Browse Source

ENGINE-294: blacklisting is now only checked in identity_rating, outgoing_message_rating and encrypt_message, and then only for OpenPGP comm_types.

doc_update_sequoia
Krista Bennett 4 years ago
parent
commit
ec3552830e
7 changed files with 36 additions and 33 deletions
  1. +4
    -13
      src/keymanagement.c
  2. +24
    -4
      src/message_api.c
  3. +0
    -13
      src/pEpEngine.c
  4. +0
    -1
      src/pEpEngine.h
  5. +4
    -0
      src/pEp_internal.h
  6. +3
    -1
      test/blacklist_accept_new_key_test.cc
  7. +1
    -1
      test/blacklist_test.cc

+ 4
- 13
src/keymanagement.c View File

@ -174,7 +174,7 @@ static PEP_STATUS validate_fpr(PEP_SESSION session,
if (status != PEP_STATUS_OK)
return status;
if (check_blacklist && (ct | PEP_ct_confirmed) == PEP_ct_OpenPGP &&
if (check_blacklist && IS_PGP_CT(ct) &&
!ident->me) {
status = blacklist_is_listed(session,
fpr,
@ -866,19 +866,10 @@ PEP_STATUS elect_ownkey(
PEP_STATUS _has_usable_priv_key(PEP_SESSION session, char* fpr,
bool* is_usable) {
bool dont_use_fpr = true;
PEP_STATUS status = blacklist_is_listed(session, fpr, &dont_use_fpr);
if (status == PEP_STATUS_OK && !dont_use_fpr) {
// Make sure there is a *private* key associated with this fpr
bool has_private = false;
status = contains_priv_key(session, fpr, &has_private);
if (status == PEP_STATUS_OK)
dont_use_fpr = !has_private;
}
bool has_private = false;
PEP_STATUS status = contains_priv_key(session, fpr, &has_private);
*is_usable = !dont_use_fpr;
*is_usable = has_private;
return status;
}


+ 24
- 4
src/message_api.c View File

@ -1535,7 +1535,7 @@ DYNAMIC_API PEP_STATUS encrypt_message(
_status = PEP_STATUS_OK;
}
bool is_blacklisted = false;
if (_il->ident->fpr) {
if (_il->ident->fpr && IS_PGP_CT(_il->ident->comm_type)) {
_status = blacklist_is_listed(session, _il->ident->fpr, &is_blacklisted);
if (_status != PEP_STATUS_OK) {
// DB error
@ -1587,7 +1587,7 @@ DYNAMIC_API PEP_STATUS encrypt_message(
_status = PEP_STATUS_OK;
}
bool is_blacklisted = false;
if (_il->ident->fpr) {
if (_il->ident->fpr && IS_PGP_CT(_il->ident->comm_type)) {
_status = blacklist_is_listed(session, _il->ident->fpr, &is_blacklisted);
if (_status != PEP_STATUS_OK) {
// DB error
@ -1638,7 +1638,7 @@ DYNAMIC_API PEP_STATUS encrypt_message(
_status = PEP_STATUS_OK;
}
bool is_blacklisted = false;
if (_il->ident->fpr) {
if (_il->ident->fpr && IS_PGP_CT(_il->ident->comm_type)) {
_status = blacklist_is_listed(session, _il->ident->fpr, &is_blacklisted);
if (_status != PEP_STATUS_OK) {
// DB error
@ -2982,7 +2982,7 @@ static void _max_comm_type_from_identity_list(
status = myself(session, il->ident);
bool is_blacklisted = false;
if (il->ident->fpr) {
if (il->ident->fpr && IS_PGP_CT(il->ident->comm_type)) {
status = blacklist_is_listed(session, il->ident->fpr, &is_blacklisted);
if (is_blacklisted) {
bool user_default, ident_default, address_default;
@ -3078,6 +3078,26 @@ DYNAMIC_API PEP_STATUS identity_rating(
else
status = update_identity(session, ident);
bool is_blacklisted = false;
if (ident->fpr && IS_PGP_CT(ident->comm_type)) {
status = blacklist_is_listed(session, ident->fpr, &is_blacklisted);
if (status != PEP_STATUS_OK) {
return status; // DB ERROR
}
if (is_blacklisted) {
bool user_default, ident_default, address_default;
status = get_valid_pubkey(session, ident,
&ident_default, &user_default,
&address_default,
true);
if (status != PEP_STATUS_OK || ident->fpr == NULL) {
ident->comm_type = PEP_ct_key_not_found;
status = PEP_STATUS_OK;
}
}
}
if (status == PEP_STATUS_OK)
*rating = _rating(ident->comm_type, PEP_rating_undefined);


+ 0
- 13
src/pEpEngine.c View File

@ -2385,21 +2385,8 @@ DYNAMIC_API PEP_STATUS set_identity(
PEP_STATUS status = PEP_STATUS_OK;
bool listed;
bool has_fpr = (!EMPTYSTR(identity->fpr));
if (has_fpr) {
// blacklist check - FIXME: ENGINE-294 will remove
status = blacklist_is_listed(session, identity->fpr, &listed);
assert(status == PEP_STATUS_OK);
if (status != PEP_STATUS_OK)
return status;
if (listed)
return PEP_KEY_BLACKLISTED;
}
sqlite3_exec(session->db, "BEGIN TRANSACTION ;", NULL, NULL, NULL);
if (identity->lang[0]) {


+ 0
- 1
src/pEpEngine.h View File

@ -600,7 +600,6 @@ PEP_STATUS replace_identities_fpr(PEP_SESSION session,
// PEP_CANNOT_SET_PGP_KEYPAIR writing to table pgp_keypair failed
// PEP_CANNOT_SET_IDENTITY writing to table identity failed
// PEP_COMMIT_FAILED SQL commit failed
// PEP_KEY_BLACKLISTED Key blacklisted, cannot set identity
//
// caveat:
// address, fpr, user_id and username must be given


+ 4
- 0
src/pEp_internal.h View File

@ -408,6 +408,10 @@ static inline bool is_me(PEP_SESSION session, pEp_identity* test_ident) {
#define EMPTYSTR(STR) ((STR) == NULL || (STR)[0] == '\0')
#endif
#ifndef IS_PGP_CT
#define IS_PGP_CT(CT) (((CT) | PEP_ct_confirmed) == PEP_ct_OpenPGP)
#endif
#ifndef _MIN
#define _MIN(A, B) ((B) > (A) ? (A) : (B))
#endif


+ 3
- 1
test/blacklist_accept_new_key_test.cc View File

@ -50,12 +50,14 @@ int main() {
PEP_STATUS status10 = blacklist_is_listed(session, bl_fpr_1, &is_blacklisted);
assert(is_blacklisted);
PEP_STATUS status11 = update_identity(session, blacklisted_identity);
assert(status11 == PEP_KEY_BLACKLISTED);
assert(status11 == PEP_STATUS_OK);
assert(_streq(bl_fpr_1, blacklisted_identity->fpr));
bool id_def, us_def, addr_def;
status11 = get_valid_pubkey(session, blacklisted_identity,
&id_def, &us_def, &addr_def, true);
assert(blacklisted_identity->comm_type == PEP_ct_unknown);
if (!(blacklisted_identity->fpr))
cout << "OK! blacklisted_identity->fpr is empty. Yay!" << endl;
else


+ 1
- 1
test/blacklist_test.cc View File

@ -110,7 +110,7 @@ int main() {
PEP_STATUS status11 = update_identity(session, blacklisted_identity);
/* new!!! */
assert(is_blacklisted);
assert(status11 == PEP_KEY_BLACKLISTED);
assert(status11 == PEP_STATUS_OK);
assert(_streq(bl_fpr_1, blacklisted_identity->fpr));
bool id_def, us_def, addr_def;


Loading…
Cancel
Save