diff options
author | Andrew Manning <tamanning@zoho.com> | 2018-02-22 15:10:20 -0500 |
---|---|---|
committer | Andrew Manning <tamanning@zoho.com> | 2018-02-22 15:10:20 -0500 |
commit | 70719c67d30810c8127707b0dd1fd7ed66aa4a9a (patch) | |
tree | 3dd9d547d2e15007689106cc26d60ba067b3a7b8 /include | |
parent | 43fca182e3915734587abf389d819546ebade3a4 (diff) | |
parent | 80ce2def461705ebd0853e99ddfc0d1bc1de2915 (diff) | |
download | volse-hubzilla-70719c67d30810c8127707b0dd1fd7ed66aa4a9a.tar.gz volse-hubzilla-70719c67d30810c8127707b0dd1fd7ed66aa4a9a.tar.bz2 volse-hubzilla-70719c67d30810c8127707b0dd1fd7ed66aa4a9a.zip |
Merge branch 'dev' into oauth2
Diffstat (limited to 'include')
-rw-r--r-- | include/channel.php | 4 | ||||
-rw-r--r-- | include/crypto.php | 51 | ||||
-rw-r--r-- | include/event.php | 7 | ||||
-rwxr-xr-x | include/items.php | 20 | ||||
-rw-r--r-- | include/network.php | 4 | ||||
-rwxr-xr-x | include/plugin.php | 12 | ||||
-rw-r--r-- | include/zid.php | 4 | ||||
-rw-r--r-- | include/zot.php | 118 |
8 files changed, 129 insertions, 91 deletions
diff --git a/include/channel.php b/include/channel.php index b9adc588b..625ce16c8 100644 --- a/include/channel.php +++ b/include/channel.php @@ -2553,10 +2553,10 @@ function channel_remove($channel_id, $local = true, $unset_session = false) { q("DELETE FROM profile WHERE uid = %d", intval($channel_id)); q("DELETE FROM src WHERE src_channel_id = %d", intval($channel_id)); - $r = q("select resource_id FROM attach WHERE uid = %d", intval($channel_id)); + $r = q("select hash FROM attach WHERE uid = %d", intval($channel_id)); if($r) { foreach($r as $rv) { - attach_delete($channel_id,$rv['resource_id']); + attach_delete($channel_id,$rv['hash']); } } diff --git a/include/crypto.php b/include/crypto.php index ab33ba096..1040ac29b 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -119,21 +119,27 @@ function crypto_encapsulate($data,$pubkey,$alg='aes256cbc') { } function other_encapsulate($data,$pubkey,$alg) { + if(! $pubkey) logger('no key. data: ' . $data); - $oaep = false; + // This default will change in the future. For now make it backward compatible. - if(strpos($alg,'.oaep')) { - $oaep = true; - $subalg = substr($alg,0,-5); - } - else { - $subalg = $alg; + $padding = OPENSSL_PKCS1_PADDING; + $base = $alg; + + $exts = explode('.',$alg); + if(count($exts) > 1) { + switch($exts[1]) { + case 'oaep': + $padding = OPENSSL_PKCS1_OAEP_PADDING; + break; + } + $base = $exts[0]; } - $fn = strtoupper($subalg) . '_encrypt'; + $fn = strtoupper($base) . '_encrypt'; if(function_exists($fn)) { // A bit hesitant to use openssl_random_pseudo_bytes() as we know @@ -151,14 +157,14 @@ function other_encapsulate($data,$pubkey,$alg) { $iv = openssl_random_pseudo_bytes(256); $result['data'] = base64url_encode($fn($data,$key,$iv),true); // log the offending call so we can track it down - if(! openssl_public_encrypt($key,$k,$pubkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING))) { + if(! openssl_public_encrypt($key,$k,$pubkey,$padding)) { $x = debug_backtrace(); logger('RSA failed. ' . print_r($x[0],true)); } $result['alg'] = $alg; $result['key'] = base64url_encode($k,true); - openssl_public_encrypt($iv,$i,$pubkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING)); + openssl_public_encrypt($iv,$i,$pubkey,$padding); $result['iv'] = base64url_encode($i,true); return $result; } @@ -229,20 +235,25 @@ function crypto_unencapsulate($data,$prvkey) { function other_unencapsulate($data,$prvkey,$alg) { - $oaep = false; + // This default will change in the future. For now make it backward compatible. - if(strpos($alg,'.oaep')) { - $oaep = true; - $subalg = substr($alg,0,-5); - } - else { - $subalg = $alg; + $padding = OPENSSL_PKCS1_PADDING; + $base = $alg; + + $exts = explode('.',$alg); + if(count($exts) > 1) { + switch($exts[1]) { + case 'oaep': + $padding = OPENSSL_PKCS1_OAEP_PADDING; + break; + } + $base = $exts[0]; } - $fn = strtoupper($subalg) . '_decrypt'; + $fn = strtoupper($base) . '_decrypt'; if(function_exists($fn)) { - openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING)); - openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING)); + openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey,$padding); + openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey,$padding); return $fn(base64url_decode($data['data']),$k,$i); } else { diff --git a/include/event.php b/include/event.php index c1cf59425..1077a3c64 100644 --- a/include/event.php +++ b/include/event.php @@ -1200,6 +1200,13 @@ function event_store_item($arr, $event) { )); } + // propagate the event resource_id so that posts containing it are easily searchable in downstream copies + // of the item which have not stored the actual event. Required for Diaspora event federation as Diaspora + // event_participation messages refer to the event resource_id as a parent, while out own event attendance + // activities refer to the item message_id as the parent. + + set_iconfig($item_arr, 'system','event_id',$event['event_hash'],true); + $res = item_store($item_arr); $item_id = $res['item_id']; diff --git a/include/items.php b/include/items.php index 68fa4c3b2..5a98fbbd4 100755 --- a/include/items.php +++ b/include/items.php @@ -4003,18 +4003,24 @@ function zot_feed($uid, $observer_hash, $arr) { $item_normal = item_normal(); if(is_sys_channel($uid)) { - $r = q("SELECT parent, created, postopts from item - WHERE uid != %d - $item_normal + + $nonsys_uids = q("SELECT channel_id FROM channel WHERE channel_system = 0"); + $nonsys_uids_str = ids_to_querystr($nonsys_uids,'channel_id'); + + $r = q("SELECT parent, postopts FROM item + WHERE uid IN ( %s ) AND item_wall = 1 - and item_private = 0 $sql_extra ORDER BY created ASC $limit", - intval($uid) + AND item_private = 0 + $item_normal + $sql_extra ORDER BY created ASC $limit", + intval($nonsys_uids_str) ); } else { - $r = q("SELECT parent, created, postopts from item - WHERE uid = %d $item_normal + $r = q("SELECT parent, postopts FROM item + WHERE uid = %d AND item_wall = 1 + $item_normal $sql_extra ORDER BY created ASC $limit", intval($uid) ); diff --git a/include/network.php b/include/network.php index 2ac430e82..0824183f7 100644 --- a/include/network.php +++ b/include/network.php @@ -1605,10 +1605,10 @@ function get_site_info() { 'commit' => $commit, 'plugins' => $visible_plugins, 'register_policy' => $register_policy[get_config('system','register_policy')], - 'invitation_only' => intval(get_config('system','invitation_only')), + 'invitation_only' => (bool) intval(get_config('system','invitation_only')), 'directory_mode' => $directory_mode[get_config('system','directory_mode')], 'language' => get_config('system','language'), - 'rss_connections' => intval(get_config('system','feed_contacts')), + 'rss_connections' => (bool) intval(get_config('system','feed_contacts')), 'expiration' => $site_expire, 'default_service_restrictions' => $service_class, 'locked_features' => $locked_features, diff --git a/include/plugin.php b/include/plugin.php index f452d8342..62d443ab8 100755 --- a/include/plugin.php +++ b/include/plugin.php @@ -245,8 +245,18 @@ function plugins_sync() { * @return array */ function visible_plugin_list() { + $r = q("select * from addon where hidden = 0 order by aname asc"); - return(($r) ? ids_to_array($r,'aname') : array()); + $x = (($r) ? ids_to_array($r,'aname') : array()); + $y = []; + if($x) { + foreach($x as $xv) { + if(is_dir('addon/' . $xv)) { + $y[] = $xv; + } + } + } + return $y; } diff --git a/include/zid.php b/include/zid.php index b3a7d1e6a..67c1d9f6c 100644 --- a/include/zid.php +++ b/include/zid.php @@ -265,9 +265,9 @@ function red_zrlify_img_callback($matches) { */ function owt_init($token) { - \Zotlabs\Zot\Verify::purge('owt', '3 MINUTE'); + \Zotlabs\Lib\Verify::purge('owt', '3 MINUTE'); - $ob_hash = \Zotlabs\Zot\Verify::get_meta('owt', 0, $token); + $ob_hash = \Zotlabs\Lib\Verify::get_meta('owt', 0, $token); if($ob_hash === false) { return; diff --git a/include/zot.php b/include/zot.php index 1042f09d9..0cfc370a2 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1152,7 +1152,12 @@ function zot_process_response($hub, $arr, $outq) { * @brief * * We received a notification packet (in mod_post) that a message is waiting for us, and we've verified the sender. - * Now send back a pickup message, using our message tracking ID ($arr['secret']), which we will sign with our site + * Check if the site is using zot6 delivery and includes a verified HTTP Signature, signed content, and a 'msg' field, + * and also that the signer and the sender match. + * If that happens, we do not need to fetch/pickup the message - we have it already and it is verified. + * Translate it into the form we need for zot_import() and import it. + * + * Otherwise send back a pickup message, using our message tracking ID ($arr['secret']), which we will sign with our site * private key. * The entire pickup message is encrypted with the remote site's public key. * If everything checks out on the remote end, we will receive back a packet containing one or more messages, @@ -1170,38 +1175,61 @@ function zot_fetch($arr) { $url = $arr['sender']['url'] . $arr['callback']; - // set $multiple param on zot_gethub() to return all matching hubs - // This allows us to recover from re-installs when a redundant (but invalid) hubloc for - // this identity is widely dispersed throughout the network. + $import = null; + $hubs = null; - $ret_hubs = zot_gethub($arr['sender'],true); - if(! $ret_hubs) { + $zret = zot6_check_sig(); + + if($zret['success'] && $zret['hubloc'] && $zret['hubloc']['hubloc_guid'] === $data['sender']['guid'] && $data['msg']) { + logger('zot6_delivery',LOGGER_DEBUG); + logger('zot6_data: ' . print_r($data,true),LOGGER_DATA); + + $ret['collected'] = true; + + $import = [ 'success' => true, 'body' => json_encode( [ 'success' => true, 'pickup' => [ [ 'notify' => $data, 'message' => json_decode($data['msg'],true) ] ] ] ) ]; + $hubs = [ $zret['hubloc'] ] ; + } + + if(! $hubs) { + // set $multiple param on zot_gethub() to return all matching hubs + // This allows us to recover from re-installs when a redundant (but invalid) hubloc for + // this identity is widely dispersed throughout the network. + + $hubs = zot_gethub($arr['sender'],true); + } + + if(! $hubs) { logger('No hub: ' . print_r($arr['sender'],true)); return; } - foreach($ret_hubs as $ret_hub) { + foreach($hubs as $hub) { - $secret = substr(preg_replace('/[^0-9a-fA-F]/','',$arr['secret']),0,64); + if(! $import) { + $secret = substr(preg_replace('/[^0-9a-fA-F]/','',$arr['secret']),0,64); - $data = [ - 'type' => 'pickup', - 'url' => z_root(), - 'callback_sig' => base64url_encode(rsa_sign(z_root() . '/post', get_config('system','prvkey'))), - 'callback' => z_root() . '/post', - 'secret' => $secret, - 'secret_sig' => base64url_encode(rsa_sign($secret, get_config('system','prvkey'))) - ]; + $data = [ + 'type' => 'pickup', + 'url' => z_root(), + 'callback_sig' => base64url_encode(rsa_sign(z_root() . '/post', get_config('system','prvkey'))), + 'callback' => z_root() . '/post', + 'secret' => $secret, + 'secret_sig' => base64url_encode(rsa_sign($secret, get_config('system','prvkey'))) + ]; - $algorithm = zot_best_algorithm($ret_hub['site_crypto']); - $datatosend = json_encode(crypto_encapsulate(json_encode($data),$ret_hub['hubloc_sitekey'], $algorithm)); + $algorithm = zot_best_algorithm($hub['site_crypto']); + $datatosend = json_encode(crypto_encapsulate(json_encode($data),$hub['hubloc_sitekey'], $algorithm)); - $fetch = zot_zot($url,$datatosend); + $import = zot_zot($url,$datatosend); + } + else { + $algorithm = zot_best_algorithm($hub['site_crypto']); + } - $result = zot_import($fetch, $arr['sender']['url']); + $result = zot_import($import, $arr['sender']['url']); if($result) { - $result = crypto_encapsulate(json_encode($result),$ret_hub['hubloc_sitekey'], $algorithm); + $result = crypto_encapsulate(json_encode($result),$hub['hubloc_sitekey'], $algorithm); return $result; } @@ -1700,7 +1728,7 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $ foreach($deliveries as $d) { $local_public = $public; - $DR = new Zotlabs\Zot\DReport(z_root(),$sender['hash'],$d['hash'],$arr['mid']); + $DR = new Zotlabs\Lib\DReport(z_root(),$sender['hash'],$d['hash'],$arr['mid']); $r = q("select * from channel where channel_hash = '%s' limit 1", dbesc($d['hash']) @@ -2229,7 +2257,7 @@ function process_mail_delivery($sender, $arr, $deliveries) { foreach($deliveries as $d) { - $DR = new Zotlabs\Zot\DReport(z_root(),$sender['hash'],$d['hash'],$arr['mid']); + $DR = new Zotlabs\Lib\DReport(z_root(),$sender['hash'],$d['hash'],$arr['mid']); $r = q("select * from channel where channel_hash = '%s' limit 1", dbesc($d['hash']) @@ -3870,11 +3898,11 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) { // we should probably do this for all items, but usually we only send one. if(array_key_exists('item',$arr) && is_array($arr['item'][0])) { - $DR = new Zotlabs\Zot\DReport(z_root(),$d['hash'],$d['hash'],$arr['item'][0]['message_id'],'channel sync processed'); + $DR = new Zotlabs\Lib\DReport(z_root(),$d['hash'],$d['hash'],$arr['item'][0]['message_id'],'channel sync processed'); $DR->addto_recipient($channel['channel_name'] . ' <' . channel_reddress($channel) . '>'); } else - $DR = new Zotlabs\Zot\DReport(z_root(),$d['hash'],$d['hash'],'sync packet','channel sync delivered'); + $DR = new Zotlabs\Lib\DReport(z_root(),$d['hash'],$d['hash'],'sync packet','channel sync delivered'); $result[] = $DR->get(); } @@ -4885,7 +4913,7 @@ function zot_reply_auth_check($data,$encrypted_packet) { * the web server. We should probably convert this to webserver time rather than DB time so * that the different clocks won't affect it and allow us to keep the time short. */ - Zotlabs\Zot\Verify::purge('auth', '30 MINUTE'); + Zotlabs\Lib\Verify::purge('auth', '30 MINUTE'); $y = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1", dbesc($sender_hash) @@ -4926,7 +4954,7 @@ function zot_reply_auth_check($data,$encrypted_packet) { // This additionally checks for forged sites since we already stored the expected result in meta // and we've already verified that this is them via zot_gethub() and that their key signed our token - $z = Zotlabs\Zot\Verify::match('auth',$c[0]['channel_id'],$data['secret'],$data['sender']['url']); + $z = Zotlabs\Lib\Verify::match('auth',$c[0]['channel_id'],$data['secret'],$data['sender']['url']); if (! $z) { logger('mod_zot: auth_check: verification key not found.'); $ret['message'] .= 'verification key not found' . EOL; @@ -5098,39 +5126,15 @@ function zot_reply_notify($data) { logger('notify received from ' . $data['sender']['url']); - // handle zot6 delivery + $async = get_config('system','queued_fetch'); - $zret = zot6_check_sig(); - if($zret['success'] && $zret['hubloc'] && $zret['hubloc']['hubloc_guid'] === $data['sender']['guid'] && $data['msg']) { - logger('zot6_delivery',LOGGER_DEBUG); - logger('zot6_data: ' . print_r($data,true),LOGGER_DATA); - - $ret['collected'] = true; - - $import = [ 'success' => true, 'pickup' => [ [ 'notify' => $data, 'message' => json_decode($data['msg'],true) ] ] ]; - - logger('zot6_import: ' . print_r($import,true), LOGGER_DATA); - - $x = zot_import([ 'success' => true, 'body' => json_encode($import) ], $data['sender']['url']); - if($x) { - $x = crypto_encapsulate(json_encode($x),$zret['hubloc']['hubloc_sitekey'],zot_best_algorithm($zret['hubloc']['site_crypto'])); - $ret['delivery_report'] = $x; - } + if($async) { + // add to receive queue + // qreceive_add($data); } else { - - // handle traditional zot delivery - - $async = get_config('system','queued_fetch'); - - if($async) { - // add to receive queue - // qreceive_add($data); - } - else { - $x = zot_fetch($data); - $ret['delivery_report'] = $x; - } + $x = zot_fetch($data); + $ret['delivery_report'] = $x; } $ret['success'] = true; |