Removed allowed calls to trust_personal_key with an own_identity. Trusting a pubkey from the same user and another device will require using a different user_id or calling set_own_key (on a pub/priv keypair) ENGINE-507
authorKrista 'DarthMama' Bennett <krista@pep.foundation>
Mon, 14 Jan 2019 18:54:27 +0100
branchENGINE-507
changeset 322147b815c5ba76
parent 3217 79720a7b9c49
child 3222 fcc3d6543681
Removed allowed calls to trust_personal_key with an own_identity. Trusting a pubkey from the same user and another device will require using a different user_id or calling set_own_key (on a pub/priv keypair)
src/keymanagement.c
src/keymanagement.h
     1.1 --- a/src/keymanagement.c	Mon Jan 14 13:00:09 2019 +0100
     1.2 +++ b/src/keymanagement.c	Mon Jan 14 18:54:27 2019 +0100
     1.3 @@ -1415,7 +1415,9 @@
     1.4              EMPTYSTR(ident->fpr))
     1.5          return PEP_ILLEGAL_VALUE;
     1.6  
     1.7 -    //bool ident_has_trusted_default = false;
     1.8 +    if (is_me(session, ident))
     1.9 +        return PEP_ILLEGAL_VALUE;
    1.10 +        
    1.11      char* ident_default_fpr = NULL;
    1.12  
    1.13      // Before we do anything, be sure the input fpr is even eligible to be trusted
    1.14 @@ -1428,8 +1430,6 @@
    1.15      if (status != PEP_STATUS_OK)
    1.16          return status;
    1.17  
    1.18 -    bool me = is_me(session, ident);
    1.19 -
    1.20      pEp_identity* ident_copy = identity_dup(ident);
    1.21      char* cached_fpr = NULL;
    1.22  
    1.23 @@ -1438,23 +1438,7 @@
    1.24  
    1.25      // For later, in case we need to check the user default key
    1.26      pEp_identity* tmp_user_ident = NULL;
    1.27 -
    1.28 -    if (me) {
    1.29 -        bool has_private = false;
    1.30 -        // first of all, does this key even have a private component.
    1.31 -        status = contains_priv_key(session, ident->fpr, &has_private);
    1.32 -        if (status != PEP_STATUS_OK && status != PEP_KEY_NOT_FOUND)
    1.33 -            goto pep_free;
    1.34 -            
    1.35 -        // if (has_private) {
    1.36 -        //     status = set_own_key(session, ident_copy, ident->fpr); 
    1.37 -        //     goto pep_free;
    1.38 -        // }
    1.39 -    }
    1.40 -    
    1.41 -    // Either it's not me, or it's me but the key has no private key. 
    1.42 -    // We're only talking about pub keys here. Moving on.
    1.43 -    
    1.44 +        
    1.45      // Save the input fpr, which we already tested as non-NULL
    1.46      cached_fpr = strdup(ident->fpr);
    1.47  
    1.48 @@ -1470,10 +1454,7 @@
    1.49          tmp_id->comm_type = _MAX(tmp_id->comm_type, input_default_ct) | PEP_ct_confirmed;
    1.50  
    1.51          // Get the default identity without setting the fpr                                       
    1.52 -        if (me)
    1.53 -            status = _myself(session, ident_copy, false, true);
    1.54 -        else    
    1.55 -            status = update_identity(session, ident_copy);
    1.56 +        status = update_identity(session, ident_copy);
    1.57              
    1.58          ident_default_fpr = (EMPTYSTR(ident_copy->fpr) ? NULL : strdup(ident_copy->fpr));
    1.59  
    1.60 @@ -1481,13 +1462,13 @@
    1.61              bool trusted_default = false;
    1.62  
    1.63              // If there's no default, or the default is different from the input...
    1.64 -            if (me || EMPTYSTR(ident_default_fpr) || strcmp(cached_fpr, ident_default_fpr) != 0) {
    1.65 +            if (EMPTYSTR(ident_default_fpr) || strcmp(cached_fpr, ident_default_fpr) != 0) {
    1.66                  
    1.67                  // If the default fpr (if there is one) is trusted and key is strong enough,
    1.68                  // don't replace, we just set the trusted bit on this key for this user_id...
    1.69                  // (If there's no default fpr, this won't be true anyway.)
    1.70 -                if (me || (ident_copy->comm_type >= PEP_ct_strong_but_unconfirmed && 
    1.71 -                          (ident_copy->comm_type & PEP_ct_confirmed))) {                        
    1.72 +                if ((ident_copy->comm_type >= PEP_ct_strong_but_unconfirmed && 
    1.73 +                    (ident_copy->comm_type & PEP_ct_confirmed))) {                        
    1.74  
    1.75                      trusted_default = true;
    1.76                                      
     2.1 --- a/src/keymanagement.h	Mon Jan 14 13:00:09 2019 +0100
     2.2 +++ b/src/keymanagement.h	Mon Jan 14 18:54:27 2019 +0100
     2.3 @@ -228,15 +228,17 @@
     2.4  //
     2.5  //  parameters:
     2.6  //      session (in)        session to use
     2.7 -//      ident (in)          person and key to trust in
     2.8 +//      ident (in)          person and key to trust in - this must not be an
     2.9 +//                          own_identity in which the .me flag is set or
    2.10 +//                          the user_id is an own user_id.
    2.11  //
    2.12  //  caveat:
    2.13  //      the fields user_id, address and fpr must be supplied
    2.14 +//      own identities will result in a return of PEP_ILLEGAL_VALUE.
    2.15  //      for non-own users, this will 1) set the trust bit on its comm type in the DB,
    2.16  //      2) set this key as the identity default if the current identity default
    2.17  //      is not trusted, and 3) set this key as the user default if the current
    2.18  //      user default is not trusted.
    2.19 -//      For an own user, this is simply a call to myself().
    2.20  
    2.21  DYNAMIC_API PEP_STATUS trust_personal_key(
    2.22          PEP_SESSION session,