static xt_status jabber_do_iq_auth( struct im_connection *ic, struct xt_node *node, struct xt_node *orig )
{
struct jabber_data *jd = ic->proto_data;
struct xt_node *reply, *query;
xt_status st;
char *s;
if( !( query = xt_find_node( node->children, "query" ) ) )
{
imcb_log( ic, "Warning: Received incomplete IQ packet while authenticating" );
imc_logout( ic, FALSE );
return XT_HANDLED;
}
/* Time to authenticate ourselves! */
reply = xt_new_node( "query", NULL, NULL );
xt_add_attr( reply, "xmlns", XMLNS_AUTH );
xt_add_child( reply, xt_new_node( "username", jd->username, NULL ) );
xt_add_child( reply, xt_new_node( "resource", set_getstr( &ic->acc->set, "resource" ), NULL ) );
if( xt_find_node( query->children, "digest" ) && ( s = xt_find_attr( jd->xt->root, "id" ) ) )
{
/* We can do digest authentication, it seems, and of
course we prefer that. */
sha1_state_t sha;
char hash_hex[41];
unsigned char hash[20];
int i;
sha1_init( &sha );
sha1_append( &sha, (unsigned char*) s, strlen( s ) );
sha1_append( &sha, (unsigned char*) ic->acc->pass, strlen( ic->acc->pass ) );
sha1_finish( &sha, hash );
for( i = 0; i < 20; i ++ )
sprintf( hash_hex + i * 2, "%02x", hash[i] );
xt_add_child( reply, xt_new_node( "digest", hash_hex, NULL ) );
}
else if( xt_find_node( query->children, "password" ) )
{
/* We'll have to stick with plaintext. Let's hope we're using SSL/TLS... */
xt_add_child( reply, xt_new_node( "password", ic->acc->pass, NULL ) );
}
else
{
xt_free_node( reply );
imcb_error( ic, "Can't find suitable authentication method" );
imc_logout( ic, FALSE );
return XT_ABORT;
}
reply = jabber_make_packet( "iq", "set", NULL, reply );
jabber_cache_add( ic, reply, jabber_finish_iq_auth );
st = jabber_write_packet( ic, reply );
return st ? XT_HANDLED : XT_ABORT;
}
static gboolean msn_ns_connected( gpointer data, gint source, b_input_condition cond )
{
struct msn_handler_data *handler = data;
struct im_connection *ic = handler->data;
struct msn_data *md;
if( !g_slist_find( msn_connections, ic ) )
return FALSE;
md = ic->proto_data;
if( source == -1 )
{
imcb_error( ic, "Could not connect to server" );
imc_logout( ic, TRUE );
return FALSE;
}
g_free( handler->rxq );
handler->rxlen = 0;
handler->rxq = g_new0( char, 1 );
if( md->uuid == NULL )
{
struct utsname name;
sha1_state_t sha[1];
/* UUID == SHA1("BitlBee" + my hostname + MSN username) */
sha1_init( sha );
sha1_append( sha, (void*) "BitlBee", 7 );
if( uname( &name ) == 0 )
{
sha1_append( sha, (void*) name.nodename, strlen( name.nodename ) );
}
sha1_append( sha, (void*) ic->acc->user, strlen( ic->acc->user ) );
md->uuid = sha1_random_uuid( sha );
memcpy( md->uuid, "b171be3e", 8 ); /* :-P */
}
if( msn_ns_write( ic, source, "VER %d %s CVR0\r\n", ++md->trId, MSNP_VER ) )
{
handler->inpa = b_input_add( handler->fd, B_EV_IO_READ, msn_ns_callback, handler );
imcb_log( ic, "Connected to server, waiting for reply" );
}
return FALSE;
}
gchar *
fb_util_rand_uuid(void)
{
guint8 buf[50];
sha1_state_t sha;
sha1_init(&sha);
random_bytes(buf, sizeof buf);
sha1_append(&sha, buf, sizeof buf);
return sha1_random_uuid(&sha);
}
// Set the password (see http://dev.mysql.com/doc/internals/en/secure-password-authentication.html):
static char *_password(char result[SHA1_DIGEST_SIZE], const char *password, const char *salt) {
sha1_context_t ctx;
// SHA1(password)
uint8_t stage1[SHA1_DIGEST_SIZE];
sha1_init(&ctx);
sha1_append(&ctx, (const unsigned char *)password, strlen(password));
sha1_finish(&ctx, stage1);
// SHA1(SHA1(password))
uint8_t stage2[SHA1_DIGEST_SIZE];
sha1_init(&ctx);
sha1_append(&ctx, (const unsigned char *)stage1, SHA1_DIGEST_SIZE);
sha1_finish(&ctx, stage2);
// SHA1("20-bytes random data from server" <concat> SHA1(SHA1(password)))
uint8_t stage3[SHA1_DIGEST_SIZE];
sha1_init(&ctx);
sha1_append(&ctx, (const unsigned char *)salt, strlen(salt));
sha1_append(&ctx, (const unsigned char *)stage2, SHA1_DIGEST_SIZE);
sha1_finish(&ctx, stage3);
// XOR
for (int i = 0; i < SHA1_DIGEST_SIZE; i++)
result[i] = stage1[i] ^ stage3[i];
return result;
}
struct groupchat *jabber_chat_with(struct im_connection *ic, char *who)
{
struct jabber_data *jd = ic->proto_data;
struct jabber_chat *jc;
struct groupchat *c;
sha1_state_t sum;
double now = gettime();
char *uuid, *rjid, *cserv;
sha1_init(&sum);
sha1_append(&sum, (uint8_t *) ic->acc->user, strlen(ic->acc->user));
sha1_append(&sum, (uint8_t *) &now, sizeof(now));
sha1_append(&sum, (uint8_t *) who, strlen(who));
uuid = sha1_random_uuid(&sum);
if (jd->flags & JFLAG_GTALK) {
cserv = g_strdup("groupchat.google.com");
} else {
/* Guess... */
cserv = g_strdup_printf("conference.%s", jd->server);
}
rjid = g_strdup_printf("private-chat-%s@%s", uuid, cserv);
g_free(uuid);
g_free(cserv);
c = jabber_chat_join(ic, rjid, jd->username, NULL);
g_free(rjid);
if (c == NULL) {
return NULL;
}
jc = c->data;
jc->invite = g_strdup(who);
return c;
}
Exec_stat MCSHA1Digest::eval(MCExecPoint &ep)
{
if (source->eval(ep) != ES_NORMAL)
{
MCeerror->add(EE_SHA1DIGEST_BADSOURCE, line, pos);
return ES_ERROR;
}
sha1_state_t state;
uint8_t digest[20];
sha1_init(&state);
sha1_append(&state, ep.getsvalue().getstring(), ep.getsvalue().getlength());
sha1_finish(&state, digest);
ep.copysvalue((char *)digest, 20);
return ES_NORMAL;
}
static int check_request_checksum(Socket_T socket, int content_length, char *checksum, int hashtype) {
int n, keylength = 0;
MD_T result, hash;
md5_context_t ctx_md5;
sha1_context_t ctx_sha1;
char buf[READ_SIZE];
if (content_length <= 0) {
DEBUG("HTTP warning: Response does not contain a valid Content-Length -- cannot compute checksum\n");
return TRUE;
}
switch (hashtype) {
case HASH_MD5:
md5_init(&ctx_md5);
while (content_length > 0) {
if ((n = socket_read(socket, buf, content_length > sizeof(buf) ? sizeof(buf) : content_length)) < 0)
break;
md5_append(&ctx_md5, (const md5_byte_t *)buf, n);
content_length -= n;
}
md5_finish(&ctx_md5, (md5_byte_t *)hash);
keylength = 16; /* Raw key bytes not string chars! */
break;
case HASH_SHA1:
sha1_init(&ctx_sha1);
while (content_length > 0) {
if ((n = socket_read(socket, buf, content_length > sizeof(buf) ? sizeof(buf) : content_length)) < 0)
break;
sha1_append(&ctx_sha1, (md5_byte_t *)buf, n);
content_length -= n;
}
sha1_finish(&ctx_sha1, (md5_byte_t *)hash);
keylength = 20; /* Raw key bytes not string chars! */
break;
default:
socket_setError(socket, "HTTP checksum error: Unknown hash type\n");
return FALSE;
}
if (strncasecmp(Util_digest2Bytes((unsigned char *)hash, keylength, result), checksum, keylength * 2) != 0) {
socket_setError(socket, "HTTP checksum error: Document checksum mismatch\n");
return FALSE;
} else {
DEBUG("HTTP: Succeeded testing document checksum\n");
}
return TRUE;
}
/**
* @brief Create content hash key for a byte array
*
* Create a content hash key for the given buffer and size.
*
* @param key pointer to the receiving chkey_t
* @param buff byte array of data to hash
* @param size size of byte array to has
*
* @result zero on success
*/
int key_chk(chkey_t *key, const void *buff, size_t size)
{
key_state_t ks;
FUN("key_chk");
sha1_init(&ks.ss);
sha1_append(&ks.ss, buff, size);
sha1_finish(&ks.ss, &key->sha1);
key->log2size = log2size(size);
key->type[0] = MSB(K_CHK);
key->type[1] = LSB(K_CHK);
ek5_init(&ks.es);
ek5_append(&ks.es, buff, size);
ek5_finish(&ks.es, &key->ek5);
key->padding = 0;
return 0;
}
/**
* @brief Create the public SSK for a private SSK
*
* Create a public key from a private key,
* simply by hashing the hex string of the SHA1 digest.
*
* @param key pointer to a key to receive the public SSK
* @param ssk pointer to a key containing a private SSK
*
* @result zero on success
*/
int key_ssk_pub_from_priv(chkey_t *key, const chkey_t *ssk)
{
char hex[SHA1SIZE*2+1];
sha1_state_t sha1;
size_t size;
FUN("key_ssk_pub_from_priv");
size = pm_snprintf(hex, sizeof(hex), "%s",
sha1_hexstr(&ssk->sha1));
sha1_init(&sha1);
sha1_append(&sha1, hex, size);
sha1_finish(&sha1, &key->sha1);
key->type[0] = MSB(K_SSK_P);
key->type[1] = LSB(K_SSK_P);
key->log2size = log2size(size);
memset(&key->ek5, 0, sizeof(key->ek5));
return 0;
}
sess_t sess_start(sm_t sm, jid_t jid) {
pool_t p;
user_t user;
sess_t sess, scan;
sha1_state_t sha1;
unsigned char hash[20];
int replaced = 0;
log_debug(ZONE, "session requested for %s", jid_full(jid));
/* check whether it is to serviced domain */
if(xhash_get(sm->hosts, jid->domain) == NULL) {
log_write(sm->log, LOG_ERR, "request to start session in non-serviced domain: jid=%s", jid_full(jid));
return NULL;
}
/* get user data for this guy */
user = user_load(sm, jid);
/* unknown user */
if(user == NULL) {
if(config_get(sm->config, "user.auto-create") == NULL) {
log_write(sm->log, LOG_NOTICE, "user not found and user.auto-create not enabled, can't start session: jid=%s", jid_full(jid));
return NULL;
}
log_debug(ZONE, "auto-creating user %s", jid_user(jid));
if(user_create(sm, jid) != 0)
return NULL;
user = user_load(sm, jid);
if(user == NULL) {
log_write(sm->log, LOG_NOTICE, "couldn't load user, can't start session: jid=%s", jid_full(jid));
return NULL;
}
}
/* kill their old session if they have one */
for(scan = user->sessions; scan != NULL; scan = scan->next)
if(jid_compare_full(scan->jid, jid) == 0) {
log_debug(ZONE, "replacing session %s (%s)", jid_full(jid), scan->c2s_id);
/* !!! this "replaced" stuff is a hack - its really a subaction of "ended".
* hurrah, another control protocol rewrite is needed :(
*/
sm_c2s_action(scan, "replaced", NULL);
_sess_end_guts(scan);
pool_free(scan->p);
replaced = 1;
break;
}
/* make a new session */
p = pool_new();
sess = (sess_t) pmalloco(p, sizeof(struct sess_st));
sess->p = p;
/* fill it out */
sess->pri = 0;
sess->user = user;
sess->jid = jid_dup(jid);
pool_cleanup(sess->p, (void (*))(void *) jid_free, sess->jid);
/* a place for modules to store stuff */
sess->module_data = (void **) pmalloco(sess->p, sizeof(void *) * sess->user->sm->mm->nindex);
/* add it to the list */
sess->next = user->sessions;
user->sessions = sess;
/* who c2s should address things to */
sha1_init(&sha1);
datetime_out(time(NULL), dt_DATETIME, sess->sm_id, 41);
sha1_append(&sha1, sess->sm_id, strlen(sess->sm_id));
sha1_append(&sha1, jid_full(sess->jid), strlen(jid_full(sess->jid)));
sha1_finish(&sha1, hash);
hex_from_raw(hash, 20, sess->sm_id);
log_debug(ZONE, "smid is %s", sess->sm_id);
/* remember it */
xhash_put(sm->sessions, sess->sm_id, sess);
/* inform the modules */
/* !!! catch the return value - if its 1, don't let them in */
mm_sess_start(sm->mm, sess);
if(replaced)
log_write(sm->log, LOG_NOTICE, "session replaced: jid=%s", jid_full(sess->jid));
else
log_write(sm->log, LOG_NOTICE, "session started: jid=%s", jid_full(sess->jid));
return sess;
}
