From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: "J.P." Newsgroups: gmane.emacs.bugs Subject: bug#29108: 25.3; ERC SASL support Date: Mon, 23 Aug 2021 06:47:31 -0700 Message-ID: <87o89oi87g.fsf__42779.680183024$1629726514$gmane$org@neverwas.me> References: <87h8ud92zl.fsf@gmail.com> <87mtprkkgi.fsf@neverwas.me> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="38152"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) Cc: 29108@debbugs.gnu.org, emacs-erc@gnu.org To: Ulrich Mueller Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Mon Aug 23 15:48:23 2021 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mIAJJ-0009Xd-4X for geb-bug-gnu-emacs@m.gmane-mx.org; Mon, 23 Aug 2021 15:48:21 +0200 Original-Received: from localhost ([::1]:56344 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mIAJH-0005kT-8r for geb-bug-gnu-emacs@m.gmane-mx.org; Mon, 23 Aug 2021 09:48:19 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:34378) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mIAJ0-0005kL-3I for bug-gnu-emacs@gnu.org; Mon, 23 Aug 2021 09:48:02 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:57429) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mIAIz-000411-Rb for bug-gnu-emacs@gnu.org; Mon, 23 Aug 2021 09:48:01 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1mIAIz-0008Nl-MD for bug-gnu-emacs@gnu.org; Mon, 23 Aug 2021 09:48:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: "J.P." Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 23 Aug 2021 13:48:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 29108 X-GNU-PR-Package: emacs Original-Received: via spool by 29108-submit@debbugs.gnu.org id=B29108.162972646532196 (code B ref 29108); Mon, 23 Aug 2021 13:48:01 +0000 Original-Received: (at 29108) by debbugs.gnu.org; 23 Aug 2021 13:47:45 +0000 Original-Received: from localhost ([127.0.0.1]:40742 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mIAIj-0008NE-5F for submit@debbugs.gnu.org; Mon, 23 Aug 2021 09:47:45 -0400 Original-Received: from mail-108-mta52.mxroute.com ([136.175.108.52]:42639) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mIAIg-0008N0-Tf for 29108@debbugs.gnu.org; Mon, 23 Aug 2021 09:47:44 -0400 Original-Received: from filter004.mxroute.com ([149.28.56.236] filter004.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta52.mxroute.com (ZoneMTA) with ESMTPSA id 17b734433ab00074ba.001 for <29108@debbugs.gnu.org> (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Mon, 23 Aug 2021 13:47:34 +0000 X-Zone-Loop: d6326bda8bcbbdff840a26c1fb6aee8dfadddbf24ae6 X-Originating-IP: [149.28.56.236] In-Reply-To: <87mtprkkgi.fsf@neverwas.me> (J. P.'s message of "Mon, 09 Aug 2021 02:59:09 -0700") X-AuthUser: masked@neverwas.me X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:212476 Archived-At: Hi Ulrich, "J.P." writes: > Then connect again (the client certs should be real, in preparation for > the next demo): > > (push 'sasl erc-v3-extensions) > (setq erc-v3-sasl-mechanism 'plain) > (erc-tls :server "testnet.inspircd.org" > :port 6697 > :nick "my-nick" > :password "password123" > ^~~~~~~~~~~~~~~~~~~~~~~ gone > :full-name "My Nick" I've changed things up a tad after realizing that appropriating the dialed password parameter was a dumb idea. I guess in zealously adhering to tradition (by mimicking erc-services.el, in this case), I also left common sense at the door (yet again). To clarify, I'm not talking about collisions with the legacy PASS my-nick:password123 authentication scheme, for which there still remains dwindling support among public networks. That's mostly a nonissue because SASL supplants that entirely. Instead, I'm thinking of actual server (connection) passwords, even though they're basically unheard of with public networks. And I suppose there's also the possibility of the rare proxy wanting a piece of the PASS action for its own wacky purposes, something like a PASS my-account@my-device/some-config-id:unused preceding an SASL exchange moments later. (I haven't actually seen such a thing in the wild, but it strikes me as plausible. Crazy?) Anyway, since personal/enterprise IRC servers may still use actual connection passwords, we've got to leave the `erc-tls' :password param alone and introduce a separate SASL password option. Hope that's clear. Also, in keeping with this policy, I've decided to discourage automatic nick use for account user names. This also defies the ERC services API but is nevertheless correct, IMO. So it's now (setq erc-v3-sasl-user "my-nick" erc-v3-sasl-password "password123") or similar via M-x customize. BTW, auth source is consulted if you leave the password out. > This time, using EXTERNAL (note the lack of a password): > > (setq erc-v3-sasl-mechanism 'external) In other news, EXTERNAL usage hasn't changed, though I'm wondering if we should maybe add a warning when tried in conjunction with TLS1.2 (or lower). Any idea if sub-1.3 is even possible on a modern Emacs and if so, whether a warning after the fact would suffice? Something like a (when (version< (substring (plist-get (gnutls-peer-status proc) :protocol) 3) "1.3") (erc-display-error-notice nil "Warning: ...")) except nicer perhaps? No idea. (@Lars or someone TLS savvy.) Last side note: I'm thinking of moving the RPL_LOGGEDIN 900 handler out of the erc-v3-sasl library or maybe instead defining a default that the library can override when it loads. The reason is that some servers use these numerics for confirming account authentication with the legacy user:pass syntax noted above. And if we're trying to make sessions account aware, this would accommodate people who for some reason still want that user:pass stuff with v3 in lieu of SASL. Anyway, when you have a sec, please try (again?) with these changes. Thanks.