Browse Source

ENGINE-112: #comment Fixed empty fpr problems in stored identities which occurred due to blacklisting. When adding other keys, we now check to see if there is a matching identity entry which lacks an fpr and, if so, we update it instead of adding a new one. Also fixed elect_pubkey NOT to return blacklisted pubkeys.

doc_update_sequoia
Krista Grothoff 6 years ago
parent
commit
64906852a6
4 changed files with 149 additions and 12 deletions
  1. +6
    -2
      src/keymanagement.c
  2. +83
    -10
      src/pEpEngine.c
  3. +2
    -0
      src/pEp_internal.h
  4. +58
    -0
      test/blacklist_test.cc

+ 6
- 2
src/keymanagement.c View File

@ -49,8 +49,12 @@ PEP_STATUS elect_pubkey(
if (identity->comm_type == PEP_ct_unknown ||
_comm_type_key > identity->comm_type)
{
identity->comm_type = _comm_type_key;
_fpr = _keylist->value;
bool blacklisted;
status = blacklist_is_listed(session, _keylist->value, &blacklisted);
if (status == PEP_STATUS_OK && !blacklisted) {
identity->comm_type = _comm_type_key;
_fpr = _keylist->value;
}
}
}
}


+ 83
- 10
src/pEpEngine.c View File

@ -32,6 +32,8 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
static const char *sql_get_device_group;
static const char *sql_set_pgp_keypair;
static const char *sql_set_identity;
static const char *sql_exists_empty_fpr_entry;
static const char *sql_update_fprless_identity;
static const char *sql_set_identity_flags;
static const char *sql_set_trust;
static const char *sql_get_trust;
@ -46,7 +48,7 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
static const char *sql_blacklist_delete;
static const char *sql_blacklist_is_listed;
static const char *sql_blacklist_retrieve;
// Own keys
static const char *sql_own_key_is_listed;
static const char *sql_own_identities_retrieve;
@ -334,6 +336,13 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
sql_set_identity = "insert or replace into identity (address, main_key_id, "
"user_id, flags) values (?1, upper(replace(?2,' ','')),"
"?3, ?4 & 255) ;";
sql_exists_empty_fpr_entry = "select count(*) from identity where address = ?1 and user_id = ?2 "
"and (main_key_id is null or main_key_id = '');";
sql_update_fprless_identity = "update identity set main_key_id = upper(replace(?2,' ','')), "
"flags = ?4 & 255 where address = ?1 and user_id = ?3 and "
"(main_key_id is null or main_key_id = '');";
sql_set_identity_flags = "update identity set flags = ?1 & 255 "
"where address = ?2 and user_id = ?3 ;";
@ -367,7 +376,7 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
sql_blacklist_is_listed = "select count(*) from blacklist_keys where fpr = upper(replace(?1,' ','')) ;";
sql_blacklist_retrieve = "select * from blacklist_keys ;";
// Own keys
sql_own_key_is_listed =
@ -439,6 +448,16 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
(int)strlen(sql_set_identity), &_session->set_identity, NULL);
assert(int_result == SQLITE_OK);
int_result = sqlite3_prepare_v2(_session->db, sql_exists_empty_fpr_entry,
(int)strlen(sql_exists_empty_fpr_entry), &_session->exists_empty_fpr_entry,
NULL);
assert(int_result == SQLITE_OK);
int_result = sqlite3_prepare_v2(_session->db, sql_update_fprless_identity,
(int)strlen(sql_update_fprless_identity), &_session->update_fprless_identity,
NULL);
assert(int_result == SQLITE_OK);
int_result = sqlite3_prepare_v2(_session->db, sql_set_identity_flags,
(int)strlen(sql_set_identity_flags), &_session->set_identity_flags,
NULL);
@ -493,7 +512,7 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
(int)strlen(sql_blacklist_retrieve), &_session->blacklist_retrieve,
NULL);
assert(int_result == SQLITE_OK);
// Own keys
int_result = sqlite3_prepare_v2(_session->db, sql_own_key_is_listed,
@ -995,6 +1014,47 @@ DYNAMIC_API PEP_STATUS get_identity(
return status;
}
static PEP_STATUS exists_empty_fpr_entry (
PEP_SESSION session,
const char* address,
const char* user_id,
bool *exists_empty_fpr
)
{
PEP_STATUS status = PEP_STATUS_OK;
int count;
assert(session && address && user_id && exists_empty_fpr);
if (!(session && address && user_id && exists_empty_fpr))
return PEP_ILLEGAL_VALUE;
*exists_empty_fpr = false;
sqlite3_reset(session->exists_empty_fpr_entry);
sqlite3_bind_text(session->exists_empty_fpr_entry, 1, address, -1, SQLITE_STATIC);
sqlite3_bind_text(session->exists_empty_fpr_entry, 2, user_id, -1, SQLITE_STATIC);
int result;
result = sqlite3_step(session->exists_empty_fpr_entry);
switch (result) {
case SQLITE_ROW:
count = sqlite3_column_int(session->exists_empty_fpr_entry, 0);
*exists_empty_fpr = count > 0;
status = PEP_STATUS_OK;
break;
default:
status = PEP_UNKNOWN_ERROR;
}
sqlite3_reset(session->exists_empty_fpr_entry);
return status;
}
DYNAMIC_API PEP_STATUS set_identity(
PEP_SESSION session, const pEp_identity *identity
)
@ -1012,8 +1072,11 @@ DYNAMIC_API PEP_STATUS set_identity(
return PEP_ILLEGAL_VALUE;
bool listed;
bool exists_empty_fpr;
if (identity->fpr && identity->fpr[0] != '\0') {
// blacklist check
PEP_STATUS status = blacklist_is_listed(session, identity->fpr, &listed);
assert(status == PEP_STATUS_OK);
if (status != PEP_STATUS_OK)
@ -1021,6 +1084,13 @@ DYNAMIC_API PEP_STATUS set_identity(
if (listed)
return PEP_KEY_BLACKLISTED;
// empty fpr already in DB
status = exists_empty_fpr_entry(session, identity->address,
identity->user_id, &exists_empty_fpr);
if (status != PEP_STATUS_OK)
return status;
}
sqlite3_exec(session->db, "BEGIN ;", NULL, NULL, NULL);
@ -1060,16 +1130,19 @@ DYNAMIC_API PEP_STATUS set_identity(
return PEP_CANNOT_SET_PGP_KEYPAIR;
}
sqlite3_reset(session->set_identity);
sqlite3_bind_text(session->set_identity, 1, identity->address, -1,
sqlite3_stmt *update_or_set_identity =
(exists_empty_fpr ? session->update_fprless_identity : session->set_identity);
sqlite3_reset(update_or_set_identity);
sqlite3_bind_text(update_or_set_identity, 1, identity->address, -1,
SQLITE_STATIC);
sqlite3_bind_text(session->set_identity, 2, identity->fpr, -1,
sqlite3_bind_text(update_or_set_identity, 2, identity->fpr, -1,
SQLITE_STATIC);
sqlite3_bind_text(session->set_identity, 3, identity->user_id, -1,
sqlite3_bind_text(update_or_set_identity, 3, identity->user_id, -1,
SQLITE_STATIC);
sqlite3_bind_int(session->set_identity, 4, identity->flags);
result = sqlite3_step(session->set_identity);
sqlite3_reset(session->set_identity);
sqlite3_bind_int(update_or_set_identity, 4, identity->flags);
result = sqlite3_step(update_or_set_identity);
sqlite3_reset(update_or_set_identity);
if (result != SQLITE_DONE) {
sqlite3_exec(session->db, "ROLLBACK ;", NULL, NULL, NULL);
return PEP_CANNOT_SET_IDENTITY;


+ 2
- 0
src/pEp_internal.h View File

@ -99,6 +99,8 @@ typedef struct _pEpSession {
sqlite3_stmt *get_device_group;
sqlite3_stmt *set_pgp_keypair;
sqlite3_stmt *set_identity;
sqlite3_stmt *exists_empty_fpr_entry;
sqlite3_stmt *update_fprless_identity;
sqlite3_stmt *set_identity_flags;
sqlite3_stmt *set_trust;
sqlite3_stmt *get_trust;


+ 58
- 0
test/blacklist_test.cc View File

@ -1,8 +1,11 @@
#include <iostream>
#include <iostream>
#include <fstream>
#include <string>
#include <cstring> // for strcmp()
#include <assert.h>
#include "blacklist.h"
#include "keymanagement.h"
using namespace std;
@ -56,6 +59,61 @@ int main() {
assert(!listed);
cout << "23 is not listed any more.\n";
cout << "blacklist only key for identity / unblacklist key / add key" << endl;
// 2797 65A2 FEB5 B7C7 31B8 61D9 3E4C EFD9 F7AF 4684 - this is the blacklisted key in blacklisted_pub.asc
/* read the key into memory */
ifstream infile("blacklisted_pub.asc");
string keytext;
while (!infile.eof()) {
static string line;
getline(infile, line);
keytext += line + "\n";
}
infile.close();
/* FIXME: put in automated test stuff (N.B. only gdb mem examination to this point to get
* fix in */
/* import it into pep */
PEP_STATUS status7 = import_key(session, keytext.c_str(), keytext.length(), NULL);
const char* bl_fpr_1 = "279765A2FEB5B7C731B861D93E4CEFD9F7AF4684";
const char* bl_fpr_2 = "634FAC4417E9B2A5DC2BD4AAC4AEEBBE7E62701B";
bool is_blacklisted = false;
pEp_identity* blacklisted_identity = new_identity("blacklistedkeys@kgrothoff.org",
bl_fpr_1,
NULL,
"Blacklist Keypair");
PEP_STATUS status8 = update_identity(session, blacklisted_identity);
PEP_STATUS status9 = blacklist_add(session, bl_fpr_1);
PEP_STATUS status10 = blacklist_is_listed(session, bl_fpr_1, &is_blacklisted);
PEP_STATUS status11 = update_identity(session, blacklisted_identity);
/* read the key into memory */
ifstream infile2("blacklisted_pub2.asc");
string keytext2;
while (!infile2.eof()) {
static string line2;
getline(infile2, line2);
keytext2 += line2 + "\n";
}
infile2.close();
PEP_STATUS status14 = import_key(session, keytext.c_str(), keytext.length(), NULL);
pEp_identity* blacklisted_identity2 = new_identity("blacklistedkeys@kgrothoff.org",
bl_fpr_2,
NULL,
"Blacklist Keypair");
PEP_STATUS status15 = update_identity(session, blacklisted_identity2);
PEP_STATUS status12 = blacklist_delete(session, bl_fpr_1);
PEP_STATUS status13 = update_identity(session, blacklisted_identity);
/* FIXME: remove both keys again from everywhere and clean up identities */
cout << "calling release()\n";
release(session);
return 0;


Loading…
Cancel
Save