bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

Allen Li
auth-source does not support saving secrets with the Secrets API
backend.  This reduces the usefulness of auth-source significantly
since keychains that provide secure secret storage using the API are
standard on many GNU/Linux distributions (e.g., gnome-keyring on
Ubuntu).

(auth-source-search :type 'secrets :max 1
                    :host "localhost"
                    :user "user"
                    :create '(secret user host))

Debugger entered--Lisp error: (cl-assertion-failed ((not create) "The
Secrets API auth-source backend doesn't support creation yet"))
  cl--assertion-failed((not create) "The Secrets API auth-source
backend doesn't support creation yet" nil nil)
  auth-source-secrets-search(:backend
[eieio-class-tag--auth-source-backend secrets "Login" t t t nil
auth-source-secrets-create auth-source-secrets-search] :type secrets
:max 1 :require nil :create (secret user host) :delete nil :type
secrets :max 1 :host "localhost" :user "user" :create (secret user
host))
  apply(auth-source-secrets-search :backend
[eieio-class-tag--auth-source-backend secrets "Login" t t t nil
auth-source-secrets-create auth-source-secrets-search] :type secrets
:max 1 :require nil :create (secret user host) :delete nil (:type
secrets :max 1 :host "localhost" :user "user" :create (secret user
host)))
  auth-source-search-backends(([eieio-class-tag--auth-source-backend
secrets "Login" t t t nil auth-source-secrets-create
auth-source-secrets-search]) (:type secrets :max 1 :host "localhost"
:user "user" :create (secret user host)) 1 (secret user host) nil nil)
  auth-source-search(:type secrets :max 1 :host "localhost" :user
"user" :create (secret user host))
  eval((auth-source-search :type (quote secrets) :max 1 :host
"localhost" :user "user" :create (quote (secret user host))) nil)
  elisp--eval-last-sexp(nil)
  eval-last-sexp(nil)
  funcall-interactively(eval-last-sexp nil)
  #<subr call-interactively>(eval-last-sexp nil nil)
  apply(#<subr call-interactively> eval-last-sexp (nil nil))
  call-interactively@ido-cr+-record-current-command(#<subr
call-interactively> eval-last-sexp nil nil)
  apply(call-interactively@ido-cr+-record-current-command #<subr
call-interactively> (eval-last-sexp nil nil))
  call-interactively(eval-last-sexp nil nil)
  command-execute(eval-last-sexp)



Reply | Threaded
Open this post in threaded view
|

bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

Michael Albinus
Allen Li <[hidden email]> writes:

Hi Allen,

> auth-source does not support saving secrets with the Secrets API
> backend.  This reduces the usefulness of auth-source significantly
> since keychains that provide secure secret storage using the API are
> standard on many GNU/Linux distributions (e.g., gnome-keyring on
> Ubuntu).

This was reported already some years ago on the emacs-help ML, see
<http://lists.gnu.org/archive/html/help-gnu-emacs/2013-06/msg00361.html>. IIRC,
it wasn't trivial to implement, that's why it has lingered around on my
TODO since then.

See also `auth-source-secrets-create' in auth-source.el, which misses
its implementation. And you've got the error message "The Secrets API
auth-source backend doesn't support creation yet".

Since I am working on secrets.el these days anyway due to your other
report bug#29575, chances are good that I'll fix this, finally.

Best regards, Michael.



Reply | Threaded
Open this post in threaded view
|

bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

Michael Albinus
Michael Albinus <[hidden email]> writes:

> Hi Allen,
>
>> auth-source does not support saving secrets with the Secrets API
>> backend.  This reduces the usefulness of auth-source significantly
>> since keychains that provide secure secret storage using the API are
>> standard on many GNU/Linux distributions (e.g., gnome-keyring on
>> Ubuntu).
>
> Since I am working on secrets.el these days anyway due to your other
> report bug#29575, chances are good that I'll fix this, finally.

I've implemented creation of secrets via the Secret Service API in
auth-source.el. Could you, pls, check?

I will add support for this into Tramp. It doesn't create yet items, for
any backend.

Deletion isn't implemented for any auth-source backend yet. So I haven't
done it for the Secret Service API either, and I don't plan it for next time.

Best regards, Michael.



Reply | Threaded
Open this post in threaded view
|

bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

Allen Li-2
Thanks.  Currently I'm using Emacs 26 due to bugs in 27, so due to
various reasons it may take a few weeks for me to get around to trying
it.

On Fri, Apr 13, 2018 at 6:41 AM, Michael Albinus <[hidden email]> wrote:

> Michael Albinus <[hidden email]> writes:
>
>> Hi Allen,
>>
>>> auth-source does not support saving secrets with the Secrets API
>>> backend.  This reduces the usefulness of auth-source significantly
>>> since keychains that provide secure secret storage using the API are
>>> standard on many GNU/Linux distributions (e.g., gnome-keyring on
>>> Ubuntu).
>>
>> Since I am working on secrets.el these days anyway due to your other
>> report bug#29575, chances are good that I'll fix this, finally.
>
> I've implemented creation of secrets via the Secret Service API in
> auth-source.el. Could you, pls, check?
>
> I will add support for this into Tramp. It doesn't create yet items, for
> any backend.
>
> Deletion isn't implemented for any auth-source backend yet. So I haven't
> done it for the Secret Service API either, and I don't plan it for next time.
>
> Best regards, Michael.



Reply | Threaded
Open this post in threaded view
|

bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

Michael Albinus
Allen Li <[hidden email]> writes:

Hi Allen,

> Thanks.  Currently I'm using Emacs 26 due to bugs in 27, so due to
> various reasons it may take a few weeks for me to get around to trying
> it.

No problem, take your time.

Best regards, Michael.



Reply | Threaded
Open this post in threaded view
|

bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

Michael Albinus
In reply to this post by Michael Albinus
Michael Albinus <[hidden email]> writes:

Hi Allen,

> I've implemented creation of secrets via the Secret Service API in
> auth-source.el. Could you, pls, check?
>
> I will add support for this into Tramp. It doesn't create yet items, for
> any backend.

That's done now.

Best regards, Michael.



Reply | Threaded
Open this post in threaded view
|

bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

Michael Albinus
In reply to this post by Allen Li-2
Allen Li <[hidden email]> writes:

Hi Allen,

> Thanks.  Currently I'm using Emacs 26 due to bugs in 27, so due to
> various reasons it may take a few weeks for me to get around to trying
> it.

Could you test it by any chance in Emacs 27? If not, I'll close the
bug. You could still report later if it doesn't work as expected.

Best regards, Michael.



Reply | Threaded
Open this post in threaded view
|

bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

Allen Li-2
On Wed, Sep 5, 2018 at 1:57 AM Michael Albinus <[hidden email]> wrote:
>
> Could you test it by any chance in Emacs 27? If not, I'll close the
> bug. You could still report later if it doesn't work as expected.

It looks like secret creation works now, however I can't seem to
retrieve the secret.  I can file a separate bug for that if you want.

(auth-source-search :host "example.com" :user "bob" :secret "password"
:create t)

After calling the returned save function, I can confirm that the
secret is created:

$ secret-tool search --all --unlock host example.com user bob
[/org/freedesktop/secrets/collection/login/484]
label = [hidden email]
secret = password
created = 2018-09-08 23:35:47
modified = 2018-09-08 23:35:47
schema = org.freedesktop.Secret.Generic
attribute.host = example.com
attribute.user = bob

However I cannot seem to retrieve it using auth-source:

(auth-source-search :host "example.com" :user "bob")
nil

Also, deletion still isn't supported:

(auth-source-delete :host "example.com" :user "bob")
(cl-assertion-failed ((not delete) "The Secrets API auth-source
backend doesn't suppor..."))

>
> Best regards, Michael.



Reply | Threaded
Open this post in threaded view
|

bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

Michael Albinus
Allen Li <[hidden email]> writes:

Hi Allen,

>> Could you test it by any chance in Emacs 27? If not, I'll close the
>> bug. You could still report later if it doesn't work as expected.
>
> It looks like secret creation works now, however I can't seem to
> retrieve the secret.  I can file a separate bug for that if you want.

Yes, please do. Because:

> (auth-source-search :host "example.com" :user "bob" :secret "password"
> :create t)
>
> After calling the returned save function, I can confirm that the
> secret is created:
>
> $ secret-tool search --all --unlock host example.com user bob
> [/org/freedesktop/secrets/collection/login/484]
> label = [hidden email]
> secret = password
> created = 2018-09-08 23:35:47
> modified = 2018-09-08 23:35:47
> schema = org.freedesktop.Secret.Generic
> attribute.host = example.com
> attribute.user = bob
>
> However I cannot seem to retrieve it using auth-source:
>
> (auth-source-search :host "example.com" :user "bob")
> nil

I could reproduce it locally. And I could reproduce it also with another
backend, "~/.authinfo". However, if I start a new Emacs session,

(auth-source-search :host "example.com" :user "bob")

returns a valid result. Don't know whether this is a bug or a feature; I
let it to you to decide how to handle. The original bug in this report
("auth-source does not support creation with secrets provider") seems to
be solved, so I'd like to close this.

> Also, deletion still isn't supported:
>
> (auth-source-delete :host "example.com" :user "bob")
> (cl-assertion-failed ((not delete) "The Secrets API auth-source
> backend doesn't suppor..."))

Yes. But deletion is not supported by any auth-source backend. So I
would prefer if we handle this in another bug report, if the
functionality is missing for you.

To be honest, I'm undecided whether deletion makes sense in auth-source.

Best regards, Michael.



Reply | Threaded
Open this post in threaded view
|

bug#30246: 25.2.50; auth-source does not support creation or deletion with secrets provider

Michael Albinus
Version: 27.1

Michael Albinus <[hidden email]> writes:

Hi Allen,

>>> Could you test it by any chance in Emacs 27? If not, I'll close the
>>> bug. You could still report later if it doesn't work as expected.
>>
>> It looks like secret creation works now, however I can't seem to
>> retrieve the secret.  I can file a separate bug for that if you want.
>
> Yes, please do.

There's now bug#32725 for that problem. I'm closing this bug, therefore.

Best regards, Michael.