From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: "Philipp Uhl" Newsgroups: gmane.emacs.bugs Subject: bug#62952: 28.2.50; secrets.el unlocking items Date: Wed, 19 Apr 2023 14:23:17 +0200 Message-ID: Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="11906"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Cyrus-JMAP/3.9.0-alpha0-372-g43825cb665-fm-20230411.003-g43825cb6 To: 62952@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Wed Apr 19 21:59:17 2023 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1ppDxT-0002vc-Rs for geb-bug-gnu-emacs@m.gmane-mx.org; Wed, 19 Apr 2023 21:59:17 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ppDxL-0003pK-7a; Wed, 19 Apr 2023 15:59:07 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ppDxH-0003oN-3g for bug-gnu-emacs@gnu.org; Wed, 19 Apr 2023 15:59:03 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ppDxG-0004x9-S8 for bug-gnu-emacs@gnu.org; Wed, 19 Apr 2023 15:59:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ppDxG-000778-Aw for bug-gnu-emacs@gnu.org; Wed, 19 Apr 2023 15:59:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: "Philipp Uhl" Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 19 Apr 2023 19:59:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 62952 X-GNU-PR-Package: emacs X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.168193433227292 (code B ref -1); Wed, 19 Apr 2023 19:59:02 +0000 Original-Received: (at submit) by debbugs.gnu.org; 19 Apr 2023 19:58:52 +0000 Original-Received: from localhost ([127.0.0.1]:35921 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ppDx4-000766-Pe for submit@debbugs.gnu.org; Wed, 19 Apr 2023 15:58:51 -0400 Original-Received: from lists.gnu.org ([209.51.188.17]:40924) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pp6qj-0005PJ-62 for submit@debbugs.gnu.org; Wed, 19 Apr 2023 08:23:52 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pp6qi-00051L-Q8 for bug-gnu-emacs@gnu.org; Wed, 19 Apr 2023 08:23:48 -0400 Original-Received: from wout2-smtp.messagingengine.com ([64.147.123.25]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pp6qd-0006eZ-88 for bug-gnu-emacs@gnu.org; Wed, 19 Apr 2023 08:23:48 -0400 Original-Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 11B19320005D for ; Wed, 19 Apr 2023 08:23:40 -0400 (EDT) Original-Received: from imap48 ([10.202.2.98]) by compute3.internal (MEProxy); Wed, 19 Apr 2023 08:23:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ph-uhl.com; h=cc :content-type:content-type:date:date:from:from:in-reply-to :message-id:mime-version:reply-to:sender:subject:subject:to:to; s=fm2; t=1681907019; x=1681993419; bh=iGUlHWpeu3LEnRyVZdcR2gCKa /cF+HprCTyFkkkKsHw=; b=SgKhlK1gCwlqp5xNfOkiTFbWh7hDKPv0jANvT7G7A ZQDID+hMnGpW2twIVdDASUs8urwqvAUURAvBMavOc0fK46AMXhIm0zEYd0cr4M6s D532fvt5Hkl1MouR7wfrVJHkmCyIHNEDvtkl/XREmoglU+vZKWVO+gEX/Tmn+WC9 m+utpyCn5SjOcH4cRG6K81WnbEKhGzmJ6QFiZrmBMdf46BLEz6kRKjg0C/2KXrGn WmDpvVceWNf+Wzmxs1MsG8CvJhM8f6olYMe8f2FY15HV2Gj2j8CgSypKZ/U5v5xs uWzSJt8ORznf91tNiYjqx6OlZoXWbFOPA16kw32d4DsEA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:message-id :mime-version:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t= 1681907019; x=1681993419; bh=iGUlHWpeu3LEnRyVZdcR2gCKa/cF+HprCTy FkkkKsHw=; b=S8fc+JbyIw+g0BY4e6mtM8jh34HGqW7D43PJYjtoFGybM9DmaBT bxZnO1X6Eh9mir4yU5WYXhNczAZV9YoOahFFKSZdSfgzxMITOwmWypuiwWSDF5e7 +MnNI6zO02l3DSHxVdUpaCkfBEzg6ZScLfKfI79aUartPuIEsnC58F4qbrBd/wAg 3RCLhGpBacJLV3htcRmeQPAZEXXTjqUE52PX8o9DTst0vxVzfkHG3MmZoLrP455J RF9sqLeR+sxt9+l+2PbU32wPzOxH/YDrcDOJsGooN12zyJPEslnWTkbT/NgErrD8 FeqIfnCk9M86u4B8Jq/dLXztKyGf3IcvwJA== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfedttddghedvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfffhffvufgtsehttdertd erredtnecuhfhrohhmpedfrfhhihhlihhpphcufghhlhdfuceoghhithesphhhqdhuhhhl rdgtohhmqeenucggtffrrghtthgvrhhnpeevtdduvdetuefgheeuueeuffeigfeuieffvd ejleekveelffduhfdtkeeuteevfeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgr mhepmhgrihhlfhhrohhmpehgihhtsehphhdquhhhlhdrtghomh X-ME-Proxy: Feedback-ID: i17694467:Fastmail Original-Received: by mailuser.nyi.internal (Postfix, from userid 501) id 5F21A31A0063; Wed, 19 Apr 2023 08:23:39 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface Received-SPF: pass client-ip=64.147.123.25; envelope-from=git@ph-uhl.com; helo=wout2-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Mailman-Approved-At: Wed, 19 Apr 2023 15:58:49 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:260293 Archived-At: The secrets.el implementation lacks support for unlocking specific items. It only unlocks collections. This does not work well with certain password managers (e.g. in my case KeepassXC, accessed through secret service). When receiving a secret through (secrets-get-secret "MyPws" "MyEntry") with the setting "Confirm when passwords are retrieved by clients" turned on in KeepassXC, secrets-get-secret will just say IsLocked. Instead, secrets-get-secret should try to unlock the entry itself before retrieving. Here is a proof of concept: + ;; New function, analogously to secrets-unlock-collection, that + ;; specifically unlocks the item + (defun secrets-unlock-item (collection item) + "Unlock item labeled ITEM from collection labeled COLLECTION. + If successful, return the object path of the item." + (let ((item-path (secrets-item-path collection item))) + (unless (secrets-empty-path item-path) + (secrets-prompt + (cadr + (dbus-call-method + :session secrets-service secrets-path secrets-interface-service + "Unlock" `(:array :object-path ,item-path))))) + item-path)) (defun secrets-get-secret (collection item) "Return the secret of item labeled ITEM in COLLECTION. If there are several items labeled ITEM, it is undefined which one is returned. If there is no such item, return nil. ITEM can also be an object path, which is used if contained in COLLECTION." - (let ((item-path (secrets-item-path collection item))) + (let ((item-path (secrets-unlock-item collection item))) (unless (secrets-empty-path item-path) (dbus-byte-array-to-string (nth 2 (dbus-call-method :session secrets-service item-path secrets-interface-item "GetSecret" :object-path secrets-session-path)))))) To make this function a bit more similar to how it was before, one could concider to explicitly wait for the IsLocked event before unlocking the item. That way, if the password manager does not support unlocking of items, this would not be braking. Cheers, ----------------------------- Philipp Uhl git@ph-uhl.com