From fe25e767070f46e37e0c27418db13632d5145bbf Mon Sep 17 00:00:00 2001
From: Michael Lamb <mlamb1976@yahoo.com>
Date: Mon, 2 Dec 2013 14:35:08 -0800
Subject: [PATCH] adium: UI addtions to disable BEAST mitigations

Added UI elements (hidden for <10.8 users) to enable/disable
BEAST mitigations in Mavericks (if Adium is patched)
---
 .../adium-1.5.8-disable-ssl-mitigation.patch       | 38 ++++++++++++----------
 src/adium/ESPurpleSIPEAccount.h                    |  2 ++
 src/adium/ESPurpleSIPEAccount.m                    |  5 +++
 src/adium/ESSIPEAccountViewController.h            |  1 +
 src/adium/ESSIPEAccountViewController.m            | 16 +++++++++
 src/adium/English.lproj/ESSIPEAccountView.xib      | 26 ++++++++++-----
 src/adium/PurpleDefaultsSIPE.plist                 |  2 ++
 7 files changed, 64 insertions(+), 26 deletions(-)

diff --git a/contrib/adium-patches/adium-1.5.8-disable-ssl-mitigation.patch b/contrib/adium-patches/adium-1.5.8-disable-ssl-mitigation.patch
index 007a6a9e..91876905 100644
--- a/contrib/adium-patches/adium-1.5.8-disable-ssl-mitigation.patch
+++ b/contrib/adium-patches/adium-1.5.8-disable-ssl-mitigation.patch
@@ -1,32 +1,34 @@
-diff -r 9c8daca7bb8b Plugins/Purple Service/libpurple_extensions/ssl-cdsa.c
---- a/Plugins/Purple Service/libpurple_extensions/ssl-cdsa.c	Wed Oct 23 16:08:03 2013 +0200
-+++ b/Plugins/Purple Service/libpurple_extensions/ssl-cdsa.c	Sat Nov 16 14:28:04 2013 +0200
-@@ -37,6 +37,7 @@
+diff --git a/Plugins/Purple Service/libpurple_extensions/ssl-cdsa.c b/Plugins/Purple Service/libpurple_extensions/ssl-cdsa.c
+--- a/Plugins/Purple Service/libpurple_extensions/ssl-cdsa.c	
++++ b/Plugins/Purple Service/libpurple_extensions/ssl-cdsa.c	
+@@ -52,6 +52,7 @@
+ #define PURPLE_SSL_CONNECTION_IS_VALID(gsc) (g_list_find(connections, (gsc)) != NULL)
  
- //#define CDSA_DEBUG
+ #define PURPLE_SSL_CDSA_BUGGY_TLS_WORKAROUND "ssl_cdsa_buggy_tls_workaround"
++#define PURPLE_SSL_CDSA_BEAST_TLS_WORKAROUND "ssl_cdsa_beast_tls_workaround"
  
-+#import <Availability.h>
- #import <Security/Security.h>
- #import <unistd.h>
- 
-@@ -504,6 +505,20 @@
+ /*
+  * query_cert_chain - callback for letting the user review the certificate before accepting it
+@@ -504,6 +505,21 @@
          protoErr = SSLSetProtocolVersionEnabled(cdsa_data->ssl_ctx, kTLSProtocol1, true);
      }
      
-+    if (!strcmp(purple_account_get_protocol_id(account),"prpl-sipe")) {
-+        purple_debug_info("cdsa", "Explicitly disabling SSL BEAST mitigation for Microsoft Lync 2010 connections\n");
-+
-+        OSStatus protoErr;
-+#if __MAC_OS_X_VERSION_MAX_ALLOWED <= 1090
-+#define kSSLSessionOptionSendOneByteRecord 4 /* appears in 10.9 */
++#if MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_9
++    #define kSSLSessionOptionSendOneByteRecord 4 /* Appears in 10.9 */
 +#endif
-+
++    
++    if (purple_account_get_bool(account, PURPLE_SSL_CDSA_BEAST_TLS_WORKAROUND, false)) {
++        purple_debug_info("cdsa", "Explicitly disabling SSL BEAST mitigation for broken server implementations\n");
++        
++        OSStatus protoErr;
 +        protoErr = SSLSetSessionOption(cdsa_data->ssl_ctx, kSSLSessionOptionSendOneByteRecord, false);
 +        if (protoErr != noErr) {
 +            purple_debug_info("cdsa", "SSLSetSessionOption failed to disable SSL BEAST mitigation\n");
 +        }
 +    }
-+
++    
++    
      if(gsc->host) {
          /*
           * Set the peer's domain name so CDSA can check the certificate's CN
+
diff --git a/src/adium/ESPurpleSIPEAccount.h b/src/adium/ESPurpleSIPEAccount.h
index 6c9c2700..a890989d 100644
--- a/src/adium/ESPurpleSIPEAccount.h
+++ b/src/adium/ESPurpleSIPEAccount.h
@@ -23,7 +23,9 @@
 #define KEY_SIPE_DONT_PUBLISH           @"SIPE:Dont Publish"
 #define KEY_SIPE_AUTH_SCHEME            @"SIPE:Authentication Scheme"
 #define KEY_SIPE_AUTODISCOVER           @"SIPE:Autodiscover"
+#define KEY_SIPE_BEAST_DISABLE          @"SIPE:BEAST Disable"
 
+#define PURPLE_SSL_CDSA_BEAST_TLS_WORKAROUND "ssl_cdsa_beast_tls_workaround"
 
 // TODO: Remove when sipe_status_activity_to_token calls work
 #define SIPE_ACTIVITY_NUM_TYPES 17
diff --git a/src/adium/ESPurpleSIPEAccount.m b/src/adium/ESPurpleSIPEAccount.m
index a2b9f01f..a5bdd843 100644
--- a/src/adium/ESPurpleSIPEAccount.m
+++ b/src/adium/ESPurpleSIPEAccount.m
@@ -133,6 +133,11 @@ extern void AILog(NSString *fmt, ...);
 	BOOL dontPublish = [[self preferenceForKey:KEY_SIPE_DONT_PUBLISH group:GROUP_ACCOUNT_STATUS] boolValue];
 	purple_account_set_bool(account, "dont-publish", dontPublish);
 
+    // Disable BEAST mitigations that apple added
+    BOOL beastDisable = [[self preferenceForKey:KEY_SIPE_BEAST_DISABLE group:GROUP_ACCOUNT_STATUS] boolValue];
+    purple_account_set_bool(account, PURPLE_SSL_CDSA_BEAST_TLS_WORKAROUND, beastDisable);
+
+    
     // Connection preferences
     id connType = [self preferenceForKey:KEY_SIPE_CONNECTION_TYPE group:GROUP_ACCOUNT_STATUS];
     if([connType isKindOfClass:[NSNumber class]])
diff --git a/src/adium/ESSIPEAccountViewController.h b/src/adium/ESSIPEAccountViewController.h
index 750fd215..e2a450e0 100644
--- a/src/adium/ESSIPEAccountViewController.h
+++ b/src/adium/ESSIPEAccountViewController.h
@@ -25,6 +25,7 @@
     IBOutlet	NSButton		*checkBox_autoDiscover;
     IBOutlet	NSButton		*checkBox_singleSignOn;
     IBOutlet	NSButton		*checkbox_dontPublish;
+    IBOutlet	NSButton		*checkbox_beastDisable;
     
 	IBOutlet	NSPopUpButton	*popup_connectionType;
    	IBOutlet	NSPopUpButton	*popup_authenticationScheme;
diff --git a/src/adium/ESSIPEAccountViewController.m b/src/adium/ESSIPEAccountViewController.m
index 3d5cf0f2..c5c5bc37 100644
--- a/src/adium/ESSIPEAccountViewController.m
+++ b/src/adium/ESSIPEAccountViewController.m
@@ -62,6 +62,19 @@
                                   nil];
     [popup_connectionType selectItemWithTitle:[connTypeDict objectForKey:(connType ? connType : @"auto")]];
     
+    // Gotta define these here, because they're not yet in the 10.9 SDK.  :(
+#define NSAppKitVersionNumber10_8 1187
+#define NSAppKitVersionNumber10_8_5 1187.4
+#define NSAppKitVersionNumber10_9 1265
+    
+    // BEAST mitigation for Mavericks users
+    if (floor(NSAppKitVersionNumber) <= NSAppKitVersionNumber10_8) {
+        // We are not running on Mavericks - Don't display BEAST mitigation configuration option
+        [checkbox_beastDisable setHidden:YES];
+    } else {
+        [checkbox_beastDisable setState:[[account preferenceForKey:KEY_SIPE_BEAST_DISABLE group:GROUP_ACCOUNT_STATUS] boolValue]];
+    }
+    
     NSString *authType = [account preferenceForKey:KEY_SIPE_AUTH_SCHEME group:GROUP_ACCOUNT_STATUS];
     NSDictionary *authTypeDict = [NSDictionary dictionaryWithObjectsAndKeys:
                                   @"NTLM",@"ntlm",
@@ -90,6 +103,9 @@
     
 	[account setPreference:[NSNumber numberWithBool:[checkbox_dontPublish state]]
                     forKey:KEY_SIPE_DONT_PUBLISH group:GROUP_ACCOUNT_STATUS];
+    
+    [account setPreference:[NSNumber numberWithBool:[checkbox_beastDisable state]]
+                    forKey:KEY_SIPE_BEAST_DISABLE group:GROUP_ACCOUNT_STATUS];
 
 	[account setPreference:
      ([[textField_userAgent stringValue] length] ? [textField_userAgent stringValue] : nil)
diff --git a/src/adium/English.lproj/ESSIPEAccountView.xib b/src/adium/English.lproj/ESSIPEAccountView.xib
index 150ba91a..58e1f4a2 100644
--- a/src/adium/English.lproj/ESSIPEAccountView.xib
+++ b/src/adium/English.lproj/ESSIPEAccountView.xib
@@ -1,12 +1,14 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="4514" systemVersion="13A603" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none">
     <dependencies>
+        <deployment defaultVersion="1080" identifier="macosx"/>
         <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="4514"/>
     </dependencies>
     <objects>
         <customObject id="-2" userLabel="File's Owner" customClass="ESSIPEAccountViewController">
             <connections>
                 <outlet property="checkBox_singleSignOn" destination="225" id="235"/>
+                <outlet property="checkbox_beastDisable" destination="6zD-H5-Yzr" id="7Pa-Pq-39O"/>
                 <outlet property="checkbox_dontPublish" destination="E1F-yb-IqN" id="4vR-SP-5ac"/>
                 <outlet property="popup_authenticationScheme" destination="65" id="234"/>
                 <outlet property="popup_connectionType" destination="39" id="233"/>
@@ -27,14 +29,14 @@
         <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
         <customObject id="-3" userLabel="Application"/>
         <customView id="1" userLabel="Options">
-            <rect key="frame" x="0.0" y="0.0" width="360" height="468"/>
+            <rect key="frame" x="0.0" y="0.0" width="398" height="468"/>
             <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
             <subviews>
                 <box autoresizesSubviews="NO" title="Connection Settings" borderType="line" id="272">
-                    <rect key="frame" x="5" y="276" width="351" height="172"/>
+                    <rect key="frame" x="5" y="276" width="376" height="172"/>
                     <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
                     <view key="contentView">
-                        <rect key="frame" x="1" y="1" width="349" height="156"/>
+                        <rect key="frame" x="1" y="1" width="374" height="156"/>
                         <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
                         <subviews>
                             <textField autoresizesSubviews="NO" verticalHuggingPriority="750" id="4">
@@ -122,23 +124,31 @@
                                 </popUpButtonCell>
                             </popUpButton>
                             <button id="225">
-                                <rect key="frame" x="8" y="12" width="144" height="18"/>
+                                <rect key="frame" x="8" y="9" width="144" height="18"/>
                                 <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
                                 <buttonCell key="cell" type="check" title="Use Single Sign-On" bezelStyle="regularSquare" imagePosition="left" state="on" inset="2" id="226">
                                     <behavior key="behavior" changeContents="YES" doesNotDimImage="YES" lightByContents="YES"/>
                                     <font key="font" metaFont="system"/>
                                 </buttonCell>
                             </button>
+                            <button id="6zD-H5-Yzr">
+                                <rect key="frame" x="173" y="9" width="185" height="18"/>
+                                <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                <buttonCell key="cell" type="check" title="Disable BEAST mitigations" bezelStyle="regularSquare" imagePosition="left" state="on" inset="2" id="jdN-I6-JKU">
+                                    <behavior key="behavior" changeContents="YES" doesNotDimImage="YES" lightByContents="YES"/>
+                                    <font key="font" metaFont="system"/>
+                                </buttonCell>
+                            </button>
                         </subviews>
                     </view>
                     <color key="borderColor" white="0.0" alpha="0.41999999999999998" colorSpace="calibratedWhite"/>
                     <color key="fillColor" white="0.0" alpha="0.0" colorSpace="calibratedWhite"/>
                 </box>
                 <box autoresizesSubviews="NO" title="Email Settings" borderType="line" id="273">
-                    <rect key="frame" x="6" y="77" width="349" height="158"/>
+                    <rect key="frame" x="6" y="77" width="375" height="158"/>
                     <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
                     <view key="contentView">
-                        <rect key="frame" x="1" y="1" width="347" height="142"/>
+                        <rect key="frame" x="1" y="1" width="373" height="142"/>
                         <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
                         <subviews>
                             <textField verticalHuggingPriority="750" id="76">
@@ -237,10 +247,10 @@
                     </textFieldCell>
                 </textField>
                 <box autoresizesSubviews="NO" title="Calendar Options" borderType="line" id="2gf-zd-3kf">
-                    <rect key="frame" x="6" y="16" width="349" height="57"/>
+                    <rect key="frame" x="6" y="16" width="375" height="57"/>
                     <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
                     <view key="contentView">
-                        <rect key="frame" x="1" y="1" width="347" height="41"/>
+                        <rect key="frame" x="1" y="1" width="373" height="41"/>
                         <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
                         <subviews>
                             <button id="E1F-yb-IqN">
diff --git a/src/adium/PurpleDefaultsSIPE.plist b/src/adium/PurpleDefaultsSIPE.plist
index bd47dc41..f88fe173 100644
--- a/src/adium/PurpleDefaultsSIPE.plist
+++ b/src/adium/PurpleDefaultsSIPE.plist
@@ -6,6 +6,8 @@
 	<false/>
 	<key>SIPE:Dont Publish</key>
 	<false/>
+	<key>SIPE:BEAST Disable</key>
+	<false/>
 	<key>SIPE:Connection Type</key>
 	<string>auto</string>
 	<key>Connect Host</key>
-- 
2.11.4.GIT