auth-source (.authinfo.gpg) stopped working?

auth-source (.authinfo.gpg) stopped working?

[Dave Goldberg]

I updated this morning after staying on a version from much earlier in the month as I've been trying to debug an issue with my exchange server.

Normally on running gnus, I am prompted for the passphrase for .authinfo.gpg.  Assuming I don't mistype, the file is opened (by virtue of epg) and parsed and I am not prompted for any further login information.

That didn't work after updating this morning.  Instead I was prompted for login information even after successfully opening .authinfo.gpg.  I seem to recall some discussion about the line format in there so I figured I'd go through the prompts and let it write whatever it wanted back into the file.  Well nothing new got written but my connections to the servers failed.  Today was surprisingly busy (had to meet a deadline before the holiday) so I reverted to my previous installation.  I plan to take up debugging it next week, but if anyone has any idea what to look for I would greatly appreciate any pointers.

In case it matters (as I fear it might) I am running on XEmacs 21.4.22.

Thanks,
-- 
Dave Goldberg
david.goldberg6@verizon.net

Re: auth-source (.authinfo.gpg) stopped working?

[Ted Zlatanov]

On Thu, 23 Dec 2010 23:45:50 -0500 david.goldberg6@verizon.net (Dave Goldberg) wrote: 

DG> I updated this morning after staying on a version from much earlier in the month as I've been trying to debug an issue with my exchange server.

DG> Normally on running gnus, I am prompted for the passphrase for
DG> .authinfo.gpg.  Assuming I don't mistype, the file is opened (by
DG> virtue of epg) and parsed and I am not prompted for any further login
DG> information.

DG> That didn't work after updating this morning.  Instead I was prompted
DG> for login information even after successfully opening .authinfo.gpg.
DG> I seem to recall some discussion about the line format in there so I
DG> figured I'd go through the prompts and let it write whatever it wanted
DG> back into the file.  Well nothing new got written but my connections
DG> to the servers failed.  Today was surprisingly busy (had to meet a
DG> deadline before the holiday) so I reverted to my previous
DG> installation.  I plan to take up debugging it next week, but if anyone
DG> has any idea what to look for I would greatly appreciate any pointers.

DG> In case it matters (as I fear it might) I am running on XEmacs 21.4.22.

Open the .gpg file directly in Emacs.  Does that work?  If yes, we'll
look for a problem in auth-source.el.  If not, the problem is in EPA or
in the GPG setup.  The sequence you're describing (nothing works, you're
prompted to save login info) suggests the latter.

Ted

Re: auth-source (.authinfo.gpg) stopped working?

[Dave Goldberg]

> On Thu, 23 Dec 2010 23:45:50 -0500 david.goldberg6@verizon.net (Dave
> Goldberg) wrote:

DG> I updated this morning after staying on a version from much
DG> earlier in the month as I've been trying to debug an issue with my
DG> exchange server.

DG> Normally on running gnus, I am prompted for the passphrase for
DG> .authinfo.gpg.  Assuming I don't mistype, the file is opened (by
DG> virtue of epg) and parsed and I am not prompted for any further login
DG> information.

DG> That didn't work after updating this morning.  Instead I was prompted
DG> for login information even after successfully opening .authinfo.gpg.
DG> I seem to recall some discussion about the line format in there so I
DG> figured I'd go through the prompts and let it write whatever it wanted
DG> back into the file.  Well nothing new got written but my connections
DG> to the servers failed.  Today was surprisingly busy (had to meet a
DG> deadline before the holiday) so I reverted to my previous
DG> installation.  I plan to take up debugging it next week, but if anyone
DG> has any idea what to look for I would greatly appreciate any pointers.

DG> In case it matters (as I fear it might) I am running on XEmacs 21.4.22.

> Open the .gpg file directly in Emacs.  Does that work?  If yes, we'll
> look for a problem in auth-source.el.  If not, the problem is in EPA or
> in the GPG setup.  The sequence you're describing (nothing works, you're
> prompted to save login info) suggests the latter.

Yes, opening the .gpg file works just fine.  And as noted, an earlier checkout of gnus does as well.  I can't check it further today, unfortunately.  Weather has me working from home and I left the office machine off over the weekend so I can't access the affected copy, nor can I directly access my IMAP servers from home.

-- 
Dave Goldberg
david.goldberg6@verizon.net

Re: auth-source (.authinfo.gpg) stopped working?

[Dave Goldberg]

DG> In case it matters (as I fear it might) I am running on XEmacs 21.4.22.

>> Open the .gpg file directly in Emacs.  Does that work?  If yes, we'll
>> look for a problem in auth-source.el.  If not, the problem is in EPA or
>> in the GPG setup.  The sequence you're describing (nothing works, you're
>> prompted to save login info) suggests the latter.

Looks like it is an XEmacs issue.  In the message log:

Warning: Opening nnimap server on exchange...failed: ; Unable to open server nnimap+exchange due to: Wrong number of arguments: #<subr local-variable-p>, 1; Opening nnimap server on cyrus...failed: ; Unable to open server nnimap+cyrus due to: Wrong number of arguments: #<subr local-variable-p>, 1

There is no backtrace, but a look at auth-source.el does indeed show a call to local-variable-p.

So in my local copy I modified the call to local-variable-p to add a second argument of (current-buffer) which I think is what's needed for xemacs.  Now I can log in to the servers OK, but even though I have appropriate lines in .authinfo.gpg (I even moved it out of the way and let it get regenerated) I am prompted for username and password for each server every time, and the lines are simply repeatedly written to .authinfo.gpg.

-- 
Dave Goldberg
david.goldberg6@verizon.net

Re: auth-source (.authinfo.gpg) stopped working?

[Lars Magne Ingebrigtsen]

david.goldberg6@verizon.net (Dave Goldberg) writes:

> So in my local copy I modified the call to local-variable-p to add a
> second argument of (current-buffer) which I think is what's needed for
> xemacs. 

Ok; I've now applied the same fix to git Gnus.

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi@gnus.org * Lars Magne Ingebrigtsen

Re: auth-source (.authinfo.gpg) stopped working?

[Dave Goldberg]

> david.goldberg6@verizon.net (Dave Goldberg) writes:
>> So in my local copy I modified the call to local-variable-p to add a
>> second argument of (current-buffer) which I think is what's needed for
>> xemacs. 

> Ok; I've now applied the same fix to git Gnus.

Thanks.  That stops the error, but I still have the remaining problem that the auth source lines are not being honored.  After successfully opening the file, I am prompted for login in formation for each server and asked to save it in the file.  So as I keep saying yes, I have a lot of repeated lines in the file.

I'll enable auth-source debugging and see if I can figure anything out.

-- 
Dave Goldberg
david.goldberg6@verizon.net

Re: auth-source (.authinfo.gpg) stopped working?

[Dave Goldberg]

> I'll enable auth-source debugging and see if I can figure anything out.

It looks like something is off with the parsing, presumably just in XEmacs, or perhaps there's something really wrong with my setup.  I have in .authinfo.gpg just the lines that have been written by the new auth-source (password masked):

machine cyrus.my.org login dsg password SECRET port imap
machine exchange.my.org login dsg password SECRET port imap

This after removing several identical copies, each of which gets written when I run through the initial login process.

Here are the relevant debug lines in the message log:

Loading auth-source...
Loading auth-source...done
auth-source-user-or-password: get (login password) for cyrus (143) + user=nil
/home/dsg/.authinfo.: 0% (0/114)
Loading passwd...
Loading passwd...done
/home/dsg/.authinfo.: 100% (114/114)
auth-source-user-or-password: get (login password) for cyrus (imap) + user=nil
auth-source-user-or-password: get (login password) for cyrus.my.org (143) + user=nil
auth-source-user-or-password: get (login password) for cyrus.my.org (imap) + user=nil
Do you want to save this password in ~/.authinfo.gpg? (y or n) 
Do you want to save this password in ~/.authinfo.gpg? (y or n) Yes
/home/dsg/.authinfo.: 0% (0/114)
/home/dsg/.authinfo.: 100% (114/114)
stdin: 0% (0/0)
stdin: 0% (199/0)
auth-source-user-or-password: found (login password)=SECRET for cyrus.my.org (imap) + nil
Opening nnimap server on cyrus...done
Opening nnimap server on exchange...
Opening connection to exchange.my.org...
Opening STARTTLS connection to `exchange.my.org:imap'...
Opening STARTTLS connection to `exchange.my.org:imap'...done
auth-source-user-or-password: get (login password) for exchange (143) + user=nil
/home/dsg/.authinfo.: 0% (0/118)
/home/dsg/.authinfo.: 100% (118/118)
auth-source-user-or-password: get (login password) for exchange (imap) + user=nil
auth-source-user-or-password: get (login password) for exchange.my.org (143) + user=nil
auth-source-user-or-password: get (login password) for exchange.my.org (imap) + user=nil
Do you want to save this password in ~/.authinfo.gpg? (y or n) 
Do you want to save this password in ~/.authinfo.gpg? (y or n) Yes
/home/dsg/.authinfo.: 0% (0/118)
/home/dsg/.authinfo.: 100% (118/118)
stdin: 0% (0/0)
stdin: 0% (262/0)
auth-source-user-or-password: found (login password)=SECRET for exchange.my.org (imap) + nil
Opening nnimap server on exchange...done

Reverting to a checkout prior to this change does not exhibit the problem

2010-12-16  Daiki Ueno  <ueno@unixuser.org>

        * auth-source.el (auth-source-gpg-encrypt-to): New variable to set the
        list of recipient keys, or use symmetric encryption if not a list.
        (auth-source-create): Use it to make `epa-file-encrypt-to' local for an
        EPA override, replacing the call to `netrc-store-data'.


-- 
Dave Goldberg
david.goldberg6@verizon.net

Re: auth-source (.authinfo.gpg) stopped working?

[Lars Magne Ingebrigtsen]

david.goldberg6@verizon.net (Dave Goldberg) writes:

> 2010-12-16  Daiki Ueno  <ueno@unixuser.org>
>
>         * auth-source.el (auth-source-gpg-encrypt-to): New variable to set the
>         list of recipient keys, or use symmetric encryption if not a list.
>         (auth-source-create): Use it to make `epa-file-encrypt-to' local for an
>         EPA override, replacing the call to `netrc-store-data'.

If you set `auth-source-gpg-encrypt-to' to nil, does it work for you then?

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi@gnus.org * Lars Magne Ingebrigtsen

Re: auth-source (.authinfo.gpg) stopped working?

[Dave Goldberg]

> david.goldberg6@verizon.net (Dave Goldberg) writes:
>> 2010-12-16  Daiki Ueno  <ueno@unixuser.org>
>> 
>> * auth-source.el (auth-source-gpg-encrypt-to): New variable to set the
>> list of recipient keys, or use symmetric encryption if not a list.
>> (auth-source-create): Use it to make `epa-file-encrypt-to' local for an
>> EPA override, replacing the call to `netrc-store-data'.

> If you set `auth-source-gpg-encrypt-to' to nil, does it work for you then?

Nope.

-- 
Dave Goldberg
david.goldberg6@verizon.net

Re: auth-source (.authinfo.gpg) stopped working?

[Daiki Ueno]

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> david.goldberg6@verizon.net (Dave Goldberg) writes:
>
>> 2010-12-16  Daiki Ueno  <ueno@unixuser.org>
>>
>>         [...] replacing the call to `netrc-store-data'.

Presumably this might be the culprit.  It copies the function
`netrc-store-data' from netrc.el and most likely the format is different
from the one used by netrc.el included in XEmacs packages.

I'll fix it soon.

Regards,
-- 
Daiki Ueno

Re: auth-source (.authinfo.gpg) stopped working?

[Daiki Ueno]

[-- Attachment #1: Type: text/plain, Size: 1217 bytes --]

Daiki Ueno <ueno@unixuser.org> writes:

> Presumably this might be the culprit.  It copies the function
> `netrc-store-data' from netrc.el and most likely the format is different
> from the one used by netrc.el included in XEmacs packages.

Sorry I was missing the point.  Please ignore my guess the above.

After debugging with XEmacs (I could reproduce the problem), now I
suspect that the cause is elsewhere.  Even with or without the above
change, (netrc-parse "~/.authinfo.gpg") always returns nil except the
first time, because the netrc-cache handling is buggy.  netrc saves the
content of the file in a form mangled with base64 and rot13.  However,
XEmacs does not have rot13-string and dgnushack.el defines rot13-string
as a macro:

(defmacro rot13-string (string)
  "Return ROT13 encryption of STRING."
  `(with-temp-buffer
    (insert ,string)
    (translate-region (point-min) (point-max) ,rot13-display-table)
    (buffer-string)))

netrc-parse uses it as to save the contents:

(setq netrc-cache ... (rot13-string (base64-encode-string (buffer-string))))

Guess what will happen.  Since buffer-string is called from the buffer
created by rot13-string, it will always return "".

I'm attaching a patch.


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-Fix-argument-passing-when-rot13-string-is-defined-as.patch --]
[-- Type: text/x-patch, Size: 1423 bytes --]

From 0e33d1b9c124bdc1f6fe4a186078318da887e386 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@unixuser.org>
Date: Wed, 5 Jan 2011 11:47:59 +0900
Subject: [PATCH] Fix argument passing when rot13-string is defined as macro.

---
 lisp/ChangeLog |    5 +++++
 lisp/netrc.el  |    8 +++++---
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 586e706..a6a9d96 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,3 +1,8 @@
+2011-01-05  Daiki Ueno  <ueno@unixuser.org>
+
+	* netrc.el (netrc-parse): Take care of the arg of rot13-string in case
+	that it is defined as a macro.
+
 2011-01-03  Lars Magne Ingebrigtsen  <larsi@gnus.org>
 
 	* flow-fill.el (fill-flowed-encode): Do encoding citation-aware.
diff --git a/lisp/netrc.el b/lisp/netrc.el
index 989470b..ab4c0d8 100644
--- a/lisp/netrc.el
+++ b/lisp/netrc.el
@@ -69,9 +69,11 @@
 	    (insert-file-contents file)
 	    (when (string-match "\\.gpg\\'" file)
 	      (setq netrc-cache (cons (nth 5 (file-attributes file))
-				      (rot13-string
-				       (base64-encode-string
-					(buffer-string)))))))
+				      (buffer-string)))
+	      ;; Store the contents of the file heavily encrypted in memory.
+	      (setcdr netrc-cache (rot13-string
+				   (base64-encode-string
+				    (cdr netrc-cache))))))
 	  (goto-char (point-min))
 	  ;; Go through the file, line by line.
 	  (while (not (eobp))
-- 
1.7.3.4


[-- Attachment #3: Type: text/plain, Size: 25 bytes --]


Regards,
-- 
Daiki Ueno

Re: auth-source (.authinfo.gpg) stopped working?

[Dave Goldberg]

> Daiki Ueno <ueno@unixuser.org> writes:


> [...]


> I'm attaching a patch.

Confirm that the patch works.  Thanks!

-- 
Dave Goldberg
david.goldberg6@verizon.net

Re: auth-source (.authinfo.gpg) stopped working?

[Katsumi Yamaoka]

Ueno-san wrote:
[...]
> XEmacs does not have rot13-string and dgnushack.el defines rot13-string
> as a macro:

> (defmacro rot13-string (string)
>   "Return ROT13 encryption of STRING."
>   `(with-temp-buffer
>     (insert ,string)
>     (translate-region (point-min) (point-max) ,rot13-display-table)
>     (buffer-string)))

> netrc-parse uses it as to save the contents:

> (setq netrc-cache ... (rot13-string (base64-encode-string (buffer-string))))

> Guess what will happen.  Since buffer-string is called from the buffer
> created by rot13-string, it will always return "".

Oops, I see the macro I added to dgnushack.el was designed badly.

> I'm attaching a patch.

Thanks.  But when XEmacs' rot13.el follows Emacs' someday, it
will get needless.  So, I rewrote the macro instead:

(defmacro rot13-string (string)
  "Return ROT13 encryption of STRING."
  `(let ((string ,string))
     (with-temp-buffer
       (insert string)
       (translate-region (point-min) (point-max) ,rot13-display-table)
       (buffer-string))))

Re: auth-source (.authinfo.gpg) stopped working?

[Daiki Ueno]

Katsumi Yamaoka <yamaoka@jpl.org> writes:

> But when XEmacs' rot13.el follows Emacs' someday, it will get
> needless.  So, I rewrote the macro instead:
>
> (defmacro rot13-string (string)
>   "Return ROT13 encryption of STRING."
>   `(let ((string ,string))

Yeah, it looks better.  Thanks.

Regards,
-- 
Daiki Ueno

Re: auth-source (.authinfo.gpg) stopped working?

[Dave Goldberg]

> Thanks.  But when XEmacs' rot13.el follows Emacs' someday, it
> will get needless.  So, I rewrote the macro instead:

Confirmed that this fix works too.  Thanks!

-- 
Dave Goldberg
david.goldberg6@verizon.net