Add an 'eval_password' option

to read the password from a secrets store

Add an 'eval_password' option
to read the password from a secrets store
37774bc3 · mathieui · 1ce31d92 · 37774bc3 · 37774bc3 · 37774bc3
Verified Commit 37774bc3 authored Aug 16, 2015 by mathieui
Showing with 34 additions and 1 deletion

data/default_config.cfg data/default_config.cfg +5 -0

doc/source/configuration.rst doc/source/configuration.rst +18 -0

src/config.py src/config.py +1 -0

src/connection.py src/connection.py +10 -1

No files found.
--- a/data/default_config.cfg
+++ b/data/default_config.cfg
@@ -15,6 +15,11 @@ jid =
 # If you leave this empty, the password will be asked at each startup
 password =

+# A command that will be executed if "password" is not set, e.g. a session password
+# manager like secret-tool on gnome, or anything you want
+
+eval_password =
+
 # Path to a PEM certificate file to use for certificate authentication
 # through SASL External. If set, keyfile MUST be provided as well in
 # order to login.

--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -1156,6 +1156,24 @@ found.

        The password needed to join the room.

+    eval_password
+
+        **Default value:** [empty]
+
+        A command which execution will retrieve the password from a password manager.
+
+        E.g. with secret-tool and the gnome keyring:
+
+        .. code-block:: bash
+
+            # Storing (to do beforehand)
+            secret-tool store --label="My jabber password" xmpp your@jid
+
+            # Retrieving (this should be the value of the option)
+            secret-tool lookup xmpp  your@jid
+
+        .. note:: This will only be used if the :term:`password` option is empty.
+
    private_auto_response

        **Default value:** ``Not in private, please.``

--- a/src/config.py
+++ b/src/config.py
@@ -58,6 +58,7 @@ DEFAULT_CONFIG = {
        'enable_user_tune': True,
        'enable_vertical_tab_list': False,
        'enable_xhtml_im': True,
+        'eval_password': '',
        'exec_remote': False,
        'extract_inline_images': True,
        'filter_info_messages': '',

--- a/src/connection.py
+++ b/src/connection.py
@@ -14,6 +14,8 @@ log = logging.getLogger(__name__)


 import getpass
+import subprocess
+
 import slixmpp
 from slixmpp.plugins.xep_0184 import XEP_0184

@@ -43,8 +45,15 @@ class Connection(slixmpp.ClientXMPP):
            if resource:
                jid = '%s/%s'% (jid, resource)
            password = config.get('password')
-            if not password and not (keyfile and certfile):
+            eval_password = config.get('eval_password')
+            if not password and not eval_password and not (keyfile and certfile):
                password = getpass.getpass()
+            elif not password and not (keyfile and certfile):
+                print("No password or certificates provided, using the eval_password command.")
+                process = subprocess.Popen(['sh', '-c', eval_password], stdin=subprocess.PIPE,
+                                                        stdout=subprocess.PIPE, close_fds=True)
+                process.wait()
+                password = process.stdout.readline().decode('utf-8').strip('\n')
        else: # anonymous auth
            self.anon = True
            jid = config.get('server')