xref: /titanic_50/usr/src/cmd/svr4pkg/pkgadm/listcert.c (revision 5c51f1241dbbdf2656d0e10011981411ed0c9673)
1*5c51f124SMoriah Waterland /*
2*5c51f124SMoriah Waterland  * CDDL HEADER START
3*5c51f124SMoriah Waterland  *
4*5c51f124SMoriah Waterland  * The contents of this file are subject to the terms of the
5*5c51f124SMoriah Waterland  * Common Development and Distribution License (the "License").
6*5c51f124SMoriah Waterland  * You may not use this file except in compliance with the License.
7*5c51f124SMoriah Waterland  *
8*5c51f124SMoriah Waterland  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9*5c51f124SMoriah Waterland  * or http://www.opensolaris.org/os/licensing.
10*5c51f124SMoriah Waterland  * See the License for the specific language governing permissions
11*5c51f124SMoriah Waterland  * and limitations under the License.
12*5c51f124SMoriah Waterland  *
13*5c51f124SMoriah Waterland  * When distributing Covered Code, include this CDDL HEADER in each
14*5c51f124SMoriah Waterland  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15*5c51f124SMoriah Waterland  * If applicable, add the following below this CDDL HEADER, with the
16*5c51f124SMoriah Waterland  * fields enclosed by brackets "[]" replaced with your own identifying
17*5c51f124SMoriah Waterland  * information: Portions Copyright [yyyy] [name of copyright owner]
18*5c51f124SMoriah Waterland  *
19*5c51f124SMoriah Waterland  * CDDL HEADER END
20*5c51f124SMoriah Waterland  */
21*5c51f124SMoriah Waterland 
22*5c51f124SMoriah Waterland /*
23*5c51f124SMoriah Waterland  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24*5c51f124SMoriah Waterland  * Use is subject to license terms.
25*5c51f124SMoriah Waterland  */
26*5c51f124SMoriah Waterland 
27*5c51f124SMoriah Waterland 
28*5c51f124SMoriah Waterland #include <stdio.h>
29*5c51f124SMoriah Waterland #include <stdarg.h>
30*5c51f124SMoriah Waterland #include <stdlib.h>
31*5c51f124SMoriah Waterland #include <string.h>
32*5c51f124SMoriah Waterland #include <sys/types.h>
33*5c51f124SMoriah Waterland #include <unistd.h>
34*5c51f124SMoriah Waterland #include <signal.h>
35*5c51f124SMoriah Waterland #include <locale.h>
36*5c51f124SMoriah Waterland #include <sys/param.h>
37*5c51f124SMoriah Waterland #include <openssl/bio.h>
38*5c51f124SMoriah Waterland 
39*5c51f124SMoriah Waterland #include <libinst.h>
40*5c51f124SMoriah Waterland #include <pkglib.h>
41*5c51f124SMoriah Waterland #include <pkgerr.h>
42*5c51f124SMoriah Waterland #include <keystore.h>
43*5c51f124SMoriah Waterland #include "pkgadm.h"
44*5c51f124SMoriah Waterland #include "pkgadm_msgs.h"
45*5c51f124SMoriah Waterland 
46*5c51f124SMoriah Waterland /*
47*5c51f124SMoriah Waterland  * Name:	listcert
48*5c51f124SMoriah Waterland  * Desc:  Lists one or more certificates from the keystore
49*5c51f124SMoriah Waterland  * Syntax:	listcert [-a app] [-f format] [-k keystore] \
50*5c51f124SMoriah Waterland  *	[-n name] [-o outfile] [-P passarg] [-R altroot]
51*5c51f124SMoriah Waterland  */
52*5c51f124SMoriah Waterland int
listcert(int argc,char ** argv)53*5c51f124SMoriah Waterland listcert(int argc, char **argv)
54*5c51f124SMoriah Waterland {
55*5c51f124SMoriah Waterland 	int				i;
56*5c51f124SMoriah Waterland 	char				keystore_file[MAXPATHLEN] = "";
57*5c51f124SMoriah Waterland 	char				*keystore_base = NULL;
58*5c51f124SMoriah Waterland 	char				*homedir;
59*5c51f124SMoriah Waterland 	char				*passarg = NULL;
60*5c51f124SMoriah Waterland 	char				*altroot = NULL;
61*5c51f124SMoriah Waterland 	char				*prog = NULL;
62*5c51f124SMoriah Waterland 	char				*format_str = NULL;
63*5c51f124SMoriah Waterland 	keystore_encoding_format_t	format;
64*5c51f124SMoriah Waterland 	char				*alias = NULL;
65*5c51f124SMoriah Waterland 	char				*outfile_str = NULL;
66*5c51f124SMoriah Waterland 	FILE				*outfile = NULL;
67*5c51f124SMoriah Waterland 	int				ret = 1;
68*5c51f124SMoriah Waterland 	PKG_ERR				*err = NULL;
69*5c51f124SMoriah Waterland 	keystore_handle_t		keystore = NULL;
70*5c51f124SMoriah Waterland 
71*5c51f124SMoriah Waterland 	while ((i = getopt(argc, argv, ":a:f:k:n:o:P:R:")) != EOF) {
72*5c51f124SMoriah Waterland 		switch (i) {
73*5c51f124SMoriah Waterland 		case 'a':
74*5c51f124SMoriah Waterland 			prog = optarg;
75*5c51f124SMoriah Waterland 			break;
76*5c51f124SMoriah Waterland 		case 'f':
77*5c51f124SMoriah Waterland 			format_str = optarg;
78*5c51f124SMoriah Waterland 			break;
79*5c51f124SMoriah Waterland 		case 'k':
80*5c51f124SMoriah Waterland 			keystore_base = optarg;
81*5c51f124SMoriah Waterland 			break;
82*5c51f124SMoriah Waterland 		case 'n':
83*5c51f124SMoriah Waterland 			alias = optarg;
84*5c51f124SMoriah Waterland 			break;
85*5c51f124SMoriah Waterland 		case 'o':
86*5c51f124SMoriah Waterland 			outfile_str = optarg;
87*5c51f124SMoriah Waterland 			break;
88*5c51f124SMoriah Waterland 		case 'P':
89*5c51f124SMoriah Waterland 			passarg = optarg;
90*5c51f124SMoriah Waterland 			break;
91*5c51f124SMoriah Waterland 		case 'R':
92*5c51f124SMoriah Waterland 			altroot = optarg;
93*5c51f124SMoriah Waterland 			break;
94*5c51f124SMoriah Waterland 		case ':':
95*5c51f124SMoriah Waterland 			log_msg(LOG_MSG_ERR, MSG_MISSING_OPERAND, optopt);
96*5c51f124SMoriah Waterland 			/* fallthrough intentional */
97*5c51f124SMoriah Waterland 		case '?':
98*5c51f124SMoriah Waterland 		default:
99*5c51f124SMoriah Waterland 			log_msg(LOG_MSG_ERR, MSG_USAGE);
100*5c51f124SMoriah Waterland 			goto cleanup;
101*5c51f124SMoriah Waterland 		}
102*5c51f124SMoriah Waterland 	}
103*5c51f124SMoriah Waterland 
104*5c51f124SMoriah Waterland 	/* should be no arguments left */
105*5c51f124SMoriah Waterland 	if ((argc-optind) > 0) {
106*5c51f124SMoriah Waterland 		log_msg(LOG_MSG_ERR, MSG_USAGE);
107*5c51f124SMoriah Waterland 		goto cleanup;
108*5c51f124SMoriah Waterland 	}
109*5c51f124SMoriah Waterland 
110*5c51f124SMoriah Waterland 	/* figure out format */
111*5c51f124SMoriah Waterland 	if (format_str == NULL) {
112*5c51f124SMoriah Waterland 		format = KEYSTORE_FORMAT_TEXT;
113*5c51f124SMoriah Waterland 	} else {
114*5c51f124SMoriah Waterland 		if (ci_streq(format_str, "text")) {
115*5c51f124SMoriah Waterland 			format = KEYSTORE_FORMAT_TEXT;
116*5c51f124SMoriah Waterland 		} else if (ci_streq(format_str, "pem")) {
117*5c51f124SMoriah Waterland 			format = KEYSTORE_FORMAT_PEM;
118*5c51f124SMoriah Waterland 		} else if (ci_streq(format_str, "der")) {
119*5c51f124SMoriah Waterland 			format = KEYSTORE_FORMAT_DER;
120*5c51f124SMoriah Waterland 		} else {
121*5c51f124SMoriah Waterland 			log_msg(LOG_MSG_ERR, MSG_BAD_FORMAT, format_str);
122*5c51f124SMoriah Waterland 			goto cleanup;
123*5c51f124SMoriah Waterland 		}
124*5c51f124SMoriah Waterland 	}
125*5c51f124SMoriah Waterland 
126*5c51f124SMoriah Waterland 	/* open output file */
127*5c51f124SMoriah Waterland 	if (outfile_str == NULL) {
128*5c51f124SMoriah Waterland 		outfile = stdout;
129*5c51f124SMoriah Waterland 		outfile_str = "stdout";
130*5c51f124SMoriah Waterland 	} else {
131*5c51f124SMoriah Waterland 		if ((outfile = fopen(outfile_str, "w+")) == NULL) {
132*5c51f124SMoriah Waterland 			log_msg(LOG_MSG_ERR, MSG_OPEN_WRITE, outfile_str);
133*5c51f124SMoriah Waterland 			goto cleanup;
134*5c51f124SMoriah Waterland 		}
135*5c51f124SMoriah Waterland 	}
136*5c51f124SMoriah Waterland 
137*5c51f124SMoriah Waterland 	/* set up proper keystore */
138*5c51f124SMoriah Waterland 	if (altroot != NULL) {
139*5c51f124SMoriah Waterland 	    if (strlcpy(keystore_file, altroot, MAXPATHLEN) >= MAXPATHLEN) {
140*5c51f124SMoriah Waterland 		log_msg(LOG_MSG_ERR, MSG_TOO_LONG, altroot);
141*5c51f124SMoriah Waterland 		goto cleanup;
142*5c51f124SMoriah Waterland 	    }
143*5c51f124SMoriah Waterland 
144*5c51f124SMoriah Waterland 	    if (strlcat(keystore_file, "/", MAXPATHLEN) >= MAXPATHLEN) {
145*5c51f124SMoriah Waterland 		log_msg(LOG_MSG_ERR, MSG_TOO_LONG, altroot);
146*5c51f124SMoriah Waterland 		goto cleanup;
147*5c51f124SMoriah Waterland 	    }
148*5c51f124SMoriah Waterland 	}
149*5c51f124SMoriah Waterland 
150*5c51f124SMoriah Waterland 	if (keystore_base == NULL) {
151*5c51f124SMoriah Waterland 		if (geteuid() == 0 || altroot != NULL) {
152*5c51f124SMoriah Waterland 				/*
153*5c51f124SMoriah Waterland 				 * If we have an alternate
154*5c51f124SMoriah Waterland 				 * root, then we have no choice but to use
155*5c51f124SMoriah Waterland 				 * root's keystore on that alternate root,
156*5c51f124SMoriah Waterland 				 * since there is no way to resolve a
157*5c51f124SMoriah Waterland 				 * user's home dir given an alternate root
158*5c51f124SMoriah Waterland 				 */
159*5c51f124SMoriah Waterland 			if (strlcat(keystore_file, PKGSEC,
160*5c51f124SMoriah Waterland 			    MAXPATHLEN) >= MAXPATHLEN) {
161*5c51f124SMoriah Waterland 				log_msg(LOG_MSG_ERR, MSG_TOO_LONG,
162*5c51f124SMoriah Waterland 				    keystore_file);
163*5c51f124SMoriah Waterland 				goto cleanup;
164*5c51f124SMoriah Waterland 			}
165*5c51f124SMoriah Waterland 		} else {
166*5c51f124SMoriah Waterland 			if ((homedir = getenv("HOME")) == NULL) {
167*5c51f124SMoriah Waterland 				/*
168*5c51f124SMoriah Waterland 				 * not superuser, but no home dir, so
169*5c51f124SMoriah Waterland 				 * use superuser's keystore
170*5c51f124SMoriah Waterland 				 */
171*5c51f124SMoriah Waterland 				if (strlcat(keystore_file, PKGSEC,
172*5c51f124SMoriah Waterland 				    MAXPATHLEN) >= MAXPATHLEN) {
173*5c51f124SMoriah Waterland 					log_msg(LOG_MSG_ERR, MSG_TOO_LONG,
174*5c51f124SMoriah Waterland 					    keystore_file);
175*5c51f124SMoriah Waterland 					goto cleanup;
176*5c51f124SMoriah Waterland 				}
177*5c51f124SMoriah Waterland 			} else {
178*5c51f124SMoriah Waterland 				if (strlcat(keystore_file, homedir,
179*5c51f124SMoriah Waterland 				    MAXPATHLEN) >= MAXPATHLEN) {
180*5c51f124SMoriah Waterland 					log_msg(LOG_MSG_ERR, MSG_TOO_LONG,
181*5c51f124SMoriah Waterland 					    homedir);
182*5c51f124SMoriah Waterland 					goto cleanup;
183*5c51f124SMoriah Waterland 				}
184*5c51f124SMoriah Waterland 				if (strlcat(keystore_file, "/.pkg/security",
185*5c51f124SMoriah Waterland 				    MAXPATHLEN) >= MAXPATHLEN) {
186*5c51f124SMoriah Waterland 					log_msg(LOG_MSG_ERR, MSG_TOO_LONG,
187*5c51f124SMoriah Waterland 					    keystore_file);
188*5c51f124SMoriah Waterland 					goto cleanup;
189*5c51f124SMoriah Waterland 				}
190*5c51f124SMoriah Waterland 			}
191*5c51f124SMoriah Waterland 		}
192*5c51f124SMoriah Waterland 	} else {
193*5c51f124SMoriah Waterland 		if (strlcat(keystore_file, keystore_base,
194*5c51f124SMoriah Waterland 		    MAXPATHLEN) >= MAXPATHLEN) {
195*5c51f124SMoriah Waterland 		    log_msg(LOG_MSG_ERR, MSG_TOO_LONG,
196*5c51f124SMoriah Waterland 			keystore_base);
197*5c51f124SMoriah Waterland 		    goto cleanup;
198*5c51f124SMoriah Waterland 		}
199*5c51f124SMoriah Waterland 	}
200*5c51f124SMoriah Waterland 	err = pkgerr_new();
201*5c51f124SMoriah Waterland 
202*5c51f124SMoriah Waterland 	/* now load the key store */
203*5c51f124SMoriah Waterland 	log_msg(LOG_MSG_DEBUG, "Loading keystore <%s>", keystore_file);
204*5c51f124SMoriah Waterland 
205*5c51f124SMoriah Waterland 	set_passphrase_prompt(MSG_KEYSTORE_PASSPROMPT);
206*5c51f124SMoriah Waterland 	set_passphrase_passarg(passarg);
207*5c51f124SMoriah Waterland 	if (open_keystore(err, keystore_file, prog,
208*5c51f124SMoriah Waterland 	    pkg_passphrase_cb, KEYSTORE_DFLT_FLAGS,
209*5c51f124SMoriah Waterland 	    &keystore) != 0) {
210*5c51f124SMoriah Waterland 		log_pkgerr(LOG_MSG_ERR, err);
211*5c51f124SMoriah Waterland 		log_msg(LOG_MSG_ERR, MSG_PRINT, outfile_str);
212*5c51f124SMoriah Waterland 		goto cleanup;
213*5c51f124SMoriah Waterland 	}
214*5c51f124SMoriah Waterland 
215*5c51f124SMoriah Waterland 	/* list the certs */
216*5c51f124SMoriah Waterland 	log_msg(LOG_MSG_DEBUG, "Listing certificates");
217*5c51f124SMoriah Waterland 	if (print_certs(err, keystore, alias, format, outfile) != 0) {
218*5c51f124SMoriah Waterland 		log_pkgerr(LOG_MSG_ERR, err);
219*5c51f124SMoriah Waterland 	    log_msg(LOG_MSG_ERR, MSG_PRINT, outfile_str);
220*5c51f124SMoriah Waterland 		goto cleanup;
221*5c51f124SMoriah Waterland 	}
222*5c51f124SMoriah Waterland 
223*5c51f124SMoriah Waterland 	/* now close it out */
224*5c51f124SMoriah Waterland 	log_msg(LOG_MSG_DEBUG, "Closing keystore");
225*5c51f124SMoriah Waterland 	set_passphrase_prompt(MSG_KEYSTORE_PASSOUTPROMPT);
226*5c51f124SMoriah Waterland 	set_passphrase_passarg(passarg);
227*5c51f124SMoriah Waterland 	if (close_keystore(err, keystore, pkg_passphrase_cb) != 0) {
228*5c51f124SMoriah Waterland 		log_pkgerr(LOG_MSG_ERR, err);
229*5c51f124SMoriah Waterland 		log_msg(LOG_MSG_ERR, MSG_PRINT, outfile_str);
230*5c51f124SMoriah Waterland 		goto cleanup;
231*5c51f124SMoriah Waterland 	}
232*5c51f124SMoriah Waterland 
233*5c51f124SMoriah Waterland 	/* everything worked */
234*5c51f124SMoriah Waterland 	ret = 0;
235*5c51f124SMoriah Waterland 
236*5c51f124SMoriah Waterland 	/* fallthrough intentional */
237*5c51f124SMoriah Waterland cleanup:
238*5c51f124SMoriah Waterland 	if (outfile != NULL)
239*5c51f124SMoriah Waterland 		(void) fclose(outfile);
240*5c51f124SMoriah Waterland 
241*5c51f124SMoriah Waterland 	if (err != NULL)
242*5c51f124SMoriah Waterland 		pkgerr_free(err);
243*5c51f124SMoriah Waterland 
244*5c51f124SMoriah Waterland 	return (ret);
245*5c51f124SMoriah Waterland }
246