From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 04:18:29 2019
Received: (at submit) by debbugs.gnu.org; 21 Nov 2019 09:18:30 +0000
Received: from localhost ([127.0.0.1]:51248 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1iXibd-00078d-II
	for submit@debbugs.gnu.org; Thu, 21 Nov 2019 04:18:29 -0500
Received: from lists.gnu.org ([209.51.188.17]:44255)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <dario.gjorgjevski@gmail.com>) id 1iXibZ-00078U-SL
 for submit@debbugs.gnu.org; Thu, 21 Nov 2019 04:18:28 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:33601)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <dario.gjorgjevski@gmail.com>) id 1iXibY-0005ew-5O
 for bug-gnu-emacs@gnu.org; Thu, 21 Nov 2019 04:18:25 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM,
 URIBL_BLOCKED autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <dario.gjorgjevski@gmail.com>) id 1iXibS-00044S-QM
 for bug-gnu-emacs@gnu.org; Thu, 21 Nov 2019 04:18:21 -0500
Received: from mail-wm1-x32f.google.com ([2a00:1450:4864:20::32f]:51412)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <dario.gjorgjevski@gmail.com>)
 id 1iXibN-0003yK-0q
 for bug-gnu-emacs@gnu.org; Thu, 21 Nov 2019 04:18:14 -0500
Received: by mail-wm1-x32f.google.com with SMTP id g206so2588038wme.1
 for <bug-gnu-emacs@gnu.org>; Thu, 21 Nov 2019 01:18:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:subject:date:message-id:mime-version;
 bh=fxt7OZjJKi1oQS5wTjdKTQHm2P6k8/UQeEcpUtZABlE=;
 b=i66HyKefzu1xd423DEr0XZH+IunwyX0W3Fob0PPJeY4jUN+ZAC7WiXwSTZ8wZhKBxD
 VSloHvRPvax1QIFraIY5uSzoAMU+kVRx+ETFciOUqU2kdfg6EuXNms7eQeA9RcWWneex
 dJy8Ght4omkk9TlCTBbStGNzCaLlwu66CaChXsdYNxvIq+BE6Y0IzTbUep6SJgOI1vOh
 mb9Lk3yRhCTfxvuvcVYQ24sPnS7loifUpQoxZDMrUv5zWCT2+u6yv91qBFNRaNFD/rzd
 PPqF7Tpn9rR6F+MNhrj+oKdVHrNc3HJH8FLbwfJXi92uBWx3Gp/G4maRRXqcijRy7roc
 nf+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:subject:date:message-id:mime-version;
 bh=fxt7OZjJKi1oQS5wTjdKTQHm2P6k8/UQeEcpUtZABlE=;
 b=biOXvPOZxeoLl7PwwPXP3HjuqXSPr2TXRcpIZGYBRBn+sx30GlRJpqVdbAsJ6uUNvT
 pNMhOFkjOoWwyFLRsbqaf2W7bu4Hviwz3TNrMgrFLwt4Iex+Pvg5Uf+OkilGdedj+w72
 3IW6MolSfQaNu1jvlEUsOpYNO1zLy6gQuvl++eEDV43PlhamAaqBNwbYr8Yg9tvLFLTa
 tvPn7Nbftb1IKLQViOQsdI7HYGKfY4CSBjmtlwFs8FbaK/LsRl5hoXy8CWzGVvw4Ueyr
 gaC4b/RJGSvlzLlKGl6vY1XeSnAJiCYRwIS48waht6WHEXkvLPxVIuLWjcZG7wd+0WgH
 7z1A==
X-Gm-Message-State: APjAAAUyoGwjfoyiPr0GR8Tkf0sBx3o2BawuhX4hIimSJQ5NYhZdR6TE
 ifpW3PY0UYlDCbYUzHm4rl3aGUy5
X-Google-Smtp-Source: APXvYqwWuIRNM2SSVnILTDzTEbPhw8fKDQZVSK6eZ1XG7egUn4B/CA+3S0K5PniTaPyoO+daMzNYrg==
X-Received: by 2002:a7b:c4c7:: with SMTP id g7mr8223212wmk.144.1574327885956; 
 Thu, 21 Nov 2019 01:18:05 -0800 (PST)
Received: from ZALANDO-31298 ([185.85.220.254])
 by smtp.gmail.com with ESMTPSA id i7sm2590289wrs.38.2019.11.21.01.18.04
 for <bug-gnu-emacs@gnu.org>
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Thu, 21 Nov 2019 01:18:04 -0800 (PST)
From: Dario Gjorgjevski <dario.gjorgjevski@gmail.com>
To: bug-gnu-emacs@gnu.org
Subject: [PATCH] Hide quoted passwords with spaces in Authinfo
Date: Thu, 21 Nov 2019 10:18:03 +0100
Message-ID: <fv2zoj4kyxio50.fsf@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2a00:1450:4864:20::32f
X-Spam-Score: 0.7 (/)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.3 (--)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

The auth-source library hides passwords in authinfo-mode, putting an
overlay of "****" over them.

For example,
    =E2=80=9Cmachine localhost port sudo login root password foobar=E2=80=9D
will show up as
    =E2=80=9Cmachine localhost port sudo login root password ****=E2=80=9D.

However, it fails to properly hide passwords which are quoted and
contain spaces, even though those are still valid and parsed
successfully.

For example,
    =E2=80=9Cmachine localhost port sudo login root password "foo bar"=E2=
=80=9D
will show up as
    =E2=80=9Cmachine localhost port sudo login root password **** bar"=E2=
=80=9D.

The attached patch fixes this by using the same logic that
=E2=80=98auth-source-netrc-parse-one=E2=80=99 uses to retrieve the field.  =
The logic is
moved to a separate function.

Best regards,
Dario


--=-=-=
Content-Type: text/x-diff
Content-Disposition: inline;
 filename=0001-Hide-quoted-passwords-with-spaces-in-Authinfo.patch
Content-Description: Hide quoted passwords with spaces in Authinfo

>From 34f07b1dc8517d1c7e580bff1e5ac34b69c993d6 Mon Sep 17 00:00:00 2001
From: Dario Gjorgjevski <dario.gjorgjevski+git@gmail.com>
Date: Thu, 21 Nov 2019 10:10:32 +0100
Subject: [PATCH] Hide quoted passwords with spaces in Authinfo
To: bug-gnu-emacs@gnu.org

* lisp/auth-source.el (auth-source-netrc-looking-at-one): New
function, extracted from auth-source-netrc-parse-one.
(auth-source-netrc-parse-one, authinfo--hide-passwords): Use
auth-source-netrc-looking-at-one.
---
 lisp/auth-source.el | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/lisp/auth-source.el b/lisp/auth-source.el
index 4926f67f0a..0800202914 100644
--- a/lisp/auth-source.el
+++ b/lisp/auth-source.el
@@ -1000,13 +1000,17 @@ auth-source-netrc-parse-next-interesting
     (forward-line 1)
     (skip-chars-forward "\t ")))
 
+(defun auth-source-netrc-looking-at-one ()
+  "Modify match data with one thing from the current buffer."
+  (or (looking-at "'\\([^']*\\)'")
+      (looking-at "\"\\([^\"]*\\)\"")
+      (looking-at "\\([^ \t\n]+\\)")))
+
 (defun auth-source-netrc-parse-one ()
   "Read one thing from the current buffer."
   (auth-source-netrc-parse-next-interesting)
 
-  (when (or (looking-at "'\\([^']*\\)'")
-            (looking-at "\"\\([^\"]*\\)\"")
-            (looking-at "\\([^ \t\n]+\\)"))
+  (when (auth-source-netrc-looking-at-one)
     (forward-char (length (match-string 0)))
     (prog1
         (match-string-no-properties 1)
@@ -2427,7 +2431,7 @@ authinfo--hide-passwords
       (while (re-search-forward (format "\\(\\s-\\|^\\)\\(%s\\)\\s-+"
                                         authinfo-hidden)
                                 nil t)
-        (when (looking-at "[^\n\t ]+")
+        (when (auth-source-netrc-looking-at-one)
           (let ((overlay (make-overlay (match-beginning 0) (match-end 0))))
             (overlay-put overlay 'display (propertize "****"
                                                       'face 'warning))
-- 
2.17.1


--=-=-=--




From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 07:52:37 2019
Received: (at 38311) by debbugs.gnu.org; 21 Nov 2019 12:52:37 +0000
Received: from localhost ([127.0.0.1]:51510 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1iXlwq-0005PZ-Tt
	for submit@debbugs.gnu.org; Thu, 21 Nov 2019 07:52:37 -0500
Received: from quimby.gnus.org ([95.216.78.240]:58640)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <larsi@gnus.org>) id 1iXlwp-0005PJ-Mk
 for 38311@debbugs.gnu.org; Thu, 21 Nov 2019 07:52:36 -0500
Received: from cm-84.212.202.86.getinternet.no ([84.212.202.86] helo=marnie)
 by quimby.gnus.org with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.92) (envelope-from <larsi@gnus.org>)
 id 1iXlwg-0004Wt-82; Thu, 21 Nov 2019 13:52:28 +0100
From: Lars Ingebrigtsen <larsi@gnus.org>
To: Dario Gjorgjevski <dario.gjorgjevski@gmail.com>
Subject: Re: bug#38311: [PATCH] Hide quoted passwords with spaces in Authinfo
References: <fv2zoj4kyxio50.fsf@gmail.com>
Date: Thu, 21 Nov 2019 13:52:25 +0100
In-Reply-To: <fv2zoj4kyxio50.fsf@gmail.com> (Dario Gjorgjevski's message of
 "Thu, 21 Nov 2019 10:18:03 +0100")
Message-ID: <87sgmh2xyu.fsf@gnus.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Report: Spam detection software, running on the system "quimby.gnus.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 @@CONTACT_ADDRESS@@ for details.
 
 Content preview:  Dario Gjorgjevski <dario.gjorgjevski@gmail.com> writes: >
   The attached patch fixes this by using the same logic that > ‘auth-source-netrc-parse-one’
    uses to retrieve the field. The logic is > moved to a separate function. 
 
 Content analysis details:   (-2.9 points, 5.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was
                             blocked.  See
                             http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                              for more information.
                             [URIs: ingebrigtsen.no]
 -1.0 ALL_TRUSTED            Passed through trusted hosts only via SMTP
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                             [score: 0.0000]
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 38311
Cc: 38311@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Dario Gjorgjevski <dario.gjorgjevski@gmail.com> writes:

> The attached patch fixes this by using the same logic that
> =E2=80=98auth-source-netrc-parse-one=E2=80=99 uses to retrieve the field.=
  The logic is
> moved to a separate function.

Thanks; applied to Emacs 27 (with minor changes).

--=20
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no




From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 07:52:42 2019
Received: (at control) by debbugs.gnu.org; 21 Nov 2019 12:52:42 +0000
Received: from localhost ([127.0.0.1]:51513 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1iXlww-0005Pq-6Z
	for submit@debbugs.gnu.org; Thu, 21 Nov 2019 07:52:42 -0500
Received: from quimby.gnus.org ([95.216.78.240]:58654)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <larsi@gnus.org>) id 1iXlwt-0005PQ-Jg
 for control@debbugs.gnu.org; Thu, 21 Nov 2019 07:52:41 -0500
Received: from cm-84.212.202.86.getinternet.no ([84.212.202.86] helo=marnie)
 by quimby.gnus.org with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.92) (envelope-from <larsi@gnus.org>) id 1iXlwm-0004X0-0H
 for control@debbugs.gnu.org; Thu, 21 Nov 2019 13:52:34 +0100
Date: Thu, 21 Nov 2019 13:52:31 +0100
Message-Id: <87r2212xyo.fsf@gnus.org>
To: control@debbugs.gnu.org
From: Lars Ingebrigtsen <larsi@gnus.org>
Subject: control message for bug #38311
X-Spam-Report: Spam detection software, running on the system "quimby.gnus.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 @@CONTACT_ADDRESS@@ for details.
 Content preview:  tags 38311 fixed close 38311 27.1 quit 
 Content analysis details:   (-2.9 points, 5.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -1.0 ALL_TRUSTED            Passed through trusted hosts only via SMTP
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
 [score: 0.0000]
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

tags 38311 fixed
close 38311 27.1
quit





From unknown Sun Aug 17 10:22:59 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Fri, 20 Dec 2019 12:24:05 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator