Context Navigation

source: protocols/jabber/io.c @ 4f161e3

Last change on this file since 4f161e3 was 0e35ff6, checked in by dequis <dx@…>, at 2014-10-11T02:20:53Z

Handle not-authorized stream errors, avoid reconnect

Got this one while trying to connect to google servers with hipchat auth

Property mode set to 100644

File size: 17.3 KB

Line
1	/***************************************************************************\
2	* *
3	* BitlBee - An IRC to IM gateway *
4	* Jabber module - I/O stuff (plain, SSL), queues, etc *
5	* *
6	* Copyright 2006-2012 Wilmer van der Gaast <wilmer@gaast.net> *
7	* *
8	* This program is free software; you can redistribute it and/or modify *
9	* it under the terms of the GNU General Public License as published by *
10	* the Free Software Foundation; either version 2 of the License, or *
11	* (at your option) any later version. *
12	* *
13	* This program is distributed in the hope that it will be useful, *
14	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
16	* GNU General Public License for more details. *
17	* *
18	* You should have received a copy of the GNU General Public License along *
19	* with this program; if not, write to the Free Software Foundation, Inc., *
20	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. *
21	* *
22	\***************************************************************************/
23
24	#include "jabber.h"
25	#include "ssl_client.h"
26
27	static gboolean jabber_write_callback( gpointer data, gint fd, b_input_condition cond );
28	static gboolean jabber_write_queue( struct im_connection *ic );
29
30	int jabber_write_packet( struct im_connection ic, struct xt_node node )
31	{
32	char *buf;
33	int st;
34
35	buf = xt_to_string( node );
36	st = jabber_write( ic, buf, strlen( buf ) );
37	g_free( buf );
38
39	return st;
40	}
41
42	int jabber_write( struct im_connection ic, char buf, int len )
43	{
44	struct jabber_data *jd = ic->proto_data;
45	gboolean ret;
46
47	if( jd->flags & JFLAG_XMLCONSOLE && !( ic->flags & OPT_LOGGING_OUT ) )
48	{
49	char msg, s;
50
51	msg = g_strdup_printf( "TX: %s", buf );
52	/* Don't include auth info in XML logs. */
53	if( strncmp( msg, "TX: <auth ", 10 ) == 0 && ( s = strchr( msg, '>' ) ) )
54	{
55	s++;
56	while( s && s != '<' )
57	(s++) = '';
58	}
59	imcb_buddy_msg( ic, JABBER_XMLCONSOLE_HANDLE, msg, 0, 0 );
60	g_free( msg );
61	}
62
63	if( jd->tx_len == 0 )
64	{
65	/* If the queue is empty, allocate a new buffer. */
66	jd->tx_len = len;
67	jd->txq = g_memdup( buf, len );
68
69	/* Try if we can write it immediately so we don't have to do
70	it via the event handler. If not, add the handler. (In
71	most cases it probably won't be necessary.) */
72	if( ( ret = jabber_write_queue( ic ) ) && jd->tx_len > 0 )
73	jd->w_inpa = b_input_add( jd->fd, B_EV_IO_WRITE, jabber_write_callback, ic );
74	}
75	else
76	{
77	/* Just add it to the buffer if it's already filled. The
78	event handler is already set. */
79	jd->txq = g_renew( char, jd->txq, jd->tx_len + len );
80	memcpy( jd->txq + jd->tx_len, buf, len );
81	jd->tx_len += len;
82
83	/* The return value for write() doesn't necessarily mean
84	that everything got sent, it mainly means that the
85	connection (officially) still exists and can still
86	be accessed without hitting SIGSEGV. IOW: */
87	ret = TRUE;
88	}
89
90	return ret;
91	}
92
93	/* Splitting up in two separate functions: One to use as a callback and one
94	to use in the function above to escape from having to wait for the event
95	handler to call us, if possible.
96
97	Two different functions are necessary because of the return values: The
98	callback should only return TRUE if the write was successful AND if the
99	buffer is not empty yet (ie. if the handler has to be called again when
100	the socket is ready for more data). */
101	static gboolean jabber_write_callback( gpointer data, gint fd, b_input_condition cond )
102	{
103	struct jabber_data jd = ((struct im_connection )data)->proto_data;
104
105	return jd->fd != -1 &&
106	jabber_write_queue( data ) &&
107	jd->tx_len > 0;
108	}
109
110	static gboolean jabber_write_queue( struct im_connection *ic )
111	{
112	struct jabber_data *jd = ic->proto_data;
113	int st;
114
115	if( jd->ssl )
116	st = ssl_write( jd->ssl, jd->txq, jd->tx_len );
117	else
118	st = write( jd->fd, jd->txq, jd->tx_len );
119
120	if( st == jd->tx_len )
121	{
122	/* We wrote everything, clear the buffer. */
123	g_free( jd->txq );
124	jd->txq = NULL;
125	jd->tx_len = 0;
126
127	return TRUE;
128	}
129	else if( st == 0 \|\| ( st < 0 && !ssl_sockerr_again( jd->ssl ) ) )
130	{
131	/* Set fd to -1 to make sure we won't write to it anymore. */
132	closesocket( jd->fd ); /* Shouldn't be necessary after errors? */
133	jd->fd = -1;
134
135	imcb_error( ic, "Short write() to server" );
136	imc_logout( ic, TRUE );
137	return FALSE;
138	}
139	else if( st > 0 )
140	{
141	char *s;
142
143	s = g_memdup( jd->txq + st, jd->tx_len - st );
144	jd->tx_len -= st;
145	g_free( jd->txq );
146	jd->txq = s;
147
148	return TRUE;
149	}
150	else
151	{
152	/* Just in case we had EINPROGRESS/EAGAIN: */
153
154	return TRUE;
155	}
156	}
157
158	static gboolean jabber_read_callback( gpointer data, gint fd, b_input_condition cond )
159	{
160	struct im_connection *ic = data;
161	struct jabber_data *jd = ic->proto_data;
162	char buf[512];
163	int st;
164
165	if( jd->fd == -1 )
166	return FALSE;
167
168	if( jd->ssl )
169	st = ssl_read( jd->ssl, buf, sizeof( buf ) );
170	else
171	st = read( jd->fd, buf, sizeof( buf ) );
172
173	if( st > 0 )
174	{
175	/* Parse. */
176	if( xt_feed( jd->xt, buf, st ) < 0 )
177	{
178	imcb_error( ic, "XML stream error" );
179	imc_logout( ic, TRUE );
180	return FALSE;
181	}
182
183	/* Execute all handlers. */
184	if( !xt_handle( jd->xt, NULL, 1 ) )
185	{
186	/* Don't do anything, the handlers should have
187	aborted the connection already. */
188	return FALSE;
189	}
190
191	if( jd->flags & JFLAG_STREAM_RESTART )
192	{
193	jd->flags &= ~JFLAG_STREAM_RESTART;
194	jabber_start_stream( ic );
195	}
196
197	/* Garbage collection. */
198	xt_cleanup( jd->xt, NULL, 1 );
199
200	/* This is a bit hackish, unfortunately. Although xmltree
201	has nifty event handler stuff, it only calls handlers
202	when nodes are complete. Since the server should only
203	send an opening <stream:stream> tag, we have to check
204	this by hand. :-( */
205	if( !( jd->flags & JFLAG_STREAM_STARTED ) && jd->xt && jd->xt->root )
206	{
207	if( g_strcasecmp( jd->xt->root->name, "stream:stream" ) == 0 )
208	{
209	jd->flags \|= JFLAG_STREAM_STARTED;
210
211	/* If there's no version attribute, assume
212	this is an old server that can't do SASL
213	authentication. */
214	if( !set_getbool( &ic->acc->set, "sasl") \|\| !sasl_supported( ic ) )
215	{
216	/* If there's no version= tag, we suppose
217	this server does NOT implement: XMPP 1.0,
218	SASL and TLS. */
219	if( set_getbool( &ic->acc->set, "tls" ) )
220	{
221	imcb_error( ic, "TLS is turned on for this "
222	"account, but is not supported by this server" );
223	imc_logout( ic, FALSE );
224	return FALSE;
225	}
226	else
227	{
228	return jabber_init_iq_auth( ic );
229	}
230	}
231	}
232	else
233	{
234	imcb_error( ic, "XML stream error" );
235	imc_logout( ic, TRUE );
236	return FALSE;
237	}
238	}
239	}
240	else if( st == 0 \|\| ( st < 0 && !ssl_sockerr_again( jd->ssl ) ) )
241	{
242	closesocket( jd->fd );
243	jd->fd = -1;
244
245	imcb_error( ic, "Error while reading from server" );
246	imc_logout( ic, TRUE );
247	return FALSE;
248	}
249
250	if( ssl_pending( jd->ssl ) )
251	/* OpenSSL empties the TCP buffers completely but may keep some
252	data in its internap buffers. select() won't see that, but
253	ssl_pending() does. */
254	return jabber_read_callback( data, fd, cond );
255	else
256	return TRUE;
257	}
258
259	gboolean jabber_connected_plain( gpointer data, gint source, b_input_condition cond )
260	{
261	struct im_connection *ic = data;
262
263	if( g_slist_find( jabber_connections, ic ) == NULL )
264	return FALSE;
265
266	if( source == -1 )
267	{
268	imcb_error( ic, "Could not connect to server" );
269	imc_logout( ic, TRUE );
270	return FALSE;
271	}
272
273	imcb_log( ic, "Connected to server, logging in" );
274
275	return jabber_start_stream( ic );
276	}
277
278	gboolean jabber_connected_ssl( gpointer data, int returncode, void *source, b_input_condition cond )
279	{
280	struct im_connection *ic = data;
281	struct jabber_data *jd;
282
283	if( g_slist_find( jabber_connections, ic ) == NULL )
284	return FALSE;
285
286	jd = ic->proto_data;
287
288	if( source == NULL )
289	{
290	/* The SSL connection will be cleaned up by the SSL lib
291	already, set it to NULL here to prevent a double cleanup: */
292	jd->ssl = NULL;
293
294	if( returncode != 0 )
295	{
296	char *err = ssl_verify_strerror( returncode );
297	imcb_error( ic, "Certificate verification problem 0x%x: %s",
298	returncode, err ? err : "Unknown" );
299	g_free( err );
300	imc_logout( ic, FALSE );
301	}
302	else
303	{
304	imcb_error( ic, "Could not connect to server" );
305	imc_logout( ic, TRUE );
306	}
307
308	return FALSE;
309	}
310
311	imcb_log( ic, "Connected to server, logging in" );
312
313	return jabber_start_stream( ic );
314	}
315
316	static xt_status jabber_end_of_stream( struct xt_node *node, gpointer data )
317	{
318	imc_logout( data, TRUE );
319	return XT_ABORT;
320	}
321
322	static xt_status jabber_pkt_features( struct xt_node *node, gpointer data )
323	{
324	struct im_connection *ic = data;
325	struct jabber_data *jd = ic->proto_data;
326	struct xt_node c, reply;
327	int trytls;
328
329	trytls = g_strcasecmp( set_getstr( &ic->acc->set, "tls" ), "try" ) == 0;
330	c = xt_find_node( node->children, "starttls" );
331	if( c && !jd->ssl )
332	{
333	/* If the server advertises the STARTTLS feature and if we're
334	not in a secure connection already: */
335
336	c = xt_find_node( c->children, "required" );
337
338	if( c && ( !trytls && !set_getbool( &ic->acc->set, "tls" ) ) )
339	{
340	imcb_error( ic, "Server requires TLS connections, but TLS is turned off for this account" );
341	imc_logout( ic, FALSE );
342
343	return XT_ABORT;
344	}
345
346	/* Only run this if the tls setting is set to true or try: */
347	if( ( trytls \|\| set_getbool( &ic->acc->set, "tls" ) ) )
348	{
349	reply = xt_new_node( "starttls", NULL, NULL );
350	xt_add_attr( reply, "xmlns", XMLNS_TLS );
351	if( !jabber_write_packet( ic, reply ) )
352	{
353	xt_free_node( reply );
354	return XT_ABORT;
355	}
356	xt_free_node( reply );
357
358	return XT_HANDLED;
359	}
360	}
361	else if( !c && !jd->ssl )
362	{
363	/* If the server does not advertise the STARTTLS feature and
364	we're not in a secure connection already: (Servers have a
365	habit of not advertising <starttls/> anymore when already
366	using SSL/TLS. */
367
368	if( !trytls && set_getbool( &ic->acc->set, "tls" ) )
369	{
370	imcb_error( ic, "TLS is turned on for this account, but is not supported by this server" );
371	imc_logout( ic, FALSE );
372
373	return XT_ABORT;
374	}
375	}
376
377	/* This one used to be in jabber_handlers[], but it has to be done
378	from here to make sure the TLS session will be initialized
379	properly before we attempt SASL authentication. */
380	if( ( c = xt_find_node( node->children, "mechanisms" ) ) )
381	{
382	if( sasl_pkt_mechanisms( c, data ) == XT_ABORT )
383	return XT_ABORT;
384	}
385	/* If the server SEEMS to support SASL authentication but doesn't
386	support it after all, we should try to do authentication the
387	other way. jabber.com doesn't seem to do SASL while it pretends
388	to be XMPP 1.0 compliant! */
389	else if( !( jd->flags & JFLAG_AUTHENTICATED ) && set_getbool( &ic->acc->set, "sasl") && sasl_supported( ic ) )
390	{
391	if( !jabber_init_iq_auth( ic ) )
392	return XT_ABORT;
393	}
394
395	if( ( c = xt_find_node( node->children, "bind" ) ) )
396	jd->flags \|= JFLAG_WANT_BIND;
397
398	if( ( c = xt_find_node( node->children, "session" ) ) )
399	jd->flags \|= JFLAG_WANT_SESSION;
400
401	if( jd->flags & JFLAG_AUTHENTICATED )
402	return jabber_pkt_bind_sess( ic, NULL, NULL );
403
404	return XT_HANDLED;
405	}
406
407	static xt_status jabber_pkt_proceed_tls( struct xt_node *node, gpointer data )
408	{
409	struct im_connection *ic = data;
410	struct jabber_data *jd = ic->proto_data;
411	char xmlns, tlsname;
412
413	xmlns = xt_find_attr( node, "xmlns" );
414
415	/* Just ignore it when it doesn't seem to be TLS-related (is that at
416	all possible??). */
417	if( !xmlns \|\| strcmp( xmlns, XMLNS_TLS ) != 0 )
418	return XT_HANDLED;
419
420	/* We don't want event handlers to touch our TLS session while it's
421	still initializing! */
422	b_event_remove( jd->r_inpa );
423	if( jd->tx_len > 0 )
424	{
425	/* Actually the write queue should be empty here, but just
426	to be sure... */
427	b_event_remove( jd->w_inpa );
428	g_free( jd->txq );
429	jd->txq = NULL;
430	jd->tx_len = 0;
431	}
432	jd->w_inpa = jd->r_inpa = 0;
433
434	imcb_log( ic, "Converting stream to TLS" );
435
436	jd->flags \|= JFLAG_STARTTLS_DONE;
437
438	/* If the user specified a server for the account, use this server as the
439	* hostname in the certificate verification. Else we use the domain from
440	* the username. */
441	if( ic->acc->server && *ic->acc->server )
442	tlsname = ic->acc->server;
443	else
444	tlsname = jd->server;
445
446	jd->ssl = ssl_starttls( jd->fd, tlsname, set_getbool( &ic->acc->set, "tls_verify" ),
447	jabber_connected_ssl, ic );
448
449	return XT_HANDLED;
450	}
451
452	static xt_status jabber_pkt_stream_error( struct xt_node *node, gpointer data )
453	{
454	struct im_connection *ic = data;
455	struct jabber_data *jd = ic->proto_data;
456	int allow_reconnect = TRUE;
457	struct jabber_error *err;
458	struct xt_node *host;
459
460	if( !( ic->flags & OPT_LOGGED_IN ) &&
461	( host = xt_find_node( node->children, "see-other-host" ) ) &&
462	host->text )
463	{
464	char *s;
465	int port = set_getint( &ic->acc->set, "port" );
466
467	/* Let's try to obey this request, if we're not logged
468	in yet (i.e. not have too much state yet). */
469	if( jd->ssl )
470	ssl_disconnect( jd->ssl );
471	closesocket( jd->fd );
472	b_event_remove( jd->r_inpa );
473	b_event_remove( jd->w_inpa );
474
475	jd->ssl = NULL;
476	jd->r_inpa = jd->w_inpa = 0;
477	jd->flags &= JFLAG_XMLCONSOLE;
478
479	s = strchr( host->text, ':' );
480	if( s != NULL )
481	sscanf( s + 1, "%d", &port );
482
483	imcb_log( ic, "Redirected to %s", host->text );
484	jd->fd = proxy_connect( host->text, port, jabber_connected_plain, ic );
485
486	return XT_ABORT;
487	}
488
489	err = jabber_error_parse( node, XMLNS_STREAM_ERROR );
490
491	/* Tssk... */
492	if( err->code == NULL )
493	{
494	imcb_error( ic, "Unknown stream error reported by server" );
495	imc_logout( ic, allow_reconnect );
496	jabber_error_free( err );
497	return XT_ABORT;
498	}
499
500	/* We know that this is a fatal error. If it's a "conflict" error, we
501	should turn off auto-reconnect to make sure we won't get some nasty
502	infinite loop! */
503	if( strcmp( err->code, "conflict" ) == 0 )
504	{
505	imcb_error( ic, "Account and resource used from a different location" );
506	allow_reconnect = FALSE;
507	}
508	else if( strcmp( err->code, "not-authorized" ) == 0 )
509	{
510	imcb_error( ic, "Not authorized" );
511	allow_reconnect = FALSE;
512	}
513	else
514	{
515	imcb_error( ic, "Stream error: %s%s%s", err->code, err->text ? ": " : "",
516	err->text ? err->text : "" );
517	}
518
519	jabber_error_free( err );
520	imc_logout( ic, allow_reconnect );
521
522	return XT_ABORT;
523	}
524
525	static xt_status jabber_xmlconsole( struct xt_node *node, gpointer data )
526	{
527	struct im_connection *ic = data;
528	struct jabber_data *jd = ic->proto_data;
529
530	if( jd->flags & JFLAG_XMLCONSOLE )
531	{
532	char msg, pkt;
533
534	pkt = xt_to_string( node );
535	msg = g_strdup_printf( "RX: %s", pkt );
536	imcb_buddy_msg( ic, JABBER_XMLCONSOLE_HANDLE, msg, 0, 0 );
537	g_free( msg );
538	g_free( pkt );
539	}
540
541	return XT_NEXT;
542	}
543
544	static const struct xt_handler_entry jabber_handlers[] = {
545	{ NULL, "stream:stream", jabber_xmlconsole },
546	{ "stream:stream", "<root>", jabber_end_of_stream },
547	{ "message", "stream:stream", jabber_pkt_message },
548	{ "presence", "stream:stream", jabber_pkt_presence },
549	{ "iq", "stream:stream", jabber_pkt_iq },
550	{ "stream:features", "stream:stream", jabber_pkt_features },
551	{ "stream:error", "stream:stream", jabber_pkt_stream_error },
552	{ "proceed", "stream:stream", jabber_pkt_proceed_tls },
553	{ "challenge", "stream:stream", sasl_pkt_challenge },
554	{ "success", "stream:stream", sasl_pkt_result },
555	{ "failure", "stream:stream", sasl_pkt_result },
556	{ NULL, NULL, NULL }
557	};
558
559	gboolean jabber_start_stream( struct im_connection *ic )
560	{
561	struct jabber_data *jd = ic->proto_data;
562	int st;
563	char *greet;
564
565	/* We'll start our stream now, so prepare everything to receive one
566	from the server too. */
567	xt_free( jd->xt ); /* In case we're RE-starting. */
568	jd->xt = xt_new( jabber_handlers, ic );
569
570	if( jd->r_inpa <= 0 )
571	jd->r_inpa = b_input_add( jd->fd, B_EV_IO_READ, jabber_read_callback, ic );
572
573	greet = g_strdup_printf( "%s<stream:stream to=\"%s\" xmlns=\"jabber:client\" "
574	"xmlns:stream=\"http://etherx.jabber.org/streams\" version=\"1.0\">",
575	( jd->flags & JFLAG_STARTTLS_DONE ) ? "" : "<?xml version='1.0' ?>",
576	jd->server );
577
578	st = jabber_write( ic, greet, strlen( greet ) );
579
580	g_free( greet );
581
582	return st;
583	}
584
585	void jabber_end_stream( struct im_connection *ic )
586	{
587	struct jabber_data *jd = ic->proto_data;
588
589	/* Let's only do this if the queue is currently empty, otherwise it'd
590	take too long anyway. */
591	if( jd->tx_len == 0 )
592	{
593	char eos[] = "</stream:stream>";
594	struct xt_node *node;
595	int st = 1;
596
597	if( ic->flags & OPT_LOGGED_IN )
598	{
599	node = jabber_make_packet( "presence", "unavailable", NULL, NULL );
600	st = jabber_write_packet( ic, node );
601	xt_free_node( node );
602	}
603
604	if( st )
605	jabber_write( ic, eos, strlen( eos ) );
606	}
607	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: