pEp.foundation
/
pEpEngine
16
2
Fork 17
Code Issues 19 Pull Requests 2 Releases 46 Wiki Activity

ENGINE-332: key_reset_trust and key mistrust fixed

Browse Source
doc_update_sequoia
Krista Bennett 5 years ago
parent 1f9c04611d
commit 4fac2f5289
5 changed files with 93 additions and 30 deletions
Show Stats Download Patch File Download Diff File

67
src/keymanagement.c
Unescape View File

@ -1063,7 +1063,7 @@ DYNAMIC_API PEP_STATUS key_mistrusted(
if (session->cached_mistrusted)
free(session->cached_mistrusted);
session->cached_mistrusted = identity_dup(ident);
status = mark_as_compromized(session, ident->fpr);
status = set_trust(session, ident->user_id, ident->fpr, PEP_ct_mistrusted);
}
return status;
@ -1109,33 +1109,58 @@ DYNAMIC_API PEP_STATUS key_reset_trust(
if (!(session && ident && ident->fpr && ident->fpr[0] != '\0' && ident->address &&
ident->user_id))
return PEP_ILLEGAL_VALUE;
bool me = is_me(session, ident);
if (me)
status = myself(session, ident);
else
status = update_identity(session, ident);
pEp_identity* tmp_ident = NULL;
status = get_trust(session, ident);
if (status != PEP_STATUS_OK)
return status;
PEP_comm_type new_trust = PEP_ct_unknown;
if (ident->comm_type == PEP_ct_mistrusted)
ident->comm_type = PEP_ct_unknown;
else
ident->comm_type &= ~PEP_ct_confirmed;
if (ident->comm_type != PEP_ct_mistrusted)
new_trust = ident->comm_type & ~PEP_ct_confirmed;
status = set_identity(session, ident);
// FIXME: remove key as default for user_id
status = set_trust(session, ident->user_id, ident->fpr, new_trust);
if (status != PEP_STATUS_OK)
return status;
ident->comm_type = new_trust;
tmp_ident = new_identity(ident->address, NULL, ident->user_id, NULL);
// FIXME: What is this point of this here??
if (ident->comm_type == PEP_ct_unknown && !me) {
status = update_identity(session, ident);
if (!tmp_ident)
return PEP_OUT_OF_MEMORY;
status = update_identity(session, tmp_ident);
if (status != PEP_STATUS_OK)
goto pep_free;
// remove as default if necessary
if (strcmp(tmp_ident->fpr, ident->fpr) == 0) {
free(tmp_ident->fpr);
tmp_ident->fpr = NULL;
tmp_ident->comm_type = PEP_ct_unknown;
status = set_identity(session, tmp_ident);
if (status != PEP_STATUS_OK)
goto pep_free;
}
char* user_default = NULL;
status = get_main_user_fpr(session, tmp_ident->user_id, &user_default);
if (!EMPTYSTR(user_default)) {
if (strcmp(user_default, ident->fpr) == 0)
status = refresh_userid_default_key(session, ident->user_id);
if (status != PEP_STATUS_OK)
goto pep_free;
}
pep_free:
free_identity(tmp_ident);
return status;
}
@ -1221,9 +1246,7 @@ DYNAMIC_API PEP_STATUS trust_personal_key(
// Ok, there wasn't a trusted default, so we replaced. Thus, we also
// make sure there's a trusted default on the user_id. If there
// is not, we make this the default.
char* user_default = NULL;
status = get_main_user_fpr(session, ident->user_id, &user_default);
if (status == PEP_STATUS_OK && user_default) {
@ -1248,7 +1271,7 @@ DYNAMIC_API PEP_STATUS trust_personal_key(
}
}
free(ident_default_fpr);
free(cached_fpr); // we took ownership upon successful update_identity call above
free(cached_fpr);
free_identity(tmp_id);
}

5
src/keymanagement.h
Unescape View File

@ -229,9 +229,8 @@ DYNAMIC_API PEP_STATUS trust_personal_key(
);
// key_reset_trust() - undo trust_personal_key and key_mistrusted() for keys
// we don't own
//
// key_reset_trust() - reset trust bit or explicitly mistrusted status for an identity and
// its accompanying key/user_id pair.
// parameters:
// session (in) session to use
// ident (in) person and key which was compromized

48
src/pEpEngine.c
Unescape View File

@ -114,7 +114,7 @@ static const char* sql_replace_userid =
"where id = ?2;";
static const char *sql_replace_main_user_fpr =
"update person"
"update person "
" set main_key_id = ?1 "
" where id = ?2 ;";
@ -122,6 +122,18 @@ static const char *sql_get_main_user_fpr =
"select main_key_id from person"
" where id = ?1 ;";
static const char *sql_refresh_userid_default_key =
"update person "
" set main_key_id = "
" (select identity.main_key_id from identity "
" join trust on trust.user_id = identity.user_id "
" and trust.pgp_keypair_fpr = identity.main_key_id "
" join person on identity.user_id = identity.user_id "
" where identity.user_id = ?1 "
" order by trust.comm_type desc "
" limit 1) "
"where id = ?1 ; ";
static const char *sql_get_device_group =
"select device_group from person "
"where id = ?1;";
@ -840,6 +852,10 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
(int)strlen(sql_get_main_user_fpr), &_session->get_main_user_fpr, NULL);
assert(int_result == SQLITE_OK);
int_result = sqlite3_prepare_v2(_session->db, sql_refresh_userid_default_key,
(int)strlen(sql_refresh_userid_default_key), &_session->refresh_userid_default_key, NULL);
assert(int_result == SQLITE_OK);
int_result = sqlite3_prepare_v2(_session->db, sql_replace_identities_fpr,
(int)strlen(sql_replace_identities_fpr),
&_session->replace_identities_fpr, NULL);
@ -1137,7 +1153,9 @@ DYNAMIC_API void release(PEP_SESSION session)
if (session->replace_main_user_fpr)
sqlite3_finalize(session->replace_main_user_fpr);
if (session->get_main_user_fpr)
sqlite3_finalize(session->get_main_user_fpr);
sqlite3_finalize(session->get_main_user_fpr);
if (session->refresh_userid_default_key)
sqlite3_finalize(session->refresh_userid_default_key);
if (session->blacklist_add)
sqlite3_finalize(session->blacklist_add);
if (session->blacklist_delete)
@ -2113,8 +2131,8 @@ DYNAMIC_API PEP_STATUS unset_identity_flags(
sqlite3_reset(session->unset_identity_flags);
if (result != SQLITE_DONE)
return PEP_CANNOT_SET_IDENTITY;
identity->flags &= ~flags;
identity->flags &= ~flags;
return PEP_STATUS_OK;
}
@ -2144,6 +2162,26 @@ PEP_STATUS replace_userid(PEP_SESSION session, const char* old_uid,
return PEP_STATUS_OK;
}
PEP_STATUS refresh_userid_default_key(PEP_SESSION session, const char* user_id) {
assert(session);
assert(user_id);
if (!session || !user_id)
return PEP_ILLEGAL_VALUE;
int result;
sqlite3_reset(session->refresh_userid_default_key);
sqlite3_bind_text(session->refresh_userid_default_key, 1, user_id, -1,
SQLITE_STATIC);
result = sqlite3_step(session->refresh_userid_default_key);
sqlite3_reset(session->refresh_userid_default_key);
if (result != SQLITE_DONE)
return PEP_CANNOT_SET_PERSON;
return PEP_STATUS_OK;
}
PEP_STATUS replace_main_user_fpr(PEP_SESSION session, const char* user_id,
const char* new_fpr) {
assert(session);
@ -2169,8 +2207,8 @@ PEP_STATUS replace_main_user_fpr(PEP_SESSION session, const char* user_id,
}
PEP_STATUS get_main_user_fpr(PEP_SESSION session,
const char* user_id,
char** main_fpr)
const char* user_id,
char** main_fpr)
{
PEP_STATUS status = PEP_STATUS_OK;
int result;

2
src/pEpEngine.h
Unescape View File

@ -1227,6 +1227,8 @@ PEP_STATUS get_main_user_fpr(PEP_SESSION session,
PEP_STATUS replace_main_user_fpr(PEP_SESSION session, const char* user_id,
const char* new_fpr);
PEP_STATUS refresh_userid_default_key(PEP_SESSION session, const char* user_id);
#ifdef __cplusplus
}
#endif

1
src/pEp_internal.h
Unescape View File

@ -128,6 +128,7 @@ struct _pEpSession {
sqlite3_stmt *replace_identities_fpr;
sqlite3_stmt *replace_main_user_fpr;
sqlite3_stmt *get_main_user_fpr;
sqlite3_stmt *refresh_userid_default_key;
sqlite3_stmt *remove_fpr_as_default;
sqlite3_stmt *set_person;
sqlite3_stmt *set_device_group;

Write Preview
Loading…
Cancel
Save