From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Karl Fogel Newsgroups: gmane.emacs.devel Subject: [PATCH] Keep network security info buffers after use Date: Sun, 17 Dec 2023 13:02:16 -0600 Message-ID: <87plz4irev.fsf@red-bean.com> Reply-To: Karl Fogel Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="2542"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) To: Emacs Devel Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Sun Dec 17 20:03:30 2023 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rEwQ9-0000N4-NP for ged-emacs-devel@m.gmane-mx.org; Sun, 17 Dec 2023 20:03:26 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rEwPB-0003oX-1L; Sun, 17 Dec 2023 14:02:25 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rEwP8-0003oN-9s for emacs-devel@gnu.org; Sun, 17 Dec 2023 14:02:22 -0500 Original-Received: from sanpietro.red-bean.com ([45.79.25.59]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rEwP6-0004hf-7P for emacs-devel@gnu.org; Sun, 17 Dec 2023 14:02:22 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=red-bean.com; s=202005newsp; h=Content-Type:MIME-Version:Message-ID:Date: Reply-To:Subject:To:From:Sender:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:In-Reply-To:References; bh=mVPY0zDKnfk9QiXY7NHU641zZdelS4JbZzWLJ8lHB2U=; t=1702839737; x=1704049337; b=OXk0L6dQDl2nv8QijpwT0Mb3NwUfPh79TYnnmFLY1sT5Ad7a10TXL2JmatalK6ExI6QPQwbqGH3 Ar+WcjN1pX+vKhSFlTFqZmIV6TBQQn2e0aMA1bsIFZ6rh+UPYKQALpKOkKGmNsX03jvkDzjgx3ju4 l7eJruUGw8ZX/NwntLeyyg41l8Bmj6hLfA1DSWfRV0YYqVe5Jj4IVfBm6SpV33SV1ZzB9nAVSW2cu ftitNxN2SoOfnQ0Y45UMHZ0e8zIfJsIUVTykELDBbolZHJD9lwCW8rPX/3E6/Ppatbg9s4XyYjr8j FHkrXyuL7RggaJtbNGJEyhMSlZQiK4z//TVA==; Original-Received: from 99-112-125-163.lightspeed.cicril.sbcglobal.net ([99.112.125.163]:33698 helo=qfloss) by sanpietro.red-bean.com with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rEwP3-005ifa-02 for emacs-devel@gnu.org; Sun, 17 Dec 2023 19:02:17 +0000 Received-SPF: pass client-ip=45.79.25.59; envelope-from=kfogel@red-bean.com; helo=sanpietro.red-bean.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:313943 Archived-At: --=-=-= Content-Type: text/plain; format=flowed What do people think of the attached behavior change? Summary: after the user is prompted about whether to accept a remote cert, the buffer(s) with information about the cert should stay around, instead of being killed like they currently are. Request: I'd like to know if people agree with the overall goal here. I'm still testing the change (I need to learn something new in order to test it -- namely, how to artifically "forget" a cert so that I get re-prompted again, and if anyone has tips on that, I'm all ears). Motivation: Recently I was sending an email from Emacs on a new machine, and I got prompted about whether to accept the remote SMTP server's cert. The prompt function is `nsm-query-user', and its manner of prompting didn't allow me to easily leave the minibuffer to go into the "*Network Security Manager*" buffer and grab the cert info so that I could save it to inspect further later on (maybe there was something I could have done with a recursive edit, but I didn't want to break my flow that much). So after accepting the cert, I tried to go back to the "*Network Security Manager*" buffer to get the remote server fingerprint -- but alas, the buffer was gone. Hence this change: make it so that that buffer (and another related cert-specific buffer) stay around after the user has been prompted, in case the user wants to go back and get the information in them. I'm not sure whether just eliminating the calls to `kill-buffer' is enough. Maybe they should be replaced with `bury-buffer' calls, to make sure that those buffers aren't in the user's face? As I said above, I'm still testing. I'd just like to know if we agree with the goal of this change. I won't push it to master until a) I know we agree on the goal, and b) it's fully tested. Best regards, -Karl --=-=-= Content-Type: text/plain Content-Disposition: attachment; filename=0001-Keep-network-security-info-buffers-after-use.patch Content-Description: Keep network security info buffers after use >From 3b9a564d2aaae83f612d55f4d9592fa5d96986eb Mon Sep 17 00:00:00 2001 From: Karl Fogel Date: Sun, 17 Dec 2023 12:17:11 -0600 Subject: [PATCH] Keep network security info buffers after use * lisp/net/nsm.el (nsm-query-user): Don't kill the two informational buffers "*Network Security Manager*" and "*Certificate Details*". Even after making a decision about a certificate, the user might want to go back to those buffers to get information from them. Note that while the diff is large, the actual change is tiny. The removal of the `unwind-protect' wrapper caused much reindentation (there's nothing to unwind now, as both unwindforms went away). The "real" diff is just the removal of the two `kill-buffer' calls at the end of the function and would look something like this: --- lisp/net/nsm.el +++ lisp/net/nsm.el @@ -918,9 +918,7 @@ nsm-query-user (goto-char (point-min)) (read-only-mode))))) ;; Return the answer. - (cadr answer)) - (kill-buffer cert-buffer) - (kill-buffer buffer))))) + (cadr answer)))))) --- lisp/net/nsm.el | 139 ++++++++++++++++++++++++------------------------ 1 file changed, 69 insertions(+), 70 deletions(-) diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el index 09f7ac52537..9df08b33ca9 100644 --- a/lisp/net/nsm.el +++ b/lisp/net/nsm.el @@ -846,81 +846,80 @@ nsm-query-user '((?b "backward page" "See previous page") (?f "forward page" "See next page")))))) ;; Then ask the user what to do about it. - (unwind-protect - (let* ((pems (cl-loop for cert in certs - collect (gnutls-format-certificate - (plist-get cert :pem)))) - (cert-index 0) - show-details answer buf) - (while (not done) - (setq answer (if show-details - (read-multiple-choice "Viewing certificate:" - details-choices) - (read-multiple-choice "Continue connecting?" - accept-choices))) - (setq buf (if show-details cert-buffer buffer)) - - (cl-case (car answer) - (?q - ;; Exit the details window. - (set-window-buffer (get-buffer-window cert-buffer) buffer) - (setq show-details nil)) - - (?d - ;; Enter the details window. - (set-window-buffer (get-buffer-window buffer) cert-buffer) - (with-current-buffer cert-buffer - (read-only-mode -1) - (insert (nth cert-index pems)) - (goto-char (point-min)) - (read-only-mode)) - (setq show-details t)) - - (?b - ;; Scroll down. - (with-selected-window (get-buffer-window buf) - (with-current-buffer buf - (ignore-errors (scroll-down))))) - - (?f - ;; Scroll up. - (with-selected-window (get-buffer-window buf) - (with-current-buffer buf - (ignore-errors (scroll-up))))) - - (?n - ;; "No" or "next certificate". - (if show-details - (with-current-buffer cert-buffer - (read-only-mode -1) - (erase-buffer) - (setq cert-index (mod (1+ cert-index) (length pems))) - (insert (nth cert-index pems)) - (goto-char (point-min)) - (read-only-mode)) - (setq done t))) - - (?a - ;; "Always" - (setq done t)) - - (?s - ;; "Session only" - (setq done t)) - - (?p - ;; Previous certificate. + (let* ((pems (cl-loop for cert in certs + collect (gnutls-format-certificate + (plist-get cert :pem)))) + (cert-index 0) + show-details answer buf) + (while (not done) + (setq answer (if show-details + (read-multiple-choice "Viewing certificate:" + details-choices) + (read-multiple-choice "Continue connecting?" + accept-choices))) + (setq buf (if show-details cert-buffer buffer)) + + (cl-case (car answer) + (?q + ;; Exit the details window. + (set-window-buffer (get-buffer-window cert-buffer) buffer) + (setq show-details nil)) + + (?d + ;; Enter the details window. + (set-window-buffer (get-buffer-window buffer) cert-buffer) + (with-current-buffer cert-buffer + (read-only-mode -1) + (insert (nth cert-index pems)) + (goto-char (point-min)) + (read-only-mode)) + (setq show-details t)) + + (?b + ;; Scroll down. + (with-selected-window (get-buffer-window buf) + (with-current-buffer buf + (ignore-errors (scroll-down))))) + + (?f + ;; Scroll up. + (with-selected-window (get-buffer-window buf) + (with-current-buffer buf + (ignore-errors (scroll-up))))) + + (?n + ;; "No" or "next certificate". + (if show-details (with-current-buffer cert-buffer (read-only-mode -1) (erase-buffer) - (setq cert-index (mod (1- cert-index) (length pems))) + (setq cert-index (mod (1+ cert-index) (length pems))) (insert (nth cert-index pems)) (goto-char (point-min)) - (read-only-mode))))) - ;; Return the answer. - (cadr answer)) - (kill-buffer cert-buffer) - (kill-buffer buffer))))) + (read-only-mode)) + (setq done t))) + + (?a + ;; "Always" + (setq done t)) + + (?s + ;; "Session only" + (setq done t)) + + (?p + ;; Previous certificate. + (with-current-buffer cert-buffer + (read-only-mode -1) + (erase-buffer) + (setq cert-index (mod (1- cert-index) (length pems))) + (insert (nth cert-index pems)) + (goto-char (point-min)) + (read-only-mode))))) + ;; Return the answer. (We leave `buffer' and `cert-buffer' + ;; around, in case the user wants to go back and get any + ;; information from them.) + (cadr answer))))) (defun nsm-save-host (host port status what problems permanency) (let* ((id (nsm-id host port)) -- 2.43.0 --=-=-=--