X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fmodules%2Fxmpp%2Fserv_xmpp.c;h=7986cb573fdb254de00bac8f1684f79cff2896e6;hb=e7c125bafc3bd24fd9cfb18c39b29abd19c7478f;hp=977b6dea4c68a8b8453dde178f2a5176c41c0d46;hpb=0eea6dcc234e0f524bbf2a1d909455d41ed02314;p=citadel.git diff --git a/citadel/modules/xmpp/serv_xmpp.c b/citadel/modules/xmpp/serv_xmpp.c index 977b6dea4..7986cb573 100644 --- a/citadel/modules/xmpp/serv_xmpp.c +++ b/citadel/modules/xmpp/serv_xmpp.c @@ -1,10 +1,8 @@ /* - * $Id$ - * * XMPP (Jabber) service for the Citadel system - * Copyright (c) 2007-2010 by Art Cancro + * Copyright (c) 2007-2011 by Art Cancro * - * This program is free software; you can redistribute it and/or modify + * This program is open source software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. @@ -59,12 +57,136 @@ #include "ctdl_module.h" #include "serv_xmpp.h" +/* XML_StopParser is present in expat 2.x */ +#if XML_MAJOR_VERSION > 1 +#define HAVE_XML_STOPPARSER +#endif + struct xmpp_event *xmpp_queue = NULL; -/* We have just received a tag from the client, so send them ours */ +int XMPPSrvDebugEnable = 0; + + +#ifdef HAVE_XML_STOPPARSER +/* Stop the parser if an entity declaration is hit. */ +static void xmpp_entity_declaration(void *userData, const XML_Char *entityName, + int is_parameter_entity, const XML_Char *value, + int value_length, const XML_Char *base, + const XML_Char *systemId, const XML_Char *publicId, + const XML_Char *notationName +) { + XMPPM_syslog(LOG_WARNING, "Illegal entity declaration encountered; stopping parser."); + XML_StopParser(XMPP->xp, XML_FALSE); +} +#endif + +static inline int XMPP_GetUtf8SequenceLength(const char *CharS, const char *CharE) +{ + /* if this is is migrated to strbuf, remove this copy. */ + int n = 0; + unsigned char test = (1<<7); + + if ((*CharS & 0xC0) != 0xC0) + return 1; + + while ((n < 8) && + ((test & ((unsigned char)*CharS)) != 0)) + { + test = test >> 1; + n ++; + } + if ((n > 6) || ((CharE - CharS) < n)) + n = 0; + return n; +} + + +/* + * Given a source string and a target buffer, returns the string + * properly escaped for insertion into an XML stream. Returns a + * pointer to the target buffer for convenience. + * + * BUG: this does not properly handle UTF-8 + */ +char *xmlesc(char *buf, char *str, int bufsiz) +{ + char *ptr; + char *eiptr; + unsigned char ch; + int inlen; + int len = 0; + int IsUtf8Sequence; + + if (!buf) return(NULL); + buf[0] = 0; + len = 0; + if (!str) { + return(buf); + } + + inlen = strlen(str); + eiptr = str + inlen; + + for (ptr=str; *ptr; ptr++) { + ch = *ptr; + if (ch == '<') { + strcpy(&buf[len], "<"); + len += 4; + } + else if (ch == '>') { + strcpy(&buf[len], ">"); + len += 4; + } + else if (ch == '&') { + strcpy(&buf[len], "&"); + len += 5; + } + else if ((ch >= 0x20) && (ch <= 0x7F)) { + buf[len++] = ch; + buf[len] = 0; + } + else if (ch < 0x20) { + /* we probably shouldn't be doing this */ + buf[len++] = '_'; + buf[len] = 0; + } + else { + char oct[32]; + + IsUtf8Sequence = XMPP_GetUtf8SequenceLength(&buf[len], eiptr); + if (IsUtf8Sequence) + { + while (IsUtf8Sequence > 0){ + buf[len] = *ptr; + len ++; + if (--IsUtf8Sequence) + ptr++; + } + buf[len] = '\0'; + } + else + { + sprintf(oct, "&#%o;", ch); + strcpy(&buf[len], oct); + len += strlen(oct); + } + } + if ((len + 6) > bufsiz) { + return(buf); + } + } + return(buf); +} + + +/* + * We have just received a tag from the client, so send them ours + */ void xmpp_stream_start(void *data, const char *supplied_el, const char **attr) { + char xmlbuf[256]; + while (*attr) { if (!strcasecmp(attr[0], "to")) { safestrncpy(XMPP->server_name, attr[1], sizeof XMPP->server_name); @@ -75,7 +197,7 @@ void xmpp_stream_start(void *data, const char *supplied_el, const char **attr) cprintf(""); cprintf("server_name); + cprintf("from=\"%s\" ", xmlesc(xmlbuf, XMPP->server_name, sizeof xmlbuf)); cprintf("id=\"%08x\" ", CC->cs_pid); cprintf("version=\"1.0\" "); cprintf("xmlns:stream=\"http://etherx.jabber.org/streams\" "); @@ -84,13 +206,15 @@ void xmpp_stream_start(void *data, const char *supplied_el, const char **attr) /* The features of this stream are... */ cprintf(""); -#ifdef HAVE_OPENSSL_XXXX_COMMENTED_OUT - /* TLS encryption (but only if it isn't already active) */ + /* + * TLS encryption (but only if it isn't already active) + * / +#ifdef HAVE_OPENSSL if (!CC->redirect_ssl) { cprintf(""); } #endif - + */ if (!CC->logged_in) { /* If we're not logged in yet, offer SASL as our feature set */ xmpp_output_auth_mechs(); @@ -121,9 +245,9 @@ void xmpp_xml_start(void *data, const char *supplied_el, const char **attr) { } /* - CtdlLogPrintf(CTDL_DEBUG, "XMPP ELEMENT START: <%s>\n", el); + XMPP_syslog(LOG_DEBUG, "XMPP ELEMENT START: <%s>\n", el); for (i=0; attr[i] != NULL; i+=2) { - CtdlLogPrintf(CTDL_DEBUG, " Attribute '%s' = '%s'\n", attr[i], attr[i+1]); + XMPP_syslog(LOG_DEBUG, " Attribute '%s' = '%s'\n", attr[i], attr[i+1]); } uncomment for more verbosity */ @@ -184,6 +308,7 @@ void xmpp_xml_start(void *data, const char *supplied_el, const char **attr) { void xmpp_xml_end(void *data, const char *supplied_el) { char el[256]; char *sep = NULL; + char xmlbuf[256]; /* Axe the namespace, we don't care about it */ safestrncpy(el, supplied_el, sizeof el); @@ -192,9 +317,9 @@ void xmpp_xml_end(void *data, const char *supplied_el) { } /* - CtdlLogPrintf(CTDL_DEBUG, "XMPP ELEMENT END : <%s>\n", el); + XMPP_syslog(LOG_DEBUG, "XMPP ELEMENT END : <%s>\n", el); if (XMPP->chardata_len > 0) { - CtdlLogPrintf(CTDL_DEBUG, " chardata: %s\n", XMPP->chardata); + XMPP_syslog(LOG_DEBUG, " chardata: %s\n", XMPP->chardata); } uncomment for more verbosity */ @@ -243,23 +368,23 @@ void xmpp_xml_end(void *data, const char *supplied_el) { else if (XMPP->ping_requested) { cprintf("iq_from)) { - cprintf("to=\"%s\" ", XMPP->iq_from); + cprintf("to=\"%s\" ", xmlesc(xmlbuf, XMPP->iq_from, sizeof xmlbuf)); } if (!IsEmptyStr(XMPP->iq_to)) { - cprintf("from=\"%s\" ", XMPP->iq_to); + cprintf("from=\"%s\" ", xmlesc(xmlbuf, XMPP->iq_to, sizeof xmlbuf)); } - cprintf("id=\"%s\"/>", XMPP->iq_id); + cprintf("id=\"%s\"/>", xmlesc(xmlbuf, XMPP->iq_id, sizeof xmlbuf)); } /* * Unknown query ... return the XML equivalent of a blank stare */ else { - CtdlLogPrintf(CTDL_DEBUG, - "Unknown query <%s> - returning \n", - el + XMPP_syslog(LOG_DEBUG, + "Unknown query <%s> - returning \n", + el ); - cprintf("", XMPP->iq_id); + cprintf("", xmlesc(xmlbuf, XMPP->iq_id, sizeof xmlbuf)); cprintf("" "" "" @@ -304,21 +429,21 @@ void xmpp_xml_end(void *data, const char *supplied_el) { /* Tell the client what its JID is */ - cprintf("", XMPP->iq_id); + cprintf("", xmlesc(xmlbuf, XMPP->iq_id, sizeof xmlbuf)); cprintf(""); - cprintf("%s", XMPP->client_jid); + cprintf("%s", xmlesc(xmlbuf, XMPP->client_jid, sizeof xmlbuf)); cprintf(""); cprintf(""); } else if (XMPP->iq_session) { - cprintf("", XMPP->iq_id); + cprintf("", xmlesc(xmlbuf, XMPP->iq_id, sizeof xmlbuf)); cprintf(""); } else { - cprintf("", XMPP->iq_id); - cprintf(""); + cprintf("", xmlesc(xmlbuf, XMPP->iq_id, sizeof xmlbuf)); + cprintf("Don't know howto do '%s'!", xmlesc(xmlbuf, XMPP->iq_type, sizeof xmlbuf)); cprintf(""); } @@ -378,10 +503,10 @@ void xmpp_xml_end(void *data, const char *supplied_el) { #ifdef HAVE_OPENSSL cprintf(""); CtdlModuleStartCryptoMsgs(NULL, NULL, NULL); - if (!CC->redirect_ssl) CC->kill_me = 1; + if (!CC->redirect_ssl) CC->kill_me = KILLME_NO_CRYPTO; #else cprintf(""); - CC->kill_me = 1; + CC->kill_me = KILLME_NO_CRYPTO; #endif } @@ -390,14 +515,14 @@ void xmpp_xml_end(void *data, const char *supplied_el) { } else if (!strcasecmp(el, "stream")) { - CtdlLogPrintf(CTDL_DEBUG, "XMPP client shut down their stream\n"); - /* xmpp_massacre_roster(); FIXME put this back in when it's finished */ + XMPPM_syslog(LOG_DEBUG, "XMPP client shut down their stream\n"); + xmpp_massacre_roster(); cprintf("\n"); - CC->kill_me = 1; + CC->kill_me = KILLME_CLIENT_LOGGED_OUT; } else { - CtdlLogPrintf(CTDL_DEBUG, "Ignoring unknown tag <%s>\n", el); + XMPP_syslog(LOG_DEBUG, "Ignoring unknown tag <%s>\n", el); } XMPP->chardata_len = 0; @@ -409,7 +534,7 @@ void xmpp_xml_end(void *data, const char *supplied_el) { void xmpp_xml_chardata(void *data, const XML_Char *s, int len) { - struct citxmpp *X = XMPP; + citxmpp *X = XMPP; if (X->chardata_alloc == 0) { X->chardata_alloc = SIZ; @@ -452,17 +577,18 @@ void xmpp_cleanup_function(void) { * Here's where our XMPP session begins its happy day. */ void xmpp_greeting(void) { + client_set_inbound_buf(4); strcpy(CC->cs_clientname, "XMPP session"); - CC->session_specific_data = malloc(sizeof(struct citxmpp)); - memset(XMPP, 0, sizeof(struct citxmpp)); + CC->session_specific_data = malloc(sizeof(citxmpp)); + memset(XMPP, 0, sizeof(citxmpp)); XMPP->last_event_processed = queue_event_seq; /* XMPP does not use a greeting, but we still have to initialize some things. */ XMPP->xp = XML_ParserCreateNS("UTF-8", ':'); if (XMPP->xp == NULL) { - CtdlLogPrintf(CTDL_ALERT, "Cannot create XML parser!\n"); - CC->kill_me = 1; + XMPPM_syslog(LOG_ALERT, "Cannot create XML parser!\n"); + CC->kill_me = KILLME_XML_PARSER; return; } @@ -470,6 +596,17 @@ void xmpp_greeting(void) { XML_SetCharacterDataHandler(XMPP->xp, xmpp_xml_chardata); // XML_SetUserData(XMPP->xp, something...); + /* Prevent the "billion laughs" attack against expat by disabling + * internal entity expansion. With 2.x, forcibly stop the parser + * if an entity is declared - this is safer and a more obvious + * failure mode. With older versions, simply prevent expansion + * of such entities. */ +#ifdef HAVE_XML_STOPPARSER + XML_SetEntityDeclHandler(XMPP->xp, xmpp_entity_declaration); +#else + XML_SetDefaultHandler(XMPP->xp, NULL); +#endif + CC->can_receive_im = 1; /* This protocol is capable of receiving instant messages */ } @@ -478,21 +615,19 @@ void xmpp_greeting(void) { * Main command loop for XMPP sessions. */ void xmpp_command_loop(void) { - char cmdbuf[16]; - int retval; + int rc; + StrBuf *stream_input = NewStrBuf(); time(&CC->lastcmd); - memset(cmdbuf, 0, sizeof cmdbuf); /* Clear it, just in case */ - retval = client_read(cmdbuf, 1); - if (retval != 1) { - CtdlLogPrintf(CTDL_ERR, "Client disconnected: ending session.\r\n"); - CC->kill_me = 1; - return; + rc = client_read_random_blob(stream_input, 30); + if (rc > 0) { + XML_Parse(XMPP->xp, ChrPtr(stream_input), rc, 0); } - - /* FIXME ... this is woefully inefficient. */ - - XML_Parse(XMPP->xp, cmdbuf, 1, 0); + else { + XMPPM_syslog(LOG_ERR, "client disconnected: ending session.\n"); + CC->kill_me = KILLME_CLIENT_DISCONNECTED; + } + FreeStrBuf(&stream_input); } @@ -521,8 +656,12 @@ void xmpp_logout_hook(void) { } +void LogXMPPSrvDebugEnable(const int n) +{ + XMPPSrvDebugEnable = n; +} const char *CitadelServiceXMPP="XMPP"; - +extern void xmpp_cleanup_events(void); CTDL_MODULE_INIT(xmpp) { if (!threading) { @@ -531,14 +670,18 @@ CTDL_MODULE_INIT(xmpp) xmpp_greeting, xmpp_command_loop, xmpp_async_loop, - CitadelServiceXMPP); - CtdlRegisterSessionHook(xmpp_cleanup_function, EVT_STOP); - CtdlRegisterSessionHook(xmpp_login_hook, EVT_LOGIN); - CtdlRegisterSessionHook(xmpp_logout_hook, EVT_LOGOUT); - CtdlRegisterSessionHook(xmpp_login_hook, EVT_UNSTEALTH); - CtdlRegisterSessionHook(xmpp_logout_hook, EVT_STEALTH); + CitadelServiceXMPP + ); + CtdlRegisterDebugFlagHook(HKEY("serv_xmpp"), LogXMPPSrvDebugEnable, &XMPPSrvDebugEnable); + CtdlRegisterSessionHook(xmpp_cleanup_function, EVT_STOP, PRIO_STOP + 70); + CtdlRegisterSessionHook(xmpp_login_hook, EVT_LOGIN, PRIO_LOGIN + 90); + CtdlRegisterSessionHook(xmpp_logout_hook, EVT_LOGOUT, PRIO_LOGOUT + 90); + CtdlRegisterSessionHook(xmpp_login_hook, EVT_UNSTEALTH, PRIO_UNSTEALTH + 1); + CtdlRegisterSessionHook(xmpp_logout_hook, EVT_STEALTH, PRIO_STEALTH + 1); + CtdlRegisterCleanupHook(xmpp_cleanup_events); + } - /* return our Subversion id for the Log */ - return "$Id$"; + /* return our module name for the log */ + return "xmpp"; }