermsg(acc->irc, "starting background keygen for %s/%s",
1717	acc->user, acc->prpl->name);
1718	irc_usermsg(acc->irc, "you will be notified when it completes");
1719	otr_keygen(acc->irc, acc->user, acc->prpl->name);
1720	}
1721	}
1722
1723
1724	#else /* WITH_OTR undefined */
1725
1726	void cmd_otr(irc_t irc, char *args)
1727	{
1728	irc_usermsg(irc, "otr: n/a, compiled without OTR support");
1729	}
1730
1731	#endif

Note: See TracBrowser for help on using the repository browser.

Download in other formats: