GNU bug report logs - #79795
[PATCH] Use the correct host/port when searching auth-source in url-auth

Previous Next

To reply to this bug, email your comments to 79795 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Steven Allen <steven <at> stebalien.com>
To: bug-gnu-emacs <at> gnu.org
Subject: [PATCH] Use the correct host/port when searching auth-source in
 url-auth
Date: Sat, 08 Nov 2025 14:53:19 -0800

[Message part 1 (text/plain, inline)]

Tags: patch


This patch is a followup to the original fix to Bug#72526 (commit
a7a22e7c). That fix removed the port from the auth-source :host for
basic-auth however:

1. It didn't do the same for digest-auth.
2. It used the URL's "type" (http/https) instead of the actual port as
    the auth-source :port.

This commit addresses these two issues. Before this change:

1. Basic-auth used the URL's "host" as the auth-source :host and the
   URL's "type" (http/https) as the auth-source ":port".  For example:

  (auth-source-search :host "example.com" :port 'https)

2. Digest-auth used "host:port" as the auth-source :host and the URL's
   "type" as the auth-source :port.  For example:

   (auth-source-search :host "example.com:123" :port 'https)

Now, both basic-auth and digest-auth use the URL's "host" (sans port) as
the auth-source :host and the URL's "port" as the auth-source :port
unless the URL's port is the "default" port, in which case it uses the
URL's "type" (i.e., "http://foo:99" uses "99" as the port and
"http://foo:80" uses "http").  For example:

"https://example.com" ->
  (auth-source-search :host "example.com" :port 'https)

"http://example.com:1234" ->
  (auth-source-search :host "example.com" :port 1234)

Remaining questions:

- I created a new section in NEWS, should this change instead be
   documented in the Auth Source section?
- Should we ALWAYS use the port number (443, 80, etc.) as :port and
   _never_ use the service type ("https", "http", etc.)? I chose to the
   keep using the service type for the "port" where possible to reduce
   breakage, but I'm pretty sure using the actual port is "more correct"
   here.

In GNU Emacs 31.0.50 (build 1, x86_64-pc-linux-gnu, cairo version
 1.18.4) of 2025-11-07 built on Laptop
Repository revision: f7a7261c826f5cfe697db2711c5827ed88f5a416
Repository branch: merged
Windowing system distributor 'The X.Org Foundation', version 11.0.12101020
System Description: Arch Linux

Configured using:
 'configure --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/lib
 --localstatedir=/var --mandir=/usr/share/man --with-gameuser=:games
 --with-modules --without-m17n-flt --without-selinux --without-pop
 --without-gconf --disable-gc-mark-trace --with-mps=yes
 --enable-autodepend --enable-link-time-optimization
 --with-native-compilation=yes --with-xinput2 --with-x-toolkit=no
 --without-toolkit-scroll-bars --without-xaw3d --without-gsettings
 --with-cairo-xcb --without-xft --with-sound=no --with-tree-sitter
 --without-gpm --without-compress-install
 '--program-transform-name=s/\([ec]tags\)/\1.emacs/' CC=/usr/bin/clang
 'CFLAGS=-march=native -mtune=native -O3 -pipe -fno-plt -fexceptions
 -Wp,-D_FORTIFY_SOURCE=3 -Wformat -Werror=format-security
 -fstack-clash-protection -fcf-protection -fomit-frame-pointer
 -fno-math-errno -fno-trapping-math -Os -flto=auto' 'LDFLAGS=-Wl,-O1
 -Wl,--sort-common -Wl,--as-needed -Wl,-z,relro -Wl,-z,now
 -Wl,-z,pack-relative-relocs -flto=auto' 'CPP=/usr/bin/clang -E'
 CXX=/usr/bin/clang++ 'CXXFLAGS=-march=native -mtune=native -O3 -pipe
 -fno-plt -fexceptions -Wp,-D_FORTIFY_SOURCE=3 -Wformat
 -Werror=format-security -fstack-clash-protection -fcf-protection
 -fomit-frame-pointer -Wp,-D_GLIBCXX_ASSERTIONS -fuse-ld=lld
 -flto=auto''

[0001-Use-the-correct-host-port-when-searching-auth-source.patch (text/x-patch, attachment)]

Message #8 received at 79795 <at> debbugs.gnu.org (full text, mbox):

From: Steven Allen <steven <at> stebalien.com>
To: 79795 <at> debbugs.gnu.org
Subject: Re: bug#79795: Acknowledgement ([PATCH] Use the correct host/port
 when searching auth-source in url-auth)
Date: Sat, 08 Nov 2025 16:06:12 -0800

Actually, hold off on this patch for a bit. I'm working on a separate
patch that'll fix some related issues.

Message #11 received at 79795 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Steven Allen <steven <at> stebalien.com>, Björn Bidar
 <bjorn.bidar <at> thaodan.de>
Cc: 79795 <at> debbugs.gnu.org
Subject: Re: bug#79795: [PATCH] Use the correct host/port when searching
 auth-source in url-auth
Date: Sat, 15 Nov 2025 11:38:03 +0200

> Date: Sat, 08 Nov 2025 14:53:19 -0800
> From:  Steven Allen via "Bug reports for GNU Emacs,
>  the Swiss army knife of text editors" <bug-gnu-emacs <at> gnu.org>
> 
> This patch is a followup to the original fix to Bug#72526 (commit
> a7a22e7c). That fix removed the port from the auth-source :host for
> basic-auth however:
> 
> 1. It didn't do the same for digest-auth.
> 2. It used the URL's "type" (http/https) instead of the actual port as
>     the auth-source :port.
> 
> This commit addresses these two issues. Before this change:
> 
> 1. Basic-auth used the URL's "host" as the auth-source :host and the
>    URL's "type" (http/https) as the auth-source ":port".  For example:
> 
>   (auth-source-search :host "example.com" :port 'https)
> 
> 2. Digest-auth used "host:port" as the auth-source :host and the URL's
>    "type" as the auth-source :port.  For example:
> 
>    (auth-source-search :host "example.com:123" :port 'https)
> 
> Now, both basic-auth and digest-auth use the URL's "host" (sans port) as
> the auth-source :host and the URL's "port" as the auth-source :port
> unless the URL's port is the "default" port, in which case it uses the
> URL's "type" (i.e., "http://foo:99" uses "99" as the port and
> "http://foo:80" uses "http").  For example:
> 
> "https://example.com" ->
>   (auth-source-search :host "example.com" :port 'https)
> 
> "http://example.com:1234" ->
>   (auth-source-search :host "example.com" :port 1234)
> 
> Remaining questions:
> 
> - I created a new section in NEWS, should this change instead be
>    documented in the Auth Source section?
> - Should we ALWAYS use the port number (443, 80, etc.) as :port and
>    _never_ use the service type ("https", "http", etc.)? I chose to the
>    keep using the service type for the "port" where possible to reduce
>    breakage, but I'm pretty sure using the actual port is "more correct"
>    here.

I'm not familiar with this code, so I'm adding Björn to the discussion
in the hope that he could review and comment on the patch.

Thanks.

Message #14 received at 79795 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: bjorn.bidar <at> thaodan.de
Cc: 79795 <at> debbugs.gnu.org, steven <at> stebalien.com
Subject: Re: bug#79795: [PATCH] Use the correct host/port when searching
 auth-source in url-auth
Date: Sat, 29 Nov 2025 12:57:43 +0200

Ping!  Björn, could you please chime in?

> Cc: 79795 <at> debbugs.gnu.org
> Date: Sat, 15 Nov 2025 11:38:03 +0200
> From: Eli Zaretskii <eliz <at> gnu.org>
> 
> > Date: Sat, 08 Nov 2025 14:53:19 -0800
> > From:  Steven Allen via "Bug reports for GNU Emacs,
> >  the Swiss army knife of text editors" <bug-gnu-emacs <at> gnu.org>
> > 
> > This patch is a followup to the original fix to Bug#72526 (commit
> > a7a22e7c). That fix removed the port from the auth-source :host for
> > basic-auth however:
> > 
> > 1. It didn't do the same for digest-auth.
> > 2. It used the URL's "type" (http/https) instead of the actual port as
> >     the auth-source :port.
> > 
> > This commit addresses these two issues. Before this change:
> > 
> > 1. Basic-auth used the URL's "host" as the auth-source :host and the
> >    URL's "type" (http/https) as the auth-source ":port".  For example:
> > 
> >   (auth-source-search :host "example.com" :port 'https)
> > 
> > 2. Digest-auth used "host:port" as the auth-source :host and the URL's
> >    "type" as the auth-source :port.  For example:
> > 
> >    (auth-source-search :host "example.com:123" :port 'https)
> > 
> > Now, both basic-auth and digest-auth use the URL's "host" (sans port) as
> > the auth-source :host and the URL's "port" as the auth-source :port
> > unless the URL's port is the "default" port, in which case it uses the
> > URL's "type" (i.e., "http://foo:99" uses "99" as the port and
> > "http://foo:80" uses "http").  For example:
> > 
> > "https://example.com" ->
> >   (auth-source-search :host "example.com" :port 'https)
> > 
> > "http://example.com:1234" ->
> >   (auth-source-search :host "example.com" :port 1234)
> > 
> > Remaining questions:
> > 
> > - I created a new section in NEWS, should this change instead be
> >    documented in the Auth Source section?
> > - Should we ALWAYS use the port number (443, 80, etc.) as :port and
> >    _never_ use the service type ("https", "http", etc.)? I chose to the
> >    keep using the service type for the "port" where possible to reduce
> >    breakage, but I'm pretty sure using the actual port is "more correct"
> >    here.
> 
> I'm not familiar with this code, so I'm adding Björn to the discussion
> in the hope that he could review and comment on the patch.
> 
> Thanks.
> 
> 
> 
> 

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.