diff options
| -rw-r--r-- | bitlbee.conf | 7 | ||||
| -rw-r--r-- | doc/CHANGES | 2 | ||||
| -rw-r--r-- | irc_commands.c | 10 |
3 files changed, 17 insertions, 2 deletions
diff --git a/bitlbee.conf b/bitlbee.conf index d9f878c8..99e8106d 100644 --- a/bitlbee.conf +++ b/bitlbee.conf @@ -48,14 +48,21 @@ ## AuthPassword ## ## Password the user should enter when logging into a closed BitlBee server. +## You can also have an MD5-encrypted password here. Format: "md5:", followed +## by a hash as generated for the <user password=""> attribute in a BitlBee +## XML file (for now there's no easier way to generate the hash). ## # AuthPassword = ItllBeBitlBee ## Heh.. Our slogan. ;-) +## or +# AuthPassword = md5:gzkK0Ox/1xh+1XTsQjXxBJ571Vgl ## OperPassword ## ## Password that unlocks access to special operator commands. ## # OperPassword = ChangeMe! +## or +# OperPassword = md5:I0mnZbn1t4R731zzRdDN2/pK7lRX ## HostName ## diff --git a/doc/CHANGES b/doc/CHANGES index 959c11fd..b3c3b711 100644 --- a/doc/CHANGES +++ b/doc/CHANGES @@ -27,6 +27,8 @@ Version 1.2: in the IRC core, and charset mismatches are detected (if possible) and the user is asked to resolve this before continuing. Also, UTF-8 is the default setting now, since that's how the world seems to work these days. +- One can now keep hashed passwords in bitlbee.conf instead of the cleartext + version. - Most important change: New file format for user data (accounts, nicks and settings). Migration to the new format should happen transparently, BitlBee will read the old files and once you quit/save it will save in the diff --git a/irc_commands.c b/irc_commands.c index 68db4617..14209732 100644 --- a/irc_commands.c +++ b/irc_commands.c @@ -29,7 +29,10 @@ static void irc_cmd_pass( irc_t *irc, char **cmd ) { - if( global.conf->auth_pass && strcmp( cmd[1], global.conf->auth_pass ) == 0 ) + if( global.conf->auth_pass && + strncmp( global.conf->auth_pass, "md5:", 4 ) == 0 ? + md5_verify_password( cmd[1], global.conf->auth_pass + 4 ) == 0 : + strcmp( cmd[1], global.conf->auth_pass ) == 0 ) { irc->status |= USTATUS_AUTHORIZED; irc_check_login( irc ); @@ -87,7 +90,10 @@ static void irc_cmd_ping( irc_t *irc, char **cmd ) static void irc_cmd_oper( irc_t *irc, char **cmd ) { - if( global.conf->oper_pass && strcmp( cmd[2], global.conf->oper_pass ) == 0 ) + if( global.conf->oper_pass && + strncmp( global.conf->oper_pass, "md5:", 4 ) == 0 ? + md5_verify_password( cmd[2], global.conf->oper_pass + 4 ) == 0 : + strcmp( cmd[2], global.conf->oper_pass ) == 0 ) { irc_umode_set( irc, "+o", 1 ); irc_reply( irc, 381, ":Password accepted" ); |