[PATCH] Enable passwords to be functions in erc-services

[PATCH] Enable passwords to be functions in erc-services

[Rudolf Adrian Kral]

[-- Attachment #1: Type: text/plain, Size: 251 bytes --]

Hi,

I have written a patch enabling use of functions for providing passwords
in erc-services.el. My intuition is to avoid passwords being stored in
plaintext and use something like auth-sources instead. What do you
think?

Best regards,
Rudolf Kral


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: Patch for erc-services --]
[-- Type: text/x-diff, Size: 2118 bytes --]

diff --git a/lisp/erc/erc-services.el b/lisp/erc/erc-services.el
index 2d1d8556b2..d61e5f0db3 100644
--- a/lisp/erc/erc-services.el
+++ b/lisp/erc/erc-services.el
@@ -47,6 +47,12 @@
 ;;
 ;; (setq erc-nickserv-passwords '((freenode (("nickname" "password")))))
 ;;
+;; You can also provide a function as a password. ERC will evaluate it when
+;; needed for making a connection.
+;;
+;; (setq erc-nickserv-passwords '((freenode
+;;                                 (("nickname" (lambda () "password"))))))
+;;
 ;; The default automatic identification mode is autodetection of NickServ
 ;; identify requests.  Set the variable `erc-nickserv-identify-mode' if
 ;; you'd like to change this behavior.  You can also change the way
@@ -174,7 +180,7 @@ erc-nickserv-passwords
 Example of use:
   (setq erc-nickserv-passwords
         \\='((freenode ((\"nick-one\" . \"password\")
-                     (\"nick-two\" . \"password\")))
+                     (\"nick-two\" . (lambda () \"password\"))))
           (DALnet ((\"nick\" . \"password\")))))"
   :group 'erc-services
   :type '(repeat
@@ -198,8 +204,9 @@ erc-nickserv-passwords
 		(repeat :tag "Nickname and password"
 			(cons :tag "Identity"
 			      (string :tag "Nick")
-			      (string :tag "Password"
-                                      :secret ?*))))))
+                              (choice :tag "Password"
+                                      (string :secret ?*)
+                                      (function)))))))
 
 ;; Variables:
 
@@ -415,9 +422,12 @@ erc-nickserv-call-identify-function
       (call-interactively 'erc-nickserv-identify)
     (when erc-nickserv-passwords
       (erc-nickserv-identify
-       (cdr (assoc nickname
-		   (nth 1 (assoc (erc-network)
-				 erc-nickserv-passwords))))))))
+       (let ((raw-password (cdr (assoc nickname
+                                       (nth 1 (assoc (erc-network)
+                                                     erc-nickserv-passwords))))))
+         (if (functionp raw-password)
+             (funcall raw-password)
+           raw-password))))))
 
 (defvar erc-auto-discard-away)
 

Re: [PATCH] Enable passwords to be functions in erc-services

[Bruno Félix Rezende Ribeiro]

[-- Attachment #1: Type: text/plain, Size: 480 bytes --]

Hello Rudolf,

Rudolf Adrian Kral <adriankral@gmail.com> writes:

> I have written a patch enabling use of functions for providing passwords
> in erc-services.el. My intuition is to avoid passwords being stored in
> plaintext and use something like auth-sources instead. What do you
> think?

I think that’s a nice addition.  How hard is to setup it to use
auth-source?

-- 
Bruno Félix Rezende Ribeiro (oitofelix) [0x28D618AF]
<http://oitofelix.freeshell.org/>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 454 bytes --]

Re: [PATCH] Enable passwords to be functions in erc-services

[Amin Bandali]

[-- Attachment #1: Type: text/plain, Size: 780 bytes --]

Hello,

Thanks for the patch, Rudolf.

Bruno Félix Rezende Ribeiro <oitofelix@gnu.org> writes:

> Hello Rudolf,
>
> Rudolf Adrian Kral <adriankral@gmail.com> writes:
>
>> I have written a patch enabling use of functions for providing passwords
>> in erc-services.el. My intuition is to avoid passwords being stored in
>> plaintext and use something like auth-sources instead. What do you
>> think?
>
> I think that’s a nice addition.  How hard is to setup it to use
> auth-source?

+1.  Rudolf, what do you think about sending a new version with examples
using the auth-source library, and maybe even the newer auth-source-pass
as well?

Also, have you filled out and submitted a copy of the copyright
assignment form for your changes to GNU Emacs yet?

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

Re: [PATCH] Enable passwords to be functions in erc-services

[Ted Zlatanov]

On Thu, 09 Apr 2020 00:21:50 -0400 Amin Bandali <bandali@gnu.org> wrote: 

AB> +1.  Rudolf, what do you think about sending a new version with examples
AB> using the auth-source library, and maybe even the newer auth-source-pass
AB> as well?

erc.el uses auth-source.el so I agree this makes sense to add to
erc-services.el. Compared to Rudolf's proposed patch, I think this will
have the advantage of less code and easier integration for the user.

Maybe something like this (in the authinfo+.json format) would work for
the users?

machine MyService login myuser password mysecret
machine freenode login user1 password secret1
machine freenode login user2 password secret2

[
 { "machine": "MyService", "login": "myuser", "password": "mysecret" },
 { "machine": "freenode", "login": "user1", "password": "secret1" },
 { "machine": "freenode", "login": "user2", "password": "secret2" }
]

so then you'd just call:

(auth-source-search :host "MyService" :user "myuser")

auth-source-pass.el provides a backend for auth-source.el, so it will be
usable like all the other storage backends (.gpg files, plain files,
JSON files, Secrets API, etc). I don't think any extra work will be
required on the ERC side or the user side.

Ted