about: Please fill in this template as much as you can, to help us, help you.
title: ''
labels: ''
assignees: ''
**Describe the bug**
A clear and concise description of what the bug is.
**To Reproduce**
Steps to reproduce the behavior:
1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error
**Expected behavior**
A clear and concise description of what you expected to happen.
If applicable, add screenshots to help explain your problem.
Please do not link to image hosting sites, as these can be ephemeral. Instead, attach them to the issue.
**Desktop (please complete the following information):**
- OS: [e.g. Windows]
- Barrier version [e.g 2.3.3]
**Additional context**
Add any other context about the problem here.

@ -2,6 +2,6 @@
# Barrier build parameters # Barrier build parameters
# #

View File

@ -91,7 +91,6 @@ if (UNIX)
check_function_exists (poll HAVE_POLL) check_function_exists (poll HAVE_POLL)
check_function_exists (sigwait HAVE_POSIX_SIGWAIT) check_function_exists (sigwait HAVE_POSIX_SIGWAIT)
check_function_exists (strftime HAVE_STRFTIME) check_function_exists (strftime HAVE_STRFTIME)
check_function_exists (vsnprintf HAVE_VSNPRINTF)
check_function_exists (inet_aton HAVE_INET_ATON) check_function_exists (inet_aton HAVE_INET_ATON)
# For some reason, the check_function_exists macro doesn't detect # For some reason, the check_function_exists macro doesn't detect
@ -292,6 +291,9 @@ elseif (${CMAKE_SYSTEM_NAME} MATCHES "Windows")
list (APPEND libs Wtsapi32 Userenv Wininet comsuppw Shlwapi) list (APPEND libs Wtsapi32 Userenv Wininet comsuppw Shlwapi)
add_definitions ( add_definitions (
/D_SILENCE_TR1_NAMESPACE_DEPRECATION_WARNING=1 # tr1 is used from gtest and gmock
@ -300,6 +302,8 @@ elseif (${CMAKE_SYSTEM_NAME} MATCHES "Windows")
) )
endif() endif()
# #
# OpenSSL # OpenSSL
# #
@ -317,10 +321,21 @@ if (${CMAKE_SYSTEM_NAME} MATCHES "Windows")
${OPENSSL_ROOT}/lib/ssleay32.lib ${OPENSSL_ROOT}/lib/ssleay32.lib
) )
elseif (${CMAKE_SYSTEM_NAME} MATCHES "Darwin") elseif (${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
find_program(APT_PROGRAM "apt")
find_program(BREW_PROGRAM "brew") find_program(BREW_PROGRAM "brew")
find_program(PORT_PROGRAM "port") find_program(PORT_PROGRAM "port")
# procursus/apt
set (OPENSSL_ROOT /opt/procursus)
include_directories (BEFORE SYSTEM ${OPENSSL_ROOT}/include)
# macports # macports
set (OPENSSL_ROOT /opt/local) set (OPENSSL_ROOT /opt/local)
@ -335,6 +350,16 @@ elseif (${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
include_directories (BEFORE SYSTEM ${OPENSSL_ROOT}/include) include_directories (BEFORE SYSTEM ${OPENSSL_ROOT}/include)
elseif (IS_DIRECTORY /opt/homebrew/opt/openssl AND BREW_PROGRAM)
# brew
set (OPENSSL_ROOT /opt/homebrew/opt/openssl)
include_directories (BEFORE SYSTEM ${OPENSSL_ROOT}/include)
${OPENSSL_ROOT}/lib/libssl.a ${OPENSSL_ROOT}/lib/libssl.a
${OPENSSL_ROOT}/lib/libcrypto.a ${OPENSSL_ROOT}/lib/libcrypto.a

View File

View File

@ -123,7 +123,7 @@ __Q: Is it possible to use Barrier on Mac OS X / OS X versions prior to 10.12?__
**Q: After loading my configuration on the client the field 'Server IP' is still empty!** **Q: After loading my configuration on the client the field 'Server IP' is still empty!**
> A: Edit your configuration to include the servers ip adress manually with > A: Edit your configuration to include the server's ip address manually with
> >
>``` >```
>(...) >(...)

59 Normal file
View File

@ -0,0 +1,59 @@
Creating a release
This document is documentation intednded for maintainers of Barrier.
It documents the release process of Barrier.
Step 1: Setup environment variables
Setup the following environment variable that will be used throughout the rest of the steps.
export VERSION=X.Y.Z
Step 2: Release notes PR
Open a new branch (e.g. `release`) and run the following:
towncrier --version ${VERSION} --date `date -u +%F`
This collects the release notes using the `towncrier` tool. Please commit the collected release
notes afterwards.
Certain file names are not properly supported by the `towncrier` tool and it ignores them.
Check `newsfragments` directory for any forgotten release notes
Step 3: Merge the release notes PR
Step 4: Push git tag
Pull the merge commit created on the `master` branch during the step 2.
Create a tag:
git tag -s v${VERSION} -m v${VERSION}
Push the tag:
git push origin master --tags
Step 5: Draft a new release on Github
Go to and draft a new release.
Use git tag as the title of the release: `vX.Y.Z`.
Use the release notes generated by the `towncrier` tool as the description of the releases.
Upload the artifacts created by Azure pipelines as the binaries of the release. The following
artifacts should be uploaded to Github:
- the Barrier-X.Y.Z-release.dmg created by the oldest Mac OS task (artifact name is
"Mac Release Disk Image and App XYZ").
- the BarrierSetup-X.Y.Z-release.exe (artifact name is Windows Release Installer).

View File

@ -65,8 +65,6 @@ jobs:
- job: LinuxBuild - job: LinuxBuild
strategy: strategy:
matrix: matrix:
imageName: 'ubuntu-16.04'
ubuntu-18.04: ubuntu-18.04:
imageName: 'ubuntu-18.04' imageName: 'ubuntu-18.04'
ubuntu-20.04: ubuntu-20.04:
@ -83,13 +81,22 @@ jobs:
- job: MacBuild - job: MacBuild
displayName: Mac Build displayName: Mac Build
vmImage: 'macOS-10.14'
strategy: strategy:
matrix: matrix:
Release: big-sur-Release:
imageName: "macOS-11"
imageName: "macOS-10.15"
imageName: "macOS-10.14"
vmImage: $(imageName)
variables: variables:
TERM: xterm-256color TERM: xterm-256color
@ -107,4 +114,4 @@ jobs:
condition: eq(variables['B_BUILD_TYPE'], 'Release') condition: eq(variables['B_BUILD_TYPE'], 'Release')
inputs: inputs:
pathtoPublish: build/bundle pathtoPublish: build/bundle
artifactName: Mac Release Disk Image and App artifactName: Mac Release Disk Image and App $(imageName)

View File

@ -1,8 +1,7 @@
$ErrorActionPreference = "Stop" $ErrorActionPreference = "Stop"
New-Item -Force -ItemType Directory -Path ".\deps\" New-Item -Force -ItemType Directory -Path ".\deps\"
$Wc = New-Object System.Net.WebClient Invoke-WebRequest '' -OutFile 'deps\' ;
$Wc.DownloadFile('', 'deps\') ;
Write-Output 'Downloaded BonjourSDKLike Zip' Write-Output 'Downloaded BonjourSDKLike Zip'
Write-Output 'Unzipping BonjourSDKLike Zip' Write-Output 'Unzipping BonjourSDKLike Zip'
Remove-Item -Recurse -Force -ErrorAction Ignore .\deps\BonjourSDKLike Remove-Item -Recurse -Force -ErrorAction Ignore .\deps\BonjourSDKLike

View File

@ -6,8 +6,7 @@ $qt_version = '5.13.0'
New-Item -Force -ItemType Directory -Path ".\deps\" New-Item -Force -ItemType Directory -Path ".\deps\"
Write-Output 'Downloading QLI Installer' Write-Output 'Downloading QLI Installer'
$Wc = New-Object System.Net.WebClient Invoke-WebRequest "$" -OutFile '.\deps\' ;
$Wc.DownloadFile("$", '.\deps\') ;
Write-Output 'Downloaded QLI Installer' Write-Output 'Downloaded QLI Installer'
Write-Output 'Extracting QLI Installer' Write-Output 'Extracting QLI Installer'

View File

@ -41,8 +41,7 @@ if ERRORLEVEL 1 goto failed
cd build cd build
cmake -G "%cmake_gen%" -A x64 -D CMAKE_BUILD_TYPE=%B_BUILD_TYPE% -D CMAKE_PREFIX_PATH="%B_QT_FULLPATH%" -D DNSSD_LIB="%B_BONJOUR%\Lib\x64\dnssd.lib" -D QT_VERSION=%B_QT_VER% .. cmake -G "%cmake_gen%" -A x64 -D CMAKE_BUILD_TYPE=%B_BUILD_TYPE% -D CMAKE_PREFIX_PATH="%B_QT_FULLPATH%" -D DNSSD_LIB="%B_BONJOUR%\Lib\x64\dnssd.lib" -D QT_VERSION=%B_QT_VER% ..
if ERRORLEVEL 1 goto failed if ERRORLEVEL 1 goto failed
echo @msbuild barrier.sln /p:Platform="x64" /p:Configuration=%B_BUILD_TYPE% /m %B_BUILD_OPTIONS% > make.bat cmake --build . --config %B_BUILD_TYPE%
call make.bat
if ERRORLEVEL 1 goto failed if ERRORLEVEL 1 goto failed
if exist bin\Debug ( if exist bin\Debug (
copy %B_QT_FULLPATH%\bin\Qt5Cored.dll bin\Debug\ > NUL copy %B_QT_FULLPATH%\bin\Qt5Cored.dll bin\Debug\ > NUL
@ -65,7 +64,7 @@ if exist bin\Debug (
mkdir bin\Release\platforms mkdir bin\Release\platforms
copy %B_QT_FULLPATH%\plugins\platforms\qwindows.dll bin\Release\platforms\ > NUL copy %B_QT_FULLPATH%\plugins\platforms\qwindows.dll bin\Release\platforms\ > NUL
) else ( ) else (
echo Remember to copy supporting binaries and confiuration files! echo Remember to copy supporting binaries and configuration files!
) )
echo Build completed successfully echo Build completed successfully

View File

@ -1,10 +1,10 @@
#!/bin/sh #!/bin/sh
cd "$(dirname $0)" || exit 1 cd "$(dirname "$0")" || exit 1
# some environments have cmake v2 as 'cmake' and v3 as 'cmake3' # some environments have cmake v2 as 'cmake' and v3 as 'cmake3'
# check for cmake3 first then fallback to just cmake # check for cmake3 first then fallback to just cmake
B_CMAKE=`type cmake3 2>/dev/null` B_CMAKE=`type cmake3 2>/dev/null`
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
B_CMAKE=`echo $B_CMAKE | cut -d' ' -f3` B_CMAKE=`echo "$B_CMAKE" | cut -d' ' -f3`
else else
B_CMAKE=cmake B_CMAKE=cmake
fi fi
rm -rf build rm -rf build
mkdir build || exit 1 mkdir build || exit 1
cd build || exit 1 cd build || exit 1
echo Starting Barrier $B_BUILD_TYPE build... echo "Starting Barrier $B_BUILD_TYPE build..."
$B_CMAKE $B_CMAKE_FLAGS .. || exit 1 $B_CMAKE $B_CMAKE_FLAGS .. || exit 1
make || exit 1 make || exit 1
echo "Build completed successfully" echo "Build completed successfully"

View File

@ -1,8 +1,8 @@
cmake_minimum_required (VERSION 3.4) cmake_minimum_required (VERSION 3.4)
# #

View File

@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
# Use the same verbose variable as CMake # Use the same verbose variable as CMake
[ "$VERBOSE" == "1" ] && set -x [ "$VERBOSE" = "1" ] && set -x
# Exit on unset variables or pipe errors # Exit on unset variables or pipe errors
set -uo pipefail set -uo pipefail
@ -14,10 +14,10 @@ B_BARRIERC=""
# Colorized output # Colorized output
function info() { tput bold; echo "$@" ; tput sgr0 ;} info() { tput bold; echo "$@"; tput sgr0 ; }
function error() { tput bold; tput setaf 1; echo "$@"; tput sgr0 ; } error() { tput bold; tput setaf 1; echo "$@"; tput sgr0 ; }
function success() { tput bold; tput setaf 2; echo "$@"; tput sgr0 ; } success() { tput bold; tput setaf 2; echo "$@"; tput sgr0 ; }
function warn() { tput bold; tput setaf 3; echo "$@"; tput sgr0 ; } warn() { tput bold; tput setaf 3; echo "$@"; tput sgr0 ; }
info "Checking for bundle contents" info "Checking for bundle contents"
if [ ! -d "" ]; then if [ ! -d "" ]; then
@ -40,7 +40,7 @@ if which -s port ; then
info "MacPorts found, searching for macdeployqt" info "MacPorts found, searching for macdeployqt"
DEPLOYQT="$(port contents qt5-qttools | grep --only --max-count 1 '/.*macdeployqt')" DEPLOYQT="$(port contents qt5-qttools | grep --only --max-count 1 '/.*macdeployqt')"
if [ ! -x "$DEPLOYQT" ]; then if [ ! -x "$DEPLOYQT" ]; then
error Please install package qt5-qttools error "Please install package qt5-qttools"
exit 1 exit 1
fi fi
fi fi
@ -50,13 +50,13 @@ if which -s brew ; then
info "Homebrew found, searching for macdeployqt" info "Homebrew found, searching for macdeployqt"
DEPLOYQT="$(brew list qt@5 | grep --only '/.*macdeployqt' | head -1)" DEPLOYQT="$(brew list qt@5 | grep --only '/.*macdeployqt' | head -1)"
if [ ! -x "$DEPLOYQT" ]; then if [ ! -x "$DEPLOYQT" ]; then
error Please install package qt error "Please install package qt"
exit 1 exit 1
fi fi
fi fi
# Use macdeployqt to include libraries and create dmg # Use macdeployqt to include libraries and create dmg
if [ "$B_BUILDTYPE" == "Release" ]; then if [ "$B_BUILDTYPE" = "Release" ]; then
info "Building Release disk image (dmg)" info "Building Release disk image (dmg)"
"$DEPLOYQT" -dmg \ "$DEPLOYQT" -dmg \
-executable="$B_BARRIERC" \ -executable="$B_BARRIERC" \

View File

@ -1,30 +1,30 @@
#!/bin/sh #!/bin/sh
# add warning for users running manually # add warning for users running manually
function warn() { tput bold; tput setaf 3; echo "$@"; tput sgr0 ; } warn() { tput bold; tput setaf 3; echo "$@"; tput sgr0 ; }
warn "The scripts and have been deprecated." warn "The scripts and have been deprecated."
warn "Please use instead to deploy using macdeployqt" warn "Please use instead to deploy using macdeployqt"
# change this to rename the installer package # change this to rename the installer package
cd "$( dirname '$0' )" cd "$( dirname "$0" )"
OWNDIR="$( pwd )" OWNDIR="$( pwd )"
if [ ! -x $B_REREF_SCRIPT ]; then if [ ! -x "$B_REREF_SCRIPT" ]; then
echo Missing script: $B_REREF_SCRIPT echo "Missing script: $B_REREF_SCRIPT"
exit 1 exit 1
fi fi
# remove any old copies so there's no confusion about whether this # remove any old copies so there's no confusion about whether this
# process completes successfully or not # process completes successfully or not
rm -rf temp.dmg $B_DMG rm -rf temp.dmg "$B_DMG"
cd 2>/dev/null cd 2>/dev/null
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo Please make sure that the build completed successfully echo "Please make sure that the build completed successfully"
echo before trying to create the installer. echo "before trying to create the installer."
exit 1 exit 1
fi fi
@ -77,7 +77,7 @@ hdiutil create -size 64m -fs HFS+ -volname "Barrier" temp.dmg || exit 1
hdiutil attach temp.dmg -mountpoint mnt || exit 1 hdiutil attach temp.dmg -mountpoint mnt || exit 1
cp -r mnt/ || exit 1 cp -r mnt/ || exit 1
hdiutil detach mnt || exit 1 hdiutil detach mnt || exit 1
hdiutil convert temp.dmg -format UDZO -o $B_DMG || exit 1 hdiutil convert temp.dmg -format UDZO -o "$B_DMG" || exit 1
rm temp.dmg rm temp.dmg
echo "dmg $B_DMB created successfully" echo "dmg $B_DMG created successfully"

View File

@ -5,28 +5,28 @@ B_TARGET=$1
if [ "x$B_TARGET" = "x" ]; then if [ "x$B_TARGET" = "x" ]; then
# add warning for users running manually # add warning for users running manually
function warn() { tput bold; tput setaf 3; echo "$@"; tput sgr0 ; } warn() { tput bold; tput setaf 3; echo "$@"; tput sgr0 ; }
warn "The scripts and have been deprecated." warn "The scripts and have been deprecated."
warn "Please use instead to deploy using macdeployqt" warn "Please use instead to deploy using macdeployqt"
echo Which binary needs to be re-referenced? echo "Which binary needs to be re-referenced?"
exit 1 exit 1
fi fi
cd $(dirname $B_TARGET) || exit 1 cd "$(dirname "$B_TARGET")" || exit 1
# where to find non-system libraries relative to target's directory. # where to find non-system libraries relative to target's directory.
# the vast majority of the time this should be empty # the vast majority of the time this should be empty
# we're in target's directory now. trim off the path # we're in target's directory now. trim off the path
B_TARGET=$(basename $B_TARGET) B_TARGET=$(basename "$B_TARGET")
# get a list of non-system libraries and make local copies # get a list of non-system libraries and make local copies
B_LIBS=$(otool -XL $B_TARGET | awk '{ print $1 }' | grep -Ev '^(/usr/lib|/System)') B_LIBS=$(otool -XL "$B_TARGET" | awk '{ print $1 }' | grep -Ev '^(/usr/lib|/System)')
[ $? -ne 0 ] && exit 1 [ $? -ne 0 ] && exit 1
for B_LIB in $B_LIBS; do for B_LIB in $B_LIBS; do
B_LIB_NAME=$(basename $B_LIB) B_LIB_NAME=$(basename "$B_LIB")
# otool reports barrier as "barrier:" which fails self-reference test below # otool reports barrier as "barrier:" which fails self-reference test below
@ -34,16 +34,16 @@ for B_LIB in $B_LIBS; do
[ "$B_TARGET" = "$B_LIB_NAME" ] && continue [ "$B_TARGET" = "$B_LIB_NAME" ] && continue
if [ ! -e $B_DST ]; then if [ ! -e "$B_DST" ]; then
cp $B_LIB $B_DST || exit 1 cp "$B_LIB" "$B_DST" || exit 1
chmod u+rw $B_DST || exit 1 chmod u+rw "$B_DST" || exit 1
# recursively call this script on libraries purposefully not passing # recursively call this script on libraries purposefully not passing
# $B_REL_PATH so that it is only used explicitly # $B_REL_PATH so that it is only used explicitly
$0 $B_DST $0 "$B_DST"
fi fi
# adjust the target's metadata to point to the local copy # adjust the target's metadata to point to the local copy
# rather than the system-wide copy which would only exist on # rather than the system-wide copy which would only exist on
# a development machine # a development machine
install_name_tool -change $B_LIB @loader_path/$B_DST $B_TARGET || exit 1 install_name_tool -change "$B_LIB" "@loader_path/$B_DST" "$B_TARGET" || exit 1
done done

View File

@ -47,7 +47,7 @@ section: links
end end
# The aliases section is to map the full names of the computers to their logical names used in the screens section # The aliases section is to map the full names of the computers to their logical names used in the screens section
# One way to find the actual name of a comptuer is to run hostname from a command window # One way to find the actual name of a computer is to run hostname from a command window
section: aliases section: aliases
# Laptop is actually known as John-Smiths-MacBook-3.local # Laptop is actually known as John-Smiths-MacBook-3.local
John-Smiths-MacBook-3.local: John-Smiths-MacBook-3.local:

View File

@ -1,5 +1,5 @@
.\" See UpdateManpages.txt about modification of this file. Most of it was generated by help2man 1.47.8. .\" See UpdateManpages.txt about modification of this file. Most of it was generated by help2man 1.47.8.
.TH BARRIERC "1" "November 2019" "barrierc 2.3.3-release" "User Commands" .TH BARRIERC "1" "November 2019" "barrierc 2.4.0-release" "User Commands"
barrierc \- Barrier Keyboard/Mouse Client barrierc \- Barrier Keyboard/Mouse Client

View File

@ -1,5 +1,5 @@
.\" See UpdateManpages.txt about modification of this file. Most of it was generated by help2man 1.47.8. .\" See UpdateManpages.txt about modification of this file. Most of it was generated by help2man 1.47.8.
.TH BARRIERS "1" "November 2019" "barriers 2.3.3-release" "User Commands" .TH BARRIERS "1" "November 2019" "barriers 2.4.0-release" "User Commands"
barriers \- Barrier Keyboard/Mouse Server barriers \- Barrier Keyboard/Mouse Server

View File

@ -1,12 +1,13 @@
This is the directory for news snippets used by towncrier: This is the directory for release note fragments processed by
When changing code in a way that's visible to an end user please make a new file in this directory. When making a user-visible change create a file in this directory and it will be automatically be
It will be removed and integrated into release notes document upon a release of a new version of included into the release note document when the next release is published.
towncrier has a few standard types of news fragments, signified by the file extension. These are: The file extension specifies the type of a change. The following are currently supported:
.feature: Signifying a new feature. - .feature: a new feature.
.bugfix: Signifying a bug fix. - .bugfix: a bug fix.
.doc: Signifying a documentation improvement. - .security: a fix for security issue.
.removal: Signifying a deprecation or removal of public API. - .doc: a documentation improvement.
- .removal: a deprecation or removal of functionality.

View File

@ -1 +0,0 @@
Fix build failure on mips*el and riscv64 architecture.

View File

@ -1 +0,0 @@
Fixed reading of configuration on Windows when the paths contain non-ASCII characters (,,

View File

@ -1 +0,0 @@
Added `--drop-target` option that improves drag and drop support on Windows when Barrier is being run as a portable app.

View File

@ -0,0 +1,2 @@
Fix wrong encoding for text copied between Linux and Windows

View File

@ -1 +0,0 @@
Map more X11 clipboard MIME types to corresponding converters (

View File

@ -0,0 +1 @@
Fixed build on GCC 11.2 (

View File

@ -1 +0,0 @@
Implemented a configuration option for Server GUI auto-start.

View File

@ -1 +0,0 @@
Fixed setup of multiple actions associated with a hotkey.

View File

@ -1 +0,0 @@
Fixed setup of hotkeys with special characters such as comma and semicolon (

View File

@ -1 +0,0 @@
Made it possible to use keyboard instead of mouse to modify screen layout.

View File

@ -1 +0,0 @@
Added support for keyboard backlight media keys

View File

@ -1 +0,0 @@
Added support for Eisu_toggle and Muhenkan keys

View File

@ -1 +0,0 @@
Fixed transfer of non-ASCII characters coming from a Windows server in certain cases (

View File

@ -1 +0,0 @@
Added `--profile-dir` option that allows to select custom profile directory.

View File

@ -1 +0,0 @@
Barrier will now regenerate server certificate if it's invalid instead of failing to launch (

View File

@ -1 +0,0 @@
Added support for additional keys on Sun Microsystems USB keyboards (

View File

@ -1 +0,0 @@
Updated Chinese translation.

View File

@ -1 +0,0 @@
Updated Slovak translation.

View File

@ -1 +0,0 @@
Theme icons are now preferred to icons distributed together with Barrier (

View File

@ -1 +0,0 @@
Fixed incorrect setup of Barrier service path on Windows.

View File

@ -0,0 +1,98 @@
Release notes
[comment]: <> (towncrier release notes start)
Barrier `2.4.0` ( `2021-11-01` )
Security fixes
- Barrier now supports client identity verification (fixes CVE-2021-42072, CVE-2021-42073).
Previously a malicious client could connect to Barrier server without any authentication and
send application-level messages. This made the attack surface of Barrier significantly larger.
Additionally, in case the malicious client got possession of a valid screen name by brute forcing
or other means it could modify the clipboard contents of the server.
To support seamless upgrades from older versions of Barrier this is currently disabled by default.
The feature can be enabled in the settings dialog. If enabled, older clients of Barrier will be
- Barrier now uses SHA256 fingerprints for establishing security of encrypted SSL connections.
After upgrading client to new version the existing server fingerprint will need to be approved
again. Client and server will show both SHA1 and SHA256 server fingerprints to allow
interoperability with older versions of Barrier.
All of the above security issues have been reported by Matthias Gerstner who was really helpful
resolving them.
Bug fixes
- Fixed build failure on mips*el and riscv64 architecture.
- Fixed reading of configuration on Windows when the paths contain non-ASCII characters
- Barrier no longer uses openssl CLI tool for any operations and hooks into the openssl library directly.
- More X11 clipboard MIME types have been mapped to corresponding converters (
- Fixed setup of multiple actions associated with a hotkey.
- Fixed setup of hotkeys with special characters such as comma and semicolon
- Fixed transfer of non-ASCII characters coming from a Windows server in certain cases
- Barrier will now regenerate server certificate if it's invalid instead of failing to launch
- Added support for additional keys on Sun Microsystems USB keyboards
- Updated Chinese translation.
- Updated Slovak translation.
- Theme icons are now preferred to icons distributed together with Barrier
- Fixed incorrect setup of Barrier service path on Windows.
- Added `--drop-target` option that improves drag and drop support on Windows when Barrier is
being run as a portable app.
- The `--enable-crypto` command line option has been made the default to reduce chances of
accidental security mishaps when configuring Barrier from command line.
A new `--disable-crypto` command line option has been added to explicitly disable encryption.
- Added support for randomart images for easier comparison of SSL certificate fingerprints.
The algorithm is identical to what OpenSSH uses.
- Implemented a configuration option for Server GUI auto-start.
- Made it possible to use keyboard instead of mouse to modify screen layout.
- Added support for keyboard backlight media keys
- Added support for Eisu_toggle and Muhenkan keys
- Added `--profile-dir` option that allows to select custom profile directory.
Barrier `2.3.4` ( `2021-11-01` )
Security fixes
- Barrier will now correctly close connections when the app-level handshake fails (fixes CVE-2021-42075).
Previously repeated failing connections would leak file descriptors leading to Barrier being unable
to receive new connections from clients.
- Barrier will now enforce a maximum length of input messages (fixes CVE-2021-42076).
Previously it was possible for a malicious client or server to send excessive length messages
leading to denial of service by resource exhaustion.
- Fixed a bug which caused Barrier to crash when disconnecting a TCP session just after sending
Hello message (fixes CVE-2021-42074).
This bug allowed an unauthenticated attacker to crash Barrier with only network access.
All of the above security issues have been reported by Matthias Gerstner who was really helpful
resolving them.
Bug fixes
- Fixed a bug in SSL implementation that caused invalid data occasionally being sent to clients
under heavy load.

View File

@ -0,0 +1,37 @@
{% for section, _ in sections|dictsort(by='key') %}
{% set underline = "-" %}
{% if section %}
{{ underline * section|length }}{% set underline = "-" %}
{% endif %}
{% if sections[section] %}
{% for category, val in definitions|dictsort if category in sections[section]%}
{{ definitions[category]['name'] }}
{{ underline * definitions[category]['name']|length }}
{% if definitions[category]['showcontent'] %}
{% for text, values in sections[section][category]|dictsort(by='value') %}
- {{ text }}
{% endfor %}
{% else %}
- {{ sections[section][category]['']|sort|join(', ') }}
{% endif %}
{% if sections[section][category]|length == 0 %}
No significant changes.
{% else %}
{% endif %}
{% endfor %}
{% else %}
No significant changes.
{% endif %}
{% endfor %}

ext/gulrak-filesystem Submodule

@ -0,0 +1 @@
Subproject commit 614bbe87b80435d87ab8791564370e0c1d13627d

View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# Checks if directory exists, otherwise asks to install package. # Checks if directory exists, otherwise asks to install package.
function check_dir_exists() { check_dir_exists() {
local path=$1 local path=$1
local package=$2 local package=$2
@ -11,7 +11,7 @@ function check_dir_exists() {
fi fi
} }
if [ ! $BARRIER_BUILD_ENV ]; then if [ -z "$BARRIER_BUILD_ENV" ]; then
check_dir_exists '/Applications/' 'Xcode' check_dir_exists '/Applications/' 'Xcode'
printf "Modifying environment for Barrier build...\n" printf "Modifying environment for Barrier build...\n"
@ -30,17 +30,14 @@ if [ ! $BARRIER_BUILD_ENV ]; then
elif command -v brew; then elif command -v brew; then
printf "Detected Homebrew\n" printf "Detected Homebrew\n"
QT_PATH=$(brew --prefix qt@5) QT_PATH=$(brew --prefix qt@5)
OPENSSL_PATH=$(brew --prefix openssl)
check_dir_exists "$QT_PATH" 'qt' check_dir_exists "$QT_PATH" 'qt5'
check_dir_exists "$OPENSSL_PATH" 'openssl'
export CPATH="$OPENSSL_PATH/include:$CPATH" export CPATH="/opt/procursus/include:$CPATH"
export PKG_CONFIG_PATH="$OPENSSL_PATH/lib/pkgconfig:$PKG_CONFIG_PATH" export PKG_CONFIG_PATH="/opt/procursus/lib/pkgconfig:$PKG_CONFIG_PATH"
else else
printf "Neither Homebrew nor Macports is installed. Can't get dependency paths\n" printf "Neither Homebrew nor Macports is installed. Can't get dependency paths\n"
exit 1 exit 1

View File

@ -1,4 +1,4 @@
Thank you for chosing Barrier! Thank you for choosing Barrier!
Barrier allows you to share your keyboard and mouse between computers over a network. Barrier allows you to share your keyboard and mouse between computers over a network.

View File

@ -5,6 +5,5 @@ Comment=Keyboard and mouse sharing solution
Exec=barrier Exec=barrier
Icon=barrier Icon=barrier
Terminal=false Terminal=false
Categories=Utility;DesktopUtility; Categories=Utility;RemoteAccess;
Keywords=keyboard;mouse;sharing;network;share; Keywords=keyboard;mouse;sharing;network;share;

View File

@ -94,9 +94,6 @@
/* Define to 1 if you have the <unistd.h> header file. */ /* Define to 1 if you have the <unistd.h> header file. */
/* Define to 1 if you have the `vsnprintf` function. */
/* Define to 1 if you have the <wchar.h> header file. */ /* Define to 1 if you have the <wchar.h> header file. */
#cmakedefine HAVE_WCHAR_H ${HAVE_WCHAR_H} #cmakedefine HAVE_WCHAR_H ${HAVE_WCHAR_H}

View File

@ -1,10 +1,10 @@
#!/bin/sh #!/bin/sh
ICNS_BASE=../dist/macos/bundle/ ICNS_BASE=../dist/macos/bundle/
if ! which magick >/dev/null 2>&1; then if ! which magick >/dev/null 2>&1; then
echo "Need ImageMagic for this" echo "Need ImageMagick for this"
exit 10 exit 10
fi fi
cd $(dirname $0) || exit $? cd "$(dirname "$0")" || exit $?
if [ ! -r barrier.png ]; then if [ ! -r barrier.png ]; then
echo "Use inkscape (or another vector graphics editor) to create barrier.png from barrier.svg first" echo "Use inkscape (or another vector graphics editor) to create barrier.png from barrier.svg first"
exit 10 exit 10
@ -12,11 +12,11 @@ fi
rm -rf work || exit $? rm -rf work || exit $?
mkdir -p work || exit $? mkdir -p work || exit $?
for s in 16 24 32 48 64 128 256 512 1024; do for s in 16 24 32 48 64 128 256 512 1024; do
magick convert barrier.png -resize ${s}x${s} -depth 8 work/${s}.png || exit $? magick convert barrier.png -resize "${s}x${s}" -depth 8 "work/${s}.png" || exit $?
done done
# windows icon # windows icon
magick convert work/{16,24,32,48,64,128}.png barrier.png barrier.ico || exit $? magick convert work/{16,24,32,48,64,128}.png barrier.png barrier.ico || exit $?
# macos icon # macos icon
png2icns $ICNS_BASE/Barrier.icns work/{16,32,256,512,1024}.png || exit $? png2icns "$ICNS_BASE/Barrier.icns" work/{16,32,256,512,1024}.png || exit $?
rm -rf work rm -rf work
echo Done echo Done

View File

VALUE "OriginalFilename", "barrierd.exe" VALUE "OriginalFilename", "barrierd.exe"
VALUE "FileDescription", "Open source KVM software deamon" VALUE "FileDescription", "Open source KVM software daemon"
VALUE "InternalName", "barrierd" VALUE "InternalName", "barrierd"

View File

@ -46,5 +46,3 @@ if (${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
install (TARGETS barriers DESTINATION bin) install (TARGETS barriers DESTINATION bin)
endif() endif()

View File

@ -29,7 +29,7 @@ set(GUI_SOURCE_FILES
src/CommandProcess.cpp src/CommandProcess.cpp
src/DataDownloader.cpp src/DataDownloader.cpp
src/DisplayIsValid.cpp src/DisplayIsValid.cpp
src/Fingerprint.cpp src/FingerprintAcceptDialog.cpp
src/HotkeyDialog.cpp src/HotkeyDialog.cpp
src/IpcClient.cpp src/IpcClient.cpp
src/Ipc.cpp src/Ipc.cpp
@ -70,7 +70,6 @@ set(GUI_HEADER_FILES
src/DataDownloader.h src/DataDownloader.h
src/DisplayIsValid.h src/DisplayIsValid.h
src/ElevateMode.h src/ElevateMode.h
src/HotkeyDialog.h src/HotkeyDialog.h
src/IpcClient.h src/IpcClient.h
src/Ipc.h src/Ipc.h
@ -106,6 +105,7 @@ set(GUI_UI_FILES
src/AboutDialogBase.ui src/AboutDialogBase.ui
src/ActionDialogBase.ui src/ActionDialogBase.ui
src/AddClientDialogBase.ui src/AddClientDialogBase.ui
src/HotkeyDialogBase.ui src/HotkeyDialogBase.ui
src/LogWindowBase.ui src/LogWindowBase.ui
src/MainWindowBase.ui src/MainWindowBase.ui
@ -131,7 +131,7 @@ add_executable (barrier WIN32
include_directories (./src) include_directories (./src)
target_link_libraries (barrier Qt5::Core Qt5::Widgets Qt5::Network ${OPENSSL_LIBS}) target_link_libraries(barrier net base io Qt5::Core Qt5::Widgets Qt5::Network ${OPENSSL_LIBS})
target_compile_definitions (barrier PRIVATE -DBARRIER_VERSION_STAGE="${BARRIER_VERSION_STAGE}") target_compile_definitions (barrier PRIVATE -DBARRIER_VERSION_STAGE="${BARRIER_VERSION_STAGE}")
target_compile_definitions (barrier PRIVATE -DBARRIER_REVISION="${BARRIER_REVISION}") target_compile_definitions (barrier PRIVATE -DBARRIER_REVISION="${BARRIER_REVISION}")

View File

@ -40,4 +40,3 @@ class AboutDialog : public QDialog, public Ui::AboutDialogBase
}; };
#endif #endif

View File

@ -164,4 +164,3 @@ QTextStream& operator<<(QTextStream& outStream, const Action& action)
return outStream; return outStream;
} }

View File

@ -158,6 +158,8 @@ void AppConfig::loadSettings()
m_ElevateMode = static_cast<ElevateMode>(elevateMode.toInt()); m_ElevateMode = static_cast<ElevateMode>(elevateMode.toInt());
m_AutoConfigPrompted = settings().value("autoConfigPrompted", false).toBool(); m_AutoConfigPrompted = settings().value("autoConfigPrompted", false).toBool();
m_CryptoEnabled = settings().value("cryptoEnabled", true).toBool(); m_CryptoEnabled = settings().value("cryptoEnabled", true).toBool();
// TODO: set default value of requireClientCertificate to true on Barrier 2.5.0
m_RequireClientCertificate = settings().value("requireClientCertificate", false).toBool();
m_AutoHide = settings().value("autoHide", false).toBool(); m_AutoHide = settings().value("autoHide", false).toBool();
m_AutoStart = settings().value("autoStart", false).toBool(); m_AutoStart = settings().value("autoStart", false).toBool();
m_MinimizeToTray = settings().value("minimizeToTray", false).toBool(); m_MinimizeToTray = settings().value("minimizeToTray", false).toBool();
@ -181,6 +183,7 @@ void AppConfig::saveSettings()
settings().setValue("elevateModeEnum", static_cast<int>(m_ElevateMode)); settings().setValue("elevateModeEnum", static_cast<int>(m_ElevateMode));
settings().setValue("autoConfigPrompted", m_AutoConfigPrompted); settings().setValue("autoConfigPrompted", m_AutoConfigPrompted);
settings().setValue("cryptoEnabled", m_CryptoEnabled); settings().setValue("cryptoEnabled", m_CryptoEnabled);
settings().setValue("requireClientCertificate", m_RequireClientCertificate);
settings().setValue("autoHide", m_AutoHide); settings().setValue("autoHide", m_AutoHide);
settings().setValue("autoStart", m_AutoStart); settings().setValue("autoStart", m_AutoStart);
settings().setValue("minimizeToTray", m_MinimizeToTray); settings().setValue("minimizeToTray", m_MinimizeToTray);
@ -225,6 +228,10 @@ void AppConfig::setCryptoEnabled(bool e) { m_CryptoEnabled = e; }
bool AppConfig::getCryptoEnabled() const { return m_CryptoEnabled; } bool AppConfig::getCryptoEnabled() const { return m_CryptoEnabled; }
void AppConfig::setRequireClientCertificate(bool e) { m_RequireClientCertificate = e; }
bool AppConfig::getRequireClientCertificate() const { return m_RequireClientCertificate; }
void AppConfig::setAutoHide(bool b) { m_AutoHide = b; } void AppConfig::setAutoHide(bool b) { m_AutoHide = b; }
bool AppConfig::getAutoHide() { return m_AutoHide; } bool AppConfig::getAutoHide() { return m_AutoHide; }

View File

@ -91,6 +91,9 @@ class AppConfig: public QObject
void setCryptoEnabled(bool e); void setCryptoEnabled(bool e);
bool getCryptoEnabled() const; bool getCryptoEnabled() const;
void setRequireClientCertificate(bool e);
bool getRequireClientCertificate() const;
void setAutoHide(bool b); void setAutoHide(bool b);
bool getAutoHide(); bool getAutoHide();
@ -132,6 +135,7 @@ protected:
ElevateMode m_ElevateMode; ElevateMode m_ElevateMode;
bool m_AutoConfigPrompted; bool m_AutoConfigPrompted;
bool m_CryptoEnabled; bool m_CryptoEnabled;
bool m_RequireClientCertificate = false;
bool m_AutoHide; bool m_AutoHide;
bool m_AutoStart; bool m_AutoStart;
bool m_MinimizeToTray; bool m_MinimizeToTray;

View File

@ -44,4 +44,3 @@ const char* BaseConfig::m_SwitchCornerNames[] =
"bottom-left", "bottom-left",
"bottom-right" "bottom-right"
}; };

View File

@ -30,35 +30,34 @@ CommandProcess::CommandProcess(QString cmd, QStringList arguments, QString input
QString CommandProcess::run() QString CommandProcess::run()
{ {
QProcess process; QProcess process;
QString standardOutput, standardError;
process.setReadChannel(QProcess::StandardOutput); process.setReadChannel(QProcess::StandardOutput);
process.start(m_Command, m_Arguments); process.start(m_Command, m_Arguments);
bool success = process.waitForStarted(); bool success = process.waitForStarted();
QString output, error;
if (success) if (success)
{ {
if (!m_Input.isEmpty()) { if (!m_Input.isEmpty()) {
process.write(m_Input.toLocal8Bit()); process.write(m_Input.toStdString().c_str());
} }
if (process.waitForFinished()) { if (process.waitForFinished()) {
standardOutput = QString::fromLocal8Bit(process.readAllStandardOutput().trimmed()); output = process.readAllStandardOutput().trimmed();
standardError = QString::fromLocal8Bit(process.readAllStandardError().trimmed()); error = process.readAllStandardError().trimmed();
} }
} }
int code = process.exitCode(); int code = process.exitCode();
if (!standardError.isEmpty() || !success || code != 0) if (!error.isEmpty() || !success || code != 0)
{ {
throw std::runtime_error( throw std::runtime_error(
QString("Code: %1\nError: %2") QString("Code: %1\nError: %2")
.arg(process.exitCode()) .arg(process.exitCode())
.arg(standardError.isEmpty() ? "Unknown" : standardError) .arg(error.isEmpty() ? "Unknown" : error)
.toLocal8Bit().constData())); .toStdString());
} }
emit finished(); emit finished();
return standardOutput; return output;
} }

View File

View File

@ -0,0 +1,65 @@
barrier -- mouse and keyboard sharing utility
Copyright (C) Barrier contributors
This package is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
found in the file LICENSE that should have accompanied this file.
This package is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <>.
#include "FingerprintAcceptDialog.h"
#include "ui_FingerprintAcceptDialog.h"
#include "net/SecureUtils.h"
FingerprintAcceptDialog::FingerprintAcceptDialog(QWidget *parent,
BarrierType type,
const barrier::FingerprintData& fingerprint_sha1,
const barrier::FingerprintData& fingerprint_sha256) :
if (type == BarrierType::Server) {
} else {
QString explanation;
if (type == BarrierType::Server) {
explanation = tr("This is a client fingerprint. You should compare this "
"fingerprint to the one on your client's screen. If the "
"two don't match exactly, then it's probably not the client "
"you're expecting (it could be a malicious user).\n\n"
"To automatically trust this fingerprint for future "
"connections, click Yes. To reject this fingerprint and "
"disconnect the client, click No.");
} else {
explanation = tr("This is a server fingerprint. You should compare this "
"fingerprint to the one on your server's screen. If the "
"two don't match exactly, then it's probably not the server "
"you're expecting (it could be a malicious user).\n\n"
"To automatically trust this fingerprint for future "
"connections, click Yes. To reject this fingerprint and "
"disconnect from the server, click No.");
FingerprintAcceptDialog::~FingerprintAcceptDialog() = default;

View File

@ -0,0 +1,45 @@
barrier -- mouse and keyboard sharing utility
Copyright (C) Barrier contributors
This package is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
found in the file LICENSE that should have accompanied this file.
This package is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <>.
#include "net/FingerprintData.h"
#include "barrier/BarrierType.h"
#include <QDialog>
#include <memory>
namespace Ui {
class FingerprintAcceptDialog;
class FingerprintAcceptDialog : public QDialog
explicit FingerprintAcceptDialog(QWidget* parent,
BarrierType type,
const barrier::FingerprintData& fingerprint_sha1,
const barrier::FingerprintData& fingerprint_sha256);
~FingerprintAcceptDialog() override;
std::unique_ptr<Ui::FingerprintAcceptDialog> ui_;

View File

@ -0,0 +1,174 @@
<?xml version="1.0" encoding="UTF-8"?>
<ui version="4.0">
<widget class="QDialog" name="FingerprintAcceptDialog">
<property name="geometry">
<property name="sizePolicy">
<sizepolicy hsizetype="Ignored" vsizetype="Preferred">
<property name="windowTitle">
<string>Security question</string>
<layout class="QGridLayout" name="gridLayout">
<property name="sizeConstraint">
<item row="6" column="0" colspan="2">
<widget class="QDialogButtonBox" name="buttonBox">
<property name="orientation">
<property name="standardButtons">
<item row="3" column="0" colspan="2">
<widget class="QLabel" name="label_sha1">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Minimum">
<property name="text">
<string>SHA1 (deprecated, compare to old servers only)</string>
<item row="5" column="0" colspan="2">
<widget class="QLabel" name="label_explanation">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Minimum">
<property name="text">
<property name="wordWrap">
<property name="margin">
<item row="4" column="0" colspan="2">
<widget class="QLabel" name="label_sha1_fingerprint_full">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Minimum">
<property name="text">
<property name="textInteractionFlags">
<item row="0" column="0" colspan="2">
<widget class="QLabel" name="label_title">
<property name="text">
<string>Do you trust this fingerprint?</string>
<item row="2" column="1">
<widget class="QLabel" name="label_sha256_fingerprint_randomart">
<property name="sizePolicy">
<sizepolicy hsizetype="Minimum" vsizetype="Minimum">
<property name="font">
<property name="text">
<property name="alignment">
<property name="textInteractionFlags">
<item row="2" column="0">
<widget class="QLabel" name="label_sha256_fingerprint_full">
<property name="text">
<property name="alignment">
<property name="textInteractionFlags">
<item row="1" column="0" colspan="2">
<widget class="QLabel" name="label_sha256">
<property name="text">
<hint type="sourcelabel">
<hint type="destinationlabel">
<hint type="sourcelabel">
<hint type="destinationlabel">

View File

@ -104,12 +104,14 @@ void IpcClient::sendCommand(const QString& command, ElevateMode const elevate)
stream.writeRawData(kIpcMsgCommand, 4); stream.writeRawData(kIpcMsgCommand, 4);
QByteArray utf8Command = command.toUtf8(); std::string stdStringCommand = command.toStdString();
const char* charCommand = stdStringCommand.c_str();
int length = (int)strlen(charCommand);
char lenBuf[4]; char lenBuf[4];
intToBytes(utf8Command.size(), lenBuf, 4); intToBytes(length, lenBuf, 4);
stream.writeRawData(lenBuf, 4); stream.writeRawData(lenBuf, 4);
stream.writeRawData(utf8Command.constData(), utf8Command.size()); stream.writeRawData(charCommand, length);
char elevateBuf[1]; char elevateBuf[1];
// Refer to enum ElevateMode documentation for why this flag is mapped this way // Refer to enum ElevateMode documentation for why this flag is mapped this way

View File

@ -54,4 +54,3 @@ class KeySequence
}; };
#endif #endif

View File

@ -78,4 +78,3 @@ class KeySequenceWidget : public QPushButton
}; };
#endif #endif

View File

@ -20,17 +20,21 @@
#include "MainWindow.h" #include "MainWindow.h"
#include "Fingerprint.h"
#include "AboutDialog.h" #include "AboutDialog.h"
#include "ServerConfigDialog.h" #include "ServerConfigDialog.h"
#include "SettingsDialog.h" #include "SettingsDialog.h"
#include "ZeroconfService.h" #include "ZeroconfService.h"
#include "DataDownloader.h" #include "DataDownloader.h"
#include "CommandProcess.h" #include "CommandProcess.h"
#include "FingerprintAcceptDialog.h"
#include "QUtility.h" #include "QUtility.h"
#include "ProcessorArch.h" #include "ProcessorArch.h"
#include "SslCertificate.h" #include "SslCertificate.h"
#include "ShutdownCh.h" #include "ShutdownCh.h"
#include "base/String.h"
#include "common/DataDirectories.h"
#include "net/FingerprintDatabase.h"
#include "net/SecureUtils.h"
#include <QtCore> #include <QtCore>
#include <QtGui> #include <QtGui>
@ -155,9 +159,22 @@ MainWindow::MainWindow(QSettings& settings, AppConfig& appConfig) :
m_pComboServerList->hide(); m_pComboServerList->hide();
m_pLabelPadlock->hide(); m_pLabelPadlock->hide();
updateSSLFingerprint(); updateSSLFingerprint();
connect(toolbutton_show_fingerprint, &QToolButton::clicked, [this](bool checked)
m_fingerprint_expanded = !m_fingerprint_expanded;
if (m_fingerprint_expanded) {
} else {
// resize window to smallest reasonable size // resize window to smallest reasonable size
resize(0, 0); resize(0, 0);
} }
@ -411,42 +428,58 @@ void MainWindow::checkConnected(const QString& line)
void MainWindow::checkFingerprint(const QString& line) void MainWindow::checkFingerprint(const QString& line)
{ {
QRegExp fingerprintRegex(".*server fingerprint: ([A-F0-9:]+)"); QRegExp fingerprintRegex(".*peer fingerprint \\(SHA1\\): ([A-F0-9:]+) \\(SHA256\\): ([A-F0-9:]+)");
if (!fingerprintRegex.exactMatch(line)) { if (!fingerprintRegex.exactMatch(line)) {
return; return;
} }
QString fingerprint = fingerprintRegex.cap(1); barrier::FingerprintData fingerprint_sha1 = {
if (Fingerprint::trustedServers().isTrusted(fingerprint)) { barrier::fingerprint_type_to_string(barrier::FingerprintType::SHA1),
barrier::FingerprintData fingerprint_sha256 = {
bool is_client = barrier_type() == BarrierType::Client;
auto db_path = is_client
? barrier::DataDirectories::trusted_servers_ssl_fingerprints_path()
: barrier::DataDirectories::trusted_clients_ssl_fingerprints_path();
auto db_dir = db_path.parent_path();
if (!barrier::fs::exists(db_dir)) {
// We compare only SHA256 fingerprints, but show both SHA1 and SHA256 so that the users can
// still verify fingerprints on old Barrier servers. This way the only time when we are exposed
// to SHA1 vulnerabilities is when the user is reconnecting again.
barrier::FingerprintDatabase db;;
if (db.is_trusted(fingerprint_sha256)) {
return; return;
} }
static bool messageBoxAlreadyShown = false; static bool messageBoxAlreadyShown = false;
if (!messageBoxAlreadyShown) { if (!messageBoxAlreadyShown) {
if (is_client) {
stopBarrier(); stopBarrier();
messageBoxAlreadyShown = true; messageBoxAlreadyShown = true;
QMessageBox::StandardButton fingerprintReply = FingerprintAcceptDialog dialog{this, barrier_type(), fingerprint_sha1, fingerprint_sha256};
QMessageBox::information( if (dialog.exec() == QDialog::Accepted) {
this, tr("Security question"),
tr("Do you trust this fingerprint?\n\n"
"This is a server fingerprint. You should compare this "
"fingerprint to the one on your server's screen. If the "
"two don't match exactly, then it's probably not the server "
"you're expecting (it could be a malicious user).\n\n"
"To automatically trust this fingerprint for future "
"connections, click Yes. To reject this fingerprint and "
"disconnect from the server, click No.")
QMessageBox::Yes | QMessageBox::No);
if (fingerprintReply == QMessageBox::Yes) {
// restart core process after trusting fingerprint. // restart core process after trusting fingerprint.
Fingerprint::trustedServers().trust(fingerprint); db.add_trusted(fingerprint_sha256);
if (is_client) {
startBarrier(); startBarrier();
} }
messageBoxAlreadyShown = false; messageBoxAlreadyShown = false;
} }
@ -515,8 +548,8 @@ void MainWindow::startBarrier()
#endif #endif
if (m_AppConfig->getCryptoEnabled()) { if (!m_AppConfig->getCryptoEnabled()) {
args << "--enable-crypto"; args << "--disable-crypto";
} }
#if defined(Q_OS_WIN) #if defined(Q_OS_WIN)
@ -524,11 +557,11 @@ void MainWindow::startBarrier()
// launched the process (e.g. when launched with elevation). setting the // launched the process (e.g. when launched with elevation). setting the
// profile dir on launch ensures it uses the same profile dir is used // profile dir on launch ensures it uses the same profile dir is used
// no matter how its relaunched. // no matter how its relaunched.
args << "--profile-dir" << QString("\"%1\"").arg(profilePath()); args << "--profile-dir" << QString::fromStdString("\"" + barrier::DataDirectories::profile().u8string() + "\"");
#endif #endif
if ((barrierType() == barrierClient && !clientArgs(args, app)) if ((barrier_type() == BarrierType::Client && !clientArgs(args, app))
|| (barrierType() == barrierServer && !serverArgs(args, app))) || (barrier_type() == BarrierType::Server && !serverArgs(args, app)))
{ {
stopBarrier(); stopBarrier();
return; return;
@ -543,7 +576,7 @@ void MainWindow::startBarrier()
m_pLogWindow->startNewInstance(); m_pLogWindow->startNewInstance();
appendLogInfo("starting " + QString(barrierType() == barrierServer ? "server" : "client")); appendLogInfo("starting " + QString(barrier_type() == BarrierType::Server ? "server" : "client"));
qDebug() << args; qDebug() << args;
@ -624,7 +657,7 @@ QString MainWindow::configFilename()
if (m_pRadioInternalConfig->isChecked()) if (m_pRadioInternalConfig->isChecked())
{ {
// TODO: no need to use a temporary file, since we need it to // TODO: no need to use a temporary file, since we need it to
// be permenant (since it'll be used for Windows services, etc). // be permanent (since it'll be used for Windows services, etc).
m_pTempConfigFile = new QTemporaryFile(); m_pTempConfigFile = new QTemporaryFile();
if (!m_pTempConfigFile->open()) if (!m_pTempConfigFile->open())
{ {
@ -653,6 +686,11 @@ QString MainWindow::configFilename()
return filename; return filename;
} }
BarrierType MainWindow::barrier_type() const
return m_pGroupClient->isChecked() ? BarrierType::Client : BarrierType::Server;
QString MainWindow::address() QString MainWindow::address()
{ {
QString address = appConfig().networkInterface(); QString address = appConfig().networkInterface();
@ -689,6 +727,10 @@ bool MainWindow::serverArgs(QStringList& args, QString& app)
args << "--log" << appConfig().logFilenameCmd(); args << "--log" << appConfig().logFilenameCmd();
} }
if (!appConfig().getRequireClientCertificate()) {
args << "--disable-client-cert-checking";
QString configFilename = this->configFilename(); QString configFilename = this->configFilename();
#if defined(Q_OS_WIN) #if defined(Q_OS_WIN)
// wrap in quotes in case username contains spaces. // wrap in quotes in case username contains spaces.
@ -729,7 +771,7 @@ void MainWindow::stopBarrier()
void MainWindow::stopService() void MainWindow::stopService()
{ {
// send empty command to stop service from laucning anything. // send empty command to stop service from launching anything.
m_IpcClient.sendCommand("", appConfig().elevateMode()); m_IpcClient.sendCommand("", appConfig().elevateMode());
} }
@ -924,6 +966,14 @@ void MainWindow::changeEvent(QEvent* event)
QMainWindow::changeEvent(event); QMainWindow::changeEvent(event);
} }
bool MainWindow::event(QEvent* event)
if (event->type() == QEvent::LayoutRequest) {
return QMainWindow::event(event);
void MainWindow::updateZeroconfService() void MainWindow::updateZeroconfService()
{ {
QMutexLocker locker(&m_UpdateZeroconfMutex); QMutexLocker locker(&m_UpdateZeroconfMutex);
@ -935,7 +985,7 @@ void MainWindow::updateZeroconfService()
m_pZeroconfService = NULL; m_pZeroconfService = NULL;
} }
if (m_AppConfig->autoConfig() || barrierType() == barrierServer) { if (m_AppConfig->autoConfig() || barrier_type() == BarrierType::Server) {
m_pZeroconfService = new ZeroconfService(this); m_pZeroconfService = new ZeroconfService(this);
} }
} }
@ -964,12 +1014,47 @@ void MainWindow::updateSSLFingerprint()
}); });
m_pSslCertificate->generateCertificate(); m_pSslCertificate->generateCertificate();
} }
if (m_AppConfig->getCryptoEnabled() && Fingerprint::local().fileExists()) {
m_pLabelLocalFingerprint->setText(Fingerprint::local().readFirst()); toolbutton_show_fingerprint->setEnabled(false);
} else {
m_pLabelLocalFingerprint->setText("Disabled"); m_pLabelLocalFingerprint->setText("Disabled");
if (!m_AppConfig->getCryptoEnabled()) {
} }
auto local_path = barrier::DataDirectories::local_ssl_fingerprints_path();
if (!barrier::fs::exists(local_path)) {
barrier::FingerprintDatabase db;;
if (db.fingerprints().size() != 2) {
for (const auto& fingerprint : db.fingerprints()) {
if (fingerprint.algorithm == "sha1") {
auto fingerprint_str = barrier::format_ssl_fingerprint(;
if (fingerprint.algorithm == "sha256") {
auto fingerprint_str = barrier::format_ssl_fingerprint(;
fingerprint_str += " ...";
auto fingerprint_str_cols = barrier::format_ssl_fingerprint_columns(;
auto fingerprint_randomart = barrier::create_fingerprint_randomart(;
} }
void MainWindow::on_m_pGroupClient_toggled(bool on) void MainWindow::on_m_pGroupClient_toggled(bool on)

View File

@ -20,6 +20,8 @@
#include "barrier/BarrierType.h"
#include <QMainWindow> #include <QMainWindow>
#include <QSystemTrayIcon> #include <QSystemTrayIcon>
#include <QSettings> #include <QSettings>
@ -76,12 +78,6 @@ class MainWindow : public QMainWindow, public Ui::MainWindowBase
barrierTransfering barrierTransfering
}; };
enum qBarrierType
enum qLevel { enum qLevel {
Error, Error,
Info Info
@ -98,7 +94,7 @@ class MainWindow : public QMainWindow, public Ui::MainWindowBase
public: public:
void setVisible(bool visible); void setVisible(bool visible);
int barrierType() const { return m_pGroupClient->isChecked() ? barrierClient : barrierServer; } BarrierType barrier_type() const;
int barrierState() const { return m_BarrierState; } int barrierState() const { return m_BarrierState; }
QString hostname() const { return m_pLineEditHostname->text(); } QString hostname() const { return m_pLineEditHostname->text(); }
QString configFilename(); QString configFilename();
@ -157,6 +153,7 @@ public slots:
void stopService(); void stopService();
void stopDesktop(); void stopDesktop();
void changeEvent(QEvent* event); void changeEvent(QEvent* event);
bool event(QEvent* event);
void retranslateMenuBar(); void retranslateMenuBar();
#if defined(Q_OS_WIN) #if defined(Q_OS_WIN)
bool isServiceRunning(QString name); bool isServiceRunning(QString name);
@ -202,6 +199,8 @@ public slots:
QStringList m_PendingClientNames; QStringList m_PendingClientNames;
LogWindow *m_pLogWindow; LogWindow *m_pLogWindow;
bool m_fingerprint_expanded = false;
private slots: private slots:
void on_m_pCheckBoxAutoConfig_toggled(bool checked); void on_m_pCheckBoxAutoConfig_toggled(bool checked);
void on_m_pComboServerList_currentIndexChanged(QString ); void on_m_pComboServerList_currentIndexChanged(QString );
@ -211,4 +210,3 @@ private slots:
}; };
#endif #endif

View File

@ -2,31 +2,20 @@
<ui version="4.0"> <ui version="4.0">
<class>MainWindowBase</class> <class>MainWindowBase</class>
<widget class="QMainWindow" name="MainWindowBase"> <widget class="QMainWindow" name="MainWindowBase">
<property name="geometry">
<property name="sizePolicy"> <property name="sizePolicy">
<sizepolicy hsizetype="Fixed" vsizetype="Fixed"> <sizepolicy hsizetype="Fixed" vsizetype="Fixed">
<horstretch>0</horstretch> <horstretch>0</horstretch>
<verstretch>0</verstretch> <verstretch>0</verstretch>
</sizepolicy> </sizepolicy>
</property> </property>
<property name="minimumSize">
<property name="windowTitle"> <property name="windowTitle">
<string>Barrier</string> <string>Barrier</string>
</property> </property>
<widget class="QWidget" name="centralwidget"> <widget class="QWidget" name="centralwidget">
<layout class="QVBoxLayout" name="verticalLayout_2"> <layout class="QVBoxLayout" name="verticalLayout_2">
<property name="sizeConstraint">
<item> <item>
<widget class="QGroupBox" name="m_pGroupServer"> <widget class="QGroupBox" name="m_pGroupServer">
<property name="sizePolicy"> <property name="sizePolicy">
@ -66,30 +55,6 @@
</item> </item>
</layout> </layout>
</item> </item>
<layout class="QHBoxLayout" name="horizontalLayout_3">
<widget class="QLabel" name="m_pLabelFingerprint">
<property name="sizePolicy">
<sizepolicy hsizetype="Maximum" vsizetype="Preferred">
<property name="text">
<string>SSL Fingerprint:</string>
<widget class="QLabel" name="m_pLabelLocalFingerprint">
<property name="text">
<item> <item>
<widget class="QRadioButton" name="m_pRadioInternalConfig"> <widget class="QRadioButton" name="m_pRadioInternalConfig">
<property name="text"> <property name="text">
@ -239,6 +204,107 @@
</layout> </layout>
</widget> </widget>
</item> </item>
<layout class="QHBoxLayout" name="horizontalLayout_3">
<widget class="QLabel" name="m_pLabelFingerprint">
<property name="sizePolicy">
<sizepolicy hsizetype="Maximum" vsizetype="Preferred">
<property name="text">
<string>SSL Fingerprint:</string>
<widget class="QLabel" name="m_pLabelLocalFingerprint">
<property name="text">
<property name="textFormat">
<widget class="QToolButton" name="toolbutton_show_fingerprint">
<property name="text">
<property name="arrowType">
<widget class="QFrame" name="frame_fingerprint_details">
<property name="frameShape">
<property name="frameShadow">
<layout class="QGridLayout" name="gridLayout">
<property name="sizeConstraint">
<item row="1" column="1">
<widget class="QLabel" name="label_sha256_randomart">
<property name="font">
<property name="text">
<property name="textInteractionFlags">
<item row="2" column="0" colspan="2">
<widget class="QLabel" name="label_sha1">
<property name="text">
<string>SHA1 (deprecated, compare to old clients and servers only):</string>
<item row="3" column="0" colspan="2">
<widget class="QLabel" name="label_sha1_fingerprint_full">
<property name="text">
<property name="textInteractionFlags">
<item row="0" column="0" colspan="2">
<widget class="QLabel" name="label_sha256">
<property name="text">
<item row="1" column="0">
<widget class="QLabel" name="label_sha256_fingerprint_full">
<property name="text">
<property name="textInteractionFlags">
<item> <item>
<layout class="QHBoxLayout" name="horizontalLayout"> <layout class="QHBoxLayout" name="horizontalLayout">
<property name="sizeConstraint"> <property name="sizeConstraint">
@ -253,7 +319,7 @@
<string/> <string/>
</property> </property>
<property name="pixmap"> <property name="pixmap">
<pixmap resource="Barrier.qrc">:/res/icons/16x16/padlock.png</pixmap> <pixmap resource="../res/Barrier.qrc">:/res/icons/16x16/padlock.png</pixmap>
</property> </property>
</widget> </widget>
</item> </item>
@ -399,7 +465,7 @@
</action> </action>
</widget> </widget>
<resources> <resources>
<include location="Barrier.qrc"/> <include location="../res/Barrier.qrc"/>
</resources> </resources>
<connections> <connections>
<connection> <connection>

View File

@ -1,4 +1,4 @@
/* /*
* barrier -- mouse and keyboard sharing utility * barrier -- mouse and keyboard sharing utility
* Copyright (C) 2012-2016 Symless Ltd. * Copyright (C) 2012-2016 Symless Ltd.
* Copyright (C) 2008 Volker Lanz ( * Copyright (C) 2008 Volker Lanz (
@ -45,4 +45,3 @@ void NewScreenWidget::mousePressEvent(QMouseEvent* event)
pDrag->exec(Qt::CopyAction, Qt::CopyAction); pDrag->exec(Qt::CopyAction, Qt::CopyAction);
} }

View File

@ -37,4 +37,3 @@ class NewScreenWidget : public QLabel
}; };
#endif #endif

View File

@ -44,4 +44,3 @@ class QBarrierApplication : public QApplication
}; };
#endif #endif

View File

@ -19,7 +19,6 @@
#include "ProcessorArch.h" #include "ProcessorArch.h"
#include "CommandProcess.h" #include "CommandProcess.h"
#include "common/DataDirectories.h"
#if defined(Q_OS_LINUX) #if defined(Q_OS_LINUX)
#include <QProcess> #include <QProcess>
@ -113,11 +112,3 @@ QString getOSInformation()
return result; return result;
} }
QString profilePath()
// Get path to current profile directory, properly converted
// from an OS locale std::string to Unicode QString.
auto localePath = DataDirectories::profile();
return QString::fromLocal8Bit(localePath.c_str(), localePath.size());

View File

@ -29,4 +29,3 @@ QString hash(const QString& string);
QString getFirstMacAddress(); QString getFirstMacAddress();
qProcessorArch getProcessorArch(); qProcessorArch getProcessorArch();
QString getOSInformation(); QString getOSInformation();
QString profilePath();

View File

@ -105,4 +105,3 @@ QDataStream& operator<<(QDataStream& outStream, const Screen& screen);
QDataStream& operator>>(QDataStream& inStream, Screen& screen); QDataStream& operator>>(QDataStream& inStream, Screen& screen);
#endif #endif

View File

@ -152,4 +152,3 @@ void ScreenSettingsDialog::on_m_pListAliases_itemSelectionChanged()
{ {
m_pButtonRemoveAlias->setEnabled(!m_pListAliases->selectedItems().isEmpty()); m_pButtonRemoveAlias->setEnabled(!m_pListAliases->selectedItems().isEmpty());
} }

View File

@ -50,4 +50,3 @@ class ScreenSettingsDialog : public QDialog, public Ui::ScreenSettingsDialogBase
}; };
#endif #endif

View File

@ -141,4 +141,3 @@ bool ScreenSetupModel::dropMimeData(const QMimeData* data, Qt::DropAction action
return true; return true;
} }

View File

@ -68,4 +68,3 @@ class ScreenSetupModel : public QAbstractTableModel
}; };
#endif #endif

View File

@ -225,4 +225,3 @@ QStyleOptionViewItem ScreenSetupView::viewOptions() const
option.textElideMode = Qt::ElideMiddle; option.textElideMode = Qt::ElideMiddle;
return option; return option;
} }

View File

@ -58,4 +58,3 @@ class ScreenSetupView : public QTableView
}; };
#endif #endif

View File

@ -138,4 +138,3 @@ enum {
}; };
#endif #endif

View File

@ -76,7 +76,7 @@ void ServerConfigDialog::showEvent(QShowEvent* event)
if (!m_Message.isEmpty()) if (!m_Message.isEmpty())
{ {
// TODO: ideally this massage box should pop up after the dialog is shown // TODO: ideally this message box should pop up after the dialog is shown
QMessageBox::information(this, tr("Configure server"), m_Message); QMessageBox::information(this, tr("Configure server"), m_Message);
} }
} }

View File

@ -63,4 +63,3 @@ class ServerConfigDialog : public QDialog, public Ui::ServerConfigDialogBase
}; };
#endif #endif

View File

@ -51,6 +51,7 @@ SettingsDialog::SettingsDialog(QWidget* parent, AppConfig& config) :
m_pCheckBoxAutoStart->setChecked(appConfig().getAutoStart()); m_pCheckBoxAutoStart->setChecked(appConfig().getAutoStart());
m_pCheckBoxMinimizeToTray->setChecked(appConfig().getMinimizeToTray()); m_pCheckBoxMinimizeToTray->setChecked(appConfig().getMinimizeToTray());
m_pCheckBoxEnableCrypto->setChecked(m_appConfig.getCryptoEnabled()); m_pCheckBoxEnableCrypto->setChecked(m_appConfig.getCryptoEnabled());
#if defined(Q_OS_WIN) #if defined(Q_OS_WIN)
m_pComboElevate->setCurrentIndex(static_cast<int>(appConfig().elevateMode())); m_pComboElevate->setCurrentIndex(static_cast<int>(appConfig().elevateMode()));
@ -67,6 +68,7 @@ void SettingsDialog::accept()
m_appConfig.setPort(m_pSpinBoxPort->value()); m_appConfig.setPort(m_pSpinBoxPort->value());
m_appConfig.setNetworkInterface(m_pLineEditInterface->text()); m_appConfig.setNetworkInterface(m_pLineEditInterface->text());
m_appConfig.setCryptoEnabled(m_pCheckBoxEnableCrypto->isChecked()); m_appConfig.setCryptoEnabled(m_pCheckBoxEnableCrypto->isChecked());
m_appConfig.setLogLevel(m_pComboLogLevel->currentIndex()); m_appConfig.setLogLevel(m_pComboLogLevel->currentIndex());
m_appConfig.setLogToFile(m_pCheckBoxLogToFile->isChecked()); m_appConfig.setLogToFile(m_pCheckBoxLogToFile->isChecked());
m_appConfig.setLogFilename(m_pLineEditLogFilename->text()); m_appConfig.setLogFilename(m_pLineEditLogFilename->text());

View File

@ -142,6 +142,16 @@
<string>Networking</string> <string>Networking</string>
</property> </property>
<layout class="QGridLayout" name="gridLayout_3"> <layout class="QGridLayout" name="gridLayout_3">
<item row="1" column="0">
<widget class="QLabel" name="m_pLabel_21">
<property name="text">
<property name="buddy">
<item row="0" column="0"> <item row="0" column="0">
<widget class="QLabel" name="m_pLabel_20"> <widget class="QLabel" name="m_pLabel_20">
<property name="text"> <property name="text">
@ -171,16 +181,6 @@
</property> </property>
</widget> </widget>
</item> </item>
<item row="1" column="0">
<widget class="QLabel" name="m_pLabel_21">
<property name="text">
<property name="buddy">
<item row="1" column="1"> <item row="1" column="1">
<widget class="QLineEdit" name="m_pLineEditInterface"> <widget class="QLineEdit" name="m_pLineEditInterface">
<property name="enabled"> <property name="enabled">
@ -188,13 +188,20 @@
</property> </property>
</widget> </widget>
</item> </item>
<item row="2" column="0"> <item row="2" column="0" colspan="2">
<widget class="QCheckBox" name="m_pCheckBoxEnableCrypto"> <widget class="QCheckBox" name="m_pCheckBoxEnableCrypto">
<property name="text"> <property name="text">
<string>Enable &amp;SSL</string> <string>Enable &amp;SSL</string>
</property> </property>
</widget> </widget>
</item> </item>
<item row="3" column="0" colspan="2">
<widget class="QCheckBox" name="checkbox_require_client_certificate">
<property name="text">
<string>Require client certificate</string>
</layout> </layout>
</widget> </widget>
</item> </item>
@ -216,19 +223,20 @@
<bool>false</bool> <bool>false</bool>
</property> </property>
<layout class="QGridLayout" name="gridLayout_2"> <layout class="QGridLayout" name="gridLayout_2">
<item row="0" column="0"> <item row="1" column="0">
<widget class="QLabel" name="m_pLabel_3"> <widget class="QCheckBox" name="m_pCheckBoxLogToFile">
<property name="minimumSize"> <property name="text">
<size> <string>Log to file:</string>
<width>75</width> </property>
<height>0</height> </widget>
</size> </item>
<item row="1" column="2">
<widget class="QPushButton" name="m_pButtonBrowseLog">
<property name="enabled">
</property> </property>
<property name="text"> <property name="text">
<string>&amp;Logging level:</string> <string>Browse...</string>
<property name="buddy">
</property> </property>
</widget> </widget>
</item> </item>
@ -271,10 +279,19 @@
</item> </item>
</widget> </widget>
</item> </item>
<item row="1" column="0"> <item row="0" column="0">
<widget class="QCheckBox" name="m_pCheckBoxLogToFile"> <widget class="QLabel" name="m_pLabel_3">
<property name="minimumSize">
<property name="text"> <property name="text">
<string>Log to file:</string> <string>&amp;Logging level:</string>
<property name="buddy">
</property> </property>
</widget> </widget>
</item> </item>
@ -285,16 +302,6 @@
</property> </property>
</widget> </widget>
</item> </item>
<item row="1" column="2">
<widget class="QPushButton" name="m_pButtonBrowseLog">
<property name="enabled">
<property name="text">
</layout> </layout>
</widget> </widget>
</item> </item>

View File

@ -37,7 +37,7 @@ SetupWizard::SetupWizard(MainWindow& mainWindow, bool startMain) :
#elif defined(Q_OS_WIN) #elif defined(Q_OS_WIN)
// when areo is disabled on windows, the next/back buttons // when aero is disabled on windows, the next/back buttons
// are hidden (must be a qt bug) -- resizing the window // are hidden (must be a qt bug) -- resizing the window
// to +1 of the original height seems to fix this. // to +1 of the original height seems to fix this.
// NOTE: calling setMinimumSize after this will break // NOTE: calling setMinimumSize after this will break

View File

@ -19,4 +19,3 @@
// included in both the GUI and the child apps (server & client) // included in both the GUI and the child apps (server & client)
const char ShutdownCh = 'S'; const char ShutdownCh = 'S';

View File

@ -16,12 +16,11 @@
*/ */
#include "SslCertificate.h" #include "SslCertificate.h"
#include "Fingerprint.h" #include "common/DataDirectories.h"
#include "QUtility.h" #include "base/finally.h"
#include "io/filesystem.h"
#include <QProcess> #include "net/FingerprintDatabase.h"
#include <QDir> #include "net/SecureUtils.h"
#include <QCoreApplication>
#include <openssl/bio.h> #include <openssl/bio.h>
#include <openssl/err.h> #include <openssl/err.h>
@ -29,198 +28,90 @@
#include <openssl/pem.h> #include <openssl/pem.h>
#include <openssl/x509.h> #include <openssl/x509.h>
static const char kCertificateLifetime[] = "365";
static const char kCertificateSubjectInfo[] = "/CN=Barrier";
static const char kCertificateFilename[] = "Barrier.pem";
static const char kSslDir[] = "SSL";
static const char kUnixOpenSslCommand[] = "openssl";
#if defined(Q_OS_WIN)
static const char kWinOpenSslBinary[] = "openssl.exe";
static const char kConfigFile[] = "barrier.conf";
SslCertificate::SslCertificate(QObject *parent) : SslCertificate::SslCertificate(QObject *parent) :
QObject(parent) QObject(parent)
{ {
m_ProfileDir = profilePath(); if (barrier::DataDirectories::profile().empty()) {
if (m_ProfileDir.isEmpty()) {
emit error(tr("Failed to get profile directory.")); emit error(tr("Failed to get profile directory."));
} }
} }
std::pair<bool, QString> SslCertificate::runTool(const QStringList& args)
QString program;
#if defined(Q_OS_WIN)
program = QCoreApplication::applicationDirPath();
program = kUnixOpenSslCommand;
QStringList environment;
#if defined(Q_OS_WIN)
environment << QString("OPENSSL_CONF=%1\\%2")
QProcess process;
QString standardOutput, standardError;
process.start(program, args);
bool success = process.waitForStarted();
if (success && process.waitForFinished())
standardOutput = QString::fromLocal8Bit(process.readAllStandardOutput().trimmed());
standardError = QString::fromLocal8Bit(process.readAllStandardError().trimmed());
int code = process.exitCode();
if (!success || code != 0)
emit error(
QString("SSL tool failed: %1\n\nCode: %2\nError: %3")
.arg(standardError.isEmpty() ? "Unknown" : standardError));
return {false, standardOutput};
return {true, standardOutput};
void SslCertificate::generateCertificate() void SslCertificate::generateCertificate()
{ {
auto filename = getCertificatePath(); auto cert_path = barrier::DataDirectories::ssl_certificate_path();
QFile file(filename); if (!barrier::fs::exists(cert_path) || !is_certificate_valid(cert_path)) {
if (!file.exists() || !isCertificateValid(filename)) { try {
QStringList arguments; auto cert_dir = cert_path.parent_path();
if (!barrier::fs::exists(cert_dir)) {
// self signed certificate barrier::fs::create_directories(cert_dir);
// valide duration
// subject information
QString subInfo(kCertificateSubjectInfo);
// private key
QDir sslDir(getCertificateDirectory());
if (!sslDir.exists()) {
} }
// key output filename barrier::generate_pem_self_signed_cert(cert_path.u8string());
arguments.append("-keyout"); } catch (const std::exception& e) {
arguments.append(filename); emit error(QString("SSL tool failed: %1").arg(e.what()));
// certificate output filename
if (!runTool(arguments).first) {
return; return;
} }
emit info(tr("SSL certificate generated.")); emit info(tr("SSL certificate generated."));
} }
generateFingerprint(filename); generate_fingerprint(cert_path);
emit generateFinished(); emit generateFinished();
} }
void SslCertificate::generateFingerprint(const QString& certificateFilename) void SslCertificate::generate_fingerprint(const barrier::fs::path& cert_path)
{ {
QStringList arguments; try {
arguments.append("x509"); auto local_path = barrier::DataDirectories::local_ssl_fingerprints_path();
arguments.append("-fingerprint"); auto local_dir = local_path.parent_path();
arguments.append("-sha1"); if (!barrier::fs::exists(local_dir)) {
arguments.append("-noout"); barrier::fs::create_directories(local_dir);
auto ret = runTool(arguments);
bool success = ret.first;
if (!success) {
} }
// find the fingerprint from the tool output barrier::FingerprintDatabase db;
QString fingerprint = ret.second; db.add_trusted(barrier::get_pem_file_cert_fingerprint(cert_path.u8string(),
auto i = fingerprint.indexOf('='); barrier::FingerprintType::SHA1));
if (i != -1) { db.add_trusted(barrier::get_pem_file_cert_fingerprint(cert_path.u8string(),
fingerprint.remove(0, i+1); barrier::FingerprintType::SHA256));
Fingerprint::local().trust(fingerprint, false);
emit info(tr("SSL fingerprint generated.")); emit info(tr("SSL fingerprint generated."));
} } catch (const std::exception& e) {
else { emit error(tr("Failed to find SSL fingerprint.") + e.what());
emit error(tr("Failed to find SSL fingerprint."));
} }
} }
QString SslCertificate::getCertificatePath() bool SslCertificate::is_certificate_valid(const barrier::fs::path& path)
return getCertificateDirectory() + QDir::separator() + kCertificateFilename;
QString SslCertificate::getCertificateDirectory()
return m_ProfileDir + QDir::separator() + kSslDir;
bool SslCertificate::isCertificateValid(const QString& path)
{ {
OpenSSL_add_all_algorithms(); OpenSSL_add_all_algorithms();
ERR_load_crypto_strings(); ERR_load_crypto_strings();
BIO* bio = BIO_new(BIO_s_file()); auto fp = barrier::fopen_utf8_path(path, "r");
if (!fp) {
auto ret = BIO_read_filename(bio, path.toLocal8Bit().constData());
if (!ret) {
emit info(tr("Could not read from default certificate file.")); emit info(tr("Could not read from default certificate file."));
return false; return false;
} }
auto file_close = barrier::finally([fp]() { std::fclose(fp); });
X509* cert = PEM_read_bio_X509(bio, NULL, 0, NULL); auto* cert = PEM_read_X509(fp, nullptr, nullptr, nullptr);
if (!cert) { if (!cert) {
emit info(tr("Error loading default certificate file to memory.")); emit info(tr("Error loading default certificate file to memory."));
return false; return false;
} }
auto cert_free = barrier::finally([cert]() { X509_free(cert); });
EVP_PKEY* pubkey = X509_get_pubkey(cert); auto* pubkey = X509_get_pubkey(cert);
if (!pubkey) { if (!pubkey) {
emit info(tr("Default certificate key file does not contain valid public key")); emit info(tr("Default certificate key file does not contain valid public key"));
return false; return false;
} }
auto pubkey_free = barrier::finally([pubkey]() { EVP_PKEY_free(pubkey); });
auto type = EVP_PKEY_type(EVP_PKEY_id(pubkey)); auto type = EVP_PKEY_type(EVP_PKEY_id(pubkey));
if (type != EVP_PKEY_RSA && type != EVP_PKEY_DSA) { if (type != EVP_PKEY_RSA && type != EVP_PKEY_DSA) {
emit info(tr("Public key in default certificate key file is not RSA or DSA")); emit info(tr("Public key in default certificate key file is not RSA or DSA"));
return false; return false;
} }
@ -228,14 +119,8 @@ bool SslCertificate::isCertificateValid(const QString& path)
if (bits < 2048) { if (bits < 2048) {
// We could have small keys in old barrier installations // We could have small keys in old barrier installations
emit info(tr("Public key in default certificate key file is too small.")); emit info(tr("Public key in default certificate key file is too small."));
return false; return false;
} }
return true; return true;
} }

View File

@ -19,10 +19,11 @@
#include <QObject> #include <QObject>
#include <string> #include <string>
#include "io/filesystem.h"
class SslCertificate : public QObject class SslCertificate : public QObject
{ {
public: public:
explicit SslCertificate(QObject *parent = 0); explicit SslCertificate(QObject *parent = 0);
@ -36,13 +37,7 @@ signals:
void generateFinished(); void generateFinished();
private: private:
std::pair<bool, QString> runTool(const QStringList& args); void generate_fingerprint(const barrier::fs::path& cert_path);
void generateFingerprint(const QString& certificateFilename);
QString getCertificatePath(); bool is_certificate_valid(const barrier::fs::path& path);
QString getCertificateDirectory();
bool isCertificateValid(const QString& path);
QString m_ProfileDir;
}; };

View File

@ -40,4 +40,3 @@ void TrashScreenWidget::dropEvent(QDropEvent* event)
else else
event->ignore(); event->ignore();
} }

View File

@ -39,4 +39,3 @@ class TrashScreenWidget : public QLabel
}; };
#endif #endif

View File

@ -66,7 +66,7 @@ ZeroconfService::ZeroconfService(MainWindow* mainWindow) :
m_ServiceRegistered(false) m_ServiceRegistered(false)
{ {
silence_avahi_warning(); silence_avahi_warning();
if (m_pMainWindow->barrierType() == MainWindow::barrierServer) { if (m_pMainWindow->barrier_type() == BarrierType::Server) {
if (registerService(true)) { if (registerService(true)) {
m_pZeroconfBrowser = new ZeroconfBrowser(this); m_pZeroconfBrowser = new ZeroconfBrowser(this);
connect(m_pZeroconfBrowser, SIGNAL( connect(m_pZeroconfBrowser, SIGNAL(

View File

@ -97,6 +97,12 @@ int main(int argc, char* argv[])
QApplication::setQuitOnLastWindowClosed(false); QApplication::setQuitOnLastWindowClosed(false);
if (QGuiApplication::platformName() == "wayland") {
NULL, "Barrier",
"You are using wayland session, which is currently not fully supported by Barrier.");
QSettings settings; QSettings settings;
AppConfig appConfig (&settings); AppConfig appConfig (&settings);

Some files were not shown because too many files have changed in this diff Show More