1*12720SWyllys.Ingersoll@Sun.COM /* 2*12720SWyllys.Ingersoll@Sun.COM * CDDL HEADER START 3*12720SWyllys.Ingersoll@Sun.COM * 4*12720SWyllys.Ingersoll@Sun.COM * The contents of this file are subject to the terms of the 5*12720SWyllys.Ingersoll@Sun.COM * Common Development and Distribution License (the "License"). 6*12720SWyllys.Ingersoll@Sun.COM * You may not use this file except in compliance with the License. 7*12720SWyllys.Ingersoll@Sun.COM * 8*12720SWyllys.Ingersoll@Sun.COM * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9*12720SWyllys.Ingersoll@Sun.COM * or http://www.opensolaris.org/os/licensing. 10*12720SWyllys.Ingersoll@Sun.COM * See the License for the specific language governing permissions 11*12720SWyllys.Ingersoll@Sun.COM * and limitations under the License. 12*12720SWyllys.Ingersoll@Sun.COM * 13*12720SWyllys.Ingersoll@Sun.COM * When distributing Covered Code, include this CDDL HEADER in each 14*12720SWyllys.Ingersoll@Sun.COM * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15*12720SWyllys.Ingersoll@Sun.COM * If applicable, add the following below this CDDL HEADER, with the 16*12720SWyllys.Ingersoll@Sun.COM * fields enclosed by brackets "[]" replaced with your own identifying 17*12720SWyllys.Ingersoll@Sun.COM * information: Portions Copyright [yyyy] [name of copyright owner] 18*12720SWyllys.Ingersoll@Sun.COM * 19*12720SWyllys.Ingersoll@Sun.COM * CDDL HEADER END 20*12720SWyllys.Ingersoll@Sun.COM */ 21*12720SWyllys.Ingersoll@Sun.COM 22*12720SWyllys.Ingersoll@Sun.COM /* 23*12720SWyllys.Ingersoll@Sun.COM * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. 24*12720SWyllys.Ingersoll@Sun.COM */ 25*12720SWyllys.Ingersoll@Sun.COM 26*12720SWyllys.Ingersoll@Sun.COM /** 27*12720SWyllys.Ingersoll@Sun.COM * \file KMSAgentStorage.cpp 28*12720SWyllys.Ingersoll@Sun.COM * This file provides an implementation of the KMSAgentStorage.h 29*12720SWyllys.Ingersoll@Sun.COM * interface utilizing a filesystem for storage of KMS Client 30*12720SWyllys.Ingersoll@Sun.COM * Profile elements. 31*12720SWyllys.Ingersoll@Sun.COM * 32*12720SWyllys.Ingersoll@Sun.COM * For storage of Certificates and Private key material the PKICommon 33*12720SWyllys.Ingersoll@Sun.COM * interface is used. 34*12720SWyllys.Ingersoll@Sun.COM */ 35*12720SWyllys.Ingersoll@Sun.COM 36*12720SWyllys.Ingersoll@Sun.COM #include <stdio.h> 37*12720SWyllys.Ingersoll@Sun.COM #include <string.h> 38*12720SWyllys.Ingersoll@Sun.COM 39*12720SWyllys.Ingersoll@Sun.COM #ifndef METAWARE 40*12720SWyllys.Ingersoll@Sun.COM #include <errno.h> 41*12720SWyllys.Ingersoll@Sun.COM #endif 42*12720SWyllys.Ingersoll@Sun.COM 43*12720SWyllys.Ingersoll@Sun.COM #ifdef K_SOLARIS_PLATFORM 44*12720SWyllys.Ingersoll@Sun.COM #ifndef SOLARIS10 45*12720SWyllys.Ingersoll@Sun.COM #include <cryptoutil.h> 46*12720SWyllys.Ingersoll@Sun.COM #endif 47*12720SWyllys.Ingersoll@Sun.COM #include <pthread.h> 48*12720SWyllys.Ingersoll@Sun.COM #include <fcntl.h> 49*12720SWyllys.Ingersoll@Sun.COM #endif 50*12720SWyllys.Ingersoll@Sun.COM 51*12720SWyllys.Ingersoll@Sun.COM #include "stdsoap2.h" 52*12720SWyllys.Ingersoll@Sun.COM 53*12720SWyllys.Ingersoll@Sun.COM #include "KMSClientProfile.h" // must be before agentstorage 54*12720SWyllys.Ingersoll@Sun.COM #include "KMSAgentPKICommon.h" // must be before agentstorage 55*12720SWyllys.Ingersoll@Sun.COM #include "KMSAgentStorage.h" 56*12720SWyllys.Ingersoll@Sun.COM 57*12720SWyllys.Ingersoll@Sun.COM #include "SYSCommon.h" 58*12720SWyllys.Ingersoll@Sun.COM #include "AutoMutex.h" 59*12720SWyllys.Ingersoll@Sun.COM #include "KMSAuditLogger.h" 60*12720SWyllys.Ingersoll@Sun.COM #include "KMSClientProfileImpl.h" 61*12720SWyllys.Ingersoll@Sun.COM 62*12720SWyllys.Ingersoll@Sun.COM #include "KMSAgent_direct.h" 63*12720SWyllys.Ingersoll@Sun.COM #ifdef K_SOLARIS_PLATFORM 64*12720SWyllys.Ingersoll@Sun.COM #include "KMSAgent.h" 65*12720SWyllys.Ingersoll@Sun.COM #endif 66*12720SWyllys.Ingersoll@Sun.COM #include "k_setupssl.h" // K_ssl_client_context 67*12720SWyllys.Ingersoll@Sun.COM 68*12720SWyllys.Ingersoll@Sun.COM #ifdef METAWARE 69*12720SWyllys.Ingersoll@Sun.COM extern "C" int K_ssl_client_context(struct soap *soap, 70*12720SWyllys.Ingersoll@Sun.COM int flags, 71*12720SWyllys.Ingersoll@Sun.COM const char *keyfile, // NULL - SERVER 72*12720SWyllys.Ingersoll@Sun.COM const char *password, // NULL - SERVER 73*12720SWyllys.Ingersoll@Sun.COM const char *cafile, 74*12720SWyllys.Ingersoll@Sun.COM const char *capath, // ALWAYS NULL 75*12720SWyllys.Ingersoll@Sun.COM const char *randfile); // ALWAYS NULL 76*12720SWyllys.Ingersoll@Sun.COM #include "debug.h" 77*12720SWyllys.Ingersoll@Sun.COM #endif 78*12720SWyllys.Ingersoll@Sun.COM 79*12720SWyllys.Ingersoll@Sun.COM 80*12720SWyllys.Ingersoll@Sun.COM #define CA_CERTIFICATE_FILE "ca.crt" 81*12720SWyllys.Ingersoll@Sun.COM #define CLIENT_KEY_FILE "clientkey.pem" 82*12720SWyllys.Ingersoll@Sun.COM 83*12720SWyllys.Ingersoll@Sun.COM #define PROFILE_CONFIG_FILE "profile.cfg" 84*12720SWyllys.Ingersoll@Sun.COM #define PROFILE_CLUSTER_CONFIG_FILE "cluster.cfg" 85*12720SWyllys.Ingersoll@Sun.COM 86*12720SWyllys.Ingersoll@Sun.COM static char g_sWorkingDirectory[KMS_MAX_PATH_LENGTH+1]; 87*12720SWyllys.Ingersoll@Sun.COM static char g_sStringbuf[10000]; // too large to be on the 9840D stack 88*12720SWyllys.Ingersoll@Sun.COM 89*12720SWyllys.Ingersoll@Sun.COM static void BuildFullProfilePathWithName(utf8cstr o_pProfilePath, 90*12720SWyllys.Ingersoll@Sun.COM const char* const i_pWorkingDirectory, 91*12720SWyllys.Ingersoll@Sun.COM const char* const i_pProfileName) 92*12720SWyllys.Ingersoll@Sun.COM { 93*12720SWyllys.Ingersoll@Sun.COM int len; 94*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( o_pProfilePath ); 95*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( i_pWorkingDirectory ); 96*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( i_pProfileName ); 97*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( (strlen(i_pWorkingDirectory) > 0) ); 98*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( (strlen(i_pProfileName) > 0) ); 99*12720SWyllys.Ingersoll@Sun.COM 100*12720SWyllys.Ingersoll@Sun.COM #if defined(DEBUG_TRACE) && defined(METAWARE) 101*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE_ENTRY *trace = NULL; 102*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE( trace, BuildFullProfilePathWithName ); 103*12720SWyllys.Ingersoll@Sun.COM #endif 104*12720SWyllys.Ingersoll@Sun.COM 105*12720SWyllys.Ingersoll@Sun.COM strncpy(o_pProfilePath, i_pWorkingDirectory, 106*12720SWyllys.Ingersoll@Sun.COM KMS_MAX_FILE_NAME ); 107*12720SWyllys.Ingersoll@Sun.COM 108*12720SWyllys.Ingersoll@Sun.COM if ( o_pProfilePath[ strlen(o_pProfilePath) -1 ] != PATH_SEPARATOR ) 109*12720SWyllys.Ingersoll@Sun.COM { 110*12720SWyllys.Ingersoll@Sun.COM len = strlen(o_pProfilePath); 111*12720SWyllys.Ingersoll@Sun.COM o_pProfilePath[ len ] = PATH_SEPARATOR ; 112*12720SWyllys.Ingersoll@Sun.COM o_pProfilePath[ len + 1 ] = '\0'; 113*12720SWyllys.Ingersoll@Sun.COM } 114*12720SWyllys.Ingersoll@Sun.COM 115*12720SWyllys.Ingersoll@Sun.COM strncat( o_pProfilePath, i_pProfileName, KMS_MAX_FILE_NAME ); 116*12720SWyllys.Ingersoll@Sun.COM len = strlen(o_pProfilePath); 117*12720SWyllys.Ingersoll@Sun.COM o_pProfilePath[ len ] = PATH_SEPARATOR ; 118*12720SWyllys.Ingersoll@Sun.COM o_pProfilePath[ len +1 ] = '\0'; 119*12720SWyllys.Ingersoll@Sun.COM 120*12720SWyllys.Ingersoll@Sun.COM return; 121*12720SWyllys.Ingersoll@Sun.COM } 122*12720SWyllys.Ingersoll@Sun.COM 123*12720SWyllys.Ingersoll@Sun.COM static void BuildFullProfilePath(utf8cstr o_sProfilePath, 124*12720SWyllys.Ingersoll@Sun.COM const char* const i_pWorkingDirectory, 125*12720SWyllys.Ingersoll@Sun.COM const char* const i_pProfileName) 126*12720SWyllys.Ingersoll@Sun.COM { 127*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( o_sProfilePath ); 128*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( i_pWorkingDirectory ); 129*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( i_pProfileName ); 130*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( (strlen(i_pProfileName) > 0) ); 131*12720SWyllys.Ingersoll@Sun.COM 132*12720SWyllys.Ingersoll@Sun.COM BuildFullProfilePathWithName( o_sProfilePath, 133*12720SWyllys.Ingersoll@Sun.COM i_pWorkingDirectory, 134*12720SWyllys.Ingersoll@Sun.COM i_pProfileName ); 135*12720SWyllys.Ingersoll@Sun.COM 136*12720SWyllys.Ingersoll@Sun.COM return; 137*12720SWyllys.Ingersoll@Sun.COM } 138*12720SWyllys.Ingersoll@Sun.COM 139*12720SWyllys.Ingersoll@Sun.COM #ifdef K_SOLARIS_PLATFORM 140*12720SWyllys.Ingersoll@Sun.COM static struct flock cfgfl = { 141*12720SWyllys.Ingersoll@Sun.COM 0, 0, 0, 0, 0, 0, 142*12720SWyllys.Ingersoll@Sun.COM {0, 0, 0, 0} 143*12720SWyllys.Ingersoll@Sun.COM }; 144*12720SWyllys.Ingersoll@Sun.COM static struct flock clusterfl = { 145*12720SWyllys.Ingersoll@Sun.COM 0, 0, 0, 0, 0, 0, 146*12720SWyllys.Ingersoll@Sun.COM {0, 0, 0, 0} 147*12720SWyllys.Ingersoll@Sun.COM }; 148*12720SWyllys.Ingersoll@Sun.COM 149*12720SWyllys.Ingersoll@Sun.COM pthread_mutex_t cfg_mutex = PTHREAD_MUTEX_INITIALIZER; 150*12720SWyllys.Ingersoll@Sun.COM pthread_mutex_t cluster_mutex = PTHREAD_MUTEX_INITIALIZER; 151*12720SWyllys.Ingersoll@Sun.COM pthread_mutex_t keyfile_mutex = PTHREAD_MUTEX_INITIALIZER; 152*12720SWyllys.Ingersoll@Sun.COM 153*12720SWyllys.Ingersoll@Sun.COM static int 154*12720SWyllys.Ingersoll@Sun.COM flock_fd(int fd, int cmd, struct flock *fl, pthread_mutex_t *mutex) 155*12720SWyllys.Ingersoll@Sun.COM { 156*12720SWyllys.Ingersoll@Sun.COM int ret = 0; 157*12720SWyllys.Ingersoll@Sun.COM 158*12720SWyllys.Ingersoll@Sun.COM (void) pthread_mutex_lock(mutex); 159*12720SWyllys.Ingersoll@Sun.COM 160*12720SWyllys.Ingersoll@Sun.COM fl->l_type = cmd; 161*12720SWyllys.Ingersoll@Sun.COM 162*12720SWyllys.Ingersoll@Sun.COM while ((ret = fcntl(fd, F_SETLKW, fl)) == -1) { 163*12720SWyllys.Ingersoll@Sun.COM if (errno != EINTR) 164*12720SWyllys.Ingersoll@Sun.COM break; 165*12720SWyllys.Ingersoll@Sun.COM } 166*12720SWyllys.Ingersoll@Sun.COM (void) pthread_mutex_unlock(mutex); 167*12720SWyllys.Ingersoll@Sun.COM return (ret); 168*12720SWyllys.Ingersoll@Sun.COM } 169*12720SWyllys.Ingersoll@Sun.COM 170*12720SWyllys.Ingersoll@Sun.COM #endif 171*12720SWyllys.Ingersoll@Sun.COM 172*12720SWyllys.Ingersoll@Sun.COM static bool Profile_WriteConfigFile(KMSClientProfile *i_pProfile, 173*12720SWyllys.Ingersoll@Sun.COM const char *i_pFileName) 174*12720SWyllys.Ingersoll@Sun.COM { 175*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( i_pProfile ); 176*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( i_pFileName ); 177*12720SWyllys.Ingersoll@Sun.COM 178*12720SWyllys.Ingersoll@Sun.COM CAutoMutex oAutoMutex( (K_MUTEX_HANDLE)i_pProfile->m_pLock ); 179*12720SWyllys.Ingersoll@Sun.COM 180*12720SWyllys.Ingersoll@Sun.COM #if defined(DEBUG_TRACE) && defined(METAWARE) 181*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE_ENTRY *trace = NULL; 182*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE( trace, Profile_WriteConfigFile ); 183*12720SWyllys.Ingersoll@Sun.COM #endif 184*12720SWyllys.Ingersoll@Sun.COM 185*12720SWyllys.Ingersoll@Sun.COM char *sp = g_sStringbuf; 186*12720SWyllys.Ingersoll@Sun.COM size_t bytesWritten = 0; 187*12720SWyllys.Ingersoll@Sun.COM 188*12720SWyllys.Ingersoll@Sun.COM // save config parameters 189*12720SWyllys.Ingersoll@Sun.COM 190*12720SWyllys.Ingersoll@Sun.COM myFILE *fp = fopen(i_pFileName, "w"); 191*12720SWyllys.Ingersoll@Sun.COM if(fp == NULL) 192*12720SWyllys.Ingersoll@Sun.COM { 193*12720SWyllys.Ingersoll@Sun.COM LogError(i_pProfile, 194*12720SWyllys.Ingersoll@Sun.COM AUDIT_PROFILE_WRITE_CONFIG_FILE_OPEN_CONFIGURATION_FILE_FAILED, 195*12720SWyllys.Ingersoll@Sun.COM NULL, 196*12720SWyllys.Ingersoll@Sun.COM NULL, 197*12720SWyllys.Ingersoll@Sun.COM i_pFileName); 198*12720SWyllys.Ingersoll@Sun.COM 199*12720SWyllys.Ingersoll@Sun.COM return false; 200*12720SWyllys.Ingersoll@Sun.COM } 201*12720SWyllys.Ingersoll@Sun.COM 202*12720SWyllys.Ingersoll@Sun.COM #ifdef K_SOLARIS_PLATFORM 203*12720SWyllys.Ingersoll@Sun.COM int fd = fileno(fp); 204*12720SWyllys.Ingersoll@Sun.COM (void) flock_fd(fd, F_WRLCK, &cfgfl, &cfg_mutex); 205*12720SWyllys.Ingersoll@Sun.COM #endif 206*12720SWyllys.Ingersoll@Sun.COM 207*12720SWyllys.Ingersoll@Sun.COM const char* const sProfileName = i_pProfile->m_wsProfileName; 208*12720SWyllys.Ingersoll@Sun.COM 209*12720SWyllys.Ingersoll@Sun.COM sp += K_snprintf(sp, sizeof(i_pProfile->m_wsProfileName), "ProfileName=%s\n", sProfileName); 210*12720SWyllys.Ingersoll@Sun.COM 211*12720SWyllys.Ingersoll@Sun.COM sp += K_snprintf(sp, sizeof(i_pProfile->m_wsProfileName), "AgentID=%s\n", i_pProfile->m_wsEntityID); 212*12720SWyllys.Ingersoll@Sun.COM 213*12720SWyllys.Ingersoll@Sun.COM sp += K_snprintf(sp, sizeof(i_pProfile->m_wsProfileName), "ClusterDiscoveryFrequency=%d\n", 214*12720SWyllys.Ingersoll@Sun.COM i_pProfile->m_iClusterDiscoveryFrequency); 215*12720SWyllys.Ingersoll@Sun.COM 216*12720SWyllys.Ingersoll@Sun.COM sp += K_snprintf(sp, sizeof(i_pProfile->m_wsProfileName), "CAServicePortNumber=%d\n", 217*12720SWyllys.Ingersoll@Sun.COM i_pProfile->m_iPortForCAService); 218*12720SWyllys.Ingersoll@Sun.COM 219*12720SWyllys.Ingersoll@Sun.COM sp += K_snprintf(sp, sizeof(i_pProfile->m_wsProfileName), "CertificateServicePortNumber=%d\n", 220*12720SWyllys.Ingersoll@Sun.COM i_pProfile->m_iPortForCertificateService); 221*12720SWyllys.Ingersoll@Sun.COM 222*12720SWyllys.Ingersoll@Sun.COM if(i_pProfile->m_iPortForAgentService != 0) 223*12720SWyllys.Ingersoll@Sun.COM { 224*12720SWyllys.Ingersoll@Sun.COM sp += K_snprintf(sp, sizeof(i_pProfile->m_wsProfileName), "AgentServicePortNumber=%d\n", 225*12720SWyllys.Ingersoll@Sun.COM i_pProfile->m_iPortForAgentService); 226*12720SWyllys.Ingersoll@Sun.COM } 227*12720SWyllys.Ingersoll@Sun.COM 228*12720SWyllys.Ingersoll@Sun.COM if(i_pProfile->m_iPortForDiscoveryService != 0) 229*12720SWyllys.Ingersoll@Sun.COM { 230*12720SWyllys.Ingersoll@Sun.COM sp += K_snprintf(sp, sizeof(i_pProfile->m_wsProfileName), "DiscoveryServicePortNumber=%d\n", 231*12720SWyllys.Ingersoll@Sun.COM i_pProfile->m_iPortForDiscoveryService); 232*12720SWyllys.Ingersoll@Sun.COM } 233*12720SWyllys.Ingersoll@Sun.COM 234*12720SWyllys.Ingersoll@Sun.COM sp += K_snprintf(sp, sizeof(i_pProfile->m_wsProfileName), "ApplianceAddress=%s\n", i_pProfile->m_wsApplianceAddress); 235*12720SWyllys.Ingersoll@Sun.COM 236*12720SWyllys.Ingersoll@Sun.COM sp += K_snprintf(sp, sizeof(i_pProfile->m_wsProfileName), "Timeout=%d\n", i_pProfile->m_iTransactionTimeout); 237*12720SWyllys.Ingersoll@Sun.COM 238*12720SWyllys.Ingersoll@Sun.COM sp += K_snprintf(sp, sizeof(i_pProfile->m_wsProfileName), "FailoverLimt=%d\n", i_pProfile->m_iFailoverLimit); 239*12720SWyllys.Ingersoll@Sun.COM 240*12720SWyllys.Ingersoll@Sun.COM sp += K_snprintf(sp, sizeof(i_pProfile->m_wsProfileName), "HexHashedPassphrase=%s\n", i_pProfile->m_sHexHashedPassphrase); 241*12720SWyllys.Ingersoll@Sun.COM 242*12720SWyllys.Ingersoll@Sun.COM bytesWritten = fputs(g_sStringbuf, fp); 243*12720SWyllys.Ingersoll@Sun.COM 244*12720SWyllys.Ingersoll@Sun.COM #ifdef K_SOLARIS_PLATFORM 245*12720SWyllys.Ingersoll@Sun.COM (void) flock_fd(fd, F_UNLCK, &cfgfl, &cfg_mutex); 246*12720SWyllys.Ingersoll@Sun.COM #endif 247*12720SWyllys.Ingersoll@Sun.COM 248*12720SWyllys.Ingersoll@Sun.COM #ifndef WIN32 249*12720SWyllys.Ingersoll@Sun.COM if ( strlen(g_sStringbuf) != bytesWritten ) 250*12720SWyllys.Ingersoll@Sun.COM #else 251*12720SWyllys.Ingersoll@Sun.COM if ( bytesWritten < 0 ) 252*12720SWyllys.Ingersoll@Sun.COM #endif 253*12720SWyllys.Ingersoll@Sun.COM { 254*12720SWyllys.Ingersoll@Sun.COM fclose(fp); 255*12720SWyllys.Ingersoll@Sun.COM return false; 256*12720SWyllys.Ingersoll@Sun.COM } 257*12720SWyllys.Ingersoll@Sun.COM fclose(fp); 258*12720SWyllys.Ingersoll@Sun.COM 259*12720SWyllys.Ingersoll@Sun.COM return true; 260*12720SWyllys.Ingersoll@Sun.COM } 261*12720SWyllys.Ingersoll@Sun.COM 262*12720SWyllys.Ingersoll@Sun.COM static bool Profile_ReadConfigFile 263*12720SWyllys.Ingersoll@Sun.COM ( KMSClientProfile *i_pProfile, 264*12720SWyllys.Ingersoll@Sun.COM const char *i_pFileName) 265*12720SWyllys.Ingersoll@Sun.COM { 266*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( i_pProfile ); 267*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( i_pFileName ); 268*12720SWyllys.Ingersoll@Sun.COM 269*12720SWyllys.Ingersoll@Sun.COM #if defined(DEBUG_TRACE) && defined(METAWARE) 270*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE_ENTRY *trace = NULL; 271*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE( trace, Profile_ReadConfigFile ) ; 272*12720SWyllys.Ingersoll@Sun.COM #endif 273*12720SWyllys.Ingersoll@Sun.COM 274*12720SWyllys.Ingersoll@Sun.COM CAutoMutex oAutoMutex( (K_MUTEX_HANDLE)i_pProfile->m_pLock ); 275*12720SWyllys.Ingersoll@Sun.COM 276*12720SWyllys.Ingersoll@Sun.COM const int iMaxLineSize = 1024; 277*12720SWyllys.Ingersoll@Sun.COM 278*12720SWyllys.Ingersoll@Sun.COM myFILE *fp; 279*12720SWyllys.Ingersoll@Sun.COM char acBuffer[iMaxLineSize+1]; 280*12720SWyllys.Ingersoll@Sun.COM 281*12720SWyllys.Ingersoll@Sun.COM fp = fopen(i_pFileName, "r"); 282*12720SWyllys.Ingersoll@Sun.COM if(fp == NULL) 283*12720SWyllys.Ingersoll@Sun.COM { 284*12720SWyllys.Ingersoll@Sun.COM LogError(i_pProfile, 285*12720SWyllys.Ingersoll@Sun.COM AUDIT_PROFILE_READ_CONFIG_FILE_OPEN_CONFIGURATION_FILE_FAILED, 286*12720SWyllys.Ingersoll@Sun.COM NULL, 287*12720SWyllys.Ingersoll@Sun.COM NULL, 288*12720SWyllys.Ingersoll@Sun.COM i_pFileName); 289*12720SWyllys.Ingersoll@Sun.COM return false; 290*12720SWyllys.Ingersoll@Sun.COM } 291*12720SWyllys.Ingersoll@Sun.COM 292*12720SWyllys.Ingersoll@Sun.COM #ifdef K_SOLARIS_PLATFORM 293*12720SWyllys.Ingersoll@Sun.COM int fd = fileno(fp); 294*12720SWyllys.Ingersoll@Sun.COM (void) flock_fd(fd, F_RDLCK, &cfgfl, &cfg_mutex); 295*12720SWyllys.Ingersoll@Sun.COM #endif 296*12720SWyllys.Ingersoll@Sun.COM // read file one line by one line 297*12720SWyllys.Ingersoll@Sun.COM while(1) 298*12720SWyllys.Ingersoll@Sun.COM { 299*12720SWyllys.Ingersoll@Sun.COM int i; 300*12720SWyllys.Ingersoll@Sun.COM char *pName, *pValue; 301*12720SWyllys.Ingersoll@Sun.COM 302*12720SWyllys.Ingersoll@Sun.COM memset(acBuffer, 0, iMaxLineSize+1); 303*12720SWyllys.Ingersoll@Sun.COM 304*12720SWyllys.Ingersoll@Sun.COM //--------------------------- 305*12720SWyllys.Ingersoll@Sun.COM // get info from the file 306*12720SWyllys.Ingersoll@Sun.COM //--------------------------- 307*12720SWyllys.Ingersoll@Sun.COM if(fgets(acBuffer, iMaxLineSize+1, fp) == NULL) 308*12720SWyllys.Ingersoll@Sun.COM break; 309*12720SWyllys.Ingersoll@Sun.COM 310*12720SWyllys.Ingersoll@Sun.COM if(strlen(acBuffer) < 3) 311*12720SWyllys.Ingersoll@Sun.COM continue; 312*12720SWyllys.Ingersoll@Sun.COM 313*12720SWyllys.Ingersoll@Sun.COM if(acBuffer[0] == '#' || 314*12720SWyllys.Ingersoll@Sun.COM acBuffer[0] == ';' || 315*12720SWyllys.Ingersoll@Sun.COM acBuffer[0] == '[') // jump comments 316*12720SWyllys.Ingersoll@Sun.COM continue; 317*12720SWyllys.Ingersoll@Sun.COM 318*12720SWyllys.Ingersoll@Sun.COM pName = acBuffer; 319*12720SWyllys.Ingersoll@Sun.COM pValue = NULL; 320*12720SWyllys.Ingersoll@Sun.COM 321*12720SWyllys.Ingersoll@Sun.COM for(i = 0; acBuffer[i] != '\0'; i++) 322*12720SWyllys.Ingersoll@Sun.COM { 323*12720SWyllys.Ingersoll@Sun.COM if(acBuffer[i] == '=') 324*12720SWyllys.Ingersoll@Sun.COM pValue = acBuffer + i + 1; 325*12720SWyllys.Ingersoll@Sun.COM 326*12720SWyllys.Ingersoll@Sun.COM if(acBuffer[i] == '=' || 327*12720SWyllys.Ingersoll@Sun.COM acBuffer[i] == '\r' || 328*12720SWyllys.Ingersoll@Sun.COM acBuffer[i] == '\n') 329*12720SWyllys.Ingersoll@Sun.COM acBuffer[i] = '\0'; 330*12720SWyllys.Ingersoll@Sun.COM } 331*12720SWyllys.Ingersoll@Sun.COM 332*12720SWyllys.Ingersoll@Sun.COM if(pValue == NULL) 333*12720SWyllys.Ingersoll@Sun.COM { 334*12720SWyllys.Ingersoll@Sun.COM LogError(i_pProfile, 335*12720SWyllys.Ingersoll@Sun.COM AUDIT_PROFILE_READ_CONFIG_FILE_INVALID_CONFIGURATION_FILE_FORMAT, 336*12720SWyllys.Ingersoll@Sun.COM NULL, 337*12720SWyllys.Ingersoll@Sun.COM NULL, 338*12720SWyllys.Ingersoll@Sun.COM i_pFileName); 339*12720SWyllys.Ingersoll@Sun.COM #ifdef K_SOLARIS_PLATFORM 340*12720SWyllys.Ingersoll@Sun.COM (void) flock_fd(fd, F_UNLCK, &cfgfl, &cfg_mutex); 341*12720SWyllys.Ingersoll@Sun.COM #endif 342*12720SWyllys.Ingersoll@Sun.COM fclose(fp); 343*12720SWyllys.Ingersoll@Sun.COM return false; 344*12720SWyllys.Ingersoll@Sun.COM } 345*12720SWyllys.Ingersoll@Sun.COM 346*12720SWyllys.Ingersoll@Sun.COM if(strcmp(pName, "ProfileName") == 0) 347*12720SWyllys.Ingersoll@Sun.COM { 348*12720SWyllys.Ingersoll@Sun.COM utf8cstr wsValue = pValue; 349*12720SWyllys.Ingersoll@Sun.COM strncpy(i_pProfile->m_wsProfileName, wsValue, KMS_MAX_ENTITY_ID); 350*12720SWyllys.Ingersoll@Sun.COM i_pProfile->m_wsProfileName[KMS_MAX_ENTITY_ID] = 0; 351*12720SWyllys.Ingersoll@Sun.COM } 352*12720SWyllys.Ingersoll@Sun.COM 353*12720SWyllys.Ingersoll@Sun.COM if(strcmp(pName, "AgentID") == 0) 354*12720SWyllys.Ingersoll@Sun.COM { 355*12720SWyllys.Ingersoll@Sun.COM utf8cstr wsValue = pValue; 356*12720SWyllys.Ingersoll@Sun.COM strncpy(i_pProfile->m_wsEntityID, wsValue, KMS_MAX_ENTITY_ID); 357*12720SWyllys.Ingersoll@Sun.COM i_pProfile->m_wsEntityID[KMS_MAX_ENTITY_ID] = 0; 358*12720SWyllys.Ingersoll@Sun.COM } 359*12720SWyllys.Ingersoll@Sun.COM 360*12720SWyllys.Ingersoll@Sun.COM if(strcmp(pName, "ClusterDiscoveryFrequency") == 0) 361*12720SWyllys.Ingersoll@Sun.COM { 362*12720SWyllys.Ingersoll@Sun.COM sscanf(pValue, "%d", &(i_pProfile->m_iClusterDiscoveryFrequency)); 363*12720SWyllys.Ingersoll@Sun.COM } 364*12720SWyllys.Ingersoll@Sun.COM 365*12720SWyllys.Ingersoll@Sun.COM if(strcmp(pName, "CAServicePortNumber") == 0) 366*12720SWyllys.Ingersoll@Sun.COM { 367*12720SWyllys.Ingersoll@Sun.COM sscanf(pValue, "%d", &(i_pProfile->m_iPortForCAService)); 368*12720SWyllys.Ingersoll@Sun.COM } 369*12720SWyllys.Ingersoll@Sun.COM 370*12720SWyllys.Ingersoll@Sun.COM if(strcmp(pName, "CertificateServicePortNumber") == 0) 371*12720SWyllys.Ingersoll@Sun.COM { 372*12720SWyllys.Ingersoll@Sun.COM sscanf(pValue, "%d", &(i_pProfile->m_iPortForCertificateService)); 373*12720SWyllys.Ingersoll@Sun.COM } 374*12720SWyllys.Ingersoll@Sun.COM 375*12720SWyllys.Ingersoll@Sun.COM if(strcmp(pName, "AgentServicePortNumber") == 0) 376*12720SWyllys.Ingersoll@Sun.COM { 377*12720SWyllys.Ingersoll@Sun.COM sscanf(pValue, "%d", &(i_pProfile->m_iPortForAgentService)); 378*12720SWyllys.Ingersoll@Sun.COM } 379*12720SWyllys.Ingersoll@Sun.COM 380*12720SWyllys.Ingersoll@Sun.COM if(strcmp(pName, "DiscoveryServicePortNumber") == 0) 381*12720SWyllys.Ingersoll@Sun.COM { 382*12720SWyllys.Ingersoll@Sun.COM sscanf(pValue, "%d", &(i_pProfile->m_iPortForDiscoveryService)); 383*12720SWyllys.Ingersoll@Sun.COM } 384*12720SWyllys.Ingersoll@Sun.COM 385*12720SWyllys.Ingersoll@Sun.COM if(strcmp(pName, "ApplianceAddress") == 0) 386*12720SWyllys.Ingersoll@Sun.COM { 387*12720SWyllys.Ingersoll@Sun.COM utf8cstr wsValue = pValue; 388*12720SWyllys.Ingersoll@Sun.COM strncpy(i_pProfile->m_wsApplianceAddress, 389*12720SWyllys.Ingersoll@Sun.COM wsValue, KMS_MAX_NETWORK_ADDRESS); 390*12720SWyllys.Ingersoll@Sun.COM i_pProfile->m_wsApplianceAddress[KMS_MAX_NETWORK_ADDRESS] = 0; 391*12720SWyllys.Ingersoll@Sun.COM } 392*12720SWyllys.Ingersoll@Sun.COM 393*12720SWyllys.Ingersoll@Sun.COM if(strcmp(pName, "Timeout") == 0) 394*12720SWyllys.Ingersoll@Sun.COM { 395*12720SWyllys.Ingersoll@Sun.COM sscanf(pValue, "%d", &(i_pProfile->m_iTransactionTimeout)); 396*12720SWyllys.Ingersoll@Sun.COM } 397*12720SWyllys.Ingersoll@Sun.COM 398*12720SWyllys.Ingersoll@Sun.COM if(strcmp(pName, "FailoverLimt") == 0) 399*12720SWyllys.Ingersoll@Sun.COM { 400*12720SWyllys.Ingersoll@Sun.COM sscanf(pValue, "%d", &(i_pProfile->m_iFailoverLimit)); 401*12720SWyllys.Ingersoll@Sun.COM } 402*12720SWyllys.Ingersoll@Sun.COM 403*12720SWyllys.Ingersoll@Sun.COM if(strcmp(pName, "HexHashedPassphrase") == 0) 404*12720SWyllys.Ingersoll@Sun.COM { 405*12720SWyllys.Ingersoll@Sun.COM sscanf(pValue, "%s", i_pProfile->m_sHexHashedPassphrase); 406*12720SWyllys.Ingersoll@Sun.COM } 407*12720SWyllys.Ingersoll@Sun.COM } 408*12720SWyllys.Ingersoll@Sun.COM 409*12720SWyllys.Ingersoll@Sun.COM #ifdef K_SOLARIS_PLATFORM 410*12720SWyllys.Ingersoll@Sun.COM (void) flock_fd(fd, F_UNLCK, &cfgfl, &cfg_mutex); 411*12720SWyllys.Ingersoll@Sun.COM #endif 412*12720SWyllys.Ingersoll@Sun.COM fclose(fp); 413*12720SWyllys.Ingersoll@Sun.COM 414*12720SWyllys.Ingersoll@Sun.COM return true; 415*12720SWyllys.Ingersoll@Sun.COM } 416*12720SWyllys.Ingersoll@Sun.COM 417*12720SWyllys.Ingersoll@Sun.COM 418*12720SWyllys.Ingersoll@Sun.COM 419*12720SWyllys.Ingersoll@Sun.COM 420*12720SWyllys.Ingersoll@Sun.COM 421*12720SWyllys.Ingersoll@Sun.COM /*! ProfileExists 422*12720SWyllys.Ingersoll@Sun.COM * 423*12720SWyllys.Ingersoll@Sun.COM */ 424*12720SWyllys.Ingersoll@Sun.COM extern "C" bool ProfileExists( 425*12720SWyllys.Ingersoll@Sun.COM const char* const i_pWorkingDirectory, 426*12720SWyllys.Ingersoll@Sun.COM const char* const i_pProfileName) 427*12720SWyllys.Ingersoll@Sun.COM { 428*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( i_pWorkingDirectory ); 429*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( i_pProfileName ); 430*12720SWyllys.Ingersoll@Sun.COM 431*12720SWyllys.Ingersoll@Sun.COM #if defined(DEBUG_TRACE) && defined(METAWARE) 432*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE_ENTRY *trace = NULL; 433*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE( trace, ProfileExists ); 434*12720SWyllys.Ingersoll@Sun.COM #endif 435*12720SWyllys.Ingersoll@Sun.COM 436*12720SWyllys.Ingersoll@Sun.COM 437*12720SWyllys.Ingersoll@Sun.COM // the profile is stored in the working folder 438*12720SWyllys.Ingersoll@Sun.COM strncpy( g_sWorkingDirectory, 439*12720SWyllys.Ingersoll@Sun.COM i_pWorkingDirectory, 440*12720SWyllys.Ingersoll@Sun.COM KMS_MAX_PATH_LENGTH ); 441*12720SWyllys.Ingersoll@Sun.COM 442*12720SWyllys.Ingersoll@Sun.COM char sFullProfileDir[KMS_MAX_FILE_NAME+1]; 443*12720SWyllys.Ingersoll@Sun.COM BuildFullProfilePath( sFullProfileDir, 444*12720SWyllys.Ingersoll@Sun.COM i_pWorkingDirectory, 445*12720SWyllys.Ingersoll@Sun.COM i_pProfileName ); 446*12720SWyllys.Ingersoll@Sun.COM 447*12720SWyllys.Ingersoll@Sun.COM char sConfigFile[KMS_MAX_FILE_NAME+1] = ""; 448*12720SWyllys.Ingersoll@Sun.COM strncpy( sConfigFile, sFullProfileDir, KMS_MAX_FILE_NAME ); 449*12720SWyllys.Ingersoll@Sun.COM sConfigFile[KMS_MAX_FILE_NAME] = '\0'; 450*12720SWyllys.Ingersoll@Sun.COM strncat( sConfigFile, PROFILE_CONFIG_FILE, KMS_MAX_FILE_NAME ); 451*12720SWyllys.Ingersoll@Sun.COM 452*12720SWyllys.Ingersoll@Sun.COM // just try to open the file to test if it exists 453*12720SWyllys.Ingersoll@Sun.COM 454*12720SWyllys.Ingersoll@Sun.COM bool bProfileExists = false; 455*12720SWyllys.Ingersoll@Sun.COM 456*12720SWyllys.Ingersoll@Sun.COM myFILE* pfFile = fopen( sConfigFile, "rb" ); 457*12720SWyllys.Ingersoll@Sun.COM 458*12720SWyllys.Ingersoll@Sun.COM if ( pfFile != NULL ) 459*12720SWyllys.Ingersoll@Sun.COM { 460*12720SWyllys.Ingersoll@Sun.COM bProfileExists = true; 461*12720SWyllys.Ingersoll@Sun.COM 462*12720SWyllys.Ingersoll@Sun.COM fclose(pfFile); 463*12720SWyllys.Ingersoll@Sun.COM } 464*12720SWyllys.Ingersoll@Sun.COM 465*12720SWyllys.Ingersoll@Sun.COM return bProfileExists; 466*12720SWyllys.Ingersoll@Sun.COM } 467*12720SWyllys.Ingersoll@Sun.COM 468*12720SWyllys.Ingersoll@Sun.COM 469*12720SWyllys.Ingersoll@Sun.COM /*! CreateProfile 470*12720SWyllys.Ingersoll@Sun.COM * 471*12720SWyllys.Ingersoll@Sun.COM */ 472*12720SWyllys.Ingersoll@Sun.COM bool CreateProfile( 473*12720SWyllys.Ingersoll@Sun.COM KMSClientProfile* const io_pProfile, 474*12720SWyllys.Ingersoll@Sun.COM const char* const i_pWorkingDirectory, 475*12720SWyllys.Ingersoll@Sun.COM const char* const i_pProfileName) 476*12720SWyllys.Ingersoll@Sun.COM { 477*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( io_pProfile ); 478*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( i_pWorkingDirectory ); 479*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( i_pProfileName ); 480*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( (strlen(i_pProfileName) > 0) ); 481*12720SWyllys.Ingersoll@Sun.COM 482*12720SWyllys.Ingersoll@Sun.COM #if defined(DEBUG_TRACE) && defined(METAWARE) 483*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE_ENTRY *trace = NULL; 484*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE( trace, CreateProfile ); 485*12720SWyllys.Ingersoll@Sun.COM 486*12720SWyllys.Ingersoll@Sun.COM #endif 487*12720SWyllys.Ingersoll@Sun.COM 488*12720SWyllys.Ingersoll@Sun.COM bool bSuccess = false; 489*12720SWyllys.Ingersoll@Sun.COM CAutoMutex oAutoMutex( (K_MUTEX_HANDLE)io_pProfile->m_pLock ); 490*12720SWyllys.Ingersoll@Sun.COM 491*12720SWyllys.Ingersoll@Sun.COM char sFullProfileDir[KMS_MAX_FILE_NAME]; 492*12720SWyllys.Ingersoll@Sun.COM BuildFullProfilePath( sFullProfileDir, 493*12720SWyllys.Ingersoll@Sun.COM i_pWorkingDirectory, 494*12720SWyllys.Ingersoll@Sun.COM i_pProfileName ); 495*12720SWyllys.Ingersoll@Sun.COM 496*12720SWyllys.Ingersoll@Sun.COM bSuccess = ( K_CreateDirectory( sFullProfileDir ) == 0 ); 497*12720SWyllys.Ingersoll@Sun.COM 498*12720SWyllys.Ingersoll@Sun.COM if ( !bSuccess ) 499*12720SWyllys.Ingersoll@Sun.COM { 500*12720SWyllys.Ingersoll@Sun.COM Log(AUDIT_CLIENT_LOAD_PROFILE_CREATE_DIRECTORY_FAILED, 501*12720SWyllys.Ingersoll@Sun.COM NULL, 502*12720SWyllys.Ingersoll@Sun.COM NULL, 503*12720SWyllys.Ingersoll@Sun.COM NULL ); 504*12720SWyllys.Ingersoll@Sun.COM } 505*12720SWyllys.Ingersoll@Sun.COM strncpy( g_sWorkingDirectory, i_pWorkingDirectory, KMS_MAX_PATH_LENGTH ); 506*12720SWyllys.Ingersoll@Sun.COM 507*12720SWyllys.Ingersoll@Sun.COM bSuccess = StoreConfig( io_pProfile ); 508*12720SWyllys.Ingersoll@Sun.COM if ( !bSuccess ) 509*12720SWyllys.Ingersoll@Sun.COM { 510*12720SWyllys.Ingersoll@Sun.COM Log(AUDIT_CLIENT_LOAD_PROFILE_CREATE_PROFILE_CONFIG_FAILED, 511*12720SWyllys.Ingersoll@Sun.COM NULL, 512*12720SWyllys.Ingersoll@Sun.COM NULL, 513*12720SWyllys.Ingersoll@Sun.COM NULL ); 514*12720SWyllys.Ingersoll@Sun.COM } 515*12720SWyllys.Ingersoll@Sun.COM else 516*12720SWyllys.Ingersoll@Sun.COM { 517*12720SWyllys.Ingersoll@Sun.COM Log(AUDIT_CLIENT_LOAD_PROFILE_CREATE_PROFILE_CONFIG_SUCCEEDED, 518*12720SWyllys.Ingersoll@Sun.COM NULL, 519*12720SWyllys.Ingersoll@Sun.COM NULL, 520*12720SWyllys.Ingersoll@Sun.COM NULL ); 521*12720SWyllys.Ingersoll@Sun.COM } 522*12720SWyllys.Ingersoll@Sun.COM 523*12720SWyllys.Ingersoll@Sun.COM return bSuccess; 524*12720SWyllys.Ingersoll@Sun.COM } 525*12720SWyllys.Ingersoll@Sun.COM 526*12720SWyllys.Ingersoll@Sun.COM 527*12720SWyllys.Ingersoll@Sun.COM /*! StoreConfig 528*12720SWyllys.Ingersoll@Sun.COM * Store the configuration to persistent storage 529*12720SWyllys.Ingersoll@Sun.COM */ 530*12720SWyllys.Ingersoll@Sun.COM bool StoreConfig( 531*12720SWyllys.Ingersoll@Sun.COM KMSClientProfile* const i_pProfile ) 532*12720SWyllys.Ingersoll@Sun.COM { 533*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( i_pProfile ); 534*12720SWyllys.Ingersoll@Sun.COM 535*12720SWyllys.Ingersoll@Sun.COM #if defined(DEBUG_TRACE) && defined(METAWARE) 536*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE_ENTRY *trace = NULL; 537*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE( trace, StoreConfig ) ; 538*12720SWyllys.Ingersoll@Sun.COM #endif 539*12720SWyllys.Ingersoll@Sun.COM 540*12720SWyllys.Ingersoll@Sun.COM char sConfigFile[KMS_MAX_FILE_NAME]; 541*12720SWyllys.Ingersoll@Sun.COM BuildFullProfilePath( sConfigFile, 542*12720SWyllys.Ingersoll@Sun.COM g_sWorkingDirectory, i_pProfile->m_wsProfileName ); 543*12720SWyllys.Ingersoll@Sun.COM 544*12720SWyllys.Ingersoll@Sun.COM strncat( sConfigFile, PROFILE_CONFIG_FILE, KMS_MAX_FILE_NAME ); 545*12720SWyllys.Ingersoll@Sun.COM 546*12720SWyllys.Ingersoll@Sun.COM return Profile_WriteConfigFile(i_pProfile, sConfigFile ); 547*12720SWyllys.Ingersoll@Sun.COM } 548*12720SWyllys.Ingersoll@Sun.COM 549*12720SWyllys.Ingersoll@Sun.COM /*! StoreCluster 550*12720SWyllys.Ingersoll@Sun.COM * Store the cluster to persistent storage 551*12720SWyllys.Ingersoll@Sun.COM */ 552*12720SWyllys.Ingersoll@Sun.COM bool StoreCluster( 553*12720SWyllys.Ingersoll@Sun.COM KMSClientProfile* const i_pProfile ) 554*12720SWyllys.Ingersoll@Sun.COM { 555*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( i_pProfile ); 556*12720SWyllys.Ingersoll@Sun.COM 557*12720SWyllys.Ingersoll@Sun.COM myFILE *fp; 558*12720SWyllys.Ingersoll@Sun.COM int sCount; 559*12720SWyllys.Ingersoll@Sun.COM char *sp = g_sStringbuf; 560*12720SWyllys.Ingersoll@Sun.COM 561*12720SWyllys.Ingersoll@Sun.COM char sFullProfileDir[KMS_MAX_FILE_NAME+1]; 562*12720SWyllys.Ingersoll@Sun.COM BuildFullProfilePath( sFullProfileDir, 563*12720SWyllys.Ingersoll@Sun.COM g_sWorkingDirectory, i_pProfile->m_wsProfileName ); 564*12720SWyllys.Ingersoll@Sun.COM 565*12720SWyllys.Ingersoll@Sun.COM char sClusterFile[KMS_MAX_FILE_NAME+1] = ""; 566*12720SWyllys.Ingersoll@Sun.COM strncpy( sClusterFile, sFullProfileDir, KMS_MAX_FILE_NAME ); 567*12720SWyllys.Ingersoll@Sun.COM sClusterFile[KMS_MAX_FILE_NAME] = '\0'; 568*12720SWyllys.Ingersoll@Sun.COM strncat( sClusterFile, PROFILE_CLUSTER_CONFIG_FILE, KMS_MAX_FILE_NAME ); 569*12720SWyllys.Ingersoll@Sun.COM 570*12720SWyllys.Ingersoll@Sun.COM #if defined(DEBUG_TRACE) && defined(METAWARE) 571*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE_ENTRY *trace = NULL; 572*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE( trace, StoreCluster ); 573*12720SWyllys.Ingersoll@Sun.COM #endif 574*12720SWyllys.Ingersoll@Sun.COM 575*12720SWyllys.Ingersoll@Sun.COM 576*12720SWyllys.Ingersoll@Sun.COM fp = fopen(sClusterFile, "w"); 577*12720SWyllys.Ingersoll@Sun.COM if (fp == NULL) 578*12720SWyllys.Ingersoll@Sun.COM { 579*12720SWyllys.Ingersoll@Sun.COM LogError(i_pProfile, 580*12720SWyllys.Ingersoll@Sun.COM AUDIT_CLIENT_SAVE_CLUSTER_INFORMATION_OPEN_CLUSTER_FILE_FAILED, 581*12720SWyllys.Ingersoll@Sun.COM NULL, 582*12720SWyllys.Ingersoll@Sun.COM NULL, 583*12720SWyllys.Ingersoll@Sun.COM sClusterFile ); 584*12720SWyllys.Ingersoll@Sun.COM return false; 585*12720SWyllys.Ingersoll@Sun.COM } 586*12720SWyllys.Ingersoll@Sun.COM 587*12720SWyllys.Ingersoll@Sun.COM #ifdef K_SOLARIS_PLATFORM 588*12720SWyllys.Ingersoll@Sun.COM int fd = fileno(fp); 589*12720SWyllys.Ingersoll@Sun.COM (void) flock_fd(fd, F_WRLCK, &clusterfl, &cluster_mutex); 590*12720SWyllys.Ingersoll@Sun.COM #endif 591*12720SWyllys.Ingersoll@Sun.COM 592*12720SWyllys.Ingersoll@Sun.COM sp += K_snprintf(sp, sizeof(g_sStringbuf), "EntitySiteID=%s\n\n", i_pProfile->m_wsEntitySiteID); 593*12720SWyllys.Ingersoll@Sun.COM 594*12720SWyllys.Ingersoll@Sun.COM for (int i = 0; i < i_pProfile->m_iClusterNum; i++) 595*12720SWyllys.Ingersoll@Sun.COM { 596*12720SWyllys.Ingersoll@Sun.COM if ( i > 0 ) 597*12720SWyllys.Ingersoll@Sun.COM { 598*12720SWyllys.Ingersoll@Sun.COM sp += K_snprintf(sp, sizeof(g_sStringbuf), "\n"); 599*12720SWyllys.Ingersoll@Sun.COM } 600*12720SWyllys.Ingersoll@Sun.COM 601*12720SWyllys.Ingersoll@Sun.COM if (( sCount = K_snprintf(sp, sizeof(g_sStringbuf),"<StartAppliance>\n")) < 0 ) 602*12720SWyllys.Ingersoll@Sun.COM { 603*12720SWyllys.Ingersoll@Sun.COM #ifdef K_SOLARIS_PLATFORM 604*12720SWyllys.Ingersoll@Sun.COM (void) flock_fd(fd, F_UNLCK, &clusterfl, &cluster_mutex); 605*12720SWyllys.Ingersoll@Sun.COM #endif 606*12720SWyllys.Ingersoll@Sun.COM fclose(fp); 607*12720SWyllys.Ingersoll@Sun.COM return false; } 608*12720SWyllys.Ingersoll@Sun.COM sp += sCount; 609*12720SWyllys.Ingersoll@Sun.COM 610*12720SWyllys.Ingersoll@Sun.COM #ifdef WIN32 611*12720SWyllys.Ingersoll@Sun.COM if (( sCount = K_snprintf(sp, sizeof(g_sStringbuf), "ApplianceID=%I64d\n", 612*12720SWyllys.Ingersoll@Sun.COM i_pProfile->m_aCluster[i].m_lApplianceID)) < 0 ) 613*12720SWyllys.Ingersoll@Sun.COM { fclose(fp); return false; } 614*12720SWyllys.Ingersoll@Sun.COM sp += sCount; 615*12720SWyllys.Ingersoll@Sun.COM 616*12720SWyllys.Ingersoll@Sun.COM #else 617*12720SWyllys.Ingersoll@Sun.COM if (( sCount = K_snprintf(sp, sizeof(g_sStringbuf), "ApplianceID=%lld\n", 618*12720SWyllys.Ingersoll@Sun.COM i_pProfile->m_aCluster[i].m_lApplianceID)) < 0 ) 619*12720SWyllys.Ingersoll@Sun.COM { 620*12720SWyllys.Ingersoll@Sun.COM #ifdef K_SOLARIS_PLATFORM 621*12720SWyllys.Ingersoll@Sun.COM (void) flock_fd(fd, F_UNLCK, &clusterfl, &cluster_mutex); 622*12720SWyllys.Ingersoll@Sun.COM #endif 623*12720SWyllys.Ingersoll@Sun.COM fclose(fp); 624*12720SWyllys.Ingersoll@Sun.COM return false; } 625*12720SWyllys.Ingersoll@Sun.COM sp += sCount; 626*12720SWyllys.Ingersoll@Sun.COM #endif 627*12720SWyllys.Ingersoll@Sun.COM 628*12720SWyllys.Ingersoll@Sun.COM if (( sCount = K_snprintf(sp, sizeof(g_sStringbuf), "Enabled=%d\n", 629*12720SWyllys.Ingersoll@Sun.COM i_pProfile->m_aCluster[i].m_iEnabled)) < 0 ) 630*12720SWyllys.Ingersoll@Sun.COM { 631*12720SWyllys.Ingersoll@Sun.COM #ifdef K_SOLARIS_PLATFORM 632*12720SWyllys.Ingersoll@Sun.COM (void) flock_fd(fd, F_UNLCK, &clusterfl, &cluster_mutex); 633*12720SWyllys.Ingersoll@Sun.COM #endif 634*12720SWyllys.Ingersoll@Sun.COM fclose(fp); 635*12720SWyllys.Ingersoll@Sun.COM return false; } 636*12720SWyllys.Ingersoll@Sun.COM sp += sCount; 637*12720SWyllys.Ingersoll@Sun.COM 638*12720SWyllys.Ingersoll@Sun.COM if (( sCount = K_snprintf(sp, sizeof(g_sStringbuf), "Responding=%d\n", 639*12720SWyllys.Ingersoll@Sun.COM i_pProfile->m_aCluster[i].m_iResponding)) < 0 ) 640*12720SWyllys.Ingersoll@Sun.COM { 641*12720SWyllys.Ingersoll@Sun.COM #ifdef K_SOLARIS_PLATFORM 642*12720SWyllys.Ingersoll@Sun.COM (void) flock_fd(fd, F_UNLCK, &clusterfl, &cluster_mutex); 643*12720SWyllys.Ingersoll@Sun.COM #endif 644*12720SWyllys.Ingersoll@Sun.COM fclose(fp); 645*12720SWyllys.Ingersoll@Sun.COM return false; } 646*12720SWyllys.Ingersoll@Sun.COM sp += sCount; 647*12720SWyllys.Ingersoll@Sun.COM 648*12720SWyllys.Ingersoll@Sun.COM if (( sCount = K_snprintf(sp, sizeof(g_sStringbuf), "Load=%lld\n", 649*12720SWyllys.Ingersoll@Sun.COM i_pProfile->m_aCluster[i].m_lLoad)) < 0 ) 650*12720SWyllys.Ingersoll@Sun.COM { 651*12720SWyllys.Ingersoll@Sun.COM #ifdef K_SOLARIS_PLATFORM 652*12720SWyllys.Ingersoll@Sun.COM (void) flock_fd(fd, F_UNLCK, &clusterfl, &cluster_mutex); 653*12720SWyllys.Ingersoll@Sun.COM #endif 654*12720SWyllys.Ingersoll@Sun.COM fclose(fp); 655*12720SWyllys.Ingersoll@Sun.COM return false; } 656*12720SWyllys.Ingersoll@Sun.COM sp += sCount; 657*12720SWyllys.Ingersoll@Sun.COM 658*12720SWyllys.Ingersoll@Sun.COM if (( sCount = K_snprintf(sp, sizeof(g_sStringbuf), "ApplianceAlias=%s\n", 659*12720SWyllys.Ingersoll@Sun.COM i_pProfile->m_aCluster[i].m_wsApplianceAlias)) < 0 ) 660*12720SWyllys.Ingersoll@Sun.COM { 661*12720SWyllys.Ingersoll@Sun.COM #ifdef K_SOLARIS_PLATFORM 662*12720SWyllys.Ingersoll@Sun.COM (void) flock_fd(fd, F_UNLCK, &clusterfl, &cluster_mutex); 663*12720SWyllys.Ingersoll@Sun.COM #endif 664*12720SWyllys.Ingersoll@Sun.COM fclose(fp); 665*12720SWyllys.Ingersoll@Sun.COM return false; } 666*12720SWyllys.Ingersoll@Sun.COM sp += sCount; 667*12720SWyllys.Ingersoll@Sun.COM 668*12720SWyllys.Ingersoll@Sun.COM if (( sCount = K_snprintf(sp, sizeof(g_sStringbuf), "ApplianceNetworkAddress=%s\n", 669*12720SWyllys.Ingersoll@Sun.COM i_pProfile->m_aCluster[i].m_wsApplianceNetworkAddress)) < 0 ) 670*12720SWyllys.Ingersoll@Sun.COM { 671*12720SWyllys.Ingersoll@Sun.COM #ifdef K_SOLARIS_PLATFORM 672*12720SWyllys.Ingersoll@Sun.COM (void) flock_fd(fd, F_UNLCK, &clusterfl, &cluster_mutex); 673*12720SWyllys.Ingersoll@Sun.COM #endif 674*12720SWyllys.Ingersoll@Sun.COM fclose(fp); 675*12720SWyllys.Ingersoll@Sun.COM return false; } 676*12720SWyllys.Ingersoll@Sun.COM sp += sCount; 677*12720SWyllys.Ingersoll@Sun.COM 678*12720SWyllys.Ingersoll@Sun.COM if (( sCount = K_snprintf(sp, sizeof(g_sStringbuf), "ApplianceSiteID=%s\n", 679*12720SWyllys.Ingersoll@Sun.COM i_pProfile->m_aCluster[i].m_wsApplianceSiteID)) < 0 ) 680*12720SWyllys.Ingersoll@Sun.COM { 681*12720SWyllys.Ingersoll@Sun.COM #ifdef K_SOLARIS_PLATFORM 682*12720SWyllys.Ingersoll@Sun.COM (void) flock_fd(fd, F_UNLCK, &clusterfl, &cluster_mutex); 683*12720SWyllys.Ingersoll@Sun.COM #endif 684*12720SWyllys.Ingersoll@Sun.COM fclose(fp); 685*12720SWyllys.Ingersoll@Sun.COM return false; } 686*12720SWyllys.Ingersoll@Sun.COM sp += sCount; 687*12720SWyllys.Ingersoll@Sun.COM 688*12720SWyllys.Ingersoll@Sun.COM if (( sCount = K_snprintf(sp, sizeof(g_sStringbuf), "KMAVersion=%s\n", 689*12720SWyllys.Ingersoll@Sun.COM i_pProfile->m_aCluster[i].m_sKMAVersion)) < 0 ) 690*12720SWyllys.Ingersoll@Sun.COM { 691*12720SWyllys.Ingersoll@Sun.COM #ifdef K_SOLARIS_PLATFORM 692*12720SWyllys.Ingersoll@Sun.COM (void) flock_fd(fd, F_UNLCK, &clusterfl, &cluster_mutex); 693*12720SWyllys.Ingersoll@Sun.COM #endif 694*12720SWyllys.Ingersoll@Sun.COM fclose(fp); 695*12720SWyllys.Ingersoll@Sun.COM return false; } 696*12720SWyllys.Ingersoll@Sun.COM sp += sCount; 697*12720SWyllys.Ingersoll@Sun.COM 698*12720SWyllys.Ingersoll@Sun.COM if (( sCount = K_snprintf(sp, sizeof(g_sStringbuf), "KMALocked=%d\n", 699*12720SWyllys.Ingersoll@Sun.COM i_pProfile->m_aCluster[i].m_iKMALocked)) < 0 ) 700*12720SWyllys.Ingersoll@Sun.COM { 701*12720SWyllys.Ingersoll@Sun.COM #ifdef K_SOLARIS_PLATFORM 702*12720SWyllys.Ingersoll@Sun.COM (void) flock_fd(fd, F_UNLCK, &clusterfl, &cluster_mutex); 703*12720SWyllys.Ingersoll@Sun.COM #endif 704*12720SWyllys.Ingersoll@Sun.COM fclose(fp); 705*12720SWyllys.Ingersoll@Sun.COM return false; } 706*12720SWyllys.Ingersoll@Sun.COM sp += sCount; 707*12720SWyllys.Ingersoll@Sun.COM 708*12720SWyllys.Ingersoll@Sun.COM if (( sCount = K_snprintf(sp, sizeof(g_sStringbuf), "<EndAppliance>\n")) < 0 ) 709*12720SWyllys.Ingersoll@Sun.COM { 710*12720SWyllys.Ingersoll@Sun.COM #ifdef K_SOLARIS_PLATFORM 711*12720SWyllys.Ingersoll@Sun.COM (void) flock_fd(fd, F_UNLCK, &clusterfl, &cluster_mutex); 712*12720SWyllys.Ingersoll@Sun.COM #endif 713*12720SWyllys.Ingersoll@Sun.COM fclose(fp); 714*12720SWyllys.Ingersoll@Sun.COM return false; } 715*12720SWyllys.Ingersoll@Sun.COM sp += sCount; 716*12720SWyllys.Ingersoll@Sun.COM } 717*12720SWyllys.Ingersoll@Sun.COM 718*12720SWyllys.Ingersoll@Sun.COM fputs(g_sStringbuf, fp); 719*12720SWyllys.Ingersoll@Sun.COM #ifdef K_SOLARIS_PLATFORM 720*12720SWyllys.Ingersoll@Sun.COM (void) flock_fd(fd, F_UNLCK, &clusterfl, &cluster_mutex); 721*12720SWyllys.Ingersoll@Sun.COM #endif 722*12720SWyllys.Ingersoll@Sun.COM fclose(fp); 723*12720SWyllys.Ingersoll@Sun.COM Log(AUDIT_CLIENT_SAVE_CLUSTER_INFORMATION_SUCCEEDED, 724*12720SWyllys.Ingersoll@Sun.COM NULL, 725*12720SWyllys.Ingersoll@Sun.COM NULL, 726*12720SWyllys.Ingersoll@Sun.COM NULL ); 727*12720SWyllys.Ingersoll@Sun.COM 728*12720SWyllys.Ingersoll@Sun.COM return true; 729*12720SWyllys.Ingersoll@Sun.COM } 730*12720SWyllys.Ingersoll@Sun.COM 731*12720SWyllys.Ingersoll@Sun.COM /*! GetConfig 732*12720SWyllys.Ingersoll@Sun.COM * get the configuration file from persistent storage 733*12720SWyllys.Ingersoll@Sun.COM */ 734*12720SWyllys.Ingersoll@Sun.COM bool GetConfig( 735*12720SWyllys.Ingersoll@Sun.COM KMSClientProfile* const io_pProfile ) 736*12720SWyllys.Ingersoll@Sun.COM { 737*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( io_pProfile ); 738*12720SWyllys.Ingersoll@Sun.COM char sFullProfileDir[KMS_MAX_FILE_NAME+1]; 739*12720SWyllys.Ingersoll@Sun.COM 740*12720SWyllys.Ingersoll@Sun.COM BuildFullProfilePath( sFullProfileDir, 741*12720SWyllys.Ingersoll@Sun.COM g_sWorkingDirectory, 742*12720SWyllys.Ingersoll@Sun.COM io_pProfile->m_wsProfileName ); 743*12720SWyllys.Ingersoll@Sun.COM 744*12720SWyllys.Ingersoll@Sun.COM char sConfigFile[KMS_MAX_FILE_NAME+1]; 745*12720SWyllys.Ingersoll@Sun.COM 746*12720SWyllys.Ingersoll@Sun.COM strncpy( sConfigFile, sFullProfileDir, KMS_MAX_FILE_NAME ); 747*12720SWyllys.Ingersoll@Sun.COM sConfigFile[KMS_MAX_FILE_NAME] = '\0'; 748*12720SWyllys.Ingersoll@Sun.COM strncat( sConfigFile, PROFILE_CONFIG_FILE, KMS_MAX_FILE_NAME ); 749*12720SWyllys.Ingersoll@Sun.COM 750*12720SWyllys.Ingersoll@Sun.COM return Profile_ReadConfigFile( io_pProfile, sConfigFile ); 751*12720SWyllys.Ingersoll@Sun.COM } 752*12720SWyllys.Ingersoll@Sun.COM 753*12720SWyllys.Ingersoll@Sun.COM /** GetCluster 754*12720SWyllys.Ingersoll@Sun.COM * get the cluster information from persistent storage 755*12720SWyllys.Ingersoll@Sun.COM */ 756*12720SWyllys.Ingersoll@Sun.COM bool GetCluster( 757*12720SWyllys.Ingersoll@Sun.COM KMSClientProfile* const io_pProfile, 758*12720SWyllys.Ingersoll@Sun.COM int& o_bClusterInformationFound ) 759*12720SWyllys.Ingersoll@Sun.COM 760*12720SWyllys.Ingersoll@Sun.COM { 761*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( io_pProfile ); 762*12720SWyllys.Ingersoll@Sun.COM 763*12720SWyllys.Ingersoll@Sun.COM const int iMaxLineSize = 1024; 764*12720SWyllys.Ingersoll@Sun.COM 765*12720SWyllys.Ingersoll@Sun.COM myFILE *fp; 766*12720SWyllys.Ingersoll@Sun.COM char acBuffer[iMaxLineSize+1]; 767*12720SWyllys.Ingersoll@Sun.COM char sFullProfileDir[KMS_MAX_FILE_NAME+1]; 768*12720SWyllys.Ingersoll@Sun.COM 769*12720SWyllys.Ingersoll@Sun.COM BuildFullProfilePath( sFullProfileDir, 770*12720SWyllys.Ingersoll@Sun.COM g_sWorkingDirectory, 771*12720SWyllys.Ingersoll@Sun.COM io_pProfile->m_wsProfileName ); 772*12720SWyllys.Ingersoll@Sun.COM 773*12720SWyllys.Ingersoll@Sun.COM char sClusterFile[KMS_MAX_FILE_NAME+1]; 774*12720SWyllys.Ingersoll@Sun.COM 775*12720SWyllys.Ingersoll@Sun.COM #if defined(DEBUG_TRACE) && defined(METAWARE) 776*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE_ENTRY *trace = NULL; 777*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE( trace, GetCluster ); 778*12720SWyllys.Ingersoll@Sun.COM #endif 779*12720SWyllys.Ingersoll@Sun.COM 780*12720SWyllys.Ingersoll@Sun.COM strncpy( sClusterFile, sFullProfileDir, KMS_MAX_FILE_NAME ); 781*12720SWyllys.Ingersoll@Sun.COM sClusterFile[KMS_MAX_FILE_NAME] = '\0'; 782*12720SWyllys.Ingersoll@Sun.COM strncat( sClusterFile, PROFILE_CLUSTER_CONFIG_FILE, KMS_MAX_FILE_NAME ); 783*12720SWyllys.Ingersoll@Sun.COM 784*12720SWyllys.Ingersoll@Sun.COM fp = fopen( sClusterFile, "r" ); 785*12720SWyllys.Ingersoll@Sun.COM 786*12720SWyllys.Ingersoll@Sun.COM if ( fp == NULL ) 787*12720SWyllys.Ingersoll@Sun.COM { 788*12720SWyllys.Ingersoll@Sun.COM #ifdef METAWARE 789*12720SWyllys.Ingersoll@Sun.COM // Assume file doesn't exist. This isn't an error (no support for 790*12720SWyllys.Ingersoll@Sun.COM // errno in metaware). 791*12720SWyllys.Ingersoll@Sun.COM o_bClusterInformationFound = 0; 792*12720SWyllys.Ingersoll@Sun.COM return true; 793*12720SWyllys.Ingersoll@Sun.COM #else 794*12720SWyllys.Ingersoll@Sun.COM if ( errno == ENOENT ) 795*12720SWyllys.Ingersoll@Sun.COM { 796*12720SWyllys.Ingersoll@Sun.COM // File doesn't exist. This isn't an error. 797*12720SWyllys.Ingersoll@Sun.COM o_bClusterInformationFound = 0; 798*12720SWyllys.Ingersoll@Sun.COM return true; 799*12720SWyllys.Ingersoll@Sun.COM } 800*12720SWyllys.Ingersoll@Sun.COM 801*12720SWyllys.Ingersoll@Sun.COM LogError(io_pProfile, 802*12720SWyllys.Ingersoll@Sun.COM AUDIT_CLIENT_LOAD_CLUSTER_INFORMATION_OPEN_CLUSTER_FILE_FAILED, 803*12720SWyllys.Ingersoll@Sun.COM NULL, 804*12720SWyllys.Ingersoll@Sun.COM NULL, 805*12720SWyllys.Ingersoll@Sun.COM sClusterFile ); 806*12720SWyllys.Ingersoll@Sun.COM return false; 807*12720SWyllys.Ingersoll@Sun.COM #endif 808*12720SWyllys.Ingersoll@Sun.COM } 809*12720SWyllys.Ingersoll@Sun.COM 810*12720SWyllys.Ingersoll@Sun.COM #ifdef K_SOLARIS_PLATFORM 811*12720SWyllys.Ingersoll@Sun.COM int fd = fileno(fp); 812*12720SWyllys.Ingersoll@Sun.COM (void) flock_fd(fd, F_WRLCK, &clusterfl, &cluster_mutex); 813*12720SWyllys.Ingersoll@Sun.COM #endif 814*12720SWyllys.Ingersoll@Sun.COM 815*12720SWyllys.Ingersoll@Sun.COM o_bClusterInformationFound = 1; 816*12720SWyllys.Ingersoll@Sun.COM int i; 817*12720SWyllys.Ingersoll@Sun.COM // KMAVersion is new to Cluster config with 2.1 KMS and will not exist 818*12720SWyllys.Ingersoll@Sun.COM // in persisted cluster configs from earlier agents 819*12720SWyllys.Ingersoll@Sun.COM for ( i = 0; i < KMS_MAX_CLUSTER_NUM; i++ ) 820*12720SWyllys.Ingersoll@Sun.COM { 821*12720SWyllys.Ingersoll@Sun.COM io_pProfile->m_aCluster[i].m_sKMAVersion[0] = '\0'; 822*12720SWyllys.Ingersoll@Sun.COM } 823*12720SWyllys.Ingersoll@Sun.COM 824*12720SWyllys.Ingersoll@Sun.COM int iClusterNum = 0; 825*12720SWyllys.Ingersoll@Sun.COM // read file one line by one line 826*12720SWyllys.Ingersoll@Sun.COM while(1) 827*12720SWyllys.Ingersoll@Sun.COM { 828*12720SWyllys.Ingersoll@Sun.COM int i; 829*12720SWyllys.Ingersoll@Sun.COM char *pName, *pValue; 830*12720SWyllys.Ingersoll@Sun.COM 831*12720SWyllys.Ingersoll@Sun.COM memset(acBuffer, 0, iMaxLineSize+1); 832*12720SWyllys.Ingersoll@Sun.COM 833*12720SWyllys.Ingersoll@Sun.COM // get info from the file 834*12720SWyllys.Ingersoll@Sun.COM if(fgets(acBuffer, iMaxLineSize+1, fp) == NULL) 835*12720SWyllys.Ingersoll@Sun.COM break; 836*12720SWyllys.Ingersoll@Sun.COM 837*12720SWyllys.Ingersoll@Sun.COM if(strlen(acBuffer) < 3) 838*12720SWyllys.Ingersoll@Sun.COM continue; 839*12720SWyllys.Ingersoll@Sun.COM 840*12720SWyllys.Ingersoll@Sun.COM if(acBuffer[0] == '#' || 841*12720SWyllys.Ingersoll@Sun.COM acBuffer[0] == ';' || 842*12720SWyllys.Ingersoll@Sun.COM acBuffer[0] == '[') // jump comments 843*12720SWyllys.Ingersoll@Sun.COM continue; 844*12720SWyllys.Ingersoll@Sun.COM 845*12720SWyllys.Ingersoll@Sun.COM pName = acBuffer; pValue = NULL; 846*12720SWyllys.Ingersoll@Sun.COM for(i = 0; acBuffer[i] != '\0'; i++) 847*12720SWyllys.Ingersoll@Sun.COM { 848*12720SWyllys.Ingersoll@Sun.COM if(acBuffer[i] == '=') 849*12720SWyllys.Ingersoll@Sun.COM pValue = acBuffer + i + 1; 850*12720SWyllys.Ingersoll@Sun.COM 851*12720SWyllys.Ingersoll@Sun.COM if(acBuffer[i] == '=' || 852*12720SWyllys.Ingersoll@Sun.COM acBuffer[i] == '\r' || 853*12720SWyllys.Ingersoll@Sun.COM acBuffer[i] == '\n') 854*12720SWyllys.Ingersoll@Sun.COM acBuffer[i] = '\0'; 855*12720SWyllys.Ingersoll@Sun.COM } 856*12720SWyllys.Ingersoll@Sun.COM 857*12720SWyllys.Ingersoll@Sun.COM if(strcmp(pName, "<StartAppliance>") == 0) 858*12720SWyllys.Ingersoll@Sun.COM { 859*12720SWyllys.Ingersoll@Sun.COM continue; 860*12720SWyllys.Ingersoll@Sun.COM } 861*12720SWyllys.Ingersoll@Sun.COM if(strcmp(pName, "<EndAppliance>") == 0) 862*12720SWyllys.Ingersoll@Sun.COM { 863*12720SWyllys.Ingersoll@Sun.COM iClusterNum++; 864*12720SWyllys.Ingersoll@Sun.COM } 865*12720SWyllys.Ingersoll@Sun.COM 866*12720SWyllys.Ingersoll@Sun.COM if(pValue == NULL) 867*12720SWyllys.Ingersoll@Sun.COM { 868*12720SWyllys.Ingersoll@Sun.COM if(strcmp(pName,"<StartAppliance>") == 0) 869*12720SWyllys.Ingersoll@Sun.COM continue; 870*12720SWyllys.Ingersoll@Sun.COM 871*12720SWyllys.Ingersoll@Sun.COM if(strcmp(pName,"<EndAppliance>") == 0) 872*12720SWyllys.Ingersoll@Sun.COM continue; 873*12720SWyllys.Ingersoll@Sun.COM 874*12720SWyllys.Ingersoll@Sun.COM #ifdef K_SOLARIS_PLATFORM 875*12720SWyllys.Ingersoll@Sun.COM (void) flock_fd(fd, F_UNLCK, &clusterfl, &cluster_mutex); 876*12720SWyllys.Ingersoll@Sun.COM #endif 877*12720SWyllys.Ingersoll@Sun.COM fclose(fp); 878*12720SWyllys.Ingersoll@Sun.COM 879*12720SWyllys.Ingersoll@Sun.COM LogError(io_pProfile, 880*12720SWyllys.Ingersoll@Sun.COM AUDIT_CLIENT_LOAD_CLUSTER_INFORMATION_INVALID_CLUSTER_FILE_FORMAT, 881*12720SWyllys.Ingersoll@Sun.COM NULL, 882*12720SWyllys.Ingersoll@Sun.COM NULL, 883*12720SWyllys.Ingersoll@Sun.COM sClusterFile ); 884*12720SWyllys.Ingersoll@Sun.COM return false; 885*12720SWyllys.Ingersoll@Sun.COM } 886*12720SWyllys.Ingersoll@Sun.COM 887*12720SWyllys.Ingersoll@Sun.COM if(strcmp(pName, "EntitySiteID") == 0) 888*12720SWyllys.Ingersoll@Sun.COM { 889*12720SWyllys.Ingersoll@Sun.COM utf8cstr wsValue = pValue; 890*12720SWyllys.Ingersoll@Sun.COM strncpy(io_pProfile->m_wsEntitySiteID, wsValue, KMS_MAX_ENTITY_SITE_ID); 891*12720SWyllys.Ingersoll@Sun.COM io_pProfile->m_wsEntitySiteID[KMS_MAX_ENTITY_SITE_ID] = 0; 892*12720SWyllys.Ingersoll@Sun.COM } 893*12720SWyllys.Ingersoll@Sun.COM 894*12720SWyllys.Ingersoll@Sun.COM 895*12720SWyllys.Ingersoll@Sun.COM if(strcmp(pName, "ApplianceID") == 0) 896*12720SWyllys.Ingersoll@Sun.COM { 897*12720SWyllys.Ingersoll@Sun.COM #ifdef WIN32 898*12720SWyllys.Ingersoll@Sun.COM sscanf(pValue, "%lld", 899*12720SWyllys.Ingersoll@Sun.COM &(io_pProfile->m_aCluster[iClusterNum].m_lApplianceID)); 900*12720SWyllys.Ingersoll@Sun.COM #else 901*12720SWyllys.Ingersoll@Sun.COM sscanf(pValue, "%lld", 902*12720SWyllys.Ingersoll@Sun.COM &(io_pProfile->m_aCluster[iClusterNum].m_lApplianceID)); 903*12720SWyllys.Ingersoll@Sun.COM #endif 904*12720SWyllys.Ingersoll@Sun.COM } 905*12720SWyllys.Ingersoll@Sun.COM if(strcmp(pName, "Enabled") == 0) 906*12720SWyllys.Ingersoll@Sun.COM { 907*12720SWyllys.Ingersoll@Sun.COM sscanf(pValue, "%d", 908*12720SWyllys.Ingersoll@Sun.COM &(io_pProfile->m_aCluster[iClusterNum].m_iEnabled)); 909*12720SWyllys.Ingersoll@Sun.COM } 910*12720SWyllys.Ingersoll@Sun.COM 911*12720SWyllys.Ingersoll@Sun.COM // assume it is responding by default 912*12720SWyllys.Ingersoll@Sun.COM io_pProfile->m_aCluster[iClusterNum]. 913*12720SWyllys.Ingersoll@Sun.COM m_iResponding = TRUE; 914*12720SWyllys.Ingersoll@Sun.COM 915*12720SWyllys.Ingersoll@Sun.COM if(strcmp(pName, "Load") == 0) 916*12720SWyllys.Ingersoll@Sun.COM { 917*12720SWyllys.Ingersoll@Sun.COM sscanf(pValue, "%lld", 918*12720SWyllys.Ingersoll@Sun.COM &(io_pProfile->m_aCluster[iClusterNum].m_lLoad)); 919*12720SWyllys.Ingersoll@Sun.COM } 920*12720SWyllys.Ingersoll@Sun.COM if(strcmp(pName, "ApplianceAlias") == 0) 921*12720SWyllys.Ingersoll@Sun.COM { 922*12720SWyllys.Ingersoll@Sun.COM utf8cstr wsValue = pValue; 923*12720SWyllys.Ingersoll@Sun.COM strncpy(io_pProfile->m_aCluster[iClusterNum].m_wsApplianceAlias, 924*12720SWyllys.Ingersoll@Sun.COM wsValue, 925*12720SWyllys.Ingersoll@Sun.COM KMS_MAX_ENTITY_ID); 926*12720SWyllys.Ingersoll@Sun.COM io_pProfile->m_aCluster[iClusterNum]. 927*12720SWyllys.Ingersoll@Sun.COM m_wsApplianceAlias[KMS_MAX_ENTITY_ID] = 0; 928*12720SWyllys.Ingersoll@Sun.COM 929*12720SWyllys.Ingersoll@Sun.COM } 930*12720SWyllys.Ingersoll@Sun.COM if(strcmp(pName, "ApplianceNetworkAddress") == 0) 931*12720SWyllys.Ingersoll@Sun.COM { 932*12720SWyllys.Ingersoll@Sun.COM utf8cstr wsValue = pValue; 933*12720SWyllys.Ingersoll@Sun.COM strncpy(io_pProfile->m_aCluster[iClusterNum]. 934*12720SWyllys.Ingersoll@Sun.COM m_wsApplianceNetworkAddress, 935*12720SWyllys.Ingersoll@Sun.COM wsValue, 936*12720SWyllys.Ingersoll@Sun.COM KMS_MAX_NETWORK_ADDRESS); 937*12720SWyllys.Ingersoll@Sun.COM io_pProfile->m_aCluster[iClusterNum]. 938*12720SWyllys.Ingersoll@Sun.COM m_wsApplianceNetworkAddress[KMS_MAX_NETWORK_ADDRESS] = 0; 939*12720SWyllys.Ingersoll@Sun.COM } 940*12720SWyllys.Ingersoll@Sun.COM if(strcmp(pName, "ApplianceSiteID") == 0) 941*12720SWyllys.Ingersoll@Sun.COM { 942*12720SWyllys.Ingersoll@Sun.COM utf8cstr wsValue = pValue; 943*12720SWyllys.Ingersoll@Sun.COM strncpy(io_pProfile->m_aCluster[iClusterNum].m_wsApplianceSiteID, 944*12720SWyllys.Ingersoll@Sun.COM wsValue, 945*12720SWyllys.Ingersoll@Sun.COM KMS_MAX_ENTITY_SITE_ID); 946*12720SWyllys.Ingersoll@Sun.COM io_pProfile->m_aCluster[iClusterNum]. 947*12720SWyllys.Ingersoll@Sun.COM m_wsApplianceSiteID[KMS_MAX_ENTITY_SITE_ID] = 0; 948*12720SWyllys.Ingersoll@Sun.COM } 949*12720SWyllys.Ingersoll@Sun.COM if(strcmp(pName, "KMAVersion") == 0) 950*12720SWyllys.Ingersoll@Sun.COM { 951*12720SWyllys.Ingersoll@Sun.COM utf8cstr wsValue = pValue; 952*12720SWyllys.Ingersoll@Sun.COM strncpy(io_pProfile->m_aCluster[iClusterNum].m_sKMAVersion, 953*12720SWyllys.Ingersoll@Sun.COM wsValue, 954*12720SWyllys.Ingersoll@Sun.COM KMS_MAX_VERSION_LENGTH); 955*12720SWyllys.Ingersoll@Sun.COM io_pProfile->m_aCluster[iClusterNum]. 956*12720SWyllys.Ingersoll@Sun.COM m_sKMAVersion[KMS_MAX_VERSION_LENGTH] = '\0'; 957*12720SWyllys.Ingersoll@Sun.COM } 958*12720SWyllys.Ingersoll@Sun.COM if(strcmp(pName, "KMALocked") == 0) 959*12720SWyllys.Ingersoll@Sun.COM { 960*12720SWyllys.Ingersoll@Sun.COM sscanf(pValue, "%d", 961*12720SWyllys.Ingersoll@Sun.COM &(io_pProfile->m_aCluster[iClusterNum].m_iKMALocked)); 962*12720SWyllys.Ingersoll@Sun.COM } 963*12720SWyllys.Ingersoll@Sun.COM } 964*12720SWyllys.Ingersoll@Sun.COM io_pProfile->m_iClusterNum = iClusterNum; 965*12720SWyllys.Ingersoll@Sun.COM 966*12720SWyllys.Ingersoll@Sun.COM #ifdef K_SOLARIS_PLATFORM 967*12720SWyllys.Ingersoll@Sun.COM (void) flock_fd(fd, F_UNLCK, &clusterfl, &cluster_mutex); 968*12720SWyllys.Ingersoll@Sun.COM #endif 969*12720SWyllys.Ingersoll@Sun.COM fclose(fp); 970*12720SWyllys.Ingersoll@Sun.COM 971*12720SWyllys.Ingersoll@Sun.COM return true; 972*12720SWyllys.Ingersoll@Sun.COM } 973*12720SWyllys.Ingersoll@Sun.COM 974*12720SWyllys.Ingersoll@Sun.COM /*! DeleteCluster 975*12720SWyllys.Ingersoll@Sun.COM * 976*12720SWyllys.Ingersoll@Sun.COM */ 977*12720SWyllys.Ingersoll@Sun.COM bool DeleteCluster( KMSClientProfile* const io_pProfile ) 978*12720SWyllys.Ingersoll@Sun.COM { 979*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( io_pProfile ); 980*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( io_pProfile->m_wsProfileName ); 981*12720SWyllys.Ingersoll@Sun.COM 982*12720SWyllys.Ingersoll@Sun.COM #if defined(DEBUG_TRACE) && defined(METAWARE) 983*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE_ENTRY *trace = NULL; 984*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE( trace, DeleteCluster ); 985*12720SWyllys.Ingersoll@Sun.COM #endif 986*12720SWyllys.Ingersoll@Sun.COM 987*12720SWyllys.Ingersoll@Sun.COM bool bSuccess = true; 988*12720SWyllys.Ingersoll@Sun.COM char sFullProfileDir[KMS_MAX_FILE_NAME]; 989*12720SWyllys.Ingersoll@Sun.COM char sClusterInformationFile[KMS_MAX_FILE_NAME]; 990*12720SWyllys.Ingersoll@Sun.COM 991*12720SWyllys.Ingersoll@Sun.COM BuildFullProfilePathWithName( sFullProfileDir, g_sWorkingDirectory, 992*12720SWyllys.Ingersoll@Sun.COM io_pProfile->m_wsProfileName ); 993*12720SWyllys.Ingersoll@Sun.COM 994*12720SWyllys.Ingersoll@Sun.COM strcpy( sClusterInformationFile, sFullProfileDir ); 995*12720SWyllys.Ingersoll@Sun.COM strncat( sClusterInformationFile, PROFILE_CLUSTER_CONFIG_FILE, 996*12720SWyllys.Ingersoll@Sun.COM KMS_MAX_FILE_NAME ); 997*12720SWyllys.Ingersoll@Sun.COM 998*12720SWyllys.Ingersoll@Sun.COM myFILE* pfFile = fopen( sClusterInformationFile, "rb" ); 999*12720SWyllys.Ingersoll@Sun.COM 1000*12720SWyllys.Ingersoll@Sun.COM if ( pfFile != NULL ) 1001*12720SWyllys.Ingersoll@Sun.COM { 1002*12720SWyllys.Ingersoll@Sun.COM fclose(pfFile); 1003*12720SWyllys.Ingersoll@Sun.COM if ( my_unlink(sClusterInformationFile) ) 1004*12720SWyllys.Ingersoll@Sun.COM bSuccess = false; 1005*12720SWyllys.Ingersoll@Sun.COM } 1006*12720SWyllys.Ingersoll@Sun.COM 1007*12720SWyllys.Ingersoll@Sun.COM return true; 1008*12720SWyllys.Ingersoll@Sun.COM } 1009*12720SWyllys.Ingersoll@Sun.COM 1010*12720SWyllys.Ingersoll@Sun.COM /*! StoreCACertificate 1011*12720SWyllys.Ingersoll@Sun.COM * Store CA Certificate to a persistent storage file 1012*12720SWyllys.Ingersoll@Sun.COM * @param i_pProfile 1013*12720SWyllys.Ingersoll@Sun.COM * @param i_pCACertificate 1014*12720SWyllys.Ingersoll@Sun.COM * 1015*12720SWyllys.Ingersoll@Sun.COM * @returns boolean success or failure 1016*12720SWyllys.Ingersoll@Sun.COM */ 1017*12720SWyllys.Ingersoll@Sun.COM bool StoreCACertificate( 1018*12720SWyllys.Ingersoll@Sun.COM KMSClientProfile* const i_pProfile, 1019*12720SWyllys.Ingersoll@Sun.COM CCertificate* const i_pCACertificate ) 1020*12720SWyllys.Ingersoll@Sun.COM { 1021*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( i_pProfile ); 1022*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( i_pCACertificate ); 1023*12720SWyllys.Ingersoll@Sun.COM 1024*12720SWyllys.Ingersoll@Sun.COM char sCACertificateFile[KMS_MAX_FILE_NAME]; 1025*12720SWyllys.Ingersoll@Sun.COM 1026*12720SWyllys.Ingersoll@Sun.COM #if defined(DEBUG_TRACE) && defined(METAWARE) 1027*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE_ENTRY *trace = NULL; 1028*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE( trace, StoreCACertificate ); 1029*12720SWyllys.Ingersoll@Sun.COM #endif 1030*12720SWyllys.Ingersoll@Sun.COM 1031*12720SWyllys.Ingersoll@Sun.COM BuildFullProfilePath( sCACertificateFile, 1032*12720SWyllys.Ingersoll@Sun.COM g_sWorkingDirectory, 1033*12720SWyllys.Ingersoll@Sun.COM i_pProfile->m_wsProfileName ); 1034*12720SWyllys.Ingersoll@Sun.COM 1035*12720SWyllys.Ingersoll@Sun.COM strncat( sCACertificateFile, CA_CERTIFICATE_FILE, KMS_MAX_FILE_NAME ); 1036*12720SWyllys.Ingersoll@Sun.COM 1037*12720SWyllys.Ingersoll@Sun.COM // OVERLOADED Save method - 2 parameters means save to a file 1038*12720SWyllys.Ingersoll@Sun.COM if ( !( i_pCACertificate->Save(sCACertificateFile, PKI_FORMAT)) ) 1039*12720SWyllys.Ingersoll@Sun.COM { 1040*12720SWyllys.Ingersoll@Sun.COM LogError(i_pProfile, 1041*12720SWyllys.Ingersoll@Sun.COM AUDIT_CLIENT_LOAD_PROFILE_SAVE_CA_CERTIFICATE_FAILED, 1042*12720SWyllys.Ingersoll@Sun.COM NULL, 1043*12720SWyllys.Ingersoll@Sun.COM NULL, 1044*12720SWyllys.Ingersoll@Sun.COM sCACertificateFile ); 1045*12720SWyllys.Ingersoll@Sun.COM return false; 1046*12720SWyllys.Ingersoll@Sun.COM } 1047*12720SWyllys.Ingersoll@Sun.COM return true; 1048*12720SWyllys.Ingersoll@Sun.COM 1049*12720SWyllys.Ingersoll@Sun.COM } 1050*12720SWyllys.Ingersoll@Sun.COM 1051*12720SWyllys.Ingersoll@Sun.COM /*! StoreAgentPKI 1052*12720SWyllys.Ingersoll@Sun.COM * Store Private Keys a persistent storage file 1053*12720SWyllys.Ingersoll@Sun.COM * 1054*12720SWyllys.Ingersoll@Sun.COM */ 1055*12720SWyllys.Ingersoll@Sun.COM #ifndef K_SOLARIS_PLATFORM 1056*12720SWyllys.Ingersoll@Sun.COM static 1057*12720SWyllys.Ingersoll@Sun.COM #endif 1058*12720SWyllys.Ingersoll@Sun.COM bool StoreAgentPKI( 1059*12720SWyllys.Ingersoll@Sun.COM KMSClientProfile* const i_pProfile, 1060*12720SWyllys.Ingersoll@Sun.COM CCertificate* const i_pAgentCertificate, 1061*12720SWyllys.Ingersoll@Sun.COM CPrivateKey* const i_pAgentPrivateKey, 1062*12720SWyllys.Ingersoll@Sun.COM const char* const i_sHexHashedPassphrase ) 1063*12720SWyllys.Ingersoll@Sun.COM { 1064*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( i_pProfile ); 1065*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( i_pAgentCertificate ); 1066*12720SWyllys.Ingersoll@Sun.COM 1067*12720SWyllys.Ingersoll@Sun.COM bool bSuccess; 1068*12720SWyllys.Ingersoll@Sun.COM char sClientKeyFile[KMS_MAX_FILE_NAME]; 1069*12720SWyllys.Ingersoll@Sun.COM 1070*12720SWyllys.Ingersoll@Sun.COM #if defined(DEBUG_TRACE) && defined(METAWARE) 1071*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE_ENTRY *trace = NULL; 1072*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE( trace, StoreAgentPKI ) ; 1073*12720SWyllys.Ingersoll@Sun.COM #endif 1074*12720SWyllys.Ingersoll@Sun.COM 1075*12720SWyllys.Ingersoll@Sun.COM BuildFullProfilePath( sClientKeyFile, 1076*12720SWyllys.Ingersoll@Sun.COM g_sWorkingDirectory, 1077*12720SWyllys.Ingersoll@Sun.COM i_pProfile->m_wsProfileName ); 1078*12720SWyllys.Ingersoll@Sun.COM 1079*12720SWyllys.Ingersoll@Sun.COM strncat( sClientKeyFile, 1080*12720SWyllys.Ingersoll@Sun.COM #ifdef KMSUSERPKCS12 1081*12720SWyllys.Ingersoll@Sun.COM CLIENT_PK12_FILE, 1082*12720SWyllys.Ingersoll@Sun.COM #else 1083*12720SWyllys.Ingersoll@Sun.COM CLIENT_KEY_FILE, 1084*12720SWyllys.Ingersoll@Sun.COM #endif 1085*12720SWyllys.Ingersoll@Sun.COM KMS_MAX_FILE_NAME ); 1086*12720SWyllys.Ingersoll@Sun.COM 1087*12720SWyllys.Ingersoll@Sun.COM CPKI oPKI; 1088*12720SWyllys.Ingersoll@Sun.COM 1089*12720SWyllys.Ingersoll@Sun.COM // save Certificate and Private Key to file named sClientKeyFile(CLIENT_KEY_FILE) 1090*12720SWyllys.Ingersoll@Sun.COM bSuccess = oPKI.ExportCertAndKeyToFile( 1091*12720SWyllys.Ingersoll@Sun.COM i_pAgentCertificate, 1092*12720SWyllys.Ingersoll@Sun.COM i_pAgentPrivateKey, 1093*12720SWyllys.Ingersoll@Sun.COM sClientKeyFile, 1094*12720SWyllys.Ingersoll@Sun.COM i_sHexHashedPassphrase, 1095*12720SWyllys.Ingersoll@Sun.COM #ifdef KMSUSERPKCS12 1096*12720SWyllys.Ingersoll@Sun.COM PKCS12_FORMAT 1097*12720SWyllys.Ingersoll@Sun.COM #else 1098*12720SWyllys.Ingersoll@Sun.COM PKI_FORMAT 1099*12720SWyllys.Ingersoll@Sun.COM #endif 1100*12720SWyllys.Ingersoll@Sun.COM ); 1101*12720SWyllys.Ingersoll@Sun.COM 1102*12720SWyllys.Ingersoll@Sun.COM if ( !bSuccess ) 1103*12720SWyllys.Ingersoll@Sun.COM { 1104*12720SWyllys.Ingersoll@Sun.COM LogError(i_pProfile, 1105*12720SWyllys.Ingersoll@Sun.COM AUDIT_CLIENT_LOAD_PROFILE_EXPORT_CERTIFICATE_AND_KEY_FAILED, 1106*12720SWyllys.Ingersoll@Sun.COM NULL, 1107*12720SWyllys.Ingersoll@Sun.COM NULL, 1108*12720SWyllys.Ingersoll@Sun.COM sClientKeyFile ); 1109*12720SWyllys.Ingersoll@Sun.COM } 1110*12720SWyllys.Ingersoll@Sun.COM return bSuccess; 1111*12720SWyllys.Ingersoll@Sun.COM } 1112*12720SWyllys.Ingersoll@Sun.COM 1113*12720SWyllys.Ingersoll@Sun.COM /*! StorePKIcerts 1114*12720SWyllys.Ingersoll@Sun.COM * Store PKI objects to persistent storage files 1115*12720SWyllys.Ingersoll@Sun.COM */ 1116*12720SWyllys.Ingersoll@Sun.COM bool StorePKIcerts( 1117*12720SWyllys.Ingersoll@Sun.COM KMSClientProfile* const io_pProfile, 1118*12720SWyllys.Ingersoll@Sun.COM CCertificate* const i_pCACertificate, 1119*12720SWyllys.Ingersoll@Sun.COM CCertificate* const i_pAgentCertificate, 1120*12720SWyllys.Ingersoll@Sun.COM CPrivateKey* const i_pAgentPrivateKey, 1121*12720SWyllys.Ingersoll@Sun.COM const char* const i_sHexHashedPassphrase ) 1122*12720SWyllys.Ingersoll@Sun.COM { 1123*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( io_pProfile ); 1124*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( i_pAgentCertificate ); 1125*12720SWyllys.Ingersoll@Sun.COM 1126*12720SWyllys.Ingersoll@Sun.COM bool bSuccess = false; 1127*12720SWyllys.Ingersoll@Sun.COM 1128*12720SWyllys.Ingersoll@Sun.COM bSuccess = StoreCACertificate( io_pProfile, i_pCACertificate ); 1129*12720SWyllys.Ingersoll@Sun.COM 1130*12720SWyllys.Ingersoll@Sun.COM if ( bSuccess ) 1131*12720SWyllys.Ingersoll@Sun.COM { 1132*12720SWyllys.Ingersoll@Sun.COM bSuccess = StoreAgentPKI( io_pProfile, 1133*12720SWyllys.Ingersoll@Sun.COM i_pAgentCertificate, 1134*12720SWyllys.Ingersoll@Sun.COM i_pAgentPrivateKey, 1135*12720SWyllys.Ingersoll@Sun.COM i_sHexHashedPassphrase ); 1136*12720SWyllys.Ingersoll@Sun.COM } 1137*12720SWyllys.Ingersoll@Sun.COM 1138*12720SWyllys.Ingersoll@Sun.COM if ( bSuccess ) 1139*12720SWyllys.Ingersoll@Sun.COM { 1140*12720SWyllys.Ingersoll@Sun.COM io_pProfile->m_iEnrolled = TRUE; 1141*12720SWyllys.Ingersoll@Sun.COM } 1142*12720SWyllys.Ingersoll@Sun.COM 1143*12720SWyllys.Ingersoll@Sun.COM return bSuccess; 1144*12720SWyllys.Ingersoll@Sun.COM } 1145*12720SWyllys.Ingersoll@Sun.COM 1146*12720SWyllys.Ingersoll@Sun.COM #ifdef KMSUSERPKCS12 1147*12720SWyllys.Ingersoll@Sun.COM 1148*12720SWyllys.Ingersoll@Sun.COM /* 1149*12720SWyllys.Ingersoll@Sun.COM * Test to see if the PKCS12 file exists. 1150*12720SWyllys.Ingersoll@Sun.COM */ 1151*12720SWyllys.Ingersoll@Sun.COM bool ClientKeyP12Exists(char *profileName) 1152*12720SWyllys.Ingersoll@Sun.COM { 1153*12720SWyllys.Ingersoll@Sun.COM bool bSuccess = true; 1154*12720SWyllys.Ingersoll@Sun.COM char sFullProfileDir[KMS_MAX_FILE_NAME+1]; 1155*12720SWyllys.Ingersoll@Sun.COM char sAgentPK12File[KMS_MAX_FILE_NAME+1]; 1156*12720SWyllys.Ingersoll@Sun.COM struct stat statp; 1157*12720SWyllys.Ingersoll@Sun.COM 1158*12720SWyllys.Ingersoll@Sun.COM BuildFullProfilePath(sFullProfileDir, 1159*12720SWyllys.Ingersoll@Sun.COM g_sWorkingDirectory, profileName); 1160*12720SWyllys.Ingersoll@Sun.COM 1161*12720SWyllys.Ingersoll@Sun.COM strncpy( sAgentPK12File, sFullProfileDir, KMS_MAX_FILE_NAME ); 1162*12720SWyllys.Ingersoll@Sun.COM strncat( sAgentPK12File, CLIENT_PK12_FILE, KMS_MAX_FILE_NAME ); 1163*12720SWyllys.Ingersoll@Sun.COM 1164*12720SWyllys.Ingersoll@Sun.COM bSuccess = false; 1165*12720SWyllys.Ingersoll@Sun.COM if (stat(sAgentPK12File, &statp) == -1) 1166*12720SWyllys.Ingersoll@Sun.COM bSuccess = false; 1167*12720SWyllys.Ingersoll@Sun.COM else if (statp.st_size > 0) 1168*12720SWyllys.Ingersoll@Sun.COM bSuccess = true; 1169*12720SWyllys.Ingersoll@Sun.COM 1170*12720SWyllys.Ingersoll@Sun.COM return (bSuccess); 1171*12720SWyllys.Ingersoll@Sun.COM } 1172*12720SWyllys.Ingersoll@Sun.COM 1173*12720SWyllys.Ingersoll@Sun.COM /* 1174*12720SWyllys.Ingersoll@Sun.COM * Load the cert and the private key from the PKCS12 file. 1175*12720SWyllys.Ingersoll@Sun.COM */ 1176*12720SWyllys.Ingersoll@Sun.COM bool GetPKCS12CertAndKey( 1177*12720SWyllys.Ingersoll@Sun.COM KMSClientProfile* const io_pProfile, 1178*12720SWyllys.Ingersoll@Sun.COM utf8char *i_pPassphrase, 1179*12720SWyllys.Ingersoll@Sun.COM CCertificate *i_pEntityCert, 1180*12720SWyllys.Ingersoll@Sun.COM CPrivateKey *i_pEntityPrivateKey) 1181*12720SWyllys.Ingersoll@Sun.COM { 1182*12720SWyllys.Ingersoll@Sun.COM bool bSuccess = true; 1183*12720SWyllys.Ingersoll@Sun.COM char sFullProfileDir[KMS_MAX_FILE_NAME+1]; 1184*12720SWyllys.Ingersoll@Sun.COM char sAgentPK12File[KMS_MAX_FILE_NAME+1]; 1185*12720SWyllys.Ingersoll@Sun.COM 1186*12720SWyllys.Ingersoll@Sun.COM BuildFullProfilePath(sFullProfileDir, 1187*12720SWyllys.Ingersoll@Sun.COM g_sWorkingDirectory, io_pProfile->m_wsProfileName ); 1188*12720SWyllys.Ingersoll@Sun.COM 1189*12720SWyllys.Ingersoll@Sun.COM strncpy( sAgentPK12File, sFullProfileDir, KMS_MAX_FILE_NAME ); 1190*12720SWyllys.Ingersoll@Sun.COM strncat( sAgentPK12File, CLIENT_PK12_FILE, KMS_MAX_FILE_NAME ); 1191*12720SWyllys.Ingersoll@Sun.COM 1192*12720SWyllys.Ingersoll@Sun.COM bSuccess = i_pEntityCert->LoadPKCS12CertAndKey( 1193*12720SWyllys.Ingersoll@Sun.COM sAgentPK12File, FILE_FORMAT_PKCS12, 1194*12720SWyllys.Ingersoll@Sun.COM i_pEntityPrivateKey, i_pPassphrase); 1195*12720SWyllys.Ingersoll@Sun.COM 1196*12720SWyllys.Ingersoll@Sun.COM if (!bSuccess) 1197*12720SWyllys.Ingersoll@Sun.COM io_pProfile->m_iLastErrorCode = KMS_AGENT_LOCAL_AUTH_FAILURE; 1198*12720SWyllys.Ingersoll@Sun.COM 1199*12720SWyllys.Ingersoll@Sun.COM return (bSuccess); 1200*12720SWyllys.Ingersoll@Sun.COM } 1201*12720SWyllys.Ingersoll@Sun.COM 1202*12720SWyllys.Ingersoll@Sun.COM bool StoreTempAgentPKI( 1203*12720SWyllys.Ingersoll@Sun.COM KMSClientProfile* const i_pProfile, 1204*12720SWyllys.Ingersoll@Sun.COM CCertificate* i_pAgentCertificate, 1205*12720SWyllys.Ingersoll@Sun.COM CPrivateKey* i_pAgentPrivateKey) 1206*12720SWyllys.Ingersoll@Sun.COM { 1207*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( i_pProfile ); 1208*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( i_pAgentCertificate ); 1209*12720SWyllys.Ingersoll@Sun.COM 1210*12720SWyllys.Ingersoll@Sun.COM bool bSuccess; 1211*12720SWyllys.Ingersoll@Sun.COM char sClientKeyFile[KMS_MAX_FILE_NAME]; 1212*12720SWyllys.Ingersoll@Sun.COM 1213*12720SWyllys.Ingersoll@Sun.COM BuildFullProfilePath( sClientKeyFile, 1214*12720SWyllys.Ingersoll@Sun.COM g_sWorkingDirectory, 1215*12720SWyllys.Ingersoll@Sun.COM i_pProfile->m_wsProfileName ); 1216*12720SWyllys.Ingersoll@Sun.COM 1217*12720SWyllys.Ingersoll@Sun.COM strncat(sClientKeyFile, 1218*12720SWyllys.Ingersoll@Sun.COM CLIENT_KEY_FILE, 1219*12720SWyllys.Ingersoll@Sun.COM KMS_MAX_FILE_NAME ); 1220*12720SWyllys.Ingersoll@Sun.COM 1221*12720SWyllys.Ingersoll@Sun.COM CPKI oPKI; 1222*12720SWyllys.Ingersoll@Sun.COM 1223*12720SWyllys.Ingersoll@Sun.COM // save Certificate and Private Key to file named sClientKeyFile(CLIENT_KEY_FILE) 1224*12720SWyllys.Ingersoll@Sun.COM bSuccess = oPKI.ExportCertAndKeyToFile( 1225*12720SWyllys.Ingersoll@Sun.COM i_pAgentCertificate, 1226*12720SWyllys.Ingersoll@Sun.COM i_pAgentPrivateKey, 1227*12720SWyllys.Ingersoll@Sun.COM sClientKeyFile, 1228*12720SWyllys.Ingersoll@Sun.COM NULL, 1229*12720SWyllys.Ingersoll@Sun.COM PKI_FORMAT); 1230*12720SWyllys.Ingersoll@Sun.COM 1231*12720SWyllys.Ingersoll@Sun.COM if ( !bSuccess ) 1232*12720SWyllys.Ingersoll@Sun.COM { 1233*12720SWyllys.Ingersoll@Sun.COM LogError(i_pProfile, 1234*12720SWyllys.Ingersoll@Sun.COM AUDIT_CLIENT_LOAD_PROFILE_EXPORT_CERTIFICATE_AND_KEY_FAILED, 1235*12720SWyllys.Ingersoll@Sun.COM NULL, 1236*12720SWyllys.Ingersoll@Sun.COM NULL, 1237*12720SWyllys.Ingersoll@Sun.COM sClientKeyFile ); 1238*12720SWyllys.Ingersoll@Sun.COM } 1239*12720SWyllys.Ingersoll@Sun.COM return bSuccess; 1240*12720SWyllys.Ingersoll@Sun.COM } 1241*12720SWyllys.Ingersoll@Sun.COM 1242*12720SWyllys.Ingersoll@Sun.COM void CleanupPrivateKeyFile(KMSClientProfile* const io_pProfile) 1243*12720SWyllys.Ingersoll@Sun.COM { 1244*12720SWyllys.Ingersoll@Sun.COM char sClientKeyFile[KMS_MAX_FILE_NAME]; 1245*12720SWyllys.Ingersoll@Sun.COM 1246*12720SWyllys.Ingersoll@Sun.COM BuildFullProfilePath( sClientKeyFile, 1247*12720SWyllys.Ingersoll@Sun.COM g_sWorkingDirectory, 1248*12720SWyllys.Ingersoll@Sun.COM io_pProfile->m_wsProfileName ); 1249*12720SWyllys.Ingersoll@Sun.COM 1250*12720SWyllys.Ingersoll@Sun.COM strncat(sClientKeyFile, 1251*12720SWyllys.Ingersoll@Sun.COM CLIENT_KEY_FILE, 1252*12720SWyllys.Ingersoll@Sun.COM KMS_MAX_FILE_NAME ); 1253*12720SWyllys.Ingersoll@Sun.COM 1254*12720SWyllys.Ingersoll@Sun.COM (void) unlink(sClientKeyFile); 1255*12720SWyllys.Ingersoll@Sun.COM return; 1256*12720SWyllys.Ingersoll@Sun.COM } 1257*12720SWyllys.Ingersoll@Sun.COM #endif /* PKCS12 */ 1258*12720SWyllys.Ingersoll@Sun.COM 1259*12720SWyllys.Ingersoll@Sun.COM /** 1260*12720SWyllys.Ingersoll@Sun.COM * GetPKIcerts verifies that CA and Agent certificates are available in 1261*12720SWyllys.Ingersoll@Sun.COM * persistent storage and updates profile with an indicator 1262*12720SWyllys.Ingersoll@Sun.COM */ 1263*12720SWyllys.Ingersoll@Sun.COM bool GetPKIcerts( 1264*12720SWyllys.Ingersoll@Sun.COM KMSClientProfile* const io_pProfile ) 1265*12720SWyllys.Ingersoll@Sun.COM { 1266*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( io_pProfile ); 1267*12720SWyllys.Ingersoll@Sun.COM 1268*12720SWyllys.Ingersoll@Sun.COM bool bSuccess = true; 1269*12720SWyllys.Ingersoll@Sun.COM char sFullProfileDir[KMS_MAX_FILE_NAME+1]; 1270*12720SWyllys.Ingersoll@Sun.COM char sCAcertFile[KMS_MAX_FILE_NAME+1]; 1271*12720SWyllys.Ingersoll@Sun.COM char sAgentCertFile[KMS_MAX_FILE_NAME+1]; 1272*12720SWyllys.Ingersoll@Sun.COM #ifndef K_SOLARIS_PLATFORM 1273*12720SWyllys.Ingersoll@Sun.COM myFILE* pfFile; 1274*12720SWyllys.Ingersoll@Sun.COM #endif 1275*12720SWyllys.Ingersoll@Sun.COM 1276*12720SWyllys.Ingersoll@Sun.COM #if defined(DEBUG_TRACE) && defined(METAWARE) 1277*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE_ENTRY *trace = NULL; 1278*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE( trace, GetPKIcerts ); 1279*12720SWyllys.Ingersoll@Sun.COM #endif 1280*12720SWyllys.Ingersoll@Sun.COM 1281*12720SWyllys.Ingersoll@Sun.COM io_pProfile->m_iEnrolled = FALSE; 1282*12720SWyllys.Ingersoll@Sun.COM 1283*12720SWyllys.Ingersoll@Sun.COM BuildFullProfilePath( sFullProfileDir, 1284*12720SWyllys.Ingersoll@Sun.COM g_sWorkingDirectory, io_pProfile->m_wsProfileName ); 1285*12720SWyllys.Ingersoll@Sun.COM 1286*12720SWyllys.Ingersoll@Sun.COM strncpy( sCAcertFile, sFullProfileDir, KMS_MAX_FILE_NAME ); 1287*12720SWyllys.Ingersoll@Sun.COM sCAcertFile[KMS_MAX_FILE_NAME] = '\0'; 1288*12720SWyllys.Ingersoll@Sun.COM strncat( sCAcertFile, CA_CERTIFICATE_FILE, KMS_MAX_FILE_NAME ); 1289*12720SWyllys.Ingersoll@Sun.COM 1290*12720SWyllys.Ingersoll@Sun.COM #ifdef K_SOLARIS_PLATFORM 1291*12720SWyllys.Ingersoll@Sun.COM /* 1292*12720SWyllys.Ingersoll@Sun.COM * stat(2) is preferred over fopen(3C) 1293*12720SWyllys.Ingersoll@Sun.COM * fopen for checking if a file is present. 1294*12720SWyllys.Ingersoll@Sun.COM */ 1295*12720SWyllys.Ingersoll@Sun.COM struct stat statp; 1296*12720SWyllys.Ingersoll@Sun.COM if (stat(sCAcertFile, &statp)) { 1297*12720SWyllys.Ingersoll@Sun.COM LogError(io_pProfile, 1298*12720SWyllys.Ingersoll@Sun.COM AUDIT_CLIENT_LOAD_PROFILE_FAILED, 1299*12720SWyllys.Ingersoll@Sun.COM NULL, 1300*12720SWyllys.Ingersoll@Sun.COM NULL, 1301*12720SWyllys.Ingersoll@Sun.COM "Test for presence of CA Certificate failed" ); 1302*12720SWyllys.Ingersoll@Sun.COM return false; 1303*12720SWyllys.Ingersoll@Sun.COM } 1304*12720SWyllys.Ingersoll@Sun.COM 1305*12720SWyllys.Ingersoll@Sun.COM #else 1306*12720SWyllys.Ingersoll@Sun.COM pfFile = fopen( sCAcertFile, "rb" ); 1307*12720SWyllys.Ingersoll@Sun.COM 1308*12720SWyllys.Ingersoll@Sun.COM if ( pfFile != NULL ) 1309*12720SWyllys.Ingersoll@Sun.COM { 1310*12720SWyllys.Ingersoll@Sun.COM fclose(pfFile); 1311*12720SWyllys.Ingersoll@Sun.COM } 1312*12720SWyllys.Ingersoll@Sun.COM else 1313*12720SWyllys.Ingersoll@Sun.COM { 1314*12720SWyllys.Ingersoll@Sun.COM LogError(io_pProfile, 1315*12720SWyllys.Ingersoll@Sun.COM AUDIT_CLIENT_LOAD_PROFILE_FAILED, 1316*12720SWyllys.Ingersoll@Sun.COM NULL, 1317*12720SWyllys.Ingersoll@Sun.COM NULL, 1318*12720SWyllys.Ingersoll@Sun.COM "Test for presence of CA Certificate failed" ); 1319*12720SWyllys.Ingersoll@Sun.COM return false; 1320*12720SWyllys.Ingersoll@Sun.COM } 1321*12720SWyllys.Ingersoll@Sun.COM #endif 1322*12720SWyllys.Ingersoll@Sun.COM 1323*12720SWyllys.Ingersoll@Sun.COM // open the file containing client certificate and private key 1324*12720SWyllys.Ingersoll@Sun.COM // checking if the file exists. 1325*12720SWyllys.Ingersoll@Sun.COM strncpy( sAgentCertFile, sFullProfileDir, KMS_MAX_FILE_NAME ); 1326*12720SWyllys.Ingersoll@Sun.COM sAgentCertFile[KMS_MAX_FILE_NAME] = '\0'; 1327*12720SWyllys.Ingersoll@Sun.COM strncat( sAgentCertFile, CLIENT_KEY_FILE, KMS_MAX_FILE_NAME ); 1328*12720SWyllys.Ingersoll@Sun.COM 1329*12720SWyllys.Ingersoll@Sun.COM #ifdef K_SOLARIS_PLATFORM 1330*12720SWyllys.Ingersoll@Sun.COM /* 1331*12720SWyllys.Ingersoll@Sun.COM * stat(2) is safer than "fopen" for checking if a file is 1332*12720SWyllys.Ingersoll@Sun.COM * present or not. 1333*12720SWyllys.Ingersoll@Sun.COM */ 1334*12720SWyllys.Ingersoll@Sun.COM if (stat(sAgentCertFile, &statp)) { 1335*12720SWyllys.Ingersoll@Sun.COM LogError(io_pProfile, 1336*12720SWyllys.Ingersoll@Sun.COM AUDIT_CLIENT_LOAD_PROFILE_FAILED, 1337*12720SWyllys.Ingersoll@Sun.COM NULL, 1338*12720SWyllys.Ingersoll@Sun.COM NULL, 1339*12720SWyllys.Ingersoll@Sun.COM "Test for presence of Agent Certificate failed" ); 1340*12720SWyllys.Ingersoll@Sun.COM return false; 1341*12720SWyllys.Ingersoll@Sun.COM } 1342*12720SWyllys.Ingersoll@Sun.COM #else 1343*12720SWyllys.Ingersoll@Sun.COM 1344*12720SWyllys.Ingersoll@Sun.COM pfFile = fopen( sAgentCertFile, "rb" ); 1345*12720SWyllys.Ingersoll@Sun.COM 1346*12720SWyllys.Ingersoll@Sun.COM if ( pfFile != NULL ) 1347*12720SWyllys.Ingersoll@Sun.COM { 1348*12720SWyllys.Ingersoll@Sun.COM fclose(pfFile); 1349*12720SWyllys.Ingersoll@Sun.COM } 1350*12720SWyllys.Ingersoll@Sun.COM else 1351*12720SWyllys.Ingersoll@Sun.COM { 1352*12720SWyllys.Ingersoll@Sun.COM LogError(io_pProfile, 1353*12720SWyllys.Ingersoll@Sun.COM AUDIT_CLIENT_LOAD_PROFILE_FAILED, 1354*12720SWyllys.Ingersoll@Sun.COM NULL, 1355*12720SWyllys.Ingersoll@Sun.COM NULL, 1356*12720SWyllys.Ingersoll@Sun.COM "Test for presence of Agent Certificate failed" ); 1357*12720SWyllys.Ingersoll@Sun.COM return false; 1358*12720SWyllys.Ingersoll@Sun.COM } 1359*12720SWyllys.Ingersoll@Sun.COM #endif 1360*12720SWyllys.Ingersoll@Sun.COM 1361*12720SWyllys.Ingersoll@Sun.COM io_pProfile->m_iEnrolled = TRUE; 1362*12720SWyllys.Ingersoll@Sun.COM 1363*12720SWyllys.Ingersoll@Sun.COM return bSuccess; 1364*12720SWyllys.Ingersoll@Sun.COM } 1365*12720SWyllys.Ingersoll@Sun.COM 1366*12720SWyllys.Ingersoll@Sun.COM /** 1367*12720SWyllys.Ingersoll@Sun.COM * DeleteStorageProfile 1368*12720SWyllys.Ingersoll@Sun.COM */ 1369*12720SWyllys.Ingersoll@Sun.COM bool DeleteStorageProfile( 1370*12720SWyllys.Ingersoll@Sun.COM const char* const i_pName) 1371*12720SWyllys.Ingersoll@Sun.COM { 1372*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( i_pName ); 1373*12720SWyllys.Ingersoll@Sun.COM 1374*12720SWyllys.Ingersoll@Sun.COM #if defined(DEBUG_TRACE) && defined(METAWARE) 1375*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE_ENTRY *trace = NULL; 1376*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE( trace, DeleteStorageProfile ); 1377*12720SWyllys.Ingersoll@Sun.COM #endif 1378*12720SWyllys.Ingersoll@Sun.COM 1379*12720SWyllys.Ingersoll@Sun.COM bool bSuccess = true; 1380*12720SWyllys.Ingersoll@Sun.COM char sFullProfileDir[KMS_MAX_FILE_NAME+1]; 1381*12720SWyllys.Ingersoll@Sun.COM char sConfigFile[KMS_MAX_FILE_NAME+1]; 1382*12720SWyllys.Ingersoll@Sun.COM char sClusterInformationFile[KMS_MAX_FILE_NAME+1]; 1383*12720SWyllys.Ingersoll@Sun.COM char sCACertificateFile[KMS_MAX_FILE_NAME+1]; 1384*12720SWyllys.Ingersoll@Sun.COM char sClientKeyFile[KMS_MAX_FILE_NAME+1]; 1385*12720SWyllys.Ingersoll@Sun.COM #ifdef KMSUSERPKCS12 1386*12720SWyllys.Ingersoll@Sun.COM char sClientP12File[KMS_MAX_FILE_NAME+1]; 1387*12720SWyllys.Ingersoll@Sun.COM #endif 1388*12720SWyllys.Ingersoll@Sun.COM 1389*12720SWyllys.Ingersoll@Sun.COM BuildFullProfilePathWithName( sFullProfileDir, 1390*12720SWyllys.Ingersoll@Sun.COM g_sWorkingDirectory, i_pName ); 1391*12720SWyllys.Ingersoll@Sun.COM strncpy( sConfigFile, sFullProfileDir, KMS_MAX_FILE_NAME ); 1392*12720SWyllys.Ingersoll@Sun.COM sConfigFile[KMS_MAX_FILE_NAME] = '\0'; 1393*12720SWyllys.Ingersoll@Sun.COM strncat( sConfigFile, PROFILE_CONFIG_FILE, KMS_MAX_FILE_NAME ); 1394*12720SWyllys.Ingersoll@Sun.COM 1395*12720SWyllys.Ingersoll@Sun.COM strncpy( sClusterInformationFile, sFullProfileDir, KMS_MAX_FILE_NAME ); 1396*12720SWyllys.Ingersoll@Sun.COM sClusterInformationFile[KMS_MAX_FILE_NAME] = '\0'; 1397*12720SWyllys.Ingersoll@Sun.COM strncat( sClusterInformationFile, 1398*12720SWyllys.Ingersoll@Sun.COM PROFILE_CLUSTER_CONFIG_FILE, 1399*12720SWyllys.Ingersoll@Sun.COM KMS_MAX_FILE_NAME ); 1400*12720SWyllys.Ingersoll@Sun.COM 1401*12720SWyllys.Ingersoll@Sun.COM strncpy( sCACertificateFile, sFullProfileDir, KMS_MAX_FILE_NAME ); 1402*12720SWyllys.Ingersoll@Sun.COM sCACertificateFile[KMS_MAX_FILE_NAME] = '\0'; 1403*12720SWyllys.Ingersoll@Sun.COM strncat( sCACertificateFile, CA_CERTIFICATE_FILE, KMS_MAX_FILE_NAME ); 1404*12720SWyllys.Ingersoll@Sun.COM 1405*12720SWyllys.Ingersoll@Sun.COM strncpy( sClientKeyFile, sFullProfileDir, KMS_MAX_FILE_NAME ); 1406*12720SWyllys.Ingersoll@Sun.COM sClientKeyFile[KMS_MAX_FILE_NAME] = '\0'; 1407*12720SWyllys.Ingersoll@Sun.COM strncat( sClientKeyFile, CLIENT_KEY_FILE, KMS_MAX_FILE_NAME ); 1408*12720SWyllys.Ingersoll@Sun.COM 1409*12720SWyllys.Ingersoll@Sun.COM myFILE* pfFile = fopen( sConfigFile, "rb" ); 1410*12720SWyllys.Ingersoll@Sun.COM 1411*12720SWyllys.Ingersoll@Sun.COM if ( pfFile != NULL ) 1412*12720SWyllys.Ingersoll@Sun.COM { 1413*12720SWyllys.Ingersoll@Sun.COM fclose(pfFile); 1414*12720SWyllys.Ingersoll@Sun.COM if ( my_unlink(sConfigFile) ) 1415*12720SWyllys.Ingersoll@Sun.COM bSuccess = false; 1416*12720SWyllys.Ingersoll@Sun.COM } 1417*12720SWyllys.Ingersoll@Sun.COM 1418*12720SWyllys.Ingersoll@Sun.COM pfFile = fopen( sClusterInformationFile, "rb" ); 1419*12720SWyllys.Ingersoll@Sun.COM 1420*12720SWyllys.Ingersoll@Sun.COM if ( pfFile != NULL ) 1421*12720SWyllys.Ingersoll@Sun.COM { 1422*12720SWyllys.Ingersoll@Sun.COM fclose(pfFile); 1423*12720SWyllys.Ingersoll@Sun.COM if ( my_unlink(sClusterInformationFile) ) 1424*12720SWyllys.Ingersoll@Sun.COM bSuccess = false; 1425*12720SWyllys.Ingersoll@Sun.COM } 1426*12720SWyllys.Ingersoll@Sun.COM 1427*12720SWyllys.Ingersoll@Sun.COM pfFile = fopen( sCACertificateFile, "rb" ); 1428*12720SWyllys.Ingersoll@Sun.COM 1429*12720SWyllys.Ingersoll@Sun.COM if ( pfFile != NULL ) 1430*12720SWyllys.Ingersoll@Sun.COM { 1431*12720SWyllys.Ingersoll@Sun.COM fclose(pfFile); 1432*12720SWyllys.Ingersoll@Sun.COM if ( my_unlink(sCACertificateFile) ) 1433*12720SWyllys.Ingersoll@Sun.COM bSuccess = false; 1434*12720SWyllys.Ingersoll@Sun.COM } 1435*12720SWyllys.Ingersoll@Sun.COM 1436*12720SWyllys.Ingersoll@Sun.COM pfFile = fopen( sClientKeyFile, "rb" ); 1437*12720SWyllys.Ingersoll@Sun.COM 1438*12720SWyllys.Ingersoll@Sun.COM if ( pfFile != NULL ) 1439*12720SWyllys.Ingersoll@Sun.COM { 1440*12720SWyllys.Ingersoll@Sun.COM fclose(pfFile); 1441*12720SWyllys.Ingersoll@Sun.COM if ( my_unlink(sClientKeyFile) ) 1442*12720SWyllys.Ingersoll@Sun.COM bSuccess = false; 1443*12720SWyllys.Ingersoll@Sun.COM } 1444*12720SWyllys.Ingersoll@Sun.COM 1445*12720SWyllys.Ingersoll@Sun.COM #ifdef KMSUSERPKCS12 1446*12720SWyllys.Ingersoll@Sun.COM strncpy( sClientP12File, sFullProfileDir, KMS_MAX_FILE_NAME ); 1447*12720SWyllys.Ingersoll@Sun.COM sClientP12File[KMS_MAX_FILE_NAME] = '\0'; 1448*12720SWyllys.Ingersoll@Sun.COM strncat( sClientP12File, CLIENT_KEY_FILE, KMS_MAX_FILE_NAME ); 1449*12720SWyllys.Ingersoll@Sun.COM 1450*12720SWyllys.Ingersoll@Sun.COM /* Just unlink, no need to open/close first. */ 1451*12720SWyllys.Ingersoll@Sun.COM if ( my_unlink(sClientP12File) ) 1452*12720SWyllys.Ingersoll@Sun.COM bSuccess = false; 1453*12720SWyllys.Ingersoll@Sun.COM #endif 1454*12720SWyllys.Ingersoll@Sun.COM 1455*12720SWyllys.Ingersoll@Sun.COM pfFile = fopen( sFullProfileDir, "rb" ); 1456*12720SWyllys.Ingersoll@Sun.COM 1457*12720SWyllys.Ingersoll@Sun.COM if ( pfFile != NULL ) 1458*12720SWyllys.Ingersoll@Sun.COM { 1459*12720SWyllys.Ingersoll@Sun.COM fclose(pfFile); 1460*12720SWyllys.Ingersoll@Sun.COM if ( my_rmdir(sFullProfileDir) ) 1461*12720SWyllys.Ingersoll@Sun.COM bSuccess = false; 1462*12720SWyllys.Ingersoll@Sun.COM } 1463*12720SWyllys.Ingersoll@Sun.COM 1464*12720SWyllys.Ingersoll@Sun.COM return bSuccess; 1465*12720SWyllys.Ingersoll@Sun.COM } 1466*12720SWyllys.Ingersoll@Sun.COM 1467*12720SWyllys.Ingersoll@Sun.COM 1468*12720SWyllys.Ingersoll@Sun.COM 1469*12720SWyllys.Ingersoll@Sun.COM 1470*12720SWyllys.Ingersoll@Sun.COM /** 1471*12720SWyllys.Ingersoll@Sun.COM * K_soap_ssl_client_context 1472*12720SWyllys.Ingersoll@Sun.COM * Parse client context and send to soap, either using a soap call 1473*12720SWyllys.Ingersoll@Sun.COM * for openSSL or user implemented call for Treck SSL 1474*12720SWyllys.Ingersoll@Sun.COM * 1475*12720SWyllys.Ingersoll@Sun.COM * @param i_pProfile - pointer to KMSClientProfile 1476*12720SWyllys.Ingersoll@Sun.COM * @param io_pSoap - pointer to soap structure 1477*12720SWyllys.Ingersoll@Sun.COM * @param i_iFlags - input flags (CLIENT or SERVER auth) 1478*12720SWyllys.Ingersoll@Sun.COM * 1479*12720SWyllys.Ingersoll@Sun.COM * @returns 0=success, non-zero=fail 1480*12720SWyllys.Ingersoll@Sun.COM */ 1481*12720SWyllys.Ingersoll@Sun.COM int K_soap_ssl_client_context 1482*12720SWyllys.Ingersoll@Sun.COM ( KMSClientProfile* const i_pProfile, // input KMSClientProfile 1483*12720SWyllys.Ingersoll@Sun.COM struct soap * io_pSoap, // i/o soap profile 1484*12720SWyllys.Ingersoll@Sun.COM unsigned short i_iFlags ) // input flags 1485*12720SWyllys.Ingersoll@Sun.COM { 1486*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( i_pProfile ); 1487*12720SWyllys.Ingersoll@Sun.COM FATAL_ASSERT( io_pSoap ); 1488*12720SWyllys.Ingersoll@Sun.COM 1489*12720SWyllys.Ingersoll@Sun.COM #if defined(DEBUG_TRACE) && defined(METAWARE) 1490*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE_ENTRY *trace = NULL; 1491*12720SWyllys.Ingersoll@Sun.COM ECPT_TRACE( trace, K_soap_ssl_client_context ) ; 1492*12720SWyllys.Ingersoll@Sun.COM #endif 1493*12720SWyllys.Ingersoll@Sun.COM 1494*12720SWyllys.Ingersoll@Sun.COM 1495*12720SWyllys.Ingersoll@Sun.COM char sCACertificateFile[KMS_MAX_FILE_NAME]; 1496*12720SWyllys.Ingersoll@Sun.COM char sClientKeyFile[KMS_MAX_FILE_NAME]; 1497*12720SWyllys.Ingersoll@Sun.COM 1498*12720SWyllys.Ingersoll@Sun.COM 1499*12720SWyllys.Ingersoll@Sun.COM BuildFullProfilePath( sCACertificateFile, // out 1500*12720SWyllys.Ingersoll@Sun.COM g_sWorkingDirectory, // out 1501*12720SWyllys.Ingersoll@Sun.COM i_pProfile->m_wsProfileName ); // in 1502*12720SWyllys.Ingersoll@Sun.COM 1503*12720SWyllys.Ingersoll@Sun.COM strncat( sCACertificateFile, // path 1504*12720SWyllys.Ingersoll@Sun.COM CA_CERTIFICATE_FILE, // name 1505*12720SWyllys.Ingersoll@Sun.COM KMS_MAX_FILE_NAME ); 1506*12720SWyllys.Ingersoll@Sun.COM 1507*12720SWyllys.Ingersoll@Sun.COM 1508*12720SWyllys.Ingersoll@Sun.COM switch ( i_iFlags ) 1509*12720SWyllys.Ingersoll@Sun.COM { 1510*12720SWyllys.Ingersoll@Sun.COM case SOAP_SSL_REQUIRE_CLIENT_AUTHENTICATION: 1511*12720SWyllys.Ingersoll@Sun.COM { 1512*12720SWyllys.Ingersoll@Sun.COM BuildFullProfilePath( sClientKeyFile, 1513*12720SWyllys.Ingersoll@Sun.COM g_sWorkingDirectory, 1514*12720SWyllys.Ingersoll@Sun.COM i_pProfile->m_wsProfileName ); 1515*12720SWyllys.Ingersoll@Sun.COM 1516*12720SWyllys.Ingersoll@Sun.COM strncat( sClientKeyFile, // path 1517*12720SWyllys.Ingersoll@Sun.COM CLIENT_KEY_FILE, // name 1518*12720SWyllys.Ingersoll@Sun.COM KMS_MAX_FILE_NAME ); 1519*12720SWyllys.Ingersoll@Sun.COM 1520*12720SWyllys.Ingersoll@Sun.COM // this sends the following to the SSL Layer 1521*12720SWyllys.Ingersoll@Sun.COM #ifdef METAWARE 1522*12720SWyllys.Ingersoll@Sun.COM return K_ssl_client_context( 1523*12720SWyllys.Ingersoll@Sun.COM io_pSoap, // i/o 1524*12720SWyllys.Ingersoll@Sun.COM i_iFlags, // flags 1525*12720SWyllys.Ingersoll@Sun.COM sClientKeyFile, // keyfile - client cert and private key 1526*12720SWyllys.Ingersoll@Sun.COM i_pProfile->m_sHexHashedPassphrase, // password 1527*12720SWyllys.Ingersoll@Sun.COM sCACertificateFile, // cafile - CA certificate 1528*12720SWyllys.Ingersoll@Sun.COM NULL, // capath 1529*12720SWyllys.Ingersoll@Sun.COM NULL ); // randfile 1530*12720SWyllys.Ingersoll@Sun.COM #else 1531*12720SWyllys.Ingersoll@Sun.COM return soap_ssl_client_context( 1532*12720SWyllys.Ingersoll@Sun.COM io_pSoap, // i/o 1533*12720SWyllys.Ingersoll@Sun.COM #ifndef SOAP_SSL_SKIP_HOST_CHECK 1534*12720SWyllys.Ingersoll@Sun.COM i_iFlags, // flags 1535*12720SWyllys.Ingersoll@Sun.COM #else 1536*12720SWyllys.Ingersoll@Sun.COM i_iFlags | SOAP_SSL_SKIP_HOST_CHECK, // flags 1537*12720SWyllys.Ingersoll@Sun.COM #endif 1538*12720SWyllys.Ingersoll@Sun.COM sClientKeyFile, // keyfile - client cert and private key 1539*12720SWyllys.Ingersoll@Sun.COM i_pProfile->m_sHexHashedPassphrase, // password 1540*12720SWyllys.Ingersoll@Sun.COM sCACertificateFile, // cafile - CA certificate 1541*12720SWyllys.Ingersoll@Sun.COM NULL, // capath 1542*12720SWyllys.Ingersoll@Sun.COM NULL ); // randfile 1543*12720SWyllys.Ingersoll@Sun.COM #endif 1544*12720SWyllys.Ingersoll@Sun.COM } 1545*12720SWyllys.Ingersoll@Sun.COM case SOAP_SSL_REQUIRE_SERVER_AUTHENTICATION: 1546*12720SWyllys.Ingersoll@Sun.COM { 1547*12720SWyllys.Ingersoll@Sun.COM #ifdef METAWARE 1548*12720SWyllys.Ingersoll@Sun.COM return K_ssl_client_context( 1549*12720SWyllys.Ingersoll@Sun.COM io_pSoap, // i/o 1550*12720SWyllys.Ingersoll@Sun.COM i_iFlags, // flags 1551*12720SWyllys.Ingersoll@Sun.COM NULL, // keyfile 1552*12720SWyllys.Ingersoll@Sun.COM NULL, // password 1553*12720SWyllys.Ingersoll@Sun.COM sCACertificateFile, // cafile 1554*12720SWyllys.Ingersoll@Sun.COM NULL, // capath 1555*12720SWyllys.Ingersoll@Sun.COM NULL ); // randfile 1556*12720SWyllys.Ingersoll@Sun.COM #else 1557*12720SWyllys.Ingersoll@Sun.COM return soap_ssl_client_context( 1558*12720SWyllys.Ingersoll@Sun.COM io_pSoap, // i/o 1559*12720SWyllys.Ingersoll@Sun.COM #ifndef SOAP_SSL_SKIP_HOST_CHECK 1560*12720SWyllys.Ingersoll@Sun.COM i_iFlags, // flags 1561*12720SWyllys.Ingersoll@Sun.COM #else 1562*12720SWyllys.Ingersoll@Sun.COM i_iFlags | SOAP_SSL_SKIP_HOST_CHECK, // flags 1563*12720SWyllys.Ingersoll@Sun.COM #endif 1564*12720SWyllys.Ingersoll@Sun.COM NULL, // keyfile 1565*12720SWyllys.Ingersoll@Sun.COM NULL, // password 1566*12720SWyllys.Ingersoll@Sun.COM sCACertificateFile, // cafile 1567*12720SWyllys.Ingersoll@Sun.COM NULL, // capath 1568*12720SWyllys.Ingersoll@Sun.COM NULL ); // randfile 1569*12720SWyllys.Ingersoll@Sun.COM #endif 1570*12720SWyllys.Ingersoll@Sun.COM } 1571*12720SWyllys.Ingersoll@Sun.COM default: 1572*12720SWyllys.Ingersoll@Sun.COM // unauthenticated sessions are not supported 1573*12720SWyllys.Ingersoll@Sun.COM return 1; 1574*12720SWyllys.Ingersoll@Sun.COM } 1575*12720SWyllys.Ingersoll@Sun.COM } 1576