irc: drop support of DH-BLOWFISH and DH-AES SASL mechanisms (closes #175)
This commit is contained in:
Sébastien Helleu
parent
51740eb21e
commit
e8cdda318f
@ -23,6 +23,7 @@ New features::
|
||||
* irc: add command /setname, add support of message and capability "setname" (issue #1653)
|
||||
* irc: always set realname in nicks even when extended-join capability is not enabled (issue #1653)
|
||||
* irc: add support of FAIL/WARN/NOTE messages (issue #1653)
|
||||
* irc: drop support of DH-BLOWFISH and DH-AES SASL mechanisms (issue #175)
|
||||
|
||||
Documentation::
|
||||
|
||||
@ -766,7 +767,7 @@ Bug fixes::
|
||||
* core: fix command /cursor stop (do not toggle cursor mode) (issue #964)
|
||||
* core: fix delayed refresh when the signal SIGWINCH is received (terminal resized), send signal "signal_sigwinch" after refreshes (issue #902)
|
||||
* irc: fix update of server addresses on reconnection when the evaluated content has changed (issue #925)
|
||||
* irc: fix crash in case of invalid server reply during SASL authentication with dh-blowfish or dh-aes mechanism
|
||||
* irc: fix crash in case of invalid server reply during SASL authentication with DH-BLOWFISH or DH-AES mechanism
|
||||
* irc: fix double decoding of IRC colors in messages sent/displayed by commands /msg and /query (issue #943)
|
||||
* irc: fix parsing of message 324 (modes) when there is a colon before the modes (issue #913)
|
||||
* relay: check buffer pointer received in "sync" and "desync" commands (weechat protocol) (issue #936)
|
||||
@ -1553,7 +1554,7 @@ New features::
|
||||
* aspell: add completion "aspell_dicts" (list of aspell installed dictionaries)
|
||||
* aspell: add info "aspell_dict" (dictionaries used on a buffer)
|
||||
* aspell: optimization on spellers to improve speed (save state by buffer)
|
||||
* irc: add support of "dh-aes" SASL mechanism (patch #8020)
|
||||
* irc: add support of DH-AES SASL mechanism (patch #8020)
|
||||
* irc: add support of UHNAMES (capability "userhost-in-names") (task #9353)
|
||||
* irc: add tag "irc_nick_back" for messages displayed in private buffer when a nick is back on server (task #12576)
|
||||
* irc: add option irc.look.display_join_message (task #10895)
|
||||
@ -1933,7 +1934,7 @@ Bug fixes::
|
||||
* core: fix help on plugin option when config_set_desc_plugin is called to set help on newly created option
|
||||
* core: enable background process under Cygwin to connect to servers, fix reconnection problem (bug #34626)
|
||||
* aspell: fix URL detection (do not check spelling of URLs) (bug #34040)
|
||||
* irc: fix memory leak in SASL/blowfish authentication
|
||||
* irc: fix memory leak in SASL DH-BLOWFISH authentication
|
||||
* irc: fix memory leak when a server is deleted
|
||||
* irc: fix self-highlight when using /me with an IRC bouncer like znc (bug #35123)
|
||||
* irc: use low priority for MODE sent automatically by WeeChat (when joining channel)
|
||||
|
||||
@ -17,6 +17,23 @@ https://weechat.org/files/changelog/ChangeLog-devel.html[ChangeLog]
|
||||
(file _ChangeLog.adoc_ in sources).
|
||||
|
||||
|
||||
[[v3.3]]
|
||||
== Version 3.3 (under dev)
|
||||
|
||||
[[v3.2_irc_sasl_blowfish_aes]]
|
||||
=== Drop support of SASL DH-BLOWFISH and DH-AES mechanisms
|
||||
|
||||
The SASL mechanisms DH-BLOWFISH and DH-AES have been removed, because they
|
||||
are insecure and already removed from most IRC servers. +
|
||||
If you were using one of these mechanisms, it is highly recommended to switch
|
||||
to any other supported SASL mechanism.
|
||||
|
||||
For example:
|
||||
|
||||
----
|
||||
/set irc.server.example.sasl_mechanism scram-sha-256
|
||||
----
|
||||
|
||||
[[v3.2]]
|
||||
== Version 3.2 (2021-06-13)
|
||||
|
||||
|
||||
@ -2779,9 +2779,9 @@
|
||||
** Standardwert: `+""+`
|
||||
|
||||
* [[option_irc.server_default.sasl_mechanism]] *irc.server_default.sasl_mechanism*
|
||||
** Beschreibung: pass:none[Verfahren welches bei einer SASL Authentifizierung angewandt werden soll: "plain" Passwort wird im Klartext gesendet, "scram-sha-1" für SCRAM-Authentifizierung mit SHA-1-Digest-Algorithmus, "scram-sha-256" für SCRAM-Authenrifizierung mit SHA-256 Digest-Algorithmus, "scram-sha-512" für SCRAM-Authentifizierung mit SHA-512 Digest-Algorithmus, "ecdsa-nist256p-challenge" für öffentlich/private Schlüsselmethode, "external" SSL Zertifikat welches auf Client Seite vorliegt wird verwendet, "dh-blowfish" Passwort wird mittels blowfish verschlüsselt (unsicher, wird nicht empfohlen), "dh-aes" Passwort wird mittels AES verschlüsselt (unsicher, wird nicht empfohlen)]
|
||||
** Beschreibung: pass:none[mechanism for SASL authentication: "plain" for plain text password, "scram-sha-1" for SCRAM authentication with SHA-1 digest algorithm, "scram-sha-256" for SCRAM authentication with SHA-256 digest algorithm, "scram-sha-512" for SCRAM authentication with SHA-512 digest algorithm, "ecdsa-nist256p-challenge" for key-based challenge authentication, "external" for authentication using client side SSL certificate]
|
||||
** Typ: integer
|
||||
** Werte: plain, scram-sha-1, scram-sha-256, scram-sha-512, ecdsa-nist256p-challenge, external, dh-blowfish, dh-aes
|
||||
** Werte: plain, scram-sha-1, scram-sha-256, scram-sha-512, ecdsa-nist256p-challenge, external
|
||||
** Standardwert: `+plain+`
|
||||
|
||||
* [[option_irc.server_default.sasl_password]] *irc.server_default.sasl_password*
|
||||
|
||||
@ -3003,10 +3003,6 @@ WeeChat unterstützt eine SASL Authentifikation, mittels verschiedener Mechanism
|
||||
* _scram-sha-512_: SCRAM mit SHA-512 Digest-Algorithmus
|
||||
* _ecdsa-nist256p-challenge_: Abgleich von öffentlichem/privatem Schlüssel
|
||||
* _external_: SSL Zertifikat welches auf Client Seite vorliegt
|
||||
* _dh-blowfish_: Passwort wird mittels blowfish verschlüsselt
|
||||
(*unsicher*, wird nicht empfohlen)
|
||||
* _dh-aes_: Passwort wird mittels AES verschlüsselt
|
||||
(*unsicher*, wird nicht empfohlen)
|
||||
|
||||
Optionen für Server sind:
|
||||
|
||||
|
||||
@ -2779,9 +2779,9 @@
|
||||
** default value: `+""+`
|
||||
|
||||
* [[option_irc.server_default.sasl_mechanism]] *irc.server_default.sasl_mechanism*
|
||||
** description: pass:none[mechanism for SASL authentication: "plain" for plain text password, "scram-sha-1" for SCRAM authentication with SHA-1 digest algorithm, "scram-sha-256" for SCRAM authentication with SHA-256 digest algorithm, "scram-sha-512" for SCRAM authentication with SHA-512 digest algorithm, "ecdsa-nist256p-challenge" for key-based challenge authentication, "external" for authentication using client side SSL cert, "dh-blowfish" for blowfish crypted password (insecure, not recommended), "dh-aes" for AES crypted password (insecure, not recommended)]
|
||||
** description: pass:none[mechanism for SASL authentication: "plain" for plain text password, "scram-sha-1" for SCRAM authentication with SHA-1 digest algorithm, "scram-sha-256" for SCRAM authentication with SHA-256 digest algorithm, "scram-sha-512" for SCRAM authentication with SHA-512 digest algorithm, "ecdsa-nist256p-challenge" for key-based challenge authentication, "external" for authentication using client side SSL certificate]
|
||||
** type: integer
|
||||
** values: plain, scram-sha-1, scram-sha-256, scram-sha-512, ecdsa-nist256p-challenge, external, dh-blowfish, dh-aes
|
||||
** values: plain, scram-sha-1, scram-sha-256, scram-sha-512, ecdsa-nist256p-challenge, external
|
||||
** default value: `+plain+`
|
||||
|
||||
* [[option_irc.server_default.sasl_password]] *irc.server_default.sasl_password*
|
||||
|
||||
@ -2947,8 +2947,6 @@ WeeChat supports SASL authentication, using different mechanisms:
|
||||
* _scram-sha-512_: SCRAM with SHA-512 digest algorithm
|
||||
* _ecdsa-nist256p-challenge_: challenge with public/private key
|
||||
* _external_: client side SSL cert
|
||||
* _dh-blowfish_: blowfish encrypted password (*insecure*, not recommended)
|
||||
* _dh-aes_: AES encrypted password (*insecure*, not recommended)
|
||||
|
||||
Options in servers are:
|
||||
|
||||
|
||||
@ -2779,9 +2779,9 @@
|
||||
** valeur par défaut: `+""+`
|
||||
|
||||
* [[option_irc.server_default.sasl_mechanism]] *irc.server_default.sasl_mechanism*
|
||||
** description: pass:none[mécanisme pour l'authentification SASL : "plain" pour un mot de passe en clair, "scram-sha-1" pour une authentification SCRAM avec algorithme de hachage SHA-1, "scram-sha-256" pour une authentification SCRAM avec algorithme de hachage SHA-256, "scram-sha-512" pour une authentification SCRAM avec algorithme de hachage SHA-512, "ecdsa-nist256p-challenge" pour une authentification par challenge avec clé, "external" pour une authentification en utilisant un certificat SSL côté client, "dh-blowfish" pour un mot de passe chiffré avec blowfish (non sûr, non recommandé), "dh-aes" pour un mot de passe chiffré avec AES (non sûr, non recommandé)]
|
||||
** description: pass:none[mécanisme pour l'authentification SASL : "plain" pour un mot de passe en clair, "scram-sha-1" pour une authentification SCRAM avec algorithme de hachage SHA-1, "scram-sha-256" pour une authentification SCRAM avec algorithme de hachage SHA-256, "scram-sha-512" pour une authentification SCRAM avec algorithme de hachage SHA-512, "ecdsa-nist256p-challenge" pour une authentification par challenge avec clé, "external" pour une authentification en utilisant un certificat SSL côté client]
|
||||
** type: entier
|
||||
** valeurs: plain, scram-sha-1, scram-sha-256, scram-sha-512, ecdsa-nist256p-challenge, external, dh-blowfish, dh-aes
|
||||
** valeurs: plain, scram-sha-1, scram-sha-256, scram-sha-512, ecdsa-nist256p-challenge, external
|
||||
** valeur par défaut: `+plain+`
|
||||
|
||||
* [[option_irc.server_default.sasl_password]] *irc.server_default.sasl_password*
|
||||
|
||||
@ -3051,8 +3051,6 @@ mécanismes :
|
||||
* _scram-sha-512_ : SCRAM avec algorithme de hachage SHA-512
|
||||
* _ecdsa-nist256p-challenge_ : challenge avec clé publique/privée
|
||||
* _external_ : certificat SSL côté client
|
||||
* _dh-blowfish_ : mot de passe chiffré avec blowfish (*non sûr*, non recommandé)
|
||||
* _dh-aes_ : mot de passe chiffré avec AES (*non sûr*, non recommandé)
|
||||
|
||||
Les options dans le serveur sont :
|
||||
|
||||
|
||||
@ -2779,9 +2779,9 @@
|
||||
** valore predefinito: `+""+`
|
||||
|
||||
* [[option_irc.server_default.sasl_mechanism]] *irc.server_default.sasl_mechanism*
|
||||
** descrizione: pass:none[mechanism for SASL authentication: "plain" for plain text password, "scram-sha-1" for SCRAM authentication with SHA-1 digest algorithm, "scram-sha-256" for SCRAM authentication with SHA-256 digest algorithm, "scram-sha-512" for SCRAM authentication with SHA-512 digest algorithm, "ecdsa-nist256p-challenge" for key-based challenge authentication, "external" for authentication using client side SSL cert, "dh-blowfish" for blowfish crypted password (insecure, not recommended), "dh-aes" for AES crypted password (insecure, not recommended)]
|
||||
** descrizione: pass:none[mechanism for SASL authentication: "plain" for plain text password, "scram-sha-1" for SCRAM authentication with SHA-1 digest algorithm, "scram-sha-256" for SCRAM authentication with SHA-256 digest algorithm, "scram-sha-512" for SCRAM authentication with SHA-512 digest algorithm, "ecdsa-nist256p-challenge" for key-based challenge authentication, "external" for authentication using client side SSL certificate]
|
||||
** tipo: intero
|
||||
** valori: plain, scram-sha-1, scram-sha-256, scram-sha-512, ecdsa-nist256p-challenge, external, dh-blowfish, dh-aes
|
||||
** valori: plain, scram-sha-1, scram-sha-256, scram-sha-512, ecdsa-nist256p-challenge, external
|
||||
** valore predefinito: `+plain+`
|
||||
|
||||
* [[option_irc.server_default.sasl_password]] *irc.server_default.sasl_password*
|
||||
|
||||
@ -3183,10 +3183,6 @@ WeeChat supports SASL authentication, using different mechanisms:
|
||||
// TRANSLATION MISSING
|
||||
* _ecdsa-nist256p-challenge_: challenge with public/private key
|
||||
* _external_: certificato SSL da lato client
|
||||
// TRANSLATION MISSING
|
||||
* _dh-blowfish_: blowfish encrypted password (*insecure*, not recommended)
|
||||
// TRANSLATION MISSING
|
||||
* _dh-aes_: AES encrypted password (*insecure*, not recommended)
|
||||
|
||||
Le opzioni nel server sono:
|
||||
|
||||
|
||||
@ -2779,9 +2779,9 @@
|
||||
** デフォルト値: `+""+`
|
||||
|
||||
* [[option_irc.server_default.sasl_mechanism]] *irc.server_default.sasl_mechanism*
|
||||
** 説明: pass:none[mechanism for SASL authentication: "plain" for plain text password, "scram-sha-1" for SCRAM authentication with SHA-1 digest algorithm, "scram-sha-256" for SCRAM authentication with SHA-256 digest algorithm, "scram-sha-512" for SCRAM authentication with SHA-512 digest algorithm, "ecdsa-nist256p-challenge" for key-based challenge authentication, "external" for authentication using client side SSL cert, "dh-blowfish" for blowfish crypted password (insecure, not recommended), "dh-aes" for AES crypted password (insecure, not recommended)]
|
||||
** 説明: pass:none[mechanism for SASL authentication: "plain" for plain text password, "scram-sha-1" for SCRAM authentication with SHA-1 digest algorithm, "scram-sha-256" for SCRAM authentication with SHA-256 digest algorithm, "scram-sha-512" for SCRAM authentication with SHA-512 digest algorithm, "ecdsa-nist256p-challenge" for key-based challenge authentication, "external" for authentication using client side SSL certificate]
|
||||
** タイプ: 整数
|
||||
** 値: plain, scram-sha-1, scram-sha-256, scram-sha-512, ecdsa-nist256p-challenge, external, dh-blowfish, dh-aes
|
||||
** 値: plain, scram-sha-1, scram-sha-256, scram-sha-512, ecdsa-nist256p-challenge, external
|
||||
** デフォルト値: `+plain+`
|
||||
|
||||
* [[option_irc.server_default.sasl_password]] *irc.server_default.sasl_password*
|
||||
|
||||
@ -3036,8 +3036,6 @@ WeeChat は SASL 認証をサポートします、以下の認証メカニズム
|
||||
* _scram-sha-512_: SCRAM with SHA-512 digest algorithm
|
||||
* _ecdsa-nist256p-challenge_: 公開鍵/秘密鍵を使うチャレンジ認証
|
||||
* _external_: クライアント側 SSL 証明書
|
||||
* _dh-blowfish_: blowfish 暗号パスワード (*危険*、非推奨)
|
||||
* _dh-aes_: AES 暗号パスワード (*危険*、非推奨)
|
||||
|
||||
サーバオプション:
|
||||
|
||||
|
||||
@ -2779,9 +2779,9 @@
|
||||
** domyślna wartość: `+""+`
|
||||
|
||||
* [[option_irc.server_default.sasl_mechanism]] *irc.server_default.sasl_mechanism*
|
||||
** opis: pass:none[mechanizm autentykacji SASL: "plain" dla hasła w czystym tekście, "scram-sha-1" dla uwierzytelnienia SCRAM za pomocą algorytmu SHA-1, "scram-sha-256" dla uwierzytelnienia SCRAM za pomocą algorytmu SHA-256, "scram-sha-512" dla uwierzytelnienia SCRAM za pomocą algorytmu SHA-512, "ecdsa-nist256p-challenge" uwierzytelnianie na podstawie pary kluczy, "external" dla uwierzytelnienia za pomocą certyfikatu SSL po stronie klienta, "dh-blowfish" dla hasła szyfrowanego za pomocą blowfish (mało bezpieczne, niepolecane), "dh-aes" dla hasła szyfrowanego za pomocą AES (mało bezpieczne, niepolecane)]
|
||||
** opis: pass:none[mechanism for SASL authentication: "plain" for plain text password, "scram-sha-1" for SCRAM authentication with SHA-1 digest algorithm, "scram-sha-256" for SCRAM authentication with SHA-256 digest algorithm, "scram-sha-512" for SCRAM authentication with SHA-512 digest algorithm, "ecdsa-nist256p-challenge" for key-based challenge authentication, "external" for authentication using client side SSL certificate]
|
||||
** typ: liczba
|
||||
** wartości: plain, scram-sha-1, scram-sha-256, scram-sha-512, ecdsa-nist256p-challenge, external, dh-blowfish, dh-aes
|
||||
** wartości: plain, scram-sha-1, scram-sha-256, scram-sha-512, ecdsa-nist256p-challenge, external
|
||||
** domyślna wartość: `+plain+`
|
||||
|
||||
* [[option_irc.server_default.sasl_password]] *irc.server_default.sasl_password*
|
||||
|
||||
@ -2971,10 +2971,6 @@ WeeChat wspiera uwierzytelnianie SASL, używając różnych mechanizmów:
|
||||
* _scram-sha-512_: SCRAM z użyciem algorytmu SHA-512
|
||||
* _ecdsa-nist256p-challenge_: klucz prywatny/publiczny
|
||||
* _external_: certyfikat SSL po stronie klienta
|
||||
* _dh-blowfish_: hasło zaszyfrowane algorytmem blowfish
|
||||
(*niebezpieczne*, nie zalecane)
|
||||
* _dh-aes_: hasło zaszyfrowane algorytmem AES
|
||||
(*niebezpieczne*, nie zalecane)
|
||||
|
||||
Opcje dla serwerów to:
|
||||
|
||||
|
||||
@ -2779,9 +2779,9 @@
|
||||
** подразумевана вредност: `+""+`
|
||||
|
||||
* [[option_irc.server_default.sasl_mechanism]] *irc.server_default.sasl_mechanism*
|
||||
** опис: pass:none[механизам SASL аутентификације: „plain” за просту текст лозинку, „scram-sha-1” за SCRAM аутентификацију са SHA-1 digest алгоритмом, „scram-sha-256” за SCRAM аутентификацију са SHA-256 digest алгоритмом, „scram-sha-512” за SCRAM аутентификацију са SHA-512 digest алгоритмом, „ecdsa-nist256p-challenge” за аутентификацију са изазовом базираним на кључу, „external” за аутентификацију употребом SSL сертификата са клијентске стране, „dh-blowfish” за blowfish шифровану лозинку (није безбедно, не препоручује се), „dh-aes” за AES шифровану лозинку (није безбедно, не препоручује се)]
|
||||
** опис: pass:none[mechanism for SASL authentication: "plain" for plain text password, "scram-sha-1" for SCRAM authentication with SHA-1 digest algorithm, "scram-sha-256" for SCRAM authentication with SHA-256 digest algorithm, "scram-sha-512" for SCRAM authentication with SHA-512 digest algorithm, "ecdsa-nist256p-challenge" for key-based challenge authentication, "external" for authentication using client side SSL certificate]
|
||||
** тип: целобројна
|
||||
** вредности: plain, scram-sha-1, scram-sha-256, scram-sha-512, ecdsa-nist256p-challenge, external, dh-blowfish, dh-aes
|
||||
** вредности: plain, scram-sha-1, scram-sha-256, scram-sha-512, ecdsa-nist256p-challenge, external
|
||||
** подразумевана вредност: `+plain+`
|
||||
|
||||
* [[option_irc.server_default.sasl_password]] *irc.server_default.sasl_password*
|
||||
|
||||
@ -2722,8 +2722,6 @@ $ openssl req -nodes -newkey rsa:2048 -keyout nick.pem -x509 -days 365 -out nick
|
||||
* _scram-sha-512_: SCRAM са SHA-512 digest алгоритмом
|
||||
* _ecdsa-nist256p-challenge_: изазов са јавним/приватним кључем
|
||||
* _external_: SSL сертификат са клијентске стране
|
||||
* _dh-blowfish_: blowfish шифрована лозинка (*небезбедно*, не препоручује се)
|
||||
* _dh-aes_: AES шифрована лозинка (*небезбедно*, не препоручује се)
|
||||
|
||||
Опције за сервере су следеће:
|
||||
|
||||
|
||||
6
po/cs.po
6
po/cs.po
@ -21,7 +21,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: WeeChat\n"
|
||||
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
|
||||
"POT-Creation-Date: 2021-06-15 18:50+0200\n"
|
||||
"POT-Creation-Date: 2021-06-15 20:40+0200\n"
|
||||
"PO-Revision-Date: 2021-05-25 18:28+0200\n"
|
||||
"Last-Translator: Ondřej Súkup <mimi.vx@gmail.com>\n"
|
||||
"Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
|
||||
@ -8035,9 +8035,7 @@ msgid ""
|
||||
"\"scram-sha-256\" for SCRAM authentication with SHA-256 digest algorithm, "
|
||||
"\"scram-sha-512\" for SCRAM authentication with SHA-512 digest algorithm, "
|
||||
"\"ecdsa-nist256p-challenge\" for key-based challenge authentication, "
|
||||
"\"external\" for authentication using client side SSL cert, \"dh-blowfish\" "
|
||||
"for blowfish crypted password (insecure, not recommended), \"dh-aes\" for "
|
||||
"AES crypted password (insecure, not recommended)"
|
||||
"\"external\" for authentication using client side SSL certificate"
|
||||
msgstr ""
|
||||
|
||||
#, fuzzy
|
||||
|
||||
16
po/de.po
16
po/de.po
@ -24,7 +24,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: WeeChat\n"
|
||||
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
|
||||
"POT-Creation-Date: 2021-06-15 18:50+0200\n"
|
||||
"POT-Creation-Date: 2021-06-15 20:40+0200\n"
|
||||
"PO-Revision-Date: 2021-06-05 23:02+0200\n"
|
||||
"Last-Translator: Nils Görs <weechatter@arcor.de>\n"
|
||||
"Language-Team: German <kde-i18n-de@kde.org>\n"
|
||||
@ -9886,15 +9886,23 @@ msgstr ""
|
||||
"(siehe /help cap um eine Liste von Fähigkeiten zu erhalten die von WeeChat "
|
||||
"unterstützt werden) (Beispiel: \"away-notify,multi-prefix\")"
|
||||
|
||||
#, fuzzy
|
||||
#| msgid ""
|
||||
#| "mechanism for SASL authentication: \"plain\" for plain text password, "
|
||||
#| "\"scram-sha-1\" for SCRAM authentication with SHA-1 digest algorithm, "
|
||||
#| "\"scram-sha-256\" for SCRAM authentication with SHA-256 digest algorithm, "
|
||||
#| "\"scram-sha-512\" for SCRAM authentication with SHA-512 digest algorithm, "
|
||||
#| "\"ecdsa-nist256p-challenge\" for key-based challenge authentication, "
|
||||
#| "\"external\" for authentication using client side SSL cert, \"dh-blowfish"
|
||||
#| "\" for blowfish crypted password (insecure, not recommended), \"dh-aes\" "
|
||||
#| "for AES crypted password (insecure, not recommended)"
|
||||
msgid ""
|
||||
"mechanism for SASL authentication: \"plain\" for plain text password, "
|
||||
"\"scram-sha-1\" for SCRAM authentication with SHA-1 digest algorithm, "
|
||||
"\"scram-sha-256\" for SCRAM authentication with SHA-256 digest algorithm, "
|
||||
"\"scram-sha-512\" for SCRAM authentication with SHA-512 digest algorithm, "
|
||||
"\"ecdsa-nist256p-challenge\" for key-based challenge authentication, "
|
||||
"\"external\" for authentication using client side SSL cert, \"dh-blowfish\" "
|
||||
"for blowfish crypted password (insecure, not recommended), \"dh-aes\" for "
|
||||
"AES crypted password (insecure, not recommended)"
|
||||
"\"external\" for authentication using client side SSL certificate"
|
||||
msgstr ""
|
||||
"Verfahren welches bei einer SASL Authentifizierung angewandt werden soll: "
|
||||
"\"plain\" Passwort wird im Klartext gesendet, \"scram-sha-1\" für SCRAM-"
|
||||
|
||||
6
po/es.po
6
po/es.po
@ -22,7 +22,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: WeeChat\n"
|
||||
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
|
||||
"POT-Creation-Date: 2021-06-15 18:50+0200\n"
|
||||
"POT-Creation-Date: 2021-06-15 20:40+0200\n"
|
||||
"PO-Revision-Date: 2021-05-25 18:28+0200\n"
|
||||
"Last-Translator: Elián Hanisch <lambdae2@gmail.com>\n"
|
||||
"Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
|
||||
@ -8274,9 +8274,7 @@ msgid ""
|
||||
"\"scram-sha-256\" for SCRAM authentication with SHA-256 digest algorithm, "
|
||||
"\"scram-sha-512\" for SCRAM authentication with SHA-512 digest algorithm, "
|
||||
"\"ecdsa-nist256p-challenge\" for key-based challenge authentication, "
|
||||
"\"external\" for authentication using client side SSL cert, \"dh-blowfish\" "
|
||||
"for blowfish crypted password (insecure, not recommended), \"dh-aes\" for "
|
||||
"AES crypted password (insecure, not recommended)"
|
||||
"\"external\" for authentication using client side SSL certificate"
|
||||
msgstr ""
|
||||
"mecanismo de autenticación SASL: \"plain\" para contraseñas en texto plano, "
|
||||
"\"dh-blowfish\" para contraseña encriptada, \"external\" para autentificar "
|
||||
|
||||
23
po/fr.po
23
po/fr.po
@ -21,8 +21,8 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: WeeChat\n"
|
||||
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
|
||||
"POT-Creation-Date: 2021-06-15 18:50+0200\n"
|
||||
"PO-Revision-Date: 2021-06-15 18:52+0200\n"
|
||||
"POT-Creation-Date: 2021-06-15 20:40+0200\n"
|
||||
"PO-Revision-Date: 2021-06-15 20:43+0200\n"
|
||||
"Last-Translator: Sébastien Helleu <flashcode@flashtux.org>\n"
|
||||
"Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
|
||||
"Language: fr\n"
|
||||
@ -8247,14 +8247,19 @@ msgstr ""
|
||||
" ls : lister les capacités supportées par le serveur\n"
|
||||
" list : lister les capacités actuellement activées\n"
|
||||
" req : demander une capacité\n"
|
||||
" ack : accuser réception de capacités qui nécessitent un accusé de réception du client\n"
|
||||
" ack : accuser réception de capacités qui nécessitent un accusé de "
|
||||
"réception du client\n"
|
||||
" end : terminer la négociation de capacité\n"
|
||||
"\n"
|
||||
"Sans paramètre, \"ls\" et \"list\" sont envoyés.\n"
|
||||
"\n"
|
||||
"Les capacités supportées par WeeChat sont : account-notify, away-notify, cap-notify, chghost, extended-join, invite-notify, multi-prefix, server-time, setname, userhost-in-names.\n"
|
||||
"Les capacités supportées par WeeChat sont : account-notify, away-notify, cap-"
|
||||
"notify, chghost, extended-join, invite-notify, multi-prefix, server-time, "
|
||||
"setname, userhost-in-names.\n"
|
||||
"\n"
|
||||
"Les capacités à activer automatiquement sur les serveurs peuvent être définies dans l'option irc.server_default.capabilities (ou par serveur dans l'option irc.server.xxx.capabilities).\n"
|
||||
"Les capacités à activer automatiquement sur les serveurs peuvent être "
|
||||
"définies dans l'option irc.server_default.capabilities (ou par serveur dans "
|
||||
"l'option irc.server.xxx.capabilities).\n"
|
||||
"\n"
|
||||
"Exemples :\n"
|
||||
" /cap\n"
|
||||
@ -9705,9 +9710,7 @@ msgid ""
|
||||
"\"scram-sha-256\" for SCRAM authentication with SHA-256 digest algorithm, "
|
||||
"\"scram-sha-512\" for SCRAM authentication with SHA-512 digest algorithm, "
|
||||
"\"ecdsa-nist256p-challenge\" for key-based challenge authentication, "
|
||||
"\"external\" for authentication using client side SSL cert, \"dh-blowfish\" "
|
||||
"for blowfish crypted password (insecure, not recommended), \"dh-aes\" for "
|
||||
"AES crypted password (insecure, not recommended)"
|
||||
"\"external\" for authentication using client side SSL certificate"
|
||||
msgstr ""
|
||||
"mécanisme pour l'authentification SASL : \"plain\" pour un mot de passe en "
|
||||
"clair, \"scram-sha-1\" pour une authentification SCRAM avec algorithme de "
|
||||
@ -9715,9 +9718,7 @@ msgstr ""
|
||||
"algorithme de hachage SHA-256, \"scram-sha-512\" pour une authentification "
|
||||
"SCRAM avec algorithme de hachage SHA-512, \"ecdsa-nist256p-challenge\" pour "
|
||||
"une authentification par challenge avec clé, \"external\" pour une "
|
||||
"authentification en utilisant un certificat SSL côté client, \"dh-blowfish\" "
|
||||
"pour un mot de passe chiffré avec blowfish (non sûr, non recommandé), \"dh-"
|
||||
"aes\" pour un mot de passe chiffré avec AES (non sûr, non recommandé)"
|
||||
"authentification en utilisant un certificat SSL côté client"
|
||||
|
||||
msgid ""
|
||||
"username for SASL authentication; this option is not used for mechanism "
|
||||
|
||||
6
po/hu.po
6
po/hu.po
@ -20,7 +20,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: WeeChat\n"
|
||||
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
|
||||
"POT-Creation-Date: 2021-06-15 18:50+0200\n"
|
||||
"POT-Creation-Date: 2021-06-15 20:40+0200\n"
|
||||
"PO-Revision-Date: 2021-05-25 18:28+0200\n"
|
||||
"Last-Translator: Andras Voroskoi <voroskoi@frugalware.org>\n"
|
||||
"Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
|
||||
@ -7639,9 +7639,7 @@ msgid ""
|
||||
"\"scram-sha-256\" for SCRAM authentication with SHA-256 digest algorithm, "
|
||||
"\"scram-sha-512\" for SCRAM authentication with SHA-512 digest algorithm, "
|
||||
"\"ecdsa-nist256p-challenge\" for key-based challenge authentication, "
|
||||
"\"external\" for authentication using client side SSL cert, \"dh-blowfish\" "
|
||||
"for blowfish crypted password (insecure, not recommended), \"dh-aes\" for "
|
||||
"AES crypted password (insecure, not recommended)"
|
||||
"\"external\" for authentication using client side SSL certificate"
|
||||
msgstr ""
|
||||
|
||||
#, fuzzy
|
||||
|
||||
6
po/it.po
6
po/it.po
@ -20,7 +20,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: WeeChat\n"
|
||||
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
|
||||
"POT-Creation-Date: 2021-06-15 18:50+0200\n"
|
||||
"POT-Creation-Date: 2021-06-15 20:40+0200\n"
|
||||
"PO-Revision-Date: 2021-05-25 18:28+0200\n"
|
||||
"Last-Translator: Esteban I. Ruiz Moreno <exio4.com@gmail.com>\n"
|
||||
"Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
|
||||
@ -8416,9 +8416,7 @@ msgid ""
|
||||
"\"scram-sha-256\" for SCRAM authentication with SHA-256 digest algorithm, "
|
||||
"\"scram-sha-512\" for SCRAM authentication with SHA-512 digest algorithm, "
|
||||
"\"ecdsa-nist256p-challenge\" for key-based challenge authentication, "
|
||||
"\"external\" for authentication using client side SSL cert, \"dh-blowfish\" "
|
||||
"for blowfish crypted password (insecure, not recommended), \"dh-aes\" for "
|
||||
"AES crypted password (insecure, not recommended)"
|
||||
"\"external\" for authentication using client side SSL certificate"
|
||||
msgstr ""
|
||||
"meccanismo per l'autenticazione SASL: \"plain\" per le password in chiaro, "
|
||||
"\"dh-blowfish\" per le password cifrate in blowfish, \"dh-aes\" per le "
|
||||
|
||||
6
po/ja.po
6
po/ja.po
@ -20,7 +20,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: WeeChat\n"
|
||||
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
|
||||
"POT-Creation-Date: 2021-06-15 18:50+0200\n"
|
||||
"POT-Creation-Date: 2021-06-15 20:40+0200\n"
|
||||
"PO-Revision-Date: 2021-05-25 18:28+0200\n"
|
||||
"Last-Translator: AYANOKOUZI, Ryuunosuke <i38w7i3@yahoo.co.jp>\n"
|
||||
"Language-Team: Japanese <https://github.com/l/weechat/tree/master/"
|
||||
@ -9251,9 +9251,7 @@ msgid ""
|
||||
"\"scram-sha-256\" for SCRAM authentication with SHA-256 digest algorithm, "
|
||||
"\"scram-sha-512\" for SCRAM authentication with SHA-512 digest algorithm, "
|
||||
"\"ecdsa-nist256p-challenge\" for key-based challenge authentication, "
|
||||
"\"external\" for authentication using client side SSL cert, \"dh-blowfish\" "
|
||||
"for blowfish crypted password (insecure, not recommended), \"dh-aes\" for "
|
||||
"AES crypted password (insecure, not recommended)"
|
||||
"\"external\" for authentication using client side SSL certificate"
|
||||
msgstr ""
|
||||
"SASL 認証メカニズム: \"plain\" は平文パスワード、\"ecdsa-nist256p-challenge"
|
||||
"\" は鍵を使ったチャレンジ認証、\"external\" はクライアント側の SSL 証明書を利"
|
||||
|
||||
16
po/pl.po
16
po/pl.po
@ -22,7 +22,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: WeeChat\n"
|
||||
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
|
||||
"POT-Creation-Date: 2021-06-15 18:50+0200\n"
|
||||
"POT-Creation-Date: 2021-06-15 20:40+0200\n"
|
||||
"PO-Revision-Date: 2021-06-13 14:40+0200\n"
|
||||
"Last-Translator: Krzysztof Korościk <soltys@soltys.info>\n"
|
||||
"Language-Team: Polish <kde-i18n-doc@kde.org>\n"
|
||||
@ -9487,15 +9487,23 @@ msgstr ""
|
||||
"są dostępne (zobacz /help cap żeby poznać listę opcji wspieranych przez "
|
||||
"WeeChat) (przykład: \"away-notify,multi-prefix\")"
|
||||
|
||||
#, fuzzy
|
||||
#| msgid ""
|
||||
#| "mechanism for SASL authentication: \"plain\" for plain text password, "
|
||||
#| "\"scram-sha-1\" for SCRAM authentication with SHA-1 digest algorithm, "
|
||||
#| "\"scram-sha-256\" for SCRAM authentication with SHA-256 digest algorithm, "
|
||||
#| "\"scram-sha-512\" for SCRAM authentication with SHA-512 digest algorithm, "
|
||||
#| "\"ecdsa-nist256p-challenge\" for key-based challenge authentication, "
|
||||
#| "\"external\" for authentication using client side SSL cert, \"dh-blowfish"
|
||||
#| "\" for blowfish crypted password (insecure, not recommended), \"dh-aes\" "
|
||||
#| "for AES crypted password (insecure, not recommended)"
|
||||
msgid ""
|
||||
"mechanism for SASL authentication: \"plain\" for plain text password, "
|
||||
"\"scram-sha-1\" for SCRAM authentication with SHA-1 digest algorithm, "
|
||||
"\"scram-sha-256\" for SCRAM authentication with SHA-256 digest algorithm, "
|
||||
"\"scram-sha-512\" for SCRAM authentication with SHA-512 digest algorithm, "
|
||||
"\"ecdsa-nist256p-challenge\" for key-based challenge authentication, "
|
||||
"\"external\" for authentication using client side SSL cert, \"dh-blowfish\" "
|
||||
"for blowfish crypted password (insecure, not recommended), \"dh-aes\" for "
|
||||
"AES crypted password (insecure, not recommended)"
|
||||
"\"external\" for authentication using client side SSL certificate"
|
||||
msgstr ""
|
||||
"mechanizm autentykacji SASL: \"plain\" dla hasła w czystym tekście, \"scram-"
|
||||
"sha-1\" dla uwierzytelnienia SCRAM za pomocą algorytmu SHA-1, \"scram-"
|
||||
|
||||
6
po/pt.po
6
po/pt.po
@ -20,7 +20,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: WeeChat\n"
|
||||
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
|
||||
"POT-Creation-Date: 2021-06-15 18:50+0200\n"
|
||||
"POT-Creation-Date: 2021-06-15 20:40+0200\n"
|
||||
"PO-Revision-Date: 2021-05-25 18:28+0200\n"
|
||||
"Last-Translator: Vasco Almeida <vascomalmeida@sapo.pt>\n"
|
||||
"Language-Team: Portuguese <>\n"
|
||||
@ -9038,9 +9038,7 @@ msgid ""
|
||||
"\"scram-sha-256\" for SCRAM authentication with SHA-256 digest algorithm, "
|
||||
"\"scram-sha-512\" for SCRAM authentication with SHA-512 digest algorithm, "
|
||||
"\"ecdsa-nist256p-challenge\" for key-based challenge authentication, "
|
||||
"\"external\" for authentication using client side SSL cert, \"dh-blowfish\" "
|
||||
"for blowfish crypted password (insecure, not recommended), \"dh-aes\" for "
|
||||
"AES crypted password (insecure, not recommended)"
|
||||
"\"external\" for authentication using client side SSL certificate"
|
||||
msgstr ""
|
||||
"mecanismo de autenticação SASL: \"plain\" para palavra-passe em texto "
|
||||
"simples, \"ecdsa-nist256p-challenge\" para autenticação por desafio com "
|
||||
|
||||
@ -21,7 +21,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: WeeChat\n"
|
||||
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
|
||||
"POT-Creation-Date: 2021-06-15 18:50+0200\n"
|
||||
"POT-Creation-Date: 2021-06-15 20:40+0200\n"
|
||||
"PO-Revision-Date: 2021-05-25 18:28+0200\n"
|
||||
"Last-Translator: Érico Nogueira <ericonr@disroot.org>\n"
|
||||
"Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
|
||||
@ -8081,9 +8081,7 @@ msgid ""
|
||||
"\"scram-sha-256\" for SCRAM authentication with SHA-256 digest algorithm, "
|
||||
"\"scram-sha-512\" for SCRAM authentication with SHA-512 digest algorithm, "
|
||||
"\"ecdsa-nist256p-challenge\" for key-based challenge authentication, "
|
||||
"\"external\" for authentication using client side SSL cert, \"dh-blowfish\" "
|
||||
"for blowfish crypted password (insecure, not recommended), \"dh-aes\" for "
|
||||
"AES crypted password (insecure, not recommended)"
|
||||
"\"external\" for authentication using client side SSL certificate"
|
||||
msgstr ""
|
||||
|
||||
#, fuzzy
|
||||
|
||||
6
po/ru.po
6
po/ru.po
@ -21,7 +21,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: WeeChat\n"
|
||||
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
|
||||
"POT-Creation-Date: 2021-06-15 18:50+0200\n"
|
||||
"POT-Creation-Date: 2021-06-15 20:40+0200\n"
|
||||
"PO-Revision-Date: 2021-05-25 18:28+0200\n"
|
||||
"Last-Translator: Aleksey V Zapparov AKA ixti <ixti@member.fsf.org>\n"
|
||||
"Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
|
||||
@ -7669,9 +7669,7 @@ msgid ""
|
||||
"\"scram-sha-256\" for SCRAM authentication with SHA-256 digest algorithm, "
|
||||
"\"scram-sha-512\" for SCRAM authentication with SHA-512 digest algorithm, "
|
||||
"\"ecdsa-nist256p-challenge\" for key-based challenge authentication, "
|
||||
"\"external\" for authentication using client side SSL cert, \"dh-blowfish\" "
|
||||
"for blowfish crypted password (insecure, not recommended), \"dh-aes\" for "
|
||||
"AES crypted password (insecure, not recommended)"
|
||||
"\"external\" for authentication using client side SSL certificate"
|
||||
msgstr ""
|
||||
|
||||
#, fuzzy
|
||||
|
||||
16
po/sr.po
16
po/sr.po
@ -20,7 +20,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: WeeChat\n"
|
||||
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
|
||||
"POT-Creation-Date: 2021-06-15 18:50+0200\n"
|
||||
"POT-Creation-Date: 2021-06-15 20:40+0200\n"
|
||||
"PO-Revision-Date: 2021-06-03 15:15+0400\n"
|
||||
"Last-Translator: Ivan Pešić <ivan.pesic@gmail.com>\n"
|
||||
"Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
|
||||
@ -9469,15 +9469,23 @@ msgstr ""
|
||||
"за листу могућности које подржава програм WeeChat) (пример: „away-notify,"
|
||||
"multi-prefix”)"
|
||||
|
||||
#, fuzzy
|
||||
#| msgid ""
|
||||
#| "mechanism for SASL authentication: \"plain\" for plain text password, "
|
||||
#| "\"scram-sha-1\" for SCRAM authentication with SHA-1 digest algorithm, "
|
||||
#| "\"scram-sha-256\" for SCRAM authentication with SHA-256 digest algorithm, "
|
||||
#| "\"scram-sha-512\" for SCRAM authentication with SHA-512 digest algorithm, "
|
||||
#| "\"ecdsa-nist256p-challenge\" for key-based challenge authentication, "
|
||||
#| "\"external\" for authentication using client side SSL cert, \"dh-blowfish"
|
||||
#| "\" for blowfish crypted password (insecure, not recommended), \"dh-aes\" "
|
||||
#| "for AES crypted password (insecure, not recommended)"
|
||||
msgid ""
|
||||
"mechanism for SASL authentication: \"plain\" for plain text password, "
|
||||
"\"scram-sha-1\" for SCRAM authentication with SHA-1 digest algorithm, "
|
||||
"\"scram-sha-256\" for SCRAM authentication with SHA-256 digest algorithm, "
|
||||
"\"scram-sha-512\" for SCRAM authentication with SHA-512 digest algorithm, "
|
||||
"\"ecdsa-nist256p-challenge\" for key-based challenge authentication, "
|
||||
"\"external\" for authentication using client side SSL cert, \"dh-blowfish\" "
|
||||
"for blowfish crypted password (insecure, not recommended), \"dh-aes\" for "
|
||||
"AES crypted password (insecure, not recommended)"
|
||||
"\"external\" for authentication using client side SSL certificate"
|
||||
msgstr ""
|
||||
"механизам SASL аутентификације: „plain” за просту текст лозинку, „scram-"
|
||||
"sha-1” за SCRAM аутентификацију са SHA-1 digest алгоритмом, „scram-sha-256” "
|
||||
|
||||
6
po/tr.po
6
po/tr.po
@ -20,7 +20,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: WeeChat\n"
|
||||
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
|
||||
"POT-Creation-Date: 2021-06-15 18:50+0200\n"
|
||||
"POT-Creation-Date: 2021-06-15 20:40+0200\n"
|
||||
"PO-Revision-Date: 2021-05-25 18:28+0200\n"
|
||||
"Last-Translator: Emir SARI <bitigchi@me.com>\n"
|
||||
"Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
|
||||
@ -7348,9 +7348,7 @@ msgid ""
|
||||
"\"scram-sha-256\" for SCRAM authentication with SHA-256 digest algorithm, "
|
||||
"\"scram-sha-512\" for SCRAM authentication with SHA-512 digest algorithm, "
|
||||
"\"ecdsa-nist256p-challenge\" for key-based challenge authentication, "
|
||||
"\"external\" for authentication using client side SSL cert, \"dh-blowfish\" "
|
||||
"for blowfish crypted password (insecure, not recommended), \"dh-aes\" for "
|
||||
"AES crypted password (insecure, not recommended)"
|
||||
"\"external\" for authentication using client side SSL certificate"
|
||||
msgstr ""
|
||||
|
||||
msgid ""
|
||||
|
||||
@ -21,7 +21,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: WeeChat\n"
|
||||
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
|
||||
"POT-Creation-Date: 2021-06-15 18:50+0200\n"
|
||||
"POT-Creation-Date: 2021-06-15 20:40+0200\n"
|
||||
"PO-Revision-Date: 2014-08-16 10:27+0200\n"
|
||||
"Last-Translator: Sébastien Helleu <flashcode@flashtux.org>\n"
|
||||
"Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
|
||||
@ -6822,9 +6822,7 @@ msgid ""
|
||||
"\"scram-sha-256\" for SCRAM authentication with SHA-256 digest algorithm, "
|
||||
"\"scram-sha-512\" for SCRAM authentication with SHA-512 digest algorithm, "
|
||||
"\"ecdsa-nist256p-challenge\" for key-based challenge authentication, "
|
||||
"\"external\" for authentication using client side SSL cert, \"dh-blowfish\" "
|
||||
"for blowfish crypted password (insecure, not recommended), \"dh-aes\" for "
|
||||
"AES crypted password (insecure, not recommended)"
|
||||
"\"external\" for authentication using client side SSL certificate"
|
||||
msgstr ""
|
||||
|
||||
msgid ""
|
||||
|
||||
@ -1868,13 +1868,9 @@ irc_config_server_new_option (struct t_config_file *config_file,
|
||||
"\"ecdsa-nist256p-challenge\" for key-based "
|
||||
"challenge authentication, "
|
||||
"\"external\" for authentication using client side SSL "
|
||||
"cert, "
|
||||
"\"dh-blowfish\" for blowfish crypted password "
|
||||
"(insecure, not recommended), "
|
||||
"\"dh-aes\" for AES crypted password "
|
||||
"(insecure, not recommended)"),
|
||||
"certificate"),
|
||||
"plain|scram-sha-1|scram-sha-256|scram-sha-512|"
|
||||
"ecdsa-nist256p-challenge|external|dh-blowfish|dh-aes",
|
||||
"ecdsa-nist256p-challenge|external",
|
||||
0, 0,
|
||||
default_value, value,
|
||||
null_value_allowed,
|
||||
|
||||
@ -502,14 +502,6 @@ IRC_PROTOCOL_CALLBACK(authenticate)
|
||||
case IRC_SASL_MECHANISM_EXTERNAL:
|
||||
answer = strdup ("+");
|
||||
break;
|
||||
case IRC_SASL_MECHANISM_DH_BLOWFISH:
|
||||
answer = irc_sasl_mechanism_dh_blowfish (
|
||||
argv[1], sasl_username, sasl_password, &sasl_error);
|
||||
break;
|
||||
case IRC_SASL_MECHANISM_DH_AES:
|
||||
answer = irc_sasl_mechanism_dh_aes (
|
||||
argv[1], sasl_username, sasl_password, &sasl_error);
|
||||
break;
|
||||
}
|
||||
if (answer)
|
||||
{
|
||||
|
||||
@ -43,7 +43,7 @@
|
||||
*/
|
||||
char *irc_sasl_mechanism_string[IRC_NUM_SASL_MECHANISMS] =
|
||||
{ "plain", "scram-sha-1", "scram-sha-256", "scram-sha-512",
|
||||
"ecdsa-nist256p-challenge", "external", "dh-blowfish", "dh-aes" };
|
||||
"ecdsa-nist256p-challenge", "external" };
|
||||
|
||||
|
||||
/*
|
||||
@ -711,385 +711,3 @@ irc_sasl_mechanism_ecdsa_nist256p_challenge (struct t_irc_server *server,
|
||||
return NULL;
|
||||
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x030015 */
|
||||
}
|
||||
|
||||
/*
|
||||
* Reads key sent by server (Diffie-Hellman key exchange).
|
||||
*
|
||||
* If an error occurs and if sasl_error is not NULL, *sasl_error is set to the
|
||||
* error and must be freed after use.
|
||||
*
|
||||
* Returns:
|
||||
* 1: OK
|
||||
* 0: error
|
||||
*/
|
||||
|
||||
int
|
||||
irc_sasl_dh (const char *data_base64,
|
||||
unsigned char **public_bin, unsigned char **secret_bin,
|
||||
int *length_key, char **sasl_error)
|
||||
{
|
||||
char *data;
|
||||
unsigned char *ptr_data;
|
||||
int length_data, size, num_bits_prime_number, rc;
|
||||
size_t num_written;
|
||||
gcry_mpi_t data_prime_number, data_generator_number, data_server_pub_key;
|
||||
gcry_mpi_t pub_key, priv_key, secret_mpi;
|
||||
|
||||
rc = 0;
|
||||
|
||||
data = NULL;
|
||||
data_prime_number = NULL;
|
||||
data_generator_number = NULL;
|
||||
data_server_pub_key = NULL;
|
||||
pub_key = NULL;
|
||||
priv_key = NULL;
|
||||
secret_mpi = NULL;
|
||||
|
||||
/* decode data */
|
||||
data = malloc (strlen (data_base64) + 1);
|
||||
if (!data)
|
||||
goto memory_error;
|
||||
length_data = weechat_string_base_decode (64, data_base64, data);
|
||||
ptr_data = (unsigned char *)data;
|
||||
|
||||
/* extract prime number */
|
||||
size = ntohs ((((unsigned int)ptr_data[1]) << 8) | ptr_data[0]);
|
||||
ptr_data += 2;
|
||||
length_data -= 2;
|
||||
if (size > length_data)
|
||||
goto crypto_error;
|
||||
data_prime_number = gcry_mpi_new (size * 8);
|
||||
gcry_mpi_scan (&data_prime_number, GCRYMPI_FMT_USG, ptr_data, size, NULL);
|
||||
num_bits_prime_number = gcry_mpi_get_nbits (data_prime_number);
|
||||
if (num_bits_prime_number == 0 || INT_MAX - 7 < num_bits_prime_number)
|
||||
goto crypto_error;
|
||||
ptr_data += size;
|
||||
length_data -= size;
|
||||
|
||||
/* extract generator number */
|
||||
size = ntohs ((((unsigned int)ptr_data[1]) << 8) | ptr_data[0]);
|
||||
ptr_data += 2;
|
||||
length_data -= 2;
|
||||
if (size > length_data)
|
||||
goto crypto_error;
|
||||
data_generator_number = gcry_mpi_new (size * 8);
|
||||
gcry_mpi_scan (&data_generator_number, GCRYMPI_FMT_USG, ptr_data, size, NULL);
|
||||
ptr_data += size;
|
||||
length_data -= size;
|
||||
|
||||
/* extract server-generated public key */
|
||||
size = ntohs ((((unsigned int)ptr_data[1]) << 8) | ptr_data[0]);
|
||||
ptr_data += 2;
|
||||
length_data -= 2;
|
||||
if (size > length_data)
|
||||
goto crypto_error;
|
||||
data_server_pub_key = gcry_mpi_new (size * 8);
|
||||
gcry_mpi_scan (&data_server_pub_key, GCRYMPI_FMT_USG, ptr_data, size, NULL);
|
||||
|
||||
/* generate keys */
|
||||
pub_key = gcry_mpi_new (num_bits_prime_number);
|
||||
priv_key = gcry_mpi_new (num_bits_prime_number);
|
||||
gcry_mpi_randomize (priv_key, num_bits_prime_number, GCRY_STRONG_RANDOM);
|
||||
/* pub_key = (g ^ priv_key) % p */
|
||||
gcry_mpi_powm (pub_key, data_generator_number, priv_key, data_prime_number);
|
||||
|
||||
/* compute secret_bin */
|
||||
*length_key = (num_bits_prime_number + 7) / 8;
|
||||
*secret_bin = malloc (*length_key);
|
||||
secret_mpi = gcry_mpi_new (num_bits_prime_number);
|
||||
/* secret_mpi = (y ^ priv_key) % p */
|
||||
gcry_mpi_powm (secret_mpi, data_server_pub_key, priv_key, data_prime_number);
|
||||
gcry_mpi_print (GCRYMPI_FMT_USG, *secret_bin, *length_key,
|
||||
&num_written, secret_mpi);
|
||||
|
||||
/* create public_bin */
|
||||
*public_bin = malloc (*length_key);
|
||||
gcry_mpi_print (GCRYMPI_FMT_USG, *public_bin, *length_key,
|
||||
&num_written, pub_key);
|
||||
rc = 1;
|
||||
|
||||
goto end;
|
||||
|
||||
memory_error:
|
||||
if (sasl_error)
|
||||
*sasl_error = strdup (_("memory error"));
|
||||
goto end;
|
||||
|
||||
crypto_error:
|
||||
if (sasl_error)
|
||||
*sasl_error = strdup (_("cryptography error"));
|
||||
goto end;
|
||||
|
||||
end:
|
||||
if (data)
|
||||
free (data);
|
||||
if (data_prime_number)
|
||||
gcry_mpi_release (data_prime_number);
|
||||
if (data_generator_number)
|
||||
gcry_mpi_release (data_generator_number);
|
||||
if (data_server_pub_key)
|
||||
gcry_mpi_release (data_server_pub_key);
|
||||
if (pub_key)
|
||||
gcry_mpi_release (pub_key);
|
||||
if (priv_key)
|
||||
gcry_mpi_release (priv_key);
|
||||
if (secret_mpi)
|
||||
gcry_mpi_release (secret_mpi);
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
/*
|
||||
* Builds answer for SASL authentication, using mechanism "DH-BLOWFISH".
|
||||
*
|
||||
* Argument data_base64 is a concatenation of 3 strings, each string is composed
|
||||
* of 2 bytes (length of string), followed by content of string:
|
||||
* 1. a prime number
|
||||
* 2. a generator number
|
||||
* 3. server-generated public key
|
||||
*
|
||||
* If an error occurs and if sasl_error is not NULL, *sasl_error is set to the
|
||||
* error and must be freed after use.
|
||||
*
|
||||
* Note: result must be freed after use.
|
||||
*/
|
||||
|
||||
char *
|
||||
irc_sasl_mechanism_dh_blowfish (const char *data_base64,
|
||||
const char *sasl_username,
|
||||
const char *sasl_password,
|
||||
char **sasl_error)
|
||||
{
|
||||
char *answer, *ptr_answer, *answer_base64;
|
||||
unsigned char *password_clear, *password_crypted;
|
||||
int length_key, length_username, length_password, length_answer;
|
||||
unsigned char *public_bin, *secret_bin;
|
||||
gcry_cipher_hd_t gcrypt_handle;
|
||||
|
||||
password_clear = NULL;
|
||||
password_crypted = NULL;
|
||||
answer = NULL;
|
||||
answer_base64 = NULL;
|
||||
secret_bin = NULL;
|
||||
public_bin = NULL;
|
||||
|
||||
if (!irc_sasl_dh (data_base64, &public_bin, &secret_bin, &length_key,
|
||||
sasl_error))
|
||||
{
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* create password buffers (clear and crypted) */
|
||||
length_password = strlen (sasl_password) +
|
||||
((8 - (strlen (sasl_password) % 8)) % 8);
|
||||
password_clear = calloc (1, length_password);
|
||||
password_crypted = calloc (1, length_password);
|
||||
memcpy (password_clear, sasl_password, strlen (sasl_password));
|
||||
|
||||
/* crypt password using blowfish */
|
||||
if (gcry_cipher_open (&gcrypt_handle, GCRY_CIPHER_BLOWFISH,
|
||||
GCRY_CIPHER_MODE_ECB, 0) != 0)
|
||||
goto crypto_error;
|
||||
if (gcry_cipher_setkey (gcrypt_handle, secret_bin, length_key) != 0)
|
||||
goto crypto_error;
|
||||
if (gcry_cipher_encrypt (gcrypt_handle,
|
||||
password_crypted, length_password,
|
||||
password_clear, length_password) != 0)
|
||||
goto crypto_error;
|
||||
|
||||
gcry_cipher_close (gcrypt_handle);
|
||||
|
||||
/*
|
||||
* build answer for server, it is concatenation of:
|
||||
* 1. key length (2 bytes)
|
||||
* 2. public key ('length_key' bytes)
|
||||
* 3. sasl_username ('length_username'+1 bytes)
|
||||
* 4. encrypted password ('length_password' bytes)
|
||||
*/
|
||||
length_username = strlen (sasl_username) + 1;
|
||||
length_answer = 2 + length_key + length_username + length_password;
|
||||
answer = malloc (length_answer);
|
||||
ptr_answer = answer;
|
||||
*((unsigned int *)ptr_answer) = htons (length_key);
|
||||
ptr_answer += 2;
|
||||
memcpy (ptr_answer, public_bin, length_key);
|
||||
ptr_answer += length_key;
|
||||
memcpy (ptr_answer, sasl_username, length_username);
|
||||
ptr_answer += length_username;
|
||||
memcpy (ptr_answer, password_crypted, length_password);
|
||||
|
||||
/* encode answer to base64 */
|
||||
answer_base64 = malloc ((length_answer + 1) * 4);
|
||||
if (answer_base64)
|
||||
{
|
||||
if (weechat_string_base_encode (64, answer, length_answer,
|
||||
answer_base64) < 0)
|
||||
{
|
||||
free (answer_base64);
|
||||
answer_base64 = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
goto end;
|
||||
|
||||
crypto_error:
|
||||
if (sasl_error)
|
||||
*sasl_error = strdup (_("cryptography error"));
|
||||
goto end;
|
||||
|
||||
end:
|
||||
if (secret_bin)
|
||||
free (secret_bin);
|
||||
if (public_bin)
|
||||
free (public_bin);
|
||||
if (password_clear)
|
||||
free (password_clear);
|
||||
if (password_crypted)
|
||||
free (password_crypted);
|
||||
if (answer)
|
||||
free (answer);
|
||||
|
||||
return answer_base64;
|
||||
}
|
||||
|
||||
/*
|
||||
* Builds answer for SASL authentication, using mechanism "DH-AES".
|
||||
*
|
||||
* Argument data_base64 is a concatenation of 3 strings, each string is composed
|
||||
* of 2 bytes (length of string), followed by content of string:
|
||||
* 1. a prime number
|
||||
* 2. a generator number
|
||||
* 3. server-generated public key
|
||||
*
|
||||
* If an error occurs and if sasl_error is not NULL, *sasl_error is set to the
|
||||
* error and must be freed after use.
|
||||
*
|
||||
* Note: result must be freed after use.
|
||||
*/
|
||||
|
||||
char *
|
||||
irc_sasl_mechanism_dh_aes (const char *data_base64,
|
||||
const char *sasl_username,
|
||||
const char *sasl_password,
|
||||
char **sasl_error)
|
||||
{
|
||||
char *answer, *ptr_answer, *answer_base64;
|
||||
unsigned char *ptr_userpass, *userpass_clear, *userpass_crypted;
|
||||
int length_key, length_answer;
|
||||
int length_username, length_password, length_userpass;
|
||||
unsigned char *public_bin, *secret_bin;
|
||||
char iv[16];
|
||||
int cipher_algo;
|
||||
gcry_cipher_hd_t gcrypt_handle;
|
||||
|
||||
userpass_clear = NULL;
|
||||
userpass_crypted = NULL;
|
||||
answer = NULL;
|
||||
answer_base64 = NULL;
|
||||
secret_bin = NULL;
|
||||
public_bin = NULL;
|
||||
|
||||
if (!irc_sasl_dh (data_base64, &public_bin, &secret_bin, &length_key,
|
||||
sasl_error))
|
||||
{
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* Select cipher algorithm: key length * 8 = cipher bit size */
|
||||
switch (length_key)
|
||||
{
|
||||
case 32:
|
||||
cipher_algo = GCRY_CIPHER_AES256;
|
||||
break;
|
||||
case 24:
|
||||
cipher_algo = GCRY_CIPHER_AES192;
|
||||
break;
|
||||
case 16:
|
||||
cipher_algo = GCRY_CIPHER_AES128;
|
||||
break;
|
||||
default:
|
||||
/* Invalid bit length */
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* Generate the IV */
|
||||
gcry_randomize (iv, sizeof (iv), GCRY_STRONG_RANDOM);
|
||||
|
||||
/* create user/pass buffers (clear and crypted) */
|
||||
length_username = strlen (sasl_username) + 1;
|
||||
length_password = strlen (sasl_password) + 1;
|
||||
length_userpass = length_username + length_password +
|
||||
((16 - ((length_username + length_password) % 16)) % 16);
|
||||
userpass_clear = calloc (1, length_userpass);
|
||||
ptr_userpass = userpass_clear;
|
||||
userpass_crypted = calloc (1, length_userpass);
|
||||
memcpy (ptr_userpass, sasl_username, length_username);
|
||||
ptr_userpass += length_username;
|
||||
memcpy (ptr_userpass, sasl_password, length_password);
|
||||
|
||||
/* crypt password using AES in CBC mode */
|
||||
if (gcry_cipher_open (&gcrypt_handle, cipher_algo,
|
||||
GCRY_CIPHER_MODE_CBC, 0) != 0)
|
||||
goto crypto_error;
|
||||
if (gcry_cipher_setkey (gcrypt_handle, secret_bin, length_key) != 0)
|
||||
goto crypto_error;
|
||||
if (gcry_cipher_setiv (gcrypt_handle, iv, sizeof (iv)) != 0)
|
||||
goto crypto_error;
|
||||
if (gcry_cipher_encrypt (gcrypt_handle,
|
||||
userpass_crypted, length_userpass,
|
||||
userpass_clear, length_userpass) != 0)
|
||||
goto crypto_error;
|
||||
|
||||
gcry_cipher_close (gcrypt_handle);
|
||||
|
||||
/*
|
||||
* build answer for server, it is concatenation of:
|
||||
* 1. key length (2 bytes)
|
||||
* 2. public key ('length_key' bytes)
|
||||
* 3. IV (sizeof (iv) bytes)
|
||||
* 4. encrypted password ('length_userpass' bytes)
|
||||
*/
|
||||
length_answer = 2 + length_key + sizeof (iv) + length_userpass;
|
||||
answer = malloc (length_answer);
|
||||
ptr_answer = answer;
|
||||
*((unsigned int *)ptr_answer) = htons (length_key);
|
||||
ptr_answer += 2;
|
||||
memcpy (ptr_answer, public_bin, length_key);
|
||||
ptr_answer += length_key;
|
||||
memcpy (ptr_answer, iv, sizeof (iv));
|
||||
ptr_answer += sizeof (iv);
|
||||
memcpy (ptr_answer, userpass_crypted, length_userpass);
|
||||
|
||||
/* encode answer to base64 */
|
||||
answer_base64 = malloc ((length_answer + 1) * 4);
|
||||
if (answer_base64)
|
||||
{
|
||||
if (weechat_string_base_encode (64, answer, length_answer,
|
||||
answer_base64) < 0)
|
||||
{
|
||||
free (answer_base64);
|
||||
answer_base64 = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
goto end;
|
||||
|
||||
crypto_error:
|
||||
if (sasl_error)
|
||||
*sasl_error = strdup (_("cryptography error"));
|
||||
goto end;
|
||||
|
||||
end:
|
||||
if (secret_bin)
|
||||
free (secret_bin);
|
||||
if (public_bin)
|
||||
free (public_bin);
|
||||
if (userpass_clear)
|
||||
free (userpass_clear);
|
||||
if (userpass_crypted)
|
||||
free (userpass_crypted);
|
||||
if (answer)
|
||||
free (answer);
|
||||
|
||||
return answer_base64;
|
||||
}
|
||||
|
||||
@ -35,8 +35,6 @@ enum t_irc_sasl_mechanism
|
||||
IRC_SASL_MECHANISM_SCRAM_SHA_512,
|
||||
IRC_SASL_MECHANISM_ECDSA_NIST256P_CHALLENGE,
|
||||
IRC_SASL_MECHANISM_EXTERNAL,
|
||||
IRC_SASL_MECHANISM_DH_BLOWFISH,
|
||||
IRC_SASL_MECHANISM_DH_AES,
|
||||
/* number of SASL mechanisms */
|
||||
IRC_NUM_SASL_MECHANISMS,
|
||||
};
|
||||
@ -56,13 +54,5 @@ extern char *irc_sasl_mechanism_ecdsa_nist256p_challenge (struct t_irc_server *s
|
||||
const char *sasl_username,
|
||||
const char *sasl_key,
|
||||
char **sasl_error);
|
||||
extern char *irc_sasl_mechanism_dh_blowfish (const char *data_base64,
|
||||
const char *sasl_username,
|
||||
const char *sasl_password,
|
||||
char **sasl_error);
|
||||
extern char *irc_sasl_mechanism_dh_aes (const char *data_base64,
|
||||
const char *sasl_username,
|
||||
const char *sasl_password,
|
||||
char **sasl_error);
|
||||
|
||||
#endif /* WEECHAT_PLUGIN_IRC_SASL_H */
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user