summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2015-11-10Add support for client certificate authentication in BOSHTobias Markmann
This allows to authenticate using SASL EXTERNAL over BOSH using a client TLS certificate for the HTTPS connection of the BOSH channel. The implementation also enforces the HTTPS server certificate of subsequent BOSH connections not to change. This commit also removes TLSConnection and TLSConnectionFactory as no code is using them. Test-Information: Tested against M-Link 16.3v6-0 on Debian 7.9 and Swift on OS X 10.10.5. Verified working client certificate authentication. Verified Swift not falling back to password-based authentication, in case EXTERNAL is not allowed by the server over BOSH or the client certificate is invalid. Change-Id: Ia96bcac27cac9fc9261ed847c82c6328307bfbd1
2015-11-10Fix Cocoa memory management error in Secure Transport backendTobias Markmann
The code was calling CFRelease on a null pointer, which runs into an assert inside CFRelease. Test-Information: The crash happened during client certificate authentication using the Secure Transport backend. With this patch the crash is gone. Change-Id: If389dcb8b8a20fdc5cf77219d6c5afb86c9c3634
2015-11-09Change virtual calls in ctors/dtors to be explicitTobias Markmann
Test-Information: Still builds and tests pass on OS X 10.10.5. Change-Id: Ic616e7b9de443ce34b46de63ac1bb0cca34b08ee
2015-11-09Change Windows to Unix line endingsTobias Markmann
Test-Information: Still builds and tests pass. Change-Id: I040423ab6f6934610e336f3af22d174a685af66a
2015-11-06Fix potential memory leaks in Cocoa API usageTobias Markmann
These errors were reported by Clang Analyzer. Test-Information: Verified that behavior is still as expected and Clang Analyzer does not report the warnings anymore. Change-Id: I149d75241f7680a6d2f2b6b710dd38d1ed81a209
2015-11-04Fix swiften handling when client certificate is missingGurmeen Bindra
This patch prevents SWIFTEN from logging in if provided with a missing PKCS12 file. Before this patch, swiften would attempt a password based login using operator JID and pwd of the P12 file when the P12 file was missing. This patch fixes it by checking the certificate and not initialising session stream and connection if the certificate is empty. It emits a disconnect with client certificate load error. The string for certificate load error has been modified to indicate a file or password invalid. Test-information: Tested by doing a certificate based bind to an XMPP server. Removed the PKCS#12 file and checked that swift gave a certificate error instead of doing pwd connect Change-Id: I1869a13f1f7135b6606f7383cd4a0356ffd6931b
2015-10-30Fix issues with HTTPTrafficFilter for HTTP proxy / BOSH usageTobias Markmann
This patch fixes the code to handle HTTP/1.0 proxies which do not keep the connection alive after a single request. If a HTTPTrafficFilter returns a new header reply, the HTTP CONNECT proxy code will issue the request over a new connection. The final connection is kept alive, as it used for the persistent connection forwarding. In addition, the response status line is now passed to the HTTPTrafficFilter handling method to provide ability to act upon the response status code. Missing passthrough of the HTTPTrafficFilter object the down the stack to the HTTPConnectProxiedConnection is added. Test-Information: Added a unit test following an NTLM HTTP proxy authentication with a static HTTPTrafficFilter. This and other unit tests still pass. Change-Id: Ida0d1aec08a60f10c1480e1eecaecbd3f87b0dca
2015-10-30Add support for OS X Secure Transport TLS backendTobias Markmann
Added integration tests for certificate validation and revocation behavior checking. Test-Information: Tested client login over TLS against Prosody and M-Link. Verified client certificate authentication works against M-Link. Change-Id: I6ad870f17adbf279f3bac913a3076909308a0021
2015-10-30Fix bug in FT candidate discovery in absence of S5B proxiesTobias Markmann
With this commit SOCKS5BytestreamProxiesManager::onDiscoveredProxiesChanged will be emitted even if no proxies are found. Move signal emission out of if/else scopes as it was present in both cases. Test-Information: Tested file-transfer with the sender located at a server without a S5B proxy. Change-Id: Ic79928e539a6f39f23bfda370d701bf6d9ca9cbf
2015-10-30Fix code in response to clang compiler warningsTobias Markmann
Test-Information: Code builds without warnings, unit tests still pass on OS X 10.10.5. Change-Id: I9108b53fb00b0fc85a8dd4e2a347e21d0e6008ab
2015-10-30Fix code in response to unused macro and private field warningsTobias Markmann
Test-Information: Build and tests pass successfully on OS X 10.10.5. Change-Id: I614586660796f9ef043156d09d998d39934a6eca
2015-10-30Add FileTransfer::getState() methodTobias Markmann
In addition, this adds the file-transfer classes to the Doxygen documentation. Test-Information: Unit and integration tests still pass. Change-Id: Ib6c16078c90ed56fae835cb2abfea8a564c3afa3
2015-10-30Change bare JID presence lookup code to ignore prioritiesTobias Markmann
Before presence handling code was handled by both, the ContactRosterItem in Swift and the PresenceOracle in Swiften. The ContactRosterItem also considered the presence priority for deciding what presence to show for a bare JID. With this code all full or bare JID presence requests are finally handled by the PresenceOracle. For bare JIDs it is looked up to a presence of one of the available resources of that JID regardless of the priorities. Test-Information: Adjusted tests according to above description and documentation in PresenceOracle. Change-Id: I972a4574f476cdf4d4b5593a035eb1c25ef2f8ba
2015-10-16Mark removed contacts as unavailable in SwiftTobias Markmann
When removing a contact, a XMPP client will not receive an explicit unavailable presence stanza for the contact from the server. Because of that Swift used to show removed contacts still with their old presence in the Chats tab or the chat view. With this patch, the PresenceOracle will flush all known presence of a contact as soon as the JID is removed from the roster. An unavailable presence will stored under the removed bare JID and is emitted via the PresenceOracle::onPresenceChange signal. Test-Information: Added a unit test verifying this behavior. Tested the behavior with two scenarios: a) Account A and B adding each other and accepting the subscription request. Starting a chat between A and B. After removing B in A's account, B used to be shown as available in the chat view and the Chats tab. With this patch B is shown as unavailable. b) Account A and B adding each other and accepting the subscription request. A removing B, and B removing A. After A adds B again, B used to be shown with the old presence even before B accepted the subscription request. This behavior is also fixed with this patch, not showing B as online until B accepted the subscription request. Change-Id: Iba97d3bedd0ac962ea00b25a0d2ed6106ed55a55
2015-10-16Add UTF-8 validation function and validate input to libIDN functionsTobias Markmann
This is required to protect against the CVE-2015-2059 vulnerability in libIDN. Test-Information: Added unit tests for UTF-8 validation and tested that existing unit tests still pass. Change-Id: I0a94136894c6e0004081456c59155a78a3dabf5f
2015-10-15Only bind full JID to ChatController on non-empty or typing messagesTobias Markmann
With this commit a ChatController is only bound to a full JID of a contact, if the incoming message of the contact has a non-empty body or is a 'typing' chat state notification. This avoids random binding to an arbitrary resource of a contact, that has multiple online resources and responds with delivery receipts. Test-Information: Tested with a conversation of a one resource account (A) to a two resource account (B). Sending two messages to B, the first used to go to both resources, then A would bind to the full JID and the second message would only go to one resource. With this fix all messages go to both resources, i.e. are send to the bare JID, until one resource of B replies. This binds the controller at A to the full JID of the reply of B. Change-Id: I8d9321a4226ab798e1196351ad087990d5dff8c3
2015-10-14Fix compiler warnings about unused variables/argumentsTobias Markmann
Test-Informations: Code compiles without warnings and tests still pass. Change-Id: If74c615706b8125c3c5186f0d940c103749ddb80
2015-10-14Fix memory leak warnings by Valgrind/LSANTobias Markmann
Test-Information: Both Valgrind and clang's leak sanitizer report a lot leaks on the FileTransferTest. With this commit it the stack traces related to the fixed leaks are gone. Change-Id: Idae9a81bcd8d97576d3f1469bf64490e0bfa7d55
2015-10-14Remove remains of OutgoingSIFileTransferTobias Markmann
This existing code was commented out. There are not tests for it and no counterpart for incoming transfers. We support Jingle-based file-transfers as the main file-transfer method, as do lots of other clients. Test-Informations: Tested the complete project still builds. Change-Id: Icf278165733fe481b4e2bc777a73bc420cf76398
2015-10-07Fix hang during file-transfer preparation with missing proxyTobias Markmann
The code used to call the onProxiesFound signal only if a proxy was found. In case of missing S5B proxy at the users server, the file-transfer preparation would hang. Now the code wants until the discovery phase is done and then calls the onProxiesFound signal with the list of discovered proxies. In case of missing S5B proxy server the signal is called with an empty list so the file-transfer flow can continue. Test-Information: Ran FileTransferTest integration test and manually tested a file-transfer on a server without S5B proxy. Change-Id: I31d3cc08fe6453b5cdfe6be286f884a920470d28
2015-09-25Do not flush vCard cache if IQ request returns an errorTobias Markmann
Test-Information: Adjusted the corresponding test case accordingly. Change-Id: I4626f09cd51bac2ff9ca97d5a7da5a173fc627a5
2015-09-22Add explicit includes for classes used in PlatformTLSFactoriesTobias Markmann
Furthermore removed unneeded includes. Test-Information: Still builds and unit tests pass. Change-Id: Ic7272e754c488f427b5ee6834f1d892028ea285d
2015-09-21Stop throwing out of range exception from dateTimeToLocalStringTobias Markmann
The dateTimeToLocalString uses boost functions that may throw an out of range exception for times earlier than 1970. This commit caches this exception and just returns an empty string in this case. Test-Information: Added a unit test to verify this behavior. Change-Id: I05eb17605331e14d9eac04fbfd286362e7d4eb46
2015-09-18Fix notification logic for signals in BlockListImplTobias Markmann
The logic for calling onItemAdded and onItemRemoved signals when setting a new list of block items using BlockListImpl::setItems used to be broken. This commit fixes and documents the correct signal notification behavior Test-Information: Added a unit test which verifies the notification behavior in case of added block list items, removed block list items and a complete change of the block list. Change-Id: I3061545e25ddfc2d9d1a3c987045a58e5c9230ac
2015-08-11Make access to deadline_timer thread-safeTobias Markmann
According to boost doucmentation shared deadline_timers are not thread-safe. Adding a mutext to protect access to boost::asio::deadline_timer instance in Swift::BoostTimer. This fixes a data-race reported by TSAN when running Swiften/QA/ClientTest/ClientTest. Test-Information: Verified that the data-race report is gone with this fix. Change-Id: I62c8c3a07d6ea16fe6e2d24c879340040406699b
2015-08-11Add missing virtual keyword on FileTransferManagerImpl dtorTobias Markmann
FileTransferManagerImpl should have a virtual dtor, as the parent class also has a virtual dtor. Test-Information: Unit tests still run. Change-Id: I72a0757a930254caadfd1463b3f90af6c4829bd0
2015-08-11Add 'check_headers' flag to scons for missing include detectionTobias Markmann
Running './scons check_headers=1 will compile each header file as an object file. Test-Information: Tested on OS X 10.9.5 and Elementary OS 0.2. Change-Id: Ia429ccc6dc0a5bd76c08a2c2e91bf192c6ad2901
2015-08-11Add note on use of Connector::stop()Kevin Smith
As the correct API usage might not be obvious Change-Id: I1d4887d7101ce59eb8f3a3dc13d94befe4a58948
2015-07-24Add missing includes for dependencies in public header filesTobias Markmann
Added Swiften/Base/Concat.h to the exception list for <algorithm> include, as Concat.h uses std::copy, defined in <algorithm>. Added Swiften/FileTransfer/S5BTransportSession.h to the exception list for <boost/bind.hpp> include, as S5BTransportSession.h declares a template class using boost::bind. Test-Information: Tested that each of Swiften's public header files compiles on its own. Change-Id: Iac794b6e0f5959cd8261888a67761813b710fe85
2015-07-21Explicitly disconnect from remaining resources in destructorsTobias Markmann
Explicitly disconnect from remaining resources in the ChainedConnected and ClientSessionStanzaChannel destructors, so the event loop will not call the signal handler methods on a freed object. Test-Information: Repeating the test case of creating a Swift::Client instance, connecting it and then deleting it after a random time below one second. On Mac OS X 10.9.5 running this test case causes two ASAN heap-use-after-free errors and with this patch the errors are gone. Change-Id: I3e48150c3633f4076ca9172aad9e85ba389df950
2015-07-20Do not reallocate FileTransferManager on connect of Clientswift-3.0beta2Tobias Markmann
Now Client allocates a FileTransferManager in its ctor and frees it in its dtor, like all the other resources of the Client class. This fixes an ASAN crash in the use case where you do a file transfer, go offline and online again and try to start another file transfer. Test-Information: Tested that the mentioned use case does not crash anymore, that file transfers still work, and that FileTransferTest still passes. Change-Id: Iddbcd8522af7df528bdc2b030fe616ad3f0c4701
2015-07-17Fix S5B proxy connection management for multiple hosts per JIDTobias Markmann
A recent commit introduced resolving of S5B proxy domain names to their IPv4 and IPv6 addresses. With that a proxy identified by a JID can have more than one host and we try them in parallel until the first succeeds. The old code just handled one host per proxy JID and a failed IPv6 attempt would override the succeeded connection. The code uses shared pointers and the succeeded connecting is deallocated and disconnected when it is replaced with the failing IPv6 connection. The result is the proxy server complaining that we are not connected as we try to activate the proxy stream. This commit changes the the proxy management to handle multiple connections per proxy JID. Failing connections are removed from the proxy sessions data structure. With the first succeeding connections, others are stopped and also removed. Test-Information: Tested on Linux (Elementary OS 0.2) with "Swiften/QA/FileTransferTest/FileTransferTest 4 4", which forces the use of SOCKS5 bytestream proxy. Change-Id: If3071c3d058e1040556bb72702bf83f4f5f25334
2015-07-16Fix memory leak in SOCKS5BytestreamServerManagerTobias Markmann
Test-Information: This LSAN reported leak is gone with this fix. Change-Id: Ib25fdfb7f4a82f62cd3f82ddb99f45618ea72ea9
2015-07-16Fix memory leaks in FileReadBytestream and FileWriteBytestreamTobias Markmann
Reported by LSAN. Test-Information: Detected by running FileTransferTest with LSAN on Linux. The leak reports for the allocations in FileReadBytestream and FileWriteBytestream are gone with this fix. Change-Id: I32711990eca0c9a2a2982837cfac38cb11a28caa
2015-07-14Add tests for Parsers and Serializers.Tarun Gupta
Adds InBandRegistrationPayloadParserTest, IBBSerializerTest, IsodeIQDelegationSerializerTest. Adds UserTune Parser and Serializer. Adds UserLocation Parser and Serializer. License: This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details. Test-Information: All tests passes. Change-Id: Ida220574c33ca9ee6f2aa8a2f4fba4c68e3fec60
2015-07-10Fix memory leaks reported by memcheck (Valgrind) in Jingle FT TestsTobias Markmann
Test-Information: Detected with valgrind-3.10.1 on OS X 10.9.5 and verified they are gone with this fix. Change-Id: I8cab09efd2227a8d43fa77bd2c315bd9b67435fb
2015-07-10Explicitly disconnect early from signals in candidate generatorTobias Markmann
This is an attempt to fix crash reports with a segmentation fault on call of onLocalTransportCandidatesGenerated(). Test-Information: Tested that file-transfer still works. Change-Id: I415be0d8bc5fa15dcd68d0794ee2478a0d836f27
2015-07-08Use GSSAPI when SSO is usedMili Verma
This patch uses the GSSAPI authenticator on Windows if the server advertises it and the client requests it. (The user is not able to request it in the UI yet) Also sends the manual port to the GSSAPI authenticator to construct the SPN if a non-default port is used. Test-information: Tested on Windows using WIP code. Tested both on TLS & without. Unit tests pass. Change-Id: I9a9ad9604fe084d5fb2003b7a91174a9512e2eec
2015-07-08Show canceled file-transfer by other party as canceled and not failedTobias Markmann
Test-Information: Added unit test that checks for the expected behavior. Change-Id: I4079bdc1182af466eedd2496b9837e024f14acb2
2015-07-08Create S5B proxy candidates for each DNS lookup resultTobias Markmann
If the S5B proxy lookup result has no direct IP address listed the name is resolved using DNS. This change will create a proxy result per resolved result address and not only the first result address. Test-Information: Verified the candidate list contains both entires for a proxy name that resolves to an A and an AAAA record. Change-Id: Iec21ff90af981030ff49fb53803d88a59694767c
2015-07-08Stop timer when SOCKS5BytestreamClientSession is deletedTobias Markmann
ASAN reported heap-use-after-free because if the timer is running and an instance is freed, the signal of the timer is still emitted and connected slots are called. Test-Information: Tested that the ASAN report wents away with this fix. Change-Id: Id785737c4c015e5c638e9d9f6419d740d6cf83b9
2015-07-08Rearranged initialization list to be in sync with sequence in headerTobias Markmann
Test-Information: Still builds Change-Id: I93cd349364093eae320104b5b551c25da47b1d74
2015-07-08Wait for assisted candidate detection before emitting candidatesTobias Markmann
Due to missing signal connection and a copy'n'paste bug, Swift did not wait for port forwarding/public IP detection before emitting the list of local candidates. This is fixed now. The signal is automatically disconnected when the file transfer is finished and s5bServerPortForwardingUser_ is freed. Test-Information: Send a file between two Swift instances and verified log output. Change-Id: I6530a7ac1cbf6941061bd99aa3f3b0624ebc984c
2015-07-07Use environment variables for addresses used in NetworkTestTobias Markmann
Introducing SWIFT_NETWORK_TEST_IPV4 and SWIFT_NETWORK_TEST_IPV6 for the host addresses used in BoostConnectionTest.cpp. Passing these variables and ASAN/LSAN_OPTIONS for memory leak detection when calling the test from SCons. Test-Information: Tested on Elementary OS with correct available hosts and unavailable hosts. In both cases the behavior is the same as before. Change-Id: I24128c766642c5a2ee273f7c11624525ae33e270
2015-07-07Fix memory leaks reported by ASANTobias Markmann
Test-Information: Tested on Elementary OS with a LLVM/Clang 3.7.0 build. With this patch the reports for the fixed locations are gone. Change-Id: I0260fc85ad662335a69ace331f51ebe2f864ef97
2015-07-07Add hidden option to prevent disconnect when smartcard removedMili Verma
This patch adds an option 'disconnectOnCardRemoval' to system-settings.xml which when set to false allows the user's session to stay connected if the smartcard is removed. The default value of this option is true if it is not specified. Test-information: Tested on Windows using NIST smartcards. Tested true and false values set for this option in the file and also when option is not specified (true). Unit tests pass. Change-Id: I7e421b4153ff7d3000f41999add20d339076c96e
2015-07-06Add GSSAPI client authenticatorMili Verma
Test-information: Tested on Windows using WIP code. Unit tests pass. Change-Id: I766294e57dc6374830b865f3e57b07b67e7d2fe2
2015-07-02Reestablish connection with smart cardMili Verma
When the card is reset in shared mode (which is the mode we use), an application trying to access certain commands will be returned the value SCARD_W_RESET_CARD. When this occurs SCardReconnect() must be called. This wasn't done before so this patch fixes it. Also provides more logging for SCard function returns. Test-information: Tested on Windows using NIST smart cards. Before the fix, the Card Removed Error was seen often even after the initial connection was established. After the fix, the reconnect attempt is done so the error is not seen. Also verified that if a card is removed deliberately, then the user is logged out. Change-Id: I94748ab9ff944a79de655646e1e06a8b61776f4b
2015-06-30Add wrappers for Windows API to be used in GSSAPIMili Verma
Test-information: Tested on Windows using WIP GSSAPI code. Unit tests pass. Change-Id: I21f8f637480a21a014ec172431dd8d4a01a11620
2015-06-30Remove when sending an empty responseMili Verma
In RFC 6120, there are only 2 places where "=" is allowed - in the initial client auth and in the final server success response. While testing challenge response exchanges in Kerberos, it was seen that Swift was adding an '=' in other empty responses. This patch fixes it by sending an empty response instead of an '='. Test-information: Tested on Windows using a WIP GSSAPI authentication exchange with M-Link. Change-Id: I1f82bddbd1380361cbe43e45a2804156249582ae