From unknown Fri Aug 15 12:50:21 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#58985 <58985@debbugs.gnu.org> To: bug#58985 <58985@debbugs.gnu.org> Subject: Status: 29.0.50; Have auth-source-pass behave more like other back ends Reply-To: bug#58985 <58985@debbugs.gnu.org> Date: Fri, 15 Aug 2025 19:50:21 +0000 retitle 58985 29.0.50; Have auth-source-pass behave more like other back en= ds reassign 58985 emacs submitter 58985 "J.P." severity 58985 wishlist tag 58985 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 03 09:51:49 2022 Received: (at submit) by debbugs.gnu.org; 3 Nov 2022 13:51:49 +0000 Received: from localhost ([127.0.0.1]:48397 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oqadH-0006Zt-RP for submit@debbugs.gnu.org; Thu, 03 Nov 2022 09:51:49 -0400 Received: from lists.gnu.org ([209.51.188.17]:50498) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oqadD-0006Zi-6X for submit@debbugs.gnu.org; Thu, 03 Nov 2022 09:51:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oqadC-0005d2-I1 for bug-gnu-emacs@gnu.org; Thu, 03 Nov 2022 09:51:43 -0400 Received: from mail-108-mta161.mxroute.com ([136.175.108.161]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oqad7-0003cz-QJ for bug-gnu-emacs@gnu.org; Thu, 03 Nov 2022 09:51:42 -0400 Received: from mail-111-mta2.mxroute.com ([136.175.111.2] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta161.mxroute.com (ZoneMTA) with ESMTPSA id 1843dc2e2ff0006e99.002 for (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Thu, 03 Nov 2022 13:51:33 +0000 X-Zone-Loop: 24356a67364b47d3fdfea8c6183d495e122561d47164 X-Originating-IP: [136.175.111.2] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neverwas.me ; s=x; h=Content-Type:MIME-Version:Message-ID:Date:Subject:Cc:To:From:Sender: Reply-To:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date :Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=tkKuAdTPGNibcFjV3bKnu5Dz7jKIFmNo1KGvYADkHkQ=; b=c j+KdN2RFaPzT79l/xQtyy24uDdJbnhZOGvLtZj4FEXdzXIMz9VPyM8/0YbJ+G9aMNDl78290dtpZZ XfwJvhdl24sjMfcSat2TfISABAQdd1zn2iERcShkOVmZMiGFhh+yn7DawMdiq3gz/2p/JRzHGX29y KA8s8uhCahHk6Wl62OtVLrq8hvlopFc42uqdBBfNdJDiXSiQ5fjBg+0B4hTJmbxhtGlZOupDfVUwE ZYyasvVgYcSwKZGjsM2Uf/juLchUVAKBs2oLEagzYW8gP1u5PHW42dXXUW0m8JuKPDqurWF/vwmlE tWUf6/FwkVr6iihC3Qep3A0JBaSOmxumA==; From: "J.P." To: bug-gnu-emacs@gnu.org Subject: 29.0.50; Have auth-source-pass behave more like other back ends X-Debbugs-CC: emacs-erc@gnu.org Date: Thu, 03 Nov 2022 06:51:29 -0700 Message-ID: <87wn8cb0ym.fsf@neverwas.me> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Authenticated-Id: masked@neverwas.me Received-SPF: pass client-ip=136.175.108.161; envelope-from=jp@neverwas.me; helo=mail-108-mta161.mxroute.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, WEIRD_PORT=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit Cc: Damien Cassou X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) --=-=-= Content-Type: text/plain Tags: patch Hi people, This is a belated follow-up to a brief exchange I had with Damien earlier this year: https://lists.gnu.org/archive/html/bug-gnu-emacs/2022-04/msg00982.html To recap, ERC would like to include the UNIX password store in the suite of available back ends for its auth-source integration. To do that, we'd need auth-source-pass to either export quite a few internal functions or offer a bit more in the way of "standard" functionality. Thinking door #2 the likelier, I've gone ahead and attempted a POC that mainly caters to ERC's own requirements. (Sadly, I'm not well enough acquainted with the library to aim much wider than that.) Regardless, I'm hoping someone more knowledgeable will be willing to give this a think at some point. Thanks, J.P. In GNU Emacs 29.0.50 (build 3, x86_64-pc-linux-gnu, GTK+ Version 3.24.34, cairo version 1.17.6) of 2022-11-01 built on localhost Repository revision: 9b098c903a2502df42e21fa0796aa35097ae2cfa Repository branch: auth-source-pass-many Windowing system distributor 'The X.Org Foundation', version 11.0.12014000 System Description: Fedora Linux 36 (Workstation Edition) Configured using: 'configure --enable-check-lisp-object-type --enable-checking=yes,glyphs 'CFLAGS=-O0 -g3' PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig CC=analyze-cc CXX=analyze-c++' Configured features: ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GPM GSETTINGS HARFBUZZ JPEG JSON LCMS2 LIBOTF LIBSELINUX LIBSYSTEMD LIBXML2 M17N_FLT MODULES NOTIFY INOTIFY PDUMPER PNG RSVG SECCOMP SOUND SQLITE3 THREADS TIFF TOOLKIT_SCROLL_BARS WEBP X11 XDBE XIM XINPUT2 XPM GTK3 ZLIB Important settings: value of $LANG: en_US.UTF-8 value of $XMODIFIERS: @im=ibus locale-coding-system: utf-8-unix Major mode: Lisp Interaction Minor modes in effect: tooltip-mode: t global-eldoc-mode: t eldoc-mode: t show-paren-mode: t electric-indent-mode: t mouse-wheel-mode: t tool-bar-mode: t menu-bar-mode: t file-name-shadow-mode: t global-font-lock-mode: t font-lock-mode: t blink-cursor-mode: t line-number-mode: t indent-tabs-mode: t transient-mark-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t Load-path shadows: None found. Features: (shadow sort mail-extr emacsbug message mailcap yank-media puny dired dired-loaddefs rfc822 mml mml-sec password-cache epa derived epg rfc6068 epg-config gnus-util text-property-search time-date subr-x mm-decode mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader cl-loaddefs cl-lib sendmail rfc2047 rfc2045 ietf-drums mm-util mail-prsvr mail-utils rmc iso-transl tooltip cconv eldoc paren electric uniquify ediff-hook vc-hooks lisp-float-type elisp-mode mwheel term/x-win x-win term/common-win x-dnd tool-bar dnd fontset image regexp-opt fringe tabulated-list replace newcomment text-mode lisp-mode prog-mode register page tab-bar menu-bar rfn-eshadow isearch easymenu timer select scroll-bar mouse jit-lock font-lock syntax font-core term/tty-colors frame minibuffer nadvice seq simple cl-generic indonesian philippine cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese composite emoji-zwj charscript charprop case-table epa-hook jka-cmpr-hook help abbrev obarray oclosure cl-preloaded button loaddefs theme-loaddefs faces cus-face macroexp files window text-properties overlay sha1 md5 base64 format env code-pages mule custom widget keymap hashtable-print-readable backquote threads dbusbind inotify lcms2 dynamic-setting system-font-setting font-render-setting cairo move-toolbar gtk x-toolkit xinput2 x multi-tty make-network-process emacs) Memory information: ((conses 16 36767 7533) (symbols 48 5118 0) (strings 32 13166 1683) (string-bytes 1 374788) (vectors 16 9331) (vector-slots 8 148593 8753) (floats 8 21 21) (intervals 56 341 0) (buffers 984 11)) --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-POC-Make-auth-source-pass-behave-more-like-other-bac.patch >From dda2ccaed516afcea5f685f3b3f51849c58b197c Mon Sep 17 00:00:00 2001 From: "F. Jason Park" Date: Tue, 1 Nov 2022 22:46:24 -0700 Subject: [PATCH 1/2] [POC] Make auth-source-pass behave more like other backends * lisp/auth-source-pass.el (auth-source-pass-standard-search): Add new option to bring search behavior more in line with other backends. (auth-source-pass-search): Add new keyword params `max' and `require' and consider new option `auth-source-pass-standard-search' for dispatch. (auth-source-pass--match-regexp, auth-source-pass--retrieve-parsed, auth-source-pass--match-parts): Add supporting variable and helpers. (auth-source-pass--build-result-many, auth-source-pass--find-match-many): Add "-many" variants for existing workhorse functions. * test/lisp/auth-source-pass-tests.el (auth-source-pass-standard-search--wild-port-miss-netrc, auth-source-pass-standard-search--wild-port-miss, auth-source-pass-standard-search--wild-port-hit-netrc, auth-source-pass-standard-search--wild-port-hit, auth-source-pass-standard-search--wild-port-req-miss-netrc, auth-source-pass-standard-search--wild-port-req-miss, auth-source-pass-standard-search--baseline, auth-source-pass-standard-search--port-type, auth-source-pass-standard-search--hosts-first): Add juxtaposed netrc and standard-search pairs to demo optional extra-compliant behavior. --- lisp/auth-source-pass.el | 99 +++++++++++++++++++++++- test/lisp/auth-source-pass-tests.el | 116 ++++++++++++++++++++++++++++ 2 files changed, 214 insertions(+), 1 deletion(-) diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el index 0955e2ed07..5638bdbd90 100644 --- a/lisp/auth-source-pass.el +++ b/lisp/auth-source-pass.el @@ -55,13 +55,23 @@ auth-source-pass-port-separator :type 'string :version "27.1") +(defcustom auth-source-pass-standard-search nil + "Whether to use more standardized search behavior. +When nil, the password-store backend works like it always has and +considers at most one `:user' search parameter and returns at +most one result. With t, it tries to more faithfully mimic other +auth-source backends." + :version "29.1" + :type 'boolean) + (cl-defun auth-source-pass-search (&rest spec &key backend type host user port + require max &allow-other-keys) "Given some search query, return matching credentials. See `auth-source-search' for details on the parameters SPEC, BACKEND, TYPE, -HOST, USER and PORT." +HOST, USER, PORT, REQUIRE, and MAX." (cl-assert (or (null type) (eq type (oref backend type))) t "Invalid password-store search: %s %s") (cond ((eq host t) @@ -70,6 +80,8 @@ auth-source-pass-search ((null host) ;; Do not build a result, as none will match when HOST is nil nil) + (auth-source-pass-standard-search + (auth-source-pass--build-result-many host port user require max)) (t (when-let ((result (auth-source-pass--build-result host port user))) (list result))))) @@ -89,6 +101,25 @@ auth-source-pass--build-result (seq-subseq retval 0 -2)) ;; remove password retval)))) +(defun auth-source-pass--build-result-many (hosts ports users require max) + "Return multiple `auth-source-pass--build-result' values." + (unless (listp hosts) (setq hosts (list hosts))) + (unless (listp users) (setq users (list users))) + (unless (listp ports) (setq ports (list ports))) + (let ((rv (auth-source-pass--find-match-many hosts users ports + require (or max 1)))) + (when auth-source-debug + (auth-source-pass--do-debug "final result: %S" rv)) + (if (eq auth-source-pass-standard-search 'test) + (reverse rv) + (let (out) + (dolist (e rv out) + (when-let* ((s (plist-get e :secret)) ; s not captured by closure + (v (auth-source--obfuscate s))) + (setf (plist-get e :secret) + (lambda () (auth-source--deobfuscate v)))) + (push e out)))))) + ;;;###autoload (defun auth-source-pass-enable () "Enable auth-source-password-store." @@ -206,6 +237,72 @@ auth-source-pass--find-match hosts (list hosts)))) +(defconst auth-source-pass--match-regexp + (rx (or bot "/") + (or (: (? (group-n 20 (+ (not (in " /@")))) "@") + (group-n 10 (+ (not (in " /:@")))) + (? ":" (group-n 30 (+ (not (in " /:")))))) + (: (group-n 11 (+ (not (in " /:@")))) + (? ":" (group-n 31 (+ (not (in " /:"))))) + (? "/" (group-n 21 (+ (not (in " /:"))))))) + eot)) + +(defun auth-source-pass--retrieve-parsed (seen path port-number-p) + (when-let ((m (string-match auth-source-pass--match-regexp path))) + (puthash path + (list :host (or (match-string 10 path) (match-string 11 path)) + :user (or (match-string 20 path) (match-string 21 path)) + :port (and-let* ((p (or (match-string 30 path) + (match-string 31 path))) + (n (string-to-number p))) + (if (or (zerop n) (not port-number-p)) + (format "%s" p) + n))) + seen))) + +(defun auth-source-pass--match-parts (parts key value require) + (let ((mv (plist-get parts key))) + (if (memq key require) + (and value (equal mv value)) + (or (not value) (not mv) (equal mv value))))) + +;; For now, this ignores the contents of files and only considers path +;; components when matching. +(defun auth-source-pass--find-match-many (hosts users ports require max) + "Return plists for valid combinations of HOSTS, USERS, PORTS. +Each plist contains, at the very least, a host and a secret." + (let ((seen (make-hash-table :test #'equal)) + (entries (auth-source-pass-entries)) + port-number-p + out) + (catch 'done + (dolist (host hosts out) + (pcase-let ((`(,_ ,u ,p) (auth-source-pass--disambiguate host))) + (unless (or (not (equal "443" p)) (string-prefix-p "https://" host)) + (setq p nil)) + (dolist (user (or users (list u))) + (dolist (port (or ports (list p))) + (setq port-number-p (equal 'integer (type-of port))) + (dolist (e entries) + (when-let* + ((m (or (gethash e seen) (auth-source-pass--retrieve-parsed + seen e port-number-p))) + ((equal host (plist-get m :host))) + ((auth-source-pass--match-parts m :port port require)) + ((auth-source-pass--match-parts m :user user require)) + (parsed (auth-source-pass-parse-entry e)) + (secret (or (auth-source-pass--get-attr 'secret parsed) + (not (memq :secret require))))) + (push + `( :host ,host ; prefer user-provided :host over h + ,@(and-let* ((u (plist-get m :user))) (list :user u)) + ,@(and-let* ((p (plist-get m :port))) (list :port p)) + ,@(and secret (not (eq secret t)) (list :secret secret))) + out) + (when (or (zerop (cl-decf max)) + (null (setq entries (delete e entries)))) + (throw 'done out))))))))))) + (defun auth-source-pass--disambiguate (host &optional user port) "Return (HOST USER PORT) after disambiguation. Disambiguate between having user provided inside HOST (e.g., diff --git a/test/lisp/auth-source-pass-tests.el b/test/lisp/auth-source-pass-tests.el index f5147a7ce0..14d1361eae 100644 --- a/test/lisp/auth-source-pass-tests.el +++ b/test/lisp/auth-source-pass-tests.el @@ -488,6 +488,122 @@ auth-source-pass-prints-meaningful-debug-log (should (auth-source-pass--have-message-matching "found 2 entries matching \"gitlab.com\": (\"a/gitlab.com\" \"b/gitlab.com\")")))) + +;; FIXME move this to top of file if keeping these netrc tests +(require 'ert-x) + +;; No entry has the requested port, but a result is still returned. + +(ert-deftest auth-source-pass-standard-search--wild-port-miss-netrc () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine x.com port 42 password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "x.com" :port 22 :max 2))) + (dolist (result results) + (setf result (plist-put result :secret (auth-info-password result)))) + (should (equal results '((:host "x.com" :secret "a"))))))) + +(ert-deftest auth-source-pass-standard-search--wild-port-miss () + (let ((auth-source-pass-standard-search 'test)) + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("x.com:42" (secret . "b"))) + (auth-source-pass-enable) + (should (equal (auth-source-search :host "x.com" :port 22 :max 2) + '((:host "x.com" :secret "a"))))))) + +;; One of two entries has the requested port, both returned + +(ert-deftest auth-source-pass-standard-search--wild-port-hit-netrc () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine x.com port 42 password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "x.com" :port 42 :max 2))) + (dolist (result results) + (setf result (plist-put result :secret (auth-info-password result)))) + (should (equal results '((:host "x.com" :secret "a") + (:host "x.com" :port "42" :secret "b"))))))) + +(ert-deftest auth-source-pass-standard-search--wild-port-hit () + (let ((auth-source-pass-standard-search 'test)) + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("x.com:42" (secret . "b"))) + (auth-source-pass-enable) + (should (equal (auth-source-search :host "x.com" :port 42 :max 2) + '((:host "x.com" :secret "a") + (:host "x.com" :port 42 :secret "b"))))))) + +;; No entry has the requested port, but :port is required, so search fails + +(ert-deftest auth-source-pass-standard-search--wild-port-req-miss-netrc () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine x.com port 42 password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search + :host "x.com" :port 22 :require '(:port) :max 2))) + (should-not results)))) + +(ert-deftest auth-source-pass-standard-search--wild-port-req-miss () + (let ((auth-source-pass-standard-search 'test)) + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("x.com:42" (secret . "b"))) + (auth-source-pass-enable) + (should-not (auth-source-search + :host "x.com" :port 22 :require '(:port) :max 2))))) + +;; A retrieved store entry mustn't be nil regardless of whether its +;; path contains port or user components + +(ert-deftest auth-source-pass-standard-search--baseline () + (let ((auth-source-pass-standard-search 'test)) + (auth-source-pass--with-store '(("x.com")) + (auth-source-pass-enable) + (should-not (auth-source-search :host "x.com"))))) + +;; Output port type (int or string) matches that of input parameter + +(ert-deftest auth-source-pass-standard-search--port-type () + (let ((auth-source-pass-standard-search 'test)) + (auth-source-pass--with-store '(("x.com:42" (secret . "a"))) + (auth-source-pass-enable) + (should (equal (auth-source-search :host "x.com" :port 42) + '((:host "x.com" :port 42 :secret "a"))))) + (auth-source-pass--with-store '(("x.com:42" (secret . "a"))) + (auth-source-pass-enable) + (should (equal (auth-source-search :host "x.com" :port "42") + '((:host "x.com" :port "42" :secret "a"))))))) + +;; The :host search param ordering more heavily influences the output +;; because (h1, u1, p1), (h1, u1, p2), ... (hN, uN, pN); also, exact +;; matches are not given precedence, i.e., matching store items are +;; returned in the order encountered + +(ert-deftest auth-source-pass-standard-search--hosts-first () + (let ((auth-source-pass-standard-search 'test)) + (auth-source-pass--with-store '(("x.com:42/bar" (secret . "a")) + ("gnu.org" (secret . "b")) + ("x.com" (secret . "c")) + ("fake.com" (secret . "d")) + ("x.com/foo" (secret . "e"))) + (auth-source-pass-enable) + (should (equal (auth-source-search :host '("x.com" "gnu.org") :max 3) + ;; Notice gnu.org is never considered ^ + '((:host "x.com" :user "bar" :port "42" :secret "a") + (:host "x.com" :secret "c") + (:host "x.com" :user "foo" :secret "e"))))))) + + (provide 'auth-source-pass-tests) ;;; auth-source-pass-tests.el ends here -- 2.38.1 --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0002-POC-Support-auth-source-pass-in-ERC.patch >From b78670992dd10c9566e620cd016767a4b36dd10f Mon Sep 17 00:00:00 2001 From: "F. Jason Park" Date: Sun, 24 Apr 2022 06:20:09 -0700 Subject: [PATCH 2/2] [POC] Support auth-source-pass in ERC * doc/misc/erc.texi: Mention that the auth-source-pass backend is supported. * lisp/erc/erc-compat.el (erc-compat--auth-source-pass-search, erc-compat--auth-source-pass--build-results-many, erc-compat--auth-source-pass--retrieve-parsed, erc-compat--auth-source-pass-packend-parse): Copy some yet unreleased functions from auth-source-pass that mimic the netrc backend. Also add forward declarations to support them. * lisp/erc/erc.el (erc--auth-source-search): Use own auth-source-pass erc-compat backend until 29.1 released. * test/lisp/erc/erc-services-tests.el (erc-join-tests--auth-source-pass-entries): Remove useless items. (erc--auth-source-search--pass-standard, erc--auth-source-search--pass-announced, erc--auth-source-search--pass-overrides): Remove `ert-skip' guard. --- doc/misc/erc.texi | 3 +- lisp/erc/erc-compat.el | 100 ++++++++++++++++++++++++++++ lisp/erc/erc.el | 7 +- test/lisp/erc/erc-services-tests.el | 27 +++----- 4 files changed, 116 insertions(+), 21 deletions(-) diff --git a/doc/misc/erc.texi b/doc/misc/erc.texi index 3db83197f9..ad35b78f0e 100644 --- a/doc/misc/erc.texi +++ b/doc/misc/erc.texi @@ -861,7 +861,8 @@ Connecting @code{erc-auth-source-search}. It tries to merge relevant contextual parameters with those provided or discovered from the logical connection or the underlying transport. Some auth-source back ends may not be -compatible; netrc, plstore, json, and secrets are currently supported. +compatible; netrc, plstore, json, secrets, and pass are currently +supported. @end defopt @subheading Full name diff --git a/lisp/erc/erc-compat.el b/lisp/erc/erc-compat.el index 8a00e711ac..e1e55cad99 100644 --- a/lisp/erc/erc-compat.el +++ b/lisp/erc/erc-compat.el @@ -32,6 +32,8 @@ ;;; Code: (require 'compat nil 'noerror) +(eval-when-compile (require 'cl-lib)) + ;;;###autoload(autoload 'erc-define-minor-mode "erc-compat") (define-obsolete-function-alias 'erc-define-minor-mode @@ -156,6 +158,104 @@ erc-subseq (setq i (1+ i) start (1+ start))) res)))))) +;;;; Auth Source + +(declare-function auth-source-pass--get-attr + "auth-source-pass" (key entry-data)) +(declare-function auth-source-pass--disambiguate + "auth-source-pass" (host &optional user port)) +(declare-function auth-source-backend-parse-parameters + "auth-source-pass" (entry backend)) +(declare-function auth-source-backend "auth-source" (&rest slots)) +(declare-function auth-source-pass-entries "auth-source-pass" nil) +(declare-function auth-source-pass-parse-entry "auth-source-pass" (entry)) + +(defun erc-compat--auth-source-pass--retrieve-parsed (seen e port-number-p) + (when-let ((pat (rx (or bot "/") + (or (: (? (group-n 20 (+ (not (in " /@")))) "@") + (group-n 10 (+ (not (in " /:@")))) + (? ":" (group-n 30 (+ (not (in " /:")))))) + (: (group-n 11 (+ (not (in " /:@")))) + (? ":" (group-n 31 (+ (not (in " /:"))))) + (? "/" (group-n 21 (+ (not (in " /:"))))))) + eot)) + (m (string-match pat e))) + (puthash e (list :host (or (match-string 10 e) + (match-string 11 e)) + :user (or (match-string 20 e) + (match-string 21 e)) + :port (and-let* ((p (or (match-string 30 e) + (match-string 31 e))) + (n (string-to-number p))) + (if (or (zerop n) + (not port-number-p)) + (format "%s" p) + n))) + seen))) + +;; This looks bad, but it just inlines `auth-source-pass--find-match-many'. +(defun erc-compat--auth-source-pass--build-result-many + (hosts users ports require max) + "Return a plist of HOSTS, PORTS, USERS, and secret." + (unless (listp hosts) (setq hosts (list hosts))) + (unless (listp users) (setq users (list users))) + (unless (listp ports) (setq ports (list ports))) + (unless max (setq max 1)) + (let ((seen (make-hash-table :test #'equal)) + (entries (auth-source-pass-entries)) + (check (lambda (m k v) + (let ((mv (plist-get m k))) + (if (memq k require) + (and v (equal mv v)) + (or (not v) (not mv) (equal mv v)))))) + port-number-p + out) + (catch 'done + (dolist (host hosts) + (pcase-let ((`(,_ ,u ,p) (auth-source-pass--disambiguate host))) + (unless (or (not (equal "443" p)) (string-prefix-p "https://" host)) + (setq p nil)) + (dolist (user (or users (list u))) + (dolist (port (or ports (list p))) + (setq port-number-p (equal 'integer (type-of port))) + (dolist (e entries) + (when-let* + ((m (or (gethash e seen) + (erc-compat--auth-source-pass--retrieve-parsed + seen e port-number-p))) + ((equal host (plist-get m :host))) + ((funcall check m :port port)) + ((funcall check m :user user)) + (parsed (auth-source-pass-parse-entry e)) + (secret (or (auth-source-pass--get-attr 'secret parsed) + (not (memq :secret require))))) + (push + `( :host ,host ; prefer user-provided :host over h + ,@(and-let* ((u (plist-get m :user))) (list :user u)) + ,@(and-let* ((p (plist-get m :port))) (list :port p)) + ,@(and secret (not (eq secret t)) (list :secret secret))) + out) + (when (or (zerop (cl-decf max)) + (null (setq entries (delete e entries)))) + (throw 'done nil))))))))) + (reverse out))) + +(cl-defun erc-compat--auth-source-pass-search + (&rest spec &key host user port require max &allow-other-keys) + ;; From `auth-source-pass-search' + (cl-assert (and host (not (eq host t))) + t "Invalid password-store search: %s %s") + (erc-compat--auth-source-pass--build-result-many host user port require max)) + +(defun erc-compat--auth-source-pass-backend-parse (entry) + (when (eq entry 'password-store) + (auth-source-backend-parse-parameters + entry (auth-source-backend + :source "." + :type 'password-store + :search-function #'erc-compat--auth-source-pass-search)))) + + (provide 'erc-compat) ;;; erc-compat.el ends here diff --git a/lisp/erc/erc.el b/lisp/erc/erc.el index db39e341b2..cfa69954d5 100644 --- a/lisp/erc/erc.el +++ b/lisp/erc/erc.el @@ -3477,7 +3477,12 @@ erc--auth-source-search the nod. Much the same would happen for entries sharing only a port: the one with host foo would win." (when-let* - ((priority (map-keys defaults)) + ((auth-source-backend-parser-functions + (if (memq 'password-store auth-sources) + (cons #'erc-compat--auth-source-pass-backend-parse + auth-source-backend-parser-functions) + auth-source-backend-parser-functions)) + (priority (map-keys defaults)) (test (lambda (a b) (catch 'done (dolist (key priority) diff --git a/test/lisp/erc/erc-services-tests.el b/test/lisp/erc/erc-services-tests.el index 8e2b8d2927..7ff2e36e77 100644 --- a/test/lisp/erc/erc-services-tests.el +++ b/test/lisp/erc/erc-services-tests.el @@ -469,15 +469,11 @@ erc-services-tests--asp-parse-entry (list (assoc 'secret (cdr found))))) (defvar erc-join-tests--auth-source-pass-entries - '(("irc.gnu.org:irc/#chan" - ("port" . "irc") ("user" . "#chan") (secret . "bar")) - ("my.gnu.org:irc/#chan" - ("port" . "irc") ("user" . "#chan") (secret . "baz")) - ("GNU.chat:irc/#chan" - ("port" . "irc") ("user" . "#chan") (secret . "foo")))) + '(("irc.gnu.org:irc/#chan" (secret . "bar")) + ("my.gnu.org:irc/#chan" (secret . "baz")) + ("GNU.chat:irc/#chan" (secret . "foo")))) (ert-deftest erc--auth-source-search--pass-standard () - (ert-skip "Pass backend not yet supported") (let ((store erc-join-tests--auth-source-pass-entries) (auth-sources '(password-store)) (auth-source-do-cache nil)) @@ -490,7 +486,6 @@ erc--auth-source-search--pass-standard (erc-services-tests--auth-source-standard #'erc-auth-source-search)))) (ert-deftest erc--auth-source-search--pass-announced () - (ert-skip "Pass backend not yet supported") (let ((store erc-join-tests--auth-source-pass-entries) (auth-sources '(password-store)) (auth-source-do-cache nil)) @@ -503,19 +498,13 @@ erc--auth-source-search--pass-announced (erc-services-tests--auth-source-announced #'erc-auth-source-search)))) (ert-deftest erc--auth-source-search--pass-overrides () - (ert-skip "Pass backend not yet supported") (let ((store `(,@erc-join-tests--auth-source-pass-entries - ("GNU.chat:6697/#chan" - ("port" . "6697") ("user" . "#chan") (secret . "spam")) - ("my.gnu.org:irc/#fsf" - ("port" . "irc") ("user" . "#fsf") (secret . "42")) - ("irc.gnu.org:6667" - ("port" . "6667") (secret . "sesame")) - ("MyHost:irc" - ("port" . "irc") (secret . "456")) - ("MyHost:6667" - ("port" . "6667") (secret . "123")))) + ("GNU.chat:6697/#chan" (secret . "spam")) + ("my.gnu.org:irc/#fsf" (secret . "42")) + ("irc.gnu.org:6667" (secret . "sesame")) + ("MyHost:irc" (secret . "456")) + ("MyHost:6667" (secret . "123")))) (auth-sources '(password-store)) (auth-source-do-cache nil)) -- 2.38.1 --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sat Nov 05 19:55:36 2022 Received: (at 58985) by debbugs.gnu.org; 5 Nov 2022 23:55:36 +0000 Received: from localhost ([127.0.0.1]:58351 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1orT0h-0002Dz-46 for submit@debbugs.gnu.org; Sat, 05 Nov 2022 19:55:36 -0400 Received: from mail-108-mta176.mxroute.com ([136.175.108.176]:44089) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1orT0d-0002Dh-5U for 58985@debbugs.gnu.org; Sat, 05 Nov 2022 19:55:33 -0400 Received: from mail-111-mta2.mxroute.com ([136.175.111.2] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta176.mxroute.com (ZoneMTA) with ESMTPSA id 1844a3868b50006e99.002 for <58985@debbugs.gnu.org> (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Sat, 05 Nov 2022 23:55:21 +0000 X-Zone-Loop: 6f88adf7f1d3684eb0864855d49b4c161715d0126198 X-Originating-IP: [136.175.111.2] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neverwas.me ; s=x; h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To: Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=aLIao8hYqptFTzr9+ZnBERZ55lAuW/6wePOublCMips=; b=hkfG8T4D3+DazLgwMTZURStUSE glBWaPOmn7vN1qwvax+1tQMgNO3QhTFzChcZOgqRZhPWmfluCBeO75gCYsFZm5Gt0Mdh06xWGHgby 8SzNkv/ZAJfgEBuZaeoT0ye9vAJGbALQ84u9RGRYzqMi0aqj+R1SOW0kmp6I01tb8o/osj2eigRjs uxfvy7L9PMAaz5wgT9aKOM2ezfYeDxRbBHign/p4mEDsCZdPPldrIPHgfJ0AR7Nlg7kmtyhDK+8r4 b9i0J7VuERczuLNl8F50iWbVrcLKetez+TT/A32ucoBde8BvDew9IEOrMPk+Eif7uJXh3tuol+elP +ecKMQCw==; From: "J.P." To: 58985@debbugs.gnu.org Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <87wn8cb0ym.fsf@neverwas.me> (J. P.'s message of "Thu, 03 Nov 2022 06:51:29 -0700") References: <87wn8cb0ym.fsf@neverwas.me> Date: Sat, 05 Nov 2022 16:55:16 -0700 Message-ID: <874jvdardn.fsf@neverwas.me> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Authenticated-Id: masked@neverwas.me X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: Damien Cassou , emacs-erc@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain v2. Respect existing user option. --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0000-v1-v2.diff >From 9de7567ab61df0f5dda03e320c3c292c4a66ac55 Mon Sep 17 00:00:00 2001 From: "F. Jason Park" Date: Fri, 4 Nov 2022 20:01:38 -0700 Subject: [PATCH 0/2] *** NOT A PATCH *** *** BLURB HERE *** F. Jason Park (2): [POC] Make auth-source-pass behave more like other backends [POC] Support auth-source-pass in ERC doc/misc/erc.texi | 3 +- lisp/auth-source-pass.el | 105 +++++++++++++++++++- lisp/erc/erc-compat.el | 101 +++++++++++++++++++ lisp/erc/erc.el | 7 +- test/lisp/auth-source-pass-tests.el | 144 ++++++++++++++++++++++++++++ test/lisp/erc/erc-services-tests.el | 3 - 6 files changed, 357 insertions(+), 6 deletions(-) Interdiff: diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el index 5638bdbd90..44c47c30b7 100644 --- a/lisp/auth-source-pass.el +++ b/lisp/auth-source-pass.el @@ -101,13 +101,29 @@ auth-source-pass--build-result (seq-subseq retval 0 -2)) ;; remove password retval)))) +(defvar auth-source-pass--match-regexp nil) + +(defun auth-source-pass--match-regexp (s) + (rx-to-string ; autoloaded + `(: (or bot "/") + (or (: (? (group-n 20 (+ (not (in ?\ ?/ ?@ ,s)))) "@") + (group-n 10 (+ (not (in ?\ ?/ ?@ ,s)))) + (? ,s (group-n 30 (+ (not (in ?\ ?/ ,s)))))) + (: (group-n 11 (+ (not (in ?\ ?/ ?@ ,s)))) + (? ,s (group-n 31 (+ (not (in ?\ ?/ ,s))))) + (? "/" (group-n 21 (+ (not (in ?\ ?/ ,s))))))) + eot) + 'no-group)) + (defun auth-source-pass--build-result-many (hosts ports users require max) "Return multiple `auth-source-pass--build-result' values." (unless (listp hosts) (setq hosts (list hosts))) (unless (listp users) (setq users (list users))) (unless (listp ports) (setq ports (list ports))) - (let ((rv (auth-source-pass--find-match-many hosts users ports - require (or max 1)))) + (let* ((auth-source-pass--match-regexp (auth-source-pass--match-regexp + auth-source-pass-port-separator)) + (rv (auth-source-pass--find-match-many hosts users ports + require (or max 1)))) (when auth-source-debug (auth-source-pass--do-debug "final result: %S" rv)) (if (eq auth-source-pass-standard-search 'test) @@ -237,16 +253,6 @@ auth-source-pass--find-match hosts (list hosts)))) -(defconst auth-source-pass--match-regexp - (rx (or bot "/") - (or (: (? (group-n 20 (+ (not (in " /@")))) "@") - (group-n 10 (+ (not (in " /:@")))) - (? ":" (group-n 30 (+ (not (in " /:")))))) - (: (group-n 11 (+ (not (in " /:@")))) - (? ":" (group-n 31 (+ (not (in " /:"))))) - (? "/" (group-n 21 (+ (not (in " /:"))))))) - eot)) - (defun auth-source-pass--retrieve-parsed (seen path port-number-p) (when-let ((m (string-match auth-source-pass--match-regexp path))) (puthash path diff --git a/lisp/erc/erc-compat.el b/lisp/erc/erc-compat.el index eb9cf45186..747a1152ff 100644 --- a/lisp/erc/erc-compat.el +++ b/lisp/erc/erc-compat.el @@ -182,6 +182,7 @@ erc-compat--with-memoization (declare-function auth-source-pass-entries "auth-source-pass" nil) (declare-function auth-source-pass-parse-entry "auth-source-pass" (entry)) +;; This basically hard codes `auth-source-pass-port-separator' to ":" (defun erc-compat--auth-source-pass--retrieve-parsed (seen e port-number-p) (when-let ((pat (rx (or bot "/") (or (: (? (group-n 20 (+ (not (in " /@")))) "@") diff --git a/test/lisp/auth-source-pass-tests.el b/test/lisp/auth-source-pass-tests.el index 14d1361eae..242fc356b4 100644 --- a/test/lisp/auth-source-pass-tests.el +++ b/test/lisp/auth-source-pass-tests.el @@ -562,6 +562,34 @@ auth-source-pass-standard-search--wild-port-req-miss (should-not (auth-source-search :host "x.com" :port 22 :require '(:port) :max 2))))) +;; Specifying a :host without a :user finds a lone entry and does not +;; include extra fields (i.e., :port nil) in the result +;; https://lists.gnu.org/archive/html/emacs-devel/2022-11/msg00130.html + +(ert-deftest auth-source-pass-standard-search--netrc-akib () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine disroot.org user akib password b +machine z.com password c +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "disroot.org" :max 2))) + (dolist (result results) + (setf result (plist-put result :secret (auth-info-password result)))) + (should (equal results + '((:host "disroot.org" :user "akib" :secret "b"))))))) + +(ert-deftest auth-source-pass-standard-search--akib () + (let ((auth-source-pass-standard-search 'test)) + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("akib@disroot.org" (secret . "b")) + ("z.com" (secret . "c"))) + (auth-source-pass-enable) + (should (equal (auth-source-search :host "disroot.org" :max 2) + '((:host "disroot.org" :user "akib" :secret "b"))))))) + ;; A retrieved store entry mustn't be nil regardless of whether its ;; path contains port or user components -- 2.38.1 --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-POC-Make-auth-source-pass-behave-more-like-other-bac.patch >From d623a025f40358aede9beca5313a36074bed2d98 Mon Sep 17 00:00:00 2001 From: "F. Jason Park" Date: Tue, 1 Nov 2022 22:46:24 -0700 Subject: [PATCH 1/2] [POC] Make auth-source-pass behave more like other backends * lisp/auth-source-pass.el (auth-source-pass-standard-search): Add new option to bring search behavior more in line with other backends. (auth-source-pass-search): Add new keyword params `max' and `require' and consider new option `auth-source-pass-standard-search' for dispatch. (auth-source-pass--match-regexp, auth-source-pass--retrieve-parsed, auth-source-pass--match-parts): Add supporting variable and helpers. (auth-source-pass--build-result-many, auth-source-pass--find-match-many): Add "-many" variants for existing workhorse functions. * test/lisp/auth-source-pass-tests.el (auth-source-pass-standard-search--wild-port-miss-netrc, auth-source-pass-standard-search--wild-port-miss, auth-source-pass-standard-search--wild-port-hit-netrc, auth-source-pass-standard-search--wild-port-hit, auth-source-pass-standard-search--wild-port-req-miss-netrc, auth-source-pass-standard-search--wild-port-req-miss, auth-source-pass-standard-search--baseline, auth-source-pass-standard-search--port-type, auth-source-pass-standard-search--hosts-first): Add juxtaposed netrc and standard-search pairs to demo optional extra-compliant behavior. --- lisp/auth-source-pass.el | 105 +++++++++++++++++++- test/lisp/auth-source-pass-tests.el | 144 ++++++++++++++++++++++++++++ 2 files changed, 248 insertions(+), 1 deletion(-) diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el index 0955e2ed07..44c47c30b7 100644 --- a/lisp/auth-source-pass.el +++ b/lisp/auth-source-pass.el @@ -55,13 +55,23 @@ auth-source-pass-port-separator :type 'string :version "27.1") +(defcustom auth-source-pass-standard-search nil + "Whether to use more standardized search behavior. +When nil, the password-store backend works like it always has and +considers at most one `:user' search parameter and returns at +most one result. With t, it tries to more faithfully mimic other +auth-source backends." + :version "29.1" + :type 'boolean) + (cl-defun auth-source-pass-search (&rest spec &key backend type host user port + require max &allow-other-keys) "Given some search query, return matching credentials. See `auth-source-search' for details on the parameters SPEC, BACKEND, TYPE, -HOST, USER and PORT." +HOST, USER, PORT, REQUIRE, and MAX." (cl-assert (or (null type) (eq type (oref backend type))) t "Invalid password-store search: %s %s") (cond ((eq host t) @@ -70,6 +80,8 @@ auth-source-pass-search ((null host) ;; Do not build a result, as none will match when HOST is nil nil) + (auth-source-pass-standard-search + (auth-source-pass--build-result-many host port user require max)) (t (when-let ((result (auth-source-pass--build-result host port user))) (list result))))) @@ -89,6 +101,41 @@ auth-source-pass--build-result (seq-subseq retval 0 -2)) ;; remove password retval)))) +(defvar auth-source-pass--match-regexp nil) + +(defun auth-source-pass--match-regexp (s) + (rx-to-string ; autoloaded + `(: (or bot "/") + (or (: (? (group-n 20 (+ (not (in ?\ ?/ ?@ ,s)))) "@") + (group-n 10 (+ (not (in ?\ ?/ ?@ ,s)))) + (? ,s (group-n 30 (+ (not (in ?\ ?/ ,s)))))) + (: (group-n 11 (+ (not (in ?\ ?/ ?@ ,s)))) + (? ,s (group-n 31 (+ (not (in ?\ ?/ ,s))))) + (? "/" (group-n 21 (+ (not (in ?\ ?/ ,s))))))) + eot) + 'no-group)) + +(defun auth-source-pass--build-result-many (hosts ports users require max) + "Return multiple `auth-source-pass--build-result' values." + (unless (listp hosts) (setq hosts (list hosts))) + (unless (listp users) (setq users (list users))) + (unless (listp ports) (setq ports (list ports))) + (let* ((auth-source-pass--match-regexp (auth-source-pass--match-regexp + auth-source-pass-port-separator)) + (rv (auth-source-pass--find-match-many hosts users ports + require (or max 1)))) + (when auth-source-debug + (auth-source-pass--do-debug "final result: %S" rv)) + (if (eq auth-source-pass-standard-search 'test) + (reverse rv) + (let (out) + (dolist (e rv out) + (when-let* ((s (plist-get e :secret)) ; s not captured by closure + (v (auth-source--obfuscate s))) + (setf (plist-get e :secret) + (lambda () (auth-source--deobfuscate v)))) + (push e out)))))) + ;;;###autoload (defun auth-source-pass-enable () "Enable auth-source-password-store." @@ -206,6 +253,62 @@ auth-source-pass--find-match hosts (list hosts)))) +(defun auth-source-pass--retrieve-parsed (seen path port-number-p) + (when-let ((m (string-match auth-source-pass--match-regexp path))) + (puthash path + (list :host (or (match-string 10 path) (match-string 11 path)) + :user (or (match-string 20 path) (match-string 21 path)) + :port (and-let* ((p (or (match-string 30 path) + (match-string 31 path))) + (n (string-to-number p))) + (if (or (zerop n) (not port-number-p)) + (format "%s" p) + n))) + seen))) + +(defun auth-source-pass--match-parts (parts key value require) + (let ((mv (plist-get parts key))) + (if (memq key require) + (and value (equal mv value)) + (or (not value) (not mv) (equal mv value))))) + +;; For now, this ignores the contents of files and only considers path +;; components when matching. +(defun auth-source-pass--find-match-many (hosts users ports require max) + "Return plists for valid combinations of HOSTS, USERS, PORTS. +Each plist contains, at the very least, a host and a secret." + (let ((seen (make-hash-table :test #'equal)) + (entries (auth-source-pass-entries)) + port-number-p + out) + (catch 'done + (dolist (host hosts out) + (pcase-let ((`(,_ ,u ,p) (auth-source-pass--disambiguate host))) + (unless (or (not (equal "443" p)) (string-prefix-p "https://" host)) + (setq p nil)) + (dolist (user (or users (list u))) + (dolist (port (or ports (list p))) + (setq port-number-p (equal 'integer (type-of port))) + (dolist (e entries) + (when-let* + ((m (or (gethash e seen) (auth-source-pass--retrieve-parsed + seen e port-number-p))) + ((equal host (plist-get m :host))) + ((auth-source-pass--match-parts m :port port require)) + ((auth-source-pass--match-parts m :user user require)) + (parsed (auth-source-pass-parse-entry e)) + (secret (or (auth-source-pass--get-attr 'secret parsed) + (not (memq :secret require))))) + (push + `( :host ,host ; prefer user-provided :host over h + ,@(and-let* ((u (plist-get m :user))) (list :user u)) + ,@(and-let* ((p (plist-get m :port))) (list :port p)) + ,@(and secret (not (eq secret t)) (list :secret secret))) + out) + (when (or (zerop (cl-decf max)) + (null (setq entries (delete e entries)))) + (throw 'done out))))))))))) + (defun auth-source-pass--disambiguate (host &optional user port) "Return (HOST USER PORT) after disambiguation. Disambiguate between having user provided inside HOST (e.g., diff --git a/test/lisp/auth-source-pass-tests.el b/test/lisp/auth-source-pass-tests.el index f5147a7ce0..242fc356b4 100644 --- a/test/lisp/auth-source-pass-tests.el +++ b/test/lisp/auth-source-pass-tests.el @@ -488,6 +488,150 @@ auth-source-pass-prints-meaningful-debug-log (should (auth-source-pass--have-message-matching "found 2 entries matching \"gitlab.com\": (\"a/gitlab.com\" \"b/gitlab.com\")")))) + +;; FIXME move this to top of file if keeping these netrc tests +(require 'ert-x) + +;; No entry has the requested port, but a result is still returned. + +(ert-deftest auth-source-pass-standard-search--wild-port-miss-netrc () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine x.com port 42 password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "x.com" :port 22 :max 2))) + (dolist (result results) + (setf result (plist-put result :secret (auth-info-password result)))) + (should (equal results '((:host "x.com" :secret "a"))))))) + +(ert-deftest auth-source-pass-standard-search--wild-port-miss () + (let ((auth-source-pass-standard-search 'test)) + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("x.com:42" (secret . "b"))) + (auth-source-pass-enable) + (should (equal (auth-source-search :host "x.com" :port 22 :max 2) + '((:host "x.com" :secret "a"))))))) + +;; One of two entries has the requested port, both returned + +(ert-deftest auth-source-pass-standard-search--wild-port-hit-netrc () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine x.com port 42 password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "x.com" :port 42 :max 2))) + (dolist (result results) + (setf result (plist-put result :secret (auth-info-password result)))) + (should (equal results '((:host "x.com" :secret "a") + (:host "x.com" :port "42" :secret "b"))))))) + +(ert-deftest auth-source-pass-standard-search--wild-port-hit () + (let ((auth-source-pass-standard-search 'test)) + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("x.com:42" (secret . "b"))) + (auth-source-pass-enable) + (should (equal (auth-source-search :host "x.com" :port 42 :max 2) + '((:host "x.com" :secret "a") + (:host "x.com" :port 42 :secret "b"))))))) + +;; No entry has the requested port, but :port is required, so search fails + +(ert-deftest auth-source-pass-standard-search--wild-port-req-miss-netrc () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine x.com port 42 password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search + :host "x.com" :port 22 :require '(:port) :max 2))) + (should-not results)))) + +(ert-deftest auth-source-pass-standard-search--wild-port-req-miss () + (let ((auth-source-pass-standard-search 'test)) + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("x.com:42" (secret . "b"))) + (auth-source-pass-enable) + (should-not (auth-source-search + :host "x.com" :port 22 :require '(:port) :max 2))))) + +;; Specifying a :host without a :user finds a lone entry and does not +;; include extra fields (i.e., :port nil) in the result +;; https://lists.gnu.org/archive/html/emacs-devel/2022-11/msg00130.html + +(ert-deftest auth-source-pass-standard-search--netrc-akib () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine disroot.org user akib password b +machine z.com password c +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "disroot.org" :max 2))) + (dolist (result results) + (setf result (plist-put result :secret (auth-info-password result)))) + (should (equal results + '((:host "disroot.org" :user "akib" :secret "b"))))))) + +(ert-deftest auth-source-pass-standard-search--akib () + (let ((auth-source-pass-standard-search 'test)) + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("akib@disroot.org" (secret . "b")) + ("z.com" (secret . "c"))) + (auth-source-pass-enable) + (should (equal (auth-source-search :host "disroot.org" :max 2) + '((:host "disroot.org" :user "akib" :secret "b"))))))) + +;; A retrieved store entry mustn't be nil regardless of whether its +;; path contains port or user components + +(ert-deftest auth-source-pass-standard-search--baseline () + (let ((auth-source-pass-standard-search 'test)) + (auth-source-pass--with-store '(("x.com")) + (auth-source-pass-enable) + (should-not (auth-source-search :host "x.com"))))) + +;; Output port type (int or string) matches that of input parameter + +(ert-deftest auth-source-pass-standard-search--port-type () + (let ((auth-source-pass-standard-search 'test)) + (auth-source-pass--with-store '(("x.com:42" (secret . "a"))) + (auth-source-pass-enable) + (should (equal (auth-source-search :host "x.com" :port 42) + '((:host "x.com" :port 42 :secret "a"))))) + (auth-source-pass--with-store '(("x.com:42" (secret . "a"))) + (auth-source-pass-enable) + (should (equal (auth-source-search :host "x.com" :port "42") + '((:host "x.com" :port "42" :secret "a"))))))) + +;; The :host search param ordering more heavily influences the output +;; because (h1, u1, p1), (h1, u1, p2), ... (hN, uN, pN); also, exact +;; matches are not given precedence, i.e., matching store items are +;; returned in the order encountered + +(ert-deftest auth-source-pass-standard-search--hosts-first () + (let ((auth-source-pass-standard-search 'test)) + (auth-source-pass--with-store '(("x.com:42/bar" (secret . "a")) + ("gnu.org" (secret . "b")) + ("x.com" (secret . "c")) + ("fake.com" (secret . "d")) + ("x.com/foo" (secret . "e"))) + (auth-source-pass-enable) + (should (equal (auth-source-search :host '("x.com" "gnu.org") :max 3) + ;; Notice gnu.org is never considered ^ + '((:host "x.com" :user "bar" :port "42" :secret "a") + (:host "x.com" :secret "c") + (:host "x.com" :user "foo" :secret "e"))))))) + + (provide 'auth-source-pass-tests) ;;; auth-source-pass-tests.el ends here -- 2.38.1 --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0002-POC-Support-auth-source-pass-in-ERC.patch >From 9de7567ab61df0f5dda03e320c3c292c4a66ac55 Mon Sep 17 00:00:00 2001 From: "F. Jason Park" Date: Sun, 24 Apr 2022 06:20:09 -0700 Subject: [PATCH 2/2] [POC] Support auth-source-pass in ERC * doc/misc/erc.texi: Mention that the auth-source-pass backend is supported. * lisp/erc/erc-compat.el (erc-compat--auth-source-pass-search, erc-compat--auth-source-pass--build-results-many, erc-compat--auth-source-pass--retrieve-parsed, erc-compat--auth-source-pass-packend-parse): Copy some yet unreleased functions from auth-source-pass that mimic the netrc backend. Also add forward declarations to support them. * lisp/erc/erc.el (erc--auth-source-search): Use own auth-source-pass erc-compat backend until 29.1 released. * test/lisp/erc/erc-services-tests.el (erc-join-tests--auth-source-pass-entries): Remove useless items. (erc--auth-source-search--pass-standard, erc--auth-source-search--pass-announced, erc--auth-source-search--pass-overrides): Remove `ert-skip' guard. --- doc/misc/erc.texi | 3 +- lisp/erc/erc-compat.el | 101 ++++++++++++++++++++++++++++ lisp/erc/erc.el | 7 +- test/lisp/erc/erc-services-tests.el | 3 - 4 files changed, 109 insertions(+), 5 deletions(-) diff --git a/doc/misc/erc.texi b/doc/misc/erc.texi index 3db83197f9..ad35b78f0e 100644 --- a/doc/misc/erc.texi +++ b/doc/misc/erc.texi @@ -861,7 +861,8 @@ Connecting @code{erc-auth-source-search}. It tries to merge relevant contextual parameters with those provided or discovered from the logical connection or the underlying transport. Some auth-source back ends may not be -compatible; netrc, plstore, json, and secrets are currently supported. +compatible; netrc, plstore, json, secrets, and pass are currently +supported. @end defopt @subheading Full name diff --git a/lisp/erc/erc-compat.el b/lisp/erc/erc-compat.el index 03bd8f1352..747a1152ff 100644 --- a/lisp/erc/erc-compat.el +++ b/lisp/erc/erc-compat.el @@ -32,6 +32,8 @@ ;;; Code: (require 'compat nil 'noerror) +(eval-when-compile (require 'cl-lib)) + ;;;###autoload(autoload 'erc-define-minor-mode "erc-compat") (define-obsolete-function-alias 'erc-define-minor-mode @@ -168,6 +170,105 @@ erc-compat--with-memoization `(cl--generic-with-memoization ,table ,@forms)) (t `(progn ,@forms)))) +;;;; Auth Source + +(declare-function auth-source-pass--get-attr + "auth-source-pass" (key entry-data)) +(declare-function auth-source-pass--disambiguate + "auth-source-pass" (host &optional user port)) +(declare-function auth-source-backend-parse-parameters + "auth-source-pass" (entry backend)) +(declare-function auth-source-backend "auth-source" (&rest slots)) +(declare-function auth-source-pass-entries "auth-source-pass" nil) +(declare-function auth-source-pass-parse-entry "auth-source-pass" (entry)) + +;; This basically hard codes `auth-source-pass-port-separator' to ":" +(defun erc-compat--auth-source-pass--retrieve-parsed (seen e port-number-p) + (when-let ((pat (rx (or bot "/") + (or (: (? (group-n 20 (+ (not (in " /@")))) "@") + (group-n 10 (+ (not (in " /:@")))) + (? ":" (group-n 30 (+ (not (in " /:")))))) + (: (group-n 11 (+ (not (in " /:@")))) + (? ":" (group-n 31 (+ (not (in " /:"))))) + (? "/" (group-n 21 (+ (not (in " /:"))))))) + eot)) + (m (string-match pat e))) + (puthash e (list :host (or (match-string 10 e) + (match-string 11 e)) + :user (or (match-string 20 e) + (match-string 21 e)) + :port (and-let* ((p (or (match-string 30 e) + (match-string 31 e))) + (n (string-to-number p))) + (if (or (zerop n) + (not port-number-p)) + (format "%s" p) + n))) + seen))) + +;; This looks bad, but it just inlines `auth-source-pass--find-match-many'. +(defun erc-compat--auth-source-pass--build-result-many + (hosts users ports require max) + "Return a plist of HOSTS, PORTS, USERS, and secret." + (unless (listp hosts) (setq hosts (list hosts))) + (unless (listp users) (setq users (list users))) + (unless (listp ports) (setq ports (list ports))) + (unless max (setq max 1)) + (let ((seen (make-hash-table :test #'equal)) + (entries (auth-source-pass-entries)) + (check (lambda (m k v) + (let ((mv (plist-get m k))) + (if (memq k require) + (and v (equal mv v)) + (or (not v) (not mv) (equal mv v)))))) + port-number-p + out) + (catch 'done + (dolist (host hosts) + (pcase-let ((`(,_ ,u ,p) (auth-source-pass--disambiguate host))) + (unless (or (not (equal "443" p)) (string-prefix-p "https://" host)) + (setq p nil)) + (dolist (user (or users (list u))) + (dolist (port (or ports (list p))) + (setq port-number-p (equal 'integer (type-of port))) + (dolist (e entries) + (when-let* + ((m (or (gethash e seen) + (erc-compat--auth-source-pass--retrieve-parsed + seen e port-number-p))) + ((equal host (plist-get m :host))) + ((funcall check m :port port)) + ((funcall check m :user user)) + (parsed (auth-source-pass-parse-entry e)) + (secret (or (auth-source-pass--get-attr 'secret parsed) + (not (memq :secret require))))) + (push + `( :host ,host ; prefer user-provided :host over h + ,@(and-let* ((u (plist-get m :user))) (list :user u)) + ,@(and-let* ((p (plist-get m :port))) (list :port p)) + ,@(and secret (not (eq secret t)) (list :secret secret))) + out) + (when (or (zerop (cl-decf max)) + (null (setq entries (delete e entries)))) + (throw 'done nil))))))))) + (reverse out))) + +(cl-defun erc-compat--auth-source-pass-search + (&rest spec &key host user port require max &allow-other-keys) + ;; From `auth-source-pass-search' + (cl-assert (and host (not (eq host t))) + t "Invalid password-store search: %s %s") + (erc-compat--auth-source-pass--build-result-many host user port require max)) + +(defun erc-compat--auth-source-pass-backend-parse (entry) + (when (eq entry 'password-store) + (auth-source-backend-parse-parameters + entry (auth-source-backend + :source "." + :type 'password-store + :search-function #'erc-compat--auth-source-pass-search)))) + + (provide 'erc-compat) ;;; erc-compat.el ends here diff --git a/lisp/erc/erc.el b/lisp/erc/erc.el index 6b14cf87e2..3769e73041 100644 --- a/lisp/erc/erc.el +++ b/lisp/erc/erc.el @@ -3225,7 +3225,12 @@ erc--auth-source-search the nod. Much the same would happen for entries sharing only a port: the one with host foo would win." (when-let* - ((priority (map-keys defaults)) + ((auth-source-backend-parser-functions + (if (memq 'password-store auth-sources) + (cons #'erc-compat--auth-source-pass-backend-parse + auth-source-backend-parser-functions) + auth-source-backend-parser-functions)) + (priority (map-keys defaults)) (test (lambda (a b) (catch 'done (dolist (key priority) diff --git a/test/lisp/erc/erc-services-tests.el b/test/lisp/erc/erc-services-tests.el index c22d4cf75e..7ff2e36e77 100644 --- a/test/lisp/erc/erc-services-tests.el +++ b/test/lisp/erc/erc-services-tests.el @@ -474,7 +474,6 @@ erc-join-tests--auth-source-pass-entries ("GNU.chat:irc/#chan" (secret . "foo")))) (ert-deftest erc--auth-source-search--pass-standard () - (ert-skip "Pass backend not yet supported") (let ((store erc-join-tests--auth-source-pass-entries) (auth-sources '(password-store)) (auth-source-do-cache nil)) @@ -487,7 +486,6 @@ erc--auth-source-search--pass-standard (erc-services-tests--auth-source-standard #'erc-auth-source-search)))) (ert-deftest erc--auth-source-search--pass-announced () - (ert-skip "Pass backend not yet supported") (let ((store erc-join-tests--auth-source-pass-entries) (auth-sources '(password-store)) (auth-source-do-cache nil)) @@ -500,7 +498,6 @@ erc--auth-source-search--pass-announced (erc-services-tests--auth-source-announced #'erc-auth-source-search)))) (ert-deftest erc--auth-source-search--pass-overrides () - (ert-skip "Pass backend not yet supported") (let ((store `(,@erc-join-tests--auth-source-pass-entries ("GNU.chat:6697/#chan" (secret . "spam")) -- 2.38.1 --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sat Nov 05 20:09:34 2022 Received: (at control) by debbugs.gnu.org; 6 Nov 2022 00:09:34 +0000 Received: from localhost ([127.0.0.1]:58361 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1orTEE-0004le-9n for submit@debbugs.gnu.org; Sat, 05 Nov 2022 20:09:34 -0400 Received: from mail-108-mta163.mxroute.com ([136.175.108.163]:45985) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1orTEC-0004lQ-FA for control@debbugs.gnu.org; Sat, 05 Nov 2022 20:09:32 -0400 Received: from mail-111-mta2.mxroute.com ([136.175.111.2] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta163.mxroute.com (ZoneMTA) with ESMTPSA id 1844a4549a60006e99.001 for (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Sun, 06 Nov 2022 00:09:25 +0000 X-Zone-Loop: 12d57e51d160e539ab92e48ca1524b8289fcd416160f X-Originating-IP: [136.175.111.2] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neverwas.me ; s=x; h=Content-Type:MIME-Version:Message-ID:Date:Subject:To:From:Sender: Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=NkiQD37mOJixZOj3l5JAGaOjiyrif1xrM5awTMatNuc=; b=Egc4k2aPRgxjebjcb7ECyTzjOq N5VzfHsfmWglp/vcWAXMiWakVLASjfQkWy8Yq5YA6Y1pXDqM4uZhKC9b4DYDvomj8oChfU9vg8FV+ nuod3o9nlkqzP9dfnrQj3FngqUx7OoRtI+pzc4H4qR46hNgCpGAOS5HVUMLYuery6wlouxyzeQCFu vuISXl7qHXNuy8e/2T4g6pxYcBu2hYiIU5B2h335tBwM0JVef21oSyM7Kpx2EUyUmWFAGEmo5nMsP xenAMSvjuCJkZuokIUjXHdGZ38wiBepSCqJx3P7xOXX4ilSL+EYhWWZVngsZwmQ3ZX1jpMH75sA3i u/RtJHZQ==; From: "J.P." To: control@debbugs.gnu.org Subject: control message for bug #58985 Date: Sat, 05 Nov 2022 17:09:21 -0700 Message-ID: <87fsex9c5q.fsf@neverwas.me> MIME-Version: 1.0 Content-Type: text/plain X-Authenticated-Id: masked@neverwas.me X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) severity 58985 wishlist quit From debbugs-submit-bounces@debbugs.gnu.org Sun Nov 06 06:23:40 2022 Received: (at 58985) by debbugs.gnu.org; 6 Nov 2022 11:23:40 +0000 Received: from localhost ([127.0.0.1]:58825 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ordka-0006y6-Gk for submit@debbugs.gnu.org; Sun, 06 Nov 2022 06:23:40 -0500 Received: from mout.gmx.net ([212.227.15.15]:39329) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ordkV-0006xo-Bb for 58985@debbugs.gnu.org; Sun, 06 Nov 2022 06:23:38 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417; t=1667733805; bh=Rq3GGB2zgVMxPfcpIhZz3OCKZxhK0fFMe4gm88TY9HA=; h=X-UI-Sender-Class:From:To:Cc:Subject:In-Reply-To:References:Date; b=IwmqbexQ/7XMfCsfPQt1Nph8q98AltrZBdB4BCumVBC5m4IBB4ZD1FjlGcBtkctIW 5iMZX2rm156G4rGydqRFzzbP5W/pnvtV2t2Vlanj5olqR2+7uSYOw1szB8DyZDbvJ+ ShEbGCNrgjL3sE2jTGuDEOka4997ocBd0SPOadRWNA0924EtmOuP/R4BiSvHbKN4Ek x/KC6YBe2XbIEG+9BEgMxvG+m4kk2YNVUuQHJv8gxl0kxgi09w9aKfkNN4g9j6f0ZY Y8mOrCmduH76kqjm4groVpphaR1szDpjABMV+/3HoJdnSP8YuTYgwsTtcsIMSVGbCx dahzOqks1ZL7w== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from gandalf.gmx.de ([79.140.124.253]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MJE2D-1obTfj3DD9-00Kl6V; Sun, 06 Nov 2022 12:23:24 +0100 From: Michael Albinus To: "J.P." Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> (J. P.'s message of "Sat, 05 Nov 2022 16:55:16 -0700") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> Date: Sun, 06 Nov 2022 12:23:23 +0100 Message-ID: <87pme09vis.fsf@gmx.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Provags-ID: V03:K1:tMqqkW2b5KZUgsFSADO9OohmTtKV1NX8Ihsx7D9rNpElByi+s9Y oOmbUHrO/urLlMZeUHkmPF6Q4REBQscJtWMF/ZNzOxO55KxBfxvro4UYn+qPYbOmdq1y8Pg BbtIQAzgkyExgisquNd7GBWg9HsFWHOlw3ln+RJn66BdLmnDhc2ck6PKnq7WQ20Amh+GozW vvyiGNR9ET5k3O3idQg8A== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:khvMWyBKras=;HSpHd/OTZhTyD1rhf/NiMLI9qFL NohQFYHQnB43/umq1rJDecBaMiPV9g6w8GBIxJ7H8njgXhxxguEbRrlpnr3Fium/Lp7GazEDF zuuxHjU2olWl7O2Vh7a2PgaqX8TuxiuXunP+0qwAmu5RuBSunil2iJ5J1zcItIO+7PgdIFKR4 dFg+wD3AaLfefJyhyavMY+YTM+efFPZT7tRYptK1zHBxP7/WDDy9hJlC/986YZ4u7q2Q8X5OI e2+Wk0N2Q9EfGkeWVUaCNjRTpH6UyGvFuTU4dwzaZ4YgCvlP1/aE0aXYOT0uaGSLEq6HQoUCT 5KJOTWSJZBr/GOGJsTeGKEw1gKAxZ7E2itnEUeBbgRvfcUCjbuQbCOLh0B33zWd277AA1zPBs 1KSBNhUGlzJM6p3eureWwurwD4Cuqp00ilQ1aqZEyq+/VwIS+gTqnLvN3b7SLkIqxB9ldIXjV ziFjtUEI5pKf3CBhkFFx3awxsTquSpy1NNbgGOMFE1ei80ITuT2njlmiJTfC2ypFi8zyAv9nE fY/uOncdbGMbwXPVEFw8eXOvPerW8rxjzFFJOZPAnzM3ccjnxftq3MrxlzFAKiDqEVcgS+4Ne b8Uw1RFeR3yLnr/49Fwk2XoYp+CMoXeZ/4tarLMG/5c81fUifCl7aJdsVN9wXdV+ShIduu/dh jwLJ4cfGM2/s904ohlaRY1+fJ1WPo9y6ApYcx9i+JemYOhKPW47j4euJLFvLc31c7i4Xvq3Ps HLRbCOCeFOtIyG0kHDF9nCXZ/t54yrs68PRBrI2dAwU/GP/CvPqwHuw5qZ+zQ7PN00ASxHTjB EkuyChEgSiGs4my7R/AtqCpiVGQ6Qzp6zVLkxXuCAFnqC+yr6KRfEWbzxG2y1uMWaVfzLDhyN 7Un/64DIiNvIZ4ONHagA9LckwmdlvqBrz+3adWhIvbdh891jnaXrfL5zk8HZKHlNrcTuYjRWF hvGfImx/mR8dTuXds6rlW0bu4Xw= X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 58985 Cc: Damien Cassou , emacs-erc@gnu.org, 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) "J.P." writes: Hi, > v2. Respect existing user option. I'm not familiar with the auth-source-pass.el implementation, so I cannot speak too much about your patch. Reading it roughly, I haven't found serious flaws, 'tho. However :-) --8<---------------cut here---------------start------------->8--- +(defcustom auth-source-pass-standard-search nil + "Whether to use more standardized search behavior. +When nil, the password-store backend works like it always has and +considers at most one `:user' search parameter and returns at +most one result. With t, it tries to more faithfully mimic other +auth-source backends." + :version "29.1" + :type 'boolean) --8<---------------cut here---------------end--------------->8--- - The name of this user option as well as its docstring are focussed on the current behavior. People won't know what "mimic other auth-source backends" would mean. Please describe the effect w/o that comparison, and pls give it a name based on its effect, and not "...-standard-search". - I'm missing the documentation in doc/misc/auth.texi and etc/NEWS. Best regards, Michael. From debbugs-submit-bounces@debbugs.gnu.org Sun Nov 06 09:39:40 2022 Received: (at submit) by debbugs.gnu.org; 6 Nov 2022 14:39:40 +0000 Received: from localhost ([127.0.0.1]:59070 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1orgoB-00045C-Cg for submit@debbugs.gnu.org; Sun, 06 Nov 2022 09:39:40 -0500 Received: from lists.gnu.org ([209.51.188.17]:51262) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1orgo5-000450-Mx for submit@debbugs.gnu.org; Sun, 06 Nov 2022 09:39:34 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1orgo5-0004Fh-GJ for bug-gnu-emacs@gnu.org; Sun, 06 Nov 2022 09:39:29 -0500 Received: from mail.choca.pics ([2001:910:1410:500::1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1orgnz-0001nw-RQ for bug-gnu-emacs@gnu.org; Sun, 06 Nov 2022 09:39:29 -0500 Received: from localhost (localhost.localdomain [IPv6:::1]) by mail.choca.pics (Postfix) with ESMTP id D0AC3181942A7; Sun, 6 Nov 2022 15:39:12 +0100 (CET) Received: from mail.choca.pics ([IPv6:::1]) by localhost (mail.choca.pics [IPv6:::1]) (amavisd-new, port 10032) with ESMTP id XJ_OUMb1xoQx; Sun, 6 Nov 2022 15:39:12 +0100 (CET) Received: from localhost (localhost.localdomain [IPv6:::1]) by mail.choca.pics (Postfix) with ESMTP id 5ACE8181942BC; Sun, 6 Nov 2022 15:39:12 +0100 (CET) X-Virus-Scanned: amavisd-new at choca.pics Received: from mail.choca.pics ([IPv6:::1]) by localhost (mail.choca.pics [IPv6:::1]) (amavisd-new, port 10026) with ESMTP id p7QW4Fb0LXF5; Sun, 6 Nov 2022 15:39:12 +0100 (CET) Received: from localhost (153.226.95.79.rev.sfr.net [79.95.226.153]) by mail.choca.pics (Postfix) with ESMTPSA id 08E2F181942A7; Sun, 6 Nov 2022 15:39:11 +0100 (CET) From: Damien Cassou To: "J.P." , bug-gnu-emacs@gnu.org Subject: Re: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <87wn8cb0ym.fsf@neverwas.me> References: <87wn8cb0ym.fsf@neverwas.me> Date: Sun, 06 Nov 2022 15:39:11 +0100 Message-ID: <87y1sow3jk.fsf@cassou.me> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=2001:910:1410:500::1; envelope-from=damien@cassou.me; helo=mail.choca.pics X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) Hi J.P., thank you very much for working on auth-source-pass. I think it's fine to break backward compatibility if it makes auth-source-pass closer to what auth-source requires. I don't have time to review the code though, I'm sorry. Best -- Damien Cassou "Success is the ability to go from one failure to another without losing enthusiasm." --Winston Churchill From debbugs-submit-bounces@debbugs.gnu.org Sun Nov 06 23:59:27 2022 Received: (at 58985) by debbugs.gnu.org; 7 Nov 2022 04:59:27 +0000 Received: from localhost ([127.0.0.1]:32838 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oruEJ-0004yG-0X for submit@debbugs.gnu.org; Sun, 06 Nov 2022 23:59:27 -0500 Received: from mail-108-mta52.mxroute.com ([136.175.108.52]:40723) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oruEF-0004y0-SN for 58985@debbugs.gnu.org; Sun, 06 Nov 2022 23:59:25 -0500 Received: from mail-111-mta2.mxroute.com ([136.175.111.2] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta52.mxroute.com (ZoneMTA) with ESMTPSA id 1845074f6e40006e99.002 for <58985@debbugs.gnu.org> (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Mon, 07 Nov 2022 04:59:13 +0000 X-Zone-Loop: b39d95e930166a0919f2b1da27a56205eb700fac6d1b X-Originating-IP: [136.175.111.2] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neverwas.me ; s=x; h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To: Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=js8eCXhp1ba0jBzUitcVvO/NSFshUc/r5O9MqIpZbtk=; b=lLTNBLAPS9Fm3IZrWu7lg4X3au wOR0Ck81VzM/f3s8a/GskY19WwFztLS24NpAkxf9CFZC7q7ic2be8mL3/JCyv6wybB/EC/QNuoTRY IzuBeVsU7Q6uJJXLlU6OY7eRyGNI2+51+SQRGQFBcWOnIjW8rZl+3TUwNZDtQbSKLpNs50mBX8nCo TrK5zpPoLsbsCCRms8Lfq2Dy44YQkBdETKkVcfU2W3On0j821pcFF6mwqJeGRIM0Vva8OPW8fnZJO BfT9DsKbLJN7+bnRVSphu2IdzoMdlu3l0ukloAf5TtsOXcboMq+pQve3X+AKDGwak4wy+KsSqw/8Q Xn+VQSkQ==; From: "J.P." To: Damien Cassou Subject: Re: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <87y1sow3jk.fsf@cassou.me> (Damien Cassou's message of "Sun, 06 Nov 2022 15:39:11 +0100") References: <87wn8cb0ym.fsf@neverwas.me> <87y1sow3jk.fsf@cassou.me> Date: Sun, 06 Nov 2022 20:59:09 -0800 Message-ID: <87bkpjz7fm.fsf@neverwas.me> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Authenticated-Id: masked@neverwas.me X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: emacs-erc@gnu.org, akib@disroot.org, 58985@debbugs.gnu.org, tino.calancha@gmail.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Damien, Damien Cassou writes: > I think it's fine to break backward compatibility if it makes > auth-source-pass closer to what auth-source requires. There's some nice behavior that you introduced initially regarding the narrowing of results, namely (from the info manual): If several entries match, the one matching the most items (where an "item" is one of username, port or host) is preferred. For example ... It'd be a shame to lose that, since folks may have come to rely on it. Perhaps it would be prudent to offer an escape hatch of some sort to restore the existing behavior? > I don't have time to review the code though, I'm sorry. No worries at all. Unfortunately, I don't use pass myself and am mostly concerned with ERC's integration. The good news is an actual pass user, Akib (Cc'd), has expressed some interest regarding this topic on emacs-devel, so I'm hoping they'll step in and take over or collaborate in some fashion. Also, I noticed that the password-store.el in zx2c4's contrib/emacs subdir actually requires auth-source as a dependency, so I've Cc'd the maintainer for that package as well. Thanks, J.P. From debbugs-submit-bounces@debbugs.gnu.org Mon Nov 07 00:00:40 2022 Received: (at 58985) by debbugs.gnu.org; 7 Nov 2022 05:00:40 +0000 Received: from localhost ([127.0.0.1]:32843 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oruFS-00052N-FK for submit@debbugs.gnu.org; Mon, 07 Nov 2022 00:00:40 -0500 Received: from mail-108-mta149.mxroute.com ([136.175.108.149]:37447) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oruFO-000526-Ki for 58985@debbugs.gnu.org; Mon, 07 Nov 2022 00:00:36 -0500 Received: from mail-111-mta2.mxroute.com ([136.175.111.2] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta149.mxroute.com (ZoneMTA) with ESMTPSA id 1845076135e0006e99.002 for <58985@debbugs.gnu.org> (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Mon, 07 Nov 2022 05:00:26 +0000 X-Zone-Loop: aae02335540f3362ea8f4510e46acc2cded58efac5ad X-Originating-IP: [136.175.111.2] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neverwas.me ; s=x; h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To: Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=cajqvT3UxLlspqyLoQXNxv1IaV6eRZe6G9/KQEPas60=; b=J5bQ+E0XPtBuwPKMkrZLHG30qR CSLvYhnS0DhP2l4sTsz0iW2rgRI5o6T6MFW3HFW85hKWSYmyqFuPx/PaWq/BZyY1T/iTLGBkL+g/G jUlOOGL/xnsWuFU2LTk+YLEXS1CVYtixem7ArymDoQvgh7sYJvjc/SIZkh93iL44EtSrOGQmVKuoO 6426VkqTJwCnk9EUL3Dm5fvSj7n/g032Qmm1SVNlB2eyqcDMXYWmaOHTtM1Nrd0W0D2LOYViRarA9 dwlz3exqJ6qP9LFaQoXx1GuJpn2dbgOmvrHoZJm3dEAh4M3q22E8NmfFuxu/czZ5qryqNnOBAN/eb Y1/Aeraw==; From: "J.P." To: Michael Albinus Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <87pme09vis.fsf@gmx.de> (Michael Albinus's message of "Sun, 06 Nov 2022 12:23:23 +0100") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> Date: Sun, 06 Nov 2022 21:00:22 -0800 Message-ID: <87a653z7dl.fsf@neverwas.me> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Authenticated-Id: masked@neverwas.me X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: Damien Cassou , emacs-erc@gnu.org, 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Hi Michael, Michael Albinus writes: > I'm not familiar with the auth-source-pass.el implementation, so I > cannot speak too much about your patch. Reading it roughly, I haven't > found serious flaws, 'tho. Thanks for taking a look! > However :-) > > +(defcustom auth-source-pass-standard-search nil > + "Whether to use more standardized search behavior. > +When nil, the password-store backend works like it always has and > +considers at most one `:user' search parameter and returns at > +most one result. With t, it tries to more faithfully mimic other > +auth-source backends." > + :version "29.1" > + :type 'boolean) > > - The name of this user option as well as its docstring are focussed on > the current behavior. People won't know what "mimic other auth-source > backends" would mean. Please describe the effect w/o that comparison, > and pls give it a name based on its effect, and not "...-standard-search". I've changed the name to `auth-source-pass-extra-query-keywords' and updated the description to something hopefully more adequate. > - I'm missing the documentation in doc/misc/auth.texi and etc/NEWS. Added. BTW, I was initially thinking it'd be better to wait for a more comprehensive and maintainable solution, like something based around a larger set of common functions to be shared among the various back ends (hence the [POC] qualifier on my patches). However, I suppose such a thing could be done later, once the desired behavior is all dialed in (perhaps alongside addressing support for full CRUD operations, which are still missing, AFIAK). Anyway, I really don't know enough about pass or auth-source to commit to such an endeavor. But I've reached out to some folks who may be able to lend a hand. Thanks, J.P. --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0000-v2-v3.diff >From a1701d3a7b96b6a7bb34b2a026caa6850c7574c5 Mon Sep 17 00:00:00 2001 From: "F. Jason Park" Date: Sun, 6 Nov 2022 20:51:19 -0800 Subject: [PATCH 0/2] *** NOT A PATCH *** *** BLURB HERE *** F. Jason Park (2): [POC] Make auth-source-pass behave more like other backends [POC] Support auth-source-pass in ERC doc/misc/auth.texi | 11 +++ doc/misc/erc.texi | 3 +- etc/NEWS | 8 ++ lisp/auth-source-pass.el | 109 ++++++++++++++++++++- lisp/erc/erc-compat.el | 101 +++++++++++++++++++ lisp/erc/erc.el | 7 +- test/lisp/auth-source-pass-tests.el | 144 ++++++++++++++++++++++++++++ test/lisp/erc/erc-services-tests.el | 3 - 8 files changed, 380 insertions(+), 6 deletions(-) Interdiff: diff --git a/doc/misc/auth.texi b/doc/misc/auth.texi index 9dc63af6bc..222fce2058 100644 --- a/doc/misc/auth.texi +++ b/doc/misc/auth.texi @@ -526,6 +526,8 @@ The Unix password store while searching for an entry matching the @code{rms} user on host @code{gnu.org} and port @code{22}, then the entry @file{gnu.org:22/rms.gpg} is preferred over @file{gnu.org.gpg}. +However, such filtering is not applied when the option +@code{auth-source-pass-extra-parameters} is set to @code{t}. Users of @code{pass} may also be interested in functionality provided by other Emacs packages: @@ -549,6 +551,15 @@ The Unix password store port in an entry. Defaults to @samp{:}. @end defvar +@defvar auth-source-pass-extra-query-keywords +Set this to @code{t} if you encounter problems predicting the outcome +of searches relative to other auth-source backends or if you have code +that expects to query multiple backends uniformly. This tells +auth-source-pass to consider the @code{:max} and @code{:require} +keywords as well as lists containing multiple query params (for +applicable keywords). +@end defvar + @node Help for developers @chapter Help for developers diff --git a/etc/NEWS b/etc/NEWS index 89da8aa63f..776936489f 100644 --- a/etc/NEWS +++ b/etc/NEWS @@ -1383,6 +1383,14 @@ If non-nil and there's only one matching option, auto-select that. If non-nil, this user option describes what entries not to add to the database stored on disk. +** Auth-Source + ++++ +*** New user option 'auth-source-pass-extra-query-keywords'. +Whether to recognize additional keyword params, like ':max' and +':require', as well as accept lists of query terms paired with +applicable keywords. + ** Dired +++ diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el index 44c47c30b7..d9129667e1 100644 --- a/lisp/auth-source-pass.el +++ b/lisp/auth-source-pass.el @@ -55,14 +55,18 @@ auth-source-pass-port-separator :type 'string :version "27.1") -(defcustom auth-source-pass-standard-search nil - "Whether to use more standardized search behavior. -When nil, the password-store backend works like it always has and -considers at most one `:user' search parameter and returns at -most one result. With t, it tries to more faithfully mimic other -auth-source backends." - :version "29.1" - :type 'boolean) +(defcustom auth-source-pass-extra-query-keywords nil + "Whether to consider additional keywords when performing a query. +Specifically, when the value is t, recognize the `:max' and +`:require' keywords and accept lists of query parameters for +certain keywords, such as `:host' and `:user'. Also, wrap all +returned secrets in a function and forgo any further results +filtering unless given an applicable `:require' argument. When +this option is nil, do none of that, and enact the narrowing +behavior described toward the bottom of the Info node `(auth) The +Unix password store'." + :type 'boolean + :version "29.1") (cl-defun auth-source-pass-search (&rest spec &key backend type host user port @@ -80,7 +84,7 @@ auth-source-pass-search ((null host) ;; Do not build a result, as none will match when HOST is nil nil) - (auth-source-pass-standard-search + (auth-source-pass-extra-query-keywords (auth-source-pass--build-result-many host port user require max)) (t (when-let ((result (auth-source-pass--build-result host port user))) @@ -126,7 +130,7 @@ auth-source-pass--build-result-many require (or max 1)))) (when auth-source-debug (auth-source-pass--do-debug "final result: %S" rv)) - (if (eq auth-source-pass-standard-search 'test) + (if (eq auth-source-pass-extra-query-keywords 'test) (reverse rv) (let (out) (dolist (e rv out) diff --git a/test/lisp/auth-source-pass-tests.el b/test/lisp/auth-source-pass-tests.el index 242fc356b4..718c7cf4ba 100644 --- a/test/lisp/auth-source-pass-tests.el +++ b/test/lisp/auth-source-pass-tests.el @@ -494,7 +494,7 @@ auth-source-pass-prints-meaningful-debug-log ;; No entry has the requested port, but a result is still returned. -(ert-deftest auth-source-pass-standard-search--wild-port-miss-netrc () +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-miss-netrc () (ert-with-temp-file netrc-file :text "\ machine x.com password a @@ -507,8 +507,8 @@ auth-source-pass-standard-search--wild-port-miss-netrc (setf result (plist-put result :secret (auth-info-password result)))) (should (equal results '((:host "x.com" :secret "a"))))))) -(ert-deftest auth-source-pass-standard-search--wild-port-miss () - (let ((auth-source-pass-standard-search 'test)) +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-miss () + (let ((auth-source-pass-extra-query-keywords 'test)) (auth-source-pass--with-store '(("x.com" (secret . "a")) ("x.com:42" (secret . "b"))) (auth-source-pass-enable) @@ -517,7 +517,7 @@ auth-source-pass-standard-search--wild-port-miss ;; One of two entries has the requested port, both returned -(ert-deftest auth-source-pass-standard-search--wild-port-hit-netrc () +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-hit-netrc () (ert-with-temp-file netrc-file :text "\ machine x.com password a @@ -531,8 +531,8 @@ auth-source-pass-standard-search--wild-port-hit-netrc (should (equal results '((:host "x.com" :secret "a") (:host "x.com" :port "42" :secret "b"))))))) -(ert-deftest auth-source-pass-standard-search--wild-port-hit () - (let ((auth-source-pass-standard-search 'test)) +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-hit () + (let ((auth-source-pass-extra-query-keywords 'test)) (auth-source-pass--with-store '(("x.com" (secret . "a")) ("x.com:42" (secret . "b"))) (auth-source-pass-enable) @@ -542,7 +542,7 @@ auth-source-pass-standard-search--wild-port-hit ;; No entry has the requested port, but :port is required, so search fails -(ert-deftest auth-source-pass-standard-search--wild-port-req-miss-netrc () +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-req-miss-netrc () (ert-with-temp-file netrc-file :text "\ machine x.com password a @@ -554,8 +554,8 @@ auth-source-pass-standard-search--wild-port-req-miss-netrc :host "x.com" :port 22 :require '(:port) :max 2))) (should-not results)))) -(ert-deftest auth-source-pass-standard-search--wild-port-req-miss () - (let ((auth-source-pass-standard-search 'test)) +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-req-miss () + (let ((auth-source-pass-extra-query-keywords 'test)) (auth-source-pass--with-store '(("x.com" (secret . "a")) ("x.com:42" (secret . "b"))) (auth-source-pass-enable) @@ -566,7 +566,7 @@ auth-source-pass-standard-search--wild-port-req-miss ;; include extra fields (i.e., :port nil) in the result ;; https://lists.gnu.org/archive/html/emacs-devel/2022-11/msg00130.html -(ert-deftest auth-source-pass-standard-search--netrc-akib () +(ert-deftest auth-source-pass-extra-query-keywords--netrc-akib () (ert-with-temp-file netrc-file :text "\ machine x.com password a @@ -581,8 +581,8 @@ auth-source-pass-standard-search--netrc-akib (should (equal results '((:host "disroot.org" :user "akib" :secret "b"))))))) -(ert-deftest auth-source-pass-standard-search--akib () - (let ((auth-source-pass-standard-search 'test)) +(ert-deftest auth-source-pass-extra-query-keywords--akib () + (let ((auth-source-pass-extra-query-keywords 'test)) (auth-source-pass--with-store '(("x.com" (secret . "a")) ("akib@disroot.org" (secret . "b")) ("z.com" (secret . "c"))) @@ -593,16 +593,16 @@ auth-source-pass-standard-search--akib ;; A retrieved store entry mustn't be nil regardless of whether its ;; path contains port or user components -(ert-deftest auth-source-pass-standard-search--baseline () - (let ((auth-source-pass-standard-search 'test)) +(ert-deftest auth-source-pass-extra-query-keywords--baseline () + (let ((auth-source-pass-extra-query-keywords 'test)) (auth-source-pass--with-store '(("x.com")) (auth-source-pass-enable) (should-not (auth-source-search :host "x.com"))))) ;; Output port type (int or string) matches that of input parameter -(ert-deftest auth-source-pass-standard-search--port-type () - (let ((auth-source-pass-standard-search 'test)) +(ert-deftest auth-source-pass-extra-query-keywords--port-type () + (let ((auth-source-pass-extra-query-keywords 'test)) (auth-source-pass--with-store '(("x.com:42" (secret . "a"))) (auth-source-pass-enable) (should (equal (auth-source-search :host "x.com" :port 42) @@ -617,8 +617,8 @@ auth-source-pass-standard-search--port-type ;; matches are not given precedence, i.e., matching store items are ;; returned in the order encountered -(ert-deftest auth-source-pass-standard-search--hosts-first () - (let ((auth-source-pass-standard-search 'test)) +(ert-deftest auth-source-pass-extra-query-keywords--hosts-first () + (let ((auth-source-pass-extra-query-keywords 'test)) (auth-source-pass--with-store '(("x.com:42/bar" (secret . "a")) ("gnu.org" (secret . "b")) ("x.com" (secret . "c")) -- 2.38.1 --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-POC-Make-auth-source-pass-behave-more-like-other-bac.patch >From 450e2f029a26b30d583afcb44e7fdd561a95c277 Mon Sep 17 00:00:00 2001 From: "F. Jason Park" Date: Tue, 1 Nov 2022 22:46:24 -0700 Subject: [PATCH 1/2] [POC] Make auth-source-pass behave more like other backends * lisp/auth-source-pass.el (auth-source-pass-extra-query-keywords): Add new option to bring search behavior more in line with other backends. (auth-source-pass-search): Add new keyword params `max' and `require' and consider new option `auth-source-pass-extra-query-keywords' for dispatch. (auth-source-pass--match-regexp, auth-source-pass--retrieve-parsed, auth-source-pass--match-parts): Add supporting variable and helpers. (auth-source-pass--build-result-many, auth-source-pass--find-match-many): Add "-many" variants for existing workhorse functions. * test/lisp/auth-source-pass-tests.el (auth-source-pass-extra-query-keywords--wild-port-miss-netrc, auth-source-pass-extra-query-keywords--wild-port-miss, auth-source-pass-extra-query-keywords--wild-port-hit-netrc, auth-source-pass-extra-query-keywords--wild-port-hit, auth-source-pass-extra-query-keywords--wild-port-req-miss-netrc, auth-source-pass-extra-query-keywords--wild-port-req-miss, auth-source-pass-extra-query-keywords--baseline, auth-source-pass-extra-query-keywords--port-type, auth-source-pass-extra-query-keywords--hosts-first): Add juxtaposed netrc and extra-query-keywords pairs to demo optional extra-compliant behavior. * doc/misc/auth.texi: Add option `auth-source-pass-extra-query-keywords' to auth-source-pass section. * etc/NEWS: Mention `auth-source-pass-extra-query-keywords' in Emacs 29.1 package changes section. --- doc/misc/auth.texi | 11 +++ etc/NEWS | 8 ++ lisp/auth-source-pass.el | 109 ++++++++++++++++++++- test/lisp/auth-source-pass-tests.el | 144 ++++++++++++++++++++++++++++ 4 files changed, 271 insertions(+), 1 deletion(-) diff --git a/doc/misc/auth.texi b/doc/misc/auth.texi index 9dc63af6bc..222fce2058 100644 --- a/doc/misc/auth.texi +++ b/doc/misc/auth.texi @@ -526,6 +526,8 @@ The Unix password store while searching for an entry matching the @code{rms} user on host @code{gnu.org} and port @code{22}, then the entry @file{gnu.org:22/rms.gpg} is preferred over @file{gnu.org.gpg}. +However, such filtering is not applied when the option +@code{auth-source-pass-extra-parameters} is set to @code{t}. Users of @code{pass} may also be interested in functionality provided by other Emacs packages: @@ -549,6 +551,15 @@ The Unix password store port in an entry. Defaults to @samp{:}. @end defvar +@defvar auth-source-pass-extra-query-keywords +Set this to @code{t} if you encounter problems predicting the outcome +of searches relative to other auth-source backends or if you have code +that expects to query multiple backends uniformly. This tells +auth-source-pass to consider the @code{:max} and @code{:require} +keywords as well as lists containing multiple query params (for +applicable keywords). +@end defvar + @node Help for developers @chapter Help for developers diff --git a/etc/NEWS b/etc/NEWS index 89da8aa63f..776936489f 100644 --- a/etc/NEWS +++ b/etc/NEWS @@ -1383,6 +1383,14 @@ If non-nil and there's only one matching option, auto-select that. If non-nil, this user option describes what entries not to add to the database stored on disk. +** Auth-Source + ++++ +*** New user option 'auth-source-pass-extra-query-keywords'. +Whether to recognize additional keyword params, like ':max' and +':require', as well as accept lists of query terms paired with +applicable keywords. + ** Dired +++ diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el index 0955e2ed07..d9129667e1 100644 --- a/lisp/auth-source-pass.el +++ b/lisp/auth-source-pass.el @@ -55,13 +55,27 @@ auth-source-pass-port-separator :type 'string :version "27.1") +(defcustom auth-source-pass-extra-query-keywords nil + "Whether to consider additional keywords when performing a query. +Specifically, when the value is t, recognize the `:max' and +`:require' keywords and accept lists of query parameters for +certain keywords, such as `:host' and `:user'. Also, wrap all +returned secrets in a function and forgo any further results +filtering unless given an applicable `:require' argument. When +this option is nil, do none of that, and enact the narrowing +behavior described toward the bottom of the Info node `(auth) The +Unix password store'." + :type 'boolean + :version "29.1") + (cl-defun auth-source-pass-search (&rest spec &key backend type host user port + require max &allow-other-keys) "Given some search query, return matching credentials. See `auth-source-search' for details on the parameters SPEC, BACKEND, TYPE, -HOST, USER and PORT." +HOST, USER, PORT, REQUIRE, and MAX." (cl-assert (or (null type) (eq type (oref backend type))) t "Invalid password-store search: %s %s") (cond ((eq host t) @@ -70,6 +84,8 @@ auth-source-pass-search ((null host) ;; Do not build a result, as none will match when HOST is nil nil) + (auth-source-pass-extra-query-keywords + (auth-source-pass--build-result-many host port user require max)) (t (when-let ((result (auth-source-pass--build-result host port user))) (list result))))) @@ -89,6 +105,41 @@ auth-source-pass--build-result (seq-subseq retval 0 -2)) ;; remove password retval)))) +(defvar auth-source-pass--match-regexp nil) + +(defun auth-source-pass--match-regexp (s) + (rx-to-string ; autoloaded + `(: (or bot "/") + (or (: (? (group-n 20 (+ (not (in ?\ ?/ ?@ ,s)))) "@") + (group-n 10 (+ (not (in ?\ ?/ ?@ ,s)))) + (? ,s (group-n 30 (+ (not (in ?\ ?/ ,s)))))) + (: (group-n 11 (+ (not (in ?\ ?/ ?@ ,s)))) + (? ,s (group-n 31 (+ (not (in ?\ ?/ ,s))))) + (? "/" (group-n 21 (+ (not (in ?\ ?/ ,s))))))) + eot) + 'no-group)) + +(defun auth-source-pass--build-result-many (hosts ports users require max) + "Return multiple `auth-source-pass--build-result' values." + (unless (listp hosts) (setq hosts (list hosts))) + (unless (listp users) (setq users (list users))) + (unless (listp ports) (setq ports (list ports))) + (let* ((auth-source-pass--match-regexp (auth-source-pass--match-regexp + auth-source-pass-port-separator)) + (rv (auth-source-pass--find-match-many hosts users ports + require (or max 1)))) + (when auth-source-debug + (auth-source-pass--do-debug "final result: %S" rv)) + (if (eq auth-source-pass-extra-query-keywords 'test) + (reverse rv) + (let (out) + (dolist (e rv out) + (when-let* ((s (plist-get e :secret)) ; s not captured by closure + (v (auth-source--obfuscate s))) + (setf (plist-get e :secret) + (lambda () (auth-source--deobfuscate v)))) + (push e out)))))) + ;;;###autoload (defun auth-source-pass-enable () "Enable auth-source-password-store." @@ -206,6 +257,62 @@ auth-source-pass--find-match hosts (list hosts)))) +(defun auth-source-pass--retrieve-parsed (seen path port-number-p) + (when-let ((m (string-match auth-source-pass--match-regexp path))) + (puthash path + (list :host (or (match-string 10 path) (match-string 11 path)) + :user (or (match-string 20 path) (match-string 21 path)) + :port (and-let* ((p (or (match-string 30 path) + (match-string 31 path))) + (n (string-to-number p))) + (if (or (zerop n) (not port-number-p)) + (format "%s" p) + n))) + seen))) + +(defun auth-source-pass--match-parts (parts key value require) + (let ((mv (plist-get parts key))) + (if (memq key require) + (and value (equal mv value)) + (or (not value) (not mv) (equal mv value))))) + +;; For now, this ignores the contents of files and only considers path +;; components when matching. +(defun auth-source-pass--find-match-many (hosts users ports require max) + "Return plists for valid combinations of HOSTS, USERS, PORTS. +Each plist contains, at the very least, a host and a secret." + (let ((seen (make-hash-table :test #'equal)) + (entries (auth-source-pass-entries)) + port-number-p + out) + (catch 'done + (dolist (host hosts out) + (pcase-let ((`(,_ ,u ,p) (auth-source-pass--disambiguate host))) + (unless (or (not (equal "443" p)) (string-prefix-p "https://" host)) + (setq p nil)) + (dolist (user (or users (list u))) + (dolist (port (or ports (list p))) + (setq port-number-p (equal 'integer (type-of port))) + (dolist (e entries) + (when-let* + ((m (or (gethash e seen) (auth-source-pass--retrieve-parsed + seen e port-number-p))) + ((equal host (plist-get m :host))) + ((auth-source-pass--match-parts m :port port require)) + ((auth-source-pass--match-parts m :user user require)) + (parsed (auth-source-pass-parse-entry e)) + (secret (or (auth-source-pass--get-attr 'secret parsed) + (not (memq :secret require))))) + (push + `( :host ,host ; prefer user-provided :host over h + ,@(and-let* ((u (plist-get m :user))) (list :user u)) + ,@(and-let* ((p (plist-get m :port))) (list :port p)) + ,@(and secret (not (eq secret t)) (list :secret secret))) + out) + (when (or (zerop (cl-decf max)) + (null (setq entries (delete e entries)))) + (throw 'done out))))))))))) + (defun auth-source-pass--disambiguate (host &optional user port) "Return (HOST USER PORT) after disambiguation. Disambiguate between having user provided inside HOST (e.g., diff --git a/test/lisp/auth-source-pass-tests.el b/test/lisp/auth-source-pass-tests.el index f5147a7ce0..718c7cf4ba 100644 --- a/test/lisp/auth-source-pass-tests.el +++ b/test/lisp/auth-source-pass-tests.el @@ -488,6 +488,150 @@ auth-source-pass-prints-meaningful-debug-log (should (auth-source-pass--have-message-matching "found 2 entries matching \"gitlab.com\": (\"a/gitlab.com\" \"b/gitlab.com\")")))) + +;; FIXME move this to top of file if keeping these netrc tests +(require 'ert-x) + +;; No entry has the requested port, but a result is still returned. + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-miss-netrc () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine x.com port 42 password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "x.com" :port 22 :max 2))) + (dolist (result results) + (setf result (plist-put result :secret (auth-info-password result)))) + (should (equal results '((:host "x.com" :secret "a"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-miss () + (let ((auth-source-pass-extra-query-keywords 'test)) + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("x.com:42" (secret . "b"))) + (auth-source-pass-enable) + (should (equal (auth-source-search :host "x.com" :port 22 :max 2) + '((:host "x.com" :secret "a"))))))) + +;; One of two entries has the requested port, both returned + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-hit-netrc () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine x.com port 42 password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "x.com" :port 42 :max 2))) + (dolist (result results) + (setf result (plist-put result :secret (auth-info-password result)))) + (should (equal results '((:host "x.com" :secret "a") + (:host "x.com" :port "42" :secret "b"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-hit () + (let ((auth-source-pass-extra-query-keywords 'test)) + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("x.com:42" (secret . "b"))) + (auth-source-pass-enable) + (should (equal (auth-source-search :host "x.com" :port 42 :max 2) + '((:host "x.com" :secret "a") + (:host "x.com" :port 42 :secret "b"))))))) + +;; No entry has the requested port, but :port is required, so search fails + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-req-miss-netrc () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine x.com port 42 password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search + :host "x.com" :port 22 :require '(:port) :max 2))) + (should-not results)))) + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-req-miss () + (let ((auth-source-pass-extra-query-keywords 'test)) + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("x.com:42" (secret . "b"))) + (auth-source-pass-enable) + (should-not (auth-source-search + :host "x.com" :port 22 :require '(:port) :max 2))))) + +;; Specifying a :host without a :user finds a lone entry and does not +;; include extra fields (i.e., :port nil) in the result +;; https://lists.gnu.org/archive/html/emacs-devel/2022-11/msg00130.html + +(ert-deftest auth-source-pass-extra-query-keywords--netrc-akib () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine disroot.org user akib password b +machine z.com password c +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "disroot.org" :max 2))) + (dolist (result results) + (setf result (plist-put result :secret (auth-info-password result)))) + (should (equal results + '((:host "disroot.org" :user "akib" :secret "b"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--akib () + (let ((auth-source-pass-extra-query-keywords 'test)) + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("akib@disroot.org" (secret . "b")) + ("z.com" (secret . "c"))) + (auth-source-pass-enable) + (should (equal (auth-source-search :host "disroot.org" :max 2) + '((:host "disroot.org" :user "akib" :secret "b"))))))) + +;; A retrieved store entry mustn't be nil regardless of whether its +;; path contains port or user components + +(ert-deftest auth-source-pass-extra-query-keywords--baseline () + (let ((auth-source-pass-extra-query-keywords 'test)) + (auth-source-pass--with-store '(("x.com")) + (auth-source-pass-enable) + (should-not (auth-source-search :host "x.com"))))) + +;; Output port type (int or string) matches that of input parameter + +(ert-deftest auth-source-pass-extra-query-keywords--port-type () + (let ((auth-source-pass-extra-query-keywords 'test)) + (auth-source-pass--with-store '(("x.com:42" (secret . "a"))) + (auth-source-pass-enable) + (should (equal (auth-source-search :host "x.com" :port 42) + '((:host "x.com" :port 42 :secret "a"))))) + (auth-source-pass--with-store '(("x.com:42" (secret . "a"))) + (auth-source-pass-enable) + (should (equal (auth-source-search :host "x.com" :port "42") + '((:host "x.com" :port "42" :secret "a"))))))) + +;; The :host search param ordering more heavily influences the output +;; because (h1, u1, p1), (h1, u1, p2), ... (hN, uN, pN); also, exact +;; matches are not given precedence, i.e., matching store items are +;; returned in the order encountered + +(ert-deftest auth-source-pass-extra-query-keywords--hosts-first () + (let ((auth-source-pass-extra-query-keywords 'test)) + (auth-source-pass--with-store '(("x.com:42/bar" (secret . "a")) + ("gnu.org" (secret . "b")) + ("x.com" (secret . "c")) + ("fake.com" (secret . "d")) + ("x.com/foo" (secret . "e"))) + (auth-source-pass-enable) + (should (equal (auth-source-search :host '("x.com" "gnu.org") :max 3) + ;; Notice gnu.org is never considered ^ + '((:host "x.com" :user "bar" :port "42" :secret "a") + (:host "x.com" :secret "c") + (:host "x.com" :user "foo" :secret "e"))))))) + + (provide 'auth-source-pass-tests) ;;; auth-source-pass-tests.el ends here -- 2.38.1 --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0002-POC-Support-auth-source-pass-in-ERC.patch >From a1701d3a7b96b6a7bb34b2a026caa6850c7574c5 Mon Sep 17 00:00:00 2001 From: "F. Jason Park" Date: Sun, 24 Apr 2022 06:20:09 -0700 Subject: [PATCH 2/2] [POC] Support auth-source-pass in ERC * doc/misc/erc.texi: Mention that the auth-source-pass backend is supported. * lisp/erc/erc-compat.el (erc-compat--auth-source-pass-search, erc-compat--auth-source-pass--build-results-many, erc-compat--auth-source-pass--retrieve-parsed, erc-compat--auth-source-pass-packend-parse): Copy some yet unreleased functions from auth-source-pass that mimic the netrc backend. Also add forward declarations to support them. * lisp/erc/erc.el (erc--auth-source-search): Use own auth-source-pass erc-compat backend until 29.1 released. * test/lisp/erc/erc-services-tests.el (erc-join-tests--auth-source-pass-entries): Remove useless items. (erc--auth-source-search--pass-standard, erc--auth-source-search--pass-announced, erc--auth-source-search--pass-overrides): Remove `ert-skip' guard. --- doc/misc/erc.texi | 3 +- lisp/erc/erc-compat.el | 101 ++++++++++++++++++++++++++++ lisp/erc/erc.el | 7 +- test/lisp/erc/erc-services-tests.el | 3 - 4 files changed, 109 insertions(+), 5 deletions(-) diff --git a/doc/misc/erc.texi b/doc/misc/erc.texi index 3db83197f9..ad35b78f0e 100644 --- a/doc/misc/erc.texi +++ b/doc/misc/erc.texi @@ -861,7 +861,8 @@ Connecting @code{erc-auth-source-search}. It tries to merge relevant contextual parameters with those provided or discovered from the logical connection or the underlying transport. Some auth-source back ends may not be -compatible; netrc, plstore, json, and secrets are currently supported. +compatible; netrc, plstore, json, secrets, and pass are currently +supported. @end defopt @subheading Full name diff --git a/lisp/erc/erc-compat.el b/lisp/erc/erc-compat.el index 03bd8f1352..747a1152ff 100644 --- a/lisp/erc/erc-compat.el +++ b/lisp/erc/erc-compat.el @@ -32,6 +32,8 @@ ;;; Code: (require 'compat nil 'noerror) +(eval-when-compile (require 'cl-lib)) + ;;;###autoload(autoload 'erc-define-minor-mode "erc-compat") (define-obsolete-function-alias 'erc-define-minor-mode @@ -168,6 +170,105 @@ erc-compat--with-memoization `(cl--generic-with-memoization ,table ,@forms)) (t `(progn ,@forms)))) +;;;; Auth Source + +(declare-function auth-source-pass--get-attr + "auth-source-pass" (key entry-data)) +(declare-function auth-source-pass--disambiguate + "auth-source-pass" (host &optional user port)) +(declare-function auth-source-backend-parse-parameters + "auth-source-pass" (entry backend)) +(declare-function auth-source-backend "auth-source" (&rest slots)) +(declare-function auth-source-pass-entries "auth-source-pass" nil) +(declare-function auth-source-pass-parse-entry "auth-source-pass" (entry)) + +;; This basically hard codes `auth-source-pass-port-separator' to ":" +(defun erc-compat--auth-source-pass--retrieve-parsed (seen e port-number-p) + (when-let ((pat (rx (or bot "/") + (or (: (? (group-n 20 (+ (not (in " /@")))) "@") + (group-n 10 (+ (not (in " /:@")))) + (? ":" (group-n 30 (+ (not (in " /:")))))) + (: (group-n 11 (+ (not (in " /:@")))) + (? ":" (group-n 31 (+ (not (in " /:"))))) + (? "/" (group-n 21 (+ (not (in " /:"))))))) + eot)) + (m (string-match pat e))) + (puthash e (list :host (or (match-string 10 e) + (match-string 11 e)) + :user (or (match-string 20 e) + (match-string 21 e)) + :port (and-let* ((p (or (match-string 30 e) + (match-string 31 e))) + (n (string-to-number p))) + (if (or (zerop n) + (not port-number-p)) + (format "%s" p) + n))) + seen))) + +;; This looks bad, but it just inlines `auth-source-pass--find-match-many'. +(defun erc-compat--auth-source-pass--build-result-many + (hosts users ports require max) + "Return a plist of HOSTS, PORTS, USERS, and secret." + (unless (listp hosts) (setq hosts (list hosts))) + (unless (listp users) (setq users (list users))) + (unless (listp ports) (setq ports (list ports))) + (unless max (setq max 1)) + (let ((seen (make-hash-table :test #'equal)) + (entries (auth-source-pass-entries)) + (check (lambda (m k v) + (let ((mv (plist-get m k))) + (if (memq k require) + (and v (equal mv v)) + (or (not v) (not mv) (equal mv v)))))) + port-number-p + out) + (catch 'done + (dolist (host hosts) + (pcase-let ((`(,_ ,u ,p) (auth-source-pass--disambiguate host))) + (unless (or (not (equal "443" p)) (string-prefix-p "https://" host)) + (setq p nil)) + (dolist (user (or users (list u))) + (dolist (port (or ports (list p))) + (setq port-number-p (equal 'integer (type-of port))) + (dolist (e entries) + (when-let* + ((m (or (gethash e seen) + (erc-compat--auth-source-pass--retrieve-parsed + seen e port-number-p))) + ((equal host (plist-get m :host))) + ((funcall check m :port port)) + ((funcall check m :user user)) + (parsed (auth-source-pass-parse-entry e)) + (secret (or (auth-source-pass--get-attr 'secret parsed) + (not (memq :secret require))))) + (push + `( :host ,host ; prefer user-provided :host over h + ,@(and-let* ((u (plist-get m :user))) (list :user u)) + ,@(and-let* ((p (plist-get m :port))) (list :port p)) + ,@(and secret (not (eq secret t)) (list :secret secret))) + out) + (when (or (zerop (cl-decf max)) + (null (setq entries (delete e entries)))) + (throw 'done nil))))))))) + (reverse out))) + +(cl-defun erc-compat--auth-source-pass-search + (&rest spec &key host user port require max &allow-other-keys) + ;; From `auth-source-pass-search' + (cl-assert (and host (not (eq host t))) + t "Invalid password-store search: %s %s") + (erc-compat--auth-source-pass--build-result-many host user port require max)) + +(defun erc-compat--auth-source-pass-backend-parse (entry) + (when (eq entry 'password-store) + (auth-source-backend-parse-parameters + entry (auth-source-backend + :source "." + :type 'password-store + :search-function #'erc-compat--auth-source-pass-search)))) + + (provide 'erc-compat) ;;; erc-compat.el ends here diff --git a/lisp/erc/erc.el b/lisp/erc/erc.el index 6b14cf87e2..3769e73041 100644 --- a/lisp/erc/erc.el +++ b/lisp/erc/erc.el @@ -3225,7 +3225,12 @@ erc--auth-source-search the nod. Much the same would happen for entries sharing only a port: the one with host foo would win." (when-let* - ((priority (map-keys defaults)) + ((auth-source-backend-parser-functions + (if (memq 'password-store auth-sources) + (cons #'erc-compat--auth-source-pass-backend-parse + auth-source-backend-parser-functions) + auth-source-backend-parser-functions)) + (priority (map-keys defaults)) (test (lambda (a b) (catch 'done (dolist (key priority) diff --git a/test/lisp/erc/erc-services-tests.el b/test/lisp/erc/erc-services-tests.el index c22d4cf75e..7ff2e36e77 100644 --- a/test/lisp/erc/erc-services-tests.el +++ b/test/lisp/erc/erc-services-tests.el @@ -474,7 +474,6 @@ erc-join-tests--auth-source-pass-entries ("GNU.chat:irc/#chan" (secret . "foo")))) (ert-deftest erc--auth-source-search--pass-standard () - (ert-skip "Pass backend not yet supported") (let ((store erc-join-tests--auth-source-pass-entries) (auth-sources '(password-store)) (auth-source-do-cache nil)) @@ -487,7 +486,6 @@ erc--auth-source-search--pass-standard (erc-services-tests--auth-source-standard #'erc-auth-source-search)))) (ert-deftest erc--auth-source-search--pass-announced () - (ert-skip "Pass backend not yet supported") (let ((store erc-join-tests--auth-source-pass-entries) (auth-sources '(password-store)) (auth-source-do-cache nil)) @@ -500,7 +498,6 @@ erc--auth-source-search--pass-announced (erc-services-tests--auth-source-announced #'erc-auth-source-search)))) (ert-deftest erc--auth-source-search--pass-overrides () - (ert-skip "Pass backend not yet supported") (let ((store `(,@erc-join-tests--auth-source-pass-entries ("GNU.chat:6697/#chan" (secret . "spam")) -- 2.38.1 --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Mon Nov 07 05:34:16 2022 Received: (at 58985) by debbugs.gnu.org; 7 Nov 2022 10:34:16 +0000 Received: from localhost ([127.0.0.1]:33418 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1orzSH-0001gY-0X for submit@debbugs.gnu.org; Mon, 07 Nov 2022 05:34:16 -0500 Received: from mout.gmx.net ([212.227.15.19]:51751) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1orzSC-0001gH-6B for 58985@debbugs.gnu.org; Mon, 07 Nov 2022 05:34:12 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417; t=1667817239; bh=ZpKSJQxWZrhbFsKdLrRfKoawWjrPrRx0IZgLrKs3gJM=; h=X-UI-Sender-Class:From:To:Cc:Subject:In-Reply-To:References:Date; b=YbfoxcOc3CEM/EFf9Ilbj/OleXMZl6CbgAUl3EjXzwDrooHrMG2P5suBEN2wM/bog ikyXj66sILnpg9dnZrpu2axcg+yXytfo2W0fJ1u7ekquKFYgcDOQJGdy8ntwWdu+HR zHSIFoCe6XM+bB7w940EolMRkupSMjjmTHLDnZGZjKt2SPTwk8p5MW/yl7kWUqJJn8 y/u6h4j9f06zd0PmKsXOikLH+MSPz6e0xR74W7DMyZDsQlYJtG0tIJGQAYfjOkUOwT x6Id14xXYRvN5mOpCdkOstOhnWeVSNwwx7d9XMFt3WCLjqxnGIRrdyOQ0Bl5M2GZaH Sq/KEoYTOdtxw== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from gandalf.gmx.de ([212.91.242.159]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MZCb5-1oWDLS2iJt-00V9QB; Mon, 07 Nov 2022 11:33:59 +0100 From: Michael Albinus To: "J.P." Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <87a653z7dl.fsf@neverwas.me> (J. P.'s message of "Sun, 06 Nov 2022 21:00:22 -0800") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> Date: Mon, 07 Nov 2022 11:33:58 +0100 Message-ID: <874jvbnje1.fsf@gmx.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Provags-ID: V03:K1:KDLQrpE8De9PiYwImJ73cg6rdztNNbQ4z5oddv5JSC7XJsa49O0 WfnzSKIPQpcmjxwSfuNmC9AQpIVVM12xHd+ySs7Grt4c5f1XDGJZLu2x68gCB8Xod0P3CHd x/pJkESwBkc6xd0Jy1K/ofhFlMBCh1abM3Vc7V6JiZTE47kmqHE1jlb+weDtZiqUW39G/+o lmI8dklI970ouvuaeODxw== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:4YWEBE7rTMU=;JiRvgatw//12Om15Sr0KKj7UpxG XuhfkbFqS5Yj8i4/qYpCDRACL3j2sZqVDBybyNB8VFuTwIRig922DZ0ETIJam7h+8zZX/PahO dZcFGJg+a9N7cQiX1ifax7IyzXiolIoNSLMDegqO73u9g6jLM+r56DLEGTOxpuLzftFWWFPSX rJoJ94stBAq2tyN5XhPD0WyNJu55z79XMLL4SvnTr0VyDsTvfgLj8v2EcsgoZ0Vc2yfscXKC8 nsc9CAuXBAPCSmOG/kliWSQDCjc6ikuokW6vlPBQK7p+sWmcq7wd44yRIV0+KX6SWssnXGPnJ I87EHDQRl1j0vGA2hzYy1pHRgLmeK53emow4/kD7dgAagDud5an/F1DuXEHkWVxSH3zSXhYml iVS+CyxTBJ17gS2sGOgFsUD3utrWcnI30lNB3QjZVgWxRmiUl0IVSFssYJtQbDOHZjSgk0NXQ 22zJ9cvN1mSWF074nNlfJ1A/GF8/bBz/tvOVKtvR32kg2zBaYa4dRqhPNnNG1uj8qZjPXeAez aBLPBJsMeoBBudBlFizndX6b4/P5jraovXuG6p/k8/w+yATURaVgXtNRBp87HBM7/c2eYxxDd gIQafhIHrv9Ka6eh4QuaglkHVbXV4QlDcjVirJr3Y5QUj7ASR011SXe+QVLUhztVEFb7QGlLT 8AkIj3Hjwun8jU8eGfdU8uDPBve/ZeuTUcrW4kpxG9VRAK842OdaXzZnyALg65xQG1CijZUSr /ApPnTdO3Ljf2gCJBm849niQOkQrsucmBj79ldsFTY577n615Iz6OA5GDDuZIjjU51jMZw1BI IztoVTu4HKPaJOujZTQ4H6KVXQwSpiSQ2U+apSkrOh9rvI9VbqGYXc0KEmS0mA92nGAhj8t0g s08tkic3JtHFN+JTNBrszATRLJ0hSMgazfsALtnP1CdrFXz7/yFuSjEk4JG3L1nSSxJOtSvES r/EalJiPl0o9HJj/v7xUSzHHfzk= X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 58985 Cc: Damien Cassou , emacs-erc@gnu.org, 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) "J.P." writes: > Hi Michael, Hi, >> +(defcustom auth-source-pass-standard-search nil >> + "Whether to use more standardized search behavior. >> +When nil, the password-store backend works like it always has and >> +considers at most one `:user' search parameter and returns at >> +most one result. With t, it tries to more faithfully mimic other >> +auth-source backends." >> + :version "29.1" >> + :type 'boolean) >> >> - The name of this user option as well as its docstring are focussed on >> the current behavior. People won't know what "mimic other auth-source >> backends" would mean. Please describe the effect w/o that comparison, >> and pls give it a name based on its effect, and not "...-standard-search". > > I've changed the name to `auth-source-pass-extra-query-keywords' and > updated the description to something hopefully more adequate. > >> - I'm missing the documentation in doc/misc/auth.texi and etc/NEWS. > > Added. Thanks. > BTW, I was initially thinking it'd be better to wait for a more > comprehensive and maintainable solution, like something based around a > larger set of common functions to be shared among the various back ends > (hence the [POC] qualifier on my patches). However, I suppose such a > thing could be done later, once the desired behavior is all dialed in > (perhaps alongside addressing support for full CRUD operations, which > are still missing, AFIAK). Anyway, I really don't know enough about pass > or auth-source to commit to such an endeavor. But I've reached out to > some folks who may be able to lend a hand. Such a change would be desirable. However, Ted, the author of auth-source.el, isn't active these days. Personally I feel responsible for the secrets backend, and I try bug fixing in the other auth-source parts. That's all. According to admin/MAINTAINERS, nobody else feels responsible for auth-source. So I doubt that such a change will happen soon. >From my pov you could push the changes. But as you said the other message, you'll wait for feeback fron users. That's OK, but pls take into account that later this month an emacs-29 branch will be cut off. Feature changes shall be pushed until then. > Thanks, > J.P. Best regards, Michael. From debbugs-submit-bounces@debbugs.gnu.org Tue Nov 08 08:57:07 2022 Received: (at 58985) by debbugs.gnu.org; 8 Nov 2022 13:57:07 +0000 Received: from localhost ([127.0.0.1]:36680 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1osP6A-0007OV-RT for submit@debbugs.gnu.org; Tue, 08 Nov 2022 08:57:07 -0500 Received: from mail-108-mta224.mxroute.com ([136.175.108.224]:37733) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1osP67-0007Nn-4w for 58985@debbugs.gnu.org; Tue, 08 Nov 2022 08:57:05 -0500 Received: from mail-111-mta2.mxroute.com ([136.175.111.2] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta224.mxroute.com (ZoneMTA) with ESMTPSA id 18457879dd90006e99.002 for <58985@debbugs.gnu.org> (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Tue, 08 Nov 2022 13:56:56 +0000 X-Zone-Loop: d18f41dcd4d53ccd1faf3847e3eb8793887e3735bc3d X-Originating-IP: [136.175.111.2] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neverwas.me ; s=x; h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To: Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=aAYJxB6K6542N6O8Zc+6oQVsJiTS0mZe4PdIrFbUki0=; b=XPNsLShDjEdpdUj8psJ4cq0hJ5 inh7muQaWGE7Rsax/ljLGb3WISiVgFmtbL2U7r6UMzELLbJPL3bNd4xmiO+n20Nn3QAmexHZmwBz9 jTqoHSKbml280Wd36E4+1Qx/BGdVubTRJVMEMl4hbhyFEPFFy/ZFl76lxyye/Zd6KC7Hz5kZqcChA OfI52xfsCVIcw6GNmmcgg5lVNsKXUUXX/0Zqeu9dHT2YyM+Nzc0iZdc3eF601E7USlpUQ8wyf/r8u 6lSVsV4dr86Zx2aiO5RaSQLn48F6UwabsQzM47vL8v6N4WqTcvRO4Wka2YgEnxX3GtbQakgkTvT+J 3eyycYlg==; From: "J.P." To: Michael Albinus Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <874jvbnje1.fsf@gmx.de> (Michael Albinus's message of "Mon, 07 Nov 2022 11:33:58 +0100") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> <874jvbnje1.fsf@gmx.de> Date: Tue, 08 Nov 2022 05:56:52 -0800 Message-ID: <875yfpmtwb.fsf@neverwas.me> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Authenticated-Id: masked@neverwas.me X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: Damien Cassou , emacs-erc@gnu.org, 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Michael Albinus writes: > From my pov you could push the changes. But as you said the other > message, you'll wait for feeback fron users. That's OK, but pls take > into account that later this month an emacs-29 branch will be cut > off. Feature changes shall be pushed until then. Right, good point. I guess if no one else weighs in by this time next week, we can flip a coin or something. Thanks. From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 09 13:32:19 2022 Received: (at 58985) by debbugs.gnu.org; 9 Nov 2022 18:32:19 +0000 Received: from localhost ([127.0.0.1]:40867 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1osps2-0004kg-RA for submit@debbugs.gnu.org; Wed, 09 Nov 2022 13:32:19 -0500 Received: from knopi.disroot.org ([178.21.23.139]:46118) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1osprw-0004kM-Sl for 58985@debbugs.gnu.org; Wed, 09 Nov 2022 13:32:17 -0500 Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 56FB941092; Wed, 9 Nov 2022 19:32:11 +0100 (CET) X-Virus-Scanned: SPAM Filter at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OaRNNUofhtIf; Wed, 9 Nov 2022 19:32:10 +0100 (CET) From: Akib Azmain Turja DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1668018729; bh=2DdFbtvprzGWrPiSMwDeeN5GnJMgfoP26EHEihVzyMI=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=EVWZ6vA6QPTAtr+5iC+vi1Dx9CdqZ+88hXwV54XBRUi+JCZ+6Lry+mwFr+NwOfBsm otIuZoSHuhfE+jxxmaVtRB4t36nBer+IaITh5OOKzwtWWVxlEi+NU1dJnspThj0Y3p p/hcINrTApZyhbox7zT1AFGvUPDU9cluEEZhwjv3taUPWLQfqX7a+ggcHBaXX/1kKf QqO8NefAc5zs8NCCIQOMX80fli44wPFWCUedUbRsBZZ18VCYY2Sc/SdSpqGy7tVJTD uMYpkvqMg+SFusfU2VCDnGcCyn5BFzd5YB37QHPBikRHssoQ1/WFF8MLgbRf36Jd7B ggCaHMxAbCVAw== To: Michael Albinus Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <87pme09vis.fsf@gmx.de> (Michael Albinus's message of "Sun, 06 Nov 2022 12:23:23 +0100") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> Date: Thu, 10 Nov 2022 00:21:11 +0600 Message-ID: <878rkkoup4.fsf@disroot.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: Damien Cassou , emacs-erc@gnu.org, 58985@debbugs.gnu.org, "J.P." X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Michael Albinus writes: > "J.P." writes: > > Hi, > >> v2. Respect existing user option. > > I'm not familiar with the auth-source-pass.el implementation, so I > cannot speak too much about your patch. Reading it roughly, I haven't > found serious flaws, 'tho. It has a serious flaw AFAIK. I have a password entry "akib@disroot.org", and this legitimate search query doesn't find it: (auth-source-search :host "disroot.org") But if specify the user, it finds the entry: (auth-source-search :host "disroot.org" :user "akib") And the entries can also be ambiguous. For example, the entry at path "foo.org/bar.net" might be interpreted as the password of bar.net, or as the password of the user "bar.net" on "foo.org". The current implementation seems to interpret such entries unpredictably. > > However :-) > > +(defcustom auth-source-pass-standard-search nil > + "Whether to use more standardized search behavior. > +When nil, the password-store backend works like it always has and > +considers at most one `:user' search parameter and returns at > +most one result. With t, it tries to more faithfully mimic other > +auth-source backends." > + :version "29.1" > + :type 'boolean) > > - The name of this user option as well as its docstring are focussed on > the current behavior. People won't know what "mimic other auth-source > backends" would mean. Please describe the effect w/o that comparison, > and pls give it a name based on its effect, and not "...-standard-searc= h". I agree. This variable should be something like "auth-source-pass-old-search" (or even "...-obsolete-search"). And the default should be nil, because it fixes many bugs, and it's pointless to disable the fixes by the default. > > - I'm missing the documentation in doc/misc/auth.texi and etc/NEWS. What documentation? Of this change or anything else? I think we should focus on the implement before writing documentation. > > Best regards, Michael. > > > =2D-=20 Akib Azmain Turja, GPG key: 70018CE5819F17A3BBA666AFE74F0EFA922AE7F5 Fediverse: akib@hostux.social Codeberg: akib emailselfdefense.fsf.org | "Nothing can be secure without encryption." --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEyVTKmrtL6kNBe3FRVTX89U2IYWsFAmNr75cACgkQVTX89U2I YWtZAhAA2023wqxFSfifBQ3Z321ua/gZyM0vR9hY5V9h/Z9RO4m1+JxpbF/yJ56a V4pCfiN1b+q/YflO5r+k2EeMjxIYwBrFt6A2GI3LBMO43GIffaour0sv94EtGSU9 kh3fYS+9J9uLjCqupm4058PHBFHkUtbu9r3P4lwKPzxbXDbasb8my3+Jc/BcePhj pgI0DbS88LiLLjZzN0C1kYsfF6r+ay6Jh4EN0k6VAG4EeSAlh/w6iUmonbX5J2sR lIvUU910jMj+uImUmvpHpvy1KlpYT6OCT3R+PfqA0e4KGQMLJGcDTill8XTvxi2u iVkWiGDffspPfE6I6FnHd1kqFUGe+zv3vKvy94wzyRfz9ymzugZWOJYflGsLFRxK NKhhXUjBFfdEA7Fo8+T78c/VmOCaNPpjtUqAidfrtsdDUF8fQ93FU1CqWDsUXm+K jjxUVaKP8z+xvv2f+KTlTCzP2T0THEwghlZQR02Dtmuq0uXPnbwrwjplkrIKSyTe euak4q4RLEVn196clLqjJwcbHZjGSGJEaMtjYwFZ4kiwoxU3VyYez0sz7cWitK5N TcTDplhQ3hoHXbmviJIBoTPqGLH38gt9FmfKlQ8JXwQ0XNWtMoHKfyI4fkLUMQ0n tNLk9Y/sWWZlNgJydZXinOE+XCbCKiA95ysds0nUvHR6BImHJlA= =HYbU -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 09 13:32:21 2022 Received: (at 58985) by debbugs.gnu.org; 9 Nov 2022 18:32:21 +0000 Received: from localhost ([127.0.0.1]:40870 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1osps5-0004kw-9r for submit@debbugs.gnu.org; Wed, 09 Nov 2022 13:32:21 -0500 Received: from knopi.disroot.org ([178.21.23.139]:47990) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1osps3-0004ko-W2 for 58985@debbugs.gnu.org; Wed, 09 Nov 2022 13:32:20 -0500 Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 55A9741248; Wed, 9 Nov 2022 19:32:19 +0100 (CET) X-Virus-Scanned: SPAM Filter at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YYCN5GJ51sOk; Wed, 9 Nov 2022 19:32:18 +0100 (CET) From: Akib Azmain Turja DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1668018738; bh=J2iiv/inDnnd9HLzrflOZnHHpcoZx8CDEW8TjgMe2VY=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=O90Zjd79RfxmWqBjCDRZFR+MZ51D6sjCAirhKqZJTTEFOVjRoXwdKghQZhZ101ioe BpTZgVjZUUwEIbS7mwwWwZT403gVDAPGfMcocqZestvt0easW9gkt+yR1dluqCyEEv Sv+iqy0i8OssH45Ses9yc1DT1xwBwcPHY2dS6rusSzRN+zs7pT2DnPANf4cTaxYJHV LVBNFX8zoGYBqiA4GeL9hCU4TWO0uIMQlnFQc1iSgHLWMaizR+xPKMoMqHQwuQDv3f sMrCulvdCUMGBIZVqh76E+zrNViY1JwrklaM7qUgcrEu0ngfkr8tWlVtHmKQkZK0NU UTVSmTHSUaEyw== To: "J.P." Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <87a653z7dl.fsf@neverwas.me> (J. P.'s message of "Sun, 06 Nov 2022 21:00:22 -0800") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> Date: Thu, 10 Nov 2022 00:25:54 +0600 Message-ID: <874jv8ouh9.fsf@disroot.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: Damien Cassou , emacs-erc@gnu.org, Michael Albinus , 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable "J.P." writes: > --- a/doc/misc/erc.texi > +++ b/doc/misc/erc.texi > @@ -861,7 +861,8 @@ Connecting > @code{erc-auth-source-search}. It tries to merge relevant contextual > parameters with those provided or discovered from the logical connection > or the underlying transport. Some auth-source back ends may not be > -compatible; netrc, plstore, json, and secrets are currently supported. > +compatible; netrc, plstore, json, secrets, and pass are currently > +supported. > @end defopt Is pass really unsupported? I have been using pass with ERC without any problem. Am I lucky? =2D-=20 Akib Azmain Turja, GPG key: 70018CE5819F17A3BBA666AFE74F0EFA922AE7F5 Fediverse: akib@hostux.social Codeberg: akib emailselfdefense.fsf.org | "Nothing can be secure without encryption." --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEyVTKmrtL6kNBe3FRVTX89U2IYWsFAmNr8LIACgkQVTX89U2I YWu4IBAArffOZ546jsHeUgfwrJ3X2Be84Uv9gvJCznyIh77dXLllAhLOp0RU0Vvz 6On6j4uFy6GldqnOzdNg+aQ3EMoKQw82lY8SS0TZiaXk5aRKhJTOa3mBgvTftkC1 GUOdVIL2+zjN8T+It2UavdfQS6eSxY9gBder3Oe2O/T9hCmf4SGlAxSwhL3bZJ9f G0Aqvqm2uLDZHnZ9zJx6yWunhKbdcr6GB3cWu0e5+k/YelU9oN557cf+BrzYomVL FVkkq5wR1NLx1jcPXbtUXOQxlo93gYLn8UJcZs89ATrLe1BWZYFpgtUF5f0rKXKQ uHJ3FhfcJHEd59PhD68JRdIrhb2S3V3D6iO2LCzrFefMRUitJFvx5COy3dVk6pz7 0rUuYq3A9EHQ4IAPsRg9lv/nqO+5Ieu08kdoBxS0E4FK6UJE4WI2RatRhPHleqWQ LbP0Ou6fybbkEUgMIzXT4FzQV5At2RfZDLT1kVZzsojA6asH9YWC07pqDBoNGccL bIAetBeXOsiKLQWX9roUiVFccRW52wPy+yxokqk2h+IbbHm0p8Od/bxUIkqvN3J4 YYjls80vrdVKB8hfwZfqFieExdhar0AyKUim73tsV9GrRK+8kuWuoX/F6/uLGwQq ea5fr2Sb6MUHso479tpKwSV91Axz8UoLWagA7ZWHeFS1+WaTmkU= =0gmy -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 09 19:39:38 2022 Received: (at 58985) by debbugs.gnu.org; 10 Nov 2022 00:39:38 +0000 Received: from localhost ([127.0.0.1]:41382 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1osvbW-0007pI-9C for submit@debbugs.gnu.org; Wed, 09 Nov 2022 19:39:38 -0500 Received: from thaodan.de ([185.216.177.71]:51192) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1osvbT-0007p9-Li for 58985@debbugs.gnu.org; Wed, 09 Nov 2022 19:39:36 -0500 Received: from odin (dsl-trebng12-b04885-76.dhcp.inet.fi [176.72.133.76]) by thaodan.de (Postfix) with ESMTPSA id 53C88D08D5C; Thu, 10 Nov 2022 02:39:32 +0200 (EET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=thaodan.de; s=mail; t=1668040772; bh=hgXHSdjip6wlOYIPwCfUX66GP/gG338gTMRSTdDZaqY=; h=From:To:Cc:Subject:In-Reply-To:References:Date; b=pRVMGz3lMpChQrc7yMC3MvLZTbUqtTV4BxhgIKBFwtbNdrtUjPhpNKoASNd7ty7Mt a+q3xX+a71bqcqJMTBtfTcj26MUP2ZrSytDFiXlmz0GuQTmxNKdZI/YKCWoUdlgWBF lTi9j4lk7pCrxUTDLNCV4mBfuWqwqIiQ/fOhHXzyRcVSC7vj4HxNTviFLPBvAxu7lv nuzdRD3J4vzc9oPnac45YlyatTsH9LWaDQbVfBzaVice+bH0EirtUci4Lv5gS2gJzC 5h2RfxZ/lzR6Pw+IXrpUX0MiTmbHUw10EK0h7xLpiTRPANdgfAqlegaM1QzSp74zwG Iinvm5EdlFw1TGHH2W7LVxmfQ1Ay7wBMkD51h9Nv+imQ7nwTxmwbP6OoTlhJMLPJHD 3oBMX+vFiwT18TmyAuKS/oo3iCzngZhhdh3WJVknBYGhaStUtow8kBaNxuq6N6R0mH Og+tHgaOrW6ftJA4kyBgKK65fZVHkIE55MJTqiILMXG0c8UG6TGh4t1iq4DaHqN4bT WlQPteumwgi6xOnhpDOKGpqF+acCMhwjyBza5s6I0h41ryLEFpupNwRqQO6hx/1gqx Sc2st8p98Nyk6Ts4vHcLCkiMxxwCsd/lurMByjxVATJSpK1KDDzwPcqNZPvfl2Y8X1 nRwJfFdYfIhWQaIepO0+S2pc= From: =?utf-8?Q?Bj=C3=B6rn?= Bidar To: "J.P." Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <875yfpmtwb.fsf__40235.4477484309$1667915906$gmane$org@neverwas.me> (J. P.'s message of "Tue, 08 Nov 2022 05:56:52 -0800") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> <874jvbnje1.fsf@gmx.de> <875yfpmtwb.fsf__40235.4477484309$1667915906$gmane$org@neverwas.me> Date: Thu, 10 Nov 2022 02:39:31 +0200 Message-ID: <87o7tfiqws.fsf@thaodan.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: Damien Cassou , emacs-erc@gnu.org, Michael Albinus , 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) "J.P." writes: > Michael Albinus writes: > >> From my pov you could push the changes. But as you said the other >> message, you'll wait for feeback fron users. That's OK, but pls take >> into account that later this month an emacs-29 branch will be cut >> off. Feature changes shall be pushed until then. > > Right, good point. I guess if no one else weighs in by this time next > week, we can flip a coin or something. Thanks. Sorry that I come a little late to this but will this mean the backend will act less like Passwordstore.org describes or more? I think the backend should follow the users organization of the passwordstore folder if possible. Br, Bj=C3=B6rn From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 10 00:23:26 2022 Received: (at 58985) by debbugs.gnu.org; 10 Nov 2022 05:23:26 +0000 Received: from localhost ([127.0.0.1]:41622 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ot029-0006Tv-St for submit@debbugs.gnu.org; Thu, 10 Nov 2022 00:23:26 -0500 Received: from mail-108-mta240.mxroute.com ([136.175.108.240]:46455) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ot028-0006Ti-47 for 58985@debbugs.gnu.org; Thu, 10 Nov 2022 00:23:24 -0500 Received: from mail-111-mta2.mxroute.com ([136.175.111.2] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta240.mxroute.com (ZoneMTA) with ESMTPSA id 1845ffe142c0006e99.002 for <58985@debbugs.gnu.org> (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Thu, 10 Nov 2022 05:23:17 +0000 X-Zone-Loop: 658f9cf72047fc06cda46f57246877223cb12dc20468 X-Originating-IP: [136.175.111.2] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neverwas.me ; s=x; h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To: Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=rjvJ1AGRmo3nG6o2QdKPLNxvLfbqzXF+PVFTwx3iRuU=; b=GbFIcBUnMxH40RP0ShalLN1SdJ uPhLGTHClPP2x5Hx3h7dlcHnf403dt8M2WP09aLJ5LtNQlwS+T17wF4uVJweW8NFHdyU30uuV/1mU XW8h0zDMuLzXALlGGFwsx+x3SJtFRs6RJykZGrDoyaGnHvZpu6elEHc7DlGvRbEwQftDDaIB9p1Jf vib/laolgfRKnIta/R5Fe0UxzdwiXk+C+MN+PAhjfCINt3sw1uhYdsf0tmRNlhNLjAki9ltfnqn81 LfqQI02k+1MlvXjtGmv3wC4cH4pHQDovZIGjhvds+m7GQC7x0/IpWMPhPc0EzdBTtQ/7iGZNbQHbt g6m4lSEA==; From: "J.P." To: Akib Azmain Turja Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <878rkkoup4.fsf@disroot.org> (Akib Azmain Turja's message of "Thu, 10 Nov 2022 00:21:11 +0600") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <878rkkoup4.fsf@disroot.org> Date: Wed, 09 Nov 2022 21:23:13 -0800 Message-ID: <87a64zo01q.fsf@neverwas.me> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Authenticated-Id: masked@neverwas.me X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: Damien Cassou , =?utf-8?Q?Bj=C3=B6rn?= Bidar , emacs-erc@gnu.org, Michael Albinus , 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Akib, Akib Azmain Turja writes: > Michael Albinus writes: > >> "J.P." writes: >> >> Hi, >> >>> v2. Respect existing user option. >> >> I'm not familiar with the auth-source-pass.el implementation, so I >> cannot speak too much about your patch. Reading it roughly, I haven't >> found serious flaws, 'tho. > > It has a serious flaw AFAIK. I have a password entry > "akib@disroot.org", and this legitimate search query doesn't find it: > > (auth-source-search :host "disroot.org") > > But if specify the user, it finds the entry: > > (auth-source-search :host "disroot.org" :user "akib") Hm, that's unfortunate. I specifically added a pair of tests just for this, namely auth-source-pass-extra-query-keywords--netrc-akib auth-source-pass-extra-query-keywords--akib Are you able to pinpoint why they're reporting a false positive by any chance (or give a minimal repro recipe with an FS tree layout of some ~/.password-store)? Also, and I'm not trying to be insulting here, but did you remember to rerun Make after applying the patch(es)? > And the entries can also be ambiguous. For example, the entry at path > "foo.org/bar.net" might be interpreted as the password of bar.net, or > as the password of the user "bar.net" on "foo.org". The current > implementation seems to interpret such entries unpredictably. Sounds convincing. What do you think about deprecating the /user form? (This may have to be spun off into a separate bug report.) At the end of the day, I'm more concerned about consistency (and thus predictability) than anything. IOW, I'd be okay with "foo.org/bar.net" being parsed either way, as long as it's the *same* way every time, which we could then document. If you're indeed finding otherwise, please provide an MRE for this as well (with patches applied, of course). >> - The name of this user option as well as its docstring are focussed on >> the current behavior. People won't know what "mimic other auth-source >> backends" would mean. Please describe the effect w/o that comparison, >> and pls give it a name based on its effect, and not "...-standard-search". > > I agree. This variable should be something like > "auth-source-pass-old-search" (or even "...-obsolete-search"). Wait, but `auth-source-pass-old-search' sounds like we're regressing to describing a comparison rather than an effect. The name in the second (v2) iteration, `auth-source-pass-extra-query-keywords', was an attempt to rein in the scope of the option and convey no more than what it's claiming to offer. > And the default should be nil, because it fixes many bugs, and it's > pointless to disable the fixes by the default. Not sure I agree here, even though Damien seems to be in accord. In the interest of minimizing churn for Melpa's pass and password-store packages, I'd rather make this an opt-in for Emacs 29 if we end up including it at all. >> - I'm missing the documentation in doc/misc/auth.texi and etc/NEWS. > > What documentation? Of this change or anything else? I think we should > focus on the implement before writing documentation. Hm, (again, not trying to insult here, but) did you somehow miss the patches attached to the email you replied to? It kind of looks that way based on your comments. If I'm wrong, though, please forgive; I appreciate your input regardless. Thanks, J.P. From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 10 00:25:33 2022 Received: (at 58985) by debbugs.gnu.org; 10 Nov 2022 05:25:33 +0000 Received: from localhost ([127.0.0.1]:41627 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ot04C-0006X5-KS for submit@debbugs.gnu.org; Thu, 10 Nov 2022 00:25:32 -0500 Received: from mail-108-mta84.mxroute.com ([136.175.108.84]:35695) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ot04A-0006Wr-Aa for 58985@debbugs.gnu.org; Thu, 10 Nov 2022 00:25:30 -0500 Received: from mail-111-mta2.mxroute.com ([136.175.111.2] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta84.mxroute.com (ZoneMTA) with ESMTPSA id 184600001930006e99.002 for <58985@debbugs.gnu.org> (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Thu, 10 Nov 2022 05:25:23 +0000 X-Zone-Loop: 666536a15a10b1e51b9a4c2e636c228778d42921c57b X-Originating-IP: [136.175.111.2] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neverwas.me ; s=x; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date: References:In-Reply-To:Subject:Cc:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=v/vdS+HRhx/XTOIN4kdxTn6rFVEtBc8p4RQasLPYJ8M=; b=JVWBKfvrgsUOP9qmav7sDKLjXa /B+K+yA1+IeJiQKTuEiJ3+nLsj1i4FEjnJ2AqSHSl4rUyDNxeu6mbOJhWazmkdL//ymN8havPpZyF J4cewsqusmQ6Tpq1P9/CDKRo0zcCxNphHyuVsCs/Mr58q9GVZ6Ce/FP6RW85+cm7pToWCNB7/As4v xNCacbuUhRzQodtAKe5Y2QFeM1Zf62R30TQJXPdNRdYUTwMkUWXinUe8+CI8m0rhYDE9pFv6Elw2r 4XLAcPGF3zd8fc96SBk9sdFHMM6hPG59+9cJL0/CE8LvUajolB7Khat0hWMrARTuRmGNS/4nU9FNE 3MyiwxEA==; From: "J.P." To: =?utf-8?Q?Bj=C3=B6rn?= Bidar Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <87o7tfiqws.fsf@thaodan.de> (=?utf-8?Q?=22Bj=C3=B6rn?= Bidar"'s message of "Thu, 10 Nov 2022 02:39:31 +0200") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> <874jvbnje1.fsf@gmx.de> <875yfpmtwb.fsf__40235.4477484309$1667915906$gmane$org@neverwas.me> <87o7tfiqws.fsf@thaodan.de> Date: Wed, 09 Nov 2022 21:25:21 -0800 Message-ID: <875yfnnzy6.fsf@neverwas.me> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Authenticated-Id: masked@neverwas.me X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: Damien Cassou , emacs-erc@gnu.org, Michael Albinus , 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Bj=C3=B6rn Bidar writes: > "J.P." writes: > >> Michael Albinus writes: >> >>> From my pov you could push the changes. But as you said the other >>> message, you'll wait for feeback fron users. That's OK, but pls take >>> into account that later this month an emacs-29 branch will be cut >>> off. Feature changes shall be pushed until then. >> >> Right, good point. I guess if no one else weighs in by this time next >> week, we can flip a coin or something. Thanks. > > Sorry that I come a little late to this but No worries at all. I know this is asking a lot, but if you get a chance, please apply the v2 patches and try them out. (Actually, you can omit the second one in the set, which only affects ERC.) > will this mean the backend will act less like Passwordstore.org > describes or more? That's a good question. My main goal thus far has been to make its query behavior as close as possible to that of the other auth-source back ends. Glancing at that web page, it seems auth-source-pass has taken some liberties WRT to query features, like drilling down into the tail of a file's contents and ascribing semantics to parts of a file name. > I think the backend should follow the users organization of the > passwordstore folder if possible. >From this I'll infer that the current implementation of auth-source-pass does that sufficiently. If that's so and the changes I'm proposing threaten to interfere with that, what's your opinion on the default value of a knob to toggle the new behavior? Thanks, J.P. From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 10 00:26:53 2022 Received: (at 58985) by debbugs.gnu.org; 10 Nov 2022 05:26:53 +0000 Received: from localhost ([127.0.0.1]:41632 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ot05V-0006Z1-8U for submit@debbugs.gnu.org; Thu, 10 Nov 2022 00:26:53 -0500 Received: from mail-108-mta171.mxroute.com ([136.175.108.171]:44805) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ot05T-0006Yp-4k for 58985@debbugs.gnu.org; Thu, 10 Nov 2022 00:26:51 -0500 Received: from mail-111-mta2.mxroute.com ([136.175.111.2] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta171.mxroute.com (ZoneMTA) with ESMTPSA id 18460013eb50006e99.001 for <58985@debbugs.gnu.org> (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Thu, 10 Nov 2022 05:26:45 +0000 X-Zone-Loop: 9d800ba0e7bd18046435012392718144a91dab74f32d X-Originating-IP: [136.175.111.2] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neverwas.me ; s=x; h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To: Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=wzy45zToyVHRlgr/lldxY5+/JP6QPXWh3KOr8dPJCyY=; b=c1b3g0JbDmO4u3j7sfmPJjmWdX ul0JqjHgxfMw5OuDPq/8pYe4TAExdXXMn09g4l9XuaGOrg7SJuIhJUimcXA5aIIhCuzaz0+xw9Ebj nd5qd9XDP6v9Tw2COXOxEDbf+II6+mmYG9D4bSO74058DWaFpHUSMpkQFTQxH22JexfNnSZZ+HYKr QdfYcyP5bnFrl3U1dZSpAgXRe5yaYwjXrHSfwpwXYgLGUaG04JPy+YJIGB1DxJ45ctyaZ3+sYnSnk kzvjdWN+UUxMbdjKYTiSOM5BmmYdlKZ3pehe1gMt9EUKGloCBfyqpXOzLSV6NDufP/i+4pl4TNA7/ Gbnirx1w==; From: "J.P." To: Akib Azmain Turja Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <874jv8ouh9.fsf@disroot.org> (Akib Azmain Turja's message of "Thu, 10 Nov 2022 00:25:54 +0600") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> <874jv8ouh9.fsf@disroot.org> Date: Wed, 09 Nov 2022 21:26:42 -0800 Message-ID: <87zgczmlbh.fsf@neverwas.me> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Authenticated-Id: masked@neverwas.me X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: emacs-erc@gnu.org, 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Akib Azmain Turja writes: > "J.P." writes: > >> --- a/doc/misc/erc.texi >> +++ b/doc/misc/erc.texi >> @@ -861,7 +861,8 @@ Connecting >> @code{erc-auth-source-search}. It tries to merge relevant contextual >> parameters with those provided or discovered from the logical connection >> or the underlying transport. Some auth-source back ends may not be >> -compatible; netrc, plstore, json, and secrets are currently supported. >> +compatible; netrc, plstore, json, secrets, and pass are currently >> +supported. >> @end defopt > > Is pass really unsupported? I have been using pass with ERC without any > problem. Am I lucky? It appears you are lucky. Please see toward the bottom of https://git.savannah.gnu.org/cgit/emacs.git/tree/test/lisp/erc/erc-services-tests.el?id=ef362750#n452 From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 10 02:46:23 2022 Received: (at 58985) by debbugs.gnu.org; 10 Nov 2022 07:46:23 +0000 Received: from localhost ([127.0.0.1]:41771 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ot2GU-0001cL-C0 for submit@debbugs.gnu.org; Thu, 10 Nov 2022 02:46:23 -0500 Received: from knopi.disroot.org ([178.21.23.139]:43670) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ot2GR-0001cB-Bh for 58985@debbugs.gnu.org; Thu, 10 Nov 2022 02:46:20 -0500 Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id ADB5A40A3A; Thu, 10 Nov 2022 08:46:18 +0100 (CET) X-Virus-Scanned: SPAM Filter at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FA4ttCXzT6x9; Thu, 10 Nov 2022 08:46:16 +0100 (CET) From: Akib Azmain Turja DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1668066376; bh=1eXxZezbgLRbI0ppiA1K7Lj7Zf7KJpmvXUOFoLFSPkk=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=fLL26v5tSBEHGWeuY1GOgaYM5PA8CH+xo79J+/KfQsbDznkDxzErfMIxsN8sm+Xrz 0avVPhs8w64aHVUjaimUnkEAy6t6Iekbr7xDZ9UMeV6i3S32WQgAiGb/HonbpwJqt5 DLIc2YZCFRD3LkEDL5ZaIkFARn+K2bsbO7fnWwaWPE4IsaplunP/Mxpw6/7b5yDV57 sbfwW5/vIm7iOCRhJ1ZJxBmttlEg9Kq2KsLbs/a4GWq75Bk8/eTx1bQJu2Sx0pM7hG lH8KpoBIek7Ccq6zqGhH4IeXWHPQOx6dSyD6sCEaaaujw6MCQEpwAMRX2CYAJQL8X8 mvX+pwLRigfgA== To: "J.P." Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <87a653z7dl.fsf@neverwas.me> (J. P.'s message of "Sun, 06 Nov 2022 21:00:22 -0800") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> Date: Thu, 10 Nov 2022 13:12:06 +0600 Message-ID: <878rkjl1vd.fsf@disroot.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: Damien Cassou , emacs-erc@gnu.org, Michael Albinus , 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable "J.P." writes: > Hi Michael, > > Michael Albinus writes: > >> I'm not familiar with the auth-source-pass.el implementation, so I >> cannot speak too much about your patch. Reading it roughly, I haven't >> found serious flaws, 'tho. > > Thanks for taking a look! > >> However :-) >> >> +(defcustom auth-source-pass-standard-search nil >> + "Whether to use more standardized search behavior. >> +When nil, the password-store backend works like it always has and >> +considers at most one `:user' search parameter and returns at >> +most one result. With t, it tries to more faithfully mimic other >> +auth-source backends." >> + :version "29.1" >> + :type 'boolean) >> >> - The name of this user option as well as its docstring are focussed on >> the current behavior. People won't know what "mimic other auth-source >> backends" would mean. Please describe the effect w/o that comparison, >> and pls give it a name based on its effect, and not "...-standard-sear= ch". > > I've changed the name to `auth-source-pass-extra-query-keywords' and > updated the description to something hopefully more adequate. > >> - I'm missing the documentation in doc/misc/auth.texi and etc/NEWS. > > Added. > > BTW, I was initially thinking it'd be better to wait for a more > comprehensive and maintainable solution, like something based around a > larger set of common functions to be shared among the various back ends > (hence the [POC] qualifier on my patches). However, I suppose such a > thing could be done later, once the desired behavior is all dialed in > (perhaps alongside addressing support for full CRUD operations, which > are still missing, AFIAK). Anyway, I really don't know enough about pass > or auth-source to commit to such an endeavor. But I've reached out to > some folks who may be able to lend a hand. > > Thanks, > J.P. > > > From 450e2f029a26b30d583afcb44e7fdd561a95c277 Mon Sep 17 00:00:00 2001 > From: "F. Jason Park" > Date: Tue, 1 Nov 2022 22:46:24 -0700 > Subject: [PATCH 1/2] [POC] Make auth-source-pass behave more like other > backends > > * lisp/auth-source-pass.el (auth-source-pass-extra-query-keywords): Add > new option to bring search behavior more in line with other backends. > (auth-source-pass-search): Add new keyword params `max' and `require' > and consider new option `auth-source-pass-extra-query-keywords' for > dispatch. > (auth-source-pass--match-regexp, auth-source-pass--retrieve-parsed, > auth-source-pass--match-parts): Add supporting variable and helpers. > (auth-source-pass--build-result-many, > auth-source-pass--find-match-many): Add "-many" variants for existing > workhorse functions. > * test/lisp/auth-source-pass-tests.el > (auth-source-pass-extra-query-keywords--wild-port-miss-netrc, > auth-source-pass-extra-query-keywords--wild-port-miss, > auth-source-pass-extra-query-keywords--wild-port-hit-netrc, > auth-source-pass-extra-query-keywords--wild-port-hit, > auth-source-pass-extra-query-keywords--wild-port-req-miss-netrc, > auth-source-pass-extra-query-keywords--wild-port-req-miss, > auth-source-pass-extra-query-keywords--baseline, > auth-source-pass-extra-query-keywords--port-type, > auth-source-pass-extra-query-keywords--hosts-first): Add juxtaposed > netrc and extra-query-keywords pairs to demo optional extra-compliant > behavior. > * doc/misc/auth.texi: Add option > `auth-source-pass-extra-query-keywords' to auth-source-pass section. > * etc/NEWS: Mention `auth-source-pass-extra-query-keywords' in Emacs > 29.1 package changes section. > --- > doc/misc/auth.texi | 11 +++ > etc/NEWS | 8 ++ > lisp/auth-source-pass.el | 109 ++++++++++++++++++++- > test/lisp/auth-source-pass-tests.el | 144 ++++++++++++++++++++++++++++ > 4 files changed, 271 insertions(+), 1 deletion(-) > > diff --git a/doc/misc/auth.texi b/doc/misc/auth.texi > index 9dc63af6bc..222fce2058 100644 > --- a/doc/misc/auth.texi > +++ b/doc/misc/auth.texi > @@ -526,6 +526,8 @@ The Unix password store > while searching for an entry matching the @code{rms} user on host > @code{gnu.org} and port @code{22}, then the entry > @file{gnu.org:22/rms.gpg} is preferred over @file{gnu.org.gpg}. > +However, such filtering is not applied when the option > +@code{auth-source-pass-extra-parameters} is set to @code{t}. >=20=20 > Users of @code{pass} may also be interested in functionality provided > by other Emacs packages: > @@ -549,6 +551,15 @@ The Unix password store > port in an entry. Defaults to @samp{:}. > @end defvar >=20=20 > +@defvar auth-source-pass-extra-query-keywords > +Set this to @code{t} if you encounter problems predicting the outcome > +of searches relative to other auth-source backends or if you have code > +that expects to query multiple backends uniformly. This tells > +auth-source-pass to consider the @code{:max} and @code{:require} > +keywords as well as lists containing multiple query params (for > +applicable keywords). > +@end defvar > + The name won't make much sense to the ordinary user who don't know about the API. Repeating from another message, this variable should be something like "auth-source-pass-old-search" (or even "...-obsolete-search"). > @node Help for developers > @chapter Help for developers >=20=20 > diff --git a/etc/NEWS b/etc/NEWS > index 89da8aa63f..776936489f 100644 > --- a/etc/NEWS > +++ b/etc/NEWS > @@ -1383,6 +1383,14 @@ If non-nil and there's only one matching option, a= uto-select that. > If non-nil, this user option describes what entries not to add to the > database stored on disk. >=20=20 > +** Auth-Source > + > ++++ > +*** New user option 'auth-source-pass-extra-query-keywords'. > +Whether to recognize additional keyword params, like ':max' and > +':require', as well as accept lists of query terms paired with > +applicable keywords. > + > ** Dired >=20=20 > +++ > diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el > index 0955e2ed07..d9129667e1 100644 > --- a/lisp/auth-source-pass.el > +++ b/lisp/auth-source-pass.el > @@ -55,13 +55,27 @@ auth-source-pass-port-separator > :type 'string > :version "27.1") >=20=20 > +(defcustom auth-source-pass-extra-query-keywords nil > + "Whether to consider additional keywords when performing a query. > +Specifically, when the value is t, recognize the `:max' and > +`:require' keywords and accept lists of query parameters for > +certain keywords, such as `:host' and `:user'. Also, wrap all > +returned secrets in a function and forgo any further results > +filtering unless given an applicable `:require' argument. When > +this option is nil, do none of that, and enact the narrowing > +behavior described toward the bottom of the Info node `(auth) The > +Unix password store'." > + :type 'boolean > + :version "29.1") > + This should be non-nil by default, since it fixes a number of bugs. We don't want to deprive users from these fixes, do we? REPEAT: The name won't make much sense to the ordinary user who don't know about the API. Repeating from another message, this variable should be something like "auth-source-pass-old-search" (or even "...-obsolete-search"). > (cl-defun auth-source-pass-search (&rest spec > &key backend type host user port > + require max > &allow-other-keys) > "Given some search query, return matching credentials. >=20=20 > See `auth-source-search' for details on the parameters SPEC, BACKEND, TY= PE, > -HOST, USER and PORT." > +HOST, USER, PORT, REQUIRE, and MAX." > (cl-assert (or (null type) (eq type (oref backend type))) > t "Invalid password-store search: %s %s") > (cond ((eq host t) > @@ -70,6 +84,8 @@ auth-source-pass-search > ((null host) > ;; Do not build a result, as none will match when HOST is nil > nil) > + (auth-source-pass-extra-query-keywords > + (auth-source-pass--build-result-many host port user require max= )) > (t > (when-let ((result (auth-source-pass--build-result host port us= er))) > (list result))))) > @@ -89,6 +105,41 @@ auth-source-pass--build-result > (seq-subseq retval 0 -2)) ;; remove = password > retval)))) LGTM. >=20=20 > +(defvar auth-source-pass--match-regexp nil) > + > +(defun auth-source-pass--match-regexp (s) > + (rx-to-string ; autoloaded > + `(: (or bot "/") > + (or (: (? (group-n 20 (+ (not (in ?\ ?/ ?@ ,s)))) "@") > + (group-n 10 (+ (not (in ?\ ?/ ?@ ,s)))) > + (? ,s (group-n 30 (+ (not (in ?\ ?/ ,s)))))) > + (: (group-n 11 (+ (not (in ?\ ?/ ?@ ,s)))) > + (? ,s (group-n 31 (+ (not (in ?\ ?/ ,s))))) > + (? "/" (group-n 21 (+ (not (in ?\ ?/ ,s))))))) > + eot) > + 'no-group)) LGTM. > + > +(defun auth-source-pass--build-result-many (hosts ports users require ma= x) > + "Return multiple `auth-source-pass--build-result' values." > + (unless (listp hosts) (setq hosts (list hosts))) > + (unless (listp users) (setq users (list users))) > + (unless (listp ports) (setq ports (list ports))) > + (let* ((auth-source-pass--match-regexp (auth-source-pass--match-regexp > + auth-source-pass-port-separato= r)) > + (rv (auth-source-pass--find-match-many hosts users ports > + require (or max 1)))) > + (when auth-source-debug > + (auth-source-pass--do-debug "final result: %S" rv)) > + (if (eq auth-source-pass-extra-query-keywords 'test) > + (reverse rv) The value `test' is not documented. Is it used in tests? If it is, I think an internal variable would be better. > + (let (out) > + (dolist (e rv out) > + (when-let* ((s (plist-get e :secret)) ; s not captured by clos= ure > + (v (auth-source--obfuscate s))) > + (setf (plist-get e :secret) > + (lambda () (auth-source--deobfuscate v)))) > + (push e out)))))) > + LGTM. > ;;;###autoload > (defun auth-source-pass-enable () > "Enable auth-source-password-store." > @@ -206,6 +257,62 @@ auth-source-pass--find-match > hosts > (list hosts)))) >=20=20 > +(defun auth-source-pass--retrieve-parsed (seen path port-number-p) > + (when-let ((m (string-match auth-source-pass--match-regexp path))) > + (puthash path > + (list :host (or (match-string 10 path) (match-string 11 pat= h)) > + :user (or (match-string 20 path) (match-string 21 pat= h)) > + :port (and-let* ((p (or (match-string 30 path) > + (match-string 31 path))) > + (n (string-to-number p))) > + (if (or (zerop n) (not port-number-p)) > + (format "%s" p) > + n))) > + seen))) LGTM. > + > +(defun auth-source-pass--match-parts (parts key value require) > + (let ((mv (plist-get parts key))) > + (if (memq key require) > + (and value (equal mv value)) > + (or (not value) (not mv) (equal mv value))))) LGTM. > + > +;; For now, this ignores the contents of files and only considers path > +;; components when matching. The file name contains host, user and port, so parsing contents is not needed at all. > +(defun auth-source-pass--find-match-many (hosts users ports require max) > + "Return plists for valid combinations of HOSTS, USERS, PORTS. > +Each plist contains, at the very least, a host and a secret." > + (let ((seen (make-hash-table :test #'equal)) > + (entries (auth-source-pass-entries)) > + port-number-p > + out) > + (catch 'done > + (dolist (host hosts out) > + (pcase-let ((`(,_ ,u ,p) (auth-source-pass--disambiguate host))) > + (unless (or (not (equal "443" p)) (string-prefix-p "https://" = host)) Can "auth-source-pass--disambiguate" return host with the protocol part? > + (setq p nil)) > + (dolist (user (or users (list u))) > + (dolist (port (or ports (list p))) > + (setq port-number-p (equal 'integer (type-of port))) Just saw the first use of "type-of". Doesn't "(integerp port)" work? > + (dolist (e entries) > + (when-let* > + ((m (or (gethash e seen) (auth-source-pass--retrieve= -parsed > + seen e port-number-p))) > + ((equal host (plist-get m :host))) > + ((auth-source-pass--match-parts m :port port requir= e)) > + ((auth-source-pass--match-parts m :user user requir= e)) > + (parsed (auth-source-pass-parse-entry e)) > + (secret (or (auth-source-pass--get-attr 'secret par= sed) > + (not (memq :secret require))))) > + (push > + `( :host ,host ; prefer user-provided :host over h > + ,@(and-let* ((u (plist-get m :user))) (list :user = u)) > + ,@(and-let* ((p (plist-get m :port))) (list :port = p)) > + ,@(and secret (not (eq secret t)) (list :secret se= cret))) > + out) LGTM. > + (when (or (zerop (cl-decf max)) > + (null (setq entries (delete e entries)))) Can the delete call conflict with the dolist loop? > + (throw 'done out))))))))))) > + > (defun auth-source-pass--disambiguate (host &optional user port) > "Return (HOST USER PORT) after disambiguation. > Disambiguate between having user provided inside HOST (e.g., > diff --git a/test/lisp/auth-source-pass-tests.el b/test/lisp/auth-source-= pass-tests.el I don't have much idea about these tests, but... > index f5147a7ce0..718c7cf4ba 100644 > --- a/test/lisp/auth-source-pass-tests.el > +++ b/test/lisp/auth-source-pass-tests.el > @@ -488,6 +488,150 @@ auth-source-pass-prints-meaningful-debug-log > (should (auth-source-pass--have-message-matching > "found 2 entries matching \"gitlab.com\": (\"a/gitlab.com\"= \"b/gitlab.com\")")))) >=20=20 > + > +;; FIXME move this to top of file if keeping these netrc tests > +(require 'ert-x) > + > +;; No entry has the requested port, but a result is still returned. > + > +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-miss-netrc= () > + (ert-with-temp-file netrc-file > + :text "\ > +machine x.com password a > +machine x.com port 42 password b > +" > + (let* ((auth-sources (list netrc-file)) > + (auth-source-do-cache nil) > + (results (auth-source-search :host "x.com" :port 22 :max 2))) > + (dolist (result results) > + (setf result (plist-put result :secret (auth-info-password resul= t)))) > + (should (equal results '((:host "x.com" :secret "a"))))))) How this is testing auth-source-pass? > + > +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-miss () > + (let ((auth-source-pass-extra-query-keywords 'test)) > + (auth-source-pass--with-store '(("x.com" (secret . "a")) > + ("x.com:42" (secret . "b"))) > + (auth-source-pass-enable) > + (should (equal (auth-source-search :host "x.com" :port 22 :max 2) > + '((:host "x.com" :secret "a"))))))) > + > +;; One of two entries has the requested port, both returned > + > +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-hit-netrc = () > + (ert-with-temp-file netrc-file > + :text "\ > +machine x.com password a > +machine x.com port 42 password b > +" > + (let* ((auth-sources (list netrc-file)) > + (auth-source-do-cache nil) > + (results (auth-source-search :host "x.com" :port 42 :max 2))) > + (dolist (result results) > + (setf result (plist-put result :secret (auth-info-password resul= t)))) > + (should (equal results '((:host "x.com" :secret "a") > + (:host "x.com" :port "42" :secret "b"))))= ))) > + > +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-hit () > + (let ((auth-source-pass-extra-query-keywords 'test)) > + (auth-source-pass--with-store '(("x.com" (secret . "a")) > + ("x.com:42" (secret . "b"))) > + (auth-source-pass-enable) > + (should (equal (auth-source-search :host "x.com" :port 42 :max 2) > + '((:host "x.com" :secret "a") > + (:host "x.com" :port 42 :secret "b"))))))) > + > +;; No entry has the requested port, but :port is required, so search fai= ls > + > +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-req-miss-n= etrc () > + (ert-with-temp-file netrc-file > + :text "\ > +machine x.com password a > +machine x.com port 42 password b > +" > + (let* ((auth-sources (list netrc-file)) > + (auth-source-do-cache nil) > + (results (auth-source-search > + :host "x.com" :port 22 :require '(:port) :max 2))) > + (should-not results)))) > + > +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-req-miss () > + (let ((auth-source-pass-extra-query-keywords 'test)) > + (auth-source-pass--with-store '(("x.com" (secret . "a")) > + ("x.com:42" (secret . "b"))) > + (auth-source-pass-enable) > + (should-not (auth-source-search > + :host "x.com" :port 22 :require '(:port) :max 2))))) > + > +;; Specifying a :host without a :user finds a lone entry and does not > +;; include extra fields (i.e., :port nil) in the result > +;; https://lists.gnu.org/archive/html/emacs-devel/2022-11/msg00130.html > + > +(ert-deftest auth-source-pass-extra-query-keywords--netrc-akib () > + (ert-with-temp-file netrc-file > + :text "\ > +machine x.com password a > +machine disroot.org user akib password b > +machine z.com password c > +" > + (let* ((auth-sources (list netrc-file)) > + (auth-source-do-cache nil) > + (results (auth-source-search :host "disroot.org" :max 2))) > + (dolist (result results) > + (setf result (plist-put result :secret (auth-info-password resul= t)))) > + (should (equal results > + '((:host "disroot.org" :user "akib" :secret "b"))))= ))) > + > +(ert-deftest auth-source-pass-extra-query-keywords--akib () > + (let ((auth-source-pass-extra-query-keywords 'test)) > + (auth-source-pass--with-store '(("x.com" (secret . "a")) > + ("akib@disroot.org" (secret . "b")) > + ("z.com" (secret . "c"))) > + (auth-source-pass-enable) > + (should (equal (auth-source-search :host "disroot.org" :max 2) > + '((:host "disroot.org" :user "akib" :secret "b"))))= ))) > + > +;; A retrieved store entry mustn't be nil regardless of whether its > +;; path contains port or user components > + > +(ert-deftest auth-source-pass-extra-query-keywords--baseline () > + (let ((auth-source-pass-extra-query-keywords 'test)) > + (auth-source-pass--with-store '(("x.com")) > + (auth-source-pass-enable) > + (should-not (auth-source-search :host "x.com"))))) > + > +;; Output port type (int or string) matches that of input parameter > + > +(ert-deftest auth-source-pass-extra-query-keywords--port-type () > + (let ((auth-source-pass-extra-query-keywords 'test)) > + (auth-source-pass--with-store '(("x.com:42" (secret . "a"))) > + (auth-source-pass-enable) > + (should (equal (auth-source-search :host "x.com" :port 42) > + '((:host "x.com" :port 42 :secret "a"))))) > + (auth-source-pass--with-store '(("x.com:42" (secret . "a"))) > + (auth-source-pass-enable) > + (should (equal (auth-source-search :host "x.com" :port "42") > + '((:host "x.com" :port "42" :secret "a"))))))) > + > +;; The :host search param ordering more heavily influences the output > +;; because (h1, u1, p1), (h1, u1, p2), ... (hN, uN, pN); also, exact > +;; matches are not given precedence, i.e., matching store items are > +;; returned in the order encountered > + > +(ert-deftest auth-source-pass-extra-query-keywords--hosts-first () > + (let ((auth-source-pass-extra-query-keywords 'test)) > + (auth-source-pass--with-store '(("x.com:42/bar" (secret . "a")) > + ("gnu.org" (secret . "b")) > + ("x.com" (secret . "c")) > + ("fake.com" (secret . "d")) > + ("x.com/foo" (secret . "e"))) > + (auth-source-pass-enable) > + (should (equal (auth-source-search :host '("x.com" "gnu.org") :max= 3) > + ;; Notice gnu.org is never considered ^ > + '((:host "x.com" :user "bar" :port "42" :secret "a") > + (:host "x.com" :secret "c") > + (:host "x.com" :user "foo" :secret "e"))))))) > + > + > (provide 'auth-source-pass-tests) >=20=20 > ;;; auth-source-pass-tests.el ends here =2D-=20 Akib Azmain Turja --- https://akib.codeberg.page/ GPG key: 70018CE5819F17A3BBA666AFE74F0EFA922AE7F5 Fediverse: akib@hostux.social, Codeberg: akib emailselfdefense.fsf.org | "Nothing can be secure without encryption." --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEyVTKmrtL6kNBe3FRVTX89U2IYWsFAmNspEcACgkQVTX89U2I YWsnNA//XPwqvVSHEsHcPS4bmuVNyYuyMB7KHyytzvnnl2PZ7nvq+2Nj1iX267zd rIHthJw8v5PhuAoLQTOckjMVXGl1DPWblxgk/06ilXRNIn/TNSRUOpzrYOU6Dp+3 w2R14vIReA/KQoQ/hbxm/KlCZPqVRewnQEJfOf7I5McAGvEcenF3qaNqcN0Gst7W QWlDn4eYNf51UOSDSox0PzdLNP23+u9N1+ECRJNFuWgoUC/f12nkV7bslk7zZi3p 6B2WLEOuT0Dhm3lolzqyv0FwpCRegm3nPA7yopTWNQWMRzx4IZU1J0AQk0HIoN9N WNN5xRxaVrIgrCnJjzyV0PYSe82G9CxA5DrJgeiZhsGGPyFOWarHJ20VHfj5yFQ2 Lc0qLAU7DngX/4Wmykb5IaaceD/Kzvn2MpX9F/gfd2hW8MuW19g6KsN+GM/DdyqE YHYIQ5doMldnd9Vs8NQUTj9V70uM3+CxOqknGeLbafeDq7Ohv56UZAkH5pzNT+gb o3SMR2XWadurVGsGjp8DVgKmIdsjfyEG6QNoP/af5YDRaHWOZ0w/8BdNO7m34/mH bJ6KNxDVGy3z8u6h6MuLfdeKXZ14PtrMeTlUNeG18zrsQolPninNbui0reuy5SD0 AnrJU3gyntUMUNN1r2k9epwKJZArJSH/GbII+UfWxTDApQwDvhY= =iyuM -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 10 02:46:52 2022 Received: (at 58985) by debbugs.gnu.org; 10 Nov 2022 07:46:52 +0000 Received: from localhost ([127.0.0.1]:41774 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ot2Gx-0001d1-ON for submit@debbugs.gnu.org; Thu, 10 Nov 2022 02:46:52 -0500 Received: from knopi.disroot.org ([178.21.23.139]:48946) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ot2Gw-0001cs-EN for 58985@debbugs.gnu.org; Thu, 10 Nov 2022 02:46:51 -0500 Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id C1C8941090; Thu, 10 Nov 2022 08:46:49 +0100 (CET) X-Virus-Scanned: SPAM Filter at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u-IwhphABXO8; Thu, 10 Nov 2022 08:46:48 +0100 (CET) From: Akib Azmain Turja DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1668066408; bh=88jKVheyPzYZTNMib767l8KLmFGHgGUKkh8ZY5/A/hs=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=OUAc4uHbGhNxcnYZnWyF+pK/D62eDj2f1ExJDQFZ8DKlNzFIlbXED3eWL/ia+NmKd qHWn7veKfDKNkYzpVzV211XKrsbeSvBx6T8jEHORBnKH2UeD8sb1JoyW6a/Vb85Q3m pbg8oXvC/gHSU73RWcydGLA42Sr1xN0McMZItoKTwnZLUAxlqPXcW68qx/mBMTT8JN GDs1dup0uQGi0rIP8pCV/54Atkx7wxP2m1R+EVcNr3I1nX7XJ7GeA6I0Klmts+8VAS z8k9eqbUXlVOG4FbE2lwC0DF+jVOzNLj04KzRGb+pnsj5q65YJyI5bwzrMke0Zz89v Li3agBHKIhgxA== To: Akib Azmain Turja via "Bug reports for GNU Emacs, the Swiss army knife of text editors" Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <878rkkoup4.fsf@disroot.org> (Akib Azmain Turja via's message of "Thu, 10 Nov 2022 00:21:11 +0600") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <878rkkoup4.fsf@disroot.org> Date: Thu, 10 Nov 2022 13:12:56 +0600 Message-ID: <874jv7l1tz.fsf@disroot.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: Damien Cassou , emacs-erc@gnu.org, Michael Albinus , 58985@debbugs.gnu.org, "J.P." X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Akib Azmain Turja via "Bug reports for GNU Emacs, the Swiss army knife of text editors" writes: > Michael Albinus writes: > >> "J.P." writes: >> >> Hi, >> >>> v2. Respect existing user option. >> >> I'm not familiar with the auth-source-pass.el implementation, so I >> cannot speak too much about your patch. Reading it roughly, I haven't >> found serious flaws, 'tho. > > It has a serious flaw AFAIK. I have a password entry > "akib@disroot.org", and this legitimate search query doesn't find it: > > (auth-source-search :host "disroot.org") > > But if specify the user, it finds the entry: > > (auth-source-search :host "disroot.org" :user "akib") > > And the entries can also be ambiguous. For example, the entry at path > "foo.org/bar.net" might be interpreted as the password of bar.net, or > as the password of the user "bar.net" on "foo.org". The current > implementation seems to interpret such entries unpredictably. > I mean, the current implementation, not the patch. =2D-=20 Akib Azmain Turja --- https://akib.codeberg.page/ GPG key: 70018CE5819F17A3BBA666AFE74F0EFA922AE7F5 Fediverse: akib@hostux.social, Codeberg: akib emailselfdefense.fsf.org | "Nothing can be secure without encryption." --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEyVTKmrtL6kNBe3FRVTX89U2IYWsFAmNspHgACgkQVTX89U2I YWt+uhAAoBa94+XLYY3VrmZBtG7+7dif1nGJi0f9ObsbW05W1gH8VVOherurepfr taH0Vr870XBXDa0EGPbUb9XGd3jAhK+GKw6mDqeTnkMMmjEmU9I84qah9d0sPKmG LIx/O71rrWJFAVxS8EDhA7ynWOIs0m5Zw1TUu3+YAokW/2zldGe0c42ldQPx+I4P ohDfQHKdWGpAzsbqjHrD18ncxeO5jdorONDGbFrs7/uqJYiotTHDKPOZJ5YJJJZG 9gplywPcvnANDzve5dHILtuJxRaMaNSLQ6lnAiiSdZCfJ75y8iFnDKA5USEzcR+O UD7/yJom8QK2p6N0hAPES0a5mvcLsBOvTqP1R7A/syVbmmmBDqQiUwddYlY7ScZ4 bZCnflrGs0oCxBtAMfdyvJ6OMJOANW0ewoLgAYMTh/Ja4lw16SdYDyohTDGv/CaG fKeGgDeYte134TX5K8ZVHytfEfdSSVclpBQB7CmWLV0ARzn03HLQF8zNa5NtE1JT E/ZQ57hzAjbfJgyR68DAGn/fFzXlWvW+ScLZyGqK1PBd4o5knhhnHY3X9s1cTbTq /8g3PRcB4WkegbAQqmATcT26HV0QZhgItdv/E9//HlPoI/l1S8wt7SAfVwHk06f7 jvjjaG9b8l0CoJUIOZaLU1pLD5NzHbnGnccavxZ+eTYrGaBqZ0I= =lsio -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 10 03:21:23 2022 Received: (at 58985) by debbugs.gnu.org; 10 Nov 2022 08:21:23 +0000 Received: from localhost ([127.0.0.1]:41811 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ot2oN-0002UV-9R for submit@debbugs.gnu.org; Thu, 10 Nov 2022 03:21:23 -0500 Received: from knopi.disroot.org ([178.21.23.139]:52434) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ot2oL-0002UM-3s for 58985@debbugs.gnu.org; Thu, 10 Nov 2022 03:21:22 -0500 Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id B176740F3C; Thu, 10 Nov 2022 09:21:19 +0100 (CET) X-Virus-Scanned: SPAM Filter at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EP9W6rV6TPGh; Thu, 10 Nov 2022 09:21:18 +0100 (CET) From: Akib Azmain Turja DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1668068478; bh=QlI8gSuiRwVrfKTVGiCPXLJl3BOHHNzAWw4l61QDVus=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=Dhk9xCWTkHmEk7LYgtRUk5BaKUbGvxNzuwJpaFfkTtTnlzGezR9SdHGV1N2WQAhlv cY4B2gS8ekJEu26/v/Oej7Dh/75RyVQRQKxas6tXvjvW/F4oMIk4lXMQP7IfOni5Os z/3de6mF2FPqY1Ee+Eb4pkmQ6luP8QgUMGnDmmB4gRdFm5Ik+ihpV6X2QIrTZ7sg8u wAUBplMgIIhZEn+BmlGhyqeKsW66t0WluX/AewIPqIJ3LqMQw+RFU7DYioK3og4vpa SxD9iiBt3UGeRoDPaRuBl+6bYBt5qKS2mqT15JzRu9ZO5E3ekVRID95EFB+rnWnnup h3BmTGUAlhlnA== To: "J.P." Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <87a64zo01q.fsf@neverwas.me> (J. P.'s message of "Wed, 09 Nov 2022 21:23:13 -0800") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <878rkkoup4.fsf@disroot.org> <87a64zo01q.fsf@neverwas.me> Date: Thu, 10 Nov 2022 14:11:31 +0600 Message-ID: <87sfirjkjw.fsf@disroot.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: Damien Cassou , =?utf-8?Q?Bj=C3=B6rn?= Bidar , emacs-erc@gnu.org, Michael Albinus , 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable "J.P." writes: > Hi Akib, > > Akib Azmain Turja writes: > >> Michael Albinus writes: >> >>> "J.P." writes: >>> >>> Hi, >>> >>>> v2. Respect existing user option. >>> >>> I'm not familiar with the auth-source-pass.el implementation, so I >>> cannot speak too much about your patch. Reading it roughly, I haven't >>> found serious flaws, 'tho. >> >> It has a serious flaw AFAIK. I have a password entry >> "akib@disroot.org", and this legitimate search query doesn't find it: >> >> (auth-source-search :host "disroot.org") >> >> But if specify the user, it finds the entry: >> >> (auth-source-search :host "disroot.org" :user "akib") > > Hm, that's unfortunate. I specifically added a pair of tests just for > this, namely > > auth-source-pass-extra-query-keywords--netrc-akib > auth-source-pass-extra-query-keywords--akib > > Are you able to pinpoint why they're reporting a false positive by any > chance (or give a minimal repro recipe with an FS tree layout of some > ~/.password-store)? Also, and I'm not trying to be insulting here, but > did you remember to rerun Make after applying the patch(es)? > Actually, I didn't review the patches in this email, I just commented on the auth-source-pass in the master *right now*, not the patch. Sorry for the trouble. >> And the entries can also be ambiguous. For example, the entry at path >> "foo.org/bar.net" might be interpreted as the password of bar.net, or >> as the password of the user "bar.net" on "foo.org". The current >> implementation seems to interpret such entries unpredictably. > > Sounds convincing. What do you think about deprecating the /user form? > (This may have to be spun off into a separate bug report.) > > At the end of the day, I'm more concerned about consistency (and thus > predictability) than anything. IOW, I'd be okay with "foo.org/bar.net" > being parsed either way, as long as it's the *same* way every time, > which we could then document. If you're indeed finding otherwise, please > provide an MRE for this as well (with patches applied, of course). > >>> - The name of this user option as well as its docstring are focussed on >>> the current behavior. People won't know what "mimic other auth-source >>> backends" would mean. Please describe the effect w/o that comparison, >>> and pls give it a name based on its effect, and not "...-standard-sea= rch". >> >> I agree. This variable should be something like >> "auth-source-pass-old-search" (or even "...-obsolete-search"). > > Wait, but `auth-source-pass-old-search' sounds like we're regressing to > describing a comparison rather than an effect. The name in the second > (v2) iteration, `auth-source-pass-extra-query-keywords', was an attempt > to rein in the scope of the option and convey no more than what it's > claiming to offer. Thanks for clarification. I have written the same thing in my another (actual) patch review email, feel free to ignore those parts. > >> And the default should be nil, because it fixes many bugs, and it's >> pointless to disable the fixes by the default. > > Not sure I agree here, even though Damien seems to be in accord. In the > interest of minimizing churn for Melpa's pass and password-store > packages, I'd rather make this an opt-in for Emacs 29 if we end up > including it at all. > How about communicating with them? >>> - I'm missing the documentation in doc/misc/auth.texi and etc/NEWS. >> >> What documentation? Of this change or anything else? I think we should >> focus on the implement before writing documentation. > > Hm, (again, not trying to insult here, but) did you somehow miss the > patches attached to the email you replied to? It kind of looks that way > based on your comments. If I'm wrong, though, please forgive; I > appreciate your input regardless. Yeah, you are right, I didn't notice those patches and just commented on the auth-source-pass in the master *right now*, not the patch. Please forgive for the trouble. > > Thanks, > J.P. > > > =2D-=20 Akib Azmain Turja --- https://akib.codeberg.page/ GPG key: 70018CE5819F17A3BBA666AFE74F0EFA922AE7F5 Fediverse: akib@hostux.social, Codeberg: akib emailselfdefense.fsf.org | "Nothing can be secure without encryption." --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEyVTKmrtL6kNBe3FRVTX89U2IYWsFAmNssjQACgkQVTX89U2I YWu69BAAn/nMR72vNbOvdeE0TOhpwY6jfaFHiEcg+jkOPzz7xPs/elLkMy+sLoYk Sq/ckk22BAgPQw+p7Ryx31XPGTHarS9gfShFjk5Dq1QZfFrUzAiCZuKUWgnmWUiP Mm09lMTEvBnyRQMr75y46OVO4/NwXjnOuuAxQvSoJuBgVkJKgZbQUcbBLgu9yaY+ m8H8detjrxsFldb8y3vK06HNEQo+kZYKlreZ/c8Y8whkfJTjvpyI7tZq7laR4Ikq zoB54YwGRcYZO5JngvoX2sAKhy6AdpD9zK6eRW4RCtiB2wfD0PTumr/Un53VOOt7 QgLG8q32yLwoprNcfNhbDamj6yJ+dFNj7ShGc1rkE8qnYggz7N1CznzDkMRgCfLm QJSnDE3laAGqFdfKCEgfyjrj36Mn4l27dQHyMHZExAFWTqly+VsiGOwTMQfHHLsP k98SLuU6qXVvVH29uHBboU+G9ttZl/4N1UPiAp+BYdVaxkXgZxUASHsmjQ1GoHKI n1wDvlpfcj6dsuO2RtJmiDtMq188lmJYTkkUwvdFKzuMxP7j7ajXi0LupWHPUNH5 Sul6Qli80zsk5PrP9W6dQDANhl/2nBfR2qls9uezaAYDkMceDRgBsIksDxqbRdDh HXtMbwPen0IlinMvO5Kp2EZwL4eQucThbk60zAUtlASt8E6EkqU= =1WOw -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 10 08:40:54 2022 Received: (at 58985) by debbugs.gnu.org; 10 Nov 2022 13:40:54 +0000 Received: from localhost ([127.0.0.1]:42274 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ot7na-0002ef-9O for submit@debbugs.gnu.org; Thu, 10 Nov 2022 08:40:54 -0500 Received: from thaodan.de ([185.216.177.71]:51238) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ot7nV-0002eQ-8X for 58985@debbugs.gnu.org; Thu, 10 Nov 2022 08:40:52 -0500 Received: from odin (dsl-trebng12-b04885-76.dhcp.inet.fi [176.72.133.76]) by thaodan.de (Postfix) with ESMTPSA id C1274D02507; Thu, 10 Nov 2022 15:40:45 +0200 (EET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=thaodan.de; s=mail; t=1668087646; bh=ClUfdwta2r6/D6NyOQAnhVtcepJgZmhMOQABah2YRlo=; h=From:To:Cc:Subject:In-Reply-To:References:Date; b=FvXkk0FKmzGv139mJx3YLGXN9C3mDG/alEeMhGyC+ZHSpnJmRShDt4wY3KZnMY/fo IQQ2lF35TUEHbgYPidBnV/j1jBiyGRpnP5NktZO77quTGg35djppNS8rnXl/1mvwDs qnK1RrfTQzZFeQ/RjhfCEVt8ZkmzgtDKkX6yRmCevovOW3Hpt6OcHGi5nUTdqxdUQd 2a9IxIpZ4NImg2sWUi032KqpDQ6fQ7HZ1gGyBOsshZhz88KZ2gbxcwZWMXkonjO3JH H5iuDOBQenDkazsk+U9V+GU3NiCnCLfF6ErmOfKG++R6dn7ORS+RD85Kc/WZgDhf5A uXA15+ZioCmm/PXONk1hJ1+KiptY50lDx/rVUU8nS5XuO14MDTYhaotZWfAQNPzv+E RWzUKx9LarneY5uACaVkO7aBgbdmIRh90LLsexIspRB72FQADmAXRGM2X0N2OI0Bav fsGNDqvHnO/icDST29uz9nhheNjwqpSiCiNoxozv0AUlpIFwD3oZZlD+PDDbBn/BNA hxVr8WWNEbckjX5B//Rr0vgbaMcUif01uhLiLJziRqtf9Rr/XRqlpMp8t7EFUCDCwK eQUbRD6Ua2sfFtWbOLLilGuj7zFqMiJoRZPEUZMeR8rIo9AjoSE6BDeB+R7hvPehUb KVUhNMpCCs9iohalve7G+C88= From: =?utf-8?Q?Bj=C3=B6rn?= Bidar To: "J.P." Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <875yfnnzy6.fsf@neverwas.me> (J. P.'s message of "Wed, 09 Nov 2022 21:25:21 -0800") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> <874jvbnje1.fsf@gmx.de> <875yfpmtwb.fsf__40235.4477484309$1667915906$gmane$org@neverwas.me> <87o7tfiqws.fsf@thaodan.de> <875yfnnzy6.fsf@neverwas.me> Date: Thu, 10 Nov 2022 15:40:45 +0200 Message-ID: <87cz9vhqqq.fsf@thaodan.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: Damien Cassou , emacs-erc@gnu.org, Michael Albinus , 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) "J.P." writes: > I know this is asking a lot, but if you get a chance, please apply the > v2 patches and try them out. (Actually, you can omit the second one in > the set, which only affects ERC.) I want to add I'm not an ERC user but circe user, I've got interested in the patch as I use the backend with circe, gnus, magit, elfeed and so on. >> will this mean the backend will act less like Passwordstore.org >> describes or more? > > That's a good question. My main goal thus far has been to make its query > behavior as close as possible to that of the other auth-source back > ends. Glancing at that web page, it seems auth-source-pass has taken > some liberties WRT to query features, like drilling down into the tail > of a file's contents and ascribing semantics to parts of a file name. A lot of programs don't implement the full path traversal and just end up having a static or a bogus path (e.g. those that implement Freedesktop SecretService with pass). So I favor a correct implementation, any progress is welcome. >> I think the backend should follow the users organization of the >> passwordstore folder if possible. > > From this I'll infer that the current implementation of auth-source-pass > does that sufficiently. If that's so and the changes I'm proposing > threaten to interfere with that, what's your opinion on the default > value of a knob to toggle the new behavior? Hm it depends if there are any backends that workaround that old behavior. >From what I see the only difference really is that you can specify require and max. My personal bindings for circe to auth-source currently only exist of small functions: ;; Adopted from Ghub.el, refactored for use with Circe IRC (defun circe--ident (username network) (format "%s^%s" username network)) (defun circe--auth-source-get (keys &rest spec) (declare (indent 1)) (let ((plist (car (apply #'auth-source-search (append spec (list :max 1)))))) (mapcar (lambda (k) (plist-get plist k)) keys))) (defun circe-pass-get (host user &optional network) "\fn(fn host user &optional network)" (auth-source-forget (list :host host :user user :max 1)) (when network (setq user (circe--ident user network))) (let ((match (car (circe--auth-source-get (list :secret) :host host :user user)))) (cond ((null match) (error "Auth source empty for %s %s %s" host user network)) ((functionp match) (funcall match)) (t match)))) Which makes me wonder why ERC needs the different behavior but then I'm not really a good lisp programmer more a novice. Br, Bj=C3=B6rn From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 10 09:39:00 2022 Received: (at 58985) by debbugs.gnu.org; 10 Nov 2022 14:39:00 +0000 Received: from localhost ([127.0.0.1]:42368 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ot8hm-0006LK-BA for submit@debbugs.gnu.org; Thu, 10 Nov 2022 09:39:00 -0500 Received: from mail-108-mta33.mxroute.com ([136.175.108.33]:38919) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ot8hV-0006Kq-6s for 58985@debbugs.gnu.org; Thu, 10 Nov 2022 09:38:56 -0500 Received: from mail-111-mta2.mxroute.com ([136.175.111.2] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta33.mxroute.com (ZoneMTA) with ESMTPSA id 18461fa6f8e0006e99.002 for <58985@debbugs.gnu.org> (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Thu, 10 Nov 2022 14:38:33 +0000 X-Zone-Loop: 6fe7897bb5cbf417cc8658db2912652dcb63cb79e4b0 X-Originating-IP: [136.175.111.2] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neverwas.me ; s=x; h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To: Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=FLG0SINpmjpQJFMRFy6soI+R/afJcPvyI1OEJBnnd2c=; b=mdPnuZVZc38zJFGkI5h6vKa/1W Hh5uKpAClup6zFXgRMp/S+e+R3NV0K0ciKfl33tw42nMxuzP7YxkygC4rfF8gQao7UUC8vgO8VChX GqvxMwY7Ip6JcsY6ZCY0Gp8w15ulSdq8Jk3tTOcbB7n8MRMeeijUjw/QMa0F9r0JJmMJJUq9IeEGd GWzETnn7xaC8arMfyu+WIEc68yR/BOguj5vqrBBY1qEVZs4/hGSCLoJHlKtn4hUUjBSXnpVI4S6qx iMM6Wx3HNi9g+p/ic0x1AjMWp+Ytq5wv0OMkCev5Wx5oFXAHdHqwAl/SUSvZe+fw/oRT4TbUEU2iw sV7EdzMA==; From: "J.P." To: Akib Azmain Turja Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <878rkjl1vd.fsf@disroot.org> (Akib Azmain Turja's message of "Thu, 10 Nov 2022 13:12:06 +0600") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> <878rkjl1vd.fsf@disroot.org> Date: Thu, 10 Nov 2022 06:38:29 -0800 Message-ID: <87r0yac1sq.fsf@neverwas.me> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Authenticated-Id: masked@neverwas.me X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: Damien Cassou , =?utf-8?Q?Bj=C3=B6rn?= Bidar , emacs-erc@gnu.org, Michael Albinus , 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Akib Azmain Turja writes: >> +(defcustom auth-source-pass-extra-query-keywords nil > [...] > > This should be non-nil by default, since it fixes a number of bugs. We > don't want to deprive users from these fixes, do we? If that's what everyone here agrees to, then fine by me. Hopefully end users and dependent packages will agree. >> +(defun auth-source-pass--build-result-many (hosts ports users require max) >> + "Return multiple `auth-source-pass--build-result' values." >> + (unless (listp hosts) (setq hosts (list hosts))) >> + (unless (listp users) (setq users (list users))) >> + (unless (listp ports) (setq ports (list ports))) >> + (let* ((auth-source-pass--match-regexp (auth-source-pass--match-regexp >> + auth-source-pass-port-separator)) >> + (rv (auth-source-pass--find-match-many hosts users ports >> + require (or max 1)))) >> + (when auth-source-debug >> + (auth-source-pass--do-debug "final result: %S" rv)) >> + (if (eq auth-source-pass-extra-query-keywords 'test) >> + (reverse rv) > > The value `test' is not documented. Is it used in tests? If it is, I > think an internal variable would be better. We could certainly do that. I left it as something uglier and more sentinel-like for now. >> + >> +;; For now, this ignores the contents of files and only considers path >> +;; components when matching. > > The file name contains host, user and port, so parsing contents is not > needed at all. Right, but since `auth-source-pass--parse-data' impacts the code path whenever a multiline file is encountered, I thought the reader should know that we're consciously disregarding its findings. Anyway, I've moved the comment somewhere more relevant and reworded it for clarity. >> +(defun auth-source-pass--find-match-many (hosts users ports require max) >> + "Return plists for valid combinations of HOSTS, USERS, PORTS. >> +Each plist contains, at the very least, a host and a secret." >> + (let ((seen (make-hash-table :test #'equal)) >> + (entries (auth-source-pass-entries)) >> + port-number-p >> + out) >> + (catch 'done >> + (dolist (host hosts out) >> + (pcase-let ((`(,_ ,u ,p) (auth-source-pass--disambiguate host))) >> + (unless (or (not (equal "443" p)) (string-prefix-p "https://" host)) > > Can "auth-source-pass--disambiguate" return host with the protocol part? No, but it downcases the host, so "Libera.Chat" becomes "libera.chat", which may be desirable for some use cases but not for ERC's (and I suspect those of other dependent libraries as well). If I call `auth-source-search' with :host Libera.Chat or "ircs://irc.libera.chat", and I get a match, I want the result to contain a host `equal' to the one I passed in (as is the case with other back ends) and not some normalized version, like "{,irc.}libera.chat". Likewise, for ports and users. >> + (setq p nil)) >> + (dolist (user (or users (list u))) >> + (dolist (port (or ports (list p))) >> + (setq port-number-p (equal 'integer (type-of port))) > > Just saw the first use of "type-of". Doesn't "(integerp port)" work? Thanks. >> + (when (or (zerop (cl-decf max)) >> + (null (setq entries (delete e entries)))) > > Can the delete call conflict with the dolist loop? In this particular case, I don't believe so, although things get confusing when you have duplicates (which we don't). When expanded, we basically have (let ((tail entries)) (while tail (let ((e (car tail))) (cl-assert (eq (member e entries) tail)) ; invariant (when ... (setq entries (delete e entries))) (setq tail (cdr tail))))) where the CDR of the current tail may become the CDR of the previous tail on a match, but that doesn't mutate the former. Regardless, I suppose it's bad practice to depend on internal implementations, which could always change, so I've swapped this out for `remove' instead. Good question. >> +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-miss-netrc () >> + (ert-with-temp-file netrc-file >> + :text "\ >> +machine x.com password a >> +machine x.com port 42 password b >> +" >> + (let* ((auth-sources (list netrc-file)) >> + (auth-source-do-cache nil) >> + (results (auth-source-search :host "x.com" :port 22 :max 2))) >> + (dolist (result results) >> + (setf result (plist-put result :secret (auth-info-password result)))) >> + (should (equal results '((:host "x.com" :secret "a"))))))) > > How this is testing auth-source-pass? It's there for comparison and to cement the behavior of the reference implementation, netrc, as canon. Notice that those `auth-source-search' calls for every pair of cases are identical despite having different back ends (that's the whole point). Happy to move all the netrc variants to test/lisp/auth-source-tests.el, but locality for juxtaposition's sake can often be a mercy on tired eyes. Thanks for the notes. --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0000-v3-v4.diff >From e5fe85b89746fdc90ba68f3648482e15019720fd Mon Sep 17 00:00:00 2001 From: "F. Jason Park" Date: Thu, 10 Nov 2022 05:38:48 -0800 Subject: [PATCH 0/2] *** NOT A PATCH *** *** BLURB HERE *** F. Jason Park (2): [POC] Make auth-source-pass behave more like other backends [POC] Support auth-source-pass in ERC doc/misc/auth.texi | 11 ++ doc/misc/erc.texi | 3 +- etc/NEWS | 8 ++ lisp/auth-source-pass.el | 107 +++++++++++++++++- lisp/erc/erc-compat.el | 99 ++++++++++++++++ lisp/erc/erc.el | 7 +- test/lisp/auth-source-pass-tests.el | 169 ++++++++++++++++++++++++++++ test/lisp/erc/erc-services-tests.el | 3 - 8 files changed, 401 insertions(+), 6 deletions(-) Interdiff: diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el index d9129667e1..8d7241eb1a 100644 --- a/lisp/auth-source-pass.el +++ b/lisp/auth-source-pass.el @@ -130,7 +130,7 @@ auth-source-pass--build-result-many require (or max 1)))) (when auth-source-debug (auth-source-pass--do-debug "final result: %S" rv)) - (if (eq auth-source-pass-extra-query-keywords 'test) + (if (eq auth-source-pass-extra-query-keywords '--test--) (reverse rv) (let (out) (dolist (e rv out) @@ -276,14 +276,11 @@ auth-source-pass--match-parts (and value (equal mv value)) (or (not value) (not mv) (equal mv value))))) -;; For now, this ignores the contents of files and only considers path -;; components when matching. (defun auth-source-pass--find-match-many (hosts users ports require max) "Return plists for valid combinations of HOSTS, USERS, PORTS. Each plist contains, at the very least, a host and a secret." (let ((seen (make-hash-table :test #'equal)) (entries (auth-source-pass-entries)) - port-number-p out) (catch 'done (dolist (host hosts out) @@ -292,15 +289,16 @@ auth-source-pass--find-match-many (setq p nil)) (dolist (user (or users (list u))) (dolist (port (or ports (list p))) - (setq port-number-p (equal 'integer (type-of port))) (dolist (e entries) (when-let* ((m (or (gethash e seen) (auth-source-pass--retrieve-parsed - seen e port-number-p))) + seen e (integerp port)))) ((equal host (plist-get m :host))) ((auth-source-pass--match-parts m :port port require)) ((auth-source-pass--match-parts m :user user require)) (parsed (auth-source-pass-parse-entry e)) + ;; For now, ignore body-content pairs, if any, + ;; from `auth-source-pass--parse-data'. (secret (or (auth-source-pass--get-attr 'secret parsed) (not (memq :secret require))))) (push @@ -310,7 +308,7 @@ auth-source-pass--find-match-many ,@(and secret (not (eq secret t)) (list :secret secret))) out) (when (or (zerop (cl-decf max)) - (null (setq entries (delete e entries)))) + (null (setq entries (remove e entries)))) (throw 'done out))))))))))) (defun auth-source-pass--disambiguate (host &optional user port) diff --git a/lisp/erc/erc-compat.el b/lisp/erc/erc-compat.el index 747a1152ff..739f502764 100644 --- a/lisp/erc/erc-compat.el +++ b/lisp/erc/erc-compat.el @@ -221,7 +221,6 @@ erc-compat--auth-source-pass--build-result-many (if (memq k require) (and v (equal mv v)) (or (not v) (not mv) (equal mv v)))))) - port-number-p out) (catch 'done (dolist (host hosts) @@ -230,12 +229,11 @@ erc-compat--auth-source-pass--build-result-many (setq p nil)) (dolist (user (or users (list u))) (dolist (port (or ports (list p))) - (setq port-number-p (equal 'integer (type-of port))) (dolist (e entries) (when-let* ((m (or (gethash e seen) (erc-compat--auth-source-pass--retrieve-parsed - seen e port-number-p))) + seen e (integerp port)))) ((equal host (plist-get m :host))) ((funcall check m :port port)) ((funcall check m :user user)) @@ -249,7 +247,7 @@ erc-compat--auth-source-pass--build-result-many ,@(and secret (not (eq secret t)) (list :secret secret))) out) (when (or (zerop (cl-decf max)) - (null (setq entries (delete e entries)))) + (null (setq entries (remove e entries)))) (throw 'done nil))))))))) (reverse out))) diff --git a/test/lisp/auth-source-pass-tests.el b/test/lisp/auth-source-pass-tests.el index 718c7cf4ba..1839801546 100644 --- a/test/lisp/auth-source-pass-tests.el +++ b/test/lisp/auth-source-pass-tests.el @@ -508,7 +508,7 @@ auth-source-pass-extra-query-keywords--wild-port-miss-netrc (should (equal results '((:host "x.com" :secret "a"))))))) (ert-deftest auth-source-pass-extra-query-keywords--wild-port-miss () - (let ((auth-source-pass-extra-query-keywords 'test)) + (let ((auth-source-pass-extra-query-keywords '--test--)) (auth-source-pass--with-store '(("x.com" (secret . "a")) ("x.com:42" (secret . "b"))) (auth-source-pass-enable) @@ -532,7 +532,7 @@ auth-source-pass-extra-query-keywords--wild-port-hit-netrc (:host "x.com" :port "42" :secret "b"))))))) (ert-deftest auth-source-pass-extra-query-keywords--wild-port-hit () - (let ((auth-source-pass-extra-query-keywords 'test)) + (let ((auth-source-pass-extra-query-keywords '--test--)) (auth-source-pass--with-store '(("x.com" (secret . "a")) ("x.com:42" (secret . "b"))) (auth-source-pass-enable) @@ -555,7 +555,7 @@ auth-source-pass-extra-query-keywords--wild-port-req-miss-netrc (should-not results)))) (ert-deftest auth-source-pass-extra-query-keywords--wild-port-req-miss () - (let ((auth-source-pass-extra-query-keywords 'test)) + (let ((auth-source-pass-extra-query-keywords '--test--)) (auth-source-pass--with-store '(("x.com" (secret . "a")) ("x.com:42" (secret . "b"))) (auth-source-pass-enable) @@ -582,7 +582,7 @@ auth-source-pass-extra-query-keywords--netrc-akib '((:host "disroot.org" :user "akib" :secret "b"))))))) (ert-deftest auth-source-pass-extra-query-keywords--akib () - (let ((auth-source-pass-extra-query-keywords 'test)) + (let ((auth-source-pass-extra-query-keywords '--test--)) (auth-source-pass--with-store '(("x.com" (secret . "a")) ("akib@disroot.org" (secret . "b")) ("z.com" (secret . "c"))) @@ -590,11 +590,36 @@ auth-source-pass-extra-query-keywords--akib (should (equal (auth-source-search :host "disroot.org" :max 2) '((:host "disroot.org" :user "akib" :secret "b"))))))) +;; Searches for :host are case-sensitive, and a returned host isn't +;; normalized. + +(ert-deftest auth-source-pass-extra-query-keywords--netrc-host () + (ert-with-temp-file netrc-file + :text "\ +machine libera.chat password a +machine Libera.Chat password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "Libera.Chat" :max 2))) + (dolist (result results) + (setf result (plist-put result :secret (auth-info-password result)))) + (should (equal results '((:host "Libera.Chat" :secret "b"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--host () + (let ((auth-source-pass-extra-query-keywords '--test--)) + (auth-source-pass--with-store '(("libera.chat" (secret . "a")) + ("Libera.Chat" (secret . "b"))) + (auth-source-pass-enable) + (should (equal (auth-source-search :host "Libera.Chat" :max 2) + '((:host "Libera.Chat" :secret "b"))))))) + + ;; A retrieved store entry mustn't be nil regardless of whether its ;; path contains port or user components (ert-deftest auth-source-pass-extra-query-keywords--baseline () - (let ((auth-source-pass-extra-query-keywords 'test)) + (let ((auth-source-pass-extra-query-keywords '--test--)) (auth-source-pass--with-store '(("x.com")) (auth-source-pass-enable) (should-not (auth-source-search :host "x.com"))))) @@ -602,7 +627,7 @@ auth-source-pass-extra-query-keywords--baseline ;; Output port type (int or string) matches that of input parameter (ert-deftest auth-source-pass-extra-query-keywords--port-type () - (let ((auth-source-pass-extra-query-keywords 'test)) + (let ((auth-source-pass-extra-query-keywords '--test--)) (auth-source-pass--with-store '(("x.com:42" (secret . "a"))) (auth-source-pass-enable) (should (equal (auth-source-search :host "x.com" :port 42) @@ -618,7 +643,7 @@ auth-source-pass-extra-query-keywords--port-type ;; returned in the order encountered (ert-deftest auth-source-pass-extra-query-keywords--hosts-first () - (let ((auth-source-pass-extra-query-keywords 'test)) + (let ((auth-source-pass-extra-query-keywords '--test--)) (auth-source-pass--with-store '(("x.com:42/bar" (secret . "a")) ("gnu.org" (secret . "b")) ("x.com" (secret . "c")) -- 2.38.1 --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-POC-Make-auth-source-pass-behave-more-like-other-bac.patch >From 94741d20ac4e9c2b76ef1634aa910fb7e06b6c3e Mon Sep 17 00:00:00 2001 From: "F. Jason Park" Date: Tue, 1 Nov 2022 22:46:24 -0700 Subject: [PATCH 1/2] [POC] Make auth-source-pass behave more like other backends * lisp/auth-source-pass.el (auth-source-pass-extra-query-keywords): Add new option to bring search behavior more in line with other backends. (auth-source-pass-search): Add new keyword params `max' and `require' and consider new option `auth-source-pass-extra-query-keywords' for dispatch. (auth-source-pass--match-regexp, auth-source-pass--retrieve-parsed, auth-source-pass--match-parts): Add supporting variable and helpers. (auth-source-pass--build-result-many, auth-source-pass--find-match-many): Add "-many" variants for existing workhorse functions. * test/lisp/auth-source-pass-tests.el (auth-source-pass-extra-query-keywords--wild-port-miss-netrc, auth-source-pass-extra-query-keywords--wild-port-miss, auth-source-pass-extra-query-keywords--wild-port-hit-netrc, auth-source-pass-extra-query-keywords--wild-port-hit, auth-source-pass-extra-query-keywords--wild-port-req-miss-netrc, auth-source-pass-extra-query-keywords--wild-port-req-miss, auth-source-pass-extra-query-keywords--netrc-akib, auth-source-pass-extra-query-keywords--akib, auth-source-pass-extra-query-keywords--netrc-host, auth-source-pass-extra-query-keywords--host, auth-source-pass-extra-query-keywords--baseline, auth-source-pass-extra-query-keywords--port-type, auth-source-pass-extra-query-keywords--hosts-first): Add juxtaposed netrc and extra-query-keywords pairs to demo optional extra-compliant behavior. * doc/misc/auth.texi: Add option `auth-source-pass-extra-query-keywords' to auth-source-pass section. * etc/NEWS: Mention `auth-source-pass-extra-query-keywords' in Emacs 29.1 package changes section. Bug#58985. --- doc/misc/auth.texi | 11 ++ etc/NEWS | 8 ++ lisp/auth-source-pass.el | 107 +++++++++++++++++- test/lisp/auth-source-pass-tests.el | 169 ++++++++++++++++++++++++++++ 4 files changed, 294 insertions(+), 1 deletion(-) diff --git a/doc/misc/auth.texi b/doc/misc/auth.texi index 9dc63af6bc..222fce2058 100644 --- a/doc/misc/auth.texi +++ b/doc/misc/auth.texi @@ -526,6 +526,8 @@ The Unix password store while searching for an entry matching the @code{rms} user on host @code{gnu.org} and port @code{22}, then the entry @file{gnu.org:22/rms.gpg} is preferred over @file{gnu.org.gpg}. +However, such filtering is not applied when the option +@code{auth-source-pass-extra-parameters} is set to @code{t}. Users of @code{pass} may also be interested in functionality provided by other Emacs packages: @@ -549,6 +551,15 @@ The Unix password store port in an entry. Defaults to @samp{:}. @end defvar +@defvar auth-source-pass-extra-query-keywords +Set this to @code{t} if you encounter problems predicting the outcome +of searches relative to other auth-source backends or if you have code +that expects to query multiple backends uniformly. This tells +auth-source-pass to consider the @code{:max} and @code{:require} +keywords as well as lists containing multiple query params (for +applicable keywords). +@end defvar + @node Help for developers @chapter Help for developers diff --git a/etc/NEWS b/etc/NEWS index ab64eff74e..2c61732f8d 100644 --- a/etc/NEWS +++ b/etc/NEWS @@ -1385,6 +1385,14 @@ If non-nil and there's only one matching option, auto-select that. If non-nil, this user option describes what entries not to add to the database stored on disk. +** Auth-Source + ++++ +*** New user option 'auth-source-pass-extra-query-keywords'. +Whether to recognize additional keyword params, like ':max' and +':require', as well as accept lists of query terms paired with +applicable keywords. + ** Dired +++ diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el index 0955e2ed07..8d7241eb1a 100644 --- a/lisp/auth-source-pass.el +++ b/lisp/auth-source-pass.el @@ -55,13 +55,27 @@ auth-source-pass-port-separator :type 'string :version "27.1") +(defcustom auth-source-pass-extra-query-keywords nil + "Whether to consider additional keywords when performing a query. +Specifically, when the value is t, recognize the `:max' and +`:require' keywords and accept lists of query parameters for +certain keywords, such as `:host' and `:user'. Also, wrap all +returned secrets in a function and forgo any further results +filtering unless given an applicable `:require' argument. When +this option is nil, do none of that, and enact the narrowing +behavior described toward the bottom of the Info node `(auth) The +Unix password store'." + :type 'boolean + :version "29.1") + (cl-defun auth-source-pass-search (&rest spec &key backend type host user port + require max &allow-other-keys) "Given some search query, return matching credentials. See `auth-source-search' for details on the parameters SPEC, BACKEND, TYPE, -HOST, USER and PORT." +HOST, USER, PORT, REQUIRE, and MAX." (cl-assert (or (null type) (eq type (oref backend type))) t "Invalid password-store search: %s %s") (cond ((eq host t) @@ -70,6 +84,8 @@ auth-source-pass-search ((null host) ;; Do not build a result, as none will match when HOST is nil nil) + (auth-source-pass-extra-query-keywords + (auth-source-pass--build-result-many host port user require max)) (t (when-let ((result (auth-source-pass--build-result host port user))) (list result))))) @@ -89,6 +105,41 @@ auth-source-pass--build-result (seq-subseq retval 0 -2)) ;; remove password retval)))) +(defvar auth-source-pass--match-regexp nil) + +(defun auth-source-pass--match-regexp (s) + (rx-to-string ; autoloaded + `(: (or bot "/") + (or (: (? (group-n 20 (+ (not (in ?\ ?/ ?@ ,s)))) "@") + (group-n 10 (+ (not (in ?\ ?/ ?@ ,s)))) + (? ,s (group-n 30 (+ (not (in ?\ ?/ ,s)))))) + (: (group-n 11 (+ (not (in ?\ ?/ ?@ ,s)))) + (? ,s (group-n 31 (+ (not (in ?\ ?/ ,s))))) + (? "/" (group-n 21 (+ (not (in ?\ ?/ ,s))))))) + eot) + 'no-group)) + +(defun auth-source-pass--build-result-many (hosts ports users require max) + "Return multiple `auth-source-pass--build-result' values." + (unless (listp hosts) (setq hosts (list hosts))) + (unless (listp users) (setq users (list users))) + (unless (listp ports) (setq ports (list ports))) + (let* ((auth-source-pass--match-regexp (auth-source-pass--match-regexp + auth-source-pass-port-separator)) + (rv (auth-source-pass--find-match-many hosts users ports + require (or max 1)))) + (when auth-source-debug + (auth-source-pass--do-debug "final result: %S" rv)) + (if (eq auth-source-pass-extra-query-keywords '--test--) + (reverse rv) + (let (out) + (dolist (e rv out) + (when-let* ((s (plist-get e :secret)) ; s not captured by closure + (v (auth-source--obfuscate s))) + (setf (plist-get e :secret) + (lambda () (auth-source--deobfuscate v)))) + (push e out)))))) + ;;;###autoload (defun auth-source-pass-enable () "Enable auth-source-password-store." @@ -206,6 +257,60 @@ auth-source-pass--find-match hosts (list hosts)))) +(defun auth-source-pass--retrieve-parsed (seen path port-number-p) + (when-let ((m (string-match auth-source-pass--match-regexp path))) + (puthash path + (list :host (or (match-string 10 path) (match-string 11 path)) + :user (or (match-string 20 path) (match-string 21 path)) + :port (and-let* ((p (or (match-string 30 path) + (match-string 31 path))) + (n (string-to-number p))) + (if (or (zerop n) (not port-number-p)) + (format "%s" p) + n))) + seen))) + +(defun auth-source-pass--match-parts (parts key value require) + (let ((mv (plist-get parts key))) + (if (memq key require) + (and value (equal mv value)) + (or (not value) (not mv) (equal mv value))))) + +(defun auth-source-pass--find-match-many (hosts users ports require max) + "Return plists for valid combinations of HOSTS, USERS, PORTS. +Each plist contains, at the very least, a host and a secret." + (let ((seen (make-hash-table :test #'equal)) + (entries (auth-source-pass-entries)) + out) + (catch 'done + (dolist (host hosts out) + (pcase-let ((`(,_ ,u ,p) (auth-source-pass--disambiguate host))) + (unless (or (not (equal "443" p)) (string-prefix-p "https://" host)) + (setq p nil)) + (dolist (user (or users (list u))) + (dolist (port (or ports (list p))) + (dolist (e entries) + (when-let* + ((m (or (gethash e seen) (auth-source-pass--retrieve-parsed + seen e (integerp port)))) + ((equal host (plist-get m :host))) + ((auth-source-pass--match-parts m :port port require)) + ((auth-source-pass--match-parts m :user user require)) + (parsed (auth-source-pass-parse-entry e)) + ;; For now, ignore body-content pairs, if any, + ;; from `auth-source-pass--parse-data'. + (secret (or (auth-source-pass--get-attr 'secret parsed) + (not (memq :secret require))))) + (push + `( :host ,host ; prefer user-provided :host over h + ,@(and-let* ((u (plist-get m :user))) (list :user u)) + ,@(and-let* ((p (plist-get m :port))) (list :port p)) + ,@(and secret (not (eq secret t)) (list :secret secret))) + out) + (when (or (zerop (cl-decf max)) + (null (setq entries (remove e entries)))) + (throw 'done out))))))))))) + (defun auth-source-pass--disambiguate (host &optional user port) "Return (HOST USER PORT) after disambiguation. Disambiguate between having user provided inside HOST (e.g., diff --git a/test/lisp/auth-source-pass-tests.el b/test/lisp/auth-source-pass-tests.el index f5147a7ce0..1839801546 100644 --- a/test/lisp/auth-source-pass-tests.el +++ b/test/lisp/auth-source-pass-tests.el @@ -488,6 +488,175 @@ auth-source-pass-prints-meaningful-debug-log (should (auth-source-pass--have-message-matching "found 2 entries matching \"gitlab.com\": (\"a/gitlab.com\" \"b/gitlab.com\")")))) + +;; FIXME move this to top of file if keeping these netrc tests +(require 'ert-x) + +;; No entry has the requested port, but a result is still returned. + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-miss-netrc () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine x.com port 42 password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "x.com" :port 22 :max 2))) + (dolist (result results) + (setf result (plist-put result :secret (auth-info-password result)))) + (should (equal results '((:host "x.com" :secret "a"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-miss () + (let ((auth-source-pass-extra-query-keywords '--test--)) + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("x.com:42" (secret . "b"))) + (auth-source-pass-enable) + (should (equal (auth-source-search :host "x.com" :port 22 :max 2) + '((:host "x.com" :secret "a"))))))) + +;; One of two entries has the requested port, both returned + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-hit-netrc () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine x.com port 42 password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "x.com" :port 42 :max 2))) + (dolist (result results) + (setf result (plist-put result :secret (auth-info-password result)))) + (should (equal results '((:host "x.com" :secret "a") + (:host "x.com" :port "42" :secret "b"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-hit () + (let ((auth-source-pass-extra-query-keywords '--test--)) + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("x.com:42" (secret . "b"))) + (auth-source-pass-enable) + (should (equal (auth-source-search :host "x.com" :port 42 :max 2) + '((:host "x.com" :secret "a") + (:host "x.com" :port 42 :secret "b"))))))) + +;; No entry has the requested port, but :port is required, so search fails + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-req-miss-netrc () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine x.com port 42 password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search + :host "x.com" :port 22 :require '(:port) :max 2))) + (should-not results)))) + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-req-miss () + (let ((auth-source-pass-extra-query-keywords '--test--)) + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("x.com:42" (secret . "b"))) + (auth-source-pass-enable) + (should-not (auth-source-search + :host "x.com" :port 22 :require '(:port) :max 2))))) + +;; Specifying a :host without a :user finds a lone entry and does not +;; include extra fields (i.e., :port nil) in the result +;; https://lists.gnu.org/archive/html/emacs-devel/2022-11/msg00130.html + +(ert-deftest auth-source-pass-extra-query-keywords--netrc-akib () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine disroot.org user akib password b +machine z.com password c +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "disroot.org" :max 2))) + (dolist (result results) + (setf result (plist-put result :secret (auth-info-password result)))) + (should (equal results + '((:host "disroot.org" :user "akib" :secret "b"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--akib () + (let ((auth-source-pass-extra-query-keywords '--test--)) + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("akib@disroot.org" (secret . "b")) + ("z.com" (secret . "c"))) + (auth-source-pass-enable) + (should (equal (auth-source-search :host "disroot.org" :max 2) + '((:host "disroot.org" :user "akib" :secret "b"))))))) + +;; Searches for :host are case-sensitive, and a returned host isn't +;; normalized. + +(ert-deftest auth-source-pass-extra-query-keywords--netrc-host () + (ert-with-temp-file netrc-file + :text "\ +machine libera.chat password a +machine Libera.Chat password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "Libera.Chat" :max 2))) + (dolist (result results) + (setf result (plist-put result :secret (auth-info-password result)))) + (should (equal results '((:host "Libera.Chat" :secret "b"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--host () + (let ((auth-source-pass-extra-query-keywords '--test--)) + (auth-source-pass--with-store '(("libera.chat" (secret . "a")) + ("Libera.Chat" (secret . "b"))) + (auth-source-pass-enable) + (should (equal (auth-source-search :host "Libera.Chat" :max 2) + '((:host "Libera.Chat" :secret "b"))))))) + + +;; A retrieved store entry mustn't be nil regardless of whether its +;; path contains port or user components + +(ert-deftest auth-source-pass-extra-query-keywords--baseline () + (let ((auth-source-pass-extra-query-keywords '--test--)) + (auth-source-pass--with-store '(("x.com")) + (auth-source-pass-enable) + (should-not (auth-source-search :host "x.com"))))) + +;; Output port type (int or string) matches that of input parameter + +(ert-deftest auth-source-pass-extra-query-keywords--port-type () + (let ((auth-source-pass-extra-query-keywords '--test--)) + (auth-source-pass--with-store '(("x.com:42" (secret . "a"))) + (auth-source-pass-enable) + (should (equal (auth-source-search :host "x.com" :port 42) + '((:host "x.com" :port 42 :secret "a"))))) + (auth-source-pass--with-store '(("x.com:42" (secret . "a"))) + (auth-source-pass-enable) + (should (equal (auth-source-search :host "x.com" :port "42") + '((:host "x.com" :port "42" :secret "a"))))))) + +;; The :host search param ordering more heavily influences the output +;; because (h1, u1, p1), (h1, u1, p2), ... (hN, uN, pN); also, exact +;; matches are not given precedence, i.e., matching store items are +;; returned in the order encountered + +(ert-deftest auth-source-pass-extra-query-keywords--hosts-first () + (let ((auth-source-pass-extra-query-keywords '--test--)) + (auth-source-pass--with-store '(("x.com:42/bar" (secret . "a")) + ("gnu.org" (secret . "b")) + ("x.com" (secret . "c")) + ("fake.com" (secret . "d")) + ("x.com/foo" (secret . "e"))) + (auth-source-pass-enable) + (should (equal (auth-source-search :host '("x.com" "gnu.org") :max 3) + ;; Notice gnu.org is never considered ^ + '((:host "x.com" :user "bar" :port "42" :secret "a") + (:host "x.com" :secret "c") + (:host "x.com" :user "foo" :secret "e"))))))) + + (provide 'auth-source-pass-tests) ;;; auth-source-pass-tests.el ends here -- 2.38.1 --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0002-POC-Support-auth-source-pass-in-ERC.patch >From e5fe85b89746fdc90ba68f3648482e15019720fd Mon Sep 17 00:00:00 2001 From: "F. Jason Park" Date: Sun, 24 Apr 2022 06:20:09 -0700 Subject: [PATCH 2/2] [POC] Support auth-source-pass in ERC * doc/misc/erc.texi: Mention that the auth-source-pass backend is supported. * lisp/erc/erc-compat.el (erc-compat--auth-source-pass-search, erc-compat--auth-source-pass--build-results-many, erc-compat--auth-source-pass--retrieve-parsed, erc-compat--auth-source-pass-packend-parse): Copy some yet unreleased functions from auth-source-pass that mimic the netrc backend. Also add forward declarations to support them. * lisp/erc/erc.el (erc--auth-source-search): Use own auth-source-pass erc-compat backend until 29.1 released. * test/lisp/erc/erc-services-tests.el (erc-join-tests--auth-source-pass-entries): Remove useless items. (erc--auth-source-search--pass-standard, erc--auth-source-search--pass-announced, erc--auth-source-search--pass-overrides): Remove `ert-skip' guard. Bug#58985. --- doc/misc/erc.texi | 3 +- lisp/erc/erc-compat.el | 99 +++++++++++++++++++++++++++++ lisp/erc/erc.el | 7 +- test/lisp/erc/erc-services-tests.el | 3 - 4 files changed, 107 insertions(+), 5 deletions(-) diff --git a/doc/misc/erc.texi b/doc/misc/erc.texi index 3db83197f9..ad35b78f0e 100644 --- a/doc/misc/erc.texi +++ b/doc/misc/erc.texi @@ -861,7 +861,8 @@ Connecting @code{erc-auth-source-search}. It tries to merge relevant contextual parameters with those provided or discovered from the logical connection or the underlying transport. Some auth-source back ends may not be -compatible; netrc, plstore, json, and secrets are currently supported. +compatible; netrc, plstore, json, secrets, and pass are currently +supported. @end defopt @subheading Full name diff --git a/lisp/erc/erc-compat.el b/lisp/erc/erc-compat.el index 03bd8f1352..739f502764 100644 --- a/lisp/erc/erc-compat.el +++ b/lisp/erc/erc-compat.el @@ -32,6 +32,8 @@ ;;; Code: (require 'compat nil 'noerror) +(eval-when-compile (require 'cl-lib)) + ;;;###autoload(autoload 'erc-define-minor-mode "erc-compat") (define-obsolete-function-alias 'erc-define-minor-mode @@ -168,6 +170,103 @@ erc-compat--with-memoization `(cl--generic-with-memoization ,table ,@forms)) (t `(progn ,@forms)))) +;;;; Auth Source + +(declare-function auth-source-pass--get-attr + "auth-source-pass" (key entry-data)) +(declare-function auth-source-pass--disambiguate + "auth-source-pass" (host &optional user port)) +(declare-function auth-source-backend-parse-parameters + "auth-source-pass" (entry backend)) +(declare-function auth-source-backend "auth-source" (&rest slots)) +(declare-function auth-source-pass-entries "auth-source-pass" nil) +(declare-function auth-source-pass-parse-entry "auth-source-pass" (entry)) + +;; This basically hard codes `auth-source-pass-port-separator' to ":" +(defun erc-compat--auth-source-pass--retrieve-parsed (seen e port-number-p) + (when-let ((pat (rx (or bot "/") + (or (: (? (group-n 20 (+ (not (in " /@")))) "@") + (group-n 10 (+ (not (in " /:@")))) + (? ":" (group-n 30 (+ (not (in " /:")))))) + (: (group-n 11 (+ (not (in " /:@")))) + (? ":" (group-n 31 (+ (not (in " /:"))))) + (? "/" (group-n 21 (+ (not (in " /:"))))))) + eot)) + (m (string-match pat e))) + (puthash e (list :host (or (match-string 10 e) + (match-string 11 e)) + :user (or (match-string 20 e) + (match-string 21 e)) + :port (and-let* ((p (or (match-string 30 e) + (match-string 31 e))) + (n (string-to-number p))) + (if (or (zerop n) + (not port-number-p)) + (format "%s" p) + n))) + seen))) + +;; This looks bad, but it just inlines `auth-source-pass--find-match-many'. +(defun erc-compat--auth-source-pass--build-result-many + (hosts users ports require max) + "Return a plist of HOSTS, PORTS, USERS, and secret." + (unless (listp hosts) (setq hosts (list hosts))) + (unless (listp users) (setq users (list users))) + (unless (listp ports) (setq ports (list ports))) + (unless max (setq max 1)) + (let ((seen (make-hash-table :test #'equal)) + (entries (auth-source-pass-entries)) + (check (lambda (m k v) + (let ((mv (plist-get m k))) + (if (memq k require) + (and v (equal mv v)) + (or (not v) (not mv) (equal mv v)))))) + out) + (catch 'done + (dolist (host hosts) + (pcase-let ((`(,_ ,u ,p) (auth-source-pass--disambiguate host))) + (unless (or (not (equal "443" p)) (string-prefix-p "https://" host)) + (setq p nil)) + (dolist (user (or users (list u))) + (dolist (port (or ports (list p))) + (dolist (e entries) + (when-let* + ((m (or (gethash e seen) + (erc-compat--auth-source-pass--retrieve-parsed + seen e (integerp port)))) + ((equal host (plist-get m :host))) + ((funcall check m :port port)) + ((funcall check m :user user)) + (parsed (auth-source-pass-parse-entry e)) + (secret (or (auth-source-pass--get-attr 'secret parsed) + (not (memq :secret require))))) + (push + `( :host ,host ; prefer user-provided :host over h + ,@(and-let* ((u (plist-get m :user))) (list :user u)) + ,@(and-let* ((p (plist-get m :port))) (list :port p)) + ,@(and secret (not (eq secret t)) (list :secret secret))) + out) + (when (or (zerop (cl-decf max)) + (null (setq entries (remove e entries)))) + (throw 'done nil))))))))) + (reverse out))) + +(cl-defun erc-compat--auth-source-pass-search + (&rest spec &key host user port require max &allow-other-keys) + ;; From `auth-source-pass-search' + (cl-assert (and host (not (eq host t))) + t "Invalid password-store search: %s %s") + (erc-compat--auth-source-pass--build-result-many host user port require max)) + +(defun erc-compat--auth-source-pass-backend-parse (entry) + (when (eq entry 'password-store) + (auth-source-backend-parse-parameters + entry (auth-source-backend + :source "." + :type 'password-store + :search-function #'erc-compat--auth-source-pass-search)))) + + (provide 'erc-compat) ;;; erc-compat.el ends here diff --git a/lisp/erc/erc.el b/lisp/erc/erc.el index 6b14cf87e2..3769e73041 100644 --- a/lisp/erc/erc.el +++ b/lisp/erc/erc.el @@ -3225,7 +3225,12 @@ erc--auth-source-search the nod. Much the same would happen for entries sharing only a port: the one with host foo would win." (when-let* - ((priority (map-keys defaults)) + ((auth-source-backend-parser-functions + (if (memq 'password-store auth-sources) + (cons #'erc-compat--auth-source-pass-backend-parse + auth-source-backend-parser-functions) + auth-source-backend-parser-functions)) + (priority (map-keys defaults)) (test (lambda (a b) (catch 'done (dolist (key priority) diff --git a/test/lisp/erc/erc-services-tests.el b/test/lisp/erc/erc-services-tests.el index c22d4cf75e..7ff2e36e77 100644 --- a/test/lisp/erc/erc-services-tests.el +++ b/test/lisp/erc/erc-services-tests.el @@ -474,7 +474,6 @@ erc-join-tests--auth-source-pass-entries ("GNU.chat:irc/#chan" (secret . "foo")))) (ert-deftest erc--auth-source-search--pass-standard () - (ert-skip "Pass backend not yet supported") (let ((store erc-join-tests--auth-source-pass-entries) (auth-sources '(password-store)) (auth-source-do-cache nil)) @@ -487,7 +486,6 @@ erc--auth-source-search--pass-standard (erc-services-tests--auth-source-standard #'erc-auth-source-search)))) (ert-deftest erc--auth-source-search--pass-announced () - (ert-skip "Pass backend not yet supported") (let ((store erc-join-tests--auth-source-pass-entries) (auth-sources '(password-store)) (auth-source-do-cache nil)) @@ -500,7 +498,6 @@ erc--auth-source-search--pass-announced (erc-services-tests--auth-source-announced #'erc-auth-source-search)))) (ert-deftest erc--auth-source-search--pass-overrides () - (ert-skip "Pass backend not yet supported") (let ((store `(,@erc-join-tests--auth-source-pass-entries ("GNU.chat:6697/#chan" (secret . "spam")) -- 2.38.1 --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 10 09:40:27 2022 Received: (at 58985) by debbugs.gnu.org; 10 Nov 2022 14:40:27 +0000 Received: from localhost ([127.0.0.1]:42373 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ot8jC-0006Nt-P9 for submit@debbugs.gnu.org; Thu, 10 Nov 2022 09:40:27 -0500 Received: from mail-108-mta70.mxroute.com ([136.175.108.70]:42725) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ot8j8-0006NX-NI for 58985@debbugs.gnu.org; Thu, 10 Nov 2022 09:40:25 -0500 Received: from mail-111-mta2.mxroute.com ([136.175.111.2] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta70.mxroute.com (ZoneMTA) with ESMTPSA id 18461fbef470006e99.002 for <58985@debbugs.gnu.org> (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Thu, 10 Nov 2022 14:40:11 +0000 X-Zone-Loop: fd0a94a630bff99168dd22a87ab3d1f3feac19ab9bfd X-Originating-IP: [136.175.111.2] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neverwas.me ; s=x; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date: References:In-Reply-To:Subject:Cc:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=pWU+4tY6j3rcmei+SZdkD6ZhyHJD8pir7YfscG/tiCQ=; b=d6/IGOw9xslWdSLvFKkcdqLeP9 XuPKiAXxhvNpKuH5JxmKnBk+TlqR/G/dmYfZ7Ou7FEBNHcDm11ww3Mx1zdgjxJ/TQU9Wxj759deCK nqANmqlNN+sOJRLU1M2WOYau+tAQIpAtDf5y26p89POOciOBlhbliJCBybaOB9YlyG/3xJgW0ue6T FlmSdrXzChD/nWgKJVqo9V7oku1cvc3z4EQzYdqETkjZxWGOPHIBvbevAmoDiJmPAuaNvMJcArRDl RszKbGSdOZcuEHBubJ03g9VrVsaaHQEj/nmVU38I9hn0kRGChZy8SVnu750CevayTfKiVrLVk7UYW gFyTq2oA==; From: "J.P." To: =?utf-8?Q?Bj=C3=B6rn?= Bidar Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <87cz9vhqqq.fsf@thaodan.de> (=?utf-8?Q?=22Bj=C3=B6rn?= Bidar"'s message of "Thu, 10 Nov 2022 15:40:45 +0200") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> <874jvbnje1.fsf@gmx.de> <875yfpmtwb.fsf__40235.4477484309$1667915906$gmane$org@neverwas.me> <87o7tfiqws.fsf@thaodan.de> <875yfnnzy6.fsf@neverwas.me> <87cz9vhqqq.fsf@thaodan.de> Date: Thu, 10 Nov 2022 06:40:08 -0800 Message-ID: <87pmduc1pz.fsf@neverwas.me> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Authenticated-Id: masked@neverwas.me X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: Damien Cassou , emacs-erc@gnu.org, Michael Albinus , 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Bj=C3=B6rn Bidar writes: > "J.P." writes: > >> I know this is asking a lot, but if you get a chance, please apply the >> v2 patches and try them out. (Actually, you can omit the second one in >> the set, which only affects ERC.) > > I want to add I'm not an ERC user but circe user, I've got interested in > the patch as I use the backend with circe, gnus, magit, elfeed and so > on. All great packages! >>> will this mean the backend will act less like Passwordstore.org >>> describes or more? >> >> That's a good question. My main goal thus far has been to make its query >> behavior as close as possible to that of the other auth-source back >> ends. Glancing at that web page, it seems auth-source-pass has taken >> some liberties WRT to query features, like drilling down into the tail >> of a file's contents and ascribing semantics to parts of a file name. > > A lot of programs don't implement the full path traversal and just end > up having a static or a bogus path (e.g. those that implement > Freedesktop SecretService with pass). Interesting. I just blindly assumed auth-source-pass would be alone in that regard, but I guess not in the slightest. > So I favor a correct implementation, any progress is welcome. I don't think correctness from the passwordstore.org perspective will butt heads with auth-source's because only the latter has any concept of host, user, and port. Although, as you've noticed, my patch only addresses queries and doesn't handle writes, which may be a different animal entirely. >>> I think the backend should follow the users organization of the >>> passwordstore folder if possible. >> >> From this I'll infer that the current implementation of auth-source-pass >> does that sufficiently. If that's so and the changes I'm proposing >> threaten to interfere with that, what's your opinion on the default >> value of a knob to toggle the new behavior? > > Hm it depends if there are any backends that workaround that old behavior. > From what I see the only difference really is that you can specify > require and max. There are actually a few subtle areas where the behavior between old and new differs and maybe one or two slightly unintuitive gotchas for folks unfamiliar with how the other back ends operate. If you're curious, there's a series of side-by-side comparisons added by the first patch toward the bottom of test/lisp/auth-source-pass-tests.el Please let me know if you have any questions. > My personal bindings for circe to auth-source currently only exist of > small functions: > ;; Adopted from Ghub.el, refactored for use with Circe IRC > (defun circe--ident (username network) > (format "%s^%s" username network)) > (defun circe--auth-source-get (keys &rest spec) > (declare (indent 1)) > (let ((plist (car (apply #'auth-source-search > (append spec (list :max 1)))))) ~~~~~~ ERC would choke on this ^ > (mapcar (lambda (k) > (plist-get plist k)) > keys))) > (defun circe-pass-get (host user &optional network) > "\fn(fn host user &optional network)" > (auth-source-forget (list :host host :user user :max 1)) > (when network > (setq user (circe--ident user network))) > (let ((match (car (circe--auth-source-get (list :secret) > :host host :user user)))) > (cond ((null match) > (error "Auth source empty for %s %s %s" host user network)) > ((functionp match) > (funcall match)) (t match)))) > > > Which makes me wonder why ERC needs the different behavior but then I'm > not really a good lisp programmer more a novice. The approach is broadly similar to what you have. But ERC uses auth-source to query server passwords, network credentials, and channel keys more or less transparently, without user interaction. It overloads both :host and :user to accommodate various values based on context and doesn't rely on auth-source for narrowing. It asks for all applicable results and does its own thing from there. From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 10 22:17:40 2022 Received: (at 58985) by debbugs.gnu.org; 11 Nov 2022 03:17:41 +0000 Received: from localhost ([127.0.0.1]:44798 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1otKXy-0006iZ-UT for submit@debbugs.gnu.org; Thu, 10 Nov 2022 22:17:40 -0500 Received: from mail-108-mta15.mxroute.com ([136.175.108.15]:45063) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1otKXw-0006iK-3x for 58985@debbugs.gnu.org; Thu, 10 Nov 2022 22:17:38 -0500 Received: from mail-111-mta2.mxroute.com ([136.175.111.2] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta15.mxroute.com (ZoneMTA) with ESMTPSA id 18464b134670006e99.002 for <58985@debbugs.gnu.org> (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Fri, 11 Nov 2022 03:17:25 +0000 X-Zone-Loop: 22addc39190a1c8cfe98c6dba295d5332a3da45814f6 X-Originating-IP: [136.175.111.2] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neverwas.me ; s=x; h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To: Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=gHL26hUUSg7FkCquPyjeY0Ztrx53J6J83ZCZAl6qu5A=; b=QE7VkVZKFMFJMS5CvFXzGgB7xO i2q8FLU7xD34pd6u4KfRQu73gPUxkvbs0Nrz+ir66gf0ir76zolSAEwGli7MbsHMAQViGOP0jFZL4 hh991ouZHHMDk3/pXU/WFPURXMRzKVAEgrTZJn3HH37I3I8CWdXiC6k06pvQJmmKUu1U7XKGKgHrP lKKi+isfgkqsuNYDI/JzdWYaB3gxJnbpZcxpE1DxAX1490kScbeggIDHZztc8lw3lPoI2RCpKaUhH v/n6WZN3hbF5EWuynnwc8QFke2AwDyohq7ZqfWCz3eFp0UnTkJYtv0UP63xxSbZAEjOgcUvoQK4eo rVh2wRvQ==; From: "J.P." To: Akib Azmain Turja Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <878rkjl1vd.fsf@disroot.org> (Akib Azmain Turja's message of "Thu, 10 Nov 2022 13:12:06 +0600") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> <878rkjl1vd.fsf@disroot.org> Date: Thu, 10 Nov 2022 19:17:21 -0800 Message-ID: <877d026uym.fsf@neverwas.me> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Authenticated-Id: masked@neverwas.me X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: Damien Cassou , =?utf-8?Q?Bj=C3=B6rn?= Bidar , emacs-erc@gnu.org, Michael Albinus , 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Akib Azmain Turja writes: >> +(defun auth-source-pass--build-result-many (hosts ports users require max) >> + "Return multiple `auth-source-pass--build-result' values." >> + (unless (listp hosts) (setq hosts (list hosts))) >> + (unless (listp users) (setq users (list users))) >> + (unless (listp ports) (setq ports (list ports))) >> + (let* ((auth-source-pass--match-regexp (auth-source-pass--match-regexp >> + auth-source-pass-port-separator)) >> + (rv (auth-source-pass--find-match-many hosts users ports >> + require (or max 1)))) >> + (when auth-source-debug >> + (auth-source-pass--do-debug "final result: %S" rv)) >> + (if (eq auth-source-pass-extra-query-keywords 'test) >> + (reverse rv) > > The value `test' is not documented. Is it used in tests? If it is, I > think an internal variable would be better. I got rid of the `test' stuff completely, so this function now always wraps secrets. --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0000-v4-v5.diff >From ff9878576a6826e13567049629451d494afd8c9c Mon Sep 17 00:00:00 2001 From: "F. Jason Park" Date: Thu, 10 Nov 2022 19:09:38 -0800 Subject: [PATCH 0/2] *** NOT A PATCH *** *** BLURB HERE *** F. Jason Park (2): [POC] Make auth-source-pass behave more like other backends [POC] Support auth-source-pass in ERC doc/misc/auth.texi | 11 ++ doc/misc/erc.texi | 3 +- etc/NEWS | 8 ++ lisp/auth-source-pass.el | 105 +++++++++++++++- lisp/erc/erc-compat.el | 99 +++++++++++++++ lisp/erc/erc.el | 7 +- test/lisp/auth-source-pass-tests.el | 184 ++++++++++++++++++++++++++++ test/lisp/erc/erc-services-tests.el | 3 - 8 files changed, 414 insertions(+), 6 deletions(-) Interdiff: diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el index 8d7241eb1a..54070e03eb 100644 --- a/lisp/auth-source-pass.el +++ b/lisp/auth-source-pass.el @@ -130,15 +130,13 @@ auth-source-pass--build-result-many require (or max 1)))) (when auth-source-debug (auth-source-pass--do-debug "final result: %S" rv)) - (if (eq auth-source-pass-extra-query-keywords '--test--) - (reverse rv) - (let (out) - (dolist (e rv out) - (when-let* ((s (plist-get e :secret)) ; s not captured by closure - (v (auth-source--obfuscate s))) - (setf (plist-get e :secret) - (lambda () (auth-source--deobfuscate v)))) - (push e out)))))) + (let (out) + (dolist (e rv out) + (when-let* ((s (plist-get e :secret)) ; s not captured by closure + (v (auth-source--obfuscate s))) + (setf (plist-get e :secret) + (lambda () (auth-source--deobfuscate v)))) + (push e out))))) ;;;###autoload (defun auth-source-pass-enable () diff --git a/test/lisp/auth-source-pass-tests.el b/test/lisp/auth-source-pass-tests.el index 1839801546..60903808e0 100644 --- a/test/lisp/auth-source-pass-tests.el +++ b/test/lisp/auth-source-pass-tests.el @@ -504,16 +504,18 @@ auth-source-pass-extra-query-keywords--wild-port-miss-netrc (auth-source-do-cache nil) (results (auth-source-search :host "x.com" :port 22 :max 2))) (dolist (result results) - (setf result (plist-put result :secret (auth-info-password result)))) + (setf (plist-get result :secret) (auth-info-password result))) (should (equal results '((:host "x.com" :secret "a"))))))) (ert-deftest auth-source-pass-extra-query-keywords--wild-port-miss () - (let ((auth-source-pass-extra-query-keywords '--test--)) - (auth-source-pass--with-store '(("x.com" (secret . "a")) - ("x.com:42" (secret . "b"))) - (auth-source-pass-enable) - (should (equal (auth-source-search :host "x.com" :port 22 :max 2) - '((:host "x.com" :secret "a"))))))) + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("x.com:42" (secret . "b"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host "x.com" :port 22 :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '((:host "x.com" :secret "a"))))))) ;; One of two entries has the requested port, both returned @@ -527,16 +529,19 @@ auth-source-pass-extra-query-keywords--wild-port-hit-netrc (auth-source-do-cache nil) (results (auth-source-search :host "x.com" :port 42 :max 2))) (dolist (result results) - (setf result (plist-put result :secret (auth-info-password result)))) + (setf (plist-get result :secret) (auth-info-password result))) (should (equal results '((:host "x.com" :secret "a") (:host "x.com" :port "42" :secret "b"))))))) (ert-deftest auth-source-pass-extra-query-keywords--wild-port-hit () - (let ((auth-source-pass-extra-query-keywords '--test--)) - (auth-source-pass--with-store '(("x.com" (secret . "a")) - ("x.com:42" (secret . "b"))) - (auth-source-pass-enable) - (should (equal (auth-source-search :host "x.com" :port 42 :max 2) + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("x.com:42" (secret . "b"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host "x.com" :port 42 :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '((:host "x.com" :secret "a") (:host "x.com" :port 42 :secret "b"))))))) @@ -555,7 +560,7 @@ auth-source-pass-extra-query-keywords--wild-port-req-miss-netrc (should-not results)))) (ert-deftest auth-source-pass-extra-query-keywords--wild-port-req-miss () - (let ((auth-source-pass-extra-query-keywords '--test--)) + (let ((auth-source-pass-extra-query-keywords t)) (auth-source-pass--with-store '(("x.com" (secret . "a")) ("x.com:42" (secret . "b"))) (auth-source-pass-enable) @@ -577,17 +582,20 @@ auth-source-pass-extra-query-keywords--netrc-akib (auth-source-do-cache nil) (results (auth-source-search :host "disroot.org" :max 2))) (dolist (result results) - (setf result (plist-put result :secret (auth-info-password result)))) + (setf (plist-get result :secret) (auth-info-password result))) (should (equal results '((:host "disroot.org" :user "akib" :secret "b"))))))) (ert-deftest auth-source-pass-extra-query-keywords--akib () - (let ((auth-source-pass-extra-query-keywords '--test--)) - (auth-source-pass--with-store '(("x.com" (secret . "a")) - ("akib@disroot.org" (secret . "b")) - ("z.com" (secret . "c"))) - (auth-source-pass-enable) - (should (equal (auth-source-search :host "disroot.org" :max 2) + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("akib@disroot.org" (secret . "b")) + ("z.com" (secret . "c"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host "disroot.org" :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '((:host "disroot.org" :user "akib" :secret "b"))))))) ;; Searches for :host are case-sensitive, and a returned host isn't @@ -603,15 +611,18 @@ auth-source-pass-extra-query-keywords--netrc-host (auth-source-do-cache nil) (results (auth-source-search :host "Libera.Chat" :max 2))) (dolist (result results) - (setf result (plist-put result :secret (auth-info-password result)))) + (setf (plist-get result :secret) (auth-info-password result))) (should (equal results '((:host "Libera.Chat" :secret "b"))))))) (ert-deftest auth-source-pass-extra-query-keywords--host () - (let ((auth-source-pass-extra-query-keywords '--test--)) - (auth-source-pass--with-store '(("libera.chat" (secret . "a")) - ("Libera.Chat" (secret . "b"))) - (auth-source-pass-enable) - (should (equal (auth-source-search :host "Libera.Chat" :max 2) + (auth-source-pass--with-store '(("libera.chat" (secret . "a")) + ("Libera.Chat" (secret . "b"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host "Libera.Chat" :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '((:host "Libera.Chat" :secret "b"))))))) @@ -619,7 +630,7 @@ auth-source-pass-extra-query-keywords--host ;; path contains port or user components (ert-deftest auth-source-pass-extra-query-keywords--baseline () - (let ((auth-source-pass-extra-query-keywords '--test--)) + (let ((auth-source-pass-extra-query-keywords t)) (auth-source-pass--with-store '(("x.com")) (auth-source-pass-enable) (should-not (auth-source-search :host "x.com"))))) @@ -627,14 +638,15 @@ auth-source-pass-extra-query-keywords--baseline ;; Output port type (int or string) matches that of input parameter (ert-deftest auth-source-pass-extra-query-keywords--port-type () - (let ((auth-source-pass-extra-query-keywords '--test--)) + (let ((auth-source-pass-extra-query-keywords t) + (f (lambda (r) (setf (plist-get r :secret) (auth-info-password r)) r))) (auth-source-pass--with-store '(("x.com:42" (secret . "a"))) (auth-source-pass-enable) - (should (equal (auth-source-search :host "x.com" :port 42) + (should (equal (mapcar f (auth-source-search :host "x.com" :port 42)) '((:host "x.com" :port 42 :secret "a"))))) (auth-source-pass--with-store '(("x.com:42" (secret . "a"))) (auth-source-pass-enable) - (should (equal (auth-source-search :host "x.com" :port "42") + (should (equal (mapcar f (auth-source-search :host "x.com" :port "42")) '((:host "x.com" :port "42" :secret "a"))))))) ;; The :host search param ordering more heavily influences the output @@ -643,14 +655,17 @@ auth-source-pass-extra-query-keywords--port-type ;; returned in the order encountered (ert-deftest auth-source-pass-extra-query-keywords--hosts-first () - (let ((auth-source-pass-extra-query-keywords '--test--)) - (auth-source-pass--with-store '(("x.com:42/bar" (secret . "a")) - ("gnu.org" (secret . "b")) - ("x.com" (secret . "c")) - ("fake.com" (secret . "d")) - ("x.com/foo" (secret . "e"))) - (auth-source-pass-enable) - (should (equal (auth-source-search :host '("x.com" "gnu.org") :max 3) + (auth-source-pass--with-store '(("x.com:42/bar" (secret . "a")) + ("gnu.org" (secret . "b")) + ("x.com" (secret . "c")) + ("fake.com" (secret . "d")) + ("x.com/foo" (secret . "e"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host '("x.com" "gnu.org") :max 3))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results ;; Notice gnu.org is never considered ^ '((:host "x.com" :user "bar" :port "42" :secret "a") (:host "x.com" :secret "c") -- 2.38.1 --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-POC-Make-auth-source-pass-behave-more-like-other-bac.patch >From 8870cb62be1ad3ac5b9e5553e52a7f6ed7533c2f Mon Sep 17 00:00:00 2001 From: "F. Jason Park" Date: Tue, 1 Nov 2022 22:46:24 -0700 Subject: [PATCH 1/2] [POC] Make auth-source-pass behave more like other backends * lisp/auth-source-pass.el (auth-source-pass-extra-query-keywords): Add new option to bring search behavior more in line with other backends. (auth-source-pass-search): Add new keyword params `max' and `require' and consider new option `auth-source-pass-extra-query-keywords' for dispatch. (auth-source-pass--match-regexp, auth-source-pass--retrieve-parsed, auth-source-pass--match-parts): Add supporting variable and helpers. (auth-source-pass--build-result-many, auth-source-pass--find-match-many): Add "-many" variants for existing workhorse functions. * test/lisp/auth-source-pass-tests.el (auth-source-pass-extra-query-keywords--wild-port-miss-netrc, auth-source-pass-extra-query-keywords--wild-port-miss, auth-source-pass-extra-query-keywords--wild-port-hit-netrc, auth-source-pass-extra-query-keywords--wild-port-hit, auth-source-pass-extra-query-keywords--wild-port-req-miss-netrc, auth-source-pass-extra-query-keywords--wild-port-req-miss, auth-source-pass-extra-query-keywords--netrc-akib, auth-source-pass-extra-query-keywords--akib, auth-source-pass-extra-query-keywords--netrc-host, auth-source-pass-extra-query-keywords--host, auth-source-pass-extra-query-keywords--baseline, auth-source-pass-extra-query-keywords--port-type, auth-source-pass-extra-query-keywords--hosts-first): Add juxtaposed netrc and extra-query-keywords pairs to demo optional extra-compliant behavior. * doc/misc/auth.texi: Add option `auth-source-pass-extra-query-keywords' to auth-source-pass section. * etc/NEWS: Mention `auth-source-pass-extra-query-keywords' in Emacs 29.1 package changes section. Bug#58985. --- doc/misc/auth.texi | 11 ++ etc/NEWS | 8 ++ lisp/auth-source-pass.el | 105 +++++++++++++++- test/lisp/auth-source-pass-tests.el | 184 ++++++++++++++++++++++++++++ 4 files changed, 307 insertions(+), 1 deletion(-) diff --git a/doc/misc/auth.texi b/doc/misc/auth.texi index 9dc63af6bc..222fce2058 100644 --- a/doc/misc/auth.texi +++ b/doc/misc/auth.texi @@ -526,6 +526,8 @@ The Unix password store while searching for an entry matching the @code{rms} user on host @code{gnu.org} and port @code{22}, then the entry @file{gnu.org:22/rms.gpg} is preferred over @file{gnu.org.gpg}. +However, such filtering is not applied when the option +@code{auth-source-pass-extra-parameters} is set to @code{t}. Users of @code{pass} may also be interested in functionality provided by other Emacs packages: @@ -549,6 +551,15 @@ The Unix password store port in an entry. Defaults to @samp{:}. @end defvar +@defvar auth-source-pass-extra-query-keywords +Set this to @code{t} if you encounter problems predicting the outcome +of searches relative to other auth-source backends or if you have code +that expects to query multiple backends uniformly. This tells +auth-source-pass to consider the @code{:max} and @code{:require} +keywords as well as lists containing multiple query params (for +applicable keywords). +@end defvar + @node Help for developers @chapter Help for developers diff --git a/etc/NEWS b/etc/NEWS index ab64eff74e..2c61732f8d 100644 --- a/etc/NEWS +++ b/etc/NEWS @@ -1385,6 +1385,14 @@ If non-nil and there's only one matching option, auto-select that. If non-nil, this user option describes what entries not to add to the database stored on disk. +** Auth-Source + ++++ +*** New user option 'auth-source-pass-extra-query-keywords'. +Whether to recognize additional keyword params, like ':max' and +':require', as well as accept lists of query terms paired with +applicable keywords. + ** Dired +++ diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el index 0955e2ed07..54070e03eb 100644 --- a/lisp/auth-source-pass.el +++ b/lisp/auth-source-pass.el @@ -55,13 +55,27 @@ auth-source-pass-port-separator :type 'string :version "27.1") +(defcustom auth-source-pass-extra-query-keywords nil + "Whether to consider additional keywords when performing a query. +Specifically, when the value is t, recognize the `:max' and +`:require' keywords and accept lists of query parameters for +certain keywords, such as `:host' and `:user'. Also, wrap all +returned secrets in a function and forgo any further results +filtering unless given an applicable `:require' argument. When +this option is nil, do none of that, and enact the narrowing +behavior described toward the bottom of the Info node `(auth) The +Unix password store'." + :type 'boolean + :version "29.1") + (cl-defun auth-source-pass-search (&rest spec &key backend type host user port + require max &allow-other-keys) "Given some search query, return matching credentials. See `auth-source-search' for details on the parameters SPEC, BACKEND, TYPE, -HOST, USER and PORT." +HOST, USER, PORT, REQUIRE, and MAX." (cl-assert (or (null type) (eq type (oref backend type))) t "Invalid password-store search: %s %s") (cond ((eq host t) @@ -70,6 +84,8 @@ auth-source-pass-search ((null host) ;; Do not build a result, as none will match when HOST is nil nil) + (auth-source-pass-extra-query-keywords + (auth-source-pass--build-result-many host port user require max)) (t (when-let ((result (auth-source-pass--build-result host port user))) (list result))))) @@ -89,6 +105,39 @@ auth-source-pass--build-result (seq-subseq retval 0 -2)) ;; remove password retval)))) +(defvar auth-source-pass--match-regexp nil) + +(defun auth-source-pass--match-regexp (s) + (rx-to-string ; autoloaded + `(: (or bot "/") + (or (: (? (group-n 20 (+ (not (in ?\ ?/ ?@ ,s)))) "@") + (group-n 10 (+ (not (in ?\ ?/ ?@ ,s)))) + (? ,s (group-n 30 (+ (not (in ?\ ?/ ,s)))))) + (: (group-n 11 (+ (not (in ?\ ?/ ?@ ,s)))) + (? ,s (group-n 31 (+ (not (in ?\ ?/ ,s))))) + (? "/" (group-n 21 (+ (not (in ?\ ?/ ,s))))))) + eot) + 'no-group)) + +(defun auth-source-pass--build-result-many (hosts ports users require max) + "Return multiple `auth-source-pass--build-result' values." + (unless (listp hosts) (setq hosts (list hosts))) + (unless (listp users) (setq users (list users))) + (unless (listp ports) (setq ports (list ports))) + (let* ((auth-source-pass--match-regexp (auth-source-pass--match-regexp + auth-source-pass-port-separator)) + (rv (auth-source-pass--find-match-many hosts users ports + require (or max 1)))) + (when auth-source-debug + (auth-source-pass--do-debug "final result: %S" rv)) + (let (out) + (dolist (e rv out) + (when-let* ((s (plist-get e :secret)) ; s not captured by closure + (v (auth-source--obfuscate s))) + (setf (plist-get e :secret) + (lambda () (auth-source--deobfuscate v)))) + (push e out))))) + ;;;###autoload (defun auth-source-pass-enable () "Enable auth-source-password-store." @@ -206,6 +255,60 @@ auth-source-pass--find-match hosts (list hosts)))) +(defun auth-source-pass--retrieve-parsed (seen path port-number-p) + (when-let ((m (string-match auth-source-pass--match-regexp path))) + (puthash path + (list :host (or (match-string 10 path) (match-string 11 path)) + :user (or (match-string 20 path) (match-string 21 path)) + :port (and-let* ((p (or (match-string 30 path) + (match-string 31 path))) + (n (string-to-number p))) + (if (or (zerop n) (not port-number-p)) + (format "%s" p) + n))) + seen))) + +(defun auth-source-pass--match-parts (parts key value require) + (let ((mv (plist-get parts key))) + (if (memq key require) + (and value (equal mv value)) + (or (not value) (not mv) (equal mv value))))) + +(defun auth-source-pass--find-match-many (hosts users ports require max) + "Return plists for valid combinations of HOSTS, USERS, PORTS. +Each plist contains, at the very least, a host and a secret." + (let ((seen (make-hash-table :test #'equal)) + (entries (auth-source-pass-entries)) + out) + (catch 'done + (dolist (host hosts out) + (pcase-let ((`(,_ ,u ,p) (auth-source-pass--disambiguate host))) + (unless (or (not (equal "443" p)) (string-prefix-p "https://" host)) + (setq p nil)) + (dolist (user (or users (list u))) + (dolist (port (or ports (list p))) + (dolist (e entries) + (when-let* + ((m (or (gethash e seen) (auth-source-pass--retrieve-parsed + seen e (integerp port)))) + ((equal host (plist-get m :host))) + ((auth-source-pass--match-parts m :port port require)) + ((auth-source-pass--match-parts m :user user require)) + (parsed (auth-source-pass-parse-entry e)) + ;; For now, ignore body-content pairs, if any, + ;; from `auth-source-pass--parse-data'. + (secret (or (auth-source-pass--get-attr 'secret parsed) + (not (memq :secret require))))) + (push + `( :host ,host ; prefer user-provided :host over h + ,@(and-let* ((u (plist-get m :user))) (list :user u)) + ,@(and-let* ((p (plist-get m :port))) (list :port p)) + ,@(and secret (not (eq secret t)) (list :secret secret))) + out) + (when (or (zerop (cl-decf max)) + (null (setq entries (remove e entries)))) + (throw 'done out))))))))))) + (defun auth-source-pass--disambiguate (host &optional user port) "Return (HOST USER PORT) after disambiguation. Disambiguate between having user provided inside HOST (e.g., diff --git a/test/lisp/auth-source-pass-tests.el b/test/lisp/auth-source-pass-tests.el index f5147a7ce0..60903808e0 100644 --- a/test/lisp/auth-source-pass-tests.el +++ b/test/lisp/auth-source-pass-tests.el @@ -488,6 +488,190 @@ auth-source-pass-prints-meaningful-debug-log (should (auth-source-pass--have-message-matching "found 2 entries matching \"gitlab.com\": (\"a/gitlab.com\" \"b/gitlab.com\")")))) + +;; FIXME move this to top of file if keeping these netrc tests +(require 'ert-x) + +;; No entry has the requested port, but a result is still returned. + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-miss-netrc () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine x.com port 42 password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "x.com" :port 22 :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '((:host "x.com" :secret "a"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-miss () + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("x.com:42" (secret . "b"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host "x.com" :port 22 :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '((:host "x.com" :secret "a"))))))) + +;; One of two entries has the requested port, both returned + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-hit-netrc () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine x.com port 42 password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "x.com" :port 42 :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '((:host "x.com" :secret "a") + (:host "x.com" :port "42" :secret "b"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-hit () + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("x.com:42" (secret . "b"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host "x.com" :port 42 :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '((:host "x.com" :secret "a") + (:host "x.com" :port 42 :secret "b"))))))) + +;; No entry has the requested port, but :port is required, so search fails + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-req-miss-netrc () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine x.com port 42 password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search + :host "x.com" :port 22 :require '(:port) :max 2))) + (should-not results)))) + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-req-miss () + (let ((auth-source-pass-extra-query-keywords t)) + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("x.com:42" (secret . "b"))) + (auth-source-pass-enable) + (should-not (auth-source-search + :host "x.com" :port 22 :require '(:port) :max 2))))) + +;; Specifying a :host without a :user finds a lone entry and does not +;; include extra fields (i.e., :port nil) in the result +;; https://lists.gnu.org/archive/html/emacs-devel/2022-11/msg00130.html + +(ert-deftest auth-source-pass-extra-query-keywords--netrc-akib () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine disroot.org user akib password b +machine z.com password c +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "disroot.org" :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '((:host "disroot.org" :user "akib" :secret "b"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--akib () + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("akib@disroot.org" (secret . "b")) + ("z.com" (secret . "c"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host "disroot.org" :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '((:host "disroot.org" :user "akib" :secret "b"))))))) + +;; Searches for :host are case-sensitive, and a returned host isn't +;; normalized. + +(ert-deftest auth-source-pass-extra-query-keywords--netrc-host () + (ert-with-temp-file netrc-file + :text "\ +machine libera.chat password a +machine Libera.Chat password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "Libera.Chat" :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '((:host "Libera.Chat" :secret "b"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--host () + (auth-source-pass--with-store '(("libera.chat" (secret . "a")) + ("Libera.Chat" (secret . "b"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host "Libera.Chat" :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '((:host "Libera.Chat" :secret "b"))))))) + + +;; A retrieved store entry mustn't be nil regardless of whether its +;; path contains port or user components + +(ert-deftest auth-source-pass-extra-query-keywords--baseline () + (let ((auth-source-pass-extra-query-keywords t)) + (auth-source-pass--with-store '(("x.com")) + (auth-source-pass-enable) + (should-not (auth-source-search :host "x.com"))))) + +;; Output port type (int or string) matches that of input parameter + +(ert-deftest auth-source-pass-extra-query-keywords--port-type () + (let ((auth-source-pass-extra-query-keywords t) + (f (lambda (r) (setf (plist-get r :secret) (auth-info-password r)) r))) + (auth-source-pass--with-store '(("x.com:42" (secret . "a"))) + (auth-source-pass-enable) + (should (equal (mapcar f (auth-source-search :host "x.com" :port 42)) + '((:host "x.com" :port 42 :secret "a"))))) + (auth-source-pass--with-store '(("x.com:42" (secret . "a"))) + (auth-source-pass-enable) + (should (equal (mapcar f (auth-source-search :host "x.com" :port "42")) + '((:host "x.com" :port "42" :secret "a"))))))) + +;; The :host search param ordering more heavily influences the output +;; because (h1, u1, p1), (h1, u1, p2), ... (hN, uN, pN); also, exact +;; matches are not given precedence, i.e., matching store items are +;; returned in the order encountered + +(ert-deftest auth-source-pass-extra-query-keywords--hosts-first () + (auth-source-pass--with-store '(("x.com:42/bar" (secret . "a")) + ("gnu.org" (secret . "b")) + ("x.com" (secret . "c")) + ("fake.com" (secret . "d")) + ("x.com/foo" (secret . "e"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host '("x.com" "gnu.org") :max 3))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + ;; Notice gnu.org is never considered ^ + '((:host "x.com" :user "bar" :port "42" :secret "a") + (:host "x.com" :secret "c") + (:host "x.com" :user "foo" :secret "e"))))))) + + (provide 'auth-source-pass-tests) ;;; auth-source-pass-tests.el ends here -- 2.38.1 --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0002-POC-Support-auth-source-pass-in-ERC.patch >From ff9878576a6826e13567049629451d494afd8c9c Mon Sep 17 00:00:00 2001 From: "F. Jason Park" Date: Sun, 24 Apr 2022 06:20:09 -0700 Subject: [PATCH 2/2] [POC] Support auth-source-pass in ERC * doc/misc/erc.texi: Mention that the auth-source-pass backend is supported. * lisp/erc/erc-compat.el (erc-compat--auth-source-pass-search, erc-compat--auth-source-pass--build-results-many, erc-compat--auth-source-pass--retrieve-parsed, erc-compat--auth-source-pass-packend-parse): Copy some yet unreleased functions from auth-source-pass that mimic the netrc backend. Also add forward declarations to support them. * lisp/erc/erc.el (erc--auth-source-search): Use own auth-source-pass erc-compat backend until 29.1 released. * test/lisp/erc/erc-services-tests.el (erc-join-tests--auth-source-pass-entries): Remove useless items. (erc--auth-source-search--pass-standard, erc--auth-source-search--pass-announced, erc--auth-source-search--pass-overrides): Remove `ert-skip' guard. Bug#58985. --- doc/misc/erc.texi | 3 +- lisp/erc/erc-compat.el | 99 +++++++++++++++++++++++++++++ lisp/erc/erc.el | 7 +- test/lisp/erc/erc-services-tests.el | 3 - 4 files changed, 107 insertions(+), 5 deletions(-) diff --git a/doc/misc/erc.texi b/doc/misc/erc.texi index 3db83197f9..ad35b78f0e 100644 --- a/doc/misc/erc.texi +++ b/doc/misc/erc.texi @@ -861,7 +861,8 @@ Connecting @code{erc-auth-source-search}. It tries to merge relevant contextual parameters with those provided or discovered from the logical connection or the underlying transport. Some auth-source back ends may not be -compatible; netrc, plstore, json, and secrets are currently supported. +compatible; netrc, plstore, json, secrets, and pass are currently +supported. @end defopt @subheading Full name diff --git a/lisp/erc/erc-compat.el b/lisp/erc/erc-compat.el index 03bd8f1352..739f502764 100644 --- a/lisp/erc/erc-compat.el +++ b/lisp/erc/erc-compat.el @@ -32,6 +32,8 @@ ;;; Code: (require 'compat nil 'noerror) +(eval-when-compile (require 'cl-lib)) + ;;;###autoload(autoload 'erc-define-minor-mode "erc-compat") (define-obsolete-function-alias 'erc-define-minor-mode @@ -168,6 +170,103 @@ erc-compat--with-memoization `(cl--generic-with-memoization ,table ,@forms)) (t `(progn ,@forms)))) +;;;; Auth Source + +(declare-function auth-source-pass--get-attr + "auth-source-pass" (key entry-data)) +(declare-function auth-source-pass--disambiguate + "auth-source-pass" (host &optional user port)) +(declare-function auth-source-backend-parse-parameters + "auth-source-pass" (entry backend)) +(declare-function auth-source-backend "auth-source" (&rest slots)) +(declare-function auth-source-pass-entries "auth-source-pass" nil) +(declare-function auth-source-pass-parse-entry "auth-source-pass" (entry)) + +;; This basically hard codes `auth-source-pass-port-separator' to ":" +(defun erc-compat--auth-source-pass--retrieve-parsed (seen e port-number-p) + (when-let ((pat (rx (or bot "/") + (or (: (? (group-n 20 (+ (not (in " /@")))) "@") + (group-n 10 (+ (not (in " /:@")))) + (? ":" (group-n 30 (+ (not (in " /:")))))) + (: (group-n 11 (+ (not (in " /:@")))) + (? ":" (group-n 31 (+ (not (in " /:"))))) + (? "/" (group-n 21 (+ (not (in " /:"))))))) + eot)) + (m (string-match pat e))) + (puthash e (list :host (or (match-string 10 e) + (match-string 11 e)) + :user (or (match-string 20 e) + (match-string 21 e)) + :port (and-let* ((p (or (match-string 30 e) + (match-string 31 e))) + (n (string-to-number p))) + (if (or (zerop n) + (not port-number-p)) + (format "%s" p) + n))) + seen))) + +;; This looks bad, but it just inlines `auth-source-pass--find-match-many'. +(defun erc-compat--auth-source-pass--build-result-many + (hosts users ports require max) + "Return a plist of HOSTS, PORTS, USERS, and secret." + (unless (listp hosts) (setq hosts (list hosts))) + (unless (listp users) (setq users (list users))) + (unless (listp ports) (setq ports (list ports))) + (unless max (setq max 1)) + (let ((seen (make-hash-table :test #'equal)) + (entries (auth-source-pass-entries)) + (check (lambda (m k v) + (let ((mv (plist-get m k))) + (if (memq k require) + (and v (equal mv v)) + (or (not v) (not mv) (equal mv v)))))) + out) + (catch 'done + (dolist (host hosts) + (pcase-let ((`(,_ ,u ,p) (auth-source-pass--disambiguate host))) + (unless (or (not (equal "443" p)) (string-prefix-p "https://" host)) + (setq p nil)) + (dolist (user (or users (list u))) + (dolist (port (or ports (list p))) + (dolist (e entries) + (when-let* + ((m (or (gethash e seen) + (erc-compat--auth-source-pass--retrieve-parsed + seen e (integerp port)))) + ((equal host (plist-get m :host))) + ((funcall check m :port port)) + ((funcall check m :user user)) + (parsed (auth-source-pass-parse-entry e)) + (secret (or (auth-source-pass--get-attr 'secret parsed) + (not (memq :secret require))))) + (push + `( :host ,host ; prefer user-provided :host over h + ,@(and-let* ((u (plist-get m :user))) (list :user u)) + ,@(and-let* ((p (plist-get m :port))) (list :port p)) + ,@(and secret (not (eq secret t)) (list :secret secret))) + out) + (when (or (zerop (cl-decf max)) + (null (setq entries (remove e entries)))) + (throw 'done nil))))))))) + (reverse out))) + +(cl-defun erc-compat--auth-source-pass-search + (&rest spec &key host user port require max &allow-other-keys) + ;; From `auth-source-pass-search' + (cl-assert (and host (not (eq host t))) + t "Invalid password-store search: %s %s") + (erc-compat--auth-source-pass--build-result-many host user port require max)) + +(defun erc-compat--auth-source-pass-backend-parse (entry) + (when (eq entry 'password-store) + (auth-source-backend-parse-parameters + entry (auth-source-backend + :source "." + :type 'password-store + :search-function #'erc-compat--auth-source-pass-search)))) + + (provide 'erc-compat) ;;; erc-compat.el ends here diff --git a/lisp/erc/erc.el b/lisp/erc/erc.el index 6b14cf87e2..3769e73041 100644 --- a/lisp/erc/erc.el +++ b/lisp/erc/erc.el @@ -3225,7 +3225,12 @@ erc--auth-source-search the nod. Much the same would happen for entries sharing only a port: the one with host foo would win." (when-let* - ((priority (map-keys defaults)) + ((auth-source-backend-parser-functions + (if (memq 'password-store auth-sources) + (cons #'erc-compat--auth-source-pass-backend-parse + auth-source-backend-parser-functions) + auth-source-backend-parser-functions)) + (priority (map-keys defaults)) (test (lambda (a b) (catch 'done (dolist (key priority) diff --git a/test/lisp/erc/erc-services-tests.el b/test/lisp/erc/erc-services-tests.el index c22d4cf75e..7ff2e36e77 100644 --- a/test/lisp/erc/erc-services-tests.el +++ b/test/lisp/erc/erc-services-tests.el @@ -474,7 +474,6 @@ erc-join-tests--auth-source-pass-entries ("GNU.chat:irc/#chan" (secret . "foo")))) (ert-deftest erc--auth-source-search--pass-standard () - (ert-skip "Pass backend not yet supported") (let ((store erc-join-tests--auth-source-pass-entries) (auth-sources '(password-store)) (auth-source-do-cache nil)) @@ -487,7 +486,6 @@ erc--auth-source-search--pass-standard (erc-services-tests--auth-source-standard #'erc-auth-source-search)))) (ert-deftest erc--auth-source-search--pass-announced () - (ert-skip "Pass backend not yet supported") (let ((store erc-join-tests--auth-source-pass-entries) (auth-sources '(password-store)) (auth-source-do-cache nil)) @@ -500,7 +498,6 @@ erc--auth-source-search--pass-announced (erc-services-tests--auth-source-announced #'erc-auth-source-search)))) (ert-deftest erc--auth-source-search--pass-overrides () - (ert-skip "Pass backend not yet supported") (let ((store `(,@erc-join-tests--auth-source-pass-entries ("GNU.chat:6697/#chan" (secret . "spam")) -- 2.38.1 --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 11 12:35:14 2022 Received: (at 58985) by debbugs.gnu.org; 11 Nov 2022 17:35:14 +0000 Received: from localhost ([127.0.0.1]:46664 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1otXvu-0005FQ-6h for submit@debbugs.gnu.org; Fri, 11 Nov 2022 12:35:14 -0500 Received: from knopi.disroot.org ([178.21.23.139]:55108) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1otXvs-0005FG-Bz for 58985@debbugs.gnu.org; Fri, 11 Nov 2022 12:35:13 -0500 Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id B62DD406CC; Fri, 11 Nov 2022 18:35:11 +0100 (CET) X-Virus-Scanned: SPAM Filter at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nfejr1pIsOyP; Fri, 11 Nov 2022 18:35:10 +0100 (CET) From: Akib Azmain Turja DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1668188110; bh=Us8ybIiP30fvZ0WESydOjMcxsdRzlrOW0ucmFxtgu9o=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=UbrM99I9pcW1ZnvuwfZstTx6iVNiuNY39TED3yna4pYGR0pBLmUfB/vf3wxhE4uf8 W7poSQBvW86JjalFKYEseaNMFD4gmpcMUqYcPaUckFt4cWxGOaiGoS1TF9cIhRzdn/ KE2xw3mlZFoWWYTf0wRwbHPLHBiXMkYisJTaP5DjMrp63n4tCrL93qjclTO7OyxXQ9 h1YMam8oRzudo3GP1rClW0sZhoTrGLIOGMpHgx75W0unS5uWcXn9lf9x2RoB5deMwu DaXcumX6IXZ6pRLQnWvlYCP+FBLRzQBsPAJTk05HS7zLYE+NtUH0ChNerPOQ0zoiBJ vYWoGE3GviwCw== To: "J.P." Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <877d026uym.fsf@neverwas.me> (J. P.'s message of "Thu, 10 Nov 2022 19:17:21 -0800") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> <878rkjl1vd.fsf@disroot.org> <877d026uym.fsf@neverwas.me> Date: Fri, 11 Nov 2022 20:45:53 +0600 Message-ID: <87tu35eehq.fsf@disroot.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: Damien Cassou , =?utf-8?Q?Bj=C3=B6rn?= Bidar , emacs-erc@gnu.org, Michael Albinus , 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable "J.P." writes: >>> + (if (eq auth-source-pass-extra-query-keywords 'test) >>> + (reverse rv) >> >> The value `test' is not documented. Is it used in tests? If it is, I >> think an internal variable would be better. > > I got rid of the `test' stuff completely, so this function now always > wraps secrets. That looks good. > > > From 8870cb62be1ad3ac5b9e5553e52a7f6ed7533c2f Mon Sep 17 00:00:00 2001 > From: "F. Jason Park" > Date: Tue, 1 Nov 2022 22:46:24 -0700 > Subject: [PATCH 1/2] [POC] Make auth-source-pass behave more like other > backends > > * lisp/auth-source-pass.el (auth-source-pass-extra-query-keywords): Add > new option to bring search behavior more in line with other backends. > (auth-source-pass-search): Add new keyword params `max' and `require' > and consider new option `auth-source-pass-extra-query-keywords' for > dispatch. > (auth-source-pass--match-regexp, auth-source-pass--retrieve-parsed, > auth-source-pass--match-parts): Add supporting variable and helpers. > (auth-source-pass--build-result-many, > auth-source-pass--find-match-many): Add "-many" variants for existing > workhorse functions. > * test/lisp/auth-source-pass-tests.el > (auth-source-pass-extra-query-keywords--wild-port-miss-netrc, > auth-source-pass-extra-query-keywords--wild-port-miss, > auth-source-pass-extra-query-keywords--wild-port-hit-netrc, > auth-source-pass-extra-query-keywords--wild-port-hit, > auth-source-pass-extra-query-keywords--wild-port-req-miss-netrc, > auth-source-pass-extra-query-keywords--wild-port-req-miss, > auth-source-pass-extra-query-keywords--netrc-akib, > auth-source-pass-extra-query-keywords--akib, > auth-source-pass-extra-query-keywords--netrc-host, > auth-source-pass-extra-query-keywords--host, > auth-source-pass-extra-query-keywords--baseline, > auth-source-pass-extra-query-keywords--port-type, > auth-source-pass-extra-query-keywords--hosts-first): Add juxtaposed > netrc and extra-query-keywords pairs to demo optional extra-compliant > behavior. > * doc/misc/auth.texi: Add option > `auth-source-pass-extra-query-keywords' to auth-source-pass section. > * etc/NEWS: Mention `auth-source-pass-extra-query-keywords' in Emacs > 29.1 package changes section. Bug#58985. > --- > doc/misc/auth.texi | 11 ++ > etc/NEWS | 8 ++ > lisp/auth-source-pass.el | 105 +++++++++++++++- > test/lisp/auth-source-pass-tests.el | 184 ++++++++++++++++++++++++++++ > 4 files changed, 307 insertions(+), 1 deletion(-) > [...] > +(defun auth-source-pass--build-result-many (hosts ports users require ma= x) > + "Return multiple `auth-source-pass--build-result' values." > + (unless (listp hosts) (setq hosts (list hosts))) > + (unless (listp users) (setq users (list users))) > + (unless (listp ports) (setq ports (list ports))) > + (let* ((auth-source-pass--match-regexp (auth-source-pass--match-regexp > + auth-source-pass-port-separato= r)) > + (rv (auth-source-pass--find-match-many hosts users ports > + require (or max 1)))) > + (when auth-source-debug > + (auth-source-pass--do-debug "final result: %S" rv)) > + (let (out) > + (dolist (e rv out) > + (when-let* ((s (plist-get e :secret)) ; s not captured by closure > + (v (auth-source--obfuscate s))) > + (setf (plist-get e :secret) > + (lambda () (auth-source--deobfuscate v)))) Why the closure doesn't capture "s"? For me, the following code captures "s" (obviously with lexical binding): (just let-wrapped version of your code) =2D-8<---------------cut here---------------start------------->8--- (let ((e '(:secret "topsecret"))) (when-let* ((s (plist-get e :secret)) ; s not captured by closure (v (auth-source--obfuscate s))) (setf (plist-get e :secret) (lambda () (auth-source--deobfuscate v)))) e) ;; =3D> (:secret ;; (closure ;; ((p #1) ;; (v . "XIcHKKIKtavKgK8J6zXP1w=3D=3D-N/XAaAOqAtGcCzKGKX71og=3D=3D= ") ;; (s . "topsecret") ;; LEAKED!!! ;; (e :secret #1) ;; t) ;; nil ;; (auth-source--deobfuscate v))) =2D-8<---------------cut here---------------end--------------->8--- > + (push e out))))) [...] > +(defun auth-source-pass--retrieve-parsed (seen path port-number-p) > + (when-let ((m (string-match auth-source-pass--match-regexp path))) Why do you let-bound "m"? I can't find any use of it in the body. > + (puthash path > + (list :host (or (match-string 10 path) (match-string 11 pat= h)) > + :user (or (match-string 20 path) (match-string 21 pat= h)) > + :port (and-let* ((p (or (match-string 30 path) > + (match-string 31 path))) > + (n (string-to-number p))) > + (if (or (zerop n) (not port-number-p)) > + (format "%s" p) > + n))) > + seen))) [...] > +(defun auth-source-pass--find-match-many (hosts users ports require max) > + "Return plists for valid combinations of HOSTS, USERS, PORTS. > +Each plist contains, at the very least, a host and a secret." > + (let ((seen (make-hash-table :test #'equal)) > + (entries (auth-source-pass-entries)) > + out) > + (catch 'done > + (dolist (host hosts out) > + (pcase-let ((`(,_ ,u ,p) (auth-source-pass--disambiguate host))) > + (unless (or (not (equal "443" p)) (string-prefix-p "https://" = host)) > + (setq p nil)) > + (dolist (user (or users (list u))) > + (dolist (port (or ports (list p))) > + (dolist (e entries) > + (when-let* > + ((m (or (gethash e seen) (auth-source-pass--retrieve= -parsed > + seen e (integerp port)))) > + ((equal host (plist-get m :host))) > + ((auth-source-pass--match-parts m :port port requir= e)) > + ((auth-source-pass--match-parts m :user user requir= e)) > + (parsed (auth-source-pass-parse-entry e)) > + ;; For now, ignore body-content pairs, if any, > + ;; from `auth-source-pass--parse-data'. > + (secret (or (auth-source-pass--get-attr 'secret par= sed) > + (not (memq :secret require))))) > + (push > + `( :host ,host ; prefer user-provided :host over h > + ,@(and-let* ((u (plist-get m :user))) (list :user = u)) > + ,@(and-let* ((p (plist-get m :port))) (list :port = p)) > + ,@(and secret (not (eq secret t)) (list :secret se= cret))) > + out) > + (when (or (zerop (cl-decf max)) > + (null (setq entries (remove e entries)))) Remove will create a lot of garbage, e.g. (let ((x '(1 2 3 4 5))) (eq (remove 6 x) x)) and (let ((x '(1 2 3 4 5))) (eq (remove 1 x) (cdr x))) both returns nil. If you think delete is OK, go ahead and use it. If you think remove is better, keep it. Do whatever you think right. > + (throw 'done out))))))))))) > + [...] =2D-=20 Akib Azmain Turja, GPG key: 70018CE5819F17A3BBA666AFE74F0EFA922AE7F5 Fediverse: akib@hostux.social Codeberg: akib emailselfdefense.fsf.org | "Nothing can be secure without encryption." --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEyVTKmrtL6kNBe3FRVTX89U2IYWsFAmNuYCIACgkQVTX89U2I YWs9KBAAlrXAXpWRUi15waWQG0opGBOPpCiluhKzn7RzYAYhV3T6AIHhIFpBFT20 SlPLDfcyhLcGPyBRSDxxCEA2BtLztkCJGV9KNSRZXky0y/zVYU9NE/NYc0uOZevN vNHAQZH6Kspds2EIy0QinS7gOpo2ct++77/Ns3k8R4fejL8J2dB3Rddx7yCE4i+j BX+aOFzUrlNq5V0AgGVD22uIjZUoK+vGPEJxZBVD5+YOocKFXPGTvdGlJzh0VPNb x1jkoxEs+0t5jzTbS6l+C3SzYLL3puVIgIZp07hGtj55ErRrn/ODAG7NaWUKM90s BASutyCkibtUhENWP5ze91aLbYaE4qvnTnTGI8+hIfVKj5Im51GwDLW64KB2IEcz 8nqKnFKEpWHMjQFOpA/Kvd0446FZaIDh4M6+VzzbGgyejvXJTCpd3tZUU0NtLoVj Jvm2Ylg2ZSIgRo8UN8f4tI/S0UokwUeXo2RfTYIrz8YwufLxyx/yejHb2hX4VkTE RxbkcZMH3aPtw2qN9lfgK7NA31Y4mb74ZSsdLFLbRxq5d8hsxdw2IKjx/sRGeYUZ o3/kC9MXuUIoi2tmRjjIkGC1y/z32msqmtyOMySu0A7YjtODIQgaMZxBVZ7YQ2Qe QtU9r8woXU/npOzBUq1rgdZ3JGnNoahGEhcgmXtMmxZvQUF6aCw= =RBav -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 11 23:30:43 2022 Received: (at 58985) by debbugs.gnu.org; 12 Nov 2022 04:30:43 +0000 Received: from localhost ([127.0.0.1]:47141 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1otiAD-00008h-FL for submit@debbugs.gnu.org; Fri, 11 Nov 2022 23:30:43 -0500 Received: from mail-108-mta102.mxroute.com ([136.175.108.102]:37917) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1otiAA-00008T-QN for 58985@debbugs.gnu.org; Fri, 11 Nov 2022 23:30:40 -0500 Received: from mail-111-mta2.mxroute.com ([136.175.111.2] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta102.mxroute.com (ZoneMTA) with ESMTPSA id 1846a1a6f640006e99.002 for <58985@debbugs.gnu.org> (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Sat, 12 Nov 2022 04:30:28 +0000 X-Zone-Loop: c798404f2223514469f2e40fb957d53d365881a85574 X-Originating-IP: [136.175.111.2] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neverwas.me ; s=x; h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To: Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=wYpgmPhozdt6c+TZtG5MkUI4Kv3IPA7rIAhb1XcZZng=; b=eeXFr7u90RDUpgF/IUfLxC+MyC /lRyMTHaz0WRSa75xW6w9m8epuJI0L6I3R8XZRhIyQvZud5N7IJ2MVRLMWxSneaFn2Xj5IGm/5eYq ukCVS3cRVTWJCVoXuJZaEv91ob6uNQgcl1sGe9mykY+Nvhd1SOZ2Q1/faL6a1+t3bNH7Gw0PTitqz ySIkjr2T7NRxmvKX7QxbzpPmAp/0ZbpSE017Gb0BufDqqZvF4x6wLopwMwEgFtUzKTEPYHKiLE/Qm AhpOtwabl9z7iHfj756PY6a1V9YJAgt+q0nT0OMmpvm/n6mzaaGr9NF8IeL83rAvPpqyO+nqvfIWq zgY3LITg==; From: "J.P." To: Akib Azmain Turja Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <87tu35eehq.fsf@disroot.org> (Akib Azmain Turja's message of "Fri, 11 Nov 2022 20:45:53 +0600") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> <878rkjl1vd.fsf@disroot.org> <877d026uym.fsf@neverwas.me> <87tu35eehq.fsf@disroot.org> Date: Fri, 11 Nov 2022 20:30:23 -0800 Message-ID: <87bkpcu74w.fsf@neverwas.me> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Authenticated-Id: masked@neverwas.me X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: Damien Cassou , =?utf-8?Q?Bj=C3=B6rn?= Bidar , emacs-erc@gnu.org, Michael Albinus , 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Akib Azmain Turja writes: > Why the closure doesn't capture "s"? For me, the following code > captures "s" (obviously with lexical binding): (just let-wrapped version > of your code) > > (let ((e '(:secret "topsecret"))) > (when-let* ((s (plist-get e :secret)) ; s not captured by closure > (v (auth-source--obfuscate s))) > (setf (plist-get e :secret) > (lambda () (auth-source--deobfuscate v)))) > e) > ;; => (:secret > ;; (closure > ;; ((p #1) > ;; (v . "XIcHKKIKtavKgK8J6zXP1w==-N/XAaAOqAtGcCzKGKX71og==") > ;; (s . "topsecret") ;; LEAKED!!! > ;; (e :secret #1) > ;; t) > ;; nil > ;; (auth-source--deobfuscate v))) > Looks like you don't have: commit 1b1ffe07897ebe06cf96ab423fad3cde9fd6c981 Author: Stefan Monnier Date: Mon Oct 17 17:11:40 2022 -0400 (Ffunction): Make interpreted closures safe for space It's easiest to just make a habit of applying patches on the latest HEAD. Once you do, you'll find that the output of your example changes. If ELPA's Compat ever takes an interest, I suppose a backported version could just `byte-compile' the lambda. >> + (push e out))))) > > [...] > >> +(defun auth-source-pass--retrieve-parsed (seen path port-number-p) >> + (when-let ((m (string-match auth-source-pass--match-regexp path))) > > Why do you let-bound "m"? Because I am slow and blind, I guess. > I can't find any use of it in the body. Go figure. (Thanks.) >> +(defun auth-source-pass--find-match-many (hosts users ports require max) >> + "Return plists for valid combinations of HOSTS, USERS, PORTS. >> +Each plist contains, at the very least, a host and a secret." >> + (let ((seen (make-hash-table :test #'equal)) >> + (entries (auth-source-pass-entries)) >> + out) >> + (catch 'done >> + (dolist (host hosts out) >> + (pcase-let ((`(,_ ,u ,p) (auth-source-pass--disambiguate host))) >> + (unless (or (not (equal "443" p)) (string-prefix-p "https://" host)) >> + (setq p nil)) >> + (dolist (user (or users (list u))) >> + (dolist (port (or ports (list p))) >> + (dolist (e entries) >> + (when-let* >> + ((m (or (gethash e seen) (auth-source-pass--retrieve-parsed >> + seen e (integerp port)))) >> + ((equal host (plist-get m :host))) >> + ((auth-source-pass--match-parts m :port port require)) >> + ((auth-source-pass--match-parts m :user user require)) >> + (parsed (auth-source-pass-parse-entry e)) >> + ;; For now, ignore body-content pairs, if any, >> + ;; from `auth-source-pass--parse-data'. >> + (secret (or (auth-source-pass--get-attr 'secret parsed) >> + (not (memq :secret require))))) >> + (push >> + `( :host ,host ; prefer user-provided :host over h >> + ,@(and-let* ((u (plist-get m :user))) (list :user u)) >> + ,@(and-let* ((p (plist-get m :port))) (list :port p)) >> + ,@(and secret (not (eq secret t)) (list :secret secret))) >> + out) >> + (when (or (zerop (cl-decf max)) >> + (null (setq entries (remove e entries)))) > > Remove will create a lot of garbage, e.g. (let ((x '(1 2 3 4 5))) > (eq (remove 6 x) x)) and (let ((x '(1 2 3 4 5))) (eq (remove 1 x) > (cdr x))) both returns nil. Since you're clearly aware that, for lists, `remove' just calls `delete' on a shallow copy, how could (remove thing x) ever be eq to some nthcdr of x so long as both are non-nil? > If you think delete is OK, go ahead and use it. If you think remove is > better, keep it. Do whatever you think right. As I tried to explain in https://debbugs.gnu.org/cgi/bugreport.cgi?bug=58985#64 I think `delete' is safe in this situation, assuming of course that, for ancient, core functions, the implementation can be construed as the de facto interface. Based on your comments, you seem to agree with this assumption, which seems only sane. I have thus reverted the change. > >> + (throw 'done out))))))))))) >> + > > [...] While I certainly welcome the assiduous scrutinizing of Emacs lisp mechanics and technique (truly), I was mainly hoping that, as an avid pass user, you would also help flesh out the precise effects of the behavior introduced by these changes and hopefully share some insights into how they might impact day-to-day usage for the typical pass user. Granted, that necessarily involves applying these patches atop your daily driver and living with them for a spell and, ideally, investing some thought into imagining common usage patterns beyond your own (plus any potentially problematic edge cases). If you have the energy to devote to (perhaps just some of) these areas, it would really help move this bug report forward. Thanks. --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0000-v5-v6.diff >From 1859ab24a1fee10d78aa2a3907e48786c2f1d7f6 Mon Sep 17 00:00:00 2001 From: "F. Jason Park" Date: Fri, 11 Nov 2022 19:55:11 -0800 Subject: [PATCH 0/2] *** NOT A PATCH *** *** BLURB HERE *** F. Jason Park (2): [POC] Make auth-source-pass behave more like other backends [POC] Support auth-source-pass in ERC doc/misc/auth.texi | 11 ++ doc/misc/erc.texi | 3 +- etc/NEWS | 8 ++ lisp/auth-source-pass.el | 105 +++++++++++++++- lisp/erc/erc-compat.el | 99 +++++++++++++++ lisp/erc/erc.el | 7 +- test/lisp/auth-source-pass-tests.el | 184 ++++++++++++++++++++++++++++ test/lisp/erc/erc-services-tests.el | 3 - 8 files changed, 414 insertions(+), 6 deletions(-) Interdiff: diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el index 54070e03eb..34edd4fa31 100644 --- a/lisp/auth-source-pass.el +++ b/lisp/auth-source-pass.el @@ -132,7 +132,7 @@ auth-source-pass--build-result-many (auth-source-pass--do-debug "final result: %S" rv)) (let (out) (dolist (e rv out) - (when-let* ((s (plist-get e :secret)) ; s not captured by closure + (when-let* ((s (plist-get e :secret)) ; not captured by closure in 29.1 (v (auth-source--obfuscate s))) (setf (plist-get e :secret) (lambda () (auth-source--deobfuscate v)))) @@ -256,7 +256,7 @@ auth-source-pass--find-match (list hosts)))) (defun auth-source-pass--retrieve-parsed (seen path port-number-p) - (when-let ((m (string-match auth-source-pass--match-regexp path))) + (when (string-match auth-source-pass--match-regexp path) (puthash path (list :host (or (match-string 10 path) (match-string 11 path)) :user (or (match-string 20 path) (match-string 21 path)) @@ -306,7 +306,7 @@ auth-source-pass--find-match-many ,@(and secret (not (eq secret t)) (list :secret secret))) out) (when (or (zerop (cl-decf max)) - (null (setq entries (remove e entries)))) + (null (setq entries (delete e entries)))) (throw 'done out))))))))))) (defun auth-source-pass--disambiguate (host &optional user port) diff --git a/lisp/erc/erc-compat.el b/lisp/erc/erc-compat.el index 739f502764..47d5258f92 100644 --- a/lisp/erc/erc-compat.el +++ b/lisp/erc/erc-compat.el @@ -184,15 +184,15 @@ erc-compat--with-memoization ;; This basically hard codes `auth-source-pass-port-separator' to ":" (defun erc-compat--auth-source-pass--retrieve-parsed (seen e port-number-p) - (when-let ((pat (rx (or bot "/") - (or (: (? (group-n 20 (+ (not (in " /@")))) "@") - (group-n 10 (+ (not (in " /:@")))) - (? ":" (group-n 30 (+ (not (in " /:")))))) - (: (group-n 11 (+ (not (in " /:@")))) - (? ":" (group-n 31 (+ (not (in " /:"))))) - (? "/" (group-n 21 (+ (not (in " /:"))))))) - eot)) - (m (string-match pat e))) + (when (string-match (rx (or bot "/") + (or (: (? (group-n 20 (+ (not (in " /@")))) "@") + (group-n 10 (+ (not (in " /:@")))) + (? ":" (group-n 30 (+ (not (in " /:")))))) + (: (group-n 11 (+ (not (in " /:@")))) + (? ":" (group-n 31 (+ (not (in " /:"))))) + (? "/" (group-n 21 (+ (not (in " /:"))))))) + eot) + e) (puthash e (list :host (or (match-string 10 e) (match-string 11 e)) :user (or (match-string 20 e) @@ -247,7 +247,7 @@ erc-compat--auth-source-pass--build-result-many ,@(and secret (not (eq secret t)) (list :secret secret))) out) (when (or (zerop (cl-decf max)) - (null (setq entries (remove e entries)))) + (null (setq entries (delete e entries)))) (throw 'done nil))))))))) (reverse out))) -- 2.38.1 --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-POC-Make-auth-source-pass-behave-more-like-other-bac.patch >From 0ab6214112f9fead4173981286d5491cc70b502c Mon Sep 17 00:00:00 2001 From: "F. Jason Park" Date: Tue, 1 Nov 2022 22:46:24 -0700 Subject: [PATCH 1/2] [POC] Make auth-source-pass behave more like other backends * lisp/auth-source-pass.el (auth-source-pass-extra-query-keywords): Add new option to bring search behavior more in line with other backends. (auth-source-pass-search): Add new keyword params `max' and `require' and consider new option `auth-source-pass-extra-query-keywords' for dispatch. (auth-source-pass--match-regexp, auth-source-pass--retrieve-parsed, auth-source-pass--match-parts): Add supporting variable and helpers. (auth-source-pass--build-result-many, auth-source-pass--find-match-many): Add "-many" variants for existing workhorse functions. * test/lisp/auth-source-pass-tests.el (auth-source-pass-extra-query-keywords--wild-port-miss-netrc, auth-source-pass-extra-query-keywords--wild-port-miss, auth-source-pass-extra-query-keywords--wild-port-hit-netrc, auth-source-pass-extra-query-keywords--wild-port-hit, auth-source-pass-extra-query-keywords--wild-port-req-miss-netrc, auth-source-pass-extra-query-keywords--wild-port-req-miss, auth-source-pass-extra-query-keywords--netrc-akib, auth-source-pass-extra-query-keywords--akib, auth-source-pass-extra-query-keywords--netrc-host, auth-source-pass-extra-query-keywords--host, auth-source-pass-extra-query-keywords--baseline, auth-source-pass-extra-query-keywords--port-type, auth-source-pass-extra-query-keywords--hosts-first): Add juxtaposed netrc and extra-query-keywords pairs to demo optional extra-compliant behavior. * doc/misc/auth.texi: Add option `auth-source-pass-extra-query-keywords' to auth-source-pass section. * etc/NEWS: Mention `auth-source-pass-extra-query-keywords' in Emacs 29.1 package changes section. Bug#58985. --- doc/misc/auth.texi | 11 ++ etc/NEWS | 8 ++ lisp/auth-source-pass.el | 105 +++++++++++++++- test/lisp/auth-source-pass-tests.el | 184 ++++++++++++++++++++++++++++ 4 files changed, 307 insertions(+), 1 deletion(-) diff --git a/doc/misc/auth.texi b/doc/misc/auth.texi index 9dc63af6bc..222fce2058 100644 --- a/doc/misc/auth.texi +++ b/doc/misc/auth.texi @@ -526,6 +526,8 @@ The Unix password store while searching for an entry matching the @code{rms} user on host @code{gnu.org} and port @code{22}, then the entry @file{gnu.org:22/rms.gpg} is preferred over @file{gnu.org.gpg}. +However, such filtering is not applied when the option +@code{auth-source-pass-extra-parameters} is set to @code{t}. Users of @code{pass} may also be interested in functionality provided by other Emacs packages: @@ -549,6 +551,15 @@ The Unix password store port in an entry. Defaults to @samp{:}. @end defvar +@defvar auth-source-pass-extra-query-keywords +Set this to @code{t} if you encounter problems predicting the outcome +of searches relative to other auth-source backends or if you have code +that expects to query multiple backends uniformly. This tells +auth-source-pass to consider the @code{:max} and @code{:require} +keywords as well as lists containing multiple query params (for +applicable keywords). +@end defvar + @node Help for developers @chapter Help for developers diff --git a/etc/NEWS b/etc/NEWS index ab64eff74e..2c61732f8d 100644 --- a/etc/NEWS +++ b/etc/NEWS @@ -1385,6 +1385,14 @@ If non-nil and there's only one matching option, auto-select that. If non-nil, this user option describes what entries not to add to the database stored on disk. +** Auth-Source + ++++ +*** New user option 'auth-source-pass-extra-query-keywords'. +Whether to recognize additional keyword params, like ':max' and +':require', as well as accept lists of query terms paired with +applicable keywords. + ** Dired +++ diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el index 0955e2ed07..34edd4fa31 100644 --- a/lisp/auth-source-pass.el +++ b/lisp/auth-source-pass.el @@ -55,13 +55,27 @@ auth-source-pass-port-separator :type 'string :version "27.1") +(defcustom auth-source-pass-extra-query-keywords nil + "Whether to consider additional keywords when performing a query. +Specifically, when the value is t, recognize the `:max' and +`:require' keywords and accept lists of query parameters for +certain keywords, such as `:host' and `:user'. Also, wrap all +returned secrets in a function and forgo any further results +filtering unless given an applicable `:require' argument. When +this option is nil, do none of that, and enact the narrowing +behavior described toward the bottom of the Info node `(auth) The +Unix password store'." + :type 'boolean + :version "29.1") + (cl-defun auth-source-pass-search (&rest spec &key backend type host user port + require max &allow-other-keys) "Given some search query, return matching credentials. See `auth-source-search' for details on the parameters SPEC, BACKEND, TYPE, -HOST, USER and PORT." +HOST, USER, PORT, REQUIRE, and MAX." (cl-assert (or (null type) (eq type (oref backend type))) t "Invalid password-store search: %s %s") (cond ((eq host t) @@ -70,6 +84,8 @@ auth-source-pass-search ((null host) ;; Do not build a result, as none will match when HOST is nil nil) + (auth-source-pass-extra-query-keywords + (auth-source-pass--build-result-many host port user require max)) (t (when-let ((result (auth-source-pass--build-result host port user))) (list result))))) @@ -89,6 +105,39 @@ auth-source-pass--build-result (seq-subseq retval 0 -2)) ;; remove password retval)))) +(defvar auth-source-pass--match-regexp nil) + +(defun auth-source-pass--match-regexp (s) + (rx-to-string ; autoloaded + `(: (or bot "/") + (or (: (? (group-n 20 (+ (not (in ?\ ?/ ?@ ,s)))) "@") + (group-n 10 (+ (not (in ?\ ?/ ?@ ,s)))) + (? ,s (group-n 30 (+ (not (in ?\ ?/ ,s)))))) + (: (group-n 11 (+ (not (in ?\ ?/ ?@ ,s)))) + (? ,s (group-n 31 (+ (not (in ?\ ?/ ,s))))) + (? "/" (group-n 21 (+ (not (in ?\ ?/ ,s))))))) + eot) + 'no-group)) + +(defun auth-source-pass--build-result-many (hosts ports users require max) + "Return multiple `auth-source-pass--build-result' values." + (unless (listp hosts) (setq hosts (list hosts))) + (unless (listp users) (setq users (list users))) + (unless (listp ports) (setq ports (list ports))) + (let* ((auth-source-pass--match-regexp (auth-source-pass--match-regexp + auth-source-pass-port-separator)) + (rv (auth-source-pass--find-match-many hosts users ports + require (or max 1)))) + (when auth-source-debug + (auth-source-pass--do-debug "final result: %S" rv)) + (let (out) + (dolist (e rv out) + (when-let* ((s (plist-get e :secret)) ; not captured by closure in 29.1 + (v (auth-source--obfuscate s))) + (setf (plist-get e :secret) + (lambda () (auth-source--deobfuscate v)))) + (push e out))))) + ;;;###autoload (defun auth-source-pass-enable () "Enable auth-source-password-store." @@ -206,6 +255,60 @@ auth-source-pass--find-match hosts (list hosts)))) +(defun auth-source-pass--retrieve-parsed (seen path port-number-p) + (when (string-match auth-source-pass--match-regexp path) + (puthash path + (list :host (or (match-string 10 path) (match-string 11 path)) + :user (or (match-string 20 path) (match-string 21 path)) + :port (and-let* ((p (or (match-string 30 path) + (match-string 31 path))) + (n (string-to-number p))) + (if (or (zerop n) (not port-number-p)) + (format "%s" p) + n))) + seen))) + +(defun auth-source-pass--match-parts (parts key value require) + (let ((mv (plist-get parts key))) + (if (memq key require) + (and value (equal mv value)) + (or (not value) (not mv) (equal mv value))))) + +(defun auth-source-pass--find-match-many (hosts users ports require max) + "Return plists for valid combinations of HOSTS, USERS, PORTS. +Each plist contains, at the very least, a host and a secret." + (let ((seen (make-hash-table :test #'equal)) + (entries (auth-source-pass-entries)) + out) + (catch 'done + (dolist (host hosts out) + (pcase-let ((`(,_ ,u ,p) (auth-source-pass--disambiguate host))) + (unless (or (not (equal "443" p)) (string-prefix-p "https://" host)) + (setq p nil)) + (dolist (user (or users (list u))) + (dolist (port (or ports (list p))) + (dolist (e entries) + (when-let* + ((m (or (gethash e seen) (auth-source-pass--retrieve-parsed + seen e (integerp port)))) + ((equal host (plist-get m :host))) + ((auth-source-pass--match-parts m :port port require)) + ((auth-source-pass--match-parts m :user user require)) + (parsed (auth-source-pass-parse-entry e)) + ;; For now, ignore body-content pairs, if any, + ;; from `auth-source-pass--parse-data'. + (secret (or (auth-source-pass--get-attr 'secret parsed) + (not (memq :secret require))))) + (push + `( :host ,host ; prefer user-provided :host over h + ,@(and-let* ((u (plist-get m :user))) (list :user u)) + ,@(and-let* ((p (plist-get m :port))) (list :port p)) + ,@(and secret (not (eq secret t)) (list :secret secret))) + out) + (when (or (zerop (cl-decf max)) + (null (setq entries (delete e entries)))) + (throw 'done out))))))))))) + (defun auth-source-pass--disambiguate (host &optional user port) "Return (HOST USER PORT) after disambiguation. Disambiguate between having user provided inside HOST (e.g., diff --git a/test/lisp/auth-source-pass-tests.el b/test/lisp/auth-source-pass-tests.el index f5147a7ce0..60903808e0 100644 --- a/test/lisp/auth-source-pass-tests.el +++ b/test/lisp/auth-source-pass-tests.el @@ -488,6 +488,190 @@ auth-source-pass-prints-meaningful-debug-log (should (auth-source-pass--have-message-matching "found 2 entries matching \"gitlab.com\": (\"a/gitlab.com\" \"b/gitlab.com\")")))) + +;; FIXME move this to top of file if keeping these netrc tests +(require 'ert-x) + +;; No entry has the requested port, but a result is still returned. + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-miss-netrc () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine x.com port 42 password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "x.com" :port 22 :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '((:host "x.com" :secret "a"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-miss () + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("x.com:42" (secret . "b"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host "x.com" :port 22 :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '((:host "x.com" :secret "a"))))))) + +;; One of two entries has the requested port, both returned + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-hit-netrc () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine x.com port 42 password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "x.com" :port 42 :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '((:host "x.com" :secret "a") + (:host "x.com" :port "42" :secret "b"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-hit () + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("x.com:42" (secret . "b"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host "x.com" :port 42 :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '((:host "x.com" :secret "a") + (:host "x.com" :port 42 :secret "b"))))))) + +;; No entry has the requested port, but :port is required, so search fails + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-req-miss-netrc () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine x.com port 42 password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search + :host "x.com" :port 22 :require '(:port) :max 2))) + (should-not results)))) + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-req-miss () + (let ((auth-source-pass-extra-query-keywords t)) + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("x.com:42" (secret . "b"))) + (auth-source-pass-enable) + (should-not (auth-source-search + :host "x.com" :port 22 :require '(:port) :max 2))))) + +;; Specifying a :host without a :user finds a lone entry and does not +;; include extra fields (i.e., :port nil) in the result +;; https://lists.gnu.org/archive/html/emacs-devel/2022-11/msg00130.html + +(ert-deftest auth-source-pass-extra-query-keywords--netrc-akib () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine disroot.org user akib password b +machine z.com password c +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "disroot.org" :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '((:host "disroot.org" :user "akib" :secret "b"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--akib () + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("akib@disroot.org" (secret . "b")) + ("z.com" (secret . "c"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host "disroot.org" :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '((:host "disroot.org" :user "akib" :secret "b"))))))) + +;; Searches for :host are case-sensitive, and a returned host isn't +;; normalized. + +(ert-deftest auth-source-pass-extra-query-keywords--netrc-host () + (ert-with-temp-file netrc-file + :text "\ +machine libera.chat password a +machine Libera.Chat password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "Libera.Chat" :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '((:host "Libera.Chat" :secret "b"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--host () + (auth-source-pass--with-store '(("libera.chat" (secret . "a")) + ("Libera.Chat" (secret . "b"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host "Libera.Chat" :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '((:host "Libera.Chat" :secret "b"))))))) + + +;; A retrieved store entry mustn't be nil regardless of whether its +;; path contains port or user components + +(ert-deftest auth-source-pass-extra-query-keywords--baseline () + (let ((auth-source-pass-extra-query-keywords t)) + (auth-source-pass--with-store '(("x.com")) + (auth-source-pass-enable) + (should-not (auth-source-search :host "x.com"))))) + +;; Output port type (int or string) matches that of input parameter + +(ert-deftest auth-source-pass-extra-query-keywords--port-type () + (let ((auth-source-pass-extra-query-keywords t) + (f (lambda (r) (setf (plist-get r :secret) (auth-info-password r)) r))) + (auth-source-pass--with-store '(("x.com:42" (secret . "a"))) + (auth-source-pass-enable) + (should (equal (mapcar f (auth-source-search :host "x.com" :port 42)) + '((:host "x.com" :port 42 :secret "a"))))) + (auth-source-pass--with-store '(("x.com:42" (secret . "a"))) + (auth-source-pass-enable) + (should (equal (mapcar f (auth-source-search :host "x.com" :port "42")) + '((:host "x.com" :port "42" :secret "a"))))))) + +;; The :host search param ordering more heavily influences the output +;; because (h1, u1, p1), (h1, u1, p2), ... (hN, uN, pN); also, exact +;; matches are not given precedence, i.e., matching store items are +;; returned in the order encountered + +(ert-deftest auth-source-pass-extra-query-keywords--hosts-first () + (auth-source-pass--with-store '(("x.com:42/bar" (secret . "a")) + ("gnu.org" (secret . "b")) + ("x.com" (secret . "c")) + ("fake.com" (secret . "d")) + ("x.com/foo" (secret . "e"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host '("x.com" "gnu.org") :max 3))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + ;; Notice gnu.org is never considered ^ + '((:host "x.com" :user "bar" :port "42" :secret "a") + (:host "x.com" :secret "c") + (:host "x.com" :user "foo" :secret "e"))))))) + + (provide 'auth-source-pass-tests) ;;; auth-source-pass-tests.el ends here -- 2.38.1 --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0002-POC-Support-auth-source-pass-in-ERC.patch >From 1859ab24a1fee10d78aa2a3907e48786c2f1d7f6 Mon Sep 17 00:00:00 2001 From: "F. Jason Park" Date: Sun, 24 Apr 2022 06:20:09 -0700 Subject: [PATCH 2/2] [POC] Support auth-source-pass in ERC * doc/misc/erc.texi: Mention that the auth-source-pass backend is supported. * lisp/erc/erc-compat.el (erc-compat--auth-source-pass-search, erc-compat--auth-source-pass--build-results-many, erc-compat--auth-source-pass--retrieve-parsed, erc-compat--auth-source-pass-packend-parse): Copy some yet unreleased functions from auth-source-pass that mimic the netrc backend. Also add forward declarations to support them. * lisp/erc/erc.el (erc--auth-source-search): Use own auth-source-pass erc-compat backend until 29.1 released. * test/lisp/erc/erc-services-tests.el (erc-join-tests--auth-source-pass-entries): Remove useless items. (erc--auth-source-search--pass-standard, erc--auth-source-search--pass-announced, erc--auth-source-search--pass-overrides): Remove `ert-skip' guard. Bug#58985. --- doc/misc/erc.texi | 3 +- lisp/erc/erc-compat.el | 99 +++++++++++++++++++++++++++++ lisp/erc/erc.el | 7 +- test/lisp/erc/erc-services-tests.el | 3 - 4 files changed, 107 insertions(+), 5 deletions(-) diff --git a/doc/misc/erc.texi b/doc/misc/erc.texi index 3db83197f9..ad35b78f0e 100644 --- a/doc/misc/erc.texi +++ b/doc/misc/erc.texi @@ -861,7 +861,8 @@ Connecting @code{erc-auth-source-search}. It tries to merge relevant contextual parameters with those provided or discovered from the logical connection or the underlying transport. Some auth-source back ends may not be -compatible; netrc, plstore, json, and secrets are currently supported. +compatible; netrc, plstore, json, secrets, and pass are currently +supported. @end defopt @subheading Full name diff --git a/lisp/erc/erc-compat.el b/lisp/erc/erc-compat.el index 03bd8f1352..47d5258f92 100644 --- a/lisp/erc/erc-compat.el +++ b/lisp/erc/erc-compat.el @@ -32,6 +32,8 @@ ;;; Code: (require 'compat nil 'noerror) +(eval-when-compile (require 'cl-lib)) + ;;;###autoload(autoload 'erc-define-minor-mode "erc-compat") (define-obsolete-function-alias 'erc-define-minor-mode @@ -168,6 +170,103 @@ erc-compat--with-memoization `(cl--generic-with-memoization ,table ,@forms)) (t `(progn ,@forms)))) +;;;; Auth Source + +(declare-function auth-source-pass--get-attr + "auth-source-pass" (key entry-data)) +(declare-function auth-source-pass--disambiguate + "auth-source-pass" (host &optional user port)) +(declare-function auth-source-backend-parse-parameters + "auth-source-pass" (entry backend)) +(declare-function auth-source-backend "auth-source" (&rest slots)) +(declare-function auth-source-pass-entries "auth-source-pass" nil) +(declare-function auth-source-pass-parse-entry "auth-source-pass" (entry)) + +;; This basically hard codes `auth-source-pass-port-separator' to ":" +(defun erc-compat--auth-source-pass--retrieve-parsed (seen e port-number-p) + (when (string-match (rx (or bot "/") + (or (: (? (group-n 20 (+ (not (in " /@")))) "@") + (group-n 10 (+ (not (in " /:@")))) + (? ":" (group-n 30 (+ (not (in " /:")))))) + (: (group-n 11 (+ (not (in " /:@")))) + (? ":" (group-n 31 (+ (not (in " /:"))))) + (? "/" (group-n 21 (+ (not (in " /:"))))))) + eot) + e) + (puthash e (list :host (or (match-string 10 e) + (match-string 11 e)) + :user (or (match-string 20 e) + (match-string 21 e)) + :port (and-let* ((p (or (match-string 30 e) + (match-string 31 e))) + (n (string-to-number p))) + (if (or (zerop n) + (not port-number-p)) + (format "%s" p) + n))) + seen))) + +;; This looks bad, but it just inlines `auth-source-pass--find-match-many'. +(defun erc-compat--auth-source-pass--build-result-many + (hosts users ports require max) + "Return a plist of HOSTS, PORTS, USERS, and secret." + (unless (listp hosts) (setq hosts (list hosts))) + (unless (listp users) (setq users (list users))) + (unless (listp ports) (setq ports (list ports))) + (unless max (setq max 1)) + (let ((seen (make-hash-table :test #'equal)) + (entries (auth-source-pass-entries)) + (check (lambda (m k v) + (let ((mv (plist-get m k))) + (if (memq k require) + (and v (equal mv v)) + (or (not v) (not mv) (equal mv v)))))) + out) + (catch 'done + (dolist (host hosts) + (pcase-let ((`(,_ ,u ,p) (auth-source-pass--disambiguate host))) + (unless (or (not (equal "443" p)) (string-prefix-p "https://" host)) + (setq p nil)) + (dolist (user (or users (list u))) + (dolist (port (or ports (list p))) + (dolist (e entries) + (when-let* + ((m (or (gethash e seen) + (erc-compat--auth-source-pass--retrieve-parsed + seen e (integerp port)))) + ((equal host (plist-get m :host))) + ((funcall check m :port port)) + ((funcall check m :user user)) + (parsed (auth-source-pass-parse-entry e)) + (secret (or (auth-source-pass--get-attr 'secret parsed) + (not (memq :secret require))))) + (push + `( :host ,host ; prefer user-provided :host over h + ,@(and-let* ((u (plist-get m :user))) (list :user u)) + ,@(and-let* ((p (plist-get m :port))) (list :port p)) + ,@(and secret (not (eq secret t)) (list :secret secret))) + out) + (when (or (zerop (cl-decf max)) + (null (setq entries (delete e entries)))) + (throw 'done nil))))))))) + (reverse out))) + +(cl-defun erc-compat--auth-source-pass-search + (&rest spec &key host user port require max &allow-other-keys) + ;; From `auth-source-pass-search' + (cl-assert (and host (not (eq host t))) + t "Invalid password-store search: %s %s") + (erc-compat--auth-source-pass--build-result-many host user port require max)) + +(defun erc-compat--auth-source-pass-backend-parse (entry) + (when (eq entry 'password-store) + (auth-source-backend-parse-parameters + entry (auth-source-backend + :source "." + :type 'password-store + :search-function #'erc-compat--auth-source-pass-search)))) + + (provide 'erc-compat) ;;; erc-compat.el ends here diff --git a/lisp/erc/erc.el b/lisp/erc/erc.el index 6b14cf87e2..3769e73041 100644 --- a/lisp/erc/erc.el +++ b/lisp/erc/erc.el @@ -3225,7 +3225,12 @@ erc--auth-source-search the nod. Much the same would happen for entries sharing only a port: the one with host foo would win." (when-let* - ((priority (map-keys defaults)) + ((auth-source-backend-parser-functions + (if (memq 'password-store auth-sources) + (cons #'erc-compat--auth-source-pass-backend-parse + auth-source-backend-parser-functions) + auth-source-backend-parser-functions)) + (priority (map-keys defaults)) (test (lambda (a b) (catch 'done (dolist (key priority) diff --git a/test/lisp/erc/erc-services-tests.el b/test/lisp/erc/erc-services-tests.el index c22d4cf75e..7ff2e36e77 100644 --- a/test/lisp/erc/erc-services-tests.el +++ b/test/lisp/erc/erc-services-tests.el @@ -474,7 +474,6 @@ erc-join-tests--auth-source-pass-entries ("GNU.chat:irc/#chan" (secret . "foo")))) (ert-deftest erc--auth-source-search--pass-standard () - (ert-skip "Pass backend not yet supported") (let ((store erc-join-tests--auth-source-pass-entries) (auth-sources '(password-store)) (auth-source-do-cache nil)) @@ -487,7 +486,6 @@ erc--auth-source-search--pass-standard (erc-services-tests--auth-source-standard #'erc-auth-source-search)))) (ert-deftest erc--auth-source-search--pass-announced () - (ert-skip "Pass backend not yet supported") (let ((store erc-join-tests--auth-source-pass-entries) (auth-sources '(password-store)) (auth-source-do-cache nil)) @@ -500,7 +498,6 @@ erc--auth-source-search--pass-announced (erc-services-tests--auth-source-announced #'erc-auth-source-search)))) (ert-deftest erc--auth-source-search--pass-overrides () - (ert-skip "Pass backend not yet supported") (let ((store `(,@erc-join-tests--auth-source-pass-entries ("GNU.chat:6697/#chan" (secret . "spam")) -- 2.38.1 --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sat Nov 12 10:26:51 2022 Received: (at 58985) by debbugs.gnu.org; 12 Nov 2022 15:26:51 +0000 Received: from localhost ([127.0.0.1]:48798 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1otsPD-000565-5D for submit@debbugs.gnu.org; Sat, 12 Nov 2022 10:26:51 -0500 Received: from knopi.disroot.org ([178.21.23.139]:36548) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1otsPA-00055v-Sc for 58985@debbugs.gnu.org; Sat, 12 Nov 2022 10:26:49 -0500 Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id B65D340E0B; Sat, 12 Nov 2022 16:26:47 +0100 (CET) X-Virus-Scanned: SPAM Filter at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fD67cm_uJSBP; Sat, 12 Nov 2022 16:26:46 +0100 (CET) From: Akib Azmain Turja DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1668266806; bh=HMP+842BLjbsCpFFi2H2N0MOBUWHd6qOzNCmAEyb9kQ=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=KEbb9SzxD+xI8z2rPV/MrW6vJTaojXgXcaYJOWw02ckK3S+gFWTXx/dLAPfNSpVQ5 rPmc6OqDl5dZeK4JzrANTj8RXmrhYlABoQIHi5P1KQL5uynsIqd2ZWBB0faLZwhvlZ 67AWMJaPRgwPfVr4/3myvjNMyqIR0R1LC+gmdGRIm9dpMhX6p/64gLYJLk7nMigOVo P3MuyNyzzlOQ+eIEH7MnQLA7+npvaG3SQrW42d7vOn4a9BakBiNIwJXbFmEN87qC+u ixCKZ286HZqgFQBIjvZWLbYkj38yCoeXJ08tmqpUSBBRS7ck12Id05AHJ9Rw2xzVb1 Z9F9uswOW8dyA== To: "J.P." Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <87bkpcu74w.fsf@neverwas.me> (J. P.'s message of "Fri, 11 Nov 2022 20:30:23 -0800") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> <878rkjl1vd.fsf@disroot.org> <877d026uym.fsf@neverwas.me> <87tu35eehq.fsf@disroot.org> <87bkpcu74w.fsf@neverwas.me> Date: Sat, 12 Nov 2022 21:24:37 +0600 Message-ID: <875yfkdwlm.fsf@disroot.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: Damien Cassou , =?utf-8?Q?Bj=C3=B6rn?= Bidar , emacs-erc@gnu.org, Michael Albinus , 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable "J.P." writes: > Akib Azmain Turja writes: > >> Why the closure doesn't capture "s"? For me, the following code >> captures "s" (obviously with lexical binding): (just let-wrapped version >> of your code) >> >> (let ((e '(:secret "topsecret"))) >> (when-let* ((s (plist-get e :secret)) ; s not captured by closure >> (v (auth-source--obfuscate s))) >> (setf (plist-get e :secret) >> (lambda () (auth-source--deobfuscate v)))) >> e) >> ;; =3D> (:secret >> ;; (closure >> ;; ((p #1) >> ;; (v . "XIcHKKIKtavKgK8J6zXP1w=3D=3D-N/XAaAOqAtGcCzKGKX71og=3D= =3D") >> ;; (s . "topsecret") ;; LEAKED!!! >> ;; (e :secret #1) >> ;; t) >> ;; nil >> ;; (auth-source--deobfuscate v))) >> > > Looks like you don't have: > > commit 1b1ffe07897ebe06cf96ab423fad3cde9fd6c981 > Author: Stefan Monnier > Date: Mon Oct 17 17:11:40 2022 -0400 >=20=20=20 > (Ffunction): Make interpreted closures safe for space >=20=20=20=20=20 > It's easiest to just make a habit of applying patches on the latest > HEAD. Once you do, you'll find that the output of your example changes. > If ELPA's Compat ever takes an interest, I suppose a backported version > could just `byte-compile' the lambda. That's a recent commit, I'm using Emacs from a commit over two months ago (I tried to upgrade just a few days before Eglot merged, but was forced to revert due to native compilation errors). > >>> + (push e out))))) >> >> [...] >> >>> +(defun auth-source-pass--retrieve-parsed (seen path port-number-p) >>> + (when-let ((m (string-match auth-source-pass--match-regexp path))) >> >> Why do you let-bound "m"? > > Because I am slow and blind, I guess. > >> I can't find any use of it in the body. > > Go figure. (Thanks.) I can't find any existence of "m". > >>> +(defun auth-source-pass--find-match-many (hosts users ports require ma= x) >>> + "Return plists for valid combinations of HOSTS, USERS, PORTS. >>> +Each plist contains, at the very least, a host and a secret." >>> + (let ((seen (make-hash-table :test #'equal)) >>> + (entries (auth-source-pass-entries)) >>> + out) >>> + (catch 'done >>> + (dolist (host hosts out) >>> + (pcase-let ((`(,_ ,u ,p) (auth-source-pass--disambiguate host)= )) >>> + (unless (or (not (equal "443" p)) (string-prefix-p "https://= " host)) >>> + (setq p nil)) >>> + (dolist (user (or users (list u))) >>> + (dolist (port (or ports (list p))) >>> + (dolist (e entries) >>> + (when-let* >>> + ((m (or (gethash e seen) (auth-source-pass--retrie= ve-parsed >>> + seen e (integerp port)))) >>> + ((equal host (plist-get m :host))) >>> + ((auth-source-pass--match-parts m :port port requ= ire)) >>> + ((auth-source-pass--match-parts m :user user requ= ire)) >>> + (parsed (auth-source-pass-parse-entry e)) >>> + ;; For now, ignore body-content pairs, if any, >>> + ;; from `auth-source-pass--parse-data'. >>> + (secret (or (auth-source-pass--get-attr 'secret p= arsed) >>> + (not (memq :secret require))))) >>> + (push >>> + `( :host ,host ; prefer user-provided :host over h >>> + ,@(and-let* ((u (plist-get m :user))) (list :use= r u)) >>> + ,@(and-let* ((p (plist-get m :port))) (list :por= t p)) >>> + ,@(and secret (not (eq secret t)) (list :secret = secret))) >>> + out) >>> + (when (or (zerop (cl-decf max)) >>> + (null (setq entries (remove e entries)))) >> >> Remove will create a lot of garbage, e.g. (let ((x '(1 2 3 4 5))) >> (eq (remove 6 x) x)) and (let ((x '(1 2 3 4 5))) (eq (remove 1 x) >> (cdr x))) both returns nil. > > Since you're clearly aware that, for lists, `remove' just calls `delete' > on a shallow copy, how could (remove thing x) ever be eq to some nthcdr > of x so long as both are non-nil? > >> If you think delete is OK, go ahead and use it. If you think remove is >> better, keep it. Do whatever you think right. > > As I tried to explain in > > https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D58985#64 > > I think `delete' is safe in this situation, assuming of course that, for > ancient, core functions, the implementation can be construed as the de > facto interface. Based on your comments, you seem to agree with this > assumption, which seems only sane. I have thus reverted the change. > Any one contributing to core Emacs is almost certain more experienced that me, so they should ignore me if they wish. >> >>> + (throw 'done out))))))))))) >>> + >> >> [...] > > While I certainly welcome the assiduous scrutinizing of Emacs lisp > mechanics and technique (truly), I was mainly hoping that, as an avid > pass user, you would also help flesh out the precise effects of the > behavior introduced by these changes and hopefully share some insights > into how they might impact day-to-day usage for the typical pass user. > Granted, that necessarily involves applying these patches atop your > daily driver and living with them for a spell and, ideally, investing > some thought into imagining common usage patterns beyond your own (plus > any potentially problematic edge cases). If you have the energy to > devote to (perhaps just some of) these areas, it would really help move > this bug report forward. Thanks. > > > > Actually, I'm not very brave, and any damage to my password-store would be an absolute disaster. However, I have made a backup and add the encrypted passwords to a Git repository, and since the patch looks safe, I'm going to apply and test it. =2D-=20 Akib Azmain Turja, GPG key: 70018CE5819F17A3BBA666AFE74F0EFA922AE7F5 Fediverse: akib@hostux.social Codeberg: akib emailselfdefense.fsf.org | "Nothing can be secure without encryption." --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEyVTKmrtL6kNBe3FRVTX89U2IYWsFAmNvurUACgkQVTX89U2I YWsarA//frrnI19lAZiPLvZOr3EF5X5jatpj9xycSRflgBWRHm7Di/ToN8Tdvrq6 qNYK5BNHNXymqKpMR349aPipjnr8TzAZsW6Xxxya6++yEHJWusKoQJhBk1qS//qg UK/zY4etL+QmzI4tRnm1IAfH5OgOBrC9BsbNXnD6VrpIRIpn0HWZTiYJNsuxibTt 0yrbH3IaMQqIAXm13n1fCn+ot+aSqRd5O40eUG7OSM5J5KKyCEYbGyMp92tH3PxH wiqMvlZuG7JIeErAQ8ZsGtW59PvpQiCG1cvk6aBqESn14MZpwo+tDFrJbbUYBTTk tmdUp5/aS/iTRcRekan/m07aCbUwtV8BxLQf768QWvseCXd0Jow3VCobF/dmXR+W teyp7VPgqYqMihGPNkW6aNfmJUc6XvKqNcYy4Sp6eW/GifnTBtFFmxuQ3fQsXptM p1hAv0y6EtR3h8N8mK74nCTRThCtx4ZyOh8gSRIsrn/AS5PzCqt+Aa19Z8YQJKGc TzjrKCjHzfh/Jr/UGhnnQN6STJavTE598ndq3QZTk3G8niftRT8JCcd6jWebpDiG mXwYREm0TO1eSunNnfRhc8EbmsnTLR74C9N46Bir1POm80EjyboWEyflr+SYedHr 18qnt5xlV3JMiom4A1Ojw/lkQx8NplEHUpa0Qa+4Y9THSLmCXtg= =A0nS -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sun Nov 13 03:15:47 2022 Received: (at submit) by debbugs.gnu.org; 13 Nov 2022 08:15:48 +0000 Received: from localhost ([127.0.0.1]:49983 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ou89b-0002FH-DI for submit@debbugs.gnu.org; Sun, 13 Nov 2022 03:15:47 -0500 Received: from lists.gnu.org ([209.51.188.17]:58234) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ou89Y-0002F8-GR for submit@debbugs.gnu.org; Sun, 13 Nov 2022 03:15:44 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ou89Y-0001xY-4c; Sun, 13 Nov 2022 03:15:44 -0500 Received: from knopi.disroot.org ([178.21.23.139]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ou89W-0003pg-8H; Sun, 13 Nov 2022 03:15:43 -0500 Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id B10AA40DA6; Sun, 13 Nov 2022 09:15:38 +0100 (CET) X-Virus-Scanned: SPAM Filter at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fWe1AQ7GyJou; Sun, 13 Nov 2022 09:15:37 +0100 (CET) From: Akib Azmain Turja DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1668327337; bh=/HMMtv3i0zwRU4afsfcfLRBZzCGsRcVQTlmBI4j8ypw=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=E72WyqTFog/DoyOnuukM0BCSsTDsXsMkwcmcnrMk09mQN2x0TZ0pxQYWh8ebMfnG2 AJcXv3xcEG+OiXJwbBrY0W6IfDAGDmcgSRRbLLBvEViM3jmmjfe9FTOhu3CBeRoLwI OKPCK6t0uknK2fUW9cS5t15HFYkzwwcuSHtjlmhyTqFr+wCTBUuoI7cTawOys69B1a aJ9V180v4bcinY2OwD0FPA70e3Ll1lhPrsroBPaCO7GQl10Jyc6sXydUz4UQcZUIty bJgObAfl9PO6ihpQSfTupTZW720v/WUmgeFZI7X1QR7BkC4J1U2qR4JPFyH3OYY8UZ H5m6kuMTnuHXw== To: Akib Azmain Turja via "Bug reports for GNU Emacs, the Swiss army knife of text editors" Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <875yfkdwlm.fsf@disroot.org> (Akib Azmain Turja via's message of "Sat, 12 Nov 2022 21:24:37 +0600") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> <878rkjl1vd.fsf@disroot.org> <877d026uym.fsf@neverwas.me> <87tu35eehq.fsf@disroot.org> <87bkpcu74w.fsf@neverwas.me> <875yfkdwlm.fsf@disroot.org> Date: Sun, 13 Nov 2022 13:26:19 +0600 Message-ID: <874jv3nwmc.fsf@disroot.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Received-SPF: pass client-ip=178.21.23.139; envelope-from=akib@disroot.org; helo=knopi.disroot.org X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit Cc: Damien Cassou , emacs-erc@gnu.org, 58985@debbugs.gnu.org, "J.P." , =?utf-8?Q?Bj=C3=B6rn?= Bidar , Michael Albinus X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Akib Azmain Turja via "Bug reports for GNU Emacs, the Swiss army knife of text editors" writes: > "J.P." writes: > >> While I certainly welcome the assiduous scrutinizing of Emacs lisp >> mechanics and technique (truly), I was mainly hoping that, as an avid >> pass user, you would also help flesh out the precise effects of the >> behavior introduced by these changes and hopefully share some insights >> into how they might impact day-to-day usage for the typical pass user. >> Granted, that necessarily involves applying these patches atop your >> daily driver and living with them for a spell and, ideally, investing >> some thought into imagining common usage patterns beyond your own (plus >> any potentially problematic edge cases). If you have the energy to >> devote to (perhaps just some of) these areas, it would really help move >> this bug report forward. Thanks. > > Actually, I'm not very brave, and any damage to my password-store would > be an absolute disaster. > > However, I have made a backup and add the encrypted passwords to a Git > repository, and since the patch looks safe, I'm going to apply and test > it. I have applied the patch the on top commit f8c11b5a, and it works fine. I did some basic testing (manually) of auth-source-pass and the dependent packages I use, password-store and pass, and they all seem to be unaffected when the new option enabled. So I guess we can enable it by default. I didn't felt the need of test with the new feature disabled, since the patch doesn't touch any old code. And I also found that, auth-source finds the entry "akib@disroot.org" correctly with (auth-source-search :host "disroot.org") when the new user option is set to t. However, I haven't still installed the Emacs build with the patch applied as my daily driver, I'm working on that. The tests were performed on Emacs build without GUI. =2D-=20 Akib Azmain Turja, GPG key: 70018CE5819F17A3BBA666AFE74F0EFA922AE7F5 Fediverse: akib@hostux.social Codeberg: akib emailselfdefense.fsf.org | "Nothing can be secure without encryption." --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEyVTKmrtL6kNBe3FRVTX89U2IYWsFAmNwnBsACgkQVTX89U2I YWtoyg/9Fja6JkoI2zBrRdG9b0sR+KS64oTIlA8apRkaDiGnjjXFXZa3D7dyf0/y YGzq+fIZAHSfUlcR/k/9R4X8I0n83nYXdDUwFp+TR4rj/XFLjZXNrhkclzm/ZyAB HiFwZRfDeCVzsiUOWMlasOEIgTqUYl4jXxWfGMYS59928WA4HKqOhhXORzOhroOy Yq9y/xjYD8gfrNLLmCOQv+emIKRKlvYC76uwo07k6GQECaQfDg+TDo2FDi/7zyga g3QrywLl+tdzbonxQGnSbpNE6er5u1wPiKgbkNGDUgLFnM30aCmnCDjnTNhgWGFB 9ys47j07v3PAwGyMt0w0ea5f9K3PMqqETWeVVdq6LtdgPPMmEVkXhPCmjaUvBqc9 Mmay2rk9kvZdGwx2cQiNi8xFbseAeeaE5KFkpAJ/Km5/si6Rp/qtmeAFEN0+BaK3 ay7Y2GPB2BZoP8xO41t7dqQa9ElUg5d9h9OIo1DOU5Bl6UfXv3EPdTXAZKBRJmYv N7NFS25H9cyfLegjWyq9c8U/j9dV2M8M9pIVgYdSYIAg+0ceOjnNi4em306Ux7wU tDdjm4mcXjhcm70pjFhqYmCPpEIKzl4Ge3FzC8/d9FZIuDS5GERXCB/eXiouSbVj Deh08noi0jeLs3EQZzfvyRGgzlxdVqJg0+HZ3Z4rURExY+xaMrc= =+DUp -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sun Nov 13 10:30:08 2022 Received: (at 58985) by debbugs.gnu.org; 13 Nov 2022 15:30:09 +0000 Received: from localhost ([127.0.0.1]:52351 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ouEvw-0001Cn-Cs for submit@debbugs.gnu.org; Sun, 13 Nov 2022 10:30:08 -0500 Received: from mail-108-mta134.mxroute.com ([136.175.108.134]:36991) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ouEvt-0001Ak-LK for 58985@debbugs.gnu.org; Sun, 13 Nov 2022 10:30:07 -0500 Received: from mail-111-mta2.mxroute.com ([136.175.111.2] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta134.mxroute.com (ZoneMTA) with ESMTPSA id 184719c98260006e99.002 for <58985@debbugs.gnu.org> (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Sun, 13 Nov 2022 15:29:58 +0000 X-Zone-Loop: 8e191f41084bf3a7c6cc21daf1132f7c40c4accd255f X-Originating-IP: [136.175.111.2] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neverwas.me ; s=x; h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To: Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=jXUsRkRkjBjG3zSgiHEsBs4TpO5C3Vgw4Kn8CCyHPlM=; b=Ppcpu7k4tuSfKTIjqBwlJdDdzS fAYHTIag8jeUOxJxV0Is8tGGxB7m4KODsqSciwVmo9+Dyx57xMehaN7cgntpnWubhbKd3Vc3Xe1R2 wm0eVL5rr4B6obLwpxuohtoMEQdW5eWBdbwblgOy8y3r7KmsfArHFN9ITY+zu2FI4R7hwZQy2IIJ6 y/3i7rSnM0BWA1CJdWKJwWkwOpsrypv2cHAKj+xNF5OlgJDTDRgT68PtLcMIaQlE3mVKZC48SkDL5 zrDhhYYVP+JsdMRynzC9R4eZH6R1XQmVDnWLVfuSlmD20PWOZDLXQvI/R9jVGDGobvL7zM4CkMhjO x77bSPbw==; From: "J.P." To: Akib Azmain Turja Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <874jv3nwmc.fsf@disroot.org> (Akib Azmain Turja's message of "Sun, 13 Nov 2022 13:26:19 +0600") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> <878rkjl1vd.fsf@disroot.org> <877d026uym.fsf@neverwas.me> <87tu35eehq.fsf@disroot.org> <87bkpcu74w.fsf@neverwas.me> <875yfkdwlm.fsf@disroot.org> <874jv3nwmc.fsf@disroot.org> Date: Sun, 13 Nov 2022 07:29:55 -0800 Message-ID: <875yfiq3d8.fsf@neverwas.me> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Authenticated-Id: masked@neverwas.me X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: Damien Cassou , =?utf-8?Q?Bj=C3=B6rn?= Bidar , emacs-erc@gnu.org, Michael Albinus , 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Akib Azmain Turja writes: > Akib Azmain Turja via "Bug reports for GNU Emacs, the Swiss army knife > of text editors" writes: > >> "J.P." writes: >> >>> While I certainly welcome the assiduous scrutinizing of Emacs lisp >>> mechanics and technique (truly), I was mainly hoping that, as an avid >>> pass user, you would also help flesh out the precise effects of the >>> behavior introduced by these changes and hopefully share some insights >>> into how they might impact day-to-day usage for the typical pass user. >>> Granted, that necessarily involves applying these patches atop your >>> daily driver and living with them for a spell and, ideally, investing >>> some thought into imagining common usage patterns beyond your own (plus >>> any potentially problematic edge cases). If you have the energy to >>> devote to (perhaps just some of) these areas, it would really help move >>> this bug report forward. Thanks. >> >> Actually, I'm not very brave, and any damage to my password-store would >> be an absolute disaster. >> >> However, I have made a backup and add the encrypted passwords to a Git >> repository, and since the patch looks safe, I'm going to apply and test >> it. > > I have applied the patch the on top commit f8c11b5a, and it works fine. > > I did some basic testing (manually) of auth-source-pass and the > dependent packages I use, password-store and pass, and they all seem to > be unaffected when the new option enabled. So I guess we can enable it > by default. I didn't felt the need of test with the new feature > disabled, since the patch doesn't touch any old code. Awesome. Thanks for all the work. I know it's kind of a hassle. > And I also found that, auth-source finds the entry "akib@disroot.org" > correctly with (auth-source-search :host "disroot.org") when the new > user option is set to t. Yeah, it's sometimes tricky to tell if the new code is even running, so it's great that you checked that. > However, I haven't still installed the Emacs build with the patch > applied as my daily driver, I'm working on that. The tests were > performed on Emacs build without GUI. OK, nice. You mentioned previously some potentially surprising ambiguities surrounding the trailing /user syntax. If any realistic scenarios present themselves, perhaps we can try to improve the situation if it's not too far out of scope (or just document the behavior, maybe in a unit test). Thanks again. From debbugs-submit-bounces@debbugs.gnu.org Mon Nov 14 03:05:34 2022 Received: (at 58985) by debbugs.gnu.org; 14 Nov 2022 08:05:34 +0000 Received: from localhost ([127.0.0.1]:48860 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ouUTG-0001wv-3B for submit@debbugs.gnu.org; Mon, 14 Nov 2022 03:05:34 -0500 Received: from knopi.disroot.org ([178.21.23.139]:48136) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ouUTD-0001wn-Lf for 58985@debbugs.gnu.org; Mon, 14 Nov 2022 03:05:32 -0500 Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 0977F40E25; Mon, 14 Nov 2022 09:05:31 +0100 (CET) X-Virus-Scanned: SPAM Filter at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id odtvpM2gI9qh; Mon, 14 Nov 2022 09:05:29 +0100 (CET) From: Akib Azmain Turja DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1668413129; bh=5EG0GAAF98phwINPsiLQcIOZKHPMwdHJM2IYQH66lDY=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=CDwWCo66Z/6ZNv3MQMW07HvW/EgqeiHz+abWaGacY9cdAe0id4T4t8zJVQqNiTZta FXQ4xxP7LVAuTZLf2LMymLnU5MhDD8WjXF4oe2gzVgX02sdTHPiq+92WdUVHbB0x01 ydjmgR2158tkpJ6Pnl3YO/NVKC2MZXlDOzYCYjKZZBIxheltwTc3mf7l/KYKHMPpGN M0wAtxdYgkYbNponiwtXmFFN/W9KvDug2dpuMXaVKF87Sx4/vtWsh4XsVx1kxsf7oi lNcf4+6LQBmbyAbMtvmVwcg0dgSLvKdlO/K1dwRWkU+U1Hb7BPYPnNZp2iIXW/015N dxNAT3+OKICcg== To: "J.P." Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <875yfiq3d8.fsf@neverwas.me> (J. P.'s message of "Sun, 13 Nov 2022 07:29:55 -0800") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> <878rkjl1vd.fsf@disroot.org> <877d026uym.fsf@neverwas.me> <87tu35eehq.fsf@disroot.org> <87bkpcu74w.fsf@neverwas.me> <875yfkdwlm.fsf@disroot.org> <874jv3nwmc.fsf@disroot.org> <875yfiq3d8.fsf@neverwas.me> Date: Mon, 14 Nov 2022 12:50:46 +0600 Message-ID: <87mt8uvxkp.fsf@disroot.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: Damien Cassou , =?utf-8?Q?Bj=C3=B6rn?= Bidar , emacs-erc@gnu.org, Michael Albinus , 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable "J.P." writes: > Akib Azmain Turja writes: > >> Akib Azmain Turja via "Bug reports for GNU Emacs, the Swiss army knife >> of text editors" writes: >> >>> "J.P." writes: >>> >>>> While I certainly welcome the assiduous scrutinizing of Emacs lisp >>>> mechanics and technique (truly), I was mainly hoping that, as an avid >>>> pass user, you would also help flesh out the precise effects of the >>>> behavior introduced by these changes and hopefully share some insights >>>> into how they might impact day-to-day usage for the typical pass user. >>>> Granted, that necessarily involves applying these patches atop your >>>> daily driver and living with them for a spell and, ideally, investing >>>> some thought into imagining common usage patterns beyond your own (plus >>>> any potentially problematic edge cases). If you have the energy to >>>> devote to (perhaps just some of) these areas, it would really help move >>>> this bug report forward. Thanks. >>> >>> Actually, I'm not very brave, and any damage to my password-store would >>> be an absolute disaster. >>> >>> However, I have made a backup and add the encrypted passwords to a Git >>> repository, and since the patch looks safe, I'm going to apply and test >>> it. >> >> I have applied the patch the on top commit f8c11b5a, and it works fine. >> >> I did some basic testing (manually) of auth-source-pass and the >> dependent packages I use, password-store and pass, and they all seem to >> be unaffected when the new option enabled. So I guess we can enable it >> by default. I didn't felt the need of test with the new feature >> disabled, since the patch doesn't touch any old code. > > Awesome. Thanks for all the work. I know it's kind of a hassle. > >> And I also found that, auth-source finds the entry "akib@disroot.org" >> correctly with (auth-source-search :host "disroot.org") when the new >> user option is set to t. > > Yeah, it's sometimes tricky to tell if the new code is even running, so > it's great that you checked that. I'm pretty sure the new code was running, since I set auth-source-do-cache to nil to disable cache prior doing the tests. > >> However, I haven't still installed the Emacs build with the patch >> applied as my daily driver, I'm working on that. The tests were >> performed on Emacs build without GUI. > > OK, nice. > > You mentioned previously some potentially surprising ambiguities > surrounding the trailing /user syntax. If any realistic scenarios > present themselves, perhaps we can try to improve the situation if it's > not too far out of scope (or just document the behavior, maybe in a unit > test). Thanks again. I think it's good enough to install on master. Then more people can test and report about it. However, observed some behavior of the new code, here are my findings: The new searching code seems to prefer "HOST/USER" over "USER@HOST". I created the password store entry "foo.com/bar.org". Then I evaluated: (warning: manually typed with hands) (auth-source-search :host "bar.org") ;; =3D> nil (auth-source-search :host "foo.com") ;; =3D> ((:host "foo.com" :user "bar.org" :secret ...)) I created another entry "bar.org@foo.com". But it returns the password in "foo.com/bar.org". I deleted "foo.com/bar.org", now it return the password of "bar.org@foo.com". I created "foo.com/bar.org" again, and "foo.com/bar.org" is preferred again. I suggest to prefer the "@" syntax over "/user" syntax. =2D-=20 Akib Azmain Turja, GPG key: 70018CE5819F17A3BBA666AFE74F0EFA922AE7F5 Fediverse: akib@hostux.social Codeberg: akib emailselfdefense.fsf.org | "Nothing can be secure without encryption." --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEyVTKmrtL6kNBe3FRVTX89U2IYWsFAmNx5UYACgkQVTX89U2I YWuVrQ//TJfbcaxnR+p3V+ImNrSGd26Nhu3AnQw7ByFQXIYnbqo+qbcHVOR5dGqr doPPvDqrSkMUMkqiytL3KMEqmiut5Dg1VmFzoB9LfAxRtoGWdPjmetUlT7NqEADy MKjZeBBtgOqwNIhSG3YQQIsVcmN0DC1YC15ADJMGW1VQLYd3p21cjtf2XE8CY5/3 cvs+EHFGW0x/98KQxSAOKK8gWaQ/ZwqBUuTfW6LZgQLuoK8IGsHOEFwLd3QwOykK ug9zQkhYkr1JX0g6b/DGjS1xQsAM/2ADQKF2XkorfsqEfBhdoopp8+/S1RWfT6ot /C2bGy8bx8d6WhP/IZZSRcj1vZWs/OmywR7+mE3VWYSllOpn5LNsqRFMlfb3E3II s8G5yR4hRZaHCBtq52ECIv9tAWKwZLfR4hgyLK4TWP2ITsnmWfpsVmMPfbHBr22b LKF3wrBO1tgBbEaQBeJAVYvrHBSx51Fp2D3x1d/Rj2dY2In4wugVMVhHRtCcMyZP lPsEsUBREFIczZisIroKPSF+cy+LlV086o9khWESKVYlpOspqGU+GFONyETFyLtG al69lxGRsVZUtL1RRP3VroX6fLysPD86ScbklOOuJgqD+BTfQTQgtEkqmgjHAT/y 3U1pyWzKY622sJ41cDanuh3OXw+yXCI6s39Uka+MdZwK9Wg9mFU= =sfqN -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Mon Nov 14 10:12:56 2022 Received: (at 58985) by debbugs.gnu.org; 14 Nov 2022 15:12:56 +0000 Received: from localhost ([127.0.0.1]:50756 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oub8o-0002qj-PJ for submit@debbugs.gnu.org; Mon, 14 Nov 2022 10:12:56 -0500 Received: from mail-108-mta152.mxroute.com ([136.175.108.152]:35335) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oub8l-0002qS-Gh for 58985@debbugs.gnu.org; Mon, 14 Nov 2022 10:12:53 -0500 Received: from mail-111-mta2.mxroute.com ([136.175.111.2] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta152.mxroute.com (ZoneMTA) with ESMTPSA id 18476b328230006e99.002 for <58985@debbugs.gnu.org> (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Mon, 14 Nov 2022 15:12:43 +0000 X-Zone-Loop: 202928640cc3390db705a9b838283610896e95adf76a X-Originating-IP: [136.175.111.2] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neverwas.me ; s=x; h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To: Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=JpnGmCfP6oNhCBVLCDKO4FtxNCu3N9Pf0wA/j9hmfEE=; b=az3zoshuihMHHVi9QlcJgdZXe1 wSIvE3hZFqKdwSM05+rNuSG2MjAsMyiz1dKrj3UT4v8OK+vSQCxBHT7AD9tAXfUqTZNhVBBqA24eg SYexRAsdp+6HiqoOnf9WynZtXmFVZrETuMV9TlsmSAnKNflprd6i6/qBzZP+v9Er2rLFkvNkncg0Y oGoj1o0GrYab+gTi5qjqz4Q3g3ldvsCYrsfsGky4w21XqUMNaxTRoLG0100+5nC1DN+wDJrT8uOLC jrg/hDCACDxFHUDenrncxoZaobCLlR8JTGr78yEW32qTErqdIHO5KG6rU3wjP6hGeUzz3vj7eA8OR aw8QFkzw==; From: "J.P." To: Akib Azmain Turja Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <87mt8uvxkp.fsf@disroot.org> (Akib Azmain Turja's message of "Mon, 14 Nov 2022 12:50:46 +0600") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> <878rkjl1vd.fsf@disroot.org> <877d026uym.fsf@neverwas.me> <87tu35eehq.fsf@disroot.org> <87bkpcu74w.fsf@neverwas.me> <875yfkdwlm.fsf@disroot.org> <874jv3nwmc.fsf@disroot.org> <875yfiq3d8.fsf@neverwas.me> <87mt8uvxkp.fsf@disroot.org> Date: Mon, 14 Nov 2022 07:12:39 -0800 Message-ID: <877czxlgd4.fsf@neverwas.me> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Authenticated-Id: masked@neverwas.me X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: Damien Cassou , =?utf-8?Q?Bj=C3=B6rn?= Bidar , emacs-erc@gnu.org, Michael Albinus , 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Akib Azmain Turja writes: > "J.P." writes: > >> You mentioned previously some potentially surprising ambiguities >> surrounding the trailing /user syntax. If any realistic scenarios >> present themselves, perhaps we can try to improve the situation if it's >> not too far out of scope (or just document the behavior, maybe in a unit >> test). Thanks again. > > I think it's good enough to install on master. Then more people can > test and report about it. > > However, observed some behavior of the new code, here are my findings: > > The new searching code seems to prefer "HOST/USER" over "USER@HOST". That's the effect, right. I think `directory-files-recursively' basically determines the ordering in which the entries are considered. > I created the password store entry "foo.com/bar.org". Then I evaluated: > (warning: manually typed with hands) > > (auth-source-search :host "bar.org") > ;; => nil > > (auth-source-search :host "foo.com") > ;; => ((:host "foo.com" :user "bar.org" :secret ...)) > > I created another entry "bar.org@foo.com". But it returns the password > in "foo.com/bar.org". > > I deleted "foo.com/bar.org", now it return the password of > "bar.org@foo.com". > > I created "foo.com/bar.org" again, and "foo.com/bar.org" is preferred > again. > > I suggest to prefer the "@" syntax over "/user" syntax. I have tried tweaking things in that direction. But as far as deprecating the /user form officially: that seems more like a group decision. And then there's the question of how to express such a policy. Should we emit a warning? At the very least, it would need to be documented somewhere. Anyway, this is useful analysis. Thanks again for all your help. --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0000-v6-v7.diff >From 7a6ee6960ded65dfdec768b094eca8d1883a8f4d Mon Sep 17 00:00:00 2001 From: "F. Jason Park" Date: Mon, 14 Nov 2022 06:51:56 -0800 Subject: [PATCH 0/2] *** NOT A PATCH *** *** BLURB HERE *** F. Jason Park (2): [POC] Make auth-source-pass behave more like other backends [POC] Support auth-source-pass in ERC doc/misc/auth.texi | 11 ++ doc/misc/erc.texi | 3 +- etc/NEWS | 8 + lisp/auth-source-pass.el | 113 +++++++++++++- lisp/erc/erc-compat.el | 104 +++++++++++++ lisp/erc/erc.el | 7 +- test/lisp/auth-source-pass-tests.el | 223 ++++++++++++++++++++++++++++ test/lisp/erc/erc-services-tests.el | 3 - 8 files changed, 466 insertions(+), 6 deletions(-) Interdiff: diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el index 34edd4fa31..aa39df014c 100644 --- a/lisp/auth-source-pass.el +++ b/lisp/auth-source-pass.el @@ -258,14 +258,16 @@ auth-source-pass--find-match (defun auth-source-pass--retrieve-parsed (seen path port-number-p) (when (string-match auth-source-pass--match-regexp path) (puthash path - (list :host (or (match-string 10 path) (match-string 11 path)) - :user (or (match-string 20 path) (match-string 21 path)) - :port (and-let* ((p (or (match-string 30 path) - (match-string 31 path))) - (n (string-to-number p))) - (if (or (zerop n) (not port-number-p)) - (format "%s" p) - n))) + `( :host ,(or (match-string 10 path) (match-string 11 path)) + ,@(if-let* ((tr (match-string 21 path))) + (list :user tr :suffix t) + (list :user (match-string 20 path))) + :port ,(and-let* ((p (or (match-string 30 path) + (match-string 31 path))) + (n (string-to-number p))) + (if (or (zerop n) (not port-number-p)) + (format "%s" p) + n))) seen))) (defun auth-source-pass--match-parts (parts key value require) @@ -279,7 +281,7 @@ auth-source-pass--find-match-many Each plist contains, at the very least, a host and a secret." (let ((seen (make-hash-table :test #'equal)) (entries (auth-source-pass-entries)) - out) + out suffixed suffixedp) (catch 'done (dolist (host hosts out) (pcase-let ((`(,_ ,u ,p) (auth-source-pass--disambiguate host))) @@ -304,10 +306,16 @@ auth-source-pass--find-match-many ,@(and-let* ((u (plist-get m :user))) (list :user u)) ,@(and-let* ((p (plist-get m :port))) (list :port p)) ,@(and secret (not (eq secret t)) (list :secret secret))) - out) - (when (or (zerop (cl-decf max)) - (null (setq entries (delete e entries)))) - (throw 'done out))))))))))) + (if (setq suffixedp (plist-get m :suffix)) suffixed out)) + (unless suffixedp + (when (or (zerop (cl-decf max)) + (null (setq entries (delete e entries)))) + (throw 'done out))))) + (setq suffixed (nreverse suffixed)) + (while suffixed + (push (pop suffixed) out) + (when (zerop (cl-decf max)) + (throw 'done out)))))))))) (defun auth-source-pass--disambiguate (host &optional user port) "Return (HOST USER PORT) after disambiguation. diff --git a/lisp/erc/erc-compat.el b/lisp/erc/erc-compat.el index 47d5258f92..51bf251026 100644 --- a/lisp/erc/erc-compat.el +++ b/lisp/erc/erc-compat.el @@ -193,17 +193,16 @@ erc-compat--auth-source-pass--retrieve-parsed (? "/" (group-n 21 (+ (not (in " /:"))))))) eot) e) - (puthash e (list :host (or (match-string 10 e) - (match-string 11 e)) - :user (or (match-string 20 e) - (match-string 21 e)) - :port (and-let* ((p (or (match-string 30 e) - (match-string 31 e))) - (n (string-to-number p))) - (if (or (zerop n) - (not port-number-p)) - (format "%s" p) - n))) + (puthash e `( :host ,(or (match-string 10 e) (match-string 11 e)) + ,@(if-let* ((tr (match-string 21 e))) + (list :user tr :suffix t) + (list :user (match-string 20 e))) + :port ,(and-let* ((p (or (match-string 30 e) + (match-string 31 e))) + (n (string-to-number p))) + (if (or (zerop n) (not port-number-p)) + (format "%s" p) + n))) seen))) ;; This looks bad, but it just inlines `auth-source-pass--find-match-many'. @@ -221,7 +220,7 @@ erc-compat--auth-source-pass--build-result-many (if (memq k require) (and v (equal mv v)) (or (not v) (not mv) (equal mv v)))))) - out) + out suffixed suffixedp) (catch 'done (dolist (host hosts) (pcase-let ((`(,_ ,u ,p) (auth-source-pass--disambiguate host))) @@ -245,10 +244,16 @@ erc-compat--auth-source-pass--build-result-many ,@(and-let* ((u (plist-get m :user))) (list :user u)) ,@(and-let* ((p (plist-get m :port))) (list :port p)) ,@(and secret (not (eq secret t)) (list :secret secret))) - out) - (when (or (zerop (cl-decf max)) - (null (setq entries (delete e entries)))) - (throw 'done nil))))))))) + (if (setq suffixedp (plist-get m :suffix)) suffixed out)) + (unless suffixedp + (when (or (zerop (cl-decf max)) + (null (setq entries (delete e entries)))) + (throw 'done out))))) + (setq suffixed (nreverse suffixed)) + (while suffixed + (push (pop suffixed) out) + (when (zerop (cl-decf max)) + (throw 'done out)))))))) (reverse out))) (cl-defun erc-compat--auth-source-pass-search diff --git a/test/lisp/auth-source-pass-tests.el b/test/lisp/auth-source-pass-tests.el index 60903808e0..a92653b5ac 100644 --- a/test/lisp/auth-source-pass-tests.el +++ b/test/lisp/auth-source-pass-tests.el @@ -654,6 +654,11 @@ auth-source-pass-extra-query-keywords--port-type ;; matches are not given precedence, i.e., matching store items are ;; returned in the order encountered +;; Note that all trailing /user forms are demoted for the sake of +;; predictability, and so are quasi-deprecated. This means that, in +;; the following test, /bar is shunted off to limbo, followed by /foo, +;; but they both retain priority over "gnu.org", as noted above. + (ert-deftest auth-source-pass-extra-query-keywords--hosts-first () (auth-source-pass--with-store '(("x.com:42/bar" (secret . "a")) ("gnu.org" (secret . "b")) @@ -667,10 +672,44 @@ auth-source-pass-extra-query-keywords--hosts-first (setf (plist-get result :secret) (auth-info-password result))) (should (equal results ;; Notice gnu.org is never considered ^ - '((:host "x.com" :user "bar" :port "42" :secret "a") - (:host "x.com" :secret "c") + '((:host "x.com" :secret "c") + (:host "x.com" :user "bar" :port "42" :secret "a") (:host "x.com" :user "foo" :secret "e"))))))) +(ert-deftest auth-source-pass-extra-query-keywords--ambiguous-user-host () + (auth-source-pass--with-store '(("foo.com/bar.org" (secret . "a")) + ("foo.com" (secret . "b")) + ("bar.org" (secret . "c")) + ("fake.com" (secret . "d"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host "bar.org" :max 3))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '((:host "bar.org" :secret "c"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--suffixed-user () + (auth-source-pass--with-store '(("x.com:42/bar" (secret . "a")) + ("bar@x.com" (secret . "b")) + ("x.com" (secret . "?")) + ("bar@y.org" (secret . "c")) + ("fake.com" (secret . "?")) + ("fake.com/bar" (secret . "d")) + ("y.org/bar" (secret . "?")) + ("bar@fake.com" (secret . "e"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host '("x.com" "fake.com" "y.org") + :user "bar" + :require '(:user) :max 5))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '((:host "x.com" :user "bar" :secret "b") + (:host "x.com" :user "bar" :port "42" :secret "a") + (:host "fake.com" :user "bar" :secret "e") + (:host "fake.com" :user "bar" :secret "d") + (:host "y.org" :user "bar" :secret "c"))))))) (provide 'auth-source-pass-tests) -- 2.38.1 --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-POC-Make-auth-source-pass-behave-more-like-other-bac.patch >From aef40854691b4c6e9c97ffdedefb342ae3fcc669 Mon Sep 17 00:00:00 2001 From: "F. Jason Park" Date: Tue, 1 Nov 2022 22:46:24 -0700 Subject: [PATCH 1/2] [POC] Make auth-source-pass behave more like other backends * lisp/auth-source-pass.el (auth-source-pass-extra-query-keywords): Add new option to bring search behavior more in line with other backends. (auth-source-pass-search): Add new keyword params `max' and `require' and consider new option `auth-source-pass-extra-query-keywords' for dispatch. (auth-source-pass--match-regexp, auth-source-pass--retrieve-parsed, auth-source-pass--match-parts): Add supporting variable and helpers. (auth-source-pass--build-result-many, auth-source-pass--find-match-many): Add "-many" variants for existing workhorse functions. * test/lisp/auth-source-pass-tests.el (auth-source-pass-extra-query-keywords--wild-port-miss-netrc, auth-source-pass-extra-query-keywords--wild-port-miss, auth-source-pass-extra-query-keywords--wild-port-hit-netrc, auth-source-pass-extra-query-keywords--wild-port-hit, auth-source-pass-extra-query-keywords--wild-port-req-miss-netrc, auth-source-pass-extra-query-keywords--wild-port-req-miss, auth-source-pass-extra-query-keywords--netrc-akib, auth-source-pass-extra-query-keywords--akib, auth-source-pass-extra-query-keywords--netrc-host, auth-source-pass-extra-query-keywords--host, auth-source-pass-extra-query-keywords--baseline, auth-source-pass-extra-query-keywords--port-type, auth-source-pass-extra-query-keywords--hosts-first, auth-source-pass-extra-query-keywords--ambiguous-user-host, auth-source-pass-extra-query-keywords--suffixed-user): Add juxtaposed netrc and extra-query-keywords pairs to demo optional extra-compliant behavior. * doc/misc/auth.texi: Add option `auth-source-pass-extra-query-keywords' to auth-source-pass section. * etc/NEWS: Mention `auth-source-pass-extra-query-keywords' in Emacs 29.1 package changes section. Bug#58985. --- doc/misc/auth.texi | 11 ++ etc/NEWS | 8 + lisp/auth-source-pass.el | 113 +++++++++++++- test/lisp/auth-source-pass-tests.el | 223 ++++++++++++++++++++++++++++ 4 files changed, 354 insertions(+), 1 deletion(-) diff --git a/doc/misc/auth.texi b/doc/misc/auth.texi index 9dc63af6bc..222fce2058 100644 --- a/doc/misc/auth.texi +++ b/doc/misc/auth.texi @@ -526,6 +526,8 @@ The Unix password store while searching for an entry matching the @code{rms} user on host @code{gnu.org} and port @code{22}, then the entry @file{gnu.org:22/rms.gpg} is preferred over @file{gnu.org.gpg}. +However, such filtering is not applied when the option +@code{auth-source-pass-extra-parameters} is set to @code{t}. Users of @code{pass} may also be interested in functionality provided by other Emacs packages: @@ -549,6 +551,15 @@ The Unix password store port in an entry. Defaults to @samp{:}. @end defvar +@defvar auth-source-pass-extra-query-keywords +Set this to @code{t} if you encounter problems predicting the outcome +of searches relative to other auth-source backends or if you have code +that expects to query multiple backends uniformly. This tells +auth-source-pass to consider the @code{:max} and @code{:require} +keywords as well as lists containing multiple query params (for +applicable keywords). +@end defvar + @node Help for developers @chapter Help for developers diff --git a/etc/NEWS b/etc/NEWS index 7cd192b9d3..465ab4ad68 100644 --- a/etc/NEWS +++ b/etc/NEWS @@ -1395,6 +1395,14 @@ If non-nil and there's only one matching option, auto-select that. If non-nil, this user option describes what entries not to add to the database stored on disk. +** Auth-Source + ++++ +*** New user option 'auth-source-pass-extra-query-keywords'. +Whether to recognize additional keyword params, like ':max' and +':require', as well as accept lists of query terms paired with +applicable keywords. + ** Dired +++ diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el index 0955e2ed07..aa39df014c 100644 --- a/lisp/auth-source-pass.el +++ b/lisp/auth-source-pass.el @@ -55,13 +55,27 @@ auth-source-pass-port-separator :type 'string :version "27.1") +(defcustom auth-source-pass-extra-query-keywords nil + "Whether to consider additional keywords when performing a query. +Specifically, when the value is t, recognize the `:max' and +`:require' keywords and accept lists of query parameters for +certain keywords, such as `:host' and `:user'. Also, wrap all +returned secrets in a function and forgo any further results +filtering unless given an applicable `:require' argument. When +this option is nil, do none of that, and enact the narrowing +behavior described toward the bottom of the Info node `(auth) The +Unix password store'." + :type 'boolean + :version "29.1") + (cl-defun auth-source-pass-search (&rest spec &key backend type host user port + require max &allow-other-keys) "Given some search query, return matching credentials. See `auth-source-search' for details on the parameters SPEC, BACKEND, TYPE, -HOST, USER and PORT." +HOST, USER, PORT, REQUIRE, and MAX." (cl-assert (or (null type) (eq type (oref backend type))) t "Invalid password-store search: %s %s") (cond ((eq host t) @@ -70,6 +84,8 @@ auth-source-pass-search ((null host) ;; Do not build a result, as none will match when HOST is nil nil) + (auth-source-pass-extra-query-keywords + (auth-source-pass--build-result-many host port user require max)) (t (when-let ((result (auth-source-pass--build-result host port user))) (list result))))) @@ -89,6 +105,39 @@ auth-source-pass--build-result (seq-subseq retval 0 -2)) ;; remove password retval)))) +(defvar auth-source-pass--match-regexp nil) + +(defun auth-source-pass--match-regexp (s) + (rx-to-string ; autoloaded + `(: (or bot "/") + (or (: (? (group-n 20 (+ (not (in ?\ ?/ ?@ ,s)))) "@") + (group-n 10 (+ (not (in ?\ ?/ ?@ ,s)))) + (? ,s (group-n 30 (+ (not (in ?\ ?/ ,s)))))) + (: (group-n 11 (+ (not (in ?\ ?/ ?@ ,s)))) + (? ,s (group-n 31 (+ (not (in ?\ ?/ ,s))))) + (? "/" (group-n 21 (+ (not (in ?\ ?/ ,s))))))) + eot) + 'no-group)) + +(defun auth-source-pass--build-result-many (hosts ports users require max) + "Return multiple `auth-source-pass--build-result' values." + (unless (listp hosts) (setq hosts (list hosts))) + (unless (listp users) (setq users (list users))) + (unless (listp ports) (setq ports (list ports))) + (let* ((auth-source-pass--match-regexp (auth-source-pass--match-regexp + auth-source-pass-port-separator)) + (rv (auth-source-pass--find-match-many hosts users ports + require (or max 1)))) + (when auth-source-debug + (auth-source-pass--do-debug "final result: %S" rv)) + (let (out) + (dolist (e rv out) + (when-let* ((s (plist-get e :secret)) ; not captured by closure in 29.1 + (v (auth-source--obfuscate s))) + (setf (plist-get e :secret) + (lambda () (auth-source--deobfuscate v)))) + (push e out))))) + ;;;###autoload (defun auth-source-pass-enable () "Enable auth-source-password-store." @@ -206,6 +255,68 @@ auth-source-pass--find-match hosts (list hosts)))) +(defun auth-source-pass--retrieve-parsed (seen path port-number-p) + (when (string-match auth-source-pass--match-regexp path) + (puthash path + `( :host ,(or (match-string 10 path) (match-string 11 path)) + ,@(if-let* ((tr (match-string 21 path))) + (list :user tr :suffix t) + (list :user (match-string 20 path))) + :port ,(and-let* ((p (or (match-string 30 path) + (match-string 31 path))) + (n (string-to-number p))) + (if (or (zerop n) (not port-number-p)) + (format "%s" p) + n))) + seen))) + +(defun auth-source-pass--match-parts (parts key value require) + (let ((mv (plist-get parts key))) + (if (memq key require) + (and value (equal mv value)) + (or (not value) (not mv) (equal mv value))))) + +(defun auth-source-pass--find-match-many (hosts users ports require max) + "Return plists for valid combinations of HOSTS, USERS, PORTS. +Each plist contains, at the very least, a host and a secret." + (let ((seen (make-hash-table :test #'equal)) + (entries (auth-source-pass-entries)) + out suffixed suffixedp) + (catch 'done + (dolist (host hosts out) + (pcase-let ((`(,_ ,u ,p) (auth-source-pass--disambiguate host))) + (unless (or (not (equal "443" p)) (string-prefix-p "https://" host)) + (setq p nil)) + (dolist (user (or users (list u))) + (dolist (port (or ports (list p))) + (dolist (e entries) + (when-let* + ((m (or (gethash e seen) (auth-source-pass--retrieve-parsed + seen e (integerp port)))) + ((equal host (plist-get m :host))) + ((auth-source-pass--match-parts m :port port require)) + ((auth-source-pass--match-parts m :user user require)) + (parsed (auth-source-pass-parse-entry e)) + ;; For now, ignore body-content pairs, if any, + ;; from `auth-source-pass--parse-data'. + (secret (or (auth-source-pass--get-attr 'secret parsed) + (not (memq :secret require))))) + (push + `( :host ,host ; prefer user-provided :host over h + ,@(and-let* ((u (plist-get m :user))) (list :user u)) + ,@(and-let* ((p (plist-get m :port))) (list :port p)) + ,@(and secret (not (eq secret t)) (list :secret secret))) + (if (setq suffixedp (plist-get m :suffix)) suffixed out)) + (unless suffixedp + (when (or (zerop (cl-decf max)) + (null (setq entries (delete e entries)))) + (throw 'done out))))) + (setq suffixed (nreverse suffixed)) + (while suffixed + (push (pop suffixed) out) + (when (zerop (cl-decf max)) + (throw 'done out)))))))))) + (defun auth-source-pass--disambiguate (host &optional user port) "Return (HOST USER PORT) after disambiguation. Disambiguate between having user provided inside HOST (e.g., diff --git a/test/lisp/auth-source-pass-tests.el b/test/lisp/auth-source-pass-tests.el index f5147a7ce0..a92653b5ac 100644 --- a/test/lisp/auth-source-pass-tests.el +++ b/test/lisp/auth-source-pass-tests.el @@ -488,6 +488,229 @@ auth-source-pass-prints-meaningful-debug-log (should (auth-source-pass--have-message-matching "found 2 entries matching \"gitlab.com\": (\"a/gitlab.com\" \"b/gitlab.com\")")))) + +;; FIXME move this to top of file if keeping these netrc tests +(require 'ert-x) + +;; No entry has the requested port, but a result is still returned. + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-miss-netrc () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine x.com port 42 password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "x.com" :port 22 :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '((:host "x.com" :secret "a"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-miss () + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("x.com:42" (secret . "b"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host "x.com" :port 22 :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '((:host "x.com" :secret "a"))))))) + +;; One of two entries has the requested port, both returned + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-hit-netrc () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine x.com port 42 password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "x.com" :port 42 :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '((:host "x.com" :secret "a") + (:host "x.com" :port "42" :secret "b"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-hit () + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("x.com:42" (secret . "b"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host "x.com" :port 42 :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '((:host "x.com" :secret "a") + (:host "x.com" :port 42 :secret "b"))))))) + +;; No entry has the requested port, but :port is required, so search fails + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-req-miss-netrc () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine x.com port 42 password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search + :host "x.com" :port 22 :require '(:port) :max 2))) + (should-not results)))) + +(ert-deftest auth-source-pass-extra-query-keywords--wild-port-req-miss () + (let ((auth-source-pass-extra-query-keywords t)) + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("x.com:42" (secret . "b"))) + (auth-source-pass-enable) + (should-not (auth-source-search + :host "x.com" :port 22 :require '(:port) :max 2))))) + +;; Specifying a :host without a :user finds a lone entry and does not +;; include extra fields (i.e., :port nil) in the result +;; https://lists.gnu.org/archive/html/emacs-devel/2022-11/msg00130.html + +(ert-deftest auth-source-pass-extra-query-keywords--netrc-akib () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine disroot.org user akib password b +machine z.com password c +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "disroot.org" :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '((:host "disroot.org" :user "akib" :secret "b"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--akib () + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("akib@disroot.org" (secret . "b")) + ("z.com" (secret . "c"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host "disroot.org" :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '((:host "disroot.org" :user "akib" :secret "b"))))))) + +;; Searches for :host are case-sensitive, and a returned host isn't +;; normalized. + +(ert-deftest auth-source-pass-extra-query-keywords--netrc-host () + (ert-with-temp-file netrc-file + :text "\ +machine libera.chat password a +machine Libera.Chat password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "Libera.Chat" :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '((:host "Libera.Chat" :secret "b"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--host () + (auth-source-pass--with-store '(("libera.chat" (secret . "a")) + ("Libera.Chat" (secret . "b"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host "Libera.Chat" :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '((:host "Libera.Chat" :secret "b"))))))) + + +;; A retrieved store entry mustn't be nil regardless of whether its +;; path contains port or user components + +(ert-deftest auth-source-pass-extra-query-keywords--baseline () + (let ((auth-source-pass-extra-query-keywords t)) + (auth-source-pass--with-store '(("x.com")) + (auth-source-pass-enable) + (should-not (auth-source-search :host "x.com"))))) + +;; Output port type (int or string) matches that of input parameter + +(ert-deftest auth-source-pass-extra-query-keywords--port-type () + (let ((auth-source-pass-extra-query-keywords t) + (f (lambda (r) (setf (plist-get r :secret) (auth-info-password r)) r))) + (auth-source-pass--with-store '(("x.com:42" (secret . "a"))) + (auth-source-pass-enable) + (should (equal (mapcar f (auth-source-search :host "x.com" :port 42)) + '((:host "x.com" :port 42 :secret "a"))))) + (auth-source-pass--with-store '(("x.com:42" (secret . "a"))) + (auth-source-pass-enable) + (should (equal (mapcar f (auth-source-search :host "x.com" :port "42")) + '((:host "x.com" :port "42" :secret "a"))))))) + +;; The :host search param ordering more heavily influences the output +;; because (h1, u1, p1), (h1, u1, p2), ... (hN, uN, pN); also, exact +;; matches are not given precedence, i.e., matching store items are +;; returned in the order encountered + +;; Note that all trailing /user forms are demoted for the sake of +;; predictability, and so are quasi-deprecated. This means that, in +;; the following test, /bar is shunted off to limbo, followed by /foo, +;; but they both retain priority over "gnu.org", as noted above. + +(ert-deftest auth-source-pass-extra-query-keywords--hosts-first () + (auth-source-pass--with-store '(("x.com:42/bar" (secret . "a")) + ("gnu.org" (secret . "b")) + ("x.com" (secret . "c")) + ("fake.com" (secret . "d")) + ("x.com/foo" (secret . "e"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host '("x.com" "gnu.org") :max 3))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + ;; Notice gnu.org is never considered ^ + '((:host "x.com" :secret "c") + (:host "x.com" :user "bar" :port "42" :secret "a") + (:host "x.com" :user "foo" :secret "e"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--ambiguous-user-host () + (auth-source-pass--with-store '(("foo.com/bar.org" (secret . "a")) + ("foo.com" (secret . "b")) + ("bar.org" (secret . "c")) + ("fake.com" (secret . "d"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host "bar.org" :max 3))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '((:host "bar.org" :secret "c"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--suffixed-user () + (auth-source-pass--with-store '(("x.com:42/bar" (secret . "a")) + ("bar@x.com" (secret . "b")) + ("x.com" (secret . "?")) + ("bar@y.org" (secret . "c")) + ("fake.com" (secret . "?")) + ("fake.com/bar" (secret . "d")) + ("y.org/bar" (secret . "?")) + ("bar@fake.com" (secret . "e"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host '("x.com" "fake.com" "y.org") + :user "bar" + :require '(:user) :max 5))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '((:host "x.com" :user "bar" :secret "b") + (:host "x.com" :user "bar" :port "42" :secret "a") + (:host "fake.com" :user "bar" :secret "e") + (:host "fake.com" :user "bar" :secret "d") + (:host "y.org" :user "bar" :secret "c"))))))) + (provide 'auth-source-pass-tests) ;;; auth-source-pass-tests.el ends here -- 2.38.1 --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0002-POC-Support-auth-source-pass-in-ERC.patch >From 7a6ee6960ded65dfdec768b094eca8d1883a8f4d Mon Sep 17 00:00:00 2001 From: "F. Jason Park" Date: Sun, 24 Apr 2022 06:20:09 -0700 Subject: [PATCH 2/2] [POC] Support auth-source-pass in ERC * doc/misc/erc.texi: Mention that the auth-source-pass backend is supported. * lisp/erc/erc-compat.el (erc-compat--auth-source-pass-search, erc-compat--auth-source-pass--build-results-many, erc-compat--auth-source-pass--retrieve-parsed, erc-compat--auth-source-pass-packend-parse): Copy some yet unreleased functions from auth-source-pass that mimic the netrc backend. Also add forward declarations to support them. * lisp/erc/erc.el (erc--auth-source-search): Use own auth-source-pass erc-compat backend until 29.1 released. * test/lisp/erc/erc-services-tests.el (erc-join-tests--auth-source-pass-entries): Remove useless items. (erc--auth-source-search--pass-standard, erc--auth-source-search--pass-announced, erc--auth-source-search--pass-overrides): Remove `ert-skip' guard. Bug#58985. --- doc/misc/erc.texi | 3 +- lisp/erc/erc-compat.el | 104 ++++++++++++++++++++++++++++ lisp/erc/erc.el | 7 +- test/lisp/erc/erc-services-tests.el | 3 - 4 files changed, 112 insertions(+), 5 deletions(-) diff --git a/doc/misc/erc.texi b/doc/misc/erc.texi index 3db83197f9..ad35b78f0e 100644 --- a/doc/misc/erc.texi +++ b/doc/misc/erc.texi @@ -861,7 +861,8 @@ Connecting @code{erc-auth-source-search}. It tries to merge relevant contextual parameters with those provided or discovered from the logical connection or the underlying transport. Some auth-source back ends may not be -compatible; netrc, plstore, json, and secrets are currently supported. +compatible; netrc, plstore, json, secrets, and pass are currently +supported. @end defopt @subheading Full name diff --git a/lisp/erc/erc-compat.el b/lisp/erc/erc-compat.el index 03bd8f1352..51bf251026 100644 --- a/lisp/erc/erc-compat.el +++ b/lisp/erc/erc-compat.el @@ -32,6 +32,8 @@ ;;; Code: (require 'compat nil 'noerror) +(eval-when-compile (require 'cl-lib)) + ;;;###autoload(autoload 'erc-define-minor-mode "erc-compat") (define-obsolete-function-alias 'erc-define-minor-mode @@ -168,6 +170,108 @@ erc-compat--with-memoization `(cl--generic-with-memoization ,table ,@forms)) (t `(progn ,@forms)))) +;;;; Auth Source + +(declare-function auth-source-pass--get-attr + "auth-source-pass" (key entry-data)) +(declare-function auth-source-pass--disambiguate + "auth-source-pass" (host &optional user port)) +(declare-function auth-source-backend-parse-parameters + "auth-source-pass" (entry backend)) +(declare-function auth-source-backend "auth-source" (&rest slots)) +(declare-function auth-source-pass-entries "auth-source-pass" nil) +(declare-function auth-source-pass-parse-entry "auth-source-pass" (entry)) + +;; This basically hard codes `auth-source-pass-port-separator' to ":" +(defun erc-compat--auth-source-pass--retrieve-parsed (seen e port-number-p) + (when (string-match (rx (or bot "/") + (or (: (? (group-n 20 (+ (not (in " /@")))) "@") + (group-n 10 (+ (not (in " /:@")))) + (? ":" (group-n 30 (+ (not (in " /:")))))) + (: (group-n 11 (+ (not (in " /:@")))) + (? ":" (group-n 31 (+ (not (in " /:"))))) + (? "/" (group-n 21 (+ (not (in " /:"))))))) + eot) + e) + (puthash e `( :host ,(or (match-string 10 e) (match-string 11 e)) + ,@(if-let* ((tr (match-string 21 e))) + (list :user tr :suffix t) + (list :user (match-string 20 e))) + :port ,(and-let* ((p (or (match-string 30 e) + (match-string 31 e))) + (n (string-to-number p))) + (if (or (zerop n) (not port-number-p)) + (format "%s" p) + n))) + seen))) + +;; This looks bad, but it just inlines `auth-source-pass--find-match-many'. +(defun erc-compat--auth-source-pass--build-result-many + (hosts users ports require max) + "Return a plist of HOSTS, PORTS, USERS, and secret." + (unless (listp hosts) (setq hosts (list hosts))) + (unless (listp users) (setq users (list users))) + (unless (listp ports) (setq ports (list ports))) + (unless max (setq max 1)) + (let ((seen (make-hash-table :test #'equal)) + (entries (auth-source-pass-entries)) + (check (lambda (m k v) + (let ((mv (plist-get m k))) + (if (memq k require) + (and v (equal mv v)) + (or (not v) (not mv) (equal mv v)))))) + out suffixed suffixedp) + (catch 'done + (dolist (host hosts) + (pcase-let ((`(,_ ,u ,p) (auth-source-pass--disambiguate host))) + (unless (or (not (equal "443" p)) (string-prefix-p "https://" host)) + (setq p nil)) + (dolist (user (or users (list u))) + (dolist (port (or ports (list p))) + (dolist (e entries) + (when-let* + ((m (or (gethash e seen) + (erc-compat--auth-source-pass--retrieve-parsed + seen e (integerp port)))) + ((equal host (plist-get m :host))) + ((funcall check m :port port)) + ((funcall check m :user user)) + (parsed (auth-source-pass-parse-entry e)) + (secret (or (auth-source-pass--get-attr 'secret parsed) + (not (memq :secret require))))) + (push + `( :host ,host ; prefer user-provided :host over h + ,@(and-let* ((u (plist-get m :user))) (list :user u)) + ,@(and-let* ((p (plist-get m :port))) (list :port p)) + ,@(and secret (not (eq secret t)) (list :secret secret))) + (if (setq suffixedp (plist-get m :suffix)) suffixed out)) + (unless suffixedp + (when (or (zerop (cl-decf max)) + (null (setq entries (delete e entries)))) + (throw 'done out))))) + (setq suffixed (nreverse suffixed)) + (while suffixed + (push (pop suffixed) out) + (when (zerop (cl-decf max)) + (throw 'done out)))))))) + (reverse out))) + +(cl-defun erc-compat--auth-source-pass-search + (&rest spec &key host user port require max &allow-other-keys) + ;; From `auth-source-pass-search' + (cl-assert (and host (not (eq host t))) + t "Invalid password-store search: %s %s") + (erc-compat--auth-source-pass--build-result-many host user port require max)) + +(defun erc-compat--auth-source-pass-backend-parse (entry) + (when (eq entry 'password-store) + (auth-source-backend-parse-parameters + entry (auth-source-backend + :source "." + :type 'password-store + :search-function #'erc-compat--auth-source-pass-search)))) + + (provide 'erc-compat) ;;; erc-compat.el ends here diff --git a/lisp/erc/erc.el b/lisp/erc/erc.el index 6b14cf87e2..3769e73041 100644 --- a/lisp/erc/erc.el +++ b/lisp/erc/erc.el @@ -3225,7 +3225,12 @@ erc--auth-source-search the nod. Much the same would happen for entries sharing only a port: the one with host foo would win." (when-let* - ((priority (map-keys defaults)) + ((auth-source-backend-parser-functions + (if (memq 'password-store auth-sources) + (cons #'erc-compat--auth-source-pass-backend-parse + auth-source-backend-parser-functions) + auth-source-backend-parser-functions)) + (priority (map-keys defaults)) (test (lambda (a b) (catch 'done (dolist (key priority) diff --git a/test/lisp/erc/erc-services-tests.el b/test/lisp/erc/erc-services-tests.el index c22d4cf75e..7ff2e36e77 100644 --- a/test/lisp/erc/erc-services-tests.el +++ b/test/lisp/erc/erc-services-tests.el @@ -474,7 +474,6 @@ erc-join-tests--auth-source-pass-entries ("GNU.chat:irc/#chan" (secret . "foo")))) (ert-deftest erc--auth-source-search--pass-standard () - (ert-skip "Pass backend not yet supported") (let ((store erc-join-tests--auth-source-pass-entries) (auth-sources '(password-store)) (auth-source-do-cache nil)) @@ -487,7 +486,6 @@ erc--auth-source-search--pass-standard (erc-services-tests--auth-source-standard #'erc-auth-source-search)))) (ert-deftest erc--auth-source-search--pass-announced () - (ert-skip "Pass backend not yet supported") (let ((store erc-join-tests--auth-source-pass-entries) (auth-sources '(password-store)) (auth-source-do-cache nil)) @@ -500,7 +498,6 @@ erc--auth-source-search--pass-announced (erc-services-tests--auth-source-announced #'erc-auth-source-search)))) (ert-deftest erc--auth-source-search--pass-overrides () - (ert-skip "Pass backend not yet supported") (let ((store `(,@erc-join-tests--auth-source-pass-entries ("GNU.chat:6697/#chan" (secret . "spam")) -- 2.38.1 --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Mon Nov 14 13:27:49 2022 Received: (at 58985) by debbugs.gnu.org; 14 Nov 2022 18:27:49 +0000 Received: from localhost ([127.0.0.1]:50858 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oueBQ-0001K0-Gn for submit@debbugs.gnu.org; Mon, 14 Nov 2022 13:27:48 -0500 Received: from knopi.disroot.org ([178.21.23.139]:34572) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oueBO-0001Jr-4U for 58985@debbugs.gnu.org; Mon, 14 Nov 2022 13:27:47 -0500 Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id A20F84121E; Mon, 14 Nov 2022 19:27:44 +0100 (CET) X-Virus-Scanned: SPAM Filter at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CeN0ERMqxdkB; Mon, 14 Nov 2022 19:27:43 +0100 (CET) From: Akib Azmain Turja DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1668450463; bh=5HR2xGk1A2H+/uzbJdJSR9P5RvJ83OzBSRj5XRi+SFA=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=JfzTsuWl/Z+A6WI7A8MPpim2xHW4w5kiwD5AlvMQbkP/lkEF0f/+M6DI5v5/HkKg7 COuMcbEjCRcmmu43UPREgyUFsgfNnnU0yXEAhWO1NbLq6jCVxbmVi/X+dDAsVSGFhe kFzSCXkGdoGaYW5hAd3F5AolYQC0ZncxczZ+/1GKneepEp4BmabHyXNYJa4nu8u2b7 /yhKk3CCo6RoMXpuC7luzgGeoGhL84Pa+nFudf9NKMPphbmvoO0iRIK1N9gAaymSM2 vRT6Tvrrmhv+Aqh7GkOmLhTOjZIWPjNzhe1Buxq0ORFk+JGxLAF60SMbWNt1d/r/lX DjeZd9BVYN76Q== To: "J.P." Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <877czxlgd4.fsf@neverwas.me> (J. P.'s message of "Mon, 14 Nov 2022 07:12:39 -0800") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> <878rkjl1vd.fsf@disroot.org> <877d026uym.fsf@neverwas.me> <87tu35eehq.fsf@disroot.org> <87bkpcu74w.fsf@neverwas.me> <875yfkdwlm.fsf@disroot.org> <874jv3nwmc.fsf@disroot.org> <875yfiq3d8.fsf@neverwas.me> <87mt8uvxkp.fsf@disroot.org> <877czxlgd4.fsf@neverwas.me> Date: Mon, 14 Nov 2022 23:49:37 +0600 Message-ID: <87edu5toi6.fsf@disroot.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: Damien Cassou , =?utf-8?Q?Bj=C3=B6rn?= Bidar , emacs-erc@gnu.org, Michael Albinus , 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable "J.P." writes: > Akib Azmain Turja writes: > >> "J.P." writes: >> >>> You mentioned previously some potentially surprising ambiguities >>> surrounding the trailing /user syntax. If any realistic scenarios >>> present themselves, perhaps we can try to improve the situation if it's >>> not too far out of scope (or just document the behavior, maybe in a unit >>> test). Thanks again. >> >> I think it's good enough to install on master. Then more people can >> test and report about it. >> >> However, observed some behavior of the new code, here are my findings: >> >> The new searching code seems to prefer "HOST/USER" over "USER@HOST". > > That's the effect, right. I think `directory-files-recursively' > basically determines the ordering in which the entries are considered. > >> I created the password store entry "foo.com/bar.org". Then I evaluated: >> (warning: manually typed with hands) >> >> (auth-source-search :host "bar.org") >> ;; =3D> nil >> >> (auth-source-search :host "foo.com") >> ;; =3D> ((:host "foo.com" :user "bar.org" :secret ...)) >> >> I created another entry "bar.org@foo.com". But it returns the password >> in "foo.com/bar.org". >> >> I deleted "foo.com/bar.org", now it return the password of >> "bar.org@foo.com". >> >> I created "foo.com/bar.org" again, and "foo.com/bar.org" is preferred >> again. >> >> I suggest to prefer the "@" syntax over "/user" syntax. > > I have tried tweaking things in that direction. But as far as > deprecating the /user form officially: that seems more like a group > decision. And then there's the question of how to express such a policy. > Should we emit a warning? At the very least, it would need to be > documented somewhere. No, I didn't say to deprecate that syntax, the syntax makes much sense. I'm suggesting to return "USER@HOST" if both "USER@HOST" and "HOST/USER" are present, because the former makes more sense. > > Anyway, this is useful analysis. Thanks again for all your help. > > > > When are you going to install this? It's definitely an improvement over the one in master, and doesn't have any problems to block it. Installing it will also expose it to more users to the change, so this will get even more testing. =2D-=20 Akib Azmain Turja, GPG key: 70018CE5819F17A3BBA666AFE74F0EFA922AE7F5 Fediverse: akib@hostux.social Codeberg: akib emailselfdefense.fsf.org | "Nothing can be secure without encryption." --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEyVTKmrtL6kNBe3FRVTX89U2IYWsFAmNyf7EACgkQVTX89U2I YWsJzRAApOKINyFhf1byr1qIOueTNcA5bBcHoJFVFQLmlJbXdpYOwHWwvcD36fsI X/tbft716CY6x262IXRmC0Yp2V7uiGsPVm+uy9eMTBVeLAYxbpcXY46StKzewORU PcSQLi4L8w9AqTcdoVSf6t50eYipDpY6zP9YgwdvdxKoiW4I2HvlgLtwxwsWLXPU TxZOjRAu9YUHPpf924Ckk/fpfy5phFgcl4ZLJLB9ksX0l8YJnL8NI5gsRqg98HV3 LwUPObuZpM7cwXxXaVa97Gvc3MfJhSZNFXxB4NzxyzGZELvizNssAFAlzrgeKEtj Dk1RfI5bqJKMiBkYoqiqdfNqtCgkf+jb0n29ITPvjGveJ1NP168I1RCtuMGO2FKa XJ0S7FBleACnwDrOPPQVdMwQH5livc9pdRYo20gKCc6WF4ZLSxwu0a4leAfDTFwv xMP4OIkg+WV4J1mrxDLpgnHdc1jl2Gx5mOD8m8oTWXuWjp433UNv0QeaEK9bmSrI BSbmmpg8c31wbl7J9bBp2KxYlKznz9Oej9bv0LQlDtRujSLEo1NK2oBTJLjzNKPG tvSIqUw2mBFixHCenh6NqrKupUp/61o10B5zNdM3tgLUtNTUbnzCh/s8hUGoSz1S 3WVKJ63zEEzLGT13hlw3FHt10wqJ3qeOWm/9MSLKZGyIRXwE/T4= =D88P -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Mon Nov 14 22:32:49 2022 Received: (at 58985) by debbugs.gnu.org; 15 Nov 2022 03:32:50 +0000 Received: from localhost ([127.0.0.1]:52442 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oumgr-0007Ay-I5 for submit@debbugs.gnu.org; Mon, 14 Nov 2022 22:32:49 -0500 Received: from mail-108-mta186.mxroute.com ([136.175.108.186]:39675) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oumgq-0007Al-Jw for 58985@debbugs.gnu.org; Mon, 14 Nov 2022 22:32:49 -0500 Received: from mail-111-mta2.mxroute.com ([136.175.111.2] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta186.mxroute.com (ZoneMTA) with ESMTPSA id 184795899c10006e99.002 for <58985@debbugs.gnu.org> (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Tue, 15 Nov 2022 03:32:40 +0000 X-Zone-Loop: 9700a4dabcedb94725e15624755049abedd137a8b411 X-Originating-IP: [136.175.111.2] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neverwas.me ; s=x; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date: References:In-Reply-To:Subject:Cc:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=uCbAlc1mP23bwHoCmNctt7oaoBPkilqTeBejXwfZnVA=; b=VUoaR91bPJ+RpkM1qQn0H1bY6D nUC5N3tVpoPHOSzeTvoSFUO/lEjxY/DuK0o7KHTf8ha27VHhw8RGQhisrJGoePt4ug1qWuQR4l0f4 O5OB0DCMdhjWeLFkrGD+hoDRDFNTjhSd8NoRM7F1MzcNquQeyWw09UpXVUzaCYMln7Yhc4HnVUMUl yvR/+MpOQwBXz7X1JVGWwYsY+yRKoakezTdGn6zcAaFzCs/JcIt+lceFQOf8KGqdahIp8PlFIdrqt Q91wPVloRHbjJPdbeZNMmT0tCFTamXFdiGf74kiWTF8TFadG2NDcAXRjQH/bXMBLZshuCFjQhdupW n2hrzOsA==; From: "J.P." To: Akib Azmain Turja Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <87edu5toi6.fsf@disroot.org> (Akib Azmain Turja's message of "Mon, 14 Nov 2022 23:49:37 +0600") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> <878rkjl1vd.fsf@disroot.org> <877d026uym.fsf@neverwas.me> <87tu35eehq.fsf@disroot.org> <87bkpcu74w.fsf@neverwas.me> <875yfkdwlm.fsf@disroot.org> <874jv3nwmc.fsf@disroot.org> <875yfiq3d8.fsf@neverwas.me> <87mt8uvxkp.fsf@disroot.org> <877czxlgd4.fsf@neverwas.me> <87edu5toi6.fsf@disroot.org> Date: Mon, 14 Nov 2022 19:32:37 -0800 Message-ID: <87a64s99ka.fsf@neverwas.me> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Authenticated-Id: masked@neverwas.me X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: Damien Cassou , =?utf-8?Q?Bj=C3=B6rn?= Bidar , emacs-erc@gnu.org, Michael Albinus , 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Akib Azmain Turja writes: >>> I suggest to prefer the "@" syntax over "/user" syntax. >> >> I have tried tweaking things in that direction. But as far as >> deprecating the /user form officially: that seems more like a group >> decision. And then there's the question of how to express such a policy. >> Should we emit a warning? At the very least, it would need to be >> documented somewhere. > > No, I didn't say to deprecate that syntax, the syntax makes much sense. Oh, well then pardon my inferring that. But without deprecation, we'd need to somehow "encode" the @-wins behavior into the interface with documentation and tests, which is usually more complex than it first appears. Otherwise, we can just treat @ favoritism as an implementation detail not subject to preservation come some future rewrite or major overhaul. As things stand, this patch mostly takes the latter approach (tests aside). > I'm suggesting to return "USER@HOST" if both "USER@HOST" and "HOST/USER" > are present, because the former makes more sense. Right, I guess you didn't bother trying out the latest changes attached to my previous email, which is fine. The thing I'd like to stress here (mainly for posterity) is that the degree to which we demote/defer candidates of the / form is deliberate. The way I have things now gives search order primacy over @-vs-/ contention, meaning a search tree like h g / @ / @ 1 2 1 2 1 2 1 2 and params like :host '("h" "g") :port 2 :max 5 gives @h:2, h:2/, @g:2, g:2/ whereas full demotion (not implemented) would yield @h:2, @g:2, h:2/, g:2/ IOW, if you omit the :port 2 part, you currently get @h:1, @h:2, h:1/, h:2/, @g:1 which is likewise expected. Basically, the current search strategy adheres more closely to how the other back ends operate and is thus preferred. >> Anyway, this is useful analysis. Thanks again for all your help. > > When are you going to install this? It's definitely an improvement over > the one in master, and doesn't have any problems to block it. > Installing it will also expose it to more users to the change, so this > will get even more testing. I am willing to install this but am not really comfortable enabling it by default unless the maintainers of the downstream packages (Cc. Bj=C3=B6r= n) can promise to report any problems while Emacs 29.1 is still unreleased. Without such a pledge, I'm inclined to just leave it disabled. Thanks. From debbugs-submit-bounces@debbugs.gnu.org Mon Nov 14 22:45:23 2022 Received: (at 58985) by debbugs.gnu.org; 15 Nov 2022 03:45:23 +0000 Received: from localhost ([127.0.0.1]:52455 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oumt1-0007Uk-HP for submit@debbugs.gnu.org; Mon, 14 Nov 2022 22:45:23 -0500 Received: from mail-108-mta109.mxroute.com ([136.175.108.109]:35043) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oumsz-0007US-66 for 58985@debbugs.gnu.org; Mon, 14 Nov 2022 22:45:21 -0500 Received: from mail-111-mta2.mxroute.com ([136.175.111.2] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta109.mxroute.com (ZoneMTA) with ESMTPSA id 18479641c470006e99.002 for <58985@debbugs.gnu.org> (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Tue, 15 Nov 2022 03:45:14 +0000 X-Zone-Loop: 466578b3d36df7309158a30074c9c8764c81db5211c5 X-Originating-IP: [136.175.111.2] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neverwas.me ; s=x; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date: References:In-Reply-To:Subject:Cc:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=oMOmBuOLaxzVuD2qcIXMxly0og2PyRC7qB9rAAB+0kg=; b=BHrKJNvpUP6MqzSq9d0uwIDahy oKLCoQA9AMZgWSxJ8JD8n0ThEwsJ/H/NeuJgBr4Hwe3kY/o5gUPphLHNyvPK/1k3liXcq1XgqfNkh zU9n8OYBpDH/8cey1gMFK1YCABsW0Qh0WGg4xBL6PJ/RQ+zlIXMIvT/qXVVue+SRMJ5oFbkWpKv/6 rcJORxM2eGJ/p+zY+tcWB6slVJ0Gf4OxjnwRItgo3e/RztjIt4j+wvjgNUX4JmJtSBoK54PLLmny4 JF6rIg2A6PipSNDjLzpvfgNB452XN6xCEhj1mn3l6kYagQ5zJV1dHyX0BjF6fVRhV7QHOJ6nmkvYX NXiL9Vew==; From: "J.P." To: =?utf-8?Q?Bj=C3=B6rn?= Bidar Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <87pmduc1pz.fsf@neverwas.me> (J. P.'s message of "Thu, 10 Nov 2022 06:40:08 -0800") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> <874jvbnje1.fsf@gmx.de> <875yfpmtwb.fsf__40235.4477484309$1667915906$gmane$org@neverwas.me> <87o7tfiqws.fsf@thaodan.de> <875yfnnzy6.fsf@neverwas.me> <87cz9vhqqq.fsf@thaodan.de> <87pmduc1pz.fsf@neverwas.me> Date: Mon, 14 Nov 2022 19:45:11 -0800 Message-ID: <87k03w7uew.fsf@neverwas.me> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Authenticated-Id: masked@neverwas.me X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: Damien Cassou , emacs-erc@gnu.org, Michael Albinus , Akib Azmain Turja , 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Bj=C3=B6rn, "J.P." writes: > Bj=C3=B6rn Bidar writes: > >> "J.P." writes: >> >>> From this I'll infer that the current implementation of auth-source-pass >>> does that sufficiently. If that's so and the changes I'm proposing >>> threaten to interfere with that, what's your opinion on the default >>> value of a knob to toggle the new behavior? >> >> Hm it depends if there are any backends that workaround that old behavio= r. >> From what I see the only difference really is that you can specify >> require and max. > > There are actually a few subtle areas where the behavior between old and > new differs and maybe one or two slightly unintuitive gotchas for folks > unfamiliar with how the other back ends operate. If you're curious, > there's a series of side-by-side comparisons added by the first patch > toward the bottom of > > test/lisp/auth-source-pass-tests.el > > Please let me know if you have any questions. I should have expressed this more clearly sooner, but I was hoping to solicit a vote from you as to whether to enable the new, more "standardized" behavior by default. If you choose to abstain, would you at least commit to trying it out before 29.1 is fully released and raising any issues that might arise as a consequence of whatever default we go with? This would allow us (me, hopefully) to fix or revert the changes if necessary. Thanks, J.P. From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 18 09:14:18 2022 Received: (at 58985-done) by debbugs.gnu.org; 18 Nov 2022 14:14:18 +0000 Received: from localhost ([127.0.0.1]:35910 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ow28I-0000hz-0L for submit@debbugs.gnu.org; Fri, 18 Nov 2022 09:14:18 -0500 Received: from mail-108-mta124.mxroute.com ([136.175.108.124]:45565) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ow28F-0000hm-C4 for 58985-done@debbugs.gnu.org; Fri, 18 Nov 2022 09:14:16 -0500 Received: from mail-111-mta2.mxroute.com ([136.175.111.2] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta124.mxroute.com (ZoneMTA) with ESMTPSA id 1848b16ef8a0006e99.002 for <58985-done@debbugs.gnu.org> (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Fri, 18 Nov 2022 14:14:06 +0000 X-Zone-Loop: 0e1ab4827130853eef2adb484119341b18de5b6fe654 X-Originating-IP: [136.175.111.2] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neverwas.me ; s=x; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date: References:In-Reply-To:Subject:Cc:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=/Xt67CunMyqy7qHAZ+YpKFuLNCQbghz5XocvwV/emcg=; b=LpuwCnOwjQXp6JhBLtKFSdmlMw aVo7zh786aJahrFWrA8U16rhT5Q0AjsbqVrPYgAPLrceKQzBw+pJW1E4QDZVw0jKngOiAZxLFzJpG iQmLolbT+YzvfsuwIP77tLUJ/gRfTtlaesfZ47HyR1XEoGS+Na9qfDFl/p4K6NomaGmnY7p6a/6si kUjI3afCVZxD5WDFcBC0ZQjkhz8VZACUTcYBNL4M5lbjVymUrMR4pGTTIEui73pvxEzwApPUvM7hH 34MmUjLf6D+JlPIASFCKLaniKJOZ2HaLmrl+geExfsQc+PxVJzC9Mi1aMS3fiTbv9DhiREH7ktSNo d53A19DQ==; From: "J.P." To: 58985-done@debbugs.gnu.org Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <87a64s99ka.fsf@neverwas.me> (J. P.'s message of "Mon, 14 Nov 2022 19:32:37 -0800") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> <878rkjl1vd.fsf@disroot.org> <877d026uym.fsf@neverwas.me> <87tu35eehq.fsf@disroot.org> <87bkpcu74w.fsf@neverwas.me> <875yfkdwlm.fsf@disroot.org> <874jv3nwmc.fsf@disroot.org> <875yfiq3d8.fsf@neverwas.me> <87mt8uvxkp.fsf@disroot.org> <877czxlgd4.fsf@neverwas.me> <87edu5toi6.fsf@disroot.org> <87a64s99ka.fsf@neverwas.me> Date: Fri, 18 Nov 2022 06:14:03 -0800 Message-ID: <87bkp4z6xg.fsf@neverwas.me> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Authenticated-Id: masked@neverwas.me X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985-done Cc: Damien Cassou , =?utf-8?Q?Bj=C3=B6rn?= Bidar , emacs-erc@gnu.org, Michael Albinus , Akib Azmain Turja X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) "J.P." writes: >> When are you going to install this? It's definitely an improvement over >> the one in master, and doesn't have any problems to block it. >> Installing it will also expose it to more users to the change, so this >> will get even more testing. > > I am willing to install this but am not really comfortable enabling it > by default unless the maintainers of the downstream packages (Cc. Bj=C3= =B6rn) > can promise to report any problems while Emacs 29.1 is still unreleased. > Without such a pledge, I'm inclined to just leave it disabled. Thanks. Because I am easily swayed (or maybe just a liar), I've gone ahead and enabled it by default [1]. I've also informed Nicolas Petton of the change. I guess Bj=C3=B6rn was too busy or annoyed by my pestering to keep up, which is understandable. Thanks, everyone, for your help with this (especially Akib, who I pray will consider contributing to ERC in the future). And please remember to complain if you encounter any related ugliness. In the meantime, I am closing this bug. [1] https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=3D2cf9e699 From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 18 19:35:26 2022 Received: (at 58985) by debbugs.gnu.org; 19 Nov 2022 00:35:27 +0000 Received: from localhost ([127.0.0.1]:38536 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1owBpO-0004Zp-Iu for submit@debbugs.gnu.org; Fri, 18 Nov 2022 19:35:26 -0500 Received: from mail-108-mta149.mxroute.com ([136.175.108.149]:37831) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1owBpK-0004Zb-Lx for 58985@debbugs.gnu.org; Fri, 18 Nov 2022 19:35:25 -0500 Received: from mail-111-mta2.mxroute.com ([136.175.111.2] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta149.mxroute.com (ZoneMTA) with ESMTPSA id 1848d4f8ffd0006e99.001 for <58985@debbugs.gnu.org> (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Sat, 19 Nov 2022 00:35:12 +0000 X-Zone-Loop: c158e47de9c391e2511b41c4661bd0d1a0df8b5f40f4 X-Originating-IP: [136.175.111.2] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neverwas.me ; s=x; h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To: Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=2zEngZNdrqEVIGgyRRgymuHIc8FaJ/6kP+94PkYHseQ=; b=dcJCBSh79tellY0YxYvo8hoeNc hPBRc3xIj/xIwMIHYJxFkAYSunadv5Tdpt4iZnLR3JQu45hnYBIwR0eqejOuaFA/YSfE/Uq/hRVdc EE+6nJ+BxuvKaEL0N1DrHQSDL3E49/vRPbIlPGcoPmo/w4csW2A270pNzzRJBm2CbfecHmvxnhWlO OgCgztHhj+sblTeku3m1Ev1sKDu1x+zDpGncgDEPSFz7/jwLcvbp7dW7zLTB+vE8Mx7xMBnUtjf1f aB5lvVVXNRViPla3od3hZAIIJUaG7TnFjyysbI0X3gCFHcCwxYqHKrGlk59q6JSIPgZaOpLF7Ncpe f+1trfUw==; From: "J.P." To: Kai Tetzlaff Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <8735af6e1b.fsf@tetzco.de> (Kai Tetzlaff's message of "Sat, 19 Nov 2022 00:25:36 +0100") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> <878rkjl1vd.fsf@disroot.org> <877d026uym.fsf@neverwas.me> <87tu35eehq.fsf@disroot.org> <87bkpcu74w.fsf@neverwas.me> <875yfkdwlm.fsf@disroot.org> <874jv3nwmc.fsf@disroot.org> <875yfiq3d8.fsf@neverwas.me> <87mt8uvxkp.fsf@disroot.org> <877czxlgd4.fsf@neverwas.me> <87edu5toi6.fsf@disroot.org> <87a64s99ka.fsf@neverwas.me> <87bkp4z6xg.fsf__44191.716185172$1668780942$gmane$org@neverwas.me> <8735af6e1b.fsf@tetzco.de> Date: Fri, 18 Nov 2022 16:35:09 -0800 Message-ID: <87v8nbwzlu.fsf@neverwas.me> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Authenticated-Id: masked@neverwas.me X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Kai, Kai Tetzlaff writes: > This change breaks my use of `auth-source-pass' in gnus. Thanks a lot for reporting this. And sorry about the breakage. > I haven't had time to investigate the issue but what I can already say > is that the problem occurs independent of the value of > `auth-source-pass-extra-query-keywords' (`t' or `nil'). So the > change is not backward compatible. It would (at least) be nice to > mention this in the NEWS entry. I'd rather not settle for "at least" if we can help it. If the user option doesn't preserve existing behavior, that's a bug that needs fixing. The traditional and new code paths diverge in `auth-source-pass-search', so without a backtrace, we should start there. (Obviously, a full backtrace would be ideal, but I understand completely if you're not willing to surrender one.) First off, can you try reverting the changes to that function alone? Just eval'ing a modified version in place, without the extra `cond' clause and the two keywords, :max and :require, should do it. If that doesn't tell us anything (and only if you're up for it) you could trace the function and tell me what the inputs were (obviously after swapping out any sensitive info). A mini example of your ~/.password-store layout might also be helpful. According to etc/AUTHORS, you're likely much better acquainted with Emacs than I (2009!). So, please adjust the above recommendations accordingly and, if possible, apply some of that experience to helping fix this bug. And apologies again for the disruption. Thanks, J.P. From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 18 22:39:21 2022 Received: (at 58985) by debbugs.gnu.org; 19 Nov 2022 03:39:21 +0000 Received: from localhost ([127.0.0.1]:38632 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1owEhM-0000ag-SD for submit@debbugs.gnu.org; Fri, 18 Nov 2022 22:39:21 -0500 Received: from mail-108-mta72.mxroute.com ([136.175.108.72]:43823) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1owEhH-0000aQ-P5 for 58985@debbugs.gnu.org; Fri, 18 Nov 2022 22:39:19 -0500 Received: from mail-111-mta2.mxroute.com ([136.175.111.2] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta72.mxroute.com (ZoneMTA) with ESMTPSA id 1848df7eb410006e99.001 for <58985@debbugs.gnu.org> (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Sat, 19 Nov 2022 03:39:05 +0000 X-Zone-Loop: cac8c0a0f9cc1abdd8c1d12696468942973a8824fdcb X-Originating-IP: [136.175.111.2] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neverwas.me ; s=x; h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To: Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=dZ11tY3KdJ1DDDCy+vwwbSxxKDm9pUXGRdoyjwJfY2o=; b=SyY1K+ti5gkb4/LYVhNUYJ5l3A fwE+h4q4rBKD4bPCP26P1KBTPo/ZsUvrLGK2ZmGMLdVF4RgBEOCqtWluyjOYS8zNbWiIyT/fYRl4Y XNL7IHHT8Erzpjj6RdssFJuGsp5+FLhn3Cdhb2Ucj4gVKLidXXdV8Ik8eReruc7iGVZL7MBS/LeMF su6k4vJrahRexJldV1fgFPnrcfoUSY+vtPCkFP0BQNADfp86oD8OCOGGvlQjs29Z0BrOG/OBhbnvW 5Serpg7/QvHTaDnRL0H1XLTiS4LlM25+OdrsPQehnxlURZxRjag4BYQ54U+Q7Ye9+qtQA/xHVBiqu 02dzndIw==; From: "J.P." To: Kai Tetzlaff Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <875yfb4uyo.fsf@tetzco.de> (Kai Tetzlaff's message of "Sat, 19 Nov 2022 02:02:55 +0100") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> <878rkjl1vd.fsf@disroot.org> <877d026uym.fsf@neverwas.me> <87tu35eehq.fsf@disroot.org> <87bkpcu74w.fsf@neverwas.me> <875yfkdwlm.fsf@disroot.org> <874jv3nwmc.fsf@disroot.org> <875yfiq3d8.fsf@neverwas.me> <87mt8uvxkp.fsf@disroot.org> <877czxlgd4.fsf@neverwas.me> <87edu5toi6.fsf@disroot.org> <87a64s99ka.fsf@neverwas.me> <87bkp4z6xg.fsf__44191.716185172$1668780942$gmane$org@neverwas.me> <8735af6e1b.fsf@tetzco.de> <87v8nbwzlu.fsf@neverwas.me> <875yfb4uyo.fsf@tetzco.de> Date: Fri, 18 Nov 2022 19:39:02 -0800 Message-ID: <87zgcnvcix.fsf@neverwas.me> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Authenticated-Id: masked@neverwas.me X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Kai Tetzlaff writes: > I've done some further checks and now it seems that setting > `auth-source-pass-extra-query-keywords' to `nil' in a new emacs session > does indeed fix the issue (maybe `auth-source' caching of the negative > lookup caused my initial breakage to persist even after changing > `auth-source-pass-extra-query-keywords'). Ah, right, the cache (gets me every time). BTW, it's probably still worth mentioning the incompatibility in NEWS and the docs. > The lookup which fails with the new code is for the following > parameters: > > auth-source-search: found 0 results (max 1) matching > (:max 1 > :host ("news6.open-news-network.org" "onn6") > :port ("119" "nntp" "nntp" "563" "nntps" "snews")) > > My password store contains an entry for 'nntp/open-news-network.org'. I > don't use the full hostname since the open news network has multiple > servers (news1/2/3/4...) with the same domain name. > > Right now I don't have time for a more detailed analysis. But I will > (hopefully) get back to it during the weekend. Wow, thanks, this is really helpful. Based on that, I'm pretty sure what's going on. Basically, the new behavior is geared toward blindly replicating that of the other back ends, warts and all. But that means some handy pass-specific features, like subdomain matching, are notably absent. I've attached a demo patch that better illustrates this. My main question for you is: do you think we ought to change the default for `auth-source-pass-extra-query-keywords' to nil? What about additionally demoting it from an option to a public variable intended solely for use by dependent libraries instead of end users? --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-POC-Allow-subdomain-matching-in-auth-source-pass-fin.patch >From 22f0e5001fe42d095285c27ec903bd074fdb0d57 Mon Sep 17 00:00:00 2001 From: "F. Jason Park" Date: Fri, 18 Nov 2022 19:14:30 -0800 Subject: [PATCH] [POC] Allow subdomain matching in auth-source-pass--find-match-many * doc/misc/auth.texi: Mention incompatible domain-matching behavior in `auth-source-pass-extra-query-keywords' section. * etc/NEWS: Mention incompatible behavior in `auth-source-pass-extra-query-keywords' section. * lisp/auth-source-pass.el (auth-source-pass-extra-query-keywords): Mention lack of subdomain matching in doc string. (auth-source-pass--match-host, auth-source-pass--match-host-function): Add alternate subdomain matching function and internal variable to demo backwards compatibility. The latter could be made non-internal and offered as an opt-in for third-party libraries. (auth-source-pass--find-match-many): Call `auth-source-pass--match-host-function' to handle host matching. * test/lisp/auth-source-pass-tests.el: FIXME Add ephemeral tests. --- doc/misc/auth.texi | 11 ++--- etc/NEWS | 3 +- lisp/auth-source-pass.el | 17 ++++++-- test/lisp/auth-source-pass-tests.el | 68 +++++++++++++++++++++++++++++ 4 files changed, 90 insertions(+), 9 deletions(-) diff --git a/doc/misc/auth.texi b/doc/misc/auth.texi index 872e5f88f5..cd8efd8607 100644 --- a/doc/misc/auth.texi +++ b/doc/misc/auth.texi @@ -560,11 +560,12 @@ The Unix password store param was provided. In general, if you prefer idiosyncrasies traditionally exhibited by -this backend, such as prioritizing field count in a filename, try -setting this option to @code{nil}. But, if you experience problems -predicting the outcome of searches relative to other auth-source -backends or encounter code expecting to query multiple backends -uniformly, try flipping it back to @code{t} (the default). +this backend, such as prioritizing field count in a filename or +matching against subdomain labels, try setting this option to +@code{nil}. But, if you experience problems predicting the outcome of +searches relative to other auth-source backends or encounter code +expecting to query multiple backends uniformly, try flipping it back +to @code{t} (the default). @end defvar @node Help for developers diff --git a/etc/NEWS b/etc/NEWS index 8a34afe8d2..73c848c033 100644 --- a/etc/NEWS +++ b/etc/NEWS @@ -1407,7 +1407,8 @@ database stored on disk. *** New user option 'auth-source-pass-extra-query-keywords'. Whether to recognize additional keyword params, like ':max' and ':require', as well as accept lists of query terms paired with -applicable keywords. +applicable keywords. This disables most known search behavior unique +to auth-source-pass, such as wildcard subdomain matching. ** Dired diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el index dc274843e1..d0b7acb931 100644 --- a/lisp/auth-source-pass.el +++ b/lisp/auth-source-pass.el @@ -59,8 +59,9 @@ auth-source-pass-extra-query-keywords "Whether to consider additional keywords when performing a query. Specifically, when the value is t, recognize the `:max' and `:require' keywords and accept lists of query parameters for -certain keywords, such as `:host' and `:user'. Also, wrap all -returned secrets in a function and forgo any further results +certain keywords, such as `:host' and `:user'. Beyond that, wrap +all returned secrets in a function and don't bother considering +subdomains when matching hosts. Also, forgo any further results filtering unless given an applicable `:require' argument. When this option is nil, do none of that, and enact the narrowing behavior described toward the bottom of the Info node `(auth) The @@ -276,6 +277,15 @@ auth-source-pass--match-parts (and value (equal mv value)) (or (not value) (not mv) (equal mv value))))) +(defun auth-source-pass--match-host (search-param matched-path) + (pcase search-param + ((rx "." (+ (not ".")) "." (>= 2 alpha) eot) + (string-suffix-p matched-path search-param)) + (_ (equal matched-path search-param)))) + +(defvar auth-source-pass--match-host-function #'equal + "An escape hatch for alternate host-matching behavior.") + (defun auth-source-pass--find-match-many (hosts users ports require max) "Return plists for valid combinations of HOSTS, USERS, PORTS." (let ((seen (make-hash-table :test #'equal)) @@ -292,7 +302,8 @@ auth-source-pass--find-match-many (when-let* ((m (or (gethash e seen) (auth-source-pass--retrieve-parsed seen e (integerp port)))) - ((equal host (plist-get m :host))) + ((funcall auth-source-pass--match-host-function + host (plist-get m :host))) ((auth-source-pass--match-parts m :port port require)) ((auth-source-pass--match-parts m :user user require)) (parsed (auth-source-pass-parse-entry e)) diff --git a/test/lisp/auth-source-pass-tests.el b/test/lisp/auth-source-pass-tests.el index 8bcb2739bb..dd694c72f6 100644 --- a/test/lisp/auth-source-pass-tests.el +++ b/test/lisp/auth-source-pass-tests.el @@ -751,6 +751,74 @@ auth-source-pass-extra-query-keywords--user-priorities (:host "g" :user "u" :port 2 :secret "@") ; ** (:host "g" :user "u" :port 2 :secret "/")))))))) +;; Kai demo (delete) + +;; The netrc backend is does not consider subdomains + +(ert-deftest auth-source-pass-extra-query-keywords--subdomain-miss-netrc () + (ert-with-temp-file netrc-file + :text "\ +machine open-news-network.org password a +machine onn6 port nope password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search + :max 1 + :host '("news6.open-news-network.org" "onn6") + :port '("119" "nntp" "nntp" "563" "nntps" "snews")))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should-not results)))) + +;; And neither do we, when `auth-source-pass-extra-query-keywords' is t + +(ert-deftest auth-source-pass-extra-query-keywords--subdomain-miss () + (auth-source-pass--with-store '(("open-news-network.org" (secret . "a")) + ("onn6:nope" (secret . "b"))) + (auth-source-pass-enable) + (let ((auth-source-pass-extra-query-keywords t)) + (should-not (auth-source-search + :max 1 + :host '("news6.open-news-network.org" "onn6") + :port '("119" "nntp" "nntp" "563" "nntps" "snews")))))) + +;; But we could offer optional legacy matching behavior + +(ert-deftest auth-source-pass-extra-query-keywords--subdomain-compat-hit () + (auth-source-pass--with-store '(("open-news-network.org" (secret . "a")) + ("onn6:nope" (secret . "b"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (auth-source-pass--match-host-function #'auth-source-pass--match-host) + (results (auth-source-search + :max 1 + :host '("news6.open-news-network.org" "onn6") + :port '("119" "nntp" "nntp" "563" "nntps" "snews")))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '((:host "news6.open-news-network.org" :secret "a"))))))) + +;; Traditional behavior when `auth-source-pass-extra-query-keywords' is nil + +(ert-deftest auth-source-pass-extra-query-keywords--nil--subdomain-hit () + (auth-source-pass--with-store '(("open-news-network.org" (secret . "a")) + ("onn6:nope" (secret . "b"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords nil) + (results (auth-source-search + :max 1 + :host '("news6.open-news-network.org" "onn6") + :port '("119" "nntp" "nntp" "563" "nntps" "snews")))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '(( :host "news6.open-news-network.org" + :port ("119" "nntp" "nntp" "563" "nntps" "snews") + :user nil + :secret "a"))))))) + (provide 'auth-source-pass-tests) ;;; auth-source-pass-tests.el ends here -- 2.38.1 --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 18 23:08:32 2022 Received: (at 58985) by debbugs.gnu.org; 19 Nov 2022 04:08:32 +0000 Received: from localhost ([127.0.0.1]:38653 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1owF9b-0001LH-C5 for submit@debbugs.gnu.org; Fri, 18 Nov 2022 23:08:32 -0500 Received: from mail-108-mta182.mxroute.com ([136.175.108.182]:46723) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1owF9X-0001L3-Hf for 58985@debbugs.gnu.org; Fri, 18 Nov 2022 23:08:29 -0500 Received: from mail-111-mta2.mxroute.com ([136.175.111.2] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta182.mxroute.com (ZoneMTA) with ESMTPSA id 1848e12b39c0006e99.001 for <58985@debbugs.gnu.org> (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Sat, 19 Nov 2022 04:08:21 +0000 X-Zone-Loop: 0af674656a22d832e76aad9ae3d2ed2d679a14eb607a X-Originating-IP: [136.175.111.2] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neverwas.me ; s=x; h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To: Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=o0kmgFk4yyBtYJNXwEvTfj1n1QIEbpI0eUpeVsyk9es=; b=jj9RlKXJa6ONWFcrraW1aLrAVv 8/br0eDKqqxtdTD2YEUUKrMEfjLW9r45Te1Jw9aC3p3dP0P2thXAcyv+iPgARKwQ/fHHegl014wXO 0qtBdqvgAVidLtX5ffzxA7FRt/2DNKIG2ltLzYy0BrW+8Uhn3yUXjXR8Sp/tV7lUBgp+frA7QHLIn b5rhdgawPPvlbeZ7mgZONYNuqHTYfrEspmFUTzDmqiUV9Ds2wNRhhvOYEeM42BYBf+5pW3SmEi6/h U/CeWtHNngPEwbDuGc7Ig3xgPFpfzqGzueadQgeNYQhpl5AVxvIqvkUMQjZi8GdBmZvwMUkFduns3 Fr9ss1ag==; From: "J.P." To: Kai Tetzlaff Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <87zgcnvcix.fsf@neverwas.me> (J. P.'s message of "Fri, 18 Nov 2022 19:39:02 -0800") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> <878rkjl1vd.fsf@disroot.org> <877d026uym.fsf@neverwas.me> <87tu35eehq.fsf@disroot.org> <87bkpcu74w.fsf@neverwas.me> <875yfkdwlm.fsf@disroot.org> <874jv3nwmc.fsf@disroot.org> <875yfiq3d8.fsf@neverwas.me> <87mt8uvxkp.fsf@disroot.org> <877czxlgd4.fsf@neverwas.me> <87edu5toi6.fsf@disroot.org> <87a64s99ka.fsf@neverwas.me> <87bkp4z6xg.fsf__44191.716185172$1668780942$gmane$org@neverwas.me> <8735af6e1b.fsf@tetzco.de> <87v8nbwzlu.fsf@neverwas.me> <875yfb4uyo.fsf@tetzco.de> <87zgcnvcix.fsf@neverwas.me> Date: Fri, 18 Nov 2022 20:08:18 -0800 Message-ID: <87fsefvb65.fsf@neverwas.me> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Authenticated-Id: masked@neverwas.me X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain This is probably a(nother) bad idea, but what about making `auth-source-pass-extra-query-keywords' a "tristate" option with a third, hybrid value, like `match-domains', that acts like `t' except with subdomain matching turned on? --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0000-v1-v2.diff >From 89ec2fd5ba7d3d276cb18d1d256080aff9f2ab77 Mon Sep 17 00:00:00 2001 From: "F. Jason Park" Date: Fri, 18 Nov 2022 19:59:11 -0800 Subject: [PATCH 0/1] *** NOT A PATCH *** *** BLURB HERE *** F. Jason Park (1): [POC] Allow subdomain matching in auth-source-pass--find-match-many doc/misc/auth.texi | 11 ++--- etc/NEWS | 3 +- lisp/auth-source-pass.el | 20 ++++++--- test/lisp/auth-source-pass-tests.el | 67 +++++++++++++++++++++++++++++ 4 files changed, 90 insertions(+), 11 deletions(-) Interdiff: diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el index d0b7acb931..2501a1ca85 100644 --- a/lisp/auth-source-pass.el +++ b/lisp/auth-source-pass.el @@ -65,8 +65,10 @@ auth-source-pass-extra-query-keywords filtering unless given an applicable `:require' argument. When this option is nil, do none of that, and enact the narrowing behavior described toward the bottom of the Info node `(auth) The -Unix password store'." - :type 'boolean +Unix password store'. With a value of `match-domains', this +option behaves as it does when set to t except that subdomain +matching is enabled." + :type '(choice (const nil) (const t) (const match-domains)) :version "29.1") (cl-defun auth-source-pass-search (&rest spec @@ -278,13 +280,11 @@ auth-source-pass--match-parts (or (not value) (not mv) (equal mv value))))) (defun auth-source-pass--match-host (search-param matched-path) - (pcase search-param - ((rx "." (+ (not ".")) "." (>= 2 alpha) eot) - (string-suffix-p matched-path search-param)) - (_ (equal matched-path search-param)))) - -(defvar auth-source-pass--match-host-function #'equal - "An escape hatch for alternate host-matching behavior.") + (if (and (eq auth-source-pass-extra-query-keywords 'match-domains) + (string-match (rx "." (+ (not ".")) "." (>= 2 alpha) eot) + search-param)) + (string-suffix-p matched-path search-param) + (equal matched-path search-param))) (defun auth-source-pass--find-match-many (hosts users ports require max) "Return plists for valid combinations of HOSTS, USERS, PORTS." @@ -302,8 +302,7 @@ auth-source-pass--find-match-many (when-let* ((m (or (gethash e seen) (auth-source-pass--retrieve-parsed seen e (integerp port)))) - ((funcall auth-source-pass--match-host-function - host (plist-get m :host))) + ((auth-source-pass--match-host host (plist-get m :host))) ((auth-source-pass--match-parts m :port port require)) ((auth-source-pass--match-parts m :user user require)) (parsed (auth-source-pass-parse-entry e)) diff --git a/test/lisp/auth-source-pass-tests.el b/test/lisp/auth-source-pass-tests.el index dd694c72f6..cca203d790 100644 --- a/test/lisp/auth-source-pass-tests.el +++ b/test/lisp/auth-source-pass-tests.el @@ -785,12 +785,11 @@ auth-source-pass-extra-query-keywords--subdomain-miss ;; But we could offer optional legacy matching behavior -(ert-deftest auth-source-pass-extra-query-keywords--subdomain-compat-hit () +(ert-deftest auth-source-pass-extra-query-keywords--match-domains () (auth-source-pass--with-store '(("open-news-network.org" (secret . "a")) ("onn6:nope" (secret . "b"))) (auth-source-pass-enable) - (let* ((auth-source-pass-extra-query-keywords t) - (auth-source-pass--match-host-function #'auth-source-pass--match-host) + (let* ((auth-source-pass-extra-query-keywords 'match-domains) (results (auth-source-search :max 1 :host '("news6.open-news-network.org" "onn6") -- 2.38.1 --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-POC-Allow-subdomain-matching-in-auth-source-pass-fin.patch >From 89ec2fd5ba7d3d276cb18d1d256080aff9f2ab77 Mon Sep 17 00:00:00 2001 From: "F. Jason Park" Date: Fri, 18 Nov 2022 19:14:30 -0800 Subject: [PATCH 1/1] [POC] Allow subdomain matching in auth-source-pass--find-match-many * doc/misc/auth.texi: Mention incompatible domain-matching behavior in `auth-source-pass-extra-query-keywords' section. * etc/NEWS: Mention incompatible behavior in `auth-source-pass-extra-query-keywords' section. * lisp/auth-source-pass.el (auth-source-pass-extra-query-keywords): Mention lack of subdomain matching in doc string. (auth-source-pass--match-host): Add function to optionally regain traditional subdomain matching behavior. (auth-source-pass--find-match-many): Call `auth-source-pass--match-host' to handle host matching. * test/lisp/auth-source-pass-tests.el: FIXME Add ephemeral tests. --- doc/misc/auth.texi | 11 ++--- etc/NEWS | 3 +- lisp/auth-source-pass.el | 20 ++++++--- test/lisp/auth-source-pass-tests.el | 67 +++++++++++++++++++++++++++++ 4 files changed, 90 insertions(+), 11 deletions(-) diff --git a/doc/misc/auth.texi b/doc/misc/auth.texi index 872e5f88f5..cd8efd8607 100644 --- a/doc/misc/auth.texi +++ b/doc/misc/auth.texi @@ -560,11 +560,12 @@ The Unix password store param was provided. In general, if you prefer idiosyncrasies traditionally exhibited by -this backend, such as prioritizing field count in a filename, try -setting this option to @code{nil}. But, if you experience problems -predicting the outcome of searches relative to other auth-source -backends or encounter code expecting to query multiple backends -uniformly, try flipping it back to @code{t} (the default). +this backend, such as prioritizing field count in a filename or +matching against subdomain labels, try setting this option to +@code{nil}. But, if you experience problems predicting the outcome of +searches relative to other auth-source backends or encounter code +expecting to query multiple backends uniformly, try flipping it back +to @code{t} (the default). @end defvar @node Help for developers diff --git a/etc/NEWS b/etc/NEWS index 8a34afe8d2..73c848c033 100644 --- a/etc/NEWS +++ b/etc/NEWS @@ -1407,7 +1407,8 @@ database stored on disk. *** New user option 'auth-source-pass-extra-query-keywords'. Whether to recognize additional keyword params, like ':max' and ':require', as well as accept lists of query terms paired with -applicable keywords. +applicable keywords. This disables most known search behavior unique +to auth-source-pass, such as wildcard subdomain matching. ** Dired diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el index dc274843e1..2501a1ca85 100644 --- a/lisp/auth-source-pass.el +++ b/lisp/auth-source-pass.el @@ -59,13 +59,16 @@ auth-source-pass-extra-query-keywords "Whether to consider additional keywords when performing a query. Specifically, when the value is t, recognize the `:max' and `:require' keywords and accept lists of query parameters for -certain keywords, such as `:host' and `:user'. Also, wrap all -returned secrets in a function and forgo any further results +certain keywords, such as `:host' and `:user'. Beyond that, wrap +all returned secrets in a function and don't bother considering +subdomains when matching hosts. Also, forgo any further results filtering unless given an applicable `:require' argument. When this option is nil, do none of that, and enact the narrowing behavior described toward the bottom of the Info node `(auth) The -Unix password store'." - :type 'boolean +Unix password store'. With a value of `match-domains', this +option behaves as it does when set to t except that subdomain +matching is enabled." + :type '(choice (const nil) (const t) (const match-domains)) :version "29.1") (cl-defun auth-source-pass-search (&rest spec @@ -276,6 +279,13 @@ auth-source-pass--match-parts (and value (equal mv value)) (or (not value) (not mv) (equal mv value))))) +(defun auth-source-pass--match-host (search-param matched-path) + (if (and (eq auth-source-pass-extra-query-keywords 'match-domains) + (string-match (rx "." (+ (not ".")) "." (>= 2 alpha) eot) + search-param)) + (string-suffix-p matched-path search-param) + (equal matched-path search-param))) + (defun auth-source-pass--find-match-many (hosts users ports require max) "Return plists for valid combinations of HOSTS, USERS, PORTS." (let ((seen (make-hash-table :test #'equal)) @@ -292,7 +302,7 @@ auth-source-pass--find-match-many (when-let* ((m (or (gethash e seen) (auth-source-pass--retrieve-parsed seen e (integerp port)))) - ((equal host (plist-get m :host))) + ((auth-source-pass--match-host host (plist-get m :host))) ((auth-source-pass--match-parts m :port port require)) ((auth-source-pass--match-parts m :user user require)) (parsed (auth-source-pass-parse-entry e)) diff --git a/test/lisp/auth-source-pass-tests.el b/test/lisp/auth-source-pass-tests.el index 8bcb2739bb..cca203d790 100644 --- a/test/lisp/auth-source-pass-tests.el +++ b/test/lisp/auth-source-pass-tests.el @@ -751,6 +751,73 @@ auth-source-pass-extra-query-keywords--user-priorities (:host "g" :user "u" :port 2 :secret "@") ; ** (:host "g" :user "u" :port 2 :secret "/")))))))) +;; Kai demo (delete) + +;; The netrc backend is does not consider subdomains + +(ert-deftest auth-source-pass-extra-query-keywords--subdomain-miss-netrc () + (ert-with-temp-file netrc-file + :text "\ +machine open-news-network.org password a +machine onn6 port nope password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search + :max 1 + :host '("news6.open-news-network.org" "onn6") + :port '("119" "nntp" "nntp" "563" "nntps" "snews")))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should-not results)))) + +;; And neither do we, when `auth-source-pass-extra-query-keywords' is t + +(ert-deftest auth-source-pass-extra-query-keywords--subdomain-miss () + (auth-source-pass--with-store '(("open-news-network.org" (secret . "a")) + ("onn6:nope" (secret . "b"))) + (auth-source-pass-enable) + (let ((auth-source-pass-extra-query-keywords t)) + (should-not (auth-source-search + :max 1 + :host '("news6.open-news-network.org" "onn6") + :port '("119" "nntp" "nntp" "563" "nntps" "snews")))))) + +;; But we could offer optional legacy matching behavior + +(ert-deftest auth-source-pass-extra-query-keywords--match-domains () + (auth-source-pass--with-store '(("open-news-network.org" (secret . "a")) + ("onn6:nope" (secret . "b"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords 'match-domains) + (results (auth-source-search + :max 1 + :host '("news6.open-news-network.org" "onn6") + :port '("119" "nntp" "nntp" "563" "nntps" "snews")))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '((:host "news6.open-news-network.org" :secret "a"))))))) + +;; Traditional behavior when `auth-source-pass-extra-query-keywords' is nil + +(ert-deftest auth-source-pass-extra-query-keywords--nil--subdomain-hit () + (auth-source-pass--with-store '(("open-news-network.org" (secret . "a")) + ("onn6:nope" (secret . "b"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords nil) + (results (auth-source-search + :max 1 + :host '("news6.open-news-network.org" "onn6") + :port '("119" "nntp" "nntp" "563" "nntps" "snews")))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '(( :host "news6.open-news-network.org" + :port ("119" "nntp" "nntp" "563" "nntps" "snews") + :user nil + :secret "a"))))))) + (provide 'auth-source-pass-tests) ;;; auth-source-pass-tests.el ends here -- 2.38.1 --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sat Nov 19 04:25:16 2022 Received: (at 58985) by debbugs.gnu.org; 19 Nov 2022 09:25:16 +0000 Received: from localhost ([127.0.0.1]:39004 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1owK66-0003Js-6F for submit@debbugs.gnu.org; Sat, 19 Nov 2022 04:25:16 -0500 Received: from mx2.tetzco.de ([152.67.86.91]:45833) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1owAk3-0002sk-Hr for 58985@debbugs.gnu.org; Fri, 18 Nov 2022 18:25:55 -0500 Received: from mail.tetzco.de (ipbcc1798b.dynamic.kabel-deutschland.de [188.193.121.139]) (Authenticated sender: relay@tetzco.de) by mx2.tetzco.de (Postfix) with ESMTPSA id 6EB01BD123; Sat, 19 Nov 2022 00:25:45 +0100 (CET) Received: from moka (moka.tetzco.de [172.30.42.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: kai@tetzco.de) by mail.tetzco.de (Postfix) with ESMTPSA id 1CCAA6C00B9; Sat, 19 Nov 2022 00:25:38 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tetzco.de; s=20210624; t=1668813938; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=eUSUxmXBiCyZKrFIczsj4skPxj2PJQBHT3Knp64kveE=; b=IDEM1ZPO3W7ArMiFqzAp/x9RGrnI4+6QuFytm7nQa5x0NDvK4bsxcqdo5qLV0K5l9mYGCb NWmvM4M3CmU7zPpifNJ1P6scTIYcujgcR9tFVRwUGPT9J6775AO9qLelbsXL1nEV6xL2Bs OZO7fpv9i2FECYm/bowBnc/ebIi2iA0Vjey+rMY4HfktabySBRrDlQF3MpXuZYD0h+3Zyg mkuyTSMtSK7XjGiM7X8PY8nqQdfzDuVO5I0TwX2o6fwZzaBgriEhae/OgV8fv2DSJXOZVh qrjOyQoZQhFvZPzjyDUCz93YXEudGlSJisvW6PUn9AWmGHIdjm0boCJTt1cAsl8VgQ7PO1 O/bAed+CECKdl9ySYtAwSx+efOF4zzREVpgusaKNsQC7vIbaiaAiik89jqf6ggUvB7Oqxu f/uP57WIncP4juskmKK6L+aAMJSxB9RjE32Gb6flRSlCUuWs0CTrexZHnmhKIYp/f8rjac YeGjMqKLvhlG8FRiLeCuEL9U0R82zZdRS2hwllTldyJM6nd63NJiZYeMfhOFykYy3puw03 TRL+JukmIU5clbTPb84BeGTiYfhRyFAlIn4T0hX+zFJulR4wf9GnE5PCoXzW/u8elvvPuX OwnuPFWqEJ0KzEnTplVZ2XzhS7YQgQ9Y4aRpok84/hJdjYaRqwIUU= From: Kai Tetzlaff To: 58985@debbugs.gnu.org Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <87bkp4z6xg.fsf__44191.716185172$1668780942$gmane$org@neverwas.me> (J. P.'s message of "Fri, 18 Nov 2022 06:14:03 -0800") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> <878rkjl1vd.fsf@disroot.org> <877d026uym.fsf@neverwas.me> <87tu35eehq.fsf@disroot.org> <87bkpcu74w.fsf@neverwas.me> <875yfkdwlm.fsf@disroot.org> <874jv3nwmc.fsf@disroot.org> <875yfiq3d8.fsf@neverwas.me> <87mt8uvxkp.fsf@disroot.org> <877czxlgd4.fsf@neverwas.me> <87edu5toi6.fsf@disroot.org> <87a64s99ka.fsf@neverwas.me> <87bkp4z6xg.fsf__44191.716185172$1668780942$gmane$org@neverwas.me> Date: Sat, 19 Nov 2022 00:25:36 +0100 Message-ID: <8735af6e1b.fsf@tetzco.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Spamd-Result: default: False [-3.00 / 30.00]; BAYES_HAM(-2.90)[99.58%]; MIME_GOOD(-0.10)[text/plain]; ARC_NA(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCPT_COUNT_TWO(0.00)[2]; DKIM_SIGNED(0.00)[tetzco.de:s=20210624]; TO_DN_NONE(0.00)[]; TAGGED_FROM(0.00)[bug]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-Rspamd-Server: rakaposhi X-Rspamd-Action: no action X-Rspamd-Queue-Id: 1CCAA6C00B9 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 X-Mailman-Approved-At: Sat, 19 Nov 2022 04:25:13 -0500 Cc: jp@neverwas.me X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) This change breaks my use of `auth-source-pass' in gnus. I haven't had time to investigate the issue but what I can already say is that the problem occurs independent of the value of `auth-source-pass-extra-query-keywords' (`t' or `nil'). So the change is not backward compatible. It would (at least) be nice to mention this in the NEWS entry. From debbugs-submit-bounces@debbugs.gnu.org Sat Nov 19 04:25:17 2022 Received: (at 58985) by debbugs.gnu.org; 19 Nov 2022 09:25:17 +0000 Received: from localhost ([127.0.0.1]:39006 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1owK68-0003Jx-NG for submit@debbugs.gnu.org; Sat, 19 Nov 2022 04:25:17 -0500 Received: from mx2.tetzco.de ([152.67.86.91]:53411) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1owCGE-0005Gt-Mg for 58985@debbugs.gnu.org; Fri, 18 Nov 2022 20:03:12 -0500 Received: from mail.tetzco.de (ipbcc1798b.dynamic.kabel-deutschland.de [188.193.121.139]) (Authenticated sender: relay@tetzco.de) by mx2.tetzco.de (Postfix) with ESMTPSA id 06A68BD123; Sat, 19 Nov 2022 02:03:03 +0100 (CET) Received: from moka (moka.tetzco.de [172.30.42.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: kai@tetzco.de) by mail.tetzco.de (Postfix) with ESMTPSA id 21E566C00B9; Sat, 19 Nov 2022 02:02:57 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tetzco.de; s=20210624; t=1668819777; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=CGfHbYFhN7L70sUGP4YRNzcMcC9iMqUWsL8HQgDfsLY=; b=H57e95GrXnS+HQ2yjn7Ok27Luz6uUaCeyz/DKHC57sR4GHHXjIKCijmCFu1zw2oMRHlJci w5XbnQloYhA39A6l1ANstTVNWwoFw2SZAPh8EvqW93CFN/rU9mV7Qpq1h2TA1SnRjv9Pku eWhPLc4D3O7cyN/pQQuO4nkxTcx+iDfsDLVz/oAynAD5+Bsy+jZeYVYoDZMFw9fpedM6wG oVXlm+m8J9CA9sYeM5lu6hhxyJkREirAjCNp6sWrhc6lZG/wfzSPMEk53BQH0UOM9eW4NR Ayea5TSvjoZXs09Ksg6HIHr3WEcjoR9sXQMP7Aup8/j7sb3wj90dHcYlIZ0cRytsIDWqtP aynMVlV/RxUQNE1ZG7Aiy7vKeVz94euTbCxYV9KGa7EPgeEX8VyuHBEZXaOBdvrcHo7+Kg hcdDAiCIoSpY+ufrVyW59HPMmw2/79ogkAHh4u0Zt32ZQet7UknAWMnKg7hwBmn/x6UWNd 8yEo6H/P9MFmSk+R3d7J8jL6/WQ2iWoYHB9Pw5x6EC6xPd5C02KBeKaKNEXYlAaxyB07LI v1v+9phZzrTnKy+fTPqvl8u4bPREbyQHx7lXulfdqvlMZcnbcOl6nOYmTjGP3Ybf1A8PU8 wrJy9AYs4/fucclYXDtfxylpLu+rhXhpAVK8vEslhLtvBmpPbhZn4= From: Kai Tetzlaff To: "J.P." Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <87v8nbwzlu.fsf@neverwas.me> (J. P.'s message of "Fri, 18 Nov 2022 16:35:09 -0800") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> <878rkjl1vd.fsf@disroot.org> <877d026uym.fsf@neverwas.me> <87tu35eehq.fsf@disroot.org> <87bkpcu74w.fsf@neverwas.me> <875yfkdwlm.fsf@disroot.org> <874jv3nwmc.fsf@disroot.org> <875yfiq3d8.fsf@neverwas.me> <87mt8uvxkp.fsf@disroot.org> <877czxlgd4.fsf@neverwas.me> <87edu5toi6.fsf@disroot.org> <87a64s99ka.fsf@neverwas.me> <87bkp4z6xg.fsf__44191.716185172$1668780942$gmane$org@neverwas.me> <8735af6e1b.fsf@tetzco.de> <87v8nbwzlu.fsf@neverwas.me> Date: Sat, 19 Nov 2022 02:02:55 +0100 Message-ID: <875yfb4uyo.fsf@tetzco.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Spamd-Result: default: False [-3.10 / 30.00]; BAYES_HAM(-3.00)[99.98%]; MIME_GOOD(-0.10)[text/plain]; RCVD_COUNT_ZERO(0.00)[0]; ARC_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCPT_COUNT_TWO(0.00)[2]; DKIM_SIGNED(0.00)[tetzco.de:s=20210624]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TAGGED_FROM(0.00)[bug]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-Rspamd-Server: rakaposhi X-Rspamd-Action: no action X-Rspamd-Queue-Id: 21E566C00B9 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 X-Mailman-Approved-At: Sat, 19 Nov 2022 04:25:13 -0500 Cc: 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) "J.P." writes: Thanks for the quick reply. >> I haven't had time to investigate the issue but what I can already say >> is that the problem occurs independent of the value of >> `auth-source-pass-extra-query-keywords' (`t' or `nil'). So the >> change is not backward compatible. It would (at least) be nice to >> mention this in the NEWS entry. > > I'd rather not settle for "at least" if we can help it. If the user > option doesn't preserve existing behavior, that's a bug that needs > fixing. I've done some further checks and now it seems that setting `auth-source-pass-extra-query-keywords' to `nil' in a new emacs session does indeed fix the issue (maybe `auth-source' caching of the negative lookup caused my initial breakage to persist even after changing `auth-source-pass-extra-query-keywords'). The lookup which fails with the new code is for the following parameters: auth-source-search: found 0 results (max 1) matching (:max 1 :host ("news6.open-news-network.org" "onn6") :port ("119" "nntp" "nntp" "563" "nntps" "snews")) My password store contains an entry for 'nntp/open-news-network.org'. I don't use the full hostname since the open news network has multiple servers (news1/2/3/4...) with the same domain name. Right now I don't have time for a more detailed analysis. But I will (hopefully) get back to it during the weekend. From debbugs-submit-bounces@debbugs.gnu.org Tue Nov 22 10:21:17 2022 Received: (at 58985) by debbugs.gnu.org; 22 Nov 2022 15:21:17 +0000 Received: from localhost ([127.0.0.1]:52276 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oxV5I-00041e-LZ for submit@debbugs.gnu.org; Tue, 22 Nov 2022 10:21:17 -0500 Received: from knopi.disroot.org ([178.21.23.139]:39860) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oxV5G-00041R-Jk for 58985@debbugs.gnu.org; Tue, 22 Nov 2022 10:21:15 -0500 Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id EE4F4413A7; Tue, 22 Nov 2022 16:21:13 +0100 (CET) X-Virus-Scanned: SPAM Filter at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8SEp2Hm6j-MC; Tue, 22 Nov 2022 16:21:12 +0100 (CET) From: Akib Azmain Turja DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1669130472; bh=y+9Ols4HM1hy7NvICrL3OWc62y6N+3LKEhNmpfcFSa0=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=M1y9iHJWLLNPVznACkaGw1vOhRrz7b3UbEB4cGuoZlzgo/OtWulp+iuKqHxoXgGUF Ek/JAU16GnIC28I7f12X8Mtf4rvfKOp7D1csiSsHDOB4JWX/nTr2ZgqHnficpiahLq Mj6M1Rx9eZho7fbkHaDgjCH+rgCR1mbulfUUbenL/7f4owxtmiD9ZNLHxT8vJUG79X B9jka6sqorRv3t1HBO2FJkHoH3DAIpYNWMN9GjMLspk4qUVJ073/c2maxVjKGlxK3G mrxjC1I/HJmTSC+ti2y3JyhMWZbLDhgiuwtK7Zj19jGPyXoYKMqbwr5aUU3xjSdS/Y wIv+dRATQrWsQ== To: Kai Tetzlaff Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <875yfb4uyo.fsf@tetzco.de> (Kai Tetzlaff's message of "Sat, 19 Nov 2022 02:02:55 +0100") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> <878rkjl1vd.fsf@disroot.org> <877d026uym.fsf@neverwas.me> <87tu35eehq.fsf@disroot.org> <87bkpcu74w.fsf@neverwas.me> <875yfkdwlm.fsf@disroot.org> <874jv3nwmc.fsf@disroot.org> <875yfiq3d8.fsf@neverwas.me> <87mt8uvxkp.fsf@disroot.org> <877czxlgd4.fsf@neverwas.me> <87edu5toi6.fsf@disroot.org> <87a64s99ka.fsf@neverwas.me> <87bkp4z6xg.fsf__44191.716185172$1668780942$gmane$org@neverwas.me> <8735af6e1b.fsf@tetzco.de> <87v8nbwzlu.fsf@neverwas.me> <875yfb4uyo.fsf@tetzco.de> Date: Sat, 19 Nov 2022 20:59:52 +0600 Message-ID: <87o7t3kn13.fsf@disroot.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: 58985@debbugs.gnu.org, "J.P." X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Kai Tetzlaff writes: > "J.P." writes: > > Thanks for the quick reply. > >>> I haven't had time to investigate the issue but what I can already say >>> is that the problem occurs independent of the value of >>> `auth-source-pass-extra-query-keywords' (`t' or `nil'). So the >>> change is not backward compatible. It would (at least) be nice to >>> mention this in the NEWS entry. >> >> I'd rather not settle for "at least" if we can help it. If the user >> option doesn't preserve existing behavior, that's a bug that needs >> fixing. > > I've done some further checks and now it seems that setting > `auth-source-pass-extra-query-keywords' to `nil' in a new emacs session > does indeed fix the issue (maybe `auth-source' caching of the negative > lookup caused my initial breakage to persist even after changing > `auth-source-pass-extra-query-keywords'). Probably because auth-source was caching the result. Either set auth-source-do-cache to nil, or do M-x auth-source-forget-all-cached to clear cache. > > The lookup which fails with the new code is for the following > parameters: > > auth-source-search: found 0 results (max 1) matching > (:max 1 > :host ("news6.open-news-network.org" "onn6") > :port ("119" "nntp" "nntp" "563" "nntps" "snews")) > > My password store contains an entry for 'nntp/open-news-network.org'. I > don't use the full hostname since the open news network has multiple > servers (news1/2/3/4...) with the same domain name. > > Right now I don't have time for a more detailed analysis. But I will > (hopefully) get back to it during the weekend. > > > =2D-=20 Akib Azmain Turja, GPG key: 70018CE5819F17A3BBA666AFE74F0EFA922AE7F5 Fediverse: akib@hostux.social Codeberg: akib emailselfdefense.fsf.org | "Nothing can be secure without encryption." --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEyVTKmrtL6kNBe3FRVTX89U2IYWsFAmN472kACgkQVTX89U2I YWuWuxAAkkFBBo+Kx8cu/QqXqT503WK/vvXtorxLuOY9XtKRNDgesQTPI+hcijOw VwXlHer9suxCRT8ml4uKpEdnvb0lDe2z3aY4gTQQNDdlMID0vUAbtztjXxCHGh5j faImefZSetgXE+8DIZqqQU/TIt7XHGvEZmdn7Kp4/nt9u/rnkASwctakQ50l8wzE j1xqyQGpnbD1poPWGvC2tfndVaXI4GGCq38wVbK2T2VxRBH5XqfToZ6fvWfZ1Ojo ngAkhTqeGOodP7MaN4ZWBRSOiSNwhvuxmMFNkz1BPf1eKDlkezMo1P5RMMH8PrVX Z7+yfsbcl5koR7H2mYEf4/ZTa5I41nb28OL2pdqKYn7RDsaIrU6S7KBmVHGmhQvL gUrl9RDJNT3JeoVEAlm90yWCMzEpom48r7PF3z6K+N8KmkJT8fPW/H76HQTQ+LEc Z0EZ6dvF+fVlcPRB9LkLWYTSkF337SPpiIef9zC7pD42Q6TLiswCUxsEbZHItIuj uz1E/Szq2GeJUTfOzmvL4jl58puU9buXzS0xGsYlszia2n42Ngazhu99Aq6rLbBb lwWfxv+RnMjqtDBL5T0g6uov1+awLh/AdYRV/qcVfVToR8gaNpCwoptNTY0CtbrV 3OOerPMFXlEG44vnAyBxKq3NQn2jM25pY5MGaD1JqVv52BCEHeY= =mPtG -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 24 10:02:09 2022 Received: (at 58985) by debbugs.gnu.org; 24 Nov 2022 15:02:09 +0000 Received: from localhost ([127.0.0.1]:59797 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oyDjt-0007h9-AD for submit@debbugs.gnu.org; Thu, 24 Nov 2022 10:02:09 -0500 Received: from mail-108-mta152.mxroute.com ([136.175.108.152]:37905) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oyDjr-0007gb-0F for 58985@debbugs.gnu.org; Thu, 24 Nov 2022 10:02:07 -0500 Received: from mail-111-mta2.mxroute.com ([136.175.111.2] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta152.mxroute.com (ZoneMTA) with ESMTPSA id 184aa28dc0f0006e99.001 for <58985@debbugs.gnu.org> (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Thu, 24 Nov 2022 15:01:55 +0000 X-Zone-Loop: 3116600398990c084ade69892fa295a8edcf99eee66e X-Originating-IP: [136.175.111.2] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neverwas.me ; s=x; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date: References:In-Reply-To:Subject:Cc:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=8DlA9jAQBxFucA2hZegqxfmNg55fjXU/EVMVEC9j8fE=; b=d8kYJ5WaldNRxXLymv5wnFWd0O LYO+jmeDeMpUF/FGp/zzukow9Zi0iZtyH8I8aeUEaLdC1IcZdRVrdt8lJ/VAt7qg3PaKEBAidYk4C LrOpB4W94qfrSB106TNjYac57mgPJLJhAavMly1S6cf2ovObhlQOIeRo5uLwohHtGQ2dSFbY0Q9QA 6KyRi9ll2K8O5gu/guchDym4rZ6lOtd2D4gTbhAf/n3TLz7+wb9OIBTFSyU2Fb5EB+6Ud9ajS4u7O QWP0BKXCeazCbw/SMdEHuPdfHa7x0/uUzEBycEngGWLWwCUZtGjQ8dAZ/fV6UtBx0bCBoXINkR86y 4ge1dXcw==; From: "J.P." To: =?utf-8?B?Sm/Do28gVMOhdm9yYQ==?= Subject: Re: 29.0.50; Gnus setup broken by commit 2cf9e699ef0fc43a4eadaf00a1ed2f876765c64d In-Reply-To: <87sfi8ve35.fsf@gmail.com> (=?utf-8?Q?=22Jo=C3=A3o_T=C3=A1vor?= =?utf-8?Q?a=22's?= message of "Thu, 24 Nov 2022 10:31:10 +0000") References: <87sfi8ve35.fsf@gmail.com> Date: Thu, 24 Nov 2022 07:01:51 -0800 Message-ID: <87fse8wg4g.fsf@neverwas.me> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Authenticated-Id: masked@neverwas.me X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: Kai Tetzlaff , 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Jo=C3=A3o, Jo=C3=A3o T=C3=A1vora writes: > Hi Maintainers, > > Commit 2cf9e699ef0fc43a4eadaf00a1ed2f876765c64d breaks my Gnus setup. > > Author: F. Jason Park > Date: Tue Nov 1 22:46:24 2022 -0700 > > Make auth-source-pass behave more like other backends > > I've reached this conclusion through 'git bisect'. I.e. the commit which > immediately precedes it is not broken. Sorry about that. I feel not great that you spent precious man hours bisecting on my account. The new option `auth-source-pass-extra-query-params' is behind the breakage you're witnessing. It tries to make auth-source-pass adhere as closely as possible ("bug for bug") to the auth-source reference backend, netrc (but only to the extent that the other backends already do). The idea was to make searches closer to being backend agnostic and thus more predictable. And auth-source-pass was the lone holdout in terms of conforming behavior. But, alas, it's looking like the quest for uniformity has come at the cost of usability for everyday auth-source-pass users, which is regrettable and surely a deal breaker for keeping it enabled by default. > I haven't investigated why, but I do use 'pass' (www.passwordstore.org) to > (require 'auth-source) > (auth-source-pass-enable) > (setq auth-sources '(password-store)) ;; don't use anything else > > store my passwords securely. > > This is my pass-related setup, which is pretty simple: > > After the commit, M-x gnus is unable to connect to my local imap server. = There > is very little debug information. If we were actually gonna try and debug this, I'd probably ask you for the names of the affected items in your ~/.password-store and the query params passed to `auth-source-search' and maybe also whatever's printed to *Messages* when a query is performed with `auth-source-debug' turned on. However, I think it's probably best to forgo all that and do what I was leaning toward from the outset, and that's keeping the new behavior off by default in Emacs 29. It's looking liable to cause too much churn for too many folks [1]. Thus, unless anyone objects or has anything else to add, I will do this in the next 24 hours or so. Apologies again for the disruption and the time spent bisecting. J.P. [1] https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D58985#114 From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 24 10:36:55 2022 Received: (at 58985) by debbugs.gnu.org; 24 Nov 2022 15:36:55 +0000 Received: from localhost ([127.0.0.1]:59849 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oyEHX-0000LU-Dy for submit@debbugs.gnu.org; Thu, 24 Nov 2022 10:36:55 -0500 Received: from mail-wm1-f48.google.com ([209.85.128.48]:55172) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oyEHV-0000LF-1p for 58985@debbugs.gnu.org; Thu, 24 Nov 2022 10:36:53 -0500 Received: by mail-wm1-f48.google.com with SMTP id t1so1550089wmi.4 for <58985@debbugs.gnu.org>; Thu, 24 Nov 2022 07:36:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=u301KN6mETze9k4tziITm1B45Is+IHxMsz4e53bk5u4=; b=X5jAC1tNaeb1XEmOO5GiybuMKHOhZzZ8IucaLufYjrGdDgarCAH3rsDfVnqz5NbTOX Ouy3REqkobDIW4FA5KGttaftwHMBynKMvMoqiWZ3NI8yNEXonGCT0qJEuOwWuoPAnHci x5iMG4W7/wz7ITcOYgSMihwJv8utuFxHQ2f7UX+3FoQnns3oognhKO7Npmbi45WD+p/O hjRe+yHhWacE9tAvcGSBgp59QII3VyqZ5a/qCLCAt8VJ+A42Y09hvAj1mvMO0kXj0pBj lVSKCxF9leRbuWjnWPtwdcOx/1nzJd/k8YH6nhmhyIT5xszDpYk9Tk1LX98MP6PcvnX8 7fmQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=u301KN6mETze9k4tziITm1B45Is+IHxMsz4e53bk5u4=; b=S+SU0VYipJ9sbglrw0Rll/Xo4XOU4kre3tIeMvcgZRWBPdx5ywhFruSpwjRVf1ziOZ gQt3m9lMdWdHQqMgjCMyMdwnHQqsRe9zgntqgy9KcPyxJOXyMZwQMbIv1OduUoBJWUX2 L60pbXRvAMmYI0Ur5f5MSDVFzmkFPDZaC03wmMsu0U3lXlKV+ctcUvQN5aQf1XIsQW9b iY5Npalc6vfemuRorIIcn8uVIWfGhy1q9kj8pzacuNZD7ylo8/tNDLgmBYl/3rMOcRdh D0RqV/QR3pYPXoPGf4X4wWQoh8dbZhYSutvywPhN7XDpeDOnZQjXCunYG/OzZXBZCmgr US9g== X-Gm-Message-State: ANoB5pl0xbVFgsFdVFY6DiDHW+zznOPuAwO2mc6ZthRXtL948AvFOdQm LqEHvvNuYxWRDCiTJFybjEQ= X-Google-Smtp-Source: AA0mqf5jzT10oWXBN7qgBS8nwSAZhy6ZYXo29P/lmF5c9tV7RkUfB/ELW3wos1pmVx4kz9XKlK9g1Q== X-Received: by 2002:a05:600c:4920:b0:3cf:8b23:549c with SMTP id f32-20020a05600c492000b003cf8b23549cmr16852826wmp.174.1669304206862; Thu, 24 Nov 2022 07:36:46 -0800 (PST) Received: from krug ([87.196.72.177]) by smtp.gmail.com with ESMTPSA id p11-20020a05600c468b00b003cfd10a33afsm6453018wmo.11.2022.11.24.07.36.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Nov 2022 07:36:46 -0800 (PST) From: =?utf-8?B?Sm/Do28gVMOhdm9yYQ==?= To: "J.P." Subject: Re: 29.0.50; Gnus setup broken by commit 2cf9e699ef0fc43a4eadaf00a1ed2f876765c64d In-Reply-To: <87fse8wg4g.fsf@neverwas.me> (J. P.'s message of "Thu, 24 Nov 2022 07:01:51 -0800") References: <87sfi8ve35.fsf@gmail.com> <87fse8wg4g.fsf@neverwas.me> Date: Thu, 24 Nov 2022 15:38:02 +0000 Message-ID: <87ilj4uzvp.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: Kai Tetzlaff , 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) "J.P." writes: > If we were actually gonna try and debug this, I'd probably ask you for > the names of the affected items in your ~/.password-store and the query > params passed to `auth-source-search' and maybe also whatever's printed > to *Messages* when a query is performed with `auth-source-debug' turned > on. The affected item is, I believe, ~/.password-store/local-gmail:imap.gpg and likely also ~/.password-store/smtp.gmail.com:465.gpg. When I set auth-source-debug to t, these lines appeared in *Messages* auth-source-pass: final result: nil auth-source-search: found 0 results (max 1) matching (:max 1 :host ("local-= gmail" "localhost") :port ("imap" "imap" "143") :user "joaotavora@gmail.com= " :require (:user :secret) :create t) auth-source-pass: final result: nil auth-source-search: CREATED 0 results (max 1) matching (:max 1 :host ("loca= l-gmail" "localhost") :port ("imap" "imap" "143") :user "joaotavora@gmail.c= om" :require (:user :secret) :create t) Opening nnimap server on local-gmail...failed:=20 > However, I think it's probably best to forgo all that and do what I was > leaning toward from the outset, and that's keeping the new behavior off > by default in Emacs 29. It's looking liable to cause too much churn for > too many folks [1]. Thus, unless anyone objects or has anything else to > add, I will do this in the next 24 hours or so. Apologies again for the > disruption and the time spent bisecting. No problem, and thanks for understanding. I think it is indeed better if you make this opt-in. I can then opt into it and help you debug the root cause. But in the meantime, my email won't be broken :-) Jo=C3=A3o From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 25 09:24:05 2022 Received: (at 58985) by debbugs.gnu.org; 25 Nov 2022 14:24:05 +0000 Received: from localhost ([127.0.0.1]:33899 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oyZca-0002qd-Mn for submit@debbugs.gnu.org; Fri, 25 Nov 2022 09:24:05 -0500 Received: from mail-108-mta176.mxroute.com ([136.175.108.176]:36241) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oyZcV-0002q5-4x for 58985@debbugs.gnu.org; Fri, 25 Nov 2022 09:24:03 -0500 Received: from mail-111-mta2.mxroute.com ([136.175.111.2] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta176.mxroute.com (ZoneMTA) with ESMTPSA id 184af2c5ce70006e99.001 for <58985@debbugs.gnu.org> (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Fri, 25 Nov 2022 14:23:51 +0000 X-Zone-Loop: a7fdf5038d92ad0833928a568db30d01f2a529694e28 X-Originating-IP: [136.175.111.2] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neverwas.me ; s=x; h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To: Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=rzIPu8XcxY3ALcn9/0yifEm32XfSDMdwol7JHTOmbWs=; b=CDiqWEp/GpKjYsO9cASOG71urY T39kSziSDlVunBtnN/xjmzzI71PXBeQF3YDBleV+i/PEu6KSrOu76xFbKEoJKOWbLvmtiDhmiypdz hShN3EnqBg7QCSdqqBf5UpuZPNQ8Q7C78oWgX9oYsewEHD1FO51wBEFlfGLK89tTpRxqX28ksiozD ui9GTs+AC0xUb9GTrcHotoGNIjL/WFsKV/FxrpC5kwGGLcOPs5CpqYTAL/5NKikSTZaOdyaCVXmYO 4SKWGb7amv6JluHXhjmCi0rL0QoG6Fl2mY0VbNangg1c2i19apkNIAmgVwyv6yTDerm9LxJ8tEJfh Sg3Eos+w==; From: "J.P." To: =?utf-8?B?Sm/Do28gVMOhdm9yYQ==?= Subject: Re: 29.0.50; Gnus setup broken by commit 2cf9e699ef0fc43a4eadaf00a1ed2f876765c64d In-Reply-To: <87ilj4uzvp.fsf@gmail.com> (=?utf-8?Q?=22Jo=C3=A3o_T=C3=A1vor?= =?utf-8?Q?a=22's?= message of "Thu, 24 Nov 2022 15:38:02 +0000") References: <87sfi8ve35.fsf@gmail.com> <87fse8wg4g.fsf@neverwas.me> <87ilj4uzvp.fsf@gmail.com> Date: Fri, 25 Nov 2022 06:23:47 -0800 Message-ID: <87mt8fi03w.fsf@neverwas.me> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Authenticated-Id: masked@neverwas.me X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985 Cc: Kai Tetzlaff , 58985@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Jo=C3=A3o T=C3=A1vora writes: > The affected item is, I believe, ~/.password-store/local-gmail:imap.gpg > and likely also ~/.password-store/smtp.gmail.com:465.gpg. When I set > auth-source-debug to t, these lines appeared in *Messages* > > auth-source-pass: final result: nil > auth-source-search: found 0 results (max 1) matching (:max 1 :host > ("local-gmail" "localhost") :port ("imap" "imap" "143") :user > "joaotavora@gmail.com" :require (:user :secret) :create t) > auth-source-pass: final result: nil > auth-source-search: CREATED 0 results (max 1) matching (:max 1 :host > ("local-gmail" "localhost") :port ("imap" "imap" "143") :user > "joaotavora@gmail.com" :require (:user :secret) :create t) > Opening nnimap server on local-gmail...failed:=20 This was helpful, thanks. It seems :require (:user ...) is clashing with the absence of a "user" component in the affected file names. Among other things, the commit in question tries to provide a way of honoring the `:require' keyword in a manner befitting the doc string of `auth-source-search': :require (A B C) means that only results that contain those tokens will be returned. Thus for instance requiring :secret will ensure that any results will actually have a :secret property. The other back ends more or less do the same. (Take a peek at the attached examples if you're bored.) So, I guess the takeaway here, at least as things stand, is basically this: if for some reason you really wanted to enable the option, you'd need to rename the affected files. Either ~/.password-store/joaotavora@gmail.com@local-gmail:imap.gpg or ~/.password-store/local-gmail:imap/joaotavora@gmail.com.gpg should do it. Alternatively, if the gnus function that calls `auth-source-search' were somehow configurable (guessing no), you could omit the `:require's altogether, increase the `:max' value, and prioritize the results, which is what ERC does (or tries to do). >> However, I think it's probably best to forgo all that and do what I was >> leaning toward from the outset, and that's keeping the new behavior off >> by default in Emacs 29. It's looking liable to cause too much churn for >> too many folks [1]. Thus, unless anyone objects or has anything else to >> add, I will do this in the next 24 hours or so. Apologies again for the >> disruption and the time spent bisecting. > > No problem, and thanks for understanding. Thank YOU for understanding. (All I did was break your email.) > I think it is indeed better if you make this opt-in. I can then opt > into it and help you debug the root cause. But in the meantime, my > email won't be broken :-) I've pushed the change, but you may need to clear your auth-source cache or restart your session to see any effect. Please let me know if that doesn't do it. And thanks for all your work on Emacs! J.P. --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-POC-Compare-require-among-auth-source-backends.patch >From 5b0f0c108578cbae5f0804fe1daa60599a71d4bf Mon Sep 17 00:00:00 2001 From: "F. Jason Park" Date: Thu, 24 Nov 2022 21:03:03 -0800 Subject: [PATCH] [POC] Compare :require among auth-source backends --- test/lisp/auth-source-pass-tests.el | 305 ++++++++++++++++++++++++++++ 1 file changed, 305 insertions(+) diff --git a/test/lisp/auth-source-pass-tests.el b/test/lisp/auth-source-pass-tests.el index 1107e09b51..ed88cf5476 100644 --- a/test/lisp/auth-source-pass-tests.el +++ b/test/lisp/auth-source-pass-tests.el @@ -751,6 +751,311 @@ auth-source-pass-extra-query-keywords--user-priorities (:host "g" :user "u" :port 2 :secret "@") ; ** (:host "g" :user "u" :port 2 :secret "/")))))))) +;;;; :require demo + +;; Swapping out smtp.gmail.com and 465 with local-gmail and imap +;; doesn't change the outcome of any cases below. + +;; netrc + +(ert-deftest auth-source-pass-extra-query-keywords--netrc-joao () + (ert-with-temp-file netrc-file + :text "\ +machine local-gmail port imap password a +machine smtp.gmail.com port 465 password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :max 1 + :host '("local-gmail" "localhost") + :port '("imap" "imap" "143") + :user "joaotavora@gmail.com" + :require '(:user :secret)))) + (should-not results)))) + +(ert-deftest auth-source-pass-extra-query-keywords--netrc-joao-user () + (ert-with-temp-file netrc-file + :text "\ +machine local-gmail login joaotavora@gmail.com port imap password a +machine smtp.gmail.com login joaotavora@gmail.com port 465 password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :max 1 + :host '("local-gmail" "localhost") + :port '("imap" "imap" "143") + :user "joaotavora@gmail.com" + :require '(:user :secret)))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '(( :host "local-gmail" + :user "joaotavora@gmail.com" + :port "imap" + :secret "a"))))))) + +;; plstore + +(require 'epg) + +(ert-deftest auth-source-pass-extra-query-keywords--plstore-joao () + (ert-with-temp-file plstore-file + :suffix ".plist" + :text "\ +;;; public entries -*- mode: plstore -*- +((\"7c0d0c60eba2b3da2feebff6a007934b73d6ba8c\" + :secret-secret t + :host \"local-gmail\" + :port \"imap\") + (\"e579bb71ac879a2fbe90462be686ec090bcb995f\" + :secret-secret t + :host \"smtp.gmail.com\" + :port \"465\")) +;;; secret entries +((\"7c0d0c60eba2b3da2feebff6a007934b73d6ba8c\" :secret \"a\") + (\"e579bb71ac879a2fbe90462be686ec090bcb995f\" :secret \"b\")) +" + (cl-letf (((symbol-function 'epg-decrypt-string) + (lambda (&rest r) (prin1-to-string (cadr r)))) + ((symbol-function 'epg-find-configuration) + (lambda (&rest _) '((program . "/bin/true"))))) + (let* ((auth-sources (list plstore-file)) + (auth-source-do-cache nil) + (results (auth-source-search :max 1 + :host '("local-gmail" "localhost") + :port '("imap" "imap" "143") + :user "joaotavora@gmail.com" + :require '(:user :secret)))) + (should-not results))))) + +(ert-deftest auth-source-pass-extra-query-keywords--plstore-joao-user () + (ert-with-temp-file plstore-file + :suffix ".plist" + :text "\ +;;; public entries -*- mode: plstore -*- +((\"b0d8e1b370cff2d4c71cd503905d1bfa80247a82\" + :secret-secret t + :host \"local-gmail\" + :user \"joaotavora@gmail.com\" + :port \"imap\") + (\"5d05df976779ae4690254c6572c1652748ac4b58\" + :secret-secret t + :host \"smtp.gmail.com\" + :user \"joaotavora@gmail.com\" + :port \"465\")) +;;; secret entries +((\"b0d8e1b370cff2d4c71cd503905d1bfa80247a82\" :secret \"a\") + (\"5d05df976779ae4690254c6572c1652748ac4b58\" :secret \"b\")) +" + (cl-letf (((symbol-function 'epg-decrypt-string) + (lambda (&rest r) (prin1-to-string (cadr r)))) + ((symbol-function 'epg-find-configuration) + (lambda (&rest _) '((program . "/bin/true"))))) + (let* ((auth-sources (list plstore-file)) + (auth-source-do-cache nil) + (results (auth-source-search :max 1 + :host '("local-gmail" "localhost") + :port '("imap" "imap" "143") + :user "joaotavora@gmail.com" + :require '(:user :secret)))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '(( :login nil + :secret "a" + :host "local-gmail" + :user "joaotavora@gmail.com" + :port "imap")))))))) + +;; json + +(ert-deftest auth-source-pass-extra-query-keywords--json-joao () + (ert-with-temp-file json-store + :suffix ".json" + :text "\ +[{\"host\":\"local-gmail\", + \"port\":\"imap\", + \"secret\":\"a\"}, + {\"host\":\"smtp.gmail.com\", + \"port\":\"465\", + \"secret\":\"b\"}] +" + (let ((auth-sources (list json-store)) + (auth-source-do-cache nil)) + (should-not (auth-source-search :max 1 + :host '("local-gmail" "localhost") + :port '("imap" "imap" "143") + :user "joaotavora@gmail.com" + :require '(:user :secret)))))) + +(ert-deftest auth-source-pass-extra-query-keywords--json-joao-user () + (ert-with-temp-file json-store + :suffix ".json" + :text "\ +[{\"host\":\"local-gmail\", + \"port\":\"imap\", + \"user\":\"joaotavora@gmail.com\", + \"secret\":\"a\"}, + {\"host\":\"smtp.gmail.com\", + \"port\":\"465\", + \"user\":\"joaotavora@gmail.com\", + \"secret\":\"b\"}] +" + (let* ((auth-sources (list json-store)) + (auth-source-do-cache nil) + (results (auth-source-search :max 1 + :host '("local-gmail" "localhost") + :port '("imap" "imap" "143") + :user "joaotavora@gmail.com" + :require '(:user :secret)))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '(( :host "local-gmail" + :port "imap" + :user "joaotavora@gmail.com" + :secret "a"))))))) + +;; secrets + +;; With the secrets backend, any "attribute" (keyword) specified in +;; the query must exist in the entry, so `:require' is implied. The +;; mocked search below is so contrived as to be meaningless, but it +;; nevertheless emphasizes the "must match" nature of the upstream +;; SearchItems DBus method (of the Secret Service API's collections +;; interface: org.freedesktop.Secret.Collection.SearchItems). +;; +;; https://specifications.freedesktop.org/secret-service/latest/re02.html +;; #org.freedesktop.Secret.Collection.SearchItems + +(require 'secrets) + +(ert-deftest auth-source-pass-extra-query-keywords--secrets-joao () + (let ((auth-sources '("secrets:Test")) + (auth-source-do-cache nil) + (entries '(("nil@local-gmail:imap" + (:host . "local-gmail") + (:port . "imap") + (:xdg:schema . "org.freedesktop.Secret.Generic")) + ("nil@smtp.gmail.com:465" + (:host . "smtp.gmail.com") + (:port . "465") + (:xdg:schema . "org.freedesktop.Secret.Generic")))) + (secrets '(("nil@local-gmail:imap" . "a") + ("nil@smtp.gmail.com:465" . "b")))) + + (cl-letf (((symbol-function 'secrets-search-items) + (lambda (_ &rest r) + (mapcan (lambda (s) + (and (seq-every-p (pcase-lambda (`(,k . ,v)) + (equal v (alist-get k (cdr s)))) + (map-pairs r)) + (list (car s)))) + entries))) + ((symbol-function 'secrets-get-secret) + (lambda (_ label) (assoc-default label secrets))) + ((symbol-function 'secrets-get-attributes) + (lambda (_ label) (assoc-default label entries)))) + + (should-not (auth-source-search :max 1 + :host '("local-gmail" "localhost") + :port '("imap" "imap" "143") + :user "joaotavora@gmail.com" + :require '(:user :secret)))))) + +(ert-deftest auth-source-pass-extra-query-keywords--secrets-joao-user () + (let ((auth-sources '("secrets:Test")) + (auth-source-do-cache nil) + (entries '(("joaotavora@gmail.com@local-gmail:imap" + (:host . "local-gmail") + (:user . "joaotavora@gmail.com") + (:port . "imap") + (:xdg:schema . "org.freedesktop.Secret.Generic")) + ("joaotavora@gmail.com@smtp.gmail.com:465" + (:host . "smtp.gmail.com") + (:user . "joaotavora@gmail.com") + (:port . "465") + (:xdg:schema . "org.freedesktop.Secret.Generic")))) + (secrets '(("joaotavora@gmail.com@local-gmail:imap" . "a") + ("joaotavora@gmail.com@smtp.gmail.com:465" . "b")))) + + (cl-letf (((symbol-function 'secrets-search-items) + (lambda (_ &rest r) + (mapcan (lambda (s) + (and (seq-every-p (pcase-lambda (`(,k . ,v)) + (equal v (alist-get k (cdr s)))) + (map-pairs r)) + (list (car s)))) + entries))) + ((symbol-function 'secrets-get-secret) + (lambda (_ label) (assoc-default label secrets))) + ((symbol-function 'secrets-get-attributes) + (lambda (_ label) (assoc-default label entries)))) + + (let ((results (auth-source-search :max 1 + :host '("local-gmail" "localhost") + :port '("imap" "imap" "143") + :user "joaotavora@gmail.com" + :require '(:user :secret)))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '(( :login nil + :secret "a" + :host "local-gmail" + :user "joaotavora@gmail.com" + :port "imap" + :xdg:schema "org.freedesktop.Secret.Generic")))))))) + +;; Pass + +(ert-deftest auth-source-pass-extra-query-keywords--pass--joao () + (auth-source-pass--with-store '(("smtp.gmail.com:465" (secret . "a")) + ("local-gmail:imap" (secret . "b"))) + (auth-source-pass-enable) + (let ((auth-source-pass-extra-query-keywords t)) + (should-not (auth-source-search :max 1 + :host '("local-gmail" "localhost") + :port '("imap" "imap" "143") + :user "joaotavora@gmail.com" + :require '(:user :secret)))))) + +(ert-deftest auth-source-pass-extra-query-keywords--pass--joao-user () + ;; "suffix" syntax + (auth-source-pass--with-store '(("smtp.gmail.com:465/joaotavora@gmail.com" + (secret . "a")) + ("local-gmail:imap/joaotavora@gmail.com" + (secret . "b"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :max 1 + :host '("local-gmail" "localhost") + :port '("imap" "imap" "143") + :user "joaotavora@gmail.com" + :require '(:user :secret)))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '(( :host "local-gmail" + :user "joaotavora@gmail.com" + :port "imap" + :secret "b")))))) + ;; "prefix" syntax + (auth-source-pass--with-store '(("joaotavora@gmail.com@smtp.gmail.com:465" + (secret . "a")) + ("joaotavora@gmail.com@local-gmail:imap" + (secret . "b"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :max 1 + :host '("local-gmail" "localhost") + :port '("imap" "imap" "143") + :user "joaotavora@gmail.com" + :require '(:user :secret)))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '(( :host "local-gmail" + :user "joaotavora@gmail.com" + :port "imap" + :secret "b"))))))) + (provide 'auth-source-pass-tests) ;;; auth-source-pass-tests.el ends here -- 2.38.1 --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Dec 07 09:30:26 2022 Received: (at 58985-done) by debbugs.gnu.org; 7 Dec 2022 14:30:26 +0000 Received: from localhost ([127.0.0.1]:50519 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1p2vRJ-0001Td-4w for submit@debbugs.gnu.org; Wed, 07 Dec 2022 09:30:26 -0500 Received: from mail-108-mta101.mxroute.com ([136.175.108.101]:43041) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1p2vRF-0001TX-Dv for 58985-done@debbugs.gnu.org; Wed, 07 Dec 2022 09:30:23 -0500 Received: from mail-111-mta2.mxroute.com ([136.175.111.2] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta101.mxroute.com (ZoneMTA) with ESMTPSA id 184ecfe88a70001d7e.002 for <58985-done@debbugs.gnu.org> (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Wed, 07 Dec 2022 14:30:14 +0000 X-Zone-Loop: 96f24a69ec9f8ee0578e8b1068d1c59daf27792e9df8 X-Originating-IP: [136.175.111.2] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neverwas.me ; s=x; h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To: Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=I/R3ipf++cLQ7BuwNMwYG49uF7oPSkCAvWcR9t/ag0Q=; b=h78dl/iODKOHCHuGt8njuRgI4Q keQ+YiBoTBj0wiz15QJPxV/lw0ZL4aOGRMFGJM+QYxxizVY/LVse07Ps1xC07QlSiTVQwVWKZfSQh 9vNG7Q2yUtyCndxUjI8hp05De/YQlq+sdsgpo4bgcjn0X5XOVXA4ffxCeWrbCsW0v8pKnvDZyBuCA Z0vI41mwbFbnpdSHatbOS6kgRqCYLRXX/GOSFKY7jXKmFemA1ZmWHjFfgDa2y5zZCDnjXGhGG7Cj6 bYyo6Irrzk35LTEVKI6RoNEn9FdHwWX9+hxKKTq34dDlB8ZBM6FaepV7l4qQxGA3IQT/dT7UjQgld /y3KVd8Q==; From: "J.P." To: 58985-done@debbugs.gnu.org Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends In-Reply-To: <87bkp4z6xg.fsf@neverwas.me> (J. P.'s message of "Fri, 18 Nov 2022 06:14:03 -0800") References: <87wn8cb0ym.fsf@neverwas.me> <874jvdardn.fsf__3771.40490324877$1667692584$gmane$org@neverwas.me> <87pme09vis.fsf@gmx.de> <87a653z7dl.fsf@neverwas.me> <878rkjl1vd.fsf@disroot.org> <877d026uym.fsf@neverwas.me> <87tu35eehq.fsf@disroot.org> <87bkpcu74w.fsf@neverwas.me> <875yfkdwlm.fsf@disroot.org> <874jv3nwmc.fsf@disroot.org> <875yfiq3d8.fsf@neverwas.me> <87mt8uvxkp.fsf@disroot.org> <877czxlgd4.fsf@neverwas.me> <87edu5toi6.fsf@disroot.org> <87a64s99ka.fsf@neverwas.me> <87bkp4z6xg.fsf@neverwas.me> Date: Wed, 07 Dec 2022 06:30:09 -0800 Message-ID: <87o7sf477y.fsf@neverwas.me> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Authenticated-Id: masked@neverwas.me X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 58985-done Cc: Damien Cassou , =?utf-8?Q?Bj=C3=B6rn?= Bidar , emacs-erc@gnu.org, Michael Albinus , Akib Azmain Turja X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable "J.P." writes: > Because I am easily swayed (or maybe just a liar), I've gone ahead and > enabled it by default [1]. I've also informed Nicolas Petton of the > change. I guess Bj=C3=B6rn was too busy or annoyed by my pestering to keep > up, which is understandable. > > Thanks, everyone, for your help with this (especially Akib, who I pray > will consider contributing to ERC in the future). And please remember to > complain if you encounter any related ugliness. In the meantime, I am > closing this bug. A couple updates for anyone who cares: 1. As you may have noticed, due to various complaints here on the tracker, the new option `auth-source-pass-extra-query-keywords' is now disabled by default. 2. The changes currently installed contain a bug involving spaces in file names. Basically, all other back ends allow spaces in an entry's user and host fields. The second (throwaway) patch below demonstrates this, and the first attempts to make things right. In my mind, item #2 is a bug that needs fixing on the release branch, and I plan on doing so in the coming days. If there are questions or concerns, please let them be known. Thanks. --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-Allow-spaces-in-auth-source-pass-match-regexp.patch >From 85f00ef178b59573f91f0389f67c69585742a6e2 Mon Sep 17 00:00:00 2001 From: "F. Jason Park" Date: Thu, 24 Nov 2022 21:03:03 -0800 Subject: [PATCH 1/2] Allow spaces in auth-source-pass--match-regexp * lisp/auth-source-pass.el (auth-source-pass--match-regexp): Allow spaces in host and user components because all other backends do. * lisp/erc/erc-compat.el (erc-compat--29-auth-source-pass--retrieve-parsed): Allow spaces in host and user components in auth-source-pass regexp. * test/lisp/auth-source-pass-tests.el (auth-source-pass-any-host): Silence warning message re wildcards from `auth-source-pass-search'. (auth-source-pass-extra-query-keywords--suffixed-user): Add spaces to users and hosts of some entries. (Bug#58985.) --- lisp/auth-source-pass.el | 12 +++++------ lisp/erc/erc-compat.el | 8 ++++---- test/lisp/auth-source-pass-tests.el | 31 +++++++++++++++-------------- 3 files changed, 26 insertions(+), 25 deletions(-) diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el index 74d3808448..3262880c47 100644 --- a/lisp/auth-source-pass.el +++ b/lisp/auth-source-pass.el @@ -111,12 +111,12 @@ auth-source-pass--match-regexp (defun auth-source-pass--match-regexp (s) (rx-to-string ; autoloaded `(: (or bot "/") - (or (: (? (group-n 20 (+ (not (in ?\ ?/ ,s)))) "@") - (group-n 10 (+ (not (in ?\ ?/ ?@ ,s)))) - (? ,s (group-n 30 (+ (not (in ?\ ?/ ,s)))))) - (: (group-n 11 (+ (not (in ?\ ?/ ?@ ,s)))) - (? ,s (group-n 31 (+ (not (in ?\ ?/ ,s))))) - (? "/" (group-n 21 (+ (not (in ?\ ?/ ,s))))))) + (or (: (? (group-n 20 (+ (not (in ?/ ,s)))) "@") ; user pfx + (group-n 10 (+ (not (in ?/ ?@ ,s)))) ; host + (? ,s (group-n 30 (+ (not (in ?\s ?/ ,s)))))) ; port + (: (group-n 11 (+ (not (in ?/ ?@ ,s)))) ; host + (? ,s (group-n 31 (+ (not (in ?\s ?/ ,s))))) ; port + (? "/" (group-n 21 (+ (not (in ?/ ,s))))))) ; user sfx eot) 'no-group)) diff --git a/lisp/erc/erc-compat.el b/lisp/erc/erc-compat.el index abbaafcd93..bd93254758 100644 --- a/lisp/erc/erc-compat.el +++ b/lisp/erc/erc-compat.el @@ -176,12 +176,12 @@ auth-source-backend-parser-functions ;; This hard codes `auth-source-pass-port-separator' to ":" (defun erc-compat--29-auth-source-pass--retrieve-parsed (seen e port-number-p) (when (string-match (rx (or bot "/") - (or (: (? (group-n 20 (+ (not (in " /:")))) "@") - (group-n 10 (+ (not (in " /:@")))) + (or (: (? (group-n 20 (+ (not (in "/:")))) "@") + (group-n 10 (+ (not (in "/:@")))) (? ":" (group-n 30 (+ (not (in " /:")))))) - (: (group-n 11 (+ (not (in " /:@")))) + (: (group-n 11 (+ (not (in "/:@")))) (? ":" (group-n 31 (+ (not (in " /:"))))) - (? "/" (group-n 21 (+ (not (in " /:"))))))) + (? "/" (group-n 21 (+ (not (in "/:"))))))) eot) e) (puthash e `( :host ,(or (match-string 10 e) (match-string 11 e)) diff --git a/test/lisp/auth-source-pass-tests.el b/test/lisp/auth-source-pass-tests.el index 1107e09b51..d6d42ce942 100644 --- a/test/lisp/auth-source-pass-tests.el +++ b/test/lisp/auth-source-pass-tests.el @@ -175,7 +175,8 @@ auth-source-pass-match-any-entry-p (ert-deftest auth-source-pass-any-host () (auth-source-pass--with-store '(("foo" ("port" . "foo-port") ("host" . "foo-user")) ("bar")) - (should-not (auth-source-pass-search :host t)))) + (let ((inhibit-message t)) ; silence "... does not handle host wildcards." + (should-not (auth-source-pass-search :host t))))) (ert-deftest auth-source-pass-undefined-host () (auth-source-pass--with-store '(("foo" ("port" . "foo-port") ("host" . "foo-user")) @@ -697,29 +698,29 @@ auth-source-pass-extra-query-keywords--ambiguous-user-host ;; with slightly more realistic and less legible values. (ert-deftest auth-source-pass-extra-query-keywords--suffixed-user () - (let ((store (sort (copy-sequence '(("x.com:42/b@r" (secret . "a")) - ("b@r@x.com" (secret . "b")) + (let ((store (sort (copy-sequence '(("x.com:42/s p@m" (secret . "a")) + ("s p@m@x.com" (secret . "b")) ("x.com" (secret . "?")) - ("b@r@y.org" (secret . "c")) - ("fake.com" (secret . "?")) - ("fake.com/b@r" (secret . "d")) - ("y.org/b@r" (secret . "?")) - ("b@r@fake.com" (secret . "e")))) + ("s p@m@y.org" (secret . "c")) + ("fa ke" (secret . "?")) + ("fa ke/s p@m" (secret . "d")) + ("y.org/s p@m" (secret . "?")) + ("s p@m@fa ke" (secret . "e")))) (lambda (&rest _) (zerop (random 2)))))) (auth-source-pass--with-store store (auth-source-pass-enable) (let* ((auth-source-pass-extra-query-keywords t) - (results (auth-source-search :host '("x.com" "fake.com" "y.org") - :user "b@r" + (results (auth-source-search :host '("x.com" "fa ke" "y.org") + :user "s p@m" :require '(:user) :max 5))) (dolist (result results) (setf (plist-get result :secret) (auth-info-password result))) (should (equal results - '((:host "x.com" :user "b@r" :secret "b") - (:host "x.com" :user "b@r" :port "42" :secret "a") - (:host "fake.com" :user "b@r" :secret "e") - (:host "fake.com" :user "b@r" :secret "d") - (:host "y.org" :user "b@r" :secret "c")))))))) + '((:host "x.com" :user "s p@m" :secret "b") + (:host "x.com" :user "s p@m" :port "42" :secret "a") + (:host "fa ke" :user "s p@m" :secret "e") + (:host "fa ke" :user "s p@m" :secret "d") + (:host "y.org" :user "s p@m" :secret "c")))))))) ;; This is a more distilled version of `suffixed-user', above. It ;; better illustrates that search order takes precedence over "/user" -- 2.38.1 --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0002-POC-Demo-spaces-in-hosts-users-among-auth-source-bac.patch >From c379523c177ea0188f8c270585efc6077901479a Mon Sep 17 00:00:00 2001 From: "F. Jason Park" Date: Thu, 24 Nov 2022 21:03:03 -0800 Subject: [PATCH 2/2] [POC] Demo spaces in hosts/users among auth-source backends --- test/lisp/auth-source-pass-tests.el | 255 ++++++++++++++++++++++++++++ 1 file changed, 255 insertions(+) diff --git a/test/lisp/auth-source-pass-tests.el b/test/lisp/auth-source-pass-tests.el index d6d42ce942..59a0c1252f 100644 --- a/test/lisp/auth-source-pass-tests.el +++ b/test/lisp/auth-source-pass-tests.el @@ -752,6 +752,261 @@ auth-source-pass-extra-query-keywords--user-priorities (:host "g" :user "u" :port 2 :secret "@") ; ** (:host "g" :user "u" :port 2 :secret "/")))))))) +;;;; Whitespace demo + +;; These demonstrate that all back ends support spaces in host and +;; user fields. + +;; netrc + +(ert-deftest auth-source-pass-extra-query-keywords--ws-host-netrc () + (ert-with-temp-file netrc-file + :text "\ +machine \"hello world\" password a +machine localhost password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "hello world"))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '((:host "hello world" :secret "a"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--ws-user-netrc () + (ert-with-temp-file netrc-file + :text "\ +machine localhost login onetwo password a +machine localhost login \"one two\" password b +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :user "one two"))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '(( :host "localhost" + :user "one two" + :secret "b"))))))) + +;; plstore + +(require 'epg) + +(ert-deftest auth-source-pass-extra-query-keywords--ws-host-plstore () + (ert-with-temp-file plstore-file + :suffix ".plist" + :text "\ +;;; public entries -*- mode: plstore -*- +((\"8faf07aac16e46c49857598b6cd6dd809762c5cb\" + :secret-secret t :host \"hello world\") + (\"12d4700ff04a5dbadec60b55319ff3f473d026fa\" + :secret-secret t :host \"localhost\")) +;;; secret entries +((\"8faf07aac16e46c49857598b6cd6dd809762c5cb\" :secret \"a\") + (\"12d4700ff04a5dbadec60b55319ff3f473d026fa\" :secret \"b\")) +" + (cl-letf (((symbol-function 'epg-decrypt-string) + (lambda (&rest r) (prin1-to-string (cadr r)))) + ((symbol-function 'epg-find-configuration) + (lambda (&rest _) '((program . "/bin/true"))))) + (let* ((auth-sources (list plstore-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "hello world"))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '(( :login nil + :port nil + :secret "a" + :host "hello world")))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--ws-user-plstore () + (ert-with-temp-file plstore-file + :suffix ".plist" + :text "\ +;;; public entries -*- mode: plstore -*- +((\"8b23ccce4b95bee4b9a8676409a7f196f1adc59e\" + :secret-secret t + :host \"localhost\" + :user \"onetwo\") + (\"e4c4fcb6c505d389ff72a58314571f37fb936365\" + :secret-secret t + :host \"localhost\" + :user \"one two\")) +;;; secret entries +((\"8b23ccce4b95bee4b9a8676409a7f196f1adc59e\" :secret \"a\") + (\"e4c4fcb6c505d389ff72a58314571f37fb936365\" :secret \"b\")) +" + (cl-letf (((symbol-function 'epg-decrypt-string) + (lambda (&rest r) (prin1-to-string (cadr r)))) + ((symbol-function 'epg-find-configuration) + (lambda (&rest _) '((program . "/bin/true"))))) + (let* ((auth-sources (list plstore-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "localhost" + :user "one two"))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '(( :login nil + :port nil + :secret "b" + :host "localhost" + :user "one two")))))))) + +;; json + +(ert-deftest auth-source-pass-extra-query-keywords--ws-host-json () + (ert-with-temp-file json-store + :suffix ".json" + :text "\ +[{\"host\":\"hello world\",\"secret\":\"a\"}, + {\"host\":\"localhost\",\"secret\":\"b\"}] +" + (let* ((auth-sources (list json-store)) + (auth-source-do-cache nil) + (results (auth-source-search :host "hello world"))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '(( :host "hello world" + :secret "a"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--ws-user-json () + (ert-with-temp-file json-store + :suffix ".json" + :text "\ +[{\"host\":\"localhost\", + \"user\":\"onetwo\", + \"secret\":\"a\"}, + {\"host\":\"localhost\", + \"user\":\"one two\", + \"secret\":\"b\"}] +" + (let* ((auth-sources (list json-store)) + (auth-source-do-cache nil) + (results (auth-source-search :host "localhost" :user "one two"))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '(( :host "localhost" + :user "one two" + :secret "b"))))))) + +;; secrets + +(require 'secrets) + +(ert-deftest auth-source-pass-extra-query-keywords--ws-host-secrets () + (let ((auth-sources '("secrets:Test")) + (auth-source-do-cache nil) + (entries '(("nil@hello world:nil" + (:host . "hello world") + (:xdg:schema . "org.freedesktop.Secret.Generic")) + ("nil@localhost:nil" + (:host . "localhost") + (:xdg:schema . "org.freedesktop.Secret.Generic")))) + (secrets '(("nil@hello world:nil" . "a") + ("nil@localhost:nil" . "b")))) + + (cl-letf (((symbol-function 'secrets-search-items) + (lambda (_ &rest r) + (mapcan (lambda (s) + (and (seq-every-p (pcase-lambda (`(,k . ,v)) + (equal v (alist-get k (cdr s)))) + (map-pairs r)) + (list (car s)))) + entries))) + ((symbol-function 'secrets-get-secret) + (lambda (_ label) (assoc-default label secrets))) + ((symbol-function 'secrets-get-attributes) + (lambda (_ label) (assoc-default label entries)))) + + (let ((results (auth-source-search :host "hello world"))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '(( :login nil + :port nil + :secret "a" + :host "hello world" + :xdg:schema "org.freedesktop.Secret.Generic")))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--secrets-joao-user () + (let ((auth-sources '("secrets:Test")) + (auth-source-do-cache nil) + (entries '(("onetwo@localhost:nil" + (:host . "localhost") + (:user . "onetwo") + (:xdg:schema . "org.freedesktop.Secret.Generic")) + ("one two@localhost:nil" + (:host . "localhost") + (:user . "one two") + (:xdg:schema . "org.freedesktop.Secret.Generic")))) + (secrets '(("onetwo@localhost:nil" . "a") + ("one two@localhost:nil" . "b")))) + + (cl-letf (((symbol-function 'secrets-search-items) + (lambda (_ &rest r) + (mapcan (lambda (s) + (and (seq-every-p (pcase-lambda (`(,k . ,v)) + (equal v (alist-get k (cdr s)))) + (map-pairs r)) + (list (car s)))) + entries))) + ((symbol-function 'secrets-get-secret) + (lambda (_ label) (assoc-default label secrets))) + ((symbol-function 'secrets-get-attributes) + (lambda (_ label) (assoc-default label entries)))) + + (let ((results (auth-source-search :host "localhost" :user "one two"))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '(( :login nil + :port nil + :secret "b" + :host "localhost" + :user "one two" + :xdg:schema "org.freedesktop.Secret.Generic")))))))) + +;; Pass + +(ert-deftest auth-source-pass-extra-query-keywords--ws-host-pass () + (auth-source-pass--with-store '(("hello world:80" (secret . "a")) + ("localhost:80" (secret . "b"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host "hello world"))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '(( :host "hello world" + :port "80" + :secret "a"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--ws-user-pass () + ;; "suffix" syntax + (auth-source-pass--with-store '(("localhost:80/onetwo" (secret . "a")) + ("localhost:80/one two" (secret . "b"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host "localhost" :user "one two"))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '(( :host "localhost" + :user "one two" + :port "80" + :secret "b")))))) + ;; "prefix" syntax + (auth-source-pass--with-store '(("onetwo@localhost:80" (secret . "a")) + ("one two@localhost:80" (secret . "b"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host "localhost" :user "one two"))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '(( :host "localhost" + :user "one two" + :port "80" + :secret "b"))))))) + (provide 'auth-source-pass-tests) ;;; auth-source-pass-tests.el ends here -- 2.38.1 --=-=-=-- From unknown Fri Aug 15 12:50:21 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 05 Jan 2023 12:24:08 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator