[src/trunk]: src/sys/dev Change how we handle duplicates in the signatures file.

[elad <elad%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/7e66dd53f068
branches:  trunk
changeset: 583377:7e66dd53f068
user:      elad <elad%NetBSD.org@localhost>
date:      Wed Aug 03 18:05:16 2005 +0000

description:
Change how we handle duplicates in the signatures file.
Just give collision information (filename, device, inode, old and new
entry type and algorithm, and note if the fingerprint is the same or not.

diffstat:

 sys/dev/verified_exec.c |  41 +++++++++++++++++------------------------
 1 files changed, 17 insertions(+), 24 deletions(-)

diffs (64 lines):

diff -r 295629b56105 -r 7e66dd53f068 sys/dev/verified_exec.c
--- a/sys/dev/verified_exec.c   Wed Aug 03 14:55:37 2005 +0000
+++ b/sys/dev/verified_exec.c   Wed Aug 03 18:05:16 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: verified_exec.c,v 1.18 2005/06/20 15:32:29 elad Exp $  */
+/*     $NetBSD: verified_exec.c,v 1.19 2005/08/03 18:05:16 elad Exp $  */
 
 /*-
  * Copyright 2005 Elad Efrat <elad%bsd.org.il@localhost>
@@ -31,9 +31,9 @@
 
 #include <sys/cdefs.h>
 #if defined(__NetBSD__)
-__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.18 2005/06/20 15:32:29 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.19 2005/08/03 18:05:16 elad Exp $");
 #else
-__RCSID("$Id: verified_exec.c,v 1.18 2005/06/20 15:32:29 elad Exp $\n$NetBSD: verified_exec.c,v 1.18 2005/06/20 15:32:29 elad Exp $");
+__RCSID("$Id: verified_exec.c,v 1.19 2005/08/03 18:05:16 elad Exp $\n$NetBSD: verified_exec.c,v 1.19 2005/08/03 18:05:16 elad Exp $");
 #endif
 
 #include <sys/param.h>
@@ -237,28 +237,21 @@
                hh = veriexec_lookup(va.va_fsid, va.va_fileid);
                if (hh != NULL) {
                        /*
-                        * Duplicate entry; handle access type conflict
-                        * and enforce 'FILE' over 'INDIRECT' over
-                        * 'DIRECT'.
+                        * Duplicate entry means something is wrong in
+                        * the signature file. Just give collision info
+                        * and return.
                         */
-                       if (hh->type < params->type) {
-                               hh->type = params->type;
-
-                               veriexec_report("Duplicate entry with "
-                                               "access type mismatch. "
-                                               "Updating to stricter "
-                                               "type.", params->file,
-                                               &va, NULL,
-                                               REPORT_NOVERBOSE,
-                                               REPORT_NOALARM,
-                                               REPORT_NOPANIC);
-                       } else {
-                               veriexec_report("Duplicate entry.",
-                                               params->file, &va, NULL,
-                                               REPORT_VERBOSE_HIGH,
-                                               REPORT_NOALARM,
-                                               REPORT_NOPANIC);
-                       }
+                       printf("veriexec: Duplicate entry. [%s, %ld:%lu] "
+                              "old[type=0x%02x, algorithm=%s], "
+                              "new[type=0x%02x, algorithm=%s] "
+                              "(%s fingerprint)\n",
+                              params->file, va.va_fsid, va.va_fileid,
+                              hh->type, hh->ops->type,
+                              params->type, params->fp_type,
+                              (((hh->ops->hash_len != params->size) ||
+                               (memcmp(hh->fp, params->fingerprint,
+                                       min(hh->ops->hash_len, params->size))
+                                       != 0)) ? "different" : "same"));
 
                        return (0);
                }