Context Navigation

Reverse Diff

sasl.c [af97b23:911d97a]

File:

: 1 edited

protocols/jabber/sasl.c (modified) (10 diffs)

Legend:

: Unmodified
: Added
: Removed

protocols/jabber/sasl.c

-                      raf97b23
+                      r911d97a
 #include "jabber.h"
 #include "base64.h"
+#include "oauth2.h"
+#include "oauth.h"
 xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data )
 …
         struct xt_node *c, *reply;
         char *s;
         int sup_plain = 0, sup_digest = 0;
+        int sup_plain = 0, sup_digest = 0, sup_oauth2 = 0, sup_fb = 0;
         if( !sasl_supported( ic ) )
 …
                 if( c->text && g_strcasecmp( c->text, "DIGEST-MD5" ) == 0 )
                         sup_digest = 1;
+                if( c->text && g_strcasecmp( c->text, "X-OAUTH2" ) == 0 )
+                        sup_oauth2 = 1;
+                if( c->text && g_strcasecmp( c->text, "X-FACEBOOK-PLATFORM" ) == 0 )
+                        sup_fb = 1;
                 c = c->next;
 …
         xt_add_attr( reply, "xmlns", XMLNS_SASL );
+        if( sup_digest )
+        if( set_getbool( &ic->acc->set, "oauth" ) )
+        {
+                int len;
+                if( !sup_oauth2 )
+                {
+                        imcb_error( ic, "OAuth requested, but not supported by server" );
+                        imc_logout( ic, FALSE );
+                        xt_free_node( reply );
+                        return XT_ABORT;
+                }
+                /* X-OAUTH2 is, not *the* standard OAuth2 SASL/XMPP implementation.
+                   It's currently used by GTalk and vaguely documented on
+                   http://code.google.com/apis/cloudprint/docs/rawxmpp.html . */
+                xt_add_attr( reply, "mechanism", "X-OAUTH2" );
+                len = strlen( jd->username ) + strlen( jd->oauth2_access_token ) + 2;
+                s = g_malloc( len + 1 );
+                s[0] = 0;
+                strcpy( s + 1, jd->username );
+                strcpy( s + 2 + strlen( jd->username ), jd->oauth2_access_token );
+                reply->text = base64_encode( (unsigned char *)s, len );
+                reply->text_len = strlen( reply->text );
+                g_free( s );
+        }
+        else if( sup_fb && strstr( ic->acc->pass, "session_key=" ) )
+        {
+                xt_add_attr( reply, "mechanism", "X-FACEBOOK-PLATFORM" );
+                jd->flags |= JFLAG_SASL_FB;
+        }
+        else if( sup_digest )
+        {
                 xt_add_attr( reply, "mechanism", "DIGEST-MD5" );
 …
+        }
         if( !jabber_write_packet( ic, reply ) )
+        if( reply && !jabber_write_packet( ic, reply ) )
+        {
                 xt_free_node( reply );
 …
         struct im_connection *ic = data;
         struct jabber_data *jd = ic->proto_data;
         struct xt_node *reply = NULL;
+        struct xt_node *reply_pkt = NULL;
         char *nonce = NULL, *realm = NULL, *cnonce = NULL;
         unsigned char cnonce_bin[30];
         char *digest_uri = NULL;
         char *dec = NULL;
         char *s = NULL;
+        char *s = NULL, *reply = NULL;
         xt_status ret = XT_ABORT;
 …
         dec = frombase64( node->text );
+        if( !( s = sasl_get_part( dec, "rspauth" ) ) )
+        if( jd->flags & JFLAG_SASL_FB )
+        {
+                /* Facebook proprietary authentication. Not as useful as it seemed, but
+                   the code's written now, may as well keep it..
+                   Mechanism is described on http://developers.facebook.com/docs/chat/
+                   and in their Python module. It's all mostly useless because the tokens
+                   expire after 24h. */
+                GSList *p_in = NULL, *p_out = NULL, *p;
+                md5_state_t md5;
+                char time[33], *token;
+                const char *secret;
+                oauth_params_parse( &p_in, dec );
+                oauth_params_add( &p_out, "nonce", oauth_params_get( &p_in, "nonce" ) );
+                oauth_params_add( &p_out, "method", oauth_params_get( &p_in, "method" ) );
+                oauth_params_free( &p_in );
+                token = g_strdup( ic->acc->pass );
+                oauth_params_parse( &p_in, token );
+                g_free( token );
+                oauth_params_add( &p_out, "session_key", oauth_params_get( &p_in, "session_key" ) );
+                g_snprintf( time, sizeof( time ), "%lld", (long long) ( gettime() * 1000 ) );
+                oauth_params_add( &p_out, "call_id", time );
+                oauth_params_add( &p_out, "api_key", oauth2_service_facebook.consumer_key );
+                oauth_params_add( &p_out, "v", "1.0" );
+                oauth_params_add( &p_out, "format", "XML" );
+                md5_init( &md5 );
+                for( p = p_out; p; p = p->next )
+                        md5_append( &md5, p->data, strlen( p->data ) );
+                secret = oauth_params_get( &p_in, "secret" );
+                if( secret )
+                        md5_append( &md5, (unsigned char*) secret, strlen( secret ) );
+                md5_finish_ascii( &md5, time );
+                oauth_params_add( &p_out, "sig", time );
+                reply = oauth_params_string( p_out );
+                oauth_params_free( &p_out );
+                oauth_params_free( &p_in );
+        }
+        else if( !( s = sasl_get_part( dec, "rspauth" ) ) )
+        {
                 /* See RFC 2831 for for information. */
 …
                 /* Now build the SASL response string: */
+                g_free( dec );
+                dec = g_strdup_printf( "username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"%s\","
+                                       "nc=%08x,qop=auth,digest-uri=\"%s\",response=%s,charset=%s",
+                                       jd->username, realm, nonce, cnonce, 1, digest_uri, Hh, "utf-8" );
+                s = tobase64( dec );
+                reply = g_strdup_printf( "username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"%s\","
+                                         "nc=%08x,qop=auth,digest-uri=\"%s\",response=%s,charset=%s",
+                                         jd->username, realm, nonce, cnonce, 1, digest_uri, Hh, "utf-8" );
+        }
         else
+        {
                 /* We found rspauth, but don't really care... */
+                g_free( s );
+                s = NULL;
+        }
+        reply = xt_new_node( "response", s, NULL );
+        xt_add_attr( reply, "xmlns", XMLNS_SASL );
+        if( !jabber_write_packet( ic, reply ) )
+        }
+        s = reply ? tobase64( reply ) : NULL;
+        reply_pkt = xt_new_node( "response", s, NULL );
+        xt_add_attr( reply_pkt, "xmlns", XMLNS_SASL );
+        if( !jabber_write_packet( ic, reply_pkt ) )
                 goto silent_error;
 …
         g_free( cnonce );
         g_free( nonce );
+        g_free( reply );
         g_free( realm );
         g_free( dec );
         g_free( s );
         xt_free_node( reply );
+        xt_free_node( reply_pkt );
         return ret;
 …
         return ( jd->xt && jd->xt->root && xt_find_attr( jd->xt->root, "version" ) ) != 0;
+}
+void sasl_oauth2_init( struct im_connection *ic )
+{
+        char *msg, *url;
+        imcb_log( ic, "Starting OAuth authentication" );
+        /* Temporary contact, just used to receive the OAuth response. */
+        imcb_add_buddy( ic, "jabber_oauth", NULL );
+        url = oauth2_url( &oauth2_service_google,
+                          "https://www.googleapis.com/auth/googletalk" );
+        msg = g_strdup_printf( "Open this URL in your browser to authenticate: %s", url );
+        imcb_buddy_msg( ic, "jabber_oauth", msg, 0, 0 );
+        imcb_buddy_msg( ic, "jabber_oauth", "Respond to this message with the returned "
+                                            "authorization token.", 0, 0 );
+        g_free( msg );
+        g_free( url );
+}
+static gboolean sasl_oauth2_remove_contact( gpointer data, gint fd, b_input_condition cond )
+{
+        struct im_connection *ic = data;
+        if( g_slist_find( jabber_connections, ic ) )
+                imcb_remove_buddy( ic, "jabber_oauth", NULL );
+        return FALSE;
+}
+static void sasl_oauth2_got_token( gpointer data, const char *access_token, const char *refresh_token );
+int sasl_oauth2_get_refresh_token( struct im_connection *ic, const char *msg )
+{
+        char *code;
+        int ret;
+        imcb_log( ic, "Requesting OAuth access token" );
+        /* Don't do it here because the caller may get confused if the contact
+           we're currently sending a message to is deleted. */
+        b_timeout_add( 1, sasl_oauth2_remove_contact, ic );
+        code = g_strdup( msg );
+        g_strstrip( code );
+        ret = oauth2_access_token( &oauth2_service_google, OAUTH2_AUTH_CODE,
+                                   code, sasl_oauth2_got_token, ic );
+        g_free( code );
+        return ret;
+}
+int sasl_oauth2_refresh( struct im_connection *ic, const char *refresh_token )
+{
+        return oauth2_access_token( &oauth2_service_google, OAUTH2_AUTH_REFRESH,
+                                    refresh_token, sasl_oauth2_got_token, ic );
+}
+static void sasl_oauth2_got_token( gpointer data, const char *access_token, const char *refresh_token )
+{
+        struct im_connection *ic = data;
+        struct jabber_data *jd;
+        if( g_slist_find( jabber_connections, ic ) == NULL )
+                return;
+        jd = ic->proto_data;
+        if( access_token == NULL )
+        {
+                imcb_error( ic, "OAuth failure (missing access token)" );
+                imc_logout( ic, TRUE );
+                return;
+        }
+        if( refresh_token != NULL )
+        {
+                g_free( ic->acc->pass );
+                ic->acc->pass = g_strdup_printf( "refresh_token=%s", refresh_token );
+        }
+        g_free( jd->oauth2_access_token );
+        jd->oauth2_access_token = g_strdup( access_token );
+        jabber_connect( ic );
+}

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changes in protocols/jabber/sasl.c [af97b23:911d97a]

Legend:

protocols/jabber/sasl.c

Download in other formats: