[Pkg-privacy-commits] [irssi-plugin-otr] 10/267: two-way SMP authentication. Needed to give libotr a leg up for that.
Ximin Luo
infinity0 at moszumanska.debian.org
Sat Aug 22 12:26:12 UTC 2015
This is an automated email from the git hooks/post-receive script.
infinity0 pushed a commit to branch debian
in repository irssi-plugin-otr.
commit 8bb9a9094f97845cb0fa8273911882f97448f930
Author: Uli Meis <a.sporto+bee at gmail.com>
Date: Thu Jun 5 16:14:51 2008 +0200
two-way SMP authentication. Needed to give libotr a leg up for that.
---
formats.txt | 9 +--
otr.c | 8 ++-
otr.h | 3 +-
otrutil.c | 179 +++++++++++++++++++++++++++++++++++-------------------------
4 files changed, 118 insertions(+), 81 deletions(-)
diff --git a/formats.txt b/formats.txt
index 785d7de..fa7121d 100644
--- a/formats.txt
+++ b/formats.txt
@@ -58,21 +58,22 @@ auth_peer %s wants to authenticate. Type /otr auth <your-shared-secret> to compl
auth_peer_reply_wrong %s replied to an auth we didn't start.
auth_peer_replied %s replied to our auth request...
auth_peer_wrong_smp3 %s sent a wrong authentication message (SMP3).
+auth_peer_wrong_smp4 %s sent a wrong authentication message (SMP4).
auth_successful Authentication successful!
auth_failed Authentication failed!
Commands
cmd_otr We're alive
cmd_trust failed: Can't get query details
-cmd_auth Please agree on a secret and then run /otr auth <secret>
+cmd_auth Please agree on a secret with your peer and then initiate the authentication with /otr auth <secret> or let him initiate. Should you initiate your peer will after a little while be instructed to enter the secret as well. Once he has done so the authentication will finish up. Should you have both typed in the same secret the authentication should be successful.
cmd_debug_on Debug mode is on
cmd_debug_off Debug mode is off
Nickignore
nickignore xmlconsole
Statusbar
st_plaintext {sb plaintext}
-st_untrusted {sb {hilight encrypted}(untrusted)}
-st_trust_smp {sb {hilight authenticated}(smp)}
-st_trust_manual {sb {hilight authenticated}(manual)}
+st_untrusted {sb %rOTR(not auth'ed)%n}
+st_trust_smp {sb %gOTR%n}
+st_trust_manual {sb %gOTR%n}
st_smp_wait_2 {sb {hilight awaiting auth reply...}}
st_smp_have_2 {sb {hilight finalizing auth... (won't happen with libotr 3.1(bug), ask the other guy to initiate)}}
st_smp_failed {sb {hilight auth failed}}
diff --git a/otr.c b/otr.c
index ccf6e79..0667138 100644
--- a/otr.c
+++ b/otr.c
@@ -76,8 +76,10 @@ static void cmd_otr(const char *data,void *server,WI_ITEM_REC *item)
static void cmd_trust(const char *data, void *server, WI_ITEM_REC *item)
{
QUERY_REC *query = QUERY(item);
- if (query&&query->server&&query->server->connrec)
+ if (query&&query->server&&query->server->connrec) {
otr_trust(query->server,query->name);
+ statusbar_items_redraw("otr");
+ }
else
otr_notice(item->server,query ? query->name : NULL,
TXT_CMD_TRUST);
@@ -122,8 +124,10 @@ static void cmd_authabort(const char *data, void *server, WI_ITEM_REC *item)
WI_ITEM_REC *wi = active_win->active;
QUERY_REC *query = QUERY(wi);
- if (query&&query->server&&query->server->connrec)
+ if (query&&query->server&&query->server->connrec) {
otr_authabort(query->server,query->name);
+ statusbar_items_redraw("otr");
+ }
}
/*
diff --git a/otr.h b/otr.h
index e7c6ece..c166c0d 100644
--- a/otr.h
+++ b/otr.h
@@ -74,8 +74,7 @@ struct co_info {
messages */
SERVER_REC *server; /* irssi server object for this peer */
int received_smp_init; /* received SMP init msg */
- int received_smp_reply; /* received SMP reply msg */
- int smp_failed; /* SMP failed */
+ int smp_failed; /* last SMP failed */
char better_msg_two[256]; /* what the second line of the "better"
default query msg should like. Eat it
up when it comes in */
diff --git a/otrutil.c b/otrutil.c
index 643499e..8f08d93 100644
--- a/otrutil.c
+++ b/otrutil.c
@@ -206,16 +206,9 @@ int otr_getstatus(char *mynick, char *nick, char *server)
case OTRL_SMP_EXPECT1:
return TXT_ST_UNTRUSTED;
case OTRL_SMP_EXPECT2:
- if (!coi->received_smp_reply)
- return TXT_ST_SMP_WAIT_2;
- else
- return TXT_ST_SMP_HAVE_2;
+ return TXT_ST_SMP_WAIT_2;
case OTRL_SMP_EXPECT3:
- /* unfortunately, this also covers the case
- * where authentication failed */
- return coi->smp_failed ?
- TXT_ST_SMP_FAILED : TXT_ST_SMP_FINALIZE;
- case OTRL_SMP_EXPECT4: /* unreachable with libotr 3.1 */
+ case OTRL_SMP_EXPECT4:
return TXT_ST_SMP_FINALIZE;
default:
return TXT_ST_SMP_UNKNOWN;
@@ -235,6 +228,7 @@ void otr_trust(SERVER_REC *server, char *nick)
{
ConnContext *co;
char accname[128];
+ struct co_info *coi;
sprintf(accname, "%s@%s", server->nick, server->connrec->address);
@@ -246,6 +240,9 @@ void otr_trust(SERVER_REC *server, char *nick)
otrl_context_set_trust(co->active_fingerprint,"manual");
+ coi = co->app_data;
+ coi->smp_failed = FALSE;
+
otr_notice(server,nick,TXT_FP_TRUST,accname);
}
@@ -258,16 +255,14 @@ void otr_abort_auth(ConnContext *co, SERVER_REC *server, const char *nick)
coi = co->app_data;
- coi->received_smp_reply = FALSE;
coi->received_smp_init = FALSE;
- coi->smp_failed = FALSE;
-
- otrl_message_abort_smp(otr_state,&otr_ops,NULL,co);
otr_notice(server,nick,
co->smstate->nextExpected!=OTRL_SMP_EXPECT1 ?
TXT_AUTH_ABORTED_ONGOING :
TXT_AUTH_ABORTED);
+
+ otrl_message_abort_smp(otr_state,&otr_ops,NULL,co);
}
/*
@@ -312,6 +307,8 @@ void otr_auth(SERVER_REC *server, char *nick, const char *secret)
if (co->smstate->nextExpected!=OTRL_SMP_EXPECT1)
otr_abort_auth(co,server,nick);
+ coi->smp_failed = FALSE;
+
/* reset trust level */
otrl_context_set_trust(co->active_fingerprint, "");
otr_writefps();
@@ -333,9 +330,99 @@ void otr_auth(SERVER_REC *server, char *nick, const char *secret)
(unsigned char*)secret,
strlen(secret));
- otr_notice(server,nick,coi->received_smp_init ?
- TXT_AUTH_RESPONDING :
+ otr_notice(server,nick,
+ coi->received_smp_init ?
+ TXT_AUTH_RESPONDING :
TXT_AUTH_INITIATED);
+
+ statusbar_items_redraw("otr");
+}
+
+/*
+ * Handles incoming TLVs of the SMP authentication type. We're not only updating
+ * our own state but also giving libotr a leg up so it gets through the auth.
+ */
+void otr_handle_tlvs(OtrlTLV *tlvs, ConnContext *co,
+ struct co_info *coi,
+ SERVER_REC *server, const char *from) {
+ int abort = FALSE;
+
+ OtrlTLV *tlv = otrl_tlv_find(tlvs, OTRL_TLV_SMP1);
+ if (tlv) {
+ if (co->smstate->nextExpected != OTRL_SMP_EXPECT1) {
+ otr_notice(server,from,TXT_AUTH_HAVE_OLD,
+ from);
+ abort = TRUE;
+ } else {
+ otr_notice(server,from,TXT_AUTH_PEER,
+ from);
+ coi->received_smp_init = TRUE;
+ }
+ }
+
+ tlv = otrl_tlv_find(tlvs, OTRL_TLV_SMP2);
+ if (tlv) {
+ if (co->smstate->nextExpected != OTRL_SMP_EXPECT2) {
+ otr_notice(server,from,
+ TXT_AUTH_PEER_REPLY_WRONG,
+ from);
+ abort = TRUE;
+ } else {
+ otr_notice(server,from,
+ TXT_AUTH_PEER_REPLIED,
+ from);
+ co->smstate->nextExpected = OTRL_SMP_EXPECT4;
+ }
+ }
+
+ tlv = otrl_tlv_find(tlvs, OTRL_TLV_SMP3);
+ if (tlv) {
+ if (co->smstate->nextExpected != OTRL_SMP_EXPECT3) {
+ otr_notice(server,from,
+ TXT_AUTH_PEER_WRONG_SMP3,
+ from);
+ abort = TRUE;
+ } else {
+ char *trust = co->active_fingerprint->trust;
+ if (trust&&(*trust!='\0'))
+ otr_notice(server,from,
+ TXT_AUTH_SUCCESSFUL);
+ else {
+ otr_notice(server,from,
+ TXT_AUTH_FAILED);
+ coi->smp_failed = TRUE;
+ }
+ co->smstate->nextExpected = OTRL_SMP_EXPECT1;
+ coi->received_smp_init = FALSE;
+ }
+ }
+
+ tlv = otrl_tlv_find(tlvs, OTRL_TLV_SMP4);
+ if (tlv) {
+ if (co->smstate->nextExpected != OTRL_SMP_EXPECT4) {
+ otr_notice(server,from,
+ TXT_AUTH_PEER_WRONG_SMP4,
+ from);
+ abort = TRUE;
+ } else {
+ char *trust = co->active_fingerprint->trust;
+ if (trust&&(*trust!='\0'))
+ otr_notice(server,from,
+ TXT_AUTH_SUCCESSFUL);
+ else {
+ /* unreachable since 4 is never sent out on
+ * error */
+ otr_notice(server,from,
+ TXT_AUTH_FAILED);
+ coi->smp_failed = TRUE;
+ }
+ co->smstate->nextExpected = OTRL_SMP_EXPECT1;
+ coi->received_smp_init = FALSE;
+ }
+ }
+ if (abort)
+ otr_abort_auth(co,server,from);
+
statusbar_items_redraw("otr");
}
@@ -365,7 +452,7 @@ char *otr_receive(SERVER_REC *server, const char *msg,const char *from)
coi = co->app_data;
/* Really lame but I don't see how you could do this in a generic
- * way unless the IRC server would somehow marks continuation messages.
+ * way unless the IRC server would somehow mark continuation messages.
*/
if ((strcmp(msg,coi->better_msg_two)==0)||
(strcmp(msg,formats[TXT_OTR_BETTER_THREE].def)==0)) {
@@ -419,63 +506,9 @@ char *otr_receive(SERVER_REC *server, const char *msg,const char *from)
NULL,
NULL);
- if (tlvs) {
- OtrlTLV *tlv = otrl_tlv_find(tlvs, OTRL_TLV_SMP1);
- int abort = FALSE;
- if (tlv) {
- if (co->smstate->nextExpected != OTRL_SMP_EXPECT1) {
- otr_notice(server,from,TXT_AUTH_HAVE_OLD,
- accname);
- abort = TRUE;
- } else {
- otr_notice(server,from,TXT_AUTH_PEER,
- accname);
- coi->received_smp_init = TRUE;
- }
- } else
- coi->received_smp_init = FALSE;
- tlv = otrl_tlv_find(tlvs, OTRL_TLV_SMP2);
- if (tlv) {
- if (co->smstate->nextExpected != OTRL_SMP_EXPECT2) {
- otr_notice(server,from,
- TXT_AUTH_PEER_REPLY_WRONG,
- accname);
- abort = TRUE;
- } else {
- otr_notice(server,from,
- TXT_AUTH_PEER_REPLIED,
- accname);
- coi->received_smp_reply = TRUE;
- }
- } else
- coi->received_smp_reply = FALSE;
- tlv = otrl_tlv_find(tlvs, OTRL_TLV_SMP3);
- if (tlv) {
- if (co->smstate->nextExpected != OTRL_SMP_EXPECT3) {
- otr_notice(server,from,TXT_AUTH_PEER_WRONG_SMP3,accname);
- abort = TRUE;
- } else {
- char *trust = co->active_fingerprint->trust;
- if (trust&&(*trust!='\0'))
- otr_notice(server,from,
- TXT_AUTH_SUCCESSFUL,
- accname);
- else {
- otr_notice(server,from,
- TXT_AUTH_FAILED,
- accname);
- coi->smp_failed = TRUE;
- }
- }
- } else
- coi->smp_failed = FALSE;
-
- if (abort)
- otr_abort_auth(co,server,from);
-
- statusbar_items_redraw("otr");
- }
-
+ if (tlvs)
+ otr_handle_tlvs(tlvs,co,coi,server,from);
+
if (ignore_message) {
otr_debug(server,from,
TXT_RECEIVE_IGNORE, strlen(msg),accname,from);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/irssi-plugin-otr.git
More information about the Pkg-privacy-commits
mailing list