blackbeard420/weechat
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'secured-data'

Browse Source
This commit is contained in:
Sebastien Helleu 2013-08-02 19:19:25 +02:00
commit 663de42284
26 changed files with 1956 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
doc/en/weechat_dev.en.txt
View File

@ -95,7 +95,7 @@ WeeChat "core" reside in following directories:
| wee-command.c | WeeChat core commands
| wee-completion.c | Completion on command line
| wee-config-file.c | Configuration file management
| wee-config.c | Configuration options for WeeChat core (options weechat.*)
| wee-config.c | Configuration options for WeeChat core (file weechat.conf)
| wee-debug.c | Some debug functions
| wee-eval.c | Evaluate expressions with references to internal vars
| wee-hashtable.c | Hashtables
@ -107,6 +107,7 @@ WeeChat "core" reside in following directories:
| wee-log.c | Write to WeeChat log file (weechat.log)
| wee-network.c | Network functions (connection to servers, proxy)
| wee-proxy.c | Proxy management
| wee-secure.c | Secured data options (file sec.conf)
| wee-string.c | Functions on strings
| wee-upgrade-file.c | Internal upgrade system
| wee-upgrade.c | Upgrade for WeeChat core (buffers, lines, history, ...)
@ -162,14 +163,14 @@ Plugins
| weechat-plugin.h | Header designed to be distributed with WeeChat plugins, in order to compile them
| alias/ | Alias plugin
| alias.c | Main alias functions
| alias-config.c | Alias config options
| alias-config.c | Alias config options (file alias.conf)
| alias-info.c | Alias info/infolists/hdata
| aspell/ | Aspell plugin
| weechat-aspell.c | Main aspell functions
| weechat-aspell-bar-item.c | Aspell bar items
| weechat-aspell-command.c | Aspell commands
| weechat-aspell-completion.c | Aspell completions
| weechat-aspell-config.c | Aspell config options
| weechat-aspell-config.c | Aspell config options (file aspell.conf)
| weechat-aspell-info.c | Aspell info/infolists/hdata
| weechat-aspell-speller.c | Spellers management
| charset/ | Charset plugin
@ -188,7 +189,7 @@ Plugins
| irc-color.c | Color functions
| irc-command.c | IRC commands
| irc-completion.c | IRC completions
| irc-config.c | IRC config options
| irc-config.c | IRC config options (file irc.conf)
| irc-ctcp.c | IRC CTCP
| irc-debug.c | IRC debug functions
| irc-ignore.c | IRC Ignore
@ -208,7 +209,7 @@ Plugins
| logger/ | Logger plugin
| logger.c | Main logger functions
| logger-buffer.c | Logger buffer list management
| logger-config.c | Logger config options
| logger-config.c | Logger config options (file logger.conf)
| logger-info.c | Logger info/infolists/hdata
| logger-tail.c | Return last lines of a file
| lua/ | Lua plugin
@ -226,7 +227,7 @@ Plugins
| relay-client.c | Clients of relay
| relay-command.c | Relay commands
| relay-completion.c | Relay completions
| relay-config.c | Relay config options
| relay-config.c | Relay config options (file relay.conf)
| relay-info.c | Relay info/infolists/hdata
| relay-network.c | Network functions for relay
| relay-raw.c | Relay raw buffer
@ -244,7 +245,7 @@ Plugins
| rmodifier.c | Main rmodifier functions
| rmodifier-command.c | Rmodifier commands
| rmodifier-completion.c | Rmodifier completions
| rmodifier-config.c | Rmodifier config options
| rmodifier-config.c | Rmodifier config options (file rmodifier.conf)
| rmodifier-debug.c | Rmodifier debug functions
| rmodifier-info.c | Rmodifier info/infolists/hdata
| ruby/ | Ruby plugin
@ -256,7 +257,7 @@ Plugins
| script-buffer.c | Buffer for scripts manager
| script-command.c | Commands for scripts manager
| script-completion.c | Completions for scripts manager
| script-config.c | Config options for scripts manager
| script-config.c | Config options for scripts manager (file script.conf)
| script-info.c | Script manager info/infolists/hdata
| script-repo.c | Download and read repository file
| tcl/ | Tcl plugin
@ -268,7 +269,7 @@ Plugins
| xfer-chat.c | Xfer DCC chat
| xfer-command.c | Xfer commands
| xfer-completion.c | Xfer completions
| xfer-config.c | Xfer config options
| xfer-config.c | Xfer config options (file xfer.conf)
| xfer-dcc.c | Xfer DCC file
| xfer-file.c | File functions for xfer
| xfer-info.c | Xfer info/infolists/hdata

2
po/POTFILES.in
View File

@ -28,6 +28,8 @@
./src/core/wee-network.h
./src/core/wee-proxy.c
./src/core/wee-proxy.h
./src/core/wee-secure.c
./src/core/wee-secure.h
./src/core/wee-string.c
./src/core/wee-string.h
./src/core/wee-upgrade.c

2
po/srcfiles.cmake
View File

@ -29,6 +29,8 @@ SET(WEECHAT_SOURCES
./src/core/wee-network.h
./src/core/wee-proxy.c
./src/core/wee-proxy.h
./src/core/wee-secure.c
./src/core/wee-secure.h
./src/core/wee-string.c
./src/core/wee-string.h
./src/core/wee-upgrade.c

1
src/core/CMakeLists.txt
View File

@ -37,6 +37,7 @@ wee-list.c wee-list.h
wee-log.c wee-log.h
wee-network.c wee-network.h
wee-proxy.c wee-proxy.h
wee-secure.c wee-secure.h
wee-string.c wee-string.h
wee-upgrade.c wee-upgrade.h
wee-upgrade-file.c wee-upgrade-file.h

2
src/core/Makefile.am
View File

@ -55,6 +55,8 @@ lib_weechat_core_a_SOURCES = weechat.c \
wee-network.h \
wee-proxy.c \
wee-proxy.h \
wee-secure.c \
wee-secure.h \
wee-string.c \
wee-string.h \
wee-upgrade.c \

235
src/core/wee-command.c
View File

@ -45,6 +45,7 @@
#include "wee-list.h"
#include "wee-log.h"
#include "wee-proxy.h"
#include "wee-secure.h"
#include "wee-string.h"
#include "wee-upgrade.h"
#include "wee-utf8.h"
@ -4481,6 +4482,168 @@ COMMAND_CALLBACK(save)
return WEECHAT_RC_OK;
}
/*
* Displays a secured data.
*/
void
command_secure_display_data (void *data,
struct t_hashtable *hashtable,
const void *key, const void *value)
{
/* make C compiler happy */
(void) data;
(void) hashtable;
(void) value;
if (key)
gui_chat_printf (NULL, " %s", key);
}
/*
* Callback for command "/secure": manage secured data
*/
COMMAND_CALLBACK(secure)
{
int passphrase_was_set, count_encrypted;
/* make C compiler happy */
(void) data;
(void) buffer;
/* list of secured data */
if (argc == 1)
{
secure_buffer_open ();
return WEECHAT_RC_OK;
}
count_encrypted = secure_hashtable_data_encrypted->items_count;
/* decrypt data still encrypted */
if (string_strcasecmp (argv[1], "decrypt") == 0)
{
COMMAND_MIN_ARGS(3, "secure decrypt");
if (count_encrypted == 0)
{
gui_chat_printf (NULL, _("There is no encrypted data"));
return WEECHAT_RC_OK;
}
if (strcmp (argv[2], "-discard") == 0)
{
hashtable_remove_all (secure_hashtable_data_encrypted);
gui_chat_printf (NULL, _("Encrypted data deleted"));
return WEECHAT_RC_OK;
}
if (secure_decrypt_data_not_decrypted (argv_eol[2]) > 0)
{
gui_chat_printf (NULL,
_("Encrypted data has been successfully decrypted"));
if (secure_passphrase)
free (secure_passphrase);
secure_passphrase = strdup (argv_eol[2]);
}
else
{
gui_chat_printf (NULL,
_("%sFailed to decrypt data (wrong passphrase?)"),
gui_chat_prefix[GUI_CHAT_PREFIX_ERROR]);
}
return WEECHAT_RC_OK;
}
if (count_encrypted > 0)
{
gui_chat_printf (NULL,
_("%sYou must decrypt data still encrypted before "
"doing any operation on secured data or passphrase"),
gui_chat_prefix[GUI_CHAT_PREFIX_ERROR]);
return WEECHAT_RC_OK;
}
/* set the passphrase */
if (string_strcasecmp (argv[1], "passphrase") == 0)
{
COMMAND_MIN_ARGS(3, "secure passphrase");
passphrase_was_set = 0;
if (secure_passphrase)
{
free (secure_passphrase);
secure_passphrase = NULL;
passphrase_was_set = 1;
}
if (strcmp (argv[2], "-delete") == 0)
{
gui_chat_printf (NULL,
(passphrase_was_set) ?
_("Passphrase deleted") : _("Passphrase is not set"));
if (passphrase_was_set)
{
if (secure_hashtable_data->items_count > 0)
command_save_file (secure_config_file);
secure_buffer_display ();
}
}
else
{
secure_passphrase = strdup (argv_eol[2]);
gui_chat_printf (NULL,
(passphrase_was_set) ?
_("Passphrase changed") : _("Passphrase added"));
if (secure_hashtable_data->items_count > 0)
command_save_file (secure_config_file);
secure_buffer_display ();
}
return WEECHAT_RC_OK;
}
/* set a secured data */
if (string_strcasecmp (argv[1], "set") == 0)
{
COMMAND_MIN_ARGS(4, "secure set");
hashtable_set (secure_hashtable_data, argv[2], argv_eol[3]);
gui_chat_printf (NULL, _("Secured data \"%s\" set"), argv[2]);
command_save_file (secure_config_file);
secure_buffer_display ();
return WEECHAT_RC_OK;
}
/* delete a secured data */
if (string_strcasecmp (argv[1], "del") == 0)
{
COMMAND_MIN_ARGS(3, "secure del");
if (hashtable_has_key (secure_hashtable_data, argv[2]))
{
hashtable_remove (secure_hashtable_data, argv[2]);
gui_chat_printf (NULL, _("Secured data \"%s\" deleted"), argv[2]);
command_save_file (secure_config_file);
secure_buffer_display ();
}
else
{
gui_chat_printf (NULL,
_("%sSecured data \"%s\" not found"),
gui_chat_prefix[GUI_CHAT_PREFIX_ERROR],
argv[2]);
}
return WEECHAT_RC_OK;
}
/* toggle values on secured data buffer */
if (string_strcasecmp (argv[1], "toggle_values") == 0)
{
if (secure_buffer)
{
secure_buffer_display_values ^= 1;
secure_buffer_display ();
}
return WEECHAT_RC_OK;
}
return WEECHAT_RC_OK;
}
/*
* Displays a configuration section.
*/
@ -5159,6 +5322,14 @@ COMMAND_CALLBACK(upgrade)
return WEECHAT_RC_OK;
}
/*
* set passphrase in environment var, so that it will not be asked to user
* when starting the new binary
*/
if (secure_passphrase)
setenv (SECURE_ENV_PASSPHRASE, secure_passphrase, 1);
/* execute binary */
exec_args[0] = ptr_binary;
exec_args[3] = strdup (weechat_home);
execvp (exec_args[0], exec_args);
@ -5166,7 +5337,8 @@ COMMAND_CALLBACK(upgrade)
/* this code should not be reached if execvp is OK */
string_iconv_fprintf (stderr, "\n\n*****\n");
string_iconv_fprintf (stderr,
_("***** Error: exec failed (program: \"%s\"), exiting WeeChat"),
_("***** Error: exec failed (program: \"%s\"), "
"exiting WeeChat"),
exec_args[0]);
string_iconv_fprintf (stderr, "\n*****\n\n");
@ -6634,6 +6806,55 @@ command_init ()
"saved."),
"%(config_files)|%*",
&command_save, NULL);
hook_command (NULL, "secure",
N_("manage secured data (passwords or private data encrypted "
"in file sec.conf)"),
N_("passphrase <passphrase>|-delete"
" || decrypt <passphrase>|-discard"
" || set <name> <value>"
" || del <name>"),
N_("passphrase: set or change the passphrase used for "
"encryption (without passphrase, data is stored as "
"plain text in file sec.conf)\n"
" -delete: delete passphrase\n"
" decrypt: decrypt data still encrypted (it happens only "
"if no passphrase was given for encrypted data on startup)\n"
" -discard: discard all encrypted data (WARNING: this "
"will clear the file sec.conf)\n"
" set: add or change secured data\n"
" del: delete secured data\n\n"
"Without argument, this command displays secured data "
"in a new buffer.\n\n"
"When a passphrase is used (data encrypted), it is asked "
"by WeeChat on startup.\n"
"It is possible to set environment variable \""
SECURE_ENV_PASSPHRASE "\" to prevent the prompt (this same "
"variable is used by WeeChat on /upgrade).\n\n"
"Secured data with format ${sec.data.xxx} can be used in:\n"
" - command line argument \"--run-command\"\n"
" - irc server options: autojoin, command, password, "
"sasl_{username|password}\n"
" - options weechat.startup.command_{before|after}_plugins\n"
" - command /eval.\n\n"
"Examples:\n"
" set a passphrase:\n"
" /secure passphrase this is my passphrase\n"
" encrypt freenode SASL password:\n"
" /secure set freenode mypassword\n"
" /set irc.server.freenode.sasl_password "
"\"${sec.data.freenode}\"\n"
" encrypt oftc password for nickserv:\n"
" /secure set oftc mypassword\n"
" /set irc.server.oftc.command \"/msg nickserv identify "
"${sec.data.oftc}\"\n"
" alias to ghost \"mynick\":\n"
" /alias ghost /eval /msg -server freenode nickserv "
"ghost mynick ${sec.data.freenode}"),
"passphrase -delete"
" || decrypt -discard"
" || set %(secured_data)"
" || del %(secured_data)",
&command_secure, NULL);
hook_command (NULL, "set",
N_("set config options"),
N_("[<option> [<value>]] || diff [<option> [<option>...]]"),
@ -6864,12 +7085,16 @@ command_init ()
void
command_exec_list (const char *command_list)
{
char **commands, **ptr_cmd;
char *command_list2, **commands, **ptr_cmd;
struct t_gui_buffer *weechat_buffer;
if (command_list && command_list[0])
if (!command_list || !command_list[0])
return;
command_list2 = eval_expression (command_list, NULL, NULL);
if (command_list2 && command_list2[0])
{
commands = string_split_command (command_list, ';');
commands = string_split_command (command_list2, ';');
if (commands)
{
weechat_buffer = gui_buffer_search_main ();
@ -6880,6 +7105,8 @@ command_exec_list (const char *command_list)
string_free_split_command (commands);
}
}
if (command_list2)
free (command_list2);
}
/*

44
src/core/wee-completion.c
View File

@ -39,6 +39,7 @@
#include "wee-hook.h"
#include "wee-list.h"
#include "wee-proxy.h"
#include "wee-secure.h"
#include "wee-string.h"
#include "../gui/gui-completion.h"
#include "../gui/gui-bar.h"
@ -1297,6 +1298,46 @@ completion_list_add_layouts_names_cb (void *data,
return WEECHAT_RC_OK;
}
/*
* Adds a secured data to completion list.
*/
void
completion_list_map_add_secured_data_cb (void *data,
struct t_hashtable *hashtable,
const void *key, const void *value)
{
/* make C compiler happy */
(void) hashtable;
(void) value;
gui_completion_list_add ((struct t_gui_completion *)data,
(const char *)key,
0, WEECHAT_LIST_POS_SORT);
}
/*
* Adds secured data to completion list.
*/
int
completion_list_add_secured_data_cb (void *data,
const char *completion_item,
struct t_gui_buffer *buffer,
struct t_gui_completion *completion)
{
/* make C compiler happy */
(void) data;
(void) completion_item;
(void) buffer;
hashtable_map (secure_hashtable_data,
&completion_list_map_add_secured_data_cb,
completion);
return WEECHAT_RC_OK;
}
/*
* Adds hooks for completions done by WeeChat core.
*/
@ -1392,4 +1433,7 @@ completion_init ()
hook_completion (NULL, "layouts_names",
N_("names of layouts"),
&completion_list_add_layouts_names_cb, NULL);
hook_completion (NULL, "secured_data",
N_("names of secured data (file sec.conf, section data)"),
&completion_list_add_secured_data_cb, NULL);
}

10
src/core/wee-config.c
View File

@ -690,7 +690,7 @@ config_change_network_gnutls_ca_file (void *data,
(void) data;
(void) option;
if (network_init_ok)
if (network_init_gnutls_ok)
network_set_gnutls_ca_file ();
}
@ -1706,7 +1706,7 @@ config_weechat_filter_read_cb (void *data,
}
/*
* Writes a filter option in WeeChat configuration file.
* Writes section "filter" in WeeChat configuration file.
*/
int
@ -1873,12 +1873,14 @@ config_weechat_init_options ()
config_startup_command_after_plugins = config_file_new_option (
weechat_config_file, ptr_section,
"command_after_plugins", "string",
N_("command executed when WeeChat starts, after loading plugins"),
N_("command executed when WeeChat starts, after loading plugins "
"(note: content is evaluated, see /help eval)"),
NULL, 0, 0, "", NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL);
config_startup_command_before_plugins = config_file_new_option (
weechat_config_file, ptr_section,
"command_before_plugins", "string",
N_("command executed when WeeChat starts, before loading plugins"),
N_("command executed when WeeChat starts, before loading plugins "
"(note: content is evaluated, see /help eval)"),
NULL, 0, 0, "", NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL);
config_startup_display_logo = config_file_new_option (
weechat_config_file, ptr_section,

8
src/core/wee-debug.c
View File

@ -369,10 +369,8 @@ debug_hdata_map_cb (void *data, struct t_hashtable *hashtable,
gui_chat_printf (NULL,
" hdata 0x%lx: \"%s\", %d vars, %d lists:",
ptr_hdata, (const char *)key,
hashtable_get_integer (ptr_hdata->hash_var,
"items_count"),
hashtable_get_integer (ptr_hdata->hash_list,
"items_count"));
ptr_hdata->hash_var->items_count,
ptr_hdata->hash_list->items_count);
/* display lists */
hashtable_map (ptr_hdata->hash_list,
@ -412,7 +410,7 @@ debug_hdata ()
{
int count;
count = hashtable_get_integer (weechat_hdata, "items_count");
count = weechat_hdata->items_count;
gui_chat_printf (NULL, "");
gui_chat_printf (NULL, "%d hdata in memory", count);

46
src/core/wee-eval.c
View File

@ -33,6 +33,7 @@
#include "wee-hashtable.h"
#include "wee-hdata.h"
#include "wee-hook.h"
#include "wee-secure.h"
#include "wee-string.h"
#include "../gui/gui-buffer.h"
#include "../gui/gui-color.h"
@ -245,25 +246,34 @@ eval_replace_vars_cb (void *data, const char *text)
return strdup (ptr_value);
/* 2. look for name of option: if found, return this value */
config_file_search_with_string (text, NULL, NULL, &ptr_option, NULL);
if (ptr_option)
if (strncmp (text, "sec.data.", 9) == 0)
{
switch (ptr_option->type)
ptr_value = hashtable_get (secure_hashtable_data, text + 9);
if (ptr_value)
return strdup (ptr_value);
}
else
{
config_file_search_with_string (text, NULL, NULL, &ptr_option, NULL);
if (ptr_option)
{
case CONFIG_OPTION_TYPE_BOOLEAN:
return strdup (CONFIG_BOOLEAN(ptr_option) ? EVAL_STR_TRUE : EVAL_STR_FALSE);
case CONFIG_OPTION_TYPE_INTEGER:
if (ptr_option->string_values)
return strdup (ptr_option->string_values[CONFIG_INTEGER(ptr_option)]);
snprintf (str_value, sizeof (str_value),
"%d", CONFIG_INTEGER(ptr_option));
return strdup (str_value);
case CONFIG_OPTION_TYPE_STRING:
return strdup (CONFIG_STRING(ptr_option));
case CONFIG_OPTION_TYPE_COLOR:
return strdup (gui_color_get_name (CONFIG_COLOR(ptr_option)));
case CONFIG_NUM_OPTION_TYPES:
return NULL;
switch (ptr_option->type)
{
case CONFIG_OPTION_TYPE_BOOLEAN:
return strdup (CONFIG_BOOLEAN(ptr_option) ? EVAL_STR_TRUE : EVAL_STR_FALSE);
case CONFIG_OPTION_TYPE_INTEGER:
if (ptr_option->string_values)
return strdup (ptr_option->string_values[CONFIG_INTEGER(ptr_option)]);
snprintf (str_value, sizeof (str_value),
"%d", CONFIG_INTEGER(ptr_option));
return strdup (str_value);
case CONFIG_OPTION_TYPE_STRING:
return strdup (CONFIG_STRING(ptr_option));
case CONFIG_OPTION_TYPE_COLOR:
return strdup (gui_color_get_name (CONFIG_COLOR(ptr_option)));
case CONFIG_NUM_OPTION_TYPES:
return NULL;
}
}
}
@ -345,7 +355,7 @@ eval_replace_vars (const char *expr, struct t_hashtable *pointers,
ptr[0] = pointers;
ptr[1] = extra_vars;
return string_replace_with_callback (expr,
return string_replace_with_callback (expr, "${", "}",
&eval_replace_vars_cb,
ptr,
&errors);

34
src/core/wee-network.c
View File

@ -55,13 +55,28 @@
#include "../plugins/plugin.h"
int network_init_ok = 0;
int network_init_gnutls_ok = 0;
#ifdef HAVE_GNUTLS
gnutls_certificate_credentials_t gnutls_xcred; /* GnuTLS client credentials */
#endif
/*
* Initializes gcrypt.
*/
void
network_init_gcrypt ()
{
if (!weechat_no_gcrypt)
{
gcry_check_version (GCRYPT_VERSION);
gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
}
}
/*
* Sets trust file with option "gnutls_ca_file".
*/
@ -91,11 +106,11 @@ network_set_gnutls_ca_file ()
}
/*
* Initializes network.
* Initializes GnuTLS.
*/
void
network_init ()
network_init_gnutls ()
{
#ifdef HAVE_GNUTLS
if (!weechat_no_gnutls)
@ -121,14 +136,7 @@ network_init ()
}
#endif /* HAVE_GNUTLS */
if (!weechat_no_gcrypt)
{
gcry_check_version (GCRYPT_VERSION);
gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
}
network_init_ok = 1;
network_init_gnutls_ok = 1;
}
/*
@ -138,7 +146,7 @@ network_init ()
void
network_end ()
{
if (network_init_ok)
if (network_init_gnutls_ok)
{
#ifdef HAVE_GNUTLS
if (!weechat_no_gnutls)
@ -147,7 +155,7 @@ network_end ()
gnutls_global_deinit();
}
#endif
network_init_ok = 0;
network_init_gnutls_ok = 0;
}
}

5
src/core/wee-network.h
View File

@ -40,10 +40,11 @@ struct t_network_socks5
/* auth(user/pass) (2), ... */
};
extern int network_init_ok;
extern int network_init_gnutls_ok;
extern void network_init_gcrypt ();
extern void network_set_gnutls_ca_file ();
extern void network_init ();
extern void network_init_gnutls ();
extern void network_end ();
extern int network_pass_proxy (const char *proxy, int sock,
const char *address, int port);

1295
src/core/wee-secure.c Normal file
View File

File diff suppressed because it is too large Load Diff

70
src/core/wee-secure.h Normal file
View File

@ -0,0 +1,70 @@
/*
* Copyright (C) 2013 Sebastien Helleu <flashcode@flashtux.org>
*
* This file is part of WeeChat, the extensible chat client.
*
* WeeChat is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* WeeChat is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with WeeChat. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef __WEECHAT_SECURE_H
#define __WEECHAT_SECURE_H 1
#define SECURE_CONFIG_NAME "sec"
#define SECURE_ENV_PASSPHRASE "WEECHAT_PASSPHRASE"
#define SECURE_SALT_DEFAULT "WeeChat!"
#define SECURE_DATA_PASSPHRASE_FLAG "__passphrase__"
#define SECURE_BUFFER_NAME "secured_data"
enum t_secure_config_hash_algo
{
SECURE_CONFIG_HASH_SHA224 = 0,
SECURE_CONFIG_HASH_SHA256,
SECURE_CONFIG_HASH_SHA384,
SECURE_CONFIG_HASH_SHA512,
};
enum t_secure_config_cipher
{
SECURE_CONFIG_CIPHER_AES128 = 0,
SECURE_CONFIG_CIPHER_AES192,
SECURE_CONFIG_CIPHER_AES256,
};
extern struct t_config_file *secure_config_file;
extern struct t_config_section *secure_config_section_pwd;
extern struct t_config_option *secure_config_crypt_cipher;
extern struct t_config_option *secure_config_crypt_hash_algo;
extern struct t_config_option *secure_config_crypt_passphrase_file;
extern struct t_config_option *secure_config_crypt_salt;
extern char *secure_passphrase;
extern struct t_hashtable *secure_hashtable_data;
extern struct t_hashtable *secure_hashtable_data_encrypted;
extern struct t_gui_buffer *secure_buffer;
extern int secure_buffer_display_values;
extern int secure_decrypt_data_not_decrypted (const char *passphrase);
extern int secure_init ();
extern int secure_read ();
extern int secure_write ();
extern void secure_free ();
extern void secure_buffer_display ();
extern void secure_buffer_assign ();
extern void secure_buffer_open ();
#endif /* __WEECHAT_SECURE_H */

96
src/core/wee-string.c
View File

@ -1796,6 +1796,78 @@ string_format_size (unsigned long long size)
return strdup (str_size);
}
/*
* Encodes a string in base16 (hexadecimal).
*
* Argument "length" is number of bytes in "from" to convert (commonly
* strlen(from)).
*/
void
string_encode_base16 (const char *from, int length, char *to)
{
int i;
const char *hexa = "0123456789ABCDEF";
char *ptr_to;
ptr_to = to;
ptr_to[0] = '\0';
for (i = 0; i < length; i++)
{
ptr_to[0] = hexa[((unsigned char)from[i]) / 16];
ptr_to[1] = hexa[((unsigned char)from[i]) % 16];
ptr_to += 2;
}
ptr_to[0] = '\0';
}
/*
* Decodes a base16 string (hexadecimal).
*
* Returns length of string in "*to" (it does not count final \0).
*/
int
string_decode_base16 (const char *from, char *to)
{
int length, to_length, i, pos;
unsigned char *ptr_to, value;
length = strlen (from) / 2;
ptr_to = (unsigned char *)to;
ptr_to[0] = '\0';
to_length = 0;
for (i = 0; i < length; i++)
{
pos = i * 2;
value = 0;
/* 4 bits on the left */
if ((from[pos] >= '0') && (from[pos] <= '9'))
value |= (from[pos] - '0') << 4;
else if ((from[pos] >= 'a') && (from[pos] <= 'f'))
value |= (from[pos] - 'a' + 10) << 4;
else if ((from[pos] >= 'A') && (from[pos] <= 'F'))
value |= (from[pos] - 'A' + 10) << 4;
/* 4 bits on the right */
pos++;
if ((from[pos] >= '0') && (from[pos] <= '9'))
value |= from[pos] - '0';
else if ((from[pos] >= 'a') && (from[pos] <= 'f'))
value |= from[pos] - 'a' + 10;
else if ((from[pos] >= 'A') && (from[pos] <= 'F'))
value |= from[pos] - 'A' + 10;
ptr_to[0] = value;
ptr_to++;
to_length++;
}
ptr_to[0] = '\0';
return to_length;
}
/*
* Converts 3 bytes of 8 bits in 4 bytes of 6 bits.
*/
@ -2031,19 +2103,25 @@ string_input_for_buffer (const char *string)
char *
string_replace_with_callback (const char *string,
const char *prefix,
const char *suffix,
char *(*callback)(void *data, const char *text),
void *callback_data,
int *errors)
{
int length, length_value, index_string, index_result;
int length_prefix, length_suffix, length, length_value, index_string;
int index_result;
char *result, *result2, *key, *value;
const char *pos_end_name;
*errors = 0;
if (!string)
if (!string || !prefix || !prefix[0] || !suffix || !suffix[0])
return NULL;
length_prefix = strlen (prefix);
length_suffix = strlen (suffix);
length = strlen (string) + 1;
result = malloc (length);
if (result)
@ -2053,19 +2131,18 @@ string_replace_with_callback (const char *string,
while (string[index_string])
{
if ((string[index_string] == '\\')
&& (string[index_string + 1] == '$'))
&& (string[index_string + 1] == prefix[0]))
{
index_string++;
result[index_result++] = string[index_string++];
}
else if ((string[index_string] == '$')
&& (string[index_string + 1] == '{'))
else if (strncmp (string + index_string, prefix, length_prefix) == 0)
{
pos_end_name = strchr (string + index_string + 2, '}');
pos_end_name = strstr (string + index_string + length_prefix, suffix);
if (pos_end_name)
{
key = string_strndup (string + index_string + 2,
pos_end_name - (string + index_string + 2));
key = string_strndup (string + index_string + length_prefix,
pos_end_name - (string + index_string + length_prefix));
if (key)
{
value = (*callback) (callback_data, key);
@ -2086,7 +2163,7 @@ string_replace_with_callback (const char *string,
strcpy (result + index_result, value);
index_result += length_value;
index_string += pos_end_name - string -
index_string + 1;
index_string + length_suffix;
free (value);
}
else
@ -2094,7 +2171,6 @@ string_replace_with_callback (const char *string,
result[index_result++] = string[index_string++];
(*errors)++;
}
free (key);
}
else

4
src/core/wee-string.h
View File

@ -72,11 +72,15 @@ extern char *string_iconv_from_internal (const char *charset,
const char *string);
extern int string_iconv_fprintf (FILE *file, const char *data, ...);
extern char *string_format_size (unsigned long long size);
extern void string_encode_base16 (const char *from, int length, char *to);
extern int string_decode_base16 (const char *from, char *to);
extern void string_encode_base64 (const char *from, int length, char *to);
extern int string_decode_base64 (const char *from, char *to);
extern int string_is_command_char (const char *string);
extern const char *string_input_for_buffer (const char *string);
extern char *string_replace_with_callback (const char *string,
const char *prefix,
const char *suffix,
char *(*callback)(void *data, const char *text),
void *callback_data,
int *errors);

4
src/core/wee-upgrade.c
View File

@ -32,6 +32,7 @@
#include "wee-upgrade.h"
#include "wee-hook.h"
#include "wee-infolist.h"
#include "wee-secure.h"
#include "wee-string.h"
#include "wee-util.h"
#include "../gui/gui-buffer.h"
@ -729,6 +730,9 @@ upgrade_weechat_load ()
gui_color_buffer_assign ();
gui_color_buffer_display ();
secure_buffer_assign ();
secure_buffer_display ();
if (upgrade_layout->layout_buffers)
gui_layout_buffer_apply (upgrade_layout);
if (upgrade_layout->layout_windows)

18
src/core/weechat.c
View File

@ -61,6 +61,7 @@
#include "wee-log.h"
#include "wee-network.h"
#include "wee-proxy.h"
#include "wee-secure.h"
#include "wee-string.h"
#include "wee-upgrade.h"
#include "wee-utf8.h"
@ -440,14 +441,19 @@ main (int argc, char *argv[])
command_init (); /* initialize WeeChat commands */
completion_init (); /* add core completion hooks */
gui_key_init (); /* init keys */
if (!config_weechat_init ()) /* init options with default values */
network_init_gcrypt (); /* init gcrypt */
if (!secure_init ()) /* init secured data options (sec.*)*/
exit (EXIT_FAILURE);
if (!config_weechat_init ()) /* init WeeChat options (weechat.*) */
exit (EXIT_FAILURE);
weechat_parse_args (argc, argv); /* parse command line args */
weechat_create_home_dir (); /* create WeeChat home directory */
log_init (); /* init log file */
if (config_weechat_read () < 0) /* read WeeChat configuration */
if (secure_read () < 0) /* read secured data options */
exit (EXIT_FAILURE);
network_init (); /* init networking */
if (config_weechat_read () < 0) /* read WeeChat options */
exit (EXIT_FAILURE);
network_init_gnutls (); /* init GnuTLS */
gui_main_init (); /* init WeeChat interface */
if (weechat_upgrading)
{
@ -470,10 +476,12 @@ main (int argc, char *argv[])
gui_layout_save_on_exit (); /* save layout */
plugin_end (); /* end plugin interface(s) */
if (CONFIG_BOOLEAN(config_look_save_config_on_exit))
(void) config_weechat_write (NULL); /* save WeeChat config file */
(void) config_weechat_write (); /* save WeeChat config file */
(void) secure_write (); /* save secured data */
gui_main_end (1); /* shut down WeeChat GUI */
proxy_free_all (); /* free all proxies */
config_weechat_free (); /* free weechat.conf and vars */
config_weechat_free (); /* free WeeChat options */
secure_free (); /* free secured data options */
config_file_free_all (); /* free all configuration files */
gui_key_end (); /* remove all keys */
unhook_all (); /* remove all hooks */

3
src/gui/curses/gui-curses-color.c
View File

@ -945,8 +945,7 @@ gui_color_buffer_display ()
}
/* display palette colors */
if (hashtable_get_integer (gui_color_hash_palette_color,
"items_count") > 0)
if (gui_color_hash_palette_color->items_count > 0)
{
y++;
gui_chat_printf_y (gui_color_buffer, y++,

57
src/gui/curses/gui-curses-main.c
View File

@ -63,6 +63,63 @@ int gui_term_cols = 0;
int gui_term_lines = 0;
/*
* Gets a password from user (called on startup, when GUI is not initialized).
*
* The result is stored in "password" with max "size" bytes (including the
* final '\0').
*/
void
gui_main_get_password (const char *prompt1, const char *prompt2,
const char *prompt3,
char *password, int size)
{
int i, ch;
initscr ();
cbreak ();
noecho ();
clear();
mvprintw (0, 0, "%s", prompt1);
mvprintw (1, 0, "%s", prompt2);
mvprintw (2, 0, "%s", prompt3);
mvprintw (3, 0, "=> ");
refresh ();
memset (password, '\0', size);
i = 0;
while (i < size - 1)
{
ch = getch ();
if (ch == '\n')
break;
if (ch == 127)
{
if (i > 0)
{
i--;
password[i] = '\0';
mvprintw (3, 3 + i, " ");
move (3, 3 + i);
}
}
else
{
password[i] = ch;
mvprintw (3, 3 + i, "*");
i++;
}
refresh ();
}
password[i] = '\0';
refresh ();
endwin ();
}
/*
* Pre-initializes GUI (called before gui_init).
*/

1
src/gui/gui-key.c
View File

@ -1125,6 +1125,7 @@ gui_key_focus_command (const char *key, int context,
else
{
command = string_replace_with_callback (commands[i],
"${", "}",
&gui_key_focus_command_replace_cb,
hashtable,
&errors);

3
src/gui/gui-main.h
View File

@ -22,6 +22,9 @@
/* main functions (GUI dependent) */
extern void gui_main_get_password (const char *prompt1, const char *prompt2,
const char *prompt3,
char *password, int size);
extern void gui_main_loop ();
extern void gui_main_pre_init (int *argc, char **argv[]);
extern void gui_main_init ();

12
src/plugins/irc/irc-config.c
View File

@ -1620,7 +1620,8 @@ irc_config_server_new_option (struct t_config_file *config_file,
new_option = weechat_config_new_option (
config_file, section,
option_name, "string",
N_("username for SASL authentication"),
N_("username for SASL authentication "
"(note: content is evaluated, see /help eval)"),
NULL, 0, 0,
default_value, value,
null_value_allowed,
@ -1632,7 +1633,8 @@ irc_config_server_new_option (struct t_config_file *config_file,
new_option = weechat_config_new_option (
config_file, section,
option_name, "string",
N_("password for SASL authentication"),
N_("password for SASL authentication "
"(note: content is evaluated, see /help eval)"),
NULL, 0, 0,
default_value, value,
null_value_allowed,
@ -1745,7 +1747,8 @@ irc_config_server_new_option (struct t_config_file *config_file,
N_("command(s) to run when connected to server (many commands "
"should be separated by \";\", use \"\\;\" for a semicolon, "
"special variables $nick, $channel and $server are replaced "
"by their value)"),
"by their value) "
"(note: content is evaluated, see /help eval)"),
NULL, 0, 0,
default_value, value,
null_value_allowed,
@ -1771,7 +1774,8 @@ irc_config_server_new_option (struct t_config_file *config_file,
config_file, section,
option_name, "string",
N_("comma separated list of channels to join when connected to server "
"(example: \"#chan1,#chan2,#chan3 key1,key2\")"),
"(example: \"#chan1,#chan2,#chan3 key1,key2\") "
"(note: content is evaluated, see /help eval)"),
NULL, 0, 0,
default_value, value,
null_value_allowed,

40
src/plugins/irc/irc-protocol.c
View File

@ -149,8 +149,7 @@ irc_protocol_tags (const char *command, const char *tags, const char *nick)
IRC_PROTOCOL_CALLBACK(authenticate)
{
int sasl_mechanism;
const char *sasl_username, *sasl_password;
char *answer;
char *sasl_username, *sasl_password, *answer;
IRC_PROTOCOL_MIN_ARGS(2);
@ -158,10 +157,12 @@ IRC_PROTOCOL_CALLBACK(authenticate)
{
sasl_mechanism = IRC_SERVER_OPTION_INTEGER(server,
IRC_SERVER_OPTION_SASL_MECHANISM);
sasl_username = IRC_SERVER_OPTION_STRING(server,
IRC_SERVER_OPTION_SASL_USERNAME);
sasl_password = IRC_SERVER_OPTION_STRING(server,
IRC_SERVER_OPTION_SASL_PASSWORD);
sasl_username = weechat_string_eval_expression (IRC_SERVER_OPTION_STRING(server,
IRC_SERVER_OPTION_SASL_USERNAME),
NULL, NULL);
sasl_password = weechat_string_eval_expression (IRC_SERVER_OPTION_STRING(server,
IRC_SERVER_OPTION_SASL_PASSWORD),
NULL, NULL);
answer = NULL;
switch (sasl_mechanism)
{
@ -198,6 +199,10 @@ IRC_PROTOCOL_CALLBACK(authenticate)
irc_sasl_mechanism_string[IRC_SERVER_OPTION_INTEGER(server, IRC_SERVER_OPTION_SASL_MECHANISM)]);
irc_server_sendf (server, 0, NULL, "CAP END");
}
if (sasl_username)
free (sasl_username);
if (sasl_password)
free (sasl_password);
}
return WEECHAT_RC_OK;
@ -2076,9 +2081,7 @@ IRC_PROTOCOL_CALLBACK(wallops)
IRC_PROTOCOL_CALLBACK(001)
{
char **commands, **ptr_cmd, *vars_replaced;
char *away_msg;
const char *ptr_command;
char *server_command, **commands, **ptr_command, *vars_replaced, *away_msg;
IRC_PROTOCOL_MIN_ARGS(3);
@ -2117,19 +2120,21 @@ IRC_PROTOCOL_CALLBACK(001)
WEECHAT_HOOK_SIGNAL_STRING, server->name);
/* execute command when connected */
ptr_command = IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_COMMAND);
if (ptr_command && ptr_command[0])
server_command = weechat_string_eval_expression (IRC_SERVER_OPTION_STRING(server,
IRC_SERVER_OPTION_COMMAND),
NULL, NULL);
if (server_command && server_command[0])
{
/* splitting command on ';' which can be escaped with '\;' */
commands = weechat_string_split_command (ptr_command, ';');
/* split command on ';' which can be escaped with '\;' */
commands = weechat_string_split_command (server_command, ';');
if (commands)
{
for (ptr_cmd = commands; *ptr_cmd; ptr_cmd++)
for (ptr_command = commands; *ptr_command; ptr_command++)
{
vars_replaced = irc_message_replace_vars (server, NULL,
*ptr_cmd);
*ptr_command);
weechat_command (server->buffer,
(vars_replaced) ? vars_replaced : *ptr_cmd);
(vars_replaced) ? vars_replaced : *ptr_command);
if (vars_replaced)
free (vars_replaced);
}
@ -2144,6 +2149,9 @@ IRC_PROTOCOL_CALLBACK(001)
else
irc_server_autojoin_channels (server);
if (server_command)
free (server_command);
return WEECHAT_RC_OK;
}

48
src/plugins/irc/irc-server.c
View File

@ -317,23 +317,32 @@ irc_server_strncasecmp (struct t_irc_server *server,
int
irc_server_sasl_enabled (struct t_irc_server *server)
{
int sasl_mechanism;
const char *sasl_username, *sasl_password;
int sasl_mechanism, rc;
char *sasl_username, *sasl_password;
sasl_mechanism = IRC_SERVER_OPTION_INTEGER(server,
IRC_SERVER_OPTION_SASL_MECHANISM);
sasl_username = IRC_SERVER_OPTION_STRING(server,
IRC_SERVER_OPTION_SASL_USERNAME);
sasl_password = IRC_SERVER_OPTION_STRING(server,
IRC_SERVER_OPTION_SASL_PASSWORD);
sasl_username = weechat_string_eval_expression (IRC_SERVER_OPTION_STRING(server,
IRC_SERVER_OPTION_SASL_USERNAME),
NULL, NULL);
sasl_password = weechat_string_eval_expression (IRC_SERVER_OPTION_STRING(server,
IRC_SERVER_OPTION_SASL_PASSWORD),
NULL, NULL);
/*
* SASL is enabled if using mechanism "external"
* or if both username AND password are set
*/
return ((sasl_mechanism == IRC_SASL_MECHANISM_EXTERNAL)
|| (sasl_username && sasl_username[0]
&& sasl_password && sasl_password[0])) ? 1 : 0;
rc = ((sasl_mechanism == IRC_SASL_MECHANISM_EXTERNAL)
|| (sasl_username && sasl_username[0]
&& sasl_password && sasl_password[0])) ? 1 : 0;
if (sasl_username)
free (sasl_username);
if (sasl_password)
free (sasl_password);
return rc;
}
/*
@ -1176,9 +1185,11 @@ irc_server_alloc_with_url (const char *irc_url)
}
}
if (pos_password && pos_password[0])
{
weechat_config_option_set (ptr_server->options[IRC_SERVER_OPTION_PASSWORD],
pos_password,
1);
}
weechat_config_option_set (ptr_server->options[IRC_SERVER_OPTION_AUTOCONNECT],
"on",
1);
@ -3039,10 +3050,12 @@ irc_server_reconnect_schedule (struct t_irc_server *server)
void
irc_server_login (struct t_irc_server *server)
{
const char *password, *username, *realname, *capabilities;
char *username2;
const char *username, *realname, *capabilities;
char *password, *username2;
password = IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_PASSWORD);
password = weechat_string_eval_expression (IRC_SERVER_OPTION_STRING(server,
IRC_SERVER_OPTION_PASSWORD),
NULL, NULL);
username = IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_USERNAME);
realname = IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_REALNAME);
capabilities = IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_CAPABILITIES);
@ -3050,6 +3063,9 @@ irc_server_login (struct t_irc_server *server)
if (password && password[0])
irc_server_sendf (server, 0, NULL, "PASS %s", password);
if (password)
free (password);
if (!server->nick)
{
irc_server_set_nick (server,
@ -4104,7 +4120,7 @@ void
irc_server_autojoin_channels (struct t_irc_server *server)
{
struct t_irc_channel *ptr_channel;
const char *autojoin;
char *autojoin;
/* auto-join after disconnection (only rejoins opened channels) */
if (!server->disable_autojoin && server->reconnect_join && server->channels)
@ -4136,9 +4152,13 @@ irc_server_autojoin_channels (struct t_irc_server *server)
else
{
/* auto-join when connecting to server for first time */
autojoin = IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_AUTOJOIN);
autojoin = weechat_string_eval_expression (IRC_SERVER_OPTION_STRING(server,
IRC_SERVER_OPTION_AUTOJOIN),
NULL, NULL);
if (!server->disable_autojoin && autojoin && autojoin[0])
irc_command_join_server (server, autojoin, 0, 0);
if (autojoin)
free (autojoin);
}
server->disable_autojoin = 0;

3
src/plugins/rmodifier/rmodifier-config.c
View File

@ -54,6 +54,9 @@ char *rmodifier_config_default_list[][4] =
{ "set_pass", "history_add",
"^(/set +\\S*password\\S* +)(.*)", "1,2*"
},
{ "secure", "history_add,input_text_display",
"^(/secure +(passphrase|decrypt|set \\S+) +)(.*)", "1,3*"
},
{ NULL, NULL, NULL, NULL },
};