Context Navigation

source: protocols/jabber/io.c @ 486ddb5

Last change on this file since 486ddb5 was 486ddb5, checked in by Wilmer van der Gaast <wilmer@…>, at 2011-12-19T14:50:58Z
Initial merge of tls_verify patch from AopicieR.
Property mode set to `100644`
File size: 17.7 KB

Line
1	/***************************************************************************\
2	* *
3	* BitlBee - An IRC to IM gateway *
4	* Jabber module - I/O stuff (plain, SSL), queues, etc *
5	* *
6	* Copyright 2006 Wilmer van der Gaast <wilmer@gaast.net> *
7	* *
8	* This program is free software; you can redistribute it and/or modify *
9	* it under the terms of the GNU General Public License as published by *
10	* the Free Software Foundation; either version 2 of the License, or *
11	* (at your option) any later version. *
12	* *
13	* This program is distributed in the hope that it will be useful, *
14	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
16	* GNU General Public License for more details. *
17	* *
18	* You should have received a copy of the GNU General Public License along *
19	* with this program; if not, write to the Free Software Foundation, Inc., *
20	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. *
21	* *
22	\***************************************************************************/
23
24	#include "jabber.h"
25	#include "ssl_client.h"
26
27	static gboolean jabber_write_callback( gpointer data, gint fd, b_input_condition cond );
28	static gboolean jabber_write_queue( struct im_connection *ic );
29
30	int jabber_write_packet( struct im_connection ic, struct xt_node node )
31	{
32	char *buf;
33	int st;
34
35	buf = xt_to_string( node );
36	st = jabber_write( ic, buf, strlen( buf ) );
37	g_free( buf );
38
39	return st;
40	}
41
42	int jabber_write( struct im_connection ic, char buf, int len )
43	{
44	struct jabber_data *jd = ic->proto_data;
45	gboolean ret;
46
47	if( jd->flags & JFLAG_XMLCONSOLE && !( ic->flags & OPT_LOGGING_OUT ) )
48	{
49	char msg, s;
50
51	msg = g_strdup_printf( "TX: %s", buf );
52	/* Don't include auth info in XML logs. */
53	if( strncmp( msg, "TX: <auth ", 10 ) == 0 && ( s = strchr( msg, '>' ) ) )
54	{
55	s++;
56	while( s && s != '<' )
57	(s++) = '';
58	}
59	imcb_buddy_msg( ic, JABBER_XMLCONSOLE_HANDLE, msg, 0, 0 );
60	g_free( msg );
61	}
62
63	if( jd->tx_len == 0 )
64	{
65	/* If the queue is empty, allocate a new buffer. */
66	jd->tx_len = len;
67	jd->txq = g_memdup( buf, len );
68
69	/* Try if we can write it immediately so we don't have to do
70	it via the event handler. If not, add the handler. (In
71	most cases it probably won't be necessary.) */
72	if( ( ret = jabber_write_queue( ic ) ) && jd->tx_len > 0 )
73	jd->w_inpa = b_input_add( jd->fd, B_EV_IO_WRITE, jabber_write_callback, ic );
74	}
75	else
76	{
77	/* Just add it to the buffer if it's already filled. The
78	event handler is already set. */
79	jd->txq = g_renew( char, jd->txq, jd->tx_len + len );
80	memcpy( jd->txq + jd->tx_len, buf, len );
81	jd->tx_len += len;
82
83	/* The return value for write() doesn't necessarily mean
84	that everything got sent, it mainly means that the
85	connection (officially) still exists and can still
86	be accessed without hitting SIGSEGV. IOW: */
87	ret = TRUE;
88	}
89
90	return ret;
91	}
92
93	/* Splitting up in two separate functions: One to use as a callback and one
94	to use in the function above to escape from having to wait for the event
95	handler to call us, if possible.
96
97	Two different functions are necessary because of the return values: The
98	callback should only return TRUE if the write was successful AND if the
99	buffer is not empty yet (ie. if the handler has to be called again when
100	the socket is ready for more data). */
101	static gboolean jabber_write_callback( gpointer data, gint fd, b_input_condition cond )
102	{
103	struct jabber_data jd = ((struct im_connection )data)->proto_data;
104
105	return jd->fd != -1 &&
106	jabber_write_queue( data ) &&
107	jd->tx_len > 0;
108	}
109
110	static gboolean jabber_write_queue( struct im_connection *ic )
111	{
112	struct jabber_data *jd = ic->proto_data;
113	int st;
114
115	if( jd->ssl )
116	st = ssl_write( jd->ssl, jd->txq, jd->tx_len );
117	else
118	st = write( jd->fd, jd->txq, jd->tx_len );
119
120	if( st == jd->tx_len )
121	{
122	/* We wrote everything, clear the buffer. */
123	g_free( jd->txq );
124	jd->txq = NULL;
125	jd->tx_len = 0;
126
127	return TRUE;
128	}
129	else if( st == 0 \|\| ( st < 0 && !ssl_sockerr_again( jd->ssl ) ) )
130	{
131	/* Set fd to -1 to make sure we won't write to it anymore. */
132	closesocket( jd->fd ); /* Shouldn't be necessary after errors? */
133	jd->fd = -1;
134
135	imcb_error( ic, "Short write() to server" );
136	imc_logout( ic, TRUE );
137	return FALSE;
138	}
139	else if( st > 0 )
140	{
141	char *s;
142
143	s = g_memdup( jd->txq + st, jd->tx_len - st );
144	jd->tx_len -= st;
145	g_free( jd->txq );
146	jd->txq = s;
147
148	return TRUE;
149	}
150	else
151	{
152	/* Just in case we had EINPROGRESS/EAGAIN: */
153
154	return TRUE;
155	}
156	}
157
158	static gboolean jabber_read_callback( gpointer data, gint fd, b_input_condition cond )
159	{
160	struct im_connection *ic = data;
161	struct jabber_data *jd = ic->proto_data;
162	char buf[512];
163	int st;
164
165	if( jd->fd == -1 )
166	return FALSE;
167
168	if( jd->ssl )
169	st = ssl_read( jd->ssl, buf, sizeof( buf ) );
170	else
171	st = read( jd->fd, buf, sizeof( buf ) );
172
173	if( st > 0 )
174	{
175	/* Parse. */
176	if( xt_feed( jd->xt, buf, st ) < 0 )
177	{
178	imcb_error( ic, "XML stream error" );
179	imc_logout( ic, TRUE );
180	return FALSE;
181	}
182
183	/* Execute all handlers. */
184	if( !xt_handle( jd->xt, NULL, 1 ) )
185	{
186	/* Don't do anything, the handlers should have
187	aborted the connection already. */
188	return FALSE;
189	}
190
191	if( jd->flags & JFLAG_STREAM_RESTART )
192	{
193	jd->flags &= ~JFLAG_STREAM_RESTART;
194	jabber_start_stream( ic );
195	}
196
197	/* Garbage collection. */
198	xt_cleanup( jd->xt, NULL, 1 );
199
200	/* This is a bit hackish, unfortunately. Although xmltree
201	has nifty event handler stuff, it only calls handlers
202	when nodes are complete. Since the server should only
203	send an opening <stream:stream> tag, we have to check
204	this by hand. :-( */
205	if( !( jd->flags & JFLAG_STREAM_STARTED ) && jd->xt && jd->xt->root )
206	{
207	if( g_strcasecmp( jd->xt->root->name, "stream:stream" ) == 0 )
208	{
209	jd->flags \|= JFLAG_STREAM_STARTED;
210
211	/* If there's no version attribute, assume
212	this is an old server that can't do SASL
213	authentication. */
214	if( !set_getbool( &ic->acc->set, "sasl") \|\| !sasl_supported( ic ) )
215	{
216	/* If there's no version= tag, we suppose
217	this server does NOT implement: XMPP 1.0,
218	SASL and TLS. */
219	if( set_getbool( &ic->acc->set, "tls" ) )
220	{
221	imcb_error( ic, "TLS is turned on for this "
222	"account, but is not supported by this server" );
223	imc_logout( ic, FALSE );
224	return FALSE;
225	}
226	else
227	{
228	return jabber_init_iq_auth( ic );
229	}
230	}
231	}
232	else
233	{
234	imcb_error( ic, "XML stream error" );
235	imc_logout( ic, TRUE );
236	return FALSE;
237	}
238	}
239	}
240	else if( st == 0 \|\| ( st < 0 && !ssl_sockerr_again( jd->ssl ) ) )
241	{
242	closesocket( jd->fd );
243	jd->fd = -1;
244
245	imcb_error( ic, "Error while reading from server" );
246	imc_logout( ic, TRUE );
247	return FALSE;
248	}
249
250	if( ssl_pending( jd->ssl ) )
251	/* OpenSSL empties the TCP buffers completely but may keep some
252	data in its internap buffers. select() won't see that, but
253	ssl_pending() does. */
254	return jabber_read_callback( data, fd, cond );
255	else
256	return TRUE;
257	}
258
259	gboolean jabber_connected_plain( gpointer data, gint source, b_input_condition cond )
260	{
261	struct im_connection *ic = data;
262
263	if( g_slist_find( jabber_connections, ic ) == NULL )
264	return FALSE;
265
266	if( source == -1 )
267	{
268	imcb_error( ic, "Could not connect to server" );
269	imc_logout( ic, TRUE );
270	return FALSE;
271	}
272
273	imcb_log( ic, "Connected to server, logging in" );
274
275	return jabber_start_stream( ic );
276	}
277
278	gboolean jabber_connected_ssl( gpointer data, int returncode, void *source, b_input_condition cond )
279	{
280	struct im_connection *ic = data;
281	struct jabber_data *jd;
282
283	if( g_slist_find( jabber_connections, ic ) == NULL )
284	return FALSE;
285
286	jd = ic->proto_data;
287
288	if( source == NULL )
289	{
290	/* The SSL connection will be cleaned up by the SSL lib
291	already, set it to NULL here to prevent a double cleanup: */
292	jd->ssl = NULL;
293
294	imcb_error( ic, "Could not connect to server" );
295	if (returncode == OPENSSL_VERIFY_ERROR )
296	{
297	imcb_error( ic, "This BitlBee server is built agains the OpenSSL library." );
298	imcb_error( ic, "Unfortunately certificate verification is only supported when built against GnuTLS for now." );
299	imc_logout( ic, FALSE );
300	}
301	else if (returncode == NSS_VERIFY_ERROR )
302	{
303	imcb_error( ic, "This BitlBee server is built agains the NSS library." );
304	imcb_error( ic, "Unfortunately certificate verification is only supported when built against GnuTLS for now." );
305	imc_logout( ic, FALSE );
306	}
307	else if (returncode == VERIFY_CERT_ERROR )
308	{
309	imcb_error( ic, "An error occured during the certificate verification." );
310	imc_logout( ic, FALSE );
311	}
312	else if (returncode & VERIFY_CERT_INVALID)
313	{
314	imcb_error( ic, "Unable to verify peer's certificate." );
315	if (returncode & VERIFY_CERT_REVOKED)
316	imcb_error( ic, "The certificate has been revoked." );
317	if (returncode & VERIFY_CERT_SIGNER_NOT_FOUND)
318	imcb_error( ic, "The certificate hasn't got a known issuer." );
319	if (returncode & VERIFY_CERT_SIGNER_NOT_CA)
320	imcb_error( ic, "The certificate's issuer is not a CA." );
321	if (returncode & VERIFY_CERT_INSECURE_ALGORITHM)
322	imcb_error( ic, "The certificate uses an insecure algorithm." );
323	if (returncode & VERIFY_CERT_NOT_ACTIVATED)
324	imcb_error( ic, "The certificate has not been activated." );
325	if (returncode & VERIFY_CERT_EXPIRED)
326	imcb_error( ic, "The certificate has expired." );
327	if (returncode & VERIFY_CERT_WRONG_HOSTNAME)
328	imcb_error( ic, "The hostname specified in the certificate doesn't match the server name." );
329	imc_logout( ic, FALSE );
330	}
331	else
332	imc_logout( ic, TRUE );
333	return FALSE;
334	}
335
336	imcb_log( ic, "Connected to server, logging in" );
337
338	return jabber_start_stream( ic );
339	}
340
341	static xt_status jabber_end_of_stream( struct xt_node *node, gpointer data )
342	{
343	imc_logout( data, TRUE );
344	return XT_ABORT;
345	}
346
347	static xt_status jabber_pkt_features( struct xt_node *node, gpointer data )
348	{
349	struct im_connection *ic = data;
350	struct jabber_data *jd = ic->proto_data;
351	struct xt_node c, reply;
352	int trytls;
353
354	trytls = g_strcasecmp( set_getstr( &ic->acc->set, "tls" ), "try" ) == 0;
355	c = xt_find_node( node->children, "starttls" );
356	if( c && !jd->ssl )
357	{
358	/* If the server advertises the STARTTLS feature and if we're
359	not in a secure connection already: */
360
361	c = xt_find_node( c->children, "required" );
362
363	if( c && ( !trytls && !set_getbool( &ic->acc->set, "tls" ) ) )
364	{
365	imcb_error( ic, "Server requires TLS connections, but TLS is turned off for this account" );
366	imc_logout( ic, FALSE );
367
368	return XT_ABORT;
369	}
370
371	/* Only run this if the tls setting is set to true or try: */
372	if( ( trytls \|\| set_getbool( &ic->acc->set, "tls" ) ) )
373	{
374	reply = xt_new_node( "starttls", NULL, NULL );
375	xt_add_attr( reply, "xmlns", XMLNS_TLS );
376	if( !jabber_write_packet( ic, reply ) )
377	{
378	xt_free_node( reply );
379	return XT_ABORT;
380	}
381	xt_free_node( reply );
382
383	return XT_HANDLED;
384	}
385	}
386	else if( !c && !jd->ssl )
387	{
388	/* If the server does not advertise the STARTTLS feature and
389	we're not in a secure connection already: (Servers have a
390	habit of not advertising <starttls/> anymore when already
391	using SSL/TLS. */
392
393	if( !trytls && set_getbool( &ic->acc->set, "tls" ) )
394	{
395	imcb_error( ic, "TLS is turned on for this account, but is not supported by this server" );
396	imc_logout( ic, FALSE );
397
398	return XT_ABORT;
399	}
400	}
401
402	/* This one used to be in jabber_handlers[], but it has to be done
403	from here to make sure the TLS session will be initialized
404	properly before we attempt SASL authentication. */
405	if( ( c = xt_find_node( node->children, "mechanisms" ) ) )
406	{
407	if( sasl_pkt_mechanisms( c, data ) == XT_ABORT )
408	return XT_ABORT;
409	}
410	/* If the server SEEMS to support SASL authentication but doesn't
411	support it after all, we should try to do authentication the
412	other way. jabber.com doesn't seem to do SASL while it pretends
413	to be XMPP 1.0 compliant! */
414	else if( !( jd->flags & JFLAG_AUTHENTICATED ) && set_getbool( &ic->acc->set, "sasl") && sasl_supported( ic ) )
415	{
416	if( !jabber_init_iq_auth( ic ) )
417	return XT_ABORT;
418	}
419
420	if( ( c = xt_find_node( node->children, "bind" ) ) )
421	jd->flags \|= JFLAG_WANT_BIND;
422
423	if( ( c = xt_find_node( node->children, "session" ) ) )
424	jd->flags \|= JFLAG_WANT_SESSION;
425
426	if( jd->flags & JFLAG_AUTHENTICATED )
427	return jabber_pkt_bind_sess( ic, NULL, NULL );
428
429	return XT_HANDLED;
430	}
431
432	static xt_status jabber_pkt_proceed_tls( struct xt_node *node, gpointer data )
433	{
434	struct im_connection *ic = data;
435	struct jabber_data *jd = ic->proto_data;
436	char xmlns, tlsname;
437
438	xmlns = xt_find_attr( node, "xmlns" );
439
440	/* Just ignore it when it doesn't seem to be TLS-related (is that at
441	all possible??). */
442	if( !xmlns \|\| strcmp( xmlns, XMLNS_TLS ) != 0 )
443	return XT_HANDLED;
444
445	/* We don't want event handlers to touch our TLS session while it's
446	still initializing! */
447	b_event_remove( jd->r_inpa );
448	if( jd->tx_len > 0 )
449	{
450	/* Actually the write queue should be empty here, but just
451	to be sure... */
452	b_event_remove( jd->w_inpa );
453	g_free( jd->txq );
454	jd->txq = NULL;
455	jd->tx_len = 0;
456	}
457	jd->w_inpa = jd->r_inpa = 0;
458
459	imcb_log( ic, "Converting stream to TLS" );
460
461	jd->flags \|= JFLAG_STARTTLS_DONE;
462
463	/* If the user specified a server for the account, use this server as the
464	* hostname in the certificate verification. Else we use the domain from
465	* the username. */
466	if( ic->acc->server && *ic->acc->server )
467	tlsname = ic->acc->server;
468	else
469	tlsname = jd->server;
470
471	jd->ssl = ssl_starttls( jd->fd, tlsname, set_getbool( &ic->acc->set, "tls_verify" ),
472	jabber_connected_ssl, ic );
473
474	return XT_HANDLED;
475	}
476
477	static xt_status jabber_pkt_stream_error( struct xt_node *node, gpointer data )
478	{
479	struct im_connection *ic = data;
480	int allow_reconnect = TRUE;
481	struct jabber_error *err;
482
483	err = jabber_error_parse( node, XMLNS_STREAM_ERROR );
484
485	/* Tssk... */
486	if( err->code == NULL )
487	{
488	imcb_error( ic, "Unknown stream error reported by server" );
489	imc_logout( ic, allow_reconnect );
490	jabber_error_free( err );
491	return XT_ABORT;
492	}
493
494	/* We know that this is a fatal error. If it's a "conflict" error, we
495	should turn off auto-reconnect to make sure we won't get some nasty
496	infinite loop! */
497	if( strcmp( err->code, "conflict" ) == 0 )
498	{
499	imcb_error( ic, "Account and resource used from a different location" );
500	allow_reconnect = FALSE;
501	}
502	else
503	{
504	imcb_error( ic, "Stream error: %s%s%s", err->code, err->text ? ": " : "",
505	err->text ? err->text : "" );
506	}
507
508	jabber_error_free( err );
509	imc_logout( ic, allow_reconnect );
510
511	return XT_ABORT;
512	}
513
514	static xt_status jabber_xmlconsole( struct xt_node *node, gpointer data )
515	{
516	struct im_connection *ic = data;
517	struct jabber_data *jd = ic->proto_data;
518
519	if( jd->flags & JFLAG_XMLCONSOLE )
520	{
521	char msg, pkt;
522
523	pkt = xt_to_string( node );
524	msg = g_strdup_printf( "RX: %s", pkt );
525	imcb_buddy_msg( ic, JABBER_XMLCONSOLE_HANDLE, msg, 0, 0 );
526	g_free( msg );
527	g_free( pkt );
528	}
529
530	return XT_NEXT;
531	}
532
533	static const struct xt_handler_entry jabber_handlers[] = {
534	{ NULL, "stream:stream", jabber_xmlconsole },
535	{ "stream:stream", "<root>", jabber_end_of_stream },
536	{ "message", "stream:stream", jabber_pkt_message },
537	{ "presence", "stream:stream", jabber_pkt_presence },
538	{ "iq", "stream:stream", jabber_pkt_iq },
539	{ "stream:features", "stream:stream", jabber_pkt_features },
540	{ "stream:error", "stream:stream", jabber_pkt_stream_error },
541	{ "proceed", "stream:stream", jabber_pkt_proceed_tls },
542	{ "challenge", "stream:stream", sasl_pkt_challenge },
543	{ "success", "stream:stream", sasl_pkt_result },
544	{ "failure", "stream:stream", sasl_pkt_result },
545	{ NULL, NULL, NULL }
546	};
547
548	gboolean jabber_start_stream( struct im_connection *ic )
549	{
550	struct jabber_data *jd = ic->proto_data;
551	int st;
552	char *greet;
553
554	/* We'll start our stream now, so prepare everything to receive one
555	from the server too. */
556	xt_free( jd->xt ); /* In case we're RE-starting. */
557	jd->xt = xt_new( jabber_handlers, ic );
558
559	if( jd->r_inpa <= 0 )
560	jd->r_inpa = b_input_add( jd->fd, B_EV_IO_READ, jabber_read_callback, ic );
561
562	greet = g_strdup_printf( "%s<stream:stream to=\"%s\" xmlns=\"jabber:client\" "
563	"xmlns:stream=\"http://etherx.jabber.org/streams\" version=\"1.0\">",
564	( jd->flags & JFLAG_STARTTLS_DONE ) ? "" : "<?xml version='1.0' ?>",
565	jd->server );
566
567	st = jabber_write( ic, greet, strlen( greet ) );
568
569	g_free( greet );
570
571	return st;
572	}
573
574	void jabber_end_stream( struct im_connection *ic )
575	{
576	struct jabber_data *jd = ic->proto_data;
577
578	/* Let's only do this if the queue is currently empty, otherwise it'd
579	take too long anyway. */
580	if( jd->tx_len == 0 )
581	{
582	char eos[] = "</stream:stream>";
583	struct xt_node *node;
584	int st = 1;
585
586	if( ic->flags & OPT_LOGGED_IN )
587	{
588	node = jabber_make_packet( "presence", "unavailable", NULL, NULL );
589	st = jabber_write_packet( ic, node );
590	xt_free_node( node );
591	}
592
593	if( st )
594	jabber_write( ic, eos, strlen( eos ) );
595	}
596	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: