[IRCServices] Regarding Founder Passwords

Andrew Church achurch at achurch.org
Sat Mar 24 02:29:45 PDT 2007


>So, if your founder password ever gets compromised, no matter how many
>times you change it, if there are other persons who identified for
>that channel, they will stay identified and will be able to request
>the new password be sent to their emails?

     That's correct with respect to Services 5.0.  The SENDPASS feature
has been dropped from Services 5.1 so that particular problem is no longer
an issue.  You do, however, raise a valid point with respect to users who
remain connected to the network, and I have changed ChanServ SET PASSWORD
in 5.1 to clear founder privileges from all users except the one setting
the password (see patch below, which may also work with 5.0 but hasn't
been tested--I'll look into including this in 5.0 as well).

  --Andrew Church
    achurch at achurch.org
    http://achurch.org/

Index: modules/chanserv/set.c
===================================================================
RCS file: /var/local/cvsroot/ircservices/modules/chanserv/set.c,v
retrieving revision 2.66
diff -u -r2.66 set.c
--- modules/chanserv/set.c	16 Feb 2007 12:49:31 -0000	2.66
+++ modules/chanserv/set.c	23 Mar 2007 17:44:52 -0000
@@ -334,6 +334,7 @@
 static void do_set_password(User *u, ChannelInfo *ci, char *param)
 {
     Password passbuf;
+    User *u2;
 
     if (stricmp(param, ci->name) == 0
      || stricmp(param, ci->name+1) == 0
@@ -363,6 +364,19 @@
         module_log("%s!%s@%s set password as Services admin for %s",
                    u->nick, u->username, u->host, ci->name);
     }
+    /* Clear founder privileges from all other users who might have
+     * identified earlier. */
+    for (u2 = first_user(); u2; u2 = next_user()) {
+        if (u2 != u) {
+            struct u_chaninfolist *c, *c2;
+            LIST_FOREACH_SAFE (c, u2->id_chans, c2) {
+                if (irc_stricmp(c->chan, ci->name) == 0) {
+                    LIST_REMOVE(c, u2->id_chans);
+                    free(c);
+                }
+            }
+        }
+    }
 }
 
 /*************************************************************************/