xref: /illumos-gate/usr/src/cmd/svc/common/manifest_hash.c (revision b1e7e97d3b60469b243b3b2e22c7d8cbd11c7c90)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
23  * Copyright 2018 OmniOS Community Edition (OmniOSce) Association.
24  */
25 
26 
27 #include <sys/stat.h>
28 #include <sys/types.h>
29 
30 #include <assert.h>
31 #include <ctype.h>
32 #include <errno.h>
33 #include <fcntl.h>
34 #include <libintl.h>
35 #include <libscf.h>
36 #include <libuutil.h>
37 #include <limits.h>
38 #include <md5.h>
39 #include <pthread.h>
40 #include <stdio.h>
41 #include <stdlib.h>
42 #include <string.h>
43 #include <strings.h>
44 #include <unistd.h>
45 
46 #include <manifest_hash.h>
47 
48 /*
49  * Translate a file name to property name.  Return an allocated string or NULL
50  * if realpath() fails. If deathrow is true, realpath() is skipped. This
51  * allows to return the property name even if the file doesn't exist.
52  */
53 char *
mhash_filename_to_propname(const char * in,boolean_t deathrow)54 mhash_filename_to_propname(const char *in, boolean_t deathrow)
55 {
56 	char *out, *cp, *base;
57 	size_t len, piece_len;
58 	size_t base_sz = 0;
59 
60 	out = uu_zalloc(PATH_MAX + 1);
61 	if (deathrow) {
62 		/* used only for service deathrow handling */
63 		if (strlcpy(out, in, PATH_MAX + 1) >= (PATH_MAX + 1)) {
64 			uu_free(out);
65 			return (NULL);
66 		}
67 	} else {
68 		if (realpath(in, out) == NULL) {
69 			uu_free(out);
70 			return (NULL);
71 		}
72 	}
73 
74 	base = getenv("PKG_INSTALL_ROOT");
75 
76 	/*
77 	 * We copy-shift over the basedir and the leading slash, since it's
78 	 * not relevant to when we boot with this repository.
79 	 */
80 
81 	if (base != NULL && strncmp(out, base, strlen(base)) == 0)
82 		base_sz = strlen(base);
83 
84 	cp = out + base_sz;
85 	if (*cp == '/')
86 		cp++;
87 	(void) memmove(out, cp, strlen(cp) + 1);
88 
89 	len = strlen(out);
90 	if (len > scf_limit(SCF_LIMIT_MAX_NAME_LENGTH)) {
91 		/* Use the first half and the second half. */
92 		piece_len = (scf_limit(SCF_LIMIT_MAX_NAME_LENGTH) - 3) / 2;
93 
94 		(void) strncpy(out + piece_len, "__", 2);
95 
96 		(void) memmove(out + piece_len + 2, out + (len - piece_len),
97 		    piece_len + 1);
98 	}
99 
100 	/*
101 	 * Translate non-property characters to '_', first making sure that
102 	 * we don't begin with '_'.
103 	 */
104 
105 	if (!isalpha(*out))
106 		*out = 'A';
107 
108 	for (cp = out + 1; *cp != '\0'; ++cp) {
109 		if (!(isalnum(*cp) || *cp == '_' || *cp == '-'))
110 			*cp = '_';
111 	}
112 
113 	return (out);
114 }
115 
116 int
mhash_retrieve_entry(scf_handle_t * hndl,const char * name,uchar_t * hash,apply_action_t * action)117 mhash_retrieve_entry(scf_handle_t *hndl, const char *name, uchar_t *hash,
118     apply_action_t *action)
119 {
120 	scf_scope_t *scope;
121 	scf_service_t *svc;
122 	scf_propertygroup_t *pg;
123 	scf_property_t *prop;
124 	scf_value_t *val;
125 	scf_error_t err;
126 	ssize_t szret;
127 	int result = 0;
128 
129 	if (action)
130 		*action = APPLY_NONE;
131 
132 	/*
133 	 * In this implementation the hash for name is the opaque value of
134 	 * svc:/MHASH_SVC/:properties/name/MHASH_PROP
135 	 */
136 
137 	if ((scope = scf_scope_create(hndl)) == NULL ||
138 	    (svc = scf_service_create(hndl)) == NULL ||
139 	    (pg = scf_pg_create(hndl)) == NULL ||
140 	    (prop = scf_property_create(hndl)) == NULL ||
141 	    (val = scf_value_create(hndl)) == NULL) {
142 		result = -1;
143 		goto out;
144 	}
145 
146 	if (scf_handle_get_local_scope(hndl, scope) < 0) {
147 		result = -1;
148 		goto out;
149 	}
150 
151 	if (scf_scope_get_service(scope, MHASH_SVC, svc) < 0) {
152 		result = -1;
153 		goto out;
154 	}
155 
156 	if (scf_service_get_pg(svc, name, pg) != SCF_SUCCESS) {
157 		result = -1;
158 		goto out;
159 	}
160 
161 	if (scf_pg_get_property(pg, MHASH_PROP, prop) != SCF_SUCCESS) {
162 		result = -1;
163 		goto out;
164 	}
165 
166 	if (scf_property_get_value(prop, val) != SCF_SUCCESS) {
167 		result = -1;
168 		goto out;
169 	}
170 
171 	szret = scf_value_get_opaque(val, hash, MHASH_SIZE);
172 	if (szret < 0) {
173 		result = -1;
174 		goto out;
175 	}
176 
177 	/*
178 	 * Make sure that the old hash is returned with
179 	 * remainder of the bytes zeroed.
180 	 */
181 	if (szret == MHASH_SIZE_OLD) {
182 		(void) memset(hash + MHASH_SIZE_OLD, 0,
183 		    MHASH_SIZE - MHASH_SIZE_OLD);
184 	} else if (szret != MHASH_SIZE) {
185 		scf_value_destroy(val);
186 		result = -1;
187 		goto out;
188 	}
189 
190 	/*
191 	 * If caller has requested the apply_last property, read the
192 	 * property if it exists.
193 	 */
194 	if (action != NULL) {
195 		uint8_t apply_value;
196 
197 		if (scf_pg_get_property(pg, MHASH_APPLY_PROP, prop) !=
198 		    SCF_SUCCESS) {
199 			err = scf_error();
200 			if ((err != SCF_ERROR_DELETED) &&
201 			    (err != SCF_ERROR_NOT_FOUND)) {
202 				result = -1;
203 			}
204 			goto out;
205 		}
206 		if (scf_property_get_value(prop, val) != SCF_SUCCESS) {
207 			err = scf_error();
208 			if ((err != SCF_ERROR_DELETED) &&
209 			    (err != SCF_ERROR_NOT_FOUND)) {
210 				result = -1;
211 			}
212 			goto out;
213 		}
214 		if (scf_value_get_boolean(val, &apply_value) != SCF_SUCCESS) {
215 			result = -1;
216 			goto out;
217 		}
218 		if (apply_value)
219 			*action = APPLY_LATE;
220 	}
221 
222 out:
223 	(void) scf_value_destroy(val);
224 	scf_property_destroy(prop);
225 	scf_pg_destroy(pg);
226 	scf_service_destroy(svc);
227 	scf_scope_destroy(scope);
228 
229 	return (result);
230 }
231 
232 int
mhash_store_entry(scf_handle_t * hndl,const char * name,const char * fname,uchar_t * hash,apply_action_t apply_late,char ** errstr)233 mhash_store_entry(scf_handle_t *hndl, const char *name, const char *fname,
234     uchar_t *hash, apply_action_t apply_late, char **errstr)
235 {
236 	scf_scope_t *scope = NULL;
237 	scf_service_t *svc = NULL;
238 	scf_propertygroup_t *pg = NULL;
239 	scf_property_t *prop = NULL;
240 	scf_value_t *aval = NULL;
241 	scf_value_t *val = NULL;
242 	scf_value_t *fval = NULL;
243 	scf_transaction_t *tx = NULL;
244 	scf_transaction_entry_t *ae = NULL;
245 	scf_transaction_entry_t *e = NULL;
246 	scf_transaction_entry_t *fe = NULL;
247 	scf_error_t err;
248 	int ret, result = 0;
249 	char *base;
250 	size_t base_sz = 0;
251 
252 	int i;
253 
254 	if ((scope = scf_scope_create(hndl)) == NULL ||
255 	    (svc = scf_service_create(hndl)) == NULL ||
256 	    (pg = scf_pg_create(hndl)) == NULL ||
257 	    (prop = scf_property_create(hndl)) == NULL) {
258 		if (errstr != NULL)
259 			*errstr = gettext("Could not create scf objects");
260 		result = -1;
261 		goto out;
262 	}
263 
264 	if (scf_handle_get_local_scope(hndl, scope) != SCF_SUCCESS) {
265 		if (errstr != NULL)
266 			*errstr = gettext("Could not get local scope");
267 		result = -1;
268 		goto out;
269 	}
270 
271 	for (i = 0; i < 5; ++i) {
272 
273 		if (scf_scope_get_service(scope, MHASH_SVC, svc) ==
274 		    SCF_SUCCESS)
275 			break;
276 
277 		if (scf_error() != SCF_ERROR_NOT_FOUND) {
278 			if (errstr != NULL)
279 				*errstr = gettext("Could not get manifest hash "
280 				    "service");
281 			result = -1;
282 			goto out;
283 		}
284 
285 		if (scf_scope_add_service(scope, MHASH_SVC, svc) ==
286 		    SCF_SUCCESS)
287 			break;
288 
289 		err = scf_error();
290 
291 		if (err == SCF_ERROR_EXISTS)
292 			/* Try again. */
293 			continue;
294 		else if (err == SCF_ERROR_PERMISSION_DENIED) {
295 			if (errstr != NULL)
296 				*errstr = gettext("Could not store file hash: "
297 				    "permission denied.\n");
298 			result = -1;
299 			goto out;
300 		}
301 
302 		if (errstr != NULL)
303 			*errstr = gettext("Could not add manifest hash "
304 			    "service");
305 		result = -1;
306 		goto out;
307 	}
308 
309 	if (i == 5) {
310 		if (errstr != NULL)
311 			*errstr = gettext("Could not store file hash: "
312 			    "service addition contention.\n");
313 		result = -1;
314 		goto out;
315 	}
316 
317 	for (i = 0; i < 5; ++i) {
318 		if (scf_service_get_pg(svc, name, pg) == SCF_SUCCESS)
319 			break;
320 
321 		if (scf_error() != SCF_ERROR_NOT_FOUND) {
322 			if (errstr != NULL)
323 				*errstr = gettext("Could not get service's "
324 				    "hash record)");
325 			result = -1;
326 			goto out;
327 		}
328 
329 		if (scf_service_add_pg(svc, name, MHASH_PG_TYPE,
330 		    MHASH_PG_FLAGS, pg) == SCF_SUCCESS)
331 			break;
332 
333 		err = scf_error();
334 
335 		if (err == SCF_ERROR_EXISTS)
336 			/* Try again. */
337 			continue;
338 		else if (err == SCF_ERROR_PERMISSION_DENIED) {
339 			if (errstr != NULL)
340 				*errstr = gettext("Could not store file hash: "
341 				    "permission denied.\n");
342 			result = -1;
343 			goto out;
344 		}
345 
346 		if (errstr != NULL)
347 			*errstr = gettext("Could not store file hash");
348 		result = -1;
349 		goto out;
350 	}
351 	if (i == 5) {
352 		if (errstr != NULL)
353 			*errstr = gettext("Could not store file hash: "
354 			    "property group addition contention.\n");
355 		result = -1;
356 		goto out;
357 	}
358 
359 	if ((e = scf_entry_create(hndl)) == NULL ||
360 	    (val = scf_value_create(hndl)) == NULL ||
361 	    (fe = scf_entry_create(hndl)) == NULL ||
362 	    (fval = scf_value_create(hndl)) == NULL ||
363 	    (ae = scf_entry_create(hndl)) == NULL ||
364 	    (aval = scf_value_create(hndl)) == NULL) {
365 		if (errstr != NULL)
366 			*errstr = gettext("Could not store file hash: "
367 			    "permission denied.\n");
368 		result = -1;
369 		goto out;
370 	}
371 
372 	/*
373 	 * Remove any PKG_INSTALL_ROOT from the manifest filename so that it
374 	 * points to the correct location following installation.
375 	 */
376 	base = getenv("PKG_INSTALL_ROOT");
377 	if (base != NULL && strncmp(fname, base, strlen(base)) == 0)
378 		base_sz = strlen(base);
379 
380 	ret = scf_value_set_opaque(val, hash, MHASH_SIZE);
381 	assert(ret == SCF_SUCCESS);
382 	ret = scf_value_set_astring(fval, fname + base_sz);
383 	assert(ret == SCF_SUCCESS);
384 	if (apply_late == APPLY_LATE) {
385 		scf_value_set_boolean(aval, 1);
386 	}
387 
388 	tx = scf_transaction_create(hndl);
389 	if (tx == NULL) {
390 		if (errstr != NULL)
391 			*errstr = gettext("Could not create transaction");
392 		result = -1;
393 		goto out;
394 	}
395 
396 	do {
397 		if (scf_pg_update(pg) == -1) {
398 			if (errstr != NULL)
399 				*errstr = gettext("Could not update hash "
400 				    "entry");
401 			result = -1;
402 			goto out;
403 		}
404 		if (scf_transaction_start(tx, pg) != SCF_SUCCESS) {
405 			if (scf_error() != SCF_ERROR_PERMISSION_DENIED) {
406 				if (errstr != NULL)
407 					*errstr = gettext("Could not start "
408 					    "hash transaction.\n");
409 				result = -1;
410 				goto out;
411 			}
412 
413 			if (errstr != NULL)
414 				*errstr = gettext("Could not store file hash: "
415 				    "permission denied.\n");
416 			result = -1;
417 
418 			scf_transaction_destroy(tx);
419 			(void) scf_entry_destroy(e);
420 			goto out;
421 		}
422 
423 		if (scf_transaction_property_new(tx, e, MHASH_PROP,
424 		    SCF_TYPE_OPAQUE) != SCF_SUCCESS &&
425 		    scf_transaction_property_change_type(tx, e, MHASH_PROP,
426 		    SCF_TYPE_OPAQUE) != SCF_SUCCESS) {
427 			if (errstr != NULL)
428 				*errstr = gettext("Could not modify hash "
429 				    "entry");
430 			result = -1;
431 			goto out;
432 		}
433 
434 		ret = scf_entry_add_value(e, val);
435 		assert(ret == SCF_SUCCESS);
436 
437 		if (scf_transaction_property_new(tx, fe, MHASH_FILE_PROP,
438 		    SCF_TYPE_ASTRING) != SCF_SUCCESS &&
439 		    scf_transaction_property_change_type(tx, fe,
440 		    MHASH_FILE_PROP, SCF_TYPE_ASTRING) != SCF_SUCCESS) {
441 			if (errstr != NULL)
442 				*errstr = gettext("Could not modify file "
443 				    "entry");
444 			result = -1;
445 			goto out;
446 		}
447 
448 		ret = scf_entry_add_value(fe, fval);
449 		assert(ret == SCF_SUCCESS);
450 
451 		switch (apply_late) {
452 		case APPLY_NONE:
453 			if (scf_transaction_property_delete(tx, ae,
454 			    MHASH_APPLY_PROP) != 0) {
455 				err = scf_error();
456 				if ((err != SCF_ERROR_DELETED) &&
457 				    (err != SCF_ERROR_NOT_FOUND)) {
458 					if (errstr != NULL) {
459 						*errstr = gettext("Could not "
460 						    "delete apply_late "
461 						    "property");
462 					}
463 					result = -1;
464 					goto out;
465 				}
466 			}
467 			break;
468 		case APPLY_LATE:
469 			if ((scf_transaction_property_new(tx, ae,
470 			    MHASH_APPLY_PROP,
471 			    SCF_TYPE_BOOLEAN) != SCF_SUCCESS) &&
472 			    (scf_transaction_property_change_type(tx, ae,
473 			    MHASH_APPLY_PROP, SCF_TYPE_BOOLEAN) !=
474 			    SCF_SUCCESS)) {
475 				if (errstr != NULL) {
476 					*errstr = gettext("Could not modify "
477 					    "apply_late property");
478 				}
479 				result = -1;
480 				goto out;
481 			}
482 
483 			ret = scf_entry_add_value(ae, aval);
484 			assert(ret == SCF_SUCCESS);
485 			break;
486 		default:
487 			abort();
488 		};
489 
490 		ret = scf_transaction_commit(tx);
491 
492 		if (ret == 0)
493 			scf_transaction_reset(tx);
494 	} while (ret == 0);
495 
496 	if (ret < 0) {
497 		if (scf_error() != SCF_ERROR_PERMISSION_DENIED) {
498 			if (errstr != NULL)
499 				*errstr = gettext("Could not store file hash: "
500 				    "permission denied.\n");
501 			result = -1;
502 			goto out;
503 		}
504 
505 		if (errstr != NULL)
506 			*errstr = gettext("Could not commit transaction");
507 		result = -1;
508 	}
509 
510 	scf_transaction_destroy(tx);
511 	(void) scf_entry_destroy(e);
512 	(void) scf_entry_destroy(fe);
513 	(void) scf_entry_destroy(ae);
514 
515 out:
516 	(void) scf_value_destroy(val);
517 	(void) scf_value_destroy(fval);
518 	(void) scf_value_destroy(aval);
519 	scf_property_destroy(prop);
520 	scf_pg_destroy(pg);
521 	scf_service_destroy(svc);
522 	scf_scope_destroy(scope);
523 
524 	return (result);
525 }
526 
527 /*
528  * Generate the md5 hash of a file; manifest files are smallish
529  * so we can read them in one gulp.
530  */
531 static int
md5_hash_file(const char * file,off64_t sz,uchar_t * hash)532 md5_hash_file(const char *file, off64_t sz, uchar_t *hash)
533 {
534 	char *buf;
535 	int fd;
536 	ssize_t res;
537 	int ret;
538 
539 	fd = open(file, O_RDONLY);
540 	if (fd < 0)
541 		return (-1);
542 
543 	buf = malloc(sz);
544 	if (buf == NULL) {
545 		(void) close(fd);
546 		return (-1);
547 	}
548 
549 	res = read(fd, buf, (size_t)sz);
550 
551 	(void) close(fd);
552 
553 	if (res == sz) {
554 		ret = 0;
555 		md5_calc(hash, (uchar_t *)buf, (unsigned int) sz);
556 	} else {
557 		ret = -1;
558 	}
559 
560 	free(buf);
561 	return (ret);
562 }
563 
564 /*
565  * int mhash_test_file(scf_handle_t *, const char *, uint_t, char **, uchar_t *)
566  *   Test the given filename against the hashed metadata in the repository.
567  *   The behaviours for import and apply are slightly different.  For imports,
568  *   if the hash value is absent or different, then the import operation
569  *   continues.  For profile application, the operation continues only if the
570  *   hash value for the file is absent.
571  *
572  *   We keep two hashes: one which can be quickly test: the metadata hash,
573  *   and one which is more expensive to test: the file contents hash.
574  *
575  *   If either hash matches, the file does not need to be re-read.
576  *   If only one of the hashes matches, a side effect of this function
577  *   is to store the newly computed hash.
578  *   If neither hash matches, the hash computed for the new file is returned
579  *   and not stored.
580  *
581  *   Return values:
582  *	MHASH_NEWFILE	- the file no longer matches the hash or no hash existed
583  *			  ONLY in this case we return the new file's hash.
584  *	MHASH_FAILURE	- an internal error occurred, or the file was not found.
585  *	MHASH_RECONCILED- based on the metadata/file hash, the file does
586  *			  not need to be re-read; if necessary,
587  *			  the hash was upgraded or reconciled.
588  *
589  * NOTE: no hash is returned UNLESS MHASH_NEWFILE is returned.
590  */
591 int
mhash_test_file(scf_handle_t * hndl,const char * file,uint_t is_profile,char ** pnamep,uchar_t * hashbuf)592 mhash_test_file(scf_handle_t *hndl, const char *file, uint_t is_profile,
593     char **pnamep, uchar_t *hashbuf)
594 {
595 	apply_action_t action;
596 	boolean_t do_hash;
597 	struct stat64 st;
598 	char *cp;
599 	char *data;
600 	uchar_t stored_hash[MHASH_SIZE];
601 	uchar_t hash[MHASH_SIZE];
602 	char *pname;
603 	int ret;
604 	int hashash;
605 	int metahashok = 0;
606 
607 	if (pnamep)
608 		*pnamep = NULL;
609 
610 	/*
611 	 * In the case where we are doing automated imports, we reduce the UID,
612 	 * the GID, the size, and the mtime into a string (to eliminate
613 	 * endianness) which we then make opaque as a single MD5 digest.
614 	 *
615 	 * The previous hash was composed of the inode number, the UID, the file
616 	 * size, and the mtime.  This formulation was found to be insufficiently
617 	 * portable for use in highly replicated deployments.  The current
618 	 * algorithm will allow matches of this "v1" hash, but always returns
619 	 * the effective "v2" hash, such that updates result in the more
620 	 * portable hash being used.
621 	 *
622 	 * An unwanted side effect of a hash based solely on the file
623 	 * meta data is the fact that we pay no attention to the contents
624 	 * which may remain the same despite meta data changes.  This happens
625 	 * with (live) upgrades.  We extend the V2 hash with an additional
626 	 * digest of the file contents and the code retrieving the hash
627 	 * from the repository zero fills the remainder so we can detect
628 	 * it is missing.
629 	 *
630 	 * If the the V2 digest matches, we check for the presence of
631 	 * the contents digest and compute and store it if missing.
632 	 *
633 	 * If the V2 digest doesn't match but we also have a non-zero
634 	 * file hash, we match the file content digest.  If it matches,
635 	 * we compute and store the new complete hash so that later
636 	 * checks will find the meta data digest correct.
637 	 *
638 	 * If the above matches fail and the V1 hash doesn't match either,
639 	 * we consider the test to have failed, implying that some aspect
640 	 * of the manifest has changed.
641 	 */
642 
643 	cp = getenv("SVCCFG_CHECKHASH");
644 	do_hash = (cp != NULL && *cp != '\0');
645 	if (!do_hash) {
646 		return (MHASH_NEWFILE);
647 	}
648 
649 	pname = mhash_filename_to_propname(file, B_FALSE);
650 	if (pname == NULL)
651 		return (MHASH_FAILURE);
652 
653 	hashash = mhash_retrieve_entry(hndl, pname, stored_hash, &action) == 0;
654 	if (is_profile == 0) {
655 		/* Actions other than APPLY_NONE are restricted to profiles. */
656 		assert(action == APPLY_NONE);
657 	}
658 
659 	/*
660 	 * As a general rule, we do not reread a profile.  The exception to
661 	 * this rule is when we are running as part of the manifest import
662 	 * service and the apply_late property is set to true.
663 	 */
664 	if (hashash && is_profile) {
665 		cp = getenv("SMF_FMRI");
666 		if ((cp == NULL) ||
667 		    (strcmp(cp, SCF_INSTANCE_MI) != 0) ||
668 		    (action != APPLY_LATE)) {
669 			uu_free(pname);
670 			return (MHASH_RECONCILED);
671 		}
672 	}
673 
674 	/*
675 	 * No hash and not interested in one, then don't bother computing it.
676 	 * We also skip returning the property name in that case.
677 	 */
678 	if (!hashash && hashbuf == NULL) {
679 		uu_free(pname);
680 		return (MHASH_NEWFILE);
681 	}
682 
683 	do {
684 		ret = stat64(file, &st);
685 	} while (ret < 0 && errno == EINTR);
686 	if (ret < 0) {
687 		uu_free(pname);
688 		return (MHASH_FAILURE);
689 	}
690 
691 	data = uu_msprintf(MHASH_FORMAT_V2, st.st_uid, st.st_gid,
692 	    st.st_size, st.st_mtime);
693 	if (data == NULL) {
694 		uu_free(pname);
695 		return (MHASH_FAILURE);
696 	}
697 
698 	(void) memset(hash, 0, MHASH_SIZE);
699 	md5_calc(hash, (uchar_t *)data, strlen(data));
700 
701 	uu_free(data);
702 
703 	/*
704 	 * Verify the meta data hash.
705 	 */
706 	if (hashash && memcmp(hash, stored_hash, MD5_DIGEST_LENGTH) == 0) {
707 		int i;
708 
709 		metahashok = 1;
710 		/*
711 		 * The metadata hash matches; now we see if there was a
712 		 * content hash; if not, we will continue on and compute and
713 		 * store the updated hash.
714 		 * If there was no content hash, mhash_retrieve_entry()
715 		 * will have zero filled it.
716 		 */
717 		for (i = 0; i < MD5_DIGEST_LENGTH; i++) {
718 			if (stored_hash[MD5_DIGEST_LENGTH+i] != 0) {
719 				if (action == APPLY_LATE) {
720 					if (pnamep != NULL)
721 						*pnamep = pname;
722 					ret = MHASH_NEWFILE;
723 				} else {
724 					uu_free(pname);
725 					ret = MHASH_RECONCILED;
726 				}
727 				return (ret);
728 			}
729 		}
730 	}
731 
732 	/*
733 	 * Compute the file hash as we can no longer avoid having to know it.
734 	 * Note: from this point on "hash" contains the full, current, hash.
735 	 */
736 	if (md5_hash_file(file, st.st_size, &hash[MHASH_SIZE_OLD]) != 0) {
737 		uu_free(pname);
738 		return (MHASH_FAILURE);
739 	}
740 	if (hashash) {
741 		uchar_t hash_v1[MHASH_SIZE_OLD];
742 
743 		if (metahashok ||
744 		    memcmp(&hash[MHASH_SIZE_OLD], &stored_hash[MHASH_SIZE_OLD],
745 		    MD5_DIGEST_LENGTH) == 0) {
746 
747 			/*
748 			 * Reconcile entry: we get here when either the
749 			 * meta data hash matches or the content hash matches;
750 			 * we then update the database with the complete
751 			 * new hash so we can be a bit quicker next time.
752 			 */
753 			(void) mhash_store_entry(hndl, pname, file, hash,
754 			    APPLY_NONE, NULL);
755 			if (action == APPLY_LATE) {
756 				if (pnamep != NULL)
757 					*pnamep = pname;
758 				ret = MHASH_NEWFILE;
759 			} else {
760 				uu_free(pname);
761 				ret = MHASH_RECONCILED;
762 			}
763 			return (ret);
764 		}
765 
766 		/*
767 		 * No match on V2 hash or file content; compare V1 hash.
768 		 */
769 		data = uu_msprintf(MHASH_FORMAT_V1, st.st_ino, st.st_uid,
770 		    st.st_size, st.st_mtime);
771 		if (data == NULL) {
772 			uu_free(pname);
773 			return (MHASH_FAILURE);
774 		}
775 
776 		md5_calc(hash_v1, (uchar_t *)data, strlen(data));
777 
778 		uu_free(data);
779 
780 		if (memcmp(hash_v1, stored_hash, MD5_DIGEST_LENGTH) == 0) {
781 			/*
782 			 * Update the new entry so we don't have to go through
783 			 * all this trouble next time.
784 			 */
785 			(void) mhash_store_entry(hndl, pname, file, hash,
786 			    APPLY_NONE, NULL);
787 			uu_free(pname);
788 			return (MHASH_RECONCILED);
789 		}
790 	}
791 
792 	if (pnamep != NULL)
793 		*pnamep = pname;
794 	else
795 		uu_free(pname);
796 
797 	if (hashbuf != NULL)
798 		(void) memcpy(hashbuf, hash, MHASH_SIZE);
799 
800 	return (MHASH_NEWFILE);
801 }
802