From 1211dd5ea31fe867e69437860d0a3c30259cec4e Mon Sep 17 00:00:00 2001
From: Amin Ben Ramdhane <amin.benramdhane@pivasoftware.com>
Date: Thu, 20 Jun 2019 15:26:00 +0100
Subject: [PATCH] xmpp: enhancement when checking the tls

---
 config/cwmp_xmpp        |  1 +
 dm/dmtree/common/xmpp.c |  9 ++++++---
 xmpp/xmpp.c             | 13 +++++++++----
 xmpp/xmpp.h             |  2 +-
 xmpp/xmppconfig.c       | 16 ++++++++++++++++
 xmpp/xmppconfig.h       |  1 +
 6 files changed, 34 insertions(+), 8 deletions(-)

diff --git a/config/cwmp_xmpp b/config/cwmp_xmpp
index 1c200ea..96642b0 100644
--- a/config/cwmp_xmpp
+++ b/config/cwmp_xmpp
@@ -13,6 +13,7 @@ config xmpp_connection
 	option password ''
 	option domain 	''
 	option resource ''
+	option usetls '0'
 	option interval '30'
 	option attempt '16'
 	option initial_retry_interval ''
diff --git a/dm/dmtree/common/xmpp.c b/dm/dmtree/common/xmpp.c
index 3775b72..37808ea 100644
--- a/dm/dmtree/common/xmpp.c
+++ b/dm/dmtree/common/xmpp.c
@@ -170,7 +170,8 @@ int set_connection_enable(char *refparam, struct dmctx *ctx, void *data, char *i
 				return FAULT_9007;
 			return 0;
 		case VALUESET:
-			dmuci_set_value_by_section(connsection, "enable", value);
+			string_to_bool(value, &b);
+			dmuci_set_value_by_section(connsection, "enable", b ? "1" : "0");
 			return 0;
 	}
 	return 0;
@@ -447,7 +448,8 @@ int set_xmpp_connection_server_usetls(char *refparam, struct dmctx *ctx, void *d
 				return FAULT_9007;
 			return 0;
 		case VALUESET:
-			dmuci_set_value_by_section(connsection, "usetls", value);
+			string_to_bool(value, &b);
+			dmuci_set_value_by_section(connsection, "usetls", b ? "1" : "0");
 			return 0;
 	}
 	return 0;
@@ -506,7 +508,8 @@ int set_xmpp_connection_server_enable(char *refparam, struct dmctx *ctx, void *d
 				return FAULT_9007;
 			return 0;
 		case VALUESET:
-			dmuci_set_value_by_section(connsection, "enable", value);
+			string_to_bool(value, &b);
+			dmuci_set_value_by_section(connsection, "enable", b ? "1" : "0");
 			return 0;
 	}
 	return 0;
diff --git a/xmpp/xmpp.c b/xmpp/xmpp.c
index 1ed2d83..98ad529 100644
--- a/xmpp/xmpp.c
+++ b/xmpp/xmpp.c
@@ -320,10 +320,13 @@ void xmpp_connecting(void)
 	log_cwmp_xmpp.userdata = &(xmpp_mesode_log_level);
 	ctx = xmpp_ctx_new(NULL, &log_cwmp_xmpp);
 	conn = xmpp_conn_new(ctx);
-	/* Set flag XMPP_CONN_FLAG_TRUST_TLS to
-	ignore result of the verification */
-	/*flags |= XMPP_CONN_FLAG_TRUST_TLS;*/
-	/*xmpp_conn_set_flags(conn, flags);*/
+
+	if(cur_xmpp_con.usetls)
+		flags |= XMPP_CONN_FLAG_MANDATORY_TLS; /* Set flag XMPP_CONN_FLAG_MANDATORY_TLS to oblige the verification of tls */
+	else
+		flags |= XMPP_CONN_FLAG_TRUST_TLS; /* Set flag XMPP_CONN_FLAG_TRUST_TLS to ignore result of the verification */
+	xmpp_conn_set_flags(conn, flags);
+
 	asprintf(&jid, "%s@%s/%s", cur_xmpp_con.username, cur_xmpp_con.domain, cur_xmpp_con.resource);
 	xmpp_conn_set_jid(conn, jid);
 	xmpp_conn_set_pass(conn, cur_xmpp_con.password);
@@ -453,6 +456,7 @@ int xmpp_con_init(void)
 	cur_xmpp_con.password = strdup((const char *)get_xmpp_password(instance));
 	cur_xmpp_con.domain = strdup((const char *)get_xmpp_domain(instance));
 	cur_xmpp_con.resource = strdup((const char *)get_xmpp_resource(instance));
+	cur_xmpp_con.usetls = atoi((const char *)get_xmpp_usetls(instance));
 	cur_xmpp_con.serveralgorithm = strdup((const char *)get_xmpp_serveralgorithm(instance));
 	cur_xmpp_con.serveraddress = strdup((const char *)get_xmpp_server_address(instance));
 	cur_xmpp_con.port = atoi((const char *)get_xmpp_port(instance));
@@ -472,6 +476,7 @@ int xmpp_con_init(void)
 	cwmp_xmpp_log(SDEBUG,"XMPP password: %s", cur_xmpp_con.password);
 	cwmp_xmpp_log(SDEBUG,"XMPP domain: %s", cur_xmpp_con.domain);
 	cwmp_xmpp_log(SDEBUG,"XMPP resource: %s", cur_xmpp_con.resource);
+	cwmp_xmpp_log(SDEBUG,"XMPP use_tls: %d", cur_xmpp_con.usetls);
 	cwmp_xmpp_log(SDEBUG,"XMPP serveralgorithm: %s", cur_xmpp_con.serveralgorithm);
 	cwmp_xmpp_log(SDEBUG,"XMPP server_address: %s", cur_xmpp_con.serveraddress);
 	cwmp_xmpp_log(SDEBUG,"XMPP port: %d", cur_xmpp_con.port);
diff --git a/xmpp/xmpp.h b/xmpp/xmpp.h
index 328ed48..3c96bd3 100644
--- a/xmpp/xmpp.h
+++ b/xmpp/xmpp.h
@@ -31,7 +31,6 @@
 #define DEFAULT_RETRY_INTERVAL_MULTIPLIER	2000
 #define DEFAULT_RETRY_MAX_INTERVAL			60
 #define DEFAULT_XMPP_RECONNECTION_RETRY		5
-#define XMPP_CONN_FLAG_TRUST_TLS     (1UL << 3)
 
 enum xmpp_cr_error {
 	XMPP_CR_NO_ERROR = 0,
@@ -61,6 +60,7 @@ struct xmpp_connection
 	int retry_interval_multiplier;
 	int retry_max_interval;
 	int port;
+	bool usetls;
 };
 
 extern struct xmpp_config cur_xmpp_conf;
diff --git a/xmpp/xmppconfig.c b/xmpp/xmppconfig.c
index 70242a4..7539b50 100644
--- a/xmpp/xmppconfig.c
+++ b/xmpp/xmppconfig.c
@@ -121,6 +121,22 @@ char *get_xmpp_resource(char *instance)
 	return v;
 }
 
+char *get_xmpp_usetls(char *instance)
+{
+	struct uci_section *s;
+	char *v, *conn_inst;
+	dmuci_foreach_section("cwmp_xmpp", "xmpp_connection", s) {
+		conn_inst = dmuci_get_value_bysection(s, "connection_instance");
+		if(strcmp(conn_inst, instance) == 0)
+		{
+			v = dmuci_get_value_bysection(s, "usetls");
+			return v;
+		}
+	}
+	v = "";
+	return v;
+}
+
 char *get_xmpp_keepalive_interval(char *instance)
 {
 	struct uci_section *s;
diff --git a/xmpp/xmppconfig.h b/xmpp/xmppconfig.h
index 48198c9..cdaac00 100644
--- a/xmpp/xmppconfig.h
+++ b/xmpp/xmppconfig.h
@@ -32,6 +32,7 @@ char *get_xmpp_username(char *instance);
 char *get_xmpp_password(char *instance);
 char *get_xmpp_domain(char *instance);
 char *get_xmpp_resource(char *instance);
+char *get_xmpp_usetls(char *instance);
 char *get_xmpp_keepalive_interval(char *instance);
 char *get_xmpp_connect_attempts(char *instance);
 char *get_xmpp_connect_initial_retry_interval(char *instance);