From 34fa1f2a838ce7a1e235a793e450440dc3c94de2 Mon Sep 17 00:00:00 2001 From: Krista Grothoff Date: Sun, 25 Sep 2016 17:46:27 +0200 Subject: [PATCH] ENGINE-27: intermittent commit, update_identity should now never try to set or return a blacklisted key --- src/keymanagement.c | 95 ++++++++++++++++++++++----------------------- 1 file changed, 46 insertions(+), 49 deletions(-) diff --git a/src/keymanagement.c b/src/keymanagement.c index 1a58703f..1d33ed58 100644 --- a/src/keymanagement.c +++ b/src/keymanagement.c @@ -145,66 +145,67 @@ DYNAMIC_API PEP_STATUS update_identity( if (status == PEP_OUT_OF_MEMORY) goto exit_free; - /* ALWAYS elect pubkey */ + /* We elect a pubkey first in case there's no acceptable stored fpr */ status = elect_pubkey(session, identity); if (status != PEP_STATUS_OK) goto exit_free; - - _did_elect_new_key = 1; /*???*/ - + if (stored_identity) { PEP_comm_type _comm_type_key; - status = get_key_rating(session, stored_identity->fpr, &_comm_type_key); - assert(status != PEP_OUT_OF_MEMORY); - if (status == PEP_OUT_OF_MEMORY) - goto exit_free; - - if (EMPTYSTR(identity->username)) { - free(identity->username); - identity->username = strdup(stored_identity->username); - assert(identity->username); - if (identity->username == NULL){ - status = PEP_OUT_OF_MEMORY; + + bool dont_use_fpr = true; + status = blacklist_is_listed(session, stored_identity->fpr, &dont_use_fpr); + if (status != PEP_STATUS_OK) + dont_use_fpr = true; + + if (dont_use_fpr && !(EMPTYSTR(identity->fpr))) { + /* elected pubkey */ + if (status != PEP_STATUS_OK) goto exit_free; + status = blacklist_is_listed(session, identity->fpr, &dont_use_fpr); + if (dont_use_fpr) { + free(identity->fpr); + identity->fpr = NULL; + } + else { + _did_elect_new_key = 1; } } - - if (EMPTYSTR(identity->fpr)) { + else { identity->fpr = strdup(stored_identity->fpr); assert(identity->fpr); if (identity->fpr == NULL) return PEP_OUT_OF_MEMORY; + + } + + /* Ok, at this point, we either have a non-blacklisted fpr we can work */ + /* with, or we've got nada. */ + if (!EMPTYSTR(identity->fpr)) { + status = get_key_rating(session, identity->fpr, &_comm_type_key); + assert(status != PEP_OUT_OF_MEMORY); + if (status == PEP_OUT_OF_MEMORY) + goto exit_free; + status = get_trust(session, identity); + if (status == PEP_OUT_OF_MEMORY) + goto exit_free; if (_comm_type_key < PEP_ct_unconfirmed_encryption) { - PEP_STATUS status = elect_pubkey(session, identity); - if (status != PEP_STATUS_OK) - goto exit_free; - - _did_elect_new_key = 1; - } - else { + identity->comm_type = _comm_type_key; + } else{ identity->comm_type = stored_identity->comm_type; - } - } - else /* !EMPTYSTR(identity->fpr) */ { - if (_same_fpr(identity->fpr, - strlen(identity->fpr), - stored_identity->fpr, - strlen(stored_identity->fpr))) { - if (_comm_type_key < PEP_ct_unconfirmed_encryption) { + if (identity->comm_type == PEP_ct_unknown) { identity->comm_type = _comm_type_key; - }else{ - identity->comm_type = stored_identity->comm_type; - if (identity->comm_type == PEP_ct_unknown) { - identity->comm_type = _comm_type_key; - } } - } else { - status = get_trust(session, identity); - assert(status != PEP_OUT_OF_MEMORY); - if (status == PEP_OUT_OF_MEMORY) - goto exit_free; - if (identity->comm_type < stored_identity->comm_type) - identity->comm_type = PEP_ct_unknown; + } + } + + if (EMPTYSTR(identity->username)) { + free(identity->username); + identity->username = strdup(stored_identity->username); + assert(identity->username); + if (identity->username == NULL){ + status = PEP_OUT_OF_MEMORY; + goto exit_free; } } @@ -219,6 +220,7 @@ DYNAMIC_API PEP_STATUS update_identity( else /* stored_identity == NULL */ { identity->flags = 0; + /* Work with the elected key from above */ if (!EMPTYSTR(identity->fpr)) { PEP_comm_type _comm_type_key; @@ -229,11 +231,6 @@ DYNAMIC_API PEP_STATUS update_identity( identity->comm_type = _comm_type_key; } - else /* EMPTYSTR(identity->fpr) */ { - PEP_STATUS status = elect_pubkey(session, identity); - if (status != PEP_STATUS_OK) - goto exit_free; - } } status = PEP_STATUS_OK;