Commit graph

23 commits

Author SHA1 Message Date
Damien Cassou
7022e3fde6
Refactoring of auth-source-pass
* lisp/auth-source-pass.el (auth-source-pass--find-match): Refactor by
moving some code to auth-source-pass--disambiguate.
(auth-source-pass--disambiguate)
(auth-source-pass--entries-matching-suffix): New function.
(auth-source-pass--find-match-unambiguous)
(auth-source-pass--select-from-entries)
(auth-source-pass--entry-reducer): Refactor to simplify and improve
logging.
(auth-source-pass--matching-entries)
(auth-source-pass--accumulate-matches): Remove.
* test/lisp/auth-source-pass-tests.el: Complete rewrite to facilitate
maintenance.
(auth-source-pass--have-message-containing): Remove.
(auth-source-pass--have-message-matching)
(auth-source-pass--explain--have-message-matching)
(auth-source-pass--explain-match-entry-p)
(auth-source-pass--includes-sorted-entries)
(auth-source-pass--explain-includes-sorted-entries)
(auth-source-pass--explain-match-any-entry-p)
(auth-source-pass--matching-entries)
(auth-source-pass-match-entry-p)
(auth-source-pass-match-any-entry-p): New function.
2019-06-24 09:15:41 +02:00
Keith Amidon
0a580c187d
Minimize entry parsing in auth-source-pass
Prior to this commit, while searching for the most applicable entry
password-store entries were decrypted and parsed to ensure they were
valid.  The entries were parsed in the order they were found on the
filesystem and all applicable entries would be decrypted and parsed,
which varied based on the contents of the password-store and the entry
to be found.

This is fine when the GPG key is cached and each entry can be
decrypted without user interaction.  However, for security some people
have their GPG on a hardware token like a Yubikey setup so that they
have to touch a sensor on the toke for every cryptographic operation,
in which case it becomes inconvenient as each attempt to find an entry
requires a variable number of touches of the hardware token.

The implementation already assumes that names which contain more of
the information in the search key should be preferred so there is an
ordering of preference of applicable entries.  If the decrypt and
parsing is removed from the initial identification of applicable
entries in the store then in most cases a single decrypt and parse of
the most preferred entry will suffice, improving the experience for
hardware token users that require interaction with the token.

This commit implements that strategy.  It is in spirit a refactor of
the existing code.

* lisp/auth-source-pass.el (auth-source-pass--matching-entries): New
function, generate an ordered list of regular expression matchers for
all possible names that could be in the password-store for the entry
to be found and then makes a pass over the password-store entry names
accumulating the matching entries in a list after the regexp that
matched.  This implementation ensures the password-store entry list
still only has to be scanned once.
(auth-source-pass--find-match-unambiguous): Use it to obtain candidate
entries and then parse them one by one until an entry containing the
desired information is located.  When complete, return the parsed data
of the entry instead of the entry name so that the information can be
used directly to construct the auth-source response.
(auth-source-pass--build-result): Update accordingly.
(auth-source-pass--find-match): Update docstring accordingly.
(auth-source-pass--select-one-entry)
(auth-source-pass--entry-valid-p)
(auth-source-pass--find-all-by-entry-name)
(auth-source-pass--find-one-by-entry-name): Remove.
(auth-source-pass--select-from-entries)
(auth-source-pass--accumulate-matches)
(auth-source-pass--entry-reducer)
(auth-source-pass--generate-entry-suffixes)
(auth-source-pass--domains)
(auth-source-pass--name-port-user-suffixes): New functions.

* test/lisp/auth-source-pass-tests.el: One test case was added to the
test suite to verify that only the minimal number of entries are
parsed in common cases.  The
auth-source-pass-only-return-entries-that-can-be-open test case had to
be re-implemented because the function it was used eliminated as the
functionality is provided elsewhere.  All the other fairly substantial
changes to the test suite are the result of mechanical changes that
were required to adapt to auth-source-pass--find-match returning the
data from a parsed password-store entry instead of the entry name.
2019-06-24 09:15:40 +02:00
Keith Amidon
94c9eb81b8
Fix auth-source-pass to search for hostname:port/username
auth-source-pass supports entries with username either prefixed to the
hostname with an @ as separator or in a subdirectory under the
hostname.  This was true when there was no port or service included in
the name, but got broken with the introduction of
auth-source-pass-port-separator.

* lisp/auth-source-pass.el (auth-source-pass--find-match-unambiguous): Fix
to match hostname:port/username.
* test/lisp/auth-source-pass-tests.el: Add corresponding tests.
2019-06-24 09:15:40 +02:00
Iku Iwasa
2a0a05789d
Add auth-source-pass-port-separator option
* lisp/auth-source-pass.el (auth-source-pass-port-separator): New
option to specify separator between host and port, default to
colon (":").
(auth-source-pass--find-match-unambiguous): Adapt to make use of the
new variable.
* test/lisp/auth-source-pass-tests.el: Add corresponding tests.
2019-06-24 09:15:40 +02:00
Magnus Henoch
527efaf798
Fix auth-source-pass to return nil if no entry found
* lisp/auth-source-pass.el (auth-source-pass-search): If there is no
matching entry, auth-source-pass-search should return nil, not (nil).
This lets auth-source fall back to other backends in the auth-sources
list.
* test/lisp/auth-source-pass-tests.el: Add corresponding test.

Copyright-paperwork-exempt: yes
2019-06-24 09:15:39 +02:00
Paul Eggert
ba809612c0 Merge from origin/emacs-26
2fcf2df Fix copyright years by hand
26bed8b Update copyright year to 2019
2814292 Fix value of default frame height.  (Bug#33921)
2018-12-31 17:57:29 -08:00
Paul Eggert
26bed8ba10 Update copyright year to 2019
Run 'TZ=UTC0 admin/update-copyright $(git ls-files)'.
2019-01-01 01:01:13 +00:00
Damien Cassou
47ccee220a
Test checking that auth-source-pass backend is correctly installed
* test/lisp/auth-source-pass-tests.el
(auth-source-pass-can-start-from-auth-source-search): Add test.
2018-06-05 15:53:33 +02:00
Jelle Licht
1d2551f8e7
Fix auth-source-pass.el to properly handle special inputs
* lisp/auth-source-pass.el (auth-source-pass-search): Warn when
passing multiple hosts in SPEC. Early return and warn when passing a
wildcard as host in SPEC. Early return when host is nil.
* test/lisp/auth-source-pass-tests.el (auth-source-pass-any-host,
auth-source-pass-undefined-host): Add corresponding tests.
2018-06-05 15:51:26 +02:00
Damien Cassou
b43ed61ef9
auth-source-pass: Take care of matching hosts when port is provided
* lisp/auth-source-pass.el (auth-source-pass--find-match): Add PORT
parameter and reorganize code by extracting `find-match-unambiguous'.
(auth-source-pass--find-match-unambiguous): New function.
(auth-source-pass--build-result): Fix the call to `find-match'.
(auth-source-pass--hostname, auth-source-pass--hostname-with-user,
auth-source-pass--user): Remove functions.
* test/lisp/auth-source-pass-tests.el: Fix the calls to `find-match'.
(auth-source-pass-find-host-without-port) Add corresponding test.
2018-06-05 15:51:14 +02:00
Damien Cassou
a52661b58b
Add missing test cases to auth-source-pass-tests.el
* test/lisp/auth-source-pass-tests.el
(auth-source-pass-build-result-passes-full-host-to-find-match): Add
missing test cases.
2018-06-05 15:51:09 +02:00
Damien Cassou
5b31e6de99
Add a test to auth-source-pass-tests.el
* test/lisp/auth-source-pass-tests.el
(auth-source-pass-build-result-passes-full-host-to-find-match): Add
test making sure find-match is called with full host.
2018-06-05 15:51:00 +02:00
Damien Cassou
53f044c22f
Fix indentation in auth-source-pass-tests.el
* test/lisp/auth-source-pass-tests.el
(auth-source-pass-only-return-entries-that-can-be-open): Fix indentation.
2018-06-05 15:50:54 +02:00
Edison Ibañez
59d44b528e
* test/lisp/auth-source-pass-tests.el: Add assertions for host:port 2018-06-05 15:50:46 +02:00
Paul Eggert
bb267f17f9 Merge from origin/emacs-26
63b04c11d5 Fix copyright years by hand
5c7dd8a783 Update copyright year to 2018
220a9ecba1 Merge from Gnulib
312c565566 Don't add empty keyboard macro to macro ring (Bug#24992)
39ca289a7a Allow customization of decoding of "man" command
f8240815ea * etc/NEWS: Add security consideration note on passphrase ...
0c78822c70 Fix subtle problem with scroll-down when scroll-margin is ...
acd289c5a4 Fix problems with indexing in User manual
b240c7846b * lisp/help.el (describe-key): Only (copy-sequence elt) wh...
e879a5444a * src/buffer.c (Frestore_buffer_modified_p): Fix bug#29846
81b1028b63 Improve documentation of 'inhibit-modification-hooks' and ...
7175496d7a Fix doc string of 'enable-recursive-minibuffers'
5b38406491 Fix documentation of delsel and of killing text

# Conflicts:
#	etc/NEWS
#	etc/refcards/ru-refcard.tex
2018-01-01 01:13:04 -08:00
Paul Eggert
5c7dd8a783 Update copyright year to 2018
Run admin/update-copyright.
2018-01-01 00:57:59 -08:00
Łukasz Jędrzejewski
e973c5f5f4 Extract user from host when searching for entries in auth-source-pass
* lisp/auth-source-pass.el (auth-source-pass--user): New function.
(auth-source-pass--find-match): Use it.  When the user is not
explicitly specified and no entry is found, extract the user from
the host and then search again.  (Bug#29045)
* test/lisp/auth-source-pass-tests.el
(auth-source-pass-find-match-matching-extracting-user-from-host):
Add a new test case.

Copyright-paperwork-exempt: yes
2017-11-04 12:24:49 +02:00
Paul Eggert
bc511a64f6 Prefer HTTPS to FTP and HTTP in documentation
Most of this change is to boilerplate commentary such as license URLs.
This change was prompted by ftp://ftp.gnu.org's going-away party,
planned for November.  Change these FTP URLs to https://ftp.gnu.org
instead.  Make similar changes for URLs to other organizations moving
away from FTP.  Also, change HTTP to HTTPS for URLs to gnu.org and
fsf.org when this works, as this will further help defend against
man-in-the-middle attacks (for this part I omitted the MS-DOS and
MS-Windows sources and the test tarballs to keep the workload down).
HTTPS is not fully working to lists.gnu.org so I left those URLs alone
for now.
2017-09-13 15:54:37 -07:00
Glenn Morris
0295068d05 * test/lisp/auth-source-pass-tests.el: Fix loading of cl-lib. 2017-04-27 21:19:47 -07:00
Glenn Morris
91c05a5bd3 ; Fix copyright and license notice in recent additions 2017-04-27 21:17:45 -07:00
Damien Cassou
2a23577795
auth-source-pass: Add documentation; fix tests and indentation.
* doc/misc/auth.texi: Document new integration with Pass. Use @itemize
  instead of @enumerate.
* lisp/auth-source-pass.el: Fix indentation.
  (auth-source-pass--remove-directory-name): Remove.
* test/lisp/auth-source-pass-tests.el: Adjust test macros.
2017-04-27 17:37:58 -04:00
foudfou
b206b95ce3
auth-source-pass: Enable finding entries by "host/username"
* lisp/auth-source-pass.el: Enable finding entries by "host/username".
* test/lisp/auth-source-pass-tests.el: Adjust tests to check it.
2017-04-27 17:37:58 -04:00
Damien Cassou
0e066efe3b
Integrate auth-source with password-store
* lisp/auth-source-pass.el: auth-source backend for password-store.
* test/lisp/auth-source-pass-tests.el: Tests for auth-source-pass
  behavior.
2017-04-27 17:37:58 -04:00