New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reject relay init commands with totp when totp is not enabled #1435
Comments
You're right, I'll implement that. |
mweinelt
added a commit
to mweinelt/nixpkgs
that referenced
this issue
Mar 29, 2020
New features core: add variable "old_full_name" in buffer, set during buffer renaming (issue weechat/weechat#1428) core: add debug option "-d" in command /eval (issue weechat/weechat#1434) api: add functions crypto_hash and crypto_hash_pbkdf2 api: add info "auto_connect" (issue weechat/weechat#1453) api: add info "weechat_headless" (issue weechat/weechat#1433) buflist: add pointer "window" in bar item evaluation irc: add support of fake servers (no I/O, for testing purposes) relay: accept hash of password in init command of weechat protocol with option "password_hash" (PBKDF2, SHA256, SHA512) relay: reject client with weechat protocol if password or totp is received in init command but not set in WeeChat (issue weechat/weechat#1435) Bug fixes core: fix memory leak in completion core: flush stdout/stderr before forking in hook_process function (issue weechat/weechat#1441) core: fix evaluation of condition with nested "if" (issue weechat/weechat#1434) irc: split AUTHENTICATE message in 400-byte chunks (issue weechat/weechat#1459) irc: copy temporary server flag in command /server copy irc: add nick changes in the hotlist (except self nick change) irc: case-insensitive comparison on incoming CTCP command, force upper case on CTCP replies (issue weechat/weechat#1439) irc: fix memory leak when the channel topic is changed logger: fix crash when logging is disabled on a buffer and the log file was deleted in the meanwhile, when option logger.file.info_lines is on (issue weechat/weechat#1444) php: fix crash when loading script with PHP 7.4 (issue weechat/weechat#1452) relay: update buffers synchronization when buffers are renamed (issue weechat/weechat#1428) script: fix memory leak in read of script repository file if it has invalid content script: fix unexpected display of scripts list in buffer with command /script list -i xfer: send signal "xfer_ended" after the received file has been renamed (issue weechat/weechat#1438) Tests scripts: fix generation of test scripts with Python 3.8 unit: add tests on IRC protocol functions and callbacks unit: add tests on function secure_derive_key unit: add tests on functions util_get_time_diff and util_file_get_content Build core: fix Cygwin build guile: add detection of Guile 3.0.0 (issue weechat/weechat#1442) irc: fix build with GnuTLS < 3.1.0 (issue weechat/weechat#1431) php: add detection of PHP 7.4 ruby: add detection of Ruby 2.7 (issue weechat/weechat#1455)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature description
Reject relay init commands that have a totp argument when no totp is required by weechat. https://weechat.org/files/doc/stable/weechat_relay_protocol.en.html#command_init
If you don't reject this, the user gets a false sense of security. And the relay client has no way of knowing if totp is required or not.
Also it would probably be even better to first do an init command without totp, and then having weechat send back a request for a totp, but this would be breaking.
The text was updated successfully, but these errors were encountered: