ENGINE-340: fixed persistence issues caused by removing mistrusted keys as defaults in ENGINE-332 branch

5 years ago · 6b87c968f3
parent 4fac2f5289
commit 6b87c968f3
5 changed files with 79 additions and 13 deletions
--- a/src/keymanagement.c
+++ b/src/keymanagement.c
@ -15,20 +15,8 @@
 #include "sync_fsm.h"
 #include "blacklist.h"

-#ifndef EMPTYSTR
-#define EMPTYSTR(STR) ((STR) == NULL || (STR)[0] == '\0')
-#endif
-
 #define KEY_EXPIRE_DELTA (60 * 60 * 24 * 365)

-#ifndef _MIN
-#define _MIN(A, B) ((B) > (A) ? (A) : (B))
-#endif
-#ifndef _MAX
-#define _MAX(A, B) ((B) > (A) ? (B) : (A))
-#endif
-
-
 static bool key_matches_address(PEP_SESSION session, const char* address,
                                const char* fpr) {
    if (!session || !address || !fpr)
@ -1063,7 +1051,16 @@ DYNAMIC_API PEP_STATUS key_mistrusted(
        if (session->cached_mistrusted)
            free(session->cached_mistrusted);
        session->cached_mistrusted = identity_dup(ident);
+        
+        // set mistrust for this user_id/keypair (even if there's not an
+        // identity set yet, this is important, as we need to record the mistrust
+        // action)
        status = set_trust(session, ident->user_id, ident->fpr, PEP_ct_mistrusted);
+        if (status == PEP_STATUS_OK)
+            // cascade that mistrust for anyone using this key
+            status = mark_as_compromized(session, ident->fpr);
+        if (status == PEP_STATUS_OK)
+            status = remove_fpr_as_default(session, ident->fpr);
    }

    return status;
--- a/src/message_api.c
+++ b/src/message_api.c
@ -1215,6 +1215,12 @@ static PEP_rating keylist_rating(PEP_SESSION session, stringlist_t *keylist, cha
            continue;

        PEP_rating _rating_ = key_rating(session, _kl->value);
+
+        // check for mistrust
+        bool is_mistrusted = false;
+        fpr_has_mistrust(session, _kl->value, &is_mistrusted); // not sure what to do with status
+        if (is_mistrusted)
+            _rating_ = PEP_rating_mistrust;
         
        if (_rating_ <= PEP_rating_mistrust)
            return _rating_;
@ -2029,7 +2035,7 @@ static PEP_STATUS amend_rating_according_to_sender_and_recipients(
            status = get_trust(session, _sender);
            if (_sender->comm_type == PEP_ct_unknown) {
                get_key_rating(session, fpr, &_sender->comm_type);
-                
+                // check mistrust
            }
            if (_sender->comm_type != PEP_ct_unknown) {
                *rating = keylist_rating(session, recipients, 
--- a/src/pEpEngine.c
+++ b/src/pEpEngine.c
@ -196,6 +196,11 @@ static const char *sql_least_trust =
 static const char *sql_mark_as_compromized = 
    "update trust not indexed set comm_type = 15"
    " where pgp_keypair_fpr = upper(replace(?1,' ','')) ;";
+    
+static const char *sql_fpr_has_mistrust =
+    "select count(*) from trust "
+    "   where pgp_keypair_fpr = upper(replace(?1,' ','')) "
+    "       and comm_type = 15 ; ";

 static const char *sql_crashdump = 
    "select timestamp, title, entity, description, comment"
@ -918,6 +923,11 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
            NULL);
    assert(int_result == SQLITE_OK);

+    int_result = sqlite3_prepare_v2(_session->db, sql_fpr_has_mistrust,
+            (int)strlen(sql_fpr_has_mistrust), &_session->fpr_has_mistrust,
+            NULL);
+    assert(int_result == SQLITE_OK);
+
    int_result = sqlite3_prepare_v2(_session->db, sql_crashdump,
            (int)strlen(sql_crashdump), &_session->crashdump, NULL);
    assert(int_result == SQLITE_OK);
@ -2275,6 +2285,42 @@ void pEp_free(void *p)
    free(p);
 }

+PEP_STATUS fpr_has_mistrust(PEP_SESSION session, 
+                            const char* fpr,
+                            bool* has_mistrust) {
+    assert(session);
+    assert(!EMPTYSTR(fpr));                            
+    assert(has_mistrust);
+    
+    if (!session || EMPTYSTR(fpr) || has_mistrust == NULL)
+        return PEP_ILLEGAL_VALUE;
+        
+    *has_mistrust = false;
+    
+    PEP_STATUS status = PEP_STATUS_OK;
+    int result;
+
+    sqlite3_reset(session->fpr_has_mistrust);
+    sqlite3_bind_text(session->fpr_has_mistrust, 1, fpr, -1,
+            SQLITE_STATIC);
+
+    result = sqlite3_step(session->fpr_has_mistrust);
+    switch (result) {
+    case SQLITE_ROW: {
+        *has_mistrust = (PEP_comm_type) sqlite3_column_int(session->fpr_has_mistrust,
+                         0);
+        break;
+    }
+ 
+    default:
+        status = PEP_UNKNOWN_ERROR; // DB error??
+    }
+
+    sqlite3_reset(session->fpr_has_mistrust);
+    return status;
+
+}
+
 PEP_STATUS set_trust(PEP_SESSION session, 
                     const char* user_id,
                     const char* fpr, 
--- a/src/pEpEngine.h
+++ b/src/pEpEngine.h
@ -1229,6 +1229,10 @@ PEP_STATUS replace_main_user_fpr(PEP_SESSION session, const char* user_id,
    
 PEP_STATUS refresh_userid_default_key(PEP_SESSION session, const char* user_id);

+PEP_STATUS fpr_has_mistrust(PEP_SESSION session, 
+                            const char* fpr,
+                            bool* has_mistrust);
+
 #ifdef __cplusplus
 }
 #endif
--- a/src/pEp_internal.h
+++ b/src/pEp_internal.h
@ -142,6 +142,7 @@ struct _pEpSession {
    sqlite3_stmt *get_trust;
    sqlite3_stmt *least_trust;
    sqlite3_stmt *mark_compromized;
+    sqlite3_stmt *fpr_has_mistrust;
    sqlite3_stmt *reset_trust;
    sqlite3_stmt *crashdump;
    sqlite3_stmt *languagelist;
@ -390,6 +391,18 @@ static inline bool is_me(PEP_SESSION session, pEp_identity* test_ident) {
    return retval;
 }

+#ifndef EMPTYSTR
+#define EMPTYSTR(STR) ((STR) == NULL || (STR)[0] == '\0')
+#endif
+
+#ifndef _MIN
+#define _MIN(A, B) ((B) > (A) ? (A) : (B))
+#endif
+#ifndef _MAX
+#define _MAX(A, B) ((B) > (A) ? (B) : (A))
+#endif
+
+
 // These are globals used in generating message IDs and should only be
 // computed once, as they're either really constants or OS-dependent