From 40a06771ff2a22f3801dfe174ca318cf4f67c1b1 Mon Sep 17 00:00:00 2001 From: Mike Macgirvin Date: Thu, 5 Aug 2010 02:57:03 -0700 Subject: [PATCH] reciprocal verification on notify, poll --- include/notifier.php | 14 ++++++++++++-- include/poller.php | 12 +++++++++++- mod/dfrn_notify.php | 9 ++++++++- mod/dfrn_poll.php | 10 +++++++++- mod/regmod.php | 2 +- 5 files changed, 41 insertions(+), 6 deletions(-) diff --git a/include/notifier.php b/include/notifier.php index a2d313b..7d9b09d 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -267,12 +267,22 @@ echo $xml; $res = simplexml_load_string($xml); - if((intval($res->status) != 0) || (! strlen($res->challenge)) || ($res->dfrn_id != $rr['dfrn-id'])) + if((intval($res->status) != 0) || (! strlen($res->challenge)) || (! strlen($res->dfrn_id))) continue; $postvars = array(); + $sent_dfrn_id = hex2bin($res->dfrn_id); + + $final_dfrn_id = ''; + openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$rr['pubkey']); + $final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.')); + if($final_dfrn_id != $rr['dfrn-id']) { + // did not decode properly - cannot trust this site + continue; + } $postvars['dfrn_id'] = $rr['dfrn-id']; + $challenge = hex2bin($res->challenge); openssl_public_decrypt($challenge,$postvars['challenge'],$rr['pubkey']); @@ -295,7 +305,7 @@ echo $xml; // Currently there is no retry attempt for failed mail delivery. // We need to handle this in the UI, report the non-deliverables and try again - if(($cmd == 'mail) && (intval($res->status) == 0)) { + if(($cmd == 'mail') && (intval($res->status) == 0)) { $r = q("UPDATE `mail` SET `delivered` = 1 WHERE `id` = %d LIMIT 1", intval($item_id) diff --git a/include/poller.php b/include/poller.php index e0b4d79..be073b9 100644 --- a/include/poller.php +++ b/include/poller.php @@ -84,11 +84,21 @@ echo "XML: " . $xml; $res = simplexml_load_string($xml); - if((intval($res->status) != 0) || (! strlen($res->challenge)) || ($res->dfrn_id != $contact['dfrn-id'])) + if((intval($res->status) != 0) || (! strlen($res->challenge)) || (! strlen($res->dfrn_id))) continue; $postvars = array(); + $sent_dfrn_id = hex2bin($res->dfrn_id); + + $final_dfrn_id = ''; + openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['pubkey']); + $final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.')); + if($final_dfrn_id != $contact['dfrn-id']) { + // did not decode properly - cannot trust this site + continue; + } + $postvars['dfrn_id'] = $contact['dfrn-id']; $challenge = hex2bin($res->challenge); diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index 38756f7..5655977 100644 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -253,7 +253,14 @@ function dfrn_notify_content(&$a) { openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']); $challenge = bin2hex($challenge); - echo '' .$status . '' . $_GET['dfrn_id'] . '' + + $encrypted_id = ''; + $id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999); + + openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']); + $encrypted_id = bin2hex($encrypted_id); + + echo '' .$status . '' . $encrypted_id . '' . '' . $challenge . '' . "\r\n" ; session_write_close(); exit; diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php index dadcd31..8d93700 100644 --- a/mod/dfrn_poll.php +++ b/mod/dfrn_poll.php @@ -174,7 +174,15 @@ function dfrn_poll_content(&$a) { openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']); $challenge = bin2hex($challenge); - echo '' .$status . '' . $_GET['dfrn_id'] . '' + + $encrypted_id = ''; + $id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999); + + openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']); + $encrypted_id = bin2hex($encrypted_id); + + + echo '' .$status . '' . $encrypted_id . '' . '' . $challenge . '' . "\r\n" ; session_write_close(); exit; diff --git a/mod/regmod.php b/mod/regmod.php index f2c3cb8..f03c2a3 100644 --- a/mod/regmod.php +++ b/mod/regmod.php @@ -6,7 +6,7 @@ function regmod_content(&$a) { if(! local_user()) { notice( t('Please login.') . EOL); - $o = login(($a->config['register_policy'] == REGISTER_CLOSED) ? 0 : 1); + $o .= '

' . login(($a->config['register_policy'] == REGISTER_CLOSED) ? 0 : 1); return $o; }