From 488f26e3a52cc3e00b1d09ce4397d6145f6e9990 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20H=C3=B6rist?= <philipp@hoerist.com>
Date: Mon, 26 Sep 2016 11:36:26 +0200
Subject: [PATCH] Only allow TLS connection and verify certificate - Fixes #78

Certificate is only on python >= 3.4 verified
---
 plugin_installer/config_dialog.ui    | 33 ++++++----------------------
 plugin_installer/manifest.ini        |  2 +-
 plugin_installer/plugin_installer.py | 27 ++++++++++++-----------
 3 files changed, 22 insertions(+), 40 deletions(-)

diff --git a/plugin_installer/config_dialog.ui b/plugin_installer/config_dialog.ui
index 7acccb5..f07cd77 100644
--- a/plugin_installer/config_dialog.ui
+++ b/plugin_installer/config_dialog.ui
@@ -1,6 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
+<!-- Generated with glade 3.18.3 -->
 <interface>
-  <!-- interface-requires gtk+ 3.0 -->
+  <requires lib="gtk+" version="3.0"/>
   <object class="GtkWindow" id="window1">
     <property name="can_focus">False</property>
     <child>
@@ -65,10 +66,10 @@
               <object class="GtkLabel" id="plugin_name_label1">
                 <property name="visible">True</property>
                 <property name="can_focus">False</property>
-                <property name="xalign">0</property>
                 <property name="label">&lt;empty&gt;</property>
                 <property name="selectable">True</property>
                 <property name="ellipsize">end</property>
+                <property name="xalign">0</property>
               </object>
               <packing>
                 <property name="expand">False</property>
@@ -97,11 +98,11 @@
                   <object class="GtkLabel" id="plugin_authors_label1">
                     <property name="visible">True</property>
                     <property name="can_focus">False</property>
-                    <property name="xalign">0</property>
                     <property name="xpad">6</property>
                     <property name="label">&lt;empty&gt;</property>
                     <property name="selectable">True</property>
                     <property name="ellipsize">end</property>
+                    <property name="xalign">0</property>
                   </object>
                   <packing>
                     <property name="expand">True</property>
@@ -139,7 +140,6 @@
                     <property name="visible">True</property>
                     <property name="can_focus">True</property>
                     <property name="receives_default">True</property>
-                    <property name="use_action_appearance">False</property>
                     <property name="relief">none</property>
                     <property name="focus_on_click">False</property>
                     <property name="xalign">0</property>
@@ -238,7 +238,6 @@
                         <property name="sensitive">False</property>
                         <property name="can_focus">False</property>
                         <property name="receives_default">True</property>
-                        <property name="use_action_appearance">False</property>
                         <signal name="clicked" handler="on_inslall_upgrade_clicked" swapped="no"/>
                         <child>
                           <object class="GtkHBox" id="hbox1">
@@ -260,8 +259,8 @@
                               <object class="GtkLabel" id="label1">
                                 <property name="visible">True</property>
                                 <property name="can_focus">False</property>
-                                <property name="xalign">0</property>
                                 <property name="label" translatable="yes">Install/Upgrade</property>
+                                <property name="xalign">0</property>
                               </object>
                               <packing>
                                 <property name="expand">True</property>
@@ -316,8 +315,8 @@
               <object class="GtkLabel" id="label2">
                 <property name="visible">True</property>
                 <property name="can_focus">False</property>
-                <property name="xalign">0</property>
                 <property name="label" translatable="yes">Ftp server:</property>
+                <property name="xalign">0</property>
               </object>
               <packing>
                 <property name="expand">False</property>
@@ -351,7 +350,6 @@
             <property name="visible">True</property>
             <property name="can_focus">False</property>
             <property name="receives_default">False</property>
-            <property name="use_action_appearance">False</property>
             <property name="focus_on_click">False</property>
             <property name="xalign">0.5</property>
             <property name="draw_indicator">True</property>
@@ -370,7 +368,6 @@
             <property name="visible">True</property>
             <property name="can_focus">False</property>
             <property name="receives_default">False</property>
-            <property name="use_action_appearance">False</property>
             <property name="focus_on_click">False</property>
             <property name="xalign">0.5</property>
             <property name="draw_indicator">True</property>
@@ -383,23 +380,7 @@
           </packing>
         </child>
         <child>
-          <object class="GtkCheckButton" id="TLS">
-            <property name="label" translatable="yes">Use TLS transport</property>
-            <property name="use_action_appearance">False</property>
-            <property name="visible">True</property>
-            <property name="can_focus">False</property>
-            <property name="receives_default">False</property>
-            <property name="use_action_appearance">False</property>
-            <property name="focus_on_click">False</property>
-            <property name="xalign">0.5</property>
-            <property name="draw_indicator">True</property>
-            <signal name="toggled" handler="on_tls_toggled" swapped="no"/>
-          </object>
-          <packing>
-            <property name="expand">False</property>
-            <property name="fill">True</property>
-            <property name="position">3</property>
-          </packing>
+          <placeholder/>
         </child>
       </object>
     </child>
diff --git a/plugin_installer/manifest.ini b/plugin_installer/manifest.ini
index 0d72f93..115366b 100644
--- a/plugin_installer/manifest.ini
+++ b/plugin_installer/manifest.ini
@@ -1,7 +1,7 @@
 [info]
 name: Plugin Installer
 short_name: plugin_installer
-version: 0.15
+version: 0.16
 description: Install and upgrade plugins from ftp
 authors: Denis Fomin <fominde@gmail.com>
  Yann Leboulanger <asterix@lagaule.org>
diff --git a/plugin_installer/plugin_installer.py b/plugin_installer/plugin_installer.py
index 765518c..ea9abc2 100644
--- a/plugin_installer/plugin_installer.py
+++ b/plugin_installer/plugin_installer.py
@@ -33,6 +33,8 @@ import os
 import fnmatch
 import sys
 import zipfile
+import ssl
+import logging
 
 from common import gajim
 from plugins import GajimPlugin
@@ -41,6 +43,8 @@ from htmltextview import HtmlTextView
 from dialogs import WarningDialog, HigDialog, YesNoDialog
 from plugins.gui import GajimPluginConfigDialog
 
+log = logging.getLogger('gajim.plugin_system.plugin_installer')
+
 (
 C_PIXBUF,
 C_DIR,
@@ -68,8 +72,7 @@ class PluginInstaller(GajimPlugin):
         self.config_dialog = PluginInstallerPluginConfigDialog(self)
         self.config_default_values = {'ftp_server': ('ftp.gajim.org', ''),
                                       'check_update': (True, ''),
-                                      'check_update_periodically': (True, ''),
-                                      'TLS': (True, ''),}
+                                      'check_update_periodically': (True, '')}
         self.window = None
         self.progressbar = None
         self.available_plugins_model = None
@@ -111,13 +114,15 @@ class PluginInstaller(GajimPlugin):
                 '\n%s') % plugins_str, on_response_yes=open_update)
 
     def ftp_connect(self):
-        if sys.version_info[:2] > (2, 6) and self.config['TLS'] :
-            con = ftplib.FTP_TLS(self.config['ftp_server'])
-            con.login()
-            con.prot_p()
+        if sys.version_info >= (3, 4):
+            ctx = ssl.create_default_context()
+            con = ftplib.FTP_TLS(self.config['ftp_server'], context=ctx)
+            log.debug('Plugin Server Cert verified')
         else:
-            con = ftplib.FTP(self.config['ftp_server'])
-            con.login()
+            con = ftplib.FTP_TLS(self.config['ftp_server'])
+        con.login()
+        con.prot_p()
+
         return con
 
     @log_calls('PluginInstallerPlugin')
@@ -612,7 +617,7 @@ class Ftp(threading.Thread):
 
         with zipfile.ZipFile(self.buffer_) as zip_file:
             zip_file.extractall(os.path.join(user_dir))
-        
+
         self.ftp.quit()
         GLib.idle_add(self.window.emit, 'plugin_downloaded', self.remote_dirs)
         GLib.source_remove(self.pulse)
@@ -638,7 +643,6 @@ class PluginInstallerPluginConfigDialog(GajimPluginConfigDialog):
             self.plugin.config['check_update'])
         self.xml.get_object('check_update_periodically').set_active(
             self.plugin.config['check_update_periodically'])
-        self.xml.get_object('TLS').set_active(self.plugin.config['TLS'])
 
     def on_hide(self, widget):
         widget = self.xml.get_object('ftp_server')
@@ -649,6 +653,3 @@ class PluginInstallerPluginConfigDialog(GajimPluginConfigDialog):
 
     def on_check_update_periodically_toggled(self, widget):
         self.plugin.config['check_update_periodically'] = widget.get_active()
-
-    def on_tls_toggled(self, widget):
-        self.plugin.config['TLS'] = widget.get_active()