Verified Commit 37774bc3 authored by mathieui's avatar mathieui

Add an 'eval_password' option

to read the password from a secrets store
parent 1ce31d92
......@@ -15,6 +15,11 @@ jid =
# If you leave this empty, the password will be asked at each startup
password =
# A command that will be executed if "password" is not set, e.g. a session password
# manager like secret-tool on gnome, or anything you want
eval_password =
# Path to a PEM certificate file to use for certificate authentication
# through SASL External. If set, keyfile MUST be provided as well in
# order to login.
......@@ -1156,6 +1156,24 @@ found.
The password needed to join the room.
**Default value:** [empty]
A command which execution will retrieve the password from a password manager.
E.g. with secret-tool and the gnome keyring:
.. code-block:: bash
# Storing (to do beforehand)
secret-tool store --label="My jabber password" xmpp your@jid
# Retrieving (this should be the value of the option)
secret-tool lookup xmpp your@jid
.. note:: This will only be used if the :term:`password` option is empty.
**Default value:** ``Not in private, please.``
......@@ -58,6 +58,7 @@ DEFAULT_CONFIG = {
'enable_user_tune': True,
'enable_vertical_tab_list': False,
'enable_xhtml_im': True,
'eval_password': '',
'exec_remote': False,
'extract_inline_images': True,
'filter_info_messages': '',
......@@ -14,6 +14,8 @@ log = logging.getLogger(__name__)
import getpass
import subprocess
import slixmpp
from slixmpp.plugins.xep_0184 import XEP_0184
......@@ -43,8 +45,15 @@ class Connection(slixmpp.ClientXMPP):
if resource:
jid = '%s/%s'% (jid, resource)
password = config.get('password')
if not password and not (keyfile and certfile):
eval_password = config.get('eval_password')
if not password and not eval_password and not (keyfile and certfile):
password = getpass.getpass()
elif not password and not (keyfile and certfile):
print("No password or certificates provided, using the eval_password command.")
process = subprocess.Popen(['sh', '-c', eval_password], stdin=subprocess.PIPE,
stdout=subprocess.PIPE, close_fds=True)
password = process.stdout.readline().decode('utf-8').strip('\n')
else: # anonymous auth
self.anon = True
jid = config.get('server')
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment