1*5626Shylee /*
2*5626Shylee * CDDL HEADER START
3*5626Shylee *
4*5626Shylee * The contents of this file are subject to the terms of the
5*5626Shylee * Common Development and Distribution License (the "License").
6*5626Shylee * You may not use this file except in compliance with the License.
7*5626Shylee *
8*5626Shylee * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9*5626Shylee * or http://www.opensolaris.org/os/licensing.
10*5626Shylee * See the License for the specific language governing permissions
11*5626Shylee * and limitations under the License.
12*5626Shylee *
13*5626Shylee * When distributing Covered Code, include this CDDL HEADER in each
14*5626Shylee * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15*5626Shylee * If applicable, add the following below this CDDL HEADER, with the
16*5626Shylee * fields enclosed by brackets "[]" replaced with your own identifying
17*5626Shylee * information: Portions Copyright [yyyy] [name of copyright owner]
18*5626Shylee *
19*5626Shylee * CDDL HEADER END
20*5626Shylee *
21*5626Shylee * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
22*5626Shylee * Use is subject to license terms.
23*5626Shylee */
24*5626Shylee
25*5626Shylee #pragma ident "%Z%%M% %I% %E% SMI"
26*5626Shylee
27*5626Shylee #include <stdio.h>
28*5626Shylee #include <strings.h>
29*5626Shylee #include <ctype.h>
30*5626Shylee #include <libgen.h>
31*5626Shylee #include <libintl.h>
32*5626Shylee #include <errno.h>
33*5626Shylee #include <kmfapiP.h>
34*5626Shylee #include <sys/stat.h>
35*5626Shylee #include <sys/param.h>
36*5626Shylee #include <cryptoutil.h>
37*5626Shylee #include "util.h"
38*5626Shylee
39*5626Shylee static int err; /* To store errno which may be overwritten by gettext() */
40*5626Shylee
41*5626Shylee int
kc_install(int argc,char * argv[])42*5626Shylee kc_install(int argc, char *argv[])
43*5626Shylee {
44*5626Shylee int rv = KC_OK;
45*5626Shylee int opt;
46*5626Shylee extern int optind_av;
47*5626Shylee extern char *optarg_av;
48*5626Shylee char *keystore_name = NULL;
49*5626Shylee char *modulepath = NULL;
50*5626Shylee char *option_str = NULL;
51*5626Shylee conf_entry_t *entry = NULL;
52*5626Shylee char realpath[MAXPATHLEN];
53*5626Shylee struct stat statbuf;
54*5626Shylee FILE *pfile = NULL;
55*5626Shylee FILE *pfile_tmp = NULL;
56*5626Shylee char tmpfile_name[MAXPATHLEN];
57*5626Shylee int found_count = 0;
58*5626Shylee char buffer[BUFSIZ];
59*5626Shylee char *ptr;
60*5626Shylee boolean_t found;
61*5626Shylee
62*5626Shylee while ((opt = getopt_av(argc, argv, "k:(keystore)m:(modulepath)"
63*5626Shylee "o:(option)")) != EOF) {
64*5626Shylee switch (opt) {
65*5626Shylee case 'k':
66*5626Shylee if (keystore_name != NULL)
67*5626Shylee rv = KC_ERR_USAGE;
68*5626Shylee else {
69*5626Shylee keystore_name = get_string(optarg_av, &rv);
70*5626Shylee if (keystore_name == NULL) {
71*5626Shylee (void) fprintf(stderr, gettext(
72*5626Shylee "Error keystore input.\n"));
73*5626Shylee }
74*5626Shylee }
75*5626Shylee break;
76*5626Shylee case 'm':
77*5626Shylee if (modulepath != NULL)
78*5626Shylee rv = KC_ERR_USAGE;
79*5626Shylee else {
80*5626Shylee modulepath = get_string(optarg_av, &rv);
81*5626Shylee if (modulepath == NULL) {
82*5626Shylee (void) fprintf(stderr,
83*5626Shylee gettext("Error modulepath.\n"));
84*5626Shylee }
85*5626Shylee }
86*5626Shylee break;
87*5626Shylee case 'o':
88*5626Shylee if (option_str != NULL) {
89*5626Shylee rv = KC_ERR_USAGE;
90*5626Shylee } else {
91*5626Shylee option_str = get_string(optarg_av, &rv);
92*5626Shylee if (option_str == NULL) {
93*5626Shylee (void) fprintf(stderr,
94*5626Shylee gettext("Error option input.\n"));
95*5626Shylee }
96*5626Shylee }
97*5626Shylee break;
98*5626Shylee default:
99*5626Shylee (void) fprintf(stderr,
100*5626Shylee gettext("Error input option.\n"));
101*5626Shylee rv = KC_ERR_USAGE;
102*5626Shylee break;
103*5626Shylee }
104*5626Shylee if (rv != KC_OK)
105*5626Shylee goto out;
106*5626Shylee }
107*5626Shylee
108*5626Shylee /* No additional args allowed. */
109*5626Shylee argc -= optind_av;
110*5626Shylee if (argc) {
111*5626Shylee (void) fprintf(stderr,
112*5626Shylee gettext("Error input option\n"));
113*5626Shylee rv = KC_ERR_USAGE;
114*5626Shylee goto out;
115*5626Shylee }
116*5626Shylee
117*5626Shylee if (keystore_name == NULL || modulepath == NULL) {
118*5626Shylee (void) fprintf(stderr, gettext("Error input option\n"));
119*5626Shylee rv = KC_ERR_USAGE;
120*5626Shylee goto out;
121*5626Shylee }
122*5626Shylee
123*5626Shylee if (strcasecmp(keystore_name, "nss") == 0 ||
124*5626Shylee strcasecmp(keystore_name, "pkcs11") == 0 ||
125*5626Shylee strcasecmp(keystore_name, "file") == 0) {
126*5626Shylee (void) fprintf(stderr,
127*5626Shylee gettext("Can not use the built-in keystore name %s\n"),
128*5626Shylee keystore_name);
129*5626Shylee rv = KC_ERR_USAGE;
130*5626Shylee goto out;
131*5626Shylee }
132*5626Shylee
133*5626Shylee entry = get_keystore_entry(keystore_name);
134*5626Shylee if (entry != NULL) {
135*5626Shylee (void) fprintf(stderr, gettext("%s exists already.\n"),
136*5626Shylee keystore_name);
137*5626Shylee rv = KC_ERR_USAGE;
138*5626Shylee goto out;
139*5626Shylee }
140*5626Shylee
141*5626Shylee /*
142*5626Shylee * Find the absolute path of the module and check if it exists in
143*5626Shylee * the system. If $ISA is in the path, will check the 32bit version
144*5626Shylee * only.
145*5626Shylee */
146*5626Shylee if (strncmp(modulepath, "/", 1) != 0) {
147*5626Shylee /*
148*5626Shylee * Only contain the base name; prepand it with
149*5626Shylee * KMF_PLUGIN_PATH
150*5626Shylee */
151*5626Shylee (void) snprintf(realpath, MAXPATHLEN, "%s%s",
152*5626Shylee KMF_PLUGIN_PATH, modulepath);
153*5626Shylee } else {
154*5626Shylee char *buf = modulepath;
155*5626Shylee char *isa;
156*5626Shylee
157*5626Shylee if ((isa = strstr(buf, PKCS11_ISA)) != NULL) {
158*5626Shylee (void) strncpy(realpath, buf, isa - buf);
159*5626Shylee isa += strlen(PKCS11_ISA) - 1;
160*5626Shylee (void) strlcat(realpath, isa, MAXPATHLEN);
161*5626Shylee } else {
162*5626Shylee (void) strlcpy(realpath, modulepath, MAXPATHLEN);
163*5626Shylee }
164*5626Shylee }
165*5626Shylee
166*5626Shylee if (stat(realpath, &statbuf) != 0) {
167*5626Shylee (void) fprintf(stderr, gettext("%s not found.\n"),
168*5626Shylee realpath);
169*5626Shylee rv = KC_ERR_ACCESS;
170*5626Shylee goto out;
171*5626Shylee }
172*5626Shylee
173*5626Shylee if ((pfile = fopen(_PATH_KMF_CONF, "r+")) == NULL) {
174*5626Shylee err = errno;
175*5626Shylee (void) fprintf(stderr,
176*5626Shylee gettext("failed to update the configuration - %s\n"),
177*5626Shylee strerror(err));
178*5626Shylee rv = KC_ERR_ACCESS;
179*5626Shylee goto out;
180*5626Shylee }
181*5626Shylee
182*5626Shylee if (lockf(fileno(pfile), F_TLOCK, 0) == -1) {
183*5626Shylee err = errno;
184*5626Shylee (void) fprintf(stderr,
185*5626Shylee gettext("failed to lock the configuration - %s\n"),
186*5626Shylee strerror(err));
187*5626Shylee rv = KC_ERR_INSTALL;
188*5626Shylee goto out;
189*5626Shylee }
190*5626Shylee
191*5626Shylee /*
192*5626Shylee * Create a temporary file in the /etc/crypto directory.
193*5626Shylee */
194*5626Shylee (void) strlcpy(tmpfile_name, CONF_TEMPFILE, sizeof (tmpfile_name));
195*5626Shylee if (mkstemp(tmpfile_name) == -1) {
196*5626Shylee err = errno;
197*5626Shylee (void) fprintf(stderr,
198*5626Shylee gettext("failed to create a temporary file - %s\n"),
199*5626Shylee strerror(err));
200*5626Shylee rv = KC_ERR_INSTALL;
201*5626Shylee goto out;
202*5626Shylee }
203*5626Shylee
204*5626Shylee if ((pfile_tmp = fopen(tmpfile_name, "w")) == NULL) {
205*5626Shylee err = errno;
206*5626Shylee (void) fprintf(stderr,
207*5626Shylee gettext("failed to open %s - %s\n"),
208*5626Shylee tmpfile_name, strerror(err));
209*5626Shylee rv = KC_ERR_INSTALL;
210*5626Shylee goto out;
211*5626Shylee }
212*5626Shylee
213*5626Shylee /*
214*5626Shylee * Loop thru the config file. If the file was reserved within a
215*5626Shylee * package bracket, just uncomment it. Other wise, append it at
216*5626Shylee * the end. The resulting file will be saved in the temp file first.
217*5626Shylee */
218*5626Shylee while (fgets(buffer, BUFSIZ, pfile) != NULL) {
219*5626Shylee found = B_FALSE;
220*5626Shylee if (buffer[0] == '#') {
221*5626Shylee ptr = buffer;
222*5626Shylee ptr++;
223*5626Shylee while (*ptr == '#' || *ptr == ' ')
224*5626Shylee ptr++;
225*5626Shylee if (strncmp(keystore_name, ptr, strlen(keystore_name))
226*5626Shylee == 0) {
227*5626Shylee found = B_TRUE;
228*5626Shylee found_count++;
229*5626Shylee }
230*5626Shylee }
231*5626Shylee
232*5626Shylee if (found == B_FALSE) {
233*5626Shylee if (fputs(buffer, pfile_tmp) == EOF) {
234*5626Shylee rv = KC_ERR_INSTALL;
235*5626Shylee goto out;
236*5626Shylee }
237*5626Shylee } else {
238*5626Shylee if (found_count == 1) {
239*5626Shylee if (fputs(ptr, pfile_tmp) == EOF) {
240*5626Shylee rv = KC_ERR_INSTALL;
241*5626Shylee goto out;
242*5626Shylee }
243*5626Shylee } else {
244*5626Shylee /*
245*5626Shylee * Found a second entry with #keystore_name.
246*5626Shylee * This should not happen. The kmf.conf file
247*5626Shylee * is corrupted. Give a warning and skip
248*5626Shylee * this entry.
249*5626Shylee */
250*5626Shylee (void) fprintf(stderr, gettext(
251*5626Shylee "(Warning) Found an additional reserved "
252*5626Shylee "entry for %s.\n"), keystore_name);
253*5626Shylee }
254*5626Shylee }
255*5626Shylee }
256*5626Shylee
257*5626Shylee if (found_count == 0) {
258*5626Shylee char buf[MAXPATHLEN];
259*5626Shylee /*
260*5626Shylee * This entry was not in package before, append it to the
261*5626Shylee * end of the temp file.
262*5626Shylee */
263*5626Shylee if (option_str == NULL)
264*5626Shylee (void) snprintf(buf, MAXPATHLEN, "%s:%s%s\n",
265*5626Shylee keystore_name, CONF_MODULEPATH, modulepath);
266*5626Shylee else
267*5626Shylee (void) snprintf(buf, MAXPATHLEN, "%s:%s%s;%s%s\n",
268*5626Shylee keystore_name, CONF_MODULEPATH, modulepath,
269*5626Shylee CONF_OPTION, option_str);
270*5626Shylee
271*5626Shylee if (fputs(buf, pfile_tmp) == EOF) {
272*5626Shylee err = errno;
273*5626Shylee (void) fprintf(stderr, gettext(
274*5626Shylee "failed to write to %s: %s\n"), tmpfile_name,
275*5626Shylee strerror(err));
276*5626Shylee rv = KC_ERR_INSTALL;
277*5626Shylee goto out;
278*5626Shylee }
279*5626Shylee }
280*5626Shylee
281*5626Shylee out:
282*5626Shylee if (pfile != NULL)
283*5626Shylee (void) fclose(pfile);
284*5626Shylee
285*5626Shylee if (rv != KC_OK && pfile_tmp != NULL)
286*5626Shylee (void) unlink(tmpfile_name);
287*5626Shylee
288*5626Shylee if (pfile_tmp != NULL)
289*5626Shylee (void) fclose(pfile_tmp);
290*5626Shylee
291*5626Shylee if (rv == KC_OK) {
292*5626Shylee if (rename(tmpfile_name, _PATH_KMF_CONF) == -1) {
293*5626Shylee err = errno;
294*5626Shylee (void) fprintf(stderr, gettext(
295*5626Shylee "failed to update the configuration - %s"),
296*5626Shylee strerror(err));
297*5626Shylee return (KC_ERR_INSTALL);
298*5626Shylee }
299*5626Shylee
300*5626Shylee if (chmod(_PATH_KMF_CONF,
301*5626Shylee S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) == -1) {
302*5626Shylee err = errno;
303*5626Shylee (void) fprintf(stderr, gettext(
304*5626Shylee "failed to update the configuration - %s\n"),
305*5626Shylee strerror(err));
306*5626Shylee return (KC_ERR_INSTALL);
307*5626Shylee }
308*5626Shylee }
309*5626Shylee
310*5626Shylee return (rv);
311*5626Shylee }
312