Merge nss-myhostname

[elogind.git] / src / journal / journal-authenticate.c

diff --git a/src/journal/journal-authenticate.c b/src/journal/journal-authenticate.c
index fd81797cf9e0fb73a8168e4cca1534f8875a719e..64bf96874e6490485f58a65b146d60e3f4e86425 100644 (file)
--- a/src/journal/journal-authenticate.c
+++ b/src/journal/journal-authenticate.c
@@ -66,7 +66,7 @@ int journal_file_append_tag(JournalFile *f) {
 
         /* Add the tag object itself, so that we can protect its
          * header. This will exclude the actual hash value in it */
-        r = journal_file_hmac_put_object(f, OBJECT_TAG, p);
+        r = journal_file_hmac_put_object(f, OBJECT_TAG, o, p);
         if (r < 0)
                 return r;
 
@@ -212,7 +212,7 @@ int journal_file_maybe_append_tag(JournalFile *f, uint64_t realtime) {
                 return 0;
 
         if (realtime <= 0)
-                realtime = now(CLOCK_MONOTONIC);
+                realtime = now(CLOCK_REALTIME);
 
         r = journal_file_fsprg_need_evolve(f, realtime);
         if (r <= 0)
@@ -229,9 +229,8 @@ int journal_file_maybe_append_tag(JournalFile *f, uint64_t realtime) {
         return 0;
 }
 
-int journal_file_hmac_put_object(JournalFile *f, int type, uint64_t p) {
+int journal_file_hmac_put_object(JournalFile *f, int type, Object *o, uint64_t p) {
         int r;
-        Object *o;
 
         assert(f);
 
@@ -242,9 +241,14 @@ int journal_file_hmac_put_object(JournalFile *f, int type, uint64_t p) {
         if (r < 0)
                 return r;
 
-        r = journal_file_move_to_object(f, type, p, &o);
-        if (r < 0)
-                return r;
+        if (!o) {
+                r = journal_file_move_to_object(f, type, p, &o);
+                if (r < 0)
+                        return r;
+        } else {
+                if (type >= 0 && o->object.type != type)
+                        return -EBADMSG;
+        }
 
         gcry_md_write(f->hmac, o, offsetof(ObjectHeader, payload));
 
@@ -256,6 +260,12 @@ int journal_file_hmac_put_object(JournalFile *f, int type, uint64_t p) {
                 gcry_md_write(f->hmac, o->data.payload, le64toh(o->object.size) - offsetof(DataObject, payload));
                 break;
 
+        case OBJECT_FIELD:
+                /* Same here */
+                gcry_md_write(f->hmac, &o->field.hash, sizeof(o->field.hash));
+                gcry_md_write(f->hmac, o->field.payload, le64toh(o->object.size) - offsetof(FieldObject, payload));
+                break;
+
         case OBJECT_ENTRY:
                 /* All */
                 gcry_md_write(f->hmac, &o->entry.seqnum, le64toh(o->object.size) - offsetof(EntryObject, seqnum));
@@ -328,7 +338,9 @@ int journal_file_fss_load(JournalFile *f) {
 
         fd = open(p, O_RDWR|O_CLOEXEC|O_NOCTTY, 0600);
         if (fd < 0) {
-                log_error("Failed to open %s: %m", p);
+                if (errno != ENOENT)
+                        log_error("Failed to open %s: %m", p);
+
                 r = -errno;
                 goto finish;
         }
@@ -413,12 +425,26 @@ finish:
         return r;
 }
 
+static void initialize_libgcrypt(void) {
+        const char *p;
+
+        if (gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P))
+                return;
+
+        p = gcry_check_version("1.4.5");
+        assert(p);
+
+        gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+}
+
 int journal_file_hmac_setup(JournalFile *f) {
         gcry_error_t e;
 
         if (!f->seal)
                 return 0;
 
+        initialize_libgcrypt();
+
         e = gcry_md_open(&f->hmac, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
         if (e != 0)
                 return -ENOTSUP;
@@ -444,7 +470,7 @@ int journal_file_append_first_tag(JournalFile *f) {
                 return -EINVAL;
         p -= offsetof(Object, hash_table.items);
 
-        r = journal_file_hmac_put_object(f, OBJECT_FIELD_HASH_TABLE, p);
+        r = journal_file_hmac_put_object(f, OBJECT_FIELD_HASH_TABLE, NULL, p);
         if (r < 0)
                 return r;
 
@@ -453,7 +479,7 @@ int journal_file_append_first_tag(JournalFile *f) {
                 return -EINVAL;
         p -= offsetof(Object, hash_table.items);
 
-        r = journal_file_hmac_put_object(f, OBJECT_DATA_HASH_TABLE, p);
+        r = journal_file_hmac_put_object(f, OBJECT_DATA_HASH_TABLE, NULL, p);
         if (r < 0)
                 return r;
 
@@ -464,7 +490,6 @@ int journal_file_append_first_tag(JournalFile *f) {
         return 0;
 }
 
-
 int journal_file_parse_verification_key(JournalFile *f, const char *key) {
         uint8_t *seed;
         size_t seed_size, c;