Re: tzz-auth-source-rewrite branch

[Michael Albinus <michael.albinus@gmx.de>]

[-- Attachment #1: Type: text/plain, Size: 1776 bytes --]

Ted Zlatanov <tzz@lifelogs.com> writes:

> I added Secrets API support (search only, no create or delete) and
> `auth-source-user-or-password' compatibility, plus I rebased the
> branch.  I think the Secrets API should use the :max parameter if
> possible so we don't get too many results at the top level.  Also it
> seems quite slow to get the results one by one so maybe we can optimize
> `secrets-search-items'.

`secrets-search-items' returns already a list of results. It is slow to
get all attributes and secret strings of the items sequentially;
unfortunately there is no D-Bus method to get them in a bunch (for
several items at once).

I've changed `auth-source-secrets-search' such a way that it does not call
`secrets-get-secret', this call is moved to the returned function. This
should reduce the number of D-Bus calls in `auth-source-secrets-search'.

>  Finally, Google Chrome stores passwords in there but with a different
> scheme.  I wonder if it's useful to add specific support for mapping
> those to the auth-source tokens (host, protocol, user) or if I should
> put that special code in url.el only.

This is a disadvantage of the Secret Service API (IMO): it defines
access methods for the storage, but it does not define default
keys/attributes. Every application is free to use its own
attributes. For reuse of existing, we must either do some assumptions,
or we must inspect which attributes are already used, and apply them.

> The `auth-source-user-or-password' wrapper tries to create an entry
> currently, which is not OK.  So it's not ready for use.  When I think
> it's OK, I'll update the manual and merge the branch back into the
> master branch.

I haven't tested this function (yet).

My patch is enclosed.

> Ted

Best regards, Michael.


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: Type: text/x-patch, Size: 3498 bytes --]

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index d7cc274..f7f4803 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,3 +1,11 @@
+2011-02-06  Michael Albinus  <michael.albinus@gmx.de>
+
+	* auth-source.el (top): Require 'eieio unconditionally.  Autoload
+	`secrets-get-attributes' instead of `secrets-get-attribute'.
+	(auth-source-secrets-search): Limit search when `max' is greater than
+	number of results.  The function returned calls `secrets-get-secret',
+	in order to improve performance of the search function.
+
 2011-02-06  Julien Danjou  <julien@danjou.info>
 
 	* message.el (message-setup-1): Handle message-generate-headers-first
diff --git a/lisp/auth-source.el b/lisp/auth-source.el
index f7b5591..e959102 100644
--- a/lisp/auth-source.el
+++ b/lisp/auth-source.el
@@ -43,12 +43,12 @@
 (require 'netrc)
 (require 'assoc)
 (eval-when-compile (require 'cl))
-(eval-when-compile (require 'eieio))
+(require 'eieio)
 
 (autoload 'secrets-create-item "secrets")
 (autoload 'secrets-delete-item "secrets")
 (autoload 'secrets-get-alias "secrets")
-(autoload 'secrets-get-attribute "secrets")
+(autoload 'secrets-get-attributes "secrets")
 (autoload 'secrets-get-secret "secrets")
 (autoload 'secrets-list-collections "secrets")
 (autoload 'secrets-search-items "secrets")
@@ -305,8 +305,8 @@ If the value is not a list, symmetric encryption will be used."
     ((and
       (not (null (plist-get entry :source))) ; the source must not be nil
       (listp (plist-get entry :source))      ; and it must be a list
-          (require 'secrets nil t)           ; and we must load the Secrets API
-          secrets-enabled)                   ; and that API must be enabled
+      (require 'secrets nil t)               ; and we must load the Secrets API
+      secrets-enabled)                       ; and that API must be enabled
 
      ;; the source is either the :secrets key in ENTRY or
      ;; if that's missing or nil, it's "session"
@@ -861,6 +861,7 @@ See `auth-source-search' for details on SPEC."
 ;;; (let ((auth-sources '(default))) (auth-source-search :max 1 :create t))
 ;;; (let ((auth-sources '(default))) (auth-source-search :max 1 :delete t))
 ;;; (let ((auth-sources '(default))) (auth-source-search :max 1))
+;;; (let ((auth-sources '(default))) (auth-source-search))
 ;;; (let ((auth-sources '("secrets:login"))) (auth-source-search :max 1))
 
 (defun* auth-source-secrets-search (&rest
@@ -911,15 +912,16 @@ TODO: Example."
                                   (not (string-match label item)))
                       collect item))
          ;; TODO: respect max in `secrets-search-items', not after the fact
-         (items (subseq items 0 max))
+         (items (subseq items 0 (min (length items) max)))
          ;; convert the item name to a full plist
          (items (mapcar (lambda (item)
                           (nconc
                            ;; make an entry for the secret (password) element
                            (list
                             :secret
-                            (lexical-let ((v (secrets-get-secret coll item)))
-                              (lambda () v)))
+                            (lexical-let ((coll coll)
+					  (item item))
+                              (lambda () (secrets-get-secret coll item))))
                            ;; rewrite the entry from ((k1 v1) (k2 v2)) to plist
                            (mapcan (lambda (entry)
                                      (list (car entry) (cdr entry)))