diff options
| -rw-r--r-- | bitlbee.h | 4 | ||||
| -rw-r--r-- | irc_commands.c | 11 | ||||
| -rw-r--r-- | root_commands.c | 27 |
3 files changed, 39 insertions, 3 deletions
@@ -125,6 +125,10 @@ #define HELP_FILE VARDIR "help.txt" #define CONF_FILE_DEF ETCDIR "bitlbee.conf" +/* Hack to give a little bit more password security on IRC: If an account has + this password set, use /OPER to change it. */ +#define PASSWORD_PENDING "\r\rchangeme\r\r" + #include "bee.h" #include "irc.h" #include "storage.h" diff --git a/irc_commands.c b/irc_commands.c index d9ff929f..3b561d00 100644 --- a/irc_commands.c +++ b/irc_commands.c @@ -400,6 +400,17 @@ static void irc_cmd_nickserv( irc_t *irc, char **cmd ) static void irc_cmd_oper( irc_t *irc, char **cmd ) { + account_t *a; + + /* /OPER can now also be used to enter IM passwords without echoing. + It's a hack but the extra password security is worth it. */ + for( a = irc->b->accounts; a; a = a->next ) + if( strcmp( a->pass, PASSWORD_PENDING ) == 0 ) + { + set_setstr( &a->set, "password", cmd[2] ); + return; + } + if( global.conf->oper_pass && ( strncmp( global.conf->oper_pass, "md5:", 4 ) == 0 ? md5_verify_password( cmd[2], global.conf->oper_pass + 4 ) == 0 : diff --git a/root_commands.c b/root_commands.c index db29d088..01313b1c 100644 --- a/root_commands.c +++ b/root_commands.c @@ -393,7 +393,16 @@ static void cmd_account( irc_t *irc, char **cmd ) { struct prpl *prpl; - MIN_ARGS( 4 ); + MIN_ARGS( 3 ); + + if( cmd[4] == NULL ) + for( a = irc->b->accounts; a; a = a->next ) + if( strcmp( a->pass, PASSWORD_PENDING ) == 0 ) + { + irc_usermsg( irc, "Enter password for account %s(%s) " + "first (use /OPER)", a->prpl->name, a->user ); + return; + } prpl = find_protocol( cmd[2] ); @@ -409,7 +418,7 @@ static void cmd_account( irc_t *irc, char **cmd ) "protocol `%s' and username `%s'. Are you accidentally " "trying to add it twice?", prpl->name, cmd[3] ); - a = account_add( irc->b, prpl, cmd[3], cmd[4] ); + a = account_add( irc->b, prpl, cmd[3], cmd[4] ? cmd[4] : PASSWORD_PENDING ); if( cmd[5] ) { irc_usermsg( irc, "Warning: Passing a servername/other flags to `account add' " @@ -419,6 +428,9 @@ static void cmd_account( irc_t *irc, char **cmd ) irc_usermsg( irc, "Account successfully added" ); + if( cmd[4] == NULL ) + irc_usermsg( irc, "Now, use /OPER to enter your password for this account" ); + return; } else if( len >= 1 && g_strncasecmp( cmd[1], "list", len ) == 0 ) @@ -461,7 +473,13 @@ static void cmd_account( irc_t *irc, char **cmd ) for( a = irc->b->accounts; a; a = a->next ) if( !a->ic && a->auto_connect ) - account_on( irc->b, a ); + { + if( strcmp( a->pass, PASSWORD_PENDING ) == 0 ) + irc_usermsg( irc, "Enter password for account %s(%s) " + "first (use /OPER)", a->prpl->name, a->user ); + else + account_on( irc->b, a ); + } } else { @@ -519,6 +537,9 @@ static void cmd_account( irc_t *irc, char **cmd ) { if( a->ic ) irc_usermsg( irc, "Account already online" ); + else if( strcmp( a->pass, PASSWORD_PENDING ) == 0 ) + irc_usermsg( irc, "Enter password for account %s(%s) " + "first (use /OPER)", a->prpl->name, a->user ); else account_on( irc->b, a ); } |