| Commit message (Collapse) | Author | Age | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of always putting users passwords in XML files, allow site
admins to configure a different authentication method to integrate
authentication with other systems.
This doesn't add any authentication backends yet, merely the
scaffolding. Notably:
- Password checking and loading/removing from storage has been
decoupled. A new auth_check_pass function is used to check passwords.
It does check against the configured storage first, but will handle
the authentication backends as well. The XML storage merely signals
that a user's password should be checked using an authentication
backend.
- If unknown-to-bitlbee users identify using an authentication backend,
they are automatically registered.
- If an authentication backend is used, that fact is stored in the XML
file, the password is not. Passwords are also stored unencrypted in
this case, as the password used to encrypt them can change underneath
us.
- configure and Makefile changes for the backend objects
|
| |
|
|
|
|
| |
This allows a site admin who pregenerates configs to mark certain
settings as untouchable, ensuring that users cannot mess up their
settings too badly.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In certain situations, e.g. when working with pregenerated
configurations, it is useful to be able lock down accounts so they
cannot be deleted and authentication information (user, password,
server) cannot be changed.
We mark such sensitive settings with ACC_SET_LOCKABLE and will refuse to
change them if the account is locked by setting the ACC_FLAG_LOCKED
flag.
This flag is stored in the xml files as account attribute locked="true".
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- irc_im.c:
- bee_irc_user_msg: strdup leaks when otr swallows messages
- bee_irc_user_action_response: GString leak in all ctcp replies
- otr.c:
- call g_slist_free() on the list of the otr_policy setting
- otr_filter_msg_in: call otrl_tlv_free() if "tlvs" are returned
- otr_filter_msg_out: don't g_strdup() if the message should be ignored
- log_otr_message: g_strdup_vprintf() leaks always
- nogaim.c:
- imcb_ask_auth/imcb_ask_add: leaks in g_strdup_printf()
- imcb_ask_add leaks imcb_ask_cb_data if the user already exists
- add imcb_ask_cb_free() to correctly free its data
- msn_util.c: add msn_buddy_ask_free(), ditto
- storage_xml.c: pass_cr/password if base64_decode or arc_decode fail
- ssl_gnutls.c: conn->hostname leak in error conditions, like invalid certs
- jabber_util.c: jabber_buddy_by_ext_jid() leaks jid if it's not an ext jid
|
| |
|
|
|
|
|
|
|
|
|
| |
- Show version as part of the initial message of &bitlbee
- Use g_strerror() to show actual errors when saving xml configs
- Only show "The nick is (probably) not registered" for ENOENT, use
g_strerror() for the rest of OS errors when loading xml configs
- Show "Protocol not found: <name>" when find_protocol() returns null,
useful when the user uninstalls a plugin accidentally.
- Suggest the user to check the system clock when getting error 401 from
the twitter stream (other REST endpoints show a better error message)
|
| | |
|
| |
|
|
|
|
|
| |
Used uncrustify, with the configuration file in ./doc/uncrustify.cfg
Commit author set to "Indent <please@skip.me>" so that it's easier to
skip while doing git blame.
|
| | |
|
| |
|
|
| |
Patch originally by MichaĆ Siejak, adapted for 3.2.1
|
| |\
| |
| |
| |
| | |
ASCII restriction on contact nicknames. Use at your own risk!
|
| | | |
|
| |/
|
|
|
| |
file.
|
| | |
|
| |\
| |
| |
| |
| |
| | |
XML-formatted user configs from disk I/O so we can try to start using other
mechanisms to store them (a REST API or something, for example).
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Also, use it in xt_print() instead of replicating most of xt_to_string()
in it. This changed four-space indents into tabs but oh well, we'll live.
|
| | | |
|
| | |
| |
| |
| |
| | |
little slower, but IMHO also a little less annoying to work with.
|
| | |
| |
| |
| |
| | |
media than local fs.
|
| |/ |
|
| | |
|
| |
|
|
|
|
| |
add new irc_usermsg, irc_usernotice.
deliver user-specific messages from libotr as notices to that user.
|
| |
|
|
|
|
| |
coming from the IRC client. Also, hide it from the settings list, it
doesn't belong there.
|
| | |
|
| |
|
|
|
| |
attribute, not as a setting (since all accounts have it anyway).
|
| |\ |
|
| | |
| |
| |
| |
| | |
ui-fix for whatever reason less painful.)
|
| | |
| |
| |
| |
| | |
more flexible nickname generation.
|
| | |
| |
| |
| |
| |
| | |
If someone has two MSN accts and wants contacts from both in one channel,
this is now possible.
|
| | |
| |
| |
| |
| | |
forever.
|
| | |
| |
| |
| |
| | |
with a &-name.
|
| | |
| |
| |
| |
| |
| | |
ignored though. Also removing the old chat.[ch] files since they're really not
important anymore.
|
| |\|
| |
| |
| |
| | |
leaks.
|
| | |
| |
| |
| |
| |
| |
| | |
temporary file. This solves hard-to-debug issues where for example the
user hand-edited his configs as root and left a root-owned user.xml~ file
behind.
|
| |\| |
|
| | | |
|
| |/ |
|
| |
|
|
|
|
| |
chat.h and it shouldn't ... but things broke because bitlbee.h includes
it. Fixes #534.
|
| |\ |
|
| | |
| |
| |
| |
| | |
compatibility.
|
| | |
| |
| |
| |
| |
| | |
USTATUS_IDENTIFIED after another account overwriting vulnerability was
found by Tero Marttila.
|
| | |
| |
| |
| |
| |
| | |
to not save non-existent settings now that those simply aren't possible
anymore.
|
| |/ |
|
| | |
|
| |
|
|
|
|
| |
g_file_test() can't test for writability, and g_access() doesn't exist in
older GLibs. :-/
|
| | |
|
| |
|
|
|
| |
errors sometimes. This should close #395.
|
