summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2018-11-08Consistently use unsigned short for network portsEdwin Mons
Network ports are now consistently stored as unsigned shorts, apart from the options and user interface, where -1 is still used to denote the use of default ports. Test-Information: Unit tests pass on macOS 10.13 and Debian 9 On macOS: tested the UI with various proxy and manual ports, behaviour as expected. Change-Id: I7a65f40083022887aa30ed7b21eadc56d0c52be1
2017-05-15Add pointer checks in some CoreClient members.Thanos Doukoudakis
This patch adds some checks in the CoreClient class to avoid accessing stanza and session channels to send data when they are not available. The Sluift lua wrapper functions will throw an exception in these cases. Test-Information All unit test pass. Timlx: Test Suite ‘basic’: All tests Pass. Test Suite ‘fmuc’: All tests except FmucChain Pass (Not related with the changes) Change-Id: I3d5894b3cfdafd0ea28c0fb33b6db8588f2a5c8f
2016-11-28Correctly handle server initiated closing of streamTobias Markmann
If a server closes the XMPP stream, it sends a </stream:stream> tag. The client is supposed to respond with the same tag and then both parties can close the TLS/TCP socket. Previously Swift(-en) would simply ignore </stream:stream> tag if it was not directly followed by a shutdown of the TCP connection. In addition there is now a timeout timer started as soon as Swiften or the server initiates a shutdown. It will close the socket and cleanup the ClientSession if the server does not respond in time or the network is faulty. Refactored some code in ClientSession in the process. Moved ClientSession::State to a C++11 strongly typed enum class. This also fixes issues where duplicated </stream:stream> tags would be send by Swift. Test-Information: Tested against Prosody ba782a093b14 and M-Link 16.3v6-0, which provide ad-hoc commands to end a user session. Previously this was ignored by Swift. Now it correctly responds to the server, detects it as a disconnect and tries to reconnect afterwards. Added unit test for the case where the server closes the session stream. Change-Id: I59dfde3aa6b50dc117f340e5db6b9e58b54b3c60
2016-11-23Migrate remaining Swiften/Base/foreach.h use to range-based for loopTobias Markmann
Test-Information: Build on macOS 10.12.1 and all tests pass. Change-Id: Iedaa3fa7e7672c77909fd0568bf30e9393cb87e0
2016-04-04Modernize code to use C++11 shared_ptr instead of Boost'sTobias Markmann
This change was done by applying the following 'gsed' replacement calls to all source files: 's/\#include <boost\/shared_ptr\.hpp>/\#include <memory>/g' 's/\#include <boost\/enable_shared_from_this\.hpp>/\#include <memory>/g' 's/\#include <boost\/smart_ptr\/make_shared\.hpp>/\#include <memory>/g' 's/\#include <boost\/make_shared\.hpp>/\#include <memory>/g' 's/\#include <boost\/weak_ptr\.hpp>/\#include <memory>/g' 's/boost::make_shared/std::make_shared/g' 's/boost::dynamic_pointer_cast/std::dynamic_pointer_cast/g' 's/boost::shared_ptr/std::shared_ptr/g' 's/boost::weak_ptr/std::weak_ptr/g' 's/boost::enable_shared_from_this/std::enable_shared_from_this/g' The remaining issues have been fixed manually. Test-Information: Code builds on OS X 10.11.4 and unit tests pass. Change-Id: Ia7ae34eab869fb9ad6387a1348426b71ae4acd5f
2016-04-01Modernize code to use C++11 nullptr using clang-tidyTobias Markmann
Run 'clang-tidy -fix -checks=modernize-use-nullptr' on all source code files on OS X. This does not modernize platform specific code on Linux and Windows Test-Information: Code builds and unit tests pass on OS X 10.11.4. Change-Id: Ic43ffeb1b76c1a933a55af03db3c54977f5f60dd
2016-03-31Convert tabs to 4 spaces for all source filesTobias Markmann
Removed trailing spaces and whitespace on empty lines in the process. Changed CheckTabs.py tool to disallow hard tabs in source files. Test-Information: Manually checked 30 random files that the conversion worked as expected. Change-Id: I874f99d617bd3d2bb55f02d58f22f58f9b094480
2015-11-10Add support for client certificate authentication in BOSHTobias Markmann
This allows to authenticate using SASL EXTERNAL over BOSH using a client TLS certificate for the HTTPS connection of the BOSH channel. The implementation also enforces the HTTPS server certificate of subsequent BOSH connections not to change. This commit also removes TLSConnection and TLSConnectionFactory as no code is using them. Test-Information: Tested against M-Link 16.3v6-0 on Debian 7.9 and Swift on OS X 10.10.5. Verified working client certificate authentication. Verified Swift not falling back to password-based authentication, in case EXTERNAL is not allowed by the server over BOSH or the client certificate is invalid. Change-Id: Ia96bcac27cac9fc9261ed847c82c6328307bfbd1
2015-11-04Fix swiften handling when client certificate is missingGurmeen Bindra
This patch prevents SWIFTEN from logging in if provided with a missing PKCS12 file. Before this patch, swiften would attempt a password based login using operator JID and pwd of the P12 file when the P12 file was missing. This patch fixes it by checking the certificate and not initialising session stream and connection if the certificate is empty. It emits a disconnect with client certificate load error. The string for certificate load error has been modified to indicate a file or password invalid. Test-information: Tested by doing a certificate based bind to an XMPP server. Removed the PKCS#12 file and checked that swift gave a certificate error instead of doing pwd connect Change-Id: I1869a13f1f7135b6606f7383cd4a0356ffd6931b
2015-10-30Fix issues with HTTPTrafficFilter for HTTP proxy / BOSH usageTobias Markmann
This patch fixes the code to handle HTTP/1.0 proxies which do not keep the connection alive after a single request. If a HTTPTrafficFilter returns a new header reply, the HTTP CONNECT proxy code will issue the request over a new connection. The final connection is kept alive, as it used for the persistent connection forwarding. In addition, the response status line is now passed to the HTTPTrafficFilter handling method to provide ability to act upon the response status code. Missing passthrough of the HTTPTrafficFilter object the down the stack to the HTTPConnectProxiedConnection is added. Test-Information: Added a unit test following an NTLM HTTP proxy authentication with a static HTTPTrafficFilter. This and other unit tests still pass. Change-Id: Ida0d1aec08a60f10c1480e1eecaecbd3f87b0dca
2015-07-08Use GSSAPI when SSO is usedMili Verma
This patch uses the GSSAPI authenticator on Windows if the server advertises it and the client requests it. (The user is not able to request it in the UI yet) Also sends the manual port to the GSSAPI authenticator to construct the SPN if a non-default port is used. Test-information: Tested on Windows using WIP code. Tested both on TLS & without. Unit tests pass. Change-Id: I9a9ad9604fe084d5fb2003b7a91174a9512e2eec
2015-06-29Pass an optional error codeMili Verma
This patch creates and passes on an optional boost::system::error_code variable which contains more error info which can be displayed in case of an error. Test-information: Tested using WIP code on Windows. Change-Id: I285b8aec5e9c00d3a8e0d8cc0d5e7b4c5d94c099
2015-06-10Add ability to limit SChannel to TLS 1.0Kevin Smith
Some servers have very restrictive TLS stacks that respond badly to a bug in the SChannel TLS implementation, meaning that TLS has to be limited to 1.0. Add ClientOptions.tlsOptions. This is a method of passing options into the TLS stack. It's currently only used for the TLS 1.0 workaround in SChannel, but we might reasonably expose other options in the future, such as limiting cypher suites. Disables use of SSLv3 for SChannel Also updates the coding style in SchannelContext a bit. Test-Information: Compiles on both OS X and Windows(SChannel). OS X doesn't show the new option. Windows shows it, and remembers it between logins. Not tested against a server requiring 1.0 only, but a previous hack with the same approach was tested. Change-Id: I1e7854d43811fd173f21f98d4dc3915fc7a4b322
2015-03-16Add ability to modify HTTP CONNECT proxy initializationTobias Markmann
This patch adds HTTPTrafficFilter and integrates it into HTTPConnectProxiedConnection. This allows the HTTP CONNECT proxy initialization process to be customized. Test-Information: Added a unit test that verifies the new functionality. Change-Id: I0b93c319fb205487b8be65717276cd0dd38851a3
2014-12-15Update Copyright in SwiftenKevin Smith
Change-Id: I94ab4bbb68c603fe872abeb8090575de042f5cb4
2014-05-18Replace accidental cerr with SWIFT_LOGKevin Smith
Change-Id: I1801265c1b65eacf97e1cd3c69bedeef63cca898
2014-05-18Fix copy paste errorRemko Tronçon
Change-Id: I4d9ecc462d90821d3232f583e2e3ebea6a9eed74
2014-03-22Move hardcoded XMPP SRV information from Connector into CoreClientNick Hudson
The Connector class had "_xmpp-client._tcp." hard-coded in it, which meant that it was not suitable for non-XMPP clients. This change means that the Connector can now be used by clients who are interested in arbitrary SRV records; the CoreClient class is updated accordingly. Test-information: Built and ran Swift - seems to work as expected Ran unit-tests ("scons test=unit") - reports OK Change-Id: I0fea9aa90f5d1d5e3a4b90f3362b663fe9d8e207
2013-04-27Removing third-party hash implementations.Remko Tronçon
Using library/platform implementation instead. Change-Id: I2457c2dad80e6fdda023a7f31c3906ff10fe09ed
2013-04-06Make IDN implementation abstract.Remko Tronçon
Change-Id: I4c64f954ddeca7147d729b8be07237baa15c1795
2012-09-15Added URL parser.Remko Tronçon
2012-08-13Set timeout on each connection attempt, instead of global connect timeout.Remko Tronçon
Resolves: #962
2012-06-20Fix proxy selectionThilo Cestonaro
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
2012-06-17Allow different connection methods for Client.Remko Tronçon
2012-05-11Showing stream encryption status in the roster header. Provide native ↵Tobias Markmann
certificate viewers on click. Native viewers for Windows and Mac OS X are implemented. Added TODOs to OpenSSL based TLS interface related to CRL and OCSP. Resolves: #167 License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
2012-04-12Tidy up of assorted Schannel/CAPI stuffs.Kevin Smith
Makes Swift disconnect if a smartcard used for auth is removed. Fixes compilation. Changes code style in a few places.
2012-03-23Allow TLS errors to bubble further up the stackKevin Smith
2012-03-22Manual certificate verification. Added two additional TLS errors related to ↵dreijer
revocation. License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
2012-03-04Pass along errors about DNS resolution.Kevin Smith
2012-02-22Fix up for previous CAPI patchKevin Smith
Now connects successfully with or without TLS(with cert)
2012-02-22Initial implementation of using CAPI certificates with Schannel.Alexey Melnikov
Introduced a new parent class for all certificates with keys (class CertificateWithKey is the new parent for PKCS12Certificate.) Switched to using "CertificateWithKey *" instead of "const CertificateWithKey&" Added calling of a Windows dialog for certificate selection when Schannel TLS implementation is used. This compiles, but is not tested. License: This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
2012-01-17Allow specifying BOSH and BOSH proxy URLs with names (rather than IPs)Kevin Smith
2011-12-22BOSH Refactoring.Remko Tronçon
2011-12-13BOSH Support for SwiftenKevin Smith
This adds support for BOSH to Swiften. It does not expose it to Swift. Release-Notes: Swiften now allows connects over BOSH, if used appropriately.
2011-12-13BOSH implementation startedThilo Cestonaro
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
2011-10-16Hoist ProxyProvider creation out of Client.Remko Tronçon
2011-10-16Hoist TLSContextFactory creation out of Client.Remko Tronçon
2011-10-10Force disconnect signals when calling connect() shortly after disconnect().Remko Tronçon
2011-10-07Hoist XML parser factory creation out of Swiften.Remko Tronçon
2011-10-01Update IQRouter JID after session was authenticated.Remko Tronçon
Resolves: #971
2011-09-26Allow disabling of 198-acks in SwiftenKevin Smith
2011-09-25Google Summer of Code 2011 Project: Adding support for Jingle File Transfers ↵Tobias Markmann
(XEP-0234), Jingle SOCKS5 Bytestreams Transport Method (XEP-0260), Jingle In-Band Bytestreams Transport Method (XEP-0261) and SOCKS5 Bytestreams (XEP-0065). License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
2011-09-20Swiften support for requiring TLSKevin Smith
2011-08-28Merge branch 'swift-1.x'Remko Tronçon
* swift-1.x: Remove relaxation of not checking JIDs if the IQRouter's JID isn't set. Fixed Request::isAccountJID(). Check sender on incoming IQ responses.
2011-08-28Check sender on incoming IQ responses.Remko Tronçon
Release-Notes: Fixed a bug whereby the sender of an iq wasn't being checked before matching it to a request.
2011-07-03Fix for a SIGABRT when reconnectingThilo Cestonaro
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
2011-06-08Added AllowPlainOverNONTLS option to ClientOptions.Remko Tronçon
2011-06-03Limit the use of the SafeString type.Remko Tronçon
2011-06-03Ensure safety on onDataRead and onDataWritten signals.Remko Tronçon
2011-05-22Removing unnecessary purgePassword() calls in CoreClient.Remko Tronçon