Context Navigation

source: storage_xml.c @ 3183c21

Last change on this file since 3183c21 was 3183c21, checked in by Wilmer van der Gaast <wilmer@…>, at 2008-09-06T22:59:32Z
Completely reviewed all uses of irc->password, irc_setpass() and USTATUS_IDENTIFIED after another account overwriting vulnerability was found by Tero Marttila.
Property mode set to `100644`
File size: 14.2 KB

Rev	Line
[a312b6b]	1	/********************************************************************\
	2	* BitlBee -- An IRC to other IM-networks gateway *
	3	* *
	4	* Copyright 2002-2006 Wilmer van der Gaast and others *
	5	\********************************************************************/
	6
	7	/* Storage backend that uses an XMLish format for all data. */
	8
	9	/*
	10	This program is free software; you can redistribute it and/or modify
	11	it under the terms of the GNU General Public License as published by
	12	the Free Software Foundation; either version 2 of the License, or
	13	(at your option) any later version.
	14
	15	This program is distributed in the hope that it will be useful,
	16	but WITHOUT ANY WARRANTY; without even the implied warranty of
	17	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	18	GNU General Public License for more details.
	19
	20	You should have received a copy of the GNU General Public License with
	21	the Debian GNU/Linux distribution in /usr/share/common-licenses/GPL;
	22	if not, write to the Free Software Foundation, Inc., 59 Temple Place,
	23	Suite 330, Boston, MA 02111-1307 USA
	24	*/
	25
	26	#define BITLBEE_CORE
	27	#include "bitlbee.h"
[6e1fed7]	28	#include "base64.h"
[a7b5925]	29	#include "arc.h"
[d28f3b35]	30	#include "md5.h"
[5f5d433]	31	#include <glib/gstdio.h>
[a312b6b]	32
[88d2208]	33	#if GLIB_CHECK_VERSION(2,8,0)
	34	#include <glib/gstdio.h>
	35	#else
[47b571d]	36	/* GLib < 2.8.0 doesn't have g_access, so just use the system access(). */
[88d2208]	37	#include <unistd.h>
[47b571d]	38	#define g_access access
	39	#endif
	40
[c121f89]	41	typedef enum
	42	{
	43	XML_PASS_CHECK_ONLY = -1,
	44	XML_PASS_UNKNOWN = 0,
[c9f0c79]	45	XML_PASS_WRONG,
[c121f89]	46	XML_PASS_OK
	47	} xml_pass_st;
	48
[c9f0c79]	49	/* To make it easier later when extending the format: */
[88086db]	50	#define XML_FORMAT_VERSION 1
[c121f89]	51
[a312b6b]	52	struct xml_parsedata
	53	{
	54	irc_t *irc;
	55	char *current_setting;
	56	account_t *current_account;
[c121f89]	57	char *given_nick;
	58	char *given_pass;
	59	xml_pass_st pass_st;
[a312b6b]	60	};
	61
	62	static char xml_attr( const gchar attr_names, const gchar attr_values, const gchar key )
	63	{
	64	int i;
	65
	66	for( i = 0; attr_names[i]; i ++ )
	67	if( g_strcasecmp( attr_names[i], key ) == 0 )
[c121f89]	68	return (char*) attr_values[i];
[a312b6b]	69
	70	return NULL;
	71	}
	72
[c121f89]	73	static void xml_destroy_xd( gpointer data )
	74	{
	75	struct xml_parsedata *xd = data;
	76
	77	g_free( xd->given_nick );
	78	g_free( xd->given_pass );
	79	g_free( xd );
	80	}
	81
[a312b6b]	82	static void xml_start_element( GMarkupParseContext ctx, const gchar element_name, const gchar attr_names, const gchar attr_values, gpointer data, GError **error )
	83	{
	84	struct xml_parsedata *xd = data;
[c121f89]	85	irc_t *irc = xd->irc;
[a312b6b]	86
	87	if( g_strcasecmp( element_name, "user" ) == 0 )
	88	{
	89	char *nick = xml_attr( attr_names, attr_values, "nick" );
[c121f89]	90	char *pass = xml_attr( attr_names, attr_values, "password" );
[4e8db1c]	91	int st;
[a312b6b]	92
[c121f89]	93	if( !nick \|\| !pass )
[a312b6b]	94	{
[c121f89]	95	g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
	96	"Missing attributes for %s element", element_name );
[a312b6b]	97	}
[4e8db1c]	98	else if( ( st = md5_verify_password( xd->given_pass, pass ) ) == -1 )
[6e1fed7]	99	{
[4e8db1c]	100	xd->pass_st = XML_PASS_WRONG;
[6e1fed7]	101	g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
	102	"Error while decoding password attribute" );
	103	}
[4e8db1c]	104	else if( st == 0 )
	105	{
	106	if( xd->pass_st != XML_PASS_CHECK_ONLY )
	107	xd->pass_st = XML_PASS_OK;
	108	}
[c121f89]	109	else
	110	{
[4e8db1c]	111	xd->pass_st = XML_PASS_WRONG;
	112	g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
	113	"Password mismatch" );
[c121f89]	114	}
	115	}
	116	else if( xd->pass_st < XML_PASS_OK )
	117	{
	118	/* Let's not parse anything else if we only have to check
	119	the password. */
[a312b6b]	120	}
	121	else if( g_strcasecmp( element_name, "account" ) == 0 )
	122	{
[6ee9d2d]	123	char protocol, handle, server, password = NULL, *autoconnect;
[3b6eadc]	124	char *pass_b64 = NULL;
[a7b5925]	125	unsigned char *pass_cr = NULL;
[6e1fed7]	126	int pass_len;
[a312b6b]	127	struct prpl *prpl = NULL;
	128
	129	handle = xml_attr( attr_names, attr_values, "handle" );
[6e1fed7]	130	pass_b64 = xml_attr( attr_names, attr_values, "password" );
[c121f89]	131	server = xml_attr( attr_names, attr_values, "server" );
[2b14eef]	132	autoconnect = xml_attr( attr_names, attr_values, "autoconnect" );
[a312b6b]	133
	134	protocol = xml_attr( attr_names, attr_values, "protocol" );
	135	if( protocol )
	136	prpl = find_protocol( protocol );
	137
[6e1fed7]	138	if( !handle \|\| !pass_b64 \|\| !protocol )
[c121f89]	139	g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
	140	"Missing attributes for %s element", element_name );
	141	else if( !prpl )
	142	g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
[9b46b64]	143	"Unknown protocol: %s", protocol );
[a7b5925]	144	else if( ( pass_len = base64_decode( pass_b64, (unsigned char**) &pass_cr ) ) &&
	145	arc_decode( pass_cr, pass_len, &password, xd->given_pass ) )
[a312b6b]	146	{
[c121f89]	147	xd->current_account = account_add( irc, prpl, handle, password );
	148	if( server )
[5100caa]	149	set_setstr( &xd->current_account->set, "server", server );
[2b14eef]	150	if( autoconnect )
[5100caa]	151	set_setstr( &xd->current_account->set, "auto_connect", autoconnect );
[a312b6b]	152	}
[6e1fed7]	153	else
	154	{
	155	/* Actually the _decode functions don't even return error codes,
	156	but maybe they will later... */
	157	g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
	158	"Error while decrypting account password" );
	159	}
	160
[a7b5925]	161	g_free( pass_cr );
[6e1fed7]	162	g_free( password );
[a312b6b]	163	}
	164	else if( g_strcasecmp( element_name, "setting" ) == 0 )
	165	{
[5100caa]	166	char *setting;
	167
	168	if( xd->current_setting )
[a312b6b]	169	{
[5100caa]	170	g_free( xd->current_setting );
	171	xd->current_setting = NULL;
[a312b6b]	172	}
[5100caa]	173
	174	if( ( setting = xml_attr( attr_names, attr_values, "name" ) ) )
	175	xd->current_setting = g_strdup( setting );
	176	else
	177	g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
	178	"Missing attributes for %s element", element_name );
[a312b6b]	179	}
	180	else if( g_strcasecmp( element_name, "buddy" ) == 0 )
	181	{
[c121f89]	182	char handle, nick;
	183
	184	handle = xml_attr( attr_names, attr_values, "handle" );
	185	nick = xml_attr( attr_names, attr_values, "nick" );
	186
	187	if( xd->current_account && handle && nick )
	188	{
[5b52a48]	189	nick_set( xd->current_account, handle, nick );
[c121f89]	190	}
	191	else
	192	{
	193	g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
	194	"Missing attributes for %s element", element_name );
	195	}
[a312b6b]	196	}
	197	else
	198	{
[c121f89]	199	g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_UNKNOWN_ELEMENT,
	200	"Unkown element: %s", element_name );
[a312b6b]	201	}
	202	}
	203
	204	static void xml_end_element( GMarkupParseContext ctx, const gchar element_name, gpointer data, GError **error )
	205	{
[5898ef8]	206	struct xml_parsedata *xd = data;
	207
	208	if( g_strcasecmp( element_name, "setting" ) == 0 && xd->current_setting )
	209	{
	210	g_free( xd->current_setting );
	211	xd->current_setting = NULL;
	212	}
	213	else if( g_strcasecmp( element_name, "account" ) == 0 )
	214	{
	215	xd->current_account = NULL;
	216	}
[a312b6b]	217	}
	218
[8320a7a]	219	static void xml_text( GMarkupParseContext ctx, const gchar text_orig, gsize text_len, gpointer data, GError **error )
[a312b6b]	220	{
[8320a7a]	221	char text[text_len+1];
[a312b6b]	222	struct xml_parsedata *xd = data;
[c121f89]	223	irc_t *irc = xd->irc;
[a312b6b]	224
[8320a7a]	225	strncpy( text, text_orig, text_len );
	226	text[text_len] = 0;
	227
[c121f89]	228	if( xd->pass_st < XML_PASS_OK )
	229	{
	230	/* Let's not parse anything else if we only have to check
[84e9cea]	231	the password, or if we didn't get the chance to check it
	232	yet. */
[c121f89]	233	}
[5100caa]	234	else if( g_strcasecmp( g_markup_parse_context_get_element( ctx ), "setting" ) == 0 && xd->current_setting )
[a312b6b]	235	{
[5100caa]	236	set_setstr( xd->current_account ? &xd->current_account->set : &irc->set,
	237	xd->current_setting, (char*) text );
[c121f89]	238	g_free( xd->current_setting );
	239	xd->current_setting = NULL;
[a312b6b]	240	}
	241	}
	242
	243	GMarkupParser xml_parser =
	244	{
	245	xml_start_element,
	246	xml_end_element,
	247	xml_text,
	248	NULL,
[5898ef8]	249	NULL
[a312b6b]	250	};
	251
	252	static void xml_init( void )
	253	{
[dfd442b]	254	if( g_access( global.conf->configdir, F_OK ) != 0 )
[eeb85a8]	255	log_message( LOGLVL_WARNING, "The configuration directory `%s' does not exist. Configuration won't be saved.", global.conf->configdir );
[dfd442b]	256	else if( g_access( global.conf->configdir, F_OK ) != 0 \|\|
	257	g_access( global.conf->configdir, W_OK ) != 0 )
[eeb85a8]	258	log_message( LOGLVL_WARNING, "Permission problem: Can't read/write from/to `%s'.", global.conf->configdir );
[a312b6b]	259	}
	260
[3183c21]	261	static storage_status_t xml_load_real( irc_t irc, const char my_nick, const char *password, xml_pass_st action )
[a312b6b]	262	{
	263	GMarkupParseContext *ctx;
[c121f89]	264	struct xml_parsedata *xd;
	265	char *fn, buf[512];
	266	GError *gerr = NULL;
	267	int fd, st;
[a312b6b]	268
[c121f89]	269	xd = g_new0( struct xml_parsedata, 1 );
	270	xd->irc = irc;
	271	xd->given_nick = g_strdup( my_nick );
	272	xd->given_pass = g_strdup( password );
[84e9cea]	273	xd->pass_st = action;
[c121f89]	274	nick_lc( xd->given_nick );
[a312b6b]	275
[c121f89]	276	fn = g_strdup_printf( "%s%s%s", global.conf->configdir, xd->given_nick, ".xml" );
	277	if( ( fd = open( fn, O_RDONLY ) ) < 0 )
[a312b6b]	278	{
[c121f89]	279	xml_destroy_xd( xd );
	280	g_free( fn );
	281	return STORAGE_NO_SUCH_USER;
[a312b6b]	282	}
[c121f89]	283	g_free( fn );
[a312b6b]	284
[c121f89]	285	ctx = g_markup_parse_context_new( &xml_parser, 0, xd, xml_destroy_xd );
[a312b6b]	286
[c121f89]	287	while( ( st = read( fd, buf, sizeof( buf ) ) ) > 0 )
[a312b6b]	288	{
[c121f89]	289	if( !g_markup_parse_context_parse( ctx, buf, st, &gerr ) \|\| gerr )
	290	{
[c9f0c79]	291	xml_pass_st pass_st = xd->pass_st;
	292
[c121f89]	293	g_markup_parse_context_free( ctx );
[5898ef8]	294	close( fd );
[c121f89]	295
[c9f0c79]	296	if( pass_st == XML_PASS_WRONG )
[00ab350]	297	{
	298	g_clear_error( &gerr );
[c121f89]	299	return STORAGE_INVALID_PASSWORD;
[00ab350]	300	}
[c121f89]	301	else
[5898ef8]	302	{
[84e9cea]	303	if( gerr && irc )
[5898ef8]	304	irc_usermsg( irc, "Error from XML-parser: %s", gerr->message );
	305
[00ab350]	306	g_clear_error( &gerr );
[c121f89]	307	return STORAGE_OTHER_ERROR;
[5898ef8]	308	}
[c121f89]	309	}
[a312b6b]	310	}
[00ab350]	311	/* Just to be sure... */
	312	g_clear_error( &gerr );
[a312b6b]	313
[c121f89]	314	g_markup_parse_context_free( ctx );
[5898ef8]	315	close( fd );
[c121f89]	316
[84e9cea]	317	if( action == XML_PASS_CHECK_ONLY )
	318	return STORAGE_OK;
	319
[a312b6b]	320	return STORAGE_OK;
	321	}
	322
[3183c21]	323	static storage_status_t xml_load( irc_t irc, const char password )
[84e9cea]	324	{
[3183c21]	325	return xml_load_real( irc, irc->nick, password, XML_PASS_UNKNOWN );
[84e9cea]	326	}
	327
	328	static storage_status_t xml_check_pass( const char my_nick, const char password )
	329	{
	330	/* This is a little bit risky because we have to pass NULL for the
	331	irc_t argument. This should be fine, if I didn't miss anything... */
[3183c21]	332	return xml_load_real( NULL, my_nick, password, XML_PASS_CHECK_ONLY );
[84e9cea]	333	}
	334
[5100caa]	335	static int xml_printf( int fd, int indent, char *fmt, ... )
[5898ef8]	336	{
	337	va_list params;
	338	char *out;
[5100caa]	339	char tabs[9] = "\t\t\t\t\t\t\t\t";
[5898ef8]	340	int len;
	341
[5100caa]	342	/* Maybe not very clean, but who needs more than 8 levels of indentation anyway? */
	343	if( write( fd, tabs, indent <= 8 ? indent : 8 ) != indent )
	344	return 0;
	345
[5898ef8]	346	va_start( params, fmt );
	347	out = g_markup_vprintf_escaped( fmt, params );
	348	va_end( params );
	349
	350	len = strlen( out );
	351	len -= write( fd, out, len );
	352	g_free( out );
	353
	354	return len == 0;
	355	}
	356
[5b52a48]	357	static gboolean xml_save_nick( gpointer key, gpointer value, gpointer data );
	358
[c121f89]	359	static storage_status_t xml_save( irc_t *irc, int overwrite )
[a312b6b]	360	{
[6e1fed7]	361	char path[512], path2, pass_buf = NULL;
[5898ef8]	362	set_t *set;
	363	account_t *acc;
[1719464]	364	int fd;
[6e1fed7]	365	md5_byte_t pass_md5[21];
[ece2cd2]	366	md5_state_t md5_state;
	367
[7e3592e]	368	path2 = g_strdup( irc->nick );
	369	nick_lc( path2 );
	370	g_snprintf( path, sizeof( path ) - 2, "%s%s%s", global.conf->configdir, path2, ".xml" );
	371	g_free( path2 );
[5898ef8]	372
[dfd442b]	373	if( !overwrite && g_access( path, F_OK ) == 0 )
[5898ef8]	374	return STORAGE_ALREADY_EXISTS;
	375
	376	strcat( path, "~" );
[55078f5]	377	if( ( fd = open( path, O_WRONLY \| O_CREAT \| O_TRUNC, 0600 ) ) < 0 )
[5898ef8]	378	{
	379	irc_usermsg( irc, "Error while opening configuration file." );
	380	return STORAGE_OTHER_ERROR;
[a312b6b]	381	}
[5898ef8]	382
[6e1fed7]	383	/* Generate a salted md5sum of the password. Use 5 bytes for the salt
	384	(to prevent dictionary lookups of passwords) to end up with a 21-
	385	byte password hash, more convenient for base64 encoding. */
[1719464]	386	random_bytes( pass_md5 + 16, 5 );
[ece2cd2]	387	md5_init( &md5_state );
	388	md5_append( &md5_state, (md5_byte_t*) irc->password, strlen( irc->password ) );
[6e1fed7]	389	md5_append( &md5_state, pass_md5 + 16, 5 ); /* Add the salt. */
[ece2cd2]	390	md5_finish( &md5_state, pass_md5 );
[6e1fed7]	391	/* Save the hash in base64-encoded form. */
[3b6eadc]	392	pass_buf = base64_encode( pass_md5, 21 );
[ece2cd2]	393
[5100caa]	394	if( !xml_printf( fd, 0, "<user nick=\"%s\" password=\"%s\" version=\"%d\">\n", irc->nick, pass_buf, XML_FORMAT_VERSION ) )
[5898ef8]	395	goto write_error;
	396
[6e1fed7]	397	g_free( pass_buf );
	398
[5898ef8]	399	for( set = irc->set; set; set = set->next )
	400	if( set->value && set->def )
[5100caa]	401	if( !xml_printf( fd, 1, "<setting name=\"%s\">%s</setting>\n", set->key, set->value ) )
[5898ef8]	402	goto write_error;
	403
	404	for( acc = irc->accounts; acc; acc = acc->next )
	405	{
[a7b5925]	406	unsigned char *pass_cr;
[3b6eadc]	407	char *pass_b64;
[6e1fed7]	408	int pass_len;
	409
[ddcf491f]	410	pass_len = arc_encode( acc->pass, strlen( acc->pass ), (unsigned char**) &pass_cr, irc->password, 12 );
[a7b5925]	411	pass_b64 = base64_encode( pass_cr, pass_len );
	412	g_free( pass_cr );
[6e1fed7]	413
[5100caa]	414	if( !xml_printf( fd, 1, "<account protocol=\"%s\" handle=\"%s\" password=\"%s\" autoconnect=\"%d\"", acc->prpl->name, acc->user, pass_b64, acc->auto_connect ) )
[6e1fed7]	415	{
	416	g_free( pass_b64 );
[5898ef8]	417	goto write_error;
[6e1fed7]	418	}
	419	g_free( pass_b64 );
	420
[5100caa]	421	if( acc->server && acc->server[0] && !xml_printf( fd, 0, " server=\"%s\"", acc->server ) )
[5898ef8]	422	goto write_error;
[5100caa]	423	if( !xml_printf( fd, 0, ">\n" ) )
[5898ef8]	424	goto write_error;
	425
[5100caa]	426	for( set = acc->set; set; set = set->next )
	427	if( set->value && set->def && !( set->flags & ACC_SET_NOSAVE ) )
	428	if( !xml_printf( fd, 2, "<setting name=\"%s\">%s</setting>\n", set->key, set->value ) )
	429	goto write_error;
	430
[5b52a48]	431	/* This probably looks pretty strange. g_hash_table_foreach
	432	is quite a PITA already (but it can't get much better in
	433	C without using #define, I'm afraid), and since it
	434	doesn't seem to be possible to abort the foreach on write
	435	errors, so instead let's use the _find function and
	436	return TRUE on write errors. Which means, if we found
	437	something, there was an error. :-) */
[56f260a]	438	if( g_hash_table_find( acc->nicks, xml_save_nick, & fd ) )
[5b52a48]	439	goto write_error;
[5898ef8]	440
[5100caa]	441	if( !xml_printf( fd, 1, "</account>\n" ) )
[5898ef8]	442	goto write_error;
	443	}
	444
[5100caa]	445	if( !xml_printf( fd, 0, "</user>\n" ) )
[5898ef8]	446	goto write_error;
	447
	448	close( fd );
	449
	450	path2 = g_strndup( path, strlen( path ) - 1 );
	451	if( rename( path, path2 ) != 0 )
	452	{
	453	irc_usermsg( irc, "Error while renaming temporary configuration file." );
	454
	455	g_free( path2 );
	456	unlink( path );
	457
	458	return STORAGE_OTHER_ERROR;
	459	}
	460
	461	g_free( path2 );
	462
[a312b6b]	463	return STORAGE_OK;
[5898ef8]	464
	465	write_error:
[6e1fed7]	466	g_free( pass_buf );
	467
[5898ef8]	468	irc_usermsg( irc, "Write error. Disk full?" );
	469	close( fd );
	470
	471	return STORAGE_OTHER_ERROR;
[a312b6b]	472	}
	473
[5b52a48]	474	static gboolean xml_save_nick( gpointer key, gpointer value, gpointer data )
	475	{
[56f260a]	476	return !xml_printf( ( (int) data ), 2, "<buddy handle=\"%s\" nick=\"%s\" />\n", key, value );
[5b52a48]	477	}
	478
[84e9cea]	479	static storage_status_t xml_remove( const char nick, const char password )
	480	{
[e0f9170]	481	char s[512], *lc;
[84e9cea]	482	storage_status_t status;
	483
	484	status = xml_check_pass( nick, password );
	485	if( status != STORAGE_OK )
	486	return status;
	487
[e0f9170]	488	lc = g_strdup( nick );
	489	nick_lc( lc );
	490	g_snprintf( s, 511, "%s%s%s", global.conf->configdir, lc, ".xml" );
	491	g_free( lc );
	492
[84e9cea]	493	if( unlink( s ) == -1 )
	494	return STORAGE_OTHER_ERROR;
	495
	496	return STORAGE_OK;
	497	}
	498
[a312b6b]	499	storage_t storage_xml = {
	500	.name = "xml",
	501	.init = xml_init,
[84e9cea]	502	.check_pass = xml_check_pass,
	503	.remove = xml_remove,
[a312b6b]	504	.load = xml_load,
	505	.save = xml_save
	506	};

Note: See TracBrowser for help on using the repository browser.

Download in other formats: