Create Task
Maniphest T1678

Credential storage
Closed, ResolvedPublic
Actions

Description

We'll need to store various credentials to gain access to the servers we want to communicate with (mostly in Sink, but potentially also outside of it).
We therefore need a way to store those credentials in a somewhat secure manner.

Traditionally we'd be using the local wallets, which means we need to support multiple solutions. Recent developments move towards libaccounts/libsso to manage credentials and authentication centrally, but that approach seems entirely unportable.

Realistically we'll need to integrate with various solutions (platform specific keyrings).

As a first step we can build something that allows to request a password, that will in the first iteration simply request it from the user. We can then subsequently add support for other mechanisms.

Related Objects
Search...

cmollekopf added a comment.May 30 2016, 3:38 PM

Use kwallet for the time being...

cmollekopf triaged this task as Normal priority.May 30 2016, 3:43 PM
mbohlender moved this task from Milestone: Basic Mail Client to 0.1 on the Kube board.Nov 8 2016, 1:24 PM
mbohlender edited projects, added Kube (0.1); removed Kube.
cmollekopf moved this task from 0.1 to 0.2 on the Kube board.Feb 10 2017, 9:44 AM
cmollekopf edited projects, added Kube (0.2); removed Kube (0.1).
cmollekopf moved this task from 0.2 to Backlog on the Kube board.Feb 21 2017, 12:39 PM
cmollekopf edited projects, added Kube; removed Kube (0.2).
cmollekopf added a comment.Mar 17 2017, 4:09 PM

I think there are two approaches to this:

  • The resource requests the password from another service (so i.e. directly interfaces with kwallet or so....)
  • The application provides the password for the resource:
    • The resource emits a notification that it requires a password
    • The application provides the password through another command (after requesting it from the user or a wallet)
    • The resource holds the password in-memory for its lifetime (which might be very short or also longer).
cmollekopf added a comment.Apr 13 2017, 11:58 AM

In it's most basic form Kube should request the password from the user, hold it in memory, and pass it to the resource which will itself hold it in memory. This way the password will need to be entered every time kube is started, but not every time the resource is started. The password will only remain in memory and in no configuration file.

As an improvement from this, Kube can then store/load the password from an available keyring (e.g. through qtkeychain).

This will require a protocol between application and resource where:

  • The resource notifies that it requires a secret
  • The application reacts to that notification by requesting the secret somehow and providing it to the resource
  • The application directly providing the secret if it already has the secret available.

OAuth/OAuth2 or any other token based mechanism could work similarly in that the resource has to ask kube to i.e. visit some url to perform authentication. The resource could then probably hold on to the token directly though.

cmollekopf added a comment.Apr 20 2017, 5:55 AM

As a second step we could start using the gpg key that we will setup with every account to encrypt credentials. This would serve as a portable, but kube specific keyring.

cmollekopf moved this task from Backlog to 0.5 on the Kube board.Aug 25 2017, 8:44 PM
cmollekopf edited projects, added Kube (0.5); removed Kube.
cmollekopf added a comment.Sep 8 2017, 7:09 AM

First implementation:

  • Client registers a callback with libsink to provide the password.
  • Resources send a command requesting the password and wait with logging in until the password is available.
  • Callback provides requested password by sending it via command to resource.
  • The resource caches the password in-memory for duration of process
  • The client caches the password in-memory for the duration of the process (because resources can die in-between).
  • The client simply requests the password from the user on every start.
cmollekopf moved this task from Backlog to In Progress on the Kube (0.5) board.Sep 18 2017, 6:08 AM
cmollekopf added a comment.Sep 26 2017, 10:32 AM

What we have now is that the password get's cached locally and is distributed to resource. What we miss is:

  • Secure storage of the passphrase (so you can unlock a seperate keyring instead)*
  • A password dialog that deals with accounts that require multiple passwords
  • A sane mechanism that deals with the multi-account situation. Right now we just move into the login screen whenever we activate an account that has a locked keyring, and the login screen cannot be escaped. For proper multi-account support we probably want to make this more opt-in:
    • An account could in principle be usable without password, just offline only. Whether that is useful is questionable though, it probably makes sense to keep unlocking the keyring a requirement for access (this will then also work if we decided to actually encrypt local caches etc).
    • Right now the account switcher is inside the mail-view which, cannot be accesses from the login screen. Either the account switcher needs to change, or the login screen needs to get an account switcher.
cmollekopf moved this task from In Progress to Done on the Kube (0.5) board.Nov 23 2017, 4:19 PM
cmollekopf closed subtask T7147: Deal with wrong credentials as Resolved.Jan 10 2018, 4:28 PM
cmollekopf closed this task as Resolved.
cmollekopf claimed this task.