tuse deterministic handles - plan9port - [fork] Plan 9 from user space
HTML git clone git://src.adamsgaard.dk/plan9port
DIR Log
DIR Files
DIR Refs
DIR README
DIR LICENSE
---
DIR commit 6884e49f0c8240d40c82553fd60712a28f140ef3
DIR parent fa5af687114e590d63af995951f6092f42ed0d58
HTML Author: rsc <devnull@localhost>
Date: Thu, 15 Jun 2006 06:25:21 +0000
use deterministic handles
Diffstat:
M src/cmd/vbackup/vnfs.c | 28 +++++++++++++++-------------
1 file changed, 15 insertions(+), 13 deletions(-)
---
DIR diff --git a/src/cmd/vbackup/vnfs.c b/src/cmd/vbackup/vnfs.c
t@@ -207,12 +207,16 @@ unittoull(char *s)
*
* The decrypted handles begin with the following header:
*
- * rand[12] random bytes used to make encryption non-deterministic
- * len[4] length of handle that follows
* sessid[8] random session id chosen at start time
+ * len[4] length of handle that follows
*
* If we're pressed for space in the rest of the handle, we could
- * probably reduce the amount of randomness.
+ * probably reduce the amount of sessid bytes. Note that the sessid
+ * bytes must be consistent during a run of vnfs, or else some
+ * clients (e.g., Linux 2.4) eventually notice that successive TLookups
+ * return different handles, and they return "Stale NFS file handle"
+ * errors to system calls in response (even though we never sent
+ * that error!).
*
* Security woes aside, the fact that we have to shove everything
* into the handles is quite annoying. We have to encode, in 40 bytes:
t@@ -231,9 +235,8 @@ unittoull(char *s)
enum
{
- RandSize = 16,
SessidSize = 8,
- HeaderSize = RandSize+SessidSize,
+ HeaderSize = SessidSize+4,
MaxHandleSize = Nfs3MaxHandleSize - HeaderSize
};
t@@ -269,16 +272,13 @@ hencrypt(Nfs3Handle *h)
p = h->h;
memmove(p+HeaderSize, p, h->len);
- *(u32int*)p = fastrand();
- *(u32int*)(p+4) = fastrand();
- *(u32int*)(p+8) = fastrand();
- *(u32int*)(p+12) = h->len;
- memmove(p+16, sessid, SessidSize);
+ memmove(p, sessid, SessidSize);
+ *(u32int*)(p+SessidSize) = h->len;
h->len += HeaderSize;
if(encryptedhandles){
while(h->len < MaxHandleSize)
- h->h[h->len++] = fastrand();
+ h->h[h->len++] = 0;
aes = aesstate;
aesCBCencrypt(h->h, MaxHandleSize, &aes);
}
t@@ -305,9 +305,11 @@ hdecrypt(Nfs3Handle *h)
aes = aesstate;
aesCBCdecrypt(h->h, h->len, &aes);
}
- if(memcmp(h->h+RandSize, sessid, sizeof sessid) != 0)
+ if(memcmp(h->h, sessid, SessidSize) != 0)
return Nfs3ErrStale; /* give benefit of doubt */
- h->len = *(u32int*)(h->h+12); /* XXX byte order */
+ h->len = *(u32int*)(h->h+SessidSize);
+ if(h->len >= MaxHandleSize-HeaderSize)
+ return Nfs3ErrBadHandle;
memmove(h->h, h->h+HeaderSize, h->len);
return Nfs3Ok;
}