#6372 Only show padlock when TLSv1.2 is detected

This is really crude and probably a bit fragile, but patches welcome! I also made the fingerprint dialog a bit friendlier while I was poking around.
This commit is contained in:
Nick Bolton 2018-07-28 01:52:56 +01:00
parent 60c0df5984
commit 0e0c701b61
2 changed files with 48 additions and 15 deletions

View File

@ -68,6 +68,9 @@ static const char synergyConfigName[] = "synergy.conf";
static const QString synergyConfigFilter(QObject::tr("Synergy Configurations (*.conf);;All files (*.*)")); static const QString synergyConfigFilter(QObject::tr("Synergy Configurations (*.conf);;All files (*.*)"));
#endif #endif
static const char* tlsVersion = "TLS 1.2";
static const char* tlsCheckString = "network encryption protocol: TLSv1.2";
static const char* synergyIconFiles[] = static const char* synergyIconFiles[] =
{ {
":/res/icons/16x16/synergy-disconnected.png", ":/res/icons/16x16/synergy-disconnected.png",
@ -113,6 +116,7 @@ MainWindow::MainWindow (QSettings& settings, AppConfig& appConfig,
#ifndef SYNERGY_ENTERPRISE #ifndef SYNERGY_ENTERPRISE
, m_ActivationDialogRunning(false) , m_ActivationDialogRunning(false)
#endif #endif
, m_SecureSocket(false)
{ {
setupUi(this); setupUi(this);
@ -147,9 +151,11 @@ MainWindow::MainWindow (QSettings& settings, AppConfig& appConfig,
m_SuppressAutoConfigWarning = false; m_SuppressAutoConfigWarning = false;
m_pComboServerList->hide(); m_pComboServerList->hide();
m_pLabelPadlock->hide();
m_trialWidget->hide(); m_trialWidget->hide();
// hide padlock icon
secureSocket(false);
connect (this, SIGNAL(windowShown()), connect (this, SIGNAL(windowShown()),
this, SLOT(on_windowShown()), Qt::QueuedConnection); this, SLOT(on_windowShown()), Qt::QueuedConnection);
#ifndef SYNERGY_ENTERPRISE #ifndef SYNERGY_ENTERPRISE
@ -464,6 +470,8 @@ void MainWindow::updateFromLogLine(const QString &line)
// TODO: this code makes Andrew cry // TODO: this code makes Andrew cry
checkConnected(line); checkConnected(line);
checkFingerprint(line); checkFingerprint(line);
checkSecureSocket(line);
#ifndef SYNERGY_ENTERPRISE #ifndef SYNERGY_ENTERPRISE
checkLicense(line); checkLicense(line);
#endif #endif
@ -522,11 +530,10 @@ void MainWindow::checkFingerprint(const QString& line)
QMessageBox::StandardButton fingerprintReply = QMessageBox::StandardButton fingerprintReply =
QMessageBox::information( QMessageBox::information(
this, tr("Security question"), this, tr("Security question"),
tr("Do you trust this fingerprint?\n\n" tr("You are connecting to a server. Here is it's fingerprint:\n\n"
"%1\n\n" "%1\n\n"
"This is a server fingerprint. You should compare this " "Compare this fingerprint to the one on your server's screen."
"fingerprint to the one on your server's screen. If the " "If the two don't match exactly, then it's probably not the server "
"two don't match exactly, then it's probably not the server "
"you're expecting (it could be a malicious user).\n\n" "you're expecting (it could be a malicious user).\n\n"
"To automatically trust this fingerprint for future " "To automatically trust this fingerprint for future "
"connections, click Yes. To reject this fingerprint and " "connections, click Yes. To reject this fingerprint and "
@ -544,6 +551,15 @@ void MainWindow::checkFingerprint(const QString& line)
} }
} }
void MainWindow::checkSecureSocket(const QString& line)
{
// obviously not very secure, since this can be tricked by injecting something
// into the log. however, since we don't have IPC between core and GUI... patches welcome.
if (line.contains(tlsCheckString)) {
secureSocket(true);
}
}
bool MainWindow::autoHide() bool MainWindow::autoHide()
{ {
if ((appConfig().processMode() == Desktop) && if ((appConfig().processMode() == Desktop) &&
@ -925,6 +941,13 @@ void MainWindow::synergyFinished(int exitCode, QProcess::ExitStatus)
void MainWindow::setSynergyState(qSynergyState state) void MainWindow::setSynergyState(qSynergyState state)
{ {
// always assume connection is not secure when connection changes
// to anything except connected. the only way the padlock shows is
// when the correct TLS version string is detected.
if (state != synergyConnected) {
secureSocket(false);
}
if (synergyState() == state) if (synergyState() == state)
return; return;
@ -954,24 +977,20 @@ void MainWindow::setSynergyState(qSynergyState state)
switch (state) switch (state)
{ {
case synergyConnected: { case synergyConnected: {
if (m_AppConfig->getCryptoEnabled()) { if (m_SecureSocket) {
m_pLabelPadlock->show(); setStatus(tr("Synergy is running (with %1)").arg(tlsVersion));
} }
else { else {
m_pLabelPadlock->hide(); setStatus(tr("Synergy is running (without %1)").arg(tlsVersion));
} }
setStatus(tr("Synergy is running."));
break; break;
} }
case synergyConnecting: case synergyConnecting:
m_pLabelPadlock->hide(); setStatus(tr("Synergy is starting..."));
setStatus(tr("Synergy is starting."));
break; break;
case synergyDisconnected: case synergyDisconnected:
m_pLabelPadlock->hide(); setStatus(tr("Synergy is not running"));
setStatus(tr("Synergy is not running."));
break; break;
case synergyTransfering: case synergyTransfering:
break; break;
@ -1567,3 +1586,14 @@ QString MainWindow::getProfileRootForArg()
return QString("\"%1\"").arg(dir); return QString("\"%1\"").arg(dir);
} }
bool MainWindow::secureSocket(bool secureSocket)
{
m_SecureSocket = secureSocket;
if (secureSocket) {
m_pLabelPadlock->show();
}
else {
m_pLabelPadlock->hide();
}
}

View File

@ -197,16 +197,18 @@ public slots:
#endif #endif
QString getProfileRootForArg(); QString getProfileRootForArg();
void checkConnected(const QString& line); void checkConnected(const QString& line);
void checkFingerprint(const QString& line);
void checkSecureSocket(const QString& line);
#ifndef SYNERGY_ENTERPRISE #ifndef SYNERGY_ENTERPRISE
void checkLicense(const QString& line); void checkLicense(const QString& line);
#endif #endif
void checkFingerprint(const QString& line);
bool autoHide(); bool autoHide();
QString getTimeStamp(); QString getTimeStamp();
void restartSynergy(); void restartSynergy();
void proofreadInfo(); void proofreadInfo();
void showEvent (QShowEvent*); void showEvent (QShowEvent*);
bool secureSocket(bool secureSocket);
private: private:
QSettings& m_Settings; QSettings& m_Settings;
@ -243,6 +245,7 @@ public slots:
bool m_ActivationDialogRunning; bool m_ActivationDialogRunning;
QStringList m_PendingClientNames; QStringList m_PendingClientNames;
#endif #endif
bool m_SecureSocket;
private slots: private slots:
void on_m_pButtonApply_clicked(); void on_m_pButtonApply_clicked();