Changeset - 7619b9e2b2cb
[Not reviewed]
0 3 0
Dominik - 14 years ago 2012-01-27 18:33:18
meyerd@mytum.de
- check local_username against configured server
- TODO: improve really crappy and hacky Swiften password check solution
3 files changed with 51 insertions and 2 deletions:
0 comments (0 inline, 0 general)
spectrum/src/sample2.cfg
Show inline comments
 
@@ -50,48 +50,65 @@ protocol=prpl-jabber
 

	
 
# prpl-any means that user sets his protocol in his JID which has to be
 
# in following format: protocol.username@domain.tld
 
# So for example: prpl-jabber.hanzz.k%gmail.com@domain.tld
 
#protocol=prpl-any
 

	
 
[identity]
 
# Name of Spectrum instance in service discovery
 
name=Spectrum Jabber Transport
 

	
 
# Type of transport ("msn", "icq", "xmpp").
 
# Check http://xmpp.org/registrar/disco-categories.html#gateway
 
type=xmpp
 

	
 
# Category of transport, default is "gateway
 
#category=gateway
 

	
 
[logging]
 
# log4cxx/log4j logging configuration file in ini format used for main spectrum2 instance.
 
config = /etc/spectrum2/logging.cfg
 

	
 
# log4cxx/log4j logging configuration file in ini format used for backends.
 
backend_config = /etc/spectrum2/backend-logging.cfg
 

	
 
[database]
 
# Database backend type
 
# "sqlite3", "mysql" or "none" without database backend
 
type = none
 

	
 
# For SQLite3: Full path to database
 
# For MySQL: name of database
 
# default database = /var/lib/spectrum2/$jid/database.sql
 
#database = jabber_transport
 

	
 
# Server.
 
#server = localhost
 

	
 
# Port.
 
#port = 0
 

	
 
# User.
 
#user = spectrum
 

	
 
# Paasword.
 
#password = secret
 

	
 
# Prefix used for tables
 
#prefix = jabber_
 

	
 
[registration]
 
# Enable public registrations
 
enable_public_registration=1
 

	
 
# Text to display upon user registration form
 
username_label=Jabber JID (e.g. user@server.tld):
 
instructions=Enter your remote jabber JID and password as well as your local username and password
 

	
 
# If True a local jabber account on <local_account_server> is needed 
 
# for transport registration, the idea is to enable public registration
 
# from other servers, but only for users, who have already local accounts
 
require_local_account=1
 
local_username_label=Local username (without @server.tld):
 
local_account_server=localhost
 
local_account_server_timeout=10000
 

	
src/config.cpp
Show inline comments
 
@@ -44,96 +44,98 @@ bool Config::load(const std::string &configfile, boost::program_options::options
 
	char path[PATH_MAX] = "";
 
	if (m_file.find_first_of("/") != 0) {
 
		getcwd(path, PATH_MAX);
 
		m_file = std::string(path) + "/" + m_file;
 
	}
 

	
 
	return ret;
 
}
 

	
 
bool Config::load(std::istream &ifs, boost::program_options::options_description &opts, const std::string &_jid) {
 
	m_unregistered.clear();
 
	opts.add_options()
 
		("service.jid", value<std::string>()->default_value(""), "Transport Jabber ID")
 
		("service.server", value<std::string>()->default_value(""), "Server to connect to")
 
		("service.password", value<std::string>()->default_value(""), "Password used to auth the server")
 
		("service.port", value<int>()->default_value(0), "Port the server is listening on")
 
		("service.user", value<std::string>()->default_value(""), "The name of user Spectrum runs as.")
 
		("service.group", value<std::string>()->default_value(""), "The name of group Spectrum runs as.")
 
		("service.backend", value<std::string>()->default_value("libpurple_backend"), "Backend")
 
		("service.protocol", value<std::string>()->default_value(""), "Protocol")
 
		("service.pidfile", value<std::string>()->default_value("/var/run/spectrum2/$jid.pid"), "Full path to pid file")
 
		("service.working_dir", value<std::string>()->default_value("/var/lib/spectrum2/$jid"), "Working dir")
 
		("service.allowed_servers", value<std::string>()->default_value(""), "Only users from these servers can connect")
 
		("service.server_mode", value<bool>()->default_value(false), "True if Spectrum should behave as server")
 
		("service.users_per_backend", value<int>()->default_value(100), "Number of users per one legacy network backend")
 
		("service.backend_host", value<std::string>()->default_value("localhost"), "Host to bind backend server to")
 
		("service.backend_port", value<std::string>()->default_value("0"), "Port to bind backend server to")
 
		("service.cert", value<std::string>()->default_value(""), "PKCS#12 Certificate.")
 
		("service.cert_password", value<std::string>()->default_value(""), "PKCS#12 Certificate password.")
 
		("service.admin_jid", value<std::string>()->default_value(""), "Administrator jid.")
 
		("service.admin_password", value<std::string>()->default_value(""), "Administrator password.")
 
		("service.reuse_old_backends", value<bool>()->default_value(true), "True if Spectrum should use old backends which were full in the past.")
 
		("service.idle_reconnect_time", value<int>()->default_value(0), "Time in seconds after which idle users are reconnected to let their backend die.")
 
		("service.memory_collector_time", value<int>()->default_value(0), "Time in seconds after which backend with most memory is set to die.")
 
		("service.more_resources", value<bool>()->default_value(false), "Allow more resources to be connected in server mode at the same time.")
 
		("service.enable_privacy_lists", value<bool>()->default_value(true), "")
 
		("vhosts.vhost", value<std::vector<std::string> >()->multitoken(), "")
 
		("identity.name", value<std::string>()->default_value("Spectrum 2 Transport"), "Name showed in service discovery.")
 
		("identity.category", value<std::string>()->default_value("gateway"), "Disco#info identity category. 'gateway' by default.")
 
		("identity.type", value<std::string>()->default_value(""), "Type of transport ('icq','msn','gg','irc', ...)")
 
		("registration.enable_public_registration", value<bool>()->default_value(true), "True if users should be able to register.")
 
		("registration.language", value<std::string>()->default_value("en"), "Default language for registration form")
 
		("registration.instructions", value<std::string>()->default_value("Enter your legacy network username and password."), "Instructions showed to user in registration form")
 
		("registration.username_label", value<std::string>()->default_value("Legacy network username:"), "Label for username field")
 
		("registration.username_mask", value<std::string>()->default_value(""), "Username mask")
 
		("registration.encoding", value<std::string>()->default_value("utf8"), "Default encoding in registration form")
 
		("registration.require_local_account", value<bool>()->default_value(false), "True if users have to have a local account to register to this transport from remote servers.")
 
		("registration.local_username_label", value<std::string>()->default_value("Local username:"), "Label for local usernme field")
 
		("registration.local_account_server", value<std::string>()->default_value("localhost"), "The server on which the local accounts will be checked for validity")
 
		("registration.local_account_server_timeout", value<int>()->default_value(10000), "Timeout when checking local user on local_account_server (msecs)")
 
		("database.type", value<std::string>()->default_value("none"), "Database type.")
 
		("database.database", value<std::string>()->default_value(""), "Database used to store data")
 
		("database.server", value<std::string>()->default_value("localhost"), "Database server.")
 
		("database.user", value<std::string>()->default_value(""), "Database user.")
 
		("database.password", value<std::string>()->default_value(""), "Database Password.")
 
		("database.port", value<int>()->default_value(0), "Database port.")
 
		("database.prefix", value<std::string>()->default_value(""), "Prefix of tables in database")
 
		("database.encryption_key", value<std::string>()->default_value(""), "Encryption key.")
 
		("logging.config", value<std::string>()->default_value(""), "Path to log4cxx config file which is used for Spectrum 2 instance")
 
		("logging.backend_config", value<std::string>()->default_value(""), "Path to log4cxx config file which is used for backends")
 
		("backend.default_avatar", value<std::string>()->default_value(""), "Full path to default avatar")
 
		("backend.avatars_directory", value<std::string>()->default_value(""), "Path to directory with avatars")
 
		("backend.no_vcard_fetch", value<bool>()->default_value(false), "True if VCards for buddies should not be fetched. Only avatars will be forwarded.")
 
	;
 

	
 
	parsed_options parsed = parse_config_file(ifs, opts, true);
 

	
 
	bool found_working = false;
 
	bool found_pidfile = false;
 
	bool found_backend_port = false;
 
	std::string jid = "";
 
	BOOST_FOREACH(option &opt, parsed.options) {
 
		if (opt.string_key == "service.jid") {
 
			if (_jid.empty()) {
 
				jid = opt.value[0];
 
			}
 
			else {
 
				opt.value[0] = _jid;
 
				jid = _jid;
 
			}
 
		}
 
		else if (opt.string_key == "service.backend_port") {
 
			found_backend_port = true;
 
			if (opt.value[0] == "0") {
 
				opt.value[0] = boost::lexical_cast<std::string>(Util::getRandomPort(_jid.empty() ? jid : _jid));
 
			}
 
		}
 
		else if (opt.string_key == "service.working_dir") {
 
			found_working = true;
 
		}
 
		else if (opt.string_key == "service.pidfile") {
 
			found_pidfile = true;
 
		}
 
	}
 

	
 
	if (!found_working) {
 
		std::vector<std::string> value;
 
		value.push_back("/var/lib/spectrum2/$jid");
src/userregistration.cpp
Show inline comments
 
/**
 
 * libtransport -- C++ library for easy XMPP Transports development
 
 *
 
 * Copyright (C) 2011, Jan Kaluza <hanzz.k@gmail.com>
 
 *
 
 * This program is free software; you can redistribute it and/or modify
 
 * it under the terms of the GNU General Public License as published by
 
 * the Free Software Foundation; either version 2 of the License, or
 
 * (at your option) any later version.
 
 *
 
 * This program is distributed in the hope that it will be useful,
 
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 
 * GNU General Public License for more details.
 
 *
 
 * You should have received a copy of the GNU General Public License
 
 * along with this program; if not, write to the Free Software
 
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02111-1301  USA
 
 */
 

	
 
#include "transport/userregistration.h"
 
#include "transport/usermanager.h"
 
#include "transport/storagebackend.h"
 
#include "transport/transport.h"
 
#include "transport/rostermanager.h"
 
#include "transport/user.h"
 
#include "Swiften/Elements/ErrorPayload.h"
 
#include <boost/shared_ptr.hpp>
 
#include <boost/thread.hpp>
 
#include <boost/date_time/posix_time/posix_time.hpp>
 
#include "log4cxx/logger.h"
 

	
 
using namespace Swift;
 
using namespace log4cxx;
 

	
 
namespace Transport {
 

	
 
static LoggerPtr logger = Logger::getLogger("UserRegistration");
 

	
 
UserRegistration::UserRegistration(Component *component, UserManager *userManager, StorageBackend *storageBackend) : Swift::Responder<Swift::InBandRegistrationPayload>(component->m_iqRouter) {
 
	m_component = component;
 
	m_config = m_component->m_config;
 
	m_storageBackend = storageBackend;
 
	m_userManager = userManager;
 
}
 

	
 
UserRegistration::~UserRegistration(){
 
}
 

	
 
bool UserRegistration::registerUser(const UserInfo &row) {
 
	UserInfo user;
 
	bool registered = m_storageBackend->getUser(row.jid, user);
 
	// This user is already registered
 
	if (registered)
 
		return false;
 

	
 
	m_storageBackend->setUser(row);
 

	
 
	Swift::Presence::ref response = Swift::Presence::create();
 
	response->setFrom(m_component->getJID());
 
	response->setTo(Swift::JID(row.jid));
 
	response->setType(Swift::Presence::Subscribe);
 
	m_component->getStanzaChannel()->sendPresence(response);
 

	
 
	onUserRegistered(row);
 
	return true;
 
}
 

	
 
bool UserRegistration::unregisterUser(const std::string &barejid) {
 
	UserInfo userInfo;
 
	bool registered = m_storageBackend->getUser(barejid, userInfo);
 
	// This user is not registered
 
	if (!registered)
 
		return false;
 

	
 
	onUserUnregistered(userInfo);
 

	
 
	// We have to check if server supports remoteroster XEP and use it if it's supported or fallback to unsubscribe otherwise
 
@@ -315,98 +317,126 @@ bool UserRegistration::handleSetRequest(const Swift::JID& from, const Swift::JID
 
				}
 
				continue;
 
			}
 

	
 
			TextPrivateFormField::ref textPrivate = boost::dynamic_pointer_cast<TextPrivateFormField>(*it);
 
			if (textPrivate) {
 
				if (textPrivate->getName() == "password") {
 
					payload->setPassword(textPrivate->getValue());
 
				}
 
				else if (textPrivate->getName() == "local_password") {
 
					local_password = textPrivate->getValue();
 
				}
 
				continue;
 
			}
 

	
 
			ListSingleFormField::ref listSingle = boost::dynamic_pointer_cast<ListSingleFormField>(*it);
 
			if (listSingle) {
 
				if (listSingle->getName() == "language") {
 
					language = listSingle->getValue();
 
				}
 
				continue;
 
			}
 

	
 
			BooleanFormField::ref boolean = boost::dynamic_pointer_cast<BooleanFormField>(*it);
 
			if (boolean) {
 
				if (boolean->getName() == "unregister") {
 
					if (boolean->getValue()) {
 
						payload->setRemove(true);
 
					}
 
				}
 
				continue;
 
			}
 
		}
 
	}
 

	
 
	if (payload->isRemove()) {
 
		unregisterUser(barejid);
 
		sendResponse(from, id, InBandRegistrationPayload::ref());
 
		return true;
 
	}
 

	
 
	if (CONFIG_BOOL(m_config,"registration.require_local_account")) {
 
	/*	if (!local_username || !local_password) {
 
			sendResponse(from, id, InBandRegistrationPayload::ref());
 
			return true
 
		} else */ if (local_username == "" || local_password == "") {
 
			sendResponse(from, id, InBandRegistrationPayload::ref());
 
			return true;
 
		} else if (local_username != "heinz" || local_password != "heinz") {
 
			// TODO: Check local password and username
 
		} 
 
		Swift::logging = true;
 
		bool validLocal = false;
 
		std::string localLookupServer = CONFIG_STRING(m_config, "registration.local_account_server");
 
		std::string localLookupJID = local_username + std::string("@") + localLookupServer;
 
		SimpleEventLoop localLookupEventLoop;
 
		BoostNetworkFactories localLookupNetworkFactories(&localLookupEventLoop);
 
		Client localLookupClient(localLookupJID, local_password, &localLookupNetworkFactories);
 
		
 
		// TODO: this is neccessary on my server ... but should maybe omitted
 
		localLookupClient.setAlwaysTrustCertificates();
 
		localLookupClient.connect();
 

	
 
		class SimpleLoopRunner {
 
			public:
 
				SimpleLoopRunner() {};
 

	
 
				static void run(SimpleEventLoop * loop) {
 
					loop->run();
 
				};
 
		};
 

	
 
		// TODO: Really ugly and hacky solution, any other ideas more than welcome!
 
		boost::thread thread(boost::bind(&(SimpleLoopRunner::run), &localLookupEventLoop));
 
		thread.timed_join(boost::posix_time::millisec(CONFIG_INT(m_config, "registration.local_account_server_timeout")));
 
		localLookupEventLoop.stop();
 
		thread.join();
 
		validLocal = localLookupClient.isAvailable();
 
		localLookupClient.disconnect();
 
		if (!validLocal) {
 
			sendError(from, id, ErrorPayload::NotAuthorized, ErrorPayload::Modify);
 
			return true;
 
		}
 
	}
 

	
 
	printf("here\n");
 

	
 
	if (!payload->getUsername() || !payload->getPassword()) {
 
		sendError(from, id, ErrorPayload::NotAcceptable, ErrorPayload::Modify);
 
		return true;
 
	}
 

	
 
	// Register or change password
 
	if (payload->getUsername()->empty()) {
 
		sendError(from, id, ErrorPayload::NotAcceptable, ErrorPayload::Modify);
 
		return true;
 
	}
 

	
 
	// TODO: Move this check to backend somehow
 
	if (CONFIG_STRING(m_config, "service.protocol") == "prpl-jabber") {
 
		// User tries to register himself.
 
		if ((Swift::JID(*payload->getUsername()).toBare() == from.toBare())) {
 
			sendError(from, id, ErrorPayload::NotAcceptable, ErrorPayload::Modify);
 
			return true;
 
		}
 

	
 
		// User tries to register someone who's already registered.
 
		UserInfo user_row;
 
		bool registered = m_storageBackend->getUser(Swift::JID(*payload->getUsername()).toBare().toString(), user_row);
 
		if (registered) {
 
			sendError(from, id, ErrorPayload::NotAcceptable, ErrorPayload::Modify);
 
			return true;
 
		}
 
	}
 

	
 
	std::string username = *payload->getUsername();
 

	
 
	std::string newUsername(username);
 
	if (!CONFIG_STRING(m_config, "registration.username_mask").empty()) {
 
		newUsername = CONFIG_STRING(m_config, "registration.username_mask");
 
		boost::replace_all(newUsername, "$username", username);
 
	}
 

	
 
//TODO: Part of spectrum1 registration stuff, this should be potentially rewritten for S2 too
 
// 	if (!m_component->protocol()->isValidUsername(newUsername)) {
 
// 		Log("UserRegistration", "This is not valid username: "<< newUsername);
 
// 		sendError(from, id, ErrorPayload::NotAcceptable, ErrorPayload::Modify);
 
// 		return true;
0 comments (0 inline, 0 general)