Skip to content

Commit

Permalink
ChatServer-399
Browse files Browse the repository at this point in the history 
Imported from ChatServer-399.tar.gz
  • Loading branch information
@AppleOSSDistributions
AppleOSSDistributions committed Oct 6, 2021
1 parent a1abc3b commit aab7377
Show file tree
Hide file tree
Showing 585 changed files with 1,845 additions and 239,864 deletions.
181 changes: 41 additions & 140 deletions ChatServer2.xcodeproj/project.pbxproj
View file

Large diffs are not rendered by default.

412 changes: 94 additions & 318 deletions Makefile
View file

Large diffs are not rendered by default.

33 changes: 15 additions & 18 deletions apple_patch/pre_configure/jabberd2/c2s/authreg.c.patch
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
--- /tmp/jabberd-2.2.13/c2s/authreg.c 2011-02-23 08:24:34.000000000 -0800
+++ ./jabberd2/c2s/authreg.c 2011-03-01 10:13:14.000000000 -0800
--- /tmp/jabberd-2.2.17/c2s/authreg.c 2012-02-12 10:56:09.000000000 -0800
+++ ./jabberd2/c2s/authreg.c 2012-08-28 18:48:59.000000000 -0700
@@ -27,6 +27,8 @@
#include <dlfcn.h>
#endif
Expand All @@ -9,7 +9,7 @@
/* authreg module manager */

typedef struct _authreg_error_st {
@@ -121,7 +123,7 @@ void authreg_free(authreg_t ar) {
@@ -131,7 +133,7 @@ inline static void _authreg_auth_log(c2s

/** auth get handler */
static void _authreg_auth_get(c2s_t c2s, sess_t sess, nad_t nad) {
Expand All @@ -18,7 +18,7 @@
char username[1024], id[128];
int ar_mechs;

@@ -155,7 +157,7 @@ static void _authreg_auth_get(c2s_t c2s,
@@ -165,7 +167,7 @@ static void _authreg_auth_get(c2s_t c2s,
ar_mechs = ar_mechs | c2s->ar_ssl_mechanisms;

/* no point going on if we have no mechanisms */
Expand All @@ -27,7 +27,7 @@
sx_nad_write(sess->s, stanza_tofrom(stanza_error(nad, 0, stanza_err_FORBIDDEN), 0));
return;
}
@@ -199,6 +201,19 @@ static void _authreg_auth_get(c2s_t c2s,
@@ -209,6 +211,19 @@ static void _authreg_auth_get(c2s_t c2s,
if(ar_mechs & AR_MECH_TRAD_DIGEST && c2s->ar->get_password != NULL)
nad_append_elem(nad, ns, "digest", 2);

Expand All @@ -47,16 +47,7 @@
/* give it back to the client */
sx_nad_write(sess->s, nad);

@@ -260,7 +275,7 @@ static void _authreg_auth_set(c2s_t c2s,
ar_mechs = ar_mechs | c2s->ar_ssl_mechanisms;

/* no point going on if we have no mechanisms */
- if(!(ar_mechs & (AR_MECH_TRAD_PLAIN | AR_MECH_TRAD_DIGEST))) {
+ if(!(ar_mechs & (AR_MECH_TRAD_PLAIN | AR_MECH_TRAD_DIGEST | AR_MECH_TRAD_CRAMMD5))) {
sx_nad_write(sess->s, stanza_tofrom(stanza_error(nad, 0, stanza_err_FORBIDDEN), 0));
return;
}
@@ -271,6 +286,24 @@ static void _authreg_auth_set(c2s_t c2s,
@@ -281,6 +296,24 @@ static void _authreg_auth_set(c2s_t c2s,
return;
}

Expand All @@ -81,30 +72,36 @@
/* digest auth */
if(!authd && ar_mechs & AR_MECH_TRAD_DIGEST && c2s->ar->get_password != NULL)
{
@@ -286,6 +319,9 @@ static void _authreg_auth_set(c2s_t c2s,
@@ -296,7 +329,10 @@ static void _authreg_auth_set(c2s_t c2s,
{
log_debug(ZONE, "digest auth succeeded");
authd = 1;
- _authreg_auth_log(c2s, sess, "traditional.digest", username, resource, TRUE);
+ //_authreg_auth_log(c2s, sess, "traditional.digest", username, resource, TRUE);
+ auth_event_log_simple(username, sess->s->ip, sess->s->port, "traditional.digest", eAuthSuccess);
+ } else {
+ auth_event_log_simple(username, sess->s->ip, sess->s->port, "traditional.digest", eAuthFailure);
}
}
}
@@ -301,6 +337,9 @@ static void _authreg_auth_set(c2s_t c2s,
@@ -312,7 +348,10 @@ static void _authreg_auth_set(c2s_t c2s,
{
log_debug(ZONE, "plaintext auth (compare) succeeded");
authd = 1;
- _authreg_auth_log(c2s, sess, "traditional.plain(compare)", username, resource, TRUE);
+ //_authreg_auth_log(c2s, sess, "traditional.plain(compare)", username, resource, TRUE);
+ auth_event_log_simple(username, sess->s->ip, sess->s->port, "traditional.plain(compare)", eAuthSuccess);
+ } else {
+ auth_event_log_simple(username, sess->s->ip, sess->s->port, "traditional.plain(compare)", eAuthFailure);
}
}
}
@@ -316,6 +355,9 @@ static void _authreg_auth_set(c2s_t c2s,
@@ -328,7 +367,10 @@ static void _authreg_auth_set(c2s_t c2s,
{
log_debug(ZONE, "plaintext auth (check) succeded");
authd = 1;
- _authreg_auth_log(c2s, sess, "traditional.plain", username, resource, TRUE);
+ //_authreg_auth_log(c2s, sess, "traditional.plain", username, resource, TRUE);
+ auth_event_log_simple(username, sess->s->ip, sess->s->port, "traditional.plain", eAuthSuccess);
+ } else {
+ auth_event_log_simple(username, sess->s->ip, sess->s->port, "traditional.plain", eAuthFailure);
Expand Down
69 changes: 8 additions & 61 deletions apple_patch/pre_configure/jabberd2/c2s/c2s.c.patch
View file
Original file line number Diff line number Diff line change
@@ -1,42 +1,13 @@
--- /tmp/jabberd-2.2.13/c2s/c2s.c 2011-02-23 08:24:34.000000000 -0800
+++ ./jabberd2/c2s/c2s.c 2011-02-24 16:25:21.000000000 -0800
@@ -29,6 +29,7 @@ static int _c2s_client_sx_callback(sx_t
nad_t nad;
char root[9];
bres_t bres, ires;
+ stream_redirect_t redirect;

switch(e) {
case event_WANT_READ:
@@ -178,6 +179,20 @@ static int _c2s_client_sx_callback(sx_t
return 0;
}

+ /* send a see-other-host error if we're configured to do so */
+ redirect = (stream_redirect_t) xhash_get(sess->c2s->stream_redirects, s->req_to);
+ if (redirect != NULL) {
+ log_debug(ZONE, "redirecting client's stream using see-other-host for domain: '%s'", s->req_to);
+ len = strlen(redirect->to_address) + strlen(redirect->to_port) + 1;
+ char *other_host = (char *) malloc(len+1);
+ snprintf(other_host, len+1, "%s:%s", redirect->to_address, redirect->to_port);
+ sx_error_extended(s, stream_err_SEE_OTHER_HOST, other_host);
+ free(other_host);
+ sx_close(s);
+
+ return 0;
+ }
+
/* setup the host */
sess->host = xhash_get(sess->c2s->hosts, s->req_to);

@@ -472,6 +487,35 @@ static int _c2s_client_sx_callback(sx_t
--- /tmp/jabberd-2.2.17/c2s/c2s.c 2012-07-11 13:06:15.000000000 -0700
+++ ./jabberd2/c2s/c2s.c 2012-08-28 18:48:59.000000000 -0700
@@ -488,6 +488,35 @@ static int _c2s_client_sx_callback(sx_t

/* they sasl auth'd, so we only want the new-style session start */
else {
+ /* Apple SACL check */
+#ifdef APPLE_ENABLE_OD_AUTH
+ int iResult = 0;
+ if (NULL != sess->c2s->ar_authorization_sacl_name) {
+ if (NULL != sess->c2s->ar_authorization_sacl_name) {
+ jid_t jid;
+ jid = jid_new(sess->s->auth_id, -1);
+ if (NULL == jid) {
Expand All @@ -62,26 +33,10 @@
+ if (0 != iResult)
+ break;
+#endif
log_write(sess->c2s->log, LOG_NOTICE, "[%d] SASL authentication succeeded: mechanism=%s; authzid=%s%s%s", sess->s->tag, &sess->s->auth_method[5], sess->s->auth_id, sess->s->ssf ? ", TLS negotiated" : "", sess->s->compressed ? ", ZLIB compression enabled" : "");
sess->sasl_authd = 1;
}
@@ -480,6 +524,7 @@ static int _c2s_client_sx_callback(sx_t

case event_CLOSED:
mio_close(sess->c2s->mio, sess->fd);
+ sess->fd = NULL;
return -1;
}

@@ -595,6 +640,7 @@ static int _c2s_client_mio_callback(mio_

/* give IP to SX */
sess->s->ip = sess->ip;
+ sess->s->port = sess->port;

/* find out which port this is */
getsockname(fd->fd, (struct sockaddr *) &sa, &namelen);
@@ -798,7 +844,7 @@ int c2s_router_sx_callback(sx_t s, sx_ev
log_write(sess->c2s->log, LOG_NOTICE, "[%d] %s authentication succeeded: %s %s:%d%s%s",
sess->s->tag, &sess->s->auth_method[5],
sess->s->auth_id, sess->s->ip, sess->s->port,
@@ -820,7 +849,7 @@ int c2s_router_sx_callback(sx_t s, sx_ev
if(ns >= 0) {
elem = nad_find_elem(nad, 0, ns, "starttls", 1);
if(elem >= 0) {
Expand All @@ -90,11 +45,3 @@
nad_free(nad);
return 0;
}
@@ -1299,6 +1345,7 @@ int c2s_router_sx_callback(sx_t s, sx_ev

case event_CLOSED:
mio_close(c2s->mio, c2s->fd);
+ c2s->fd = NULL;
return -1;
}

38 changes: 10 additions & 28 deletions apple_patch/pre_configure/jabberd2/c2s/c2s.h.patch
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
--- /tmp/jabberd-2.2.13/c2s/c2s.h 2011-02-23 08:24:34.000000000 -0800
+++ ./jabberd2/c2s/c2s.h 2011-03-30 21:57:57.000000000 -0700
--- /tmp/jabberd-2.2.17/c2s/c2s.h 2012-02-12 12:31:41.000000000 -0800
+++ ./jabberd2/c2s/c2s.h 2012-08-28 18:48:59.000000000 -0700
@@ -27,6 +27,7 @@
#include "mio/mio.h"
#include "sx/sx.h"
Expand Down Expand Up @@ -45,35 +45,25 @@
mio_t mio;
@@ -206,6 +216,9 @@ struct c2s_st {
/** encrypted port cachain file */
char *local_cachain;
char *local_cachain;

+ /** private key password */
+ char *local_private_key_password;
+
/** verify-mode */
int local_verify_mode;

@@ -217,6 +230,9 @@ struct c2s_st {
int pbx_pipe_fd;
mio_fd_t pbx_pipe_mio_fd;

+ /** stream redirection (see-other-host) on session connect */
+ xht stream_redirects;
+
/** max file descriptors */
int io_max_fds;

@@ -238,6 +254,9 @@ struct c2s_st {
@@ -241,6 +254,9 @@ struct c2s_st {
int ar_mechanisms;
int ar_ssl_mechanisms;

+ /** APPLE: Name of SACL to use for authorization */
+ char *ar_authorization_sacl_name;
+
+
/** connection rates */
int conn_rate_total;
int conn_rate_seconds;
@@ -325,6 +344,10 @@ struct authreg_st
@@ -328,6 +344,10 @@ struct authreg_st

/** returns 1 if the user is permitted to authorize as the requested_user, 0 if not. requested_user is a JID */
int (*user_authz_allowed)(authreg_t ar, char *username, char *realm, char *requested_user);
Expand All @@ -84,18 +74,10 @@
};

/** get a handle for a single module */
@@ -356,3 +379,18 @@ union xhashv
char **char_val;
sess_t *sess_val;
};
+
+// Data for stream redirect errors
+typedef struct stream_redirect_st
+{
+ char *to_address;
+ char *to_port;
+} *stream_redirect_t;
+
@@ -367,3 +387,10 @@ typedef struct stream_redirect_st
char *to_port;
} *stream_redirect_t;

+/* Apple OD authentication/authorization */
+#define APPLE_ENABLE_OD_AUTH 1
+
Expand Down
Loading

0 comments on commit aab7377

Please sign in to comment.