summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTodd C. Miller <millert@cvs.openbsd.org>1997-07-12 23:05:37 +0000
committerTodd C. Miller <millert@cvs.openbsd.org>1997-07-12 23:05:37 +0000
commite2cd5478c108af0ca999cf5f4d5058c4d0e23b78 (patch)
treec75b681961d1e24ee768f371fe3b4931918c40dd
parent2e15f8e3051d41c8c12d4f866aba6b95c95d8919 (diff)
Add sha1 digest support.
-rw-r--r--usr.sbin/mtree/compare.c22
-rw-r--r--usr.sbin/mtree/create.c19
-rw-r--r--usr.sbin/mtree/misc.c3
-rw-r--r--usr.sbin/mtree/mtree.813
-rw-r--r--usr.sbin/mtree/mtree.h18
-rw-r--r--usr.sbin/mtree/spec.c12
6 files changed, 61 insertions, 26 deletions
diff --git a/usr.sbin/mtree/compare.c b/usr.sbin/mtree/compare.c
index 81d6cd5e0ef..accef0a0177 100644
--- a/usr.sbin/mtree/compare.c
+++ b/usr.sbin/mtree/compare.c
@@ -1,5 +1,5 @@
/* $NetBSD: compare.c,v 1.11 1996/09/05 09:56:48 mycroft Exp $ */
-/* $OpenBSD: compare.c,v 1.6 1997/01/03 21:40:48 millert Exp $ */
+/* $OpenBSD: compare.c,v 1.7 1997/07/12 23:05:34 millert Exp $ */
/*-
* Copyright (c) 1989, 1993
@@ -38,7 +38,7 @@
#if 0
static char sccsid[] = "@(#)compare.c 8.1 (Berkeley) 6/6/93";
#else
-static char rcsid[] = "$OpenBSD: compare.c,v 1.6 1997/01/03 21:40:48 millert Exp $";
+static char rcsid[] = "$OpenBSD: compare.c,v 1.7 1997/07/12 23:05:34 millert Exp $";
#endif
#endif /* not lint */
@@ -51,6 +51,7 @@ static char rcsid[] = "$OpenBSD: compare.c,v 1.6 1997/01/03 21:40:48 millert Exp
#include <time.h>
#include <unistd.h>
#include <md5.h>
+#include <sha1.h>
#include "mtree.h"
#include "extern.h"
@@ -228,7 +229,7 @@ typeerr: LABEL;
if (s->flags & F_MD5) {
char *new_digest, buf[33];
- new_digest = MD5File(p->fts_accpath,buf);
+ new_digest = MD5File(p->fts_accpath, buf);
if (!new_digest) {
LABEL;
printf("%sMD5File: %s: %s\n", tab, p->fts_accpath,
@@ -241,7 +242,22 @@ typeerr: LABEL;
tab = "\t";
}
}
+ if (s->flags & F_SHA1) {
+ char *new_digest, buf[41];
+ new_digest = SHA1File(p->fts_accpath, buf);
+ if (!new_digest) {
+ LABEL;
+ printf("%sSHA1File: %s: %s\n", tab, p->fts_accpath,
+ strerror(errno));
+ tab = "\t";
+ } else if (strcmp(new_digest, s->sha1digest)) {
+ LABEL;
+ printf("%sSHA1 (%s, %s)\n", tab, s->sha1digest,
+ new_digest);
+ tab = "\t";
+ }
+ }
if (s->flags & F_SLINK && strcmp(cp = rlink(name), s->slink)) {
LABEL;
(void)printf("%slink ref (%s, %s)\n", tab, cp, s->slink);
diff --git a/usr.sbin/mtree/create.c b/usr.sbin/mtree/create.c
index 80afaaf830b..e17e6824b23 100644
--- a/usr.sbin/mtree/create.c
+++ b/usr.sbin/mtree/create.c
@@ -1,5 +1,5 @@
/* $NetBSD: create.c,v 1.11 1996/09/05 09:24:19 mycroft Exp $ */
-/* $OpenBSD: create.c,v 1.6 1997/04/06 09:15:30 deraadt Exp $ */
+/* $OpenBSD: create.c,v 1.7 1997/07/12 23:05:34 millert Exp $ */
/*-
* Copyright (c) 1989, 1993
@@ -38,7 +38,7 @@
#if 0
static char sccsid[] = "@(#)create.c 8.1 (Berkeley) 6/6/93";
#else
-static char rcsid[] = "$OpenBSD: create.c,v 1.6 1997/04/06 09:15:30 deraadt Exp $";
+static char rcsid[] = "$OpenBSD: create.c,v 1.7 1997/07/12 23:05:34 millert Exp $";
#endif
#endif /* not lint */
@@ -54,6 +54,7 @@ static char rcsid[] = "$OpenBSD: create.c,v 1.6 1997/04/06 09:15:30 deraadt Exp
#include <unistd.h>
#include <stdio.h>
#include <md5.h>
+#include <sha1.h>
#include "mtree.h"
#include "extern.h"
@@ -199,11 +200,19 @@ statf(indent, p)
char *md5digest, buf[33];
md5digest = MD5File(p->fts_accpath,buf);
- if (!md5digest) {
+ if (!md5digest)
err("%s: %s", p->fts_accpath, strerror(errno));
- } else {
+ else
output(indent, &offset, "md5digest=%s", md5digest);
- }
+ }
+ if (keys & F_SHA1 && S_ISREG(p->fts_statp->st_mode)) {
+ char *sha1digest, buf[41];
+
+ sha1digest = SHA1File(p->fts_accpath,buf);
+ if (!sha1digest)
+ err("%s: %s", p->fts_accpath, strerror(errno));
+ else
+ output(indent, &offset, "sha1digest=%s", sha1digest);
}
if (keys & F_SLINK &&
(p->fts_info == FTS_SL || p->fts_info == FTS_SLNONE))
diff --git a/usr.sbin/mtree/misc.c b/usr.sbin/mtree/misc.c
index 3ac2095dd24..130bf2e7452 100644
--- a/usr.sbin/mtree/misc.c
+++ b/usr.sbin/mtree/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.4 1996/12/20 18:13:42 millert Exp $ */
+/* $OpenBSD: misc.c,v 1.5 1997/07/12 23:05:35 millert Exp $ */
/* $NetBSD: misc.c,v 1.4 1995/03/07 21:26:23 cgd Exp $ */
/*-
@@ -64,6 +64,7 @@ static KEY keylist[] = {
{"mode", F_MODE, NEEDVALUE},
{"nlink", F_NLINK, NEEDVALUE},
{"optional", F_OPT, 0},
+ {"sha1digest", F_SHA1, NEEDVALUE},
{"size", F_SIZE, NEEDVALUE},
{"time", F_TIME, NEEDVALUE},
{"type", F_TYPE, NEEDVALUE},
diff --git a/usr.sbin/mtree/mtree.8 b/usr.sbin/mtree/mtree.8
index 266769419e9..64f6e5bc7fd 100644
--- a/usr.sbin/mtree/mtree.8
+++ b/usr.sbin/mtree/mtree.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: mtree.8,v 1.5 1997/01/03 21:40:50 millert Exp $
+.\" $OpenBSD: mtree.8,v 1.6 1997/07/12 23:05:35 millert Exp $
.\" $NetBSD: mtree.8,v 1.4 1995/03/07 21:26:25 cgd Exp $
.\"
.\" Copyright (c) 1989, 1990, 1993
@@ -150,6 +150,8 @@ The number of hard links the file is expected to have.
.It Cm optional
The file is optional; don't complain about the file if it's
not in the file hierarchy.
+.It Cm sha1digest
+The SHA-1 message digest of the file.
.It Cm uid
The file owner as a numeric value.
.It Cm uname
@@ -244,16 +246,16 @@ To detect system binaries that have been ``trojan horsed'', it is recommended
that
.Nm mtree
.Fl K
-.Cm md5digest
+.Cm sha1digest
be run on the file systems, and a copy of the results stored on a different
machine, or, at least, in encrypted form.
The output file itself should be digested using the
-.Xr md5 1
+.Xr sha1 1
utility.
Then, periodically,
.Nm mtree
and
-.Xr md5 1
+.Xr sha1 1
should be run against the on-line specifications.
While it is possible for the bad guys to change the on-line specifications
to conform to their modified binaries, it is believed to be
@@ -279,13 +281,14 @@ system specification directory
.Xr chgrp 1 ,
.Xr cksum 1 ,
.Xr md5 1 ,
+.Xr sha1 1 ,
.Xr stat 2 ,
.Xr fts 3 ,
.Xr md5 3 ,
+.Xr sha1 3 ,
.Xr chown 8
.Sh HISTORY
The
.Nm mtree
utility appeared in
.Bx 4.3 Reno .
-The MD5 digest capability was added in FreeBSD.
diff --git a/usr.sbin/mtree/mtree.h b/usr.sbin/mtree/mtree.h
index 4c495ab17dc..3b91e07700b 100644
--- a/usr.sbin/mtree/mtree.h
+++ b/usr.sbin/mtree/mtree.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: mtree.h,v 1.4 1996/12/20 18:13:43 millert Exp $ */
+/* $OpenBSD: mtree.h,v 1.5 1997/07/12 23:05:36 millert Exp $ */
/* $NetBSD: mtree.h,v 1.7 1995/03/07 21:26:27 cgd Exp $ */
/*-
@@ -51,6 +51,7 @@ typedef struct _node {
struct timespec st_mtimespec; /* last modification time */
u_int32_t cksum; /* check sum */
char *md5digest; /* MD5 digest */
+ char *sha1digest; /* SHA-1 digest */
char *slink; /* symbolic link reference */
uid_t st_uid; /* uid */
gid_t st_gid; /* gid */
@@ -68,13 +69,14 @@ typedef struct _node {
#define F_MODE 0x00080 /* mode */
#define F_NLINK 0x00100 /* number of links */
#define F_OPT 0x00200 /* existence optional */
-#define F_SIZE 0x00400 /* size */
-#define F_SLINK 0x00800 /* link count */
-#define F_TIME 0x01000 /* modification time */
-#define F_TYPE 0x02000 /* file type */
-#define F_UID 0x04000 /* uid */
-#define F_UNAME 0x08000 /* user name */
-#define F_VISIT 0x10000 /* file visited */
+#define F_SHA1 0x00400 /* SHA-1 digest */
+#define F_SIZE 0x00800 /* size */
+#define F_SLINK 0x01000 /* link count */
+#define F_TIME 0x02000 /* modification time */
+#define F_TYPE 0x04000 /* file type */
+#define F_UID 0x08000 /* uid */
+#define F_UNAME 0x10000 /* user name */
+#define F_VISIT 0x20000 /* file visited */
u_int32_t flags; /* items set */
#define F_BLOCK 0x001 /* block special */
diff --git a/usr.sbin/mtree/spec.c b/usr.sbin/mtree/spec.c
index f2604766257..cfa569942e8 100644
--- a/usr.sbin/mtree/spec.c
+++ b/usr.sbin/mtree/spec.c
@@ -1,5 +1,5 @@
/* $NetBSD: spec.c,v 1.6 1995/03/07 21:12:12 cgd Exp $ */
-/* $OpenBSD: spec.c,v 1.6 1997/01/17 07:14:10 millert Exp $ */
+/* $OpenBSD: spec.c,v 1.7 1997/07/12 23:05:36 millert Exp $ */
/*-
* Copyright (c) 1989, 1993
@@ -38,7 +38,7 @@
#if 0
static char sccsid[] = "@(#)spec.c 8.1 (Berkeley) 6/6/93";
#else
-static char rcsid[] = "$OpenBSD: spec.c,v 1.6 1997/01/17 07:14:10 millert Exp $";
+static char rcsid[] = "$OpenBSD: spec.c,v 1.7 1997/07/12 23:05:36 millert Exp $";
#endif
#endif /* not lint */
@@ -190,9 +190,8 @@ set(t, ip)
break;
case F_MD5:
ip->md5digest = strdup(val);
- if (!ip->md5digest) {
+ if (!ip->md5digest)
err("%s", strerror(errno));
- }
break;
case F_GID:
ip->st_gid = strtoul(val, &ep, 10);
@@ -217,6 +216,11 @@ set(t, ip)
if (*ep)
err("invalid link count %s", val);
break;
+ case F_SHA1:
+ ip->sha1digest = strdup(val);
+ if (!ip->sha1digest)
+ err("%s", strerror(errno));
+ break;
case F_SIZE:
ip->st_size = strtouq(val, &ep, 10);
if (*ep)