X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=blobdiff_plain;f=src%2Fqtui%2Fsettingspages%2Fnetworkssettingspage.cpp;h=dfd1f62f756bad482fc7f088d688ff82e5e114e0;hp=d4fdca1f412778faf60b8e917eee67f282952c18;hb=HEAD;hpb=c144bdee0d8ab0c195b3088f5c6e57e372e526f7
diff --git a/src/qtui/settingspages/networkssettingspage.cpp b/src/qtui/settingspages/networkssettingspage.cpp
index d4fdca1f..dfd1f62f 100644
--- a/src/qtui/settingspages/networkssettingspage.cpp
+++ b/src/qtui/settingspages/networkssettingspage.cpp
@@ -1,5 +1,5 @@
/***************************************************************************
- * Copyright (C) 2005-2020 by the Quassel Project *
+ * Copyright (C) 2005-2022 by the Quassel Project *
* devel@quassel-irc.org *
* *
* This program is free software; you can redistribute it and/or modify *
@@ -358,7 +358,7 @@ void NetworksSettingsPage::setItemState(NetworkId id, QListWidgetItem* item)
void NetworksSettingsPage::resetNetworkCapStates()
{
- // Set the status to a blank (invalid) network ID, reseting all UI
+ // Set the status to a blank (invalid) network ID, resetting all UI
setNetworkCapStates(NetworkId());
}
@@ -372,11 +372,15 @@ void NetworksSettingsPage::setNetworkCapStates(NetworkId id)
if (net->connectionState() != Network::Disconnected) {
// Network exists and is connected, check available capabilities...
// [SASL]
- if (net->saslMaybeSupports(IrcCap::SaslMech::PLAIN)) {
- setSASLStatus(CapSupportStatus::MaybeSupported);
+ // Quassel switches between SASL PLAIN and SASL EXTERNAL based on the existence of an
+ // SSL certificate on the identity - check EXTERNAL if CertID exists, PLAIN if not
+ bool usingSASLExternal = displayedNetworkHasCertId();
+ if ((usingSASLExternal && net->saslMaybeSupports(IrcCap::SaslMech::EXTERNAL))
+ || (!usingSASLExternal && net->saslMaybeSupports(IrcCap::SaslMech::PLAIN))) {
+ setCapSASLStatus(CapSupportStatus::MaybeSupported, usingSASLExternal);
}
else {
- setSASLStatus(CapSupportStatus::MaybeUnsupported);
+ setCapSASLStatus(CapSupportStatus::MaybeUnsupported, usingSASLExternal);
}
// Add additional capability-dependent interface updates here
@@ -384,7 +388,7 @@ void NetworksSettingsPage::setNetworkCapStates(NetworkId id)
else {
// Network is disconnected
// [SASL]
- setSASLStatus(CapSupportStatus::Disconnected);
+ setCapSASLStatus(CapSupportStatus::Disconnected);
// Add additional capability-dependent interface updates here
}
@@ -393,7 +397,7 @@ void NetworksSettingsPage::setNetworkCapStates(NetworkId id)
// Capability negotiation is not supported and/or network doesn't exist.
// Don't assume anything and reset all capability-dependent interface elements to neutral.
// [SASL]
- setSASLStatus(CapSupportStatus::Unknown);
+ setCapSASLStatus(CapSupportStatus::Unknown);
// Add additional capability-dependent interface updates here
}
@@ -730,11 +734,12 @@ void NetworksSettingsPage::clientNetworkCapsUpdated()
}
}
-void NetworksSettingsPage::setSASLStatus(const CapSupportStatus saslStatus)
+void NetworksSettingsPage::setCapSASLStatus(const CapSupportStatus saslStatus, bool usingSASLExternal)
{
- if (_saslStatusSelected != saslStatus) {
+ if (_capSaslStatusSelected != saslStatus || _capSaslStatusUsingExternal != usingSASLExternal) {
// Update the cached copy of SASL status used with the Details dialog
- _saslStatusSelected = saslStatus;
+ _capSaslStatusSelected = saslStatus;
+ _capSaslStatusUsingExternal = usingSASLExternal;
// Update the user interface
switch (saslStatus) {
@@ -750,14 +755,23 @@ void NetworksSettingsPage::setSASLStatus(const CapSupportStatus saslStatus)
ui.saslStatusIcon->setPixmap(questionIcon.pixmap(16));
break;
case CapSupportStatus::MaybeUnsupported:
- // The network doesn't advertise support for SASL PLAIN. Here be dragons.
+ // The network doesn't advertise support for SASL PLAIN/EXTERNAL. Here be dragons.
ui.saslStatusLabel->setText(QString("%1").arg(tr("Not currently supported by network")));
ui.saslStatusIcon->setPixmap(unavailableIcon.pixmap(16));
break;
case CapSupportStatus::MaybeSupported:
- // The network advertises support for SASL PLAIN. Encourage using it!
+ // The network advertises support for SASL PLAIN/EXTERNAL. Encourage using it!
// Unfortunately we don't know for sure if it's desired or functional.
- ui.saslStatusLabel->setText(QString("%1").arg(tr("Supported by network")));
+ if (usingSASLExternal) {
+ // SASL EXTERNAL is used
+ // With SASL v3.1, it's not possible to reliably tell if SASL EXTERNAL is supported,
+ // or just SASL PLAIN. Use less assertive phrasing.
+ ui.saslStatusLabel->setText(QString("%1").arg(tr("May be supported by network")));
+ }
+ else {
+ // SASL PLAIN is used
+ ui.saslStatusLabel->setText(QString("%1").arg(tr("Supported by network")));
+ }
ui.saslStatusIcon->setPixmap(successIcon.pixmap(16));
break;
}
@@ -766,25 +780,29 @@ void NetworksSettingsPage::setSASLStatus(const CapSupportStatus saslStatus)
void NetworksSettingsPage::sslUpdated()
{
- if (_cid && !_cid->sslKey().isNull()) {
- ui.saslContents->setDisabled(true);
+ if (displayedNetworkHasCertId()) {
+ ui.saslPlainContents->setDisabled(true);
ui.saslExtInfo->setHidden(false);
}
else {
- ui.saslContents->setDisabled(false);
+ ui.saslPlainContents->setDisabled(false);
// Directly re-enabling causes the widgets to ignore the parent "Use SASL Authentication"
// state to indicate whether or not it's disabled. To workaround this, keep track of
// whether or not "Use SASL Authentication" is enabled, then quickly uncheck/recheck the
// group box.
if (!ui.sasl->isChecked()) {
- // SASL is not enabled, uncheck/recheck the group box to re-disable saslContents.
- // Leaving saslContents disabled doesn't work as that prevents it from re-enabling if
+ // SASL is not enabled, uncheck/recheck the group box to re-disable saslPlainContents.
+ // Leaving saslPlainContents disabled doesn't work as that prevents it from re-enabling if
// sasl is later checked.
ui.sasl->setChecked(true);
ui.sasl->setChecked(false);
}
ui.saslExtInfo->setHidden(true);
}
+ // Update whether SASL PLAIN or SASL EXTERNAL is used to detect SASL status
+ if (currentId != 0) {
+ setNetworkCapStates(currentId);
+ }
}
/*** Network list ***/
@@ -968,7 +986,7 @@ void NetworksSettingsPage::on_saslStatusDetails_clicked()
bool useWarningIcon = false;
// Determine which explanation to show
- switch (_saslStatusSelected) {
+ switch (_capSaslStatusSelected) {
case CapSupportStatus::Unknown:
saslStatusHeader = tr("Could not check if SASL supported by network");
saslStatusExplanation = tr("Quassel could not check if \"%1\" supports SASL. This may "
@@ -984,17 +1002,41 @@ void NetworksSettingsPage::on_saslStatusDetails_clicked()
.arg(netName);
break;
case CapSupportStatus::MaybeUnsupported:
- saslStatusHeader = tr("SASL not currently supported by network");
- saslStatusExplanation = tr("The network \"%1\" does not currently support SASL. "
- "However, support might be added later on.")
- .arg(netName);
+ if (displayedNetworkHasCertId()) {
+ // SASL EXTERNAL is used
+ saslStatusHeader = tr("SASL EXTERNAL not currently supported by network");
+ saslStatusExplanation = tr("The network \"%1\" does not currently support SASL "
+ "EXTERNAL for SSL certificate authentication. However, "
+ "support might be added later on.")
+ .arg(netName);
+ }
+ else {
+ // SASL PLAIN is used
+ saslStatusHeader = tr("SASL not currently supported by network");
+ saslStatusExplanation = tr("The network \"%1\" does not currently support SASL. "
+ "However, support might be added later on.")
+ .arg(netName);
+ }
useWarningIcon = true;
break;
case CapSupportStatus::MaybeSupported:
- saslStatusHeader = tr("SASL supported by network");
- saslStatusExplanation = tr("The network \"%1\" supports SASL. In most cases, you "
- "should use SASL instead of NickServ identification.")
- .arg(netName);
+ if (displayedNetworkHasCertId()) {
+ // SASL EXTERNAL is used
+ // With SASL v3.1, it's not possible to reliably tell if SASL EXTERNAL is supported,
+ // or just SASL PLAIN. Caution about this in the details dialog.
+ saslStatusHeader = tr("SASL EXTERNAL may be supported by network");
+ saslStatusExplanation = tr("The network \"%1\" may support SASL EXTERNAL for SSL "
+ "certificate authentication. In most cases, you should "
+ "use SASL instead of NickServ identification.")
+ .arg(netName);
+ }
+ else {
+ // SASL PLAIN is used
+ saslStatusHeader = tr("SASL supported by network");
+ saslStatusExplanation = tr("The network \"%1\" supports SASL. In most cases, you "
+ "should use SASL instead of NickServ identification.")
+ .arg(netName);
+ }
break;
}
@@ -1095,6 +1137,12 @@ IdentityId NetworksSettingsPage::defaultIdentity() const
return defaultId;
}
+bool NetworksSettingsPage::displayedNetworkHasCertId() const
+{
+ // Check if the CertIdentity exists and that it has a non-null SSL key set
+ return (_cid && !_cid->sslKey().isNull());
+}
+
/**************************************************************************
* NetworkAddDlg
*************************************************************************/
@@ -1108,7 +1156,7 @@ NetworkAddDlg::NetworkAddDlg(QStringList exist, QWidget* parent)
// Whenever useSSL is toggled, update the port number if not changed from the default
connect(ui.useSSL, &QAbstractButton::toggled, this, &NetworkAddDlg::updateSslPort);
- // Do NOT call updateSslPort when loading settings, otherwise port settings may be overriden.
+ // Do NOT call updateSslPort when loading settings, otherwise port settings may be overridden.
// If useSSL is later changed to be checked by default, change port's default value, too.
if (Client::isCoreFeatureEnabled(Quassel::Feature::VerifyServerSSL)) {
@@ -1258,7 +1306,7 @@ ServerEditDlg::ServerEditDlg(const Network::Server& server, QWidget* parent)
// Whenever useSSL is toggled, update the port number if not changed from the default
connect(ui.useSSL, &QAbstractButton::toggled, this, &ServerEditDlg::updateSslPort);
- // Do NOT call updateSslPort when loading settings, otherwise port settings may be overriden.
+ // Do NOT call updateSslPort when loading settings, otherwise port settings may be overridden.
// If useSSL is later changed to be checked by default, change port's default value, too.
if (Client::isCoreFeatureEnabled(Quassel::Feature::VerifyServerSSL)) {