Function: auth-source-macos-keychain-search-items

auth-source-macos-keychain-search-items is a byte-compiled function defined in auth-source.el.gz.

Signature

(auth-source-macos-keychain-search-items COLL TYPE MAX HOST PORT USER &key LABEL TYPE &allow-other-keys)

Source Code

;; Defined in /usr/src/emacs/lisp/auth-source.el.gz
(cl-defun auth-source-macos-keychain-search-items (coll _type _max
                                                        host port user
                                                   &key label type
                                                   &allow-other-keys)
  (let* ((keychain-generic (eq type 'macos-keychain-generic))
         (args `(,(if keychain-generic
                      "find-generic-password"
                    "find-internet-password")
                 "-g"))
         (ret (list :type type)))
    (when label
      (setq args (append args (list "-l" label))))
    (when host
      (setq args (append args (list (if keychain-generic "-c" "-s") host))))
    (when user
      (setq args (append args (list "-a" user))))

    (when port
      (if keychain-generic
          (setq args (append args (list "-s" port)))
        (setq args (append args (if (string-match-p "\\`[[:digit:]]+\\'" port)
                                    (list "-P" port)
                                  (list "-r" (substring
                                              (format "%-4s" port)
                                              0 4)))))))

    (unless (equal coll "default")
      (setq args (append args (list coll))))

    (with-temp-buffer
      (apply #'call-process "/usr/bin/security" nil t nil args)
      (goto-char (point-min))
      (while (not (eobp))
        (cond
         ((looking-at "^password: \\(?:0x[0-9A-F]+\\)? *\"\\(.+\\)\"")
          (setq ret (auth-source-macos-keychain-result-append
                     ret
                     keychain-generic
                     "secret"
                     (let ((v (auth-source--decode-octal-string
                               (match-string 1))))
                       (lambda () v)))))
         ;; TODO: check if this is really the label
         ;; match 0x00000007 <blob>="AppleID"
         ((looking-at
           "^[ ]+0x00000007 <blob>=\\(?:0x[0-9A-F]+\\)? *\"\\(.+\\)\"")
          (setq ret (auth-source-macos-keychain-result-append
                     ret
                     keychain-generic
                     "label"
                     (auth-source--decode-octal-string (match-string 1)))))
         ;; match "crtr"<uint32>="aapl"
         ;; match "svce"<blob>="AppleID"
         ((looking-at
           "^[ ]+\"\\([a-z]+\\)\"[^=]+=\\(?:0x[0-9A-F]+\\)? *\"\\(.+\\)\"")
          (setq ret (auth-source-macos-keychain-result-append
                     ret
                     keychain-generic
                     (auth-source--decode-octal-string (match-string 1))
                     (auth-source--decode-octal-string (match-string 2))))))
        (forward-line)))
    ;; return `ret' iff it has the :secret key
    (and (plist-get ret :secret) (list ret))))