GNU bug report logs - #76168
30.0.91; auth-source backend password-store has no way to pass :force to nntp-send-authinfo

Previous Next

Packages: gnus, emacs;

Reported by: Mekeor Melire <mekeor <at> posteo.de>

Date: Sun, 9 Feb 2025 23:59:01 UTC

Severity: normal

Found in version 30.0.91

Full log

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Mekeor Melire <mekeor <at> posteo.de>
To: bug-gnu-emacs <at> gnu.org
Subject: 30.0.91; auth-source backend password-store has no way to pass
 :force to nntp-send-authinfo
Date: Sun, 09 Feb 2025 23:57:50 +0000

[Message part 1 (text/plain, inline)]
BACKGROUND

The Gnus backend nntp features entries in ~/.authinfo with a field names
`force'.  In fact, the nntp server I use, has the following setup
instructions for Gnus:


[Message part 2 (text/plain, inline)]
add the following line to .authinfo:
machine ... login ... force yes password ...

[Message part 3 (text/plain, inline)]

BUG DESCRIPTION

Unfortunately, it is currently not possible to set this kind of `force'
flag with `password-store' as auth-source backend, as implemented in
lisp/auth-source-pass.el.


WORKAROUND

As a workaround, users can just set `nntp-authinfo-force' to non-nil.
But this will then of course affect all nntp servers, not just a
specific one.


BUG EXPLANATION

The bug emerges as follows:

- `nntp-send-authinfo' (lisp/gnus/nntp.el) calls `auth-source-search'
  and accesses the `:force' property of its car.

- `auth-source-pass--build-result' (lisp/auth-source-pass.el) handles
  "host", "port", "user", and "secret" line-labels in password-store
  entries explicitly but no "force".


POSSIBLE FIX

One approach to fix this bug would be to teach
`auth-source-pass--build-result' about `force':


[Message part 4 (text/x-patch, inline)]
 (defun auth-source-pass--build-result (hosts port user)
   "Build auth-source-pass entry matching HOSTS, PORT and USER.

 HOSTS can be a string or a list of strings."
   (let ((entry-data (auth-source-pass--find-match hosts user port)))
     (when entry-data
       (let ((retval (list
+                     :force (auth-source-pass--get-attr "force" entry-data)
                      :host (auth-source-pass--get-attr "host" entry-data)
                      :port (or (auth-source-pass--get-attr "port" entry-data) port)
                      :user (or (auth-source-pass--get-attr "user" entry-data) user)
                      :secret (lambda () (auth-source-pass--get-attr 'secret entry-data)))))
         (auth-source-pass--do-debug "return %s as final result (plus hidden password)"
                                     (seq-subseq retval 0 -2)) ;; remove password
         retval))))

[Message part 5 (text/plain, inline)]
Then users could have password-store entries like:


[Message part 6 (text/plain, inline)]
my-secret-password

force: yes
user: my-user-name
This bug report was last modified 125 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.