procyberian/emacs
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
emacs/lisp/auth-source-pass.el

447 lines
19 KiB
EmacsLisp
Raw Normal View History

Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
;;; auth-source-pass.el --- Integrate auth-source with password-store -*- lexical-binding: t -*-
; Add 2024 to copyright years
2024-01-02 01:47:10 +00:00
;; Copyright (C) 2015, 2017-2024 Free Software Foundation, Inc.
Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
;; Author: Damien Cassou <damien@cassou.me>,
;; Nicolas Petton <nicolas@petton.fr>
* lisp/auth-source-pass.el: Add Keith Amidon to authors
2019-05-11 15:22:56 +00:00
;; Keith Amidon <camalot@picnicpark.org>
* lisp/auth-source-pass.el: Version 5.0.0
2019-05-28 06:46:41 +00:00
;; Version: 5.0.0
Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
;; Created: 07 Jun 2015
;; This file is part of GNU Emacs.
;; GNU Emacs is free software: you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published by
;; the Free Software Foundation, either version 3 of the License, or
;; (at your option) any later version.
;; GNU Emacs is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;; GNU General Public License for more details.
;; You should have received a copy of the GNU General Public License
Prefer HTTPS to FTP and HTTP in documentation Most of this change is to boilerplate commentary such as license URLs. This change was prompted by ftp://ftp.gnu.org's going-away party, planned for November. Change these FTP URLs to https://ftp.gnu.org instead. Make similar changes for URLs to other organizations moving away from FTP. Also, change HTTP to HTTPS for URLs to gnu.org and fsf.org when this works, as this will further help defend against man-in-the-middle attacks (for this part I omitted the MS-DOS and MS-Windows sources and the test tarballs to keep the workload down). HTTPS is not fully working to lists.gnu.org so I left those URLs alone for now.
2017-09-13 22:52:52 +00:00
;; along with GNU Emacs. If not, see <https://www.gnu.org/licenses/>.
Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
;;; Commentary:
Convert many more links to use HTTPS
2021-03-24 08:28:32 +00:00
;; Integrates password-store (https://passwordstore.org/) within
Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
;; auth-source.
;;; Code:
(require 'seq)
lisp/auth-source-pass.el: Require cl-lib unconditionally Changes in 2019-05-05 and 2019-05-14 introduced run-time dependencies on cl-maplist and cl-remove-if-not.
2019-11-26 11:55:29 +00:00
(require 'cl-lib)
Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
(require 'auth-source)
(require 'url-parse)
* lisp/auth-source-pass.el (auth-source): Silence spurious warning
2021-03-24 17:45:13 +00:00
;; Use `eval-when-compile' after the other `require's to avoid spurious
;; "might not be defined at runtime" warnings.
(eval-when-compile (require 'subr-x))
Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
Add auth-source-pass-filename option * lisp/auth-source-pass.el (auth-source-pass) (auth-source-pass-filename): Add option to specify a customized password-store path. (auth-source-pass--read-entry) (auth-source-pass-entries): Use the new option instead of hard-coded `~/.password-store'.
2019-01-13 21:30:53 +00:00
(defgroup auth-source-pass nil
"password-store integration within auth-source."
:prefix "auth-source-pass-"
:group 'auth-source
:version "27.1")
Use PASSWORD_STORE_DIR in auth-source-pass when set * lisp/auth-source-pass.el (auth-source-pass-filename): Initialize to PASSWORD_STORE_DIR environment variable when set. (Bug#29663)
2019-10-06 02:02:27 +00:00
(defcustom auth-source-pass-filename
(or (getenv "PASSWORD_STORE_DIR") "~/.password-store")
Add auth-source-pass-filename option * lisp/auth-source-pass.el (auth-source-pass) (auth-source-pass-filename): Add option to specify a customized password-store path. (auth-source-pass--read-entry) (auth-source-pass-entries): Use the new option instead of hard-coded `~/.password-store'.
2019-01-13 21:30:53 +00:00
"Filename of the password-store folder."
:type 'directory
:version "27.1")
Add auth-source-pass-port-separator option * lisp/auth-source-pass.el (auth-source-pass-port-separator): New option to specify separator between host and port, default to colon (":"). (auth-source-pass--find-match-unambiguous): Adapt to make use of the new variable. * test/lisp/auth-source-pass-tests.el: Add corresponding tests.
2019-04-07 08:59:59 +00:00
(defcustom auth-source-pass-port-separator ":"
"Separator string between host and port in entry filename."
:type 'string
:version "27.1")
Disable auth-source-pass-extra-query-keywords by default * doc/misc/auth.texi: Mention subdomain matching in `auth-source-pass-extra-query-keywords' section. * etc/NEWS: Mention the loss of traditional auth-source-pass features when `auth-source-pass-extra-query-keywords' is enabled. * lisp/auth-source-pass (auth-source-pass-extra-query-keywords): Set default to nil. Mention domain matching in doc string. (auth-source-pass--match-regexp): Allow username to contain "@". * lisp/erc/erc-compat.el: (erc-compat--29-auth-source-pass--retrieve-parsed): Adjust regexp. * test/lisp/auth-source-pass-tests.el (auth-source-pass-extra-query-keywords--suffixed-user): make plain username more email-like. (Bug#58985.)
2022-11-25 05:03:03 +00:00
(defcustom auth-source-pass-extra-query-keywords nil
Make auth-source-pass behave more like other backends * lisp/auth-source-pass.el (auth-source-pass-extra-query-keywords): Add new option to bring search behavior more in line with other backends. (auth-source-pass-search): Add new keyword params `max' and `require' and consider new option `auth-source-pass-extra-query-keywords' for dispatch. (auth-source-pass--match-regexp, auth-source-pass--retrieve-parsed, auth-source-pass--match-parts): Add supporting variable and helpers. (auth-source-pass--build-result-many, auth-source-pass--find-match-many): Add "-many" variants for existing workhorse functions. * test/lisp/auth-source-pass-tests.el: Require `ert-x'. (auth-source-pass-can-start-from-auth-source-search): Ensure `auth-source-pass-extra-query-keywords' is enabled around test body. (auth-source-pass-extra-query-keywords--wild-port-miss-netrc, auth-source-pass-extra-query-keywords--wild-port-miss, auth-source-pass-extra-query-keywords--wild-port-hit-netrc, auth-source-pass-extra-query-keywords--wild-port-hit, auth-source-pass-extra-query-keywords--wild-port-req-miss-netrc, auth-source-pass-extra-query-keywords--wild-port-req-miss, auth-source-pass-extra-query-keywords--netrc-akib, auth-source-pass-extra-query-keywords--akib, auth-source-pass-extra-query-keywords--netrc-host, auth-source-pass-extra-query-keywords--host, auth-source-pass-extra-query-keywords--baseline, auth-source-pass-extra-query-keywords--port-type, auth-source-pass-extra-query-keywords--hosts-first, auth-source-pass-extra-query-keywords--ambiguous-user-host, auth-source-pass-extra-query-keywords--suffixed-user, auth-source-pass-extra-query-keywords--user-priorities): Add juxtaposed netrc and extra-query-keywords pairs to demo optional extra-compliant behavior. * doc/misc/auth.texi: Add option `auth-source-pass-extra-query-keywords' to auth-source-pass section. * etc/NEWS: Mention `auth-source-pass-extra-query-keywords' in Emacs 29.1 package changes section. (Bug#58985.) Special thanks to Akib Azmain Turja <akib@disroot.org> for helping improve this patch.
2022-11-02 05:46:24 +00:00
"Whether to consider additional keywords when performing a query.
Specifically, when the value is t, recognize the `:max' and
`:require' keywords and accept lists of query parameters for
Disable auth-source-pass-extra-query-keywords by default * doc/misc/auth.texi: Mention subdomain matching in `auth-source-pass-extra-query-keywords' section. * etc/NEWS: Mention the loss of traditional auth-source-pass features when `auth-source-pass-extra-query-keywords' is enabled. * lisp/auth-source-pass (auth-source-pass-extra-query-keywords): Set default to nil. Mention domain matching in doc string. (auth-source-pass--match-regexp): Allow username to contain "@". * lisp/erc/erc-compat.el: (erc-compat--29-auth-source-pass--retrieve-parsed): Adjust regexp. * test/lisp/auth-source-pass-tests.el (auth-source-pass-extra-query-keywords--suffixed-user): make plain username more email-like. (Bug#58985.)
2022-11-25 05:03:03 +00:00
certain keywords, such as `:host' and `:user'. Beyond that, wrap
all returned secrets in a function and don't bother considering
subdomains when matching hosts. Also, forgo any further results
Make auth-source-pass behave more like other backends * lisp/auth-source-pass.el (auth-source-pass-extra-query-keywords): Add new option to bring search behavior more in line with other backends. (auth-source-pass-search): Add new keyword params `max' and `require' and consider new option `auth-source-pass-extra-query-keywords' for dispatch. (auth-source-pass--match-regexp, auth-source-pass--retrieve-parsed, auth-source-pass--match-parts): Add supporting variable and helpers. (auth-source-pass--build-result-many, auth-source-pass--find-match-many): Add "-many" variants for existing workhorse functions. * test/lisp/auth-source-pass-tests.el: Require `ert-x'. (auth-source-pass-can-start-from-auth-source-search): Ensure `auth-source-pass-extra-query-keywords' is enabled around test body. (auth-source-pass-extra-query-keywords--wild-port-miss-netrc, auth-source-pass-extra-query-keywords--wild-port-miss, auth-source-pass-extra-query-keywords--wild-port-hit-netrc, auth-source-pass-extra-query-keywords--wild-port-hit, auth-source-pass-extra-query-keywords--wild-port-req-miss-netrc, auth-source-pass-extra-query-keywords--wild-port-req-miss, auth-source-pass-extra-query-keywords--netrc-akib, auth-source-pass-extra-query-keywords--akib, auth-source-pass-extra-query-keywords--netrc-host, auth-source-pass-extra-query-keywords--host, auth-source-pass-extra-query-keywords--baseline, auth-source-pass-extra-query-keywords--port-type, auth-source-pass-extra-query-keywords--hosts-first, auth-source-pass-extra-query-keywords--ambiguous-user-host, auth-source-pass-extra-query-keywords--suffixed-user, auth-source-pass-extra-query-keywords--user-priorities): Add juxtaposed netrc and extra-query-keywords pairs to demo optional extra-compliant behavior. * doc/misc/auth.texi: Add option `auth-source-pass-extra-query-keywords' to auth-source-pass section. * etc/NEWS: Mention `auth-source-pass-extra-query-keywords' in Emacs 29.1 package changes section. (Bug#58985.) Special thanks to Akib Azmain Turja <akib@disroot.org> for helping improve this patch.
2022-11-02 05:46:24 +00:00
filtering unless given an applicable `:require' argument. When
this option is nil, do none of that, and enact the narrowing
behavior described toward the bottom of the Info node `(auth) The
Unix password store'."
:type 'boolean
:version "29.1")
Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
(cl-defun auth-source-pass-search (&rest spec
auth-source-pass: Add documentation; fix tests and indentation. * doc/misc/auth.texi: Document new integration with Pass. Use @itemize instead of @enumerate. * lisp/auth-source-pass.el: Fix indentation. (auth-source-pass--remove-directory-name): Remove. * test/lisp/auth-source-pass-tests.el: Adjust test macros.
2017-04-03 19:36:03 +00:00
&key backend type host user port
Make auth-source-pass behave more like other backends * lisp/auth-source-pass.el (auth-source-pass-extra-query-keywords): Add new option to bring search behavior more in line with other backends. (auth-source-pass-search): Add new keyword params `max' and `require' and consider new option `auth-source-pass-extra-query-keywords' for dispatch. (auth-source-pass--match-regexp, auth-source-pass--retrieve-parsed, auth-source-pass--match-parts): Add supporting variable and helpers. (auth-source-pass--build-result-many, auth-source-pass--find-match-many): Add "-many" variants for existing workhorse functions. * test/lisp/auth-source-pass-tests.el: Require `ert-x'. (auth-source-pass-can-start-from-auth-source-search): Ensure `auth-source-pass-extra-query-keywords' is enabled around test body. (auth-source-pass-extra-query-keywords--wild-port-miss-netrc, auth-source-pass-extra-query-keywords--wild-port-miss, auth-source-pass-extra-query-keywords--wild-port-hit-netrc, auth-source-pass-extra-query-keywords--wild-port-hit, auth-source-pass-extra-query-keywords--wild-port-req-miss-netrc, auth-source-pass-extra-query-keywords--wild-port-req-miss, auth-source-pass-extra-query-keywords--netrc-akib, auth-source-pass-extra-query-keywords--akib, auth-source-pass-extra-query-keywords--netrc-host, auth-source-pass-extra-query-keywords--host, auth-source-pass-extra-query-keywords--baseline, auth-source-pass-extra-query-keywords--port-type, auth-source-pass-extra-query-keywords--hosts-first, auth-source-pass-extra-query-keywords--ambiguous-user-host, auth-source-pass-extra-query-keywords--suffixed-user, auth-source-pass-extra-query-keywords--user-priorities): Add juxtaposed netrc and extra-query-keywords pairs to demo optional extra-compliant behavior. * doc/misc/auth.texi: Add option `auth-source-pass-extra-query-keywords' to auth-source-pass section. * etc/NEWS: Mention `auth-source-pass-extra-query-keywords' in Emacs 29.1 package changes section. (Bug#58985.) Special thanks to Akib Azmain Turja <akib@disroot.org> for helping improve this patch.
2022-11-02 05:46:24 +00:00
require max
auth-source-pass: Add documentation; fix tests and indentation. * doc/misc/auth.texi: Document new integration with Pass. Use @itemize instead of @enumerate. * lisp/auth-source-pass.el: Fix indentation. (auth-source-pass--remove-directory-name): Remove. * test/lisp/auth-source-pass-tests.el: Adjust test macros.
2017-04-03 19:36:03 +00:00
&allow-other-keys)
; * lisp/auth-source-pass.el: Improve docstrings
2021-06-27 15:38:59 +00:00
"Given some search query, return matching credentials.
lisp/auth-source-pass.el: Support multiple hosts in search spec * lisp/auth-source-pass.el (auth-source-pass-search): Accept a list of strings for argument HOST. (auth-source-pass--build-result): Rename argument HOST to HOSTS. Also return value "host" from entry if it exists. (auth-source-pass--find-match): Rename argument HOST to HOSTS. Iterate over each host in HOSTS. * test/lisp/auth-source-pass-tests.el: Add corresponding tests
2021-06-27 15:36:00 +00:00
; * lisp/auth-source-pass.el: Improve docstrings
2021-06-27 15:38:59 +00:00
See `auth-source-search' for details on the parameters SPEC, BACKEND, TYPE,
Make auth-source-pass behave more like other backends * lisp/auth-source-pass.el (auth-source-pass-extra-query-keywords): Add new option to bring search behavior more in line with other backends. (auth-source-pass-search): Add new keyword params `max' and `require' and consider new option `auth-source-pass-extra-query-keywords' for dispatch. (auth-source-pass--match-regexp, auth-source-pass--retrieve-parsed, auth-source-pass--match-parts): Add supporting variable and helpers. (auth-source-pass--build-result-many, auth-source-pass--find-match-many): Add "-many" variants for existing workhorse functions. * test/lisp/auth-source-pass-tests.el: Require `ert-x'. (auth-source-pass-can-start-from-auth-source-search): Ensure `auth-source-pass-extra-query-keywords' is enabled around test body. (auth-source-pass-extra-query-keywords--wild-port-miss-netrc, auth-source-pass-extra-query-keywords--wild-port-miss, auth-source-pass-extra-query-keywords--wild-port-hit-netrc, auth-source-pass-extra-query-keywords--wild-port-hit, auth-source-pass-extra-query-keywords--wild-port-req-miss-netrc, auth-source-pass-extra-query-keywords--wild-port-req-miss, auth-source-pass-extra-query-keywords--netrc-akib, auth-source-pass-extra-query-keywords--akib, auth-source-pass-extra-query-keywords--netrc-host, auth-source-pass-extra-query-keywords--host, auth-source-pass-extra-query-keywords--baseline, auth-source-pass-extra-query-keywords--port-type, auth-source-pass-extra-query-keywords--hosts-first, auth-source-pass-extra-query-keywords--ambiguous-user-host, auth-source-pass-extra-query-keywords--suffixed-user, auth-source-pass-extra-query-keywords--user-priorities): Add juxtaposed netrc and extra-query-keywords pairs to demo optional extra-compliant behavior. * doc/misc/auth.texi: Add option `auth-source-pass-extra-query-keywords' to auth-source-pass section. * etc/NEWS: Mention `auth-source-pass-extra-query-keywords' in Emacs 29.1 package changes section. (Bug#58985.) Special thanks to Akib Azmain Turja <akib@disroot.org> for helping improve this patch.
2022-11-02 05:46:24 +00:00
HOST, USER, PORT, REQUIRE, and MAX."
Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
(cl-assert (or (null type) (eq type (oref backend type)))
t "Invalid password-store search: %s %s")
Fix auth-source-pass.el to properly handle special inputs * lisp/auth-source-pass.el (auth-source-pass-search): Warn when passing multiple hosts in SPEC. Early return and warn when passing a wildcard as host in SPEC. Early return when host is nil. * test/lisp/auth-source-pass-tests.el (auth-source-pass-any-host, auth-source-pass-undefined-host): Add corresponding tests.
2018-01-08 16:34:38 +00:00
(cond ((eq host t)
(warn "auth-source-pass does not handle host wildcards.")
nil)
((null host)
;; Do not build a result, as none will match when HOST is nil
nil)
Make auth-source-pass behave more like other backends * lisp/auth-source-pass.el (auth-source-pass-extra-query-keywords): Add new option to bring search behavior more in line with other backends. (auth-source-pass-search): Add new keyword params `max' and `require' and consider new option `auth-source-pass-extra-query-keywords' for dispatch. (auth-source-pass--match-regexp, auth-source-pass--retrieve-parsed, auth-source-pass--match-parts): Add supporting variable and helpers. (auth-source-pass--build-result-many, auth-source-pass--find-match-many): Add "-many" variants for existing workhorse functions. * test/lisp/auth-source-pass-tests.el: Require `ert-x'. (auth-source-pass-can-start-from-auth-source-search): Ensure `auth-source-pass-extra-query-keywords' is enabled around test body. (auth-source-pass-extra-query-keywords--wild-port-miss-netrc, auth-source-pass-extra-query-keywords--wild-port-miss, auth-source-pass-extra-query-keywords--wild-port-hit-netrc, auth-source-pass-extra-query-keywords--wild-port-hit, auth-source-pass-extra-query-keywords--wild-port-req-miss-netrc, auth-source-pass-extra-query-keywords--wild-port-req-miss, auth-source-pass-extra-query-keywords--netrc-akib, auth-source-pass-extra-query-keywords--akib, auth-source-pass-extra-query-keywords--netrc-host, auth-source-pass-extra-query-keywords--host, auth-source-pass-extra-query-keywords--baseline, auth-source-pass-extra-query-keywords--port-type, auth-source-pass-extra-query-keywords--hosts-first, auth-source-pass-extra-query-keywords--ambiguous-user-host, auth-source-pass-extra-query-keywords--suffixed-user, auth-source-pass-extra-query-keywords--user-priorities): Add juxtaposed netrc and extra-query-keywords pairs to demo optional extra-compliant behavior. * doc/misc/auth.texi: Add option `auth-source-pass-extra-query-keywords' to auth-source-pass section. * etc/NEWS: Mention `auth-source-pass-extra-query-keywords' in Emacs 29.1 package changes section. (Bug#58985.) Special thanks to Akib Azmain Turja <akib@disroot.org> for helping improve this patch.
2022-11-02 05:46:24 +00:00
(auth-source-pass-extra-query-keywords
(auth-source-pass--build-result-many host port user require max))
Fix auth-source-pass.el to properly handle special inputs * lisp/auth-source-pass.el (auth-source-pass-search): Warn when passing multiple hosts in SPEC. Early return and warn when passing a wildcard as host in SPEC. Early return when host is nil. * test/lisp/auth-source-pass-tests.el (auth-source-pass-any-host, auth-source-pass-undefined-host): Add corresponding tests.
2018-01-08 16:34:38 +00:00
(t
Fix auth-source-pass to return nil if no entry found * lisp/auth-source-pass.el (auth-source-pass-search): If there is no matching entry, auth-source-pass-search should return nil, not (nil). This lets auth-source fall back to other backends in the auth-sources list. * test/lisp/auth-source-pass-tests.el: Add corresponding test. Copyright-paperwork-exempt: yes
2018-11-02 21:51:59 +00:00
(when-let ((result (auth-source-pass--build-result host port user)))
(list result)))))
Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
lisp/auth-source-pass.el: Support multiple hosts in search spec * lisp/auth-source-pass.el (auth-source-pass-search): Accept a list of strings for argument HOST. (auth-source-pass--build-result): Rename argument HOST to HOSTS. Also return value "host" from entry if it exists. (auth-source-pass--find-match): Rename argument HOST to HOSTS. Iterate over each host in HOSTS. * test/lisp/auth-source-pass-tests.el: Add corresponding tests
2021-06-27 15:36:00 +00:00
(defun auth-source-pass--build-result (hosts port user)
"Build auth-source-pass entry matching HOSTS, PORT and USER.
HOSTS can be a string or a list of strings."
(let ((entry-data (auth-source-pass--find-match hosts user port)))
Minimize entry parsing in auth-source-pass Prior to this commit, while searching for the most applicable entry password-store entries were decrypted and parsed to ensure they were valid. The entries were parsed in the order they were found on the filesystem and all applicable entries would be decrypted and parsed, which varied based on the contents of the password-store and the entry to be found. This is fine when the GPG key is cached and each entry can be decrypted without user interaction. However, for security some people have their GPG on a hardware token like a Yubikey setup so that they have to touch a sensor on the toke for every cryptographic operation, in which case it becomes inconvenient as each attempt to find an entry requires a variable number of touches of the hardware token. The implementation already assumes that names which contain more of the information in the search key should be preferred so there is an ordering of preference of applicable entries. If the decrypt and parsing is removed from the initial identification of applicable entries in the store then in most cases a single decrypt and parse of the most preferred entry will suffice, improving the experience for hardware token users that require interaction with the token. This commit implements that strategy. It is in spirit a refactor of the existing code. * lisp/auth-source-pass.el (auth-source-pass--matching-entries): New function, generate an ordered list of regular expression matchers for all possible names that could be in the password-store for the entry to be found and then makes a pass over the password-store entry names accumulating the matching entries in a list after the regexp that matched. This implementation ensures the password-store entry list still only has to be scanned once. (auth-source-pass--find-match-unambiguous): Use it to obtain candidate entries and then parse them one by one until an entry containing the desired information is located. When complete, return the parsed data of the entry instead of the entry name so that the information can be used directly to construct the auth-source response. (auth-source-pass--build-result): Update accordingly. (auth-source-pass--find-match): Update docstring accordingly. (auth-source-pass--select-one-entry) (auth-source-pass--entry-valid-p) (auth-source-pass--find-all-by-entry-name) (auth-source-pass--find-one-by-entry-name): Remove. (auth-source-pass--select-from-entries) (auth-source-pass--accumulate-matches) (auth-source-pass--entry-reducer) (auth-source-pass--generate-entry-suffixes) (auth-source-pass--domains) (auth-source-pass--name-port-user-suffixes): New functions. * test/lisp/auth-source-pass-tests.el: One test case was added to the test suite to verify that only the minimal number of entries are parsed in common cases. The auth-source-pass-only-return-entries-that-can-be-open test case had to be re-implemented because the function it was used eliminated as the functionality is provided elsewhere. All the other fairly substantial changes to the test suite are the result of mechanical changes that were required to adapt to auth-source-pass--find-match returning the data from a parsed password-store entry instead of the entry name.
2019-05-06 03:21:43 +00:00
(when entry-data
(let ((retval (list
lisp/auth-source-pass.el: Support multiple hosts in search spec * lisp/auth-source-pass.el (auth-source-pass-search): Accept a list of strings for argument HOST. (auth-source-pass--build-result): Rename argument HOST to HOSTS. Also return value "host" from entry if it exists. (auth-source-pass--find-match): Rename argument HOST to HOSTS. Iterate over each host in HOSTS. * test/lisp/auth-source-pass-tests.el: Add corresponding tests
2021-06-27 15:36:00 +00:00
:host (auth-source-pass--get-attr "host" entry-data)
Minimize entry parsing in auth-source-pass Prior to this commit, while searching for the most applicable entry password-store entries were decrypted and parsed to ensure they were valid. The entries were parsed in the order they were found on the filesystem and all applicable entries would be decrypted and parsed, which varied based on the contents of the password-store and the entry to be found. This is fine when the GPG key is cached and each entry can be decrypted without user interaction. However, for security some people have their GPG on a hardware token like a Yubikey setup so that they have to touch a sensor on the toke for every cryptographic operation, in which case it becomes inconvenient as each attempt to find an entry requires a variable number of touches of the hardware token. The implementation already assumes that names which contain more of the information in the search key should be preferred so there is an ordering of preference of applicable entries. If the decrypt and parsing is removed from the initial identification of applicable entries in the store then in most cases a single decrypt and parse of the most preferred entry will suffice, improving the experience for hardware token users that require interaction with the token. This commit implements that strategy. It is in spirit a refactor of the existing code. * lisp/auth-source-pass.el (auth-source-pass--matching-entries): New function, generate an ordered list of regular expression matchers for all possible names that could be in the password-store for the entry to be found and then makes a pass over the password-store entry names accumulating the matching entries in a list after the regexp that matched. This implementation ensures the password-store entry list still only has to be scanned once. (auth-source-pass--find-match-unambiguous): Use it to obtain candidate entries and then parse them one by one until an entry containing the desired information is located. When complete, return the parsed data of the entry instead of the entry name so that the information can be used directly to construct the auth-source response. (auth-source-pass--build-result): Update accordingly. (auth-source-pass--find-match): Update docstring accordingly. (auth-source-pass--select-one-entry) (auth-source-pass--entry-valid-p) (auth-source-pass--find-all-by-entry-name) (auth-source-pass--find-one-by-entry-name): Remove. (auth-source-pass--select-from-entries) (auth-source-pass--accumulate-matches) (auth-source-pass--entry-reducer) (auth-source-pass--generate-entry-suffixes) (auth-source-pass--domains) (auth-source-pass--name-port-user-suffixes): New functions. * test/lisp/auth-source-pass-tests.el: One test case was added to the test suite to verify that only the minimal number of entries are parsed in common cases. The auth-source-pass-only-return-entries-that-can-be-open test case had to be re-implemented because the function it was used eliminated as the functionality is provided elsewhere. All the other fairly substantial changes to the test suite are the result of mechanical changes that were required to adapt to auth-source-pass--find-match returning the data from a parsed password-store entry instead of the entry name.
2019-05-06 03:21:43 +00:00
:port (or (auth-source-pass--get-attr "port" entry-data) port)
:user (or (auth-source-pass--get-attr "user" entry-data) user)
:secret (lambda () (auth-source-pass--get-attr 'secret entry-data)))))
Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
(auth-source-pass--do-debug "return %s as final result (plus hidden password)"
auth-source-pass: Add documentation; fix tests and indentation. * doc/misc/auth.texi: Document new integration with Pass. Use @itemize instead of @enumerate. * lisp/auth-source-pass.el: Fix indentation. (auth-source-pass--remove-directory-name): Remove. * test/lisp/auth-source-pass-tests.el: Adjust test macros.
2017-04-03 19:36:03 +00:00
(seq-subseq retval 0 -2)) ;; remove password
Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
retval))))
Make auth-source-pass behave more like other backends * lisp/auth-source-pass.el (auth-source-pass-extra-query-keywords): Add new option to bring search behavior more in line with other backends. (auth-source-pass-search): Add new keyword params `max' and `require' and consider new option `auth-source-pass-extra-query-keywords' for dispatch. (auth-source-pass--match-regexp, auth-source-pass--retrieve-parsed, auth-source-pass--match-parts): Add supporting variable and helpers. (auth-source-pass--build-result-many, auth-source-pass--find-match-many): Add "-many" variants for existing workhorse functions. * test/lisp/auth-source-pass-tests.el: Require `ert-x'. (auth-source-pass-can-start-from-auth-source-search): Ensure `auth-source-pass-extra-query-keywords' is enabled around test body. (auth-source-pass-extra-query-keywords--wild-port-miss-netrc, auth-source-pass-extra-query-keywords--wild-port-miss, auth-source-pass-extra-query-keywords--wild-port-hit-netrc, auth-source-pass-extra-query-keywords--wild-port-hit, auth-source-pass-extra-query-keywords--wild-port-req-miss-netrc, auth-source-pass-extra-query-keywords--wild-port-req-miss, auth-source-pass-extra-query-keywords--netrc-akib, auth-source-pass-extra-query-keywords--akib, auth-source-pass-extra-query-keywords--netrc-host, auth-source-pass-extra-query-keywords--host, auth-source-pass-extra-query-keywords--baseline, auth-source-pass-extra-query-keywords--port-type, auth-source-pass-extra-query-keywords--hosts-first, auth-source-pass-extra-query-keywords--ambiguous-user-host, auth-source-pass-extra-query-keywords--suffixed-user, auth-source-pass-extra-query-keywords--user-priorities): Add juxtaposed netrc and extra-query-keywords pairs to demo optional extra-compliant behavior. * doc/misc/auth.texi: Add option `auth-source-pass-extra-query-keywords' to auth-source-pass section. * etc/NEWS: Mention `auth-source-pass-extra-query-keywords' in Emacs 29.1 package changes section. (Bug#58985.) Special thanks to Akib Azmain Turja <akib@disroot.org> for helping improve this patch.
2022-11-02 05:46:24 +00:00
(defvar auth-source-pass--match-regexp nil)
(defun auth-source-pass--match-regexp (s)
(rx-to-string ; autoloaded
`(: (or bot "/")
Respect some spaces in auth-source-pass--match-regexp * lisp/auth-source-pass.el (auth-source-pass--match-regexp): Allow an entry's host and user fields to contain spaces, just like other backends do. * lisp/erc/erc-compat.el (erc-compat--29-auth-source-pass--retrieve-parsed): Change regexp to allow spaces in host and user components of file names. * test/lisp/auth-source-pass-tests.el (auth-source-pass-any-host): Silence warning message re wildcards emitted by `auth-source-pass-search'. (auth-source-pass-extra-query-keywords--suffixed-user): Add spaces to users and hosts of some example entries. (Bug#58985.)
2022-11-25 05:03:03 +00:00
(or (: (? (group-n 20 (+ (not (in ?/ ,s)))) "@") ; user prefix
(group-n 10 (+ (not (in ?/ ?@ ,s)))) ; host
(? ,s (group-n 30 (+ (not (in ?\s ?/ ,s)))))) ; port
(: (group-n 11 (+ (not (in ?/ ?@ ,s)))) ; host
(? ,s (group-n 31 (+ (not (in ?\s ?/ ,s))))) ; port
(? "/" (group-n 21 (+ (not (in ?/ ,s))))))) ; user suffix
Make auth-source-pass behave more like other backends * lisp/auth-source-pass.el (auth-source-pass-extra-query-keywords): Add new option to bring search behavior more in line with other backends. (auth-source-pass-search): Add new keyword params `max' and `require' and consider new option `auth-source-pass-extra-query-keywords' for dispatch. (auth-source-pass--match-regexp, auth-source-pass--retrieve-parsed, auth-source-pass--match-parts): Add supporting variable and helpers. (auth-source-pass--build-result-many, auth-source-pass--find-match-many): Add "-many" variants for existing workhorse functions. * test/lisp/auth-source-pass-tests.el: Require `ert-x'. (auth-source-pass-can-start-from-auth-source-search): Ensure `auth-source-pass-extra-query-keywords' is enabled around test body. (auth-source-pass-extra-query-keywords--wild-port-miss-netrc, auth-source-pass-extra-query-keywords--wild-port-miss, auth-source-pass-extra-query-keywords--wild-port-hit-netrc, auth-source-pass-extra-query-keywords--wild-port-hit, auth-source-pass-extra-query-keywords--wild-port-req-miss-netrc, auth-source-pass-extra-query-keywords--wild-port-req-miss, auth-source-pass-extra-query-keywords--netrc-akib, auth-source-pass-extra-query-keywords--akib, auth-source-pass-extra-query-keywords--netrc-host, auth-source-pass-extra-query-keywords--host, auth-source-pass-extra-query-keywords--baseline, auth-source-pass-extra-query-keywords--port-type, auth-source-pass-extra-query-keywords--hosts-first, auth-source-pass-extra-query-keywords--ambiguous-user-host, auth-source-pass-extra-query-keywords--suffixed-user, auth-source-pass-extra-query-keywords--user-priorities): Add juxtaposed netrc and extra-query-keywords pairs to demo optional extra-compliant behavior. * doc/misc/auth.texi: Add option `auth-source-pass-extra-query-keywords' to auth-source-pass section. * etc/NEWS: Mention `auth-source-pass-extra-query-keywords' in Emacs 29.1 package changes section. (Bug#58985.) Special thanks to Akib Azmain Turja <akib@disroot.org> for helping improve this patch.
2022-11-02 05:46:24 +00:00
eot)
'no-group))
(defun auth-source-pass--build-result-many (hosts ports users require max)
"Return multiple `auth-source-pass--build-result' values."
(unless (listp hosts) (setq hosts (list hosts)))
(unless (listp users) (setq users (list users)))
(unless (listp ports) (setq ports (list ports)))
(let* ((auth-source-pass--match-regexp (auth-source-pass--match-regexp
auth-source-pass-port-separator))
(rv (auth-source-pass--find-match-many hosts users ports
require (or max 1))))
(when auth-source-debug
(auth-source-pass--do-debug "final result: %S" rv))
(let (out)
(dolist (e rv out)
(when-let* ((s (plist-get e :secret)) ; not captured by closure in 29.1
(v (auth-source--obfuscate s)))
(setf (plist-get e :secret)
(lambda () (auth-source--deobfuscate v))))
(push e out)))))
Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
;;;###autoload
(defun auth-source-pass-enable ()
"Enable auth-source-password-store."
;; To add password-store to the list of sources, evaluate the following:
(add-to-list 'auth-sources 'password-store)
;; clear the cache (required after each change to #'auth-source-pass-search)
(auth-source-forget-all-cached))
(defvar auth-source-pass-backend
(auth-source-backend
Silence byte compiler warning in auth-source-pass * lisp/auth-source-pass.el (auth-source-pass-backend): Silence byte compiler warning by only passing a parameter to `auth-source-backend' in Emacs <= 25.
2018-02-12 19:28:20 +00:00
(when (<= emacs-major-version 25) "password-store")
Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
:source "." ;; not used
:type 'password-store
:search-function #'auth-source-pass-search)
"Auth-source backend for password-store.")
(defun auth-source-pass-backend-parse (entry)
"Create a password-store auth-source backend from ENTRY."
(when (eq entry 'password-store)
(auth-source-backend-parse-parameters entry auth-source-pass-backend)))
Make sure auth-source-pass is compatible with Emacs 25 * lisp/auth-source-pass.el: Use `advice-add' for Emacs 25 users as `auth-source-backend-parser-functions' does not exist there.
2018-03-26 04:28:17 +00:00
(if (boundp 'auth-source-backend-parser-functions)
(add-hook 'auth-source-backend-parser-functions #'auth-source-pass-backend-parse)
(advice-add 'auth-source-backend-parse :before-until #'auth-source-pass-backend-parse))
Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
* lisp/auth-source-pass.el (auth-source-pass-get): Add autoload
2018-11-06 13:45:20 +00:00
;;;###autoload
Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
(defun auth-source-pass-get (key entry)
"Return the value associated to KEY in the password-store entry ENTRY.
ENTRY is the name of a password-store entry.
The key used to retrieve the password is the symbol `secret'.
The convention used as the format for a password-store file is
; * lisp/auth-source-pass.el: Improve docstrings
2021-06-27 15:38:59 +00:00
the following (see URL `https://www.passwordstore.org/#organization'):
Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
secret
key1: value1
key2: value2"
(let ((data (auth-source-pass-parse-entry entry)))
Split out the attribute retrieval form auth-source-pass-get Eliminate the need to repeatedly retrieve and parse the data for the entry. This is generally a good thing since it eliminates repetitions of the same crypto and parsing operations. It is especially valuable when protecting an entry with a yubikey with touch required for crypto operations as it eliminates the need to touch the yubikey sensor for each attribute retrieved. * lisp/auth-source-pass.el (auth-source-pass-get): Extract some code to `auth-source-pass--get-attr'. (auth-source-pass--get-attr): New function to get a field value from a parsed entry. (auth-source-pass--build-result): Make use of `auth-source-pass--get-attr` to avoid repeated parsing.
2019-04-30 14:52:14 +00:00
(auth-source-pass--get-attr key data)))
(defun auth-source-pass--get-attr (key entry-data)
"Return value associated with KEY in an ENTRY-DATA.
ENTRY-DATA is the data from a parsed password-store entry.
The key used to retrieve the password is the symbol `secret'.
See `auth-source-pass-get'."
(or (cdr (assoc key entry-data))
(and (string= key "user")
(cdr (assoc "username" entry-data)))))
Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
(defun auth-source-pass--read-entry (entry)
"Return a string with the file content of ENTRY."
(with-temp-buffer
(insert-file-contents (expand-file-name
(format "%s.gpg" entry)
Add auth-source-pass-filename option * lisp/auth-source-pass.el (auth-source-pass) (auth-source-pass-filename): Add option to specify a customized password-store path. (auth-source-pass--read-entry) (auth-source-pass-entries): Use the new option instead of hard-coded `~/.password-store'.
2019-01-13 21:30:53 +00:00
auth-source-pass-filename))
Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
(buffer-substring-no-properties (point-min) (point-max))))
(defun auth-source-pass-parse-entry (entry)
"Return an alist of the data associated with ENTRY.
ENTRY is the name of a password-store entry."
(let ((file-contents (ignore-errors (auth-source-pass--read-entry entry))))
(and file-contents
(cons `(secret . ,(auth-source-pass--parse-secret file-contents))
(auth-source-pass--parse-data file-contents)))))
(defun auth-source-pass--parse-secret (contents)
"Parse the password-store data in the string CONTENTS and return its secret.
The secret is the first line of CONTENTS."
Fix more regular expression typos Problem reported by Mattias Engdegård in: https://lists.gnu.org/r/emacs-devel/2019-03/msg00548.html except that I didn’t address the issues involving Hebrew, or involving comint-prompt-regexp. * lisp/align.el (align-rules-list, align-exclude-rules-list): * lisp/auth-source-pass.el (auth-source-pass--parse-secret) (auth-source-pass--parse-data): * lisp/cedet/data-debug.el (data-debug-next) (data-debug-prev, data-debug-expand-or-contract): * lisp/comint.el (comint-within-quotes): * lisp/emacs-lisp/checkdoc.el (checkdoc-this-string-valid-engine): * lisp/emulation/viper-ex.el (ex-cmd-complete): * lisp/gnus/gnus-cite.el (gnus-message-search-citation-line): * lisp/gnus/nnir.el (nnir-imap-end-of-input): * lisp/mail/mail-extr.el (mail-extr-all-letters): * lisp/minibuffer.el (minibuffer-maybe-quote-filename): * lisp/nxml/rng-nxml.el (rng-complete-tag) (rng-complete-end-tag, rng-complete-attribute-name): * lisp/obsolete/vip.el (vip-get-ex-token, vip-get-ex-pat): * lisp/org/org-pcomplete.el (org-thing-at-point): * lisp/org/org.el (org-set-tags) (org-increase-number-at-point) (org-fill-line-break-nobreak-p): * lisp/pcomplete.el (pcomplete-parse-comint-arguments): * lisp/progmodes/ada-mode.el (ada-compile-goto-error): * lisp/progmodes/cperl-mode.el (cperl-highlight-charclass) (cperl-find-pods-heres, cperl-not-bad-style-regexp) (cperl-regext-to-level-start): * lisp/progmodes/ebnf-yac.el (ebnf-yac-skip-spaces): * lisp/progmodes/flymake-proc.el (flymake-proc-master-tex-init): * lisp/progmodes/flymake.el (flymake-diag-region): * lisp/progmodes/fortran.el (fortran-current-line-indentation): * lisp/progmodes/idlw-complete-structtag.el: (idlwave-complete-structure-tag): * lisp/progmodes/idlwave.el (idlwave-complete-sysvar-or-tag): * lisp/progmodes/prolog.el (prolog-pred-end) (prolog-clause-info): * lisp/progmodes/ruby-mode.el (ruby-forward-sexp) (ruby-backward-sexp): * lisp/progmodes/verilog-mode.el (verilog-repair-open-comma): * lisp/term.el (term-within-quotes): * lisp/textmodes/bib-mode.el (bib-capitalize-title-stop-words): * lisp/textmodes/refbib.el (r2b-capitalize-title-stop-words): * lisp/textmodes/reftex-parse.el (reftex-nth-arg): * lisp/textmodes/rst.el (rst-svn-rev): * lisp/url/url-http.el (url-http-parse-response): * test/lisp/progmodes/f90-tests.el (f90-test-bug3730): Fix regular expression typos.
2019-03-19 00:02:01 +00:00
(car (split-string contents "\n" t)))
Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
(defun auth-source-pass--parse-data (contents)
"Parse the password-store data in the string CONTENTS and return an alist.
CONTENTS is the contents of a password-store formatted file."
lisp/auth-source-pass.el: Keep legitimate spaces inside data Users should be able to store a field as follows: message: remember: Destroy the image and you will break the enemy and later, recover the message untouched, i.e.: "remember: Destroy the image and you will break the enemy" * lisp/auth-source-pass.el (auth-source-pass--parse-data): Preserve inner spaces at data. * test/lisp/auth-source-pass-tests.el (auth-source-pass-parse-with-colons-in-data): Add test.
2021-06-27 15:53:30 +00:00
(let ((lines (cdr (split-string contents "\n" t "[ \t]+"))))
Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
(seq-remove #'null
(mapcar (lambda (line)
lisp/auth-source-pass.el: Keep legitimate spaces inside data Users should be able to store a field as follows: message: remember: Destroy the image and you will break the enemy and later, recover the message untouched, i.e.: "remember: Destroy the image and you will break the enemy" * lisp/auth-source-pass.el (auth-source-pass--parse-data): Preserve inner spaces at data. * test/lisp/auth-source-pass-tests.el (auth-source-pass-parse-with-colons-in-data): Add test.
2021-06-27 15:53:30 +00:00
(when-let ((pos (seq-position line ?:)))
(cons (string-trim (substring line 0 pos))
(string-trim (substring line (1+ pos))))))
lines))))
Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
(defun auth-source-pass--do-debug (&rest msg)
; Fix symbol quoting typos
2021-09-12 16:33:03 +00:00
"Call `auth-source-do-debug' with MSG and a prefix."
Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
(apply #'auth-source-do-debug
Fix prefix messages of auth-source-pass debug messages * lisp/auth-source-pass.el (auth-source-pass--do-debug): Fix message prefix.
2018-03-23 08:16:25 +00:00
(cons (concat "auth-source-pass: " (car msg))
Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
(cdr msg))))
;; TODO: add tests for that when `assess-with-filesystem' is included
;; in Emacs
(defun auth-source-pass-entries ()
"Return a list of all password store entries."
Add auth-source-pass-filename option * lisp/auth-source-pass.el (auth-source-pass) (auth-source-pass-filename): Add option to specify a customized password-store path. (auth-source-pass--read-entry) (auth-source-pass-entries): Use the new option instead of hard-coded `~/.password-store'.
2019-01-13 21:30:53 +00:00
(let ((store-dir (expand-file-name auth-source-pass-filename)))
Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
(mapcar
(lambda (file) (file-name-sans-extension (file-relative-name file store-dir)))
Fix edge case errors in filename-matching regexps These changes fix actual or latent bugs in regexps that match file names, such as PATTERN arguments to 'directory-files'. See https://lists.gnu.org/archive/html/emacs-devel/2020-04/msg00265.html * admin/authors.el (authors-obsolete-files-regexps) (authors-renamed-files-regexps): * lisp/auth-source-pass.el (auth-source-pass-entries): * lisp/calendar/todo-mode.el (todo-show, todo-find-filtered-items-file) (todo-filter-items, todo-reset-nondiary-marker, todo-reset-done-string) (todo-reset-comment-string, todo-reset-highlight-item): * lisp/cedet/semantic/db-ebrowse.el (semanticdb-load-ebrowse-caches): * lisp/cedet/semantic/texi.el (semantic-texi-associated-files): * lisp/cedet/srecode/map.el (srecode-map-update-map): * lisp/dired.el (dired-re-no-dot): * lisp/emacs-lisp/autoload.el (update-directory-autoloads): * lisp/emacs-lisp/shadow.el (load-path-shadows-find): * lisp/files.el (auto-mode-alist, directory-files-no-dot-files-regexp): * lisp/finder.el (finder-compile-keywords): * lisp/generic-x.el (inetd-conf-generic-mode, named-boot-generic-mode) (resolve-conf-generic-mode, etc-modules-conf-generic-mode): * lisp/gnus/gnus-agent.el (gnus-agent-read-agentview) (gnus-agent-regenerate-group, gnus-agent-update-files-total-fetched-for): * lisp/gnus/gnus-cache.el (gnus-cache-articles-in-group): * lisp/gnus/gnus-score.el (gnus-score-search-global-directories): * lisp/gnus/gnus-util.el (gnus-delete-directory): * lisp/gnus/gnus-uu.el (gnus-uu-dir-files): * lisp/gnus/nndraft.el (nndraft-request-group): * lisp/gnus/nnmh.el (nnmh-request-group, nnmh-request-create-group): (nnmh-request-delete-group, nnmh-active-number, nnmh-update-gnus-unreads): * lisp/gnus/nnspool.el (nnspool-request-group): * lisp/gnus/spam-stat.el (spam-stat-process-directory) (spam-stat-test-directory): * lisp/help-fns.el (help-fns--first-release): * lisp/help.el (view-emacs-news): * lisp/international/quail.el (quail-update-leim-list-file): * lisp/international/titdic-cnv.el (batch-titdic-convert): * lisp/mail/mspools.el (mspools-set-vm-spool-files) (mspools-get-spool-files): * lisp/mail/rmail.el (rmail-secondary-file-regexp) (rmail-speedbar-match-folder-regexp): * lisp/net/ange-ftp.el (ange-ftp-delete-directory): * lisp/net/tramp.el (tramp-use-absolute-autoload-file-names): * lisp/obsolete/gulp.el (gulp-send-requests): * lisp/obsolete/vc-arch.el (vc-arch-trim-revlib): * lisp/org/ob-core.el (org-babel-remove-temporary-directory): * lisp/progmodes/ebnf2ps.el (ebnf-file-suffix-regexp, ebnf-style-database): * lisp/progmodes/executable.el (executable-command-find-posix-p): * lisp/startup.el (command-line): * lisp/textmodes/refer.el (refer-get-bib-files): * lisp/url/url-about.el (url-probe-protocols): * lisp/vc/vc-rcs.el (vc-rcs-register, vc-rcs-unregister): * test/lisp/net/tramp-archive-tests.el (tramp-archive-test19-directory-files-and-attributes): * test/lisp/net/tramp-tests.el (tramp-test19-directory-files-and-attributes): Replace ^ and $ with \` and \', respectively. Use (rx (or (not ".") "...")), translated into "[^.]\\|\\.\\.\\.", to match anything but "." and "..", instead of several incorrect regexps.
2020-04-14 10:17:40 +00:00
(directory-files-recursively store-dir "\\.gpg\\'"))))
Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
lisp/auth-source-pass.el: Support multiple hosts in search spec * lisp/auth-source-pass.el (auth-source-pass-search): Accept a list of strings for argument HOST. (auth-source-pass--build-result): Rename argument HOST to HOSTS. Also return value "host" from entry if it exists. (auth-source-pass--find-match): Rename argument HOST to HOSTS. Iterate over each host in HOSTS. * test/lisp/auth-source-pass-tests.el: Add corresponding tests
2021-06-27 15:36:00 +00:00
(defun auth-source-pass--find-match (hosts user port)
"Return password-store entry data matching HOSTS, USER and PORT.
Disambiguate between user provided inside HOSTS (e.g., user@server.com) and
inside USER by giving priority to USER. Same for PORT.
HOSTS can be a string or a list of strings."
(seq-some (lambda (host)
(let ((entry (apply #'auth-source-pass--find-match-unambiguous
(auth-source-pass--disambiguate host user port))))
(if (or (null entry) (assoc "host" entry))
entry
(cons (cons "host" host) entry))))
(if (listp hosts)
hosts
(list hosts))))
Refactoring of auth-source-pass * lisp/auth-source-pass.el (auth-source-pass--find-match): Refactor by moving some code to auth-source-pass--disambiguate. (auth-source-pass--disambiguate) (auth-source-pass--entries-matching-suffix): New function. (auth-source-pass--find-match-unambiguous) (auth-source-pass--select-from-entries) (auth-source-pass--entry-reducer): Refactor to simplify and improve logging. (auth-source-pass--matching-entries) (auth-source-pass--accumulate-matches): Remove. * test/lisp/auth-source-pass-tests.el: Complete rewrite to facilitate maintenance. (auth-source-pass--have-message-containing): Remove. (auth-source-pass--have-message-matching) (auth-source-pass--explain--have-message-matching) (auth-source-pass--explain-match-entry-p) (auth-source-pass--includes-sorted-entries) (auth-source-pass--explain-includes-sorted-entries) (auth-source-pass--explain-match-any-entry-p) (auth-source-pass--matching-entries) (auth-source-pass-match-entry-p) (auth-source-pass-match-any-entry-p): New function.
2019-05-14 03:50:59 +00:00
Make auth-source-pass behave more like other backends * lisp/auth-source-pass.el (auth-source-pass-extra-query-keywords): Add new option to bring search behavior more in line with other backends. (auth-source-pass-search): Add new keyword params `max' and `require' and consider new option `auth-source-pass-extra-query-keywords' for dispatch. (auth-source-pass--match-regexp, auth-source-pass--retrieve-parsed, auth-source-pass--match-parts): Add supporting variable and helpers. (auth-source-pass--build-result-many, auth-source-pass--find-match-many): Add "-many" variants for existing workhorse functions. * test/lisp/auth-source-pass-tests.el: Require `ert-x'. (auth-source-pass-can-start-from-auth-source-search): Ensure `auth-source-pass-extra-query-keywords' is enabled around test body. (auth-source-pass-extra-query-keywords--wild-port-miss-netrc, auth-source-pass-extra-query-keywords--wild-port-miss, auth-source-pass-extra-query-keywords--wild-port-hit-netrc, auth-source-pass-extra-query-keywords--wild-port-hit, auth-source-pass-extra-query-keywords--wild-port-req-miss-netrc, auth-source-pass-extra-query-keywords--wild-port-req-miss, auth-source-pass-extra-query-keywords--netrc-akib, auth-source-pass-extra-query-keywords--akib, auth-source-pass-extra-query-keywords--netrc-host, auth-source-pass-extra-query-keywords--host, auth-source-pass-extra-query-keywords--baseline, auth-source-pass-extra-query-keywords--port-type, auth-source-pass-extra-query-keywords--hosts-first, auth-source-pass-extra-query-keywords--ambiguous-user-host, auth-source-pass-extra-query-keywords--suffixed-user, auth-source-pass-extra-query-keywords--user-priorities): Add juxtaposed netrc and extra-query-keywords pairs to demo optional extra-compliant behavior. * doc/misc/auth.texi: Add option `auth-source-pass-extra-query-keywords' to auth-source-pass section. * etc/NEWS: Mention `auth-source-pass-extra-query-keywords' in Emacs 29.1 package changes section. (Bug#58985.) Special thanks to Akib Azmain Turja <akib@disroot.org> for helping improve this patch.
2022-11-02 05:46:24 +00:00
(defun auth-source-pass--retrieve-parsed (seen path port-number-p)
(when (string-match auth-source-pass--match-regexp path)
(puthash path
`( :host ,(or (match-string 10 path) (match-string 11 path))
,@(if-let* ((tr (match-string 21 path)))
(list :user tr :suffix t)
(list :user (match-string 20 path)))
:port ,(and-let* ((p (or (match-string 30 path)
(match-string 31 path)))
(n (string-to-number p)))
(if (or (zerop n) (not port-number-p))
(format "%s" p)
n)))
seen)))
(defun auth-source-pass--match-parts (parts key value require)
(let ((mv (plist-get parts key)))
(if (memq key require)
(and value (equal mv value))
(or (not value) (not mv) (equal mv value)))))
(defun auth-source-pass--find-match-many (hosts users ports require max)
"Return plists for valid combinations of HOSTS, USERS, PORTS."
(let ((seen (make-hash-table :test #'equal))
(entries (auth-source-pass-entries))
out suffixed suffixedp)
(catch 'done
(dolist (host hosts out)
(pcase-let ((`(,_ ,u ,p) (auth-source-pass--disambiguate host)))
(unless (or (not (equal "443" p)) (string-prefix-p "https://" host))
(setq p nil))
(dolist (user (or users (list u)))
(dolist (port (or ports (list p)))
(dolist (e entries)
(when-let*
((m (or (gethash e seen) (auth-source-pass--retrieve-parsed
seen e (integerp port))))
((equal host (plist-get m :host)))
((auth-source-pass--match-parts m :port port require))
((auth-source-pass--match-parts m :user user require))
(parsed (auth-source-pass-parse-entry e))
;; For now, ignore body-content pairs, if any,
;; from `auth-source-pass--parse-data'.
(secret (or (auth-source-pass--get-attr 'secret parsed)
(not (memq :secret require)))))
(push
`( :host ,host ; prefer user-provided :host over h
,@(and-let* ((u (plist-get m :user))) (list :user u))
,@(and-let* ((p (plist-get m :port))) (list :port p))
,@(and secret (not (eq secret t)) (list :secret secret)))
(if (setq suffixedp (plist-get m :suffix)) suffixed out))
(unless suffixedp
(when (or (zerop (cl-decf max))
(null (setq entries (delete e entries))))
(throw 'done out)))))
(setq suffixed (nreverse suffixed))
(while suffixed
(push (pop suffixed) out)
(when (zerop (cl-decf max))
(throw 'done out))))))))))
Refactoring of auth-source-pass * lisp/auth-source-pass.el (auth-source-pass--find-match): Refactor by moving some code to auth-source-pass--disambiguate. (auth-source-pass--disambiguate) (auth-source-pass--entries-matching-suffix): New function. (auth-source-pass--find-match-unambiguous) (auth-source-pass--select-from-entries) (auth-source-pass--entry-reducer): Refactor to simplify and improve logging. (auth-source-pass--matching-entries) (auth-source-pass--accumulate-matches): Remove. * test/lisp/auth-source-pass-tests.el: Complete rewrite to facilitate maintenance. (auth-source-pass--have-message-containing): Remove. (auth-source-pass--have-message-matching) (auth-source-pass--explain--have-message-matching) (auth-source-pass--explain-match-entry-p) (auth-source-pass--includes-sorted-entries) (auth-source-pass--explain-includes-sorted-entries) (auth-source-pass--explain-match-any-entry-p) (auth-source-pass--matching-entries) (auth-source-pass-match-entry-p) (auth-source-pass-match-any-entry-p): New function.
2019-05-14 03:50:59 +00:00
(defun auth-source-pass--disambiguate (host &optional user port)
"Return (HOST USER PORT) after disambiguation.
Disambiguate between having user provided inside HOST (e.g.,
user@server.com) and inside USER by giving priority to USER.
Same for PORT."
auth-source-pass: Take care of matching hosts when port is provided * lisp/auth-source-pass.el (auth-source-pass--find-match): Add PORT parameter and reorganize code by extracting `find-match-unambiguous'. (auth-source-pass--find-match-unambiguous): New function. (auth-source-pass--build-result): Fix the call to `find-match'. (auth-source-pass--hostname, auth-source-pass--hostname-with-user, auth-source-pass--user): Remove functions. * test/lisp/auth-source-pass-tests.el: Fix the calls to `find-match'. (auth-source-pass-find-host-without-port) Add corresponding test.
2017-11-09 09:40:19 +00:00
(let* ((url (url-generic-parse-url (if (string-match-p ".*://" host)
host
(format "https://%s" host)))))
Refactoring of auth-source-pass * lisp/auth-source-pass.el (auth-source-pass--find-match): Refactor by moving some code to auth-source-pass--disambiguate. (auth-source-pass--disambiguate) (auth-source-pass--entries-matching-suffix): New function. (auth-source-pass--find-match-unambiguous) (auth-source-pass--select-from-entries) (auth-source-pass--entry-reducer): Refactor to simplify and improve logging. (auth-source-pass--matching-entries) (auth-source-pass--accumulate-matches): Remove. * test/lisp/auth-source-pass-tests.el: Complete rewrite to facilitate maintenance. (auth-source-pass--have-message-containing): Remove. (auth-source-pass--have-message-matching) (auth-source-pass--explain--have-message-matching) (auth-source-pass--explain-match-entry-p) (auth-source-pass--includes-sorted-entries) (auth-source-pass--explain-includes-sorted-entries) (auth-source-pass--explain-match-any-entry-p) (auth-source-pass--matching-entries) (auth-source-pass-match-entry-p) (auth-source-pass-match-any-entry-p): New function.
2019-05-14 03:50:59 +00:00
(list
auth-source-pass: Take care of matching hosts when port is provided * lisp/auth-source-pass.el (auth-source-pass--find-match): Add PORT parameter and reorganize code by extracting `find-match-unambiguous'. (auth-source-pass--find-match-unambiguous): New function. (auth-source-pass--build-result): Fix the call to `find-match'. (auth-source-pass--hostname, auth-source-pass--hostname-with-user, auth-source-pass--user): Remove functions. * test/lisp/auth-source-pass-tests.el: Fix the calls to `find-match'. (auth-source-pass-find-host-without-port) Add corresponding test.
2017-11-09 09:40:19 +00:00
(or (url-host url) host)
(or user (url-user url))
;; url-port returns 443 (because of the https:// above) by default
(or port (number-to-string (url-port url))))))
(defun auth-source-pass--find-match-unambiguous (hostname user port)
Minimize entry parsing in auth-source-pass Prior to this commit, while searching for the most applicable entry password-store entries were decrypted and parsed to ensure they were valid. The entries were parsed in the order they were found on the filesystem and all applicable entries would be decrypted and parsed, which varied based on the contents of the password-store and the entry to be found. This is fine when the GPG key is cached and each entry can be decrypted without user interaction. However, for security some people have their GPG on a hardware token like a Yubikey setup so that they have to touch a sensor on the toke for every cryptographic operation, in which case it becomes inconvenient as each attempt to find an entry requires a variable number of touches of the hardware token. The implementation already assumes that names which contain more of the information in the search key should be preferred so there is an ordering of preference of applicable entries. If the decrypt and parsing is removed from the initial identification of applicable entries in the store then in most cases a single decrypt and parse of the most preferred entry will suffice, improving the experience for hardware token users that require interaction with the token. This commit implements that strategy. It is in spirit a refactor of the existing code. * lisp/auth-source-pass.el (auth-source-pass--matching-entries): New function, generate an ordered list of regular expression matchers for all possible names that could be in the password-store for the entry to be found and then makes a pass over the password-store entry names accumulating the matching entries in a list after the regexp that matched. This implementation ensures the password-store entry list still only has to be scanned once. (auth-source-pass--find-match-unambiguous): Use it to obtain candidate entries and then parse them one by one until an entry containing the desired information is located. When complete, return the parsed data of the entry instead of the entry name so that the information can be used directly to construct the auth-source response. (auth-source-pass--build-result): Update accordingly. (auth-source-pass--find-match): Update docstring accordingly. (auth-source-pass--select-one-entry) (auth-source-pass--entry-valid-p) (auth-source-pass--find-all-by-entry-name) (auth-source-pass--find-one-by-entry-name): Remove. (auth-source-pass--select-from-entries) (auth-source-pass--accumulate-matches) (auth-source-pass--entry-reducer) (auth-source-pass--generate-entry-suffixes) (auth-source-pass--domains) (auth-source-pass--name-port-user-suffixes): New functions. * test/lisp/auth-source-pass-tests.el: One test case was added to the test suite to verify that only the minimal number of entries are parsed in common cases. The auth-source-pass-only-return-entries-that-can-be-open test case had to be re-implemented because the function it was used eliminated as the functionality is provided elsewhere. All the other fairly substantial changes to the test suite are the result of mechanical changes that were required to adapt to auth-source-pass--find-match returning the data from a parsed password-store entry instead of the entry name.
2019-05-06 03:21:43 +00:00
"Return password-store entry data matching HOSTNAME, USER and PORT.
auth-source-pass: Take care of matching hosts when port is provided * lisp/auth-source-pass.el (auth-source-pass--find-match): Add PORT parameter and reorganize code by extracting `find-match-unambiguous'. (auth-source-pass--find-match-unambiguous): New function. (auth-source-pass--build-result): Fix the call to `find-match'. (auth-source-pass--hostname, auth-source-pass--hostname-with-user, auth-source-pass--user): Remove functions. * test/lisp/auth-source-pass-tests.el: Fix the calls to `find-match'. (auth-source-pass-find-host-without-port) Add corresponding test.
2017-11-09 09:40:19 +00:00
If many matches are found, return the first one. If no match is found,
return nil.
HOSTNAME should not contain any username or port number."
Refactoring of auth-source-pass * lisp/auth-source-pass.el (auth-source-pass--find-match): Refactor by moving some code to auth-source-pass--disambiguate. (auth-source-pass--disambiguate) (auth-source-pass--entries-matching-suffix): New function. (auth-source-pass--find-match-unambiguous) (auth-source-pass--select-from-entries) (auth-source-pass--entry-reducer): Refactor to simplify and improve logging. (auth-source-pass--matching-entries) (auth-source-pass--accumulate-matches): Remove. * test/lisp/auth-source-pass-tests.el: Complete rewrite to facilitate maintenance. (auth-source-pass--have-message-containing): Remove. (auth-source-pass--have-message-matching) (auth-source-pass--explain--have-message-matching) (auth-source-pass--explain-match-entry-p) (auth-source-pass--includes-sorted-entries) (auth-source-pass--explain-includes-sorted-entries) (auth-source-pass--explain-match-any-entry-p) (auth-source-pass--matching-entries) (auth-source-pass-match-entry-p) (auth-source-pass-match-any-entry-p): New function.
2019-05-14 03:50:59 +00:00
(let ((all-entries (auth-source-pass-entries))
(suffixes (auth-source-pass--generate-entry-suffixes hostname user port)))
(auth-source-pass--do-debug "searching for entries matching hostname=%S, user=%S, port=%S"
hostname (or user "") (or port ""))
(auth-source-pass--do-debug "corresponding suffixes to search for: %S" suffixes)
(catch 'auth-source-pass-break
(dolist (suffix suffixes)
(let* ((matching-entries (auth-source-pass--entries-matching-suffix suffix all-entries))
(best-entry-data (auth-source-pass--select-from-entries matching-entries user)))
(pcase (length matching-entries)
(0 (auth-source-pass--do-debug "found no entries matching %S" suffix))
(1 (auth-source-pass--do-debug "found 1 entry matching %S: %S"
suffix
(car matching-entries)))
(_ (auth-source-pass--do-debug "found %s entries matching %S: %S"
(length matching-entries)
suffix
matching-entries)))
(when best-entry-data
(throw 'auth-source-pass-break best-entry-data)))))))
Minimize entry parsing in auth-source-pass Prior to this commit, while searching for the most applicable entry password-store entries were decrypted and parsed to ensure they were valid. The entries were parsed in the order they were found on the filesystem and all applicable entries would be decrypted and parsed, which varied based on the contents of the password-store and the entry to be found. This is fine when the GPG key is cached and each entry can be decrypted without user interaction. However, for security some people have their GPG on a hardware token like a Yubikey setup so that they have to touch a sensor on the toke for every cryptographic operation, in which case it becomes inconvenient as each attempt to find an entry requires a variable number of touches of the hardware token. The implementation already assumes that names which contain more of the information in the search key should be preferred so there is an ordering of preference of applicable entries. If the decrypt and parsing is removed from the initial identification of applicable entries in the store then in most cases a single decrypt and parse of the most preferred entry will suffice, improving the experience for hardware token users that require interaction with the token. This commit implements that strategy. It is in spirit a refactor of the existing code. * lisp/auth-source-pass.el (auth-source-pass--matching-entries): New function, generate an ordered list of regular expression matchers for all possible names that could be in the password-store for the entry to be found and then makes a pass over the password-store entry names accumulating the matching entries in a list after the regexp that matched. This implementation ensures the password-store entry list still only has to be scanned once. (auth-source-pass--find-match-unambiguous): Use it to obtain candidate entries and then parse them one by one until an entry containing the desired information is located. When complete, return the parsed data of the entry instead of the entry name so that the information can be used directly to construct the auth-source response. (auth-source-pass--build-result): Update accordingly. (auth-source-pass--find-match): Update docstring accordingly. (auth-source-pass--select-one-entry) (auth-source-pass--entry-valid-p) (auth-source-pass--find-all-by-entry-name) (auth-source-pass--find-one-by-entry-name): Remove. (auth-source-pass--select-from-entries) (auth-source-pass--accumulate-matches) (auth-source-pass--entry-reducer) (auth-source-pass--generate-entry-suffixes) (auth-source-pass--domains) (auth-source-pass--name-port-user-suffixes): New functions. * test/lisp/auth-source-pass-tests.el: One test case was added to the test suite to verify that only the minimal number of entries are parsed in common cases. The auth-source-pass-only-return-entries-that-can-be-open test case had to be re-implemented because the function it was used eliminated as the functionality is provided elsewhere. All the other fairly substantial changes to the test suite are the result of mechanical changes that were required to adapt to auth-source-pass--find-match returning the data from a parsed password-store entry instead of the entry name.
2019-05-06 03:21:43 +00:00
(defun auth-source-pass--select-from-entries (entries user)
"Return best matching password-store entry data from ENTRIES.
lisp/*.el, src/*.c: Fix typos in docstrings * lisp/apropos.el (apropos-do-all): * lisp/auth-source-pass.el (auth-source-pass--select-from-entries): * lisp/auth-source.el (auth-source-user-or-password): * lisp/calc/calc-forms.el (math-tzone-names): * lisp/calendar/diary-lib.el (diary-face-attrs) (diary-mark-entries-1): * lisp/cedet/cedet-files.el (cedet-files-list-recursively): * lisp/cedet/ede.el (ede-constructing, ede-deep-rescan): * lisp/cedet/ede/cpp-root.el (ede-cpp-root-header-file-p): * lisp/cedet/ede/proj.el (ede-proj-target-makefile): * lisp/cedet/inversion.el (inversion-check-version) (inversion-test): * lisp/cedet/mode-local.el (mode-local-map-file-buffers): * lisp/cedet/semantic/complete.el (semantic-displayer-ghost): * lisp/cedet/semantic/db-find.el (semanticdb-find-translate-path-default): * lisp/cedet/semantic/db.el (semanticdb-table) (semanticdb-search-system-databases): * lisp/cedet/semantic/imenu.el (semantic-imenu-index-directory): * lisp/cedet/semantic/java.el (semantic-java-doc-keywords-map): * lisp/cedet/semantic/lex-spp.el (semantic-lex-spp-use-headers-flag): * lisp/cedet/semantic/lex.el (semantic-lex-make-keyword-table) (semantic-lex-make-type-table, semantic-lex-debug-analyzers): * lisp/cedet/semantic/tag-ls.el (semantic-tag-abstract-p) (semantic-tag-leaf-p, semantic-tag-static-p) (semantic-tag-prototype-p): * lisp/dnd.el (dnd-open-remote-file-function, dnd-open-local-file): * lisp/emacs-lisp/eieio-opt.el (eieio-build-class-alist) (eieio-read-class, eieio-read-subclass): * lisp/emacs-lisp/generator.el (cps--replace-variable-references) (cps--handle-loop-for): * lisp/erc/erc-dcc.el (erc-dcc-list, erc-dcc-member, erc-dcc-server) (erc-dcc-auto-mask-p, erc-dcc-get-file, erc-dcc-chat-accept): * lisp/eshell/em-pred.el (eshell-pred-file-type): * lisp/faces.el (defined-colors-with-face-attributes): * lisp/font-core.el (font-lock-mode): * lisp/frame.el (frame-restack): * lisp/net/shr.el (shr-image-animate): * lisp/org/org-agenda.el (org-agenda-change-all-lines) (org-agenda-today-p): * lisp/org/org-id.el (org-id-get): * lisp/org/org.el (org-highlight-latex-and-related) (org--valid-property-p): * lisp/org/ox-beamer.el (org-beamer--get-label): * lisp/org/ox-latex.el (org-latex--caption-above-p): * lisp/org/ox-odt.el (org-odt--copy-image-file) (org-odt--copy-formula-file): * lisp/org/ox.el (org-export-with-timestamps): * lisp/progmodes/verilog-mode.el (verilog-indent-declaration-macros): * lisp/ses.el (ses-file-format-extend-parameter-list): * lisp/term.el (ansi-term): * lisp/textmodes/bibtex.el (bibtex-no-opt-remove-re) (bibtex-beginning-of-first-entry, bibtex-autokey-get-title) (bibtex-read-key, bibtex-initialize): * lisp/textmodes/flyspell.el (flyspell-word): * lisp/view.el (view-mode-exit): * src/composite.c: * src/floatfns.c (Fisnan): Fix typos in docstrings.
2019-09-19 02:32:25 +00:00
If USER is non-nil, give precedence to entries containing a user field
Minimize entry parsing in auth-source-pass Prior to this commit, while searching for the most applicable entry password-store entries were decrypted and parsed to ensure they were valid. The entries were parsed in the order they were found on the filesystem and all applicable entries would be decrypted and parsed, which varied based on the contents of the password-store and the entry to be found. This is fine when the GPG key is cached and each entry can be decrypted without user interaction. However, for security some people have their GPG on a hardware token like a Yubikey setup so that they have to touch a sensor on the toke for every cryptographic operation, in which case it becomes inconvenient as each attempt to find an entry requires a variable number of touches of the hardware token. The implementation already assumes that names which contain more of the information in the search key should be preferred so there is an ordering of preference of applicable entries. If the decrypt and parsing is removed from the initial identification of applicable entries in the store then in most cases a single decrypt and parse of the most preferred entry will suffice, improving the experience for hardware token users that require interaction with the token. This commit implements that strategy. It is in spirit a refactor of the existing code. * lisp/auth-source-pass.el (auth-source-pass--matching-entries): New function, generate an ordered list of regular expression matchers for all possible names that could be in the password-store for the entry to be found and then makes a pass over the password-store entry names accumulating the matching entries in a list after the regexp that matched. This implementation ensures the password-store entry list still only has to be scanned once. (auth-source-pass--find-match-unambiguous): Use it to obtain candidate entries and then parse them one by one until an entry containing the desired information is located. When complete, return the parsed data of the entry instead of the entry name so that the information can be used directly to construct the auth-source response. (auth-source-pass--build-result): Update accordingly. (auth-source-pass--find-match): Update docstring accordingly. (auth-source-pass--select-one-entry) (auth-source-pass--entry-valid-p) (auth-source-pass--find-all-by-entry-name) (auth-source-pass--find-one-by-entry-name): Remove. (auth-source-pass--select-from-entries) (auth-source-pass--accumulate-matches) (auth-source-pass--entry-reducer) (auth-source-pass--generate-entry-suffixes) (auth-source-pass--domains) (auth-source-pass--name-port-user-suffixes): New functions. * test/lisp/auth-source-pass-tests.el: One test case was added to the test suite to verify that only the minimal number of entries are parsed in common cases. The auth-source-pass-only-return-entries-that-can-be-open test case had to be re-implemented because the function it was used eliminated as the functionality is provided elsewhere. All the other fairly substantial changes to the test suite are the result of mechanical changes that were required to adapt to auth-source-pass--find-match returning the data from a parsed password-store entry instead of the entry name.
2019-05-06 03:21:43 +00:00
matching USER."
Refactoring of auth-source-pass * lisp/auth-source-pass.el (auth-source-pass--find-match): Refactor by moving some code to auth-source-pass--disambiguate. (auth-source-pass--disambiguate) (auth-source-pass--entries-matching-suffix): New function. (auth-source-pass--find-match-unambiguous) (auth-source-pass--select-from-entries) (auth-source-pass--entry-reducer): Refactor to simplify and improve logging. (auth-source-pass--matching-entries) (auth-source-pass--accumulate-matches): Remove. * test/lisp/auth-source-pass-tests.el: Complete rewrite to facilitate maintenance. (auth-source-pass--have-message-containing): Remove. (auth-source-pass--have-message-matching) (auth-source-pass--explain--have-message-matching) (auth-source-pass--explain-match-entry-p) (auth-source-pass--includes-sorted-entries) (auth-source-pass--explain-includes-sorted-entries) (auth-source-pass--explain-match-any-entry-p) (auth-source-pass--matching-entries) (auth-source-pass-match-entry-p) (auth-source-pass-match-any-entry-p): New function.
2019-05-14 03:50:59 +00:00
(let (fallback)
(catch 'auth-source-pass-break
(dolist (entry entries fallback)
(let ((entry-data (auth-source-pass-parse-entry entry)))
(when (and entry-data (not fallback))
(setq fallback entry-data)
(when (or (not user) (equal (auth-source-pass--get-attr "user" entry-data) user))
(throw 'auth-source-pass-break entry-data))))))))
(defun auth-source-pass--entries-matching-suffix (suffix entries)
"Return entries matching SUFFIX.
If ENTRIES is nil, use the result of calling `auth-source-pass-entries' instead."
(cl-remove-if-not
(lambda (entry) (string-match-p
(format "\\(^\\|/\\)%s$" (regexp-quote suffix))
entry))
(or entries (auth-source-pass-entries))))
Minimize entry parsing in auth-source-pass Prior to this commit, while searching for the most applicable entry password-store entries were decrypted and parsed to ensure they were valid. The entries were parsed in the order they were found on the filesystem and all applicable entries would be decrypted and parsed, which varied based on the contents of the password-store and the entry to be found. This is fine when the GPG key is cached and each entry can be decrypted without user interaction. However, for security some people have their GPG on a hardware token like a Yubikey setup so that they have to touch a sensor on the toke for every cryptographic operation, in which case it becomes inconvenient as each attempt to find an entry requires a variable number of touches of the hardware token. The implementation already assumes that names which contain more of the information in the search key should be preferred so there is an ordering of preference of applicable entries. If the decrypt and parsing is removed from the initial identification of applicable entries in the store then in most cases a single decrypt and parse of the most preferred entry will suffice, improving the experience for hardware token users that require interaction with the token. This commit implements that strategy. It is in spirit a refactor of the existing code. * lisp/auth-source-pass.el (auth-source-pass--matching-entries): New function, generate an ordered list of regular expression matchers for all possible names that could be in the password-store for the entry to be found and then makes a pass over the password-store entry names accumulating the matching entries in a list after the regexp that matched. This implementation ensures the password-store entry list still only has to be scanned once. (auth-source-pass--find-match-unambiguous): Use it to obtain candidate entries and then parse them one by one until an entry containing the desired information is located. When complete, return the parsed data of the entry instead of the entry name so that the information can be used directly to construct the auth-source response. (auth-source-pass--build-result): Update accordingly. (auth-source-pass--find-match): Update docstring accordingly. (auth-source-pass--select-one-entry) (auth-source-pass--entry-valid-p) (auth-source-pass--find-all-by-entry-name) (auth-source-pass--find-one-by-entry-name): Remove. (auth-source-pass--select-from-entries) (auth-source-pass--accumulate-matches) (auth-source-pass--entry-reducer) (auth-source-pass--generate-entry-suffixes) (auth-source-pass--domains) (auth-source-pass--name-port-user-suffixes): New functions. * test/lisp/auth-source-pass-tests.el: One test case was added to the test suite to verify that only the minimal number of entries are parsed in common cases. The auth-source-pass-only-return-entries-that-can-be-open test case had to be re-implemented because the function it was used eliminated as the functionality is provided elsewhere. All the other fairly substantial changes to the test suite are the result of mechanical changes that were required to adapt to auth-source-pass--find-match returning the data from a parsed password-store entry instead of the entry name.
2019-05-06 03:21:43 +00:00
(defun auth-source-pass--generate-entry-suffixes (hostname user port)
"Return a list of possible entry path suffixes in the password-store.
; * lisp/auth-source-pass.el: Improve docstrings
2021-06-27 15:38:59 +00:00
Based on the supported filename patterns for HOSTNAME, USER, &
Minimize entry parsing in auth-source-pass Prior to this commit, while searching for the most applicable entry password-store entries were decrypted and parsed to ensure they were valid. The entries were parsed in the order they were found on the filesystem and all applicable entries would be decrypted and parsed, which varied based on the contents of the password-store and the entry to be found. This is fine when the GPG key is cached and each entry can be decrypted without user interaction. However, for security some people have their GPG on a hardware token like a Yubikey setup so that they have to touch a sensor on the toke for every cryptographic operation, in which case it becomes inconvenient as each attempt to find an entry requires a variable number of touches of the hardware token. The implementation already assumes that names which contain more of the information in the search key should be preferred so there is an ordering of preference of applicable entries. If the decrypt and parsing is removed from the initial identification of applicable entries in the store then in most cases a single decrypt and parse of the most preferred entry will suffice, improving the experience for hardware token users that require interaction with the token. This commit implements that strategy. It is in spirit a refactor of the existing code. * lisp/auth-source-pass.el (auth-source-pass--matching-entries): New function, generate an ordered list of regular expression matchers for all possible names that could be in the password-store for the entry to be found and then makes a pass over the password-store entry names accumulating the matching entries in a list after the regexp that matched. This implementation ensures the password-store entry list still only has to be scanned once. (auth-source-pass--find-match-unambiguous): Use it to obtain candidate entries and then parse them one by one until an entry containing the desired information is located. When complete, return the parsed data of the entry instead of the entry name so that the information can be used directly to construct the auth-source response. (auth-source-pass--build-result): Update accordingly. (auth-source-pass--find-match): Update docstring accordingly. (auth-source-pass--select-one-entry) (auth-source-pass--entry-valid-p) (auth-source-pass--find-all-by-entry-name) (auth-source-pass--find-one-by-entry-name): Remove. (auth-source-pass--select-from-entries) (auth-source-pass--accumulate-matches) (auth-source-pass--entry-reducer) (auth-source-pass--generate-entry-suffixes) (auth-source-pass--domains) (auth-source-pass--name-port-user-suffixes): New functions. * test/lisp/auth-source-pass-tests.el: One test case was added to the test suite to verify that only the minimal number of entries are parsed in common cases. The auth-source-pass-only-return-entries-that-can-be-open test case had to be re-implemented because the function it was used eliminated as the functionality is provided elsewhere. All the other fairly substantial changes to the test suite are the result of mechanical changes that were required to adapt to auth-source-pass--find-match returning the data from a parsed password-store entry instead of the entry name.
2019-05-06 03:21:43 +00:00
PORT, return a list of possible suffixes for matching entries in
Make auth-source-pass-search understand port lists For cases such as a typical IMAP Gnus setup, auto-source-pass-search is passed a list of "port aliases" like (993 "imaps" "imap" "993" "143") in hopes of finding a matching ~/.password-store entry. This modification makes this library understand and unroll the port list so that, i.e. "domain:993", "domain:imaps"", "domain:imap", etc. are computed as potential suffixes. Previously a nonsensical string "domain:(993 imaps imap ...)" was returned. * lisp/auth-source-pass.el (auth-source-pass--generate-entry-suffixes): Allow PORT to be a list of ports.
2019-11-20 00:11:00 +00:00
the password-store.
PORT may be a list of ports."
Minimize entry parsing in auth-source-pass Prior to this commit, while searching for the most applicable entry password-store entries were decrypted and parsed to ensure they were valid. The entries were parsed in the order they were found on the filesystem and all applicable entries would be decrypted and parsed, which varied based on the contents of the password-store and the entry to be found. This is fine when the GPG key is cached and each entry can be decrypted without user interaction. However, for security some people have their GPG on a hardware token like a Yubikey setup so that they have to touch a sensor on the toke for every cryptographic operation, in which case it becomes inconvenient as each attempt to find an entry requires a variable number of touches of the hardware token. The implementation already assumes that names which contain more of the information in the search key should be preferred so there is an ordering of preference of applicable entries. If the decrypt and parsing is removed from the initial identification of applicable entries in the store then in most cases a single decrypt and parse of the most preferred entry will suffice, improving the experience for hardware token users that require interaction with the token. This commit implements that strategy. It is in spirit a refactor of the existing code. * lisp/auth-source-pass.el (auth-source-pass--matching-entries): New function, generate an ordered list of regular expression matchers for all possible names that could be in the password-store for the entry to be found and then makes a pass over the password-store entry names accumulating the matching entries in a list after the regexp that matched. This implementation ensures the password-store entry list still only has to be scanned once. (auth-source-pass--find-match-unambiguous): Use it to obtain candidate entries and then parse them one by one until an entry containing the desired information is located. When complete, return the parsed data of the entry instead of the entry name so that the information can be used directly to construct the auth-source response. (auth-source-pass--build-result): Update accordingly. (auth-source-pass--find-match): Update docstring accordingly. (auth-source-pass--select-one-entry) (auth-source-pass--entry-valid-p) (auth-source-pass--find-all-by-entry-name) (auth-source-pass--find-one-by-entry-name): Remove. (auth-source-pass--select-from-entries) (auth-source-pass--accumulate-matches) (auth-source-pass--entry-reducer) (auth-source-pass--generate-entry-suffixes) (auth-source-pass--domains) (auth-source-pass--name-port-user-suffixes): New functions. * test/lisp/auth-source-pass-tests.el: One test case was added to the test suite to verify that only the minimal number of entries are parsed in common cases. The auth-source-pass-only-return-entries-that-can-be-open test case had to be re-implemented because the function it was used eliminated as the functionality is provided elsewhere. All the other fairly substantial changes to the test suite are the result of mechanical changes that were required to adapt to auth-source-pass--find-match returning the data from a parsed password-store entry instead of the entry name.
2019-05-06 03:21:43 +00:00
(let ((domains (auth-source-pass--domains (split-string hostname "\\."))))
Make auth-source-pass-search understand port lists For cases such as a typical IMAP Gnus setup, auto-source-pass-search is passed a list of "port aliases" like (993 "imaps" "imap" "993" "143") in hopes of finding a matching ~/.password-store entry. This modification makes this library understand and unroll the port list so that, i.e. "domain:993", "domain:imaps"", "domain:imap", etc. are computed as potential suffixes. Previously a nonsensical string "domain:(993 imaps imap ...)" was returned. * lisp/auth-source-pass.el (auth-source-pass--generate-entry-suffixes): Allow PORT to be a list of ports.
2019-11-20 00:11:00 +00:00
(seq-mapcat (lambda (domain)
(seq-mapcat
(lambda (p)
(auth-source-pass--name-port-user-suffixes domain user p))
Fix test failures of test/lisp/auth-source-pass-tests.el Failures introduced by recent "Make auth-source-pass-search understand port lists", commit 92fda5a7f92162d610d57df14372bcfcee1f01b6. * lisp/auth-source-pass.el (auth-source-pass--generate-entry-suffixes): Fix test failures.
2019-11-25 22:45:24 +00:00
(if (consp port) port (list port))))
Minimize entry parsing in auth-source-pass Prior to this commit, while searching for the most applicable entry password-store entries were decrypted and parsed to ensure they were valid. The entries were parsed in the order they were found on the filesystem and all applicable entries would be decrypted and parsed, which varied based on the contents of the password-store and the entry to be found. This is fine when the GPG key is cached and each entry can be decrypted without user interaction. However, for security some people have their GPG on a hardware token like a Yubikey setup so that they have to touch a sensor on the toke for every cryptographic operation, in which case it becomes inconvenient as each attempt to find an entry requires a variable number of touches of the hardware token. The implementation already assumes that names which contain more of the information in the search key should be preferred so there is an ordering of preference of applicable entries. If the decrypt and parsing is removed from the initial identification of applicable entries in the store then in most cases a single decrypt and parse of the most preferred entry will suffice, improving the experience for hardware token users that require interaction with the token. This commit implements that strategy. It is in spirit a refactor of the existing code. * lisp/auth-source-pass.el (auth-source-pass--matching-entries): New function, generate an ordered list of regular expression matchers for all possible names that could be in the password-store for the entry to be found and then makes a pass over the password-store entry names accumulating the matching entries in a list after the regexp that matched. This implementation ensures the password-store entry list still only has to be scanned once. (auth-source-pass--find-match-unambiguous): Use it to obtain candidate entries and then parse them one by one until an entry containing the desired information is located. When complete, return the parsed data of the entry instead of the entry name so that the information can be used directly to construct the auth-source response. (auth-source-pass--build-result): Update accordingly. (auth-source-pass--find-match): Update docstring accordingly. (auth-source-pass--select-one-entry) (auth-source-pass--entry-valid-p) (auth-source-pass--find-all-by-entry-name) (auth-source-pass--find-one-by-entry-name): Remove. (auth-source-pass--select-from-entries) (auth-source-pass--accumulate-matches) (auth-source-pass--entry-reducer) (auth-source-pass--generate-entry-suffixes) (auth-source-pass--domains) (auth-source-pass--name-port-user-suffixes): New functions. * test/lisp/auth-source-pass-tests.el: One test case was added to the test suite to verify that only the minimal number of entries are parsed in common cases. The auth-source-pass-only-return-entries-that-can-be-open test case had to be re-implemented because the function it was used eliminated as the functionality is provided elsewhere. All the other fairly substantial changes to the test suite are the result of mechanical changes that were required to adapt to auth-source-pass--find-match returning the data from a parsed password-store entry instead of the entry name.
2019-05-06 03:21:43 +00:00
domains)))
(defun auth-source-pass--domains (name-components)
"Return a list of possible domain names matching the hostname.
This function takes a list of NAME-COMPONENTS, the strings
separated by periods in the hostname, and returns a list of full
domain names containing the trailing sequences of those
components, from longest to shortest."
(cl-maplist (lambda (components) (mapconcat #'identity components "."))
name-components))
(defun auth-source-pass--name-port-user-suffixes (name user port)
"Return a list of possible path suffixes for NAME, USER, & PORT.
; Spelling fixes
2019-12-11 04:04:36 +00:00
The resulting list is ordered from most specific to least
Minimize entry parsing in auth-source-pass Prior to this commit, while searching for the most applicable entry password-store entries were decrypted and parsed to ensure they were valid. The entries were parsed in the order they were found on the filesystem and all applicable entries would be decrypted and parsed, which varied based on the contents of the password-store and the entry to be found. This is fine when the GPG key is cached and each entry can be decrypted without user interaction. However, for security some people have their GPG on a hardware token like a Yubikey setup so that they have to touch a sensor on the toke for every cryptographic operation, in which case it becomes inconvenient as each attempt to find an entry requires a variable number of touches of the hardware token. The implementation already assumes that names which contain more of the information in the search key should be preferred so there is an ordering of preference of applicable entries. If the decrypt and parsing is removed from the initial identification of applicable entries in the store then in most cases a single decrypt and parse of the most preferred entry will suffice, improving the experience for hardware token users that require interaction with the token. This commit implements that strategy. It is in spirit a refactor of the existing code. * lisp/auth-source-pass.el (auth-source-pass--matching-entries): New function, generate an ordered list of regular expression matchers for all possible names that could be in the password-store for the entry to be found and then makes a pass over the password-store entry names accumulating the matching entries in a list after the regexp that matched. This implementation ensures the password-store entry list still only has to be scanned once. (auth-source-pass--find-match-unambiguous): Use it to obtain candidate entries and then parse them one by one until an entry containing the desired information is located. When complete, return the parsed data of the entry instead of the entry name so that the information can be used directly to construct the auth-source response. (auth-source-pass--build-result): Update accordingly. (auth-source-pass--find-match): Update docstring accordingly. (auth-source-pass--select-one-entry) (auth-source-pass--entry-valid-p) (auth-source-pass--find-all-by-entry-name) (auth-source-pass--find-one-by-entry-name): Remove. (auth-source-pass--select-from-entries) (auth-source-pass--accumulate-matches) (auth-source-pass--entry-reducer) (auth-source-pass--generate-entry-suffixes) (auth-source-pass--domains) (auth-source-pass--name-port-user-suffixes): New functions. * test/lisp/auth-source-pass-tests.el: One test case was added to the test suite to verify that only the minimal number of entries are parsed in common cases. The auth-source-pass-only-return-entries-that-can-be-open test case had to be re-implemented because the function it was used eliminated as the functionality is provided elsewhere. All the other fairly substantial changes to the test suite are the result of mechanical changes that were required to adapt to auth-source-pass--find-match returning the data from a parsed password-store entry instead of the entry name.
2019-05-06 03:21:43 +00:00
specific, with paths matching all of NAME, USER, & PORT first,
then NAME & USER, then NAME & PORT, then just NAME."
(seq-mapcat
#'identity
(list
(when (and user port)
(list
(format "%s@%s%s%s" user name auth-source-pass-port-separator port)
(format "%s%s%s/%s" name auth-source-pass-port-separator port user)))
(when user
(list
(format "%s@%s" user name)
(format "%s/%s" name user)))
(when port
(list
(format "%s%s%s" name auth-source-pass-port-separator port)))
(list
(format "%s" name)))))
Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
Improve don't save bookmark context from encrypted files * etc/NEWS: Mention 'bookmark-inhibit-context-functions'. Fix typos. * lisp/bookmark.el (bookmark-inhibit-context-functions): New defcustom. (bookmark-make-record): Use it. * lisp/auth-source-pass.el (auth-source-pass-file-name-p): * lisp/auth-source.el (auth-source-file-name-p): New defuns. Add them to `bookmark-inhibit-context-functions'. * lisp/epa-hook.el (epa-file-name-p): * lisp/net/tramp-crypt.el (tramp-crypt-file-name-p): Add them to `bookmark-inhibit-context-functions'.
2022-09-22 11:14:46 +00:00
(defun auth-source-pass-file-name-p (file)
"Say whether FILE is used by `auth-source-pass'."
(and (stringp file) (stringp auth-source-pass-filename)
(string-equal
(expand-file-name file) (expand-file-name auth-source-pass-filename))))
(with-eval-after-load 'bookmark
(add-hook 'bookmark-inhibit-context-functions
#'auth-source-pass-file-name-p))
Integrate auth-source with password-store * lisp/auth-source-pass.el: auth-source backend for password-store. * test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass behavior.
2017-02-04 07:51:32 +00:00
(provide 'auth-source-pass)
;;; auth-source-pass.el ends here
; * lisp/auth-source-pass.el: Improve docstrings
2021-06-27 15:38:59 +00:00
;; LocalWords: backend hostname
Reference in a new issue Copy permalink