Bug 1267570 - Storing passwords in default unlocked login keyring no longer works
Storing passwords in default unlocked login keyring no longer works
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: libgnome-keyring (Show other bugs)
23
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Matthias Clasen
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-30 08:31 EDT by Severin Gehwolf
Modified: 2016-11-24 09:36 EST (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-11-24 09:36:36 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Non-functional reproducer (libgnome-keyring-store-password.tar) (10.00 KB, application/x-tar)
2015-09-30 08:33 EDT, Severin Gehwolf
no flags Details
working solution using libsecret (libsecret-store-password.tar) (10.00 KB, application/x-tar)
2015-09-30 08:34 EDT, Severin Gehwolf
no flags Details

  None (edit)
Description Severin Gehwolf 2015-09-30 08:31:12 EDT
DISCLAIMER:
I'm aware that gnome_keyring_store_password_sync() is deprecated API. I'd still expect it to continue to work since it's shipped with F23.

Description of problem:
gnome_keyring_store_password_sync() no longer works for storing passwords in the default login keyring. It seems to hang somewhere in send_with_reply_and_block() in gkr-operation.c

Version-Release number of selected component (if applicable):
libgnome-keyring-3.12.0-5.fc23.x86_64

How reproducible:
100%

Steps to Reproduce:
1. $ sudo dnf install libgnome-keyring-devel
2. $ tar -xf libgnome-keyring-store-password.tar
3. $ make
4. $ gdbus call --session --dest org.gnome.keyring \
   --object-path /org/freedesktop/secrets/collection/login \
   --method org.freedesktop.DBus.Properties.Get \
   org.freedesktop.Secret.Collection Locked
(<false>,)
5. ./store_password

Actual results:
Hangs and never returns.

Expected results:
Stores "testpw" in login keyring and returns 0.

Additional info:
Similar code using libsecret works as expected. See libsecret-store-password.tar. Use:

$ sudo dnf install libsecret-devel
$ tar -xf libsecret-store-password.tar
$ make
$ ./store_password
$ echo $?
0
$ secret-tool lookup url 'no-matter' username 'test'
testpw
Comment 1 Severin Gehwolf 2015-09-30 08:33 EDT
Created attachment 1078613 [details]
Non-functional reproducer (libgnome-keyring-store-password.tar)
Comment 2 Severin Gehwolf 2015-09-30 08:34 EDT
Created attachment 1078614 [details]
working solution using libsecret (libsecret-store-password.tar)
Comment 3 James Hogarth 2015-10-15 07:09:52 EDT
This appears to be affecting other utilities such as git as well.

1) git config --global credential.helper gnome-keyring
2) Access a system that should have have credentials stored (git clone https://user@my.git.repo.example.com/foo.git test-foo)
3) Watch it hang rather than actually store/obtain the credentials from the keyring
Comment 4 James Hogarth 2015-10-15 07:32:04 EDT
An example under ltrace demonstrating this behaviour:

[hogarthj@hoglaptop gnome-keyring]$ ltrace /usr/libexec/git-core/git-credential-gnome-keyring store
__libc_start_main([ "/usr/libexec/git-core/git-creden"..., "store" ] <unfinished ...>
g_set_application_name(0x401833, 0x7fff558723a8, 0x7fff558723c0, 32)                                                                               = 0x23cbe30
strcmp("store", "get")                                                                                                                             = 12
strcmp("store", "store")                                                                                                                           = 0
gnome_keyring_memory_alloc(1024, 0x401891, 0, 44)                                                                                                  = 0x7f3950ab4008
fgets(protocol=https
"protocol=https\n", 1024, 0x7f3950336900)                                                                                                    = 0x7f3950ab4008
strlen("protocol=https\n")                                                                                                                         = 15
strchr("protocol=https", '=')                                                                                                                      = "=https"
g_free(0, 0x7f3950ab4011, 0, 0)                                                                                                                    = 0x7f3950ab4010
g_strdup(0x7f3950ab4011, 0x7f3950ab4011, 0, 0)                                                                                                     = 0x23cbe50
fgets(server^C <no return ...>
--- SIGINT (Interrupt) ---
+++ killed by SIGINT +++
[hogarthj@hoglaptop gnome-keyring]$ vi git-credential-gnome-keyring.c 
[hogarthj@hoglaptop gnome-keyring]$ ltrace /usr/libexec/git-core/git-credential-gnome-keyring store
__libc_start_main([ "/usr/libexec/git-core/git-creden"..., "store" ] <unfinished ...>
g_set_application_name(0x401833, 0x7ffeb69e2d58, 0x7ffeb69e2d70, 32)                                                                               = 0x12b1e30
strcmp("store", "get")                                                                                                                             = 12
strcmp("store", "store")                                                                                                                           = 0
gnome_keyring_memory_alloc(1024, 0x401891, 0, 44)                                                                                                  = 0x7f8a1458f008
fgets(protocol=https
"protocol=https\n", 1024, 0x7f8a13e11900)                                                                                                    = 0x7f8a1458f008
strlen("protocol=https\n")                                                                                                                         = 15
strchr("protocol=https", '=')                                                                                                                      = "=https"
g_free(0, 0x7f8a1458f011, 0, 0)                                                                                                                    = 0x7f8a1458f010
g_strdup(0x7f8a1458f011, 0x7f8a1458f011, 0, 0)                                                                                                     = 0x12b1e50
fgets(host=testgit.example.com
"host=testgit.example.com\n", 1024, 0x7f8a13e11900)                                                                                          = 0x7f8a1458f008
strlen("host=testgit.example.com\n")                                                                                                               = 25
strchr("host=testgit.example.com", '=')                                                                                                            = "=testgit.example.com"
g_free(0, 0x7f8a1458f00d, 0, 0)                                                                                                                    = 0x7f8a1458f00c
g_strdup(0x7f8a1458f00d, 0x7f8a1458f00d, 0, 0)                                                                                                     = 0x12b1e70
strrchr("testgit.example.com", ':')                                                                                                                = nil
fgets(path=/testgit.git
"path=/testgit.git\n", 1024, 0x7f8a13e11900)                                                                                                 = 0x7f8a1458f008
strlen("path=/testgit.git\n")                                                                                                                      = 18
strchr("path=/testgit.git", '=')                                                                                                                   = "=/testgit.git"
g_free(0, 0x7f8a1458f00d, 0, 0)                                                                                                                    = 0x7f8a1458f00c
g_strdup(0x7f8a1458f00d, 0x7f8a1458f00d, 0, 0)                                                                                                     = 0x12b1e90
fgets(username=testuser
"username=testuser\n", 1024, 0x7f8a13e11900)                                                                                                 = 0x7f8a1458f008
strlen("username=testuser\n")                                                                                                                      = 18
strchr("username=testuser", '=')                                                                                                                   = "=testuser"
g_free(0, 0x7f8a1458f011, 0, 0)                                                                                                                    = 0x7f8a1458f010
g_strdup(0x7f8a1458f011, 0x7f8a1458f011, 0, 0)                                                                                                     = 0x12b1eb0
fgets(password=testpass
"password=testpass\n", 1024, 0x7f8a13e11900)                                                                                                 = 0x7f8a1458f008
strlen("password=testpass\n")                                                                                                                      = 18
strchr("password=testpass", '=')                                                                                                                   = "=testpass"
gnome_keyring_memory_free(0, 0x7f8a1458f011, 0, 0)                                                                                                 = 0x7f8a1458f010
gnome_keyring_memory_strdup(0x7f8a1458f011, 0x7f8a1458f011, 0, 0)                                                                                  = 0x7f8a1458f418
fgets(
"\n", 1024, 0x7f8a13e11900)                                                                                                                  = 0x7f8a1458f008
strlen("\n")                                                                                                                                       = 1
gnome_keyring_memory_free(0x7f8a1458f008, 0x7f8a1458e000, 0x7f8a1458f008, 8)                                                                       = 0x7f8a141647c0
g_strdup_printf(0x40181a, 0x12b1e70, 0x12b1e90, 4)                                                                                                 = 0x12b1f40
gnome_keyring_set_network_password_sync(0, 0x12b1eb0, 0, 0x12b1e70
Comment 5 Adrian Rosian 2015-11-11 04:00:43 EST
(In reply to James Hogarth from comment #3)
> This appears to be affecting other utilities such as git as well.
> 
> 1) git config --global credential.helper gnome-keyring
> 2) Access a system that should have have credentials stored (git clone
> https://user@my.git.repo.example.com/foo.git test-foo)
> 3) Watch it hang rather than actually store/obtain the credentials from the
> keyring

I can confirm the exact same behavior. Is there any way to fix this/use an alternative until it's fixed?
Comment 6 Tim Hughes 2015-11-11 10:53:53 EST
Same issue here 

as a workaround for the time being I am using: 

    git config --global credential.helper 'cache --timeout=86400'
Comment 7 Adrian Rosian 2015-11-11 11:07:54 EST
(In reply to Tim Hughes from comment #6)
> Same issue here 
> 
> as a workaround for the time being I am using: 
> 
>     git config --global credential.helper 'cache --timeout=86400'

Thank you, I will try it.
Comment 8 Tim Hughes 2016-01-04 13:12:59 EST
I have written a helper that works with libsecret 

https://github.com/timhughes/git-credential-libsecret

Feel free to send pull requests fir issues
Comment 9 James Hogarth 2016-06-08 08:55:33 EDT
FYI on Fedora 24 this works again

rb:system|[james@james-lap gnome_keyring_test]$ ls
Makefile  store_password.c
rb:system|[james@james-lap gnome_keyring_test]$ make
gcc -g -Wall `pkg-config --cflags gnome-keyring-1`   store_password.c -o store_password  `pkg-config --libs gnome-keyring-1`
store_password.c: In function ‘main’:
store_password.c:34:5: warning: ‘gnome_keyring_store_password_sync’ is deprecated: Use 'secret_password_store_sync' instead [-Wdeprecated-declarations]
     GnomeKeyringResult res = gnome_keyring_store_password_sync(&schema,
     ^~~~~~~~~~~~~~~~~~
In file included from store_password.c:9:0:
/usr/include/gnome-keyring-1/gnome-keyring.h:483:26: note: declared here
 GnomeKeyringResult       gnome_keyring_store_password_sync    (const GnomeKeyringPasswordSchema* schema,
                          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
rb:system|[james@james-lap gnome_keyring_test]$ ls
Makefile  store_password  store_password.c
rb:system|[james@james-lap gnome_keyring_test]$  gdbus call --session --dest org.gnome.keyring \
>    --object-path /org/freedesktop/secrets/collection/login \
>    --method org.freedesktop.DBus.Properties.Get \
>    org.freedesktop.Secret.Collection Locked
(<false>,)
rb:system|[james@james-lap gnome_keyring_test]$ ./store_password 
rb:system|[james@james-lap gnome_keyring_test]$ secret-tool lookup url 'no-matter' username 'test'
testpw
Comment 10 Fedora End Of Life 2016-11-24 07:39:50 EST
This message is a reminder that Fedora 23 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 23. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '23'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 23 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.
Comment 11 Severin Gehwolf 2016-11-24 09:36:36 EST
Seems fixed on F24 with libgnome-keyring-3.12.0-6.fc24.x86_64. At least I cannot reproduce it there any longer. See also comment 9.

Note You need to log in before you can comment on or make changes to this bug.