Closed Bug 278343 Opened 19 years ago Closed 9 months ago

Password Manager should work with KWallet

Categories

(Core Graveyard :: Ports: Qt, enhancement)

Product:
Core Graveyard
Component:
Ports: Qt
Platform:
x86
Linux
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: waldi54, Assigned: zack)

References

(Blocks 1 open bug)

Details

Firefox should integrate better into specific Unix-Desktops (at least KDE and
Gnome) e.g. by using their possibilities to store passwords (KDE uses KWallet
for that purpose, Gnome probably has also a program to do so). Maybe it is
useful to provide different versions with and without support for this feature,
maybe Password Manager is such a small utility that you can keep it in the trunk
and just add support for KWallet - I don't know. Thanks a lot, Firefox is great.
Severity: normal → enhancement
Version: 1.0 Branch → unspecified
I think this belongs in product 'core' component 'Ports: Qt'.
Not something we'd do as a core item, but we don't currently do anything to
integrate with KDE.  Dumping to the Qt port, if there's going to be a qt port
fore firefox, maybe we need a Ports: Qt for bugs like this?
Assignee: bryner → zack
Component: Password Manager → Ports: Qt
Product: Firefox → Core
QA Contact: davidpjames → cbiesinger
Version: unspecified → Trunk
Status: UNCONFIRMED → NEW
Ever confirmed: true
*** Bug 287902 has been marked as a duplicate of this bug. ***
Is it possible to implement this feature as extension? Maybe by replacing existing storage backend for password manager?
QA Contact: cbiesinger → ports-qt
The page referring to this
http://wiki.mozilla.org/Firefox/Feature_Brainstorming:Platform_Integration
mentions GNOME keyring too, but looks like this request addresses only kde.

Should I open a separate bug for GNOME keyring?

Once implemented in FF, Thunderbird will be able to use it too?

Thanks
My main push is for Thunderbird.

I have a dozen mail accounts for various websites and want to use Kwallet to protect those passwords.
this is a must. I want to use kwallet for storing firefox's passwords too.
Product: Core → Core Graveyard
It seems that bug 325351 is a duplicate. My comment there was (I hope it's OK to copy-paste it here):

Voted for this one. I'm not into the code of Firefox, nor KWallet, but wouldn't
it be possible to implement this as an optional security device (Preferences -
Advanced - Encryption - Secutity Devices) in the manner of FIPS which is
already there? (Same goes for Liberty)

Perhaps as an Extension or PlugIn or even a platform specific "mod" that could
come with Linux distros?

Other idea, perhaps solvable as a FF extension:
This wouldn't even have to be a full replacement, but just look, if "KWallet"
is there and ask it for the Master password, enter it automatically and
finished :-) This way, if you'd turn off kwallet or switch to gnome or
use your profile under Windows,... - FF would still work as usual, you just had
to type in your MP again.
There is another bug,

Bug 309807 -  Integrate Password Manager with Gnome Keyring Manager
https://bugzilla.mozilla.org/show_bug.cgi?id=309807

which has already a beta extension as a solution for Gnome keyring. The developed code there should also be useful for this bug, if I find the time I will port that code to use kwallet.

Also a good start is this page:

https://developer.mozilla.org/en/Creating_a_Login_Manager_storage_module

cu
Kwallet integration would be a really important issue? I am using both browsers Konqueror and Firefox frequently. Both have there pros and cons. Having the passwords stored separately is really a pain. 
I see this bug is assigned to the qt-port of Firefox. But is this really still happening. From time to time there is news about this, I fear this wont happen any time soon. But no matter of a qt-port of Firefox, it would be really great to see a Kwallet integration!
KWallet integration is more secure, easier to work with,  and just plain better.
Agreed.  Kwallet is way more secure and better to work with.
There is a Freedesktop project on unifying Passwordmanagers on Linux.
http://lists.freedesktop.org/archives/authentication/2008-October/000001.html
Unfortunately it appears dead, but may be if Firefox people joined in, this could be successfull.
The project is still halfway active. "Recent" discussion has been taking place on the gnome-keyring mailinglist, see http://mail.gnome.org/archives/gnome-keyring-list/2009-March/msg00008.html.

Unfortunately we stalled for the last two months but I'm sure we'll get back to speed once a preliminary spec has been published for discussion. If you find some time, please join the discussion to help shape the outcome to something suitable to the various Mozilla projects as well.
To bring some input into the discussion, I did some research on how to access KWallet. First, no binding to Qt or KDE (as suggested with "Component: Ports: Qt") is required. All communication with KWallet can be done via dbus. As Firefox already uses dbus to communicate with NetworkManager (see toolkit/system/dbus/), no new dependencies have to be introduced.

To query KWallet for passwords for web forms is quite easy, as the following example demonstrates, where the command-line client qdbus (from Qt) is used.
First, we may want to list the wallets (databases for credentials):
# qdbus org.kde.kwalletd /modules/kwalletd org.kde.KWallet.wallets
In my example, only a single wallet exists which is called "mywallet"
Now we can open this wallet to get a numeric handle for further access:
# qdbus org.kde.kwalletd /modules/kwalletd org.kde.KWallet.open mywallet 0 "Mozilla Firefox"
The name "Mozilla Firefox" is given here, as the user may get asked if he/she wants to grant this application access to the wallet.
Let's assume this command line return 123456 as handle. Within a wallet, folders with arbitrary names may exist. Konqueror uses the folder "Form Data" to save password from web forms. This folder contains key-value pairs, where the key is the url and the value is a map. This map contains key-value pairs from the web page, where for each pair the key is the id/name of an input field and the value is the input's value.
# qdbus --literal org.kde.kwalletd /modules/kwalletd org.kde.KWallet.readMap 123456 "Form Data" 'https://bugzilla.mozilla.org/#login' "Mozilla Firefox"
In this example "--literal" is used to force showing the map in a terminal as a sequence of bytes. In my case, the output is as follows:
{0, 0, 0, 2, 0, 0, 0, 34, 0, 66, 0, 117, 0, 103, 0, 122, 0, 105, 0, 108, 0, 108, 0, 97, 0, 95, 0, 112, 0, 97, 0, 115, 0, 115, 0, 119, 0, 111, 0, 114, 0, 100, 0, 0, 0, 24, 0, 97, 0, 97, 0, 97, 0, 97, 0, 97, 0, 97, 0, 97, 0, 97, 0, 97, 0, 97, 0, 97, 0, 97, 0, 0, 0, 28, 0, 66, 0, 117, 0, 103, 0, 122, 0, 105, 0, 108, 0, 108, 0, 97, 0, 95, 0, 108, 0, 111, 0, 103, 0, 105, 0, 110, 0, 0, 0, 50, 0, 102, 0, 105, 0, 115, 0, 99, 0, 104, 0, 101, 0, 114, 0, 64, 0, 117, 0, 110, 0, 105, 0, 120, 0, 45, 0, 97, 0, 103, 0, 46, 0, 117, 0, 110, 0, 105, 0, 45, 0, 107, 0, 108, 0, 46, 0, 100, 0, 101}
First, 4 bytes for the number of elements in the map (here: 2).
Then, the next 4 bytes contain the length of the first element's key (34 Byte), as all strings are encoded as 2-Bytes-per-Character (I guess UTF-16 or similar). The encoded string is "Bugzilla_password". Next follows my 12-char password (24 Bytes), all "a". Followed by "Bugzilla_login" and my email address.

Using dbus instead of linking to some KDE or Qt libraries should lower the threshold to integrate KWallet support in Firefox (or Thunderbird) considerably. Someone familiar with the codebase may be able to hack a proof-of-concept within a few hours.

I am looking forward to see some progress in this regard... ;-)
Thank you Thomas for your detailed research.
I guess that unfortunately the issues with this bug report are not technical...
Mozilla simply hates KDE and all its related technologies.
That makes my move to a webkit based browser a much easier choice. Thanks for the push, gecko will die.
Thank you for reporting your findings, Thomas. Would it be possible to hack together a Firefox Addon as a proof of concept? Or better yet, a patch to core?
(In reply to comment #18)
> Thank you for reporting your findings, Thomas. Would it be possible to hack
> together a Firefox Addon as a proof of concept? Or better yet, a patch to core?
As I stated in my post, I'm not familiar with the code and currently do not have the time to familiarize myself with it. Sorry...
@Dotan: People from KDE and Gnome are working on a common standard for saving passwords. Maybe you contact them, they may be able to help to implement the new standard, which might be better then implementing Kwallet integration as it is:
Here is there mailing list: http://lists.freedesktop.org/mailman/listinfo/authentication
> People from KDE and Gnome are working on a common
> standard for saving passwords.

Thread here:
http://lists.freedesktop.org/archives/authentication/2009-November/000129.html
Hi there, I have recently post a Firefox extension that make Firefox use KWallet as password back-end, I hope you like it, and I would like to hear your suggestions:

https://addons.mozilla.org/es-ES/firefox/addon/49357/
Blocks: 140751
http://standards.freedesktop.org/secret-service/
In KDE case KSecretService is available since KDE 4.8.

So probably Firefox doesn't need to support KWallet anymore.
any progress here? The plugin is unmaintained and not usable with KF5.
There is a KF5 version of the plugin. But it's unsigned, which is a bit problematic with the current Firefox security policy. It would certainly be nice if this was integrated into either the Firefox core or kmozillahelper.
the KF5 version keeps crashing my Firefox (ESR) here on 3 different PC. Therefore it is also not working (tried it two month ago or so)
It doesn't crash here (openSUSE Tumbleweed, Firefox 43.0.3).
Is a plugin still an option for WebExtensions-Only-FF (i.e. FF57 and above)? I.e. does the plugin have to make use of functionality that is outside of the scope of WebExtensions?
guillermo adrian molina @hotmail.com  's plugin works nicely here. But since his homepage is broken one does not have access to the source, so its hard to answer that, Mr Schäfer.

Considering the password manager work being done now, and that libsecret and the secret storage spec exists, perhaps this bug should be tracked as a feature for the ongoing password manager work as a dependency

just the ability to store at least the master password in kwallet or gnome-keyring so firefox doesnt need to ask for it every time you run firefox would be nice

I could edit the bug references to add a "see also" so I'm posting it here to let every CCs know there's a more recent bugreport that could be of interest to support KWallet. See bug 1586072.

This bug lies at rest in the graveyard.

Status: NEW → RESOLVED
Closed: 9 months ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.