[PATCH 1/2] modifying erc-login to conditionally send appropriate CAP request for SASL

[PATCH 1/2] modifying erc-login to conditionally send appropriate CAP request for SASL

[Joseph Gay]

Submitted for your approval. I will need forms for copyright assignment.

This adds support for SASL PLAIN authentication. Freenode, for example,
requires SASL when connecting over TOR and when using the AT&T mobile
network.
---
 erc.el |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/erc.el b/erc.el
index 6e37f36..83caa43 100644
--- a/erc.el
+++ b/erc.el
@@ -5634,6 +5634,8 @@ user input."
   (if erc-session-password
       (erc-server-send (format "PASS %s" erc-session-password))
     (message "Logging in without password"))
+  (when (and (boundp 'erc-sasl-use-sasl) erc-sasl-use-sasl)
+    (erc-server-send "CAP REQ :sasl"))
   (erc-server-send (format "NICK %s" (erc-current-nick)))
   (erc-server-send
    (format "USER %s %s %s :%s"
-- 
1.7.2.5

[PATCH 2/2] response handlers needed for SASL PLAIN authentication

[Joseph Gay]

---
 erc-sasl.el |   71 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 71 insertions(+), 0 deletions(-)
 create mode 100644 erc-sasl.el

diff --git a/erc-sasl.el b/erc-sasl.el
new file mode 100644
index 0000000..392ab5d
--- /dev/null
+++ b/erc-sasl.el
@@ -0,0 +1,71 @@
+;; erc-sasl.el -- handle SASL PLAIN authentication
+
+;; Copyright (C) 2012 Free Software Foundation, Inc.
+
+;; Author: Joseph Gay <joseph.gay@psy.ai>
+;; Keywords: comm
+
+;; This file is part of GNU Emacs.
+
+;; GNU Emacs is free software: you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation, either version 3 of the License, or
+;; (at your option) any later version.
+
+;; GNU Emacs is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;; GNU General Public License for more details.
+
+;; You should have received a copy of the GNU General Public License
+;; along with GNU Emacs.  If not, see <http://www.gnu.org/licenses/>.
+
+;;; Commentary:
+
+;; This file implements SASL PLAIN authentication
+;; To activate:
+;;
+;; (require 'erc-sasl)
+;;
+;; To disable:
+;; (setq erc-sasl-use-sasl nil)
+;;
+;; NOTE: requires passing a password initially to (erc) and variants
+
+;;; Code:
+
+(defvar erc-sasl-use-sasl t
+  "Set to nil to disable SASL auth")
+
+(define-erc-response-handler (CAP)
+  "Client capability framework is used to request SASL auth, need
+  to wait for ACK to begin" nil
+  (let ((msg (erc-response.contents parsed)))
+    (when (string-match " *sasl" msg)
+      (erc-server-send "AUTHENTICATE PLAIN")
+      ;; now wait for AUTHENTICATE +
+      )))
+
+(define-erc-response-handler (AUTHENTICATE)
+  "Handling empty server response indicating ready to receive authentication." nil
+  (if erc-session-password
+      (let ((msg (erc-response.contents parsed)))
+        (when (string= "+" msg)
+          ;; plain auth
+          (erc-server-send (format "AUTHENTICATE %s"
+                                   (base64-encode-string
+                                    (concat "\0" (erc-current-nick) "\0" erc-session-password) t)))))
+    (progn 
+      (erc-display-messaged parsed 'error (if erc-server-connected 'active proc)
+                            "You must set a password in order to use SASL authentication.")
+      ;; aborting SASL auth
+      (erc-server-send (erc-server-send "AUTHENTICATE *")))))
+
+(define-erc-response-handler (903)
+  "Handling a successful SASL authentication." nil
+  (erc-server-send "CAP END"))
+
+;;; erc-sasl.el ends here
+;; Local Variables:
+;; indent-tabs-mode: nil
+;; End:
-- 
1.7.2.5

Re: [PATCH 2/2] response handlers needed for SASL PLAIN authentication

[Joseph Gay]

Revised to fix an error and shorten lines to <= 79 columns.
---
 erc-sasl.el |   76 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 76 insertions(+), 0 deletions(-)
 create mode 100644 erc-sasl.el

diff --git a/erc-sasl.el b/erc-sasl.el
new file mode 100644
index 0000000..b791e96
--- /dev/null
+++ b/erc-sasl.el
@@ -0,0 +1,76 @@
+;; erc-sasl.el -- handle SASL PLAIN authentication
+
+;; Copyright (C) 2012 Free Software Foundation, Inc.
+
+;; Author: Joseph Gay <joseph.gay@psy.ai>
+;; Keywords: comm
+
+;; This file is part of GNU Emacs.
+
+;; GNU Emacs is free software: you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation, either version 3 of the License, or
+;; (at your option) any later version.
+
+;; GNU Emacs is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;; GNU General Public License for more details.
+
+;; You should have received a copy of the GNU General Public License
+;; along with GNU Emacs.  If not, see <http://www.gnu.org/licenses/>.
+
+;;; Commentary:
+
+;; This file implements SASL PLAIN authentication
+;; To activate:
+;;
+;; (require 'erc-sasl)
+;;
+;; To disable:
+;; (setq erc-sasl-use-sasl nil)
+;;
+;; NOTE: requires passing a password initially to (erc) and variants
+
+;;; Code:
+
+(defvar erc-sasl-use-sasl t
+  "Set to nil to disable SASL auth")
+
+(define-erc-response-handler (CAP)
+  "Client capability framework is used to request SASL auth, need
+  to wait for ACK to begin" nil
+  (let ((msg (erc-response.contents parsed)))
+    (when (string-match " *sasl" msg)
+      (erc-server-send "AUTHENTICATE PLAIN")
+      ;; now wait for AUTHENTICATE +
+      )))
+
+(define-erc-response-handler (AUTHENTICATE)
+  "Handling empty server response indicating ready to receive
+  authentication." nil
+  (if erc-session-password
+      (let ((msg (erc-response.contents parsed)))
+        (when (string= "+" msg)
+          ;; plain auth
+          (erc-server-send
+           (format "AUTHENTICATE %s"
+                   (base64-encode-string
+                    (concat "\0" (erc-current-nick)
+                            "\0" erc-session-password) t)))))
+    (progn 
+      (erc-display-message
+       parsed 'error
+       (if erc-server-connected 'active proc)
+       "You must set a password in order to use SASL authentication.")
+      ;; aborting SASL auth
+      (erc-server-send (erc-server-send "AUTHENTICATE *")))))
+
+(define-erc-response-handler (903)
+  "Handling a successful SASL authentication." nil
+  (erc-server-send "CAP END"))
+
+;;; erc-sasl.el ends here
+;; Local Variables:
+;; indent-tabs-mode: nil
+;; End:
-- 
1.7.2.5

Re: [PATCH 1/2] modifying erc-login to conditionally send appropriate CAP request for SASL

[Joseph Gay]

It seems better that erc-sasl provide a feature and for the erc-login
conditional to use featurep instead of boundp. The final patch
submission will include that.

Re: [PATCH 1/2] modifying erc-login to conditionally send appropriate CAP request for SASL

[Joseph Gay]

These are the final patch submissions for erc-sasl. Part 1 of 2. I will
need copyright assignment.

---
 erc.el |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/erc.el b/erc.el
index 6e37f36..47c9848 100644
--- a/erc.el
+++ b/erc.el
@@ -5634,6 +5634,8 @@ user input."
   (if erc-session-password
       (erc-server-send (format "PASS %s" erc-session-password))
     (message "Logging in without password"))
+  (when (and (featurep 'erc-sasl) (erc-sasl-use-sasl-p))
+    (erc-server-send "CAP REQ :sasl"))
   (erc-server-send (format "NICK %s" (erc-current-nick)))
   (erc-server-send
    (format "USER %s %s %s :%s"
-- 
1.7.2.5

Re: [PATCH 2/2] response handlers needed for SASL PLAIN authentication

[Joseph Gay]

Part 2 of 2.

---
 erc-sasl.el |   95 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 95 insertions(+), 0 deletions(-)
 create mode 100644 erc-sasl.el

diff --git a/erc-sasl.el b/erc-sasl.el
new file mode 100644
index 0000000..70eaf3c
--- /dev/null
+++ b/erc-sasl.el
@@ -0,0 +1,95 @@
+;; erc-sasl.el -- handle SASL PLAIN authentication
+
+;; Copyright (C) 2012 Free Software Foundation, Inc.
+
+;; Author: Joseph Gay <ysph@psy.ai>
+;; Keywords: comm
+
+;; This file is part of GNU Emacs.
+
+;; GNU Emacs is free software: you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation, either version 3 of the License, or
+;; (at your option) any later version.
+
+;; GNU Emacs is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;; GNU General Public License for more details.
+
+;; You should have received a copy of the GNU General Public License
+;; along with GNU Emacs.  If not, see <http://www.gnu.org/licenses/>.
+
+;;; Commentary:
+
+;; This file implements SASL PLAIN authentication
+;; To activate:
+;;
+;; (require 'erc-sasl)
+;;
+;; (add-to-list 'erc-sasl-server-regexp-list "host\\.server\\.com")
+;; e.g. irc\\.freenode\\.net, or .* for any host
+;;
+;; To disable:
+;; (setq erc-sasl-use-sasl nil)
+;;
+;; NOTE: requires passing a password initially to (erc) and variants
+
+;;; Code:
+
+(eval-when-compile (require 'cl))
+
+(defvar erc-sasl-use-sasl t
+  "Set to nil to disable SASL auth")
+
+(defvar erc-sasl-server-regexp-list '()
+  "List of regexps matching server host names for which sasl
+  should be used")
+
+(defun erc-sasl-use-sasl-p ()
+  "Used internally to decide whether SASL should be used in the
+current session"
+  (and erc-sasl-use-sasl
+       (boundp 'erc-session-server)
+       (loop for re in erc-sasl-server-regexp-list
+             thereis (integerp (string-match re erc-session-server)))))
+
+(define-erc-response-handler (CAP)
+  "Client capability framework is used to request SASL auth, need
+  to wait for ACK to begin" nil
+  (let ((msg (erc-response.contents parsed)))
+    (when (string-match " *sasl" msg)
+      (erc-server-send "AUTHENTICATE PLAIN")
+      ;; now wait for AUTHENTICATE +
+      )))
+
+(define-erc-response-handler (AUTHENTICATE)
+  "Handling empty server response indicating ready to receive
+  authentication." nil
+  (if erc-session-password
+      (let ((msg (erc-response.contents parsed)))
+        (when (string= "+" msg)
+          ;; plain auth
+          (erc-server-send
+           (format "AUTHENTICATE %s"
+                   (base64-encode-string
+                    (concat "\0" (erc-current-nick)
+                            "\0" erc-session-password) t)))))
+    (progn 
+      (erc-display-message
+       parsed 'error
+       (if erc-server-connected 'active proc)
+       "You must set a password in order to use SASL authentication.")
+      ;; aborting SASL auth
+      (erc-server-send (erc-server-send "AUTHENTICATE *")))))
+
+(define-erc-response-handler (903)
+  "Handling a successful SASL authentication." nil
+  (erc-server-send "CAP END"))
+
+(provide 'erc-sasl)
+
+;;; erc-sasl.el ends here
+;; Local Variables:
+;; indent-tabs-mode: nil
+;; End:
-- 
1.7.2.5

Re: [PATCH 1/2] modifying erc-login to conditionally send appropriate CAP request for SASL

[Glenn Morris]

Joseph Gay wrote:

> These are the final patch submissions for erc-sasl. Part 1 of 2. I will
> need copyright assignment.

Thanks. I don't use erc, so I can't say if this useful.
If someone who does use erc thinks it is worth installing, I can send
you the copyright form.

>      (message "Logging in without password"))
> +  (when (and (featurep 'erc-sasl) (erc-sasl-use-sasl-p))
> +    (erc-server-send "CAP REQ :sasl"))
>    (erc-server-send (format "NICK %s" (erc-current-nick)))

So someone has to load erc-sasl to use this. I think it would be better
if there was just a boolean variable they had to set, and it was in
erc.el, and loading erc-sasl happened automatically when needed (eg
erc-sasl-use-sasl-p was autoloaded).

Re: [PATCH 2/2] response handlers needed for SASL PLAIN authentication

[Glenn Morris]

Joseph Gay wrote:

> +;; Copyright (C) 2012 Free Software Foundation, Inc.

Please don't write this unless you have completed a copyright
assignment. Just use your name.

> +;; This file is part of GNU Emacs.

Again, not true yet.

> +(defvar erc-sasl-use-sasl t
> +  "Set to nil to disable SASL auth")
> +
> +(defvar erc-sasl-server-regexp-list '()
> +  "List of regexps matching server host names for which sasl
> +  should be used")

These should be defcustoms. Also, the first line of any doc string
should be a complete sentence, with a full-stop at the end.

Re: [PATCH 2/2] response handlers needed for SASL PLAIN authentication

[Glenn Morris]

Glenn Morris wrote:

>> +(defvar erc-sasl-use-sasl t
>> +  "Set to nil to disable SASL auth")

PS I think this should be in erc.el, as I said in the other mail.

Re: [PATCH 2/2] response handlers needed for SASL PLAIN authentication

[Glenn Morris]

Glenn Morris wrote:

>>> +(defvar erc-sasl-use-sasl t
>>> +  "Set to nil to disable SASL auth")
>
> PS I think this should be in erc.el, as I said in the other mail.

PPS then it could be called just "erc-use-sasl".

Re: [PATCH 1/2] modifying erc-login to conditionally send appropriate CAP request for SASL

[Joseph Gay]

Thanks for the feedback. It is quite helpful. I will make changes
including removing the premature copyright designation, fixing doc
strings, and adding automatic loading based on the boolean variable.

I first posted this on the ERC list, and one of the devs there thought
it was useful and so directed me here. This was several months ago,
however, so I will revisit.

Thanks again.