[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: Invoking "kcheckpass" from the terminal
From:       "Franklin, Jason" <jason.franklin () quoininc ! com>
Date:       2019-08-12 20:18:50
Message-ID: CAD-F7+XNp=+a4MwrzSpKCNC9onos6iOCG3ZGAXKUOcRXHLxv6w () mail ! gmail ! com
[Download RAW message or body]

Martin,

Good to hear from you.

> I was probably the last one who touched the code and performed cleanups.
> Kcheckpass is not meant to be used from a command line - I'm sorry,
> that's just not the use case. We only use the binary protocol in
> kscreenlocker and removed everything else. The implementation is in:
> https://cgit.kde.org/kscreenlocker.git/tree/greeter/authenticator.cpp

This is all fine.  I can understand that most of this was done in the interest
of improving the security profile.

I do see, however, that much of the commentary in the code is out of sync
with the code's behavior.  An example is here:

https://cgit.kde.org/kscreenlocker.git/tree/kcheckpass/kcheckpass.c

The header in that file was quite confusing to me after looking at the
code and comparing.  The same goes for other files under the
kcheckpass/ directory in the kscreenlocker repository.

I'd like to help with cleaning some of this up, but I'm a new contributor and
would need permission/guidance from someone involved.

> It's a pretty much stand alone class, so you can wrap this in an own
> class to interact with it.

Debugging this region in the code has proved to be quite difficult.  Installing
the dbgsym package wasn't sufficient, and I've been trying to move forward in
another way for some time now.

When you say "wrap this in an own class", I'm afraid I don't follow.
It's probably
too much to ask for an example, but it would be a great help.  Otherwise,  I'll
keep plugging away!

I see also that test programs were added for kcheckpass at some point. Are these
still functional?  If so, how could I compile and run them?  See link:

https://cgit.kde.org/kscreenlocker.git/tree/tests/kcheckpass_test.cpp

Ultimately, I'd like to give back by updating the README file for kcheckpass
with debugging instructions.  That is, of course, if I end up making progress.

Best,
JF

On Mon, Aug 12, 2019 at 3:42 PM Martin Flöser <mgraesslin@kde.org> wrote:
>
> Am 2019-08-12 16:20, schrieb Franklin, Jason:
> > On Fri, Aug 9, 2019 at 8:15 PM Thiago Macieira <thiago@kde.org> wrote:
> >>
> >> On Thursday, 8 August 2019 12:00:34 PDT Franklin, Jason wrote:
> >> > However, after trying several invocations, I can't get the tool to behave as
> >> > expected (i.e., take a password on stdin and exit with 0/1 on success/
> >> > failure).
> >>
> >> That's because the tool does not take the password on stdin.
> >>
> >> $ /usr/lib64/libexec/kcheckpass
> >> Only binary protocol supported
> >>
> >> You need to pass a file descriptor number with the -S option.
> >
> > This is what I discovered when trying it myself.  This means that the
> > commentary in the code for kcheckpass is way out of sync with the
> > actual
> > behavior of the tool.
> >
> > I think this should be fixed, and I'd be willing to help.
> >
> > I'm also curious, why doesn't the following work?
> >
> >   echo -n 'test' | /usr/lib64/libexec/kcheckpass -S 0
> >
> > I get "Communication breakdown on write".  Seems like passing to stdin
> > with
> > file descriptor 0 should work.
> >
> >> kcheckpass.c also makes debugging difficult, by setting a bunch of
> >> options to
> >> prevent unauthorised attaching to the process. You need to modify the
> >> source
> >> to turn those off.
> >
> > I really appreciate your response and the tip you provided here.  I'll
> > do my best to
> > investigate further.
> >
> > However, I've noticed that this process is not well-documented at all.
> > The README
> > file included with kcheckpass isn't very helpful in guiding someone to
> > debugging
> > the code.  Also, installing a Debian dbgsym package doesn't seem to be
> > sufficient, as
> > you noted here.
> >
> > I'd be very willing to help with this, but the package maintainers
> > haven't responded
> > to my query yet.  I submitted the bug report below:
> >
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934185
> >
> > I'm still hoping to hear back!
>
> I was probably the last one who touched the code and performed cleanups.
> Kcheckpass is not meant to be used from a command line - I'm sorry,
> that's just not the use case. We only use the binary protocol in
> kscreenlocker and removed everything else. The implementation is in:
> https://cgit.kde.org/kscreenlocker.git/tree/greeter/authenticator.cpp
>
> It's a pretty much stand alone class, so you can wrap this in an own
> class to interact with it.
>
> Cheers
> Martin
>
[prev in list] [next in list] [prev in thread] [next in thread]