From owner-p4-projects@FreeBSD.ORG  Sun May  8 18:49:46 2005
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id B1A4C16A4E7; Sun,  8 May 2005 18:49:45 +0000 (GMT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 56CAD16A4E4
	for <perforce@freebsd.org>; Sun,  8 May 2005 18:49:45 +0000 (GMT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2699143D5A
	for <perforce@freebsd.org>; Sun,  8 May 2005 18:49:45 +0000 (GMT)
	(envelope-from csjp@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j48InjAG089830
	for <perforce@freebsd.org>; Sun, 8 May 2005 18:49:45 GMT
	(envelope-from csjp@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j48Ini1u089827
	for perforce@freebsd.org; Sun, 8 May 2005 18:49:44 GMT
	(envelope-from csjp@freebsd.org)
Date: Sun, 8 May 2005 18:49:44 GMT
Message-Id: <200505081849.j48Ini1u089827@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	csjp@freebsd.org using -f
From: "Christian S.J. Peron" <csjp@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Subject: PERFORCE change 76699 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 08 May 2005 18:49:46 -0000

http://perforce.freebsd.org/chv.cgi?CH=76699

Change 76699 by csjp@csjp_xor on 2005/05/08 18:49:44

	
	-create the MAC_CHKEXEC kernel option so that people can compile this
	 straight into their kernel.
	-create MD5_HASH_SIZE and SHA1_HASH_SIZE constants. This makes the code
	 a bit more cleaner by adding context.
	-plug these new constants into the code where applicable

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/conf/files#116 edit
.. //depot/projects/trustedbsd/mac/sys/conf/options#73 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_chkexec/mac_chkexec.c#6 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_chkexec/mac_chkexec.h#3 edit
.. //depot/projects/trustedbsd/mac/usr.sbin/getfhash/getfhash.c#3 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/conf/files#116 (text+ko) ====

@@ -308,6 +308,7 @@
 crypto/sha1.c			optional netgraph_mppc_encryption
 crypto/sha1.c			optional crypto
 crypto/sha1.c			optional ipsec
+crypto/sha1.c			optional mac_chkexec
 crypto/sha2/sha2.c		optional crypto
 crypto/sha2/sha2.c		optional geom_bde
 crypto/sha2/sha2.c		optional ipsec
@@ -1743,6 +1744,7 @@
 security/mac/mac_vfs.c		optional mac
 security/mac_biba/mac_biba.c	optional mac_biba
 security/mac_bsdextended/mac_bsdextended.c optional mac_bsdextended
+security/mac_chkexec/mac_chkexec.c optional mac_chkexec
 security/mac_ifoff/mac_ifoff.c	optional mac_ifoff
 security/mac_lomac/mac_lomac.c	optional mac_lomac
 security/mac_mls/mac_mls.c	optional mac_mls

==== //depot/projects/trustedbsd/mac/sys/conf/options#73 (text+ko) ====

@@ -97,6 +97,7 @@
 MAC_ALWAYS_LABEL_MBUF	opt_mac.h
 MAC_BIBA	opt_dontuse.h
 MAC_BSDEXTENDED	opt_dontuse.h
+MAC_CHKEXEC	opt_dontuse.h
 MAC_DEBUG	opt_mac.h
 MAC_IFOFF	opt_dontuse.h
 MAC_LOMAC	opt_dontuse.h

==== //depot/projects/trustedbsd/mac/sys/security/mac_chkexec/mac_chkexec.c#6 (text+ko) ====

@@ -127,8 +127,8 @@
     hashalgo, sizeof(hashalgo), "Current trusted exec algorithm");
 
 static struct hash_algo ha_table[] = {
-	{ mac_chkexec_calc_vnode_sha1, 20, MAC_VCSUM_SHA1, "sha1" },
-	{ mac_chkexec_calc_vnode_md5, 16, MAC_VCSUM_MD5, "md5" },
+	{ mac_chkexec_calc_vnode_sha1, SHA1_HASH_SIZE, MAC_VCSUM_SHA1, "sha1" },
+	{ mac_chkexec_calc_vnode_md5, MD5_HASH_SIZE, MAC_VCSUM_MD5, "md5" },
 	{ NULL, 0, 0, NULL },
 };
 

==== //depot/projects/trustedbsd/mac/sys/security/mac_chkexec/mac_chkexec.h#3 (text+ko) ====

@@ -31,7 +31,9 @@
 #define MAC_CHKEXEC_ATTRN	EXTATTR_NAMESPACE_SYSTEM
 #define MAC_CHKEXEC		"chkexec"
 #define MAC_CHKEXEC_DEP		"chkexec_depend"
-#define	MAXCSUMSIZE		32
+#define	SHA1_HASH_SIZE	20
+#define	MD5_HASH_SIZE	16
+#define	MAXCSUMSIZE	32
 
 #ifdef _KERNEL
 struct vcache {

==== //depot/projects/trustedbsd/mac/usr.sbin/getfhash/getfhash.c#3 (text+ko) ====

@@ -125,11 +125,11 @@
 		return;
 	}
 	if (sum.vs_flags == MAC_VCSUM_SHA1) {
-		nbytes = 20;
+		nbytes = SHA1_HASH_SIZE;
 		algo = "sha1";
 	}
 	else if (sum.vs_flags == MAC_VCSUM_MD5) {
-		nbytes = 16;
+		nbytes = MD5_HASH_SIZE;
 		algo = "md5";
 	} else {
 		warnx("%s: invalid checksum algorithm",