src - OpenBSD base system

diff options


context:
space:
mode:

author	Todd C. Miller <millert@cvs.openbsd.org>	1997-07-12 23:05:37 +0000
committer	Todd C. Miller <millert@cvs.openbsd.org>	1997-07-12 23:05:37 +0000
commit	e2cd5478c108af0ca999cf5f4d5058c4d0e23b78 (patch)
tree	c75b681961d1e24ee768f371fe3b4931918c40dd /usr.sbin
parent	2e15f8e3051d41c8c12d4f866aba6b95c95d8919 (diff)

Add sha1 digest support.

Diffstat (limited to 'usr.sbin')

-rw-r--r--

usr.sbin/mtree/compare.c

-rw-r--r--

usr.sbin/mtree/create.c

-rw-r--r--

usr.sbin/mtree/misc.c

-rw-r--r--

usr.sbin/mtree/mtree.8

-rw-r--r--

usr.sbin/mtree/mtree.h

-rw-r--r--

usr.sbin/mtree/spec.c

6 files changed, 61 insertions, 26 deletions

diff --git a/usr.sbin/mtree/compare.c b/usr.sbin/mtree/compare.c
index 81d6cd5e0ef..accef0a0177 100644
--- a/usr.sbin/mtree/compare.c
+++ b/usr.sbin/mtree/compare.c

@@ -1,5 +1,5 @@

/* $NetBSD: compare.c,v 1.11 1996/09/05 09:56:48 mycroft Exp $ */

-/* $OpenBSD: compare.c,v 1.6 1997/01/03 21:40:48 millert Exp $ */

+/* $OpenBSD: compare.c,v 1.7 1997/07/12 23:05:34 millert Exp $ */

/*-

@@ -38,7 +38,7 @@

#if 0

static char sccsid[] = "@(#)compare.c 8.1 (Berkeley) 6/6/93";

#else

-static char rcsid[] = "$OpenBSD: compare.c,v 1.6 1997/01/03 21:40:48 millert Exp $";

+static char rcsid[] = "$OpenBSD: compare.c,v 1.7 1997/07/12 23:05:34 millert Exp $";

#endif

#endif /* not lint */

@@ -51,6 +51,7 @@ static char rcsid[] = "$OpenBSD: compare.c,v 1.6 1997/01/03 21:40:48 millert Exp

#include <time.h>

#include <unistd.h>

#include <md5.h>

+#include <sha1.h>

#include "mtree.h"

#include "extern.h"

@@ -228,7 +229,7 @@ typeerr: LABEL;

if (s->flags & F_MD5) {

char *new_digest, buf[33];

- new_digest = MD5File(p->fts_accpath,buf);

+ new_digest = MD5File(p->fts_accpath, buf);

if (!new_digest) {

LABEL;

printf("%sMD5File: %s: %s\n", tab, p->fts_accpath,

@@ -241,7 +242,22 @@ typeerr: LABEL;

tab = "\t";

}

+ if (s->flags & F_SHA1) {

+ char *new_digest, buf[41];

+ new_digest = SHA1File(p->fts_accpath, buf);

+ if (!new_digest) {

+ LABEL;

+ printf("%sSHA1File: %s: %s\n", tab, p->fts_accpath,

+ strerror(errno));

+ tab = "\t";

+ } else if (strcmp(new_digest, s->sha1digest)) {

+ LABEL;

+ printf("%sSHA1 (%s, %s)\n", tab, s->sha1digest,

+ new_digest);

+ tab = "\t";

+ }

if (s->flags & F_SLINK && strcmp(cp = rlink(name), s->slink)) {

LABEL;

(void)printf("%slink ref (%s, %s)\n", tab, cp, s->slink);

diff --git a/usr.sbin/mtree/create.c b/usr.sbin/mtree/create.c
index 80afaaf830b..e17e6824b23 100644
--- a/usr.sbin/mtree/create.c
+++ b/usr.sbin/mtree/create.c

@@ -1,5 +1,5 @@

/* $NetBSD: create.c,v 1.11 1996/09/05 09:24:19 mycroft Exp $ */

-/* $OpenBSD: create.c,v 1.6 1997/04/06 09:15:30 deraadt Exp $ */

+/* $OpenBSD: create.c,v 1.7 1997/07/12 23:05:34 millert Exp $ */

/*-

@@ -38,7 +38,7 @@

#if 0

static char sccsid[] = "@(#)create.c 8.1 (Berkeley) 6/6/93";

#else

-static char rcsid[] = "$OpenBSD: create.c,v 1.6 1997/04/06 09:15:30 deraadt Exp $";

+static char rcsid[] = "$OpenBSD: create.c,v 1.7 1997/07/12 23:05:34 millert Exp $";

#endif

#endif /* not lint */

@@ -54,6 +54,7 @@ static char rcsid[] = "$OpenBSD: create.c,v 1.6 1997/04/06 09:15:30 deraadt Exp

#include <unistd.h>

#include <stdio.h>

#include <md5.h>

+#include <sha1.h>

#include "mtree.h"

#include "extern.h"

@@ -199,11 +200,19 @@ statf(indent, p)

char *md5digest, buf[33];

md5digest = MD5File(p->fts_accpath,buf);

- if (!md5digest) {

+ if (!md5digest)

err("%s: %s", p->fts_accpath, strerror(errno));

- } else {

+ else

output(indent, &offset, "md5digest=%s", md5digest);

- }

+ }

+ if (keys & F_SHA1 && S_ISREG(p->fts_statp->st_mode)) {

+ char *sha1digest, buf[41];

+ sha1digest = SHA1File(p->fts_accpath,buf);

+ if (!sha1digest)

+ err("%s: %s", p->fts_accpath, strerror(errno));

+ else

+ output(indent, &offset, "sha1digest=%s", sha1digest);

}

if (keys & F_SLINK &&

(p->fts_info == FTS_SL || p->fts_info == FTS_SLNONE))

diff --git a/usr.sbin/mtree/misc.c b/usr.sbin/mtree/misc.c
index 3ac2095dd24..130bf2e7452 100644
--- a/usr.sbin/mtree/misc.c
+++ b/usr.sbin/mtree/misc.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: misc.c,v 1.4 1996/12/20 18:13:42 millert Exp $ */

+/* $OpenBSD: misc.c,v 1.5 1997/07/12 23:05:35 millert Exp $ */

/* $NetBSD: misc.c,v 1.4 1995/03/07 21:26:23 cgd Exp $ */

/*-

@@ -64,6 +64,7 @@ static KEY keylist[] = {

{"mode", F_MODE, NEEDVALUE},

{"nlink", F_NLINK, NEEDVALUE},

{"optional", F_OPT, 0},

+ {"sha1digest", F_SHA1, NEEDVALUE},

{"size", F_SIZE, NEEDVALUE},

{"time", F_TIME, NEEDVALUE},

{"type", F_TYPE, NEEDVALUE},

diff --git a/usr.sbin/mtree/mtree.8 b/usr.sbin/mtree/mtree.8
index 266769419e9..64f6e5bc7fd 100644
--- a/usr.sbin/mtree/mtree.8
+++ b/usr.sbin/mtree/mtree.8

@@ -1,4 +1,4 @@

-.\" $OpenBSD: mtree.8,v 1.5 1997/01/03 21:40:50 millert Exp $

+.\" $OpenBSD: mtree.8,v 1.6 1997/07/12 23:05:35 millert Exp $

.\" $NetBSD: mtree.8,v 1.4 1995/03/07 21:26:25 cgd Exp $

.\"

@@ -150,6 +150,8 @@ The number of hard links the file is expected to have.

.It Cm optional

The file is optional; don't complain about the file if it's

not in the file hierarchy.

+.It Cm sha1digest

+The SHA-1 message digest of the file.

.It Cm uid

The file owner as a numeric value.

.It Cm uname

@@ -244,16 +246,16 @@ To detect system binaries that have been ``trojan horsed'', it is recommended

that

.Nm mtree

.Fl K

-.Cm md5digest

+.Cm sha1digest

be run on the file systems, and a copy of the results stored on a different

machine, or, at least, in encrypted form.

The output file itself should be digested using the

-.Xr md5 1

+.Xr sha1 1

utility.

Then, periodically,

.Nm mtree

and

-.Xr md5 1

+.Xr sha1 1

should be run against the on-line specifications.

While it is possible for the bad guys to change the on-line specifications

to conform to their modified binaries, it is believed to be

@@ -279,13 +281,14 @@ system specification directory

.Xr chgrp 1 ,

.Xr cksum 1 ,

.Xr md5 1 ,

+.Xr sha1 1 ,

.Xr stat 2 ,

.Xr fts 3 ,

.Xr md5 3 ,

+.Xr sha1 3 ,

.Xr chown 8

.Sh HISTORY

The

.Nm mtree

utility appeared in

.Bx 4.3 Reno .

-The MD5 digest capability was added in FreeBSD.

diff --git a/usr.sbin/mtree/mtree.h b/usr.sbin/mtree/mtree.h
index 4c495ab17dc..3b91e07700b 100644
--- a/usr.sbin/mtree/mtree.h
+++ b/usr.sbin/mtree/mtree.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: mtree.h,v 1.4 1996/12/20 18:13:43 millert Exp $ */

+/* $OpenBSD: mtree.h,v 1.5 1997/07/12 23:05:36 millert Exp $ */

/* $NetBSD: mtree.h,v 1.7 1995/03/07 21:26:27 cgd Exp $ */

/*-

@@ -51,6 +51,7 @@ typedef struct _node {

struct timespec st_mtimespec; /* last modification time */

u_int32_t cksum; /* check sum */

char *md5digest; /* MD5 digest */

+ char *sha1digest; /* SHA-1 digest */

char *slink; /* symbolic link reference */

uid_t st_uid; /* uid */

gid_t st_gid; /* gid */

@@ -68,13 +69,14 @@ typedef struct _node {

#define F_MODE 0x00080 /* mode */

#define F_NLINK 0x00100 /* number of links */

#define F_OPT 0x00200 /* existence optional */

-#define F_SIZE 0x00400 /* size */

-#define F_SLINK 0x00800 /* link count */

-#define F_TIME 0x01000 /* modification time */

-#define F_TYPE 0x02000 /* file type */

-#define F_UID 0x04000 /* uid */

-#define F_UNAME 0x08000 /* user name */

-#define F_VISIT 0x10000 /* file visited */

+#define F_SHA1 0x00400 /* SHA-1 digest */

+#define F_SIZE 0x00800 /* size */

+#define F_SLINK 0x01000 /* link count */

+#define F_TIME 0x02000 /* modification time */

+#define F_TYPE 0x04000 /* file type */

+#define F_UID 0x08000 /* uid */

+#define F_UNAME 0x10000 /* user name */

+#define F_VISIT 0x20000 /* file visited */

u_int32_t flags; /* items set */

#define F_BLOCK 0x001 /* block special */

diff --git a/usr.sbin/mtree/spec.c b/usr.sbin/mtree/spec.c
index f2604766257..cfa569942e8 100644
--- a/usr.sbin/mtree/spec.c
+++ b/usr.sbin/mtree/spec.c

@@ -1,5 +1,5 @@

/* $NetBSD: spec.c,v 1.6 1995/03/07 21:12:12 cgd Exp $ */

-/* $OpenBSD: spec.c,v 1.6 1997/01/17 07:14:10 millert Exp $ */

+/* $OpenBSD: spec.c,v 1.7 1997/07/12 23:05:36 millert Exp $ */

/*-

@@ -38,7 +38,7 @@

#if 0

static char sccsid[] = "@(#)spec.c 8.1 (Berkeley) 6/6/93";

#else

-static char rcsid[] = "$OpenBSD: spec.c,v 1.6 1997/01/17 07:14:10 millert Exp $";

+static char rcsid[] = "$OpenBSD: spec.c,v 1.7 1997/07/12 23:05:36 millert Exp $";

#endif

#endif /* not lint */

@@ -190,9 +190,8 @@ set(t, ip)

break;

case F_MD5:

ip->md5digest = strdup(val);

- if (!ip->md5digest) {

+ if (!ip->md5digest)

err("%s", strerror(errno));

- }

break;

case F_GID:

ip->st_gid = strtoul(val, &ep, 10);

@@ -217,6 +216,11 @@ set(t, ip)

if (*ep)

err("invalid link count %s", val);

break;

+ case F_SHA1:

+ ip->sha1digest = strdup(val);

+ if (!ip->sha1digest)

+ err("%s", strerror(errno));

+ break;

case F_SIZE:

ip->st_size = strtouq(val, &ep, 10);

if (*ep)