Bug 1267570

Summary: Storing passwords in default unlocked login keyring no longer works
Product: [Fedora] Fedora Reporter: Severin Gehwolf <sgehwolf>
Component: libgnome-keyringAssignee: Matthias Clasen <mclasen>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 23CC: adrian.rosian, debarshir, james.hogarth, jan.vesely, mclasen, omajid, stefw, thughes, tsnoam
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-24 14:36:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Non-functional reproducer (libgnome-keyring-store-password.tar)
none
working solution using libsecret (libsecret-store-password.tar) none

Description Severin Gehwolf 2015-09-30 12:31:12 UTC
DISCLAIMER:
I'm aware that gnome_keyring_store_password_sync() is deprecated API. I'd still expect it to continue to work since it's shipped with F23.

Description of problem:
gnome_keyring_store_password_sync() no longer works for storing passwords in the default login keyring. It seems to hang somewhere in send_with_reply_and_block() in gkr-operation.c

Version-Release number of selected component (if applicable):
libgnome-keyring-3.12.0-5.fc23.x86_64

How reproducible:
100%

Steps to Reproduce:
1. $ sudo dnf install libgnome-keyring-devel
2. $ tar -xf libgnome-keyring-store-password.tar
3. $ make
4. $ gdbus call --session --dest org.gnome.keyring \
   --object-path /org/freedesktop/secrets/collection/login \
   --method org.freedesktop.DBus.Properties.Get \
   org.freedesktop.Secret.Collection Locked
(<false>,)
5. ./store_password

Actual results:
Hangs and never returns.

Expected results:
Stores "testpw" in login keyring and returns 0.

Additional info:
Similar code using libsecret works as expected. See libsecret-store-password.tar. Use:

$ sudo dnf install libsecret-devel
$ tar -xf libsecret-store-password.tar
$ make
$ ./store_password
$ echo $?
0
$ secret-tool lookup url 'no-matter' username 'test'
testpw

Comment 1 Severin Gehwolf 2015-09-30 12:33:30 UTC
Created attachment 1078613 [details]
Non-functional reproducer (libgnome-keyring-store-password.tar)

Comment 2 Severin Gehwolf 2015-09-30 12:34:14 UTC
Created attachment 1078614 [details]
working solution using libsecret (libsecret-store-password.tar)

Comment 3 James Hogarth 2015-10-15 11:09:52 UTC
This appears to be affecting other utilities such as git as well.

1) git config --global credential.helper gnome-keyring
2) Access a system that should have have credentials stored (git clone https://user@my.git.repo.example.com/foo.git test-foo)
3) Watch it hang rather than actually store/obtain the credentials from the keyring

Comment 4 James Hogarth 2015-10-15 11:32:04 UTC
An example under ltrace demonstrating this behaviour:

[hogarthj@hoglaptop gnome-keyring]$ ltrace /usr/libexec/git-core/git-credential-gnome-keyring store
__libc_start_main([ "/usr/libexec/git-core/git-creden"..., "store" ] <unfinished ...>
g_set_application_name(0x401833, 0x7fff558723a8, 0x7fff558723c0, 32)                                                                               = 0x23cbe30
strcmp("store", "get")                                                                                                                             = 12
strcmp("store", "store")                                                                                                                           = 0
gnome_keyring_memory_alloc(1024, 0x401891, 0, 44)                                                                                                  = 0x7f3950ab4008
fgets(protocol=https
"protocol=https\n", 1024, 0x7f3950336900)                                                                                                    = 0x7f3950ab4008
strlen("protocol=https\n")                                                                                                                         = 15
strchr("protocol=https", '=')                                                                                                                      = "=https"
g_free(0, 0x7f3950ab4011, 0, 0)                                                                                                                    = 0x7f3950ab4010
g_strdup(0x7f3950ab4011, 0x7f3950ab4011, 0, 0)                                                                                                     = 0x23cbe50
fgets(server^C <no return ...>
--- SIGINT (Interrupt) ---
+++ killed by SIGINT +++
[hogarthj@hoglaptop gnome-keyring]$ vi git-credential-gnome-keyring.c 
[hogarthj@hoglaptop gnome-keyring]$ ltrace /usr/libexec/git-core/git-credential-gnome-keyring store
__libc_start_main([ "/usr/libexec/git-core/git-creden"..., "store" ] <unfinished ...>
g_set_application_name(0x401833, 0x7ffeb69e2d58, 0x7ffeb69e2d70, 32)                                                                               = 0x12b1e30
strcmp("store", "get")                                                                                                                             = 12
strcmp("store", "store")                                                                                                                           = 0
gnome_keyring_memory_alloc(1024, 0x401891, 0, 44)                                                                                                  = 0x7f8a1458f008
fgets(protocol=https
"protocol=https\n", 1024, 0x7f8a13e11900)                                                                                                    = 0x7f8a1458f008
strlen("protocol=https\n")                                                                                                                         = 15
strchr("protocol=https", '=')                                                                                                                      = "=https"
g_free(0, 0x7f8a1458f011, 0, 0)                                                                                                                    = 0x7f8a1458f010
g_strdup(0x7f8a1458f011, 0x7f8a1458f011, 0, 0)                                                                                                     = 0x12b1e50
fgets(host=testgit.example.com
"host=testgit.example.com\n", 1024, 0x7f8a13e11900)                                                                                          = 0x7f8a1458f008
strlen("host=testgit.example.com\n")                                                                                                               = 25
strchr("host=testgit.example.com", '=')                                                                                                            = "=testgit.example.com"
g_free(0, 0x7f8a1458f00d, 0, 0)                                                                                                                    = 0x7f8a1458f00c
g_strdup(0x7f8a1458f00d, 0x7f8a1458f00d, 0, 0)                                                                                                     = 0x12b1e70
strrchr("testgit.example.com", ':')                                                                                                                = nil
fgets(path=/testgit.git
"path=/testgit.git\n", 1024, 0x7f8a13e11900)                                                                                                 = 0x7f8a1458f008
strlen("path=/testgit.git\n")                                                                                                                      = 18
strchr("path=/testgit.git", '=')                                                                                                                   = "=/testgit.git"
g_free(0, 0x7f8a1458f00d, 0, 0)                                                                                                                    = 0x7f8a1458f00c
g_strdup(0x7f8a1458f00d, 0x7f8a1458f00d, 0, 0)                                                                                                     = 0x12b1e90
fgets(username=testuser
"username=testuser\n", 1024, 0x7f8a13e11900)                                                                                                 = 0x7f8a1458f008
strlen("username=testuser\n")                                                                                                                      = 18
strchr("username=testuser", '=')                                                                                                                   = "=testuser"
g_free(0, 0x7f8a1458f011, 0, 0)                                                                                                                    = 0x7f8a1458f010
g_strdup(0x7f8a1458f011, 0x7f8a1458f011, 0, 0)                                                                                                     = 0x12b1eb0
fgets(password=testpass
"password=testpass\n", 1024, 0x7f8a13e11900)                                                                                                 = 0x7f8a1458f008
strlen("password=testpass\n")                                                                                                                      = 18
strchr("password=testpass", '=')                                                                                                                   = "=testpass"
gnome_keyring_memory_free(0, 0x7f8a1458f011, 0, 0)                                                                                                 = 0x7f8a1458f010
gnome_keyring_memory_strdup(0x7f8a1458f011, 0x7f8a1458f011, 0, 0)                                                                                  = 0x7f8a1458f418
fgets(
"\n", 1024, 0x7f8a13e11900)                                                                                                                  = 0x7f8a1458f008
strlen("\n")                                                                                                                                       = 1
gnome_keyring_memory_free(0x7f8a1458f008, 0x7f8a1458e000, 0x7f8a1458f008, 8)                                                                       = 0x7f8a141647c0
g_strdup_printf(0x40181a, 0x12b1e70, 0x12b1e90, 4)                                                                                                 = 0x12b1f40
gnome_keyring_set_network_password_sync(0, 0x12b1eb0, 0, 0x12b1e70

Comment 5 Adrian Rosian 2015-11-11 09:00:43 UTC
(In reply to James Hogarth from comment #3)
> This appears to be affecting other utilities such as git as well.
> 
> 1) git config --global credential.helper gnome-keyring
> 2) Access a system that should have have credentials stored (git clone
> https://user@my.git.repo.example.com/foo.git test-foo)
> 3) Watch it hang rather than actually store/obtain the credentials from the
> keyring

I can confirm the exact same behavior. Is there any way to fix this/use an alternative until it's fixed?

Comment 6 Tim Hughes 2015-11-11 15:53:53 UTC
Same issue here 

as a workaround for the time being I am using: 

    git config --global credential.helper 'cache --timeout=86400'

Comment 7 Adrian Rosian 2015-11-11 16:07:54 UTC
(In reply to Tim Hughes from comment #6)
> Same issue here 
> 
> as a workaround for the time being I am using: 
> 
>     git config --global credential.helper 'cache --timeout=86400'

Thank you, I will try it.

Comment 8 Tim Hughes 2016-01-04 18:12:59 UTC
I have written a helper that works with libsecret 

https://github.com/timhughes/git-credential-libsecret

Feel free to send pull requests fir issues

Comment 9 James Hogarth 2016-06-08 12:55:33 UTC
FYI on Fedora 24 this works again

rb:system|[james@james-lap gnome_keyring_test]$ ls
Makefile  store_password.c
rb:system|[james@james-lap gnome_keyring_test]$ make
gcc -g -Wall `pkg-config --cflags gnome-keyring-1`   store_password.c -o store_password  `pkg-config --libs gnome-keyring-1`
store_password.c: In function ‘main’:
store_password.c:34:5: warning: ‘gnome_keyring_store_password_sync’ is deprecated: Use 'secret_password_store_sync' instead [-Wdeprecated-declarations]
     GnomeKeyringResult res = gnome_keyring_store_password_sync(&schema,
     ^~~~~~~~~~~~~~~~~~
In file included from store_password.c:9:0:
/usr/include/gnome-keyring-1/gnome-keyring.h:483:26: note: declared here
 GnomeKeyringResult       gnome_keyring_store_password_sync    (const GnomeKeyringPasswordSchema* schema,
                          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
rb:system|[james@james-lap gnome_keyring_test]$ ls
Makefile  store_password  store_password.c
rb:system|[james@james-lap gnome_keyring_test]$  gdbus call --session --dest org.gnome.keyring \
>    --object-path /org/freedesktop/secrets/collection/login \
>    --method org.freedesktop.DBus.Properties.Get \
>    org.freedesktop.Secret.Collection Locked
(<false>,)
rb:system|[james@james-lap gnome_keyring_test]$ ./store_password 
rb:system|[james@james-lap gnome_keyring_test]$ secret-tool lookup url 'no-matter' username 'test'
testpw

Comment 10 Fedora End Of Life 2016-11-24 12:39:50 UTC
This message is a reminder that Fedora 23 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 23. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '23'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 23 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 11 Severin Gehwolf 2016-11-24 14:36:36 UTC
Seems fixed on F24 with libgnome-keyring-3.12.0-6.fc24.x86_64. At least I cannot reproduce it there any longer. See also comment 9.