manifest_hash.c revision 9444c26f4faabda140242c3986089704c4073ced
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#include <assert.h>
#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
#include <libintl.h>
#include <libscf.h>
#include <libuutil.h>
#include <limits.h>
#include <md5.h>
#include <pthread.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <strings.h>
#include <unistd.h>
#include <manifest_hash.h>
/*
* Translate a file name to property name. Return an allocated string or NULL
* if realpath() fails. If deathrow is true, realpath() is skipped. This
* allows to return the property name even if the file doesn't exist.
*/
char *
{
if (deathrow) {
/* used only for service deathrow handling */
return (NULL);
}
} else {
return (NULL);
}
}
/*
* We copy-shift over the basedir and the leading slash, since it's
* not relevant to when we boot with this repository.
*/
if (*cp == '/')
cp++;
/* Use the first half and the second half. */
piece_len + 1);
}
/*
* Translate non-property characters to '_', first making sure that
* we don't begin with '_'.
*/
*out = 'A';
*cp = '_';
}
return (out);
}
int
{
int result = 0;
if (action)
*action = APPLY_NONE;
/*
* In this implementation the hash for name is the opaque value of
* svc:/MHASH_SVC/:properties/name/MHASH_PROP
*/
result = -1;
goto out;
}
result = -1;
goto out;
}
result = -1;
goto out;
}
result = -1;
goto out;
}
result = -1;
goto out;
}
result = -1;
goto out;
}
if (szret < 0) {
result = -1;
goto out;
}
/*
* Make sure that the old hash is returned with
* remainder of the bytes zeroed.
*/
if (szret == MHASH_SIZE_OLD) {
} else if (szret != MHASH_SIZE) {
result = -1;
goto out;
}
/*
* If caller has requested the apply_last property, read the
* property if it exists.
*/
SCF_SUCCESS) {
if ((err != SCF_ERROR_DELETED) &&
(err != SCF_ERROR_NOT_FOUND)) {
result = -1;
}
goto out;
}
if ((err != SCF_ERROR_DELETED) &&
(err != SCF_ERROR_NOT_FOUND)) {
result = -1;
}
goto out;
}
result = -1;
goto out;
}
if (apply_value)
*action = APPLY_LATE;
}
out:
(void) scf_value_destroy(val);
return (result);
}
int
{
scf_transaction_entry_t *e = NULL;
int i;
result = -1;
goto out;
}
result = -1;
goto out;
}
for (i = 0; i < 5; ++i) {
break;
if (scf_error() != SCF_ERROR_NOT_FOUND) {
"service");
result = -1;
goto out;
}
break;
if (err == SCF_ERROR_EXISTS)
/* Try again. */
continue;
else if (err == SCF_ERROR_PERMISSION_DENIED) {
"permission denied.\n");
result = -1;
goto out;
}
"service");
result = -1;
goto out;
}
if (i == 5) {
"service addition contention.\n");
result = -1;
goto out;
}
for (i = 0; i < 5; ++i) {
break;
if (scf_error() != SCF_ERROR_NOT_FOUND) {
"hash record)");
result = -1;
goto out;
}
break;
if (err == SCF_ERROR_EXISTS)
/* Try again. */
continue;
else if (err == SCF_ERROR_PERMISSION_DENIED) {
"permission denied.\n");
result = -1;
goto out;
}
result = -1;
goto out;
}
if (i == 5) {
"property group addition contention.\n");
result = -1;
goto out;
}
"permission denied.\n");
result = -1;
goto out;
}
if (apply_late == APPLY_LATE) {
}
result = -1;
goto out;
}
do {
"entry");
result = -1;
goto out;
}
if (scf_error() != SCF_ERROR_PERMISSION_DENIED) {
"hash transaction.\n");
result = -1;
goto out;
}
"permission denied.\n");
result = -1;
(void) scf_entry_destroy(e);
goto out;
}
SCF_TYPE_OPAQUE) != SCF_SUCCESS &&
SCF_TYPE_OPAQUE) != SCF_SUCCESS) {
"entry");
result = -1;
goto out;
}
SCF_TYPE_ASTRING) != SCF_SUCCESS &&
"entry");
result = -1;
goto out;
}
switch (apply_late) {
case APPLY_NONE:
MHASH_APPLY_PROP) != 0) {
if ((err != SCF_ERROR_DELETED) &&
(err != SCF_ERROR_NOT_FOUND)) {
"delete apply_late "
"property");
}
result = -1;
goto out;
}
}
break;
case APPLY_LATE:
SCF_TYPE_BOOLEAN) != SCF_SUCCESS) &&
SCF_SUCCESS)) {
"apply_late property");
}
result = -1;
goto out;
}
break;
default:
abort();
};
if (ret == 0)
} while (ret == 0);
if (ret < 0) {
if (scf_error() != SCF_ERROR_PERMISSION_DENIED) {
"permission denied.\n");
result = -1;
goto out;
}
result = -1;
}
(void) scf_entry_destroy(e);
(void) scf_entry_destroy(fe);
(void) scf_entry_destroy(ae);
out:
(void) scf_value_destroy(val);
(void) scf_value_destroy(fval);
(void) scf_value_destroy(aval);
return (result);
}
/*
* Generate the md5 hash of a file; manifest files are smallish
* so we can read them in one gulp.
*/
static int
{
char *buf;
int fd;
int ret;
if (fd < 0)
return (-1);
return (-1);
}
ret = 0;
} else {
ret = -1;
}
return (ret);
}
/*
* int mhash_test_file(scf_handle_t *, const char *, uint_t, char **, uchar_t *)
* Test the given filename against the hashed metadata in the repository.
* The behaviours for import and apply are slightly different. For imports,
* if the hash value is absent or different, then the import operation
* continues. For profile application, the operation continues only if the
* hash value for the file is absent.
*
* We keep two hashes: one which can be quickly test: the metadata hash,
* and one which is more expensive to test: the file contents hash.
*
* If either hash matches, the file does not need to be re-read.
* If only one of the hashes matches, a side effect of this function
* is to store the newly computed hash.
* If neither hash matches, the hash computed for the new file is returned
* and not stored.
*
* Return values:
* MHASH_NEWFILE - the file no longer matches the hash or no hash existed
* ONLY in this case we return the new file's hash.
* MHASH_FAILURE - an internal error occurred, or the file was not found.
* not need to be re-read; if necessary,
* the hash was upgraded or reconciled.
*
* NOTE: no hash is returned UNLESS MHASH_NEWFILE is returned.
*/
int
{
char *cp;
char *data;
char *pname;
int ret;
int hashash;
int metahashok = 0;
if (pnamep)
/*
* In the case where we are doing automated imports, we reduce the UID,
* the GID, the size, and the mtime into a string (to eliminate
* endianness) which we then make opaque as a single MD5 digest.
*
* The previous hash was composed of the inode number, the UID, the file
* size, and the mtime. This formulation was found to be insufficiently
* portable for use in highly replicated deployments. The current
* algorithm will allow matches of this "v1" hash, but always returns
* the effective "v2" hash, such that updates result in the more
* portable hash being used.
*
* An unwanted side effect of a hash based solely on the file
* meta data is the fact that we pay no attention to the contents
* which may remain the same despite meta data changes. This happens
* with (live) upgrades. We extend the V2 hash with an additional
* digest of the file contents and the code retrieving the hash
* from the repository zero fills the remainder so we can detect
* it is missing.
*
* If the the V2 digest matches, we check for the presence of
* the contents digest and compute and store it if missing.
*
* If the V2 digest doesn't match but we also have a non-zero
* file hash, we match the file content digest. If it matches,
* we compute and store the new complete hash so that later
* checks will find the meta data digest correct.
*
* If the above matches fail and the V1 hash doesn't match either,
* we consider the test to have failed, implying that some aspect
* of the manifest has changed.
*/
if (!do_hash) {
return (MHASH_NEWFILE);
}
return (MHASH_FAILURE);
if (is_profile == 0) {
/* Actions other than APPLY_NONE are restricted to profiles. */
}
/*
* As a general rule, we do not reread a profile. The exception to
* this rule is when we are running as part of the manifest import
* service and the apply_late property is set to true.
*/
if (hashash && is_profile) {
(action != APPLY_LATE)) {
return (MHASH_RECONCILED);
}
}
/*
* No hash and not interested in one, then don't bother computing it.
* We also skip returning the property name in that case.
*/
return (MHASH_NEWFILE);
}
do {
if (ret < 0) {
return (MHASH_FAILURE);
}
return (MHASH_FAILURE);
}
/*
* Verify the meta data hash.
*/
int i;
metahashok = 1;
/*
* The metadata hash matches; now we see if there was a
* content hash; if not, we will continue on and compute and
* store the updated hash.
* If there was no content hash, mhash_retrieve_entry()
* will have zero filled it.
*/
for (i = 0; i < MD5_DIGEST_LENGTH; i++) {
if (stored_hash[MD5_DIGEST_LENGTH+i] != 0) {
if (action == APPLY_LATE) {
ret = MHASH_NEWFILE;
} else {
}
return (ret);
}
}
}
/*
* Compute the file hash as we can no longer avoid having to know it.
* Note: from this point on "hash" contains the full, current, hash.
*/
return (MHASH_FAILURE);
}
if (hashash) {
if (metahashok ||
MD5_DIGEST_LENGTH) == 0) {
/*
* Reconcile entry: we get here when either the
* meta data hash matches or the content hash matches;
* we then update the database with the complete
* new hash so we can be a bit quicker next time.
*/
APPLY_NONE, NULL);
if (action == APPLY_LATE) {
ret = MHASH_NEWFILE;
} else {
}
return (ret);
}
/*
* No match on V2 hash or file content; compare V1 hash.
*/
return (MHASH_FAILURE);
}
/*
* Update the new entry so we don't have to go through
* all this trouble next time.
*/
APPLY_NONE, NULL);
return (MHASH_RECONCILED);
}
}
else
return (MHASH_NEWFILE);
}