agent: Clear bogus pinentry cache, when it causes an error.

* agent/agent.h (PINENTRY_STATUS_*): Expose to public.
(struct pin_entry_info_s): Add status.
* agent/call-pinentry.c (agent_askpin): Clearing the ->status
before the loop, let the assuan_transact set ->status.  When
failure with PINENTRY_STATUS_PASSWORD_FROM_CACHE, it returns
soon.
* agent/findkey.c (unprotect): Clear the pinentry cache,
when it causes an error.

--

GnuPG-bug-id: 4348
Signed-off-by: NIIBE Yutaka <[email protected]>

1 files changed, 11 insertions, 1 deletions

diff --git a/agent/findkey.c b/agent/findkey.c
index 78c3b1a47..89a18fa9e 100644
--- a/agent/findkey.c
+++ b/agent/findkey.c
@@ -632,7 +632,17 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text,
   pi->check_cb_arg = &arg;
 
   rc = agent_askpin (ctrl, desc_text, NULL, NULL, pi, hexgrip, cache_mode);
-  if (!rc)
+  if (rc)
+    {
+      if ((pi->status & PINENTRY_STATUS_PASSWORD_FROM_CACHE))
+        {
+          log_error ("Clearing pinentry cache which caused error %s\n",
+                     gpg_strerror (rc));
+
+          agent_clear_passphrase (ctrl, hexgrip, cache_mode);
+        }
+    }
+  else
     {
       assert (arg.unprotected_key);
       if (arg.change_required)