Date: Thu, 09 Aug 2012 14:10:41 +0000 From: gpf@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r240210 - in soc2012/gpf/pefs_kmod: sbin/pefs sys/fs/pefs Message-ID: <20120809141041.4D03C106566C@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gpf Date: Thu Aug 9 14:10:40 2012 New Revision: 240210 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=240210 Log: minor changes, comment updates and code refactoring Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c soc2012/gpf/pefs_kmod/sys/fs/pefs/pefs_mac.c Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c ============================================================================== --- soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c Thu Aug 9 12:35:15 2012 (r240209) +++ soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c Thu Aug 9 14:10:40 2012 (r240210) @@ -812,7 +812,7 @@ /* XXXgpf: for debugging purposes */ static void -pefs_rb_print(struct hardlink_head *hlc_headp) +pefs_hardlink_print(struct hardlink_head *hlc_headp) { struct hardlink_counter *hlcp; struct file_header *fhp; @@ -828,7 +828,7 @@ } static void -pefs_rb_warn(struct hardlink_head *hlc_headp) +pefs_hardlink_warn(struct hardlink_head *hlc_headp) { struct hardlink_counter *hlcp; struct file_header *fhp; @@ -848,7 +848,7 @@ } static int -pefs_rb_insert(struct hardlink_head *hlc_headp, struct file_header *fhp, +pefs_hardlink_insert(struct hardlink_head *hlc_headp, struct file_header *fhp, struct stat *sbp) { struct hardlink_counter find, *res, *new_hlcp; @@ -880,7 +880,7 @@ } static int -pefs_rb_cmp(struct hardlink_counter *hlcp1, struct hardlink_counter *hlcp2) +pefs_hardlink_cmp(struct hardlink_counter *hlcp1, struct hardlink_counter *hlcp2) { if (hlcp1->inode < hlcp2->inode) return -1; @@ -891,7 +891,7 @@ } static void -pefs_rb_free(struct hardlink_head *hlc_headp) +pefs_hardlink_free(struct hardlink_head *hlc_headp) { struct hardlink_counter *cur, *next; @@ -1067,7 +1067,7 @@ /* Keep all hardlink file headers in a rb tree */ if (sb.st_nlink > 1 && hlc_headp != NULL) - return (pefs_rb_insert(hlc_headp, fhp, &sb)); + return (pefs_hardlink_insert(hlc_headp, fhp, &sb)); return (0); } @@ -1177,9 +1177,9 @@ if (error != 0) return (error); - pefs_rb_print(&hlc_head); - pefs_rb_warn(&hlc_head); - pefs_rb_free(&hlc_head); + pefs_hardlink_print(&hlc_head); + pefs_hardlink_warn(&hlc_head); + pefs_hardlink_free(&hlc_head); error = pefs_allocate_hash_table(chtp, nfiles, PEFS_EXTEND); if (error != 0) @@ -1306,12 +1306,8 @@ struct file_header *fhp; fhp = bp->fhp; + /* Empty files aren't allowed so nhashes == 0 symbolizes an empty bucket */ if (fhp == NULL) { - /* - * XXXgpf: empty files are not allowed so nhashes == 0 symbolizes - * an empty bucket. perhaps a bitmap would be better? or we could - * steal a bit from some data member? - */ emptyfh.nhashes = 0; emptyfh.file_id = 0; emptyfh.offset_to_checksums = 0; @@ -1341,8 +1337,12 @@ * All data member writes are done separately so as to avoid alignment problems. * Writes are always in little endian byte order. * - * First 16 bytes of .pefs.checksum are filled with .pefs.checksum's file - * header. Right after this header lies the 'index' part of our database. + * First 512 bytes of .pefs.checksum are reserved for the file's digital + * signature. + * + * After that, the next 16 bytes of .pefs.checksum are filled with + * .pefs.checksum's global file header. Right after this header lies the + * 'index' part of our database. * This index is later kept in kernel memory. * * Index: @@ -1437,7 +1437,7 @@ cfhp->offset_to_hash_table = PEFS_CFH_SIZE; } -/* read dsa pubkey from file */ +/* read dsa privkey from file */ static EVP_PKEY * pefs_read_dsa_privkey(FILE *pk_fp) { @@ -1469,7 +1469,7 @@ return (pkey); } -/* Sign .pefs.checksum. Signature is placed in a different file. */ +/* Sign .pefs.checksum. Signature is placed at the beginning of the file. */ static int pefs_sign_file(int fd, FILE *pkfp) { @@ -1481,8 +1481,6 @@ unsigned int sign_len; int bytes, error, rval; - /* XXXgpf: [TODO] offer option of DSA/RSA & appropriate digests */ - /* generate keys */ pkey = pefs_read_dsa_privkey(pkfp); if (pkey == NULL) return (PEFS_ERR_SYS); @@ -1715,8 +1713,7 @@ * later written to file ".pefs.checksum" which is created under csm_path. * algo is used as a cryptographic hash function that produces checksums * for 4k blocks of each file. When we are done with .pefs.checksum, we - * sign it and place the signature in .pefs.signature. The public key is placed - * in .pefs.pkey. + * sign it and place the signature at the beginning of .pefs.checksum. */ int pefs_create_checksum_file(FILE *fpin, char *fsroot, char *csm_path, @@ -2138,19 +2135,12 @@ return (PEFS_ERR_SYS); } - /* - * XXXgpf: probably print warning and move on to the next file - * instead of returning so as to print as many warnings - * as possible. - */ if ((sb.st_flags & SF_IMMUTABLE) == 0) { pefs_warn("file %s does not have schg flag", fhp->path); - closedir(dirp); - pefs_free_file_header(fhp); - return (PEFS_ERR_SYS); + *checksum_error = PEFS_ERR_CHECKSUM; } - error = pefs_rb_insert(hlc_headp, fhp, &sb); + error = pefs_hardlink_insert(hlc_headp, fhp, &sb); if (error != 0) { closedir(dirp); pefs_free_file_header(fhp); @@ -2222,7 +2212,7 @@ * B) The entire filesystem is traversed in order to check each and every file. * C) warning messages are produced for hardlinks and symbolic links. * D) check that every file in .pefs.checksum was actually found in filesystem. - * E) verify .pefs.signature from public key found in .pefs.pkey + * E) verify the file's signature with the user supplied public key */ int pefs_verify_checksum(int fdin, FILE *pk_fp, char *fsroot, int flags) @@ -2280,8 +2270,8 @@ if (error != 0) goto out; - /* pefs_rb_print(&hlc_head); */ - pefs_rb_warn(&hlc_head); + /* pefs_hardlink_print(&hlc_head); */ + pefs_hardlink_warn(&hlc_head); if ((flags & PEFS_UNMOUNTED) == 0 && (flags & PEFS_NOKEY) == 0) pefs_symlink_warn(&cht, &fh_head); @@ -2294,7 +2284,7 @@ out: pefs_free_hash_table(&cht); - pefs_rb_free(&hlc_head); + pefs_hardlink_free(&hlc_head); pefs_free_file_header_tail(&fh_head); return (error); @@ -2330,4 +2320,4 @@ return (error); } -RB_GENERATE(hardlink_head, hardlink_counter, hardlink_entries, pefs_rb_cmp); +RB_GENERATE(hardlink_head, hardlink_counter, hardlink_entries, pefs_hardlink_cmp); Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c ============================================================================== --- soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c Thu Aug 9 12:35:15 2012 (r240209) +++ soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c Thu Aug 9 14:10:40 2012 (r240210) @@ -1006,7 +1006,8 @@ /* * XXXgpf: Instead of a man page entry: * - * pefs addchecksum [-f] [-a algo] [-i inputfile] [-p path] filesystem + * pefs addchecksum [-f] [-a algo] [-i inputfile] [-k pkey_file] [-p path] \ + * filesystem * * $command creates .pefs.checksum db file for filesystem. * This file will contain all checksums necessary to check integrity @@ -1022,17 +1023,15 @@ * path defines where .pefs.checksum should be created. By default, * .pefs.checksum is created under $PWD. path should be a directory, * outside of target pefs filesystem. - * - * Alongside .pefs.checksum, two other files are created: .pefs.signature & - * .pefs.pkey. The first one contains the digital signature of .pefs.checksum - * and the other one the public key that is used for signature verification. - * They are created under the same parent directory as .pefs.checksum. + * + * pkey_file is the file that contains the private key that will be used + * by the DSA signing algorithm. Key should be in PEM format. * * -f symbolizes that $command should set immutable flag schg for every file * in inputlist if the flag is not already set. * * When $command is run, filesystem must be mounted with pefs, and - * user must have supplied the necessary key(s). + * user must have supplied the necessary pefs key(s). * */ static int @@ -1115,7 +1114,7 @@ argv += optind; if (pk_fp == NULL) { - pefs_warn("user must provide a file containing the public key"); + pefs_warn("user must provide a file containing the private key"); return (PEFS_ERR_INVALID); } @@ -1136,7 +1135,7 @@ /* * XXXgpf: Instead of a man page entry: * - * pefs verify [-u/-n] [-k pkey_file] [-s sign_file] checksumpath filesystem + * pefs verify [-u/-n] [-k pkey_file] checksumpath filesystem * * $command verifies the contents of a .pefs.checksum file. It scans the * entire filesystem and checks that every entry in .pefs.checksum is @@ -1153,13 +1152,7 @@ * flags -u and -n are mutually exclusive. * * pkey_file is the file containing the public key that is used to verify - * .pefs.checksum's signature. - * - * sign_file contains the public signature that is used to verify - * .pefs.checksum's digital signature. - * - * If pkey_file or sign_file are not supplied, $command expects to find the - * respective files under the same parent directory as .pefs.checksum. + * .pefs.checksum's signature by the DSA algorithm. * * By default, pefs will assume that filesystem is mounted and user * has provided key. @@ -1362,8 +1355,8 @@ " pefs randomchain [-fv] [-n min] [-N max] filesystem\n" " pefs showchains [-fp] [-i iterations] [-k keyfile] filesystem\n" " pefs showalgs\n" -" pefs addchecksum [-f] [-a algo] [-i inputfile] [-p checksumpath] filesystem\n" -" pefs verify [-n/u] [-k pkey_file] [-s sign_file] [checksumpath filesystem]\n" +" pefs addchecksum [-f] [-a algo] [-i inputfile] [-k pkey_file] [-p checksumpath] filesystem\n" +" pefs verify [-n/u] [-k pkey_file] [checksumpath filesystem]\n" " pefs nameid [-u/-n] [filepath]" ); exit(PEFS_ERR_USAGE); Modified: soc2012/gpf/pefs_kmod/sys/fs/pefs/pefs_mac.c ============================================================================== --- soc2012/gpf/pefs_kmod/sys/fs/pefs/pefs_mac.c Thu Aug 9 12:35:15 2012 (r240209) +++ soc2012/gpf/pefs_kmod/sys/fs/pefs/pefs_mac.c Thu Aug 9 14:10:40 2012 (r240210) @@ -59,7 +59,7 @@ * b) add a brand new MAC hook that will be called at the precise point * in do_execve() where only the interpreter or the regular executable * will be checked for the schg flag. [don't seem the other devs will go - * for us modying MAC framework though] + * for us modifying MAC framework though] * * c) duplicate code from do_execve() and perform the check ourselves. It * could be done I guess but I'm not sure since image activators seem to have
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120809141041.4D03C106566C>