pep/poezio
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add an 'eval_password' option

Browse source 
to read the password from a secrets store
This commit is contained in:
mathieui 2015-08-16 12:22:10 +02:00
parent 1ce31d927d
commit 37774bc352
No known key found for this signature in database
GPG key ID: C59F84CEEFD616E3
4 changed files with 34 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
data/default_config.cfg
View file

@ -15,6 +15,11 @@ jid =
# If you leave this empty, the password will be asked at each startup # If you leave this empty, the password will be asked at each startup
password = password =
# A command that will be executed if "password" is not set, e.g. a session password
# manager like secret-tool on gnome, or anything you want
eval_password =
# Path to a PEM certificate file to use for certificate authentication # Path to a PEM certificate file to use for certificate authentication
# through SASL External. If set, keyfile MUST be provided as well in # through SASL External. If set, keyfile MUST be provided as well in
# order to login. # order to login.

18
doc/source/configuration.rst
View file

@ -1156,6 +1156,24 @@ found.
The password needed to join the room. The password needed to join the room.
eval_password
**Default value:** [empty]
A command which execution will retrieve the password from a password manager.
E.g. with secret-tool and the gnome keyring:
.. code-block:: bash
# Storing (to do beforehand)
secret-tool store --label="My jabber password" xmpp your@jid
# Retrieving (this should be the value of the option)
secret-tool lookup xmpp your@jid
.. note:: This will only be used if the :term:`password` option is empty.
private_auto_response private_auto_response
**Default value:** ``Not in private, please.`` **Default value:** ``Not in private, please.``

1
src/config.py
View file

@ -58,6 +58,7 @@ DEFAULT_CONFIG = {
'enable_user_tune': True, 'enable_user_tune': True,
'enable_vertical_tab_list': False, 'enable_vertical_tab_list': False,
'enable_xhtml_im': True, 'enable_xhtml_im': True,
'eval_password': '',
'exec_remote': False, 'exec_remote': False,
'extract_inline_images': True, 'extract_inline_images': True,
'filter_info_messages': '', 'filter_info_messages': '',

11
src/connection.py
View file

@ -14,6 +14,8 @@ log = logging.getLogger(__name__)
import getpass import getpass
import subprocess
import slixmpp import slixmpp
from slixmpp.plugins.xep_0184 import XEP_0184 from slixmpp.plugins.xep_0184 import XEP_0184
@ -43,8 +45,15 @@ class Connection(slixmpp.ClientXMPP):
if resource: if resource:
jid = '%s/%s'% (jid, resource) jid = '%s/%s'% (jid, resource)
password = config.get('password') password = config.get('password')
if not password and not (keyfile and certfile): eval_password = config.get('eval_password')
if not password and not eval_password and not (keyfile and certfile):
password = getpass.getpass() password = getpass.getpass()
elif not password and not (keyfile and certfile):
print("No password or certificates provided, using the eval_password command.")
process = subprocess.Popen(['sh', '-c', eval_password], stdin=subprocess.PIPE,
stdout=subprocess.PIPE, close_fds=True)
process.wait()
password = process.stdout.readline().decode('utf-8').strip('\n')
else: # anonymous auth else: # anonymous auth
self.anon = True self.anon = True
jid = config.get('server') jid = config.get('server')