[Bug 59468] gnome keyring secrets can not be accessed after reboot

Wed Jan 16 15:58:04 CET 2013

https://bugs.freedesktop.org/show_bug.cgi?id=59468

--- Comment #1 from Simon McVittie <simon.mcvittie at collabora.co.uk> ---
Modern versions of both Empathy and KDE-Telepathy implement a
SASLAuthentication channel handler[1], which means MC never needs to store (or
see) your password. Ideally, Sugar should do the same, one day. I realise
that's not something that can be implemented instantly, though.

[1]
http://telepathy.freedesktop.org/spec/Channel_Interface_SASL_Authentication.html

The Empathy implementation of SASLAuthentication also uses gnome-keyring, and
will automatically migrate accounts' passwords from MC's gnome-keyring "schema"
to its own. Until recently, a MC bug broke that migration (Bug #42088) which is
why MC now has code to recover from that bug.

Eventually, Mission Control will stop storing passwords in gnome-keyring, and
just store them in clear-text (if told to store them at all). This is not
really a security regression, given that a password stored in MC can be
retrieved from it over D-Bus by getting the value of the Parameters property...

However, at the moment its behaviour is inconsistent:

* if asked to store a password (by putting {"password": "s3kr1t"} in
Parameters), it will store it in gnome-keyring;
* but on subsequent startups, it will behave as if that password had not been
stored in gnome-keyring.

You could try having it only ignore the stored password if Empathy's automatic
migration has taken place, like this:

 if (empathy_ok == GNOME_KEYRING_RESULT_OK &&
     empathy_items != NULL)
   {
     KeyringSetData *ksd = g_slice_new0 (KeyringSetData);

     DEBUG ("An Empathy 3.0 password migration wasn't finished "
           "due to fd.o #42088. Finishing it now by deleting the "
            "password for %s", account);

     ksd->account = g_strdup (account);
     ksd->name = g_strdup ("password");
     ksd->set = FALSE;

     gnome_keyring_delete_password (&keyring_schema,
                                    _keyring_set_cb, ksd, NULL,
                                    "account", account,
                                    "param", "password",
                                    NULL);
+
+    /* behave as if it had already been deleted, i.e. we never
+     * actually found it... */
+    param = NULL;
+    value = NULL;
   }

 gnome_keyring_found_list_free (empathy_items);

-/* behave as if it had already been deleted, i.e. we never
- * actually found it... */
-param = NULL;
-value = NULL;

A regression test would also be very welcome.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.