src/pEpEngine.c
branchENGINE-199
changeset 1764 e1c31ee55aad
parent 1734 6d5ea8793614
parent 1760 f691b9603e8b
child 1777 a537bef47d07
     1.1 --- a/src/pEpEngine.c	Mon May 08 08:21:24 2017 +0200
     1.2 +++ b/src/pEpEngine.c	Tue May 09 09:31:15 2017 +0200
     1.3 @@ -136,7 +136,11 @@
     1.4      " union "
     1.5      "  select main_key_id from identity "
     1.6      "   where main_key_id = upper(replace(?1,' ',''))"
     1.7 -    "    and user_id = '" PEP_OWN_USERID "' );";
     1.8 +    "    and user_id = '" PEP_OWN_USERID "' "
     1.9 +    " union "
    1.10 +    "  select fpr from own_keys "
    1.11 +    "   where fpr = upper(replace(?1,' ',''))"
    1.12 +    " );";
    1.13  
    1.14  static const char *sql_own_identities_retrieve =  
    1.15      "select address, fpr, username, "
    1.16 @@ -209,6 +213,7 @@
    1.17      int int_result;
    1.18      
    1.19      bool in_first = false;
    1.20 +    bool very_first = false;
    1.21  
    1.22      assert(sqlite3_threadsafe());
    1.23      if (!sqlite3_threadsafe())
    1.24 @@ -466,6 +471,11 @@
    1.25                  assert(int_result == SQLITE_OK);
    1.26              }
    1.27          }
    1.28 +        else { 
    1.29 +            // Version from DB was 0, it means this is initial setup.
    1.30 +            // DB has just been created, and all tables are empty.
    1.31 +            very_first = true;
    1.32 +        }
    1.33  
    1.34          if (version < atoi(_DDL_USER_VERSION)) {
    1.35              int_result = sqlite3_exec(
    1.36 @@ -479,7 +489,6 @@
    1.37              );
    1.38              assert(int_result == SQLITE_OK);
    1.39          }
    1.40 -
    1.41      }
    1.42  
    1.43      int_result = sqlite3_prepare_v2(_session->db, sql_log,
    1.44 @@ -639,11 +648,44 @@
    1.45      // runtime config
    1.46  
    1.47  #ifdef ANDROID
    1.48 -    _session->use_only_own_private_keys = true;
    1.49  #elif TARGET_OS_IPHONE
    1.50 -    _session->use_only_own_private_keys = true;
    1.51 -#else
    1.52 -    _session->use_only_own_private_keys = false;
    1.53 +#else /* Desktop */
    1.54 +    if (very_first)
    1.55 +    {
    1.56 +        // On first run, all private keys already present in PGP keyring 
    1.57 +        // are taken as own in order to seamlessly integrate with
    1.58 +        // pre-existing GPG setup.
    1.59 +
    1.60 +        ////////////////////////////// WARNING: ///////////////////////////
    1.61 +        // Considering all PGP priv keys as own is dangerous in case of 
    1.62 +        // re-initialization of pEp DB, while keeping PGP keyring as-is!
    1.63 +        //
    1.64 +        // Indeed, if pEpEngine did import spoofed private keys in previous
    1.65 +        // install, then those keys become automatically trusted in case 
    1.66 +        // pEp_management.db is deleted.
    1.67 +        //
    1.68 +        // A solution to distinguish bare GPG keyring from pEp keyring is
    1.69 +        // needed here. Then keys managed by pEpEngine wouldn't be
    1.70 +        // confused with GPG keys managed by the user through GPA.
    1.71 +        ///////////////////////////////////////////////////////////////////
    1.72 +        
    1.73 +        stringlist_t *keylist = NULL;
    1.74 +
    1.75 +        status = find_private_keys(_session, NULL, &keylist);
    1.76 +        assert(status != PEP_OUT_OF_MEMORY);
    1.77 +        if (status == PEP_OUT_OF_MEMORY)
    1.78 +            return PEP_OUT_OF_MEMORY;
    1.79 +        
    1.80 +        if (keylist != NULL && keylist->value != NULL)
    1.81 +        {
    1.82 +            stringlist_t *_keylist;
    1.83 +            for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
    1.84 +                status = set_own_key(_session, 
    1.85 +                                     "" /* address is unused in own_keys */,
    1.86 +                                     _keylist->value);
    1.87 +            }
    1.88 +        }
    1.89 +    }
    1.90  #endif
    1.91  
    1.92      // sync_session set to own session by default
    1.93 @@ -772,13 +814,6 @@
    1.94      session->unencrypted_subject = enable;
    1.95  }
    1.96  
    1.97 -DYNAMIC_API void config_use_only_own_private_keys(PEP_SESSION session,
    1.98 -        bool enable)
    1.99 -{
   1.100 -    assert(session);
   1.101 -    session->use_only_own_private_keys = enable;
   1.102 -}
   1.103 -
   1.104  DYNAMIC_API void config_keep_sync_msg(PEP_SESSION session, bool enable)
   1.105  {
   1.106      assert(session);
   1.107 @@ -2245,8 +2280,8 @@
   1.108  
   1.109  PEP_STATUS find_private_keys(PEP_SESSION session, const char* pattern,
   1.110                               stringlist_t **keylist) {
   1.111 -    assert(session && pattern && keylist);
   1.112 -    if (!(session && pattern && keylist))
   1.113 +    assert(session && keylist);
   1.114 +    if (!(session && keylist))
   1.115          return PEP_ILLEGAL_VALUE;
   1.116      
   1.117      return session->cryptotech[PEP_crypt_OpenPGP].find_private_keys(session, pattern,