From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/73614 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.gnus.general,gmane.emacs.tramp Subject: Re: auth-source tokens Date: Tue, 26 Oct 2010 11:56:07 -0500 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: <87wrp4yjtk.fsf@lifelogs.com> References: <87d3qylr29.fsf@marauder.physik.uni-ulm.de> <87fwvu5ele.fsf_-_@lifelogs.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1288112207 15186 80.91.229.12 (26 Oct 2010 16:56:47 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Tue, 26 Oct 2010 16:56:47 +0000 (UTC) Cc: tramp-devel@mail.freesoftware.fsf.org To: ding@gnus.org Original-X-From: ding-owner+M21983@lists.math.uh.edu Tue Oct 26 18:56:45 2010 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from util0.math.uh.edu ([129.7.128.18]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1PAmpI-0004Vn-D8 for ding-account@gmane.org; Tue, 26 Oct 2010 18:56:44 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by util0.math.uh.edu with smtp (Exim 4.63) (envelope-from ) id 1PAmp1-0006GI-Ig; Tue, 26 Oct 2010 11:56:27 -0500 Original-Received: from mx1.math.uh.edu ([129.7.128.32]) by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1PAmoz-0006G4-Rz for ding@lists.math.uh.edu; Tue, 26 Oct 2010 11:56:25 -0500 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx1.math.uh.edu with esmtp (Exim 4.72) (envelope-from ) id 1PAmoy-00080f-Cy for ding@lists.math.uh.edu; Tue, 26 Oct 2010 11:56:25 -0500 Original-Received: from lo.gmane.org ([80.91.229.12]) by quimby.gnus.org with esmtp (Exim 3.36 #1 (Debian)) id 1PAmox-0002Iy-00 for ; Tue, 26 Oct 2010 18:56:23 +0200 Original-Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1PAmot-0004M5-Kg for ding@gnus.org; Tue, 26 Oct 2010 18:56:19 +0200 Original-Received: from 38.98.147.130 ([38.98.147.130]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 26 Oct 2010 18:56:19 +0200 Original-Received: from tzz by 38.98.147.130 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 26 Oct 2010 18:56:19 +0200 X-Injected-Via-Gmane: http://gmane.org/ Original-Lines: 71 Original-X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: 38.98.147.130 X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/24.0.50 (gnu/linux) Cancel-Lock: sha1:A8N6aV/xn4AitpgpC+UE6x46C1I= X-Spam-Score: -0.7 (/) List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:73614 gmane.emacs.tramp:7519 Archived-At: Here's my auth-source API proposal. `auth-source-user-or-password' will still be provided but this will be the main entry point. In some ways it's a Lisp-y interpretation of the Secrets API. We may end up with a C implementation of some parts for security, so I'm trying to move away from plain values and to use tokens instead. As you'll see at the end of the docstring, if the token's :value key holds a function, the user has to call it (I may provide a helper function for this). That makes it much easier to provide secure storage for the tokens. Backends are searched with the same SPEC as the tokens themselves. That lets the user and applications define arbitrary search criteria for backends, including the "username" mentioned earlier in this thread. It also simplifies the API and the auth-source internals. :max is an important change. It ensures we stop searching backends as soon as we have enough tokens and defaults to 1. :create is another important one. It unifies create-if-missing and delete-existing in a clean way (I think). Because this will affect many parts of Emacs, I want feedback before I implement it. I've spent a lot of time thinking about this API so I hope you'll agree it's an improvement over `auth-source-user-or-password'. I have some code written but didn't append it because I'm perfectly willing to throw it away if the API has flaws, and I think it's harder to ask for that if you see working code :) Thanks Ted (defun auth-source-search (&rest spec) "Parse `auth-sources' for matches of the SPEC plist. Common keys are :type, :max, :host, :protocol, and :user. A string value is matched as a regex for the file (netrc) backend and literally by the Secrets API. A symbol is matched as its string value. All the SPEC values can be single values or lists. :create t means to create a token if possible. When it is 'rewrite-existing, any matching existing token will be copied into the new token and deleted. This defaults to nil and will generate an error if used with :max greater than 1.. :max N means to return at most N items (defaults to 1) :types (A B C) means to match only tokens of types A, B, or C. Common types include `password and `login. Defaults to t. :host (X Y Z) means to match only hosts X, Y, or Z as a regular expression. Defaults to t. :protocol (P Q R) means to match only protocols P, Q, or R. Defaults to t. :K (V1 V2 V3) for any other key K will match values V1, V2, or V3. If any of the values are strings, they are matched as regular expressions in the file (netrc) backend and literally in the Secrets API. If any are symbols, they are matched literally as the symbol name. Return value is a list with at most :max tokens. Each token is a plist with keys :backend, :value, :type, :max, :host, :protocol, and :user, plus any other keys provided by the backend. The token's :value key can hold a function. In that case you must call it to obtain the actual value." )