diff options
| -rw-r--r-- | usr.sbin/mtree/Makefile | 3 | ||||
| -rw-r--r-- | usr.sbin/mtree/compare.c | 50 | ||||
| -rw-r--r-- | usr.sbin/mtree/create.c | 44 | ||||
| -rw-r--r-- | usr.sbin/mtree/misc.c | 10 | ||||
| -rw-r--r-- | usr.sbin/mtree/mtree.8 | 29 | ||||
| -rw-r--r-- | usr.sbin/mtree/mtree.h | 4 | ||||
| -rw-r--r-- | usr.sbin/mtree/spec.c | 14 |
7 files changed, 139 insertions, 15 deletions
diff --git a/usr.sbin/mtree/Makefile b/usr.sbin/mtree/Makefile index 9f78f8f..ef9a055 100644 --- a/usr.sbin/mtree/Makefile +++ b/usr.sbin/mtree/Makefile @@ -1,5 +1,5 @@ # From: @(#)Makefile 8.1 (Berkeley) 6/6/93 -# $Id$ +# $Id: Makefile,v 1.6 1997/02/22 16:07:51 peter Exp $ PROG= mtree SRCS= compare.c crc.c create.c misc.c mtree.c spec.c verify.c @@ -8,5 +8,6 @@ MAN8= mtree.8 DPADD+= ${LIBMD} LDADD+= -lmd +CFLAGS+= -DMD5 -DSHA1 -DRMD160 .include <bsd.prog.mk> diff --git a/usr.sbin/mtree/compare.c b/usr.sbin/mtree/compare.c index 105b137..2b28f21 100644 --- a/usr.sbin/mtree/compare.c +++ b/usr.sbin/mtree/compare.c @@ -36,7 +36,7 @@ static char sccsid[] = "@(#)compare.c 8.1 (Berkeley) 6/6/93"; #endif static const char rcsid[] = - "$Id: compare.c,v 1.9 1998/06/09 05:02:29 imp Exp $"; + "$Id: compare.c,v 1.10 1998/08/02 14:41:34 bde Exp $"; #endif /* not lint */ #include <sys/param.h> @@ -45,7 +45,15 @@ static const char rcsid[] = #include <errno.h> #include <fcntl.h> #include <fts.h> +#ifdef MD5 #include <md5.h> +#endif +#ifdef SHA1 +#include <sha.h> +#endif +#ifdef RMD160 +#include <ripemd.h> +#endif #include <stdio.h> #include <time.h> #include <unistd.h> @@ -207,10 +215,11 @@ typeerr: LABEL; } tab = "\t"; } +#ifdef MD5 if (s->flags & F_MD5) { char *new_digest, buf[33]; - new_digest = MD5File(p->fts_accpath,buf); + new_digest = MD5File(p->fts_accpath, buf); if (!new_digest) { LABEL; printf("%sMD5File: %s: %s\n", tab, p->fts_accpath, @@ -223,6 +232,43 @@ typeerr: LABEL; tab = "\t"; } } +#endif /* MD5 */ +#ifdef SHA1 + if (s->flags & F_SHA1) { + char *new_digest, buf[41]; + + new_digest = SHA1_File(p->fts_accpath, buf); + if (!new_digest) { + LABEL; + printf("%sSHA1_File: %s: %s\n", tab, p->fts_accpath, + strerror(errno)); + tab = "\t"; + } else if (strcmp(new_digest, s->sha1digest)) { + LABEL; + printf("%sSHA-1 (%s, %s)\n", tab, s->sha1digest, + new_digest); + tab = "\t"; + } + } +#endif /* SHA1 */ +#ifdef RMD160 + if (s->flags & F_RMD160) { + char *new_digest, buf[41]; + + new_digest = RIPEMD160_File(p->fts_accpath, buf); + if (!new_digest) { + LABEL; + printf("%sRIPEMD160_File: %s: %s\n", tab, + p->fts_accpath, strerror(errno)); + tab = "\t"; + } else if (strcmp(new_digest, s->rmd160digest)) { + LABEL; + printf("%sRIPEMD160 (%s, %s)\n", tab, s->rmd160digest, + new_digest); + tab = "\t"; + } + } +#endif /* RMD160 */ if (s->flags & F_SLINK && strcmp(cp = rlink(name), s->slink)) { LABEL; diff --git a/usr.sbin/mtree/create.c b/usr.sbin/mtree/create.c index 47a5e39..e591001 100644 --- a/usr.sbin/mtree/create.c +++ b/usr.sbin/mtree/create.c @@ -36,7 +36,7 @@ static char sccsid[] = "@(#)create.c 8.1 (Berkeley) 6/6/93"; #endif static const char rcsid[] = - "$Id: create.c,v 1.12 1999/01/12 02:58:23 jkoshy Exp $"; + "$Id: create.c,v 1.13 1999/01/18 06:58:25 jkoshy Exp $"; #endif /* not lint */ #include <sys/param.h> @@ -47,7 +47,15 @@ static const char rcsid[] = #include <fcntl.h> #include <fts.h> #include <grp.h> +#ifdef MD5 #include <md5.h> +#endif +#ifdef SHA1 +#include <sha.h> +#endif +#ifdef RMD160 +#include <ripemd.h> +#endif #include <pwd.h> #include <stdio.h> #include <time.h> @@ -203,16 +211,42 @@ statf(indent, p) (void)close(fd); output(indent, &offset, "cksum=%lu", val); } +#ifdef MD5 if (keys & F_MD5 && S_ISREG(p->fts_statp->st_mode)) { - char *md5digest, buf[33]; + char *digest, buf[33]; + + digest = MD5File(p->fts_accpath, buf); + if (!digest) { + err(1, "line %d: %s", lineno, p->fts_accpath); + } else { + output(indent, &offset, "md5digest=%s", digest); + } + } +#endif /* MD5 */ +#ifdef SHA1 + if (keys & F_SHA1 && S_ISREG(p->fts_statp->st_mode)) { + char *digest, buf[41]; + + digest = SHA1_File(p->fts_accpath, buf); + if (!digest) { + err(1, "line %d: %s", lineno, p->fts_accpath); + } else { + output(indent, &offset, "sha1digest=%s", digest); + } + } +#endif /* SHA1 */ +#ifdef RMD160 + if (keys & F_RMD160 && S_ISREG(p->fts_statp->st_mode)) { + char *digest, buf[41]; - md5digest = MD5File(p->fts_accpath,buf); - if (!md5digest) { + digest = RIPEMD160_File(p->fts_accpath, buf); + if (!digest) { err(1, "line %d: %s", lineno, p->fts_accpath); } else { - output(indent, &offset, "md5digest=%s", md5digest); + output(indent, &offset, "ripemd160digest=%s", digest); } } +#endif /* RMD160 */ if (keys & F_SLINK && (p->fts_info == FTS_SL || p->fts_info == FTS_SLNONE)) output(indent, &offset, "link=%s", rlink(p->fts_accpath)); diff --git a/usr.sbin/mtree/misc.c b/usr.sbin/mtree/misc.c index c8318ec..339804a 100644 --- a/usr.sbin/mtree/misc.c +++ b/usr.sbin/mtree/misc.c @@ -36,7 +36,7 @@ static char sccsid[] = "@(#)misc.c 8.1 (Berkeley) 6/6/93"; #endif static const char rcsid[] = - "$Id: misc.c,v 1.4 1997/10/01 06:30:01 charnier Exp $"; + "$Id: misc.c,v 1.5 1998/06/05 14:43:40 peter Exp $"; #endif /*not lint */ #include <sys/types.h> @@ -64,10 +64,18 @@ static KEY keylist[] = { {"gname", F_GNAME, NEEDVALUE}, {"ignore", F_IGN, 0}, {"link", F_SLINK, NEEDVALUE}, +#ifdef MD5 {"md5digest", F_MD5, NEEDVALUE}, +#endif {"mode", F_MODE, NEEDVALUE}, {"nlink", F_NLINK, NEEDVALUE}, {"nochange", F_NOCHANGE, 0}, +#ifdef RMD160 + {"ripemd160digest", F_RMD160, NEEDVALUE}, +#endif +#ifdef SHA1 + {"sha1digest", F_SHA1, NEEDVALUE}, +#endif {"size", F_SIZE, NEEDVALUE}, {"time", F_TIME, NEEDVALUE}, {"type", F_TYPE, NEEDVALUE}, diff --git a/usr.sbin/mtree/mtree.8 b/usr.sbin/mtree/mtree.8 index 9d89809..51948f3 100644 --- a/usr.sbin/mtree/mtree.8 +++ b/usr.sbin/mtree/mtree.8 @@ -30,9 +30,9 @@ .\" SUCH DAMAGE. .\" .\" From: @(#)mtree.8 8.2 (Berkeley) 12/11/93 -.\" $Id: mtree.8,v 1.12 1998/06/05 14:43:40 peter Exp $ +.\" $Id: mtree.8,v 1.13 1998/06/10 06:45:08 peter Exp $ .\" -.Dd February 9, 1995 +.Dd February 26, 1999 .Dt MTREE 8 .Os .Sh NAME @@ -139,6 +139,16 @@ The file group as a numeric value. The file group as a symbolic name. .It Cm md5digest The MD5 message digest of the file. +.It Cm sha1digest +The +.Tn FIPS +160-1 +.Pq Dq Tn SHA-1 +message digest of the file. +.It Cm ripemd160digest +The +.Tn RIPEMD160 +message digest of the file. .It Cm mode The current file's permissions as a numeric (octal) or symbolic value. @@ -240,7 +250,7 @@ To detect system binaries that have been ``trojan horsed'', it is recommended that .Nm .Fl K -.Cm md5digest +.Cm sha1digest be run on the file systems, and a copy of the results stored on a different machine, or, at least, in encrypted form. The output file itself should be digested using the @@ -285,8 +295,17 @@ The .Nm utility appeared in .Bx 4.3 Reno . -The MD5 digest capability was added in +The +.Tn MD5 +digest capability was added in .Fx 2.1 , in response to the widespread use of programs which can spoof .Xr cksum 1 . - +The +.Tn SHA-1 +and +.Tn RIPEMD160 +digests were added in +.Fx 4.0 , +as new attacks have demonstrated weaknesses in +.Tn MD5 . diff --git a/usr.sbin/mtree/mtree.h b/usr.sbin/mtree/mtree.h index b7678aa..7ffb798 100644 --- a/usr.sbin/mtree/mtree.h +++ b/usr.sbin/mtree/mtree.h @@ -48,6 +48,8 @@ typedef struct _node { struct timespec st_mtimespec; /* last modification time */ u_long cksum; /* check sum */ char *md5digest; /* MD5 digest */ + char *sha1digest; /* SHA-1 digest */ + char *rmd160digest; /* RIPEMD160 digest */ char *slink; /* symbolic link reference */ uid_t st_uid; /* uid */ gid_t st_gid; /* gid */ @@ -73,6 +75,8 @@ typedef struct _node { #define F_MD5 0x8000 /* MD5 digest */ #define F_NOCHANGE 0x10000 /* If owner/mode "wrong", do */ /* not change */ +#define F_SHA1 0x20000 /* SHA-1 digest */ +#define F_RMD160 0x40000 /* RIPEMD160 digest */ u_int flags; /* items set */ #define F_BLOCK 0x001 /* block special */ diff --git a/usr.sbin/mtree/spec.c b/usr.sbin/mtree/spec.c index 1e9c5fd..bf2df5a 100644 --- a/usr.sbin/mtree/spec.c +++ b/usr.sbin/mtree/spec.c @@ -36,7 +36,7 @@ static char sccsid[] = "@(#)spec.c 8.1 (Berkeley) 6/6/93"; #endif static const char rcsid[] = - "$Id: spec.c,v 1.8 1998/12/16 04:54:08 imp Exp $"; + "$Id: spec.c,v 1.9 1999/01/12 02:58:23 jkoshy Exp $"; #endif /* not lint */ #include <sys/types.h> @@ -199,6 +199,18 @@ set(t, ip) errx(1, "strdup"); } break; + case F_SHA1: + ip->sha1digest = strdup(val); + if(!ip->sha1digest) { + errx(1, "strdup"); + } + break; + case F_RMD160: + ip->rmd160digest = strdup(val); + if(!ip->rmd160digest) { + errx(1, "strdup"); + } + break; case F_GID: ip->st_gid = strtoul(val, &ep, 10); if (*ep) |
