-
Notifications
You must be signed in to change notification settings - Fork 23
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
6 changed files
with
375 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
To compile: | ||
# make | ||
|
||
To install the binary to /usr/local/bin and | ||
the man page to /usr/local/share/man/man1: | ||
# make install |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
cshatag is a tool to detect silent data corruption. It writes | ||
the mtime and the sha256 checksum of a file into the file's | ||
extended attributes. | ||
|
||
Please see the man page for a full description. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
.\" Process this file with | ||
.\" groff -man -Tascii foo.1 | ||
.\" | ||
.TH CSHATAG 1 "MAY 2012" Linux "User Manuals" | ||
.SH NAME | ||
|
||
cshatag \- shatag in C | ||
|
||
.SH SYNOPSIS | ||
|
||
cshatag FILE | ||
|
||
.SH DESCRIPTION | ||
|
||
cshatag is a minimal re-implementation in C of shatag | ||
( https://bitbucket.org/maugier/shatag , written in python | ||
by Maxime Augier). | ||
|
||
cshatag is a tool to detect silent data corruption. It writes | ||
the mtime and the sha256 checksum of a file into the file's | ||
extended attributes. The filesystem needs to be mounted with | ||
user_xattr enabled for this to work. | ||
When run again, it compares stored mtime and checksum. If it | ||
finds that the mtime is unchanged but the checksum has changed, | ||
it warns on stderr. | ||
In any case, the status of the file is printed to stdout | ||
and the stored checksum is updated. | ||
|
||
File statuses that appear on stdout are: | ||
.br | ||
outdated mtime has changed | ||
.br | ||
ok mtime has not changed, checksum is correct | ||
.br | ||
corrupt mtime has not changed, checksum is wrong | ||
|
||
cshatag aims to be format-compatible with shatag and uses the | ||
same extended attributes (see the COMPATIBILITY section). | ||
|
||
.SH EXAMPLES | ||
|
||
Typically, cshatag will be called from find: | ||
.br | ||
# find / -xdev -type f -exec cshatag {} \; > cshatag.log | ||
.br | ||
Errors like corrupt files will then be printed to stderr | ||
or grep for "corrupt" in cshatag.log. | ||
|
||
To remove the extended attributes from all files: | ||
.br | ||
# find / -xdev -type f -exec setfattr -x user.shatag.ts {} \; -exec setfattr -x user.shatag.sha256 {} \; | ||
|
||
.SH "RETURN VALUE" | ||
|
||
0 Success | ||
.br | ||
1 Wrong number of arguments | ||
.br | ||
2 File could not be opened | ||
.br | ||
3 File is not a regular file | ||
.br | ||
4 Extended attributs could not be written to file | ||
.br | ||
5 File is corrupt | ||
|
||
.SH COMPATIBILITY | ||
|
||
cshatag writes the user.shatag.ts field with full integer | ||
nanosecond precision, while python uses a double for the | ||
whole mtime and loses the last few digits. | ||
|
||
.SH AUTHOR | ||
Jakob Unterwurzacher <jakobunt@gmail.com> | ||
|
||
.SH COPYRIGHT | ||
Copyright 2012 Jakob Unterwurzacher. License GPLv2+. | ||
|
||
.SH "SEE ALSO" | ||
sha256sum(1), getfattr(1), setfattr(1) | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,272 @@ | ||
/** | ||
* Copyright (C) 2012 Jakob Unterwurzacher | ||
* Author(s): Jakob Unterwurzacher <jakobunt@gmail.com> | ||
* | ||
* This program is free software; you can redistribute it and/or | ||
* modify it under the terms of the GNU General Public License as | ||
* published by the Free Software Foundation; either version 2 of the | ||
* License, or (at your option) any later version. | ||
* | ||
* This program is distributed in the hope that it will be useful, but | ||
* WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
* General Public License for more details. | ||
* | ||
* You should have received a copy of the GNU General Public License | ||
* along with this program; if not, write to the Free Software | ||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA | ||
* 02111-1307, USA. | ||
*/ | ||
|
||
#include <stdio.h> | ||
#include <stdlib.h> | ||
#include <sys/xattr.h> | ||
#include <sys/types.h> | ||
#include <sys/stat.h> | ||
#include <openssl/sha.h> | ||
#include <time.h> | ||
#include <string.h> | ||
#include <errno.h> | ||
|
||
#define BUFSZ 8192 | ||
#define HASHLEN 256/8 | ||
|
||
/** | ||
* Holds a file's metadata | ||
*/ | ||
typedef struct | ||
{ | ||
unsigned long long s; | ||
unsigned long ns; | ||
char sha256[HASHLEN*2+1]; | ||
} xa_t; | ||
|
||
/** | ||
* ASCII hex representation of char array | ||
*/ | ||
char * bin2hex(unsigned char * bin, long len, char * out) | ||
{ | ||
char hexval[] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'}; | ||
int j; | ||
for(j=0;j<len;j++) | ||
{ | ||
out[2*j] = hexval[((bin[j] >> 4) & 0x0F)]; | ||
out[2*j+1] = hexval[(bin[j]) & 0x0F]; | ||
} | ||
out[2*len]=0; | ||
return out; | ||
} | ||
|
||
/** | ||
* sha256 of contents of f, ASCII hex representation | ||
*/ | ||
char * fhash(FILE *f, char *hex) | ||
{ | ||
SHA256_CTX c; | ||
char buf[BUFSZ]; | ||
size_t len; | ||
|
||
SHA256_Init(&c); | ||
|
||
while( (len=fread(buf, 1, BUFSZ,f) ) ) | ||
{ | ||
SHA256_Update(&c, buf, len); | ||
} | ||
|
||
unsigned char * hash; | ||
hash=malloc(HASHLEN); | ||
SHA256_Final(hash, &c); | ||
|
||
//printf("%s\n",bin2hex(hash,HASHLEN)); | ||
|
||
return bin2hex(hash,HASHLEN,hex); | ||
} | ||
|
||
/** | ||
* Nanosecond precision mtime of a file | ||
*/ | ||
xa_t getmtime(FILE *f) | ||
{ | ||
xa_t actual; | ||
|
||
int fd=fileno(f); | ||
struct stat buf; | ||
fstat(fd, &buf); | ||
if(!S_ISREG(buf.st_mode)) | ||
{ | ||
fprintf(stderr,"Error: this is not a regular file\n"); | ||
exit(3); | ||
} | ||
actual.s=buf.st_mtim.tv_sec; | ||
actual.ns=buf.st_mtim.tv_nsec; | ||
|
||
return actual; | ||
} | ||
|
||
/** | ||
* File's actual metadata | ||
*/ | ||
xa_t getactualxa(FILE *f) | ||
{ | ||
xa_t actual; | ||
/* | ||
* Must read mtime *before* file hash, | ||
* if the file is being modified, hash will be invalid | ||
* but timestamp will be outdated anyway | ||
*/ | ||
actual=getmtime(f); | ||
|
||
/* | ||
* Compute hash | ||
*/ | ||
fhash(f,actual.sha256); | ||
|
||
return actual; | ||
} | ||
|
||
/** | ||
* File's stored metadata | ||
*/ | ||
xa_t getstoredxa(FILE *f) | ||
{ | ||
int fd=fileno(f); | ||
xa_t xa; | ||
xa.s=0; | ||
xa.ns=0; | ||
|
||
/* | ||
* Initialize to zero-length string - if fgetxattr fails this is what we get | ||
*/ | ||
xa.sha256[0]=0; | ||
fgetxattr(fd, "user.shatag.sha256", xa.sha256, sizeof(xa.sha256)); | ||
xa.sha256[HASHLEN*2]=0; | ||
|
||
/* | ||
* Example: | ||
* 1335974989.123456789 | ||
* 10 . 9 => len=20 | ||
*/ | ||
char ts[100]; | ||
/* | ||
* Initialize to zero-length string - if fgetxattr fails this is what we get | ||
*/ | ||
ts[0]=0; | ||
fgetxattr(fd, "user.shatag.ts", ts, sizeof(ts)); | ||
/* | ||
* If sscanf fails (because ts is zero-length) variables stay zero | ||
*/ | ||
sscanf(ts,"%llu.%lu",&xa.s,&xa.ns); | ||
|
||
return xa; | ||
} | ||
|
||
/** | ||
* Write out metadata to file's extended attributes | ||
*/ | ||
int writexa(FILE *f, xa_t xa) | ||
{ | ||
int fd=fileno(f); | ||
int flags=0,err=0; | ||
|
||
char buf [100]; | ||
snprintf(buf,sizeof(buf),"%llu.%09lu",xa.s,xa.ns); | ||
err=fsetxattr(fd, "user.shatag.ts", buf, strlen(buf), flags); | ||
err|=fsetxattr(fd, "user.shatag.sha256", &xa.sha256, sizeof(xa.sha256), flags); | ||
|
||
return err; | ||
} | ||
|
||
/** | ||
* Pretty-print metadata | ||
*/ | ||
char * formatxa(xa_t s) | ||
{ | ||
char * buf; | ||
char * prettysha; | ||
int buflen=HASHLEN*2+100; | ||
buf=malloc(buflen); | ||
if(strlen(s.sha256)>0) | ||
prettysha=s.sha256; | ||
else | ||
prettysha="0000000000000000000000000000000000000000000000000000000000000000"; | ||
snprintf(buf,buflen,"%s %010llu.%09lu", prettysha, s.s, s.ns); | ||
return buf; | ||
} | ||
|
||
int main( int argc, const char* argv[] ) | ||
{ | ||
char const * myname; | ||
myname=argv[0]; | ||
|
||
if(argc != 2) | ||
{ | ||
fprintf(stderr,"Usage: %s FILE\n",myname); | ||
exit(1); | ||
} | ||
|
||
char const * fn; | ||
fn=argv[1]; | ||
|
||
FILE *f; | ||
f=fopen(fn,"r"); | ||
if(!f) | ||
{ | ||
fprintf(stderr,"Error: could not open file \"%s\": %s\n",fn,strerror(errno)); | ||
exit(2); | ||
} | ||
|
||
xa_t s; | ||
s=getstoredxa(f); | ||
xa_t a; | ||
a=getactualxa(f); | ||
int needsupdate=0; | ||
int havecorrupt=0; | ||
|
||
if(s.s==a.s && s.ns==a.ns) | ||
{ | ||
/* | ||
* Times are the same, go ahead and compare the hash | ||
*/ | ||
if(strcmp(s.sha256,a.sha256)!=0) | ||
{ | ||
/* | ||
* Hashes are different, but this may be because | ||
* the file has been modified while we were computing the hash. | ||
* So check if the mtime ist still the same. | ||
*/ | ||
xa_t a2; | ||
a2=getmtime(f); | ||
if(s.s==a2.s && s.ns==a2.ns) | ||
{ | ||
/* | ||
* Now, this is either data corruption or somebody modified the file | ||
* and reset the mtime to the last value (to hide the modification?) | ||
*/ | ||
fprintf(stderr,"Error: corrupt file \"%s\"\n",fn); | ||
printf("<corrupt> %s\n",fn); | ||
printf(" stored: %s\n actual: %s\n",formatxa(s),formatxa(a)); | ||
needsupdate=1; | ||
havecorrupt=1; | ||
} | ||
} | ||
else | ||
printf("<ok> %s\n",fn); | ||
} | ||
else | ||
{ | ||
printf("<outdated> %s\n",fn); | ||
printf(" stored: %s\n actual: %s\n",formatxa(s),formatxa(a)); | ||
needsupdate=1; | ||
} | ||
|
||
if(needsupdate && writexa(f,a)!=0) | ||
{ | ||
fprintf(stderr,"Error: could not write extended attributes to file \"%s\": %s\n",fn,strerror(errno)); | ||
exit(4); | ||
} | ||
|
||
if(havecorrupt) | ||
return 5; | ||
else | ||
return 0; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
cshatag: | ||
gcc cshatag.c -l crypto -o cshatag | ||
|
||
install: | ||
cp -v cshatag /usr/local/bin | ||
mkdir -v /usr/local/share/man/man1 2> /dev/null || true | ||
cp -v cshatag.1 /usr/local/share/man/man1 | ||
|
||
clean: | ||
rm -f cshatag |