Context Navigation

source: storage_xml.c @ 88086db

Last change on this file since 88086db was 88086db, checked in by Wilmer van der Gaast <wilmer@…>, at 2006-06-25T17:23:27Z
Added versioning information to the XML-file (convenient for later format changes), got rid of confusing "Password successfully changed" message when the user uses the identify-command and protected rc4_decode() against short inputs.
Property mode set to `100644`
File size: 14.0 KB

Line
1	/********************************************************************\
2	* BitlBee -- An IRC to other IM-networks gateway *
3	* *
4	* Copyright 2002-2006 Wilmer van der Gaast and others *
5	\********************************************************************/
6
7	/* Storage backend that uses an XMLish format for all data. */
8
9	/*
10	This program is free software; you can redistribute it and/or modify
11	it under the terms of the GNU General Public License as published by
12	the Free Software Foundation; either version 2 of the License, or
13	(at your option) any later version.
14
15	This program is distributed in the hope that it will be useful,
16	but WITHOUT ANY WARRANTY; without even the implied warranty of
17	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18	GNU General Public License for more details.
19
20	You should have received a copy of the GNU General Public License with
21	the Debian GNU/Linux distribution in /usr/share/common-licenses/GPL;
22	if not, write to the Free Software Foundation, Inc., 59 Temple Place,
23	Suite 330, Boston, MA 02111-1307 USA
24	*/
25
26	#define BITLBEE_CORE
27	#include "bitlbee.h"
28	#include "base64.h"
29	#include "rc4.h"
30	#include "md5.h"
31
32	typedef enum
33	{
34	XML_PASS_CHECK_ONLY = -1,
35	XML_PASS_UNKNOWN = 0,
36	XML_PASS_OK
37	} xml_pass_st;
38
39	/* This isn't very clean, probably making a separate error class + code for
40	BitlBee would be a better solution. But this will work for now... */
41	#define XML_PASS_ERRORMSG "Wrong username or password"
42	#define XML_FORMAT_VERSION 1
43
44	struct xml_parsedata
45	{
46	irc_t *irc;
47	char *current_setting;
48	account_t *current_account;
49	char *given_nick;
50	char *given_pass;
51	xml_pass_st pass_st;
52	};
53
54	static char xml_attr( const gchar attr_names, const gchar attr_values, const gchar key )
55	{
56	int i;
57
58	for( i = 0; attr_names[i]; i ++ )
59	if( g_strcasecmp( attr_names[i], key ) == 0 )
60	return (char*) attr_values[i];
61
62	return NULL;
63	}
64
65	static void xml_destroy_xd( gpointer data )
66	{
67	struct xml_parsedata *xd = data;
68
69	g_free( xd->given_nick );
70	g_free( xd->given_pass );
71	g_free( xd );
72	}
73
74	static void xml_start_element( GMarkupParseContext ctx, const gchar element_name, const gchar attr_names, const gchar attr_values, gpointer data, GError **error )
75	{
76	struct xml_parsedata *xd = data;
77	irc_t *irc = xd->irc;
78
79	if( g_strcasecmp( element_name, "user" ) == 0 )
80	{
81	char *nick = xml_attr( attr_names, attr_values, "nick" );
82	char *pass = xml_attr( attr_names, attr_values, "password" );
83	md5_byte_t *pass_dec = NULL;
84
85	if( !nick \|\| !pass )
86	{
87	g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
88	"Missing attributes for %s element", element_name );
89	}
90	else if( base64_decode( pass, &pass_dec ) != 21 )
91	{
92	g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
93	"Error while decoding password attribute" );
94	}
95	else
96	{
97	md5_byte_t pass_md5[16];
98	md5_state_t md5_state;
99	int i;
100
101	md5_init( &md5_state );
102	md5_append( &md5_state, (md5_byte_t*) xd->given_pass, strlen( xd->given_pass ) );
103	md5_append( &md5_state, (md5_byte_t) pass_dec + 16, 5 ); / Hmmm, salt! */
104	md5_finish( &md5_state, pass_md5 );
105
106	for( i = 0; i < 16; i ++ )
107	{
108	if( pass_dec[i] != pass_md5[i] )
109	{
110	g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
111	XML_PASS_ERRORMSG );
112	break;
113	}
114	}
115
116	/* If we reached the end of the loop, it was a match! */
117	if( i == 16 )
118	{
119	if( xd->pass_st != XML_PASS_CHECK_ONLY )
120	xd->pass_st = XML_PASS_OK;
121	}
122	}
123
124	g_free( pass_dec );
125	}
126	else if( xd->pass_st < XML_PASS_OK )
127	{
128	/* Let's not parse anything else if we only have to check
129	the password. */
130	}
131	else if( g_strcasecmp( element_name, "account" ) == 0 )
132	{
133	char protocol, handle, server, password, *autoconnect;
134	char pass_b64 = NULL, pass_rc4 = NULL;
135	int pass_len;
136	struct prpl *prpl = NULL;
137
138	handle = xml_attr( attr_names, attr_values, "handle" );
139	pass_b64 = xml_attr( attr_names, attr_values, "password" );
140	server = xml_attr( attr_names, attr_values, "server" );
141	autoconnect = xml_attr( attr_names, attr_values, "autoconnect" );
142
143	protocol = xml_attr( attr_names, attr_values, "protocol" );
144	if( protocol )
145	prpl = find_protocol( protocol );
146
147	if( !handle \|\| !pass_b64 \|\| !protocol )
148	g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
149	"Missing attributes for %s element", element_name );
150	else if( !prpl )
151	g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
152	"Unknown protocol: %s", protocol );
153	else if( ( pass_len = base64_decode( pass_b64, (unsigned char**) &pass_rc4 ) ) &&
154	rc4_decode( (unsigned char*) pass_rc4, pass_len,
155	(unsigned char**) &password, xd->given_pass ) )
156	{
157	xd->current_account = account_add( irc, prpl, handle, password );
158	if( server )
159	xd->current_account->server = g_strdup( server );
160	if( autoconnect )
161	/* Return value doesn't matter, since account_add() already sets
162	a default! */
163	sscanf( autoconnect, "%d", &xd->current_account->auto_connect );
164	}
165	else
166	{
167	/* Actually the _decode functions don't even return error codes,
168	but maybe they will later... */
169	g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
170	"Error while decrypting account password" );
171	}
172
173	g_free( pass_rc4 );
174	g_free( password );
175	}
176	else if( g_strcasecmp( element_name, "setting" ) == 0 )
177	{
178	if( xd->current_account == NULL )
179	{
180	char *setting;
181
182	if( xd->current_setting )
183	{
184	g_free( xd->current_setting );
185	xd->current_setting = NULL;
186	}
187
188	if( ( setting = xml_attr( attr_names, attr_values, "name" ) ) )
189	xd->current_setting = g_strdup( setting );
190	else
191	g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
192	"Missing attributes for %s element", element_name );
193	}
194	}
195	else if( g_strcasecmp( element_name, "buddy" ) == 0 )
196	{
197	char handle, nick;
198
199	handle = xml_attr( attr_names, attr_values, "handle" );
200	nick = xml_attr( attr_names, attr_values, "nick" );
201
202	if( xd->current_account && handle && nick )
203	{
204	nick_set( irc, handle, xd->current_account->prpl, nick );
205	}
206	else
207	{
208	g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
209	"Missing attributes for %s element", element_name );
210	}
211	}
212	else
213	{
214	g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_UNKNOWN_ELEMENT,
215	"Unkown element: %s", element_name );
216	}
217	}
218
219	static void xml_end_element( GMarkupParseContext ctx, const gchar element_name, gpointer data, GError **error )
220	{
221	struct xml_parsedata *xd = data;
222
223	if( g_strcasecmp( element_name, "setting" ) == 0 && xd->current_setting )
224	{
225	g_free( xd->current_setting );
226	xd->current_setting = NULL;
227	}
228	else if( g_strcasecmp( element_name, "account" ) == 0 )
229	{
230	xd->current_account = NULL;
231	}
232	}
233
234	static void xml_text( GMarkupParseContext ctx, const gchar text, gsize text_len, gpointer data, GError **error )
235	{
236	struct xml_parsedata *xd = data;
237	irc_t *irc = xd->irc;
238
239	if( xd->pass_st < XML_PASS_OK )
240	{
241	/* Let's not parse anything else if we only have to check
242	the password, or if we didn't get the chance to check it
243	yet. */
244	}
245	else if( g_strcasecmp( g_markup_parse_context_get_element( ctx ), "setting" ) == 0 &&
246	xd->current_setting && xd->current_account == NULL )
247	{
248	set_setstr( irc, xd->current_setting, (char*) text );
249	g_free( xd->current_setting );
250	xd->current_setting = NULL;
251	}
252	}
253
254	GMarkupParser xml_parser =
255	{
256	xml_start_element,
257	xml_end_element,
258	xml_text,
259	NULL,
260	NULL
261	};
262
263	static void xml_init( void )
264	{
265	if( access( global.conf->configdir, F_OK ) != 0 )
266	log_message( LOGLVL_WARNING, "The configuration directory %s does not exist. Configuration won't be saved.", CONFIG );
267	else if( access( global.conf->configdir, R_OK ) != 0 \|\| access( global.conf->configdir, W_OK ) != 0 )
268	log_message( LOGLVL_WARNING, "Permission problem: Can't read/write from/to %s.", global.conf->configdir );
269	}
270
271	static storage_status_t xml_load_real( const char my_nick, const char password, irc_t *irc, xml_pass_st action )
272	{
273	GMarkupParseContext *ctx;
274	struct xml_parsedata *xd;
275	char *fn, buf[512];
276	GError *gerr = NULL;
277	int fd, st;
278
279	if( irc && irc->status & USTATUS_IDENTIFIED )
280	return( 1 );
281
282	xd = g_new0( struct xml_parsedata, 1 );
283	xd->irc = irc;
284	xd->given_nick = g_strdup( my_nick );
285	xd->given_pass = g_strdup( password );
286	xd->pass_st = action;
287	nick_lc( xd->given_nick );
288
289	fn = g_strdup_printf( "%s%s%s", global.conf->configdir, xd->given_nick, ".xml" );
290	if( ( fd = open( fn, O_RDONLY ) ) < 0 )
291	{
292	xml_destroy_xd( xd );
293	g_free( fn );
294	return STORAGE_NO_SUCH_USER;
295	}
296	g_free( fn );
297
298	ctx = g_markup_parse_context_new( &xml_parser, 0, xd, xml_destroy_xd );
299
300	while( ( st = read( fd, buf, sizeof( buf ) ) ) > 0 )
301	{
302	if( !g_markup_parse_context_parse( ctx, buf, st, &gerr ) \|\| gerr )
303	{
304	g_markup_parse_context_free( ctx );
305	close( fd );
306
307	/* Slightly dirty... */
308	if( gerr && strcmp( gerr->message, XML_PASS_ERRORMSG ) == 0 )
309	{
310	g_clear_error( &gerr );
311	return STORAGE_INVALID_PASSWORD;
312	}
313	else
314	{
315	if( gerr && irc )
316	irc_usermsg( irc, "Error from XML-parser: %s", gerr->message );
317
318	g_clear_error( &gerr );
319	return STORAGE_OTHER_ERROR;
320	}
321	}
322	}
323	/* Just to be sure... */
324	g_clear_error( &gerr );
325
326	g_markup_parse_context_free( ctx );
327	close( fd );
328
329	if( action == XML_PASS_CHECK_ONLY )
330	return STORAGE_OK;
331
332	irc->status \|= USTATUS_IDENTIFIED;
333
334	if( set_getint( irc, "auto_connect" ) )
335	{
336	/* Can't do this directly because r_c_s alters the string */
337	strcpy( buf, "account on" );
338	root_command_string( irc, NULL, buf, 0 );
339	}
340
341	return STORAGE_OK;
342	}
343
344	static storage_status_t xml_load( const char my_nick, const char password, irc_t *irc )
345	{
346	return xml_load_real( my_nick, password, irc, XML_PASS_UNKNOWN );
347	}
348
349	static storage_status_t xml_check_pass( const char my_nick, const char password )
350	{
351	/* This is a little bit risky because we have to pass NULL for the
352	irc_t argument. This should be fine, if I didn't miss anything... */
353	return xml_load_real( my_nick, password, NULL, XML_PASS_CHECK_ONLY );
354	}
355
356	static int xml_printf( int fd, char *fmt, ... )
357	{
358	va_list params;
359	char *out;
360	int len;
361
362	va_start( params, fmt );
363	out = g_markup_vprintf_escaped( fmt, params );
364	va_end( params );
365
366	len = strlen( out );
367	len -= write( fd, out, len );
368	g_free( out );
369
370	return len == 0;
371	}
372
373	static storage_status_t xml_save( irc_t *irc, int overwrite )
374	{
375	char path[512], path2, pass_buf = NULL;
376	set_t *set;
377	nick_t *nick;
378	account_t *acc;
379	int fd, i;
380	md5_byte_t pass_md5[21];
381	md5_state_t md5_state;
382
383	if( irc->password == NULL )
384	{
385	irc_usermsg( irc, "Please register yourself if you want to save your settings." );
386	return STORAGE_OTHER_ERROR;
387	}
388
389	g_snprintf( path, sizeof( path ) - 2, "%s%s%s", global.conf->configdir, irc->nick, ".xml" );
390
391	if( !overwrite && access( path, F_OK ) != -1 )
392	return STORAGE_ALREADY_EXISTS;
393
394	strcat( path, "~" );
395	if( ( fd = open( path, O_WRONLY \| O_CREAT, 0600 ) ) < 0 )
396	{
397	irc_usermsg( irc, "Error while opening configuration file." );
398	return STORAGE_OTHER_ERROR;
399	}
400
401	/* Generate a salted md5sum of the password. Use 5 bytes for the salt
402	(to prevent dictionary lookups of passwords) to end up with a 21-
403	byte password hash, more convenient for base64 encoding. */
404	for( i = 0; i < 5; i ++ )
405	pass_md5[16+i] = rand() & 0xff;
406	md5_init( &md5_state );
407	md5_append( &md5_state, (md5_byte_t*) irc->password, strlen( irc->password ) );
408	md5_append( &md5_state, pass_md5 + 16, 5 ); /* Add the salt. */
409	md5_finish( &md5_state, pass_md5 );
410	/* Save the hash in base64-encoded form. */
411	pass_buf = base64_encode( (char*) pass_md5, 21 );
412
413	if( !xml_printf( fd, "<user nick=\"%s\" password=\"%s\" version=\"%d\">\n", irc->nick, pass_buf, XML_FORMAT_VERSION ) )
414	goto write_error;
415
416	g_free( pass_buf );
417
418	for( set = irc->set; set; set = set->next )
419	if( set->value && set->def )
420	if( !xml_printf( fd, "\t<setting name=\"%s\">%s</setting>\n", set->key, set->value ) )
421	goto write_error;
422
423	for( acc = irc->accounts; acc; acc = acc->next )
424	{
425	char pass_rc4, pass_b64;
426	int pass_len;
427
428	pass_len = rc4_encode( (unsigned char) acc->pass, strlen( acc->pass ), (unsigned char*) &pass_rc4, irc->password );
429	pass_b64 = base64_encode( pass_rc4, pass_len );
430
431	if( !xml_printf( fd, "\t<account protocol=\"%s\" handle=\"%s\" password=\"%s\" autoconnect=\"%d\"", acc->prpl->name, acc->user, pass_b64, acc->auto_connect ) )
432	{
433	g_free( pass_rc4 );
434	g_free( pass_b64 );
435	goto write_error;
436	}
437	g_free( pass_rc4 );
438	g_free( pass_b64 );
439
440	if( acc->server && acc->server[0] && !xml_printf( fd, " server=\"%s\"", acc->server ) )
441	goto write_error;
442	if( !xml_printf( fd, ">\n" ) )
443	goto write_error;
444
445	for( nick = irc->nicks; nick; nick = nick->next )
446	if( nick->proto == acc->prpl )
447	if( !xml_printf( fd, "\t\t<buddy handle=\"%s\" nick=\"%s\" />\n", nick->handle, nick->nick ) )
448	goto write_error;
449
450	if( !xml_printf( fd, "\t</account>\n" ) )
451	goto write_error;
452	}
453
454	if( !xml_printf( fd, "</user>\n" ) )
455	goto write_error;
456
457	close( fd );
458
459	path2 = g_strndup( path, strlen( path ) - 1 );
460	if( rename( path, path2 ) != 0 )
461	{
462	irc_usermsg( irc, "Error while renaming temporary configuration file." );
463
464	g_free( path2 );
465	unlink( path );
466
467	return STORAGE_OTHER_ERROR;
468	}
469
470	g_free( path2 );
471
472	return STORAGE_OK;
473
474	write_error:
475	g_free( pass_buf );
476
477	irc_usermsg( irc, "Write error. Disk full?" );
478	close( fd );
479
480	return STORAGE_OTHER_ERROR;
481	}
482
483	static storage_status_t xml_remove( const char nick, const char password )
484	{
485	char s[512];
486	storage_status_t status;
487
488	status = xml_check_pass( nick, password );
489	if( status != STORAGE_OK )
490	return status;
491
492	g_snprintf( s, 511, "%s%s%s", global.conf->configdir, nick, ".xml" );
493	if( unlink( s ) == -1 )
494	return STORAGE_OTHER_ERROR;
495
496	return STORAGE_OK;
497	}
498
499	storage_t storage_xml = {
500	.name = "xml",
501	.init = xml_init,
502	.check_pass = xml_check_pass,
503	.remove = xml_remove,
504	.load = xml_load,
505	.save = xml_save
506	};

Note: See TracBrowser for help on using the repository browser.

Download in other formats: