diff options
| author | mathieui <mathieui@mathieui.net> | 2015-08-16 12:22:10 +0200 |
|---|---|---|
| committer | mathieui <mathieui@mathieui.net> | 2015-08-16 12:22:10 +0200 |
| commit | 37774bc35290089838b671cd4a1b6842bce1842f (patch) | |
| tree | 933961688b5393498203656cf0a1f47ba03a48c5 | |
| parent | 1ce31d927d2a88c52645577033924ef30db0de6d (diff) | |
| download | poezio-37774bc35290089838b671cd4a1b6842bce1842f.tar.gz poezio-37774bc35290089838b671cd4a1b6842bce1842f.tar.bz2 poezio-37774bc35290089838b671cd4a1b6842bce1842f.tar.xz poezio-37774bc35290089838b671cd4a1b6842bce1842f.zip | |
Add an 'eval_password' option
to read the password from a secrets store
| -rw-r--r-- | data/default_config.cfg | 5 | ||||
| -rw-r--r-- | doc/source/configuration.rst | 18 | ||||
| -rw-r--r-- | src/config.py | 1 | ||||
| -rw-r--r-- | src/connection.py | 11 |
4 files changed, 34 insertions, 1 deletions
diff --git a/data/default_config.cfg b/data/default_config.cfg index 519dafb1..e8541890 100644 --- a/data/default_config.cfg +++ b/data/default_config.cfg @@ -15,6 +15,11 @@ jid = # If you leave this empty, the password will be asked at each startup password = +# A command that will be executed if "password" is not set, e.g. a session password +# manager like secret-tool on gnome, or anything you want + +eval_password = + # Path to a PEM certificate file to use for certificate authentication # through SASL External. If set, keyfile MUST be provided as well in # order to login. diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst index df9700a4..084af482 100644 --- a/doc/source/configuration.rst +++ b/doc/source/configuration.rst @@ -1156,6 +1156,24 @@ found. The password needed to join the room. + eval_password + + **Default value:** [empty] + + A command which execution will retrieve the password from a password manager. + + E.g. with secret-tool and the gnome keyring: + + .. code-block:: bash + + # Storing (to do beforehand) + secret-tool store --label="My jabber password" xmpp your@jid + + # Retrieving (this should be the value of the option) + secret-tool lookup xmpp your@jid + + .. note:: This will only be used if the :term:`password` option is empty. + private_auto_response **Default value:** ``Not in private, please.`` diff --git a/src/config.py b/src/config.py index 6f9ef20b..e8e3269a 100644 --- a/src/config.py +++ b/src/config.py @@ -58,6 +58,7 @@ DEFAULT_CONFIG = { 'enable_user_tune': True, 'enable_vertical_tab_list': False, 'enable_xhtml_im': True, + 'eval_password': '', 'exec_remote': False, 'extract_inline_images': True, 'filter_info_messages': '', diff --git a/src/connection.py b/src/connection.py index cd2ccedd..b6d44590 100644 --- a/src/connection.py +++ b/src/connection.py @@ -14,6 +14,8 @@ log = logging.getLogger(__name__) import getpass +import subprocess + import slixmpp from slixmpp.plugins.xep_0184 import XEP_0184 @@ -43,8 +45,15 @@ class Connection(slixmpp.ClientXMPP): if resource: jid = '%s/%s'% (jid, resource) password = config.get('password') - if not password and not (keyfile and certfile): + eval_password = config.get('eval_password') + if not password and not eval_password and not (keyfile and certfile): password = getpass.getpass() + elif not password and not (keyfile and certfile): + print("No password or certificates provided, using the eval_password command.") + process = subprocess.Popen(['sh', '-c', eval_password], stdin=subprocess.PIPE, + stdout=subprocess.PIPE, close_fds=True) + process.wait() + password = process.stdout.readline().decode('utf-8').strip('\n') else: # anonymous auth self.anon = True jid = config.get('server') |