bug#62952: 28.2.50; secrets.el unlocking items

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#62952: 28.2.50; secrets.el unlocking items

From:	Michael Albinus
Subject:	bug#62952: 28.2.50; secrets.el unlocking items
Date:	Thu, 20 Apr 2023 13:23:34 +0200
User-agent:	Gnus/5.13 (Gnus v5.13)

"Philipp Uhl" <git@ph-uhl.com> writes:

Hi Philipp,

> The secrets.el implementation lacks support for unlocking specific
> items. It only unlocks collections. This does not work well with certain
> password managers (e.g. in my case KeepassXC, accessed through secret
> service). When receiving a secret through
>
> (secrets-get-secret  "MyPws" "MyEntry")
>
> with the setting "Confirm when passwords are retrieved by clients"
> turned on in KeepassXC, secrets-get-secret will just say IsLocked.

Thanks for the report.

> Instead, secrets-get-secret should try to unlock the entry itself before
> retrieving.
>
> Here is a proof of concept:
>
> +  ;; New function, analogously to secrets-unlock-collection, that
> +  ;; specifically unlocks the item
> +  (defun secrets-unlock-item (collection item)
> +    "Unlock item labeled ITEM from collection labeled COLLECTION.
> +  If successful, return the object path of the item."
> +    (let ((item-path (secrets-item-path collection item)))
> +      (unless (secrets-empty-path item-path)
> +        (secrets-prompt
> +         (cadr
> +          (dbus-call-method
> +           :session secrets-service secrets-path secrets-interface-service
> +           "Unlock" `(:array :object-path ,item-path)))))
> +      item-path))
>
>   (defun secrets-get-secret (collection item)
>     "Return the secret of item labeled ITEM in COLLECTION.
>   If there are several items labeled ITEM, it is undefined which
>   one is returned.  If there is no such item, return nil.
>
>   ITEM can also be an object path, which is used if contained in COLLECTION."
> -    (let ((item-path (secrets-item-path collection item)))
> +    (let ((item-path (secrets-unlock-item collection item)))
>       (unless (secrets-empty-path item-path)
>         (dbus-byte-array-to-string
>          (nth 2
>               (dbus-call-method
>                :session secrets-service item-path secrets-interface-item
>                "GetSecret" :object-path secrets-session-path))))))
>
> To make this function a bit more similar to how it was before, one could
> concider to explicitly wait for the IsLocked event before unlocking the
> item. That way, if the password manager does not support unlocking of
> items, this would not be braking.

LGTM. Well, I don't know how relevant it is to wait for the IsLocked
event. If you have use cases where it is needed, we shall do.

When we add secrets-unlock-item, we should also add secrets-lock-item as
counterpart. Like we have done it with secrets-(un)?lock-collection.
Would you like to add this function? Bonus points for respective tests
in secrets-tests.el.

All these changes exceed the limit for tiny changes in Emacs, which
could be submitted w/o legal work. Would you like to sign FSF copyright
papers in order to contribute to Emacs? See
<https://git.savannah.gnu.org/cgit/gnulib.git/plain/doc/Copyright/conditions.text>
which explains the reasons.

> Cheers,
>   Philipp Uhl

Best regards, Michael.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#62952: 28.2.50; secrets.el unlocking items, Philipp Uhl, 2023/04/19
- bug#62952: 28.2.50; secrets.el unlocking items, Michael Albinus <=

Prev by Date: bug#62812: [PATCH] Re: bug#62812: 29.0.60; Persistent article cache not working properly
Next by Date: bug#62720: 29.0.60; Not easy at all to upgrade :core packages like Eglot
Previous by thread: bug#62952: 28.2.50; secrets.el unlocking items
Next by thread: bug#62953: 29.0.60; c-ts-mode: extra line indentation is required after brackets
Index(es):
- Date
- Thread