merge "default" into my branch ENGINE-199
authorRoker <roker@pep-project.org>
Tue, 09 May 2017 09:31:15 +0200
branchENGINE-199
changeset 1764e1c31ee55aad
parent 1754 a9e54ca6c043
parent 1763 8428975706d9
child 1765 1693d16c36ea
merge "default" into my branch
src/keymanagement.c
src/message_api.c
src/pEpEngine.c
src/pEp_internal.h
     1.1 --- a/src/keymanagement.c	Mon May 08 08:21:24 2017 +0200
     1.2 +++ b/src/keymanagement.c	Tue May 09 09:31:15 2017 +0200
     1.3 @@ -339,19 +339,14 @@
     1.4          for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
     1.5              bool is_own = false;
     1.6              
     1.7 -            if (session->use_only_own_private_keys)
     1.8 -            {
     1.9 -                status = own_key_is_listed(session, _keylist->value, &is_own);
    1.10 -                assert(status == PEP_STATUS_OK);
    1.11 -                if (status != PEP_STATUS_OK) {
    1.12 -                    free_stringlist(keylist);
    1.13 -                    return status;
    1.14 -                }
    1.15 +            status = own_key_is_listed(session, _keylist->value, &is_own);
    1.16 +            assert(status == PEP_STATUS_OK);
    1.17 +            if (status != PEP_STATUS_OK) {
    1.18 +                free_stringlist(keylist);
    1.19 +                return status;
    1.20              }
    1.21 -
    1.22 -            // TODO : also accept synchronized device group keys ?
    1.23              
    1.24 -            if (!session->use_only_own_private_keys || is_own)
    1.25 +            if (is_own)
    1.26              {
    1.27                  PEP_comm_type _comm_type_key;
    1.28                  
    1.29 @@ -543,8 +538,7 @@
    1.30      {
    1.31          status = key_revoked(session, identity->fpr, &revoked);
    1.32  
    1.33 -        // Forces re-election if key is missing and own-key-only not forced
    1.34 -        if (!session->use_only_own_private_keys && status == PEP_KEY_NOT_FOUND) 
    1.35 +        if (status != PEP_STATUS_OK) 
    1.36          {
    1.37              status = elect_ownkey(session, identity);
    1.38              assert(status == PEP_STATUS_OK);
    1.39 @@ -1010,7 +1004,7 @@
    1.40      return _own_keys_retrieve(session, keylist, 0);
    1.41  }
    1.42  
    1.43 -// TODO: Unused for now, but should be used when sync receive old keys (ENGINE-145)
    1.44 +// FIXME: should it be be used when sync receive old keys ? (ENGINE-145)
    1.45  DYNAMIC_API PEP_STATUS set_own_key(
    1.46         PEP_SESSION session,
    1.47         const char *address,
    1.48 @@ -1020,12 +1014,12 @@
    1.49      PEP_STATUS status = PEP_STATUS_OK;
    1.50      
    1.51      assert(session &&
    1.52 -           address && address[0] &&
    1.53 +           address &&
    1.54             fpr && fpr[0]
    1.55            );
    1.56      
    1.57      if (!(session &&
    1.58 -          address && address[0] &&
    1.59 +          address &&
    1.60            fpr && fpr[0]
    1.61           ))
    1.62          return PEP_ILLEGAL_VALUE;
     2.1 --- a/src/keymanagement.h	Mon May 08 08:21:24 2017 +0200
     2.2 +++ b/src/keymanagement.h	Tue May 09 09:31:15 2017 +0200
     2.3 @@ -235,6 +235,12 @@
     2.4          stringlist_t **keylist
     2.5        );
     2.6  
     2.7 +DYNAMIC_API PEP_STATUS set_own_key(
     2.8 +       PEP_SESSION session,
     2.9 +       const char *address,
    2.10 +       const char *fpr
    2.11 +    );
    2.12 +
    2.13  #ifdef __cplusplus
    2.14  }
    2.15  #endif
     3.1 --- a/src/message_api.c	Mon May 08 08:21:24 2017 +0200
     3.2 +++ b/src/message_api.c	Tue May 09 09:31:15 2017 +0200
     3.3 @@ -1458,8 +1458,8 @@
     3.4  
     3.5      char* curr_line = signpost;
     3.6  //    const char* end_text = ptext + psize;
     3.7 -    const char* boundary_key = "boundary=\"";
     3.8 -    const size_t BOUNDARY_KEY_SIZE = 10;
     3.9 +    const char* boundary_key = "boundary=";
    3.10 +    const size_t BOUNDARY_KEY_SIZE = 9;
    3.11  
    3.12      char* start_boundary = strstr(curr_line, boundary_key);
    3.13      if (!start_boundary)
    3.14 @@ -1467,11 +1467,17 @@
    3.15  
    3.16      start_boundary += BOUNDARY_KEY_SIZE;
    3.17  
    3.18 -    char* end_boundary = strstr(start_boundary, "\"");
    3.19 +    bool quoted = (*start_boundary == '"');
    3.20 +
    3.21 +    if (quoted)
    3.22 +        start_boundary++;
    3.23 +        
    3.24 +    char* end_boundary = (quoted ? strstr(start_boundary, "\"") : strstr(start_boundary, ";")); // FIXME: third possiblity is CRLF, or?
    3.25  
    3.26      if (!end_boundary)
    3.27          return PEP_UNKNOWN_ERROR;
    3.28  
    3.29 +    // Add space for the "--"
    3.30      size_t boundary_strlen = (end_boundary - start_boundary) + 2;
    3.31  
    3.32      signed_boundary = calloc(1, boundary_strlen + 1);
    3.33 @@ -1485,7 +1491,11 @@
    3.34  
    3.35      start_boundary += boundary_strlen;
    3.36  
    3.37 -    while (*start_boundary == '\n')
    3.38 +    if (*start_boundary == '\r') {
    3.39 +        if (*(start_boundary + 1) == '\n')
    3.40 +            start_boundary += 2;
    3.41 +    }
    3.42 +    else if (*start_boundary == '\n')
    3.43          start_boundary++;
    3.44  
    3.45      end_boundary = strstr(start_boundary + boundary_strlen, signed_boundary);
    3.46 @@ -1493,7 +1503,7 @@
    3.47      if (!end_boundary)
    3.48          return PEP_UNKNOWN_ERROR;
    3.49  
    3.50 -    end_boundary--; // See RFC3156 section 5...
    3.51 +    end_boundary--; // See RFC3156 section 5... FIXME: could be 2? CRLF?
    3.52  
    3.53      *ssize = end_boundary - start_boundary;
    3.54      *stext = start_boundary;
     4.1 --- a/src/pEpEngine.c	Mon May 08 08:21:24 2017 +0200
     4.2 +++ b/src/pEpEngine.c	Tue May 09 09:31:15 2017 +0200
     4.3 @@ -136,7 +136,11 @@
     4.4      " union "
     4.5      "  select main_key_id from identity "
     4.6      "   where main_key_id = upper(replace(?1,' ',''))"
     4.7 -    "    and user_id = '" PEP_OWN_USERID "' );";
     4.8 +    "    and user_id = '" PEP_OWN_USERID "' "
     4.9 +    " union "
    4.10 +    "  select fpr from own_keys "
    4.11 +    "   where fpr = upper(replace(?1,' ',''))"
    4.12 +    " );";
    4.13  
    4.14  static const char *sql_own_identities_retrieve =  
    4.15      "select address, fpr, username, "
    4.16 @@ -209,6 +213,7 @@
    4.17      int int_result;
    4.18      
    4.19      bool in_first = false;
    4.20 +    bool very_first = false;
    4.21  
    4.22      assert(sqlite3_threadsafe());
    4.23      if (!sqlite3_threadsafe())
    4.24 @@ -466,6 +471,11 @@
    4.25                  assert(int_result == SQLITE_OK);
    4.26              }
    4.27          }
    4.28 +        else { 
    4.29 +            // Version from DB was 0, it means this is initial setup.
    4.30 +            // DB has just been created, and all tables are empty.
    4.31 +            very_first = true;
    4.32 +        }
    4.33  
    4.34          if (version < atoi(_DDL_USER_VERSION)) {
    4.35              int_result = sqlite3_exec(
    4.36 @@ -479,7 +489,6 @@
    4.37              );
    4.38              assert(int_result == SQLITE_OK);
    4.39          }
    4.40 -
    4.41      }
    4.42  
    4.43      int_result = sqlite3_prepare_v2(_session->db, sql_log,
    4.44 @@ -639,11 +648,44 @@
    4.45      // runtime config
    4.46  
    4.47  #ifdef ANDROID
    4.48 -    _session->use_only_own_private_keys = true;
    4.49  #elif TARGET_OS_IPHONE
    4.50 -    _session->use_only_own_private_keys = true;
    4.51 -#else
    4.52 -    _session->use_only_own_private_keys = false;
    4.53 +#else /* Desktop */
    4.54 +    if (very_first)
    4.55 +    {
    4.56 +        // On first run, all private keys already present in PGP keyring 
    4.57 +        // are taken as own in order to seamlessly integrate with
    4.58 +        // pre-existing GPG setup.
    4.59 +
    4.60 +        ////////////////////////////// WARNING: ///////////////////////////
    4.61 +        // Considering all PGP priv keys as own is dangerous in case of 
    4.62 +        // re-initialization of pEp DB, while keeping PGP keyring as-is!
    4.63 +        //
    4.64 +        // Indeed, if pEpEngine did import spoofed private keys in previous
    4.65 +        // install, then those keys become automatically trusted in case 
    4.66 +        // pEp_management.db is deleted.
    4.67 +        //
    4.68 +        // A solution to distinguish bare GPG keyring from pEp keyring is
    4.69 +        // needed here. Then keys managed by pEpEngine wouldn't be
    4.70 +        // confused with GPG keys managed by the user through GPA.
    4.71 +        ///////////////////////////////////////////////////////////////////
    4.72 +        
    4.73 +        stringlist_t *keylist = NULL;
    4.74 +
    4.75 +        status = find_private_keys(_session, NULL, &keylist);
    4.76 +        assert(status != PEP_OUT_OF_MEMORY);
    4.77 +        if (status == PEP_OUT_OF_MEMORY)
    4.78 +            return PEP_OUT_OF_MEMORY;
    4.79 +        
    4.80 +        if (keylist != NULL && keylist->value != NULL)
    4.81 +        {
    4.82 +            stringlist_t *_keylist;
    4.83 +            for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
    4.84 +                status = set_own_key(_session, 
    4.85 +                                     "" /* address is unused in own_keys */,
    4.86 +                                     _keylist->value);
    4.87 +            }
    4.88 +        }
    4.89 +    }
    4.90  #endif
    4.91  
    4.92      // sync_session set to own session by default
    4.93 @@ -772,13 +814,6 @@
    4.94      session->unencrypted_subject = enable;
    4.95  }
    4.96  
    4.97 -DYNAMIC_API void config_use_only_own_private_keys(PEP_SESSION session,
    4.98 -        bool enable)
    4.99 -{
   4.100 -    assert(session);
   4.101 -    session->use_only_own_private_keys = enable;
   4.102 -}
   4.103 -
   4.104  DYNAMIC_API void config_keep_sync_msg(PEP_SESSION session, bool enable)
   4.105  {
   4.106      assert(session);
   4.107 @@ -2245,8 +2280,8 @@
   4.108  
   4.109  PEP_STATUS find_private_keys(PEP_SESSION session, const char* pattern,
   4.110                               stringlist_t **keylist) {
   4.111 -    assert(session && pattern && keylist);
   4.112 -    if (!(session && pattern && keylist))
   4.113 +    assert(session && keylist);
   4.114 +    if (!(session && keylist))
   4.115          return PEP_ILLEGAL_VALUE;
   4.116      
   4.117      return session->cryptotech[PEP_crypt_OpenPGP].find_private_keys(session, pattern,
     5.1 --- a/src/pEp_internal.h	Mon May 08 08:21:24 2017 +0200
     5.2 +++ b/src/pEp_internal.h	Tue May 09 09:31:15 2017 +0200
     5.3 @@ -159,7 +159,6 @@
     5.4  
     5.5      bool passive_mode;
     5.6      bool unencrypted_subject;
     5.7 -    bool use_only_own_private_keys;
     5.8      bool keep_sync_msg;
     5.9      
    5.10  #ifdef DEBUG_ERRORSTACK
     6.1 --- a/src/pgp_gpg.c	Mon May 08 08:21:24 2017 +0200
     6.2 +++ b/src/pgp_gpg.c	Tue May 09 09:31:15 2017 +0200
     6.3 @@ -1547,7 +1547,6 @@
     6.4      gpgme_key_t key;
     6.5  
     6.6      assert(session);
     6.7 -    assert(pattern);
     6.8      assert(keylist);
     6.9  
    6.10      *keylist = NULL;
    6.11 @@ -1584,7 +1583,9 @@
    6.12                  gpgme_user_id_t kuid = key->uids;
    6.13                  // check that at least one uid's email matches pattern exactly
    6.14                  while(kuid) {
    6.15 -                    if(kuid->email && strcmp(kuid->email, pattern) == 0){
    6.16 +                    if((pattern && kuid->email && strcmp(kuid->email, pattern) == 0) ||
    6.17 +                       pattern == NULL /* match all */ )
    6.18 +                    { 
    6.19                          char *fpr = key->subkeys->fpr;
    6.20                          assert(fpr);
    6.21                          _k = stringlist_add(_k, fpr);