Annoying bug: gpg-agent+gnupg and cancelling in pinentry-* repops
pinentry two times
Marc Mutz
Marc.Mutz@uni-bielefeld.de
Tue Jan 28 12:19:02 2003
--Boundary-02=_wEzJ+UTiD3NNkwJ
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline
Hi!
I think this is a pretty serious usability bug and people are starting=20
to run into it already. Expect more and more complaints about his to=20
come when KDE 3.1 ships in a few days with a CryptPlug enabled KMail.=20
;-)
The story goes as follows:
(gpg-agent from newpg 0.94; GnuPG 1.2.1; pinentry 0.6.7)
The information that the user cancelled in pinentry which is still=20
present here:
gnupg/g10/passphrase.c:agent_get_passphrase (~ l.805)
<snip>
else if (nread > 7 && !memcmp (pw, "ERR 111", 7)
&& (pw[7] =3D=3D ' ' || pw[7] =3D=3D '\n') )
log_info (_("cancelled by user\n") );
else
{
log_error (_("problem with the agent - disabling agent=20
use\n"));
opt.use_agent =3D 0;
}
}
failure:
m_free (atext);
if ( fd !=3D -1 )
agent_close (fd);
m_free (pw );
free_public_key( pk );
return NULL;
#endif /* Posix or W32 */
}
is not reported back to the caller of agent_get_passphrase (it just=20
returns NULL, which the caller passphrase_to_dek converts to "" in=20
l.1037). Thus STATUS_MISSING_PASSPHRASE is written in=20
passphrase.c:1084:
if( !pw || !*pw )
write_status( STATUS_MISSING_PASSPHRASE );
and an empty passphrase is used to construct the DEK. That will fail to=20
unlock the secret key, the user will be asked again and so on, for=20
three rounds. This is really annoying!
What needs to be done?
1. return the information that the user cancelled pinentry from
agent_get_passphrase to passphrase_to_dek
2. Extend the status-fd protocol to include a STATUS_CANCELLED
3. Make passphrase_to_dek write_status( STATUS_CANCELLED ) in the cancel=20
case instead of STATUS_MISSING_PASSPHRASE and make it report that=20
incident back to it's callers.
4. Make the callers of passphrase_to_dek honour the cancel information=20
so they don't try two more times.
5. Make gpgme recognize the new status and properly return exisiting=20
GPGME_Canceled or new GPGME_Externally_Canceled error codes.
The _very_ urgent part is deciding whether you want to use the existing=20
GPGME_Canceled error code for this or if you want to use a new one and=20
if so, what value it will have. I can then patch KMail to handle that=20
case gracefully and apply it to KDE_3_1_BRANCH. It's probably too late=20
for 3.1.0, but then distributors will use the KDE_3_1_BRANCH, not the=20
release anyway.
I can also handle both GPGME_Canceled and (GpgmeError)24 as meaning=20
"user cancelled", but then we get a problem if you decide to use the=20
existing _Canceled and later assign 24 to something else...
Marc
=2D-=20
Ein Grundrecht auf Sicherheit steht bewusst nicht in der Verfassung.
-- Sabine Leutheusser-Schnarrenberger (ehem. Bundesjustizministerin)
--Boundary-02=_wEzJ+UTiD3NNkwJ
Content-Type: application/pgp-signature
Content-Description: signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQA+JzEw3oWD+L2/6DgRAmDIAKD9RIbLGToqUOq7rVVhe8zc3CWYJwCfXesm
KiavRyHw6i+khQF27jcO5Cg=
=babA
-----END PGP SIGNATURE-----
--Boundary-02=_wEzJ+UTiD3NNkwJ--