/* Read the entire file into memory */
static void *
get_binary_file_image(char *filename, int *pnbytes)
{
unsigned char *image;
int fd;
jlong nbytes;
int nread;
*pnbytes = 0;
fd = md_open_binary(filename);
CHECK_FOR_ERROR(fd>=0);
if ( (nbytes = md_seek(fd, (jlong)-1)) == (jlong)-1 ) {
HPROF_ERROR(JNI_TRUE, "Cannot md_seek() to end of file");
}
CHECK_FOR_ERROR(((jint)nbytes)>512);
if ( md_seek(fd, (jlong)0) != (jlong)0 ) {
HPROF_ERROR(JNI_TRUE, "Cannot md_seek() to start of file");
}
image = HPROF_MALLOC(((jint)nbytes)+1);
CHECK_FOR_ERROR(image!=NULL);
/* Read the entire file image into memory */
nread = md_read(fd, image, (jint)nbytes);
if ( nread <= 0 ) {
HPROF_ERROR(JNI_TRUE, "System read failed.");
}
CHECK_FOR_ERROR(((jint)nbytes)==nread);
md_close(fd);
*pnbytes = (jint)nbytes;
return image;
}
/****************
* This filter is used to en/de-cipher data with a conventional algorithm
*/
int
cipher_filter( void *opaque, int control,
IOBUF a, byte *buf, size_t *ret_len)
{
size_t size = *ret_len;
cipher_filter_context_t *cfx = opaque;
int rc=0;
if( control == IOBUFCTRL_UNDERFLOW ) { /* decrypt */
rc = -1; /* not yet used */
}
else if( control == IOBUFCTRL_FLUSH ) { /* encrypt */
assert(a);
if( !cfx->header ) {
write_header( cfx, a );
}
if( cfx->mdc_hash )
md_write( cfx->mdc_hash, buf, size );
cipher_encrypt( cfx->cipher_hd, buf, buf, size);
if( iobuf_write( a, buf, size ) )
rc = G10ERR_WRITE_FILE;
}
else if( control == IOBUFCTRL_FREE ) {
if( cfx->mdc_hash ) {
byte *hash;
int hashlen = md_digest_length( md_get_algo( cfx->mdc_hash ) );
byte temp[22];
assert( hashlen == 20 );
/* we must hash the prefix of the MDC packet here */
temp[0] = 0xd3;
temp[1] = 0x14;
md_putc( cfx->mdc_hash, temp[0] );
md_putc( cfx->mdc_hash, temp[1] );
md_final( cfx->mdc_hash );
hash = md_read( cfx->mdc_hash, 0 );
memcpy(temp+2, hash, 20);
cipher_encrypt( cfx->cipher_hd, temp, temp, 22 );
md_close( cfx->mdc_hash );
cfx->mdc_hash = NULL;
if( iobuf_write( a, temp, 22 ) )
log_error("writing MDC packet failed\n" );
}
cipher_close(cfx->cipher_hd);
}
else if( control == IOBUFCTRL_DESC ) {
*(char**)buf = "cipher_filter";
}
return rc;
}
static void UnInit()
{
delete g_pb;
DG_ReleaseDisplayHandle(g_hDisplay);
DG_CloseSurface(g_hScreen);
DeInitHDMI();
delete g_vo;
firmware_uninit();
board_uninit();
DG_UnInit();
se_close();
md_close();
pli_freeAllMemory();
pli_close();
}
int llu_md_close(struct obd_export *md_exp, struct inode *inode)
{
struct llu_inode_info *lli = llu_i2info(inode);
struct ll_file_data *fd = lli->lli_file_data;
struct ptlrpc_request *req = NULL;
struct obd_client_handle *och = &fd->fd_mds_och;
struct intnl_stat *st = llu_i2stat(inode);
struct md_op_data op_data = { { 0 } };
int rc;
ENTRY;
/* clear group lock, if present */
if (fd->fd_flags & LL_FILE_GROUP_LOCKED)
llu_put_grouplock(inode, fd->fd_grouplock.cg_gid);
llu_prepare_close(inode, &op_data, fd);
rc = md_close(md_exp, &op_data, och->och_mod, &req);
if (rc == -EAGAIN) {
/* We are the last writer, so the MDS has instructed us to get
* the file size and any write cookies, then close again. */
LASSERT(lli->lli_open_flags & FMODE_WRITE);
rc = llu_som_update(inode, &op_data);
if (rc) {
CERROR("inode %llu mdc Size-on-MDS update failed: "
"rc = %d\n", (long long)st->st_ino, rc);
rc = 0;
}
} else if (rc) {
CERROR("inode %llu close failed: rc %d\n",
(long long)st->st_ino, rc);
} else {
rc = llu_objects_destroy(req, inode);
if (rc)
CERROR("inode %llu ll_objects destroy: rc = %d\n",
(long long)st->st_ino, rc);
}
md_clear_open_replay_data(md_exp, och);
ptlrpc_req_finished(req);
och->och_fh.cookie = DEAD_HANDLE_MAGIC;
lli->lli_file_data = NULL;
OBD_FREE(fd, sizeof(*fd));
RETURN(rc);
}
/**
* The main function for the MetadataSQLite process. It is
* not currently multiprocess.
*/
int main(int argc, char** argv) {
md_open();
int sockfd, newsockfd, port;
socklen_t clilen;
char buffer[256];
struct sockaddr_in serv_addr, cli_addr;
int n;
if (argc < 2) {
fprintf(stderr, "Error: No port number\n");
exit(1);
}
sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd < 0)
error("Can't create socket!");
bzero((char *) &serv_addr, sizeof(serv_addr));
port = atoi(argv[1]);
serv_addr.sin_family = AF_INET;
serv_addr.sin_addr.s_addr = INADDR_ANY;
serv_addr.sin_port = htons(port);
if(bind(sockfd, (struct sockaddr*) &serv_addr, sizeof(serv_addr)) < 0)
error("Can't bind to port!");
while( 1 ) {
listen(sockfd, 25);
clilen = sizeof(cli_addr);
newsockfd = accept(sockfd, (struct sockaddr*) &cli_addr, &clilen);
if (newsockfd < 0)
error("Error on accept.");
bzero(buffer, 256);
n = read(newsockfd, buffer, 255);
if (n < 0)
error("Error reading from socket.");
n = dispatch(strdup(buffer), newsockfd);
if (n < 0)
error("Error dispatching command.");
close(newsockfd);
}
close(sockfd);
md_close();
return 0;
}
/**
* Clear a SQLite error, given that it returned with an error.
*/
void md_clerr(int rc) {
if( rc ) {
fprintf(stderr, "SQLite Error: %s\n", sqlite3_errmsg(md_db));
md_close();
}
}
int
signature_check2( PKT_signature *sig, MD_HANDLE digest,
u32 *r_expiredate, int *r_expired )
{
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
int rc=0;
*r_expiredate = 0;
/* Sanity check that the md has a context for the hash that the
sig is expecting. This can happen if a onepass sig header does
not match the actual sig, and also if the clearsign "Hash:"
header is missing or does not match the actual sig. */
if(!md_algo_present(digest,sig->digest_algo)) {
log_info(_("WARNING: signature digest conflict in message\n"));
rc=G10ERR_BAD_SIGN;
}
else if( get_pubkey( pk, sig->keyid ) )
rc = G10ERR_NO_PUBKEY;
else if(!pk->is_valid && !pk->is_primary)
rc=G10ERR_BAD_PUBKEY; /* you cannot have a good sig from an
invalid subkey */
else {
*r_expiredate = pk->expiredate;
rc = do_check( pk, sig, digest, r_expired );
}
free_public_key( pk );
if( !rc && sig->sig_class < 2 && is_status_enabled() ) {
/* This signature id works best with DLP algorithms because
* they use a random parameter for every signature. Instead of
* this sig-id we could have also used the hash of the document
* and the timestamp, but the drawback of this is, that it is
* not possible to sign more than one identical document within
* one second. Some remote batch processing applications might
* like this feature here */
MD_HANDLE md;
u32 a = sig->timestamp;
int i, nsig = pubkey_get_nsig( sig->pubkey_algo );
byte *p, *buffer;
md = md_open( DIGEST_ALGO_RMD160, 0);
md_putc( digest, sig->pubkey_algo );
md_putc( digest, sig->digest_algo );
md_putc( digest, (a >> 24) & 0xff );
md_putc( digest, (a >> 16) & 0xff );
md_putc( digest, (a >> 8) & 0xff );
md_putc( digest, a & 0xff );
for(i=0; i < nsig; i++ ) {
unsigned n = mpi_get_nbits( sig->data[i]);
md_putc( md, n>>8);
md_putc( md, n );
p = mpi_get_buffer( sig->data[i], &n, NULL );
md_write( md, p, n );
m_free(p);
}
md_final( md );
p = make_radix64_string( md_read( md, 0 ), 20 );
buffer = m_alloc( strlen(p) + 60 );
sprintf( buffer, "%s %s %lu",
p, strtimestamp( sig->timestamp ), (ulong)sig->timestamp );
write_status_text( STATUS_SIG_ID, buffer );
m_free(buffer);
m_free(p);
md_close(md);
}
int era_open(int argc, char **argv)
{
char table[64], uuid[64];
char *name, *meta, *data, *orig;
unsigned orig_major, orig_minor;
unsigned meta_major, meta_minor;
unsigned data_major, data_minor;
struct era_dm_info orig_info;
struct era_superblock *sb;
uint32_t nr_blocks;
uint64_t sectors;
unsigned chunks;
struct md *md;
int chunk;
int fd;
/*
* check and save arguments
*/
switch (argc)
{
case 0:
error(0, "device name argument expected");
usage(stderr, 1);
case 1:
error(0, "metadata device argument expected");
usage(stderr, 1);
case 2:
error(0, "data device argument expected");
usage(stderr, 1);
case 3:
break;
default:
error(0, "unknown argument: %s", argv[3]);
usage(stderr, 1);
}
name = argv[0];
meta = argv[1];
data = argv[2];
orig = malloc(16 + strlen(data));
if (!orig)
{
error(ENOMEM, NULL);
return -1;
}
sprintf(orig, "%s-orig", name);
/*
* stat data device
*/
fd = blkopen(data, 0, &data_major, &data_minor, §ors);
if (fd == -1)
goto out;
close(fd);
/*
* open metadata device
*/
md = md_open(meta, 1);
if (!md)
goto out;
sb = md_block(md, MD_CACHED, 0, SUPERBLOCK_CSUM_XOR);
if (!sb || era_sb_check(sb))
{
md_close(md);
goto out;
}
chunk = (int)le32toh(sb->data_block_size);
nr_blocks = le32toh(sb->nr_blocks);
meta_major = md->major;
meta_minor = md->minor;
/*
* create empty era target
*/
snprintf(uuid, sizeof(uuid), "%s%u-%u",
UUID_PREFIX, meta_major, meta_minor);
if (era_dm_create_empty(name, uuid, NULL))
{
md_close(md);
goto out;
}
/*
* rebuild spacemap
*/
if (era_spacemap_rebuild(md))
{
(void)era_dm_remove(name);
md_close(md);
goto out;
}
md_close(md);
/*
* check nr_blocks
*/
chunks = (unsigned)((sectors + chunk - 1) / chunk);
if (!force && chunks != (unsigned)nr_blocks)
{
(void)era_dm_remove(name);
error(0, "can't open era device: data device resized\n"
" %u chunks in superblock\n"
" %u chunks in %s\n\n"
"use \"--force\" option if you really resized data\n"
"device and want to adjust era metadata device\n"
"accordingly\n",
(unsigned)nr_blocks,
chunks, data);
goto out;
}
/*
* create orig target
*/
snprintf(uuid, sizeof(uuid), "%s%u-%u-orig",
UUID_PREFIX, meta_major, meta_minor);
snprintf(table, sizeof(table), "%u:%u 0", data_major, data_minor);
if (era_dm_create(orig, uuid, 0, sectors,
TARGET_LINEAR, table, &orig_info) == -1)
{
(void)era_dm_remove(name);
goto out;
}
orig_major = (unsigned)orig_info.major;
orig_minor = (unsigned)orig_info.minor;
/*
* load and resume era target
*/
snprintf(table, sizeof(table), "%u:%u %u:%u %d",
meta_major, meta_minor, orig_major, orig_minor, chunk);
if (era_dm_load(name, 0, sectors, TARGET_ERA, table, NULL))
{
(void)era_dm_remove(orig);
(void)era_dm_remove(name);
goto out;
}
if (era_dm_resume(name))
{
(void)era_dm_remove(orig);
(void)era_dm_remove(name);
goto out;
}
free(orig);
return 0;
out:
free(orig);
return -1;
}
int era_create(int argc, char **argv)
{
char table[64], uuid[64];
char *name, *meta, *data, *orig;
unsigned orig_major, orig_minor;
unsigned meta_major, meta_minor;
unsigned data_major, data_minor;
struct era_dm_info orig_info;
uint64_t sectors;
struct md *md;
int chunk;
int fd;
/*
* check and save arguments
*/
switch (argc)
{
case 0:
error(0, "device name argument expected");
usage(stderr, 1);
case 1:
error(0, "metadata device argument expected");
usage(stderr, 1);
case 2:
error(0, "data device argument expected");
usage(stderr, 1);
case 3:
chunk = DEF_CHUNK_SIZE;
break;
case 4:
chunk = parse_chunk(argv[3]);
if (chunk == -1)
{
error(0, "can't parse chunk size: %s", argv[3]);
return -1;
}
break;
default:
error(0, "unknown argument: %s", argv[4]);
usage(stderr, 1);
}
name = argv[0];
meta = argv[1];
data = argv[2];
orig = malloc(16 + strlen(data));
if (!orig)
{
error(ENOMEM, NULL);
return -1;
}
sprintf(orig, "%s-orig", name);
/*
* stat data device
*/
fd = blkopen(data, 0, &data_major, &data_minor, §ors);
if (fd == -1)
goto out;
close(fd);
/*
* open metadata device
*/
md = md_open(meta, 1);
if (!md)
goto out;
meta_major = md->major;
meta_minor = md->minor;
/*
* create empty era target
*/
snprintf(uuid, sizeof(uuid), "%s%u-%u",
UUID_PREFIX, meta_major, meta_minor);
if (era_dm_create_empty(name, uuid, NULL))
{
md_close(md);
goto out;
}
/*
* clear and close metadata
*/
if (clear_metadata(md, meta))
{
(void)era_dm_remove(name);
md_close(md);
goto out;
}
md_close(md);
/*
* create origin target
*/
snprintf(uuid, sizeof(uuid), "%s%u-%u-orig",
UUID_PREFIX, meta_major, meta_minor);
snprintf(table, sizeof(table), "%u:%u 0",
data_major, data_minor);
if (era_dm_create(orig, uuid, 0, sectors,
TARGET_LINEAR, table, &orig_info) == -1)
{
(void)era_dm_remove(name);
goto out;
}
orig_major = (unsigned)orig_info.major;
orig_minor = (unsigned)orig_info.minor;
/*
* load and resume era target
*/
snprintf(table, sizeof(table), "%u:%u %u:%u %d",
meta_major, meta_minor, orig_major, orig_minor, chunk);
if (era_dm_load(name, 0, sectors, TARGET_ERA, table, NULL))
{
(void)era_dm_remove(orig);
(void)era_dm_remove(name);
goto out;
}
if (era_dm_resume(name))
{
(void)era_dm_remove(orig);
(void)era_dm_remove(name);
goto out;
}
free(orig);
return 0;
out:
free(orig);
return -1;
}
int
signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
int *r_expired, int *r_revoked, PKT_public_key *ret_pk )
{
PKT_public_key *pk = xmalloc_clear( sizeof *pk );
int rc=0;
if( (rc=check_digest_algo(sig->digest_algo)) )
; /* we don't have this digest */
else if((rc=check_pubkey_algo(sig->pubkey_algo)))
; /* we don't have this pubkey algo */
else if(!md_algo_present(digest,sig->digest_algo))
{
/* Sanity check that the md has a context for the hash that the
sig is expecting. This can happen if a onepass sig header does
not match the actual sig, and also if the clearsign "Hash:"
header is missing or does not match the actual sig. */
log_info(_("WARNING: signature digest conflict in message\n"));
rc=G10ERR_GENERAL;
}
else if( get_pubkey( pk, sig->keyid ) )
rc = G10ERR_NO_PUBKEY;
else if(!pk->is_valid && !pk->is_primary)
rc=G10ERR_BAD_PUBKEY; /* you cannot have a good sig from an
invalid subkey */
else
{
if(r_expiredate)
*r_expiredate = pk->expiredate;
rc = do_check( pk, sig, digest, r_expired, r_revoked, ret_pk );
/* Check the backsig. This is a 0x19 signature from the
subkey on the primary key. The idea here is that it should
not be possible for someone to "steal" subkeys and claim
them as their own. The attacker couldn't actually use the
subkey, but they could try and claim ownership of any
signaures issued by it. */
if(rc==0 && !pk->is_primary && pk->backsig<2)
{
if(pk->backsig==0)
{
log_info(_("WARNING: signing subkey %s is not"
" cross-certified\n"),keystr_from_pk(pk));
log_info(_("please see %s for more information\n"),
"http://www.gnupg.org/faq/subkey-cross-certify.html");
/* --require-cross-certification makes this warning an
error. TODO: change the default to require this
after more keys have backsigs. */
if(opt.flags.require_cross_cert)
rc=G10ERR_GENERAL;
}
else if(pk->backsig==1)
{
log_info(_("WARNING: signing subkey %s has an invalid"
" cross-certification\n"),keystr_from_pk(pk));
rc=G10ERR_GENERAL;
}
}
}
free_public_key( pk );
if( !rc && sig->sig_class < 2 && is_status_enabled() ) {
/* This signature id works best with DLP algorithms because
* they use a random parameter for every signature. Instead of
* this sig-id we could have also used the hash of the document
* and the timestamp, but the drawback of this is, that it is
* not possible to sign more than one identical document within
* one second. Some remote batch processing applications might
* like this feature here */
MD_HANDLE md;
u32 a = sig->timestamp;
int i, nsig = pubkey_get_nsig( sig->pubkey_algo );
byte *p, *buffer;
md = md_open( DIGEST_ALGO_RMD160, 0);
md_putc( digest, sig->pubkey_algo );
md_putc( digest, sig->digest_algo );
md_putc( digest, (a >> 24) & 0xff );
md_putc( digest, (a >> 16) & 0xff );
md_putc( digest, (a >> 8) & 0xff );
md_putc( digest, a & 0xff );
for(i=0; i < nsig; i++ ) {
unsigned n = mpi_get_nbits( sig->data[i]);
md_putc( md, n>>8);
md_putc( md, n );
p = mpi_get_buffer( sig->data[i], &n, NULL );
md_write( md, p, n );
xfree(p);
}
md_final( md );
p = make_radix64_string( md_read( md, 0 ), 20 );
buffer = xmalloc( strlen(p) + 60 );
sprintf( buffer, "%s %s %lu",
p, strtimestamp( sig->timestamp ), (ulong)sig->timestamp );
write_status_text( STATUS_SIG_ID, buffer );
xfree(buffer);
xfree(p);
md_close(md);
}
