More password paranoia: Allow omitting the identify/register password as

well (and enter it using /OPER instead).

This is a gross hack and indeed still not solid: In irssi one can still
use /RAWLOG SAVE to find the OPER line sent to BitlBee (and of course not
everyone uses SSL to talk to remote BitlBee servers). This only works
within 10-30 minutes after entering the password though.

4 files changed, 82 insertions, 25 deletions

diff --git a/doc/user-guide/commands.xml b/doc/user-guide/commands.xml
index b86328b5..42a995c9 100644
--- a/doc/user-guide/commands.xml
+++ b/doc/user-guide/commands.xml
@@ -24,7 +24,7 @@
 				</para>
 
 				<para>
-					If you omit the password, you should use the IRC /OPER command to enter it separately. The advantage of this approach is that most IRC clients will not show OPER passwords on screen/save them in logs.
+					You can omit the password and enter it separately using the IRC /OPER command. This lets you enter your password without your IRC client echoing it on screen or recording it in logs.
 				</para>
 			</description>
 			
@@ -1603,7 +1603,7 @@
 
 	<bitlbee-command name="register">
 		<short-description>Register yourself</short-description>
-		<syntax>register &lt;password&gt;</syntax>
+		<syntax>register [&lt;password&gt;]</syntax>
 
 		<description>
 			<para>
@@ -1617,12 +1617,16 @@
 			<para>
 				To identify yourself in later sessions, you can use the <emphasis>identify</emphasis> command. To change your password later, you can use the <emphasis>set password</emphasis> command.
 			</para>
+
+			<para>
+				You can omit the password and enter it separately using the IRC /OPER command. This lets you enter your password without your IRC client echoing it on screen or recording it in logs.
+			</para>
 		</description>
 
 	</bitlbee-command>
 
 	<bitlbee-command name="identify">
-		<syntax>identify [-noload|-force] &lt;password&gt;</syntax>
+		<syntax>identify [-noload|-force] [&lt;password&gt;]</syntax>
 		<short-description>Identify yourself with your password</short-description>
 
 		<description>
@@ -1641,6 +1645,10 @@
 			<para>
 				<emphasis>-noload</emphasis> will log you in but not load any accounts and settings saved under your current nickname. These will be overwritten once you save your settings (i.e. when you disconnect).
 			</para>
+
+			<para>
+				You can omit the password and enter it separately using the IRC /OPER command. This lets you enter your password without your IRC client echoing it on screen or recording it in logs.
+			</para>
 		</description>
 	</bitlbee-command>
 
diff --git a/irc.h b/irc.h
index 41d1ce3b..fec63967 100644
--- a/irc.h
+++ b/irc.h
@@ -49,6 +49,16 @@ typedef enum
 	USTATUS_IDENTIFIED = 4, /* To NickServ (root). */
 	USTATUS_SHUTDOWN = 8,   /* Now used to indicate we're shutting down.
 	                           Currently just blocks irc_vawrite(). */
+
+	/* Not really status stuff, but other kinds of flags: For slightly
+	   better password security, since the only way to send passwords
+	   to the IRC server securely (i.e. not echoing to screen or written
+	   to logfiles) is the /OPER command, try to use that command for
+	   stuff that matters. */
+	OPER_HACK_IDENTIFY = 0x100,
+	OPER_HACK_REGISTER = 0x200,
+	OPER_HACK_ACCOUNT_ADD = 0x400,
+	OPER_HACK_ANY = 0x700,	/* To check for them all at once. */
 } irc_status_t;
 
 struct irc_user;
diff --git a/irc_commands.c b/irc_commands.c
index a183ec35..cf41d323 100644
--- a/irc_commands.c
+++ b/irc_commands.c
@@ -396,26 +396,13 @@ static void irc_cmd_nickserv( irc_t *irc, char **cmd )
 	root_command( irc, cmd + 1 );
 }
 
-
+static void irc_cmd_oper_hack( irc_t *irc, char **cmd );
 
 static void irc_cmd_oper( irc_t *irc, char **cmd )
 {
-	account_t *a;
-	
-	/* /OPER can now also be used to enter IM passwords without echoing.
-	   It's a hack but the extra password security is worth it. */
-	for( a = irc->b->accounts; a; a = a->next )
-		if( strcmp( a->pass, PASSWORD_PENDING ) == 0 )
-		{
-			set_setstr( &a->set, "password", cmd[2] );
-			irc_usermsg( irc, "Password added to IM account "
-			             "%s(%s)", a->prpl->name, a->user );
-			/* The IRC client may expect this. Report failure since
-			   we didn't hand out a +o. */
-			irc_send_num( irc, 491, ":Password added to IM account "
-			              "%s(%s)", a->prpl->name, a->user );
-			return;
-		}
+	/* Very non-standard evil but useful/secure hack, see below. */
+	if( irc->status & OPER_HACK_ANY )
+		return irc_cmd_oper_hack( irc, cmd );
 	
 	if( global.conf->oper_pass &&
 	    ( strncmp( global.conf->oper_pass, "md5:", 4 ) == 0 ?
@@ -431,6 +418,46 @@ static void irc_cmd_oper( irc_t *irc, char **cmd )
 	}
 }
 
+static void irc_cmd_oper_hack( irc_t *irc, char **cmd )
+{
+	char *password = g_strjoinv( " ", cmd + 2 );
+	
+	/* /OPER can now also be used to enter IM/identify passwords without
+	   echoing. It's a hack but the extra password security is worth it. */
+	if( irc->status & OPER_HACK_ACCOUNT_ADD )
+	{
+		account_t *a;
+		
+		for( a = irc->b->accounts; a; a = a->next )
+			if( strcmp( a->pass, PASSWORD_PENDING ) == 0 )
+			{
+				set_setstr( &a->set, "password", password );
+				irc_usermsg( irc, "Password added to IM account "
+				             "%s(%s)", a->prpl->name, a->user );
+				/* The IRC client may expect this. 491 suggests the OPER
+				   password was wrong, so the client won't expect a +o.
+				   It may however repeat the password prompt. We'll see. */
+				irc_send_num( irc, 491, ":Password added to IM account "
+				              "%s(%s)", a->prpl->name, a->user );
+			}
+	}
+	else if( irc->status & OPER_HACK_IDENTIFY )
+	{
+		char *send_cmd[] = { "identify", password, NULL };
+		irc_send_num( irc, 491, ":Trying to identify" );
+		root_command( irc, send_cmd );
+	}
+	else if( irc->status & OPER_HACK_REGISTER )
+	{
+		char *send_cmd[] = { "register", password, NULL };
+		irc_send_num( irc, 491, ":Trying to identify" );
+		root_command( irc, send_cmd );
+	}
+	
+	irc->status &= ~OPER_HACK_ANY;
+	g_free( password );
+}
+
 static void irc_cmd_invite( irc_t *irc, char **cmd )
 {
 	irc_channel_t *ic;
@@ -755,6 +782,6 @@ void irc_exec( irc_t *irc, char *cmd[] )
 			return;
 		}
 	
-	if( irc->status >= USTATUS_LOGGED_IN )
+	if( irc->status & USTATUS_LOGGED_IN )
 		irc_send_num( irc, 421, "%s :Unknown command", cmd[0] );
 }
diff --git a/root_commands.c b/root_commands.c
index a7b626b8..a05cffb0 100644
--- a/root_commands.c
+++ b/root_commands.c
@@ -113,7 +113,10 @@ static void cmd_identify( irc_t *irc, char **cmd )
 		return;
 	}
 	
-	if( strncmp( cmd[1], "-no", 3 ) == 0 )
+	if( cmd[1] == NULL )
+	{
+	}
+	else if( strncmp( cmd[1], "-no", 3 ) == 0 )
 	{
 		load = FALSE;
 		password = cmd[2];
@@ -134,7 +137,9 @@ static void cmd_identify( irc_t *irc, char **cmd )
 	
 	if( password == NULL )
 	{
-		MIN_ARGS( 2 );
+		irc_usermsg( irc, "About to identify, use /OPER to enter the password" );
+		irc->status |= OPER_HACK_IDENTIFY;
+		return;
 	}
 	
 	if( load )
@@ -212,6 +217,13 @@ static void cmd_register( irc_t *irc, char **cmd )
 		irc_usermsg( irc, "This server does not allow registering new accounts" );
 		return;
 	}
+	
+	if( cmd[1] == NULL )
+	{
+		irc_usermsg( irc, "About to register, use /OPER to enter the password" );
+		irc->status |= OPER_HACK_REGISTER;
+		return;
+	}
 
 	switch( storage_save( irc, cmd[1], FALSE ) ) {
 		case STORAGE_ALREADY_EXISTS:
@@ -1361,12 +1373,12 @@ command_t root_commands[] = {
 	{ "ft",             0, cmd_transfer,       0 },
 	{ "group",          1, cmd_group,          0 },
 	{ "help",           0, cmd_help,           0 }, 
-	{ "identify",       1, cmd_identify,       0 },
+	{ "identify",       0, cmd_identify,       0 },
 	{ "info",           1, cmd_info,           0 },
 	{ "nick",           1, cmd_nick,           0 },
 	{ "no",             0, cmd_yesno,          0 },
 	{ "qlist",          0, cmd_qlist,          0 },
-	{ "register",       1, cmd_register,       0 },
+	{ "register",       0, cmd_register,       0 },
 	{ "remove",         1, cmd_remove,         0 },
 	{ "rename",         2, cmd_rename,         0 },
 	{ "save",           0, cmd_save,           0 },