X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=blobdiff_plain;f=src%2Fclient%2Fclientauthhandler.cpp;h=68f545ee06c2b3b8b9266a2933731aa057c71ec5;hp=d5112d161b67dcff749c27c4c139af8ca13e1271;hb=fcacaaf16551524c7ebb6114254d005274cc3d63;hpb=e095b7d97b0e794083801878d7c15b3a43dc38b0

diff --git a/src/client/clientauthhandler.cpp b/src/client/clientauthhandler.cpp
index d5112d16..68f545ee 100644
--- a/src/client/clientauthhandler.cpp
+++ b/src/client/clientauthhandler.cpp
@@ -1,5 +1,5 @@
 /***************************************************************************
- *   Copyright (C) 2005-2014 by the Quassel Project                        *
+ *   Copyright (C) 2005-2018 by the Quassel Project                        *
  *   devel@quassel-irc.org                                                 *
  *                                                                         *
  *   This program is free software; you can redistribute it and/or modify  *
@@ -20,8 +20,6 @@
 
 #include "clientauthhandler.h"
 
-// TODO: support system application proxy (new in Qt 4.6)
-
 #include <QtEndian>
 
 #ifdef HAVE_SSL
@@ -32,13 +30,14 @@
 
 #include "client.h"
 #include "clientsettings.h"
+#include "logmessage.h"
 #include "peerfactory.h"
 
 using namespace Protocol;
 
 ClientAuthHandler::ClientAuthHandler(CoreAccount account, QObject *parent)
     : AuthHandler(parent),
-    _peer(0),
+    _peer(nullptr),
     _account(account),
     _probing(false),
     _legacy(false),
@@ -48,12 +47,18 @@ ClientAuthHandler::ClientAuthHandler(CoreAccount account, QObject *parent)
 }
 
 
+Peer *ClientAuthHandler::peer() const
+{
+    return _peer;
+}
+
+
 void ClientAuthHandler::connectToCore()
 {
     CoreAccountSettings s;
 
 #ifdef HAVE_SSL
-    QSslSocket *socket = new QSslSocket(this);
+    auto *socket = new QSslSocket(this);
     // make sure the warning is shown if we happen to connect without SSL support later
     s.setAccountValue("ShowNoClientSslWarning", true);
 #else
@@ -71,18 +76,29 @@ void ClientAuthHandler::connectToCore()
     QTcpSocket *socket = new QTcpSocket(this);
 #endif
 
-// TODO: Handle system proxy
 #ifndef QT_NO_NETWORKPROXY
-    if (_account.useProxy()) {
-        QNetworkProxy proxy(_account.proxyType(), _account.proxyHostName(), _account.proxyPort(), _account.proxyUser(), _account.proxyPassword());
+    QNetworkProxy proxy;
+    proxy.setType(_account.proxyType());
+    if (_account.proxyType() == QNetworkProxy::Socks5Proxy ||
+            _account.proxyType() == QNetworkProxy::HttpProxy) {
+        proxy.setHostName(_account.proxyHostName());
+        proxy.setPort(_account.proxyPort());
+        proxy.setUser(_account.proxyUser());
+        proxy.setPassword(_account.proxyPassword());
+    }
+
+    if (_account.proxyType() == QNetworkProxy::DefaultProxy) {
+        QNetworkProxyFactory::setUseSystemConfiguration(true);
+    } else {
+        QNetworkProxyFactory::setUseSystemConfiguration(false);
         socket->setProxy(proxy);
     }
 #endif
 
     setSocket(socket);
-    connect(socket, SIGNAL(stateChanged(QAbstractSocket::SocketState)), SLOT(onSocketStateChanged(QAbstractSocket::SocketState)));
-    connect(socket, SIGNAL(readyRead()), SLOT(onReadyRead()));
-    connect(socket, SIGNAL(connected()), SLOT(onSocketConnected()));
+    connect(socket, &QAbstractSocket::stateChanged, this, &ClientAuthHandler::onSocketStateChanged);
+    connect(socket, &QIODevice::readyRead, this, &ClientAuthHandler::onReadyRead);
+    connect(socket, &QAbstractSocket::connected, this, &ClientAuthHandler::onSocketConnected);
 
     emit statusMessage(tr("Connecting to %1...").arg(_account.accountName()));
     socket->connectToHost(_account.hostName(), _account.port());
@@ -145,7 +161,7 @@ void ClientAuthHandler::onSocketDisconnected()
     if (_probing && _legacy) {
         // Remote host has closed the connection while probing
         _probing = false;
-        disconnect(socket(), SIGNAL(readyRead()), this, SLOT(onReadyRead()));
+        disconnect(socket(), &QIODevice::readyRead, this, &ClientAuthHandler::onReadyRead);
         emit statusMessage(tr("Reconnecting in compatibility mode..."));
         socket()->connectToHost(_account.hostName(), _account.port());
         return;
@@ -169,6 +185,7 @@ void ClientAuthHandler::onSocketConnected()
         _probing = true;
 
         QDataStream stream(socket()); // stream handles the endianness for us
+        stream.setVersion(QDataStream::Qt_4_2);
 
         quint32 magic = Protocol::magic;
 #ifdef HAVE_SSL
@@ -214,14 +231,14 @@ void ClientAuthHandler::onReadyRead()
         return; // make sure to not read more data than needed
 
     _probing = false;
-    disconnect(socket(), SIGNAL(readyRead()), this, SLOT(onReadyRead()));
+    disconnect(socket(), &QIODevice::readyRead, this, &ClientAuthHandler::onReadyRead);
 
     quint32 reply;
     socket()->read((char *)&reply, 4);
     reply = qFromBigEndian<quint32>(reply);
 
-    Protocol::Type type = static_cast<Protocol::Type>(reply & 0xff);
-    quint16 protoFeatures = static_cast<quint16>(reply>>8 & 0xffff);
+    auto type = static_cast<Protocol::Type>(reply & 0xff);
+    auto protoFeatures = static_cast<quint16>(reply>>8 & 0xffff);
     _connectionFeatures = static_cast<quint8>(reply>>24);
 
     Compressor::CompressionLevel level;
@@ -262,7 +279,7 @@ void ClientAuthHandler::setPeer(RemotePeer *peer)
     qDebug().nospace() << "Using " << qPrintable(peer->protocolName()) << "...";
 
     _peer = peer;
-    connect(_peer, SIGNAL(transferProgress(int,int)), SIGNAL(transferProgress(int,int)));
+    connect(_peer, &RemotePeer::transferProgress, this, &ClientAuthHandler::transferProgress);
 
     // The legacy protocol enables SSL later, after registration
     if (!_account.useSsl() || _legacy)
@@ -283,7 +300,7 @@ void ClientAuthHandler::startRegistration()
     useSsl = _account.useSsl();
 #endif
 
-    _peer->dispatch(RegisterClient(Quassel::buildInfo().fancyVersionString, Quassel::buildInfo().buildDate, useSsl));
+    _peer->dispatch(RegisterClient(Quassel::Features{}, Quassel::buildInfo().fancyVersionString, Quassel::buildInfo().commitDate, useSsl));
 }
 
 
@@ -298,8 +315,9 @@ void ClientAuthHandler::handle(const ClientRegistered &msg)
 {
     _coreConfigured = msg.coreConfigured;
     _backendInfo = msg.backendInfo;
+    _authenticatorInfo = msg.authenticatorInfo;
 
-    Client::setCoreFeatures(static_cast<Quassel::Features>(msg.coreFeatures));
+    _peer->setFeatures(std::move(msg.features));
 
     // The legacy protocol enables SSL at this point
     if(_legacy && _account.useSsl())
@@ -311,12 +329,21 @@ void ClientAuthHandler::handle(const ClientRegistered &msg)
 
 void ClientAuthHandler::onConnectionReady()
 {
+    const auto &coreFeatures = _peer->features();
+    auto unsupported = coreFeatures.toStringList(false);
+    if (!unsupported.isEmpty()) {
+        quInfo() << qPrintable(tr("Core does not support the following features: %1").arg(unsupported.join(", ")));
+    }
+    if (!coreFeatures.unknownFeatures().isEmpty()) {
+        quInfo() << qPrintable(tr("Core supports unknown features: %1").arg(coreFeatures.unknownFeatures().join(", ")));
+    }
+
     emit connectionReady();
     emit statusMessage(tr("Connected to %1").arg(_account.accountName()));
 
     if (!_coreConfigured) {
         // start wizard
-        emit startCoreSetup(_backendInfo);
+        emit startCoreSetup(_backendInfo, _authenticatorInfo);
     }
     else // TODO: check if we need LoginEnabled
         login();
@@ -384,10 +411,10 @@ void ClientAuthHandler::handle(const LoginSuccess &msg)
 
 void ClientAuthHandler::handle(const SessionState &msg)
 {
-    disconnect(socket(), 0, this, 0); // this is the last message we shall ever get
+    disconnect(socket(), nullptr, this, nullptr); // this is the last message we shall ever get
 
     // give up ownership of the peer; CoreSession takes responsibility now
-    _peer->setParent(0);
+    _peer->setParent(nullptr);
     emit handshakeComplete(_peer, msg);
 }
 
@@ -404,9 +431,9 @@ void ClientAuthHandler::checkAndEnableSsl(bool coreSupportsSsl)
         // Make sure the warning is shown next time we don't have SSL in the core
         s.setAccountValue("ShowNoCoreSslWarning", true);
 
-        QSslSocket *sslSocket = qobject_cast<QSslSocket *>(socket());
+        auto *sslSocket = qobject_cast<QSslSocket *>(socket());
         Q_ASSERT(sslSocket);
-        connect(sslSocket, SIGNAL(encrypted()), SLOT(onSslSocketEncrypted()));
+        connect(sslSocket, &QSslSocket::encrypted, this, &ClientAuthHandler::onSslSocketEncrypted);
         connect(sslSocket, SIGNAL(sslErrors(QList<QSslError>)), SLOT(onSslErrors()));
         qDebug() << "Starting encryption...";
         sslSocket->flush();
@@ -422,6 +449,7 @@ void ClientAuthHandler::checkAndEnableSsl(bool coreSupportsSsl)
             }
             s.setAccountValue("ShowNoCoreSslWarning", false);
             s.setAccountValue("SslCert", QString());
+            s.setAccountValue("SslCertDigestVersion", QVariant(QVariant::Int));
         }
         if (_legacy)
             onConnectionReady();
@@ -435,7 +463,7 @@ void ClientAuthHandler::checkAndEnableSsl(bool coreSupportsSsl)
 
 void ClientAuthHandler::onSslSocketEncrypted()
 {
-    QSslSocket *socket = qobject_cast<QSslSocket *>(sender());
+    auto *socket = qobject_cast<QSslSocket *>(sender());
     Q_ASSERT(socket);
 
     if (!socket->sslErrors().count()) {
@@ -443,6 +471,7 @@ void ClientAuthHandler::onSslSocketEncrypted()
         // That way, a warning will appear in case it becomes invalid at some point
         CoreAccountSettings s;
         s.setAccountValue("SSLCert", QString());
+        s.setAccountValue("SslCertDigestVersion", QVariant(QVariant::Int));
     }
 
     emit encrypted(true);
@@ -456,13 +485,28 @@ void ClientAuthHandler::onSslSocketEncrypted()
 
 void ClientAuthHandler::onSslErrors()
 {
-    QSslSocket *socket = qobject_cast<QSslSocket *>(sender());
+    auto *socket = qobject_cast<QSslSocket *>(sender());
     Q_ASSERT(socket);
 
     CoreAccountSettings s;
     QByteArray knownDigest = s.accountValue("SslCert").toByteArray();
+    ClientAuthHandler::DigestVersion knownDigestVersion = static_cast<ClientAuthHandler::DigestVersion>(s.accountValue("SslCertDigestVersion").toInt());
+
+    QByteArray calculatedDigest;
+    switch (knownDigestVersion) {
+    case ClientAuthHandler::DigestVersion::Md5:
+        calculatedDigest = socket->peerCertificate().digest(QCryptographicHash::Md5);
+        break;
+
+    case ClientAuthHandler::DigestVersion::Sha2_512:
+        calculatedDigest = socket->peerCertificate().digest(QCryptographicHash::Sha512);
+        break;
+
+    default:
+        qWarning() << "Certificate digest version" << QString(knownDigestVersion) << "is not supported";
+    }
 
-    if (knownDigest != socket->peerCertificate().digest()) {
+    if (knownDigest != calculatedDigest) {
         bool accepted = false;
         bool permanently = false;
         emit handleSslErrors(socket, &accepted, &permanently);
@@ -472,10 +516,18 @@ void ClientAuthHandler::onSslErrors()
             return;
         }
 
-        if (permanently)
-            s.setAccountValue("SslCert", socket->peerCertificate().digest());
-        else
+        if (permanently) {
+            s.setAccountValue("SslCert", socket->peerCertificate().digest(QCryptographicHash::Sha512));
+            s.setAccountValue("SslCertDigestVersion", ClientAuthHandler::DigestVersion::Latest);
+        }
+        else {
             s.setAccountValue("SslCert", QString());
+            s.setAccountValue("SslCertDigestVersion", QVariant(QVariant::Int));
+        }
+    }
+    else if (knownDigestVersion != ClientAuthHandler::DigestVersion::Latest) {
+        s.setAccountValue("SslCert", socket->peerCertificate().digest(QCryptographicHash::Sha512));
+        s.setAccountValue("SslCertDigestVersion", ClientAuthHandler::DigestVersion::Latest);
     }
 
     socket->ignoreSslErrors();