| Commit message (Collapse) | Author | Age | Lines |
|---|
| |
|
|
|
|
|
| |
These only reflect on what arch/cpu bitlbee was built, not on which
it is running. This makes the Debian package unreproducible.
See e.g.
https://tests.reproducible-builds.org/rb-pkg/testing/i386/bitlbee.html
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of always putting users passwords in XML files, allow site
admins to configure a different authentication method to integrate
authentication with other systems.
This doesn't add any authentication backends yet, merely the
scaffolding. Notably:
- Password checking and loading/removing from storage has been
decoupled. A new auth_check_pass function is used to check passwords.
It does check against the configured storage first, but will handle
the authentication backends as well. The XML storage merely signals
that a user's password should be checked using an authentication
backend.
- If unknown-to-bitlbee users identify using an authentication backend,
they are automatically registered.
- If an authentication backend is used, that fact is stored in the XML
file, the password is not. Passwords are also stored unencrypted in
this case, as the password used to encrypt them can change underneath
us.
- configure and Makefile changes for the backend objects
|
| |
|
|
|
|
|
|
| |
Oddly enough it doesn't break. Maybe it overwrites the 'decoded' pointer
when it doesn't need it anymore? Fun stuff.
Also the version of gcc (5.2) i'm using doesn't complain about array
bounds, clang does, and the older gcc (4.6) in travis does too.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
So use the second part as the username, and only require it to be equal
to the first part if that one is present.
ABNF from the spec:
message = [authzid] UTF8NUL authcid UTF8NUL passwd
Note brackets.
Authzid (authorization identity) is meant for impersonation, which we
don't support. The actual login username is defined by authcid
(authentication identity)
Thanks grawity for pointing this out.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Only plain, no other methods. We don't have built-in SSL to implement
EXTERNAL (certfp) and nothing else is worth implementing.
The actual authentication is pretty much like sending a server password
(when the server's authmode isn't closed), which means it happens in
cmd_identify, but this code also calls storage_check_pass() to send the
required success/failure replies.
SASL doesn't give us much benefit other than standards compliance, but
some clients might appreciate it.
And having a fifth way to do the same thing doesn't hurt! Now we have:
- identify in &bitlbee
- identify to nickserv (alias for root)
- 'nickserv' and 'ns' irc commands
- server password
- sasl plain
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Mostly no-op for now. Puts registration on hold, supports the basic
commands, and NAKs everything
|
| |
|
|
|
|
|
| |
Used uncrustify, with the configuration file in ./doc/uncrustify.cfg
Commit author set to "Indent <please@skip.me>" so that it's easier to
skip while doing git blame.
|
| |
|
|
|
|
|
|
|
|
|
| |
With similar commands being supported, such as INVITE, the KICK command
should be supported as well. The key motivation behind supporting KICK
is having for having a way to remove users from group chats. As of now,
there is no way for a bitlbee user to remove a user from a group chat.
With no current KICK implementation, it made using this command a prime
candidate for the UI side of this implementation. In addition, the KICK
command has been supported in the control channel as well. This is to
keep the INVITE/KICK pair consistent.
|
| |
|
|
|
|
|
|
| |
* Don't use PIE/PIC on Cygwin/Darwin unless specified as these
platforms don't support it.
* Cleanup warnings for 'make check' build.
* Fix the type issue for getsockopt calls.
* Fix enum warnings in Yahoo libs on Mac OS X.
|
| | |
|
| |
|
|
| |
Only took me a few months to write. I even added a test case.
|
| |
|
|
|
| |
"securely". Patch from Flexo, bug #1117.
|
| | |
|
| |
|
|
|
|
|
| |
my copyright mentions since some were getting pretty stale. Left files not
touched since before 2012 alone so that this change doesn't touch almost
EVERY source file.
|
| |
|
|
|
| |
these used to get a flag so OSCAR sends them as away messages IIRC, but meh.
|
| |
|
|
|
| |
ways it's not BitlBee and I'm tired of getting libpurple-related bug reports.
|
| |
|
|
|
| |
Patch from trac3r, bug #814.
|
| |
|
|
|
| |
do not reset identify status. Bug #880.
|
| |
|
|
|
|
|
|
| |
"protocol(handle)". It's guaranteed to be unique and also shorter.
It may suck for people who have multiple accounts and didn't change their
tags, but that'll hopefully remind them to change them.
|
| |
|
|
|
|
| |
add new irc_usermsg, irc_usernotice.
deliver user-specific messages from libotr as notices to that user.
|
| |
|
|
|
|
| |
NOW? WHO? Anyway, this bug was causing not only chars < ' ' to be stripped,
but also anything with the highest bit set. (I.e. anything non-ASCII.)
|
| |
|
|
|
|
|
|
|
|
| |
well (and enter it using /OPER instead).
This is a gross hack and indeed still not solid: In irssi one can still
use /RAWLOG SAVE to find the OPER line sent to BitlBee (and of course not
everyone uses SSL to talk to remote BitlBee servers). This only works
within 10-30 minutes after entering the password though.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
enter the password using the /OPER command (which will not echo to the
screen and/or logs).
It's a fairly ugly hack but the improved password security is worth it
IMHO.
|
| |\
| |
| |
| |
| |
| | |
Not 100% sure about the OpenSSL merge, should double check that but I'm
currently offline.
|
| | |
| |
| |
| |
| | |
into the executable.
|
| |\| |
|
| | | |
|
| |/ |
|
| |
|
|
|
| |
with some changes.
|
| | |
|
| | |
|
| |
|
|
|
| |
some other day I'll find a reason for actually supporting them.
|
| |
|
|
|
|
| |
only triggers on channels created by the user. (And not at identify time,
which was causing odd problems on my test setup.)
|
| |
|
|
|
| |
irc_channel_del_user() syntax.
|
| |
|
|
|
|
| |
faulty responses in the NICK command, and fixing crash bug in nick changes
before finishing login.
|
| | |
|
| |
|
|
|
| |
this to measure lag.
|
| |
|
|
|
| |
support for this, irssi tries to do this anyway.
|
| |
|
|
|
|
| |
ignored though. Also removing the old chat.[ch] files since they're really not
important anymore.
|
| |
|
|
|
| |
that same channel.
|
| |
|
|
|
|
| |
much any 8-bit character is allowed in there - while nicknames are very
restricted.
|
| |
|
|
|
| |
will check the others now.
|
| | |
|
| |
|
|
|
|
| |
command to allow identifying without loading any new settings. With some
documentation hints.
|
| |
|
|
|
| |
(when sending a /quit instead, for example).
|
