Review Request 120202: [OS X] improvements to the kwallet/OSX keychain integration
René J.V. Bertin
rjvbertin at gmail.com
Sat Jan 3 19:41:36 GMT 2015
This is an automatically generated e-mail. To reply, visit:
(Updated Jan. 3, 2015, 8:41 p.m.)
Review request for KDE Software on Mac OS X and kdelibs.
This version caters to OS X 10.9 and newer which no longer added newly created keychains to the keychain search list. It also introduces a slight change to the internal implementation of wallet folders. OS X will ask access permission to keychain items when an application previously granted permission has been updated (or when a not yet allowed application attempts to access an item), and presents a dialog identifying the item with the field that carries the KWallet folder name. This often lead to series of requests seemingly for the same item (= all entries in the wallet folder). The field in question ("Where" in Keychain Access) now also contains the account name so the access requests are more informative.
I'm still working on (the KDE4-based version of) my OS X keychain backend for kwallet. I'm at a point where I think I can present a work-in-progress in an RR because at least one feature has been improved enough to be of interest for everyone, and also because I could use feedback on how to proceed.
I'm currently focussing on 2 settings that are configured in the kwallet KCM (SystemSettings), and for which I'm working on an implementation not requiring kwalletd and/or DBus.
- idle time closing of wallets. This feature was not supported in the commited version presented in https://git.reviewboard.kde.org/r/119838/ The present patch adds an idleTimer and a shared lastAccessTime member. The idleTimer is reset each time a client performs one of a series of actions that I count as wallet accesses, and before resetting I update the idle timeout value from KConfig. When the timer fires, the elapsed time is compared to the shared last access time, and if it is >= the timeout, the wallet is closed. This applies only to "KDE keychains", so keychains used by OS X applications should not be affected.
- "close when last application exits". This requires maintaining a "user list" which keeps track of what application has what wallet open. I've implemented an "internal" version of such a registry, mapping wallet name to application names and the list of wallets they have open (a list of wallet reference, pid per application name). The registry is functional, but I have not yet decided (read: figured out) how to make a distributed representation of it.
So the work-in-progress concerns the distributed user registry. The idea would be to maintain the registry in shared memory, meaning it'd be reset (= disappear) when the last application exits, contrary to a file which can go stale. This would be simple if QSharedMemory objects could be resized, but apparently they cannot, so I'll have to look at other solutions possibly involving OS X frameworks (NSData and it's non-objectiveC version CFDataRef or CFMutableDataRef might be candidates). Suggestions welcome.
Other work in progress concerns a less wheel-reinventing approach that builds on kwalletd and DBus. I don't see why the code used in `kwallet.cpp` wouldn't work, but I must still misunderstand its finer details. The present patch contains outcommented code that does indeed cause kwalletd to be launched and slots and signals to become visible e.g. in `qdbusviewer`. But they don't work, which in turn makes the whole kwallet layer dysfunctional. Here too feedback is welcome on how what I'm missing and/or how to get this to work.
Once kwalletd works, wallet idle timeout closing and closing when the last client exits should work out-of-the-box, or at least I suppose.
OS X 10.6.8, kdelibs 4.14.2 git/master, KDE/MacPorts 4.12.5 & 4.13.3.
Once finalised, all changes should port easily to KF5's kwallet_mac.cpp .
René J.V. Bertin
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the kde-core-devel