Allow omitting the password argument to "account add", to then separately

enter the password using the /OPER command (which will not echo to the
screen and/or logs).

It's a fairly ugly hack but the improved password security is worth it
IMHO.

3 files changed, 39 insertions, 3 deletions

diff --git a/bitlbee.h b/bitlbee.h
index e6b99a7c..15b7bddf 100644
--- a/bitlbee.h
+++ b/bitlbee.h
@@ -125,6 +125,10 @@
 #define HELP_FILE VARDIR "help.txt"
 #define CONF_FILE_DEF ETCDIR "bitlbee.conf"
 
+/* Hack to give a little bit more password security on IRC: If an account has
+   this password set, use /OPER to change it. */
+#define PASSWORD_PENDING "\r\rchangeme\r\r"
+
 #include "bee.h"
 #include "irc.h"
 #include "storage.h"
diff --git a/irc_commands.c b/irc_commands.c
index d9ff929f..3b561d00 100644
--- a/irc_commands.c
+++ b/irc_commands.c
@@ -400,6 +400,17 @@ static void irc_cmd_nickserv( irc_t *irc, char **cmd )
 
 static void irc_cmd_oper( irc_t *irc, char **cmd )
 {
+	account_t *a;
+	
+	/* /OPER can now also be used to enter IM passwords without echoing.
+	   It's a hack but the extra password security is worth it. */
+	for( a = irc->b->accounts; a; a = a->next )
+		if( strcmp( a->pass, PASSWORD_PENDING ) == 0 )
+		{
+			set_setstr( &a->set, "password", cmd[2] );
+			return;
+		}
+	
 	if( global.conf->oper_pass &&
 	    ( strncmp( global.conf->oper_pass, "md5:", 4 ) == 0 ?
 	        md5_verify_password( cmd[2], global.conf->oper_pass + 4 ) == 0 :
diff --git a/root_commands.c b/root_commands.c
index db29d088..01313b1c 100644
--- a/root_commands.c
+++ b/root_commands.c
@@ -393,7 +393,16 @@ static void cmd_account( irc_t *irc, char **cmd )
 	{
 		struct prpl *prpl;
 		
-		MIN_ARGS( 4 );
+		MIN_ARGS( 3 );
+		
+		if( cmd[4] == NULL )
+			for( a = irc->b->accounts; a; a = a->next )
+				if( strcmp( a->pass, PASSWORD_PENDING ) == 0 )
+				{
+					irc_usermsg( irc, "Enter password for account %s(%s) "
+					             "first (use /OPER)", a->prpl->name, a->user );
+					return;
+				}
 		
 		prpl = find_protocol( cmd[2] );
 		
@@ -409,7 +418,7 @@ static void cmd_account( irc_t *irc, char **cmd )
 				             "protocol `%s' and username `%s'. Are you accidentally "
 				             "trying to add it twice?", prpl->name, cmd[3] );
 		
-		a = account_add( irc->b, prpl, cmd[3], cmd[4] );
+		a = account_add( irc->b, prpl, cmd[3], cmd[4] ? cmd[4] : PASSWORD_PENDING );
 		if( cmd[5] )
 		{
 			irc_usermsg( irc, "Warning: Passing a servername/other flags to `account add' "
@@ -419,6 +428,9 @@ static void cmd_account( irc_t *irc, char **cmd )
 		
 		irc_usermsg( irc, "Account successfully added" );
 		
+		if( cmd[4] == NULL )
+			irc_usermsg( irc, "Now, use /OPER to enter your password for this account" );
+		
 		return;
 	}
 	else if( len >= 1 && g_strncasecmp( cmd[1], "list", len ) == 0 )
@@ -461,7 +473,13 @@ static void cmd_account( irc_t *irc, char **cmd )
 		
 			for( a = irc->b->accounts; a; a = a->next )
 				if( !a->ic && a->auto_connect )
-					account_on( irc->b, a );
+				{
+					if( strcmp( a->pass, PASSWORD_PENDING ) == 0 )
+						irc_usermsg( irc, "Enter password for account %s(%s) "
+						             "first (use /OPER)", a->prpl->name, a->user );
+					else
+						account_on( irc->b, a );
+				}
 		} 
 		else
 		{
@@ -519,6 +537,9 @@ static void cmd_account( irc_t *irc, char **cmd )
 	{
 		if( a->ic )
 			irc_usermsg( irc, "Account already online" );
+		else if( strcmp( a->pass, PASSWORD_PENDING ) == 0 )
+			irc_usermsg( irc, "Enter password for account %s(%s) "
+			             "first (use /OPER)", a->prpl->name, a->user );
 		else
 			account_on( irc->b, a );
 	}