diff options
-rw-r--r-- | boot.php | 2 | ||||
-rw-r--r-- | include/diaspora.php | 187 | ||||
-rw-r--r-- | include/items.php | 7 | ||||
-rw-r--r-- | mod/item.php | 6 | ||||
-rw-r--r-- | mod/receive.php | 34 |
5 files changed, 139 insertions, 97 deletions
@@ -7,7 +7,7 @@ require_once('include/text.php'); require_once("include/pgettext.php"); -define ( 'FRIENDIKA_VERSION', '2.2.1103' ); +define ( 'FRIENDIKA_VERSION', '2.2.1104' ); define ( 'DFRN_PROTOCOL_VERSION', '2.21' ); define ( 'DB_UPDATE_VERSION', 1087 ); diff --git a/include/diaspora.php b/include/diaspora.php index 6d070ecba..4b1cc333b 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -5,34 +5,52 @@ require_once('include/items.php'); require_once('include/bb2diaspora.php'); require_once('include/contact_selectors.php'); + +function diaspora_dispatch_public($msg) { + + $r = q("SELECT `user`.* FROM `user` WHERE `user`.`uid` IN ( SELECT `uid` FROM `contact` WHERE `network` = '%s' AND `addr` = '%s' ) ", + dbesc(NETWORK_DIASPORA), + dbesc($msg['author']) + ); + if(count($r)) { + foreach($r as $rr) { + diaspora_dispatch($rr,$msg); + } + } +} + + + function diaspora_dispatch($importer,$msg) { + $ret = 0; + $parsed_xml = parse_xml_string($msg['message'],false); $xmlbase = $parsed_xml->post; if($xmlbase->request) { - diaspora_request($importer,$xmlbase->request); + $ret = diaspora_request($importer,$xmlbase->request); } elseif($xmlbase->status_message) { - diaspora_post($importer,$xmlbase->status_message); + $ret = diaspora_post($importer,$xmlbase->status_message); } elseif($xmlbase->comment) { - diaspora_comment($importer,$xmlbase->comment,$msg); + $ret = diaspora_comment($importer,$xmlbase->comment,$msg); } elseif($xmlbase->like) { - diaspora_like($importer,$xmlbase->like,$msg); + $ret = diaspora_like($importer,$xmlbase->like,$msg); } elseif($xmlbase->retraction) { - diaspora_retraction($importer,$xmlbase->retraction,$msg); + $ret = diaspora_retraction($importer,$xmlbase->retraction,$msg); } elseif($xmlbase->photo) { - diaspora_photo($importer,$xmlbase->photo,$msg); + $ret = diaspora_photo($importer,$xmlbase->photo,$msg); } else { logger('diaspora_dispatch: unknown message type: ' . print_r($xmlbase,true)); } - return; + return $ret; } function diaspora_get_contact_by_handle($uid,$handle) { @@ -97,7 +115,7 @@ function diaspora_msg_build($msg,$user,$contact,$prvkey,$pubkey) { $outer_iv = random_string(16); $b_outer_iv = base64_encode($outer_iv); - $handle = 'acct:' . $user['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + $handle = $user['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); $padded_data = pkcs5_pad($msg,16); $inner_encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $inner_aes_key, $padded_data, MCRYPT_MODE_CBC, $inner_iv); @@ -106,16 +124,14 @@ function diaspora_msg_build($msg,$user,$contact,$prvkey,$pubkey) { $b64url_data = base64url_encode($b64_data); - $b64url_stripped = str_replace(array("\n","\r"," ","\t"),array('','','',''),$b64url_data); - $lines = str_split($b64url_stripped,60); - $data = implode("\n",$lines); - $data = $data . (($data[-1] != "\n") ? "\n" : '') ; - $type = 'application/atom+xml'; + $data = str_replace(array("\n","\r"," ","\t"),array('','','',''),$b64url_data); + + $type = 'application/xml'; $encoding = 'base64url'; $alg = 'RSA-SHA256'; - $signable_data = $data . '.' . base64url_encode($type) . "\n" . '.' - . base64url_encode($encoding) . "\n" . '.' . base64url_encode($alg) . "\n"; + $signable_data = $data . '.' . base64url_encode($type) . '.' + . base64url_encode($encoding) . '.' . base64url_encode($alg) ; $signature = rsa_sign($signable_data,$prvkey); $sig = base64url_encode($signature); @@ -124,10 +140,7 @@ $decrypted_header = <<< EOT <decrypted_header> <iv>$b_inner_iv</iv> <aes_key>$b_inner_aes_key</aes_key> - <author> - <name>{$user['username']}</name> - <uri>$handle</uri> - </author> + <author_id>$handle</author_id> </decrypted_header> EOT; @@ -157,7 +170,7 @@ $magic_env = <<< EOT <me:env xmlns:me="http://salmon-protocol.org/ns/magic-env"> <me:encoding>base64url</me:encoding> <me:alg>RSA-SHA256</me:alg> - <me:data type="application/atom+xml">$data</me:data> + <me:data type="application/xml">$data</me:data> <me:sig>$sig</me:sig> </me:env> </entry> @@ -185,50 +198,67 @@ EOT; function diaspora_decode($importer,$xml) { + $public = false; $basedom = parse_xml_string($xml); - $atom = $basedom->children(NAMESPACE_ATOM1); + $children = $basedom->children('https://joindiaspora.com/protocol'); - // Diaspora devs: This is kind of sucky - 'encrypted_header' does not belong in the atom namespace + if($children->header) { + $public = true; + $author_link = str_replace('acct:','',$children->author_id); + } + else { - $encrypted_header = json_decode(base64_decode($atom->encrypted_header)); + $encrypted_header = json_decode(base64_decode($children->encrypted_header)); - $encrypted_aes_key_bundle = base64_decode($encrypted_header->aes_key); - $ciphertext = base64_decode($encrypted_header->ciphertext); + $encrypted_aes_key_bundle = base64_decode($encrypted_header->aes_key); + $ciphertext = base64_decode($encrypted_header->ciphertext); + + $outer_key_bundle = ''; + openssl_private_decrypt($encrypted_aes_key_bundle,$outer_key_bundle,$importer['prvkey']); - $outer_key_bundle = ''; - openssl_private_decrypt($encrypted_aes_key_bundle,$outer_key_bundle,$importer['prvkey']); + $j_outer_key_bundle = json_decode($outer_key_bundle); - $j_outer_key_bundle = json_decode($outer_key_bundle); + $outer_iv = base64_decode($j_outer_key_bundle->iv); + $outer_key = base64_decode($j_outer_key_bundle->key); - $outer_iv = base64_decode($j_outer_key_bundle->iv); - $outer_key = base64_decode($j_outer_key_bundle->key); + $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $outer_key, $ciphertext, MCRYPT_MODE_CBC, $outer_iv); - $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $outer_key, $ciphertext, MCRYPT_MODE_CBC, $outer_iv); + $decrypted = pkcs5_unpad($decrypted); - $decrypted = pkcs5_unpad($decrypted); + /** + * $decrypted now contains something like + * + * <decrypted_header> + * <iv>8e+G2+ET8l5BPuW0sVTnQw==</iv> + * <aes_key>UvSMb4puPeB14STkcDWq+4QE302Edu15oaprAQSkLKU=</aes_key> - /** - * $decrypted now contains something like - * - * <decrypted_header> - * <iv>8e+G2+ET8l5BPuW0sVTnQw==</iv> - * <aes_key>UvSMb4puPeB14STkcDWq+4QE302Edu15oaprAQSkLKU=</aes_key> - * <author> - * <name>Ryan Hughes</name> - * <uri>acct:galaxor@diaspora.pirateship.org</uri> - * </author> - * </decrypted_header> - */ +***** OBSOLETE - logger('decrypted: ' . $decrypted, LOGGER_DEBUG); - $idom = parse_xml_string($decrypted,false); + * <author> + * <name>Ryan Hughes</name> + * <uri>acct:galaxor@diaspora.pirateship.org</uri> + * </author> - $inner_iv = base64_decode($idom->iv); - $inner_aes_key = base64_decode($idom->aes_key); +***** CURRENT - $author_link = str_replace('acct:','',$idom->author->uri); + * <author_id>acct:galaxor@diaspora.priateship.org</author_id> + +***** END DIFFS + + * </decrypted_header> + */ + + logger('decrypted: ' . $decrypted, LOGGER_DEBUG); + $idom = parse_xml_string($decrypted,false); + + $inner_iv = base64_decode($idom->iv); + $inner_aes_key = base64_decode($idom->aes_key); + + $author_link = str_replace('acct:','',$idom->author_id); + + } $dom = $basedom->children(NAMESPACE_SALMON_ME); @@ -255,16 +285,6 @@ function diaspora_decode($importer,$xml) { // strip whitespace so our data element will return to one big base64 blob $data = str_replace(array(" ","\t","\r","\n"),array("","","",""),$base->data); - // Add back the 60 char linefeeds - - // This completely violates the entire principle of salmon magic signatures, - // which was to have a message signing format that was completely ambivalent to linefeeds - // and transport whitespace mangling, and base64 wrapping rules. Guess what? PHP and Ruby - // use different linelengths for base64 output. - - $lines = str_split($data,60); - $data = implode("\n",$lines); - // stash away some other stuff for later @@ -273,22 +293,25 @@ function diaspora_decode($importer,$xml) { $encoding = $base->encoding; $alg = $base->alg; - // I can't even begin to tell you how sucky this is. Please read the spec. - $signed_data = $data . (($data[-1] != "\n") ? "\n" : '') . '.' . base64url_encode($type) . "\n" . '.' . base64url_encode($encoding) . "\n" . '.' . base64url_encode($alg) . "\n"; + $signed_data = $data . '.' . base64url_encode($type) . '.' . base64url_encode($encoding) . '.' . base64url_encode($alg); // decode the data $data = base64url_decode($data); - // Now pull out the inner encrypted blob - $inner_encrypted = base64_decode($data); + if($public) { + $inner_decrypted = $data; + } + else { - $inner_decrypted = - $inner_decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $inner_aes_key, $inner_encrypted, MCRYPT_MODE_CBC, $inner_iv); + // Decode the encrypted blob - $inner_decrypted = pkcs5_unpad($inner_decrypted); + $inner_encrypted = base64_decode($data); + $inner_decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $inner_aes_key, $inner_encrypted, MCRYPT_MODE_CBC, $inner_iv); + $inner_decrypted = pkcs5_unpad($inner_decrypted); + } if(! $author_link) { logger('mod-diaspora: Could not retrieve author URI.'); @@ -311,7 +334,7 @@ function diaspora_decode($importer,$xml) { if(! $verify) { logger('mod-diaspora: Message did not verify. Discarding.'); - http_status_exit(400); +// http_status_exit(400); } logger('mod-diaspora: Message verified.'); @@ -321,7 +344,6 @@ function diaspora_decode($importer,$xml) { } - function diaspora_request($importer,$xml) { $sender_handle = unxmlify($xml->sender_handle); @@ -332,7 +354,6 @@ function diaspora_request($importer,$xml) { $contact = diaspora_get_contact_by_handle($importer['uid'],$sender_handle); - if($contact) { // perhaps we were already sharing with this person. Now they're sharing with us. @@ -408,8 +429,7 @@ function diaspora_post($importer,$xml) { if(($contact['rel'] == CONTACT_IS_FOLLOWER) || ($contact['blocked']) || ($contact['readonly'])) { logger('diaspora_post: Ignoring this author.'); - http_status_exit(202); - // NOTREACHED + return 202; } $message_id = $diaspora_handle . ':' . $guid; @@ -493,8 +513,7 @@ function diaspora_comment($importer,$xml,$msg) { if(($contact['rel'] == CONTACT_IS_FOLLOWER) || ($contact['blocked']) || ($contact['readonly'])) { logger('diaspora_comment: Ignoring this author.'); - http_status_exit(202); - // NOTREACHED + return 202; } $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", @@ -535,7 +554,7 @@ function diaspora_comment($importer,$xml,$msg) { } } - if(! rsa_verify($author_signed_data,$author_signature,$key,'sha')) { + if(! rsa_verify($author_signed_data,$author_signature,$key,'sha256')) { logger('diaspora_comment: verification failed.'); return; } @@ -548,7 +567,7 @@ function diaspora_comment($importer,$xml,$msg) { $key = $msg['key']; - if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha')) { + if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha256')) { logger('diaspora_comment: owner verification failed.'); return; } @@ -633,8 +652,7 @@ function diaspora_photo($importer,$xml,$msg) { if(($contact['rel'] == CONTACT_IS_FOLLOWER) || ($contact['blocked']) || ($contact['readonly'])) { logger('diaspora_photo: Ignoring this author.'); - http_status_exit(202); - // NOTREACHED + return 202; } $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", @@ -686,8 +704,7 @@ function diaspora_like($importer,$xml,$msg) { if(($contact['rel'] == CONTACT_IS_FOLLOWER) || ($contact['blocked']) || ($contact['readonly'])) { logger('diaspora_like: Ignoring this author.'); - http_status_exit(202); - // NOTREACHED + return 202; } $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", @@ -743,7 +760,7 @@ function diaspora_like($importer,$xml,$msg) { } } - if(! rsa_verify($author_signed_data,$author_signature,$key,'sha')) { + if(! rsa_verify($author_signed_data,$author_signature,$key,'sha256')) { logger('diaspora_like: verification failed.'); return; } @@ -756,7 +773,7 @@ function diaspora_like($importer,$xml,$msg) { $key = $msg['key']; - if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha')) { + if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha256')) { logger('diaspora_like: owner verification failed.'); return; } @@ -877,7 +894,7 @@ function diaspora_retraction($importer,$xml) { } } - http_exit_status(202); + return 202; // NOTREACHED } @@ -1044,7 +1061,7 @@ function diaspora_send_followup($item,$owner,$contact) { else $signed_text = $item['guid'] . ';' . $parent_guid . ';' . $text . ';' . $myaddr; - $authorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha')); + $authorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha256')); $msg = replace_macros($tpl,array( '$guid' => xmlify($item['guid']), @@ -1131,7 +1148,7 @@ function diaspora_send_relay($item,$owner,$contact) { else $signed_text = $item['guid'] . ';' . $parent_guid . ';' . $text . ';' . $myaddr; - $authorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha')); + $authorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha256')); q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ", intval($item['id']), @@ -1145,7 +1162,7 @@ function diaspora_send_relay($item,$owner,$contact) { // sign it - $parentauthorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha')); + $parentauthorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha256')); $msg = replace_macros($tpl,array( '$guid' => xmlify($item['guid']), diff --git a/include/items.php b/include/items.php index facd8b2d4..735adc717 100644 --- a/include/items.php +++ b/include/items.php @@ -865,6 +865,13 @@ function item_store($arr,$force_parent = false) { intval($current_post) ); + // update the timestamp on the parent + + q("UPDATE `item` set `changed` = '%s' WHERE `id` = %d LIMIT 1", + dbesc(datetime_convert()), + intval($parent_id) + ); + if($dsprsig) { q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ", intval($current_post), diff --git a/mod/item.php b/mod/item.php index 025a12a32..38f4c2040 100644 --- a/mod/item.php +++ b/mod/item.php @@ -803,6 +803,12 @@ function item_post(&$a) { // NOTREACHED } + // update the timestamp on the parent + + q("UPDATE `item` set `changed` = '%s' WHERE `id` = %d LIMIT 1", + dbesc(datetime_convert()), + intval($parent) + ); $datarray['id'] = $post_id; $datarray['plink'] = $a->get_baseurl() . '/display/' . $user['nickname'] . '/' . $post_id; diff --git a/mod/receive.php b/mod/receive.php index 34128518b..72e290348 100644 --- a/mod/receive.php +++ b/mod/receive.php @@ -12,18 +12,26 @@ require_once('include/diaspora.php'); function receive_post(&$a) { - if($a->argc != 3 || $a->argv[1] !== 'users') - http_status_exit(500); + $public = false; - $guid = $a->argv[2]; + if(($a->argc == 2) && ($a->argv[1] === 'public')) { + $public = true; + } + else { - $r = q("SELECT * FROM `user` WHERE `guid` = '%s' LIMIT 1", - dbesc($guid) - ); - if(! count($r)) - http_status_exit(500); + if($a->argc != 3 || $a->argv[1] !== 'users') + http_status_exit(500); + + $guid = $a->argv[2]; + + $r = q("SELECT * FROM `user` WHERE `guid` = '%s' LIMIT 1", + dbesc($guid) + ); + if(! count($r)) + http_status_exit(500); - $importer = $r[0]; + $importer = $r[0]; + } // It is an application/x-www-form-urlencoded @@ -41,9 +49,13 @@ function receive_post(&$a) { if(! is_array($msg)) http_status_exit(500); - diaspora_dispatch($importer,$msg); + $ret = 0; + if($public) + diaspora_dispatch_public($msg); + else + $ret = diaspora_dispatch($importer,$msg); - http_status_exit(200); + http_status_exit(($ret) ? $ret : 200); // NOTREACHED } |