[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: authinfo gnutls netrc.el auth-sources & smtpmail-starttls-credential

Subject: Re: authinfo gnutls netrc.el auth-sources & smtpmail-starttls-credentials
Date: Wed, 10 Jun 2009 16:43:14 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.94 (gnu/linux)

Ted Zlatanov <address@hidden> writes:
> Yes, it lets people get stuff done.  It's not a security risk and does
> not behave in an unexpected way.  It can be augmented but the
> Ted

Some observations:

In "../emacs/lisp/gnus/auth-source.el" `auth-source-user-or-password'
When a match is made for MODE (e.g. user's login and password) it is
cached to the hashtable
`auth-source-cache' by default - the user must override this value if
this is not what is wanted.
This cache holds: login password | host port protocol as key/vals
with login and password obfuscated to (login password) respectively.

Additionally when a match is made `auth-source-user-or-password' spits out a
'gnus-message 9' indicating the a match has been made (with password

docstring for `gnus-message' provides some guidelines for message levels:
"Guideline for numbers: {...} 9 - messages inside loops."

The `gnus-message' is printed when it exceeds the `gnus-verbose'
threshold (defaults to 7)
Which is to say, assuming the user has `gnus-util' library loaded and
his `gnus-verbose' level
set at or above level 9(nine) - he may see _gnus-message_ indicating
that the password/login has been cached
along with a timestamp _if_ `gnus-add-timestamp-to-message' it t.

Great! No Wait... any code that evaluates
`auth-source-user-or-password' directly has the value returned to
regardless of the `gnus-verbosity' levels. He _may not_ see those but
they may well be there anywasy

`../emacs/lisp/gnus/gnus-util.el' has one of these: (require 'netrc)

`../emacs/lisp/url/url-auth.el' has one of these:
(autoload 'auth-source-user-or-password "auth-source")

>From `../emacs/lisp/url/ChangeLog':

2008-06-07  Glenn Morris  <address@hidden>

       * url-auth.el (auth-source-user-or-password): Remove unnecessary
2008-05-12  Teodor Zlatanov  <address@hidden>

       * url-auth.el: Add autoload cookie for `auth-source-user-or-password'.
       (url-basic-auth, url-digest-auth): Use it with any realm,
       overriding the user name and password before the prompt.

Also, re: my previous post:
> auth-sources wants netrc.el per `auth-source-user-or-password'

It is worth noting that the call out to netrc.el happens at compile time:
(eval-when-compile (require 'netrc))

Alongside these really interesting autoloads:
(autoload 'encrypt-find-model "encrypt")
(autoload 'encrypt-insert-file-contents "encrypt")

What _are_ these?

An experiment:

(require 'auth-source)
(require 'epa-file)
(setq epa-file-cache-passphrase-for-symmetric-encryption t) ;;VERY Important

(if (= gnus-verbose 7)
 "Fine fine."
 (setq gnus-verbose 7))

;=>((:source "~/.authinfo.gpg" :host t :protocol t))

;=>#<hash-table 'equal nil 6/65 0x2dbb600>

;;;imagine a more varied alist formated with all 6(six) of my nice key->vals 
mapped out e.g.:
(stan-hash-get-symbol-keys auth-source-cache)
;=>("(login password) api.del.icio.us:443:https" 
   "(login password) api.del.icio.us:443:https"
   "(login password) api.del.icio.us:443:https" 
   "(login password) api.del.icio.us:443:https"
   "(login password) api.del.icio.us:443:https" 
   "(login password) api.del.icio.us:443:https")

;=>#<hash-table 'equal nil 0/65 0x2f38d00>

(stan-hash-get-symbol-keys auth-source-cache)

(with-temp-file (expand-file-name "~/.my-authinfo.gpg")
(insert "machine api.del.icio.us:443 port https login my-del-icio-name password 

(setq auth-sources '((:source "~/.my-authinfo.gpg" :host t :protocol t)))
;=>((:source "~/.my-authinfo.gpg" :host t :protocol t))

;=>((:source "~/.my-authinfo.gpg" :host t :protocol t))

;;; With apologies to Thierry Volipatto's `anything-delicious.el'
;;; (URL `http://www.emacswiki.org/emacs/anything-delicious.el')
(defvar *show-my-anything-delicious-user* nil
 "Your Delicious login")
(defvar *show-my-anything-delicious-password* nil
 "Your Delicious password")

(defun delicious-authentify (path)
 "Authentify user from .my-authinfo.gpg file."
 (let ((anything-delicious-auth
         '("login" "password")
   (setq *show-my-anything-delicious-user*
         (car anything-delicious-auth))
   (setq *show-my-anything-delicious-password*
         (cadr anything-delicious-auth))))

(delicious-authentify "~/.my-authinfo.gpg")
;=> ;message to mini-buffer
;; Cool it got set.


(= gnus-verbose 7)

(let ((this-buffer (current-buffer)))
    (delicious-authentify "~/.my-authinfo.gpg"))
      (switch-to-buffer (get-buffer "*Messages*"))
      (search-forward-regexp "*show-my-anything-delicious-password*"))
    (sit-for 3))
  (switch-to-buffer this-buffer))

;Good search-failed

(stan-hash-get-symbol-keys auth-source-cache)
;=>("(login password) api.del.icio.us:443:https")

;=>#<hash-table 'equal nil 1/65 0x2dbb600>

;; Now

(= gnus-verbose 7)
;=> t

(let ((this-buffer (current-buffer)))
    (print (delicious-authentify "~/.my-authinfo.gpg")))
     (switch-to-buffer (get-buffer "*Messages*"))
     (goto-char (point-max))
     (search-backward-regexp "*show-my-anything-delicious-password*" nil t))
   (sit-for 3))
 (switch-to-buffer this-buffer))

;GREAaaaat... I feel so dirty...

(defun show-gnus-sf (&optional thresh)
 "Evaluate two strings for their side-effects using `gnus-message'.
Find each string in the '*Messages*' buffer and come back to home.
When non-nil THRESH sets `gnus-verbose' to >= 9
Else sets gnus-verbose to default custom level 7 evaluates body.
Resets gnus-verbose to users default after snarfage."
 (let ((this-buffer)
   (setq vb gnus-verbose)
   (setq this-buffer (get-buffer (current-buffer)))
       (let ((sf1 "my 1st sleeper Gnus-message")
             (sf2 "my 2nd sleeper Gnus-message")
             (vb  ?\t))
           (cond (thresh
                  (setq gnus-verbose vb)
                  (gnus-message ?\b sf1)
                  (gnus-message ?\b sf2))
                 (t (gnus-message ?\a sf1)
                    (gnus-message ?\a sf2))))
         (pop-to-buffer (get-buffer "*Messages*") t)
           (goto-char (point-max))
           (when (search-backward-regexp sf1 nil t)
             (message (format "Got %s at line %s in %s with GNUS-VERBOSE level 
@ %s"
                         sf1 (line-number-at-pos) (get-buffer (current-buffer)) 
           (goto-char (point-max))
           (if (search-backward-regexp sf2 nil t)
               (message (format "Got %s at line %s in %s with GNUS-VERBOSE 
level @ %s"
                           sf2 (line-number-at-pos) (get-buffer 
(current-buffer)) vb))
             (format "Nothing to see here folks, move along."))
                (sit-for 1)))
     (setq gnus-verbose vb))
     (pop-to-buffer this-buffer)
     (format "Finished snarfing gnus-messages. GNUS-VERBOSE back @ level %d. 
Thank You." vb)))

(show-gnus-sf t)
;=>Why are those sleeper gnus-messages are hanging around in *Messages*?

(= gnus-verbose 7)

(unintern 'delicious-authentify)
(unintern '*show-my-anything-delicious-user*)
(unintern  '*show-my-anything-delicious-password*)
(setq auth-sources nil))


reply via email to

[Prev in Thread] Current Thread [Next in Thread]