void QXmppIncomingServer::handleStanza(const QDomElement &stanza) { const QString ns = stanza.namespaceURI(); if (ns == ns_tls && stanza.tagName() == QLatin1String("starttls")) { sendData("<proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>"); socket()->flush(); socket()->startServerEncryption(); return; } else if (QXmppDialback::isDialback(stanza)) { QXmppDialback request; request.parse(stanza); // check the request is valid if (!request.type().isEmpty() || request.from().isEmpty() || request.to() != d->domain || request.key().isEmpty()) { warning(QString("Invalid dialback received on %1").arg(d->origin())); return; } const QString domain = request.from(); if (request.command() == QXmppDialback::Result) { debug(QString("Received a dialback result from '%1' on %2").arg(domain, d->origin())); // establish dialback connection QXmppOutgoingServer *stream = new QXmppOutgoingServer(d->domain, this); bool check = connect(stream, SIGNAL(dialbackResponseReceived(QXmppDialback)), this, SLOT(slotDialbackResponseReceived(QXmppDialback))); Q_ASSERT(check); Q_UNUSED(check); stream->setVerify(d->localStreamId, request.key()); stream->connectToHost(domain); } else if (request.command() == QXmppDialback::Verify) { debug(QString("Received a dialback verify from '%1' on %2").arg(domain, d->origin())); emit dialbackRequestReceived(request); } } else if (d->authenticated.contains(QXmppUtils::jidToDomain(stanza.attribute("from")))) { // relay stanza if the remote party is authenticated emit elementReceived(stanza); } else { warning(QString("Received an element from unverified domain '%1' on %2").arg(QXmppUtils::jidToDomain(stanza.attribute("from")), d->origin())); disconnectFromHost(); } }
void QXmppIncomingClient::handleStanza(const QDomElement &nodeRecv) { const QString ns = nodeRecv.namespaceURI(); if (d->idleTimer->interval()) d->idleTimer->start(); if (ns == ns_tls && nodeRecv.tagName() == "starttls") { sendData("<proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>"); socket()->flush(); socket()->startServerEncryption(); return; } else if (ns == ns_sasl) { if (nodeRecv.tagName() == "auth") { const QString mechanism = nodeRecv.attribute("mechanism"); if (mechanism == "PLAIN") { QList<QByteArray> auth = QByteArray::fromBase64(nodeRecv.text().toAscii()).split('\0'); if (auth.size() != 3) { sendData("<failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><incorrect-encoding/></failure>"); disconnectFromHost(); return; } QXmppPasswordRequest request; request.setDomain(d->domain); request.setUsername(QString::fromUtf8(auth[1])); request.setPassword(QString::fromUtf8(auth[2])); if (!d->passwordChecker) { // FIXME: what type of failure? warning(QString("Cannot authenticate '%1', no password checker").arg(request.username())); sendData("<failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>"); disconnectFromHost(); return; } QXmppPasswordReply *reply = d->passwordChecker->checkPassword(request); reply->setParent(this); reply->setProperty("__sasl_username", request.username()); connect(reply, SIGNAL(finished()), this, SLOT(onPasswordReply())); } else if (mechanism == "DIGEST-MD5") { // generate nonce d->saslDigest.setNonce(QXmppSaslDigestMd5::generateNonce()); d->saslDigest.setQop("auth"); d->saslStep = 1; QMap<QByteArray, QByteArray> challenge; challenge["nonce"] = d->saslDigest.nonce(); challenge["realm"] = d->domain.toUtf8(); challenge["qop"] = d->saslDigest.qop(); challenge["charset"] = "utf-8"; challenge["algorithm"] = "md5-sess"; const QByteArray data = QXmppSaslDigestMd5::serializeMessage(challenge).toBase64(); sendData("<challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>" + data +"</challenge>"); } else { // unsupported method sendData("<failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'></failure>"); disconnectFromHost(); return; } } else if (nodeRecv.tagName() == "response") { if (d->saslStep == 1) { const QByteArray raw = QByteArray::fromBase64(nodeRecv.text().toAscii()); QMap<QByteArray, QByteArray> saslResponse = QXmppSaslDigestMd5::parseMessage(raw); // check credentials const QString username = QString::fromUtf8(saslResponse.value("username")); if (!d->passwordChecker) { // FIXME: what type of failure? warning(QString("Cannot authenticate '%1', no password checker").arg(username)); sendData("<failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>"); disconnectFromHost(); return; } QXmppPasswordRequest request; request.setUsername(username); request.setDomain(d->domain); QXmppPasswordReply *reply = d->passwordChecker->getDigest(request); reply->setParent(this); reply->setProperty("__sasl_raw", raw); connect(reply, SIGNAL(finished()), this, SLOT(onDigestReply())); } else if (d->saslStep == 2) { // authentication succeeded d->saslStep = 3; info(QString("Authentication succeeded for '%1'").arg(d->username)); sendData("<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>"); } } } else if (ns == ns_client) { if (nodeRecv.tagName() == "iq") { const QString type = nodeRecv.attribute("type"); if (QXmppBindIq::isBindIq(nodeRecv) && type == "set") { QXmppBindIq bindSet; bindSet.parse(nodeRecv); d->resource = bindSet.resource().trimmed(); if (d->resource.isEmpty()) d->resource = generateStanzaHash(); QXmppBindIq bindResult; bindResult.setType(QXmppIq::Result); bindResult.setId(bindSet.id()); bindResult.setJid(jid()); sendPacket(bindResult); // bound emit connected(); return; } else if (QXmppSessionIq::isSessionIq(nodeRecv) && type == "set") { QXmppSessionIq sessionSet; sessionSet.parse(nodeRecv); QXmppIq sessionResult; sessionResult.setType(QXmppIq::Result); sessionResult.setId(sessionSet.id()); sessionResult.setTo(jid()); sendPacket(sessionResult); return; } } // check the sender is legitimate const QString from = nodeRecv.attribute("from"); if (!from.isEmpty() && from != jid() && from != jidToBareJid(jid())) { warning(QString("Received a stanza from unexpected JID %1").arg(from)); return; } // process unhandled stanzas if (nodeRecv.tagName() == "iq" || nodeRecv.tagName() == "message" || nodeRecv.tagName() == "presence") { QDomElement nodeFull(nodeRecv); // if the sender is empty, set it to the appropriate JID if (nodeFull.attribute("from").isEmpty()) { if (nodeFull.tagName() == "presence" && (nodeFull.attribute("type") == "subscribe" || nodeFull.attribute("type") == "subscribed")) nodeFull.setAttribute("from", jidToBareJid(jid())); else nodeFull.setAttribute("from", jid()); } // if the recipient is empty, set it to the local domain if (nodeFull.attribute("to").isEmpty()) nodeFull.setAttribute("to", d->domain); // emit stanza for processing by server emit elementReceived(nodeFull); } } }
void QXmppIncomingClient::handleStanza (const QDomElement &nodeRecv) { const QString ns = nodeRecv.namespaceURI(); if (d->idleTimer->interval()) d->idleTimer->start(); if (ns == ns_tls && nodeRecv.tagName() == QLatin1String ("starttls")) { sendData ("<proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>"); socket()->flush(); socket()->startServerEncryption(); return; } else if (ns == ns_sasl) { if (!d->passwordChecker) { warning ("Cannot perform authentication, no password checker"); sendPacket (QXmppSaslFailure ("temporary-auth-failure")); disconnectFromHost(); return; } if (nodeRecv.tagName() == QLatin1String ("auth")) { QXmppSaslAuth auth; auth.parse (nodeRecv); d->saslServer = QXmppSaslServer::create (auth.mechanism(), this); if (!d->saslServer) { sendPacket (QXmppSaslFailure ("invalid-mechanism")); disconnectFromHost(); return; } d->saslServer->setRealm (d->domain.toUtf8()); QByteArray challenge; QXmppSaslServer::Response result = d->saslServer->respond (auth.value(), challenge); if (result == QXmppSaslServer::InputNeeded) { // check credentials d->checkCredentials (auth.value()); } else if (result == QXmppSaslServer::Challenge) sendPacket (QXmppSaslChallenge (challenge)); else { // FIXME: what condition? sendPacket (QXmppSaslFailure()); disconnectFromHost(); return; } } else if (nodeRecv.tagName() == QLatin1String ("response")) { QXmppSaslResponse response; response.parse (nodeRecv); if (!d->saslServer) { warning ("SASL response received, but no mechanism selected"); sendPacket (QXmppSaslFailure()); disconnectFromHost(); return; } QByteArray challenge; QXmppSaslServer::Response result = d->saslServer->respond (response.value(), challenge); if (result == QXmppSaslServer::InputNeeded) { // check credentials d->checkCredentials (response.value()); } else if (result == QXmppSaslServer::Succeeded) { // authentication succeeded d->jid = QString ("%1@%2").arg (d->saslServer->username(), d->domain); info (QString ("Authentication succeeded for '%1' from %2").arg (d->jid, d->origin())); updateCounter ("incoming-client.auth.success"); sendPacket (QXmppSaslSuccess()); handleStart(); } else { // FIXME: what condition? sendPacket (QXmppSaslFailure()); disconnectFromHost(); } } } else if (ns == ns_client) { if (nodeRecv.tagName() == QLatin1String ("iq")) { const QString type = nodeRecv.attribute ("type"); if (QXmppBindIq::isBindIq (nodeRecv) && type == QLatin1String ("set")) { QXmppBindIq bindSet; bindSet.parse (nodeRecv); d->resource = bindSet.resource().trimmed(); if (d->resource.isEmpty()) d->resource = QXmppUtils::generateStanzaHash(); d->jid = QString ("%1/%2").arg (QXmppUtils::jidToBareJid (d->jid), d->resource); QXmppBindIq bindResult; bindResult.setType (QXmppIq::Result); bindResult.setId (bindSet.id()); bindResult.setJid (d->jid); sendPacket (bindResult); // bound emit connected(); return; } else if (QXmppSessionIq::isSessionIq (nodeRecv) && type == QLatin1String ("set")) { QXmppSessionIq sessionSet; sessionSet.parse (nodeRecv); QXmppIq sessionResult; sessionResult.setType (QXmppIq::Result); sessionResult.setId (sessionSet.id()); sessionResult.setTo (d->jid); sendPacket (sessionResult); return; } } // check the sender is legitimate const QString from = nodeRecv.attribute ("from"); if (!from.isEmpty() && from != d->jid && from != QXmppUtils::jidToBareJid (d->jid)) { warning (QString ("Received a stanza from unexpected JID %1").arg (from)); return; } // process unhandled stanzas if (nodeRecv.tagName() == QLatin1String ("iq") || nodeRecv.tagName() == QLatin1String ("message") || nodeRecv.tagName() == QLatin1String ("presence")) { QDomElement nodeFull (nodeRecv); // if the sender is empty, set it to the appropriate JID if (nodeFull.attribute ("from").isEmpty()) { if (nodeFull.tagName() == QLatin1String ("presence") && (nodeFull.attribute ("type") == QLatin1String ("subscribe") || nodeFull.attribute ("type") == QLatin1String ("subscribed"))) nodeFull.setAttribute ("from", QXmppUtils::jidToBareJid (d->jid)); else nodeFull.setAttribute ("from", d->jid); } // if the recipient is empty, set it to the local domain if (nodeFull.attribute ("to").isEmpty()) nodeFull.setAttribute ("to", d->domain); // emit stanza for processing by server emit elementReceived (nodeFull); } } }
void QXmppOutgoingClient::handleStanza(const QDomElement &nodeRecv) { // if we receive any kind of data, stop the timeout timer d->timeoutTimer->stop(); const QString ns = nodeRecv.namespaceURI(); // give client opportunity to handle stanza bool handled = false; emit elementReceived(nodeRecv, handled); if (handled) return; if(QXmppStreamFeatures::isStreamFeatures(nodeRecv)) { QXmppStreamFeatures features; features.parse(nodeRecv); if (!socket()->isEncrypted()) { // determine TLS mode to use const QXmppConfiguration::StreamSecurityMode localSecurity = configuration().streamSecurityMode(); const QXmppStreamFeatures::Mode remoteSecurity = features.tlsMode(); if (!socket()->supportsSsl() && (localSecurity == QXmppConfiguration::TLSRequired || remoteSecurity == QXmppStreamFeatures::Required)) { warning("Disconnecting as TLS is required, but SSL support is not available"); disconnectFromHost(); return; } if (localSecurity == QXmppConfiguration::TLSRequired && remoteSecurity == QXmppStreamFeatures::Disabled) { warning("Disconnecting as TLS is required, but not supported by the server"); disconnectFromHost(); return; } if (socket()->supportsSsl() && localSecurity != QXmppConfiguration::TLSDisabled && remoteSecurity != QXmppStreamFeatures::Disabled) { // enable TLS as it is support by both parties sendData("<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>"); return; } } // handle authentication const bool nonSaslAvailable = features.nonSaslAuthMode() != QXmppStreamFeatures::Disabled; const bool saslAvailable = !features.authMechanisms().isEmpty(); if (saslAvailable && configuration().useSASLAuthentication()) { // supported and preferred SASL auth mechanisms QStringList supportedMechanisms = QXmppSaslClient::availableMechanisms(); const QString preferredMechanism = configuration().saslAuthMechanism(); if (configuration().facebookAppId().isEmpty() || configuration().facebookAccessToken().isEmpty()) supportedMechanisms.removeAll("X-FACEBOOK-PLATFORM"); if (configuration().windowsLiveAccessToken().isEmpty()) supportedMechanisms.removeAll("X-MESSENGER-OAUTH2"); if (configuration().googleAccessToken().isEmpty()) supportedMechanisms.removeAll("X-OAUTH2"); // determine SASL Authentication mechanism to use QStringList commonMechanisms; QString usedMechanism; foreach (const QString &mechanism, features.authMechanisms()) { if (supportedMechanisms.contains(mechanism)) commonMechanisms << mechanism; } if (commonMechanisms.isEmpty()) { warning("No supported SASL Authentication mechanism available"); disconnectFromHost(); return; } else if (!commonMechanisms.contains(preferredMechanism)) { info(QString("Desired SASL Auth mechanism '%1' is not available, selecting first available one").arg(preferredMechanism)); usedMechanism = commonMechanisms.first(); } else { usedMechanism = preferredMechanism; } d->saslClient = QXmppSaslClient::create(usedMechanism, this); if (!d->saslClient) { warning("SASL mechanism negotiation failed"); disconnectFromHost(); return; } info(QString("SASL mechanism '%1' selected").arg(d->saslClient->mechanism())); d->saslClient->setHost(d->config.domain()); d->saslClient->setServiceType("xmpp"); if (d->saslClient->mechanism() == "X-FACEBOOK-PLATFORM") { d->saslClient->setUsername(configuration().facebookAppId()); d->saslClient->setPassword(configuration().facebookAccessToken()); } else if (d->saslClient->mechanism() == "X-MESSENGER-OAUTH2") { d->saslClient->setPassword(configuration().windowsLiveAccessToken()); } else if (d->saslClient->mechanism() == "X-OAUTH2") { d->saslClient->setUsername(configuration().user()); d->saslClient->setPassword(configuration().googleAccessToken()); } else { d->saslClient->setUsername(configuration().user()); d->saslClient->setPassword(configuration().password()); } // send SASL auth request QByteArray response; if (!d->saslClient->respond(QByteArray(), response)) { warning("SASL initial response failed"); disconnectFromHost(); return; } sendPacket(QXmppSaslAuth(d->saslClient->mechanism(), response)); return; } else if(nonSaslAvailable && configuration().useNonSASLAuthentication()) {