1#!/usr/perl5/bin/perl 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. 23# 24# This program initializes the private data needed to initialize 25# the PKCS#11 KMS provider (/usr/lib/security/pkcs11_kms.so.1) in 26# the Solaris Cryptographic Framework. 27# 28# It takes the following options: 29# [-p Profile Name] 30# [-a Agent ID] 31# [-i Agent Address] 32# [-t Transaction Timeout] 33# [-f Failover Limit] 34# [-d Discovery Frequency] 35# [-?] 36# 37 38use strict; 39use warnings; 40use locale; 41use Getopt::Std; 42use POSIX qw(locale_h); 43use File::Basename; 44use Sun::Solaris::Utils qw(textdomain gettext gmatch); 45 46my $cmd = basename($0); 47 48sub fatal { 49 print STDERR @_; 50 exit(1); 51} 52 53sub usage { 54 print STDERR gettext("Usage:") . " $cmd\n" . 55 gettext( 56 "\t[-p[rofile] Profile Name] The name of the KMA profile to use.\n" . 57 "\t[-a[gent] Agent ID] The KMA agent ID.\n" . 58 "\t[-i[paddr] Agent Address] Address of the KMA\n" . 59 "\t[-t[imeout] Transaction Timeout] Transaction timeout period (integer)\n" . 60 "\t[-f[ailover] Failover Limit] Maximum failover limit (integer)\n" . 61 "\t[-d[iscovery] Discovery Freq] Frequency to attempt KMA discovery\n"); 62 exit(1); 63} 64 65sub get_input { 66 my($prompt, $default) = @_; 67 my $resp; 68 if (length($default)) { 69 print "$prompt [$default]: "; 70 } else { 71 print "$prompt: "; 72 } 73 chop ($resp = <STDIN>); 74 if (length($default)) { 75 return $resp ? $resp : $default; 76 } 77 return $resp; 78} 79 80setlocale(LC_ALL, ""); 81textdomain(TEXT_DOMAIN); 82 83my($profile, $agentid, $address, $timeout, $failover, $discovery, $help); 84 85my (%opt); 86getopts('?p:a:i:t:f:d:', \%opt) || usage(); 87usage() if exists ($opt{'?'}); 88 89my $TOKENDIR; 90 91if (exists($ENV{KMSTOKEN_DIR})) { 92 $TOKENDIR= $ENV{KMSTOKEN_DIR}; 93} else { 94 my $name = getpwuid($<); 95 $TOKENDIR= "/var/kms/$name"; 96} 97 98my $cfgfile = "$TOKENDIR/kmstoken.cfg"; 99 100if ( ! -d $TOKENDIR ) { 101 mkdir ($TOKENDIR, 0700) || die "mkdir $TOKENDIR error: $!\n"; 102} 103 104if (-f $cfgfile) { 105 my $ans; 106 print gettext("KMS Token config file ") . "($cfgfile) " . 107 gettext("already exists,\n" . 108 "do you want to overwrite it (Y/n)? "); 109 chop ($ans = <STDIN>); 110 if (length($ans)) { 111 if ($ans !~ /^[yY].*/) { 112 exit(0); 113 } 114 } 115} 116 117if (!exists($opt{'p'})) { 118 $profile = get_input("Profile Name", ""); 119 if (!length($profile)) { 120 fatal(gettext("You must enter a KMA Profile Name.\n")); 121 } 122} else { 123 $profile = $opt{'p'}; 124} 125 126if (!exists($opt{'a'})) { 127 $agentid = get_input("Agent ID", ""); 128 if (!length($agentid)) { 129 fatal(gettext("You must enter a KMA Profile ID.\n")); 130 } 131} else { 132 $agentid = $opt{'a'}; 133} 134 135if (!exists($opt{'i'})) { 136 $address = get_input("KMA IP Address", ""); 137 if (!length($address)) { 138 fatal(gettext("You must enter a KMA IP Address.\n")); 139 } 140} else { 141 $address = $opt{'i'}; 142} 143 144if (!exists($opt{'t'})) { 145 $timeout = 10; 146} else { 147 $timeout = $opt{'t'}; 148} 149 150if (!exists($opt{'f'})) { 151 $failover = 3; 152} else { 153 $failover = $opt{'f'}; 154} 155 156if (!exists($opt{'d'})) { 157 $discovery = 10; 158} else { 159 $discovery = $opt{'d'}; 160} 161 162# Save the old one 163if (-f $cfgfile) { 164 rename($cfgfile, "$cfgfile.old"); 165} 166 167my $FH; 168 169open($FH, ">$cfgfile"); 170print $FH "#\n# Profile Name\n#\n$profile\n"; 171print $FH "#\n# Agent ID\n#\n$agentid\n"; 172print $FH "#\n# KMA Address\n#\n$address\n"; 173print $FH "#\n# Transaction Timeout\n#\n$timeout\n"; 174print $FH "#\n# Failover Limit\n#\n$failover\n"; 175print $FH "#\n# Discovery Frequency\n#\n$discovery\n"; 176print $FH "#\n# Security Mode\n#\n1\n"; 177close ($FH); 178 179exit(0); 180