socsvn commit: r239701 - soc2012/gpf/pefs_kmod/sbin/pefs
gpf at FreeBSD.org
gpf at FreeBSD.org
Mon Jul 23 17:47:07 UTC 2012
Author: gpf
Date: Mon Jul 23 17:47:04 2012
New Revision: 239701
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=239701
Log:
/sbin/pefs 'nameid' that retrieves the name checksum that is used as a
unique file identifier by pefs integrity checking code.
Modified:
soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c
soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c
soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.h
Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c
==============================================================================
--- soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c Mon Jul 23 16:36:13 2012 (r239700)
+++ soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c Mon Jul 23 17:47:04 2012 (r239701)
@@ -925,7 +925,6 @@
}
strlcpy(fhp->dirpath, dirnamep, sizeof(fhp->dirpath));
-
namep = basename(namebuf);
if (namep == NULL) {
pefs_warn("failed to extract filename of %s", fhp->path);
@@ -943,7 +942,8 @@
if ((sb.st_flags & SF_IMMUTABLE) == 0 &&
(flags & PEFS_SETIMMUTABLE) == 0 &&
- (flags & PEFS_VERIFY) == 0) {
+ (flags & PEFS_VERIFY) == 0 &&
+ (flags & PEFS_GETID) == 0) {
pefs_warn("file %s does not have schg flag", fhp->path);
return (PEFS_ERR_SYS);
}
@@ -1035,7 +1035,7 @@
return (PEFS_ERR_SYS);
}
- if (S_ISREG(sb.st_mode) == 0) {
+ if (S_ISREG(sb.st_mode) == 0 && (flags & PEFS_GETID) == 0) {
pefs_warn("filename: %s is not a regular file", fhp->path);
return (PEFS_ERR_INVALID);
}
@@ -1050,7 +1050,7 @@
}
}
- if ((flags & PEFS_UNMOUNTED) == 0) {
+ if ((flags & PEFS_UNMOUNTED) == 0 && (fsp != NULL)) {
if (fstatfs(fhp->fd, &this_fs) == -1) {
pefs_warn("statfs failed: %s: %s", fhp->path, strerror(errno));
return (PEFS_ERR_SYS);
@@ -2177,6 +2177,11 @@
return (PEFS_ERR_SYS);
}
+ /*
+ * XXXgpf: probably print warning and move on to the next file
+ * instead of returning so as to print as many warnings
+ * as possible.
+ */
if ((sb.st_flags & SF_IMMUTABLE) == 0) {
pefs_warn("file %s does not have schg flag", fhp->path);
closedir(dirp);
@@ -2335,4 +2340,35 @@
return (error);
}
+
+/* retrieve and then print the name checksum ID for a given filename */
+int
+pefs_filename_to_id(char *file_path, int flags)
+{
+ struct file_header *fhp;
+ int error;
+
+ fhp = pefs_allocate_file_header();
+ if (fhp == NULL) {
+ error = PEFS_ERR_SYS;
+ goto out;
+ }
+
+ strlcpy(fhp->path, file_path, sizeof(fhp->path));
+
+ error = pefs_open_semantic_checks(fhp, NULL, NULL, flags);
+ if (error != 0)
+ goto out;
+
+ error = pefs_get_file_id(fhp, flags);
+ if (error != 0)
+ goto out;
+
+ printf("id: %llu\n", fhp->file_id);
+
+out:
+ pefs_free_file_header(fhp);
+ return (error);
+}
+
RB_GENERATE(hardlink_head, hardlink_counter, hardlink_entries, pefs_rb_cmp);
Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c
==============================================================================
--- soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c Mon Jul 23 16:36:13 2012 (r239700)
+++ soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c Mon Jul 23 17:47:04 2012 (r239701)
@@ -78,6 +78,7 @@
static int pefs_showalgs(int argc, char *argv[]);
static int pefs_addchecksum(int argc, char *argv[]);
static int pefs_verify(int argc, char *argv[]);
+static int pefs_nameid(int argc, char *argv[]);
typedef int (*command_func_t)(int argc, char **argv);
typedef int (*keyop_func_t)(struct pefs_keychain_head *kch, int fd,
@@ -106,6 +107,7 @@
{ "showalgs", pefs_showalgs },
{ "addchecksum", pefs_addchecksum},
{ "verify", pefs_verify},
+ { "nameid", pefs_nameid},
{ NULL, NULL },
};
@@ -1277,7 +1279,76 @@
return (error);
}
-/* XXXgpf: [TODO] a command that returns the file id of a file (name MAC) */
+/*
+ * XXXgpf: Instead of a man page entry:
+ *
+ * pefs nameid [-u/-n] filepath
+ *
+ * $command prints out the identifier for an encrypted pefs filename where
+ * pefs encrypted filename = XBase64(checksum || E(tweak || filename)).
+ *
+ * The id is the name checksum, meaning VMAC(E(tweak || filename)).
+ *
+ * This identifier is used as a primary key when a specific filename is handled
+ * by pefs for integrity checking purposes.
+ *
+ * Some warning messages produced by /sbin/pefs refer to files by their internal
+ * ID and not their unencrypted fullpath; e.g. when verifying an unmounted pefs
+ * filesystem. Therefore this command can be used to map fullpaths to internal
+ * IDs.
+ *
+ * -n flag should be used if filesystem is mounted but key has not been
+ * provided yet.
+ *
+ * -u flag should be used if filesystem is unmounted.
+ *
+ * In both of these scenarios the "filepath" that is provided by the user should
+ * be the encrypted filepath.
+ *
+ * flags -u and -n are mutually exclusive.
+ */
+static int
+pefs_nameid(int argc, char *argv[])
+{
+ char file_path[MAXPATHLEN + 1];
+ int error, flags, i;
+
+ flags = PEFS_GETID;
+ while ((i = getopt(argc, argv, "nu")) != -1)
+ switch(i) {
+ case 'n':
+ flags|= PEFS_NOKEY;
+ if ((flags & PEFS_UNMOUNTED) != 0) {
+ pefs_warn("flags -u and -n are mutually exclusive");
+ return (PEFS_ERR_INVALID);
+ }
+ break;
+ case 'u':
+ flags|= PEFS_UNMOUNTED;
+ if ((flags & PEFS_NOKEY) != 0) {
+ pefs_warn("flags -u and -n are mutually exclusive");
+ return (PEFS_ERR_INVALID);
+ }
+ break;
+ default:
+ pefs_usage();
+ }
+ argc -= optind;
+ argv += optind;
+
+ if (argc != 1) {
+ if (argc < 1)
+ warnx("too few arguments");
+ else
+ warnx("too many arguments");
+ pefs_usage();
+ }
+
+ strlcpy(file_path, argv[0], sizeof(file_path));
+ error = pefs_filename_to_id(file_path, flags);
+
+ return (error);
+}
static void
pefs_usage_alg(void)
@@ -1306,6 +1377,7 @@
" pefs showalgs\n"
" pefs addchecksum [-f] [-a algo] [-i inputfile] [-p checksumpath] filesystem\n"
" pefs verify [-n/u] [-k pkey_file] [-s sign_file] [checksumpath filesystem]\n"
+" pefs nameid [-u/-n] [filepath]"
);
exit(PEFS_ERR_USAGE);
}
Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.h
==============================================================================
--- soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.h Mon Jul 23 16:36:13 2012 (r239700)
+++ soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.h Mon Jul 23 17:47:04 2012 (r239701)
@@ -50,6 +50,7 @@
#define PEFS_UNMOUNTED 0x0002
#define PEFS_SETIMMUTABLE 0x0004
#define PEFS_VERIFY 0x0010
+#define PEFS_GETID 0x0020
#define PEFS_KEYCONF_ALG_IND 0
#define PEFS_KEYCONF_ITERATIONS_IND 1
@@ -106,6 +107,7 @@
char *pk_path, char *sign_path, const char *algo, int flags);
int pefs_verify_checksum(int fdin, FILE *pk_fp, FILE *sign_fp,
char *fsroot, int flags);
+int pefs_filename_to_id(char *file_path, int flags);
int pefs_name_pton(char const *src, size_t srclen, u_char *target,
size_t targsize);
More information about the svn-soc-all
mailing list