On Tue, Apr 25, 2017 at 09:47:24AM -0500, Dan Williams wrote:
>On Tue, 2017-04-25 at 07:45 +0000, David Härdeman wrote:
>> April 24, 2017 5:49 PM, "Dan Williams" wrote:
>>>
>>> It's not clear that the GNOME side was implemented correctly yet
On Tue, Apr 25, 2017 at 09:21:19PM +0200, David Härdeman wrote:
>On Tue, Apr 25, 2017 at 09:54:45AM +0200, David Herrmann wrote:
>>No, it does not. sd-bus was inconsistent. See, there are 3 things
>>involved in the Object-Manager:
>>
>>Signal: InterfacesAdded
>>
On Tue, Apr 25, 2017 at 09:54:45AM +0200, David Herrmann wrote:
>On Tue, Apr 25, 2017 at 9:40 AM, David Härdeman wrote:
>> April 21, 2017 1:22 PM, "David Herrmann" wrote:
>>> This change makes sure all objects have the built-in interfaces
>>> reported at al
April 25, 2017 9:54 AM, "David Herrmann" wrote:
> Hi
>
> On Tue, Apr 25, 2017 at 9:40 AM, David Härdeman wrote:
>
>> April 21, 2017 1:22 PM, "David Herrmann" wrote:
>>> On Fri, Apr 21, 2017 at 11:50 AM, David Härdeman wrote:
>>
>&g
April 24, 2017 5:49 PM, "Dan Williams" wrote:
> On Mon, 2017-04-24 at 16:50 +0200, Lennart Poettering wrote:
>> On Fri, 21.04.17 13:22, David Herrmann (dh.herrm...@gmail.com) wrote:
>>
> Anyway, gdbus bugs aside, it seems that the interfaces
> reported by
> sd-bus should match what gd
April 21, 2017 1:22 PM, "David Herrmann" wrote:
> On Fri, Apr 21, 2017 at 11:50 AM, David Härdeman wrote:
>> On Thu, Apr 20, 2017 at 02:19:22PM +0200, David Herrmann wrote:
>>> On Thu, Apr 20, 2017 at 12:06 PM, David Härdeman wrote:
>> I'm implementing
April 24, 2017 4:51 PM, "Lennart Poettering" wrote:
> On Fri, 21.04.17 13:22, David Herrmann (dh.herrm...@gmail.com) wrote:
>
>> Anyway, gdbus bugs aside, it seems that the interfaces reported by
>> sd-bus should match what gdbus does? (assuming, of course, that gdbus
>> can be considered the "r
On Thu, Apr 20, 2017 at 02:19:22PM +0200, David Herrmann wrote:
>On Thu, Apr 20, 2017 at 12:06 PM, David Härdeman wrote:
>> Hi,
>>
>> I'm implementing a server which creates an ObjectManager using the
>> sd-bus API and there seems to be some differences between ho
Hi,
I'm implementing a server which creates an ObjectManager using the
sd-bus API and there seems to be some differences between how gdbus and
sd-bus implements the API.
I implemented a simple ObjectManager at /org/gnome/TestManager which
exports objects /org/gnome/TestManager/fooX with interface
On Sat, Jun 27, 2015 at 09:22:45AM +0200, David Härdeman wrote:
>On Thu, Jun 25, 2015 at 04:25:29PM +0200, David Herrmann wrote:
>>On Tue, Jun 23, 2015 at 2:41 PM, David Härdeman wrote:
>...
>>> Now, a question...how is an object manager supposed to be implemented in
>>
On Thu, Jun 25, 2015 at 04:25:29PM +0200, David Herrmann wrote:
>On Tue, Jun 23, 2015 at 2:41 PM, David Härdeman wrote:
...
>> Now, a question...how is an object manager supposed to be implemented in
>> sd-bus?
>>
>> I've seen that there's a sd_bus_add_
Hi,
as an experiment I've tried porting a toy dbus daemon over to sd-bus. It
seems to be working well so far and I have to say I really like the
sd-bus API over the gdbus one (sd-bus feels like I'm still writing
C...can't say the same thing about gdbus).
Now, a question...how is an object ma
a workaround...
...
On Wed, Feb 05, 2014 at 12:16:00AM +0100, Lennart Poettering wrote:
On Thu, 30.01.14 10:40, David Härdeman (da...@hardeman.nu) wrote:
> b) the password agent implementation in systemd doesn't seem to
> handle binary strings (i.e. strings with '\0'), as c
The error path in efivar_get free's what would have been
the copy of the string if the strcpy had succeeded, which
it did not (or we wouldn't be in the error path).
Signed-off-by: David Härdeman
---
src/efi/util.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
On Thu, Jul 03, 2014 at 01:41:43PM +0200, Lennart Poettering wrote:
>On Fri, 27.06.14 01:54, David Härdeman (da...@hardeman.nu) wrote:
>
>> Add binary string handling functions and extend the password agent
>> protocol to support binary strings (using "=" as a
char *icon, const char *id,
- usec_t until, bool accept_cached, char ***_passphrases);
+ usec_t until, bool accept_cached, bstr ***_passphrases);
int ask_password_auto(const char *message, const char *icon, const char *id,
- usec_t until, bool
nth ago?
Yes, patches 1/3 and 2/3 were committed very recently and I still need
to post patch 3/3. Then a separate patch is necessary for the cryptsetup
package in Debian and after that, keyscript= will work for Debian at
least.
--
David Härdeman
___
sy
Add an (optional) "Id" key in the password agent .ask files. The Id is
supposed to be a simple string in ":" form which
is used to provide more information on what the requested passphrase
is to be used for (which e.g. allows an agent to only react to cryptsetup
requests).
(v2: rebased, fixed inde
++--
src/shared/ask-password-api.h |6 --
4 files changed, 43 insertions(+), 11 deletions(-)
--
David Härdeman
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
The command line key-size is in bits but the libcryptsetup API expects bytes.
Note that the modulo 8 check is in the original cryptsetup binary as well, so
it's no new limitation.
(v2: changed the point at which the /= 8 is performed, rebased, removed tabs)
---
src/cryptsetup/cryptsetup.c | 11
On Tue, Mar 25, 2014 at 09:50:10AM +0100, Benjamin SANS wrote:
>* On Tuesday, 25 March 2014 01:46, David Härdeman wrote:
>> Bejamin's approach does not seem to solve the binary key part of the
>> puzzle either...(passing binary keys from the keyscript, as opposed to
>>
On Tue, Mar 25, 2014 at 01:58:27AM +0100, Lennart Poettering wrote:
>On Tue, 04.02.14 00:57, David Härdeman (da...@hardeman.nu) wrote:
>
>Sorry for the later review!
>
>> Add binary string handling functions and extend the password agent
>> protocol to support binary string
On Tue, Mar 25, 2014 at 01:03:48AM +0100, Lennart Poettering wrote:
>On Wed, 12.02.14 23:55, David Härdeman (da...@hardeman.nu) wrote:
>> -r = ask_password_auto(text, "drive-harddisk", until, accept_cached,
>> passwords);
>> +if (asprintf(
On Tue, Mar 25, 2014 at 01:03:48AM +0100, Lennart Poettering wrote:
>On Wed, 12.02.14 23:55, David Härdeman (da...@hardeman.nu) wrote:
>> Add an (optional) "Id" key in the password agent .ask files. The Id is
>> supposed to be a simple string in ":" fo
The command line key-size is in bits but the libcryptsetup API expects bytes.
---
src/cryptsetup/cryptsetup.c |8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index f72cf9f..e7e8066 100644
--- a/src/cryptsetup/
Add an (optional) "Id" key in the password agent .ask files. The Id is
supposed to be a simple string in ":" form which
is used to provide more information on what the requested passphrase
is to be used for (which e.g. allows an agent to only react to cryptsetup
requests).
---
src/ask-password/ask
Fix askpass overflow in reading a passphrase from a tty.
Doesn't seem security sensitive, but add a check for correctness.
---
src/shared/ask-password-api.c |5 +
1 file changed, 5 insertions(+)
diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index 1c18274..045c
t small fixes.
I've left out the binary protocol patch for now.
---
David Härdeman (3):
Add more password agent information
Fix keysize handling in cryptsetup (bits vs. bytes)
Fix askpass buffer overflow
src/ask-password/ask-password.c | 14 +++---
src/cryptsetup/cry
On Wed, Feb 05, 2014 at 12:16:00AM +0100, Lennart Poettering wrote:
>On Thu, 30.01.14 10:40, David Härdeman (da...@hardeman.nu) wrote:
>> This issue is fixable with minor upstream changes, e.g. by extending
>> the PasswordAgent protocol to add "Subsystem=cryptsetup" and
&g
usec_t until, bool accept_cached, bstr ***_passphrases);
int ask_password_auto(const char *message, const char *icon, const char
*purpose, const char *target,
- usec_t until, bool accept_cached, char ***_passphrases);
+ usec_t until, bool accept_
Fix askpass overflow in reading a passphrase from a tty.
Doesn't seem security sensitive, but add a check for correctness.
---
src/shared/ask-password-api.c |5 +
1 file changed, 5 insertions(+)
diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index 553debc..499e
The command line key-size is in bits but the libcryptsetup API expects bytes.
---
src/cryptsetup/cryptsetup.c |8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 4a32856..c01ed01 100644
--- a/src/cryptsetup/
Add (optional) "Purpose" and "Target" keys in the password agent .ask
files. These are used to provide more information on what the requested
passphrase is to be used for (which e.g. allows an agent to only listen
to cryptsetup requests).
---
src/ask-password/ask-password.c | 22
edback and see if the overall approach is considered ok or not first.
---
David Härdeman (4):
Add more password agent information
Fix keysize handling in cryptsetup (bits vs. bytes)
Fix askpass buffer overflow
Add binary password agent protocol
M
ly not the most qualified
to evaluate the situation.
That said, reading the upstream discussion, I guess we have 3 options
a/ do nothing about it
b/ apply the patch from David Härdeman downstream and maintaining it as
a downstream patch forever
c/ try to implement keyscript support based on the PasswordA
On Tue, 10 Jul 2012 16:25:50 +0200, Lennart Poettering
wrote:
> On Tue, 10.07.12 10:35, David Härdeman (da...@hardeman.nu) wrote:
>> Whenever a user comes up with another scheme for storing keys (you've
>> already seen some...like storing keys between the MBR and first
&g
On Mon, Jul 09, 2012 at 10:49:56PM +0200, Lennart Poettering wrote:
>On Fri, 29.06.12 00:56, David Härdeman (da...@hardeman.nu) wrote:
>
>> Debian's cryptsetup package supports the keyscript= option in /etc/crypttab
>>
>> This patch is a first attempt at implementin
Debian's cryptsetup package supports the keyscript= option in /etc/crypttab
This patch is a first attempt at implementing support for the same option
in systemd. It is not at exact feature parity yet (environment variables
are missing and relative paths are not supported), but it's a start.
I'm n
38 matches
Mail list logo