auth-source backend stuff

auth-source backend stuff

[Eric Abrahamsen]

I see that auth-source.el is written to provide backend subclassing, but
I've found the system as a whole a bit confusing to grasp. I've got a
couple of questions I'm hoping someone can provide pointers for.

1. I keep my email passwords in the unix "pass" utility, which I'm very
   pleased with. I've been able to get pretty much all my other programs
   (msmtp, mbsync) to draw passwords from that, with the exception of
   Gnus. Has anyone tackled a "pass"-specific auth backend?
2. Failing that, how hard would it be to make the ~/.authinfo system
   smarter about PGP encryption? I have a ~/.authinfo.gpg file, but no
   ~/.authinfo. If I add a new backend, I'm first prompted to add the
   login details to ~/.authinfo, after which I have to manually copy
   them into the encrypted version of the file, then delete the
   unencrypted version. Could Gnus check for the presence of an
   ~/.authinfo.gpg file, and handle that gracefully?

Thanks,
Eric

Re: auth-source backend stuff

[Andreas Schwab]

Eric Abrahamsen <eric@ericabrahamsen.net> writes:

> 2. Failing that, how hard would it be to make the ~/.authinfo system
>    smarter about PGP encryption? I have a ~/.authinfo.gpg file, but no
>    ~/.authinfo. If I add a new backend, I'm first prompted to add the
>    login details to ~/.authinfo, after which I have to manually copy
>    them into the encrypted version of the file, then delete the
>    unencrypted version. Could Gnus check for the presence of an
>    ~/.authinfo.gpg file, and handle that gracefully?

Change auth-sources to put "~/.authinfo.gpg" first.

Andreas.

-- 
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5
"And now for something completely different."

Re: auth-source backend stuff

[Xavier Maillard]

Eric Abrahamsen <eric@ericabrahamsen.net> writes:

> 2. Failing that, how hard would it be to make the ~/.authinfo system
>    smarter about PGP encryption? I have a ~/.authinfo.gpg file, but no
>    ~/.authinfo. If I add a new backend, I'm first prompted to add the
>    login details to ~/.authinfo, after which I have to manually copy
>    them into the encrypted version of the file, then delete the
>    unencrypted version. Could Gnus check for the presence of an
>    ~/.authinfo.gpg file, and handle that gracefully?

According to `auth-sources', it is supposed to handle that this way.

You may consider changing the order though.

Regards

-- Xavier
"La liberté est un monument INDESTRUCTIBLE."

Re: auth-source backend stuff

[Xavier Maillard]

Eric Abrahamsen <eric@ericabrahamsen.net> writes:

> 2. Failing that, how hard would it be to make the ~/.authinfo system
>    smarter about PGP encryption? I have a ~/.authinfo.gpg file, but no
>    ~/.authinfo. If I add a new backend, I'm first prompted to add the
>    login details to ~/.authinfo, after which I have to manually copy
>    them into the encrypted version of the file, then delete the
>    unencrypted version. Could Gnus check for the presence of an
>    ~/.authinfo.gpg file, and handle that gracefully?

According to `auth-sources', it is supposed to handle that this way.

You may consider changing the order though.

Regards

-- Xavier
"La liberté est un monument INDESTRUCTIBLE." (Anonyme, bataclan)

Re: auth-source backend stuff

[Eric Abrahamsen]

Andreas Schwab <schwab@linux-m68k.org> writes:

> Eric Abrahamsen <eric@ericabrahamsen.net> writes:
>
>> 2. Failing that, how hard would it be to make the ~/.authinfo system
>>    smarter about PGP encryption? I have a ~/.authinfo.gpg file, but no
>>    ~/.authinfo. If I add a new backend, I'm first prompted to add the
>>    login details to ~/.authinfo, after which I have to manually copy
>>    them into the encrypted version of the file, then delete the
>>    unencrypted version. Could Gnus check for the presence of an
>>    ~/.authinfo.gpg file, and handle that gracefully?
>
> Change auth-sources to put "~/.authinfo.gpg" first.

Ah, simple enough! Sorry about that -- I probably could have figured it out...

Re: auth-source backend stuff

[Ted Zlatanov]

On Tue, 17 Nov 2015 13:06:47 +0800 Eric Abrahamsen <eric@ericabrahamsen.net> wrote: 

EA> I see that auth-source.el is written to provide backend subclassing, but
EA> I've found the system as a whole a bit confusing to grasp. I've got a
EA> couple of questions I'm hoping someone can provide pointers for.

I wrote docs for it here:
http://thread.gmane.org/gmane.emacs.devel/143198/focus=144282 but the
demand hasn't been high for custom backends.

I think the :create stuff is what confuses people the most.

Ted

Re: auth-source backend stuff

[Eric Abrahamsen]

Ted Zlatanov <tzz@lifelogs.com> writes:

> On Tue, 17 Nov 2015 13:06:47 +0800 Eric Abrahamsen <eric@ericabrahamsen.net> wrote: 
>
> EA> I see that auth-source.el is written to provide backend subclassing, but
> EA> I've found the system as a whole a bit confusing to grasp. I've got a
> EA> couple of questions I'm hoping someone can provide pointers for.
>
> I wrote docs for it here:
> http://thread.gmane.org/gmane.emacs.devel/143198/focus=144282 but the
> demand hasn't been high for custom backends.
>
> I think the :create stuff is what confuses people the most.

Thanks for this! It was also enough to clue me in to the fact that
auth-source has its own info manual, which I hadn't realized. Between
the various explanations I ought to be able to make this work.

Thanks!
Eric

Re: auth-source backend stuff

[Ted Zlatanov]

On Sat, 21 Nov 2015 11:55:16 +0800 Eric Abrahamsen <eric@ericabrahamsen.net> wrote: 

EA> Ted Zlatanov <tzz@lifelogs.com> writes:
>> On Tue, 17 Nov 2015 13:06:47 +0800 Eric Abrahamsen <eric@ericabrahamsen.net> wrote: 
>> 
EA> I see that auth-source.el is written to provide backend subclassing, but
EA> I've found the system as a whole a bit confusing to grasp. I've got a
EA> couple of questions I'm hoping someone can provide pointers for.
>> 
>> I wrote docs for it here:
>> http://thread.gmane.org/gmane.emacs.devel/143198/focus=144282 but the
>> demand hasn't been high for custom backends.
>> 
>> I think the :create stuff is what confuses people the most.

EA> Thanks for this! It was also enough to clue me in to the fact that
EA> auth-source has its own info manual, which I hadn't realized. Between
EA> the various explanations I ought to be able to make this work.

I would really appreciate it if you added your experience to the
developer section of the auth-source manual, and especially let me know
if you think the code needs changing.  As far as I know Daiki Ueno is
the only one to have added a backend, so with you we'd have enough
experience to improve the code and simplify or expand it as needed.

Ted

Re: auth-source backend stuff

[Eric Abrahamsen]

Ted Zlatanov <tzz@lifelogs.com> writes:

> On Sat, 21 Nov 2015 11:55:16 +0800 Eric Abrahamsen <eric@ericabrahamsen.net> wrote: 
>
> EA> Ted Zlatanov <tzz@lifelogs.com> writes:
>>> On Tue, 17 Nov 2015 13:06:47 +0800 Eric Abrahamsen <eric@ericabrahamsen.net> wrote: 
>>> 
> EA> I see that auth-source.el is written to provide backend subclassing, but
> EA> I've found the system as a whole a bit confusing to grasp. I've got a
> EA> couple of questions I'm hoping someone can provide pointers for.
>>> 
>>> I wrote docs for it here:
>>> http://thread.gmane.org/gmane.emacs.devel/143198/focus=144282 but the
>>> demand hasn't been high for custom backends.
>>> 
>>> I think the :create stuff is what confuses people the most.
>
> EA> Thanks for this! It was also enough to clue me in to the fact that
> EA> auth-source has its own info manual, which I hadn't realized. Between
> EA> the various explanations I ought to be able to make this work.
>
> I would really appreciate it if you added your experience to the
> developer section of the auth-source manual, and especially let me know
> if you think the code needs changing.  As far as I know Daiki Ueno is
> the only one to have added a backend, so with you we'd have enough
> experience to improve the code and simplify or expand it as needed.

I have to admit it's still a bit hazy to me. Do I really have to edit
the auth-source.el source code in order to add a new backend? I can see
the utility of allowing users to refer to backend types using a simple
string, but this makes it hard to add ad-hoc backends from outside the
code base. Could `auth-source-backend-parse' be edited to look like:

(defun auth-source-backend-parse (entry)
  (if (child-of-class-p entry 'auth-source-backend)
    entry
    (auth-source-backend-parse-parameters
      ....)))

That would allow me to instantiate a backend in my own config code, and
then just slap it into `auth-sources'.

My other comment (admittedly totally unhelpful at this point) is that it
seems a bit odd to be using classes, but then not using subclassing, or
generic methods. The :type slot seems to be doing work that should be
done by subclassing, and the :create-function and :search-function slots
seem like they ought to be generic methods. Generic methods would
probably also be the right solution for a unified prompt interface.

Perhaps there are other considerations that prevent this -- I'm not that
familiar with the code. And, practically, it would probably be too much
work to re-write at that level, now. But I thought I'd mention it
anyway!

Right now the :initform arg to :create-function and :search-function is
"ignore". I'm not certain, but it looks like this isn't working the way
it's supposed to -- I was obliged to actually write stump functions
before the class definition could be eval'ed. It appears that the
current way to do this is to set the :allow-nil-initforms class-level
option.

Otherwise, here's how far I've gotten with this. The create function
seems like it will be a nightmare of prompting, so I'm punting on that
for now. Users would almost certainly have to create their own mapping
between host/port/user combinations and pass entries, as I doubt
anyone's going to want to structure their pass entries so that they're
somehow programmatically findable given the host and user. Here's code
that doesn't currently work, but I wish it would:

(defun my-stub-create-function ()
  nil)

(defcustom my-server-to-pass-entry-map
  ;; Does :host correspond to the Gnus server name, or to the actual
  ;; nnimap-address host?
  '((:host "mail.ericabrahamsen.net"
	   :user "eric@ericabrahamsen.net" :entry "email/ea")
    (:host "mail.paper-republic.org"
	   :user "eric@paper-republic.org" :entry "email/pr")))

(defun* my-pass-search-function (&rest
                                    spec
                                    &key backend create delete
                                    max
                                    &allow-other-keys)
  (let ((pass-arg
	 (catch 'found
	   (dolist (m my-server-to-pass-entry-map)
	     (when (and (string= (plist-get m :host)
				 (plist-get spec :host))
			(string= (plist-get m :user)
				 (plist-get spec :user)))
	       (throw 'found (plist-get m :entry)))))))
    (when pass-arg
      (shell-command-to-string (format "pass show %s" pass-arg)))))

(setq my-halfassed-pass-backend
      (make-instance 'auth-source-backend
		     :type 'pass-utility
		     :source "dummy string"
		     :create-function 'my-stub-create-function
		     :search-function 'my-pass-search-function))

(setq auth-sources (list my-halfassed-pass-backend))


I won't waste time apologizing for this awful code, but this is the bare
outline of what I'm trying to do. The other search functions for other
backends are pretty enormously complex, and I don't yet know why.

Thanks!
Eric