diff options
| author | Lennart Poettering <lennart@poettering.net> | 2012-08-13 20:57:38 +0200 | 
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2012-08-13 20:57:38 +0200 | 
| commit | b0af6f41ea67c97b8beb16fd1d63042379bbf103 (patch) | |
| tree | 5c4e663404a46fefc97e43a8edafe8cd14aae3f8 | |
| parent | 7560fffcd2531786b9c1ca657667a43e90331326 (diff) | |
journal: add all objects we add to HMAC
| -rw-r--r-- | src/journal/journal-file.c | 21 | ||||
| -rw-r--r-- | src/journal/journal-file.h | 2 | ||||
| -rw-r--r-- | src/journal/journalctl.c | 2 | ||||
| -rw-r--r-- | src/journal/test-journal.c | 1 | 
4 files changed, 24 insertions, 2 deletions
| diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c index 0e4889378c..7dd7256630 100644 --- a/src/journal/journal-file.c +++ b/src/journal/journal-file.c @@ -68,12 +68,17 @@          (le64toh((h)->header_size) >= offsetof(Header, field) + sizeof((h)->field))  static int journal_file_maybe_append_tag(JournalFile *f, uint64_t realtime); +static int journal_file_hmac_put_object(JournalFile *f, int type, uint64_t p);  void journal_file_close(JournalFile *f) {          int t;          assert(f); +        /* Write the final tag */ +        if (f->authenticate) +                journal_file_append_tag(f); +          /* Sync everything to disk, before we mark the file offline */          for (t = 0; t < _WINDOW_MAX; t++)                  if (f->windows[t].ptr) @@ -831,6 +836,10 @@ static int journal_file_append_data(          if (r < 0)                  return r; +        r = journal_file_hmac_put_object(f, OBJECT_DATA, p); +        if (r < 0) +                return r; +          /* The linking might have altered the window, so let's           * refresh our pointer */          r = journal_file_move_to_object(f, OBJECT_DATA, p, &o); @@ -907,6 +916,10 @@ static int link_entry_into_array(JournalFile *f,          if (r < 0)                  return r; +        r = journal_file_hmac_put_object(f, OBJECT_ENTRY_ARRAY, q); +        if (r < 0) +                return r; +          o->entry_array.items[i] = htole64(p);          if (ap == 0) @@ -1044,6 +1057,10 @@ static int journal_file_append_entry_internal(          o->entry.xor_hash = htole64(xor_hash);          o->entry.boot_id = f->header->boot_id; +        r = journal_file_hmac_put_object(f, OBJECT_ENTRY, np); +        if (r < 0) +                return r; +          r = journal_file_link_entry(f, o, np);          if (r < 0)                  return r; @@ -1888,7 +1905,7 @@ static void *fsprg_state(JournalFile *f) {          return (uint8_t*) f->fsprg_header + a;  } -static int journal_file_append_tag(JournalFile *f) { +int journal_file_append_tag(JournalFile *f) {          Object *o;          uint64_t p;          int r; @@ -2473,7 +2490,9 @@ int journal_file_open(                  r = journal_file_verify_header(f);                  if (r < 0)                          goto fail; +        } +        if (!newly_created && f->writable) {                  r = journal_file_load_fsprg(f);                  if (r < 0)                          goto fail; diff --git a/src/journal/journal-file.h b/src/journal/journal-file.h index 25d972040c..a16c8ffc3e 100644 --- a/src/journal/journal-file.h +++ b/src/journal/journal-file.h @@ -164,3 +164,5 @@ int journal_file_get_cutoff_realtime_usec(JournalFile *f, usec_t *from, usec_t *  int journal_file_get_cutoff_monotonic_usec(JournalFile *f, sd_id128_t boot, usec_t *from, usec_t *to);  bool journal_file_rotate_suggested(JournalFile *f); + +int journal_file_append_tag(JournalFile *f); diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c index 138bf09d48..b4874a77be 100644 --- a/src/journal/journalctl.c +++ b/src/journal/journalctl.c @@ -84,7 +84,7 @@ static int help(void) {                 "  -D --directory=PATH Show journal files from directory\n"                 "  -p --priority=RANGE Show only messages within the specified priority range\n\n"                 "Commands:\n" -               "     --new-id128      Generate a new 128 Bit id\n" +               "     --new-id128      Generate a new 128 Bit ID\n"                 "     --header         Show journal header information\n"                 "     --setup-keys     Generate new FSPRG key pair\n",                 program_invocation_short_name); diff --git a/src/journal/test-journal.c b/src/journal/test-journal.c index 7b1583c889..8f01b4d82e 100644 --- a/src/journal/test-journal.c +++ b/src/journal/test-journal.c @@ -57,6 +57,7 @@ int main(int argc, char *argv[]) {          iovec.iov_len = strlen(test);          assert_se(journal_file_append_entry(f, &ts, &iovec, 1, NULL, NULL, NULL) == 0); +        journal_file_append_tag(f);          journal_file_dump(f);          assert(journal_file_next_entry(f, NULL, 0, DIRECTION_DOWN, &o, &p) == 1); | 
