[Authentication] Problem with race on create collection

Stef Walter stefw at gnome.org
Sun Sep 12 12:04:00 PDT 2010


When two applications (or two instances of the same app) look for a
certain collection (such as the default collection) and it doesn't
exist, often they'll both try to create that collection.

However our current API does not have a way to handle these race
conditions. In fact each caller of CreateCollection() is guaranteed a
new collection.

Therefore in the above case, the user is prompted twice to create two
collections with the same name, but end up being two different collections.

We can see this with gnome-keyring if a new user has no keyrings after
login (ie: the gnome-keyring pam module is not in use). Multiple
applications try to store passwords, which results in multiple prompts
of the user and multiple keyrings. Not an optimal situation.

One way to fix this in the API, we may want to add a 'Name' property to
org.freedesktop.Secrets.Collection. This property roughly corresponds to
the leaf of the collection's dbus object-path. That is for a collection:

/org/freedesktop/secrets/collection/mytest

The 'Name' property would be 'mytest'

When creating a collection, we pass a set of properties for the new
collection to CreateCollection(). In order to solve the above problem we
(optionally) additionally pass the 'Name' property to CreateCollection().

If such a collection already exists then it is returned instead of
creating a new collection.

Or we could make the spec so an error is returned for 'already exists'.
I'm fine with this either way.

With the above we may need one additional error code:

   org.freedesktop.Secret.Error.BadName:
   For names that are not supported or are bad.

How does that sound?

Cheers,

Stef


More information about the Authentication mailing list