diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 1997-07-12 23:05:37 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 1997-07-12 23:05:37 +0000 |
commit | e2cd5478c108af0ca999cf5f4d5058c4d0e23b78 (patch) | |
tree | c75b681961d1e24ee768f371fe3b4931918c40dd | |
parent | 2e15f8e3051d41c8c12d4f866aba6b95c95d8919 (diff) |
Add sha1 digest support.
-rw-r--r-- | usr.sbin/mtree/compare.c | 22 | ||||
-rw-r--r-- | usr.sbin/mtree/create.c | 19 | ||||
-rw-r--r-- | usr.sbin/mtree/misc.c | 3 | ||||
-rw-r--r-- | usr.sbin/mtree/mtree.8 | 13 | ||||
-rw-r--r-- | usr.sbin/mtree/mtree.h | 18 | ||||
-rw-r--r-- | usr.sbin/mtree/spec.c | 12 |
6 files changed, 61 insertions, 26 deletions
diff --git a/usr.sbin/mtree/compare.c b/usr.sbin/mtree/compare.c index 81d6cd5e0ef..accef0a0177 100644 --- a/usr.sbin/mtree/compare.c +++ b/usr.sbin/mtree/compare.c @@ -1,5 +1,5 @@ /* $NetBSD: compare.c,v 1.11 1996/09/05 09:56:48 mycroft Exp $ */ -/* $OpenBSD: compare.c,v 1.6 1997/01/03 21:40:48 millert Exp $ */ +/* $OpenBSD: compare.c,v 1.7 1997/07/12 23:05:34 millert Exp $ */ /*- * Copyright (c) 1989, 1993 @@ -38,7 +38,7 @@ #if 0 static char sccsid[] = "@(#)compare.c 8.1 (Berkeley) 6/6/93"; #else -static char rcsid[] = "$OpenBSD: compare.c,v 1.6 1997/01/03 21:40:48 millert Exp $"; +static char rcsid[] = "$OpenBSD: compare.c,v 1.7 1997/07/12 23:05:34 millert Exp $"; #endif #endif /* not lint */ @@ -51,6 +51,7 @@ static char rcsid[] = "$OpenBSD: compare.c,v 1.6 1997/01/03 21:40:48 millert Exp #include <time.h> #include <unistd.h> #include <md5.h> +#include <sha1.h> #include "mtree.h" #include "extern.h" @@ -228,7 +229,7 @@ typeerr: LABEL; if (s->flags & F_MD5) { char *new_digest, buf[33]; - new_digest = MD5File(p->fts_accpath,buf); + new_digest = MD5File(p->fts_accpath, buf); if (!new_digest) { LABEL; printf("%sMD5File: %s: %s\n", tab, p->fts_accpath, @@ -241,7 +242,22 @@ typeerr: LABEL; tab = "\t"; } } + if (s->flags & F_SHA1) { + char *new_digest, buf[41]; + new_digest = SHA1File(p->fts_accpath, buf); + if (!new_digest) { + LABEL; + printf("%sSHA1File: %s: %s\n", tab, p->fts_accpath, + strerror(errno)); + tab = "\t"; + } else if (strcmp(new_digest, s->sha1digest)) { + LABEL; + printf("%sSHA1 (%s, %s)\n", tab, s->sha1digest, + new_digest); + tab = "\t"; + } + } if (s->flags & F_SLINK && strcmp(cp = rlink(name), s->slink)) { LABEL; (void)printf("%slink ref (%s, %s)\n", tab, cp, s->slink); diff --git a/usr.sbin/mtree/create.c b/usr.sbin/mtree/create.c index 80afaaf830b..e17e6824b23 100644 --- a/usr.sbin/mtree/create.c +++ b/usr.sbin/mtree/create.c @@ -1,5 +1,5 @@ /* $NetBSD: create.c,v 1.11 1996/09/05 09:24:19 mycroft Exp $ */ -/* $OpenBSD: create.c,v 1.6 1997/04/06 09:15:30 deraadt Exp $ */ +/* $OpenBSD: create.c,v 1.7 1997/07/12 23:05:34 millert Exp $ */ /*- * Copyright (c) 1989, 1993 @@ -38,7 +38,7 @@ #if 0 static char sccsid[] = "@(#)create.c 8.1 (Berkeley) 6/6/93"; #else -static char rcsid[] = "$OpenBSD: create.c,v 1.6 1997/04/06 09:15:30 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: create.c,v 1.7 1997/07/12 23:05:34 millert Exp $"; #endif #endif /* not lint */ @@ -54,6 +54,7 @@ static char rcsid[] = "$OpenBSD: create.c,v 1.6 1997/04/06 09:15:30 deraadt Exp #include <unistd.h> #include <stdio.h> #include <md5.h> +#include <sha1.h> #include "mtree.h" #include "extern.h" @@ -199,11 +200,19 @@ statf(indent, p) char *md5digest, buf[33]; md5digest = MD5File(p->fts_accpath,buf); - if (!md5digest) { + if (!md5digest) err("%s: %s", p->fts_accpath, strerror(errno)); - } else { + else output(indent, &offset, "md5digest=%s", md5digest); - } + } + if (keys & F_SHA1 && S_ISREG(p->fts_statp->st_mode)) { + char *sha1digest, buf[41]; + + sha1digest = SHA1File(p->fts_accpath,buf); + if (!sha1digest) + err("%s: %s", p->fts_accpath, strerror(errno)); + else + output(indent, &offset, "sha1digest=%s", sha1digest); } if (keys & F_SLINK && (p->fts_info == FTS_SL || p->fts_info == FTS_SLNONE)) diff --git a/usr.sbin/mtree/misc.c b/usr.sbin/mtree/misc.c index 3ac2095dd24..130bf2e7452 100644 --- a/usr.sbin/mtree/misc.c +++ b/usr.sbin/mtree/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.4 1996/12/20 18:13:42 millert Exp $ */ +/* $OpenBSD: misc.c,v 1.5 1997/07/12 23:05:35 millert Exp $ */ /* $NetBSD: misc.c,v 1.4 1995/03/07 21:26:23 cgd Exp $ */ /*- @@ -64,6 +64,7 @@ static KEY keylist[] = { {"mode", F_MODE, NEEDVALUE}, {"nlink", F_NLINK, NEEDVALUE}, {"optional", F_OPT, 0}, + {"sha1digest", F_SHA1, NEEDVALUE}, {"size", F_SIZE, NEEDVALUE}, {"time", F_TIME, NEEDVALUE}, {"type", F_TYPE, NEEDVALUE}, diff --git a/usr.sbin/mtree/mtree.8 b/usr.sbin/mtree/mtree.8 index 266769419e9..64f6e5bc7fd 100644 --- a/usr.sbin/mtree/mtree.8 +++ b/usr.sbin/mtree/mtree.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: mtree.8,v 1.5 1997/01/03 21:40:50 millert Exp $ +.\" $OpenBSD: mtree.8,v 1.6 1997/07/12 23:05:35 millert Exp $ .\" $NetBSD: mtree.8,v 1.4 1995/03/07 21:26:25 cgd Exp $ .\" .\" Copyright (c) 1989, 1990, 1993 @@ -150,6 +150,8 @@ The number of hard links the file is expected to have. .It Cm optional The file is optional; don't complain about the file if it's not in the file hierarchy. +.It Cm sha1digest +The SHA-1 message digest of the file. .It Cm uid The file owner as a numeric value. .It Cm uname @@ -244,16 +246,16 @@ To detect system binaries that have been ``trojan horsed'', it is recommended that .Nm mtree .Fl K -.Cm md5digest +.Cm sha1digest be run on the file systems, and a copy of the results stored on a different machine, or, at least, in encrypted form. The output file itself should be digested using the -.Xr md5 1 +.Xr sha1 1 utility. Then, periodically, .Nm mtree and -.Xr md5 1 +.Xr sha1 1 should be run against the on-line specifications. While it is possible for the bad guys to change the on-line specifications to conform to their modified binaries, it is believed to be @@ -279,13 +281,14 @@ system specification directory .Xr chgrp 1 , .Xr cksum 1 , .Xr md5 1 , +.Xr sha1 1 , .Xr stat 2 , .Xr fts 3 , .Xr md5 3 , +.Xr sha1 3 , .Xr chown 8 .Sh HISTORY The .Nm mtree utility appeared in .Bx 4.3 Reno . -The MD5 digest capability was added in FreeBSD. diff --git a/usr.sbin/mtree/mtree.h b/usr.sbin/mtree/mtree.h index 4c495ab17dc..3b91e07700b 100644 --- a/usr.sbin/mtree/mtree.h +++ b/usr.sbin/mtree/mtree.h @@ -1,4 +1,4 @@ -/* $OpenBSD: mtree.h,v 1.4 1996/12/20 18:13:43 millert Exp $ */ +/* $OpenBSD: mtree.h,v 1.5 1997/07/12 23:05:36 millert Exp $ */ /* $NetBSD: mtree.h,v 1.7 1995/03/07 21:26:27 cgd Exp $ */ /*- @@ -51,6 +51,7 @@ typedef struct _node { struct timespec st_mtimespec; /* last modification time */ u_int32_t cksum; /* check sum */ char *md5digest; /* MD5 digest */ + char *sha1digest; /* SHA-1 digest */ char *slink; /* symbolic link reference */ uid_t st_uid; /* uid */ gid_t st_gid; /* gid */ @@ -68,13 +69,14 @@ typedef struct _node { #define F_MODE 0x00080 /* mode */ #define F_NLINK 0x00100 /* number of links */ #define F_OPT 0x00200 /* existence optional */ -#define F_SIZE 0x00400 /* size */ -#define F_SLINK 0x00800 /* link count */ -#define F_TIME 0x01000 /* modification time */ -#define F_TYPE 0x02000 /* file type */ -#define F_UID 0x04000 /* uid */ -#define F_UNAME 0x08000 /* user name */ -#define F_VISIT 0x10000 /* file visited */ +#define F_SHA1 0x00400 /* SHA-1 digest */ +#define F_SIZE 0x00800 /* size */ +#define F_SLINK 0x01000 /* link count */ +#define F_TIME 0x02000 /* modification time */ +#define F_TYPE 0x04000 /* file type */ +#define F_UID 0x08000 /* uid */ +#define F_UNAME 0x10000 /* user name */ +#define F_VISIT 0x20000 /* file visited */ u_int32_t flags; /* items set */ #define F_BLOCK 0x001 /* block special */ diff --git a/usr.sbin/mtree/spec.c b/usr.sbin/mtree/spec.c index f2604766257..cfa569942e8 100644 --- a/usr.sbin/mtree/spec.c +++ b/usr.sbin/mtree/spec.c @@ -1,5 +1,5 @@ /* $NetBSD: spec.c,v 1.6 1995/03/07 21:12:12 cgd Exp $ */ -/* $OpenBSD: spec.c,v 1.6 1997/01/17 07:14:10 millert Exp $ */ +/* $OpenBSD: spec.c,v 1.7 1997/07/12 23:05:36 millert Exp $ */ /*- * Copyright (c) 1989, 1993 @@ -38,7 +38,7 @@ #if 0 static char sccsid[] = "@(#)spec.c 8.1 (Berkeley) 6/6/93"; #else -static char rcsid[] = "$OpenBSD: spec.c,v 1.6 1997/01/17 07:14:10 millert Exp $"; +static char rcsid[] = "$OpenBSD: spec.c,v 1.7 1997/07/12 23:05:36 millert Exp $"; #endif #endif /* not lint */ @@ -190,9 +190,8 @@ set(t, ip) break; case F_MD5: ip->md5digest = strdup(val); - if (!ip->md5digest) { + if (!ip->md5digest) err("%s", strerror(errno)); - } break; case F_GID: ip->st_gid = strtoul(val, &ep, 10); @@ -217,6 +216,11 @@ set(t, ip) if (*ep) err("invalid link count %s", val); break; + case F_SHA1: + ip->sha1digest = strdup(val); + if (!ip->sha1digest) + err("%s", strerror(errno)); + break; case F_SIZE: ip->st_size = strtouq(val, &ep, 10); if (*ep) |