From unknown Sat Jun 21 12:33:26 2025 X-Loop: help-debbugs@gnu.org Subject: bug#76808: 30.0.5; auth-source-search with auth-source-pass remembers wrong password Resent-From: Al Haji-Ali Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 07 Mar 2025 10:40:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 76808 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 76808@debbugs.gnu.org X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.174134399331505 (code B ref -1); Fri, 07 Mar 2025 10:40:02 +0000 Received: (at submit) by debbugs.gnu.org; 7 Mar 2025 10:39:53 +0000 Received: from localhost ([127.0.0.1]:47118 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tqV7R-0008C4-A1 for submit@debbugs.gnu.org; Fri, 07 Mar 2025 05:39:53 -0500 Received: from lists.gnu.org ([2001:470:142::17]:34114) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1tqV7O-0008Bj-1S for submit@debbugs.gnu.org; Fri, 07 Mar 2025 05:39:50 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tqV7H-0001Ny-2x for bug-gnu-emacs@gnu.org; Fri, 07 Mar 2025 05:39:43 -0500 Received: from mail-wm1-x32b.google.com ([2a00:1450:4864:20::32b]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tqV7F-0005LZ-A0 for bug-gnu-emacs@gnu.org; Fri, 07 Mar 2025 05:39:42 -0500 Received: by mail-wm1-x32b.google.com with SMTP id 5b1f17b1804b1-4393dc02b78so10204175e9.3 for ; Fri, 07 Mar 2025 02:39:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741343978; x=1741948778; darn=gnu.org; h=mime-version:message-id:date:subject:to:from:from:to:cc:subject :date:message-id:reply-to; bh=n2aODLAG2QPitJtcIC5pvvENHqNsRyZWmBYMS5TDr/0=; b=Tzy8y7o9Obuf7zpIZZPiWuL1oHOXKXUriAWmaiw34BDDispus2+Z0MWiVIJ+oFNwhr bPwsJ7GS2k27+wJRpTh2damfaIrgbZLVyzvQj4u4UvPuAcE9FvYLv8zWpV9mooa9CPy+ RinTTaMI8rdsbpOMddV+C3wNSRlI6NH8r0rc1+LZsXGClSswRfvrpTNxCYBbJbg1XYzc bnBWpMI1cllhowpcgnwkcgYZp00hxka1QI20V55gytXjw9yPb6Vhpe0hS42sCW/hGkR2 8qchv5y5G1ChLlcIfre1UVzUO8FcRwCyEf63Et60zJQqg5gbIeCmHa/v1VFnjSLyY5s0 eZyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741343978; x=1741948778; h=mime-version:message-id:date:subject:to:from:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=n2aODLAG2QPitJtcIC5pvvENHqNsRyZWmBYMS5TDr/0=; b=G1tmlmB9Mx6d+07dRY54nLWFk/6vqatCKpNWma6e3sVWJDW2Cd9EkRvCgSVnaFAd8q 9q5PaF0Jyn596MF7WAUKUbRJyRyR6/KW5PYFNarEiENDAuww1jGvl0Sfm4uUcIzWSlLB wGHNEYGULAD59aiX6z1Fz+E+xQhFoW4fj0ljWKOwPtJ6AN1qzshX1lwYH5tPtbpy5cmq fb/6il0qpV0Oz6jKRvsvPgAWwWoPcV15Hh0CIeotj8IxHdrkrDSXiNBlm9V02eGTlOda Og5U+UUj8UDB4WWv8Jw50bu11ha+5YmR0SB6giOdEUuntKEcJdMrWx7sCiO49iqKjmVq ipFg== X-Gm-Message-State: AOJu0YxP2V0xZpglQIFRQ0DhFQg/Y4NI6cIWjF4kPUD1lMqQD29pmWmC IdtuXNBL/fBymr5xw0F5SSx2RJsvgV6nk7bhnJImbN1LOOgn9AoneDYk9UQA X-Gm-Gg: ASbGncv0Mzxb/NQurq4uiKWPns/Au0H0JQzSPVskSPu1JYijTNO4bz0GNPDZprrvbQx r6h4ILVqAiGeonXoI6mDH/ZALluiT8XXyG2TnwNJ8zp4TaziJUTfndqWzXxGMcCP8I+lNo8h0hm cfV87/egz4cHjqqhW5Hgf/eKsVWbAnavRYYNqvHD0ueC4zIB4OgS5OIJYt54Vqtk1zM9+vqhHvu uEs73nnhWKudWkzH3Q31cQQVF+RE5mvP3OLTJfpiVF1TqFYLuSiOHboZ3FcI/CSerLrUavVr5WM z2JOPyxu49ouudceZSujE/31+Xw7Mg4MoMOOGt17K7XySRQEXaeFMQ== X-Google-Smtp-Source: AGHT+IEJEmhhoWKSAtwuRSAn/uFYyiVEsX2rehQf1K9JTz6po5hGSqLmv/fstEEo209eNAWq0kaQsw== X-Received: by 2002:a05:600c:4f46:b0:439:9192:f088 with SMTP id 5b1f17b1804b1-43c5a6008admr19035655e9.8.1741343977311; Fri, 07 Mar 2025 02:39:37 -0800 (PST) Received: from localhost ([137.195.27.88]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-43bdd947544sm46641315e9.35.2025.03.07.02.39.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 07 Mar 2025 02:39:36 -0800 (PST) From: Al Haji-Ali Date: Fri, 07 Mar 2025 10:34:19 +0000 Message-ID: MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=2a00:1450:4864:20::32b; envelope-from=abdo.haji.ali@gmail.com; helo=mail-wm1-x32b.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.0 (+) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) I ran into an issue where auth-source-search returns (and remembers) the wrong password, when combined with 'auth-source-pass'. Here's the full situation: - In my password store, I have two passwords: user@website.com website.com - I start from a clean state, where I have to enter my password, e.g., by running: gpgconf --reload gpg-agent - From emacs, I call (auth-source-search :host "website.com" :user "user" :max 1) wanting to access the password in "user@website.com" - I am promoted for a passkey, which I input incorrectly. - I am then prompted for the passkey a second time, which I input correctly. - The returned password is that in "website.com" rather than "user@website.com" - Moreover, subsequent calls to `auth-source-search` return the "wrong" password when `auth-source-do-cache` is non-nil. This is not a bug per se, since I know what happens is that: `auth-source-search` calls `auth-source-search-backends` which calls `auth-source-pass-search` which builds a possible list of matches including "user@website.com" and "website.com" that it tests one by one, returning the first match after successful decoding. When I input the wrong password the first time while decoding the correct "user@website.com", then the first success happens in the second instance when decoding "website.com". However, I am wondering if there's a way to detect wrong passkey entries and abort further matching. Or if this is something that should be patched somehow since I was experiencing persistent authentication issues in not-uncommon situations, and which took me quite a while to track down. Thanks, -- Al