blackbeard420/weechat
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

relay: accept hash of password in init command with option "password_hash"

Browse Source 
Allowed algorithms are:

* PBKDF2 (SHA256 or SHA512, salt, iterations)
* SHA256
* SHA512
This commit is contained in:
Sébastien Helleu 2020-03-02 00:46:10 +01:00
parent 1882686f8a
commit 2d2b49bfaa
11 changed files with 633 additions and 139 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog.adoc
View File

@ -25,6 +25,7 @@ New features::
* api: add functions crypto_hash and crypto_hash_pbkdf2
* api: add info "weechat_headless" (issue #1433)
* buflist: add pointer "window" in bar item evaluation
* relay: accept hash of password in init command with option "password_hash" (PBKDF2, SHA256, SHA512)
* relay: reject client with weechat protocol if password or totp is received in init command but not set in WeeChat (issue #1435)
Bug fixes::

95
doc/en/weechat_dev.en.adoc
View File

@ -58,7 +58,7 @@ This manual documents only _weechat_ repository.
The main WeeChat directories are:
[width="100%",cols="1m,3",options="header"]
[width="100%",cols="1m,2",options="header"]
|===
| Directory | Description
| src/ | Root of sources.
@ -114,7 +114,7 @@ WeeChat "core" is located in following directories:
* _src/core/_: core functions (for data manipulation)
* _src/gui/_: functions about interface (buffers, windows, ...)
[width="100%",cols="1m,3",options="header"]
[width="100%",cols="1m,2",options="header"]
|===
| Path/file | Description
| core/ | Core functions: entry point, internal structures.
@ -207,7 +207,7 @@ WeeChat "core" is located in following directories:
[[sources_plugins]]
==== Plugins
[width="100%",cols="1m,3",options="header"]
[width="100%",cols="1m,2",options="header"]
|===
| Path/file | Description
| plugins/ | Root of plugins.
@ -376,47 +376,50 @@ WeeChat "core" is located in following directories:
[[sources_tests]]
==== Tests
[width="100%",cols="1m,3",options="header"]
[width="100%",cols="1m,2",options="header"]
|===
| Path/file | Description
| tests/ | Root of tests.
|    tests.cpp | Program used to run all tests.
|    scripts/ | Root of scripting API tests.
|       test-scripts.cpp | Program used to run the scripting API tests.
|       python/ | Python scripts to generate and run the scripting API tests.
|          testapigen.py | Python script generating scripts in all languages to test the scripting API.
|          testapi.py | Python script with scripting API tests, used by script testapigen.py.
|          unparse.py | Convert Python code to other languages, used by script testapigen.py.
|    unit/ | Root of unit tests.
|       test-plugins.cpp | Tests: plugins.
|       core/ | Root of unit tests for core.
|          test-core-arraylist.cpp | Tests: arraylists.
|          test-core-calc.cpp | Tests: calculation of expressions.
|          test-core-crypto.cpp | Tests: cryptographic functions.
|          test-core-eval.cpp | Tests: evaluation of expressions.
|          test-core-hashtble.cpp | Tests: hashtables.
|          test-core-hdata.cpp | Tests: hdata.
|          test-core-hook.cpp | Tests: hooks.
|          test-core-infolist.cpp | Tests: infolists.
|          test-core-list.cpp | Tests: lists.
|          test-core-secure.cpp | Tests: secured data.
|          test-core-string.cpp | Tests: strings.
|          test-core-url.cpp | Tests: URLs.
|          test-core-utf8.cpp | Tests: UTF-8.
|          test-core-util.cpp | Tests: utility functions.
|       gui/ | Root of unit tests for interfaces.
|          test-gui-color.cpp | Tests: colors.
|          test-gui-line.cpp | Tests: lines.
|          test-gui-nick.cpp | Tests: nicks.
|       plugins/ | Root of unit tests for plugins.
|          irc/ | Root of unit tests for IRC plugin.
|             test-irc-color.cpp | Tests: IRC colors.
|             test-irc-config.cpp | Tests: IRC configuration.
|             test-irc-ignore.cpp | Tests: IRC ignores.
|             test-irc-message.cpp | Tests: IRC messages.
|             test-irc-mode.cpp | Tests: IRC modes.
|             test-irc-nick.cpp | Tests: IRC nicks.
|             test-irc-protocol.cpp | Tests: IRC protocol.
| Path/file | Description
| tests/ | Root of tests.
|    tests.cpp | Program used to run all tests.
|    scripts/ | Root of scripting API tests.
|       test-scripts.cpp | Program used to run the scripting API tests.
|       python/ | Python scripts to generate and run the scripting API tests.
|          testapigen.py | Python script generating scripts in all languages to test the scripting API.
|          testapi.py | Python script with scripting API tests, used by script testapigen.py.
|          unparse.py | Convert Python code to other languages, used by script testapigen.py.
|    unit/ | Root of unit tests.
|       test-plugins.cpp | Tests: plugins.
|       core/ | Root of unit tests for core.
|          test-core-arraylist.cpp | Tests: arraylists.
|          test-core-calc.cpp | Tests: calculation of expressions.
|          test-core-crypto.cpp | Tests: cryptographic functions.
|          test-core-eval.cpp | Tests: evaluation of expressions.
|          test-core-hashtble.cpp | Tests: hashtables.
|          test-core-hdata.cpp | Tests: hdata.
|          test-core-hook.cpp | Tests: hooks.
|          test-core-infolist.cpp | Tests: infolists.
|          test-core-list.cpp | Tests: lists.
|          test-core-secure.cpp | Tests: secured data.
|          test-core-string.cpp | Tests: strings.
|          test-core-url.cpp | Tests: URLs.
|          test-core-utf8.cpp | Tests: UTF-8.
|          test-core-util.cpp | Tests: utility functions.
|       gui/ | Root of unit tests for interfaces.
|          test-gui-color.cpp | Tests: colors.
|          test-gui-line.cpp | Tests: lines.
|          test-gui-nick.cpp | Tests: nicks.
|       plugins/ | Root of unit tests for plugins.
|          irc/ | Root of unit tests for IRC plugin.
|             test-irc-color.cpp | Tests: IRC colors.
|             test-irc-config.cpp | Tests: IRC configuration.
|             test-irc-ignore.cpp | Tests: IRC ignores.
|             test-irc-message.cpp | Tests: IRC messages.
|             test-irc-mode.cpp | Tests: IRC modes.
|             test-irc-nick.cpp | Tests: IRC nicks.
|             test-irc-protocol.cpp | Tests: IRC protocol.
|          relay/ | Root of unit tests for Relay plugin.
|             weechat/ | Root of unit tests for weechat protocol.
|                test-relay-weechat-protocol.cpp | Tests: weechat protocol.
|===
@ -425,7 +428,7 @@ WeeChat "core" is located in following directories:
Documentation files:
[width="100%",cols="1m,3",options="header"]
[width="100%",cols="1m,2",options="header"]
|===
| Path/file | Description
| doc/ | Documentation.
@ -451,7 +454,7 @@ Documentation files:
Translations for WeeChat and plugins are done with gettext, files are in _po/_
directory:
[width="100%",cols="1m,3",options="header"]
[width="100%",cols="1m,2",options="header"]
|===
| Path/file | Description
| po/ | Translation files (gettext).
@ -716,7 +719,7 @@ _irc.c_ in irc plugin.
Examples:
[width="100%",cols="1m,3",options="header"]
[width="100%",cols="1m,2",options="header"]
|===
| Directory | Files
| src/core/ | weechat.c, wee-backtrace.c, wee-command.c, ...

23
doc/en/weechat_relay_protocol.en.adoc
View File

@ -116,6 +116,9 @@ Arguments:
* _option_: one of following options:
** _password_: password used to authenticate on _relay_
(option _relay.network.password_ in WeeChat)
** _password_hash_: hash of password used to authenticate on _relay_
(option _relay.network.password_ in WeeChat), see below for the format
_(WeeChat ≥ 2.8)_
** _totp_: Time-based One-Time Password (TOTP) used as secondary authentication
factor, in addition to the password
(option _relay.network.totp_secret_ in WeeChat)
@ -129,6 +132,17 @@ Arguments:
With WeeChat ≥ 1.6, commas can be escaped in the value, for example
`init password=foo\,bar` to send the password "foo,bar".
Format of hashed password is one of the following, where _hash_ is the hashed
password as hexadecimal:
* `+sha256:hash+`
* `+sha512:hash+`
* `+pbkdf2:algorithm:salt:iterations:hash+` with:
** _algorithm_: _sha256_ or _sha512_
** _salt_: salt (hexadecimal)
** _iterations_: number of iterations
** _hash_: the hashed password (hexadecimal)
Examples:
----
@ -143,6 +157,15 @@ init password=mypass,totp=123456
# initialize and disable compression
init password=mypass,compression=off
# initialize with hashed password (SHA256) (WeeChat ≥ 2.8)
init password_hash=sha256:b9a4c3393dfac4330736684510378851e581c68add8eca84110c31a33e694676
# initialize with hashed password (SHA512) (WeeChat ≥ 2.8)
init password_hash=sha512:4469190d4e0d1fdc0afb6f408d9873c89b8ce89cc4db79fe058255c55ad6821fa5e9bb068f9e578c8ae7cc825d85ff99c439d59e439bc589d95620a1e6b8ae6e
# initialize with hashed password (PBKDF2: SHA256, salt="ABCDEFGHIJKLMNOP", 100000 iterations) (WeeChat ≥ 2.8)
init password_hash=pbkdf2:sha256:4142434445464748494a4b4c4d4e4f50:100000:01757d53157ca14a1419e3a8cc1563536520a60b76d2d48e7f9ac09afc945a1c
----
[[command_hdata]]

95
doc/fr/weechat_dev.fr.adoc
View File

@ -60,7 +60,7 @@ Ce manuel documente seulement le dépôt _weechat_.
Les répertoires principaux de WeeChat sont :
[width="100%",cols="1m,3",options="header"]
[width="100%",cols="1m,2",options="header"]
|===
| Répertoire | Description
| src/ | Racine des sources.
@ -116,7 +116,7 @@ Le cœur de WeeChat est situé dans les répertoires suivants :
* _src/core/_ : fonctions du cœur (pour manipuler des données)
* _src/gui/_ : fonctions pour l'interface (tampons, fenêtres, ...)
[width="100%",cols="1m,3",options="header"]
[width="100%",cols="1m,2",options="header"]
|===
| Chemin/fichier | Description
| core/ | Fonctions du cœur : point d'entrée, structures internes.
@ -209,7 +209,7 @@ Le cœur de WeeChat est situé dans les répertoires suivants :
[[sources_plugins]]
==== Extensions
[width="100%",cols="1m,3",options="header"]
[width="100%",cols="1m,2",options="header"]
|===
| Chemin/fichier | Description
| plugins/ | Racine des extensions.
@ -378,47 +378,50 @@ Le cœur de WeeChat est situé dans les répertoires suivants :
[[sources_tests]]
==== Tests
[width="100%",cols="1m,3",options="header"]
[width="100%",cols="1m,2",options="header"]
|===
| Chemin/fichier | Description
| tests/ | Racine des tests.
|    tests.cpp | Programme utilisé pour lancer tous les tests.
|    scripts/ | Racine des tests de l'API script.
|       test-scripts.cpp | Programme utilisé pour lancer les tests de l'API script.
|       python/ | Scripts Python pour générer et lancer les tests de l'API script.
|          testapigen.py | Script Python générant des scripts dans tous les languages pour tester l'API script.
|          testapi.py | Script Python avec les tests API, utilisé par le script testapigen.py.
|          unparse.py | Conversion de code Python vers d'autres langages, utilisé par le script testapigen.py.
|    unit/ | Racine des tests unitaires.
|       test-plugins.cpp | Tests : extensions.
|       core/ | Racine des tests unitaires pour le cœur.
|          test-core-arraylist.cpp | Tests : listes avec tableau (« arraylists »).
|          test-core-calc.cpp | Tests : calcul d'expressions.
|          test-core-crypto.cpp | Tests : fonctions cryptographiques.
|          test-core-eval.cpp | Tests : évaluation d'expressions.
|          test-core-hashtble.cpp | Tests : tables de hachage.
|          test-core-hdata.cpp | Tests : hdata.
|          test-core-hook.cpp | Tests : hooks.
|          test-core-infolist.cpp | Tests : infolists.
|          test-core-list.cpp | Tests : listes.
|          test-core-secure.cpp | Tests : données sécurisées.
|          test-core-string.cpp | Tests : chaînes.
|          test-core-url.cpp | Tests : URLs.
|          test-core-utf8.cpp | Tests : UTF-8.
|          test-core-util.cpp | Tests : fonctions utiles.
|       gui/ | Racine des tests unitaires pour les interfaces.
|          test-gui-color.cpp | Tests : couleurs.
|          test-gui-line.cpp | Tests : lignes.
|          test-gui-nick.cpp | Tests : pseudos.
|       plugins/ | Racine des tests unitaires pour les extensions.
|          irc/ | Racine des tests unitaires pour l'extension IRC.
|             test-irc-color.cpp | Tests : couleurs IRC.
|             test-irc-config.cpp | Tests : configuration IRC.
|             test-irc-ignore.cpp | Tests : ignores IRC.
|             test-irc-message.cpp | Tests : messages IRC.
|             test-irc-mode.cpp | Tests : modes IRC.
|             test-irc-nick.cpp | Tests : pseudos IRC.
|             test-irc-protocol.cpp | Tests : protocole IRC.
| Chemin/fichier | Description
| tests/ | Racine des tests.
|    tests.cpp | Programme utilisé pour lancer tous les tests.
|    scripts/ | Racine des tests de l'API script.
|       test-scripts.cpp | Programme utilisé pour lancer les tests de l'API script.
|       python/ | Scripts Python pour générer et lancer les tests de l'API script.
|          testapigen.py | Script Python générant des scripts dans tous les languages pour tester l'API script.
|          testapi.py | Script Python avec les tests API, utilisé par le script testapigen.py.
|          unparse.py | Conversion de code Python vers d'autres langages, utilisé par le script testapigen.py.
|    unit/ | Racine des tests unitaires.
|       test-plugins.cpp | Tests : extensions.
|       core/ | Racine des tests unitaires pour le cœur.
|          test-core-arraylist.cpp | Tests : listes avec tableau (« arraylists »).
|          test-core-calc.cpp | Tests : calcul d'expressions.
|          test-core-crypto.cpp | Tests : fonctions cryptographiques.
|          test-core-eval.cpp | Tests : évaluation d'expressions.
|          test-core-hashtble.cpp | Tests : tables de hachage.
|          test-core-hdata.cpp | Tests : hdata.
|          test-core-hook.cpp | Tests : hooks.
|          test-core-infolist.cpp | Tests : infolists.
|          test-core-list.cpp | Tests : listes.
|          test-core-secure.cpp | Tests : données sécurisées.
|          test-core-string.cpp | Tests : chaînes.
|          test-core-url.cpp | Tests : URLs.
|          test-core-utf8.cpp | Tests : UTF-8.
|          test-core-util.cpp | Tests : fonctions utiles.
|       gui/ | Racine des tests unitaires pour les interfaces.
|          test-gui-color.cpp | Tests : couleurs.
|          test-gui-line.cpp | Tests : lignes.
|          test-gui-nick.cpp | Tests : pseudos.
|       plugins/ | Racine des tests unitaires pour les extensions.
|          irc/ | Racine des tests unitaires pour l'extension IRC.
|             test-irc-color.cpp | Tests : couleurs IRC.
|             test-irc-config.cpp | Tests : configuration IRC.
|             test-irc-ignore.cpp | Tests : ignores IRC.
|             test-irc-message.cpp | Tests : messages IRC.
|             test-irc-mode.cpp | Tests : modes IRC.
|             test-irc-nick.cpp | Tests : pseudos IRC.
|             test-irc-protocol.cpp | Tests : protocole IRC.
|          relay/ | Racine des tests unitaires pour l'extension Relay.
|             weechat/ | Racine des tests unitaires pour le protocole weechat.
|                test-relay-weechat-protocol.cpp | Tests : protocole weechat.
|===
[[documentation_translations]]
@ -426,7 +429,7 @@ Le cœur de WeeChat est situé dans les répertoires suivants :
Fichiers de documentation :
[width="100%",cols="1m,3",options="header"]
[width="100%",cols="1m,2",options="header"]
|===
| Chemin/fichier | Description
| doc/ | Documentation.
@ -452,7 +455,7 @@ Fichiers de documentation :
Les traductions pour WeeChat et les extensions sont effectuées avec gettext, les
fichiers sont dans le répertoire _po/_ :
[width="100%",cols="1m,3",options="header"]
[width="100%",cols="1m,2",options="header"]
|===
| Chemin/fichier | Description
| po/ | Fichiers de traduction (gettext).
@ -726,7 +729,7 @@ par exemple _irc.c_ pour l'extension irc.
Exemples :
[width="100%",cols="1m,3",options="header"]
[width="100%",cols="1m,2",options="header"]
|===
| Répertoire | Fichiers
| src/core/ | weechat.c, wee-backtrace.c, wee-command.c, ...

23
doc/fr/weechat_relay_protocol.fr.adoc
View File

@ -121,6 +121,9 @@ Paramètres :
* _option_ : une des options suivantes :
** _password_ : mot de passe utilisé pour s'authentifier avec _relay_
(option _relay.network.password_ dans WeeChat)
** _password_hash_ : mot de passe haché utilisé pour s'authentifier avec _relay_
(option _relay.network.password_ dans WeeChat), voir ci-dessous pour le format
_(WeeChat ≥ 2.8)_
** _totp_ : mot de passe à usage unique basé sur le temps (TOTP : Time-based
One-Time Password) utilisé comme second facteur d'authentification, en plus
du mot de passe (option _relay.network.totp_secret_ dans WeeChat)
@ -134,6 +137,17 @@ Paramètres :
Avec WeeChat ≥ 1.6, les virgules peuvent être échappées dans la valeur,
par exemple `init password=foo\,bar` pour envoyer le mot de passe "foo,bar".
Le format du mot de passe haché est l'un des suivants, où _hash_ est le mot
de passe haché en hexadécimal :
* `+sha256:hash+`
* `+sha512:hash+`
* `+pbkdf2:algorithme:sel:itérations:hash+` avec :
** _algorithme_ : _sha256_ ou _sha512_
** _sel_ : sel (hexadécimal)
** _iterations_ : nombre d'itérations
** _hash_ : le mot de passe haché (hexadécimal)
Exemples :
----
@ -148,6 +162,15 @@ init password=mypass,totp=123456
# initialiser et désactiver la compression
init password=mypass,compression=off
# initialiser avec un mot de passe haché (SHA256) (WeeChat ≥ 2.8)
init password_hash=sha256:b9a4c3393dfac4330736684510378851e581c68add8eca84110c31a33e694676
# initialiser avec un mot de passe haché (SHA512) (WeeChat ≥ 2.8)
init password_hash=sha512:4469190d4e0d1fdc0afb6f408d9873c89b8ce89cc4db79fe058255c55ad6821fa5e9bb068f9e578c8ae7cc825d85ff99c439d59e439bc589d95620a1e6b8ae6e
# initialiser avec un mot de passe haché (PBKDF2: SHA256, sel="ABCDEFGHIJKLMNOP", 100000 itérations) (WeeChat ≥ 2.8)
init password_hash=pbkdf2:sha256:4142434445464748494a4b4c4d4e4f50:100000:01757d53157ca14a1419e3a8cc1563536520a60b76d2d48e7f9ac09afc945a1c
----
[[command_hdata]]

98
doc/ja/weechat_dev.ja.adoc
View File

@ -64,7 +64,7 @@ qweechat::
主な WeeChat ディレクトリは:
[width="100%",cols="1m,3",options="header"]
[width="100%",cols="1m,2",options="header"]
|===
| ディレクトリ | 説明
| src/ | ソースコードのルートディレクトリ
@ -120,7 +120,7 @@ WeeChat "core" は以下のディレクトリに配置されています:
* _src/core/_: コア関数 (データ操作用)
* _src/gui/_: インターフェースの関数 (バッファ、ウィンドウ、...)
[width="100%",cols="1m,3",options="header"]
[width="100%",cols="1m,2",options="header"]
|===
| パス/ファイル名 | 説明
| core/ | コア関数: エントリポイント、内部構造体
@ -215,7 +215,7 @@ WeeChat "core" は以下のディレクトリに配置されています:
[[sources_plugins]]
==== プラグイン
[width="100%",cols="1m,3",options="header"]
[width="100%",cols="1m,2",options="header"]
|===
| パス/ファイル名 | 説明
| plugins/ | プラグインのルートディレクトリ
@ -385,56 +385,62 @@ WeeChat "core" は以下のディレクトリに配置されています:
[[sources_tests]]
==== テスト
[width="100%",cols="1m,3",options="header"]
[width="100%",cols="1m,2",options="header"]
|===
| パス/ファイル名 | 説明
| tests/ | テスト用のルートディレクトリ
|    tests.cpp | 全テストの実行時に使われるプログラム
|    scripts/ | スクリプト API テスト用のルートディレクトリ
|       test-scripts.cpp | スクリプト API テストの実行時に使われるプログラム
|       python/ | スクリプト API テストを生成、実行する Python スクリプト
|          testapigen.py | スクリプト API のテスト時にすべての言語に関するスクリプトを生成する Python スクリプト
|          testapi.py | スクリプト API テスト時に使われる Python スクリプト (スクリプト testapigen.py から使われます)
|          unparse.py | Python コードを別の言語に変換 (スクリプト testapigen.py から使われます)
|    unit/ | 単体テスト用のルートディレクトリ
|       test-plugins.cpp | テスト: プラグイン
|       core/ | core 向け単体テスト用のルートディレクトリ
|          test-core-arraylist.cpp | テスト: 配列リスト
| パス/ファイル名 | 説明
| tests/ | テスト用のルートディレクトリ
|    tests.cpp | 全テストの実行時に使われるプログラム
|    scripts/ | スクリプト API テスト用のルートディレクトリ
|       test-scripts.cpp | スクリプト API テストの実行時に使われるプログラム
|       python/ | スクリプト API テストを生成、実行する Python スクリプト
|          testapigen.py | スクリプト API のテスト時にすべての言語に関するスクリプトを生成する Python スクリプト
|          testapi.py | スクリプト API テスト時に使われる Python スクリプト (スクリプト testapigen.py から使われます)
|          unparse.py | Python コードを別の言語に変換 (スクリプト testapigen.py から使われます)
|    unit/ | 単体テスト用のルートディレクトリ
|       test-plugins.cpp | テスト: プラグイン
|       core/ | core 向け単体テスト用のルートディレクトリ
|          test-core-arraylist.cpp | テスト: 配列リスト
// TRANSLATION MISSING
|          test-core-calc.cpp | Tests: calculation of expressions.
|          test-core-calc.cpp | Tests: calculation of expressions.
// TRANSLATION MISSING
|          test-core-crypto.cpp | Tests: cryptographic functions.
|          test-core-eval.cpp | テスト: 式の評価
|          test-core-hashtble.cpp | テスト: ハッシュテーブル
|          test-core-hdata.cpp | テスト: hdata
|          test-core-hook.cpp | テスト: フック
|          test-core-infolist.cpp | テスト: インフォリスト
|          test-core-list.cpp | テスト: リスト
|          test-core-secure.cpp | テスト: データ保護
|          test-core-string.cpp | テスト: 文字列
|          test-core-url.cpp | テスト: URL
|          test-core-utf8.cpp | テスト: UTF-8
|          test-core-util.cpp | テスト: ユーティリティ関数
|       gui/ | インターフェースの単体テストを収める最上位ディレクトリ
|          test-core-crypto.cpp | Tests: cryptographic functions.
|          test-core-eval.cpp | テスト: 式の評価
|          test-core-hashtble.cpp | テスト: ハッシュテーブル
|          test-core-hdata.cpp | テスト: hdata
|          test-core-hook.cpp | テスト: フック
|          test-core-infolist.cpp | テスト: インフォリスト
|          test-core-list.cpp | テスト: リスト
|          test-core-secure.cpp | テスト: データ保護
|          test-core-string.cpp | テスト: 文字列
|          test-core-url.cpp | テスト: URL
|          test-core-utf8.cpp | テスト: UTF-8
|          test-core-util.cpp | テスト: ユーティリティ関数
|       gui/ | インターフェースの単体テストを収める最上位ディレクトリ
// TRANSLATION MISSING
|          test-gui-color.cpp | Tests: colors.
|          test-gui-line.cpp | テスト: 行
|          test-gui-color.cpp | Tests: colors.
|          test-gui-line.cpp | テスト: 行
// TRANSLATION MISSING
|          test-gui-nick.cpp | テスト: nicks
|       plugins/ | プラグインの単体テストを収める最上位ディレクトリ
|          irc/ | IRC プラグインの単体テストを収める最上位ディレクトリ
|          test-gui-nick.cpp | テスト: nicks
|       plugins/ | プラグインの単体テストを収める最上位ディレクトリ
|          irc/ | IRC プラグインの単体テストを収める最上位ディレクトリ
// TRANSLATION MISSING
|             test-irc-color.cpp | Tests: IRC colors.
|             test-irc-config.cpp | テスト: IRC 設定
|             test-irc-color.cpp | Tests: IRC colors.
|             test-irc-config.cpp | テスト: IRC 設定
// TRANSLATION MISSING
|             test-irc-ignore.cpp | Tests: IRC ignores.
|             test-irc-ignore.cpp | Tests: IRC ignores.
// TRANSLATION MISSING
|             test-irc-message.cpp | Tests: IRC messages.
|             test-irc-message.cpp | Tests: IRC messages.
// TRANSLATION MISSING
|             test-irc-mode.cpp | Tests: IRC modes.
|             test-irc-mode.cpp | Tests: IRC modes.
// TRANSLATION MISSING
|             test-irc-nick.cpp | Tests: IRC nicks.
|             test-irc-protocol.cpp | テスト: IRC プロトコル
|             test-irc-nick.cpp | Tests: IRC nicks.
|             test-irc-protocol.cpp | テスト: IRC プロトコル
// TRANSLATION MISSING
|          relay/ | Root of unit tests for Relay plugin.
// TRANSLATION MISSING
|             weechat/ | Root of unit tests for weechat protocol.
// TRANSLATION MISSING
|                test-relay-weechat-protocol.cpp | Tests: weechat protocol.
|===
[[documentation_translations]]
@ -442,7 +448,7 @@ WeeChat "core" は以下のディレクトリに配置されています:
文書ファイル:
[width="100%",cols="1m,3",options="header"]
[width="100%",cols="1m,2",options="header"]
|===
| パス/ファイル名 | 説明
| doc/ | 文書
@ -467,7 +473,7 @@ WeeChat "core" は以下のディレクトリに配置されています:
WeeChat とプラグインの翻訳は gettext で行います、ファイルは _po/_ ディレクトリに含まれています:
[width="100%",cols="1m,3",options="header"]
[width="100%",cols="1m,2",options="header"]
|===
| パス/ファイル名 | 説明
| po/ | 翻訳ファイル (gettext)
@ -729,7 +735,7 @@ irc プラグインの _irc.c_ など。
例:
[width="100%",cols="1m,3",options="header"]
[width="100%",cols="1m,2",options="header"]
|===
| ディレクトリ | ファイル
| src/core/ | weechat.c、wee-backtrace.c、wee-command.c、...

26
doc/ja/weechat_relay_protocol.ja.adoc
View File

@ -123,6 +123,10 @@ init [<option>=<value>,[<option>=<value>,...]]
* _option_: 以下のうちの 1 つ:
** _password_: _リレー_ の認証用パスワード
(WeeChat の _relay.network.password_ オプション)
// TRANSLATION MISSING
** _password_hash_: hash of password used to authenticate on _relay_
(option _relay.network.password_ in WeeChat), see below for the format
_(WeeChat バージョン 2.8 で利用可能)_
** _totp_: パスワードに加えた二要素認証で利用する時間ベースのワンタイムパスワード (TOTP)
(WeeChat の _relay.network.totp_secret_ オプション)
_(WeeChat バージョン 2.4 で利用可能)_
@ -135,6 +139,19 @@ init [<option>=<value>,[<option>=<value>,...]]
WeeChat バージョン 1.6 以上の場合、コンマをエスケープすることで value にコンマを設定可能です。例えば
"foo,bar" というパスワードを送信するには `init password=foo\,bar` のように設定してください。
// TRANSLATION MISSING
Format of hashed password is one of the following, where _hash_ is the hashed
password as hexadecimal:
* `+sha256:hash+`
* `+sha512:hash+`
* `+pbkdf2:algorithm:salt:iterations:hash+` with:
** _algorithm_: _sha256_ or _sha512_
** _salt_: salt (hexadecimal)
** _iterations_: number of iterations
** _hash_: the hashed password (hexadecimal)
// TRANSLATION MISSING
例:
----
@ -149,6 +166,15 @@ init password=mypass,totp=123456
# 圧縮を使わない例
init password=mypass,compression=off
# initialize with hashed password (SHA256) (WeeChat バージョン 2.8 以上の場合)
init password_hash=sha256:b9a4c3393dfac4330736684510378851e581c68add8eca84110c31a33e694676
# initialize with hashed password (SHA512) (WeeChat バージョン 2.8 以上の場合)
init password_hash=sha512:4469190d4e0d1fdc0afb6f408d9873c89b8ce89cc4db79fe058255c55ad6821fa5e9bb068f9e578c8ae7cc825d85ff99c439d59e439bc589d95620a1e6b8ae6e
# initialize with hashed password (PBKDF2: SHA256, salt="ABCDEFGHIJKLMNOP", 100000 iterations) (WeeChat バージョン 2.8 以上の場合)
init password_hash=pbkdf2:sha256:4142434445464748494a4b4c4d4e4f50:100000:01757d53157ca14a1419e3a8cc1563536520a60b76d2d48e7f9ac09afc945a1c
----
[[command_hdata]]

168
src/plugins/relay/weechat/relay-weechat-protocol.c
View File

@ -158,13 +158,172 @@ relay_weechat_protocol_is_sync (struct t_relay_client *ptr_client,
return 0;
}
/*
* Parses PBKDF2 parameters from string with format:
*
* algorithm:salt:iterations:hash
*
* where:
*
* algorithm is "sha256" or "sha512"
* salt is the salt in hexadecimal
* iterations it the number of iterations ( 1)
* hash is the hashed password with the parameters above, in hexadecimal
*/
void
relay_weechat_protocol_parse_pbkdf2 (const char *parameters,
char **algorithm,
char **salt,
int *salt_size,
int *iterations,
char **hash_pbkdf2)
{
char **argv, *error;
int argc;
*algorithm = NULL;
*salt = NULL;
*salt_size = 0;
*iterations = 0;
*hash_pbkdf2 = NULL;
if (!parameters)
return;
argv = weechat_string_split (parameters, ":", NULL, 0, 0, &argc);
if (!argv || (argc < 4))
{
/* not enough parameters */
if (argv)
weechat_string_free_split (argv);
return;
}
/* parameter 1: algorithm */
if ((strcmp (argv[0], "sha256") == 0)
|| (strcmp (argv[0], "sha512") == 0))
{
*algorithm = strdup (argv[0]);
}
/* parameter 2: salt */
*salt = malloc (strlen (argv[1]) + 1);
if (*salt)
*salt_size = weechat_string_base_decode (16, argv[1], *salt);
/* parameter 3: iterations */
*iterations = (int)strtol (argv[2], &error, 10);
if (!error || error[0])
*iterations = 0;
/* parameter 4: the PBKDF2 hash */
*hash_pbkdf2 = strdup (argv[3]);
weechat_string_free_split (argv);
}
/*
* Checks if hashed password received is valid.
*
* Format of hash_password is: algorithm:hash
*
* Returns 1 if the hashed password is valid, otherwise 0.
*/
int
relay_weechat_protocol_check_hash (const char *hashed_password,
const char *password)
{
const char *pos_hash;
char *hash_algo, hash[512 / 8], hash_hexa[((512 / 8) * 2) + 1];
char *hash_pbkdf2_algo, *salt, *hash_pbkdf2;
int rc, hash_size, salt_size, iterations;
rc = 0;
if (!hashed_password || !password)
goto end;
pos_hash = strchr (hashed_password, ':');
if (!pos_hash)
goto end;
hash_algo = weechat_strndup (hashed_password, pos_hash - hashed_password);
if (!hash_algo)
goto end;
pos_hash++;
if ((strcmp (hash_algo, "sha256") == 0)
|| (strcmp (hash_algo, "sha512") == 0))
{
if (weechat_crypto_hash (password, strlen (password), hash_algo,
hash, &hash_size))
{
weechat_string_base_encode (16, hash, hash_size, hash_hexa);
if (weechat_strcasecmp (hash_hexa, pos_hash) == 0)
rc = 1;
}
}
else if (strcmp (hash_algo, "pbkdf2") == 0)
{
relay_weechat_protocol_parse_pbkdf2 (pos_hash,
&hash_pbkdf2_algo,
&salt,
&salt_size,
&iterations,
&hash_pbkdf2);
if (hash_pbkdf2_algo && salt && (salt_size > 0) && (iterations > 0)
&& hash_pbkdf2)
{
if (weechat_crypto_hash_pbkdf2 (password, strlen (password),
hash_pbkdf2_algo,
salt, salt_size,
iterations,
hash, &hash_size))
{
weechat_string_base_encode (16, hash, hash_size, hash_hexa);
if (weechat_strcasecmp (hash_hexa, hash_pbkdf2) == 0)
rc = 1;
}
}
if (hash_pbkdf2_algo)
free (hash_pbkdf2_algo);
if (salt)
free (salt);
if (hash_pbkdf2)
free (hash_pbkdf2);
}
free (hash_algo);
end:
return rc;
}
/*
* Callback for command "init" (from client).
*
* Format is: init arg1=value1,arg2=value2
*
* Allowed arguments:
* password plain text password (recommended with SSL only)
* password_hash hashed password, value is: algorithm:[parameters:]hash
* supported algorithms: sha256, sha512 and pbkdf2
* for pbkdf2, parameters are: algorithm, salt, iterations
* hash is given in hexadecimal
* totp time-based one time password used as secondary
* authentication factor
* compression zlib (default) or off
*
* Message looks like:
* init password=mypass
* init password=mypass,compression=zlib
* init password=mypass,compression=off
* init password_hash=sha256:71c480df93d6ae2f1efad1447c66c9,totp=123456
* init password_hash=pbkdf2:sha256:414232:100000:01757d53157c,totp=123456
*/
RELAY_WEECHAT_PROTOCOL_CALLBACK(init)
@ -201,6 +360,15 @@ RELAY_WEECHAT_PROTOCOL_CALLBACK(init)
if (password && (strcmp (password, pos) == 0))
RELAY_WEECHAT_DATA(client, password_ok) = 1;
}
else if (strcmp (options[i], "password_hash") == 0)
{
password_received = 1;
if (password
&& relay_weechat_protocol_check_hash (pos, password))
{
RELAY_WEECHAT_DATA(client, password_ok) = 1;
}
}
else if (strcmp (options[i], "totp") == 0)
{
totp_received = 1;

1
tests/CMakeLists.txt
View File

@ -55,6 +55,7 @@ set(LIB_WEECHAT_UNIT_TESTS_PLUGINS_SRC
unit/plugins/irc/test-irc-mode.cpp
unit/plugins/irc/test-irc-nick.cpp
unit/plugins/irc/test-irc-protocol.cpp
unit/plugins/relay/weechat/test-relay-weechat-protocol.cpp
)
add_library(weechat_unit_tests_plugins MODULE ${LIB_WEECHAT_UNIT_TESTS_PLUGINS_SRC})

3
tests/Makefile.am
View File

@ -71,7 +71,8 @@ lib_weechat_unit_tests_plugins_la_SOURCES = unit/plugins/irc/test-irc-color.cpp
unit/plugins/irc/test-irc-message.cpp \
unit/plugins/irc/test-irc-mode.cpp \
unit/plugins/irc/test-irc-nick.cpp \
unit/plugins/irc/test-irc-protocol.cpp
unit/plugins/irc/test-irc-protocol.cpp \
unit/plugins/relay/weechat/test-relay-weechat-protocol.cpp
lib_weechat_unit_tests_plugins_la_LDFLAGS = -module -no-undefined

239
tests/unit/plugins/relay/weechat/test-relay-weechat-protocol.cpp Normal file
View File

@ -0,0 +1,239 @@
/*
* test-relay-weechat-protocol.cpp - test relay weechat protocol
*
* Copyright (C) 2020 Sébastien Helleu <flashcode@flashtux.org>
*
* This file is part of WeeChat, the extensible chat client.
*
* WeeChat is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* WeeChat is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with WeeChat. If not, see <http://www.gnu.org/licenses/>.
*/
#include "CppUTest/TestHarness.h"
extern "C"
{
#include <stdio.h>
extern void relay_weechat_protocol_parse_pbkdf2 (const char *parameters,
char **algorithm,
char **salt,
int *salt_size,
int *iterations,
char **hash_pbkdf2);
extern int relay_weechat_protocol_check_hash (const char *hashed_password,
const char *password);
}
#define WEE_CHECK_PARSE_PBKDF2(__parameters) \
algorithm = (char *)0x1; \
salt = (char *)0x1; \
salt_size = -1; \
iterations = -1; \
hash_pbkdf2 = (char *)0x1; \
relay_weechat_protocol_parse_pbkdf2 ( \
__parameters, \
&algorithm, \
&salt, \
&salt_size, \
&iterations, \
&hash_pbkdf2);
TEST_GROUP(RelayWeechatProtocol)
{
};
/*
* Tests functions:
* relay_weechat_protocol_parse_pbkdf2
*/
TEST(RelayWeechatProtocol, ParsePbkdf2)
{
char *algorithm, *salt, *hash_pbkdf2;
const char salt_expected[4] = { 0x41, 0x42, 0x43, 0x44 }; /* "ABCD" */
int salt_size, iterations;
/* NULL string */
WEE_CHECK_PARSE_PBKDF2(NULL);
POINTERS_EQUAL(NULL, algorithm);
POINTERS_EQUAL(NULL, salt);
LONGS_EQUAL(0, salt_size);
LONGS_EQUAL(0, iterations);
POINTERS_EQUAL(NULL, hash_pbkdf2);
/* not enough parameters: 0 (expected: 4) */
WEE_CHECK_PARSE_PBKDF2("");
POINTERS_EQUAL(NULL, algorithm);
POINTERS_EQUAL(NULL, salt);
LONGS_EQUAL(0, salt_size);
LONGS_EQUAL(0, iterations);
POINTERS_EQUAL(NULL, hash_pbkdf2);
/* not enough parameters: 1 (expected: 4) */
WEE_CHECK_PARSE_PBKDF2("sha256");
POINTERS_EQUAL(NULL, algorithm);
POINTERS_EQUAL(NULL, salt);
LONGS_EQUAL(0, salt_size);
LONGS_EQUAL(0, iterations);
POINTERS_EQUAL(NULL, hash_pbkdf2);
/* not enough parameters: 2 (expected: 4) */
WEE_CHECK_PARSE_PBKDF2("sha256:41424344");
POINTERS_EQUAL(NULL, algorithm);
POINTERS_EQUAL(NULL, salt);
LONGS_EQUAL(0, salt_size);
LONGS_EQUAL(0, iterations);
POINTERS_EQUAL(NULL, hash_pbkdf2);
/* not enough parameters: 3 (expected: 4) */
WEE_CHECK_PARSE_PBKDF2("sha256:41424344:100000");
POINTERS_EQUAL(NULL, algorithm);
POINTERS_EQUAL(NULL, salt);
LONGS_EQUAL(0, salt_size);
LONGS_EQUAL(0, iterations);
POINTERS_EQUAL(NULL, hash_pbkdf2);
/* good parameters */
WEE_CHECK_PARSE_PBKDF2("sha256:41424344:100000:"
"01757d53157ca14a1419e3a8cc1563536520a60b76d2d48e7"
"f9ac09afc945a1c");
STRCMP_EQUAL("sha256", algorithm);
MEMCMP_EQUAL(salt_expected, salt, 4);
LONGS_EQUAL(4, salt_size);
LONGS_EQUAL(100000, iterations);
STRCMP_EQUAL("01757d53157ca14a1419e3a8cc1563536520a60b76d2d48e7f9ac09afc9"
"45a1c",
hash_pbkdf2);
free (algorithm);
free (salt);
free (hash_pbkdf2);
/* wrong algorithm */
WEE_CHECK_PARSE_PBKDF2("not_an_algo:41424344:100000:"
"01757d53157ca14a1419e3a8cc1563536520a60b76d2d48e7"
"f9ac09afc945a1c");
POINTERS_EQUAL(NULL, algorithm);
MEMCMP_EQUAL(salt_expected, salt, 4);
LONGS_EQUAL(4, salt_size);
LONGS_EQUAL(100000, iterations);
STRCMP_EQUAL("01757d53157ca14a1419e3a8cc1563536520a60b76d2d48e7f9ac09afc9"
"45a1c",
hash_pbkdf2);
free (salt);
free (hash_pbkdf2);
/* wrong salt */
WEE_CHECK_PARSE_PBKDF2("sha256:Z:100000:"
"01757d53157ca14a1419e3a8cc1563536520a60b76d2d48e7"
"f9ac09afc945a1c");
STRCMP_EQUAL("sha256", algorithm);
CHECK(salt);
LONGS_EQUAL(0, salt_size);
LONGS_EQUAL(100000, iterations);
STRCMP_EQUAL("01757d53157ca14a1419e3a8cc1563536520a60b76d2d48e7f9ac09afc9"
"45a1c",
hash_pbkdf2);
free (algorithm);
free (salt);
free (hash_pbkdf2);
/* wrong iterations */
WEE_CHECK_PARSE_PBKDF2("sha256:41424344:abcd:"
"01757d53157ca14a1419e3a8cc1563536520a60b76d2d48e7"
"f9ac09afc945a1c");
STRCMP_EQUAL("sha256", algorithm);
MEMCMP_EQUAL(salt_expected, salt, 4);
LONGS_EQUAL(4, salt_size);
LONGS_EQUAL(0, iterations);
STRCMP_EQUAL("01757d53157ca14a1419e3a8cc1563536520a60b76d2d48e7f9ac09afc9"
"45a1c",
hash_pbkdf2);
free (algorithm);
free (salt);
free (hash_pbkdf2);
}
/*
* Tests functions:
* relay_weechat_protocol_check_hash
*/
TEST(RelayWeechatProtocol, CheckHash)
{
LONGS_EQUAL(0, relay_weechat_protocol_check_hash (NULL, NULL));
LONGS_EQUAL(0, relay_weechat_protocol_check_hash ("", ""));
LONGS_EQUAL(0, relay_weechat_protocol_check_hash ("abcd", NULL));
LONGS_EQUAL(0, relay_weechat_protocol_check_hash (NULL, "password"));
LONGS_EQUAL(0, relay_weechat_protocol_check_hash ("invalid", "password"));
/* SHA256: hash is for password: "wrong" */
LONGS_EQUAL(0,
relay_weechat_protocol_check_hash (
"sha256:8810ad581e59f2bc3928b261707a71308f7e139eb04820366"
"dc4d5c18d980225",
"password"));
/* SHA256: hash is for password: "password" */
LONGS_EQUAL(1,
relay_weechat_protocol_check_hash (
"sha256:5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62"
"a11ef721d1542d8",
"password"));
/* SHA512: hash is for password: "wrong" */
LONGS_EQUAL(0,
relay_weechat_protocol_check_hash (
"sha512:4a80cdd4a4c8230ec1acd2ce3b6139819e914f4db4dc46ec6"
"21d0add88d5e3054b438359bac599fc1e101da39e9d2fe23b9fdd562"
"5893f6a79f982127034622a",
"password"));
/* SHA512: hash is for password: "password" */
LONGS_EQUAL(1,
relay_weechat_protocol_check_hash (
"sha512:b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5"
"e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d10"
"3fd07c95385ffab0cacbc86",
"password"));
/* PBKDF2 (SHA256): hash is for password "wrong" */
LONGS_EQUAL(0,
relay_weechat_protocol_check_hash (
"pbkdf2:sha256:4142434445464748494a4b4c4d4e4f50:100000:"
"e8f92a75f5956e9dc3499775221e9ef121bf4d09bdca4391b69aa62c"
"50c2bb6b",
"password"));
/* PBKDF2 (SHA256): hash is for password "password" */
LONGS_EQUAL(1,
relay_weechat_protocol_check_hash (
"pbkdf2:sha256:4142434445464748494a4b4c4d4e4f50:100000:"
"323d29f1762dcb5917bc8320c4eb9ea05900fc28e53cbc3e1b7f0980"
"2e35e2d0",
"password"));
/* PBKDF2 (SHA512): hash is for password "wrong" */
LONGS_EQUAL(0,
relay_weechat_protocol_check_hash (
"pbkdf2:sha512:4142434445464748494a4b4c4d4e4f50:100000:"
"e682a3815a4d1de8d13a223932b6b0467b7d775111aae3794afb9a84"
"ee62bd50755fde725262f75d1211e8497a35c8dca8a6333bcc9f7b53"
"244f6ff567d25cfc",
"password"));
/* PBKDF2 (SHA512): hash is for password "password" */
LONGS_EQUAL(1,
relay_weechat_protocol_check_hash (
"pbkdf2:sha512:4142434445464748494a4b4c4d4e4f50:100000:"
"db166999c1f415a40570a4bbd3a26d461f87e495da215c75135b77bf"
"910a261d3749f28264d24b546fc898908d4209704700020b8dd2bca6"
"e4698208dd5aa5f2",
"password"));
}