Mercurial > emacs
annotate lisp/net/secrets.el @ 107396:d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
service "org.freedesktop.secrets" can be pinged. Provide
subfeature 'enabled.
author | Michael Albinus <albinus@detlef> |
---|---|
date | Tue, 16 Mar 2010 00:27:31 +0100 |
parents | 51ddd70d1fa1 |
children | 6c48d0b283da |
rev | line source |
---|---|
107389 | 1 ;;; secrets.el --- Client interface to gnome-keyring and kwallet. |
2 | |
3 ;; Copyright (C) 2010 Free Software Foundation, Inc. | |
4 | |
5 ;; Author: Michael Albinus <michael.albinus@gmx.de> | |
6 ;; Keywords: comm password passphrase | |
7 | |
8 ;; This file is part of GNU Emacs. | |
9 | |
10 ;; GNU Emacs is free software: you can redistribute it and/or modify | |
11 ;; it under the terms of the GNU General Public License as published by | |
12 ;; the Free Software Foundation, either version 3 of the License, or | |
13 ;; (at your option) any later version. | |
14 | |
15 ;; GNU Emacs is distributed in the hope that it will be useful, | |
16 ;; but WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
18 ;; GNU General Public License for more details. | |
19 | |
20 ;; You should have received a copy of the GNU General Public License | |
21 ;; along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>. | |
22 | |
23 ;;; Commentary: | |
24 | |
25 ;; This package provides an implementation of the Secret Service API | |
26 ;; <http://www.freedesktop.org/wiki/Specifications/secret-storage-spec>. | |
27 ;; This API is meant to make GNOME-Keyring- and KWallet-like daemons | |
28 ;; available under a common D-BUS interface and thus increase | |
29 ;; interoperability between GNOME, KDE and other applications having | |
30 ;; the need to securely store passwords and other confidential | |
31 ;; information. | |
32 | |
33 ;; In order to activate this package, you must add the following code | |
34 ;; into your .emacs: | |
107396
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
35 ;; |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
36 ;; (require 'secrets) |
107389 | 37 |
107396
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
38 ;; It can be checked afterwards, whether there is a daemon providing |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
39 ;; this interface: |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
40 ;; |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
41 ;; (featurep 'secrets 'enabled) |
107389 | 42 |
43 ;; The atomic objects to be managed by the Secret Service API are | |
44 ;; secret items, which are something an application wishes to store | |
45 ;; securely. A good example is a password that an application needs | |
46 ;; to save and use at a later date. | |
47 | |
48 ;; Secret items are grouped in collections. A collection is similar | |
49 ;; in concept to the terms 'keyring' or 'wallet'. A common collection | |
50 ;; is called "login". A collection is stored permanently under the | |
51 ;; user's permissions, and can be accessed in a user session context. | |
52 | |
53 ;; A collection can have an alias name. The use case for this is to | |
54 ;; set the alias "default" for a given collection, making it | |
55 ;; transparent for clients, which collection is used. Other aliases | |
56 ;; are not supported (yet). Since an alias is visible to all | |
57 ;; applications, this setting shall be performed with care. | |
58 | |
59 ;; A list of all available collections is available by | |
60 ;; | |
61 ;; (secrets-list-collections) | |
62 ;; => ("session" "login" "ssh keys") | |
63 | |
64 ;; The "default" alias could be set to the "login" collection by | |
65 ;; | |
66 ;; (secrets-set-alias "login" "default") | |
67 | |
68 ;; An alias can also be dereferenced | |
69 ;; | |
70 ;; (secrets-get-alias "default") | |
71 ;; => "login" | |
72 | |
73 ;; Collections can be created and deleted. As already said, | |
74 ;; collections are used by different applications. Therefore, those | |
75 ;; operations shall also be performed with care. Common collections, | |
76 ;; like "login", shall not be changed except adding or deleting secret | |
77 ;; items. | |
78 ;; | |
79 ;; (secrets-delete-collection "my collection") | |
80 ;; (secrets-create-collection "my collection") | |
81 | |
82 ;; There exists a special collection called "session", which has the | |
83 ;; lifetime of the corrresponding client session (aka Emacs' | |
84 ;; lifetime). It is created automatically when Emacs uses the Secret | |
85 ;; Service interface, and it is deleted when Emacs is killed. | |
86 ;; Therefore, it can be used to store and retrieve secret items | |
87 ;; temporarily. This shall be preferred over creation of a persistent | |
88 ;; collection, when the information shall not live longer than Emacs. | |
89 ;; The session collection can be addressed either by the string | |
90 ;; "session", or by `nil', whenever a collection parameter is needed. | |
91 | |
92 ;; As already said, a collection is a group of secret items. A secret | |
93 ;; item has a label, the "secret" (which is a string), and a set of | |
94 ;; lookup attributes. The attributes can be used to search and | |
95 ;; retrieve a secret item at a later date. | |
96 | |
97 ;; A list of all available secret items of a collection is available by | |
98 ;; | |
99 ;; (secrets-list-items "my collection") | |
100 ;; => ("this item" "another item") | |
101 | |
102 ;; Secret items can be added or deleted to a collection. In the | |
103 ;; following examples, we use the special collection "session", which | |
104 ;; is bound to Emacs' lifetime. | |
105 ;; | |
106 ;; (secrets-delete-item "session" "my item") | |
107 ;; (secrets-create-item "session" "my item" "geheim" | |
108 ;; :user "joe" :host "remote-host") | |
109 | |
110 ;; The string "geheim" is the secret of the secret item "my item". | |
111 ;; The secret string can be retrieved from items: | |
112 ;; | |
113 ;; (secrets-get-secret "session" "my item") | |
114 ;; => "geheim" | |
115 | |
116 ;; The lookup attributes, which are specified during creation of a | |
117 ;; secret item, must be a key-value pair. Keys are keyword symbols, | |
118 ;; starting with a colon; values are strings. They can be retrieved | |
119 ;; from a given secret item: | |
120 ;; | |
121 ;; (secrets-get-attribute "session" "my item" :host) | |
122 ;; => "remote-host" | |
123 ;; | |
124 ;; (secrets-get-attributes "session" "my item") | |
125 ;; => ((:user . "joe") (:host ."remote-host")) | |
126 | |
127 ;; The lookup attributes can be used for searching of items. If you, | |
128 ;; for example, are looking for all secret items for the user "joe", | |
129 ;; you would perform | |
130 ;; | |
131 ;; (secrets-search-items "session" :user "joe") | |
132 ;; => ("my item" "another item") | |
133 | |
134 ;;; Code: | |
135 | |
136 ;; It has been tested with GNOME Keyring 2.29.92. An implementation | |
137 ;; for KWallet will be available at | |
138 ;; svn://anonsvn.kde.org/home/kde/trunk/playground/base/ksecretservice; | |
139 ;; not tested yet. | |
140 | |
141 ;; Pacify byte-compiler. D-Bus support in the Emacs core can be | |
142 ;; disabled with configuration option "--without-dbus". Declare used | |
143 ;; subroutines and variables of `dbus' therefore. | |
144 (eval-when-compile | |
145 (require 'cl)) | |
146 | |
147 (declare-function dbus-call-method "dbusbind.c") | |
148 (declare-function dbus-register-signal "dbusbind.c") | |
149 (defvar dbus-debug) | |
150 | |
151 (require 'dbus) | |
152 | |
153 (defvar secrets-debug t | |
154 "Write debug messages") | |
155 | |
156 (defconst secrets-service "org.freedesktop.secrets" | |
157 "The D-Bus name used to talk to Secret Service.") | |
158 | |
159 (defconst secrets-path "/org/freedesktop/secrets" | |
160 "The D-Bus root object path used to talk to Secret Service.") | |
161 | |
162 (defconst secrets-empty-path "/" | |
163 "The D-Bus object path representing an empty object.") | |
164 | |
165 (defsubst secrets-empty-path (path) | |
166 "Check, whether PATH is a valid object path. | |
167 It returns t if not." | |
168 (or (not (stringp path)) | |
169 (string-equal path secrets-empty-path))) | |
170 | |
171 (defconst secrets-interface-service "org.freedesktop.Secret.Service" | |
172 "The D-Bus interface managing sessions and collections.") | |
173 | |
174 ;; <interface name="org.freedesktop.Secret.Service"> | |
175 ;; <property name="Collections" type="ao" access="read"/> | |
176 ;; <method name="OpenSession"> | |
177 ;; <arg name="algorithm" type="s" direction="in"/> | |
178 ;; <arg name="input" type="v" direction="in"/> | |
179 ;; <arg name="output" type="v" direction="out"/> | |
180 ;; <arg name="result" type="o" direction="out"/> | |
181 ;; </method> | |
182 ;; <method name="CreateCollection"> | |
183 ;; <arg name="props" type="a{sv}" direction="in"/> | |
184 ;; <arg name="collection" type="o" direction="out"/> | |
185 ;; <arg name="prompt" type="o" direction="out"/> | |
186 ;; </method> | |
187 ;; <method name="SearchItems"> | |
188 ;; <arg name="attributes" type="a{ss}" direction="in"/> | |
189 ;; <arg name="unlocked" type="ao" direction="out"/> | |
190 ;; <arg name="locked" type="ao" direction="out"/> | |
191 ;; </method> | |
192 ;; <method name="Unlock"> | |
193 ;; <arg name="objects" type="ao" direction="in"/> | |
194 ;; <arg name="unlocked" type="ao" direction="out"/> | |
195 ;; <arg name="prompt" type="o" direction="out"/> | |
196 ;; </method> | |
197 ;; <method name="Lock"> | |
198 ;; <arg name="objects" type="ao" direction="in"/> | |
199 ;; <arg name="locked" type="ao" direction="out"/> | |
200 ;; <arg name="Prompt" type="o" direction="out"/> | |
201 ;; </method> | |
202 ;; <method name="GetSecrets"> | |
203 ;; <arg name="items" type="ao" direction="in"/> | |
204 ;; <arg name="session" type="o" direction="in"/> | |
205 ;; <arg name="secrets" type="a{o(oayay)}" direction="out"/> | |
206 ;; </method> | |
207 ;; <method name="ReadAlias"> | |
208 ;; <arg name="name" type="s" direction="in"/> | |
209 ;; <arg name="collection" type="o" direction="out"/> | |
210 ;; </method> | |
211 ;; <method name="SetAlias"> | |
212 ;; <arg name="name" type="s" direction="in"/> | |
213 ;; <arg name="collection" type="o" direction="in"/> | |
214 ;; </method> | |
215 ;; <signal name="CollectionCreated"> | |
216 ;; <arg name="collection" type="o"/> | |
217 ;; </signal> | |
218 ;; <signal name="CollectionDeleted"> | |
219 ;; <arg name="collection" type="o"/> | |
220 ;; </signal> | |
221 ;; </interface> | |
222 | |
223 (defconst secrets-interface-collection "org.freedesktop.Secret.Collection" | |
224 "A collection of items containing secrets.") | |
225 | |
226 ;; <interface name="org.freedesktop.Secret.Collection"> | |
227 ;; <property name="Items" type="ao" access="read"/> | |
228 ;; <property name="Label" type="s" access="readwrite"/> | |
229 ;; <property name="Locked" type="s" access="read"/> | |
230 ;; <property name="Created" type="t" access="read"/> | |
231 ;; <property name="Modified" type="t" access="read"/> | |
232 ;; <method name="Delete"> | |
233 ;; <arg name="prompt" type="o" direction="out"/> | |
234 ;; </method> | |
235 ;; <method name="SearchItems"> | |
236 ;; <arg name="attributes" type="a{ss}" direction="in"/> | |
237 ;; <arg name="results" type="ao" direction="out"/> | |
238 ;; </method> | |
239 ;; <method name="CreateItem"> | |
240 ;; <arg name="props" type="a{sv}" direction="in"/> | |
241 ;; <arg name="secret" type="(oayay)" direction="in"/> | |
242 ;; <arg name="replace" type="b" direction="in"/> | |
243 ;; <arg name="item" type="o" direction="out"/> | |
244 ;; <arg name="prompt" type="o" direction="out"/> | |
245 ;; </method> | |
246 ;; <signal name="ItemCreated"> | |
247 ;; <arg name="item" type="o"/> | |
248 ;; </signal> | |
249 ;; <signal name="ItemDeleted"> | |
250 ;; <arg name="item" type="o"/> | |
251 ;; </signal> | |
252 ;; <signal name="ItemChanged"> | |
253 ;; <arg name="item" type="o"/> | |
254 ;; </signal> | |
255 ;; </interface> | |
256 | |
257 (defconst secrets-session-collection-path | |
258 "/org/freedesktop/secrets/collection/session" | |
259 "The D-Bus temporary session collection object path.") | |
260 | |
261 (defconst secrets-interface-prompt "org.freedesktop.Secret.Prompt" | |
262 "A session tracks state between the service and a client application.") | |
263 | |
264 ;; <interface name="org.freedesktop.Secret.Prompt"> | |
265 ;; <method name="Prompt"> | |
266 ;; <arg name="window-id" type="s" direction="in"/> | |
267 ;; </method> | |
268 ;; <method name="Dismiss"></method> | |
269 ;; <signal name="Completed"> | |
270 ;; <arg name="dismissed" type="b"/> | |
271 ;; <arg name="result" type="v"/> | |
272 ;; </signal> | |
273 ;; </interface> | |
274 | |
275 (defconst secrets-interface-item "org.freedesktop.Secret.Item" | |
276 "A collection of items containing secrets.") | |
277 | |
278 ;; <interface name="org.freedesktop.Secret.Item"> | |
279 ;; <property name="Locked" type="b" access="read"/> | |
280 ;; <property name="Attributes" type="a{ss}" access="readwrite"/> | |
281 ;; <property name="Label" type="s" access="readwrite"/> | |
282 ;; <property name="Created" type="t" access="read"/> | |
283 ;; <property name="Modified" type="t" access="read"/> | |
284 ;; <method name="Delete"> | |
285 ;; <arg name="prompt" type="o" direction="out"/> | |
286 ;; </method> | |
287 ;; <method name="GetSecret"> | |
288 ;; <arg name="session" type="o" direction="in"/> | |
289 ;; <arg name="secret" type="(oayay)" direction="out"/> | |
290 ;; </method> | |
291 ;; <method name="SetSecret"> | |
292 ;; <arg name="secret" type="(oayay)" direction="in"/> | |
293 ;; </method> | |
294 ;; </interface> | |
295 ;; | |
296 ;; STRUCT secret | |
297 ;; OBJECT PATH session | |
298 ;; ARRAY BYTE parameters | |
299 ;; ARRAY BYTE value | |
300 | |
301 (defconst secrets-interface-item-type-generic "org.freedesktop.Secret.Generic" | |
302 "The default item type we are using.") | |
303 | |
304 (defconst secrets-interface-session "org.freedesktop.Secret.Session" | |
305 "A session tracks state between the service and a client application.") | |
306 | |
307 ;; <interface name="org.freedesktop.Secret.Session"> | |
308 ;; <method name="Close"></method> | |
309 ;; </interface> | |
310 | |
311 ;;; Sessions. | |
312 | |
313 (defvar secrets-session-path secrets-empty-path | |
314 "The D-Bus session path of the active session. | |
315 A session path `secrets-empty-path' indicates there is no open session.") | |
316 | |
317 (defun secrets-close-session () | |
318 "Close the secret service session, if any." | |
319 (dbus-ignore-errors | |
320 (dbus-call-method | |
321 :session secrets-service secrets-session-path | |
322 secrets-interface-session "Close")) | |
323 (setq secrets-session-path secrets-empty-path)) | |
324 | |
325 (defun secrets-open-session (&optional reopen) | |
326 "Open a new session with \"plain\" algorithm. | |
327 If there exists another active session, and REOPEN is nil, that | |
328 session will be used. The object path of the session will be | |
329 returned, and it will be stored in `secrets-session-path'." | |
330 (when reopen (secrets-close-session)) | |
331 (when (secrets-empty-path secrets-session-path) | |
332 (setq secrets-session-path | |
333 (cadr | |
334 (dbus-call-method | |
335 :session secrets-service secrets-path | |
336 secrets-interface-service "OpenSession" "plain" '(:variant ""))))) | |
337 (when secrets-debug | |
338 (message "Secret Service session: %s" secrets-session-path)) | |
339 secrets-session-path) | |
340 | |
341 ;;; Prompts. | |
342 | |
343 (defvar secrets-prompt-signal nil | |
344 "Internal variable to catch signals from `secrets-interface-prompt'.") | |
345 | |
346 (defun secrets-prompt (prompt) | |
347 "Handle the prompt identified by object path PROMPT." | |
348 (unless (secrets-empty-path prompt) | |
349 (let ((object | |
350 (dbus-register-signal | |
351 :session secrets-service prompt | |
352 secrets-interface-prompt "Completed" 'secrets-prompt-handler))) | |
353 (dbus-call-method | |
354 :session secrets-service prompt | |
355 secrets-interface-prompt "Prompt" (frame-parameter nil 'window-id)) | |
356 (unwind-protect | |
357 (progn | |
358 ;; Wait until the returned prompt signal has put the | |
359 ;; result into `secrets-prompt-signal'. | |
360 (while (null secrets-prompt-signal) | |
361 (read-event nil nil 0.1)) | |
362 ;; Return the object(s). It is a variant, so we must use a car. | |
363 (car secrets-prompt-signal)) | |
364 ;; Cleanup. | |
365 (setq secrets-prompt-signal nil) | |
366 (dbus-unregister-object object))))) | |
367 | |
368 (defun secrets-prompt-handler (&rest args) | |
369 "Handler for signals emitted by `secrets-interface-prompt'." | |
370 ;; An empty object path is always identified as `secrets-empty-path' | |
371 ;; or `nil'. Either we set it explicitely, or it is returned by the | |
372 ;; "Completed" signal. | |
373 (if (car args) ;; dismissed | |
374 (setq secrets-prompt-signal (list secrets-empty-path)) | |
375 (setq secrets-prompt-signal (cadr args)))) | |
376 | |
377 ;;; Collections. | |
378 | |
379 (defvar secrets-collection-paths nil | |
380 "Cached D-Bus object paths of available collections.") | |
381 | |
382 (defun secrets-collection-handler (&rest args) | |
383 "Handler for signals emitted by `secrets-interface-service'." | |
384 (cond | |
385 ((string-equal (dbus-event-member-name last-input-event) "CollectionCreated") | |
386 (add-to-list 'secrets-collection-paths (car args))) | |
387 ((string-equal (dbus-event-member-name last-input-event) "CollectionDeleted") | |
388 (setq secrets-collection-paths | |
389 (delete (car args) secrets-collection-paths))))) | |
390 | |
391 (defun secrets-get-collections () | |
392 "Return the object paths of all available collections." | |
393 (setq secrets-collection-paths | |
394 (or secrets-collection-paths | |
395 (dbus-get-property | |
396 :session secrets-service secrets-path | |
397 secrets-interface-service "Collections")))) | |
398 | |
399 (defun secrets-get-collection-properties (collection-path) | |
400 "Return all properties of collection identified by COLLECTION-PATH." | |
401 (unless (secrets-empty-path collection-path) | |
402 (dbus-get-all-properties | |
403 :session secrets-service collection-path | |
404 secrets-interface-collection))) | |
405 | |
406 (defun secrets-get-collection-property (collection-path property) | |
407 "Return property PROPERTY of collection identified by COLLECTION-PATH." | |
408 (unless (or (secrets-empty-path collection-path) (not (stringp property))) | |
409 (dbus-get-property | |
410 :session secrets-service collection-path | |
411 secrets-interface-collection property))) | |
412 | |
413 (defun secrets-list-collections () | |
414 "Return a list of collection names." | |
415 (mapcar | |
416 (lambda (collection-path) | |
417 (if (string-equal collection-path secrets-session-collection-path) | |
418 "session" | |
419 (secrets-get-collection-property collection-path "Label"))) | |
420 (secrets-get-collections))) | |
421 | |
422 (defun secrets-collection-path (collection) | |
423 "Return the object path of collection labelled COLLECTION. | |
424 If COLLECTION is nil, return the session collection path. | |
425 If there is no such COLLECTION, return nil." | |
426 (or | |
427 ;; The "session" collection. | |
428 (if (or (null collection) (string-equal "session" collection)) | |
429 secrets-session-collection-path) | |
430 ;; Check for an alias. | |
431 (let ((collection-path | |
432 (dbus-call-method | |
433 :session secrets-service secrets-path | |
434 secrets-interface-service "ReadAlias" collection))) | |
435 (unless (secrets-empty-path collection-path) | |
436 collection-path)) | |
437 ;; Check the collections. | |
438 (catch 'collection-found | |
439 (dolist (collection-path (secrets-get-collections) nil) | |
440 (when | |
441 (string-equal | |
442 collection | |
443 (secrets-get-collection-property collection-path "Label")) | |
444 (throw 'collection-found collection-path)))))) | |
445 | |
446 (defun secrets-create-collection (collection) | |
447 "Create collection labelled COLLECTION if it doesn't exist. | |
448 Return the D-Bus object path for collection." | |
449 (let ((collection-path (secrets-collection-path collection))) | |
450 ;; Create the collection. | |
451 (when (secrets-empty-path collection-path) | |
452 (setq collection-path | |
453 (secrets-prompt | |
454 (cadr | |
455 ;; "CreateCollection" returns the prompt path as second arg. | |
456 (dbus-call-method | |
457 :session secrets-service secrets-path | |
458 secrets-interface-service "CreateCollection" | |
459 `(:array (:dict-entry "Label" (:variant ,collection)))))))) | |
460 ;; Return object path of the collection. | |
461 collection-path)) | |
462 | |
463 (defun secrets-get-alias (alias) | |
464 "Return the collection name ALIAS is referencing to. | |
465 For the time being, only the alias \"default\" is supported." | |
466 (secrets-get-collection-property | |
467 (dbus-call-method | |
468 :session secrets-service secrets-path | |
469 secrets-interface-service "ReadAlias" alias) | |
470 "Label")) | |
471 | |
472 (defun secrets-set-alias (collection alias) | |
473 "Set ALIAS as alias of collection labelled COLLECTION. | |
474 For the time being, only the alias \"default\" is supported." | |
475 (let ((collection-path (secrets-collection-path collection))) | |
476 (unless (secrets-empty-path collection-path) | |
477 (dbus-call-method | |
478 :session secrets-service secrets-path | |
479 secrets-interface-service "SetAlias" | |
480 alias :object-path collection-path)))) | |
481 | |
482 (defun secrets-unlock-collection (collection) | |
483 "Unlock collection labelled COLLECTION. | |
484 If successful, return the object path of the collection." | |
485 (let ((collection-path (secrets-collection-path collection))) | |
486 (unless (secrets-empty-path collection-path) | |
487 (secrets-prompt | |
488 (cadr | |
489 (dbus-call-method | |
490 :session secrets-service secrets-path secrets-interface-service | |
491 "Unlock" `(:array :object-path ,collection-path))))) | |
492 collection-path)) | |
493 | |
494 (defun secrets-delete-collection (collection) | |
495 "Delete collection labelled COLLECTION." | |
496 (let ((collection-path (secrets-collection-path collection))) | |
497 (unless (secrets-empty-path collection-path) | |
498 (secrets-prompt | |
499 (dbus-call-method | |
500 :session secrets-service collection-path | |
501 secrets-interface-collection "Delete"))))) | |
502 | |
503 ;;; Items. | |
504 | |
505 (defun secrets-get-items (collection-path) | |
506 "Return the object paths of all available items in COLLECTION-PATH." | |
507 (unless (secrets-empty-path collection-path) | |
508 (secrets-open-session) | |
509 (dbus-get-property | |
510 :session secrets-service collection-path | |
511 secrets-interface-collection "Items"))) | |
512 | |
513 (defun secrets-get-item-properties (item-path) | |
514 "Return all properties of item identified by ITEM-PATH." | |
515 (unless (secrets-empty-path item-path) | |
516 (dbus-get-all-properties | |
517 :session secrets-service item-path | |
518 secrets-interface-item))) | |
519 | |
520 (defun secrets-get-item-property (item-path property) | |
521 "Return property PROPERTY of item identified by ITEM-PATH." | |
522 (unless (or (secrets-empty-path item-path) (not (stringp property))) | |
523 (dbus-get-property | |
524 :session secrets-service item-path | |
525 secrets-interface-item property))) | |
526 | |
527 (defun secrets-list-items (collection) | |
528 "Return a list of all item labels of COLLECTION." | |
529 (let ((collection-path (secrets-unlock-collection collection))) | |
530 (unless (secrets-empty-path collection-path) | |
531 (mapcar | |
532 (lambda (item-path) | |
533 (secrets-get-item-property item-path "Label")) | |
534 (secrets-get-items collection-path))))) | |
535 | |
536 (defun secrets-search-items (collection &rest attributes) | |
537 "Search items in COLLECTION with ATTRIBUTES. | |
538 ATTRIBUTES are key-value pairs. The keys are keyword symbols, | |
539 starting with a colon. Example: | |
540 | |
541 \(secrets-create-item \"Tramp collection\" \"item\" \"geheim\" | |
542 :method \"sudo\" :user \"joe\" :host \"remote-host\"\) | |
543 | |
544 The object paths of the found items are returned as list." | |
545 (let ((collection-path (secrets-unlock-collection collection)) | |
546 result props) | |
547 (unless (secrets-empty-path collection-path) | |
548 ;; Create attributes list. | |
549 (while (consp (cdr attributes)) | |
550 (unless (keywordp (car attributes)) | |
551 (error 'wrong-type-argument (car attributes))) | |
552 (setq props (add-to-list | |
553 'props | |
554 (list :dict-entry | |
555 (symbol-name (car attributes)) | |
556 (cadr attributes)) | |
557 'append) | |
558 attributes (cddr attributes))) | |
559 ;; Search. The result is a list of two lists, the object paths | |
560 ;; of the unlocked and the locked items. | |
561 (setq result | |
562 (dbus-call-method | |
563 :session secrets-service collection-path | |
564 secrets-interface-collection "SearchItems" | |
565 (if props | |
566 (cons :array props) | |
567 '(:array :signature "{ss}")))) | |
568 ;; Return the found items. | |
569 (mapcar | |
570 (lambda (item-path) (secrets-get-item-property item-path "Label")) | |
571 (append (car result) (cadr result)))))) | |
572 | |
573 (defun secrets-create-item (collection item password &rest attributes) | |
574 "Create a new item in COLLECTION with label ITEM and password PASSWORD. | |
575 ATTRIBUTES are key-value pairs set for the created item. The | |
576 keys are keyword symbols, starting with a colon. Example: | |
577 | |
578 \(secrets-create-item \"Tramp collection\" \"item\" \"geheim\" | |
579 :method \"sudo\" :user \"joe\" :host \"remote-host\"\) | |
580 | |
581 The object path of the created item is returned." | |
582 (unless (member item (secrets-list-items collection)) | |
583 (let ((collection-path (secrets-unlock-collection collection)) | |
584 result props) | |
585 (unless (secrets-empty-path collection-path) | |
586 ;; Create attributes list. | |
587 (while (consp (cdr attributes)) | |
588 (unless (keywordp (car attributes)) | |
589 (error 'wrong-type-argument (car attributes))) | |
590 (setq props (add-to-list | |
591 'props | |
592 (list :dict-entry | |
593 (symbol-name (car attributes)) | |
594 (cadr attributes)) | |
595 'append) | |
596 attributes (cddr attributes))) | |
597 ;; Create the item. | |
598 (setq result | |
599 (dbus-call-method | |
600 :session secrets-service collection-path | |
601 secrets-interface-collection "CreateItem" | |
602 ;; Properties. | |
603 (append | |
604 `(:array | |
605 (:dict-entry "Label" (:variant ,item)) | |
606 (:dict-entry | |
607 "Type" (:variant ,secrets-interface-item-type-generic))) | |
608 (when props | |
609 `((:dict-entry | |
610 "Attributes" (:variant ,(append '(:array) props)))))) | |
611 ;; Secret. | |
612 `(:struct :object-path ,secrets-session-path | |
613 (:array :signature "y") ;; no parameters. | |
614 ,(dbus-string-to-byte-array password)) | |
615 ;; Do not replace. Replace does not seem to work. | |
616 nil)) | |
617 (secrets-prompt (cadr result)) | |
618 ;; Return the object path. | |
619 (car result))))) | |
620 | |
621 (defun secrets-item-path (collection item) | |
622 "Return the object path of item labelled ITEM in COLLECTION. | |
623 If there is no such item, return nil." | |
624 (let ((collection-path (secrets-unlock-collection collection))) | |
625 (catch 'item-found | |
626 (dolist (item-path (secrets-get-items collection-path)) | |
627 (when (string-equal item (secrets-get-item-property item-path "Label")) | |
628 (throw 'item-found item-path)))))) | |
629 | |
630 (defun secrets-get-secret (collection item) | |
631 "Return the secret of item labelled ITEM in COLLECTION. | |
632 If there is no such item, return nil." | |
633 (let ((item-path (secrets-item-path collection item))) | |
634 (unless (secrets-empty-path item-path) | |
635 (dbus-byte-array-to-string | |
636 (caddr | |
637 (dbus-call-method | |
638 :session secrets-service item-path secrets-interface-item | |
639 "GetSecret" :object-path secrets-session-path)))))) | |
640 | |
641 (defun secrets-get-attributes (collection item) | |
642 "Return the lookup attributes of item labelled ITEM in COLLECTION. | |
643 If there is no such item, or the item has no attributes, return nil." | |
644 (unless (stringp collection) (setq collection "default")) | |
645 (let ((item-path (secrets-item-path collection item))) | |
646 (unless (secrets-empty-path item-path) | |
647 (mapcar | |
648 (lambda (attribute) (cons (intern (car attribute)) (cadr attribute))) | |
649 (dbus-get-property | |
650 :session secrets-service item-path | |
651 secrets-interface-item "Attributes"))))) | |
652 | |
653 (defun secrets-get-attribute (collection item attribute) | |
654 "Return the value of ATTRIBUTE of item labelled ITEM in COLLECTION. | |
655 If there is no such item, or the item doesn't own this attribute, return nil." | |
656 (cdr (assoc attribute (secrets-get-attributes collection item)))) | |
657 | |
658 (defun secrets-delete-item (collection item) | |
659 "Delete ITEM in COLLECTION." | |
660 (let ((item-path (secrets-item-path collection item))) | |
661 (unless (secrets-empty-path item-path) | |
662 (secrets-prompt | |
663 (dbus-call-method | |
664 :session secrets-service item-path | |
665 secrets-interface-item "Delete"))))) | |
666 | |
107396
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
667 (if (dbus-ping :session secrets-service 100) |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
668 |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
669 (progn |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
670 ;; We must reset all variables, when there is a new instance of |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
671 ;; the "org.freedesktop.secrets" service. |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
672 (dbus-register-signal |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
673 :session dbus-service-dbus dbus-path-dbus |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
674 dbus-interface-dbus "NameOwnerChanged" |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
675 (lambda (&rest args) |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
676 (when secrets-debug (message "Secret Service has changed: %S" args)) |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
677 (setq secrets-session-path secrets-empty-path |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
678 secrets-prompt-signal nil |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
679 secrets-collection-paths nil)) |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
680 secrets-service) |
107389 | 681 |
107396
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
682 ;; We want to refresh our cache, when there is a change in |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
683 ;; collections. |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
684 (dbus-register-signal |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
685 :session secrets-service secrets-path |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
686 secrets-interface-service "CollectionCreated" |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
687 'secrets-collection-handler) |
107389 | 688 |
107396
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
689 (dbus-register-signal |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
690 :session secrets-service secrets-path |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
691 secrets-interface-service "CollectionDeleted" |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
692 'secrets-collection-handler) |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
693 |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
694 ;; We shall inform, whether the secret service is enabled on |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
695 ;; this machine. |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
696 (provide 'secrets '(enabled))) |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
697 |
d5de7ba3f80f
* net/secrets.el (top): Register the D-Bus signals only when the
Michael Albinus <albinus@detlef>
parents:
107389
diff
changeset
|
698 (provide 'secrets)) |
107389 | 699 |
700 ;;; TODO: | |
701 | |
702 ;; * secrets-debug should be structured like auth-source-debug to | |
703 ;; prevent leaking sensitive information. Right now I don't see | |
704 ;; anything sensitive though. | |
705 ;; * Check, whether the dh-ietf1024-aes128-cbc-pkcs7 algorithm can be | |
706 ;; used for the transfer of the secrets. Currently, we use the | |
707 ;; plain algorithm. |