GNU bug report logs -
#76808
30.0.5; auth-source-search with auth-source-pass remembers wrong password
Previous Next
Full log
View this message in rfc822 format
I ran into an issue where auth-source-search returns (and remembers) the wrong password, when combined with 'auth-source-pass'.
Here's the full situation:
- In my password store, I have two passwords:
user <at> website.com
website.com
- I start from a clean state, where I have to enter my password, e.g., by running:
gpgconf --reload gpg-agent
- From emacs, I call
(auth-source-search :host "website.com" :user "user" :max 1)
wanting to access the password in "user <at> website.com"
- I am promoted for a passkey, which I input incorrectly.
- I am then prompted for the passkey a second time, which I input correctly.
- The returned password is that in "website.com" rather than "user <at> website.com"
- Moreover, subsequent calls to `auth-source-search` return the "wrong" password when `auth-source-do-cache` is non-nil.
This is not a bug per se, since I know what happens is that:
`auth-source-search`
calls
`auth-source-search-backends`
which calls
`auth-source-pass-search`
which builds a possible list of matches including "user <at> website.com" and "website.com" that it tests one by one, returning the first match after successful decoding. When I input the wrong password the first time while decoding the correct "user <at> website.com", then the first success happens in the second instance when decoding "website.com".
However, I am wondering if there's a way to detect wrong passkey entries and abort further matching. Or if this is something that should be patched somehow since I was experiencing persistent authentication issues in not-uncommon situations, and which took me quite a while to track down.
Thanks,
-- Al
This bug report was last modified 105 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.