77010 – GPG-Agent ignores default-cache-ttl, constant password requests of pinentry

Bug 77010 - GPG-Agent ignores default-cache-ttl, constant password requests of pinentry

Summary: GPG-Agent ignores default-cache-ttl, constant password requests of pinentry

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	x86 Linux

Importance:	High major (vote)
Assignee:	Crypto team [DISABLED]

URL:	http://forums.gentoo.org/viewtopic.ph...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-01-07 04:48 UTC by Clemens Bier
Modified:	2005-01-30 08:32 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Patch of Gentoo vs Debian Sources (gentoo_debian.patch,857 bytes, patch) 2005-01-07 16:53 UTC, Clemens Bier	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Clemens Bier 2005-01-07 04:48:44 UTC

I want to use gpg-agent with my MUA evolution. 
The installed packages are:

dev-libs/libassuan-0.6.9 
dev-libs/libksba-0.9.8  
app-crypt/gpg-agent-1.9.14 from testing 
app-crypt/pinentry-0.7.1_p20041207 to from testing
but also taking 
app-crypt/pinentry-0.7.1-r1 

I have set up the gpg-agent configuration file.

cat ~/.gnupg/gpg-agent.conf:
pinentry-program /usr/bin/pinentry-gtk
no-grab
default-cache-ttl 1800

Reproducible: Always
Steps to Reproduce:
1. Start gpg-agent by eval `/usr/bin/gpg-agent --daemon --sh --pinentry-program /usr/bin/pinentry-gtk --debug-all` 
gpg-agent[4308]: reading options from `/home/clemens/.gnupg/gpg-agent.conf'
gpg-agent[4308]: listening on socket `/tmp/gpg-GY4ZGr/S.gpg-agent'

echo $GPG_AGENT_INFO
/tmp/gpg-GY4ZGr/S.gpg-agent:4309:1

ps ax | grep gpg
 4309 ?        Ss     0:00 /usr/bin/gpg-agent --daemon --sh --pinentry-program /usr/bin/pinentry-gtk --debug-all

2. start evolution
3. go to an encrypted mail, pinentry dialogue opens, enter password
4. go a different encrypted mail, pinentry comes up again no matter what default-cache-ttl value you set  
Actual Results:  
The pinentry-gtk dialogue pops up on every encrypted mail in evolution.
Starting evolution on th console with gpg-agent and the option "--debug-all"
and reproducing step 2 -4 gives you:

gpg-agent[4825.0x80646b0] DBG: -> OK Pleased to meet you
gpg-agent[4825.0x80646b0] DBG: <- OPTION display=:0.0
gpg-agent[4825.0x80646b0] DBG: -> OK
gpg-agent[4825.0x80646b0] DBG: <- OPTION ttyname=/dev/tty
gpg-agent[4825.0x80646b0] DBG: -> OK
gpg-agent[4825.0x80646b0] DBG: <- OPTION ttytype=xterm
gpg-agent[4825.0x80646b0] DBG: -> OK
gpg-agent[4825.0x80646b0] DBG: <- OPTION lc-ctype=C
gpg-agent[4825.0x80646b0] DBG: -> OK
gpg-agent[4825.0x80646b0] DBG: <- OPTION lc-messages=C
gpg-agent[4825.0x80646b0] DBG: -> OK
gpg-agent[4825.0x80646b0] DBG: <- GET_PASSPHRASE
895C1258DC92420CEEE268FDD4B42778DCF7EB59 X X
You+need+a+passphrase+to+unlock+the+secret+key+for+user:%0A"Clemens+Bier+<clemensbier@arcor.de>"%0A2048-bit+ELG-E+key,+ID+DCF7EB59,+created+2003-02-26+(main+key+ID+A07D0D1B)%0A
gpg-agent[4825]: DBG: agent_get_cache `895C1258DC92420CEEE268FDD4B42778DCF7EB59'...
gpg-agent[4825]: DBG: ... miss
gpg-agent[4825]: starting a new PIN Entry
gpg-agent[4825]: DBG: connection to PIN entry established
gpg-agent[4825]: DBG: agent_put_cache `895C1258DC92420CEEE268FDD4B42778DCF7EB59'
gpg-agent[4825.0x80646b0] DBG: -> [Confidential data not shown]
gpg-agent[4825.0x80646b0] DBG: <- [EOF]
requesting object classid: smime:///em-format-html/.0x8449ae8.146/icon/signed
object_found: 1
gpg-agent[4825.0x80646b0] DBG: -> OK Pleased to meet you
gpg-agent[4825.0x80646b0] DBG: <- OPTION display=:0.0
gpg-agent[4825.0x80646b0] DBG: -> OK
gpg-agent[4825.0x80646b0] DBG: <- OPTION ttyname=/dev/tty
gpg-agent[4825.0x80646b0] DBG: -> OK
gpg-agent[4825.0x80646b0] DBG: <- OPTION ttytype=xterm
gpg-agent[4825.0x80646b0] DBG: -> OK
gpg-agent[4825.0x80646b0] DBG: <- OPTION lc-ctype=C
gpg-agent[4825.0x80646b0] DBG: -> OK
gpg-agent[4825.0x80646b0] DBG: <- OPTION lc-messages=C
gpg-agent[4825.0x80646b0] DBG: -> OK
gpg-agent[4825.0x80646b0] DBG: <- GET_PASSPHRASE
895C1258DC92420CEEE268FDD4B42778DCF7EB59 X X
You+need+a+passphrase+to+unlock+the+secret+key+for+user:%0A"Clemens+Bier+<clemensbier@arcor.de>"%0A2048-bit+ELG-E+key,+ID+DCF7EB59,+created+2003-02-26+(main+key+ID+A07D0D1B)%0A
gpg-agent[4825]: DBG: agent_get_cache `895C1258DC92420CEEE268FDD4B42778DCF7EB59'...
gpg-agent[4825]: DBG: ... miss
gpg-agent[4825]: starting a new PIN Entry
gpg-agent[4825]: DBG: connection to PIN entry established
gpg-agent[4825]: DBG: agent_put_cache `895C1258DC92420CEEE268FDD4B42778DCF7EB59'
gpg-agent[4825.0x80646b0] DBG: -> [Confidential data not shown]
gpg-agent[4825.0x80646b0] DBG: <- [EOF]
requesting object classid: smime:///em-format-html/.0x8449cfc.44/icon/signed
object_found: 1

I supppose that "gpg-agent[4341]: DBG: ... miss
" means that there is no cached password and thus a new
request is issued

Expected Results:  
GPG-agent should cache the initially entered password for the default time set
in configuration 

emerge info
Portage 2.0.51-r3 (default-linux/x86/2004.3, gcc-3.3.4, glibc-2.3.4.20040808-r1,
2.6.9-gentoo-r13 i686)
=================================================================
System uname: 2.6.9-gentoo-r13 i686 AMD Athlon(tm) XP 3000+
Gentoo Base System version 1.4.16
Autoconf: sys-devel/autoconf-2.59-r5
Automake: sys-devel/automake-1.8.5-r1
Binutils: sys-devel/binutils-2.15.90.0.1.1-r3
Headers:  sys-kernel/linux-headers-2.4.21-r1
Libtools: sys-devel/libtool-1.5.2-r7
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-O3 -march=athlon-xp -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
COMPILER=""
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config
/usr/kde/3/share/config /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O3 -march=athlon-xp -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms"
GENTOO_MIRRORS="http://ftp.uni-erlangen.de/pub/mirrors/gentoo
ftp://ftp.ipv6.uni-muenster.de/pub/linux/distributions/gentoo
ftp://ftp.uni-erlangen.de/pub/mirrors/gentoo
ftp://ftp.snt.utwente.nl/pub/os/linux/gentoo/"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X acl aim alsa apm avi bash-completion berkdb bitmap-fonts bonobo cdr crypt
cups divx4linux dvd encode esd fam flac foomaticdb fortran ftp gdbm gif gnome
gpm gstreamer gtk gtk2 imagemagick imap imlib java jpeg libwww mad maildir
mikmod mime motif mpeg msn ncurses nls oggvorbis opengl pam pdflib perl png
python quicktime readline sdl spell ssl svga tcpd tiff truetype usb x86 xine
xml2 xmms xv zlib"

Comment 1 Daniel Black (RETIRED) gentoo-dev

2005-01-07 05:06:19 UTC

can you find anything in the upstream mail lists?

Comment 2 Clemens Bier 2005-01-07 15:49:45 UTC

I am not completely firm with the bug reporting terms, but I think you 
mean by upstream the mailing list of gnupg.org? :)

I have been scanning through 
* http://lists.gnupg.org/pipermail/gnupg-devel/
* http://lists.gnupg.org/pipermail/gnupg-users/
with the key words "gpg-agent", "cache" and "ttl".
There are now threads describing this problem.

Comment 3 Clemens Bier 2005-01-07 16:53:24 UTC

Created attachment 47908 [details, diff]
Patch of Gentoo vs Debian Sources 

diff $GENTOO_Sources/gnupg-1.9.14/agent/cache.c
$Debian/gnupg-1.9.9/agent/cache.c

Comment 4 Clemens Bier 2005-01-07 16:57:01 UTC

I added a patch of the current Gentoo source file cache.c of gnupg and a source file cache.c (gained from ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.9.9.tar.gz)that I used on a Debian installation. It is just a lucky guess since I am not a well-experienced C programmer.

Comment 5 Daniel Black (RETIRED) gentoo-dev

2005-01-07 18:30:06 UTC

Thanks for the lead.

It have been fixed upstream and will show up in the next release.

I'm going to close this and wait till the next release.

Diff tips - please use -u. Filenames and surrounding lines help especially between version changes

Below is a partial diff between 0.9.15 and the current cvs version.
diff -ru gnupg-1.9.14/NEWS gnupg/NEWS
--- gnupg-1.9.14/NEWS   2004-12-23 03:18:03.000000000 +0930
+++ gnupg/NEWS  2004-12-23 04:37:46.000000000 +0930
@@ -1,3 +1,7 @@
+Noteworthy changes in version 1.9.15
+-------------------------------------------------
+
+
 Noteworthy changes in version 1.9.14 (2004-12-22)
 -------------------------------------------------

diff -ru gnupg-1.9.14/agent/ChangeLog gnupg/agent/ChangeLog
--- gnupg-1.9.14/agent/ChangeLog        2004-12-22 04:21:49.000000000 +0930
+++ gnupg/agent/ChangeLog       2005-01-04 18:03:20.000000000 +0930
@@ -1,3 +1,8 @@
+2005-01-04  Werner Koch  <wk@g10code.com>
+
+       * cache.c (agent_put_cache): Fix the test for using the default
+       TTL.
+
 2004-12-21  Werner Koch  <wk@g10code.com>

        * preset-passphrase.c (preset_passphrase): Handle --passphrase.
diff -ru gnupg-1.9.14/agent/cache.c gnupg/agent/cache.c
--- gnupg-1.9.14/agent/cache.c  2004-12-22 02:45:43.000000000 +0930
+++ gnupg/agent/cache.c 2005-01-04 18:03:20.000000000 +0930
@@ -39,7 +39,7 @@
   ITEM next;
   time_t created;
   time_t accessed;
-  int ttl;  /* max. lifetime given in seonds, -1 one means infinite */
+  int ttl;  /* max. lifetime given in seconds, -1 one means infinite */
   int lockcount;
   struct secret_data_s *pw;
   char key[1];
@@ -185,17 +185,18 @@
 /* Store DATA of length DATALEN in the cache under KEY and mark it
    with a maximum lifetime of TTL seconds.  If there is already data
    under this key, it will be replaced.  Using a DATA of NULL deletes
-   the entry */
+   the entry.  A TTL of 0 is replaced by the default TTL and a TTL of
+   -1 set infinite timeout. */
 int
 agent_put_cache (const char *key, const char *data, int ttl)
 {
   ITEM r;

   if (DBG_CACHE)
-    log_debug ("agent_put_cache `%s'\n", key);
+    log_debug ("agent_put_cache `%s' requested ttl=%d\n", key, ttl);
   housekeeping ();

-  if (ttl == 1)
+  if (!ttl)
     ttl = opt.def_cache_ttl;
   if (!ttl)
     return 0;

Comment 6 Gilles Schintgen 2005-01-30 08:32:51 UTC

Hi
Just being curious: why isn't this patch included in the ebuild? After all, currently the agent's main function is completely broken... Anyway, thanks for the patch!
Cheers,
Gilles