diff options
| author | Mike Macgirvin <mike@macgirvin.com> | 2010-10-10 18:25:34 -0700 |
|---|---|---|
| committer | Mike Macgirvin <mike@macgirvin.com> | 2010-10-10 18:25:34 -0700 |
| commit | 524f73e3069843484c3e257f515bc9c746aff099 (patch) | |
| tree | 03d5f04984b08a2ce2a5c53b0dac55afc531d631 /mod/dfrn_confirm.php | |
| parent | 3531f466e5e02ff0e493ed21d1a100c346412bd8 (diff) | |
| download | volse-hubzilla-524f73e3069843484c3e257f515bc9c746aff099.tar.gz volse-hubzilla-524f73e3069843484c3e257f515bc9c746aff099.tar.bz2 volse-hubzilla-524f73e3069843484c3e257f515bc9c746aff099.zip | |
A bit more telemetry of friend confirms and lots of extra doco
to understand what is happening and why.
Diffstat (limited to 'mod/dfrn_confirm.php')
| -rw-r--r-- | mod/dfrn_confirm.php | 481 |
1 files changed, 270 insertions, 211 deletions
diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php index 7daa7f944..7c24de87d 100644 --- a/mod/dfrn_confirm.php +++ b/mod/dfrn_confirm.php @@ -1,217 +1,17 @@ <?php - +// There are two possible entry points. Both are called via POST. function dfrn_confirm_post(&$a) { if($a->argc > 1) $node = $a->argv[1]; - if(x($_POST,'source_url')) { - - // We are processing an external confirmation to an introduction created by our user. - - $public_key = $_POST['public_key']; - $dfrn_id = $_POST['dfrn_id']; - $source_url = $_POST['source_url']; - $aes_key = $_POST['aes_key']; - $duplex = $_POST['duplex']; - $version_id = $_POST['dfrn_version']; - - // Find our user's account - - $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' LIMIT 1", - dbesc($node)); - - if(! count($r)) { - $message = t('No user record found for ') . '\'' . $node . '\''; - xml_status(3,$message); // failure - // NOTREACHED - } - - $my_prvkey = $r[0]['prvkey']; - $local_uid = $r[0]['uid']; - - - if(! strstr($my_prvkey,'BEGIN RSA PRIVATE KEY')) { - $message = t('Our site encryption key is apparently messed up.'); - xml_status(3,$message); - } - - // verify everything - - $decrypted_source_url = ""; - openssl_private_decrypt($source_url,$decrypted_source_url,$my_prvkey); - - - if(! strlen($decrypted_source_url)) { - $message = t('Empty site URL was provided or URL could not be decrypted by us.'); - xml_status(3,$message); - // NOTREACHED - } - - $ret = q("SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1", - dbesc($decrypted_source_url), - intval($local_uid) - ); - - if(! count($ret)) { - // this is either a bogus confirmation (?) or we deleted the original introduction. - $message = t('Contact record was not found for you on our site.'); - xml_status(3,$message); - return; // NOTREACHED - } - - $relation = $ret[0]['rel']; - - // Decrypt all this stuff we just received - - $foreign_pubkey = $ret[0]['site-pubkey']; - $dfrn_record = $ret[0]['id']; - - $decrypted_dfrn_id = ""; - openssl_public_decrypt($dfrn_id,$decrypted_dfrn_id,$foreign_pubkey); - - if(strlen($aes_key)) { - $decrypted_aes_key = ""; - openssl_private_decrypt($aes_key,$decrypted_aes_key,$my_prvkey); - $dfrn_pubkey = openssl_decrypt($public_key,'AES-256-CBC',$decrypted_aes_key); - } - else { - $dfrn_pubkey = $public_key; - } - - $r = q("SELECT * FROM `contact` WHERE `dfrn-id` = '%s' LIMIT 1", - dbesc($decrypted_dfrn_id), - intval($local_uid) - ); - if(count($r)) { - $message = t('The ID provided by your system is a duplicate on our system. It should work if you try again.'); - xml_status(1,$message); // Birthday paradox - duplicate dfrn-id - // NOTREACHED - } - - $r = q("UPDATE `contact` SET `dfrn-id` = '%s', `pubkey` = '%s' WHERE `id` = %d LIMIT 1", - dbesc($decrypted_dfrn_id), - dbesc($dfrn_pubkey), - intval($dfrn_record) - ); - if(! count($r)) { - $message = t('Unable to set your contact credentials on our system.'); - xml_status(3,$message); - } - - // We're good but now we have to scrape the profile photo and send notifications. - - require_once("Photo.php"); - - $photo_failure = false; - - $r = q("SELECT `photo` FROM `contact` WHERE `id` = %d LIMIT 1", - intval($dfrn_record)); - if(count($r)) { - - $filename = basename($r[0]['photo']); - $img_str = fetch_url($r[0]['photo'],true); - $img = new Photo($img_str); - if($img->is_valid()) { - - $img->scaleImageSquare(175); - - $hash = photo_new_resource(); - - $r = $img->store($local_uid, $dfrn_record, $hash, $filename, t('Contact Photos') , 4); - - if($r === false) - $photo_failure = true; - - $img->scaleImage(80); - $r = $img->store($local_uid, $dfrn_record, $hash, $filename, t('Contact Photos') , 5); - - if($r === false) - $photo_failure = true; - - $photo = $a->get_baseurl() . '/photo/' . $hash . '-4.jpg'; - $thumb = $a->get_baseurl() . '/photo/' . $hash . '-5.jpg'; - } - else - $photo_failure = true; - } - else - $photo_failure = true; - - if($photo_failure) { - $photo = $a->get_baseurl() . '/images/default-profile.jpg'; - $thumb = $a->get_baseurl() . '/images/default-profile-sm.jpg'; - } - - $new_relation = REL_FAN; - if(($relation == REL_VIP) || ($duplex)) - $new_relation = REL_BUD; - - $r = q("UPDATE `contact` SET - `photo` = '%s', - `thumb` = '%s', - `rel` = %d, - `name-date` = '%s', - `uri-date` = '%s', - `avatar-date` = '%s', - `blocked` = 0, - `pending` = 0, - `duplex` = %d, - `network` = 'dfrn' WHERE `id` = %d LIMIT 1 - ", - dbesc($photo), - dbesc($thumb), - intval($new_relation), - dbesc(datetime_convert()), - dbesc(datetime_convert()), - dbesc(datetime_convert()), - intval($duplex), - intval($dfrn_record) - ); - if($r === false) { // should not happen unless schema is messed up - $message = t('Unable to update your contact profile details on our system'); - xml_status(3,$message); - } - - // Otherwise everything seems to have worked and we are almost done. Yay! - // Send an email notification + // Main entry point. Our user received a friend request notification (perhaps + // from another site) and clicked 'Accept'. $POST['source_url'] is not set. + // They will perform the following: - $r = q("SELECT * FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid` - WHERE `contact`.`id` = %d LIMIT 1", - intval($dfrn_record) - ); - if((count($r)) && ($r[0]['notify-flags'] & NOTIFY_CONFIRM)) { - - $tpl = (($new_relation == REL_BUD) - ? load_view_file('view/friend_complete_eml.tpl') - : load_view_file('view/intro_complete_eml.tpl')); - - $email_tpl = replace_macros($tpl, array( - '$sitename' => $a->config['sitename'], - '$siteurl' => $a->get_baseurl(), - '$username' => $r[0]['username'], - '$email' => $r[0]['email'], - '$fn' => $r[0]['name'], - '$dfrn_url' => $r[0]['url'], - '$uid' => $newuid ) - ); - - $res = mail($r[0]['email'], t("Connection accepted at ") . $a->config['sitename'], - $email_tpl, 'From: ' . t('Administrator') . '@' . $_SERVER[SERVER_NAME] ); - if(!$res) { - notice( t("Email notification failed.") . EOL ); - } - } - xml_status(0); // Success - return; // NOTREACHED - - ////////////////////// End of this scenario /////////////////////////////////////////////// - } - else { - - // We are processing a local confirmation initiated on this system by our user to an external introduction. + if(! x($_POST,'source_url')) { $uid = get_uid(); @@ -219,18 +19,24 @@ function dfrn_confirm_post(&$a) { notice( t('Permission denied.') . EOL ); return; } + + // These come from the friend request notification form. $dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : ""); $intro_id = intval($_POST['intro_id']); $duplex = intval($_POST['duplex']); + + // The other person will have been issued an ID when they first requested friendship. + // Locate their record. At this time, their record will have both pending and blocked set to 1. + $r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `uid` = %d LIMIT 1", dbesc($dfrn_id), intval($uid) ); if(! count($r)) { - notice( t('Node does not exist.') . EOL ); + notice( t('Contact not found.') . EOL ); return; } @@ -240,6 +46,13 @@ function dfrn_confirm_post(&$a) { $dfrn_confirm = $r[0]['confirm']; $aes_allow = $r[0]['aes_allow']; + + // Generate a key pair for all further communications with this person. + // We have a keypair for every contact, and a site key for unknown people. + // This provides a means to carry on relationships with other people if + // any single key is compromised. It is a robust key. We're much more + // worried about key leakage than anybody cracking it. + $res = openssl_pkey_new(array( 'digest_alg' => 'whirlpool', 'private_key_bits' => 4096, @@ -254,6 +67,8 @@ function dfrn_confirm_post(&$a) { $pubkey = openssl_pkey_get_details($res); $public_key = $pubkey["key"]; + // Save the private key. Send them the public key. + $r = q("UPDATE `contact` SET `prvkey` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1", dbesc($private_key), intval($contact_id), @@ -263,6 +78,21 @@ function dfrn_confirm_post(&$a) { $params = array(); + // Per the protocol document, we will verify both ends by encrypting the dfrn_id with our + // site private key (person on the other end can decrypt it with our site public key). + // Then encrypt our profile URL with the other person's site public key. They can decrypt + // it with their site private key. If the decryption on the other end fails for either + // item, it indicates tampering or key failure on at least one site and we will not be + // able to provide a secure communication pathway. + + // If other site is willing to accept full encryption, (aes_allow is 1 AND we have php5.3 + // or later) then we encrypt the personal public key we send them using AES-256-CBC and a + // random key which is encrypted with their site public key. + + // Note: We can send any of these things as binary blobs because they are being POST'ed. + // Any protocol conversations (notify, poll) which perform GET require bin2hex of all the + // binary stuff. + $src_aes_key = random_string(); $result = ''; @@ -285,10 +115,12 @@ function dfrn_confirm_post(&$a) { if($duplex == 1) $params['duplex'] = 1; + // POST all this stuff to the other site. + $res = post_url($dfrn_confirm,$params); - // Try to be robust if the remote site is having difficulty and throwing up - // errors of some kind. + // Now figure out what they responded. Try to be robust if the remote site is + // having difficulty and throwing up errors of some kind. $leading_junk = substr($res,0,strpos($res,'<?xml')); @@ -314,7 +146,7 @@ function dfrn_confirm_post(&$a) { $xml = simplexml_load_string($res); $status = (int) $xml->status; - $message = unxmlify($xml->message); + $message = unxmlify($xml->message); // human readable text of what may have gone wrong. switch($status) { case 0: notice( t("Confirmation completed successfully.") . EOL); @@ -346,7 +178,7 @@ function dfrn_confirm_post(&$a) { if(($status == 0) && ($intro_id)) { - //delete the notification + // Success. Delete the notification. $r = q("DELETE FROM `intro` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($intro_id), @@ -358,6 +190,10 @@ function dfrn_confirm_post(&$a) { if($status != 0) return; + // We have now established a relationship with the other site. + // Let's make our own personal copy of their profile photo so we don't have + // to always load it from their site. + require_once("Photo.php"); $photo_failure = false; @@ -428,8 +264,231 @@ function dfrn_confirm_post(&$a) { if($r === false) notice( t('Unable to set contact photo.') . EOL); + + // Let's send our user to the contact editor in case they want to + // do anything special with this new friend. + goaway($a->get_baseurl() . '/contacts/' . intval($contact_id)); return; //NOTREACHED } - return; + + + + // End of first scenario. [Local confirmation of remote friend request]. + + + + // Begin scenario two. This is the remote response to the above scenario. + // This will take place on the site that originally initiated the friend request. + // In the section above where the confirming party makes a POST and + // retrieves xml status information, they are communicating with the following code. + + if(x($_POST,'source_url')) { + + // We are processing an external confirmation to an introduction created by our user. + + $public_key = $_POST['public_key']; + $dfrn_id = $_POST['dfrn_id']; + $source_url = $_POST['source_url']; + $aes_key = $_POST['aes_key']; + $duplex = $_POST['duplex']; + $version_id = $_POST['dfrn_version']; + + // Find our user's account + + $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' LIMIT 1", + dbesc($node)); + + if(! count($r)) { + $message = t('No user record found for ') . '\'' . $node . '\''; + xml_status(3,$message); // failure + // NOTREACHED + } + + $my_prvkey = $r[0]['prvkey']; + $local_uid = $r[0]['uid']; + + + if(! strstr($my_prvkey,'BEGIN RSA PRIVATE KEY')) { + $message = t('Our site encryption key is apparently messed up.'); + xml_status(3,$message); + } + + // verify everything + + $decrypted_source_url = ""; + openssl_private_decrypt($source_url,$decrypted_source_url,$my_prvkey); + + + if(! strlen($decrypted_source_url)) { + $message = t('Empty site URL was provided or URL could not be decrypted by us.'); + xml_status(3,$message); + // NOTREACHED + } + + $ret = q("SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1", + dbesc($decrypted_source_url), + intval($local_uid) + ); + + if(! count($ret)) { + // this is either a bogus confirmation (?) or we deleted the original introduction. + $message = t('Contact record was not found for you on our site.'); + xml_status(3,$message); + return; // NOTREACHED + } + + $relation = $ret[0]['rel']; + + // Decrypt all this stuff we just received + + $foreign_pubkey = $ret[0]['site-pubkey']; + $dfrn_record = $ret[0]['id']; + + $decrypted_dfrn_id = ""; + openssl_public_decrypt($dfrn_id,$decrypted_dfrn_id,$foreign_pubkey); + + if(strlen($aes_key)) { + $decrypted_aes_key = ""; + openssl_private_decrypt($aes_key,$decrypted_aes_key,$my_prvkey); + $dfrn_pubkey = openssl_decrypt($public_key,'AES-256-CBC',$decrypted_aes_key); + } + else { + $dfrn_pubkey = $public_key; + } + + $r = q("SELECT * FROM `contact` WHERE `dfrn-id` = '%s' LIMIT 1", + dbesc($decrypted_dfrn_id), + intval($local_uid) + ); + if(count($r)) { + $message = t('The ID provided by your system is a duplicate on our system. It should work if you try again.'); + xml_status(1,$message); // Birthday paradox - duplicate dfrn-id + // NOTREACHED + } + + $r = q("UPDATE `contact` SET `dfrn-id` = '%s', `pubkey` = '%s' WHERE `id` = %d LIMIT 1", + dbesc($decrypted_dfrn_id), + dbesc($dfrn_pubkey), + intval($dfrn_record) + ); + if(! count($r)) { + $message = t('Unable to set your contact credentials on our system.'); + xml_status(3,$message); + } + + // We're good but now we have to scrape the profile photo and send notifications. + + require_once("Photo.php"); + + $photo_failure = false; + + $r = q("SELECT `photo` FROM `contact` WHERE `id` = %d LIMIT 1", + intval($dfrn_record)); + if(count($r)) { + + $filename = basename($r[0]['photo']); + $img_str = fetch_url($r[0]['photo'],true); + $img = new Photo($img_str); + if($img->is_valid()) { + + $img->scaleImageSquare(175); + + $hash = photo_new_resource(); + + $r = $img->store($local_uid, $dfrn_record, $hash, $filename, t('Contact Photos') , 4); + + if($r === false) + $photo_failure = true; + + $img->scaleImage(80); + $r = $img->store($local_uid, $dfrn_record, $hash, $filename, t('Contact Photos') , 5); + + if($r === false) + $photo_failure = true; + + $photo = $a->get_baseurl() . '/photo/' . $hash . '-4.jpg'; + $thumb = $a->get_baseurl() . '/photo/' . $hash . '-5.jpg'; + } + else + $photo_failure = true; + } + else + $photo_failure = true; + + if($photo_failure) { + $photo = $a->get_baseurl() . '/images/default-profile.jpg'; + $thumb = $a->get_baseurl() . '/images/default-profile-sm.jpg'; + } + + $new_relation = REL_FAN; + if(($relation == REL_VIP) || ($duplex)) + $new_relation = REL_BUD; + + $r = q("UPDATE `contact` SET + `photo` = '%s', + `thumb` = '%s', + `rel` = %d, + `name-date` = '%s', + `uri-date` = '%s', + `avatar-date` = '%s', + `blocked` = 0, + `pending` = 0, + `duplex` = %d, + `network` = 'dfrn' WHERE `id` = %d LIMIT 1 + ", + dbesc($photo), + dbesc($thumb), + intval($new_relation), + dbesc(datetime_convert()), + dbesc(datetime_convert()), + dbesc(datetime_convert()), + intval($duplex), + intval($dfrn_record) + ); + if($r === false) { // indicates schema is messed up or total db failure + $message = t('Unable to update your contact profile details on our system'); + xml_status(3,$message); + } + + // Otherwise everything seems to have worked and we are almost done. Yay! + // Send an email notification + + $r = q("SELECT * FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid` + WHERE `contact`.`id` = %d LIMIT 1", + intval($dfrn_record) + ); + if((count($r)) && ($r[0]['notify-flags'] & NOTIFY_CONFIRM)) { + + $tpl = (($new_relation == REL_BUD) + ? load_view_file('view/friend_complete_eml.tpl') + : load_view_file('view/intro_complete_eml.tpl')); + + $email_tpl = replace_macros($tpl, array( + '$sitename' => $a->config['sitename'], + '$siteurl' => $a->get_baseurl(), + '$username' => $r[0]['username'], + '$email' => $r[0]['email'], + '$fn' => $r[0]['name'], + '$dfrn_url' => $r[0]['url'], + '$uid' => $newuid ) + ); + + $res = mail($r[0]['email'], t("Connection accepted at ") . $a->config['sitename'], + $email_tpl, 'From: ' . t('Administrator') . '@' . $_SERVER[SERVER_NAME] ); + if(!$res) { + notice( t("Email notification failed.") . EOL ); + } + } + xml_status(0); // Success + return; // NOTREACHED + + ////////////////////// End of this scenario /////////////////////////////////////////////// + } + + // somebody arrived here by mistake or they are fishing. Send them to the homepage. + + goaway($a->get_baseurl()); + // NOTREACHED + } |