After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 768808 - Fixes for that problem sgallagh mentioned on IRC
Fixes for that problem sgallagh mentioned on IRC
Status: RESOLVED FIXED
Product: gnome-online-accounts
Classification: Core
Component: Kerberos
unspecified
Other All
: Normal normal
: ---
Assigned To: GNOME Online Accounts maintainer(s)
GNOME Online Accounts maintainer(s)
Depends on:
Blocks:
 
 
Reported: 2016-07-14 14:36 UTC by Ray Strode [halfline]
Modified: 2016-07-28 12:32 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
identity: don't register new identity to list if sign in unsuccessful (5.12 KB, patch)
2016-07-14 14:36 UTC, Ray Strode [halfline] 		committed Details | Review
identity: ensure unused credential cache is cleaned up (5.56 KB, patch)
2016-07-14 14:36 UTC, Ray Strode [halfline] 		committed Details | Review
telepathy-account-widgets: Revert unintended rollback of the submodule (746 bytes, patch)
2016-07-15 12:27 UTC, Debarshi Ray 		committed Details | Review
identity: Silence -Wincompatible-pointer-types (1.09 KB, patch)
2016-07-28 12:32 UTC, Debarshi Ray 		committed Details | Review

Description Ray Strode [halfline] 2016-07-14 14:36:03 UTC 
sgallagh's /proc/keys was growing until his quota filled up.
This was because gnome-online-accounts was trying to sign in
over and over and over again for an unavailable KDC.  Each
time it did this, it leaked a credential cache.

gnome-online-accounts should try to refresh over and over again
because we don't have kernel keyring change notification yet,
but it shouldn't try to sign in over and over and over again.

Also, if sign in fails it should clean up its cache.
Comment 1 Ray Strode [halfline] 2016-07-14 14:36:10 UTC 
Created attachment 331498 [details] [review]
identity: don't register new identity to list if sign in unsuccessful

If we add an identity to the list when sign in fails, then we're going
to prune it from the list immediately resulting in an identity-removed
signal right away. This will leads to an ensure credentials call
(which is needed in most cases on identity removal to synchronize state
 with the daemon, but not in this case), which may cause it to sign
in again. This can lead to a sign in attempt every 5 seconds.
Comment 2 Ray Strode [halfline] 2016-07-14 14:36:13 UTC 
Created attachment 331499 [details] [review]
identity: ensure unused credential cache is cleaned up

If we end up creating a temporary credential cache that we don't
need, because a new identity wasn't successfully signed in, we
should clean it up.
Comment 3 Debarshi Ray 2016-07-14 15:10:19 UTC 
Review of attachment 331498 [details] [review]:

Ok, makes sense to me.
Comment 4 Debarshi Ray 2016-07-14 15:40:07 UTC 
Review of attachment 331499 [details] [review]:

Yes, looks good to me. Thanks for the fixes.
Comment 5 Ray Strode [halfline] 2016-07-14 18:49:10 UTC 
Attachment 331498 [details] pushed as 607f9ae - identity: don't register new identity to list if sign in unsuccessful
Attachment 331499 [details] pushed as 517fc9c - identity: ensure unused credential cache is cleaned up
Comment 6 Debarshi Ray 2016-07-15 12:27:35 UTC 
Created attachment 331577 [details] [review]
telepathy-account-widgets: Revert unintended rollback of the submodule
Comment 7 Debarshi Ray 2016-07-18 11:57:47 UTC 
(In reply to Ray Strode [halfline] from comment #0)
> sgallagh's /proc/keys was growing until his quota filled up.

Some details for those might be stopping by this bug:

<sgallagh> For example, we were seeing lots of:
<sgallagh> 03d89439 I--Q---     1 perm 3f010000 13041 13041 keyring krb_ccache_SAHVhlP: empty
<sgallagh> With the part after krb_ccache_ being random
Comment 8 Debarshi Ray 2016-07-28 12:32:47 UTC 
Created attachment 332274 [details] [review]
identity: Silence -Wincompatible-pointer-types