Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fetching password through secret service fails if "Confirm when passwords are retrieved" is checked #9334

Closed
phuhl opened this issue Apr 19, 2023 · 4 comments

Comments

@phuhl
Copy link

phuhl commented Apr 19, 2023

Overview

When having the option "Confirm when passwords are retrieved by clients" is checked in the Secret service tab and I want to access a password (in my case through emacs' secrets.el) a confirmation prompt should pop up. Instead nothing happens and the client recieves an "org.freedesktop.Secret.Error.IsLocked".

image

Steps to Reproduce

  1. Enable a database "MyDb" with an entry "MyPassword" to be queriable through secret service
  2. In Emacs run:
    (require 'secrets nil t)
    (secrets-open-session)
    (secrets-unlock-collection "MyDb")
    (secrets-get-secret  "MyDb" "MyPassword")
    
  3. Error org.freedesktop.Secret.Error.IsLocked

Expected Behavior

A prompt should appear that let's me accept the access request. If I accept, in emacs the password should be retrieved.

Actual Behavior

Emacs recieves IsLocked.

Context

When turning the "Confirm when passwords are retrieved by clients" toggle off, the before-mentioned steps succeed and retrieve the password.

KeePassXC - Version 2.7.4
Revision: 63b2394

Qt 5.15.9
Debugging mode is disabled.

Operating system: Arch Linux
CPU architecture: x86_64
Kernel: linux 6.2.10-arch1-1

Enabled extensions:

  • Auto-Type
  • Browser Integration
  • SSH Agent
  • KeeShare
  • YubiKey
  • Secret Service Integration

Cryptographic libraries:

  • Botan 2.19.3

Operating System: Linux
Desktop Env: river
Windowing System: Wayland

@phuhl phuhl added the bug label Apr 19, 2023
@droidmonkey
Copy link
Member

droidmonkey commented Apr 19, 2023

This is very likely on emacs side and not supporting the approval workflow. Support for secret service is incredibly varied, we have found a few clients that did not implement the protocol correctly or only a small portion of the protocol. KeePassXC follows the standard as best as we can.

I recommend opening a ticket with emacs.

@phuhl
Copy link
Author

phuhl commented Apr 19, 2023

Ok, I see. I am looking at the secret service protocol to make out where the issue might lie within the secrets.el Emacs module. I did not really find anything regarding the approval workflow. Could you point me to the name as in the spec?

@phuhl
Copy link
Author

phuhl commented Apr 19, 2023

Nevermind, you are right, the bug was in secrets.el. Closing

@phuhl phuhl closed this as completed Apr 19, 2023
@phuhl
Copy link
Author

phuhl commented Apr 20, 2023

Just fyi if anybody has a similar issue, here is the upstream ticket I opened: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=62952

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants