Re: gnome-keyring Problems integrating DBus code into Gnome Keyring

From: "Sviatko, StephenX A" <stephenx a sviatko intel com>
To: David Woodhouse <dwmw2 infradead org>, Stef Walter <stefw collabora co uk>
Cc: "chrisrossimail gmail com" <chrisrossimail gmail com>, "gnome-keyring-list gnome org" <gnome-keyring-list gnome org>
Subject: Re: gnome-keyring Problems integrating DBus code into Gnome Keyring
Date: Mon, 13 Jun 2011 10:58:17 -0700

David,

I have done a git clone from your server of the gnome-keyring that contains all the new code that has been added to deal with NTLM challenges. I have examined what has been added, and I think that things are clearer now in regards to how you want this feature implemented.

Just to keep on track here, I want to update you on what our workflow will be for the next few days:

1. We will change the current IPC method in ntlm_auth to make the appropriate DBus method calls to the daemon
2. We will add the necessary intelligence to the following functions in gkd-secret-ntlm.c:

+static gchar *process_start_challenge (gpointer secret, gsize n_secret,
+                                      GError **error);
+static gchar *process_sign_challenge (gchar *input, gchar *username,
+                                      gpointer master, gsize n_master,
+                                      GError **error);

3. The code that does the kinit (that is currently in sso.c) will be integrated into the above functions as needed.
4. The code that spawns the password dialog will be integrated into the above functions as needed. We have rewritten the password dialog subsystem using gtk instead of Qt and have implemented a shared memory IPC between the daemon and the password dialog, in order to more tightly integrate this piece into the project as a whole.
5. ntlm_auth will listen for DBus signals from the daemon when necessary so it is not blocking on any DBus method calls "with reply".

A problem I am running into, however, is after I build and run the daemon (the new one you have posted), I try to invoke the method calls using the dbus-send command string you used and I get the following errors:

$ dbus-send  --print-reply --dest=org.gnome.keyring /org/freedesktop/secrets/collection/login org.gnome.keyring.Credential.Ntlm.StartChallenge
Error org.freedesktop.DBus.Error.UnknownMethod: Method "StartChallenge" with signature "" on interface "org.gnome.keyring.Credential.Ntlm" doesn't exist

A quick examination of the Introspect string shows:

--- a/daemon/dbus/gkd-secret-introspect.c
+++ b/daemon/dbus/gkd-secret-introspect.c
@@ -86,11 +86,12 @@ const gchar *gkd_secret_introspect_collection =
        "\n"
        "       <interface name='org.gnome.keyring.Credential.Ntlm'>\n"
        "               <method name='StartChallenge'>\n"
-       "                       <arg name='output' type='ay' direction='out'/>\n"
+       "                       <arg name='output' type='s' direction='out'/>\n"
        "               </method>\n"
        "               <method name='SignChallenge'>\n"
-       "                       <arg name='input' type='ay' direction='in'/>\n"
-       "                       <arg name='output' type='ay' direction='out'/>\n"
+       "                       <arg name='input' type='s' direction='in'/>\n"
+       "                       <arg name='username' type='s' direction='in'/>\n"
+       "                       <arg name='output' type='s' direction='out'/>\n"
        "               </method>\n"
        "       </interface>\n"

I think I am spelling everything correctly and using the correct object name, interface name, method name, etc.. do you have any idea what I am doing wrong? How exactly did you test this functionality with dbus-send? I want to make sure this works manually before I add the code I wrote to make the method calls to ntlm_auth..

Steve
________________________________________
From: David Woodhouse [dwmw2 infradead org]
Sent: Monday, June 13, 2011 7:29 AM
To: Stef Walter; Sviatko, StephenX A
Cc: chrisrossimail gmail com; gnome-keyring-list gnome org
Subject: Re: gnome-keyring Problems integrating DBus code into Gnome Keyring

On Tue, 2011-06-07 at 19:46 +0000, Stef Walter wrote:
>
> > 1. I would suggest a DBus interface that looks like this:
> >
> > org.gnome.keyring.Auth.NtlmAuthentication:
> >     SignChallenge(in ByteArray input, out ByteArray output)
>
> I've prototyped this, although with some slight changes here:
>
> https://bugzilla.gnome.org/show_bug.cgi?id=652074

Thank you. With a couple of fixes as discussed on IRC, this is now
working nicely:
        http://git.infradead.org/users/dwmw2/gnome-keyring.git
        git://git.infradead.org/users/dwmw2/gnome-keyring.git

I've been testing it with:
 dbus-send  --print-reply --dest=org.gnome.keyring /org/freedesktop/secrets/collection/login org.gnome.keyring.Credential.Ntlm.StartChallenge
 dbus-send  --print-reply --dest=org.gnome.keyring /org/freedesktop/secrets/collection/login org.gnome.keyring.Credential.Ntlm.SignChallenge string:$TYPE2 string:GER\\dwoodhou

I'll leave Chris and Stephen to:
 - Provide a replacement for Samba's /usr/bin/ntlm_auth which uses this.
 - Implement a Kerberos TGT-fetching function, using this as a template.
 - Augment krb5-auth-dialog to use that.

There is slight complexity in the Kerberos TGT fetch, because it can
take a long time so we can't use a synchronous DBus method call for it.
It'll have to be a function to start the attempt, and some kind of
signal or something on completion. Stephen, I think you can handle that?

--
dwmw2

Follow-Ups:
- Re: gnome-keyring Problems integrating DBus code into Gnome Keyring
  - From: David Woodhouse

References:
- Re: gnome-keyring Problems integrating DBus code into Gnome Keyring
  - From: Stef Walter
- Re: gnome-keyring Problems integrating DBus code into Gnome Keyring
  - From: David Woodhouse

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]