Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src Remove common code for returning supported fingerprints. Thi...
details: https://anonhg.NetBSD.org/src/rev/32448a73e1ed
branches: trunk
changeset: 581030:32448a73e1ed
user: elad <elad%NetBSD.org@localhost>
date: Fri May 20 19:52:52 2005 +0000
description:
Remove common code for returning supported fingerprints. This is done now
via sysctl(8) using kern.veriexec.algorithms.
Also add an entry for the 'algorithms' variable in sysctl.8 forgotten in
the last commit.
diffstat:
sbin/sysctl/sysctl.8 | 3 ++-
sbin/veriexecctl/veriexecctl.8 | 24 ++----------------------
sbin/veriexecctl/veriexecctl.c | 36 ++++++------------------------------
share/man/man4/veriexec.4 | 25 +++++--------------------
sys/dev/verified_exec.c | 26 +++++---------------------
sys/sys/verified_exec.h | 11 ++---------
6 files changed, 22 insertions(+), 103 deletions(-)
diffs (278 lines):
diff -r f3b209f45543 -r 32448a73e1ed sbin/sysctl/sysctl.8
--- a/sbin/sysctl/sysctl.8 Fri May 20 19:48:25 2005 +0000
+++ b/sbin/sysctl/sysctl.8 Fri May 20 19:52:52 2005 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: sysctl.8,v 1.119 2005/05/19 20:16:19 elad Exp $
+.\" $NetBSD: sysctl.8,v 1.120 2005/05/20 19:52:52 elad Exp $
.\"
.\" Copyright (c) 2004 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -365,6 +365,7 @@
.It kern.vdisable integer no
.It kern.veriexec.verbose integer yes
.It kern.veriexec.strict integer raise only
+.It kern.veriexec.algorithms string no
.It kern.version string no
.It machdep.console_device dev_t no
.It net.bpf.maxbufsize integer yes
diff -r f3b209f45543 -r 32448a73e1ed sbin/veriexecctl/veriexecctl.8
--- a/sbin/veriexecctl/veriexecctl.8 Fri May 20 19:48:25 2005 +0000
+++ b/sbin/veriexecctl/veriexecctl.8 Fri May 20 19:52:52 2005 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: veriexecctl.8,v 1.11 2005/04/24 13:23:55 blymn Exp $
+.\" $NetBSD: veriexecctl.8,v 1.12 2005/05/20 19:52:52 elad Exp $
.\"
.\" Copyright (c) 1999
.\" Brett Lymn - blymn%baea.com.au@localhost, brett_lymn%yahoo.com.au@localhost
@@ -29,7 +29,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $Id: veriexecctl.8,v 1.11 2005/04/24 13:23:55 blymn Exp $
+.\" $Id: veriexecctl.8,v 1.12 2005/05/20 19:52:52 elad Exp $
.\"
.Dd April 22, 2005
.Dt VERIEXECCTL 8
@@ -50,26 +50,6 @@
commaned to work.
.Sh COMMANDS
.Bl -tag -width 25n
-.It Cm fingerprints
-Report the fingerprint methods that are available in the currently running
-kernel.
-This command will return a space separated list of supported fingerprint
-methods that will be accepted by the kernel.
-The default list is:
-.Bl -item -offset indent -compact
-.It
-MD5
-.It
-RMD160
-.It
-SHA1
-.It
-SHA256
-.It
-SHA384
-.It
-SHA512
-.El
.It Cm load Ar veriexec.conf
Load the fingerprint entries contained in
.Ar veriexec.conf
diff -r f3b209f45543 -r 32448a73e1ed sbin/veriexecctl/veriexecctl.c
--- a/sbin/veriexecctl/veriexecctl.c Fri May 20 19:48:25 2005 +0000
+++ b/sbin/veriexecctl/veriexecctl.c Fri May 20 19:52:52 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: veriexecctl.c,v 1.8 2005/04/21 12:45:12 christos Exp $ */
+/* $NetBSD: veriexecctl.c,v 1.9 2005/05/20 19:52:52 elad Exp $ */
/*-
* Copyright 2005 Elad Efrat <elad%bsd.org.il@localhost>
@@ -190,8 +190,8 @@
static void
usage(void)
{
- (void)fprintf(stderr, "Usage: %s [-v] [load <signature_file>] "
- "[fingerprints]", getprogname());
+ (void)fprintf(stderr, "Usage: %s [-v] [load <signature_file>] ",
+ getprogname());
exit(1);
}
@@ -221,37 +221,13 @@
if ((gfd = open(VERIEXEC_DEVICE, O_RDWR, 0)) == -1)
err(1, "Cannot open `%s'", VERIEXEC_DEVICE);
- /*
- * Handle the different commands we can do.
- */
+ /*
+ * Handle the different commands we can do.
+ */
if (argc == 2 && strcasecmp(argv[0], "load") == 0) {
line = 0;
filename = argv[1];
fingerprint_load(argv[1]);
- } else if (argc == 1 && strcasecmp(argv[0], "fingerprints") == 0) {
- size = report.size = 100;
- if ((report.fingerprints = malloc(report.size)) == NULL)
- err(1, "malloc fingeprints");
-
- if (ioctl(gfd, VERIEXEC_FINGERPRINTS, &report) == -1)
- err(1, "fingerprints ioctl");
-
- if (size != report.size) {
- if (verbose)
- (void)printf("fingerprints: buffer too small, "
- "reallocating to %d bytes.\n",
- report.size);
-
- /* fingerprint store was not large enough
- make more room and try again. */
- if ((newp = realloc(report.fingerprints, report.size))
- == NULL)
- err(1, "realloc fingeprints");
- if (ioctl(gfd, VERIEXEC_FINGERPRINTS,
- &report) == -1)
- err(1, "fingerprints ioctl");
- }
- printf("Supported fingerprints: %s\n", report.fingerprints);
} else
usage();
diff -r f3b209f45543 -r 32448a73e1ed share/man/man4/veriexec.4
--- a/share/man/man4/veriexec.4 Fri May 20 19:48:25 2005 +0000
+++ b/share/man/man4/veriexec.4 Fri May 20 19:52:52 2005 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: veriexec.4,v 1.5 2005/04/24 13:16:26 blymn Exp $
+.\" $NetBSD: veriexec.4,v 1.6 2005/05/20 19:52:52 elad Exp $
.\"
.\" Copyright 2005 Elad Efrat <elad%bsd.org.il@localhost>
.\" Copyright 2005 Brett Lymn <blymn%netbsd.org@localhost>
@@ -26,7 +26,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $Id: veriexec.4,v 1.5 2005/04/24 13:16:26 blymn Exp $
+.\" $Id: veriexec.4,v 1.6 2005/05/20 19:52:52 elad Exp $
.\"
.Dd March 24, 2005
.Dt VERIEXEC 4
@@ -39,9 +39,8 @@
The
.Nm
pseudo-device is used to interface the kernel's Veriexec data-structures.
-It is used to size the kernel data structures, load the Veriexec
-fingerprints into kernel memory and report the fingerprint methods
-supported by the currently running kernel.
+It is used to size the kernel data structures and load the Veriexec
+fingerprints into kernel memory.
.Ss Veriexec file operations
All the following operations are invoked using the
.Xr ioctl 2
@@ -54,7 +53,7 @@
The following section lists the requests that can be made via
.Xr ioctl 2 .
.Ss Veriexec file request descriptions
-.Bl -tag -width VERIEXEC_FINGERPRINTS
+.Bl -tag -width VERIEXEC_TABLESIZE
.It Dv VERIEXEC_TABLESIZE Fa struct veriexec_sizing_params
Sizes the in kernel hash tables to accommodate the fingerprint entries.
This request must be made prior to loading the fingerprints into the
@@ -99,20 +98,6 @@
on the fingerprint passed.
Lastly, the fingerprint is a pointer to an
array of characters that comprise the fingerprint for the file.
-.It Dv VERIEXEC_FINGERPRINTS Fa struct veriexec_fp_report
-Copies a string that contains the fingerprint methods supported by the
-kernel into the buffer pointed to in the argument structure.
-The argument structure also contains the size of the storage that has
-been allocated by the caller to hold the string.
-If the size of the storage is insufficient to hold the entire string,
-then the string will not be copied into the buffer by the kernel; instead
-the size field will be updated with the amount of storage required to hold
-the fingerprint string.
-After performing this request the caller must check the size field in the
-argument structure.
-If this field differs from what was set prior to the
-request then the caller should reallocate the storage with the updated size
-and perform the request again.
.El
.Pp
Note that the requests
diff -r f3b209f45543 -r 32448a73e1ed sys/dev/verified_exec.c
--- a/sys/dev/verified_exec.c Fri May 20 19:48:25 2005 +0000
+++ b/sys/dev/verified_exec.c Fri May 20 19:52:52 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: verified_exec.c,v 1.8 2005/05/19 20:16:19 elad Exp $ */
+/* $NetBSD: verified_exec.c,v 1.9 2005/05/20 19:52:52 elad Exp $ */
/*-
* Copyright 2005 Elad Efrat <elad%bsd.org.il@localhost>
@@ -31,9 +31,9 @@
#include <sys/cdefs.h>
#if defined(__NetBSD__)
-__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.8 2005/05/19 20:16:19 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.9 2005/05/20 19:52:52 elad Exp $");
#else
-__RCSID("$Id: verified_exec.c,v 1.8 2005/05/19 20:16:19 elad Exp $\n$NetBSD: verified_exec.c,v 1.8 2005/05/19 20:16:19 elad Exp $");
+__RCSID("$Id: verified_exec.c,v 1.9 2005/05/20 19:52:52 elad Exp $\n$NetBSD: verified_exec.c,v 1.9 2005/05/20 19:52:52 elad Exp $");
#endif
#include <sys/param.h>
@@ -154,11 +154,9 @@
u_long hashmask;
/*
- * Don't allow updates in multi-user mode, but we will allow
- * queries of supported fingerprints.
- *
+ * Don't allow updates in multi-user mode.
*/
- if ((securelevel >= 1) && (cmd != VERIEXEC_FINGERPRINTS)) {
+ if (securelevel >= 1) {
printf("Veriexec: veriexecioctl: Securelevel raised, loading"
"fingerprints is not permitted\n");
@@ -293,20 +291,6 @@
break;
}
- case VERIEXEC_FINGERPRINTS: {
- struct veriexec_fp_report *params =
- (struct veriexec_fp_report *) data;
-
- if (strlen(veriexec_fp_names) >= params->size) {
- params->size = strlen(veriexec_fp_names) + 1;
- } else {
- strlcpy(params->fingerprints, veriexec_fp_names,
- params->size);
- }
-
- break;
- }
-
default:
/* Invalid operation. */
error = ENODEV;
diff -r f3b209f45543 -r 32448a73e1ed sys/sys/verified_exec.h
--- a/sys/sys/verified_exec.h Fri May 20 19:48:25 2005 +0000
+++ b/sys/sys/verified_exec.h Fri May 20 19:52:52 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: verified_exec.h,v 1.8 2005/05/19 20:16:19 elad Exp $ */
+/* $NetBSD: verified_exec.h,v 1.9 2005/05/20 19:52:52 elad Exp $ */
/*-
* Copyright 2005 Elad Efrat <elad%bsd.org.il@localhost>
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: verified_exec.h,v 1.8 2005/05/19 20:16:19 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: verified_exec.h,v 1.9 2005/05/20 19:52:52 elad Exp $");
/*
*
@@ -60,12 +60,6 @@
size_t hash_size;
};
-struct veriexec_fp_report {
- unsigned int size;
- unsigned char *fingerprints;
-};
-
-
/*
* Types of veriexec inodes we can have
*/
@@ -75,7 +69,6 @@
#define VERIEXEC_LOAD _IOW('S', 0x1, struct veriexec_params)
#define VERIEXEC_TABLESIZE _IOW('S', 0x2, struct veriexec_sizing_params)
-#define VERIEXEC_FINGERPRINTS _IOWR('S', 0x3, struct veriexec_fp_report)
/* Verified exec sysctl objects. */
#define VERIEXEC_VERBOSE 1 /* Verbosity level. */
Home |
Main Index |
Thread Index |
Old Index