From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/69466 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.gnus.general,gmane.emacs.tramp Subject: Re: Passwords, stored in Gnome Keyring and KWallet Date: Tue, 23 Mar 2010 13:06:04 -0500 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: <87vdcmx69f.fsf@lifelogs.com> References: <87iq9sezh6.fsf@gmx.de> <87vddp0zra.fsf@lifelogs.com> <871vgc2hsl.fsf@gmx.de> <877hq3zpmi.fsf@lifelogs.com> <873a09fngy.fsf@lifelogs.com> <87tysnq43l.fsf@gmx.de> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Trace: dough.gmane.org 1269367617 8125 80.91.229.12 (23 Mar 2010 18:06:57 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Tue, 23 Mar 2010 18:06:57 +0000 (UTC) Cc: ding@gnus.org, tramp-devel@mail.freesoftware.fsf.org To: Michael Albinus Original-X-From: ding-owner+M17861@lists.math.uh.edu Tue Mar 23 19:06:51 2010 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from util0.math.uh.edu ([129.7.128.18]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Nu8V4-0000qJ-Pn for ding-account@gmane.org; Tue, 23 Mar 2010 19:06:47 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by util0.math.uh.edu with smtp (Exim 4.63) (envelope-from ) id 1Nu8UV-0000CY-Qh; Tue, 23 Mar 2010 13:06:11 -0500 Original-Received: from mx1.math.uh.edu ([129.7.128.32]) by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1Nu8UU-0000CJ-Aj for ding@lists.math.uh.edu; Tue, 23 Mar 2010 13:06:10 -0500 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx1.math.uh.edu with esmtp (Exim 4.69) (envelope-from ) id 1Nu8UR-0007D8-55 for ding@lists.math.uh.edu; Tue, 23 Mar 2010 13:06:09 -0500 Original-Received: from blockstar.com ([208.100.47.114] helo=mail.blockstar.com) by quimby with esmtp (Exim 3.36 #1 (Debian)) id 1Nu9QV-0005UQ-00 for ; Tue, 23 Mar 2010 20:06:07 +0100 Original-Received: from heechee (c-98-227-29-141.hsd1.il.comcast.net [98.227.29.141]) by mail.blockstar.com (Postfix) with ESMTP id 23A2EA68653; Tue, 23 Mar 2010 13:06:10 -0500 (CDT) In-Reply-To: <87tysnq43l.fsf@gmx.de> (Michael Albinus's message of "Wed, 10 Mar 2010 22:06:06 +0100") User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/24.0.50 (gnu/linux) X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" X-Spam-Score: -2.3 (--) List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:69466 gmane.emacs.tramp:7208 Archived-At: --=-=-= The major problem so far is that secrets-search-items on a nil (matching any) collection doesn't tell me what collection matched. So then I can't say (secrets-get-attributes nil (car (secrets-search-items nil :user "joe"))) to find the attributes of that item (although (secrets-get-secret nil "my item") does work, so this only fails when I need attributes). When I do know the session, things work. Attached is a patch to show how auth-source-pick and auth-source-user-or-password would change, on top of the recent check-ins to Gnus. Basically auth-source-pick bakes a list of results that includes the found collection in :search and the found item in :item. Then auth-source-user-or-password looks up the :user attribute for the "login" attribute and the secret for the "password" attribute. The default session is looked up as the "default" alias and if that fails, as the "default" session (with a message). Otherwise most of the code converts between the nil "match all" session parameter in secrets.el and the t "match all" in auth-source.el and massages the results. I also redid the auth-sources customization a little bit. If you can follow this, great. Otherwise if you think it's too complicated, it's time to redo auth-source.el to be more flexible about taking extra parameters. As the author it's hard for me to say if that time is now :) Ted --=-=-= Content-Type: text/x-diff Content-Disposition: attachment; filename=auth-secrets.patch Index: auth-source.el =================================================================== RCS file: /usr/local/cvsroot/gnus/lisp/auth-source.el,v retrieving revision 7.20 diff -u -r7.20 auth-source.el --- auth-source.el 23 Mar 2010 02:54:14 -0000 7.20 +++ auth-source.el 23 Mar 2010 18:52:52 -0000 @@ -124,7 +124,6 @@ (const :tag "Default" 'default) (const :tag "Any" t) (const :tag "Temporary" "session") - (string :tag "Specific session name") (const :tag "Fallback" nil)))) (const :format "" :value :host) (choice :tag "Host (machine) choice" @@ -139,7 +138,7 @@ (repeat :tag "Extra Parameters" :inline t (choice :tag "Extra parameter" (list :tag "Preferred username" :inline t - (const :format "" :value :preferred-username) + (const :format "" :value :user) (choice :tag "Personality or username" (const :tag "Any" t) (const :tag "Fallback" nil) @@ -154,7 +153,7 @@ ;; (customize-variable 'auth-source-protocols) ;; (setq auth-source-protocols nil) ;; (format "%S" auth-source-protocols) -;; (auth-source-pick "a" 'imap) +;; (auth-source-pick "a" 'imap '()) ;; (auth-source-user-or-password "login" "imap.myhost.com" 'imap) ;; (auth-source-user-or-password "password" "imap.myhost.com" 'imap) ;; (auth-source-user-or-password-imap "login" "imap.myhost.com") @@ -174,25 +173,74 @@ 'message))) (apply logger msg)))) -(defun auth-source-pick (host protocol &optional fallback) - "Parse `auth-sources' for HOST, and PROTOCOL matches. +(defun auth-source-pick (host protocol extras &optional fallback) + "Parse `auth-sources' for HOST and PROTOCOL (+EXTRAS) matches. + +Only :user is checked currently in the plist EXTRAS. Returns fallback choices (where PROTOCOL or HOST are nil) with FALLBACK t." (interactive "sHost: \nsProtocol: \n") ;for testing (let (choices) (dolist (choice auth-sources) - (let ((h (plist-get choice :host)) - (p (plist-get choice :protocol))) - (when (and - (or (equal t h) - (and (stringp h) (string-match h host)) - (and fallback (equal h nil))) - (or (equal t p) - (and (symbolp p) (equal p protocol)) - (and fallback (equal p nil)))) - (push choice choices)))) + (let* ((h (plist-get choice :host)) + (p (plist-get choice :protocol)) + (s (plist-get choice :source)) + (u (or (plist-get choice :user) t)) ; the user spec in this choice, defaults to t + (user (plist-get extras :user)) ; the passed user + ;; this is only set for Secret Service API specs (through secrets.el) + (coll (plist-get s :secrets))) + (cond + (coll ; use secrets.el here + (when (eq coll 'default) + (setq coll (secrets-get-alias "default")) + (unless coll + (auth-source-do-debug + "Default alias: no '%s' alias. Trying collection '%s'." + "default" "default") + (setq coll "default"))) + (let* ((coll-search (cond + ((stringp coll) coll) + ((eq coll t) nil) ; t = any collection + + ;; when the collection is nil: + ;; in fallback mode, accept it as any + ;; otherwise, hope to fail + ((null coll) (if fallback + nil + " *fallback-fail*")))) + ;; this will have the other secrets-search-items parameters + (other-search (append + (when (stringp h) `(:host ,h)) + (when (stringp u) `(:user ,u)) + (when (stringp p) `(:port ,p)))) + (results (apply 'secrets-search-items + coll-search + other-search))) + (auth-source-do-debug + "auth-source-pick: got items %s in collection search %s + %s" + results coll-search other-search) + (dolist (result results) + (push `(:source secrets + :item ,result + :collection ,coll + :search ,coll-search + ,@other-search) + choices)))) + (t ; this is any non-secrets spec + (when (and + (or (equal t h) + (and (stringp h) (string-match h host)) + (and fallback (equal h nil))) + (or (equal t p) + (and (symbolp p) (equal p protocol)) + (and fallback (equal p nil))) + (or (equal t u) ; note that u defaults to t + (and (stringp u) (string-match u user)))) + (push choice choices)))))) (if choices choices + ;; when there were no matches, do a second pass but this time + ;; fallbacks (nil values) are acceptable (unless fallback (auth-source-pick host protocol t))))) @@ -205,44 +253,58 @@ (interactive) (setq auth-source-cache (make-hash-table :test 'equal))) -(defun auth-source-user-or-password (mode host protocol) +(defun auth-source-user-or-password (mode host protocol &optional username) "Find MODE (string or list of strings) matching HOST and PROTOCOL. MODE can be \"login\" or \"password\" for example." (auth-source-do-debug - "auth-source-user-or-password: get %s for %s (%s)" - mode host protocol) + "auth-source-user-or-password: get %s for %s (%s) + user=%s" + mode host protocol username) (let* ((listy (listp mode)) (mode (if listy mode (list mode))) - (cname (format "%s %s:%s" mode host protocol)) + (extras (when username `(:user ,username))) + (cname (format "%s %s:%s %s" mode host protocol extras)) (found (gethash cname auth-source-cache))) (if found (progn (auth-source-do-debug - "auth-source-user-or-password: cached %s=%s for %s (%s)" + "auth-source-user-or-password: cached %s=%s for %s (%s) + %s" mode ;; don't show the password - (if (and (member "password" mode) auth-source-hide-passwords) "SECRET" found) - host protocol) - found) - (dolist (choice (auth-source-pick host protocol)) - (setq found (netrc-machine-user-or-password - mode - (plist-get choice :source) - (list host) - (list (format "%s" protocol)) - (auth-source-protocol-defaults protocol))) + (if (and (member "password" mode) auth-source-hide-passwords) + "SECRET" + found) + host protocol extras) + found) ; return the found data + (dolist (choice (auth-source-pick host protocol extras)) + (setq found (cond + ;; the secrets.el spec + ((eq (plist-get choice :source) 'secrets) + (let ((coll (plist-get choice :search)) + (item (plist-get choice :item))) + (mapcar (lambda (m) + (if (equal "password" m) + (secrets-get-secret coll item) + (secrets-get-attribute coll item :user))) + mode))) + (t ; anything else is netrc + (netrc-machine-user-or-password + mode + (plist-get choice :source) + (list host) + (list (format "%s" protocol)) + (auth-source-protocol-defaults protocol))))) (when found (auth-source-do-debug - "auth-source-user-or-password: found %s=%s for %s (%s)" + "auth-source-user-or-password: found %s=%s for %s (%s) + %s" mode ;; don't show the password (if (and (member "password" mode) auth-source-hide-passwords) "SECRET" found) - host protocol) + host protocol extras) (setq found (if listy found (car-safe found))) (when auth-source-do-cache (puthash cname found auth-source-cache))) (return found))))) - + (defun auth-source-protocol-defaults (protocol) "Return a list of default ports and names for PROTOCOL." (cdr-safe (assoc protocol auth-source-protocols))) --=-=-=--