[codex] Handle invalid-state persistent key deletion#153
Draft
SirAndrosBot wants to merge 1 commit into
Draft
Conversation
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.



What changed
NCryptDeleteKeyHRESULT_FROM_WIN32(ERROR_INVALID_STATE)/0x8007139Fas a tolerated delete-time state inDeletePersistentKey.NCryptDeleteKeyfailure.Why
Issue #87 reports
NCryptDeleteKey — ERROR_INVALID_STATE (0x8007139F). That status means Windows says the resource is not in the correct state for the requested operation. In this cleanup path, surfacing it as an unexpected system error can block the rest of the plugin's invalid-key recovery.The key point is safety: ignoring this specific delete-time status could leave an orphaned Windows Hello/NGC key object, but the plugin also needs the encrypted database-key payload stored in Credential Manager to unlock a database. This PR clears the plugin's
KeePassWinHello_*Credential Manager blobs when persistent key integrity fails, so a stranded NGC key alone is not useful for KeePassWinHello unlock.Refs #87
Behavior notes
Review notes
Reviewer found no blocking issues. One existing caveat remains:
KeyWindowsStorage.Clear()currently ignores individualCredDeletefailures while clearing plugin blobs. That behavior predates this PR and may deserve a separate hardening change, but expanding it here would broaden the fix.Validation
git diff --checkpassed with only Git LF-to-CRLF working-copy warnings.MSBuild.exe src\KeePassWinHello.csproj /t:Rebuild /p:Configuration=Release /p:DefineConstants=MONO /p:FrameworkPathOverride=C:\Windows\Microsoft.NET\Framework\v4.0.30319 /p:ReferencePath=C:\proj\KeePassWinHello\libpassed with 0 warnings and 0 errors.Manual test needed
NCryptDeleteKey0x8007139Fduring persistent-key revocation or invalid-key recovery and confirm recovery continues without a generic report dialog.