From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 30111 invoked by alias); 3 Dec 2011 21:31:16 -0000 Received: (qmail 30095 invoked by uid 22791); 3 Dec 2011 21:31:14 -0000 X-SWARE-Spam-Status: No, hits=-1.9 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE X-Spam-Check-By: sourceware.org Received: from mho-03-ewr.mailhop.org (HELO mho-01-ewr.mailhop.org) (204.13.248.66) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Sat, 03 Dec 2011 21:30:49 +0000 Received: from pool-173-76-42-41.bstnma.fios.verizon.net ([173.76.42.41] helo=cgf.cx) by mho-01-ewr.mailhop.org with esmtpa (Exim 4.72) (envelope-from ) id 1RWxAW-0002aQ-GO for cygwin@cygwin.com; Sat, 03 Dec 2011 21:30:48 +0000 Received: from localhost (ednor.casa.cgf.cx [192.168.187.5]) by cgf.cx (Postfix) with ESMTP id AEEDA13C0D3 for ; Sat, 3 Dec 2011 16:30:47 -0500 (EST) X-Mail-Handler: MailHop Outbound by DynDNS X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information) X-MHO-User: U2FsdGVkX18d64B5B33C6LxCoUuUXDiE Date: Sat, 03 Dec 2011 21:31:00 -0000 From: Christopher Faylor To: cygwin@cygwin.com Subject: Re: gnome-keyring bug in snapshots Message-ID: <20111203213047.GA24925@ednor.casa.cgf.cx> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <20111203184459.GA21371@ednor.casa.cgf.cx> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20111203184459.GA21371@ednor.casa.cgf.cx> User-Agent: Mutt/1.5.20 (2009-06-14) Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com X-SW-Source: 2011-12/txt/msg00050.txt.bz2 On Sat, Dec 03, 2011 at 01:44:59PM -0500, Christopher Faylor wrote: >On Tue, Nov 29, 2011 at 09:19:10PM -0600, Yaakov (Cygwin/X) wrote: >>For some time now, snapshots have displayed a bug wrt gnome-keyring, >>namely that passwords don't "register" when entered. This wreaks >>havoc on the GNOME desktop where so many programs rely on >>gnome-keyring. >> >>This is easy to reproduce, but requires xorg-server, dbus, >>gnome-keyring, and openssh. At a new terminal: >> >>$ XWin -multiwindow &>/dev/null & >>$ export DISPLAY=:0 >>$ eval `dbus-launch --sh-syntax` >>$ export `gnome-keyring-daemon --start --components=ssh` >>$ ssh USER@HOSTNAME >>(Enter password for ssh key in GUI prompt) >> >>What should happen (and does with 1.7.9) is a successful login. WIth >>the 20111129 snapshot, the following message is displayed on the >>terminal: >> >>Agent admitted failure to sign using the key. >> >>(which AFAIK comes from ssh) and the gnome-keyring prompt asks for the >>password to the next private key listed in ~/.ssh/config (even if its >>the wrong key for HOSTNAME). Subsequent logins do succeed, however. >>This does not occur with ssh-agent(1). >> >>Frankly, I'm a little baffled by this one, but a non-working GNOME >>desktop is really keeping me from testing the snapshots for any length >>of time. > >I'm looking at this now. strace output led me to starting syslog to see what gnome-keyring-daemon was complaining about. I'm seeing this: Dec 3 16:22:55 norton gnome-keyring-daemon: PID 1136: couldn't set environment variable in session: The name org.gnome.SessionManager was not provided by any .service files Dec 3 16:22:55 norton gnome-keyring-daemon: PID 1136: couldn't set environment variable in session: The name org.gnome.SessionManager was not provided by any .service files Dec 3 16:22:56 norton gnome-keyring-daemon: PID 1136: couldn't allocate secure memory to keep passwords and or keys from being written to the disk Dec 3 16:22:56 norton gnome-keyring-daemon: PID 1136: unsupported key algorithm in certificate: 1.2.840.10045.2.1 Dec 3 16:22:56 norton last message repeated 4 times Dec 3 16:22:56 norton gnome-keyring-daemon: PID 1136: couldn't parse certificate data Dec 3 16:22:56 norton gnome-keyring-daemon: PID 1136: couldn't parse certificate(s): /usr/ssl/certs/ca-bundle.trust.crt Dec 3 16:22:56 norton gnome-keyring-daemon: PID 1136: couldn't parse certificate data Dec 3 16:22:56 norton gnome-keyring-daemon: PID 1136: couldn't parse certificate(s): /usr/ssl/certs/README.RootCerts Dec 3 16:22:56 norton sshd: PID 724: Address ::1 maps to norton, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Dec 3 16:22:56 norton gnome-keyring-prompt: Pango: No such file or directory Dec 3 16:22:57 norton gnome-keyring-prompt: couldn't allocate secure memory to keep passwords and or keys from being written to the disk Dec 3 16:22:59 norton gnome-keyring-daemon: PID 1136: GLib: Failed to read from child watch wake up pipe: Interrupted system call Dec 3 16:22:59 norton gnome-keyring-daemon: PID 1136: gku_prompt_get_response: assertion `self->pv->output' failed According to strace, the "couldn't allocate secure memory..." messages seems to be caused by this: gnome-keyring-daemon 3820 seterrno_from_nt_status: /cygnus/src/uberbaum/winsup/cygwin/mmap.cc:1399 status 0xC0000061 That is coming from mlock() which hasn't changed in months. The status above translates to: STATUS_PRIVILEGE_NOT_HELD and that is coming from NtLockVirtualMemory() . Yaakov or Corinna does any of the above mean anything to you? cgf -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple