[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] nsm 01/01: Store (some) host names in the security manager
From: |
Lars Ingebrigtsen |
Subject: |
[Emacs-diffs] nsm 01/01: Store (some) host names in the security manager database |
Date: |
Tue, 18 Nov 2014 20:26:24 +0000 |
branch: nsm
commit 153d59e9e7d45a50577a1488afe05538ecd61347
Author: Lars Magne Ingebrigtsen <address@hidden>
Date: Tue Nov 18 21:26:16 2014 +0100
Store (some) host names in the security manager database
(nsm-save-host-names): New variable.
(nsm-save-host): Use it to save host names in the network manager
database.
---
lisp/ChangeLog | 3 +++
lisp/net/nsm.el | 43 ++++++++++++++++++++++++++++---------------
2 files changed, 31 insertions(+), 15 deletions(-)
diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 67f89fb..fd4c8fd 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -3,6 +3,9 @@
* net/nsm.el (nsm-query): If running non-interactively, then say
`no' to everything.
(nsm-query): Also make asynch code say `no' to everything.
+ (nsm-save-host-names): New variable.
+ (nsm-save-host): Use it to save host names in the network manager
+ database.
* mail/smtpmail.el (smtpmail-via-smtp): Warn unless encrypted if
we're sending a password.
diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el
index 3fa164c..c7731ec 100644
--- a/lisp/net/nsm.el
+++ b/lisp/net/nsm.el
@@ -50,6 +50,14 @@
:group 'nsm
:type 'file)
+(defcustom nsm-save-host-names nil
+ "If non-nil, always save host names in the structures in `nsm-settings-file'.
+By default, only hosts that have exceptions have their names
+stored in plain text."
+ :version "25.1"
+ :group 'nsm
+ :type 'boolean)
+
(defun nsm-verify-connection (process host port &optional
save-fingerprint warn-unencrypted)
"Verify the security status of PROCESS that's connected to HOST:PORT.
@@ -85,7 +93,7 @@ unencrypted."
(nsm-check-tls-connection process host port status settings)))
(when (and process save-fingerprint
(null (nsm-host-settings id)))
- (nsm-save-host id status 'fingerprint 'always))
+ (nsm-save-host host port status 'fingerprint 'always))
process))))))
(defun nsm-check-tls-connection (process host port status settings)
@@ -102,7 +110,7 @@ unencrypted."
nil)
;; Save the host fingerprint so that we can check it the
;; next time we connect.
- (nsm-save-host (nsm-id host port) status 'fingerprint 'always)
+ (nsm-save-host host port status 'fingerprint 'always)
process)))
((not (equal nsm-security-level 'low))
;; We always want to pin the certificate of invalid connections
@@ -114,7 +122,7 @@ unencrypted."
;; We have a warning, so query the user.
(if (and (not (nsm-warnings-ok-p status settings))
(not (nsm-query
- (nsm-id host port) status 'conditions
+ host port status 'conditions
"The TLS connection to %s:%s is insecure\nfor the
following reason%s:\n\n%s"
host port
(if (> (length warnings) 1)
@@ -131,7 +139,7 @@ unencrypted."
(not (equal (plist-get status :fingerprint)
(plist-get settings :fingerprint)))
(not (nsm-query
- (nsm-id host port) status 'fingerprint
+ host port status 'fingerprint
"The fingerprint for the connection to %s:%s has changed
from\n%s to\n%s"
host port
(plist-get settings :fingerprint)
@@ -149,7 +157,7 @@ unencrypted."
(not (eq (plist-get settings :fingerprint) :none))
(not
(nsm-query
- (nsm-id host port) nil 'conditions
+ host port nil 'conditions
"The connection to %s:%s used to be an encrypted\nconnection, but is
now unencrypted. This might mean that there's a\nman-in-the-middle tapping
this connection."
host port)))
(delete-process process)
@@ -157,7 +165,7 @@ unencrypted."
((and warn-unencrypted
(not (memq :unencrypted (plist-get settings :conditions)))
(not (nsm-query
- (nsm-id host port) nil 'conditions
+ host port nil 'conditions
"The connection to %s:%s is unencrypted."
host port)))
(delete-process process)
@@ -165,7 +173,7 @@ unencrypted."
(t
process)))
-(defun nsm-query (id status what message &rest args)
+(defun nsm-query (host port status what message &rest args)
;; If there is no user to answer queries, then say `no' to everything.
(if (or noninteractive
running-asynch-code)
@@ -179,7 +187,7 @@ unencrypted."
(error 'no))))
(if (eq response 'no)
nil
- (nsm-save-host id status what response)
+ (nsm-save-host host port status what response)
t))))
(defun nsm-query-user (message args cert)
@@ -212,16 +220,21 @@ unencrypted."
(clear-this-command-keys)
response)))
-(defun nsm-save-host (id status what permanency)
- (let ((saved
- (list :id id
- :fingerprint (if status
- (plist-get status :fingerprint)
- ;; Plain connection.
- :none))))
+(defun nsm-save-host (host port status what permanency)
+ (let* ((id (nsm-id host port))
+ (saved
+ (list :id id
+ :fingerprint (if status
+ (plist-get status :fingerprint)
+ ;; Plain connection.
+ :none))))
+ (when (or (eq what 'conditions)
+ nsm-save-host-names)
+ (nconc saved (list :host (format "%s:%s" host port))))
;; We either want to save/update the fingerprint or the conditions
;; of the certificate/unencrypted connection.
(when (eq what 'conditions)
+ (nconc saved (list :host (format "%s:%s" host port)))
(cond
((not status)
(nconc saved `(:conditions (:unencrypted))))
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Emacs-diffs] nsm 01/01: Store (some) host names in the security manager database,
Lars Ingebrigtsen <=