[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Possible bug in Aarch64 single-stepping
|
From: |
Peter Maydell |
|
Subject: |
Re: Possible bug in Aarch64 single-stepping |
|
Date: |
Sun, 8 May 2022 13:18:52 +0100 |
Introduction
This document will explain how setup Mutt email client using OAuth2
(modern authentication) to access your emails.
Authentication will be done using "bearer tokens" instead of a
combination of a username and an application password.
You can find more details about bearer tokens and the python script we
will use to generate them following this link.
Prerequisites
1) A working GPG setup on your machine. If you don't have this setup
please follow below steps:
Install gpg.
sudo apt install gpg or yum install gnupg2
Run gpg --gen-key
Answer the questions (your name, email address...)
Check you GPG setup
Create a text file with foo in it
echo foo > foo.txt
Encrypt your text file with your gpg key
gpg --batch --yes -e -r franck.iaropoli@arm.com foo.txt
Decrypt your foo.txt.gpg file
$ gpg -d foo.txt.gpg
gpg: encrypted with 3072-bit RSA key, ID 5F5E76BC0AD59EFD, created 2022-04-29
"Franck Iaropoli <franck.iaropoli@arm.com>"
foo
Enter your passphrase (you may not asked if you entered it recently)
and you should see foo as result.
2) Download mutt_oauth2.py python script and make it executable.
For example
To download the script in your home directory and make it executable:
wget -O ~/mutt_oauth2.py
https://gitlab.com/muttmua/mutt/-/raw/master/contrib/mutt_oauth2.py
cd
chmod +x mutt_oauth2.py
Note: The mutt_oauth2.py script requires at least Python 3.7
3) At least Mutt 2.0.0. Earlier versions do not have the
imap_oauth_refresh_command function (see release notes with more
information in XOAUTH2 part).
4) The Mutt Azure application client_id which is
e86f5911-84ec-4635-b69a-313d29aa3858
5) For the gpg-agent to be able to ask you to unlock passphrase, set
the environment variable GPG_TTY to the current tty.
If you are using bash shell, put the following inside your .bashrc or
equivalent (.zshrc with zsh for example)
export GPG_TTY=$(tty)
Note: If you are not using an interactive session, you must export
GPG_TTY variable in your .bashrc_profile or equivalent (.zshenv with
zsh for example)
6) Edit the mutt_oauth2.py script :
Put your GPG identity in 'YOUR_GPG_IDENTITY' (your email address or
whatever you have set instead during gpg setup) in the ENCRYPTION_PIPE
line.
ENCRYPTION_PIPE = ['gpg', '--encrypt', '--recipient', 'YOUR_GPG_IDENTITY']
For example:
ENCRYPTION_PIPE = ['gpg', '--encrypt', '--recipient', 'franck.iaropoli@arm.com']
In the registrations, the microsoft one, enter the client_id
e86f5911-84ec-4635-b69a-313d29aa3858
registrations = {
'google': {
...
},
'microsoft': {
...
'client_id': 'e86f5911-84ec-4635-b69a-313d29aa3858',
'client_secret': '',
},
}
Create your tokens
Run the mutt_oauth2.py script with the path to the file that will
contain your tokens, the verbose and authorize options:
./mutt_oauth2.py <path to file with tokens> --verbose --authorize
For example:
./mutt_oauth2.py franck.iaropoli@arm.com.tokens --verbose --authorize
Note:
You should be asked to enter your gpg passphrase:
Select microsoft as app and endpoint registration:
$ ./mutt_oauth2.py franck.iaropoli@arm.com.tokens --verbose --authorize
Available app and endpoint registrations: google microsoft
OAuth2 registration: microsoft
Select your preferred OAuth2 flow:
- "authcode": you paste a complicated URL into a browser, then
manually extract a "code" parameter from a subsequent URL in the
browser address bar and paste that back to the script.
- "localhostauthcode": you again paste the complicated URL into a
browser but that's it --- the code is automatically extracted from the
response relying on a localhost redirect and temporarily listening on
a localhost port.
This flow can only be used if the web browser opening the redirect URL
sits on the same machine as where mutt is running, in other words can
not be used if you ssh to a remote machine and run mutt on that remote
machine while your web browser remains on your local machine.
- "devicecode": you go to a simple URL and just enter a short code.
We will use devicecode as it can work with a local or a remote session:
$ ./mutt_oauth2.py franck.iaropoli@arm.com.tokens --verbose --authorize
Available app and endpoint registrations: google microsoft
OAuth2 registration: microsoft
Preferred OAuth2 flow ("authcode" or "localhostauthcode" or
"devicecode"): devicecode
Enter your email address:
$ ./mutt_oauth2.py franck.iaropoli@arm.com.tokens --verbose --authorize
Available app and endpoint registrations: google microsoft
OAuth2 registration: microsoft
Preferred OAuth2 flow ("authcode" or "localhostauthcode" or
"devicecode"): devicecode
Account e-mail address: franck.iaropoli@arm.com
Now open the link given in the terminal in your preferred web browser:
$ ./mutt_oauth2.py franck.iaropoli@arm.com.tokens --verbose --authorize
Available app and endpoint registrations: google microsoft
OAuth2 registration: microsoft
Preferred OAuth2 flow ("authcode" or "localhostauthcode" or
"devicecode"): devicecode
Account e-mail address: franck.iaropoli@arm.com
To sign in, use a web browser to open the page
https://microsoft.com/devicelogin and enter the code D59TF5YCJ to
authenticate.
Polling...
Enter the code available in the terminal and click Next
Note: If you have recently done the authentication process you may
just have to select you account and not doing a full authentication:
Otherwise you will have to do the full authentication process as
explained below.
Enter your email address:
Enter your password:
Approve the sign in request with your preferred 2FA solution (here the
Microsoft Authenticator application was used)
Click Continue
You have now signed into Mutt application.
You can close the window.
Come back to the terminal. You will see that an access token has been obtained.
$ ./mutt_oauth2.py franck.iaropoli@arm.com.tokens --verbose --authorize
Available app and endpoint registrations: google microsoft
OAuth2 registration: microsoft
Preferred OAuth2 flow ("authcode" or "localhostauthcode" or
"devicecode"): devicecode
Account e-mail address: franck.iaropoli@arm.com
To sign in, use a web browser to open the page
https://microsoft.com/devicelogin and enter the code D59TF5YCJ to
authenticate.
Polling.............................................
NOTICE: Obtained new access token, expires 2022-04-28T14:07:59.922548.
Access Token:
eyJ0eXAiOiJKV1QiLCJub25jZSI6Ii1lNzlNSXFWc1ZrUllzS3FjZ1lQa3VzenpaX25ZLWN6MGVxOXFERWlLVkEiLCJhbGciOiJSUzI1NiIsIng1dCI6ImpTMVhvMU9XRGpfNTJ2YndHTmd2UU8yVnpNYyIsImtpZCI6ImpTMVhvMU9XRGpfNTJ2YndHTmd2UU8yVnpNYyJ9.eyJhdWQiOiJodHRwczovL291dGxvb2sub2ZmaWNlLmNvbSIsImlzcyI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2YzNGU1OTc5LTU3ZDktNGFhYS1hZDRkLWIxMjJhNjYyMTg0ZC8iLCJpYXQiOjE2NTExNDM2NDMsIm5iZiI6MTY1MTE0MzY0MywiZXhwIjoxNjUxMTQ3Njc4LCJhY2N0IjowLCJhY3IiOiIxIiwiYWlvIjoiQVZRQXEvOFRBQUFBdEMybW55VitBaWViQkhxOG1lTDlWRlBOYWFTUnI0V2pCV1g2VWZpenJINkp6SVM1c1Fob0ludHB6QkJTWlIzelNMYStCNkJyZmxRemFvZUxsVFpvZk1pVzNpVWJMZXdqdXNQbWN4TTljbjQ9IiwiYW1yIjpbInB3ZCIsIm1mYSJdLCJhcHBfZGlzcGxheW5hbWUiOiJNdXR0IiwiYXBwaWQiOiJlODZmNTkxMS04NGVjLTQ2MzUtYjY5YS0zMTNkMjlhYTM4NTgiLCJhcHBpZGFjciI6IjAiLCJlbmZwb2xpZHMiOltdLCJmYW1pbHlfbmFtZSI6Iklhcm9wb2xpIiwiZ2l2ZW5fbmFtZSI6IkZyYW5jayIsImlwYWRkciI6IjIxNy4xNDAuMTA2LjM5IiwibmFtZSI6IkZyYW5jayBJYXJvcG9saSIsIm9pZCI6ImY2NTc5MTIwLTBkODAtNGRkYS04ZmIzLTE0OWU4YTkyNTQyNyIsIm9ucHJlbV9zaWQiOiJTLTEtNS0yMS0xNzE1NTY3ODIxLTE2NDQ0OTE5MzctNzI1MzQ1NTQzLTkxOTQ1IiwicHVpZCI6IjEwMDM3RkZFOTE2MUZGNzUiLCJyaCI6IjAuQVJBQWVWbE84OWxYcWtxdFRiRWlwbUlZVFFJQUFBQUFBUEVQemdBQUFBQUFBQUFRQU1JLiIsInNjcCI6IklNQVAuQNGQtOWVhMS04NjU1MmY1NTUzODIiLCJzaWduaW5fc3RhdGUiOlsiaW5rbm93bm50d2siLCJrbXNpIl0sInN1YiI6InFjZFRSNG5xNjFCbmRlNWE0a0t3UzNrZzJlcm1IY2g0UnptdGF1NkpKQjAiLCJ0aWQiOiJmMzRlNTk3OS01N2Q5LTRhYWEtYWQ0ZC1iMTIyYTY2MjE4NGQiLCJ1bmlxdWVfbmFtZSI6IkZyYW5jay5JYXJvcG9saUBhcm0uY29tIiwidXBuIjoiRnJhbmNrLklhcm9wb2xpQGFybS5jb20iLCJ1dGkiOiJNVm5WeHNVdmMwaUM3bnNYdEtwekFBIiwidmVyIjoiMS4wIiwid2lkcyI6WyI3Mjk4MjdlMy05YzE0LTQ5ZjctYmIxYi05NjA4ZjE1NmJiYjgiLCJmZTkzMGJlNy01ZTYyLTQ3ZGItOTFhZi05OGMzYTQ5YTM4YjEiLCJiNzlmYmY0ZC0zZWY5LTQ2ODktODE0My03NmIxOTRlODU1MDkiXX0.Iwehvs9MSqTwsRTM4z6a_9reDde0Bh_cOhT1Brny1KtDyWhTOlStlx1CgGpckI7zdGEXxwYDmo4BON6PszehcjThQM9lp-dYhSzjp1Dn_P6C1N3iBw59IhhTKxfW9ZIsPx60Pcs0FJXmMQoJLnIbn3jqEzkzbkupu4nsuDTfSw886TsHQ1lS17dvO1qJDctLMMZzrQ0ZklmxQoIUypcqTb9a0plwIXiSMarm2uzybyEA3vgZOCFRzUohCVflyJBUa9Vm_z444gOEbFAPaMuPdo_-JNkFDzszxVrSI1c2zDJlN8ofq2VAScp5P_UELX72KyOkhl52jpcPmlrCpdmC-Q
Test your tokens
Run mutt_oauth2.py script with the path to your tokens file, the
verbose and the test option:
./mutt_oauth2.py <path to file with tokens> --verbose --test
For example:
$ ./mutt_oauth2.py franck.iaropoli@arm.com.tokens --verbose --test
Access Token:
eyJ0eXAiOiJKV1QiLCJub25jZSI6Ii1CUGYtdWR1ZU9pZXBVSmZpaExBakpKSl9UdXVkcllPRjlYOGZWUTlLaGciLCJhbGciOiJSUzI1NiIsIng1dCI6ImpTMVhvMU9XRGpfNTJ2YndHTmd2UU8yVnpNYyIsImtpZCI6ImpTMVhvMU9XRGpfNTJ2YndHTmd2UU8yVnpNYyJ9.eyJhdWQiOiJodHRwczovL291dGxvb2sub2ZmaWNlLmNvbSIsImlzcyI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2YzNGU1OTc5LTU3ZDktNGFhYS1hZDRkLWIxMjJhNjYyMTg0ZC8iLCJpYXQiOjE2NTExNTQ3MDYsIm5iZiI6MTY1MTE1NDcwNiwiZXhwIjoxNjUxMTU5ODM0LCJhY2N0IjowLCJhY3IiOiIxIiwiYWlvIjoiQVZRQXEvOFRBQUFBVndRbnZJMmlRenJ0NEdPTGxHUWYzeDMvc3FQekxLZ3c5N244SFN0L3RHcFl1Z21jRHdiMFJZeWcyb2J6cHVYTkU1NUZSS1l6aCtIM2NNbGxneUpNbEIyelVSaWtSaHlvbXBlZFlMMVVMV289IiwiYW1yIjpbInB3ZCIsIm1mYSJdLCJhcHBfZGlzcGxheW5hbWUiOiJNdXR0IiwiYXBwaWQiOiJlODZmNTkxMS04NGVjLTQ2MzUtYjY5YS0zMTNkMjlhYTM4NTgiLCJhcHBpZGFjciI6IjAiLCJlbmZwb2xpZHMiOltdLCJmYW1pbHlfbmFtZSI6Iklhcm9wb2xpIiwiZ2l2ZW5fbmFtZSI6IkZyYW5jayIsImlwYWRkciI6IjIxNy4xNDAuMTA2LjM5IiwibmFtZSI6IkZyYW5jaytNS0yMS0xNzE1NTY3ODIxLTE2NDQ0OTE5MzctNzI1MzQ1NTQzLTkxOTQ1IiwicHVpZCI6IjEwMDM3RkZFOTE2MUZGNzUiLCJyaCI6IjAuQVJBQWVWbE84OWxYcWtxdFRiRWlwbUlZVFFJQUFBQUFBUEVQemdBQUFBQUFBQUFRQU1JLiIsInNjcCI6IklNQVAuQWNjZXNzQXNVc2VyLkFsbCBQT1AuQWNjZXNzQXNVc2VyLkFsbCBTTVRQLlNlbmQiLCJzaWQiOiJkMTExZGM4Ni00NGUxLTRiZjktYTk4ZS0yYThmYjA2NTU3NTMiLCJzaWduaW5fc3RhdGUiOlsiaW5rbm93bm50d2siXSwic3ViIjoicWNkVFI0bnE2MUJuZGU1YTRrS3dTM2tnMmVybUhjaDRSem10YXU2SkpCMCIsInRpZCI6ImYzNGU1OTc5LTU3ZDktNGFhYS1hZDRkLWIxMjJhNjYyMTg0ZCIsInVuaXF1ZV9uYW1lIjoiRnJhbmNrLklhcm9wb2xpQGFybS5jb20iLCJ1cG4iOiJGcmFuY2suSWFyb3BvbGlAYXJtLmNvbSIsInV0aSI6IjJ4eVBpZG41Q2txdy1fbWdpTzhOQUEiLCJ2ZXIiOiIxLjAiLCJ3aWRzIjpbIjcyOTgyN2UzLTljMTQtNDlmNy1iYjFiLTk2MDhmMTU2YmJiOCIsImZlOTMwYmU3LTVlNjItNDdkYi05MWFmLTk4YzNhNDlhMzhiMSIsImI3OWZiZjRkLTNlZjktNDY4OS04MTQzLTc2YjE5NGU4NTUwOSJdfQ.fAjkZGM1Z5XQ7R1xD3raGuNbJzgcaWKKb5FS-MM1sFoGS8PdCS--0oWCi2VD7X43fgXaAWoHjMMCbXpTjF569gaQCEMCH-QelxRx_nQi7kk7N6ljWMFULLufIWyNegSVun8M_VqnxBxxPfdGZLqdxfKZAxFAM3YMY4d_-W2uSzBGFprF5PpT644O3Coro1ir1pWaRRhpOgY78HRbZEH8vfeG_L763STjWmTVGNeEw5cIR8_AcdgJaHWfP4DrwOcD3n5MmqlrQrfM9h1Ev6LaaX_0FPlmBmOOyBxH90o2JAFoEV3wG1kOghxTAmmG8SH_TUV4xISbi9XOBJa1dmZXuQ
IMAP authentication succeeded
POP authentication FAILED (does your account allow POP?): -ERR
Authentication failure: unknown user name or bad password.
SMTP authentication succeeded
IMAP and SMTP authentication should be marked as succeeded.
Note:
If IMAP and SMTP authentication are not working:
Check you network connection
Check that all settings in mutt_oauth2.py script are correct
The client_id which is e86f5911-84ec-4635-b69a-313d29aa3858
Your GPG identity in ENCRYPTION_PIPE variable
Restart the tokens creation process.
Delete the file that contains your tokens (in this example
franck.iaropoli@arm.com.tokens file)
Redo all the steps in the previous paragraph "create tokens" (running
script mutt_oauth2.py with the path to your tokens file, the verbose
and authorize options)
Configure Mutt
You now need to add below additional settings to your Mutt config file
to start using OAuth2 authentication (settings between <> must be
changed)
# setup modern auth
set imap_user="<your Arm email address"
set folder="imaps://outlook.office365.com:993/"
set smtp_url="smtp://${imap_user}@smtp.office365.com:587/"
set imap_authenticators="xoauth2"
set imap_oauth_refresh_command="<path to mutt_oauth2.py script> <name
of the tokens file>"
set smtp_authenticators=${imap_authenticators}
set smtp_oauth_refresh_command=${imap_oauth_refresh_command}
For example:
# setup modern auth
set imap_user="franck.iaropoli@arm.com"
set folder="imaps://outlook.office365.com:993/"
set smtp_url="smtp://${imap_user}@smtp.office365.com:587/"
set imap_authenticators="xoauth2"
set imap_oauth_refresh_command="/home/fraiar01/mutt_oauth2.py
${imap_user}.tokens"
set smtp_authenticators=${imap_authenticators}
set smtp_oauth_refresh_command=${imap_oauth_refresh_command}
Note:
You will be asked to re-enter your passphrase to access your tokens
and to renew them.
Known limitations
At present, mutt_oauth2.py access tokens have a limited lifetime,
meaning they must be regenerated every couple of hours.
On Sat, 7 May 2022 at 15:18, Chris Howard <cvz185@web.de> wrote:
> PS. In plain gdb (ie. no nice user interface) a large number (but not all) of
> the system registers gets displayed after each step. It would be nice if
> these were sorted in some way. At the moment they’re completely jumbled — not
> alphabetic, not grouped by EL, nor by “meaning” (DBGWVR0_EL1 isn’t
> necessarily next to DBGWCR0_EL1).
>
> Also, there are multiple (identical?) instances of “DBGBVR” and “DBGBCR” (and
> “DBGWVR” and “DBGWCR”) rather than the expected “DBGWVR0_EL1”, “DBGWVR1_EL1”
> etc.
>
> Would this be a QEMU or a GDB issue? Or isn’t it an issue at all? :-)
My gdb doesn't do that. Basically QEMU provides gdb with some XML
telling it that the sysregs are present, but it's up to gdb at
what points it chooses to display what registers and how it does that.
The system register read access via the gdbstub is "best-effort"
on QEMU's part -- we implement it to the extent that it wasn't too
difficult to do, but there are some sharp edges, like the
register names not always being quite right, and also the way
that if you try to read a register that isn't supposed to be
accessible by the current EL you might find it's not correct.
Trying to read SP_EL2 while at EL2 is an example of that.
The reason register names are sometimes funny is that the
infrastructure for system registers within QEMU was originally
written with the assumption that the name strings were merely
for convenience when debugging QEMU itself, so it's sometimes
a bit careless about them. We only added the "tell GDB about
these" part later.
That said, adding the numbers into the watchpoint and breakpoint
registers would be pretty easy, so we should do that. That is,
in this code:
https://gitlab.com/qemu-project/qemu/-/blob/master/target/arm/helper.c#L6567
we should use g_strdup_printf() to create unique per-register
names, the same way we do for the PMU registers already here:
https://gitlab.com/qemu-project/qemu/-/blob/master/target/arm/helper.c#L6632
thanks
-- PMM