Merge branch 'secured-data'

1 files changed, 231 insertions, 4 deletions

diff --git a/src/core/wee-command.c b/src/core/wee-command.c
index 6f8577488..0ed5eb6e1 100644
--- a/src/core/wee-command.c
+++ b/src/core/wee-command.c
@@ -45,6 +45,7 @@
 #include "wee-list.h"
 #include "wee-log.h"
 #include "wee-proxy.h"
+#include "wee-secure.h"
 #include "wee-string.h"
 #include "wee-upgrade.h"
 #include "wee-utf8.h"
@@ -4482,6 +4483,168 @@ COMMAND_CALLBACK(save)
 }
 
 /*
+ * Displays a secured data.
+ */
+
+void
+command_secure_display_data (void *data,
+                             struct t_hashtable *hashtable,
+                             const void *key, const void *value)
+{
+    /* make C compiler happy */
+    (void) data;
+    (void) hashtable;
+    (void) value;
+
+    if (key)
+        gui_chat_printf (NULL, "  %s", key);
+}
+
+/*
+ * Callback for command "/secure": manage secured data
+ */
+
+COMMAND_CALLBACK(secure)
+{
+    int passphrase_was_set, count_encrypted;
+
+    /* make C compiler happy */
+    (void) data;
+    (void) buffer;
+
+    /* list of secured data */
+    if (argc == 1)
+    {
+        secure_buffer_open ();
+        return WEECHAT_RC_OK;
+    }
+
+    count_encrypted = secure_hashtable_data_encrypted->items_count;
+
+    /* decrypt data still encrypted */
+    if (string_strcasecmp (argv[1], "decrypt") == 0)
+    {
+        COMMAND_MIN_ARGS(3, "secure decrypt");
+        if (count_encrypted == 0)
+        {
+            gui_chat_printf (NULL, _("There is no encrypted data"));
+            return WEECHAT_RC_OK;
+        }
+        if (strcmp (argv[2], "-discard") == 0)
+        {
+            hashtable_remove_all (secure_hashtable_data_encrypted);
+            gui_chat_printf (NULL, _("Encrypted data deleted"));
+            return WEECHAT_RC_OK;
+        }
+        if (secure_decrypt_data_not_decrypted (argv_eol[2]) > 0)
+        {
+            gui_chat_printf (NULL,
+                             _("Encrypted data has been successfully decrypted"));
+            if (secure_passphrase)
+                free (secure_passphrase);
+            secure_passphrase = strdup (argv_eol[2]);
+        }
+        else
+        {
+            gui_chat_printf (NULL,
+                             _("%sFailed to decrypt data (wrong passphrase?)"),
+                             gui_chat_prefix[GUI_CHAT_PREFIX_ERROR]);
+        }
+        return WEECHAT_RC_OK;
+    }
+
+    if (count_encrypted > 0)
+    {
+        gui_chat_printf (NULL,
+                         _("%sYou must decrypt data still encrypted before "
+                           "doing any operation on secured data or passphrase"),
+                         gui_chat_prefix[GUI_CHAT_PREFIX_ERROR]);
+        return WEECHAT_RC_OK;
+    }
+
+    /* set the passphrase */
+    if (string_strcasecmp (argv[1], "passphrase") == 0)
+    {
+        COMMAND_MIN_ARGS(3, "secure passphrase");
+        passphrase_was_set = 0;
+        if (secure_passphrase)
+        {
+            free (secure_passphrase);
+            secure_passphrase = NULL;
+            passphrase_was_set = 1;
+        }
+        if (strcmp (argv[2], "-delete") == 0)
+        {
+            gui_chat_printf (NULL,
+                             (passphrase_was_set) ?
+                             _("Passphrase deleted") : _("Passphrase is not set"));
+            if (passphrase_was_set)
+            {
+                if (secure_hashtable_data->items_count > 0)
+                    command_save_file (secure_config_file);
+                secure_buffer_display ();
+            }
+        }
+        else
+        {
+            secure_passphrase = strdup (argv_eol[2]);
+            gui_chat_printf (NULL,
+                             (passphrase_was_set) ?
+                             _("Passphrase changed") : _("Passphrase added"));
+            if (secure_hashtable_data->items_count > 0)
+                command_save_file (secure_config_file);
+            secure_buffer_display ();
+        }
+        return WEECHAT_RC_OK;
+    }
+
+    /* set a secured data */
+    if (string_strcasecmp (argv[1], "set") == 0)
+    {
+        COMMAND_MIN_ARGS(4, "secure set");
+        hashtable_set (secure_hashtable_data, argv[2], argv_eol[3]);
+        gui_chat_printf (NULL, _("Secured data \"%s\" set"), argv[2]);
+        command_save_file (secure_config_file);
+        secure_buffer_display ();
+        return WEECHAT_RC_OK;
+    }
+
+    /* delete a secured data */
+    if (string_strcasecmp (argv[1], "del") == 0)
+    {
+        COMMAND_MIN_ARGS(3, "secure del");
+        if (hashtable_has_key (secure_hashtable_data, argv[2]))
+        {
+            hashtable_remove (secure_hashtable_data, argv[2]);
+            gui_chat_printf (NULL, _("Secured data \"%s\" deleted"), argv[2]);
+            command_save_file (secure_config_file);
+            secure_buffer_display ();
+        }
+        else
+        {
+            gui_chat_printf (NULL,
+                             _("%sSecured data \"%s\" not found"),
+                             gui_chat_prefix[GUI_CHAT_PREFIX_ERROR],
+                             argv[2]);
+        }
+        return WEECHAT_RC_OK;
+    }
+
+    /* toggle values on secured data buffer */
+    if (string_strcasecmp (argv[1], "toggle_values") == 0)
+    {
+        if (secure_buffer)
+        {
+            secure_buffer_display_values ^= 1;
+            secure_buffer_display ();
+        }
+        return WEECHAT_RC_OK;
+    }
+
+    return WEECHAT_RC_OK;
+}
+
+/*
  * Displays a configuration section.
  */
 
@@ -5159,6 +5322,14 @@ COMMAND_CALLBACK(upgrade)
         return WEECHAT_RC_OK;
     }
 
+    /*
+     * set passphrase in environment var, so that it will not be asked to user
+     * when starting the new binary
+     */
+    if (secure_passphrase)
+        setenv (SECURE_ENV_PASSPHRASE, secure_passphrase, 1);
+
+    /* execute binary */
     exec_args[0] = ptr_binary;
     exec_args[3] = strdup (weechat_home);
     execvp (exec_args[0], exec_args);
@@ -5166,7 +5337,8 @@ COMMAND_CALLBACK(upgrade)
     /* this code should not be reached if execvp is OK */
     string_iconv_fprintf (stderr, "\n\n*****\n");
     string_iconv_fprintf (stderr,
-                          _("***** Error: exec failed (program: \"%s\"), exiting WeeChat"),
+                          _("***** Error: exec failed (program: \"%s\"), "
+                            "exiting WeeChat"),
                           exec_args[0]);
     string_iconv_fprintf (stderr, "\n*****\n\n");
 
@@ -6634,6 +6806,55 @@ command_init ()
                      "saved."),
                   "%(config_files)|%*",
                   &command_save, NULL);
+    hook_command (NULL, "secure",
+                  N_("manage secured data (passwords or private data encrypted "
+                     "in file sec.conf)"),
+                  N_("passphrase <passphrase>|-delete"
+                     " || decrypt <passphrase>|-discard"
+                     " || set <name> <value>"
+                     " || del <name>"),
+                  N_("passphrase: set or change the passphrase used for "
+                     "encryption (without passphrase, data is stored as "
+                     "plain text in file sec.conf)\n"
+                     "   -delete: delete passphrase\n"
+                     "   decrypt: decrypt data still encrypted (it happens only "
+                     "if no passphrase was given for encrypted data on startup)\n"
+                     "  -discard: discard all encrypted data (WARNING: this "
+                     "will clear the file sec.conf)\n"
+                     "       set: add or change secured data\n"
+                     "       del: delete secured data\n\n"
+                     "Without argument, this command displays secured data "
+                     "in a new buffer.\n\n"
+                     "When a passphrase is used (data encrypted), it is asked "
+                     "by WeeChat on startup.\n"
+                     "It is possible to set environment variable \""
+                     SECURE_ENV_PASSPHRASE "\" to prevent the prompt (this same "
+                     "variable is used by WeeChat on /upgrade).\n\n"
+                     "Secured data with format ${sec.data.xxx} can be used in:\n"
+                     "  - command line argument \"--run-command\"\n"
+                     "  - irc server options: autojoin, command, password, "
+                     "sasl_{username|password}\n"
+                     "  - options weechat.startup.command_{before|after}_plugins\n"
+                     "  - command /eval.\n\n"
+                     "Examples:\n"
+                     "  set a passphrase:\n"
+                     "    /secure passphrase this is my passphrase\n"
+                     "  encrypt freenode SASL password:\n"
+                     "    /secure set freenode mypassword\n"
+                     "    /set irc.server.freenode.sasl_password "
+                     "\"${sec.data.freenode}\"\n"
+                     "  encrypt oftc password for nickserv:\n"
+                     "    /secure set oftc mypassword\n"
+                     "    /set irc.server.oftc.command \"/msg nickserv identify "
+                     "${sec.data.oftc}\"\n"
+                     "  alias to ghost \"mynick\":\n"
+                     "    /alias ghost /eval /msg -server freenode nickserv "
+                     "ghost mynick ${sec.data.freenode}"),
+                  "passphrase -delete"
+                  " || decrypt -discard"
+                  " || set %(secured_data)"
+                  " || del %(secured_data)",
+                  &command_secure, NULL);
     hook_command (NULL, "set",
                   N_("set config options"),
                   N_("[<option> [<value>]] || diff [<option> [<option>...]]"),
@@ -6864,12 +7085,16 @@ command_init ()
 void
 command_exec_list (const char *command_list)
 {
-    char **commands, **ptr_cmd;
+    char *command_list2, **commands, **ptr_cmd;
     struct t_gui_buffer *weechat_buffer;
 
-    if (command_list && command_list[0])
+    if (!command_list || !command_list[0])
+        return;
+
+    command_list2 = eval_expression (command_list, NULL, NULL);
+    if (command_list2 && command_list2[0])
     {
-        commands = string_split_command (command_list, ';');
+        commands = string_split_command (command_list2, ';');
         if (commands)
         {
             weechat_buffer = gui_buffer_search_main ();
@@ -6880,6 +7105,8 @@ command_exec_list (const char *command_list)
             string_free_split_command (commands);
         }
     }
+    if (command_list2)
+        free (command_list2);
 }
 
 /*