[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#49289: 28.0.50; auth-source-search may return doubly obfuscated :sec
From: |
Kazuhiro Ito |
Subject: |
bug#49289: 28.0.50; auth-source-search may return doubly obfuscated :secret value |
Date: |
Wed, 30 Jun 2021 19:18:37 +0900 |
User-agent: |
Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (Gojō) APEL-LB/10.8 EasyPG/1.0.0 Emacs/28.0.50 (x86_64-w64-mingw32) MULE/6.0 (HANACHIRUSATO) |
When I have ~/.authinfo entry of 'mail.example.com' for user 'foo' but
not user 'bar',
~/.authinfo
machine mail.example.com login foo password abcdef
for user other than 'foo', auth-source-search returns a function which
returns a function which returns a string.
(progn
(require 'auth-source)
(list
(funcall
(plist-get
(car (auth-source-search
:host "mail.example.com" :user "foo"
:require '(:secret) :create t))
:secret))
(funcall
(funcall
;; *** funcall called twice. ***
(plist-get
(car (auth-source-search
:host "mail.example.com" :user "bar"
:require '(:secret) :create t))
:secret)))))
-> ("abcdef" "abcdef")
I don't know whether auth-source supports multiple accounts on the
same host and whether it is a feature that auth-source-search tend to
return other user's password. But I think doubly obfuscated :secret
value is obviously a bug.
--
Kazuhiro Ito
- bug#49289: 28.0.50; auth-source-search may return doubly obfuscated :secret value,
Kazuhiro Ito <=