From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ben Key Newsgroups: gmane.emacs.devel Subject: Re: Modifying Emacs to use the Mac OS X Keychain Services Date: Sat, 28 May 2011 12:16:53 -0500 Message-ID: References: <8762ov84k3.fsf@gmx.de> <87aae67v6e.fsf@gmx.de> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary=485b3979d9b6a64af804a459395d X-Trace: dough.gmane.org 1306603044 2829 80.91.229.12 (28 May 2011 17:17:24 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Sat, 28 May 2011 17:17:24 +0000 (UTC) Cc: tzz@lifelogs.com, Emacs-devel@gnu.org To: Michael Albinus Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat May 28 19:17:19 2011 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1QQN8Z-0003LC-DO for ged-emacs-devel@m.gmane.org; Sat, 28 May 2011 19:17:19 +0200 Original-Received: from localhost ([::1]:46161 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QQN8Y-00027f-Tb for ged-emacs-devel@m.gmane.org; Sat, 28 May 2011 13:17:18 -0400 Original-Received: from eggs.gnu.org ([140.186.70.92]:50993) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QQN8V-00027M-Oq for Emacs-devel@gnu.org; Sat, 28 May 2011 13:17:16 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QQN8U-0001Bd-Ds for Emacs-devel@gnu.org; Sat, 28 May 2011 13:17:15 -0400 Original-Received: from mail-bw0-f41.google.com ([209.85.214.41]:33107) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QQN8U-0001BZ-06 for Emacs-devel@gnu.org; Sat, 28 May 2011 13:17:14 -0400 Original-Received: by bwz17 with SMTP id 17so2513864bwz.0 for ; Sat, 28 May 2011 10:17:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=PQaOR0ST9dKTIFNvc0Nxh9/hR7D7LvQcxhgHr7srPh0=; b=gdijwYelLRRUfd/xFdPOq1l8VNiRGzLfK3z2DEowjANx4xffOe2qDZi6LeEwtswcEG sbd0IMIktNlWN24+WMRSITi+IbpGOwARNHXMsfN8O+RcFlgw9Z7moG6hNg7Fhrxp2p0u fUDarzSeS8TNyzXMaUoJ3mec30W/U6mB5Jn/Q= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=jS4tM/7fzrjnyaWw0urBWu5BhFGP2OCpOtGPNoul4VtUvwsX78mN11iidCRyGfrZFk eDAqqhx5o87K+xfQABmpXI52y6hD9DALEyFuiJp5ONUYDMQ1URpFlfnWPNqXB73C5V5j LguWz/ixW+2eV+4HTNxwx3NhguNRkFO0OvdX4= Original-Received: by 10.204.232.4 with SMTP id js4mr2737026bkb.47.1306603033086; Sat, 28 May 2011 10:17:13 -0700 (PDT) Original-Received: by 10.204.52.19 with HTTP; Sat, 28 May 2011 10:16:53 -0700 (PDT) In-Reply-To: <87aae67v6e.fsf@gmx.de> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Received-From: 209.85.214.41 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:139841 Archived-At: --485b3979d9b6a64af804a459395d Content-Type: text/plain; charset=ISO-8859-1 Michael Albinus wrote: > I'm not using OS X, could you, please, send me a pointer to the Keychain > Services API? > > Some information on the Keychain Services API can be found at the Keychain Services Tasks for Mac OS X page found at http://developer.apple.com/library/mac/#documentation/Security/Conceptual/keychainServConcepts/03tasks/tasks.html. More detailed information can be found at the Keychain Services Reference page found at http://developer.apple.com/library/mac/#documentation/Security/Reference/keychainservices/Reference/reference.html . While the Keychain Services API does not exactly mirror the org.freedesktop.secrets interface it is possible to implement the same concepts expressed in secrets.el via the Keychain Services API. For example, a ns-secrets-create-item function could be easily defined that has the same parameters as secrets-create-item. This function would use SecKeychainOpen to open the keychain specified by the collection parameter, and if the call to SecKeychainOpen failed, it could use SecKeychainCreate to create the specified keychain. It then could use SecKeychainAddGenericPassword to add the item specified by the item parameter with the password specified by the password parameter, to the opened or newly created keychain. The attributes parameter could be processed by calling SecKeychainItemModifyAttributesAndData. The ns-secrets-delete-item, ns-secrets-get-secret, and ns-secrets-get-attributes functions could also be written similarly. I am not certain about the other functions, mainly because I have not yet finished my research. The point is, I can implement ns- equivalents in C for most, if not all of the functions defined in secrets.el with the same parameters and nearly the same behavior. I may even be able to make them behave exactly the same as their secrets.el counterparts. Once the functions are defined in C, we can later decide how to call them from Lisp. We can decide to call them from secrets.el by having each of the functions use the following psudeo code (if (fboundp 'ns-{func}) call ns-{func} use dbus) or we could add another auth source to auth-source.el. Either way would work for me. Perhaps I should just focus on writing the ns- equivalents of each of the secrets.el functions and we can decide later how to call them. What do you think? Note: I am not exactly certain how to parse the attributes parameter of my proposed ns-secrets-create-item function. If someone can point me to an example of how to process something like that in C it would be helpful. --485b3979d9b6a64af804a459395d Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Michael Albinus <michael.albinus@gmx.de> wrote= :
I'm not using OS X, could you, please, send me a pointer to the Keychai= n
Services API?


Some in= formation on the Keychain Services API can be found at the Keychain Service= s Tasks for Mac OS X page found at http://developer.apple.com/library/mac/#documentation/Security/C= onceptual/keychainServConcepts/03tasks/tasks.html.=A0 More detailed inf= ormation can be found at the Keychain Services Reference page found at http://developer.apple.com/= library/mac/#documentation/Security/Reference/keychainservices/Reference/re= ference.html.

While the Keychain Services API does not exactly mirror the org.freedes= ktop.secrets interface it is possible to implement the same concepts expres= sed in secrets.el via the Keychain Services API.=A0 For example, a ns-secre= ts-create-item function could be easily defined that has the same parameter= s as secrets-create-item.=A0 This function would use SecKeychainOpen to ope= n the keychain specified by the collection parameter, and if the call to Se= cKeychainOpen failed, it could use SecKeychainCreate to create the specifie= d keychain.=A0 It then could use SecKeychainAddGenericPassword to add the i= tem specified by the item parameter with the password specified by the pass= word parameter, to the opened or newly created keychain.=A0 The attributes = parameter could be processed by calling SecKeychainItemModifyAttributesAndD= ata.

The ns-secrets-delete-item, ns-secrets-get-secret, and ns-secrets-get-a= ttributes functions could also be written similarly.=A0 I am not certain ab= out the other functions, mainly because I have not yet finished my research= .

The point is, I can implement ns- equivalents in C for most, if not all= of the functions defined in secrets.el with the same parameters and nearly= the same behavior.=A0 I may even be able to make them behave exactly the s= ame as their secrets.el counterparts.

Once the functions are defined in C, we can later decide how to call th= em from Lisp.=A0 We can decide to call them from secrets.el by having each = of the functions use the following psudeo code

(if (fboundp 'ns-= {func})
=A0 call ns-{func}
use dbus)

or we could add another auth source = to auth-source.el.=A0 Either way would work for me.

Perhaps I should= just focus on writing the ns- equivalents of each of the secrets.el functi= ons and we can decide later how to call them.=A0 What do you think?<= br>
Note: I am not exactly certain how to parse the attrib= utes parameter of my proposed ns-secrets-create-ite= m function.=A0 If someone can point me to an example of how to process some= thing like that in C it would be helpful.

 --485b3979d9b6a64af804a459395d--