X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fmodules%2Fxmpp%2Fserv_xmpp.c;h=e23ede887bd2bddf2190356afa4d37c41f584d0a;hb=af679dc8a1dc74b7e4b204ccc1b6e187299ab896;hp=01d1301556576c4844686ecefd508280e4f43620;hpb=cc00637cea7e19beee2a3ad1c8f0baf3f233d789;p=citadel.git

diff --git a/citadel/modules/xmpp/serv_xmpp.c b/citadel/modules/xmpp/serv_xmpp.c
index 01d130155..e23ede887 100644
--- a/citadel/modules/xmpp/serv_xmpp.c
+++ b/citadel/modules/xmpp/serv_xmpp.c
@@ -1,8 +1,8 @@
 /*
  * XMPP (Jabber) service for the Citadel system
- * Copyright (c) 2007-2010 by Art Cancro
+ * Copyright (c) 2007-2015 by Art Cancro and citadel.org
  *
- * This program is free software; you can redistribute it and/or modify
+ * This program is open source software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 3 of the License, or
  * (at your option) any later version.
@@ -57,8 +57,32 @@
 #include "ctdl_module.h"
 #include "serv_xmpp.h"
 
+/* XML_StopParser is present in expat 2.x */
+#if XML_MAJOR_VERSION > 1
+#define HAVE_XML_STOPPARSER
+#endif
+
 struct xmpp_event *xmpp_queue = NULL;
 
+int XMPPSrvDebugEnable = 0;
+
+
+
+#ifdef HAVE_XML_STOPPARSER
+/* Stop the parser if an entity declaration is hit. */
+static void xmpp_entity_declaration(void *userData, const XML_Char *entityName,
+				int is_parameter_entity, const XML_Char *value,
+				int value_length, const XML_Char *base,
+				const XML_Char *systemId, const XML_Char *publicId,
+				const XML_Char *notationName
+) {
+	XMPPM_syslog(LOG_WARNING, "Illegal entity declaration encountered; stopping parser.");
+	XML_StopParser(XMPP->xp, XML_FALSE);
+}
+#endif
+
+
+
 /*
  * Given a source string and a target buffer, returns the string
  * properly escaped for insertion into an XML stream.  Returns a
@@ -144,13 +168,12 @@ void xmpp_stream_start(void *data, const char *supplied_el, const char **attr)
 
 	/*
 	 * TLS encryption (but only if it isn't already active)
-	 * 
-	 * NOTE: if TLS doesn't handshake properly for whatever reason,
-	 * comment out these three lines to disable it at the server.
-	 */
+	 */ 
+#ifdef HAVE_OPENSSL
 	if (!CC->redirect_ssl) {
 		cprintf("<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'></starttls>");
 	}
+#endif
 
 	if (!CC->logged_in) {
 		/* If we're not logged in yet, offer SASL as our feature set */
@@ -182,9 +205,9 @@ void xmpp_xml_start(void *data, const char *supplied_el, const char **attr) {
 	}
 
 	/*
-	syslog(LOG_DEBUG, "XMPP ELEMENT START: <%s>\n", el);
+	XMPP_syslog(LOG_DEBUG, "XMPP ELEMENT START: <%s>\n", el);
 	for (i=0; attr[i] != NULL; i+=2) {
-		syslog(LOG_DEBUG, "                    Attribute '%s' = '%s'\n", attr[i], attr[i+1]);
+		XMPP_syslog(LOG_DEBUG, "                    Attribute '%s' = '%s'\n", attr[i], attr[i+1]);
 	}
 	uncomment for more verbosity */
 
@@ -254,9 +277,9 @@ void xmpp_xml_end(void *data, const char *supplied_el) {
 	}
 
 	/*
-	syslog(LOG_DEBUG, "XMPP ELEMENT END  : <%s>\n", el);
+	XMPP_syslog(LOG_DEBUG, "XMPP ELEMENT END  : <%s>\n", el);
 	if (XMPP->chardata_len > 0) {
-		syslog(LOG_DEBUG, "          chardata: %s\n", XMPP->chardata);
+		XMPP_syslog(LOG_DEBUG, "          chardata: %s\n", XMPP->chardata);
 	}
 	uncomment for more verbosity */
 
@@ -317,9 +340,9 @@ void xmpp_xml_end(void *data, const char *supplied_el) {
 			 * Unknown query ... return the XML equivalent of a blank stare
 			 */
 			else {
-				syslog(LOG_DEBUG,
-					"Unknown query <%s> - returning <service-unavailable/>\n",
-					el
+				XMPP_syslog(LOG_DEBUG,
+					    "Unknown query <%s> - returning <service-unavailable/>\n",
+					    el
 				);
 				cprintf("<iq type=\"error\" id=\"%s\">", xmlesc(xmlbuf, XMPP->iq_id, sizeof xmlbuf));
 				cprintf("<error code=\"503\" type=\"cancel\">"
@@ -440,10 +463,10 @@ void xmpp_xml_end(void *data, const char *supplied_el) {
 #ifdef HAVE_OPENSSL
 		cprintf("<proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
 		CtdlModuleStartCryptoMsgs(NULL, NULL, NULL);
-		if (!CC->redirect_ssl) CC->kill_me = 1;
+		if (!CC->redirect_ssl) CC->kill_me = KILLME_NO_CRYPTO;
 #else
 		cprintf("<failure xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
-		CC->kill_me = 1;
+		CC->kill_me = KILLME_NO_CRYPTO;
 #endif
 	}
 
@@ -452,14 +475,22 @@ void xmpp_xml_end(void *data, const char *supplied_el) {
 	}
 
 	else if (!strcasecmp(el, "stream")) {
-		syslog(LOG_DEBUG, "XMPP client shut down their stream\n");
+		XMPPM_syslog(LOG_DEBUG, "XMPP client shut down their stream\n");
 		xmpp_massacre_roster();
 		cprintf("</stream>\n");
-		CC->kill_me = 1;
+		CC->kill_me = KILLME_CLIENT_LOGGED_OUT;
+	}
+
+	else if (!strcasecmp(el, "query")) {
+		/* already processed , no further action needed here */
+	}
+
+	else if (!strcasecmp(el, "bind")) {
+		/* already processed , no further action needed here */
 	}
 
 	else {
-		syslog(LOG_DEBUG, "Ignoring unknown tag <%s>\n", el);
+		XMPP_syslog(LOG_DEBUG, "Ignoring unknown tag <%s>\n", el);
 	}
 
 	XMPP->chardata_len = 0;
@@ -524,8 +555,8 @@ void xmpp_greeting(void) {
 
 	XMPP->xp = XML_ParserCreateNS("UTF-8", ':');
 	if (XMPP->xp == NULL) {
-		syslog(LOG_ALERT, "Cannot create XML parser!\n");
-		CC->kill_me = 1;
+		XMPPM_syslog(LOG_ALERT, "Cannot create XML parser!\n");
+		CC->kill_me = KILLME_XML_PARSER;
 		return;
 	}
 
@@ -533,6 +564,17 @@ void xmpp_greeting(void) {
 	XML_SetCharacterDataHandler(XMPP->xp, xmpp_xml_chardata);
 	// XML_SetUserData(XMPP->xp, something...);
 
+	/* Prevent the "billion laughs" attack against expat by disabling
+	 * internal entity expansion.  With 2.x, forcibly stop the parser
+	 * if an entity is declared - this is safer and a more obvious
+	 * failure mode.  With older versions, simply prevent expansion
+	 * of such entities. */
+#ifdef HAVE_XML_STOPPARSER
+	XML_SetEntityDeclHandler(XMPP->xp, xmpp_entity_declaration);
+#else
+	XML_SetDefaultHandler(XMPP->xp, NULL);
+#endif
+
 	CC->can_receive_im = 1;		/* This protocol is capable of receiving instant messages */
 }
 
@@ -550,8 +592,8 @@ void xmpp_command_loop(void) {
 		XML_Parse(XMPP->xp, ChrPtr(stream_input), rc, 0);
 	}
 	else {
-		syslog(LOG_ERR, "Client disconnected: ending session.\n");
-		CC->kill_me = 1;
+		XMPPM_syslog(LOG_ERR, "client disconnected: ending session.\n");
+		CC->kill_me = KILLME_CLIENT_DISCONNECTED;
 	}
 	FreeStrBuf(&stream_input);
 }
@@ -582,6 +624,10 @@ void xmpp_logout_hook(void) {
 }
 
 
+void LogXMPPSrvDebugEnable(const int n)
+{
+	XMPPSrvDebugEnable = n;
+}
 const char *CitadelServiceXMPP="XMPP";
 extern void xmpp_cleanup_events(void);
 CTDL_MODULE_INIT(xmpp)
@@ -594,15 +640,16 @@ CTDL_MODULE_INIT(xmpp)
 					xmpp_async_loop,
 					CitadelServiceXMPP
 		);
-		CtdlRegisterSessionHook(xmpp_cleanup_function, EVT_STOP);
-                CtdlRegisterSessionHook(xmpp_login_hook, EVT_LOGIN);
-                CtdlRegisterSessionHook(xmpp_logout_hook, EVT_LOGOUT);
-                CtdlRegisterSessionHook(xmpp_login_hook, EVT_UNSTEALTH);
-                CtdlRegisterSessionHook(xmpp_logout_hook, EVT_STEALTH);
+		CtdlRegisterDebugFlagHook(HKEY("serv_xmpp"), LogXMPPSrvDebugEnable, &XMPPSrvDebugEnable);
+		CtdlRegisterSessionHook(xmpp_cleanup_function, EVT_STOP, PRIO_STOP + 70);
+                CtdlRegisterSessionHook(xmpp_login_hook, EVT_LOGIN, PRIO_LOGIN + 90);
+                CtdlRegisterSessionHook(xmpp_logout_hook, EVT_LOGOUT, PRIO_LOGOUT + 90);
+                CtdlRegisterSessionHook(xmpp_login_hook, EVT_UNSTEALTH, PRIO_UNSTEALTH + 1);
+                CtdlRegisterSessionHook(xmpp_logout_hook, EVT_STEALTH, PRIO_STEALTH + 1);
 		CtdlRegisterCleanupHook(xmpp_cleanup_events);
 
 	}
 
-	/* return our Subversion id for the Log */
+	/* return our module name for the log */
 	return "xmpp";
 }