X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=blobdiff_plain;f=src%2Fclient%2Fclientauthhandler.cpp;h=a3fc870d84343b761329fb683acd0bc5093f0070;hp=415a7ddbe44010e552210e1ae16608e8da1c05f5;hb=39328183a6a87c6eb10a9dbbffcd5d65bf154a1f;hpb=d1bf207d30fe62a15d0e8669d186374c68e6eae8 diff --git a/src/client/clientauthhandler.cpp b/src/client/clientauthhandler.cpp index 415a7ddb..a3fc870d 100644 --- a/src/client/clientauthhandler.cpp +++ b/src/client/clientauthhandler.cpp @@ -1,5 +1,5 @@ /*************************************************************************** - * Copyright (C) 2005-2014 by the Quassel Project * + * Copyright (C) 2005-2018 by the Quassel Project * * devel@quassel-irc.org * * * * This program is free software; you can redistribute it and/or modify * @@ -20,8 +20,6 @@ #include "clientauthhandler.h" -// TODO: support system application proxy (new in Qt 4.6) - #include #ifdef HAVE_SSL @@ -32,15 +30,14 @@ #include "client.h" #include "clientsettings.h" +#include "logmessage.h" #include "peerfactory.h" -#include "protocols/legacy/legacypeer.h" - using namespace Protocol; ClientAuthHandler::ClientAuthHandler(CoreAccount account, QObject *parent) : AuthHandler(parent), - _peer(0), + _peer(nullptr), _account(account), _probing(false), _legacy(false), @@ -50,6 +47,12 @@ ClientAuthHandler::ClientAuthHandler(CoreAccount account, QObject *parent) } +Peer *ClientAuthHandler::peer() const +{ + return _peer; +} + + void ClientAuthHandler::connectToCore() { CoreAccountSettings s; @@ -73,10 +76,21 @@ void ClientAuthHandler::connectToCore() QTcpSocket *socket = new QTcpSocket(this); #endif -// TODO: Handle system proxy #ifndef QT_NO_NETWORKPROXY - if (_account.useProxy()) { - QNetworkProxy proxy(_account.proxyType(), _account.proxyHostName(), _account.proxyPort(), _account.proxyUser(), _account.proxyPassword()); + QNetworkProxy proxy; + proxy.setType(_account.proxyType()); + if (_account.proxyType() == QNetworkProxy::Socks5Proxy || + _account.proxyType() == QNetworkProxy::HttpProxy) { + proxy.setHostName(_account.proxyHostName()); + proxy.setPort(_account.proxyPort()); + proxy.setUser(_account.proxyUser()); + proxy.setPassword(_account.proxyPassword()); + } + + if (_account.proxyType() == QNetworkProxy::DefaultProxy) { + QNetworkProxyFactory::setUseSystemConfiguration(true); + } else { + QNetworkProxyFactory::setUseSystemConfiguration(false); socket->setProxy(proxy); } #endif @@ -116,7 +130,9 @@ void ClientAuthHandler::onSocketStateChanged(QAbstractSocket::SocketState socket text = tr("Disconnected"); // Ensure the disconnected() signal is sent even if we haven't reached the Connected state yet. // The baseclass implementation will make sure to only send the signal once. - onSocketDisconnected(); + // However, we do want to prefer a potential socket error signal that may be on route already, so + // give this a chance to overtake us by spinning the loop... + QTimer::singleShot(0, this, SLOT(onSocketDisconnected())); } break; default: @@ -169,18 +185,26 @@ void ClientAuthHandler::onSocketConnected() _probing = true; QDataStream stream(socket()); // stream handles the endianness for us + stream.setVersion(QDataStream::Qt_4_2); quint32 magic = Protocol::magic; #ifdef HAVE_SSL if (_account.useSsl()) magic |= Protocol::Encryption; #endif - //magic |= Protocol::Compression; // not implemented yet + magic |= Protocol::Compression; stream << magic; // here goes the list of protocols we support, in order of preference - stream << ((quint32)Protocol::LegacyProtocol | 0x80000000); // end list + PeerFactory::ProtoList protos = PeerFactory::supportedProtocols(); + for (int i = 0; i < protos.count(); ++i) { + quint32 reply = protos[i].first; + reply |= protos[i].second<<8; + if (i == protos.count() - 1) + reply |= 0x80000000; // end list + stream << reply; + } socket()->flush(); // make sure the probing data is sent immediately return; @@ -190,7 +214,7 @@ void ClientAuthHandler::onSocketConnected() qDebug() << "Legacy core detected, switching to compatibility mode"; - RemotePeer *peer = new LegacyPeer(this, socket(), this); + RemotePeer *peer = PeerFactory::createPeer(PeerFactory::ProtoDescriptor(Protocol::LegacyProtocol, 0), this, socket(), Compressor::NoCompression, this); // Only needed for the legacy peer, as all others check the protocol version before instantiation connect(peer, SIGNAL(protocolVersionMismatch(int,int)), SLOT(onProtocolVersionMismatch(int,int))); @@ -217,7 +241,13 @@ void ClientAuthHandler::onReadyRead() quint16 protoFeatures = static_cast(reply>>8 & 0xffff); _connectionFeatures = static_cast(reply>>24); - RemotePeer *peer = PeerFactory::createPeer(PeerFactory::ProtoDescriptor(type, protoFeatures), this, socket(), this); + Compressor::CompressionLevel level; + if (_connectionFeatures & Protocol::Compression) + level = Compressor::BestCompression; + else + level = Compressor::NoCompression; + + RemotePeer *peer = PeerFactory::createPeer(PeerFactory::ProtoDescriptor(type, protoFeatures), this, socket(), level, this); if (!peer) { qWarning() << "No valid protocol supported for this core!"; emit errorPopup(tr("Incompatible Quassel Core!
" @@ -246,6 +276,8 @@ void ClientAuthHandler::onProtocolVersionMismatch(int actual, int expected) void ClientAuthHandler::setPeer(RemotePeer *peer) { + qDebug().nospace() << "Using " << qPrintable(peer->protocolName()) << "..."; + _peer = peer; connect(_peer, SIGNAL(transferProgress(int,int)), SIGNAL(transferProgress(int,int))); @@ -268,7 +300,7 @@ void ClientAuthHandler::startRegistration() useSsl = _account.useSsl(); #endif - _peer->dispatch(RegisterClient(Quassel::buildInfo().fancyVersionString, useSsl)); + _peer->dispatch(RegisterClient(Quassel::Features{}, Quassel::buildInfo().fancyVersionString, Quassel::buildInfo().commitDate, useSsl)); } @@ -283,8 +315,9 @@ void ClientAuthHandler::handle(const ClientRegistered &msg) { _coreConfigured = msg.coreConfigured; _backendInfo = msg.backendInfo; + _authenticatorInfo = msg.authenticatorInfo; - Client::setCoreFeatures(static_cast(msg.coreFeatures)); + _peer->setFeatures(std::move(msg.features)); // The legacy protocol enables SSL at this point if(_legacy && _account.useSsl()) @@ -296,12 +329,21 @@ void ClientAuthHandler::handle(const ClientRegistered &msg) void ClientAuthHandler::onConnectionReady() { + const auto &coreFeatures = _peer->features(); + auto unsupported = coreFeatures.toStringList(false); + if (!unsupported.isEmpty()) { + quInfo() << qPrintable(tr("Core does not support the following features: %1").arg(unsupported.join(", "))); + } + if (!coreFeatures.unknownFeatures().isEmpty()) { + quInfo() << qPrintable(tr("Core supports unknown features: %1").arg(coreFeatures.unknownFeatures().join(", "))); + } + emit connectionReady(); emit statusMessage(tr("Connected to %1").arg(_account.accountName())); if (!_coreConfigured) { // start wizard - emit startCoreSetup(_backendInfo); + emit startCoreSetup(_backendInfo, _authenticatorInfo); } else // TODO: check if we need LoginEnabled login(); @@ -369,10 +411,10 @@ void ClientAuthHandler::handle(const LoginSuccess &msg) void ClientAuthHandler::handle(const SessionState &msg) { - disconnect(socket(), 0, this, 0); // this is the last message we shall ever get + disconnect(socket(), nullptr, this, nullptr); // this is the last message we shall ever get // give up ownership of the peer; CoreSession takes responsibility now - _peer->setParent(0); + _peer->setParent(nullptr); emit handshakeComplete(_peer, msg); } @@ -407,6 +449,7 @@ void ClientAuthHandler::checkAndEnableSsl(bool coreSupportsSsl) } s.setAccountValue("ShowNoCoreSslWarning", false); s.setAccountValue("SslCert", QString()); + s.setAccountValue("SslCertDigestVersion", QVariant(QVariant::Int)); } if (_legacy) onConnectionReady(); @@ -428,6 +471,7 @@ void ClientAuthHandler::onSslSocketEncrypted() // That way, a warning will appear in case it becomes invalid at some point CoreAccountSettings s; s.setAccountValue("SSLCert", QString()); + s.setAccountValue("SslCertDigestVersion", QVariant(QVariant::Int)); } emit encrypted(true); @@ -446,8 +490,23 @@ void ClientAuthHandler::onSslErrors() CoreAccountSettings s; QByteArray knownDigest = s.accountValue("SslCert").toByteArray(); + ClientAuthHandler::DigestVersion knownDigestVersion = static_cast(s.accountValue("SslCertDigestVersion").toInt()); - if (knownDigest != socket->peerCertificate().digest()) { + QByteArray calculatedDigest; + switch (knownDigestVersion) { + case ClientAuthHandler::DigestVersion::Md5: + calculatedDigest = socket->peerCertificate().digest(QCryptographicHash::Md5); + break; + + case ClientAuthHandler::DigestVersion::Sha2_512: + calculatedDigest = socket->peerCertificate().digest(QCryptographicHash::Sha512); + break; + + default: + qWarning() << "Certificate digest version" << QString(knownDigestVersion) << "is not supported"; + } + + if (knownDigest != calculatedDigest) { bool accepted = false; bool permanently = false; emit handleSslErrors(socket, &accepted, &permanently); @@ -457,10 +516,18 @@ void ClientAuthHandler::onSslErrors() return; } - if (permanently) - s.setAccountValue("SslCert", socket->peerCertificate().digest()); - else + if (permanently) { + s.setAccountValue("SslCert", socket->peerCertificate().digest(QCryptographicHash::Sha512)); + s.setAccountValue("SslCertDigestVersion", ClientAuthHandler::DigestVersion::Latest); + } + else { s.setAccountValue("SslCert", QString()); + s.setAccountValue("SslCertDigestVersion", QVariant(QVariant::Int)); + } + } + else if (knownDigestVersion != ClientAuthHandler::DigestVersion::Latest) { + s.setAccountValue("SslCert", socket->peerCertificate().digest(QCryptographicHash::Sha512)); + s.setAccountValue("SslCertDigestVersion", ClientAuthHandler::DigestVersion::Latest); } socket->ignoreSslErrors();