diff options
author | Sébastien Helleu <flashcode@flashtux.org> | 2020-04-14 21:34:46 +0200 |
---|---|---|
committer | Sébastien Helleu <flashcode@flashtux.org> | 2020-04-14 21:38:12 +0200 |
commit | 9fa3609c85e4b6608d366bed4e47ab9553cd5bc9 (patch) | |
tree | 9e5a3db61942617a2be5a0300d95703a94a47d76 /src/plugins/relay/relay-auth.h | |
parent | ccd45e4921ff5614f65dad6d742a58225fde92a6 (diff) | |
download | weechat-9fa3609c85e4b6608d366bed4e47ab9553cd5bc9.zip |
relay: add command "handshake" in weechat relay protocol and nonce to prevent replay attacks (closes #1474)
This introduces a new command called "handshake" in the weechat relay protocol.
It should be sent by the client before the "init" command, to negotiate the way
to authenticate with a password.
3 new options are added:
* relay.network.auth_password
* relay.network.hash_iterations
* relay.network.nonce_size
Diffstat (limited to 'src/plugins/relay/relay-auth.h')
-rw-r--r-- | src/plugins/relay/relay-auth.h | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/src/plugins/relay/relay-auth.h b/src/plugins/relay/relay-auth.h new file mode 100644 index 000000000..1b5cc597e --- /dev/null +++ b/src/plugins/relay/relay-auth.h @@ -0,0 +1,73 @@ +/* + * Copyright (C) 2003-2020 Sébastien Helleu <flashcode@flashtux.org> + * + * This file is part of WeeChat, the extensible chat client. + * + * WeeChat is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * WeeChat is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with WeeChat. If not, see <https://www.gnu.org/licenses/>. + */ + +#ifndef WEECHAT_PLUGIN_RELAY_AUTH_H +#define WEECHAT_PLUGIN_RELAY_AUTH_H + +struct t_relay_client; + +enum t_relay_auth_password +{ + RELAY_AUTH_PASSWORD_PLAIN = 0, + RELAY_AUTH_PASSWORD_SHA256, + RELAY_AUTH_PASSWORD_SHA512, + RELAY_AUTH_PASSWORD_PBKDF2_SHA256, + RELAY_AUTH_PASSWORD_PBKDF2_SHA512, + /* number of password auths */ + RELAY_NUM_PASSWORD_AUTHS, +}; + +extern char *relay_auth_password_name[]; + +extern int relay_auth_password_search (const char *name); +extern char *relay_auth_generate_nonce (); +extern int relay_auth_check_password_plain (const char *password, + const char *relay_password); +extern int relay_auth_password (struct t_relay_client *client, + const char *password, + const char *relay_password); +extern void relay_auth_parse_sha (const char *parameters, + char **salt_hexa, + char **salt, + int *salt_size, + char **hash); +extern void relay_auth_parse_pbkdf2 (const char *parameters, + char **salt_hexa, + char **salt, + int *salt_size, + int *iterations, + char **hash); +extern int relay_auth_check_salt (struct t_relay_client *client, + const char *salt_hexa); +extern int relay_auth_check_hash_sha (const char *hash_algo, + const char *salt, + int salt_size, + const char *hash_sha, + const char *relay_password); +extern int relay_auth_check_hash_pbkdf2 (const char *hash_pbkdf2_algo, + const char *salt, + int salt_size, + int iterations, + const char *hash_pbkdf2, + const char *relay_password); +extern int relay_auth_password_hash (struct t_relay_client *client, + const char *hashed_password, + const char *relay_password); + +#endif /* WEECHAT_PLUGIN_RELAY_AUTH_H */ |