1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 * Module: keystore.c 29 * Description: This module contains the structure definitions for processing 30 * package keystore files. 31 */ 32 33 #include <errno.h> 34 #include <fcntl.h> 35 #include <unistd.h> 36 #include <strings.h> 37 #include <libintl.h> 38 #include <time.h> 39 #include <ctype.h> 40 #include <sys/types.h> 41 #include <sys/stat.h> 42 #include <openssl/evp.h> 43 #include <openssl/x509.h> 44 #include <openssl/pkcs12.h> 45 #include <openssl/asn1.h> 46 #include <openssl/pem.h> 47 #include <openssl/err.h> 48 #include <openssl/safestack.h> 49 #include <openssl/stack.h> 50 #include "p12lib.h" 51 #include "pkgerr.h" 52 #include "keystore.h" 53 #include "pkglib.h" 54 #include "pkglibmsgs.h" 55 56 typedef struct keystore_t { 57 boolean_t dirty; 58 boolean_t new; 59 char *path; 60 char *passphrase; 61 /* truststore handles */ 62 int cafd; 63 STACK_OF(X509) *cacerts; 64 char *capath; 65 66 /* user certificate handles */ 67 STACK_OF(X509) *clcerts; 68 char *clpath; 69 70 /* private key handles */ 71 STACK_OF(EVP_PKEY) *pkeys; 72 char *keypath; 73 } keystore_t; 74 75 /* local routines */ 76 static keystore_t *new_keystore(void); 77 static void free_keystore(keystore_t *); 78 static boolean_t verify_keystore_integrity(PKG_ERR *, keystore_t *); 79 static boolean_t check_password(PKCS12 *, char *); 80 static boolean_t resolve_paths(PKG_ERR *, char *, char *, 81 long, keystore_t *); 82 static boolean_t lock_keystore(PKG_ERR *, long, keystore_t *); 83 84 static boolean_t unlock_keystore(PKG_ERR *, keystore_t *); 85 static boolean_t read_keystore(PKG_ERR *, keystore_t *, 86 keystore_passphrase_cb); 87 static boolean_t write_keystore(PKG_ERR *, keystore_t *, 88 keystore_passphrase_cb); 89 static boolean_t write_keystore_file(PKG_ERR *, char *, PKCS12 *); 90 static boolean_t clear_keystore_file(PKG_ERR *, char *); 91 static PKCS12 *read_keystore_file(PKG_ERR *, char *); 92 static char *get_time_string(ASN1_TIME *); 93 94 /* locking routines */ 95 static boolean_t restore_keystore_file(PKG_ERR *, char *); 96 static int file_lock(int, int, int); 97 static int file_unlock(int); 98 static boolean_t file_lock_test(int, int); 99 static boolean_t file_empty(char *); 100 static boolean_t get_keystore_passwd(PKG_ERR *err, PKCS12 *p12, 101 keystore_passphrase_cb cb, keystore_t *keystore); 102 static boolean_t wait_restore(int, char *, char *, char *); 103 104 #define KEYSTORE_PERMS (S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) 105 106 /* wait on other keystore access for 1 minute before giving up */ 107 #define LOCK_TIMEOUT 60 108 109 /* 110 * print_certs - prints certificates out of a keystore, to a file. 111 * 112 * Arguments: 113 * err - Error object to append errors to 114 * keystore - Keystore on which to operate 115 * alias - Name of certificate to print, NULL means print all 116 * format - Format in which to print certificates 117 * outfile - Where to print certificates 118 * 119 * Returns: 120 * 0 - Success 121 * non-zero - Failure, errors added to err 122 */ 123 int 124 print_certs(PKG_ERR *err, keystore_handle_t keystore_h, char *alias, 125 keystore_encoding_format_t format, FILE *outfile) 126 { 127 int i; 128 X509 *cert; 129 char *fname = NULL; 130 boolean_t found = B_FALSE; 131 keystore_t *keystore = keystore_h; 132 133 if (keystore->clcerts != NULL) { 134 /* print out each client cert */ 135 for (i = 0; i < sk_X509_num(keystore->clcerts); i++) { 136 cert = sk_X509_value(keystore->clcerts, i); 137 (void) sunw_get_cert_fname(GETDO_COPY, cert, 138 &fname); 139 140 if (fname == NULL) { 141 /* no name recorded, keystore is corrupt */ 142 pkgerr_add(err, PKGERR_CORRUPT, 143 gettext(ERR_KEYSTORE_NO_ALIAS), 144 get_subject_display_name(cert)); 145 return (1); 146 } 147 148 if ((alias != NULL) && (!streq(alias, fname))) { 149 /* name does not match, skip it */ 150 (void) OPENSSL_free(fname); 151 fname = NULL; 152 continue; 153 } else { 154 found = B_TRUE; 155 (void) print_cert(err, cert, format, 156 fname, B_FALSE, outfile); 157 (void) OPENSSL_free(fname); 158 fname = NULL; 159 } 160 } 161 } 162 163 if (fname != NULL) { 164 (void) OPENSSL_free(fname); 165 fname = NULL; 166 } 167 168 if (keystore->cacerts != NULL) { 169 /* print out each trusted cert */ 170 for (i = 0; i < sk_X509_num(keystore->cacerts); i++) { 171 cert = sk_X509_value(keystore->cacerts, i); 172 (void) sunw_get_cert_fname(GETDO_COPY, 173 cert, &fname); 174 175 if (fname == NULL) { 176 /* no name recorded, keystore is corrupt */ 177 pkgerr_add(err, PKGERR_CORRUPT, 178 gettext(ERR_KEYSTORE_NO_ALIAS), 179 get_subject_display_name(cert)); 180 return (1); 181 } 182 183 if ((alias != NULL) && (!streq(alias, fname))) { 184 /* name does not match, skip it */ 185 (void) OPENSSL_free(fname); 186 fname = NULL; 187 continue; 188 } else { 189 found = B_TRUE; 190 (void) print_cert(err, cert, format, 191 fname, B_TRUE, outfile); 192 (void) OPENSSL_free(fname); 193 fname = NULL; 194 } 195 } 196 } 197 198 if (fname != NULL) { 199 (void) OPENSSL_free(fname); 200 fname = NULL; 201 } 202 203 if (found) { 204 return (0); 205 } else { 206 /* no certs printed */ 207 if (alias != NULL) { 208 pkgerr_add(err, PKGERR_NOALIASMATCH, 209 gettext(ERR_KEYSTORE_NOCERT), 210 alias, keystore->path); 211 } else { 212 pkgerr_add(err, PKGERR_NOPUBKEY, 213 gettext(ERR_KEYSTORE_NOPUBCERTS), 214 keystore->path); 215 pkgerr_add(err, PKGERR_NOCACERT, 216 gettext(ERR_KEYSTORE_NOCACERTS), 217 keystore->path); 218 } 219 return (1); 220 } 221 } 222 223 /* 224 * print_cert - prints a single certificate, to a file 225 * 226 * Arguments: 227 * err - Error object to append errors to 228 * x - The certificate to print 229 * alias - Name of certificate to print 230 * format - Format in which to print certificate 231 * outfile - Where to print certificate 232 * 233 * Returns: 234 * 0 - Success 235 * non-zero - Failure, errors added to err 236 */ 237 int print_cert(PKG_ERR *err, X509 *x, 238 keystore_encoding_format_t format, char *alias, boolean_t is_trusted, 239 FILE *outfile) 240 { 241 242 char *vdb_str; 243 char *vda_str; 244 char vd_str[ATTR_MAX]; 245 int ret = 0; 246 char *cn_str, *icn_str, *typ_str; 247 char *tmp; 248 char *md5_fp; 249 char *sha1_fp; 250 int len; 251 252 /* need to localize the word "Fingerprint", hence these pointers */ 253 char md5_label[ATTR_MAX]; 254 char sha1_label[ATTR_MAX]; 255 256 if (is_trusted) { 257 typ_str = gettext(MSG_KEYSTORE_TRUSTED); 258 } else { 259 typ_str = gettext(MSG_KEYSTORE_UNTRUSTED); 260 } 261 262 if ((cn_str = get_subject_display_name(x)) == NULL) { 263 cn_str = gettext(MSG_KEYSTORE_UNKNOWN); 264 } 265 266 if ((icn_str = get_issuer_display_name(x)) == NULL) { 267 icn_str = gettext(MSG_KEYSTORE_UNKNOWN); 268 } 269 270 vdb_str = xstrdup(get_time_string(X509_get_notBefore(x))); 271 vda_str = xstrdup(get_time_string(X509_get_notAfter(x))); 272 if (((len = snprintf(vd_str, ATTR_MAX, "<%s> - <%s>", 273 vdb_str, vda_str)) < 0) || (len >= ATTR_MAX)) { 274 pkgerr_add(err, PKGERR_WEB, gettext(ERR_LEN), vdb_str); 275 ret = 1; 276 goto cleanup; 277 } 278 279 if ((tmp = get_fingerprint(x, EVP_md5())) == NULL) { 280 md5_fp = gettext(MSG_KEYSTORE_UNKNOWN); 281 } else { 282 /* 283 * make a copy, otherwise the next call to get_fingerprint 284 * will overwrite this one 285 */ 286 md5_fp = xstrdup(tmp); 287 } 288 289 if ((tmp = get_fingerprint(x, EVP_sha1())) == NULL) { 290 sha1_fp = gettext(MSG_KEYSTORE_UNKNOWN); 291 } else { 292 sha1_fp = xstrdup(tmp); 293 } 294 295 (void) snprintf(md5_label, ATTR_MAX, "%s %s", 296 OBJ_nid2sn(EVP_MD_type(EVP_md5())), 297 /* i18n: 14 characters max */ 298 gettext(MSG_KEYSTORE_FP)); 299 300 (void) snprintf(sha1_label, ATTR_MAX, "%s %s", 301 OBJ_nid2sn(EVP_MD_type(EVP_sha1())), 302 /* i18n: 14 characters max */ 303 gettext(MSG_KEYSTORE_FP)); 304 305 switch (format) { 306 case KEYSTORE_FORMAT_PEM: 307 (void) PEM_write_X509(outfile, x); 308 break; 309 case KEYSTORE_FORMAT_DER: 310 (void) i2d_X509_fp(outfile, x); 311 break; 312 case KEYSTORE_FORMAT_TEXT: 313 (void) fprintf(outfile, "%18s: %s\n", 314 /* i18n: 18 characters max */ 315 gettext(MSG_KEYSTORE_AL), alias); 316 (void) fprintf(outfile, "%18s: %s\n", 317 /* i18n: 18 characters max */ 318 gettext(MSG_KEYSTORE_CN), cn_str); 319 (void) fprintf(outfile, "%18s: %s\n", 320 /* i18n: 18 characters max */ 321 gettext(MSG_KEYSTORE_TY), typ_str); 322 (void) fprintf(outfile, "%18s: %s\n", 323 /* i18n: 18 characters max */ 324 gettext(MSG_KEYSTORE_IN), icn_str); 325 (void) fprintf(outfile, "%18s: %s\n", 326 /* i18n: 18 characters max */ 327 gettext(MSG_KEYSTORE_VD), vd_str); 328 (void) fprintf(outfile, "%18s: %s\n", md5_label, md5_fp); 329 (void) fprintf(outfile, "%18s: %s\n", sha1_label, sha1_fp); 330 (void) fprintf(outfile, "\n"); 331 break; 332 default: 333 pkgerr_add(err, PKGERR_INTERNAL, 334 gettext(ERR_KEYSTORE_INTERNAL), 335 __FILE__, __LINE__); 336 ret = 1; 337 goto cleanup; 338 } 339 340 cleanup: 341 if (md5_fp != NULL) 342 free(md5_fp); 343 if (sha1_fp != NULL) 344 free(sha1_fp); 345 if (vda_str != NULL) 346 free(vda_str); 347 if (vdb_str != NULL) 348 free(vdb_str); 349 return (ret); 350 } 351 352 /* 353 * open_keystore - Initialize new keystore object for 354 * impending access. 355 * 356 * Arguments: 357 * err - Error object to append errors to 358 * keystore_file - Base filename or directory of keystore 359 * app - Application making request 360 * passwd - Password used to decrypt keystore 361 * flags - Control flags used to control access mode and behavior 362 * result - Resulting keystore object stored here on success 363 * 364 * Returns: 365 * 0 - Success - result contains a pointer to the opened keystore 366 * non-zero - Failure, errors added to err 367 */ 368 int 369 open_keystore(PKG_ERR *err, char *keystore_file, char *app, 370 keystore_passphrase_cb cb, long flags, keystore_handle_t *result) 371 { 372 int ret = 0; 373 keystore_t *tmpstore; 374 375 tmpstore = new_keystore(); 376 377 tmpstore->dirty = B_FALSE; 378 tmpstore->new = B_FALSE; 379 tmpstore->path = xstrdup(keystore_file); 380 381 if (!resolve_paths(err, keystore_file, app, flags, tmpstore)) { 382 /* unable to determine keystore paths */ 383 pkgerr_add(err, PKGERR_CORRUPT, gettext(ERR_KEYSTORE_REPAIR), 384 keystore_file); 385 ret = 1; 386 goto cleanup; 387 } 388 389 if (!verify_keystore_integrity(err, tmpstore)) { 390 /* unable to repair keystore */ 391 pkgerr_add(err, PKGERR_CORRUPT, gettext(ERR_KEYSTORE_REPAIR), 392 keystore_file); 393 ret = 1; 394 goto cleanup; 395 } 396 397 if (!lock_keystore(err, flags, tmpstore)) { 398 pkgerr_add(err, PKGERR_LOCKED, gettext(ERR_KEYSTORE_LOCKED), 399 keystore_file); 400 ret = 1; 401 goto cleanup; 402 } 403 404 /* now that we have locked the keystore, go ahead and read it */ 405 if (!read_keystore(err, tmpstore, cb)) { 406 pkgerr_add(err, PKGERR_READ, gettext(ERR_PARSE), 407 keystore_file); 408 ret = 1; 409 goto cleanup; 410 } 411 412 *result = tmpstore; 413 tmpstore = NULL; 414 415 cleanup: 416 if (tmpstore != NULL) 417 free_keystore(tmpstore); 418 return (ret); 419 } 420 421 /* 422 * new_keystore - Allocates and initializes a Keystore object 423 * 424 * Arguments: 425 * NONE 426 * 427 * Returns: 428 * NULL - out of memory 429 * otherwise, returns a pointer to the newly allocated object, 430 * which should be freed with free_keystore() when no longer 431 * needed. 432 */ 433 static keystore_t 434 *new_keystore(void) 435 { 436 keystore_t *tmpstore; 437 438 if ((tmpstore = (keystore_t *)malloc(sizeof (keystore_t))) == NULL) { 439 return (NULL); 440 } 441 tmpstore->dirty = B_FALSE; 442 tmpstore->new = B_FALSE; 443 tmpstore->path = NULL; 444 tmpstore->passphrase = NULL; 445 tmpstore->cafd = -1; 446 tmpstore->cacerts = NULL; 447 tmpstore->capath = NULL; 448 tmpstore->clcerts = NULL; 449 tmpstore->clpath = NULL; 450 tmpstore->pkeys = NULL; 451 tmpstore->keypath = NULL; 452 453 return (tmpstore); 454 } 455 456 /* 457 * free_keystore - Deallocates a Keystore object 458 * 459 * Arguments: 460 * keystore - The keystore to deallocate 461 * 462 * Returns: 463 * NONE 464 */ 465 static void 466 free_keystore(keystore_t *keystore) 467 { 468 if (keystore->path != NULL) 469 free(keystore->path); 470 if (keystore->capath != NULL) 471 free(keystore->capath); 472 if (keystore->passphrase != NULL) 473 free(keystore->passphrase); 474 if (keystore->clpath != NULL) 475 free(keystore->clpath); 476 if (keystore->keypath != NULL) 477 free(keystore->keypath); 478 479 if (keystore->pkeys != NULL) { 480 sk_EVP_PKEY_pop_free(keystore->pkeys, 481 sunw_evp_pkey_free); 482 } 483 if (keystore->clcerts != NULL) 484 sk_X509_free(keystore->clcerts); 485 if (keystore->cacerts != NULL) 486 sk_X509_free(keystore->cacerts); 487 free(keystore); 488 } 489 490 /* 491 * close_keystore - Writes keystore to disk if needed, then 492 * unlocks and closes keystore. 493 * 494 * Arguments: 495 * err - Error object to append errors to 496 * keystore - Keystore which should be closed 497 * passwd - Password used to encrypt keystore 498 * 499 * Returns: 500 * 0 - Success - keystore is committed to disk, and unlocked 501 * non-zero - Failure, errors added to err 502 */ 503 int 504 close_keystore(PKG_ERR *err, keystore_handle_t keystore_h, 505 keystore_passphrase_cb cb) 506 { 507 int ret = 0; 508 keystore_t *keystore = keystore_h; 509 510 if (keystore->dirty) { 511 /* write out the keystore first */ 512 if (!write_keystore(err, keystore, cb)) { 513 pkgerr_add(err, PKGERR_WRITE, 514 gettext(ERR_KEYSTORE_WRITE), 515 keystore->path); 516 ret = 1; 517 goto cleanup; 518 } 519 } 520 521 if (!unlock_keystore(err, keystore)) { 522 pkgerr_add(err, PKGERR_UNLOCK, gettext(ERR_KEYSTORE_UNLOCK), 523 keystore->path); 524 ret = 1; 525 goto cleanup; 526 } 527 528 free_keystore(keystore); 529 cleanup: 530 return (ret); 531 } 532 533 /* 534 * merge_ca_cert - Adds a trusted certificate (trust anchor) to a keystore. 535 * certificate checked for validity dates and non-duplicity. 536 * 537 * Arguments: 538 * err - Error object to add errors to 539 * cacert - Certificate which to merge into keystore 540 * keystore - The keystore into which the certificate is merged 541 * 542 * Returns: 543 * 0 - Success - Certificate passes validity, and 544 * is merged into keystore 545 * non-zero - Failure, errors recorded in err 546 */ 547 int 548 merge_ca_cert(PKG_ERR *err, X509 *cacert, keystore_handle_t keystore_h) 549 { 550 551 int ret = 0; 552 X509 *existing = NULL; 553 char *fname; 554 keystore_t *keystore = keystore_h; 555 556 /* check validity dates */ 557 if (check_cert(err, cacert) != 0) { 558 ret = 1; 559 goto cleanup; 560 } 561 562 /* create the certificate's friendlyName */ 563 fname = get_subject_display_name(cacert); 564 565 if (sunw_set_fname(fname, NULL, cacert) != 0) { 566 pkgerr_add(err, PKGERR_NOMEM, gettext(ERR_MEM)); 567 ret = 1; 568 goto cleanup; 569 } 570 571 /* merge certificate into the keystore */ 572 if (keystore->cacerts == NULL) { 573 /* no existing truststore, so make a new one */ 574 if ((keystore->cacerts = sk_X509_new_null()) == NULL) { 575 pkgerr_add(err, PKGERR_NOMEM, gettext(ERR_MEM)); 576 ret = 1; 577 goto cleanup; 578 } 579 } else { 580 /* existing truststore, make sure there's no duplicate */ 581 if (sunw_find_fname(fname, NULL, keystore->cacerts, 582 NULL, &existing) < 0) { 583 pkgerr_add(err, PKGERR_INTERNAL, 584 gettext(ERR_KEYSTORE_INTERNAL), 585 __FILE__, __LINE__); 586 ERR_print_errors_fp(stderr); 587 ret = 1; 588 goto cleanup; 589 /* could not search properly! */ 590 } 591 if (existing != NULL) { 592 /* whoops, found one already */ 593 pkgerr_add(err, PKGERR_DUPLICATE, 594 gettext(ERR_KEYSTORE_DUPLICATECERT), fname); 595 ret = 1; 596 goto cleanup; 597 } 598 } 599 600 (void) sk_X509_push(keystore->cacerts, cacert); 601 keystore->dirty = B_TRUE; 602 cleanup: 603 if (existing != NULL) 604 X509_free(existing); 605 return (ret); 606 } 607 608 /* 609 * find_key_cert_pair - Searches a keystore for a matching 610 * public key certificate and private key, given an alias. 611 * 612 * Arguments: 613 * err - Error object to add errors to 614 * ks - Keystore to search 615 * alias - Name to used to match certificate's alias 616 * key - Resulting key is placed here 617 * cert - Resulting cert is placed here 618 * 619 * Returns: 620 * 0 - Success - Matching cert/key pair placed in key and cert. 621 * non-zero - Failure, errors recorded in err 622 */ 623 int 624 find_key_cert_pair(PKG_ERR *err, keystore_handle_t ks_h, char *alias, 625 EVP_PKEY **key, X509 **cert) 626 { 627 X509 *tmpcert = NULL; 628 EVP_PKEY *tmpkey = NULL; 629 int ret = 0; 630 int items_found; 631 keystore_t *ks = ks_h; 632 633 if (key == NULL || cert == NULL) { 634 pkgerr_add(err, PKGERR_NOPUBKEY, 635 gettext(ERR_KEYSTORE_NOPUBCERTS), ks->path); 636 ret = 1; 637 goto cleanup; 638 } 639 640 if (ks->clcerts == NULL) { 641 /* no public certs */ 642 pkgerr_add(err, PKGERR_NOPUBKEY, 643 gettext(ERR_KEYSTORE_NOCERTS), ks->path); 644 ret = 1; 645 goto cleanup; 646 } 647 if (ks->pkeys == NULL) { 648 /* no private keys */ 649 pkgerr_add(err, PKGERR_NOPRIVKEY, 650 gettext(ERR_KEYSTORE_NOKEYS), ks->path); 651 ret = 1; 652 goto cleanup; 653 } 654 655 /* try the easy case first */ 656 if ((sk_EVP_PKEY_num(ks->pkeys) == 1) && 657 (sk_X509_num(ks->clcerts) == 1)) { 658 tmpkey = sk_EVP_PKEY_value(ks->pkeys, 0); 659 tmpcert = sk_X509_value(ks->clcerts, 0); 660 if (sunw_check_keys(tmpcert, tmpkey)) { 661 /* 662 * only one private key and public key cert, and they 663 * match, so use them 664 */ 665 *key = tmpkey; 666 tmpkey = NULL; 667 *cert = tmpcert; 668 tmpcert = NULL; 669 goto cleanup; 670 } 671 } 672 673 /* Attempt to find the right pair given the alias */ 674 items_found = sunw_find_fname(alias, ks->pkeys, ks->clcerts, 675 &tmpkey, &tmpcert); 676 677 if ((items_found < 0) || 678 (items_found & (FOUND_PKEY | FOUND_CERT)) == 0) { 679 /* no key/cert pair found. bail. */ 680 pkgerr_add(err, PKGERR_BADALIAS, 681 gettext(ERR_KEYSTORE_NOMATCH), alias); 682 ret = 1; 683 goto cleanup; 684 } 685 686 /* success */ 687 *key = tmpkey; 688 tmpkey = NULL; 689 *cert = tmpcert; 690 tmpcert = NULL; 691 692 cleanup: 693 694 if (tmpcert != NULL) 695 (void) X509_free(tmpcert); 696 697 if (tmpkey != NULL) 698 sunw_evp_pkey_free(tmpkey); 699 700 return (ret); 701 } 702 703 /* 704 * find_ca_certs - Searches a keystore for trusted certificates 705 * 706 * Arguments: 707 * err - Error object to add errors to 708 * ks - Keystore to search 709 * cacerts - resulting set of trusted certs are placed here 710 * 711 * Returns: 712 * 0 - Success - trusted cert list returned in cacerts 713 * non-zero - Failure, errors recorded in err 714 */ 715 int 716 find_ca_certs(PKG_ERR *err, keystore_handle_t ks_h, STACK_OF(X509) **cacerts) 717 { 718 719 keystore_t *ks = ks_h; 720 721 /* easy */ 722 if (cacerts == NULL) { 723 pkgerr_add(err, PKGERR_INTERNAL, 724 gettext(ERR_KEYSTORE_INTERNAL), __FILE__, __LINE__); 725 return (1); 726 } 727 728 *cacerts = ks->cacerts; 729 return (0); 730 } 731 732 /* 733 * find_cl_certs - Searches a keystore for user certificates 734 * 735 * Arguments: 736 * err - Error object to add errors to 737 * ks - Keystore to search 738 * cacerts - resulting set of user certs are placed here 739 * 740 * No matching of any kind is performed. 741 * Returns: 742 * 0 - Success - trusted cert list returned in cacerts 743 * non-zero - Failure, errors recorded in err 744 */ 745 /* ARGSUSED */ 746 int 747 find_cl_certs(PKG_ERR *err, keystore_handle_t ks_h, STACK_OF(X509) **clcerts) 748 { 749 keystore_t *ks = ks_h; 750 751 /* easy */ 752 *clcerts = ks->clcerts; 753 return (0); 754 } 755 756 757 /* 758 * merge_cert_and_key - Adds a user certificate and matching 759 * private key to a keystore. 760 * certificate checked for validity dates and non-duplicity. 761 * 762 * Arguments: 763 * err - Error object to add errors to 764 * cert - Certificate which to merge into keystore 765 * key - matching private key to 'cert' 766 * alias - Name which to store the cert and key under 767 * keystore - The keystore into which the certificate is merged 768 * 769 * Returns: 770 * 0 - Success - Certificate passes validity, and 771 * is merged into keystore, along with key 772 * non-zero - Failure, errors recorded in err 773 */ 774 int 775 merge_cert_and_key(PKG_ERR *err, X509 *cert, EVP_PKEY *key, char *alias, 776 keystore_handle_t keystore_h) 777 { 778 X509 *existingcert = NULL; 779 EVP_PKEY *existingkey = NULL; 780 int ret = 0; 781 keystore_t *keystore = keystore_h; 782 783 /* check validity dates */ 784 if (check_cert(err, cert) != 0) { 785 ret = 1; 786 goto cleanup; 787 } 788 789 /* set the friendlyName of the key and cert to the supplied alias */ 790 if (sunw_set_fname(alias, key, cert) != 0) { 791 pkgerr_add(err, PKGERR_NOMEM, gettext(ERR_MEM)); 792 ret = 1; 793 goto cleanup; 794 } 795 796 /* merge certificate and key into the keystore */ 797 if (keystore->clcerts == NULL) { 798 /* no existing truststore, so make a new one */ 799 if ((keystore->clcerts = sk_X509_new_null()) == NULL) { 800 pkgerr_add(err, PKGERR_NOMEM, gettext(ERR_MEM)); 801 ret = 1; 802 goto cleanup; 803 } 804 } else { 805 /* existing certstore, make sure there's no duplicate */ 806 if (sunw_find_fname(alias, NULL, keystore->clcerts, 807 NULL, &existingcert) < 0) { 808 pkgerr_add(err, PKGERR_INTERNAL, 809 gettext(ERR_KEYSTORE_INTERNAL), 810 __FILE__, __LINE__); 811 ERR_print_errors_fp(stderr); 812 ret = 1; 813 goto cleanup; 814 /* could not search properly! */ 815 } 816 if (existingcert != NULL) { 817 /* whoops, found one already */ 818 pkgerr_add(err, PKGERR_DUPLICATE, 819 gettext(ERR_KEYSTORE_DUPLICATECERT), alias); 820 ret = 1; 821 goto cleanup; 822 } 823 } 824 825 if (keystore->pkeys == NULL) { 826 /* no existing keystore, so make a new one */ 827 if ((keystore->pkeys = sk_EVP_PKEY_new_null()) == NULL) { 828 pkgerr_add(err, PKGERR_NOMEM, gettext(ERR_MEM)); 829 ret = 1; 830 goto cleanup; 831 } 832 } else { 833 /* existing keystore, so make sure there's no duplicate entry */ 834 if (sunw_find_fname(alias, keystore->pkeys, NULL, 835 &existingkey, NULL) < 0) { 836 pkgerr_add(err, PKGERR_INTERNAL, 837 gettext(ERR_KEYSTORE_INTERNAL), 838 __FILE__, __LINE__); 839 ERR_print_errors_fp(stderr); 840 ret = 1; 841 goto cleanup; 842 /* could not search properly! */ 843 } 844 if (existingkey != NULL) { 845 /* whoops, found one already */ 846 pkgerr_add(err, PKGERR_DUPLICATE, 847 gettext(ERR_KEYSTORE_DUPLICATEKEY), alias); 848 ret = 1; 849 goto cleanup; 850 } 851 } 852 853 (void) sk_X509_push(keystore->clcerts, cert); 854 (void) sk_EVP_PKEY_push(keystore->pkeys, key); 855 keystore->dirty = B_TRUE; 856 cleanup: 857 if (existingcert != NULL) 858 (void) X509_free(existingcert); 859 if (existingkey != NULL) 860 (void) sunw_evp_pkey_free(existingkey); 861 return (ret); 862 } 863 864 /* 865 * delete_cert_and_keys - Deletes one or more certificates 866 * and matching private keys from a keystore. 867 * 868 * Arguments: 869 * err - Error object to add errors to 870 * ks - The keystore from which certs and keys are deleted 871 * alias - Name which to search for certificates and keys 872 * to delete 873 * 874 * Returns: 875 * 0 - Success - All trusted certs which match 'alias' 876 * are deleted. All user certificates 877 * which match 'alias' are deleted, along 878 * with the matching private key. 879 * non-zero - Failure, errors recorded in err 880 */ 881 int 882 delete_cert_and_keys(PKG_ERR *err, keystore_handle_t ks_h, char *alias) 883 { 884 X509 *existingcert; 885 EVP_PKEY *existingkey; 886 int i; 887 char *fname = NULL; 888 boolean_t found = B_FALSE; 889 keystore_t *ks = ks_h; 890 891 /* delete any and all client certs with the supplied name */ 892 if (ks->clcerts != NULL) { 893 for (i = 0; i < sk_X509_num(ks->clcerts); i++) { 894 existingcert = sk_X509_value(ks->clcerts, i); 895 if (sunw_get_cert_fname(GETDO_COPY, 896 existingcert, &fname) >= 0) { 897 if (streq(fname, alias)) { 898 /* match, so nuke it */ 899 existingcert = 900 sk_X509_delete(ks->clcerts, i); 901 X509_free(existingcert); 902 existingcert = NULL; 903 found = B_TRUE; 904 } 905 (void) OPENSSL_free(fname); 906 fname = NULL; 907 } 908 } 909 if (sk_X509_num(ks->clcerts) <= 0) { 910 /* we deleted all the client certs */ 911 sk_X509_free(ks->clcerts); 912 ks->clcerts = NULL; 913 } 914 } 915 916 /* and now the private keys */ 917 if (ks->pkeys != NULL) { 918 for (i = 0; i < sk_EVP_PKEY_num(ks->pkeys); i++) { 919 existingkey = sk_EVP_PKEY_value(ks->pkeys, i); 920 if (sunw_get_pkey_fname(GETDO_COPY, 921 existingkey, &fname) >= 0) { 922 if (streq(fname, alias)) { 923 /* match, so nuke it */ 924 existingkey = 925 sk_EVP_PKEY_delete(ks->pkeys, i); 926 sunw_evp_pkey_free(existingkey); 927 existingkey = NULL; 928 found = B_TRUE; 929 } 930 (void) OPENSSL_free(fname); 931 fname = NULL; 932 } 933 } 934 if (sk_EVP_PKEY_num(ks->pkeys) <= 0) { 935 /* we deleted all the private keys */ 936 sk_EVP_PKEY_free(ks->pkeys); 937 ks->pkeys = NULL; 938 } 939 } 940 941 /* finally, remove any trust anchors that match */ 942 943 if (ks->cacerts != NULL) { 944 for (i = 0; i < sk_X509_num(ks->cacerts); i++) { 945 existingcert = sk_X509_value(ks->cacerts, i); 946 if (sunw_get_cert_fname(GETDO_COPY, 947 existingcert, &fname) >= 0) { 948 if (streq(fname, alias)) { 949 /* match, so nuke it */ 950 existingcert = 951 sk_X509_delete(ks->cacerts, i); 952 X509_free(existingcert); 953 existingcert = NULL; 954 found = B_TRUE; 955 } 956 (void) OPENSSL_free(fname); 957 fname = NULL; 958 } 959 } 960 if (sk_X509_num(ks->cacerts) <= 0) { 961 /* we deleted all the CA certs */ 962 sk_X509_free(ks->cacerts); 963 ks->cacerts = NULL; 964 } 965 } 966 967 if (found) { 968 ks->dirty = B_TRUE; 969 return (0); 970 } else { 971 /* no certs or keys deleted */ 972 pkgerr_add(err, PKGERR_NOALIASMATCH, 973 gettext(ERR_KEYSTORE_NOCERTKEY), 974 alias, ks->path); 975 return (1); 976 } 977 } 978 979 /* 980 * check_cert - Checks certificate validity. This routine 981 * checks that the current time falls within the period 982 * of validity for the cert. 983 * 984 * Arguments: 985 * err - Error object to add errors to 986 * cert - The certificate to check 987 * 988 * Returns: 989 * 0 - Success - Certificate checks out 990 * non-zero - Failure, errors and reasons recorded in err 991 */ 992 int 993 check_cert(PKG_ERR *err, X509 *cert) 994 { 995 char currtimestr[ATTR_MAX]; 996 time_t currtime; 997 char *r; 998 /* get current time */ 999 if ((currtime = time(NULL)) == (time_t)-1) { 1000 pkgerr_add(err, PKGERR_TIME, gettext(ERR_CURR_TIME)); 1001 return (1); 1002 } 1003 1004 (void) strlcpy(currtimestr, ctime(&currtime), ATTR_MAX); 1005 1006 /* trim whitespace from end of time string */ 1007 for (r = (currtimestr + strlen(currtimestr) - 1); isspace(*r); r--) { 1008 *r = '\0'; 1009 } 1010 /* check validity of cert */ 1011 switch (sunw_check_cert_times(CHK_BOTH, cert)) { 1012 case CHKERR_TIME_OK: 1013 /* Current time meets requested checks */ 1014 break; 1015 case CHKERR_TIME_BEFORE_BAD: 1016 /* 'not before' field is invalid */ 1017 case CHKERR_TIME_AFTER_BAD: 1018 /* 'not after' field is invalid */ 1019 pkgerr_add(err, PKGERR_TIME, gettext(ERR_CERT_TIME_BAD)); 1020 return (1); 1021 case CHKERR_TIME_IS_BEFORE: 1022 /* Current time is before 'not before' */ 1023 case CHKERR_TIME_HAS_EXPIRED: 1024 /* 1025 * Ignore expiration time since the trust cert used to 1026 * verify the certs used to sign Sun patches is already 1027 * expired. Once the patches get resigned with the new 1028 * cert we will check expiration against the time the 1029 * patch was signed and not the time it is installed. 1030 */ 1031 return (0); 1032 default: 1033 pkgerr_add(err, PKGERR_INTERNAL, 1034 gettext(ERR_KEYSTORE_INTERNAL), 1035 __FILE__, __LINE__); 1036 return (1); 1037 } 1038 1039 /* all checks ok */ 1040 return (0); 1041 } 1042 1043 /* 1044 * check_cert - Checks certificate validity. This routine 1045 * checks everything that check_cert checks, and additionally 1046 * verifies that the private key and corresponding public 1047 * key are indeed a pair. 1048 * 1049 * Arguments: 1050 * err - Error object to add errors to 1051 * cert - The certificate to check 1052 * key - the key to check 1053 * Returns: 1054 * 0 - Success - Certificate checks out 1055 * non-zero - Failure, errors and reasons recorded in err 1056 */ 1057 int 1058 check_cert_and_key(PKG_ERR *err, X509 *cert, EVP_PKEY *key) 1059 { 1060 1061 /* check validity dates */ 1062 if (check_cert(err, cert) != 0) { 1063 return (1); 1064 } 1065 1066 /* check key pair match */ 1067 if (sunw_check_keys(cert, key) == 0) { 1068 pkgerr_add(err, PKGERR_VERIFY, gettext(ERR_MISMATCHED_KEYS), 1069 get_subject_display_name(cert)); 1070 return (1); 1071 } 1072 1073 /* all checks OK */ 1074 return (0); 1075 } 1076 1077 /* ------------------ private functions ---------------------- */ 1078 1079 /* 1080 * verify_keystore_integrity - Searches for the remnants 1081 * of a failed or aborted keystore modification, and 1082 * cleans up the files, retstores the keystore to a known 1083 * state. 1084 * 1085 * Arguments: 1086 * err - Error object to add errors to 1087 * keystore_file - Base directory or filename of keystore 1088 * app - Application making request 1089 * 1090 * Returns: 1091 * 0 - Success - Keystore is restored, or untouched in the 1092 * case that cleanup was unnecessary 1093 * non-zero - Failure, errors and reasons recorded in err 1094 */ 1095 static boolean_t 1096 verify_keystore_integrity(PKG_ERR *err, keystore_t *keystore) 1097 { 1098 if (keystore->capath != NULL) { 1099 if (!restore_keystore_file(err, keystore->capath)) { 1100 return (B_FALSE); 1101 } 1102 } 1103 if (keystore->clpath != NULL) { 1104 if (!restore_keystore_file(err, keystore->clpath)) { 1105 return (B_FALSE); 1106 } 1107 } 1108 if (keystore->keypath != NULL) { 1109 if (!restore_keystore_file(err, keystore->keypath)) { 1110 return (B_FALSE); 1111 } 1112 } 1113 return (B_TRUE); 1114 } 1115 1116 /* 1117 * restore_keystore_file - restores a keystore file to 1118 * a known state. 1119 * 1120 * Keystore files can possibly be corrupted by a variety 1121 * of error conditions during reading/writing. This 1122 * routine, along with write_keystore_file, tries to 1123 * maintain keystore integrity by writing the files 1124 * out in a particular order, minimizing the time period 1125 * that the keystore is in an indeterminate state. 1126 * 1127 * With the current implementation, there are some failures 1128 * that are wholly unrecoverable, such as disk corruption. 1129 * These routines attempt to minimize the risk, but not 1130 * eliminate it. When better, atomic operations are available 1131 * (such as a trued atabase with commit, rollback, and 1132 * guaranteed atomicity), this implementation should use that. 1133 * 1134 * Arguments: 1135 * err - Error object to add errors to 1136 * keystore_file - keystore file path to restore. 1137 * 1138 * Returns: 1139 * 0 - Success - Keystore file is restored, or untouched in the 1140 * case that cleanup was unnecessary 1141 * non-zero - Failure, errors and reasons recorded in err 1142 */ 1143 /* ARGSUSED */ 1144 static boolean_t 1145 restore_keystore_file(PKG_ERR *err, char *keystore_file) 1146 { 1147 char newpath[MAXPATHLEN]; 1148 char backuppath[MAXPATHLEN]; 1149 int newfd; 1150 struct stat buf; 1151 int len; 1152 1153 if (((len = snprintf(newpath, MAXPATHLEN, "%s.new", 1154 keystore_file)) < 0) || 1155 (len >= ATTR_MAX)) { 1156 pkgerr_add(err, PKGERR_WEB, gettext(ERR_LEN), keystore_file); 1157 return (B_FALSE); 1158 } 1159 1160 if (((len = snprintf(backuppath, MAXPATHLEN, "%s.bak", 1161 keystore_file)) < 0) || 1162 (len >= ATTR_MAX)) { 1163 pkgerr_add(err, PKGERR_WEB, gettext(ERR_LEN), keystore_file); 1164 return (B_FALSE); 1165 } 1166 1167 if ((newfd = open(newpath, O_RDWR|O_NONBLOCK, 0)) != -1) { 1168 if (fstat(newfd, &buf) != -1) { 1169 if (S_ISREG(buf.st_mode)) { 1170 /* 1171 * restore the file, waiting on it 1172 * to be free for locking, or for 1173 * it to disappear 1174 */ 1175 if (!wait_restore(newfd, keystore_file, 1176 newpath, backuppath)) { 1177 pkgerr_add(err, PKGERR_WRITE, 1178 gettext(ERR_WRITE), 1179 newpath, strerror(errno)); 1180 (void) close(newfd); 1181 return (B_FALSE); 1182 } else { 1183 return (B_TRUE); 1184 } 1185 } else { 1186 /* "new" file is not a regular file */ 1187 pkgerr_add(err, PKGERR_WRITE, 1188 gettext(ERR_NOT_REG), newpath); 1189 (void) close(newfd); 1190 return (B_FALSE); 1191 } 1192 } else { 1193 /* couldn't stat "new" file */ 1194 pkgerr_add(err, PKGERR_WRITE, 1195 gettext(ERR_WRITE), newpath, 1196 strerror(errno)); 1197 (void) close(newfd); 1198 return (B_FALSE); 1199 } 1200 } else { 1201 /* "new" file doesn't exist */ 1202 return (B_TRUE); 1203 } 1204 } 1205 1206 static boolean_t 1207 wait_restore(int newfd, char *keystore_file, 1208 char *origpath, char *backuppath) 1209 { 1210 struct stat buf; 1211 FILE *newstream; 1212 PKCS12 *p12; 1213 1214 (void) alarm(LOCK_TIMEOUT); 1215 if (file_lock(newfd, F_WRLCK, 1) == -1) { 1216 /* could not lock file */ 1217 (void) alarm(0); 1218 return (B_FALSE); 1219 } 1220 (void) alarm(0); 1221 1222 if (fstat(newfd, &buf) != -1) { 1223 if (S_ISREG(buf.st_mode)) { 1224 /* 1225 * The new file still 1226 * exists, with no 1227 * owner. It must be 1228 * the result of an 1229 * aborted update. 1230 */ 1231 newstream = fdopen(newfd, "r"); 1232 if ((p12 = 1233 d2i_PKCS12_fp(newstream, 1234 NULL)) != NULL) { 1235 /* 1236 * The file 1237 * appears 1238 * complete. 1239 * Replace the 1240 * exsisting 1241 * keystore 1242 * file with 1243 * this one 1244 */ 1245 (void) rename(keystore_file, backuppath); 1246 (void) rename(origpath, keystore_file); 1247 PKCS12_free(p12); 1248 } else { 1249 /* The file is not complete. Remove it */ 1250 (void) remove(origpath); 1251 } 1252 /* remove backup file */ 1253 (void) remove(backuppath); 1254 (void) fclose(newstream); 1255 (void) close(newfd); 1256 return (B_TRUE); 1257 } else { 1258 /* 1259 * new file exists, but is not a 1260 * regular file 1261 */ 1262 (void) close(newfd); 1263 return (B_FALSE); 1264 } 1265 } else { 1266 /* 1267 * could not stat file. Unless 1268 * the reason was that the file 1269 * is now gone, this is an error 1270 */ 1271 if (errno != ENOENT) { 1272 (void) close(newfd); 1273 return (B_FALSE); 1274 } 1275 /* 1276 * otherwise, file is gone. The process 1277 * that held the lock must have 1278 * successfully cleaned up and 1279 * exited with a valid keystore 1280 * state 1281 */ 1282 (void) close(newfd); 1283 return (B_TRUE); 1284 } 1285 } 1286 1287 /* 1288 * resolve_paths - figure out if we are dealing with a single-file 1289 * or multi-file keystore 1290 * 1291 * The flags tell resolve_paths how to behave: 1292 * 1293 * KEYSTORE_PATH_SOFT 1294 * If the keystore file does not exist at <base>/<app> then 1295 * use <base> as the path to the keystore. This can be used, 1296 * for example, to access an app-specific keystore iff it 1297 * exists, otherwise revert back to an app-generic keystore. 1298 * 1299 * KEYSTORE_PATH_HARD 1300 * Always use the keystore located at <keystore_path>/<app>. 1301 * In read/write mode, if the files do not exist, then 1302 * they will be created. This is used to avoid falling 1303 * back to an app-generic keystore path when the app-specific 1304 * one does not exist. 1305 * 1306 * Arguments: 1307 * err - Error object to add errors to 1308 * keystore_file - base keystore file path to lock 1309 * app - Application making requests 1310 * flags - Control flags (see above description) 1311 * keystore - object which is being locked 1312 * 1313 * Returns: 1314 * B_TRUE - Success - Keystore file is locked, paths to 1315 * appropriate files placed in keystore. 1316 * B_FALSE - Failure, errors and reasons recorded in err 1317 */ 1318 static boolean_t 1319 resolve_paths(PKG_ERR *err, char *keystore_file, char *app, 1320 long flags, keystore_t *keystore) 1321 { 1322 char storepath[PATH_MAX]; 1323 struct stat buf; 1324 boolean_t multi = B_FALSE; 1325 int fd1, fd2, len; 1326 1327 /* 1328 * figure out whether we are dealing with a single-file keystore 1329 * or a multi-file keystore 1330 */ 1331 if (app != NULL) { 1332 if (((len = snprintf(storepath, PATH_MAX, "%s/%s", 1333 keystore_file, app)) < 0) || 1334 (len >= ATTR_MAX)) { 1335 pkgerr_add(err, PKGERR_WEB, gettext(ERR_LEN), 1336 keystore_file); 1337 return (B_FALSE); 1338 } 1339 1340 if (((fd1 = open(storepath, O_NONBLOCK|O_RDONLY)) == -1) || 1341 (fstat(fd1, &buf) == -1) || 1342 !S_ISDIR(buf.st_mode)) { 1343 /* 1344 * app-specific does not exist 1345 * fallback to app-generic, if flags say we can 1346 */ 1347 if ((flags & KEYSTORE_PATH_MASK) == 1348 KEYSTORE_PATH_SOFT) { 1349 1350 if (((fd2 = open(keystore_file, 1351 O_NONBLOCK|O_RDONLY)) != -1) && 1352 (fstat(fd2, &buf) != -1)) { 1353 if (S_ISDIR(buf.st_mode)) { 1354 /* 1355 * app-generic dir 1356 * exists, so use it 1357 * as a multi-file 1358 * keystore 1359 */ 1360 multi = B_TRUE; 1361 app = NULL; 1362 } else if (S_ISREG(buf.st_mode)) { 1363 /* 1364 * app-generic file exists, so 1365 * use it as a single file ks 1366 */ 1367 multi = B_FALSE; 1368 app = NULL; 1369 } 1370 } 1371 } 1372 } 1373 if (fd1 != -1) 1374 (void) close(fd1); 1375 if (fd2 != -1) 1376 (void) close(fd2); 1377 } else { 1378 if (((fd1 = open(keystore_file, 1379 O_NONBLOCK|O_RDONLY)) != -1) && 1380 (fstat(fd1, &buf) != -1) && 1381 S_ISDIR(buf.st_mode)) { 1382 /* 1383 * app-generic dir exists, so use 1384 * it as a multi-file keystore 1385 */ 1386 multi = B_TRUE; 1387 } 1388 if (fd1 != -1) 1389 (void) close(fd1); 1390 } 1391 1392 if (app != NULL) { 1393 /* app-specific keystore */ 1394 (void) snprintf(storepath, PATH_MAX, "%s/%s/%s", 1395 keystore_file, app, TRUSTSTORE); 1396 keystore->capath = xstrdup(storepath); 1397 (void) snprintf(storepath, PATH_MAX, "%s/%s/%s", 1398 keystore_file, app, CERTSTORE); 1399 keystore->clpath = xstrdup(storepath); 1400 (void) snprintf(storepath, PATH_MAX, "%s/%s/%s", 1401 keystore_file, app, KEYSTORE); 1402 keystore->keypath = xstrdup(storepath); 1403 } else { 1404 /* app-generic keystore */ 1405 if (!multi) { 1406 /* single-file app-generic keystore */ 1407 keystore->capath = xstrdup(keystore_file); 1408 keystore->keypath = NULL; 1409 keystore->clpath = NULL; 1410 } else { 1411 /* multi-file app-generic keystore */ 1412 (void) snprintf(storepath, PATH_MAX, "%s/%s", 1413 keystore_file, TRUSTSTORE); 1414 keystore->capath = xstrdup(storepath); 1415 (void) snprintf(storepath, PATH_MAX, "%s/%s", 1416 keystore_file, CERTSTORE); 1417 keystore->clpath = xstrdup(storepath); 1418 (void) snprintf(storepath, PATH_MAX, "%s/%s", 1419 keystore_file, KEYSTORE); 1420 keystore->keypath = xstrdup(storepath); 1421 } 1422 } 1423 1424 return (B_TRUE); 1425 } 1426 1427 /* 1428 * lock_keystore - Locks a keystore for shared (read-only) 1429 * or exclusive (read-write) access. 1430 * 1431 * The flags tell lock_keystore how to behave: 1432 * 1433 * KEYSTORE_ACCESS_READONLY 1434 * opens keystore read-only. Attempts to modify results in an error 1435 * 1436 * KEYSTORE_ACCESS_READWRITE 1437 * opens keystore read-write 1438 * 1439 * KEYSTORE_PATH_SOFT 1440 * If the keystore file does not exist at <base>/<app> then 1441 * use <base> as the path to the keystore. This can be used, 1442 * for example, to access an app-specific keystore iff it 1443 * exists, otherwise revert back to an app-generic keystore. 1444 * 1445 * KEYSTORE_PATH_HARD 1446 * Always use the keystore located at <keystore_path>/<app>. 1447 * In read/write mode, if the files do not exist, then 1448 * they will be created. This is used to avoid falling 1449 * back to an app-generic keystore path when the app-specific 1450 * one does not exist. 1451 * 1452 * Arguments: 1453 * err - Error object to add errors to 1454 * flags - Control flags (see above description) 1455 * keystore - object which is being locked 1456 * 1457 * Returns: 1458 * 0 - Success - Keystore file is locked, paths to 1459 * appropriate files placed in keystore. 1460 * non-zero - Failure, errors and reasons recorded in err 1461 */ 1462 static boolean_t 1463 lock_keystore(PKG_ERR *err, long flags, keystore_t *keystore) 1464 { 1465 boolean_t ret = B_TRUE; 1466 struct stat buf; 1467 1468 switch (flags & KEYSTORE_ACCESS_MASK) { 1469 case KEYSTORE_ACCESS_READONLY: 1470 if ((keystore->cafd = 1471 open(keystore->capath, O_NONBLOCK|O_RDONLY)) == -1) { 1472 if (errno == ENOENT) { 1473 /* 1474 * no keystore. try to create an 1475 * empty one so we can lock on it and 1476 * prevent others from gaining 1477 * exclusive access. It will be 1478 * deleted when the keystore is closed. 1479 */ 1480 if ((keystore->cafd = 1481 open(keystore->capath, 1482 O_NONBLOCK|O_RDWR|O_CREAT|O_EXCL, 1483 S_IRUSR|S_IWUSR)) == -1) { 1484 pkgerr_add(err, PKGERR_READ, 1485 gettext(ERR_NO_KEYSTORE), 1486 keystore->capath); 1487 ret = B_FALSE; 1488 goto cleanup; 1489 } 1490 } else { 1491 pkgerr_add(err, PKGERR_READ, 1492 gettext(ERR_KEYSTORE_OPEN), 1493 keystore->capath, strerror(errno)); 1494 ret = B_FALSE; 1495 goto cleanup; 1496 } 1497 } 1498 if (fstat(keystore->cafd, &buf) != -1) { 1499 if (S_ISREG(buf.st_mode)) { 1500 if (file_lock(keystore->cafd, F_RDLCK, 1501 0) == -1) { 1502 pkgerr_add(err, PKGERR_LOCKED, 1503 gettext(ERR_KEYSTORE_LOCKED_READ), 1504 keystore->capath); 1505 ret = B_FALSE; 1506 goto cleanup; 1507 } 1508 } else { 1509 /* ca file not a regular file! */ 1510 pkgerr_add(err, PKGERR_READ, 1511 gettext(ERR_NOT_REG), 1512 keystore->capath); 1513 ret = B_FALSE; 1514 goto cleanup; 1515 } 1516 } else { 1517 pkgerr_add(err, PKGERR_READ, 1518 gettext(ERR_KEYSTORE_OPEN), 1519 keystore->capath, strerror(errno)); 1520 ret = B_FALSE; 1521 goto cleanup; 1522 } 1523 break; 1524 case KEYSTORE_ACCESS_READWRITE: 1525 1526 if ((keystore->cafd = open(keystore->capath, 1527 O_RDWR|O_NONBLOCK)) == -1) { 1528 /* does not exist. try to create an empty one */ 1529 if (errno == ENOENT) { 1530 if ((keystore->cafd = 1531 open(keystore->capath, 1532 O_NONBLOCK|O_RDWR|O_CREAT|O_EXCL, 1533 S_IRUSR|S_IWUSR)) == -1) { 1534 pkgerr_add(err, PKGERR_READ, 1535 gettext(ERR_KEYSTORE_WRITE), 1536 keystore->capath); 1537 ret = B_FALSE; 1538 goto cleanup; 1539 } 1540 } else { 1541 pkgerr_add(err, PKGERR_READ, 1542 gettext(ERR_KEYSTORE_OPEN), 1543 keystore->capath, strerror(errno)); 1544 ret = B_FALSE; 1545 goto cleanup; 1546 } 1547 } 1548 if (fstat(keystore->cafd, &buf) != -1) { 1549 if (S_ISREG(buf.st_mode)) { 1550 if (file_lock(keystore->cafd, F_WRLCK, 1551 0) == -1) { 1552 pkgerr_add(err, PKGERR_LOCKED, 1553 gettext(ERR_KEYSTORE_LOCKED), 1554 keystore->capath); 1555 ret = B_FALSE; 1556 goto cleanup; 1557 } 1558 } else { 1559 /* ca file not a regular file! */ 1560 pkgerr_add(err, PKGERR_READ, 1561 gettext(ERR_NOT_REG), 1562 keystore->capath); 1563 ret = B_FALSE; 1564 goto cleanup; 1565 } 1566 } else { 1567 pkgerr_add(err, PKGERR_READ, 1568 gettext(ERR_KEYSTORE_OPEN), 1569 keystore->capath, strerror(errno)); 1570 ret = B_FALSE; 1571 goto cleanup; 1572 } 1573 1574 break; 1575 default: 1576 pkgerr_add(err, PKGERR_INTERNAL, 1577 gettext(ERR_KEYSTORE_INTERNAL), 1578 __FILE__, __LINE__); 1579 ret = B_FALSE; 1580 goto cleanup; 1581 } 1582 1583 cleanup: 1584 if (!ret) { 1585 if (keystore->cafd > 0) { 1586 (void) file_unlock(keystore->cafd); 1587 (void) close(keystore->cafd); 1588 keystore->cafd = -1; 1589 } 1590 1591 if (keystore->capath != NULL) 1592 free(keystore->capath); 1593 if (keystore->clpath != NULL) 1594 free(keystore->clpath); 1595 if (keystore->keypath != NULL) 1596 free(keystore->keypath); 1597 keystore->capath = NULL; 1598 keystore->clpath = NULL; 1599 keystore->keypath = NULL; 1600 } 1601 1602 return (ret); 1603 } 1604 1605 /* 1606 * unlock_keystore - Unocks a keystore 1607 * 1608 * Arguments: 1609 * err - Error object to add errors to 1610 * keystore - keystore object to unlock 1611 * Returns: 1612 * 0 - Success - Keystore files are unlocked, files are closed, 1613 * non-zero - Failure, errors and reasons recorded in err 1614 */ 1615 /* ARGSUSED */ 1616 static boolean_t 1617 unlock_keystore(PKG_ERR *err, keystore_t *keystore) 1618 { 1619 1620 /* 1621 * Release lock on the CA file. 1622 * Delete file if it is empty 1623 */ 1624 if (file_empty(keystore->capath)) { 1625 (void) remove(keystore->capath); 1626 } 1627 1628 (void) file_unlock(keystore->cafd); 1629 (void) close(keystore->cafd); 1630 return (B_TRUE); 1631 } 1632 1633 /* 1634 * read_keystore - Reads keystore files of disk, parses 1635 * into internal structures. 1636 * 1637 * Arguments: 1638 * err - Error object to add errors to 1639 * keystore - keystore object to read into 1640 * cb - callback to get password, if required 1641 * Returns: 1642 * 0 - Success - Keystore files are read, and placed 1643 * into keystore structure. 1644 * non-zero - Failure, errors and reasons recorded in err 1645 */ 1646 static boolean_t 1647 read_keystore(PKG_ERR *err, keystore_t *keystore, keystore_passphrase_cb cb) 1648 { 1649 boolean_t ret = B_TRUE; 1650 PKCS12 *p12 = NULL; 1651 boolean_t ca_empty; 1652 boolean_t have_passwd = B_FALSE; 1653 boolean_t cl_empty = B_TRUE; 1654 boolean_t key_empty = B_TRUE; 1655 1656 ca_empty = file_empty(keystore->capath); 1657 1658 if (keystore->clpath != NULL) 1659 cl_empty = file_empty(keystore->clpath); 1660 if (keystore->keypath != NULL) 1661 key_empty = file_empty(keystore->keypath); 1662 1663 if (ca_empty && cl_empty && key_empty) { 1664 keystore->new = B_TRUE; 1665 } 1666 1667 if (!ca_empty) { 1668 /* first read the ca file */ 1669 if ((p12 = read_keystore_file(err, 1670 keystore->capath)) == NULL) { 1671 pkgerr_add(err, PKGERR_CORRUPT, 1672 gettext(ERR_KEYSTORE_CORRUPT), keystore->capath); 1673 ret = B_FALSE; 1674 goto cleanup; 1675 } 1676 1677 /* Get password, using callback if necessary */ 1678 if (!have_passwd) { 1679 if (!get_keystore_passwd(err, p12, cb, keystore)) { 1680 ret = B_FALSE; 1681 goto cleanup; 1682 } 1683 have_passwd = B_TRUE; 1684 } 1685 1686 /* decrypt and parse keystore file */ 1687 if (sunw_PKCS12_contents(p12, keystore->passphrase, 1688 &keystore->pkeys, &keystore->cacerts) < 0) { 1689 /* could not parse the contents */ 1690 pkgerr_add(err, PKGERR_CORRUPT, 1691 gettext(ERR_KEYSTORE_CORRUPT), keystore->capath); 1692 ret = B_FALSE; 1693 goto cleanup; 1694 } 1695 1696 PKCS12_free(p12); 1697 p12 = NULL; 1698 } else { 1699 1700 /* 1701 * truststore is empty, so we don't have any trusted 1702 * certs 1703 */ 1704 keystore->cacerts = NULL; 1705 } 1706 1707 /* 1708 * if there is no cl file or key file, use the cl's and key's found 1709 * in the ca file 1710 */ 1711 if (keystore->clpath == NULL && !ca_empty) { 1712 if (sunw_split_certs(keystore->pkeys, keystore->cacerts, 1713 &keystore->clcerts, NULL) < 0) { 1714 pkgerr_add(err, PKGERR_CORRUPT, 1715 gettext(ERR_KEYSTORE_CORRUPT), keystore->capath); 1716 ret = B_FALSE; 1717 goto cleanup; 1718 } 1719 } else { 1720 /* 1721 * files are in separate files. read keys out of the keystore 1722 * certs out of the certstore, if they are not empty 1723 */ 1724 if (!cl_empty) { 1725 if ((p12 = read_keystore_file(err, 1726 keystore->clpath)) == NULL) { 1727 pkgerr_add(err, PKGERR_CORRUPT, 1728 gettext(ERR_KEYSTORE_CORRUPT), 1729 keystore->clpath); 1730 ret = B_FALSE; 1731 goto cleanup; 1732 } 1733 1734 /* Get password, using callback if necessary */ 1735 if (!have_passwd) { 1736 if (!get_keystore_passwd(err, p12, cb, 1737 keystore)) { 1738 ret = B_FALSE; 1739 goto cleanup; 1740 } 1741 have_passwd = B_TRUE; 1742 } 1743 1744 if (check_password(p12, 1745 keystore->passphrase) == B_FALSE) { 1746 /* 1747 * password in client cert file 1748 * is different than 1749 * the one in the other files! 1750 */ 1751 pkgerr_add(err, PKGERR_BADPASS, 1752 gettext(ERR_MISMATCHPASS), 1753 keystore->clpath, 1754 keystore->capath, keystore->path); 1755 ret = B_FALSE; 1756 goto cleanup; 1757 } 1758 1759 if (sunw_PKCS12_contents(p12, keystore->passphrase, 1760 NULL, &keystore->clcerts) < 0) { 1761 /* could not parse the contents */ 1762 pkgerr_add(err, PKGERR_CORRUPT, 1763 gettext(ERR_KEYSTORE_CORRUPT), 1764 keystore->clpath); 1765 ret = B_FALSE; 1766 goto cleanup; 1767 } 1768 1769 PKCS12_free(p12); 1770 p12 = NULL; 1771 } else { 1772 keystore->clcerts = NULL; 1773 } 1774 1775 if (!key_empty) { 1776 if ((p12 = read_keystore_file(err, 1777 keystore->keypath)) == NULL) { 1778 pkgerr_add(err, PKGERR_CORRUPT, 1779 gettext(ERR_KEYSTORE_CORRUPT), 1780 keystore->keypath); 1781 ret = B_FALSE; 1782 goto cleanup; 1783 } 1784 1785 /* Get password, using callback if necessary */ 1786 if (!have_passwd) { 1787 if (!get_keystore_passwd(err, p12, cb, 1788 keystore)) { 1789 ret = B_FALSE; 1790 goto cleanup; 1791 } 1792 have_passwd = B_TRUE; 1793 } 1794 1795 if (check_password(p12, 1796 keystore->passphrase) == B_FALSE) { 1797 pkgerr_add(err, PKGERR_BADPASS, 1798 gettext(ERR_MISMATCHPASS), 1799 keystore->keypath, 1800 keystore->capath, keystore->path); 1801 ret = B_FALSE; 1802 goto cleanup; 1803 } 1804 1805 if (sunw_PKCS12_contents(p12, keystore->passphrase, 1806 &keystore->pkeys, NULL) < 0) { 1807 /* could not parse the contents */ 1808 pkgerr_add(err, PKGERR_CORRUPT, 1809 gettext(ERR_KEYSTORE_CORRUPT), 1810 keystore->keypath); 1811 ret = B_FALSE; 1812 goto cleanup; 1813 } 1814 1815 PKCS12_free(p12); 1816 p12 = NULL; 1817 } else { 1818 keystore->pkeys = NULL; 1819 } 1820 } 1821 1822 cleanup: 1823 if (p12 != NULL) 1824 PKCS12_free(p12); 1825 return (ret); 1826 } 1827 1828 /* 1829 * get_keystore_password - retrieves pasword used to 1830 * decrypt PKCS12 structure. 1831 * 1832 * Arguments: 1833 * err - Error object to add errors to 1834 * p12 - PKCS12 structure which returned password should 1835 * decrypt 1836 * cb - callback to collect password. 1837 * keystore - The keystore in which the PKCS12 structure 1838 * will eventually populate. 1839 * Returns: 1840 * B_TRUE - success. 1841 * keystore password is set in keystore->passphrase. 1842 * B_FALSE - failure, errors logged 1843 */ 1844 static boolean_t 1845 get_keystore_passwd(PKG_ERR *err, PKCS12 *p12, keystore_passphrase_cb cb, 1846 keystore_t *keystore) 1847 { 1848 char *passwd; 1849 char passbuf[KEYSTORE_PASS_MAX + 1]; 1850 keystore_passphrase_data data; 1851 1852 /* see if no password is the right password */ 1853 if (check_password(p12, "") == B_TRUE) { 1854 passwd = ""; 1855 } else if (check_password(p12, NULL) == B_TRUE) { 1856 passwd = NULL; 1857 } else { 1858 /* oops, it's encrypted. get password */ 1859 data.err = err; 1860 if (cb(passbuf, KEYSTORE_PASS_MAX, 0, 1861 &data) == -1) { 1862 /* could not get password */ 1863 return (B_FALSE); 1864 } 1865 1866 if (check_password(p12, passbuf) == B_FALSE) { 1867 /* wrong password */ 1868 pkgerr_add(err, PKGERR_BADPASS, 1869 gettext(ERR_BADPASS)); 1870 return (B_FALSE); 1871 } 1872 1873 /* 1874 * make copy of password buffer, since it 1875 * goes away upon return 1876 */ 1877 passwd = xstrdup(passbuf); 1878 } 1879 keystore->passphrase = passwd; 1880 return (B_TRUE); 1881 } 1882 1883 /* 1884 * write_keystore - Writes keystore files to disk 1885 * 1886 * Arguments: 1887 * err - Error object to add errors to 1888 * keystore - keystore object to write from 1889 * passwd - password used to encrypt keystore 1890 * Returns: 1891 * 0 - Success - Keystore contents are written out to 1892 * the same locations as read from 1893 * non-zero - Failure, errors and reasons recorded in err 1894 */ 1895 static boolean_t 1896 write_keystore(PKG_ERR *err, keystore_t *keystore, 1897 keystore_passphrase_cb cb) 1898 { 1899 PKCS12 *p12 = NULL; 1900 boolean_t ret = B_TRUE; 1901 keystore_passphrase_data data; 1902 char passbuf[KEYSTORE_PASS_MAX + 1]; 1903 1904 if (keystore->capath != NULL && keystore->clpath == NULL && 1905 keystore->keypath == NULL) { 1906 1907 /* 1908 * keystore is a file. 1909 * just write out a single file 1910 */ 1911 if ((keystore->pkeys == NULL) && 1912 (keystore->clcerts == NULL) && 1913 (keystore->cacerts == NULL)) { 1914 if (!clear_keystore_file(err, keystore->capath)) { 1915 /* 1916 * no keys or certs to write out, so 1917 * blank the ca file. we do not 1918 * delete it since it is used as a 1919 * lock by lock_keystore() in 1920 * subsequent invocations 1921 */ 1922 pkgerr_add(err, PKGERR_WRITE, 1923 gettext(ERR_KEYSTORE_WRITE), 1924 keystore->capath); 1925 ret = B_FALSE; 1926 goto cleanup; 1927 } 1928 } else { 1929 /* 1930 * if the keystore is being created for the first time, 1931 * prompt for a passphrase for encryption 1932 */ 1933 if (keystore->new) { 1934 data.err = err; 1935 if (cb(passbuf, KEYSTORE_PASS_MAX, 1936 1, &data) == -1) { 1937 ret = B_FALSE; 1938 goto cleanup; 1939 } 1940 } else { 1941 /* 1942 * use the one used when the keystore 1943 * was read 1944 */ 1945 (void) strlcpy(passbuf, keystore->passphrase, 1946 KEYSTORE_PASS_MAX); 1947 } 1948 1949 p12 = sunw_PKCS12_create(passbuf, keystore->pkeys, 1950 keystore->clcerts, keystore->cacerts); 1951 1952 if (p12 == NULL) { 1953 pkgerr_add(err, PKGERR_WRITE, 1954 gettext(ERR_KEYSTORE_FORM), 1955 keystore->capath); 1956 ret = B_FALSE; 1957 goto cleanup; 1958 } 1959 1960 if (!write_keystore_file(err, keystore->capath, p12)) { 1961 pkgerr_add(err, PKGERR_WRITE, 1962 gettext(ERR_KEYSTORE_WRITE), 1963 keystore->capath); 1964 ret = B_FALSE; 1965 goto cleanup; 1966 } 1967 } 1968 1969 } else { 1970 /* files are seprate. Do one at a time */ 1971 1972 /* 1973 * if the keystore is being created for the first time, 1974 * prompt for a passphrase for encryption 1975 */ 1976 if (keystore->new && ((keystore->pkeys != NULL) || 1977 (keystore->clcerts != NULL) || 1978 (keystore->cacerts != NULL))) { 1979 data.err = err; 1980 if (cb(passbuf, KEYSTORE_PASS_MAX, 1981 1, &data) == -1) { 1982 ret = B_FALSE; 1983 goto cleanup; 1984 } 1985 } else { 1986 /* use the one used when the keystore was read */ 1987 (void) strlcpy(passbuf, keystore->passphrase, 1988 KEYSTORE_PASS_MAX); 1989 } 1990 1991 /* do private keys first */ 1992 if (keystore->pkeys != NULL) { 1993 p12 = sunw_PKCS12_create(passbuf, keystore->pkeys, 1994 NULL, NULL); 1995 1996 if (p12 == NULL) { 1997 pkgerr_add(err, PKGERR_WRITE, 1998 gettext(ERR_KEYSTORE_FORM), 1999 keystore->keypath); 2000 ret = B_FALSE; 2001 goto cleanup; 2002 } 2003 2004 if (!write_keystore_file(err, keystore->keypath, 2005 p12)) { 2006 pkgerr_add(err, PKGERR_WRITE, 2007 gettext(ERR_KEYSTORE_WRITE), 2008 keystore->keypath); 2009 ret = B_FALSE; 2010 goto cleanup; 2011 } 2012 2013 PKCS12_free(p12); 2014 } else { 2015 if ((remove(keystore->keypath) != 0) && 2016 (errno != ENOENT)) { 2017 pkgerr_add(err, PKGERR_WRITE, 2018 gettext(ERR_KEYSTORE_REMOVE), 2019 keystore->keypath); 2020 ret = B_FALSE; 2021 goto cleanup; 2022 } 2023 } 2024 2025 /* do user certs next */ 2026 if (keystore->clcerts != NULL) { 2027 p12 = sunw_PKCS12_create(passbuf, NULL, 2028 keystore->clcerts, NULL); 2029 2030 if (p12 == NULL) { 2031 pkgerr_add(err, PKGERR_WRITE, 2032 gettext(ERR_KEYSTORE_FORM), 2033 keystore->clpath); 2034 ret = B_FALSE; 2035 goto cleanup; 2036 } 2037 2038 if (!write_keystore_file(err, keystore->clpath, p12)) { 2039 pkgerr_add(err, PKGERR_WRITE, 2040 gettext(ERR_KEYSTORE_WRITE), 2041 keystore->clpath); 2042 ret = B_FALSE; 2043 goto cleanup; 2044 } 2045 2046 PKCS12_free(p12); 2047 } else { 2048 if ((remove(keystore->clpath) != 0) && 2049 (errno != ENOENT)) { 2050 pkgerr_add(err, PKGERR_WRITE, 2051 gettext(ERR_KEYSTORE_REMOVE), 2052 keystore->clpath); 2053 ret = B_FALSE; 2054 goto cleanup; 2055 } 2056 } 2057 2058 2059 /* finally do CA cert file */ 2060 if (keystore->cacerts != NULL) { 2061 p12 = sunw_PKCS12_create(passbuf, NULL, 2062 NULL, keystore->cacerts); 2063 2064 if (p12 == NULL) { 2065 pkgerr_add(err, PKGERR_WRITE, 2066 gettext(ERR_KEYSTORE_FORM), 2067 keystore->capath); 2068 ret = B_FALSE; 2069 goto cleanup; 2070 } 2071 2072 if (!write_keystore_file(err, keystore->capath, p12)) { 2073 pkgerr_add(err, PKGERR_WRITE, 2074 gettext(ERR_KEYSTORE_WRITE), 2075 keystore->capath); 2076 ret = B_FALSE; 2077 goto cleanup; 2078 } 2079 2080 PKCS12_free(p12); 2081 p12 = NULL; 2082 } else { 2083 /* 2084 * nothing to write out, so truncate the file 2085 * (it will be deleted during close_keystore) 2086 */ 2087 if (!clear_keystore_file(err, keystore->capath)) { 2088 pkgerr_add(err, PKGERR_WRITE, 2089 gettext(ERR_KEYSTORE_WRITE), 2090 keystore->capath); 2091 ret = B_FALSE; 2092 goto cleanup; 2093 } 2094 } 2095 } 2096 2097 cleanup: 2098 if (p12 != NULL) 2099 PKCS12_free(p12); 2100 2101 return (ret); 2102 } 2103 2104 /* 2105 * clear_keystore_file - Clears (zeros out) a keystore file. 2106 * 2107 * Arguments: 2108 * err - Error object to add errors to 2109 * dest - Path of keystore file to zero out. 2110 * Returns: 2111 * 0 - Success - Keystore file is truncated to zero length 2112 * non-zero - Failure, errors and reasons recorded in err 2113 */ 2114 static boolean_t 2115 clear_keystore_file(PKG_ERR *err, char *dest) 2116 { 2117 int fd; 2118 struct stat buf; 2119 2120 fd = open(dest, O_RDWR|O_NONBLOCK); 2121 if (fd == -1) { 2122 /* can't open for writing */ 2123 pkgerr_add(err, PKGERR_WRITE, gettext(MSG_OPEN), 2124 errno); 2125 return (B_FALSE); 2126 } 2127 2128 if ((fstat(fd, &buf) == -1) || !S_ISREG(buf.st_mode)) { 2129 /* not a regular file */ 2130 (void) close(fd); 2131 pkgerr_add(err, PKGERR_WRITE, gettext(ERR_NOT_REG), 2132 dest); 2133 return (B_FALSE); 2134 } 2135 2136 if (ftruncate(fd, 0) == -1) { 2137 (void) close(fd); 2138 pkgerr_add(err, PKGERR_WRITE, gettext(ERR_WRITE), 2139 dest, strerror(errno)); 2140 return (B_FALSE); 2141 } 2142 2143 (void) close(fd); 2144 return (B_TRUE); 2145 } 2146 2147 /* 2148 * write_keystore_file - Writes keystore file to disk. 2149 * 2150 * Keystore files can possibly be corrupted by a variety 2151 * of error conditions during reading/writing. This 2152 * routine, along with restore_keystore_file, tries to 2153 * maintain keystore integity by writing the files 2154 * out in a particular order, minimizing the time period 2155 * that the keystore is in an indeterminate state. 2156 * 2157 * With the current implementation, there are some failures 2158 * that are wholly unrecoverable, such as disk corruption. 2159 * These routines attempt to minimize the risk, but not 2160 * eliminate it. When better, atomic operations are available 2161 * (such as a true database with commit, rollback, and 2162 * guaranteed atomicity), this implementation should use that. 2163 * 2164 * 2165 * Arguments: 2166 * err - Error object to add errors to 2167 * dest - Destination filename 2168 * contents - Contents to write to the file 2169 * Returns: 2170 * 0 - Success - Keystore contents are written out to 2171 * the destination. 2172 * non-zero - Failure, errors and reasons recorded in err 2173 */ 2174 static boolean_t 2175 write_keystore_file(PKG_ERR *err, char *dest, PKCS12 *contents) 2176 { 2177 FILE *newfile = NULL; 2178 boolean_t ret = B_TRUE; 2179 char newpath[MAXPATHLEN]; 2180 char backuppath[MAXPATHLEN]; 2181 struct stat buf; 2182 int fd; 2183 2184 (void) snprintf(newpath, MAXPATHLEN, "%s.new", dest); 2185 (void) snprintf(backuppath, MAXPATHLEN, "%s.bak", dest); 2186 2187 if ((fd = open(newpath, O_CREAT|O_EXCL|O_WRONLY|O_NONBLOCK, 2188 S_IRUSR|S_IWUSR)) == -1) { 2189 pkgerr_add(err, PKGERR_READ, gettext(ERR_KEYSTORE_OPEN), 2190 newpath, strerror(errno)); 2191 ret = B_FALSE; 2192 goto cleanup; 2193 } 2194 2195 if (fstat(fd, &buf) == -1) { 2196 pkgerr_add(err, PKGERR_READ, gettext(ERR_KEYSTORE_OPEN), 2197 newpath, strerror(errno)); 2198 ret = B_FALSE; 2199 goto cleanup; 2200 } 2201 2202 if (!S_ISREG(buf.st_mode)) { 2203 pkgerr_add(err, PKGERR_READ, gettext(ERR_NOT_REG), 2204 newpath); 2205 ret = B_FALSE; 2206 goto cleanup; 2207 } 2208 2209 if ((newfile = fdopen(fd, "w")) == NULL) { 2210 pkgerr_add(err, PKGERR_READ, gettext(ERR_KEYSTORE_OPEN), 2211 newpath, strerror(errno)); 2212 ret = B_FALSE; 2213 goto cleanup; 2214 } 2215 2216 if (i2d_PKCS12_fp(newfile, contents) == 0) { 2217 pkgerr_add(err, PKGERR_WRITE, gettext(ERR_KEYSTORE_WRITE), 2218 newpath); 2219 ret = B_FALSE; 2220 goto cleanup; 2221 } 2222 2223 /* flush, then close */ 2224 (void) fflush(newfile); 2225 (void) fclose(newfile); 2226 newfile = NULL; 2227 2228 /* now back up the original file */ 2229 (void) rename(dest, backuppath); 2230 2231 /* put new one in its place */ 2232 (void) rename(newpath, dest); 2233 2234 /* remove backup */ 2235 (void) remove(backuppath); 2236 2237 cleanup: 2238 if (newfile != NULL) 2239 (void) fclose(newfile); 2240 if (fd != -1) 2241 (void) close(fd); 2242 2243 return (ret); 2244 } 2245 2246 /* 2247 * read_keystore_file - Reads single keystore file 2248 * off disk in PKCS12 format. 2249 * 2250 * Arguments: 2251 * err - Error object to add errors to 2252 * file - File path to read 2253 * Returns: 2254 * PKCS12 contents of file, or NULL if an error occurred. 2255 * errors recorded in 'err'. 2256 */ 2257 static PKCS12 2258 *read_keystore_file(PKG_ERR *err, char *file) 2259 { 2260 int fd; 2261 struct stat buf; 2262 FILE *newfile; 2263 PKCS12 *p12 = NULL; 2264 2265 if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) { 2266 pkgerr_add(err, PKGERR_READ, gettext(ERR_KEYSTORE_OPEN), 2267 file, strerror(errno)); 2268 goto cleanup; 2269 } 2270 2271 if (fstat(fd, &buf) == -1) { 2272 pkgerr_add(err, PKGERR_READ, gettext(ERR_KEYSTORE_OPEN), 2273 file, strerror(errno)); 2274 goto cleanup; 2275 } 2276 2277 if (!S_ISREG(buf.st_mode)) { 2278 pkgerr_add(err, PKGERR_READ, gettext(ERR_NOT_REG), 2279 file); 2280 goto cleanup; 2281 } 2282 2283 if ((newfile = fdopen(fd, "r")) == NULL) { 2284 pkgerr_add(err, PKGERR_READ, gettext(ERR_KEYSTORE_OPEN), 2285 file, strerror(errno)); 2286 goto cleanup; 2287 } 2288 2289 if ((p12 = d2i_PKCS12_fp(newfile, NULL)) == NULL) { 2290 pkgerr_add(err, PKGERR_CORRUPT, 2291 gettext(ERR_KEYSTORE_CORRUPT), file); 2292 goto cleanup; 2293 } 2294 2295 cleanup: 2296 if (newfile != NULL) 2297 (void) fclose(newfile); 2298 if (fd != -1) 2299 (void) close(fd); 2300 2301 return (p12); 2302 } 2303 2304 2305 /* 2306 * Locks the specified file. 2307 */ 2308 static int 2309 file_lock(int fd, int type, int wait) 2310 { 2311 struct flock lock; 2312 2313 lock.l_type = type; 2314 lock.l_start = 0; 2315 lock.l_whence = SEEK_SET; 2316 lock.l_len = 0; 2317 2318 if (!wait) { 2319 if (file_lock_test(fd, type)) { 2320 /* 2321 * The caller would have to wait to get the 2322 * lock on this file. 2323 */ 2324 return (-1); 2325 } 2326 } 2327 2328 return (fcntl(fd, F_SETLKW, &lock)); 2329 } 2330 2331 /* 2332 * Returns FALSE if the file is not locked; TRUE 2333 * otherwise. 2334 */ 2335 static boolean_t 2336 file_lock_test(int fd, int type) 2337 { 2338 struct flock lock; 2339 2340 lock.l_type = type; 2341 lock.l_start = 0; 2342 lock.l_whence = SEEK_SET; 2343 lock.l_len = 0; 2344 2345 if (fcntl(fd, F_GETLK, &lock) != -1) { 2346 if (lock.l_type != F_UNLCK) { 2347 /* 2348 * The caller would have to wait to get the 2349 * lock on this file. 2350 */ 2351 return (B_TRUE); 2352 } 2353 } 2354 2355 /* 2356 * The file is not locked. 2357 */ 2358 return (B_FALSE); 2359 } 2360 2361 /* 2362 * Unlocks the specified file. 2363 */ 2364 static int 2365 file_unlock(int fd) 2366 { 2367 struct flock lock; 2368 2369 lock.l_type = F_UNLCK; 2370 lock.l_start = 0; 2371 lock.l_whence = SEEK_SET; 2372 lock.l_len = 0; 2373 2374 return (fcntl(fd, F_SETLK, &lock)); 2375 } 2376 2377 /* 2378 * Determines if file has a length of 0 or not 2379 */ 2380 static boolean_t 2381 file_empty(char *path) 2382 { 2383 struct stat buf; 2384 2385 /* file is empty if size = 0 or it doesn't exist */ 2386 if (lstat(path, &buf) == 0) { 2387 if (buf.st_size == 0) { 2388 return (B_TRUE); 2389 } 2390 } else { 2391 if (errno == ENOENT) { 2392 return (B_TRUE); 2393 } 2394 } 2395 2396 return (B_FALSE); 2397 } 2398 2399 /* 2400 * Name: get_time_string 2401 * Description: Generates a human-readable string from an ASN1_TIME 2402 * 2403 * Arguments: intime - The time to convert 2404 * 2405 * Returns : A pointer to a static string representing the passed-in time. 2406 */ 2407 static char 2408 *get_time_string(ASN1_TIME *intime) 2409 { 2410 2411 static char time[ATTR_MAX]; 2412 BIO *mem; 2413 char *p; 2414 2415 if (intime == NULL) { 2416 return (NULL); 2417 } 2418 if ((mem = BIO_new(BIO_s_mem())) == NULL) { 2419 return (NULL); 2420 } 2421 2422 if (ASN1_TIME_print(mem, intime) == 0) { 2423 (void) BIO_free(mem); 2424 return (NULL); 2425 } 2426 2427 if (BIO_gets(mem, time, ATTR_MAX) <= 0) { 2428 (void) BIO_free(mem); 2429 return (NULL); 2430 } 2431 2432 (void) BIO_free(mem); 2433 2434 /* trim the end of the string */ 2435 for (p = time + strlen(time) - 1; isspace(*p); p--) { 2436 *p = '\0'; 2437 } 2438 2439 return (time); 2440 } 2441 2442 /* 2443 * check_password - do various password checks to see if the current password 2444 * will work or we need to prompt for a new one. 2445 * 2446 * Arguments: 2447 * pass - password to check 2448 * 2449 * Returns: 2450 * B_TRUE - Password is OK. 2451 * B_FALSE - Password not valid. 2452 */ 2453 static boolean_t 2454 check_password(PKCS12 *p12, char *pass) 2455 { 2456 boolean_t ret = B_TRUE; 2457 2458 /* 2459 * If password is zero length or NULL then try verifying both cases 2460 * to determine which password is correct. The reason for this is that 2461 * under PKCS#12 password based encryption no password and a zero 2462 * length password are two different things... 2463 */ 2464 2465 /* Check the mac */ 2466 if (pass == NULL || *pass == '\0') { 2467 if (PKCS12_verify_mac(p12, NULL, 0) == 0 && 2468 PKCS12_verify_mac(p12, "", 0) == 0) 2469 ret = B_FALSE; 2470 } else if (PKCS12_verify_mac(p12, pass, -1) == 0) { 2471 ret = B_FALSE; 2472 } 2473 return (ret); 2474 } 2475