src/journal/test-journal-verify.c

   1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
   2
   3 /***
   4   This file is part of systemd.
   5
   6   Copyright 2012 Lennart Poettering
   7
   8   systemd is free software; you can redistribute it and/or modify it
   9   under the terms of the GNU Lesser General Public License as published by
  10   the Free Software Foundation; either version 2.1 of the License, or
  11   (at your option) any later version.
  12
  13   systemd is distributed in the hope that it will be useful, but
  14   WITHOUT ANY WARRANTY; without even the implied warranty of
  15   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  16   Lesser General Public License for more details.
  17
  18   You should have received a copy of the GNU Lesser General Public License
  19   along with systemd; If not, see <http://www.gnu.org/licenses/>.
  20 ***/
  21
  22 #include <fcntl.h>
  23 #include <stdio.h>
  24 #include <unistd.h>
  25
  26 #include "fd-util.h"
  27 #include "journal-file.h"
  28 #include "journal-verify.h"
  29 #include "log.h"
  30 #include "rm-rf.h"
  31 #include "terminal-util.h"
  32 #include "util.h"
  33
  34 #define N_ENTRIES 6000
  35 #define RANDOM_RANGE 77
  36
  37 static void bit_toggle(const char *fn, uint64_t p) {
  38         uint8_t b;
  39         ssize_t r;
  40         int fd;
  41
  42         fd = open(fn, O_RDWR|O_CLOEXEC);
  43         assert_se(fd >= 0);
  44
  45         r = pread(fd, &b, 1, p/8);
  46         assert_se(r == 1);
  47
  48         b ^= 1 << (p % 8);
  49
  50         r = pwrite(fd, &b, 1, p/8);
  51         assert_se(r == 1);
  52
  53         safe_close(fd);
  54 }
  55
  56 static int raw_verify(const char *fn, const char *verification_key) {
  57         JournalFile *f;
  58         int r;
  59
  60         r = journal_file_open(fn, O_RDONLY, 0666, true, !!verification_key, NULL, NULL, NULL, &f);
  61         if (r < 0)
  62                 return r;
  63
  64         r = journal_file_verify(f, verification_key, NULL, NULL, NULL, false);
  65         journal_file_close(f);
  66
  67         return r;
  68 }
  69
  70 int main(int argc, char *argv[]) {
  71         char t[] = "/tmp/journal-XXXXXX";
  72         unsigned n;
  73         JournalFile *f;
  74         const char *verification_key = argv[1];
  75         usec_t from = 0, to = 0, total = 0;
  76         char a[FORMAT_TIMESTAMP_MAX];
  77         char b[FORMAT_TIMESTAMP_MAX];
  78         char c[FORMAT_TIMESPAN_MAX];
  79         struct stat st;
  80         uint64_t p;
  81
  82         /* journal_file_open requires a valid machine id */
  83         if (access("/etc/machine-id", F_OK) != 0)
  84                 return EXIT_TEST_SKIP;
  85
  86         log_set_max_level(LOG_DEBUG);
  87
  88         assert_se(mkdtemp(t));
  89         assert_se(chdir(t) >= 0);
  90
  91         log_info("Generating...");
  92
  93         assert_se(journal_file_open("test.journal", O_RDWR|O_CREAT, 0666, true, !!verification_key, NULL, NULL, NULL, &f) == 0);
  94
  95         for (n = 0; n < N_ENTRIES; n++) {
  96                 struct iovec iovec;
  97                 struct dual_timestamp ts;
  98                 char *test;
  99
 100                 dual_timestamp_get(&ts);
 101
 102                 assert_se(asprintf(&test, "RANDOM=%lu", random() % RANDOM_RANGE));
 103
 104                 iovec.iov_base = (void*) test;
 105                 iovec.iov_len = strlen(test);
 106
 107                 assert_se(journal_file_append_entry(f, &ts, &iovec, 1, NULL, NULL, NULL) == 0);
 108
 109                 free(test);
 110         }
 111
 112         journal_file_close(f);
 113
 114         log_info("Verifying...");
 115
 116         assert_se(journal_file_open("test.journal", O_RDONLY, 0666, true, !!verification_key, NULL, NULL, NULL, &f) == 0);
 117         /* journal_file_print_header(f); */
 118         journal_file_dump(f);
 119
 120         assert_se(journal_file_verify(f, verification_key, &from, &to, &total, true) >= 0);
 121
 122         if (verification_key && JOURNAL_HEADER_SEALED(f->header))
 123                 log_info("=> Validated from %s to %s, %s missing",
 124                          format_timestamp(a, sizeof(a), from),
 125                          format_timestamp(b, sizeof(b), to),
 126                          format_timespan(c, sizeof(c), total > to ? total - to : 0, 0));
 127
 128         journal_file_close(f);
 129
 130         if (verification_key) {
 131                 log_info("Toggling bits...");
 132
 133                 assert_se(stat("test.journal", &st) >= 0);
 134
 135                 for (p = 38448*8+0; p < ((uint64_t) st.st_size * 8); p ++) {
 136                         bit_toggle("test.journal", p);
 137
 138                         log_info("[ %"PRIu64"+%"PRIu64"]", p / 8, p % 8);
 139
 140                         if (raw_verify("test.journal", verification_key) >= 0)
 141                                 log_notice(ANSI_HIGHLIGHT_RED ">>>> %"PRIu64" (bit %"PRIu64") can be toggled without detection." ANSI_NORMAL, p / 8, p % 8);
 142
 143                         bit_toggle("test.journal", p);
 144                 }
 145         }
 146
 147         log_info("Exiting...");
 148
 149         assert_se(rm_rf(t, REMOVE_ROOT|REMOVE_PHYSICAL) >= 0);
 150
 151         return 0;
 152 }