Archives
/
xmppipe
mirror of https://github.com/msantos/xmppipe
2
0
Fork 0
Code Issues Releases Wiki Activity
175 Commits
1 Branch
7 Tags
962 KiB
master
0.14.2
0.14.3
0.14.5
0.14.8
0.14.9
0.15.0
0.16.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c5f0f7b662'
${ noResults }
Commit Graph

175 Commits (c5f0f7b6623e1ad4c3fd793634ccaade033bcf50)
 

Author SHA1 Message Date
Michael Santos b9c446a928 test: error message for environment variables 8 years ago
Michael Santos ad39d23c05 test: base64 encode/decode 8 years ago
Michael Santos 7d1fb8fdb8 makefile: add target for test 8 years ago
Michael Santos e4fcd47b20 test: send using FIFOs between parent/child 8 years ago
Michael Santos ff86eb8f9a test: send a message using stdin 8 years ago
Michael Santos 6c4a14c712 sandbox/seccomp: fake close(2) return value 
Some errors will cause the XMPP file descriptor to be closed before
xmppipe exits. Return EBADF if close is called since the process will
terminate anyway.
 8 years ago
Michael Santos f51377428f Ignore invalid base64 messages 
When base64 encoding is enabled, ignore any messages that fail base64
decoding.

Previously signed-unsigned integer conversion would cause the return
value of b64_pton() on error (a negative integer) to be converted to a
large value. The attempt to allocate this value would force xmppipe to
exit.
 8 years ago
Michael Santos 85917f8ec4 sandbox/seccomp: print error message using err(3) 8 years ago
Michael Santos 417176cddb tests: add some basic tests 
Check the the basic functionality of xmppipe:

    # https://github.com/sstephenson/bats
    # apt-get install bats
    bats test
 8 years ago
Michael Santos 7f0b5863c0 handle_stdin: use fd for nfds 8 years ago
Michael Santos 15926183a6 sandbox/seccomp: add more syscalls 8 years ago
Michael Santos 25f3441b33 README: add information about sandbox 8 years ago
Michael Santos 4a440def98 Enforce sandboxing 8 years ago
Michael Santos 2bf9415683 sandbox: enable capabilities sandbox on FreeBSD 8 years ago
Michael Santos 707d7cf19d Display enforced sandbox in verbose mode 8 years ago
Michael Santos 5917d03137 sandbox: Linux seccomp syscall filter 
Add a BPF seccomp syscall filter on Linux. Not enabled by default. To
compile:

    XMPPIPE_SANDBOX=XMPPIPE_SANDBOX_SECCOMP make

The sandbox is derived from OpenSSH's seccomp sandbox by Will Drewry and
Kees Cook's tutorial on seccomp:

    http://outflux.net/teach-seccomp/
 8 years ago
Michael Santos c346c863e4 sandbox: set number of allowed fd's 
The number of file descriptors enforced by setrlimit() can now be set at
compile time using a flag. The flag defaults to 0 on Linux and -1
everywhere else:

    XMPPIPE_SANDBOX=XMPPIPE_SANDBOX_RLIMIT \
    XMPPIPE_SANDBOX_RLIMIT_NOFILE=-1 \
    make

The meaning of the XMPPIPE_SANDBOX_RLIMIT_NOFILE is:

* -1 : set rlim_cur/rlim_max to the lowest allocated file desciptor

* >=0: set rlim_cur/rlim_max to this number

On some platforms, setting rlim_cur below the value of the highest
allocated fd may interfere with polling. See commit a34d5766c5 for
details.
 8 years ago
Michael Santos a34d5766c5 sandbox: basic rlimit sandbox 
The rlimit sandbox disables forking processes and opening files.

The rlimit sandbox is not used by default yet. To compile it:

    XMPPIPE_SANDBOX=XMPPIPE_SANDBOX_RLIMIT make

The rlimit sandbox should work on any platform. However the interaction
of RLIMIT_NOFILE with poll(2) (and select(2)?) on some platforms (FreeBSD
but really any OS besides Linux) is problematic:

* opening a number of fd's, setting RLIMIT_NOFILE to 0, calling
  poll(2) on the fdset

  Linux: works
  FreeBSD: fails

* opening a number of fd's, setting RLIMIT_NOFILE to maxfd+1, calling
  poll(2) on the fdset

  Linux: works
  FreeBSD: works

The issue with the second option is that a library may have opened a
sequence of file descriptors then closed the lower numbered fd's:

    open() => 3
    open() => 4
    open() => 5
    close(3)
    close(4)
    maxfd = 5

RLIMIT_NOFILE would be set to 6 (stdin, stdout, stderr, 3, 4, 5) and the
sandbox would allow re-opening fd's 3 and 4.

One possible fix would be to run through the sequence of fd's before
entering the rlimit sandbox:

* test if the fd is closed
* if the fd is closed, dup2(STDIN_FILENO, fd)

Since the closed fd's are not part of the pollset, they will not be
polled and should be ignored.

Note we can't simply move maxfd to the lowest unused fd because
libstrophe maintains the fd number as internal, opaque state.

Empirically, the xmpp fd is always 3. Another option would be to abort
the process if the fd does not equal 3.
 8 years ago
Michael Santos cc665538cb sandbox: stdio mode using pledge(2) on OpenBSD 8 years ago
Michael Santos a7d0ca7e47 Initial support for sandboxing 
Prepare for sandboxing the xmppipe process by adding a function called
after all file descriptors are allocated.

The intent of the sandbox is to limit the xmppipe process to the role
of a component in a shell pipeline: reading from stdin, reading/writing
to the XMPP socket and writing to stdout. Any activity not involved with
using stdio should force the process to exit.

The sandbox function will vary based on the capabilities of the
platform. The default sandbox function does nothing.

Limitations of the sandbox:

Probably the biggest risk is in session establishment:
* the TLS handshake
* the XML parsing

The sandbox is enforced after the TLS connection is established, i.e.,
after the file descriptor for the XMPP session is allocated and so has no
effect on the TLS handshake or the initial XMPP handshake.

Possibly an initial sandbox could be setup for the connection phase
followed by a stricter sandbox for the stdio phase.
 8 years ago
Michael Santos 7cf7562bb1 Update readme 8 years ago
Michael Santos eef6074dd5 Add a LICENSE file 
Uses the ISC license. License is also in the source code.
 8 years ago
Michael Santos e20bca9bd1 const'ify all the things 8 years ago
Michael Santos 550eaf4e59 Check message id has been allocated 8 years ago
Michael Santos 04c05bd5f2 xmppipe: avoid memory leak from duplicate options 8 years ago
Michael Santos ee32002c2f ssh-over-xmpp: clean up example 8 years ago
Michael Santos 04f0641df1 Add example of terminal sharing using script(1) 8 years ago
Michael Santos 9410df9d78 bot.sh: clean up 8 years ago
Michael Santos 34efc88484 Mention tested XMPP servers 8 years ago
Michael Santos 2f2805d68a stdin: combine read error check 8 years ago
Michael Santos 16f03deff4 Fix typo 8 years ago
Michael Santos 877ecd5619 Flush stdout after print 8 years ago
Michael Santos 1e16b16c74 encoding: allow '@' and '/' 
To make the JID easier to read, do not encode @ and /. Probably all the
RFC 3986 reserved characters can be passed through.
 8 years ago
Michael Santos 07174101b4 encoding: remove useless lookup, sprintf 8 years ago
Michael Santos 1426be5902 Update README 8 years ago
Michael Santos def456835b Add README 8 years ago
Michael Santos 072e8542ae alloc: log sizes on error 8 years ago
Michael Santos 7d4672a99a enomem: log function name 
xmppipe occasionally crashes with an "allocation failure" message. Log
the function name for debugging.
 8 years ago
Michael Santos e96427bb36 Fix signed/unsigned integer comparison 9 years ago
Michael Santos a7717f381e Add compiler hardening flags 9 years ago
Michael Santos fc09ca4ff1 Be explicit with checks 9 years ago
Michael Santos d0792db2f8 darwin/sunos: include uuid.h 9 years ago
Michael Santos a392e836a0 Compile on BSDs 
Use uuid_create(3) and uuid_to_string(3) to create the message id on
BSDs. Only tested on FreeBSD but should work on OpenBSD and NetBSD.

Add untested support for compiling on Solaris and Mac OS X:

* SmartOS has libuuid installed by default with rsyslog via pkgsrc

* Mac OS X has libuuid as part of libSystem:

http://lists.apple.com/archives/unix-porting/2009/Aug/msg00006.html
 9 years ago
Michael Santos c814208bad Remove check for negative unsigned integer O.o 9 years ago
Michael Santos 69f97cd872 Add "to" field to message 
Distinguish which user received a message. Possibly useful if multiple
sessions are logged in or someone directly messages the bot.
 9 years ago
Michael Santos 4310fe0e6b Exit when disconnected 9 years ago
Michael Santos 1a680daa48 example: read in larger chunks of data 
Lengthen the poll delay to read in larger chunks of data. With a poll
value of 1 ms, there could be a large protocol message overhead: 1
character per XML stanza.
 9 years ago
Michael Santos 5b7c7a1b64 example: tunnel SSH over XMPP 
Server (system with access to the SSH and XMPP server):

 # ssh-over-xmpp server <conference> <IP address> <port>
 ssh-over-xmpp server sshxmpp 1.2.3.4 22

Client (system with access to the XMPP server):

 ssh -o ProxyCommand="ssh-over-xmpp client sshxmpp" 127.0.0.1
 9 years ago
Michael Santos 633bc390cb Test string is NULL, not first character of string 9 years ago
Michael Santos e82fc91bfb xmpp_stanza_get_name: check for NULL 9 years ago