Bug 1267570
Summary: | Storing passwords in default unlocked login keyring no longer works | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Severin Gehwolf <sgehwolf> | ||||||
Component: | libgnome-keyring | Assignee: | Matthias Clasen <mclasen> | ||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | unspecified | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 23 | CC: | adrian.rosian, debarshir, james.hogarth, jan.vesely, mclasen, omajid, stefw, thughes, tsnoam | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2016-11-24 14:36:36 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Severin Gehwolf
2015-09-30 12:31:12 UTC
Created attachment 1078613 [details]
Non-functional reproducer (libgnome-keyring-store-password.tar)
Created attachment 1078614 [details]
working solution using libsecret (libsecret-store-password.tar)
This appears to be affecting other utilities such as git as well. 1) git config --global credential.helper gnome-keyring 2) Access a system that should have have credentials stored (git clone https://user@my.git.repo.example.com/foo.git test-foo) 3) Watch it hang rather than actually store/obtain the credentials from the keyring An example under ltrace demonstrating this behaviour: [hogarthj@hoglaptop gnome-keyring]$ ltrace /usr/libexec/git-core/git-credential-gnome-keyring store __libc_start_main([ "/usr/libexec/git-core/git-creden"..., "store" ] <unfinished ...> g_set_application_name(0x401833, 0x7fff558723a8, 0x7fff558723c0, 32) = 0x23cbe30 strcmp("store", "get") = 12 strcmp("store", "store") = 0 gnome_keyring_memory_alloc(1024, 0x401891, 0, 44) = 0x7f3950ab4008 fgets(protocol=https "protocol=https\n", 1024, 0x7f3950336900) = 0x7f3950ab4008 strlen("protocol=https\n") = 15 strchr("protocol=https", '=') = "=https" g_free(0, 0x7f3950ab4011, 0, 0) = 0x7f3950ab4010 g_strdup(0x7f3950ab4011, 0x7f3950ab4011, 0, 0) = 0x23cbe50 fgets(server^C <no return ...> --- SIGINT (Interrupt) --- +++ killed by SIGINT +++ [hogarthj@hoglaptop gnome-keyring]$ vi git-credential-gnome-keyring.c [hogarthj@hoglaptop gnome-keyring]$ ltrace /usr/libexec/git-core/git-credential-gnome-keyring store __libc_start_main([ "/usr/libexec/git-core/git-creden"..., "store" ] <unfinished ...> g_set_application_name(0x401833, 0x7ffeb69e2d58, 0x7ffeb69e2d70, 32) = 0x12b1e30 strcmp("store", "get") = 12 strcmp("store", "store") = 0 gnome_keyring_memory_alloc(1024, 0x401891, 0, 44) = 0x7f8a1458f008 fgets(protocol=https "protocol=https\n", 1024, 0x7f8a13e11900) = 0x7f8a1458f008 strlen("protocol=https\n") = 15 strchr("protocol=https", '=') = "=https" g_free(0, 0x7f8a1458f011, 0, 0) = 0x7f8a1458f010 g_strdup(0x7f8a1458f011, 0x7f8a1458f011, 0, 0) = 0x12b1e50 fgets(host=testgit.example.com "host=testgit.example.com\n", 1024, 0x7f8a13e11900) = 0x7f8a1458f008 strlen("host=testgit.example.com\n") = 25 strchr("host=testgit.example.com", '=') = "=testgit.example.com" g_free(0, 0x7f8a1458f00d, 0, 0) = 0x7f8a1458f00c g_strdup(0x7f8a1458f00d, 0x7f8a1458f00d, 0, 0) = 0x12b1e70 strrchr("testgit.example.com", ':') = nil fgets(path=/testgit.git "path=/testgit.git\n", 1024, 0x7f8a13e11900) = 0x7f8a1458f008 strlen("path=/testgit.git\n") = 18 strchr("path=/testgit.git", '=') = "=/testgit.git" g_free(0, 0x7f8a1458f00d, 0, 0) = 0x7f8a1458f00c g_strdup(0x7f8a1458f00d, 0x7f8a1458f00d, 0, 0) = 0x12b1e90 fgets(username=testuser "username=testuser\n", 1024, 0x7f8a13e11900) = 0x7f8a1458f008 strlen("username=testuser\n") = 18 strchr("username=testuser", '=') = "=testuser" g_free(0, 0x7f8a1458f011, 0, 0) = 0x7f8a1458f010 g_strdup(0x7f8a1458f011, 0x7f8a1458f011, 0, 0) = 0x12b1eb0 fgets(password=testpass "password=testpass\n", 1024, 0x7f8a13e11900) = 0x7f8a1458f008 strlen("password=testpass\n") = 18 strchr("password=testpass", '=') = "=testpass" gnome_keyring_memory_free(0, 0x7f8a1458f011, 0, 0) = 0x7f8a1458f010 gnome_keyring_memory_strdup(0x7f8a1458f011, 0x7f8a1458f011, 0, 0) = 0x7f8a1458f418 fgets( "\n", 1024, 0x7f8a13e11900) = 0x7f8a1458f008 strlen("\n") = 1 gnome_keyring_memory_free(0x7f8a1458f008, 0x7f8a1458e000, 0x7f8a1458f008, 8) = 0x7f8a141647c0 g_strdup_printf(0x40181a, 0x12b1e70, 0x12b1e90, 4) = 0x12b1f40 gnome_keyring_set_network_password_sync(0, 0x12b1eb0, 0, 0x12b1e70 (In reply to James Hogarth from comment #3) > This appears to be affecting other utilities such as git as well. > > 1) git config --global credential.helper gnome-keyring > 2) Access a system that should have have credentials stored (git clone > https://user@my.git.repo.example.com/foo.git test-foo) > 3) Watch it hang rather than actually store/obtain the credentials from the > keyring I can confirm the exact same behavior. Is there any way to fix this/use an alternative until it's fixed? Same issue here as a workaround for the time being I am using: git config --global credential.helper 'cache --timeout=86400' (In reply to Tim Hughes from comment #6) > Same issue here > > as a workaround for the time being I am using: > > git config --global credential.helper 'cache --timeout=86400' Thank you, I will try it. I have written a helper that works with libsecret https://github.com/timhughes/git-credential-libsecret Feel free to send pull requests fir issues FYI on Fedora 24 this works again
rb:system|[james@james-lap gnome_keyring_test]$ ls
Makefile store_password.c
rb:system|[james@james-lap gnome_keyring_test]$ make
gcc -g -Wall `pkg-config --cflags gnome-keyring-1` store_password.c -o store_password `pkg-config --libs gnome-keyring-1`
store_password.c: In function ‘main’:
store_password.c:34:5: warning: ‘gnome_keyring_store_password_sync’ is deprecated: Use 'secret_password_store_sync' instead [-Wdeprecated-declarations]
GnomeKeyringResult res = gnome_keyring_store_password_sync(&schema,
^~~~~~~~~~~~~~~~~~
In file included from store_password.c:9:0:
/usr/include/gnome-keyring-1/gnome-keyring.h:483:26: note: declared here
GnomeKeyringResult gnome_keyring_store_password_sync (const GnomeKeyringPasswordSchema* schema,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
rb:system|[james@james-lap gnome_keyring_test]$ ls
Makefile store_password store_password.c
rb:system|[james@james-lap gnome_keyring_test]$ gdbus call --session --dest org.gnome.keyring \
> --object-path /org/freedesktop/secrets/collection/login \
> --method org.freedesktop.DBus.Properties.Get \
> org.freedesktop.Secret.Collection Locked
(<false>,)
rb:system|[james@james-lap gnome_keyring_test]$ ./store_password
rb:system|[james@james-lap gnome_keyring_test]$ secret-tool lookup url 'no-matter' username 'test'
testpw
This message is a reminder that Fedora 23 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 23. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '23'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 23 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. Seems fixed on F24 with libgnome-keyring-3.12.0-6.fc24.x86_64. At least I cannot reproduce it there any longer. See also comment 9. |