From 060d0661ff8c1465f394c307d0f4c2a22964c6b2 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Tue, 1 Feb 2011 13:05:58 +0000 Subject: More password paranoia: Allow omitting the identify/register password as well (and enter it using /OPER instead). This is a gross hack and indeed still not solid: In irssi one can still use /RAWLOG SAVE to find the OPER line sent to BitlBee (and of course not everyone uses SSL to talk to remote BitlBee servers). This only works within 10-30 minutes after entering the password though. --- doc/user-guide/commands.xml | 14 +++++++--- irc.h | 10 +++++++ irc_commands.c | 63 ++++++++++++++++++++++++++++++++------------- root_commands.c | 20 +++++++++++--- 4 files changed, 82 insertions(+), 25 deletions(-) diff --git a/doc/user-guide/commands.xml b/doc/user-guide/commands.xml index b86328b5..42a995c9 100644 --- a/doc/user-guide/commands.xml +++ b/doc/user-guide/commands.xml @@ -24,7 +24,7 @@ - If you omit the password, you should use the IRC /OPER command to enter it separately. The advantage of this approach is that most IRC clients will not show OPER passwords on screen/save them in logs. + You can omit the password and enter it separately using the IRC /OPER command. This lets you enter your password without your IRC client echoing it on screen or recording it in logs. @@ -1603,7 +1603,7 @@ Register yourself - register <password> + register [<password>] @@ -1617,12 +1617,16 @@ To identify yourself in later sessions, you can use the identify command. To change your password later, you can use the set password command. + + + You can omit the password and enter it separately using the IRC /OPER command. This lets you enter your password without your IRC client echoing it on screen or recording it in logs. + - identify [-noload|-force] <password> + identify [-noload|-force] [<password>] Identify yourself with your password @@ -1641,6 +1645,10 @@ -noload will log you in but not load any accounts and settings saved under your current nickname. These will be overwritten once you save your settings (i.e. when you disconnect). + + + You can omit the password and enter it separately using the IRC /OPER command. This lets you enter your password without your IRC client echoing it on screen or recording it in logs. + diff --git a/irc.h b/irc.h index 41d1ce3b..fec63967 100644 --- a/irc.h +++ b/irc.h @@ -49,6 +49,16 @@ typedef enum USTATUS_IDENTIFIED = 4, /* To NickServ (root). */ USTATUS_SHUTDOWN = 8, /* Now used to indicate we're shutting down. Currently just blocks irc_vawrite(). */ + + /* Not really status stuff, but other kinds of flags: For slightly + better password security, since the only way to send passwords + to the IRC server securely (i.e. not echoing to screen or written + to logfiles) is the /OPER command, try to use that command for + stuff that matters. */ + OPER_HACK_IDENTIFY = 0x100, + OPER_HACK_REGISTER = 0x200, + OPER_HACK_ACCOUNT_ADD = 0x400, + OPER_HACK_ANY = 0x700, /* To check for them all at once. */ } irc_status_t; struct irc_user; diff --git a/irc_commands.c b/irc_commands.c index a183ec35..cf41d323 100644 --- a/irc_commands.c +++ b/irc_commands.c @@ -396,26 +396,13 @@ static void irc_cmd_nickserv( irc_t *irc, char **cmd ) root_command( irc, cmd + 1 ); } - +static void irc_cmd_oper_hack( irc_t *irc, char **cmd ); static void irc_cmd_oper( irc_t *irc, char **cmd ) { - account_t *a; - - /* /OPER can now also be used to enter IM passwords without echoing. - It's a hack but the extra password security is worth it. */ - for( a = irc->b->accounts; a; a = a->next ) - if( strcmp( a->pass, PASSWORD_PENDING ) == 0 ) - { - set_setstr( &a->set, "password", cmd[2] ); - irc_usermsg( irc, "Password added to IM account " - "%s(%s)", a->prpl->name, a->user ); - /* The IRC client may expect this. Report failure since - we didn't hand out a +o. */ - irc_send_num( irc, 491, ":Password added to IM account " - "%s(%s)", a->prpl->name, a->user ); - return; - } + /* Very non-standard evil but useful/secure hack, see below. */ + if( irc->status & OPER_HACK_ANY ) + return irc_cmd_oper_hack( irc, cmd ); if( global.conf->oper_pass && ( strncmp( global.conf->oper_pass, "md5:", 4 ) == 0 ? @@ -431,6 +418,46 @@ static void irc_cmd_oper( irc_t *irc, char **cmd ) } } +static void irc_cmd_oper_hack( irc_t *irc, char **cmd ) +{ + char *password = g_strjoinv( " ", cmd + 2 ); + + /* /OPER can now also be used to enter IM/identify passwords without + echoing. It's a hack but the extra password security is worth it. */ + if( irc->status & OPER_HACK_ACCOUNT_ADD ) + { + account_t *a; + + for( a = irc->b->accounts; a; a = a->next ) + if( strcmp( a->pass, PASSWORD_PENDING ) == 0 ) + { + set_setstr( &a->set, "password", password ); + irc_usermsg( irc, "Password added to IM account " + "%s(%s)", a->prpl->name, a->user ); + /* The IRC client may expect this. 491 suggests the OPER + password was wrong, so the client won't expect a +o. + It may however repeat the password prompt. We'll see. */ + irc_send_num( irc, 491, ":Password added to IM account " + "%s(%s)", a->prpl->name, a->user ); + } + } + else if( irc->status & OPER_HACK_IDENTIFY ) + { + char *send_cmd[] = { "identify", password, NULL }; + irc_send_num( irc, 491, ":Trying to identify" ); + root_command( irc, send_cmd ); + } + else if( irc->status & OPER_HACK_REGISTER ) + { + char *send_cmd[] = { "register", password, NULL }; + irc_send_num( irc, 491, ":Trying to identify" ); + root_command( irc, send_cmd ); + } + + irc->status &= ~OPER_HACK_ANY; + g_free( password ); +} + static void irc_cmd_invite( irc_t *irc, char **cmd ) { irc_channel_t *ic; @@ -755,6 +782,6 @@ void irc_exec( irc_t *irc, char *cmd[] ) return; } - if( irc->status >= USTATUS_LOGGED_IN ) + if( irc->status & USTATUS_LOGGED_IN ) irc_send_num( irc, 421, "%s :Unknown command", cmd[0] ); } diff --git a/root_commands.c b/root_commands.c index a7b626b8..a05cffb0 100644 --- a/root_commands.c +++ b/root_commands.c @@ -113,7 +113,10 @@ static void cmd_identify( irc_t *irc, char **cmd ) return; } - if( strncmp( cmd[1], "-no", 3 ) == 0 ) + if( cmd[1] == NULL ) + { + } + else if( strncmp( cmd[1], "-no", 3 ) == 0 ) { load = FALSE; password = cmd[2]; @@ -134,7 +137,9 @@ static void cmd_identify( irc_t *irc, char **cmd ) if( password == NULL ) { - MIN_ARGS( 2 ); + irc_usermsg( irc, "About to identify, use /OPER to enter the password" ); + irc->status |= OPER_HACK_IDENTIFY; + return; } if( load ) @@ -212,6 +217,13 @@ static void cmd_register( irc_t *irc, char **cmd ) irc_usermsg( irc, "This server does not allow registering new accounts" ); return; } + + if( cmd[1] == NULL ) + { + irc_usermsg( irc, "About to register, use /OPER to enter the password" ); + irc->status |= OPER_HACK_REGISTER; + return; + } switch( storage_save( irc, cmd[1], FALSE ) ) { case STORAGE_ALREADY_EXISTS: @@ -1361,12 +1373,12 @@ command_t root_commands[] = { { "ft", 0, cmd_transfer, 0 }, { "group", 1, cmd_group, 0 }, { "help", 0, cmd_help, 0 }, - { "identify", 1, cmd_identify, 0 }, + { "identify", 0, cmd_identify, 0 }, { "info", 1, cmd_info, 0 }, { "nick", 1, cmd_nick, 0 }, { "no", 0, cmd_yesno, 0 }, { "qlist", 0, cmd_qlist, 0 }, - { "register", 1, cmd_register, 0 }, + { "register", 0, cmd_register, 0 }, { "remove", 1, cmd_remove, 0 }, { "rename", 2, cmd_rename, 0 }, { "save", 0, cmd_save, 0 }, -- cgit v1.2.3