prompt, save and restore password with libsecret #31
Conversation
|
I've rebased, squashed and force-pushed this change and will switch from draft for proper review. |
| #if HAVE_LIBSECRET | ||
| #include <libsecret/secret.h> | ||
|
|
||
| #define MCDS_NAMESPACE "com.github.t-brown.mcds" |
There was a problem hiding this comment.
I'm not crash hot on #defines and prefer static const char. However, this does mean you can concat them easily.
There was a problem hiding this comment.
Fair enough! I don't think there's a particular need not just to put the full identifier in one string constant - do you want to do that change?
There was a problem hiding this comment.
Also, you may have a better schema id in mind - I just constructed one from this repo by default!
There was a problem hiding this comment.
Thanks for enhancing my PR @t-brown! I think it was a good idea to split out the password prompting and libsecret integration.
I have some questions about the decision tree for using the various methods.
Admittedly these were open questions when I raised the PR but I just want to check this is how you'd like it!
In particular perhaps we could think of the first time user who potentially could run without a config file if they put the URL on the command line and their user ID matched the system one?
Anyway, I think the choices you've come up with are the conservative ones which would avoid surprising behaviour for existing users and there'd be scope to change.
| fprintf(stderr, " SSL Verify : %d\n", options.verify); | ||
| fprintf(stderr, " Use .netrc : %d\n", options.netrc); | ||
| fprintf(stderr, " Use libsecret : %d\n", options.libsecret); | ||
| fprintf(stderr, " Password prompted : %d\n", options.pwprompt); |
There was a problem hiding this comment.
The reason I had "prompted" before was that I was modifying the options value with the result of whether it was actually prompted, for the purpose of saving it. If that is no longer the case you could reword it to make more sense as a config key, e.g. just "prompt".
| if (lookup_password() == 1) { | ||
| return(EXIT_FAILURE); | ||
| } |
There was a problem hiding this comment.
This means we can't fall back to prompt, .netrc or gpg if the password hasn't been cached?
There was a problem hiding this comment.
Yeah, I'm thinking these are not fall backs, rather "or"s. In my head the workflow would be to run -p the first time and then libsecret afterwards. Or you just use .netrc or gpg. But not to prompt the user, since that is an CLI option.
There was a problem hiding this comment.
Re this and last comment - I think you're unambiguously right about prompt vs .netrc/gpg but I'm not so sure when it comes to prompt vs. libsecret as I think those two modes would typically go hand-in-hand with other applications.
But I think I get more or less what I want if libsecret = yes is specified in the config as then you can simply add -p if you need to specify what that password is.
What about a command line option (e.g. -k- see below!) as a compromise to enable this config to make it easier for a first-time user to play?
| } else { | ||
| options.netrc = 0; | ||
| } | ||
| } else if (strncmp("libsecret", vals[0], 9) == 0) { |
There was a problem hiding this comment.
A thought: how about "keyring" or similar as the user-facing name for this config option as libsecret is more of an implementation detail and the user is more likely to be used to prompts from the likes of 'gnome-keyring' or 'kwallet' that actually implement the storage?
There was a problem hiding this comment.
(we'd better add to the man page too @t-brown!)
There was a problem hiding this comment.
I do like the word keyring better, however I am torn as we are using libsecret. Does kwallet use libsecret? As it's GNOME vs KDE?
In hind sight, I should have done something like the following in the rc file:
pass = netrc | gpg | keyring
There was a problem hiding this comment.
To be honest, I'm not sure how the potential backends are organised and could have been wrong to mention kwallet - I think the actual API name might be "Secrets Service". One could also perhaps generically call it a credentials cache.
Only adding libsecet ability to save the password.
This attempt to close #20 was surprisingly straightforward. Some caveats come to mind:
configure.acchanges are a bit cargo-culty - may need some attention!options.pwpromptsetting gets overwritten with whether the prompt was actually used so that main knows whether to request the password be saved upon a successful query (we don't save the decrypted or netrc passsword!). That's a change of semantics versus the other 'options'.This is what the store looks like:
How to make a first query
The password then gets stored if successful and the prompt not presented again unless run with
-p.Tested with
libsecret-1-devnot present and with./configure --disable-libsecret.