1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 *
21 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
22 * Use is subject to license terms.
23 */
24
25 #pragma ident "%Z%%M% %I% %E% SMI"
26
27 #include <stdio.h>
28 #include <strings.h>
29 #include <ctype.h>
30 #include <libgen.h>
31 #include <libintl.h>
32 #include <errno.h>
33 #include <kmfapiP.h>
34 #include <sys/stat.h>
35 #include <sys/param.h>
36 #include <cryptoutil.h>
37 #include "util.h"
38
39 static int err; /* To store errno which may be overwritten by gettext() */
40
41 int
kc_install(int argc,char * argv[])42 kc_install(int argc, char *argv[])
43 {
44 int rv = KC_OK;
45 int opt;
46 extern int optind_av;
47 extern char *optarg_av;
48 char *keystore_name = NULL;
49 char *modulepath = NULL;
50 char *option_str = NULL;
51 conf_entry_t *entry = NULL;
52 char realpath[MAXPATHLEN];
53 struct stat statbuf;
54 FILE *pfile = NULL;
55 FILE *pfile_tmp = NULL;
56 char tmpfile_name[MAXPATHLEN];
57 int found_count = 0;
58 char buffer[BUFSIZ];
59 char *ptr;
60 boolean_t found;
61
62 while ((opt = getopt_av(argc, argv, "k:(keystore)m:(modulepath)"
63 "o:(option)")) != EOF) {
64 switch (opt) {
65 case 'k':
66 if (keystore_name != NULL)
67 rv = KC_ERR_USAGE;
68 else {
69 keystore_name = get_string(optarg_av, &rv);
70 if (keystore_name == NULL) {
71 (void) fprintf(stderr, gettext(
72 "Error keystore input.\n"));
73 }
74 }
75 break;
76 case 'm':
77 if (modulepath != NULL)
78 rv = KC_ERR_USAGE;
79 else {
80 modulepath = get_string(optarg_av, &rv);
81 if (modulepath == NULL) {
82 (void) fprintf(stderr,
83 gettext("Error modulepath.\n"));
84 }
85 }
86 break;
87 case 'o':
88 if (option_str != NULL) {
89 rv = KC_ERR_USAGE;
90 } else {
91 option_str = get_string(optarg_av, &rv);
92 if (option_str == NULL) {
93 (void) fprintf(stderr,
94 gettext("Error option input.\n"));
95 }
96 }
97 break;
98 default:
99 (void) fprintf(stderr,
100 gettext("Error input option.\n"));
101 rv = KC_ERR_USAGE;
102 break;
103 }
104 if (rv != KC_OK)
105 goto out;
106 }
107
108 /* No additional args allowed. */
109 argc -= optind_av;
110 if (argc) {
111 (void) fprintf(stderr,
112 gettext("Error input option\n"));
113 rv = KC_ERR_USAGE;
114 goto out;
115 }
116
117 if (keystore_name == NULL || modulepath == NULL) {
118 (void) fprintf(stderr, gettext("Error input option\n"));
119 rv = KC_ERR_USAGE;
120 goto out;
121 }
122
123 if (strcasecmp(keystore_name, "nss") == 0 ||
124 strcasecmp(keystore_name, "pkcs11") == 0 ||
125 strcasecmp(keystore_name, "file") == 0) {
126 (void) fprintf(stderr,
127 gettext("Can not use the built-in keystore name %s\n"),
128 keystore_name);
129 rv = KC_ERR_USAGE;
130 goto out;
131 }
132
133 entry = get_keystore_entry(keystore_name);
134 if (entry != NULL) {
135 (void) fprintf(stderr, gettext("%s exists already.\n"),
136 keystore_name);
137 rv = KC_ERR_USAGE;
138 goto out;
139 }
140
141 /*
142 * Find the absolute path of the module and check if it exists in
143 * the system. If $ISA is in the path, will check the 32bit version
144 * only.
145 */
146 if (strncmp(modulepath, "/", 1) != 0) {
147 /*
148 * Only contain the base name; prepand it with
149 * KMF_PLUGIN_PATH
150 */
151 (void) snprintf(realpath, MAXPATHLEN, "%s%s",
152 KMF_PLUGIN_PATH, modulepath);
153 } else {
154 char *buf = modulepath;
155 char *isa;
156
157 if ((isa = strstr(buf, PKCS11_ISA)) != NULL) {
158 (void) strncpy(realpath, buf, isa - buf);
159 isa += strlen(PKCS11_ISA) - 1;
160 (void) strlcat(realpath, isa, MAXPATHLEN);
161 } else {
162 (void) strlcpy(realpath, modulepath, MAXPATHLEN);
163 }
164 }
165
166 if (stat(realpath, &statbuf) != 0) {
167 (void) fprintf(stderr, gettext("%s not found.\n"),
168 realpath);
169 rv = KC_ERR_ACCESS;
170 goto out;
171 }
172
173 if ((pfile = fopen(_PATH_KMF_CONF, "r+")) == NULL) {
174 err = errno;
175 (void) fprintf(stderr,
176 gettext("failed to update the configuration - %s\n"),
177 strerror(err));
178 rv = KC_ERR_ACCESS;
179 goto out;
180 }
181
182 if (lockf(fileno(pfile), F_TLOCK, 0) == -1) {
183 err = errno;
184 (void) fprintf(stderr,
185 gettext("failed to lock the configuration - %s\n"),
186 strerror(err));
187 rv = KC_ERR_INSTALL;
188 goto out;
189 }
190
191 /*
192 * Create a temporary file in the /etc/crypto directory.
193 */
194 (void) strlcpy(tmpfile_name, CONF_TEMPFILE, sizeof (tmpfile_name));
195 if (mkstemp(tmpfile_name) == -1) {
196 err = errno;
197 (void) fprintf(stderr,
198 gettext("failed to create a temporary file - %s\n"),
199 strerror(err));
200 rv = KC_ERR_INSTALL;
201 goto out;
202 }
203
204 if ((pfile_tmp = fopen(tmpfile_name, "w")) == NULL) {
205 err = errno;
206 (void) fprintf(stderr,
207 gettext("failed to open %s - %s\n"),
208 tmpfile_name, strerror(err));
209 rv = KC_ERR_INSTALL;
210 goto out;
211 }
212
213 /*
214 * Loop thru the config file. If the file was reserved within a
215 * package bracket, just uncomment it. Other wise, append it at
216 * the end. The resulting file will be saved in the temp file first.
217 */
218 while (fgets(buffer, BUFSIZ, pfile) != NULL) {
219 found = B_FALSE;
220 if (buffer[0] == '#') {
221 ptr = buffer;
222 ptr++;
223 while (*ptr == '#' || *ptr == ' ')
224 ptr++;
225 if (strncmp(keystore_name, ptr, strlen(keystore_name))
226 == 0) {
227 found = B_TRUE;
228 found_count++;
229 }
230 }
231
232 if (found == B_FALSE) {
233 if (fputs(buffer, pfile_tmp) == EOF) {
234 rv = KC_ERR_INSTALL;
235 goto out;
236 }
237 } else {
238 if (found_count == 1) {
239 if (fputs(ptr, pfile_tmp) == EOF) {
240 rv = KC_ERR_INSTALL;
241 goto out;
242 }
243 } else {
244 /*
245 * Found a second entry with #keystore_name.
246 * This should not happen. The kmf.conf file
247 * is corrupted. Give a warning and skip
248 * this entry.
249 */
250 (void) fprintf(stderr, gettext(
251 "(Warning) Found an additional reserved "
252 "entry for %s.\n"), keystore_name);
253 }
254 }
255 }
256
257 if (found_count == 0) {
258 char buf[MAXPATHLEN];
259 /*
260 * This entry was not in package before, append it to the
261 * end of the temp file.
262 */
263 if (option_str == NULL)
264 (void) snprintf(buf, MAXPATHLEN, "%s:%s%s\n",
265 keystore_name, CONF_MODULEPATH, modulepath);
266 else
267 (void) snprintf(buf, MAXPATHLEN, "%s:%s%s;%s%s\n",
268 keystore_name, CONF_MODULEPATH, modulepath,
269 CONF_OPTION, option_str);
270
271 if (fputs(buf, pfile_tmp) == EOF) {
272 err = errno;
273 (void) fprintf(stderr, gettext(
274 "failed to write to %s: %s\n"), tmpfile_name,
275 strerror(err));
276 rv = KC_ERR_INSTALL;
277 goto out;
278 }
279 }
280
281 out:
282 if (pfile != NULL)
283 (void) fclose(pfile);
284
285 if (rv != KC_OK && pfile_tmp != NULL)
286 (void) unlink(tmpfile_name);
287
288 if (pfile_tmp != NULL)
289 (void) fclose(pfile_tmp);
290
291 if (rv == KC_OK) {
292 if (rename(tmpfile_name, _PATH_KMF_CONF) == -1) {
293 err = errno;
294 (void) fprintf(stderr, gettext(
295 "failed to update the configuration - %s"),
296 strerror(err));
297 return (KC_ERR_INSTALL);
298 }
299
300 if (chmod(_PATH_KMF_CONF,
301 S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) == -1) {
302 err = errno;
303 (void) fprintf(stderr, gettext(
304 "failed to update the configuration - %s\n"),
305 strerror(err));
306 return (KC_ERR_INSTALL);
307 }
308 }
309
310 return (rv);
311 }
312