fake redirection by iframe...

place/remotor.c

@@ -1,5 +1,5 @@
 // this place is configured in a suitable way for receiving
-// syslog events from the syslog2psyc tool in perlpsyc
+// tor router events from the remotor tool in perlpsyc
 //
 #include <net.h>
 

world/net/http/header.i

@@ -24,18 +24,16 @@ varargs http_error(string prot, int code, string comment, string html) {
 	P2(("hterror(%O,%O,%O,%O) in %O\n", prot,code,comment,html, ME))
 #if defined(T)
 	// use the textdb if available
-	out = psyctext( T("_PAGES_error",
+	out = psyctext( T("_PAGES_error", "<title>Error [_code]</title><body><h1 id='code'>[_code]</h1><div id='comment'>[_comment]</div>"),
-			      "<html><title id='code'>[_code]</title>\n"
-		"<body><h1 id='comment'>[_comment]</h1></body></html>\n"),
 		    ([ "_comment": comment, "_code": code ]) );
 #else
 	// use some hardcoded defaults
-	out = "<body text=white bgcolor=black link=green vlink=green>\n";
+	out = "<body text='white' bgcolor='black' link='green' vlink='green'>\n";
 	if (html) out = sprintf("<title>%s</title>\n%s%s", comment, out, html);
 	else out = sprintf("\
-<title>error %d</title>\n\
+<title>Error %d</title>\n\
 %s\n\
-<table width=\"100%%\" height=\"90%%\"><tr><th><h1><br>\n\n\
+<table width=\"100%%\" height=\"90%%\"><tr><th><h1><br/>\n\n\
 %s\n\n\
 </h1></th></tr></table>\n\
 ",

world/net/http/library.i

@@ -95,12 +95,19 @@ varargs string htredirect(string prot, string target, string comment, int perman
 		printf("%s %d %s\n%s", HTTP_SVERS,
 		  permanent ? R_MOVED : R_FOUND, comment, htheaders());
 	}
+	// this page might actually be visible
+	// if content-disposition: attachment is given
+	// or redirects are otherwise intercepted by plugin
+	// so a proper _PAGES form could be appropriate
 	printf("\
 Location: %s\n%s\
 \n\
-<a href=\"%s\">%s</a>.\n\
+<title>%s</title>\n\
-",
+<body bgcolor='black' text='white' link='red' vlink='red'>\n\
-		target, extra, target, comment);
+%s\n",
+	// exposing the link to end-user may not be intended:
+	// <a href=\"%s\">%s</a>.
+		target, extra, comment, comment);
 	return 0;
 }
 

world/net/include/place.gen

@@ -18,6 +18,10 @@
 #include <status.h>
 #include <uniform.h>
 
+#ifndef HT_LOGO
+# define HT_LOGO DEFAULT_HT_LOGO
+#endif
+
 #ifdef BRAIN
 
 # ifdef SLAVE
@@ -610,8 +614,9 @@ htget(prot, query, headers, qs) {
 }
 #endif
 
-#ifdef CHALLENGE_MATCH
+#ifdef CHALLENGE_QUESTION   // should make media player etc work also w/o challenge FIXME
 #include <sys/regexp.h>
+#include "ht/http.h"
 
 #define CHALOG(verb)	log_file("CHALLENGE", "%s %s %O A:%O P:%O C:%O\n", \
 		 MYNICK, verb, query_ip_name(), \
@@ -619,14 +624,47 @@ htget(prot, query, headers, qs) {
 
 // maybe this all belongs into archetype.gen.. chesmo!
 htget(prot, query, headers, qs, data, noprocess) {
-	string item = headers[item] || "/@"+ MYNICK;
+	if (probably_private(this_interactive()) <= PRIVACY_SURVEILLED) {
-	if (stringp(headers["cookie"]) && regmatch(headers["cookie"],
+		hterror(prot, R_PAYMENTREQ, "To protect against abuse in this nasty world this function needs 'https' instead of 'http'.");
-		 "challenge=complete&answer="+ md5(CHALLENGE_MATCH))) {
+		htnotify(query, headers, "_challenge_disabled_encryption",
+		    "[_nick_place] sees no TLS by [_web_on] from [_web_from].");
+		return 0;
+	}
+	string item = "/@"+ MYNICK;
+	if (
+# ifdef CHALLENGE_AGENT
+	    stringp(headers["user-agent"]) &&
+	       regmatch(lower_case(headers["user-agent"]), CHALLENGE_AGENT)
+# else
+#  ifdef CHALLENGE_ACCOUNTS
+#   define CHALLENGE_CHECK CHALLENGE_ACCOUNTS
+#  else
+#   ifdef CHALLENGE_MATCH
+#    define CHALLENGE_CHECK CHALLENGE_MATCH
+#   endif
+#  endif
+	    stringp(headers["cookie"]) && regmatch(headers["cookie"],
+		 "challenge=complete&answer="+ md5(CHALLENGE_CHECK))
+# endif
+	     ) {
 		CHALOG("completes");
-		htnotify(query, headers, "_accomplished_web",
+		htnotify(query, headers, "_challenge_accomplished_web",
 		    "Challenge accomplished in [_nick_place] by [_web_on] coming from [_web_from].");
 # ifdef CHALLENGE_REDIRECT
-		return htredirect(prot, CHALLENGE_REDIRECT, "There you go", 0, "Set-Cookie: psycplace=\"challenge=done\"; Path="+ item +"; Secure; Max-Age=9\n");
+#  ifdef CHALLENGE_REDIRECT_TITLE
+#   ifdef CHALLENGE_QUESTION
+		htok3(prot, 0, "Set-Cookie: psycplace=\"challenge=done\"; Path="+ item +"; Secure; Max-Age=9\n");
+#   else
+		htok();
+#   endif
+		w("_PAGES_frame_redirect", 0,
+		    ([ "_uniform_page" : CHALLENGE_REDIRECT,
+		       "_title_page" : CHALLENGE_REDIRECT_TITLE,
+		       "_nick_place" : MYNICK ]) );
+		return 1;
+#  else
+		return htredirect(prot, CHALLENGE_REDIRECT, "Download or redirect initiated", 0, "Content-Disposition: attachment\nSet-Cookie: psycplace=\"challenge=done\"; Path="+ item +"; Secure; Max-Age=9\n");
+#  endif
 # else
 #  ifdef HTGET
 		// you may want to output a player iframe instead of a redirect...
@@ -636,33 +674,66 @@ htget(prot, query, headers, qs, data, noprocess) {
 #  endif
 # endif
 	}
-	if (stringp(query["answer"]) && headers["cookie"] &&
+# if defined(CHALLENGE_MATCH) || defined(CHALLENGE_ACCOUNTS)
-	    regmatch(headers["cookie"], "challenge=given") &&
+	if (stringp(query["answer"])) {
-	    regmatch(lower_case(query["answer"]), CHALLENGE_MATCH)) {
+		unless (headers["cookie"]) {
-		// lazy me could have used referer here ;)
+			CHALOG("disabled");
-		string nu = stringp(query["parameters"]) &&
+			hterror(prot, R_PAYMENTREQ, "To protect against abuse in this nasty world this function needs just temporarily enabled cookies. There are no de-anonymizing purposes involved. Or did you just lowercase my name in the URL?");
-			     strlen(query["parameters"]) ?
+			htnotify(query, headers, "_challenge_disabled_web",
-			 item +"?"+ query["parameters"] : item;
+			    "[_nick_place] sees no cookies by [_web_on] from [_web_from].");
-		CHALOG("reloads");
-		htredirect(prot, nu, "Reload, please", 0, "Set-Cookie: psycplace=\"challenge=complete&answer="+ md5(CHALLENGE_MATCH) +"\"; Path="+ item +"; Secure; Max-Age=99\n");
 			return 1;
 		}
+		string acct;
+		if (regmatch(headers["cookie"], "challenge=given")) {
+			if (query["answer"] && 
+#  ifdef CHALLENGE_ACCOUNTS
+			    (acct = CHALLENGE_ACCOUNTS->consult(query["answer"]))
+#  else
+			    regmatch(lower_case(query["answer"]), CHALLENGE_MATCH)
+#  endif
+			) {
+				// lazy me could have used referer here ;)
+				string nu = stringp(query["parameters"]) &&
+					     strlen(query["parameters"]) &&
+					     query["parameters"] != "0" ?
+					 item +"?"+ query["parameters"] : item;
+				CHALOG(acct? ("authenticates as "+ acct): "reloads");
+				htredirect(prot, nu, "Reload, please", 0, "Set-Cookie: psycplace=\"challenge=complete&answer="+ md5(CHALLENGE_CHECK) +"\"; Path="+ item +"; Secure; Max-Age=99\n");
+				if (acct) htnotify(query, headers, "_challenge_authenticated_web",
+		    "[_web_on] authenticated for [_nick_place] coming from [_web_from].", acct);
+				return 1;
+			} else {
+				CHALOG("fails");
+				htnotify(query, headers, "_challenge_failed_web",
+				    "[_nick_place] sees [_web_on] from [_web_from] fail the challenge.");
+			}
+		}
+	} else
+# endif
+       	{
+		CHALOG("challenges");
+		htnotify(query, headers, "_challenge_presented_web",
+		    "[_nick_place] challenges [_web_on] coming from [_web_from].");
+		    //	(query [_web_query], cookie [_web_cookie]).");
+	}
+	// If you have trouble reloading the HTML template
+	// look out for both 'ht' and 'html' textdbs!
 	sTextPath(query["layout"], query["lang"], "html");
 	// using a non-psyced cookie here so that you can't construct a 
 	// url that allows other people to bypass the challenge.
-	// could add a timeout here...
 	htok3(prot, 0, "Set-Cookie: psycplace=\"challenge=given\"; Path="+ item +"; Secure; Max-Age=999\n");
-	CHALOG("challenges");
+# ifndef CHALLENGE_REDIRECT_TITLE
+#  define CHALLENGE_REDIRECT_TITLE "Challenge for " MYNICK
+# endif
 	w("_PAGES_group_challenge", 0,
 	    ([ "_challenge" : htquote(CHALLENGE_QUESTION),
 		    // if the user failed the challenge,
 		    // we maintain the original qs for next attempt:
 	       "_parameters" : query["parameters"] || qs,
+	       "_uniform_logo" : HT_LOGO,
+	       "_title_page" : CHALLENGE_REDIRECT_TITLE,
 	       "_nick_place" : MYNICK ]) );
 	// printf("%O vs %O\n", query, headers);
-	htnotify(query, headers, "_challenged_web",
-	    "[_nick_place] challenges [_web_on] coming from [_web_from].");
-	    //	(query [_web_query], cookie [_web_cookie]).");
 	return 1;
 }
 #endif

world/net/jabber/server.c

@@ -191,7 +191,7 @@ jabberMsg(XMLNode node) {
 		    // super dirty.. this should all be in textdb
 		    packet = sprintf("<iq type='result' id='%s'>"
 				     "<query xmlns='jabber:iq:register'/>"
-	 "<error code='501>Registration by XMPP not permitted.</error></iq>",
+	 "<error code='501'>Registration by XMPP not permitted.</error></iq>",
 				     id);
 #else
 		    packet = sprintf("<iq type='result' id='%s'>"
@@ -235,7 +235,10 @@ jabberMsg(XMLNode node) {
 			// QUIT
 		    } else {
 #if defined(_flag_disable_unauthenticated_users_XMPP) || defined(_flag_disable_registration_XMPP)
-			// TODO: generate some error as above
+			emit(sprintf("<iq type='result' id='%s'>"
+				     "<query xmlns='jabber:iq:register'/>"
+	 "<error code='501'>Registration by XMPP not permitted.</error></iq>",
+				     id));
 #else
 			user -> vSet("password", t[Cdata]);
 			if (t = helper["/email"]) {

world/net/place/archetype.gen

@@ -474,7 +474,7 @@ _request_set_topic(source, mc, data, vars, b) {
 
 #if HAS_PORT(HTTP_PORT, HTTP_PATH) || HAS_PORT(HTTPS_PORT, HTTP_PATH)
 // for GDPR compliance server owners are expected not to log these messages
-htnotify(query, headers, mc, fmt) {
+htnotify(query, headers, mc, fmt, acct) {
 	if (query["from"] == "") query["from"] = 0;
 	if (query["location"] == "") query["location"] = 0;
 
@@ -484,7 +484,7 @@ htnotify(query, headers, mc, fmt) {
 	([	"_web_referrer" : query["from"] || "bookmark",
 		"_web_page" : query["location"] || headers["referer"] || "",
 		"_web_browser" : headers["user-agent"] || "",
-		"_web_on" : query["location"] || headers["referer"] ||
+		"_web_on" : acct || query["location"] || headers["referer"] ||
 			    headers["user-agent"] || "",
 		"_web_from" : query["from"] ||
 			    query_ip_name(this_interactive()) ||