Firefox should make use of the GNOME passwords manager to manage its passwords

Camino is doing exactly this, a similar implementation could be used.

I like the idea of integrating the password manager with Gnome, but is it possible to make it so that any password manager application could be made to plug into Firefox's password management system? It would be nice to use Norton Password Manager on Windows, or whatever comercial program the user happens to like and have Firefox use it directly. This would be a good thing for integration with operating environments and other applications.

Now that the Login Manager rewrite has landed on trunk for Firefox 3, writing a module to implement this support should be much easier. Basically, someone needs to write a component implementing the nsILoginManagerStorage interfaces, and that component would interact with the Gnome Keyring as needed.

This interface is described here: http://mxr.mozilla.org/seamonkey/source/toolkit/components/passwordmgr/public/nsILoginManagerStorage.idl

This task isn't currently on my to-do list, but I'd be happy to help explain the Login Manager interaction if someone wants to take a shot at this.

One potential issue I'm seeing is that nsILoginManagerStorage makes synchronous requests, which will freeze the UI while Gnome Keyring is asking for the password.

I'm not completely sure, but I also have the feeling the OS X Keychain API blocks the calling thread while waiting for the password (SecKeychainFindInternetPassword). That would mean the same issue happens for the OS X implementation.

I'm going to work on this, feel free to contact me if you want to help.

Created an attachment (id=270527)
version 0.1

First version. There are some issues when used with the password manager, like asking to save password more that necessary, or not updating password if changed.

See the XXX for other things to improve. There is no caching involved, so there are round-trips to the gnome-keyring-daemon for every page containing a form, which could be bad for performances.

I can confirm the issue where the UI is frozen in case gnome-keyring daemon is asking for confirmation. I saw that this is also happening with Camino+Keychain, but that's less an issue on OS X as the window content is buffered, unlike on X11 where it is not refreshed if we move another window above (ok, that should not be the case when using a compositing window manager).

Created an attachment (id=270611)
version 0.2

Forgot to unregister the category, and fixed an unused variable warning.

This went low priority for me, feel free to take this over.

*** Bug 410674 has been marked as a duplicate of this bug. ***

Does GNOME keyring replace Firefox internal password manager?
If not, it should.

(In reply to comment #10)
> Does GNOME keyring replace Firefox internal password manager?

no

> If not, it should.

That's what this bug is about, but no one is working on it right now.

Exactly the same situation with some non-duped bugs I've filed.

This bug is not only firefox related. It's a core bug.

I agree, it should rather be toolkit related (password manager is in toolkit/components/passwordmgr), but there's no Toolkit/Password Manager component.

There's been much discussion on reorganizing Bugzilla (eg, the thread rooted at http://groups.google.com/group/mozilla.dev.planning/msg/5c973137356768b0). It's been deferred for a variety of reasons, but should eventually happen. In the meantime, it's understood that a number of components in Firefox are effectively in Toolkit, so it's not really an issue. [The code is, in fact, in /toolkit.]

(In reply to comment #1)
> Camino is doing exactly this, a similar implementation could be used.
>

That's a different bug, the mac only bug 106400.

*** Bug 435207 has been marked as a duplicate of this bug. ***

Created an attachment (id=336264)
Updated patch to compile against firefox 3

I've modified the patch lightly to get it to compile on Firefox 3.

Created an attachment (id=336498)
Fixes for interaction with form login

While testing the latest path, I noticed that it didn't properly store and retrieve passwords saved in forms. I've attached an updated patch that works for me.

There are some more things that could be improved about the code, but what are the steps to get this included in Firefox proper?

I have simple question: does this include migration?

The current code doesn't include any migration support.

I've uploaded an installable version of this extension to https://addons.mozilla.org/en-US/firefox/addon/8737 to enable more people to test out the integration. Hopefully, some people will be able to give some good feedback to improve it.

I've tried the extension.

When it's installed I'm unable to store passwords.
The prompt "Would you like firefox to remember this password" stays visible after I click on "save password". No passwords is added to my keyring.

How can I debug this?

What are you using to verify that the password was added to the keyring? If you return to the same page again, is the password automatically filled in? Are there any errors in the Tools -> Error Console page?

I get this exeption in the console:

Fel: uncaught exception: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsILoginManagerStorage.addLogin]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: file:///usr/lib/xulrunner-1.9.0.1/components/nsLoginManager.js :: anonymous :: line 388" data: no]

The password I tried to add does not appear in firefox password list, nor in seahorse (g-k-m frontend).

Im using Ubuntu 8.04 with a keyring that is automatically unlocked on login.

(In reply to comment #19)
> There are some more things that could be improved about the code, but what are
> the steps to get this included in Firefox proper?

Hi Matt, thanks for your work on this. The steps would be to find someone to review this. There are instructions on http://developer.mozilla.org/en/Getting_your_patch_in_the_tree how to find the right reviewer.

Another more general question is to know if this should be part of Firefox or should live as an extension.

On a more technical side, is the issue raised in comment 4 still there? That would be nice to have it addressed (it may not be trivial, if the API has to change to get asynchronous).

I was a bit worried about performance (comment 6). It could be interesting to see how having the addon enabled can impact performance when browsing pages with passwords (https://wiki.mozilla.org/StandaloneTalos is one of the tool for measuring regressions). Caching could help if the performance is an issue.

The current patch implements nsILoginManagerStorage directly in C++. Another approach I thought about would be to wrap the low-level Gnome Keyring API in a C++ component and then implement nsILoginManagerStorage in JS. That should make things simpler for adding caching (if needed), managing preferences (keyring name is hardcoded right now for instance) or others. (https://wiki.mozilla.org/JSctypes could be useful here but I don't think it's ready yet)

I think I'd sort of like to see more experience with people using this as an extension, first. One of the things that I want to be cautious about is moving where we store things (mozStorage vs keyring/keychain) without compelling value... The pessimistic view here is that most users won't care, and it incurs code maintenance costs.

One variation that would also be interesting to pursue is leaving the password storage where it is now, but using the keyring/keychain for storing a decryption key (sort of like a master password). For users that don't want the annoyance of a master password (as we currently implement it), pulling a decryption key from a system DB that's secured with the user's *login credentials* would be an improvement.

(In reply to comment #25)
> I get this exeption in the console:

I've uploaded a new version of the extension that enables some logging to get extra information about your failure. You can see the extra logging by running firefox from a command line like "NSPR_LOG_MODULES=GnomeKeyringLog:5 firefox -no-remote"

You should see a message or two like:
-1211177280[805ca10]: GK_ENSURE_SUCCESS(2) failed

In the console, and that will help us figure out why you can't safe passwords.

Thanks for all the feedback. I'll keep an eye on performance problems. About the screen repaint issue, I just got prompted to allow access to the keyring and Firefox had no problem repainting in the background.

I was personally motivated to fix get the gnome-keyring integration out there because I wanted to reduce the number of unencrypted passwords on my drive. Since that's my main goal, I don't mind if this feature lives as an extension or as part of the standard packaging as long as I can use it =).

As for the relative value of the keyring integration, it's all about security (although something like your suggestion would have worked as well). The argument that "that most users won't care" should really be re-phrased to say "that most users won't care, until they sell their machine and the buyer uses their passwords left on disk". Leveraging something like gnome-keyring to get the password encryption for free seemed like a easy win for me (and Sylvain had done most of the work already).

(In reply to comment #27)
> One variation that would also be interesting to pursue is leaving the password
> storage where it is now, but using the keyring/keychain for storing a
> decryption key (sort of like a master password). For users that don't want the
> annoyance of a master password (as we currently implement it), pulling a
> decryption key from a system DB that's secured with the user's *login
> credentials* would be an improvement.

That seems a good way to go. At the time, I started writing an extension to store the master password in the Gnome Keyring (however I didn't finish it). The idea was to have an option when setting the master password like "Generate and store Master Password in Keyring". Then a component would set it automatically during startup.

(In reply to comment #28)
> You can see the extra logging by running
 firefox from a command line like "NSPR_LOG_MODULES=GnomeKeyringLog:5 firefox
> -no-remote"
>
> You should see a message or two like:
> -1211177280[805ca10]: GK_ENSURE_SUCCESS(2) failed
>
> In the console, and that will help us figure out why you can't safe passwords.

I just tried this on another computer and it worked without any errors.
However, the passwords are only visible in firefox, not seahorse. Is that correct?

(In reply to comment #31)
> However, the passwords are only visible in firefox, not seahorse. Is that
> correct?

That's because the passwords are stored in the 'default' keyring, and not the 'login' keyring. Apparently, Seahorse only shows the passwords in the 'login' keyring.

(In reply to comment #32)
> (In reply to comment #31)
> > However, the passwords are only visible in firefox, not seahorse. Is that
> > correct?
>
> That's because the passwords are stored in the 'default' keyring, and not the
> 'login' keyring. Apparently, Seahorse only shows the passwords in the 'login'
> keyring.

Ah, I see!

The entry may look nicer to the user in the sehorse password listing if the type GNOME_KEYRING_ITEM_NETWORK_PASSWORD is used. Also, the display name is currently set to "Mozilla keyring entry". It should probably be the url, or something like "User at http://hostname..."

Hello!

I've downloaded the patch and compiled it successfully under my 64-bit Ubuntu. After installation the extension is displayed by firefox as active extension.

I used the command from comment #28 but I don't see any log messages that might belong to the gnome keyring extension. The passwords are saved but I think they are saved by the firefox password manager, because I can't see them in seahorse, even after setting the keyring to 'login'.

Missed I something?
Thanks!

This feature is a win-win! How long should it take before I can see it as an extension?

Thanks

(In reply to comment #35)
> This feature is a win-win! How long should it take before I can see it as an
> extension?

Not very long: https://addons.mozilla.org/en-US/firefox/addon/8737 (see comment 22)

Hello !
I've installed the last 0.2 firefox plugin.
That doesn't seem to work.
I'm using firefox 3.0.5 on ubuntu 8.10.

 NSPR_LOG_MODULES=GnomeKeyringLog:5 firefox -no-remote
-1210722624[95d8638]: Num items: 0
-1210722624[95d8638]: Num items: 0
-1210722624[95d8638]: GK_ENSURE_SUCCESS(4) failed
-1210722624[95d8638]: Num items: 0
-1210722624[95d8638]: GK_ENSURE_SUCCESS(4) failed

Gnome doesn't ask me to authorize firefox to use gnome-keyring.
When I click on "Add Password" on the bar, that do nothing, I have to click on "never" or "not now" for see the bar disappear.

(In reply to comment #37)
> -1210722624[95d8638]: GK_ENSURE_SUCCESS(4) failed
>
Error code 4 means "no such keyring". The add-on uses the keyring "default" instead of Gnome's default keyring "login". You can create a new keyring using Gnome's seahorse program.

Unfortunately, this extension does not play well with xmarks bookmarks and password synchronization extension (http://www.xmarks.com).

If I install this extension after having used xmarks for a while, no stored passwords shows up and the master password for xmarks is gone.

Is this going to be implemented in Xulrunner or in an extension? I would like to not have to add extension to make this work. I dont use too many extensions but i know people with 10+ installed adn the risk of crashes is fairly high at that point adding another isnt the best way to fix this IMHO

Created an attachment (id=388144)
Tarball to be extracted in mozilla source directory

Hi,
I tried to iron away some problems with the extension:
* I set it to use its own keyring, named mozilla. Since items' attributes are tailored to fit mozilla login manager, it seems to me this makes more sense than cluttering the default keyring. This way, one can also decide whether to unlock it on log in or not independently from the default keyring.
* Most importantly, I made the component create the keyring if it doesn't exist.
I think this should make it work for most of the people that were unable to save passwords.
* The item name is now the hostname for which the password is saved (makes more sense than "Mozilla keyring entry" for every item)
* I took the liberty to add Matt Lavin and myself to the contributors.

These are the most prominent issues that I feel should be addressed next:
* The component still builds with the mozilla build sistem, I'd like to make it a separate extension but I don't know how to do it...
* I still have to move to firefox 3.5, I don't know if it works with it.
* It would be very nice to be able to migrate logins from and back to the built-in login manager, maybe prompting the user whether they want to delete logins from the unused login manager.
* Even when using gnome-keyring as login manager, you still get asked for the master password if you want to see the passwords on the "saved passwords" window. This only happens if the master password is set. I think this is firefox's fault.

By now, what I think is most important is to build it as an extension and to make it compatible with firefox 3.5
Help is appreciated...

Created an attachment (id=389136)
New verson for firefox 3.5

This is the new version for firefox 3.5, it doesn't work for firefox 3.0 because the interface has changed.
I plan to build an extension out of it and upload it on amo in the next days.

Created an attachment (id=389159)
Firefox 3.5 extension packaged for building outside of Firefox source tree

Thanks for the updates to support 3.5. Sometime during the 3.5 cycle I made changes to my local files to support building outside of the Firefox development tree. I've attached a version of that build environment that includes your fixes. That should allow easier building of the extension by other people.

Created an attachment (id=389337)
Makes keyring name customizable, fixes some possible leaks

The Makefile provided by Matt works perfectly, just note that if you compile for amd64 you need to add -fPIC to CPPFLAGS and put /Linux_x86_amd64-gcc3 everywhere you read Linux_x86-gcc3.
This new version makes keyring name customizable, you need to create a string preference entry named extensions.gnome-keyring.keyringName to change it.
Note that logins you've already saved will still be used, because gnome-keyring searches through all unlocked keyrings, not just the one we're using.

I just started a github project that holds my source tree. I've added the changes from luca in comment 44, along with adding the -fPIC compile flag by default.

The github URL is http://github.com/mdlavin/firefox-gnome-keyring/tree/master. If somebody would like to make the Makefile more flexible to handle the "Linux_x86_amd64-gcc3" / "Linux_x86-gcc3" changes automatically, that would be great.

Hello, I've created a new extension based on this one. It is useful to connect to kde's kwallet. My questions are:
Am I violating any license issue?, in other words, am i allowed to create a new extension based on this one?
Where do I commit this extension?, should I use https://addons.mozilla.org/ ? or as a new bug request here?

Thanks in advance.

(In reply to comment #27)
> leav[e] the password storage where it is now, but us[e] the keyring/keychain
> for storing a decryption key (sort of like a master password)

Agreed. I would rather have such an option than the current extension, even if it added a password migration feature (the lack of which prevents usage for someone like me with hundreds of entries). The built-in password manager is fine except for the need to type in a master password every session. Is there any interface for an extension to replace just the "Enter Master Password" dialog?

(In reply to comment #47)
I filed bug 496660 (essentially what Dolske proposed in comment #27) a while ago. That's OSX specific, but no implementation is done. There's some work being done in other bugs to separate out the dependence on the master password as is.

Looks like this plugin do not working for me. Installed, but password are stored to mozilla storage - not to gnome-keyring.