bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

[Allen Li]

auth-source does not support saving secrets with the Secrets API
backend.  This reduces the usefulness of auth-source significantly
since keychains that provide secure secret storage using the API are
standard on many GNU/Linux distributions (e.g., gnome-keyring on
Ubuntu).

(auth-source-search :type 'secrets :max 1
                    :host "localhost"
                    :user "user"
                    :create '(secret user host))

Debugger entered--Lisp error: (cl-assertion-failed ((not create) "The
Secrets API auth-source backend doesn't support creation yet"))
  cl--assertion-failed((not create) "The Secrets API auth-source
backend doesn't support creation yet" nil nil)
  auth-source-secrets-search(:backend
[eieio-class-tag--auth-source-backend secrets "Login" t t t nil
auth-source-secrets-create auth-source-secrets-search] :type secrets
:max 1 :require nil :create (secret user host) :delete nil :type
secrets :max 1 :host "localhost" :user "user" :create (secret user
host))
  apply(auth-source-secrets-search :backend
[eieio-class-tag--auth-source-backend secrets "Login" t t t nil
auth-source-secrets-create auth-source-secrets-search] :type secrets
:max 1 :require nil :create (secret user host) :delete nil (:type
secrets :max 1 :host "localhost" :user "user" :create (secret user
host)))
  auth-source-search-backends(([eieio-class-tag--auth-source-backend
secrets "Login" t t t nil auth-source-secrets-create
auth-source-secrets-search]) (:type secrets :max 1 :host "localhost"
:user "user" :create (secret user host)) 1 (secret user host) nil nil)
  auth-source-search(:type secrets :max 1 :host "localhost" :user
"user" :create (secret user host))
  eval((auth-source-search :type (quote secrets) :max 1 :host
"localhost" :user "user" :create (quote (secret user host))) nil)
  elisp--eval-last-sexp(nil)
  eval-last-sexp(nil)
  funcall-interactively(eval-last-sexp nil)
  #<subr call-interactively>(eval-last-sexp nil nil)
  apply(#<subr call-interactively> eval-last-sexp (nil nil))
  call-interactively@ido-cr+-record-current-command(#<subr
call-interactively> eval-last-sexp nil nil)
  apply(call-interactively@ido-cr+-record-current-command #<subr
call-interactively> (eval-last-sexp nil nil))
  call-interactively(eval-last-sexp nil nil)
  command-execute(eval-last-sexp)

bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

[Michael Albinus]

Allen Li <vianchielfaura@gmail.com> writes:

Hi Allen,

> auth-source does not support saving secrets with the Secrets API
> backend.  This reduces the usefulness of auth-source significantly
> since keychains that provide secure secret storage using the API are
> standard on many GNU/Linux distributions (e.g., gnome-keyring on
> Ubuntu).

This was reported already some years ago on the emacs-help ML, see
<http://lists.gnu.org/archive/html/help-gnu-emacs/2013-06/msg00361.html>. IIRC,
it wasn't trivial to implement, that's why it has lingered around on my
TODO since then.

See also `auth-source-secrets-create' in auth-source.el, which misses
its implementation. And you've got the error message "The Secrets API
auth-source backend doesn't support creation yet".

Since I am working on secrets.el these days anyway due to your other
report bug#29575, chances are good that I'll fix this, finally.

Best regards, Michael.

bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

[Michael Albinus]

Michael Albinus <michael.albinus@gmx.de> writes:

> Hi Allen,
>
>> auth-source does not support saving secrets with the Secrets API
>> backend.  This reduces the usefulness of auth-source significantly
>> since keychains that provide secure secret storage using the API are
>> standard on many GNU/Linux distributions (e.g., gnome-keyring on
>> Ubuntu).
>
> Since I am working on secrets.el these days anyway due to your other
> report bug#29575, chances are good that I'll fix this, finally.

I've implemented creation of secrets via the Secret Service API in
auth-source.el. Could you, pls, check?

I will add support for this into Tramp. It doesn't create yet items, for
any backend.

Deletion isn't implemented for any auth-source backend yet. So I haven't
done it for the Secret Service API either, and I don't plan it for next time.

Best regards, Michael.

bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

[Allen Li]

Thanks.  Currently I'm using Emacs 26 due to bugs in 27, so due to
various reasons it may take a few weeks for me to get around to trying
it.

On Fri, Apr 13, 2018 at 6:41 AM, Michael Albinus <michael.albinus@gmx.de> wrote:
> Michael Albinus <michael.albinus@gmx.de> writes:
>
>> Hi Allen,
>>
>>> auth-source does not support saving secrets with the Secrets API
>>> backend.  This reduces the usefulness of auth-source significantly
>>> since keychains that provide secure secret storage using the API are
>>> standard on many GNU/Linux distributions (e.g., gnome-keyring on
>>> Ubuntu).
>>
>> Since I am working on secrets.el these days anyway due to your other
>> report bug#29575, chances are good that I'll fix this, finally.
>
> I've implemented creation of secrets via the Secret Service API in
> auth-source.el. Could you, pls, check?
>
> I will add support for this into Tramp. It doesn't create yet items, for
> any backend.
>
> Deletion isn't implemented for any auth-source backend yet. So I haven't
> done it for the Secret Service API either, and I don't plan it for next time.
>
> Best regards, Michael.

bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

[Michael Albinus]

Allen Li <darkfeline@felesatra.moe> writes:

Hi Allen,

> Thanks.  Currently I'm using Emacs 26 due to bugs in 27, so due to
> various reasons it may take a few weeks for me to get around to trying
> it.

No problem, take your time.

Best regards, Michael.

bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

[Michael Albinus]

Michael Albinus <michael.albinus@gmx.de> writes:

Hi Allen,

> I've implemented creation of secrets via the Secret Service API in
> auth-source.el. Could you, pls, check?
>
> I will add support for this into Tramp. It doesn't create yet items, for
> any backend.

That's done now.

Best regards, Michael.

bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

[Michael Albinus]

Allen Li <darkfeline@felesatra.moe> writes:

Hi Allen,

> Thanks.  Currently I'm using Emacs 26 due to bugs in 27, so due to
> various reasons it may take a few weeks for me to get around to trying
> it.

Could you test it by any chance in Emacs 27? If not, I'll close the
bug. You could still report later if it doesn't work as expected.

Best regards, Michael.

bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

[Allen Li]

On Wed, Sep 5, 2018 at 1:57 AM Michael Albinus <michael.albinus@gmx.de> wrote:
>
> Could you test it by any chance in Emacs 27? If not, I'll close the
> bug. You could still report later if it doesn't work as expected.

It looks like secret creation works now, however I can't seem to
retrieve the secret.  I can file a separate bug for that if you want.

(auth-source-search :host "example.com" :user "bob" :secret "password"
:create t)

After calling the returned save function, I can confirm that the
secret is created:

$ secret-tool search --all --unlock host example.com user bob
[/org/freedesktop/secrets/collection/login/484]
label = bob@example.com
secret = password
created = 2018-09-08 23:35:47
modified = 2018-09-08 23:35:47
schema = org.freedesktop.Secret.Generic
attribute.host = example.com
attribute.user = bob

However I cannot seem to retrieve it using auth-source:

(auth-source-search :host "example.com" :user "bob")
nil

Also, deletion still isn't supported:

(auth-source-delete :host "example.com" :user "bob")
(cl-assertion-failed ((not delete) "The Secrets API auth-source
backend doesn't suppor..."))

>
> Best regards, Michael.

bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

[Michael Albinus]

Allen Li <darkfeline@felesatra.moe> writes:

Hi Allen,

>> Could you test it by any chance in Emacs 27? If not, I'll close the
>> bug. You could still report later if it doesn't work as expected.
>
> It looks like secret creation works now, however I can't seem to
> retrieve the secret.  I can file a separate bug for that if you want.

Yes, please do. Because:

> (auth-source-search :host "example.com" :user "bob" :secret "password"
> :create t)
>
> After calling the returned save function, I can confirm that the
> secret is created:
>
> $ secret-tool search --all --unlock host example.com user bob
> [/org/freedesktop/secrets/collection/login/484]
> label = bob@example.com
> secret = password
> created = 2018-09-08 23:35:47
> modified = 2018-09-08 23:35:47
> schema = org.freedesktop.Secret.Generic
> attribute.host = example.com
> attribute.user = bob
>
> However I cannot seem to retrieve it using auth-source:
>
> (auth-source-search :host "example.com" :user "bob")
> nil

I could reproduce it locally. And I could reproduce it also with another
backend, "~/.authinfo". However, if I start a new Emacs session,

(auth-source-search :host "example.com" :user "bob")

returns a valid result. Don't know whether this is a bug or a feature; I
let it to you to decide how to handle. The original bug in this report
("auth-source does not support creation with secrets provider") seems to
be solved, so I'd like to close this.

> Also, deletion still isn't supported:
>
> (auth-source-delete :host "example.com" :user "bob")
> (cl-assertion-failed ((not delete) "The Secrets API auth-source
> backend doesn't suppor..."))

Yes. But deletion is not supported by any auth-source backend. So I
would prefer if we handle this in another bug report, if the
functionality is missing for you.

To be honest, I'm undecided whether deletion makes sense in auth-source.

Best regards, Michael.

bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

[Michael Albinus]

Version: 27.1

Michael Albinus <michael.albinus@gmx.de> writes:

Hi Allen,

>>> Could you test it by any chance in Emacs 27? If not, I'll close the
>>> bug. You could still report later if it doesn't work as expected.
>>
>> It looks like secret creation works now, however I can't seem to
>> retrieve the secret.  I can file a separate bug for that if you want.
>
> Yes, please do.

There's now bug#32725 for that problem. I'm closing this bug, therefore.

Best regards, Michael.