1
0
mirror of https://github.com/weechat/weechat.git synced 2026-07-03 16:23:14 +02:00

relay: rename configuration options and keywords in handshake command (weechat protocol)

Configuration options renamed:

* relay.network.auth_password -> relay.network.password_hash_algo
* relay.network.hash_iterations -> relay.network.password_hash_iterations

Handshake command options renamed:

* password -> password_hash_algo

Handshake reply keys renamed:

* auth_password -> password_hash_algo
* hash_iterations -> password_hash_iterations
This commit is contained in:
Sébastien Helleu
2020-04-17 23:27:26 +02:00
parent 86a941e28e
commit 95c908e83c
11 changed files with 150 additions and 151 deletions
+20 -20
View File
@@ -37,29 +37,29 @@
* during negotiation with the client, the highest value in this list matching
* the client supported values is used
*/
char *relay_auth_password_name[] =
char *relay_auth_password_hash_algo_name[] =
{ "plain", "sha256", "sha512", "pbkdf2+sha256", "pbkdf2+sha512" };
/*
* Searches for a password authentication.
* Searches for a password hash algorithm.
*
* Returns index in enum t_relay_auth_password,
* -1 if password authentication is not found.
* Returns index in enum t_relay_auth_password_hash_algo,
* -1 if password hash algorithm is not found.
*/
int
relay_auth_password_search (const char *name)
relay_auth_password_hash_algo_search (const char *name)
{
int i;
for (i = 0; i < RELAY_NUM_PASSWORD_AUTHS; i++)
for (i = 0; i < RELAY_NUM_PASSWORD_HASH_ALGOS; i++)
{
if (strcmp (relay_auth_password_name[i], name) == 0)
if (strcmp (relay_auth_password_hash_algo_name[i], name) == 0)
return i;
}
/* authentication password type found */
/* password hash algorithm not found */
return -1;
}
@@ -126,7 +126,7 @@ int
relay_auth_password (struct t_relay_client *client,
const char *password, const char *relay_password)
{
if (client->auth_password != RELAY_AUTH_PASSWORD_PLAIN)
if (client->password_hash_algo != RELAY_AUTH_PASSWORD_HASH_PLAIN)
return 0;
return relay_auth_check_password_plain (password, relay_password);
@@ -376,14 +376,14 @@ relay_auth_password_hash (struct t_relay_client *client,
const char *pos_hash;
char *str_hash_algo;
char *hash_pbkdf2_algo, *salt_hexa, *salt, *hash_sha, *hash_pbkdf2;
int rc, auth_password, salt_size, iterations;
int rc, hash_algo, salt_size, iterations;
rc = 0;
str_hash_algo = NULL;
/* no authentication supported at all? */
if (client->auth_password < 0)
if (client->password_hash_algo < 0)
goto end;
if (!hashed_password || !relay_password)
@@ -400,15 +400,15 @@ relay_auth_password_hash (struct t_relay_client *client,
pos_hash++;
auth_password = relay_auth_password_search (str_hash_algo);
hash_algo = relay_auth_password_hash_algo_search (str_hash_algo);
if (auth_password != client->auth_password)
if (hash_algo != client->password_hash_algo)
goto end;
switch (auth_password)
switch (hash_algo)
{
case RELAY_AUTH_PASSWORD_SHA256:
case RELAY_AUTH_PASSWORD_SHA512:
case RELAY_AUTH_PASSWORD_HASH_SHA256:
case RELAY_AUTH_PASSWORD_HASH_SHA512:
relay_auth_parse_sha (pos_hash, &salt_hexa, &salt, &salt_size,
&hash_sha);
if (relay_auth_check_salt (client, salt_hexa)
@@ -424,12 +424,12 @@ relay_auth_password_hash (struct t_relay_client *client,
if (hash_sha)
free (hash_sha);
break;
case RELAY_AUTH_PASSWORD_PBKDF2_SHA256:
case RELAY_AUTH_PASSWORD_PBKDF2_SHA512:
case RELAY_AUTH_PASSWORD_HASH_PBKDF2_SHA256:
case RELAY_AUTH_PASSWORD_HASH_PBKDF2_SHA512:
hash_pbkdf2_algo = strdup (str_hash_algo + 7);
relay_auth_parse_pbkdf2 (pos_hash, &salt_hexa, &salt, &salt_size,
&iterations, &hash_pbkdf2);
if ((iterations == client->hash_iterations)
if ((iterations == client->password_hash_iterations)
&& relay_auth_check_salt (client, salt_hexa)
&& relay_auth_check_hash_pbkdf2 (hash_pbkdf2_algo, salt,
salt_size, iterations,
@@ -446,7 +446,7 @@ relay_auth_password_hash (struct t_relay_client *client,
if (hash_pbkdf2)
free (hash_pbkdf2);
break;
case RELAY_NUM_PASSWORD_AUTHS:
case RELAY_NUM_PASSWORD_HASH_ALGOS:
break;
}
+10 -10
View File
@@ -22,20 +22,20 @@
struct t_relay_client;
enum t_relay_auth_password
enum t_relay_auth_password_hash_algo
{
RELAY_AUTH_PASSWORD_PLAIN = 0,
RELAY_AUTH_PASSWORD_SHA256,
RELAY_AUTH_PASSWORD_SHA512,
RELAY_AUTH_PASSWORD_PBKDF2_SHA256,
RELAY_AUTH_PASSWORD_PBKDF2_SHA512,
/* number of password auths */
RELAY_NUM_PASSWORD_AUTHS,
RELAY_AUTH_PASSWORD_HASH_PLAIN = 0,
RELAY_AUTH_PASSWORD_HASH_SHA256,
RELAY_AUTH_PASSWORD_HASH_SHA512,
RELAY_AUTH_PASSWORD_HASH_PBKDF2_SHA256,
RELAY_AUTH_PASSWORD_HASH_PBKDF2_SHA512,
/* number of password hash algos */
RELAY_NUM_PASSWORD_HASH_ALGOS,
};
extern char *relay_auth_password_name[];
extern char *relay_auth_password_hash_algo_name[];
extern int relay_auth_password_search (const char *name);
extern int relay_auth_password_hash_algo_search (const char *name);
extern char *relay_auth_generate_nonce ();
extern int relay_auth_check_password_plain (const char *password,
const char *relay_password);
+21 -21
View File
@@ -1298,12 +1298,12 @@ relay_client_new (int sock, const char *address, struct t_relay_server *server)
new_client->protocol_string = (server->protocol_string) ? strdup (server->protocol_string) : NULL;
new_client->protocol_args = (server->protocol_args) ? strdup (server->protocol_args) : NULL;
plain_text_password = weechat_string_match_list (
relay_auth_password_name[0],
(const char **)relay_config_network_auth_password_list,
relay_auth_password_hash_algo_name[0],
(const char **)relay_config_network_password_hash_algo_list,
1);
new_client->auth_password = (plain_text_password) ? 0 : -1;
new_client->hash_iterations = weechat_config_integer (
relay_config_network_hash_iterations);
new_client->password_hash_algo = (plain_text_password) ? 0 : -1;
new_client->password_hash_iterations = weechat_config_integer (
relay_config_network_password_hash_iterations);
new_client->nonce = relay_auth_generate_nonce ();
new_client->listen_start_time = server->start_time;
new_client->start_time = time (NULL);
@@ -1506,17 +1506,17 @@ relay_client_new_with_infolist (struct t_infolist *infolist)
new_client->protocol_string = (str) ? strdup (str) : NULL;
str = weechat_infolist_string (infolist, "protocol_args");
new_client->protocol_args = (str) ? strdup (str) : NULL;
/* "auth_password" is new in WeeChat 2.9 */
if (weechat_infolist_search_var (infolist, "auth_password"))
new_client->auth_password = weechat_infolist_integer (infolist, "auth_password");
/* "password_hash_algo" is new in WeeChat 2.9 */
if (weechat_infolist_search_var (infolist, "password_hash_algo"))
new_client->password_hash_algo = weechat_infolist_integer (infolist, "password_hash_algo");
else
new_client->auth_password = RELAY_AUTH_PASSWORD_PLAIN;
/* "hash_iterations" is new in WeeChat 2.9 */
if (weechat_infolist_search_var (infolist, "hash_iterations"))
new_client->hash_iterations = weechat_infolist_integer (infolist, "hash_iterations");
new_client->password_hash_algo = RELAY_AUTH_PASSWORD_HASH_PLAIN;
/* "password_hash_iterations" is new in WeeChat 2.9 */
if (weechat_infolist_search_var (infolist, "password_hash_iterations"))
new_client->password_hash_iterations = weechat_infolist_integer (infolist, "password_hash_iterations");
else
new_client->hash_iterations = weechat_config_integer (
relay_config_network_hash_iterations);
new_client->password_hash_iterations = weechat_config_integer (
relay_config_network_password_hash_iterations);
/* "nonce" is new in WeeChat 2.9 */
if (weechat_infolist_search_var (infolist, "nonce"))
new_client->nonce = strdup (weechat_infolist_string (infolist, "nonce"));
@@ -1857,9 +1857,9 @@ relay_client_add_to_infolist (struct t_infolist *infolist,
return 0;
if (!weechat_infolist_new_var_string (ptr_item, "protocol_args", client->protocol_args))
return 0;
if (!weechat_infolist_new_var_integer (ptr_item, "auth_password", client->auth_password))
if (!weechat_infolist_new_var_integer (ptr_item, "password_hash_algo", client->password_hash_algo))
return 0;
if (!weechat_infolist_new_var_integer (ptr_item, "hash_iterations", client->hash_iterations))
if (!weechat_infolist_new_var_integer (ptr_item, "password_hash_iterations", client->password_hash_iterations))
return 0;
if (!weechat_infolist_new_var_string (ptr_item, "nonce", client->nonce))
return 0;
@@ -1939,11 +1939,11 @@ relay_client_print_log ()
relay_protocol_string[ptr_client->protocol]);
weechat_log_printf (" protocol_string . . . : '%s'", ptr_client->protocol_string);
weechat_log_printf (" protocol_args . . . . : '%s'", ptr_client->protocol_args);
weechat_log_printf (" auth_password . . . . : %d (%s)",
ptr_client->auth_password,
(ptr_client->auth_password >= 0) ?
relay_auth_password_name[ptr_client->auth_password] : "");
weechat_log_printf (" hash_iterations . . . : %d", ptr_client->hash_iterations);
weechat_log_printf (" password_hash_algo. . : %d (%s)",
ptr_client->password_hash_algo,
(ptr_client->password_hash_algo >= 0) ?
relay_auth_password_hash_algo_name[ptr_client->password_hash_algo] : "");
weechat_log_printf (" password_hash_iterations: %d", ptr_client->password_hash_iterations);
weechat_log_printf (" nonce . . . . . . . . : '%s'", ptr_client->nonce);
weechat_log_printf (" listen_start_time . . : %lld", (long long)ptr_client->listen_start_time);
weechat_log_printf (" start_time. . . . . . : %lld", (long long)ptr_client->start_time);
+2 -2
View File
@@ -106,8 +106,8 @@ struct t_relay_client
char *protocol_string; /* example: "ipv6.ssl.irc.freenode" */
char *protocol_args; /* arguments used for protocol */
/* example: server for irc protocol */
int auth_password; /* password auth (negotiated/client) */
int hash_iterations; /* hash iterations */
int password_hash_algo; /* password hash algo (negotiated) */
int password_hash_iterations; /* password hash iterations */
char *nonce; /* nonce used in salt of hashed pwd */
time_t listen_start_time; /* when listening started */
time_t start_time; /* time of client connection */
+40 -39
View File
@@ -60,16 +60,16 @@ struct t_config_option *relay_config_color_text_selected;
struct t_config_option *relay_config_network_allow_empty_password;
struct t_config_option *relay_config_network_allowed_ips;
struct t_config_option *relay_config_network_auth_password;
struct t_config_option *relay_config_network_auth_timeout;
struct t_config_option *relay_config_network_bind_address;
struct t_config_option *relay_config_network_clients_purge_delay;
struct t_config_option *relay_config_network_compression_level;
struct t_config_option *relay_config_network_hash_iterations;
struct t_config_option *relay_config_network_ipv6;
struct t_config_option *relay_config_network_max_clients;
struct t_config_option *relay_config_network_nonce_size;
struct t_config_option *relay_config_network_password;
struct t_config_option *relay_config_network_password_hash_algo;
struct t_config_option *relay_config_network_password_hash_iterations;
struct t_config_option *relay_config_network_ssl_cert_key;
struct t_config_option *relay_config_network_ssl_priorities;
struct t_config_option *relay_config_network_totp_secret;
@@ -94,7 +94,7 @@ struct t_config_option *relay_config_weechat_commands;
regex_t *relay_config_regex_allowed_ips = NULL;
regex_t *relay_config_regex_websocket_allowed_origins = NULL;
struct t_hashtable *relay_config_hashtable_irc_backlog_tags = NULL;
char **relay_config_network_auth_password_list = NULL;
char **relay_config_network_password_hash_algo_list = NULL;
/*
@@ -154,26 +154,27 @@ relay_config_change_network_allowed_ips (const void *pointer, void *data,
}
/*
* Callback for changes on option "relay.network.auth_password".
* Callback for changes on option "relay.network.password_hash_algo".
*/
void
relay_config_change_network_auth_password (const void *pointer, void *data,
struct t_config_option *option)
relay_config_change_network_password_hash_algo (const void *pointer,
void *data,
struct t_config_option *option)
{
/* make C compiler happy */
(void) pointer;
(void) data;
(void) option;
if (relay_config_network_auth_password_list)
if (relay_config_network_password_hash_algo_list)
{
weechat_string_free_split (relay_config_network_auth_password_list);
relay_config_network_auth_password_list = NULL;
weechat_string_free_split (relay_config_network_password_hash_algo_list);
relay_config_network_password_hash_algo_list = NULL;
}
relay_config_network_auth_password_list = weechat_string_split (
weechat_config_string (relay_config_network_auth_password),
relay_config_network_password_hash_algo_list = weechat_string_split (
weechat_config_string (relay_config_network_password_hash_algo),
",",
NULL,
WEECHAT_STRING_SPLIT_STRIP_LEFT
@@ -1066,20 +1067,6 @@ relay_config_init ()
NULL, NULL, NULL,
&relay_config_change_network_allowed_ips, NULL, NULL,
NULL, NULL, NULL);
relay_config_network_auth_password = weechat_config_new_option (
relay_config_file, ptr_section,
"auth_password", "string",
N_("comma separated list of hash algorithms used for password "
"authentication in weechat protocol, among these values: \"plain\" "
"(password in plain text, not hashed), \"sha256\", \"sha512\", "
"\"pbkdf2+sha256\", \"pbkdf2+sha512\"), \"*\" means all algorithms, "
"a name beginning with \"!\" is a negative value to prevent an "
"algorithm from being used, wildcard \"*\" is allowed in names "
"(examples: \"*\", \"pbkdf2*\", \"*,!plain\")"),
NULL, 0, 0, "*", NULL, 0,
NULL, NULL, NULL,
&relay_config_change_network_auth_password, NULL, NULL,
NULL, NULL, NULL);
relay_config_network_auth_timeout = weechat_config_new_option (
relay_config_file, ptr_section,
"auth_timeout", "integer",
@@ -1114,16 +1101,6 @@ relay_config_init ()
"compression)"),
NULL, 0, 9, "6", NULL, 0,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
relay_config_network_hash_iterations = weechat_config_new_option (
relay_config_file, ptr_section,
"hash_iterations", "integer",
N_("number of iterations asked to the client in weechat protocol "
"when a hashed password with algorithm PBKDF2 is used for "
"authentication; more iterations is better in term of security but "
"is slower to compute; this number should not be too high if your "
"CPU is slow"),
NULL, 1, 1000000, "100000", NULL, 0,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
relay_config_network_ipv6 = weechat_config_new_option (
relay_config_file, ptr_section,
"ipv6", "boolean",
@@ -1158,6 +1135,30 @@ relay_config_init ()
"see /help eval)"),
NULL, 0, 0, "", NULL, 0,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
relay_config_network_password_hash_algo = weechat_config_new_option (
relay_config_file, ptr_section,
"password_hash_algo", "string",
N_("comma separated list of hash algorithms used for password "
"authentication in weechat protocol, among these values: \"plain\" "
"(password in plain text, not hashed), \"sha256\", \"sha512\", "
"\"pbkdf2+sha256\", \"pbkdf2+sha512\"), \"*\" means all algorithms, "
"a name beginning with \"!\" is a negative value to prevent an "
"algorithm from being used, wildcard \"*\" is allowed in names "
"(examples: \"*\", \"pbkdf2*\", \"*,!plain\")"),
NULL, 0, 0, "*", NULL, 0,
NULL, NULL, NULL,
&relay_config_change_network_password_hash_algo, NULL, NULL,
NULL, NULL, NULL);
relay_config_network_password_hash_iterations = weechat_config_new_option (
relay_config_file, ptr_section,
"password_hash_iterations", "integer",
N_("number of iterations asked to the client in weechat protocol "
"when a hashed password with algorithm PBKDF2 is used for "
"authentication; more iterations is better in term of security but "
"is slower to compute; this number should not be too high if your "
"CPU is slow"),
NULL, 1, 1000000, "100000", NULL, 0,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
relay_config_network_ssl_cert_key = weechat_config_new_option (
relay_config_file, ptr_section,
"ssl_cert_key", "string",
@@ -1361,7 +1362,7 @@ relay_config_read ()
if (rc == WEECHAT_CONFIG_READ_OK)
{
relay_config_change_network_allowed_ips (NULL, NULL, NULL);
relay_config_change_network_auth_password (NULL, NULL, NULL);
relay_config_change_network_password_hash_algo (NULL, NULL, NULL);
relay_config_change_irc_backlog_tags (NULL, NULL, NULL);
}
return rc;
@@ -1406,9 +1407,9 @@ relay_config_free ()
relay_config_hashtable_irc_backlog_tags = NULL;
}
if (relay_config_network_auth_password_list)
if (relay_config_network_password_hash_algo_list)
{
weechat_string_free_split (relay_config_network_auth_password_list);
relay_config_network_auth_password_list = NULL;
weechat_string_free_split (relay_config_network_password_hash_algo_list);
relay_config_network_password_hash_algo_list = NULL;
}
}
+3 -3
View File
@@ -39,16 +39,16 @@ extern struct t_config_option *relay_config_color_text_selected;
extern struct t_config_option *relay_config_network_allow_empty_password;
extern struct t_config_option *relay_config_network_allowed_ips;
extern struct t_config_option *relay_config_network_auth_password;
extern struct t_config_option *relay_config_network_auth_timeout;
extern struct t_config_option *relay_config_network_bind_address;
extern struct t_config_option *relay_config_network_clients_purge_delay;
extern struct t_config_option *relay_config_network_compression_level;
extern struct t_config_option *relay_config_network_hash_iterations;
extern struct t_config_option *relay_config_network_ipv6;
extern struct t_config_option *relay_config_network_max_clients;
extern struct t_config_option *relay_config_network_nonce_size;
extern struct t_config_option *relay_config_network_password;
extern struct t_config_option *relay_config_network_password_hash_algo;
extern struct t_config_option *relay_config_network_password_hash_iterations;
extern struct t_config_option *relay_config_network_ssl_cert_key;
extern struct t_config_option *relay_config_network_ssl_priorities;
extern struct t_config_option *relay_config_network_totp_secret;
@@ -67,7 +67,7 @@ extern struct t_config_option *relay_config_weechat_commands;
extern regex_t *relay_config_regex_allowed_ips;
extern regex_t *relay_config_regex_websocket_allowed_origins;
extern struct t_hashtable *relay_config_hashtable_irc_backlog_tags;
extern char **relay_config_network_auth_password_list;
extern char **relay_config_network_password_hash_algo_list;
extern int relay_config_check_network_totp_secret (const void *pointer,
void *data,
@@ -183,13 +183,13 @@ relay_weechat_protocol_handshake_reply (struct t_relay_client *client,
{
weechat_hashtable_set (
hashtable,
"auth_password",
(client->auth_password >= 0) ?
relay_auth_password_name[client->auth_password] : "");
snprintf (string, sizeof (string), "%d", client->hash_iterations);
"password_hash_algo",
(client->password_hash_algo >= 0) ?
relay_auth_password_hash_algo_name[client->password_hash_algo] : "");
snprintf (string, sizeof (string), "%d", client->password_hash_iterations);
weechat_hashtable_set (
hashtable,
"hash_iterations",
"password_hash_iterations",
string);
weechat_hashtable_set (
hashtable,
@@ -226,7 +226,7 @@ relay_weechat_protocol_handshake_reply (struct t_relay_client *client,
RELAY_WEECHAT_PROTOCOL_CALLBACK(handshake)
{
char **options, **auths, *pos;
int i, j, index_auth, auth_found, auth_allowed, compression;
int i, j, index_hash_algo, hash_algo_found, auth_allowed, compression;
int password_received, plain_text_password;
RELAY_WEECHAT_PROTOCOL_MIN_ARGS(0);
@@ -234,7 +234,7 @@ RELAY_WEECHAT_PROTOCOL_CALLBACK(handshake)
if (client->status != RELAY_STATUS_WAITING_AUTH)
return WEECHAT_RC_OK;
auth_found = -1;
hash_algo_found = -1;
password_received = 0;
options = (argc > 0) ?
@@ -248,7 +248,7 @@ RELAY_WEECHAT_PROTOCOL_CALLBACK(handshake)
{
pos[0] = '\0';
pos++;
if (strcmp (options[i], "password") == 0)
if (strcmp (options[i], "password_hash_algo") == 0)
{
password_received = 1;
auths = weechat_string_split (
@@ -264,16 +264,16 @@ RELAY_WEECHAT_PROTOCOL_CALLBACK(handshake)
{
for (j = 0; auths[j]; j++)
{
index_auth = relay_auth_password_search (
index_hash_algo = relay_auth_password_hash_algo_search (
auths[j]);
if ((index_auth >= 0) && (index_auth > auth_found))
if ((index_hash_algo >= 0) && (index_hash_algo > hash_algo_found))
{
auth_allowed = weechat_string_match_list (
relay_auth_password_name[index_auth],
(const char **)relay_config_network_auth_password_list,
relay_auth_password_hash_algo_name[index_hash_algo],
(const char **)relay_config_network_password_hash_algo_list,
1);
if (auth_allowed)
auth_found = index_auth;
hash_algo_found = index_hash_algo;
}
}
weechat_string_free_split (auths);
@@ -293,14 +293,14 @@ RELAY_WEECHAT_PROTOCOL_CALLBACK(handshake)
if (!password_received)
{
plain_text_password = weechat_string_match_list (
relay_auth_password_name[0],
(const char **)relay_config_network_auth_password_list,
relay_auth_password_hash_algo_name[0],
(const char **)relay_config_network_password_hash_algo_list,
1);
if (plain_text_password)
auth_found = 0;
hash_algo_found = 0;
}
client->auth_password = auth_found;
client->password_hash_algo = hash_algo_found;
relay_weechat_protocol_handshake_reply (client, id);