1*5c51f124SMoriah Waterland /*
2*5c51f124SMoriah Waterland * CDDL HEADER START
3*5c51f124SMoriah Waterland *
4*5c51f124SMoriah Waterland * The contents of this file are subject to the terms of the
5*5c51f124SMoriah Waterland * Common Development and Distribution License (the "License").
6*5c51f124SMoriah Waterland * You may not use this file except in compliance with the License.
7*5c51f124SMoriah Waterland *
8*5c51f124SMoriah Waterland * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9*5c51f124SMoriah Waterland * or http://www.opensolaris.org/os/licensing.
10*5c51f124SMoriah Waterland * See the License for the specific language governing permissions
11*5c51f124SMoriah Waterland * and limitations under the License.
12*5c51f124SMoriah Waterland *
13*5c51f124SMoriah Waterland * When distributing Covered Code, include this CDDL HEADER in each
14*5c51f124SMoriah Waterland * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15*5c51f124SMoriah Waterland * If applicable, add the following below this CDDL HEADER, with the
16*5c51f124SMoriah Waterland * fields enclosed by brackets "[]" replaced with your own identifying
17*5c51f124SMoriah Waterland * information: Portions Copyright [yyyy] [name of copyright owner]
18*5c51f124SMoriah Waterland *
19*5c51f124SMoriah Waterland * CDDL HEADER END
20*5c51f124SMoriah Waterland */
21*5c51f124SMoriah Waterland
22*5c51f124SMoriah Waterland /*
23*5c51f124SMoriah Waterland * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
24*5c51f124SMoriah Waterland * Use is subject to license terms.
25*5c51f124SMoriah Waterland */
26*5c51f124SMoriah Waterland
27*5c51f124SMoriah Waterland
28*5c51f124SMoriah Waterland #include <stdio.h>
29*5c51f124SMoriah Waterland #include <stdarg.h>
30*5c51f124SMoriah Waterland #include <stdlib.h>
31*5c51f124SMoriah Waterland #include <string.h>
32*5c51f124SMoriah Waterland #include <sys/types.h>
33*5c51f124SMoriah Waterland #include <unistd.h>
34*5c51f124SMoriah Waterland #include <signal.h>
35*5c51f124SMoriah Waterland #include <locale.h>
36*5c51f124SMoriah Waterland #include <sys/param.h>
37*5c51f124SMoriah Waterland #include <openssl/bio.h>
38*5c51f124SMoriah Waterland
39*5c51f124SMoriah Waterland #include <libinst.h>
40*5c51f124SMoriah Waterland #include <pkglib.h>
41*5c51f124SMoriah Waterland #include <pkgerr.h>
42*5c51f124SMoriah Waterland #include <keystore.h>
43*5c51f124SMoriah Waterland #include "pkgadm.h"
44*5c51f124SMoriah Waterland #include "pkgadm_msgs.h"
45*5c51f124SMoriah Waterland
46*5c51f124SMoriah Waterland /*
47*5c51f124SMoriah Waterland * Name: listcert
48*5c51f124SMoriah Waterland * Desc: Lists one or more certificates from the keystore
49*5c51f124SMoriah Waterland * Syntax: listcert [-a app] [-f format] [-k keystore] \
50*5c51f124SMoriah Waterland * [-n name] [-o outfile] [-P passarg] [-R altroot]
51*5c51f124SMoriah Waterland */
52*5c51f124SMoriah Waterland int
listcert(int argc,char ** argv)53*5c51f124SMoriah Waterland listcert(int argc, char **argv)
54*5c51f124SMoriah Waterland {
55*5c51f124SMoriah Waterland int i;
56*5c51f124SMoriah Waterland char keystore_file[MAXPATHLEN] = "";
57*5c51f124SMoriah Waterland char *keystore_base = NULL;
58*5c51f124SMoriah Waterland char *homedir;
59*5c51f124SMoriah Waterland char *passarg = NULL;
60*5c51f124SMoriah Waterland char *altroot = NULL;
61*5c51f124SMoriah Waterland char *prog = NULL;
62*5c51f124SMoriah Waterland char *format_str = NULL;
63*5c51f124SMoriah Waterland keystore_encoding_format_t format;
64*5c51f124SMoriah Waterland char *alias = NULL;
65*5c51f124SMoriah Waterland char *outfile_str = NULL;
66*5c51f124SMoriah Waterland FILE *outfile = NULL;
67*5c51f124SMoriah Waterland int ret = 1;
68*5c51f124SMoriah Waterland PKG_ERR *err = NULL;
69*5c51f124SMoriah Waterland keystore_handle_t keystore = NULL;
70*5c51f124SMoriah Waterland
71*5c51f124SMoriah Waterland while ((i = getopt(argc, argv, ":a:f:k:n:o:P:R:")) != EOF) {
72*5c51f124SMoriah Waterland switch (i) {
73*5c51f124SMoriah Waterland case 'a':
74*5c51f124SMoriah Waterland prog = optarg;
75*5c51f124SMoriah Waterland break;
76*5c51f124SMoriah Waterland case 'f':
77*5c51f124SMoriah Waterland format_str = optarg;
78*5c51f124SMoriah Waterland break;
79*5c51f124SMoriah Waterland case 'k':
80*5c51f124SMoriah Waterland keystore_base = optarg;
81*5c51f124SMoriah Waterland break;
82*5c51f124SMoriah Waterland case 'n':
83*5c51f124SMoriah Waterland alias = optarg;
84*5c51f124SMoriah Waterland break;
85*5c51f124SMoriah Waterland case 'o':
86*5c51f124SMoriah Waterland outfile_str = optarg;
87*5c51f124SMoriah Waterland break;
88*5c51f124SMoriah Waterland case 'P':
89*5c51f124SMoriah Waterland passarg = optarg;
90*5c51f124SMoriah Waterland break;
91*5c51f124SMoriah Waterland case 'R':
92*5c51f124SMoriah Waterland altroot = optarg;
93*5c51f124SMoriah Waterland break;
94*5c51f124SMoriah Waterland case ':':
95*5c51f124SMoriah Waterland log_msg(LOG_MSG_ERR, MSG_MISSING_OPERAND, optopt);
96*5c51f124SMoriah Waterland /* fallthrough intentional */
97*5c51f124SMoriah Waterland case '?':
98*5c51f124SMoriah Waterland default:
99*5c51f124SMoriah Waterland log_msg(LOG_MSG_ERR, MSG_USAGE);
100*5c51f124SMoriah Waterland goto cleanup;
101*5c51f124SMoriah Waterland }
102*5c51f124SMoriah Waterland }
103*5c51f124SMoriah Waterland
104*5c51f124SMoriah Waterland /* should be no arguments left */
105*5c51f124SMoriah Waterland if ((argc-optind) > 0) {
106*5c51f124SMoriah Waterland log_msg(LOG_MSG_ERR, MSG_USAGE);
107*5c51f124SMoriah Waterland goto cleanup;
108*5c51f124SMoriah Waterland }
109*5c51f124SMoriah Waterland
110*5c51f124SMoriah Waterland /* figure out format */
111*5c51f124SMoriah Waterland if (format_str == NULL) {
112*5c51f124SMoriah Waterland format = KEYSTORE_FORMAT_TEXT;
113*5c51f124SMoriah Waterland } else {
114*5c51f124SMoriah Waterland if (ci_streq(format_str, "text")) {
115*5c51f124SMoriah Waterland format = KEYSTORE_FORMAT_TEXT;
116*5c51f124SMoriah Waterland } else if (ci_streq(format_str, "pem")) {
117*5c51f124SMoriah Waterland format = KEYSTORE_FORMAT_PEM;
118*5c51f124SMoriah Waterland } else if (ci_streq(format_str, "der")) {
119*5c51f124SMoriah Waterland format = KEYSTORE_FORMAT_DER;
120*5c51f124SMoriah Waterland } else {
121*5c51f124SMoriah Waterland log_msg(LOG_MSG_ERR, MSG_BAD_FORMAT, format_str);
122*5c51f124SMoriah Waterland goto cleanup;
123*5c51f124SMoriah Waterland }
124*5c51f124SMoriah Waterland }
125*5c51f124SMoriah Waterland
126*5c51f124SMoriah Waterland /* open output file */
127*5c51f124SMoriah Waterland if (outfile_str == NULL) {
128*5c51f124SMoriah Waterland outfile = stdout;
129*5c51f124SMoriah Waterland outfile_str = "stdout";
130*5c51f124SMoriah Waterland } else {
131*5c51f124SMoriah Waterland if ((outfile = fopen(outfile_str, "w+")) == NULL) {
132*5c51f124SMoriah Waterland log_msg(LOG_MSG_ERR, MSG_OPEN_WRITE, outfile_str);
133*5c51f124SMoriah Waterland goto cleanup;
134*5c51f124SMoriah Waterland }
135*5c51f124SMoriah Waterland }
136*5c51f124SMoriah Waterland
137*5c51f124SMoriah Waterland /* set up proper keystore */
138*5c51f124SMoriah Waterland if (altroot != NULL) {
139*5c51f124SMoriah Waterland if (strlcpy(keystore_file, altroot, MAXPATHLEN) >= MAXPATHLEN) {
140*5c51f124SMoriah Waterland log_msg(LOG_MSG_ERR, MSG_TOO_LONG, altroot);
141*5c51f124SMoriah Waterland goto cleanup;
142*5c51f124SMoriah Waterland }
143*5c51f124SMoriah Waterland
144*5c51f124SMoriah Waterland if (strlcat(keystore_file, "/", MAXPATHLEN) >= MAXPATHLEN) {
145*5c51f124SMoriah Waterland log_msg(LOG_MSG_ERR, MSG_TOO_LONG, altroot);
146*5c51f124SMoriah Waterland goto cleanup;
147*5c51f124SMoriah Waterland }
148*5c51f124SMoriah Waterland }
149*5c51f124SMoriah Waterland
150*5c51f124SMoriah Waterland if (keystore_base == NULL) {
151*5c51f124SMoriah Waterland if (geteuid() == 0 || altroot != NULL) {
152*5c51f124SMoriah Waterland /*
153*5c51f124SMoriah Waterland * If we have an alternate
154*5c51f124SMoriah Waterland * root, then we have no choice but to use
155*5c51f124SMoriah Waterland * root's keystore on that alternate root,
156*5c51f124SMoriah Waterland * since there is no way to resolve a
157*5c51f124SMoriah Waterland * user's home dir given an alternate root
158*5c51f124SMoriah Waterland */
159*5c51f124SMoriah Waterland if (strlcat(keystore_file, PKGSEC,
160*5c51f124SMoriah Waterland MAXPATHLEN) >= MAXPATHLEN) {
161*5c51f124SMoriah Waterland log_msg(LOG_MSG_ERR, MSG_TOO_LONG,
162*5c51f124SMoriah Waterland keystore_file);
163*5c51f124SMoriah Waterland goto cleanup;
164*5c51f124SMoriah Waterland }
165*5c51f124SMoriah Waterland } else {
166*5c51f124SMoriah Waterland if ((homedir = getenv("HOME")) == NULL) {
167*5c51f124SMoriah Waterland /*
168*5c51f124SMoriah Waterland * not superuser, but no home dir, so
169*5c51f124SMoriah Waterland * use superuser's keystore
170*5c51f124SMoriah Waterland */
171*5c51f124SMoriah Waterland if (strlcat(keystore_file, PKGSEC,
172*5c51f124SMoriah Waterland MAXPATHLEN) >= MAXPATHLEN) {
173*5c51f124SMoriah Waterland log_msg(LOG_MSG_ERR, MSG_TOO_LONG,
174*5c51f124SMoriah Waterland keystore_file);
175*5c51f124SMoriah Waterland goto cleanup;
176*5c51f124SMoriah Waterland }
177*5c51f124SMoriah Waterland } else {
178*5c51f124SMoriah Waterland if (strlcat(keystore_file, homedir,
179*5c51f124SMoriah Waterland MAXPATHLEN) >= MAXPATHLEN) {
180*5c51f124SMoriah Waterland log_msg(LOG_MSG_ERR, MSG_TOO_LONG,
181*5c51f124SMoriah Waterland homedir);
182*5c51f124SMoriah Waterland goto cleanup;
183*5c51f124SMoriah Waterland }
184*5c51f124SMoriah Waterland if (strlcat(keystore_file, "/.pkg/security",
185*5c51f124SMoriah Waterland MAXPATHLEN) >= MAXPATHLEN) {
186*5c51f124SMoriah Waterland log_msg(LOG_MSG_ERR, MSG_TOO_LONG,
187*5c51f124SMoriah Waterland keystore_file);
188*5c51f124SMoriah Waterland goto cleanup;
189*5c51f124SMoriah Waterland }
190*5c51f124SMoriah Waterland }
191*5c51f124SMoriah Waterland }
192*5c51f124SMoriah Waterland } else {
193*5c51f124SMoriah Waterland if (strlcat(keystore_file, keystore_base,
194*5c51f124SMoriah Waterland MAXPATHLEN) >= MAXPATHLEN) {
195*5c51f124SMoriah Waterland log_msg(LOG_MSG_ERR, MSG_TOO_LONG,
196*5c51f124SMoriah Waterland keystore_base);
197*5c51f124SMoriah Waterland goto cleanup;
198*5c51f124SMoriah Waterland }
199*5c51f124SMoriah Waterland }
200*5c51f124SMoriah Waterland err = pkgerr_new();
201*5c51f124SMoriah Waterland
202*5c51f124SMoriah Waterland /* now load the key store */
203*5c51f124SMoriah Waterland log_msg(LOG_MSG_DEBUG, "Loading keystore <%s>", keystore_file);
204*5c51f124SMoriah Waterland
205*5c51f124SMoriah Waterland set_passphrase_prompt(MSG_KEYSTORE_PASSPROMPT);
206*5c51f124SMoriah Waterland set_passphrase_passarg(passarg);
207*5c51f124SMoriah Waterland if (open_keystore(err, keystore_file, prog,
208*5c51f124SMoriah Waterland pkg_passphrase_cb, KEYSTORE_DFLT_FLAGS,
209*5c51f124SMoriah Waterland &keystore) != 0) {
210*5c51f124SMoriah Waterland log_pkgerr(LOG_MSG_ERR, err);
211*5c51f124SMoriah Waterland log_msg(LOG_MSG_ERR, MSG_PRINT, outfile_str);
212*5c51f124SMoriah Waterland goto cleanup;
213*5c51f124SMoriah Waterland }
214*5c51f124SMoriah Waterland
215*5c51f124SMoriah Waterland /* list the certs */
216*5c51f124SMoriah Waterland log_msg(LOG_MSG_DEBUG, "Listing certificates");
217*5c51f124SMoriah Waterland if (print_certs(err, keystore, alias, format, outfile) != 0) {
218*5c51f124SMoriah Waterland log_pkgerr(LOG_MSG_ERR, err);
219*5c51f124SMoriah Waterland log_msg(LOG_MSG_ERR, MSG_PRINT, outfile_str);
220*5c51f124SMoriah Waterland goto cleanup;
221*5c51f124SMoriah Waterland }
222*5c51f124SMoriah Waterland
223*5c51f124SMoriah Waterland /* now close it out */
224*5c51f124SMoriah Waterland log_msg(LOG_MSG_DEBUG, "Closing keystore");
225*5c51f124SMoriah Waterland set_passphrase_prompt(MSG_KEYSTORE_PASSOUTPROMPT);
226*5c51f124SMoriah Waterland set_passphrase_passarg(passarg);
227*5c51f124SMoriah Waterland if (close_keystore(err, keystore, pkg_passphrase_cb) != 0) {
228*5c51f124SMoriah Waterland log_pkgerr(LOG_MSG_ERR, err);
229*5c51f124SMoriah Waterland log_msg(LOG_MSG_ERR, MSG_PRINT, outfile_str);
230*5c51f124SMoriah Waterland goto cleanup;
231*5c51f124SMoriah Waterland }
232*5c51f124SMoriah Waterland
233*5c51f124SMoriah Waterland /* everything worked */
234*5c51f124SMoriah Waterland ret = 0;
235*5c51f124SMoriah Waterland
236*5c51f124SMoriah Waterland /* fallthrough intentional */
237*5c51f124SMoriah Waterland cleanup:
238*5c51f124SMoriah Waterland if (outfile != NULL)
239*5c51f124SMoriah Waterland (void) fclose(outfile);
240*5c51f124SMoriah Waterland
241*5c51f124SMoriah Waterland if (err != NULL)
242*5c51f124SMoriah Waterland pkgerr_free(err);
243*5c51f124SMoriah Waterland
244*5c51f124SMoriah Waterland return (ret);
245*5c51f124SMoriah Waterland }
246