bluesky_cloudlog_serialize(ref, fs);
}
+ /* FIXME: Ought lock to be taken earlier? */
g_mutex_lock(log->lock);
bluesky_cloudlog_fetch(log);
g_assert(log->data != NULL);
/* Make an decryption pass over a cloud log segment to decrypt items which were
* encrypted. Also computes a list of all offsets which at which valid
- * cloud log items are found and adds those offsets to items (if non-NULL). */
+ * cloud log items are found and adds those offsets to items (if non-NULL).
+ *
+ * If allow_unauth is set to true, then allow a limited set of unauthenticated
+ * items that may have been rewritten by a file system cleaner. These include
+ * the checkpoint and inode map records only; other items must still pass
+ * authentication. */
void bluesky_cloudlog_decrypt(char *segment, size_t len,
BlueSkyCryptKeys *keys,
- BlueSkyRangeset *items)
+ BlueSkyRangeset *items,
+ gboolean allow_unauth)
{
char *data = segment;
size_t remaining_size = len;
+ GUINT32_FROM_LE(header->size3);
if (item_size > remaining_size)
break;
- if (bluesky_crypt_block_decrypt(data, item_size, keys)) {
+ if (bluesky_crypt_block_decrypt(data, item_size, keys, allow_unauth)) {
if (items != NULL) {
if (bluesky_verbose)
g_print(" data item at %zx\n", offset);