tramp-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: tramp (2.6.2.29.2 nil/nil); wrong-type-argument "stringp #[0 \\300\\

From: Ethan Glasser-Camp
Subject: Re: tramp (2.6.2.29.2 nil/nil); wrong-type-argument "stringp #[0 \\300\\207 [my actual password.."
Date: Fri, 14 Jun 2024 22:45:52 -0400
Hi! Sorry, I forgot to respond to this for a couple days.

I don't have anything that looks wrong in my case per se. I am able to access sudo fine with the existing `root@black-diamond` / `sudo` entry in my Login keyring (i.e. it doesn't ask me for a password). I'm just curious how that can work. `(secrets-get-secret "Login" "root@black-diamond")` retrieves my password but `(secrets-get-secret "Login" "ethan@black-diamond")` returns nil.

It sounds like there is some special logic in tramp that understands that with `sudo`, we should use the local username even if we are trying to access `root`. That makes sense.

It looks from the code like it's possible to get a password from a completely different user when we are about to create a new secret in `auth-source-secrets-create`. I think this could explain why it's able to find a password. It seems like taht could lead to a bug if I was to try to connect via ssh to the same host with multiple users, but that's just a hypothesis so maybe you should disregard it until someone actually reports it.

And my set up is working too, so that could be the end of it. I was just wondering if I should be concerned that I have a `root@black-diamond` secret instead of one with my username. Might that break at some future point?

Ethan


On Thu, Jun 13, 2024 at 5:17 AM Michael Albinus <michael.albinus@gmx.de> wrote:
Michael Albinus <michael.albinus@gmx.de> writes:

Hi Ethan,

>> Is this the same subject? Both entries in GNOME Secrets have
>> `root@black-diamond` as the "label" and `root` as the user.
>>
>> ...
>>
>> I was referring specifically to this line in
>> `auth-source-secrets-create`:
>>
>> (let* (...
>>          (current-data (car (auth-source-search :max 1
>>                                                 :host host
>>                                                 :port port)))
>>
>> It seems like this would be liable to grab the secret for another user
>> on the same host/port. For example, if I was using the `ssh` method,
>> then `host` and `port` would not be unique, right? In my usage, with
>> `sudo`, that's fine. Of course, I only skimmed the function and I may
>> be misunderstanding.
>
> I will check both issues tomorrow. Too tired for now.

OK, I have performed the following tests. I have used the "session"
collection in order not to taint my "Login" collection. I've started
with a vanilla Emacs 29, see the first line. Then, I have eveluated the
expressions in the *scratch* buffer. Lines starting with ;; are comments
I have added manually.

--8<---------------cut here---------------start------------->8---
# ~/src/emacs-29/src/emacs -Q --eval '(setq auth-sources (list "secrets:session") tramp-cache-read-persistent-data t)' -l tramp

auth-sources
("secrets:session")

;; The following opens a "sudo" connection, asking for the password.
(file-truename "/sudo::")
;; Interactive query of the password.
Password for /sudo:albinus@gandalf: ********
;; auth-source wants to create a new item. It asks me for a label, which
;; is free text. I've confirmed with RET
Enter label for albinus@gandalf (default albinus@gandalf):
;; Additional confirmation requested.
Save auth info to secrets collection session? [y/n/N/?] y
#("/sudo:root@gandalf:/root" 6 10 (tramp-default t) 11 18 (tramp-default t))

;; This checks for collections. "session" exists.
(secrets-list-collections)
("Login" "92beed6268d728784e4d8b4aea8a5f96" "f8a6e281eeae95e2e77d9a4812a98580" "1c10f9798638f07b2c2f3f4af8542d4c" "session" "63b7238a9793ec9e2f1a1c917a5c8f4f" "5a0922a29941a3edef7af298e739489f")

;; This checks for items in "session". Just one item with the given label.
(secrets-list-items "session")
("albinus@gandalf")

;; This asks for the item path, needed in next call.
(secrets-item-path "session" "albinus@gandalf")
"/org/freedesktop/secrets/collection/session/1"

;; This shows the properties. Everything looks fine.
(secrets-get-item-properties "/org/freedesktop/secrets/collection/session/1")
(("Locked") ("Attributes" ("host" "gandalf") ("port" "sudo") ("user" "albinus") ("xdg:schema" "org.freedesktop.Secret.Generic")) ("Label" . "albinus@gandalf") ("Type" . "org.freedesktop.Secret.Generic") ("Created" . 1718268741) ("Modified" . 1718268741))

;; This returns the password. As expected.
(secrets-get-secret "session" "albinus@gandalf")
"********"
--8<---------------cut here---------------end--------------->8---

So everything looks proper. What's wrong in your case?

>> Thanks,
>>
>> Ethan

Best regards, Michael.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]