Changeset 060d066 for irc_commands.c


Ignore:
Timestamp:
2011-02-01T13:05:58Z (8 years ago)
Author:
Wilmer van der Gaast <wilmer@…>
Branches:
master
Children:
da60f28
Parents:
00fd005
Message:

More password paranoia: Allow omitting the identify/register password as
well (and enter it using /OPER instead).

This is a gross hack and indeed still not solid: In irssi one can still
use /RAWLOG SAVE to find the OPER line sent to BitlBee (and of course not
everyone uses SSL to talk to remote BitlBee servers). This only works
within 10-30 minutes after entering the password though.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • irc_commands.c

    r00fd005 r060d066  
    397397}
    398398
    399 
     399static void irc_cmd_oper_hack( irc_t *irc, char **cmd );
    400400
    401401static void irc_cmd_oper( irc_t *irc, char **cmd )
    402402{
    403         account_t *a;
    404        
    405         /* /OPER can now also be used to enter IM passwords without echoing.
    406            It's a hack but the extra password security is worth it. */
    407         for( a = irc->b->accounts; a; a = a->next )
    408                 if( strcmp( a->pass, PASSWORD_PENDING ) == 0 )
    409                 {
    410                         set_setstr( &a->set, "password", cmd[2] );
    411                         irc_usermsg( irc, "Password added to IM account "
    412                                      "%s(%s)", a->prpl->name, a->user );
    413                         /* The IRC client may expect this. Report failure since
    414                            we didn't hand out a +o. */
    415                         irc_send_num( irc, 491, ":Password added to IM account "
    416                                       "%s(%s)", a->prpl->name, a->user );
    417                         return;
    418                 }
     403        /* Very non-standard evil but useful/secure hack, see below. */
     404        if( irc->status & OPER_HACK_ANY )
     405                return irc_cmd_oper_hack( irc, cmd );
    419406       
    420407        if( global.conf->oper_pass &&
     
    430417                irc_send_num( irc, 491, ":Incorrect password" );
    431418        }
     419}
     420
     421static void irc_cmd_oper_hack( irc_t *irc, char **cmd )
     422{
     423        char *password = g_strjoinv( " ", cmd + 2 );
     424       
     425        /* /OPER can now also be used to enter IM/identify passwords without
     426           echoing. It's a hack but the extra password security is worth it. */
     427        if( irc->status & OPER_HACK_ACCOUNT_ADD )
     428        {
     429                account_t *a;
     430               
     431                for( a = irc->b->accounts; a; a = a->next )
     432                        if( strcmp( a->pass, PASSWORD_PENDING ) == 0 )
     433                        {
     434                                set_setstr( &a->set, "password", password );
     435                                irc_usermsg( irc, "Password added to IM account "
     436                                             "%s(%s)", a->prpl->name, a->user );
     437                                /* The IRC client may expect this. 491 suggests the OPER
     438                                   password was wrong, so the client won't expect a +o.
     439                                   It may however repeat the password prompt. We'll see. */
     440                                irc_send_num( irc, 491, ":Password added to IM account "
     441                                              "%s(%s)", a->prpl->name, a->user );
     442                        }
     443        }
     444        else if( irc->status & OPER_HACK_IDENTIFY )
     445        {
     446                char *send_cmd[] = { "identify", password, NULL };
     447                irc_send_num( irc, 491, ":Trying to identify" );
     448                root_command( irc, send_cmd );
     449        }
     450        else if( irc->status & OPER_HACK_REGISTER )
     451        {
     452                char *send_cmd[] = { "register", password, NULL };
     453                irc_send_num( irc, 491, ":Trying to identify" );
     454                root_command( irc, send_cmd );
     455        }
     456       
     457        irc->status &= ~OPER_HACK_ANY;
     458        g_free( password );
    432459}
    433460
     
    756783                }
    757784       
    758         if( irc->status >= USTATUS_LOGGED_IN )
     785        if( irc->status & USTATUS_LOGGED_IN )
    759786                irc_send_num( irc, 421, "%s :Unknown command", cmd[0] );
    760787}
Note: See TracChangeset for help on using the changeset viewer.