* bug#49289: 28.0.50; auth-source-search may return doubly obfuscated :secret value
@ 2021-06-30 10:18 Kazuhiro Ito
2021-06-30 12:28 ` Lars Ingebrigtsen
0 siblings, 1 reply; 3+ messages in thread
From: Kazuhiro Ito @ 2021-06-30 10:18 UTC (permalink / raw)
To: 49289
When I have ~/.authinfo entry of 'mail.example.com' for user 'foo' but
not user 'bar',
~/.authinfo
machine mail.example.com login foo password abcdef
for user other than 'foo', auth-source-search returns a function which
returns a function which returns a string.
(progn
(require 'auth-source)
(list
(funcall
(plist-get
(car (auth-source-search
:host "mail.example.com" :user "foo"
:require '(:secret) :create t))
:secret))
(funcall
(funcall
;; *** funcall called twice. ***
(plist-get
(car (auth-source-search
:host "mail.example.com" :user "bar"
:require '(:secret) :create t))
:secret)))))
-> ("abcdef" "abcdef")
I don't know whether auth-source supports multiple accounts on the
same host and whether it is a feature that auth-source-search tend to
return other user's password. But I think doubly obfuscated :secret
value is obviously a bug.
--
Kazuhiro Ito
^ permalink raw reply [flat|nested] 3+ messages in thread
* bug#49289: 28.0.50; auth-source-search may return doubly obfuscated :secret value
2021-06-30 10:18 bug#49289: 28.0.50; auth-source-search may return doubly obfuscated :secret value Kazuhiro Ito
@ 2021-06-30 12:28 ` Lars Ingebrigtsen
2024-06-18 15:00 ` Michael Albinus via Bug reports for GNU Emacs, the Swiss army knife of text editors
0 siblings, 1 reply; 3+ messages in thread
From: Lars Ingebrigtsen @ 2021-06-30 12:28 UTC (permalink / raw)
To: Kazuhiro Ito; +Cc: 49289
Kazuhiro Ito <kzhr@d1.dion.ne.jp> writes:
> I don't know whether auth-source supports multiple accounts on the
> same host and whether it is a feature that auth-source-search tend to
> return other user's password. But I think doubly obfuscated :secret
> value is obviously a bug.
I think both things are bugs, and the second happens because of the
first bug. I've now pushed a fix for this to Emacs 28.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
^ permalink raw reply [flat|nested] 3+ messages in thread
* bug#49289: 28.0.50; auth-source-search may return doubly obfuscated :secret value
2021-06-30 12:28 ` Lars Ingebrigtsen
@ 2024-06-18 15:00 ` Michael Albinus via Bug reports for GNU Emacs, the Swiss army knife of text editors
0 siblings, 0 replies; 3+ messages in thread
From: Michael Albinus via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2024-06-18 15:00 UTC (permalink / raw)
To: Lars Ingebrigtsen; +Cc: Kazuhiro Ito, 49289
Lars Ingebrigtsen <larsi@gnus.org> writes:
> Kazuhiro Ito <kzhr@d1.dion.ne.jp> writes:
>
>> I don't know whether auth-source supports multiple accounts on the
>> same host and whether it is a feature that auth-source-search tend to
>> return other user's password. But I think doubly obfuscated :secret
>> value is obviously a bug.
>
> I think both things are bugs, and the second happens because of the
> first bug. I've now pushed a fix for this to Emacs 28.
FTR, I've pushed a similar fix to the secrets and plstore backends. Will
be visible with Emacs 30.
Best regards, Michael.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-06-18 15:00 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-06-30 10:18 bug#49289: 28.0.50; auth-source-search may return doubly obfuscated :secret value Kazuhiro Ito
2021-06-30 12:28 ` Lars Ingebrigtsen
2024-06-18 15:00 ` Michael Albinus via Bug reports for GNU Emacs, the Swiss army knife of text editors
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).