keepassxc/src/fdosecrets
Aetf 0f7b674cbb FdoSecrets: add smarter handling of database unlock requests
This commit implements the following logic:
* If there're already unlocked collections, just use those,
* otherwise, show the unlock dialog until there's an unlocked and exposed collection.

* Fixes #7574
2022-06-04 16:27:18 -04:00
..
dbus FdoSecrest: allow remember decision for future entries 2022-03-21 08:42:17 -04:00
objects FdoSecrets: add smarter handling of database unlock requests 2022-06-04 16:27:18 -04:00
widgets FdoSecrest: allow remember decision for future entries 2022-03-21 08:42:17 -04:00
CMakeLists.txt Replace all crypto libraries with Botan 2021-04-05 22:56:03 -04:00
DatabaseSettingsPageFdoSecrets.cpp Move icon handling from Resources to gui/Icons (#5506) 2020-10-05 20:41:00 -04:00
DatabaseSettingsPageFdoSecrets.h Add Freedesktop.org Secret Storage Spec Server Side API (Fix #1403) 2019-05-12 12:35:42 -04:00
FdoSecretsPlugin.cpp Optimize includes across code base 2021-07-13 22:08:33 -04:00
FdoSecretsPlugin.h Optimize includes across code base 2021-07-13 22:08:33 -04:00
FdoSecretsSettings.cpp FdoSecrets: Implement unlock before search 2021-10-16 22:50:04 -04:00
FdoSecretsSettings.h FdoSecrets: Implement unlock before search 2021-10-16 22:50:04 -04:00
README.md FdoSecrets: reject setting refs via the API (#7043) 2021-10-24 10:22:50 -04:00

Freedesktop.org Secret Storage Spec Server Side API

This plugin implements the Secret Storage specification version 0.2. While running KeePassXC, it acts as a Secret Service server, registered on DBus, so clients like seahorse, python-secretstorage, or other implementations can connect and access the exposed database in KeePassXC.

Configurable settings

  • The user can specify if a database is exposed on DBus, and which group is exposed.
  • Whether to show desktop notification is shown when an entry's secret is retrieved.
  • Whether to confirm for entries deleted from DBus
  • Whether to confirm each entry's access

Implemented Attributes on Item Object

The following attributes are exposed:

Key Value
Title The entry title
UserName The entry user name
URL The entry URL
Notes The entry notes
TOTP The TOTP code if the entry has one

In addition, all non-protected custom attributes are also exposed.

Implementation

  • FdoSecrets::Service is the top level DBus service
  • There is one and only one FdoSecrets::Collection per opened database tab
  • Each entry under the exposed database group has a corresponding FdoSecrets::Item DBus object.

Signal connections

Collection here means the Collection object in code. Not the logical concept "collection" that the user interacts with.

  • Collections are created when a corresponding database tab opened
  • If the database is locked, a collection is still created
  • When the database is unlocked, collection populates its children
  • If the unlocked database's exposed group is none, collection deletes itself
  • If the database's exposed group changes, collection repopulates
  • If the database's exposed group changes to none, collection deletes itself
  • If the database's exposed group changes from none, the service recreates a collection