Re: gnome-keyring Problems integrating DBus code into Gnome Keyring

[Stef Walter <stefw collabora co uk>]

On 05/19/2011 12:45 AM, Sviatko, StephenX A wrote:
> We are running into problems with code we have inserted into Gnome
> Keyring which opens it's own DBus connection separate from the DBus
> subsystem/Secret Service API you have supplied.

Why are you using a different DBus connection? The separate connection
needs probably needs to be integrated with the main loop properly. But
multiple services can use the same connection without a problem. It
doesn't seem necessary to me, but maybe I'm missing something.

I'm interested in the future providing a way to do an NTLM challenge
(and other forms of authentication 'chats') against the various secrets
in gnome-keyring. So I think we should integrate this properly. Here's
what I was thinking.

You didn't post anything about your DBus interface, so please bear with
me if I don't make sense :)

1. I would suggest a DBus interface that looks like this:

org.gnome.keyring.Auth.NtlmAuthentication:
   SignChallenge(in ByteArray input, out ByteArray output)

This interface would be implemented by any secret/password in the daemon
that supports NTLM authentication. Currently this would just be the
'master' login password.

2. The master password for a collection doesn't have a DBus object path
associated with it in the secret service API [1]. So we would extend the
secret service API and add an object path for the master password for a
collection.

3. The login keyring will always be at:

/org/freedesktop/secrets/collection/login

So that's basically how it would work. I don't think we need to handle
the phase 1 of the NTLM challenge, just phase 3. But if necessary, we
could extend that NtlmAuthentication interface to do both phases.

What do you think?

Cheers,

Stef