Changeset 3ac6d9f

Timestamp:

2016-03-23T06:44:13Z (9 years ago)

Author:

Dennis Kaarsemaker <dennis@…>

Branches:

master

Children:

e41ba05

Parents:

d701547

git-author:

Dennis Kaarsemaker <dennis@…> (22-02-16 20:04:10)

git-committer:

Dennis Kaarsemaker <dennis@…> (23-03-16 06:44:13)

Message:

Support for locked-down accounts

In certain situations, e.g. when working with pregenerated
configurations, it is useful to be able lock down accounts so they
cannot be deleted and authentication information (user, password,
server) cannot be changed.

We mark such sensitive settings with ACC_SET_LOCKABLE and will refuse to
change them if the account is locked by setting the ACC_FLAG_LOCKED
flag.

This flag is stored in the xml files as account attribute locked="true".

Files:

• protocols/account.c (modified) (2 diffs)
• protocols/account.h (modified) (2 diffs)
• root_commands.c (modified) (2 diffs)
• storage_xml.c (modified) (4 diffs)

protocols/account.c

@@ -67 +67 @@
 
         s = set_add(&a->set, "password", NULL, set_eval_account, a);
-        s->flags |= SET_NOSAVE | SET_NULL_OK | SET_PASSWORD;
+        s->flags |= SET_NOSAVE | SET_NULL_OK | SET_PASSWORD | ACC_SET_LOCKABLE;
 
         s = set_add(&a->set, "tag", NULL, set_eval_account, a);
@@ -73 +73 @@
 
         s = set_add(&a->set, "username", NULL, set_eval_account, a);
-        s->flags |= SET_NOSAVE | ACC_SET_OFFLINE_ONLY;
+        s->flags |= SET_NOSAVE | ACC_SET_OFFLINE_ONLY | ACC_SET_LOCKABLE;
         set_setstr(&a->set, "username", user);
 

protocols/account.h

@@ -63 +63 @@
         ACC_SET_OFFLINE_ONLY = 0x02,    /* Allow changes only if the acct is offline. */
         ACC_SET_ONLINE_ONLY = 0x04,     /* Allow changes only if the acct is online. */
+        ACC_SET_LOCKABLE = 0x08         /* Setting cannot be changed if the account is locked down */
 } account_set_flag_t;
 
@@ -70 +71 @@
         ACC_FLAG_HANDLE_DOMAINS = 0x04, /* Contact handles need a domain portion. */
         ACC_FLAG_LOCAL = 0x08,          /* Contact list is local. */
+        ACC_FLAG_LOCKED = 0x10,         /* Account is locked (cannot be deleted, certain settings can't changed) */
 } account_flag_t;
 

root_commands.c

@@ -388 +388 @@
                 irc_rootmsg(irc, "This setting can only be changed when the account is %s-line", "on");
                 return 0;
+        } else if (a->flags & ACC_FLAG_LOCKED && s && s->flags & ACC_SET_LOCKABLE) {
+                irc_rootmsg(irc, "This setting can not be changed for locked accounts");
+                return 0;
         }
 
@@ -547 +550 @@
 
         if (len >= 1 && g_strncasecmp(cmd[2], "del", len) == 0) {
-                if (a->ic) {
+                if (a->flags & ACC_FLAG_LOCKED) {
+                        irc_rootmsg(irc, "Account is locked, can't delete");
+                }
+                else if (a->ic) {
                         irc_rootmsg(irc, "Account is still logged in, can't delete");
                 } else {

storage_xml.c

@@ -86 +86 @@
 {
         struct xml_parsedata *xd = data;
-        char *protocol, *handle, *server, *password = NULL, *autoconnect, *tag;
+        char *protocol, *handle, *server, *password = NULL, *autoconnect, *tag, *locked;
         char *pass_b64 = NULL;
         unsigned char *pass_cr = NULL;
@@ -99 +99 @@
         autoconnect = xt_find_attr(node, "autoconnect");
         tag = xt_find_attr(node, "tag");
+        locked = xt_find_attr(node, "locked");
 
         protocol = xt_find_attr(node, "protocol");
@@ -126 +127 @@
                 if (local) {
                         acc->flags |= ACC_FLAG_LOCAL;
+                }
+                if (locked && !g_strcasecmp(locked, "true")) {
+                        acc->flags |= ACC_FLAG_LOCKED;
                 }
         } else {
@@ -320 +324 @@
                         xt_add_attr(cur, "server", acc->server);
                 }
+                if (acc->flags & ACC_FLAG_LOCKED) {
+                        xt_add_attr(cur, "locked", "true");
+                }
 
                 g_free(pass_b64);