[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Modifying Emacs to use the Mac OS X Keychain Services
From: |
Dave Abrahams |
Subject: |
Re: Modifying Emacs to use the Mac OS X Keychain Services |
Date: |
Mon, 20 Aug 2012 09:42:33 -0400 |
User-agent: |
Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.1 (darwin) |
on Sun Jul 29 2012, Ted Zlatanov <tzz-AT-lifelogs.com> wrote:
> On Fri, 27 Jul 2012 11:20:17 -0400 Dave Abrahams <address@hidden> wrote:
>
> DA> Did anything come of this? I am really tired of typing in my GPG key
> DA> every time I start Gnus. I'd be more than happy to have a solution that
> DA> just used /usr/bin/security to look up the password; I don't need more
> DA> security than that.
>
> DA> I looked a bit at the "secrets" API but could understand it easily
> DA> enough to code something up. I just want Emacs to run
>
> DA> /usr/bin/security --find-internet-password -gs <hostname> <username>
>
> DA> to get the password for my mail server.
>
> I don't think I knew about this utility :) Thanks!
>
> I haven't heard from Ben Key (CC-ed on this post) in a year so I figured
> it's simpler to implement this myself. I've pushed something into the
> Gnus repo, which you can test. It doesn't support creation or deletion,
> but searching works.
>
> The fundamental problem was that internet (I've spelled it with a
> lowercase 'i' to be consistent with Apple) and generic keychains behave
> very differently. So I chose to make the user decide which one he
> wants; the following are valid entries in `auth-sources':
>
> #+begin_src lisp
> (auth-source-backend-parse 'macos-keychain-internet)
> (auth-source-backend-parse 'macos-keychain-generic)
> (auth-source-backend-parse "macos-keychain-internet:/path/here.keychain")
> (auth-source-backend-parse "macos-keychain-generic:/path/here.keychain")
> (auth-source-backend-parse '(:source (:macos-keychain-internet default)))
> (auth-source-backend-parse '(:source (:macos-keychain-generic
> "/path/here.keychain")))
> #+end_src
And despite that, I am seeing
auth-source-backend-parse: invalid backend spec: (quote macos-keychain-generic)
auth-source-backend-parse: invalid backend spec: (quote macos-keychain-internet)
>
> ...and here you can see the very first entry in each of your default
> internet and generic keychains:
>
> #+begin_src lisp
> (let ((auth-sources '(macos-keychain-internet))) (auth-source-search :max 1))
> (let ((auth-sources '(macos-keychain-generic))) (auth-source-search :max 1))
> #+end_src
>
> The hardest part was mapping internet and generic keychains into the
> common auth-source format for searching and for providing results. For
> searching, I chose to map them as explained in the docstring of
> `auth-source-macos-keychain-search', using the various /usr/bin/security
> parameters. For results, the logic is simple enough to show here:
>
> #+begin_src lisp
> (defun auth-source-macos-keychain-result-append (result generic k v)
> (push v result)
> (setq k (cond
> ((equal k "acct") "user")
> ;; for generic keychains, creator is host, service is port
> ((and generic (equal k "crtr")) "host")
> ((and generic (equal k "svce")) "port")
> ;; for internet keychains, protocol is port, server is host
> ((and (not generic) (equal k "ptcl")) "port")
> ((and (not generic) (equal k "srvr")) "host")
> (t k)))
>
> (push (intern (format ":%s" k)) result))
> #+end_src
>
> At most one result is returned, ever. This is due to the way
> /usr/bin/security works. If I dump the whole keychain, the user would
> get a thousand popup dialogs.
>
> It should be pretty trivial to use the native keychain calls on Mac OS X
> within this framework. Ben, if you're still interested, please let us
> know.
>
> I am far from expert on Mac OS X; this worked for me and I hope it works
> for you. Patches welcome to improve it.
>
> Ted
--
Dave Abrahams
BoostPro Computing Software Development Training
http://www.boostpro.com Clang/LLVM/EDG Compilers C++ Boost
- Re: Modifying Emacs to use the Mac OS X Keychain Services,
Dave Abrahams <=