From 37774bc35290089838b671cd4a1b6842bce1842f Mon Sep 17 00:00:00 2001 From: mathieui Date: Sun, 16 Aug 2015 12:22:10 +0200 Subject: Add an 'eval_password' option to read the password from a secrets store --- data/default_config.cfg | 5 +++++ doc/source/configuration.rst | 18 ++++++++++++++++++ src/config.py | 1 + src/connection.py | 11 ++++++++++- 4 files changed, 34 insertions(+), 1 deletion(-) diff --git a/data/default_config.cfg b/data/default_config.cfg index 519dafb1..e8541890 100644 --- a/data/default_config.cfg +++ b/data/default_config.cfg @@ -15,6 +15,11 @@ jid = # If you leave this empty, the password will be asked at each startup password = +# A command that will be executed if "password" is not set, e.g. a session password +# manager like secret-tool on gnome, or anything you want + +eval_password = + # Path to a PEM certificate file to use for certificate authentication # through SASL External. If set, keyfile MUST be provided as well in # order to login. diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst index df9700a4..084af482 100644 --- a/doc/source/configuration.rst +++ b/doc/source/configuration.rst @@ -1156,6 +1156,24 @@ found. The password needed to join the room. + eval_password + + **Default value:** [empty] + + A command which execution will retrieve the password from a password manager. + + E.g. with secret-tool and the gnome keyring: + + .. code-block:: bash + + # Storing (to do beforehand) + secret-tool store --label="My jabber password" xmpp your@jid + + # Retrieving (this should be the value of the option) + secret-tool lookup xmpp your@jid + + .. note:: This will only be used if the :term:`password` option is empty. + private_auto_response **Default value:** ``Not in private, please.`` diff --git a/src/config.py b/src/config.py index 6f9ef20b..e8e3269a 100644 --- a/src/config.py +++ b/src/config.py @@ -58,6 +58,7 @@ DEFAULT_CONFIG = { 'enable_user_tune': True, 'enable_vertical_tab_list': False, 'enable_xhtml_im': True, + 'eval_password': '', 'exec_remote': False, 'extract_inline_images': True, 'filter_info_messages': '', diff --git a/src/connection.py b/src/connection.py index cd2ccedd..b6d44590 100644 --- a/src/connection.py +++ b/src/connection.py @@ -14,6 +14,8 @@ log = logging.getLogger(__name__) import getpass +import subprocess + import slixmpp from slixmpp.plugins.xep_0184 import XEP_0184 @@ -43,8 +45,15 @@ class Connection(slixmpp.ClientXMPP): if resource: jid = '%s/%s'% (jid, resource) password = config.get('password') - if not password and not (keyfile and certfile): + eval_password = config.get('eval_password') + if not password and not eval_password and not (keyfile and certfile): password = getpass.getpass() + elif not password and not (keyfile and certfile): + print("No password or certificates provided, using the eval_password command.") + process = subprocess.Popen(['sh', '-c', eval_password], stdin=subprocess.PIPE, + stdout=subprocess.PIPE, close_fds=True) + process.wait() + password = process.stdout.readline().decode('utf-8').strip('\n') else: # anonymous auth self.anon = True jid = config.get('server') -- cgit v1.2.3