BOOL CJabberProto::OnRosterPushRequest(HXML, CJabberIqInfo *pInfo)
{
HXML queryNode = pInfo->GetChildNode();
// RFC 3921 #7.2 Business Rules
if (pInfo->GetFrom()) {
TCHAR *szFrom = JabberPrepareJid(pInfo->GetFrom());
if (!szFrom)
return TRUE;
TCHAR *szTo = JabberPrepareJid(m_ThreadInfo->fullJID);
if (!szTo) {
mir_free(szFrom);
return TRUE;
}
TCHAR *pDelimiter = _tcschr(szFrom, _T('/'));
if (pDelimiter) *pDelimiter = 0;
pDelimiter = _tcschr(szTo, _T('/'));
if (pDelimiter) *pDelimiter = 0;
BOOL bRetVal = mir_tstrcmp(szFrom, szTo) == 0;
mir_free(szFrom);
mir_free(szTo);
// invalid JID
if (!bRetVal) {
debugLog(_T("<iq/> attempt to hack via roster push from %s"), pInfo->GetFrom());
return TRUE;
}
}
JABBER_LIST_ITEM *item;
MCONTACT hContact = NULL;
const TCHAR *jid, *str;
debugLogA("<iq/> Got roster push, query has %d children", XmlGetChildCount(queryNode));
for (int i = 0;; i++) {
HXML itemNode = XmlGetChild(queryNode, i);
if (!itemNode)
break;
if (mir_tstrcmp(XmlGetName(itemNode), _T("item")) != 0)
continue;
if ((jid = XmlGetAttrValue(itemNode, _T("jid"))) == NULL)
continue;
if ((str = XmlGetAttrValue(itemNode, _T("subscription"))) == NULL)
continue;
// we will not add new account when subscription=remove
if (!mir_tstrcmp(str, _T("to")) || !mir_tstrcmp(str, _T("both")) || !mir_tstrcmp(str, _T("from")) || !mir_tstrcmp(str, _T("none"))) {
const TCHAR *name = XmlGetAttrValue(itemNode, _T("name"));
ptrT nick((name != NULL) ? mir_tstrdup(name) : JabberNickFromJID(jid));
if (nick != NULL) {
if ((item = ListAdd(LIST_ROSTER, jid)) != NULL) {
replaceStrT(item->nick, nick);
HXML groupNode = XmlGetChild(itemNode, "group");
replaceStrT(item->group, XmlGetText(groupNode));
if ((hContact = HContactFromJID(jid, 0)) == NULL) {
// Received roster has a new JID.
// Add the jid (with empty resource) to Miranda contact list.
hContact = DBCreateContact(jid, nick, FALSE, FALSE);
}
else setTString(hContact, "jid", jid);
if (name != NULL) {
ptrT tszNick(getTStringA(hContact, "Nick"));
if (tszNick != NULL) {
if (mir_tstrcmp(nick, tszNick) != 0)
db_set_ts(hContact, "CList", "MyHandle", nick);
else
db_unset(hContact, "CList", "MyHandle");
}
else db_set_ts(hContact, "CList", "MyHandle", nick);
}
else db_unset(hContact, "CList", "MyHandle");
if (!m_options.IgnoreRosterGroups) {
if (item->group != NULL) {
Clist_CreateGroup(0, item->group);
db_set_ts(hContact, "CList", "Group", item->group);
}
else db_unset(hContact, "CList", "Group");
}
}
}
}
if ((item = ListGetItemPtr(LIST_ROSTER, jid)) != NULL) {
if (!mir_tstrcmp(str, _T("both"))) item->subscription = SUB_BOTH;
else if (!mir_tstrcmp(str, _T("to"))) item->subscription = SUB_TO;
else if (!mir_tstrcmp(str, _T("from"))) item->subscription = SUB_FROM;
else item->subscription = SUB_NONE;
debugLog(_T("Roster push for jid=%s, set subscription to %s"), jid, str);
// subscription = remove is to remove from roster list
// but we will just set the contact to offline and not actually
// remove, so that history will be retained.
if (!mir_tstrcmp(str, _T("remove"))) {
if ((hContact = HContactFromJID(jid)) != NULL) {
SetContactOfflineStatus(hContact);
ListRemove(LIST_ROSTER, jid);
}
}
else if (isChatRoom(hContact))
db_unset(hContact, "CList", "Hidden");
else
UpdateSubscriptionInfo(hContact, item);
}
}
UI_SAFE_NOTIFY(m_pDlgServiceDiscovery, WM_JABBER_TRANSPORT_REFRESH);
RebuildInfoFrame();
return TRUE;
}
int CJabberProto::ByteSendProxyParse( HANDLE hConn, JABBER_BYTE_TRANSFER *jbt, char* buffer, int datalen )
{
int num = datalen;
switch ( jbt->state ) {
case JBT_INIT:
// received:
// 00-00 ver ( 0x05 )
// 01-01 selected method ( 0=no auth, 0xff=error )
// send:
// 00-00 ver ( 0x05 )
// 01-01 cmd ( 1=connect )
// 02-02 reserved ( 0 )
// 03-03 address type ( 3 )
// 04-44 dst.addr ( 41 bytes: 1-byte length, 40-byte SHA1 hash of [sid,srcJID,dstJID] )
// 45-46 dst.port ( 0 )
if ( datalen==2 && buffer[0]==5 && buffer[1]==0 ) {
BYTE data[47];
ZeroMemory( data, sizeof( data ));
*(( DWORD* )data ) = 0x03000105;
data[4] = 40;
TCHAR text[256];
TCHAR *szInitiatorJid = JabberPrepareJid(jbt->srcJID);
TCHAR *szTargetJid = JabberPrepareJid(jbt->dstJID);
mir_sntprintf( text, SIZEOF( text ), _T("%s%s%s"), jbt->sid, szInitiatorJid, szTargetJid );
mir_free(szInitiatorJid);
mir_free(szTargetJid);
char* szAuthString = mir_utf8encodeT( text );
Log( "Auth: '%s'", szAuthString );
char* szHash = JabberSha1( szAuthString );
strncpy(( char* )( data+5 ), szHash, 40 );
mir_free( szHash );
Netlib_Send( hConn, ( char* )data, 47, 0 );
jbt->state = JBT_CONNECT;
mir_free( szAuthString );
}
else jbt->state = JBT_SOCKSERR;
break;
case JBT_CONNECT:
// received:
// 00-00 ver ( 0x05 )
// 01-01 reply ( 0=success,2=not allowed )
// 02-02 reserved ( 0 )
// 03-03 address type ( 1=IPv4 address,3=host address )
// 04-mm bnd.addr server bound address ( 4-byte IP if IPv4, 1-byte length + n-byte host address string if host address )
// nn-nn+1 bnd.port server bound port
if ( datalen>=5 && buffer[0]==5 && buffer[1]==0 && ( buffer[3]==1 || buffer[3]==3 || buffer[3]==0 )) {
if ( buffer[3]==1 && datalen>=10 )
num = 10;
else if ( buffer[3]==3 && datalen>=buffer[4]+7 )
num = buffer[4] + 7;
else if ( buffer[3]==0 && datalen>=6 )
num = 6;
else {
jbt->state = JBT_SOCKSERR;
break;
}
jbt->state = JBT_SENDING;
jbt->hProxyEvent = CreateEvent( NULL, FALSE, FALSE, NULL );
jbt->bStreamActivated = FALSE;
int iqId = SerialNext();
TCHAR listJid[256];
mir_sntprintf(listJid, SIZEOF( listJid ), _T("ftproxy_%d"), iqId);
JABBER_LIST_ITEM *item = ListAdd( LIST_FTIQID, listJid );
item->jbt = jbt;
IqAdd( iqId, IQ_PROC_NONE, &CJabberProto::IqResultStreamActivate );
m_ThreadInfo->send(
XmlNodeIq( _T("set"), iqId, jbt->streamhostJID ) << XQUERY( _T(JABBER_FEAT_BYTESTREAMS))
<< XATTR( _T("sid"), jbt->sid ) << XCHILD( _T("activate"), jbt->dstJID ));
WaitForSingleObject( jbt->hProxyEvent, INFINITE );
CloseHandle( jbt->hProxyEvent );
jbt->hProxyEvent = NULL;
ListRemove( LIST_FTIQID, listJid );
if ( jbt->bStreamActivated)
jbt->state = (this->*jbt->pfnSend)( hConn, jbt->ft ) ? JBT_DONE : JBT_ERROR;
else
jbt->state = JBT_ERROR;
}
else jbt->state = JBT_SOCKSERR;
break;
}
return num;
}
int CJabberProto::ByteReceiveParse( HANDLE hConn, JABBER_BYTE_TRANSFER *jbt, char* buffer, int datalen )
{
int bytesReceived, num = datalen;
switch ( jbt->state ) {
case JBT_INIT:
// received:
// 00-00 ver ( 0x05 )
// 01-01 selected method ( 0=no auth, 0xff=error )
// send:
// 00-00 ver ( 0x05 )
// 01-01 cmd ( 1=connect )
// 02-02 reserved ( 0 )
// 03-03 address type ( 3 )
// 04-44 dst.addr ( 41 bytes: 1-byte length, 40-byte SHA1 hash of [sid,srcJID,dstJID] )
// 45-46 dst.port ( 0 )
if ( datalen==2 && buffer[0]==5 && buffer[1]==0 ) {
BYTE data[47];
ZeroMemory( data, sizeof( data ));
*(( DWORD* )data ) = 0x03000105;
data[4] = 40;
TCHAR text[JABBER_MAX_JID_LEN*2];
TCHAR *szInitiatorJid = JabberPrepareJid(jbt->srcJID);
TCHAR *szTargetJid = JabberPrepareJid(jbt->dstJID);
mir_sntprintf( text, SIZEOF( text ), _T("%s%s%s"), jbt->sid, szInitiatorJid, szTargetJid );
mir_free(szInitiatorJid);
mir_free(szTargetJid);
char* szAuthString = mir_utf8encodeT( text );
Log( "Auth: '%s'", szAuthString );
char* szHash = JabberSha1( szAuthString );
strncpy(( char* )( data+5 ), szHash, 40 );
mir_free( szHash );
Netlib_Send( hConn, ( char* )data, 47, 0 );
jbt->state = JBT_CONNECT;
mir_free( szAuthString );
}
else jbt->state = JBT_SOCKSERR;
break;
case JBT_CONNECT:
// received:
// 00-00 ver ( 0x05 )
// 01-01 reply ( 0=success,2=not allowed )
// 02-02 reserved ( 0 )
// 03-03 address type ( 1=IPv4 address,3=host address )
// 04-mm bnd.addr server bound address ( 4-byte IP if IPv4, 1-byte length + n-byte host address string if host address )
// nn-nn+1 bnd.port server bound port
if ( datalen>=5 && buffer[0]==5 && buffer[1]==0 && ( buffer[3]==1 || buffer[3]==3 || buffer[3]==0 )) {
if ( buffer[3]==1 && datalen>=10 )
num = 10;
else if ( buffer[3]==3 && datalen>=buffer[4]+7 )
num = buffer[4] + 7;
else if ( buffer[3]==0 && datalen>=6 )
num = 6;
else {
jbt->state = JBT_SOCKSERR;
break;
}
jbt->state = JBT_RECVING;
m_ThreadInfo->send(
XmlNodeIq( _T("result"), jbt->iqId, jbt->srcJID ) << XQUERY( _T(JABBER_FEAT_BYTESTREAMS))
<< XCHILD( _T("streamhost-used")) << XATTR( _T("jid"), jbt->streamhostJID ));
}
else jbt->state = JBT_SOCKSERR;
break;
case JBT_RECVING:
bytesReceived = (this->*jbt->pfnRecv)( hConn, jbt->ft, buffer, datalen );
if ( bytesReceived < 0 )
jbt->state = JBT_ERROR;
else if ( bytesReceived == 0 )
jbt->state = JBT_DONE;
break;
}
return num;
}
int CJabberProto::ByteSendParse( HANDLE hConn, JABBER_BYTE_TRANSFER *jbt, char* buffer, int datalen )
{
int nMethods;
BYTE data[10];
int i;
char* str;
switch ( jbt->state ) {
case JBT_INIT:
// received:
// 00-00 ver ( 0x05 )
// 01-01 nmethods
// 02-xx list of methods ( nmethods bytes )
// send:
// 00-00 ver ( 0x05 )
// 01-01 select method ( 0=no auth required )
if ( datalen>=2 && buffer[0]==5 && buffer[1]+2==datalen ) {
nMethods = buffer[1];
for ( i=0; i<nMethods && buffer[2+i]!=0; i++ );
if ( i < nMethods ) {
data[1] = 0;
jbt->state = JBT_CONNECT;
}
else {
data[1] = 0xff;
jbt->state = JBT_ERROR;
}
data[0] = 5;
Netlib_Send( hConn, ( char* )data, 2, 0 );
}
else jbt->state = JBT_ERROR;
break;
case JBT_CONNECT:
// received:
// 00-00 ver ( 0x05 )
// 01-01 cmd ( 1=connect )
// 02-02 reserved ( 0 )
// 03-03 address type ( 3 )
// 04-44 dst.addr ( 41 bytes: 1-byte length, 40-byte SHA1 hash of [sid,srcJID,dstJID] )
// 45-46 dst.port ( 0 )
// send:
// 00-00 ver ( 0x05 )
// 01-01 reply ( 0=success,2=not allowed )
// 02-02 reserved ( 0 )
// 03-03 address type ( 1=IPv4 address )
// 04-07 bnd.addr server bound address
// 08-09 bnd.port server bound port
if ( datalen == 47 && *(( DWORD* )buffer )==0x03000105 && buffer[4]==40 && *(( WORD* )( buffer+45 ))==0 ) {
TCHAR text[256];
TCHAR *szInitiatorJid = JabberPrepareJid(jbt->srcJID);
TCHAR *szTargetJid = JabberPrepareJid(jbt->dstJID);
mir_sntprintf( text, SIZEOF( text ), _T("%s%s%s"), jbt->sid, szInitiatorJid, szTargetJid );
mir_free(szInitiatorJid);
mir_free(szTargetJid);
char* szAuthString = mir_utf8encodeT( text );
Log( "Auth: '%s'", szAuthString );
if (( str = JabberSha1( szAuthString )) != NULL ) {
for ( i=0; i<40 && buffer[i+5]==str[i]; i++ );
mir_free( str );
ZeroMemory( data, 10 );
data[1] = ( i>=20 )?0:2;
data[0] = 5;
data[3] = 1;
Netlib_Send( hConn, ( char* )data, 10, 0 );
// wait stream activation
WaitForSingleObject( jbt->hSendEvent, INFINITE );
if ( jbt->state == JBT_ERROR )
break;
if ( i>=20 && (this->*jbt->pfnSend)( hConn, jbt->ft )==TRUE )
jbt->state = JBT_DONE;
else
jbt->state = JBT_ERROR;
}
mir_free( szAuthString );
}
else
jbt->state = JBT_ERROR;
break;
}
return datalen;
}