Changeset 060d066
- Timestamp:
- 2011-02-01T13:05:58Z (14 years ago)
- Branches:
- master
- Children:
- da60f28
- Parents:
- 00fd005
- Files:
-
- 4 edited
-
doc/user-guide/commands.xml (modified) (5 diffs)
-
irc.h (modified) (1 diff)
-
irc_commands.c (modified) (3 diffs)
-
root_commands.c (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
-
doc/user-guide/commands.xml
r00fd005 r060d066 25 25 26 26 <para> 27 If you omit the password, you should use the IRC /OPER command to enter it separately. The advantage of this approach is that most IRC clients will not show OPER passwords on screen/save themin logs.27 You can omit the password and enter it separately using the IRC /OPER command. This lets you enter your password without your IRC client echoing it on screen or recording it in logs. 28 28 </para> 29 29 </description> … … 1604 1604 <bitlbee-command name="register"> 1605 1605 <short-description>Register yourself</short-description> 1606 <syntax>register <password></syntax>1606 <syntax>register [<password>]</syntax> 1607 1607 1608 1608 <description> … … 1618 1618 To identify yourself in later sessions, you can use the <emphasis>identify</emphasis> command. To change your password later, you can use the <emphasis>set password</emphasis> command. 1619 1619 </para> 1620 1621 <para> 1622 You can omit the password and enter it separately using the IRC /OPER command. This lets you enter your password without your IRC client echoing it on screen or recording it in logs. 1623 </para> 1620 1624 </description> 1621 1625 … … 1623 1627 1624 1628 <bitlbee-command name="identify"> 1625 <syntax>identify [-noload|-force] <password></syntax>1629 <syntax>identify [-noload|-force] [<password>]</syntax> 1626 1630 <short-description>Identify yourself with your password</short-description> 1627 1631 … … 1641 1645 <para> 1642 1646 <emphasis>-noload</emphasis> will log you in but not load any accounts and settings saved under your current nickname. These will be overwritten once you save your settings (i.e. when you disconnect). 1647 </para> 1648 1649 <para> 1650 You can omit the password and enter it separately using the IRC /OPER command. This lets you enter your password without your IRC client echoing it on screen or recording it in logs. 1643 1651 </para> 1644 1652 </description> -
irc.h
r00fd005 r060d066 50 50 USTATUS_SHUTDOWN = 8, /* Now used to indicate we're shutting down. 51 51 Currently just blocks irc_vawrite(). */ 52 53 /* Not really status stuff, but other kinds of flags: For slightly 54 better password security, since the only way to send passwords 55 to the IRC server securely (i.e. not echoing to screen or written 56 to logfiles) is the /OPER command, try to use that command for 57 stuff that matters. */ 58 OPER_HACK_IDENTIFY = 0x100, 59 OPER_HACK_REGISTER = 0x200, 60 OPER_HACK_ACCOUNT_ADD = 0x400, 61 OPER_HACK_ANY = 0x700, /* To check for them all at once. */ 52 62 } irc_status_t; 53 63 -
irc_commands.c
r00fd005 r060d066 397 397 } 398 398 399 399 static void irc_cmd_oper_hack( irc_t *irc, char **cmd ); 400 400 401 401 static void irc_cmd_oper( irc_t *irc, char **cmd ) 402 402 { 403 account_t *a; 404 405 /* /OPER can now also be used to enter IM passwords without echoing. 406 It's a hack but the extra password security is worth it. */ 407 for( a = irc->b->accounts; a; a = a->next ) 408 if( strcmp( a->pass, PASSWORD_PENDING ) == 0 ) 409 { 410 set_setstr( &a->set, "password", cmd[2] ); 411 irc_usermsg( irc, "Password added to IM account " 412 "%s(%s)", a->prpl->name, a->user ); 413 /* The IRC client may expect this. Report failure since 414 we didn't hand out a +o. */ 415 irc_send_num( irc, 491, ":Password added to IM account " 416 "%s(%s)", a->prpl->name, a->user ); 417 return; 418 } 403 /* Very non-standard evil but useful/secure hack, see below. */ 404 if( irc->status & OPER_HACK_ANY ) 405 return irc_cmd_oper_hack( irc, cmd ); 419 406 420 407 if( global.conf->oper_pass && … … 430 417 irc_send_num( irc, 491, ":Incorrect password" ); 431 418 } 419 } 420 421 static void irc_cmd_oper_hack( irc_t *irc, char **cmd ) 422 { 423 char *password = g_strjoinv( " ", cmd + 2 ); 424 425 /* /OPER can now also be used to enter IM/identify passwords without 426 echoing. It's a hack but the extra password security is worth it. */ 427 if( irc->status & OPER_HACK_ACCOUNT_ADD ) 428 { 429 account_t *a; 430 431 for( a = irc->b->accounts; a; a = a->next ) 432 if( strcmp( a->pass, PASSWORD_PENDING ) == 0 ) 433 { 434 set_setstr( &a->set, "password", password ); 435 irc_usermsg( irc, "Password added to IM account " 436 "%s(%s)", a->prpl->name, a->user ); 437 /* The IRC client may expect this. 491 suggests the OPER 438 password was wrong, so the client won't expect a +o. 439 It may however repeat the password prompt. We'll see. */ 440 irc_send_num( irc, 491, ":Password added to IM account " 441 "%s(%s)", a->prpl->name, a->user ); 442 } 443 } 444 else if( irc->status & OPER_HACK_IDENTIFY ) 445 { 446 char *send_cmd[] = { "identify", password, NULL }; 447 irc_send_num( irc, 491, ":Trying to identify" ); 448 root_command( irc, send_cmd ); 449 } 450 else if( irc->status & OPER_HACK_REGISTER ) 451 { 452 char *send_cmd[] = { "register", password, NULL }; 453 irc_send_num( irc, 491, ":Trying to identify" ); 454 root_command( irc, send_cmd ); 455 } 456 457 irc->status &= ~OPER_HACK_ANY; 458 g_free( password ); 432 459 } 433 460 … … 756 783 } 757 784 758 if( irc->status >=USTATUS_LOGGED_IN )785 if( irc->status & USTATUS_LOGGED_IN ) 759 786 irc_send_num( irc, 421, "%s :Unknown command", cmd[0] ); 760 787 } -
root_commands.c
r00fd005 r060d066 114 114 } 115 115 116 if( strncmp( cmd[1], "-no", 3 ) == 0 ) 116 if( cmd[1] == NULL ) 117 { 118 } 119 else if( strncmp( cmd[1], "-no", 3 ) == 0 ) 117 120 { 118 121 load = FALSE; … … 135 138 if( password == NULL ) 136 139 { 137 MIN_ARGS( 2 ); 140 irc_usermsg( irc, "About to identify, use /OPER to enter the password" ); 141 irc->status |= OPER_HACK_IDENTIFY; 142 return; 138 143 } 139 144 … … 211 216 { 212 217 irc_usermsg( irc, "This server does not allow registering new accounts" ); 218 return; 219 } 220 221 if( cmd[1] == NULL ) 222 { 223 irc_usermsg( irc, "About to register, use /OPER to enter the password" ); 224 irc->status |= OPER_HACK_REGISTER; 213 225 return; 214 226 } … … 1362 1374 { "group", 1, cmd_group, 0 }, 1363 1375 { "help", 0, cmd_help, 0 }, 1364 { "identify", 1, cmd_identify, 0 },1376 { "identify", 0, cmd_identify, 0 }, 1365 1377 { "info", 1, cmd_info, 0 }, 1366 1378 { "nick", 1, cmd_nick, 0 }, 1367 1379 { "no", 0, cmd_yesno, 0 }, 1368 1380 { "qlist", 0, cmd_qlist, 0 }, 1369 { "register", 1, cmd_register, 0 },1381 { "register", 0, cmd_register, 0 }, 1370 1382 { "remove", 1, cmd_remove, 0 }, 1371 1383 { "rename", 2, cmd_rename, 0 },
Note: See TracChangeset
for help on using the changeset viewer.
