mirror of
git://git.sv.gnu.org/emacs.git
synced 2025-12-06 06:20:55 -08:00
Encrypt some parameters in auth-source plstore backend
The auth-source plstore backend allows a list of extra parameters but currently stores them all unencrypted. This allows a plist with :unencrypted and :encrypted keys to specify which extra parameters to encrypt in the plstore file. * lisp/auth-source.el (auth-source-plstore-create): Allow specifying both unencrypted and encrypted extra parameters.
This commit is contained in:
Andrew G Cohen
Lars Ingebrigtsen
parent
77f3bc37e1
commit
d859cdd621
1 changed files with 28 additions and 17 deletions
|
|
@ -573,19 +573,24 @@ which says:
|
||||||
or P. The resulting token will only have keys user, host, and
|
or P. The resulting token will only have keys user, host, and
|
||||||
port.\"
|
port.\"
|
||||||
|
|
||||||
:create \\='(A B C) also means to create a token if possible.
|
:create \\='(A B C) or
|
||||||
|
:create \\='(:unencrypted A B :encrypted C)
|
||||||
|
also means to create a token if possible.
|
||||||
|
|
||||||
The behavior is like :create t but if the list contains any
|
The behavior is like :create t but if the list contains any
|
||||||
parameter, that parameter will be required in the resulting
|
parameter, that parameter will be required in the resulting
|
||||||
token. The value for that parameter will be obtained from the
|
token (the second form is used only with the plstore backend and
|
||||||
search parameters or from user input. If any queries are needed,
|
specifies if any of the extra parameters should be stored in
|
||||||
the alist `auth-source-creation-defaults' will be checked for the
|
encrypted format.) The value for that parameter will be obtained
|
||||||
default value. If the user, host, or port are missing, the alist
|
from the search parameters or from user input. If any queries
|
||||||
`auth-source-creation-prompts' will be used to look up the
|
are needed, the alist `auth-source-creation-defaults' will be
|
||||||
prompts IN THAT ORDER (so the `user' prompt will be queried first,
|
checked for the default value. If the user, host, or port are
|
||||||
then `host', then `port', and finally `secret'). Each prompt string
|
missing, the alist `auth-source-creation-prompts' will be used to
|
||||||
can use %u, %h, and %p to show the user, host, and port. The prompt
|
look up the prompts IN THAT ORDER (so the `user' prompt will be
|
||||||
is formatted with `format-prompt', a trailing \": \" is removed.
|
queried first, then `host', then `port', and finally `secret').
|
||||||
|
Each prompt string can use %u, %h, and %p to show the user, host,
|
||||||
|
and port. The prompt is formatted with `format-prompt', a
|
||||||
|
trailing \": \" is removed.
|
||||||
|
|
||||||
Here's an example:
|
Here's an example:
|
||||||
|
|
||||||
|
|
@ -2131,12 +2136,17 @@ entries for git.gnus.org:
|
||||||
(let* ((base-required '(host user port secret))
|
(let* ((base-required '(host user port secret))
|
||||||
(base-secret '(secret))
|
(base-secret '(secret))
|
||||||
;; we know (because of an assertion in auth-source-search) that the
|
;; we know (because of an assertion in auth-source-search) that the
|
||||||
;; :create parameter is either t or a list (which includes nil)
|
;; :create parameter is either t, or a list (which includes nil
|
||||||
(create-extra (if (eq t create) nil create))
|
;; or a plist)
|
||||||
|
(create-extra-secret (plist-get create :encrypted))
|
||||||
|
(create-extra (if (eq t create) nil
|
||||||
|
(or (append (plist-get create :unencrypted)
|
||||||
|
create-extra-secret) create)))
|
||||||
(current-data (car (auth-source-search :max 1
|
(current-data (car (auth-source-search :max 1
|
||||||
:host host
|
:host host
|
||||||
:port port)))
|
:port port)))
|
||||||
(required (append base-required create-extra))
|
(required (append base-required create-extra))
|
||||||
|
(required-secret (append base-secret create-extra-secret))
|
||||||
;; `valist' is an alist
|
;; `valist' is an alist
|
||||||
valist
|
valist
|
||||||
;; `artificial' will be returned if no creation is needed
|
;; `artificial' will be returned if no creation is needed
|
||||||
|
|
@ -2158,10 +2168,11 @@ entries for git.gnus.org:
|
||||||
(auth-source--aput valist br br-choice))))))
|
(auth-source--aput valist br br-choice))))))
|
||||||
|
|
||||||
;; for extra required elements, see if the spec includes a value for them
|
;; for extra required elements, see if the spec includes a value for them
|
||||||
(dolist (er create-extra)
|
(let ((keys (cl-loop for i below (length spec) by 2
|
||||||
(let ((k (auth-source--symbol-keyword er))
|
collect (nth i spec)))
|
||||||
(keys (cl-loop for i below (length spec) by 2
|
k)
|
||||||
collect (nth i spec))))
|
(dolist (er create-extra)
|
||||||
|
(setq k (auth-source--symbol-keyword er))
|
||||||
(when (memq k keys)
|
(when (memq k keys)
|
||||||
(auth-source--aput valist er (plist-get spec k)))))
|
(auth-source--aput valist er (plist-get spec k)))))
|
||||||
|
|
||||||
|
|
@ -2225,7 +2236,7 @@ entries for git.gnus.org:
|
||||||
(eval default)))))
|
(eval default)))))
|
||||||
|
|
||||||
(when data
|
(when data
|
||||||
(if (member r base-secret)
|
(if (member r required-secret)
|
||||||
(setq secret-artificial
|
(setq secret-artificial
|
||||||
(plist-put secret-artificial
|
(plist-put secret-artificial
|
||||||
(auth-source--symbol-keyword r)
|
(auth-source--symbol-keyword r)
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue