1
0
Fork 0
mirror of https://github.com/vanitasvitae/Smack.git synced 2024-12-23 11:07:57 +01:00
Commit graph

3772 commits

Author SHA1 Message Date
Lars Noschinski
9ac882241a Process only requested roster results (SMACK-538)
Prior to this change, Smack processes each RosterPacket (which is not of
type IQ.Type.RESULT) as a roster result.

Any other client on the XMPP network can send such a packet (not only
our server). This allows a malicious party to overwrite our Roster.

This patch changes smack so that a RosterPacket is discarded if it is
not a reply to a roster request.
2014-03-07 16:13:19 +01:00
Lars Noschinski
6c7296a37b Add and use IQReplyFilter (SMACK-533)
In the absence of checks on the from address, it is possible for other
clients to fake an answer to an IQ request.

This commit adds an IQReplyFilter, which drops all packets which are not
a valid reply to an IQ request. In particular, it checks for packet id,
from address and packet type.

Most(?) places waiting for a reply to an IQ request are converted to use
the IQReplyFilter.

For a discussion of the issues, see the thread "Spoofing of iq ids and
misbehaving servers" from 2014-01 on the jdev@jabber.org mailing list
and following discussion in February and March.
2014-03-07 16:13:07 +01:00
Lars Noschinski
980047c4e1 Create accurate filter for matching on from address (SMACK-71)
Smack contains two PacketFilters to filter on the from address.
FromContainsFilter simply does a substring match, which is problematic
as explained in SMACK-71. FromMatchesFilter partially fixes this
weakness, but it still uses String#startsWith to filter on bare
addresses. For example, when setup to match all JIDs with bare JID
"foo@example.co", it will still match "foo@example.com".

This commit changes FromMatchesFilter to test equality with the bare
from instead of startsWith with the full from.

Moreover, we convert all uses of FromContainsFilter to FromMatchesFilter
and remove FromContainsFilter. Additionally, the unused ToContainsFilter
(which as the same weaknesses) is removed, too.
2014-03-05 06:48:40 +01:00
Florian Schmaus
0e49b23687 Use correct namespace for MUC.getAdmins()
Fixes (again) SMACK-371
2014-03-01 15:38:07 +01:00
Florian Schmaus
e7963b698d PingManager should notify PingFailedListeners only once
Fixes SMACK-548
2014-03-01 15:29:35 +01:00
Florian Schmaus
a3e64bab18 Created 'tcp' subproject for TCPConnection
Renamed XMPPConnection to TCPConnection, since the other connection type
is also called BOSHConnection.
2014-03-01 14:31:34 +01:00
Florian Schmaus
790343867a Remove non-SASL authentication code (SMACK-446) 2014-03-01 14:31:29 +01:00
Florian Schmaus
3a4e6c6d39 Add automatically scheduled pings in PingManager
replaces keep-alive functionality. SMACK-537
2014-02-26 22:03:02 +01:00
Florian Schmaus
54a421e84e Make JUL Loggers final (SMACK-536) 2014-02-26 22:00:27 +01:00
Florian Schmaus
f0c6d1f1d3 Properly escape PubSub item's text (SMACK-546) 2014-02-26 22:00:27 +01:00
Florian Schmaus
2c7f1efe80 Send request after the PacketCollector was setup
This bug was introduced with 7bd7b3d24. Thanks to Lars Noschinski for
discovering it.
2014-02-25 22:52:07 +01:00
Florian Schmaus
3093333533 Reworked Smack initialization
Move extension relevant configuration options from SmackConfiguration to
the extension. Introduced disabledSmackClasses that can be configured
via a system property or configuration file.
2014-02-23 17:48:07 +01:00
Florian Schmaus
4121ec2c0e Use String(String,String) constructor in SmackConfiguration
String(String, Charset) is not available on all platforms, as it's only
provided by Android on API level 9 or higher.
2014-02-22 14:41:19 +01:00
Florian Schmaus
2241dae16a Remove some deprecated code 2014-02-20 16:04:20 +01:00
Florian Schmaus
352c362e90 Remove the dependency on javax.xml.transform
Not all platforms support this API (e.g. Android). Strip the
prettyPrint() method since it wasn't used anyway.

Also move XmlUtil in a more appropriate package.
2014-02-20 14:47:05 +01:00
Florian Schmaus
24b637876f Substitute MXParser with a call to XmlPullParserFactory
This makes Smack more portable, as there are platforms that support the
XmlPullParser interface, but not MXParser (e.g. Android).

Also enable checkstyle check that MXParser is not used.
2014-02-20 13:48:36 +01:00
Florian Schmaus
4db0b101c2 Raise jbosh version to 0.7.0 2014-02-20 13:11:10 +01:00
Florian Schmaus
b4d735e862 Cleanup of build.gradle
- Moved helper code at the end
- Add description to the POM
2014-02-19 23:26:56 +01:00
Florian Schmaus
1a94812660 Add BOSH subproject (SMACK-187) 2014-02-19 22:41:31 +01:00
Georg Lukas
fea2db2be7 SMACK-465: XMPPException using Java's wrapped Throwable 2014-02-19 10:42:39 +01:00
Florian Schmaus
602a8fc812 Activate the jingle subproject and move integration tests
The jingle subproject builds now. This doesn't change that the code is
outdated with regard to the specification and unmaintained for
years. But hopefully this is the first step to change that. :)

The integration tests have been moved into SourceSets of 'core' and
'extensions'.
2014-02-19 10:38:30 +01:00
Florian Schmaus
f7d3f559a2 Fix eclipse formatter settings: indentation.size=4 2014-02-18 23:15:38 +01:00
Florian Schmaus
7bd7b3d24c Improve packet send and result collecting API
Instead of repeating the same pattern, when sending an IQ get/set packet
and collecting the response

PacketFilter filter = new PacketIDFilter(request.getPacketID()),
PacketCollector collector = connection.createPacketCollector(filter);
connection.sendPacket(reg);
IQ result = (IQ)collector.nextResult(SmackConfiguration.getPacketReplyTimeout());
// Stop queuing results
collector.cancel();
if (result == null) {
    throw new XMPPException("No response from server.");
}
else if (result.getType() == IQ.Type.ERROR) {
    throw new XMPPException(result.getError());
}

the API got redesigned, so that the above code block can be replaced
with

Packet result = connection.createPacketCollectorAndSend(request).nextResultOrThrow();
2014-02-18 19:39:47 +01:00
Florian Schmaus
e6d5385129 Add more pom metadata 2014-02-18 10:51:24 +01:00
Florian Schmaus
312f2f7508 Move EntityCaps and Bookmarks API in correct package
Also move ProviderConfigTest into core, since it tests core
functionality, nothing provided by extensions. Found the reason the test
was failing since the gradle migration (provider entry test.providers),
and activated it again. \o/

New API design as of SMACK-545
2014-02-18 10:24:59 +01:00
Florian Schmaus
1f63ac31a5 Update README.md 2014-02-18 10:03:42 +01:00
Florian Schmaus
d069e1be64 Normalize newlines to '\n'
Change all \r\n into unix style newlines. Add missing newlines at the
end of a file and activate the newline checkstyle module, that enforces
'\n' as newline and a newline at the end of every file.
2014-02-17 23:58:40 +01:00
Florian Schmaus
1e57f1c659 Activate checkstyle and add missing license headers
Delete also all "All rights reserved" statements, as they are
unnecessary and conflict with checkstyle's header check. Delete unused
imports.
2014-02-17 20:09:55 +01:00
Florian Schmaus
2e11470aee Code cleanup: unused imports, values, blocks, etc. 2014-02-17 08:24:10 +01:00
Florian Schmaus
6dd64da930 Create new subproject 'legacy', move workgroup API into it 2014-02-17 08:24:10 +01:00
Florian Schmaus
202be35978 Add resource URLs to README.md 2014-02-16 15:22:47 +01:00
Florian Schmaus
207b060d78 Merge pull request #1 from SnakeDoc/master
Add basic markdown README
2014-02-16 11:08:59 +01:00
Florian Schmaus
3da34da5e7 Fix copy&paste error in intro.html 2014-02-15 22:36:52 +01:00
Jason Sipula
64b8cfe3dc added basic markdown readme 2014-02-15 13:36:42 -08:00
Florian Schmaus
38a3531ec6 Move privacy lists from core to extensions 2014-02-15 22:35:38 +01:00
Florian Schmaus
2ad517b6dd Add initializer tests and move classpath files
The initializer tests verify that every non-optional initializer, this
includes Providers, is loadable.

Creating files under META-INF is not considered best practice. Smack's
configuration and provider files reside now in classpath directory
qualified by Smack's package namespace.
2014-02-15 22:12:12 +01:00
Florian Schmaus
8d3814a8a7 New API design (SMACK-545) 2014-02-15 13:03:47 +01:00
Florian Schmaus
201152ef42 Migrate from Ant to Gradle (SMACK-265) 2014-02-14 18:46:33 +01:00
Florian Schmaus
235eca3a3d Change xml-not-well-formed to not-well-formed
Fixes SMACK-400
2014-02-10 14:10:36 +01:00
Florian Schmaus
acbf75a01b Remove <invalid-id> stream error (SMACK-401)
RFC 6120 removed the unnecessary and unused <invalid-id/> stream error.
2014-02-10 14:04:36 +01:00
Florian Schmaus
470868506f Add test-reports/ to gitignore 2014-02-10 14:01:06 +01:00
Florian Schmaus
7bba6b7f91 Fix typo in StreamInitiation.setSesssionID()
Fixes SMACK-427
2014-02-10 14:00:08 +01:00
Florian Schmaus
7ba3c3d43f Add namespace attribute to XHTML-IM body tags
Fixes SMACK-531
2014-02-10 13:51:12 +01:00
Florian Schmaus
4bc7ce052d Remove RCS header attributes 2014-02-10 12:33:41 +01:00
Florian Schmaus
93030c218c Remove ServerTrustManager
The implementation of ServerTrustManger contains a security
vulnerability, which could lead to unauthorized certificates being
erroneously trusted. SMACK-410
2014-02-10 12:07:39 +01:00
Florian Schmaus
5f5805cd1c Merge branch '3.4'
Conflicts:
	build/build.xml
2014-02-10 09:09:02 +01:00
Florian Schmaus
0cec5713d1 Smack 3.4.1 2014-02-09 14:11:22 +01:00
Florian Schmaus
fc26b83efd Use '-' as separator for $version.extra in build.xml 2014-02-08 13:21:55 +01:00
Florian Schmaus
9c61c6c945 Convert Connection references to weak references
If a Manager is strong referenced from a gc root, usually the instances
map, it should not hold itself a strong reference the connection in
order to avoid a cycle that prevents the Connection instance from being
gc'ed.

SMACK-383
2014-02-07 13:17:36 +01:00
Florian Schmaus
666f555733 Update eclipse project name 2014-02-07 12:40:48 +01:00