mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-08 12:44:23 +01:00
g10: Change TOFU code to respect --faked-system-time.
* g10/tofu.c (record_binding): New parameter now. Update callers. Don't use SQLite's strftime('%s','now') to get the current time, use NOW. (ask_about_binding): Likewise. (get_trust): New parameter now. Update callers. (show_statistics): Likewise. (tofu_register_signature): Don't use SQLite's strftime('%s','now') to get the current time, use gnupg_get_time(). (tofu_register_encryption): Likewise. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>
This commit is contained in:
parent
56c18408d4
commit
7b3e8572e3
58
g10/tofu.c
58
g10/tofu.c
@ -797,7 +797,8 @@ get_single_long_cb2 (void *cookie, int argc, char **argv, char **azColName,
|
|||||||
If SHOW_OLD is set, the binding's old policy is displayed. */
|
If SHOW_OLD is set, the binding's old policy is displayed. */
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
record_binding (tofu_dbs_t dbs, const char *fingerprint, const char *email,
|
record_binding (tofu_dbs_t dbs, const char *fingerprint, const char *email,
|
||||||
const char *user_id, enum tofu_policy policy, int show_old)
|
const char *user_id, enum tofu_policy policy, int show_old,
|
||||||
|
time_t now)
|
||||||
{
|
{
|
||||||
char *fingerprint_pp = format_hexfingerprint (fingerprint, NULL, 0);
|
char *fingerprint_pp = format_hexfingerprint (fingerprint, NULL, 0);
|
||||||
gpg_error_t rc;
|
gpg_error_t rc;
|
||||||
@ -873,10 +874,12 @@ record_binding (tofu_dbs_t dbs, const char *fingerprint, const char *email,
|
|||||||
reallocate a new one. We just need to search for the OID
|
reallocate a new one. We just need to search for the OID
|
||||||
based on the fingerprint and email since they are unique. */
|
based on the fingerprint and email since they are unique. */
|
||||||
" (select oid from bindings where fingerprint = ? and email = ?),\n"
|
" (select oid from bindings where fingerprint = ? and email = ?),\n"
|
||||||
" ?, ?, ?, strftime('%s','now'), ?);",
|
" ?, ?, ?, ?, ?);",
|
||||||
GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email,
|
GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email,
|
||||||
GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email,
|
GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email,
|
||||||
GPGSQL_ARG_STRING, user_id, GPGSQL_ARG_INT, (int) policy,
|
GPGSQL_ARG_STRING, user_id,
|
||||||
|
GPGSQL_ARG_LONG_LONG, (long long) now,
|
||||||
|
GPGSQL_ARG_INT, (int) policy,
|
||||||
GPGSQL_ARG_END);
|
GPGSQL_ARG_END);
|
||||||
if (rc)
|
if (rc)
|
||||||
{
|
{
|
||||||
@ -1318,7 +1321,8 @@ ask_about_binding (ctrl_t ctrl,
|
|||||||
strlist_t conflict_set,
|
strlist_t conflict_set,
|
||||||
const char *fingerprint,
|
const char *fingerprint,
|
||||||
const char *email,
|
const char *email,
|
||||||
const char *user_id)
|
const char *user_id,
|
||||||
|
time_t now)
|
||||||
{
|
{
|
||||||
tofu_dbs_t dbs;
|
tofu_dbs_t dbs;
|
||||||
strlist_t iter;
|
strlist_t iter;
|
||||||
@ -1423,7 +1427,7 @@ ask_about_binding (ctrl_t ctrl,
|
|||||||
" from bindings\n" \
|
" from bindings\n" \
|
||||||
" left join\n" \
|
" left join\n" \
|
||||||
" (select *,\n" \
|
" (select *,\n" \
|
||||||
" cast(strftime('%s','now') - " time " as real) delta\n" \
|
" cast(? - " time " as real) delta\n" \
|
||||||
" from " table ") ss\n" \
|
" from " table ") ss\n" \
|
||||||
" on ss.binding = bindings.oid)\n" \
|
" on ss.binding = bindings.oid)\n" \
|
||||||
" where email = ? and fingerprint = ?\n" \
|
" where email = ? and fingerprint = ?\n" \
|
||||||
@ -1435,6 +1439,7 @@ ask_about_binding (ctrl_t ctrl,
|
|||||||
(dbs->db, &dbs->s.get_trust_gather_signature_stats,
|
(dbs->db, &dbs->s.get_trust_gather_signature_stats,
|
||||||
signature_stats_collect_cb, &stats, &sqerr,
|
signature_stats_collect_cb, &stats, &sqerr,
|
||||||
STATS_SQL ("signatures", "sig_time", ""),
|
STATS_SQL ("signatures", "sig_time", ""),
|
||||||
|
GPGSQL_ARG_LONG_LONG, (long long) now,
|
||||||
GPGSQL_ARG_STRING, email,
|
GPGSQL_ARG_STRING, email,
|
||||||
GPGSQL_ARG_STRING, iter->d,
|
GPGSQL_ARG_STRING, iter->d,
|
||||||
GPGSQL_ARG_END);
|
GPGSQL_ARG_END);
|
||||||
@ -1449,6 +1454,7 @@ ask_about_binding (ctrl_t ctrl,
|
|||||||
(dbs->db, &dbs->s.get_trust_gather_encryption_stats,
|
(dbs->db, &dbs->s.get_trust_gather_encryption_stats,
|
||||||
signature_stats_collect_cb, &stats, &sqerr,
|
signature_stats_collect_cb, &stats, &sqerr,
|
||||||
STATS_SQL ("encryptions", "time", "-"),
|
STATS_SQL ("encryptions", "time", "-"),
|
||||||
|
GPGSQL_ARG_LONG_LONG, (long long) now,
|
||||||
GPGSQL_ARG_STRING, email,
|
GPGSQL_ARG_STRING, email,
|
||||||
GPGSQL_ARG_STRING, iter->d,
|
GPGSQL_ARG_STRING, iter->d,
|
||||||
GPGSQL_ARG_END);
|
GPGSQL_ARG_END);
|
||||||
@ -1700,7 +1706,7 @@ ask_about_binding (ctrl_t ctrl,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (record_binding (dbs, fingerprint, email, user_id,
|
if (record_binding (dbs, fingerprint, email, user_id,
|
||||||
*policy, 0))
|
*policy, 0, now))
|
||||||
{
|
{
|
||||||
/* If there's an error registering the
|
/* If there's an error registering the
|
||||||
* binding, don't save the signature. */
|
* binding, don't save the signature. */
|
||||||
@ -1990,7 +1996,7 @@ build_conflict_set (tofu_dbs_t dbs, const char *fingerprint, const char *email)
|
|||||||
static enum tofu_policy
|
static enum tofu_policy
|
||||||
get_trust (ctrl_t ctrl, PKT_public_key *pk,
|
get_trust (ctrl_t ctrl, PKT_public_key *pk,
|
||||||
const char *fingerprint, const char *email,
|
const char *fingerprint, const char *email,
|
||||||
const char *user_id, int may_ask)
|
const char *user_id, int may_ask, time_t now)
|
||||||
{
|
{
|
||||||
tofu_dbs_t dbs = ctrl->tofu.dbs;
|
tofu_dbs_t dbs = ctrl->tofu.dbs;
|
||||||
int in_transaction = 0;
|
int in_transaction = 0;
|
||||||
@ -2038,7 +2044,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
|
|||||||
if (policy == TOFU_POLICY_NONE)
|
if (policy == TOFU_POLICY_NONE)
|
||||||
{
|
{
|
||||||
if (record_binding (dbs, fingerprint, email, user_id,
|
if (record_binding (dbs, fingerprint, email, user_id,
|
||||||
TOFU_POLICY_AUTO, 0) != 0)
|
TOFU_POLICY_AUTO, 0, now) != 0)
|
||||||
{
|
{
|
||||||
log_error (_("error setting TOFU binding's trust level"
|
log_error (_("error setting TOFU binding's trust level"
|
||||||
" to %s\n"), "auto");
|
" to %s\n"), "auto");
|
||||||
@ -2142,7 +2148,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
|
|||||||
fingerprint, email);
|
fingerprint, email);
|
||||||
|
|
||||||
if (record_binding (dbs, fingerprint, email, user_id,
|
if (record_binding (dbs, fingerprint, email, user_id,
|
||||||
TOFU_POLICY_AUTO, 0) != 0)
|
TOFU_POLICY_AUTO, 0, now) != 0)
|
||||||
{
|
{
|
||||||
log_error (_("error setting TOFU binding's trust level to %s\n"),
|
log_error (_("error setting TOFU binding's trust level to %s\n"),
|
||||||
"auto");
|
"auto");
|
||||||
@ -2171,7 +2177,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
|
|||||||
fingerprint, email);
|
fingerprint, email);
|
||||||
|
|
||||||
if (record_binding (dbs, fingerprint, email, user_id,
|
if (record_binding (dbs, fingerprint, email, user_id,
|
||||||
TOFU_POLICY_AUTO, 0) != 0)
|
TOFU_POLICY_AUTO, 0, now) != 0)
|
||||||
log_error (_("error setting TOFU binding's trust level to %s\n"),
|
log_error (_("error setting TOFU binding's trust level to %s\n"),
|
||||||
"auto");
|
"auto");
|
||||||
|
|
||||||
@ -2193,7 +2199,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
|
|||||||
log_assert (policy == TOFU_POLICY_NONE);
|
log_assert (policy == TOFU_POLICY_NONE);
|
||||||
|
|
||||||
if (record_binding (dbs, fingerprint, email, user_id,
|
if (record_binding (dbs, fingerprint, email, user_id,
|
||||||
TOFU_POLICY_ASK, 0) != 0)
|
TOFU_POLICY_ASK, 0, now) != 0)
|
||||||
log_error (_("error setting TOFU binding's trust level to %s\n"),
|
log_error (_("error setting TOFU binding's trust level to %s\n"),
|
||||||
"ask");
|
"ask");
|
||||||
|
|
||||||
@ -2212,7 +2218,8 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
|
|||||||
conflict_set,
|
conflict_set,
|
||||||
fingerprint,
|
fingerprint,
|
||||||
email,
|
email,
|
||||||
user_id);
|
user_id,
|
||||||
|
now);
|
||||||
|
|
||||||
out:
|
out:
|
||||||
|
|
||||||
@ -2457,9 +2464,8 @@ write_stats_status (estream_t fp,
|
|||||||
static int
|
static int
|
||||||
show_statistics (tofu_dbs_t dbs, const char *fingerprint,
|
show_statistics (tofu_dbs_t dbs, const char *fingerprint,
|
||||||
const char *email, const char *user_id,
|
const char *email, const char *user_id,
|
||||||
estream_t outfp)
|
estream_t outfp, time_t now)
|
||||||
{
|
{
|
||||||
unsigned long now = gnupg_get_time ();
|
|
||||||
enum tofu_policy policy = get_policy (dbs, fingerprint, email, NULL);
|
enum tofu_policy policy = get_policy (dbs, fingerprint, email, NULL);
|
||||||
|
|
||||||
char *fingerprint_pp;
|
char *fingerprint_pp;
|
||||||
@ -2748,6 +2754,7 @@ tofu_register_signature (ctrl_t ctrl,
|
|||||||
const byte *sig_digest_bin, int sig_digest_bin_len,
|
const byte *sig_digest_bin, int sig_digest_bin_len,
|
||||||
time_t sig_time, const char *origin)
|
time_t sig_time, const char *origin)
|
||||||
{
|
{
|
||||||
|
time_t now = gnupg_get_time ();
|
||||||
gpg_error_t rc;
|
gpg_error_t rc;
|
||||||
tofu_dbs_t dbs;
|
tofu_dbs_t dbs;
|
||||||
char *fingerprint = NULL;
|
char *fingerprint = NULL;
|
||||||
@ -2792,7 +2799,7 @@ tofu_register_signature (ctrl_t ctrl,
|
|||||||
|
|
||||||
/* Make sure the binding exists and record any TOFU
|
/* Make sure the binding exists and record any TOFU
|
||||||
conflicts. */
|
conflicts. */
|
||||||
if (get_trust (ctrl, pk, fingerprint, email, user_id->d, 0)
|
if (get_trust (ctrl, pk, fingerprint, email, user_id->d, 0, now)
|
||||||
== _tofu_GET_TRUST_ERROR)
|
== _tofu_GET_TRUST_ERROR)
|
||||||
{
|
{
|
||||||
rc = gpg_error (GPG_ERR_GENERAL);
|
rc = gpg_error (GPG_ERR_GENERAL);
|
||||||
@ -2861,10 +2868,11 @@ tofu_register_signature (ctrl_t ctrl,
|
|||||||
" values\n"
|
" values\n"
|
||||||
" ((select oid from bindings\n"
|
" ((select oid from bindings\n"
|
||||||
" where fingerprint = ? and email = ?),\n"
|
" where fingerprint = ? and email = ?),\n"
|
||||||
" ?, ?, ?, strftime('%s', 'now'));",
|
" ?, ?, ?, ?);",
|
||||||
GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email,
|
GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email,
|
||||||
GPGSQL_ARG_STRING, sig_digest, GPGSQL_ARG_STRING, origin,
|
GPGSQL_ARG_STRING, sig_digest, GPGSQL_ARG_STRING, origin,
|
||||||
GPGSQL_ARG_LONG_LONG, (long long) sig_time,
|
GPGSQL_ARG_LONG_LONG, (long long) sig_time,
|
||||||
|
GPGSQL_ARG_LONG_LONG, (long long) now,
|
||||||
GPGSQL_ARG_END);
|
GPGSQL_ARG_END);
|
||||||
if (rc)
|
if (rc)
|
||||||
{
|
{
|
||||||
@ -2896,6 +2904,7 @@ tofu_register_encryption (ctrl_t ctrl,
|
|||||||
PKT_public_key *pk, strlist_t user_id_list,
|
PKT_public_key *pk, strlist_t user_id_list,
|
||||||
int may_ask)
|
int may_ask)
|
||||||
{
|
{
|
||||||
|
time_t now = gnupg_get_time ();
|
||||||
gpg_error_t rc = 0;
|
gpg_error_t rc = 0;
|
||||||
tofu_dbs_t dbs;
|
tofu_dbs_t dbs;
|
||||||
kbnode_t kb = NULL;
|
kbnode_t kb = NULL;
|
||||||
@ -2956,7 +2965,7 @@ tofu_register_encryption (ctrl_t ctrl,
|
|||||||
/* Make sure the binding exists and that we recognize any
|
/* Make sure the binding exists and that we recognize any
|
||||||
conflicts. */
|
conflicts. */
|
||||||
int tl = get_trust (ctrl, pk, fingerprint, email, user_id->d,
|
int tl = get_trust (ctrl, pk, fingerprint, email, user_id->d,
|
||||||
may_ask);
|
may_ask, now);
|
||||||
if (tl == _tofu_GET_TRUST_ERROR)
|
if (tl == _tofu_GET_TRUST_ERROR)
|
||||||
{
|
{
|
||||||
/* An error. */
|
/* An error. */
|
||||||
@ -2971,8 +2980,9 @@ tofu_register_encryption (ctrl_t ctrl,
|
|||||||
" values\n"
|
" values\n"
|
||||||
" ((select oid from bindings\n"
|
" ((select oid from bindings\n"
|
||||||
" where fingerprint = ? and email = ?),\n"
|
" where fingerprint = ? and email = ?),\n"
|
||||||
" strftime('%s', 'now'));",
|
" ?);",
|
||||||
GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email,
|
GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email,
|
||||||
|
GPGSQL_ARG_LONG_LONG, (long long) now,
|
||||||
GPGSQL_ARG_END);
|
GPGSQL_ARG_END);
|
||||||
if (rc)
|
if (rc)
|
||||||
{
|
{
|
||||||
@ -3067,6 +3077,7 @@ gpg_error_t
|
|||||||
tofu_write_tfs_record (ctrl_t ctrl, estream_t fp,
|
tofu_write_tfs_record (ctrl_t ctrl, estream_t fp,
|
||||||
PKT_public_key *pk, const char *user_id)
|
PKT_public_key *pk, const char *user_id)
|
||||||
{
|
{
|
||||||
|
time_t now = gnupg_get_time ();
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
tofu_dbs_t dbs;
|
tofu_dbs_t dbs;
|
||||||
char *fingerprint;
|
char *fingerprint;
|
||||||
@ -3086,7 +3097,7 @@ tofu_write_tfs_record (ctrl_t ctrl, estream_t fp,
|
|||||||
fingerprint = hexfingerprint (pk, NULL, 0);
|
fingerprint = hexfingerprint (pk, NULL, 0);
|
||||||
email = email_from_user_id (user_id);
|
email = email_from_user_id (user_id);
|
||||||
|
|
||||||
show_statistics (dbs, fingerprint, email, user_id, fp);
|
show_statistics (dbs, fingerprint, email, user_id, fp, now);
|
||||||
|
|
||||||
xfree (email);
|
xfree (email);
|
||||||
xfree (fingerprint);
|
xfree (fingerprint);
|
||||||
@ -3109,6 +3120,7 @@ int
|
|||||||
tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
|
tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
|
||||||
int may_ask)
|
int may_ask)
|
||||||
{
|
{
|
||||||
|
time_t now = gnupg_get_time ();
|
||||||
tofu_dbs_t dbs;
|
tofu_dbs_t dbs;
|
||||||
char *fingerprint = NULL;
|
char *fingerprint = NULL;
|
||||||
strlist_t user_id;
|
strlist_t user_id;
|
||||||
@ -3136,7 +3148,8 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
|
|||||||
|
|
||||||
/* Always call get_trust to make sure the binding is
|
/* Always call get_trust to make sure the binding is
|
||||||
registered. */
|
registered. */
|
||||||
int tl = get_trust (ctrl, pk, fingerprint, email, user_id->d, may_ask);
|
int tl = get_trust (ctrl, pk, fingerprint, email, user_id->d,
|
||||||
|
may_ask, now);
|
||||||
if (tl == _tofu_GET_TRUST_ERROR)
|
if (tl == _tofu_GET_TRUST_ERROR)
|
||||||
{
|
{
|
||||||
/* An error. */
|
/* An error. */
|
||||||
@ -3159,7 +3172,7 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
|
|||||||
|
|
||||||
if (may_ask && tl != TRUST_ULTIMATE && tl != TRUST_EXPIRED)
|
if (may_ask && tl != TRUST_ULTIMATE && tl != TRUST_EXPIRED)
|
||||||
need_warning |=
|
need_warning |=
|
||||||
show_statistics (dbs, fingerprint, email, user_id->d, NULL);
|
show_statistics (dbs, fingerprint, email, user_id->d, NULL, now);
|
||||||
|
|
||||||
if (tl == TRUST_NEVER)
|
if (tl == TRUST_NEVER)
|
||||||
trust_level = TRUST_NEVER;
|
trust_level = TRUST_NEVER;
|
||||||
@ -3215,6 +3228,7 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
|
|||||||
gpg_error_t
|
gpg_error_t
|
||||||
tofu_set_policy (ctrl_t ctrl, kbnode_t kb, enum tofu_policy policy)
|
tofu_set_policy (ctrl_t ctrl, kbnode_t kb, enum tofu_policy policy)
|
||||||
{
|
{
|
||||||
|
time_t now = gnupg_get_time ();
|
||||||
tofu_dbs_t dbs;
|
tofu_dbs_t dbs;
|
||||||
PKT_public_key *pk;
|
PKT_public_key *pk;
|
||||||
char *fingerprint = NULL;
|
char *fingerprint = NULL;
|
||||||
@ -3257,7 +3271,7 @@ tofu_set_policy (ctrl_t ctrl, kbnode_t kb, enum tofu_policy policy)
|
|||||||
|
|
||||||
email = email_from_user_id (user_id->name);
|
email = email_from_user_id (user_id->name);
|
||||||
|
|
||||||
record_binding (dbs, fingerprint, email, user_id->name, policy, 1);
|
record_binding (dbs, fingerprint, email, user_id->name, policy, 1, now);
|
||||||
|
|
||||||
xfree (email);
|
xfree (email);
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user