ENGINE-294: blacklisting is now only checked in identity_rating, outgoing_message_rating and encrypt_message, and then only for OpenPGP comm_types. ENGINE-294
authorKrista Bennett <krista@pep-project.org>
Wed, 28 Feb 2018 14:54:30 +0100
branchENGINE-294
changeset 25495fc5d6be0b36
parent 2548 3bfda8f2136e
child 2550 02d3455902ba
child 2713 86e283ad2502
ENGINE-294: blacklisting is now only checked in identity_rating, outgoing_message_rating and encrypt_message, and then only for OpenPGP comm_types.
src/keymanagement.c
src/message_api.c
src/pEpEngine.c
src/pEpEngine.h
src/pEp_internal.h
test/blacklist_accept_new_key_test.cc
test/blacklist_test.cc
     1.1 --- a/src/keymanagement.c	Wed Feb 28 12:24:48 2018 +0100
     1.2 +++ b/src/keymanagement.c	Wed Feb 28 14:54:30 2018 +0100
     1.3 @@ -174,7 +174,7 @@
     1.4          if (status != PEP_STATUS_OK)
     1.5              return status;
     1.6  
     1.7 -        if (check_blacklist && (ct | PEP_ct_confirmed) == PEP_ct_OpenPGP &&
     1.8 +        if (check_blacklist && IS_PGP_CT(ct) &&
     1.9              !ident->me) {
    1.10              status = blacklist_is_listed(session, 
    1.11                                           fpr, 
    1.12 @@ -866,19 +866,10 @@
    1.13  PEP_STATUS _has_usable_priv_key(PEP_SESSION session, char* fpr,
    1.14                                  bool* is_usable) {
    1.15      
    1.16 -    bool dont_use_fpr = true;
    1.17 +    bool has_private = false;
    1.18 +    PEP_STATUS status = contains_priv_key(session, fpr, &has_private);
    1.19      
    1.20 -    PEP_STATUS status = blacklist_is_listed(session, fpr, &dont_use_fpr);
    1.21 -    if (status == PEP_STATUS_OK && !dont_use_fpr) {
    1.22 -        // Make sure there is a *private* key associated with this fpr
    1.23 -        bool has_private = false;
    1.24 -        status = contains_priv_key(session, fpr, &has_private);
    1.25 -
    1.26 -        if (status == PEP_STATUS_OK)
    1.27 -            dont_use_fpr = !has_private;
    1.28 -    }
    1.29 -    
    1.30 -    *is_usable = !dont_use_fpr;
    1.31 +    *is_usable = has_private;
    1.32      
    1.33      return status;
    1.34  }
     2.1 --- a/src/message_api.c	Wed Feb 28 12:24:48 2018 +0100
     2.2 +++ b/src/message_api.c	Wed Feb 28 14:54:30 2018 +0100
     2.3 @@ -1535,7 +1535,7 @@
     2.4                  _status = PEP_STATUS_OK;
     2.5              }
     2.6              bool is_blacklisted = false;
     2.7 -            if (_il->ident->fpr) {
     2.8 +            if (_il->ident->fpr && IS_PGP_CT(_il->ident->comm_type)) {
     2.9                  _status = blacklist_is_listed(session, _il->ident->fpr, &is_blacklisted);
    2.10                  if (_status != PEP_STATUS_OK) {
    2.11                      // DB error
    2.12 @@ -1587,7 +1587,7 @@
    2.13                      _status = PEP_STATUS_OK;
    2.14                  }
    2.15                  bool is_blacklisted = false;
    2.16 -                if (_il->ident->fpr) {
    2.17 +                if (_il->ident->fpr && IS_PGP_CT(_il->ident->comm_type)) {
    2.18                      _status = blacklist_is_listed(session, _il->ident->fpr, &is_blacklisted);
    2.19                      if (_status != PEP_STATUS_OK) {
    2.20                          // DB error
    2.21 @@ -1638,7 +1638,7 @@
    2.22                      _status = PEP_STATUS_OK;
    2.23                  }
    2.24                  bool is_blacklisted = false;
    2.25 -                if (_il->ident->fpr) {
    2.26 +                if (_il->ident->fpr && IS_PGP_CT(_il->ident->comm_type)) {
    2.27                      _status = blacklist_is_listed(session, _il->ident->fpr, &is_blacklisted);
    2.28                      if (_status != PEP_STATUS_OK) {
    2.29                          // DB error
    2.30 @@ -2982,7 +2982,7 @@
    2.31                  status = myself(session, il->ident);
    2.32              
    2.33              bool is_blacklisted = false;
    2.34 -            if (il->ident->fpr) {
    2.35 +            if (il->ident->fpr && IS_PGP_CT(il->ident->comm_type)) {
    2.36                  status = blacklist_is_listed(session, il->ident->fpr, &is_blacklisted);
    2.37                  if (is_blacklisted) {
    2.38                      bool user_default, ident_default, address_default; 
    2.39 @@ -3078,6 +3078,26 @@
    2.40      else
    2.41          status = update_identity(session, ident);
    2.42  
    2.43 +    bool is_blacklisted = false;
    2.44 +    
    2.45 +    if (ident->fpr && IS_PGP_CT(ident->comm_type)) {
    2.46 +        status = blacklist_is_listed(session, ident->fpr, &is_blacklisted);
    2.47 +        if (status != PEP_STATUS_OK) {
    2.48 +            return status; // DB ERROR
    2.49 +        }
    2.50 +        if (is_blacklisted) {
    2.51 +            bool user_default, ident_default, address_default; 
    2.52 +            status = get_valid_pubkey(session, ident,
    2.53 +                                       &ident_default, &user_default,
    2.54 +                                       &address_default,
    2.55 +                                       true);
    2.56 +            if (status != PEP_STATUS_OK || ident->fpr == NULL) {
    2.57 +                ident->comm_type = PEP_ct_key_not_found;
    2.58 +                status = PEP_STATUS_OK;                        
    2.59 +            }
    2.60 +        }    
    2.61 +    }
    2.62 +
    2.63      if (status == PEP_STATUS_OK)
    2.64          *rating = _rating(ident->comm_type, PEP_rating_undefined);
    2.65  
     3.1 --- a/src/pEpEngine.c	Wed Feb 28 12:24:48 2018 +0100
     3.2 +++ b/src/pEpEngine.c	Wed Feb 28 14:54:30 2018 +0100
     3.3 @@ -2385,21 +2385,8 @@
     3.4  
     3.5      PEP_STATUS status = PEP_STATUS_OK;
     3.6      
     3.7 -    bool listed;
     3.8 -
     3.9      bool has_fpr = (!EMPTYSTR(identity->fpr));
    3.10      
    3.11 -    if (has_fpr) {    
    3.12 -        // blacklist check - FIXME: ENGINE-294 will remove
    3.13 -        status = blacklist_is_listed(session, identity->fpr, &listed);
    3.14 -        assert(status == PEP_STATUS_OK);
    3.15 -        if (status != PEP_STATUS_OK)
    3.16 -            return status;
    3.17 -
    3.18 -        if (listed)
    3.19 -            return PEP_KEY_BLACKLISTED;
    3.20 -    }
    3.21 -
    3.22      sqlite3_exec(session->db, "BEGIN TRANSACTION ;", NULL, NULL, NULL);
    3.23  
    3.24      if (identity->lang[0]) {
     4.1 --- a/src/pEpEngine.h	Wed Feb 28 12:24:48 2018 +0100
     4.2 +++ b/src/pEpEngine.h	Wed Feb 28 14:54:30 2018 +0100
     4.3 @@ -600,7 +600,6 @@
     4.4  //        PEP_CANNOT_SET_PGP_KEYPAIR    writing to table pgp_keypair failed
     4.5  //        PEP_CANNOT_SET_IDENTITY       writing to table identity failed
     4.6  //        PEP_COMMIT_FAILED             SQL commit failed
     4.7 -//        PEP_KEY_BLACKLISTED           Key blacklisted, cannot set identity
     4.8  //
     4.9  //    caveat:
    4.10  //        address, fpr, user_id and username must be given
     5.1 --- a/src/pEp_internal.h	Wed Feb 28 12:24:48 2018 +0100
     5.2 +++ b/src/pEp_internal.h	Wed Feb 28 14:54:30 2018 +0100
     5.3 @@ -408,6 +408,10 @@
     5.4  #define EMPTYSTR(STR) ((STR) == NULL || (STR)[0] == '\0')
     5.5  #endif
     5.6  
     5.7 +#ifndef IS_PGP_CT
     5.8 +#define IS_PGP_CT(CT) (((CT) | PEP_ct_confirmed) == PEP_ct_OpenPGP)
     5.9 +#endif
    5.10 +
    5.11  #ifndef _MIN
    5.12  #define _MIN(A, B) ((B) > (A) ? (A) : (B))
    5.13  #endif
     6.1 --- a/test/blacklist_accept_new_key_test.cc	Wed Feb 28 12:24:48 2018 +0100
     6.2 +++ b/test/blacklist_accept_new_key_test.cc	Wed Feb 28 14:54:30 2018 +0100
     6.3 @@ -50,12 +50,14 @@
     6.4      PEP_STATUS status10 = blacklist_is_listed(session, bl_fpr_1, &is_blacklisted);
     6.5      assert(is_blacklisted);
     6.6      PEP_STATUS status11 = update_identity(session, blacklisted_identity);
     6.7 -    assert(status11 == PEP_KEY_BLACKLISTED);
     6.8 +    assert(status11 == PEP_STATUS_OK);
     6.9      assert(_streq(bl_fpr_1, blacklisted_identity->fpr));
    6.10      
    6.11      bool id_def, us_def, addr_def;
    6.12      status11 = get_valid_pubkey(session, blacklisted_identity,
    6.13                                  &id_def, &us_def, &addr_def, true);
    6.14 +    assert(blacklisted_identity->comm_type == PEP_ct_unknown);
    6.15 +                        
    6.16      if (!(blacklisted_identity->fpr))
    6.17          cout << "OK! blacklisted_identity->fpr is empty. Yay!" << endl;
    6.18      else
     7.1 --- a/test/blacklist_test.cc	Wed Feb 28 12:24:48 2018 +0100
     7.2 +++ b/test/blacklist_test.cc	Wed Feb 28 14:54:30 2018 +0100
     7.3 @@ -110,7 +110,7 @@
     7.4      PEP_STATUS status11 = update_identity(session, blacklisted_identity);
     7.5      /* new!!! */
     7.6      assert(is_blacklisted);
     7.7 -    assert(status11 == PEP_KEY_BLACKLISTED);
     7.8 +    assert(status11 == PEP_STATUS_OK);
     7.9      assert(_streq(bl_fpr_1, blacklisted_identity->fpr));
    7.10      
    7.11      bool id_def, us_def, addr_def;