pidgin/pidgin

certificate: Use public key fingerprint to compare certificates
release-2.x.y
2017-03-07, dx
887efbd652d8
certificate: Use public key fingerprint to compare certificates

This fixes an issue with google talk's certificates and gnutls, where the root
certificate in the provided chain is a slightly different version of the one
that is usually present in the certificate stores, but the SubjectPublicKeyInfo
section is the same.

This adds a PurpleCertificateScheme function, compare_pubkeys, and its wrapper
purple_certificate_compare_pubkeys().

This is only implemented for gnutls, since the NSS plugin only uses the NSS
certificate validation code. Even if that path was reachable from a plugin that
doesn't implement this method, it would return FALSE and behave as if this bug
was never fixed.

The gnutls implementation uses the gnutls_x509_crt_get_key_id() function,
which returns a hash of the SubjectPublicKeyInfo section of the certificate.

In gnutls versions older than 3.4.1, this may be a SHA1 hash, but after that
version SHA256 support was added (without much fanfare - the documentation
barely mentions this at all), and we just use the constant for the best known
algo, which for current versions is just SHA256. Older versions ignore that
flag parameter.

The whole comparison is modeled after the private _gnutls_check_if_same_key(),
which checks if both certificates have the same DN ("unique id") and does a
memcmp() of the raw SPKI section. We don't have direct access to the raw SPKI
section but comparing their fingerprints is good enough.
/**
* purple
*
* Purple is the legal property of its developers, whose names are too numerous
* to list here. Please refer to the COPYRIGHT file distributed with this
* source distribution.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA
*/
#include "internal.h"
#include "account.h"
#include "privacy.h"
#include "server.h"
#include "util.h"
static PurplePrivacyUiOps *privacy_ops = NULL;
gboolean
purple_privacy_permit_add(PurpleAccount *account, const char *who,
gboolean local_only)
{
GSList *l;
char *name;
PurpleBuddy *buddy;
PurpleBlistUiOps *blist_ops;
g_return_val_if_fail(account != NULL, FALSE);
g_return_val_if_fail(who != NULL, FALSE);
name = g_strdup(purple_normalize(account, who));
for (l = account->permit; l != NULL; l = l->next) {
if (g_str_equal(name, l->data))
/* This buddy already exists */
break;
}
if (l != NULL)
{
/* This buddy already exists, so bail out */
g_free(name);
return FALSE;
}
account->permit = g_slist_append(account->permit, name);
if (!local_only && purple_account_is_connected(account))
serv_add_permit(purple_account_get_connection(account), who);
if (privacy_ops != NULL && privacy_ops->permit_added != NULL)
privacy_ops->permit_added(account, who);
blist_ops = purple_blist_get_ui_ops();
if (blist_ops != NULL && blist_ops->save_account != NULL)
blist_ops->save_account(account);
/* This lets the UI know a buddy has had its privacy setting changed */
buddy = purple_find_buddy(account, name);
if (buddy != NULL) {
purple_signal_emit(purple_blist_get_handle(),
"buddy-privacy-changed", buddy);
}
return TRUE;
}
gboolean
purple_privacy_permit_remove(PurpleAccount *account, const char *who,
gboolean local_only)
{
GSList *l;
const char *name;
PurpleBuddy *buddy;
char *del;
PurpleBlistUiOps *blist_ops;
g_return_val_if_fail(account != NULL, FALSE);
g_return_val_if_fail(who != NULL, FALSE);
name = purple_normalize(account, who);
for (l = account->permit; l != NULL; l = l->next) {
if (g_str_equal(name, l->data))
/* We found the buddy we were looking for */
break;
}
if (l == NULL)
/* We didn't find the buddy we were looking for, so bail out */
return FALSE;
/* We should not free l->data just yet. There can be occasions where
* l->data == who. In such cases, freeing l->data here can cause crashes
* later when who is used. */
del = l->data;
account->permit = g_slist_delete_link(account->permit, l);
if (!local_only && purple_account_is_connected(account))
serv_rem_permit(purple_account_get_connection(account), who);
if (privacy_ops != NULL && privacy_ops->permit_removed != NULL)
privacy_ops->permit_removed(account, who);
blist_ops = purple_blist_get_ui_ops();
if (blist_ops != NULL && blist_ops->save_account != NULL)
blist_ops->save_account(account);
buddy = purple_find_buddy(account, name);
if (buddy != NULL) {
purple_signal_emit(purple_blist_get_handle(),
"buddy-privacy-changed", buddy);
}
g_free(del);
return TRUE;
}
gboolean
purple_privacy_deny_add(PurpleAccount *account, const char *who,
gboolean local_only)
{
GSList *l;
char *name;
PurpleBuddy *buddy;
PurpleBlistUiOps *blist_ops;
g_return_val_if_fail(account != NULL, FALSE);
g_return_val_if_fail(who != NULL, FALSE);
name = g_strdup(purple_normalize(account, who));
for (l = account->deny; l != NULL; l = l->next) {
if (g_str_equal(name, l->data))
/* This buddy already exists */
break;
}
if (l != NULL)
{
/* This buddy already exists, so bail out */
g_free(name);
return FALSE;
}
account->deny = g_slist_append(account->deny, name);
if (!local_only && purple_account_is_connected(account))
serv_add_deny(purple_account_get_connection(account), who);
if (privacy_ops != NULL && privacy_ops->deny_added != NULL)
privacy_ops->deny_added(account, who);
blist_ops = purple_blist_get_ui_ops();
if (blist_ops != NULL && blist_ops->save_account != NULL)
blist_ops->save_account(account);
buddy = purple_find_buddy(account, name);
if (buddy != NULL) {
purple_signal_emit(purple_blist_get_handle(),
"buddy-privacy-changed", buddy);
}
return TRUE;
}
gboolean
purple_privacy_deny_remove(PurpleAccount *account, const char *who,
gboolean local_only)
{
GSList *l;
const char *normalized;
char *name;
PurpleBuddy *buddy;
PurpleBlistUiOps *blist_ops;
g_return_val_if_fail(account != NULL, FALSE);
g_return_val_if_fail(who != NULL, FALSE);
normalized = purple_normalize(account, who);
for (l = account->deny; l != NULL; l = l->next) {
if (g_str_equal(normalized, l->data))
/* We found the buddy we were looking for */
break;
}
if (l == NULL)
/* We didn't find the buddy we were looking for, so bail out */
return FALSE;
buddy = purple_find_buddy(account, normalized);
name = l->data;
account->deny = g_slist_delete_link(account->deny, l);
if (!local_only && purple_account_is_connected(account))
serv_rem_deny(purple_account_get_connection(account), name);
if (privacy_ops != NULL && privacy_ops->deny_removed != NULL)
privacy_ops->deny_removed(account, who);
if (buddy != NULL) {
purple_signal_emit(purple_blist_get_handle(),
"buddy-privacy-changed", buddy);
}
g_free(name);
blist_ops = purple_blist_get_ui_ops();
if (blist_ops != NULL && blist_ops->save_account != NULL)
blist_ops->save_account(account);
return TRUE;
}
/**
* This makes sure your permit list contains all buddies from your
* buddy list and ONLY buddies from your buddy list.
*/
static void
add_all_buddies_to_permit_list(PurpleAccount *account, gboolean local)
{
GSList *list;
/* Remove anyone in the permit list who is not in the buddylist */
for (list = account->permit; list != NULL; ) {
char *person = list->data;
list = list->next;
if (!purple_find_buddy(account, person))
purple_privacy_permit_remove(account, person, local);
}
/* Now make sure everyone in the buddylist is in the permit list */
list = purple_find_buddies(account, NULL);
while (list != NULL)
{
PurpleBuddy *buddy = list->data;
const gchar *name = purple_buddy_get_name(buddy);
if (!g_slist_find_custom(account->permit, name, (GCompareFunc)g_utf8_collate))
purple_privacy_permit_add(account, name, local);
list = g_slist_delete_link(list, list);
}
}
/*
* TODO: All callers of this function pass in FALSE for local and
* restore and I don't understand when you would ever want to
* use TRUE for either of them. I think both parameters could
* safely be removed in the next major version bump.
*/
void
purple_privacy_allow(PurpleAccount *account, const char *who, gboolean local,
gboolean restore)
{
GSList *list;
PurplePrivacyType type = account->perm_deny;
switch (account->perm_deny) {
case PURPLE_PRIVACY_ALLOW_ALL:
return;
case PURPLE_PRIVACY_ALLOW_USERS:
purple_privacy_permit_add(account, who, local);
break;
case PURPLE_PRIVACY_DENY_USERS:
purple_privacy_deny_remove(account, who, local);
break;
case PURPLE_PRIVACY_DENY_ALL:
if (!restore) {
/* Empty the allow-list. */
const char *norm = purple_normalize(account, who);
for (list = account->permit; list != NULL;) {
char *person = list->data;
list = list->next;
if (!purple_strequal(norm, person))
purple_privacy_permit_remove(account, person, local);
}
}
purple_privacy_permit_add(account, who, local);
account->perm_deny = PURPLE_PRIVACY_ALLOW_USERS;
break;
case PURPLE_PRIVACY_ALLOW_BUDDYLIST:
if (!purple_find_buddy(account, who)) {
add_all_buddies_to_permit_list(account, local);
purple_privacy_permit_add(account, who, local);
account->perm_deny = PURPLE_PRIVACY_ALLOW_USERS;
}
break;
default:
g_return_if_reached();
}
/* Notify the server if the privacy setting was changed */
if (type != account->perm_deny && purple_account_is_connected(account))
serv_set_permit_deny(purple_account_get_connection(account));
}
/*
* TODO: All callers of this function pass in FALSE for local and
* restore and I don't understand when you would ever want to
* use TRUE for either of them. I think both parameters could
* safely be removed in the next major version bump.
*/
void
purple_privacy_deny(PurpleAccount *account, const char *who, gboolean local,
gboolean restore)
{
GSList *list;
PurplePrivacyType type = account->perm_deny;
switch (account->perm_deny) {
case PURPLE_PRIVACY_ALLOW_ALL:
if (!restore) {
/* Empty the deny-list. */
const char *norm = purple_normalize(account, who);
for (list = account->deny; list != NULL; ) {
char *person = list->data;
list = list->next;
if (!purple_strequal(norm, person))
purple_privacy_deny_remove(account, person, local);
}
}
purple_privacy_deny_add(account, who, local);
account->perm_deny = PURPLE_PRIVACY_DENY_USERS;
break;
case PURPLE_PRIVACY_ALLOW_USERS:
purple_privacy_permit_remove(account, who, local);
break;
case PURPLE_PRIVACY_DENY_USERS:
purple_privacy_deny_add(account, who, local);
break;
case PURPLE_PRIVACY_DENY_ALL:
break;
case PURPLE_PRIVACY_ALLOW_BUDDYLIST:
if (purple_find_buddy(account, who)) {
add_all_buddies_to_permit_list(account, local);
purple_privacy_permit_remove(account, who, local);
account->perm_deny = PURPLE_PRIVACY_ALLOW_USERS;
}
break;
default:
g_return_if_reached();
}
/* Notify the server if the privacy setting was changed */
if (type != account->perm_deny && purple_account_is_connected(account))
serv_set_permit_deny(purple_account_get_connection(account));
}
gboolean
purple_privacy_check(PurpleAccount *account, const char *who)
{
GSList *list;
switch (account->perm_deny) {
case PURPLE_PRIVACY_ALLOW_ALL:
return TRUE;
case PURPLE_PRIVACY_DENY_ALL:
return FALSE;
case PURPLE_PRIVACY_ALLOW_USERS:
who = purple_normalize(account, who);
for (list=account->permit; list!=NULL; list=list->next) {
if (g_str_equal(who, list->data))
return TRUE;
}
return FALSE;
case PURPLE_PRIVACY_DENY_USERS:
who = purple_normalize(account, who);
for (list=account->deny; list!=NULL; list=list->next) {
if (g_str_equal(who, list->data))
return FALSE;
}
return TRUE;
case PURPLE_PRIVACY_ALLOW_BUDDYLIST:
return (purple_find_buddy(account, who) != NULL);
default:
g_return_val_if_reached(TRUE);
}
}
void
purple_privacy_set_ui_ops(PurplePrivacyUiOps *ops)
{
privacy_ops = ops;
}
PurplePrivacyUiOps *
purple_privacy_get_ui_ops(void)
{
return privacy_ops;
}
void
purple_privacy_init(void)
{
}