Context Navigation

source: storage_xml.c @ 628e601

1.2-2

Last change on this file since 628e601 was 4e8db1c, checked in by Wilmer van der Gaast <wilmer@…>, at 2008-03-16T16:03:52Z
Moved password hash verification to md5_verify_password() so this can be reused for IRC/OPER passwords (to have encrypted in bitlbee.conf).
Property mode set to `100644`
File size: 14.2 KB

Line
1	/********************************************************************\
2	* BitlBee -- An IRC to other IM-networks gateway *
3	* *
4	* Copyright 2002-2006 Wilmer van der Gaast and others *
5	\********************************************************************/
6
7	/* Storage backend that uses an XMLish format for all data. */
8
9	/*
10	This program is free software; you can redistribute it and/or modify
11	it under the terms of the GNU General Public License as published by
12	the Free Software Foundation; either version 2 of the License, or
13	(at your option) any later version.
14
15	This program is distributed in the hope that it will be useful,
16	but WITHOUT ANY WARRANTY; without even the implied warranty of
17	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18	GNU General Public License for more details.
19
20	You should have received a copy of the GNU General Public License with
21	the Debian GNU/Linux distribution in /usr/share/common-licenses/GPL;
22	if not, write to the Free Software Foundation, Inc., 59 Temple Place,
23	Suite 330, Boston, MA 02111-1307 USA
24	*/
25
26	#define BITLBEE_CORE
27	#include "bitlbee.h"
28	#include "base64.h"
29	#include "arc.h"
30	#include "md5.h"
31
32	typedef enum
33	{
34	XML_PASS_CHECK_ONLY = -1,
35	XML_PASS_UNKNOWN = 0,
36	XML_PASS_WRONG,
37	XML_PASS_OK
38	} xml_pass_st;
39
40	/* To make it easier later when extending the format: */
41	#define XML_FORMAT_VERSION 1
42
43	struct xml_parsedata
44	{
45	irc_t *irc;
46	char *current_setting;
47	account_t *current_account;
48	char *given_nick;
49	char *given_pass;
50	xml_pass_st pass_st;
51	};
52
53	static char xml_attr( const gchar attr_names, const gchar attr_values, const gchar key )
54	{
55	int i;
56
57	for( i = 0; attr_names[i]; i ++ )
58	if( g_strcasecmp( attr_names[i], key ) == 0 )
59	return (char*) attr_values[i];
60
61	return NULL;
62	}
63
64	static void xml_destroy_xd( gpointer data )
65	{
66	struct xml_parsedata *xd = data;
67
68	g_free( xd->given_nick );
69	g_free( xd->given_pass );
70	g_free( xd );
71	}
72
73	static void xml_start_element( GMarkupParseContext ctx, const gchar element_name, const gchar attr_names, const gchar attr_values, gpointer data, GError **error )
74	{
75	struct xml_parsedata *xd = data;
76	irc_t *irc = xd->irc;
77
78	if( g_strcasecmp( element_name, "user" ) == 0 )
79	{
80	char *nick = xml_attr( attr_names, attr_values, "nick" );
81	char *pass = xml_attr( attr_names, attr_values, "password" );
82	int st;
83
84	if( !nick \|\| !pass )
85	{
86	g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
87	"Missing attributes for %s element", element_name );
88	}
89	else if( ( st = md5_verify_password( xd->given_pass, pass ) ) == -1 )
90	{
91	xd->pass_st = XML_PASS_WRONG;
92	g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
93	"Error while decoding password attribute" );
94	}
95	else if( st == 0 )
96	{
97	if( xd->pass_st != XML_PASS_CHECK_ONLY )
98	xd->pass_st = XML_PASS_OK;
99	}
100	else
101	{
102	xd->pass_st = XML_PASS_WRONG;
103	g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
104	"Password mismatch" );
105	}
106	}
107	else if( xd->pass_st < XML_PASS_OK )
108	{
109	/* Let's not parse anything else if we only have to check
110	the password. */
111	}
112	else if( g_strcasecmp( element_name, "account" ) == 0 )
113	{
114	char protocol, handle, server, password = NULL, *autoconnect;
115	char *pass_b64 = NULL;
116	unsigned char *pass_cr = NULL;
117	int pass_len;
118	struct prpl *prpl = NULL;
119
120	handle = xml_attr( attr_names, attr_values, "handle" );
121	pass_b64 = xml_attr( attr_names, attr_values, "password" );
122	server = xml_attr( attr_names, attr_values, "server" );
123	autoconnect = xml_attr( attr_names, attr_values, "autoconnect" );
124
125	protocol = xml_attr( attr_names, attr_values, "protocol" );
126	if( protocol )
127	prpl = find_protocol( protocol );
128
129	if( !handle \|\| !pass_b64 \|\| !protocol )
130	g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
131	"Missing attributes for %s element", element_name );
132	else if( !prpl )
133	g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
134	"Unknown protocol: %s", protocol );
135	else if( ( pass_len = base64_decode( pass_b64, (unsigned char**) &pass_cr ) ) &&
136	arc_decode( pass_cr, pass_len, &password, xd->given_pass ) )
137	{
138	xd->current_account = account_add( irc, prpl, handle, password );
139	if( server )
140	set_setstr( &xd->current_account->set, "server", server );
141	if( autoconnect )
142	set_setstr( &xd->current_account->set, "auto_connect", autoconnect );
143	}
144	else
145	{
146	/* Actually the _decode functions don't even return error codes,
147	but maybe they will later... */
148	g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
149	"Error while decrypting account password" );
150	}
151
152	g_free( pass_cr );
153	g_free( password );
154	}
155	else if( g_strcasecmp( element_name, "setting" ) == 0 )
156	{
157	char *setting;
158
159	if( xd->current_setting )
160	{
161	g_free( xd->current_setting );
162	xd->current_setting = NULL;
163	}
164
165	if( ( setting = xml_attr( attr_names, attr_values, "name" ) ) )
166	xd->current_setting = g_strdup( setting );
167	else
168	g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
169	"Missing attributes for %s element", element_name );
170	}
171	else if( g_strcasecmp( element_name, "buddy" ) == 0 )
172	{
173	char handle, nick;
174
175	handle = xml_attr( attr_names, attr_values, "handle" );
176	nick = xml_attr( attr_names, attr_values, "nick" );
177
178	if( xd->current_account && handle && nick )
179	{
180	nick_set( xd->current_account, handle, nick );
181	}
182	else
183	{
184	g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
185	"Missing attributes for %s element", element_name );
186	}
187	}
188	else
189	{
190	g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_UNKNOWN_ELEMENT,
191	"Unkown element: %s", element_name );
192	}
193	}
194
195	static void xml_end_element( GMarkupParseContext ctx, const gchar element_name, gpointer data, GError **error )
196	{
197	struct xml_parsedata *xd = data;
198
199	if( g_strcasecmp( element_name, "setting" ) == 0 && xd->current_setting )
200	{
201	g_free( xd->current_setting );
202	xd->current_setting = NULL;
203	}
204	else if( g_strcasecmp( element_name, "account" ) == 0 )
205	{
206	xd->current_account = NULL;
207	}
208	}
209
210	static void xml_text( GMarkupParseContext ctx, const gchar text_orig, gsize text_len, gpointer data, GError **error )
211	{
212	char text[text_len+1];
213	struct xml_parsedata *xd = data;
214	irc_t *irc = xd->irc;
215
216	strncpy( text, text_orig, text_len );
217	text[text_len] = 0;
218
219	if( xd->pass_st < XML_PASS_OK )
220	{
221	/* Let's not parse anything else if we only have to check
222	the password, or if we didn't get the chance to check it
223	yet. */
224	}
225	else if( g_strcasecmp( g_markup_parse_context_get_element( ctx ), "setting" ) == 0 && xd->current_setting )
226	{
227	set_setstr( xd->current_account ? &xd->current_account->set : &irc->set,
228	xd->current_setting, (char*) text );
229	g_free( xd->current_setting );
230	xd->current_setting = NULL;
231	}
232	}
233
234	GMarkupParser xml_parser =
235	{
236	xml_start_element,
237	xml_end_element,
238	xml_text,
239	NULL,
240	NULL
241	};
242
243	static void xml_init( void )
244	{
245	if( access( global.conf->configdir, F_OK ) != 0 )
246	log_message( LOGLVL_WARNING, "The configuration directory `%s' does not exist. Configuration won't be saved.", global.conf->configdir );
247	else if( access( global.conf->configdir, R_OK ) != 0 \|\| access( global.conf->configdir, W_OK ) != 0 )
248	log_message( LOGLVL_WARNING, "Permission problem: Can't read/write from/to `%s'.", global.conf->configdir );
249	}
250
251	static storage_status_t xml_load_real( const char my_nick, const char password, irc_t *irc, xml_pass_st action )
252	{
253	GMarkupParseContext *ctx;
254	struct xml_parsedata *xd;
255	char *fn, buf[512];
256	GError *gerr = NULL;
257	int fd, st;
258
259	if( irc && irc->status & USTATUS_IDENTIFIED )
260	return( 1 );
261
262	xd = g_new0( struct xml_parsedata, 1 );
263	xd->irc = irc;
264	xd->given_nick = g_strdup( my_nick );
265	xd->given_pass = g_strdup( password );
266	xd->pass_st = action;
267	nick_lc( xd->given_nick );
268
269	fn = g_strdup_printf( "%s%s%s", global.conf->configdir, xd->given_nick, ".xml" );
270	if( ( fd = open( fn, O_RDONLY ) ) < 0 )
271	{
272	xml_destroy_xd( xd );
273	g_free( fn );
274	return STORAGE_NO_SUCH_USER;
275	}
276	g_free( fn );
277
278	ctx = g_markup_parse_context_new( &xml_parser, 0, xd, xml_destroy_xd );
279
280	while( ( st = read( fd, buf, sizeof( buf ) ) ) > 0 )
281	{
282	if( !g_markup_parse_context_parse( ctx, buf, st, &gerr ) \|\| gerr )
283	{
284	xml_pass_st pass_st = xd->pass_st;
285
286	g_markup_parse_context_free( ctx );
287	close( fd );
288
289	if( pass_st == XML_PASS_WRONG )
290	{
291	g_clear_error( &gerr );
292	return STORAGE_INVALID_PASSWORD;
293	}
294	else
295	{
296	if( gerr && irc )
297	irc_usermsg( irc, "Error from XML-parser: %s", gerr->message );
298
299	g_clear_error( &gerr );
300	return STORAGE_OTHER_ERROR;
301	}
302	}
303	}
304	/* Just to be sure... */
305	g_clear_error( &gerr );
306
307	g_markup_parse_context_free( ctx );
308	close( fd );
309
310	if( action == XML_PASS_CHECK_ONLY )
311	return STORAGE_OK;
312
313	irc->status \|= USTATUS_IDENTIFIED;
314
315	return STORAGE_OK;
316	}
317
318	static storage_status_t xml_load( const char my_nick, const char password, irc_t *irc )
319	{
320	return xml_load_real( my_nick, password, irc, XML_PASS_UNKNOWN );
321	}
322
323	static storage_status_t xml_check_pass( const char my_nick, const char password )
324	{
325	/* This is a little bit risky because we have to pass NULL for the
326	irc_t argument. This should be fine, if I didn't miss anything... */
327	return xml_load_real( my_nick, password, NULL, XML_PASS_CHECK_ONLY );
328	}
329
330	static int xml_printf( int fd, int indent, char *fmt, ... )
331	{
332	va_list params;
333	char *out;
334	char tabs[9] = "\t\t\t\t\t\t\t\t";
335	int len;
336
337	/* Maybe not very clean, but who needs more than 8 levels of indentation anyway? */
338	if( write( fd, tabs, indent <= 8 ? indent : 8 ) != indent )
339	return 0;
340
341	va_start( params, fmt );
342	out = g_markup_vprintf_escaped( fmt, params );
343	va_end( params );
344
345	len = strlen( out );
346	len -= write( fd, out, len );
347	g_free( out );
348
349	return len == 0;
350	}
351
352	static gboolean xml_save_nick( gpointer key, gpointer value, gpointer data );
353
354	static storage_status_t xml_save( irc_t *irc, int overwrite )
355	{
356	char path[512], path2, pass_buf = NULL;
357	set_t *set;
358	account_t *acc;
359	int fd;
360	md5_byte_t pass_md5[21];
361	md5_state_t md5_state;
362
363	if( irc->password == NULL )
364	{
365	irc_usermsg( irc, "Please register yourself if you want to save your settings." );
366	return STORAGE_OTHER_ERROR;
367	}
368
369	path2 = g_strdup( irc->nick );
370	nick_lc( path2 );
371	g_snprintf( path, sizeof( path ) - 2, "%s%s%s", global.conf->configdir, path2, ".xml" );
372	g_free( path2 );
373
374	if( !overwrite && access( path, F_OK ) != -1 )
375	return STORAGE_ALREADY_EXISTS;
376
377	strcat( path, "~" );
378	if( ( fd = open( path, O_WRONLY \| O_CREAT \| O_TRUNC, 0600 ) ) < 0 )
379	{
380	irc_usermsg( irc, "Error while opening configuration file." );
381	return STORAGE_OTHER_ERROR;
382	}
383
384	/* Generate a salted md5sum of the password. Use 5 bytes for the salt
385	(to prevent dictionary lookups of passwords) to end up with a 21-
386	byte password hash, more convenient for base64 encoding. */
387	random_bytes( pass_md5 + 16, 5 );
388	md5_init( &md5_state );
389	md5_append( &md5_state, (md5_byte_t*) irc->password, strlen( irc->password ) );
390	md5_append( &md5_state, pass_md5 + 16, 5 ); /* Add the salt. */
391	md5_finish( &md5_state, pass_md5 );
392	/* Save the hash in base64-encoded form. */
393	pass_buf = base64_encode( pass_md5, 21 );
394
395	if( !xml_printf( fd, 0, "<user nick=\"%s\" password=\"%s\" version=\"%d\">\n", irc->nick, pass_buf, XML_FORMAT_VERSION ) )
396	goto write_error;
397
398	g_free( pass_buf );
399
400	for( set = irc->set; set; set = set->next )
401	if( set->value && set->def )
402	if( !xml_printf( fd, 1, "<setting name=\"%s\">%s</setting>\n", set->key, set->value ) )
403	goto write_error;
404
405	for( acc = irc->accounts; acc; acc = acc->next )
406	{
407	unsigned char *pass_cr;
408	char *pass_b64;
409	int pass_len;
410
411	pass_len = arc_encode( acc->pass, strlen( acc->pass ), (unsigned char**) &pass_cr, irc->password, 12 );
412	pass_b64 = base64_encode( pass_cr, pass_len );
413	g_free( pass_cr );
414
415	if( !xml_printf( fd, 1, "<account protocol=\"%s\" handle=\"%s\" password=\"%s\" autoconnect=\"%d\"", acc->prpl->name, acc->user, pass_b64, acc->auto_connect ) )
416	{
417	g_free( pass_b64 );
418	goto write_error;
419	}
420	g_free( pass_b64 );
421
422	if( acc->server && acc->server[0] && !xml_printf( fd, 0, " server=\"%s\"", acc->server ) )
423	goto write_error;
424	if( !xml_printf( fd, 0, ">\n" ) )
425	goto write_error;
426
427	for( set = acc->set; set; set = set->next )
428	if( set->value && set->def && !( set->flags & ACC_SET_NOSAVE ) )
429	if( !xml_printf( fd, 2, "<setting name=\"%s\">%s</setting>\n", set->key, set->value ) )
430	goto write_error;
431
432	/* This probably looks pretty strange. g_hash_table_foreach
433	is quite a PITA already (but it can't get much better in
434	C without using #define, I'm afraid), and since it
435	doesn't seem to be possible to abort the foreach on write
436	errors, so instead let's use the _find function and
437	return TRUE on write errors. Which means, if we found
438	something, there was an error. :-) */
439	if( g_hash_table_find( acc->nicks, xml_save_nick, & fd ) )
440	goto write_error;
441
442	if( !xml_printf( fd, 1, "</account>\n" ) )
443	goto write_error;
444	}
445
446	if( !xml_printf( fd, 0, "</user>\n" ) )
447	goto write_error;
448
449	close( fd );
450
451	path2 = g_strndup( path, strlen( path ) - 1 );
452	if( rename( path, path2 ) != 0 )
453	{
454	irc_usermsg( irc, "Error while renaming temporary configuration file." );
455
456	g_free( path2 );
457	unlink( path );
458
459	return STORAGE_OTHER_ERROR;
460	}
461
462	g_free( path2 );
463
464	return STORAGE_OK;
465
466	write_error:
467	g_free( pass_buf );
468
469	irc_usermsg( irc, "Write error. Disk full?" );
470	close( fd );
471
472	return STORAGE_OTHER_ERROR;
473	}
474
475	static gboolean xml_save_nick( gpointer key, gpointer value, gpointer data )
476	{
477	return !xml_printf( ( (int) data ), 2, "<buddy handle=\"%s\" nick=\"%s\" />\n", key, value );
478	}
479
480	static storage_status_t xml_remove( const char nick, const char password )
481	{
482	char s[512];
483	storage_status_t status;
484
485	status = xml_check_pass( nick, password );
486	if( status != STORAGE_OK )
487	return status;
488
489	g_snprintf( s, 511, "%s%s%s", global.conf->configdir, nick, ".xml" );
490	if( unlink( s ) == -1 )
491	return STORAGE_OTHER_ERROR;
492
493	return STORAGE_OK;
494	}
495
496	storage_t storage_xml = {
497	.name = "xml",
498	.init = xml_init,
499	.check_pass = xml_check_pass,
500	.remove = xml_remove,
501	.load = xml_load,
502	.save = xml_save
503	};

Note: See TracBrowser for help on using the repository browser.

Download in other formats: