pidgin: libpurple/protocols/msn/nexus.c comparison

comparison libpurple/protocols/msn/nexus.c @ 23476:9fdf0accd4aa

Finally got MSN token updating working (I think). So it seems after creating the signature, the xmlnode_to_str must have added some xmlns attributes which were sent to the server. I thought that CanonicalizationMethod stuff the XML specified meant the server would normalize everything nicely, but apparently not. I added the xmlns to the XML string before creating the signature and it looks like things work now. It just needs a full 8-hour test to be certain. Did a bit of re-factoring to the token response parsing, as well. It should now fail the first time something shows up that isn't expected, or if something is missing, instead of blindly going forward with half the tokens we requested. References #4875.

author	Elliott Sales de Andrade <qulogic@pidgin.im>
date	Sun, 15 Jun 2008 06:22:25 +0000
parents	1b98e2090a71
children	c5891c8d0c28

comparison

equal deleted inserted replaced

-:f85450504940
+:9fdf0accd4aa
 	int id;
 	GSourceFunc cb;
 	gpointer data;
 };
-static void
+static gboolean
-save_tokens(GHashTable *table, const char *str)
+nexus_parse_token(MsnNexus *nexus, int id, xmlnode *node)
 {
+	char *token_str, *expiry_str;
+	const char *id_str;
 	char **elems, **cur, **tokens;
+	xmlnode *token = xmlnode_get_child(node, "RequestedSecurityToken/BinarySecurityToken");
-	elems = g_strsplit(str, "&", 0);
+	xmlnode *secret = xmlnode_get_child(node, "RequestedProofToken/BinarySecret");
+	xmlnode *expires = xmlnode_get_child(node, "LifeTime/Expires");
+	if (!token)
+		return FALSE;
+	/* Use the ID that the server sent us */
+	if (id == -1) {
+		id_str = xmlnode_get_attrib(token, "Id");
+		if (id_str == NULL)
+			return FALSE;
+		id = atol(id_str + 7) - 1;	/* 'Compact#' or 'PPToken#' */
+		if (id >= nexus->token_len)
+			return FALSE;	/* Where did this come from? */
+	}
+	token_str = xmlnode_get_data(token);
+	if (token_str == NULL)
+		return FALSE;
+	elems = g_strsplit(token_str, "&", 0);
 	for (cur = elems; *cur != NULL; cur++) {
 		tokens = g_strsplit(*cur, "=", 2);
-		g_hash_table_insert(table, tokens[0], tokens[1]);
+		g_hash_table_insert(nexus->tokens[id].token, tokens[0], tokens[1]);
 		/* Don't free each of the tokens, only the array. */
 		g_free(tokens);
 	}
 	g_strfreev(elems);
+	g_free(token_str);
+	if (secret)
+		nexus->tokens[id].secret = xmlnode_get_data(secret);
+	else
+		nexus->tokens[id].secret = NULL;
+	/* Yay for MS using ISO-8601 */
+	expiry_str = xmlnode_get_data(expires);
+	nexus->tokens[id].expiry = purple_str_to_time(expiry_str,
+		FALSE, NULL, NULL, NULL);
+	g_free(expiry_str);
+	purple_debug_info("msnp15", "Updated ticket for domain '%s', expires at %" G_GINT64_FORMAT ".\n",
+	                  ticket_domains[id][SSO_VALID_TICKET_DOMAIN],
+	                  (gint64)nexus->tokens[id].expiry);
+	return TRUE;
 }
 static gboolean
-nexus_parse_response(MsnNexus *nexus, int id, xmlnode *xml)
+nexus_parse_response(MsnNexus *nexus, xmlnode *xml)
 {
 	xmlnode *node;
 	xmlnode *cipher;
 	xmlnode *secret;
 	char *data;
-	gboolean result = FALSE;
+	gboolean result;
-	gboolean parse_all = (id == -1);
 	node = xmlnode_get_child(xml, "Body/RequestSecurityTokenResponseCollection/RequestSecurityTokenResponse");
 	if (!node)
 		return FALSE;
 	secret = xmlnode_get_child(node, "RequestedProofToken/BinarySecret");
 	data = xmlnode_get_data(secret);
 	nexus->secret = (char *)purple_base64_decode(data, NULL);
 	g_free(data);
-	for (node = node->next; node; node = node->next) {
+	result = TRUE;
-		xmlnode *token = xmlnode_get_child(node, "RequestedSecurityToken/BinarySecurityToken");
+	for (node = node->next; node && result; node = node->next)
-		xmlnode *secret = xmlnode_get_child(node, "RequestedProofToken/BinarySecret");
+		result = nexus_parse_token(nexus, -1, node);
-		xmlnode *expires = xmlnode_get_child(node, "LifeTime/Expires");
-		if (token) {
-			char *token_str, *expiry_str;
-			const char *id_str = xmlnode_get_attrib(token, "Id");
-			if (id_str == NULL) continue;
-			if (parse_all)
-				id = atol(id_str + 7) - 1;	/* 'Compact#' or 'PPToken#' */
-			if (id >= nexus->token_len)
-				continue;	/* Where did this come from? */
-			token_str = xmlnode_get_data(token);
-			if (token_str == NULL) continue;
-			save_tokens(nexus->tokens[id].token, token_str);
-			g_free(token_str);
-			if (secret)
-				nexus->tokens[id].secret = xmlnode_get_data(secret);
-			else
-				nexus->tokens[id].secret = NULL;
-			/* Yay for MS using ISO-8601 */
-			expiry_str = xmlnode_get_data(expires);
-			nexus->tokens[id].expiry = purple_str_to_time(expiry_str,
-				FALSE, NULL, NULL, NULL);
-			g_free(expiry_str);
-			purple_debug_info("msnp15", "Updated ticket for domain '%s'\n",
-			                  ticket_domains[id][SSO_VALID_TICKET_DOMAIN]);
-			result = TRUE;
-		}
-	}
 	return result;
 }
 static void
 	if (resp == NULL) {
 		msn_session_set_error(session, MSN_ERROR_SERVCONN, _("Windows Live ID authentication:Unable to connect"));
 		return;
 	}
-	if (!nexus_parse_response(nexus, -1, resp->xml)) {
+	if (!nexus_parse_response(nexus, resp->xml)) {
 		msn_session_set_error(session, MSN_ERROR_SERVCONN, _("Windows Live ID authentication:Invalid response"));
 		return;
 	}
 	ticket = msn_nexus_get_token_str(nexus, MSN_AUTH_MESSENGER);
 	char *tmp;
 	char *nonce;
 	gsize len;
 	char *key;
+#if 0
 	char *decrypted_pp;
+#endif
 	char *decrypted_data;
 	purple_debug_info("msnp15", "Got Update Response for %s.\n", ticket_domains[ud->id][SSO_VALID_TICKET_DOMAIN]);
 	enckey = xmlnode_get_child(resp->xml, "Header/Security/DerivedKeyToken");
 	nonce = (char *)purple_base64_decode(tmp, &len);
 	key = rps_create_key(nexus->secret, 24, nonce, len);
 	g_free(tmp);
 	g_free(nonce);
+#if 0
+	/* Don't know what this is for yet */
 	tmp = xmlnode_get_data(xmlnode_get_child(resp->xml,
 		"Header/EncryptedPP/EncryptedData/CipherData/CipherValue"));
 	if (tmp) {
-		/* Don't know what this is for yet */
 		decrypted_pp = des3_cbc(key, iv, tmp, len, TRUE);
 		g_free(tmp);
 		purple_debug_info("msnp15", "Got Response Header EncryptedPP: %s\n", decrypted_pp);
 		g_free(decrypted_pp);
 	}
+#endif
 	tmp = xmlnode_get_data(xmlnode_get_child(resp->xml,
 		"Body/EncryptedData/CipherData/CipherValue"));
 	if (tmp) {
 		char *unescaped;
 		xmlnode *rstresponse;
 		unescaped = (char *)purple_base64_decode(tmp, &len);
 		g_free(tmp);
 		decrypted_data = des3_cbc(key, iv, unescaped, len, TRUE);
 		g_free(unescaped);
+		purple_debug_info("msnp15", "Got Response Body EncryptedData: %s\n", decrypted_data);
 		rstresponse = xmlnode_from_str(decrypted_data, -1);
 		g_hash_table_remove_all(nexus->tokens[ud->id].token);
-		save_tokens(nexus->tokens[ud->id].token,
+		nexus_parse_token(nexus, ud->id, rstresponse);
-			xmlnode_get_data(xmlnode_get_child(rstresponse,
-				"RequestSecurityTokenResponse/RequestedSecurityToken/BinarySecurityToken")));
-		purple_debug_info("msnp15", "Got Response Body EncryptedData: %s\n", decrypted_data);
 		g_free(decrypted_data);
 	}
 	if (ud->cb)
 		purple_timeout_add(0, ud->cb, ud->data);
 	ud->data = data;
 	sha1 = purple_cipher_context_new_by_name("sha1", NULL);
 	domain = g_strdup_printf(MSN_SSO_RST_TEMPLATE,
-	                         0,
+	                         id,
 	                         ticket_domains[id][SSO_VALID_TICKET_DOMAIN],
 	                         ticket_domains[id][SSO_VALID_TICKET_POLICY] != NULL ?
 	                             ticket_domains[id][SSO_VALID_TICKET_POLICY] :
 	                             nexus->policy);
 	purple_cipher_context_append(sha1, (guchar *)domain, strlen(domain));
 	g_free(now_str);
 	purple_cipher_context_destroy(sha1);
 	signedinfo = g_strdup_printf(MSN_SSO_SIGNEDINFO_TEMPLATE,
+	                             id,
 	                             domain_b64,
 	                             timestamp_b64);
 	for (i = 0; i < 6; i++)
 		nonce[i] = rand();

Mercurial > pidgin

comparison libpurple/protocols/msn/nexus.c @ 23476:9fdf0accd4aa