1 | /********************************************************************\ |
---|
2 | * BitlBee -- An IRC to other IM-networks gateway * |
---|
3 | * * |
---|
4 | * Copyright 2002-2006 Wilmer van der Gaast and others * |
---|
5 | \********************************************************************/ |
---|
6 | |
---|
7 | /* Storage backend that uses an XMLish format for all data. */ |
---|
8 | |
---|
9 | /* |
---|
10 | This program is free software; you can redistribute it and/or modify |
---|
11 | it under the terms of the GNU General Public License as published by |
---|
12 | the Free Software Foundation; either version 2 of the License, or |
---|
13 | (at your option) any later version. |
---|
14 | |
---|
15 | This program is distributed in the hope that it will be useful, |
---|
16 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
18 | GNU General Public License for more details. |
---|
19 | |
---|
20 | You should have received a copy of the GNU General Public License with |
---|
21 | the Debian GNU/Linux distribution in /usr/share/common-licenses/GPL; |
---|
22 | if not, write to the Free Software Foundation, Inc., 59 Temple Place, |
---|
23 | Suite 330, Boston, MA 02111-1307 USA |
---|
24 | */ |
---|
25 | |
---|
26 | #define BITLBEE_CORE |
---|
27 | #include "bitlbee.h" |
---|
28 | #include "base64.h" |
---|
29 | #include "rc4.h" |
---|
30 | #include "md5.h" |
---|
31 | |
---|
32 | typedef enum |
---|
33 | { |
---|
34 | XML_PASS_CHECK_ONLY = -1, |
---|
35 | XML_PASS_UNKNOWN = 0, |
---|
36 | XML_PASS_OK |
---|
37 | } xml_pass_st; |
---|
38 | |
---|
39 | /* This isn't very clean, probably making a separate error class + code for |
---|
40 | BitlBee would be a better solution. But this will work for now... */ |
---|
41 | #define XML_PASS_ERRORMSG "Wrong username or password" |
---|
42 | |
---|
43 | struct xml_parsedata |
---|
44 | { |
---|
45 | irc_t *irc; |
---|
46 | char *current_setting; |
---|
47 | account_t *current_account; |
---|
48 | char *given_nick; |
---|
49 | char *given_pass; |
---|
50 | xml_pass_st pass_st; |
---|
51 | }; |
---|
52 | |
---|
53 | static char *xml_attr( const gchar **attr_names, const gchar **attr_values, const gchar *key ) |
---|
54 | { |
---|
55 | int i; |
---|
56 | |
---|
57 | for( i = 0; attr_names[i]; i ++ ) |
---|
58 | if( g_strcasecmp( attr_names[i], key ) == 0 ) |
---|
59 | return (char*) attr_values[i]; |
---|
60 | |
---|
61 | return NULL; |
---|
62 | } |
---|
63 | |
---|
64 | static void xml_destroy_xd( gpointer data ) |
---|
65 | { |
---|
66 | struct xml_parsedata *xd = data; |
---|
67 | |
---|
68 | g_free( xd->given_nick ); |
---|
69 | g_free( xd->given_pass ); |
---|
70 | g_free( xd ); |
---|
71 | } |
---|
72 | |
---|
73 | static void xml_start_element( GMarkupParseContext *ctx, const gchar *element_name, const gchar **attr_names, const gchar **attr_values, gpointer data, GError **error ) |
---|
74 | { |
---|
75 | struct xml_parsedata *xd = data; |
---|
76 | irc_t *irc = xd->irc; |
---|
77 | |
---|
78 | if( g_strcasecmp( element_name, "user" ) == 0 ) |
---|
79 | { |
---|
80 | char *nick = xml_attr( attr_names, attr_values, "nick" ); |
---|
81 | char *pass = xml_attr( attr_names, attr_values, "password" ); |
---|
82 | md5_byte_t *pass_dec = NULL; |
---|
83 | |
---|
84 | if( !nick || !pass ) |
---|
85 | { |
---|
86 | g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT, |
---|
87 | "Missing attributes for %s element", element_name ); |
---|
88 | } |
---|
89 | else if( base64_decode( pass, &pass_dec ) != 21 ) |
---|
90 | { |
---|
91 | g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT, |
---|
92 | "Error while decoding password attribute" ); |
---|
93 | } |
---|
94 | else |
---|
95 | { |
---|
96 | md5_byte_t pass_md5[16]; |
---|
97 | md5_state_t md5_state; |
---|
98 | int i; |
---|
99 | |
---|
100 | md5_init( &md5_state ); |
---|
101 | md5_append( &md5_state, (md5_byte_t*) xd->given_pass, strlen( xd->given_pass ) ); |
---|
102 | md5_append( &md5_state, (md5_byte_t*) pass_dec + 16, 5 ); /* Hmmm, salt! */ |
---|
103 | md5_finish( &md5_state, pass_md5 ); |
---|
104 | |
---|
105 | for( i = 0; i < 16; i ++ ) |
---|
106 | { |
---|
107 | if( pass_dec[i] != pass_md5[i] ) |
---|
108 | { |
---|
109 | g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT, |
---|
110 | XML_PASS_ERRORMSG ); |
---|
111 | break; |
---|
112 | } |
---|
113 | } |
---|
114 | |
---|
115 | /* If we reached the end of the loop, it was a match! */ |
---|
116 | if( i == 16 ) |
---|
117 | { |
---|
118 | if( xd->pass_st != XML_PASS_CHECK_ONLY ) |
---|
119 | xd->pass_st = XML_PASS_OK; |
---|
120 | } |
---|
121 | } |
---|
122 | |
---|
123 | g_free( pass_dec ); |
---|
124 | } |
---|
125 | else if( xd->pass_st < XML_PASS_OK ) |
---|
126 | { |
---|
127 | /* Let's not parse anything else if we only have to check |
---|
128 | the password. */ |
---|
129 | } |
---|
130 | else if( g_strcasecmp( element_name, "account" ) == 0 ) |
---|
131 | { |
---|
132 | char *protocol, *handle, *server, *password, *autoconnect; |
---|
133 | char *pass_b64 = NULL, *pass_rc4 = NULL; |
---|
134 | int pass_len; |
---|
135 | struct prpl *prpl = NULL; |
---|
136 | |
---|
137 | handle = xml_attr( attr_names, attr_values, "handle" ); |
---|
138 | pass_b64 = xml_attr( attr_names, attr_values, "password" ); |
---|
139 | server = xml_attr( attr_names, attr_values, "server" ); |
---|
140 | autoconnect = xml_attr( attr_names, attr_values, "autoconnect" ); |
---|
141 | |
---|
142 | protocol = xml_attr( attr_names, attr_values, "protocol" ); |
---|
143 | if( protocol ) |
---|
144 | prpl = find_protocol( protocol ); |
---|
145 | |
---|
146 | if( !handle || !pass_b64 || !protocol ) |
---|
147 | g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT, |
---|
148 | "Missing attributes for %s element", element_name ); |
---|
149 | else if( !prpl ) |
---|
150 | g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT, |
---|
151 | "Unknown protocol: %s", protocol ); |
---|
152 | else if( ( pass_len = base64_decode( pass_b64, (unsigned char**) &pass_rc4 ) ) && |
---|
153 | rc4_decode( (unsigned char*) pass_rc4, pass_len, |
---|
154 | (unsigned char**) &password, xd->given_pass ) ) |
---|
155 | { |
---|
156 | xd->current_account = account_add( irc, prpl, handle, password ); |
---|
157 | if( server ) |
---|
158 | xd->current_account->server = g_strdup( server ); |
---|
159 | if( autoconnect ) |
---|
160 | /* Return value doesn't matter, since account_add() already sets |
---|
161 | a default! */ |
---|
162 | sscanf( autoconnect, "%d", &xd->current_account->auto_connect ); |
---|
163 | } |
---|
164 | else |
---|
165 | { |
---|
166 | /* Actually the _decode functions don't even return error codes, |
---|
167 | but maybe they will later... */ |
---|
168 | g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT, |
---|
169 | "Error while decrypting account password" ); |
---|
170 | } |
---|
171 | |
---|
172 | g_free( pass_rc4 ); |
---|
173 | g_free( password ); |
---|
174 | } |
---|
175 | else if( g_strcasecmp( element_name, "setting" ) == 0 ) |
---|
176 | { |
---|
177 | if( xd->current_account == NULL ) |
---|
178 | { |
---|
179 | char *setting; |
---|
180 | |
---|
181 | if( xd->current_setting ) |
---|
182 | { |
---|
183 | g_free( xd->current_setting ); |
---|
184 | xd->current_setting = NULL; |
---|
185 | } |
---|
186 | |
---|
187 | if( ( setting = xml_attr( attr_names, attr_values, "name" ) ) ) |
---|
188 | xd->current_setting = g_strdup( setting ); |
---|
189 | else |
---|
190 | g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT, |
---|
191 | "Missing attributes for %s element", element_name ); |
---|
192 | } |
---|
193 | } |
---|
194 | else if( g_strcasecmp( element_name, "buddy" ) == 0 ) |
---|
195 | { |
---|
196 | char *handle, *nick; |
---|
197 | |
---|
198 | handle = xml_attr( attr_names, attr_values, "handle" ); |
---|
199 | nick = xml_attr( attr_names, attr_values, "nick" ); |
---|
200 | |
---|
201 | if( xd->current_account && handle && nick ) |
---|
202 | { |
---|
203 | nick_set( irc, handle, xd->current_account->prpl, nick ); |
---|
204 | } |
---|
205 | else |
---|
206 | { |
---|
207 | g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT, |
---|
208 | "Missing attributes for %s element", element_name ); |
---|
209 | } |
---|
210 | } |
---|
211 | else |
---|
212 | { |
---|
213 | g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_UNKNOWN_ELEMENT, |
---|
214 | "Unkown element: %s", element_name ); |
---|
215 | } |
---|
216 | } |
---|
217 | |
---|
218 | static void xml_end_element( GMarkupParseContext *ctx, const gchar *element_name, gpointer data, GError **error ) |
---|
219 | { |
---|
220 | struct xml_parsedata *xd = data; |
---|
221 | |
---|
222 | if( g_strcasecmp( element_name, "setting" ) == 0 && xd->current_setting ) |
---|
223 | { |
---|
224 | g_free( xd->current_setting ); |
---|
225 | xd->current_setting = NULL; |
---|
226 | } |
---|
227 | else if( g_strcasecmp( element_name, "account" ) == 0 ) |
---|
228 | { |
---|
229 | xd->current_account = NULL; |
---|
230 | } |
---|
231 | } |
---|
232 | |
---|
233 | static void xml_text( GMarkupParseContext *ctx, const gchar *text, gsize text_len, gpointer data, GError **error ) |
---|
234 | { |
---|
235 | struct xml_parsedata *xd = data; |
---|
236 | irc_t *irc = xd->irc; |
---|
237 | |
---|
238 | if( xd->pass_st < XML_PASS_OK ) |
---|
239 | { |
---|
240 | /* Let's not parse anything else if we only have to check |
---|
241 | the password, or if we didn't get the chance to check it |
---|
242 | yet. */ |
---|
243 | } |
---|
244 | else if( g_strcasecmp( g_markup_parse_context_get_element( ctx ), "setting" ) == 0 && |
---|
245 | xd->current_setting && xd->current_account == NULL ) |
---|
246 | { |
---|
247 | set_setstr( irc, xd->current_setting, (char*) text ); |
---|
248 | g_free( xd->current_setting ); |
---|
249 | xd->current_setting = NULL; |
---|
250 | } |
---|
251 | } |
---|
252 | |
---|
253 | GMarkupParser xml_parser = |
---|
254 | { |
---|
255 | xml_start_element, |
---|
256 | xml_end_element, |
---|
257 | xml_text, |
---|
258 | NULL, |
---|
259 | NULL |
---|
260 | }; |
---|
261 | |
---|
262 | static void xml_init( void ) |
---|
263 | { |
---|
264 | if( access( global.conf->configdir, F_OK ) != 0 ) |
---|
265 | log_message( LOGLVL_WARNING, "The configuration directory %s does not exist. Configuration won't be saved.", CONFIG ); |
---|
266 | else if( access( global.conf->configdir, R_OK ) != 0 || access( global.conf->configdir, W_OK ) != 0 ) |
---|
267 | log_message( LOGLVL_WARNING, "Permission problem: Can't read/write from/to %s.", global.conf->configdir ); |
---|
268 | } |
---|
269 | |
---|
270 | static storage_status_t xml_load_real( const char *my_nick, const char *password, irc_t *irc, xml_pass_st action ) |
---|
271 | { |
---|
272 | GMarkupParseContext *ctx; |
---|
273 | struct xml_parsedata *xd; |
---|
274 | char *fn, buf[512]; |
---|
275 | GError *gerr = NULL; |
---|
276 | int fd, st; |
---|
277 | |
---|
278 | if( irc && irc->status & USTATUS_IDENTIFIED ) |
---|
279 | return( 1 ); |
---|
280 | |
---|
281 | xd = g_new0( struct xml_parsedata, 1 ); |
---|
282 | xd->irc = irc; |
---|
283 | xd->given_nick = g_strdup( my_nick ); |
---|
284 | xd->given_pass = g_strdup( password ); |
---|
285 | xd->pass_st = action; |
---|
286 | nick_lc( xd->given_nick ); |
---|
287 | |
---|
288 | fn = g_strdup_printf( "%s%s%s", global.conf->configdir, xd->given_nick, ".xml" ); |
---|
289 | if( ( fd = open( fn, O_RDONLY ) ) < 0 ) |
---|
290 | { |
---|
291 | xml_destroy_xd( xd ); |
---|
292 | g_free( fn ); |
---|
293 | return STORAGE_NO_SUCH_USER; |
---|
294 | } |
---|
295 | g_free( fn ); |
---|
296 | |
---|
297 | ctx = g_markup_parse_context_new( &xml_parser, 0, xd, xml_destroy_xd ); |
---|
298 | |
---|
299 | while( ( st = read( fd, buf, sizeof( buf ) ) ) > 0 ) |
---|
300 | { |
---|
301 | if( !g_markup_parse_context_parse( ctx, buf, st, &gerr ) || gerr ) |
---|
302 | { |
---|
303 | g_markup_parse_context_free( ctx ); |
---|
304 | close( fd ); |
---|
305 | |
---|
306 | /* Slightly dirty... */ |
---|
307 | if( gerr && strcmp( gerr->message, XML_PASS_ERRORMSG ) == 0 ) |
---|
308 | { |
---|
309 | g_clear_error( &gerr ); |
---|
310 | return STORAGE_INVALID_PASSWORD; |
---|
311 | } |
---|
312 | else |
---|
313 | { |
---|
314 | if( gerr && irc ) |
---|
315 | irc_usermsg( irc, "Error from XML-parser: %s", gerr->message ); |
---|
316 | |
---|
317 | g_clear_error( &gerr ); |
---|
318 | return STORAGE_OTHER_ERROR; |
---|
319 | } |
---|
320 | } |
---|
321 | } |
---|
322 | /* Just to be sure... */ |
---|
323 | g_clear_error( &gerr ); |
---|
324 | |
---|
325 | g_markup_parse_context_free( ctx ); |
---|
326 | close( fd ); |
---|
327 | |
---|
328 | if( action == XML_PASS_CHECK_ONLY ) |
---|
329 | return STORAGE_OK; |
---|
330 | |
---|
331 | irc->status |= USTATUS_IDENTIFIED; |
---|
332 | |
---|
333 | if( set_getint( irc, "auto_connect" ) ) |
---|
334 | { |
---|
335 | /* Can't do this directly because r_c_s alters the string */ |
---|
336 | strcpy( buf, "account on" ); |
---|
337 | root_command_string( irc, NULL, buf, 0 ); |
---|
338 | } |
---|
339 | |
---|
340 | return STORAGE_OK; |
---|
341 | } |
---|
342 | |
---|
343 | static storage_status_t xml_load( const char *my_nick, const char *password, irc_t *irc ) |
---|
344 | { |
---|
345 | return xml_load_real( my_nick, password, irc, XML_PASS_UNKNOWN ); |
---|
346 | } |
---|
347 | |
---|
348 | static storage_status_t xml_check_pass( const char *my_nick, const char *password ) |
---|
349 | { |
---|
350 | /* This is a little bit risky because we have to pass NULL for the |
---|
351 | irc_t argument. This *should* be fine, if I didn't miss anything... */ |
---|
352 | return xml_load_real( my_nick, password, NULL, XML_PASS_CHECK_ONLY ); |
---|
353 | } |
---|
354 | |
---|
355 | static int xml_printf( int fd, char *fmt, ... ) |
---|
356 | { |
---|
357 | va_list params; |
---|
358 | char *out; |
---|
359 | int len; |
---|
360 | |
---|
361 | va_start( params, fmt ); |
---|
362 | out = g_markup_vprintf_escaped( fmt, params ); |
---|
363 | va_end( params ); |
---|
364 | |
---|
365 | len = strlen( out ); |
---|
366 | len -= write( fd, out, len ); |
---|
367 | g_free( out ); |
---|
368 | |
---|
369 | return len == 0; |
---|
370 | } |
---|
371 | |
---|
372 | static storage_status_t xml_save( irc_t *irc, int overwrite ) |
---|
373 | { |
---|
374 | char path[512], *path2, *pass_buf = NULL; |
---|
375 | set_t *set; |
---|
376 | nick_t *nick; |
---|
377 | account_t *acc; |
---|
378 | int fd, i; |
---|
379 | md5_byte_t pass_md5[21]; |
---|
380 | md5_state_t md5_state; |
---|
381 | |
---|
382 | if( irc->password == NULL ) |
---|
383 | { |
---|
384 | irc_usermsg( irc, "Please register yourself if you want to save your settings." ); |
---|
385 | return STORAGE_OTHER_ERROR; |
---|
386 | } |
---|
387 | |
---|
388 | g_snprintf( path, sizeof( path ) - 2, "%s%s%s", global.conf->configdir, irc->nick, ".xml" ); |
---|
389 | |
---|
390 | if( !overwrite && access( path, F_OK ) != -1 ) |
---|
391 | return STORAGE_ALREADY_EXISTS; |
---|
392 | |
---|
393 | strcat( path, "~" ); |
---|
394 | if( ( fd = open( path, O_WRONLY | O_CREAT, 0600 ) ) < 0 ) |
---|
395 | { |
---|
396 | irc_usermsg( irc, "Error while opening configuration file." ); |
---|
397 | return STORAGE_OTHER_ERROR; |
---|
398 | } |
---|
399 | |
---|
400 | /* Generate a salted md5sum of the password. Use 5 bytes for the salt |
---|
401 | (to prevent dictionary lookups of passwords) to end up with a 21- |
---|
402 | byte password hash, more convenient for base64 encoding. */ |
---|
403 | for( i = 0; i < 5; i ++ ) |
---|
404 | pass_md5[16+i] = rand() & 0xff; |
---|
405 | md5_init( &md5_state ); |
---|
406 | md5_append( &md5_state, (md5_byte_t*) irc->password, strlen( irc->password ) ); |
---|
407 | md5_append( &md5_state, pass_md5 + 16, 5 ); /* Add the salt. */ |
---|
408 | md5_finish( &md5_state, pass_md5 ); |
---|
409 | /* Save the hash in base64-encoded form. */ |
---|
410 | pass_buf = base64_encode( (char*) pass_md5, 21 ); |
---|
411 | |
---|
412 | if( !xml_printf( fd, "<user nick=\"%s\" password=\"%s\">\n", irc->nick, pass_buf ) ) |
---|
413 | goto write_error; |
---|
414 | |
---|
415 | g_free( pass_buf ); |
---|
416 | |
---|
417 | for( set = irc->set; set; set = set->next ) |
---|
418 | if( set->value && set->def ) |
---|
419 | if( !xml_printf( fd, "\t<setting name=\"%s\">%s</setting>\n", set->key, set->value ) ) |
---|
420 | goto write_error; |
---|
421 | |
---|
422 | for( acc = irc->accounts; acc; acc = acc->next ) |
---|
423 | { |
---|
424 | char *pass_rc4, *pass_b64; |
---|
425 | int pass_len; |
---|
426 | |
---|
427 | pass_len = rc4_encode( (unsigned char*) acc->pass, strlen( acc->pass ), (unsigned char**) &pass_rc4, irc->password ); |
---|
428 | pass_b64 = base64_encode( pass_rc4, pass_len ); |
---|
429 | |
---|
430 | if( !xml_printf( fd, "\t<account protocol=\"%s\" handle=\"%s\" password=\"%s\" autoconnect=\"%d\"", acc->prpl->name, acc->user, pass_b64, acc->auto_connect ) ) |
---|
431 | { |
---|
432 | g_free( pass_rc4 ); |
---|
433 | g_free( pass_b64 ); |
---|
434 | goto write_error; |
---|
435 | } |
---|
436 | g_free( pass_rc4 ); |
---|
437 | g_free( pass_b64 ); |
---|
438 | |
---|
439 | if( acc->server && acc->server[0] && !xml_printf( fd, " server=\"%s\"", acc->server ) ) |
---|
440 | goto write_error; |
---|
441 | if( !xml_printf( fd, ">\n" ) ) |
---|
442 | goto write_error; |
---|
443 | |
---|
444 | for( nick = irc->nicks; nick; nick = nick->next ) |
---|
445 | if( nick->proto == acc->prpl ) |
---|
446 | if( !xml_printf( fd, "\t\t<buddy handle=\"%s\" nick=\"%s\" />\n", nick->handle, nick->nick ) ) |
---|
447 | goto write_error; |
---|
448 | |
---|
449 | if( !xml_printf( fd, "\t</account>\n" ) ) |
---|
450 | goto write_error; |
---|
451 | } |
---|
452 | |
---|
453 | if( !xml_printf( fd, "</user>\n" ) ) |
---|
454 | goto write_error; |
---|
455 | |
---|
456 | close( fd ); |
---|
457 | |
---|
458 | path2 = g_strndup( path, strlen( path ) - 1 ); |
---|
459 | if( rename( path, path2 ) != 0 ) |
---|
460 | { |
---|
461 | irc_usermsg( irc, "Error while renaming temporary configuration file." ); |
---|
462 | |
---|
463 | g_free( path2 ); |
---|
464 | unlink( path ); |
---|
465 | |
---|
466 | return STORAGE_OTHER_ERROR; |
---|
467 | } |
---|
468 | |
---|
469 | g_free( path2 ); |
---|
470 | |
---|
471 | return STORAGE_OK; |
---|
472 | |
---|
473 | write_error: |
---|
474 | g_free( pass_buf ); |
---|
475 | |
---|
476 | irc_usermsg( irc, "Write error. Disk full?" ); |
---|
477 | close( fd ); |
---|
478 | |
---|
479 | return STORAGE_OTHER_ERROR; |
---|
480 | } |
---|
481 | |
---|
482 | static storage_status_t xml_remove( const char *nick, const char *password ) |
---|
483 | { |
---|
484 | char s[512]; |
---|
485 | storage_status_t status; |
---|
486 | |
---|
487 | status = xml_check_pass( nick, password ); |
---|
488 | if( status != STORAGE_OK ) |
---|
489 | return status; |
---|
490 | |
---|
491 | g_snprintf( s, 511, "%s%s%s", global.conf->configdir, nick, ".xml" ); |
---|
492 | if( unlink( s ) == -1 ) |
---|
493 | return STORAGE_OTHER_ERROR; |
---|
494 | |
---|
495 | return STORAGE_OK; |
---|
496 | } |
---|
497 | |
---|
498 | storage_t storage_xml = { |
---|
499 | .name = "xml", |
---|
500 | .init = xml_init, |
---|
501 | .check_pass = xml_check_pass, |
---|
502 | .remove = xml_remove, |
---|
503 | .load = xml_load, |
---|
504 | .save = xml_save |
---|
505 | }; |
---|