Hi! In a "normal" emacs session (no `-Q`) with your new verison of
`auth-info-password`, I was asked for a label but not for a password. In my
`*Messages*` buffer I see:
```
Tramp: Sending command ‘exec env SUDO_PROMPT=P""a""s""s""w""o""r""d"": sudo
-u root -s -H /bin/sh -i’
Tramp: Sending Password
Secret Service session: /org/freedesktop/secrets/session/s67
auth-source-search: found 0 results (max 1) matching (:max 1 :user "ethan"
:host "black-diamond" :port "sudo" :require (:secret :user) :create t)
auth-source-search: found 1 results (max 1) matching (:max 1 :host
"black-diamond" :port "sudo")
imenu unavailable: "imenu unavailable", "This buffer cannot use
‘imenu-default-create-index-function’" [3 times]
auth-source-search: CREATED 1 results (max 1) matching (:max 1 :user
"ethan" :host "black-diamond" :port "sudo" :require (:secret :user) :create
t)
```
Both mine and yours have a search with `:host` and `:port` but no `:user`,
which is the behavior I'm trying to inquire about. For `sudo`, that seems
like it might be OK, but for `ssh`, that seems very strange?
No secret was created for `ethan@black-diamond` so far as I can tell. (I'm
not sure about "GNOME Remote Desktop RDP credentials" -- that's new but I
doubt it's related.)
```
(secrets-list-items "Login")
("Password for '' on 'gh:github.com'" "root@black-diamond" "Github API key
for forge" "root@black-diamond" "GNOME Remote Desktop RDP credentials")
```
In `emacs -Q`, I tried loading the new version of `auth-info-password` but
I'm not sure I did it right. I did the following in `*scratch*`:
```
(setq auth-sources (cons "secrets:Login" auth-sources))
("secrets:Login" "~/.authinfo" "~/.authinfo.gpg" "~/.netrc")
(setq auth-source-debug t
auth-source-save-behavior 'ask
secrets-debug t)
t
(defun auth-info-password (auth-info)
"Return the :secret password from the AUTH-INFO."
(let ((secret (plist-get auth-info :secret)))
(while (functionp secret)
(setq secret (funcall secret)))
secret))
auth-info-password
```
... then C-x C-f /sudo:: RET. This time I was asked for a password for
`ethan@black-diamond` but no label. No entry was created in my Login
secrets here either. The only relevant line in `*Messages*` is `Tramp:
Opening connection nil for root@black-diamond using sudo...done`. I'm
guessing I did something wrong, probably around lazy loading of modules.
Happy to try more things though!
Ethan
On Sun, Jun 16, 2024 at 5:17 AM Michael Albinus <michael.albi...@gmx.de>
wrote:
> Ethan Glasser-Camp <ethan.glasser.c...@gmail.com> writes:
>
> Hi Ethan,
>
> > Hi! I was using the Seahorse application to identify the user, host
> > and port of each secret, but I did the same thing with M-x
> > secrets-show-secrets and saw pretty much the same thing:
> >
> > ```
> > [-] Login
> > |-[+] Password for ’’ on ’gh:github.com’
> > |-[-] root@black-diamond
> > | |- password: *********************************** [Show
> > password]
> > | |- host: black-diamond
> > | |- port: sudo
> > | |- user: root
> > | `- xdg:schema: org.freedesktop.Secret.Generic
> > |-[+] Github API key for forge
> > `-[-] root@black-diamond
> > |- password: *********************************** [Show
> > password]
> > |- host: black-diamond
> > |- port: sudo
> > |- user: root
> > `- xdg:schema: org.freedesktop.Secret.Generic
> > [+] session
> > ```
> >
> > Here's the same result using elisp directly:
> >
> > ```
> > (secrets-item-path "Login" "root@black-diamond")
> > "/org/freedesktop/secrets/collection/login/2"
> >
> > (secrets-get-item-properties
> > "/org/freedesktop/secrets/collection/login/2")
> > (("Locked") ("Attributes" ("host" "black-diamond") ("port" "sudo")
> > ("user" "root") ("xdg:schema" "org.freedesktop.Secret.Generic"))
> > ("Label" . "root@black-diamond") ("Type" .
> > "org.freedesktop.Secret.Generic") ("Created" . 1663727104) ("Modified"
> > . 1663727104))
> >
> > ;; I also wanted to check the other secret. I wasn't sure exactly what
> > ID it was and since they both have the same label, I didn't think I
> > could use `secrets-item-path`. I just tried guessing until I found it
> > (secrets-get-item-properties
> > "/org/freedesktop/secrets/collection/login/1")
> > (("Locked") ("Attributes" ("host" "black-diamond") ("port" "sudo")
> > ("user" "root") ("xdg:schema" "org.freedesktop.Secret.Generic"))
> > ("Label" . "root@black-diamond") ("Type" .
> > "org.freedesktop.Secret.Generic") ("Created" . 1663726391) ("Modified"
> > . 1663726391))
> > ```
> >
> > Thanks for your patience,
>
> This looks proper, and both entries have the "user" property "root". So
> they shouldn't be taken into account when searching for the user "ethan".
>
> I suppose your password is taken from soewhere in the cache. Could you,
> please, open a *new* Emacs session, and run there
>
> --8<---------------cut here---------------start------------->8---
> (setq auth-source-debug t
> auth-source-save-behavior 'ask
> secrets-debug t)
> --8<---------------cut here---------------end--------------->8---
>
> Then do your 'C-x C-f /sudo::'. You should be asked for the password,
> and in the *Messages* there shall be something like (from my example)
>
> --8<---------------cut here---------------start------------->8---
> Secret Service session: /org/freedesktop/secrets/session/s11
> auth-source-search: found 0 results (max 2305843009213693951) matching
> (:port "sudo" :require (:port) :max 2305843009213693951)
> auth-source-search: found 0 CACHED results matching (:port "sudo" :require
> (:port) :max 2305843009213693951) [15 times]
> Tramp: Opening connection for root@gandalf using sudo...
> auth-source-search: found 0 results (max 1) matching (:max 1 :user
> "albinus" :host "gandalf" :port "sudo" :require (:secret :user) :create t)
> auth-source-search: found 0 results (max 1) matching (:max 1 :host
> "gandalf" :port "sudo")
> auth-source-search: CREATED 1 results (max 1) matching (:max 1 :user
> "albinus" :host "gandalf" :port "sudo" :require (:secret :user) :create t)
> Save auth info to secrets collection session? [y/n/N/?] y
> secrets-create-item: wrote 1 new item to session
> Saved new authentication information to session
> --8<---------------cut here---------------end--------------->8---
>
> And the new entry shall be in your "Login" collection.
>
> > Ethan
>
> Best regards, Michael.
>
