chiark / gitweb /
journal: add all objects we add to HMAC
authorLennart Poettering <lennart@poettering.net>
Mon, 13 Aug 2012 18:57:38 +0000 (20:57 +0200)
committerLennart Poettering <lennart@poettering.net>
Mon, 13 Aug 2012 18:57:38 +0000 (20:57 +0200)
src/journal/journal-file.c
src/journal/journal-file.h
src/journal/journalctl.c
src/journal/test-journal.c

index 0e48893..7dd7256 100644 (file)
         (le64toh((h)->header_size) >= offsetof(Header, field) + sizeof((h)->field))
 
 static int journal_file_maybe_append_tag(JournalFile *f, uint64_t realtime);
+static int journal_file_hmac_put_object(JournalFile *f, int type, uint64_t p);
 
 void journal_file_close(JournalFile *f) {
         int t;
 
         assert(f);
 
+        /* Write the final tag */
+        if (f->authenticate)
+                journal_file_append_tag(f);
+
         /* Sync everything to disk, before we mark the file offline */
         for (t = 0; t < _WINDOW_MAX; t++)
                 if (f->windows[t].ptr)
@@ -831,6 +836,10 @@ static int journal_file_append_data(
         if (r < 0)
                 return r;
 
+        r = journal_file_hmac_put_object(f, OBJECT_DATA, p);
+        if (r < 0)
+                return r;
+
         /* The linking might have altered the window, so let's
          * refresh our pointer */
         r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
@@ -907,6 +916,10 @@ static int link_entry_into_array(JournalFile *f,
         if (r < 0)
                 return r;
 
+        r = journal_file_hmac_put_object(f, OBJECT_ENTRY_ARRAY, q);
+        if (r < 0)
+                return r;
+
         o->entry_array.items[i] = htole64(p);
 
         if (ap == 0)
@@ -1044,6 +1057,10 @@ static int journal_file_append_entry_internal(
         o->entry.xor_hash = htole64(xor_hash);
         o->entry.boot_id = f->header->boot_id;
 
+        r = journal_file_hmac_put_object(f, OBJECT_ENTRY, np);
+        if (r < 0)
+                return r;
+
         r = journal_file_link_entry(f, o, np);
         if (r < 0)
                 return r;
@@ -1888,7 +1905,7 @@ static void *fsprg_state(JournalFile *f) {
         return (uint8_t*) f->fsprg_header + a;
 }
 
-static int journal_file_append_tag(JournalFile *f) {
+int journal_file_append_tag(JournalFile *f) {
         Object *o;
         uint64_t p;
         int r;
@@ -2473,7 +2490,9 @@ int journal_file_open(
                 r = journal_file_verify_header(f);
                 if (r < 0)
                         goto fail;
+        }
 
+        if (!newly_created && f->writable) {
                 r = journal_file_load_fsprg(f);
                 if (r < 0)
                         goto fail;
index 25d9720..a16c8ff 100644 (file)
@@ -164,3 +164,5 @@ int journal_file_get_cutoff_realtime_usec(JournalFile *f, usec_t *from, usec_t *
 int journal_file_get_cutoff_monotonic_usec(JournalFile *f, sd_id128_t boot, usec_t *from, usec_t *to);
 
 bool journal_file_rotate_suggested(JournalFile *f);
+
+int journal_file_append_tag(JournalFile *f);
index 138bf09..b4874a7 100644 (file)
@@ -84,7 +84,7 @@ static int help(void) {
                "  -D --directory=PATH Show journal files from directory\n"
                "  -p --priority=RANGE Show only messages within the specified priority range\n\n"
                "Commands:\n"
-               "     --new-id128      Generate a new 128 Bit id\n"
+               "     --new-id128      Generate a new 128 Bit ID\n"
                "     --header         Show journal header information\n"
                "     --setup-keys     Generate new FSPRG key pair\n",
                program_invocation_short_name);
index 7b1583c..8f01b4d 100644 (file)
@@ -57,6 +57,7 @@ int main(int argc, char *argv[]) {
         iovec.iov_len = strlen(test);
         assert_se(journal_file_append_entry(f, &ts, &iovec, 1, NULL, NULL, NULL) == 0);
 
+        journal_file_append_tag(f);
         journal_file_dump(f);
 
         assert(journal_file_next_entry(f, NULL, 0, DIRECTION_DOWN, &o, &p) == 1);