PERFORCE change 76699 for review

Sun May 8 18:49:44 GMT 2005

http://perforce.freebsd.org/chv.cgi?CH=76699

Change 76699 by csjp at csjp_xor on 2005/05/08 18:49:44

	
	-create the MAC_CHKEXEC kernel option so that people can compile this
	 straight into their kernel.
	-create MD5_HASH_SIZE and SHA1_HASH_SIZE constants. This makes the code
	 a bit more cleaner by adding context.
	-plug these new constants into the code where applicable

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/conf/files#116 edit
.. //depot/projects/trustedbsd/mac/sys/conf/options#73 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_chkexec/mac_chkexec.c#6 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_chkexec/mac_chkexec.h#3 edit
.. //depot/projects/trustedbsd/mac/usr.sbin/getfhash/getfhash.c#3 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/conf/files#116 (text+ko) ====

@@ -308,6 +308,7 @@
 crypto/sha1.c			optional netgraph_mppc_encryption
 crypto/sha1.c			optional crypto
 crypto/sha1.c			optional ipsec
+crypto/sha1.c			optional mac_chkexec
 crypto/sha2/sha2.c		optional crypto
 crypto/sha2/sha2.c		optional geom_bde
 crypto/sha2/sha2.c		optional ipsec
@@ -1743,6 +1744,7 @@
 security/mac/mac_vfs.c		optional mac
 security/mac_biba/mac_biba.c	optional mac_biba
 security/mac_bsdextended/mac_bsdextended.c optional mac_bsdextended
+security/mac_chkexec/mac_chkexec.c optional mac_chkexec
 security/mac_ifoff/mac_ifoff.c	optional mac_ifoff
 security/mac_lomac/mac_lomac.c	optional mac_lomac
 security/mac_mls/mac_mls.c	optional mac_mls

==== //depot/projects/trustedbsd/mac/sys/conf/options#73 (text+ko) ====

@@ -97,6 +97,7 @@
 MAC_ALWAYS_LABEL_MBUF	opt_mac.h
 MAC_BIBA	opt_dontuse.h
 MAC_BSDEXTENDED	opt_dontuse.h
+MAC_CHKEXEC	opt_dontuse.h
 MAC_DEBUG	opt_mac.h
 MAC_IFOFF	opt_dontuse.h
 MAC_LOMAC	opt_dontuse.h

==== //depot/projects/trustedbsd/mac/sys/security/mac_chkexec/mac_chkexec.c#6 (text+ko) ====

@@ -127,8 +127,8 @@
     hashalgo, sizeof(hashalgo), "Current trusted exec algorithm");
 
 static struct hash_algo ha_table[] = {
-	{ mac_chkexec_calc_vnode_sha1, 20, MAC_VCSUM_SHA1, "sha1" },
-	{ mac_chkexec_calc_vnode_md5, 16, MAC_VCSUM_MD5, "md5" },
+	{ mac_chkexec_calc_vnode_sha1, SHA1_HASH_SIZE, MAC_VCSUM_SHA1, "sha1" },
+	{ mac_chkexec_calc_vnode_md5, MD5_HASH_SIZE, MAC_VCSUM_MD5, "md5" },
 	{ NULL, 0, 0, NULL },
 };
 

==== //depot/projects/trustedbsd/mac/sys/security/mac_chkexec/mac_chkexec.h#3 (text+ko) ====

@@ -31,7 +31,9 @@
 #define MAC_CHKEXEC_ATTRN	EXTATTR_NAMESPACE_SYSTEM
 #define MAC_CHKEXEC		"chkexec"
 #define MAC_CHKEXEC_DEP		"chkexec_depend"
-#define	MAXCSUMSIZE		32
+#define	SHA1_HASH_SIZE	20
+#define	MD5_HASH_SIZE	16
+#define	MAXCSUMSIZE	32
 
 #ifdef _KERNEL
 struct vcache {

==== //depot/projects/trustedbsd/mac/usr.sbin/getfhash/getfhash.c#3 (text+ko) ====

@@ -125,11 +125,11 @@
 		return;
 	}
 	if (sum.vs_flags == MAC_VCSUM_SHA1) {
-		nbytes = 20;
+		nbytes = SHA1_HASH_SIZE;
 		algo = "sha1";
 	}
 	else if (sum.vs_flags == MAC_VCSUM_MD5) {
-		nbytes = 16;
+		nbytes = MD5_HASH_SIZE;
 		algo = "md5";
 	} else {
 		warnx("%s: invalid checksum algorithm",
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

