/*
* XMPP (Jabber) service for the Citadel system
- * Copyright (c) 2007-2010 by Art Cancro
+ * Copyright (c) 2007-2018 by Art Cancro and citadel.org
*
- * This program is free software; you can redistribute it and/or modify
+ * This program is open source software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
#include "ctdl_module.h"
#include "serv_xmpp.h"
+/* uncomment for more verbosity - it will log all received XML tags */
+#define XMPP_XML_DEBUG
+
+/* XML_StopParser is present in expat 2.x */
+#if XML_MAJOR_VERSION > 1
+#define HAVE_XML_STOPPARSER
+#endif
+
struct xmpp_event *xmpp_queue = NULL;
+
+#ifdef HAVE_XML_STOPPARSER
+/* Stop the parser if an entity declaration is hit. */
+static void xmpp_entity_declaration(void *userData, const XML_Char *entityName,
+ int is_parameter_entity, const XML_Char *value,
+ int value_length, const XML_Char *base,
+ const XML_Char *systemId, const XML_Char *publicId,
+ const XML_Char *notationName
+) {
+ syslog(LOG_WARNING, "xmpp: illegal entity declaration encountered; stopping parser.");
+ XML_StopParser(XMPP->xp, XML_FALSE);
+}
+#endif
+
+
/*
* Given a source string and a target buffer, returns the string
* properly escaped for insertion into an XML stream. Returns a
* pointer to the target buffer for convenience.
- *
- * BUG: this does not properly handle UTF-8
*/
+static inline int Ctdl_GetUtf8SequenceLength(const char *CharS, const char *CharE)
+{
+ int n = 0;
+ unsigned char test = (1<<7);
+
+ if ((*CharS & 0xC0) != 0xC0)
+ return 1;
+
+ while ((n < 8) &&
+ ((test & ((unsigned char)*CharS)) != 0))
+ {
+ test = test >> 1;
+ n ++;
+ }
+ if ((n > 6) || ((CharE - CharS) < n))
+ n = 0;
+ return n;
+}
+
+
char *xmlesc(char *buf, char *str, int bufsiz)
{
- char *ptr;
+ int IsUtf8Sequence;
+ char *ptr, *pche;
unsigned char ch;
+ int inlen;
int len = 0;
if (!buf) return(NULL);
if (!str) {
return(buf);
}
+ inlen = strlen(str);
+ pche = str + inlen;
for (ptr=str; *ptr; ptr++) {
ch = *ptr;
buf[len] = 0;
}
else {
- char oct[10];
- sprintf(oct, "&#%o;", ch);
- strcpy(&buf[len], oct);
- len += strlen(oct);
+ IsUtf8Sequence = Ctdl_GetUtf8SequenceLength(ptr, pche);
+ if (IsUtf8Sequence)
+ {
+ while ((IsUtf8Sequence > 0) &&
+ (ptr < pche))
+ {
+ buf[len] = *ptr;
+ ptr ++;
+ --IsUtf8Sequence;
+ }
+ }
+ else
+ {
+ char oct[10];
+ sprintf(oct, "&#%o;", ch);
+ strcpy(&buf[len], oct);
+ len += strlen(oct);
+ }
}
if ((len + 6) > bufsiz) {
return(buf);
/*
* TLS encryption (but only if it isn't already active)
- *
- * NOTE: if TLS doesn't handshake properly for whatever reason,
- * comment out these three lines to disable it at the server.
- */
+ */
+#ifdef HAVE_OPENSSL
if (!CC->redirect_ssl) {
cprintf("<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'></starttls>");
}
+#endif
if (!CC->logged_in) {
/* If we're not logged in yet, offer SASL as our feature set */
strcpy(el, ++sep);
}
- /*
- syslog(LOG_DEBUG, "XMPP ELEMENT START: <%s>\n", el);
+#ifdef XMPP_XML_DEBUG
+ syslog(LOG_DEBUG, "xmpp: ELEMENT START: <%s>", el);
for (i=0; attr[i] != NULL; i+=2) {
- syslog(LOG_DEBUG, " Attribute '%s' = '%s'\n", attr[i], attr[i+1]);
+ syslog(LOG_DEBUG, "xmpp: Attribute '%s' = '%s'", attr[i], attr[i+1]);
}
- uncomment for more verbosity */
+#endif
if (!strcasecmp(el, "stream")) {
xmpp_stream_start(data, supplied_el, attr);
strcpy(el, ++sep);
}
- /*
- syslog(LOG_DEBUG, "XMPP ELEMENT END : <%s>\n", el);
+#ifdef XMPP_XML_DEBUG
+ syslog(LOG_DEBUG, "xmpp: ELEMENT END : <%s>", el);
if (XMPP->chardata_len > 0) {
- syslog(LOG_DEBUG, " chardata: %s\n", XMPP->chardata);
+ syslog(LOG_DEBUG, "xmpp: chardata: %s", XMPP->chardata);
}
- uncomment for more verbosity */
+#endif
if (!strcasecmp(el, "resource")) {
if (XMPP->chardata_len > 0) {
- safestrncpy(XMPP->iq_client_resource, XMPP->chardata,
- sizeof XMPP->iq_client_resource);
+ safestrncpy(XMPP->iq_client_resource, XMPP->chardata, sizeof XMPP->iq_client_resource);
striplt(XMPP->iq_client_resource);
}
}
else if (!strcasecmp(el, "username")) { /* NON SASL ONLY */
if (XMPP->chardata_len > 0) {
- safestrncpy(XMPP->iq_client_username, XMPP->chardata,
- sizeof XMPP->iq_client_username);
+ safestrncpy(XMPP->iq_client_username, XMPP->chardata, sizeof XMPP->iq_client_username);
striplt(XMPP->iq_client_username);
}
}
else if (!strcasecmp(el, "password")) { /* NON SASL ONLY */
if (XMPP->chardata_len > 0) {
- safestrncpy(XMPP->iq_client_password, XMPP->chardata,
- sizeof XMPP->iq_client_password);
+ safestrncpy(XMPP->iq_client_password, XMPP->chardata, sizeof XMPP->iq_client_password);
striplt(XMPP->iq_client_password);
}
}
* Query on a namespace
*/
if (!IsEmptyStr(XMPP->iq_query_xmlns)) {
- xmpp_query_namespace(XMPP->iq_id, XMPP->iq_from,
- XMPP->iq_to, XMPP->iq_query_xmlns);
+ xmpp_query_namespace(XMPP->iq_id, XMPP->iq_from, XMPP->iq_to, XMPP->iq_query_xmlns);
}
/*
* Unknown query ... return the XML equivalent of a blank stare
*/
else {
- syslog(LOG_DEBUG,
- "Unknown query <%s> - returning <service-unavailable/>\n",
- el
- );
+ syslog(LOG_DEBUG, "xmpp: Unknown query <%s> - returning <service-unavailable/>", el);
cprintf("<iq type=\"error\" id=\"%s\">", xmlesc(xmlbuf, XMPP->iq_id, sizeof xmlbuf));
cprintf("<error code=\"503\" type=\"cancel\">"
"<service-unavailable xmlns=\"urn:ietf:params:xml:ns:xmpp-stanzas\"/>"
xmpp_non_sasl_authenticate(
XMPP->iq_id,
XMPP->iq_client_username,
- XMPP->iq_client_password,
- XMPP->iq_client_resource
+ XMPP->iq_client_password
);
}
else if (
(XMPP->bind_requested)
&& (!IsEmptyStr(XMPP->iq_id))
- && (!IsEmptyStr(XMPP->iq_client_resource))
&& (CC->logged_in)
- ) {
+ ) {
- /* Generate the "full JID" of the client resource */
+ /* If the client has not specified a client resource, generate one */
- snprintf(XMPP->client_jid, sizeof XMPP->client_jid,
- "%s/%s",
- CC->cs_inet_email,
- XMPP->iq_client_resource
- );
+ if (IsEmptyStr(XMPP->iq_client_resource)) {
+ snprintf(XMPP->iq_client_resource, sizeof XMPP->iq_client_resource, "%d", CC->cs_pid);
+ }
+
+ /* Generate the "full JID" of the client resource */
+ snprintf(XMPP->client_jid, sizeof XMPP->client_jid, "%s/%s", CC->cs_inet_email, XMPP->iq_client_resource);
/* Tell the client what its JID is */
else {
cprintf("<iq type=\"error\" id=\"%s\">", xmlesc(xmlbuf, XMPP->iq_id, sizeof xmlbuf));
- cprintf("<error>Don't know howto do '%s'!</error>", xmlesc(xmlbuf, XMPP->iq_type, sizeof xmlbuf));
+ cprintf("<error>Don't know how to do '%s'!</error>", xmlesc(xmlbuf, XMPP->iq_type, sizeof xmlbuf));
cprintf("</iq>");
+ syslog(LOG_DEBUG, "XMPP: don't know how to do iq_type='%s' with iq_query_xmlns='%s'", XMPP->iq_type, XMPP->iq_query_xmlns);
}
/* Now clear these fields out so they don't get used by a future stanza */
#ifdef HAVE_OPENSSL
cprintf("<proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
CtdlModuleStartCryptoMsgs(NULL, NULL, NULL);
- if (!CC->redirect_ssl) CC->kill_me = 1;
+ if (!CC->redirect_ssl) CC->kill_me = KILLME_NO_CRYPTO;
#else
cprintf("<failure xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
- CC->kill_me = 1;
+ CC->kill_me = KILLME_NO_CRYPTO;
#endif
}
}
else if (!strcasecmp(el, "stream")) {
- syslog(LOG_DEBUG, "XMPP client shut down their stream\n");
+ syslog(LOG_DEBUG, "xmpp: client shut down their stream");
xmpp_massacre_roster();
cprintf("</stream>\n");
- CC->kill_me = 1;
+ CC->kill_me = KILLME_CLIENT_LOGGED_OUT;
+ }
+
+ else if (!strcasecmp(el, "query")) {
+ /* already processed , no further action needed here */
+ }
+
+ else if (!strcasecmp(el, "bind")) {
+ /* already processed , no further action needed here */
}
else {
- syslog(LOG_DEBUG, "Ignoring unknown tag <%s>\n", el);
+ syslog(LOG_DEBUG, "xmpp: ignoring unknown tag <%s>", el);
}
XMPP->chardata_len = 0;
}
-
/*
* Here's where our XMPP session begins its happy day.
*/
XMPP->xp = XML_ParserCreateNS("UTF-8", ':');
if (XMPP->xp == NULL) {
- syslog(LOG_ALERT, "Cannot create XML parser!\n");
- CC->kill_me = 1;
+ syslog(LOG_ERR, "xmpp: cannot create XML parser");
+ CC->kill_me = KILLME_XML_PARSER;
return;
}
XML_SetCharacterDataHandler(XMPP->xp, xmpp_xml_chardata);
// XML_SetUserData(XMPP->xp, something...);
+ /* Prevent the "billion laughs" attack against expat by disabling
+ * internal entity expansion. With 2.x, forcibly stop the parser
+ * if an entity is declared - this is safer and a more obvious
+ * failure mode. With older versions, simply prevent expansion
+ * of such entities. */
+#ifdef HAVE_XML_STOPPARSER
+ XML_SetEntityDeclHandler(XMPP->xp, xmpp_entity_declaration);
+#else
+ XML_SetDefaultHandler(XMPP->xp, NULL);
+#endif
+
CC->can_receive_im = 1; /* This protocol is capable of receiving instant messages */
}
XML_Parse(XMPP->xp, ChrPtr(stream_input), rc, 0);
}
else {
- syslog(LOG_ERR, "Client disconnected: ending session.\n");
- CC->kill_me = 1;
+ syslog(LOG_ERR, "xmpp: client disconnected: ending session.");
+ CC->kill_me = KILLME_CLIENT_DISCONNECTED;
}
FreeStrBuf(&stream_input);
}
CTDL_MODULE_INIT(xmpp)
{
if (!threading) {
- CtdlRegisterServiceHook(config.c_xmpp_c2s_port,
+ CtdlRegisterServiceHook(CtdlGetConfigInt("c_xmpp_c2s_port"),
NULL,
xmpp_greeting,
xmpp_command_loop,
xmpp_async_loop,
CitadelServiceXMPP
);
- CtdlRegisterSessionHook(xmpp_cleanup_function, EVT_STOP);
- CtdlRegisterSessionHook(xmpp_login_hook, EVT_LOGIN);
- CtdlRegisterSessionHook(xmpp_logout_hook, EVT_LOGOUT);
- CtdlRegisterSessionHook(xmpp_login_hook, EVT_UNSTEALTH);
- CtdlRegisterSessionHook(xmpp_logout_hook, EVT_STEALTH);
+ CtdlRegisterSessionHook(xmpp_cleanup_function, EVT_STOP, PRIO_STOP + 70);
+ CtdlRegisterSessionHook(xmpp_login_hook, EVT_LOGIN, PRIO_LOGIN + 90);
+ CtdlRegisterSessionHook(xmpp_logout_hook, EVT_LOGOUT, PRIO_LOGOUT + 90);
+ CtdlRegisterSessionHook(xmpp_login_hook, EVT_UNSTEALTH, PRIO_UNSTEALTH + 1);
+ CtdlRegisterSessionHook(xmpp_logout_hook, EVT_STEALTH, PRIO_STEALTH + 1);
CtdlRegisterCleanupHook(xmpp_cleanup_events);
}
- /* return our Subversion id for the Log */
+ /* return our module name for the log */
return "xmpp";
}
projects / citadel.git / blobdiff