Changeset ec0355f


Ignore:
Timestamp:
2008-03-16T16:31:27Z (12 years ago)
Author:
Wilmer van der Gaast <wilmer@…>
Branches:
master
Children:
c029350
Parents:
4e8db1c
Message:

Passwords in bitlbee.conf can now be (properly salted) MD5 hashes, for
just that little bit extra security.

Files:
3 edited

Legend:

Unmodified
Added
Removed
  • bitlbee.conf

    r4e8db1c rec0355f  
    4949##
    5050## Password the user should enter when logging into a closed BitlBee server.
     51## You can also have an MD5-encrypted password here. Format: "md5:", followed
     52## by a hash as generated for the <user password=""> attribute in a BitlBee
     53## XML file (for now there's no easier way to generate the hash).
    5154##
    5255# AuthPassword = ItllBeBitlBee   ## Heh.. Our slogan. ;-)
     56## or
     57# AuthPassword = md5:gzkK0Ox/1xh+1XTsQjXxBJ571Vgl
    5358
    5459## OperPassword
     
    5762##
    5863# OperPassword = ChangeMe!
     64## or
     65# OperPassword = md5:I0mnZbn1t4R731zzRdDN2/pK7lRX
    5966
    6067## HostName
  • doc/CHANGES

    r4e8db1c rec0355f  
    2828  user is asked to resolve this before continuing. Also, UTF-8 is the default
    2929  setting now, since that's how the world seems to work these days.
     30- One can now keep hashed passwords in bitlbee.conf instead of the cleartext
     31  version.
    3032- Most important change: New file format for user data (accounts, nicks and
    3133  settings). Migration to the new format should happen transparently,
  • irc_commands.c

    r4e8db1c rec0355f  
    3030static void irc_cmd_pass( irc_t *irc, char **cmd )
    3131{
    32         if( global.conf->auth_pass && strcmp( cmd[1], global.conf->auth_pass ) == 0 )
     32        if( global.conf->auth_pass &&
     33            strncmp( global.conf->auth_pass, "md5:", 4 ) == 0 ?
     34              md5_verify_password( cmd[1], global.conf->auth_pass + 4 ) == 0 :
     35              strcmp( cmd[1], global.conf->auth_pass ) == 0 )
    3336        {
    3437                irc->status |= USTATUS_AUTHORIZED;
     
    8891static void irc_cmd_oper( irc_t *irc, char **cmd )
    8992{
    90         if( global.conf->oper_pass && strcmp( cmd[2], global.conf->oper_pass ) == 0 )
     93        if( global.conf->oper_pass &&
     94            strncmp( global.conf->oper_pass, "md5:", 4 ) == 0 ?
     95              md5_verify_password( cmd[2], global.conf->oper_pass + 4 ) == 0 :
     96              strcmp( cmd[2], global.conf->oper_pass ) == 0 )
    9197        {
    9298                irc_umode_set( irc, "+o", 1 );
Note: See TracChangeset for help on using the changeset viewer.