Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-3]: src Pull up revision 1.9 (requested by elad in ticket #389):
details: https://anonhg.NetBSD.org/src/rev/5cb1e76ca09f
branches: netbsd-3
changeset: 576141:5cb1e76ca09f
user: tron <tron%NetBSD.org@localhost>
date: Fri Jun 10 15:12:11 2005 +0000
description:
Pull up revision 1.9 (requested by elad in ticket #389):
Remove common code for returning supported fingerprints. This is done now
via sysctl(8) using kern.veriexec.algorithms.
Also add an entry for the 'algorithms' variable in sysctl.8 forgotten in
the last commit.
diffstat:
sbin/veriexecctl/veriexecctl.c | 36 ++++++------------------------------
sys/dev/verified_exec.c | 26 +++++---------------------
sys/sys/verified_exec.h | 11 ++---------
3 files changed, 13 insertions(+), 60 deletions(-)
diffs (156 lines):
diff -r 5e9d7ee9d8c9 -r 5cb1e76ca09f sbin/veriexecctl/veriexecctl.c
--- a/sbin/veriexecctl/veriexecctl.c Fri Jun 10 15:12:04 2005 +0000
+++ b/sbin/veriexecctl/veriexecctl.c Fri Jun 10 15:12:11 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: veriexecctl.c,v 1.5.6.3 2005/06/10 14:53:22 tron Exp $ */
+/* $NetBSD: veriexecctl.c,v 1.5.6.4 2005/06/10 15:12:11 tron Exp $ */
/*-
* Copyright 2005 Elad Efrat <elad%bsd.org.il@localhost>
@@ -190,8 +190,8 @@
static void
usage(void)
{
- (void)fprintf(stderr, "Usage: %s [-v] [load <signature_file>] "
- "[fingerprints]", getprogname());
+ (void)fprintf(stderr, "Usage: %s [-v] [load <signature_file>] ",
+ getprogname());
exit(1);
}
@@ -221,37 +221,13 @@
if ((gfd = open(VERIEXEC_DEVICE, O_RDWR, 0)) == -1)
err(1, "Cannot open `%s'", VERIEXEC_DEVICE);
- /*
- * Handle the different commands we can do.
- */
+ /*
+ * Handle the different commands we can do.
+ */
if (argc == 2 && strcasecmp(argv[0], "load") == 0) {
line = 0;
filename = argv[1];
fingerprint_load(argv[1]);
- } else if (argc == 1 && strcasecmp(argv[0], "fingerprints") == 0) {
- size = report.size = 100;
- if ((report.fingerprints = malloc(report.size)) == NULL)
- err(1, "malloc fingeprints");
-
- if (ioctl(gfd, VERIEXEC_FINGERPRINTS, &report) == -1)
- err(1, "fingerprints ioctl");
-
- if (size != report.size) {
- if (verbose)
- (void)printf("fingerprints: buffer too small, "
- "reallocating to %d bytes.\n",
- report.size);
-
- /* fingerprint store was not large enough
- make more room and try again. */
- if ((newp = realloc(report.fingerprints, report.size))
- == NULL)
- err(1, "realloc fingeprints");
- if (ioctl(gfd, VERIEXEC_FINGERPRINTS,
- &report) == -1)
- err(1, "fingerprints ioctl");
- }
- printf("Supported fingerprints: %s\n", report.fingerprints);
} else
usage();
diff -r 5e9d7ee9d8c9 -r 5cb1e76ca09f sys/dev/verified_exec.c
--- a/sys/dev/verified_exec.c Fri Jun 10 15:12:04 2005 +0000
+++ b/sys/dev/verified_exec.c Fri Jun 10 15:12:11 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: verified_exec.c,v 1.5.2.2 2005/06/10 15:10:10 tron Exp $ */
+/* $NetBSD: verified_exec.c,v 1.5.2.3 2005/06/10 15:12:11 tron Exp $ */
/*-
* Copyright 2005 Elad Efrat <elad%bsd.org.il@localhost>
@@ -31,9 +31,9 @@
#include <sys/cdefs.h>
#if defined(__NetBSD__)
-__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.5.2.2 2005/06/10 15:10:10 tron Exp $");
+__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.5.2.3 2005/06/10 15:12:11 tron Exp $");
#else
-__RCSID("$Id: verified_exec.c,v 1.5.2.2 2005/06/10 15:10:10 tron Exp $\n$NetBSD: verified_exec.c,v 1.5.2.2 2005/06/10 15:10:10 tron Exp $");
+__RCSID("$Id: verified_exec.c,v 1.5.2.3 2005/06/10 15:12:11 tron Exp $\n$NetBSD: verified_exec.c,v 1.5.2.3 2005/06/10 15:12:11 tron Exp $");
#endif
#include <sys/param.h>
@@ -154,11 +154,9 @@
u_long hashmask;
/*
- * Don't allow updates in multi-user mode, but we will allow
- * queries of supported fingerprints.
- *
+ * Don't allow updates in multi-user mode.
*/
- if ((securelevel >= 1) && (cmd != VERIEXEC_FINGERPRINTS)) {
+ if (securelevel >= 1) {
printf("Veriexec: veriexecioctl: Securelevel raised, loading"
"fingerprints is not permitted\n");
@@ -293,20 +291,6 @@
break;
}
- case VERIEXEC_FINGERPRINTS: {
- struct veriexec_fp_report *params =
- (struct veriexec_fp_report *) data;
-
- if (strlen(veriexec_fp_names) >= params->size) {
- params->size = strlen(veriexec_fp_names) + 1;
- } else {
- strlcpy(params->fingerprints, veriexec_fp_names,
- params->size);
- }
-
- break;
- }
-
default:
/* Invalid operation. */
error = ENODEV;
diff -r 5e9d7ee9d8c9 -r 5cb1e76ca09f sys/sys/verified_exec.h
--- a/sys/sys/verified_exec.h Fri Jun 10 15:12:04 2005 +0000
+++ b/sys/sys/verified_exec.h Fri Jun 10 15:12:11 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: verified_exec.h,v 1.6.2.1 2005/06/10 15:10:10 tron Exp $ */
+/* $NetBSD: verified_exec.h,v 1.6.2.2 2005/06/10 15:12:11 tron Exp $ */
/*-
* Copyright 2005 Elad Efrat <elad%bsd.org.il@localhost>
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: verified_exec.h,v 1.6.2.1 2005/06/10 15:10:10 tron Exp $");
+__KERNEL_RCSID(0, "$NetBSD: verified_exec.h,v 1.6.2.2 2005/06/10 15:12:11 tron Exp $");
/*
*
@@ -60,12 +60,6 @@
size_t hash_size;
};
-struct veriexec_fp_report {
- unsigned int size;
- unsigned char *fingerprints;
-};
-
-
/*
* Types of veriexec inodes we can have
*/
@@ -75,7 +69,6 @@
#define VERIEXEC_LOAD _IOW('S', 0x1, struct veriexec_params)
#define VERIEXEC_TABLESIZE _IOW('S', 0x2, struct veriexec_sizing_params)
-#define VERIEXEC_FINGERPRINTS _IOWR('S', 0x3, struct veriexec_fp_report)
/* Verified exec sysctl objects. */
#define VERIEXEC_VERBOSE 1 /* Verbosity level. */
Home |
Main Index |
Thread Index |
Old Index