X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=blobdiff_plain;f=src%2Fclient%2Fclientauthhandler.cpp;h=260128b7b7ef16c5eeb0a70665a63ebf36048bd4;hp=668c4a47ccaec9d0fadc4af05f70c98d2988a14c;hb=47b54cd3ad35201ff2ab9ef6bfdba83fc086558d;hpb=6eefdfc697067d184a589fc8a231b16316c09106 diff --git a/src/client/clientauthhandler.cpp b/src/client/clientauthhandler.cpp index 668c4a47..260128b7 100644 --- a/src/client/clientauthhandler.cpp +++ b/src/client/clientauthhandler.cpp @@ -1,5 +1,5 @@ /*************************************************************************** - * Copyright (C) 2005-2018 by the Quassel Project * + * Copyright (C) 2005-2020 by the Quassel Project * * devel@quassel-irc.org * * * * This program is free software; you can redistribute it and/or modify * @@ -21,67 +21,39 @@ #include "clientauthhandler.h" #include - -#ifdef HAVE_SSL - #include -#else - #include -#endif +#include #include "client.h" #include "clientsettings.h" -#include "logmessage.h" #include "peerfactory.h" #include "util.h" -using namespace Protocol; - -ClientAuthHandler::ClientAuthHandler(CoreAccount account, QObject *parent) - : AuthHandler(parent), - _peer(nullptr), - _account(account), - _probing(false), - _legacy(false), - _connectionFeatures(0) -{ - -} - +ClientAuthHandler::ClientAuthHandler(CoreAccount account, QObject* parent) + : AuthHandler(parent) + , _peer(nullptr) + , _account(account) + , _probing(false) + , _legacy(false) + , _connectionFeatures(0) +{} -Peer *ClientAuthHandler::peer() const +Peer* ClientAuthHandler::peer() const { return _peer; } - void ClientAuthHandler::connectToCore() { CoreAccountSettings s; -#ifdef HAVE_SSL - auto *socket = new QSslSocket(this); + auto* socket = new QSslSocket(this); // make sure the warning is shown if we happen to connect without SSL support later s.setAccountValue("ShowNoClientSslWarning", true); -#else - if (_account.useSsl()) { - if (s.accountValue("ShowNoClientSslWarning", true).toBool()) { - bool accepted = false; - emit handleNoSslInClient(&accepted); - if (!accepted) { - emit errorMessage(tr("Unencrypted connection canceled")); - return; - } - s.setAccountValue("ShowNoClientSslWarning", false); - } - } - QTcpSocket *socket = new QTcpSocket(this); -#endif #ifndef QT_NO_NETWORKPROXY QNetworkProxy proxy; proxy.setType(_account.proxyType()); - if (_account.proxyType() == QNetworkProxy::Socks5Proxy || - _account.proxyType() == QNetworkProxy::HttpProxy) { + if (_account.proxyType() == QNetworkProxy::Socks5Proxy || _account.proxyType() == QNetworkProxy::HttpProxy) { proxy.setHostName(_account.proxyHostName()); proxy.setPort(_account.proxyPort()); proxy.setUser(_account.proxyUser()); @@ -90,7 +62,8 @@ void ClientAuthHandler::connectToCore() if (_account.proxyType() == QNetworkProxy::DefaultProxy) { QNetworkProxyFactory::setUseSystemConfiguration(true); - } else { + } + else { QNetworkProxyFactory::setUseSystemConfiguration(false); socket->setProxy(proxy); } @@ -105,39 +78,38 @@ void ClientAuthHandler::connectToCore() socket->connectToHost(_account.hostName(), _account.port()); } - void ClientAuthHandler::onSocketStateChanged(QAbstractSocket::SocketState socketState) { QString text; - switch(socketState) { - case QAbstractSocket::HostLookupState: - if (!_legacy) - text = tr("Looking up %1...").arg(_account.hostName()); - break; - case QAbstractSocket::ConnectingState: - if (!_legacy) - text = tr("Connecting to %1...").arg(_account.hostName()); - break; - case QAbstractSocket::ConnectedState: - text = tr("Connected to %1").arg(_account.hostName()); - break; - case QAbstractSocket::ClosingState: - if (!_probing) - text = tr("Disconnecting from %1...").arg(_account.hostName()); - break; - case QAbstractSocket::UnconnectedState: - if (!_probing) { - text = tr("Disconnected"); - // Ensure the disconnected() signal is sent even if we haven't reached the Connected state yet. - // The baseclass implementation will make sure to only send the signal once. - // However, we do want to prefer a potential socket error signal that may be on route already, so - // give this a chance to overtake us by spinning the loop... - QTimer::singleShot(0, this, &ClientAuthHandler::onSocketDisconnected); - } - break; - default: - break; + switch (socketState) { + case QAbstractSocket::HostLookupState: + if (!_legacy) + text = tr("Looking up %1...").arg(_account.hostName()); + break; + case QAbstractSocket::ConnectingState: + if (!_legacy) + text = tr("Connecting to %1...").arg(_account.hostName()); + break; + case QAbstractSocket::ConnectedState: + text = tr("Connected to %1").arg(_account.hostName()); + break; + case QAbstractSocket::ClosingState: + if (!_probing) + text = tr("Disconnecting from %1...").arg(_account.hostName()); + break; + case QAbstractSocket::UnconnectedState: + if (!_probing) { + text = tr("Disconnected"); + // Ensure the disconnected() signal is sent even if we haven't reached the Connected state yet. + // The baseclass implementation will make sure to only send the signal once. + // However, we do want to prefer a potential socket error signal that may be on route already, so + // give this a chance to overtake us by spinning the loop... + QTimer::singleShot(0, this, &ClientAuthHandler::onSocketDisconnected); + } + break; + default: + break; } if (!text.isEmpty()) { @@ -152,11 +124,10 @@ void ClientAuthHandler::onSocketError(QAbstractSocket::SocketError error) return; } - _probing = false; // all other errors are unrelated to probing and should be handled + _probing = false; // all other errors are unrelated to probing and should be handled AuthHandler::onSocketError(error); } - void ClientAuthHandler::onSocketDisconnected() { if (_probing && _legacy) { @@ -171,7 +142,6 @@ void ClientAuthHandler::onSocketDisconnected() AuthHandler::onSocketDisconnected(); } - void ClientAuthHandler::onSocketConnected() { if (_peer) { @@ -185,14 +155,11 @@ void ClientAuthHandler::onSocketConnected() // First connection attempt, try probing for a capable core _probing = true; - QDataStream stream(socket()); // stream handles the endianness for us + QDataStream stream(socket()); // stream handles the endianness for us stream.setVersion(QDataStream::Qt_4_2); quint32 magic = Protocol::magic; -#ifdef HAVE_SSL - if (_account.useSsl()) - magic |= Protocol::Encryption; -#endif + magic |= Protocol::Encryption; magic |= Protocol::Compression; stream << magic; @@ -201,13 +168,13 @@ void ClientAuthHandler::onSocketConnected() PeerFactory::ProtoList protos = PeerFactory::supportedProtocols(); for (int i = 0; i < protos.count(); ++i) { quint32 reply = protos[i].first; - reply |= protos[i].second<<8; + reply |= protos[i].second << 8; if (i == protos.count() - 1) - reply |= 0x80000000; // end list + reply |= 0x80000000; // end list stream << reply; } - socket()->flush(); // make sure the probing data is sent immediately + socket()->flush(); // make sure the probing data is sent immediately return; } @@ -215,32 +182,35 @@ void ClientAuthHandler::onSocketConnected() qDebug() << "Legacy core detected, switching to compatibility mode"; - auto *peer = PeerFactory::createPeer(PeerFactory::ProtoDescriptor(Protocol::LegacyProtocol, 0), this, socket(), Compressor::NoCompression, this); + auto* peer = PeerFactory::createPeer(PeerFactory::ProtoDescriptor(Protocol::LegacyProtocol, 0), + this, + socket(), + Compressor::NoCompression, + this); // Only needed for the legacy peer, as all others check the protocol version before instantiation connect(peer, &RemotePeer::protocolVersionMismatch, this, &ClientAuthHandler::onProtocolVersionMismatch); setPeer(peer); } - void ClientAuthHandler::onReadyRead() { if (socket()->bytesAvailable() < 4) return; if (!_probing) - return; // make sure to not read more data than needed + return; // make sure to not read more data than needed _probing = false; disconnect(socket(), &QIODevice::readyRead, this, &ClientAuthHandler::onReadyRead); quint32 reply; - socket()->read((char *)&reply, 4); + socket()->read((char*)&reply, 4); reply = qFromBigEndian(reply); auto type = static_cast(reply & 0xff); - auto protoFeatures = static_cast(reply>>8 & 0xffff); - _connectionFeatures = static_cast(reply>>24); + auto protoFeatures = static_cast(reply >> 8 & 0xffff); + _connectionFeatures = static_cast(reply >> 24); Compressor::CompressionLevel level; if (_connectionFeatures & Protocol::Compression) @@ -248,7 +218,7 @@ void ClientAuthHandler::onReadyRead() else level = Compressor::NoCompression; - RemotePeer *peer = PeerFactory::createPeer(PeerFactory::ProtoDescriptor(type, protoFeatures), this, socket(), level, this); + RemotePeer* peer = PeerFactory::createPeer(PeerFactory::ProtoDescriptor(type, protoFeatures), this, socket(), level, this); if (!peer) { qWarning() << "No valid protocol supported for this core!"; emit errorPopup(tr("Incompatible Quassel Core!
" @@ -266,16 +236,15 @@ void ClientAuthHandler::onReadyRead() setPeer(peer); } - void ClientAuthHandler::onProtocolVersionMismatch(int actual, int expected) { emit errorPopup(tr("The Quassel Core you are trying to connect to is too old!
" - "We need at least protocol v%1, but the core speaks v%2 only.").arg(expected, actual)); + "We need at least protocol v%1, but the core speaks v%2 only.") + .arg(expected, actual)); requestDisconnect(tr("Incompatible protocol version, connection to core refused")); } - -void ClientAuthHandler::setPeer(RemotePeer *peer) +void ClientAuthHandler::setPeer(RemotePeer* peer) { qDebug().nospace() << "Using " << qPrintable(peer->protocolName()) << "..."; @@ -283,36 +252,27 @@ void ClientAuthHandler::setPeer(RemotePeer *peer) connect(_peer, &RemotePeer::transferProgress, this, &ClientAuthHandler::transferProgress); // The legacy protocol enables SSL later, after registration - if (!_account.useSsl() || _legacy) + if (_legacy) startRegistration(); // otherwise, do it now else checkAndEnableSsl(_connectionFeatures & Protocol::Encryption); } - void ClientAuthHandler::startRegistration() { emit statusMessage(tr("Synchronizing to core...")); - // useSsl will be ignored by non-legacy peers - bool useSsl = false; -#ifdef HAVE_SSL - useSsl = _account.useSsl(); -#endif - - _peer->dispatch(RegisterClient(Quassel::Features{}, Quassel::buildInfo().fancyVersionString, Quassel::buildInfo().commitDate, useSsl)); + _peer->dispatch(Protocol::RegisterClient(Quassel::Features{}, Quassel::buildInfo().fancyVersionString, Quassel::buildInfo().commitDate)); } - -void ClientAuthHandler::handle(const ClientDenied &msg) +void ClientAuthHandler::handle(const Protocol::ClientDenied& msg) { emit errorPopup(msg.errorString); requestDisconnect(tr("The core refused connection from this client")); } - -void ClientAuthHandler::handle(const ClientRegistered &msg) +void ClientAuthHandler::handle(const Protocol::ClientRegistered& msg) { _coreConfigured = msg.coreConfigured; _backendInfo = msg.backendInfo; @@ -321,22 +281,21 @@ void ClientAuthHandler::handle(const ClientRegistered &msg) _peer->setFeatures(std::move(msg.features)); // The legacy protocol enables SSL at this point - if(_legacy && _account.useSsl()) + if (_legacy) checkAndEnableSsl(msg.sslSupported); else onConnectionReady(); } - void ClientAuthHandler::onConnectionReady() { - const auto &coreFeatures = _peer->features(); + const auto& coreFeatures = _peer->features(); auto unsupported = coreFeatures.toStringList(false); if (!unsupported.isEmpty()) { - quInfo() << qPrintable(tr("Core does not support the following features: %1").arg(unsupported.join(", "))); + qInfo() << qPrintable(tr("Core does not support the following features: %1").arg(unsupported.join(", "))); } if (!coreFeatures.unknownFeatures().isEmpty()) { - quInfo() << qPrintable(tr("Core supports unknown features: %1").arg(coreFeatures.unknownFeatures().join(", "))); + qInfo() << qPrintable(tr("Core supports unknown features: %1").arg(coreFeatures.unknownFeatures().join(", "))); } emit connectionReady(); @@ -346,32 +305,28 @@ void ClientAuthHandler::onConnectionReady() // start wizard emit startCoreSetup(_backendInfo, _authenticatorInfo); } - else // TODO: check if we need LoginEnabled + else // TODO: check if we need LoginEnabled login(); } - -void ClientAuthHandler::setupCore(const SetupData &setupData) +void ClientAuthHandler::setupCore(const Protocol::SetupData& setupData) { _peer->dispatch(setupData); } - -void ClientAuthHandler::handle(const SetupFailed &msg) +void ClientAuthHandler::handle(const Protocol::SetupFailed& msg) { emit coreSetupFailed(msg.errorString); } - -void ClientAuthHandler::handle(const SetupDone &msg) +void ClientAuthHandler::handle(const Protocol::SetupDone& msg) { Q_UNUSED(msg) emit coreSetupSuccessful(); } - -void ClientAuthHandler::login(const QString &user, const QString &password, bool remember) +void ClientAuthHandler::login(const QString& user, const QString& password, bool remember) { _account.setUser(user); _account.setPassword(password); @@ -379,66 +334,56 @@ void ClientAuthHandler::login(const QString &user, const QString &password, bool login(); } - -void ClientAuthHandler::login(const QString &previousError) +void ClientAuthHandler::login(const QString& previousError) { emit statusMessage(tr("Logging in...")); if (_account.user().isEmpty() || _account.password().isEmpty() || !previousError.isEmpty()) { bool valid = false; - emit userAuthenticationRequired(&_account, &valid, previousError); // *must* be a synchronous call + emit userAuthenticationRequired(&_account, &valid, previousError); // *must* be a synchronous call if (!valid || _account.user().isEmpty() || _account.password().isEmpty()) { requestDisconnect(tr("Login canceled")); return; } } - _peer->dispatch(Login(_account.user(), _account.password())); + _peer->dispatch(Protocol::Login(_account.user(), _account.password())); } - -void ClientAuthHandler::handle(const LoginFailed &msg) +void ClientAuthHandler::handle(const Protocol::LoginFailed& msg) { login(msg.errorString); } - -void ClientAuthHandler::handle(const LoginSuccess &msg) +void ClientAuthHandler::handle(const Protocol::LoginSuccess& msg) { Q_UNUSED(msg) emit loginSuccessful(_account); } - -void ClientAuthHandler::handle(const SessionState &msg) +void ClientAuthHandler::handle(const Protocol::SessionState& msg) { - disconnect(socket(), nullptr, this, nullptr); // this is the last message we shall ever get + disconnect(socket(), nullptr, this, nullptr); // this is the last message we shall ever get // give up ownership of the peer; CoreSession takes responsibility now _peer->setParent(nullptr); emit handshakeComplete(_peer, msg); } - /*** SSL Stuff ***/ void ClientAuthHandler::checkAndEnableSsl(bool coreSupportsSsl) { -#ifndef HAVE_SSL - Q_UNUSED(coreSupportsSsl); -#else CoreAccountSettings s; - if (coreSupportsSsl && _account.useSsl()) { + if (coreSupportsSsl) { // Make sure the warning is shown next time we don't have SSL in the core s.setAccountValue("ShowNoCoreSslWarning", true); - auto *sslSocket = qobject_cast(socket()); - Q_ASSERT(sslSocket); - connect(sslSocket, &QSslSocket::encrypted, this, &ClientAuthHandler::onSslSocketEncrypted); - connect(sslSocket, selectOverload&>(&QSslSocket::sslErrors), this, &ClientAuthHandler::onSslErrors); + connect(socket(), &QSslSocket::encrypted, this, &ClientAuthHandler::onSslSocketEncrypted); + connect(socket(), selectOverload&>(&QSslSocket::sslErrors), this, &ClientAuthHandler::onSslErrors); qDebug() << "Starting encryption..."; - sslSocket->flush(); - sslSocket->startClientEncryption(); + socket()->flush(); + socket()->startClientEncryption(); } else { if (s.accountValue("ShowNoCoreSslWarning", true).toBool()) { @@ -457,14 +402,12 @@ void ClientAuthHandler::checkAndEnableSsl(bool coreSupportsSsl) else startRegistration(); } -#endif } -#ifdef HAVE_SSL void ClientAuthHandler::onSslSocketEncrypted() { - auto *socket = qobject_cast(sender()); + auto* socket = qobject_cast(sender()); Q_ASSERT(socket); if (!socket->sslErrors().count()) { @@ -483,24 +426,21 @@ void ClientAuthHandler::onSslSocketEncrypted() startRegistration(); } - void ClientAuthHandler::onSslErrors() { - auto *socket = qobject_cast(sender()); - Q_ASSERT(socket); - CoreAccountSettings s; QByteArray knownDigest = s.accountValue("SslCert").toByteArray(); - ClientAuthHandler::DigestVersion knownDigestVersion = static_cast(s.accountValue("SslCertDigestVersion").toInt()); + ClientAuthHandler::DigestVersion knownDigestVersion = static_cast( + s.accountValue("SslCertDigestVersion").toInt()); QByteArray calculatedDigest; switch (knownDigestVersion) { case ClientAuthHandler::DigestVersion::Md5: - calculatedDigest = socket->peerCertificate().digest(QCryptographicHash::Md5); + calculatedDigest = socket()->peerCertificate().digest(QCryptographicHash::Md5); break; case ClientAuthHandler::DigestVersion::Sha2_512: - calculatedDigest = socket->peerCertificate().digest(QCryptographicHash::Sha512); + calculatedDigest = socket()->peerCertificate().digest(QCryptographicHash::Sha512); break; default: @@ -510,7 +450,7 @@ void ClientAuthHandler::onSslErrors() if (knownDigest != calculatedDigest) { bool accepted = false; bool permanently = false; - emit handleSslErrors(socket, &accepted, &permanently); + emit handleSslErrors(socket(), &accepted, &permanently); if (!accepted) { requestDisconnect(tr("Unencrypted connection canceled")); @@ -518,7 +458,7 @@ void ClientAuthHandler::onSslErrors() } if (permanently) { - s.setAccountValue("SslCert", socket->peerCertificate().digest(QCryptographicHash::Sha512)); + s.setAccountValue("SslCert", socket()->peerCertificate().digest(QCryptographicHash::Sha512)); s.setAccountValue("SslCertDigestVersion", ClientAuthHandler::DigestVersion::Latest); } else { @@ -527,11 +467,9 @@ void ClientAuthHandler::onSslErrors() } } else if (knownDigestVersion != ClientAuthHandler::DigestVersion::Latest) { - s.setAccountValue("SslCert", socket->peerCertificate().digest(QCryptographicHash::Sha512)); + s.setAccountValue("SslCert", socket()->peerCertificate().digest(QCryptographicHash::Sha512)); s.setAccountValue("SslCertDigestVersion", ClientAuthHandler::DigestVersion::Latest); } - socket->ignoreSslErrors(); + socket()->ignoreSslErrors(); } - -#endif /* HAVE_SSL */