Failure to retrieve secrets from storage on Ubuntu 18.04 LTS

[bengavin]

Which version of GCM Core are you using?

From a terminal, run git-credential-manager-core version and paste the output.

Git Credential Manager version 2.0.280-beta+1f4c6db90f (Linux, .NET Core 3.1.6)

Which Git host provider are you trying to connect to?

• Azure DevOps
• Azure DevOps Server (TFS/on-prem)
• GitHub
• GitHub Enterprise
• Bitbucket
• Other - please describe

Can you access the remote repository directly in the browser using the remote URL?

From a terminal, run git remote -v to see your remote URL.

• Yes
• No, I get a permission error
• No, for a different reason - please describe

---

[Azure DevOps only] What format is your remote URL?

• Not applicable
• https://dev.azure.com/`{org}`/...
• https://{org}@dev.azure.com/{org}/...
• https://{org}.visualstudio.com/...

[Azure DevOps only] If the account picker shows more than one identity as you authenticate, check that you selected the same one that has access on the web.

• Not applicable
• I only see one identity
• I checked each identity and none worked

---

Expected behavior

I expect that after authenticating via the tokenized devicelogin URL, future git operations utilize the previously obtained secret.

Actual behavior

An exception is thrown and I am prompted for my username and password by the git command line. Exception is:

fatal: Unable to find an entry point named 'secret_value_unref_to_password' in shared library 'libsecret-1.so.0'.

The referenced function looks to have been added in libsecret 0.19 and later. 18.04 LTS only includes libsecret 0.18. Looks like libsecret 0.20+ isn't included until 19.04 and later.

Logs

Set the environment variables GCM_TRACE=1 and GIT_TRACE=1 and re-run your Git command. Review and redact any private information and attach the log.

20:43:48.089886 git.c:344               trace: built-in: git pull
20:43:48.091039 run-command.c:646       trace: run_command: git fetch --update-head-ok
20:43:48.095078 git.c:344               trace: built-in: git fetch --update-head-ok
20:43:48.098214 run-command.c:646       trace: run_command: git-remote-https origin https://***.visualstudio.com/***
20:43:48.461255 run-command.c:646       trace: run_command: '/usr/bin/git-credential-manager-core get'
20:43:48.644614 ...er/Application.cs:69 trace: [RunInternalAsync] Git Credential Manager version 2.0.280-beta+1f4c6db90f (Linux, .NET Core 3.1.6) 'get'
20:43:48.685207 ...mmands/Command.cs:63 trace: [ExecuteAsync] Start 'get' command...
20:43:48.749760 ...mmands/Command.cs:74 trace: [ExecuteAsync] Detecting host provider for input:
20:43:48.752121 ...mmands/Command.cs:75 trace: [ExecuteAsync] 	protocol=https
20:43:48.752419 ...mmands/Command.cs:75 trace: [ExecuteAsync] 	host=***.visualstudio.com
20:43:48.752694 ...mmands/Command.cs:75 trace: [ExecuteAsync] 	path=***
20:43:48.805365 ...viderRegistry.cs:129 trace: [GetProvider] Performing auto-detection of host provider.
20:43:48.807412 ...mmands/Command.cs:77 trace: [ExecuteAsync] Host provider 'Azure Repos' was selected.
20:43:48.820802 ...osHostProvider.cs:66 trace: [GetCredentialAsync] Looking for existing credential in store with service=https://***.visualstudio.com/*** account=...
fatal: Unable to find an entry point named 'secret_value_unref_to_password' in shared library 'libsecret-1.so.0'.
Username for 'https://***.visualstudio.com/***': ^C

The following change allows it to work with libsecret 0.18.6, but I'm uncertain if it's an appropriate fix (i.e. frees things appropriately) across the board, or if there should be logic added to detect this condition and fallback to a compatible method from the earlier libraries. It looks like the current implemented version puts the value into non-pageable memory for security purposes (but then the follow-on Marshal call makes no such promises...).

diff --git a/src/shared/Microsoft.Git.CredentialManager/Interop/Linux/SecretServiceCollection.cs b/src/shared/Microsoft.Git.CredentialManager/Interop/Linux/SecretServiceCollection.cs
index 09ce5e1..69bcaac 100644
--- a/src/shared/Microsoft.Git.CredentialManager/Interop/Linux/SecretServiceCollection.cs
+++ b/src/shared/Microsoft.Git.CredentialManager/Interop/Linux/SecretServiceCollection.cs
@@ -271,9 +271,10 @@ namespace Microsoft.Git.CredentialManager.Interop.Linux
                 }
 
                 // Extract the secret/password
-                passwordPtr = secret_value_unref_to_password(value, out int passwordLength);
+                passwordPtr = secret_value_get(value, out int passwordLength);
                 string password = Marshal.PtrToStringAuto(passwordPtr, passwordLength);
-
+                secret_value_unref(value);
+                
                 return new SecretServiceCredential(service, account, password);
             }
             finally