Re: tramp-auto-auth.el --- TRAMP automatic authentication library

[Michael Albinus <michael.albinus@gmx.de>]

Bruno Félix Rezende Ribeiro <oitofelix@gnu.org> writes:

> Hello Michael and other GNU Emacs developers,

Hi Bruno,

>> Frankly, I'm not enthusiastic adding cleartext passwords into
>> Tramp. This has all the security flaws you know, and is good for
>> problems. At least in core Tramp it shouldn't be propagated.
>
> Please, find attached the implementation of tramp-auto-auth.el using
> exclusively the auth-source library.

Thanks for this! It looks better now to my eyes.

> I did as you suggested except that I didn’t add a new keyword nor made
> any change to auth-source.el.
>
> Quoting from the commentary section:
>
>    When a TRAMP prompt is encountered, ‘tramp-auto-auth-mode’ queries
>    the alist ‘tramp-auto-auth-alist’ for the auth-source spec value
>    whose regexp key matches the correspondent TRAMP path.  This spec
>    is then used to query the auth-source library for a presumably
>    phony entry exclusively dedicated to the whole class of TRAMP
>    paths matching that regexp.

Thinking about this, I believe we could use such a mechanism at broader
level. You manage just one Tramp resource (passwords). WIBNI you could
cluster remote hosts also for other resources? For example, in order to
say "users for a given host share the same password if they access via
'ssh' or 'sftp' or 'scp'". Or if you say "the connection property [1]
\"remote-shell\" of a given list of hosts shall be \"/bin/bash\"". Or if
you say "the connection-local variable [2] `tramp-remote-path' for a
given list of hosts shall contain \"/appli/pub/bin\"".

[1] (info "(tramp) Predefined connection information")
[2] (info "(tramp) Remote programs")

Then you could declare just clusters. I would start with a cluster name
(a string), and a list of regular expressions which identify the remote
hosts. Using your example, one would declare

(add-to-list 'tramp-clusters '("Funny-Machines" "root@10\\.0\\." "..."))

For every resource, be it a password, a connection property, or a
connection-local variable, Tramp would always check whether there is a
setting of that resource for the host in question, and if not, whether
there is a setting in a cluster the host belongs to.

This broader approach wouldn't be implemented by an own package via
advising Tramp functions, but in Tramp itself. For the beginning, one
could start with managing passwords this way.

> Is this feature in this form suitable for inclusion in the TRAMP
> standard distribution?

Does this proposal makes sense to you? Would you like to work on this?

Just some comments on your code

> ;; Copyright (C) 2019 Bruno Félix Rezende Ribeiro <oitofelix@gnu.org>

This would be FSF copyrighted, if included in Emacs/Tramp.

> ;; Author: Bruno Félix Rezende Ribeiro <oitofelix@gnu.org>
> ;; Maintainer: Bruno Félix Rezende Ribeiro <oitofelix@gnu.org>

If there is an author, you don't need a maintainer.

> ;; Package-Version: 20190827.1316
> ;; Package-Requires: (tramp)

These entries are needed only in case it would be an ELPA package.

> ;; After this, just put the respective sacred secret in an
> ;; authentication source supported by auth-source library.  For
> ;; instance:
> ;;
> ;; ---- ~/.authinfo.gpg ---------------------------------------------
> ;; machine Funny-Machines login root password "$r00tP#sWD!" port ssh
> ;; ------------------------------------------------------------------

IIRC, neither "login" nor "port" keys are mandatory in auth-source. So
you could live just with "machine" and "password".

> ;; In case you are feeling lazy or the secret is not so secret (nor so
> ;; sacred) -- or for any reason you need to do it all from Lisp --
> ;; it’s enough to:
> ;;
> ;; (auth-source-remember '(:host "Funny-Machines" :user "root" :port "ssh")
> ;; 		         '((:secret "$r00tP#sWD!")))

I wouldn't write this into a Tramp doc. Refer to the "auth" Info pages.

> (defcustom tramp-auto-auth-alist

A defcustom should have a :version key. In case it will be added to
Tramp, :version "27.1" (the first Emacs version this user option has
appeared) would be OK.

>   :require 'tramp-auto-auth)

Why is this needed?

> ;;;###autoload

Please use ";;;###tramp-autoload". The user option makes only sense
after Tramp has been loaded.

> 	(advice-add #'tramp-action-password :around

Code, which is part of core Emacs, shall not advice other
functions. Advicing is intended for user-written Lisp.

Please ensure also, that you do not exceed the 80 chars/line limit, for
better readability.

Best regards, Michael.