From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: MON KEY Newsgroups: gmane.emacs.devel Subject: Re: authinfo gnutls netrc.el auth-sources & smtpmail-starttls-credentials Date: Wed, 10 Jun 2009 16:43:14 -0400 Message-ID: <87zlcf2525.fsf@sandpframing.com> References: <87prdblrdd.fsf@lifelogs.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1244691275 24852 80.91.229.12 (11 Jun 2009 03:34:35 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 11 Jun 2009 03:34:35 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Jun 11 05:34:31 2009 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1MEb3d-0001Rt-7e for ged-emacs-devel@m.gmane.org; Thu, 11 Jun 2009 05:34:29 +0200 Original-Received: from localhost ([127.0.0.1]:41749 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MEb3c-00005v-6e for ged-emacs-devel@m.gmane.org; Wed, 10 Jun 2009 23:34:28 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MEb3X-00005q-SV for emacs-devel@gnu.org; Wed, 10 Jun 2009 23:34:23 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MEb3S-0008RH-90 for emacs-devel@gnu.org; Wed, 10 Jun 2009 23:34:22 -0400 Original-Received: from [199.232.76.173] (port=44847 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MEb3S-0008RE-1w for emacs-devel@gnu.org; Wed, 10 Jun 2009 23:34:18 -0400 Original-Received: from mail-pz0-f203.google.com ([209.85.222.203]:35193) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MEb3R-0006sC-Ik for emacs-devel@gnu.org; Wed, 10 Jun 2009 23:34:17 -0400 Original-Received: by pzk41 with SMTP id 41so155386pzk.14 for ; Wed, 10 Jun 2009 20:34:16 -0700 (PDT) Original-Received: by 10.114.113.6 with SMTP id l6mr3289456wac.157.1244691255893; Wed, 10 Jun 2009 20:34:15 -0700 (PDT) Original-Received: from slaptop.derbycityprints.com ([32.179.159.12]) by mx.google.com with ESMTPS id j28sm199449waf.58.2009.06.10.20.34.12 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 10 Jun 2009 20:34:14 -0700 (PDT) In-Reply-To: <87prdblrdd.fsf@lifelogs.com> (Ted Zlatanov's message of "Wed, 10 Jun 2009 16:18:38 -0500") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.94 (gnu/linux) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:111427 Archived-At: Ted Zlatanov writes: > Yes, it lets people get stuff done. It's not a security risk and does > not behave in an unexpected way. It can be augmented but the > > Ted Some observations: In "../emacs/lisp/gnus/auth-source.el" `auth-source-user-or-password' When a match is made for MODE (e.g. user's login and password) it is cached to the hashtable `auth-source-cache' by default - the user must override this value if this is not what is wanted. This cache holds: login password | host port protocol as key/vals with login and password obfuscated to (login password) respectively. Additionally when a match is made `auth-source-user-or-password' spits out a 'gnus-message 9' indicating the a match has been made (with password obfuscated). docstring for `gnus-message' provides some guidelines for message levels: "Guideline for numbers: {...} 9 - messages inside loops." The `gnus-message' is printed when it exceeds the `gnus-verbose' threshold (defaults to 7) Which is to say, assuming the user has `gnus-util' library loaded and his `gnus-verbose' level set at or above level 9(nine) - he may see _gnus-message_ indicating that the password/login has been cached along with a timestamp _if_ `gnus-add-timestamp-to-message' it t. Great! No Wait... any code that evaluates `auth-source-user-or-password' directly has the value returned to *Messages* regardless of the `gnus-verbosity' levels. He _may not_ see those but they may well be there anywasy `../emacs/lisp/gnus/gnus-util.el' has one of these: (require 'netrc) `../emacs/lisp/url/url-auth.el' has one of these: (autoload 'auth-source-user-or-password "auth-source") --- >From `../emacs/lisp/url/ChangeLog': 2008-06-07 Glenn Morris * url-auth.el (auth-source-user-or-password): Remove unnecessary eval-and-compile. - 2008-05-12 Teodor Zlatanov * url-auth.el: Add autoload cookie for `auth-source-user-or-password'. (url-basic-auth, url-digest-auth): Use it with any realm, overriding the user name and password before the prompt. --- Also, re: my previous post: > auth-sources wants netrc.el per `auth-source-user-or-password' It is worth noting that the call out to netrc.el happens at compile time: (eval-when-compile (require 'netrc)) Alongside these really interesting autoloads: (autoload 'encrypt-find-model "encrypt") (autoload 'encrypt-insert-file-contents "encrypt") What _are_ these? --- An experiment: (require 'auth-source) (require 'epa-file) (epa-file-enable) (setq epa-file-cache-passphrase-for-symmetric-encryption t) ;;VERY Important (if (= gnus-verbose 7) "Fine fine." (setq gnus-verbose 7)) auth-sources ;=>((:source "~/.authinfo.gpg" :host t :protocol t)) auth-source-cache ;=># ;;;imagine a more varied alist formated with all 6(six) of my nice key->vals mapped out e.g.: (stan-hash-get-symbol-keys auth-source-cache) ;=>("(login password) api.del.icio.us:443:https" "(login password) api.del.icio.us:443:https" "(login password) api.del.icio.us:443:https" "(login password) api.del.icio.us:443:https" "(login password) api.del.icio.us:443:https" "(login password) api.del.icio.us:443:https") (auth-source-forget-all-cached) ;=># (stan-hash-get-symbol-keys auth-source-cache) ;=>nil (with-temp-file (expand-file-name "~/.my-authinfo.gpg") (insert "machine api.del.icio.us:443 port https login my-del-icio-name password my-del-icio-pass")) (setq auth-sources '((:source "~/.my-authinfo.gpg" :host t :protocol t))) ;=>((:source "~/.my-authinfo.gpg" :host t :protocol t)) auth-sources ;=>((:source "~/.my-authinfo.gpg" :host t :protocol t)) ;;; With apologies to Thierry Volipatto's `anything-delicious.el' ;;; (URL `http://www.emacswiki.org/emacs/anything-delicious.el') (defvar *show-my-anything-delicious-user* nil "Your Delicious login") (defvar *show-my-anything-delicious-password* nil "Your Delicious password") (defun delicious-authentify (path) "Authentify user from .my-authinfo.gpg file." (let ((anything-delicious-auth (auth-source-user-or-password '("login" "password") "api.del.icio.us:443" "https"))) (setq *show-my-anything-delicious-user* (car anything-delicious-auth)) (setq *show-my-anything-delicious-password* (cadr anything-delicious-auth)))) (delicious-authentify "~/.my-authinfo.gpg") ;=> ;message to mini-buffer ;; Cool it got set. ;_AND_: (= gnus-verbose 7) (let ((this-buffer (current-buffer))) (with-temp-buffer (delicious-authentify "~/.my-authinfo.gpg")) (save-excursion (progn (switch-to-buffer (get-buffer "*Messages*")) (search-forward-regexp "*show-my-anything-delicious-password*")) (sit-for 3)) (switch-to-buffer this-buffer)) ;Good search-failed (stan-hash-get-symbol-keys auth-source-cache) ;=>("(login password) api.del.icio.us:443:https") auth-source-cache ;=># ;; Now (= gnus-verbose 7) ;=> t (let ((this-buffer (current-buffer))) (with-temp-buffer (print (delicious-authentify "~/.my-authinfo.gpg"))) (save-excursion (progn (switch-to-buffer (get-buffer "*Messages*")) (goto-char (point-max)) (search-backward-regexp "*show-my-anything-delicious-password*" nil t)) (sit-for 3)) (switch-to-buffer this-buffer)) ;GREAaaaat... I feel so dirty... ;*show-my-anything-delicious-password* ;*show-my-anything-delicious-user* ;delicious-authentify ;"my-del-icio-pass" (defun show-gnus-sf (&optional thresh) "Evaluate two strings for their side-effects using `gnus-message'. Find each string in the '*Messages*' buffer and come back to home. When non-nil THRESH sets `gnus-verbose' to >= 9 Else sets gnus-verbose to default custom level 7 evaluates body. Resets gnus-verbose to users default after snarfage." (let ((this-buffer) (vb)) (setq vb gnus-verbose) (setq this-buffer (get-buffer (current-buffer))) (unwind-protect (let ((sf1 "my 1st sleeper Gnus-message") (sf2 "my 2nd sleeper Gnus-message") (vb ?\t)) (with-temp-buffer (cond (thresh (setq gnus-verbose vb) (gnus-message ?\b sf1) (gnus-message ?\b sf2)) (t (gnus-message ?\a sf1) (gnus-message ?\a sf2)))) (pop-to-buffer (get-buffer "*Messages*") t) (progn (goto-char (point-max)) (when (search-backward-regexp sf1 nil t) (message (format "Got %s at line %s in %s with GNUS-VERBOSE level @ %s" sf1 (line-number-at-pos) (get-buffer (current-buffer)) vb))) (goto-char (point-max)) (if (search-backward-regexp sf2 nil t) (message (format "Got %s at line %s in %s with GNUS-VERBOSE level @ %s" sf2 (line-number-at-pos) (get-buffer (current-buffer)) vb)) (format "Nothing to see here folks, move along.")) (sit-for 1))) (setq gnus-verbose vb)) (pop-to-buffer this-buffer) (format "Finished snarfing gnus-messages. GNUS-VERBOSE back @ level %d. Thank You." vb))) (show-gnus-sf) (show-gnus-sf t) ;=>Why are those sleeper gnus-messages are hanging around in *Messages*? (= gnus-verbose 7) ;=>t (progn (unintern 'delicious-authentify) (unintern '*show-my-anything-delicious-user*) (unintern '*show-my-anything-delicious-password*) (auth-source-forget-all-cached) (setq auth-sources nil)) - s_P