From: MON KEY <monkey@sandpframing.com>
To: emacs-devel@gnu.org
Subject: Re: authinfo gnutls netrc.el auth-sources & smtpmail-starttls-credentials
Date: Wed, 10 Jun 2009 16:43:14 -0400 [thread overview]
Message-ID: <87zlcf2525.fsf@sandpframing.com> (raw)
In-Reply-To: <87prdblrdd.fsf@lifelogs.com> (Ted Zlatanov's message of "Wed, 10 Jun 2009 16:18:38 -0500")
Ted Zlatanov <tzz@lifelogs.com> writes:
> Yes, it lets people get stuff done. It's not a security risk and does
> not behave in an unexpected way. It can be augmented but the
>
> Ted
Some observations:
In "../emacs/lisp/gnus/auth-source.el" `auth-source-user-or-password'
When a match is made for MODE (e.g. user's login and password) it is
cached to the hashtable
`auth-source-cache' by default - the user must override this value if
this is not what is wanted.
This cache holds: login password | host port protocol as key/vals
with login and password obfuscated to (login password) respectively.
Additionally when a match is made `auth-source-user-or-password' spits out a
'gnus-message 9' indicating the a match has been made (with password
obfuscated).
docstring for `gnus-message' provides some guidelines for message levels:
"Guideline for numbers: {...} 9 - messages inside loops."
The `gnus-message' is printed when it exceeds the `gnus-verbose'
threshold (defaults to 7)
Which is to say, assuming the user has `gnus-util' library loaded and
his `gnus-verbose' level
set at or above level 9(nine) - he may see _gnus-message_ indicating
that the password/login has been cached
along with a timestamp _if_ `gnus-add-timestamp-to-message' it t.
Great! No Wait... any code that evaluates
`auth-source-user-or-password' directly has the value returned to
*Messages*
regardless of the `gnus-verbosity' levels. He _may not_ see those but
they may well be there anywasy
`../emacs/lisp/gnus/gnus-util.el' has one of these: (require 'netrc)
`../emacs/lisp/url/url-auth.el' has one of these:
(autoload 'auth-source-user-or-password "auth-source")
---
From `../emacs/lisp/url/ChangeLog':
2008-06-07 Glenn Morris <rgm@gnu.org>
* url-auth.el (auth-source-user-or-password): Remove unnecessary
eval-and-compile.
-
2008-05-12 Teodor Zlatanov <tzz@lifelogs.com>
* url-auth.el: Add autoload cookie for `auth-source-user-or-password'.
(url-basic-auth, url-digest-auth): Use it with any realm,
overriding the user name and password before the prompt.
---
Also, re: my previous post:
> auth-sources wants netrc.el per `auth-source-user-or-password'
It is worth noting that the call out to netrc.el happens at compile time:
(eval-when-compile (require 'netrc))
Alongside these really interesting autoloads:
(autoload 'encrypt-find-model "encrypt")
(autoload 'encrypt-insert-file-contents "encrypt")
What _are_ these?
---
An experiment:
(require 'auth-source)
(require 'epa-file)
(epa-file-enable)
(setq epa-file-cache-passphrase-for-symmetric-encryption t) ;;VERY Important
(if (= gnus-verbose 7)
"Fine fine."
(setq gnus-verbose 7))
auth-sources
;=>((:source "~/.authinfo.gpg" :host t :protocol t))
auth-source-cache
;=>#<hash-table 'equal nil 6/65 0x2dbb600>
;;;imagine a more varied alist formated with all 6(six) of my nice key->vals mapped out e.g.:
(stan-hash-get-symbol-keys auth-source-cache)
;=>("(login password) api.del.icio.us:443:https"
"(login password) api.del.icio.us:443:https"
"(login password) api.del.icio.us:443:https"
"(login password) api.del.icio.us:443:https"
"(login password) api.del.icio.us:443:https"
"(login password) api.del.icio.us:443:https")
(auth-source-forget-all-cached)
;=>#<hash-table 'equal nil 0/65 0x2f38d00>
(stan-hash-get-symbol-keys auth-source-cache)
;=>nil
(with-temp-file (expand-file-name "~/.my-authinfo.gpg")
(insert "machine api.del.icio.us:443 port https login my-del-icio-name password my-del-icio-pass"))
(setq auth-sources '((:source "~/.my-authinfo.gpg" :host t :protocol t)))
;=>((:source "~/.my-authinfo.gpg" :host t :protocol t))
auth-sources
;=>((:source "~/.my-authinfo.gpg" :host t :protocol t))
;;; With apologies to Thierry Volipatto's `anything-delicious.el'
;;; (URL `http://www.emacswiki.org/emacs/anything-delicious.el')
(defvar *show-my-anything-delicious-user* nil
"Your Delicious login")
(defvar *show-my-anything-delicious-password* nil
"Your Delicious password")
(defun delicious-authentify (path)
"Authentify user from .my-authinfo.gpg file."
(let ((anything-delicious-auth
(auth-source-user-or-password
'("login" "password")
"api.del.icio.us:443"
"https")))
(setq *show-my-anything-delicious-user*
(car anything-delicious-auth))
(setq *show-my-anything-delicious-password*
(cadr anything-delicious-auth))))
(delicious-authentify "~/.my-authinfo.gpg")
;=> ;message to mini-buffer
;; Cool it got set.
;_AND_:
(= gnus-verbose 7)
(let ((this-buffer (current-buffer)))
(with-temp-buffer
(delicious-authentify "~/.my-authinfo.gpg"))
(save-excursion
(progn
(switch-to-buffer (get-buffer "*Messages*"))
(search-forward-regexp "*show-my-anything-delicious-password*"))
(sit-for 3))
(switch-to-buffer this-buffer))
;Good search-failed
(stan-hash-get-symbol-keys auth-source-cache)
;=>("(login password) api.del.icio.us:443:https")
auth-source-cache
;=>#<hash-table 'equal nil 1/65 0x2dbb600>
;; Now
(= gnus-verbose 7)
;=> t
(let ((this-buffer (current-buffer)))
(with-temp-buffer
(print (delicious-authentify "~/.my-authinfo.gpg")))
(save-excursion
(progn
(switch-to-buffer (get-buffer "*Messages*"))
(goto-char (point-max))
(search-backward-regexp "*show-my-anything-delicious-password*" nil t))
(sit-for 3))
(switch-to-buffer this-buffer))
;GREAaaaat... I feel so dirty...
;*show-my-anything-delicious-password*
;*show-my-anything-delicious-user*
;delicious-authentify
;"my-del-icio-pass"
(defun show-gnus-sf (&optional thresh)
"Evaluate two strings for their side-effects using `gnus-message'.
Find each string in the '*Messages*' buffer and come back to home.
When non-nil THRESH sets `gnus-verbose' to >= 9
Else sets gnus-verbose to default custom level 7 evaluates body.
Resets gnus-verbose to users default after snarfage."
(let ((this-buffer)
(vb))
(setq vb gnus-verbose)
(setq this-buffer (get-buffer (current-buffer)))
(unwind-protect
(let ((sf1 "my 1st sleeper Gnus-message")
(sf2 "my 2nd sleeper Gnus-message")
(vb ?\t))
(with-temp-buffer
(cond (thresh
(setq gnus-verbose vb)
(gnus-message ?\b sf1)
(gnus-message ?\b sf2))
(t (gnus-message ?\a sf1)
(gnus-message ?\a sf2))))
(pop-to-buffer (get-buffer "*Messages*") t)
(progn
(goto-char (point-max))
(when (search-backward-regexp sf1 nil t)
(message (format "Got %s at line %s in %s with GNUS-VERBOSE level @ %s"
sf1 (line-number-at-pos) (get-buffer (current-buffer)) vb)))
(goto-char (point-max))
(if (search-backward-regexp sf2 nil t)
(message (format "Got %s at line %s in %s with GNUS-VERBOSE level @ %s"
sf2 (line-number-at-pos) (get-buffer (current-buffer)) vb))
(format "Nothing to see here folks, move along."))
(sit-for 1)))
(setq gnus-verbose vb))
(pop-to-buffer this-buffer)
(format "Finished snarfing gnus-messages. GNUS-VERBOSE back @ level %d. Thank You." vb)))
(show-gnus-sf)
(show-gnus-sf t)
;=>Why are those sleeper gnus-messages are hanging around in *Messages*?
(= gnus-verbose 7)
;=>t
(progn
(unintern 'delicious-authentify)
(unintern '*show-my-anything-delicious-user*)
(unintern '*show-my-anything-delicious-password*)
(auth-source-forget-all-cached)
(setq auth-sources nil))
-
s_P
next prev parent reply other threads:[~2009-06-10 20:43 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-06-10 3:49 authinfo gnutls netrc.el auth-sources & smtpmail-starttls-credentials MON KEY
2009-06-10 21:18 ` Ted Zlatanov
2009-06-10 20:43 ` MON KEY [this message]
2009-06-11 14:39 ` Ted Zlatanov
-- strict thread matches above, loose matches on Subject: below --
2009-06-11 23:44 MON KEY
2009-06-12 18:25 ` Ted Zlatanov
2009-06-12 21:05 ` MON KEY
2009-06-13 12:55 ` Ted Zlatanov
2009-06-15 0:52 ` MON KEY
2009-06-15 14:40 ` Ted Zlatanov
2009-06-12 6:28 MON KEY
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87zlcf2525.fsf@sandpframing.com \
--to=monkey@sandpframing.com \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.