* Severe limitations in auth-source-macos-keychain-search
@ 2016-01-08 8:36 Nikolai Weibull
2016-01-25 14:57 ` Ted Zlatanov
2016-01-25 16:17 ` Jeff Bellegarde
0 siblings, 2 replies; 4+ messages in thread
From: Nikolai Weibull @ 2016-01-08 8:36 UTC (permalink / raw)
To: ding
Hi!
Is anyone actually using auth-source-macos-keychain-search (with Gnus)?
If so, how do you get it to work? As far as I can tell, this function
doesn’t take into account that spec may contain keys that are lists,
for example, host and port.
Furthermore, in auth-source-macos-keychain-search-items, if called for
macos-keychain-generic, should probably validate that -c and -r only
receive four-letter values, as that’s what security(1) requires them
to be.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Severe limitations in auth-source-macos-keychain-search
2016-01-08 8:36 Severe limitations in auth-source-macos-keychain-search Nikolai Weibull
@ 2016-01-25 14:57 ` Ted Zlatanov
2016-01-25 16:17 ` Jeff Bellegarde
1 sibling, 0 replies; 4+ messages in thread
From: Ted Zlatanov @ 2016-01-25 14:57 UTC (permalink / raw)
To: ding
On Fri, 8 Jan 2016 09:36:56 +0100 Nikolai Weibull <now@disu.se> wrote:
NW> Is anyone actually using auth-source-macos-keychain-search (with Gnus)?
Not with Gnus.
NW> If so, how do you get it to work? As far as I can tell, this function
NW> doesn’t take into account that spec may contain keys that are lists,
NW> for example, host and port.
NW> Furthermore, in auth-source-macos-keychain-search-items, if called for
NW> macos-keychain-generic, should probably validate that -c and -r only
NW> receive four-letter values, as that’s what security(1) requires them
NW> to be.
Can you either try to write a patch against auth-source.el, or explain
in more detail how it should operate?
I have access to a Mac OS X machine, but I don't know enough about the
keychain to understand exactly what needs to be done.
Thanks
Ted
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Severe limitations in auth-source-macos-keychain-search
2016-01-08 8:36 Severe limitations in auth-source-macos-keychain-search Nikolai Weibull
2016-01-25 14:57 ` Ted Zlatanov
@ 2016-01-25 16:17 ` Jeff Bellegarde
2016-02-06 6:00 ` Lars Ingebrigtsen
1 sibling, 1 reply; 4+ messages in thread
From: Jeff Bellegarde @ 2016-01-25 16:17 UTC (permalink / raw)
To: ding
Nikolai Weibull <now@disu.se> writes:
> Hi!
>
> Is anyone actually using auth-source-macos-keychain-search (with Gnus)?
>
I just finished hacking something into shape. I added the following to my
.gnus. I doubt it's the best solution but it appears to work on my machine.
;; 1. spec contains lists for `host' and `port'. I use `first' to arbitrarily search for only the first key.
;; 2. Use -P to search for port instead of -r. -r requires a 4 character term and disallows a term like 'https'.
;; -P seems to work for strings and port numbers.
(eval-when-compile (require 'cl))
(defun* auth-source-macos-keychain-search-items (coll type max
&rest spec
&key label type
host user port
&allow-other-keys)
(let* ((keychain-generic (eq type 'macos-keychain-generic))
(args `(,(if keychain-generic
"find-generic-password"
"find-internet-password")
"-g"))
(ret (list :type type)))
(when label
(setq args (append args (list "-l" label))))
(when host
(setq args (append args (list (if keychain-generic "-c" "-s") (first host)))))
(when user
(setq args (append args (list "-a" user))))
(when port
(let ((port (first port)))
(if keychain-generic
(setq args (append args (list "-s" port)))
(setq args (append args (list
;; (if (string-match "[0-9]+" port) "-P" "-r")
"-P"
port))))))
(unless (equal coll "default")
(setq args (append args (list coll))))
(with-temp-buffer
(message "Calling security with '%s'" args)
(apply 'call-process "/usr/bin/security" nil t nil args)
(goto-char (point-min))
(while (not (eobp))
(cond
((looking-at "^password: \"\\(.+\\)\"$")
(setq ret (auth-source-macos-keychain-result-append
ret
keychain-generic
"secret"
(lexical-let ((v (match-string 1)))
(lambda () v)))))
;; TODO: check if this is really the label
;; match 0x00000007 <blob>="AppleID"
((looking-at "^[ ]+0x00000007 <blob>=\"\\(.+\\)\"")
(setq ret (auth-source-macos-keychain-result-append
ret
keychain-generic
"label"
(match-string 1))))
;; match "crtr"<uint32>="aapl"
;; match "svce"<blob>="AppleID"
((looking-at "^[ ]+\"\\([a-z]+\\)\"[^=]+=\"\\(.+\\)\"")
(setq ret (auth-source-macos-keychain-result-append
ret
keychain-generic
(match-string 1)
(match-string 2)))))
(forward-line)))
;; return `ret' iff it has the :secret key
(and (plist-get ret :secret) (list ret))))
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Severe limitations in auth-source-macos-keychain-search
2016-01-25 16:17 ` Jeff Bellegarde
@ 2016-02-06 6:00 ` Lars Ingebrigtsen
0 siblings, 0 replies; 4+ messages in thread
From: Lars Ingebrigtsen @ 2016-02-06 6:00 UTC (permalink / raw)
To: Jeff Bellegarde; +Cc: ding
Jeff Bellegarde <bellegar@gmail.com> writes:
> I just finished hacking something into shape. I added the following to my
> .gnus. I doubt it's the best solution but it appears to work on my machine.
>
> ;; 1. spec contains lists for `host' and `port'. I use `first' to arbitrarily search for only the first key.
> ;; 2. Use -P to search for port instead of -r. -r requires a 4 character term and disallows a term like 'https'.
> ;; -P seems to work for strings and port numbers.
> (eval-when-compile (require 'cl))
> (defun* auth-source-macos-keychain-search-items (coll type max
> &rest spec
Could you submit at patch for auth-source? I'm sure other people would
also find this useful...
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-02-06 6:00 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-01-08 8:36 Severe limitations in auth-source-macos-keychain-search Nikolai Weibull
2016-01-25 14:57 ` Ted Zlatanov
2016-01-25 16:17 ` Jeff Bellegarde
2016-02-06 6:00 ` Lars Ingebrigtsen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).