X-Recipient: archive-cygwin@delorie.com
X-SWARE-Spam-Status: No, hits=-1.9 required=5.0	tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE
X-Spam-Check-By: sourceware.org
X-Mail-Handler: MailHop Outbound by DynDNS
X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information)
X-MHO-User: U2FsdGVkX18d64B5B33C6LxCoUuUXDiE
Date: Sat, 3 Dec 2011 16:30:47 -0500
From: Christopher Faylor <cgf-use-the-mailinglist-please@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: gnome-keyring bug in snapshots
Message-ID: <20111203213047.GA24925@ednor.casa.cgf.cx>
Reply-To: cygwin@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
References: <CAGvSfew2TFPGwp=Kq_bkJ0891+vJiAueAd1H+K_SHNimMw0y1Q@mail.gmail.com> <20111203184459.GA21371@ednor.casa.cgf.cx>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20111203184459.GA21371@ednor.casa.cgf.cx>
User-Agent: Mutt/1.5.20 (2009-06-14)
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie.com@cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com

On Sat, Dec 03, 2011 at 01:44:59PM -0500, Christopher Faylor wrote:
>On Tue, Nov 29, 2011 at 09:19:10PM -0600, Yaakov (Cygwin/X) wrote:
>>For some time now, snapshots have displayed a bug wrt gnome-keyring,
>>namely that passwords don't "register" when entered.  This wreaks
>>havoc on the GNOME desktop where so many programs rely on
>>gnome-keyring.
>>
>>This is easy to reproduce, but requires xorg-server, dbus,
>>gnome-keyring, and openssh.  At a new terminal:
>>
>>$ XWin -multiwindow &>/dev/null &
>>$ export DISPLAY=:0
>>$ eval `dbus-launch --sh-syntax`
>>$ export `gnome-keyring-daemon --start --components=ssh`
>>$ ssh USER@HOSTNAME
>>(Enter password for ssh key in GUI prompt)
>>
>>What should happen (and does with 1.7.9) is a successful login.  WIth
>>the 20111129 snapshot, the following message is displayed on the
>>terminal:
>>
>>Agent admitted failure to sign using the key.
>>
>>(which AFAIK comes from ssh) and the gnome-keyring prompt asks for the
>>password to the next private key listed in ~/.ssh/config (even if its
>>the wrong key for HOSTNAME).  Subsequent logins do succeed, however.
>>This does not occur with ssh-agent(1).
>>
>>Frankly, I'm a little baffled by this one, but a non-working GNOME
>>desktop is really keeping me from testing the snapshots for any length
>>of time.
>
>I'm looking at this now.

strace output led me to starting syslog to see what gnome-keyring-daemon
was complaining about.  I'm seeing this:

Dec  3 16:22:55 norton gnome-keyring-daemon: PID 1136: couldn't set environment variable in session: The name org.gnome.SessionManager was not provided by any .service files
Dec  3 16:22:55 norton gnome-keyring-daemon: PID 1136: couldn't set environment variable in session: The name org.gnome.SessionManager was not provided by any .service files
Dec  3 16:22:56 norton gnome-keyring-daemon: PID 1136: couldn't allocate secure memory to keep passwords and or keys from being written to the disk
Dec  3 16:22:56 norton gnome-keyring-daemon: PID 1136: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Dec  3 16:22:56 norton last message repeated 4 times
Dec  3 16:22:56 norton gnome-keyring-daemon: PID 1136: couldn't parse certificate data
Dec  3 16:22:56 norton gnome-keyring-daemon: PID 1136: couldn't parse certificate(s): /usr/ssl/certs/ca-bundle.trust.crt
Dec  3 16:22:56 norton gnome-keyring-daemon: PID 1136: couldn't parse certificate data
Dec  3 16:22:56 norton gnome-keyring-daemon: PID 1136: couldn't parse certificate(s): /usr/ssl/certs/README.RootCerts
Dec  3 16:22:56 norton sshd: PID 724: Address ::1 maps to norton, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Dec  3 16:22:56 norton gnome-keyring-prompt: Pango: No such file or directory
Dec  3 16:22:57 norton gnome-keyring-prompt: couldn't allocate secure memory to keep passwords and or keys from being written to the disk
Dec  3 16:22:59 norton gnome-keyring-daemon: PID 1136: GLib: Failed to read from child watch wake up pipe: Interrupted system call
Dec  3 16:22:59 norton gnome-keyring-daemon: PID 1136: gku_prompt_get_response: assertion `self->pv->output' failed

According to strace, the "couldn't allocate secure memory..." messages
seems to be caused by this:

gnome-keyring-daemon 3820 seterrno_from_nt_status: /cygnus/src/uberbaum/winsup/cygwin/mmap.cc:1399 status 0xC0000061

That is coming from mlock() which hasn't changed in months.

The status above translates to: STATUS_PRIVILEGE_NOT_HELD and that is
coming from NtLockVirtualMemory() .

Yaakov or Corinna does any of the above mean anything to you?

cgf


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple