Date: Wed, 04 Jul 2012 12:41:57 +0000 From: gpf@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r238947 - in soc2012/gpf/pefs_kmod: sbin/pefs sys/fs/pefs Message-ID: <20120704124157.52428106566B@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gpf Date: Wed Jul 4 12:41:56 2012 New Revision: 238947 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=238947 Log: - comments! Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c soc2012/gpf/pefs_kmod/sys/fs/pefs/pefs_vfsops.c Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c ============================================================================== --- soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c Wed Jul 4 12:10:20 2012 (r238946) +++ soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c Wed Jul 4 12:41:56 2012 (r238947) @@ -79,18 +79,21 @@ RB_HEAD(hardlink_head, hardlink_counter); RB_PROTOTYPE(hardlink_head, hardlink_counter, hardlink_entries, pefs_rb_cmp); -#define PEFS_CFH_SIZE 16 -#define PEFS_FH_SIZE 16 +#define PEFS_CFH_SIZE 16 /* on disk size of .pefs.checksum's unique file header */ +#define PEFS_FH_SIZE 16 /* on disk size of a single file header (also a bucket in cuckoo hashing) */ +/* this struct is used to check if all hardlinks for a given inode are supplied by the user */ struct hardlink_counter { - ino_t inode; - uint32_t total_links; - uint32_t links_found; - struct hardlink_fh_head file_headers; - RB_ENTRY(hardlink_counter) hardlink_entries; + ino_t inode; /* inode number for the file in question */ + uint32_t total_links; /* total hardlinks of the file */ + uint32_t links_found; /* how many links are found in user supplied list */ + struct hardlink_fh_head file_headers; /* file headers of the links we have found */ + RB_ENTRY(hardlink_counter) hardlink_entries; /* entry in hardlink RB tree */ }; /* XXXgpf: unions for on disk structs and move to a different header? */ + +/* this is the unique file header of the .pefs.checksum file, found in the beginning of the file */ struct checksum_file_header { uint8_t version; uint8_t reserved; @@ -109,8 +112,8 @@ struct file_header { /* on disk information */ uint32_t nhashes; /* the number of hashes for the file */ - uint64_t file_id; /* id is MAC tweak from filename (first 64 bits) */ uint32_t offset_to_checksums; /* in file offset to start of checksums */ + uint64_t file_id; /* id is MAC tweak from filename (first 64 bits) */ /* in memory information */ char path[MAXPATHLEN + 1]; /* fullpath for this file */ @@ -120,8 +123,8 @@ int fd, pfd; /* file descriptors for the file and its parent dir */ int found; /* mark that this entry was found during "verify" action */ struct checksum_head checksums; /* this file's checksums */ - TAILQ_ENTRY(file_header) file_header_entries; - TAILQ_ENTRY(file_header) fh_hardlink_entries; + TAILQ_ENTRY(file_header) file_header_entries; /* entry in global file header tail */ + TAILQ_ENTRY(file_header) fh_hardlink_entries; /* entry in hardlink counter */ }; struct bucket { @@ -133,10 +136,10 @@ * with his own hash function: pefs_hash1() & pefs_hash2() */ struct cuckoo_hash_table { - struct bucket *buckets1; - struct bucket *buckets2; + struct bucket *buckets1; /* table1 */ + struct bucket *buckets2; /* table2 */ uint32_t size; /* how many buckets in each table */ - uint32_t nelements; + uint32_t nelements; /* total number of elements <= size */ }; static int @@ -637,6 +640,7 @@ size_t buf_len, enc_len; if ((flags & PEFS_NOKEY) != 0 || (flags & PEFS_UNMOUNTED) != 0) { + /* in this case, we already have the encrypted filename */ enc = fhp->filename; enc_len = strnlen(fhp->filename, sizeof(fhp->filename)); enc++; @@ -826,6 +830,7 @@ return 0; } +/* open a file and perform various semantic checks on it */ static int pefs_open_semantic_checks(struct file_header *fhp, struct statfs *fsp, struct hardlink_head *hlc_headp, int flags) { @@ -1644,12 +1649,12 @@ uint32_t i; int error, cmp; - dprintf(("comparing hashes for file with fid: %llu\t%llu\n", fhp->file_id, indexfhp->file_id)); + dprintf(("comparing hashes for file with fid: %llu\n", fhp->file_id)); error = 0; if (fhp->nhashes != indexfhp->nhashes) { - pefs_warn("number of hashes differ between on disk file and stored values for file %s: %u vs %u", - fhp->path, fhp->nhashes, indexfhp->nhashes); + pefs_warn("number of hashes differ between on disk file and %s values for file %s: %u vs %u", + PEFS_FILE_CHECKSUM, fhp->path, fhp->nhashes, indexfhp->nhashes); error = PEFS_ERR_CHECKSUM; } @@ -1659,8 +1664,8 @@ while (csp1 != NULL && csp2 != NULL) { cmp = memcmp(csp1->hash, csp2->hash, hash_len); if (cmp != 0) { - pefs_warn("checksum no: %u differs between on disk file and stored values for file %s", - i, fhp->path); + pefs_warn("checksum no: %u differs between on disk file and %s values for file %s", + i, PEFS_FILE_CHECKSUM, fhp->path); error = PEFS_ERR_CHECKSUM; } csp1 = TAILQ_NEXT(csp1, checksum_entries); @@ -1672,7 +1677,8 @@ } /* - * XXXgpf: [TODO] comments + * Traverse the entire filesystem and for every regular file or symbolic link, look it up in + * .pefs.checksum index and verify its checksums. */ static int pefs_traverse_fs(struct cuckoo_hash_table *chtp, const EVP_MD *md, uint8_t hash_len, DIR *dirp, @@ -1689,7 +1695,7 @@ while (dirp) { sdp = readdir(dirp); if (sdp != NULL) { - /* XXXgpf: Need to pay special attention to these files */ + /* XXXgpf: [TODO] Need to pay special attention to these files */ if (strcmp(sdp->d_name, "..") == 0 || strcmp(sdp->d_name, ".") == 0 || strcmp(sdp->d_name, ".pefs.db") == 0 || strcmp(sdp->d_name, ".pefs.conf") == 0 || strcmp(sdp->d_name, ".pefs.checksum") == 0) @@ -1817,8 +1823,8 @@ fhp = chtp->buckets1[i].fhp; if (fhp != NULL) if (fhp->found != 1) { - pefs_warn("file with file id %llu was not found in filesystem but exists in checksum file", - fhp->file_id); + pefs_warn("file with file id %llu was not found in filesystem but exists in %s", + fhp->file_id, PEFS_FILE_CHECKSUM); error = PEFS_ERR_NOENT; } } @@ -1827,8 +1833,8 @@ fhp = chtp->buckets2[i].fhp; if (fhp != NULL) if (fhp->found != 1) { - pefs_warn("file with file id %llu was not found in filesystem but exists in checksum file", - fhp->file_id); + pefs_warn("file with file id %llu was not found in filesystem but exists in %s", + fhp->file_id, PEFS_FILE_CHECKSUM); error = PEFS_ERR_NOENT; } } @@ -1837,7 +1843,11 @@ } /* - * XXXgpf: [TODO] comments + * Verify the contents of a .pefs.checksum file. + * A) .pefs.checksum is read into memory. + * B) The entire filesystem is traversed in order to check each and every file. + * C) warning messages are produces for hardlinks and symbolic links. + * D) check that every file in .pefs.checksum was actually found in filesystem. */ int pefs_verify_checksum(int fdin, char *fsroot, int flags) Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c ============================================================================== --- soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c Wed Jul 4 12:10:20 2012 (r238946) +++ soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c Wed Jul 4 12:41:56 2012 (r238947) @@ -1020,9 +1020,8 @@ * .pefs.checksum is created under $PWD. path should be a directory, * outside of target pefs filesystem. * - * When $command is run, filesystem should be already mounted with - * pefs. - * + * When $command is run, filesystem must be mounted with pefs, and + * user must have supplied the key. */ static int pefs_addchecksum(int argc, char *argv[]) @@ -1104,10 +1103,25 @@ * * pefs verify [-u/-n] checksumpath filesystem * - * $command ... + * $command verifies the contents of a .pefs.checksum file. It scans the + * entire filesystem and checks that every entry in .pefs.checksum is + * found in the filesystem with the same checksums. + * + * $command will try to produce the same warning messages as addchecksum + * concerning hardlinks and symbolic links. + * + * -n flag should be used if filesystem is mounted but key has not + * been provided yet. + * + * -u flag should be used if filesystem is unmounted. + * + * flags -u and -n are mutually exclusive. * - * XXX [TODO] comments + * By default, pefs will assume that filesystem is mounted and user + * has provided key. * + * Verifying the integrity of the checksum file itself via a signature + * remains a major TODO. */ static int pefs_verify(int argc, char *argv[]) Modified: soc2012/gpf/pefs_kmod/sys/fs/pefs/pefs_vfsops.c ============================================================================== --- soc2012/gpf/pefs_kmod/sys/fs/pefs/pefs_vfsops.c Wed Jul 4 12:10:20 2012 (r238946) +++ soc2012/gpf/pefs_kmod/sys/fs/pefs/pefs_vfsops.c Wed Jul 4 12:41:56 2012 (r238947) @@ -196,6 +196,7 @@ } } +/* XXXgpf: [TODO] move this to pefs_checksum.c */ static int pefs_checksum_load(struct mount *mp) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120704124157.52428106566B>