From 0e0c701b6137bf17ee426d88b0f1a45485a9d96e Mon Sep 17 00:00:00 2001 From: Nick Bolton Date: Sat, 28 Jul 2018 01:52:56 +0100 Subject: [PATCH] #6372 Only show padlock when TLSv1.2 is detected This is really crude and probably a bit fragile, but patches welcome! I also made the fingerprint dialog a bit friendlier while I was poking around. --- src/gui/src/MainWindow.cpp | 58 +++++++++++++++++++++++++++++--------- src/gui/src/MainWindow.h | 5 +++- 2 files changed, 48 insertions(+), 15 deletions(-) diff --git a/src/gui/src/MainWindow.cpp b/src/gui/src/MainWindow.cpp index 083fbb95..48647208 100644 --- a/src/gui/src/MainWindow.cpp +++ b/src/gui/src/MainWindow.cpp @@ -68,6 +68,9 @@ static const char synergyConfigName[] = "synergy.conf"; static const QString synergyConfigFilter(QObject::tr("Synergy Configurations (*.conf);;All files (*.*)")); #endif +static const char* tlsVersion = "TLS 1.2"; +static const char* tlsCheckString = "network encryption protocol: TLSv1.2"; + static const char* synergyIconFiles[] = { ":/res/icons/16x16/synergy-disconnected.png", @@ -113,6 +116,7 @@ MainWindow::MainWindow (QSettings& settings, AppConfig& appConfig, #ifndef SYNERGY_ENTERPRISE , m_ActivationDialogRunning(false) #endif + , m_SecureSocket(false) { setupUi(this); @@ -147,9 +151,11 @@ MainWindow::MainWindow (QSettings& settings, AppConfig& appConfig, m_SuppressAutoConfigWarning = false; m_pComboServerList->hide(); - m_pLabelPadlock->hide(); m_trialWidget->hide(); + // hide padlock icon + secureSocket(false); + connect (this, SIGNAL(windowShown()), this, SLOT(on_windowShown()), Qt::QueuedConnection); #ifndef SYNERGY_ENTERPRISE @@ -464,6 +470,8 @@ void MainWindow::updateFromLogLine(const QString &line) // TODO: this code makes Andrew cry checkConnected(line); checkFingerprint(line); + checkSecureSocket(line); + #ifndef SYNERGY_ENTERPRISE checkLicense(line); #endif @@ -522,11 +530,10 @@ void MainWindow::checkFingerprint(const QString& line) QMessageBox::StandardButton fingerprintReply = QMessageBox::information( this, tr("Security question"), - tr("Do you trust this fingerprint?\n\n" + tr("You are connecting to a server. Here is it's fingerprint:\n\n" "%1\n\n" - "This is a server fingerprint. You should compare this " - "fingerprint to the one on your server's screen. If the " - "two don't match exactly, then it's probably not the server " + "Compare this fingerprint to the one on your server's screen." + "If the two don't match exactly, then it's probably not the server " "you're expecting (it could be a malicious user).\n\n" "To automatically trust this fingerprint for future " "connections, click Yes. To reject this fingerprint and " @@ -544,6 +551,15 @@ void MainWindow::checkFingerprint(const QString& line) } } +void MainWindow::checkSecureSocket(const QString& line) +{ + // obviously not very secure, since this can be tricked by injecting something + // into the log. however, since we don't have IPC between core and GUI... patches welcome. + if (line.contains(tlsCheckString)) { + secureSocket(true); + } +} + bool MainWindow::autoHide() { if ((appConfig().processMode() == Desktop) && @@ -925,6 +941,13 @@ void MainWindow::synergyFinished(int exitCode, QProcess::ExitStatus) void MainWindow::setSynergyState(qSynergyState state) { + // always assume connection is not secure when connection changes + // to anything except connected. the only way the padlock shows is + // when the correct TLS version string is detected. + if (state != synergyConnected) { + secureSocket(false); + } + if (synergyState() == state) return; @@ -954,24 +977,20 @@ void MainWindow::setSynergyState(qSynergyState state) switch (state) { case synergyConnected: { - if (m_AppConfig->getCryptoEnabled()) { - m_pLabelPadlock->show(); + if (m_SecureSocket) { + setStatus(tr("Synergy is running (with %1)").arg(tlsVersion)); } else { - m_pLabelPadlock->hide(); + setStatus(tr("Synergy is running (without %1)").arg(tlsVersion)); } - setStatus(tr("Synergy is running.")); - break; } case synergyConnecting: - m_pLabelPadlock->hide(); - setStatus(tr("Synergy is starting.")); + setStatus(tr("Synergy is starting...")); break; case synergyDisconnected: - m_pLabelPadlock->hide(); - setStatus(tr("Synergy is not running.")); + setStatus(tr("Synergy is not running")); break; case synergyTransfering: break; @@ -1567,3 +1586,14 @@ QString MainWindow::getProfileRootForArg() return QString("\"%1\"").arg(dir); } + +bool MainWindow::secureSocket(bool secureSocket) +{ + m_SecureSocket = secureSocket; + if (secureSocket) { + m_pLabelPadlock->show(); + } + else { + m_pLabelPadlock->hide(); + } +} diff --git a/src/gui/src/MainWindow.h b/src/gui/src/MainWindow.h index eff397b1..d3d2468b 100644 --- a/src/gui/src/MainWindow.h +++ b/src/gui/src/MainWindow.h @@ -197,16 +197,18 @@ public slots: #endif QString getProfileRootForArg(); void checkConnected(const QString& line); + void checkFingerprint(const QString& line); + void checkSecureSocket(const QString& line); #ifndef SYNERGY_ENTERPRISE void checkLicense(const QString& line); #endif - void checkFingerprint(const QString& line); bool autoHide(); QString getTimeStamp(); void restartSynergy(); void proofreadInfo(); void showEvent (QShowEvent*); + bool secureSocket(bool secureSocket); private: QSettings& m_Settings; @@ -243,6 +245,7 @@ public slots: bool m_ActivationDialogRunning; QStringList m_PendingClientNames; #endif + bool m_SecureSocket; private slots: void on_m_pButtonApply_clicked();