socsvn commit: r238947 - in soc2012/gpf/pefs_kmod: sbin/pefs
sys/fs/pefs
gpf at FreeBSD.org
gpf at FreeBSD.org
Wed Jul 4 12:41:59 UTC 2012
Author: gpf
Date: Wed Jul 4 12:41:56 2012
New Revision: 238947
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=238947
Log:
- comments!
Modified:
soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c
soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c
soc2012/gpf/pefs_kmod/sys/fs/pefs/pefs_vfsops.c
Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c
==============================================================================
--- soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c Wed Jul 4 12:10:20 2012 (r238946)
+++ soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c Wed Jul 4 12:41:56 2012 (r238947)
@@ -79,18 +79,21 @@
RB_HEAD(hardlink_head, hardlink_counter);
RB_PROTOTYPE(hardlink_head, hardlink_counter, hardlink_entries, pefs_rb_cmp);
-#define PEFS_CFH_SIZE 16
-#define PEFS_FH_SIZE 16
+#define PEFS_CFH_SIZE 16 /* on disk size of .pefs.checksum's unique file header */
+#define PEFS_FH_SIZE 16 /* on disk size of a single file header (also a bucket in cuckoo hashing) */
+/* this struct is used to check if all hardlinks for a given inode are supplied by the user */
struct hardlink_counter {
- ino_t inode;
- uint32_t total_links;
- uint32_t links_found;
- struct hardlink_fh_head file_headers;
- RB_ENTRY(hardlink_counter) hardlink_entries;
+ ino_t inode; /* inode number for the file in question */
+ uint32_t total_links; /* total hardlinks of the file */
+ uint32_t links_found; /* how many links are found in user supplied list */
+ struct hardlink_fh_head file_headers; /* file headers of the links we have found */
+ RB_ENTRY(hardlink_counter) hardlink_entries; /* entry in hardlink RB tree */
};
/* XXXgpf: unions for on disk structs and move to a different header? */
+
+/* this is the unique file header of the .pefs.checksum file, found in the beginning of the file */
struct checksum_file_header {
uint8_t version;
uint8_t reserved;
@@ -109,8 +112,8 @@
struct file_header {
/* on disk information */
uint32_t nhashes; /* the number of hashes for the file */
- uint64_t file_id; /* id is MAC tweak from filename (first 64 bits) */
uint32_t offset_to_checksums; /* in file offset to start of checksums */
+ uint64_t file_id; /* id is MAC tweak from filename (first 64 bits) */
/* in memory information */
char path[MAXPATHLEN + 1]; /* fullpath for this file */
@@ -120,8 +123,8 @@
int fd, pfd; /* file descriptors for the file and its parent dir */
int found; /* mark that this entry was found during "verify" action */
struct checksum_head checksums; /* this file's checksums */
- TAILQ_ENTRY(file_header) file_header_entries;
- TAILQ_ENTRY(file_header) fh_hardlink_entries;
+ TAILQ_ENTRY(file_header) file_header_entries; /* entry in global file header tail */
+ TAILQ_ENTRY(file_header) fh_hardlink_entries; /* entry in hardlink counter */
};
struct bucket {
@@ -133,10 +136,10 @@
* with his own hash function: pefs_hash1() & pefs_hash2()
*/
struct cuckoo_hash_table {
- struct bucket *buckets1;
- struct bucket *buckets2;
+ struct bucket *buckets1; /* table1 */
+ struct bucket *buckets2; /* table2 */
uint32_t size; /* how many buckets in each table */
- uint32_t nelements;
+ uint32_t nelements; /* total number of elements <= size */
};
static int
@@ -637,6 +640,7 @@
size_t buf_len, enc_len;
if ((flags & PEFS_NOKEY) != 0 || (flags & PEFS_UNMOUNTED) != 0) {
+ /* in this case, we already have the encrypted filename */
enc = fhp->filename;
enc_len = strnlen(fhp->filename, sizeof(fhp->filename));
enc++;
@@ -826,6 +830,7 @@
return 0;
}
+/* open a file and perform various semantic checks on it */
static int
pefs_open_semantic_checks(struct file_header *fhp, struct statfs *fsp, struct hardlink_head *hlc_headp, int flags)
{
@@ -1644,12 +1649,12 @@
uint32_t i;
int error, cmp;
- dprintf(("comparing hashes for file with fid: %llu\t%llu\n", fhp->file_id, indexfhp->file_id));
+ dprintf(("comparing hashes for file with fid: %llu\n", fhp->file_id));
error = 0;
if (fhp->nhashes != indexfhp->nhashes) {
- pefs_warn("number of hashes differ between on disk file and stored values for file %s: %u vs %u",
- fhp->path, fhp->nhashes, indexfhp->nhashes);
+ pefs_warn("number of hashes differ between on disk file and %s values for file %s: %u vs %u",
+ PEFS_FILE_CHECKSUM, fhp->path, fhp->nhashes, indexfhp->nhashes);
error = PEFS_ERR_CHECKSUM;
}
@@ -1659,8 +1664,8 @@
while (csp1 != NULL && csp2 != NULL) {
cmp = memcmp(csp1->hash, csp2->hash, hash_len);
if (cmp != 0) {
- pefs_warn("checksum no: %u differs between on disk file and stored values for file %s",
- i, fhp->path);
+ pefs_warn("checksum no: %u differs between on disk file and %s values for file %s",
+ i, PEFS_FILE_CHECKSUM, fhp->path);
error = PEFS_ERR_CHECKSUM;
}
csp1 = TAILQ_NEXT(csp1, checksum_entries);
@@ -1672,7 +1677,8 @@
}
/*
- * XXXgpf: [TODO] comments
+ * Traverse the entire filesystem and for every regular file or symbolic link, look it up in
+ * .pefs.checksum index and verify its checksums.
*/
static int
pefs_traverse_fs(struct cuckoo_hash_table *chtp, const EVP_MD *md, uint8_t hash_len, DIR *dirp,
@@ -1689,7 +1695,7 @@
while (dirp) {
sdp = readdir(dirp);
if (sdp != NULL) {
- /* XXXgpf: Need to pay special attention to these files */
+ /* XXXgpf: [TODO] Need to pay special attention to these files */
if (strcmp(sdp->d_name, "..") == 0 || strcmp(sdp->d_name, ".") == 0 ||
strcmp(sdp->d_name, ".pefs.db") == 0 || strcmp(sdp->d_name, ".pefs.conf") == 0 ||
strcmp(sdp->d_name, ".pefs.checksum") == 0)
@@ -1817,8 +1823,8 @@
fhp = chtp->buckets1[i].fhp;
if (fhp != NULL)
if (fhp->found != 1) {
- pefs_warn("file with file id %llu was not found in filesystem but exists in checksum file",
- fhp->file_id);
+ pefs_warn("file with file id %llu was not found in filesystem but exists in %s",
+ fhp->file_id, PEFS_FILE_CHECKSUM);
error = PEFS_ERR_NOENT;
}
}
@@ -1827,8 +1833,8 @@
fhp = chtp->buckets2[i].fhp;
if (fhp != NULL)
if (fhp->found != 1) {
- pefs_warn("file with file id %llu was not found in filesystem but exists in checksum file",
- fhp->file_id);
+ pefs_warn("file with file id %llu was not found in filesystem but exists in %s",
+ fhp->file_id, PEFS_FILE_CHECKSUM);
error = PEFS_ERR_NOENT;
}
}
@@ -1837,7 +1843,11 @@
}
/*
- * XXXgpf: [TODO] comments
+ * Verify the contents of a .pefs.checksum file.
+ * A) .pefs.checksum is read into memory.
+ * B) The entire filesystem is traversed in order to check each and every file.
+ * C) warning messages are produces for hardlinks and symbolic links.
+ * D) check that every file in .pefs.checksum was actually found in filesystem.
*/
int
pefs_verify_checksum(int fdin, char *fsroot, int flags)
Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c
==============================================================================
--- soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c Wed Jul 4 12:10:20 2012 (r238946)
+++ soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c Wed Jul 4 12:41:56 2012 (r238947)
@@ -1020,9 +1020,8 @@
* .pefs.checksum is created under $PWD. path should be a directory,
* outside of target pefs filesystem.
*
- * When $command is run, filesystem should be already mounted with
- * pefs.
- *
+ * When $command is run, filesystem must be mounted with pefs, and
+ * user must have supplied the key.
*/
static int
pefs_addchecksum(int argc, char *argv[])
@@ -1104,10 +1103,25 @@
*
* pefs verify [-u/-n] checksumpath filesystem
*
- * $command ...
+ * $command verifies the contents of a .pefs.checksum file. It scans the
+ * entire filesystem and checks that every entry in .pefs.checksum is
+ * found in the filesystem with the same checksums.
+ *
+ * $command will try to produce the same warning messages as addchecksum
+ * concerning hardlinks and symbolic links.
+ *
+ * -n flag should be used if filesystem is mounted but key has not
+ * been provided yet.
+ *
+ * -u flag should be used if filesystem is unmounted.
+ *
+ * flags -u and -n are mutually exclusive.
*
- * XXX [TODO] comments
+ * By default, pefs will assume that filesystem is mounted and user
+ * has provided key.
*
+ * Verifying the integrity of the checksum file itself via a signature
+ * remains a major TODO.
*/
static int
pefs_verify(int argc, char *argv[])
Modified: soc2012/gpf/pefs_kmod/sys/fs/pefs/pefs_vfsops.c
==============================================================================
--- soc2012/gpf/pefs_kmod/sys/fs/pefs/pefs_vfsops.c Wed Jul 4 12:10:20 2012 (r238946)
+++ soc2012/gpf/pefs_kmod/sys/fs/pefs/pefs_vfsops.c Wed Jul 4 12:41:56 2012 (r238947)
@@ -196,6 +196,7 @@
}
}
+/* XXXgpf: [TODO] move this to pefs_checksum.c */
static int
pefs_checksum_load(struct mount *mp)
{
More information about the svn-soc-all
mailing list