security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-18 14:17:03 +01:00
Code Activity

gpg: Change TOFU_STATS to return timestamps.

Browse Source 
* g10/tofu.c (write_stats_status): Add arg FP to print a colon
formated line.  Adjust for changed TOFU_STATS interface.
(show_statistics): Let the query return timestamps and use
gnupg_get-time to compute the "time ago" values.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2016-08-24 19:56:14 +02:00
parent 5eb2682686
commit 0f1f02acc1
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 77 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
doc/DETAILS
View File

@ -60,6 +60,7 @@ described here.
- pkd :: Public key data [*] - pkd :: Public key data [*]
- grp :: Keygrip - grp :: Keygrip
- rvk :: Revocation key - rvk :: Revocation key
- tfs :: TOFU statistics [*]
- tru :: Trust database information [*] - tru :: Trust database information [*]
- spk :: Signature subpacket [*] - spk :: Signature subpacket [*]
- cfg :: Configuration data [*] - cfg :: Configuration data [*]
@ -230,6 +231,20 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
!--------- index (eg. DSA goes from 0 to 3: p,q,g,y) !--------- index (eg. DSA goes from 0 to 3: p,q,g,y)
#+end_example #+end_example
*** TFS - TOFU statistics
This field may follows a UID record to convey information about
the TOFU database. The information is similar to a TOFU_STATS
status line.
- Field 2 :: tfs record version (must be 1)
- Field 3 :: validity - A number with validity code.
- Field 4 :: signcount - The number of signatures seen.
- Field 5 :: encrcount - The number of encryptions done.
- Field 6 :: policy - A string with the policy
- Field 7 :: first-seen - a timestamp or 0 if not known.
- Field 8 :: most-recent-seen - a timestamp or 0 if not known.
*** TRU - Trust database information *** TRU - Trust database information
Example for a "tru" trust base record: Example for a "tru" trust base record:
#+begin_example #+begin_example
@ -723,9 +738,9 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
- ask :: Policy is "ask" - ask :: Policy is "ask"
- unknown :: Policy is not known. - unknown :: Policy is not known.
TM1 gives the number of seconds since the the first messages was TM1 ist the time the first messages was verified. TM2 is the time
verified. TM2 gives the number of seconds since the most recent the most recent message was verified. Both may either be seconds
message was verified. since Epoch or an ISO time string (yyyymmddThhmmss).
*** TOFU_STATS_SHORT <long_string> *** TOFU_STATS_SHORT <long_string>

91
g10/tofu.c
View File

@ -1872,14 +1872,13 @@ time_ago_str (long long int t)
} }
/* Write TOFU_STATS status line. */ /* If FP is NULL, write TOFU_STATS status line. If FP is not NULL
* write a "tfs" record to that stream. */
static void static void
write_stats_status (long messages, enum tofu_policy policy, write_stats_status (estream_t fp, long messages, enum tofu_policy policy,
long first_seen_ago, long most_recent_seen_ago) unsigned long first_seen,
unsigned long most_recent_seen)
{ {
char numbuf1[35];
char numbuf2[35];
char numbuf3[35];
const char *validity; const char *validity;
if (messages < 1) if (messages < 1)
@ -1891,19 +1890,33 @@ write_stats_status (long messages, enum tofu_policy policy,
else else
validity = "4"; /* Key with a lot of history. */ validity = "4"; /* Key with a lot of history. */
snprintf (numbuf1, sizeof numbuf1, " %ld", messages); if (fp)
*numbuf2 = *numbuf3 = 0;
if (first_seen_ago >= 0 && most_recent_seen_ago >= 0)
{ {
snprintf (numbuf2, sizeof numbuf2, " %ld", first_seen_ago); es_fprintf (fp, "tfs:1:%s:%ld:0:%s:%lu:%lu:\n",
snprintf (numbuf3, sizeof numbuf3, " %ld", most_recent_seen_ago); validity, messages,
tofu_policy_str (policy),
first_seen, most_recent_seen);
} }
else
{
char numbuf1[35];
char numbuf2[35];
char numbuf3[35];
write_status_strings (STATUS_TOFU_STATS, snprintf (numbuf1, sizeof numbuf1, " %ld", messages);
validity, numbuf1, " 0", *numbuf2 = *numbuf3 = 0;
" ", tofu_policy_str (policy), if (first_seen && most_recent_seen)
numbuf2, numbuf3, {
NULL); snprintf (numbuf2, sizeof numbuf2, " %lu", first_seen);
snprintf (numbuf3, sizeof numbuf3, " %lu", most_recent_seen);
}
write_status_strings (STATUS_TOFU_STATS,
validity, numbuf1, " 0",
" ", tofu_policy_str (policy),
numbuf2, numbuf3,
NULL);
}
} }
static void static void
@ -1920,8 +1933,7 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint,
rc = gpgsql_exec_printf rc = gpgsql_exec_printf
(dbs->db, strings_collect_cb, &strlist, &err, (dbs->db, strings_collect_cb, &strlist, &err,
"select count (*), strftime('%%s','now') - min (signatures.time),\n" "select count (*), min (signatures.time), max (signatures.time)\n"
" strftime('%%s','now') - max (signatures.time)\n"
" from signatures\n" " from signatures\n"
" left join bindings on signatures.binding = bindings.oid\n" " left join bindings on signatures.binding = bindings.oid\n"
" where fingerprint = %Q and email = %Q and sig_digest %s%s%s;", " where fingerprint = %Q and email = %Q and sig_digest %s%s%s;",
@ -1939,6 +1951,7 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint,
goto out; goto out;
} }
write_status_text_and_buffer (STATUS_TOFU_USER, fingerprint, write_status_text_and_buffer (STATUS_TOFU_USER, fingerprint,
email, strlen (email), 0); email, strlen (email), 0);
@ -1946,13 +1959,14 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint,
{ {
log_info (_("Have never verified a message signed by key %s!\n"), log_info (_("Have never verified a message signed by key %s!\n"),
fingerprint_pp); fingerprint_pp);
write_stats_status (0, TOFU_POLICY_NONE, -1, -1); write_stats_status (NULL, 0, TOFU_POLICY_NONE, 0, 0);
} }
else else
{ {
unsigned long now = gnupg_get_time ();
signed long messages; signed long messages;
signed long first_seen_ago; unsigned long first_seen;
signed long most_recent_seen_ago; unsigned long most_recent_seen;
log_assert (strlist_length (strlist) == 3); log_assert (strlist_length (strlist) == 3);
@ -1960,19 +1974,32 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint,
if (messages == 0 && *strlist->next->d == '\0') if (messages == 0 && *strlist->next->d == '\0')
{ /* min(NULL) => NULL => "". */ { /* min(NULL) => NULL => "". */
first_seen_ago = -1; first_seen = 0;
most_recent_seen_ago = -1; most_recent_seen = 0;
} }
else else
{ {
string_to_long (&first_seen_ago, strlist->next->d, -1, __LINE__); string_to_ulong (&first_seen, strlist->next->d, -1, __LINE__);
string_to_long (&most_recent_seen_ago, strlist->next->next->d, -1, if (first_seen > now)
__LINE__); {
log_debug ("time-warp - tofu DB has a future value (%lu, %lu)\n",
first_seen, now);
first_seen = now;
}
string_to_ulong (&most_recent_seen, strlist->next->next->d, -1,
__LINE__);
if (most_recent_seen > now)
{
log_debug ("time-warp - tofu DB has a future value (%lu, %lu)\n",
most_recent_seen, now);
most_recent_seen = now;
}
} }
if (messages == -1 || first_seen_ago == -1) if (messages == -1 || !first_seen)
{ {
write_stats_status (0, TOFU_POLICY_NONE, -1, -1); write_stats_status (NULL, 0, TOFU_POLICY_NONE, 0, 0);
log_info (_("Failed to collect signature statistics for \"%s\"\n" log_info (_("Failed to collect signature statistics for \"%s\"\n"
"(key %s)\n"), "(key %s)\n"),
user_id, fingerprint_pp); user_id, fingerprint_pp);
@ -1983,8 +2010,8 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint,
estream_t fp; estream_t fp;
char *msg; char *msg;
write_stats_status (messages, policy, write_stats_status (NULL, messages, policy,
first_seen_ago, most_recent_seen_ago); first_seen, most_recent_seen);
fp = es_fopenmem (0, "rw,samethread"); fp = es_fopenmem (0, "rw,samethread");
if (! fp) if (! fp)
@ -1999,7 +2026,7 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint,
} }
else else
{ {
char *first_seen_ago_str = time_ago_str (first_seen_ago); char *first_seen_ago_str = time_ago_str (now - first_seen);
/* TRANSLATORS: The final %s is replaced by a string like /* TRANSLATORS: The final %s is replaced by a string like
"7 months, 1 day, 5 minutes, 0 seconds". */ "7 months, 1 day, 5 minutes, 0 seconds". */
@ -2013,7 +2040,7 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint,
if (messages > 1) if (messages > 1)
{ {
char *tmpstr = time_ago_str (most_recent_seen_ago); char *tmpstr = time_ago_str (now - most_recent_seen);
es_fputs (" ", fp); es_fputs (" ", fp);
es_fprintf (fp, _("The most recent message was" es_fprintf (fp, _("The most recent message was"
" verified %s ago."), tmpstr); " verified %s ago."), tmpstr);