mirror of
https://github.com/weechat/weechat.git
synced 2026-07-04 00:33:13 +02:00
relay: add command "handshake" in weechat relay protocol and nonce to prevent replay attacks (closes #1474)
This introduces a new command called "handshake" in the weechat relay protocol. It should be sent by the client before the "init" command, to negotiate the way to authenticate with a password. 3 new options are added: * relay.network.auth_password * relay.network.hash_iterations * relay.network.nonce_size
This commit is contained in:
@@ -116,6 +116,12 @@
|
||||
** Werte: beliebige Zeichenkette
|
||||
** Standardwert: `+""+`
|
||||
|
||||
* [[option_relay.network.auth_password]] *relay.network.auth_password*
|
||||
** Beschreibung: pass:none[comma separated list of hash algorithms used for password authentication in weechat protocol, among these values: "plain" (password in plain text, not hashed), "sha256", "sha512", "pbkdf2+sha256", "pbkdf2+sha512"), "*" means all algorithms, a name beginning with "!" is a negative value to prevent an algorithm from being used, wildcard "*" is allowed in names (examples: "*", "pbkdf2*", "*,!plain")]
|
||||
** Typ: Zeichenkette
|
||||
** Werte: beliebige Zeichenkette
|
||||
** Standardwert: `+"*"+`
|
||||
|
||||
* [[option_relay.network.auth_timeout]] *relay.network.auth_timeout*
|
||||
** Beschreibung: pass:none[timeout (in seconds) for client authentication: connection is closed if the client is still not authenticated after this delay and the client status is set to "authentication failed" (0 = wait forever)]
|
||||
** Typ: integer
|
||||
@@ -140,6 +146,12 @@
|
||||
** Werte: 0 .. 9
|
||||
** Standardwert: `+6+`
|
||||
|
||||
* [[option_relay.network.hash_iterations]] *relay.network.hash_iterations*
|
||||
** Beschreibung: pass:none[number of iterations asked to the client in weechat protocol when a hashed password with algorithm PBKDF2 is used for authentication; more iterations is better in term of security but is slower to compute; this number should not be too high if your CPU is slow]
|
||||
** Typ: integer
|
||||
** Werte: 1 .. 1000000
|
||||
** Standardwert: `+100000+`
|
||||
|
||||
* [[option_relay.network.ipv6]] *relay.network.ipv6*
|
||||
** Beschreibung: pass:none[lauscht standardmäßig am IPv6 Socket (zusätzlich zu IPv4, welches als Standardprotokoll genutzt wird); mittels des Protokollnamens kann das IPv4 und IPv6 Protokoll, einzeln oder gemeinsam, erzwungen werden (siehe /help relay)]
|
||||
** Typ: boolesch
|
||||
@@ -152,6 +164,12 @@
|
||||
** Werte: 0 .. 2147483647
|
||||
** Standardwert: `+5+`
|
||||
|
||||
* [[option_relay.network.nonce_size]] *relay.network.nonce_size*
|
||||
** Beschreibung: pass:none[size of nonce (in bytes), generated when a client connects; the client must use this nonce, concatenated to the client nonce and the password when hashing the password in the "init" command of the weechat protocol]
|
||||
** Typ: integer
|
||||
** Werte: 8 .. 128
|
||||
** Standardwert: `+16+`
|
||||
|
||||
* [[option_relay.network.password]] *relay.network.password*
|
||||
** Beschreibung: pass:none[Passwort wird von Clients benötigt um Zugriff auf dieses Relay zu erhalten (kein Eintrag bedeutet, dass kein Passwort benötigt wird, siehe Option relay.network.allow_empty_password) (Hinweis: Inhalt wird evaluiert, siehe /help eval)]
|
||||
** Typ: Zeichenkette
|
||||
|
||||
@@ -116,6 +116,12 @@
|
||||
** values: any string
|
||||
** default value: `+""+`
|
||||
|
||||
* [[option_relay.network.auth_password]] *relay.network.auth_password*
|
||||
** description: pass:none[comma separated list of hash algorithms used for password authentication in weechat protocol, among these values: "plain" (password in plain text, not hashed), "sha256", "sha512", "pbkdf2+sha256", "pbkdf2+sha512"), "*" means all algorithms, a name beginning with "!" is a negative value to prevent an algorithm from being used, wildcard "*" is allowed in names (examples: "*", "pbkdf2*", "*,!plain")]
|
||||
** type: string
|
||||
** values: any string
|
||||
** default value: `+"*"+`
|
||||
|
||||
* [[option_relay.network.auth_timeout]] *relay.network.auth_timeout*
|
||||
** description: pass:none[timeout (in seconds) for client authentication: connection is closed if the client is still not authenticated after this delay and the client status is set to "authentication failed" (0 = wait forever)]
|
||||
** type: integer
|
||||
@@ -140,6 +146,12 @@
|
||||
** values: 0 .. 9
|
||||
** default value: `+6+`
|
||||
|
||||
* [[option_relay.network.hash_iterations]] *relay.network.hash_iterations*
|
||||
** description: pass:none[number of iterations asked to the client in weechat protocol when a hashed password with algorithm PBKDF2 is used for authentication; more iterations is better in term of security but is slower to compute; this number should not be too high if your CPU is slow]
|
||||
** type: integer
|
||||
** values: 1 .. 1000000
|
||||
** default value: `+100000+`
|
||||
|
||||
* [[option_relay.network.ipv6]] *relay.network.ipv6*
|
||||
** description: pass:none[listen on IPv6 socket by default (in addition to IPv4 which is default); protocols IPv4 and IPv6 can be forced (individually or together) in the protocol name (see /help relay)]
|
||||
** type: boolean
|
||||
@@ -152,6 +164,12 @@
|
||||
** values: 0 .. 2147483647
|
||||
** default value: `+5+`
|
||||
|
||||
* [[option_relay.network.nonce_size]] *relay.network.nonce_size*
|
||||
** description: pass:none[size of nonce (in bytes), generated when a client connects; the client must use this nonce, concatenated to the client nonce and the password when hashing the password in the "init" command of the weechat protocol]
|
||||
** type: integer
|
||||
** values: 8 .. 128
|
||||
** default value: `+16+`
|
||||
|
||||
* [[option_relay.network.password]] *relay.network.password*
|
||||
** description: pass:none[password required by clients to access this relay (empty value means no password required, see option relay.network.allow_empty_password) (note: content is evaluated, see /help eval)]
|
||||
** type: string
|
||||
|
||||
+42
-42
@@ -318,6 +318,7 @@ WeeChat "core" is located in following directories:
|
||||
| weechat-python-api.c | Python scripting API functions.
|
||||
| relay/ | Relay plugin (IRC proxy and relay for remote interfaces).
|
||||
| relay.c | Main relay functions.
|
||||
| relay-auth.c | Clients authentication.
|
||||
| relay-buffer.c | Relay buffer.
|
||||
| relay-client.c | Clients of relay.
|
||||
| relay-command.c | Relay commands.
|
||||
@@ -378,48 +379,47 @@ WeeChat "core" is located in following directories:
|
||||
|
||||
[width="100%",cols="1m,2",options="header"]
|
||||
|===
|
||||
| Path/file | Description
|
||||
| tests/ | Root of tests.
|
||||
| tests.cpp | Program used to run all tests.
|
||||
| scripts/ | Root of scripting API tests.
|
||||
| test-scripts.cpp | Program used to run the scripting API tests.
|
||||
| python/ | Python scripts to generate and run the scripting API tests.
|
||||
| testapigen.py | Python script generating scripts in all languages to test the scripting API.
|
||||
| testapi.py | Python script with scripting API tests, used by script testapigen.py.
|
||||
| unparse.py | Convert Python code to other languages, used by script testapigen.py.
|
||||
| unit/ | Root of unit tests.
|
||||
| test-plugins.cpp | Tests: plugins.
|
||||
| core/ | Root of unit tests for core.
|
||||
| test-core-arraylist.cpp | Tests: arraylists.
|
||||
| test-core-calc.cpp | Tests: calculation of expressions.
|
||||
| test-core-crypto.cpp | Tests: cryptographic functions.
|
||||
| test-core-eval.cpp | Tests: evaluation of expressions.
|
||||
| test-core-hashtble.cpp | Tests: hashtables.
|
||||
| test-core-hdata.cpp | Tests: hdata.
|
||||
| test-core-hook.cpp | Tests: hooks.
|
||||
| test-core-infolist.cpp | Tests: infolists.
|
||||
| test-core-list.cpp | Tests: lists.
|
||||
| test-core-secure.cpp | Tests: secured data.
|
||||
| test-core-string.cpp | Tests: strings.
|
||||
| test-core-url.cpp | Tests: URLs.
|
||||
| test-core-utf8.cpp | Tests: UTF-8.
|
||||
| test-core-util.cpp | Tests: utility functions.
|
||||
| gui/ | Root of unit tests for interfaces.
|
||||
| test-gui-color.cpp | Tests: colors.
|
||||
| test-gui-line.cpp | Tests: lines.
|
||||
| test-gui-nick.cpp | Tests: nicks.
|
||||
| plugins/ | Root of unit tests for plugins.
|
||||
| irc/ | Root of unit tests for IRC plugin.
|
||||
| test-irc-color.cpp | Tests: IRC colors.
|
||||
| test-irc-config.cpp | Tests: IRC configuration.
|
||||
| test-irc-ignore.cpp | Tests: IRC ignores.
|
||||
| test-irc-message.cpp | Tests: IRC messages.
|
||||
| test-irc-mode.cpp | Tests: IRC modes.
|
||||
| test-irc-nick.cpp | Tests: IRC nicks.
|
||||
| test-irc-protocol.cpp | Tests: IRC protocol.
|
||||
| relay/ | Root of unit tests for Relay plugin.
|
||||
| weechat/ | Root of unit tests for weechat protocol.
|
||||
| test-relay-weechat-protocol.cpp | Tests: weechat protocol.
|
||||
| Path/file | Description
|
||||
| tests/ | Root of tests.
|
||||
| tests.cpp | Program used to run all tests.
|
||||
| scripts/ | Root of scripting API tests.
|
||||
| test-scripts.cpp | Program used to run the scripting API tests.
|
||||
| python/ | Python scripts to generate and run the scripting API tests.
|
||||
| testapigen.py | Python script generating scripts in all languages to test the scripting API.
|
||||
| testapi.py | Python script with scripting API tests, used by script testapigen.py.
|
||||
| unparse.py | Convert Python code to other languages, used by script testapigen.py.
|
||||
| unit/ | Root of unit tests.
|
||||
| test-plugins.cpp | Tests: plugins.
|
||||
| core/ | Root of unit tests for core.
|
||||
| test-core-arraylist.cpp | Tests: arraylists.
|
||||
| test-core-calc.cpp | Tests: calculation of expressions.
|
||||
| test-core-crypto.cpp | Tests: cryptographic functions.
|
||||
| test-core-eval.cpp | Tests: evaluation of expressions.
|
||||
| test-core-hashtble.cpp | Tests: hashtables.
|
||||
| test-core-hdata.cpp | Tests: hdata.
|
||||
| test-core-hook.cpp | Tests: hooks.
|
||||
| test-core-infolist.cpp | Tests: infolists.
|
||||
| test-core-list.cpp | Tests: lists.
|
||||
| test-core-secure.cpp | Tests: secured data.
|
||||
| test-core-string.cpp | Tests: strings.
|
||||
| test-core-url.cpp | Tests: URLs.
|
||||
| test-core-utf8.cpp | Tests: UTF-8.
|
||||
| test-core-util.cpp | Tests: utility functions.
|
||||
| gui/ | Root of unit tests for interfaces.
|
||||
| test-gui-color.cpp | Tests: colors.
|
||||
| test-gui-line.cpp | Tests: lines.
|
||||
| test-gui-nick.cpp | Tests: nicks.
|
||||
| plugins/ | Root of unit tests for plugins.
|
||||
| irc/ | Root of unit tests for IRC plugin.
|
||||
| test-irc-color.cpp | Tests: IRC colors.
|
||||
| test-irc-config.cpp | Tests: IRC configuration.
|
||||
| test-irc-ignore.cpp | Tests: IRC ignores.
|
||||
| test-irc-message.cpp | Tests: IRC messages.
|
||||
| test-irc-mode.cpp | Tests: IRC modes.
|
||||
| test-irc-nick.cpp | Tests: IRC nicks.
|
||||
| test-irc-protocol.cpp | Tests: IRC protocol.
|
||||
| relay/ | Root of unit tests for Relay plugin.
|
||||
| test-relay-auth.cpp | Tests: clients authentication.
|
||||
|
||||
|===
|
||||
|
||||
|
||||
@@ -32,11 +32,11 @@ The _clients_ are connected to _relay_ like shown in this diagram:
|
||||
....
|
||||
┌──────────┐ Workstation
|
||||
┌────────┐ ┌───┤ client 1 │ (Linux, Windows,
|
||||
│ irc │◄──┐ ╔═══════════╤═══════╗ │ └──────────┘ BSD, macOS ...)
|
||||
└────────┘ └──╢ │ ║◄───┘ ┌──────────┐
|
||||
...... ║ WeeChat │ Relay ║◄───────┤ client 2 │ Mobile device
|
||||
┌────────┐ ┌──╢ │ ║◄───┐ └──────────┘ (Android, iPhone ...)
|
||||
│ jabber │◄──┘ ╚═══════════╧═══════╝ │ ......
|
||||
│ irc │◀──┐ ╔═══════════╤═══════╗ │ └──────────┘ BSD, macOS ...)
|
||||
└────────┘ └──╢ │ ║◀───┘ ┌──────────┐
|
||||
...... ║ WeeChat │ Relay ║◀───────┤ client 2 │ Mobile device
|
||||
┌────────┐ ┌──╢ │ ║◀───┐ └──────────┘ (Android, iPhone ...)
|
||||
│ jabber │◀──┘ ╚═══════════╧═══════╝ │ ......
|
||||
└────────┘ │ ┌──────────┐
|
||||
...... └───┤ client N │ Other devices
|
||||
└──────────┘
|
||||
@@ -86,24 +86,129 @@ List of available commands (detail in next chapters):
|
||||
|
||||
[width="80%",cols="^3m,14",options="header"]
|
||||
|===
|
||||
| Command | Description
|
||||
| init | Initialize connection with _relay_.
|
||||
| hdata | Request a _hdata_.
|
||||
| info | Request an _info_.
|
||||
| infolist | Request an _infolist_.
|
||||
| nicklist | Request a _nicklist_.
|
||||
| input | Send data to a buffer (text or command).
|
||||
| sync | Synchronize buffer(s): get updates for buffer(s).
|
||||
| desync | Desynchronize buffer(s): stop updates for buffer(s).
|
||||
| quit | Disconnect from _relay_.
|
||||
| Command | Description
|
||||
| handshake | Handshake: prepare client authentication and set options, before _init_ command.
|
||||
| init | Authenticate with _relay_.
|
||||
| hdata | Request a _hdata_.
|
||||
| info | Request an _info_.
|
||||
| infolist | Request an _infolist_.
|
||||
| nicklist | Request a _nicklist_.
|
||||
| input | Send data to a buffer (text or command).
|
||||
| sync | Synchronize buffer(s): get updates for buffer(s).
|
||||
| desync | Desynchronize buffer(s): stop updates for buffer(s).
|
||||
| quit | Disconnect from _relay_.
|
||||
|===
|
||||
|
||||
[[command_handshake]]
|
||||
=== handshake
|
||||
|
||||
_WeeChat ≥ 2.9._
|
||||
|
||||
Perform an handshake between the client and WeeChat: this is required in most
|
||||
cases to know the session settings and prepare the authentication with the
|
||||
_init_ command.
|
||||
|
||||
The handshake can be performed multiple times before the _init_ command,
|
||||
although it is rarely needed.
|
||||
|
||||
Syntax:
|
||||
|
||||
----
|
||||
handshake [<option>=<value>,[<option>=<value>,...]]
|
||||
----
|
||||
|
||||
Arguments:
|
||||
|
||||
* _option_: one of following options:
|
||||
** _password_: list of hash algorithms supported by the client (separated by colons),
|
||||
allowed values are:
|
||||
*** _plain_: plain text password (no hash)
|
||||
*** _sha256_: password salted and hashed with SHA256 algorithm
|
||||
*** _sha512_: password salted and hashed with SHA512 algorithm
|
||||
*** _pbkdf2+sha256_: password salted and hashed with PBKDF2 algorithm (using SHA256 hash)
|
||||
*** _pbkdf2+sha512_: password salted and hashed with PBKDF2 algorithm (using SHA512 hash)
|
||||
** _compression_: compression type:
|
||||
*** _zlib_: enable _zlib_ compression for messages sent by _relay_
|
||||
(enabled by default if _relay_ supports _zlib_ compression)
|
||||
*** _off_: disable compression
|
||||
|
||||
Notes about option _password_:
|
||||
|
||||
* If the option is not given (of if the _handshake_ command is not sent by the
|
||||
client), _relay_ uses automatically _plain_ authentication (if allowed on
|
||||
_relay_ side).
|
||||
* _Relay_ chooses the safest algorithm available on both client and _relay_,
|
||||
by order of priority from first (safest) to last used:
|
||||
. _pbkdf2+sha512_
|
||||
. _pbkdf2+sha256_
|
||||
. _sha512_
|
||||
. _sha256_
|
||||
. _plain_
|
||||
|
||||
WeeChat replies with a hashtable containing the following keys and values:
|
||||
|
||||
* _auth_password_: the password authentication negotiated: supported by both
|
||||
the client and _relay_:
|
||||
** (empty value): negotiation failed, password authentication is *NOT* possible
|
||||
** _plain_
|
||||
** _sha256_
|
||||
** _sha512_
|
||||
** _pbkdf2+sha256_
|
||||
** _pbkdf2+sha512_
|
||||
* _hash_iterations_: number of iterations for hash (for the PBKDF2 algorithm only)
|
||||
* _totp_:
|
||||
** _on_: Time-based One-Time Password (TOTP) is configured and expected
|
||||
in the _init_ command
|
||||
** _off_: Time-based One-Time Password (TOTP) is not enabled and not needed
|
||||
in the _init_ command
|
||||
* _nonce_: a buffer of unpredictable bytes, sent as hexadecimal, to prevent
|
||||
replay attacks; if _auth_password_ is a hash algorithm, the client must compute
|
||||
the hash of password on this nonce, concatenated with a client nonce and the
|
||||
user password (the _relay_ nonce + the client nonce is the salt used in the
|
||||
password hash algorithm)
|
||||
|
||||
Examples:
|
||||
|
||||
----
|
||||
# nothing offered by the client (or only "plain"), authentication password "plain" will be used if allowed on relay side
|
||||
handshake
|
||||
handshake password=plain
|
||||
|
||||
# only plain, sha256 and pbkdf2+sha256 are supported by the client
|
||||
handshake password=plain:sha256:pbkdf2+sha256
|
||||
----
|
||||
|
||||
Example of response:
|
||||
|
||||
[source,python]
|
||||
----
|
||||
id: 'handshake'
|
||||
htb: {'auth_password': 'pbkdf2+sha256', 'hash_iterations': '100000', 'totp': 'on', 'nonce': '85B1EE00695A5B254E14F4885538DF0D'}
|
||||
----
|
||||
|
||||
The client can authenticate with this command (see <<command_init,init command>>),
|
||||
the salt is the _relay_ nonce + "ABCD" ("41424344" in hexadecimal):
|
||||
|
||||
----
|
||||
init password_hash=pbkdf2+sha256:85b1ee00695a5b254e14f4885538df0d41424344:100000:01757d53157ca14a1419e3a8cc1563536520a60b76d2d48e7f9ac09afc945a1c
|
||||
----
|
||||
|
||||
[TIP]
|
||||
With WeeChat ≤ 2.8, the command _handshake_ is not implemented, WeeChat silently
|
||||
ignores this command, even if it is sent before the _init_ command. +
|
||||
So it is safe to send this command to any WeeChat version.
|
||||
|
||||
[[command_init]]
|
||||
=== init
|
||||
|
||||
Initialize connection with _relay_. This must be first command sent to _relay_.
|
||||
If not sent, _relay_ will close connection on first command received, without
|
||||
warning.
|
||||
_Updated in versions 2.4, 2.8, 2.9._
|
||||
|
||||
Authenticate with _relay_.
|
||||
|
||||
This must be first command sent to _relay_ (only _handshake_ command can be sent
|
||||
before _init_). +
|
||||
If not sent, _relay_ will close connection on first command received (except
|
||||
_handshake_), without warning.
|
||||
|
||||
Syntax:
|
||||
|
||||
@@ -123,7 +228,9 @@ Arguments:
|
||||
factor, in addition to the password
|
||||
(option _relay.network.totp_secret_ in WeeChat)
|
||||
_(WeeChat ≥ 2.4)_
|
||||
** _compression_: compression type:
|
||||
** _compression_: compression type (*deprecated* since version 2.9, it is kept
|
||||
for compatibility reasons but should be sent in the
|
||||
<<command_handshake,handshake command>>):
|
||||
*** _zlib_: enable _zlib_ compression for messages sent by _relay_
|
||||
(enabled by default if _relay_ supports _zlib_ compression)
|
||||
*** _off_: disable compression
|
||||
@@ -135,13 +242,27 @@ With WeeChat ≥ 1.6, commas can be escaped in the value, for example
|
||||
Format of hashed password is one of the following, where _hash_ is the hashed
|
||||
password as hexadecimal:
|
||||
|
||||
* `+sha256:hash+`
|
||||
* `+sha512:hash+`
|
||||
* `+pbkdf2:algorithm:salt:iterations:hash+` with:
|
||||
** _algorithm_: _sha256_ or _sha512_
|
||||
** _salt_: salt (hexadecimal)
|
||||
* `+sha256:salt:hash+` with:
|
||||
** _salt_: salt (hexadecimal), which must start with the server nonce,
|
||||
concatenated to the client nonce
|
||||
** _hash_: the hashed salt + password (hexadecimal)
|
||||
* `+sha512:salt:hash+` with:
|
||||
** _salt_: salt (hexadecimal), which must start with the server nonce,
|
||||
concatenated to the client nonce
|
||||
** _hash_: the hashed salt + password (hexadecimal)
|
||||
* `+pbkdf2+sha256:salt:iterations:hash+` with:
|
||||
** _salt_: salt (hexadecimal), which must start with the server nonce,
|
||||
concatenated to the client nonce
|
||||
** _iterations_: number of iterations
|
||||
** _hash_: the hashed password (hexadecimal)
|
||||
** _hash_: the hashed salt + password with SHA256 algorithm (hexadecimal)
|
||||
* `+pbkdf2+sha512:salt:iterations:hash+` with:
|
||||
** _salt_: salt (hexadecimal), which must start with the server nonce,
|
||||
concatenated to the client nonce
|
||||
** _iterations_: number of iterations
|
||||
** _hash_: the hashed salt + password with SHA512 algorithm (hexadecimal)
|
||||
|
||||
[NOTE]
|
||||
Hexadecimal strings can be lower or upper case, _relay_ can decode both.
|
||||
|
||||
Examples:
|
||||
|
||||
@@ -158,14 +279,14 @@ init password=mypass,totp=123456
|
||||
# initialize and disable compression
|
||||
init password=mypass,compression=off
|
||||
|
||||
# initialize with hashed password (SHA256) (WeeChat ≥ 2.8)
|
||||
init password_hash=sha256:b9a4c3393dfac4330736684510378851e581c68add8eca84110c31a33e694676
|
||||
# initialize with hashed password (SHA256: salt="nonce:cnonce") (WeeChat ≥ 2.9)
|
||||
init password_hash=sha256:6e6f6e63653a636e6f6e6365:b9a4c3393dfac4330736684510378851e581c68add8eca84110c31a33e694676
|
||||
|
||||
# initialize with hashed password (SHA512) (WeeChat ≥ 2.8)
|
||||
init password_hash=sha512:4469190d4e0d1fdc0afb6f408d9873c89b8ce89cc4db79fe058255c55ad6821fa5e9bb068f9e578c8ae7cc825d85ff99c439d59e439bc589d95620a1e6b8ae6e
|
||||
# initialize with hashed password (SHA512: salt="nonce:cnonce") (WeeChat ≥ 2.9)
|
||||
init password_hash=sha512:6e6f6e63653a636e6f6e6365:4469190d4e0d1fdc0afb6f408d9873c89b8ce89cc4db79fe058255c55ad6821fa5e9bb068f9e578c8ae7cc825d85ff99c439d59e439bc589d95620a1e6b8ae6e
|
||||
|
||||
# initialize with hashed password (PBKDF2: SHA256, salt="ABCDEFGHIJKLMNOP", 100000 iterations) (WeeChat ≥ 2.8)
|
||||
init password_hash=pbkdf2:sha256:4142434445464748494a4b4c4d4e4f50:100000:01757d53157ca14a1419e3a8cc1563536520a60b76d2d48e7f9ac09afc945a1c
|
||||
# initialize with hashed password (PBKDF2: SHA256, salt="nonce:cnonce", 100000 iterations) (WeeChat ≥ 2.9)
|
||||
init password_hash=pbkdf2+sha256:6e6f6e63653a636e6f6e6365:100000:01757d53157ca14a1419e3a8cc1563536520a60b76d2d48e7f9ac09afc945a1c
|
||||
----
|
||||
|
||||
[[command_hdata]]
|
||||
@@ -1389,7 +1510,7 @@ Example:
|
||||
|
||||
....
|
||||
┌────┐
|
||||
│ 41 │ ────► 65 (0x41: "A")
|
||||
│ 41 │ ────▶ 65 (0x41: "A")
|
||||
└────┘
|
||||
....
|
||||
|
||||
@@ -1405,11 +1526,11 @@ Examples:
|
||||
|
||||
....
|
||||
┌────┬────┬────┬────┐
|
||||
│ 00 │ 01 │ E2 │ 40 │ ────► 123456
|
||||
│ 00 │ 01 │ E2 │ 40 │ ────▶ 123456
|
||||
└────┴────┴────┴────┘
|
||||
|
||||
┌────┬────┬────┬────┐
|
||||
│ FF │ FE │ 1D │ C0 │ ────► -123456
|
||||
│ FF │ FE │ 1D │ C0 │ ────▶ -123456
|
||||
└────┴────┴────┴────┘
|
||||
....
|
||||
|
||||
@@ -1424,13 +1545,13 @@ Examples:
|
||||
|
||||
....
|
||||
┌────╥────┬────┬────┬────┬────┬────┬────┬────┬────┬────┐
|
||||
│ 0A ║ 31 │ 32 │ 33 │ 34 │ 35 │ 36 │ 37 │ 38 │ 39 │ 30 │ ────► 1234567890
|
||||
│ 0A ║ 31 │ 32 │ 33 │ 34 │ 35 │ 36 │ 37 │ 38 │ 39 │ 30 │ ────▶ 1234567890
|
||||
└────╨────┴────┴────┴────┴────┴────┴────┴────┴────┴────┘
|
||||
└──┘ └───────────────────────────────────────────────┘
|
||||
length '1' '2' '3' '4' '5' '6' '7' '8' '9' '0'
|
||||
|
||||
┌────╥────┬────┬────┬────┬────┬────┬────┬────┬────┬────┬────┐
|
||||
│ 0B ║ 2D │ 31 │ 32 │ 33 │ 34 │ 35 │ 36 │ 37 │ 38 │ 39 │ 30 │ ────► -1234567890
|
||||
│ 0B ║ 2D │ 31 │ 32 │ 33 │ 34 │ 35 │ 36 │ 37 │ 38 │ 39 │ 30 │ ────▶ -1234567890
|
||||
└────╨────┴────┴────┴────┴────┴────┴────┴────┴────┴────┴────┘
|
||||
└──┘ └────────────────────────────────────────────────────┘
|
||||
length '-' '1' '2' '3' '4' '5' '6' '7' '8' '9' '0'
|
||||
@@ -1445,7 +1566,7 @@ Example:
|
||||
|
||||
....
|
||||
┌────┬────┬────┬────╥────┬────┬────┬────┬────┐
|
||||
│ 00 │ 00 │ 00 │ 05 ║ 68 │ 65 │ 6C │ 6C │ 6F │ ────► "hello"
|
||||
│ 00 │ 00 │ 00 │ 05 ║ 68 │ 65 │ 6C │ 6C │ 6F │ ────▶ "hello"
|
||||
└────┴────┴────┴────╨────┴────┴────┴────┴────┘
|
||||
└─────────────────┘ └──────────────────────┘
|
||||
length 'h' 'e' 'l' 'l' 'o'
|
||||
@@ -1455,7 +1576,7 @@ An empty string has a length of zero:
|
||||
|
||||
....
|
||||
┌────┬────┬────┬────┐
|
||||
│ 00 │ 00 │ 00 │ 00 │ ────► ""
|
||||
│ 00 │ 00 │ 00 │ 00 │ ────▶ ""
|
||||
└────┴────┴────┴────┘
|
||||
└─────────────────┘
|
||||
length
|
||||
@@ -1465,7 +1586,7 @@ A _NULL_ string (NULL pointer in C) has a length of -1:
|
||||
|
||||
....
|
||||
┌────┬────┬────┬────┐
|
||||
│ FF │ FF │ FF │ FF │ ────► NULL
|
||||
│ FF │ FF │ FF │ FF │ ────▶ NULL
|
||||
└────┴────┴────┴────┘
|
||||
└─────────────────┘
|
||||
length
|
||||
@@ -1485,7 +1606,7 @@ Example:
|
||||
|
||||
....
|
||||
┌────╥────┬────┬────┬────┬────┬────┬────┬────┬────┐
|
||||
│ 09 ║ 31 │ 61 │ 32 │ 62 │ 33 │ 63 │ 34 │ 64 │ 35 │ ────► 0x1a2b3c4d5
|
||||
│ 09 ║ 31 │ 61 │ 32 │ 62 │ 33 │ 63 │ 34 │ 64 │ 35 │ ────▶ 0x1a2b3c4d5
|
||||
└────╨────┴────┴────┴────┴────┴────┴────┴────┴────┘
|
||||
└──┘ └──────────────────────────────────────────┘
|
||||
length '1' 'a' '2' 'b' '3' 'c' '4' 'd' '5'
|
||||
@@ -1495,7 +1616,7 @@ A _NULL_ pointer has a length of 1 with value 0:
|
||||
|
||||
....
|
||||
┌────╥────┐
|
||||
│ 01 ║ 00 │ ────► NULL (0x0)
|
||||
│ 01 ║ 00 │ ────▶ NULL (0x0)
|
||||
└────╨────┘
|
||||
└──┘ └──┘
|
||||
length 0
|
||||
@@ -1510,7 +1631,7 @@ Example:
|
||||
|
||||
....
|
||||
┌────╥────┬────┬────┬────┬────┬────┬────┬────┬────┬────┐
|
||||
│ 0A ║ 31 │ 33 │ 32 │ 31 │ 39 │ 39 │ 33 │ 34 │ 35 │ 36 │ ────► 1321993456
|
||||
│ 0A ║ 31 │ 33 │ 32 │ 31 │ 39 │ 39 │ 33 │ 34 │ 35 │ 36 │ ────▶ 1321993456
|
||||
└────╨────┴────┴────┴────┴────┴────┴────┴────┴────┴────┘
|
||||
└──┘ └───────────────────────────────────────────────┘
|
||||
length '1' '3' '2' '1' '9' '9' '3' '4' '5' '6'
|
||||
@@ -1532,7 +1653,7 @@ Example:
|
||||
|
||||
....
|
||||
┌─────┬─────┬───╥──────┬─────╥──────┬─────┐
|
||||
│ str │ str │ 2 ║ key1 │ abc ║ key2 │ def │ ────► { 'key1' => 'abc',
|
||||
│ str │ str │ 2 ║ key1 │ abc ║ key2 │ def │ ────▶ { 'key1' => 'abc',
|
||||
└─────┴─────┴───╨──────┴─────╨──────┴─────┘ 'key2' => 'def' }
|
||||
└───┘ └───┘ └─┘ └──────────┘ └──────────┘
|
||||
type type count item 1 item 2
|
||||
@@ -1759,7 +1880,7 @@ Example of array with two strings:
|
||||
type number of strings length
|
||||
|
||||
──╥────┬────┬────╥────┬────┬────┬────╥────┬────┐
|
||||
... ║ 61 │ 62 │ 63 ║ 00 │ 00 │ 00 │ 02 ║ 64 │ 65 │ ────► [ "abc", "de" ]
|
||||
... ║ 61 │ 62 │ 63 ║ 00 │ 00 │ 00 │ 02 ║ 64 │ 65 │ ────▶ [ "abc", "de" ]
|
||||
──╨────┴────┴────╨────┴────┴────┴────╨────┴────┘
|
||||
└────────────┘ └─────────────────┘ └───────┘
|
||||
'a' 'b' 'c' length 'd' 'e'
|
||||
@@ -1775,7 +1896,7 @@ Example of array with three integers:
|
||||
type number of integers 123 (0x7B)
|
||||
|
||||
──╥────┬────┬────┬────╥────┬────┬────┬────┐
|
||||
... ║ 00 │ 00 │ 01 │ C8 ║ 00 │ 00 │ 03 │ 15 │ ────► [ 123, 456, 789 ]
|
||||
... ║ 00 │ 00 │ 01 │ C8 ║ 00 │ 00 │ 03 │ 15 │ ────▶ [ 123, 456, 789 ]
|
||||
──╨────┴────┴────┴────╨────┴────┴────┴────┘
|
||||
└─────────────────┘ └─────────────────┘
|
||||
456 (0x1C8) 789 (0x315)
|
||||
@@ -1785,7 +1906,7 @@ A _NULL_ array:
|
||||
|
||||
....
|
||||
┌─────╥────┬────┬────┬────┐
|
||||
│ str ║ 00 │ 00 │ 00 │ 00 │ ────► NULL
|
||||
│ str ║ 00 │ 00 │ 00 │ 00 │ ────▶ NULL
|
||||
└─────╨────┴────┴────┴────┘
|
||||
└───┘ └─────────────────┘
|
||||
type number of strings
|
||||
@@ -1799,43 +1920,49 @@ A _NULL_ array:
|
||||
│ Client ├ ─ ─ ─ ─(network)─ ─ ─ ─ ┤ Relay ├────────────────┤ WeeChat │
|
||||
└────────┘ └───────┘ └─────────┘
|
||||
║ ║ ║
|
||||
╟───────────────────────────────► ║ ║
|
||||
╟───────────────────────────────▶ ║ ║
|
||||
║ open socket ║ add client ║
|
||||
║ ║ ║
|
||||
╟───────────────────────────────► ║ ║
|
||||
║ cmd: init password=xxx,... ║ init/allow client ║
|
||||
╟───────────────────────────────▶ ║ ║
|
||||
║ cmd: handshake password=xxx,... ║ negotiate algos ║
|
||||
║ ║ and options ║
|
||||
║ ◀───────────────────────────────╢ ║
|
||||
║ msg: id: "handshake" ... ║ ║
|
||||
║ ║ ║
|
||||
╟───────────────────────────────► ║ ║
|
||||
║ cmd: hdata buffer ... ╟───────────────────────► ║
|
||||
╟───────────────────────────────▶ ║ ║
|
||||
║ cmd: init password=xxx,... ║ authenticate client ║
|
||||
║ ║ ║
|
||||
╟───────────────────────────────▶ ║ ║
|
||||
║ cmd: hdata buffer ... ╟───────────────────────▶ ║
|
||||
║ sync ... ║ request hdata ║ read hdata
|
||||
║ ║ ║ values
|
||||
║ ║ ◄───────────────────────╢
|
||||
║ ◄───────────────────────────────╢ hdata ║
|
||||
║ ║ ◀───────────────────────╢
|
||||
║ ◀───────────────────────────────╢ hdata ║
|
||||
create ║ msg: hda buffer ║ ║
|
||||
buffers ║ ║ ║
|
||||
║ ........ ║ ........ ║
|
||||
║ ║ ║
|
||||
╟───────────────────────────────► ║ ║
|
||||
║ cmd: input ... ╟───────────────────────► ║
|
||||
╟───────────────────────────────▶ ║ ║
|
||||
║ cmd: input ... ╟───────────────────────▶ ║
|
||||
║ ║ send data to buffer ║ send data
|
||||
║ ║ ║ to buffer
|
||||
║ ........ ║ ........ ║
|
||||
║ ║ ║ signal
|
||||
║ ║ ◄───────────────────────╢ received
|
||||
║ ◄───────────────────────────────╢ signal XXX ║ (hooked by
|
||||
║ ║ ◀───────────────────────╢ received
|
||||
║ ◀───────────────────────────────╢ signal XXX ║ (hooked by
|
||||
update ║ msg: id: "_buffer_..." ║ ║ relay)
|
||||
buffers ║ ║ ║
|
||||
║ ........ ║ ........ ║
|
||||
║ ║ ║
|
||||
╟───────────────────────────────► ║ ║
|
||||
╟───────────────────────────────▶ ║ ║
|
||||
║ cmd: ping ... ║ ║
|
||||
║ ║ ║
|
||||
║ ◄───────────────────────────────╢ ║
|
||||
║ ◀───────────────────────────────╢ ║
|
||||
measure ║ msg: id: "_pong" ... ║ ║
|
||||
response ║ ║ ║
|
||||
time ║ ........ ║ ........ ║
|
||||
║ ║ ║
|
||||
╟───────────────────────────────► ║ ║
|
||||
╟───────────────────────────────▶ ║ ║
|
||||
║ cmd: quit ║ disconnect client ║
|
||||
║ ║ ║
|
||||
....
|
||||
|
||||
@@ -116,6 +116,12 @@
|
||||
** valeurs: toute chaîne
|
||||
** valeur par défaut: `+""+`
|
||||
|
||||
* [[option_relay.network.auth_password]] *relay.network.auth_password*
|
||||
** description: pass:none[liste des algorithmes de hachage pour l'authentification par mot de passe dans le protocole relay, parmi ces valeurs : "plain" (mot de passe en clair, non haché), "sha256", "sha512", "pbkdf2+sha256", "pbkdf2+sha512" ; "*" signifie tous les algorithmes, un nom commençant par "!" est une valeur négative pour empêcher un algorithme d'être utilisé, le caractère joker "*" est autorisé dans les noms (exemples : "*", "pbkdf2*", "*,!plain")]
|
||||
** type: chaîne
|
||||
** valeurs: toute chaîne
|
||||
** valeur par défaut: `+"*"+`
|
||||
|
||||
* [[option_relay.network.auth_timeout]] *relay.network.auth_timeout*
|
||||
** description: pass:none[temps maximum (en secondes) pour l'authentification du client ; la connexion est fermée si le client n'est toujours pas authentifié après ce délai et le statut est positionné à "échec d'authentification" (0 = attendre sans fin)]
|
||||
** type: entier
|
||||
@@ -140,6 +146,12 @@
|
||||
** valeurs: 0 .. 9
|
||||
** valeur par défaut: `+6+`
|
||||
|
||||
* [[option_relay.network.hash_iterations]] *relay.network.hash_iterations*
|
||||
** description: pass:none[nombre d'itérations demandées au client dans le protocole weechat lorsqu'un mot de passe haché avec l'algorithme PBKDF2 est utilisé pour l'authentification ; plus d'itérations est mieux en terme de sécurité mais est plus lent à calculer ; ce nombre ne doit pas être trop élevé si votre micro-processeur est lent]
|
||||
** type: entier
|
||||
** valeurs: 1 .. 1000000
|
||||
** valeur par défaut: `+100000+`
|
||||
|
||||
* [[option_relay.network.ipv6]] *relay.network.ipv6*
|
||||
** description: pass:none[écouter en IPv6 sur le socket par défaut (en plus de l'IPv4 qui est par défaut) ; les protocoles IPv4 et IPv6 peuvent être forcés (individuellement ou ensemble) dans le nom du protocole (voir /help relay)]
|
||||
** type: booléen
|
||||
@@ -152,6 +164,12 @@
|
||||
** valeurs: 0 .. 2147483647
|
||||
** valeur par défaut: `+5+`
|
||||
|
||||
* [[option_relay.network.nonce_size]] *relay.network.nonce_size*
|
||||
** description: pass:none[taille du nonce (en octets), généré lorsqu'un client se connecte ; le client doit utiliser ce nonce, concaténé au nonce client et au mot de passe pour hacher le mot de passe dans la commande "init" du protocole weechat]
|
||||
** type: entier
|
||||
** valeurs: 8 .. 128
|
||||
** valeur par défaut: `+16+`
|
||||
|
||||
* [[option_relay.network.password]] *relay.network.password*
|
||||
** description: pass:none[mot de passe requis par les clients pour accéder à ce relai (une valeur vide indique que le mot de passe n'est pas nécessaire, voir l'option relay.network.allow_empty_password) (note : le contenu est évalué, voir /help eval)]
|
||||
** type: chaîne
|
||||
|
||||
+42
-42
@@ -320,6 +320,7 @@ Le cœur de WeeChat est situé dans les répertoires suivants :
|
||||
| weechat-python-api.c | Fonctions de l'API script Python.
|
||||
| relay/ | Extension Relay (proxy IRC et relai pour des interfaces distantes).
|
||||
| relay.c | Fonctions principales de Relay.
|
||||
| relay-auth.c | Authentification des clients.
|
||||
| relay-buffer.c | Tampon Relay.
|
||||
| relay-client.c | Clients du relai.
|
||||
| relay-command.c | Commandes de Relay.
|
||||
@@ -380,48 +381,47 @@ Le cœur de WeeChat est situé dans les répertoires suivants :
|
||||
|
||||
[width="100%",cols="1m,2",options="header"]
|
||||
|===
|
||||
| Chemin/fichier | Description
|
||||
| tests/ | Racine des tests.
|
||||
| tests.cpp | Programme utilisé pour lancer tous les tests.
|
||||
| scripts/ | Racine des tests de l'API script.
|
||||
| test-scripts.cpp | Programme utilisé pour lancer les tests de l'API script.
|
||||
| python/ | Scripts Python pour générer et lancer les tests de l'API script.
|
||||
| testapigen.py | Script Python générant des scripts dans tous les languages pour tester l'API script.
|
||||
| testapi.py | Script Python avec les tests API, utilisé par le script testapigen.py.
|
||||
| unparse.py | Conversion de code Python vers d'autres langages, utilisé par le script testapigen.py.
|
||||
| unit/ | Racine des tests unitaires.
|
||||
| test-plugins.cpp | Tests : extensions.
|
||||
| core/ | Racine des tests unitaires pour le cœur.
|
||||
| test-core-arraylist.cpp | Tests : listes avec tableau (« arraylists »).
|
||||
| test-core-calc.cpp | Tests : calcul d'expressions.
|
||||
| test-core-crypto.cpp | Tests : fonctions cryptographiques.
|
||||
| test-core-eval.cpp | Tests : évaluation d'expressions.
|
||||
| test-core-hashtble.cpp | Tests : tables de hachage.
|
||||
| test-core-hdata.cpp | Tests : hdata.
|
||||
| test-core-hook.cpp | Tests : hooks.
|
||||
| test-core-infolist.cpp | Tests : infolists.
|
||||
| test-core-list.cpp | Tests : listes.
|
||||
| test-core-secure.cpp | Tests : données sécurisées.
|
||||
| test-core-string.cpp | Tests : chaînes.
|
||||
| test-core-url.cpp | Tests : URLs.
|
||||
| test-core-utf8.cpp | Tests : UTF-8.
|
||||
| test-core-util.cpp | Tests : fonctions utiles.
|
||||
| gui/ | Racine des tests unitaires pour les interfaces.
|
||||
| test-gui-color.cpp | Tests : couleurs.
|
||||
| test-gui-line.cpp | Tests : lignes.
|
||||
| test-gui-nick.cpp | Tests : pseudos.
|
||||
| plugins/ | Racine des tests unitaires pour les extensions.
|
||||
| irc/ | Racine des tests unitaires pour l'extension IRC.
|
||||
| test-irc-color.cpp | Tests : couleurs IRC.
|
||||
| test-irc-config.cpp | Tests : configuration IRC.
|
||||
| test-irc-ignore.cpp | Tests : ignores IRC.
|
||||
| test-irc-message.cpp | Tests : messages IRC.
|
||||
| test-irc-mode.cpp | Tests : modes IRC.
|
||||
| test-irc-nick.cpp | Tests : pseudos IRC.
|
||||
| test-irc-protocol.cpp | Tests : protocole IRC.
|
||||
| relay/ | Racine des tests unitaires pour l'extension Relay.
|
||||
| weechat/ | Racine des tests unitaires pour le protocole weechat.
|
||||
| test-relay-weechat-protocol.cpp | Tests : protocole weechat.
|
||||
| Chemin/fichier | Description
|
||||
| tests/ | Racine des tests.
|
||||
| tests.cpp | Programme utilisé pour lancer tous les tests.
|
||||
| scripts/ | Racine des tests de l'API script.
|
||||
| test-scripts.cpp | Programme utilisé pour lancer les tests de l'API script.
|
||||
| python/ | Scripts Python pour générer et lancer les tests de l'API script.
|
||||
| testapigen.py | Script Python générant des scripts dans tous les languages pour tester l'API script.
|
||||
| testapi.py | Script Python avec les tests API, utilisé par le script testapigen.py.
|
||||
| unparse.py | Conversion de code Python vers d'autres langages, utilisé par le script testapigen.py.
|
||||
| unit/ | Racine des tests unitaires.
|
||||
| test-plugins.cpp | Tests : extensions.
|
||||
| core/ | Racine des tests unitaires pour le cœur.
|
||||
| test-core-arraylist.cpp | Tests : listes avec tableau (« arraylists »).
|
||||
| test-core-calc.cpp | Tests : calcul d'expressions.
|
||||
| test-core-crypto.cpp | Tests : fonctions cryptographiques.
|
||||
| test-core-eval.cpp | Tests : évaluation d'expressions.
|
||||
| test-core-hashtble.cpp | Tests : tables de hachage.
|
||||
| test-core-hdata.cpp | Tests : hdata.
|
||||
| test-core-hook.cpp | Tests : hooks.
|
||||
| test-core-infolist.cpp | Tests : infolists.
|
||||
| test-core-list.cpp | Tests : listes.
|
||||
| test-core-secure.cpp | Tests : données sécurisées.
|
||||
| test-core-string.cpp | Tests : chaînes.
|
||||
| test-core-url.cpp | Tests : URLs.
|
||||
| test-core-utf8.cpp | Tests : UTF-8.
|
||||
| test-core-util.cpp | Tests : fonctions utiles.
|
||||
| gui/ | Racine des tests unitaires pour les interfaces.
|
||||
| test-gui-color.cpp | Tests : couleurs.
|
||||
| test-gui-line.cpp | Tests : lignes.
|
||||
| test-gui-nick.cpp | Tests : pseudos.
|
||||
| plugins/ | Racine des tests unitaires pour les extensions.
|
||||
| irc/ | Racine des tests unitaires pour l'extension IRC.
|
||||
| test-irc-color.cpp | Tests : couleurs IRC.
|
||||
| test-irc-config.cpp | Tests : configuration IRC.
|
||||
| test-irc-ignore.cpp | Tests : ignores IRC.
|
||||
| test-irc-message.cpp | Tests : messages IRC.
|
||||
| test-irc-mode.cpp | Tests : modes IRC.
|
||||
| test-irc-nick.cpp | Tests : pseudos IRC.
|
||||
| test-irc-protocol.cpp | Tests : protocole IRC.
|
||||
| relay/ | Racine des tests unitaires pour l'extension Relay.
|
||||
| test-relay-auth.cpp | Tests : authentification des clients.
|
||||
|===
|
||||
|
||||
[[documentation_translations]]
|
||||
|
||||
@@ -36,11 +36,11 @@ Les _clients_ sont connectés au _relay_ comme dans le diagramme ci-dessous :
|
||||
....
|
||||
┌──────────┐ Station de travail
|
||||
┌────────┐ ┌───┤ client 1 │ (Linux, Windows,
|
||||
│ irc │◄──┐ ╔═══════════╤═══════╗ │ └──────────┘ BSD, macOS ...)
|
||||
└────────┘ └──╢ │ ║◄───┘ ┌──────────┐
|
||||
...... ║ WeeChat │ Relay ║◄───────┤ client 2 │ Appareil mobile
|
||||
┌────────┐ ┌──╢ │ ║◄───┐ └──────────┘ (Android, iPhone ...)
|
||||
│ jabber │◄──┘ ╚═══════════╧═══════╝ │ ......
|
||||
│ irc │◀──┐ ╔═══════════╤═══════╗ │ └──────────┘ BSD, macOS ...)
|
||||
└────────┘ └──╢ │ ║◀───┘ ┌──────────┐
|
||||
...... ║ WeeChat │ Relay ║◀───────┤ client 2 │ Appareil mobile
|
||||
┌────────┐ ┌──╢ │ ║◀───┐ └──────────┘ (Android, iPhone ...)
|
||||
│ jabber │◀──┘ ╚═══════════╧═══════╝ │ ......
|
||||
└────────┘ │ ┌──────────┐
|
||||
...... └───┤ client N │ Autres appareils
|
||||
└──────────┘
|
||||
@@ -91,24 +91,139 @@ Liste des commandes disponibles (détail dans les chapitres suivants) :
|
||||
|
||||
[width="80%",cols="^3m,14",options="header"]
|
||||
|===
|
||||
| Commande | Description
|
||||
| init | Initialiser la connexion avec _relay_.
|
||||
| hdata | Demander un _hdata_.
|
||||
| info | Demander une _info_.
|
||||
| infolist | Demander une _infolist_.
|
||||
| nicklist | Demander une _nicklist_ (liste de pseudos).
|
||||
| input | Envoyer des données à un tampon (texte ou commande).
|
||||
| sync | Synchroniser un/des tampon(s) : recevoir les mises à jour pour le(s) tampon(s).
|
||||
| desync | Désynchroniser un/des tampon(s) : stopper les mises à jour pour le(s) tampon(s).
|
||||
| quit | Se déconnecter de _relay_.
|
||||
| Commande | Description
|
||||
| handshake | Poignée de main : préparer l'authentification du client et définir des options, avant la commande _init_.
|
||||
| init | S'authentifier avec _relay_.
|
||||
| hdata | Demander un _hdata_.
|
||||
| info | Demander une _info_.
|
||||
| infolist | Demander une _infolist_.
|
||||
| nicklist | Demander une _nicklist_ (liste de pseudos).
|
||||
| input | Envoyer des données à un tampon (texte ou commande).
|
||||
| sync | Synchroniser un/des tampon(s) : recevoir les mises à jour pour le(s) tampon(s).
|
||||
| desync | Désynchroniser un/des tampon(s) : stopper les mises à jour pour le(s) tampon(s).
|
||||
| quit | Se déconnecter de _relay_.
|
||||
|===
|
||||
|
||||
[[command_handshake]]
|
||||
=== handshake
|
||||
|
||||
_WeeChat ≥ 2.9._
|
||||
|
||||
Effectuer une poignée de main entre le client et WeeChat : cela est obligatoire
|
||||
dans la plupart des cas pour connaître les paramètres de la session et préparer
|
||||
l'authentification avec la commande _init_.
|
||||
|
||||
La poignée de main peut être effectuée plusieurs fois avant la commande _init_,
|
||||
même si cela est rarement nécessaire.
|
||||
|
||||
Syntaxe :
|
||||
|
||||
----
|
||||
handshake [<option>=<valeur>,[<option>=<valeur>,...]]
|
||||
----
|
||||
|
||||
Paramètres :
|
||||
|
||||
* _option_ : une des options suivantes :
|
||||
** _password_ : liste d'algorithmes de hachage supportés par le client (séparés par
|
||||
des deux-points), les valeurs autorisées sont :
|
||||
*** _plain_ : mot de passe en clair (pas de hachage)
|
||||
*** _sha256_ : mot de passe salé et haché avec l'algorithme SHA256
|
||||
*** _sha512_ : mot de passe salé et haché avec l'algorithme SHA512
|
||||
*** _pbkdf2+sha256_ : mot de passe salé et haché avec l'algorithme PBKDF2
|
||||
(avec un hachage SHA256)
|
||||
*** _pbkdf2+sha512_ : mot de passe salé et haché avec l'algorithme PBKDF2
|
||||
(avec un hachage SHA512)
|
||||
** _compression_ : type de compression :
|
||||
*** _zlib_ : activer la compression _zlib_ pour les messages envoyés par _relay_
|
||||
(activée par défaut si _relay_ supporte la compression _zlib_)
|
||||
*** _off_ : désactiver la compression
|
||||
|
||||
Notes à propos de l'option _password_ :
|
||||
|
||||
* Si l'option _password_ n'est pas donnée (ou si la commande _handshake_ n'est
|
||||
pas envoyée par le client), _relay_ utilise automatiquement l'authentification
|
||||
_plain_ (si elle est autorisée côté _relay_).
|
||||
* _Relay_ choisit l'algorithme le plus sûr disponible à la fois côté client et
|
||||
_relay_, par ordre de priorité du premier (plus sûr) au dernier utilisé :
|
||||
. _pbkdf2+sha512_
|
||||
. _pbkdf2+sha256_
|
||||
. _sha512_
|
||||
. _sha256_
|
||||
. _plain_
|
||||
|
||||
[NOTE]
|
||||
Si l'option _password_ n'est pas donnée, WeeChat utilise automatiquement
|
||||
l'authentification _plain_ (si autorisée par _relay_).
|
||||
|
||||
WeeChat répond avec une table de hachage qui contient les clés et valeurs
|
||||
suivantes :
|
||||
|
||||
* _auth_password_ : l'authentification mot de passe négociée : supportée par le
|
||||
client et _relay_ :
|
||||
** (valeur vide) : la négociation a échoué, l'authentification par mot de passe
|
||||
n'est *PAS* possible
|
||||
** _plain_
|
||||
** _sha256_
|
||||
** _sha512_
|
||||
** _pbkdf2+sha256_
|
||||
** _pbkdf2+sha512_
|
||||
* _hash_iterations_ : nombre d'itérations pour le hachage (pour l'algorithme
|
||||
PBKDF2 seulement)
|
||||
* _totp_:
|
||||
** _on_ : le mot de passe à usage unique basé sur le temps (TOTP : Time-based
|
||||
One-Time Password) est configuré et est attendu dans la commande _init_
|
||||
** _off_ : le mot de passe à usage unique basé sur le temps (TOTP : Time-based
|
||||
One-Time Password) n'est pas activé et pas nécessaire dans la commande _init_
|
||||
* _nonce_ : un tampon d'octets non prédictibles, envoyé en hexadécimal, pour
|
||||
empêcher les attaques par rejeu ; si _auth_password_ est un algorithme de
|
||||
hachage, le client doit calculer le mot de passe haché avec ce nonce,
|
||||
concaténé avec un nonce client et le mot de passe utilisateur (le nonce
|
||||
_relay_ + le nonce client constituent le sel utilisé dans l'algorithme de
|
||||
hachage du mot de passe)
|
||||
|
||||
Exemples :
|
||||
|
||||
----
|
||||
# rien d'offert par le client (ou seulement "plain"), l'authentification par mot de passe "plain" sera utilisée si autorisée côté relay
|
||||
handshake
|
||||
handshake password=plain
|
||||
|
||||
# seulement plain, sha256 et pbkdf2+sha256 sont supportés par le client
|
||||
handshake password=plain:sha256:pbkdf2+sha256
|
||||
----
|
||||
|
||||
Exemple de réponse :
|
||||
|
||||
[source,python]
|
||||
----
|
||||
id: 'handshake'
|
||||
htb: {'auth_password': 'pbkdf2+sha256', 'hash_iterations': '100000', 'totp': 'on', 'nonce': '85B1EE00695A5B254E14F4885538DF0D'}
|
||||
----
|
||||
|
||||
Le client peut s'authentifier avec cette commande (voir la <<command_init,commande init>>),
|
||||
le sel est le nonce _relay_ + "ABCD" ("41424344" en hexadécimal) :
|
||||
|
||||
----
|
||||
init password_hash=pbkdf2+sha256:85b1ee00695a5b254e14f4885538df0d41424344:100000:01757d53157ca14a1419e3a8cc1563536520a60b76d2d48e7f9ac09afc945a1c
|
||||
----
|
||||
|
||||
[TIP]
|
||||
Avec WeeChat ≤ 2.8, la commande _handshake_ n'est pas implémentée, WeeChat ignore
|
||||
silencieusement cette commande, même si elle est envoyée avant la commande _init_. +
|
||||
Il est donc sûr d'envoyer cette commande à n'importe quelle version de WeeChat.
|
||||
|
||||
[[command_init]]
|
||||
=== init
|
||||
|
||||
Initialiser la connexion avec _relay_. Il doit s'agir de la première commande
|
||||
envoyée à _relay_. Si elle n'est pas envoyée, _relay_ coupera la connexion à la
|
||||
première commande reçue, sans avertissement.
|
||||
_Mis à jour dans les versions 2.4, 2.8, 2.9._
|
||||
|
||||
S'authentifier avec _relay_.
|
||||
|
||||
Il doit s'agir de la première commande envoyée à _relay_ (seule la commande
|
||||
_handshake_ peut être envoyée avant _init_). +
|
||||
Si elle n'est pas envoyée, _relay_ coupera la connexion à la première commande
|
||||
reçue, sans avertissement.
|
||||
|
||||
Syntaxe :
|
||||
|
||||
@@ -128,7 +243,9 @@ Paramètres :
|
||||
One-Time Password) utilisé comme second facteur d'authentification, en plus
|
||||
du mot de passe (option _relay.network.totp_secret_ dans WeeChat)
|
||||
_(WeeChat ≥ 2.4)_
|
||||
** _compression_ : type de compression :
|
||||
** _compression_ : type de compression (*obsolète* depuis la version 2.9, gardé
|
||||
pour des raisons de compatibilité mais devrait être envoyé dans la
|
||||
<<command_handshake,commande handshake>>) :
|
||||
*** _zlib_ : activer la compression _zlib_ pour les messages envoyés par _relay_
|
||||
(activée par défaut si _relay_ supporte la compression _zlib_)
|
||||
*** _off_ : désactiver la compression
|
||||
@@ -140,13 +257,28 @@ par exemple `init password=foo\,bar` pour envoyer le mot de passe "foo,bar".
|
||||
Le format du mot de passe haché est l'un des suivants, où _hash_ est le mot
|
||||
de passe haché en hexadécimal :
|
||||
|
||||
* `+sha256:hash+`
|
||||
* `+sha512:hash+`
|
||||
* `+pbkdf2:algorithme:sel:itérations:hash+` avec :
|
||||
** _algorithme_ : _sha256_ ou _sha512_
|
||||
** _sel_ : sel (hexadécimal)
|
||||
* `+sha256:sel:hash+` avec :
|
||||
** _sel_ : sel (hexadécimal), qui doit démarrer avec le nonce de _relay_,
|
||||
concaténé au nonce client
|
||||
** _hash_ : le sel et mot de passe haché (hexadécimal)
|
||||
* `+sha512:sel:hash+` avec :
|
||||
** _sel_ : sel (hexadécimal), qui doit démarrer avec le nonce de _relay_,
|
||||
concaténé au nonce client
|
||||
** _hash_ : le set et mot de passe haché (hexadécimal)
|
||||
* `+pbkdf2+sha256:sel:itérations:hash+` avec :
|
||||
** _sel_ : sel (hexadécimal), qui doit démarrer avec le nonce de _relay_,
|
||||
concaténé au nonce client
|
||||
** _iterations_ : nombre d'itérations
|
||||
** _hash_ : le mot de passe haché (hexadécimal)
|
||||
** _hash_ : le sel et mot de passe haché avec l'algorithme SHA256 (hexadécimal)
|
||||
* `+pbkdf2+sha256:sel:itérations:hash+` avec :
|
||||
** _sel_ : sel (hexadécimal), qui doit démarrer avec le nonce de _relay_,
|
||||
concaténé au nonce client
|
||||
** _iterations_ : nombre d'itérations
|
||||
** _hash_ : le sel et mot de passe haché avec l'algorithme SHA512 (hexadécimal)
|
||||
|
||||
[NOTE]
|
||||
Les chaînes en hexadécimal peuvent être en minuscules ou majuscules, _relay_
|
||||
peut décoder les deux.
|
||||
|
||||
Exemples :
|
||||
|
||||
@@ -163,14 +295,14 @@ init password=mypass,totp=123456
|
||||
# initialiser et désactiver la compression
|
||||
init password=mypass,compression=off
|
||||
|
||||
# initialiser avec un mot de passe haché (SHA256) (WeeChat ≥ 2.8)
|
||||
init password_hash=sha256:b9a4c3393dfac4330736684510378851e581c68add8eca84110c31a33e694676
|
||||
# initialiser avec un mot de passe haché (SHA256 : sel="nonce:cnonce") (WeeChat ≥ 2.9)
|
||||
init password_hash=sha256:6e6f6e63653a636e6f6e6365:b9a4c3393dfac4330736684510378851e581c68add8eca84110c31a33e694676
|
||||
|
||||
# initialiser avec un mot de passe haché (SHA512) (WeeChat ≥ 2.8)
|
||||
init password_hash=sha512:4469190d4e0d1fdc0afb6f408d9873c89b8ce89cc4db79fe058255c55ad6821fa5e9bb068f9e578c8ae7cc825d85ff99c439d59e439bc589d95620a1e6b8ae6e
|
||||
# initialiser avec un mot de passe haché (SHA512 : sel="nonce:cnonce") (WeeChat ≥ 2.9)
|
||||
init password_hash=sha512:6e6f6e63653a636e6f6e6365:4469190d4e0d1fdc0afb6f408d9873c89b8ce89cc4db79fe058255c55ad6821fa5e9bb068f9e578c8ae7cc825d85ff99c439d59e439bc589d95620a1e6b8ae6e
|
||||
|
||||
# initialiser avec un mot de passe haché (PBKDF2: SHA256, sel="ABCDEFGHIJKLMNOP", 100000 itérations) (WeeChat ≥ 2.8)
|
||||
init password_hash=pbkdf2:sha256:4142434445464748494a4b4c4d4e4f50:100000:01757d53157ca14a1419e3a8cc1563536520a60b76d2d48e7f9ac09afc945a1c
|
||||
# initialiser avec un mot de passe haché (PBKDF2 : SHA256, sel="nonce:cnonce", 100000 itérations) (WeeChat ≥ 2.9)
|
||||
init password_hash=pbkdf2:sha256:6e6f6e63653a636e6f6e6365:100000:01757d53157ca14a1419e3a8cc1563536520a60b76d2d48e7f9ac09afc945a1c
|
||||
----
|
||||
|
||||
[[command_hdata]]
|
||||
@@ -1415,7 +1547,7 @@ Exemple :
|
||||
|
||||
....
|
||||
┌────┐
|
||||
│ 41 │ ────► 65 (0x41: "A")
|
||||
│ 41 │ ────▶ 65 (0x41: "A")
|
||||
└────┘
|
||||
....
|
||||
|
||||
@@ -1431,11 +1563,11 @@ Exemples :
|
||||
|
||||
....
|
||||
┌────┬────┬────┬────┐
|
||||
│ 00 │ 01 │ E2 │ 40 │ ────► 123456
|
||||
│ 00 │ 01 │ E2 │ 40 │ ────▶ 123456
|
||||
└────┴────┴────┴────┘
|
||||
|
||||
┌────┬────┬────┬────┐
|
||||
│ FF │ FE │ 1D │ C0 │ ────► -123456
|
||||
│ FF │ FE │ 1D │ C0 │ ────▶ -123456
|
||||
└────┴────┴────┴────┘
|
||||
....
|
||||
|
||||
@@ -1451,13 +1583,13 @@ Exemples :
|
||||
|
||||
....
|
||||
┌────╥────┬────┬────┬────┬────┬────┬────┬────┬────┬────┐
|
||||
│ 0A ║ 31 │ 32 │ 33 │ 34 │ 35 │ 36 │ 37 │ 38 │ 39 │ 30 │ ────► 1234567890
|
||||
│ 0A ║ 31 │ 32 │ 33 │ 34 │ 35 │ 36 │ 37 │ 38 │ 39 │ 30 │ ────▶ 1234567890
|
||||
└────╨────┴────┴────┴────┴────┴────┴────┴────┴────┴────┘
|
||||
└──┘ └───────────────────────────────────────────────┘
|
||||
long. '1' '2' '3' '4' '5' '6' '7' '8' '9' '0'
|
||||
|
||||
┌────╥────┬────┬────┬────┬────┬────┬────┬────┬────┬────┬────┐
|
||||
│ 0B ║ 2D │ 31 │ 32 │ 33 │ 34 │ 35 │ 36 │ 37 │ 38 │ 39 │ 30 │ ────► -1234567890
|
||||
│ 0B ║ 2D │ 31 │ 32 │ 33 │ 34 │ 35 │ 36 │ 37 │ 38 │ 39 │ 30 │ ────▶ -1234567890
|
||||
└────╨────┴────┴────┴────┴────┴────┴────┴────┴────┴────┴────┘
|
||||
└──┘ └────────────────────────────────────────────────────┘
|
||||
long. '-' '1' '2' '3' '4' '5' '6' '7' '8' '9' '0'
|
||||
@@ -1473,7 +1605,7 @@ Exemple :
|
||||
|
||||
....
|
||||
┌────┬────┬────┬────╥────┬────┬────┬────┬────┐
|
||||
│ 00 │ 00 │ 00 │ 05 ║ 68 │ 65 │ 6C │ 6C │ 6F │ ────► "hello"
|
||||
│ 00 │ 00 │ 00 │ 05 ║ 68 │ 65 │ 6C │ 6C │ 6F │ ────▶ "hello"
|
||||
└────┴────┴────┴────╨────┴────┴────┴────┴────┘
|
||||
└─────────────────┘ └──────────────────────┘
|
||||
longueur 'h' 'e' 'l' 'l' 'o'
|
||||
@@ -1483,7 +1615,7 @@ Une chaîne vide a une longueur de zéro :
|
||||
|
||||
....
|
||||
┌────┬────┬────┬────┐
|
||||
│ 00 │ 00 │ 00 │ 00 │ ────► ""
|
||||
│ 00 │ 00 │ 00 │ 00 │ ────▶ ""
|
||||
└────┴────┴────┴────┘
|
||||
└─────────────────┘
|
||||
longueur
|
||||
@@ -1493,7 +1625,7 @@ Une chaîne _NULL_ (pointeur NULL en C) a une longueur de -1 :
|
||||
|
||||
....
|
||||
┌────┬────┬────┬────┐
|
||||
│ FF │ FF │ FF │ FF │ ────► NULL
|
||||
│ FF │ FF │ FF │ FF │ ────▶ NULL
|
||||
└────┴────┴────┴────┘
|
||||
└─────────────────┘
|
||||
longueur
|
||||
@@ -1515,7 +1647,7 @@ Exemple :
|
||||
|
||||
....
|
||||
┌────╥────┬────┬────┬────┬────┬────┬────┬────┬────┐
|
||||
│ 09 ║ 31 │ 61 │ 32 │ 62 │ 33 │ 63 │ 34 │ 64 │ 35 │ ────► 0x1a2b3c4d5
|
||||
│ 09 ║ 31 │ 61 │ 32 │ 62 │ 33 │ 63 │ 34 │ 64 │ 35 │ ────▶ 0x1a2b3c4d5
|
||||
└────╨────┴────┴────┴────┴────┴────┴────┴────┴────┘
|
||||
└──┘ └──────────────────────────────────────────┘
|
||||
long. '1' 'a' '2' 'b' '3' 'c' '4' 'd' '5'
|
||||
@@ -1525,7 +1657,7 @@ Un pointeur _NULL_ a une longueur de 1 avec la valeur 0 :
|
||||
|
||||
....
|
||||
┌────╥────┐
|
||||
│ 01 ║ 00 │ ────► NULL (0x0)
|
||||
│ 01 ║ 00 │ ────▶ NULL (0x0)
|
||||
└────╨────┘
|
||||
└──┘ └──┘
|
||||
long. 0
|
||||
@@ -1541,7 +1673,7 @@ Exemple :
|
||||
|
||||
....
|
||||
┌────╥────┬────┬────┬────┬────┬────┬────┬────┬────┬────┐
|
||||
│ 0A ║ 31 │ 33 │ 32 │ 31 │ 39 │ 39 │ 33 │ 34 │ 35 │ 36 │ ────► 1321993456
|
||||
│ 0A ║ 31 │ 33 │ 32 │ 31 │ 39 │ 39 │ 33 │ 34 │ 35 │ 36 │ ────▶ 1321993456
|
||||
└────╨────┴────┴────┴────┴────┴────┴────┴────┴────┴────┘
|
||||
└──┘ └───────────────────────────────────────────────┘
|
||||
long. '1' '3' '2' '1' '9' '9' '3' '4' '5' '6'
|
||||
@@ -1564,7 +1696,7 @@ Exemple :
|
||||
|
||||
....
|
||||
┌─────┬─────┬───╥──────┬─────╥──────┬─────┐
|
||||
│ str │ str │ 2 ║ key1 │ abc ║ key2 │ def │ ────► { 'key1' => 'abc',
|
||||
│ str │ str │ 2 ║ key1 │ abc ║ key2 │ def │ ────▶ { 'key1' => 'abc',
|
||||
└─────┴─────┴───╨──────┴─────╨──────┴─────┘ 'key2' => 'def' }
|
||||
└───┘ └───┘ └─┘ └──────────┘ └──────────┘
|
||||
type type nombre élément 1 élément 2
|
||||
@@ -1796,7 +1928,7 @@ Exemple de tableau avec deux chaînes de caractères :
|
||||
type nombre de chaînes longueur
|
||||
|
||||
──╥────┬────┬────╥────┬────┬────┬────╥────┬────┐
|
||||
... ║ 61 │ 62 │ 63 ║ 00 │ 00 │ 00 │ 02 ║ 64 │ 65 │ ────► [ "abc", "de" ]
|
||||
... ║ 61 │ 62 │ 63 ║ 00 │ 00 │ 00 │ 02 ║ 64 │ 65 │ ────▶ [ "abc", "de" ]
|
||||
──╨────┴────┴────╨────┴────┴────┴────╨────┴────┘
|
||||
└────────────┘ └─────────────────┘ └───────┘
|
||||
'a' 'b' 'c' longueur 'd' 'e'
|
||||
@@ -1812,7 +1944,7 @@ Exemple de tableau avec trois entiers :
|
||||
type nombre d'entiers 123 (0x7B)
|
||||
|
||||
──╥────┬────┬────┬────╥────┬────┬────┬────┐
|
||||
... ║ 00 │ 00 │ 01 │ C8 ║ 00 │ 00 │ 03 │ 15 │ ────► [ 123, 456, 789 ]
|
||||
... ║ 00 │ 00 │ 01 │ C8 ║ 00 │ 00 │ 03 │ 15 │ ────▶ [ 123, 456, 789 ]
|
||||
──╨────┴────┴────┴────╨────┴────┴────┴────┘
|
||||
└─────────────────┘ └─────────────────┘
|
||||
456 (0x1C8) 789 (0x315)
|
||||
@@ -1822,7 +1954,7 @@ Un tableau _NULL_ :
|
||||
|
||||
....
|
||||
┌─────╥────┬────┬────┬────┐
|
||||
│ str ║ 00 │ 00 │ 00 │ 00 │ ────► NULL
|
||||
│ str ║ 00 │ 00 │ 00 │ 00 │ ────▶ NULL
|
||||
└─────╨────┴────┴────┴────┘
|
||||
└───┘ └─────────────────┘
|
||||
type nombre de chaînes
|
||||
@@ -1836,43 +1968,49 @@ Un tableau _NULL_ :
|
||||
│ Client ├ ─ ─ ─ ─ (réseau)─ ─ ─ ─ ┤ Relay ├────────────────┤ WeeChat │
|
||||
└────────┘ └───────┘ └─────────┘
|
||||
║ ║ ║
|
||||
╟───────────────────────────────► ║ ║
|
||||
╟───────────────────────────────▶ ║ ║
|
||||
║ ouverture socket ║ ajout du client ║
|
||||
║ ║ ║
|
||||
╟───────────────────────────────► ║ ║
|
||||
║ cmd: init password=xxx,... ║ init/autoriser client ║
|
||||
╟───────────────────────────────▶ ║ ║
|
||||
║ cmd: handshake password=xxx,... ║ négociation algos ║
|
||||
║ ║ et options ║
|
||||
║ ◀───────────────────────────────╢ ║
|
||||
║ msg: id: "handshake" ... ║ ║
|
||||
║ ║ ║
|
||||
╟───────────────────────────────► ║ ║
|
||||
║ cmd: hdata buffer ... ╟───────────────────────► ║
|
||||
╟───────────────────────────────▶ ║ ║
|
||||
║ cmd: init password=xxx,... ║ authentification ║
|
||||
║ ║ client ║
|
||||
╟───────────────────────────────▶ ║ ║
|
||||
║ cmd: hdata buffer ... ╟───────────────────────▶ ║
|
||||
║ sync ... ║ demande de hdata ║ lecture
|
||||
║ ║ ║ valeurs
|
||||
║ ║ ◄───────────────────────╢ hdata
|
||||
║ ◄───────────────────────────────╢ hdata ║
|
||||
║ ║ ◀───────────────────────╢ hdata
|
||||
║ ◀───────────────────────────────╢ hdata ║
|
||||
créat° ║ msg: hda buffer ║ ║
|
||||
tampons ║ ║ ║
|
||||
║ ........ ║ ........ ║
|
||||
║ ║ ║
|
||||
╟───────────────────────────────► ║ ║
|
||||
║ cmd: input ... ╟───────────────────────► ║
|
||||
╟───────────────────────────────▶ ║ ║
|
||||
║ cmd: input ... ╟───────────────────────▶ ║
|
||||
║ ║ envoi données au tampon ║ envoi données
|
||||
║ ║ ║ au tampon
|
||||
║ ........ ║ ........ ║
|
||||
║ ║ ║ signal
|
||||
║ ║ ◄───────────────────────╢ reçu
|
||||
║ ◄───────────────────────────────╢ signal XXX ║ (accroché
|
||||
║ ║ ◀───────────────────────╢ reçu
|
||||
║ ◀───────────────────────────────╢ signal XXX ║ (accroché
|
||||
MAJ ║ msg: id: "_buffer_..." ║ ║ par relay)
|
||||
tampons ║ ║ ║
|
||||
║ ........ ║ ........ ║
|
||||
║ ║ ║
|
||||
╟───────────────────────────────► ║ ║
|
||||
╟───────────────────────────────▶ ║ ║
|
||||
║ cmd: ping ... ║ ║
|
||||
║ ║ ║
|
||||
║ ◄───────────────────────────────╢ ║
|
||||
║ ◀───────────────────────────────╢ ║
|
||||
mesure ║ msg: id: "_pong" ... ║ ║
|
||||
temps ║ ║ ║
|
||||
réponse ║ ........ ║ ........ ║
|
||||
║ ║ ║
|
||||
╟───────────────────────────────► ║ ║
|
||||
╟───────────────────────────────▶ ║ ║
|
||||
║ cmd: quit ║ déconnexion du client ║
|
||||
║ ║ ║
|
||||
....
|
||||
|
||||
@@ -116,6 +116,12 @@
|
||||
** valori: qualsiasi stringa
|
||||
** valore predefinito: `+""+`
|
||||
|
||||
* [[option_relay.network.auth_password]] *relay.network.auth_password*
|
||||
** descrizione: pass:none[comma separated list of hash algorithms used for password authentication in weechat protocol, among these values: "plain" (password in plain text, not hashed), "sha256", "sha512", "pbkdf2+sha256", "pbkdf2+sha512"), "*" means all algorithms, a name beginning with "!" is a negative value to prevent an algorithm from being used, wildcard "*" is allowed in names (examples: "*", "pbkdf2*", "*,!plain")]
|
||||
** tipo: stringa
|
||||
** valori: qualsiasi stringa
|
||||
** valore predefinito: `+"*"+`
|
||||
|
||||
* [[option_relay.network.auth_timeout]] *relay.network.auth_timeout*
|
||||
** descrizione: pass:none[timeout (in seconds) for client authentication: connection is closed if the client is still not authenticated after this delay and the client status is set to "authentication failed" (0 = wait forever)]
|
||||
** tipo: intero
|
||||
@@ -140,6 +146,12 @@
|
||||
** valori: 0 .. 9
|
||||
** valore predefinito: `+6+`
|
||||
|
||||
* [[option_relay.network.hash_iterations]] *relay.network.hash_iterations*
|
||||
** descrizione: pass:none[number of iterations asked to the client in weechat protocol when a hashed password with algorithm PBKDF2 is used for authentication; more iterations is better in term of security but is slower to compute; this number should not be too high if your CPU is slow]
|
||||
** tipo: intero
|
||||
** valori: 1 .. 1000000
|
||||
** valore predefinito: `+100000+`
|
||||
|
||||
* [[option_relay.network.ipv6]] *relay.network.ipv6*
|
||||
** descrizione: pass:none[listen on IPv6 socket by default (in addition to IPv4 which is default); protocols IPv4 and IPv6 can be forced (individually or together) in the protocol name (see /help relay)]
|
||||
** tipo: bool
|
||||
@@ -152,6 +164,12 @@
|
||||
** valori: 0 .. 2147483647
|
||||
** valore predefinito: `+5+`
|
||||
|
||||
* [[option_relay.network.nonce_size]] *relay.network.nonce_size*
|
||||
** descrizione: pass:none[size of nonce (in bytes), generated when a client connects; the client must use this nonce, concatenated to the client nonce and the password when hashing the password in the "init" command of the weechat protocol]
|
||||
** tipo: intero
|
||||
** valori: 8 .. 128
|
||||
** valore predefinito: `+16+`
|
||||
|
||||
* [[option_relay.network.password]] *relay.network.password*
|
||||
** descrizione: pass:none[password required by clients to access this relay (empty value means no password required, see option relay.network.allow_empty_password) (note: content is evaluated, see /help eval)]
|
||||
** tipo: stringa
|
||||
|
||||
@@ -116,6 +116,12 @@
|
||||
** 値: 未制約文字列
|
||||
** デフォルト値: `+""+`
|
||||
|
||||
* [[option_relay.network.auth_password]] *relay.network.auth_password*
|
||||
** 説明: pass:none[comma separated list of hash algorithms used for password authentication in weechat protocol, among these values: "plain" (password in plain text, not hashed), "sha256", "sha512", "pbkdf2+sha256", "pbkdf2+sha512"), "*" means all algorithms, a name beginning with "!" is a negative value to prevent an algorithm from being used, wildcard "*" is allowed in names (examples: "*", "pbkdf2*", "*,!plain")]
|
||||
** タイプ: 文字列
|
||||
** 値: 未制約文字列
|
||||
** デフォルト値: `+"*"+`
|
||||
|
||||
* [[option_relay.network.auth_timeout]] *relay.network.auth_timeout*
|
||||
** 説明: pass:none[timeout (in seconds) for client authentication: connection is closed if the client is still not authenticated after this delay and the client status is set to "authentication failed" (0 = wait forever)]
|
||||
** タイプ: 整数
|
||||
@@ -140,6 +146,12 @@
|
||||
** 値: 0 .. 9
|
||||
** デフォルト値: `+6+`
|
||||
|
||||
* [[option_relay.network.hash_iterations]] *relay.network.hash_iterations*
|
||||
** 説明: pass:none[number of iterations asked to the client in weechat protocol when a hashed password with algorithm PBKDF2 is used for authentication; more iterations is better in term of security but is slower to compute; this number should not be too high if your CPU is slow]
|
||||
** タイプ: 整数
|
||||
** 値: 1 .. 1000000
|
||||
** デフォルト値: `+100000+`
|
||||
|
||||
* [[option_relay.network.ipv6]] *relay.network.ipv6*
|
||||
** 説明: pass:none[デフォルトで IPv6 ソケットをリッスン (デフォルトの IPv4 に加えて); 特定のプロトコルでプロトコルに IPv4 と IPv6 (個別または両方) を強制 (/help relay を参照してください)]
|
||||
** タイプ: ブール
|
||||
@@ -152,6 +164,12 @@
|
||||
** 値: 0 .. 2147483647
|
||||
** デフォルト値: `+5+`
|
||||
|
||||
* [[option_relay.network.nonce_size]] *relay.network.nonce_size*
|
||||
** 説明: pass:none[size of nonce (in bytes), generated when a client connects; the client must use this nonce, concatenated to the client nonce and the password when hashing the password in the "init" command of the weechat protocol]
|
||||
** タイプ: 整数
|
||||
** 値: 8 .. 128
|
||||
** デフォルト値: `+16+`
|
||||
|
||||
* [[option_relay.network.password]] *relay.network.password*
|
||||
** 説明: pass:none[このリレーを利用するためにクライアントが必要なパスワード (空の場合パスワードなし、オプション relay.network.allow_empty_password を参照してください) (注意: 値は評価されます、/help eval を参照してください)]
|
||||
** タイプ: 文字列
|
||||
|
||||
+43
-43
@@ -327,6 +327,8 @@ WeeChat "core" は以下のディレクトリに配置されています:
|
||||
| weechat-python-api.c | python スクリプト作成 API 関数
|
||||
| relay/ | relay プラグイン (IRC プロキシとリモートインターフェースへの中継)
|
||||
| relay.c | relay の主要関数
|
||||
// TRANSLATION MISSING
|
||||
| relay-auth.c | Clients authentification.
|
||||
| relay-buffer.c | relay バッファ
|
||||
| relay-client.c | relay クライアント
|
||||
| relay-command.c | relay コマンド
|
||||
@@ -387,60 +389,58 @@ WeeChat "core" は以下のディレクトリに配置されています:
|
||||
|
||||
[width="100%",cols="1m,2",options="header"]
|
||||
|===
|
||||
| パス/ファイル名 | 説明
|
||||
| tests/ | テスト用のルートディレクトリ
|
||||
| tests.cpp | 全テストの実行時に使われるプログラム
|
||||
| scripts/ | スクリプト API テスト用のルートディレクトリ
|
||||
| test-scripts.cpp | スクリプト API テストの実行時に使われるプログラム
|
||||
| python/ | スクリプト API テストを生成、実行する Python スクリプト
|
||||
| testapigen.py | スクリプト API のテスト時にすべての言語に関するスクリプトを生成する Python スクリプト
|
||||
| testapi.py | スクリプト API テスト時に使われる Python スクリプト (スクリプト testapigen.py から使われます)
|
||||
| unparse.py | Python コードを別の言語に変換 (スクリプト testapigen.py から使われます)
|
||||
| unit/ | 単体テスト用のルートディレクトリ
|
||||
| test-plugins.cpp | テスト: プラグイン
|
||||
| core/ | core 向け単体テスト用のルートディレクトリ
|
||||
| test-core-arraylist.cpp | テスト: 配列リスト
|
||||
| パス/ファイル名 | 説明
|
||||
| tests/ | テスト用のルートディレクトリ
|
||||
| tests.cpp | 全テストの実行時に使われるプログラム
|
||||
| scripts/ | スクリプト API テスト用のルートディレクトリ
|
||||
| test-scripts.cpp | スクリプト API テストの実行時に使われるプログラム
|
||||
| python/ | スクリプト API テストを生成、実行する Python スクリプト
|
||||
| testapigen.py | スクリプト API のテスト時にすべての言語に関するスクリプトを生成する Python スクリプト
|
||||
| testapi.py | スクリプト API テスト時に使われる Python スクリプト (スクリプト testapigen.py から使われます)
|
||||
| unparse.py | Python コードを別の言語に変換 (スクリプト testapigen.py から使われます)
|
||||
| unit/ | 単体テスト用のルートディレクトリ
|
||||
| test-plugins.cpp | テスト: プラグイン
|
||||
| core/ | core 向け単体テスト用のルートディレクトリ
|
||||
| test-core-arraylist.cpp | テスト: 配列リスト
|
||||
// TRANSLATION MISSING
|
||||
| test-core-calc.cpp | Tests: calculation of expressions.
|
||||
| test-core-calc.cpp | Tests: calculation of expressions.
|
||||
// TRANSLATION MISSING
|
||||
| test-core-crypto.cpp | Tests: cryptographic functions.
|
||||
| test-core-eval.cpp | テスト: 式の評価
|
||||
| test-core-hashtble.cpp | テスト: ハッシュテーブル
|
||||
| test-core-hdata.cpp | テスト: hdata
|
||||
| test-core-hook.cpp | テスト: フック
|
||||
| test-core-infolist.cpp | テスト: インフォリスト
|
||||
| test-core-list.cpp | テスト: リスト
|
||||
| test-core-secure.cpp | テスト: データ保護
|
||||
| test-core-string.cpp | テスト: 文字列
|
||||
| test-core-url.cpp | テスト: URL
|
||||
| test-core-utf8.cpp | テスト: UTF-8
|
||||
| test-core-util.cpp | テスト: ユーティリティ関数
|
||||
| gui/ | インターフェースの単体テストを収める最上位ディレクトリ
|
||||
| test-core-crypto.cpp | Tests: cryptographic functions.
|
||||
| test-core-eval.cpp | テスト: 式の評価
|
||||
| test-core-hashtble.cpp | テスト: ハッシュテーブル
|
||||
| test-core-hdata.cpp | テスト: hdata
|
||||
| test-core-hook.cpp | テスト: フック
|
||||
| test-core-infolist.cpp | テスト: インフォリスト
|
||||
| test-core-list.cpp | テスト: リスト
|
||||
| test-core-secure.cpp | テスト: データ保護
|
||||
| test-core-string.cpp | テスト: 文字列
|
||||
| test-core-url.cpp | テスト: URL
|
||||
| test-core-utf8.cpp | テスト: UTF-8
|
||||
| test-core-util.cpp | テスト: ユーティリティ関数
|
||||
| gui/ | インターフェースの単体テストを収める最上位ディレクトリ
|
||||
// TRANSLATION MISSING
|
||||
| test-gui-color.cpp | Tests: colors.
|
||||
| test-gui-line.cpp | テスト: 行
|
||||
| test-gui-color.cpp | Tests: colors.
|
||||
| test-gui-line.cpp | テスト: 行
|
||||
// TRANSLATION MISSING
|
||||
| test-gui-nick.cpp | テスト: nicks
|
||||
| plugins/ | プラグインの単体テストを収める最上位ディレクトリ
|
||||
| irc/ | IRC プラグインの単体テストを収める最上位ディレクトリ
|
||||
| test-gui-nick.cpp | テスト: nicks
|
||||
| plugins/ | プラグインの単体テストを収める最上位ディレクトリ
|
||||
| irc/ | IRC プラグインの単体テストを収める最上位ディレクトリ
|
||||
// TRANSLATION MISSING
|
||||
| test-irc-color.cpp | Tests: IRC colors.
|
||||
| test-irc-config.cpp | テスト: IRC 設定
|
||||
| test-irc-color.cpp | Tests: IRC colors.
|
||||
| test-irc-config.cpp | テスト: IRC 設定
|
||||
// TRANSLATION MISSING
|
||||
| test-irc-ignore.cpp | Tests: IRC ignores.
|
||||
| test-irc-ignore.cpp | Tests: IRC ignores.
|
||||
// TRANSLATION MISSING
|
||||
| test-irc-message.cpp | Tests: IRC messages.
|
||||
| test-irc-message.cpp | Tests: IRC messages.
|
||||
// TRANSLATION MISSING
|
||||
| test-irc-mode.cpp | Tests: IRC modes.
|
||||
| test-irc-mode.cpp | Tests: IRC modes.
|
||||
// TRANSLATION MISSING
|
||||
| test-irc-nick.cpp | Tests: IRC nicks.
|
||||
| test-irc-protocol.cpp | テスト: IRC プロトコル
|
||||
| test-irc-nick.cpp | Tests: IRC nicks.
|
||||
| test-irc-protocol.cpp | テスト: IRC プロトコル
|
||||
// TRANSLATION MISSING
|
||||
| relay/ | Root of unit tests for Relay plugin.
|
||||
| relay/ | Root of unit tests for Relay plugin.
|
||||
// TRANSLATION MISSING
|
||||
| weechat/ | Root of unit tests for weechat protocol.
|
||||
// TRANSLATION MISSING
|
||||
| test-relay-weechat-protocol.cpp | Tests: weechat protocol.
|
||||
| test-relay-auth.cpp | Tests: clients authentication.
|
||||
|===
|
||||
|
||||
[[documentation_translations]]
|
||||
|
||||
@@ -39,11 +39,11 @@
|
||||
....
|
||||
┌────────────────┐ ワークステーション
|
||||
┌────────┐ ┌───┤ クライアント 1 │ (Linux、Windows、
|
||||
│ irc │◄──┐ ╔═══════════╤════════╗ │ └────────────────┘ BSD、macOS ...)
|
||||
└────────┘ └──╢ │ ║◄───┘ ┌────────────────┐
|
||||
...... ║ WeeChat │ リレー ║◄───────┤ クライアント 2 │ 携帯デバイス
|
||||
┌────────┐ ┌──╢ │ ║◄───┐ └────────────────┘ (Android、iPhone ...)
|
||||
│ jabber │◄──┘ ╚═══════════╧════════╝ │ ......
|
||||
│ irc │◀──┐ ╔═══════════╤════════╗ │ └────────────────┘ BSD、macOS ...)
|
||||
└────────┘ └──╢ │ ║◀───┘ ┌────────────────┐
|
||||
...... ║ WeeChat │ リレー ║◀───────┤ クライアント 2 │ 携帯デバイス
|
||||
┌────────┐ ┌──╢ │ ║◀───┐ └────────────────┘ (Android、iPhone ...)
|
||||
│ jabber │◀──┘ ╚═══════════╧════════╝ │ ......
|
||||
└────────┘ │ ┌────────────────┐
|
||||
...... └───┤ クライアント N │ その他のデバイス
|
||||
└────────────────┘
|
||||
@@ -93,24 +93,134 @@ _リレー_ プラグインは _IRC プロキシ_ のように振舞います (
|
||||
|
||||
[width="80%",cols="^3m,14",options="header"]
|
||||
|===
|
||||
| コマンド | 説明
|
||||
| init | _リレー_ 接続を初期化
|
||||
| hdata | _hdata_ を要求
|
||||
| info | _インフォ_ を要求
|
||||
| infolist | _インフォリスト_ を要求
|
||||
| nicklist | _ニックネームリスト_ を要求
|
||||
| input | バッファにデータを送信 (テキストまたはコマンド)
|
||||
| sync | バッファを同期: バッファの最新情報を取得
|
||||
| desync | バッファを非同期: バッファの更新を止める
|
||||
| quit | _リレー_ から切断
|
||||
| コマンド | 説明
|
||||
// TRANSLATION MISSING
|
||||
| handshake | Handshake: prepare client authentication and set options, before _init_ command.
|
||||
| init | _リレー_ 接続を初期化
|
||||
| hdata | _hdata_ を要求
|
||||
| info | _インフォ_ を要求
|
||||
| infolist | _インフォリスト_ を要求
|
||||
| nicklist | _ニックネームリスト_ を要求
|
||||
| input | バッファにデータを送信 (テキストまたはコマンド)
|
||||
| sync | バッファを同期: バッファの最新情報を取得
|
||||
| desync | バッファを非同期: バッファの更新を止める
|
||||
| quit | _リレー_ から切断
|
||||
|===
|
||||
|
||||
// TRANSLATION MISSING
|
||||
[[command_handshake]]
|
||||
=== handshake
|
||||
|
||||
_WeeChat ≥ 2.9._
|
||||
|
||||
Perform an handshake between the client and WeeChat: this is required in most
|
||||
cases to know the session settings and prepare the authentication with the
|
||||
_init_ command.
|
||||
|
||||
The handshake can be performed multiple times before the _init_ command,
|
||||
although it is rarely needed.
|
||||
|
||||
Syntax:
|
||||
|
||||
----
|
||||
handshake [<option>=<value>,[<option>=<value>,...]]
|
||||
----
|
||||
|
||||
Arguments:
|
||||
|
||||
* _option_: one of following options:
|
||||
** _password_: list of hash algorithms supported by the client (separated by colons),
|
||||
allowed values are:
|
||||
*** _plain_: plain text password (no hash)
|
||||
*** _sha256_: password salted and hashed with SHA256 algorithm
|
||||
*** _sha512_: password salted and hashed with SHA512 algorithm
|
||||
*** _pbkdf2+sha256_: password salted and hashed with PBKDF2 algorithm (using SHA256 hash)
|
||||
*** _pbkdf2+sha512_: password salted and hashed with PBKDF2 algorithm (using SHA512 hash)
|
||||
** _compression_: compression type:
|
||||
*** _zlib_: enable _zlib_ compression for messages sent by _relay_
|
||||
(enabled by default if _relay_ supports _zlib_ compression)
|
||||
*** _off_: disable compression
|
||||
|
||||
Notes about option _password_:
|
||||
|
||||
* If the option is not given (of if the _handshake_ command is not sent by the
|
||||
client), _relay_ uses automatically _plain_ authentication (if allowed on
|
||||
_relay_ side).
|
||||
* _Relay_ chooses the safest algorithm available on both client and _relay_,
|
||||
by order of priority from first (safest) to last used:
|
||||
. _pbkdf2+sha512_
|
||||
. _pbkdf2+sha256_
|
||||
. _sha512_
|
||||
. _sha256_
|
||||
. _plain_
|
||||
|
||||
WeeChat replies with a hashtable containing the following keys and values:
|
||||
|
||||
* _auth_password_: the password authentication negotiated: supported by both
|
||||
the client and _relay_:
|
||||
** (empty value): negotiation failed, password authentication is *NOT* possible
|
||||
** _plain_
|
||||
** _sha256_
|
||||
** _sha512_
|
||||
** _pbkdf2+sha256_
|
||||
** _pbkdf2+sha512_
|
||||
* _hash_iterations_: number of iterations for hash (for the PBKDF2 algorithm only)
|
||||
* _totp_:
|
||||
** _on_: Time-based One-Time Password (TOTP) is configured and expected
|
||||
in the _init_ command
|
||||
** _off_: Time-based One-Time Password (TOTP) is not enabled and not needed
|
||||
in the _init_ command
|
||||
* _nonce_: a buffer of unpredictable bytes, sent as hexadecimal, to prevent
|
||||
replay attacks; if _auth_password_ is a hash algorithm, the client must compute
|
||||
the hash of password on this nonce, concatenated with a client nonce and the
|
||||
user password (the _relay_ nonce + the client nonce is the salt used in the
|
||||
password hash algorithm)
|
||||
|
||||
Examples:
|
||||
|
||||
----
|
||||
# nothing offered by the client (or only "plain"), authentication password "plain" will be used if allowed on relay side
|
||||
handshake
|
||||
handshake password=plain
|
||||
|
||||
# only plain, sha256 and pbkdf2+sha256 are supported by the client
|
||||
handshake password=plain:sha256:pbkdf2+sha256
|
||||
----
|
||||
|
||||
Example of response:
|
||||
|
||||
[source,python]
|
||||
----
|
||||
id: 'handshake'
|
||||
htb: {'auth_password': 'pbkdf2+sha256', 'hash_iterations': '100000', 'totp': 'on', 'nonce': '85B1EE00695A5B254E14F4885538DF0D'}
|
||||
----
|
||||
|
||||
The client can authenticate with this command (see <<command_init,init command>>),
|
||||
the salt is the _relay_ nonce + "ABCD" ("41424344" in hexadecimal):
|
||||
|
||||
----
|
||||
init password_hash=pbkdf2+sha256:85b1ee00695a5b254e14f4885538df0d41424344:100000:01757d53157ca14a1419e3a8cc1563536520a60b76d2d48e7f9ac09afc945a1c
|
||||
----
|
||||
|
||||
[TIP]
|
||||
With WeeChat ≤ 2.8, the command _handshake_ is not implemented, WeeChat silently
|
||||
ignores this command, even if it is sent before the _init_ command. +
|
||||
So it is safe to send this command to any WeeChat version.
|
||||
|
||||
[[command_init]]
|
||||
=== init
|
||||
|
||||
_リレー_ 接続を初期化。_リレー_ に送るコマンドは必ずこのコマンドから始めてください。_リレー_
|
||||
がこのコマンドを受信していない場合、_リレー_
|
||||
は最初のコマンドを受け取った時点で警告無しに接続を閉じます。
|
||||
// TRANSLATION MISSING
|
||||
_Updated in versions 2.4, 2.8, 2.9._
|
||||
|
||||
// TRANSLATION MISSING
|
||||
Authenticate with _relay_.
|
||||
|
||||
// TRANSLATION MISSING
|
||||
This must be first command sent to _relay_ (only _handshake_ command can be sent
|
||||
before _init_). +
|
||||
If not sent, _relay_ will close connection on first command received (except
|
||||
_handshake_), without warning.
|
||||
|
||||
構文:
|
||||
|
||||
@@ -130,7 +240,10 @@ init [<option>=<value>,[<option>=<value>,...]]
|
||||
** _totp_: パスワードに加えた二要素認証で利用する時間ベースのワンタイムパスワード (TOTP)
|
||||
(WeeChat の _relay.network.totp_secret_ オプション)
|
||||
_(WeeChat バージョン 2.4 で利用可能)_
|
||||
** _compression_: 圧縮タイプ:
|
||||
// TRANSLATION MISSING
|
||||
** _compression_: 圧縮タイプ (*deprecated* since version 2.9, it is kept
|
||||
for compatibility reasons but should be sent in the
|
||||
<<command_handshake,handshake command>>):
|
||||
*** _zlib_: _リレー_ から受信するメッセージに対して _zlib_ 圧縮を使う
|
||||
(_リレー_ が _zlib_ 圧縮をサポートしている場合、デフォルトで有効化されます)
|
||||
*** _off_: 圧縮を使わない
|
||||
@@ -143,13 +256,27 @@ WeeChat バージョン 1.6 以上の場合、コンマをエスケープする
|
||||
Format of hashed password is one of the following, where _hash_ is the hashed
|
||||
password as hexadecimal:
|
||||
|
||||
* `+sha256:hash+`
|
||||
* `+sha512:hash+`
|
||||
* `+pbkdf2:algorithm:salt:iterations:hash+` with:
|
||||
** _algorithm_: _sha256_ or _sha512_
|
||||
** _salt_: salt (hexadecimal)
|
||||
* `+sha256:salt:hash+` with:
|
||||
** _salt_: salt (hexadecimal), which must start with the server nonce,
|
||||
concatenated to the client nonce
|
||||
** _hash_: the hashed salt + password (hexadecimal)
|
||||
* `+sha512:salt:hash+` with:
|
||||
** _salt_: salt (hexadecimal), which must start with the server nonce,
|
||||
concatenated to the client nonce
|
||||
** _hash_: the hashed salt + password (hexadecimal)
|
||||
* `+pbkdf2+sha256:salt:iterations:hash+` with:
|
||||
** _salt_: salt (hexadecimal), which must start with the server nonce,
|
||||
concatenated to the client nonce
|
||||
** _iterations_: number of iterations
|
||||
** _hash_: the hashed password (hexadecimal)
|
||||
** _hash_: the hashed salt + password with SHA256 algorithm (hexadecimal)
|
||||
* `+pbkdf2+sha512:salt:iterations:hash+` with:
|
||||
** _salt_: salt (hexadecimal), which must start with the server nonce,
|
||||
concatenated to the client nonce
|
||||
** _iterations_: number of iterations
|
||||
** _hash_: the hashed salt + password with SHA512 algorithm (hexadecimal)
|
||||
|
||||
[NOTE]
|
||||
Hexadecimal strings can be lower or upper case, _relay_ can decode both.
|
||||
|
||||
// TRANSLATION MISSING
|
||||
例:
|
||||
@@ -167,14 +294,14 @@ init password=mypass,totp=123456
|
||||
# 圧縮を使わない例
|
||||
init password=mypass,compression=off
|
||||
|
||||
# initialize with hashed password (SHA256) (WeeChat バージョン 2.8 以上の場合)
|
||||
init password_hash=sha256:b9a4c3393dfac4330736684510378851e581c68add8eca84110c31a33e694676
|
||||
# initialize with hashed password (SHA256: salt="nonce:cnonce") (WeeChat バージョン 2.9 以上の場合)
|
||||
init password_hash=sha256:6e6f6e63653a636e6f6e6365:b9a4c3393dfac4330736684510378851e581c68add8eca84110c31a33e694676
|
||||
|
||||
# initialize with hashed password (SHA512) (WeeChat バージョン 2.8 以上の場合)
|
||||
init password_hash=sha512:4469190d4e0d1fdc0afb6f408d9873c89b8ce89cc4db79fe058255c55ad6821fa5e9bb068f9e578c8ae7cc825d85ff99c439d59e439bc589d95620a1e6b8ae6e
|
||||
# initialize with hashed password (SHA512: salt="nonce:cnonce") (WeeChat バージョン 2.9 以上の場合)
|
||||
init password_hash=sha512:6e6f6e63653a636e6f6e6365:4469190d4e0d1fdc0afb6f408d9873c89b8ce89cc4db79fe058255c55ad6821fa5e9bb068f9e578c8ae7cc825d85ff99c439d59e439bc589d95620a1e6b8ae6e
|
||||
|
||||
# initialize with hashed password (PBKDF2: SHA256, salt="ABCDEFGHIJKLMNOP", 100000 iterations) (WeeChat バージョン 2.8 以上の場合)
|
||||
init password_hash=pbkdf2:sha256:4142434445464748494a4b4c4d4e4f50:100000:01757d53157ca14a1419e3a8cc1563536520a60b76d2d48e7f9ac09afc945a1c
|
||||
# initialize with hashed password (PBKDF2: SHA256, salt="nonce:cnonce", 100000 iterations) (WeeChat バージョン 2.9 以上の場合)
|
||||
init password_hash=pbkdf2+sha256:6e6f6e63653a636e6f6e6365:100000:01757d53157ca14a1419e3a8cc1563536520a60b76d2d48e7f9ac09afc945a1c
|
||||
----
|
||||
|
||||
[[command_hdata]]
|
||||
@@ -1397,7 +1524,7 @@ _WeeChat バージョン 0.3.8 以上で利用可。_
|
||||
|
||||
....
|
||||
┌────┐
|
||||
│ 41 │ ────► 65 (0x41: "A")
|
||||
│ 41 │ ────▶ 65 (0x41: "A")
|
||||
└────┘
|
||||
....
|
||||
|
||||
@@ -1413,11 +1540,11 @@ _WeeChat バージョン 0.3.8 以上で利用可。_
|
||||
|
||||
....
|
||||
┌────┬────┬────┬────┐
|
||||
│ 00 │ 01 │ E2 │ 40 │ ────► 123456
|
||||
│ 00 │ 01 │ E2 │ 40 │ ────▶ 123456
|
||||
└────┴────┴────┴────┘
|
||||
|
||||
┌────┬────┬────┬────┐
|
||||
│ FF │ FE │ 1D │ C0 │ ────► -123456
|
||||
│ FF │ FE │ 1D │ C0 │ ────▶ -123456
|
||||
└────┴────┴────┴────┘
|
||||
....
|
||||
|
||||
@@ -1432,13 +1559,13 @@ _WeeChat バージョン 0.3.8 以上で利用可。_
|
||||
|
||||
....
|
||||
┌────╥────┬────┬────┬────┬────┬────┬────┬────┬────┬────┐
|
||||
│ 0A ║ 31 │ 32 │ 33 │ 34 │ 35 │ 36 │ 37 │ 38 │ 39 │ 30 │ ────► 1234567890
|
||||
│ 0A ║ 31 │ 32 │ 33 │ 34 │ 35 │ 36 │ 37 │ 38 │ 39 │ 30 │ ────▶ 1234567890
|
||||
└────╨────┴────┴────┴────┴────┴────┴────┴────┴────┴────┘
|
||||
└──┘ └───────────────────────────────────────────────┘
|
||||
length '1' '2' '3' '4' '5' '6' '7' '8' '9' '0'
|
||||
|
||||
┌────╥────┬────┬────┬────┬────┬────┬────┬────┬────┬────┬────┐
|
||||
│ 0B ║ 2D │ 31 │ 32 │ 33 │ 34 │ 35 │ 36 │ 37 │ 38 │ 39 │ 30 │ ────► -1234567890
|
||||
│ 0B ║ 2D │ 31 │ 32 │ 33 │ 34 │ 35 │ 36 │ 37 │ 38 │ 39 │ 30 │ ────▶ -1234567890
|
||||
└────╨────┴────┴────┴────┴────┴────┴────┴────┴────┴────┴────┘
|
||||
└──┘ └────────────────────────────────────────────────────┘
|
||||
length '-' '1' '2' '3' '4' '5' '6' '7' '8' '9' '0'
|
||||
@@ -1453,7 +1580,7 @@ length '-' '1' '2' '3' '4' '5' '6' '7' '8' '9' '0'
|
||||
|
||||
....
|
||||
┌────┬────┬────┬────╥────┬────┬────┬────┬────┐
|
||||
│ 00 │ 00 │ 00 │ 05 ║ 68 │ 65 │ 6C │ 6C │ 6F │ ────► "hello"
|
||||
│ 00 │ 00 │ 00 │ 05 ║ 68 │ 65 │ 6C │ 6C │ 6F │ ────▶ "hello"
|
||||
└────┴────┴────┴────╨────┴────┴────┴────┴────┘
|
||||
└─────────────────┘ └──────────────────────┘
|
||||
length 'h' 'e' 'l' 'l' 'o'
|
||||
@@ -1463,7 +1590,7 @@ length '-' '1' '2' '3' '4' '5' '6' '7' '8' '9' '0'
|
||||
|
||||
....
|
||||
┌────┬────┬────┬────┐
|
||||
│ 00 │ 00 │ 00 │ 00 │ ────► ""
|
||||
│ 00 │ 00 │ 00 │ 00 │ ────▶ ""
|
||||
└────┴────┴────┴────┘
|
||||
└─────────────────┘
|
||||
length
|
||||
@@ -1473,7 +1600,7 @@ _NULL_ 文字列 (C 言語の NULL ポインタ) を表現するにはの長さ
|
||||
|
||||
....
|
||||
┌────┬────┬────┬────┐
|
||||
│ FF │ FF │ FF │ FF │ ────► NULL
|
||||
│ FF │ FF │ FF │ FF │ ────▶ NULL
|
||||
└────┴────┴────┴────┘
|
||||
└─────────────────┘
|
||||
length
|
||||
@@ -1493,7 +1620,7 @@ _NULL_ 文字列 (C 言語の NULL ポインタ) を表現するにはの長さ
|
||||
|
||||
....
|
||||
┌────╥────┬────┬────┬────┬────┬────┬────┬────┬────┐
|
||||
│ 09 ║ 31 │ 61 │ 32 │ 62 │ 33 │ 63 │ 34 │ 64 │ 35 │ ────► 0x1a2b3c4d5
|
||||
│ 09 ║ 31 │ 61 │ 32 │ 62 │ 33 │ 63 │ 34 │ 64 │ 35 │ ────▶ 0x1a2b3c4d5
|
||||
└────╨────┴────┴────┴────┴────┴────┴────┴────┴────┘
|
||||
└──┘ └──────────────────────────────────────────┘
|
||||
length '1' 'a' '2' 'b' '3' 'c' '4' 'd' '5'
|
||||
@@ -1503,7 +1630,7 @@ _NULL_ ポインタを表現するには長さを 1 で値を 0 にしてくだ
|
||||
|
||||
....
|
||||
┌────╥────┐
|
||||
│ 01 ║ 00 │ ────► NULL (0x0)
|
||||
│ 01 ║ 00 │ ────▶ NULL (0x0)
|
||||
└────╨────┘
|
||||
└──┘ └──┘
|
||||
length 0
|
||||
@@ -1518,7 +1645,7 @@ length 0
|
||||
|
||||
....
|
||||
┌────╥────┬────┬────┬────┬────┬────┬────┬────┬────┬────┐
|
||||
│ 0A ║ 31 │ 33 │ 32 │ 31 │ 39 │ 39 │ 33 │ 34 │ 35 │ 36 │ ────► 1321993456
|
||||
│ 0A ║ 31 │ 33 │ 32 │ 31 │ 39 │ 39 │ 33 │ 34 │ 35 │ 36 │ ────▶ 1321993456
|
||||
└────╨────┴────┴────┴────┴────┴────┴────┴────┴────┴────┘
|
||||
└──┘ └───────────────────────────────────────────────┘
|
||||
length '1' '3' '2' '1' '9' '9' '3' '4' '5' '6'
|
||||
@@ -1540,7 +1667,7 @@ length '1' '3' '2' '1' '9' '9' '3' '4' '5' '6'
|
||||
|
||||
....
|
||||
┌─────┬─────┬───╥──────┬─────╥──────┬─────┐
|
||||
│ str │ str │ 2 ║ key1 │ abc ║ key2 │ def │ ────► { 'key1' => 'abc',
|
||||
│ str │ str │ 2 ║ key1 │ abc ║ key2 │ def │ ────▶ { 'key1' => 'abc',
|
||||
└─────┴─────┴───╨──────┴─────╨──────┴─────┘ 'key2' => 'def' }
|
||||
└───┘ └───┘ └─┘ └──────────┘ └──────────┘
|
||||
type type count item 1 item 2
|
||||
@@ -1767,7 +1894,7 @@ infolist buffer
|
||||
type number of strings length
|
||||
|
||||
──╥────┬────┬────╥────┬────┬────┬────╥────┬────┐
|
||||
... ║ 61 │ 62 │ 63 ║ 00 │ 00 │ 00 │ 02 ║ 64 │ 65 │ ────► [ "abc", "de" ]
|
||||
... ║ 61 │ 62 │ 63 ║ 00 │ 00 │ 00 │ 02 ║ 64 │ 65 │ ────▶ [ "abc", "de" ]
|
||||
──╨────┴────┴────╨────┴────┴────┴────╨────┴────┘
|
||||
└────────────┘ └─────────────────┘ └───────┘
|
||||
'a' 'b' 'c' length 'd' 'e'
|
||||
@@ -1783,7 +1910,7 @@ infolist buffer
|
||||
type number of integers 123 (0x7B)
|
||||
|
||||
──╥────┬────┬────┬────╥────┬────┬────┬────┐
|
||||
... ║ 00 │ 00 │ 01 │ C8 ║ 00 │ 00 │ 03 │ 15 │ ────► [ 123, 456, 789 ]
|
||||
... ║ 00 │ 00 │ 01 │ C8 ║ 00 │ 00 │ 03 │ 15 │ ────▶ [ 123, 456, 789 ]
|
||||
──╨────┴────┴────┴────╨────┴────┴────┴────┘
|
||||
└─────────────────┘ └─────────────────┘
|
||||
456 (0x1C8) 789 (0x315)
|
||||
@@ -1793,7 +1920,7 @@ _NULL_ 配列:
|
||||
|
||||
....
|
||||
┌─────╥────┬────┬────┬────┐
|
||||
│ str ║ 00 │ 00 │ 00 │ 00 │ ────► NULL
|
||||
│ str ║ 00 │ 00 │ 00 │ 00 │ ────▶ NULL
|
||||
└─────╨────┴────┴────┴────┘
|
||||
└───┘ └─────────────────┘
|
||||
type number of strings
|
||||
@@ -1802,48 +1929,55 @@ _NULL_ 配列:
|
||||
[[typical_session]]
|
||||
== 典型的なセッション
|
||||
|
||||
// TRANSLATION MISSING
|
||||
....
|
||||
┌──────────────┐ ┌────────┐ ┌─────────┐
|
||||
│ クライアント ├ ─(ネットワーク)─ ┤ リレー ├──────────────────┤ WeeChat │
|
||||
└──────────────┘ └────────┘ └─────────┘
|
||||
║ ║ ║
|
||||
╟───────────────────────────────► ║ ║
|
||||
╟───────────────────────────────▶ ║ ║
|
||||
║ ソケットをオープン ║ クライアントを追加 ║
|
||||
║ ║ ║
|
||||
╟───────────────────────────────► ║ ║
|
||||
╟───────────────────────────────▶ ║ ║
|
||||
║ cmd: handshake password=xxx,... ║ negotiate algos ║
|
||||
║ ║ and options ║
|
||||
║ ◀───────────────────────────────╢ ║
|
||||
║ msg: id: "handshake" ... ║ ║
|
||||
║ ║ ║
|
||||
╟───────────────────────────────▶ ║ ║
|
||||
║ cmd: init password=xxx,... ║ クライアントを初期化/許可 ║
|
||||
║ ║ ║
|
||||
╟───────────────────────────────► ║ ║
|
||||
║ cmd: hdata buffer ... ╟─────────────────────────► ║
|
||||
╟───────────────────────────────▶ ║ ║
|
||||
║ cmd: hdata buffer ... ╟─────────────────────────▶ ║
|
||||
║ sync ... ║ hdata の要求 ║ hdata
|
||||
║ ║ ║ の値を読み出し
|
||||
║ ║ ◄─────────────────────────╢
|
||||
║ ◄───────────────────────────────╢ hdata ║
|
||||
║ ║ ◀─────────────────────────╢
|
||||
║ ◀───────────────────────────────╢ hdata ║
|
||||
バッファ ║ msg: hda buffer ║ ║
|
||||
を作成 ║ ║ ║
|
||||
║ ........ ║ ........ ║
|
||||
║ ║ ║
|
||||
╟───────────────────────────────► ║ ║
|
||||
║ cmd: input ... ╟─────────────────────────► ║
|
||||
╟───────────────────────────────▶ ║ ║
|
||||
║ cmd: input ... ╟─────────────────────────▶ ║
|
||||
║ ║ バッファにデータを送信 ║ バッファに
|
||||
║ ║ ║ データを送信
|
||||
║ ........ ║ ........ ║
|
||||
║ ║ ║ シグナル
|
||||
║ ║ ◄─────────────────────────╢ の受信
|
||||
║ ◄───────────────────────────────╢ シグナル XXX ║ (リレー
|
||||
║ ║ ◀─────────────────────────╢ の受信
|
||||
║ ◀───────────────────────────────╢ シグナル XXX ║ (リレー
|
||||
バッファ ║ msg: id: "_buffer_..." ║ ║ がフック)
|
||||
を更新 ║ ║ ║
|
||||
║ ........ ║ ........ ║
|
||||
║ ║ ║
|
||||
╟───────────────────────────────► ║ ║
|
||||
╟───────────────────────────────▶ ║ ║
|
||||
║ cmd: ping ... ║ ║
|
||||
║ ║ ║
|
||||
║ ◄───────────────────────────────╢ ║
|
||||
║ ◀───────────────────────────────╢ ║
|
||||
応答 ║ msg: id: "_pong" ... ║ ║
|
||||
時間 ║ ║ ║
|
||||
を計測 ║ ........ ║ ........ ║
|
||||
║ ║ ║
|
||||
╟───────────────────────────────► ║ ║
|
||||
╟───────────────────────────────▶ ║ ║
|
||||
║ cmd: quit ║ クライアントを切断 ║
|
||||
║ ║ ║
|
||||
....
|
||||
|
||||
@@ -116,6 +116,12 @@
|
||||
** wartości: dowolny ciąg
|
||||
** domyślna wartość: `+""+`
|
||||
|
||||
* [[option_relay.network.auth_password]] *relay.network.auth_password*
|
||||
** opis: pass:none[comma separated list of hash algorithms used for password authentication in weechat protocol, among these values: "plain" (password in plain text, not hashed), "sha256", "sha512", "pbkdf2+sha256", "pbkdf2+sha512"), "*" means all algorithms, a name beginning with "!" is a negative value to prevent an algorithm from being used, wildcard "*" is allowed in names (examples: "*", "pbkdf2*", "*,!plain")]
|
||||
** typ: ciąg
|
||||
** wartości: dowolny ciąg
|
||||
** domyślna wartość: `+"*"+`
|
||||
|
||||
* [[option_relay.network.auth_timeout]] *relay.network.auth_timeout*
|
||||
** opis: pass:none[timeout (in seconds) for client authentication: connection is closed if the client is still not authenticated after this delay and the client status is set to "authentication failed" (0 = wait forever)]
|
||||
** typ: liczba
|
||||
@@ -140,6 +146,12 @@
|
||||
** wartości: 0 .. 9
|
||||
** domyślna wartość: `+6+`
|
||||
|
||||
* [[option_relay.network.hash_iterations]] *relay.network.hash_iterations*
|
||||
** opis: pass:none[number of iterations asked to the client in weechat protocol when a hashed password with algorithm PBKDF2 is used for authentication; more iterations is better in term of security but is slower to compute; this number should not be too high if your CPU is slow]
|
||||
** typ: liczba
|
||||
** wartości: 1 .. 1000000
|
||||
** domyślna wartość: `+100000+`
|
||||
|
||||
* [[option_relay.network.ipv6]] *relay.network.ipv6*
|
||||
** opis: pass:none[nasłuchuj domyślnie na gnieździe IPv6 (w dodatku do domyślnego IPv4); protokoły IPv4 i IPv6 mogą być wymuszane (pojedynczo lub razem) w nazwie protokołu (zobacz /help relay)]
|
||||
** typ: bool
|
||||
@@ -152,6 +164,12 @@
|
||||
** wartości: 0 .. 2147483647
|
||||
** domyślna wartość: `+5+`
|
||||
|
||||
* [[option_relay.network.nonce_size]] *relay.network.nonce_size*
|
||||
** opis: pass:none[size of nonce (in bytes), generated when a client connects; the client must use this nonce, concatenated to the client nonce and the password when hashing the password in the "init" command of the weechat protocol]
|
||||
** typ: liczba
|
||||
** wartości: 8 .. 128
|
||||
** domyślna wartość: `+16+`
|
||||
|
||||
* [[option_relay.network.password]] *relay.network.password*
|
||||
** opis: pass:none[hasło wymagane od klientów do połączenia z tym pośrednikiem (pusta wartość oznacza brak hasła, zobacz opcję relay.network.allow_empty_password) (uwaga: zawartość jest przetwarzana, zobacz /help eval)]
|
||||
** typ: ciąg
|
||||
|
||||
Reference in New Issue
Block a user