This MR introduce the org.freedesktop.secrets DBus API.
In current state, it allows kwalletd to be used as a backend for seahorse and python "SecretStorage".
The main implementation details:
- Was built over KWalletD. KWalletD holds a pointer to the KWalletFreedesktopService which holds sessions, prompts, collections and items. All of these objects inherit QDBusContext, have access to the parent KWalletD and can call its functions.
- Wallet names map to fdo collection labels, entry names map to fdo item labels with some extras:
- Wallet names must be unique, but collection labels may not be (same as entry/item). Thus, the addition of a numeric suffix was introduced for each non-unique label. For fdo api all non-unique labels will be non-unique and wallets names will be unique (e.g. fdo [label, label, label] will be [label, label__0_, label__1_] in kwallet)
- KWallet entries stores into folders, so every fdo item will be stored into "Secret Service" folder. Also there is ability for specifying folder from fdo secrets api - for this item's label must contain a folder prefix (e.g. secrets with labels [item, Passwords/item] stores as [Secret Service/item, Passowrds/item] in kwallet)
- All entries that will be created using the fdo secrets API will have a specific structure, and Wallet Manager will show this as binary data. It is because fdo items can store an arbitrary number of attributes and must store creation/modification timestamps. However, every "native" kwalletd's entry can be read from the fdo secrets API (but with some restrictions, in this case there is no creation/modification timestamps)
- Renaming of wallets was introduced because fdo secrets API has a collection renaming.
- Collection aliases (and default collection) stores in kwalletrc config.
Also there is a some flaws:
- DBus item objects creates only after collection unlocking. I don't know why this exists, but gnome-keyring creates item objects before collection unlocking. In this case, all you can do is unlock the item / collection.
- This MR introduces a session with encryption, but it does not make a sense when "Prompt when an application access a wallet" is off. This is because KWallet asks for a password for the first app but gives everyone access. Also (as I understand) KWallet identify apps for their "appid" that accepts over DBus. It is not difficult to replace it, so may be using of unique DBus connection name will be better solution.