Reputation: 3229
Using Secrets API with dbus-send
I'm trying to figure out how to get a password from the keyring using dbus-send, but I'm struggling to understand what the session parameter is.
Here's where I've got to:
#!/bin/bash
# Find key path
KEY_PATH=$(dbus-send --dest=org.freedesktop.secrets --print-reply=literal /org/freedesktop/secrets org.freedesktop.Secret.Service.SearchItems dict:string:string:"mount-point","/home/s/.mozilla/firefox" | grep -Eo '/\S+')
# Unlock keyring
RESULT=$(dbus-send --dest=org.freedesktop.secrets --print-reply=literal /org/freedesktop/secrets org.freedesktop.Secret.Service.Unlock array:objpath:$KEY_PATH | grep -Eo '/\S+')
# If unlocked...
if [ "$RESULT" = "$KEY_PATH" ]; then
# Get password
PASSWORD=$(dbus-send --dest=org.freedesktop.secrets --print-reply=literal /org/freedesktop/secrets org.freedesktop.Secret.Service.GetSecrets array:objpath:$KEY_PATH objpath:<WHAT IS SESSION?>)
# Mount ecryptfs firefox directory
echo $PASSWORD | ecryptfs-simple -o key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_passthrough=no,ecryptfs_enable_filename_crypto=yes,no_sig_cache=yes /home/s/.mozilla/.firefox-ecryptfs /home/s/.mozilla/firefox
firefox $@
fi
I'm lost as to how to get a session to fetch the password.
Upvotes: 1
Views: 1688
Answers (1)
Reputation: 501
The session needs to be created using:
org.freedesktop.Secret.Service.OpenSession (
IN String algorithm,
IN Variant input,
OUT Variant output,
OUT ObjectPath result);
https://specifications.freedesktop.org/secret-service/latest/re01.html
Here is an example of creating a non-encrypted session. Be aware the password returned by GetSecret will be a plain text as it uses a non-encrypted session:
dbus-send --dest=org.freedesktop.secrets --print-reply=literal /org/freedesktop/secrets org.freedesktop.Secret.Service.OpenSession string:plain variant:string:''
The output is the objpath to the created session:
variant /org/freedesktop/secrets/session/s31
Then, theoretically, you can pass the session to GetSecrets. For example:
dbus-send --dest=org.freedesktop.secrets --print-reply=literal /org/freedesktop/secrets org.freedesktop.Secret.Service.GetSecrets array:objpath:/org/freedesktop/secrets/collection/login/6 objpath:/org/freedesktop/secrets/session/s31
Note: /org/freedesktop/secrets/collection/login/6 is the object path returned by SearchItems.
However, this does not work with dbus-send. I think this is because the session is likely closed as soon as dbus-send returns.
If you use d-feet, the session is retained until the d-feet window is closed. So, you will be able to get the password using d-feet though. But, I understood that you want to automate it.
I suggest you use python3's keyring which offers to get a password using an encrypted session.
Upvotes: 1
Related Questions
- How to unlock Gnome Keyring from Python running on a Cron Job?
- DBus Secret Service prompting
- How to unlock Gnome Keyring on Debian headless (WSL 2) and make it work in Python?
- AWS Secrets manager-SDK using python
- How to launch gnome-terminal from dbus plugin, a systemd service, using Python
- Connecting to dbus over tcp
- glib dbus service example using dbus-binding-tool?
- Connecting to DBus from emacs daemon
- How to Store OAuth Credentials With Gnome Keyring
- Can't connect to org.freedesktop.UDisks via DBus-Python