https://bugs.kde.org/show_bug.cgi?id=458639
Bug ID: 458639
Summary: KWallet: non-unique renames via old API cause items
loss in Secret Service API
Product: frameworks-kwallet
Version: 5.97.0
Platform: Neon Packages
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: va...@kde.org
Reporter: mk.mat...@gmail.com
CC: kdelibs-b...@kde.org
Target Milestone: ---
Created attachment 151784
--> https://bugs.kde.org/attachment.cgi?id=151784&action=edit
Helper script to list items in DBus `org.freedesktop.secrets` API.
SUMMARY
When passwords are renamed non-uniquely in KWalletManager (or presumably via
`org.kde.kwalletd5` API), they appear missing in via DBus
`org.freedesktop.secrets` API and in Seahorse (and presumably in other Secret
Service clients).
STEPS TO REPRODUCE
Create a blowfish wallet in KWalletManager (a GPG wallet should act the same,
but not tested). While observing in Seahorse and DBus, edit as follows in
KWalletManager:
1. Create a password "test".
2. Create a 2nd password "test2".
3. Attempt to rename "test2" to "test" (KWalletManager refuses).
4. Restart Seahorse and KWalletManager.
5. Attempt to rename "test2" to "test3".
6. Restart Seahorse and KWalletManager again.
OBSERVED RESULT
1. Created sussessfully, immediately shows up in Seahorse. Shows up via DBus
`org.freedesktop.secrets` API.
2. Likewise, created successfully and shows up.
3. KWalletManager refuses the rename, no changes shown in Seahorse.
4. Seahorse shows duplicated entry "test", and no "test2" entry. Same via DBus
`org.freedesktop.secrets` API. KWalletManager correctly shows "test" and
"test2".
5. Rename succeeds in KWalletManager, no change in Seahorse and
`org.freedesktop.secrets` API (still duplicated "test", missing "test2" and
"test3").
6. KWalletManager correctly shows "test" and "test3"; Seahorse and
`org.freedesktop.secrets` API still show duplicated "test", missing "test2" and
"test3".
EXPECTED RESULT
All changes should be reflected correctly in Seahorse and
`org.freedesktop.secrets` API:
1. "test" should show up.
2. "test" and "test2" should show up.
3. "test2" should remain as is (and "test" too).
4. "test" and "test2" should show up as before.
5. "test2" should be renamed to "test3" and show up correctly, "test" should
remain as is and not duplicated.
6. "test" and "test3" should show up with no duplications.
SOFTWARE/OS VERSIONS
Seahorse 3.36-1
KWalletManager 22.08.0
KDE Frameworks Version: 5.97.0
KDE Plasma Version: 5.25.4
Qt Version: 5.15.5
ADDITIONAL INFORMATION
My guess is that the Secret Service implementation attempts to follow the
rename commands from the old API (`org.kde.kwalletd5`), but doesn't enforce the
same uniqueness rules as KWalletManager.
It should instead just list the items from `org.kde.kwalletd5` as they are
(read-only), and let the `org.kde.kwalletd5` backend handle renames for those
items.
Likewise for deletes -
https://invent.kde.org/frameworks/kwallet/-/merge_requests/11#note_432567 :
> I did notice while poking around with Seahorse and KWalletManager that
> if I delete a password entry in KWalletManager Seahorse updates immediately
> and the corresponding entry also disappears, but if I delete the folder
> instead
> then Seahorse doesn't notice, and it doesn't disappear even if I restart
> Seahorse.
(I didn't open a separate bug for deletion, since it seems a less likely
edge-case, and can probably be handled by the same fix.)
--
You are receiving this mail because:
You are watching all bug changes.
