ENGINE-332: key_reset_trust and key mistrust fixed ENGINE-332
authorKrista Bennett <krista@pep-project.org>
Mon, 22 Jan 2018 17:40:44 +0100
branchENGINE-332
changeset 243566750e44dc49
parent 2433 5ecf504e88eb
child 2438 9e20316df746
ENGINE-332: key_reset_trust and key mistrust fixed
src/keymanagement.c
src/keymanagement.h
src/pEpEngine.c
src/pEpEngine.h
src/pEp_internal.h
     1.1 --- a/src/keymanagement.c	Mon Jan 22 11:11:38 2018 +0100
     1.2 +++ b/src/keymanagement.c	Mon Jan 22 17:40:44 2018 +0100
     1.3 @@ -1063,7 +1063,7 @@
     1.4          if (session->cached_mistrusted)
     1.5              free(session->cached_mistrusted);
     1.6          session->cached_mistrusted = identity_dup(ident);
     1.7 -        status = mark_as_compromized(session, ident->fpr);
     1.8 +        status = set_trust(session, ident->user_id, ident->fpr, PEP_ct_mistrusted);
     1.9      }
    1.10  
    1.11      return status;
    1.12 @@ -1109,33 +1109,58 @@
    1.13      if (!(session && ident && ident->fpr && ident->fpr[0] != '\0' && ident->address &&
    1.14              ident->user_id))
    1.15          return PEP_ILLEGAL_VALUE;
    1.16 -        
    1.17 -    bool me = is_me(session, ident); 
    1.18 -
    1.19 -    if (me)
    1.20 -        status = myself(session, ident);
    1.21 -    else     
    1.22 -        status = update_identity(session, ident);
    1.23 -        
    1.24 -    if (status != PEP_STATUS_OK)
    1.25 -        return status;
    1.26 -
    1.27 -    if (ident->comm_type == PEP_ct_mistrusted)
    1.28 -        ident->comm_type = PEP_ct_unknown;
    1.29 -    else
    1.30 -        ident->comm_type &= ~PEP_ct_confirmed;
    1.31 -
    1.32 -    status = set_identity(session, ident);
    1.33      
    1.34 -    // FIXME: remove key as default for user_id
    1.35 +    pEp_identity* tmp_ident = NULL;
    1.36 +    
    1.37 +    status = get_trust(session, ident);
    1.38      
    1.39      if (status != PEP_STATUS_OK)
    1.40          return status;
    1.41 +        
    1.42 +    PEP_comm_type new_trust = PEP_ct_unknown;
    1.43  
    1.44 -    // FIXME: What is this point of this here??
    1.45 -    if (ident->comm_type == PEP_ct_unknown && !me) {
    1.46 -        status = update_identity(session, ident);
    1.47 +    if (ident->comm_type != PEP_ct_mistrusted)
    1.48 +        new_trust = ident->comm_type & ~PEP_ct_confirmed;
    1.49 +
    1.50 +    status = set_trust(session, ident->user_id, ident->fpr, new_trust);
    1.51 +    
    1.52 +    if (status != PEP_STATUS_OK)
    1.53 +        return status;
    1.54 +        
    1.55 +    ident->comm_type = new_trust;
    1.56 +        
    1.57 +    tmp_ident = new_identity(ident->address, NULL, ident->user_id, NULL);
    1.58 +
    1.59 +    if (!tmp_ident)
    1.60 +        return PEP_OUT_OF_MEMORY;
    1.61 +    
    1.62 +    status = update_identity(session, tmp_ident);
    1.63 +    
    1.64 +    if (status != PEP_STATUS_OK)
    1.65 +        goto pep_free;
    1.66 +    
    1.67 +    // remove as default if necessary
    1.68 +    if (strcmp(tmp_ident->fpr, ident->fpr) == 0) {
    1.69 +        free(tmp_ident->fpr);
    1.70 +        tmp_ident->fpr = NULL;
    1.71 +        tmp_ident->comm_type = PEP_ct_unknown;
    1.72 +        status = set_identity(session, tmp_ident);
    1.73 +        if (status != PEP_STATUS_OK)
    1.74 +            goto pep_free;
    1.75      }
    1.76 +    
    1.77 +    char* user_default = NULL;
    1.78 +    status = get_main_user_fpr(session, tmp_ident->user_id, &user_default);
    1.79 +    
    1.80 +    if (!EMPTYSTR(user_default)) {
    1.81 +        if (strcmp(user_default, ident->fpr) == 0)
    1.82 +            status = refresh_userid_default_key(session, ident->user_id);
    1.83 +        if (status != PEP_STATUS_OK)
    1.84 +            goto pep_free;    
    1.85 +    }
    1.86 +            
    1.87 +pep_free:
    1.88 +    free_identity(tmp_ident);
    1.89      return status;
    1.90  }
    1.91  
    1.92 @@ -1221,9 +1246,7 @@
    1.93                  // Ok, there wasn't a trusted default, so we replaced. Thus, we also
    1.94                  // make sure there's a trusted default on the user_id. If there
    1.95                  // is not, we make this the default.
    1.96 -
    1.97                  char* user_default = NULL;
    1.98 -            
    1.99                  status = get_main_user_fpr(session, ident->user_id, &user_default);
   1.100              
   1.101                  if (status == PEP_STATUS_OK && user_default) {
   1.102 @@ -1248,7 +1271,7 @@
   1.103              }
   1.104          }
   1.105          free(ident_default_fpr);
   1.106 -        free(cached_fpr); // we took ownership upon successful update_identity call above
   1.107 +        free(cached_fpr);
   1.108          free_identity(tmp_id);
   1.109      }    
   1.110  
     2.1 --- a/src/keymanagement.h	Mon Jan 22 11:11:38 2018 +0100
     2.2 +++ b/src/keymanagement.h	Mon Jan 22 17:40:44 2018 +0100
     2.3 @@ -229,9 +229,8 @@
     2.4      );
     2.5  
     2.6  
     2.7 -// key_reset_trust() - undo trust_personal_key and key_mistrusted() for keys
     2.8 -//                     we don't own
     2.9 -//
    2.10 +// key_reset_trust() - reset trust bit or explicitly mistrusted status for an identity and
    2.11 +//                     its accompanying key/user_id pair.
    2.12  //  parameters:
    2.13  //      session (in)        session to use
    2.14  //      ident (in)          person and key which was compromized
     3.1 --- a/src/pEpEngine.c	Mon Jan 22 11:11:38 2018 +0100
     3.2 +++ b/src/pEpEngine.c	Mon Jan 22 17:40:44 2018 +0100
     3.3 @@ -114,7 +114,7 @@
     3.4      "where id = ?2;";
     3.5  
     3.6  static const char *sql_replace_main_user_fpr =  
     3.7 -    "update person"
     3.8 +    "update person "
     3.9      "   set main_key_id = ?1 "
    3.10      "   where id = ?2 ;";
    3.11  
    3.12 @@ -122,6 +122,18 @@
    3.13      "select main_key_id from person"
    3.14      "   where id = ?1 ;";
    3.15  
    3.16 +static const char *sql_refresh_userid_default_key =
    3.17 +    "update person "
    3.18 +    "   set main_key_id = "
    3.19 +    "       (select identity.main_key_id from identity "
    3.20 +    "           join trust on trust.user_id = identity.user_id "
    3.21 +    "               and trust.pgp_keypair_fpr = identity.main_key_id "
    3.22 +    "           join person on identity.user_id = identity.user_id "
    3.23 +    "       where identity.user_id = ?1 "
    3.24 +    "       order by trust.comm_type desc "
    3.25 +    "       limit 1) "
    3.26 +    "where id = ?1 ; ";
    3.27 +
    3.28  static const char *sql_get_device_group = 
    3.29      "select device_group from person "
    3.30      "where id = ?1;";
    3.31 @@ -840,6 +852,10 @@
    3.32              (int)strlen(sql_get_main_user_fpr), &_session->get_main_user_fpr, NULL);
    3.33      assert(int_result == SQLITE_OK);
    3.34  
    3.35 +    int_result = sqlite3_prepare_v2(_session->db, sql_refresh_userid_default_key,
    3.36 +            (int)strlen(sql_refresh_userid_default_key), &_session->refresh_userid_default_key, NULL);
    3.37 +    assert(int_result == SQLITE_OK);
    3.38 +
    3.39      int_result = sqlite3_prepare_v2(_session->db, sql_replace_identities_fpr,
    3.40              (int)strlen(sql_replace_identities_fpr), 
    3.41              &_session->replace_identities_fpr, NULL);
    3.42 @@ -1137,7 +1153,9 @@
    3.43              if (session->replace_main_user_fpr)
    3.44                  sqlite3_finalize(session->replace_main_user_fpr);                
    3.45              if (session->get_main_user_fpr)
    3.46 -                sqlite3_finalize(session->get_main_user_fpr);                    
    3.47 +                sqlite3_finalize(session->get_main_user_fpr);
    3.48 +            if (session->refresh_userid_default_key)
    3.49 +                sqlite3_finalize(session->refresh_userid_default_key);
    3.50              if (session->blacklist_add)
    3.51                  sqlite3_finalize(session->blacklist_add);
    3.52              if (session->blacklist_delete)
    3.53 @@ -2113,8 +2131,8 @@
    3.54      sqlite3_reset(session->unset_identity_flags);
    3.55      if (result != SQLITE_DONE)
    3.56          return PEP_CANNOT_SET_IDENTITY;
    3.57 -
    3.58 -    identity->flags &= ~flags;
    3.59 +        identity->flags &= ~flags;
    3.60 +
    3.61      return PEP_STATUS_OK;
    3.62  }
    3.63  
    3.64 @@ -2144,6 +2162,26 @@
    3.65      return PEP_STATUS_OK;
    3.66  }
    3.67  
    3.68 +PEP_STATUS refresh_userid_default_key(PEP_SESSION session, const char* user_id) {
    3.69 +    assert(session);
    3.70 +    assert(user_id);
    3.71 +    
    3.72 +    if (!session || !user_id)
    3.73 +        return PEP_ILLEGAL_VALUE;
    3.74 +
    3.75 +    int result;
    3.76 +
    3.77 +    sqlite3_reset(session->refresh_userid_default_key);
    3.78 +    sqlite3_bind_text(session->refresh_userid_default_key, 1, user_id, -1,
    3.79 +            SQLITE_STATIC);
    3.80 +    result = sqlite3_step(session->refresh_userid_default_key);
    3.81 +    sqlite3_reset(session->refresh_userid_default_key);
    3.82 +    if (result != SQLITE_DONE)
    3.83 +        return PEP_CANNOT_SET_PERSON;
    3.84 +
    3.85 +    return PEP_STATUS_OK;    
    3.86 +}
    3.87 +
    3.88  PEP_STATUS replace_main_user_fpr(PEP_SESSION session, const char* user_id,
    3.89                                   const char* new_fpr) {
    3.90      assert(session);
    3.91 @@ -2169,8 +2207,8 @@
    3.92  }
    3.93  
    3.94  PEP_STATUS get_main_user_fpr(PEP_SESSION session, 
    3.95 -                                         const char* user_id,
    3.96 -                                         char** main_fpr)
    3.97 +                             const char* user_id,
    3.98 +                             char** main_fpr)
    3.99  {
   3.100      PEP_STATUS status = PEP_STATUS_OK;
   3.101      int result;
     4.1 --- a/src/pEpEngine.h	Mon Jan 22 11:11:38 2018 +0100
     4.2 +++ b/src/pEpEngine.h	Mon Jan 22 17:40:44 2018 +0100
     4.3 @@ -1227,6 +1227,8 @@
     4.4  PEP_STATUS replace_main_user_fpr(PEP_SESSION session, const char* user_id,
     4.5                                const char* new_fpr);
     4.6      
     4.7 +PEP_STATUS refresh_userid_default_key(PEP_SESSION session, const char* user_id);
     4.8 +
     4.9  #ifdef __cplusplus
    4.10  }
    4.11  #endif
     5.1 --- a/src/pEp_internal.h	Mon Jan 22 11:11:38 2018 +0100
     5.2 +++ b/src/pEp_internal.h	Mon Jan 22 17:40:44 2018 +0100
     5.3 @@ -128,6 +128,7 @@
     5.4      sqlite3_stmt *replace_identities_fpr;
     5.5      sqlite3_stmt *replace_main_user_fpr;
     5.6      sqlite3_stmt *get_main_user_fpr;
     5.7 +    sqlite3_stmt *refresh_userid_default_key;
     5.8      sqlite3_stmt *remove_fpr_as_default;
     5.9      sqlite3_stmt *set_person;
    5.10      sqlite3_stmt *set_device_group;