17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate * CDDL HEADER START
37c478bd9Sstevel@tonic-gate *
47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the
5b8bf75cbSkrishna * Common Development and Distribution License (the "License").
6b8bf75cbSkrishna * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate *
87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate * and limitations under the License.
127c478bd9Sstevel@tonic-gate *
137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate *
197c478bd9Sstevel@tonic-gate * CDDL HEADER END
207c478bd9Sstevel@tonic-gate */
217c478bd9Sstevel@tonic-gate /*
2232e0ab73SMisaki Miyashita * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
237c478bd9Sstevel@tonic-gate */
247c478bd9Sstevel@tonic-gate
257c478bd9Sstevel@tonic-gate
267c478bd9Sstevel@tonic-gate #include <fcntl.h>
277c478bd9Sstevel@tonic-gate #include <stdio.h>
287c478bd9Sstevel@tonic-gate #include <stdlib.h>
297c478bd9Sstevel@tonic-gate #include <strings.h>
307c478bd9Sstevel@tonic-gate #include <unistd.h>
317c478bd9Sstevel@tonic-gate #include <locale.h>
327c478bd9Sstevel@tonic-gate #include <libgen.h>
337c478bd9Sstevel@tonic-gate #include <sys/types.h>
347c478bd9Sstevel@tonic-gate #include <zone.h>
357c478bd9Sstevel@tonic-gate #include <sys/crypto/ioctladmin.h>
367c478bd9Sstevel@tonic-gate #include <cryptoutil.h>
377c478bd9Sstevel@tonic-gate #include "cryptoadm.h"
387c478bd9Sstevel@tonic-gate
397c478bd9Sstevel@tonic-gate #define REQ_ARG_CNT 2
407c478bd9Sstevel@tonic-gate
417c478bd9Sstevel@tonic-gate /* subcommand index */
427c478bd9Sstevel@tonic-gate enum subcommand_index {
437c478bd9Sstevel@tonic-gate CRYPTO_LIST,
447c478bd9Sstevel@tonic-gate CRYPTO_DISABLE,
457c478bd9Sstevel@tonic-gate CRYPTO_ENABLE,
467c478bd9Sstevel@tonic-gate CRYPTO_INSTALL,
477c478bd9Sstevel@tonic-gate CRYPTO_UNINSTALL,
487c478bd9Sstevel@tonic-gate CRYPTO_UNLOAD,
497c478bd9Sstevel@tonic-gate CRYPTO_REFRESH,
507c478bd9Sstevel@tonic-gate CRYPTO_START,
517c478bd9Sstevel@tonic-gate CRYPTO_STOP,
527c478bd9Sstevel@tonic-gate CRYPTO_HELP };
537c478bd9Sstevel@tonic-gate
547c478bd9Sstevel@tonic-gate /*
550a85b835SDaniel Anderson * TRANSLATION_NOTE
567c478bd9Sstevel@tonic-gate * Command keywords are not to be translated.
577c478bd9Sstevel@tonic-gate */
587c478bd9Sstevel@tonic-gate static char *cmd_table[] = {
597c478bd9Sstevel@tonic-gate "list",
607c478bd9Sstevel@tonic-gate "disable",
617c478bd9Sstevel@tonic-gate "enable",
627c478bd9Sstevel@tonic-gate "install",
637c478bd9Sstevel@tonic-gate "uninstall",
647c478bd9Sstevel@tonic-gate "unload",
657c478bd9Sstevel@tonic-gate "refresh",
667c478bd9Sstevel@tonic-gate "start",
677c478bd9Sstevel@tonic-gate "stop",
687c478bd9Sstevel@tonic-gate "--help" };
697c478bd9Sstevel@tonic-gate
707c478bd9Sstevel@tonic-gate /* provider type */
717c478bd9Sstevel@tonic-gate enum provider_type_index {
727c478bd9Sstevel@tonic-gate PROV_UEF_LIB,
737c478bd9Sstevel@tonic-gate PROV_KEF_SOFT,
747c478bd9Sstevel@tonic-gate PROV_KEF_HARD,
757c478bd9Sstevel@tonic-gate METASLOT,
767c478bd9Sstevel@tonic-gate PROV_BADNAME };
777c478bd9Sstevel@tonic-gate
787c478bd9Sstevel@tonic-gate typedef struct {
797c478bd9Sstevel@tonic-gate char cp_name[MAXPATHLEN];
807c478bd9Sstevel@tonic-gate enum provider_type_index cp_type;
817c478bd9Sstevel@tonic-gate } cryptoadm_provider_t;
827c478bd9Sstevel@tonic-gate
837c478bd9Sstevel@tonic-gate /*
840a85b835SDaniel Anderson * TRANSLATION_NOTE
857c478bd9Sstevel@tonic-gate * Operand keywords are not to be translated.
867c478bd9Sstevel@tonic-gate */
877c478bd9Sstevel@tonic-gate static const char *KN_PROVIDER = "provider=";
887c478bd9Sstevel@tonic-gate static const char *KN_MECH = "mechanism=";
897c478bd9Sstevel@tonic-gate static const char *KN_ALL = "all";
907c478bd9Sstevel@tonic-gate static const char *KN_TOKEN = "token=";
917c478bd9Sstevel@tonic-gate static const char *KN_SLOT = "slot=";
927c478bd9Sstevel@tonic-gate static const char *KN_DEFAULT_KS = "default-keystore";
937c478bd9Sstevel@tonic-gate static const char *KN_AUTO_KEY_MIGRATE = "auto-key-migrate";
947c478bd9Sstevel@tonic-gate
957c478bd9Sstevel@tonic-gate /* static variables */
967c478bd9Sstevel@tonic-gate static boolean_t allflag = B_FALSE;
977c478bd9Sstevel@tonic-gate static boolean_t rndflag = B_FALSE;
987c478bd9Sstevel@tonic-gate static mechlist_t *mecharglist = NULL;
997c478bd9Sstevel@tonic-gate
1007c478bd9Sstevel@tonic-gate /* static functions */
1017c478bd9Sstevel@tonic-gate static void usage(void);
1027c478bd9Sstevel@tonic-gate static int get_provider_type(char *);
1037c478bd9Sstevel@tonic-gate static int process_mech_operands(int, char **, boolean_t);
1047c478bd9Sstevel@tonic-gate static int do_list(int, char **);
1057c478bd9Sstevel@tonic-gate static int do_disable(int, char **);
1067c478bd9Sstevel@tonic-gate static int do_enable(int, char **);
1077c478bd9Sstevel@tonic-gate static int do_install(int, char **);
1087c478bd9Sstevel@tonic-gate static int do_uninstall(int, char **);
1097c478bd9Sstevel@tonic-gate static int do_unload(int, char **);
1107c478bd9Sstevel@tonic-gate static int do_refresh(int);
1117c478bd9Sstevel@tonic-gate static int do_start(int);
1127c478bd9Sstevel@tonic-gate static int do_stop(int);
1137c478bd9Sstevel@tonic-gate static int list_simple_for_all(boolean_t);
1147c478bd9Sstevel@tonic-gate static int list_mechlist_for_all(boolean_t);
1157c478bd9Sstevel@tonic-gate static int list_policy_for_all(void);
1167c478bd9Sstevel@tonic-gate
1177c478bd9Sstevel@tonic-gate int
main(int argc,char * argv[])1187c478bd9Sstevel@tonic-gate main(int argc, char *argv[])
1197c478bd9Sstevel@tonic-gate {
1207c478bd9Sstevel@tonic-gate char *subcmd;
1217c478bd9Sstevel@tonic-gate int cmdnum;
1227c478bd9Sstevel@tonic-gate int cmd_index = 0;
1237c478bd9Sstevel@tonic-gate int rc = SUCCESS;
1247c478bd9Sstevel@tonic-gate
1257c478bd9Sstevel@tonic-gate (void) setlocale(LC_ALL, "");
1267c478bd9Sstevel@tonic-gate
1277c478bd9Sstevel@tonic-gate #if !defined(TEXT_DOMAIN) /* Should be defined by cc -D */
1287c478bd9Sstevel@tonic-gate #define TEXT_DOMAIN "SYS_TEST" /* Use this only if it weren't */
1297c478bd9Sstevel@tonic-gate #endif
1307c478bd9Sstevel@tonic-gate (void) textdomain(TEXT_DOMAIN);
1317c478bd9Sstevel@tonic-gate
1327c478bd9Sstevel@tonic-gate cryptodebug_init(basename(argv[0]));
1337c478bd9Sstevel@tonic-gate
1347c478bd9Sstevel@tonic-gate if (argc < REQ_ARG_CNT) {
1357c478bd9Sstevel@tonic-gate usage();
1367c478bd9Sstevel@tonic-gate return (ERROR_USAGE);
1377c478bd9Sstevel@tonic-gate }
1387c478bd9Sstevel@tonic-gate
1397c478bd9Sstevel@tonic-gate /* get the subcommand index */
1407c478bd9Sstevel@tonic-gate cmd_index = 0;
1417c478bd9Sstevel@tonic-gate subcmd = argv[1];
1427c478bd9Sstevel@tonic-gate cmdnum = sizeof (cmd_table)/sizeof (cmd_table[0]);
1437c478bd9Sstevel@tonic-gate
1447c478bd9Sstevel@tonic-gate while ((cmd_index < cmdnum) &&
1457c478bd9Sstevel@tonic-gate (strcmp(subcmd, cmd_table[cmd_index]) != 0)) {
1467c478bd9Sstevel@tonic-gate cmd_index++;
1477c478bd9Sstevel@tonic-gate }
1487c478bd9Sstevel@tonic-gate if (cmd_index >= cmdnum) {
1497c478bd9Sstevel@tonic-gate usage();
1507c478bd9Sstevel@tonic-gate return (ERROR_USAGE);
1517c478bd9Sstevel@tonic-gate }
1527c478bd9Sstevel@tonic-gate
1537c478bd9Sstevel@tonic-gate /* do the subcommand */
1547c478bd9Sstevel@tonic-gate switch (cmd_index) {
1557c478bd9Sstevel@tonic-gate case CRYPTO_LIST:
1567c478bd9Sstevel@tonic-gate rc = do_list(argc, argv);
1577c478bd9Sstevel@tonic-gate break;
1587c478bd9Sstevel@tonic-gate case CRYPTO_DISABLE:
1597c478bd9Sstevel@tonic-gate rc = do_disable(argc, argv);
1607c478bd9Sstevel@tonic-gate break;
1617c478bd9Sstevel@tonic-gate case CRYPTO_ENABLE:
1627c478bd9Sstevel@tonic-gate rc = do_enable(argc, argv);
1637c478bd9Sstevel@tonic-gate break;
1647c478bd9Sstevel@tonic-gate case CRYPTO_INSTALL:
1657c478bd9Sstevel@tonic-gate rc = do_install(argc, argv);
1667c478bd9Sstevel@tonic-gate break;
1677c478bd9Sstevel@tonic-gate case CRYPTO_UNINSTALL:
1687c478bd9Sstevel@tonic-gate rc = do_uninstall(argc, argv);
1697c478bd9Sstevel@tonic-gate break;
1707c478bd9Sstevel@tonic-gate case CRYPTO_UNLOAD:
1717c478bd9Sstevel@tonic-gate rc = do_unload(argc, argv);
1727c478bd9Sstevel@tonic-gate break;
1737c478bd9Sstevel@tonic-gate case CRYPTO_REFRESH:
1747c478bd9Sstevel@tonic-gate rc = do_refresh(argc);
1757c478bd9Sstevel@tonic-gate break;
1767c478bd9Sstevel@tonic-gate case CRYPTO_START:
1777c478bd9Sstevel@tonic-gate rc = do_start(argc);
1787c478bd9Sstevel@tonic-gate break;
1797c478bd9Sstevel@tonic-gate case CRYPTO_STOP:
1807c478bd9Sstevel@tonic-gate rc = do_stop(argc);
1817c478bd9Sstevel@tonic-gate break;
1827c478bd9Sstevel@tonic-gate case CRYPTO_HELP:
1837c478bd9Sstevel@tonic-gate usage();
1847c478bd9Sstevel@tonic-gate rc = SUCCESS;
1857c478bd9Sstevel@tonic-gate break;
1867c478bd9Sstevel@tonic-gate default: /* should not come here */
1877c478bd9Sstevel@tonic-gate usage();
1887c478bd9Sstevel@tonic-gate rc = ERROR_USAGE;
1897c478bd9Sstevel@tonic-gate break;
1907c478bd9Sstevel@tonic-gate }
1917c478bd9Sstevel@tonic-gate return (rc);
1927c478bd9Sstevel@tonic-gate }
1937c478bd9Sstevel@tonic-gate
1947c478bd9Sstevel@tonic-gate
1957c478bd9Sstevel@tonic-gate static void
usage(void)1967c478bd9Sstevel@tonic-gate usage(void)
1977c478bd9Sstevel@tonic-gate {
1987c478bd9Sstevel@tonic-gate /*
1990a85b835SDaniel Anderson * TRANSLATION_NOTE
2007c478bd9Sstevel@tonic-gate * Command usage is not to be translated. Only the word "Usage:"
2017c478bd9Sstevel@tonic-gate * along with localized expressions indicating what kind of value
2027c478bd9Sstevel@tonic-gate * is expected for arguments.
2037c478bd9Sstevel@tonic-gate */
2047c478bd9Sstevel@tonic-gate (void) fprintf(stderr, gettext("Usage:\n"));
2057c478bd9Sstevel@tonic-gate (void) fprintf(stderr,
2067c478bd9Sstevel@tonic-gate " cryptoadm list [-mpv] [provider=<%s> | metaslot]"
2077c478bd9Sstevel@tonic-gate " [mechanism=<%s>]\n",
2087c478bd9Sstevel@tonic-gate gettext("provider-name"), gettext("mechanism-list"));
2097c478bd9Sstevel@tonic-gate (void) fprintf(stderr,
2107c478bd9Sstevel@tonic-gate " cryptoadm disable provider=<%s>"
2117c478bd9Sstevel@tonic-gate " mechanism=<%s> | random | all\n",
2127c478bd9Sstevel@tonic-gate gettext("provider-name"), gettext("mechanism-list"));
2137c478bd9Sstevel@tonic-gate (void) fprintf(stderr,
2147c478bd9Sstevel@tonic-gate " cryptoadm disable metaslot"
2157c478bd9Sstevel@tonic-gate " [auto-key-migrate] [mechanism=<%s>]\n",
2167c478bd9Sstevel@tonic-gate gettext("mechanism-list"));
2177c478bd9Sstevel@tonic-gate (void) fprintf(stderr,
2187c478bd9Sstevel@tonic-gate " cryptoadm enable provider=<%s>"
2197c478bd9Sstevel@tonic-gate " mechanism=<%s> | random | all\n",
2207c478bd9Sstevel@tonic-gate gettext("provider-name"), gettext("mechanism-list"));
2217c478bd9Sstevel@tonic-gate (void) fprintf(stderr,
2227c478bd9Sstevel@tonic-gate " cryptoadm enable metaslot [mechanism=<%s>]"
2237c478bd9Sstevel@tonic-gate " [[token=<%s>] [slot=<%s>]"
2247c478bd9Sstevel@tonic-gate " | [default-keystore]] | [auto-key-migrate]\n",
2257c478bd9Sstevel@tonic-gate gettext("mechanism-list"), gettext("token-label"),
2267c478bd9Sstevel@tonic-gate gettext("slot-description"));
2277c478bd9Sstevel@tonic-gate (void) fprintf(stderr,
2287c478bd9Sstevel@tonic-gate " cryptoadm install provider=<%s>\n",
2297c478bd9Sstevel@tonic-gate gettext("provider-name"));
2307c478bd9Sstevel@tonic-gate (void) fprintf(stderr,
2317c478bd9Sstevel@tonic-gate " cryptoadm install provider=<%s> [mechanism=<%s>]\n",
2327c478bd9Sstevel@tonic-gate gettext("provider-name"), gettext("mechanism-list"));
2337c478bd9Sstevel@tonic-gate (void) fprintf(stderr,
2347c478bd9Sstevel@tonic-gate " cryptoadm uninstall provider=<%s>\n",
2357c478bd9Sstevel@tonic-gate gettext("provider-name"));
2367c478bd9Sstevel@tonic-gate (void) fprintf(stderr,
2377c478bd9Sstevel@tonic-gate " cryptoadm unload provider=<%s>\n",
2387c478bd9Sstevel@tonic-gate gettext("provider-name"));
2397c478bd9Sstevel@tonic-gate (void) fprintf(stderr,
2407c478bd9Sstevel@tonic-gate " cryptoadm refresh\n"
2417c478bd9Sstevel@tonic-gate " cryptoadm start\n"
2427c478bd9Sstevel@tonic-gate " cryptoadm stop\n"
2437c478bd9Sstevel@tonic-gate " cryptoadm --help\n");
2447c478bd9Sstevel@tonic-gate }
2457c478bd9Sstevel@tonic-gate
2467c478bd9Sstevel@tonic-gate
2477c478bd9Sstevel@tonic-gate /*
2487c478bd9Sstevel@tonic-gate * Get the provider type. This function returns
2497c478bd9Sstevel@tonic-gate * - PROV_UEF_LIB if provname contains an absolute path name
2501b22764fSDaniel OpenSolaris Anderson * - PROV_KEF_SOFT if provname is a base name only (e.g., "aes").
2517c478bd9Sstevel@tonic-gate * - PROV_KEF_HARD if provname contains one slash only and the slash is not
2521b22764fSDaniel OpenSolaris Anderson * the 1st character (e.g., "mca/0").
2530a85b835SDaniel Anderson * - PROV_BADNAME otherwise.
2547c478bd9Sstevel@tonic-gate */
2557c478bd9Sstevel@tonic-gate static int
get_provider_type(char * provname)2567c478bd9Sstevel@tonic-gate get_provider_type(char *provname)
2577c478bd9Sstevel@tonic-gate {
2587c478bd9Sstevel@tonic-gate char *pslash1;
2597c478bd9Sstevel@tonic-gate char *pslash2;
2607c478bd9Sstevel@tonic-gate
2617c478bd9Sstevel@tonic-gate if (provname == NULL) {
2627c478bd9Sstevel@tonic-gate return (FAILURE);
2637c478bd9Sstevel@tonic-gate }
2647c478bd9Sstevel@tonic-gate
2657c478bd9Sstevel@tonic-gate if (provname[0] == '/') {
2667c478bd9Sstevel@tonic-gate return (PROV_UEF_LIB);
2677c478bd9Sstevel@tonic-gate } else if ((pslash1 = strchr(provname, SEP_SLASH)) == NULL) {
2687c478bd9Sstevel@tonic-gate /* no slash */
2697c478bd9Sstevel@tonic-gate return (PROV_KEF_SOFT);
2707c478bd9Sstevel@tonic-gate } else {
2717c478bd9Sstevel@tonic-gate pslash2 = strrchr(provname, SEP_SLASH);
2727c478bd9Sstevel@tonic-gate if (pslash1 == pslash2) {
2737c478bd9Sstevel@tonic-gate return (PROV_KEF_HARD);
2747c478bd9Sstevel@tonic-gate } else {
2757c478bd9Sstevel@tonic-gate return (PROV_BADNAME);
2767c478bd9Sstevel@tonic-gate }
2777c478bd9Sstevel@tonic-gate }
2787c478bd9Sstevel@tonic-gate }
2797c478bd9Sstevel@tonic-gate
2807c478bd9Sstevel@tonic-gate /*
2817c478bd9Sstevel@tonic-gate * Get the provider structure. This function returns NULL if no valid
2827c478bd9Sstevel@tonic-gate * provider= is found in argv[], otherwise a cryptoadm_provider_t is returned.
2837c478bd9Sstevel@tonic-gate * If provider= is found but has no argument, then a cryptoadm_provider_t
2847c478bd9Sstevel@tonic-gate * with cp_type = PROV_BADNAME is returned.
2857c478bd9Sstevel@tonic-gate */
2867c478bd9Sstevel@tonic-gate static cryptoadm_provider_t *
get_provider(int argc,char ** argv)2877c478bd9Sstevel@tonic-gate get_provider(int argc, char **argv)
2887c478bd9Sstevel@tonic-gate {
2897c478bd9Sstevel@tonic-gate int c = 0;
2907c478bd9Sstevel@tonic-gate boolean_t found = B_FALSE;
2917c478bd9Sstevel@tonic-gate cryptoadm_provider_t *provider = NULL;
2927c478bd9Sstevel@tonic-gate char *provstr = NULL, *savstr;
2937c478bd9Sstevel@tonic-gate boolean_t is_metaslot = B_FALSE;
2947c478bd9Sstevel@tonic-gate
2957c478bd9Sstevel@tonic-gate while (!found && ++c < argc) {
2967c478bd9Sstevel@tonic-gate if (strncmp(argv[c], METASLOT_KEYWORD,
2977c478bd9Sstevel@tonic-gate strlen(METASLOT_KEYWORD)) == 0) {
2987c478bd9Sstevel@tonic-gate is_metaslot = B_TRUE;
2997c478bd9Sstevel@tonic-gate found = B_TRUE;
3007c478bd9Sstevel@tonic-gate } else if (strncmp(argv[c], KN_PROVIDER,
3017c478bd9Sstevel@tonic-gate strlen(KN_PROVIDER)) == 0 &&
3027c478bd9Sstevel@tonic-gate strlen(argv[c]) > strlen(KN_PROVIDER)) {
3037c478bd9Sstevel@tonic-gate if ((provstr = strdup(argv[c])) == NULL) {
3047c478bd9Sstevel@tonic-gate int err = errno;
3057c478bd9Sstevel@tonic-gate /*
3060a85b835SDaniel Anderson * TRANSLATION_NOTE
3077c478bd9Sstevel@tonic-gate * "get_provider" is a function name and should
3087c478bd9Sstevel@tonic-gate * not be translated.
3097c478bd9Sstevel@tonic-gate */
3107c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, "get_provider: %s.",
3117c478bd9Sstevel@tonic-gate strerror(err));
3127c478bd9Sstevel@tonic-gate return (NULL);
3137c478bd9Sstevel@tonic-gate }
3147c478bd9Sstevel@tonic-gate found = B_TRUE;
3157c478bd9Sstevel@tonic-gate }
3167c478bd9Sstevel@tonic-gate }
3177c478bd9Sstevel@tonic-gate if (!found)
3187c478bd9Sstevel@tonic-gate return (NULL);
3197c478bd9Sstevel@tonic-gate
3207c478bd9Sstevel@tonic-gate provider = malloc(sizeof (cryptoadm_provider_t));
3217c478bd9Sstevel@tonic-gate if (provider == NULL) {
3227c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("out of memory."));
3237c478bd9Sstevel@tonic-gate if (provstr) {
3247c478bd9Sstevel@tonic-gate free(provstr);
3257c478bd9Sstevel@tonic-gate }
3267c478bd9Sstevel@tonic-gate return (NULL);
3277c478bd9Sstevel@tonic-gate }
3287c478bd9Sstevel@tonic-gate
3297c478bd9Sstevel@tonic-gate if (is_metaslot) {
3307c478bd9Sstevel@tonic-gate (void) strlcpy(provider->cp_name, METASLOT_KEYWORD,
3317c478bd9Sstevel@tonic-gate strlen(METASLOT_KEYWORD));
3327c478bd9Sstevel@tonic-gate provider->cp_type = METASLOT;
3337c478bd9Sstevel@tonic-gate } else {
3347c478bd9Sstevel@tonic-gate
3357c478bd9Sstevel@tonic-gate savstr = provstr;
3367c478bd9Sstevel@tonic-gate (void) strtok(provstr, "=");
3377c478bd9Sstevel@tonic-gate provstr = strtok(NULL, "=");
3387c478bd9Sstevel@tonic-gate if (provstr == NULL) {
3397c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("bad provider name."));
3407c478bd9Sstevel@tonic-gate provider->cp_type = PROV_BADNAME;
3417c478bd9Sstevel@tonic-gate free(savstr);
3427c478bd9Sstevel@tonic-gate return (provider);
3437c478bd9Sstevel@tonic-gate }
3447c478bd9Sstevel@tonic-gate
3457c478bd9Sstevel@tonic-gate (void) strlcpy(provider->cp_name, provstr,
3467c478bd9Sstevel@tonic-gate sizeof (provider->cp_name));
3477c478bd9Sstevel@tonic-gate provider->cp_type = get_provider_type(provider->cp_name);
3487c478bd9Sstevel@tonic-gate
3497c478bd9Sstevel@tonic-gate free(savstr);
3507c478bd9Sstevel@tonic-gate }
3517c478bd9Sstevel@tonic-gate return (provider);
3527c478bd9Sstevel@tonic-gate }
3537c478bd9Sstevel@tonic-gate
3547c478bd9Sstevel@tonic-gate /*
3557c478bd9Sstevel@tonic-gate * Process the "feature" operands.
3567c478bd9Sstevel@tonic-gate *
3577c478bd9Sstevel@tonic-gate * "argc" and "argv" contain values specified on the command line.
3587c478bd9Sstevel@tonic-gate * All other arguments are used for returning parsing results.
3597c478bd9Sstevel@tonic-gate * If any of these arguments are NULL, that keyword is not expected,
3607c478bd9Sstevel@tonic-gate * and FAILURE will be returned.
3617c478bd9Sstevel@tonic-gate */
3627c478bd9Sstevel@tonic-gate static int
process_metaslot_operands(int argc,char ** argv,char ** meta_ks_token,char ** meta_ks_slot,boolean_t * use_default,boolean_t * auto_key_migrate_flag)3637c478bd9Sstevel@tonic-gate process_metaslot_operands(int argc, char **argv, char **meta_ks_token,
3647c478bd9Sstevel@tonic-gate char **meta_ks_slot, boolean_t *use_default,
3657c478bd9Sstevel@tonic-gate boolean_t *auto_key_migrate_flag)
3667c478bd9Sstevel@tonic-gate {
3677c478bd9Sstevel@tonic-gate int c = 2;
3687c478bd9Sstevel@tonic-gate int rc = SUCCESS;
3697c478bd9Sstevel@tonic-gate
3707c478bd9Sstevel@tonic-gate while (++c < argc) {
3717c478bd9Sstevel@tonic-gate if ((strncmp(argv[c], KN_MECH, strlen(KN_MECH)) == 0) &&
3727c478bd9Sstevel@tonic-gate strlen(argv[c]) > strlen(KN_MECH)) {
3737c478bd9Sstevel@tonic-gate
3747c478bd9Sstevel@tonic-gate /* process mechanism operands */
3757c478bd9Sstevel@tonic-gate if ((rc = process_mech_operands(argc, argv, B_TRUE))
3767c478bd9Sstevel@tonic-gate != SUCCESS) {
3777c478bd9Sstevel@tonic-gate goto finish;
3787c478bd9Sstevel@tonic-gate }
3797c478bd9Sstevel@tonic-gate
3807c478bd9Sstevel@tonic-gate } else if ((strncmp(argv[c], KN_TOKEN,
3817c478bd9Sstevel@tonic-gate strlen(KN_TOKEN)) == 0) &&
3827c478bd9Sstevel@tonic-gate strlen(argv[c]) > strlen(KN_TOKEN)) {
3837c478bd9Sstevel@tonic-gate if ((meta_ks_token) && (strtok(argv[c], "=") != NULL)) {
3847c478bd9Sstevel@tonic-gate char *tmp;
3857c478bd9Sstevel@tonic-gate if ((tmp = strtok(NULL, "=")) != NULL) {
3867c478bd9Sstevel@tonic-gate *meta_ks_token = strdup(tmp);
3877c478bd9Sstevel@tonic-gate } else {
3887c478bd9Sstevel@tonic-gate return (FAILURE);
3897c478bd9Sstevel@tonic-gate }
3907c478bd9Sstevel@tonic-gate } else {
3917c478bd9Sstevel@tonic-gate return (FAILURE);
3927c478bd9Sstevel@tonic-gate }
3937c478bd9Sstevel@tonic-gate
3947c478bd9Sstevel@tonic-gate } else if ((strncmp(argv[c], KN_SLOT,
3957c478bd9Sstevel@tonic-gate strlen(KN_SLOT)) == 0) &&
3967c478bd9Sstevel@tonic-gate strlen(argv[c]) > strlen(KN_SLOT)) {
3977c478bd9Sstevel@tonic-gate
3987c478bd9Sstevel@tonic-gate if ((meta_ks_slot) && (strtok(argv[c], "=") != NULL)) {
3997c478bd9Sstevel@tonic-gate char *tmp;
4007c478bd9Sstevel@tonic-gate if ((tmp = strtok(NULL, "=")) != NULL) {
4017c478bd9Sstevel@tonic-gate *meta_ks_slot = strdup(tmp);
4027c478bd9Sstevel@tonic-gate } else {
4037c478bd9Sstevel@tonic-gate return (FAILURE);
4047c478bd9Sstevel@tonic-gate }
4057c478bd9Sstevel@tonic-gate } else {
4067c478bd9Sstevel@tonic-gate return (FAILURE);
4077c478bd9Sstevel@tonic-gate }
4087c478bd9Sstevel@tonic-gate
4097c478bd9Sstevel@tonic-gate } else if (strncmp(argv[c], KN_DEFAULT_KS,
4107c478bd9Sstevel@tonic-gate strlen(KN_DEFAULT_KS)) == 0) {
4117c478bd9Sstevel@tonic-gate
4127c478bd9Sstevel@tonic-gate if (use_default) {
4137c478bd9Sstevel@tonic-gate *use_default = B_TRUE;
4147c478bd9Sstevel@tonic-gate } else {
4157c478bd9Sstevel@tonic-gate return (FAILURE);
4167c478bd9Sstevel@tonic-gate }
4177c478bd9Sstevel@tonic-gate } else if (strncmp(argv[c], KN_AUTO_KEY_MIGRATE,
4187c478bd9Sstevel@tonic-gate strlen(KN_AUTO_KEY_MIGRATE)) == 0) {
4197c478bd9Sstevel@tonic-gate
4207c478bd9Sstevel@tonic-gate if (auto_key_migrate_flag) {
4217c478bd9Sstevel@tonic-gate *auto_key_migrate_flag = B_TRUE;
4227c478bd9Sstevel@tonic-gate } else {
4237c478bd9Sstevel@tonic-gate return (FAILURE);
4247c478bd9Sstevel@tonic-gate }
4257c478bd9Sstevel@tonic-gate } else {
4267c478bd9Sstevel@tonic-gate return (FAILURE);
4277c478bd9Sstevel@tonic-gate }
4287c478bd9Sstevel@tonic-gate }
4297c478bd9Sstevel@tonic-gate finish:
4307c478bd9Sstevel@tonic-gate return (rc);
4317c478bd9Sstevel@tonic-gate }
4327c478bd9Sstevel@tonic-gate
4337c478bd9Sstevel@tonic-gate /*
4347c478bd9Sstevel@tonic-gate * Process the "feature" operands.
4357c478bd9Sstevel@tonic-gate */
4367c478bd9Sstevel@tonic-gate static int
process_feature_operands(int argc,char ** argv)4377c478bd9Sstevel@tonic-gate process_feature_operands(int argc, char **argv)
4387c478bd9Sstevel@tonic-gate {
4397c478bd9Sstevel@tonic-gate int c = 2;
4407c478bd9Sstevel@tonic-gate
4417c478bd9Sstevel@tonic-gate while (++c < argc) {
4427c478bd9Sstevel@tonic-gate if (strcmp(argv[c], KN_ALL) == 0) {
4437c478bd9Sstevel@tonic-gate allflag = B_TRUE;
4447c478bd9Sstevel@tonic-gate rndflag = B_TRUE; /* all includes random also. */
4457c478bd9Sstevel@tonic-gate } else if (strcmp(argv[c], RANDOM) == 0) {
4467c478bd9Sstevel@tonic-gate rndflag = B_TRUE;
4477c478bd9Sstevel@tonic-gate }
4487c478bd9Sstevel@tonic-gate }
4497c478bd9Sstevel@tonic-gate return (SUCCESS);
4507c478bd9Sstevel@tonic-gate }
4517c478bd9Sstevel@tonic-gate
4527c478bd9Sstevel@tonic-gate /*
4537c478bd9Sstevel@tonic-gate * Process the mechanism operands for the disable, enable and install
4547c478bd9Sstevel@tonic-gate * subcommands. This function sets the static variable allflag to be B_TRUE
4557c478bd9Sstevel@tonic-gate * if the keyword "all" is specified, otherwise builds a link list of the
4567c478bd9Sstevel@tonic-gate * mechanism operands and save it in the static variable mecharglist.
4577c478bd9Sstevel@tonic-gate *
4587c478bd9Sstevel@tonic-gate * This function returns
4597c478bd9Sstevel@tonic-gate * ERROR_USAGE: mechanism operand is missing.
4607c478bd9Sstevel@tonic-gate * FAILURE: out of memory.
4617c478bd9Sstevel@tonic-gate * SUCCESS: otherwise.
4627c478bd9Sstevel@tonic-gate */
4637c478bd9Sstevel@tonic-gate static int
process_mech_operands(int argc,char ** argv,boolean_t quiet)4647c478bd9Sstevel@tonic-gate process_mech_operands(int argc, char **argv, boolean_t quiet)
4657c478bd9Sstevel@tonic-gate {
4667c478bd9Sstevel@tonic-gate mechlist_t *pmech;
4677c478bd9Sstevel@tonic-gate mechlist_t *pcur = NULL;
4687c478bd9Sstevel@tonic-gate mechlist_t *phead = NULL;
4697c478bd9Sstevel@tonic-gate boolean_t found = B_FALSE;
4707c478bd9Sstevel@tonic-gate char *mechliststr = NULL;
4717c478bd9Sstevel@tonic-gate char *curmech = NULL;
4727c478bd9Sstevel@tonic-gate int c = -1;
4737c478bd9Sstevel@tonic-gate int rc = SUCCESS;
4747c478bd9Sstevel@tonic-gate
4757c478bd9Sstevel@tonic-gate while (!found && ++c < argc) {
4767c478bd9Sstevel@tonic-gate if ((strncmp(argv[c], KN_MECH, strlen(KN_MECH)) == 0) &&
4777c478bd9Sstevel@tonic-gate strlen(argv[c]) > strlen(KN_MECH)) {
4787c478bd9Sstevel@tonic-gate found = B_TRUE;
4797c478bd9Sstevel@tonic-gate }
4807c478bd9Sstevel@tonic-gate }
4817c478bd9Sstevel@tonic-gate if (!found) {
4827c478bd9Sstevel@tonic-gate if (!quiet)
4837c478bd9Sstevel@tonic-gate /*
4840a85b835SDaniel Anderson * TRANSLATION_NOTE
4857c478bd9Sstevel@tonic-gate * "mechanism" could be either a literal keyword
4867c478bd9Sstevel@tonic-gate * and hence not to be translated, or a descriptive
4877c478bd9Sstevel@tonic-gate * word and translatable. A choice was made to
4887c478bd9Sstevel@tonic-gate * view it as a literal keyword.
4897c478bd9Sstevel@tonic-gate */
4907c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR,
4917c478bd9Sstevel@tonic-gate gettext("the %s operand is missing.\n"),
4927c478bd9Sstevel@tonic-gate "mechanism");
4937c478bd9Sstevel@tonic-gate return (ERROR_USAGE);
4947c478bd9Sstevel@tonic-gate }
4957c478bd9Sstevel@tonic-gate (void) strtok(argv[c], "=");
4967c478bd9Sstevel@tonic-gate mechliststr = strtok(NULL, "=");
4977c478bd9Sstevel@tonic-gate
4987c478bd9Sstevel@tonic-gate if (strcmp(mechliststr, "all") == 0) {
4997c478bd9Sstevel@tonic-gate allflag = B_TRUE;
5007c478bd9Sstevel@tonic-gate mecharglist = NULL;
5017c478bd9Sstevel@tonic-gate return (SUCCESS);
5027c478bd9Sstevel@tonic-gate }
5037c478bd9Sstevel@tonic-gate
5047c478bd9Sstevel@tonic-gate curmech = strtok(mechliststr, ",");
5057c478bd9Sstevel@tonic-gate do {
5067c478bd9Sstevel@tonic-gate if ((pmech = create_mech(curmech)) == NULL) {
5077c478bd9Sstevel@tonic-gate rc = FAILURE;
5087c478bd9Sstevel@tonic-gate break;
5097c478bd9Sstevel@tonic-gate } else {
5107c478bd9Sstevel@tonic-gate if (phead == NULL) {
5117c478bd9Sstevel@tonic-gate phead = pcur = pmech;
5127c478bd9Sstevel@tonic-gate } else {
5137c478bd9Sstevel@tonic-gate pcur->next = pmech;
5147c478bd9Sstevel@tonic-gate pcur = pmech;
5157c478bd9Sstevel@tonic-gate }
5167c478bd9Sstevel@tonic-gate }
5177c478bd9Sstevel@tonic-gate } while ((curmech = strtok(NULL, ",")) != NULL);
5187c478bd9Sstevel@tonic-gate
5197c478bd9Sstevel@tonic-gate if (rc == FAILURE) {
5207c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("out of memory."));
5217c478bd9Sstevel@tonic-gate free_mechlist(phead);
5227c478bd9Sstevel@tonic-gate } else {
5237c478bd9Sstevel@tonic-gate mecharglist = phead;
5247c478bd9Sstevel@tonic-gate rc = SUCCESS;
5257c478bd9Sstevel@tonic-gate }
5267c478bd9Sstevel@tonic-gate return (rc);
5277c478bd9Sstevel@tonic-gate }
5287c478bd9Sstevel@tonic-gate
5297c478bd9Sstevel@tonic-gate
5307c478bd9Sstevel@tonic-gate
5317c478bd9Sstevel@tonic-gate /*
5321b22764fSDaniel OpenSolaris Anderson * The top level function for the "cryptoadm list" subcommand and options.
5337c478bd9Sstevel@tonic-gate */
5347c478bd9Sstevel@tonic-gate static int
do_list(int argc,char ** argv)5357c478bd9Sstevel@tonic-gate do_list(int argc, char **argv)
5367c478bd9Sstevel@tonic-gate {
5377c478bd9Sstevel@tonic-gate boolean_t mflag = B_FALSE;
5387c478bd9Sstevel@tonic-gate boolean_t pflag = B_FALSE;
5397c478bd9Sstevel@tonic-gate boolean_t vflag = B_FALSE;
5407c478bd9Sstevel@tonic-gate char ch;
5417c478bd9Sstevel@tonic-gate cryptoadm_provider_t *prov = NULL;
5427c478bd9Sstevel@tonic-gate int rc = SUCCESS;
5437c478bd9Sstevel@tonic-gate
5447c478bd9Sstevel@tonic-gate argc -= 1;
5457c478bd9Sstevel@tonic-gate argv += 1;
5467c478bd9Sstevel@tonic-gate
5477c478bd9Sstevel@tonic-gate if (argc == 1) {
5487c478bd9Sstevel@tonic-gate rc = list_simple_for_all(B_FALSE);
5497c478bd9Sstevel@tonic-gate goto out;
5507c478bd9Sstevel@tonic-gate }
5517c478bd9Sstevel@tonic-gate
5527c478bd9Sstevel@tonic-gate /*
5531b22764fSDaniel OpenSolaris Anderson * cryptoadm list [-v] [-m] [-p] [provider=<>] [mechanism=<>]
5547c478bd9Sstevel@tonic-gate */
5557c478bd9Sstevel@tonic-gate if (argc > 5) {
5567c478bd9Sstevel@tonic-gate usage();
5577c478bd9Sstevel@tonic-gate return (rc);
5587c478bd9Sstevel@tonic-gate }
5597c478bd9Sstevel@tonic-gate
5607c478bd9Sstevel@tonic-gate while ((ch = getopt(argc, argv, "mpv")) != EOF) {
5617c478bd9Sstevel@tonic-gate switch (ch) {
5627c478bd9Sstevel@tonic-gate case 'm':
5637c478bd9Sstevel@tonic-gate mflag = B_TRUE;
5647c478bd9Sstevel@tonic-gate if (pflag) {
5657c478bd9Sstevel@tonic-gate rc = ERROR_USAGE;
5667c478bd9Sstevel@tonic-gate }
5677c478bd9Sstevel@tonic-gate break;
5687c478bd9Sstevel@tonic-gate case 'p':
5697c478bd9Sstevel@tonic-gate pflag = B_TRUE;
5707c478bd9Sstevel@tonic-gate if (mflag || vflag) {
5717c478bd9Sstevel@tonic-gate rc = ERROR_USAGE;
5727c478bd9Sstevel@tonic-gate }
5737c478bd9Sstevel@tonic-gate break;
5747c478bd9Sstevel@tonic-gate case 'v':
5757c478bd9Sstevel@tonic-gate vflag = B_TRUE;
5767c478bd9Sstevel@tonic-gate if (pflag)
5777c478bd9Sstevel@tonic-gate rc = ERROR_USAGE;
5787c478bd9Sstevel@tonic-gate break;
5797c478bd9Sstevel@tonic-gate default:
5807c478bd9Sstevel@tonic-gate rc = ERROR_USAGE;
5817c478bd9Sstevel@tonic-gate break;
5827c478bd9Sstevel@tonic-gate }
5837c478bd9Sstevel@tonic-gate }
5847c478bd9Sstevel@tonic-gate
5857c478bd9Sstevel@tonic-gate if (rc == ERROR_USAGE) {
5867c478bd9Sstevel@tonic-gate usage();
5877c478bd9Sstevel@tonic-gate return (rc);
5887c478bd9Sstevel@tonic-gate }
5897c478bd9Sstevel@tonic-gate
5907c478bd9Sstevel@tonic-gate if ((rc = process_feature_operands(argc, argv)) != SUCCESS) {
5917c478bd9Sstevel@tonic-gate goto out;
5927c478bd9Sstevel@tonic-gate }
5937c478bd9Sstevel@tonic-gate
5947c478bd9Sstevel@tonic-gate prov = get_provider(argc, argv);
5957c478bd9Sstevel@tonic-gate
5967c478bd9Sstevel@tonic-gate if (mflag || vflag) {
5977c478bd9Sstevel@tonic-gate if (argc > 0) {
5987c478bd9Sstevel@tonic-gate rc = process_mech_operands(argc, argv, B_TRUE);
5997c478bd9Sstevel@tonic-gate if (rc == FAILURE)
6007c478bd9Sstevel@tonic-gate goto out;
6017c478bd9Sstevel@tonic-gate /* "-m" is implied when a mechanism list is given */
6027c478bd9Sstevel@tonic-gate if (mecharglist != NULL || allflag)
6037c478bd9Sstevel@tonic-gate mflag = B_TRUE;
6047c478bd9Sstevel@tonic-gate }
6057c478bd9Sstevel@tonic-gate }
6067c478bd9Sstevel@tonic-gate
6077c478bd9Sstevel@tonic-gate if (prov == NULL) {
6087c478bd9Sstevel@tonic-gate if (mflag) {
6097c478bd9Sstevel@tonic-gate rc = list_mechlist_for_all(vflag);
6107c478bd9Sstevel@tonic-gate } else if (pflag) {
6117c478bd9Sstevel@tonic-gate rc = list_policy_for_all();
6127c478bd9Sstevel@tonic-gate } else if (vflag) {
6137c478bd9Sstevel@tonic-gate rc = list_simple_for_all(vflag);
6147c478bd9Sstevel@tonic-gate }
6157c478bd9Sstevel@tonic-gate } else if (prov->cp_type == METASLOT) {
6167c478bd9Sstevel@tonic-gate if ((!mflag) && (!vflag) && (!pflag)) {
6177c478bd9Sstevel@tonic-gate /* no flag is specified, just list metaslot status */
6187c478bd9Sstevel@tonic-gate rc = list_metaslot_info(mflag, vflag, mecharglist);
6197c478bd9Sstevel@tonic-gate } else if (mflag || vflag) {
6207c478bd9Sstevel@tonic-gate rc = list_metaslot_info(mflag, vflag, mecharglist);
6217c478bd9Sstevel@tonic-gate } else if (pflag) {
6227c478bd9Sstevel@tonic-gate rc = list_metaslot_policy();
6237c478bd9Sstevel@tonic-gate } else {
6247c478bd9Sstevel@tonic-gate /* error message */
6257c478bd9Sstevel@tonic-gate usage();
6267c478bd9Sstevel@tonic-gate rc = ERROR_USAGE;
6277c478bd9Sstevel@tonic-gate }
6287c478bd9Sstevel@tonic-gate } else if (prov->cp_type == PROV_BADNAME) {
6297c478bd9Sstevel@tonic-gate usage();
6307c478bd9Sstevel@tonic-gate rc = ERROR_USAGE;
6317c478bd9Sstevel@tonic-gate goto out;
6327c478bd9Sstevel@tonic-gate } else { /* do the listing for a provider only */
6331b22764fSDaniel OpenSolaris Anderson char *provname = prov->cp_name;
6341b22764fSDaniel OpenSolaris Anderson
6357c478bd9Sstevel@tonic-gate if (mflag || vflag) {
6367c478bd9Sstevel@tonic-gate if (vflag)
6377c478bd9Sstevel@tonic-gate (void) printf(gettext("Provider: %s\n"),
6381b22764fSDaniel OpenSolaris Anderson provname);
6397c478bd9Sstevel@tonic-gate switch (prov->cp_type) {
6407c478bd9Sstevel@tonic-gate case PROV_UEF_LIB:
6411b22764fSDaniel OpenSolaris Anderson rc = list_mechlist_for_lib(provname,
6421b22764fSDaniel OpenSolaris Anderson mecharglist, NULL, B_FALSE, vflag, mflag);
6437c478bd9Sstevel@tonic-gate break;
6447c478bd9Sstevel@tonic-gate case PROV_KEF_SOFT:
6451b22764fSDaniel OpenSolaris Anderson rc = list_mechlist_for_soft(provname,
646d616ad8eSHai-May Chao NULL, NULL);
6477c478bd9Sstevel@tonic-gate break;
6487c478bd9Sstevel@tonic-gate case PROV_KEF_HARD:
6491b22764fSDaniel OpenSolaris Anderson rc = list_mechlist_for_hard(provname);
6507c478bd9Sstevel@tonic-gate break;
6517c478bd9Sstevel@tonic-gate default: /* should not come here */
6527c478bd9Sstevel@tonic-gate rc = FAILURE;
6537c478bd9Sstevel@tonic-gate break;
6547c478bd9Sstevel@tonic-gate }
6557c478bd9Sstevel@tonic-gate } else if (pflag) {
6567c478bd9Sstevel@tonic-gate switch (prov->cp_type) {
6577c478bd9Sstevel@tonic-gate case PROV_UEF_LIB:
6581b22764fSDaniel OpenSolaris Anderson rc = list_policy_for_lib(provname);
6597c478bd9Sstevel@tonic-gate break;
6607c478bd9Sstevel@tonic-gate case PROV_KEF_SOFT:
6617c478bd9Sstevel@tonic-gate if (getzoneid() == GLOBAL_ZONEID) {
6621b22764fSDaniel OpenSolaris Anderson rc = list_policy_for_soft(provname,
663d616ad8eSHai-May Chao NULL, NULL);
6647c478bd9Sstevel@tonic-gate } else {
6657c478bd9Sstevel@tonic-gate /*
6660a85b835SDaniel Anderson * TRANSLATION_NOTE
6677c478bd9Sstevel@tonic-gate * "global" is keyword and not to
6687c478bd9Sstevel@tonic-gate * be translated.
6697c478bd9Sstevel@tonic-gate */
6707c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext(
6717c478bd9Sstevel@tonic-gate "policy information for kernel "
6727c478bd9Sstevel@tonic-gate "providers is available "
6737c478bd9Sstevel@tonic-gate "in the %s zone only"), "global");
6747c478bd9Sstevel@tonic-gate rc = FAILURE;
6757c478bd9Sstevel@tonic-gate }
6767c478bd9Sstevel@tonic-gate break;
6777c478bd9Sstevel@tonic-gate case PROV_KEF_HARD:
6787c478bd9Sstevel@tonic-gate if (getzoneid() == GLOBAL_ZONEID) {
6797c478bd9Sstevel@tonic-gate rc = list_policy_for_hard(
680d616ad8eSHai-May Chao provname, NULL, NULL, NULL);
6817c478bd9Sstevel@tonic-gate } else {
6827c478bd9Sstevel@tonic-gate /*
6830a85b835SDaniel Anderson * TRANSLATION_NOTE
6847c478bd9Sstevel@tonic-gate * "global" is keyword and not to
6857c478bd9Sstevel@tonic-gate * be translated.
6867c478bd9Sstevel@tonic-gate */
6877c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext(
6887c478bd9Sstevel@tonic-gate "policy information for kernel "
6897c478bd9Sstevel@tonic-gate "providers is available "
6907c478bd9Sstevel@tonic-gate "in the %s zone only"), "global");
6917c478bd9Sstevel@tonic-gate rc = FAILURE;
6927c478bd9Sstevel@tonic-gate }
6937c478bd9Sstevel@tonic-gate
6947c478bd9Sstevel@tonic-gate break;
6957c478bd9Sstevel@tonic-gate default: /* should not come here */
6967c478bd9Sstevel@tonic-gate rc = FAILURE;
6977c478bd9Sstevel@tonic-gate break;
6987c478bd9Sstevel@tonic-gate }
6997c478bd9Sstevel@tonic-gate } else {
7007c478bd9Sstevel@tonic-gate /* error message */
7017c478bd9Sstevel@tonic-gate usage();
7027c478bd9Sstevel@tonic-gate rc = ERROR_USAGE;
7037c478bd9Sstevel@tonic-gate }
7047c478bd9Sstevel@tonic-gate }
7057c478bd9Sstevel@tonic-gate
7067c478bd9Sstevel@tonic-gate out:
7077c478bd9Sstevel@tonic-gate if (prov != NULL)
7087c478bd9Sstevel@tonic-gate free(prov);
7097c478bd9Sstevel@tonic-gate
7107c478bd9Sstevel@tonic-gate if (mecharglist != NULL)
7117c478bd9Sstevel@tonic-gate free_mechlist(mecharglist);
7127c478bd9Sstevel@tonic-gate return (rc);
7137c478bd9Sstevel@tonic-gate }
7147c478bd9Sstevel@tonic-gate
7157c478bd9Sstevel@tonic-gate
7167c478bd9Sstevel@tonic-gate /*
7171b22764fSDaniel OpenSolaris Anderson * The top level function for the "cryptoadm disable" subcommand.
7187c478bd9Sstevel@tonic-gate */
7197c478bd9Sstevel@tonic-gate static int
do_disable(int argc,char ** argv)7207c478bd9Sstevel@tonic-gate do_disable(int argc, char **argv)
7217c478bd9Sstevel@tonic-gate {
7227c478bd9Sstevel@tonic-gate cryptoadm_provider_t *prov = NULL;
7237c478bd9Sstevel@tonic-gate int rc = SUCCESS;
7247c478bd9Sstevel@tonic-gate boolean_t auto_key_migrate_flag = B_FALSE;
7257c478bd9Sstevel@tonic-gate
7267c478bd9Sstevel@tonic-gate if ((argc < 3) || (argc > 5)) {
7277c478bd9Sstevel@tonic-gate usage();
7287c478bd9Sstevel@tonic-gate return (ERROR_USAGE);
7297c478bd9Sstevel@tonic-gate }
7307c478bd9Sstevel@tonic-gate
7317c478bd9Sstevel@tonic-gate prov = get_provider(argc, argv);
7327c478bd9Sstevel@tonic-gate if (prov == NULL) {
7337c478bd9Sstevel@tonic-gate usage();
7347c478bd9Sstevel@tonic-gate return (ERROR_USAGE);
7357c478bd9Sstevel@tonic-gate }
7367c478bd9Sstevel@tonic-gate if (prov->cp_type == PROV_BADNAME) {
7377c478bd9Sstevel@tonic-gate return (FAILURE);
7387c478bd9Sstevel@tonic-gate }
7397c478bd9Sstevel@tonic-gate
7407c478bd9Sstevel@tonic-gate if ((rc = process_feature_operands(argc, argv)) != SUCCESS) {
7417c478bd9Sstevel@tonic-gate goto out;
7427c478bd9Sstevel@tonic-gate }
7437c478bd9Sstevel@tonic-gate
7447c478bd9Sstevel@tonic-gate /*
7457c478bd9Sstevel@tonic-gate * If allflag or rndflag has already been set there is no reason to
7467c478bd9Sstevel@tonic-gate * process mech=
7477c478bd9Sstevel@tonic-gate */
7487c478bd9Sstevel@tonic-gate if (prov->cp_type == METASLOT) {
7497c478bd9Sstevel@tonic-gate if ((argc > 3) &&
7507c478bd9Sstevel@tonic-gate (rc = process_metaslot_operands(argc, argv,
7517c478bd9Sstevel@tonic-gate NULL, NULL, NULL, &auto_key_migrate_flag)) != SUCCESS) {
7527c478bd9Sstevel@tonic-gate usage();
7537c478bd9Sstevel@tonic-gate return (rc);
7547c478bd9Sstevel@tonic-gate }
7557c478bd9Sstevel@tonic-gate } else if (!allflag && !rndflag &&
7567c478bd9Sstevel@tonic-gate (rc = process_mech_operands(argc, argv, B_FALSE)) != SUCCESS) {
7577c478bd9Sstevel@tonic-gate return (rc);
7587c478bd9Sstevel@tonic-gate }
7597c478bd9Sstevel@tonic-gate
7607c478bd9Sstevel@tonic-gate switch (prov->cp_type) {
7617c478bd9Sstevel@tonic-gate case METASLOT:
7627c478bd9Sstevel@tonic-gate rc = disable_metaslot(mecharglist, allflag,
7637c478bd9Sstevel@tonic-gate auto_key_migrate_flag);
7647c478bd9Sstevel@tonic-gate break;
7657c478bd9Sstevel@tonic-gate case PROV_UEF_LIB:
7667c478bd9Sstevel@tonic-gate rc = disable_uef_lib(prov->cp_name, rndflag, allflag,
7677c478bd9Sstevel@tonic-gate mecharglist);
7687c478bd9Sstevel@tonic-gate break;
7697c478bd9Sstevel@tonic-gate case PROV_KEF_SOFT:
7707c478bd9Sstevel@tonic-gate if (rndflag && !allflag) {
7717c478bd9Sstevel@tonic-gate if ((mecharglist = create_mech(RANDOM)) == NULL) {
7727c478bd9Sstevel@tonic-gate rc = FAILURE;
7737c478bd9Sstevel@tonic-gate break;
7747c478bd9Sstevel@tonic-gate }
7757c478bd9Sstevel@tonic-gate }
7767c478bd9Sstevel@tonic-gate if (getzoneid() == GLOBAL_ZONEID) {
7777c478bd9Sstevel@tonic-gate rc = disable_kef_software(prov->cp_name, rndflag,
7787c478bd9Sstevel@tonic-gate allflag, mecharglist);
7797c478bd9Sstevel@tonic-gate } else {
7807c478bd9Sstevel@tonic-gate /*
7810a85b835SDaniel Anderson * TRANSLATION_NOTE
7827c478bd9Sstevel@tonic-gate * "disable" could be either a literal keyword
7837c478bd9Sstevel@tonic-gate * and hence not to be translated, or a verb and
7847c478bd9Sstevel@tonic-gate * translatable. A choice was made to view it as
7857c478bd9Sstevel@tonic-gate * a literal keyword. "global" is keyword and not
7867c478bd9Sstevel@tonic-gate * to be translated.
7877c478bd9Sstevel@tonic-gate */
7887c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("%1$s for kernel "
7897c478bd9Sstevel@tonic-gate "providers is supported in the %2$s zone only"),
7907c478bd9Sstevel@tonic-gate "disable", "global");
7917c478bd9Sstevel@tonic-gate rc = FAILURE;
7927c478bd9Sstevel@tonic-gate }
7937c478bd9Sstevel@tonic-gate break;
7947c478bd9Sstevel@tonic-gate case PROV_KEF_HARD:
7957c478bd9Sstevel@tonic-gate if (rndflag && !allflag) {
7967c478bd9Sstevel@tonic-gate if ((mecharglist = create_mech(RANDOM)) == NULL) {
7977c478bd9Sstevel@tonic-gate rc = FAILURE;
7987c478bd9Sstevel@tonic-gate break;
7997c478bd9Sstevel@tonic-gate }
8007c478bd9Sstevel@tonic-gate }
8017c478bd9Sstevel@tonic-gate if (getzoneid() == GLOBAL_ZONEID) {
8027c478bd9Sstevel@tonic-gate rc = disable_kef_hardware(prov->cp_name, rndflag,
8037c478bd9Sstevel@tonic-gate allflag, mecharglist);
8047c478bd9Sstevel@tonic-gate } else {
8057c478bd9Sstevel@tonic-gate /*
8060a85b835SDaniel Anderson * TRANSLATION_NOTE
8077c478bd9Sstevel@tonic-gate * "disable" could be either a literal keyword
8087c478bd9Sstevel@tonic-gate * and hence not to be translated, or a verb and
8097c478bd9Sstevel@tonic-gate * translatable. A choice was made to view it as
8107c478bd9Sstevel@tonic-gate * a literal keyword. "global" is keyword and not
8117c478bd9Sstevel@tonic-gate * to be translated.
8127c478bd9Sstevel@tonic-gate */
8137c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("%1$s for kernel "
8147c478bd9Sstevel@tonic-gate "providers is supported in the %2$s zone only"),
8157c478bd9Sstevel@tonic-gate "disable", "global");
8167c478bd9Sstevel@tonic-gate rc = FAILURE;
8177c478bd9Sstevel@tonic-gate }
8187c478bd9Sstevel@tonic-gate break;
8197c478bd9Sstevel@tonic-gate default: /* should not come here */
8207c478bd9Sstevel@tonic-gate rc = FAILURE;
8217c478bd9Sstevel@tonic-gate break;
8227c478bd9Sstevel@tonic-gate }
8237c478bd9Sstevel@tonic-gate
8247c478bd9Sstevel@tonic-gate out:
8257c478bd9Sstevel@tonic-gate free(prov);
8267c478bd9Sstevel@tonic-gate if (mecharglist != NULL) {
8277c478bd9Sstevel@tonic-gate free_mechlist(mecharglist);
8287c478bd9Sstevel@tonic-gate }
8297c478bd9Sstevel@tonic-gate return (rc);
8307c478bd9Sstevel@tonic-gate }
8317c478bd9Sstevel@tonic-gate
8327c478bd9Sstevel@tonic-gate
8337c478bd9Sstevel@tonic-gate /*
8341b22764fSDaniel OpenSolaris Anderson * The top level function for the "cryptoadm enable" subcommand.
8357c478bd9Sstevel@tonic-gate */
8367c478bd9Sstevel@tonic-gate static int
do_enable(int argc,char ** argv)8377c478bd9Sstevel@tonic-gate do_enable(int argc, char **argv)
8387c478bd9Sstevel@tonic-gate {
8397c478bd9Sstevel@tonic-gate cryptoadm_provider_t *prov = NULL;
8407c478bd9Sstevel@tonic-gate int rc = SUCCESS;
8417c478bd9Sstevel@tonic-gate char *alt_token = NULL, *alt_slot = NULL;
8421b22764fSDaniel OpenSolaris Anderson boolean_t use_default = B_FALSE;
8431b22764fSDaniel OpenSolaris Anderson boolean_t auto_key_migrate_flag = B_FALSE;
8447c478bd9Sstevel@tonic-gate
8457c478bd9Sstevel@tonic-gate if ((argc < 3) || (argc > 6)) {
8467c478bd9Sstevel@tonic-gate usage();
8477c478bd9Sstevel@tonic-gate return (ERROR_USAGE);
8487c478bd9Sstevel@tonic-gate }
8497c478bd9Sstevel@tonic-gate
8507c478bd9Sstevel@tonic-gate prov = get_provider(argc, argv);
8517c478bd9Sstevel@tonic-gate if (prov == NULL) {
8527c478bd9Sstevel@tonic-gate usage();
8537c478bd9Sstevel@tonic-gate return (ERROR_USAGE);
8547c478bd9Sstevel@tonic-gate }
8557c478bd9Sstevel@tonic-gate if ((prov->cp_type != METASLOT) && (argc != 4)) {
8567c478bd9Sstevel@tonic-gate usage();
8577c478bd9Sstevel@tonic-gate return (ERROR_USAGE);
8587c478bd9Sstevel@tonic-gate }
8597c478bd9Sstevel@tonic-gate if (prov->cp_type == PROV_BADNAME) {
8607c478bd9Sstevel@tonic-gate rc = FAILURE;
8617c478bd9Sstevel@tonic-gate goto out;
8627c478bd9Sstevel@tonic-gate }
8637c478bd9Sstevel@tonic-gate
8647c478bd9Sstevel@tonic-gate
8657c478bd9Sstevel@tonic-gate if (prov->cp_type == METASLOT) {
8667c478bd9Sstevel@tonic-gate if ((rc = process_metaslot_operands(argc, argv, &alt_token,
8677c478bd9Sstevel@tonic-gate &alt_slot, &use_default, &auto_key_migrate_flag))
8687c478bd9Sstevel@tonic-gate != SUCCESS) {
8697c478bd9Sstevel@tonic-gate usage();
8707c478bd9Sstevel@tonic-gate goto out;
8717c478bd9Sstevel@tonic-gate }
8727c478bd9Sstevel@tonic-gate if ((alt_slot || alt_token) && use_default) {
8737c478bd9Sstevel@tonic-gate usage();
8747c478bd9Sstevel@tonic-gate rc = FAILURE;
8757c478bd9Sstevel@tonic-gate goto out;
8767c478bd9Sstevel@tonic-gate }
8777c478bd9Sstevel@tonic-gate } else {
8787c478bd9Sstevel@tonic-gate if ((rc = process_feature_operands(argc, argv)) != SUCCESS) {
8797c478bd9Sstevel@tonic-gate goto out;
8807c478bd9Sstevel@tonic-gate }
8817c478bd9Sstevel@tonic-gate
8827c478bd9Sstevel@tonic-gate /*
8837c478bd9Sstevel@tonic-gate * If allflag or rndflag has already been set there is
8847c478bd9Sstevel@tonic-gate * no reason to process mech=
8857c478bd9Sstevel@tonic-gate */
8867c478bd9Sstevel@tonic-gate if (!allflag && !rndflag &&
8877c478bd9Sstevel@tonic-gate (rc = process_mech_operands(argc, argv, B_FALSE))
8887c478bd9Sstevel@tonic-gate != SUCCESS) {
8897c478bd9Sstevel@tonic-gate goto out;
8907c478bd9Sstevel@tonic-gate }
8917c478bd9Sstevel@tonic-gate }
8927c478bd9Sstevel@tonic-gate
8937c478bd9Sstevel@tonic-gate switch (prov->cp_type) {
8947c478bd9Sstevel@tonic-gate case METASLOT:
8957c478bd9Sstevel@tonic-gate rc = enable_metaslot(alt_token, alt_slot, use_default,
8967c478bd9Sstevel@tonic-gate mecharglist, allflag, auto_key_migrate_flag);
8977c478bd9Sstevel@tonic-gate break;
8987c478bd9Sstevel@tonic-gate case PROV_UEF_LIB:
8997c478bd9Sstevel@tonic-gate rc = enable_uef_lib(prov->cp_name, rndflag, allflag,
9007c478bd9Sstevel@tonic-gate mecharglist);
9017c478bd9Sstevel@tonic-gate break;
9027c478bd9Sstevel@tonic-gate case PROV_KEF_SOFT:
9037c478bd9Sstevel@tonic-gate case PROV_KEF_HARD:
9047c478bd9Sstevel@tonic-gate if (rndflag && !allflag) {
9057c478bd9Sstevel@tonic-gate if ((mecharglist = create_mech(RANDOM)) == NULL) {
9067c478bd9Sstevel@tonic-gate rc = FAILURE;
9077c478bd9Sstevel@tonic-gate break;
9087c478bd9Sstevel@tonic-gate }
9097c478bd9Sstevel@tonic-gate }
9107c478bd9Sstevel@tonic-gate if (getzoneid() == GLOBAL_ZONEID) {
9117c478bd9Sstevel@tonic-gate rc = enable_kef(prov->cp_name, rndflag, allflag,
9127c478bd9Sstevel@tonic-gate mecharglist);
9137c478bd9Sstevel@tonic-gate } else {
9147c478bd9Sstevel@tonic-gate /*
9150a85b835SDaniel Anderson * TRANSLATION_NOTE
9167c478bd9Sstevel@tonic-gate * "enable" could be either a literal keyword
9177c478bd9Sstevel@tonic-gate * and hence not to be translated, or a verb and
9187c478bd9Sstevel@tonic-gate * translatable. A choice was made to view it as
9197c478bd9Sstevel@tonic-gate * a literal keyword. "global" is keyword and not
9207c478bd9Sstevel@tonic-gate * to be translated.
9217c478bd9Sstevel@tonic-gate */
9227c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("%1$s for kernel "
9237c478bd9Sstevel@tonic-gate "providers is supported in the %2$s zone only"),
9247c478bd9Sstevel@tonic-gate "enable", "global");
9257c478bd9Sstevel@tonic-gate rc = FAILURE;
9267c478bd9Sstevel@tonic-gate }
9277c478bd9Sstevel@tonic-gate break;
9287c478bd9Sstevel@tonic-gate default: /* should not come here */
9297c478bd9Sstevel@tonic-gate rc = FAILURE;
9307c478bd9Sstevel@tonic-gate break;
9317c478bd9Sstevel@tonic-gate }
9327c478bd9Sstevel@tonic-gate out:
9337c478bd9Sstevel@tonic-gate free(prov);
9347c478bd9Sstevel@tonic-gate if (mecharglist != NULL) {
9357c478bd9Sstevel@tonic-gate free_mechlist(mecharglist);
9367c478bd9Sstevel@tonic-gate }
9377c478bd9Sstevel@tonic-gate if (alt_token != NULL) {
9387c478bd9Sstevel@tonic-gate free(alt_token);
9397c478bd9Sstevel@tonic-gate }
9407c478bd9Sstevel@tonic-gate if (alt_slot != NULL) {
9417c478bd9Sstevel@tonic-gate free(alt_slot);
9427c478bd9Sstevel@tonic-gate }
9437c478bd9Sstevel@tonic-gate return (rc);
9447c478bd9Sstevel@tonic-gate }
9457c478bd9Sstevel@tonic-gate
9467c478bd9Sstevel@tonic-gate
9477c478bd9Sstevel@tonic-gate
9487c478bd9Sstevel@tonic-gate /*
9491b22764fSDaniel OpenSolaris Anderson * The top level function for the "cryptoadm install" subcommand.
9507c478bd9Sstevel@tonic-gate */
9517c478bd9Sstevel@tonic-gate static int
do_install(int argc,char ** argv)9527c478bd9Sstevel@tonic-gate do_install(int argc, char **argv)
9537c478bd9Sstevel@tonic-gate {
9547c478bd9Sstevel@tonic-gate cryptoadm_provider_t *prov = NULL;
9557c478bd9Sstevel@tonic-gate int rc;
9567c478bd9Sstevel@tonic-gate
9577c478bd9Sstevel@tonic-gate if (argc < 3) {
9587c478bd9Sstevel@tonic-gate usage();
9597c478bd9Sstevel@tonic-gate return (ERROR_USAGE);
9607c478bd9Sstevel@tonic-gate }
9617c478bd9Sstevel@tonic-gate
9627c478bd9Sstevel@tonic-gate prov = get_provider(argc, argv);
9637c478bd9Sstevel@tonic-gate if (prov == NULL ||
9647c478bd9Sstevel@tonic-gate prov->cp_type == PROV_BADNAME || prov->cp_type == PROV_KEF_HARD) {
9657c478bd9Sstevel@tonic-gate /*
9660a85b835SDaniel Anderson * TRANSLATION_NOTE
9677c478bd9Sstevel@tonic-gate * "install" could be either a literal keyword and hence
9687c478bd9Sstevel@tonic-gate * not to be translated, or a verb and translatable. A
9697c478bd9Sstevel@tonic-gate * choice was made to view it as a literal keyword.
9707c478bd9Sstevel@tonic-gate */
9717c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR,
9727c478bd9Sstevel@tonic-gate gettext("bad provider name for %s."), "install");
9737c478bd9Sstevel@tonic-gate rc = FAILURE;
9747c478bd9Sstevel@tonic-gate goto out;
9757c478bd9Sstevel@tonic-gate }
9767c478bd9Sstevel@tonic-gate
9777c478bd9Sstevel@tonic-gate if (prov->cp_type == PROV_UEF_LIB) {
9787c478bd9Sstevel@tonic-gate rc = install_uef_lib(prov->cp_name);
9797c478bd9Sstevel@tonic-gate goto out;
9807c478bd9Sstevel@tonic-gate }
9817c478bd9Sstevel@tonic-gate
9827c478bd9Sstevel@tonic-gate /* It is the PROV_KEF_SOFT type now */
9837c478bd9Sstevel@tonic-gate
9847c478bd9Sstevel@tonic-gate /* check if there are mechanism operands */
9857c478bd9Sstevel@tonic-gate if (argc < 4) {
9867c478bd9Sstevel@tonic-gate /*
9870a85b835SDaniel Anderson * TRANSLATION_NOTE
9887c478bd9Sstevel@tonic-gate * "mechanism" could be either a literal keyword and hence
9897c478bd9Sstevel@tonic-gate * not to be translated, or a descriptive word and
9907c478bd9Sstevel@tonic-gate * translatable. A choice was made to view it as a literal
9917c478bd9Sstevel@tonic-gate * keyword.
9927c478bd9Sstevel@tonic-gate */
9937c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR,
9947c478bd9Sstevel@tonic-gate gettext("need %s operands for installing a"
9957c478bd9Sstevel@tonic-gate " kernel software provider."), "mechanism");
9967c478bd9Sstevel@tonic-gate rc = ERROR_USAGE;
9977c478bd9Sstevel@tonic-gate goto out;
9987c478bd9Sstevel@tonic-gate }
9997c478bd9Sstevel@tonic-gate
10007c478bd9Sstevel@tonic-gate if ((rc = process_mech_operands(argc, argv, B_FALSE)) != SUCCESS) {
10017c478bd9Sstevel@tonic-gate goto out;
10027c478bd9Sstevel@tonic-gate }
10037c478bd9Sstevel@tonic-gate
10047c478bd9Sstevel@tonic-gate if (allflag == B_TRUE) {
10057c478bd9Sstevel@tonic-gate /*
10060a85b835SDaniel Anderson * TRANSLATION_NOTE
10077c478bd9Sstevel@tonic-gate * "all", "mechanism", and "install" are all keywords and
10087c478bd9Sstevel@tonic-gate * not to be translated.
10097c478bd9Sstevel@tonic-gate */
10107c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR,
10117c478bd9Sstevel@tonic-gate gettext("can not use the %1$s keyword for %2$s "
10127c478bd9Sstevel@tonic-gate "in the %3$s subcommand."), "all", "mechanism", "install");
10137c478bd9Sstevel@tonic-gate rc = ERROR_USAGE;
10147c478bd9Sstevel@tonic-gate goto out;
10157c478bd9Sstevel@tonic-gate }
10167c478bd9Sstevel@tonic-gate
10177c478bd9Sstevel@tonic-gate if (getzoneid() == GLOBAL_ZONEID) {
10187c478bd9Sstevel@tonic-gate rc = install_kef(prov->cp_name, mecharglist);
10197c478bd9Sstevel@tonic-gate } else {
10207c478bd9Sstevel@tonic-gate /*
10210a85b835SDaniel Anderson * TRANSLATION_NOTE
10227c478bd9Sstevel@tonic-gate * "install" could be either a literal keyword and hence
10237c478bd9Sstevel@tonic-gate * not to be translated, or a verb and translatable. A
10247c478bd9Sstevel@tonic-gate * choice was made to view it as a literal keyword.
10257c478bd9Sstevel@tonic-gate * "global" is keyword and not to be translated.
10267c478bd9Sstevel@tonic-gate */
10277c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("%1$s for kernel providers "
10287c478bd9Sstevel@tonic-gate "is supported in the %2$s zone only"), "install", "global");
10297c478bd9Sstevel@tonic-gate rc = FAILURE;
10307c478bd9Sstevel@tonic-gate }
10317c478bd9Sstevel@tonic-gate out:
10327c478bd9Sstevel@tonic-gate free(prov);
10337c478bd9Sstevel@tonic-gate return (rc);
10347c478bd9Sstevel@tonic-gate }
10357c478bd9Sstevel@tonic-gate
10367c478bd9Sstevel@tonic-gate
10377c478bd9Sstevel@tonic-gate
10387c478bd9Sstevel@tonic-gate /*
10391b22764fSDaniel OpenSolaris Anderson * The top level function for the "cryptoadm uninstall" subcommand.
10407c478bd9Sstevel@tonic-gate */
10417c478bd9Sstevel@tonic-gate static int
do_uninstall(int argc,char ** argv)10427c478bd9Sstevel@tonic-gate do_uninstall(int argc, char **argv)
10437c478bd9Sstevel@tonic-gate {
10447c478bd9Sstevel@tonic-gate cryptoadm_provider_t *prov = NULL;
10457c478bd9Sstevel@tonic-gate int rc = SUCCESS;
10467c478bd9Sstevel@tonic-gate
10477c478bd9Sstevel@tonic-gate if (argc != 3) {
10487c478bd9Sstevel@tonic-gate usage();
10497c478bd9Sstevel@tonic-gate return (ERROR_USAGE);
10507c478bd9Sstevel@tonic-gate }
10517c478bd9Sstevel@tonic-gate
10527c478bd9Sstevel@tonic-gate prov = get_provider(argc, argv);
10537c478bd9Sstevel@tonic-gate if (prov == NULL ||
10547c478bd9Sstevel@tonic-gate prov->cp_type == PROV_BADNAME || prov->cp_type == PROV_KEF_HARD) {
10557c478bd9Sstevel@tonic-gate /*
10560a85b835SDaniel Anderson * TRANSLATION_NOTE
10577c478bd9Sstevel@tonic-gate * "uninstall" could be either a literal keyword and hence
10587c478bd9Sstevel@tonic-gate * not to be translated, or a verb and translatable. A
10597c478bd9Sstevel@tonic-gate * choice was made to view it as a literal keyword.
10607c478bd9Sstevel@tonic-gate */
10617c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR,
10627c478bd9Sstevel@tonic-gate gettext("bad provider name for %s."), "uninstall");
10637c478bd9Sstevel@tonic-gate free(prov);
10647c478bd9Sstevel@tonic-gate return (FAILURE);
10657c478bd9Sstevel@tonic-gate }
10667c478bd9Sstevel@tonic-gate
10677c478bd9Sstevel@tonic-gate if (prov->cp_type == PROV_UEF_LIB) {
10687c478bd9Sstevel@tonic-gate rc = uninstall_uef_lib(prov->cp_name);
10691b22764fSDaniel OpenSolaris Anderson
10707c478bd9Sstevel@tonic-gate } else if (prov->cp_type == PROV_KEF_SOFT) {
10717c478bd9Sstevel@tonic-gate if (getzoneid() == GLOBAL_ZONEID) {
10721b22764fSDaniel OpenSolaris Anderson /* unload and remove from kcf.conf */
10737c478bd9Sstevel@tonic-gate rc = uninstall_kef(prov->cp_name);
10747c478bd9Sstevel@tonic-gate } else {
10757c478bd9Sstevel@tonic-gate /*
10760a85b835SDaniel Anderson * TRANSLATION_NOTE
10777c478bd9Sstevel@tonic-gate * "uninstall" could be either a literal keyword and
10787c478bd9Sstevel@tonic-gate * hence not to be translated, or a verb and
10797c478bd9Sstevel@tonic-gate * translatable. A choice was made to view it as a
10807c478bd9Sstevel@tonic-gate * literal keyword. "global" is keyword and not to
10817c478bd9Sstevel@tonic-gate * be translated.
10827c478bd9Sstevel@tonic-gate */
10837c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("%1$s for kernel "
10847c478bd9Sstevel@tonic-gate "providers is supported in the %2$s zone only"),
10857c478bd9Sstevel@tonic-gate "uninstall", "global");
10867c478bd9Sstevel@tonic-gate rc = FAILURE;
10877c478bd9Sstevel@tonic-gate }
10887c478bd9Sstevel@tonic-gate }
10897c478bd9Sstevel@tonic-gate
10907c478bd9Sstevel@tonic-gate free(prov);
10917c478bd9Sstevel@tonic-gate return (rc);
10927c478bd9Sstevel@tonic-gate }
10937c478bd9Sstevel@tonic-gate
10947c478bd9Sstevel@tonic-gate
10957c478bd9Sstevel@tonic-gate /*
10961b22764fSDaniel OpenSolaris Anderson * The top level function for the "cryptoadm unload" subcommand.
10977c478bd9Sstevel@tonic-gate */
10987c478bd9Sstevel@tonic-gate static int
do_unload(int argc,char ** argv)10997c478bd9Sstevel@tonic-gate do_unload(int argc, char **argv)
11007c478bd9Sstevel@tonic-gate {
11017c478bd9Sstevel@tonic-gate cryptoadm_provider_t *prov = NULL;
11021b22764fSDaniel OpenSolaris Anderson entry_t *pent = NULL;
11031b22764fSDaniel OpenSolaris Anderson boolean_t in_kernel = B_FALSE;
11047c478bd9Sstevel@tonic-gate int rc = SUCCESS;
11051b22764fSDaniel OpenSolaris Anderson char *provname = NULL;
11067c478bd9Sstevel@tonic-gate
11077c478bd9Sstevel@tonic-gate if (argc != 3) {
11087c478bd9Sstevel@tonic-gate usage();
11097c478bd9Sstevel@tonic-gate return (ERROR_USAGE);
11107c478bd9Sstevel@tonic-gate }
11117c478bd9Sstevel@tonic-gate
11127c478bd9Sstevel@tonic-gate /* check if it is a kernel software provider */
11137c478bd9Sstevel@tonic-gate prov = get_provider(argc, argv);
11147c478bd9Sstevel@tonic-gate if (prov == NULL) {
11157c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR,
11167c478bd9Sstevel@tonic-gate gettext("unable to determine provider name."));
11177c478bd9Sstevel@tonic-gate goto out;
11187c478bd9Sstevel@tonic-gate }
11191b22764fSDaniel OpenSolaris Anderson provname = prov->cp_name;
11207c478bd9Sstevel@tonic-gate if (prov->cp_type != PROV_KEF_SOFT) {
11217c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR,
11227c478bd9Sstevel@tonic-gate gettext("%s is not a valid kernel software provider."),
11231b22764fSDaniel OpenSolaris Anderson provname);
11247c478bd9Sstevel@tonic-gate rc = FAILURE;
11257c478bd9Sstevel@tonic-gate goto out;
11267c478bd9Sstevel@tonic-gate }
11277c478bd9Sstevel@tonic-gate
11287c478bd9Sstevel@tonic-gate if (getzoneid() != GLOBAL_ZONEID) {
11297c478bd9Sstevel@tonic-gate /*
11300a85b835SDaniel Anderson * TRANSLATION_NOTE
11317c478bd9Sstevel@tonic-gate * "unload" could be either a literal keyword and hence
11327c478bd9Sstevel@tonic-gate * not to be translated, or a verb and translatable.
11337c478bd9Sstevel@tonic-gate * A choice was made to view it as a literal keyword.
11347c478bd9Sstevel@tonic-gate * "global" is keyword and not to be translated.
11357c478bd9Sstevel@tonic-gate */
11367c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("%1$s for kernel providers "
11377c478bd9Sstevel@tonic-gate "is supported in the %2$s zone only"), "unload", "global");
11387c478bd9Sstevel@tonic-gate rc = FAILURE;
11397c478bd9Sstevel@tonic-gate goto out;
11407c478bd9Sstevel@tonic-gate }
11417c478bd9Sstevel@tonic-gate
11421b22764fSDaniel OpenSolaris Anderson if (check_kernel_for_soft(provname, NULL, &in_kernel) == FAILURE) {
11431b22764fSDaniel OpenSolaris Anderson cryptodebug("internal error");
11441b22764fSDaniel OpenSolaris Anderson rc = FAILURE;
11451b22764fSDaniel OpenSolaris Anderson goto out;
11461b22764fSDaniel OpenSolaris Anderson } else if (in_kernel == B_FALSE) {
11477c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR,
11481b22764fSDaniel OpenSolaris Anderson gettext("provider %s is not loaded or does not exist."),
11491b22764fSDaniel OpenSolaris Anderson provname);
11507c478bd9Sstevel@tonic-gate rc = FAILURE;
11517c478bd9Sstevel@tonic-gate goto out;
11527c478bd9Sstevel@tonic-gate }
11531b22764fSDaniel OpenSolaris Anderson
11541b22764fSDaniel OpenSolaris Anderson /* Get kcf.conf entry. If none, build a new entry */
1155d616ad8eSHai-May Chao if ((pent = getent_kef(provname, NULL, NULL)) == NULL) {
11561b22764fSDaniel OpenSolaris Anderson if ((pent = create_entry(provname)) == NULL) {
11571b22764fSDaniel OpenSolaris Anderson cryptoerror(LOG_STDERR, gettext("out of memory."));
11581b22764fSDaniel OpenSolaris Anderson rc = FAILURE;
11591b22764fSDaniel OpenSolaris Anderson goto out;
11601b22764fSDaniel OpenSolaris Anderson }
11611b22764fSDaniel OpenSolaris Anderson }
11627c478bd9Sstevel@tonic-gate
11637c478bd9Sstevel@tonic-gate /* If it is unloaded already, return */
11641b22764fSDaniel OpenSolaris Anderson if (!pent->load) { /* unloaded already */
11657c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR,
11661b22764fSDaniel OpenSolaris Anderson gettext("failed to unload %s."), provname);
11677c478bd9Sstevel@tonic-gate rc = FAILURE;
11687c478bd9Sstevel@tonic-gate goto out;
11691b22764fSDaniel OpenSolaris Anderson } else if (unload_kef_soft(provname) != FAILURE) {
11701b22764fSDaniel OpenSolaris Anderson /* Mark as unloaded in kcf.conf */
11711b22764fSDaniel OpenSolaris Anderson pent->load = B_FALSE;
11721b22764fSDaniel OpenSolaris Anderson rc = update_kcfconf(pent, MODIFY_MODE);
11737c478bd9Sstevel@tonic-gate } else {
11741b22764fSDaniel OpenSolaris Anderson cryptoerror(LOG_STDERR,
11751b22764fSDaniel OpenSolaris Anderson gettext("failed to unload %s."), provname);
11761b22764fSDaniel OpenSolaris Anderson rc = FAILURE;
11777c478bd9Sstevel@tonic-gate }
11787c478bd9Sstevel@tonic-gate out:
11797c478bd9Sstevel@tonic-gate free(prov);
11801b22764fSDaniel OpenSolaris Anderson free_entry(pent);
11817c478bd9Sstevel@tonic-gate return (rc);
11827c478bd9Sstevel@tonic-gate }
11837c478bd9Sstevel@tonic-gate
11847c478bd9Sstevel@tonic-gate
11857c478bd9Sstevel@tonic-gate
11867c478bd9Sstevel@tonic-gate /*
11871b22764fSDaniel OpenSolaris Anderson * The top level function for the "cryptoadm refresh" subcommand.
11887c478bd9Sstevel@tonic-gate */
11897c478bd9Sstevel@tonic-gate static int
do_refresh(int argc)11907c478bd9Sstevel@tonic-gate do_refresh(int argc)
11917c478bd9Sstevel@tonic-gate {
11927c478bd9Sstevel@tonic-gate if (argc != 2) {
11937c478bd9Sstevel@tonic-gate usage();
11947c478bd9Sstevel@tonic-gate return (ERROR_USAGE);
11957c478bd9Sstevel@tonic-gate }
11967c478bd9Sstevel@tonic-gate
11971b22764fSDaniel OpenSolaris Anderson if (getzoneid() == GLOBAL_ZONEID) {
11981b22764fSDaniel OpenSolaris Anderson return (refresh());
11991b22764fSDaniel OpenSolaris Anderson } else { /* non-global zone */
12007c478bd9Sstevel@tonic-gate /*
12017c478bd9Sstevel@tonic-gate * Note: in non-global zone, this must silently return SUCCESS
12027c478bd9Sstevel@tonic-gate * due to integration with SMF, for "svcadm refresh cryptosvc"
12037c478bd9Sstevel@tonic-gate */
12047c478bd9Sstevel@tonic-gate return (SUCCESS);
12051b22764fSDaniel OpenSolaris Anderson }
12067c478bd9Sstevel@tonic-gate }
12077c478bd9Sstevel@tonic-gate
12087c478bd9Sstevel@tonic-gate
12097c478bd9Sstevel@tonic-gate /*
12101b22764fSDaniel OpenSolaris Anderson * The top level function for the "cryptoadm start" subcommand.
1211*6ea3c060SGarrett D'Amore * This used to start up kcfd, but now all it does is load up the
1212*6ea3c060SGarrett D'Amore * initial providers.
12137c478bd9Sstevel@tonic-gate */
12147c478bd9Sstevel@tonic-gate static int
do_start(int argc)12157c478bd9Sstevel@tonic-gate do_start(int argc)
12167c478bd9Sstevel@tonic-gate {
12177c478bd9Sstevel@tonic-gate if (argc != 2) {
12187c478bd9Sstevel@tonic-gate usage();
12197c478bd9Sstevel@tonic-gate return (ERROR_USAGE);
12207c478bd9Sstevel@tonic-gate }
12217c478bd9Sstevel@tonic-gate
1222*6ea3c060SGarrett D'Amore return (do_refresh(argc));
12237c478bd9Sstevel@tonic-gate }
12247c478bd9Sstevel@tonic-gate
12257c478bd9Sstevel@tonic-gate /*
12261b22764fSDaniel OpenSolaris Anderson * The top level function for the "cryptoadm stop" subcommand.
1227*6ea3c060SGarrett D'Amore * This no longer does anything useful, but we leave it here
1228*6ea3c060SGarrett D'Amore * for compatibility.
12297c478bd9Sstevel@tonic-gate */
12307c478bd9Sstevel@tonic-gate static int
do_stop(int argc)12317c478bd9Sstevel@tonic-gate do_stop(int argc)
12327c478bd9Sstevel@tonic-gate {
12337c478bd9Sstevel@tonic-gate if (argc != 2) {
12347c478bd9Sstevel@tonic-gate usage();
12357c478bd9Sstevel@tonic-gate return (ERROR_USAGE);
12367c478bd9Sstevel@tonic-gate }
12377c478bd9Sstevel@tonic-gate
1238*6ea3c060SGarrett D'Amore return (SUCCESS);
12397c478bd9Sstevel@tonic-gate }
12407c478bd9Sstevel@tonic-gate
12417c478bd9Sstevel@tonic-gate
12427c478bd9Sstevel@tonic-gate
12437c478bd9Sstevel@tonic-gate /*
12441b22764fSDaniel OpenSolaris Anderson * Print a list all the the providers.
12451b22764fSDaniel OpenSolaris Anderson * Called for "cryptoadm list" or "cryptoadm list -v" (no -m or -p).
12467c478bd9Sstevel@tonic-gate */
12477c478bd9Sstevel@tonic-gate static int
list_simple_for_all(boolean_t verbose)12487c478bd9Sstevel@tonic-gate list_simple_for_all(boolean_t verbose)
12497c478bd9Sstevel@tonic-gate {
12501b22764fSDaniel OpenSolaris Anderson uentrylist_t *pliblist = NULL;
12511b22764fSDaniel OpenSolaris Anderson uentrylist_t *plibptr = NULL;
12521b22764fSDaniel OpenSolaris Anderson entry_t *pent = NULL;
12537c478bd9Sstevel@tonic-gate crypto_get_dev_list_t *pdevlist_kernel = NULL;
12541b22764fSDaniel OpenSolaris Anderson int rc = SUCCESS;
12557c478bd9Sstevel@tonic-gate int i;
12567c478bd9Sstevel@tonic-gate
12577c478bd9Sstevel@tonic-gate /* get user-level providers */
12587c478bd9Sstevel@tonic-gate (void) printf(gettext("\nUser-level providers:\n"));
12597c478bd9Sstevel@tonic-gate if (get_pkcs11conf_info(&pliblist) != SUCCESS) {
12607c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext(
12617c478bd9Sstevel@tonic-gate "failed to retrieve the list of user-level providers."));
12621b22764fSDaniel OpenSolaris Anderson rc = FAILURE;
12637c478bd9Sstevel@tonic-gate }
12641b22764fSDaniel OpenSolaris Anderson
12651b22764fSDaniel OpenSolaris Anderson for (plibptr = pliblist; plibptr != NULL; plibptr = plibptr->next) {
1266d616ad8eSHai-May Chao /* skip metaslot and fips-140 entry */
1267d616ad8eSHai-May Chao if ((strcmp(plibptr->puent->name, METASLOT_KEYWORD) != 0) &&
1268d616ad8eSHai-May Chao (strcmp(plibptr->puent->name, FIPS_KEYWORD) != 0)) {
12697c478bd9Sstevel@tonic-gate (void) printf(gettext("Provider: %s\n"),
12707c478bd9Sstevel@tonic-gate plibptr->puent->name);
12717c478bd9Sstevel@tonic-gate if (verbose) {
12727c478bd9Sstevel@tonic-gate (void) list_mechlist_for_lib(
12737c478bd9Sstevel@tonic-gate plibptr->puent->name, mecharglist, NULL,
12747c478bd9Sstevel@tonic-gate B_FALSE, verbose, B_FALSE);
12757c478bd9Sstevel@tonic-gate (void) printf("\n");
12767c478bd9Sstevel@tonic-gate }
12777c478bd9Sstevel@tonic-gate }
12787c478bd9Sstevel@tonic-gate }
12797c478bd9Sstevel@tonic-gate free_uentrylist(pliblist);
12807c478bd9Sstevel@tonic-gate
12817c478bd9Sstevel@tonic-gate /* get kernel software providers */
12827c478bd9Sstevel@tonic-gate (void) printf(gettext("\nKernel software providers:\n"));
12837c478bd9Sstevel@tonic-gate
12847c478bd9Sstevel@tonic-gate if (getzoneid() == GLOBAL_ZONEID) {
12851b22764fSDaniel OpenSolaris Anderson /* get kernel software providers from kernel ioctl */
12861b22764fSDaniel OpenSolaris Anderson crypto_get_soft_list_t *psoftlist_kernel = NULL;
12871b22764fSDaniel OpenSolaris Anderson uint_t sl_soft_count;
12881b22764fSDaniel OpenSolaris Anderson char *psoftname;
12891b22764fSDaniel OpenSolaris Anderson entrylist_t *pdevlist_conf = NULL;
12901b22764fSDaniel OpenSolaris Anderson entrylist_t *psoftlist_conf = NULL;
12917c478bd9Sstevel@tonic-gate
12921b22764fSDaniel OpenSolaris Anderson if (get_soft_list(&psoftlist_kernel) == FAILURE) {
12931b22764fSDaniel OpenSolaris Anderson cryptoerror(LOG_ERR, gettext("Failed to retrieve the "
12941b22764fSDaniel OpenSolaris Anderson "software provider list from kernel."));
12951b22764fSDaniel OpenSolaris Anderson rc = FAILURE;
12967c478bd9Sstevel@tonic-gate } else {
12971b22764fSDaniel OpenSolaris Anderson sl_soft_count = psoftlist_kernel->sl_soft_count;
12987c478bd9Sstevel@tonic-gate
1299d616ad8eSHai-May Chao if (get_kcfconf_info(&pdevlist_conf, &psoftlist_conf)
1300d616ad8eSHai-May Chao == FAILURE) {
13011b22764fSDaniel OpenSolaris Anderson cryptoerror(LOG_ERR,
13021b22764fSDaniel OpenSolaris Anderson "failed to retrieve the providers' "
13031b22764fSDaniel OpenSolaris Anderson "information from file kcf.conf - %s.",
13041b22764fSDaniel OpenSolaris Anderson _PATH_KCF_CONF);
13051b22764fSDaniel OpenSolaris Anderson free(psoftlist_kernel);
13061b22764fSDaniel OpenSolaris Anderson rc = FAILURE;
13071b22764fSDaniel OpenSolaris Anderson } else {
13081b22764fSDaniel OpenSolaris Anderson
13091b22764fSDaniel OpenSolaris Anderson for (i = 0,
13101b22764fSDaniel OpenSolaris Anderson psoftname = psoftlist_kernel->sl_soft_names;
13111b22764fSDaniel OpenSolaris Anderson i < sl_soft_count;
13121b22764fSDaniel OpenSolaris Anderson ++i, psoftname += strlen(psoftname) + 1) {
13131b22764fSDaniel OpenSolaris Anderson pent = getent_kef(psoftname,
1314d616ad8eSHai-May Chao pdevlist_conf, psoftlist_conf);
13151b22764fSDaniel OpenSolaris Anderson (void) printf("\t%s%s\n", psoftname,
13161b22764fSDaniel OpenSolaris Anderson (pent == NULL) || (pent->load) ?
13171b22764fSDaniel OpenSolaris Anderson "" : gettext(" (inactive)"));
13181b22764fSDaniel OpenSolaris Anderson }
13197c478bd9Sstevel@tonic-gate free_entrylist(pdevlist_conf);
13207c478bd9Sstevel@tonic-gate free_entrylist(psoftlist_conf);
13211b22764fSDaniel OpenSolaris Anderson }
13221b22764fSDaniel OpenSolaris Anderson free(psoftlist_kernel);
13231b22764fSDaniel OpenSolaris Anderson }
13241b22764fSDaniel OpenSolaris Anderson
13257c478bd9Sstevel@tonic-gate } else {
13267c478bd9Sstevel@tonic-gate /* kcf.conf not there in non-global zone, use /dev/cryptoadm */
13271b22764fSDaniel OpenSolaris Anderson entrylist_t *pdevlist_zone = NULL;
13281b22764fSDaniel OpenSolaris Anderson entrylist_t *psoftlist_zone = NULL;
13291b22764fSDaniel OpenSolaris Anderson entrylist_t *ptr;
13307c478bd9Sstevel@tonic-gate
13317c478bd9Sstevel@tonic-gate if (get_admindev_info(&pdevlist_zone, &psoftlist_zone) !=
13327c478bd9Sstevel@tonic-gate SUCCESS) {
13337c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR,
13347c478bd9Sstevel@tonic-gate gettext("failed to retrieve the "
13357c478bd9Sstevel@tonic-gate "list of kernel software providers.\n"));
13361b22764fSDaniel OpenSolaris Anderson rc = FAILURE;
13377c478bd9Sstevel@tonic-gate }
13387c478bd9Sstevel@tonic-gate
13397c478bd9Sstevel@tonic-gate ptr = psoftlist_zone;
13407c478bd9Sstevel@tonic-gate while (ptr != NULL) {
13417c478bd9Sstevel@tonic-gate (void) printf("\t%s\n", ptr->pent->name);
13427c478bd9Sstevel@tonic-gate ptr = ptr->next;
13437c478bd9Sstevel@tonic-gate }
13447c478bd9Sstevel@tonic-gate
13457c478bd9Sstevel@tonic-gate free_entrylist(pdevlist_zone);
13467c478bd9Sstevel@tonic-gate free_entrylist(psoftlist_zone);
13477c478bd9Sstevel@tonic-gate }
13487c478bd9Sstevel@tonic-gate
13497c478bd9Sstevel@tonic-gate /* get kernel hardware providers */
13507c478bd9Sstevel@tonic-gate (void) printf(gettext("\nKernel hardware providers:\n"));
13517c478bd9Sstevel@tonic-gate if (get_dev_list(&pdevlist_kernel) == FAILURE) {
13527c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("failed to retrieve "
13537c478bd9Sstevel@tonic-gate "the list of kernel hardware providers.\n"));
13541b22764fSDaniel OpenSolaris Anderson rc = FAILURE;
13557c478bd9Sstevel@tonic-gate } else {
13567c478bd9Sstevel@tonic-gate for (i = 0; i < pdevlist_kernel->dl_dev_count; i++) {
13577c478bd9Sstevel@tonic-gate (void) printf("\t%s/%d\n",
13587c478bd9Sstevel@tonic-gate pdevlist_kernel->dl_devs[i].le_dev_name,
13597c478bd9Sstevel@tonic-gate pdevlist_kernel->dl_devs[i].le_dev_instance);
13607c478bd9Sstevel@tonic-gate }
13617c478bd9Sstevel@tonic-gate }
13627c478bd9Sstevel@tonic-gate free(pdevlist_kernel);
13637c478bd9Sstevel@tonic-gate
13641b22764fSDaniel OpenSolaris Anderson return (rc);
13657c478bd9Sstevel@tonic-gate }
13667c478bd9Sstevel@tonic-gate
13677c478bd9Sstevel@tonic-gate
13687c478bd9Sstevel@tonic-gate
13697c478bd9Sstevel@tonic-gate /*
13707c478bd9Sstevel@tonic-gate * List all the providers. And for each provider, list the mechanism list.
13711b22764fSDaniel OpenSolaris Anderson * Called for "cryptoadm list -m" or "cryptoadm list -mv" .
13727c478bd9Sstevel@tonic-gate */
13737c478bd9Sstevel@tonic-gate static int
list_mechlist_for_all(boolean_t verbose)13747c478bd9Sstevel@tonic-gate list_mechlist_for_all(boolean_t verbose)
13757c478bd9Sstevel@tonic-gate {
13761b22764fSDaniel OpenSolaris Anderson crypto_get_dev_list_t *pdevlist_kernel = NULL;
13771b22764fSDaniel OpenSolaris Anderson uentrylist_t *pliblist = NULL;
13781b22764fSDaniel OpenSolaris Anderson uentrylist_t *plibptr = NULL;
13791b22764fSDaniel OpenSolaris Anderson entry_t *pent = NULL;
13801b22764fSDaniel OpenSolaris Anderson mechlist_t *pmechlist = NULL;
13817c478bd9Sstevel@tonic-gate char provname[MAXNAMELEN];
13827c478bd9Sstevel@tonic-gate char devname[MAXNAMELEN];
13837c478bd9Sstevel@tonic-gate int inst_num;
13847c478bd9Sstevel@tonic-gate int count;
13857c478bd9Sstevel@tonic-gate int i;
13867c478bd9Sstevel@tonic-gate int rv;
13877c478bd9Sstevel@tonic-gate int rc = SUCCESS;
13887c478bd9Sstevel@tonic-gate
13897c478bd9Sstevel@tonic-gate /* get user-level providers */
13907c478bd9Sstevel@tonic-gate (void) printf(gettext("\nUser-level providers:\n"));
13917c478bd9Sstevel@tonic-gate /*
13920a85b835SDaniel Anderson * TRANSLATION_NOTE
13937c478bd9Sstevel@tonic-gate * Strictly for appearance's sake, this line should be as long as
13947c478bd9Sstevel@tonic-gate * the length of the translated text above.
13957c478bd9Sstevel@tonic-gate */
13967c478bd9Sstevel@tonic-gate (void) printf(gettext("=====================\n"));
13977c478bd9Sstevel@tonic-gate if (get_pkcs11conf_info(&pliblist) != SUCCESS) {
13987c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("failed to retrieve "
13997c478bd9Sstevel@tonic-gate "the list of user-level providers.\n"));
14007c478bd9Sstevel@tonic-gate rc = FAILURE;
14017c478bd9Sstevel@tonic-gate }
14027c478bd9Sstevel@tonic-gate
14037c478bd9Sstevel@tonic-gate plibptr = pliblist;
14047c478bd9Sstevel@tonic-gate while (plibptr != NULL) {
1405d616ad8eSHai-May Chao /* skip metaslot and fips-140 entry */
1406d616ad8eSHai-May Chao if ((strcmp(plibptr->puent->name, METASLOT_KEYWORD) != 0) &&
1407d616ad8eSHai-May Chao (strcmp(plibptr->puent->name, FIPS_KEYWORD) != 0)) {
14087c478bd9Sstevel@tonic-gate (void) printf(gettext("\nProvider: %s\n"),
14097c478bd9Sstevel@tonic-gate plibptr->puent->name);
14107c478bd9Sstevel@tonic-gate rv = list_mechlist_for_lib(plibptr->puent->name,
14117c478bd9Sstevel@tonic-gate mecharglist, NULL, B_FALSE, verbose, B_TRUE);
14127c478bd9Sstevel@tonic-gate if (rv == FAILURE) {
14137c478bd9Sstevel@tonic-gate rc = FAILURE;
14147c478bd9Sstevel@tonic-gate }
14157c478bd9Sstevel@tonic-gate }
14167c478bd9Sstevel@tonic-gate plibptr = plibptr->next;
14177c478bd9Sstevel@tonic-gate }
14187c478bd9Sstevel@tonic-gate free_uentrylist(pliblist);
14197c478bd9Sstevel@tonic-gate
14207c478bd9Sstevel@tonic-gate /* get kernel software providers */
14217c478bd9Sstevel@tonic-gate (void) printf(gettext("\nKernel software providers:\n"));
14221b22764fSDaniel OpenSolaris Anderson
14237c478bd9Sstevel@tonic-gate /*
14240a85b835SDaniel Anderson * TRANSLATION_NOTE
14257c478bd9Sstevel@tonic-gate * Strictly for appearance's sake, this line should be as long as
14267c478bd9Sstevel@tonic-gate * the length of the translated text above.
14277c478bd9Sstevel@tonic-gate */
14287c478bd9Sstevel@tonic-gate (void) printf(gettext("==========================\n"));
14297c478bd9Sstevel@tonic-gate if (getzoneid() == GLOBAL_ZONEID) {
14301b22764fSDaniel OpenSolaris Anderson /* get kernel software providers from kernel ioctl */
14311b22764fSDaniel OpenSolaris Anderson crypto_get_soft_list_t *psoftlist_kernel = NULL;
14321b22764fSDaniel OpenSolaris Anderson uint_t sl_soft_count;
14331b22764fSDaniel OpenSolaris Anderson char *psoftname;
14341b22764fSDaniel OpenSolaris Anderson int i;
14351b22764fSDaniel OpenSolaris Anderson entrylist_t *pdevlist_conf = NULL;
14361b22764fSDaniel OpenSolaris Anderson entrylist_t *psoftlist_conf = NULL;
14377c478bd9Sstevel@tonic-gate
14381b22764fSDaniel OpenSolaris Anderson if (get_soft_list(&psoftlist_kernel) == FAILURE) {
14391b22764fSDaniel OpenSolaris Anderson cryptoerror(LOG_ERR, gettext("Failed to retrieve the "
14401b22764fSDaniel OpenSolaris Anderson "software provider list from kernel."));
14411b22764fSDaniel OpenSolaris Anderson return (FAILURE);
14421b22764fSDaniel OpenSolaris Anderson }
14431b22764fSDaniel OpenSolaris Anderson sl_soft_count = psoftlist_kernel->sl_soft_count;
14441b22764fSDaniel OpenSolaris Anderson
1445d616ad8eSHai-May Chao if (get_kcfconf_info(&pdevlist_conf, &psoftlist_conf)
1446d616ad8eSHai-May Chao == FAILURE) {
14471b22764fSDaniel OpenSolaris Anderson cryptoerror(LOG_ERR,
14481b22764fSDaniel OpenSolaris Anderson "failed to retrieve the providers' "
14491b22764fSDaniel OpenSolaris Anderson "information from file kcf.conf - %s.",
14501b22764fSDaniel OpenSolaris Anderson _PATH_KCF_CONF);
14511b22764fSDaniel OpenSolaris Anderson free(psoftlist_kernel);
14521b22764fSDaniel OpenSolaris Anderson return (FAILURE);
14537c478bd9Sstevel@tonic-gate }
14547c478bd9Sstevel@tonic-gate
14551b22764fSDaniel OpenSolaris Anderson for (i = 0, psoftname = psoftlist_kernel->sl_soft_names;
14561b22764fSDaniel OpenSolaris Anderson i < sl_soft_count;
14571b22764fSDaniel OpenSolaris Anderson ++i, psoftname += strlen(psoftname) + 1) {
14581b22764fSDaniel OpenSolaris Anderson pent = getent_kef(psoftname, pdevlist_conf,
1459d616ad8eSHai-May Chao psoftlist_conf);
14601b22764fSDaniel OpenSolaris Anderson if ((pent == NULL) || (pent->load)) {
14611b22764fSDaniel OpenSolaris Anderson rv = list_mechlist_for_soft(psoftname,
1462d616ad8eSHai-May Chao NULL, NULL);
14637c478bd9Sstevel@tonic-gate if (rv == FAILURE) {
14647c478bd9Sstevel@tonic-gate rc = FAILURE;
14657c478bd9Sstevel@tonic-gate }
14667c478bd9Sstevel@tonic-gate } else {
14671b22764fSDaniel OpenSolaris Anderson (void) printf(gettext("%s: (inactive)\n"),
14681b22764fSDaniel OpenSolaris Anderson psoftname);
14697c478bd9Sstevel@tonic-gate }
14707c478bd9Sstevel@tonic-gate }
14717c478bd9Sstevel@tonic-gate
14721b22764fSDaniel OpenSolaris Anderson free(psoftlist_kernel);
14737c478bd9Sstevel@tonic-gate free_entrylist(pdevlist_conf);
14747c478bd9Sstevel@tonic-gate free_entrylist(psoftlist_conf);
14751b22764fSDaniel OpenSolaris Anderson
14767c478bd9Sstevel@tonic-gate } else {
14777c478bd9Sstevel@tonic-gate /* kcf.conf not there in non-global zone, use /dev/cryptoadm */
14781b22764fSDaniel OpenSolaris Anderson entrylist_t *pdevlist_zone = NULL;
14791b22764fSDaniel OpenSolaris Anderson entrylist_t *psoftlist_zone = NULL;
14801b22764fSDaniel OpenSolaris Anderson entrylist_t *ptr;
14817c478bd9Sstevel@tonic-gate
14827c478bd9Sstevel@tonic-gate if (get_admindev_info(&pdevlist_zone, &psoftlist_zone) !=
14837c478bd9Sstevel@tonic-gate SUCCESS) {
14847c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("failed to retrieve "
14857c478bd9Sstevel@tonic-gate "the list of kernel software providers.\n"));
14867c478bd9Sstevel@tonic-gate rc = FAILURE;
14877c478bd9Sstevel@tonic-gate }
14887c478bd9Sstevel@tonic-gate
14891b22764fSDaniel OpenSolaris Anderson for (ptr = psoftlist_zone; ptr != NULL; ptr = ptr->next) {
14901b22764fSDaniel OpenSolaris Anderson rv = list_mechlist_for_soft(ptr->pent->name,
1491d616ad8eSHai-May Chao pdevlist_zone, psoftlist_zone);
14927c478bd9Sstevel@tonic-gate if (rv == FAILURE) {
14937c478bd9Sstevel@tonic-gate (void) printf(gettext(
14947c478bd9Sstevel@tonic-gate "%s: failed to get the mechanism list.\n"),
14957c478bd9Sstevel@tonic-gate ptr->pent->name);
14967c478bd9Sstevel@tonic-gate rc = FAILURE;
14977c478bd9Sstevel@tonic-gate }
14987c478bd9Sstevel@tonic-gate }
14997c478bd9Sstevel@tonic-gate
15007c478bd9Sstevel@tonic-gate free_entrylist(pdevlist_zone);
15017c478bd9Sstevel@tonic-gate free_entrylist(psoftlist_zone);
15027c478bd9Sstevel@tonic-gate }
15037c478bd9Sstevel@tonic-gate
15047c478bd9Sstevel@tonic-gate /* Get kernel hardware providers and their mechanism lists */
15057c478bd9Sstevel@tonic-gate (void) printf(gettext("\nKernel hardware providers:\n"));
15067c478bd9Sstevel@tonic-gate /*
15070a85b835SDaniel Anderson * TRANSLATION_NOTE
15087c478bd9Sstevel@tonic-gate * Strictly for appearance's sake, this line should be as long as
15097c478bd9Sstevel@tonic-gate * the length of the translated text above.
15107c478bd9Sstevel@tonic-gate */
15117c478bd9Sstevel@tonic-gate (void) printf(gettext("==========================\n"));
15127c478bd9Sstevel@tonic-gate if (get_dev_list(&pdevlist_kernel) != SUCCESS) {
15137c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("failed to retrieve "
15147c478bd9Sstevel@tonic-gate "the list of hardware providers.\n"));
15157c478bd9Sstevel@tonic-gate return (FAILURE);
15167c478bd9Sstevel@tonic-gate }
15177c478bd9Sstevel@tonic-gate
15187c478bd9Sstevel@tonic-gate for (i = 0; i < pdevlist_kernel->dl_dev_count; i++) {
15197c478bd9Sstevel@tonic-gate (void) strlcpy(devname,
15207c478bd9Sstevel@tonic-gate pdevlist_kernel->dl_devs[i].le_dev_name, MAXNAMELEN);
15217c478bd9Sstevel@tonic-gate inst_num = pdevlist_kernel->dl_devs[i].le_dev_instance;
15227c478bd9Sstevel@tonic-gate count = pdevlist_kernel->dl_devs[i].le_mechanism_count;
15237c478bd9Sstevel@tonic-gate (void) snprintf(provname, sizeof (provname), "%s/%d", devname,
15247c478bd9Sstevel@tonic-gate inst_num);
15257c478bd9Sstevel@tonic-gate if (get_dev_info(devname, inst_num, count, &pmechlist) ==
15267c478bd9Sstevel@tonic-gate SUCCESS) {
15277c478bd9Sstevel@tonic-gate (void) filter_mechlist(&pmechlist, RANDOM);
15287c478bd9Sstevel@tonic-gate print_mechlist(provname, pmechlist);
15297c478bd9Sstevel@tonic-gate free_mechlist(pmechlist);
15307c478bd9Sstevel@tonic-gate } else {
15317c478bd9Sstevel@tonic-gate (void) printf(gettext("%s: failed to get the mechanism"
15327c478bd9Sstevel@tonic-gate " list.\n"), provname);
15337c478bd9Sstevel@tonic-gate rc = FAILURE;
15347c478bd9Sstevel@tonic-gate }
15357c478bd9Sstevel@tonic-gate }
15367c478bd9Sstevel@tonic-gate free(pdevlist_kernel);
15377c478bd9Sstevel@tonic-gate return (rc);
15387c478bd9Sstevel@tonic-gate }
15397c478bd9Sstevel@tonic-gate
15407c478bd9Sstevel@tonic-gate
15417c478bd9Sstevel@tonic-gate /*
15427c478bd9Sstevel@tonic-gate * List all the providers. And for each provider, list the policy information.
15431b22764fSDaniel OpenSolaris Anderson * Called for "cryptoadm list -p".
15447c478bd9Sstevel@tonic-gate */
15457c478bd9Sstevel@tonic-gate static int
list_policy_for_all(void)15467c478bd9Sstevel@tonic-gate list_policy_for_all(void)
15477c478bd9Sstevel@tonic-gate {
15481b22764fSDaniel OpenSolaris Anderson crypto_get_dev_list_t *pdevlist_kernel = NULL;
15491b22764fSDaniel OpenSolaris Anderson uentrylist_t *pliblist = NULL;
15501b22764fSDaniel OpenSolaris Anderson entrylist_t *pdevlist_conf = NULL;
15511b22764fSDaniel OpenSolaris Anderson entrylist_t *psoftlist_conf = NULL;
15521b22764fSDaniel OpenSolaris Anderson entrylist_t *ptr = NULL;
15531b22764fSDaniel OpenSolaris Anderson entrylist_t *phead = NULL;
15541b22764fSDaniel OpenSolaris Anderson boolean_t found = B_FALSE;
15557c478bd9Sstevel@tonic-gate char provname[MAXNAMELEN];
15567c478bd9Sstevel@tonic-gate int i;
15577c478bd9Sstevel@tonic-gate int rc = SUCCESS;
15587c478bd9Sstevel@tonic-gate
15597c478bd9Sstevel@tonic-gate /* Get user-level providers */
15607c478bd9Sstevel@tonic-gate (void) printf(gettext("\nUser-level providers:\n"));
15617c478bd9Sstevel@tonic-gate /*
15620a85b835SDaniel Anderson * TRANSLATION_NOTE
15637c478bd9Sstevel@tonic-gate * Strictly for appearance's sake, this line should be as long as
15647c478bd9Sstevel@tonic-gate * the length of the translated text above.
15657c478bd9Sstevel@tonic-gate */
15667c478bd9Sstevel@tonic-gate (void) printf(gettext("=====================\n"));
15677c478bd9Sstevel@tonic-gate if (get_pkcs11conf_info(&pliblist) == FAILURE) {
15687c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("failed to retrieve "
15697c478bd9Sstevel@tonic-gate "the list of user-level providers.\n"));
15701b22764fSDaniel OpenSolaris Anderson rc = FAILURE;
15717c478bd9Sstevel@tonic-gate } else {
15721b22764fSDaniel OpenSolaris Anderson uentrylist_t *plibptr = pliblist;
15731b22764fSDaniel OpenSolaris Anderson
15747c478bd9Sstevel@tonic-gate while (plibptr != NULL) {
1575d616ad8eSHai-May Chao /* skip metaslot and fips-140 entry */
1576d616ad8eSHai-May Chao if ((strcmp(plibptr->puent->name,
1577d616ad8eSHai-May Chao METASLOT_KEYWORD) != 0) &&
1578d616ad8eSHai-May Chao (strcmp(plibptr->puent->name,
1579d616ad8eSHai-May Chao FIPS_KEYWORD) != 0)) {
15807c478bd9Sstevel@tonic-gate if (print_uef_policy(plibptr->puent)
15817c478bd9Sstevel@tonic-gate == FAILURE) {
15827c478bd9Sstevel@tonic-gate rc = FAILURE;
15837c478bd9Sstevel@tonic-gate }
15847c478bd9Sstevel@tonic-gate }
15857c478bd9Sstevel@tonic-gate plibptr = plibptr->next;
15867c478bd9Sstevel@tonic-gate }
15877c478bd9Sstevel@tonic-gate free_uentrylist(pliblist);
15887c478bd9Sstevel@tonic-gate }
15897c478bd9Sstevel@tonic-gate
15907c478bd9Sstevel@tonic-gate /* kernel software providers */
15917c478bd9Sstevel@tonic-gate (void) printf(gettext("\nKernel software providers:\n"));
15927c478bd9Sstevel@tonic-gate /*
15930a85b835SDaniel Anderson * TRANSLATION_NOTE
15947c478bd9Sstevel@tonic-gate * Strictly for appearance's sake, this line should be as long as
15957c478bd9Sstevel@tonic-gate * the length of the translated text above.
15967c478bd9Sstevel@tonic-gate */
15977c478bd9Sstevel@tonic-gate (void) printf(gettext("==========================\n"));
15987c478bd9Sstevel@tonic-gate
15991b22764fSDaniel OpenSolaris Anderson /* Get all entries from the kernel */
16007c478bd9Sstevel@tonic-gate if (getzoneid() == GLOBAL_ZONEID) {
16011b22764fSDaniel OpenSolaris Anderson /* get kernel software providers from kernel ioctl */
16021b22764fSDaniel OpenSolaris Anderson crypto_get_soft_list_t *psoftlist_kernel = NULL;
16031b22764fSDaniel OpenSolaris Anderson uint_t sl_soft_count;
16041b22764fSDaniel OpenSolaris Anderson char *psoftname;
16051b22764fSDaniel OpenSolaris Anderson int i;
16067c478bd9Sstevel@tonic-gate
16071b22764fSDaniel OpenSolaris Anderson if (get_soft_list(&psoftlist_kernel) == FAILURE) {
16081b22764fSDaniel OpenSolaris Anderson cryptoerror(LOG_ERR, gettext("Failed to retrieve the "
16091b22764fSDaniel OpenSolaris Anderson "software provider list from kernel."));
16101b22764fSDaniel OpenSolaris Anderson rc = FAILURE;
16111b22764fSDaniel OpenSolaris Anderson } else {
16121b22764fSDaniel OpenSolaris Anderson sl_soft_count = psoftlist_kernel->sl_soft_count;
16131b22764fSDaniel OpenSolaris Anderson
16141b22764fSDaniel OpenSolaris Anderson for (i = 0, psoftname = psoftlist_kernel->sl_soft_names;
16151b22764fSDaniel OpenSolaris Anderson i < sl_soft_count;
16161b22764fSDaniel OpenSolaris Anderson ++i, psoftname += strlen(psoftname) + 1) {
16171b22764fSDaniel OpenSolaris Anderson (void) list_policy_for_soft(psoftname,
1618d616ad8eSHai-May Chao pdevlist_conf, psoftlist_conf);
16191b22764fSDaniel OpenSolaris Anderson }
16201b22764fSDaniel OpenSolaris Anderson free(psoftlist_kernel);
16217c478bd9Sstevel@tonic-gate }
16227c478bd9Sstevel@tonic-gate
16237c478bd9Sstevel@tonic-gate } else {
16247c478bd9Sstevel@tonic-gate /* kcf.conf not there in non-global zone, no policy info */
16257c478bd9Sstevel@tonic-gate
16267c478bd9Sstevel@tonic-gate /*
16270a85b835SDaniel Anderson * TRANSLATION_NOTE
16287c478bd9Sstevel@tonic-gate * "global" is keyword and not to be translated.
16297c478bd9Sstevel@tonic-gate */
16307c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext(
16317c478bd9Sstevel@tonic-gate "policy information for kernel software providers is "
16327c478bd9Sstevel@tonic-gate "available in the %s zone only"), "global");
16337c478bd9Sstevel@tonic-gate }
16347c478bd9Sstevel@tonic-gate
16357c478bd9Sstevel@tonic-gate /* Kernel hardware providers */
16367c478bd9Sstevel@tonic-gate (void) printf(gettext("\nKernel hardware providers:\n"));
16377c478bd9Sstevel@tonic-gate /*
16380a85b835SDaniel Anderson * TRANSLATION_NOTE
16397c478bd9Sstevel@tonic-gate * Strictly for appearance's sake, this line should be as long as
16407c478bd9Sstevel@tonic-gate * the length of the translated text above.
16417c478bd9Sstevel@tonic-gate */
16427c478bd9Sstevel@tonic-gate (void) printf(gettext("==========================\n"));
16437c478bd9Sstevel@tonic-gate
16447c478bd9Sstevel@tonic-gate if (getzoneid() != GLOBAL_ZONEID) {
16457c478bd9Sstevel@tonic-gate /*
16460a85b835SDaniel Anderson * TRANSLATION_NOTE
16477c478bd9Sstevel@tonic-gate * "global" is keyword and not to be translated.
16487c478bd9Sstevel@tonic-gate */
16497c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext(
16507c478bd9Sstevel@tonic-gate "policy information for kernel hardware providers is "
16517c478bd9Sstevel@tonic-gate "available in the %s zone only"), "global");
16527c478bd9Sstevel@tonic-gate return (FAILURE);
16537c478bd9Sstevel@tonic-gate }
16547c478bd9Sstevel@tonic-gate
16557c478bd9Sstevel@tonic-gate /* Get the hardware provider list from kernel */
16567c478bd9Sstevel@tonic-gate if (get_dev_list(&pdevlist_kernel) != SUCCESS) {
16577c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext(
16587c478bd9Sstevel@tonic-gate "failed to retrieve the list of hardware providers.\n"));
16597c478bd9Sstevel@tonic-gate return (FAILURE);
16607c478bd9Sstevel@tonic-gate }
16617c478bd9Sstevel@tonic-gate
1662d616ad8eSHai-May Chao if (get_kcfconf_info(&pdevlist_conf, &psoftlist_conf) == FAILURE) {
16631b22764fSDaniel OpenSolaris Anderson cryptoerror(LOG_ERR, "failed to retrieve the providers' "
16641b22764fSDaniel OpenSolaris Anderson "information from file kcf.conf - %s.",
16651b22764fSDaniel OpenSolaris Anderson _PATH_KCF_CONF);
16661b22764fSDaniel OpenSolaris Anderson return (FAILURE);
16671b22764fSDaniel OpenSolaris Anderson }
16681b22764fSDaniel OpenSolaris Anderson
16691b22764fSDaniel OpenSolaris Anderson
16707c478bd9Sstevel@tonic-gate /*
16717c478bd9Sstevel@tonic-gate * For each hardware provider from kernel, check if it has an entry
16727c478bd9Sstevel@tonic-gate * in the config file. If it has an entry, print out the policy from
16737c478bd9Sstevel@tonic-gate * config file and remove the entry from the hardware provider list
16747c478bd9Sstevel@tonic-gate * of the config file. If it does not have an entry in the config
16757c478bd9Sstevel@tonic-gate * file, no mechanisms of it have been disabled. But, we still call
16767c478bd9Sstevel@tonic-gate * list_policy_for_hard() to account for the "random" feature.
16777c478bd9Sstevel@tonic-gate */
16787c478bd9Sstevel@tonic-gate for (i = 0; i < pdevlist_kernel->dl_dev_count; i++) {
16797c478bd9Sstevel@tonic-gate (void) snprintf(provname, sizeof (provname), "%s/%d",
16807c478bd9Sstevel@tonic-gate pdevlist_kernel->dl_devs[i].le_dev_name,
16817c478bd9Sstevel@tonic-gate pdevlist_kernel->dl_devs[i].le_dev_instance);
16821b22764fSDaniel OpenSolaris Anderson
16837c478bd9Sstevel@tonic-gate found = B_FALSE;
16847c478bd9Sstevel@tonic-gate phead = ptr = pdevlist_conf;
16857c478bd9Sstevel@tonic-gate while (!found && ptr) {
16867c478bd9Sstevel@tonic-gate if (strcmp(ptr->pent->name, provname) == 0) {
16877c478bd9Sstevel@tonic-gate found = B_TRUE;
16887c478bd9Sstevel@tonic-gate } else {
16897c478bd9Sstevel@tonic-gate phead = ptr;
16907c478bd9Sstevel@tonic-gate ptr = ptr->next;
16917c478bd9Sstevel@tonic-gate }
16927c478bd9Sstevel@tonic-gate }
16937c478bd9Sstevel@tonic-gate
16947c478bd9Sstevel@tonic-gate if (found) {
16951b22764fSDaniel OpenSolaris Anderson (void) list_policy_for_hard(ptr->pent->name,
1696d616ad8eSHai-May Chao pdevlist_conf, psoftlist_conf, pdevlist_kernel);
16977c478bd9Sstevel@tonic-gate if (phead == ptr) {
16987c478bd9Sstevel@tonic-gate pdevlist_conf = pdevlist_conf->next;
16997c478bd9Sstevel@tonic-gate } else {
17007c478bd9Sstevel@tonic-gate phead->next = ptr->next;
17017c478bd9Sstevel@tonic-gate }
17027c478bd9Sstevel@tonic-gate free_entry(ptr->pent);
17037c478bd9Sstevel@tonic-gate free(ptr);
17047c478bd9Sstevel@tonic-gate } else {
17051b22764fSDaniel OpenSolaris Anderson (void) list_policy_for_hard(provname, pdevlist_conf,
1706d616ad8eSHai-May Chao psoftlist_conf, pdevlist_kernel);
17077c478bd9Sstevel@tonic-gate }
17087c478bd9Sstevel@tonic-gate }
17097c478bd9Sstevel@tonic-gate
17107c478bd9Sstevel@tonic-gate /*
17117c478bd9Sstevel@tonic-gate * If there are still entries left in the pdevlist_conf list from
17127c478bd9Sstevel@tonic-gate * the config file, these providers must have been detached.
17137c478bd9Sstevel@tonic-gate * Should print out their policy information also.
17147c478bd9Sstevel@tonic-gate */
17151b22764fSDaniel OpenSolaris Anderson for (ptr = pdevlist_conf; ptr != NULL; ptr = ptr->next) {
17161b22764fSDaniel OpenSolaris Anderson print_kef_policy(ptr->pent->name, ptr->pent, B_FALSE, B_TRUE);
17177c478bd9Sstevel@tonic-gate }
17187c478bd9Sstevel@tonic-gate
17197c478bd9Sstevel@tonic-gate free_entrylist(pdevlist_conf);
17201b22764fSDaniel OpenSolaris Anderson free_entrylist(psoftlist_conf);
17217c478bd9Sstevel@tonic-gate free(pdevlist_kernel);
17227c478bd9Sstevel@tonic-gate
17237c478bd9Sstevel@tonic-gate return (rc);
17247c478bd9Sstevel@tonic-gate }
1725