From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.devel Subject: Re: Modifying Emacs to use the Mac OS X Keychain Services Date: Wed, 08 Jun 2011 15:48:47 -0500 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: <87tyc0camo.fsf@lifelogs.com> References: <8739jmso4c.fsf@gmx.de> <87y61ekr8y.fsf@gmx.de> Reply-To: emacs-devel@gnu.org NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Trace: dough.gmane.org 1307566170 5662 80.91.229.12 (8 Jun 2011 20:49:30 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Wed, 8 Jun 2011 20:49:30 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Jun 08 22:49:27 2011 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1QUPgs-00069u-Rs for ged-emacs-devel@m.gmane.org; Wed, 08 Jun 2011 22:49:27 +0200 Original-Received: from localhost ([::1]:58470 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QUPgs-0003n2-1p for ged-emacs-devel@m.gmane.org; Wed, 08 Jun 2011 16:49:26 -0400 Original-Received: from eggs.gnu.org ([140.186.70.92]:54280) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QUPgX-0003mU-Li for emacs-devel@gnu.org; Wed, 08 Jun 2011 16:49:06 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QUPgW-00005l-0P for emacs-devel@gnu.org; Wed, 08 Jun 2011 16:49:05 -0400 Original-Received: from lo.gmane.org ([80.91.229.12]:52976) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QUPgV-00005T-Eb for emacs-devel@gnu.org; Wed, 08 Jun 2011 16:49:03 -0400 Original-Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1QUPgT-0005zQ-NT for emacs-devel@gnu.org; Wed, 08 Jun 2011 22:49:01 +0200 Original-Received: from 38.98.147.130 ([38.98.147.130]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 08 Jun 2011 22:49:01 +0200 Original-Received: from tzz by 38.98.147.130 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 08 Jun 2011 22:49:01 +0200 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: emacs-devel@gnu.org Original-Lines: 59 Original-X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: 38.98.147.130 X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.50 (gnu/linux) Cancel-Lock: sha1:gY6Jts6DXmoZODWWm3wqQxust2E= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 80.91.229.12 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:140308 Archived-At: On Wed, 8 Jun 2011 00:50:50 -0500 Ben Key wrote: BK> I rewrote the ns-keychain functions I had already written so that BK> they interpret the collection parameter to be an indication of what BK> keychain file the data should be stored in.  The values "default" or BK> "secrets:default" are interpreted to mean that the default keychain BK> should be used.  The values "login" or "secrets:Login" are BK> interpreted to mean that the login keychain file should be BK> used.  Other values for collection such as "session" or BK> "secrets:session" are not supported at this time.  The values BK> "session" or "secrets:session" cause an error with an "At this time BK> the 'session' collection is not supported on Mac OS X" message. This is good, but the error should be simply "The collection %s could not be found" for any invalid collection, not just "session". BK>  Other non-supported values simply result in the default keychain BK> being used. Please throw an error if the requested keychain doesn't exist, same as above. >> The major idea of the "session" collection is to NOT store secrets >> permanently. Therefore, I would recommend that you raise an error "not >> available" or something like this, if somebody uses the "session" >> collection in your case. BK> I could mimic this capability by storing the data in a keychain file, BK> such as ~/Library/Keychains/emacs-session.keychain that gets deleted BK> using the function SecKeychainDelete when Emacs exits.  This would BK> make it an Emacs session keychain.  Of course if Emacs crashes, the BK> keychain file would not be deleted. I don't think this is useful and introduces unwanted security risks. There's no need to mimic the Secrets API "session" transient storage if it's not directly supported by the Keychain Services. BK> Since the collection parameter is now being interpreted as an BK> indication of which keychain file to store the data in, I had to pick BK> a value for the serviceName parameter that is used by functions like BK> SecKeychainAddGenericPassword and SecKeychainFindGenericPassword.  I BK> chose the value "GNU Emacs."  Are there any objections to this? Yes, please make it configurable. BK>  I could have added a parameter to allow the user to select the BK> value of the serviceName parameter but this would have made it BK> necessary to abandon my plan of adding one ns-keychain function for BK> each secrets API function that has the same parameters, and as near BK> to the same behavior, as the corresponding secrets API function. Don't be afraid of diverging from the Secrets API. The Keychain Services API is not the same thing, we know that. Please add that parameter to the calls. Are you providing both SecKeychain*GenericPassword and SecKeychain*InternetPassword? Ted