[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: netrc field encryption in auth-source
From: |
Ted Zlatanov |
Subject: |
Re: netrc field encryption in auth-source |
Date: |
Fri, 17 Jun 2011 05:21:28 -0500 |
User-agent: |
Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.50 (gnu/linux) |
On Fri, 17 Jun 2011 04:32:42 -0500 Ted Zlatanov <address@hidden> wrote:
TZ> But wait, we can do better if it's an alist... Let's use the EPA
TZ> file pattern! The default can then be:
TZ> `((,(car epa-file-auto-mode-alist-entry) nil)
TZ> (t ask))
TZ> ...and when the user says "yes, use GPG tokens for file xyz" we'd add
TZ> '("xyz" gpg) to the head of the alist and offer to save the defcustom.
TZ> We have to make the "never ask to add" choice 'never, because nil is now
TZ> a valid alist for the value. So it could only be 'never or a valid
TZ> alist. Yes, that would work.
This made sense so I implemented a patch, replacing
`auth-source-save-secrets' with `auth-source-netrc-use-gpg-tokens' as
described above. It uses `epa-file-auto-mode-alist-entry' if it's
bound. I am not sure if I should just save the defcustom at the time
the user confirms or prompt instead. Please take a look. It makes
sense to me and the Customize interface looks nice.
Ted
diff --git a/lisp/auth-source.el b/lisp/auth-source.el
index 83e12d6..17be7d5 100644
--- a/lisp/auth-source.el
+++ b/lisp/auth-source.el
@@ -164,15 +164,30 @@ let-binding."
(const :tag "Never save" nil)
(const :tag "Ask" ask)))
-(defcustom auth-source-save-secrets nil
- "If set, auth-source will respect it for password tokens behavior."
+;; TODO: make the default (setq auth-source-netrc-use-gpg-tokens `((,(if
(boundp 'epa-file-auto-mode-alist-entry) (car (symbol-value
'epa-file-auto-mode-alist-entry)) "\\.gpg\\'") never) (t gpg)))
+;; TODO: or maybe leave as (setq auth-source-netrc-use-gpg-tokens 'never)
+
+(defcustom auth-source-netrc-use-gpg-tokens 'never
+ "Set this to tell auth-source when to create GPG password
+tokens in netrc files. It's either an alist or `never'."
:group 'auth-source
:version "23.2" ;; No Gnus
:type `(choice
- :tag "auth-source new password token behavior"
- (const :tag "Use GPG tokens" gpg)
- (const :tag "Save unencrypted" nil)
- (const :tag "Ask" ask)))
+ (const :tag "Always use GPG password tokens" (t gpg))
+ (const :tag "Never use GPG password tokens" never)
+ (repeat :tag "Use a lookup list"
+ (list
+ (choice :tag "Matcher"
+ (const :tag "Match anything" t)
+ (const :tag "The EPA encrypted file extensions"
+ ,(if (boundp 'epa-file-auto-mode-alist-entry)
+ (car (symbol-value
+ 'epa-file-auto-mode-alist-entry))
+ "\\.gpg\\'"))
+ (regexp :tag "Regular expression"))
+ (choice :tag "What to do"
+ (const :tag "Save GPG-encrypted password tokens"
gpg)
+ (const :tag "Don't encrypt tokens" never))))))
(defvar auth-source-magic "auth-source-magic ")
@@ -257,9 +272,11 @@ can get pretty complex."
,@auth-source-protocols-customize))
(list :tag "User" :inline t
(const :format "" :value :user)
- (choice :tag
"Personality/Username"
+ (choice
+ :tag "Personality/Username"
(const :tag "Any" t)
- (string :tag
"Name")))))))))
+ (string
+ :tag "Name")))))))))
(defcustom auth-source-gpg-encrypt-to t
"List of recipient keys that `authinfo.gpg' encrypted to.
@@ -960,7 +977,7 @@ Note that the MAX parameter is used so we can exit the
parse early."
(remove (symbol-value 'epa-file-handler)
file-name-handler-alist)
file-name-handler-alist))
- (find-file-hook
+ (,(if (boundp 'find-file-hook) 'find-file-hook 'find-file-hooks)
',(remove 'epa-file-find-file-hook find-file-hook))
(auto-mode-alist
',(if (boundp 'epa-file-auto-mode-alist-entry)
@@ -1216,19 +1233,33 @@ See `auth-source-search' for details on SPEC."
(cond
((and (null data) (eq r 'secret))
;; Special case prompt for passwords.
- ;; Respect `auth-source-save-secrets'
- (let* ((ep (format "Do you want GPG password tokens? (%s)"
- "see `auth-source-save-secrets'"))
+;; TODO: make the default (setq auth-source-netrc-use-gpg-tokens `((,(if
(boundp 'epa-file-auto-mode-alist-entry) (car (symbol-value
'epa-file-auto-mode-alist-entry)) "\\.gpg\\'") nil) (t gpg)))
+;; TODO: or maybe leave as (setq auth-source-netrc-use-gpg-tokens 'never)
+ (let* ((ep (format "Use GPG password tokens in %s?" file))
(gpg-encrypt
-;;; FIXME: this relies on .gpg files being handled by EPA/EPG
- ;; don't put GPG tokens in GPG-encrypted files
- (and (not (equal "gpg" (file-name-extension file)))
- (or (eq auth-source-save-secrets 'gpg)
- (and (eq auth-source-save-secrets 'ask)
- (setq auth-source-save-secrets
- (and (y-or-n-p ep) 'gpg))))))
+ (cond
+ ((eq auth-source-netrc-use-gpg-tokens 'never)
+ 'never)
+ ((listp auth-source-netrc-use-gpg-tokens)
+ (let ((check (copy-sequence
+ auth-source-netrc-use-gpg-tokens))
+ item ret)
+ (while check
+ (setq item (pop check))
+ (when (string-match (car item) file)
+ (setq ret (cdr item))
+ (setq check nil)))))
+ (t 'never)))
(plain (read-passwd prompt)))
- (if (eq auth-source-save-secrets 'gpg)
+ ;; ask if we don't know what to do (in which case
+ ;; auth-source-netrc-use-gpg-tokens must be a list)
+ (unless gpg-encrypt
+ (setq gpg-encrypt (if (y-or-n-p ep) 'gpg 'never))
+ ;; TODO: save the defcustom now? or ask?
+ (setq auth-source-netrc-use-gpg-tokens
+ (cons `(,file ,gpg-encrypt)
+ auth-source-netrc-use-gpg-tokens)))
+ (if (eq gpg-encrypt 'gpg)
(auth-source-epa-make-gpg-token plain file)
plain)))
((null data)
- Re: netrc field encryption in auth-source, (continued)
- Re: netrc field encryption in auth-source, Lars Magne Ingebrigtsen, 2011/06/15
- Re: netrc field encryption in auth-source, Lars Magne Ingebrigtsen, 2011/06/15
- Re: netrc field encryption in auth-source, Ted Zlatanov, 2011/06/15
- Re: netrc field encryption in auth-source, Robert Pluim, 2011/06/16
- Re: netrc field encryption in auth-source, Ted Zlatanov, 2011/06/16
- Re: netrc field encryption in auth-source, Reiner Steib, 2011/06/16
- Re: netrc field encryption in auth-source, Lars Magne Ingebrigtsen, 2011/06/16
- should docstrings include all defcustom options? (was: netrc field encryption in auth-source), Ted Zlatanov, 2011/06/16
- Re: netrc field encryption in auth-source, Robert Pluim, 2011/06/17
- Re: netrc field encryption in auth-source, Ted Zlatanov, 2011/06/17
- Re: netrc field encryption in auth-source,
Ted Zlatanov <=
- Re: netrc field encryption in auth-source, Robert Pluim, 2011/06/17
- Re: netrc field encryption in auth-source, Lars Magne Ingebrigtsen, 2011/06/21
- Re: netrc field encryption in auth-source, Ted Zlatanov, 2011/06/21
- Committing new smtpmail.el later tonight (was: netrc field encryption in auth-source), Lars Magne Ingebrigtsen, 2011/06/21
- Re: Committing new smtpmail.el later tonight, Lars Magne Ingebrigtsen, 2011/06/21
- Re: Committing new smtpmail.el later tonight, Antoine Levitt, 2011/06/21
- Re: Committing new smtpmail.el later tonight, Lars Magne Ingebrigtsen, 2011/06/21
- Re: Committing new smtpmail.el later tonight, Antoine Levitt, 2011/06/21
- Re: Committing new smtpmail.el later tonight, Lars Magne Ingebrigtsen, 2011/06/21
- Re: Committing new smtpmail.el later tonight, Lars Magne Ingebrigtsen, 2011/06/21