Date: Mon, 23 Jul 2012 17:47:05 +0000 From: gpf@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r239701 - soc2012/gpf/pefs_kmod/sbin/pefs Message-ID: <20120723174705.7D6FB106566B@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gpf Date: Mon Jul 23 17:47:04 2012 New Revision: 239701 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=239701 Log: /sbin/pefs 'nameid' that retrieves the name checksum that is used as a unique file identifier by pefs integrity checking code. Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.h Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c ============================================================================== --- soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c Mon Jul 23 16:36:13 2012 (r239700) +++ soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c Mon Jul 23 17:47:04 2012 (r239701) @@ -925,7 +925,6 @@ } strlcpy(fhp->dirpath, dirnamep, sizeof(fhp->dirpath)); - namep = basename(namebuf); if (namep == NULL) { pefs_warn("failed to extract filename of %s", fhp->path); @@ -943,7 +942,8 @@ if ((sb.st_flags & SF_IMMUTABLE) == 0 && (flags & PEFS_SETIMMUTABLE) == 0 && - (flags & PEFS_VERIFY) == 0) { + (flags & PEFS_VERIFY) == 0 && + (flags & PEFS_GETID) == 0) { pefs_warn("file %s does not have schg flag", fhp->path); return (PEFS_ERR_SYS); } @@ -1035,7 +1035,7 @@ return (PEFS_ERR_SYS); } - if (S_ISREG(sb.st_mode) == 0) { + if (S_ISREG(sb.st_mode) == 0 && (flags & PEFS_GETID) == 0) { pefs_warn("filename: %s is not a regular file", fhp->path); return (PEFS_ERR_INVALID); } @@ -1050,7 +1050,7 @@ } } - if ((flags & PEFS_UNMOUNTED) == 0) { + if ((flags & PEFS_UNMOUNTED) == 0 && (fsp != NULL)) { if (fstatfs(fhp->fd, &this_fs) == -1) { pefs_warn("statfs failed: %s: %s", fhp->path, strerror(errno)); return (PEFS_ERR_SYS); @@ -2177,6 +2177,11 @@ return (PEFS_ERR_SYS); } + /* + * XXXgpf: probably print warning and move on to the next file + * instead of returning so as to print as many warnings + * as possible. + */ if ((sb.st_flags & SF_IMMUTABLE) == 0) { pefs_warn("file %s does not have schg flag", fhp->path); closedir(dirp); @@ -2335,4 +2340,35 @@ return (error); } + +/* retrieve and then print the name checksum ID for a given filename */ +int +pefs_filename_to_id(char *file_path, int flags) +{ + struct file_header *fhp; + int error; + + fhp = pefs_allocate_file_header(); + if (fhp == NULL) { + error = PEFS_ERR_SYS; + goto out; + } + + strlcpy(fhp->path, file_path, sizeof(fhp->path)); + + error = pefs_open_semantic_checks(fhp, NULL, NULL, flags); + if (error != 0) + goto out; + + error = pefs_get_file_id(fhp, flags); + if (error != 0) + goto out; + + printf("id: %llu\n", fhp->file_id); + +out: + pefs_free_file_header(fhp); + return (error); +} + RB_GENERATE(hardlink_head, hardlink_counter, hardlink_entries, pefs_rb_cmp); Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c ============================================================================== --- soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c Mon Jul 23 16:36:13 2012 (r239700) +++ soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c Mon Jul 23 17:47:04 2012 (r239701) @@ -78,6 +78,7 @@ static int pefs_showalgs(int argc, char *argv[]); static int pefs_addchecksum(int argc, char *argv[]); static int pefs_verify(int argc, char *argv[]); +static int pefs_nameid(int argc, char *argv[]); typedef int (*command_func_t)(int argc, char **argv); typedef int (*keyop_func_t)(struct pefs_keychain_head *kch, int fd, @@ -106,6 +107,7 @@ { "showalgs", pefs_showalgs }, { "addchecksum", pefs_addchecksum}, { "verify", pefs_verify}, + { "nameid", pefs_nameid}, { NULL, NULL }, }; @@ -1277,7 +1279,76 @@ return (error); } -/* XXXgpf: [TODO] a command that returns the file id of a file (name MAC) */ +/* + * XXXgpf: Instead of a man page entry: + * + * pefs nameid [-u/-n] filepath + * + * $command prints out the identifier for an encrypted pefs filename where + * pefs encrypted filename = XBase64(checksum || E(tweak || filename)). + * + * The id is the name checksum, meaning VMAC(E(tweak || filename)). + * + * This identifier is used as a primary key when a specific filename is handled + * by pefs for integrity checking purposes. + * + * Some warning messages produced by /sbin/pefs refer to files by their internal + * ID and not their unencrypted fullpath; e.g. when verifying an unmounted pefs + * filesystem. Therefore this command can be used to map fullpaths to internal + * IDs. + * + * -n flag should be used if filesystem is mounted but key has not been + * provided yet. + * + * -u flag should be used if filesystem is unmounted. + * + * In both of these scenarios the "filepath" that is provided by the user should + * be the encrypted filepath. + * + * flags -u and -n are mutually exclusive. + */ +static int +pefs_nameid(int argc, char *argv[]) +{ + char file_path[MAXPATHLEN + 1]; + int error, flags, i; + + flags = PEFS_GETID; + while ((i = getopt(argc, argv, "nu")) != -1) + switch(i) { + case 'n': + flags|= PEFS_NOKEY; + if ((flags & PEFS_UNMOUNTED) != 0) { + pefs_warn("flags -u and -n are mutually exclusive"); + return (PEFS_ERR_INVALID); + } + break; + case 'u': + flags|= PEFS_UNMOUNTED; + if ((flags & PEFS_NOKEY) != 0) { + pefs_warn("flags -u and -n are mutually exclusive"); + return (PEFS_ERR_INVALID); + } + break; + default: + pefs_usage(); + } + argc -= optind; + argv += optind; + + if (argc != 1) { + if (argc < 1) + warnx("too few arguments"); + else + warnx("too many arguments"); + pefs_usage(); + } + + strlcpy(file_path, argv[0], sizeof(file_path)); + error = pefs_filename_to_id(file_path, flags); + + return (error); +} static void pefs_usage_alg(void) @@ -1306,6 +1377,7 @@ " pefs showalgs\n" " pefs addchecksum [-f] [-a algo] [-i inputfile] [-p checksumpath] filesystem\n" " pefs verify [-n/u] [-k pkey_file] [-s sign_file] [checksumpath filesystem]\n" +" pefs nameid [-u/-n] [filepath]" ); exit(PEFS_ERR_USAGE); } Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.h ============================================================================== --- soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.h Mon Jul 23 16:36:13 2012 (r239700) +++ soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.h Mon Jul 23 17:47:04 2012 (r239701) @@ -50,6 +50,7 @@ #define PEFS_UNMOUNTED 0x0002 #define PEFS_SETIMMUTABLE 0x0004 #define PEFS_VERIFY 0x0010 +#define PEFS_GETID 0x0020 #define PEFS_KEYCONF_ALG_IND 0 #define PEFS_KEYCONF_ITERATIONS_IND 1 @@ -106,6 +107,7 @@ char *pk_path, char *sign_path, const char *algo, int flags); int pefs_verify_checksum(int fdin, FILE *pk_fp, FILE *sign_fp, char *fsroot, int flags); +int pefs_filename_to_id(char *file_path, int flags); int pefs_name_pton(char const *src, size_t srclen, u_char *target, size_t targsize);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120723174705.7D6FB106566B>