1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
23 */
24
25
26 #include <sys/stat.h>
27 #include <sys/types.h>
28
29 #include <assert.h>
30 #include <ctype.h>
31 #include <errno.h>
32 #include <fcntl.h>
33 #include <libintl.h>
34 #include <libscf.h>
35 #include <libuutil.h>
36 #include <limits.h>
37 #include <md5.h>
38 #include <pthread.h>
39 #include <stdio.h>
40 #include <stdlib.h>
41 #include <string.h>
42 #include <strings.h>
43 #include <unistd.h>
44
45 #include <manifest_hash.h>
46
47 /*
48 * Translate a file name to property name. Return an allocated string or NULL
49 * if realpath() fails. If deathrow is true, realpath() is skipped. This
50 * allows to return the property name even if the file doesn't exist.
51 */
52 char *
mhash_filename_to_propname(const char * in,boolean_t deathrow)53 mhash_filename_to_propname(const char *in, boolean_t deathrow)
54 {
55 char *out, *cp, *base;
56 size_t len, piece_len;
57 size_t base_sz = 0;
58
59 out = uu_zalloc(PATH_MAX + 1);
60 if (deathrow) {
61 /* used only for service deathrow handling */
62 if (strlcpy(out, in, PATH_MAX + 1) >= (PATH_MAX + 1)) {
63 uu_free(out);
64 return (NULL);
65 }
66 } else {
67 if (realpath(in, out) == NULL) {
68 uu_free(out);
69 return (NULL);
70 }
71 }
72
73 base = getenv("PKG_INSTALL_ROOT");
74
75 /*
76 * We copy-shift over the basedir and the leading slash, since it's
77 * not relevant to when we boot with this repository.
78 */
79
80 if (base != NULL && strncmp(out, base, strlen(base)) == 0)
81 base_sz = strlen(base);
82
83 cp = out + base_sz;
84 if (*cp == '/')
85 cp++;
86 (void) memmove(out, cp, strlen(cp) + 1);
87
88 len = strlen(out);
89 if (len > scf_limit(SCF_LIMIT_MAX_NAME_LENGTH)) {
90 /* Use the first half and the second half. */
91 piece_len = (scf_limit(SCF_LIMIT_MAX_NAME_LENGTH) - 3) / 2;
92
93 (void) strncpy(out + piece_len, "__", 2);
94
95 (void) memmove(out + piece_len + 2, out + (len - piece_len),
96 piece_len + 1);
97 }
98
99 /*
100 * Translate non-property characters to '_', first making sure that
101 * we don't begin with '_'.
102 */
103
104 if (!isalpha(*out))
105 *out = 'A';
106
107 for (cp = out + 1; *cp != '\0'; ++cp) {
108 if (!(isalnum(*cp) || *cp == '_' || *cp == '-'))
109 *cp = '_';
110 }
111
112 return (out);
113 }
114
115 int
mhash_retrieve_entry(scf_handle_t * hndl,const char * name,uchar_t * hash,apply_action_t * action)116 mhash_retrieve_entry(scf_handle_t *hndl, const char *name, uchar_t *hash,
117 apply_action_t *action)
118 {
119 scf_scope_t *scope;
120 scf_service_t *svc;
121 scf_propertygroup_t *pg;
122 scf_property_t *prop;
123 scf_value_t *val;
124 scf_error_t err;
125 ssize_t szret;
126 int result = 0;
127
128 if (action)
129 *action = APPLY_NONE;
130
131 /*
132 * In this implementation the hash for name is the opaque value of
133 * svc:/MHASH_SVC/:properties/name/MHASH_PROP
134 */
135
136 if ((scope = scf_scope_create(hndl)) == NULL ||
137 (svc = scf_service_create(hndl)) == NULL ||
138 (pg = scf_pg_create(hndl)) == NULL ||
139 (prop = scf_property_create(hndl)) == NULL ||
140 (val = scf_value_create(hndl)) == NULL) {
141 result = -1;
142 goto out;
143 }
144
145 if (scf_handle_get_local_scope(hndl, scope) < 0) {
146 result = -1;
147 goto out;
148 }
149
150 if (scf_scope_get_service(scope, MHASH_SVC, svc) < 0) {
151 result = -1;
152 goto out;
153 }
154
155 if (scf_service_get_pg(svc, name, pg) != SCF_SUCCESS) {
156 result = -1;
157 goto out;
158 }
159
160 if (scf_pg_get_property(pg, MHASH_PROP, prop) != SCF_SUCCESS) {
161 result = -1;
162 goto out;
163 }
164
165 if (scf_property_get_value(prop, val) != SCF_SUCCESS) {
166 result = -1;
167 goto out;
168 }
169
170 szret = scf_value_get_opaque(val, hash, MHASH_SIZE);
171 if (szret < 0) {
172 result = -1;
173 goto out;
174 }
175
176 /*
177 * Make sure that the old hash is returned with
178 * remainder of the bytes zeroed.
179 */
180 if (szret == MHASH_SIZE_OLD) {
181 (void) memset(hash + MHASH_SIZE_OLD, 0,
182 MHASH_SIZE - MHASH_SIZE_OLD);
183 } else if (szret != MHASH_SIZE) {
184 scf_value_destroy(val);
185 result = -1;
186 goto out;
187 }
188
189 /*
190 * If caller has requested the apply_last property, read the
191 * property if it exists.
192 */
193 if (action != NULL) {
194 uint8_t apply_value;
195
196 if (scf_pg_get_property(pg, MHASH_APPLY_PROP, prop) !=
197 SCF_SUCCESS) {
198 err = scf_error();
199 if ((err != SCF_ERROR_DELETED) &&
200 (err != SCF_ERROR_NOT_FOUND)) {
201 result = -1;
202 }
203 goto out;
204 }
205 if (scf_property_get_value(prop, val) != SCF_SUCCESS) {
206 err = scf_error();
207 if ((err != SCF_ERROR_DELETED) &&
208 (err != SCF_ERROR_NOT_FOUND)) {
209 result = -1;
210 }
211 goto out;
212 }
213 if (scf_value_get_boolean(val, &apply_value) != SCF_SUCCESS) {
214 result = -1;
215 goto out;
216 }
217 if (apply_value)
218 *action = APPLY_LATE;
219 }
220
221 out:
222 (void) scf_value_destroy(val);
223 scf_property_destroy(prop);
224 scf_pg_destroy(pg);
225 scf_service_destroy(svc);
226 scf_scope_destroy(scope);
227
228 return (result);
229 }
230
231 int
mhash_store_entry(scf_handle_t * hndl,const char * name,const char * fname,uchar_t * hash,apply_action_t apply_late,char ** errstr)232 mhash_store_entry(scf_handle_t *hndl, const char *name, const char *fname,
233 uchar_t *hash, apply_action_t apply_late, char **errstr)
234 {
235 scf_scope_t *scope = NULL;
236 scf_service_t *svc = NULL;
237 scf_propertygroup_t *pg = NULL;
238 scf_property_t *prop = NULL;
239 scf_value_t *aval = NULL;
240 scf_value_t *val = NULL;
241 scf_value_t *fval = NULL;
242 scf_transaction_t *tx = NULL;
243 scf_transaction_entry_t *ae = NULL;
244 scf_transaction_entry_t *e = NULL;
245 scf_transaction_entry_t *fe = NULL;
246 scf_error_t err;
247 int ret, result = 0;
248
249 int i;
250
251 if ((scope = scf_scope_create(hndl)) == NULL ||
252 (svc = scf_service_create(hndl)) == NULL ||
253 (pg = scf_pg_create(hndl)) == NULL ||
254 (prop = scf_property_create(hndl)) == NULL) {
255 if (errstr != NULL)
256 *errstr = gettext("Could not create scf objects");
257 result = -1;
258 goto out;
259 }
260
261 if (scf_handle_get_local_scope(hndl, scope) != SCF_SUCCESS) {
262 if (errstr != NULL)
263 *errstr = gettext("Could not get local scope");
264 result = -1;
265 goto out;
266 }
267
268 for (i = 0; i < 5; ++i) {
269
270 if (scf_scope_get_service(scope, MHASH_SVC, svc) ==
271 SCF_SUCCESS)
272 break;
273
274 if (scf_error() != SCF_ERROR_NOT_FOUND) {
275 if (errstr != NULL)
276 *errstr = gettext("Could not get manifest hash "
277 "service");
278 result = -1;
279 goto out;
280 }
281
282 if (scf_scope_add_service(scope, MHASH_SVC, svc) ==
283 SCF_SUCCESS)
284 break;
285
286 err = scf_error();
287
288 if (err == SCF_ERROR_EXISTS)
289 /* Try again. */
290 continue;
291 else if (err == SCF_ERROR_PERMISSION_DENIED) {
292 if (errstr != NULL)
293 *errstr = gettext("Could not store file hash: "
294 "permission denied.\n");
295 result = -1;
296 goto out;
297 }
298
299 if (errstr != NULL)
300 *errstr = gettext("Could not add manifest hash "
301 "service");
302 result = -1;
303 goto out;
304 }
305
306 if (i == 5) {
307 if (errstr != NULL)
308 *errstr = gettext("Could not store file hash: "
309 "service addition contention.\n");
310 result = -1;
311 goto out;
312 }
313
314 for (i = 0; i < 5; ++i) {
315 if (scf_service_get_pg(svc, name, pg) == SCF_SUCCESS)
316 break;
317
318 if (scf_error() != SCF_ERROR_NOT_FOUND) {
319 if (errstr != NULL)
320 *errstr = gettext("Could not get service's "
321 "hash record)");
322 result = -1;
323 goto out;
324 }
325
326 if (scf_service_add_pg(svc, name, MHASH_PG_TYPE,
327 MHASH_PG_FLAGS, pg) == SCF_SUCCESS)
328 break;
329
330 err = scf_error();
331
332 if (err == SCF_ERROR_EXISTS)
333 /* Try again. */
334 continue;
335 else if (err == SCF_ERROR_PERMISSION_DENIED) {
336 if (errstr != NULL)
337 *errstr = gettext("Could not store file hash: "
338 "permission denied.\n");
339 result = -1;
340 goto out;
341 }
342
343 if (errstr != NULL)
344 *errstr = gettext("Could not store file hash");
345 result = -1;
346 goto out;
347 }
348 if (i == 5) {
349 if (errstr != NULL)
350 *errstr = gettext("Could not store file hash: "
351 "property group addition contention.\n");
352 result = -1;
353 goto out;
354 }
355
356 if ((e = scf_entry_create(hndl)) == NULL ||
357 (val = scf_value_create(hndl)) == NULL ||
358 (fe = scf_entry_create(hndl)) == NULL ||
359 (fval = scf_value_create(hndl)) == NULL ||
360 (ae = scf_entry_create(hndl)) == NULL ||
361 (aval = scf_value_create(hndl)) == NULL) {
362 if (errstr != NULL)
363 *errstr = gettext("Could not store file hash: "
364 "permission denied.\n");
365 result = -1;
366 goto out;
367 }
368
369 ret = scf_value_set_opaque(val, hash, MHASH_SIZE);
370 assert(ret == SCF_SUCCESS);
371 ret = scf_value_set_astring(fval, fname);
372 assert(ret == SCF_SUCCESS);
373 if (apply_late == APPLY_LATE) {
374 scf_value_set_boolean(aval, 1);
375 }
376
377 tx = scf_transaction_create(hndl);
378 if (tx == NULL) {
379 if (errstr != NULL)
380 *errstr = gettext("Could not create transaction");
381 result = -1;
382 goto out;
383 }
384
385 do {
386 if (scf_pg_update(pg) == -1) {
387 if (errstr != NULL)
388 *errstr = gettext("Could not update hash "
389 "entry");
390 result = -1;
391 goto out;
392 }
393 if (scf_transaction_start(tx, pg) != SCF_SUCCESS) {
394 if (scf_error() != SCF_ERROR_PERMISSION_DENIED) {
395 if (errstr != NULL)
396 *errstr = gettext("Could not start "
397 "hash transaction.\n");
398 result = -1;
399 goto out;
400 }
401
402 if (errstr != NULL)
403 *errstr = gettext("Could not store file hash: "
404 "permission denied.\n");
405 result = -1;
406
407 scf_transaction_destroy(tx);
408 (void) scf_entry_destroy(e);
409 goto out;
410 }
411
412 if (scf_transaction_property_new(tx, e, MHASH_PROP,
413 SCF_TYPE_OPAQUE) != SCF_SUCCESS &&
414 scf_transaction_property_change_type(tx, e, MHASH_PROP,
415 SCF_TYPE_OPAQUE) != SCF_SUCCESS) {
416 if (errstr != NULL)
417 *errstr = gettext("Could not modify hash "
418 "entry");
419 result = -1;
420 goto out;
421 }
422
423 ret = scf_entry_add_value(e, val);
424 assert(ret == SCF_SUCCESS);
425
426 if (scf_transaction_property_new(tx, fe, MHASH_FILE_PROP,
427 SCF_TYPE_ASTRING) != SCF_SUCCESS &&
428 scf_transaction_property_change_type(tx, fe,
429 MHASH_FILE_PROP, SCF_TYPE_ASTRING) != SCF_SUCCESS) {
430 if (errstr != NULL)
431 *errstr = gettext("Could not modify file "
432 "entry");
433 result = -1;
434 goto out;
435 }
436
437 ret = scf_entry_add_value(fe, fval);
438 assert(ret == SCF_SUCCESS);
439
440 switch (apply_late) {
441 case APPLY_NONE:
442 if (scf_transaction_property_delete(tx, ae,
443 MHASH_APPLY_PROP) != 0) {
444 err = scf_error();
445 if ((err != SCF_ERROR_DELETED) &&
446 (err != SCF_ERROR_NOT_FOUND)) {
447 if (errstr != NULL) {
448 *errstr = gettext("Could not "
449 "delete apply_late "
450 "property");
451 }
452 result = -1;
453 goto out;
454 }
455 }
456 break;
457 case APPLY_LATE:
458 if ((scf_transaction_property_new(tx, ae,
459 MHASH_APPLY_PROP,
460 SCF_TYPE_BOOLEAN) != SCF_SUCCESS) &&
461 (scf_transaction_property_change_type(tx, ae,
462 MHASH_APPLY_PROP, SCF_TYPE_BOOLEAN) !=
463 SCF_SUCCESS)) {
464 if (errstr != NULL) {
465 *errstr = gettext("Could not modify "
466 "apply_late property");
467 }
468 result = -1;
469 goto out;
470 }
471
472 ret = scf_entry_add_value(ae, aval);
473 assert(ret == SCF_SUCCESS);
474 break;
475 default:
476 abort();
477 };
478
479 ret = scf_transaction_commit(tx);
480
481 if (ret == 0)
482 scf_transaction_reset(tx);
483 } while (ret == 0);
484
485 if (ret < 0) {
486 if (scf_error() != SCF_ERROR_PERMISSION_DENIED) {
487 if (errstr != NULL)
488 *errstr = gettext("Could not store file hash: "
489 "permission denied.\n");
490 result = -1;
491 goto out;
492 }
493
494 if (errstr != NULL)
495 *errstr = gettext("Could not commit transaction");
496 result = -1;
497 }
498
499 scf_transaction_destroy(tx);
500 (void) scf_entry_destroy(e);
501 (void) scf_entry_destroy(fe);
502 (void) scf_entry_destroy(ae);
503
504 out:
505 (void) scf_value_destroy(val);
506 (void) scf_value_destroy(fval);
507 (void) scf_value_destroy(aval);
508 scf_property_destroy(prop);
509 scf_pg_destroy(pg);
510 scf_service_destroy(svc);
511 scf_scope_destroy(scope);
512
513 return (result);
514 }
515
516 /*
517 * Generate the md5 hash of a file; manifest files are smallish
518 * so we can read them in one gulp.
519 */
520 static int
md5_hash_file(const char * file,off64_t sz,uchar_t * hash)521 md5_hash_file(const char *file, off64_t sz, uchar_t *hash)
522 {
523 char *buf;
524 int fd;
525 ssize_t res;
526 int ret;
527
528 fd = open(file, O_RDONLY);
529 if (fd < 0)
530 return (-1);
531
532 buf = malloc(sz);
533 if (buf == NULL) {
534 (void) close(fd);
535 return (-1);
536 }
537
538 res = read(fd, buf, (size_t)sz);
539
540 (void) close(fd);
541
542 if (res == sz) {
543 ret = 0;
544 md5_calc(hash, (uchar_t *)buf, (unsigned int) sz);
545 } else {
546 ret = -1;
547 }
548
549 free(buf);
550 return (ret);
551 }
552
553 /*
554 * int mhash_test_file(scf_handle_t *, const char *, uint_t, char **, uchar_t *)
555 * Test the given filename against the hashed metadata in the repository.
556 * The behaviours for import and apply are slightly different. For imports,
557 * if the hash value is absent or different, then the import operation
558 * continues. For profile application, the operation continues only if the
559 * hash value for the file is absent.
560 *
561 * We keep two hashes: one which can be quickly test: the metadata hash,
562 * and one which is more expensive to test: the file contents hash.
563 *
564 * If either hash matches, the file does not need to be re-read.
565 * If only one of the hashes matches, a side effect of this function
566 * is to store the newly computed hash.
567 * If neither hash matches, the hash computed for the new file is returned
568 * and not stored.
569 *
570 * Return values:
571 * MHASH_NEWFILE - the file no longer matches the hash or no hash existed
572 * ONLY in this case we return the new file's hash.
573 * MHASH_FAILURE - an internal error occurred, or the file was not found.
574 * MHASH_RECONCILED- based on the metadata/file hash, the file does
575 * not need to be re-read; if necessary,
576 * the hash was upgraded or reconciled.
577 *
578 * NOTE: no hash is returned UNLESS MHASH_NEWFILE is returned.
579 */
580 int
mhash_test_file(scf_handle_t * hndl,const char * file,uint_t is_profile,char ** pnamep,uchar_t * hashbuf)581 mhash_test_file(scf_handle_t *hndl, const char *file, uint_t is_profile,
582 char **pnamep, uchar_t *hashbuf)
583 {
584 apply_action_t action;
585 boolean_t do_hash;
586 struct stat64 st;
587 char *cp;
588 char *data;
589 uchar_t stored_hash[MHASH_SIZE];
590 uchar_t hash[MHASH_SIZE];
591 char *pname;
592 int ret;
593 int hashash;
594 int metahashok = 0;
595
596 if (pnamep)
597 *pnamep = NULL;
598
599 /*
600 * In the case where we are doing automated imports, we reduce the UID,
601 * the GID, the size, and the mtime into a string (to eliminate
602 * endianness) which we then make opaque as a single MD5 digest.
603 *
604 * The previous hash was composed of the inode number, the UID, the file
605 * size, and the mtime. This formulation was found to be insufficiently
606 * portable for use in highly replicated deployments. The current
607 * algorithm will allow matches of this "v1" hash, but always returns
608 * the effective "v2" hash, such that updates result in the more
609 * portable hash being used.
610 *
611 * An unwanted side effect of a hash based solely on the file
612 * meta data is the fact that we pay no attention to the contents
613 * which may remain the same despite meta data changes. This happens
614 * with (live) upgrades. We extend the V2 hash with an additional
615 * digest of the file contents and the code retrieving the hash
616 * from the repository zero fills the remainder so we can detect
617 * it is missing.
618 *
619 * If the the V2 digest matches, we check for the presence of
620 * the contents digest and compute and store it if missing.
621 *
622 * If the V2 digest doesn't match but we also have a non-zero
623 * file hash, we match the file content digest. If it matches,
624 * we compute and store the new complete hash so that later
625 * checks will find the meta data digest correct.
626 *
627 * If the above matches fail and the V1 hash doesn't match either,
628 * we consider the test to have failed, implying that some aspect
629 * of the manifest has changed.
630 */
631
632 cp = getenv("SVCCFG_CHECKHASH");
633 do_hash = (cp != NULL && *cp != '\0');
634 if (!do_hash) {
635 return (MHASH_NEWFILE);
636 }
637
638 pname = mhash_filename_to_propname(file, B_FALSE);
639 if (pname == NULL)
640 return (MHASH_FAILURE);
641
642 hashash = mhash_retrieve_entry(hndl, pname, stored_hash, &action) == 0;
643 if (is_profile == 0) {
644 /* Actions other than APPLY_NONE are restricted to profiles. */
645 assert(action == APPLY_NONE);
646 }
647
648 /*
649 * As a general rule, we do not reread a profile. The exception to
650 * this rule is when we are running as part of the manifest import
651 * service and the apply_late property is set to true.
652 */
653 if (hashash && is_profile) {
654 cp = getenv("SMF_FMRI");
655 if ((cp == NULL) ||
656 (strcmp(cp, SCF_INSTANCE_MI) != 0) ||
657 (action != APPLY_LATE)) {
658 uu_free(pname);
659 return (MHASH_RECONCILED);
660 }
661 }
662
663 /*
664 * No hash and not interested in one, then don't bother computing it.
665 * We also skip returning the property name in that case.
666 */
667 if (!hashash && hashbuf == NULL) {
668 uu_free(pname);
669 return (MHASH_NEWFILE);
670 }
671
672 do {
673 ret = stat64(file, &st);
674 } while (ret < 0 && errno == EINTR);
675 if (ret < 0) {
676 uu_free(pname);
677 return (MHASH_FAILURE);
678 }
679
680 data = uu_msprintf(MHASH_FORMAT_V2, st.st_uid, st.st_gid,
681 st.st_size, st.st_mtime);
682 if (data == NULL) {
683 uu_free(pname);
684 return (MHASH_FAILURE);
685 }
686
687 (void) memset(hash, 0, MHASH_SIZE);
688 md5_calc(hash, (uchar_t *)data, strlen(data));
689
690 uu_free(data);
691
692 /*
693 * Verify the meta data hash.
694 */
695 if (hashash && memcmp(hash, stored_hash, MD5_DIGEST_LENGTH) == 0) {
696 int i;
697
698 metahashok = 1;
699 /*
700 * The metadata hash matches; now we see if there was a
701 * content hash; if not, we will continue on and compute and
702 * store the updated hash.
703 * If there was no content hash, mhash_retrieve_entry()
704 * will have zero filled it.
705 */
706 for (i = 0; i < MD5_DIGEST_LENGTH; i++) {
707 if (stored_hash[MD5_DIGEST_LENGTH+i] != 0) {
708 if (action == APPLY_LATE) {
709 if (pnamep != NULL)
710 *pnamep = pname;
711 ret = MHASH_NEWFILE;
712 } else {
713 uu_free(pname);
714 ret = MHASH_RECONCILED;
715 }
716 return (ret);
717 }
718 }
719 }
720
721 /*
722 * Compute the file hash as we can no longer avoid having to know it.
723 * Note: from this point on "hash" contains the full, current, hash.
724 */
725 if (md5_hash_file(file, st.st_size, &hash[MHASH_SIZE_OLD]) != 0) {
726 uu_free(pname);
727 return (MHASH_FAILURE);
728 }
729 if (hashash) {
730 uchar_t hash_v1[MHASH_SIZE_OLD];
731
732 if (metahashok ||
733 memcmp(&hash[MHASH_SIZE_OLD], &stored_hash[MHASH_SIZE_OLD],
734 MD5_DIGEST_LENGTH) == 0) {
735
736 /*
737 * Reconcile entry: we get here when either the
738 * meta data hash matches or the content hash matches;
739 * we then update the database with the complete
740 * new hash so we can be a bit quicker next time.
741 */
742 (void) mhash_store_entry(hndl, pname, file, hash,
743 APPLY_NONE, NULL);
744 if (action == APPLY_LATE) {
745 if (pnamep != NULL)
746 *pnamep = pname;
747 ret = MHASH_NEWFILE;
748 } else {
749 uu_free(pname);
750 ret = MHASH_RECONCILED;
751 }
752 return (ret);
753 }
754
755 /*
756 * No match on V2 hash or file content; compare V1 hash.
757 */
758 data = uu_msprintf(MHASH_FORMAT_V1, st.st_ino, st.st_uid,
759 st.st_size, st.st_mtime);
760 if (data == NULL) {
761 uu_free(pname);
762 return (MHASH_FAILURE);
763 }
764
765 md5_calc(hash_v1, (uchar_t *)data, strlen(data));
766
767 uu_free(data);
768
769 if (memcmp(hash_v1, stored_hash, MD5_DIGEST_LENGTH) == 0) {
770 /*
771 * Update the new entry so we don't have to go through
772 * all this trouble next time.
773 */
774 (void) mhash_store_entry(hndl, pname, file, hash,
775 APPLY_NONE, NULL);
776 uu_free(pname);
777 return (MHASH_RECONCILED);
778 }
779 }
780
781 if (pnamep != NULL)
782 *pnamep = pname;
783 else
784 uu_free(pname);
785
786 if (hashbuf != NULL)
787 (void) memcpy(hashbuf, hash, MHASH_SIZE);
788
789 return (MHASH_NEWFILE);
790 }
791