1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #include <unistd.h>
27 #include <stdlib.h>
28 #include <strings.h>
29 #include <errno.h>
30 #include <ctype.h>
31 #include <fcntl.h>
32 #include <sys/stat.h>
33 #include <sys/dld.h>
34 #include <sys/dld_ioc.h>
35 #include <libinetutil.h>
36 #include <libdllink.h>
37 #include <libdladm_impl.h>
38
39 static dladm_status_t i_dladm_set_secobj_db(dladm_handle_t, const char *,
40 dladm_secobj_class_t, uint8_t *, uint_t);
41 static dladm_status_t i_dladm_get_secobj_db(dladm_handle_t, const char *,
42 dladm_secobj_class_t *, uint8_t *, uint_t *);
43 static dladm_status_t i_dladm_unset_secobj_db(dladm_handle_t, const char *);
44 static dladm_status_t i_dladm_walk_secobj_db(dladm_handle_t, void *,
45 boolean_t (*)(dladm_handle_t, void *,
46 const char *));
47
48 typedef struct secobj_class_info {
49 const char *sc_name;
50 dld_secobj_class_t sc_dldclass;
51 } secobj_class_info_t;
52
53 static secobj_class_info_t secobj_class_table[] = {
54 {"wep", DLD_SECOBJ_CLASS_WEP},
55 {"wpa", DLD_SECOBJ_CLASS_WPA}
56 };
57
58 #define SECOBJ_MAXBUFSZ 65536
59 #define NSECOBJCLASS \
60 (sizeof (secobj_class_table) / sizeof (secobj_class_info_t))
61
62 static boolean_t
dladm_check_secobjclass(dladm_secobj_class_t class)63 dladm_check_secobjclass(dladm_secobj_class_t class)
64 {
65 return (class >= 0 && (uint_t)class < NSECOBJCLASS);
66 }
67
68 dladm_status_t
dladm_str2secobjclass(const char * str,dladm_secobj_class_t * class)69 dladm_str2secobjclass(const char *str, dladm_secobj_class_t *class)
70 {
71 uint_t i;
72 secobj_class_info_t *sp;
73
74 for (i = 0; i < NSECOBJCLASS; i++) {
75 sp = &secobj_class_table[i];
76 if (strcasecmp(str, sp->sc_name) == 0) {
77 *class = i;
78 return (DLADM_STATUS_OK);
79 }
80 }
81 return (DLADM_STATUS_BADARG);
82 }
83
84 const char *
dladm_secobjclass2str(dladm_secobj_class_t class,char * buf)85 dladm_secobjclass2str(dladm_secobj_class_t class, char *buf)
86 {
87 const char *s;
88
89 if (!dladm_check_secobjclass(class))
90 s = "";
91 else
92 s = secobj_class_table[class].sc_name;
93
94 (void) snprintf(buf, DLADM_STRSIZE, "%s", s);
95 return (buf);
96 }
97
98 static boolean_t
dladm_convert_secobjclass(dladm_secobj_class_t class,dld_secobj_class_t * dldclass)99 dladm_convert_secobjclass(dladm_secobj_class_t class,
100 dld_secobj_class_t *dldclass)
101 {
102 if (!dladm_check_secobjclass(class))
103 return (B_FALSE);
104
105 *dldclass = secobj_class_table[class].sc_dldclass;
106 return (B_TRUE);
107 }
108
109 static boolean_t
dladm_convert_dldsecobjclass(dld_secobj_class_t dldclass,dladm_secobj_class_t * class)110 dladm_convert_dldsecobjclass(dld_secobj_class_t dldclass,
111 dladm_secobj_class_t *class)
112 {
113 uint_t i;
114 secobj_class_info_t *sp;
115
116 for (i = 0; i < NSECOBJCLASS; i++) {
117 sp = &secobj_class_table[i];
118 if (dldclass == sp->sc_dldclass) {
119 *class = i;
120 return (B_TRUE);
121 }
122 }
123 return (B_FALSE);
124 }
125
126 dladm_status_t
dladm_set_secobj(dladm_handle_t handle,const char * obj_name,dladm_secobj_class_t class,uint8_t * obj_val,uint_t obj_len,uint_t flags)127 dladm_set_secobj(dladm_handle_t handle, const char *obj_name,
128 dladm_secobj_class_t class, uint8_t *obj_val, uint_t obj_len, uint_t flags)
129 {
130 dladm_status_t status = DLADM_STATUS_OK;
131 dld_ioc_secobj_set_t secobj_set;
132 dld_secobj_t *objp;
133
134 if (!dladm_valid_secobj_name(obj_name))
135 return (DLADM_STATUS_BADARG);
136
137 if (!dladm_check_secobjclass(class) || flags == 0 ||
138 obj_name == NULL || strlen(obj_name) > DLD_SECOBJ_NAME_MAX ||
139 obj_val == NULL || obj_len == 0 || obj_len > DLD_SECOBJ_VAL_MAX)
140 return (DLADM_STATUS_BADARG);
141
142 if ((flags & DLADM_OPT_ACTIVE) == 0)
143 goto persist;
144
145 bzero(&secobj_set, sizeof (secobj_set));
146 objp = &secobj_set.ss_obj;
147 if (!dladm_convert_secobjclass(class, &objp->so_class))
148 return (DLADM_STATUS_BADARG);
149
150 (void) strlcpy(objp->so_name, obj_name, DLD_SECOBJ_NAME_MAX);
151 bcopy(obj_val, objp->so_val, obj_len);
152 objp->so_len = obj_len;
153
154 if ((flags & DLADM_OPT_CREATE) != 0)
155 secobj_set.ss_flags = DLD_SECOBJ_OPT_CREATE;
156
157 if (ioctl(dladm_dld_fd(handle), DLDIOC_SECOBJ_SET, &secobj_set) < 0)
158 status = dladm_errno2status(errno);
159
160 if (status != DLADM_STATUS_OK)
161 return (status);
162
163 persist:
164 if ((flags & DLADM_OPT_PERSIST) != 0) {
165 status = i_dladm_set_secobj_db(handle, obj_name, class,
166 obj_val, obj_len);
167 }
168 return (status);
169 }
170
171 dladm_status_t
dladm_get_secobj(dladm_handle_t handle,const char * obj_name,dladm_secobj_class_t * classp,uint8_t * obj_val,uint_t * obj_lenp,uint_t flags)172 dladm_get_secobj(dladm_handle_t handle, const char *obj_name,
173 dladm_secobj_class_t *classp, uint8_t *obj_val, uint_t *obj_lenp,
174 uint_t flags)
175 {
176 dladm_status_t status = DLADM_STATUS_OK;
177 dld_ioc_secobj_get_t secobj_get;
178 dld_secobj_t *objp;
179
180 if (obj_name == NULL || strlen(obj_name) > DLD_SECOBJ_NAME_MAX ||
181 obj_val == NULL || obj_lenp == NULL || *obj_lenp == 0 ||
182 *obj_lenp > DLD_SECOBJ_VAL_MAX)
183 return (DLADM_STATUS_BADARG);
184
185 if ((flags & DLADM_OPT_PERSIST) != 0) {
186 return (i_dladm_get_secobj_db(handle, obj_name, classp,
187 obj_val, obj_lenp));
188 }
189
190 bzero(&secobj_get, sizeof (secobj_get));
191 objp = &secobj_get.sg_obj;
192 (void) strlcpy(objp->so_name, obj_name, DLD_SECOBJ_NAME_MAX);
193
194 secobj_get.sg_size = sizeof (secobj_get);
195 if (ioctl(dladm_dld_fd(handle), DLDIOC_SECOBJ_GET, &secobj_get) < 0)
196 status = dladm_errno2status(errno);
197
198 if (objp->so_len > *obj_lenp)
199 return (DLADM_STATUS_TOOSMALL);
200
201 if (!dladm_convert_dldsecobjclass(objp->so_class, classp))
202 return (DLADM_STATUS_FAILED);
203
204 *obj_lenp = objp->so_len;
205 bcopy(objp->so_val, obj_val, *obj_lenp);
206 return (status);
207 }
208
209 dladm_status_t
dladm_unset_secobj(dladm_handle_t handle,const char * obj_name,uint_t flags)210 dladm_unset_secobj(dladm_handle_t handle, const char *obj_name, uint_t flags)
211 {
212 dladm_status_t status = DLADM_STATUS_OK;
213 dld_ioc_secobj_unset_t secobj_unset;
214
215 if (obj_name == NULL || strlen(obj_name) > DLD_SECOBJ_NAME_MAX ||
216 flags == 0)
217 return (DLADM_STATUS_BADARG);
218
219 if ((flags & DLADM_OPT_ACTIVE) == 0)
220 goto persist;
221
222 bzero(&secobj_unset, sizeof (secobj_unset));
223 (void) strlcpy(secobj_unset.su_name, obj_name, DLD_SECOBJ_NAME_MAX);
224
225 if (ioctl(dladm_dld_fd(handle), DLDIOC_SECOBJ_UNSET, &secobj_unset) < 0)
226 status = dladm_errno2status(errno);
227
228 if (status != DLADM_STATUS_OK)
229 return (status);
230
231 persist:
232 if ((flags & DLADM_OPT_PERSIST) != 0)
233 status = i_dladm_unset_secobj_db(handle, obj_name);
234
235 return (status);
236 }
237
238 dladm_status_t
dladm_walk_secobj(dladm_handle_t handle,void * arg,boolean_t (* func)(dladm_handle_t,void *,const char *),uint_t flags)239 dladm_walk_secobj(dladm_handle_t handle, void *arg,
240 boolean_t (*func)(dladm_handle_t, void *, const char *), uint_t flags)
241 {
242 dladm_status_t status = DLADM_STATUS_OK;
243 dld_ioc_secobj_get_t *secobj_getp;
244 dld_secobj_t *objp;
245 size_t secobj_bufsz;
246
247 if ((flags & DLADM_OPT_PERSIST) != 0)
248 return (i_dladm_walk_secobj_db(handle, arg, func));
249
250 /* Start with enough room for 10 objects, increase if necessary. */
251 secobj_bufsz = sizeof (*secobj_getp) + (10 * sizeof (*objp));
252 secobj_getp = calloc(1, secobj_bufsz);
253 if (secobj_getp == NULL) {
254 status = dladm_errno2status(errno);
255 goto done;
256 }
257
258 tryagain:
259 secobj_getp->sg_size = secobj_bufsz;
260 if (ioctl(dladm_dld_fd(handle), DLDIOC_SECOBJ_GET, secobj_getp) < 0) {
261 if (errno == ENOSPC) {
262 /* Increase the buffer size and try again. */
263 secobj_bufsz *= 2;
264 if (secobj_bufsz > SECOBJ_MAXBUFSZ) {
265 status = dladm_errno2status(errno);
266 goto done;
267 }
268 secobj_getp = realloc(secobj_getp, secobj_bufsz);
269 if (secobj_getp == NULL) {
270 status = dladm_errno2status(errno);
271 goto done;
272 }
273 bzero(secobj_getp, secobj_bufsz);
274 goto tryagain;
275 }
276 status = dladm_errno2status(errno);
277 goto done;
278 }
279
280 objp = (dld_secobj_t *)(secobj_getp + 1);
281 while (secobj_getp->sg_count > 0) {
282 if (!func(handle, arg, objp->so_name))
283 goto done;
284 secobj_getp->sg_count--;
285 objp++;
286 }
287 done:
288 free(secobj_getp);
289 return (status);
290 }
291
292 /*
293 * Data structures used for implementing persistent secure objects
294 */
295 typedef struct secobj_info {
296 const char *si_name;
297 dladm_secobj_class_t *si_classp;
298 uint8_t *si_val;
299 uint_t *si_lenp;
300 } secobj_info_t;
301
302 typedef struct secobj_name {
303 char *sn_name;
304 struct secobj_name *sn_next;
305 } secobj_name_t;
306
307 typedef struct secobj_db_state secobj_db_state_t;
308
309 typedef boolean_t (*secobj_db_op_t)(dladm_handle_t, struct secobj_db_state *,
310 char *, secobj_info_t *, dladm_status_t *);
311
312 struct secobj_db_state {
313 secobj_db_op_t ss_op;
314 secobj_info_t ss_info;
315 secobj_name_t **ss_namelist;
316 };
317
318 /*
319 * Update or generate a secobj entry using the info in ssp->ss_info.
320 */
321 static boolean_t
process_secobj_set(dladm_handle_t handle __unused,secobj_db_state_t * ssp,char * buf,secobj_info_t * sip,dladm_status_t * statusp)322 process_secobj_set(dladm_handle_t handle __unused, secobj_db_state_t *ssp,
323 char *buf, secobj_info_t *sip, dladm_status_t *statusp)
324 {
325 char tmpbuf[MAXLINELEN];
326 char classbuf[DLADM_STRSIZE];
327 char *ptr = tmpbuf, *lim = tmpbuf + MAXLINELEN;
328 uint_t i;
329
330 sip = &ssp->ss_info;
331
332 ptr += snprintf(ptr, BUFLEN(lim, ptr), "%s\t", sip->si_name);
333 ptr += snprintf(ptr, BUFLEN(lim, ptr), "%s\t",
334 dladm_secobjclass2str(*sip->si_classp, classbuf));
335
336 ptr += snprintf(ptr, BUFLEN(lim, ptr), "0x");
337 for (i = 0; i < *sip->si_lenp; i++) {
338 ptr += snprintf(ptr, BUFLEN(lim, ptr), "%02x",
339 sip->si_val[i] & 0xff);
340 }
341 if (ptr > lim) {
342 *statusp = DLADM_STATUS_TOOSMALL;
343 return (B_FALSE);
344 }
345 (void) snprintf(buf, MAXLINELEN, "%s\n", tmpbuf);
346 return (B_FALSE);
347 }
348
349 static boolean_t
process_secobj_get(dladm_handle_t handle __unused,secobj_db_state_t * ssp,char * buf __unused,secobj_info_t * sip,dladm_status_t * statusp)350 process_secobj_get(dladm_handle_t handle __unused, secobj_db_state_t *ssp,
351 char *buf __unused, secobj_info_t *sip, dladm_status_t *statusp)
352 {
353 if (*sip->si_lenp > *ssp->ss_info.si_lenp) {
354 *statusp = DLADM_STATUS_TOOSMALL;
355 return (B_FALSE);
356 }
357 bcopy(sip->si_val, ssp->ss_info.si_val, *sip->si_lenp);
358 *ssp->ss_info.si_lenp = *sip->si_lenp;
359 *ssp->ss_info.si_classp = *sip->si_classp;
360 return (B_FALSE);
361 }
362
363 static boolean_t
process_secobj_unset(dladm_handle_t handle __unused,secobj_db_state_t * ssp __unused,char * buf,secobj_info_t * sip __unused,dladm_status_t * statusp __unused)364 process_secobj_unset(dladm_handle_t handle __unused,
365 secobj_db_state_t *ssp __unused, char *buf,
366 secobj_info_t *sip __unused, dladm_status_t *statusp __unused)
367 {
368 /*
369 * Delete line.
370 */
371 buf[0] = '\0';
372 return (B_FALSE);
373 }
374
375 static boolean_t
process_secobj_walk(dladm_handle_t handle __unused,secobj_db_state_t * ssp,char * buf __unused,secobj_info_t * sip,dladm_status_t * statusp __unused)376 process_secobj_walk(dladm_handle_t handle __unused, secobj_db_state_t *ssp,
377 char *buf __unused, secobj_info_t *sip, dladm_status_t *statusp __unused)
378 {
379 secobj_name_t *snp;
380
381 if ((snp = malloc(sizeof (*snp))) == NULL)
382 return (B_TRUE);
383
384 if ((snp->sn_name = strdup(sip->si_name)) == NULL) {
385 free(snp);
386 return (B_TRUE);
387 }
388
389 snp->sn_next = NULL;
390 *ssp->ss_namelist = snp;
391 ssp->ss_namelist = &snp->sn_next;
392 return (B_TRUE);
393 }
394
395 static boolean_t
process_secobj_init(dladm_handle_t handle,secobj_db_state_t * ssp __unused,char * buf __unused,secobj_info_t * sip,dladm_status_t * statusp)396 process_secobj_init(dladm_handle_t handle, secobj_db_state_t *ssp __unused,
397 char *buf __unused, secobj_info_t *sip, dladm_status_t *statusp)
398 {
399 *statusp = dladm_set_secobj(handle, sip->si_name, *sip->si_classp,
400 sip->si_val, *sip->si_lenp,
401 DLADM_OPT_ACTIVE | DLADM_OPT_CREATE);
402 return (B_TRUE);
403 }
404
405 static int
parse_secobj_val(char * buf,secobj_info_t * sip)406 parse_secobj_val(char *buf, secobj_info_t *sip)
407 {
408 if (strncmp(buf, "0x", 2) != 0)
409 return (EINVAL);
410
411 return (hexascii_to_octet(buf + 2, strlen(buf) - 2,
412 sip->si_val, sip->si_lenp));
413 }
414
415 static boolean_t
process_secobj_line(dladm_handle_t handle,secobj_db_state_t * ssp,char * buf,dladm_status_t * statusp)416 process_secobj_line(dladm_handle_t handle, secobj_db_state_t *ssp, char *buf,
417 dladm_status_t *statusp)
418 {
419 secobj_info_t sinfo;
420 dladm_secobj_class_t class;
421 uint8_t val[DLADM_SECOBJ_VAL_MAX];
422 uint_t vlen;
423 int i, len, nlen;
424 char *str, *lasts;
425
426 /*
427 * Skip leading spaces, blank lines, and comments.
428 */
429 len = strlen(buf);
430 for (i = 0; i < len; i++) {
431 if (!isspace(buf[i]))
432 break;
433 }
434 if (i == len || buf[i] == '#')
435 return (B_TRUE);
436
437 str = buf + i;
438 if (ssp->ss_info.si_name != NULL) {
439 /*
440 * Skip objects we're not interested in.
441 */
442 nlen = strlen(ssp->ss_info.si_name);
443 if (strncmp(str, ssp->ss_info.si_name, nlen) != 0 ||
444 !isspace(str[nlen]))
445 return (B_TRUE);
446
447 sinfo.si_name = ssp->ss_info.si_name;
448 } else {
449 /*
450 * If an object is not specified, find the object name
451 * and assign it to sinfo.si_name.
452 */
453 if (strtok_r(str, " \n\t", &lasts) == NULL)
454 goto fail;
455
456 nlen = strlen(str);
457 sinfo.si_name = str;
458 }
459 str += nlen + 1;
460 if (str >= buf + len)
461 goto fail;
462
463 /*
464 * Find the class name.
465 */
466 if ((str = strtok_r(str, " \n\t", &lasts)) == NULL)
467 goto fail;
468
469 *statusp = dladm_str2secobjclass(str, &class);
470 if (*statusp != DLADM_STATUS_OK)
471 goto fail;
472
473 /*
474 * Find the object value.
475 */
476 if ((str = strtok_r(NULL, " \n\t", &lasts)) == NULL)
477 goto fail;
478
479 vlen = DLADM_SECOBJ_VAL_MAX;
480 sinfo.si_classp = &class;
481 sinfo.si_val = val;
482 sinfo.si_lenp = &vlen;
483 if (parse_secobj_val(str, &sinfo) != 0)
484 goto fail;
485
486 return ((*ssp->ss_op)(handle, ssp, buf, &sinfo, statusp));
487
488 fail:
489 /*
490 * Delete corrupted line.
491 */
492 buf[0] = '\0';
493 return (B_TRUE);
494 }
495
496 static dladm_status_t
process_secobj_db(dladm_handle_t handle,void * arg,FILE * fp,FILE * nfp)497 process_secobj_db(dladm_handle_t handle, void *arg, FILE *fp, FILE *nfp)
498 {
499 secobj_db_state_t *ssp = arg;
500 dladm_status_t status = DLADM_STATUS_OK;
501 char buf[MAXLINELEN];
502 boolean_t cont = B_TRUE;
503
504 /*
505 * This loop processes each line of the configuration file.
506 * buf can potentially be modified by process_secobj_line().
507 * If this is a write operation and buf is not truncated, buf will
508 * be written to disk. process_secobj_line() will no longer be
509 * called after it returns B_FALSE; at which point the remainder
510 * of the file will continue to be read and, if necessary, written
511 * to disk as well.
512 */
513 while (fgets(buf, MAXLINELEN, fp) != NULL) {
514 if (cont)
515 cont = process_secobj_line(handle, ssp, buf, &status);
516
517 if (nfp != NULL && buf[0] != '\0' && fputs(buf, nfp) == EOF) {
518 status = dladm_errno2status(errno);
519 break;
520 }
521 }
522 if (status != DLADM_STATUS_OK || !cont)
523 return (status);
524
525 if (ssp->ss_op == process_secobj_set) {
526 /*
527 * If the specified object is not found above, we add the
528 * object to the configuration file.
529 */
530 (void) (*ssp->ss_op)(handle, ssp, buf, NULL, &status);
531 if (status == DLADM_STATUS_OK && fputs(buf, nfp) == EOF)
532 status = dladm_errno2status(errno);
533 }
534
535 if (ssp->ss_op == process_secobj_unset ||
536 ssp->ss_op == process_secobj_get)
537 status = DLADM_STATUS_NOTFOUND;
538
539 return (status);
540 }
541
542 #define SECOBJ_RW_DB(handle, statep, writeop) \
543 (i_dladm_rw_db(handle, "/etc/dladm/secobj.conf", \
544 S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP, \
545 process_secobj_db, (statep), (writeop)))
546
547 static dladm_status_t
i_dladm_set_secobj_db(dladm_handle_t handle,const char * obj_name,dladm_secobj_class_t class,uint8_t * obj_val,uint_t obj_len)548 i_dladm_set_secobj_db(dladm_handle_t handle, const char *obj_name,
549 dladm_secobj_class_t class, uint8_t *obj_val, uint_t obj_len)
550 {
551 secobj_db_state_t state;
552
553 state.ss_op = process_secobj_set;
554 state.ss_info.si_name = obj_name;
555 state.ss_info.si_classp = &class;
556 state.ss_info.si_val = obj_val;
557 state.ss_info.si_lenp = &obj_len;
558 state.ss_namelist = NULL;
559
560 return (SECOBJ_RW_DB(handle, &state, B_TRUE));
561 }
562
563 static dladm_status_t
i_dladm_get_secobj_db(dladm_handle_t handle,const char * obj_name,dladm_secobj_class_t * classp,uint8_t * obj_val,uint_t * obj_lenp)564 i_dladm_get_secobj_db(dladm_handle_t handle, const char *obj_name,
565 dladm_secobj_class_t *classp, uint8_t *obj_val, uint_t *obj_lenp)
566 {
567 secobj_db_state_t state;
568
569 state.ss_op = process_secobj_get;
570 state.ss_info.si_name = obj_name;
571 state.ss_info.si_classp = classp;
572 state.ss_info.si_val = obj_val;
573 state.ss_info.si_lenp = obj_lenp;
574 state.ss_namelist = NULL;
575
576 return (SECOBJ_RW_DB(handle, &state, B_FALSE));
577 }
578
579 static dladm_status_t
i_dladm_unset_secobj_db(dladm_handle_t handle,const char * obj_name)580 i_dladm_unset_secobj_db(dladm_handle_t handle, const char *obj_name)
581 {
582 secobj_db_state_t state;
583
584 state.ss_op = process_secobj_unset;
585 state.ss_info.si_name = obj_name;
586 state.ss_info.si_classp = NULL;
587 state.ss_info.si_val = NULL;
588 state.ss_info.si_lenp = NULL;
589 state.ss_namelist = NULL;
590
591 return (SECOBJ_RW_DB(handle, &state, B_TRUE));
592 }
593
594 static dladm_status_t
i_dladm_walk_secobj_db(dladm_handle_t handle,void * arg,boolean_t (* func)(dladm_handle_t,void *,const char *))595 i_dladm_walk_secobj_db(dladm_handle_t handle, void *arg,
596 boolean_t (*func)(dladm_handle_t, void *, const char *))
597 {
598 secobj_db_state_t state;
599 secobj_name_t *snp = NULL, *fsnp;
600 dladm_status_t status;
601 boolean_t cont = B_TRUE;
602
603 state.ss_op = process_secobj_walk;
604 state.ss_info.si_name = NULL;
605 state.ss_info.si_classp = NULL;
606 state.ss_info.si_val = NULL;
607 state.ss_info.si_lenp = NULL;
608 state.ss_namelist = &snp;
609
610 status = SECOBJ_RW_DB(handle, &state, B_FALSE);
611 if (status != DLADM_STATUS_OK)
612 return (status);
613
614 while (snp != NULL) {
615 fsnp = snp;
616 snp = snp->sn_next;
617 if (cont)
618 cont = func(handle, arg, fsnp->sn_name);
619 free(fsnp->sn_name);
620 free(fsnp);
621 }
622 return (status);
623 }
624
625 dladm_status_t
dladm_init_secobj(dladm_handle_t handle)626 dladm_init_secobj(dladm_handle_t handle)
627 {
628 secobj_db_state_t state;
629
630 state.ss_op = process_secobj_init;
631 state.ss_info.si_name = NULL;
632 state.ss_info.si_classp = NULL;
633 state.ss_info.si_val = NULL;
634 state.ss_info.si_lenp = NULL;
635 state.ss_namelist = NULL;
636
637 return (SECOBJ_RW_DB(handle, &state, B_FALSE));
638 }
639
640 boolean_t
dladm_valid_secobj_name(const char * secobj_name)641 dladm_valid_secobj_name(const char *secobj_name)
642 {
643 size_t len = strlen(secobj_name);
644 const char *cp;
645
646 if (len + 1 > DLADM_SECOBJ_NAME_MAX)
647 return (B_FALSE);
648
649 /*
650 * The legal characters in a secobj name are:
651 * alphanumeric (a-z, A-Z, 0-9), '.', '_', '-'.
652 */
653 for (cp = secobj_name; *cp != '\0'; cp++) {
654 if (!isalnum(*cp) &&
655 (*cp != '.') && (*cp != '_') && (*cp != '-'))
656 return (B_FALSE);
657 }
658
659 return (B_TRUE);
660 }
661