src/keymanagement.c
branchENGINE-289
changeset 2386 0ae02e926c6b
parent 2385 974de9c65cbb
child 2388 40cadfd425bb
     1.1 --- a/src/keymanagement.c	Thu Jan 11 22:47:13 2018 +0100
     1.2 +++ b/src/keymanagement.c	Mon Jan 15 17:12:49 2018 +0100
     1.3 @@ -104,21 +104,32 @@
     1.4  static PEP_STATUS validate_fpr(PEP_SESSION session, 
     1.5                                 pEp_identity* ident) {
     1.6      
     1.7 +    PEP_STATUS status = PEP_STATUS_OK;
     1.8 +    
     1.9      if (!session || !ident || !ident->fpr)
    1.10          return PEP_ILLEGAL_VALUE;    
    1.11          
    1.12      char* fpr = ident->fpr;
    1.13      
    1.14 -    PEP_STATUS status = get_trust(session, ident);
    1.15 +    bool has_private = false;
    1.16 +    
    1.17 +    if (ident->me) {
    1.18 +        status = contains_priv_key(session, fpr, &has_private);
    1.19 +        if (status != PEP_STATUS_OK || !has_private)
    1.20 +            return PEP_KEY_UNSUITABLE;
    1.21 +    }
    1.22 +    
    1.23 +    status = get_trust(session, ident);
    1.24      if (status != PEP_STATUS_OK)
    1.25 -        return ADD_TO_LOG(status);
    1.26 -    
    1.27 +        ident->comm_type = PEP_ct_unknown;
    1.28 +            
    1.29      PEP_comm_type ct = ident->comm_type;
    1.30  
    1.31      if (ct == PEP_ct_unknown) {
    1.32          // If status is bad, it's ok, we get the rating
    1.33          // we should use then (PEP_ct_unknown)
    1.34          get_key_rating(session, fpr, &ct);
    1.35 +        ident->comm_type = ct;
    1.36      }
    1.37      
    1.38      bool revoked, expired;
    1.39 @@ -131,15 +142,19 @@
    1.40      }
    1.41      
    1.42      if (!revoked) {
    1.43 +        time_t exp_time = (ident->me ? 
    1.44 +                           time(NULL) + (7*24*3600) : time(NULL));
    1.45 +                           
    1.46          status = key_expired(session, fpr, 
    1.47 -                             time(NULL), // NOW. For _myself, this is different.
    1.48 +                             exp_time,
    1.49                               &expired);
    1.50 -    
    1.51 +                             
    1.52          assert(status == PEP_STATUS_OK);
    1.53          if (status != PEP_STATUS_OK)
    1.54              return ADD_TO_LOG(status);
    1.55  
    1.56 -        if ((ct | PEP_ct_confirmed) == PEP_ct_OpenPGP) {
    1.57 +        if ((ct | PEP_ct_confirmed) == PEP_ct_OpenPGP &&
    1.58 +            !ident->me) {
    1.59              status = blacklist_is_listed(session, 
    1.60                                           fpr, 
    1.61                                           &blacklisted);
    1.62 @@ -149,7 +164,7 @@
    1.63          }
    1.64      }
    1.65              
    1.66 -    if (ident->me && (ct == PEP_ct_pEp) && !revoked && expired) {
    1.67 +    if (ident->me && (ct >= PEP_ct_strong_but_unconfirmed) && !revoked && expired) {
    1.68          // extend key
    1.69          timestamp *ts = new_timestamp(time(NULL) + KEY_EXPIRE_DELTA);
    1.70          status = renew_key(session, fpr, ts);
    1.71 @@ -159,21 +174,23 @@
    1.72              // if key is valid (second check because pEp key might be extended above)
    1.73              //      Return fpr        
    1.74              status = key_expired(session, fpr, time(NULL), &expired);            
    1.75 -            if (status != PEP_STATUS_OK)
    1.76 +            if (status != PEP_STATUS_OK) {
    1.77 +                 ident->comm_type = PEP_ct_key_expired;
    1.78                   return ADD_TO_LOG(status);
    1.79 +             }
    1.80              // communicate key(?)
    1.81          }        
    1.82      }
    1.83 -    
    1.84 -    if (revoked)
    1.85 +     
    1.86 +    if (revoked) 
    1.87          ct = PEP_ct_key_revoked;
    1.88      else if (expired)
    1.89          ct = PEP_ct_key_expired;        
    1.90 -    else if (blacklisted) {
    1.91 +    else if (blacklisted) { // never true for .me
    1.92          ident->comm_type = ct = PEP_ct_key_not_found;
    1.93          free(ident->fpr);
    1.94              ident->fpr = strdup("");
    1.95 -        status = PEP_KEY_UNSUITABLE;
    1.96 +        status = PEP_KEY_BLACKLISTED;
    1.97      }
    1.98      
    1.99      switch (ct) {
   1.100 @@ -187,7 +204,7 @@
   1.101                                            ct);
   1.102              free(ident->fpr);
   1.103              ident->fpr = strdup("");
   1.104 -            ident->comm_type = PEP_ct_key_not_found;            
   1.105 +            ident->comm_type = ct;            
   1.106              status = PEP_KEY_UNSUITABLE;
   1.107          default:
   1.108              break;
   1.109 @@ -196,15 +213,47 @@
   1.110      return status;
   1.111  }
   1.112  
   1.113 +PEP_STATUS get_user_default_key(PEP_SESSION session, const char* user_id,
   1.114 +                                char** default_key) {
   1.115 +    assert(session);
   1.116 +    assert(user_id);
   1.117 +    
   1.118 +    if (!session || !user_id)
   1.119 +        return PEP_ILLEGAL_VALUE;
   1.120 +
   1.121 +    PEP_STATUS status = PEP_STATUS_OK;
   1.122 +            
   1.123 +    // try to get default key for user_data
   1.124 +    sqlite3_reset(session->get_user_default_key);
   1.125 +    sqlite3_bind_text(session->get_user_default_key, 1, user_id, 
   1.126 +                      -1, SQLITE_STATIC);
   1.127 +    
   1.128 +    const int result = sqlite3_step(session->get_user_default_key);
   1.129 +    char* user_fpr = NULL;
   1.130 +    if (result == SQLITE_ROW) {
   1.131 +        const char* u_fpr =
   1.132 +            (char *) sqlite3_column_text(session->get_user_default_key, 0);
   1.133 +        if (u_fpr)
   1.134 +            user_fpr = strdup(u_fpr);
   1.135 +    }
   1.136 +    else
   1.137 +        status = PEP_GET_KEY_FAILED;
   1.138 +        
   1.139 +    sqlite3_reset(session->get_user_default_key);
   1.140 +    
   1.141 +    *default_key = user_fpr;
   1.142 +    return status;     
   1.143 +}
   1.144 +
   1.145  // Only call on retrieval of previously stored identity!
   1.146  // Also, we presume that if the stored_identity was sent in
   1.147  // without an fpr, there wasn't one in the trust DB for this
   1.148  // identity.
   1.149  PEP_STATUS get_valid_pubkey(PEP_SESSION session,
   1.150 -                            pEp_identity* stored_identity,
   1.151 -                            bool* is_identity_default,
   1.152 -                            bool* is_user_default,
   1.153 -                            bool* is_address_default) {
   1.154 +                         pEp_identity* stored_identity,
   1.155 +                         bool* is_identity_default,
   1.156 +                         bool* is_user_default,
   1.157 +                         bool* is_address_default) {
   1.158      
   1.159      PEP_STATUS status = PEP_STATUS_OK;
   1.160  
   1.161 @@ -213,7 +262,7 @@
   1.162          return PEP_ILLEGAL_VALUE;
   1.163          
   1.164      *is_identity_default = *is_user_default = *is_address_default = false;
   1.165 -    
   1.166 +
   1.167      char* stored_fpr = stored_identity->fpr;
   1.168      // Input: stored identity retrieved from database
   1.169      // if stored identity contains a default key
   1.170 @@ -228,20 +277,8 @@
   1.171      free(stored_identity->fpr);
   1.172      stored_identity->fpr = NULL;
   1.173      
   1.174 -    // try to get default key for user_data
   1.175 -    sqlite3_reset(session->get_user_default_key);
   1.176 -    sqlite3_bind_text(session->get_user_default_key, 1, stored_identity->user_id, 
   1.177 -                      -1, SQLITE_STATIC);
   1.178 -    
   1.179 -    const int result = sqlite3_step(session->get_user_default_key);
   1.180      char* user_fpr = NULL;
   1.181 -    if (result == SQLITE_ROW) {
   1.182 -        const char* u_fpr =
   1.183 -            (char *) sqlite3_column_text(session->get_user_default_key, 0);
   1.184 -        if (u_fpr)
   1.185 -            user_fpr = strdup(u_fpr);
   1.186 -    }
   1.187 -    sqlite3_reset(session->get_user_default_key);
   1.188 +    status = get_user_default_key(session, stored_identity->user_id, &user_fpr);
   1.189      
   1.190      if (user_fpr) {             
   1.191          // There exists a default key for user, so validate
   1.192 @@ -271,16 +308,13 @@
   1.193              free(stored_identity->fpr);
   1.194              stored_identity->fpr = NULL;
   1.195              stored_identity->comm_type = PEP_ct_unknown;
   1.196 -            break;
   1.197 +            break;    
   1.198          default:
   1.199 -            // FIXME: blacklisting?
   1.200              break;
   1.201      }
   1.202      return status;
   1.203  }
   1.204  
   1.205 -PEP_STATUS _myself(PEP_SESSION session, pEp_identity * identity, bool do_keygen, bool ignore_flags);
   1.206 -
   1.207  static void transfer_ident_lang_and_flags(pEp_identity* new_ident,
   1.208                                            pEp_identity* stored_ident) {
   1.209      if (new_ident->lang[0] == 0) {
   1.210 @@ -387,12 +421,12 @@
   1.211      if (!(session && identity && !EMPTYSTR(identity->address)))
   1.212          return ADD_TO_LOG(PEP_ILLEGAL_VALUE);
   1.213  
   1.214 -    char* own_id = NULL;
   1.215 -    status = get_own_userid(session, &own_id);    
   1.216 +    char* default_own_id = NULL;
   1.217 +    status = get_default_own_userid(session, &default_own_id);    
   1.218  
   1.219      // Is this me, temporary or not? If so, BAIL.
   1.220      if (identity->me || 
   1.221 -       (own_id && identity->user_id && (strcmp(own_id, identity->user_id) == 0))) 
   1.222 +       (default_own_id && identity->user_id && (strcmp(default_own_id, identity->user_id) == 0))) 
   1.223      {
   1.224          return PEP_ILLEGAL_VALUE;
   1.225      }
   1.226 @@ -692,29 +726,33 @@
   1.227  
   1.228  PEP_STATUS _myself(PEP_SESSION session, pEp_identity * identity, bool do_keygen, bool ignore_flags)
   1.229  {
   1.230 -    pEp_identity *stored_identity = NULL;
   1.231 +
   1.232      PEP_STATUS status;
   1.233  
   1.234      assert(session);
   1.235      assert(identity);
   1.236      assert(!EMPTYSTR(identity->address));
   1.237 +    assert(!EMPTYSTR(identity->user_id));
   1.238  
   1.239 -    if (!session || !identity || EMPTYSTR(identity->address))
   1.240 +    if (!session || !identity || EMPTYSTR(identity->address) ||
   1.241 +        EMPTYSTR(identity->user_id))
   1.242          return ADD_TO_LOG(PEP_ILLEGAL_VALUE);
   1.243 +
   1.244 +    pEp_identity *stored_identity = NULL;
   1.245 +    char* revoked_fpr = NULL; 
   1.246          
   1.247 -    char* own_id = NULL;
   1.248 -    status = get_own_userid(session, &own_id);
   1.249 +    char* default_own_id = NULL;
   1.250 +    status = get_default_own_userid(session, &default_own_id);
   1.251  
   1.252 -    // Deal with user_id mismatches - if the own_id in the DB and the
   1.253 -    // input ID both exist and don't match, this is only allowed when
   1.254 -    // a temporary PEP_OWN_USERID has been put into the DB; the user_id
   1.255 -    // here will then replace it. (Database cascades changes)
   1.256 -    if (own_id && !EMPTYSTR(identity->user_id)) {
   1.257 -        if (strcmp(own_id, identity->user_id) != 0)) {
   1.258 -            if (strcmp(own_id, PEP_OWN_USERID) != 0) {
   1.259 -                free(own_id);
   1.260 -                return ADD_TO_LOG(PEP_ILLEGAL_VALUE);
   1.261 -            }
   1.262 +    // Deal with non-default user_ids.
   1.263 +    if (default_own_id && strcmp(default_own_id, identity->user_id) != 0) {
   1.264 +//        status = add_alternate_own_userid(session, 
   1.265 +//                                          identity->user_id);
   1.266 +        free(identity->user_id);
   1.267 +        identity->user_id = strdup(default_own_id);
   1.268 +        if (identity->user_id == NULL) {
   1.269 +            status = PEP_OUT_OF_MEMORY;
   1.270 +            goto pep_free;
   1.271          }
   1.272      }
   1.273  
   1.274 @@ -729,27 +767,6 @@
   1.275      if(ignore_flags)
   1.276          identity->flags = 0;
   1.277      
   1.278 -    if (EMPTYSTR(identity->user_id))
   1.279 -    {
   1.280 -        free(identity->user_id);
   1.281 -        // If we have have no information, we use as temp PEP_OWN_USERID
   1.282 -        identity->user_id = (own_id ? own_id : strdup(PEP_OWN_USERID));
   1.283 -        assert(identity->user_id);
   1.284 -        if (identity->user_id == NULL)
   1.285 -            return PEP_OUT_OF_MEMORY;
   1.286 -    }
   1.287 -    else if (own_id) {
   1.288 -        if (strcmp(identity->user_id, own_id) != 0) {
   1.289 -            // This will ONLY occur, due to the above check,
   1.290 -            // when own_id is PEP_OWN_USERID
   1.291 -            status = replace_userid(session, PEP_OWN_USERID,
   1.292 -                                    identity->user_id);
   1.293 -            if (status != PEP_STATUS_OK)
   1.294 -                return status;
   1.295 -        }
   1.296 -    }
   1.297 -
   1.298 -    // Ok, so now we are guaranteed to have a user_id.
   1.299      // Let's see if we have an identity record in the DB for 
   1.300      // this user_id + address
   1.301      DEBUG_LOG("myself", "debug", identity->address);
   1.302 @@ -762,176 +779,103 @@
   1.303      assert(status != PEP_OUT_OF_MEMORY);
   1.304      if (status == PEP_OUT_OF_MEMORY)
   1.305          return PEP_OUT_OF_MEMORY;
   1.306 +
   1.307 +    // Set usernames - priority is input username > stored name > "Anonymous"
   1.308 +    // If there's an input username, we always patch the username with that
   1.309 +    // input.
   1.310 +    if (EMPTYSTR(identity->username)) {
   1.311 +        bool stored_uname = (stored_identity && stored_identity->username);
   1.312 +        char* uname = (stored_uname ? "Anonymous" : stored_identity->username);
   1.313 +        free(identity->username);
   1.314 +        identity->username = strdup(uname);
   1.315 +        if (identity->username == NULL)
   1.316 +            return PEP_OUT_OF_MEMORY;
   1.317 +    }
   1.318 +
   1.319 +    bool valid_key_found = false;
   1.320      
   1.321 -    if (!stored_identity) {
   1.322 -        // We don't allow user_id mismatches for own identities except in cases
   1.323 -        // where there was a PEP_OWN_USERID, which we have already replaced
   1.324 -        // in the database, so if there is no match in the DB, we are making
   1.325 -        // a new identity for this user ID.
   1.326 -        if (EMPTYSTR(identity->username))
   1.327 -        {
   1.328 -            free(identity->username);
   1.329 -            identity->username = strdup("Anonymous");
   1.330 -            assert(identity->username);
   1.331 -            if (identity->username == NULL)
   1.332 -                return PEP_OUT_OF_MEMORY;
   1.333 -        }           
   1.334 -    }                      
   1.335 -
   1.336 -    // First we try to find an identity with the 
   1.337 -
   1.338 -    bool dont_use_stored_fpr = true;
   1.339 -    bool dont_use_input_fpr = true;
   1.340 +    // Now deal with keys.
   1.341 +    // Different from update_identity(), the input fpr here
   1.342 +    // MATTERS. 
   1.343 +    // If the input fpr is invalid, we return, giving the reason why.
   1.344 +    if (identity->fpr) {
   1.345 +        status = validate_fpr(session, identity);
   1.346 +    
   1.347 +        if (status != PEP_STATUS_OK || 
   1.348 +            identity->comm_type < PEP_ct_strong_but_unconfirmed) {
   1.349 +            if (identity->comm_type != PEP_ct_key_expired)
   1.350 +                goto pep_free;
   1.351 +            // Otherwise, it was expired and key renewal failed
   1.352 +            // and we take the stored one or do keygen. 
   1.353 +        } 
   1.354 +        else
   1.355 +            valid_key_found = true;
   1.356 +    }    
   1.357 +    
   1.358 +    // Ok, if there wasn't a valid input fpr, check stored identity
   1.359 +    if (!valid_key_found && stored_identity && 
   1.360 +        (!identity->fpr || strcmp(stored_identity->fpr, identity->fpr) != 0)) {
   1.361          
   1.362 -    if (stored_identity)
   1.363 -    {
   1.364 -        if (EMPTYSTR(identity->fpr)) {
   1.365 -            
   1.366 -            bool has_private = false;
   1.367 -            
   1.368 -            status = _has_usable_priv_key(session, stored_identity->fpr, &has_private); 
   1.369 -            
   1.370 -            // N.B. has_private is never true if the returned status is not PEP_STATUS_OK
   1.371 -            if (has_private) {
   1.372 -                identity->fpr = strdup(stored_identity->fpr);
   1.373 -                assert(identity->fpr);
   1.374 -                if (identity->fpr == NULL)
   1.375 -                {
   1.376 -                    return PEP_OUT_OF_MEMORY;
   1.377 -                }
   1.378 -                dont_use_stored_fpr = false;
   1.379 -            }
   1.380 +        // Fall back / retrieve
   1.381 +        status = validate_fpr(session, stored_identity);
   1.382 +        if (status == PEP_STATUS_OK && 
   1.383 +            stored_identity->comm_type >= PEP_ct_strong_but_unconfirmed) {
   1.384 +          
   1.385 +            free(identity->fpr);
   1.386 +            identity->fpr = strdup(stored_identity->fpr);            
   1.387          }
   1.388 -        
   1.389 -        identity->flags = (identity->flags & 255) | stored_identity->flags;
   1.390 -        free_identity(stored_identity);
   1.391 -    }
   1.392 -    
   1.393 -    if (dont_use_stored_fpr && !EMPTYSTR(identity->fpr))
   1.394 -    {
   1.395 -        // App must have a good reason to give fpr, such as explicit
   1.396 -        // import of private key, or similar.
   1.397 -
   1.398 -        // Take given fpr as-is.
   1.399 -
   1.400 -        // BUT:
   1.401 -        // First check to see if it's blacklisted or private part is missing?
   1.402 -        bool has_private = false;
   1.403 -        
   1.404 -        status = _has_usable_priv_key(session, identity->fpr, &has_private); 
   1.405 -        
   1.406 -        // N.B. has_private is never true if the returned status is not PEP_STATUS_OK
   1.407 -        if (has_private) {
   1.408 -            dont_use_input_fpr = false;
   1.409 +        else {
   1.410 +            bool revoked = false;
   1.411 +            if (!EMPTYSTR(stored_identity->fpr)) {
   1.412 +                status = key_revoked(session, stored_identity->fpr, &revoked);
   1.413 +                if (revoked)
   1.414 +                    revoked_fpr = strdup(stored_identity->fpr);
   1.415 +            }        
   1.416          }
   1.417      }
   1.418      
   1.419 -    // Ok, we failed to get keys either way, so let's elect one.
   1.420 -    if (dont_use_input_fpr && dont_use_stored_fpr)
   1.421 -    {
   1.422 -        status = elect_ownkey(session, identity);
   1.423 -        assert(status == PEP_STATUS_OK);
   1.424 -        if (status != PEP_STATUS_OK) {
   1.425 -            return ADD_TO_LOG(status);
   1.426 -        }
   1.427 +    // Nothing left to do but generate a key
   1.428 +    if (!valid_key_found) {
   1.429 +        if (!do_keygen)
   1.430 +            status = PEP_GET_KEY_FAILED;
   1.431 +        else {
   1.432 +            DEBUG_LOG("Generating key pair", "debug", identity->address);
   1.433  
   1.434 -        bool has_private = false;
   1.435 -        if (identity->fpr) {
   1.436 -            // ok, we elected something.
   1.437 -            // elect_ownkey only returns private keys, so we don't check again.
   1.438 -            // Check to see if it's blacklisted
   1.439 -            bool listed;
   1.440 -            status = blacklist_is_listed(session, identity->fpr, &listed); 
   1.441 +            status = generate_keypair(session, identity);
   1.442 +            assert(status != PEP_OUT_OF_MEMORY);
   1.443  
   1.444 -            if (status == PEP_STATUS_OK)
   1.445 -                has_private = !listed;
   1.446 -        }
   1.447 -        
   1.448 -        if (has_private) {
   1.449 -            dont_use_input_fpr = false;
   1.450 -        }
   1.451 -        else { // OK, we've tried everything. Time to generate new keys.
   1.452 -            free(identity->fpr); // It can stay in this state (unallocated) because we'll generate a new key 
   1.453 -            identity->fpr = NULL;
   1.454 +            if (status != PEP_STATUS_OK) {
   1.455 +                char buf[11];
   1.456 +                snprintf(buf, 11, "%d", status); // uh, this is kludgey. FIXME
   1.457 +                DEBUG_LOG("Generating key pair failed", "debug", buf);
   1.458 +            }        
   1.459 +            else {
   1.460 +                valid_key_found = true;
   1.461 +                if (revoked_fpr) {
   1.462 +                    status = set_revoked(session, revoked_fpr,
   1.463 +                                         stored_identity->fpr, time(NULL));
   1.464 +                }
   1.465 +            }
   1.466          }
   1.467      }
   1.468  
   1.469 -    bool revoked = false;
   1.470 -    char *r_fpr = NULL;
   1.471 -    if (!EMPTYSTR(identity->fpr))
   1.472 -    {
   1.473 -        status = key_revoked(session, identity->fpr, &revoked);
   1.474 -
   1.475 -        if (status != PEP_STATUS_OK) 
   1.476 -        {
   1.477 -            return ADD_TO_LOG(status);
   1.478 -        }
   1.479 +    if (valid_key_found) {
   1.480 +        identity->comm_type = PEP_ct_pEp;
   1.481 +        status = PEP_STATUS_OK;
   1.482      }
   1.483 -   
   1.484 -    if (EMPTYSTR(identity->fpr) || revoked)
   1.485 -    {
   1.486 -        if(!do_keygen){
   1.487 -            return ADD_TO_LOG(PEP_GET_KEY_FAILED);
   1.488 -        }
   1.489 -
   1.490 -        if(revoked)
   1.491 -        {
   1.492 -            r_fpr = identity->fpr;
   1.493 -            identity->fpr = NULL;
   1.494 -        }
   1.495 -        
   1.496 -        DEBUG_LOG("generating key pair", "debug", identity->address);
   1.497 -        status = generate_keypair(session, identity);
   1.498 -        assert(status != PEP_OUT_OF_MEMORY);
   1.499 -        if (status != PEP_STATUS_OK) {
   1.500 -            char buf[11];
   1.501 -            snprintf(buf, 11, "%d", status);
   1.502 -            DEBUG_LOG("generating key pair failed", "debug", buf);
   1.503 -            if(revoked && r_fpr)
   1.504 -                free(r_fpr);
   1.505 -            return ADD_TO_LOG(status);
   1.506 -        }
   1.507 -
   1.508 -        
   1.509 -        if(revoked)
   1.510 -        {
   1.511 -            status = set_revoked(session, r_fpr,
   1.512 -                                 identity->fpr, time(NULL));
   1.513 -            free(r_fpr);
   1.514 -            if (status != PEP_STATUS_OK) {
   1.515 -                return ADD_TO_LOG(status);
   1.516 -            }
   1.517 -        }
   1.518 +    else {
   1.519 +        free(identity->fpr);
   1.520 +        identity->fpr = NULL;
   1.521 +        identity->comm_type = PEP_ct_unknown;
   1.522      }
   1.523 -    else
   1.524 -    {
   1.525 -        bool expired;
   1.526 -        status = key_expired(session, identity->fpr, 
   1.527 -                             time(NULL) + (7*24*3600), // In a week
   1.528 -                             &expired);
   1.529 -
   1.530 -        assert(status == PEP_STATUS_OK);
   1.531 -        if (status != PEP_STATUS_OK) {
   1.532 -            return ADD_TO_LOG(status);
   1.533 -        }
   1.534 -
   1.535 -        if (status == PEP_STATUS_OK && expired) {
   1.536 -            timestamp *ts = new_timestamp(time(NULL) + KEY_EXPIRE_DELTA);
   1.537 -            renew_key(session, identity->fpr, ts);
   1.538 -            free_timestamp(ts);
   1.539 -        }
   1.540 -    }
   1.541 -
   1.542 -    if (!(identity->username))
   1.543 -        identity->username = strdup("");
   1.544      
   1.545      status = set_identity(session, identity);
   1.546 -    assert(status == PEP_STATUS_OK);
   1.547 -    if (status != PEP_STATUS_OK) {
   1.548 -        return status;
   1.549 -    }
   1.550  
   1.551 -    return ADD_TO_LOG(PEP_STATUS_OK);
   1.552 +pep_free:    
   1.553 +    free(default_own_id);
   1.554 +    free(revoked_fpr);                     
   1.555 +    free_identity(stored_identity);
   1.556 +    return ADD_TO_LOG(status);
   1.557  }
   1.558  
   1.559  DYNAMIC_API PEP_STATUS initialise_own_identities(PEP_SESSION session,
   1.560 @@ -941,7 +885,7 @@
   1.561          return PEP_ILLEGAL_VALUE;
   1.562          
   1.563      char* stored_own_userid = NULL;
   1.564 -    get_own_userid(session, &stored_own_userid);
   1.565 +    get_default_own_userid(session, &stored_own_userid);
   1.566      
   1.567      identity_list* ident_curr = my_idents;
   1.568      while (ident_curr) {
   1.569 @@ -1396,7 +1340,7 @@
   1.570      // First see if we have it in own identities already, AND we retrieve
   1.571      // our own user_id
   1.572      char* my_user_id = NULL;
   1.573 -    status = get_own_userid(session, &my_user_id);
   1.574 +    status = get_default_own_userid(session, &my_user_id);
   1.575      if (status != PEP_STATUS_OK)
   1.576          return status;
   1.577