From: "Philipp Uhl" <git@ph-uhl.com>
To: 62952@debbugs.gnu.org
Subject: bug#62952: 28.2.50; secrets.el unlocking items
Date: Wed, 19 Apr 2023 14:23:17 +0200 [thread overview]
Message-ID: <b1f522ed-072c-4df7-bc5c-9051c7447bd4@app.fastmail.com> (raw)
The secrets.el implementation lacks support for unlocking specific
items. It only unlocks collections. This does not work well with certain
password managers (e.g. in my case KeepassXC, accessed through secret
service). When receiving a secret through
(secrets-get-secret "MyPws" "MyEntry")
with the setting "Confirm when passwords are retrieved by clients"
turned on in KeepassXC, secrets-get-secret will just say IsLocked.
Instead, secrets-get-secret should try to unlock the entry itself before
retrieving.
Here is a proof of concept:
+ ;; New function, analogously to secrets-unlock-collection, that
+ ;; specifically unlocks the item
+ (defun secrets-unlock-item (collection item)
+ "Unlock item labeled ITEM from collection labeled COLLECTION.
+ If successful, return the object path of the item."
+ (let ((item-path (secrets-item-path collection item)))
+ (unless (secrets-empty-path item-path)
+ (secrets-prompt
+ (cadr
+ (dbus-call-method
+ :session secrets-service secrets-path secrets-interface-service
+ "Unlock" `(:array :object-path ,item-path)))))
+ item-path))
(defun secrets-get-secret (collection item)
"Return the secret of item labeled ITEM in COLLECTION.
If there are several items labeled ITEM, it is undefined which
one is returned. If there is no such item, return nil.
ITEM can also be an object path, which is used if contained in COLLECTION."
- (let ((item-path (secrets-item-path collection item)))
+ (let ((item-path (secrets-unlock-item collection item)))
(unless (secrets-empty-path item-path)
(dbus-byte-array-to-string
(nth 2
(dbus-call-method
:session secrets-service item-path secrets-interface-item
"GetSecret" :object-path secrets-session-path))))))
To make this function a bit more similar to how it was before, one could
concider to explicitly wait for the IsLocked event before unlocking the
item. That way, if the password manager does not support unlocking of
items, this would not be braking.
Cheers,
-----------------------------
Philipp Uhl
git@ph-uhl.com
next reply other threads:[~2023-04-19 12:23 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-19 12:23 Philipp Uhl [this message]
2023-04-20 11:23 ` bug#62952: 28.2.50; secrets.el unlocking items Michael Albinus
2023-05-02 10:05 ` Philipp Uhl
2023-05-02 11:44 ` Michael Albinus
2023-05-08 11:42 ` Michael Albinus
2023-05-09 8:15 ` Philipp Uhl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b1f522ed-072c-4df7-bc5c-9051c7447bd4@app.fastmail.com \
--to=git@ph-uhl.com \
--cc=62952@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.