From 3ce5ea7e582e0bdac778fea7ac83400ef36a1c59 Mon Sep 17 00:00:00 2001 From: Ivailo Monev Date: Fri, 18 Feb 2022 05:25:02 +0000 Subject: [PATCH] generic: drop TCP slave support and now unused SSL-related metadata Signed-off-by: Ivailo Monev --- includes/CMakeLists.txt | 1 - includes/KIO/TCPSlaveBase | 1 - kio/CMakeLists.txt | 2 - kio/DESIGN.metadata | 47 -- kio/kio/job.cpp | 11 +- kio/kio/job_p.h | 3 +- kio/kio/jobuidelegate.cpp | 39 +- kio/kio/jobuidelegate.h | 7 +- kio/kio/slave.cpp | 5 - kio/kio/slavebase.h | 4 +- kio/kio/slaveinterface.cpp | 16 - kio/kio/slaveinterface_p.h | 3 - kio/kio/tcpslavebase.cpp | 982 ---------------------------- kio/kio/tcpslavebase.h | 223 ------- kio/kio/usernotificationhandler.cpp | 3 +- kio/kio/usernotificationhandler_p.h | 3 +- kparts/browserrun.cpp | 9 - 17 files changed, 10 insertions(+), 1349 deletions(-) delete mode 100644 includes/KIO/TCPSlaveBase delete mode 100644 kio/kio/tcpslavebase.cpp delete mode 100644 kio/kio/tcpslavebase.h diff --git a/includes/CMakeLists.txt b/includes/CMakeLists.txt index ff489e82..a821229e 100644 --- a/includes/CMakeLists.txt +++ b/includes/CMakeLists.txt @@ -480,7 +480,6 @@ install( KIO/SlaveInterface KIO/StatJob KIO/StoredTransferJob - KIO/TCPSlaveBase KIO/Task KIO/TransferJob DESTINATION ${KDE4_INCLUDE_INSTALL_DIR}/KDE/KIO diff --git a/includes/KIO/TCPSlaveBase b/includes/KIO/TCPSlaveBase deleted file mode 100644 index 15e96e1a..00000000 --- a/includes/KIO/TCPSlaveBase +++ /dev/null @@ -1 +0,0 @@ -#include "../../kio/tcpslavebase.h" diff --git a/kio/CMakeLists.txt b/kio/CMakeLists.txt index 700cf9be..eb3429ee 100644 --- a/kio/CMakeLists.txt +++ b/kio/CMakeLists.txt @@ -98,7 +98,6 @@ set(kiocore_STAT_SRCS kio/slavebase.cpp kio/slaveconfig.cpp kio/slaveinterface.cpp - kio/tcpslavebase.cpp kio/thumbcreator.cpp kio/thumbsequencecreator.cpp kio/udsentry.cpp @@ -268,7 +267,6 @@ install( kio/slavebase.h kio/filejob.h kio/fileundomanager.h - kio/tcpslavebase.h kio/forwardingslavebase.h kio/chmodjob.h kio/authinfo.h diff --git a/kio/DESIGN.metadata b/kio/DESIGN.metadata index bacf738b..4980c887 100644 --- a/kio/DESIGN.metadata +++ b/kio/DESIGN.metadata @@ -87,53 +87,6 @@ no-proxy-auth bool Flag that indicates that no HTTP proxy authentic no-auth-prompt bool Flag that indicates that only cached authentication tokens should be used. no-preemptive-auth-reuse bool Flag that indicates whether cached credentials should be preemptively sent to the server. -ssl_activate_warnings bool Flag that disables SSL warning dialogs if set to false. (default: true) - -ssl_was_in_use bool Flag to tell TCPSlaveBase if SSL was in use in the previous transaction. - (default: false) - -ssl_in_use bool Set in TCPSlaveBase to tell the caller if SSL is in use. - (default: assume false) - -ssl_using_client_cert bool Set in TCPSlaveBase to tell the caller if the session is using a client certificate (default: assume false) - -ssl_no_client_cert bool Flag to tell TCPSlaveBase if it should, under no circumstances, use a - client certificate. (default: false) - -ssl_demand_certificate bool Flag to tell TCPSlaveBase to demand that a client certificate is used for this connection. (default: false) - -ssl_no_ui bool Flag to tell TCPSlave that no user interaction should take place. Instead of asking security questions the connection will silently fail. This is of particular use to favicon code. (default: false) - -ssl_cipher string Set in TCPSlaveBase to tell the caller which cipher is currently being used. - This string is composed of the encryption, authentication, key-exchange and digest - methods separated by an LF (\n). - -ssl_cipher_name string Set in TCPSlaveBase to tell the caller the name of the cipher used. - -ssl_cipher_desc string Set in TCPSlaveBase to describe the details of the current cipher being used. - -ssl_cipher_version string Set in TCPSlaveBase to describe the version of the cipher being used. - -ssl_cipher_used_bits integer Set in TCPSlaveBase to relay the number of bits of the key actually being used in this cipher and connection. - -ssl_cipher_bits integer Set in TCPSlaveBase to relay the number of bits the key is capable of in this cipher and connection. - -ssl_peer_ip string Set in TCPSlaveBase to tell the caller the IP address of the peer. - -ssl_cert_state integer Set in TCPSlaveBase to relay the state of the certificate check, without considering the cache settings. Can be checked with KSSLCertificate enumeration. - -ssl_peer_certificate string Set in TCPSlaveBase to relay the base64 encoding of the X.509 certificate presented by the peer. - -ssl_peer_chain string Set, if present, in TCPSlaveBase to relay the entire certificate chain presented by the peer. The is base64 encoded and \n delimited. - -ssl_parent_ip string Set in TCPSlaveBase and in the caller. If this is the parent frame of a frame of the session (really only applies to https), this variable is set so that it can be passed back to the child frames. It is necessary to send it to child frames so that they can do a full certificate check. - -ssl_parent_cert string Set in TCPSlaveBase and in the caller. As above, this must be passed to child frames by the caller so that it can compare against the certificate presented in the child frames. It is a base64 encoding of the X.509 presented. - -ssl_session_id string Set in TCPSlaveBase to indicate the SSL session ID in base64 encoded ASN.1 encoded binary format. Also set in the caller to indicate to TCPSlaveBase to reuse a particular session ID. - -main_frame_request bool Actually for SSL, this is set in the caller to tell TCPSlaveBase if this is the request for the main frame of an html page. (dfault: true) - HTTP-Version string The HTTP version in use for kio_http (set by http) PropagateHttpHeader bool Whether HTTP headers should be send back (read by http) diff --git a/kio/kio/job.cpp b/kio/kio/job.cpp index 94f75f08..30c9506b 100644 --- a/kio/kio/job.cpp +++ b/kio/kio/job.cpp @@ -550,14 +550,13 @@ void SimpleJobPrivate::restartAfterRedirection(KUrl *redirectionUrl) int SimpleJobPrivate::requestMessageBox(int _type, const QString& text, const QString& caption, const QString& buttonYes, const QString& buttonNo, const QString& iconYes, const QString& iconNo, - const QString& dontAskAgainName, - const KIO::MetaData& sslMetaData) + const QString& dontAskAgainName) { JobUiDelegate* delegate = ui(); if (delegate) { const JobUiDelegate::MessageBoxType type = static_cast(_type); return delegate->requestMessageBox(type, text, caption, buttonYes, buttonNo, - iconYes, iconNo, dontAskAgainName, sslMetaData); + iconYes, iconNo, dontAskAgainName); } kWarning(7007) << "JobUiDelegate not set! Returing -1"; return -1; @@ -1000,12 +999,6 @@ void TransferJob::slotRedirection( const KUrl &url) { d->m_redirectionURL = url; // We'll remember that when the job finishes d->m_redirectionList.append(url); - QString sslInUse = queryMetaData(QLatin1String("ssl_in_use")); - if (!sslInUse.isNull()) { // the key is present - addMetaData(QLatin1String("ssl_was_in_use"), sslInUse); - } else { - addMetaData(QLatin1String("ssl_was_in_use"), QLatin1String("FALSE")); - } // Tell the user that we haven't finished yet emit redirection(this, d->m_redirectionURL); } diff --git a/kio/kio/job_p.h b/kio/kio/job_p.h index 1b72128a..1f24de11 100644 --- a/kio/kio/job_p.h +++ b/kio/kio/job_p.h @@ -191,8 +191,7 @@ namespace KIO { const QString& buttonNo, const QString& iconYes = QString(), const QString& iconNo = QString(), - const QString& dontAskAgainName = QString(), - const KIO::MetaData& sslMetaData = KIO::MetaData()); + const QString& dontAskAgainName = QString()); Q_DECLARE_PUBLIC(SimpleJob) diff --git a/kio/kio/jobuidelegate.cpp b/kio/kio/jobuidelegate.cpp index a6532285..c019b052 100644 --- a/kio/kio/jobuidelegate.cpp +++ b/kio/kio/jobuidelegate.cpp @@ -201,8 +201,7 @@ int KIO::JobUiDelegate::requestMessageBox(KIO::JobUiDelegate::MessageBoxType typ const QString& text, const QString& caption, const QString& buttonYes, const QString& buttonNo, const QString& iconYes, const QString& iconNo, - const QString& dontAskAgainName, - const KIO::MetaData& sslMetaData) + const QString& dontAskAgainName) { int result = -1; @@ -241,42 +240,6 @@ int KIO::JobUiDelegate::requestMessageBox(KIO::JobUiDelegate::MessageBoxType typ KMessageBox::information(window(), text, caption, dontAskAgainName, options); result = 1; // whatever break; - case SSLMessageBox: - { - QPointer kid (new KSslInfoDialog(window())); - //### this is boilerplate code and appears in khtml_part.cpp almost unchanged! - const QStringList sl = sslMetaData.value(QLatin1String("ssl_peer_chain")).split('\x01', QString::SkipEmptyParts); - QList certChain; - bool decodedOk = true; - foreach (const QString &s, sl) { - certChain.append(QSslCertificate(s.toLatin1())); //or is it toLocal8Bit or whatever? - if (certChain.last().isNull()) { - decodedOk = false; - break; - } - } - - if (decodedOk) { - result = 1; // whatever - kid->setSslInfo(certChain, - sslMetaData.value(QLatin1String("ssl_peer_ip")), - text, // the URL - sslMetaData.value(QLatin1String("ssl_protocol_version")), - sslMetaData.value(QLatin1String("ssl_cipher")), - sslMetaData.value(QLatin1String("ssl_cipher_used_bits")).toInt(), - sslMetaData.value(QLatin1String("ssl_cipher_bits")).toInt(), - KSslInfoDialog::errorsFromString(sslMetaData.value(QLatin1String("ssl_cert_errors")))); - kid->exec(); - } else { - result = -1; - KMessageBox::information(window(), - i18n("The peer SSL certificate chain appears to be corrupt."), - i18n("SSL"), QString(), options); - } - // KSslInfoDialog deletes itself (Qt::WA_DeleteOnClose). - delete kid; - break; - } default: kWarning() << "Unknown type" << type; result = 0; diff --git a/kio/kio/jobuidelegate.h b/kio/kio/jobuidelegate.h index 17fd5544..31a57585 100644 --- a/kio/kio/jobuidelegate.h +++ b/kio/kio/jobuidelegate.h @@ -143,8 +143,7 @@ public: WarningYesNo = 2, WarningContinueCancel = 3, WarningYesNoCancel = 4, - Information = 5, - SSLMessageBox = 6 + Information = 5 }; /** * This function allows for the delegation user prompts from the ioslaves. @@ -157,7 +156,6 @@ public: * @param iconYes the icon shown on the YES button. * @param iconNo the icon shown on the NO button. * @param dontAskAgainName the name used to store result from 'Do not ask again' checkbox. - * @param sslMetaData SSL information used by the SSLMessageBox. * * @since 4.11 * @@ -169,8 +167,7 @@ public: const QString& buttonNo, const QString& iconYes = QString(), const QString& iconNo = QString(), - const QString& dontAskAgainName = QString(), - const KIO::MetaData& sslMetaData = KIO::MetaData()); + const QString& dontAskAgainName = QString()); private: class Private; Private * const d; diff --git a/kio/kio/slave.cpp b/kio/kio/slave.cpp index 143c0eb2..591c2773 100644 --- a/kio/kio/slave.cpp +++ b/kio/kio/slave.cpp @@ -272,9 +272,6 @@ int Slave::slave_pid() void Slave::setJob(KIO::SimpleJob *job) { Q_D(Slave); - if (!d->sslMetaData.isEmpty()) { - emit metaData(d->sslMetaData); - } d->m_job = job; } @@ -378,7 +375,6 @@ void Slave::setHost( const QString &host, quint16 port, d->m_port = port; d->m_user = user; d->m_passwd = passwd; - d->sslMetaData.clear(); QByteArray data; QDataStream stream( &data, QIODevice::WriteOnly ); @@ -389,7 +385,6 @@ void Slave::setHost( const QString &host, quint16 port, void Slave::resetHost() { Q_D(Slave); - d->sslMetaData.clear(); d->m_host = ""; } diff --git a/kio/kio/slavebase.h b/kio/kio/slavebase.h index b0526ad9..03361bb3 100644 --- a/kio/kio/slavebase.h +++ b/kio/kio/slavebase.h @@ -231,7 +231,7 @@ public: */ void infoMessage( const QString &msg ); - enum MessageBoxType { QuestionYesNo = 1, WarningYesNo = 2, WarningContinueCancel = 3, WarningYesNoCancel = 4, Information = 5, SSLMessageBox = 6 }; + enum MessageBoxType { QuestionYesNo = 1, WarningYesNo = 2, WarningContinueCancel = 3, WarningYesNoCancel = 4, Information = 5 }; /** * Call this to show a message box from the slave @@ -875,7 +875,7 @@ protected: * Name of the protocol supported by this slave */ QByteArray mProtocol; - //Often used by TcpSlaveBase and unlikely to change + //Often used by slaves and unlikely to change MetaData mOutgoingMetaData; MetaData mIncomingMetaData; diff --git a/kio/kio/slaveinterface.cpp b/kio/kio/slaveinterface.cpp index 649f23c8..aa68810a 100644 --- a/kio/kio/slaveinterface.cpp +++ b/kio/kio/slaveinterface.cpp @@ -294,18 +294,6 @@ bool SlaveInterface::dispatch(int _cmd, const QByteArray &rawdata) case INF_META_DATA: { MetaData m; stream >> m; - if (m.contains(QLatin1String("ssl_in_use"))) { - const QLatin1String ssl_("ssl_"); - const MetaData constM = m; - for (MetaData::ConstIterator it = constM.lowerBound(ssl_); it != constM.constEnd(); ++it) { - if (it.key().startsWith(ssl_)) { - d->sslMetaData.insert(it.key(), it.value()); - } else { - // we're past the ssl_* entries; remember that QMap is ordered. - break; - } - } - } emit metaData(m); break; } @@ -427,10 +415,6 @@ void SlaveInterface::messageBox( int type, const QString &text, const QString &c data.insert(UserNotificationHandler::MSG_NO_BUTTON_ICON, QLatin1String("chronometer")); } - if (type == KIO::SlaveBase::SSLMessageBox) { - data.insert(UserNotificationHandler::MSG_META_DATA, d->sslMetaData.toVariant()); - } - globalUserNotificationHandler()->requestMessageBox(this, type, data); } diff --git a/kio/kio/slaveinterface_p.h b/kio/kio/slaveinterface_p.h index 02217feb..020999c1 100644 --- a/kio/kio/slaveinterface_p.h +++ b/kio/kio/slaveinterface_p.h @@ -49,9 +49,6 @@ public: Connection *connection; QTimer speed_timer; - // We need some metadata here for our SSL code in messageBox() and for sslMetaData(). - MetaData sslMetaData; - KIO::filesize_t sizes[max_nums]; long times[max_nums]; diff --git a/kio/kio/tcpslavebase.cpp b/kio/kio/tcpslavebase.cpp deleted file mode 100644 index 89898714..00000000 --- a/kio/kio/tcpslavebase.cpp +++ /dev/null @@ -1,982 +0,0 @@ -/* - * Copyright (C) 2000 Alex Zepeda - * Copyright (C) 2001-2003 George Staikos - * Copyright (C) 2001 Dawit Alemayehu - * Copyright (C) 2007,2008 Andreas Hartmetz - * Copyright (C) 2008 Roland Harnau - * Copyright (C) 2010 Richard Moore - * - * This file is part of the KDE project - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public License - * along with this library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. - */ - -#include "tcpslavebase.h" - -#include - -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - - -using namespace KIO; -//using namespace KNetwork; - -typedef QMap StringStringMap; -Q_DECLARE_METATYPE(StringStringMap) - -namespace KIO { -Q_DECLARE_OPERATORS_FOR_FLAGS(TCPSlaveBase::SslResult) -} - -//TODO Proxy support whichever way works; KPAC reportedly does *not* work. -//NOTE kded_proxyscout may or may not be interesting - -//TODO resurrect SSL session recycling; this means save the session on disconnect and look -//for a reusable session on connect. Consider how HTTP persistent connections interact with that. - -//TODO in case we support SSL-lessness we need static QSslSocket::supportsSsl() and check it -//in most places we ATM check for d->isSSL. - -//TODO check if d->isBlocking is honored everywhere it makes sense - -//TODO fold KSSLSetting and KSSLCertificateHome into KSslSettings and use that everywhere. - -//TODO recognize partially encrypted websites as "somewhat safe" - -/* List of dialogs/messageboxes we need to use (current code location in parentheses) - - Can the "dontAskAgainName" thing be improved? - - - "SSLCertDialog" [select client cert] (SlaveInterface) - - Enter password for client certificate (inline) - - Password for client cert was wrong. Please reenter. (inline) - - Setting client cert failed. [doesn't give reason] (inline) - - "SSLInfoDialog" [mostly server cert info] (SlaveInterface) - - You are about to enter secure mode. Security information/Display SSL information/Connect (inline) - - You are about to leave secure mode. Security information/Continue loading/Abort (inline) - - Hostname mismatch: Continue/Details/Cancel (inline) - - IP address mismatch: Continue/Details/Cancel (inline) - - Certificate failed authenticity check: Continue/Details/Cancel (inline) - - Would you like to accept this certificate forever: Yes/No/Current sessions only (inline) - */ - - -/** @internal */ -class TCPSlaveBase::TcpSlaveBasePrivate -{ -public: - TcpSlaveBasePrivate(TCPSlaveBase* qq) : q(qq) {} - - void setSslMetaData() - { - sslMetaData.insert("ssl_in_use", "TRUE"); - QSslCipher cipher = socket.sessionCipher(); - sslMetaData.insert("ssl_protocol_version", QString::number(socket.protocol())); - QString sslCipher = cipher.encryptionMethod() + '\n'; - sslCipher += cipher.authenticationMethod() + '\n'; - sslCipher += cipher.keyExchangeMethod() + '\n'; - sslCipher += cipher.name(); - sslMetaData.insert("ssl_cipher", sslCipher); - sslMetaData.insert("ssl_cipher_name", cipher.name()); - sslMetaData.insert("ssl_cipher_used_bits", QString::number(cipher.usedBits())); - sslMetaData.insert("ssl_cipher_bits", QString::number(cipher.supportedBits())); - sslMetaData.insert("ssl_peer_ip", ip); - - QString errorStr; - // encode the two-dimensional numeric error list using '\n' and '\t' as outer and inner separators - Q_FOREACH (const QSslCertificate &cert, socket.peerCertificateChain()) { - Q_FOREACH (const QSslError &error, sslErrors) { - if (error.certificate() == cert) { - errorStr += QString::number(static_cast(error.error())) + '\t'; - } - } - if (errorStr.endsWith('\t')) { - errorStr.chop(1); - } - errorStr += '\n'; - } - errorStr.chop(1); - sslMetaData.insert("ssl_cert_errors", errorStr); - - QString peerCertChain; - Q_FOREACH (const QSslCertificate &cert, socket.peerCertificateChain()) { - peerCertChain.append(cert.toPem()); - peerCertChain.append('\x01'); - } - peerCertChain.chop(1); - sslMetaData.insert("ssl_peer_chain", peerCertChain); - sendSslMetaData(); - } - - void clearSslMetaData() - { - sslMetaData.clear(); - sslMetaData.insert("ssl_in_use", "FALSE"); - sendSslMetaData(); - } - - void sendSslMetaData() - { - MetaData::ConstIterator it = sslMetaData.constBegin(); - for (; it != sslMetaData.constEnd(); ++it) { - q->setMetaData(it.key(), it.value()); - } - } - - SslResult startTLSInternal(QSsl::SslProtocol sslVersion, - const QSslConfiguration& configuration = QSslConfiguration(), - int waitForEncryptedTimeout = -1); - - TCPSlaveBase* q; - - bool isBlocking; - - QSslSocket socket; - - QString host; - QString ip; - quint16 port; - QByteArray serviceName; - - KSSLSettings sslSettings; - bool usingSSL; - bool autoSSL; - bool sslNoUi; // If true, we just drop the connection silently - // if SSL certificate check fails in some way. - QList sslErrors; - - MetaData sslMetaData; -}; - - -//### uh, is this a good idea?? -QIODevice *TCPSlaveBase::socket() const -{ - return &d->socket; -} - - -TCPSlaveBase::TCPSlaveBase(const QByteArray &protocol, - const QByteArray &poolSocket, - const QByteArray &appSocket, - bool autoSSL) - : SlaveBase(protocol, poolSocket, appSocket), - d(new TcpSlaveBasePrivate(this)) -{ - d->isBlocking = true; - d->port = 0; - d->serviceName = protocol; - d->usingSSL = false; - d->autoSSL = autoSSL; - d->sslNoUi = false; - // Limit the read buffer size to 14 MB (14*1024*1024) (based on the upload limit - // in TransferJob::slotDataReq). See the docs for QAbstractSocket::setReadBufferSize - // and the BR# 187876 to understand why setting this limit is necessary. - d->socket.setReadBufferSize(14680064); -} - - -TCPSlaveBase::~TCPSlaveBase() -{ - delete d; -} - - -ssize_t TCPSlaveBase::write(const char *data, ssize_t len) -{ - ssize_t written = d->socket.write(data, len); - if (written == -1) { - kDebug(7027) << "d->socket.write() returned -1! Socket error is" - << d->socket.error() << ", Socket state is" << d->socket.state(); - } - - bool success = false; - if (d->isBlocking) { - // Drain the tx buffer - success = d->socket.waitForBytesWritten(-1); - } else { - // ### I don't know how to make sure that all data does get written at some point - // without doing it now. There is no event loop to do it behind the scenes. - // Polling in the dispatch() loop? Something timeout based? - success = d->socket.waitForBytesWritten(0); - } - - d->socket.flush(); //this is supposed to get the data on the wire faster - - if (d->socket.state() != QSslSocket::ConnectedState || !success) { - kDebug(7027) << "Write failed, will return -1! Socket error is" - << d->socket.error() << ", Socket state is" << d->socket.state() - << "Return value of waitForBytesWritten() is" << success; - return -1; - } - - return written; -} - - -ssize_t TCPSlaveBase::read(char* data, ssize_t len) -{ - if (d->usingSSL && (d->socket.mode() != QSslSocket::SslClientMode)) { - d->clearSslMetaData(); - kDebug(7029) << "lost SSL connection."; - return -1; - } - - if (!d->socket.bytesAvailable()) { - const int timeout = d->isBlocking ? -1 : (readTimeout() * 1000); - d->socket.waitForReadyRead(timeout); - } -#if 0 - // Do not do this because its only benefit is to cause a nasty side effect - // upstream in Qt. See BR# 260769. - else if (d->socket.mode() != QSslSocket::SslClientMode || - QNetworkProxy::applicationProxy().type() == QNetworkProxy::NoProxy) { - // we only do this when it doesn't trigger Qt socket bugs. When it doesn't break anything - // it seems to help performance. - d->socket.waitForReadyRead(0); - } -#endif - return d->socket.read(data, len); -} - - -ssize_t TCPSlaveBase::readLine(char *data, ssize_t len) -{ - if (d->usingSSL && (d->socket.mode() != QSslSocket::SslClientMode)) { - d->clearSslMetaData(); - kDebug(7029) << "lost SSL connection."; - return -1; - } - - const int timeout = (d->isBlocking ? -1: (readTimeout() * 1000)); - ssize_t readTotal = 0; - do { - if (!d->socket.bytesAvailable()) - d->socket.waitForReadyRead(timeout); - ssize_t readStep = d->socket.readLine(&data[readTotal], len-readTotal); - if (readStep == -1 || (readStep == 0 && d->socket.state() != QSslSocket::ConnectedState)) { - return -1; - } - readTotal += readStep; - } while (readTotal == 0 || data[readTotal-1] != '\n'); - - return readTotal; -} - - -bool TCPSlaveBase::connectToHost(const QString &/*protocol*/, - const QString &host, - quint16 port) -{ - QString errorString; - const int errCode = connectToHost(host, port, &errorString); - if (errCode == 0) - return true; - - error(errCode, errorString); - return false; -} - -int TCPSlaveBase::connectToHost(const QString& host, quint16 port, QString* errorString) -{ - d->clearSslMetaData(); //We have separate connection and SSL setup phases - - if (errorString) { - errorString->clear(); // clear prior error messages. - } - - d->socket.setPeerVerifyName(host); // Used for ssl certificate verification (SNI) - - // - leaving SSL - warn before we even connect - //### see if it makes sense to move this into the HTTP ioslave which is the only - // user. - if (metaData("main_frame_request") == "TRUE" //### this looks *really* unreliable - && metaData("ssl_activate_warnings") == "TRUE" - && metaData("ssl_was_in_use") == "TRUE" - && !d->autoSSL) { - KSSLSettings kss; - if (kss.warnOnLeave()) { - int result = messageBox(i18n("You are about to leave secure " - "mode. Transmissions will no " - "longer be encrypted.\nThis " - "means that a third party could " - "observe your data in transit."), - WarningContinueCancel, - i18n("Security Information"), - i18n("C&ontinue Loading"), QString(), - "WarnOnLeaveSSLMode"); - - if (result == KMessageBox::Cancel) { - if (errorString) - *errorString = host; - return ERR_USER_CANCELED; - } - } - } - - /* - By default the SSL handshake attempt uses these settings in the order shown: - - 1.) Protocol: QSsl::SecureProtocols SSL compression: OFF (DEFAULT) - 2.) Protocol: QSsl::TlsV1 SSL compression: OFF - 3.) Protocol: QSsl::SslV3 SSL compression: OFF - - If any combination other than the one marked DEFAULT is used to complete - the SSL handshake, then that combination will be cached using KIO's internal - meta-data mechanism in order to speed up future connections to the same host. - */ - - QSslConfiguration sslConfig = d->socket.sslConfiguration(); - - // NOTE: Due to 'CRIME' SSL attacks, compression is always disabled. - sslConfig.setSslOption(QSsl::SslOptionDisableCompression, true); - - const int lastSslVerson = config()->readEntry("LastUsedSslVersion", static_cast(QSsl::SecureProtocols)); - QSsl::SslProtocol trySslVersion = static_cast(lastSslVerson); - uint alreadyTriedSslVersions = trySslVersion; - - const int timeout = (connectTimeout() * 1000); // 20 sec timeout value - while (true) { - disconnectFromHost(); //Reset some state, even if we are already disconnected - d->host = host; - - d->socket.connectToHost(host, port); - const bool connectOk = d->socket.waitForConnected(timeout > -1 ? timeout : -1); - - kDebug(7027) << "Socket: state=" << d->socket.state() - << ", error=" << d->socket.error() - << ", connected?" << connectOk; - - if (d->socket.state() != QSslSocket::ConnectedState) { - if (errorString) - *errorString = host + QLatin1String(": ") + d->socket.errorString(); - switch (d->socket.error()) { - case QSslSocket::UnsupportedSocketOperationError: - return ERR_UNSUPPORTED_ACTION; - case QSslSocket::RemoteHostClosedError: - return ERR_CONNECTION_BROKEN; - case QSslSocket::SocketTimeoutError: - return ERR_SERVER_TIMEOUT; - case QSslSocket::HostNotFoundError: - return ERR_UNKNOWN_HOST; - default: - return ERR_COULD_NOT_CONNECT; - } - } - - //### check for proxyAuthenticationRequiredError - - d->ip = d->socket.peerAddress().toString(); - d->port = d->socket.peerPort(); - - if (d->autoSSL) { - SslResult res = d->startTLSInternal(trySslVersion, sslConfig, timeout); - if ((res & ResultFailed) && (res & ResultFailedEarly)) { - if (!(alreadyTriedSslVersions & QSsl::SecureProtocols)) { - trySslVersion = QSsl::SecureProtocols; - alreadyTriedSslVersions |= trySslVersion; - continue; - } - - if (!(alreadyTriedSslVersions & QSsl::TlsV1)) { - trySslVersion = QSsl::TlsV1; - alreadyTriedSslVersions |= trySslVersion; - continue; - } - - if (!(alreadyTriedSslVersions & QSsl::SslV3)) { - trySslVersion = QSsl::SslV3; - alreadyTriedSslVersions |= trySslVersion; - continue; - } - } - - //### SSL 2.0 is (close to) dead and it's a good thing, too. - if (res & ResultFailed) { - if (errorString) - *errorString = i18nc("%1 is a host name", "%1: SSL negotiation failed", host); - return ERR_COULD_NOT_CONNECT; - } - } - // If the SSL handshake was done with anything protocol other than the default, - // save that information so that any subsequent requests do not have to do thesame thing. - if (trySslVersion != QSsl::SecureProtocols && lastSslVerson == QSsl::SecureProtocols) { - setMetaData(QLatin1String("{internal~currenthost}LastUsedSslVersion"), - QString::number(trySslVersion)); - } - return 0; - } - Q_ASSERT(false); - // Code flow never gets here but let's make the compiler happy. - // More: the stack allocation of QSslSettings seems to be confusing the compiler; - // in fact, any non-POD allocation does. - // even a 'return 0;' directly after the allocation (so before the while(true)) - // is ignored. definitely seems to be a compiler bug? - aseigo - return 0; -} - -void TCPSlaveBase::disconnectFromHost() -{ - kDebug(7027); - d->host.clear(); - d->ip.clear(); - d->usingSSL = false; - - if (d->socket.state() == QSslSocket::UnconnectedState) { - // discard incoming data - the remote host might have disconnected us in the meantime - // but the visible effect of disconnectFromHost() should stay the same. - d->socket.close(); - return; - } - - //### maybe save a session for reuse on SSL shutdown if and when QSslSocket - // does that. QCA::TLS can do it apparently but that is not enough if - // we want to present that as KDE API. Not a big loss in any case. - d->socket.disconnectFromHost(); - if (d->socket.state() != QSslSocket::UnconnectedState) - d->socket.waitForDisconnected(-1); // wait for unsent data to be sent - d->socket.close(); //whatever that means on a socket -} - -bool TCPSlaveBase::isAutoSsl() const -{ - return d->autoSSL; -} - -bool TCPSlaveBase::isUsingSsl() const -{ - return d->usingSSL; -} - -quint16 TCPSlaveBase::port() const -{ - return d->port; -} - -bool TCPSlaveBase::atEnd() const -{ - return d->socket.atEnd(); -} - -bool TCPSlaveBase::startSsl() -{ - if (d->usingSSL) - return false; - return d->startTLSInternal(QSsl::TlsV1) & ResultOk; -} - -TCPSlaveBase::SslResult TCPSlaveBase::TcpSlaveBasePrivate::startTLSInternal (QSsl::SslProtocol version, - const QSslConfiguration& sslConfig, - int waitForEncryptedTimeout) -{ - q->selectClientCertificate(); - - //setMetaData("ssl_session_id", d->kssl->session()->toString()); - //### we don't support session reuse for now... - usingSSL = true; - kDebug(7027) << "Trying SSL handshake with protocol:" << version - << ", SSL compression ON:" << sslConfig.testSslOption(QSsl::SslOptionDisableCompression); - // Set the SSL version to use... - socket.setProtocol(version); - - // Set SSL configuration information - if (!sslConfig.isNull()) - socket.setSslConfiguration(sslConfig); - - /* Usually ignoreSslErrors() would be called in the slot invoked by the sslErrors() - signal but that would mess up the flow of control. We will check for errors - anyway to decide if we want to continue connecting. Otherwise ignoreSslErrors() - before connecting would be very insecure. */ - socket.ignoreSslErrors(); - socket.startClientEncryption(); - const bool encryptionStarted = socket.waitForEncrypted(waitForEncryptedTimeout); - - //Set metadata, among other things for the "SSL Details" dialog - QSslCipher cipher = socket.sessionCipher(); - - if (!encryptionStarted || socket.mode() != QSslSocket::SslClientMode - || cipher.isNull() || cipher.usedBits() == 0 || socket.peerCertificateChain().isEmpty()) { - usingSSL = false; - clearSslMetaData(); - kDebug(7029) << "Initial SSL handshake failed. encryptionStarted is" - << encryptionStarted << ", cipher.isNull() is" << cipher.isNull() - << ", cipher.usedBits() is" << cipher.usedBits() - << ", length of certificate chain is" << socket.peerCertificateChain().count() - << ", the socket says:" << socket.errorString() - << "and the list of SSL errors contains" - << socket.sslErrors().count() << "items."; - Q_FOREACH(const QSslError& sslError, socket.sslErrors()) { - kDebug(7029) << "SSL ERROR: (" << sslError.error() << ")" << sslError.errorString(); - } - return ResultFailed | ResultFailedEarly; - } - - kDebug(7029) << "Cipher info - " - << " negotiated SSL protocol version" << socket.protocol() - << " authenticationMethod:" << cipher.authenticationMethod() - << " encryptionMethod:" << cipher.encryptionMethod() - << " keyExchangeMethod:" << cipher.keyExchangeMethod() - << " name:" << cipher.name() - << " supportedBits:" << cipher.supportedBits() - << " usedBits:" << cipher.usedBits(); - - sslErrors = socket.sslErrors(); - - // TODO: review / rewrite / remove the comment - // The app side needs the metadata now for the SSL error dialog (if any) but - // the same metadata will be needed later, too. When "later" arrives the slave - // may actually be connected to a different application that doesn't know - // the metadata the slave sent to the previous application. - // The quite important SSL indicator icon in Konqi's URL bar relies on metadata - // from here, for example. And Konqi will be the second application to connect - // to the slave. - // Therefore we choose to have our metadata and send it, too :) - setSslMetaData(); - q->sendAndKeepMetaData(); - - SslResult rc = q->verifyServerCertificate(); - if (rc & ResultFailed) { - usingSSL = false; - clearSslMetaData(); - kDebug(7029) << "server certificate verification failed."; - socket.disconnectFromHost(); //Make the connection fail (cf. ignoreSslErrors()) - return ResultFailed; - } else if (rc & ResultOverridden) { - kDebug(7029) << "server certificate verification failed but continuing at user's request."; - } - - //"warn" when starting SSL/TLS - if (q->metaData("ssl_activate_warnings") == "TRUE" - && q->metaData("ssl_was_in_use") == "FALSE" - && sslSettings.warnOnEnter()) { - - int msgResult = q->messageBox(i18n("You are about to enter secure mode. " - "All transmissions will be encrypted " - "unless otherwise noted.\nThis means " - "that no third party will be able to " - "easily observe your data in transit."), - WarningYesNo, - i18n("Security Information"), - i18n("Display SSL &Information"), - i18n("C&onnect"), - "WarnOnEnterSSLMode"); - if (msgResult == KMessageBox::Yes) { - q->messageBox(SSLMessageBox /*==the SSL info dialog*/, host); - } - } - - return rc; -} - -void TCPSlaveBase::selectClientCertificate() -{ -#if 0 //hehe - QString certname; // the cert to use this session - bool send = false, prompt = false, save = false, forcePrompt = false; - KSSLCertificateHome::KSSLAuthAction aa; - - setMetaData("ssl_using_client_cert", "FALSE"); // we change this if needed - - if (metaData("ssl_no_client_cert") == "TRUE") return; - forcePrompt = (metaData("ssl_force_cert_prompt") == "TRUE"); - - // Delete the old cert since we're certainly done with it now - if (d->pkcs) { - delete d->pkcs; - d->pkcs = NULL; - } - - if (!d->kssl) return; - - // Look for a general certificate - if (!forcePrompt) { - certname = KSSLCertificateHome::getDefaultCertificateName(&aa); - switch (aa) { - case KSSLCertificateHome::AuthSend: - send = true; prompt = false; - break; - case KSSLCertificateHome::AuthDont: - send = false; prompt = false; - certname.clear(); - break; - case KSSLCertificateHome::AuthPrompt: - send = false; prompt = true; - break; - default: - break; - } - } - - // Look for a certificate on a per-host basis as an override - QString tmpcn = KSSLCertificateHome::getDefaultCertificateName(d->host, &aa); - if (aa != KSSLCertificateHome::AuthNone) { // we must override - switch (aa) { - case KSSLCertificateHome::AuthSend: - send = true; - prompt = false; - certname = tmpcn; - break; - case KSSLCertificateHome::AuthDont: - send = false; - prompt = false; - certname.clear(); - break; - case KSSLCertificateHome::AuthPrompt: - send = false; - prompt = true; - certname = tmpcn; - break; - default: - break; - } - } - - // Finally, we allow the application to override anything. - if (hasMetaData("ssl_demand_certificate")) { - certname = metaData("ssl_demand_certificate"); - if (!certname.isEmpty()) { - forcePrompt = false; - prompt = false; - send = true; - } - } - - if (certname.isEmpty() && !prompt && !forcePrompt) return; - - // Ok, we're supposed to prompt the user.... - if (prompt || forcePrompt) { - QStringList certs = KSSLCertificateHome::getCertificateList(); - - QStringList::const_iterator it = certs.begin(); - while (it != certs.end()) { - KSSLPKCS12 *pkcs = KSSLCertificateHome::getCertificateByName(*it); - if (pkcs && (!pkcs->getCertificate() || - !pkcs->getCertificate()->x509V3Extensions().certTypeSSLClient())) { - it = certs.erase(it); - } else { - ++it; - } - delete pkcs; - } - - if (certs.isEmpty()) return; // we had nothing else, and prompt failed - - if (!QDBusConnection::sessionBus().interface()->isServiceRegistered("org.kde.kio.uiserver")) { - KToolInvocation::startServiceByDesktopPath("kuiserver.desktop", - QStringList()); - } - - QDBusInterface uis("org.kde.kio.uiserver", "/UIServer", "org.kde.KIO.UIServer"); - - QDBusMessage retVal = uis.call("showSSLCertDialog", d->host, certs, metaData("window-id").toLongLong()); - if (retVal.type() == QDBusMessage::ReplyMessage) { - if (retVal.arguments().at(0).toBool()) { - send = retVal.arguments().at(1).toBool(); - save = retVal.arguments().at(2).toBool(); - certname = retVal.arguments().at(3).toString(); - } - } - } - - // The user may have said to not send the certificate, - // but to save the choice - if (!send) { - if (save) { - KSSLCertificateHome::setDefaultCertificate(certname, d->host, - false, false); - } - return; - } - - // We're almost committed. If we can read the cert, we'll send it now. - KSSLPKCS12 *pkcs = KSSLCertificateHome::getCertificateByName(certname); - if (!pkcs && KSSLCertificateHome::hasCertificateByName(certname)) { // We need the password - KIO::AuthInfo ai; - bool first = true; - do { - ai.prompt = i18n("Enter the certificate password:"); - ai.caption = i18n("SSL Certificate Password"); - ai.url.setProtocol("kssl"); - ai.url.setHost(certname); - ai.username = certname; - ai.keepPassword = true; - - bool showprompt; - if (first) - showprompt = !checkCachedAuthentication(ai); - else - showprompt = true; - if (showprompt) { - if (!openPasswordDialog(ai, first ? QString() : - i18n("Unable to open the certificate. Try a new password?"))) - break; - } - - first = false; - pkcs = KSSLCertificateHome::getCertificateByName(certname, ai.password); - } while (!pkcs); - - } - - // If we could open the certificate, let's send it - if (pkcs) { - if (!d->kssl->setClientCertificate(pkcs)) { - messageBox(Information, i18n("The procedure to set the " - "client certificate for the session " - "failed."), i18n("SSL")); - delete pkcs; // we don't need this anymore - pkcs = 0L; - } else { - kDebug(7029) << "Client SSL certificate is being used."; - setMetaData("ssl_using_client_cert", "TRUE"); - if (save) { - KSSLCertificateHome::setDefaultCertificate(certname, d->host, - true, false); - } - } - d->pkcs = pkcs; - } -#endif -} - -TCPSlaveBase::SslResult TCPSlaveBase::verifyServerCertificate() -{ - d->sslNoUi = hasMetaData("ssl_no_ui") && (metaData("ssl_no_ui") != "FALSE"); - - if (d->sslErrors.isEmpty()) { - return ResultOk; - } else if (d->sslNoUi) { - return ResultFailed; - } - - QList fatalErrors = KSslCertificateManager::nonIgnorableErrors(d->sslErrors); - if (!fatalErrors.isEmpty()) { - //TODO message "sorry, fatal error, you can't override it" - return ResultFailed; - } - - KSslCertificateManager *const cm = KSslCertificateManager::self(); - KSslCertificateRule rule = cm->rule(d->socket.peerCertificateChain().first(), d->host); - - // remove previously seen and acknowledged errors - QList remainingErrors = rule.filterErrors(d->sslErrors); - if (remainingErrors.isEmpty()) { - kDebug(7029) << "Error list empty after removing errors to be ignored. Continuing."; - return ResultOk | ResultOverridden; - } - - //### We don't ask to permanently reject the certificate - - QString message = i18n("The server failed the authenticity check (%1).\n\n", d->host); - Q_FOREACH (const QSslError &err, d->sslErrors) { - message.append(err.errorString()); - message.append('\n'); - } - message = message.trimmed(); - - int msgResult; - QDateTime ruleExpiry = QDateTime::currentDateTime(); - do { - msgResult = messageBox(WarningYesNoCancel, message, - i18n("Server Authentication"), - i18n("&Details"), i18n("Co&ntinue")); - switch (msgResult) { - case KMessageBox::Yes: - //Details was chosen- show the certificate and error details - messageBox(SSLMessageBox /*the SSL info dialog*/, d->host); - break; - case KMessageBox::No: { - //fall through on KMessageBox::No - const int result = messageBox(WarningYesNoCancel, - i18n("Would you like to accept this " - "certificate forever without " - "being prompted?"), - i18n("Server Authentication"), - i18n("&Forever"), - i18n("&Current Session only")); - if (result == KMessageBox::Yes) { - //accept forever ("for a very long time") - ruleExpiry = ruleExpiry.addYears(1000); - } else if (result == KMessageBox::No) { - //accept "for a short time", half an hour. - ruleExpiry = ruleExpiry.addSecs(30*60); - } else { - msgResult = KMessageBox::Yes; - } - break; - } - case KMessageBox::Cancel: - return ResultFailed; - default: - kWarning() << "Unexpected MessageBox response received:" << msgResult; - return ResultFailed; - } - } while (msgResult == KMessageBox::Yes); - - //TODO special cases for wildcard domain name in the certificate! - //rule = KSslCertificateRule(d->socket.peerCertificateChain().first(), whatever); - - rule.setExpiryDateTime(ruleExpiry); - rule.setIgnoredErrors(d->sslErrors); - - //Save the user's choice to ignore the SSL errors. - cm->setRule(rule); - - return ResultOk | ResultOverridden; -#if 0 //### need to to do something like the old code about the main and subframe stuff - kDebug(7029) << "SSL HTTP frame the parent? " << metaData("main_frame_request"); - if (!hasMetaData("main_frame_request") || metaData("main_frame_request") == "TRUE") { - // Since we're the parent, we need to teach the child. - setMetaData("ssl_parent_ip", d->ip); - setMetaData("ssl_parent_cert", pc.toString()); - // - Read from cache and see if there is a policy for this - KSSLCertificateCache::KSSLCertificatePolicy cp = - d->certCache->getPolicyByCertificate(pc); - - // - validation code - if (ksv != KSSLCertificate::Ok) { - if (d->sslNoUi) { - return -1; - } - - if (cp == KSSLCertificateCache::Unknown || - cp == KSSLCertificateCache::Ambiguous) { - cp = KSSLCertificateCache::Prompt; - } else { - // A policy was already set so let's honor that. - permacache = d->certCache->isPermanent(pc); - } - - if (!_IPmatchesCN && cp == KSSLCertificateCache::Accept) { - cp = KSSLCertificateCache::Prompt; -// ksv = KSSLCertificate::Ok; - } - -////// SNIP SNIP ////////// - - // - cache the results - d->certCache->addCertificate(pc, cp, permacache); - if (doAddHost) d->certCache->addHost(pc, d->host); - } else { // Child frame - // - Read from cache and see if there is a policy for this - KSSLCertificateCache::KSSLCertificatePolicy cp = - d->certCache->getPolicyByCertificate(pc); - isChild = true; - - // Check the cert and IP to make sure they're the same - // as the parent frame - bool certAndIPTheSame = (d->ip == metaData("ssl_parent_ip") && - pc.toString() == metaData("ssl_parent_cert")); - - if (ksv == KSSLCertificate::Ok) { - if (certAndIPTheSame) { // success - rc = 1; - setMetaData("ssl_action", "accept"); - } else { - /* - if (d->sslNoUi) { - return -1; - } - result = messageBox(WarningYesNo, - i18n("The certificate is valid but does not appear to have been assigned to this server. Do you wish to continue loading?"), - i18n("Server Authentication")); - if (result == KMessageBox::Yes) { // success - rc = 1; - setMetaData("ssl_action", "accept"); - } else { // fail - rc = -1; - setMetaData("ssl_action", "reject"); - } - */ - setMetaData("ssl_action", "accept"); - rc = 1; // Let's accept this now. It's bad, but at least the user - // will see potential attacks in KDE3 with the pseudo-lock - // icon on the toolbar, and can investigate with the RMB - } - } else { - if (d->sslNoUi) { - return -1; - } - - if (cp == KSSLCertificateCache::Accept) { - if (certAndIPTheSame) { // success - rc = 1; - setMetaData("ssl_action", "accept"); - } else { // fail - result = messageBox(WarningYesNo, - i18n("You have indicated that you wish to accept this certificate, but it is not issued to the server who is presenting it. Do you wish to continue loading?"), - i18n("Server Authentication")); - if (result == KMessageBox::Yes) { - rc = 1; - setMetaData("ssl_action", "accept"); - d->certCache->addHost(pc, d->host); - } else { - rc = -1; - setMetaData("ssl_action", "reject"); - } - } - } else if (cp == KSSLCertificateCache::Reject) { // fail - messageBox(Information, i18n("SSL certificate is being rejected as requested. You can disable this in the KDE System Settings."), - i18n("Server Authentication")); - rc = -1; - setMetaData("ssl_action", "reject"); - } else { - -//////// SNIP SNIP ////////// - - return rc; -#endif //#if 0 - return ResultOk | ResultOverridden; -} - - -bool TCPSlaveBase::isConnected() const -{ - //QSslSocket::isValid() and therefore QSslSocket::isValid() are shady... - return d->socket.state() == QSslSocket::ConnectedState; -} - - -bool TCPSlaveBase::waitForResponse(int t) -{ - if (d->socket.bytesAvailable()) { - return true; - } - return d->socket.waitForReadyRead(t * 1000); -} - -void TCPSlaveBase::setBlocking(bool b) -{ - if (!b) { - kWarning(7029) << "Caller requested non-blocking mode, but that doesn't work"; - return; - } - d->isBlocking = b; -} - diff --git a/kio/kio/tcpslavebase.h b/kio/kio/tcpslavebase.h deleted file mode 100644 index 220541c2..00000000 --- a/kio/kio/tcpslavebase.h +++ /dev/null @@ -1,223 +0,0 @@ -/* - * Copyright (C) 2000 Alex Zepeda - * Copyright (C) 2001 George Staikos - * Copyright (C) 2001 Dawit Alemayehu - * Copyright (C) 2007,2008 Andreas Hartmetz - * - * This file is part of the KDE project - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public License - * along with this library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. - */ - -#ifndef TCP_SLAVEBASE_H -#define TCP_SLAVEBASE_H - -#include -#include - -#include - -#include - -namespace KIO { - -/** - * There are two classes that specifies the protocol between application (job) - * and kioslave. SlaveInterface is the class to use on the application end, - * SlaveBase is the one to use on the slave end. - * - * Slave implementations should simply inherit SlaveBase - * - * A call to foo() results in a call to slotFoo() on the other end. - */ -class KIO_EXPORT TCPSlaveBase : public SlaveBase -{ -public: - /** - * Constructor. - * - * @param autoSsl if true, will automatically invoke startSsl() right after - * connecting. In the absence of errors the use of SSL will - * therefore be transparent to higher layers. - */ - TCPSlaveBase(const QByteArray &protocol, - const QByteArray &poolSocket, const QByteArray &appSocket, - bool autoSsl = false); - - virtual ~TCPSlaveBase(); - -protected: - enum SslResultDetail { - ResultOk = 1, - ResultOverridden = 2, - ResultFailed = 4, - ResultFailedEarly = 8 - }; - friend class QFlags; -public: - Q_DECLARE_FLAGS(SslResult, SslResultDetail) -protected: - - /** - * Send data to the remote host. - * - * @param data data to be sent to remote machine - * @param len the length (in bytes) of the data to be sent - * - * @return the actual size of the data that was sent - */ - using SlaveBase::write; //Silence incompatible virtual override warning - ssize_t write(const char *data, ssize_t len); - - /** - * Read incoming data from the remote host. - * - * @param data storage for the data read from server - * @param len length of the data (in bytes) to read from the server - * - * @return the actual size of data that was obtained - */ - using SlaveBase::read; - ssize_t read(char *data, ssize_t len); - - /** - * Same as read() except it reads data one line at a time. - */ - ssize_t readLine(char *data, ssize_t len); - - /** - * Performs the initial TCP connection stuff and/or - * SSL handshaking as necessary. - * - * @param protocol the protocol being used - * @param host hostname - * @param port port number - * - * @return on succes, true is returned. - * on failure, false is returned and an appropriate - * error message is sent to the application. - */ - bool connectToHost(const QString &protocol, const QString& host, quint16 port); - - /** - * Connects to the specified host and port. - * - * @param host host name - * @param port port number - * @param errorString if not NULL, this string will contain error information - * on why the connection request failed. - * - * @return on success, 0 is returned. on failure, a KIO::Error code is returned. - * @ref errorString, if not NULL, will contain the appropriate error message - * that can be sent back to the client. - * - * @since 4.7.2 - */ - int connectToHost(const QString& host, quint16 port, QString* errorString = 0); - - /** - * the current port for this service - * - */ - quint16 port() const; - - /** - * Will start SSL after connecting? - * - * @return if so, true is returned. - * if not, false is returned. - */ - bool isAutoSsl() const; - - /** - * Is the current connection using SSL? - * - * @return if so, true is returned. - * if not, false is returned. - */ - bool isUsingSsl() const; - - /** - * Start using SSL on the connection. You can use it right after connecting - * for classic, transparent to the protocol SSL. Calling it later can be - * used to implement e.g. SMTP's STARTTLS feature. - * - * @return on success, true is returned. - * on failure, false is returned. - */ - bool startSsl(); - - /** - * Close the connection and forget non-permanent data like the peer host. - */ - void disconnectFromHost(); - - /** - * Returns true when end of data is reached. - */ - bool atEnd() const; - - /** - * Determines whether or not we are still connected - * to the remote machine. - * - * return @p true if the socket is still active or - * false otherwise. - */ - bool isConnected() const; - - /** - * Wait for incoming data on the socket - * for the period specified by @p t. - * - * @param t length of time in seconds that we should monitor the - * socket before timing out. - * - * @return true if any data arrived on the socket before the - * timeout value was reached, false otherwise. - */ - bool waitForResponse( int t ); - - /** - * Sets the mode of the connection to blocking or non-blocking. - * - * Be sure to call this function before calling connectToHost. - * Otherwise, this setting will not have any effect until the next - * @p connectToHost. - * - * @param b true to make the connection a blocking one, false otherwise. - */ - void setBlocking( bool b ); - - /** - * Return the socket object, if the class ever needs to do anything to it - */ - QIODevice *socket() const; - -private: - // For the certificate verification code - SslResult verifyServerCertificate(); - - // For prompting for the client certificate to use - void selectClientCertificate(); - - class TcpSlaveBasePrivate; - TcpSlaveBasePrivate* const d; -}; - -} - -#endif diff --git a/kio/kio/usernotificationhandler.cpp b/kio/kio/usernotificationhandler.cpp index af8544f7..def363b9 100644 --- a/kio/kio/usernotificationhandler.cpp +++ b/kio/kio/usernotificationhandler.cpp @@ -86,8 +86,7 @@ void UserNotificationHandler::processRequest() r->data.value(MSG_NO_BUTTON_TEXT).toString(), r->data.value(MSG_YES_BUTTON_ICON).toString(), r->data.value(MSG_NO_BUTTON_ICON).toString(), - r->data.value(MSG_DONT_ASK_AGAIN).toString(), - r->data.value(MSG_META_DATA).toMap()); + r->data.value(MSG_DONT_ASK_AGAIN).toString()); m_cachedResults.insert(key, new int(result)); } } else { diff --git a/kio/kio/usernotificationhandler_p.h b/kio/kio/usernotificationhandler_p.h index 4dd95e99..c613b661 100644 --- a/kio/kio/usernotificationhandler_p.h +++ b/kio/kio/usernotificationhandler_p.h @@ -41,8 +41,7 @@ public: MSG_NO_BUTTON_TEXT, MSG_YES_BUTTON_ICON, MSG_NO_BUTTON_ICON, - MSG_DONT_ASK_AGAIN, - MSG_META_DATA + MSG_DONT_ASK_AGAIN }; class Request diff --git a/kparts/browserrun.cpp b/kparts/browserrun.cpp index de93380d..9605de13 100644 --- a/kparts/browserrun.cpp +++ b/kparts/browserrun.cpp @@ -141,15 +141,6 @@ void BrowserRun::scanFile() if ( d->m_part ) { const QString proto = d->m_part->url().protocol(); - if (proto == "https") { - metaData.insert("main_frame_request", "TRUE" ); - metaData.insert("ssl_was_in_use", "TRUE" ); - // metaData.insert("ssl_activate_warnings", "TRUE" ); - } else if (proto == "http") { - // metaData.insert("ssl_activate_warnings", "TRUE" ); - metaData.insert("ssl_was_in_use", "FALSE" ); - } - // Set the PropagateHttpHeader meta-data if it has not already been set... if (!metaData.contains("PropagateHttpHeader")) metaData.insert("PropagateHttpHeader", "TRUE");