backup/barrier
1
0
Fork 0
mirror of https://github.com/debauchee/barrier.git synced 2026-06-30 08:56:21 +08:00
Code Issues Projects Releases Wiki Activity

Remove legacy TLS support and fix tests

Browse Source
This commit is contained in:
Andrew Nelless
2017-11-26 14:58:00 +00:00
parent 764a6d3803
commit 4b3adfce94
215 changed files with 33 additions and 79689 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/CMakeLists.txt
View File

@@ -19,3 +19,4 @@ include_directories (${CMAKE_CURRENT_BINARY_DIR}/lib)
add_subdirectory(lib)
add_subdirectory(cmd)
add_subdirectory(test)

1
src/lib/base/EventTypes.cpp
View File

@@ -82,7 +82,6 @@ REGISTER_EVENT(IpcServerProxy, messageReceived)
//
REGISTER_EVENT(IDataSocket, connected)
REGISTER_EVENT(IDataSocket, secureConnected)
REGISTER_EVENT(IDataSocket, connectionFailed)
//

9
src/lib/base/EventTypes.h
View File

@@ -230,7 +230,6 @@ class IDataSocketEvents : public EventTypes {
public:
IDataSocketEvents() :
m_connected(Event::kUnknown),
m_secureConnected(Event::kUnknown),
m_connectionFailed(Event::kUnknown) { }
//! @name accessors
@@ -243,13 +242,6 @@ public:
*/
Event::Type connected();
//! Get secure connected event type
/*!
Returns the secure socket connected event type. A secure socket sends
this event when a remote connection has been established.
*/
Event::Type secureConnected();
//! Get connection failed event type
/*!
Returns the socket connection failed event type. A socket sends
@@ -262,7 +254,6 @@ public:
private:
Event::Type m_connected;
Event::Type m_secureConnected;
Event::Type m_connectionFailed;
};

20
src/lib/client/Client.cpp
View File

@@ -32,7 +32,6 @@
#include "net/TCPSocket.h"
#include "net/IDataSocket.h"
#include "net/ISocketFactory.h"
#include "net/SecureSocket.h"
#include "arch/Arch.h"
#include "base/Log.h"
#include "base/IEventQueue.h"
@@ -71,7 +70,6 @@ Client::Client(
m_sendFileThread(NULL),
m_writeToDropDirThread(NULL),
m_socket(NULL),
m_useSecureNetwork(args.m_enableCrypto),
m_args(args),
m_enableClipboard(true)
{
@@ -147,7 +145,7 @@ Client::connect()
}
// create the socket
IDataSocket* socket = m_socketFactory->create(m_useSecureNetwork);
IDataSocket* socket = m_socketFactory->create();
m_socket = dynamic_cast<TCPSocket*>(socket);
// filter socket messages, including a packetizing filter
@@ -443,18 +441,10 @@ Client::setupConnecting()
{
assert(m_stream != NULL);
if (m_args.m_enableCrypto) {
m_events->adoptHandler(m_events->forIDataSocket().secureConnected(),
m_stream->getEventTarget(),
new TMethodEventJob<Client>(this,
&Client::handleConnected));
}
else {
m_events->adoptHandler(m_events->forIDataSocket().connected(),
m_stream->getEventTarget(),
new TMethodEventJob<Client>(this,
&Client::handleConnected));
}
m_events->adoptHandler(m_events->forIDataSocket().connected(),
m_stream->getEventTarget(),
new TMethodEventJob<Client>(this,
&Client::handleConnected));
m_events->adoptHandler(m_events->forIDataSocket().connectionFailed(),
m_stream->getEventTarget(),

1
src/lib/client/Client.h
View File

@@ -221,7 +221,6 @@ private:
Thread* m_sendFileThread;
Thread* m_writeToDropDirThread;
TCPSocket* m_socket;
bool m_useSecureNetwork;
ClientArgs m_args;
bool m_enableClipboard;
};

3
src/lib/core/App.h
View File

@@ -155,8 +155,7 @@ private:
" -1, --no-restart do not try to restart on failure.\n" \
"* --restart restart the server automatically if it fails.\n" \
" -l --log <file> write log messages to file.\n" \
" --enable-drag-drop enable file drag & drop.\n" \
" --enable-crypto enable the crypto (ssl) plugin.\n"
" --enable-drag-drop enable file drag & drop.\n"
#define HELP_COMMON_INFO_2 \
" -h, --help display this help and exit.\n" \

3
src/lib/core/ArgParser.cpp
View File

@@ -291,7 +291,8 @@ ArgParser::parseGenericArgs(int argc, const char* const* argv, int& i)
}
}
else if (isArg(i, argc, argv, NULL, "--enable-crypto")) {
argsBase().m_enableCrypto = true;
LOG((CLOG_INFO "--enable-crypto ignored, TLS is no longer supported in Synergy Core"));
return false;
}
else if (isArg(i, argc, argv, NULL, "--profile-dir", 1)) {
argsBase().m_profileDirectory = argv[++i];

1
src/lib/core/ArgsBase.cpp
View File

@@ -42,7 +42,6 @@ m_enableIpc(false),
m_enableDragDrop(false),
m_shouldExit(false),
m_synergyAddress(),
m_enableCrypto(false),
m_profileDirectory(""),
m_pluginDirectory("")
{

1
src/lib/core/ArgsBase.h
View File

@@ -48,7 +48,6 @@ public:
#endif
bool m_shouldExit;
String m_synergyAddress;
bool m_enableCrypto;
String m_profileDirectory;
String m_pluginDirectory;
};

3
src/lib/core/ServerApp.cpp
View File

@@ -629,8 +629,7 @@ ServerApp::openClientListener(const NetworkAddress& address)
ClientListener* listen = new ClientListener(
address,
new TCPSocketFactory(m_events, getSocketMultiplexer()),
m_events,
args().m_enableCrypto);
m_events);
m_events->adoptHandler(
m_events->forClientListener().connected(), listen,

4
src/lib/net/ISocketFactory.h
View File

@@ -34,10 +34,10 @@ public:
//@{
//! Create data socket
virtual IDataSocket* create(bool secure) const = 0;
virtual IDataSocket* create() const = 0;
//! Create listen socket
virtual IListenSocket* createListen(bool secure) const = 0;
virtual IListenSocket* createListen() const = 0;
//@}
};

95
src/lib/net/SecureListenSocket.cpp
View File

@@ -1,95 +0,0 @@
/*
* synergy -- mouse and keyboard sharing utility
* Copyright (C) 2015-2016 Symless Ltd.
*
* This package is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* found in the file LICENSE that should have accompanied this file.
*
* This package is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "SecureListenSocket.h"
#include "SecureSocket.h"
#include "net/NetworkAddress.h"
#include "net/SocketMultiplexer.h"
#include "net/TSocketMultiplexerMethodJob.h"
#include "arch/XArch.h"
static const char s_certificateDir[] = { "SSL" };
static const char s_certificateFilename[] = { "Synergy.pem" };
//
// SecureListenSocket
//
SecureListenSocket::SecureListenSocket(
IEventQueue* events,
SocketMultiplexer* socketMultiplexer) :
TCPListenSocket(events, socketMultiplexer)
{
}
SecureListenSocket::~SecureListenSocket()
{
SecureSocketSet::iterator it;
for (it = m_secureSocketSet.begin(); it != m_secureSocketSet.end(); it++) {
delete *it;
}
m_secureSocketSet.clear();
}
IDataSocket*
SecureListenSocket::accept()
{
SecureSocket* socket = NULL;
try {
socket = new SecureSocket(
m_events,
m_socketMultiplexer,
ARCH->acceptSocket(m_socket, NULL));
socket->initSsl(true);
if (socket != NULL) {
setListeningJob();
}
String certificateFilename = synergy::string::sprintf("%s/%s/%s",
ARCH->getProfileDirectory().c_str(),
s_certificateDir,
s_certificateFilename);
bool loaded = socket->loadCertificates(certificateFilename);
if (!loaded) {
delete socket;
return NULL;
}
socket->secureAccept();
m_secureSocketSet.insert(socket);
return dynamic_cast<IDataSocket*>(socket);
}
catch (XArchNetwork&) {
if (socket != NULL) {
delete socket;
setListeningJob();
}
return NULL;
}
catch (std::exception &ex) {
if (socket != NULL) {
delete socket;
setListeningJob();
}
throw ex;
}
}

41
src/lib/net/SecureListenSocket.h
View File

@@ -1,41 +0,0 @@
/*
* synergy -- mouse and keyboard sharing utility
* Copyright (C) 2015-2016 Symless Ltd.
*
* This package is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* found in the file LICENSE that should have accompanied this file.
*
* This package is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include "net/TCPListenSocket.h"
#include "common/stdset.h"
class IEventQueue;
class SocketMultiplexer;
class IDataSocket;
class SecureListenSocket : public TCPListenSocket{
public:
SecureListenSocket(IEventQueue* events,
SocketMultiplexer* socketMultiplexer);
~SecureListenSocket();
// IListenSocket overrides
virtual IDataSocket*
accept();
private:
typedef std::set<IDataSocket*> SecureSocketSet;
SecureSocketSet m_secureSocketSet;
};

856
src/lib/net/SecureSocket.cpp
View File

@@ -1,856 +0,0 @@
/*
* synergy -- mouse and keyboard sharing utility
* Copyright (C) 2015-2016 Symless Ltd.
*
* This package is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* found in the file LICENSE that should have accompanied this file.
*
* This package is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "SecureSocket.h"
#include "net/TSocketMultiplexerMethodJob.h"
#include "base/TMethodEventJob.h"
#include "net/TCPSocket.h"
#include "mt/Lock.h"
#include "arch/XArch.h"
#include "base/Log.h"
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <cstring>
#include <cstdlib>
#include <memory>
#include <fstream>
//
// SecureSocket
//
#define MAX_ERROR_SIZE 65535
static const float s_retryDelay = 0.01f;
enum {
kMsgSize = 128
};
static const char kFingerprintDirName[] = "SSL/Fingerprints";
//static const char kFingerprintLocalFilename[] = "Local.txt";
static const char kFingerprintTrustedServersFilename[] = "TrustedServers.txt";
//static const char kFingerprintTrustedClientsFilename[] = "TrustedClients.txt";
struct Ssl {
SSL_CTX* m_context;
SSL* m_ssl;
};
SecureSocket::SecureSocket(
IEventQueue* events,
SocketMultiplexer* socketMultiplexer) :
TCPSocket(events, socketMultiplexer),
m_ssl(nullptr),
m_secureReady(false),
m_fatal(false)
{
}
SecureSocket::SecureSocket(
IEventQueue* events,
SocketMultiplexer* socketMultiplexer,
ArchSocket socket) :
TCPSocket(events, socketMultiplexer, socket),
m_ssl(nullptr),
m_secureReady(false),
m_fatal(false)
{
}
SecureSocket::~SecureSocket()
{
isFatal(true);
if (m_ssl->m_ssl != NULL) {
SSL_shutdown(m_ssl->m_ssl);
SSL_free(m_ssl->m_ssl);
m_ssl->m_ssl = NULL;
}
if (m_ssl->m_context != NULL) {
SSL_CTX_free(m_ssl->m_context);
m_ssl->m_context = NULL;
}
ARCH->sleep(1);
delete m_ssl;
}
void
SecureSocket::close()
{
isFatal(true);
SSL_shutdown(m_ssl->m_ssl);
TCPSocket::close();
}
void
SecureSocket::connect(const NetworkAddress& addr)
{
m_events->adoptHandler(m_events->forIDataSocket().connected(),
getEventTarget(),
new TMethodEventJob<SecureSocket>(this,
&SecureSocket::handleTCPConnected));
TCPSocket::connect(addr);
}
ISocketMultiplexerJob*
SecureSocket::newJob()
{
// after TCP connection is established, SecureSocket will pick up
// connected event and do secureConnect
if (m_connected && !m_secureReady) {
return NULL;
}
return TCPSocket::newJob();
}
void
SecureSocket::secureConnect()
{
setJob(new TSocketMultiplexerMethodJob<SecureSocket>(
this, &SecureSocket::serviceConnect,
getSocket(), isReadable(), isWritable()));
}
void
SecureSocket::secureAccept()
{
setJob(new TSocketMultiplexerMethodJob<SecureSocket>(
this, &SecureSocket::serviceAccept,
getSocket(), isReadable(), isWritable()));
}
TCPSocket::EJobResult
SecureSocket::doRead()
{
static UInt8 buffer[4096];
memset(buffer, 0, sizeof(buffer));
int bytesRead = 0;
int status = 0;
if (isSecureReady()) {
status = secureRead(buffer, sizeof(buffer), bytesRead);
if (status < 0) {
return kBreak;
}
else if (status == 0) {
return kNew;
}
}
else {
return kRetry;
}
if (bytesRead > 0) {
bool wasEmpty = (m_inputBuffer.getSize() == 0);
// slurp up as much as possible
do {
m_inputBuffer.write(buffer, bytesRead);
status = secureRead(buffer, sizeof(buffer), bytesRead);
if (status < 0) {
return kBreak;
}
} while (bytesRead > 0 || status > 0);
// send input ready if input buffer was empty
if (wasEmpty) {
sendEvent(m_events->forIStream().inputReady());
}
}
else {
// remote write end of stream hungup. our input side
// has therefore shutdown but don't flush our buffer
// since there's still data to be read.
sendEvent(m_events->forIStream().inputShutdown());
if (!m_writable && m_inputBuffer.getSize() == 0) {
sendEvent(m_events->forISocket().disconnected());
m_connected = false;
}
m_readable = false;
return kNew;
}
return kRetry;
}
TCPSocket::EJobResult
SecureSocket::doWrite()
{
static bool s_retry = false;
static int s_retrySize = 0;
static void* s_staticBuffer = NULL;
// write data
int bufferSize = 0;
int bytesWrote = 0;
int status = 0;
if (s_retry) {
bufferSize = s_retrySize;
}
else {
bufferSize = m_outputBuffer.getSize();
s_staticBuffer = malloc(bufferSize);
memcpy(s_staticBuffer, m_outputBuffer.peek(bufferSize), bufferSize);
}
if (bufferSize == 0) {
return kRetry;
}
if (isSecureReady()) {
status = secureWrite(s_staticBuffer, bufferSize, bytesWrote);
if (status > 0) {
s_retry = false;
bufferSize = 0;
free(s_staticBuffer);
s_staticBuffer = NULL;
}
else if (status < 0) {
return kBreak;
}
else if (status == 0) {
s_retry = true;
s_retrySize = bufferSize;
return kNew;
}
}
else {
return kRetry;
}
if (bytesWrote > 0) {
discardWrittenData(bytesWrote);
return kNew;
}
return kRetry;
}
int
SecureSocket::secureRead(void* buffer, int size, int& read)
{
if (m_ssl->m_ssl != NULL) {
LOG((CLOG_DEBUG2 "reading secure socket"));
read = SSL_read(m_ssl->m_ssl, buffer, size);
static int retry;
// Check result will cleanup the connection in the case of a fatal
checkResult(read, retry);
if (retry) {
return 0;
}
if (isFatal()) {
return -1;
}
}
// According to SSL spec, the number of bytes read must not be negative and
// not have an error code from SSL_get_error(). If this happens, it is
// itself an error. Let the parent handle the case
return read;
}
int
SecureSocket::secureWrite(const void* buffer, int size, int& wrote)
{
if (m_ssl->m_ssl != NULL) {
LOG((CLOG_DEBUG2 "writing secure socket:%p", this));
wrote = SSL_write(m_ssl->m_ssl, buffer, size);
static int retry;
// Check result will cleanup the connection in the case of a fatal
checkResult(wrote, retry);
if (retry) {
return 0;
}
if (isFatal()) {
return -1;
}
}
// According to SSL spec, r must not be negative and not have an error code
// from SSL_get_error(). If this happens, it is itself an error. Let the
// parent handle the case
return wrote;
}
bool
SecureSocket::isSecureReady()
{
return m_secureReady;
}
void
SecureSocket::initSsl(bool server)
{
m_ssl = new Ssl();
m_ssl->m_context = NULL;
m_ssl->m_ssl = NULL;
initContext(server);
}
bool
SecureSocket::loadCertificates(String& filename)
{
if (filename.empty()) {
showError("ssl certificate is not specified");
return false;
}
else {
std::ifstream file(filename.c_str());
bool exist = file.good();
file.close();
if (!exist) {
String errorMsg("ssl certificate doesn't exist: ");
errorMsg.append(filename);
showError(errorMsg.c_str());
return false;
}
}
int r = 0;
r = SSL_CTX_use_certificate_file(m_ssl->m_context, filename.c_str(), SSL_FILETYPE_PEM);
if (r <= 0) {
showError("could not use ssl certificate");
return false;
}
r = SSL_CTX_use_PrivateKey_file(m_ssl->m_context, filename.c_str(), SSL_FILETYPE_PEM);
if (r <= 0) {
showError("could not use ssl private key");
return false;
}
r = SSL_CTX_check_private_key(m_ssl->m_context);
if (!r) {
showError("could not verify ssl private key");
return false;
}
return true;
}
void
SecureSocket::initContext(bool server)
{
SSL_library_init();
const SSL_METHOD* method;
// load & register all cryptos, etc.
OpenSSL_add_all_algorithms();
// load all error messages
SSL_load_error_strings();
if (CLOG->getFilter() >= kINFO) {
showSecureLibInfo();
}
// SSLv23_method uses TLSv1, with the ability to fall back to SSLv3
if (server) {
method = SSLv23_server_method();
}
else {
method = SSLv23_client_method();
}
// create new context from method
SSL_METHOD* m = const_cast<SSL_METHOD*>(method);
m_ssl->m_context = SSL_CTX_new(m);
// drop SSLv3 support
SSL_CTX_set_options(m_ssl->m_context, SSL_OP_NO_SSLv3);
if (m_ssl->m_context == NULL) {
showError();
}
}
void
SecureSocket::createSSL()
{
// I assume just one instance is needed
// get new SSL state with context
if (m_ssl->m_ssl == NULL) {
m_ssl->m_ssl = SSL_new(m_ssl->m_context);
}
}
int
SecureSocket::secureAccept(int socket)
{
createSSL();
// set connection socket to SSL state
SSL_set_fd(m_ssl->m_ssl, socket);
LOG((CLOG_DEBUG2 "accepting secure socket"));
int r = SSL_accept(m_ssl->m_ssl);
static int retry;
checkResult(r, retry);
if (isFatal()) {
// tell user and sleep so the socket isn't hammered.
LOG((CLOG_ERR "failed to accept secure socket"));
LOG((CLOG_INFO "client connection may not be secure"));
m_secureReady = false;
ARCH->sleep(1);
retry = 0;
return -1; // Failed, error out
}
// If not fatal and no retry, state is good
if (retry == 0) {
m_secureReady = true;
LOG((CLOG_INFO "accepted secure socket"));
if (CLOG->getFilter() >= kDEBUG1) {
showSecureCipherInfo();
}
showSecureConnectInfo();
return 1;
}
// If not fatal and retry is set, not ready, and return retry
if (retry > 0) {
LOG((CLOG_DEBUG2 "retry accepting secure socket"));
m_secureReady = false;
ARCH->sleep(s_retryDelay);
return 0;
}
// no good state exists here
LOG((CLOG_ERR "unexpected state attempting to accept connection"));
return -1;
}
int
SecureSocket::secureConnect(int socket)
{
createSSL();
// attach the socket descriptor
SSL_set_fd(m_ssl->m_ssl, socket);
LOG((CLOG_DEBUG2 "connecting secure socket"));
int r = SSL_connect(m_ssl->m_ssl);
static int retry;
checkResult(r, retry);
if (isFatal()) {
LOG((CLOG_ERR "failed to connect secure socket"));
retry = 0;
return -1;
}
// If we should retry, not ready and return 0
if (retry > 0) {
LOG((CLOG_DEBUG2 "retry connect secure socket"));
m_secureReady = false;
ARCH->sleep(s_retryDelay);
return 0;
}
retry = 0;
// No error, set ready, process and return ok
m_secureReady = true;
if (verifyCertFingerprint()) {
LOG((CLOG_INFO "connected to secure socket"));
if (!showCertificate()) {
disconnect();
return -1;// Cert fail, error
}
}
else {
LOG((CLOG_ERR "failed to verify server certificate fingerprint"));
disconnect();
return -1; // Fingerprint failed, error
}
LOG((CLOG_DEBUG2 "connected secure socket"));
if (CLOG->getFilter() >= kDEBUG1) {
showSecureCipherInfo();
}
showSecureConnectInfo();
return 1;
}
bool
SecureSocket::showCertificate()
{
X509* cert;
char* line;
// get the server's certificate
cert = SSL_get_peer_certificate(m_ssl->m_ssl);
if (cert != NULL) {
line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
LOG((CLOG_INFO "server ssl certificate info: %s", line));
OPENSSL_free(line);
X509_free(cert);
}
else {
showError("server has no ssl certificate");
return false;
}
return true;
}
void
SecureSocket::checkResult(int status, int& retry)
{
// ssl errors are a little quirky. the "want" errors are normal and
// should result in a retry.
int errorCode = SSL_get_error(m_ssl->m_ssl, status);
switch (errorCode) {
case SSL_ERROR_NONE:
retry = 0;
// operation completed
break;
case SSL_ERROR_ZERO_RETURN:
// connection closed
isFatal(true);
LOG((CLOG_DEBUG "ssl connection closed"));
break;
case SSL_ERROR_WANT_READ:
retry++;
LOG((CLOG_DEBUG2 "want to read, error=%d, attempt=%d", errorCode, retry));
break;
case SSL_ERROR_WANT_WRITE:
// Need to make sure the socket is known to be writable so the impending
// select action actually triggers on a write. This isn't necessary for
// m_readable because the socket logic is always readable
m_writable = true;
retry++;
LOG((CLOG_DEBUG2 "want to write, error=%d, attempt=%d", errorCode, retry));
break;
case SSL_ERROR_WANT_CONNECT:
retry++;
LOG((CLOG_DEBUG2 "want to connect, error=%d, attempt=%d", errorCode, retry));
break;
case SSL_ERROR_WANT_ACCEPT:
retry++;
LOG((CLOG_DEBUG2 "want to accept, error=%d, attempt=%d", errorCode, retry));
break;
case SSL_ERROR_SYSCALL:
LOG((CLOG_ERR "ssl error occurred (system call failure)"));
if (ERR_peek_error() == 0) {
if (status == 0) {
LOG((CLOG_ERR "eof violates ssl protocol"));
}
else if (status == -1) {
// underlying socket I/O reproted an error
try {
ARCH->throwErrorOnSocket(getSocket());
}
catch (XArchNetwork& e) {
LOG((CLOG_ERR "%s", e.what()));
}
}
}
isFatal(true);
break;
case SSL_ERROR_SSL:
LOG((CLOG_ERR "ssl error occurred (generic failure)"));
isFatal(true);
break;
default:
LOG((CLOG_ERR "ssl error occurred (unknown failure)"));
isFatal(true);
break;
}
if (isFatal()) {
retry = 0;
showError();
disconnect();
}
}
void
SecureSocket::showError(const char* reason)
{
if (reason != NULL) {
LOG((CLOG_ERR "%s", reason));
}
String error = getError();
if (!error.empty()) {
LOG((CLOG_ERR "%s", error.c_str()));
}
}
String
SecureSocket::getError()
{
unsigned long e = ERR_get_error();
if (e != 0) {
char error[MAX_ERROR_SIZE];
ERR_error_string_n(e, error, MAX_ERROR_SIZE);
return error;
}
else {
return "";
}
}
void
SecureSocket::disconnect()
{
sendEvent(getEvents()->forISocket().stopRetry());
sendEvent(getEvents()->forISocket().disconnected());
sendEvent(getEvents()->forIStream().inputShutdown());
}
void
SecureSocket::formatFingerprint(String& fingerprint, bool hex, bool separator)
{
if (hex) {
// to hexidecimal
synergy::string::toHex(fingerprint, 2);
}
// all uppercase
synergy::string::uppercase(fingerprint);
if (separator) {
// add colon to separate each 2 charactors
size_t separators = fingerprint.size() / 2;
for (size_t i = 1; i < separators; i++) {
fingerprint.insert(i * 3 - 1, ":");
}
}
}
bool
SecureSocket::verifyCertFingerprint()
{
// calculate received certificate fingerprint
X509 *cert = cert = SSL_get_peer_certificate(m_ssl->m_ssl);
EVP_MD* tempDigest;
unsigned char tempFingerprint[EVP_MAX_MD_SIZE];
unsigned int tempFingerprintLen;
tempDigest = (EVP_MD*)EVP_sha1();
int digestResult = X509_digest(cert, tempDigest, tempFingerprint, &tempFingerprintLen);
if (digestResult <= 0) {
LOG((CLOG_ERR "failed to calculate fingerprint, digest result: %d", digestResult));
return false;
}
// format fingerprint into hexdecimal format with colon separator
String fingerprint(reinterpret_cast<char*>(tempFingerprint), tempFingerprintLen);
formatFingerprint(fingerprint);
LOG((CLOG_NOTE "server fingerprint: %s", fingerprint.c_str()));
String trustedServersFilename;
trustedServersFilename = synergy::string::sprintf(
"%s/%s/%s",
ARCH->getProfileDirectory().c_str(),
kFingerprintDirName,
kFingerprintTrustedServersFilename);
// check if this fingerprint exist
String fileLine;
std::ifstream file;
file.open(trustedServersFilename.c_str());
bool isValid = false;
while (!file.eof() && file.is_open()) {
getline(file,fileLine);
if (!fileLine.empty()) {
if (fileLine.compare(fingerprint) == 0) {
isValid = true;
break;
}
}
}
file.close();
return isValid;
}
ISocketMultiplexerJob*
SecureSocket::serviceConnect(ISocketMultiplexerJob* job,
bool, bool write, bool error)
{
Lock lock(&getMutex());
int status = 0;
#ifdef SYSAPI_WIN32
status = secureConnect(static_cast<int>(getSocket()->m_socket));
#elif SYSAPI_UNIX
status = secureConnect(getSocket()->m_fd);
#endif
// If status < 0, error happened
if (status < 0) {
return NULL;
}
// If status > 0, success
if (status > 0) {
sendEvent(m_events->forIDataSocket().secureConnected());
return newJob();
}
// Retry case
return new TSocketMultiplexerMethodJob<SecureSocket>(
this, &SecureSocket::serviceConnect,
getSocket(), isReadable(), isWritable());
}
ISocketMultiplexerJob*
SecureSocket::serviceAccept(ISocketMultiplexerJob* job,
bool, bool write, bool error)
{
Lock lock(&getMutex());
int status = 0;
#ifdef SYSAPI_WIN32
status = secureAccept(static_cast<int>(getSocket()->m_socket));
#elif SYSAPI_UNIX
status = secureAccept(getSocket()->m_fd);
#endif
// If status < 0, error happened
if (status < 0) {
return NULL;
}
// If status > 0, success
if (status > 0) {
sendEvent(m_events->forClientListener().accepted());
return newJob();
}
// Retry case
return new TSocketMultiplexerMethodJob<SecureSocket>(
this, &SecureSocket::serviceAccept,
getSocket(), isReadable(), isWritable());
}
void
showCipherStackDesc(STACK_OF(SSL_CIPHER) * stack) {
char msg[kMsgSize];
int i = 0;
for ( ; i < sk_SSL_CIPHER_num(stack) ; i++) {
const SSL_CIPHER * cipher = sk_SSL_CIPHER_value(stack,i);
SSL_CIPHER_description(cipher, msg, kMsgSize);
// Why does SSL put a newline in the description?
int pos = (int)strlen(msg) - 1;
if (msg[pos] == '\n') {
msg[pos] = '\0';
}
LOG((CLOG_DEBUG1 "%s",msg));
}
}
void
SecureSocket::showSecureCipherInfo()
{
STACK_OF(SSL_CIPHER) * sStack = SSL_get_ciphers(m_ssl->m_ssl);
if (sStack == NULL) {
LOG((CLOG_DEBUG1 "local cipher list not available"));
}
else {
LOG((CLOG_DEBUG1 "available local ciphers:"));
showCipherStackDesc(sStack);
}
#if OPENSSL_VERSION_NUMBER < 0x10100000L
// m_ssl->m_ssl->session->ciphers is not forward compatable,
// In future release of OpenSSL, it's not visible,
STACK_OF(SSL_CIPHER) * cStack = m_ssl->m_ssl->session->ciphers;
#else
// Use SSL_get_client_ciphers() for newer versions
STACK_OF(SSL_CIPHER) * cStack = SSL_get_client_ciphers(m_ssl->m_ssl);
#endif
if (cStack == NULL) {
LOG((CLOG_DEBUG1 "remote cipher list not available"));
}
else {
LOG((CLOG_DEBUG1 "available remote ciphers:"));
showCipherStackDesc(cStack);
}
return;
}
void
SecureSocket::showSecureLibInfo()
{
LOG((CLOG_INFO "%s",SSLeay_version(SSLEAY_VERSION)));
LOG((CLOG_DEBUG1 "openSSL : %s",SSLeay_version(SSLEAY_CFLAGS)));
LOG((CLOG_DEBUG1 "openSSL : %s",SSLeay_version(SSLEAY_BUILT_ON)));
LOG((CLOG_DEBUG1 "openSSL : %s",SSLeay_version(SSLEAY_PLATFORM)));
LOG((CLOG_DEBUG1 "%s",SSLeay_version(SSLEAY_DIR)));
return;
}
void
SecureSocket::showSecureConnectInfo()
{
const SSL_CIPHER* cipher = SSL_get_current_cipher(m_ssl->m_ssl);
if (cipher != NULL) {
char msg[kMsgSize];
SSL_CIPHER_description(cipher, msg, kMsgSize);
LOG((CLOG_INFO "%s", msg));
}
return;
}
void
SecureSocket::handleTCPConnected(const Event& event, void*)
{
secureConnect();
}

95
src/lib/net/SecureSocket.h
View File

@@ -1,95 +0,0 @@
/*
* synergy -- mouse and keyboard sharing utility
* Copyright (C) 2015-2016 Symless Ltd.
*
* This package is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* found in the file LICENSE that should have accompanied this file.
*
* This package is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include "net/TCPSocket.h"
#include "net/XSocket.h"
class IEventQueue;
class SocketMultiplexer;
class ISocketMultiplexerJob;
struct Ssl;
//! Secure socket
/*!
A secure socket using SSL.
*/
class SecureSocket : public TCPSocket {
public:
SecureSocket(IEventQueue* events, SocketMultiplexer* socketMultiplexer);
SecureSocket(IEventQueue* events,
SocketMultiplexer* socketMultiplexer,
ArchSocket socket);
~SecureSocket();
// ISocket overrides
void close();
// IDataSocket overrides
virtual void connect(const NetworkAddress&);
ISocketMultiplexerJob*
newJob();
bool isFatal() const { return m_fatal; }
void isFatal(bool b) { m_fatal = b; }
bool isSecureReady();
void secureConnect();
void secureAccept();
int secureRead(void* buffer, int size, int& read);
int secureWrite(const void* buffer, int size, int& wrote);
EJobResult doRead();
EJobResult doWrite();
void initSsl(bool server);
bool loadCertificates(String& CertFile);
private:
// SSL
void initContext(bool server);
void createSSL();
int secureAccept(int s);
int secureConnect(int s);
bool showCertificate();
void checkResult(int n, int& retry);
void showError(const char* reason = NULL);
String getError();
void disconnect();
void formatFingerprint(String& fingerprint,
bool hex = true,
bool separator = true);
bool verifyCertFingerprint();
ISocketMultiplexerJob*
serviceConnect(ISocketMultiplexerJob*,
bool, bool, bool);
ISocketMultiplexerJob*
serviceAccept(ISocketMultiplexerJob*,
bool, bool, bool);
void showSecureConnectInfo();
void showSecureLibInfo();
void showSecureCipherInfo();
void handleTCPConnected(const Event& event, void*);
private:
Ssl* m_ssl;
bool m_secureReady;
bool m_fatal;
};

2
src/lib/net/TCPSocket.cpp
View File

@@ -256,8 +256,6 @@ TCPSocket::isReady() const
bool
TCPSocket::isFatal() const
{
// TCP sockets aren't ever left in a fatal state.
LOG((CLOG_ERR "isFatal() not valid for non-secure connections"));
return false;
}

25
src/lib/net/TCPSocketFactory.cpp
View File

@@ -19,8 +19,6 @@
#include "net/TCPSocketFactory.h"
#include "net/TCPSocket.h"
#include "net/TCPListenSocket.h"
#include "net/SecureSocket.h"
#include "net/SecureListenSocket.h"
#include "arch/Arch.h"
#include "base/Log.h"
@@ -41,28 +39,13 @@ TCPSocketFactory::~TCPSocketFactory()
}
IDataSocket*
TCPSocketFactory::create(bool secure) const
TCPSocketFactory::create() const
{
if (secure) {
SecureSocket* secureSocket = new SecureSocket(m_events, m_socketMultiplexer);
secureSocket->initSsl (false);
return secureSocket;
}
else {
return new TCPSocket(m_events, m_socketMultiplexer);
}
return new TCPSocket(m_events, m_socketMultiplexer);
}
IListenSocket*
TCPSocketFactory::createListen(bool secure) const
TCPSocketFactory::createListen() const
{
IListenSocket* socket = NULL;
if (secure) {
socket = new SecureListenSocket(m_events, m_socketMultiplexer);
}
else {
socket = new TCPListenSocket(m_events, m_socketMultiplexer);
}
return socket;
return new TCPListenSocket(m_events, m_socketMultiplexer);
}

4
src/lib/net/TCPSocketFactory.h
View File

@@ -31,9 +31,9 @@ public:
// ISocketFactory overrides
virtual IDataSocket*
create(bool secure) const;
create() const;
virtual IListenSocket*
createListen(bool secure) const;
createListen() const;
private:
IEventQueue* m_events;

16
src/lib/server/ClientListener.cpp
View File

@@ -35,17 +35,15 @@
ClientListener::ClientListener(const NetworkAddress& address,
ISocketFactory* socketFactory,
IEventQueue* events,
bool enableCrypto) :
IEventQueue* events) :
m_socketFactory(socketFactory),
m_server(NULL),
m_events(events),
m_useSecureNetwork(enableCrypto)
m_events(events)
{
assert(m_socketFactory != NULL);
try {
m_listen = m_socketFactory->createListen(m_useSecureNetwork);
m_listen = m_socketFactory->createListen();
// setup event handler
m_events->adoptHandler(m_events->forIListenSocket().connecting(),
@@ -133,12 +131,8 @@ ClientListener::handleClientConnecting(const Event&, void*)
new TMethodEventJob<ClientListener>(this,
&ClientListener::handleClientAccepted, socket));
// When using non SSL, server accepts clients immediately, while SSL
// has to call secure accept which may require retry
if (!m_useSecureNetwork) {
m_events->addEvent(Event(m_events->forClientListener().accepted(),
socket->getEventTarget()));
}
m_events->addEvent(Event(m_events->forClientListener().accepted(),
socket->getEventTarget()));
}
void

4
src/lib/server/ClientListener.h
View File

@@ -37,8 +37,7 @@ public:
// The factories are adopted.
ClientListener(const NetworkAddress&,
ISocketFactory*,
IEventQueue* events,
bool enableCrypto);
IEventQueue* events);
~ClientListener();
//! @name manipulators
@@ -83,5 +82,4 @@ private:
WaitingClients m_waitingClients;
Server* m_server;
IEventQueue* m_events;
bool m_useSecureNetwork;
};

2
src/test/global/TestEventQueue.cpp
View File

@@ -22,6 +22,8 @@
#include "base/SimpleEventQueueBuffer.h"
#include "common/stdexcept.h"
class EventQueueTimer { };
void
TestEventQueue::raiseQuitEvent()
{

2
src/test/integtests/CMakeLists.txt
View File

@@ -68,4 +68,4 @@ endif()
add_executable(integtests ${sources})
target_link_libraries(integtests
arch base client common io ipc mt net platform server synergy gtest gmock ${libs} ${OPENSSL_LIBS})
arch base client common io ipc mt net platform server core gtest gmock ${libs} ${OPENSSL_LIBS})

12
src/test/integtests/net/NetworkTests.cpp
View File

@@ -115,7 +115,7 @@ TEST_F(NetworkTests, sendToClient_mockData)
// server
SocketMultiplexer serverSocketMultiplexer;
TCPSocketFactory* serverSocketFactory = new TCPSocketFactory(&m_events, &serverSocketMultiplexer);
ClientListener listener(serverAddress, serverSocketFactory, &m_events, false);
ClientListener listener(serverAddress, serverSocketFactory, &m_events);
NiceMock<MockScreen> serverScreen;
NiceMock<MockPrimaryClient> primaryClient;
NiceMock<MockConfig> serverConfig;
@@ -146,7 +146,6 @@ TEST_F(NetworkTests, sendToClient_mockData)
ClientArgs clientArgs;
clientArgs.m_enableDragDrop = true;
clientArgs.m_enableCrypto = false;
Client client(&m_events, "stub", serverAddress, clientSocketFactory, &clientScreen, clientArgs);
m_events.adoptHandler(
@@ -173,7 +172,7 @@ TEST_F(NetworkTests, sendToClient_mockFile)
// server
SocketMultiplexer serverSocketMultiplexer;
TCPSocketFactory* serverSocketFactory = new TCPSocketFactory(&m_events, &serverSocketMultiplexer);
ClientListener listener(serverAddress, serverSocketFactory, &m_events, false);
ClientListener listener(serverAddress, serverSocketFactory, &m_events);
NiceMock<MockScreen> serverScreen;
NiceMock<MockPrimaryClient> primaryClient;
NiceMock<MockConfig> serverConfig;
@@ -204,7 +203,6 @@ TEST_F(NetworkTests, sendToClient_mockFile)
ClientArgs clientArgs;
clientArgs.m_enableDragDrop = true;
clientArgs.m_enableCrypto = false;
Client client(&m_events, "stub", serverAddress, clientSocketFactory, &clientScreen, clientArgs);
m_events.adoptHandler(
@@ -230,7 +228,7 @@ TEST_F(NetworkTests, sendToServer_mockData)
// server
SocketMultiplexer serverSocketMultiplexer;
TCPSocketFactory* serverSocketFactory = new TCPSocketFactory(&m_events, &serverSocketMultiplexer);
ClientListener listener(serverAddress, serverSocketFactory, &m_events, false);
ClientListener listener(serverAddress, serverSocketFactory, &m_events);
NiceMock<MockScreen> serverScreen;
NiceMock<MockPrimaryClient> primaryClient;
NiceMock<MockConfig> serverConfig;
@@ -255,7 +253,6 @@ TEST_F(NetworkTests, sendToServer_mockData)
ClientArgs clientArgs;
clientArgs.m_enableDragDrop = true;
clientArgs.m_enableCrypto = false;
Client client(&m_events, "stub", serverAddress, clientSocketFactory, &clientScreen, clientArgs);
m_events.adoptHandler(
@@ -287,7 +284,7 @@ TEST_F(NetworkTests, sendToServer_mockFile)
// server
SocketMultiplexer serverSocketMultiplexer;
TCPSocketFactory* serverSocketFactory = new TCPSocketFactory(&m_events, &serverSocketMultiplexer);
ClientListener listener(serverAddress, serverSocketFactory, &m_events, false);
ClientListener listener(serverAddress, serverSocketFactory, &m_events);
NiceMock<MockScreen> serverScreen;
NiceMock<MockPrimaryClient> primaryClient;
NiceMock<MockConfig> serverConfig;
@@ -312,7 +309,6 @@ TEST_F(NetworkTests, sendToServer_mockFile)
ClientArgs clientArgs;
clientArgs.m_enableDragDrop = true;
clientArgs.m_enableCrypto = false;
Client client(&m_events, "stub", serverAddress, clientSocketFactory, &clientScreen, clientArgs);
m_events.adoptHandler(

2
src/test/mock/synergy/MockApp.h
View File

@@ -26,7 +26,7 @@
class MockApp : public App
{
public:
MockApp() : App(NULL, NULL, NULL) { }
MockApp() : App(NULL, NULL) { }
MOCK_METHOD0(help, void());
MOCK_METHOD0(loadConfig, void());

2
src/test/unittests/CMakeLists.txt
View File

@@ -68,4 +68,4 @@ endif()
add_executable(unittests ${sources})
target_link_libraries(unittests
arch base client server common io net platform server synergy mt ipc gtest gmock shared ${libs} ${OPENSSL_LIBS})
arch base client server common io net platform server core mt ipc gtest gmock shared ${libs} ${OPENSSL_LIBS})

46
src/test/unittests/synergy/ClipboardChunkTests.cpp
View File

@@ -22,19 +22,6 @@
TEST(ClipboardChunkTests, start_formatStartChunk)
{
<<<<<<< HEAD
ClipboardID id = 0;
UInt32 sequence = 0;
String mockDataSize("10");
ClipboardChunk* chunk = ClipboardChunk::start(id, sequence, mockDataSize);
EXPECT_EQ(id, chunk->m_chunk[0]);
EXPECT_EQ(sequence, (UInt32)chunk->m_chunk[1]);
EXPECT_EQ(kDataStart, chunk->m_chunk[5]);
EXPECT_EQ('1', chunk->m_chunk[6]);
EXPECT_EQ('0', chunk->m_chunk[7]);
EXPECT_EQ('\0', chunk->m_chunk[8]);
=======
ClipboardID id = 0;
UInt32 sequence = 0;
String mockDataSize("10");
@@ -48,33 +35,12 @@ TEST(ClipboardChunkTests, start_formatStartChunk)
EXPECT_EQ('1', chunk->m_chunk[6]);
EXPECT_EQ('0', chunk->m_chunk[7]);
EXPECT_EQ('\0', chunk->m_chunk[8]);
>>>>>>> master
delete chunk;
}
TEST(ClipboardChunkTests, data_formatDataChunk)
{
<<<<<<< HEAD
ClipboardID id = 0;
UInt32 sequence = 1;
String mockData("mock data");
ClipboardChunk* chunk = ClipboardChunk::data(id, sequence, mockData);
EXPECT_EQ(id, chunk->m_chunk[0]);
EXPECT_EQ(sequence, (UInt32)chunk->m_chunk[1]);
EXPECT_EQ(kDataChunk, chunk->m_chunk[5]);
EXPECT_EQ('m', chunk->m_chunk[6]);
EXPECT_EQ('o', chunk->m_chunk[7]);
EXPECT_EQ('c', chunk->m_chunk[8]);
EXPECT_EQ('k', chunk->m_chunk[9]);
EXPECT_EQ(' ', chunk->m_chunk[10]);
EXPECT_EQ('d', chunk->m_chunk[11]);
EXPECT_EQ('a', chunk->m_chunk[12]);
EXPECT_EQ('t', chunk->m_chunk[13]);
EXPECT_EQ('a', chunk->m_chunk[14]);
EXPECT_EQ('\0', chunk->m_chunk[15]);
=======
ClipboardID id = 0;
UInt32 sequence = 1;
String mockData("mock data");
@@ -95,23 +61,12 @@ TEST(ClipboardChunkTests, data_formatDataChunk)
EXPECT_EQ('t', chunk->m_chunk[13]);
EXPECT_EQ('a', chunk->m_chunk[14]);
EXPECT_EQ('\0', chunk->m_chunk[15]);
>>>>>>> master
delete chunk;
}
TEST(ClipboardChunkTests, end_formatDataChunk)
{
<<<<<<< HEAD
ClipboardID id = 1;
UInt32 sequence = 1;
ClipboardChunk* chunk = ClipboardChunk::end(id, sequence);
EXPECT_EQ(id, chunk->m_chunk[0]);
EXPECT_EQ(sequence, (UInt32)chunk->m_chunk[1]);
EXPECT_EQ(kDataEnd, chunk->m_chunk[5]);
EXPECT_EQ('\0', chunk->m_chunk[6]);
=======
ClipboardID id = 1;
UInt32 sequence = 1;
ClipboardChunk* chunk = ClipboardChunk::end(id, sequence);
@@ -122,7 +77,6 @@ TEST(ClipboardChunkTests, end_formatDataChunk)
EXPECT_EQ(sequence, temp_m_chunk);
EXPECT_EQ(kDataEnd, chunk->m_chunk[5]);
EXPECT_EQ('\0', chunk->m_chunk[6]);
>>>>>>> master
delete chunk;
}