From b21d538b0fcc589fcd0fa8902020665e68bf3be1 Mon Sep 17 00:00:00 2001 From: Yann Leboulanger Date: Wed, 17 Feb 2010 13:35:18 +0100 Subject: [PATCH] fix insecure_connection text to not talk about password, and add new warning to inform user when he is about to send plain password on plain connection. Fixes #5607 --- src/common/config.py | 1 + src/common/connection.py | 20 +++++++++++++---- src/common/xmpp/auth_nb.py | 4 ++-- src/gui_interface.py | 46 +++++++++++++++++++++++++++++++++----- 4 files changed, 60 insertions(+), 11 deletions(-) diff --git a/src/common/config.py b/src/common/config.py index f7bb113d4..94d861173 100644 --- a/src/common/config.py +++ b/src/common/config.py @@ -315,6 +315,7 @@ class Config: 'connection_types': [ opt_str, 'tls ssl plain', _('Ordered list (space separated) of connection type to try. Can contain tls, ssl or plain')], 'warn_when_plaintext_connection': [ opt_bool, True, _('Show a warning dialog before sending password on an plaintext connection.') ], 'warn_when_insecure_ssl_connection': [ opt_bool, True, _('Show a warning dialog before using standard SSL library.') ], + 'warn_when_insecure_password': [ opt_bool, True, _('Show a warning dialog before sending PLAIN password over a plain conenction.') ], 'ssl_fingerprint_sha1': [ opt_str, '', '', True ], 'ignore_ssl_errors': [ opt_str, '', _('Space separated list of ssl errors to ignore.') ], 'use_srv': [ opt_bool, True, '', True ], diff --git a/src/common/connection.py b/src/common/connection.py index 3ba5a2311..d9eda34f4 100644 --- a/src/common/connection.py +++ b/src/common/connection.py @@ -2182,17 +2182,29 @@ class Connection(CommonConnection, ConnectionHandlers): q.setTagData('password', password) self.connection.send(iq) - def get_password(self, callback): + def get_password(self, callback, type_): + self.pasword_callback = (callback, type_) if self.password: - callback(self.password) + self.set_password(self.password) return - self.pasword_callback = callback self.dispatch('PASSWORD_REQUIRED', None) def set_password(self, password): self.password = password if self.pasword_callback: - self.pasword_callback(password) + callback, type_ = self.pasword_callback + if self._current_type == 'plain' and type_ == 'PLAIN' and \ + gajim.config.get_per('accounts', self.name, + 'warn_when_insecure_password'): + self.dispatch('INSECURE_PASSWORD', None) + return + callback(password) + self.pasword_callback = None + + def accept_insecure_password(self): + if self.pasword_callback: + callback, type_ = self.pasword_callback + callback(self.password) self.pasword_callback = None def unregister_account(self, on_remove_success): diff --git a/src/common/xmpp/auth_nb.py b/src/common/xmpp/auth_nb.py index 596dc98fe..33ba31736 100644 --- a/src/common/xmpp/auth_nb.py +++ b/src/common/xmpp/auth_nb.py @@ -241,7 +241,7 @@ class SASL(PlugIn): if 'PLAIN' in self.mecs: self.mecs.remove('PLAIN') self.mechanism = 'PLAIN' - self._owner._caller.get_password(self.set_password) + self._owner._caller.get_password(self.set_password, 'PLAIN') self.startsasl = SASL_IN_PROCESS raise NodeProcessed self.startsasl = SASL_FAILURE @@ -335,7 +335,7 @@ class SASL(PlugIn): self.resp['digest-uri'] = 'xmpp/' + self._owner.Server self.resp['charset'] = 'utf-8' # Password is now required - self._owner._caller.get_password(self.set_password) + self._owner._caller.get_password(self.set_password, self.mechanism) elif 'rspauth' in chal: self._owner.send(str(Node('response', attrs={'xmlns':NS_SASL}))) else: diff --git a/src/gui_interface.py b/src/gui_interface.py index ab4161c58..4d5d887ad 100644 --- a/src/gui_interface.py +++ b/src/gui_interface.py @@ -1898,7 +1898,6 @@ class Interface: def handle_event_plain_connection(self, account, data): # ('PLAIN_CONNECTION', account, (connection)) - server = gajim.config.get_per('accounts', account, 'hostname') def on_ok(is_checked): if not is_checked[0]: on_cancel() @@ -1915,8 +1914,9 @@ class Interface: gajim.connections[account].disconnect(on_purpose=True) self.handle_event_status(account, 'offline') pritext = _('Insecure connection') - sectext = _('You are about to send your password on an unencrypted ' - 'connection. Are you sure you want to do that?') + sectext = _('You are about to connect to the server with an insecure ' + 'connection. This means all your conversations will be ' + 'exchanged unencrypted. Are you sure you want to do that?') checktext1 = _('Yes, I really want to connect insecurely') checktext2 = _('Do _not ask me again') if 'plain_connection' in self.instances[account]['online_dialog']: @@ -1929,7 +1929,6 @@ class Interface: def handle_event_insecure_ssl_connection(self, account, data): # ('INSECURE_SSL_CONNECTION', account, (connection, connection_type)) - server = gajim.config.get_per('accounts', account, 'hostname') def on_ok(is_checked): if not is_checked[0]: on_cancel() @@ -1937,7 +1936,7 @@ class Interface: del self.instances[account]['online_dialog']['insecure_ssl'] if is_checked[1]: gajim.config.set_per('accounts', account, - 'warn_when_insecure_ssl_connection', False) + 'warn_when_insecure_ssl_connection', False) if gajim.connections[account].connected == 0: # We have been disconnecting (too long time since window is # opened) @@ -1964,6 +1963,42 @@ class Interface: checktext2, on_response_ok=on_ok, on_response_cancel=on_cancel, is_modal=False) + def handle_event_insecure_password(self, account, data): + # ('INSECURE_PASSWORD', account, ()) + def on_ok(is_checked): + if not is_checked[0]: + on_cancel() + return + del self.instances[account]['online_dialog']['insecure_password'] + if is_checked[1]: + gajim.config.set_per('accounts', account, + 'warn_when_insecure_password', False) + if gajim.connections[account].connected == 0: + # We have been disconnecting (too long time since window is + # opened) + # re-connect with auto-accept + gajim.connections[account].connection_auto_accepted = True + show, msg = gajim.connections[account].continue_connect_info[:2] + self.roster.send_status(account, show, msg) + return + gajim.connections[account].accept_insecure_password() + def on_cancel(): + del self.instances[account]['online_dialog']['insecure_password'] + gajim.connections[account].disconnect(on_purpose=True) + self.handle_event_status(account, 'offline') + pritext = _('Insecure connection') + sectext = _('You are about to send your password unencrypted on an ' + 'insecure connection. Are you sure you want to do that?') + checktext1 = _('Yes, I really want to connect insecurely') + checktext2 = _('Do _not ask me again') + if 'insecure_password' in self.instances[account]['online_dialog']: + self.instances[account]['online_dialog']['insecure_password'].\ + destroy() + self.instances[account]['online_dialog']['insecure_password'] = \ + dialogs.ConfirmationDialogDoubleCheck(pritext, sectext, checktext1, + checktext2, on_response_ok=on_ok, on_response_cancel=on_cancel, + is_modal=False) + def handle_event_pubsub_node_removed(self, account, data): # ('PUBSUB_NODE_REMOVED', account, (jid, node)) if 'pep_services' in self.instances[account]: @@ -2085,6 +2120,7 @@ class Interface: 'PLAIN_CONNECTION': [self.handle_event_plain_connection], 'INSECURE_SSL_CONNECTION': \ [self.handle_event_insecure_ssl_connection], + 'INSECURE_PASSWORD': [self.handle_event_insecure_password], 'PUBSUB_NODE_REMOVED': [self.handle_event_pubsub_node_removed], 'PUBSUB_NODE_NOT_REMOVED': \ [self.handle_event_pubsub_node_not_removed],