xref: /titanic_41/usr/src/cmd/svc/common/manifest_hash.c (revision 88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 #include <sys/stat.h>
30 #include <sys/types.h>
31 
32 #include <assert.h>
33 #include <ctype.h>
34 #include <errno.h>
35 #include <libintl.h>
36 #include <libscf.h>
37 #include <libuutil.h>
38 #include <limits.h>
39 #include <md5.h>
40 #include <pthread.h>
41 #include <stdio.h>
42 #include <stdlib.h>
43 #include <string.h>
44 #include <strings.h>
45 
46 #include <manifest_hash.h>
47 
48 /*
49  * Translate a file name to property name.  Return an allocated string or NULL
50  * if realpath() fails.
51  */
52 char *
53 mhash_filename_to_propname(const char *in)
54 {
55 	char *out, *cp, *base;
56 	size_t len, piece_len;
57 
58 	out = uu_zalloc(PATH_MAX + 1);
59 	if (realpath(in, out) == NULL) {
60 		uu_free(out);
61 		return (NULL);
62 	}
63 
64 	base = getenv("PKG_INSTALL_ROOT");
65 
66 	/*
67 	 * We copy-shift over the basedir and the leading slash, since it's
68 	 * not relevant to when we boot with this repository.
69 	 */
70 
71 	cp = out + ((base != NULL)? strlen(base) : 0);
72 	if (*cp == '/')
73 		cp++;
74 	(void) memmove(out, cp, strlen(cp) + 1);
75 
76 	len = strlen(out);
77 	if (len > scf_limit(SCF_LIMIT_MAX_NAME_LENGTH)) {
78 		/* Use the first half and the second half. */
79 		piece_len = (scf_limit(SCF_LIMIT_MAX_NAME_LENGTH) - 3) / 2;
80 
81 		(void) strncpy(out + piece_len, "__", 2);
82 
83 		(void) memmove(out + piece_len + 2, out + (len - piece_len),
84 		    piece_len + 1);
85 	}
86 
87 	/*
88 	 * Translate non-property characters to '_', first making sure that
89 	 * we don't begin with '_'.
90 	 */
91 
92 	if (!isalpha(*out))
93 		*out = 'A';
94 
95 	for (cp = out + 1; *cp != '\0'; ++cp) {
96 		if (!(isalnum(*cp) || *cp == '_' || *cp == '-'))
97 			*cp = '_';
98 	}
99 
100 	return (out);
101 }
102 
103 int
104 mhash_retrieve_entry(scf_handle_t *hndl, const char *name, uchar_t *hash)
105 {
106 	scf_scope_t *scope;
107 	scf_service_t *svc;
108 	scf_propertygroup_t *pg;
109 	scf_property_t *prop;
110 	scf_value_t *val;
111 	ssize_t szret;
112 	int result = 0;
113 
114 	/*
115 	 * In this implementation the hash for name is the opaque value of
116 	 * svc:/MHASH_SVC/:properties/name/MHASH_PROP
117 	 */
118 
119 	if ((scope = scf_scope_create(hndl)) == NULL ||
120 	    (svc = scf_service_create(hndl)) == NULL ||
121 	    (pg = scf_pg_create(hndl)) == NULL ||
122 	    (prop = scf_property_create(hndl)) == NULL ||
123 	    (val = scf_value_create(hndl)) == NULL) {
124 		result = -1;
125 		goto out;
126 	}
127 
128 	if (scf_handle_get_local_scope(hndl, scope) < 0) {
129 		result = -1;
130 		goto out;
131 	}
132 
133 	if (scf_scope_get_service(scope, MHASH_SVC, svc) < 0) {
134 		result = -1;
135 		goto out;
136 	}
137 
138 	if (scf_service_get_pg(svc, name, pg) != SCF_SUCCESS) {
139 		result = -1;
140 		goto out;
141 	}
142 
143 	if (scf_pg_get_property(pg, MHASH_PROP, prop) != SCF_SUCCESS) {
144 		result = -1;
145 		goto out;
146 	}
147 
148 	if (scf_property_get_value(prop, val) != SCF_SUCCESS) {
149 		result = -1;
150 		goto out;
151 	}
152 
153 	szret = scf_value_get_opaque(val, hash, MHASH_SIZE);
154 	if (szret < 0) {
155 		result = -1;
156 		goto out;
157 	}
158 
159 	if (szret != MHASH_SIZE) {
160 		scf_value_destroy(val);
161 		result = -1;
162 		goto out;
163 	}
164 
165 out:
166 	(void) scf_value_destroy(val);
167 	scf_property_destroy(prop);
168 	scf_pg_destroy(pg);
169 	scf_service_destroy(svc);
170 	scf_scope_destroy(scope);
171 
172 	return (result);
173 }
174 
175 int
176 mhash_store_entry(scf_handle_t *hndl, const char *name, uchar_t *hash,
177     char **errstr)
178 {
179 	scf_scope_t *scope = NULL;
180 	scf_service_t *svc = NULL;
181 	scf_propertygroup_t *pg = NULL;
182 	scf_property_t *prop = NULL;
183 	scf_value_t *val = NULL;
184 	scf_transaction_t *tx = NULL;
185 	scf_transaction_entry_t *e = NULL;
186 	int ret, result = 0;
187 
188 	int i;
189 
190 	if ((scope = scf_scope_create(hndl)) == NULL ||
191 	    (svc = scf_service_create(hndl)) == NULL ||
192 	    (pg = scf_pg_create(hndl)) == NULL ||
193 	    (prop = scf_property_create(hndl)) == NULL) {
194 		if (errstr != NULL)
195 			*errstr = gettext("Could not create scf objects");
196 		result = -1;
197 		goto out;
198 	}
199 
200 	if (scf_handle_get_local_scope(hndl, scope) != SCF_SUCCESS) {
201 		if (errstr != NULL)
202 			*errstr = gettext("Could not get local scope");
203 		result = -1;
204 		goto out;
205 	}
206 
207 	for (i = 0; i < 5; ++i) {
208 		scf_error_t err;
209 
210 		if (scf_scope_get_service(scope, MHASH_SVC, svc) ==
211 		    SCF_SUCCESS)
212 			break;
213 
214 		if (scf_error() != SCF_ERROR_NOT_FOUND) {
215 			if (errstr != NULL)
216 				*errstr = gettext("Could not get manifest hash "
217 				    "service");
218 			result = -1;
219 			goto out;
220 		}
221 
222 		if (scf_scope_add_service(scope, MHASH_SVC, svc) ==
223 		    SCF_SUCCESS)
224 			break;
225 
226 		err = scf_error();
227 
228 		if (err == SCF_ERROR_EXISTS)
229 			/* Try again. */
230 			continue;
231 		else if (err == SCF_ERROR_PERMISSION_DENIED) {
232 			if (errstr != NULL)
233 				*errstr = gettext("Could not store file hash: "
234 				    "permission denied.\n");
235 			result = -1;
236 			goto out;
237 		}
238 
239 		if (errstr != NULL)
240 			*errstr = gettext("Could not add manifest hash "
241 			    "service");
242 		result = -1;
243 		goto out;
244 	}
245 
246 	if (i == 5) {
247 		if (errstr != NULL)
248 			*errstr = gettext("Could not store file hash: "
249 			    "service addition contention.\n");
250 		result = -1;
251 		goto out;
252 	}
253 
254 	for (i = 0; i < 5; ++i) {
255 		scf_error_t err;
256 
257 		if (scf_service_get_pg(svc, name, pg) == SCF_SUCCESS)
258 			break;
259 
260 		if (scf_error() != SCF_ERROR_NOT_FOUND) {
261 			if (errstr != NULL)
262 				*errstr = gettext("Could not get service's "
263 				    "hash record)");
264 			result = -1;
265 			goto out;
266 		}
267 
268 		if (scf_service_add_pg(svc, name, MHASH_PG_TYPE,
269 		    MHASH_PG_FLAGS, pg) == SCF_SUCCESS)
270 			break;
271 
272 		err = scf_error();
273 
274 		if (err == SCF_ERROR_EXISTS)
275 			/* Try again. */
276 			continue;
277 		else if (err == SCF_ERROR_PERMISSION_DENIED) {
278 			if (errstr != NULL)
279 				*errstr = gettext("Could not store file hash: "
280 				    "permission denied.\n");
281 			result = -1;
282 			goto out;
283 		}
284 
285 		if (errstr != NULL)
286 			*errstr = gettext("Could not store file hash");
287 		result = -1;
288 		goto out;
289 	}
290 	if (i == 5) {
291 		if (errstr != NULL)
292 			*errstr = gettext("Could not store file hash: "
293 			    "property group addition contention.\n");
294 		result = -1;
295 		goto out;
296 	}
297 
298 	if ((e = scf_entry_create(hndl)) == NULL ||
299 	    (val = scf_value_create(hndl)) == NULL) {
300 		if (errstr != NULL)
301 			*errstr = gettext("Could not store file hash: "
302 			    "permission denied.\n");
303 		result = -1;
304 		goto out;
305 	}
306 
307 	ret = scf_value_set_opaque(val, hash, MHASH_SIZE);
308 	assert(ret == SCF_SUCCESS);
309 
310 	tx = scf_transaction_create(hndl);
311 	if (tx == NULL) {
312 		if (errstr != NULL)
313 			*errstr = gettext("Could not create transaction");
314 		result = -1;
315 		goto out;
316 	}
317 
318 	do {
319 		if (scf_pg_update(pg) == -1) {
320 			if (errstr != NULL)
321 				*errstr = gettext("Could not update hash "
322 				    "entry");
323 			result = -1;
324 			goto out;
325 		}
326 		if (scf_transaction_start(tx, pg) != SCF_SUCCESS) {
327 			if (scf_error() != SCF_ERROR_PERMISSION_DENIED) {
328 				if (errstr != NULL)
329 					*errstr = gettext("Could not start "
330 					    "hash transaction.\n");
331 				result = -1;
332 				goto out;
333 			}
334 
335 			if (errstr != NULL)
336 				*errstr = gettext("Could not store file hash: "
337 				    "permission denied.\n");
338 			result = -1;
339 
340 			scf_transaction_destroy(tx);
341 			(void) scf_entry_destroy(e);
342 			goto out;
343 		}
344 
345 		if (scf_transaction_property_new(tx, e, MHASH_PROP,
346 		    SCF_TYPE_OPAQUE) != SCF_SUCCESS &&
347 		    scf_transaction_property_change_type(tx, e, MHASH_PROP,
348 		    SCF_TYPE_OPAQUE) != SCF_SUCCESS) {
349 			if (errstr != NULL)
350 				*errstr = gettext("Could not modify hash "
351 				    "entry");
352 			result = -1;
353 			goto out;
354 		}
355 
356 		ret = scf_entry_add_value(e, val);
357 		assert(ret == SCF_SUCCESS);
358 
359 		ret = scf_transaction_commit(tx);
360 
361 		if (ret == 0)
362 			scf_transaction_reset(tx);
363 	} while (ret == 0);
364 
365 	if (ret < 0) {
366 		if (scf_error() != SCF_ERROR_PERMISSION_DENIED) {
367 			if (errstr != NULL)
368 				*errstr = gettext("Could not store file hash: "
369 				    "permission denied.\n");
370 			result = -1;
371 			goto out;
372 		}
373 
374 		if (errstr != NULL)
375 			*errstr = gettext("Could not commit transaction");
376 		result = -1;
377 	}
378 
379 	scf_transaction_destroy(tx);
380 	(void) scf_entry_destroy(e);
381 
382 out:
383 	(void) scf_value_destroy(val);
384 	scf_property_destroy(prop);
385 	scf_pg_destroy(pg);
386 	scf_service_destroy(svc);
387 	scf_scope_destroy(scope);
388 
389 	return (result);
390 }
391 
392 /*
393  * int mhash_test_file(scf_handle_t *, const char *, uint_t, char **, uchar_t *)
394  *   Test the given filename against the hashed metadata in the repository.
395  *   The behaviours for import and apply are slightly different.  For imports,
396  *   if the hash value is absent or different, then the import operation
397  *   continues.  For profile application, the operation continues only if the
398  *   hash value for the file is absent.
399  *
400  *   Return non-zero if we should skip the file because it is unchanged or
401  *   nonexistent.
402  */
403 int
404 mhash_test_file(scf_handle_t *hndl, const char *file, uint_t is_profile,
405     char **pnamep, uchar_t *hash)
406 {
407 	boolean_t do_hash;
408 	struct stat64 st;
409 	char *cp;
410 	char *data;
411 	uchar_t stored_hash[MHASH_SIZE];
412 	char *pname;
413 	int ret;
414 
415 	/*
416 	 * In the case where we are doing automated imports, we reduce the UID,
417 	 * the GID, the size, and the mtime into a string (to eliminate
418 	 * endianness) which we then make opaque as a single MD5 digest.
419 	 *
420 	 * The previous hash was composed of the inode number, the UID, the file
421 	 * size, and the mtime.  This formulation was found to be insufficiently
422 	 * portable for use in highly replicated deployments.  The current
423 	 * algorithm will allow matches of this "v1" hash, but always returns
424 	 * the effective "v2" hash, such that updates result in the more
425 	 * portable hash being used.
426 	 *
427 	 * If neither calculated digest matches the stored value, we consider
428 	 * the test to have failed, implying that some aspect of the manifest
429 	 * has changed.
430 	 */
431 
432 	cp = getenv("SVCCFG_CHECKHASH");
433 	do_hash = (cp != NULL && *cp != '\0');
434 	if (!do_hash) {
435 		*pnamep = NULL;
436 		return (0);
437 	}
438 
439 	do
440 		ret = stat64(file, &st);
441 	while (ret < 0 && errno == EINTR);
442 	if (ret < 0) {
443 		return (-1);
444 	}
445 
446 	data = uu_msprintf(MHASH_FORMAT_V2, st.st_uid, st.st_gid,
447 	    st.st_size, st.st_mtime);
448 	if (data == NULL) {
449 		return (-1);
450 	}
451 
452 	md5_calc(hash, (uchar_t *)data, strlen(data));
453 
454 	uu_free(data);
455 
456 	pname = mhash_filename_to_propname(file);
457 	if (pname == NULL)
458 		return (-1);
459 
460 	if (mhash_retrieve_entry(hndl, pname, stored_hash) == 0) {
461 		uchar_t hash_v1[MHASH_SIZE];
462 
463 		if (is_profile) {
464 			return (1);
465 		}
466 
467 		/*
468 		 * Manifest import.
469 		 */
470 		if (memcmp(hash, stored_hash, MHASH_SIZE) == 0)
471 			return (1);
472 
473 		/*
474 		 * No match on V2 hash; compare V1 hash.
475 		 */
476 		data = uu_msprintf(MHASH_FORMAT_V1, st.st_ino, st.st_uid,
477 		    st.st_size, st.st_mtime);
478 		if (data == NULL)
479 			return (-1);
480 
481 		md5_calc(hash_v1, (uchar_t *)data, strlen(data));
482 
483 		uu_free(data);
484 
485 		if (memcmp(hash_v1, stored_hash, MHASH_SIZE) == 0)
486 			return (1);
487 	}
488 
489 	*pnamep = pname;
490 
491 	return (0);
492 }
493