putty-cac icon indicating copy to clipboard operation
putty-cac copied to clipboard
verified publisher icon NoMoreFood

Win10: Pageant - Windows Security dialog does not display when adding certs/keys

Open jktrigg opened this issue 3 years ago • 13 comments

When I select Add CAPI Cert or Add FIDO Key, nothing happens. Add PKCS Cert does open a file chooser.

jktrigg avatar Aug 26 '22 14:08 jktrigg

Can you include anything about what version you're using or anything that might be unique about your environment? Also, do you see the same behavior in PuTTY?

NoMoreFood avatar Aug 26 '22 22:08 NoMoreFood

@jktrigg Are you still having this issue?

NoMoreFood avatar Sep 05 '22 12:09 NoMoreFood

yes i have this problem too

there is if you install on a non-standard path, then everything works

I think this is because it is placed where administrator rights are required, and the work goes under a user who does not have such rights

dc-avasilev avatar Sep 13 '22 14:09 dc-avasilev

@dc-avasilev What build of Windows 10 are you on? Are you using any special software like ActivClient? Do you see the behavior in both PuTTY and Pageant? I would love to help but I need some additional details to try to reproduce the issue.

Also, can you verify the pre-release version still has the issue? https://github.com/NoMoreFood/putty-cac/blob/master/binaries/puttycac-64bit-0.77u2-installer.msi

NoMoreFood avatar Sep 13 '22 23:09 NoMoreFood

FYI @NoMoreFood

What build of Windows 10 are you on?

Edition Windows 10 Enterprise Version 21H2 Installed on ‎30.‎05.‎2022 OS build 19044.1288 Experience Windows Feature Experience Pack 120.2212.3920.0

PC in Domain

Are you using any special software like ActivClient?

yes, SafeNet Auth... Client

Do you see the behavior in both PuTTY and Pageant?

yes

I would love to help but I need some additional details

what details do u need, ask me

Also, can you verify the pre-release version still has the issue?

in version https://github.com/NoMoreFood/putty-cac/blob/master/binaries/puttycac-64bit-0.77u2-installer.msi pageant is crashing after start every time

Faulting application name: pageant.exe, version: 0.77.0.2, time stamp: 0x6313e84f
Faulting module name: ntdll.dll, version: 10.0.19041.1288, time stamp: 0xa280d1d6
Exception code: 0xc0000374
Fault offset: 0x00000000000ff199
Faulting process id: 0x2e3c
Faulting application start time: 0x01d8c83c9cf289c9
Faulting application path: C:\Users\vasilyev_an\putty\pageant.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 1258842d-e463-4a7e-8b73-f3477b2b0e1f
Faulting package full name: 
Faulting package-relative application ID:

dc-avasilev avatar Sep 14 '22 13:09 dc-avasilev

@dc-avasilev Interesting, I cannot reproduce the crash either. Thanks, I'll try with the SafeNet authentication client installed and see if that makes a difference. Was there an older version that worked well for you?

NoMoreFood avatar Sep 15 '22 10:09 NoMoreFood

@dc-avasilev Darn. No repro with Windows 10 + SafeNet Auth Client + Experience Windows Feature Experience Pack. I didn't try those specific versions though. For the Pageant crash issue (with may or may not be related), can you try the attached file ( pageant.zip) and reply with the dump file it produces when it crashes. https://helgeklein.com/blog/creating-an-application-crash-dump

NoMoreFood avatar Sep 15 '22 11:09 NoMoreFood

in my scenario, it does not crash, but just freezes tightly, as if an eternal loop when trying to open the certificate selection window, so I can’t provide any dumps, sorry

dc-avasilev avatar Sep 21 '22 15:09 dc-avasilev

@dc-avasilev Alright, I'll try to think of a different approach. Earlier when you said "if you install on a non-standard path, then everything works", are you saying that instead of installing to "C:\Program Files\PuTTY", literally installing anywhere else works better?

NoMoreFood avatar Sep 21 '22 21:09 NoMoreFood

@NoMoreFood I work in a domain network and my user has limited rights to folders on the computer, but there are no restrictions on the user profile folder, so I just install putty-cac in my user profile and everything works fine, example "C:\Users\username\putty"

dc-avasilev avatar Sep 21 '22 21:09 dc-avasilev

@NoMoreFood maybe it will be useful for information, the root certificate is associated with a usb token

dc-avasilev avatar Sep 21 '22 21:09 dc-avasilev

@dc-avasilev The USB token part shouldn't really play into it. I thought you mentioned before that it crashed:

in version https://github.com/NoMoreFood/putty-cac/blob/master/binaries/puttycac-64bit-0.77u2-installer.msi pageant is crashing after start every time

NoMoreFood avatar Sep 21 '22 23:09 NoMoreFood

@NoMoreFood ah, sorry, I already deleted this version, maybe I'll try again next weekend, to collect the dump

dc-avasilev avatar Sep 21 '22 23:09 dc-avasilev

Bump. I'll see someone to help me debug this is you're still seeing an issue (ideally after testing with the latest version). Even virtual meeting might be good if possible. If nobody is interested anymore, I'll close out this issue.

NoMoreFood avatar Nov 06 '22 14:11 NoMoreFood

Bump. I'll see someone to help me debug this is you're still seeing an issue (ideally after testing with the latest version). Even virtual meeting might be good if possible. If nobody is interested anymore, I'll close out this issue.

I am interested in a solution but there is no time yet

dc-avasilev avatar Nov 08 '22 09:11 dc-avasilev

I am having this issue with 0.77u2 x64 on Windows 10 Enterprise, we have ActivClient 7.2.1.68.

Edition Windows 10 Enterprise Version 21H1 Installed on ‎5/‎31/‎2021 OS build 19043.2132 Experience Windows Feature Experience Pack 120.2212.4180.0

I open pageant, go to View keys and Certs, click Add CAPI Cert, and it freezes. I have to go to Task Manager and end pageant.

This is the installed version (msi) of PuTTY. Luckily, my PuTTY itself is still working, although I did have another user report issues with his PuTTY (same thing, it freezes when trying to use a CAPI cert).

wmagb avatar Nov 09 '22 16:11 wmagb

@wmagb Are you using it with DoD CACs? I want to try to replicate your setup as best I can. Also, what antivirus are you running? If I provided a debug version with a few message boxes to see where it's getting stuck, would you be in a position to test it?

NoMoreFood avatar Nov 09 '22 22:11 NoMoreFood

Yes we are using with DoD CACs. We are running McAfee Endpoint Security 10.7.0. Sure, I can test.

image

wmagb avatar Nov 10 '22 02:11 wmagb

@wmagb Could you try the attached files and let me know the last few messages you get before it hangs?

puttycac-0.78-testset.zip

NoMoreFood avatar Nov 10 '22 22:11 NoMoreFood

This might not be very helpful, but I bisected it to this commit https://github.com/NoMoreFood/putty-cac/commit/3ea27f0489a9193eaf079e42725d7a69062b0dc5

dutchthomas avatar Nov 10 '22 22:11 dutchthomas

@dutchthomas Thanks. I'll take a look at the PuTTY CAC related changes during that commit to see if they are material. Simon (PuTTY maintainer) did a huge refactor at that point so it's possible it's something in there that I have to work around. If you wouldn't mind trying out the binaries I provided for @wmagb that would be helpful as well so I know where in the code it might be getting hung up. It's basically just a bunch of dialog boxes popping up along the 'Add CAPI' code in Pageant. Based on one thing that was changed with that commit, it's possible the last box you see will be "Cert Prompt 5 - Select Cert List".

NoMoreFood avatar Nov 11 '22 16:11 NoMoreFood

The last few messages are: Cert Prompt 3 - Cert Found Loop Cert Prompt 4 - Cert Add To Memory Store Cert Prompt 5 - Select Cert List

Then it freezes, the window loses focus, and I have to go to Task Manager to end it.

wmagb avatar Nov 16 '22 15:11 wmagb

@wmagb Alright, that makes sense. For some reason the foreground window on your computer must point to a location the Microsoft certificate selection function does not like. I'll give you an alternate version to test in a few hours.

NoMoreFood avatar Nov 16 '22 20:11 NoMoreFood

@wmagb I updated the debug version. I'm especially interested in the four message boxes right before the certificate selection popup (or the hang --- whatever comes first). This may also happen to address the issue (let me know if it does), but it's more of a workaround.

puttycac-0.78-additionaldebug.zip

NoMoreFood avatar Nov 16 '22 23:11 NoMoreFood

Cert Prompt 5 - Select Cert List Window Visible True Window Iconic False Window Valid True Window Enable True Then another window opens off screen, to select the cert or key, I can't see it until I hover the mouse over the pageant icon in the taskbar.

wmagb avatar Nov 17 '22 01:11 wmagb

@wmagb I am somewhat at a loss; I have your configuration replicated identically but cannot reproduce the behavior. From the debug messages, I know generally what's going on -- for whatever reason the foreground window being assigned to the certificate dialog must somehow be offscreen (or somewhere you can't see it). The program isn't really hanging... it's just asking you to select a certificate and you can't see the prompt or click the button to pick a certificate. Can you think of anything that could cause such a behavior? Like a really wacky monitor software or screen setup? Something that changes window focus automatically? If you create a different local user (i.e. fresh profile), are you able to reproduce the issue?

You've definitely got my curiously piqued. I think I know of a way to work around it, but I'd really like to understand root cause more so I'm confident I'm not breaking it for everyone else that it's working for right now.

NoMoreFood avatar Nov 18 '22 02:11 NoMoreFood

Okay, I've seen this with other programs. It usually has to do with your display topography having changed since you ran the program previously.

Thanks, Jim Trigg

On November 17, 2022 9:50:07 PM EST, Bryan Berns @.> wrote: @. I am somewhat at a loss; I have your configuration replicated identically but cannot reproduce the behavior. From the debug messages, I know generally what's going on -- for whatever reason the foreground window being assigned to the certificate dialog must somehow be offscreen (or somewhere you can't see it). The program isn't really hanging... it's just asking you to select a certificate and you can't see the prompt or click the button to pick a certificate. Can you think of anything that could cause such a behavior? Like a really wacky monitor software or screen setup? Something that changes window focus automatically? If you create a different local user (i.e. fresh profile), are you able to reproduce the issue?

You've definitely got my curiously piqued. I think I know of a way to work around it, but I'd really like to understand root cause more so I'm confident I'm not breaking it for everyone else that it's working for right now.

-- Reply to this email directly or view it on GitHub: https://github.com/NoMoreFood/putty-cac/issues/101#issuecomment-1319476923 You are receiving this because you were mentioned.

Message ID: @.***> -- Sent from my Android device with K-9 Mail. Please excuse my brevity.

jktrigg avatar Nov 18 '22 03:11 jktrigg

Thanks @jktrigg. Accordingly... if someone with the issue is able to, I'm curious if trying on a fresh profile in Windows will address it since a fresh profile should have no record of previous window positioning.

NoMoreFood avatar Nov 18 '22 12:11 NoMoreFood

Fresh profile, fresh machine, didn't matter. We tried a few different versions, including the latest 0.78, to no avail. We have rolled back to 0.76u4, which works just fine.

wmagb avatar Nov 22 '22 21:11 wmagb

@wmagb Can you try this version? It more closely resembles the window location approach in 0.76u4. Also, do you happen to use one of those programs that displays a banner at the top of the screen (e.g., for classification).

puttycac-0.78u1-newbehavior.zip

NoMoreFood avatar Nov 23 '22 23:11 NoMoreFood