Client: ownCloud 2.5: Config stored in %APPDATA%, but password is still stored in %LOCALAPPDATA%

Created on 17 Aug 2018 · 17Comments · Source: owncloud/client

In ownCloud 2.5 the location of the config folder in Windows has changed from %LOCALAPPDATA% to %APPDATA%, which is a good for roaming profiles (see #684) :+1: .

This leads to a new issue though, because the password which is stored through QtKeychain is still stored in the local Windows credential store, which resides in %LOCALAPPDATA%.

Expected behaviour

The password should be stored in the Windows Credential Manager with "enterprise persistence" instead of "local machine persistence". Otherwise the user has to enter the sync password on every machine on the network or - depending on the roaming profile policy - on each logon.

Actual behaviour

The user has to enter the sync password on every logon.

Steps to reproduce

Configure ownCloud client (2.5 or newer) on Windows
Enter password
Log off from machine
Log in on different machine
Password needs to be re-entered

This may also happen on the same machine, as "machine local" profiles are often not persisted after logging out.

Client configuration

Client version: 2.5.0 beta1

Operating system: Windows 7, Windows 10

ReadyToTest Upstream issue bug p2-high

Source

klada

Most helpful comment

Yes, I just tested ownCloud-2.5.0.10597.-daily20180904.10541.msi and it is working properly - the password is now stored with "enterprise" scope, which means it'll be persisted in %APPDATA% . Very cool :+1:

klada on 5 Sep 2018

❤1 🎉1 👍1

All 17 comments

This probably can be fixed by building QtKeychain with -DUSE_CREDENTIAL_STORE=OFF. The password will still be encrypted with the user's logon credentials, but it will be stored through QSettings in a config file in the profile (hopefully %APPDATA%). I haven't tested this though.

klada on 17 Aug 2018

Qt Keychain issue: https://github.com/frankosterfeld/qtkeychain/pull/121

ogoffart on 17 Aug 2018

@jnweiger @michaelstingl If we want this in 2.5.0 it means we need a newer QtKeychain for Windows.

guruz on 17 Aug 2018

How can we get "a newer QtKeychain for Windows"?

michaelstingl on 17 Aug 2018

We ask @frankosterfeld to make a new release/tag in his git repo (Sorry Frank..). (We can avoid this by just taking the sources directly from a fork).
Then we ask @jnweiger and @dschmidt to get it into mingw and MSVC builds.

guruz on 17 Aug 2018

If it's not that much effort, @dschmidt could give it a try next week…

michaelstingl on 17 Aug 2018

👍2

The mingw toolchain should be in maintenance mode now. 2.5.0 development should be MSVC toolchain only.

jnweiger on 18 Aug 2018

@guruz 0.9.1 has been released

frankosterfeld on 20 Aug 2018

❤3

FYI, according to @jakobvogel in https://github.com/atom/node-keytar/pull/123 (Which is like QtKeyChain for nodejs) the CRED_PERSIST_ENTERPRISE will still read the old CRED_PERSIST_LOCAL_MACHINE too if it already existed 👍

guruz on 20 Aug 2018

Updated https://build.opensuse.org/package/show/isv:ownCloud:Qt5101/ocqt5101-qt5keychain
to 0.9.1 -- although that update is probably irrelevant for Linux.

jnweiger on 20 Aug 2018

@guruz ... a little caveat, though: While the old CRED_PERSIST_LOCAL_MACHINE entries are in fact still available, it seems not to be possible to upgrade them to CRED_PERSIST_ENTERPRISE. Even when changing the contents, the persistence level will remain the same. (Credentials reside as hidden files in %LOCALAPPDATA%\Microsoft\Credentials and %APPDATA%\Microsoft\Credentials, respectively. The system seems reluctant to move these files around.)

In order to upgrade legacy credentials to roam, it is probably necessary to delete the CRED_PERSIST_LOCAL_MACHINE key and to write a new one with CRED_PERSIST_ENTERPRISE. At least, that is what I will do in our own software to transparently enable roaming for our legacy users.

By the way, owncloud is a great piece of software. Love to use it myself. Thanks for your work!