Mercurial > pidgin
comparison libpurple/protocols/jabber/adhoccommands.c @ 17884:feac55968392
Now all ad-hoc commands have to be sent through jabber_adhoc_execute to be properly executed (including the form steps). This cleans up the code a bit, and avoids DOS attacks by flooding the client with malicious ad-hoc command forms that were not requested.
author | Andreas Monitzer <pidgin@monitzer.com> |
---|---|
date | Mon, 25 Jun 2007 20:07:31 +0000 |
parents | 9a19c46adf66 |
children | 49fe31a64716 |
comparison
equal
deleted
inserted
replaced
17883:9a19c46adf66 | 17884:feac55968392 |
---|---|
120 g_free(actionInfo->node); | 120 g_free(actionInfo->node); |
121 | 121 |
122 jabber_iq_send(iq); | 122 jabber_iq_send(iq); |
123 } | 123 } |
124 | 124 |
125 void jabber_adhoc_parse(JabberStream *js, xmlnode *packet) { | 125 static void jabber_adhoc_parse(JabberStream *js, xmlnode *packet, gpointer data) { |
126 xmlnode *command = xmlnode_get_child_with_namespace(packet, "command", "http://jabber.org/protocol/commands"); | 126 xmlnode *command = xmlnode_get_child_with_namespace(packet, "command", "http://jabber.org/protocol/commands"); |
127 const char *status = xmlnode_get_attrib(command,"status"); | 127 const char *status = xmlnode_get_attrib(command,"status"); |
128 xmlnode *xdata = xmlnode_get_child_with_namespace(command,"x","jabber:x:data"); | 128 xmlnode *xdata = xmlnode_get_child_with_namespace(command,"x","jabber:x:data"); |
129 | 129 |
130 if(!status) | 130 if(!status) |
179 | 179 |
180 jabber_x_data_request_with_actions(js,xdata,actionslist,actionindex,do_adhoc_action_cb,actionInfo); | 180 jabber_x_data_request_with_actions(js,xdata,actionslist,actionindex,do_adhoc_action_cb,actionInfo); |
181 } | 181 } |
182 } | 182 } |
183 | 183 |
184 void jabber_adhoc_execute(PurpleBlistNode *node, gpointer data) { | 184 void jabber_adhoc_execute_action(PurpleBlistNode *node, gpointer data) { |
185 if (PURPLE_BLIST_NODE_IS_BUDDY(node)) { | 185 if (PURPLE_BLIST_NODE_IS_BUDDY(node)) { |
186 JabberAdHocCommands *cmd = data; | 186 JabberAdHocCommands *cmd = data; |
187 PurpleBuddy *buddy = (PurpleBuddy *) node; | 187 PurpleBuddy *buddy = (PurpleBuddy *) node; |
188 JabberStream *js = purple_account_get_connection(buddy->account)->proto_data; | 188 JabberStream *js = purple_account_get_connection(buddy->account)->proto_data; |
189 JabberIq *iq = jabber_iq_new(js, JABBER_IQ_SET); | 189 |
190 xmlnode *command = xmlnode_new_child(iq->node,"command"); | 190 jabber_adhoc_execute(js, cmd); |
191 xmlnode_set_attrib(iq->node,"to",cmd->jid); | |
192 xmlnode_set_namespace(command,"http://jabber.org/protocol/commands"); | |
193 xmlnode_set_attrib(command,"node",cmd->node); | |
194 xmlnode_set_attrib(command,"action","execute"); | |
195 | |
196 /* we don't need to set a callback, since jabber_adhoc_parse is run for all replies */ | |
197 | |
198 jabber_iq_send(iq); | |
199 } | 191 } |
200 } | 192 } |
201 | 193 |
202 static void jabber_adhoc_server_got_list_cb(JabberStream *js, xmlnode *packet, gpointer data) { | 194 static void jabber_adhoc_server_got_list_cb(JabberStream *js, xmlnode *packet, gpointer data) { |
203 xmlnode *query = xmlnode_get_child_with_namespace(packet, "query", "http://jabber.org/protocol/disco#items"); | 195 xmlnode *query = xmlnode_get_child_with_namespace(packet, "query", "http://jabber.org/protocol/disco#items"); |
241 | 233 |
242 jabber_iq_set_callback(iq,jabber_adhoc_server_got_list_cb,NULL); | 234 jabber_iq_set_callback(iq,jabber_adhoc_server_got_list_cb,NULL); |
243 jabber_iq_send(iq); | 235 jabber_iq_send(iq); |
244 } | 236 } |
245 | 237 |
238 void jabber_adhoc_execute(JabberStream *js, JabberAdHocCommands *cmd) { | |
239 JabberIq *iq = jabber_iq_new(js, JABBER_IQ_SET); | |
240 xmlnode *command = xmlnode_new_child(iq->node,"command"); | |
241 xmlnode_set_attrib(iq->node,"to",cmd->jid); | |
242 xmlnode_set_namespace(command,"http://jabber.org/protocol/commands"); | |
243 xmlnode_set_attrib(command,"node",cmd->node); | |
244 xmlnode_set_attrib(command,"action","execute"); | |
245 | |
246 jabber_iq_set_callback(iq,jabber_adhoc_parse,NULL); | |
247 | |
248 jabber_iq_send(iq); | |
249 } | |
250 | |
246 void jabber_adhoc_server_execute(PurplePluginAction *action) { | 251 void jabber_adhoc_server_execute(PurplePluginAction *action) { |
247 JabberAdHocCommands *cmd = action->user_data; | 252 JabberAdHocCommands *cmd = action->user_data; |
248 if(cmd) { | 253 if(cmd) { |
249 PurpleConnection *gc = (PurpleConnection *) action->context; | 254 PurpleConnection *gc = (PurpleConnection *) action->context; |
250 JabberStream *js = gc->proto_data; | 255 JabberStream *js = gc->proto_data; |
251 | 256 |
252 JabberIq *iq = jabber_iq_new(js, JABBER_IQ_SET); | 257 jabber_adhoc_execute(js, cmd); |
253 xmlnode *command = xmlnode_new_child(iq->node,"command"); | |
254 xmlnode_set_attrib(iq->node,"to",cmd->jid); | |
255 xmlnode_set_namespace(command,"http://jabber.org/protocol/commands"); | |
256 xmlnode_set_attrib(command,"node",cmd->node); | |
257 xmlnode_set_attrib(command,"action","execute"); | |
258 | |
259 /* we don't need to set a callback, since jabber_adhoc_parse is run for all replies */ | |
260 | |
261 jabber_iq_send(iq); | |
262 } | 258 } |
263 } | 259 } |
264 | 260 |
265 void jabber_adhoc_init_server_commands(JabberStream *js, GList **m) { | 261 void jabber_adhoc_init_server_commands(JabberStream *js, GList **m) { |
266 GList *cmdlst; | 262 GList *cmdlst; |