From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Dave Abrahams Newsgroups: gmane.emacs.devel Subject: Re: Modifying Emacs to use the Mac OS X Keychain Services Date: Mon, 20 Aug 2012 09:42:33 -0400 Message-ID: References: <8739jmso4c.fsf@gmx.de> <87y61ekr8y.fsf@gmx.de> <87tyc0camo.fsf@lifelogs.com> <87lii2ql3x.fsf@lifelogs.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1345470170 4160 80.91.229.3 (20 Aug 2012 13:42:50 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 20 Aug 2012 13:42:50 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Aug 20 15:42:47 2012 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1T3SFj-0006Ck-Jt for ged-emacs-devel@m.gmane.org; Mon, 20 Aug 2012 15:42:47 +0200 Original-Received: from localhost ([::1]:54569 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1T3SFi-0001IJ-AU for ged-emacs-devel@m.gmane.org; Mon, 20 Aug 2012 09:42:46 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:45296) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1T3SFe-0001Hu-Rr for emacs-devel@gnu.org; Mon, 20 Aug 2012 09:42:44 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1T3SFa-00017H-B1 for emacs-devel@gnu.org; Mon, 20 Aug 2012 09:42:42 -0400 Original-Received: from mail-vc0-f169.google.com ([209.85.220.169]:37832) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1T3SFa-000173-5q for emacs-devel@gnu.org; Mon, 20 Aug 2012 09:42:38 -0400 Original-Received: by vcbfl10 with SMTP id fl10so5740915vcb.0 for ; Mon, 20 Aug 2012 06:42:36 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:to:subject:references:date:in-reply-to:message-id:user-agent :mime-version:content-type:x-gm-message-state; bh=HuxyW6dl5aoJfkUC/tpCgTZ3wK3o+kZfe9oVJEHRAds=; b=P4QhKo+RbH+jxlhE+Og8I86lO/mORPC6/G3RLeEio0SpdceXr3bVkf3p4O/12M0o/G KeLsnYezaH3lhoB93u3KoUKWZ2i6EfwA8NSgmnkvVBJzTHE+J/Cckg/7Fe7RSK9tUr2P z9o1Rq7oBHAchYLtW5xkiZKSwlLb2OHHTPt+u3KnmQyWSiKR1JPpmL2DFi68ZlaNSs0k piCSuJJlSPfxQiOjffcD1ACmS2McmgfvHaIzhgXuXmSfnGYKsJML4/+7l05d71c7AY7b uo9GL5MYQ9BlP4uBFtDTY4ISkfpYIfitpqQI/CSDQ3bimwxZWiANtlQzwm1zW4U/evxt BkFw== Original-Received: by 10.52.21.179 with SMTP id w19mr8681251vde.58.1345470156523; Mon, 20 Aug 2012 06:42:36 -0700 (PDT) Original-Received: from pluto.luannocracy.com (207-172-223-249.c3-0.smr-ubr3.sbo-smr.ma.static.cable.rcn.com. [207.172.223.249]) by mx.google.com with ESMTPS id us1sm4289988vec.9.2012.08.20.06.42.33 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 20 Aug 2012 06:42:34 -0700 (PDT) Original-Received: by pluto.luannocracy.com (Postfix, from userid 501) id 4DACC5F07E37; Mon, 20 Aug 2012 09:42:33 -0400 (EDT) In-Reply-To: <87lii2ql3x.fsf@lifelogs.com> (Ted Zlatanov's message of "Sun, 29 Jul 2012 18:05:22 -0400") User-Agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.1 (darwin) X-Gm-Message-State: ALoCoQndusFLqUWy3lkGNOXS0QAwQcJzCc16op/tUVRP/vo9j8bVF5do3DUjHX22V9qulmZPplar X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 209.85.220.169 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:152695 Archived-At: on Sun Jul 29 2012, Ted Zlatanov wrote: > On Fri, 27 Jul 2012 11:20:17 -0400 Dave Abrahams wrote: > > DA> Did anything come of this? I am really tired of typing in my GPG key > DA> every time I start Gnus. I'd be more than happy to have a solution that > DA> just used /usr/bin/security to look up the password; I don't need more > DA> security than that. > > DA> I looked a bit at the "secrets" API but could understand it easily > DA> enough to code something up. I just want Emacs to run > > DA> /usr/bin/security --find-internet-password -gs > > DA> to get the password for my mail server. > > I don't think I knew about this utility :) Thanks! > > I haven't heard from Ben Key (CC-ed on this post) in a year so I figured > it's simpler to implement this myself. I've pushed something into the > Gnus repo, which you can test. It doesn't support creation or deletion, > but searching works. > > The fundamental problem was that internet (I've spelled it with a > lowercase 'i' to be consistent with Apple) and generic keychains behave > very differently. So I chose to make the user decide which one he > wants; the following are valid entries in `auth-sources': > > #+begin_src lisp > (auth-source-backend-parse 'macos-keychain-internet) > (auth-source-backend-parse 'macos-keychain-generic) > (auth-source-backend-parse "macos-keychain-internet:/path/here.keychain") > (auth-source-backend-parse "macos-keychain-generic:/path/here.keychain") > (auth-source-backend-parse '(:source (:macos-keychain-internet default))) > (auth-source-backend-parse '(:source (:macos-keychain-generic "/path/here.keychain"))) > #+end_src And despite that, I am seeing auth-source-backend-parse: invalid backend spec: (quote macos-keychain-generic) auth-source-backend-parse: invalid backend spec: (quote macos-keychain-internet) > > ...and here you can see the very first entry in each of your default > internet and generic keychains: > > #+begin_src lisp > (let ((auth-sources '(macos-keychain-internet))) (auth-source-search :max 1)) > (let ((auth-sources '(macos-keychain-generic))) (auth-source-search :max 1)) > #+end_src > > The hardest part was mapping internet and generic keychains into the > common auth-source format for searching and for providing results. For > searching, I chose to map them as explained in the docstring of > `auth-source-macos-keychain-search', using the various /usr/bin/security > parameters. For results, the logic is simple enough to show here: > > #+begin_src lisp > (defun auth-source-macos-keychain-result-append (result generic k v) > (push v result) > (setq k (cond > ((equal k "acct") "user") > ;; for generic keychains, creator is host, service is port > ((and generic (equal k "crtr")) "host") > ((and generic (equal k "svce")) "port") > ;; for internet keychains, protocol is port, server is host > ((and (not generic) (equal k "ptcl")) "port") > ((and (not generic) (equal k "srvr")) "host") > (t k))) > > (push (intern (format ":%s" k)) result)) > #+end_src > > At most one result is returned, ever. This is due to the way > /usr/bin/security works. If I dump the whole keychain, the user would > get a thousand popup dialogs. > > It should be pretty trivial to use the native keychain calls on Mac OS X > within this framework. Ben, if you're still interested, please let us > know. > > I am far from expert on Mac OS X; this worked for me and I hope it works > for you. Patches welcome to improve it. > > Ted -- Dave Abrahams BoostPro Computing Software Development Training http://www.boostpro.com Clang/LLVM/EDG Compilers C++ Boost