socsvn commit: r236273 - soc2012/gpf/pefs_kmod/sbin/pefs
gpf at FreeBSD.org
gpf at FreeBSD.org
Thu May 24 11:49:09 UTC 2012
Author: gpf
Date: Thu May 24 11:49:06 2012
New Revision: 236273
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=236273
Log:
Revert back to requiring a mounted pefs fs for pefs addchecksum. ioctl()s will
be used to retrieve filename MAC & ciphertext 4k blocks from kernel.
The only problem now is that .pefs.checksum is written into mounted fs,
therefore: a) encrypted filename for .pefs.checksum b) encrypted content.
A simple solution would be to create .pefs.checksum outside of fs and then
require user to copy the file by hand.
Modified:
soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c
soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c
Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c
==============================================================================
--- soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c Thu May 24 10:59:48 2012 (r236272)
+++ soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c Thu May 24 11:49:06 2012 (r236273)
@@ -235,7 +235,6 @@
}
bucketp->nelements++;
- /* XXXgpf: Turn them into void */
return (0);
}
@@ -368,18 +367,26 @@
* the checksum file.
* A) The total sum of entries is gathered so that a hash table is allocated.
* B) For each file entry:
- * B1) the file_id is retrieved.
- * B2) list of checksums is computed for the file's 4k blocks.
- * B3) file entry is added to hash table. (separate chaining is used)
+ * B1) semantic checks: file should reside in pefs filesystem &
+ * file should be regular file
+ * B2) the file_id is retrieved.
+ * B3) list of checksums is computed for the file's 4k blocks.
+ * B4) file entry is added to hash table. (separate chaining is used)
*/
static int
pefs_create_in_memory_db(FILE *fpin, const EVP_MD *md, uint8_t hash_len,
- struct hash_table *checksum_hash_tablep)
+ struct hash_table *checksum_hash_tablep, char *fsroot)
{
+ struct statfs fs;
struct file_header *fhp;
int error;
uint32_t nfiles;
+ if (statfs(fsroot, &fs) == -1) {
+ pefs_warn("statfs failed: %s: %s", fsroot, strerror(errno));
+ return (PEFS_ERR_SYS);
+ }
+
error = pefs_count_file_entries(fpin, &nfiles);
if (error != 0)
return (error);
@@ -389,19 +396,21 @@
return (error);
while((fhp = pefs_next_file(fpin, &error)) != NULL) {
- /* XXXgpf: Semantic checks are now performed by addchecklist command */
+ error = pefs_file_semantic_checks(fhp, &fs);
+ if (error != 0)
+ return (error);
error = pefs_get_file_id(fhp);
if (error != 0)
- return error;
+ return (error);
error = pefs_compute_file_checksums(fhp, md, hash_len);
if (error != 0)
- return error;
+ return (error);
error = pefs_add_to_hash_table(checksum_hash_tablep, fhp);
if (error != 0)
- return error;
+ return (error);
}
pefs_print_hash_table(checksum_hash_tablep, hash_len);
@@ -623,6 +632,10 @@
hash_len = EVP_MD_size(md);
snprintf(checksum_path, sizeof(checksum_path), "%s/%s", fsroot, PEFS_FILE_CHECKSUM);
+ /*
+ * XXXgpf: If pefs fs is mounted when .pefs.checksum is created, then it will obtain an
+ * encrypted filename. It's not a bug, it's a feature!
+ */
fdout = open(checksum_path, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR);
if (fdout == -1) {
warn("cannot open %s", checksum_path);
@@ -630,7 +643,7 @@
}
error = pefs_create_in_memory_db(fpin, md, hash_len,
- &checksum_hash_table);
+ &checksum_hash_table, fsroot);
if (error != 0)
goto out;
Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c
==============================================================================
--- soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c Thu May 24 10:59:48 2012 (r236272)
+++ soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c Thu May 24 11:49:06 2012 (r236273)
@@ -1072,11 +1072,7 @@
return (PEFS_ERR_USAGE);
}
- /* XXXgpf: [TODO] probably check that fsroot is not mounted */
- if (!checkargs_fs(argc, argv))
- pefs_usage();
-
- strlcpy(fsroot, argv[0], sizeof(fsroot));
+ initfsroot(argc, argv, 0, fsroot, sizeof(fsroot));
error = pefs_create_checksum_file(fpin, fsroot, algo);
More information about the svn-soc-all
mailing list