* bug#72441: 31.0.50; Auth-source-pass doesn't match password attributes or hosts without user when extra-query-keywords is true @ 2024-08-03 11:12 Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors 2024-08-09 18:02 ` J.P. 0 siblings, 1 reply; 6+ messages in thread From: Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2024-08-03 11:12 UTC (permalink / raw) To: 72441 I noticed that auth-source-pass doesn't match agains password file attributes such as those containing :user and only matches password files which contain a host and a user when auth-source-pass-extra-query-keywords is true. Steps to reproduce: 1. Setup pass with the following structure WorkingTest/example.com/foo FailingTest/example2.com FailingTest/example3.com with user: foo in the password file 2. (auth-source-pass-enable) 3. (setq auth-source-pass-extra-query-keywords t) 4. (auth-source-search :host "example" :user "foo") -> works 5. (auth-source-search :host "example2.com") -> fails 6. (auth-source-search :host "example3.com" :user "foo") Auth-source-pass should be able to query the password file for additional attributes if one of the previous attributes such as :host match to it. Quering the file attributes is quite important in use cases where it doesn't make sense to the user to have a host-folder/user-file structure in cases where there's only one password for said host. Same it should maybe also match against :host if no user was provided, I don't know how other sources do this thou. In GNU Emacs 31.0.50 (build 1, x86_64-suse-linux-gnu, GTK+ Version 3.24.43, cairo version 1.18.0) Windowing system distributor 'The X.Org Foundation', version 11.0.12101012 System Description: openSUSE Tumbleweed Configured using: 'configure --disable-build-details --without-pop --with-mailutils --without-hesiod --with-gameuser=:games --with-kerberos --with-kerberos5 --with-file-notification=inotify --with-modules --enable-autodepend --enable-link-time-optimization --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --localstatedir=/var --sharedstatedir=/var/lib --libexecdir=/usr/libexec --with-file-notification=yes --libdir=/usr/lib64 --with-native-compilation=aot --enable-locallisppath=/usr/share/emacs/31.0.50/site-lisp:/usr/share/emacs/site-lisp --with-x --with-xim --with-sound --with-xpm --with-jpeg --with-tiff --with-gif --with-png --with-rsvg --with-dbus --with-xft --without-gpm --with-tree-sitter --with-x-toolkit=gtk --without-pgtk --with-toolkit-scroll-bars --x-includes=/usr/include --x-libraries=/usr/lib64 --with-libotf --with-m17n-flt --with-cairo --with-xwidgets --build=x86_64-suse-linux --with-dumping=pdumper build_alias=x86_64-suse-linux 'CC=sccache cc' 'CFLAGS=-O2 -Wall -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -march=znver3 -mmmx -mpopcnt -msse -msse2 -msse3 -mssse3 -msse4.1 -msse4.2 -mavx -mavx2 -msse4a -mno-fma4 -mno-xop -mfma -mno-avx512f -mbmi -mbmi2 -maes -mpclmul -mno-avx512vl -mno-avx512bw -mno-avx512dq -mno-avx512cd -mno-avx512er -mno-avx512pf -mno-avx512vbmi -mno-avx512ifma -mno-avx5124vnniw -mno-avx5124fmaps -mno-avx512vpopcntdq -mno-avx512vbmi2 -mno-gfni -mvpclmulqdq -mno-avx512vnni -mno-avx512bitalg -mno-avx512bf16 -mno-avx512vp2intersect -mno-3dnow -madx -mabm -mno-cldemote -mclflushopt -mclwb -mclzero -mcx16 -mno-enqcmd -mf16c -mfsgsbase -mfxsr -mno-hle -msahf -mno-lwp -mlzcnt -mmovbe -mno-movdir64b -mno-movdiri -mmwaitx -mno-pconfig -mpku -mno-prefetchwt1 -mprfchw -mno-ptwrite -mrdpid -mrdrnd -mrdseed -mno-rtm -mno-serialize -mno-sgx -msha -mshstk -mno-tbm -mno-tsxldtrk -mvaes -mno-waitpkg -mwbnoinvd -mxsave -mxsavec -mxsaveopt -mxsaves -mno-amx-tile -mno-amx-int8 -mno-amx-bf16 -mno-uintr -mno-hreset -mno-kl -mno-widekl -mno-avxvnni -mno-avx512fp16 -mno-avxifma -mno-avxvnniint8 -mno-avxneconvert -mno-cmpccxadd -mno-amx-fp16 -mno-prefetchi -mno-raoint -mno-amx-complex --param l1-cache-size=32 --param l1-cache-line-size=64 --param l2-cache-size=512 -mtune=znver3 -fno-optimize-sibling-calls -g -D_GNU_SOURCE -DGDK_DISABLE_DEPRECATION_WARNINGS -DGLIB_DISABLE_DEPRECATION_WARNINGS -pipe -Wno-pointer-sign -Wno-unused-variable -Wno-unused-label -DPDMP_BASE='\''"emacs-gtk"'\''' LDFLAGS=-Wl,-O2 'CXX=sccache c++' PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' Configured features: ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GSETTINGS HARFBUZZ JPEG LCMS2 LIBOTF LIBSELINUX LIBSYSTEMD LIBXML2 M17N_FLT MODULES NATIVE_COMP NOTIFY INOTIFY PDUMPER PNG RSVG SECCOMP SOUND SQLITE3 THREADS TIFF TOOLKIT_SCROLL_BARS TREE_SITTER WEBP X11 XDBE XIM XINPUT2 XPM XWIDGETS GTK3 ZLIB Important settings: value of $LC_MONETARY: fi_FI.UTF-8 value of $LC_NUMERIC: POSIX value of $LANG: en_GB.UTF-8 value of $XMODIFIERS: @im=local locale-coding-system: utf-8-unix Major mode: Eshell Minor modes in effect: eshell-prompt-mode: t eshell-pred-mode: t eshell-hist-mode: t eshell-cmpl-mode: t eshell-proc-mode: t eshell-arg-mode: t circe-lagmon-mode: t magit-wip-initial-backup-mode: t magit-wip-before-change-mode: t magit-wip-after-apply-mode: t magit-wip-after-save-mode: t magit-wip-mode: t magit-auto-revert-mode: t pdf-occur-global-minor-mode: t pdf-virtual-global-minor-mode: t global-atomic-chrome-edit-mode: t minions-mode: t back-button-mode: t recentf-mode: t global-auto-revert-mode: t savehist-mode: t emms-playing-time-display-mode: t emms-playing-time-mode: t gnus-desktop-notify-mode: t tracking-mode: t org-super-agenda-mode: t goto-address-mode: t global-git-commit-mode: t projectile-mode: t global-company-mode: t company-mode: t electric-pair-mode: t editorconfig-mode: t frames-only-mode: t windmove-mode: t marginalia-mode: t which-key-mode: t dirvish-override-dired-mode: t dired-async-mode: t helm-mode: t helm-minibuffer-history-mode: t global-so-long-mode: t global-emojify-mode: t emojify-mode: t change-cursor-mode: t doom-modeline-mode: t server-mode: t helm-autoresize-mode: t desktop-save-mode: t Info-persist-history-mode: t save-place-mode: t delete-selection-mode: t override-global-mode: t tooltip-mode: t global-eldoc-mode: t show-paren-mode: t electric-indent-mode: t mouse-wheel-mode: t menu-bar-mode: t file-name-shadow-mode: t global-font-lock-mode: t font-lock-mode: t blink-cursor-mode: t undelete-frame-mode: t minibuffer-regexp-mode: t line-number-mode: t transient-mark-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t Load-path shadows: /home/bidar/.local/etc/emacs/lib/org/lisp/ox-koma-letter hides /home/bidar/.local/etc/emacs/lib/lisp/ox-koma-letter /home/bidar/.local/etc/emacs/lib/org-contrib/lisp/ox-groff hides /home/bidar/.local/etc/emacs/lib/lisp/ox-groff /home/bidar/.local/etc/emacs/lib/vim-modeline/vim-modeline hides /home/bidar/.local/etc/emacs/lib/lisp/vim-modeline /home/bidar/.local/etc/emacs/lib/lisp/htmlize hides /home/bidar/.local/etc/emacs/lib/htmlize/htmlize /home/bidar/.local/etc/emacs/lib/lisp/cursor-chg hides /home/bidar/.local/etc/emacs/lib/cursor-chg/cursor-chg /home/bidar/.local/etc/emacs/lib/cmake-mode/cmake-mode hides /usr/share/emacs/site-lisp/cmake-mode /home/bidar/.local/etc/emacs/lib/async/dired-async hides /usr/share/emacs/site-lisp/dired-async /home/bidar/.local/etc/emacs/lib/async/async-bytecomp hides /usr/share/emacs/site-lisp/async-bytecomp /home/bidar/.local/etc/emacs/lib/async/async-autoloads hides /usr/share/emacs/site-lisp/async-autoloads /home/bidar/.local/etc/emacs/lib/async/smtpmail-async hides /usr/share/emacs/site-lisp/smtpmail-async /home/bidar/.local/etc/emacs/lib/async/async hides /usr/share/emacs/site-lisp/async /home/bidar/.local/etc/emacs/lib/compat/compat hides /usr/share/emacs/site-lisp/compat /home/bidar/.local/etc/emacs/lib/compat/compat-29 hides /usr/share/emacs/site-lisp/compat-29 /home/bidar/.local/etc/emacs/lib/compat/compat-28 hides /usr/share/emacs/site-lisp/compat-28 /home/bidar/.local/etc/emacs/lib/compat/compat-27 hides /usr/share/emacs/site-lisp/compat-27 /home/bidar/.local/etc/emacs/lib/compat/compat-26 hides /usr/share/emacs/site-lisp/compat-26 /home/bidar/.local/etc/emacs/lib/compat/compat-25 hides /usr/share/emacs/site-lisp/compat-25 /home/bidar/.local/etc/emacs/lib/which-key/which-key hides /usr/share/emacs/31.0.50/lisp/which-key /home/bidar/.local/etc/emacs/lib/transient/lisp/transient hides /usr/share/emacs/31.0.50/lisp/transient /home/bidar/.local/etc/emacs/lib/editorconfig/editorconfig hides /usr/share/emacs/31.0.50/lisp/editorconfig /home/bidar/.local/etc/emacs/lib/use-package/bind-key hides /usr/share/emacs/31.0.50/lisp/bind-key /home/bidar/.local/etc/emacs/lib/editorconfig/editorconfig-tools hides /usr/share/emacs/31.0.50/lisp/editorconfig-tools /home/bidar/.local/etc/emacs/lib/editorconfig/editorconfig-fnmatch hides /usr/share/emacs/31.0.50/lisp/editorconfig-fnmatch /home/bidar/.local/etc/emacs/lib/editorconfig/editorconfig-core hides /usr/share/emacs/31.0.50/lisp/editorconfig-core /home/bidar/.local/etc/emacs/lib/editorconfig/editorconfig-core-handle hides /usr/share/emacs/31.0.50/lisp/editorconfig-core-handle /home/bidar/.local/etc/emacs/lib/editorconfig/editorconfig-conf-mode hides /usr/share/emacs/31.0.50/lisp/editorconfig-conf-mode /home/bidar/.local/etc/emacs/lib/modus-themes/theme-loaddefs hides /usr/share/emacs/31.0.50/lisp/theme-loaddefs /home/bidar/.local/etc/emacs/lib/use-package/use-package hides /usr/share/emacs/31.0.50/lisp/use-package/use-package /home/bidar/.local/etc/emacs/lib/use-package/use-package-lint hides /usr/share/emacs/31.0.50/lisp/use-package/use-package-lint /home/bidar/.local/etc/emacs/lib/use-package/use-package-jump hides /usr/share/emacs/31.0.50/lisp/use-package/use-package-jump /home/bidar/.local/etc/emacs/lib/use-package/use-package-ensure hides /usr/share/emacs/31.0.50/lisp/use-package/use-package-ensure /home/bidar/.local/etc/emacs/lib/use-package/use-package-ensure-system-package hides /usr/share/emacs/31.0.50/lisp/use-package/use-package-ensure-system-package /home/bidar/.local/etc/emacs/lib/use-package/use-package-diminish hides /usr/share/emacs/31.0.50/lisp/use-package/use-package-diminish /home/bidar/.local/etc/emacs/lib/use-package/use-package-delight hides /usr/share/emacs/31.0.50/lisp/use-package/use-package-delight /home/bidar/.local/etc/emacs/lib/use-package/use-package-core hides /usr/share/emacs/31.0.50/lisp/use-package/use-package-core /home/bidar/.local/etc/emacs/lib/use-package/use-package-bind-key hides /usr/share/emacs/31.0.50/lisp/use-package/use-package-bind-key /home/bidar/.local/etc/emacs/lib/org/lisp/org-list hides /usr/share/emacs/31.0.50/lisp/org/org-list /home/bidar/.local/etc/emacs/lib/org/lisp/org-refile hides /usr/share/emacs/31.0.50/lisp/org/org-refile /home/bidar/.local/etc/emacs/lib/org/lisp/org-loaddefs hides /usr/share/emacs/31.0.50/lisp/org/org-loaddefs /home/bidar/.local/etc/emacs/lib/org/lisp/ob-lilypond hides /usr/share/emacs/31.0.50/lisp/org/ob-lilypond /home/bidar/.local/etc/emacs/lib/org/lisp/ob-core hides /usr/share/emacs/31.0.50/lisp/org/ob-core /home/bidar/.local/etc/emacs/lib/org/lisp/ox-beamer hides /usr/share/emacs/31.0.50/lisp/org/ox-beamer /home/bidar/.local/etc/emacs/lib/org/lisp/org hides /usr/share/emacs/31.0.50/lisp/org/org /home/bidar/.local/etc/emacs/lib/org/lisp/org-table hides /usr/share/emacs/31.0.50/lisp/org/org-table /home/bidar/.local/etc/emacs/lib/org/lisp/org-src hides /usr/share/emacs/31.0.50/lisp/org/org-src /home/bidar/.local/etc/emacs/lib/org/lisp/org-num hides /usr/share/emacs/31.0.50/lisp/org/org-num /home/bidar/.local/etc/emacs/lib/org/lisp/org-indent hides /usr/share/emacs/31.0.50/lisp/org/org-indent /home/bidar/.local/etc/emacs/lib/org/lisp/org-capture hides /usr/share/emacs/31.0.50/lisp/org/org-capture /home/bidar/.local/etc/emacs/lib/org/lisp/org-persist hides /usr/share/emacs/31.0.50/lisp/org/org-persist /home/bidar/.local/etc/emacs/lib/org/lisp/org-element hides /usr/share/emacs/31.0.50/lisp/org/org-element /home/bidar/.local/etc/emacs/lib/org/lisp/org-element-ast hides /usr/share/emacs/31.0.50/lisp/org/org-element-ast /home/bidar/.local/etc/emacs/lib/org/lisp/org-colview hides /usr/share/emacs/31.0.50/lisp/org/org-colview /home/bidar/.local/etc/emacs/lib/org/lisp/ob-shell hides /usr/share/emacs/31.0.50/lisp/org/ob-shell /home/bidar/.local/etc/emacs/lib/org/lisp/ob-python hides /usr/share/emacs/31.0.50/lisp/org/ob-python /home/bidar/.local/etc/emacs/lib/org/lisp/ob-R hides /usr/share/emacs/31.0.50/lisp/org/ob-R /home/bidar/.local/etc/emacs/lib/org/lisp/org-version hides /usr/share/emacs/31.0.50/lisp/org/org-version /home/bidar/.local/etc/emacs/lib/org/lisp/ox hides /usr/share/emacs/31.0.50/lisp/org/ox /home/bidar/.local/etc/emacs/lib/org/lisp/ox-texinfo hides /usr/share/emacs/31.0.50/lisp/org/ox-texinfo /home/bidar/.local/etc/emacs/lib/org/lisp/ox-publish hides /usr/share/emacs/31.0.50/lisp/org/ox-publish /home/bidar/.local/etc/emacs/lib/org/lisp/ox-org hides /usr/share/emacs/31.0.50/lisp/org/ox-org /home/bidar/.local/etc/emacs/lib/org/lisp/ox-odt hides /usr/share/emacs/31.0.50/lisp/org/ox-odt /home/bidar/.local/etc/emacs/lib/org/lisp/ox-md hides /usr/share/emacs/31.0.50/lisp/org/ox-md /home/bidar/.local/etc/emacs/lib/org/lisp/ox-man hides /usr/share/emacs/31.0.50/lisp/org/ox-man /home/bidar/.local/etc/emacs/lib/org/lisp/ox-latex hides /usr/share/emacs/31.0.50/lisp/org/ox-latex /home/bidar/.local/etc/emacs/lib/org/lisp/ox-koma-letter hides /usr/share/emacs/31.0.50/lisp/org/ox-koma-letter /home/bidar/.local/etc/emacs/lib/org/lisp/ox-icalendar hides /usr/share/emacs/31.0.50/lisp/org/ox-icalendar /home/bidar/.local/etc/emacs/lib/org/lisp/ox-html hides /usr/share/emacs/31.0.50/lisp/org/ox-html /home/bidar/.local/etc/emacs/lib/org/lisp/ox-ascii hides /usr/share/emacs/31.0.50/lisp/org/ox-ascii /home/bidar/.local/etc/emacs/lib/org/lisp/org-timer hides /usr/share/emacs/31.0.50/lisp/org/org-timer /home/bidar/.local/etc/emacs/lib/org/lisp/org-tempo hides /usr/share/emacs/31.0.50/lisp/org/org-tempo /home/bidar/.local/etc/emacs/lib/org/lisp/org-protocol hides /usr/share/emacs/31.0.50/lisp/org/org-protocol /home/bidar/.local/etc/emacs/lib/org/lisp/org-plot hides /usr/share/emacs/31.0.50/lisp/org/org-plot /home/bidar/.local/etc/emacs/lib/org/lisp/org-pcomplete hides /usr/share/emacs/31.0.50/lisp/org/org-pcomplete /home/bidar/.local/etc/emacs/lib/org/lisp/org-mouse hides /usr/share/emacs/31.0.50/lisp/org/org-mouse /home/bidar/.local/etc/emacs/lib/org/lisp/org-mobile hides /usr/share/emacs/31.0.50/lisp/org/org-mobile /home/bidar/.local/etc/emacs/lib/org/lisp/org-macs hides /usr/share/emacs/31.0.50/lisp/org/org-macs /home/bidar/.local/etc/emacs/lib/org/lisp/org-macro hides /usr/share/emacs/31.0.50/lisp/org/org-macro /home/bidar/.local/etc/emacs/lib/org/lisp/org-lint hides /usr/share/emacs/31.0.50/lisp/org/org-lint /home/bidar/.local/etc/emacs/lib/org/lisp/org-keys hides /usr/share/emacs/31.0.50/lisp/org/org-keys /home/bidar/.local/etc/emacs/lib/org/lisp/org-inlinetask hides /usr/share/emacs/31.0.50/lisp/org/org-inlinetask /home/bidar/.local/etc/emacs/lib/org/lisp/org-id hides /usr/share/emacs/31.0.50/lisp/org/org-id /home/bidar/.local/etc/emacs/lib/org/lisp/org-habit hides /usr/share/emacs/31.0.50/lisp/org/org-habit /home/bidar/.local/etc/emacs/lib/org/lisp/org-goto hides /usr/share/emacs/31.0.50/lisp/org/org-goto /home/bidar/.local/etc/emacs/lib/org/lisp/org-footnote hides /usr/share/emacs/31.0.50/lisp/org/org-footnote /home/bidar/.local/etc/emacs/lib/org/lisp/org-fold hides /usr/share/emacs/31.0.50/lisp/org/org-fold /home/bidar/.local/etc/emacs/lib/org/lisp/org-fold-core hides /usr/share/emacs/31.0.50/lisp/org/org-fold-core /home/bidar/.local/etc/emacs/lib/org/lisp/org-feed hides /usr/share/emacs/31.0.50/lisp/org/org-feed /home/bidar/.local/etc/emacs/lib/org/lisp/org-faces hides /usr/share/emacs/31.0.50/lisp/org/org-faces /home/bidar/.local/etc/emacs/lib/org/lisp/org-entities hides /usr/share/emacs/31.0.50/lisp/org/org-entities /home/bidar/.local/etc/emacs/lib/org/lisp/org-duration hides /usr/share/emacs/31.0.50/lisp/org/org-duration /home/bidar/.local/etc/emacs/lib/org/lisp/org-datetree hides /usr/share/emacs/31.0.50/lisp/org/org-datetree /home/bidar/.local/etc/emacs/lib/org/lisp/org-cycle hides /usr/share/emacs/31.0.50/lisp/org/org-cycle /home/bidar/.local/etc/emacs/lib/org/lisp/org-ctags hides /usr/share/emacs/31.0.50/lisp/org/org-ctags /home/bidar/.local/etc/emacs/lib/org/lisp/org-crypt hides /usr/share/emacs/31.0.50/lisp/org/org-crypt /home/bidar/.local/etc/emacs/lib/org/lisp/org-compat hides /usr/share/emacs/31.0.50/lisp/org/org-compat /home/bidar/.local/etc/emacs/lib/org/lisp/org-clock hides /usr/share/emacs/31.0.50/lisp/org/org-clock /home/bidar/.local/etc/emacs/lib/org/lisp/org-attach hides /usr/share/emacs/31.0.50/lisp/org/org-attach /home/bidar/.local/etc/emacs/lib/org/lisp/org-attach-git hides /usr/share/emacs/31.0.50/lisp/org/org-attach-git /home/bidar/.local/etc/emacs/lib/org/lisp/org-archive hides /usr/share/emacs/31.0.50/lisp/org/org-archive /home/bidar/.local/etc/emacs/lib/org/lisp/org-agenda hides /usr/share/emacs/31.0.50/lisp/org/org-agenda /home/bidar/.local/etc/emacs/lib/org/lisp/ol hides /usr/share/emacs/31.0.50/lisp/org/ol /home/bidar/.local/etc/emacs/lib/org/lisp/ol-w3m hides /usr/share/emacs/31.0.50/lisp/org/ol-w3m /home/bidar/.local/etc/emacs/lib/org/lisp/ol-rmail hides /usr/share/emacs/31.0.50/lisp/org/ol-rmail /home/bidar/.local/etc/emacs/lib/org/lisp/ol-mhe hides /usr/share/emacs/31.0.50/lisp/org/ol-mhe /home/bidar/.local/etc/emacs/lib/org/lisp/ol-man hides /usr/share/emacs/31.0.50/lisp/org/ol-man /home/bidar/.local/etc/emacs/lib/org/lisp/ol-irc hides /usr/share/emacs/31.0.50/lisp/org/ol-irc /home/bidar/.local/etc/emacs/lib/org/lisp/ol-info hides /usr/share/emacs/31.0.50/lisp/org/ol-info /home/bidar/.local/etc/emacs/lib/org/lisp/ol-gnus hides /usr/share/emacs/31.0.50/lisp/org/ol-gnus /home/bidar/.local/etc/emacs/lib/org/lisp/ol-eww hides /usr/share/emacs/31.0.50/lisp/org/ol-eww /home/bidar/.local/etc/emacs/lib/org/lisp/ol-eshell hides /usr/share/emacs/31.0.50/lisp/org/ol-eshell /home/bidar/.local/etc/emacs/lib/org/lisp/ol-doi hides /usr/share/emacs/31.0.50/lisp/org/ol-doi /home/bidar/.local/etc/emacs/lib/org/lisp/ol-docview hides /usr/share/emacs/31.0.50/lisp/org/ol-docview /home/bidar/.local/etc/emacs/lib/org/lisp/ol-bibtex hides /usr/share/emacs/31.0.50/lisp/org/ol-bibtex /home/bidar/.local/etc/emacs/lib/org/lisp/ol-bbdb hides /usr/share/emacs/31.0.50/lisp/org/ol-bbdb /home/bidar/.local/etc/emacs/lib/org/lisp/oc hides /usr/share/emacs/31.0.50/lisp/org/oc /home/bidar/.local/etc/emacs/lib/org/lisp/oc-natbib hides /usr/share/emacs/31.0.50/lisp/org/oc-natbib /home/bidar/.local/etc/emacs/lib/org/lisp/oc-csl hides /usr/share/emacs/31.0.50/lisp/org/oc-csl /home/bidar/.local/etc/emacs/lib/org/lisp/oc-bibtex hides /usr/share/emacs/31.0.50/lisp/org/oc-bibtex /home/bidar/.local/etc/emacs/lib/org/lisp/oc-biblatex hides /usr/share/emacs/31.0.50/lisp/org/oc-biblatex /home/bidar/.local/etc/emacs/lib/org/lisp/oc-basic hides /usr/share/emacs/31.0.50/lisp/org/oc-basic /home/bidar/.local/etc/emacs/lib/org/lisp/ob hides /usr/share/emacs/31.0.50/lisp/org/ob /home/bidar/.local/etc/emacs/lib/org/lisp/ob-tangle hides /usr/share/emacs/31.0.50/lisp/org/ob-tangle /home/bidar/.local/etc/emacs/lib/org/lisp/ob-table hides /usr/share/emacs/31.0.50/lisp/org/ob-table /home/bidar/.local/etc/emacs/lib/org/lisp/ob-sqlite hides /usr/share/emacs/31.0.50/lisp/org/ob-sqlite /home/bidar/.local/etc/emacs/lib/org/lisp/ob-sql hides /usr/share/emacs/31.0.50/lisp/org/ob-sql /home/bidar/.local/etc/emacs/lib/org/lisp/ob-sed hides /usr/share/emacs/31.0.50/lisp/org/ob-sed /home/bidar/.local/etc/emacs/lib/org/lisp/ob-screen hides /usr/share/emacs/31.0.50/lisp/org/ob-screen /home/bidar/.local/etc/emacs/lib/org/lisp/ob-scheme hides /usr/share/emacs/31.0.50/lisp/org/ob-scheme /home/bidar/.local/etc/emacs/lib/org/lisp/ob-sass hides /usr/share/emacs/31.0.50/lisp/org/ob-sass /home/bidar/.local/etc/emacs/lib/org/lisp/ob-ruby hides /usr/share/emacs/31.0.50/lisp/org/ob-ruby /home/bidar/.local/etc/emacs/lib/org/lisp/ob-ref hides /usr/share/emacs/31.0.50/lisp/org/ob-ref /home/bidar/.local/etc/emacs/lib/org/lisp/ob-processing hides /usr/share/emacs/31.0.50/lisp/org/ob-processing /home/bidar/.local/etc/emacs/lib/org/lisp/ob-plantuml hides /usr/share/emacs/31.0.50/lisp/org/ob-plantuml /home/bidar/.local/etc/emacs/lib/org/lisp/ob-perl hides /usr/share/emacs/31.0.50/lisp/org/ob-perl /home/bidar/.local/etc/emacs/lib/org/lisp/ob-org hides /usr/share/emacs/31.0.50/lisp/org/ob-org /home/bidar/.local/etc/emacs/lib/org/lisp/ob-octave hides /usr/share/emacs/31.0.50/lisp/org/ob-octave /home/bidar/.local/etc/emacs/lib/org/lisp/ob-ocaml hides /usr/share/emacs/31.0.50/lisp/org/ob-ocaml /home/bidar/.local/etc/emacs/lib/org/lisp/ob-maxima hides /usr/share/emacs/31.0.50/lisp/org/ob-maxima /home/bidar/.local/etc/emacs/lib/org/lisp/ob-matlab hides /usr/share/emacs/31.0.50/lisp/org/ob-matlab /home/bidar/.local/etc/emacs/lib/org/lisp/ob-makefile hides /usr/share/emacs/31.0.50/lisp/org/ob-makefile /home/bidar/.local/etc/emacs/lib/org/lisp/ob-lua hides /usr/share/emacs/31.0.50/lisp/org/ob-lua /home/bidar/.local/etc/emacs/lib/org/lisp/ob-lob hides /usr/share/emacs/31.0.50/lisp/org/ob-lob /home/bidar/.local/etc/emacs/lib/org/lisp/ob-lisp hides /usr/share/emacs/31.0.50/lisp/org/ob-lisp /home/bidar/.local/etc/emacs/lib/org/lisp/ob-latex hides /usr/share/emacs/31.0.50/lisp/org/ob-latex /home/bidar/.local/etc/emacs/lib/org/lisp/ob-julia hides /usr/share/emacs/31.0.50/lisp/org/ob-julia /home/bidar/.local/etc/emacs/lib/org/lisp/ob-js hides /usr/share/emacs/31.0.50/lisp/org/ob-js /home/bidar/.local/etc/emacs/lib/org/lisp/ob-java hides /usr/share/emacs/31.0.50/lisp/org/ob-java /home/bidar/.local/etc/emacs/lib/org/lisp/ob-haskell hides /usr/share/emacs/31.0.50/lisp/org/ob-haskell /home/bidar/.local/etc/emacs/lib/org/lisp/ob-groovy hides /usr/share/emacs/31.0.50/lisp/org/ob-groovy /home/bidar/.local/etc/emacs/lib/org/lisp/ob-gnuplot hides /usr/share/emacs/31.0.50/lisp/org/ob-gnuplot /home/bidar/.local/etc/emacs/lib/org/lisp/ob-fortran hides /usr/share/emacs/31.0.50/lisp/org/ob-fortran /home/bidar/.local/etc/emacs/lib/org/lisp/ob-forth hides /usr/share/emacs/31.0.50/lisp/org/ob-forth /home/bidar/.local/etc/emacs/lib/org/lisp/ob-exp hides /usr/share/emacs/31.0.50/lisp/org/ob-exp /home/bidar/.local/etc/emacs/lib/org/lisp/ob-eval hides /usr/share/emacs/31.0.50/lisp/org/ob-eval /home/bidar/.local/etc/emacs/lib/org/lisp/ob-eshell hides /usr/share/emacs/31.0.50/lisp/org/ob-eshell /home/bidar/.local/etc/emacs/lib/org/lisp/ob-emacs-lisp hides /usr/share/emacs/31.0.50/lisp/org/ob-emacs-lisp /home/bidar/.local/etc/emacs/lib/org/lisp/ob-dot hides /usr/share/emacs/31.0.50/lisp/org/ob-dot /home/bidar/.local/etc/emacs/lib/org/lisp/ob-ditaa hides /usr/share/emacs/31.0.50/lisp/org/ob-ditaa /home/bidar/.local/etc/emacs/lib/org/lisp/ob-css hides /usr/share/emacs/31.0.50/lisp/org/ob-css /home/bidar/.local/etc/emacs/lib/org/lisp/ob-comint hides /usr/share/emacs/31.0.50/lisp/org/ob-comint /home/bidar/.local/etc/emacs/lib/org/lisp/ob-clojure hides /usr/share/emacs/31.0.50/lisp/org/ob-clojure /home/bidar/.local/etc/emacs/lib/org/lisp/ob-calc hides /usr/share/emacs/31.0.50/lisp/org/ob-calc /home/bidar/.local/etc/emacs/lib/org/lisp/ob-awk hides /usr/share/emacs/31.0.50/lisp/org/ob-awk /home/bidar/.local/etc/emacs/lib/org/lisp/ob-C hides /usr/share/emacs/31.0.50/lisp/org/ob-C /home/bidar/.local/etc/emacs/lib/compat/compat hides /usr/share/emacs/31.0.50/lisp/emacs-lisp/compat Features: (shadow emacsbug em-unix em-term em-script em-prompt em-pred em-ls em-hist em-glob em-extpipe em-cmpl em-dirs em-basic em-banner em-alias esh-mode esh-var eshell esh-cmd esh-ext esh-opt esh-proc esh-io esh-arg esh-module esh-module-loaddefs esh-util make-mode move-text goto-chg whitespace gitignore-mode dired-open helm-ls-git help-macro tabify gnus-search eieio-opt speedbar ezimage dframe finder-inf gnus-delay gnus-draft gitattributes-mode vc-dir two-column helm-descbinds mailalias bbdb-pgp message-attachment-reminder bbdb-message gnus-alias autocrypt-message git-rebase magit-extras shortdoc cl-print adaptive-wrap adaptive-wrap-autoloads gitconfig-mode help-fns emacsql-sqlite-builtin sqlite org-indent crux smart-region multiple-cursors mc-separate-operations rectangular-region-mode mc-mark-pop mc-edit-lines mc-hide-unmatched-lines-mode mc-mark-more html-mode-expansions sgml-mode mc-cycle-cursors multiple-cursors-core rect expand-region yaml-mode-expansions subword-mode-expansions cperl-mode-expansions text-mode-expansions cc-mode-expansions the-org-mode-expansions python-el-fgallina-expansions er-basic-expansions expand-region-core expand-region-custom char-fold helm-org-rifle misearch multi-isearch orgit-forge orgit doctor helm-command org-clock-helpers flow-fill mastodon-notifications mastodon-media mastodon-profile mastodon-auth mastodon-client plstore mastodon mastodon-search mastodon-toot persist mastodon-http request circe-lagmon ietf-drums-date gnus-gravatar gnus-cite message-view-patch forge-repos forge-tablist forge-topics forge-commands forge-semi forge-bitbucket buck forge-gogs gogs forge-gitea gtea forge-gitlab glab forge-github ghub-graphql treepy gsexp ghub forge-notify forge-revnote forge-pullreq forge-issue forge-topic yaml eieio-custom forge-post markdown-mode forge-repo forge forge-core forge-db magit-popup magit-bookmark magit-submodule magit-blame magit-stash magit-reflog magit-bisect magit-push magit-pull magit-fetch magit-clone magit-remote magit-commit magit-sequence magit-notes magit-worktree magit-tag magit-merge magit-branch magit-reset magit-files magit-refs magit-status magit magit-repos magit-apply magit-wip magit-log magit-diff smerge-mode diff magit-core magit-autorevert magit-margin magit-transient magit-process magit-mode w3m-form w3m-symbol w3m w3m-hist bookmark-w3m w3m-ems w3m-favicon w3m-image w3m-fb tab-line w3m-proc w3m-util mm-archive mail-extr textsec uni-scripts idna-mapping ucs-normalize uni-confusable textsec-check gnus-async gnus-bcklg bbdb-gnus-aux qp gnus-ml gnus-demon autocrypt-gnus nndraft nnmh gnus-topic utf-7 epa-file nnfolder bbdb-gnus bbdb-mua nnnil hydra lv winner tramp-archive tramp-gvfs zeroconf helm-x-files helm-for-files helm-external network-stream pulse image-file image-converter company-shell rpm-spec-mode company-anaconda highlight-indent-guides cap-words superword subword anaconda-mode pythonic tramp-cache time-stamp tramp-sh dired-collapse dirvish-yank dirvish-subtree dirvish-collapse dirvish-icons dirvish-vc dirvish-widgets pdf-history pdf-outline pdf-links pdf-annot pdf-sync pdf-occur tablist tablist-filter semantic/wisent/comp semantic/wisent semantic/wisent/wisent semantic/util-modes semantic/util semantic semantic/tag semantic/lex semantic/fw mode-local cedet pdf-isearch pdf-misc pdf-virtual whole-line-or-region pdf-tools package pdf-view pdf-cache pdf-info pdf-util pdf-macs generic-x skeleton generic atomic-chrome websocket minions back-button smartrep helm-projectile recentf tree-widget autorevert cus-start savehist org-edit-indirect edit-indirect org-bug bug-search bug-comment-mode bug-backend-bz-rpc bug-list-mode bug-mode bug-format bug-rpc bug-debug bug-search-common bug-common-functions bug-persistent-data bug-custom yeetube yeetube-mpv socks elfeed-autotag elfeed-score elfeed-score-maint elfeed-score-scoring elfeed-score-serde elfeed-score-rule-stats elfeed-score-rules elfeed-score-log elfeed-tube elfeed-tube-utils aio elfeed-protocol-owncloud elfeed-protocol elfeed-protocol-common elfeed-show elfeed-search rainbow-delimiters ligature symbol-overlay hideshow vc-hg vc-bzr vc-src vc-sccs vc-svn vc-cvs vc-rcs log-view bug-reference elfeed-csv elfeed elfeed-curl elfeed-log elfeed-db elfeed-lib xml-query emms-i18n emms-history emms-score emms-stream-info emms-metaplaylist-mode emms-bookmarks emms-cue emms-mode-line-icon emms-browser sort emms-volume emms-volume-sndioctl emms-volume-mixerctl emms-volume-pulse emms-volume-amixer emms-playlist-sort emms-last-played emms-player-mpd emms-playing-time emms-lyrics emms-url emms-player-simple emms-streams emms-show-all emms-tag-editor emms-tag-tracktag emms-info-mp3info emms-mark emms-mode-line emms-cache emms-playlist-mode emms-info-native emms-info-native-spc emms-info-native-mp3 emms-info-native-ogg emms-info-native-opus emms-info-native-flac emms-info-native-vorbis emms-info-libtag emms-info emms-later-do emms-source-playlist emms-source-file locate emms emms-compat khardel gravatar dns smiley autocrypt gnus-icalendar org-capture smtpmail-async smtpmail gnus-agent gnus-srvr gnus-score score-mode nnvirtual gnus-msg nntp gnus-cache gnus-desktop-notify bbdb-vcard bbdb-com bbdb-vcard-vcard21 bbdb bbdb-site timezone mastodon-async mastodon-tl url-cache mpv tq mastodon-iso lui-track company-emoji company-emoji-list helm-circe circe-notifications circe-display-images circe-color-nicks circe lui-irc-colors irc lcs lui-logging lui-format lui tracking shorten flyspell circe-compat ical2org org-modern org-caldav icalendar url-dav url-http url-auth url-gw nsm url-handlers ox-koma-letter ox-extra org-pomodoro alert notifications org-timer org-expiry ol-man org-clock org-protocol ob-sqlite ob-sql ob-shell ob-python python ob-plantuml ob-org ob-octave ob-lua ob-js ob-gnuplot ox-odt rng-loc rng-uri rng-parse rng-match rng-dt rng-util rng-pttrn nxml-parse nxml-ns nxml-enc xmltok nxml-util ox-latex ox-icalendar org-super-agenda ts org-habit org-duration cdlatex reftex reftex-loaddefs reftex-vars texmathp org-appear ws-butler selected jinx oc-basic ol-eww eww url-queue mm-url ol-rmail ol-mhe ol-irc ol-info ol-gnus nnselect gnus-art mm-uu mml2015 mm-view mml-smime smime gnutls dig gnus-sum shr pixel-fill kinsoku url-file svg dom gnus-group gnus-undo gnus-start gnus-dbus dbus gnus-cloud nnimap nnmail mail-source utf7 nnoo gnus-spec gnus-int gnus-range gnus-win gnus nnheader range ol-docview doc-view ol-bibtex bibtex ol-bbdb ol-w3m ol-doi org-link-doi goto-addr view mule-util cal-china cal-bahai cal-islam cal-hebrew holidays holiday-loaddefs cal-iso cal-julian lunar solar cal-dst vim-modeline appt org-agenda ox-html table ox-ascii ox-publish ox org-element org-persist org-id org-refile org-element-ast avl-tree ob-dot ob-ditaa ob-clojure ob-C outshine outshine-org-cmds outorg smartparens-org smartparens-text smartparens loadhist org-archive-subtree-hierarchy org-archive org ob ob-tangle ob-ref ob-lob ob-table ob-exp org-macro org-src ob-comint org-pcomplete org-list org-footnote org-faces org-entities ob-emacs-lisp ob-core ob-eval org-cycle org-table ol org-fold org-fold-core org-keys oc org-loaddefs org-version org-compat org-macs noutline outline salt-mode rst mmm-jinja2 yaml-mode perl-completion woman man ffap dabbrev cperl-mode facemenu helm-elisp helm-eval edebug debug backtrace cc-mode cc-fonts cc-guess cc-menus cc-cmds cc-styles cc-align cc-engine cc-vars cc-defs ggtags ewoc flycheck-color-mode-line flycheck jka-compr let-alist meson-mode bitbake-modes bitbake autoinsert conf-bitbake-mode conf-mode bitbake-ff find-file bitbake-mmm sh-script smie treesit executable mmm-mode mmm-univ mmm-class mmm-region mmm-auto mmm-vars mmm-utils mmm-compat bitbake-functions bitbake-compat xterm-color vc-osc vc magit-libgit libgit libegit2 git-commit magit-git magit-base which-func imenu vc-git diff-mode track-changes vc-dispatcher magit-section benchmark cursor-sensor crm log-edit message sendmail yank-media puny rfc822 mml mml-sec epa epg rfc6068 epg-config gnus-util mm-decode mm-bodies mm-encode mail-parse rfc2231 rfc2047 rfc2045 mm-util ietf-drums mail-prsvr mailabbrev mail-utils gmm-utils mailheader pcvs-util add-log diary-lib diary-loaddefs cal-menu calendar cal-loaddefs midnight vlf-setup multi-vterm company-yasnippet vterm face-remap color term disp-table ehelp vterm-module term/xterm xterm projectile ibuf-ext ibuffer ibuffer-loaddefs company-oddmuse company-keywords company-etags etags fileloop generator xref project company-gtags company-dabbrev-code company-dabbrev company-files company-clang company-capf company-cmake company-semantic company-template company-bbdb company elec-pair editorconfig editorconfig-core editorconfig-core-handle editorconfig-fnmatch wgrep-ag frames-only-mode windmove i3-integration i3 bindat marginalia which-key dirvish transient helm-dired-history dired-ranger dired-avfs dired-rainbow dired-filter dired-hacks-utils dired-x dired-async dired-du find-dired wdired dired-aux helm-icons treemacs-icons treemacs-scope treemacs-themes treemacs-core-utils treemacs-logging treemacs-customization pfuture inline hl-line treemacs-faces helm-bookmark helm-net browse-url xml url url-proxy url-privacy url-expand url-methods url-history url-cookie url-domsuf url-util mailcap helm-adaptive helm-info bookmark helm-mode helm-misc helm-files image-dired image-dired-tags image-dired-external image-dired-util image-mode dired dired-loaddefs exif filenotify tramp trampver tramp-integration files-x tramp-message tramp-compat xdg parse-time iso8601 time-date tramp-loaddefs helm-buffers all-the-icons all-the-icons-faces data-material data-weathericons data-octicons data-fileicons data-faicons data-alltheicons helm-occur helm-tags helm-locate helm-grep wgrep-helm wgrep grep compile text-property-search helm-regexp format-spec helm-utils helm-help helm-types so-long emojify apropos tar-mode arc-mode archive-mode ht cursor-chg doom-modeline doom-modeline-segments doom-modeline-env doom-modeline-core shrink-path f s dash nerd-icons nerd-icons-faces nerd-icons-data nerd-icons-data-mdicon nerd-icons-data-flicon nerd-icons-data-codicon nerd-icons-data-devicon nerd-icons-data-sucicon nerd-icons-data-wicon nerd-icons-data-faicon nerd-icons-data-powerline nerd-icons-data-octicon nerd-icons-data-pomicon nerd-icons-data-ipsicon modus-vivendi-theme modus-themes helm-pass password-store with-editor shell pcomplete comint ansi-osc ansi-color ring server helm helm-global-bindings helm-easymenu edmacro kmacro helm-core async-bytecomp helm-source helm-multi-match helm-lib async auth-source-pass url-parse url-vars auth-source password-cache printing ps-print ps-print-loaddefs lpr desktop frameset derived advice info+ thingatpt cl saveplace delsel no-littering epkg-elpa json map epkg-utils epkg-list epkg-desc find-func epkg closql emacsql-sqlite-common emacsql emacsql-compiler eieio-base eieio byte-opt eieio-core cl-macs llama comp-run compat use-package use-package-ensure use-package-delight use-package-diminish use-package-bind-key bind-key easy-mmode use-package-core zop-to-char-autoloads yeetube-autoloads yasnippet-autoloads yaml-mode-autoloads yaml-autoloads xterm-color-autoloads ws-butler-autoloads with-editor-autoloads whole-line-or-region-autoloads which-key-autoloads wgrep-autoloads websocket-autoloads web-mode-autoloads w3m-autoloads vlf-autoloads visual-regexp-autoloads vim-modeline-autoloads vc-osc-autoloads uuidgen-autoloads use-package-autoloads ts-autoloads treepy-autoloads treemacs-nerd-icons-autoloads treemacs-autoloads transient-autoloads toml-mode-autoloads systemd-autoloads symbol-overlay-autoloads swiper-helm-autoloads ssh-config-mode-autoloads spinner-autoloads smartrep-autoloads smartparens-autoloads smart-region-autoloads skewer-mode-autoloads simple-httpd-autoloads shrink-path-autoloads selected-autoloads salt-mode-autoloads s-autoloads rpm-spec-mode-autoloads rich-minority-autoloads request-autoloads rainbow-delimiters-autoloads qt-pro-mode-autoloads qml-mode-autoloads pythonic-autoloads projectile-autoloads posframe-autoloads pos-tip-autoloads popup-autoloads plantuml-mode-autoloads pkgbuild-mode-autoloads piper-autoloads pfuture-autoloads perspective-autoloads persp-mode-autoloads persist-autoloads password-store-autoloads pass-autoloads outshine-autoloads outorg-autoloads orgit-forge-autoloads orgit-autoloads org-vcard-autoloads org-tree-slide-autoloads org-super-agenda-autoloads org-pomodoro-autoloads org-modern-autoloads org-edit-indirect-autoloads org-contrib-autoloads org-contacts-autoloads org-clock-helpers-autoloads org-caldav-autoloads org-appear-autoloads org-autoloads no-littering-autoloads nginx-mode-autoloads nerd-icons-ibuffer-autoloads nerd-icons-autoloads navi-mode-autoloads multiple-cursors-autoloads multi-vterm-autoloads mpv-autoloads move-text-autoloads modus-themes-autoloads mode-icons-autoloads mmm-mode-autoloads mmm-jinja2-autoloads minions-autoloads message-x-autoloads message-view-patch-autoloads message-attachment-reminder-autoloads meson-mode-autoloads mastodon-autoloads markdown-mode-autoloads marginalia-autoloads magit-popup-autoloads magit-autoloads lua-mode-autoloads lsp-ui-autoloads lsp-treemacs-autoloads lsp-mode-autoloads lsp-docker-autoloads logview-autoloads llama-autoloads lisp-autoloads link-hint-autoloads ligature-autoloads levenshtein-autoloads khardel-autoloads js2-mode-autoloads journalctl-autoloads jira-markup-mode-autoloads ivy-autoloads irony-autoloads ir-black-theme-autoloads info+-autoloads iedit-autoloads ical2org-autoloads ibuffer-projectile-autoloads i3wm-config-mode-autoloads i3-autoloads hydra-autoloads htmlize-autoloads ht-autoloads highlight-indent-guides-autoloads helm-projectile-autoloads helm-pass-autoloads helm-org-rifle-autoloads helm-make-autoloads helm-ls-git-autoloads helm-icons-autoloads helm-ext-autoloads helm-emms-autoloads helm-dired-history-autoloads helm-descbinds-autoloads helm-circe-autoloads helm-autoloads guess-language-autoloads grep-context-autoloads goto-chg-autoloads gnus-recent-autoloads gnus-notes-autoloads gnus-desktop-notify-autoloads gnus-alias-autoloads gitconfig-autoloads git-modes-autoloads ghub-autoloads ggtags-autoloads frames-only-mode-autoloads forge-autoloads flycheck-color-mode-line-autoloads flycheck-autoloads fedi-autoloads f-autoloads extmap-autoloads expand-region-autoloads evil-multiedit-autoloads evil-autoloads emojify-autoloads emacsql-autoloads elixir-mode-autoloads elfeed-tube-autoloads elfeed-summary-autoloads elfeed-score-autoloads elfeed-protocol-autoloads elfeed-autotag-autoloads elfeed-autoloads el-mock-autoloads eimp-autoloads editorconfig-autoloads edit-indirect-autoloads dumb-jump-autoloads doom-modeline-autoloads docbook-autoloads dirvish-autoloads dired-rsync-autoloads dired-hacks-autoloads dired-du-autoloads devhelp-autoloads deferred-autoloads default-text-scale-autoloads debbugs-autoloads datetime-autoloads dash-autoloads dap-mode-autoloads cursor-chg-autoloads crux-autoloads copy-as-format-autoloads compat-autoloads company-shell-autoloads company-quickhelp-autoloads company-nginx-autoloads company-lua-autoloads company-irony-autoloads company-emoji-autoloads company-anaconda-autoloads company-autoloads code-review-autoloads cmake-mode-autoloads cmake-font-lock-autoloads closql-autoloads circe-notifications-autoloads circe-autoloads cdlatex-autoloads ccls-autoloads buttercup-autoloads bui-autoloads bug-mode-autoloads bitbake-modes-autoloads bbdb-vcard-autoloads bbdb-loaddefs back-button-autoloads avy-autoloads autocrypt-autoloads auto-compile-autoloads atomic-chrome-autoloads async-autoloads anaconda-mode-autoloads all-the-icons-autoloads alert-autoloads aio-autoloads ag-autoloads ace-window-autoloads ace-link-autoloads a-autoloads 2048-game-autoloads borg loaddefs-gen generate-lisp-file lisp-mnt radix-tree info cus-edit pp pcase cus-load wid-edit comp cl-seq comp-cstr cl-extra help-mode comp-common warnings icons subr-x rx gv cl-loaddefs cl-lib bytecomp byte-compile preview-latex auctex tex-site ispell rmc iso-transl tooltip cconv eldoc paren electric uniquify ediff-hook vc-hooks lisp-float-type elisp-mode mwheel term/x-win x-win term/common-win x-dnd touch-screen tool-bar dnd fontset image regexp-opt fringe tabulated-list replace newcomment text-mode lisp-mode prog-mode register page tab-bar menu-bar rfn-eshadow isearch easymenu timer select scroll-bar mouse jit-lock font-lock syntax font-core term/tty-colors frame minibuffer nadvice seq simple cl-generic indonesian philippine cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese composite emoji-zwj charscript charprop case-table epa-hook jka-cmpr-hook help abbrev obarray oclosure cl-preloaded button loaddefs theme-loaddefs faces cus-face macroexp files window text-properties overlay sha1 md5 base64 format env code-pages mule custom widget keymap hashtable-print-readable backquote threads xwidget-internal dbusbind inotify lcms2 dynamic-setting system-font-setting font-render-setting cairo gtk x-toolkit xinput2 x multi-tty move-toolbar make-network-process native-compile emacs) Memory information: ((conses 16 8814971 1834230) (symbols 48 113156 6) (strings 32 2138810 377553) (string-bytes 1 196033441) (vectors 16 420969) (vector-slots 8 7713005 1814464) (floats 8 10276 45198) (intervals 56 524388 35453) (buffers 992 455)) ^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#72441: 31.0.50; Auth-source-pass doesn't match password attributes or hosts without user when extra-query-keywords is true 2024-08-03 11:12 bug#72441: 31.0.50; Auth-source-pass doesn't match password attributes or hosts without user when extra-query-keywords is true Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2024-08-09 18:02 ` J.P. 2024-08-09 19:20 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors [not found] ` <87ed6xy03r.fsf@> 0 siblings, 2 replies; 6+ messages in thread From: J.P. @ 2024-08-09 18:02 UTC (permalink / raw) To: 72441; +Cc: Björn Bidar [-- Attachment #1: Type: text/plain, Size: 8474 bytes --] Björn Bidar via "Bug reports for GNU Emacs, the Swiss army knife of text editors" <bug-gnu-emacs@gnu.org> writes: > I noticed that auth-source-pass doesn't match agains password file > attributes such as those containing :user and only matches password > files which contain a host and a user when > auth-source-pass-extra-query-keywords is true. I don't use pass myself, nor have I ever, but I suppose I did add the `auth-source-pass-extra-query-keywords' option (though mainly in a bid to make auth-source-pass behave more like other back ends so it's usable with ERC). Anyway, I do actually recall being somewhat aware of the existence of the file attributes you mention. It seems I even left a comment about the current lack of support [1]. Looking into this a bit, it seems the password store's web page considers everything after the initial (password) line to be an opaque text blob: The password store does not impose any particular schema or type of organization of your data, as it is simply a flat text file, which can contain arbitrary data. Though the most common case is storing a single password per entry, some power users find they would like to store more than just their password inside the password store, and additionally store answers to secret questions, website URLs, and other sensitive information or metadata. Since the password store does not impose a scheme of it's own, you can choose your own organization. There are many possibilities. However, I do realize that the auth-source-pass back end without the extra-keywords option already dips into a file's contents looking for an attributes list like the one shown on the web page. (Whether that's wise is pretty much moot after all these years.) Anyway, for that reason, I suppose we _should_ attempt to at least explore doing the same when the extra-keywords option is enabled. For me, the most important thing remains mimicking the behavior of the other built-in back ends, which at times is admittedly unintuitive but nevertheless consistent and thus predictable from a mechanical POV. > Steps to reproduce: > 1. Setup pass with the following structure > WorkingTest/example.com/foo > FailingTest/example2.com > FailingTest/example3.com with user: foo in the password file > 2. (auth-source-pass-enable) > 3. (setq auth-source-pass-extra-query-keywords t) > 4. (auth-source-search :host "example" :user "foo") -> works > 5. (auth-source-search :host "example2.com") -> fails > 6. (auth-source-search :host "example3.com" :user "foo") > > Auth-source-pass should be able to query the password file for > additional attributes if one of the previous attributes such as :host > match to it. Quering the file attributes is quite important in use > cases where it doesn't make sense to the user to have a > host-folder/user-file structure in cases where there's only one > password for said host. Currently, if you have a file in the root of your ~/.password-store named something like "top-level-host.com", and it's contents feature a "user: foo" attribute, both (auth-source-search :host "top-level-host.com") and (auth-source-search :host "top-level-host.com" :user "foo") return ((:host "top-level-host.com" :secret ...)). If you're saying you want to see (:user "foo") in the results as well, I guess we can do that (see attached patch as well as [2], below). However, this still won't work on any of your examples, which all have intervening path components between the root directory and the .gpg files. The reason for this restriction is explained below. If we do end up going with something like the attached patch, we'll need to profile it. I can create a bunch of fake trees of varying shapes and sizes, but I'd rather someone with real data and a sizable store assess how much slower it is to visit (and thus decrypt) potentially every file in the tree, which is what any attr-reading implementation must do. On my machine, it takes roughly 0.18 seconds to decrypt a single two-line file via `auth-source-pass--read-entry'. (This seems prohibitively expensive to do en masse, no?) FWIW, most of this time is spent in `epg-wait-for-status', which blocks until the subprocess exits. > Same it should maybe also match against :host > if no user was provided, I don't know how other sources do this thou. While the reference implementation indeed succeeds with a plain :host input (see test `auth-source-pass-extra-query-keywords--netrc-host'), I believe the actual problem you perceive has more to do with the content of the file paths, specifically, leading directory components. Still, I'm inclined to agree that this would be nice to have. However, I do seem to recall this being discussed on at least one occasion, with the conclusion being that it's too complicated, if not impossible, to disambiguate between a trailing "hostname/user" and "folder/hostname". Nevertheless, we could add an option to do it anyway based on one or more heuristics-based strategy (resolving hosts for real is surely a no go). For example, one such strategy could ignore a penultimate file-path component that's not an FQDN, even if it's, say, LDH-only and resolvable as a hostname, so long as the leaf component _is_ an FQDN. However, such an option would have to be disabled by default to prevent existing entries like "localhost/test.user" from being parsed as (:host "test.user"). In any case, I'm happy to review patches, but I think someone who actually uses this back end should implement the feature. [1] https://git.savannah.gnu.org/cgit/emacs.git/tree/lisp/auth-source-pass.el?id=423c86cb#n300 [2] The following describes details of the attached patch's logic for the inner (dolist (e entries) ...) loop of the primary matching function `auth-source-pass--find-match-many'. Hopefully it's somewhat sound with regard to deferring decryption for as long as possible. 1. Parse the file path of each entry first and cache its results in a plist, the "cached entry metadata," which is filed under the entry's file-path in the `seen' hash table. If it doesn't match the basic filename format, it must not be a passwordstore file, so reject the entry. 2. Check the :host field before reading the file. Unless it matches, reject the entry. 3. Engage in a series of probing conditional checks for a :port field to match against a provided "port" query parameter, all while attempting to defer decryption until absolutely necessary. (A path-encoded :port always takes precedence over a :port in the file.) - If a `port' query parameter is not given for matching against, continue to the next steps for the current entry. - Otherwise, if a :port parsed from the file path is present and it doesn't match, reject the entry, meaning go to the beginning of the current loop, considering the next entry. - If a path-derived :port is absent, ensure the cached entry metadata contains an additional :attrs field (an alist). If the metadata lacks an :attrs field, the file has not yet been decrypted. Decrypt it now using `auth-source-pass-parse-entry', then add its secret and its attrs alist to the cached metadata, under :attrs. - Look in the cached entry metadata's :attrs alist for a "port" attr. If a "port" attr is indeed present and doesn't match the port query parameter, reject the entry. - If no such "port" attr exists and is required (meaning :port appears in the `require' query parameter), reject the entry. 4. Repeat step 3 for :user. The same precedence rules apply, meaning any non-null path-derived :user field is immediately accepted, and the file is not decrypted. 5. If we haven't yet decrypted the file, do so now and populate the :attrs item in the cached entry metadata. If it's already been decrypted at some point, :attrs will present (though possibly empty). In any case, add the items we care about if non-null (:user, :port, and :secret) to the matched results for this entry. However, only do so if a secret was either not required or is present; otherwise, reject the entry. [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: 0001-POC-Match-attrs-with-auth-source-pass-extra-query-ke.patch --] [-- Type: text/x-patch, Size: 13646 bytes --] From a36ef10d81e2c5afb0cf2515887084b6331d38d1 Mon Sep 17 00:00:00 2001 From: "F. Jason Park" <jp@neverwas.me> Date: Wed, 7 Aug 2024 22:23:09 -0700 Subject: [PATCH] [POC] Match attrs with auth-source-pass-extra-query-keywords * lisp/auth-source-pass.el (auth-source-pass--retrieve-parsed): Remove unused function. (auth-source-pass--cast-port): New function, a helper to match an entry's port to the given query param's type. (auth-source-pass--match-parts): Return non-nil when a key is required but the value is null. Not doing produced behavior that deviated from the reference netrc implementation and was thus a bug. (auth-source-pass-check-attrs-with-extra-query-keywords): New variable, a flag to opt out of arguably expensive attribute lookups. (auth-source-pass--find-matched-entry): New function to isolate processing logic for a single entry. (auth-source-pass--find-match-many): Move single-entry processing logic to separate helper, mainly for readability. * test/lisp/auth-source-pass-tests.el (auth-source-pass-extra-query-keywords--akib/attr) (auth-source-pass-extra-query-keywords--netrc-akib/require) (auth-source-pass-extra-query-keywords--akib/attr/require) (auth-source-pass-extra-query-keywords--netrc-baseline): New tests. (auth-source-pass-extra-query-keywords--baseline): Reverse expected outcome to match reference implementation. That it didn't before was a bug. (Bug#72441) --- lisp/auth-source-pass.el | 130 +++++++++++++++++++--------- test/lisp/auth-source-pass-tests.el | 79 ++++++++++++++++- 2 files changed, 165 insertions(+), 44 deletions(-) diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el index 03fd1f35811..8982e07a6be 100644 --- a/lisp/auth-source-pass.el +++ b/lisp/auth-source-pass.el @@ -256,32 +256,88 @@ auth-source-pass--find-match hosts (list hosts)))) -(defun auth-source-pass--retrieve-parsed (seen path port-number-p) - (when (string-match auth-source-pass--match-regexp path) - (puthash path - `( :host ,(or (match-string 10 path) (match-string 11 path)) - ,@(if-let* ((tr (match-string 21 path))) - (list :user tr :suffix t) - (list :user (match-string 20 path))) - :port ,(and-let* ((p (or (match-string 30 path) - (match-string 31 path))) - (n (string-to-number p))) - (if (or (zerop n) (not port-number-p)) - (format "%s" p) - n))) - seen))) - -(defun auth-source-pass--match-parts (parts key value require) - (let ((mv (plist-get parts key))) +(defun auth-source-pass--cast-port (val ref) + (cond ((integerp val) val) + ((and-let* (((integerp ref)) + (n (string-to-number val)) + ((not (zerop n)))) + n)) + (t (format "%s" val)))) + +(defun auth-source-pass--match-parts (parts key reference require) + (let ((value (plist-get parts key))) (if (memq key require) - (and value (equal mv value)) - (or (not value) (not mv) (equal mv value))))) + (or (null reference) (equal value reference)) + (or (null reference) (null value) (equal value reference))))) + +(defvar auth-source-pass-check-attrs-with-extra-query-keywords t + "When non-nil, decrypt files to find attributes matching parameters. +However, give precedence to fields encoded in file names. Only applies +when `auth-source-pass-extra-query-keywords' is non-nil.") + +;; This function tries to defer decryption as long as possible. For +;; that reason, an entry's file-path-derived :port or :user field +;; always takes precedence over their counterparts from a decrypted +;; file's attribute list. +(defun auth-source-pass--find-matched-entry (host user port require seen entry) + "Match ENTRY against query params HOST USER PORT REQUIRE with cache SEEN." + (when (string-match auth-source-pass--match-regexp entry) + (let* ((cached (gethash entry seen)) + (optp auth-source-pass-check-attrs-with-extra-query-keywords) + (suffixedp nil) + (h (or (and cached (plist-get cached :host)) + (match-string 10 entry) + (match-string 11 entry))) + (attrs (and cached (plist-get :attrs cached))) + (getat (lambda (k) + (save-match-data + (unless attrs + (setq attrs (auth-source-pass-parse-entry entry))) + (auth-source-pass--get-attr k attrs)))) + (u (cond (cached (plist-get cached :user)) + ((and-let* ((u (match-string 21 entry))) + (setq suffixedp t) + u)) + ((match-string 20 entry)) + ((and user optp) (funcall getat "user")))) + (p (cond (cached (plist-get cached :port)) + ((match-string 30 entry)) + ((match-string 31 entry)) + ((and port optp) (funcall getat "port")))) + ;; + s) + (when p + (setq p (auth-source-pass--cast-port p port))) + (unless cached + (setq cached `( :host ,h + ,@(and u (list :user u)) + ,@(and p (list :port p)) + ,@(and suffixedp (list :suffix t)) + ,@(and attrs (list :attrs attrs)))) + (puthash entry cached seen)) + (when (and (equal host h) + (auth-source-pass--match-parts cached :port port require) + (auth-source-pass--match-parts cached :user user require) + (setq s (or (funcall getat 'secret) + (not (memq :secret require))))) + (unless (or user u) + (when (setq u (funcall getat "user")) + (setq cached (plist-put cached :user u)))) + (unless (or port p) + (when (setq p (funcall getat "port")) + (setq p (auth-source-pass--cast-port p port) + cached (plist-put cached :port p)))) + (puthash entry (plist-put cached :attrs attrs) seen) + `( :host ,host + ,@(and u (list :user u)) + ,@(and p (list :port p)) + ,@(and s (not (eq s t)) (list :secret s))))))) (defun auth-source-pass--find-match-many (hosts users ports require max) "Return plists for valid combinations of HOSTS, USERS, PORTS." (let ((seen (make-hash-table :test #'equal)) (entries (auth-source-pass-entries)) - out suffixed suffixedp) + out suffixed) (catch 'done (dolist (host hosts out) (pcase-let ((`(,_ ,u ,p) (auth-source-pass--disambiguate host))) @@ -289,28 +345,18 @@ auth-source-pass--find-match-many (setq p nil)) (dolist (user (or users (list u))) (dolist (port (or ports (list p))) - (dolist (e entries) - (when-let* - ((m (or (gethash e seen) (auth-source-pass--retrieve-parsed - seen e (integerp port)))) - ((equal host (plist-get m :host))) - ((auth-source-pass--match-parts m :port port require)) - ((auth-source-pass--match-parts m :user user require)) - (parsed (auth-source-pass-parse-entry e)) - ;; For now, ignore body-content pairs, if any, - ;; from `auth-source-pass--parse-data'. - (secret (or (auth-source-pass--get-attr 'secret parsed) - (not (memq :secret require))))) - (push - `( :host ,host ; prefer user-provided :host over h - ,@(and-let* ((u (plist-get m :user))) (list :user u)) - ,@(and-let* ((p (plist-get m :port))) (list :port p)) - ,@(and secret (not (eq secret t)) (list :secret secret))) - (if (setq suffixedp (plist-get m :suffix)) suffixed out)) - (unless suffixedp - (when (or (zerop (cl-decf max)) - (null (setq entries (delete e entries)))) - (throw 'done out))))) + (dolist (entry entries) + (let* ((result (auth-source-pass--find-matched-entry + host user port require seen entry)) + ;; + suffixedp) + (when result + (setq suffixedp (plist-get (gethash entry seen) :suffix)) + (push result (if suffixedp suffixed out)) + (unless suffixedp + (when (or (zerop (cl-decf max)) + (null (setq entries (delete entry entries)))) + (throw 'done out)))))) (setq suffixed (nreverse suffixed)) (while suffixed (push (pop suffixed) out) diff --git a/test/lisp/auth-source-pass-tests.el b/test/lisp/auth-source-pass-tests.el index 6455c3393d5..2ce5d12a6bc 100644 --- a/test/lisp/auth-source-pass-tests.el +++ b/test/lisp/auth-source-pass-tests.el @@ -601,6 +601,73 @@ auth-source-pass-extra-query-keywords--akib (should (equal results '((:host "disroot.org" :user "akib" :secret "b"))))))) +(ert-deftest auth-source-pass-extra-query-keywords--akib/attr () + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("disroot.org" (secret . "b") + ("user" . "akib") ("port" . "42")) + ("z.com" (secret . "c"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + results) + + ;; Non-matching query param. + (setq results (auth-source-search :host "disroot.org" :user "?" :max 2)) + (should-not results) + + ;; No query params matching attrs. + (setq results (auth-source-search :host "disroot.org" :max 2)) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '(( :host "disroot.org" :user "akib" + :port "42" :secret "b")))) + + ;; Matching user query param. + (setq results (auth-source-search :host "disroot.org" :user "akib")) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '(( :host "disroot.org" :user "akib" + :port "42" :secret "b")))) + + ;; Matching port typed query param. + (setq results (auth-source-search :host "disroot.org" :port 42)) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '(( :host "disroot.org" :user "akib" + :port 42 :secret "b"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--netrc-akib/require () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine disroot.org user akib password b +machine z.com password c +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "disroot.org" + :require '(:user) :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '((:host "disroot.org" :user "akib" :secret "b"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--akib/attr/require () + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("disroot.org" (secret . "b") + ("user" . "akib")) + ("z.com" (secret . "c"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host "disroot.org" + :require '(:user) :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '((:host "disroot.org" :user "akib" :secret "b"))))))) + ;; Searches for :host are case-sensitive, and a returned host isn't ;; normalized. @@ -632,11 +699,19 @@ auth-source-pass-extra-query-keywords--host ;; A retrieved store entry mustn't be nil regardless of whether its ;; path contains port or user components. +(ert-deftest auth-source-pass-extra-query-keywords--netrc-baseline () + (ert-with-temp-file netrc-file + :text "machine foo\n" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "foo"))) + (should (equal results '((:host "foo"))))))) + (ert-deftest auth-source-pass-extra-query-keywords--baseline () (let ((auth-source-pass-extra-query-keywords t)) - (auth-source-pass--with-store '(("x.com")) + (auth-source-pass--with-store '(("foo")) (auth-source-pass-enable) - (should-not (auth-source-search :host "x.com"))))) + (should (equal (auth-source-search :host "foo") '((:host "foo"))))))) ;; Output port type (int or string) matches that of input parameter. -- 2.45.2 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* bug#72441: 31.0.50; Auth-source-pass doesn't match password attributes or hosts without user when extra-query-keywords is true 2024-08-09 18:02 ` J.P. @ 2024-08-09 19:20 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors [not found] ` <87ed6xy03r.fsf@> 1 sibling, 0 replies; 6+ messages in thread From: Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2024-08-09 19:20 UTC (permalink / raw) To: J.P.; +Cc: 72441 "J.P." <jp@neverwas.me> writes: > Björn Bidar via "Bug reports for GNU Emacs, the Swiss army knife of text > editors" <bug-gnu-emacs@gnu.org> writes: > >> I noticed that auth-source-pass doesn't match agains password file >> attributes such as those containing :user and only matches password >> files which contain a host and a user when >> auth-source-pass-extra-query-keywords is true. > > I don't use pass myself, nor have I ever, but I suppose I did add the > `auth-source-pass-extra-query-keywords' option (though mainly in a bid > to make auth-source-pass behave more like other back ends so it's usable > with ERC). Anyway, I do actually recall being somewhat aware of the > existence of the file attributes you mention. It seems I even left a > comment about the current lack of support [1]. I started using the option since my girlfriends password store is organized for many passwords as hostname.tld/user@exampl.com, when she created a password that is <Topic e.g. SSO>/example.com/user where without the option the wrong password files were used. Her mail address is user@example.com and the login server is also example.com with her name as the username (we selfhost). > Looking into this a bit, it seems the password store's web page > considers everything after the initial (password) line to be an opaque > text blob: > > The password store does not impose any particular schema or type of > organization of your data, as it is simply a flat text file, which can > contain arbitrary data. Though the most common case is storing a > single password per entry, some power users find they would like to > store more than just their password inside the password store, and > additionally store answers to secret questions, website URLs, and > other sensitive information or metadata. Since the password store does > not impose a scheme of it's own, you can choose your own organization. > There are many possibilities. > > However, I do realize that the auth-source-pass back end without the > extra-keywords option already dips into a file's contents looking for an > attributes list like the one shown on the web page. (Whether that's wise > is pretty much moot after all these years.) Anyway, for that reason, I > suppose we _should_ attempt to at least explore doing the same when the > extra-keywords option is enabled. For me, the most important thing > remains mimicking the behavior of the other built-in back ends, which at > times is admittedly unintuitive but nevertheless consistent and thus > predictable from a mechanical POV. I agree fully with the comment. Other's that use pass as source for passwords also use file contents to match or retrieve variables from. E.g. most browser plugins derive the parameter for the login or user name from either of these names. >> Steps to reproduce: >> 1. Setup pass with the following structure >> WorkingTest/example.com/foo >> FailingTest/example2.com >> FailingTest/example3.com with user: foo in the password file >> 2. (auth-source-pass-enable) >> 3. (setq auth-source-pass-extra-query-keywords t) >> 4. (auth-source-search :host "example" :user "foo") -> works >> 5. (auth-source-search :host "example2.com") -> fails >> 6. (auth-source-search :host "example3.com" :user "foo") >> >> Auth-source-pass should be able to query the password file for >> additional attributes if one of the previous attributes such as :host >> match to it. Quering the file attributes is quite important in use >> cases where it doesn't make sense to the user to have a >> host-folder/user-file structure in cases where there's only one >> password for said host. > > Currently, if you have a file in the root of your ~/.password-store > named something like "top-level-host.com", and it's contents feature a > "user: foo" attribute, both > > (auth-source-search :host "top-level-host.com") > > and > > (auth-source-search :host "top-level-host.com" :user "foo") > > return > > ((:host "top-level-host.com" :secret ...)). > > If you're saying you want to see (:user "foo") in the results as well, I > guess we can do that (see attached patch as well as [2], below). > However, this still won't work on any of your examples, which all have > intervening path components between the root directory and the .gpg > files. The reason for this restriction is explained below. > > If we do end up going with something like the attached patch, we'll need > to profile it. I can create a bunch of fake trees of varying shapes and > sizes, but I'd rather someone with real data and a sizable store assess > how much slower it is to visit (and thus decrypt) potentially every file > in the tree, which is what any attr-reading implementation must do. On > my machine, it takes roughly 0.18 seconds to decrypt a single two-line > file via `auth-source-pass--read-entry'. (This seems prohibitively > expensive to do en masse, no?) FWIW, most of this time is spent in > `epg-wait-for-status', which blocks until the subprocess exits. That is why I was arguing that we should attempt to not try decrypt the password file unless a previous attribute such as :host or :user matched before. If we could do the search in parallel or at least without blocking Emacs that would be a different story of course. >> Same it should maybe also match against :host >> if no user was provided, I don't know how other sources do this thou. > > While the reference implementation indeed succeeds with a plain :host > input (see test `auth-source-pass-extra-query-keywords--netrc-host'), I > believe the actual problem you perceive has more to do with the content > of the file paths, specifically, leading directory components. Still, > I'm inclined to agree that this would be nice to have. However, I do > seem to recall this being discussed on at least one occasion, with the > conclusion being that it's too complicated, if not impossible, to > disambiguate between a trailing "hostname/user" and "folder/hostname". > > Nevertheless, we could add an option to do it anyway based on one or > more heuristics-based strategy (resolving hosts for real is surely a no > go). For example, one such strategy could ignore a penultimate file-path > component that's not an FQDN, even if it's, say, LDH-only and resolvable > as a hostname, so long as the leaf component _is_ an FQDN. However, such > an option would have to be disabled by default to prevent existing > entries like "localhost/test.user" from being parsed as (:host > "test.user"). > What do you mean by resolving hosts for real? I think another option would be for the user to specific the hierarchy of their password store to auth-source-pass e.g. word/%host%/%user or word/(or %host word)/%user where word is any word that isn't used for matching but just for the user to organize the hierarchy. > In any case, I'm happy to review patches, but I think someone who > actually uses this back end should implement the feature. I'm not a good lisp programmar but I could give it a go with some help such as your patch as a start point. > > [1] https://git.savannah.gnu.org/cgit/emacs.git/tree/lisp/auth-source-pass.el?id=423c86cb#n300 > > [2] The following describes details of the attached patch's logic for > the inner (dolist (e entries) ...) loop of the primary matching > function `auth-source-pass--find-match-many'. Hopefully it's > somewhat sound with regard to deferring decryption for as long as > possible. > > 1. Parse the file path of each entry first and cache its results in > a plist, the "cached entry metadata," which is filed under the > entry's file-path in the `seen' hash table. If it doesn't match > the basic filename format, it must not be a passwordstore file, > so reject the entry. > 2. Check the :host field before reading the file. Unless it matches, > reject the entry. > 3. Engage in a series of probing conditional checks for a :port > field to match against a provided "port" query parameter, all > while attempting to defer decryption until absolutely necessary. > (A path-encoded :port always takes precedence over a :port in the > file.) > - If a `port' query parameter is not given for matching against, > continue to the next steps for the current entry. > - Otherwise, if a :port parsed from the file path is present and > it doesn't match, reject the entry, meaning go to the beginning > of the current loop, considering the next entry. > - If a path-derived :port is absent, ensure the cached entry > metadata contains an additional :attrs field (an alist). If the > metadata lacks an :attrs field, the file has not yet been > decrypted. Decrypt it now using `auth-source-pass-parse-entry', > then add its secret and its attrs alist to the cached metadata, > under :attrs. > - Look in the cached entry metadata's :attrs alist for a "port" > attr. If a "port" attr is indeed present and doesn't match the > port query parameter, reject the entry. > - If no such "port" attr exists and is required (meaning :port > appears in the `require' query parameter), reject the entry. > 4. Repeat step 3 for :user. The same precedence rules apply, meaning > any non-null path-derived :user field is immediately accepted, > and the file is not decrypted. > 5. If we haven't yet decrypted the file, do so now and populate the > :attrs item in the cached entry metadata. If it's already been > decrypted at some point, :attrs will present (though possibly > empty). In any case, add the items we care about if non-null > (:user, :port, and :secret) to the matched results for this entry. > However, only do so if a secret was either not required or is > present; otherwise, reject the entry. ^ permalink raw reply [flat|nested] 6+ messages in thread
[parent not found: <87ed6xy03r.fsf@>]
* bug#72441: 31.0.50; Auth-source-pass doesn't match password attributes or hosts without user when extra-query-keywords is true [not found] ` <87ed6xy03r.fsf@> @ 2024-08-10 13:58 ` J.P. 2024-08-12 19:33 ` J.P. 0 siblings, 1 reply; 6+ messages in thread From: J.P. @ 2024-08-10 13:58 UTC (permalink / raw) To: Björn Bidar; +Cc: 72441 [-- Attachment #1: Type: text/plain, Size: 6077 bytes --] Björn Bidar <bjorn.bidar@thaodan.de> writes: > "J.P." <jp@neverwas.me> writes: > >> However, I do realize that the auth-source-pass back end without the >> extra-keywords option already dips into a file's contents looking for an >> attributes list like the one shown on the web page. (Whether that's wise >> is pretty much moot after all these years.) Anyway, for that reason, I >> suppose we _should_ attempt to at least explore doing the same when the >> extra-keywords option is enabled. For me, the most important thing >> remains mimicking the behavior of the other built-in back ends, which at >> times is admittedly unintuitive but nevertheless consistent and thus >> predictable from a mechanical POV. > > I agree fully with the comment. Other's that use pass as source for > passwords also use file contents to match or retrieve variables from. > E.g. most browser plugins derive the parameter for the login or user > name from either of these names. Hm, actually, I was not initially thinking of including all the attributes, only :user and :port. But it seems I'd forgotten that the netrc reference implementation does indeed include arbitrary key/value pairs in the results from a successful match: # ~/.authinfo machine example.org login me password 123 foo bar M-: (auth-source-search :host "example.org") => (... :foo "bar") I've updated my previous patch to do this. >> If we do end up going with something like the attached patch, we'll need >> to profile it. I can create a bunch of fake trees of varying shapes and >> sizes, but I'd rather someone with real data and a sizable store assess >> how much slower it is to visit (and thus decrypt) potentially every file >> in the tree, which is what any attr-reading implementation must do. On >> my machine, it takes roughly 0.18 seconds to decrypt a single two-line >> file via `auth-source-pass--read-entry'. (This seems prohibitively >> expensive to do en masse, no?) FWIW, most of this time is spent in >> `epg-wait-for-status', which blocks until the subprocess exits. > > That is why I was arguing that we should attempt to not try decrypt the > password file unless a previous attribute such as :host or :user matched > before. > If we could do the search in parallel or at least without blocking Emacs > that would be a different story of course. With what I'm proposing, we would actually decrypt to inspect the parsed attrs if :port or :user isn't found in the filename and a port or user query parameter is given (or :port or :user appears in a :require parameter). This behavior is currently gated by a new variable called `auth-source-pass-check-attrs-with-extra-query-keywords', but it's t by default. Perhaps it's better to have it be nil? If we do that, then, by default, :port and :user attributes won't be considered, but they will still be included in successful matches along with all other attributes. >>> Same it should maybe also match against :host >>> if no user was provided, I don't know how other sources do this thou. >> >> While the reference implementation indeed succeeds with a plain :host >> input (see test `auth-source-pass-extra-query-keywords--netrc-host'), I >> believe the actual problem you perceive has more to do with the content >> of the file paths, specifically, leading directory components. Still, >> I'm inclined to agree that this would be nice to have. However, I do >> seem to recall this being discussed on at least one occasion, with the >> conclusion being that it's too complicated, if not impossible, to >> disambiguate between a trailing "hostname/user" and "folder/hostname". >> >> Nevertheless, we could add an option to do it anyway based on one or >> more heuristics-based strategy (resolving hosts for real is surely a no >> go). For example, one such strategy could ignore a penultimate file-path >> component that's not an FQDN, even if it's, say, LDH-only and resolvable >> as a hostname, so long as the leaf component _is_ an FQDN. However, such >> an option would have to be disabled by default to prevent existing >> entries like "localhost/test.user" from being parsed as (:host >> "test.user"). >> > > What do you mean by resolving hosts for real? I just meant it'd be unrealistic to query the system resolver via `network-lookup-address-info' or similar whenever we need to disambiguate. > I think another option would be for the user to specific the hierarchy > of their password store to auth-source-pass e.g. word/%host%/%user or > word/(or %host word)/%user where word is any word that isn't used for > matching but just for the user to organize the hierarchy. That could work, although it seems rather complex with pattern substitutions and expressions (?). Perhaps it could be precomputed somehow into a regexp before every query. Another idea would be to just have the option be an integer indicating the number of leading path components to mask off before matching. Given a tree like ~/.password-store/ - foo/ - example.com - irc.bar.org/ - example.net/ - me - baz/ - myvps/ - my.user.name if the option (which is 0 by default) were set to 1, then possible results might be (:host "example.com" :user "some-attr") (:host "example.net" :user "me") (:host "myvps" :user "my.user.name") Although this won't work if a user wants different mask depths for different sub-directories. >> In any case, I'm happy to review patches, but I think someone who >> actually uses this back end should implement the feature. > > I'm not a good lisp programmar but I could give it a go with some help > such as your patch as a start point. I should be able to handle the attribute feature, unless you want to improve upon it. It's mainly the disambiguation feature that I'd want an actual pass user, like yourself, to implement or at least help design. (Although feel free to offer patches of any nature, including based on anything I've proposed.) [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: 0000-v1-v2.diff --] [-- Type: text/x-patch, Size: 5153 bytes --] From a0381a48cb4ff960ef2dd55dd511f5c18e535f6e Mon Sep 17 00:00:00 2001 From: "F. Jason Park" <jp@neverwas.me> Date: Sat, 10 Aug 2024 07:15:36 -0700 Subject: [PATCH 0/1] *** NOT A PATCH *** *** BLURB HERE *** F. Jason Park (1): [POC] Match attrs with auth-source-pass-extra-query-keywords lisp/auth-source-pass.el | 143 ++++++++++++++++++++-------- test/lisp/auth-source-pass-tests.el | 96 ++++++++++++++++++- 2 files changed, 195 insertions(+), 44 deletions(-) Interdiff: diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el index 8982e07a6be..0df7817f501 100644 --- a/lisp/auth-source-pass.el +++ b/lisp/auth-source-pass.el @@ -264,10 +264,10 @@ auth-source-pass--cast-port n)) (t (format "%s" val)))) -(defun auth-source-pass--match-parts (parts key reference require) - (let ((value (plist-get parts key))) +(defun auth-source-pass--match-parts (cache key reference require) + (let ((value (plist-get cache key))) (if (memq key require) - (or (null reference) (equal value reference)) + (if reference (equal value reference) value) (or (null reference) (null value) (equal value reference))))) (defvar auth-source-pass-check-attrs-with-extra-query-keywords t @@ -299,13 +299,15 @@ auth-source-pass--find-matched-entry (setq suffixedp t) u)) ((match-string 20 entry)) - ((and user optp) (funcall getat "user")))) + ((and optp (or user (memq :user require))) + (funcall getat "user")))) (p (cond (cached (plist-get cached :port)) ((match-string 30 entry)) ((match-string 31 entry)) - ((and port optp) (funcall getat "port")))) + ((and optp (or port (memq :port require))) + (funcall getat "port")))) ;; - s) + s extras) (when p (setq p (auth-source-pass--cast-port p port))) (unless cached @@ -320,18 +322,29 @@ auth-source-pass--find-matched-entry (auth-source-pass--match-parts cached :user user require) (setq s (or (funcall getat 'secret) (not (memq :secret require))))) - (unless (or user u) - (when (setq u (funcall getat "user")) - (setq cached (plist-put cached :user u)))) - (unless (or port p) - (when (setq p (funcall getat "port")) - (setq p (auth-source-pass--cast-port p port) - cached (plist-put cached :port p)))) + (let (tmp) + (while-let ((v (pop attrs)) + (k (pop v))) + (pcase k + ((or "user" "username") + (unless (or user u) + (setq u v + cached (plist-put cached :user u)))) + ("port" + (unless (or port p) + (setq p (auth-source-pass--cast-port v port) + cached (plist-put cached :port p)))) + ((pred stringp) + (push (intern (concat ":" k)) extras) + (push v extras) + (push (cons k v) tmp)))) + (setq attrs (nreverse tmp))) (puthash entry (plist-put cached :attrs attrs) seen) `( :host ,host ,@(and u (list :user u)) ,@(and p (list :port p)) - ,@(and s (not (eq s t)) (list :secret s))))))) + ,@(and s (not (eq s t)) (list :secret s)) + ,@(nreverse extras)))))) (defun auth-source-pass--find-match-many (hosts users ports require max) "Return plists for valid combinations of HOSTS, USERS, PORTS." diff --git a/test/lisp/auth-source-pass-tests.el b/test/lisp/auth-source-pass-tests.el index 2ce5d12a6bc..c6662cd8b42 100644 --- a/test/lisp/auth-source-pass-tests.el +++ b/test/lisp/auth-source-pass-tests.el @@ -668,6 +668,23 @@ auth-source-pass-extra-query-keywords--akib/attr/require (should (equal results '((:host "disroot.org" :user "akib" :secret "b"))))))) +(ert-deftest auth-source-pass-extra-query-keywords--akib/attr/extras () + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("disroot.org" (secret . "b") + ("user" . "akib") + ("port" . "42") + ("foo" . "1") + ("bar" . "2")) + ("z.com" (secret . "c"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host "disroot.org" :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '((:host "disroot.org" :user "akib" :port "42" + :secret "b" :foo "1" :bar "2"))))))) + ;; Searches for :host are case-sensitive, and a returned host isn't ;; normalized. -- 2.46.0 [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #3: 0001-POC-Match-attrs-with-auth-source-pass-extra-query-ke.patch --] [-- Type: text/x-patch, Size: 15077 bytes --] From a0381a48cb4ff960ef2dd55dd511f5c18e535f6e Mon Sep 17 00:00:00 2001 From: "F. Jason Park" <jp@neverwas.me> Date: Wed, 7 Aug 2024 22:23:09 -0700 Subject: [PATCH 1/1] [POC] Match attrs with auth-source-pass-extra-query-keywords * lisp/auth-source-pass.el (auth-source-pass--retrieve-parsed): Remove unused function. (auth-source-pass--cast-port): New function, a helper to match an entry's port to the given query param's type. (auth-source-pass--match-parts): Return non-nil when a key is required but the value is null. Not doing produced behavior that deviated from the reference netrc implementation and was thus a bug. (auth-source-pass-check-attrs-with-extra-query-keywords): New variable, a flag to opt out of arguably expensive attribute lookups. (auth-source-pass--find-matched-entry): New function to isolate processing logic for a single entry. (auth-source-pass--find-match-many): Move single-entry processing logic to separate helper, mainly for readability. * test/lisp/auth-source-pass-tests.el (auth-source-pass-extra-query-keywords--akib/attr) (auth-source-pass-extra-query-keywords--netrc-akib/require) (auth-source-pass-extra-query-keywords--akib/attr/require) (auth-source-pass-extra-query-keywords--akib/attr/extras) (auth-source-pass-extra-query-keywords--netrc-baseline): New tests. (auth-source-pass-extra-query-keywords--baseline): Reverse expected outcome to match reference implementation. That it didn't before was a bug. (Bug#72441) --- lisp/auth-source-pass.el | 143 ++++++++++++++++++++-------- test/lisp/auth-source-pass-tests.el | 96 ++++++++++++++++++- 2 files changed, 195 insertions(+), 44 deletions(-) diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el index 03fd1f35811..0df7817f501 100644 --- a/lisp/auth-source-pass.el +++ b/lisp/auth-source-pass.el @@ -256,32 +256,101 @@ auth-source-pass--find-match hosts (list hosts)))) -(defun auth-source-pass--retrieve-parsed (seen path port-number-p) - (when (string-match auth-source-pass--match-regexp path) - (puthash path - `( :host ,(or (match-string 10 path) (match-string 11 path)) - ,@(if-let* ((tr (match-string 21 path))) - (list :user tr :suffix t) - (list :user (match-string 20 path))) - :port ,(and-let* ((p (or (match-string 30 path) - (match-string 31 path))) - (n (string-to-number p))) - (if (or (zerop n) (not port-number-p)) - (format "%s" p) - n))) - seen))) - -(defun auth-source-pass--match-parts (parts key value require) - (let ((mv (plist-get parts key))) +(defun auth-source-pass--cast-port (val ref) + (cond ((integerp val) val) + ((and-let* (((integerp ref)) + (n (string-to-number val)) + ((not (zerop n)))) + n)) + (t (format "%s" val)))) + +(defun auth-source-pass--match-parts (cache key reference require) + (let ((value (plist-get cache key))) (if (memq key require) - (and value (equal mv value)) - (or (not value) (not mv) (equal mv value))))) + (if reference (equal value reference) value) + (or (null reference) (null value) (equal value reference))))) + +(defvar auth-source-pass-check-attrs-with-extra-query-keywords t + "When non-nil, decrypt files to find attributes matching parameters. +However, give precedence to fields encoded in file names. Only applies +when `auth-source-pass-extra-query-keywords' is non-nil.") + +;; This function tries to defer decryption as long as possible. For +;; that reason, an entry's file-path-derived :port or :user field +;; always takes precedence over their counterparts from a decrypted +;; file's attribute list. +(defun auth-source-pass--find-matched-entry (host user port require seen entry) + "Match ENTRY against query params HOST USER PORT REQUIRE with cache SEEN." + (when (string-match auth-source-pass--match-regexp entry) + (let* ((cached (gethash entry seen)) + (optp auth-source-pass-check-attrs-with-extra-query-keywords) + (suffixedp nil) + (h (or (and cached (plist-get cached :host)) + (match-string 10 entry) + (match-string 11 entry))) + (attrs (and cached (plist-get :attrs cached))) + (getat (lambda (k) + (save-match-data + (unless attrs + (setq attrs (auth-source-pass-parse-entry entry))) + (auth-source-pass--get-attr k attrs)))) + (u (cond (cached (plist-get cached :user)) + ((and-let* ((u (match-string 21 entry))) + (setq suffixedp t) + u)) + ((match-string 20 entry)) + ((and optp (or user (memq :user require))) + (funcall getat "user")))) + (p (cond (cached (plist-get cached :port)) + ((match-string 30 entry)) + ((match-string 31 entry)) + ((and optp (or port (memq :port require))) + (funcall getat "port")))) + ;; + s extras) + (when p + (setq p (auth-source-pass--cast-port p port))) + (unless cached + (setq cached `( :host ,h + ,@(and u (list :user u)) + ,@(and p (list :port p)) + ,@(and suffixedp (list :suffix t)) + ,@(and attrs (list :attrs attrs)))) + (puthash entry cached seen)) + (when (and (equal host h) + (auth-source-pass--match-parts cached :port port require) + (auth-source-pass--match-parts cached :user user require) + (setq s (or (funcall getat 'secret) + (not (memq :secret require))))) + (let (tmp) + (while-let ((v (pop attrs)) + (k (pop v))) + (pcase k + ((or "user" "username") + (unless (or user u) + (setq u v + cached (plist-put cached :user u)))) + ("port" + (unless (or port p) + (setq p (auth-source-pass--cast-port v port) + cached (plist-put cached :port p)))) + ((pred stringp) + (push (intern (concat ":" k)) extras) + (push v extras) + (push (cons k v) tmp)))) + (setq attrs (nreverse tmp))) + (puthash entry (plist-put cached :attrs attrs) seen) + `( :host ,host + ,@(and u (list :user u)) + ,@(and p (list :port p)) + ,@(and s (not (eq s t)) (list :secret s)) + ,@(nreverse extras)))))) (defun auth-source-pass--find-match-many (hosts users ports require max) "Return plists for valid combinations of HOSTS, USERS, PORTS." (let ((seen (make-hash-table :test #'equal)) (entries (auth-source-pass-entries)) - out suffixed suffixedp) + out suffixed) (catch 'done (dolist (host hosts out) (pcase-let ((`(,_ ,u ,p) (auth-source-pass--disambiguate host))) @@ -289,28 +358,18 @@ auth-source-pass--find-match-many (setq p nil)) (dolist (user (or users (list u))) (dolist (port (or ports (list p))) - (dolist (e entries) - (when-let* - ((m (or (gethash e seen) (auth-source-pass--retrieve-parsed - seen e (integerp port)))) - ((equal host (plist-get m :host))) - ((auth-source-pass--match-parts m :port port require)) - ((auth-source-pass--match-parts m :user user require)) - (parsed (auth-source-pass-parse-entry e)) - ;; For now, ignore body-content pairs, if any, - ;; from `auth-source-pass--parse-data'. - (secret (or (auth-source-pass--get-attr 'secret parsed) - (not (memq :secret require))))) - (push - `( :host ,host ; prefer user-provided :host over h - ,@(and-let* ((u (plist-get m :user))) (list :user u)) - ,@(and-let* ((p (plist-get m :port))) (list :port p)) - ,@(and secret (not (eq secret t)) (list :secret secret))) - (if (setq suffixedp (plist-get m :suffix)) suffixed out)) - (unless suffixedp - (when (or (zerop (cl-decf max)) - (null (setq entries (delete e entries)))) - (throw 'done out))))) + (dolist (entry entries) + (let* ((result (auth-source-pass--find-matched-entry + host user port require seen entry)) + ;; + suffixedp) + (when result + (setq suffixedp (plist-get (gethash entry seen) :suffix)) + (push result (if suffixedp suffixed out)) + (unless suffixedp + (when (or (zerop (cl-decf max)) + (null (setq entries (delete entry entries)))) + (throw 'done out)))))) (setq suffixed (nreverse suffixed)) (while suffixed (push (pop suffixed) out) diff --git a/test/lisp/auth-source-pass-tests.el b/test/lisp/auth-source-pass-tests.el index 6455c3393d5..c6662cd8b42 100644 --- a/test/lisp/auth-source-pass-tests.el +++ b/test/lisp/auth-source-pass-tests.el @@ -601,6 +601,90 @@ auth-source-pass-extra-query-keywords--akib (should (equal results '((:host "disroot.org" :user "akib" :secret "b"))))))) +(ert-deftest auth-source-pass-extra-query-keywords--akib/attr () + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("disroot.org" (secret . "b") + ("user" . "akib") ("port" . "42")) + ("z.com" (secret . "c"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + results) + + ;; Non-matching query param. + (setq results (auth-source-search :host "disroot.org" :user "?" :max 2)) + (should-not results) + + ;; No query params matching attrs. + (setq results (auth-source-search :host "disroot.org" :max 2)) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '(( :host "disroot.org" :user "akib" + :port "42" :secret "b")))) + + ;; Matching user query param. + (setq results (auth-source-search :host "disroot.org" :user "akib")) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '(( :host "disroot.org" :user "akib" + :port "42" :secret "b")))) + + ;; Matching port typed query param. + (setq results (auth-source-search :host "disroot.org" :port 42)) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '(( :host "disroot.org" :user "akib" + :port 42 :secret "b"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--netrc-akib/require () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine disroot.org user akib password b +machine z.com password c +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "disroot.org" + :require '(:user) :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '((:host "disroot.org" :user "akib" :secret "b"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--akib/attr/require () + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("disroot.org" (secret . "b") + ("user" . "akib")) + ("z.com" (secret . "c"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host "disroot.org" + :require '(:user) :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '((:host "disroot.org" :user "akib" :secret "b"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--akib/attr/extras () + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("disroot.org" (secret . "b") + ("user" . "akib") + ("port" . "42") + ("foo" . "1") + ("bar" . "2")) + ("z.com" (secret . "c"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host "disroot.org" :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '((:host "disroot.org" :user "akib" :port "42" + :secret "b" :foo "1" :bar "2"))))))) + ;; Searches for :host are case-sensitive, and a returned host isn't ;; normalized. @@ -632,11 +716,19 @@ auth-source-pass-extra-query-keywords--host ;; A retrieved store entry mustn't be nil regardless of whether its ;; path contains port or user components. +(ert-deftest auth-source-pass-extra-query-keywords--netrc-baseline () + (ert-with-temp-file netrc-file + :text "machine foo\n" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "foo"))) + (should (equal results '((:host "foo"))))))) + (ert-deftest auth-source-pass-extra-query-keywords--baseline () (let ((auth-source-pass-extra-query-keywords t)) - (auth-source-pass--with-store '(("x.com")) + (auth-source-pass--with-store '(("foo")) (auth-source-pass-enable) - (should-not (auth-source-search :host "x.com"))))) + (should (equal (auth-source-search :host "foo") '((:host "foo"))))))) ;; Output port type (int or string) matches that of input parameter. -- 2.46.0 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* bug#72441: 31.0.50; Auth-source-pass doesn't match password attributes or hosts without user when extra-query-keywords is true 2024-08-10 13:58 ` J.P. @ 2024-08-12 19:33 ` J.P. 2024-09-06 23:16 ` J.P. 0 siblings, 1 reply; 6+ messages in thread From: J.P. @ 2024-08-12 19:33 UTC (permalink / raw) To: 72441; +Cc: Björn Bidar [-- Attachment #1: Type: text/plain, Size: 481 bytes --] While exploring ways to tackle this feature, I stumbled on a couple minor bugs related to `auth-source-pass-extra-query-keywords'. Because there's no telling when we'll end up with something installable for this feature, I've gone ahead and isolated the fixes into a separate patch (0001 in the attached). It's probably safe enough for Emacs 30, but since the option was introduced back in 29, I'll just install it on master (unless I hear otherwise in the coming days). Thanks. [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: 0000-v2-v3.diff --] [-- Type: text/x-patch, Size: 7149 bytes --] From d9bd10debf6c3930669aedb896026f9f19b54466 Mon Sep 17 00:00:00 2001 From: "F. Jason Park" <jp@neverwas.me> Date: Mon, 12 Aug 2024 07:00:23 -0700 Subject: [PATCH 0/2] *** NOT A PATCH *** *** BLURB HERE *** F. Jason Park (2): Fix deviations in auth-source-pass behavior WRT netrc [POC] Match attrs with auth-source-pass-extra-query-keywords lisp/auth-source-pass.el | 146 ++++++++++++++++++++-------- test/lisp/auth-source-pass-tests.el | 138 +++++++++++++++++++++++++- 2 files changed, 237 insertions(+), 47 deletions(-) Interdiff: diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el index 0df7817f501..a52dafc5ab2 100644 --- a/lisp/auth-source-pass.el +++ b/lisp/auth-source-pass.el @@ -266,9 +266,10 @@ auth-source-pass--cast-port (defun auth-source-pass--match-parts (cache key reference require) (let ((value (plist-get cache key))) - (if (memq key require) - (if reference (equal value reference) value) - (or (null reference) (null value) (equal value reference))))) + (cond ((memq key require) + (if reference (equal value reference) value)) + ((and value reference) (equal value reference)) + (t)))) (defvar auth-source-pass-check-attrs-with-extra-query-keywords t "When non-nil, decrypt files to find attributes matching parameters. diff --git a/test/lisp/auth-source-pass-tests.el b/test/lisp/auth-source-pass-tests.el index c6662cd8b42..695635299f9 100644 --- a/test/lisp/auth-source-pass-tests.el +++ b/test/lisp/auth-source-pass-tests.el @@ -548,6 +548,44 @@ auth-source-pass-extra-query-keywords--wild-port-hit '((:host "x.com" :secret "a") (:host "x.com" :port 42 :secret "b"))))))) +;; The query requires a user and doesn't specify a user to match against. +;; The only entry matching the host lacks a user, so the search fails. + +(ert-deftest auth-source-pass-extra-query-keywords--req-noparam-miss-netrc () + (ert-with-temp-file netrc-file + :text "machine foo password a\n" + (let ((auth-sources (list netrc-file)) + (auth-source-do-cache nil)) + (should-not (auth-source-search :host "foo" :require '(:user) :max 2))))) + +(ert-deftest auth-source-pass-extra-query-keywords--req-noparam-miss () + (let ((auth-source-pass-extra-query-keywords t)) + (auth-source-pass--with-store '(("foo" (secret . "a"))) + (auth-source-pass-enable) + (should-not (auth-source-search :host "foo" :require '(:user) :max 2))))) + +;; The query requires a user but does not provide a reference value to +;; match against. An entry matching the host that specifies a user is +;; selected because any user will do. +(ert-deftest auth-source-pass-extra-query-keywords--req-param-netrc () + (ert-with-temp-file netrc-file + :text "machine foo login bob password a\n" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "foo" :require '(:user)))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '((:host "foo" :user "bob" :secret "a"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--req-param () + (let ((auth-source-pass-extra-query-keywords t)) + (auth-source-pass--with-store '(("foo/bob" (secret . "a"))) + (auth-source-pass-enable) + (let ((results (auth-source-search :host "foo" :require '(:user)))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '((:host "foo" :user "bob" :secret "a")))))))) + ;; No entry has the requested port, but :port is required, so search fails. (ert-deftest auth-source-pass-extra-query-keywords--wild-port-req-miss-netrc () @@ -601,7 +639,7 @@ auth-source-pass-extra-query-keywords--akib (should (equal results '((:host "disroot.org" :user "akib" :secret "b"))))))) -(ert-deftest auth-source-pass-extra-query-keywords--akib/attr () +(ert-deftest auth-source-pass-extra-query-keywords--akib-attr () (auth-source-pass--with-store '(("x.com" (secret . "a")) ("disroot.org" (secret . "b") ("user" . "akib") ("port" . "42")) @@ -638,23 +676,7 @@ auth-source-pass-extra-query-keywords--akib/attr '(( :host "disroot.org" :user "akib" :port 42 :secret "b"))))))) -(ert-deftest auth-source-pass-extra-query-keywords--netrc-akib/require () - (ert-with-temp-file netrc-file - :text "\ -machine x.com password a -machine disroot.org user akib password b -machine z.com password c -" - (let* ((auth-sources (list netrc-file)) - (auth-source-do-cache nil) - (results (auth-source-search :host "disroot.org" - :require '(:user) :max 2))) - (dolist (result results) - (setf (plist-get result :secret) (auth-info-password result))) - (should (equal results - '((:host "disroot.org" :user "akib" :secret "b"))))))) - -(ert-deftest auth-source-pass-extra-query-keywords--akib/attr/require () +(ert-deftest auth-source-pass-extra-query-keywords--akib-attr-req () (auth-source-pass--with-store '(("x.com" (secret . "a")) ("disroot.org" (secret . "b") ("user" . "akib")) @@ -668,7 +690,23 @@ auth-source-pass-extra-query-keywords--akib/attr/require (should (equal results '((:host "disroot.org" :user "akib" :secret "b"))))))) -(ert-deftest auth-source-pass-extra-query-keywords--akib/attr/extras () +(ert-deftest auth-source-pass-extra-query-keywords--akib-attr-extras-netrc () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine disroot.org user akib port 42 password b foo 1 bar 2 +machine z.com password c +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "disroot.org" :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '((:host "disroot.org" :user "akib" :port "42" + :secret "b" :foo "1" :bar "2"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--akib-attr-extras () (auth-source-pass--with-store '(("x.com" (secret . "a")) ("disroot.org" (secret . "b") ("user" . "akib") @@ -713,8 +751,8 @@ auth-source-pass-extra-query-keywords--host '((:host "Libera.Chat" :secret "b"))))))) -;; A retrieved store entry mustn't be nil regardless of whether its -;; path contains port or user components. +;; An effectively empty entry in the store returns nothing but the +;; :host field matching the given host parameter. (ert-deftest auth-source-pass-extra-query-keywords--netrc-baseline () (ert-with-temp-file netrc-file -- 2.46.0 [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #3: 0001-Fix-deviations-in-auth-source-pass-behavior-WRT-netr.patch --] [-- Type: text/x-patch, Size: 7898 bytes --] From 1aa0f941d79b77de4a87a8043f13607c0719f5d0 Mon Sep 17 00:00:00 2001 From: "F. Jason Park" <jp@neverwas.me> Date: Sun, 11 Aug 2024 21:55:32 -0700 Subject: [PATCH 1/2] Fix deviations in auth-source-pass behavior WRT netrc The option `auth-source-pass-extra-query-keywords' aims to make this back end hew as close to the other built-in ones as possible, except WRT features not yet implemented, such as arbitrary "attribute" retrieval and new entry creation. This change only concerns behavior exhibited when the option is enabled. * lisp/auth-source-pass.el (auth-source-pass--match-parts): Account for the case in which a query lacks a reference parameter for a `:port' or `:user' but still requires one or both via the `:require' keyword. Previously, such a query would fail even when an entry met this requirement by simply specifying a field with any non-null value corresponding to the required parameter. (auth-source-pass--find-match-many): Account for the baseline case where a matching entry lacks a secret and the user doesn't require one. Although this function doesn't currently return so-called "attributes" from the contents of a matching decrypted file, were it to eventually, this case would no longer be academic. * test/lisp/auth-source-pass-tests.el (auth-source-pass-extra-query-keywords--req-noparam-miss-netrc) (auth-source-pass-extra-query-keywords--req-noparam-miss) (auth-source-pass-extra-query-keywords--req-param-netrc) (auth-source-pass-extra-query-keywords--req-param): New tests. (auth-source-pass-extra-query-keywords--netrc-baseline): New test asserting behavior of netrc backend when passed a lone `:host' as a query parameter. (auth-source-pass-extra-query-keywords--baseline): Reverse expected outcome to match that of the netrc reference implementation. (bug#72441) --- lisp/auth-source-pass.el | 19 +++++----- test/lisp/auth-source-pass-tests.el | 54 ++++++++++++++++++++++++++--- 2 files changed, 60 insertions(+), 13 deletions(-) diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el index 03fd1f35811..dd93d414d5e 100644 --- a/lisp/auth-source-pass.el +++ b/lisp/auth-source-pass.el @@ -271,11 +271,12 @@ auth-source-pass--retrieve-parsed n))) seen))) -(defun auth-source-pass--match-parts (parts key value require) - (let ((mv (plist-get parts key))) - (if (memq key require) - (and value (equal mv value)) - (or (not value) (not mv) (equal mv value))))) +(defun auth-source-pass--match-parts (cache key reference require) + (let ((value (plist-get cache key))) + (cond ((memq key require) + (if reference (equal value reference) value)) + ((and value reference) (equal value reference)) + (t)))) (defun auth-source-pass--find-match-many (hosts users ports require max) "Return plists for valid combinations of HOSTS, USERS, PORTS." @@ -290,17 +291,17 @@ auth-source-pass--find-match-many (dolist (user (or users (list u))) (dolist (port (or ports (list p))) (dolist (e entries) - (when-let* + (when-let ((m (or (gethash e seen) (auth-source-pass--retrieve-parsed seen e (integerp port)))) ((equal host (plist-get m :host))) ((auth-source-pass--match-parts m :port port require)) ((auth-source-pass--match-parts m :user user require)) - (parsed (auth-source-pass-parse-entry e)) ;; For now, ignore body-content pairs, if any, ;; from `auth-source-pass--parse-data'. - (secret (or (auth-source-pass--get-attr 'secret parsed) - (not (memq :secret require))))) + (secret (let ((parsed (auth-source-pass-parse-entry e))) + (or (auth-source-pass--get-attr 'secret parsed) + (not (memq :secret require)))))) (push `( :host ,host ; prefer user-provided :host over h ,@(and-let* ((u (plist-get m :user))) (list :user u)) diff --git a/test/lisp/auth-source-pass-tests.el b/test/lisp/auth-source-pass-tests.el index 6455c3393d5..c54936c3f92 100644 --- a/test/lisp/auth-source-pass-tests.el +++ b/test/lisp/auth-source-pass-tests.el @@ -548,6 +548,44 @@ auth-source-pass-extra-query-keywords--wild-port-hit '((:host "x.com" :secret "a") (:host "x.com" :port 42 :secret "b"))))))) +;; The query requires a user and doesn't specify a user to match against. +;; The only entry matching the host lacks a user, so the search fails. + +(ert-deftest auth-source-pass-extra-query-keywords--req-noparam-miss-netrc () + (ert-with-temp-file netrc-file + :text "machine foo password a\n" + (let ((auth-sources (list netrc-file)) + (auth-source-do-cache nil)) + (should-not (auth-source-search :host "foo" :require '(:user) :max 2))))) + +(ert-deftest auth-source-pass-extra-query-keywords--req-noparam-miss () + (let ((auth-source-pass-extra-query-keywords t)) + (auth-source-pass--with-store '(("foo" (secret . "a"))) + (auth-source-pass-enable) + (should-not (auth-source-search :host "foo" :require '(:user) :max 2))))) + +;; The query requires a user but does not provide a reference value to +;; match against. An entry matching the host that specifies a user is +;; selected because any user will do. +(ert-deftest auth-source-pass-extra-query-keywords--req-param-netrc () + (ert-with-temp-file netrc-file + :text "machine foo login bob password a\n" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "foo" :require '(:user)))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '((:host "foo" :user "bob" :secret "a"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--req-param () + (let ((auth-source-pass-extra-query-keywords t)) + (auth-source-pass--with-store '(("foo/bob" (secret . "a"))) + (auth-source-pass-enable) + (let ((results (auth-source-search :host "foo" :require '(:user)))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results '((:host "foo" :user "bob" :secret "a")))))))) + ;; No entry has the requested port, but :port is required, so search fails. (ert-deftest auth-source-pass-extra-query-keywords--wild-port-req-miss-netrc () @@ -629,14 +667,22 @@ auth-source-pass-extra-query-keywords--host '((:host "Libera.Chat" :secret "b"))))))) -;; A retrieved store entry mustn't be nil regardless of whether its -;; path contains port or user components. +;; An effectively empty entry in the store returns nothing but the +;; :host field matching the given host parameter. + +(ert-deftest auth-source-pass-extra-query-keywords--netrc-baseline () + (ert-with-temp-file netrc-file + :text "machine foo\n" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "foo"))) + (should (equal results '((:host "foo"))))))) (ert-deftest auth-source-pass-extra-query-keywords--baseline () (let ((auth-source-pass-extra-query-keywords t)) - (auth-source-pass--with-store '(("x.com")) + (auth-source-pass--with-store '(("foo")) (auth-source-pass-enable) - (should-not (auth-source-search :host "x.com"))))) + (should (equal (auth-source-search :host "foo") '((:host "foo"))))))) ;; Output port type (int or string) matches that of input parameter. -- 2.46.0 [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #4: 0002-POC-Match-attrs-with-auth-source-pass-extra-query-ke.patch --] [-- Type: text/x-patch, Size: 13936 bytes --] From d9bd10debf6c3930669aedb896026f9f19b54466 Mon Sep 17 00:00:00 2001 From: "F. Jason Park" <jp@neverwas.me> Date: Wed, 7 Aug 2024 22:23:09 -0700 Subject: [PATCH 2/2] [POC] Match attrs with auth-source-pass-extra-query-keywords * lisp/auth-source-pass.el (auth-source-pass--retrieve-parsed): Remove unused function. (auth-source-pass--cast-port): New function, a helper to match an entry's port to the given query param's type. (auth-source-pass--match-parts): Return non-nil when a key is required but the value is null. Not doing so produced behavior that deviated from the reference netrc implementation and was thus a bug. (auth-source-pass-check-attrs-with-extra-query-keywords): New variable, a flag to opt out of arguably expensive attribute lookups. (auth-source-pass--find-matched-entry): New function to isolate processing logic for a single entry. (auth-source-pass--find-match-many): Move single-entry processing logic to separate helper, mainly for readability. * test/lisp/auth-source-pass-tests.el (auth-source-pass-extra-query-keywords--akib-attr) (auth-source-pass-extra-query-keywords--akib-attr-req) (auth-source-pass-extra-query-keywords--akib-attr-netrc) (auth-source-pass-extra-query-keywords--akib-attr-extras) (auth-source-pass-extra-query-keywords--netrc-baseline): New tests. (auth-source-pass-extra-query-keywords--baseline): Reverse expected outcome to match reference implementation. That it didn't before was a bug. (Bug#72441) --- lisp/auth-source-pass.el | 133 ++++++++++++++++++++-------- test/lisp/auth-source-pass-tests.el | 84 ++++++++++++++++++ 2 files changed, 180 insertions(+), 37 deletions(-) diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el index dd93d414d5e..a52dafc5ab2 100644 --- a/lisp/auth-source-pass.el +++ b/lisp/auth-source-pass.el @@ -256,20 +256,13 @@ auth-source-pass--find-match hosts (list hosts)))) -(defun auth-source-pass--retrieve-parsed (seen path port-number-p) - (when (string-match auth-source-pass--match-regexp path) - (puthash path - `( :host ,(or (match-string 10 path) (match-string 11 path)) - ,@(if-let* ((tr (match-string 21 path))) - (list :user tr :suffix t) - (list :user (match-string 20 path))) - :port ,(and-let* ((p (or (match-string 30 path) - (match-string 31 path))) - (n (string-to-number p))) - (if (or (zerop n) (not port-number-p)) - (format "%s" p) - n))) - seen))) +(defun auth-source-pass--cast-port (val ref) + (cond ((integerp val) val) + ((and-let* (((integerp ref)) + (n (string-to-number val)) + ((not (zerop n)))) + n)) + (t (format "%s" val)))) (defun auth-source-pass--match-parts (cache key reference require) (let ((value (plist-get cache key))) @@ -278,11 +271,87 @@ auth-source-pass--match-parts ((and value reference) (equal value reference)) (t)))) +(defvar auth-source-pass-check-attrs-with-extra-query-keywords t + "When non-nil, decrypt files to find attributes matching parameters. +However, give precedence to fields encoded in file names. Only applies +when `auth-source-pass-extra-query-keywords' is non-nil.") + +;; This function tries to defer decryption as long as possible. For +;; that reason, an entry's file-path-derived :port or :user field +;; always takes precedence over their counterparts from a decrypted +;; file's attribute list. +(defun auth-source-pass--find-matched-entry (host user port require seen entry) + "Match ENTRY against query params HOST USER PORT REQUIRE with cache SEEN." + (when (string-match auth-source-pass--match-regexp entry) + (let* ((cached (gethash entry seen)) + (optp auth-source-pass-check-attrs-with-extra-query-keywords) + (suffixedp nil) + (h (or (and cached (plist-get cached :host)) + (match-string 10 entry) + (match-string 11 entry))) + (attrs (and cached (plist-get :attrs cached))) + (getat (lambda (k) + (save-match-data + (unless attrs + (setq attrs (auth-source-pass-parse-entry entry))) + (auth-source-pass--get-attr k attrs)))) + (u (cond (cached (plist-get cached :user)) + ((and-let* ((u (match-string 21 entry))) + (setq suffixedp t) + u)) + ((match-string 20 entry)) + ((and optp (or user (memq :user require))) + (funcall getat "user")))) + (p (cond (cached (plist-get cached :port)) + ((match-string 30 entry)) + ((match-string 31 entry)) + ((and optp (or port (memq :port require))) + (funcall getat "port")))) + ;; + s extras) + (when p + (setq p (auth-source-pass--cast-port p port))) + (unless cached + (setq cached `( :host ,h + ,@(and u (list :user u)) + ,@(and p (list :port p)) + ,@(and suffixedp (list :suffix t)) + ,@(and attrs (list :attrs attrs)))) + (puthash entry cached seen)) + (when (and (equal host h) + (auth-source-pass--match-parts cached :port port require) + (auth-source-pass--match-parts cached :user user require) + (setq s (or (funcall getat 'secret) + (not (memq :secret require))))) + (let (tmp) + (while-let ((v (pop attrs)) + (k (pop v))) + (pcase k + ((or "user" "username") + (unless (or user u) + (setq u v + cached (plist-put cached :user u)))) + ("port" + (unless (or port p) + (setq p (auth-source-pass--cast-port v port) + cached (plist-put cached :port p)))) + ((pred stringp) + (push (intern (concat ":" k)) extras) + (push v extras) + (push (cons k v) tmp)))) + (setq attrs (nreverse tmp))) + (puthash entry (plist-put cached :attrs attrs) seen) + `( :host ,host + ,@(and u (list :user u)) + ,@(and p (list :port p)) + ,@(and s (not (eq s t)) (list :secret s)) + ,@(nreverse extras)))))) + (defun auth-source-pass--find-match-many (hosts users ports require max) "Return plists for valid combinations of HOSTS, USERS, PORTS." (let ((seen (make-hash-table :test #'equal)) (entries (auth-source-pass-entries)) - out suffixed suffixedp) + out suffixed) (catch 'done (dolist (host hosts out) (pcase-let ((`(,_ ,u ,p) (auth-source-pass--disambiguate host))) @@ -290,28 +359,18 @@ auth-source-pass--find-match-many (setq p nil)) (dolist (user (or users (list u))) (dolist (port (or ports (list p))) - (dolist (e entries) - (when-let - ((m (or (gethash e seen) (auth-source-pass--retrieve-parsed - seen e (integerp port)))) - ((equal host (plist-get m :host))) - ((auth-source-pass--match-parts m :port port require)) - ((auth-source-pass--match-parts m :user user require)) - ;; For now, ignore body-content pairs, if any, - ;; from `auth-source-pass--parse-data'. - (secret (let ((parsed (auth-source-pass-parse-entry e))) - (or (auth-source-pass--get-attr 'secret parsed) - (not (memq :secret require)))))) - (push - `( :host ,host ; prefer user-provided :host over h - ,@(and-let* ((u (plist-get m :user))) (list :user u)) - ,@(and-let* ((p (plist-get m :port))) (list :port p)) - ,@(and secret (not (eq secret t)) (list :secret secret))) - (if (setq suffixedp (plist-get m :suffix)) suffixed out)) - (unless suffixedp - (when (or (zerop (cl-decf max)) - (null (setq entries (delete e entries)))) - (throw 'done out))))) + (dolist (entry entries) + (let* ((result (auth-source-pass--find-matched-entry + host user port require seen entry)) + ;; + suffixedp) + (when result + (setq suffixedp (plist-get (gethash entry seen) :suffix)) + (push result (if suffixedp suffixed out)) + (unless suffixedp + (when (or (zerop (cl-decf max)) + (null (setq entries (delete entry entries)))) + (throw 'done out)))))) (setq suffixed (nreverse suffixed)) (while suffixed (push (pop suffixed) out) diff --git a/test/lisp/auth-source-pass-tests.el b/test/lisp/auth-source-pass-tests.el index c54936c3f92..695635299f9 100644 --- a/test/lisp/auth-source-pass-tests.el +++ b/test/lisp/auth-source-pass-tests.el @@ -639,6 +639,90 @@ auth-source-pass-extra-query-keywords--akib (should (equal results '((:host "disroot.org" :user "akib" :secret "b"))))))) +(ert-deftest auth-source-pass-extra-query-keywords--akib-attr () + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("disroot.org" (secret . "b") + ("user" . "akib") ("port" . "42")) + ("z.com" (secret . "c"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + results) + + ;; Non-matching query param. + (setq results (auth-source-search :host "disroot.org" :user "?" :max 2)) + (should-not results) + + ;; No query params matching attrs. + (setq results (auth-source-search :host "disroot.org" :max 2)) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '(( :host "disroot.org" :user "akib" + :port "42" :secret "b")))) + + ;; Matching user query param. + (setq results (auth-source-search :host "disroot.org" :user "akib")) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '(( :host "disroot.org" :user "akib" + :port "42" :secret "b")))) + + ;; Matching port typed query param. + (setq results (auth-source-search :host "disroot.org" :port 42)) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '(( :host "disroot.org" :user "akib" + :port 42 :secret "b"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--akib-attr-req () + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("disroot.org" (secret . "b") + ("user" . "akib")) + ("z.com" (secret . "c"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host "disroot.org" + :require '(:user) :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '((:host "disroot.org" :user "akib" :secret "b"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--akib-attr-extras-netrc () + (ert-with-temp-file netrc-file + :text "\ +machine x.com password a +machine disroot.org user akib port 42 password b foo 1 bar 2 +machine z.com password c +" + (let* ((auth-sources (list netrc-file)) + (auth-source-do-cache nil) + (results (auth-source-search :host "disroot.org" :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '((:host "disroot.org" :user "akib" :port "42" + :secret "b" :foo "1" :bar "2"))))))) + +(ert-deftest auth-source-pass-extra-query-keywords--akib-attr-extras () + (auth-source-pass--with-store '(("x.com" (secret . "a")) + ("disroot.org" (secret . "b") + ("user" . "akib") + ("port" . "42") + ("foo" . "1") + ("bar" . "2")) + ("z.com" (secret . "c"))) + (auth-source-pass-enable) + (let* ((auth-source-pass-extra-query-keywords t) + (results (auth-source-search :host "disroot.org" :max 2))) + (dolist (result results) + (setf (plist-get result :secret) (auth-info-password result))) + (should (equal results + '((:host "disroot.org" :user "akib" :port "42" + :secret "b" :foo "1" :bar "2"))))))) + ;; Searches for :host are case-sensitive, and a returned host isn't ;; normalized. -- 2.46.0 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* bug#72441: 31.0.50; Auth-source-pass doesn't match password attributes or hosts without user when extra-query-keywords is true 2024-08-12 19:33 ` J.P. @ 2024-09-06 23:16 ` J.P. 0 siblings, 0 replies; 6+ messages in thread From: J.P. @ 2024-09-06 23:16 UTC (permalink / raw) To: 72441; +Cc: Björn Bidar "J.P." <jp@neverwas.me> writes: > While exploring ways to tackle this feature, I stumbled on a couple > minor bugs related to `auth-source-pass-extra-query-keywords'. > > Because there's no telling when we'll end up with something installable > for this feature, I've gone ahead and isolated the fixes into a separate > patch (0001 in the attached). It's probably safe enough for Emacs 30, > but since the option was introduced back in 29, I'll just install it on > master (unless I hear otherwise in the coming days). Thanks. Installed on master as https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=80228d1f As previously mentioned, the above commit only addresses an ancillary issue, so the bug should remain open. ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-09-06 23:16 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-08-03 11:12 bug#72441: 31.0.50; Auth-source-pass doesn't match password attributes or hosts without user when extra-query-keywords is true Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-08-09 18:02 ` J.P.
2024-08-09 19:20 ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
[not found] ` <87ed6xy03r.fsf@>
2024-08-10 13:58 ` J.P.
2024-08-12 19:33 ` J.P.
2024-09-06 23:16 ` J.P.
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/emacs.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).