From unknown Wed Sep 24 01:13:52 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#79486 <79486@debbugs.gnu.org> To: bug#79486 <79486@debbugs.gnu.org> Subject: Status: [PATCH] Lookup cached basic-auth credentials with the correct key Reply-To: bug#79486 <79486@debbugs.gnu.org> Date: Wed, 24 Sep 2025 08:13:52 +0000 retitle 79486 [PATCH] Lookup cached basic-auth credentials with the correct= key reassign 79486 emacs submitter 79486 Steven Allen severity 79486 normal tag 79486 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Sun Sep 21 21:46:50 2025 Received: (at submit) by debbugs.gnu.org; 22 Sep 2025 01:46:50 +0000 Received: from localhost ([127.0.0.1]:59046 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1v0Vdh-0001Co-R0 for submit@debbugs.gnu.org; Sun, 21 Sep 2025 21:46:50 -0400 Received: from lists.gnu.org ([2001:470:142::17]:50790) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1v0Vdd-0001Bg-H9 for submit@debbugs.gnu.org; Sun, 21 Sep 2025 21:46:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v0VdV-0003Qv-IB for bug-gnu-emacs@gnu.org; Sun, 21 Sep 2025 21:46:37 -0400 Received: from fhigh-b7-smtp.messagingengine.com ([202.12.124.158]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v0VdJ-00083q-PT for bug-gnu-emacs@gnu.org; Sun, 21 Sep 2025 21:46:36 -0400 Received: from phl-compute-09.internal (phl-compute-09.internal [10.202.2.49]) by mailfhigh.stl.internal (Postfix) with ESMTP id DDED57A0142 for ; Sun, 21 Sep 2025 21:46:16 -0400 (EDT) Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-09.internal (MEProxy); Sun, 21 Sep 2025 21:46:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stebalien.com; h=cc:content-type:content-type:date:date:from:from:in-reply-to :message-id:mime-version:reply-to:subject:subject:to:to; s=fm3; t=1758505576; x=1758591976; bh=XHExYU5t4dR9AWXc70i1hPoXmnjqIDu2 3P/QW5/YOEI=; b=DnJj4WBOVST+Qzb75KKZ9CngPK/1opOGzpmVWj1coU1Pf0yi v/9M8w+VuGys+cRoIoewUZsZBPD+MuDb2KHKY+G44eGcFzh9zoIApZV1i4xMa/ql S/bveiXw0BLnyqzxCWY867fFH9KsnYEE+T8Jxbr+rhPgTzTpQM0wc6qCPlMJsMJI dHIPJqoUTqy1Lu5shk/5zLr3M8hCIkrgxcRZuLl/98ujBxtz841fZ3ZsmxeW1z8X hbA0z5VpkAcAL8rTHybkqbQXOLYn7sM9bNEPrgnT31P9dvPwkfRFev5UaDCIR7M1 3KSjCcPCcfFwRDCaGYKsOmFLv3+NlM7in8SXhw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:message-id :mime-version:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1758505576; x= 1758591976; bh=XHExYU5t4dR9AWXc70i1hPoXmnjqIDu23P/QW5/YOEI=; b=F tER4HQFXPxfXxaSQYSZODojjpFOSGr0Gi9/s73v5Wb1AiQf/8pPyWIfAoulV3T1B QG5jA4Nr0FOfGlNxFWmiCQ4NsKO9lVZdqeWtD73oLpfi3WoS/Q5brocGW4f8xs9H /ndKscac4BDgY41eZGdeCmM5cZW/zqydkaXWu+7KapdZmqJAriJlG2SPsoAxLRm9 Wy0pD+GukhjTlWQI5xUtzZpHigAFLH5pYRBT5Xjsv9p0fwJTIcakuztf4/yBp08a ycfU9JxpX9FZbpKASB3JtY18QCvXJXSZ2xHoISqLsD2W5XZUADe8Le8xttE6839Q VfckZUiNiU4ubi2XS0/iQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtdeggdehieehiecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr ihhlohhuthemuceftddtnecunecujfgurhephffvufffkfggtgesmhdtreertddttdenuc fhrhhomhepufhtvghvvghnucetlhhlvghnuceoshhtvghvvghnsehsthgvsggrlhhivghn rdgtohhmqeenucggtffrrghtthgvrhhnpeekffffgfevteehtdeiffelffegkedvieeige ehfedtteejkeefhfevtddtkeefffenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgr mhepmhgrihhlfhhrohhmpehsthgvvhgvnhesshhtvggsrghlihgvnhdrtghomhdpnhgspg hrtghpthhtohepuddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepsghughdqghhn uhdqvghmrggtshesghhnuhdrohhrgh X-ME-Proxy: Feedback-ID: ie8a146a7:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Sun, 21 Sep 2025 21:46:16 -0400 (EDT) From: Steven Allen To: bug-gnu-emacs@gnu.org Subject: [PATCH] Lookup cached basic-auth credentials with the correct key X-Debbugs-Cc: Stefan Monnier , =?utf-8?Q?Bj?= =?utf-8?Q?=C3=B6rn?= Bidar Date: Sun, 21 Sep 2025 18:46:13 -0700 Message-ID: <87zfanb6oq.fsf@stebalien.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Received-SPF: pass client-ip=202.12.124.158; envelope-from=steven@stebalien.com; helo=fhigh-b7-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.7 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.3 (/) --=-=-= Content-Type: text/plain Tags: patch This patch fixes credential caching for basic auth in the url package. Credentials are cached with "server:port" as the key but were being retrieved from the cache by "server" (leading to a cache miss every time). In GNU Emacs 31.0.50 (build 1, x86_64-pc-linux-gnu, cairo version 1.18.4) of 2025-09-11 built on Laptop Repository revision: 819574e13e5dcefdff136033012d6d34f8940848 Repository branch: makepkg Windowing system distributor 'The X.Org Foundation', version 11.0.12101018 System Description: Arch Linux Configured using: 'configure 'CPPFLAGS=-I/run/user/1000/build/emacs-git/src/mps-git/build/include ' 'LDFLAGS=-L/run/user/1000/build/emacs-git/src/mps-git/build/lib -Wl,-O1 -Wl,--sort-common -Wl,--as-needed -Wl,-z,relro -Wl,-z,now -Wl,-z,pack-relative-relocs -flto=auto' --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/lib --localstatedir=/var --mandir=/usr/share/man --with-gameuser=:games --with-modules --without-m17n-flt --without-selinux --without-pop --without-gconf --disable-gc-mark-trace --with-mps=yes --enable-autodepend --enable-link-time-optimization --with-native-compilation=yes --with-xinput2 --with-x-toolkit=no --without-toolkit-scroll-bars --without-xaw3d --without-gsettings --with-cairo-xcb --without-xft --with-sound=no --with-tree-sitter --without-gpm --without-compress-install '--program-transform-name=s/\([ec]tags\)/\1.emacs/' 'CFLAGS=-march=native -mtune=native -O3 -pipe -fno-plt -fexceptions -Wp,-D_FORTIFY_SOURCE=3 -Wformat -Werror=format-security -fstack-clash-protection -fcf-protection -fomit-frame-pointer -fno-math-errno -fno-trapping-math -Os -fno-math-errno -fno-trapping-math -Os -flto=auto'' --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-Lookup-cached-basic-auth-credentials-with-the-correc.patch >From 654188cf7ea40ce175e41f755b9dfe431cad7f02 Mon Sep 17 00:00:00 2001 From: Steven Allen Date: Sun, 21 Sep 2025 12:36:33 -0700 Subject: [PATCH] Lookup cached basic-auth credentials with the correct key Credentials cached in url-basic-auth-storage are keyed by "server:port" but were being looked up by just "server" in url-basic-auth. * lisp/url/url-auth.el (url-basic-auth): Lookup cached basic auth credentials by "server:port". * test/lisp/url/url-auth-tests.el (url-auth-test-auth-retrieve-cache): Check the digest auth test-cases cache retrieval test cases against the basic auth logic. --- lisp/url/url-auth.el | 9 ++++----- test/lisp/url/url-auth-tests.el | 26 ++++++++++++++++++++++++-- 2 files changed, 28 insertions(+), 7 deletions(-) diff --git a/lisp/url/url-auth.el b/lisp/url/url-auth.el index c07f7b4397a..bd805413639 100644 --- a/lisp/url/url-auth.el +++ b/lisp/url/url-auth.el @@ -71,13 +71,14 @@ url-basic-auth (user (url-user href)) (pass (url-password href)) (enable-recursive-minibuffers t) ; for url-handler-mode (bug#10298) + (serverport (format "%s:%d" server port)) byserv retval data) (setq file (cond (realm realm) ((string= "" file) "/") ((string-match "/$" file) file) (t (url-file-directory file))) - byserv (cdr-safe (assoc server + byserv (cdr-safe (assoc serverport (symbol-value url-basic-auth-storage)))) (cond ((and user pass) @@ -93,9 +94,8 @@ url-basic-auth (url-do-auth-source-search server type :secret user) (and (url-interactive-p) (read-passwd "Password: " nil (or pass ""))))) - (setq server (format "%s:%d" server port)) (set url-basic-auth-storage - (cons (list server + (cons (list serverport (cons file (setq retval (base64-encode-string @@ -129,9 +129,8 @@ url-basic-auth (url-do-auth-source-search server type :secret user) (and (url-interactive-p) (read-passwd "Password: "))) - server (format "%s:%d" server port) retval (base64-encode-string (format "%s:%s" user pass) t) - byserv (assoc server (symbol-value url-basic-auth-storage))) + byserv (assoc serverport (symbol-value url-basic-auth-storage))) (setcdr byserv (cons (cons file retval) (cdr byserv)))))) (t (setq retval nil))) diff --git a/test/lisp/url/url-auth-tests.el b/test/lisp/url/url-auth-tests.el index 73ca9dd4c83..213af5eb07c 100644 --- a/test/lisp/url/url-auth-tests.el +++ b/test/lisp/url/url-auth-tests.el @@ -133,8 +133,8 @@ url-auth-test-digest-create-key (should (string= (nth 1 key) (plist-get challenge :expected-ha2))) ))) -(ert-deftest url-auth-test-digest-auth-retrieve-cache () - "Check how the entry point retrieves cached authentication. +(ert-deftest url-auth-test-auth-retrieve-cache () + "Check how the basic/digest auth entry point retrieves cached authentication. Essential is how realms and paths are matched." (let* ((url-digest-auth-storage @@ -150,6 +150,14 @@ url-auth-test-digest-auth-retrieve-cache ("rootless.org:80" ; no "/" entry for this on purpose ("/path" "pathuser" "key") ("realm" "realmuser" "key")))) + (url-http-real-basic-auth-storage + (mapcar (pcase-lambda (`(,server . ,auths)) + (cons server + (mapcar (pcase-lambda (`(,realm ,user ,secret)) + (cons realm (base64-encode-string + (format "%s:%s" user secret) t))) + auths))) + url-digest-auth-storage)) (attrs (list (cons "nonce" "servernonce"))) auth) @@ -215,6 +223,7 @@ url-auth-test-digest-auth-retrieve-cache (list :url "http://rootless.org/path/query?q=a" :realm "realm" :expected-user "realmuser") )) + ;; Check digest auth. (setq auth (url-digest-auth (plist-get row :url) nil nil (plist-get row :realm) attrs)) @@ -223,6 +232,19 @@ url-auth-test-digest-auth-retrieve-cache (should (string-match ".*username=\"\\(.*?\\)\".*" auth)) (should (string= (match-string 1 auth) (plist-get row :expected-user)))) + (should-not auth)) + ;; Check basic auth. + (setq auth (url-basic-auth (plist-get row :url) + nil nil + (plist-get row :realm) attrs)) + (if (plist-get row :expected-user) + (progn (should auth) + (should (string-prefix-p "Basic " auth)) + (setq auth (base64-decode-string + (string-remove-prefix "Basic " auth) t)) + (should (string-match "\\`\\(.*?\\):key\\'" auth)) + (should (string= (match-string 1 auth) + (plist-get row :expected-user)))) (should-not auth))))) (ert-deftest url-auth-test-digest-auth () -- 2.51.0 --=-=-=--