gnome-keyring-yubikey-unlock
gnome-keyring-yubikey-unlock copied to clipboard
recolic
feat: libsecret instead of libgnome-keyring-1
a little hint: https://askubuntu.com/questions/470384/is-it-possible-to-use-secret-tool-to-lookup-existing-seahorse-passwords
thanks a lot for your info! I'll look into it.
Jan 31, 2021 14:20:42 Riceball LEE [email protected]:
a little hint: https://askubuntu.com/questions/470384/is-it-possible-to-use-secret-tool-to-lookup-existing-seahorse-passwords
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub[https://github.com/recolic/gnome-keyring-yubikey-unlock/issues/2], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AEVTVEDUMFN2NEXT2JDXY53S4TZCHANCNFSM4W3BKYYQ]. [data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFQAAABUCAYAAAAcaxDBAAAAAXNSR0IArs4c6QAAAARzQklUCAgICHwIZIgAAAAySURBVHic7cEBDQAAAMKg909tDjegAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeDVulAABbzDScQAAAABJRU5ErkJggg==###24x24:true###][Tracking image][https://github.com/notifications/beacon/AEVTVECMAPAO563GBEDPNHTS4TZCHA5CNFSM4W3BKYY2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4L4K5LFA.gif]
Hi. I read the libsecret usage again (the third time), but I still don't know how to use it instead of libgnome-keyring. Here's the problem:
I'm sure that I need to use secret_service_unlock_sync(), but it seems that there's no way to pass a password into this function. It only accepts password from user input.
The function signature is here, and I have did some test on libsecret here.
// This one is easy to use
GnomeKeyringResult gnome_keyring_unlock_sync (const char *keyring, const char *password);
// This is libsecret version. It have to read password from an interactive window.
gint
secret_service_unlock_sync (SecretService *service,
GList *objects,
GCancellable *cancellable,
GList **unlocked,
GError **error);
https://stackoverflow.com/questions/69581225/gnome-keyring-unlock-sync-equivalent-in-libsecret-to-unlock-a-gnome-keyring
It should be easy:
secret_service_unlock_sync says The secret service may prompt the user. secret_service_prompt() will be used to handle any prompts that show up.
secret_service_prompt indicates that is possible to override it: Override the SecretServiceClass prompt_async virtual method to change the behavior of the propmting.
After some research, I don't think it's even possible to do that with libsecret.
libsecret will call method org.freedesktop.Secret.Prompt via DBus, and the password text does not goes to libsecret at all. After a successful prompt, it will call another method to actually unlock these keyrings. There is no existing interface to do that automatically.
This is a test to prove my idea: (Using this branch)
- Run libsecret version of unlock_keyring program.
- Now the prompt appears.
- Kill the unlock_keyring program from another SSH session.
- type my password into the prompt, and ENTER.
- Unlock the keyring in seahorse. It does not require a password anymore.
Step 5 means that, the password did not go through our program. The password was passed to libsecret through another channel (so it's impossible to modify this behavior from our program)
If you have any idea, please let me know.
If libgnome-keyring is deprecating, I think we must send raw DBus message by hand.
Maybe gnome-keyring-daemon --replace --unlock is a possible solution, but it doesn't work in my test.
https://unix.stackexchange.com/questions/602313/unlock-gnome-keyring-daemon-from-command-line
Let me know if anyone could make progress on this problem.