-- -*- coding: utf-8 -*- -- -- Copyright 2014-2016 Jeffrey Friedl -- http://regex.info/ -- -- On Windows boxes, checks for the "POODLE" SSL 3 bug, and offers to fix it. -- (Does nothing on OSX; users should just install the latest security patches and be done.) -- -- To use, just add this file to your source and call -- -- Alert_on_POODLE_Vulnerability() -- -- when the plugin is loaded (or whenever you want the alert to come up). -- -- The alert is given at most one time no matter how many different plugins -- might use this same check. Then, a flag is saved in preferences to -- note never to do the check again. -- -- Users can be directed to -- http://regex.info/blog/lightroom-goodies/sysinfo -- if they want to manually check for the vulnerability any time. -- -- See -- http://regex.info/blog/2014-10-20/2473 -- for more info. -- -- There are no outside dependencies... should just work. -- -- -- -- This works only on Lr3 and later. Can't work as is on Lr2 because I use -- LrMath.bitAnd(). It's easy enough to work around by looking at the 2nd-rightmost-byte, -- but folks still on Lr2 have deeper problems than POODLE. -- local LrView = import 'LrView' local LrTasks = import 'LrTasks' local LrDialogs = import 'LrDialogs' -- Run a command and return a string showing the command's output. local function run_command(cmd) local resultfile = os.tmpname() local CMD = string.format([=["%s > "%s""]=], cmd, resultfile) LrTasks.execute(CMD) local fd, error = io.open(resultfile, "r") if not fd then -- Couldn't even run the command. Oh well. return nil end -- -- Grab the results from the resultfile -- local result = fd:read("*a") fd:close() import 'LrFileUtils'.delete(resultfile) return result end -- -- Check whether SSL3 is enabled. Returns a boolean. -- function SSL3_is_Enabled() local result = run_command([=[reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v SecureProtocols]=]) if not result then -- oh well return nil end -- -- Look for something like this in the result: -- SecureProtocols REG_DWORD 0xa0 -- If the value AND'd with 0x20 is not zero, SSL3 is enabled. -- local text_val = result:match("SecureProtocols%s+REG_DWORD%s+0x(%x+)") if not text_val then -- Hmmm, not what we expected. Oh well. return nil end if import 'LrMath'.bitAnd(tonumber(text_val, 16), 0x20) > 0 then -- SSL 3 is enabled return true else -- SSL 3 not enabled. return false end end -- -- Try to update the user's registry to disable SSL3 and enable TLS. -- The magic value 0xa80 represents those settings. -- local function Disable_SSL3() local result = run_command([=[reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v SecureProtocols /t REG_DWORD /d 0xa80 /f]=]) end -- Try to fix the user's system, letting the user know how it went. local function do_fix() Disable_SSL3() if SSL3_is_Enabled() then LrDialogs.message("Drat, Jeffrey's Lightroom plugin was unable to secure your system; please try the manual method.") else LrDialogs.message("Success!", "Your Lightroom install is ready for the Internet again.") end end -- pop up a dialog letting the user know they're vulnerable, and offer to fix it function OfferToFix_SSL3(on_completion, no_showonce_warning) local v = LrView.osFactory() local BULLET = import 'LrLocalization'.encodeUtf8Character(8226) -- 8226 is LOC's ^B local FIX_NOW_BUTTON FIX_NOW_BUTTON = v:push_button { title = "fix now", action = function() LrTasks.startAsyncTask(function() do_fix() if not SSL3_is_Enabled() then LrDialogs.stopModalWithResult(FIX_NOW_BUTTON, "ok") end if on_completion then on_completion() end end, "fix POODLE vulnerability") end } LrDialogs.presentModalDialog { title = LOC("$$$/xxx=Fix the ^[POODLE^] Internet Vulnerability for Lightroom"), cancelVerb = "< exclude >", actionVerb = "Dismiss", contents = v:view { place = 'vertical', v:view { place = 'horizontal', v:static_text { title = "Warning", font = "", }, v:spacer { width = 5}, v:static_text { title = LOC("$$$/xxx=Jeffrey's Lightroom Plugins has detected that your Lightroom install\nis vulnerable to the ^[POODLE^] Internet security vulnerability."), font = "", }, }, v:spacer { height = 30 }, v:static_text { title = "Until fixed, Lightroom interaction with the Internet (image uploads, plugin updates, etc.) will likely fail.", text_color = LrColor(1,0,0), }, v:spacer { height = 30 }, v:static_text { title = "General Info:" }, v:spacer { height = 5 }, v:view { margin_left = 30, place = 'vertical', v:view { place = 'horizontal', v:static_text { title = BULLET }, v:static_text { title = "Description of the issue on Jeffrey's blog, including why a Lightroom plugin cares about this.", text_color = LrColor(0,0,1), mouse_down = function() LrHttp.openUrlInBrowser('http://regex.info/blog/2014-10-20/2473') end } }, v:view { place = 'horizontal', v:static_text { title = BULLET, visible = false, }, v:static_text { title = "( or manually to go http://regex.info/blog/2014-10-20/2473 )", selectable = true, } }, v:view { margin_top = 5, place = 'horizontal', v:static_text { title = BULLET }, v:static_text { title = "Official alert from the US Government", text_color = LrColor(0,0,1), mouse_down = function() LrHttp.openUrlInBrowser('https://www.us-cert.gov/ncas/alerts/TA14-290A') end } }, v:view { place = 'horizontal', v:static_text { title = BULLET }, v:static_text { title = "Layman's discussion", text_color = LrColor(0,0,1), mouse_down = function() LrHttp.openUrlInBrowser('http://www.howtogeek.com/199035/what-is-the-poodle-vulnerability-and-how-can-you-protect-yourself/') end } } }, v:spacer { height = 20 }, v:static_text { title = "How To Fix:", font = "", }, v:spacer { height = 5 }, v:static_text { title = LOC("$$$/xxx=This is easily fixed for Lightroom by disabling ^[SSL 3^] in your Internet Options.") }, v:view { margin_left = 30, place = 'vertical', v:view { place = 'horizontal', v:static_text { title = BULLET }, v:static_text { title = "Have Jeffrey's Lightroom plugin fix this for you now:" }, FIX_NOW_BUTTON, }, v:view { place = 'horizontal', v:static_text { title = BULLET }, v:static_text { title = "How to fix manually:" }, v:static_text { title = "see instructions", text_color = LrColor(0,0,1), mouse_down = function() LrHttp.openUrlInBrowser('http://photos.smugmug.com/photos/i-JshSsXB/0/X3/i-JshSsXB-X3.png') end } } }, LrView.conditionalItem(not no_showonce_warning, v:view { place = 'vertical', margin_top = 30, v:static_text { font = "", title = "Note: this dialog will not be shown again.", text_color = LrColor(1,0,1), } }) } } if on_completion then on_completion() end end -- if SSL3 is enabled, offer to fix it local function do_check() if SSL3_is_Enabled() then OfferToFix_SSL3() end end if MAC_ENV or import 'LrApplication'.versionTable().major < 3 then function Alert_on_POODLE_Vulnerability() -- nothing to do end else -- if the check has never been done, mark that we've done it and then actually do it function Alert_on_POODLE_Vulnerability() local P = import 'LrPrefs'.prefsForPlugin("info.poodle") if not P.checked then P.checked = true LrTasks.startAsyncTask(do_check, "check for POODLE vulnerability") end end end local debug_test = false--PRIVATE(true) -- if this is turned on, must also visit BASE.lua to load this file on OSX if that's where you're testing. if debug_test then import 'LrPrefs'.prefsForPlugin("info.poodle").checked = false trap { onTask = true, --KEY(onTask) OfferToFix_SSL3 } end