1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-08 12:44:23 +01:00

g10: Change TOFU code to respect --faked-system-time.

* g10/tofu.c (record_binding): New parameter now.  Update callers.
Don't use SQLite's strftime('%s','now') to get the current time, use
NOW.
(ask_about_binding): Likewise.
(get_trust): New parameter now.  Update callers.
(show_statistics): Likewise.
(tofu_register_signature): Don't use SQLite's strftime('%s','now') to
get the current time, use gnupg_get_time().
(tofu_register_encryption): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
This commit is contained in:
Neal H. Walfield 2016-09-07 10:28:39 +02:00
parent 56c18408d4
commit 7b3e8572e3

View File

@ -797,7 +797,8 @@ get_single_long_cb2 (void *cookie, int argc, char **argv, char **azColName,
If SHOW_OLD is set, the binding's old policy is displayed. */ If SHOW_OLD is set, the binding's old policy is displayed. */
static gpg_error_t static gpg_error_t
record_binding (tofu_dbs_t dbs, const char *fingerprint, const char *email, record_binding (tofu_dbs_t dbs, const char *fingerprint, const char *email,
const char *user_id, enum tofu_policy policy, int show_old) const char *user_id, enum tofu_policy policy, int show_old,
time_t now)
{ {
char *fingerprint_pp = format_hexfingerprint (fingerprint, NULL, 0); char *fingerprint_pp = format_hexfingerprint (fingerprint, NULL, 0);
gpg_error_t rc; gpg_error_t rc;
@ -873,10 +874,12 @@ record_binding (tofu_dbs_t dbs, const char *fingerprint, const char *email,
reallocate a new one. We just need to search for the OID reallocate a new one. We just need to search for the OID
based on the fingerprint and email since they are unique. */ based on the fingerprint and email since they are unique. */
" (select oid from bindings where fingerprint = ? and email = ?),\n" " (select oid from bindings where fingerprint = ? and email = ?),\n"
" ?, ?, ?, strftime('%s','now'), ?);", " ?, ?, ?, ?, ?);",
GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email, GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email,
GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email, GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email,
GPGSQL_ARG_STRING, user_id, GPGSQL_ARG_INT, (int) policy, GPGSQL_ARG_STRING, user_id,
GPGSQL_ARG_LONG_LONG, (long long) now,
GPGSQL_ARG_INT, (int) policy,
GPGSQL_ARG_END); GPGSQL_ARG_END);
if (rc) if (rc)
{ {
@ -1318,7 +1321,8 @@ ask_about_binding (ctrl_t ctrl,
strlist_t conflict_set, strlist_t conflict_set,
const char *fingerprint, const char *fingerprint,
const char *email, const char *email,
const char *user_id) const char *user_id,
time_t now)
{ {
tofu_dbs_t dbs; tofu_dbs_t dbs;
strlist_t iter; strlist_t iter;
@ -1423,7 +1427,7 @@ ask_about_binding (ctrl_t ctrl,
" from bindings\n" \ " from bindings\n" \
" left join\n" \ " left join\n" \
" (select *,\n" \ " (select *,\n" \
" cast(strftime('%s','now') - " time " as real) delta\n" \ " cast(? - " time " as real) delta\n" \
" from " table ") ss\n" \ " from " table ") ss\n" \
" on ss.binding = bindings.oid)\n" \ " on ss.binding = bindings.oid)\n" \
" where email = ? and fingerprint = ?\n" \ " where email = ? and fingerprint = ?\n" \
@ -1435,6 +1439,7 @@ ask_about_binding (ctrl_t ctrl,
(dbs->db, &dbs->s.get_trust_gather_signature_stats, (dbs->db, &dbs->s.get_trust_gather_signature_stats,
signature_stats_collect_cb, &stats, &sqerr, signature_stats_collect_cb, &stats, &sqerr,
STATS_SQL ("signatures", "sig_time", ""), STATS_SQL ("signatures", "sig_time", ""),
GPGSQL_ARG_LONG_LONG, (long long) now,
GPGSQL_ARG_STRING, email, GPGSQL_ARG_STRING, email,
GPGSQL_ARG_STRING, iter->d, GPGSQL_ARG_STRING, iter->d,
GPGSQL_ARG_END); GPGSQL_ARG_END);
@ -1449,6 +1454,7 @@ ask_about_binding (ctrl_t ctrl,
(dbs->db, &dbs->s.get_trust_gather_encryption_stats, (dbs->db, &dbs->s.get_trust_gather_encryption_stats,
signature_stats_collect_cb, &stats, &sqerr, signature_stats_collect_cb, &stats, &sqerr,
STATS_SQL ("encryptions", "time", "-"), STATS_SQL ("encryptions", "time", "-"),
GPGSQL_ARG_LONG_LONG, (long long) now,
GPGSQL_ARG_STRING, email, GPGSQL_ARG_STRING, email,
GPGSQL_ARG_STRING, iter->d, GPGSQL_ARG_STRING, iter->d,
GPGSQL_ARG_END); GPGSQL_ARG_END);
@ -1700,7 +1706,7 @@ ask_about_binding (ctrl_t ctrl,
} }
if (record_binding (dbs, fingerprint, email, user_id, if (record_binding (dbs, fingerprint, email, user_id,
*policy, 0)) *policy, 0, now))
{ {
/* If there's an error registering the /* If there's an error registering the
* binding, don't save the signature. */ * binding, don't save the signature. */
@ -1990,7 +1996,7 @@ build_conflict_set (tofu_dbs_t dbs, const char *fingerprint, const char *email)
static enum tofu_policy static enum tofu_policy
get_trust (ctrl_t ctrl, PKT_public_key *pk, get_trust (ctrl_t ctrl, PKT_public_key *pk,
const char *fingerprint, const char *email, const char *fingerprint, const char *email,
const char *user_id, int may_ask) const char *user_id, int may_ask, time_t now)
{ {
tofu_dbs_t dbs = ctrl->tofu.dbs; tofu_dbs_t dbs = ctrl->tofu.dbs;
int in_transaction = 0; int in_transaction = 0;
@ -2038,7 +2044,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
if (policy == TOFU_POLICY_NONE) if (policy == TOFU_POLICY_NONE)
{ {
if (record_binding (dbs, fingerprint, email, user_id, if (record_binding (dbs, fingerprint, email, user_id,
TOFU_POLICY_AUTO, 0) != 0) TOFU_POLICY_AUTO, 0, now) != 0)
{ {
log_error (_("error setting TOFU binding's trust level" log_error (_("error setting TOFU binding's trust level"
" to %s\n"), "auto"); " to %s\n"), "auto");
@ -2142,7 +2148,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
fingerprint, email); fingerprint, email);
if (record_binding (dbs, fingerprint, email, user_id, if (record_binding (dbs, fingerprint, email, user_id,
TOFU_POLICY_AUTO, 0) != 0) TOFU_POLICY_AUTO, 0, now) != 0)
{ {
log_error (_("error setting TOFU binding's trust level to %s\n"), log_error (_("error setting TOFU binding's trust level to %s\n"),
"auto"); "auto");
@ -2171,7 +2177,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
fingerprint, email); fingerprint, email);
if (record_binding (dbs, fingerprint, email, user_id, if (record_binding (dbs, fingerprint, email, user_id,
TOFU_POLICY_AUTO, 0) != 0) TOFU_POLICY_AUTO, 0, now) != 0)
log_error (_("error setting TOFU binding's trust level to %s\n"), log_error (_("error setting TOFU binding's trust level to %s\n"),
"auto"); "auto");
@ -2193,7 +2199,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
log_assert (policy == TOFU_POLICY_NONE); log_assert (policy == TOFU_POLICY_NONE);
if (record_binding (dbs, fingerprint, email, user_id, if (record_binding (dbs, fingerprint, email, user_id,
TOFU_POLICY_ASK, 0) != 0) TOFU_POLICY_ASK, 0, now) != 0)
log_error (_("error setting TOFU binding's trust level to %s\n"), log_error (_("error setting TOFU binding's trust level to %s\n"),
"ask"); "ask");
@ -2212,7 +2218,8 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
conflict_set, conflict_set,
fingerprint, fingerprint,
email, email,
user_id); user_id,
now);
out: out:
@ -2457,9 +2464,8 @@ write_stats_status (estream_t fp,
static int static int
show_statistics (tofu_dbs_t dbs, const char *fingerprint, show_statistics (tofu_dbs_t dbs, const char *fingerprint,
const char *email, const char *user_id, const char *email, const char *user_id,
estream_t outfp) estream_t outfp, time_t now)
{ {
unsigned long now = gnupg_get_time ();
enum tofu_policy policy = get_policy (dbs, fingerprint, email, NULL); enum tofu_policy policy = get_policy (dbs, fingerprint, email, NULL);
char *fingerprint_pp; char *fingerprint_pp;
@ -2748,6 +2754,7 @@ tofu_register_signature (ctrl_t ctrl,
const byte *sig_digest_bin, int sig_digest_bin_len, const byte *sig_digest_bin, int sig_digest_bin_len,
time_t sig_time, const char *origin) time_t sig_time, const char *origin)
{ {
time_t now = gnupg_get_time ();
gpg_error_t rc; gpg_error_t rc;
tofu_dbs_t dbs; tofu_dbs_t dbs;
char *fingerprint = NULL; char *fingerprint = NULL;
@ -2792,7 +2799,7 @@ tofu_register_signature (ctrl_t ctrl,
/* Make sure the binding exists and record any TOFU /* Make sure the binding exists and record any TOFU
conflicts. */ conflicts. */
if (get_trust (ctrl, pk, fingerprint, email, user_id->d, 0) if (get_trust (ctrl, pk, fingerprint, email, user_id->d, 0, now)
== _tofu_GET_TRUST_ERROR) == _tofu_GET_TRUST_ERROR)
{ {
rc = gpg_error (GPG_ERR_GENERAL); rc = gpg_error (GPG_ERR_GENERAL);
@ -2861,10 +2868,11 @@ tofu_register_signature (ctrl_t ctrl,
" values\n" " values\n"
" ((select oid from bindings\n" " ((select oid from bindings\n"
" where fingerprint = ? and email = ?),\n" " where fingerprint = ? and email = ?),\n"
" ?, ?, ?, strftime('%s', 'now'));", " ?, ?, ?, ?);",
GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email, GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email,
GPGSQL_ARG_STRING, sig_digest, GPGSQL_ARG_STRING, origin, GPGSQL_ARG_STRING, sig_digest, GPGSQL_ARG_STRING, origin,
GPGSQL_ARG_LONG_LONG, (long long) sig_time, GPGSQL_ARG_LONG_LONG, (long long) sig_time,
GPGSQL_ARG_LONG_LONG, (long long) now,
GPGSQL_ARG_END); GPGSQL_ARG_END);
if (rc) if (rc)
{ {
@ -2896,6 +2904,7 @@ tofu_register_encryption (ctrl_t ctrl,
PKT_public_key *pk, strlist_t user_id_list, PKT_public_key *pk, strlist_t user_id_list,
int may_ask) int may_ask)
{ {
time_t now = gnupg_get_time ();
gpg_error_t rc = 0; gpg_error_t rc = 0;
tofu_dbs_t dbs; tofu_dbs_t dbs;
kbnode_t kb = NULL; kbnode_t kb = NULL;
@ -2956,7 +2965,7 @@ tofu_register_encryption (ctrl_t ctrl,
/* Make sure the binding exists and that we recognize any /* Make sure the binding exists and that we recognize any
conflicts. */ conflicts. */
int tl = get_trust (ctrl, pk, fingerprint, email, user_id->d, int tl = get_trust (ctrl, pk, fingerprint, email, user_id->d,
may_ask); may_ask, now);
if (tl == _tofu_GET_TRUST_ERROR) if (tl == _tofu_GET_TRUST_ERROR)
{ {
/* An error. */ /* An error. */
@ -2971,8 +2980,9 @@ tofu_register_encryption (ctrl_t ctrl,
" values\n" " values\n"
" ((select oid from bindings\n" " ((select oid from bindings\n"
" where fingerprint = ? and email = ?),\n" " where fingerprint = ? and email = ?),\n"
" strftime('%s', 'now'));", " ?);",
GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email, GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email,
GPGSQL_ARG_LONG_LONG, (long long) now,
GPGSQL_ARG_END); GPGSQL_ARG_END);
if (rc) if (rc)
{ {
@ -3067,6 +3077,7 @@ gpg_error_t
tofu_write_tfs_record (ctrl_t ctrl, estream_t fp, tofu_write_tfs_record (ctrl_t ctrl, estream_t fp,
PKT_public_key *pk, const char *user_id) PKT_public_key *pk, const char *user_id)
{ {
time_t now = gnupg_get_time ();
gpg_error_t err; gpg_error_t err;
tofu_dbs_t dbs; tofu_dbs_t dbs;
char *fingerprint; char *fingerprint;
@ -3086,7 +3097,7 @@ tofu_write_tfs_record (ctrl_t ctrl, estream_t fp,
fingerprint = hexfingerprint (pk, NULL, 0); fingerprint = hexfingerprint (pk, NULL, 0);
email = email_from_user_id (user_id); email = email_from_user_id (user_id);
show_statistics (dbs, fingerprint, email, user_id, fp); show_statistics (dbs, fingerprint, email, user_id, fp, now);
xfree (email); xfree (email);
xfree (fingerprint); xfree (fingerprint);
@ -3109,6 +3120,7 @@ int
tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list, tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
int may_ask) int may_ask)
{ {
time_t now = gnupg_get_time ();
tofu_dbs_t dbs; tofu_dbs_t dbs;
char *fingerprint = NULL; char *fingerprint = NULL;
strlist_t user_id; strlist_t user_id;
@ -3136,7 +3148,8 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
/* Always call get_trust to make sure the binding is /* Always call get_trust to make sure the binding is
registered. */ registered. */
int tl = get_trust (ctrl, pk, fingerprint, email, user_id->d, may_ask); int tl = get_trust (ctrl, pk, fingerprint, email, user_id->d,
may_ask, now);
if (tl == _tofu_GET_TRUST_ERROR) if (tl == _tofu_GET_TRUST_ERROR)
{ {
/* An error. */ /* An error. */
@ -3159,7 +3172,7 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
if (may_ask && tl != TRUST_ULTIMATE && tl != TRUST_EXPIRED) if (may_ask && tl != TRUST_ULTIMATE && tl != TRUST_EXPIRED)
need_warning |= need_warning |=
show_statistics (dbs, fingerprint, email, user_id->d, NULL); show_statistics (dbs, fingerprint, email, user_id->d, NULL, now);
if (tl == TRUST_NEVER) if (tl == TRUST_NEVER)
trust_level = TRUST_NEVER; trust_level = TRUST_NEVER;
@ -3215,6 +3228,7 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
gpg_error_t gpg_error_t
tofu_set_policy (ctrl_t ctrl, kbnode_t kb, enum tofu_policy policy) tofu_set_policy (ctrl_t ctrl, kbnode_t kb, enum tofu_policy policy)
{ {
time_t now = gnupg_get_time ();
tofu_dbs_t dbs; tofu_dbs_t dbs;
PKT_public_key *pk; PKT_public_key *pk;
char *fingerprint = NULL; char *fingerprint = NULL;
@ -3257,7 +3271,7 @@ tofu_set_policy (ctrl_t ctrl, kbnode_t kb, enum tofu_policy policy)
email = email_from_user_id (user_id->name); email = email_from_user_id (user_id->name);
record_binding (dbs, fingerprint, email, user_id->name, policy, 1); record_binding (dbs, fingerprint, email, user_id->name, policy, 1, now);
xfree (email); xfree (email);
} }