Changeset 060d066 for irc_commands.c

Timestamp:

2011-02-01T13:05:58Z (13 years ago)

Author:

Wilmer van der Gaast <wilmer@…>

Branches:

master

Children:

da60f28

Parents:

00fd005

Message:

More password paranoia: Allow omitting the identify/register password as
well (and enter it using /OPER instead).

This is a gross hack and indeed still not solid: In irssi one can still
use /RAWLOG SAVE to find the OPER line sent to BitlBee (and of course not
everyone uses SSL to talk to remote BitlBee servers). This only works
within 10-30 minutes after entering the password though.

File:

• irc_commands.c (modified) (3 diffs)

irc_commands.c

@@ -397 +397 @@
 }
 
-
+static void irc_cmd_oper_hack( irc_t *irc, char **cmd );
 
 static void irc_cmd_oper( irc_t *irc, char **cmd )
 {
-        account_t *a;
-        
-        /* /OPER can now also be used to enter IM passwords without echoing.
-           It's a hack but the extra password security is worth it. */
-        for( a = irc->b->accounts; a; a = a->next )
-                if( strcmp( a->pass, PASSWORD_PENDING ) == 0 )
-                {
-                        set_setstr( &a->set, "password", cmd[2] );
-                        irc_usermsg( irc, "Password added to IM account "
-                                     "%s(%s)", a->prpl->name, a->user );
-                        /* The IRC client may expect this. Report failure since
-                           we didn't hand out a +o. */
-                        irc_send_num( irc, 491, ":Password added to IM account "
-                                      "%s(%s)", a->prpl->name, a->user );
-                        return;
-                }
+        /* Very non-standard evil but useful/secure hack, see below. */
+        if( irc->status & OPER_HACK_ANY )
+                return irc_cmd_oper_hack( irc, cmd );
         
         if( global.conf->oper_pass &&
@@ -430 +417 @@
                 irc_send_num( irc, 491, ":Incorrect password" );
         }
+}
+
+static void irc_cmd_oper_hack( irc_t *irc, char **cmd )
+{
+        char *password = g_strjoinv( " ", cmd + 2 );
+        
+        /* /OPER can now also be used to enter IM/identify passwords without
+           echoing. It's a hack but the extra password security is worth it. */
+        if( irc->status & OPER_HACK_ACCOUNT_ADD )
+        {
+                account_t *a;
+                
+                for( a = irc->b->accounts; a; a = a->next )
+                        if( strcmp( a->pass, PASSWORD_PENDING ) == 0 )
+                        {
+                                set_setstr( &a->set, "password", password );
+                                irc_usermsg( irc, "Password added to IM account "
+                                             "%s(%s)", a->prpl->name, a->user );
+                                /* The IRC client may expect this. 491 suggests the OPER
+                                   password was wrong, so the client won't expect a +o.
+                                   It may however repeat the password prompt. We'll see. */
+                                irc_send_num( irc, 491, ":Password added to IM account "
+                                              "%s(%s)", a->prpl->name, a->user );
+                        }
+        }
+        else if( irc->status & OPER_HACK_IDENTIFY )
+        {
+                char *send_cmd[] = { "identify", password, NULL };
+                irc_send_num( irc, 491, ":Trying to identify" );
+                root_command( irc, send_cmd );
+        }
+        else if( irc->status & OPER_HACK_REGISTER )
+        {
+                char *send_cmd[] = { "register", password, NULL };
+                irc_send_num( irc, 491, ":Trying to identify" );
+                root_command( irc, send_cmd );
+        }
+        
+        irc->status &= ~OPER_HACK_ANY;
+        g_free( password );
 }
 
@@ -756 +783 @@
                 }
         
-        if( irc->status >= USTATUS_LOGGED_IN )
+        if( irc->status & USTATUS_LOGGED_IN )
                 irc_send_num( irc, 421, "%s :Unknown command", cmd[0] );
 }