178571 – Gnome Keyring does not work on Solaris 10

This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 178571 - Gnome Keyring does not work on Solaris 10

Summary: Gnome Keyring does not work on Solaris 10

Status:	RESOLVED FIXED

Alias:	None

Product:	platform
Classification:	Unclassified
Component:	Options&Settings (show other bugs)
Version:	6.x
Hardware:	Sun Solaris

Importance:	P3 normal (vote)
Assignee:	Jesse Glick

URL:
Keywords:

Depends on:	183581 183670 185698
Blocks:	173413
	Show dependency tree

Reported:	2009-12-14 03:15 UTC by Vladimir Voskresensky
Modified:	2010-05-10 21:23 UTC (History)
CC List:	0 users

See Also:
Issue Type:	DEFECT
Exception Reporter:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Vladimir Voskresensky 2009-12-14 03:15:27 UTC

When I start IDE it immediately opens dialog and asks me about master password without any reasoning. 
Do I have to enter root password? My login password? Or what? And what for?
It is absolutely not clear from user point of view what's happened. 

(I know that this is dialog caused by new keyring infra, but as user I'm totally confused and already had to explain some other guys what's going on)

Comment 1 Jesse Glick 2009-12-14 08:54:41 UTC

Doesn't happen to me (when running with -Dnetbeans.keyring.no.native=true). What actual password is being asked for after you enter a master password? Use -Dorg.netbeans.modules.keyring.level=FINER for diagnosis.

I know the master password dialog needs UI tuning. But it should only ever be shown for people who are using something other than Windows, Mac OS X, or Gnome - a small minority of users. What are you using?

Comment 2 Vladimir Voskresensky 2009-12-14 09:29:56 UTC

I use solaris 10 with Gnome

Comment 3 Vladimir Voskresensky 2009-12-14 09:35:04 UTC

please, fix it. Very annoying. 
At least delay this dialog until any password is really needed. 
Don't like it on startup of IDE at all

Comment 4 Jesse Glick 2009-12-14 10:14:42 UTC

This should never be shown under Gnome because the Gnome Keyring API should be used instead (which does not prompt in any way - it is unlocked by your login). I need to know how to reproduce, which is why I asked for logging info.

And the dialog *is* delayed until a password needs to be read or stored. As I said, I cannot reproduce even if I disable the Gnome-specific impl (thus permitting the master password storage to be used) unless I specifically do something which needs to deal with passwords. It is not run just because you start up the IDE.

Comment 5 Vladimir Voskresensky 2009-12-14 10:24:49 UTC

It happens during "Opening projects" phase. After displaying dialog no other passwords are asked (that's why I asked for the delay). 

#uname -a
SunOS **** 5.10 Generic_127112-10 i86pc i386 i86pc

Log info:

FINE [org.netbeans.modules.keyring.gnome.GnomeProvider]: GNOME_KEYRING_PID not set
FINE [org.netbeans.modules.keyring.win32.Win32Protect]
java.lang.UnsatisfiedLinkError: Unable to load library 'Crypt32': ld.so.1: java: fatal: libCrypt32.so: open failed: No such file or directory
        at com.sun.jna.NativeLibrary.loadLibrary(NativeLibrary.java:145)
        at com.sun.jna.NativeLibrary.getInstance(NativeLibrary.java:188)
        at com.sun.jna.Library$Handler.<init>(Library.java:123)
        at com.sun.jna.Native.loadLibrary(Native.java:255)
        at com.sun.jna.Native.loadLibrary(Native.java:241)
        at org.netbeans.modules.keyring.win32.Win32Protect$CryptLib.<clinit>(Win32Protect.java:125)
        at org.netbeans.modules.keyring.win32.Win32Protect.enabled(Win32Protect.java:72)
        at org.netbeans.modules.keyring.fallback.FallbackProvider.enabled(FallbackProvider.java:71)
        at org.netbeans.api.keyring.Keyring.provider(Keyring.java:65)
        at org.netbeans.api.keyring.Keyring.read(Keyring.java:85)
        at org.netbeans.modules.kenai.ui.spi.UIUtils.loadPassword(UIUtils.java:152)
        at org.netbeans.modules.kenai.ui.spi.UIUtils.tryLogin(UIUtils.java:132)
        at org.netbeans.modules.kenai.ui.KenaiLoginTask.run(KenaiLoginTask.java:64)
[catch] at org.netbeans.core.WarmUpSupport.run(WarmUpSupport.java:87)
        at org.openide.util.RequestProcessor$Task.run(RequestProcessor.java:641)
        at org.openide.util.RequestProcessor$Processor.run(RequestProcessor.java:1123)
FINE [org.netbeans.modules.keyring.Utils]: chmod go-r /export/home/vv159170/.netbeans/dev/config/Preferences/org/netbeans/modules/keyring.properties
FINE [org.netbeans.modules.keyring.fallback.FallbackProvider]: Using provider: org.netbeans.modules.keyring.fallback.MasterPasswordEncryption@1152e3f
FINE [org.netbeans.modules.keyring.Utils]: chmod go-r /export/home/vv159170/.netbeans/dev/config/Preferences/org/netbeans/modules/keyring/general.properties

Comment 6 Vladimir Voskresensky 2009-12-14 10:26:49 UTC

Oh, I see, probably incorrect name of library.
On my system I have:

#echo $LD_LIBRARY_PATH
/opt/csw/lib:/usr/lib:/usr/local/lib


#ls /opt/csw/lib/libcrypt*
/opt/csw/lib/libcrypto.a         /opt/csw/lib/libcrypto.so        /opt/csw/lib/libcrypto.so.0.9.7  /opt/csw/lib/libcrypto.so.0.9.8

#ls /usr/lib/libcrypt*
/usr/lib/libcrypt_d.so       /usr/lib/libcrypt_i.so       /usr/lib/libcryptoutil.so    /usr/lib/libcrypt.so
/usr/lib/libcrypt_d.so.1     /usr/lib/libcrypt_i.so.1     /usr/lib/libcryptoutil.so.1  /usr/lib/libcrypt.so.1

Comment 7 Jesse Glick 2009-12-14 10:36:26 UTC

No, the primary problem is that the environment variable GNOME_KEYRING_PID is unset, and the module disables the Gnome provider immediately in this case (to avoid wasting time trying to go further). AFAIK this should be set whenever Gnome is active. Does Solaris lack the keyring completely? Do you have "Passwords and Encryption Keys" somewhere, say under an Accessories menu, looking like

http://upload.wikimedia.org/wikipedia/commons/2/25/Seahorse_2.22.2_first_time.png

? Is there any process 'gnome-keyring-daemon' running?

Comment 8 Vladimir Voskresensky 2009-12-15 02:30:51 UTC

I don't have GNOME_KEYRING_PID and have not found easily 
"Passwords and Encryption Keys"
But I have gnome-keyring-daemon
#ps -ef | grep keyring
vv159170   774     1   0   Nov 17 pts/2       0:00 /usr/bin/gnome-keyring-daemon

Comment 9 Jesse Glick 2009-12-15 08:38:14 UTC

Please try the following:

GNOME_KEYRING_PID=bogus ant -f keyring/build.xml test

If that passes for you, try running the IDE with

GNOME_KEYRING_PID=bogus .../bin/netbeans --userdir /tmp/new-userdir

and doing something that definitely requires a password which would be managed by the keyring - e.g., log in to Kenai if you have an account, or submitting an exception/slowness report. Restart the IDE and do it again. If your password is still available, then I guess Gnome somehow makes the keyring work without $GNOME_KEYRING_PID being set, in which case I will just delete the check for it.

What about GNOME_KEYRING_SOCKET? Is that set?

Comment 10 Vladimir Voskresensky 2009-12-15 10:07:46 UTC

test-unit:
    [mkdir] Created dir: /net/d-espb04-127-81/export/devarea/trunk/keyring/build/test/unit/results
    [junit] Testsuite: org.netbeans.modules.keyring.fallback.MasterPasswordEncryptionTest
    [junit] Tests run: 2, Failures: 0, Errors: 0, Time elapsed: 0.605 sec
    [junit]
    [junit] Testsuite: org.netbeans.modules.keyring.gnome.GnomeProviderTest
    [junit] Tests run: 1, Failures: 0, Errors: 1, Time elapsed: 0.439 sec
    [junit]
    [junit] Testcase: testStorage(org.netbeans.modules.keyring.gnome.GnomeProviderTest):        Caused an ERROR
    [junit] Error looking up function 'gnome_keyring_find_password_sync': ld.so.1: java: fatal: gnome_keyring_find_password_sync: can't find symbol
    [junit] java.lang.UnsatisfiedLinkError: Error looking up function 'gnome_keyring_find_password_sync': ld.so.1: java: fatal: gnome_keyring_find_password_sync: can't find symbol
    [junit]     at com.sun.jna.Function.<init>(Function.java:129)
    [junit]     at com.sun.jna.NativeLibrary.getFunction(NativeLibrary.java:250)
    [junit]     at com.sun.jna.Library$Handler.invoke(Library.java:191)
    [junit]     at $Proxy0.gnome_keyring_find_password_sync(Unknown Source)
    [junit]     at org.netbeans.modules.keyring.gnome.GnomeProvider.read(GnomeProvider.java:100)
    [junit]     at org.netbeans.modules.keyring.KeyringProviderTestBase.doTestStorage(KeyringProviderTestBase.java:67)
    [junit]     at org.netbeans.modules.keyring.KeyringProviderTestBase.testStorage(KeyringProviderTestBase.java:60)
    [junit]     at org.netbeans.junit.NbTestCase.access$200(NbTestCase.java:89)
    [junit]     at org.netbeans.junit.NbTestCase$2.doSomething(NbTestCase.java:337)
    [junit]     at org.netbeans.junit.NbTestCase$1Guard.run(NbTestCase.java:274)
    [junit]     at org.netbeans.junit.NbTestCase.runBare(NbTestCase.java:356)
    [junit]     at org.netbeans.junit.NbTestCase.run(NbTestCase.java:214)
    [junit]
    [junit]
    [junit] Test org.netbeans.modules.keyring.gnome.GnomeProviderTest FAILED
    [junit] Testsuite: org.netbeans.modules.keyring.mac.MacProviderTest
    [junit] org.netbeans.modules.keyring.mac.MacProvider@78a212disabled on SunOS, skipping
    [junit] Tests run: 1, Failures: 0, Errors: 0, Time elapsed: 0.133 sec
    [junit]
    [junit] ------------- Standard Error -----------------
    [junit] org.netbeans.modules.keyring.mac.MacProvider@78a212disabled on SunOS, skipping
    [junit] ------------- ---------------- ---------------
    [junit] Testsuite: org.netbeans.modules.keyring.win32.Win32ProtectTest
    [junit] Skipping Win32ProtectTest on SunOS
    [junit] Tests run: 1, Failures: 0, Errors: 0, Time elapsed: 0.108 sec
    [junit]
    [junit] ------------- Standard Error -----------------
    [junit] Skipping Win32ProtectTest on SunOS
    [junit] ------------- ---------------- ---------------

BUILD FAILED
/net/d-espb04-127-81/export/devarea/trunk/nbbuild/templates/common.xml:663: The following error occurred while executing this line:
/net/d-espb04-127-81/export/devarea/trunk/nbbuild/templates/common.xml:652: Some tests failed; see details above.

Comment 11 Vladimir Voskresensky 2009-12-15 10:08:47 UTC

#echo $GNOME_KEYRING_SOCKET
/var/tmp/keyring-t1zVDH/socket

Comment 12 Vladimir Voskresensky 2009-12-15 10:21:09 UTC

Can this help?

#nm -g /usr/lib/libgnome-keyring.so | grep gnome_keyring
[69]    |     17231|      80|FUNC |GLOB |0    |8      |gnome_keyring_attribute_list_append_string
[163]   |     17311|      69|FUNC |GLOB |0    |8      |gnome_keyring_attribute_list_append_uint32
[138]   |     25592|     161|FUNC |GLOB |0    |8      |gnome_keyring_attribute_list_copy
[76]    |     25479|     113|FUNC |GLOB |0    |8      |gnome_keyring_attribute_list_free
[174]   |     11920|      19|FUNC |GLOB |0    |8      |gnome_keyring_cancel_request
[82]    |     12921|     120|FUNC |GLOB |0    |8      |gnome_keyring_create
[186]   |     13274|     113|FUNC |GLOB |0    |8      |gnome_keyring_delete
[113]   |     14087|     115|FUNC |GLOB |0    |8      |gnome_keyring_find_items
[145]   |     14552|     236|FUNC |GLOB |0    |8      |gnome_keyring_find_items_sync
[170]   |     14381|     171|FUNC |GLOB |0    |8      |gnome_keyring_find_itemsv
[139]   |     14788|      88|FUNC |GLOB |0    |8      |gnome_keyring_find_itemsv_sync
[137]   |     17596|     137|FUNC |GLOB |0    |8      |gnome_keyring_find_network_password
[78]    |     17733|     129|FUNC |GLOB |0    |8      |gnome_keyring_find_network_password_sync
[105]   |     25363|      67|FUNC |GLOB |0    |8      |gnome_keyring_found_free
[55]    |     25430|      49|FUNC |GLOB |0    |8      |gnome_keyring_found_list_free
[175]   |     25300|      63|FUNC |GLOB |0    |8      |gnome_keyring_free_password
[126]   |     12466|     112|FUNC |GLOB |0    |8      |gnome_keyring_get_default_keyring
[155]   |     13486|     113|FUNC |GLOB |0    |8      |gnome_keyring_get_info
[143]   |     25787|      53|FUNC |GLOB |0    |8      |gnome_keyring_info_copy
[128]   |     25753|      34|FUNC |GLOB |0    |8      |gnome_keyring_info_free
[96]    |     13972|       8|FUNC |GLOB |0    |8      |gnome_keyring_info_get_ctime
[57]    |     13980|       8|FUNC |GLOB |0    |8      |gnome_keyring_info_get_is_locked
[102]   |     13937|       7|FUNC |GLOB |0    |8      |gnome_keyring_info_get_lock_on_idle
[164]   |     13956|       8|FUNC |GLOB |0    |8      |gnome_keyring_info_get_lock_timeout
[185]   |     13964|       8|FUNC |GLOB |0    |8      |gnome_keyring_info_get_mtime
[97]    |     13926|      11|FUNC |GLOB |0    |8      |gnome_keyring_info_set_lock_on_idle
[67]    |     13944|      12|FUNC |GLOB |0    |8      |gnome_keyring_info_set_lock_timeout
[192]   |     11861|      59|FUNC |GLOB |0    |8      |gnome_keyring_is_available
[177]   |     14876|     131|FUNC |GLOB |0    |8      |gnome_keyring_item_create
[83]    |     15007|     252|FUNC |GLOB |0    |8      |gnome_keyring_item_create_sync
[146]   |     15259|     120|FUNC |GLOB |0    |8      |gnome_keyring_item_delete
[167]   |     15819|     120|FUNC |GLOB |0    |8      |gnome_keyring_item_get_attributes
[98]    |     15478|     120|FUNC |GLOB |0    |8      |gnome_keyring_item_get_info
[75]    |     25981|      87|FUNC |GLOB |0    |8      |gnome_keyring_item_info_copy
[122]   |     25840|     101|FUNC |GLOB |0    |8      |gnome_keyring_item_info_free
[94]    |     16273|       8|FUNC |GLOB |0    |8      |gnome_keyring_item_info_get_ctime
[149]   |     16172|      36|FUNC |GLOB |0    |8      |gnome_keyring_item_info_get_display_name
[104]   |     16265|       8|FUNC |GLOB |0    |8      |gnome_keyring_item_info_get_mtime
[190]   |     16079|      36|FUNC |GLOB |0    |8      |gnome_keyring_item_info_get_secret
[99]    |     16061|       7|FUNC |GLOB |0    |8      |gnome_keyring_item_info_get_type
[172]   |     25941|      40|FUNC |GLOB |0    |8      |gnome_keyring_item_info_new
[61]    |     16208|      57|FUNC |GLOB |0    |8      |gnome_keyring_item_info_set_display_name
[171]   |     16115|      57|FUNC |GLOB |0    |8      |gnome_keyring_item_info_set_secret
[54]    |     16068|      11|FUNC |GLOB |0    |8      |gnome_keyring_item_info_set_type
[188]   |     15939|     122|FUNC |GLOB |0    |8      |gnome_keyring_item_set_attributes
[173]   |     15598|     122|FUNC |GLOB |0    |8      |gnome_keyring_item_set_info
[86]    |     13813|     113|FUNC |GLOB |0    |8      |gnome_keyring_list_item_ids
[73]    |     12697|     112|FUNC |GLOB |0    |8      |gnome_keyring_list_keyring_names
[191]   |     13161|     113|FUNC |GLOB |0    |8      |gnome_keyring_lock
[148]   |     12809|     112|FUNC |GLOB |0    |8      |gnome_keyring_lock_all
[56]    |     16988|     122|FUNC |GLOB |0    |8      |gnome_keyring_network_password_free
[144]   |     17110|      49|FUNC |GLOB |0    |8      |gnome_keyring_network_password_list_free
[183]   |     21839|     245|FUNC |GLOB |0    |8      |gnome_keyring_proto_add_attribute_list
[91]    |     18541|      58|FUNC |GLOB |0    |8      |gnome_keyring_proto_add_time
[108]   |     18434|     107|FUNC |GLOB |0    |8      |gnome_keyring_proto_add_uint32
[65]    |     18834|     157|FUNC |GLOB |0    |8      |gnome_keyring_proto_add_utf8_string
[103]   |     21373|     466|FUNC |GLOB |0    |8      |gnome_keyring_proto_decode_attribute_list
[169]   |     20558|     448|FUNC |GLOB |0    |8      |gnome_keyring_proto_decode_create_item
[53]    |     22849|     148|FUNC |GLOB |0    |8      |gnome_keyring_proto_decode_find
[117]   |     22527|     322|FUNC |GLOB |0    |8      |gnome_keyring_proto_decode_find_reply
[176]   |     23516|     126|FUNC |GLOB |0    |8      |gnome_keyring_proto_decode_get_attributes_reply
[81]    |     23642|     409|FUNC |GLOB |0    |8      |gnome_keyring_proto_decode_get_item_info_reply
[124]   |     24051|     345|FUNC |GLOB |0    |8      |gnome_keyring_proto_decode_get_keyring_info_reply
[165]   |     22997|     136|FUNC |GLOB |0    |8      |gnome_keyring_proto_decode_op_string
[72]    |     23133|     181|FUNC |GLOB |0    |8      |gnome_keyring_proto_decode_op_string_int
[151]   |     23314|     202|FUNC |GLOB |0    |8      |gnome_keyring_proto_decode_op_string_string
[136]   |     19668|      55|FUNC |GLOB |0    |8      |gnome_keyring_proto_decode_packet_operation
[100]   |     19627|      41|FUNC |GLOB |0    |8      |gnome_keyring_proto_decode_packet_size
[79]    |     25159|     138|FUNC |GLOB |0    |8      |gnome_keyring_proto_decode_result_integer_reply
[62]    |     24908|     251|FUNC |GLOB |0    |8      |gnome_keyring_proto_decode_result_int_list_reply
[193]   |     22084|      82|FUNC |GLOB |0    |8      |gnome_keyring_proto_decode_result_reply
[153]   |     22289|     238|FUNC |GLOB |0    |8      |gnome_keyring_proto_decode_result_string_list_reply
[123]   |     22166|     123|FUNC |GLOB |0    |8      |gnome_keyring_proto_decode_result_string_reply
[60]    |     24705|     203|FUNC |GLOB |0    |8      |gnome_keyring_proto_decode_set_attributes
[180]   |     24396|     309|FUNC |GLOB |0    |8      |gnome_keyring_proto_decode_set_item_info
[120]   |     20327|     231|FUNC |GLOB |0    |8      |gnome_keyring_proto_encode_create_item
[116]   |     20204|     123|FUNC |GLOB |0    |8      |gnome_keyring_proto_encode_find
[114]   |     19723|      86|FUNC |GLOB |0    |8      |gnome_keyring_proto_encode_op_only
[184]   |     19809|     118|FUNC |GLOB |0    |8      |gnome_keyring_proto_encode_op_string
[115]   |     19927|     131|FUNC |GLOB |0    |8      |gnome_keyring_proto_encode_op_string_int
[92]    |     20058|     146|FUNC |GLOB |0    |8      |gnome_keyring_proto_encode_op_string_string
[125]   |     21006|     157|FUNC |GLOB |0    |8      |gnome_keyring_proto_encode_set_attributes
[133]   |     21163|     207|FUNC |GLOB |0    |8      |gnome_keyring_proto_encode_set_item_info
[106]   |     21370|       3|FUNC |GLOB |0    |8      |gnome_keyring_proto_encode_set_keyring_info
[59]    |     18991|      91|FUNC |GLOB |0    |8      |gnome_keyring_proto_get_bytes
[160]   |     18706|     128|FUNC |GLOB |0    |8      |gnome_keyring_proto_get_time
[152]   |     18599|     107|FUNC |GLOB |0    |8      |gnome_keyring_proto_get_uint32
[129]   |     19082|     300|FUNC |GLOB |0    |8      |gnome_keyring_proto_get_utf8_string
[161]   |     18375|      59|FUNC |GLOB |0    |8      |gnome_keyring_proto_set_uint32
[131]   |     12353|     113|FUNC |GLOB |0    |8      |gnome_keyring_set_default_keyring
[66]    |     13599|     115|FUNC |GLOB |0    |8      |gnome_keyring_set_info
[107]   |     18032|     154|FUNC |GLOB |0    |8      |gnome_keyring_set_network_password
[74]    |     18186|     146|FUNC |GLOB |0    |8      |gnome_keyring_set_network_password_sync
[132]   |     13041|     120|FUNC |GLOB |0    |8      |gnome_keyring_unlock

Comment 13 Jesse Glick 2009-12-15 10:57:33 UTC

Maybe you are running an old version of Gnome? This function should be there since 2.22. 2.28 is the current release.

(There are other lower-level functions which exist in older versions of the Keyring API but they are harder to use from JNA.)

I have been so far unable to get a copy of OpenSolaris 2009.06 running to test with.

Comment 14 Quality Engineering 2009-12-15 12:44:09 UTC

Integrated into 'main-golden', will be available in build *200912151400* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress)
Changeset: http://hg.netbeans.org/main/rev/456143d1fb02
User: Jesse Glick <jglick@netbeans.org>
Log: On non-Windows platforms, do not even try to load CryptLib. Mentioned as a confusing stack trace in #178571.

Comment 15 Vladimir Voskresensky 2009-12-15 13:23:06 UTC

I use not OpenSolaris, but Solaris 10. Can check if works on OpenSolaris if you'd like...

Comment 16 Jesse Glick 2009-12-15 14:13:07 UTC

I can now confirm that Gnome keyring access from NB works in OpenSolaris 2009.06 (I finally got it installed successfully in VBox). I probably would not bother writing code to support old versions of Gnome (such as in Solaris 10); this is likely a very small portion of our users and bound to grow ever smaller.

For some reason in OpenSolaris you are asked for a master password (rather than being unlocked merely by login as in Ubuntu), but it still works after restarting NB at least within the same X login, so that seems OK - you only need to unlock the keyring once per login session.

You need to install SUNWseahorse if you want to see stored passwords. For whatever reason it is not installed by default.

The current trunk displays a short explanation in the Enter Master Password dialog. Could certainly use more UI work but this should help a bit. Use

  -J-Dorg.netbeans.modules.keyring.level=0

to see what password the IDE is trying to load or save when the keyring is initialized.

Comment 17 Vladimir Voskresensky 2009-12-15 14:31:09 UTC

Jesse, NB is used as a platform for SunStudio tools. NB 6.9 will be base of 3 products: SunStudio IDE, DbxTool, DLightTool. All of them are targeting Solaris enterprise customers (who pays money!), so there is a business value to support Solaris 10 (which is the last release of Solaris sold with all Sun's hardware)

Comment 18 Jesse Glick 2009-12-15 20:14:08 UTC

I will see if I have time for it in 6.9; it is not a top priority since there is a fallback impl. Sol 10 / JDS has so far been so slow as to make it very difficult to test anything.

Comment 19 Vladimir Voskresensky 2010-01-11 14:24:03 UTC

Jesse, what are the security mechanizm used in fallback impl? Is it secure enough to pass PAC encryption reqs for Sun products?

Comment 20 Jesse Glick 2010-01-11 14:44:41 UTC

The fallback impl uses Java's 'PBEWithSHA1AndDESede' algorithm set to encrypt passwords, which I think would be considered "strong encryption" for most purposes: SHA-1 & 3-DES. It creates a random salt per userdir using UUID.randomUUID().

In addition to the passwords you ask to save, a sample string is saved to verify that an entered master password is correct: the sample must be decryptable and the decrypted value must begin with a magic sequence (the remainder having been generated randomly, again with UUID).

The files in the userdir relating to the fallback impl are marked go-w on Unix systems, to discourage brute-force cracking attempts on multiuser machines.

FallbackProvider.java and MasterPasswordEncryption.java have the implementation; it is pretty short and self-contained. If you are experienced with Java security programming, a review would certainly be appreciated.

Comment 21 Vladimir Voskresensky 2010-02-02 05:37:41 UTC

Jesse, 
Dialog is displayed again on start of IDE without any reasons:
running
#GNOME_KEYRING_PID=bogus ant -f keyring/build.xml test
gives:
test-unit:
    [mkdir] Created dir: /net/d-espb04-127-81/export/devarea/trunk/keyring/build/test/unit/results
    [junit] Testsuite: org.netbeans.modules.keyring.fallback.MasterPasswordEncryptionTest
    [junit] Tests run: 2, Failures: 0, Errors: 0, Time elapsed: 0,474 sec
    [junit]
    [junit] Testsuite: org.netbeans.modules.keyring.gnome.GnomeProviderTest
    [junit] Tests run: 1, Failures: 0, Errors: 1, Time elapsed: 0,318 sec
    [junit]
    [junit] Testcase: testStorage(org.netbeans.modules.keyring.gnome.GnomeProviderTest):        Caused an ERROR
    [junit] Error looking up function 'gnome_keyring_find_password_sync': ld.so.1: java: fatal: gnome_keyring_find_password_sync: can't find symbol
    [junit] java.lang.UnsatisfiedLinkError: Error looking up function 'gnome_keyring_find_password_sync': ld.so.1: java: fatal: gnome_keyring_find_password_sync: can't find symbol
    [junit]     at com.sun.jna.Function.<init>(Function.java:129)
    [junit]     at com.sun.jna.NativeLibrary.getFunction(NativeLibrary.java:250)
    [junit]     at com.sun.jna.Library$Handler.invoke(Library.java:191)
    [junit]     at $Proxy0.gnome_keyring_find_password_sync(Unknown Source)
    [junit]     at org.netbeans.modules.keyring.gnome.GnomeProvider.read(GnomeProvider.java:100)
    [junit]     at org.netbeans.modules.keyring.KeyringProviderTestBase.doTestStorage(KeyringProviderTestBase.java:67)
    [junit]     at org.netbeans.modules.keyring.KeyringProviderTestBase.testStorage(KeyringProviderTestBase.java:60)
    [junit]     at org.netbeans.junit.NbTestCase.access$200(NbTestCase.java:89)
    [junit]     at org.netbeans.junit.NbTestCase$2.doSomething(NbTestCase.java:345)
    [junit]     at org.netbeans.junit.NbTestCase$1Guard.run(NbTestCase.java:274)
    [junit]     at org.netbeans.junit.NbTestCase.runBare(NbTestCase.java:364)
    [junit]     at org.netbeans.junit.NbTestCase.run(NbTestCase.java:214)
    [junit]
    [junit]
    [junit] Test org.netbeans.modules.keyring.gnome.GnomeProviderTest FAILED
    [junit] Testsuite: org.netbeans.modules.keyring.mac.MacProviderTest
    [junit] org.netbeans.modules.keyring.mac.MacProvider@1db7df8disabled on SunOS, skipping
    [junit] Tests run: 1, Failures: 0, Errors: 0, Time elapsed: 0,076 sec
    [junit]
    [junit] ------------- Standard Error -----------------
    [junit] org.netbeans.modules.keyring.mac.MacProvider@1db7df8disabled on SunOS, skipping
    [junit] ------------- ---------------- ---------------
    [junit] Testsuite: org.netbeans.modules.keyring.win32.Win32ProtectTest
    [junit] Skipping Win32ProtectTest on SunOS
    [junit] Tests run: 1, Failures: 0, Errors: 0, Time elapsed: 0,076 sec
    [junit]
    [junit] ------------- Standard Error -----------------
    [junit] Skipping Win32ProtectTest on SunOS
    [junit] ------------- ---------------- ---------------

Comment 22 Jesse Glick 2010-02-02 14:59:03 UTC

(In reply to comment #21)
> Dialog is displayed again on start of IDE without any reasons

What does logging (comment #16) say? Anyway this would be the subject of a different bug report if reproducible.

> ant -f keyring/build.xml test
> gives:
>     [junit] java.lang.UnsatisfiedLinkError: Error looking up function
> 'gnome_keyring_find_password_sync': ld.so.1: java: fatal:
> gnome_keyring_find_password_sync: can't find symbol
>     [junit]     at com.sun.jna.Function.<init>(Function.java:129)
>     [junit]     at
> com.sun.jna.NativeLibrary.getFunction(NativeLibrary.java:250)
>     [junit]     at com.sun.jna.Library$Handler.invoke(Library.java:191)
>     [junit]     at $Proxy0.gnome_keyring_find_password_sync(Unknown Source)
>     [junit]     at
> org.netbeans.modules.keyring.gnome.GnomeProvider.read(GnomeProvider.java:100)

Yes, as already established, Solaris 10 ships an obsolete version of the library which lacks this function.

Comment 23 Vladimir Voskresensky 2010-02-03 02:29:50 UTC

no dialog now, but in log:

SEVERE [org.openide.util.RequestProcessor]: Error in RequestProcessor org.netbeans.modules.bugzilla.issue.BugzillaIssueProvider$2
java.lang.UnsatisfiedLinkError: Error looking up function 'gnome_keyring_find_password_sync': ld.so.1: java: fatal: gnome_keyring_find_password_sync: can't find symbol
        at com.sun.jna.Function.<init>(Function.java:129)
        at com.sun.jna.NativeLibrary.getFunction(NativeLibrary.java:250)
        at com.sun.jna.Library$Handler.invoke(Library.java:191)
        at $Proxy20.gnome_keyring_find_password_sync(Unknown Source)
        at org.netbeans.modules.keyring.gnome.GnomeProvider.read(GnomeProvider.java:100)
        at org.netbeans.api.keyring.Keyring.read(Keyring.java:88)
        at org.netbeans.modules.bugzilla.api.NBBugzillaUtils.getNBPassword(NBBugzillaUtils.java:99)
        at org.netbeans.modules.bugzilla.BugzillaConfig.getRepository(BugzillaConfig.java:225)
        at org.netbeans.modules.bugzilla.Bugzilla.getStoredRepositories(Bugzilla.java:198)
        at org.netbeans.modules.bugzilla.Bugzilla.getRepositories(Bugzilla.java:185)
        at org.netbeans.modules.bugzilla.issue.BugzillaIssueProvider.addCommonIssues(BugzillaIssueProvider.java:404)
        at org.netbeans.modules.bugzilla.issue.BugzillaIssueProvider.initializeIssues(BugzillaIssueProvider.java:390)
        at org.netbeans.modules.bugzilla.issue.BugzillaIssueProvider.access$400(BugzillaIssueProvider.java:92)
[catch] at org.netbeans.modules.bugzilla.issue.BugzillaIssueProvider$2.run(BugzillaIssueProvider.java:320)
        at org.openide.util.RequestProcessor$Task.run(RequestProcessor.java:641)
        at org.openide.util.RequestProcessor$Processor.run(RequestProcessor.java:1123)

Comment 24 Jesse Glick 2010-02-10 15:57:44 UTC

(In reply to comment #23)
> java.lang.UnsatisfiedLinkError: Error looking up function
> 'gnome_keyring_find_password_sync': ld.so.1: java: fatal:
> gnome_keyring_find_password_sync: can't find symbol
>         at com.sun.jna.Function.<init>(Function.java:129)
>         at com.sun.jna.NativeLibrary.getFunction(NativeLibrary.java:250)
>         at com.sun.jna.Library$Handler.invoke(Library.java:191)
>         at $Proxy20.gnome_keyring_find_password_sync(Unknown Source)
>         at org.netbeans.modules.keyring.gnome.GnomeProvider.read(GnomeProvider.java:100)
>         at org.netbeans.api.keyring.Keyring.read(Keyring.java:88)
>         at org.netbeans.modules.bugzilla.api.NBBugzillaUtils.getNBPassword(NBBugzillaUtils.java:99)

Can at least suppress this for now, so should fall back to master password: core-main #7e76cd958521

Comment 25 Quality Engineering 2010-02-11 21:20:37 UTC

Integrated into 'main-golden', will be available in build *201002120200* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress)
Changeset: http://hg.netbeans.org/main/rev/7e76cd958521
User: Jesse Glick <jglick@netbeans.org>
Log: #178571: just disable on Solaris 10, rather than throwing an error.

Comment 26 Jesse Glick 2010-04-03 00:52:45 UTC

I think I have it working now; the code is longer and uglier but seems to do the same thing. Please help verify on as many different Gnome platforms as you have access to.

Note: as on OpenSolaris, you are asked to unlock the keyring once per login session (but not after restarting NB in the same login session). I have no idea if there is some way to associate the default keyring with your login authentication, as is the default behavior on Linux/GNOME.

core-main #a982fb156b0b

Comment 27 Quality Engineering 2010-04-04 04:32:46 UTC

Integrated into 'main-golden', will be available in build *201004040201* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress)
Changeset: http://hg.netbeans.org/main/rev/a982fb156b0b
User: Jesse Glick <jglick@netbeans.org>
Log: Issue #178571: use older version of GNOME Keyring API to work also on Solaris 10/JDS.

Comment 28 Vladimir Voskresensky 2010-04-07 21:42:48 UTC

verified on mine Solaris 10