Michael Albinus <michael.albi...@gmx.de> writes:
Hi Ethan,
>> Is this the same subject? Both entries in GNOME Secrets have
>> `root@black-diamond` as the "label" and `root` as the user.
>>
>> ...
>>
>> I was referring specifically to this line in
>> `auth-source-secrets-create`:
>>
>> (let* (...
>> (current-data (car (auth-source-search :max 1
>> :host host
>> :port port)))
>>
>> It seems like this would be liable to grab the secret for another user
>> on the same host/port. For example, if I was using the `ssh` method,
>> then `host` and `port` would not be unique, right? In my usage, with
>> `sudo`, that's fine. Of course, I only skimmed the function and I may
>> be misunderstanding.
>
> I will check both issues tomorrow. Too tired for now.
OK, I have performed the following tests. I have used the "session"
collection in order not to taint my "Login" collection. I've started
with a vanilla Emacs 29, see the first line. Then, I have eveluated the
expressions in the *scratch* buffer. Lines starting with ;; are comments
I have added manually.
--8<---------------cut here---------------start------------->8---
# ~/src/emacs-29/src/emacs -Q --eval '(setq auth-sources (list
"secrets:session") tramp-cache-read-persistent-data t)' -l tramp
auth-sources
("secrets:session")
;; The following opens a "sudo" connection, asking for the password.
(file-truename "/sudo::")
;; Interactive query of the password.
Password for /sudo:albinus@gandalf: ********
;; auth-source wants to create a new item. It asks me for a label, which
;; is free text. I've confirmed with RET
Enter label for albinus@gandalf (default albinus@gandalf):
;; Additional confirmation requested.
Save auth info to secrets collection session? [y/n/N/?] y
#("/sudo:root@gandalf:/root" 6 10 (tramp-default t) 11 18 (tramp-default t))
;; This checks for collections. "session" exists.
(secrets-list-collections)
("Login" "92beed6268d728784e4d8b4aea8a5f96" "f8a6e281eeae95e2e77d9a4812a98580"
"1c10f9798638f07b2c2f3f4af8542d4c" "session" "63b7238a9793ec9e2f1a1c917a5c8f4f"
"5a0922a29941a3edef7af298e739489f")
;; This checks for items in "session". Just one item with the given label.
(secrets-list-items "session")
("albinus@gandalf")
;; This asks for the item path, needed in next call.
(secrets-item-path "session" "albinus@gandalf")
"/org/freedesktop/secrets/collection/session/1"
;; This shows the properties. Everything looks fine.
(secrets-get-item-properties "/org/freedesktop/secrets/collection/session/1")
(("Locked") ("Attributes" ("host" "gandalf") ("port" "sudo") ("user" "albinus")
("xdg:schema" "org.freedesktop.Secret.Generic")) ("Label" . "albinus@gandalf")
("Type" . "org.freedesktop.Secret.Generic") ("Created" . 1718268741)
("Modified" . 1718268741))
;; This returns the password. As expected.
(secrets-get-secret "session" "albinus@gandalf")
"********"
--8<---------------cut here---------------end--------------->8---
So everything looks proper. What's wrong in your case?
>> Thanks,
>>
>> Ethan
Best regards, Michael.
