diff --git a/src/account.h b/src/account.h index 3200da86d1e48fd37c199643b8be8ec1347c7852..80515e47bafb8ae26c6677c23481c1b6d87e976b 100644 --- a/src/account.h +++ b/src/account.h @@ -52,6 +52,12 @@ namespace Json { class Value; } +namespace dht { +namespace crypto { +struct Certificate; +} +} + namespace jami { static constexpr uint64_t JAMI_ID_MAX_VAL = 9007199254740992; constexpr static const char RINGDIR[] = "ringtones"; @@ -343,7 +349,8 @@ public: */ virtual void connectivityChanged() {}; - virtual bool handleMessage(const std::string& /*from*/, + virtual bool handleMessage(const std::shared_ptr<dht::crypto::Certificate>& /*cert*/, + const std::string& /*from*/, const std::pair<std::string, std::string>& /*message*/) { return false; diff --git a/src/jamidht/jamiaccount.cpp b/src/jamidht/jamiaccount.cpp index 56727a670317e9de4664baf2d77885fdfa6579fe..3ee4196a08f6a50546c253485e0227f4f52f9f96 100644 --- a/src/jamidht/jamiaccount.cpp +++ b/src/jamidht/jamiaccount.cpp @@ -2387,12 +2387,12 @@ JamiAccount::syncModule() void JamiAccount::onTextMessage(const std::string& id, const std::string& from, - const std::string& deviceId, + const std::shared_ptr<dht::crypto::Certificate>& peerCert, const std::map<std::string, std::string>& payloads) { try { const std::string fromUri {parseJamiUri(from)}; - SIPAccountBase::onTextMessage(id, fromUri, deviceId, payloads); + SIPAccountBase::onTextMessage(id, fromUri, peerCert, payloads); } catch (...) { } } @@ -3569,19 +3569,29 @@ JamiAccount::sendInstantMessage(const std::string& convId, } bool -JamiAccount::handleMessage(const std::string& from, const std::pair<std::string, std::string>& m) +JamiAccount::handleMessage(const std::shared_ptr<dht::crypto::Certificate>& cert, const std::string& from, const std::pair<std::string, std::string>& m) { + if (not cert or not cert->issuer) + return true; // stop processing message + + if (cert->issuer->getId().to_view() != from) { + JAMI_WARNING("[Account {}] [device {}] handleMessage: invalid author {}", getAccountID(), cert->issuer->getId().to_view(), from); + return true; + } if (m.first == MIME_TYPE_GIT) { Json::Value json; if (!json::parse(m.second, json)) { - return false; + return true; } - std::string deviceId = json["deviceId"].asString(); - std::string id = json["id"].asString(); - std::string commit = json["commit"].asString(); // fetchNewCommits will do heavy stuff like fetching, avoid to block SIP socket - dht::ThreadPool::io().run([w = weak(), from, deviceId, id, commit] { + dht::ThreadPool::io().run([ + w = weak(), + from, + deviceId = json["deviceId"].asString(), + id = json["id"].asString(), + commit = json["commit"].asString() + ] { if (auto shared = w.lock()) { if (auto cm = shared->convModule()) cm->fetchNewCommits(from, deviceId, id, commit); @@ -3594,7 +3604,7 @@ JamiAccount::handleMessage(const std::string& from, const std::pair<std::string, } else if (m.first == MIME_TYPE_INVITE_JSON) { Json::Value json; if (!json::parse(m.second, json)) { - return false; + return true; } convModule()->onConversationRequest(from, json); return true; @@ -3638,7 +3648,7 @@ JamiAccount::handleMessage(const std::string& from, const std::pair<std::string, messageId = matched_pattern[1]; } else { JAMI_WARNING("Message displayed: unable to parse message ID"); - return false; + return true; } static const std::regex STATUS_REGEX("<status>\\s*<(\\w+)\\/>\\s*<\\/status>"); @@ -3648,7 +3658,7 @@ JamiAccount::handleMessage(const std::string& from, const std::pair<std::string, isDisplayed = matched_pattern[1] == "displayed"; } else { JAMI_WARNING("Message displayed: unable to parse status"); - return false; + return true; } static const std::regex CONVID_REGEX("<conversation>\\s*(\\w+)\\s*<\\/conversation>"); diff --git a/src/jamidht/jamiaccount.h b/src/jamidht/jamiaccount.h index dec8ec3e836445cf5ce479cded97e943f5d898f5..1ba574d1d751f84ea748731ef77a673ca305b158 100644 --- a/src/jamidht/jamiaccount.h +++ b/src/jamidht/jamiaccount.h @@ -261,7 +261,7 @@ public: void onTextMessage(const std::string& id, const std::string& from, - const std::string& deviceId, + const std::shared_ptr<dht::crypto::Certificate>& peerCert, const std::map<std::string, std::string>& payloads) override; void loadConversation(const std::string& convId); @@ -468,7 +468,8 @@ public: // Received a new commit notification - bool handleMessage(const std::string& from, + bool handleMessage(const std::shared_ptr<dht::crypto::Certificate>& cert, + const std::string& from, const std::pair<std::string, std::string>& message) override; void monitor(); diff --git a/src/jamidht/message_channel_handler.cpp b/src/jamidht/message_channel_handler.cpp index 97046eaae7356a21f319292ab05bb8152326719f..ca0e892b15fc222ff7a2ebccbe143b138d1c90ca 100644 --- a/src/jamidht/message_channel_handler.cpp +++ b/src/jamidht/message_channel_handler.cpp @@ -145,7 +145,7 @@ MessageChannelHandler::onReady(const std::shared_ptr<dht::crypto::Certificate>& socket->setOnRecv([acc = pimpl_->account_.lock(), peerId, - deviceId = device.toString(), + cert, ctx = std::make_shared<DecodingContext>()](const uint8_t* buf, size_t len) { if (!buf || !acc) return len; @@ -159,10 +159,10 @@ MessageChannelHandler::onReady(const std::shared_ptr<dht::crypto::Certificate>& while (ctx->pac.next(oh)) { Message msg; oh.get().convert(msg); - acc->onTextMessage("", peerId, deviceId, {{msg.t, msg.c}}); + acc->onTextMessage("", peerId, cert, {{msg.t, msg.c}}); } } catch (const std::exception& e) { - JAMI_WARNING("[convInfo] Error parsing message: {:s}", e.what()); + JAMI_WARNING("[convInfo] error on sync: {:s}", e.what()); } return len; }); diff --git a/src/sip/sipaccountbase.cpp b/src/sip/sipaccountbase.cpp index 630190a961c9a03defdde3f7346b6f30d80a9846..5d594450e0874ed38f4568c5259fa417d354eb0c 100644 --- a/src/sip/sipaccountbase.cpp +++ b/src/sip/sipaccountbase.cpp @@ -274,10 +274,10 @@ SIPAccountBase::getIceOptions() const noexcept void SIPAccountBase::onTextMessage(const std::string& id, const std::string& from, - const std::string& /* deviceId */, + const std::shared_ptr<dht::crypto::Certificate>& peerCert, const std::map<std::string, std::string>& payloads) { - JAMI_LOG("[Account {}] Text message received from {}, {:d} part(s)", accountID_, from, payloads.size()); + JAMI_LOG("[Account {}] [peer {}] Text message received from {}, {:d} part(s)", accountID_, peerCert ? peerCert->getLongId().to_view() : ""sv, from, payloads.size()); for (const auto& m : payloads) { if (!utf8_validate(m.first)) return; @@ -285,7 +285,7 @@ SIPAccountBase::onTextMessage(const std::string& id, JAMI_WARNING("[Account {}] Dropping invalid message with MIME type {}", accountID_, m.first); return; } - if (handleMessage(from, m)) + if (handleMessage(peerCert, from, m)) return; } diff --git a/src/sip/sipaccountbase.h b/src/sip/sipaccountbase.h index eee50e845df648b98edd30bb292d2fe611678c9f..8c2aa14d2be9c2a4bb91eafc8eaf2f8187adcc28 100644 --- a/src/sip/sipaccountbase.h +++ b/src/sip/sipaccountbase.h @@ -201,7 +201,7 @@ public: virtual void onTextMessage(const std::string& id, const std::string& from, - const std::string& deviceId, + const std::shared_ptr<dht::crypto::Certificate>& peerCert, const std::map<std::string, std::string>& payloads); /* Returns true if the username and/or hostname match this account */ diff --git a/src/sip/sipvoiplink.cpp b/src/sip/sipvoiplink.cpp index b159fe634b9208e7791d13eba1fec85930fb4f8b..f13e6337605ae2a46823c86f102f47a6450e9351 100644 --- a/src/sip/sipvoiplink.cpp +++ b/src/sip/sipvoiplink.cpp @@ -348,7 +348,7 @@ transaction_request_cb(pjsip_rx_data* rdata) } catch (...) { } } - account->onTextMessage(id, peerNumber, std::string(transport->deviceId()), payloads); + account->onTextMessage(id, peerNumber, transport->getTlsInfos().peerCert, payloads); } return PJ_FALSE; }