aboutsummaryrefslogtreecommitdiffstats
path: root/protocols/oscar/msgcookie.c
blob: ceee65dc38eb694d0fc23bd9958ff703822d5449 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172

/*
 * Cookie Caching stuff. Adam wrote this, apparently just some
 * derivatives of n's SNAC work. I cleaned it up, added comments.
 *
 */

/*
 * I'm assuming that cookies are type-specific. that is, we can have
 * "1234578" for type 1 and type 2 concurrently. if i'm wrong, then we
 * lose some error checking. if we assume cookies are not type-specific and are
 * wrong, we get quirky behavior when cookies step on each others' toes.
 */

#include <aim.h>
#include "info.h"

/**
 * aim_cachecookie - appends a cookie to the cookie list
 * @sess: session to add to
 * @cookie: pointer to struct to append
 *
 * if cookie->cookie for type cookie->type is found, updates the
 * ->addtime of the found structure; otherwise adds the given cookie
 * to the cache
 *
 * returns -1 on error, 0 on append, 1 on update.  the cookie you pass
 * in may be free'd, so don't count on its value after calling this!
 *
 */
int aim_cachecookie(aim_session_t *sess, aim_msgcookie_t *cookie)
{
	aim_msgcookie_t *newcook;

	if (!sess || !cookie) {
		return -EINVAL;
	}

	newcook = aim_checkcookie(sess, cookie->cookie, cookie->type);

	if (newcook == cookie) {
		newcook->addtime = time(NULL);
		return 1;
	} else if (newcook) {
		aim_cookie_free(sess, newcook);
	}

	cookie->addtime = time(NULL);

	cookie->next = sess->msgcookies;
	sess->msgcookies = cookie;

	return 0;
}

/**
 * aim_uncachecookie - grabs a cookie from the cookie cache (removes it from the list)
 * @sess: session to grab cookie from
 * @cookie: cookie string to look for
 * @type: cookie type to look for
 *
 * takes a cookie string and a cookie type and finds the cookie struct associated with that duple, removing it from the cookie list ikn the process.
 *
 * if found, returns the struct; if none found (or on error), returns NULL:
 */
aim_msgcookie_t *aim_uncachecookie(aim_session_t *sess, guint8 *cookie, int type)
{
	aim_msgcookie_t *cur, **prev;

	if (!cookie || !sess->msgcookies) {
		return NULL;
	}

	for (prev = &sess->msgcookies; (cur = *prev); ) {
		if ((cur->type == type) &&
		    (memcmp(cur->cookie, cookie, 8) == 0)) {
			*prev = cur->next;
			return cur;
		}
		prev = &cur->next;
	}

	return NULL;
}

/**
 * aim_mkcookie - generate an aim_msgcookie_t *struct from a cookie string, a type, and a data pointer.
 * @c: pointer to the cookie string array
 * @type: cookie type to use
 * @data: data to be cached with the cookie
 *
 * returns NULL on error, a pointer to the newly-allocated cookie on
 * success.
 *
 */
aim_msgcookie_t *aim_mkcookie(guint8 *c, int type, void *data)
{
	aim_msgcookie_t *cookie;

	if (!c) {
		return NULL;
	}

	if (!(cookie = g_new0(aim_msgcookie_t, 1))) {
		return NULL;
	}

	cookie->data = data;
	cookie->type = type;
	memcpy(cookie->cookie, c, 8);

	return cookie;
}

/**
 * aim_checkcookie - check to see if a cookietuple has been cached
 * @sess: session to check for the cookie in
 * @cookie: pointer to the cookie string array
 * @type: type of the cookie to look for
 *
 * this returns a pointer to the cookie struct (still in the list) on
 * success; returns NULL on error/not found
 *
 */

aim_msgcookie_t *aim_checkcookie(aim_session_t *sess, const guint8 *cookie, int type)
{
	aim_msgcookie_t *cur;

	for (cur = sess->msgcookies; cur; cur = cur->next) {
		if ((cur->type == type) &&
		    (memcmp(cur->cookie, cookie, 8) == 0)) {
			return cur;
		}
	}

	return NULL;
}

/**
 * aim_cookie_free - free an aim_msgcookie_t struct
 * @sess: session to remove the cookie from
 * @cookiep: the address of a pointer to the cookie struct to remove
 *
 * this function removes the cookie *cookie from the list of cookies
 * in sess, and then frees all memory associated with it. including
 * its data! if you want to use the private data after calling this,
 * make sure you copy it first.
 *
 * returns -1 on error, 0 on success.
 *
 */
int aim_cookie_free(aim_session_t *sess, aim_msgcookie_t *cookie)
{
	aim_msgcookie_t *cur, **prev;

	if (!sess || !cookie) {
		return -EINVAL;
	}

	for (prev = &sess->msgcookies; (cur = *prev); ) {
		if (cur == cookie) {
			*prev = cur->next;
		} else {
			prev = &cur->next;
		}
	}

	g_free(cookie->data);
	g_free(cookie);

	return 0;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-07 18:05:01 +0000
icPolicy(); initialized = TRUE; } void *ssl_connect(char *host, int port, gboolean verify, ssl_input_function func, gpointer data) { struct scd *conn = g_new0(struct scd, 1); conn->fd = proxy_connect(host, port, ssl_connected, conn); conn->func = func; conn->data = data; conn->hostname = g_strdup(host); if (conn->fd < 0) { g_free(conn->hostname); g_free(conn); return (NULL); } if (!initialized) { ssl_init(); } return (conn); } static gboolean ssl_starttls_real(gpointer data, gint source, b_input_condition cond) { struct scd *conn = data; return ssl_connected(conn, conn->fd, B_EV_IO_WRITE); } void *ssl_starttls(int fd, char *hostname, gboolean verify, ssl_input_function func, gpointer data) { struct scd *conn = g_new0(struct scd, 1); conn->fd = fd; conn->func = func; conn->data = data; conn->hostname = g_strdup(hostname); /* For now, SSL verification is globally enabled by setting the cafile setting in bitlbee.conf. Commented out by default because probably not everyone has this file in the same place and plenty of folks may not have the cert of their private Jabber server in it. */ conn->verify = verify && global.conf->cafile; /* This function should be called via a (short) timeout instead of directly from here, because these SSL calls are *supposed* to be *completely* asynchronous and not ready yet when this function (or *_connect, for examle) returns. Also, errors are reported via the callback function, not via this function's return value. In short, doing things like this makes the rest of the code a lot simpler. */ b_timeout_add(1, ssl_starttls_real, conn); return conn; } static gboolean ssl_connected(gpointer data, gint source, b_input_condition cond) { struct scd *conn = data; /* Right now we don't have any verification functionality for NSS. */ if (conn->verify) { conn->func(conn->data, 1, NULL, cond); if (source >= 0) { closesocket(source); } g_free(conn->hostname); g_free(conn); return FALSE; } if (source == -1) { goto ssl_connected_failure; } /* Until we find out how to handle non-blocking I/O with NSS... */ sock_make_blocking(conn->fd); conn->prfd = SSL_ImportFD(NULL, PR_ImportTCPSocket(source)); if (!conn->prfd) { goto ssl_connected_failure; } SSL_OptionSet(conn->prfd, SSL_SECURITY, PR_TRUE); SSL_OptionSet(conn->prfd, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); SSL_BadCertHook(conn->prfd, (SSLBadCertHandler) nss_bad_cert, NULL); SSL_AuthCertificateHook(conn->prfd, (SSLAuthCertificate) nss_auth_cert, (void *) CERT_GetDefaultCertDB()); SSL_SetURL(conn->prfd, conn->hostname); SSL_ResetHandshake(conn->prfd, PR_FALSE); if (SSL_ForceHandshake(conn->prfd)) { goto ssl_connected_failure; } conn->established = TRUE; conn->func(conn->data, 0, conn, cond); return FALSE; ssl_connected_failure: conn->func(conn->data, 0, NULL, cond); if (conn->prfd) { PR_Close(conn->prfd); } else if (source >= 0) { /* proxy_disconnect() would be redundant here */ closesocket(source); } g_free(conn->hostname); g_free(conn); return FALSE; } int ssl_read(void *conn, char *buf, int len) { int st; PRErrorCode PR_err; if (!((struct scd *) conn)->established) { ssl_errno = SSL_NOHANDSHAKE; return -1; } st = PR_Read(((struct scd *) conn)->prfd, buf, len); PR_err = PR_GetError(); ssl_errno = SSL_OK; if (PR_err == PR_WOULD_BLOCK_ERROR) { ssl_errno = SSL_AGAIN; } if (SSLDEBUG && getenv("BITLBEE_DEBUG") && st > 0) { len = write(STDERR_FILENO, buf, st); } return st; } int ssl_write(void *conn, const char *buf, int len) { int st; PRErrorCode PR_err; if (!((struct scd *) conn)->established) { ssl_errno = SSL_NOHANDSHAKE; return -1; } st = PR_Write(((struct scd *) conn)->prfd, buf, len); PR_err = PR_GetError(); ssl_errno = SSL_OK; if (PR_err == PR_WOULD_BLOCK_ERROR) { ssl_errno = SSL_AGAIN; } if (SSLDEBUG && getenv("BITLBEE_DEBUG") && st > 0) { len = write(2, buf, st); } return st; } int ssl_pending(void *conn) { struct scd *c = (struct scd *) conn; if (c == NULL) { return 0; } return (c->established && SSL_DataPending(c->prfd) > 0); } void ssl_disconnect(void *conn_) { struct scd *conn = conn_; // When we swich to NSS_Init, we should have here // NSS_Shutdown(); if (conn->prfd) { PR_Close(conn->prfd); } else if (conn->fd) { proxy_disconnect(conn->fd); } g_free(conn->hostname); g_free(conn); } int ssl_getfd(void *conn) { return (((struct scd *) conn)->fd); } b_input_condition ssl_getdirection(void *conn) { /* Just in case someone calls us, let's return the most likely case: */ return B_EV_IO_READ; } char *ssl_verify_strerror(int code) { return g_strdup ("SSL certificate verification not supported by BitlBee NSS code."); } size_t ssl_des3_encrypt(const unsigned char *key, size_t key_len, const unsigned char *input, size_t input_len, const unsigned char *iv, unsigned char **res) { #define CIPHER_MECH CKM_DES3_CBC #define MAX_OUTPUT_LEN 72 int len1; unsigned int len2; PK11Context *ctx = NULL; PK11SlotInfo *slot = NULL; SECItem keyItem; SECItem ivItem; SECItem *secParam = NULL; PK11SymKey *symKey = NULL; size_t rc; SECStatus rv; if (!initialized) { ssl_init(); } keyItem.data = (unsigned char *) key; keyItem.len = key_len; slot = PK11_GetBestSlot(CIPHER_MECH, NULL); if (slot == NULL) { fprintf(stderr, "PK11_GetBestSlot failed (err %d)\n", PR_GetError()); rc = 0; goto out; } symKey = PK11_ImportSymKey(slot, CIPHER_MECH, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, NULL); if (symKey == NULL) { fprintf(stderr, "PK11_ImportSymKey failed (err %d)\n", PR_GetError()); rc = 0; goto out; } ivItem.data = (unsigned char *) iv; /* See msn_soap_passport_sso_handle_response in protocols/msn/soap.c */ ivItem.len = 8; secParam = PK11_ParamFromIV(CIPHER_MECH, &ivItem); if (secParam == NULL) { fprintf(stderr, "PK11_ParamFromIV failed (err %d)\n", PR_GetError()); rc = 0; goto out; } ctx = PK11_CreateContextBySymKey(CIPHER_MECH, CKA_ENCRYPT, symKey, secParam); if (ctx == NULL) { fprintf(stderr, "PK11_CreateContextBySymKey failed (err %d)\n", PR_GetError()); rc = 0; goto out; } *res = g_new0(unsigned char, MAX_OUTPUT_LEN); rv = PK11_CipherOp(ctx, *res, &len1, MAX_OUTPUT_LEN, (unsigned char *) input, input_len); if (rv != SECSuccess) { fprintf(stderr, "PK11_CipherOp failed (err %d)\n", PR_GetError()); rc = 0; goto out; } assert(len1 <= MAX_OUTPUT_LEN); rv = PK11_DigestFinal(ctx, *res + len1, &len2, (unsigned int) MAX_OUTPUT_LEN - len1); if (rv != SECSuccess) { fprintf(stderr, "PK11_DigestFinal failed (err %d)\n", PR_GetError()); rc = 0; goto out; } rc = len1 + len2; out: if (ctx) { PK11_DestroyContext(ctx, PR_TRUE); } if (symKey) { PK11_FreeSymKey(symKey); } if (secParam) { SECITEM_FreeItem(secParam, PR_TRUE); } if (slot) { PK11_FreeSlot(slot); } return rc; }
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-07 18:05:01 +0000