GNU bug report logs - #76808
30.0.5; auth-source-search with auth-source-pass remembers wrong password

Previous Next

Package: emacs;

Reported by: Al Haji-Ali <abdo.haji.ali <at> gmail.com>

Date: Fri, 7 Mar 2025 10:40:02 UTC

Severity: normal

Found in version 30.0.5

To reply to this bug, email your comments to 76808 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-gnu-emacs <at> gnu.org:
bug#76808; Package emacs. (Fri, 07 Mar 2025 10:40:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Al Haji-Ali <abdo.haji.ali <at> gmail.com>:
New bug report received and forwarded. Copy sent to bug-gnu-emacs <at> gnu.org. (Fri, 07 Mar 2025 10:40:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Al Haji-Ali <abdo.haji.ali <at> gmail.com>
To: bug-gnu-emacs <at> gnu.org
Subject: 30.0.5; auth-source-search with auth-source-pass remembers wrong
 password
Date: Fri, 07 Mar 2025 10:34:19 +0000

I ran into an issue where auth-source-search returns (and remembers) the wrong password, when combined with 'auth-source-pass'.

Here's the full situation:
- In my password store, I have two passwords:

user <at> website.com
website.com

- I start from a clean state, where I have to enter my password, e.g., by running:

gpgconf --reload gpg-agent

- From emacs, I call

(auth-source-search :host "website.com" :user "user" :max 1)

wanting to access the password in "user <at> website.com"

- I am promoted for a passkey, which I input incorrectly.
- I am then prompted for the passkey a second time, which I input correctly.
- The returned password is that in "website.com" rather than "user <at> website.com"
- Moreover, subsequent calls to `auth-source-search` return the "wrong" password when `auth-source-do-cache` is non-nil.  


This is not a bug per se, since I know what happens is that:
`auth-source-search`
calls
`auth-source-search-backends`
which calls
`auth-source-pass-search`
which builds a possible list of matches including "user <at> website.com" and "website.com" that it tests one by one, returning the first match after successful decoding. When I input the wrong password the first time while decoding the correct "user <at> website.com", then the first success happens in the second instance when decoding "website.com".

However, I am wondering if there's a way to detect wrong passkey entries and abort further matching. Or if this is something that should be patched somehow since I was experiencing persistent authentication issues in not-uncommon situations, and which took me quite a while to track down.

Thanks,
-- Al
This bug report was last modified 36 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.