[plasmashell] [Bug 504312] plasma-nm is now unable to read passwords from KeepassXC-based secret service backend
https://bugs.kde.org/show_bug.cgi?id=504312 David Edmundson changed: What|Removed |Added CC||k...@davidedmundson.co.uk Keywords|regression | -- You are receiving this mail because: You are watching all bug changes.
[plasmashell] [Bug 504312] plasma-nm is now unable to read passwords from KeepassXC-based secret service backend
https://bugs.kde.org/show_bug.cgi?id=504312 John Kizer changed: What|Removed |Added Platform|Other |Fedora RPMs Version First|master |6.3.5 Reported In|| CC||john.ki...@proton.me Component|Networks widget |Networking in general -- You are receiving this mail because: You are watching all bug changes.
[plasmashell] [Bug 504312] plasma-nm is now unable to read passwords from KeepassXC-based secret service backend
https://bugs.kde.org/show_bug.cgi?id=504312 --- Comment #11 from Marco Martin --- (In reply to turtoise from comment #10) > Actually, for me it's the same behaviour, KeePassXC is updating the Network > Management Key correctly. But my system does not seem to ask KeePassXC for > the keys so for me it may be a configuration problem only. if you go in the kwallet systemsettings page, is the "default wallet" set to the one where the password is actually saved? -- You are receiving this mail because: You are watching all bug changes.
[plasmashell] [Bug 504312] plasma-nm is now unable to read passwords from KeepassXC-based secret service backend
https://bugs.kde.org/show_bug.cgi?id=504312 --- Comment #5 from turto...@posteo.de --- Created attachment 181492 --> https://bugs.kde.org/attachment.cgi?id=181492&action=edit DBus traces of entering WiFi password (password removed from traces) -- You are receiving this mail because: You are watching all bug changes.
[plasmashell] [Bug 504312] plasma-nm is now unable to read passwords from KeepassXC-based secret service backend
https://bugs.kde.org/show_bug.cgi?id=504312
--- Comment #10 from turto...@posteo.de ---
(In reply to Marco Martin from comment #8)
> Trying to reproduce i didn't manage to reproduce the problem
>
> in KeepassXC i do get an entry for each wifi network, in the form "Network
> Management/{UUID such as 07ea43b2-..}/802-11-wireless-security" each of
> them contains a value of type {"psk": "pass..."}
>
> NetworkManager seems to be able to access those entries just fine and seems
> to just work.
Actually, for me it's the same behaviour, KeePassXC is updating the Network
Management Key correctly. But my system does not seem to ask KeePassXC for the
keys so for me it may be a configuration problem only.
--
You are receiving this mail because:
You are watching all bug changes.
[plasmashell] [Bug 504312] plasma-nm is now unable to read passwords from KeepassXC-based secret service backend
https://bugs.kde.org/show_bug.cgi?id=504312 --- Comment #6 from michaelk83 --- (In reply to Marco Martin from comment #3) > One ting i noted while using keepassXC is that every entry in the wallet is > separatedly locked, but what should happen in that case is keepassxc popping > up with some gui to unlock when networkmanager tries to access the network That's a good point, but one of the problems with that is that not all the relevant API methods support the Prompt interface. However, KeepPassXC may still try to show an unlock prompt to avoid some other problems. In that case, the call can still time out. See https://gitlab.freedesktop.org/xdg/xdg-specs/-/issues/101 and https://github.com/keepassxreboot/keepassxc/issues/4443 To avoid that, clients should never use `Collection.SearchItems()` with KeePassXC (`Service.SearchItems()` at least has a `locked` output array), and, if possible, should issue an explicit `Unlock()` call before trying any other operations. -- You are receiving this mail because: You are watching all bug changes.
[plasmashell] [Bug 504312] plasma-nm is now unable to read passwords from KeepassXC-based secret service backend
https://bugs.kde.org/show_bug.cgi?id=504312 --- Comment #9 from Marco Martin --- (In reply to michaelk83 from comment #6) > (In reply to Marco Martin from comment #3) > > One ting i noted while using keepassXC is that every entry in the wallet is > > separatedly locked, but what should happen in that case is keepassxc popping > > up with some gui to unlock when networkmanager tries to access the network > > That's a good point, but one of the problems with that is that not all the > relevant API methods support the Prompt interface. However, KeepPassXC may > still try to show an unlock prompt to avoid some other problems. In that > case, the call can still time out. > See https://gitlab.freedesktop.org/xdg/xdg-specs/-/issues/101 and > https://github.com/keepassxreboot/keepassxc/issues/4443 > > To avoid that, clients should never use `Collection.SearchItems()` with > KeePassXC (`Service.SearchItems()` at least has a `locked` output array), > and, if possible, should issue an explicit `Unlock()` call before trying any > other operations. searching is fine, it will get the names and the metadata of the locked value just fine, it will just need an explicit unlock when trying to actually retrieve the secret, which we do. when this happens, i see that for me keepassxc pops up with an authorization dialog -- You are receiving this mail because: You are watching all bug changes.
[plasmashell] [Bug 504312] plasma-nm is now unable to read passwords from KeepassXC-based secret service backend
https://bugs.kde.org/show_bug.cgi?id=504312 --- Comment #7 from michaelk83 --- (In reply to turtoise from comment #5) > Created attachment 181492 [details] > DBus traces of entering WiFi password (password removed from traces) Thanks! What I see from this trace, is: A. The network manager is talking to the old KWallet API (and not directly to Secret Service), as expected currently. B. More `folderUpdated` signals than I'd expect to see, for a bunch of unrelated folders. Might indicate some issue or weird behavior, but probably not related to this bug. C. There are a few attempts to save a password (writeMap), and what looks like one attempt to read it back (readMap), but without the `method return` bits, its hard to tell if any of these are successful or not. I don't see any communication between KWallet and KeePassXC's Secret Service. That's probably due to the trace filter. What I would like to see is the part where plasma-nm is trying (and failing) to read the stored password, including the communication between KWallet and KeePassXC, and with the method return values as well. -- You are receiving this mail because: You are watching all bug changes.
[plasmashell] [Bug 504312] plasma-nm is now unable to read passwords from KeepassXC-based secret service backend
https://bugs.kde.org/show_bug.cgi?id=504312
--- Comment #8 from Marco Martin ---
Trying to reproduce i didn't manage to reproduce the problem
in KeepassXC i do get an entry for each wifi network, in the form "Network
Management/{UUID such as 07ea43b2-..}/802-11-wireless-security" each of
them contains a value of type {"psk": "pass..."}
NetworkManager seems to be able to access those entries just fine and seems to
just work.
Is by change all normal preshared keys or is more complicated wifi
authentication methods?
--
You are receiving this mail because:
You are watching all bug changes.
[plasmashell] [Bug 504312] plasma-nm is now unable to read passwords from KeepassXC-based secret service backend
https://bugs.kde.org/show_bug.cgi?id=504312 turto...@posteo.de changed: What|Removed |Added CC||turto...@posteo.de --- Comment #4 from turto...@posteo.de --- (In reply to michaelk83 from comment #2) > Now that we have a few more users here, it would be good to get some DBus > traces, so we can check if kwalletd is at fault. The relevant interfaces are > org.kde.kwalletd6 , org.kde.KWallet , org.freedesktop.secrets , and > org.kde.secretservicecompat . Or you could filter by path: > /modules/kwalletd6 , /org/freedesktop/secrets , and /ksecretd . > > It would also be good to see your kwalletrc, to check that everything is > configured correctly (or to see how different configurations affect the > behavior). For me, this is the kwalletrc: [KSecretD] Enabled=false [Migration] MigrateTo3rdParty=true WalletsMigratedToSecretService=kdewallet [Wallet] Close When Idle=false Close on Screensaver=false Default Wallet=Passwörter Enabled=true First Use=false Idle Timeout=10 Launch Manager=false Leave Manager Open=false Leave Open=true Prompt on Open=false Use One Wallet=true [org.freedesktop.secrets] apiEnabled=true And i'll add the DBus Traces as attachment. -- You are receiving this mail because: You are watching all bug changes.
[plasmashell] [Bug 504312] plasma-nm is now unable to read passwords from KeepassXC-based secret service backend
https://bugs.kde.org/show_bug.cgi?id=504312 --- Comment #3 from Marco Martin --- One ting i noted while using keepassXC is that every entry in the wallet is separatedly locked, but what should happen in that case is keepassxc popping up with some gui to unlock when networkmanager tries to access the network -- You are receiving this mail because: You are watching all bug changes.
[plasmashell] [Bug 504312] plasma-nm is now unable to read passwords from KeepassXC-based secret service backend
https://bugs.kde.org/show_bug.cgi?id=504312 --- Comment #2 from michaelk83 --- Now that we have a few more users here, it would be good to get some DBus traces, so we can check if kwalletd is at fault. The relevant interfaces are org.kde.kwalletd6 , org.kde.KWallet , org.freedesktop.secrets , and org.kde.secretservicecompat . Or you could filter by path: /modules/kwalletd6 , /org/freedesktop/secrets , and /ksecretd . It would also be good to see your kwalletrc, to check that everything is configured correctly (or to see how different configurations affect the behavior). -- You are receiving this mail because: You are watching all bug changes.
[plasmashell] [Bug 504312] plasma-nm is now unable to read passwords from KeepassXC-based secret service backend
https://bugs.kde.org/show_bug.cgi?id=504312 Dmitry Nezhevenko changed: What|Removed |Added CC||d...@inhex.net -- You are receiving this mail because: You are watching all bug changes.
[plasmashell] [Bug 504312] plasma-nm is now unable to read passwords from KeepassXC-based secret service backend
https://bugs.kde.org/show_bug.cgi?id=504312 Nagy Tamás changed: What|Removed |Added CC||tbondvag...@gmail.com -- You are receiving this mail because: You are watching all bug changes.
[plasmashell] [Bug 504312] plasma-nm is now unable to read passwords from KeepassXC-based secret service backend
https://bugs.kde.org/show_bug.cgi?id=504312 lgmr...@disroot.org changed: What|Removed |Added CC||lgmr...@disroot.org -- You are receiving this mail because: You are watching all bug changes.
[plasmashell] [Bug 504312] plasma-nm is now unable to read passwords from KeepassXC-based secret service backend
https://bugs.kde.org/show_bug.cgi?id=504312 michaelk83 changed: What|Removed |Added See Also||https://bugs.kde.org/show_b ||ug.cgi?id=504358 -- You are receiving this mail because: You are watching all bug changes.
[plasmashell] [Bug 504312] plasma-nm is now unable to read passwords from KeepassXC-based secret service backend
https://bugs.kde.org/show_bug.cgi?id=504312 Nate Graham changed: What|Removed |Added CC||n...@kde.org Summary|plasma-nm is unable to read |plasma-nm is now unable to |passwords from secret |read passwords from |storage backend |KeepassXC-based secret ||service backend Keywords||regression -- You are receiving this mail because: You are watching all bug changes.
