1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 #include <sys/stat.h> 30 #include <sys/types.h> 31 32 #include <assert.h> 33 #include <ctype.h> 34 #include <errno.h> 35 #include <libintl.h> 36 #include <libscf.h> 37 #include <libuutil.h> 38 #include <limits.h> 39 #include <md5.h> 40 #include <pthread.h> 41 #include <stdio.h> 42 #include <stdlib.h> 43 #include <string.h> 44 #include <strings.h> 45 46 #include <manifest_hash.h> 47 48 /* 49 * Translate a file name to property name. Return an allocated string or NULL 50 * if realpath() fails. 51 */ 52 char * 53 mhash_filename_to_propname(const char *in) 54 { 55 char *out, *cp, *base; 56 size_t len, piece_len; 57 58 out = uu_zalloc(PATH_MAX + 1); 59 if (realpath(in, out) == NULL) { 60 uu_free(out); 61 return (NULL); 62 } 63 64 base = getenv("PKG_INSTALL_ROOT"); 65 66 /* 67 * We copy-shift over the basedir and the leading slash, since it's 68 * not relevant to when we boot with this repository. 69 */ 70 71 cp = out + ((base != NULL)? strlen(base) : 0); 72 if (*cp == '/') 73 cp++; 74 (void) memmove(out, cp, strlen(cp) + 1); 75 76 len = strlen(out); 77 if (len > scf_limit(SCF_LIMIT_MAX_NAME_LENGTH)) { 78 /* Use the first half and the second half. */ 79 piece_len = (scf_limit(SCF_LIMIT_MAX_NAME_LENGTH) - 3) / 2; 80 81 (void) strncpy(out + piece_len, "__", 2); 82 83 (void) memmove(out + piece_len + 2, out + (len - piece_len), 84 piece_len + 1); 85 } 86 87 /* 88 * Translate non-property characters to '_', first making sure that 89 * we don't begin with '_'. 90 */ 91 92 if (!isalpha(*out)) 93 *out = 'A'; 94 95 for (cp = out + 1; *cp != '\0'; ++cp) { 96 if (!(isalnum(*cp) || *cp == '_' || *cp == '-')) 97 *cp = '_'; 98 } 99 100 return (out); 101 } 102 103 int 104 mhash_retrieve_entry(scf_handle_t *hndl, const char *name, uchar_t *hash) 105 { 106 scf_scope_t *scope; 107 scf_service_t *svc; 108 scf_propertygroup_t *pg; 109 scf_property_t *prop; 110 scf_value_t *val; 111 ssize_t szret; 112 int result = 0; 113 114 /* 115 * In this implementation the hash for name is the opaque value of 116 * svc:/MHASH_SVC/:properties/name/MHASH_PROP 117 */ 118 119 if ((scope = scf_scope_create(hndl)) == NULL || 120 (svc = scf_service_create(hndl)) == NULL || 121 (pg = scf_pg_create(hndl)) == NULL || 122 (prop = scf_property_create(hndl)) == NULL || 123 (val = scf_value_create(hndl)) == NULL) { 124 result = -1; 125 goto out; 126 } 127 128 if (scf_handle_get_local_scope(hndl, scope) < 0) { 129 result = -1; 130 goto out; 131 } 132 133 if (scf_scope_get_service(scope, MHASH_SVC, svc) < 0) { 134 result = -1; 135 goto out; 136 } 137 138 if (scf_service_get_pg(svc, name, pg) != SCF_SUCCESS) { 139 result = -1; 140 goto out; 141 } 142 143 if (scf_pg_get_property(pg, MHASH_PROP, prop) != SCF_SUCCESS) { 144 result = -1; 145 goto out; 146 } 147 148 if (scf_property_get_value(prop, val) != SCF_SUCCESS) { 149 result = -1; 150 goto out; 151 } 152 153 szret = scf_value_get_opaque(val, hash, MHASH_SIZE); 154 if (szret < 0) { 155 result = -1; 156 goto out; 157 } 158 159 if (szret != MHASH_SIZE) { 160 scf_value_destroy(val); 161 result = -1; 162 goto out; 163 } 164 165 out: 166 (void) scf_value_destroy(val); 167 scf_property_destroy(prop); 168 scf_pg_destroy(pg); 169 scf_service_destroy(svc); 170 scf_scope_destroy(scope); 171 172 return (result); 173 } 174 175 int 176 mhash_store_entry(scf_handle_t *hndl, const char *name, uchar_t *hash, 177 char **errstr) 178 { 179 scf_scope_t *scope = NULL; 180 scf_service_t *svc = NULL; 181 scf_propertygroup_t *pg = NULL; 182 scf_property_t *prop = NULL; 183 scf_value_t *val = NULL; 184 scf_transaction_t *tx = NULL; 185 scf_transaction_entry_t *e = NULL; 186 int ret, result = 0; 187 188 int i; 189 190 if ((scope = scf_scope_create(hndl)) == NULL || 191 (svc = scf_service_create(hndl)) == NULL || 192 (pg = scf_pg_create(hndl)) == NULL || 193 (prop = scf_property_create(hndl)) == NULL) { 194 if (errstr != NULL) 195 *errstr = gettext("Could not create scf objects"); 196 result = -1; 197 goto out; 198 } 199 200 if (scf_handle_get_local_scope(hndl, scope) != SCF_SUCCESS) { 201 if (errstr != NULL) 202 *errstr = gettext("Could not get local scope"); 203 result = -1; 204 goto out; 205 } 206 207 for (i = 0; i < 5; ++i) { 208 scf_error_t err; 209 210 if (scf_scope_get_service(scope, MHASH_SVC, svc) == 211 SCF_SUCCESS) 212 break; 213 214 if (scf_error() != SCF_ERROR_NOT_FOUND) { 215 if (errstr != NULL) 216 *errstr = gettext("Could not get manifest hash " 217 "service"); 218 result = -1; 219 goto out; 220 } 221 222 if (scf_scope_add_service(scope, MHASH_SVC, svc) == 223 SCF_SUCCESS) 224 break; 225 226 err = scf_error(); 227 228 if (err == SCF_ERROR_EXISTS) 229 /* Try again. */ 230 continue; 231 else if (err == SCF_ERROR_PERMISSION_DENIED) { 232 if (errstr != NULL) 233 *errstr = gettext("Could not store file hash: " 234 "permission denied.\n"); 235 result = -1; 236 goto out; 237 } 238 239 if (errstr != NULL) 240 *errstr = gettext("Could not add manifest hash " 241 "service"); 242 result = -1; 243 goto out; 244 } 245 246 if (i == 5) { 247 if (errstr != NULL) 248 *errstr = gettext("Could not store file hash: " 249 "service addition contention.\n"); 250 result = -1; 251 goto out; 252 } 253 254 for (i = 0; i < 5; ++i) { 255 scf_error_t err; 256 257 if (scf_service_get_pg(svc, name, pg) == SCF_SUCCESS) 258 break; 259 260 if (scf_error() != SCF_ERROR_NOT_FOUND) { 261 if (errstr != NULL) 262 *errstr = gettext("Could not get service's " 263 "hash record)"); 264 result = -1; 265 goto out; 266 } 267 268 if (scf_service_add_pg(svc, name, MHASH_PG_TYPE, 269 MHASH_PG_FLAGS, pg) == SCF_SUCCESS) 270 break; 271 272 err = scf_error(); 273 274 if (err == SCF_ERROR_EXISTS) 275 /* Try again. */ 276 continue; 277 else if (err == SCF_ERROR_PERMISSION_DENIED) { 278 if (errstr != NULL) 279 *errstr = gettext("Could not store file hash: " 280 "permission denied.\n"); 281 result = -1; 282 goto out; 283 } 284 285 if (errstr != NULL) 286 *errstr = gettext("Could not store file hash"); 287 result = -1; 288 goto out; 289 } 290 if (i == 5) { 291 if (errstr != NULL) 292 *errstr = gettext("Could not store file hash: " 293 "property group addition contention.\n"); 294 result = -1; 295 goto out; 296 } 297 298 if ((e = scf_entry_create(hndl)) == NULL || 299 (val = scf_value_create(hndl)) == NULL) { 300 if (errstr != NULL) 301 *errstr = gettext("Could not store file hash: " 302 "permission denied.\n"); 303 result = -1; 304 goto out; 305 } 306 307 ret = scf_value_set_opaque(val, hash, MHASH_SIZE); 308 assert(ret == SCF_SUCCESS); 309 310 tx = scf_transaction_create(hndl); 311 if (tx == NULL) { 312 if (errstr != NULL) 313 *errstr = gettext("Could not create transaction"); 314 result = -1; 315 goto out; 316 } 317 318 do { 319 if (scf_pg_update(pg) == -1) { 320 if (errstr != NULL) 321 *errstr = gettext("Could not update hash " 322 "entry"); 323 result = -1; 324 goto out; 325 } 326 if (scf_transaction_start(tx, pg) != SCF_SUCCESS) { 327 if (scf_error() != SCF_ERROR_PERMISSION_DENIED) { 328 if (errstr != NULL) 329 *errstr = gettext("Could not start " 330 "hash transaction.\n"); 331 result = -1; 332 goto out; 333 } 334 335 if (errstr != NULL) 336 *errstr = gettext("Could not store file hash: " 337 "permission denied.\n"); 338 result = -1; 339 340 scf_transaction_destroy(tx); 341 (void) scf_entry_destroy(e); 342 goto out; 343 } 344 345 if (scf_transaction_property_new(tx, e, MHASH_PROP, 346 SCF_TYPE_OPAQUE) != SCF_SUCCESS && 347 scf_transaction_property_change_type(tx, e, MHASH_PROP, 348 SCF_TYPE_OPAQUE) != SCF_SUCCESS) { 349 if (errstr != NULL) 350 *errstr = gettext("Could not modify hash " 351 "entry"); 352 result = -1; 353 goto out; 354 } 355 356 ret = scf_entry_add_value(e, val); 357 assert(ret == SCF_SUCCESS); 358 359 ret = scf_transaction_commit(tx); 360 361 if (ret == 0) 362 scf_transaction_reset(tx); 363 } while (ret == 0); 364 365 if (ret < 0) { 366 if (scf_error() != SCF_ERROR_PERMISSION_DENIED) { 367 if (errstr != NULL) 368 *errstr = gettext("Could not store file hash: " 369 "permission denied.\n"); 370 result = -1; 371 goto out; 372 } 373 374 if (errstr != NULL) 375 *errstr = gettext("Could not commit transaction"); 376 result = -1; 377 } 378 379 scf_transaction_destroy(tx); 380 (void) scf_entry_destroy(e); 381 382 out: 383 (void) scf_value_destroy(val); 384 scf_property_destroy(prop); 385 scf_pg_destroy(pg); 386 scf_service_destroy(svc); 387 scf_scope_destroy(scope); 388 389 return (result); 390 } 391 392 /* 393 * int mhash_test_file(scf_handle_t *, const char *, uint_t, char **, uchar_t *) 394 * Test the given filename against the hashed metadata in the repository. 395 * The behaviours for import and apply are slightly different. For imports, 396 * if the hash value is absent or different, then the import operation 397 * continues. For profile application, the operation continues only if the 398 * hash value for the file is absent. 399 * 400 * Return non-zero if we should skip the file because it is unchanged or 401 * nonexistent. 402 */ 403 int 404 mhash_test_file(scf_handle_t *hndl, const char *file, uint_t is_profile, 405 char **pnamep, uchar_t *hash) 406 { 407 boolean_t do_hash; 408 struct stat64 st; 409 char *cp; 410 char *data; 411 uchar_t stored_hash[MHASH_SIZE]; 412 char *pname; 413 int ret; 414 415 /* 416 * In the case where we are doing automated imports, we reduce the UID, 417 * the GID, the size, and the mtime into a string (to eliminate 418 * endianness) which we then make opaque as a single MD5 digest. 419 * 420 * The previous hash was composed of the inode number, the UID, the file 421 * size, and the mtime. This formulation was found to be insufficiently 422 * portable for use in highly replicated deployments. The current 423 * algorithm will allow matches of this "v1" hash, but always returns 424 * the effective "v2" hash, such that updates result in the more 425 * portable hash being used. 426 * 427 * If neither calculated digest matches the stored value, we consider 428 * the test to have failed, implying that some aspect of the manifest 429 * has changed. 430 */ 431 432 cp = getenv("SVCCFG_CHECKHASH"); 433 do_hash = (cp != NULL && *cp != '\0'); 434 if (!do_hash) { 435 *pnamep = NULL; 436 return (0); 437 } 438 439 do 440 ret = stat64(file, &st); 441 while (ret < 0 && errno == EINTR); 442 if (ret < 0) { 443 return (-1); 444 } 445 446 data = uu_msprintf(MHASH_FORMAT_V2, st.st_uid, st.st_gid, 447 st.st_size, st.st_mtime); 448 if (data == NULL) { 449 return (-1); 450 } 451 452 md5_calc(hash, (uchar_t *)data, strlen(data)); 453 454 uu_free(data); 455 456 pname = mhash_filename_to_propname(file); 457 if (pname == NULL) 458 return (-1); 459 460 if (mhash_retrieve_entry(hndl, pname, stored_hash) == 0) { 461 uchar_t hash_v1[MHASH_SIZE]; 462 463 if (is_profile) { 464 return (1); 465 } 466 467 /* 468 * Manifest import. 469 */ 470 if (memcmp(hash, stored_hash, MHASH_SIZE) == 0) 471 return (1); 472 473 /* 474 * No match on V2 hash; compare V1 hash. 475 */ 476 data = uu_msprintf(MHASH_FORMAT_V1, st.st_ino, st.st_uid, 477 st.st_size, st.st_mtime); 478 if (data == NULL) 479 return (-1); 480 481 md5_calc(hash_v1, (uchar_t *)data, strlen(data)); 482 483 uu_free(data); 484 485 if (memcmp(hash_v1, stored_hash, MHASH_SIZE) == 0) 486 return (1); 487 } 488 489 *pnamep = pname; 490 491 return (0); 492 } 493