Re: D-Bus: Getting secrets through dbus-send

From: Dan Williams <dcbw redhat com>
To: Damien Cassou <damien cassou me>, networkmanager-list gnome org
Subject: Re: D-Bus: Getting secrets through dbus-send
Date: Mon, 26 Nov 2018 14:08:21 -0600

On Mon, 2018-11-26 at 09:49 +0100, Damien Cassou wrote:

Hi,

I want to better integrate NetworkManager with Emacs: I want an Emacs
interface to start/stop connections, to see which
devices/connections/access-points are available. I also want Emacs to
present an interface when NetworkManager needs a password.

For that, I'm trying to implement a D-Bus SecretAgent for
NetworkManager. To test that it is working, I'm using dbus-send, but
this fails:

$ dbus-send --print-reply --system --
dest=org.freedesktop.NetworkManager
/org/freedesktop/NetworkManager/Settings/57
org.freedesktop.NetworkManager.Connection.GetSecrets array:string:
Error org.freedesktop.DBus.Error.AccessDenied: Rejected send message,
2 matched rules; type="method_call", sender=":1.4263" (uid=1000
pid=20511 comm="/usr/bin/dbus-send --print-reply --system --dest=o"
label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023")
interface="org.freedesktop.NetworkManager.Connection"
member="GetSecrets" error name="(unset)" requested_reply="0"
destination="org.freedesktop.NetworkManager" (uid=0 pid=1431
comm="/usr/sbin/NetworkManager --no-daemon "
label="system_u:system_r:NetworkManager_t:s0")

What does it mean please?


It's D-Bus saying that the request wasn't correct.  Let's assume first
that you're using NM 1.0 or later. Two problems:

1) The interface + method should be:

org.freedesktop.NetworkManager.Settings.Connection.GetSecrets

note the ".Settings" in there. See:

https://developer.gnome.org/NetworkManager/unstable/gdbus-org.freedesktop.NetworkManager.Settings.Connection.html

2) the arguments you want to pass should be:

string:<setting name>

not "array:string:". In the link above, anything that is an "IN"
argument should be an arg you pass. Here the method defines its
arguments as "IN s setting_name" which means it's a string argument.

The <setting name> is the name of the setting for which you'd like to
get secrets, like "802-11-wireless-security" or "802-1x". Yes, you may
need a bit of logic to figure out which setting to pass, but there
aren't too many.  You can use the type name (eg the connection.type
field) for <setting_name> except for WiFi and wired 802.1x. If an 802-
1x setting exists for the connection, then just ask for 802-1x secrets.
If not and it's WiFi, then ask for 802-11-wireless-security.  That
should be it for the usual special-cases.

So with these changes you'll get something like:

$ sudo dbus-send --print-reply --system \
  --dest=org.freedesktop.NetworkManager \
  /org/freedesktop/NetworkManager/Settings/57 \
  org.freedesktop.NetworkManager.Settings.Connection.GetSecrets \
  string:802-11-wireless-security
method return time=1543262087.143600 sender=:1.14 ->
destination=:1.7075 serial=410592 reply_serial=2
   array [
      dict entry(
         string "ipv4"
         array [
         ]
      )
      dict entry(
         string "connection"
         array [
         ]
      )
      dict entry(
         string "802-11-wireless-security"
         array [
            dict entry(
               string "psk"
               variant                   string "mypassword333"
            )
         ]
      )
      dict entry(
         string "ipv6"
         array [
         ]
      )
      dict entry(
         string "802-11-wireless"
         array [
         ]
      )
      dict entry(
         string "proxy"
         array [
         ]
      )
   ]

Dan

Follow-Ups:
- Re: D-Bus: Getting secrets through dbus-send
  - From: Damien Cassou

References:
- D-Bus: Getting secrets through dbus-send
  - From: Damien Cassou

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]