GNU bug report logs - #38311
[PATCH] Hide quoted passwords with spaces in Authinfo

Previous Next

Package: emacs;

Reported by: Dario Gjorgjevski <dario.gjorgjevski <at> gmail.com>

Date: Thu, 21 Nov 2019 09:19:01 UTC

Severity: normal

Tags: fixed, patch

Fixed in version 27.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Dario Gjorgjevski <dario.gjorgjevski <at> gmail.com>
To: 38311 <at> debbugs.gnu.org
Subject: bug#38311: [PATCH] Hide quoted passwords with spaces in Authinfo
Date: Thu, 21 Nov 2019 10:18:03 +0100

[Message part 1 (text/plain, inline)]
The auth-source library hides passwords in authinfo-mode, putting an
overlay of "****" over them.

For example,
    “machine localhost port sudo login root password foobar”
will show up as
    “machine localhost port sudo login root password ****”.

However, it fails to properly hide passwords which are quoted and
contain spaces, even though those are still valid and parsed
successfully.

For example,
    “machine localhost port sudo login root password "foo bar"”
will show up as
    “machine localhost port sudo login root password **** bar"”.

The attached patch fixes this by using the same logic that
‘auth-source-netrc-parse-one’ uses to retrieve the field.  The logic is
moved to a separate function.

Best regards,
Dario


[0001-Hide-quoted-passwords-with-spaces-in-Authinfo.patch (text/x-diff, inline)]
From 34f07b1dc8517d1c7e580bff1e5ac34b69c993d6 Mon Sep 17 00:00:00 2001
From: Dario Gjorgjevski <dario.gjorgjevski+git <at> gmail.com>
Date: Thu, 21 Nov 2019 10:10:32 +0100
Subject: [PATCH] Hide quoted passwords with spaces in Authinfo
To: bug-gnu-emacs <at> gnu.org

* lisp/auth-source.el (auth-source-netrc-looking-at-one): New
function, extracted from auth-source-netrc-parse-one.
(auth-source-netrc-parse-one, authinfo--hide-passwords): Use
auth-source-netrc-looking-at-one.
---
 lisp/auth-source.el | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/lisp/auth-source.el b/lisp/auth-source.el
index 4926f67f0a..0800202914 100644
--- a/lisp/auth-source.el
+++ b/lisp/auth-source.el
@@ -1000,13 +1000,17 @@ auth-source-netrc-parse-next-interesting
     (forward-line 1)
     (skip-chars-forward "\t ")))
 
+(defun auth-source-netrc-looking-at-one ()
+  "Modify match data with one thing from the current buffer."
+  (or (looking-at "'\\([^']*\\)'")
+      (looking-at "\"\\([^\"]*\\)\"")
+      (looking-at "\\([^ \t\n]+\\)")))
+
 (defun auth-source-netrc-parse-one ()
   "Read one thing from the current buffer."
   (auth-source-netrc-parse-next-interesting)
 
-  (when (or (looking-at "'\\([^']*\\)'")
-            (looking-at "\"\\([^\"]*\\)\"")
-            (looking-at "\\([^ \t\n]+\\)"))
+  (when (auth-source-netrc-looking-at-one)
     (forward-char (length (match-string 0)))
     (prog1
         (match-string-no-properties 1)
@@ -2427,7 +2431,7 @@ authinfo--hide-passwords
       (while (re-search-forward (format "\\(\\s-\\|^\\)\\(%s\\)\\s-+"
                                         authinfo-hidden)
                                 nil t)
-        (when (looking-at "[^\n\t ]+")
+        (when (auth-source-netrc-looking-at-one)
           (let ((overlay (make-overlay (match-beginning 0) (match-end 0))))
             (overlay-put overlay 'display (propertize "****"
                                                       'face 'warning))
-- 
2.17.1
This bug report was last modified 5 years and 242 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.