1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright 2018 OmniOS Community Edition (OmniOSce) Association.
24 */
25
26
27 #include <sys/stat.h>
28 #include <sys/types.h>
29
30 #include <assert.h>
31 #include <ctype.h>
32 #include <errno.h>
33 #include <fcntl.h>
34 #include <libintl.h>
35 #include <libscf.h>
36 #include <libuutil.h>
37 #include <limits.h>
38 #include <md5.h>
39 #include <pthread.h>
40 #include <stdio.h>
41 #include <stdlib.h>
42 #include <string.h>
43 #include <strings.h>
44 #include <unistd.h>
45
46 #include <manifest_hash.h>
47
48 /*
49 * Translate a file name to property name. Return an allocated string or NULL
50 * if realpath() fails. If deathrow is true, realpath() is skipped. This
51 * allows to return the property name even if the file doesn't exist.
52 */
53 char *
mhash_filename_to_propname(const char * in,boolean_t deathrow)54 mhash_filename_to_propname(const char *in, boolean_t deathrow)
55 {
56 char *out, *cp, *base;
57 size_t len, piece_len;
58 size_t base_sz = 0;
59
60 out = uu_zalloc(PATH_MAX + 1);
61 if (deathrow) {
62 /* used only for service deathrow handling */
63 if (strlcpy(out, in, PATH_MAX + 1) >= (PATH_MAX + 1)) {
64 uu_free(out);
65 return (NULL);
66 }
67 } else {
68 if (realpath(in, out) == NULL) {
69 uu_free(out);
70 return (NULL);
71 }
72 }
73
74 base = getenv("PKG_INSTALL_ROOT");
75
76 /*
77 * We copy-shift over the basedir and the leading slash, since it's
78 * not relevant to when we boot with this repository.
79 */
80
81 if (base != NULL && strncmp(out, base, strlen(base)) == 0)
82 base_sz = strlen(base);
83
84 cp = out + base_sz;
85 if (*cp == '/')
86 cp++;
87 (void) memmove(out, cp, strlen(cp) + 1);
88
89 len = strlen(out);
90 if (len > scf_limit(SCF_LIMIT_MAX_NAME_LENGTH)) {
91 /* Use the first half and the second half. */
92 piece_len = (scf_limit(SCF_LIMIT_MAX_NAME_LENGTH) - 3) / 2;
93
94 (void) strncpy(out + piece_len, "__", 2);
95
96 (void) memmove(out + piece_len + 2, out + (len - piece_len),
97 piece_len + 1);
98 }
99
100 /*
101 * Translate non-property characters to '_', first making sure that
102 * we don't begin with '_'.
103 */
104
105 if (!isalpha(*out))
106 *out = 'A';
107
108 for (cp = out + 1; *cp != '\0'; ++cp) {
109 if (!(isalnum(*cp) || *cp == '_' || *cp == '-'))
110 *cp = '_';
111 }
112
113 return (out);
114 }
115
116 int
mhash_retrieve_entry(scf_handle_t * hndl,const char * name,uchar_t * hash,apply_action_t * action)117 mhash_retrieve_entry(scf_handle_t *hndl, const char *name, uchar_t *hash,
118 apply_action_t *action)
119 {
120 scf_scope_t *scope;
121 scf_service_t *svc;
122 scf_propertygroup_t *pg;
123 scf_property_t *prop;
124 scf_value_t *val;
125 scf_error_t err;
126 ssize_t szret;
127 int result = 0;
128
129 if (action)
130 *action = APPLY_NONE;
131
132 /*
133 * In this implementation the hash for name is the opaque value of
134 * svc:/MHASH_SVC/:properties/name/MHASH_PROP
135 */
136
137 if ((scope = scf_scope_create(hndl)) == NULL ||
138 (svc = scf_service_create(hndl)) == NULL ||
139 (pg = scf_pg_create(hndl)) == NULL ||
140 (prop = scf_property_create(hndl)) == NULL ||
141 (val = scf_value_create(hndl)) == NULL) {
142 result = -1;
143 goto out;
144 }
145
146 if (scf_handle_get_local_scope(hndl, scope) < 0) {
147 result = -1;
148 goto out;
149 }
150
151 if (scf_scope_get_service(scope, MHASH_SVC, svc) < 0) {
152 result = -1;
153 goto out;
154 }
155
156 if (scf_service_get_pg(svc, name, pg) != SCF_SUCCESS) {
157 result = -1;
158 goto out;
159 }
160
161 if (scf_pg_get_property(pg, MHASH_PROP, prop) != SCF_SUCCESS) {
162 result = -1;
163 goto out;
164 }
165
166 if (scf_property_get_value(prop, val) != SCF_SUCCESS) {
167 result = -1;
168 goto out;
169 }
170
171 szret = scf_value_get_opaque(val, hash, MHASH_SIZE);
172 if (szret < 0) {
173 result = -1;
174 goto out;
175 }
176
177 /*
178 * Make sure that the old hash is returned with
179 * remainder of the bytes zeroed.
180 */
181 if (szret == MHASH_SIZE_OLD) {
182 (void) memset(hash + MHASH_SIZE_OLD, 0,
183 MHASH_SIZE - MHASH_SIZE_OLD);
184 } else if (szret != MHASH_SIZE) {
185 scf_value_destroy(val);
186 result = -1;
187 goto out;
188 }
189
190 /*
191 * If caller has requested the apply_last property, read the
192 * property if it exists.
193 */
194 if (action != NULL) {
195 uint8_t apply_value;
196
197 if (scf_pg_get_property(pg, MHASH_APPLY_PROP, prop) !=
198 SCF_SUCCESS) {
199 err = scf_error();
200 if ((err != SCF_ERROR_DELETED) &&
201 (err != SCF_ERROR_NOT_FOUND)) {
202 result = -1;
203 }
204 goto out;
205 }
206 if (scf_property_get_value(prop, val) != SCF_SUCCESS) {
207 err = scf_error();
208 if ((err != SCF_ERROR_DELETED) &&
209 (err != SCF_ERROR_NOT_FOUND)) {
210 result = -1;
211 }
212 goto out;
213 }
214 if (scf_value_get_boolean(val, &apply_value) != SCF_SUCCESS) {
215 result = -1;
216 goto out;
217 }
218 if (apply_value)
219 *action = APPLY_LATE;
220 }
221
222 out:
223 (void) scf_value_destroy(val);
224 scf_property_destroy(prop);
225 scf_pg_destroy(pg);
226 scf_service_destroy(svc);
227 scf_scope_destroy(scope);
228
229 return (result);
230 }
231
232 int
mhash_store_entry(scf_handle_t * hndl,const char * name,const char * fname,uchar_t * hash,apply_action_t apply_late,char ** errstr)233 mhash_store_entry(scf_handle_t *hndl, const char *name, const char *fname,
234 uchar_t *hash, apply_action_t apply_late, char **errstr)
235 {
236 scf_scope_t *scope = NULL;
237 scf_service_t *svc = NULL;
238 scf_propertygroup_t *pg = NULL;
239 scf_property_t *prop = NULL;
240 scf_value_t *aval = NULL;
241 scf_value_t *val = NULL;
242 scf_value_t *fval = NULL;
243 scf_transaction_t *tx = NULL;
244 scf_transaction_entry_t *ae = NULL;
245 scf_transaction_entry_t *e = NULL;
246 scf_transaction_entry_t *fe = NULL;
247 scf_error_t err;
248 int ret, result = 0;
249 char *base;
250 size_t base_sz = 0;
251
252 int i;
253
254 if ((scope = scf_scope_create(hndl)) == NULL ||
255 (svc = scf_service_create(hndl)) == NULL ||
256 (pg = scf_pg_create(hndl)) == NULL ||
257 (prop = scf_property_create(hndl)) == NULL) {
258 if (errstr != NULL)
259 *errstr = gettext("Could not create scf objects");
260 result = -1;
261 goto out;
262 }
263
264 if (scf_handle_get_local_scope(hndl, scope) != SCF_SUCCESS) {
265 if (errstr != NULL)
266 *errstr = gettext("Could not get local scope");
267 result = -1;
268 goto out;
269 }
270
271 for (i = 0; i < 5; ++i) {
272
273 if (scf_scope_get_service(scope, MHASH_SVC, svc) ==
274 SCF_SUCCESS)
275 break;
276
277 if (scf_error() != SCF_ERROR_NOT_FOUND) {
278 if (errstr != NULL)
279 *errstr = gettext("Could not get manifest hash "
280 "service");
281 result = -1;
282 goto out;
283 }
284
285 if (scf_scope_add_service(scope, MHASH_SVC, svc) ==
286 SCF_SUCCESS)
287 break;
288
289 err = scf_error();
290
291 if (err == SCF_ERROR_EXISTS)
292 /* Try again. */
293 continue;
294 else if (err == SCF_ERROR_PERMISSION_DENIED) {
295 if (errstr != NULL)
296 *errstr = gettext("Could not store file hash: "
297 "permission denied.\n");
298 result = -1;
299 goto out;
300 }
301
302 if (errstr != NULL)
303 *errstr = gettext("Could not add manifest hash "
304 "service");
305 result = -1;
306 goto out;
307 }
308
309 if (i == 5) {
310 if (errstr != NULL)
311 *errstr = gettext("Could not store file hash: "
312 "service addition contention.\n");
313 result = -1;
314 goto out;
315 }
316
317 for (i = 0; i < 5; ++i) {
318 if (scf_service_get_pg(svc, name, pg) == SCF_SUCCESS)
319 break;
320
321 if (scf_error() != SCF_ERROR_NOT_FOUND) {
322 if (errstr != NULL)
323 *errstr = gettext("Could not get service's "
324 "hash record)");
325 result = -1;
326 goto out;
327 }
328
329 if (scf_service_add_pg(svc, name, MHASH_PG_TYPE,
330 MHASH_PG_FLAGS, pg) == SCF_SUCCESS)
331 break;
332
333 err = scf_error();
334
335 if (err == SCF_ERROR_EXISTS)
336 /* Try again. */
337 continue;
338 else if (err == SCF_ERROR_PERMISSION_DENIED) {
339 if (errstr != NULL)
340 *errstr = gettext("Could not store file hash: "
341 "permission denied.\n");
342 result = -1;
343 goto out;
344 }
345
346 if (errstr != NULL)
347 *errstr = gettext("Could not store file hash");
348 result = -1;
349 goto out;
350 }
351 if (i == 5) {
352 if (errstr != NULL)
353 *errstr = gettext("Could not store file hash: "
354 "property group addition contention.\n");
355 result = -1;
356 goto out;
357 }
358
359 if ((e = scf_entry_create(hndl)) == NULL ||
360 (val = scf_value_create(hndl)) == NULL ||
361 (fe = scf_entry_create(hndl)) == NULL ||
362 (fval = scf_value_create(hndl)) == NULL ||
363 (ae = scf_entry_create(hndl)) == NULL ||
364 (aval = scf_value_create(hndl)) == NULL) {
365 if (errstr != NULL)
366 *errstr = gettext("Could not store file hash: "
367 "permission denied.\n");
368 result = -1;
369 goto out;
370 }
371
372 /*
373 * Remove any PKG_INSTALL_ROOT from the manifest filename so that it
374 * points to the correct location following installation.
375 */
376 base = getenv("PKG_INSTALL_ROOT");
377 if (base != NULL && strncmp(fname, base, strlen(base)) == 0)
378 base_sz = strlen(base);
379
380 ret = scf_value_set_opaque(val, hash, MHASH_SIZE);
381 assert(ret == SCF_SUCCESS);
382 ret = scf_value_set_astring(fval, fname + base_sz);
383 assert(ret == SCF_SUCCESS);
384 if (apply_late == APPLY_LATE) {
385 scf_value_set_boolean(aval, 1);
386 }
387
388 tx = scf_transaction_create(hndl);
389 if (tx == NULL) {
390 if (errstr != NULL)
391 *errstr = gettext("Could not create transaction");
392 result = -1;
393 goto out;
394 }
395
396 do {
397 if (scf_pg_update(pg) == -1) {
398 if (errstr != NULL)
399 *errstr = gettext("Could not update hash "
400 "entry");
401 result = -1;
402 goto out;
403 }
404 if (scf_transaction_start(tx, pg) != SCF_SUCCESS) {
405 if (scf_error() != SCF_ERROR_PERMISSION_DENIED) {
406 if (errstr != NULL)
407 *errstr = gettext("Could not start "
408 "hash transaction.\n");
409 result = -1;
410 goto out;
411 }
412
413 if (errstr != NULL)
414 *errstr = gettext("Could not store file hash: "
415 "permission denied.\n");
416 result = -1;
417
418 scf_transaction_destroy(tx);
419 (void) scf_entry_destroy(e);
420 goto out;
421 }
422
423 if (scf_transaction_property_new(tx, e, MHASH_PROP,
424 SCF_TYPE_OPAQUE) != SCF_SUCCESS &&
425 scf_transaction_property_change_type(tx, e, MHASH_PROP,
426 SCF_TYPE_OPAQUE) != SCF_SUCCESS) {
427 if (errstr != NULL)
428 *errstr = gettext("Could not modify hash "
429 "entry");
430 result = -1;
431 goto out;
432 }
433
434 ret = scf_entry_add_value(e, val);
435 assert(ret == SCF_SUCCESS);
436
437 if (scf_transaction_property_new(tx, fe, MHASH_FILE_PROP,
438 SCF_TYPE_ASTRING) != SCF_SUCCESS &&
439 scf_transaction_property_change_type(tx, fe,
440 MHASH_FILE_PROP, SCF_TYPE_ASTRING) != SCF_SUCCESS) {
441 if (errstr != NULL)
442 *errstr = gettext("Could not modify file "
443 "entry");
444 result = -1;
445 goto out;
446 }
447
448 ret = scf_entry_add_value(fe, fval);
449 assert(ret == SCF_SUCCESS);
450
451 switch (apply_late) {
452 case APPLY_NONE:
453 if (scf_transaction_property_delete(tx, ae,
454 MHASH_APPLY_PROP) != 0) {
455 err = scf_error();
456 if ((err != SCF_ERROR_DELETED) &&
457 (err != SCF_ERROR_NOT_FOUND)) {
458 if (errstr != NULL) {
459 *errstr = gettext("Could not "
460 "delete apply_late "
461 "property");
462 }
463 result = -1;
464 goto out;
465 }
466 }
467 break;
468 case APPLY_LATE:
469 if ((scf_transaction_property_new(tx, ae,
470 MHASH_APPLY_PROP,
471 SCF_TYPE_BOOLEAN) != SCF_SUCCESS) &&
472 (scf_transaction_property_change_type(tx, ae,
473 MHASH_APPLY_PROP, SCF_TYPE_BOOLEAN) !=
474 SCF_SUCCESS)) {
475 if (errstr != NULL) {
476 *errstr = gettext("Could not modify "
477 "apply_late property");
478 }
479 result = -1;
480 goto out;
481 }
482
483 ret = scf_entry_add_value(ae, aval);
484 assert(ret == SCF_SUCCESS);
485 break;
486 default:
487 abort();
488 };
489
490 ret = scf_transaction_commit(tx);
491
492 if (ret == 0)
493 scf_transaction_reset(tx);
494 } while (ret == 0);
495
496 if (ret < 0) {
497 if (scf_error() != SCF_ERROR_PERMISSION_DENIED) {
498 if (errstr != NULL)
499 *errstr = gettext("Could not store file hash: "
500 "permission denied.\n");
501 result = -1;
502 goto out;
503 }
504
505 if (errstr != NULL)
506 *errstr = gettext("Could not commit transaction");
507 result = -1;
508 }
509
510 scf_transaction_destroy(tx);
511 (void) scf_entry_destroy(e);
512 (void) scf_entry_destroy(fe);
513 (void) scf_entry_destroy(ae);
514
515 out:
516 (void) scf_value_destroy(val);
517 (void) scf_value_destroy(fval);
518 (void) scf_value_destroy(aval);
519 scf_property_destroy(prop);
520 scf_pg_destroy(pg);
521 scf_service_destroy(svc);
522 scf_scope_destroy(scope);
523
524 return (result);
525 }
526
527 /*
528 * Generate the md5 hash of a file; manifest files are smallish
529 * so we can read them in one gulp.
530 */
531 static int
md5_hash_file(const char * file,off64_t sz,uchar_t * hash)532 md5_hash_file(const char *file, off64_t sz, uchar_t *hash)
533 {
534 char *buf;
535 int fd;
536 ssize_t res;
537 int ret;
538
539 fd = open(file, O_RDONLY);
540 if (fd < 0)
541 return (-1);
542
543 buf = malloc(sz);
544 if (buf == NULL) {
545 (void) close(fd);
546 return (-1);
547 }
548
549 res = read(fd, buf, (size_t)sz);
550
551 (void) close(fd);
552
553 if (res == sz) {
554 ret = 0;
555 md5_calc(hash, (uchar_t *)buf, (unsigned int) sz);
556 } else {
557 ret = -1;
558 }
559
560 free(buf);
561 return (ret);
562 }
563
564 /*
565 * int mhash_test_file(scf_handle_t *, const char *, uint_t, char **, uchar_t *)
566 * Test the given filename against the hashed metadata in the repository.
567 * The behaviours for import and apply are slightly different. For imports,
568 * if the hash value is absent or different, then the import operation
569 * continues. For profile application, the operation continues only if the
570 * hash value for the file is absent.
571 *
572 * We keep two hashes: one which can be quickly test: the metadata hash,
573 * and one which is more expensive to test: the file contents hash.
574 *
575 * If either hash matches, the file does not need to be re-read.
576 * If only one of the hashes matches, a side effect of this function
577 * is to store the newly computed hash.
578 * If neither hash matches, the hash computed for the new file is returned
579 * and not stored.
580 *
581 * Return values:
582 * MHASH_NEWFILE - the file no longer matches the hash or no hash existed
583 * ONLY in this case we return the new file's hash.
584 * MHASH_FAILURE - an internal error occurred, or the file was not found.
585 * MHASH_RECONCILED- based on the metadata/file hash, the file does
586 * not need to be re-read; if necessary,
587 * the hash was upgraded or reconciled.
588 *
589 * NOTE: no hash is returned UNLESS MHASH_NEWFILE is returned.
590 */
591 int
mhash_test_file(scf_handle_t * hndl,const char * file,uint_t is_profile,char ** pnamep,uchar_t * hashbuf)592 mhash_test_file(scf_handle_t *hndl, const char *file, uint_t is_profile,
593 char **pnamep, uchar_t *hashbuf)
594 {
595 apply_action_t action;
596 boolean_t do_hash;
597 struct stat64 st;
598 char *cp;
599 char *data;
600 uchar_t stored_hash[MHASH_SIZE];
601 uchar_t hash[MHASH_SIZE];
602 char *pname;
603 int ret;
604 int hashash;
605 int metahashok = 0;
606
607 if (pnamep)
608 *pnamep = NULL;
609
610 /*
611 * In the case where we are doing automated imports, we reduce the UID,
612 * the GID, the size, and the mtime into a string (to eliminate
613 * endianness) which we then make opaque as a single MD5 digest.
614 *
615 * The previous hash was composed of the inode number, the UID, the file
616 * size, and the mtime. This formulation was found to be insufficiently
617 * portable for use in highly replicated deployments. The current
618 * algorithm will allow matches of this "v1" hash, but always returns
619 * the effective "v2" hash, such that updates result in the more
620 * portable hash being used.
621 *
622 * An unwanted side effect of a hash based solely on the file
623 * meta data is the fact that we pay no attention to the contents
624 * which may remain the same despite meta data changes. This happens
625 * with (live) upgrades. We extend the V2 hash with an additional
626 * digest of the file contents and the code retrieving the hash
627 * from the repository zero fills the remainder so we can detect
628 * it is missing.
629 *
630 * If the the V2 digest matches, we check for the presence of
631 * the contents digest and compute and store it if missing.
632 *
633 * If the V2 digest doesn't match but we also have a non-zero
634 * file hash, we match the file content digest. If it matches,
635 * we compute and store the new complete hash so that later
636 * checks will find the meta data digest correct.
637 *
638 * If the above matches fail and the V1 hash doesn't match either,
639 * we consider the test to have failed, implying that some aspect
640 * of the manifest has changed.
641 */
642
643 cp = getenv("SVCCFG_CHECKHASH");
644 do_hash = (cp != NULL && *cp != '\0');
645 if (!do_hash) {
646 return (MHASH_NEWFILE);
647 }
648
649 pname = mhash_filename_to_propname(file, B_FALSE);
650 if (pname == NULL)
651 return (MHASH_FAILURE);
652
653 hashash = mhash_retrieve_entry(hndl, pname, stored_hash, &action) == 0;
654 if (is_profile == 0) {
655 /* Actions other than APPLY_NONE are restricted to profiles. */
656 assert(action == APPLY_NONE);
657 }
658
659 /*
660 * As a general rule, we do not reread a profile. The exception to
661 * this rule is when we are running as part of the manifest import
662 * service and the apply_late property is set to true.
663 */
664 if (hashash && is_profile) {
665 cp = getenv("SMF_FMRI");
666 if ((cp == NULL) ||
667 (strcmp(cp, SCF_INSTANCE_MI) != 0) ||
668 (action != APPLY_LATE)) {
669 uu_free(pname);
670 return (MHASH_RECONCILED);
671 }
672 }
673
674 /*
675 * No hash and not interested in one, then don't bother computing it.
676 * We also skip returning the property name in that case.
677 */
678 if (!hashash && hashbuf == NULL) {
679 uu_free(pname);
680 return (MHASH_NEWFILE);
681 }
682
683 do {
684 ret = stat64(file, &st);
685 } while (ret < 0 && errno == EINTR);
686 if (ret < 0) {
687 uu_free(pname);
688 return (MHASH_FAILURE);
689 }
690
691 data = uu_msprintf(MHASH_FORMAT_V2, st.st_uid, st.st_gid,
692 st.st_size, st.st_mtime);
693 if (data == NULL) {
694 uu_free(pname);
695 return (MHASH_FAILURE);
696 }
697
698 (void) memset(hash, 0, MHASH_SIZE);
699 md5_calc(hash, (uchar_t *)data, strlen(data));
700
701 uu_free(data);
702
703 /*
704 * Verify the meta data hash.
705 */
706 if (hashash && memcmp(hash, stored_hash, MD5_DIGEST_LENGTH) == 0) {
707 int i;
708
709 metahashok = 1;
710 /*
711 * The metadata hash matches; now we see if there was a
712 * content hash; if not, we will continue on and compute and
713 * store the updated hash.
714 * If there was no content hash, mhash_retrieve_entry()
715 * will have zero filled it.
716 */
717 for (i = 0; i < MD5_DIGEST_LENGTH; i++) {
718 if (stored_hash[MD5_DIGEST_LENGTH+i] != 0) {
719 if (action == APPLY_LATE) {
720 if (pnamep != NULL)
721 *pnamep = pname;
722 ret = MHASH_NEWFILE;
723 } else {
724 uu_free(pname);
725 ret = MHASH_RECONCILED;
726 }
727 return (ret);
728 }
729 }
730 }
731
732 /*
733 * Compute the file hash as we can no longer avoid having to know it.
734 * Note: from this point on "hash" contains the full, current, hash.
735 */
736 if (md5_hash_file(file, st.st_size, &hash[MHASH_SIZE_OLD]) != 0) {
737 uu_free(pname);
738 return (MHASH_FAILURE);
739 }
740 if (hashash) {
741 uchar_t hash_v1[MHASH_SIZE_OLD];
742
743 if (metahashok ||
744 memcmp(&hash[MHASH_SIZE_OLD], &stored_hash[MHASH_SIZE_OLD],
745 MD5_DIGEST_LENGTH) == 0) {
746
747 /*
748 * Reconcile entry: we get here when either the
749 * meta data hash matches or the content hash matches;
750 * we then update the database with the complete
751 * new hash so we can be a bit quicker next time.
752 */
753 (void) mhash_store_entry(hndl, pname, file, hash,
754 APPLY_NONE, NULL);
755 if (action == APPLY_LATE) {
756 if (pnamep != NULL)
757 *pnamep = pname;
758 ret = MHASH_NEWFILE;
759 } else {
760 uu_free(pname);
761 ret = MHASH_RECONCILED;
762 }
763 return (ret);
764 }
765
766 /*
767 * No match on V2 hash or file content; compare V1 hash.
768 */
769 data = uu_msprintf(MHASH_FORMAT_V1, st.st_ino, st.st_uid,
770 st.st_size, st.st_mtime);
771 if (data == NULL) {
772 uu_free(pname);
773 return (MHASH_FAILURE);
774 }
775
776 md5_calc(hash_v1, (uchar_t *)data, strlen(data));
777
778 uu_free(data);
779
780 if (memcmp(hash_v1, stored_hash, MD5_DIGEST_LENGTH) == 0) {
781 /*
782 * Update the new entry so we don't have to go through
783 * all this trouble next time.
784 */
785 (void) mhash_store_entry(hndl, pname, file, hash,
786 APPLY_NONE, NULL);
787 uu_free(pname);
788 return (MHASH_RECONCILED);
789 }
790 }
791
792 if (pnamep != NULL)
793 *pnamep = pname;
794 else
795 uu_free(pname);
796
797 if (hashbuf != NULL)
798 (void) memcpy(hashbuf, hash, MHASH_SIZE);
799
800 return (MHASH_NEWFILE);
801 }
802