emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC] certfp for rcirc

From: Philip Kaludercic
Subject: Re: [RFC] certfp for rcirc
Date: Sun, 14 Nov 2021 18:25:57 +0000 
Omar Polo <op@omarpolo.com> writes:

> For some reason I don't know yet, the NickServ still says that I've got
> 30 seconds to identify myself, but in reality I'm already logged in.  I
> don't know basically anything about how the irc protocol works, so I'm
> probably missing something incredibly obvious.

Have you experienced any issues since? It might also be that this is a
server side issue?  What do other clients say?

> What do you think?

I think this would be a good addition.  One might even want to go
further and add functions to automate the certfp authentication.  But
that might be a too much for rcirc.

Also, the manual should be updated to explain how this works.

> Cheers,
>
> Omar Polo
>
>
> diff --git a/lisp/net/rcirc.el b/lisp/net/rcirc.el
> index 52d74a3394..070218ef0a 100644
> --- a/lisp/net/rcirc.el
> +++ b/lisp/net/rcirc.el
> @@ -262,10 +262,12 @@ The ARGUMENTS for each METHOD symbol are:
>    `bitlbee': NICK PASSWORD
>    `quakenet': ACCOUNT PASSWORD
>    `sasl': NICK PASSWORD
> +  `certfp': KEY CERT
>  
>  Examples:
>   ((\"Libera.Chat\" nickserv \"bob\" \"p455w0rd\")
>    (\"Libera.Chat\" chanserv \"bob\" \"#bobland\" \"passwd99\")
> +  (\"Libera.Chat\" certfp \"/path/to/key.pem\" \"/path/to/cert.pem\")
>    (\"bitlbee\" bitlbee \"robert\" \"sekrit\")
>    (\"dal.net\" nickserv \"bob\" \"sekrit\" \"NickServ@services.dal.net\")
>    (\"quakenet.org\" quakenet \"bobby\" \"sekrit\")
> @@ -291,7 +293,11 @@ Examples:
>                                      (list :tag "SASL"
>                                            (const sasl)
>                                            (string :tag "Nick")
> -                                          (string :tag "Password")))))
> +                                          (string :tag "Password"))
> +                                    (list :tag "CertFP"
> +                                          (const certfp)
> +                                          (string :tag "Key")
> +                                          (string :tag "Certificate")))))
>  
>  (defcustom rcirc-auto-authenticate-flag t
>    "Non-nil means automatically send authentication string to server.
> @@ -547,6 +553,9 @@ If ARG is non-nil, instead prompt for connection 
> parameters."
>                (password (plist-get (cdr c) :password))
>                (encryption (plist-get (cdr c) :encryption))
>                (server-alias (plist-get (cdr c) :server-alias))
> +              (client-cert (when (eq (rcirc-get-server-method (car c))
> +                                     'certfp)
> +                             (rcirc-get-server-cert (car c))))
>                contact)
>            (when-let (((not password))
>                       (auth (auth-source-search :host server
> @@ -563,7 +572,7 @@ If ARG is non-nil, instead prompt for connection 
> parameters."
>                 (condition-case nil
>                     (let ((process (rcirc-connect server port nick user-name
>                                                      full-name channels 
> password encryption
> -                                                    server-alias)))
> +                                                    client-cert 
> server-alias)))
>                          (when rcirc-display-server-buffer
>                            (pop-to-buffer-same-window (process-buffer 
> process))))
>                   (quit (message "Quit connecting to %s"
> @@ -662,13 +671,22 @@ See `rcirc-connect' for more details on these 
> variables.")
>       (when (string-match server-i server)
>            (throw 'pass (car args)))))))
>  
> +(defun rcirc-get-server-cert (server)
> +  "Return a list of key and certificate for SERVER."
> +  (catch 'pass
> +    (dolist (i rcirc-authinfo)
> +      (let ((server-i (car i))
> +            (args (cddr i)))
> +        (when (string-match server-i server)
> +          (throw 'pass args))))))

Why not use alist-get with a test function?

>  ;;;###autoload
>  (defun rcirc-connect (server &optional port nick user-name
>                               full-name startup-channels password encryption
> -                             server-alias)
> +                             certfp server-alias)
>    "Connect to SERVER.
>  The arguments PORT, NICK, USER-NAME, FULL-NAME, PASSWORD,
> -ENCRYPTION, SERVER-ALIAS are interpreted as in
> +ENCRYPTION, CERTFP, SERVER-ALIAS are interpreted as in
>  `rcirc-server-alist'.  STARTUP-CHANNELS is a list of channels
>  that are joined after authentication."
>    (save-excursion
> @@ -692,10 +710,16 @@ that are joined after authentication."
>          (delete-process process))
>  
>        ;; Set up process
> -      (setq process (open-network-stream
> -                     (or server-alias server) nil server port-number
> -                     :type (or encryption 'plain)
> -                     :nowait t))
> +      (setq process (if certfp
> +                        (open-network-stream
> +                         (or server-alias server) nil server port-number
> +                         :type 'tls
> +                         :nowait t
> +                         :client-certificate certfp)

Is this case-distinction necessary?  If `certfp' is nil, then
open-network-stream should just ignore the argument if I am not
mistaken.

> +                      (open-network-stream
> +                       (or server-alias server) nil server port-number
> +                       :type (or encryption 'plain)
> +                       :nowait t)))
>        (set-process-coding-system process 'raw-text 'raw-text)
>        (with-current-buffer (get-buffer-create 
> (rcirc-generate-new-buffer-name process nil))
>          (set-process-buffer process (current-buffer))
>
>

-- 
        Philip Kaludercic
reply via email to
[Prev in Thread] Current Thread [Next in Thread]