For some reason I wasn't able to specify the version of Smb4k, 3.2.5.

Thank you for reporting this. Actually, this is on my TODO list. I wanted to implement this in version 4.1. But now I think I will do it in 4.0 that is due this year. (There is already preliminary work present in the repo.)

Git commit 9ce91398edbe5501a9f6e49fcdac9b0c5d086692 by Alexander Reinholdt.
Committed on 30/05/2024 at 08:54.
Pushed by areinholdt into branch 'master'.

The login credentials are now stored using QtKeychain. This allows the usage of other secure
storage solutions apart from KWallet.

Since QtKeychain does not provide access to all login credentials Smb4K stored, we lost the
capability to edit the login credentials in the configuration dialog. You need to use the
respective editor program (i.e. kwalletmanager, KeePassXC, ...) to edit or remove the login
credentials.

The default login now has become profile-dependent. It can be defined directly in the
configuration dialog and is automatically changed when the user changed the active profile.

M  +5    -0    CMakeLists.txt
M  +2    -2    core/CMakeLists.txt
M  +0    -15   core/smb4k.kcfg
M  +7    -150  core/smb4k.notifyrc
D  +0    -158  core/smb4kauthinfo.cpp
D  +0    -125  core/smb4kauthinfo.h
M  +2    -2    core/smb4kclient.cpp
M  +5    -5    core/smb4kclient_p.cpp
A  +399  -0    core/smb4kcredentialsmanager.cpp     [License: GPL(v2.0+)]
A  +158  -0    core/smb4kcredentialsmanager.h     [License: GPL(v2.0+)]
M  +2    -1    core/smb4khost.cpp
M  +4    -5    core/smb4kmounter.cpp
M  +1    -1    core/smb4kmounter.h
M  +13   -28   core/smb4knotification.cpp
M  +8    -13   core/smb4knotification.h
M  +2    -1    core/smb4kshare.cpp
D  +0    -386  core/smb4kwalletmanager.cpp
D  +0    -165  core/smb4kwalletmanager.h
M  +6    -6    smb4k/smb4kconfigdialog.cpp
M  +57   -331  smb4k/smb4kconfigpageauthentication.cpp
M  +24   -115  smb4k/smb4kconfigpageauthentication.h
M  +0    -31   smb4k/smb4kmainwindow.cpp
M  +0    -8    smb4k/smb4kmainwindow.h
M  +1    -2    smb4k/smb4knetworkbrowserdockwidget.cpp
M  +6    -6    smb4k/smb4kpassworddialog.cpp
M  +1    -1    smb4k/smb4kpassworddialog.h

https://invent.kde.org/network/smb4k/-/commit/9ce91398edbe5501a9f6e49fcdac9b0c5d086692

(In reply to Alexander Reinholdt from comment #3)
> Git commit 9ce91398edbe5501a9f6e49fcdac9b0c5d086692 by Alexander Reinholdt.
> Committed on 30/05/2024 at 08:54.
> Pushed by areinholdt into branch 'master'.
> 
> The login credentials are now stored using QtKeychain. This allows the usage
> of other secure
> storage solutions apart from KWallet.
> 
> Since QtKeychain does not provide access to all login credentials Smb4K
> stored, we lost the
> capability to edit the login credentials in the configuration dialog. You
> need to use the
> respective editor program (i.e. kwalletmanager, KeePassXC, ...) to edit or
> remove the login
> credentials.

Would libsecret have been a better option for enumeration or could the way secrets are stored be a collection of all top provide a workaround for QtKeychain?

*to provide

(In reply to Odin Vex from comment #4)
> Would libsecret have been a better option for enumeration or could the way
> secrets are stored be a collection of all top provide a workaround for
> QtKeychain?

Actually, it also annoys me a bit that QtKeychain cannot provide the list of all login credentials Smb4K saved. However, since QtKeychain is commonly used in KDE applications and has a very simple API, I decided to use it instead of any other solution. I don't know whether libsecret would have been the better option. I only had a short glimpse at it.

If I understand correctly, you suggest to save the login credentials as one data object (collection) into the secret storage. As far as I can see that won't work, because QtKeychain only allows saving key/value pairs (strings).

> If I understand correctly, you suggest to save the login credentials as one
> data object (collection) into the secret storage. As far as I can see that
> won't work, because QtKeychain only allows saving key/value pairs (strings).

Key: "smb4k", Value: "SerializedArray" would work. One key, "smb4k" (since this is per user already). The value is a serialized array.

Note that serialized is just a placeholder for abstraction. The value can be "MountURIA:PasswordForThisServer
MountURIB:PasswordForThatServer
MountURIC:PasswordForThatServer
MountURID:PasswordForThatServer" etc.

(In reply to Odin Vex from comment #7)
> Key: "smb4k", Value: "SerializedArray" would work. One key, "smb4k" (since
> this is per user already). The value is a serialized array.

Okay, that's better than the solution I thought about. However, this solution is still quite awkward.

(In reply to Alexander Reinholdt from comment #9)
> (In reply to Odin Vex from comment #7)
> > Key: "smb4k", Value: "SerializedArray" would work. One key, "smb4k" (since
> > this is per user already). The value is a serialized array.
> 
> Okay, that's better than the solution I thought about. However, this
> solution is still quite awkward.

It may be awkward but it's a forward-compatible work-around and I think that's most important. It'd allow editing via GUI, easy updating for a future change (if any)..seems to be the best approach so far.

I thought about the serialized approach and possible alternatives.

I don't like serialized one, because you squeeze all login credentials into one entry and you either have to read it once and store all credentials in memory (i.e. in a hash or map) or you have to read everything each time the program asks for credentials. In any case you have to implement some search logic to pick the right credentials. Similar things are true for writing/saving. This is too much overhead for me.

Another way would be to store the username and password for each server or share separately, but have a list of all network items in the secure storage. After starting to implement this, I did not like it and also decided against it.

I implemented to possibility to edit the authentication information long time ago. Looking back, I almost never used it except defining the default login credentials. If the username or password for a server or share need to be changed, you can do this with/in the password dialog withou even opening the configuration dialog. The default credentials can still be defined there. And when you want to clean up, you can do this with the GUI of the password manager.

So, for the time being, I will leave the code as it is now. If QtKeychains API allows for accessing the list of all login credentials in the future, I will maybe reimplement the functionality.

(In reply to Alexander Reinholdt from comment #11)
> I thought about the serialized approach and possible alternatives.
> 
> I don't like serialized one, because you squeeze all login credentials into
> one entry and you either have to read it once and store all credentials in
> memory (i.e. in a hash or map) or you have to read everything each time the
> program asks for credentials. In any case you have to implement some search
> logic to pick the right credentials. Similar things are true for
> writing/saving. This is too much overhead for me.
That already happens just because we're using credentials.
> Another way would be to store the username and password for each server or
> share separately, but have a list of all network items in the secure
> storage. After starting to implement this, I did not like it and also
> decided against it.
So it's back to storing everything in a file?
> I implemented to possibility to edit the authentication information long
> time ago. Looking back, I almost never used it except defining the default
> login credentials. If the username or password for a server or share need to
> be changed, you can do this with/in the password dialog withou even opening
> the configuration dialog. The default credentials can still be defined
> there. And when you want to clean up, you can do this with the GUI of the
> password manager.
You might not have used it but others may very well have (myself, for example).
> So, for the time being, I will leave the code as it is now. If QtKeychains
> API allows for accessing the list of all login credentials in the future, I
> will maybe reimplement the functionality.
I'd rather see the credentials clear-text in an rc file than this decision. I think I'll just privately fork it and address it using serialization.

> If QtKeychains API allows for accessing the list of all login credentials in the future
The only difference here is that it would be implemented in SMB4K. The value returned would just be deserialized as a string list. SMB4K needs to access any/all credentials just to mount any/all remotes. Frankly, I think trying to use multiple entries in a Secret Service defeats the purpose of management to begin with. One entry per software, credential(s) are returned as a singular entity (be it an entry or a collection of entries). I think it simplifies things and gives the software control when the software is allowed to serialize as desired.

(In reply to Odin Vex from comment #12)
> (In reply to Alexander Reinholdt from comment #11)
> > Another way would be to store the username and password for each server or
> > share separately, but have a list of all network items in the secure
> > storage. After starting to implement this, I did not like it and also
> > decided against it.
> So it's back to storing everything in a file?

No. Everything will be saved in a secure storage (KWallet, Gnome Keyring, etc.). 

> > I implemented to possibility to edit the authentication information long
> > time ago. Looking back, I almost never used it except defining the default
> > login credentials. If the username or password for a server or share need to
> > be changed, you can do this with/in the password dialog withou even opening
> > the configuration dialog. The default credentials can still be defined
> > there. And when you want to clean up, you can do this with the GUI of the
> > password manager.
> You might not have used it but others may very well have (myself, for
> example).

Okay.

> No. Everything will be saved in a secure storage (KWallet, Gnome Keyring, etc.). 
How are credentials for multiple servers stored in a single key:value then without serialization?

(In reply to Odin Vex from comment #15)
> > No. Everything will be saved in a secure storage (KWallet, Gnome Keyring, etc.). 
> How are credentials for multiple servers stored in a single key:value then
> without serialization?

I already had the feeling that there might be a misunderstanding. Maybe on my side. 

The credentials are stored in such a way that, first of all, a secure storage (KWallet, etc.) is used as stated above. Smb4K will create a folder in the secure storage named 'org.kde.smb4k', where the credentials are stored for each network item. The URL is used as 'key', so Smb4K can retrieve the credentials from the secure storage. The username and the password are then stored as the associated value. It is basically the same as with the KWallet-only approach, but with the difference that QtKeychain does not allow me to access the list of all entries in the folder like KWallet did. So, the ability to edit the credentials via the configuration dialog is lost, but everyhing else works as before.

It basically looks like this:

org.kde.smb4k
|-> URL 1: username:password
|-> URL 2: username:password
|-> URL 3: username:password
|-> ...

(In reply to Alexander Reinholdt from comment #17)
> It basically looks like this:
> 
> org.kde.smb4k
> |-> URL 1: username:password
> |-> URL 2: username:password
> |-> URL 3: username:password
> |-> ...

I think the assumption is 'folder/single-entry'. To the best of my knowledge QtKeychain API does not have the concept of 'folders', they're just 'entries', nothing like an array. In KeePassXC, for example, you can manually make your own under an exposed group. It'll just be # entries of key:value, though. Take Tokodon, for example. I have multiple entries of 'Tokodon' for one account. The 'user' has an appended strings of 'access-token' and 'client-secret'. Perhaps you might could try a Tokodon account and see how a typical manager stores it, such as KeePassXC. Maybe it'll help clear up what I'm trying to describe, too.

> (In reply to Odin Vex from comment #18)

In short, you would not see 'org.kde.smb4k', you would see an unorganized list of:

URL1
URL2
URL3

Each would have the username and password.