Merge pull request zalando#22 from ukautz/fix-secret-service-access

Fallback to default secret object path
mrueg · Feb 21, 2018 · 6d81c29 · 6d81c29
2 parents 11d2cc6 + 07ffb51
commit 6d81c29
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 12 deletions.
diff --git a/keyring_linux.go b/keyring_linux.go
@@ -2,7 +2,6 @@ package keyring
 
 import (
 	"fmt"
-
 	"github.com/godbus/dbus"
 	"github.com/zalando/go-keyring/secret_service"
 )
@@ -31,7 +30,7 @@ func (s secretServiceProvider) Set(service, user, pass string) error {
 
 	secret := ss.NewSecret(session.Path(), pass)
 
-	collection := svc.GetCollection("login")
+	collection := svc.GetLoginCollection()
 
 	err = svc.Unlock(collection.Path())
 	if err != nil {
@@ -50,7 +49,7 @@ func (s secretServiceProvider) Set(service, user, pass string) error {
 
 // findItem looksup an item by service and user.
 func (s secretServiceProvider) findItem(svc *ss.SecretService, service, user string) (dbus.ObjectPath, error) {
-	collection := svc.GetCollection("login")
+	collection := svc.GetLoginCollection()
 
 	search := map[string]string{
 		"username": user,

diff --git a/secret_service/secret_service.go b/secret_service/secret_service.go
@@ -3,19 +3,22 @@ package ss
 import (
 	"fmt"
 
+	"errors"
 	"github.com/godbus/dbus"
 )
 
 const (
-	serviceName         = "org.freedesktop.secrets"
-	servicePath         = "/org/freedesktop/secrets"
-	serviceInterface    = "org.freedesktop.Secret.Service"
-	collectionInterface = "org.freedesktop.Secret.Collection"
-	itemInterface       = "org.freedesktop.Secret.Item"
-	sessionInterface    = "org.freedesktop.Secret.Session"
-	promptInterface     = "org.freedesktop.Secret.Prompt"
-
-	collectionBasePath = "/org/freedesktop/secrets/collection/"
+	serviceName          = "org.freedesktop.secrets"
+	servicePath          = "/org/freedesktop/secrets"
+	serviceInterface     = "org.freedesktop.Secret.Service"
+	collectionInterface  = "org.freedesktop.Secret.Collection"
+	collectionsInterface = "org.freedesktop.Secret.Service.Collections"
+	itemInterface        = "org.freedesktop.Secret.Item"
+	sessionInterface     = "org.freedesktop.Secret.Session"
+	promptInterface      = "org.freedesktop.Secret.Prompt"
+
+	loginCollectionAlias = "/org/freedesktop/secrets/aliases/default"
+	collectionBasePath   = "/org/freedesktop/secrets/collection/"
 )
 
 // Secret defines a org.freedesk.Secret.Item secret struct.
@@ -67,11 +70,37 @@ func (s *SecretService) OpenSession() (dbus.BusObject, error) {
 	return s.Object(serviceName, sessionPath), nil
 }
 
+// CheckCollectionPath accepts dbus path and returns nil if the path is found
+// in the collection interface (and can be used).
+func (s *SecretService) CheckCollectionPath(path dbus.ObjectPath) error {
+	obj := s.Conn.Object(serviceName, servicePath)
+	val, err := obj.GetProperty(collectionsInterface)
+	if err != nil {
+		return err
+	}
+	paths := val.Value().([]dbus.ObjectPath)
+	for _, p := range paths {
+		if p == path {
+			return nil
+		}
+	}
+	return errors.New("path not found")
+}
+
 // GetCollection returns a collection from a name.
 func (s *SecretService) GetCollection(name string) dbus.BusObject {
 	return s.Object(serviceName, dbus.ObjectPath(collectionBasePath+name))
 }
 
+// GetLoginCollection decides and returns the dbus collection to be used for login.
+func (s *SecretService) GetLoginCollection() dbus.BusObject {
+	path := dbus.ObjectPath(collectionBasePath + "login")
+	if err := s.CheckCollectionPath(path); err != nil {
+		path = dbus.ObjectPath(loginCollectionAlias)
+	}
+	return s.Object(serviceName, path)
+}
+
 // Unlock unlocks a collection.
 func (s *SecretService) Unlock(collection dbus.ObjectPath) error {
 	var unlocked []dbus.ObjectPath