| Age | Commit message (Collapse) | Author |
|---|
|
This allows to authenticate using SASL EXTERNAL over BOSH
using a client TLS certificate for the HTTPS connection of
the BOSH channel.
The implementation also enforces the HTTPS server certificate
of subsequent BOSH connections not to change.
This commit also removes TLSConnection and TLSConnectionFactory
as no code is using them.
Test-Information:
Tested against M-Link 16.3v6-0 on Debian 7.9 and Swift on
OS X 10.10.5. Verified working client certificate authentication.
Verified Swift not falling back to password-based authentication,
in case EXTERNAL is not allowed by the server over BOSH or
the client certificate is invalid.
Change-Id: Ia96bcac27cac9fc9261ed847c82c6328307bfbd1
|
|
The code was calling CFRelease on a null pointer, which runs
into an assert inside CFRelease.
Test-Information:
The crash happened during client certificate authentication
using the Secure Transport backend. With this patch the crash
is gone.
Change-Id: If389dcb8b8a20fdc5cf77219d6c5afb86c9c3634
|
|
Test-Information:
Still builds and tests pass on OS X 10.10.5.
Change-Id: Ic616e7b9de443ce34b46de63ac1bb0cca34b08ee
|
|
Test-Information:
Still builds and tests pass.
Change-Id: I040423ab6f6934610e336f3af22d174a685af66a
|
|
These errors were reported by Clang Analyzer.
Test-Information:
Verified that behavior is still as expected and Clang
Analyzer does not report the warnings anymore.
Change-Id: I149d75241f7680a6d2f2b6b710dd38d1ed81a209
|
|
This patch prevents SWIFTEN from logging in if provided with a missing PKCS12 file.
Before this patch, swiften would attempt a password based login using operator JID
and pwd of the P12 file when the P12 file was missing.
This patch fixes it by checking the certificate and not initialising session stream
and connection if the certificate is empty. It emits a disconnect with client
certificate load error. The string for certificate load error has been modified to
indicate a file or password invalid.
Test-information:
Tested by doing a certificate based bind to an XMPP server. Removed the PKCS#12
file and checked that swift gave a certificate error instead of doing pwd connect
Change-Id: I1869a13f1f7135b6606f7383cd4a0356ffd6931b
|
|
This patch fixes the code to handle HTTP/1.0 proxies which
do not keep the connection alive after a single request.
If a HTTPTrafficFilter returns a new header reply, the HTTP
CONNECT proxy code will issue the request over a new connection.
The final connection is kept alive, as it used for the
persistent connection forwarding.
In addition, the response status line is now passed to the
HTTPTrafficFilter handling method to provide ability to act
upon the response status code.
Missing passthrough of the HTTPTrafficFilter object the down
the stack to the HTTPConnectProxiedConnection is added.
Test-Information:
Added a unit test following an NTLM HTTP proxy authentication
with a static HTTPTrafficFilter. This and other unit tests
still pass.
Change-Id: Ida0d1aec08a60f10c1480e1eecaecbd3f87b0dca
|
|
Added integration tests for certificate validation and
revocation behavior checking.
Test-Information:
Tested client login over TLS against Prosody and M-Link.
Verified client certificate authentication works against
M-Link.
Change-Id: I6ad870f17adbf279f3bac913a3076909308a0021
|
|
With this commit
SOCKS5BytestreamProxiesManager::onDiscoveredProxiesChanged
will be emitted even if no proxies are found.
Move signal emission out of if/else scopes as it was present
in both cases.
Test-Information:
Tested file-transfer with the sender located at a server
without a S5B proxy.
Change-Id: Ic79928e539a6f39f23bfda370d701bf6d9ca9cbf
|
|
Test-Information:
Code builds without warnings, unit tests still pass on OS X
10.10.5.
Change-Id: I9108b53fb00b0fc85a8dd4e2a347e21d0e6008ab
|
|
Test-Information:
Build and tests pass successfully on OS X 10.10.5.
Change-Id: I614586660796f9ef043156d09d998d39934a6eca
|
|
In addition, this adds the file-transfer classes to the
Doxygen documentation.
Test-Information:
Unit and integration tests still pass.
Change-Id: Ib6c16078c90ed56fae835cb2abfea8a564c3afa3
|
|
Before presence handling code was handled by both, the
ContactRosterItem in Swift and the PresenceOracle in Swiften.
The ContactRosterItem also considered the presence priority
for deciding what presence to show for a bare JID.
With this code all full or bare JID presence requests are
finally handled by the PresenceOracle. For bare JIDs it is
looked up to a presence of one of the available resources of
that JID regardless of the priorities.
Test-Information:
Adjusted tests according to above description and documentation
in PresenceOracle.
Change-Id: I972a4574f476cdf4d4b5593a035eb1c25ef2f8ba
|
|
When removing a contact, a XMPP client will not receive an explicit
unavailable presence stanza for the contact from the server. Because
of that Swift used to show removed contacts still with their old
presence in the Chats tab or the chat view.
With this patch, the PresenceOracle will flush all known presence
of a contact as soon as the JID is removed from the roster. An
unavailable presence will stored under the removed bare JID and
is emitted via the PresenceOracle::onPresenceChange signal.
Test-Information:
Added a unit test verifying this behavior. Tested the behavior with
two scenarios:
a) Account A and B adding each other and accepting the subscription
request. Starting a chat between A and B. After removing B in A's
account, B used to be shown as available in the chat view and the
Chats tab. With this patch B is shown as unavailable.
b) Account A and B adding each other and accepting the subscription
request. A removing B, and B removing A. After A adds B again,
B used to be shown with the old presence even before B accepted
the subscription request. This behavior is also fixed with this
patch, not showing B as online until B accepted the subscription
request.
Change-Id: Iba97d3bedd0ac962ea00b25a0d2ed6106ed55a55
|
|
This is required to protect against the CVE-2015-2059 vulnerability in
libIDN.
Test-Information:
Added unit tests for UTF-8 validation and tested that existing unit
tests still pass.
Change-Id: I0a94136894c6e0004081456c59155a78a3dabf5f
|
|
With this commit a ChatController is only bound to a full JID
of a contact, if the incoming message of the contact has a
non-empty body or is a 'typing' chat state notification.
This avoids random binding to an arbitrary resource of a contact,
that has multiple online resources and responds with delivery
receipts.
Test-Information:
Tested with a conversation of a one resource account (A) to a
two resource account (B). Sending two messages to B, the first
used to go to both resources, then A would bind to the full
JID and the second message would only go to one resource.
With this fix all messages go to both resources, i.e. are
send to the bare JID, until one resource of B replies. This
binds the controller at A to the full JID of the reply of B.
Change-Id: I8d9321a4226ab798e1196351ad087990d5dff8c3
|
|
Test-Informations:
Code compiles without warnings and tests still pass.
Change-Id: If74c615706b8125c3c5186f0d940c103749ddb80
|
|
Test-Information:
Both Valgrind and clang's leak sanitizer report a lot leaks
on the FileTransferTest. With this commit it the stack traces
related to the fixed leaks are gone.
Change-Id: Idae9a81bcd8d97576d3f1469bf64490e0bfa7d55
|
|
This existing code was commented out. There are not tests for
it and no counterpart for incoming transfers.
We support Jingle-based file-transfers as the main file-transfer
method, as do lots of other clients.
Test-Informations:
Tested the complete project still builds.
Change-Id: Icf278165733fe481b4e2bc777a73bc420cf76398
|
|
The code used to call the onProxiesFound signal only if a
proxy was found. In case of missing S5B proxy at the users
server, the file-transfer preparation would hang.
Now the code wants until the discovery phase is done and then
calls the onProxiesFound signal with the list of discovered
proxies. In case of missing S5B proxy server the signal is
called with an empty list so the file-transfer flow can
continue.
Test-Information:
Ran FileTransferTest integration test and manually tested a
file-transfer on a server without S5B proxy.
Change-Id: I31d3cc08fe6453b5cdfe6be286f884a920470d28
|
|
Test-Information:
Adjusted the corresponding test case accordingly.
Change-Id: I4626f09cd51bac2ff9ca97d5a7da5a173fc627a5
|
|
Furthermore removed unneeded includes.
Test-Information:
Still builds and unit tests pass.
Change-Id: Ic7272e754c488f427b5ee6834f1d892028ea285d
|
|
The dateTimeToLocalString uses boost functions that may throw
an out of range exception for times earlier than 1970.
This commit caches this exception and just returns an empty
string in this case.
Test-Information:
Added a unit test to verify this behavior.
Change-Id: I05eb17605331e14d9eac04fbfd286362e7d4eb46
|
|
The logic for calling onItemAdded and onItemRemoved signals when
setting a new list of block items using BlockListImpl::setItems
used to be broken.
This commit fixes and documents the correct signal notification
behavior
Test-Information:
Added a unit test which verifies the notification behavior in case
of added block list items, removed block list items and a complete
change of the block list.
Change-Id: I3061545e25ddfc2d9d1a3c987045a58e5c9230ac
|
|
According to boost doucmentation shared deadline_timers are not
thread-safe. Adding a mutext to protect access to
boost::asio::deadline_timer instance in Swift::BoostTimer.
This fixes a data-race reported by TSAN when running
Swiften/QA/ClientTest/ClientTest.
Test-Information:
Verified that the data-race report is gone with this fix.
Change-Id: I62c8c3a07d6ea16fe6e2d24c879340040406699b
|
|
FileTransferManagerImpl should have a virtual dtor, as the
parent class also has a virtual dtor.
Test-Information:
Unit tests still run.
Change-Id: I72a0757a930254caadfd1463b3f90af6c4829bd0
|
|
Running './scons check_headers=1 will compile each header file
as an object file.
Test-Information:
Tested on OS X 10.9.5 and Elementary OS 0.2.
Change-Id: Ia429ccc6dc0a5bd76c08a2c2e91bf192c6ad2901
|
|
As the correct API usage might not be obvious
Change-Id: I1d4887d7101ce59eb8f3a3dc13d94befe4a58948
|
|
Added Swiften/Base/Concat.h to the exception list for <algorithm>
include, as Concat.h uses std::copy, defined in <algorithm>.
Added Swiften/FileTransfer/S5BTransportSession.h to the exception
list for <boost/bind.hpp> include, as S5BTransportSession.h
declares a template class using boost::bind.
Test-Information:
Tested that each of Swiften's public header files compiles on its
own.
Change-Id: Iac794b6e0f5959cd8261888a67761813b710fe85
|
|
Explicitly disconnect from remaining resources in the
ChainedConnected and ClientSessionStanzaChannel destructors, so
the event loop will not call the signal handler methods on a
freed object.
Test-Information:
Repeating the test case of creating a Swift::Client instance,
connecting it and then deleting it after a random time below one
second.
On Mac OS X 10.9.5 running this test case causes two ASAN
heap-use-after-free errors and with this patch the errors are
gone.
Change-Id: I3e48150c3633f4076ca9172aad9e85ba389df950
|
|
Now Client allocates a FileTransferManager in its ctor and frees
it in its dtor, like all the other resources of the Client class.
This fixes an ASAN crash in the use case where you do a file
transfer, go offline and online again and try to start another
file transfer.
Test-Information:
Tested that the mentioned use case does not crash anymore,
that file transfers still work, and that FileTransferTest still
passes.
Change-Id: Iddbcd8522af7df528bdc2b030fe616ad3f0c4701
|
|
A recent commit introduced resolving of S5B proxy domain names
to their IPv4 and IPv6 addresses. With that a proxy identified
by a JID can have more than one host and we try them in parallel
until the first succeeds.
The old code just handled one host per proxy JID and a failed
IPv6 attempt would override the succeeded connection. The code
uses shared pointers and the succeeded connecting is deallocated
and disconnected when it is replaced with the failing IPv6
connection.
The result is the proxy server complaining that we are not
connected as we try to activate the proxy stream.
This commit changes the the proxy management to handle multiple
connections per proxy JID. Failing connections are removed from
the proxy sessions data structure. With the first succeeding
connections, others are stopped and also removed.
Test-Information:
Tested on Linux (Elementary OS 0.2) with
"Swiften/QA/FileTransferTest/FileTransferTest 4 4", which forces
the use of SOCKS5 bytestream proxy.
Change-Id: If3071c3d058e1040556bb72702bf83f4f5f25334
|
|
Test-Information:
This LSAN reported leak is gone with this fix.
Change-Id: Ib25fdfb7f4a82f62cd3f82ddb99f45618ea72ea9
|
|
Reported by LSAN.
Test-Information:
Detected by running FileTransferTest with LSAN on Linux.
The leak reports for the allocations in FileReadBytestream and
FileWriteBytestream are gone with this fix.
Change-Id: I32711990eca0c9a2a2982837cfac38cb11a28caa
|
|
Adds InBandRegistrationPayloadParserTest, IBBSerializerTest, IsodeIQDelegationSerializerTest.
Adds UserTune Parser and Serializer.
Adds UserLocation Parser and Serializer.
License:
This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
Test-Information:
All tests passes.
Change-Id: Ida220574c33ca9ee6f2aa8a2f4fba4c68e3fec60
|
|
Test-Information:
Detected with valgrind-3.10.1 on OS X 10.9.5 and verified they are
gone with this fix.
Change-Id: I8cab09efd2227a8d43fa77bd2c315bd9b67435fb
|
|
This is an attempt to fix crash reports with a segmentation fault on
call of onLocalTransportCandidatesGenerated().
Test-Information:
Tested that file-transfer still works.
Change-Id: I415be0d8bc5fa15dcd68d0794ee2478a0d836f27
|
|
This patch uses the GSSAPI authenticator on Windows if the server advertises it
and the client requests it. (The user is not able to request it in the UI yet)
Also sends the manual port to the GSSAPI authenticator to construct the SPN if
a non-default port is used.
Test-information:
Tested on Windows using WIP code. Tested both on TLS & without.
Unit tests pass.
Change-Id: I9a9ad9604fe084d5fb2003b7a91174a9512e2eec
|
|
Test-Information:
Added unit test that checks for the expected behavior.
Change-Id: I4079bdc1182af466eedd2496b9837e024f14acb2
|
|
If the S5B proxy lookup result has no direct IP address listed the
name is resolved using DNS. This change will create a proxy result
per resolved result address and not only the first result address.
Test-Information:
Verified the candidate list contains both entires for a proxy name
that resolves to an A and an AAAA record.
Change-Id: Iec21ff90af981030ff49fb53803d88a59694767c
|
|
ASAN reported heap-use-after-free because if the timer is running
and an instance is freed, the signal of the timer is still emitted and
connected slots are called.
Test-Information:
Tested that the ASAN report wents away with this fix.
Change-Id: Id785737c4c015e5c638e9d9f6419d740d6cf83b9
|
|
Test-Information:
Still builds
Change-Id: I93cd349364093eae320104b5b551c25da47b1d74
|
|
Due to missing signal connection and a copy'n'paste bug, Swift did not
wait for port forwarding/public IP detection before emitting the list
of local candidates. This is fixed now.
The signal is automatically disconnected when the file transfer
is finished and s5bServerPortForwardingUser_ is freed.
Test-Information:
Send a file between two Swift instances and verified log output.
Change-Id: I6530a7ac1cbf6941061bd99aa3f3b0624ebc984c
|
|
Introducing SWIFT_NETWORK_TEST_IPV4 and SWIFT_NETWORK_TEST_IPV6 for
the host addresses used in BoostConnectionTest.cpp.
Passing these variables and ASAN/LSAN_OPTIONS for memory leak
detection when calling the test from SCons.
Test-Information:
Tested on Elementary OS with correct available hosts and unavailable
hosts. In both cases the behavior is the same as before.
Change-Id: I24128c766642c5a2ee273f7c11624525ae33e270
|
|
Test-Information:
Tested on Elementary OS with a LLVM/Clang 3.7.0 build. With this patch
the reports for the fixed locations are gone.
Change-Id: I0260fc85ad662335a69ace331f51ebe2f864ef97
|
|
This patch adds an option 'disconnectOnCardRemoval' to system-settings.xml which
when set to false allows the user's session to stay connected if the smartcard
is removed. The default value of this option is true if it is not specified.
Test-information:
Tested on Windows using NIST smartcards.
Tested true and false values set for this option in the file and also when
option is not specified (true).
Unit tests pass.
Change-Id: I7e421b4153ff7d3000f41999add20d339076c96e
|
|
Test-information:
Tested on Windows using WIP code.
Unit tests pass.
Change-Id: I766294e57dc6374830b865f3e57b07b67e7d2fe2
|
|
When the card is reset in shared mode (which is the mode we use), an application
trying to access certain commands will be returned the value SCARD_W_RESET_CARD.
When this occurs SCardReconnect() must be called. This wasn't done before so
this patch fixes it.
Also provides more logging for SCard function returns.
Test-information:
Tested on Windows using NIST smart cards.
Before the fix, the Card Removed Error was seen often even after the initial
connection was established. After the fix, the reconnect attempt is done so the
error is not seen.
Also verified that if a card is removed deliberately, then the user is logged
out.
Change-Id: I94748ab9ff944a79de655646e1e06a8b61776f4b
|
|
Test-information:
Tested on Windows using WIP GSSAPI code.
Unit tests pass.
Change-Id: I21f8f637480a21a014ec172431dd8d4a01a11620
|
|
In RFC 6120, there are only 2 places where "=" is allowed - in the initial
client auth and in the final server success response.
While testing challenge response exchanges in Kerberos, it was seen that Swift
was adding an '=' in other empty responses. This patch fixes it by sending an
empty response instead of an '='.
Test-information:
Tested on Windows using a WIP GSSAPI authentication exchange with M-Link.
Change-Id: I1f82bddbd1380361cbe43e45a2804156249582ae
|
Swift