PERFORCE change 77511 for review
Christian S.J. Peron
csjp at FreeBSD.org
Thu May 26 15:32:22 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=77511
Change 77511 by csjp at csjp_xor on 2005/05/26 15:32:08
-Introduce -W this can be used when trying to determine what dependency
along the line resulted in the failure to execute an object. A warning
is produced if the checksum registered with the object does not match
the checksum of the object itself.
Affected files ...
.. //depot/projects/trustedbsd/mac/usr.sbin/getfhash/getfhash.c#6 edit
Differences ...
==== //depot/projects/trustedbsd/mac/usr.sbin/getfhash/getfhash.c#6 (text+ko) ====
@@ -24,6 +24,7 @@
* SUCH DAMAGE.
*/
#include <sys/types.h>
+#include <sys/stat.h>
#include <sys/sysctl.h>
#include <sys/extattr.h>
#include <sys/time.h>
@@ -31,12 +32,15 @@
#include <security/mac_chkexec/mac_chkexec.h>
+#include <sha.h>
+#include <md5.h>
#include <err.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <fcntl.h>
static void print_hash(const char *);
static void process_depends(const char *);
@@ -47,8 +51,94 @@
static int dflag;
static int rflag;
static char *mflag;
+static int Wflag;
+
static void (*handler)(const char *);
+static int
+calc_sha1(const char *fname, u_char *digest)
+{
+ SHA1_CTX shac;
+ int fd, len, error, count;
+ struct stat sb;
+ off_t b;
+ char *buffer;
+
+ fd = open(fname, O_RDONLY);
+ if (fd < 0) {
+ warn("open failed");
+ return (fd);
+ }
+ if (fstat(fd, &sb) < 0) {
+ warn("fstat failed");
+ close(fd);
+ return (-1);
+ }
+ len = getpagesize();
+ buffer = malloc(len);
+ SHA1_Init(&shac);
+ for (b = 0; b < sb.st_size; b += len) {
+ if ((len + b) > sb.st_size)
+ count = sb.st_size - b;
+ else
+ count = len;
+ error = read(fd, buffer, count);
+ if (error < 0) {
+ close(fd);
+ free(buffer);
+ warn("read failed");
+ return (error);
+ }
+ SHA1_Update(&shac, buffer, count);
+ }
+ close(fd);
+ SHA1_Final(digest, &shac);
+ free(buffer);
+ return (0);
+}
+
+static int
+calc_md5(const char *fname, u_char *digest)
+{
+ MD5_CTX ctx;
+ int fd, len, error, count;
+ struct stat sb;
+ off_t b;
+ char *buffer;
+
+ fd = open(fname, O_RDONLY);
+ if (fd < 0) {
+ warn("open failed");
+ return (fd);
+ }
+ if (fstat(fd, &sb) < 0) {
+ warn("fstat failed");
+ close(fd);
+ return (-1);
+ }
+ len = getpagesize();
+ buffer = malloc(len);
+ MD5Init(&ctx);
+ for (b = 0; b < sb.st_size; b += len) {
+ if ((len + b) > sb.st_size)
+ count = sb.st_size - b;
+ else
+ count = len;
+ error = read(fd, buffer, count);
+ if (error < 0) {
+ close(fd);
+ free(buffer);
+ warn("read failed");
+ return (error);
+ }
+ MD5Update(&ctx, buffer, count);
+ }
+ close(fd);
+ MD5Final(digest, &ctx);
+ free(buffer);
+ return (0);
+}
+
static void
process_depends(const char *pathname)
{
@@ -116,6 +206,7 @@
int i, error;
int nbytes;
const char *algo;
+ u_char digest[64];
error = extattr_get_file(pathname, MAC_CHKEXEC_ATTRN,
MAC_CHKEXEC, (void *)&sum, sizeof(sum));
@@ -138,6 +229,12 @@
printf("%s: %s ", pathname, algo);
for (i = 0; i < nbytes; i++)
printf("%02x", sum.vs_sum[i]);
+ if (Wflag) {
+ calc_sha1(pathname, &digest[0]);
+ if (memcmp(&digest[0], &sum.vs_sum[0], nbytes) != 0) {
+ printf(" (conflicting checksum)");
+ }
+ }
putchar('\n');
if (dflag)
process_depends(pathname);
@@ -172,7 +269,7 @@
handler = print_hash;
else
errx(1, "what program am I supposed to be?");
- while ((ch = getopt(argc, argv, "dhm:r")) != -1)
+ while ((ch = getopt(argc, argv, "dhm:rW")) != -1)
switch(ch) {
case 'd':
dflag++;
@@ -183,6 +280,9 @@
case 'r':
rflag++;
break;
+ case 'W':
+ Wflag++;
+ break;
default:
break;
}
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list