emacs-erc
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other bac

From: Akib Azmain Turja
Subject: Re: bug#58985: 29.0.50; Have auth-source-pass behave more like other back ends
Date: Fri, 11 Nov 2022 20:45:53 +0600 
"J.P." <jp@neverwas.me> writes:

>>> +    (if (eq auth-source-pass-extra-query-keywords 'test)
>>> +        (reverse rv)
>>
>> The value `test' is not documented.  Is it used in tests?  If it is, I
>> think an internal variable would be better.
>
> I got rid of the `test' stuff completely, so this function now always
> wraps secrets.

That looks good.

>
>
> From 8870cb62be1ad3ac5b9e5553e52a7f6ed7533c2f Mon Sep 17 00:00:00 2001
> From: "F. Jason Park" <jp@neverwas.me>
> Date: Tue, 1 Nov 2022 22:46:24 -0700
> Subject: [PATCH 1/2] [POC] Make auth-source-pass behave more like other
>  backends
>
> * lisp/auth-source-pass.el (auth-source-pass-extra-query-keywords): Add
> new option to bring search behavior more in line with other backends.
> (auth-source-pass-search): Add new keyword params `max' and `require'
> and consider new option `auth-source-pass-extra-query-keywords' for
> dispatch.
> (auth-source-pass--match-regexp, auth-source-pass--retrieve-parsed,
> auth-source-pass--match-parts): Add supporting variable and helpers.
> (auth-source-pass--build-result-many,
> auth-source-pass--find-match-many): Add "-many" variants for existing
> workhorse functions.
> * test/lisp/auth-source-pass-tests.el
> (auth-source-pass-extra-query-keywords--wild-port-miss-netrc,
> auth-source-pass-extra-query-keywords--wild-port-miss,
> auth-source-pass-extra-query-keywords--wild-port-hit-netrc,
> auth-source-pass-extra-query-keywords--wild-port-hit,
> auth-source-pass-extra-query-keywords--wild-port-req-miss-netrc,
> auth-source-pass-extra-query-keywords--wild-port-req-miss,
> auth-source-pass-extra-query-keywords--netrc-akib,
> auth-source-pass-extra-query-keywords--akib,
> auth-source-pass-extra-query-keywords--netrc-host,
> auth-source-pass-extra-query-keywords--host,
> auth-source-pass-extra-query-keywords--baseline,
> auth-source-pass-extra-query-keywords--port-type,
> auth-source-pass-extra-query-keywords--hosts-first): Add juxtaposed
> netrc and extra-query-keywords pairs to demo optional extra-compliant
> behavior.
> * doc/misc/auth.texi: Add option
> `auth-source-pass-extra-query-keywords' to auth-source-pass section.
> * etc/NEWS: Mention `auth-source-pass-extra-query-keywords' in Emacs
> 29.1 package changes section.  Bug#58985.
> ---
>  doc/misc/auth.texi                  |  11 ++
>  etc/NEWS                            |   8 ++
>  lisp/auth-source-pass.el            | 105 +++++++++++++++-
>  test/lisp/auth-source-pass-tests.el | 184 ++++++++++++++++++++++++++++
>  4 files changed, 307 insertions(+), 1 deletion(-)
>

[...]

> +(defun auth-source-pass--build-result-many (hosts ports users require max)
> +  "Return multiple `auth-source-pass--build-result' values."
> +  (unless (listp hosts) (setq hosts (list hosts)))
> +  (unless (listp users) (setq users (list users)))
> +  (unless (listp ports) (setq ports (list ports)))
> +  (let* ((auth-source-pass--match-regexp (auth-source-pass--match-regexp
> +                                          auth-source-pass-port-separator))
> +         (rv (auth-source-pass--find-match-many hosts users ports
> +                                                require (or max 1))))
> +    (when auth-source-debug
> +      (auth-source-pass--do-debug "final result: %S" rv))
> +    (let (out)
> +      (dolist (e rv out)
> +        (when-let* ((s (plist-get e :secret)) ; s not captured by closure
> +                    (v (auth-source--obfuscate s)))
> +          (setf (plist-get e :secret)
> +                (lambda () (auth-source--deobfuscate v))))

Why the closure doesn't capture "s"?  For me, the following code
captures "s" (obviously with lexical binding): (just let-wrapped version
of your code)

--8<---------------cut here---------------start------------->8---
(let ((e '(:secret "topsecret")))
  (when-let* ((s (plist-get e :secret)) ; s not captured by closure
              (v (auth-source--obfuscate s)))
    (setf (plist-get e :secret)
          (lambda () (auth-source--deobfuscate v))))
  e)
;; => (:secret
;;     (closure
;;         ((p #1)
;;          (v . "XIcHKKIKtavKgK8J6zXP1w==-N/XAaAOqAtGcCzKGKX71og==")
;;          (s . "topsecret") ;; LEAKED!!!
;;          (e :secret #1)
;;          t)
;;         nil
;;       (auth-source--deobfuscate v)))
--8<---------------cut here---------------end--------------->8---

> +        (push e out)))))

[...]

> +(defun auth-source-pass--retrieve-parsed (seen path port-number-p)
> +  (when-let ((m (string-match auth-source-pass--match-regexp path)))

Why do you let-bound "m"?  I can't find any use of it in the body.

> +    (puthash path
> +             (list :host (or (match-string 10 path) (match-string 11 path))
> +                   :user (or (match-string 20 path) (match-string 21 path))
> +                   :port (and-let* ((p (or (match-string 30 path)
> +                                           (match-string 31 path)))
> +                                    (n (string-to-number p)))
> +                           (if (or (zerop n) (not port-number-p))
> +                               (format "%s" p)
> +                             n)))
> +             seen)))

[...]

> +(defun auth-source-pass--find-match-many (hosts users ports require max)
> +  "Return plists for valid combinations of HOSTS, USERS, PORTS.
> +Each plist contains, at the very least, a host and a secret."
> +  (let ((seen (make-hash-table :test #'equal))
> +        (entries (auth-source-pass-entries))
> +        out)
> +    (catch 'done
> +      (dolist (host hosts out)
> +        (pcase-let ((`(,_ ,u ,p) (auth-source-pass--disambiguate host)))
> +          (unless (or (not (equal "443" p)) (string-prefix-p "https://"; 
> host))
> +            (setq p nil))
> +          (dolist (user (or users (list u)))
> +            (dolist (port (or ports (list p)))
> +              (dolist (e entries)
> +                (when-let*
> +                    ((m (or (gethash e seen) 
> (auth-source-pass--retrieve-parsed
> +                                              seen e (integerp port))))
> +                     ((equal host (plist-get m :host)))
> +                     ((auth-source-pass--match-parts m :port port require))
> +                     ((auth-source-pass--match-parts m :user user require))
> +                     (parsed (auth-source-pass-parse-entry e))
> +                     ;; For now, ignore body-content pairs, if any,
> +                     ;; from `auth-source-pass--parse-data'.
> +                     (secret (or (auth-source-pass--get-attr 'secret parsed)
> +                                 (not (memq :secret require)))))
> +                  (push
> +                   `( :host ,host ; prefer user-provided :host over h
> +                      ,@(and-let* ((u (plist-get m :user))) (list :user u))
> +                      ,@(and-let* ((p (plist-get m :port))) (list :port p))
> +                      ,@(and secret (not (eq secret t)) (list :secret 
> secret)))
> +                   out)
> +                  (when (or (zerop (cl-decf max))
> +                            (null (setq entries (remove e entries))))

Remove will create a lot of garbage, e.g. (let ((x '(1 2 3 4 5)))
(eq (remove 6 x) x)) and (let ((x '(1 2 3 4 5))) (eq (remove 1 x)
(cdr x))) both returns nil.

If you think delete is OK, go ahead and use it.  If you think remove is
better, keep it.  Do whatever you think right.

> +                    (throw 'done out)))))))))))
> +

[...]

-- 
Akib Azmain Turja, GPG key: 70018CE5819F17A3BBA666AFE74F0EFA922AE7F5
Fediverse: akib@hostux.social
Codeberg: akib
emailselfdefense.fsf.org | "Nothing can be secure without encryption."

Attachment: signature.asc
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]