From: Ted Zlatanov <tzz@lifelogs.com>
To: emacs-devel@gnu.org
Subject: Re: authinfo gnutls netrc.el auth-sources & smtpmail-starttls-credentials
Date: Fri, 12 Jun 2009 13:25:17 -0500 [thread overview]
Message-ID: <87r5xpia2a.fsf@lifelogs.com> (raw)
In-Reply-To: d2afcfda0906111644o45d9607bq2c5a3b3c012f30de@mail.gmail.com
[-- Attachment #1: Type: text/plain, Size: 3902 bytes --]
On Thu, 11 Jun 2009 19:44:37 -0400 MON KEY <monkey@sandpframing.com> wrote:
MK> Not everyone has an hour to point out what _you've_ missed.
MK> I made time.
I appreciate your suggestions very much. I am just asking you to
present them in a way that I can understand more readily. From looking
at the stream of Emacs bug reports for a while, most people can submit
verbal explanations just fine, using code to support but not replace
them. For reference, here's what M-x report-emacs-bug suggests:
"Please write in English if possible, because the Emacs maintainers
usually do not have translators to read other languages for them.
Your bug report will be posted to the emacs-pretest-bug@gnu.org mailing list.
Please describe exactly what actions triggered the bug
and the precise symptoms of the bug:"
The key word is "describe." You did not describe, you posted a few
pages of code.
MK> I am sorry if the previous message was too much for you or your
MK> schedule. Maybe someone else will catch it.
Sure, let's hope whoever does will write a patch or explain it better.
Meanwhile, assuming there's no "someone else" standing by, let's try to
figure out the problem.
MK> I did my best to couch the error in a not too obvious way so as not
MK> to needlessly over expose it.
All right. Please use e-mail next time, so you can be clear in what
you're reporting. It would have saved time, and is the standard way to
report security issues.
MK> I believe the `auth-sources.el' portion of the current 'auth system'
MK> should undergo a bit more public scrutiny.
I've posted many notes to emacs-devel inviting scrutiny and
suggestions for auth-source.el. In any case, please do review and
comment on it. Just do it in
MK> I have made specific suggestions. Moreover, I even went so far as to
MK> put the cleanup in there to make it easier for people to evaluate the
MK> code and recover to a normal state.
MK> Don't waste any valuable time trying to 'parse' that code - just evaluate it.
MK> The code shouldn't cause any problems, it uses `auth-sources.el' so
MK> there isn't any undo risk - even for those in "Getting Things Done"
MK> mode.
Your cleanup sets auth-sources to nil. That would screw up my setup, at
least. It's definitely not OK to just evaluate it; there were many
other issues I don't have time to list and which are not really
relevant. I would have at least wrapped everything in a let scope,
FWIW.
MK> I _am_ pointing out that the `gnus-message' logging facilty used in
MK> conjunction with `auth-source-user-or-password' gives the user the
MK> impression that by setting `gnus-verbose' to a lower threshold the
MK> logging won't occur.When use of auth-source.el is separated from Gnus
MK> that facility is irrelevant to non Gnus users; whether they set
MK> `gnus-verbose' to 1 or 10 is a moot point.
Thank you for explaining. I've attached a patch to use only the
`message' function for logging messages, and logging is off by default.
The patch is against Emacs CVS. Let me know what you think.
MK> Is it reasonable for an hypothetical 'average Emacs user' to expect to
MK> reliably debug/troubleshoot and configure an auth-source initiated
MK> transaction config using the current 'auth regime' and expect a safe,
MK> transparent, self cleaning, logging facility to aid in the process?
Sure. Now, what are you suggesting should be changed or improved?
MK> While some (not all) of these expectations can be currently be met it
MK> does not come without presenting a situation whereby some users may
MK> find that they are blindly pinging a machine/host/server (which is
MK> it?) with:
MK> - dog knows WHO on the other end;
MK> - receiving dog knows WHAT;
MK> - as it gets getting routed through dog knows WHERE;
MK> (per netrc.el snarfage)
Can you give a specific example illustrating these problems, so I can
fix their root causes?
Thanks
Ted
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: auth-source.diff --]
[-- Type: text/x-diff, Size: 2838 bytes --]
diff --git a/lisp/gnus/auth-source.el b/lisp/gnus/auth-source.el
index 1bec08f..64166aa 100644
--- a/lisp/gnus/auth-source.el
+++ b/lisp/gnus/auth-source.el
@@ -100,6 +100,12 @@
:version "23.1" ;; No Gnus
:type `boolean)
+(defcustom auth-source-debug nil
+ "Whether auth-source should log debug messages."
+ :group 'auth-source
+ :version "23.1" ;; No Gnus
+ :type `boolean)
+
(defcustom auth-sources '((:source "~/.authinfo.gpg" :host t :protocol t))
"List of authentication sources.
@@ -137,6 +143,10 @@ Each entry is the authentication type with optional properties."
;; (auth-source-user-or-password-imap "password" "imap.myhost.com")
;; (auth-source-protocol-defaults 'imap)
+(defun auth-source-debug (&rest msg)
+ (when auth-source-debug
+ (apply 'message msg)))
+
(defun auth-source-pick (host protocol &optional fallback)
"Parse `auth-sources' for HOST, and PROTOCOL matches.
@@ -171,21 +181,21 @@ Returns fallback choices (where PROTOCOL or HOST are nil) with FALLBACK t."
(defun auth-source-user-or-password (mode host protocol)
"Find MODE (string or list of strings) matching HOST and PROTOCOL.
MODE can be \"login\" or \"password\" for example."
- (gnus-message 9
- "auth-source-user-or-password: get %s for %s (%s)"
- mode host protocol)
+ (auth-source-debug
+ "auth-source-user-or-password: get %s for %s (%s)"
+ mode host protocol)
(let* ((listy (listp mode))
(mode (if listy mode (list mode)))
(cname (format "%s %s:%s" mode host protocol))
(found (gethash cname auth-source-cache)))
(if found
(progn
- (gnus-message 9
- "auth-source-user-or-password: cached %s=%s for %s (%s)"
- mode
- ;; don't show the password
- (if (member "password" mode) "SECRET" found)
- host protocol)
+ (auth-source-debug
+ "auth-source-user-or-password: cached %s=%s for %s (%s)"
+ mode
+ ;; don't show the password
+ (if (and (member "password" mode) auth-source-hide-passwords) "SECRET" found)
+ host protocol)
found)
(dolist (choice (auth-source-pick host protocol))
(setq found (netrc-machine-user-or-password
@@ -195,12 +205,12 @@ MODE can be \"login\" or \"password\" for example."
(list (format "%s" protocol))
(auth-source-protocol-defaults protocol)))
(when found
- (gnus-message 9
- "auth-source-user-or-password: found %s=%s for %s (%s)"
- mode
- ;; don't show the password
- (if (member "password" mode) "SECRET" found)
- host protocol)
+ (auth-source-debug
+ "auth-source-user-or-password: found %s=%s for %s (%s)"
+ mode
+ ;; don't show the password
+ (if (and (member "password" mode) auth-source-hide-passwords) "SECRET" found)
+ host protocol)
(setq found (if listy found (car-safe found)))
(when auth-source-do-cache
(puthash cname found auth-source-cache)))
next prev parent reply other threads:[~2009-06-12 18:25 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-06-11 23:44 authinfo gnutls netrc.el auth-sources & smtpmail-starttls-credentials MON KEY
2009-06-12 18:25 ` Ted Zlatanov [this message]
2009-06-12 21:05 ` MON KEY
2009-06-13 12:55 ` Ted Zlatanov
2009-06-15 0:52 ` MON KEY
2009-06-15 14:40 ` Ted Zlatanov
-- strict thread matches above, loose matches on Subject: below --
2009-06-12 6:28 MON KEY
2009-06-10 3:49 MON KEY
2009-06-10 21:18 ` Ted Zlatanov
2009-06-10 20:43 ` MON KEY
2009-06-11 14:39 ` Ted Zlatanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87r5xpia2a.fsf@lifelogs.com \
--to=tzz@lifelogs.com \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.