Re: gnome-keyring Problems integrating DBus code into Gnome Keyring

From: David Woodhouse <dwmw2 infradead org>
To: "Sviatko, StephenX A" <stephenx a sviatko intel com>
Cc: "chrisrossimail gmail com" <chrisrossimail gmail com>, Stef Walter <stefw collabora co uk>, "gnome-keyring-list gnome org" <gnome-keyring-list gnome org>
Subject: Re: gnome-keyring Problems integrating DBus code into Gnome Keyring
Date: Mon, 13 Jun 2011 19:17:16 +0100

On Mon, 2011-06-13 at 10:58 -0700, Sviatko, StephenX A wrote:
> 1. We will change the current IPC method in ntlm_auth to make the
> appropriate DBus method calls to the daemon

Ok. Hopefully you'll be able to have that working by the end of the day?

> 2. We will add the necessary intelligence to the following functions in gkd-secret-ntlm.c:

No, I did that already.

> 3. The code that does the kinit (that is currently in sso.c) will be
> integrated into the above functions as needed.

Let's see if we can do what Stef suggested for Kerberos. Rather than
doing the full kinit thing from gkr, just do the basic 'processing' step
on the password, and hook that into the Kerberos library somehow.

You'll need to look at the Kerberos library (or krb5-auth-dialog), find
where it 'processes' the password, and work out how to hook into that.

Then you'll probably want to add a new function, along the lines of the
two NTLM functions, called org.gnome.keyring.Credential.KrbChallenge or
something like that.

> 4. The code that spawns the password dialog will be integrated into
> the above functions as needed. We have rewritten the password dialog
> subsystem using gtk instead of Qt and have implemented a shared memory
> IPC between the daemon and the password dialog, in order to more
> tightly integrate this piece into the project as a whole.

The dæmon shouldn't be involved directly with the UI at all. Let's use
krb5-auth-dialog for this. When it attempts to obtain a TGT using the
password in gkr, and fails with an incorrect password, krb5-auth-dialog
itself can prompt for a new password. Then it can validate the new
password by actually obtaining a TGT, then tell gkr to change the
password accordingly.

> 5. ntlm_auth will listen for DBus signals from the daemon when
> necessary so it is not blocking on any DBus method calls "with reply".

The calls that ntlm_auth will be doing should return immediately. I
don't see why you need to change anything there.

> A problem I am running into, however, is after I build and run the daemon (the new one you have posted), I try to invoke the method calls using the dbus-send command string you used and I get the following errors:
> 
> $ dbus-send  --print-reply --dest=org.gnome.keyring /org/freedesktop/secrets/collection/login org.gnome.keyring.Credential.Ntlm.StartChallenge
> Error org.freedesktop.DBus.Error.UnknownMethod: Method "StartChallenge" with signature "" on interface "org.gnome.keyring.Credential.Ntlm" doesn't exist
> 
> A quick examination of the Introspect string shows:
> 
> --- a/daemon/dbus/gkd-secret-introspect.c
> +++ b/daemon/dbus/gkd-secret-introspect.c
> @@ -86,11 +86,12 @@ const gchar *gkd_secret_introspect_collection =
>         "\n"
>         "       <interface name='org.gnome.keyring.Credential.Ntlm'>\n"
>         "               <method name='StartChallenge'>\n"
> -       "                       <arg name='output' type='ay' direction='out'/>\n"
> +       "                       <arg name='output' type='s' direction='out'/>\n"
>         "               </method>\n"
>         "               <method name='SignChallenge'>\n"
> -       "                       <arg name='input' type='ay' direction='in'/>\n"
> -       "                       <arg name='output' type='ay' direction='out'/>\n"
> +       "                       <arg name='input' type='s' direction='in'/>\n"
> +       "                       <arg name='username' type='s' direction='in'/>\n"
> +       "                       <arg name='output' type='s' direction='out'/>\n"
>         "               </method>\n"
>         "       </interface>\n"
> 
> I think I am spelling everything correctly and using the correct object name, interface name, method name, etc.. do you have any idea what I am doing wrong? How exactly did you test this functionality with dbus-send? I want to make sure this works manually before I add the code I wrote to make the method calls to ntlm_auth..

You didn't cut and paste it from my email?

Make sure you're actually running the new gkr, and stick some debugging
into gkd_secret_service_filter_handler() and service_dispatch_message()
functions. How do you think I came up with commit 66a296bb ?

-- 
dwmw2

References:
- Re: gnome-keyring Problems integrating DBus code into Gnome Keyring
  - From: Stef Walter
- Re: gnome-keyring Problems integrating DBus code into Gnome Keyring
  - From: David Woodhouse
- Re: gnome-keyring Problems integrating DBus code into Gnome Keyring
  - From: Sviatko, StephenX A

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]