From: Dave Abrahams <dave@boostpro.com>
To: emacs-devel@gnu.org
Subject: Re: Modifying Emacs to use the Mac OS X Keychain Services
Date: Mon, 20 Aug 2012 09:42:33 -0400 [thread overview]
Message-ID: <m2wr0t65o6.fsf@pluto.luannocracy.com> (raw)
In-Reply-To: <87lii2ql3x.fsf@lifelogs.com> (Ted Zlatanov's message of "Sun, 29 Jul 2012 18:05:22 -0400")
on Sun Jul 29 2012, Ted Zlatanov <tzz-AT-lifelogs.com> wrote:
> On Fri, 27 Jul 2012 11:20:17 -0400 Dave Abrahams <dave@boostpro.com> wrote:
>
> DA> Did anything come of this? I am really tired of typing in my GPG key
> DA> every time I start Gnus. I'd be more than happy to have a solution that
> DA> just used /usr/bin/security to look up the password; I don't need more
> DA> security than that.
>
> DA> I looked a bit at the "secrets" API but could understand it easily
> DA> enough to code something up. I just want Emacs to run
>
> DA> /usr/bin/security --find-internet-password -gs <hostname> <username>
>
> DA> to get the password for my mail server.
>
> I don't think I knew about this utility :) Thanks!
>
> I haven't heard from Ben Key (CC-ed on this post) in a year so I figured
> it's simpler to implement this myself. I've pushed something into the
> Gnus repo, which you can test. It doesn't support creation or deletion,
> but searching works.
>
> The fundamental problem was that internet (I've spelled it with a
> lowercase 'i' to be consistent with Apple) and generic keychains behave
> very differently. So I chose to make the user decide which one he
> wants; the following are valid entries in `auth-sources':
>
> #+begin_src lisp
> (auth-source-backend-parse 'macos-keychain-internet)
> (auth-source-backend-parse 'macos-keychain-generic)
> (auth-source-backend-parse "macos-keychain-internet:/path/here.keychain")
> (auth-source-backend-parse "macos-keychain-generic:/path/here.keychain")
> (auth-source-backend-parse '(:source (:macos-keychain-internet default)))
> (auth-source-backend-parse '(:source (:macos-keychain-generic "/path/here.keychain")))
> #+end_src
And despite that, I am seeing
auth-source-backend-parse: invalid backend spec: (quote macos-keychain-generic)
auth-source-backend-parse: invalid backend spec: (quote macos-keychain-internet)
>
> ...and here you can see the very first entry in each of your default
> internet and generic keychains:
>
> #+begin_src lisp
> (let ((auth-sources '(macos-keychain-internet))) (auth-source-search :max 1))
> (let ((auth-sources '(macos-keychain-generic))) (auth-source-search :max 1))
> #+end_src
>
> The hardest part was mapping internet and generic keychains into the
> common auth-source format for searching and for providing results. For
> searching, I chose to map them as explained in the docstring of
> `auth-source-macos-keychain-search', using the various /usr/bin/security
> parameters. For results, the logic is simple enough to show here:
>
> #+begin_src lisp
> (defun auth-source-macos-keychain-result-append (result generic k v)
> (push v result)
> (setq k (cond
> ((equal k "acct") "user")
> ;; for generic keychains, creator is host, service is port
> ((and generic (equal k "crtr")) "host")
> ((and generic (equal k "svce")) "port")
> ;; for internet keychains, protocol is port, server is host
> ((and (not generic) (equal k "ptcl")) "port")
> ((and (not generic) (equal k "srvr")) "host")
> (t k)))
>
> (push (intern (format ":%s" k)) result))
> #+end_src
>
> At most one result is returned, ever. This is due to the way
> /usr/bin/security works. If I dump the whole keychain, the user would
> get a thousand popup dialogs.
>
> It should be pretty trivial to use the native keychain calls on Mac OS X
> within this framework. Ben, if you're still interested, please let us
> know.
>
> I am far from expert on Mac OS X; this worked for me and I hope it works
> for you. Patches welcome to improve it.
>
> Ted
--
Dave Abrahams
BoostPro Computing Software Development Training
http://www.boostpro.com Clang/LLVM/EDG Compilers C++ Boost
next prev parent reply other threads:[~2012-08-20 13:42 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-01 2:04 Modifying Emacs to use the Mac OS X Keychain Services Ben Key
2011-06-01 2:13 ` Ted Zlatanov
2011-06-05 18:54 ` Ben Key
2011-06-05 20:01 ` Ted Zlatanov
2011-06-06 20:26 ` Michael Albinus
2011-06-07 3:34 ` Ben Key
2011-06-07 7:58 ` Michael Albinus
[not found] ` <BANLkTin1DxY33iaQ5=9KJKD_gwQvsJwJ8Q@mail.gmail.com>
2011-06-08 5:50 ` Ben Key
2011-06-08 20:48 ` Ted Zlatanov
2012-07-27 15:20 ` Dave Abrahams
2012-07-28 12:16 ` Harald Hanche-Olsen
2012-07-28 16:33 ` Dave Abrahams
2012-07-28 16:45 ` Harald Hanche-Olsen
2012-07-29 22:05 ` Ted Zlatanov
2012-07-30 13:34 ` Michael Albinus
2012-07-31 15:45 ` Ted Zlatanov
2012-08-20 13:42 ` Dave Abrahams [this message]
2012-08-20 13:49 ` Dave Abrahams
2012-08-20 14:02 ` Dave Abrahams
-- strict thread matches above, loose matches on Subject: below --
2011-06-12 2:28 Ben Key
2011-06-12 4:18 ` Ben Key
2011-06-12 16:40 ` Eli Zaretskii
2011-06-12 22:23 ` Ted Zlatanov
2011-06-13 3:14 ` Ben Key
2011-06-14 3:12 ` Stefan Monnier
2011-06-15 2:15 ` Ben Key
2011-06-15 15:12 ` Ted Zlatanov
2011-06-15 16:30 ` Andreas Schwab
2011-06-15 20:02 ` Ted Zlatanov
2011-06-15 23:26 ` Stefan Monnier
2011-06-17 20:31 ` Chong Yidong
2011-06-12 22:21 ` Ted Zlatanov
2011-06-11 0:30 Ben Key
2011-06-11 1:13 ` Ted Zlatanov
2011-06-05 23:23 Ben Key
2011-06-06 0:05 ` Ted Zlatanov
2011-05-30 1:08 Ben Key
2011-05-30 1:19 ` Daniel Colascione
2011-05-30 12:27 ` Ted Zlatanov
2011-05-28 18:32 Ben Key
2011-05-28 2:56 Ben Key
2011-05-28 11:09 ` Michael Albinus
2011-05-28 13:00 ` Ben Key
2011-05-28 14:32 ` Michael Albinus
2011-05-28 17:16 ` Ben Key
2011-05-28 18:13 ` Ted Zlatanov
2011-05-28 19:38 ` Michael Albinus
2011-05-28 15:11 ` Ted Zlatanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m2wr0t65o6.fsf@pluto.luannocracy.com \
--to=dave@boostpro.com \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.