GNOME Bugzilla – Bug 756032
Firefox: could not register secret unlock prompt on session bus: An object is already exported for the interface
Last modified: 2015-10-20 20:32:01 UTC
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800660 Since the update to gnome-keyring 3.18.0, firefox/iceweasel does not like to store/use passwords from gnome-keyring anymore. Things like this appear in the log: > oct. 02 10:04:42 x230-buxy gnome-keyring-daemon[2195]: asked to register item /org/freedesktop/secrets/collection/login/23, but it's already registered > oct. 02 10:05:06 x230-buxy gnome-session[2199]: ** (gnome-shell:2354): CRITICAL **: remove_mnemonics: assertion 'label != NULL' failed > oct. 02 10:05:06 x230-buxy gnome-keyring-daemon[2195]: could not register secret unlock prompt on session bus: Un objet est déjà exporté pour l'interface « org.freedesktop.Secret.Prompt » en « /org/freedesktop/secrets/prompt/p6 » > oct. 02 10:05:06 x230-buxy gnome-keyring-daemon[2195]: GLib-GIO: g_dbus_interface_skeleton_unexport: assertion 'interface_->priv->connections != NULL' failed and firefox stops responding then.
One thing I just noticed, when iceweasel freezes, I can kill the gnome-keyring started by the session (which appears as "/usr/bin/gnome-keyring-daemon --daemonize --login") and it will unfreeze iceweasel and the next time that I login in a password-protected website it will respawn a gnome keyring of its own (and ask me my password to unlock the keyring) and things will work fine from there. The newly spawned gnome-keyring looks like this: /usr/bin/gnome-keyring-daemon --start --foreground --components=secret
Forget my last comment, it's wrong. That was only true because I downgraded gnome-keyring to version 3.16 due to this bug... when I kill gnome-keyring it unlocks Firefox/Iceweasel but things do not work as expected afterwards.
So after having killed gnome-keyring, and trying to access a password-protected websites, with gnome-keyring 3.18, here are the logs generated: oct. 13 09:41:22 x230-buxy iceweasel.desktop[2853]: GnomeKeyringLoginManagerStorage: Exception: gnome_keyring_unlock_sync failed: 4 in undefined oct. 13 09:41:22 x230-buxy iceweasel.desktop[2853]: Gkr-Message: secret service operation failed: Cannot get secret of a locked object oct. 13 09:41:53 x230-buxy dbus-daemon[1895]: Activating service name='org.freedesktop.secrets' oct. 13 09:41:53 x230-buxy gnome-keyring-daemon[22190]: couldn't access control socket: /run/user/1000/keyring/control: No such file or directory oct. 13 09:41:53 x230-buxy org.freedesktop.secrets[1895]: ** Message: couldn't access control socket: /run/user/1000/keyring/control: No such file or directory oct. 13 09:41:53 x230-buxy dbus-daemon[1895]: Successfully activated service 'org.freedesktop.secrets' oct. 13 09:41:53 x230-buxy iceweasel.desktop[2853]: GnomeKeyringLoginManagerStorage: Exception: gnome_keyring_unlock_sync failed: 4 in undefined oct. 13 09:41:53 x230-buxy iceweasel.desktop[2853]: Gkr-Message: secret service operation failed: Cannot get secret of a locked object Despite the messages, the dbus activation seems to work: $ ls -al /run/user/1000/keyring/control srwxr-xr-x 1 rhertzog rhertzog 0 oct. 13 09:41 /run/user/1000/keyring/control $ stat /run/user/1000/keyring/control File: '/run/user/1000/keyring/control' Size: 0 Blocks: 0 IO Block: 4096 socket Device: 28h/40d Inode: 618279 Links: 1 Access: (0755/srwxr-xr-x) Uid: ( 1000/rhertzog) Gid: ( 1000/rhertzog) Access: 2015-10-13 09:41:53.084429337 +0200 Modify: 2015-10-13 09:41:53.084429337 +0200 Change: 2015-10-13 09:41:53.084429337 +0200 Birth: - $ ps aux|grep keyring rhertzog 22190 0.0 0.0 204168 7812 ? SLl 09:41 0:00 /usr/bin/gnome-keyring-daemon --start --foreground --components=secrets $ sudo ls -al /proc/22190/fd [sudo] password for rhertzog: total 0 dr-x------ 2 root root 0 oct. 13 09:45 . dr-xr-xr-x 9 rhertzog rhertzog 0 oct. 13 09:41 .. lr-x------ 1 root root 64 oct. 13 09:45 0 -> /dev/null lrwx------ 1 root root 64 oct. 13 09:45 1 -> socket:[620938] lrwx------ 1 root root 64 oct. 13 09:45 2 -> socket:[620938] lr-x------ 1 root root 64 oct. 13 09:45 3 -> /dev/urandom lrwx------ 1 root root 64 oct. 13 09:45 4 -> socket:[620942] lrwx------ 1 root root 64 oct. 13 09:45 5 -> anon_inode:[eventfd] lrwx------ 1 root root 64 oct. 13 09:45 6 -> socket:[620943] lrwx------ 1 root root 64 oct. 13 09:45 7 -> anon_inode:[eventfd] lrwx------ 1 root root 64 oct. 13 09:45 8 -> anon_inode:[eventfd] lrwx------ 1 root root 64 oct. 13 09:45 9 -> socket:[618278] Strangely none of the open socket seems to match /run/user/1000/keyring/control which (we have a socket with inode number 618278 which is one less than the inode number of /run/user/1000/keyring/control). Seeing the "locked object" error, I unlocked the keyring manually via seahorse and I got this in the log: oct. 13 10:02:46 x230-buxy gnome-keyring-daemon[22190]: couldn't allocate secure memory to keep passwords and or keys from being written to the disk oct. 13 10:02:46 x230-buxy org.freedesktop.secrets[1895]: ** Message: couldn't allocate secure memory to keep passwords and or keys from being written to the disk And now accessing a password protected website works again... the password are pre-filled.
A new recap from a fresh boot with gnome-keyring 3.18.0-4 from Debian Unstable: 1/ when I login, gnome-keyring runs and the keyring is unlocked (at least in seahorse) 2/ when I visit a login page on a password-protected website, iceweasel correctly prefills the password, but when I validate the form it blocks and I see this in the journal: > oct. 13 14:15:34 x230-buxy gnome-session[1795]: ** (gnome-shell:1914): CRITICAL **: remove_mnemonics: assertion 'label != NULL' failed > oct. 13 14:15:34 x230-buxy gnome-keyring-daemon[1777]: could not register secret unlock prompt on session bus: Un objet est déjà exporté pour l'interface « org.freedesktop.Secret.Prompt » en « /org/freedesktop/secrets/prompt/p1 » > oct. 13 14:15:34 x230-buxy gnome-keyring-daemon[1777]: GLib-GIO: g_dbus_interface_skeleton_unexport: assertion 'interface_->priv->connections != NULL' failed 3/ then I kill gnome-keyring and iceweasel gets unblocked and I see this in the journal: > oct. 13 14:16:37 x230-buxy iceweasel.desktop[2880]: Gkr-Message: secret service disappeared while waiting for prompt 4/ If I access a new password-protected page at this point I get this: > oct. 13 14:22:12 x230-buxy dbus-daemon[1820]: Activating service name='org.freedesktop.secrets' > oct. 13 14:22:12 x230-buxy gnome-keyring-daemon[3338]: couldn't access control socket: /run/user/1000/keyring/control: No such file or directory > oct. 13 14:22:12 x230-buxy org.freedesktop.secrets[1820]: ** Message: couldn't access control socket: /run/user/1000/keyring/control: No such file or directory > oct. 13 14:22:12 x230-buxy dbus-daemon[1820]: Successfully activated service 'org.freedesktop.secrets' > oct. 13 14:22:12 x230-buxy iceweasel.desktop[2880]: GnomeKeyringLoginManagerStorage: Exception: gnome_keyring_unlock_sync failed: 4 in undefined > oct. 13 14:22:12 x230-buxy iceweasel.desktop[2880]: Gkr-Message: secret service operation failed: Cannot get secret of a locked object And the password forms do not get prefilled. 5/ I open seahorse and unlock the keyring, I get this: > oct. 13 14:24:00 x230-buxy gnome-session[1795]: ** (gnome-shell:1914): CRITICAL **: remove_mnemonics: assertion 'label != NULL' failed > oct. 13 14:24:03 x230-buxy gnome-keyring-daemon[3338]: couldn't allocate secure memory to keep passwords and or keys from being written to the disk > oct. 13 14:24:03 x230-buxy org.freedesktop.secrets[1820]: ** Message: couldn't allocate secure memory to keep passwords and or keys from being written to the disk 6/ Now I can reload the login page in the browser and the passwords get correctly pre-filled. There's some french in this log, the "Un objet est déjà exporté pour" means "An object is already exported for".
I will add that the latest Debian package 3.18.0-4 has the patches from bug 756006 and from bug 756058 (the latest version) applied.
Sorry, bug 756059, not 756058.
Which do not have any effect on this bug for me, but seemed to have broken other things (pinentry becoming unresponsive and not showing a window anymore, seems like the daemon does not respond)
This is a separate issue from bug 756059. Cosimo, this is a result of the way the GDBus object are registered on the bus. I think you looked at this issue before, do you have a patch for it?
Created attachment 313501 [details] [review] dbus: Fix object path regression from GDBus port Previously objects were only explicitly exported on the bus when they were ready. However now due to GDBus handler connections they are exported earlier. Make sure to export a prompt object before something is exported at the same object path to take its place.
I think I may have found the bug. slomo could you test the attached patch?
Review of attachment 313501 [details] [review]: Looks plausible to me; the other option (probably a bit more typical of a patter) would be to make the export more explicit and add an export() method. ::: daemon/dbus/gkd-secret-prompt.c @@ +209,3 @@ + g_dbus_interface_skeleton_unexport (G_DBUS_INTERFACE_SKELETON (self->pv->skeleton)); + g_signal_handlers_disconnect_by_func (self->pv->skeleton, prompt_method_dismiss, self); + g_signal_handlers_disconnect_by_func (self->pv->skeleton, prompt_method_prompt, self); I don't think you need to manually disconnect these.
Seems to work, thanks!
Attachment 313501 [details] pushed as 7840cb9 - dbus: Fix object path regression from GDBus port
I've pushed this for now, because it fixes a real regression, and there's not a lot of time available. But Cosimo, if you would like to do a follow up and change things in the way you described, that would be fine with me.
This patch will be in 3.18.2
Perfect, thanks Stefan! Dmitry, can you include this patch and the latest version of bug #756059 in the Debian package?
(In reply to Sebastian Dröge (slomo) from comment #16) > Perfect, thanks Stefan! Stef of course, silly autocorrect :) Sorry
(In reply to Sebastian Dröge (slomo) from comment #16) > Perfect, thanks Stefan! > > Dmitry, can you include this patch and the latest version of bug #756059 in > the Debian package? I was under impression that Stef was going to do a 3.18.2 release (and was just waiting for Cosimo's possible followup commit). If there will be a 3.18.2 release soon (i.e. before Monday), I would rather wait for it.
Stef, I just pushed a commit that removes the explicit signal disconnects, but I left the unexport part of the patch alone, as changing approach would not make things much simpler. I am not planning any further changes for this issue, so you can get 3.18.2 underway if you were waiting for me.
3.18.1 with these two patches cherry-picked is now in Debian. I would like to say a big THANKS to Stef, Cosimo and Ray to working on these issues!
Hello, with version 3.18.1-1 from Debian Unstable (which includes the patch of this bug) the message that were reported in the journal have now disappeared but the true problem remains: Iceweasel/Firefox freezes when you login in a password-protected website. I tried to use dbus-monitor to show what happens. The exchange is huge but I paste only the last lines where it likely gets stuck for some reason. :1.1518 is likely iceweasel with the mozilla-gnome-keyring extension (BTW this issues is alredy reported there: https://github.com/swick/mozilla-gnome-keyring/issues/31 ) and :1.10 is likely gnome-keyring ? method call time=1445334994.043156 sender=:1.1518 -> destination=org.freedesktop.secrets serial=497 path=/org/freedesktop/secrets; interface=org.freedesktop.Secret.Service; member=Unlock array [ object path "/org/freedesktop/secrets/aliases/default" ] method return time=1445334994.043328 sender=:1.10 -> destination=:1.1518 serial=2440 reply_serial=497 array [ ] object path "/" method call time=1445334994.043462 sender=:1.1518 -> destination=org.freedesktop.secrets serial=498 path=/org/freedesktop/secrets; interface=org.freedesktop.Secret.Service; member=CreateCollection array [ dict entry( string "org.freedesktop.Secret.Collection.Label" variant string "Par défaut" ) ] string "default" method return time=1445334994.043643 sender=:1.10 -> destination=:1.1518 serial=2441 reply_serial=498 object path "/" object path "/org/freedesktop/secrets/prompt/p5" method call time=1445334994.043729 sender=:1.1518 -> destination=org.freedesktop.secrets serial=499 path=/org/freedesktop/secrets/prompt/p5; interface=org.freedesktop.Secret.Prompt; member=Prompt string "" method return time=1445334994.044052 sender=:1.10 -> destination=:1.1518 serial=2442 reply_serial=499 method call time=1445334994.044067 sender=:1.10 -> destination=org.freedesktop.DBus serial=2443 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=AddMatch string "type='signal',sender='org.freedesktop.DBus',interface='org.freedesktop.DBus',member='NameOwnerChanged',path='/org/freedesktop/DBus',arg0='org.gnome.keyring.SystemPrompter'" method return time=1445334994.044084 sender=org.freedesktop.DBus -> destination=:1.10 serial=50 reply_serial=2443 method call time=1445334994.044116 sender=:1.10 -> destination=org.freedesktop.DBus serial=2444 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=GetNameOwner string "org.gnome.keyring.SystemPrompter" method return time=1445334994.044127 sender=org.freedesktop.DBus -> destination=:1.10 serial=51 reply_serial=2444 string ":1.16" method call time=1445334994.044134 sender=:1.10 -> destination=org.gnome.keyring.SystemPrompter serial=2445 path=/org/gnome/keyring/Prompter; interface=org.gnome.keyring.internal.Prompter; member=BeginPrompting object path "/org/gnome/keyring/Prompt/p15" method call time=1445334994.057575 sender=:1.16 -> destination=org.freedesktop.DBus serial=6230 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=AddMatch string "type='signal',sender='org.freedesktop.DBus',interface='org.freedesktop.DBus',member='NameOwnerChanged',path='/org/freedesktop/DBus',arg0=':1.10'" method return time=1445334994.057610 sender=org.freedesktop.DBus -> destination=:1.16 serial=507 reply_serial=6230 method call time=1445334994.057618 sender=:1.16 -> destination=org.freedesktop.DBus serial=6231 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=GetNameOwner string ":1.10" method return time=1445334994.057633 sender=org.freedesktop.DBus -> destination=:1.16 serial=508 reply_serial=6231 string ":1.10" method return time=1445334994.057650 sender=:1.16 -> destination=:1.10 serial=6232 reply_serial=2445 method call time=1445334994.064412 sender=:1.16 -> destination=:1.10 serial=6233 path=/org/gnome/keyring/Prompt/p15; interface=org.gnome.keyring.internal.Prompter.Callback; member=PromptReady string "" array [ ] string "[sx-aes-1] public=…value-trimmed-out-of-safety… " method return time=1445334994.064582 sender=:1.10 -> destination=:1.16 serial=2446 reply_serial=6233 method call time=1445334994.073349 sender=:1.10 -> destination=org.freedesktop.DBus serial=2447 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=RemoveMatch string "type='signal',sender='org.freedesktop.DBus',interface='org.freedesktop.DBus',member='NameOwnerChanged',path='/org/freedesktop/DBus',arg0='org.gnome.keyring.SystemPrompter'" method return time=1445334994.073372 sender=org.freedesktop.DBus -> destination=:1.10 serial=52 reply_serial=2447 I'm not sure what this prompt is about since the default keyring is unlocked by default...
I must add that I use the dbus-user-session Debian package which runs dbus earlier and only once per user with /run/user/<id>/bus as the dbus socket. Maybe that's the difference with Sebastian Dröge? Also my system is using a French locale (fr_FR.UTF-8) in case it plays any role. I mention it because the dbus log show a Collection.Label of "Par défaut" which is clearly a French string.
FTR I changed the settings of mozilla-gnome-keyring to use explicitly the "login" keyring and then it worked. When it's configured to use the "default" keyring, then it blocks as I described it. Did something change in the way the default keyring is defined?
> FTR I changed the settings of mozilla-gnome-keyring to use explicitly the "login" keyring and then it worked. When it's configured to use the "default" keyring, then it blocks as I described it. > > Did something change in the way the default keyring is defined? Could you file this as a separate bug? It seems to be a different issue (although no doubt one that should be fixed).
(In reply to Raphael Hertzog from comment #21) > method call time=1445334994.043156 sender=:1.1518 -> > destination=org.freedesktop.secrets serial=497 > path=/org/freedesktop/secrets; interface=org.freedesktop.Secret.Service; > member=Unlock > array [ > object path "/org/freedesktop/secrets/aliases/default" > ] > method return time=1445334994.043328 sender=:1.10 -> destination=:1.1518 > serial=2440 reply_serial=497 > array [ > ] > object path "/" So that mozilla-gnome-keyring thing unlocked the default collection successfully ("/" means no prompt is needed)… > method call time=1445334994.043462 sender=:1.1518 -> > destination=org.freedesktop.secrets serial=498 > path=/org/freedesktop/secrets; interface=org.freedesktop.Secret.Service; > member=CreateCollection > array [ > dict entry( > string "org.freedesktop.Secret.Collection.Label" > variant string "Par défaut" > ) > ] > string "default" … And why is it calling CreateCollection after that, especially with an alias that's already taken? That sounds like a client bug to me, not a gnome-keyring bug (though gnome-keyring should probably reject such CreateCollection requests with some meaningful error message).
@Stef, done in bug 756865
(In reply to Dmitry Shachnev from comment #25) > (In reply to Raphael Hertzog from comment #21) > > method call time=1445334994.043156 sender=:1.1518 -> > > destination=org.freedesktop.secrets serial=497 > > path=/org/freedesktop/secrets; interface=org.freedesktop.Secret.Service; > > member=Unlock > > array [ > > object path "/org/freedesktop/secrets/aliases/default" > > ] > > method return time=1445334994.043328 sender=:1.10 -> destination=:1.1518 > > serial=2440 reply_serial=497 > > array [ > > ] > > object path "/" > > So that mozilla-gnome-keyring thing unlocked the default collection > successfully ("/" means no prompt is needed)… I was wrong. The prompt is not requested, but the Unlocked array is also empty, so this is an invalid response from gnome-keyring (it should either request the prompt or unlock the given object path).