[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC] certfp for rcirc
From: |
Philip Kaludercic |
Subject: |
Re: [RFC] certfp for rcirc |
Date: |
Wed, 17 Nov 2021 20:23:17 +0000 |
Omar Polo <op@omarpolo.com> writes:
> I messed up with the third diff, here's another try :)
It looks good to me, I will push these changes to master in the coming days.
> From f96474342caca8aa1df4f5df66ce1a2c0e4ed976 Mon Sep 17 00:00:00 2001
> From: Omar Polo <op@omarpolo.com>
> Date: Mon, 15 Nov 2021 17:33:51 +0000
> Subject: [PATCH 1/3] Move the sasl section after the bitlbee text
>
> ---
> doc/misc/rcirc.texi | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/doc/misc/rcirc.texi b/doc/misc/rcirc.texi
> index a4ca54a8b0..696983dc77 100644
> --- a/doc/misc/rcirc.texi
> +++ b/doc/misc/rcirc.texi
> @@ -609,12 +609,6 @@ Use this symbol if you need to identify yourself in the
> Bitlbee channel
> as follows: @code{identify secret}. The necessary arguments are the
> nickname you want to use this for, and the password to use.
>
> -@item sasl
> -@cindex sasl authentication
> -Use this symbol if you want to use @acronym{SASL} authentication. The
> -necessary arguments are the nickname you want to use this for, and the
> -password to use.
> -
> @cindex gateway to other IM services
> @cindex instant messaging, other services
> @cindex Jabber
> @@ -633,6 +627,12 @@ the other instant messaging services, and Bitlbee will
> log you in. All
> @code{rcirc} needs to know, is the login to your Bitlbee account. Don't
> confuse the Bitlbee account with all the other accounts.
>
> +@item sasl
> +@cindex sasl authentication
> +Use this symbol if you want to use @acronym{SASL} authentication. The
> +necessary arguments are the nickname you want to use this for, and the
> +password to use.
> +
> @end table
>
> @end table
> --
> 2.33.1
>
> From 6fda9317fbe496c36d1e5be4fa15dd3569a26aa1 Mon Sep 17 00:00:00 2001
> From: Omar Polo <op@omarpolo.com>
> Date: Mon, 15 Nov 2021 17:40:58 +0000
> Subject: [PATCH 2/3] implement certfp authentication to rcirc
>
> * lisp/net/rcirc.el (rcirc-connect): Use the provided client certs
> * doc/misc/rcirc.texi (Configuration): Document the change
> ---
> doc/misc/rcirc.texi | 7 +++++++
> lisp/net/rcirc.el | 26 ++++++++++++++++++++++----
> 2 files changed, 29 insertions(+), 4 deletions(-)
>
> diff --git a/doc/misc/rcirc.texi b/doc/misc/rcirc.texi
> index 696983dc77..58ca045e78 100644
> --- a/doc/misc/rcirc.texi
> +++ b/doc/misc/rcirc.texi
> @@ -633,6 +633,13 @@ Use this symbol if you want to use @acronym{SASL}
> authentication. The
> necessary arguments are the nickname you want to use this for, and the
> password to use.
>
> +@item certfp
> +@cindex certfp authentication
> +Use this symbol if you want to use CertFP authentication. The
> +necessary arguments are the path to the client certificate key and
> +password. The CertFP authentication requires a @acronym{TLS}
> +connection.
> +
> @end table
>
> @end table
> diff --git a/lisp/net/rcirc.el b/lisp/net/rcirc.el
> index 5c92c60eda..6030db9dae 100644
> --- a/lisp/net/rcirc.el
> +++ b/lisp/net/rcirc.el
> @@ -262,6 +262,7 @@ The ARGUMENTS for each METHOD symbol are:
> `bitlbee': NICK PASSWORD
> `quakenet': ACCOUNT PASSWORD
> `sasl': NICK PASSWORD
> + `certfp': KEY CERT
>
> Examples:
> ((\"Libera.Chat\" nickserv \"bob\" \"p455w0rd\")
> @@ -291,7 +292,11 @@ Examples:
> (list :tag "SASL"
> (const sasl)
> (string :tag "Nick")
> - (string :tag "Password")))))
> + (string :tag "Password"))
> + (list :tag "CertFP"
> + (const certfp)
> + (string :tag "Key")
> + (string :tag "Certificate")))))
>
> (defcustom rcirc-auto-authenticate-flag t
> "Non-nil means automatically send authentication string to server.
> @@ -547,6 +552,9 @@ If ARG is non-nil, instead prompt for connection
> parameters."
> (password (plist-get (cdr c) :password))
> (encryption (plist-get (cdr c) :encryption))
> (server-alias (plist-get (cdr c) :server-alias))
> + (client-cert (when (eq (rcirc-get-server-method (car c))
> + 'certfp)
> + (rcirc-get-server-cert (car c))))
> contact)
> (when-let (((not password))
> (auth (auth-source-search :host server
> @@ -563,7 +571,7 @@ If ARG is non-nil, instead prompt for connection
> parameters."
> (condition-case nil
> (let ((process (rcirc-connect server port nick user-name
> full-name channels
> password encryption
> - server-alias)))
> + client-cert
> server-alias)))
> (when rcirc-display-server-buffer
> (pop-to-buffer-same-window (process-buffer
> process))))
> (quit (message "Quit connecting to %s"
> @@ -662,13 +670,22 @@ See `rcirc-connect' for more details on these
> variables.")
> (when (string-match server-i server)
> (throw 'pass (car args)))))))
>
> +(defun rcirc-get-server-cert (server)
> + "Return a list of key and certificate for SERVER."
> + (catch 'cert
> + (dolist (i rcirc-authinfo)
> + (let ((server-i (car i))
> + (args (cddr i)))
> + (when (string-match server-i server)
> + (throw 'cert args))))))
> +
> ;;;###autoload
> (defun rcirc-connect (server &optional port nick user-name
> full-name startup-channels password encryption
> - server-alias)
> + certfp server-alias)
> "Connect to SERVER.
> The arguments PORT, NICK, USER-NAME, FULL-NAME, PASSWORD,
> -ENCRYPTION, SERVER-ALIAS are interpreted as in
> +ENCRYPTION, CERTFP, SERVER-ALIAS are interpreted as in
> `rcirc-server-alist'. STARTUP-CHANNELS is a list of channels
> that are joined after authentication."
> (save-excursion
> @@ -695,6 +712,7 @@ that are joined after authentication."
> (setq process (open-network-stream
> (or server-alias server) nil server port-number
> :type (or encryption 'plain)
> + :client-certificate certfp
> :nowait t))
> (set-process-coding-system process 'raw-text 'raw-text)
> (with-current-buffer (get-buffer-create
> (rcirc-generate-new-buffer-name process nil))
> --
> 2.33.1
>
> From a21962b6213cef558ae9294d41e14d42035495fc Mon Sep 17 00:00:00 2001
> From: Omar Polo <op@omarpolo.com>
> Date: Mon, 15 Nov 2021 21:49:23 +0000
> Subject: [PATCH 3/3] ; Simplify rcirc authentication querying functions
>
> ---
> lisp/net/rcirc.el | 21 +++------------------
> 1 file changed, 3 insertions(+), 18 deletions(-)
>
> diff --git a/lisp/net/rcirc.el b/lisp/net/rcirc.el
> index 6030db9dae..b4e9031e0d 100644
> --- a/lisp/net/rcirc.el
> +++ b/lisp/net/rcirc.el
> @@ -654,30 +654,15 @@ See `rcirc-connect' for more details on these
> variables.")
>
> (defun rcirc-get-server-method (server)
> "Return authentication method for SERVER."
> - (catch 'method
> - (dolist (i rcirc-authinfo)
> - (let ((server-i (car i))
> - (method (cadr i)))
> - (when (string-match server-i server)
> - (throw 'method method))))))
> + (cadr (assoc server rcirc-authinfo #'string-match)))
>
> (defun rcirc-get-server-password (server)
> "Return password for SERVER."
> - (catch 'pass
> - (dolist (i rcirc-authinfo)
> - (let ((server-i (car i))
> - (args (cdddr i)))
> - (when (string-match server-i server)
> - (throw 'pass (car args)))))))
> + (cadddr (assoc server rcirc-authinfo #'string-match)))
>
> (defun rcirc-get-server-cert (server)
> "Return a list of key and certificate for SERVER."
> - (catch 'cert
> - (dolist (i rcirc-authinfo)
> - (let ((server-i (car i))
> - (args (cddr i)))
> - (when (string-match server-i server)
> - (throw 'cert args))))))
> + (cddr (assoc server rcirc-authinfo #'string-match)))
>
> ;;;###autoload
> (defun rcirc-connect (server &optional port nick user-name
--
Philip Kaludercic