ENGINE-27: intermittent commit, update_identity should now never try to set or return a blacklisted key ENGINE-27
authorKrista Grothoff <krista@pep-project.org>
Sun, 25 Sep 2016 17:46:27 +0200
branchENGINE-27
changeset 1188cfe67b49b72b
parent 1186 3b9e4b2666d4
child 1189 191016bbca66
ENGINE-27: intermittent commit, update_identity should now never try to set or return a blacklisted key
src/keymanagement.c
     1.1 --- a/src/keymanagement.c	Sat Sep 24 18:28:21 2016 +0200
     1.2 +++ b/src/keymanagement.c	Sun Sep 25 17:46:27 2016 +0200
     1.3 @@ -145,20 +145,60 @@
     1.4      if (status == PEP_OUT_OF_MEMORY)
     1.5          goto exit_free;
     1.6  
     1.7 -    /* ALWAYS elect pubkey */
     1.8 +    /* We elect a pubkey first in case there's no acceptable stored fpr */
     1.9      status = elect_pubkey(session, identity);
    1.10      if (status != PEP_STATUS_OK)
    1.11          goto exit_free;
    1.12 -    
    1.13 -    _did_elect_new_key = 1; /*???*/
    1.14 -    
    1.15 +        
    1.16      if (stored_identity) {
    1.17          PEP_comm_type _comm_type_key;
    1.18 -        status = get_key_rating(session, stored_identity->fpr, &_comm_type_key);
    1.19 -        assert(status != PEP_OUT_OF_MEMORY);
    1.20 -        if (status == PEP_OUT_OF_MEMORY)
    1.21 -            goto exit_free;
    1.22 -
    1.23 +        
    1.24 +        bool dont_use_fpr = true;
    1.25 +        status = blacklist_is_listed(session, stored_identity->fpr, &dont_use_fpr);
    1.26 +        if (status != PEP_STATUS_OK)
    1.27 +            dont_use_fpr = true; 
    1.28 +            
    1.29 +        if (dont_use_fpr && !(EMPTYSTR(identity->fpr))) {
    1.30 +            /* elected pubkey */
    1.31 +            if (status != PEP_STATUS_OK)
    1.32 +                goto exit_free;
    1.33 +            status = blacklist_is_listed(session, identity->fpr, &dont_use_fpr);
    1.34 +            if (dont_use_fpr) {
    1.35 +                free(identity->fpr);
    1.36 +                identity->fpr = NULL;
    1.37 +            }
    1.38 +            else {
    1.39 +                _did_elect_new_key = 1;
    1.40 +            }
    1.41 +        }
    1.42 +        else {
    1.43 +            identity->fpr = strdup(stored_identity->fpr);
    1.44 +            assert(identity->fpr);
    1.45 +            if (identity->fpr == NULL)
    1.46 +                return PEP_OUT_OF_MEMORY;
    1.47 +            
    1.48 +        }
    1.49 +        
    1.50 +        /* Ok, at this point, we either have a non-blacklisted fpr we can work */
    1.51 +        /* with, or we've got nada.                                            */        
    1.52 +        if (!EMPTYSTR(identity->fpr)) {
    1.53 +            status = get_key_rating(session, identity->fpr, &_comm_type_key);
    1.54 +            assert(status != PEP_OUT_OF_MEMORY);
    1.55 +            if (status == PEP_OUT_OF_MEMORY)
    1.56 +                goto exit_free;
    1.57 +            status = get_trust(session, identity);
    1.58 +            if (status == PEP_OUT_OF_MEMORY)
    1.59 +                goto exit_free;
    1.60 +            if (_comm_type_key < PEP_ct_unconfirmed_encryption) {
    1.61 +                identity->comm_type = _comm_type_key;
    1.62 +            } else{
    1.63 +                identity->comm_type = stored_identity->comm_type;
    1.64 +                if (identity->comm_type == PEP_ct_unknown) {
    1.65 +                    identity->comm_type = _comm_type_key;
    1.66 +                }
    1.67 +            }
    1.68 +        }
    1.69 +            
    1.70          if (EMPTYSTR(identity->username)) {
    1.71              free(identity->username);
    1.72              identity->username = strdup(stored_identity->username);
    1.73 @@ -169,45 +209,6 @@
    1.74              }
    1.75          }
    1.76  
    1.77 -        if (EMPTYSTR(identity->fpr)) {
    1.78 -            identity->fpr = strdup(stored_identity->fpr);
    1.79 -            assert(identity->fpr);
    1.80 -            if (identity->fpr == NULL)
    1.81 -                return PEP_OUT_OF_MEMORY;
    1.82 -            if (_comm_type_key < PEP_ct_unconfirmed_encryption) {
    1.83 -                PEP_STATUS status = elect_pubkey(session, identity);
    1.84 -                if (status != PEP_STATUS_OK)
    1.85 -                    goto exit_free;
    1.86 -
    1.87 -                _did_elect_new_key = 1;
    1.88 -            }
    1.89 -            else {
    1.90 -                identity->comm_type = stored_identity->comm_type;
    1.91 -            }
    1.92 -        }
    1.93 -        else /* !EMPTYSTR(identity->fpr) */ {
    1.94 -            if (_same_fpr(identity->fpr,
    1.95 -                          strlen(identity->fpr),
    1.96 -                          stored_identity->fpr,
    1.97 -                          strlen(stored_identity->fpr))) {
    1.98 -                if (_comm_type_key < PEP_ct_unconfirmed_encryption) {
    1.99 -                    identity->comm_type = _comm_type_key;
   1.100 -                }else{
   1.101 -                    identity->comm_type = stored_identity->comm_type;
   1.102 -                    if (identity->comm_type == PEP_ct_unknown) {
   1.103 -                        identity->comm_type = _comm_type_key;
   1.104 -                    }
   1.105 -                }
   1.106 -            } else {
   1.107 -                status = get_trust(session, identity);
   1.108 -                assert(status != PEP_OUT_OF_MEMORY);
   1.109 -                if (status == PEP_OUT_OF_MEMORY)
   1.110 -                    goto exit_free;
   1.111 -                if (identity->comm_type < stored_identity->comm_type)
   1.112 -                    identity->comm_type = PEP_ct_unknown;
   1.113 -            }
   1.114 -        }
   1.115 -
   1.116          if (identity->lang[0] == 0) {
   1.117              identity->lang[0] = stored_identity->lang[0];
   1.118              identity->lang[1] = stored_identity->lang[1];
   1.119 @@ -219,6 +220,7 @@
   1.120      else /* stored_identity == NULL */ {
   1.121          identity->flags = 0;
   1.122  
   1.123 +        /* Work with the elected key from above */
   1.124          if (!EMPTYSTR(identity->fpr)) {
   1.125              PEP_comm_type _comm_type_key;
   1.126  
   1.127 @@ -229,11 +231,6 @@
   1.128  
   1.129              identity->comm_type = _comm_type_key;
   1.130          }
   1.131 -        else /* EMPTYSTR(identity->fpr) */ {
   1.132 -            PEP_STATUS status = elect_pubkey(session, identity);
   1.133 -            if (status != PEP_STATUS_OK)
   1.134 -                goto exit_free;
   1.135 -        }
   1.136      }
   1.137  
   1.138      status = PEP_STATUS_OK;