# This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # getfhash # getfhash/getfhash.c # getfhash/Makefile # echo c - getfhash mkdir -p getfhash > /dev/null 2>&1 echo x - getfhash/getfhash.c sed 's/^X//' >getfhash/getfhash.c << 'END-of-getfhash/getfhash.c' X/*- X * Copyright (c) 2005 Christian S.J. Peron X * All rights reserved. X * X * Redistribution and use in source and binary forms, with or without X * modification, are permitted provided that the following conditions X * are met: X * 1. Redistributions of source code must retain the above copyright X * notice, this list of conditions and the following disclaimer. X * 2. Redistributions in binary form must reproduce the above copyright X * notice, this list of conditions and the following disclaimer in the X * documentation and/or other materials provided with the distribution. X * X * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND X * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE X * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE X * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE X * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL X * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS X * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) X * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT X * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY X * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF X * SUCH DAMAGE. X */ X#include X#include X#include X#include X X#include X X#include X#include X#include X#include X#include X#include X Xvoid (*handler)(const char *); Xstatic void print_hash(const char *pathname); Xstatic int depth; Xstatic int dflag; Xstatic int rflag; Xstatic char *mflag; X Xstatic void Xprocess_depends(const char *pathname) X{ X char **av, *depends[10], *dependlist; X int ndeps, error, i, j; X ssize_t nbytes; X X nbytes = extattr_get_file(pathname, MAC_CHKEXEC_ATTRN, X "chkexec_depend", NULL, 0); X if (nbytes < 0 && errno == ENOATTR) X return; X else if (nbytes < 0) { X warn("extattr_get_file failed"); X return; X } X dependlist = malloc(nbytes + 1); X if (dependlist == NULL) { X warn("malloc failed"); X return; X } X error = extattr_get_file(pathname, MAC_CHKEXEC_ATTRN, X "chkexec_depend", dependlist, nbytes); X dependlist[nbytes] = '\0'; X for (ndeps = 0, av = depends; X (*av = strsep(&dependlist, ":")) != NULL; ndeps++) X if (**av != '\0') X if (++av > &depends[10]) X break; X depth++; X for (i = 0; i < ndeps; i++) { X for (j = 0; j < depth; j++) X fputs(" ", stdout); X print_hash(depends[i]); X } X depth--; X} X Xstatic void Xset_hash(const char *pathname) X{ X int error; X size_t slen; X X if (rflag) { X error = extattr_delete_file(pathname, MAC_CHKEXEC_ATTRN, X "chkexec_depend"); X if (error < 0) X warn("extattr_delete_file failed"); X } X if (sysctlbyname("security.mac.chkexec.sethash", NULL, NULL, X &pathname, sizeof(pathname)) < 0) X warn("%s", pathname); X if (!mflag) X return; X slen = strlen(mflag); X error = extattr_set_file(pathname, MAC_CHKEXEC_ATTRN, X "chkexec_depend", mflag, slen); X if (error < 0) X warn("extattr_set_file failed"); X} X Xstatic void Xprint_hash(const char *pathname) X{ X struct mac_vcsum sum; X int i, error; X int nbytes; X const char *algo; X X error = extattr_get_file(pathname, MAC_CHKEXEC_ATTRN, X MAC_CHKEXEC, (void *)&sum, sizeof(sum)); X if (error < 0) { X warn("%s", pathname); X return; X } X if (sum.vs_flags == MAC_VCSUM_SHA1) { X nbytes = 20; X algo = "sha1"; X } X else if (sum.vs_flags == MAC_VCSUM_MD5) { X nbytes = 16; X algo = "md5"; X } else { X warnx("%s: invalid checksum algorithm", X pathname); X return; X } X printf("%s: %s ", pathname, algo); X for (i = 0; i < nbytes; i++) X printf("%02x", sum.vs_sum[i]); X putchar('\n'); X if (dflag) X process_depends(pathname); X} X Xstatic int Xprint_hash_from_stdin(void) X{ X char *p, pathname[256]; X X while (fgets(pathname, (int)sizeof(pathname), stdin)) { X if ((p = strchr(pathname, '\n')) != NULL) X *p = '\0'; X handler(pathname); X } X return (0); X} X Xint Xmain(int argc, char *argv[]) X{ X int ch, error, i; X char *program; X X if ((program = strrchr(argv[0], '/')) == NULL) X program = argv[0]; X else X program++; X if (strcmp(program, "setfhash") == 0) X handler = set_hash; X else if (strcmp(program, "getfhash") == 0) X handler = print_hash; X else X errx(1, "what program am I supposed to be?"); X while ((ch = getopt(argc, argv, "dhm:r")) != -1) X switch(ch) { X case 'd': X dflag++; X break; X case 'm': X mflag = optarg; X break; X case 'r': X rflag++; X break; X default: X break; X } X argc -= optind; X argv += optind; X if (argc == 0) { X error = print_hash_from_stdin(); X return (error ? 1 : 0); X } X for (i = 0; i < argc; i++) { X if (!strcmp(argv[i], "-")) { X error = print_hash_from_stdin(); X } else X handler(argv[i]); X } X return (0); X} END-of-getfhash/getfhash.c echo x - getfhash/Makefile sed 's/^X//' >getfhash/Makefile << 'END-of-getfhash/Makefile' XPROG= getfhash XLINKS= ${BINDIR}/getfhash ${BINDIR}/setfhash XNO_MAN= XWARNS= 6 XCFLAGS += -I/usr/src/sys X X.include END-of-getfhash/Makefile exit