view libpurple/protocols/silc10/ft.c @ 31819:70ff869a74d1

Open an explorer.exe window at the location of the file when clicking on a file link instead of executing the file, because executing a file can be potentially dangerous. Problem discovered by James Burton of Insomnia Security. Fixed by Eion Robb.
author Mark Doliner <mark@kingant.net>
date Thu, 18 Aug 2011 08:38:23 +0000
parents ba1b50f114f6
children
line wrap: on
line source

/*

  silcpurple_ft.c

  Author: Pekka Riikonen <priikone@silcnet.org>

  Copyright (C) 2004 Pekka Riikonen

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; version 2 of the License.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

*/

#include "silcincludes.h"
#include "silcclient.h"
#include "silcpurple.h"

/****************************** File Transfer ********************************/

/* This implements the secure file transfer protocol (SFTP) using the SILC
   SFTP library implementation.  The API we use from the SILC Toolkit is the
   SILC Client file transfer API, as it provides a simple file transfer we
   need in this case.  We could use the SILC SFTP API directly, but it would
   be an overkill since we'd effectively re-implement the file transfer what
   the SILC Client's file transfer API already provides.

   From Purple we do NOT use the FT API to do the transfer as it is very limiting.
   In fact it does not suite to file transfers like SFTP at all.  For example,
   it assumes that read operations are synchronous what they are not in SFTP.
   It also assumes that the file transfer socket is to be handled by the Purple
   eventloop, and this naturally is something we don't want to do in case of
   SILC Toolkit.  The FT API suites well to purely stream based file transfers
   like HTTP GET and similar.

   For this reason, we directly access the Purple GKT FT API and hack the FT
   API to merely provide the user interface experience and all the magic
   is done in the SILC Toolkit.  Ie. we update the statistics information in
   the FT API for user interface, and that's it.  A bit dirty but until the
   FT API gets better this is the way to go.  Good thing that FT API allowed
   us to do this. */

typedef struct {
	SilcPurple sg;
	SilcClientEntry client_entry;
	SilcUInt32 session_id;
	char *hostname;
	SilcUInt16 port;
	PurpleXfer *xfer;

	SilcClientFileName completion;
	void *completion_context;
} *SilcPurpleXfer;

static void
silcpurple_ftp_monitor(SilcClient client,
		     SilcClientConnection conn,
		     SilcClientMonitorStatus status,
		     SilcClientFileError error,
		     SilcUInt64 offset,
		     SilcUInt64 filesize,
		     SilcClientEntry client_entry,
		     SilcUInt32 session_id,
		     const char *filepath,
		     void *context)
{
	SilcPurpleXfer xfer = context;
	PurpleConnection *gc = xfer->sg->gc;
	char tmp[256];

	if (status == SILC_CLIENT_FILE_MONITOR_CLOSED) {
		purple_xfer_unref(xfer->xfer);
		silc_free(xfer);
		return;
	}

	if (status == SILC_CLIENT_FILE_MONITOR_KEY_AGREEMENT)
		return;

	if (status == SILC_CLIENT_FILE_MONITOR_ERROR) {
		if (error == SILC_CLIENT_FILE_NO_SUCH_FILE) {
			g_snprintf(tmp, sizeof(tmp), "No such file %s",
				   filepath ? filepath : "[N/A]");
			purple_notify_error(gc, _("Secure File Transfer"),
					  _("Error during file transfer"), tmp);
		} else if (error == SILC_CLIENT_FILE_PERMISSION_DENIED) {
			purple_notify_error(gc, _("Secure File Transfer"),
					  _("Error during file transfer"),
					  _("Permission denied"));
		} else if (error == SILC_CLIENT_FILE_KEY_AGREEMENT_FAILED) {
			purple_notify_error(gc, _("Secure File Transfer"),
					  _("Error during file transfer"),
					  _("Key agreement failed"));
		} else if (error == SILC_CLIENT_FILE_UNKNOWN_SESSION) {
			purple_notify_error(gc, _("Secure File Transfer"),
					  _("Error during file transfer"),
					  _("File transfer session does not exist"));
		} else {
			purple_notify_error(gc, _("Secure File Transfer"),
					  _("Error during file transfer"), NULL);
		}
		silc_client_file_close(client, conn, session_id);
		purple_xfer_unref(xfer->xfer);
		silc_free(xfer);
		return;
	}

	/* Update file transfer UI */
	if (!offset && filesize)
		purple_xfer_set_size(xfer->xfer, filesize);
	if (offset && filesize) {
		xfer->xfer->bytes_sent = offset;
		xfer->xfer->bytes_remaining = filesize - offset;
	}
	purple_xfer_update_progress(xfer->xfer);

	if (status == SILC_CLIENT_FILE_MONITOR_SEND ||
	    status == SILC_CLIENT_FILE_MONITOR_RECEIVE) {
		if (offset == filesize) {
			/* Download finished */
			purple_xfer_set_completed(xfer->xfer, TRUE);
			silc_client_file_close(client, conn, session_id);
		}
	}
}

static void
silcpurple_ftp_cancel(PurpleXfer *x)
{
	SilcPurpleXfer xfer = x->data;
	xfer->xfer->status = PURPLE_XFER_STATUS_CANCEL_LOCAL;
	purple_xfer_update_progress(xfer->xfer);
	silc_client_file_close(xfer->sg->client, xfer->sg->conn, xfer->session_id);
}

static void
silcpurple_ftp_ask_name_cancel(PurpleXfer *x)
{
	SilcPurpleXfer xfer = x->data;

	/* Cancel the transmission */
	xfer->completion(NULL, xfer->completion_context);
	silc_client_file_close(xfer->sg->client, xfer->sg->conn, xfer->session_id);
}

static void
silcpurple_ftp_ask_name_ok(PurpleXfer *x)
{
	SilcPurpleXfer xfer = x->data;
	const char *name;

	name = purple_xfer_get_local_filename(x);
	g_unlink(name);
	xfer->completion(name, xfer->completion_context);
}

static void
silcpurple_ftp_ask_name(SilcClient client,
		      SilcClientConnection conn,
		      SilcUInt32 session_id,
		      const char *remote_filename,
		      SilcClientFileName completion,
		      void *completion_context,
		      void *context)
{
	SilcPurpleXfer xfer = context;

	xfer->completion = completion;
	xfer->completion_context = completion_context;

	purple_xfer_set_init_fnc(xfer->xfer, silcpurple_ftp_ask_name_ok);
	purple_xfer_set_request_denied_fnc(xfer->xfer, silcpurple_ftp_ask_name_cancel);

	/* Request to save the file */
	purple_xfer_set_filename(xfer->xfer, remote_filename);
	purple_xfer_request(xfer->xfer);
}

static void
silcpurple_ftp_request_result(PurpleXfer *x)
{
	SilcPurpleXfer xfer = x->data;
	SilcClientFileError status;
	PurpleConnection *gc = xfer->sg->gc;

	if (purple_xfer_get_status(x) != PURPLE_XFER_STATUS_ACCEPTED)
		return;

	/* Start the file transfer */
	status = silc_client_file_receive(xfer->sg->client, xfer->sg->conn,
					  silcpurple_ftp_monitor, xfer,
					  NULL, xfer->session_id,
					  silcpurple_ftp_ask_name, xfer);
	switch (status) {
	case SILC_CLIENT_FILE_OK:
		return;
		break;

	case SILC_CLIENT_FILE_UNKNOWN_SESSION:
		purple_notify_error(gc, _("Secure File Transfer"),
				  _("No file transfer session active"), NULL);
		break;

	case SILC_CLIENT_FILE_ALREADY_STARTED:
		purple_notify_error(gc, _("Secure File Transfer"),
				  _("File transfer already started"), NULL);
		break;

	case SILC_CLIENT_FILE_KEY_AGREEMENT_FAILED:
		purple_notify_error(gc, _("Secure File Transfer"),
				  _("Could not perform key agreement for file transfer"),
				  NULL);
		break;

	default:
		purple_notify_error(gc, _("Secure File Transfer"),
				  _("Could not start the file transfer"), NULL);
		break;
	}

	/* Error */
	purple_xfer_unref(xfer->xfer);
	g_free(xfer->hostname);
	silc_free(xfer);
}

static void
silcpurple_ftp_request_denied(PurpleXfer *x)
{

}

void silcpurple_ftp_request(SilcClient client, SilcClientConnection conn,
			  SilcClientEntry client_entry, SilcUInt32 session_id,
			  const char *hostname, SilcUInt16 port)
{
	PurpleConnection *gc = client->application;
	SilcPurple sg = gc->proto_data;
	SilcPurpleXfer xfer;

	xfer = silc_calloc(1, sizeof(*xfer));
	if (!xfer) {
		silc_client_file_close(sg->client, sg->conn, session_id);
		return;
	}

	xfer->sg = sg;
	xfer->client_entry = client_entry;
	xfer->session_id = session_id;
	xfer->hostname = g_strdup(hostname);
	xfer->port = port;
	xfer->xfer = purple_xfer_new(xfer->sg->account, PURPLE_XFER_RECEIVE,
				   xfer->client_entry->nickname);
	if (!xfer->xfer) {
		silc_client_file_close(xfer->sg->client, xfer->sg->conn, xfer->session_id);
		g_free(xfer->hostname);
		silc_free(xfer);
		return;
	}
	purple_xfer_set_init_fnc(xfer->xfer, silcpurple_ftp_request_result);
	purple_xfer_set_request_denied_fnc(xfer->xfer, silcpurple_ftp_request_denied);
	purple_xfer_set_cancel_recv_fnc(xfer->xfer, silcpurple_ftp_cancel);
	xfer->xfer->remote_ip = g_strdup(hostname);
	xfer->xfer->remote_port = port;
	xfer->xfer->data = xfer;

	/* File transfer request */
	purple_xfer_request(xfer->xfer);
}

static void
silcpurple_ftp_send_cancel(PurpleXfer *x)
{
	SilcPurpleXfer xfer = x->data;
	silc_client_file_close(xfer->sg->client, xfer->sg->conn, xfer->session_id);
	purple_xfer_unref(xfer->xfer);
	g_free(xfer->hostname);
	silc_free(xfer);
}

static void
silcpurple_ftp_send(PurpleXfer *x)
{
	SilcPurpleXfer xfer = x->data;
	const char *name;
	char *local_ip = NULL, *remote_ip = NULL;
	gboolean local = TRUE;

	name = purple_xfer_get_local_filename(x);

	/* Do the same magic what we do with key agreement (see silcpurple_buddy.c)
	   to see if we are behind NAT. */
	if (silc_net_check_local_by_sock(xfer->sg->conn->sock->sock,
					 NULL, &local_ip)) {
		/* Check if the IP is private */
		if (silcpurple_ip_is_private(local_ip)) {
			local = FALSE;
			/* Local IP is private, resolve the remote server IP to see whether
			   we are talking to Internet or just on LAN. */
			if (silc_net_check_host_by_sock(xfer->sg->conn->sock->sock, NULL,
							&remote_ip))
				if (silcpurple_ip_is_private(remote_ip))
					/* We assume we are in LAN.  Let's provide the connection point. */
					local = TRUE;
		}
	}

	if (local && !local_ip)
		local_ip = silc_net_localip();

	/* Send the file */
	silc_client_file_send(xfer->sg->client, xfer->sg->conn,
			      silcpurple_ftp_monitor, xfer,
			      local_ip, 0, !local, xfer->client_entry,
			      name, &xfer->session_id);

	silc_free(local_ip);
	silc_free(remote_ip);
}

static void
silcpurple_ftp_send_file_resolved(SilcClient client,
				SilcClientConnection conn,
				SilcClientEntry *clients,
				SilcUInt32 clients_count,
				void *context)
{
	PurpleConnection *gc = client->application;
	char tmp[256];

	if (!clients) {
		g_snprintf(tmp, sizeof(tmp),
			   _("User %s is not present in the network"),
			   (const char *)context);
		purple_notify_error(gc, _("Secure File Transfer"),
				  _("Cannot send file"), tmp);
		silc_free(context);
		return;
	}

	silcpurple_ftp_send_file(client->application, (const char *)context, NULL);
	silc_free(context);
}

PurpleXfer *silcpurple_ftp_new_xfer(PurpleConnection *gc, const char *name)
{
	SilcPurple sg = gc->proto_data;
	SilcClient client = sg->client;
	SilcClientConnection conn = sg->conn;
	SilcClientEntry *clients;
	SilcUInt32 clients_count;
	SilcPurpleXfer xfer;
	char *nickname;

	g_return_val_if_fail(name != NULL, NULL);

	if (!silc_parse_userfqdn(name, &nickname, NULL))
		return NULL;

	/* Find client entry */
	clients = silc_client_get_clients_local(client, conn, nickname, name,
											&clients_count);
	if (!clients) {
		silc_client_get_clients(client, conn, nickname, NULL,
								silcpurple_ftp_send_file_resolved,
								strdup(name));
		silc_free(nickname);
		return NULL;
	}

	xfer = silc_calloc(1, sizeof(*xfer));

	g_return_val_if_fail(xfer != NULL, NULL);

	xfer->sg = sg;
	xfer->client_entry = clients[0];
	xfer->xfer = purple_xfer_new(xfer->sg->account, PURPLE_XFER_SEND,
							   xfer->client_entry->nickname);
	if (!xfer->xfer) {
		silc_client_file_close(xfer->sg->client, xfer->sg->conn, xfer->session_id);
		g_free(xfer->hostname);
		silc_free(xfer);
		return NULL;
	}
	purple_xfer_set_init_fnc(xfer->xfer, silcpurple_ftp_send);
	purple_xfer_set_request_denied_fnc(xfer->xfer, silcpurple_ftp_request_denied);
	purple_xfer_set_cancel_send_fnc(xfer->xfer, silcpurple_ftp_send_cancel);
	xfer->xfer->data = xfer;

	silc_free(clients);
	silc_free(nickname);

	return xfer->xfer;
}

void silcpurple_ftp_send_file(PurpleConnection *gc, const char *name, const char *file)
{
	PurpleXfer *xfer = silcpurple_ftp_new_xfer(gc, name);

	g_return_if_fail(xfer != NULL);

	/* Choose file to send */
	if (file)
		purple_xfer_request_accepted(xfer, file);
	else
		purple_xfer_request(xfer);
}