From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Philip Kaludercic Newsgroups: gmane.emacs.devel Subject: Re: [RFC] certfp for rcirc Date: Wed, 17 Nov 2021 20:23:17 +0000 Message-ID: <87sfvulefe.fsf@posteo.net> References: <87mtmb2hg4.fsf@omarpolo.com> <877ddaegqy.fsf@posteo.net> <87r1bhi92e.fsf@omarpolo.com> <87ilwt84wb.fsf@omarpolo.com> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="5940"; mail-complaints-to="usenet@ciao.gmane.io" Cc: Emacs developers To: Omar Polo Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Wed Nov 17 21:24:10 2021 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mnRTU-0001CD-Ji for ged-emacs-devel@m.gmane-mx.org; Wed, 17 Nov 2021 21:24:08 +0100 Original-Received: from localhost ([::1]:44698 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mnRTT-0002ds-GL for ged-emacs-devel@m.gmane-mx.org; Wed, 17 Nov 2021 15:24:07 -0500 Original-Received: from eggs.gnu.org ([209.51.188.92]:57252) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mnRSk-0001mj-Ld for emacs-devel@gnu.org; Wed, 17 Nov 2021 15:23:22 -0500 Original-Received: from mout02.posteo.de ([185.67.36.66]:48739) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mnRSi-0005Hh-Fc for emacs-devel@gnu.org; Wed, 17 Nov 2021 15:23:22 -0500 Original-Received: from submission (posteo.de [89.146.220.130]) by mout02.posteo.de (Postfix) with ESMTPS id 77711240107 for ; Wed, 17 Nov 2021 21:23:18 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1637180598; bh=dAySHUgA1QWllRbvv9jMugzB4JHgFgFxTFALanzzSzY=; h=From:To:Cc:Subject:Autocrypt:Date:From; b=r8MFes/O+B4sV4a2OeduUO89CaKD3PlLvMTj+pux77SaxSOehA5OzSoU+9715ZdSD Itht0b29uoigs4C6aXgA0KSj+71+6Amr1gDgNVrppJ2yKRvFVK/2xNagMhaAX6ANqe t+cVLikNONyzTn2afaSaLS7MfABJ5oMCPdjo3vayIOoup3bzP7z6t1x1DrMzMnlHxK o8MTNrkk0uIu41z9ILbHehzABvauo2OPxaxS/6yOICW+n3GW8DQdptlwgI8lebB6G1 fUEinTKDa6Xt10pS5HpBA5BVNt6GfQCKxBEOwd0i2GyLmtWQz5D6+ulHqEupfKeXV8 08BkUy011GRXA== Original-Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4HvZBF4l0Zz9rxK; Wed, 17 Nov 2021 21:23:17 +0100 (CET) Autocrypt: addr=philipk@posteo.net; prefer-encrypt=nopreference; keydata= mDMEYHHqUhYJKwYBBAHaRw8BAQdAp3GdmYJ6tm5McweY6dEvIYIiry+Oz9rU4MH6NHWK0Ee0QlBo aWxpcCBLYWx1ZGVyY2ljIChnZW5lcmF0ZWQgYnkgYXV0b2NyeXB0LmVsKSA8cGhpbGlwa0Bwb3N0 ZW8ubmV0PoiQBBMWCAA4FiEEDM2H44ZoPt9Ms0eHtVrAHPRh1FwFAmBx6lICGwMFCwkIBwIGFQoJ CAsCBBYCAwECHgECF4AACgkQtVrAHPRh1FyTkgEAjlbGPxFchvMbxzAES3r8QLuZgCxeAXunM9gh io0ePtUBALVhh9G6wIoZhl0gUCbQpoN/UJHI08Gm1qDob5zDxnIHuDgEYHHqUhIKKwYBBAGXVQEF AQEHQNcRB+MUimTMqoxxMMUERpOR+Q4b1KgncDZkhrO2ql1tAwEIB4h4BBgWCAAgFiEEDM2H44Zo Pt9Ms0eHtVrAHPRh1FwFAmBx6lICGwwACgkQtVrAHPRh1Fw1JwD/Qo7kvtib8jy7puyWrSv0MeTS g8qIxgoRWJE/KKdkCLEA/jb9b9/g8nnX+UcwHf/4VfKsjExlnND3FrBviXUW6NcB In-Reply-To: <87ilwt84wb.fsf@omarpolo.com> (Omar Polo's message of "Mon, 15 Nov 2021 22:49:57 +0100") Received-SPF: pass client-ip=185.67.36.66; envelope-from=philipk@posteo.net; helo=mout02.posteo.de X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:279640 Archived-At: Omar Polo writes: > I messed up with the third diff, here's another try :) It looks good to me, I will push these changes to master in the coming days. > From f96474342caca8aa1df4f5df66ce1a2c0e4ed976 Mon Sep 17 00:00:00 2001 > From: Omar Polo > Date: Mon, 15 Nov 2021 17:33:51 +0000 > Subject: [PATCH 1/3] Move the sasl section after the bitlbee text > > --- > doc/misc/rcirc.texi | 12 ++++++------ > 1 file changed, 6 insertions(+), 6 deletions(-) > > diff --git a/doc/misc/rcirc.texi b/doc/misc/rcirc.texi > index a4ca54a8b0..696983dc77 100644 > --- a/doc/misc/rcirc.texi > +++ b/doc/misc/rcirc.texi > @@ -609,12 +609,6 @@ Use this symbol if you need to identify yourself in the Bitlbee channel > as follows: @code{identify secret}. The necessary arguments are the > nickname you want to use this for, and the password to use. > > -@item sasl > -@cindex sasl authentication > -Use this symbol if you want to use @acronym{SASL} authentication. The > -necessary arguments are the nickname you want to use this for, and the > -password to use. > - > @cindex gateway to other IM services > @cindex instant messaging, other services > @cindex Jabber > @@ -633,6 +627,12 @@ the other instant messaging services, and Bitlbee will log you in. All > @code{rcirc} needs to know, is the login to your Bitlbee account. Don't > confuse the Bitlbee account with all the other accounts. > > +@item sasl > +@cindex sasl authentication > +Use this symbol if you want to use @acronym{SASL} authentication. The > +necessary arguments are the nickname you want to use this for, and the > +password to use. > + > @end table > > @end table > -- > 2.33.1 > > From 6fda9317fbe496c36d1e5be4fa15dd3569a26aa1 Mon Sep 17 00:00:00 2001 > From: Omar Polo > Date: Mon, 15 Nov 2021 17:40:58 +0000 > Subject: [PATCH 2/3] implement certfp authentication to rcirc > > * lisp/net/rcirc.el (rcirc-connect): Use the provided client certs > * doc/misc/rcirc.texi (Configuration): Document the change > --- > doc/misc/rcirc.texi | 7 +++++++ > lisp/net/rcirc.el | 26 ++++++++++++++++++++++---- > 2 files changed, 29 insertions(+), 4 deletions(-) > > diff --git a/doc/misc/rcirc.texi b/doc/misc/rcirc.texi > index 696983dc77..58ca045e78 100644 > --- a/doc/misc/rcirc.texi > +++ b/doc/misc/rcirc.texi > @@ -633,6 +633,13 @@ Use this symbol if you want to use @acronym{SASL} authentication. The > necessary arguments are the nickname you want to use this for, and the > password to use. > > +@item certfp > +@cindex certfp authentication > +Use this symbol if you want to use CertFP authentication. The > +necessary arguments are the path to the client certificate key and > +password. The CertFP authentication requires a @acronym{TLS} > +connection. > + > @end table > > @end table > diff --git a/lisp/net/rcirc.el b/lisp/net/rcirc.el > index 5c92c60eda..6030db9dae 100644 > --- a/lisp/net/rcirc.el > +++ b/lisp/net/rcirc.el > @@ -262,6 +262,7 @@ The ARGUMENTS for each METHOD symbol are: > `bitlbee': NICK PASSWORD > `quakenet': ACCOUNT PASSWORD > `sasl': NICK PASSWORD > + `certfp': KEY CERT > > Examples: > ((\"Libera.Chat\" nickserv \"bob\" \"p455w0rd\") > @@ -291,7 +292,11 @@ Examples: > (list :tag "SASL" > (const sasl) > (string :tag "Nick") > - (string :tag "Password"))))) > + (string :tag "Password")) > + (list :tag "CertFP" > + (const certfp) > + (string :tag "Key") > + (string :tag "Certificate"))))) > > (defcustom rcirc-auto-authenticate-flag t > "Non-nil means automatically send authentication string to server. > @@ -547,6 +552,9 @@ If ARG is non-nil, instead prompt for connection parameters." > (password (plist-get (cdr c) :password)) > (encryption (plist-get (cdr c) :encryption)) > (server-alias (plist-get (cdr c) :server-alias)) > + (client-cert (when (eq (rcirc-get-server-method (car c)) > + 'certfp) > + (rcirc-get-server-cert (car c)))) > contact) > (when-let (((not password)) > (auth (auth-source-search :host server > @@ -563,7 +571,7 @@ If ARG is non-nil, instead prompt for connection parameters." > (condition-case nil > (let ((process (rcirc-connect server port nick user-name > full-name channels password encryption > - server-alias))) > + client-cert server-alias))) > (when rcirc-display-server-buffer > (pop-to-buffer-same-window (process-buffer process)))) > (quit (message "Quit connecting to %s" > @@ -662,13 +670,22 @@ See `rcirc-connect' for more details on these variables.") > (when (string-match server-i server) > (throw 'pass (car args))))))) > > +(defun rcirc-get-server-cert (server) > + "Return a list of key and certificate for SERVER." > + (catch 'cert > + (dolist (i rcirc-authinfo) > + (let ((server-i (car i)) > + (args (cddr i))) > + (when (string-match server-i server) > + (throw 'cert args)))))) > + > ;;;###autoload > (defun rcirc-connect (server &optional port nick user-name > full-name startup-channels password encryption > - server-alias) > + certfp server-alias) > "Connect to SERVER. > The arguments PORT, NICK, USER-NAME, FULL-NAME, PASSWORD, > -ENCRYPTION, SERVER-ALIAS are interpreted as in > +ENCRYPTION, CERTFP, SERVER-ALIAS are interpreted as in > `rcirc-server-alist'. STARTUP-CHANNELS is a list of channels > that are joined after authentication." > (save-excursion > @@ -695,6 +712,7 @@ that are joined after authentication." > (setq process (open-network-stream > (or server-alias server) nil server port-number > :type (or encryption 'plain) > + :client-certificate certfp > :nowait t)) > (set-process-coding-system process 'raw-text 'raw-text) > (with-current-buffer (get-buffer-create (rcirc-generate-new-buffer-name process nil)) > -- > 2.33.1 > > From a21962b6213cef558ae9294d41e14d42035495fc Mon Sep 17 00:00:00 2001 > From: Omar Polo > Date: Mon, 15 Nov 2021 21:49:23 +0000 > Subject: [PATCH 3/3] ; Simplify rcirc authentication querying functions > > --- > lisp/net/rcirc.el | 21 +++------------------ > 1 file changed, 3 insertions(+), 18 deletions(-) > > diff --git a/lisp/net/rcirc.el b/lisp/net/rcirc.el > index 6030db9dae..b4e9031e0d 100644 > --- a/lisp/net/rcirc.el > +++ b/lisp/net/rcirc.el > @@ -654,30 +654,15 @@ See `rcirc-connect' for more details on these variables.") > > (defun rcirc-get-server-method (server) > "Return authentication method for SERVER." > - (catch 'method > - (dolist (i rcirc-authinfo) > - (let ((server-i (car i)) > - (method (cadr i))) > - (when (string-match server-i server) > - (throw 'method method)))))) > + (cadr (assoc server rcirc-authinfo #'string-match))) > > (defun rcirc-get-server-password (server) > "Return password for SERVER." > - (catch 'pass > - (dolist (i rcirc-authinfo) > - (let ((server-i (car i)) > - (args (cdddr i))) > - (when (string-match server-i server) > - (throw 'pass (car args))))))) > + (cadddr (assoc server rcirc-authinfo #'string-match))) > > (defun rcirc-get-server-cert (server) > "Return a list of key and certificate for SERVER." > - (catch 'cert > - (dolist (i rcirc-authinfo) > - (let ((server-i (car i)) > - (args (cddr i))) > - (when (string-match server-i server) > - (throw 'cert args)))))) > + (cddr (assoc server rcirc-authinfo #'string-match))) > > ;;;###autoload > (defun rcirc-connect (server &optional port nick user-name -- Philip Kaludercic