17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5b8bf75cbSkrishna * Common Development and Distribution License (the "License"). 6b8bf75cbSkrishna * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 2232e0ab73SMisaki Miyashita * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. 237c478bd9Sstevel@tonic-gate */ 247c478bd9Sstevel@tonic-gate 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate #include <fcntl.h> 277c478bd9Sstevel@tonic-gate #include <stdio.h> 287c478bd9Sstevel@tonic-gate #include <stdlib.h> 297c478bd9Sstevel@tonic-gate #include <strings.h> 307c478bd9Sstevel@tonic-gate #include <unistd.h> 317c478bd9Sstevel@tonic-gate #include <locale.h> 327c478bd9Sstevel@tonic-gate #include <libgen.h> 337c478bd9Sstevel@tonic-gate #include <sys/types.h> 347c478bd9Sstevel@tonic-gate #include <zone.h> 357c478bd9Sstevel@tonic-gate #include <sys/crypto/ioctladmin.h> 367c478bd9Sstevel@tonic-gate #include <cryptoutil.h> 377c478bd9Sstevel@tonic-gate #include "cryptoadm.h" 387c478bd9Sstevel@tonic-gate 397c478bd9Sstevel@tonic-gate #define REQ_ARG_CNT 2 407c478bd9Sstevel@tonic-gate 417c478bd9Sstevel@tonic-gate /* subcommand index */ 427c478bd9Sstevel@tonic-gate enum subcommand_index { 437c478bd9Sstevel@tonic-gate CRYPTO_LIST, 447c478bd9Sstevel@tonic-gate CRYPTO_DISABLE, 457c478bd9Sstevel@tonic-gate CRYPTO_ENABLE, 467c478bd9Sstevel@tonic-gate CRYPTO_INSTALL, 477c478bd9Sstevel@tonic-gate CRYPTO_UNINSTALL, 487c478bd9Sstevel@tonic-gate CRYPTO_UNLOAD, 497c478bd9Sstevel@tonic-gate CRYPTO_REFRESH, 507c478bd9Sstevel@tonic-gate CRYPTO_START, 517c478bd9Sstevel@tonic-gate CRYPTO_STOP, 527c478bd9Sstevel@tonic-gate CRYPTO_HELP }; 537c478bd9Sstevel@tonic-gate 547c478bd9Sstevel@tonic-gate /* 550a85b835SDaniel Anderson * TRANSLATION_NOTE 567c478bd9Sstevel@tonic-gate * Command keywords are not to be translated. 577c478bd9Sstevel@tonic-gate */ 587c478bd9Sstevel@tonic-gate static char *cmd_table[] = { 597c478bd9Sstevel@tonic-gate "list", 607c478bd9Sstevel@tonic-gate "disable", 617c478bd9Sstevel@tonic-gate "enable", 627c478bd9Sstevel@tonic-gate "install", 637c478bd9Sstevel@tonic-gate "uninstall", 647c478bd9Sstevel@tonic-gate "unload", 657c478bd9Sstevel@tonic-gate "refresh", 667c478bd9Sstevel@tonic-gate "start", 677c478bd9Sstevel@tonic-gate "stop", 687c478bd9Sstevel@tonic-gate "--help" }; 697c478bd9Sstevel@tonic-gate 707c478bd9Sstevel@tonic-gate /* provider type */ 717c478bd9Sstevel@tonic-gate enum provider_type_index { 727c478bd9Sstevel@tonic-gate PROV_UEF_LIB, 737c478bd9Sstevel@tonic-gate PROV_KEF_SOFT, 747c478bd9Sstevel@tonic-gate PROV_KEF_HARD, 757c478bd9Sstevel@tonic-gate METASLOT, 767c478bd9Sstevel@tonic-gate PROV_BADNAME }; 777c478bd9Sstevel@tonic-gate 787c478bd9Sstevel@tonic-gate typedef struct { 797c478bd9Sstevel@tonic-gate char cp_name[MAXPATHLEN]; 807c478bd9Sstevel@tonic-gate enum provider_type_index cp_type; 817c478bd9Sstevel@tonic-gate } cryptoadm_provider_t; 827c478bd9Sstevel@tonic-gate 837c478bd9Sstevel@tonic-gate /* 840a85b835SDaniel Anderson * TRANSLATION_NOTE 857c478bd9Sstevel@tonic-gate * Operand keywords are not to be translated. 867c478bd9Sstevel@tonic-gate */ 877c478bd9Sstevel@tonic-gate static const char *KN_PROVIDER = "provider="; 887c478bd9Sstevel@tonic-gate static const char *KN_MECH = "mechanism="; 897c478bd9Sstevel@tonic-gate static const char *KN_ALL = "all"; 907c478bd9Sstevel@tonic-gate static const char *KN_TOKEN = "token="; 917c478bd9Sstevel@tonic-gate static const char *KN_SLOT = "slot="; 927c478bd9Sstevel@tonic-gate static const char *KN_DEFAULT_KS = "default-keystore"; 937c478bd9Sstevel@tonic-gate static const char *KN_AUTO_KEY_MIGRATE = "auto-key-migrate"; 947c478bd9Sstevel@tonic-gate 957c478bd9Sstevel@tonic-gate /* static variables */ 967c478bd9Sstevel@tonic-gate static boolean_t allflag = B_FALSE; 977c478bd9Sstevel@tonic-gate static boolean_t rndflag = B_FALSE; 987c478bd9Sstevel@tonic-gate static mechlist_t *mecharglist = NULL; 997c478bd9Sstevel@tonic-gate 1007c478bd9Sstevel@tonic-gate /* static functions */ 1017c478bd9Sstevel@tonic-gate static void usage(void); 1027c478bd9Sstevel@tonic-gate static int get_provider_type(char *); 1037c478bd9Sstevel@tonic-gate static int process_mech_operands(int, char **, boolean_t); 1047c478bd9Sstevel@tonic-gate static int do_list(int, char **); 1057c478bd9Sstevel@tonic-gate static int do_disable(int, char **); 1067c478bd9Sstevel@tonic-gate static int do_enable(int, char **); 1077c478bd9Sstevel@tonic-gate static int do_install(int, char **); 1087c478bd9Sstevel@tonic-gate static int do_uninstall(int, char **); 1097c478bd9Sstevel@tonic-gate static int do_unload(int, char **); 1107c478bd9Sstevel@tonic-gate static int do_refresh(int); 1117c478bd9Sstevel@tonic-gate static int do_start(int); 1127c478bd9Sstevel@tonic-gate static int do_stop(int); 1137c478bd9Sstevel@tonic-gate static int list_simple_for_all(boolean_t); 1147c478bd9Sstevel@tonic-gate static int list_mechlist_for_all(boolean_t); 1157c478bd9Sstevel@tonic-gate static int list_policy_for_all(void); 1167c478bd9Sstevel@tonic-gate 1177c478bd9Sstevel@tonic-gate int 1187c478bd9Sstevel@tonic-gate main(int argc, char *argv[]) 1197c478bd9Sstevel@tonic-gate { 1207c478bd9Sstevel@tonic-gate char *subcmd; 1217c478bd9Sstevel@tonic-gate int cmdnum; 1227c478bd9Sstevel@tonic-gate int cmd_index = 0; 1237c478bd9Sstevel@tonic-gate int rc = SUCCESS; 1247c478bd9Sstevel@tonic-gate 1257c478bd9Sstevel@tonic-gate (void) setlocale(LC_ALL, ""); 1267c478bd9Sstevel@tonic-gate 1277c478bd9Sstevel@tonic-gate #if !defined(TEXT_DOMAIN) /* Should be defined by cc -D */ 1287c478bd9Sstevel@tonic-gate #define TEXT_DOMAIN "SYS_TEST" /* Use this only if it weren't */ 1297c478bd9Sstevel@tonic-gate #endif 1307c478bd9Sstevel@tonic-gate (void) textdomain(TEXT_DOMAIN); 1317c478bd9Sstevel@tonic-gate 1327c478bd9Sstevel@tonic-gate cryptodebug_init(basename(argv[0])); 1337c478bd9Sstevel@tonic-gate 1347c478bd9Sstevel@tonic-gate if (argc < REQ_ARG_CNT) { 1357c478bd9Sstevel@tonic-gate usage(); 1367c478bd9Sstevel@tonic-gate return (ERROR_USAGE); 1377c478bd9Sstevel@tonic-gate } 1387c478bd9Sstevel@tonic-gate 1397c478bd9Sstevel@tonic-gate /* get the subcommand index */ 1407c478bd9Sstevel@tonic-gate cmd_index = 0; 1417c478bd9Sstevel@tonic-gate subcmd = argv[1]; 1427c478bd9Sstevel@tonic-gate cmdnum = sizeof (cmd_table)/sizeof (cmd_table[0]); 1437c478bd9Sstevel@tonic-gate 1447c478bd9Sstevel@tonic-gate while ((cmd_index < cmdnum) && 1457c478bd9Sstevel@tonic-gate (strcmp(subcmd, cmd_table[cmd_index]) != 0)) { 1467c478bd9Sstevel@tonic-gate cmd_index++; 1477c478bd9Sstevel@tonic-gate } 1487c478bd9Sstevel@tonic-gate if (cmd_index >= cmdnum) { 1497c478bd9Sstevel@tonic-gate usage(); 1507c478bd9Sstevel@tonic-gate return (ERROR_USAGE); 1517c478bd9Sstevel@tonic-gate } 1527c478bd9Sstevel@tonic-gate 1537c478bd9Sstevel@tonic-gate /* do the subcommand */ 1547c478bd9Sstevel@tonic-gate switch (cmd_index) { 1557c478bd9Sstevel@tonic-gate case CRYPTO_LIST: 1567c478bd9Sstevel@tonic-gate rc = do_list(argc, argv); 1577c478bd9Sstevel@tonic-gate break; 1587c478bd9Sstevel@tonic-gate case CRYPTO_DISABLE: 1597c478bd9Sstevel@tonic-gate rc = do_disable(argc, argv); 1607c478bd9Sstevel@tonic-gate break; 1617c478bd9Sstevel@tonic-gate case CRYPTO_ENABLE: 1627c478bd9Sstevel@tonic-gate rc = do_enable(argc, argv); 1637c478bd9Sstevel@tonic-gate break; 1647c478bd9Sstevel@tonic-gate case CRYPTO_INSTALL: 1657c478bd9Sstevel@tonic-gate rc = do_install(argc, argv); 1667c478bd9Sstevel@tonic-gate break; 1677c478bd9Sstevel@tonic-gate case CRYPTO_UNINSTALL: 1687c478bd9Sstevel@tonic-gate rc = do_uninstall(argc, argv); 1697c478bd9Sstevel@tonic-gate break; 1707c478bd9Sstevel@tonic-gate case CRYPTO_UNLOAD: 1717c478bd9Sstevel@tonic-gate rc = do_unload(argc, argv); 1727c478bd9Sstevel@tonic-gate break; 1737c478bd9Sstevel@tonic-gate case CRYPTO_REFRESH: 1747c478bd9Sstevel@tonic-gate rc = do_refresh(argc); 1757c478bd9Sstevel@tonic-gate break; 1767c478bd9Sstevel@tonic-gate case CRYPTO_START: 1777c478bd9Sstevel@tonic-gate rc = do_start(argc); 1787c478bd9Sstevel@tonic-gate break; 1797c478bd9Sstevel@tonic-gate case CRYPTO_STOP: 1807c478bd9Sstevel@tonic-gate rc = do_stop(argc); 1817c478bd9Sstevel@tonic-gate break; 1827c478bd9Sstevel@tonic-gate case CRYPTO_HELP: 1837c478bd9Sstevel@tonic-gate usage(); 1847c478bd9Sstevel@tonic-gate rc = SUCCESS; 1857c478bd9Sstevel@tonic-gate break; 1867c478bd9Sstevel@tonic-gate default: /* should not come here */ 1877c478bd9Sstevel@tonic-gate usage(); 1887c478bd9Sstevel@tonic-gate rc = ERROR_USAGE; 1897c478bd9Sstevel@tonic-gate break; 1907c478bd9Sstevel@tonic-gate } 1917c478bd9Sstevel@tonic-gate return (rc); 1927c478bd9Sstevel@tonic-gate } 1937c478bd9Sstevel@tonic-gate 1947c478bd9Sstevel@tonic-gate 1957c478bd9Sstevel@tonic-gate static void 1967c478bd9Sstevel@tonic-gate usage(void) 1977c478bd9Sstevel@tonic-gate { 1987c478bd9Sstevel@tonic-gate /* 1990a85b835SDaniel Anderson * TRANSLATION_NOTE 2007c478bd9Sstevel@tonic-gate * Command usage is not to be translated. Only the word "Usage:" 2017c478bd9Sstevel@tonic-gate * along with localized expressions indicating what kind of value 2027c478bd9Sstevel@tonic-gate * is expected for arguments. 2037c478bd9Sstevel@tonic-gate */ 2047c478bd9Sstevel@tonic-gate (void) fprintf(stderr, gettext("Usage:\n")); 2057c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 2067c478bd9Sstevel@tonic-gate " cryptoadm list [-mpv] [provider=<%s> | metaslot]" 2077c478bd9Sstevel@tonic-gate " [mechanism=<%s>]\n", 2087c478bd9Sstevel@tonic-gate gettext("provider-name"), gettext("mechanism-list")); 2097c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 2107c478bd9Sstevel@tonic-gate " cryptoadm disable provider=<%s>" 2117c478bd9Sstevel@tonic-gate " mechanism=<%s> | random | all\n", 2127c478bd9Sstevel@tonic-gate gettext("provider-name"), gettext("mechanism-list")); 2137c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 2147c478bd9Sstevel@tonic-gate " cryptoadm disable metaslot" 2157c478bd9Sstevel@tonic-gate " [auto-key-migrate] [mechanism=<%s>]\n", 2167c478bd9Sstevel@tonic-gate gettext("mechanism-list")); 2177c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 2187c478bd9Sstevel@tonic-gate " cryptoadm enable provider=<%s>" 2197c478bd9Sstevel@tonic-gate " mechanism=<%s> | random | all\n", 2207c478bd9Sstevel@tonic-gate gettext("provider-name"), gettext("mechanism-list")); 2217c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 2227c478bd9Sstevel@tonic-gate " cryptoadm enable metaslot [mechanism=<%s>]" 2237c478bd9Sstevel@tonic-gate " [[token=<%s>] [slot=<%s>]" 2247c478bd9Sstevel@tonic-gate " | [default-keystore]] | [auto-key-migrate]\n", 2257c478bd9Sstevel@tonic-gate gettext("mechanism-list"), gettext("token-label"), 2267c478bd9Sstevel@tonic-gate gettext("slot-description")); 2277c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 2287c478bd9Sstevel@tonic-gate " cryptoadm install provider=<%s>\n", 2297c478bd9Sstevel@tonic-gate gettext("provider-name")); 2307c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 2317c478bd9Sstevel@tonic-gate " cryptoadm install provider=<%s> [mechanism=<%s>]\n", 2327c478bd9Sstevel@tonic-gate gettext("provider-name"), gettext("mechanism-list")); 2337c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 2347c478bd9Sstevel@tonic-gate " cryptoadm uninstall provider=<%s>\n", 2357c478bd9Sstevel@tonic-gate gettext("provider-name")); 2367c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 2377c478bd9Sstevel@tonic-gate " cryptoadm unload provider=<%s>\n", 2387c478bd9Sstevel@tonic-gate gettext("provider-name")); 2397c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 2407c478bd9Sstevel@tonic-gate " cryptoadm refresh\n" 2417c478bd9Sstevel@tonic-gate " cryptoadm start\n" 2427c478bd9Sstevel@tonic-gate " cryptoadm stop\n" 2437c478bd9Sstevel@tonic-gate " cryptoadm --help\n"); 2447c478bd9Sstevel@tonic-gate } 2457c478bd9Sstevel@tonic-gate 2467c478bd9Sstevel@tonic-gate 2477c478bd9Sstevel@tonic-gate /* 2487c478bd9Sstevel@tonic-gate * Get the provider type. This function returns 2497c478bd9Sstevel@tonic-gate * - PROV_UEF_LIB if provname contains an absolute path name 2501b22764fSDaniel OpenSolaris Anderson * - PROV_KEF_SOFT if provname is a base name only (e.g., "aes"). 2517c478bd9Sstevel@tonic-gate * - PROV_KEF_HARD if provname contains one slash only and the slash is not 2521b22764fSDaniel OpenSolaris Anderson * the 1st character (e.g., "mca/0"). 2530a85b835SDaniel Anderson * - PROV_BADNAME otherwise. 2547c478bd9Sstevel@tonic-gate */ 2557c478bd9Sstevel@tonic-gate static int 2567c478bd9Sstevel@tonic-gate get_provider_type(char *provname) 2577c478bd9Sstevel@tonic-gate { 2587c478bd9Sstevel@tonic-gate char *pslash1; 2597c478bd9Sstevel@tonic-gate char *pslash2; 2607c478bd9Sstevel@tonic-gate 2617c478bd9Sstevel@tonic-gate if (provname == NULL) { 2627c478bd9Sstevel@tonic-gate return (FAILURE); 2637c478bd9Sstevel@tonic-gate } 2647c478bd9Sstevel@tonic-gate 2657c478bd9Sstevel@tonic-gate if (provname[0] == '/') { 2667c478bd9Sstevel@tonic-gate return (PROV_UEF_LIB); 2677c478bd9Sstevel@tonic-gate } else if ((pslash1 = strchr(provname, SEP_SLASH)) == NULL) { 2687c478bd9Sstevel@tonic-gate /* no slash */ 2697c478bd9Sstevel@tonic-gate return (PROV_KEF_SOFT); 2707c478bd9Sstevel@tonic-gate } else { 2717c478bd9Sstevel@tonic-gate pslash2 = strrchr(provname, SEP_SLASH); 2727c478bd9Sstevel@tonic-gate if (pslash1 == pslash2) { 2737c478bd9Sstevel@tonic-gate return (PROV_KEF_HARD); 2747c478bd9Sstevel@tonic-gate } else { 2757c478bd9Sstevel@tonic-gate return (PROV_BADNAME); 2767c478bd9Sstevel@tonic-gate } 2777c478bd9Sstevel@tonic-gate } 2787c478bd9Sstevel@tonic-gate } 2797c478bd9Sstevel@tonic-gate 2807c478bd9Sstevel@tonic-gate /* 2817c478bd9Sstevel@tonic-gate * Get the provider structure. This function returns NULL if no valid 2827c478bd9Sstevel@tonic-gate * provider= is found in argv[], otherwise a cryptoadm_provider_t is returned. 2837c478bd9Sstevel@tonic-gate * If provider= is found but has no argument, then a cryptoadm_provider_t 2847c478bd9Sstevel@tonic-gate * with cp_type = PROV_BADNAME is returned. 2857c478bd9Sstevel@tonic-gate */ 2867c478bd9Sstevel@tonic-gate static cryptoadm_provider_t * 2877c478bd9Sstevel@tonic-gate get_provider(int argc, char **argv) 2887c478bd9Sstevel@tonic-gate { 2897c478bd9Sstevel@tonic-gate int c = 0; 2907c478bd9Sstevel@tonic-gate boolean_t found = B_FALSE; 2917c478bd9Sstevel@tonic-gate cryptoadm_provider_t *provider = NULL; 2927c478bd9Sstevel@tonic-gate char *provstr = NULL, *savstr; 2937c478bd9Sstevel@tonic-gate boolean_t is_metaslot = B_FALSE; 2947c478bd9Sstevel@tonic-gate 2957c478bd9Sstevel@tonic-gate while (!found && ++c < argc) { 2967c478bd9Sstevel@tonic-gate if (strncmp(argv[c], METASLOT_KEYWORD, 2977c478bd9Sstevel@tonic-gate strlen(METASLOT_KEYWORD)) == 0) { 2987c478bd9Sstevel@tonic-gate is_metaslot = B_TRUE; 2997c478bd9Sstevel@tonic-gate found = B_TRUE; 3007c478bd9Sstevel@tonic-gate } else if (strncmp(argv[c], KN_PROVIDER, 3017c478bd9Sstevel@tonic-gate strlen(KN_PROVIDER)) == 0 && 3027c478bd9Sstevel@tonic-gate strlen(argv[c]) > strlen(KN_PROVIDER)) { 3037c478bd9Sstevel@tonic-gate if ((provstr = strdup(argv[c])) == NULL) { 3047c478bd9Sstevel@tonic-gate int err = errno; 3057c478bd9Sstevel@tonic-gate /* 3060a85b835SDaniel Anderson * TRANSLATION_NOTE 3077c478bd9Sstevel@tonic-gate * "get_provider" is a function name and should 3087c478bd9Sstevel@tonic-gate * not be translated. 3097c478bd9Sstevel@tonic-gate */ 3107c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, "get_provider: %s.", 3117c478bd9Sstevel@tonic-gate strerror(err)); 3127c478bd9Sstevel@tonic-gate return (NULL); 3137c478bd9Sstevel@tonic-gate } 3147c478bd9Sstevel@tonic-gate found = B_TRUE; 3157c478bd9Sstevel@tonic-gate } 3167c478bd9Sstevel@tonic-gate } 3177c478bd9Sstevel@tonic-gate if (!found) 3187c478bd9Sstevel@tonic-gate return (NULL); 3197c478bd9Sstevel@tonic-gate 3207c478bd9Sstevel@tonic-gate provider = malloc(sizeof (cryptoadm_provider_t)); 3217c478bd9Sstevel@tonic-gate if (provider == NULL) { 3227c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("out of memory.")); 3237c478bd9Sstevel@tonic-gate if (provstr) { 3247c478bd9Sstevel@tonic-gate free(provstr); 3257c478bd9Sstevel@tonic-gate } 3267c478bd9Sstevel@tonic-gate return (NULL); 3277c478bd9Sstevel@tonic-gate } 3287c478bd9Sstevel@tonic-gate 3297c478bd9Sstevel@tonic-gate if (is_metaslot) { 3307c478bd9Sstevel@tonic-gate (void) strlcpy(provider->cp_name, METASLOT_KEYWORD, 3317c478bd9Sstevel@tonic-gate strlen(METASLOT_KEYWORD)); 3327c478bd9Sstevel@tonic-gate provider->cp_type = METASLOT; 3337c478bd9Sstevel@tonic-gate } else { 3347c478bd9Sstevel@tonic-gate 3357c478bd9Sstevel@tonic-gate savstr = provstr; 3367c478bd9Sstevel@tonic-gate (void) strtok(provstr, "="); 3377c478bd9Sstevel@tonic-gate provstr = strtok(NULL, "="); 3387c478bd9Sstevel@tonic-gate if (provstr == NULL) { 3397c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("bad provider name.")); 3407c478bd9Sstevel@tonic-gate provider->cp_type = PROV_BADNAME; 3417c478bd9Sstevel@tonic-gate free(savstr); 3427c478bd9Sstevel@tonic-gate return (provider); 3437c478bd9Sstevel@tonic-gate } 3447c478bd9Sstevel@tonic-gate 3457c478bd9Sstevel@tonic-gate (void) strlcpy(provider->cp_name, provstr, 3467c478bd9Sstevel@tonic-gate sizeof (provider->cp_name)); 3477c478bd9Sstevel@tonic-gate provider->cp_type = get_provider_type(provider->cp_name); 3487c478bd9Sstevel@tonic-gate 3497c478bd9Sstevel@tonic-gate free(savstr); 3507c478bd9Sstevel@tonic-gate } 3517c478bd9Sstevel@tonic-gate return (provider); 3527c478bd9Sstevel@tonic-gate } 3537c478bd9Sstevel@tonic-gate 3547c478bd9Sstevel@tonic-gate /* 3557c478bd9Sstevel@tonic-gate * Process the "feature" operands. 3567c478bd9Sstevel@tonic-gate * 3577c478bd9Sstevel@tonic-gate * "argc" and "argv" contain values specified on the command line. 3587c478bd9Sstevel@tonic-gate * All other arguments are used for returning parsing results. 3597c478bd9Sstevel@tonic-gate * If any of these arguments are NULL, that keyword is not expected, 3607c478bd9Sstevel@tonic-gate * and FAILURE will be returned. 3617c478bd9Sstevel@tonic-gate */ 3627c478bd9Sstevel@tonic-gate static int 3637c478bd9Sstevel@tonic-gate process_metaslot_operands(int argc, char **argv, char **meta_ks_token, 3647c478bd9Sstevel@tonic-gate char **meta_ks_slot, boolean_t *use_default, 3657c478bd9Sstevel@tonic-gate boolean_t *auto_key_migrate_flag) 3667c478bd9Sstevel@tonic-gate { 3677c478bd9Sstevel@tonic-gate int c = 2; 3687c478bd9Sstevel@tonic-gate int rc = SUCCESS; 3697c478bd9Sstevel@tonic-gate 3707c478bd9Sstevel@tonic-gate while (++c < argc) { 3717c478bd9Sstevel@tonic-gate if ((strncmp(argv[c], KN_MECH, strlen(KN_MECH)) == 0) && 3727c478bd9Sstevel@tonic-gate strlen(argv[c]) > strlen(KN_MECH)) { 3737c478bd9Sstevel@tonic-gate 3747c478bd9Sstevel@tonic-gate /* process mechanism operands */ 3757c478bd9Sstevel@tonic-gate if ((rc = process_mech_operands(argc, argv, B_TRUE)) 3767c478bd9Sstevel@tonic-gate != SUCCESS) { 3777c478bd9Sstevel@tonic-gate goto finish; 3787c478bd9Sstevel@tonic-gate } 3797c478bd9Sstevel@tonic-gate 3807c478bd9Sstevel@tonic-gate } else if ((strncmp(argv[c], KN_TOKEN, 3817c478bd9Sstevel@tonic-gate strlen(KN_TOKEN)) == 0) && 3827c478bd9Sstevel@tonic-gate strlen(argv[c]) > strlen(KN_TOKEN)) { 3837c478bd9Sstevel@tonic-gate if ((meta_ks_token) && (strtok(argv[c], "=") != NULL)) { 3847c478bd9Sstevel@tonic-gate char *tmp; 3857c478bd9Sstevel@tonic-gate if ((tmp = strtok(NULL, "=")) != NULL) { 3867c478bd9Sstevel@tonic-gate *meta_ks_token = strdup(tmp); 3877c478bd9Sstevel@tonic-gate } else { 3887c478bd9Sstevel@tonic-gate return (FAILURE); 3897c478bd9Sstevel@tonic-gate } 3907c478bd9Sstevel@tonic-gate } else { 3917c478bd9Sstevel@tonic-gate return (FAILURE); 3927c478bd9Sstevel@tonic-gate } 3937c478bd9Sstevel@tonic-gate 3947c478bd9Sstevel@tonic-gate } else if ((strncmp(argv[c], KN_SLOT, 3957c478bd9Sstevel@tonic-gate strlen(KN_SLOT)) == 0) && 3967c478bd9Sstevel@tonic-gate strlen(argv[c]) > strlen(KN_SLOT)) { 3977c478bd9Sstevel@tonic-gate 3987c478bd9Sstevel@tonic-gate if ((meta_ks_slot) && (strtok(argv[c], "=") != NULL)) { 3997c478bd9Sstevel@tonic-gate char *tmp; 4007c478bd9Sstevel@tonic-gate if ((tmp = strtok(NULL, "=")) != NULL) { 4017c478bd9Sstevel@tonic-gate *meta_ks_slot = strdup(tmp); 4027c478bd9Sstevel@tonic-gate } else { 4037c478bd9Sstevel@tonic-gate return (FAILURE); 4047c478bd9Sstevel@tonic-gate } 4057c478bd9Sstevel@tonic-gate } else { 4067c478bd9Sstevel@tonic-gate return (FAILURE); 4077c478bd9Sstevel@tonic-gate } 4087c478bd9Sstevel@tonic-gate 4097c478bd9Sstevel@tonic-gate } else if (strncmp(argv[c], KN_DEFAULT_KS, 4107c478bd9Sstevel@tonic-gate strlen(KN_DEFAULT_KS)) == 0) { 4117c478bd9Sstevel@tonic-gate 4127c478bd9Sstevel@tonic-gate if (use_default) { 4137c478bd9Sstevel@tonic-gate *use_default = B_TRUE; 4147c478bd9Sstevel@tonic-gate } else { 4157c478bd9Sstevel@tonic-gate return (FAILURE); 4167c478bd9Sstevel@tonic-gate } 4177c478bd9Sstevel@tonic-gate } else if (strncmp(argv[c], KN_AUTO_KEY_MIGRATE, 4187c478bd9Sstevel@tonic-gate strlen(KN_AUTO_KEY_MIGRATE)) == 0) { 4197c478bd9Sstevel@tonic-gate 4207c478bd9Sstevel@tonic-gate if (auto_key_migrate_flag) { 4217c478bd9Sstevel@tonic-gate *auto_key_migrate_flag = B_TRUE; 4227c478bd9Sstevel@tonic-gate } else { 4237c478bd9Sstevel@tonic-gate return (FAILURE); 4247c478bd9Sstevel@tonic-gate } 4257c478bd9Sstevel@tonic-gate } else { 4267c478bd9Sstevel@tonic-gate return (FAILURE); 4277c478bd9Sstevel@tonic-gate } 4287c478bd9Sstevel@tonic-gate } 4297c478bd9Sstevel@tonic-gate finish: 4307c478bd9Sstevel@tonic-gate return (rc); 4317c478bd9Sstevel@tonic-gate } 4327c478bd9Sstevel@tonic-gate 4337c478bd9Sstevel@tonic-gate /* 4347c478bd9Sstevel@tonic-gate * Process the "feature" operands. 4357c478bd9Sstevel@tonic-gate */ 4367c478bd9Sstevel@tonic-gate static int 4377c478bd9Sstevel@tonic-gate process_feature_operands(int argc, char **argv) 4387c478bd9Sstevel@tonic-gate { 4397c478bd9Sstevel@tonic-gate int c = 2; 4407c478bd9Sstevel@tonic-gate 4417c478bd9Sstevel@tonic-gate while (++c < argc) { 4427c478bd9Sstevel@tonic-gate if (strcmp(argv[c], KN_ALL) == 0) { 4437c478bd9Sstevel@tonic-gate allflag = B_TRUE; 4447c478bd9Sstevel@tonic-gate rndflag = B_TRUE; /* all includes random also. */ 4457c478bd9Sstevel@tonic-gate } else if (strcmp(argv[c], RANDOM) == 0) { 4467c478bd9Sstevel@tonic-gate rndflag = B_TRUE; 4477c478bd9Sstevel@tonic-gate } 4487c478bd9Sstevel@tonic-gate } 4497c478bd9Sstevel@tonic-gate return (SUCCESS); 4507c478bd9Sstevel@tonic-gate } 4517c478bd9Sstevel@tonic-gate 4527c478bd9Sstevel@tonic-gate /* 4537c478bd9Sstevel@tonic-gate * Process the mechanism operands for the disable, enable and install 4547c478bd9Sstevel@tonic-gate * subcommands. This function sets the static variable allflag to be B_TRUE 4557c478bd9Sstevel@tonic-gate * if the keyword "all" is specified, otherwise builds a link list of the 4567c478bd9Sstevel@tonic-gate * mechanism operands and save it in the static variable mecharglist. 4577c478bd9Sstevel@tonic-gate * 4587c478bd9Sstevel@tonic-gate * This function returns 4597c478bd9Sstevel@tonic-gate * ERROR_USAGE: mechanism operand is missing. 4607c478bd9Sstevel@tonic-gate * FAILURE: out of memory. 4617c478bd9Sstevel@tonic-gate * SUCCESS: otherwise. 4627c478bd9Sstevel@tonic-gate */ 4637c478bd9Sstevel@tonic-gate static int 4647c478bd9Sstevel@tonic-gate process_mech_operands(int argc, char **argv, boolean_t quiet) 4657c478bd9Sstevel@tonic-gate { 4667c478bd9Sstevel@tonic-gate mechlist_t *pmech; 4677c478bd9Sstevel@tonic-gate mechlist_t *pcur = NULL; 4687c478bd9Sstevel@tonic-gate mechlist_t *phead = NULL; 4697c478bd9Sstevel@tonic-gate boolean_t found = B_FALSE; 4707c478bd9Sstevel@tonic-gate char *mechliststr = NULL; 4717c478bd9Sstevel@tonic-gate char *curmech = NULL; 4727c478bd9Sstevel@tonic-gate int c = -1; 4737c478bd9Sstevel@tonic-gate int rc = SUCCESS; 4747c478bd9Sstevel@tonic-gate 4757c478bd9Sstevel@tonic-gate while (!found && ++c < argc) { 4767c478bd9Sstevel@tonic-gate if ((strncmp(argv[c], KN_MECH, strlen(KN_MECH)) == 0) && 4777c478bd9Sstevel@tonic-gate strlen(argv[c]) > strlen(KN_MECH)) { 4787c478bd9Sstevel@tonic-gate found = B_TRUE; 4797c478bd9Sstevel@tonic-gate } 4807c478bd9Sstevel@tonic-gate } 4817c478bd9Sstevel@tonic-gate if (!found) { 4827c478bd9Sstevel@tonic-gate if (!quiet) 4837c478bd9Sstevel@tonic-gate /* 4840a85b835SDaniel Anderson * TRANSLATION_NOTE 4857c478bd9Sstevel@tonic-gate * "mechanism" could be either a literal keyword 4867c478bd9Sstevel@tonic-gate * and hence not to be translated, or a descriptive 4877c478bd9Sstevel@tonic-gate * word and translatable. A choice was made to 4887c478bd9Sstevel@tonic-gate * view it as a literal keyword. 4897c478bd9Sstevel@tonic-gate */ 4907c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, 4917c478bd9Sstevel@tonic-gate gettext("the %s operand is missing.\n"), 4927c478bd9Sstevel@tonic-gate "mechanism"); 4937c478bd9Sstevel@tonic-gate return (ERROR_USAGE); 4947c478bd9Sstevel@tonic-gate } 4957c478bd9Sstevel@tonic-gate (void) strtok(argv[c], "="); 4967c478bd9Sstevel@tonic-gate mechliststr = strtok(NULL, "="); 4977c478bd9Sstevel@tonic-gate 4987c478bd9Sstevel@tonic-gate if (strcmp(mechliststr, "all") == 0) { 4997c478bd9Sstevel@tonic-gate allflag = B_TRUE; 5007c478bd9Sstevel@tonic-gate mecharglist = NULL; 5017c478bd9Sstevel@tonic-gate return (SUCCESS); 5027c478bd9Sstevel@tonic-gate } 5037c478bd9Sstevel@tonic-gate 5047c478bd9Sstevel@tonic-gate curmech = strtok(mechliststr, ","); 5057c478bd9Sstevel@tonic-gate do { 5067c478bd9Sstevel@tonic-gate if ((pmech = create_mech(curmech)) == NULL) { 5077c478bd9Sstevel@tonic-gate rc = FAILURE; 5087c478bd9Sstevel@tonic-gate break; 5097c478bd9Sstevel@tonic-gate } else { 5107c478bd9Sstevel@tonic-gate if (phead == NULL) { 5117c478bd9Sstevel@tonic-gate phead = pcur = pmech; 5127c478bd9Sstevel@tonic-gate } else { 5137c478bd9Sstevel@tonic-gate pcur->next = pmech; 5147c478bd9Sstevel@tonic-gate pcur = pmech; 5157c478bd9Sstevel@tonic-gate } 5167c478bd9Sstevel@tonic-gate } 5177c478bd9Sstevel@tonic-gate } while ((curmech = strtok(NULL, ",")) != NULL); 5187c478bd9Sstevel@tonic-gate 5197c478bd9Sstevel@tonic-gate if (rc == FAILURE) { 5207c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("out of memory.")); 5217c478bd9Sstevel@tonic-gate free_mechlist(phead); 5227c478bd9Sstevel@tonic-gate } else { 5237c478bd9Sstevel@tonic-gate mecharglist = phead; 5247c478bd9Sstevel@tonic-gate rc = SUCCESS; 5257c478bd9Sstevel@tonic-gate } 5267c478bd9Sstevel@tonic-gate return (rc); 5277c478bd9Sstevel@tonic-gate } 5287c478bd9Sstevel@tonic-gate 5297c478bd9Sstevel@tonic-gate 5307c478bd9Sstevel@tonic-gate 5317c478bd9Sstevel@tonic-gate /* 5321b22764fSDaniel OpenSolaris Anderson * The top level function for the "cryptoadm list" subcommand and options. 5337c478bd9Sstevel@tonic-gate */ 5347c478bd9Sstevel@tonic-gate static int 5357c478bd9Sstevel@tonic-gate do_list(int argc, char **argv) 5367c478bd9Sstevel@tonic-gate { 5377c478bd9Sstevel@tonic-gate boolean_t mflag = B_FALSE; 5387c478bd9Sstevel@tonic-gate boolean_t pflag = B_FALSE; 5397c478bd9Sstevel@tonic-gate boolean_t vflag = B_FALSE; 5407c478bd9Sstevel@tonic-gate char ch; 5417c478bd9Sstevel@tonic-gate cryptoadm_provider_t *prov = NULL; 5427c478bd9Sstevel@tonic-gate int rc = SUCCESS; 5437c478bd9Sstevel@tonic-gate 5447c478bd9Sstevel@tonic-gate argc -= 1; 5457c478bd9Sstevel@tonic-gate argv += 1; 5467c478bd9Sstevel@tonic-gate 5477c478bd9Sstevel@tonic-gate if (argc == 1) { 5487c478bd9Sstevel@tonic-gate rc = list_simple_for_all(B_FALSE); 5497c478bd9Sstevel@tonic-gate goto out; 5507c478bd9Sstevel@tonic-gate } 5517c478bd9Sstevel@tonic-gate 5527c478bd9Sstevel@tonic-gate /* 5531b22764fSDaniel OpenSolaris Anderson * cryptoadm list [-v] [-m] [-p] [provider=<>] [mechanism=<>] 5547c478bd9Sstevel@tonic-gate */ 5557c478bd9Sstevel@tonic-gate if (argc > 5) { 5567c478bd9Sstevel@tonic-gate usage(); 5577c478bd9Sstevel@tonic-gate return (rc); 5587c478bd9Sstevel@tonic-gate } 5597c478bd9Sstevel@tonic-gate 5607c478bd9Sstevel@tonic-gate while ((ch = getopt(argc, argv, "mpv")) != EOF) { 5617c478bd9Sstevel@tonic-gate switch (ch) { 5627c478bd9Sstevel@tonic-gate case 'm': 5637c478bd9Sstevel@tonic-gate mflag = B_TRUE; 5647c478bd9Sstevel@tonic-gate if (pflag) { 5657c478bd9Sstevel@tonic-gate rc = ERROR_USAGE; 5667c478bd9Sstevel@tonic-gate } 5677c478bd9Sstevel@tonic-gate break; 5687c478bd9Sstevel@tonic-gate case 'p': 5697c478bd9Sstevel@tonic-gate pflag = B_TRUE; 5707c478bd9Sstevel@tonic-gate if (mflag || vflag) { 5717c478bd9Sstevel@tonic-gate rc = ERROR_USAGE; 5727c478bd9Sstevel@tonic-gate } 5737c478bd9Sstevel@tonic-gate break; 5747c478bd9Sstevel@tonic-gate case 'v': 5757c478bd9Sstevel@tonic-gate vflag = B_TRUE; 5767c478bd9Sstevel@tonic-gate if (pflag) 5777c478bd9Sstevel@tonic-gate rc = ERROR_USAGE; 5787c478bd9Sstevel@tonic-gate break; 5797c478bd9Sstevel@tonic-gate default: 5807c478bd9Sstevel@tonic-gate rc = ERROR_USAGE; 5817c478bd9Sstevel@tonic-gate break; 5827c478bd9Sstevel@tonic-gate } 5837c478bd9Sstevel@tonic-gate } 5847c478bd9Sstevel@tonic-gate 5857c478bd9Sstevel@tonic-gate if (rc == ERROR_USAGE) { 5867c478bd9Sstevel@tonic-gate usage(); 5877c478bd9Sstevel@tonic-gate return (rc); 5887c478bd9Sstevel@tonic-gate } 5897c478bd9Sstevel@tonic-gate 5907c478bd9Sstevel@tonic-gate if ((rc = process_feature_operands(argc, argv)) != SUCCESS) { 5917c478bd9Sstevel@tonic-gate goto out; 5927c478bd9Sstevel@tonic-gate } 5937c478bd9Sstevel@tonic-gate 5947c478bd9Sstevel@tonic-gate prov = get_provider(argc, argv); 5957c478bd9Sstevel@tonic-gate 5967c478bd9Sstevel@tonic-gate if (mflag || vflag) { 5977c478bd9Sstevel@tonic-gate if (argc > 0) { 5987c478bd9Sstevel@tonic-gate rc = process_mech_operands(argc, argv, B_TRUE); 5997c478bd9Sstevel@tonic-gate if (rc == FAILURE) 6007c478bd9Sstevel@tonic-gate goto out; 6017c478bd9Sstevel@tonic-gate /* "-m" is implied when a mechanism list is given */ 6027c478bd9Sstevel@tonic-gate if (mecharglist != NULL || allflag) 6037c478bd9Sstevel@tonic-gate mflag = B_TRUE; 6047c478bd9Sstevel@tonic-gate } 6057c478bd9Sstevel@tonic-gate } 6067c478bd9Sstevel@tonic-gate 6077c478bd9Sstevel@tonic-gate if (prov == NULL) { 6087c478bd9Sstevel@tonic-gate if (mflag) { 6097c478bd9Sstevel@tonic-gate rc = list_mechlist_for_all(vflag); 6107c478bd9Sstevel@tonic-gate } else if (pflag) { 6117c478bd9Sstevel@tonic-gate rc = list_policy_for_all(); 6127c478bd9Sstevel@tonic-gate } else if (vflag) { 6137c478bd9Sstevel@tonic-gate rc = list_simple_for_all(vflag); 6147c478bd9Sstevel@tonic-gate } 6157c478bd9Sstevel@tonic-gate } else if (prov->cp_type == METASLOT) { 6167c478bd9Sstevel@tonic-gate if ((!mflag) && (!vflag) && (!pflag)) { 6177c478bd9Sstevel@tonic-gate /* no flag is specified, just list metaslot status */ 6187c478bd9Sstevel@tonic-gate rc = list_metaslot_info(mflag, vflag, mecharglist); 6197c478bd9Sstevel@tonic-gate } else if (mflag || vflag) { 6207c478bd9Sstevel@tonic-gate rc = list_metaslot_info(mflag, vflag, mecharglist); 6217c478bd9Sstevel@tonic-gate } else if (pflag) { 6227c478bd9Sstevel@tonic-gate rc = list_metaslot_policy(); 6237c478bd9Sstevel@tonic-gate } else { 6247c478bd9Sstevel@tonic-gate /* error message */ 6257c478bd9Sstevel@tonic-gate usage(); 6267c478bd9Sstevel@tonic-gate rc = ERROR_USAGE; 6277c478bd9Sstevel@tonic-gate } 6287c478bd9Sstevel@tonic-gate } else if (prov->cp_type == PROV_BADNAME) { 6297c478bd9Sstevel@tonic-gate usage(); 6307c478bd9Sstevel@tonic-gate rc = ERROR_USAGE; 6317c478bd9Sstevel@tonic-gate goto out; 6327c478bd9Sstevel@tonic-gate } else { /* do the listing for a provider only */ 6331b22764fSDaniel OpenSolaris Anderson char *provname = prov->cp_name; 6341b22764fSDaniel OpenSolaris Anderson 6357c478bd9Sstevel@tonic-gate if (mflag || vflag) { 6367c478bd9Sstevel@tonic-gate if (vflag) 6377c478bd9Sstevel@tonic-gate (void) printf(gettext("Provider: %s\n"), 6381b22764fSDaniel OpenSolaris Anderson provname); 6397c478bd9Sstevel@tonic-gate switch (prov->cp_type) { 6407c478bd9Sstevel@tonic-gate case PROV_UEF_LIB: 6411b22764fSDaniel OpenSolaris Anderson rc = list_mechlist_for_lib(provname, 6421b22764fSDaniel OpenSolaris Anderson mecharglist, NULL, B_FALSE, vflag, mflag); 6437c478bd9Sstevel@tonic-gate break; 6447c478bd9Sstevel@tonic-gate case PROV_KEF_SOFT: 6451b22764fSDaniel OpenSolaris Anderson rc = list_mechlist_for_soft(provname, 646d616ad8eSHai-May Chao NULL, NULL); 6477c478bd9Sstevel@tonic-gate break; 6487c478bd9Sstevel@tonic-gate case PROV_KEF_HARD: 6491b22764fSDaniel OpenSolaris Anderson rc = list_mechlist_for_hard(provname); 6507c478bd9Sstevel@tonic-gate break; 6517c478bd9Sstevel@tonic-gate default: /* should not come here */ 6527c478bd9Sstevel@tonic-gate rc = FAILURE; 6537c478bd9Sstevel@tonic-gate break; 6547c478bd9Sstevel@tonic-gate } 6557c478bd9Sstevel@tonic-gate } else if (pflag) { 6567c478bd9Sstevel@tonic-gate switch (prov->cp_type) { 6577c478bd9Sstevel@tonic-gate case PROV_UEF_LIB: 6581b22764fSDaniel OpenSolaris Anderson rc = list_policy_for_lib(provname); 6597c478bd9Sstevel@tonic-gate break; 6607c478bd9Sstevel@tonic-gate case PROV_KEF_SOFT: 6617c478bd9Sstevel@tonic-gate if (getzoneid() == GLOBAL_ZONEID) { 6621b22764fSDaniel OpenSolaris Anderson rc = list_policy_for_soft(provname, 663d616ad8eSHai-May Chao NULL, NULL); 6647c478bd9Sstevel@tonic-gate } else { 6657c478bd9Sstevel@tonic-gate /* 6660a85b835SDaniel Anderson * TRANSLATION_NOTE 6677c478bd9Sstevel@tonic-gate * "global" is keyword and not to 6687c478bd9Sstevel@tonic-gate * be translated. 6697c478bd9Sstevel@tonic-gate */ 6707c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext( 6717c478bd9Sstevel@tonic-gate "policy information for kernel " 6727c478bd9Sstevel@tonic-gate "providers is available " 6737c478bd9Sstevel@tonic-gate "in the %s zone only"), "global"); 6747c478bd9Sstevel@tonic-gate rc = FAILURE; 6757c478bd9Sstevel@tonic-gate } 6767c478bd9Sstevel@tonic-gate break; 6777c478bd9Sstevel@tonic-gate case PROV_KEF_HARD: 6787c478bd9Sstevel@tonic-gate if (getzoneid() == GLOBAL_ZONEID) { 6797c478bd9Sstevel@tonic-gate rc = list_policy_for_hard( 680d616ad8eSHai-May Chao provname, NULL, NULL, NULL); 6817c478bd9Sstevel@tonic-gate } else { 6827c478bd9Sstevel@tonic-gate /* 6830a85b835SDaniel Anderson * TRANSLATION_NOTE 6847c478bd9Sstevel@tonic-gate * "global" is keyword and not to 6857c478bd9Sstevel@tonic-gate * be translated. 6867c478bd9Sstevel@tonic-gate */ 6877c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext( 6887c478bd9Sstevel@tonic-gate "policy information for kernel " 6897c478bd9Sstevel@tonic-gate "providers is available " 6907c478bd9Sstevel@tonic-gate "in the %s zone only"), "global"); 6917c478bd9Sstevel@tonic-gate rc = FAILURE; 6927c478bd9Sstevel@tonic-gate } 6937c478bd9Sstevel@tonic-gate 6947c478bd9Sstevel@tonic-gate break; 6957c478bd9Sstevel@tonic-gate default: /* should not come here */ 6967c478bd9Sstevel@tonic-gate rc = FAILURE; 6977c478bd9Sstevel@tonic-gate break; 6987c478bd9Sstevel@tonic-gate } 6997c478bd9Sstevel@tonic-gate } else { 7007c478bd9Sstevel@tonic-gate /* error message */ 7017c478bd9Sstevel@tonic-gate usage(); 7027c478bd9Sstevel@tonic-gate rc = ERROR_USAGE; 7037c478bd9Sstevel@tonic-gate } 7047c478bd9Sstevel@tonic-gate } 7057c478bd9Sstevel@tonic-gate 7067c478bd9Sstevel@tonic-gate out: 7077c478bd9Sstevel@tonic-gate if (prov != NULL) 7087c478bd9Sstevel@tonic-gate free(prov); 7097c478bd9Sstevel@tonic-gate 7107c478bd9Sstevel@tonic-gate if (mecharglist != NULL) 7117c478bd9Sstevel@tonic-gate free_mechlist(mecharglist); 7127c478bd9Sstevel@tonic-gate return (rc); 7137c478bd9Sstevel@tonic-gate } 7147c478bd9Sstevel@tonic-gate 7157c478bd9Sstevel@tonic-gate 7167c478bd9Sstevel@tonic-gate /* 7171b22764fSDaniel OpenSolaris Anderson * The top level function for the "cryptoadm disable" subcommand. 7187c478bd9Sstevel@tonic-gate */ 7197c478bd9Sstevel@tonic-gate static int 7207c478bd9Sstevel@tonic-gate do_disable(int argc, char **argv) 7217c478bd9Sstevel@tonic-gate { 7227c478bd9Sstevel@tonic-gate cryptoadm_provider_t *prov = NULL; 7237c478bd9Sstevel@tonic-gate int rc = SUCCESS; 7247c478bd9Sstevel@tonic-gate boolean_t auto_key_migrate_flag = B_FALSE; 7257c478bd9Sstevel@tonic-gate 7267c478bd9Sstevel@tonic-gate if ((argc < 3) || (argc > 5)) { 7277c478bd9Sstevel@tonic-gate usage(); 7287c478bd9Sstevel@tonic-gate return (ERROR_USAGE); 7297c478bd9Sstevel@tonic-gate } 7307c478bd9Sstevel@tonic-gate 7317c478bd9Sstevel@tonic-gate prov = get_provider(argc, argv); 7327c478bd9Sstevel@tonic-gate if (prov == NULL) { 7337c478bd9Sstevel@tonic-gate usage(); 7347c478bd9Sstevel@tonic-gate return (ERROR_USAGE); 7357c478bd9Sstevel@tonic-gate } 7367c478bd9Sstevel@tonic-gate if (prov->cp_type == PROV_BADNAME) { 7377c478bd9Sstevel@tonic-gate return (FAILURE); 7387c478bd9Sstevel@tonic-gate } 7397c478bd9Sstevel@tonic-gate 7407c478bd9Sstevel@tonic-gate if ((rc = process_feature_operands(argc, argv)) != SUCCESS) { 7417c478bd9Sstevel@tonic-gate goto out; 7427c478bd9Sstevel@tonic-gate } 7437c478bd9Sstevel@tonic-gate 7447c478bd9Sstevel@tonic-gate /* 7457c478bd9Sstevel@tonic-gate * If allflag or rndflag has already been set there is no reason to 7467c478bd9Sstevel@tonic-gate * process mech= 7477c478bd9Sstevel@tonic-gate */ 7487c478bd9Sstevel@tonic-gate if (prov->cp_type == METASLOT) { 7497c478bd9Sstevel@tonic-gate if ((argc > 3) && 7507c478bd9Sstevel@tonic-gate (rc = process_metaslot_operands(argc, argv, 7517c478bd9Sstevel@tonic-gate NULL, NULL, NULL, &auto_key_migrate_flag)) != SUCCESS) { 7527c478bd9Sstevel@tonic-gate usage(); 7537c478bd9Sstevel@tonic-gate return (rc); 7547c478bd9Sstevel@tonic-gate } 7557c478bd9Sstevel@tonic-gate } else if (!allflag && !rndflag && 7567c478bd9Sstevel@tonic-gate (rc = process_mech_operands(argc, argv, B_FALSE)) != SUCCESS) { 7577c478bd9Sstevel@tonic-gate return (rc); 7587c478bd9Sstevel@tonic-gate } 7597c478bd9Sstevel@tonic-gate 7607c478bd9Sstevel@tonic-gate switch (prov->cp_type) { 7617c478bd9Sstevel@tonic-gate case METASLOT: 7627c478bd9Sstevel@tonic-gate rc = disable_metaslot(mecharglist, allflag, 7637c478bd9Sstevel@tonic-gate auto_key_migrate_flag); 7647c478bd9Sstevel@tonic-gate break; 7657c478bd9Sstevel@tonic-gate case PROV_UEF_LIB: 7667c478bd9Sstevel@tonic-gate rc = disable_uef_lib(prov->cp_name, rndflag, allflag, 7677c478bd9Sstevel@tonic-gate mecharglist); 7687c478bd9Sstevel@tonic-gate break; 7697c478bd9Sstevel@tonic-gate case PROV_KEF_SOFT: 7707c478bd9Sstevel@tonic-gate if (rndflag && !allflag) { 7717c478bd9Sstevel@tonic-gate if ((mecharglist = create_mech(RANDOM)) == NULL) { 7727c478bd9Sstevel@tonic-gate rc = FAILURE; 7737c478bd9Sstevel@tonic-gate break; 7747c478bd9Sstevel@tonic-gate } 7757c478bd9Sstevel@tonic-gate } 7767c478bd9Sstevel@tonic-gate if (getzoneid() == GLOBAL_ZONEID) { 7777c478bd9Sstevel@tonic-gate rc = disable_kef_software(prov->cp_name, rndflag, 7787c478bd9Sstevel@tonic-gate allflag, mecharglist); 7797c478bd9Sstevel@tonic-gate } else { 7807c478bd9Sstevel@tonic-gate /* 7810a85b835SDaniel Anderson * TRANSLATION_NOTE 7827c478bd9Sstevel@tonic-gate * "disable" could be either a literal keyword 7837c478bd9Sstevel@tonic-gate * and hence not to be translated, or a verb and 7847c478bd9Sstevel@tonic-gate * translatable. A choice was made to view it as 7857c478bd9Sstevel@tonic-gate * a literal keyword. "global" is keyword and not 7867c478bd9Sstevel@tonic-gate * to be translated. 7877c478bd9Sstevel@tonic-gate */ 7887c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("%1$s for kernel " 7897c478bd9Sstevel@tonic-gate "providers is supported in the %2$s zone only"), 7907c478bd9Sstevel@tonic-gate "disable", "global"); 7917c478bd9Sstevel@tonic-gate rc = FAILURE; 7927c478bd9Sstevel@tonic-gate } 7937c478bd9Sstevel@tonic-gate break; 7947c478bd9Sstevel@tonic-gate case PROV_KEF_HARD: 7957c478bd9Sstevel@tonic-gate if (rndflag && !allflag) { 7967c478bd9Sstevel@tonic-gate if ((mecharglist = create_mech(RANDOM)) == NULL) { 7977c478bd9Sstevel@tonic-gate rc = FAILURE; 7987c478bd9Sstevel@tonic-gate break; 7997c478bd9Sstevel@tonic-gate } 8007c478bd9Sstevel@tonic-gate } 8017c478bd9Sstevel@tonic-gate if (getzoneid() == GLOBAL_ZONEID) { 8027c478bd9Sstevel@tonic-gate rc = disable_kef_hardware(prov->cp_name, rndflag, 8037c478bd9Sstevel@tonic-gate allflag, mecharglist); 8047c478bd9Sstevel@tonic-gate } else { 8057c478bd9Sstevel@tonic-gate /* 8060a85b835SDaniel Anderson * TRANSLATION_NOTE 8077c478bd9Sstevel@tonic-gate * "disable" could be either a literal keyword 8087c478bd9Sstevel@tonic-gate * and hence not to be translated, or a verb and 8097c478bd9Sstevel@tonic-gate * translatable. A choice was made to view it as 8107c478bd9Sstevel@tonic-gate * a literal keyword. "global" is keyword and not 8117c478bd9Sstevel@tonic-gate * to be translated. 8127c478bd9Sstevel@tonic-gate */ 8137c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("%1$s for kernel " 8147c478bd9Sstevel@tonic-gate "providers is supported in the %2$s zone only"), 8157c478bd9Sstevel@tonic-gate "disable", "global"); 8167c478bd9Sstevel@tonic-gate rc = FAILURE; 8177c478bd9Sstevel@tonic-gate } 8187c478bd9Sstevel@tonic-gate break; 8197c478bd9Sstevel@tonic-gate default: /* should not come here */ 8207c478bd9Sstevel@tonic-gate rc = FAILURE; 8217c478bd9Sstevel@tonic-gate break; 8227c478bd9Sstevel@tonic-gate } 8237c478bd9Sstevel@tonic-gate 8247c478bd9Sstevel@tonic-gate out: 8257c478bd9Sstevel@tonic-gate free(prov); 8267c478bd9Sstevel@tonic-gate if (mecharglist != NULL) { 8277c478bd9Sstevel@tonic-gate free_mechlist(mecharglist); 8287c478bd9Sstevel@tonic-gate } 8297c478bd9Sstevel@tonic-gate return (rc); 8307c478bd9Sstevel@tonic-gate } 8317c478bd9Sstevel@tonic-gate 8327c478bd9Sstevel@tonic-gate 8337c478bd9Sstevel@tonic-gate /* 8341b22764fSDaniel OpenSolaris Anderson * The top level function for the "cryptoadm enable" subcommand. 8357c478bd9Sstevel@tonic-gate */ 8367c478bd9Sstevel@tonic-gate static int 8377c478bd9Sstevel@tonic-gate do_enable(int argc, char **argv) 8387c478bd9Sstevel@tonic-gate { 8397c478bd9Sstevel@tonic-gate cryptoadm_provider_t *prov = NULL; 8407c478bd9Sstevel@tonic-gate int rc = SUCCESS; 8417c478bd9Sstevel@tonic-gate char *alt_token = NULL, *alt_slot = NULL; 8421b22764fSDaniel OpenSolaris Anderson boolean_t use_default = B_FALSE; 8431b22764fSDaniel OpenSolaris Anderson boolean_t auto_key_migrate_flag = B_FALSE; 8447c478bd9Sstevel@tonic-gate 8457c478bd9Sstevel@tonic-gate if ((argc < 3) || (argc > 6)) { 8467c478bd9Sstevel@tonic-gate usage(); 8477c478bd9Sstevel@tonic-gate return (ERROR_USAGE); 8487c478bd9Sstevel@tonic-gate } 8497c478bd9Sstevel@tonic-gate 8507c478bd9Sstevel@tonic-gate prov = get_provider(argc, argv); 8517c478bd9Sstevel@tonic-gate if (prov == NULL) { 8527c478bd9Sstevel@tonic-gate usage(); 8537c478bd9Sstevel@tonic-gate return (ERROR_USAGE); 8547c478bd9Sstevel@tonic-gate } 8557c478bd9Sstevel@tonic-gate if ((prov->cp_type != METASLOT) && (argc != 4)) { 8567c478bd9Sstevel@tonic-gate usage(); 8577c478bd9Sstevel@tonic-gate return (ERROR_USAGE); 8587c478bd9Sstevel@tonic-gate } 8597c478bd9Sstevel@tonic-gate if (prov->cp_type == PROV_BADNAME) { 8607c478bd9Sstevel@tonic-gate rc = FAILURE; 8617c478bd9Sstevel@tonic-gate goto out; 8627c478bd9Sstevel@tonic-gate } 8637c478bd9Sstevel@tonic-gate 8647c478bd9Sstevel@tonic-gate 8657c478bd9Sstevel@tonic-gate if (prov->cp_type == METASLOT) { 8667c478bd9Sstevel@tonic-gate if ((rc = process_metaslot_operands(argc, argv, &alt_token, 8677c478bd9Sstevel@tonic-gate &alt_slot, &use_default, &auto_key_migrate_flag)) 8687c478bd9Sstevel@tonic-gate != SUCCESS) { 8697c478bd9Sstevel@tonic-gate usage(); 8707c478bd9Sstevel@tonic-gate goto out; 8717c478bd9Sstevel@tonic-gate } 8727c478bd9Sstevel@tonic-gate if ((alt_slot || alt_token) && use_default) { 8737c478bd9Sstevel@tonic-gate usage(); 8747c478bd9Sstevel@tonic-gate rc = FAILURE; 8757c478bd9Sstevel@tonic-gate goto out; 8767c478bd9Sstevel@tonic-gate } 8777c478bd9Sstevel@tonic-gate } else { 8787c478bd9Sstevel@tonic-gate if ((rc = process_feature_operands(argc, argv)) != SUCCESS) { 8797c478bd9Sstevel@tonic-gate goto out; 8807c478bd9Sstevel@tonic-gate } 8817c478bd9Sstevel@tonic-gate 8827c478bd9Sstevel@tonic-gate /* 8837c478bd9Sstevel@tonic-gate * If allflag or rndflag has already been set there is 8847c478bd9Sstevel@tonic-gate * no reason to process mech= 8857c478bd9Sstevel@tonic-gate */ 8867c478bd9Sstevel@tonic-gate if (!allflag && !rndflag && 8877c478bd9Sstevel@tonic-gate (rc = process_mech_operands(argc, argv, B_FALSE)) 8887c478bd9Sstevel@tonic-gate != SUCCESS) { 8897c478bd9Sstevel@tonic-gate goto out; 8907c478bd9Sstevel@tonic-gate } 8917c478bd9Sstevel@tonic-gate } 8927c478bd9Sstevel@tonic-gate 8937c478bd9Sstevel@tonic-gate switch (prov->cp_type) { 8947c478bd9Sstevel@tonic-gate case METASLOT: 8957c478bd9Sstevel@tonic-gate rc = enable_metaslot(alt_token, alt_slot, use_default, 8967c478bd9Sstevel@tonic-gate mecharglist, allflag, auto_key_migrate_flag); 8977c478bd9Sstevel@tonic-gate break; 8987c478bd9Sstevel@tonic-gate case PROV_UEF_LIB: 8997c478bd9Sstevel@tonic-gate rc = enable_uef_lib(prov->cp_name, rndflag, allflag, 9007c478bd9Sstevel@tonic-gate mecharglist); 9017c478bd9Sstevel@tonic-gate break; 9027c478bd9Sstevel@tonic-gate case PROV_KEF_SOFT: 9037c478bd9Sstevel@tonic-gate case PROV_KEF_HARD: 9047c478bd9Sstevel@tonic-gate if (rndflag && !allflag) { 9057c478bd9Sstevel@tonic-gate if ((mecharglist = create_mech(RANDOM)) == NULL) { 9067c478bd9Sstevel@tonic-gate rc = FAILURE; 9077c478bd9Sstevel@tonic-gate break; 9087c478bd9Sstevel@tonic-gate } 9097c478bd9Sstevel@tonic-gate } 9107c478bd9Sstevel@tonic-gate if (getzoneid() == GLOBAL_ZONEID) { 9117c478bd9Sstevel@tonic-gate rc = enable_kef(prov->cp_name, rndflag, allflag, 9127c478bd9Sstevel@tonic-gate mecharglist); 9137c478bd9Sstevel@tonic-gate } else { 9147c478bd9Sstevel@tonic-gate /* 9150a85b835SDaniel Anderson * TRANSLATION_NOTE 9167c478bd9Sstevel@tonic-gate * "enable" could be either a literal keyword 9177c478bd9Sstevel@tonic-gate * and hence not to be translated, or a verb and 9187c478bd9Sstevel@tonic-gate * translatable. A choice was made to view it as 9197c478bd9Sstevel@tonic-gate * a literal keyword. "global" is keyword and not 9207c478bd9Sstevel@tonic-gate * to be translated. 9217c478bd9Sstevel@tonic-gate */ 9227c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("%1$s for kernel " 9237c478bd9Sstevel@tonic-gate "providers is supported in the %2$s zone only"), 9247c478bd9Sstevel@tonic-gate "enable", "global"); 9257c478bd9Sstevel@tonic-gate rc = FAILURE; 9267c478bd9Sstevel@tonic-gate } 9277c478bd9Sstevel@tonic-gate break; 9287c478bd9Sstevel@tonic-gate default: /* should not come here */ 9297c478bd9Sstevel@tonic-gate rc = FAILURE; 9307c478bd9Sstevel@tonic-gate break; 9317c478bd9Sstevel@tonic-gate } 9327c478bd9Sstevel@tonic-gate out: 9337c478bd9Sstevel@tonic-gate free(prov); 9347c478bd9Sstevel@tonic-gate if (mecharglist != NULL) { 9357c478bd9Sstevel@tonic-gate free_mechlist(mecharglist); 9367c478bd9Sstevel@tonic-gate } 9377c478bd9Sstevel@tonic-gate if (alt_token != NULL) { 9387c478bd9Sstevel@tonic-gate free(alt_token); 9397c478bd9Sstevel@tonic-gate } 9407c478bd9Sstevel@tonic-gate if (alt_slot != NULL) { 9417c478bd9Sstevel@tonic-gate free(alt_slot); 9427c478bd9Sstevel@tonic-gate } 9437c478bd9Sstevel@tonic-gate return (rc); 9447c478bd9Sstevel@tonic-gate } 9457c478bd9Sstevel@tonic-gate 9467c478bd9Sstevel@tonic-gate 9477c478bd9Sstevel@tonic-gate 9487c478bd9Sstevel@tonic-gate /* 9491b22764fSDaniel OpenSolaris Anderson * The top level function for the "cryptoadm install" subcommand. 9507c478bd9Sstevel@tonic-gate */ 9517c478bd9Sstevel@tonic-gate static int 9527c478bd9Sstevel@tonic-gate do_install(int argc, char **argv) 9537c478bd9Sstevel@tonic-gate { 9547c478bd9Sstevel@tonic-gate cryptoadm_provider_t *prov = NULL; 9557c478bd9Sstevel@tonic-gate int rc; 9567c478bd9Sstevel@tonic-gate 9577c478bd9Sstevel@tonic-gate if (argc < 3) { 9587c478bd9Sstevel@tonic-gate usage(); 9597c478bd9Sstevel@tonic-gate return (ERROR_USAGE); 9607c478bd9Sstevel@tonic-gate } 9617c478bd9Sstevel@tonic-gate 9627c478bd9Sstevel@tonic-gate prov = get_provider(argc, argv); 9637c478bd9Sstevel@tonic-gate if (prov == NULL || 9647c478bd9Sstevel@tonic-gate prov->cp_type == PROV_BADNAME || prov->cp_type == PROV_KEF_HARD) { 9657c478bd9Sstevel@tonic-gate /* 9660a85b835SDaniel Anderson * TRANSLATION_NOTE 9677c478bd9Sstevel@tonic-gate * "install" could be either a literal keyword and hence 9687c478bd9Sstevel@tonic-gate * not to be translated, or a verb and translatable. A 9697c478bd9Sstevel@tonic-gate * choice was made to view it as a literal keyword. 9707c478bd9Sstevel@tonic-gate */ 9717c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, 9727c478bd9Sstevel@tonic-gate gettext("bad provider name for %s."), "install"); 9737c478bd9Sstevel@tonic-gate rc = FAILURE; 9747c478bd9Sstevel@tonic-gate goto out; 9757c478bd9Sstevel@tonic-gate } 9767c478bd9Sstevel@tonic-gate 9777c478bd9Sstevel@tonic-gate if (prov->cp_type == PROV_UEF_LIB) { 9787c478bd9Sstevel@tonic-gate rc = install_uef_lib(prov->cp_name); 9797c478bd9Sstevel@tonic-gate goto out; 9807c478bd9Sstevel@tonic-gate } 9817c478bd9Sstevel@tonic-gate 9827c478bd9Sstevel@tonic-gate /* It is the PROV_KEF_SOFT type now */ 9837c478bd9Sstevel@tonic-gate 9847c478bd9Sstevel@tonic-gate /* check if there are mechanism operands */ 9857c478bd9Sstevel@tonic-gate if (argc < 4) { 9867c478bd9Sstevel@tonic-gate /* 9870a85b835SDaniel Anderson * TRANSLATION_NOTE 9887c478bd9Sstevel@tonic-gate * "mechanism" could be either a literal keyword and hence 9897c478bd9Sstevel@tonic-gate * not to be translated, or a descriptive word and 9907c478bd9Sstevel@tonic-gate * translatable. A choice was made to view it as a literal 9917c478bd9Sstevel@tonic-gate * keyword. 9927c478bd9Sstevel@tonic-gate */ 9937c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, 9947c478bd9Sstevel@tonic-gate gettext("need %s operands for installing a" 9957c478bd9Sstevel@tonic-gate " kernel software provider."), "mechanism"); 9967c478bd9Sstevel@tonic-gate rc = ERROR_USAGE; 9977c478bd9Sstevel@tonic-gate goto out; 9987c478bd9Sstevel@tonic-gate } 9997c478bd9Sstevel@tonic-gate 10007c478bd9Sstevel@tonic-gate if ((rc = process_mech_operands(argc, argv, B_FALSE)) != SUCCESS) { 10017c478bd9Sstevel@tonic-gate goto out; 10027c478bd9Sstevel@tonic-gate } 10037c478bd9Sstevel@tonic-gate 10047c478bd9Sstevel@tonic-gate if (allflag == B_TRUE) { 10057c478bd9Sstevel@tonic-gate /* 10060a85b835SDaniel Anderson * TRANSLATION_NOTE 10077c478bd9Sstevel@tonic-gate * "all", "mechanism", and "install" are all keywords and 10087c478bd9Sstevel@tonic-gate * not to be translated. 10097c478bd9Sstevel@tonic-gate */ 10107c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, 10117c478bd9Sstevel@tonic-gate gettext("can not use the %1$s keyword for %2$s " 10127c478bd9Sstevel@tonic-gate "in the %3$s subcommand."), "all", "mechanism", "install"); 10137c478bd9Sstevel@tonic-gate rc = ERROR_USAGE; 10147c478bd9Sstevel@tonic-gate goto out; 10157c478bd9Sstevel@tonic-gate } 10167c478bd9Sstevel@tonic-gate 10177c478bd9Sstevel@tonic-gate if (getzoneid() == GLOBAL_ZONEID) { 10187c478bd9Sstevel@tonic-gate rc = install_kef(prov->cp_name, mecharglist); 10197c478bd9Sstevel@tonic-gate } else { 10207c478bd9Sstevel@tonic-gate /* 10210a85b835SDaniel Anderson * TRANSLATION_NOTE 10227c478bd9Sstevel@tonic-gate * "install" could be either a literal keyword and hence 10237c478bd9Sstevel@tonic-gate * not to be translated, or a verb and translatable. A 10247c478bd9Sstevel@tonic-gate * choice was made to view it as a literal keyword. 10257c478bd9Sstevel@tonic-gate * "global" is keyword and not to be translated. 10267c478bd9Sstevel@tonic-gate */ 10277c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("%1$s for kernel providers " 10287c478bd9Sstevel@tonic-gate "is supported in the %2$s zone only"), "install", "global"); 10297c478bd9Sstevel@tonic-gate rc = FAILURE; 10307c478bd9Sstevel@tonic-gate } 10317c478bd9Sstevel@tonic-gate out: 10327c478bd9Sstevel@tonic-gate free(prov); 10337c478bd9Sstevel@tonic-gate return (rc); 10347c478bd9Sstevel@tonic-gate } 10357c478bd9Sstevel@tonic-gate 10367c478bd9Sstevel@tonic-gate 10377c478bd9Sstevel@tonic-gate 10387c478bd9Sstevel@tonic-gate /* 10391b22764fSDaniel OpenSolaris Anderson * The top level function for the "cryptoadm uninstall" subcommand. 10407c478bd9Sstevel@tonic-gate */ 10417c478bd9Sstevel@tonic-gate static int 10427c478bd9Sstevel@tonic-gate do_uninstall(int argc, char **argv) 10437c478bd9Sstevel@tonic-gate { 10447c478bd9Sstevel@tonic-gate cryptoadm_provider_t *prov = NULL; 10457c478bd9Sstevel@tonic-gate int rc = SUCCESS; 10467c478bd9Sstevel@tonic-gate 10477c478bd9Sstevel@tonic-gate if (argc != 3) { 10487c478bd9Sstevel@tonic-gate usage(); 10497c478bd9Sstevel@tonic-gate return (ERROR_USAGE); 10507c478bd9Sstevel@tonic-gate } 10517c478bd9Sstevel@tonic-gate 10527c478bd9Sstevel@tonic-gate prov = get_provider(argc, argv); 10537c478bd9Sstevel@tonic-gate if (prov == NULL || 10547c478bd9Sstevel@tonic-gate prov->cp_type == PROV_BADNAME || prov->cp_type == PROV_KEF_HARD) { 10557c478bd9Sstevel@tonic-gate /* 10560a85b835SDaniel Anderson * TRANSLATION_NOTE 10577c478bd9Sstevel@tonic-gate * "uninstall" could be either a literal keyword and hence 10587c478bd9Sstevel@tonic-gate * not to be translated, or a verb and translatable. A 10597c478bd9Sstevel@tonic-gate * choice was made to view it as a literal keyword. 10607c478bd9Sstevel@tonic-gate */ 10617c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, 10627c478bd9Sstevel@tonic-gate gettext("bad provider name for %s."), "uninstall"); 10637c478bd9Sstevel@tonic-gate free(prov); 10647c478bd9Sstevel@tonic-gate return (FAILURE); 10657c478bd9Sstevel@tonic-gate } 10667c478bd9Sstevel@tonic-gate 10677c478bd9Sstevel@tonic-gate if (prov->cp_type == PROV_UEF_LIB) { 10687c478bd9Sstevel@tonic-gate rc = uninstall_uef_lib(prov->cp_name); 10691b22764fSDaniel OpenSolaris Anderson 10707c478bd9Sstevel@tonic-gate } else if (prov->cp_type == PROV_KEF_SOFT) { 10717c478bd9Sstevel@tonic-gate if (getzoneid() == GLOBAL_ZONEID) { 10721b22764fSDaniel OpenSolaris Anderson /* unload and remove from kcf.conf */ 10737c478bd9Sstevel@tonic-gate rc = uninstall_kef(prov->cp_name); 10747c478bd9Sstevel@tonic-gate } else { 10757c478bd9Sstevel@tonic-gate /* 10760a85b835SDaniel Anderson * TRANSLATION_NOTE 10777c478bd9Sstevel@tonic-gate * "uninstall" could be either a literal keyword and 10787c478bd9Sstevel@tonic-gate * hence not to be translated, or a verb and 10797c478bd9Sstevel@tonic-gate * translatable. A choice was made to view it as a 10807c478bd9Sstevel@tonic-gate * literal keyword. "global" is keyword and not to 10817c478bd9Sstevel@tonic-gate * be translated. 10827c478bd9Sstevel@tonic-gate */ 10837c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("%1$s for kernel " 10847c478bd9Sstevel@tonic-gate "providers is supported in the %2$s zone only"), 10857c478bd9Sstevel@tonic-gate "uninstall", "global"); 10867c478bd9Sstevel@tonic-gate rc = FAILURE; 10877c478bd9Sstevel@tonic-gate } 10887c478bd9Sstevel@tonic-gate } 10897c478bd9Sstevel@tonic-gate 10907c478bd9Sstevel@tonic-gate free(prov); 10917c478bd9Sstevel@tonic-gate return (rc); 10927c478bd9Sstevel@tonic-gate } 10937c478bd9Sstevel@tonic-gate 10947c478bd9Sstevel@tonic-gate 10957c478bd9Sstevel@tonic-gate /* 10961b22764fSDaniel OpenSolaris Anderson * The top level function for the "cryptoadm unload" subcommand. 10977c478bd9Sstevel@tonic-gate */ 10987c478bd9Sstevel@tonic-gate static int 10997c478bd9Sstevel@tonic-gate do_unload(int argc, char **argv) 11007c478bd9Sstevel@tonic-gate { 11017c478bd9Sstevel@tonic-gate cryptoadm_provider_t *prov = NULL; 11021b22764fSDaniel OpenSolaris Anderson entry_t *pent = NULL; 11031b22764fSDaniel OpenSolaris Anderson boolean_t in_kernel = B_FALSE; 11047c478bd9Sstevel@tonic-gate int rc = SUCCESS; 11051b22764fSDaniel OpenSolaris Anderson char *provname = NULL; 11067c478bd9Sstevel@tonic-gate 11077c478bd9Sstevel@tonic-gate if (argc != 3) { 11087c478bd9Sstevel@tonic-gate usage(); 11097c478bd9Sstevel@tonic-gate return (ERROR_USAGE); 11107c478bd9Sstevel@tonic-gate } 11117c478bd9Sstevel@tonic-gate 11127c478bd9Sstevel@tonic-gate /* check if it is a kernel software provider */ 11137c478bd9Sstevel@tonic-gate prov = get_provider(argc, argv); 11147c478bd9Sstevel@tonic-gate if (prov == NULL) { 11157c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, 11167c478bd9Sstevel@tonic-gate gettext("unable to determine provider name.")); 11177c478bd9Sstevel@tonic-gate goto out; 11187c478bd9Sstevel@tonic-gate } 11191b22764fSDaniel OpenSolaris Anderson provname = prov->cp_name; 11207c478bd9Sstevel@tonic-gate if (prov->cp_type != PROV_KEF_SOFT) { 11217c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, 11227c478bd9Sstevel@tonic-gate gettext("%s is not a valid kernel software provider."), 11231b22764fSDaniel OpenSolaris Anderson provname); 11247c478bd9Sstevel@tonic-gate rc = FAILURE; 11257c478bd9Sstevel@tonic-gate goto out; 11267c478bd9Sstevel@tonic-gate } 11277c478bd9Sstevel@tonic-gate 11287c478bd9Sstevel@tonic-gate if (getzoneid() != GLOBAL_ZONEID) { 11297c478bd9Sstevel@tonic-gate /* 11300a85b835SDaniel Anderson * TRANSLATION_NOTE 11317c478bd9Sstevel@tonic-gate * "unload" could be either a literal keyword and hence 11327c478bd9Sstevel@tonic-gate * not to be translated, or a verb and translatable. 11337c478bd9Sstevel@tonic-gate * A choice was made to view it as a literal keyword. 11347c478bd9Sstevel@tonic-gate * "global" is keyword and not to be translated. 11357c478bd9Sstevel@tonic-gate */ 11367c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("%1$s for kernel providers " 11377c478bd9Sstevel@tonic-gate "is supported in the %2$s zone only"), "unload", "global"); 11387c478bd9Sstevel@tonic-gate rc = FAILURE; 11397c478bd9Sstevel@tonic-gate goto out; 11407c478bd9Sstevel@tonic-gate } 11417c478bd9Sstevel@tonic-gate 11421b22764fSDaniel OpenSolaris Anderson if (check_kernel_for_soft(provname, NULL, &in_kernel) == FAILURE) { 11431b22764fSDaniel OpenSolaris Anderson cryptodebug("internal error"); 11441b22764fSDaniel OpenSolaris Anderson rc = FAILURE; 11451b22764fSDaniel OpenSolaris Anderson goto out; 11461b22764fSDaniel OpenSolaris Anderson } else if (in_kernel == B_FALSE) { 11477c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, 11481b22764fSDaniel OpenSolaris Anderson gettext("provider %s is not loaded or does not exist."), 11491b22764fSDaniel OpenSolaris Anderson provname); 11507c478bd9Sstevel@tonic-gate rc = FAILURE; 11517c478bd9Sstevel@tonic-gate goto out; 11527c478bd9Sstevel@tonic-gate } 11531b22764fSDaniel OpenSolaris Anderson 11541b22764fSDaniel OpenSolaris Anderson /* Get kcf.conf entry. If none, build a new entry */ 1155d616ad8eSHai-May Chao if ((pent = getent_kef(provname, NULL, NULL)) == NULL) { 11561b22764fSDaniel OpenSolaris Anderson if ((pent = create_entry(provname)) == NULL) { 11571b22764fSDaniel OpenSolaris Anderson cryptoerror(LOG_STDERR, gettext("out of memory.")); 11581b22764fSDaniel OpenSolaris Anderson rc = FAILURE; 11591b22764fSDaniel OpenSolaris Anderson goto out; 11601b22764fSDaniel OpenSolaris Anderson } 11611b22764fSDaniel OpenSolaris Anderson } 11627c478bd9Sstevel@tonic-gate 11637c478bd9Sstevel@tonic-gate /* If it is unloaded already, return */ 11641b22764fSDaniel OpenSolaris Anderson if (!pent->load) { /* unloaded already */ 11657c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, 11661b22764fSDaniel OpenSolaris Anderson gettext("failed to unload %s."), provname); 11677c478bd9Sstevel@tonic-gate rc = FAILURE; 11687c478bd9Sstevel@tonic-gate goto out; 11691b22764fSDaniel OpenSolaris Anderson } else if (unload_kef_soft(provname) != FAILURE) { 11701b22764fSDaniel OpenSolaris Anderson /* Mark as unloaded in kcf.conf */ 11711b22764fSDaniel OpenSolaris Anderson pent->load = B_FALSE; 11721b22764fSDaniel OpenSolaris Anderson rc = update_kcfconf(pent, MODIFY_MODE); 11737c478bd9Sstevel@tonic-gate } else { 11741b22764fSDaniel OpenSolaris Anderson cryptoerror(LOG_STDERR, 11751b22764fSDaniel OpenSolaris Anderson gettext("failed to unload %s."), provname); 11761b22764fSDaniel OpenSolaris Anderson rc = FAILURE; 11777c478bd9Sstevel@tonic-gate } 11787c478bd9Sstevel@tonic-gate out: 11797c478bd9Sstevel@tonic-gate free(prov); 11801b22764fSDaniel OpenSolaris Anderson free_entry(pent); 11817c478bd9Sstevel@tonic-gate return (rc); 11827c478bd9Sstevel@tonic-gate } 11837c478bd9Sstevel@tonic-gate 11847c478bd9Sstevel@tonic-gate 11857c478bd9Sstevel@tonic-gate 11867c478bd9Sstevel@tonic-gate /* 11871b22764fSDaniel OpenSolaris Anderson * The top level function for the "cryptoadm refresh" subcommand. 11887c478bd9Sstevel@tonic-gate */ 11897c478bd9Sstevel@tonic-gate static int 11907c478bd9Sstevel@tonic-gate do_refresh(int argc) 11917c478bd9Sstevel@tonic-gate { 11927c478bd9Sstevel@tonic-gate if (argc != 2) { 11937c478bd9Sstevel@tonic-gate usage(); 11947c478bd9Sstevel@tonic-gate return (ERROR_USAGE); 11957c478bd9Sstevel@tonic-gate } 11967c478bd9Sstevel@tonic-gate 11971b22764fSDaniel OpenSolaris Anderson if (getzoneid() == GLOBAL_ZONEID) { 11981b22764fSDaniel OpenSolaris Anderson return (refresh()); 11991b22764fSDaniel OpenSolaris Anderson } else { /* non-global zone */ 12007c478bd9Sstevel@tonic-gate /* 12017c478bd9Sstevel@tonic-gate * Note: in non-global zone, this must silently return SUCCESS 12027c478bd9Sstevel@tonic-gate * due to integration with SMF, for "svcadm refresh cryptosvc" 12037c478bd9Sstevel@tonic-gate */ 12047c478bd9Sstevel@tonic-gate return (SUCCESS); 12051b22764fSDaniel OpenSolaris Anderson } 12067c478bd9Sstevel@tonic-gate } 12077c478bd9Sstevel@tonic-gate 12087c478bd9Sstevel@tonic-gate 12097c478bd9Sstevel@tonic-gate /* 12101b22764fSDaniel OpenSolaris Anderson * The top level function for the "cryptoadm start" subcommand. 1211*6ea3c060SGarrett D'Amore * This used to start up kcfd, but now all it does is load up the 1212*6ea3c060SGarrett D'Amore * initial providers. 12137c478bd9Sstevel@tonic-gate */ 12147c478bd9Sstevel@tonic-gate static int 12157c478bd9Sstevel@tonic-gate do_start(int argc) 12167c478bd9Sstevel@tonic-gate { 12177c478bd9Sstevel@tonic-gate if (argc != 2) { 12187c478bd9Sstevel@tonic-gate usage(); 12197c478bd9Sstevel@tonic-gate return (ERROR_USAGE); 12207c478bd9Sstevel@tonic-gate } 12217c478bd9Sstevel@tonic-gate 1222*6ea3c060SGarrett D'Amore return (do_refresh(argc)); 12237c478bd9Sstevel@tonic-gate } 12247c478bd9Sstevel@tonic-gate 12257c478bd9Sstevel@tonic-gate /* 12261b22764fSDaniel OpenSolaris Anderson * The top level function for the "cryptoadm stop" subcommand. 1227*6ea3c060SGarrett D'Amore * This no longer does anything useful, but we leave it here 1228*6ea3c060SGarrett D'Amore * for compatibility. 12297c478bd9Sstevel@tonic-gate */ 12307c478bd9Sstevel@tonic-gate static int 12317c478bd9Sstevel@tonic-gate do_stop(int argc) 12327c478bd9Sstevel@tonic-gate { 12337c478bd9Sstevel@tonic-gate if (argc != 2) { 12347c478bd9Sstevel@tonic-gate usage(); 12357c478bd9Sstevel@tonic-gate return (ERROR_USAGE); 12367c478bd9Sstevel@tonic-gate } 12377c478bd9Sstevel@tonic-gate 1238*6ea3c060SGarrett D'Amore return (SUCCESS); 12397c478bd9Sstevel@tonic-gate } 12407c478bd9Sstevel@tonic-gate 12417c478bd9Sstevel@tonic-gate 12427c478bd9Sstevel@tonic-gate 12437c478bd9Sstevel@tonic-gate /* 12441b22764fSDaniel OpenSolaris Anderson * Print a list all the the providers. 12451b22764fSDaniel OpenSolaris Anderson * Called for "cryptoadm list" or "cryptoadm list -v" (no -m or -p). 12467c478bd9Sstevel@tonic-gate */ 12477c478bd9Sstevel@tonic-gate static int 12487c478bd9Sstevel@tonic-gate list_simple_for_all(boolean_t verbose) 12497c478bd9Sstevel@tonic-gate { 12501b22764fSDaniel OpenSolaris Anderson uentrylist_t *pliblist = NULL; 12511b22764fSDaniel OpenSolaris Anderson uentrylist_t *plibptr = NULL; 12521b22764fSDaniel OpenSolaris Anderson entry_t *pent = NULL; 12537c478bd9Sstevel@tonic-gate crypto_get_dev_list_t *pdevlist_kernel = NULL; 12541b22764fSDaniel OpenSolaris Anderson int rc = SUCCESS; 12557c478bd9Sstevel@tonic-gate int i; 12567c478bd9Sstevel@tonic-gate 12577c478bd9Sstevel@tonic-gate /* get user-level providers */ 12587c478bd9Sstevel@tonic-gate (void) printf(gettext("\nUser-level providers:\n")); 12597c478bd9Sstevel@tonic-gate if (get_pkcs11conf_info(&pliblist) != SUCCESS) { 12607c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext( 12617c478bd9Sstevel@tonic-gate "failed to retrieve the list of user-level providers.")); 12621b22764fSDaniel OpenSolaris Anderson rc = FAILURE; 12637c478bd9Sstevel@tonic-gate } 12641b22764fSDaniel OpenSolaris Anderson 12651b22764fSDaniel OpenSolaris Anderson for (plibptr = pliblist; plibptr != NULL; plibptr = plibptr->next) { 1266d616ad8eSHai-May Chao /* skip metaslot and fips-140 entry */ 1267d616ad8eSHai-May Chao if ((strcmp(plibptr->puent->name, METASLOT_KEYWORD) != 0) && 1268d616ad8eSHai-May Chao (strcmp(plibptr->puent->name, FIPS_KEYWORD) != 0)) { 12697c478bd9Sstevel@tonic-gate (void) printf(gettext("Provider: %s\n"), 12707c478bd9Sstevel@tonic-gate plibptr->puent->name); 12717c478bd9Sstevel@tonic-gate if (verbose) { 12727c478bd9Sstevel@tonic-gate (void) list_mechlist_for_lib( 12737c478bd9Sstevel@tonic-gate plibptr->puent->name, mecharglist, NULL, 12747c478bd9Sstevel@tonic-gate B_FALSE, verbose, B_FALSE); 12757c478bd9Sstevel@tonic-gate (void) printf("\n"); 12767c478bd9Sstevel@tonic-gate } 12777c478bd9Sstevel@tonic-gate } 12787c478bd9Sstevel@tonic-gate } 12797c478bd9Sstevel@tonic-gate free_uentrylist(pliblist); 12807c478bd9Sstevel@tonic-gate 12817c478bd9Sstevel@tonic-gate /* get kernel software providers */ 12827c478bd9Sstevel@tonic-gate (void) printf(gettext("\nKernel software providers:\n")); 12837c478bd9Sstevel@tonic-gate 12847c478bd9Sstevel@tonic-gate if (getzoneid() == GLOBAL_ZONEID) { 12851b22764fSDaniel OpenSolaris Anderson /* get kernel software providers from kernel ioctl */ 12861b22764fSDaniel OpenSolaris Anderson crypto_get_soft_list_t *psoftlist_kernel = NULL; 12871b22764fSDaniel OpenSolaris Anderson uint_t sl_soft_count; 12881b22764fSDaniel OpenSolaris Anderson char *psoftname; 12891b22764fSDaniel OpenSolaris Anderson entrylist_t *pdevlist_conf = NULL; 12901b22764fSDaniel OpenSolaris Anderson entrylist_t *psoftlist_conf = NULL; 12917c478bd9Sstevel@tonic-gate 12921b22764fSDaniel OpenSolaris Anderson if (get_soft_list(&psoftlist_kernel) == FAILURE) { 12931b22764fSDaniel OpenSolaris Anderson cryptoerror(LOG_ERR, gettext("Failed to retrieve the " 12941b22764fSDaniel OpenSolaris Anderson "software provider list from kernel.")); 12951b22764fSDaniel OpenSolaris Anderson rc = FAILURE; 12967c478bd9Sstevel@tonic-gate } else { 12971b22764fSDaniel OpenSolaris Anderson sl_soft_count = psoftlist_kernel->sl_soft_count; 12987c478bd9Sstevel@tonic-gate 1299d616ad8eSHai-May Chao if (get_kcfconf_info(&pdevlist_conf, &psoftlist_conf) 1300d616ad8eSHai-May Chao == FAILURE) { 13011b22764fSDaniel OpenSolaris Anderson cryptoerror(LOG_ERR, 13021b22764fSDaniel OpenSolaris Anderson "failed to retrieve the providers' " 13031b22764fSDaniel OpenSolaris Anderson "information from file kcf.conf - %s.", 13041b22764fSDaniel OpenSolaris Anderson _PATH_KCF_CONF); 13051b22764fSDaniel OpenSolaris Anderson free(psoftlist_kernel); 13061b22764fSDaniel OpenSolaris Anderson rc = FAILURE; 13071b22764fSDaniel OpenSolaris Anderson } else { 13081b22764fSDaniel OpenSolaris Anderson 13091b22764fSDaniel OpenSolaris Anderson for (i = 0, 13101b22764fSDaniel OpenSolaris Anderson psoftname = psoftlist_kernel->sl_soft_names; 13111b22764fSDaniel OpenSolaris Anderson i < sl_soft_count; 13121b22764fSDaniel OpenSolaris Anderson ++i, psoftname += strlen(psoftname) + 1) { 13131b22764fSDaniel OpenSolaris Anderson pent = getent_kef(psoftname, 1314d616ad8eSHai-May Chao pdevlist_conf, psoftlist_conf); 13151b22764fSDaniel OpenSolaris Anderson (void) printf("\t%s%s\n", psoftname, 13161b22764fSDaniel OpenSolaris Anderson (pent == NULL) || (pent->load) ? 13171b22764fSDaniel OpenSolaris Anderson "" : gettext(" (inactive)")); 13181b22764fSDaniel OpenSolaris Anderson } 13197c478bd9Sstevel@tonic-gate free_entrylist(pdevlist_conf); 13207c478bd9Sstevel@tonic-gate free_entrylist(psoftlist_conf); 13211b22764fSDaniel OpenSolaris Anderson } 13221b22764fSDaniel OpenSolaris Anderson free(psoftlist_kernel); 13231b22764fSDaniel OpenSolaris Anderson } 13241b22764fSDaniel OpenSolaris Anderson 13257c478bd9Sstevel@tonic-gate } else { 13267c478bd9Sstevel@tonic-gate /* kcf.conf not there in non-global zone, use /dev/cryptoadm */ 13271b22764fSDaniel OpenSolaris Anderson entrylist_t *pdevlist_zone = NULL; 13281b22764fSDaniel OpenSolaris Anderson entrylist_t *psoftlist_zone = NULL; 13291b22764fSDaniel OpenSolaris Anderson entrylist_t *ptr; 13307c478bd9Sstevel@tonic-gate 13317c478bd9Sstevel@tonic-gate if (get_admindev_info(&pdevlist_zone, &psoftlist_zone) != 13327c478bd9Sstevel@tonic-gate SUCCESS) { 13337c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, 13347c478bd9Sstevel@tonic-gate gettext("failed to retrieve the " 13357c478bd9Sstevel@tonic-gate "list of kernel software providers.\n")); 13361b22764fSDaniel OpenSolaris Anderson rc = FAILURE; 13377c478bd9Sstevel@tonic-gate } 13387c478bd9Sstevel@tonic-gate 13397c478bd9Sstevel@tonic-gate ptr = psoftlist_zone; 13407c478bd9Sstevel@tonic-gate while (ptr != NULL) { 13417c478bd9Sstevel@tonic-gate (void) printf("\t%s\n", ptr->pent->name); 13427c478bd9Sstevel@tonic-gate ptr = ptr->next; 13437c478bd9Sstevel@tonic-gate } 13447c478bd9Sstevel@tonic-gate 13457c478bd9Sstevel@tonic-gate free_entrylist(pdevlist_zone); 13467c478bd9Sstevel@tonic-gate free_entrylist(psoftlist_zone); 13477c478bd9Sstevel@tonic-gate } 13487c478bd9Sstevel@tonic-gate 13497c478bd9Sstevel@tonic-gate /* get kernel hardware providers */ 13507c478bd9Sstevel@tonic-gate (void) printf(gettext("\nKernel hardware providers:\n")); 13517c478bd9Sstevel@tonic-gate if (get_dev_list(&pdevlist_kernel) == FAILURE) { 13527c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("failed to retrieve " 13537c478bd9Sstevel@tonic-gate "the list of kernel hardware providers.\n")); 13541b22764fSDaniel OpenSolaris Anderson rc = FAILURE; 13557c478bd9Sstevel@tonic-gate } else { 13567c478bd9Sstevel@tonic-gate for (i = 0; i < pdevlist_kernel->dl_dev_count; i++) { 13577c478bd9Sstevel@tonic-gate (void) printf("\t%s/%d\n", 13587c478bd9Sstevel@tonic-gate pdevlist_kernel->dl_devs[i].le_dev_name, 13597c478bd9Sstevel@tonic-gate pdevlist_kernel->dl_devs[i].le_dev_instance); 13607c478bd9Sstevel@tonic-gate } 13617c478bd9Sstevel@tonic-gate } 13627c478bd9Sstevel@tonic-gate free(pdevlist_kernel); 13637c478bd9Sstevel@tonic-gate 13641b22764fSDaniel OpenSolaris Anderson return (rc); 13657c478bd9Sstevel@tonic-gate } 13667c478bd9Sstevel@tonic-gate 13677c478bd9Sstevel@tonic-gate 13687c478bd9Sstevel@tonic-gate 13697c478bd9Sstevel@tonic-gate /* 13707c478bd9Sstevel@tonic-gate * List all the providers. And for each provider, list the mechanism list. 13711b22764fSDaniel OpenSolaris Anderson * Called for "cryptoadm list -m" or "cryptoadm list -mv" . 13727c478bd9Sstevel@tonic-gate */ 13737c478bd9Sstevel@tonic-gate static int 13747c478bd9Sstevel@tonic-gate list_mechlist_for_all(boolean_t verbose) 13757c478bd9Sstevel@tonic-gate { 13761b22764fSDaniel OpenSolaris Anderson crypto_get_dev_list_t *pdevlist_kernel = NULL; 13771b22764fSDaniel OpenSolaris Anderson uentrylist_t *pliblist = NULL; 13781b22764fSDaniel OpenSolaris Anderson uentrylist_t *plibptr = NULL; 13791b22764fSDaniel OpenSolaris Anderson entry_t *pent = NULL; 13801b22764fSDaniel OpenSolaris Anderson mechlist_t *pmechlist = NULL; 13817c478bd9Sstevel@tonic-gate char provname[MAXNAMELEN]; 13827c478bd9Sstevel@tonic-gate char devname[MAXNAMELEN]; 13837c478bd9Sstevel@tonic-gate int inst_num; 13847c478bd9Sstevel@tonic-gate int count; 13857c478bd9Sstevel@tonic-gate int i; 13867c478bd9Sstevel@tonic-gate int rv; 13877c478bd9Sstevel@tonic-gate int rc = SUCCESS; 13887c478bd9Sstevel@tonic-gate 13897c478bd9Sstevel@tonic-gate /* get user-level providers */ 13907c478bd9Sstevel@tonic-gate (void) printf(gettext("\nUser-level providers:\n")); 13917c478bd9Sstevel@tonic-gate /* 13920a85b835SDaniel Anderson * TRANSLATION_NOTE 13937c478bd9Sstevel@tonic-gate * Strictly for appearance's sake, this line should be as long as 13947c478bd9Sstevel@tonic-gate * the length of the translated text above. 13957c478bd9Sstevel@tonic-gate */ 13967c478bd9Sstevel@tonic-gate (void) printf(gettext("=====================\n")); 13977c478bd9Sstevel@tonic-gate if (get_pkcs11conf_info(&pliblist) != SUCCESS) { 13987c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("failed to retrieve " 13997c478bd9Sstevel@tonic-gate "the list of user-level providers.\n")); 14007c478bd9Sstevel@tonic-gate rc = FAILURE; 14017c478bd9Sstevel@tonic-gate } 14027c478bd9Sstevel@tonic-gate 14037c478bd9Sstevel@tonic-gate plibptr = pliblist; 14047c478bd9Sstevel@tonic-gate while (plibptr != NULL) { 1405d616ad8eSHai-May Chao /* skip metaslot and fips-140 entry */ 1406d616ad8eSHai-May Chao if ((strcmp(plibptr->puent->name, METASLOT_KEYWORD) != 0) && 1407d616ad8eSHai-May Chao (strcmp(plibptr->puent->name, FIPS_KEYWORD) != 0)) { 14087c478bd9Sstevel@tonic-gate (void) printf(gettext("\nProvider: %s\n"), 14097c478bd9Sstevel@tonic-gate plibptr->puent->name); 14107c478bd9Sstevel@tonic-gate rv = list_mechlist_for_lib(plibptr->puent->name, 14117c478bd9Sstevel@tonic-gate mecharglist, NULL, B_FALSE, verbose, B_TRUE); 14127c478bd9Sstevel@tonic-gate if (rv == FAILURE) { 14137c478bd9Sstevel@tonic-gate rc = FAILURE; 14147c478bd9Sstevel@tonic-gate } 14157c478bd9Sstevel@tonic-gate } 14167c478bd9Sstevel@tonic-gate plibptr = plibptr->next; 14177c478bd9Sstevel@tonic-gate } 14187c478bd9Sstevel@tonic-gate free_uentrylist(pliblist); 14197c478bd9Sstevel@tonic-gate 14207c478bd9Sstevel@tonic-gate /* get kernel software providers */ 14217c478bd9Sstevel@tonic-gate (void) printf(gettext("\nKernel software providers:\n")); 14221b22764fSDaniel OpenSolaris Anderson 14237c478bd9Sstevel@tonic-gate /* 14240a85b835SDaniel Anderson * TRANSLATION_NOTE 14257c478bd9Sstevel@tonic-gate * Strictly for appearance's sake, this line should be as long as 14267c478bd9Sstevel@tonic-gate * the length of the translated text above. 14277c478bd9Sstevel@tonic-gate */ 14287c478bd9Sstevel@tonic-gate (void) printf(gettext("==========================\n")); 14297c478bd9Sstevel@tonic-gate if (getzoneid() == GLOBAL_ZONEID) { 14301b22764fSDaniel OpenSolaris Anderson /* get kernel software providers from kernel ioctl */ 14311b22764fSDaniel OpenSolaris Anderson crypto_get_soft_list_t *psoftlist_kernel = NULL; 14321b22764fSDaniel OpenSolaris Anderson uint_t sl_soft_count; 14331b22764fSDaniel OpenSolaris Anderson char *psoftname; 14341b22764fSDaniel OpenSolaris Anderson int i; 14351b22764fSDaniel OpenSolaris Anderson entrylist_t *pdevlist_conf = NULL; 14361b22764fSDaniel OpenSolaris Anderson entrylist_t *psoftlist_conf = NULL; 14377c478bd9Sstevel@tonic-gate 14381b22764fSDaniel OpenSolaris Anderson if (get_soft_list(&psoftlist_kernel) == FAILURE) { 14391b22764fSDaniel OpenSolaris Anderson cryptoerror(LOG_ERR, gettext("Failed to retrieve the " 14401b22764fSDaniel OpenSolaris Anderson "software provider list from kernel.")); 14411b22764fSDaniel OpenSolaris Anderson return (FAILURE); 14421b22764fSDaniel OpenSolaris Anderson } 14431b22764fSDaniel OpenSolaris Anderson sl_soft_count = psoftlist_kernel->sl_soft_count; 14441b22764fSDaniel OpenSolaris Anderson 1445d616ad8eSHai-May Chao if (get_kcfconf_info(&pdevlist_conf, &psoftlist_conf) 1446d616ad8eSHai-May Chao == FAILURE) { 14471b22764fSDaniel OpenSolaris Anderson cryptoerror(LOG_ERR, 14481b22764fSDaniel OpenSolaris Anderson "failed to retrieve the providers' " 14491b22764fSDaniel OpenSolaris Anderson "information from file kcf.conf - %s.", 14501b22764fSDaniel OpenSolaris Anderson _PATH_KCF_CONF); 14511b22764fSDaniel OpenSolaris Anderson free(psoftlist_kernel); 14521b22764fSDaniel OpenSolaris Anderson return (FAILURE); 14537c478bd9Sstevel@tonic-gate } 14547c478bd9Sstevel@tonic-gate 14551b22764fSDaniel OpenSolaris Anderson for (i = 0, psoftname = psoftlist_kernel->sl_soft_names; 14561b22764fSDaniel OpenSolaris Anderson i < sl_soft_count; 14571b22764fSDaniel OpenSolaris Anderson ++i, psoftname += strlen(psoftname) + 1) { 14581b22764fSDaniel OpenSolaris Anderson pent = getent_kef(psoftname, pdevlist_conf, 1459d616ad8eSHai-May Chao psoftlist_conf); 14601b22764fSDaniel OpenSolaris Anderson if ((pent == NULL) || (pent->load)) { 14611b22764fSDaniel OpenSolaris Anderson rv = list_mechlist_for_soft(psoftname, 1462d616ad8eSHai-May Chao NULL, NULL); 14637c478bd9Sstevel@tonic-gate if (rv == FAILURE) { 14647c478bd9Sstevel@tonic-gate rc = FAILURE; 14657c478bd9Sstevel@tonic-gate } 14667c478bd9Sstevel@tonic-gate } else { 14671b22764fSDaniel OpenSolaris Anderson (void) printf(gettext("%s: (inactive)\n"), 14681b22764fSDaniel OpenSolaris Anderson psoftname); 14697c478bd9Sstevel@tonic-gate } 14707c478bd9Sstevel@tonic-gate } 14717c478bd9Sstevel@tonic-gate 14721b22764fSDaniel OpenSolaris Anderson free(psoftlist_kernel); 14737c478bd9Sstevel@tonic-gate free_entrylist(pdevlist_conf); 14747c478bd9Sstevel@tonic-gate free_entrylist(psoftlist_conf); 14751b22764fSDaniel OpenSolaris Anderson 14767c478bd9Sstevel@tonic-gate } else { 14777c478bd9Sstevel@tonic-gate /* kcf.conf not there in non-global zone, use /dev/cryptoadm */ 14781b22764fSDaniel OpenSolaris Anderson entrylist_t *pdevlist_zone = NULL; 14791b22764fSDaniel OpenSolaris Anderson entrylist_t *psoftlist_zone = NULL; 14801b22764fSDaniel OpenSolaris Anderson entrylist_t *ptr; 14817c478bd9Sstevel@tonic-gate 14827c478bd9Sstevel@tonic-gate if (get_admindev_info(&pdevlist_zone, &psoftlist_zone) != 14837c478bd9Sstevel@tonic-gate SUCCESS) { 14847c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("failed to retrieve " 14857c478bd9Sstevel@tonic-gate "the list of kernel software providers.\n")); 14867c478bd9Sstevel@tonic-gate rc = FAILURE; 14877c478bd9Sstevel@tonic-gate } 14887c478bd9Sstevel@tonic-gate 14891b22764fSDaniel OpenSolaris Anderson for (ptr = psoftlist_zone; ptr != NULL; ptr = ptr->next) { 14901b22764fSDaniel OpenSolaris Anderson rv = list_mechlist_for_soft(ptr->pent->name, 1491d616ad8eSHai-May Chao pdevlist_zone, psoftlist_zone); 14927c478bd9Sstevel@tonic-gate if (rv == FAILURE) { 14937c478bd9Sstevel@tonic-gate (void) printf(gettext( 14947c478bd9Sstevel@tonic-gate "%s: failed to get the mechanism list.\n"), 14957c478bd9Sstevel@tonic-gate ptr->pent->name); 14967c478bd9Sstevel@tonic-gate rc = FAILURE; 14977c478bd9Sstevel@tonic-gate } 14987c478bd9Sstevel@tonic-gate } 14997c478bd9Sstevel@tonic-gate 15007c478bd9Sstevel@tonic-gate free_entrylist(pdevlist_zone); 15017c478bd9Sstevel@tonic-gate free_entrylist(psoftlist_zone); 15027c478bd9Sstevel@tonic-gate } 15037c478bd9Sstevel@tonic-gate 15047c478bd9Sstevel@tonic-gate /* Get kernel hardware providers and their mechanism lists */ 15057c478bd9Sstevel@tonic-gate (void) printf(gettext("\nKernel hardware providers:\n")); 15067c478bd9Sstevel@tonic-gate /* 15070a85b835SDaniel Anderson * TRANSLATION_NOTE 15087c478bd9Sstevel@tonic-gate * Strictly for appearance's sake, this line should be as long as 15097c478bd9Sstevel@tonic-gate * the length of the translated text above. 15107c478bd9Sstevel@tonic-gate */ 15117c478bd9Sstevel@tonic-gate (void) printf(gettext("==========================\n")); 15127c478bd9Sstevel@tonic-gate if (get_dev_list(&pdevlist_kernel) != SUCCESS) { 15137c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("failed to retrieve " 15147c478bd9Sstevel@tonic-gate "the list of hardware providers.\n")); 15157c478bd9Sstevel@tonic-gate return (FAILURE); 15167c478bd9Sstevel@tonic-gate } 15177c478bd9Sstevel@tonic-gate 15187c478bd9Sstevel@tonic-gate for (i = 0; i < pdevlist_kernel->dl_dev_count; i++) { 15197c478bd9Sstevel@tonic-gate (void) strlcpy(devname, 15207c478bd9Sstevel@tonic-gate pdevlist_kernel->dl_devs[i].le_dev_name, MAXNAMELEN); 15217c478bd9Sstevel@tonic-gate inst_num = pdevlist_kernel->dl_devs[i].le_dev_instance; 15227c478bd9Sstevel@tonic-gate count = pdevlist_kernel->dl_devs[i].le_mechanism_count; 15237c478bd9Sstevel@tonic-gate (void) snprintf(provname, sizeof (provname), "%s/%d", devname, 15247c478bd9Sstevel@tonic-gate inst_num); 15257c478bd9Sstevel@tonic-gate if (get_dev_info(devname, inst_num, count, &pmechlist) == 15267c478bd9Sstevel@tonic-gate SUCCESS) { 15277c478bd9Sstevel@tonic-gate (void) filter_mechlist(&pmechlist, RANDOM); 15287c478bd9Sstevel@tonic-gate print_mechlist(provname, pmechlist); 15297c478bd9Sstevel@tonic-gate free_mechlist(pmechlist); 15307c478bd9Sstevel@tonic-gate } else { 15317c478bd9Sstevel@tonic-gate (void) printf(gettext("%s: failed to get the mechanism" 15327c478bd9Sstevel@tonic-gate " list.\n"), provname); 15337c478bd9Sstevel@tonic-gate rc = FAILURE; 15347c478bd9Sstevel@tonic-gate } 15357c478bd9Sstevel@tonic-gate } 15367c478bd9Sstevel@tonic-gate free(pdevlist_kernel); 15377c478bd9Sstevel@tonic-gate return (rc); 15387c478bd9Sstevel@tonic-gate } 15397c478bd9Sstevel@tonic-gate 15407c478bd9Sstevel@tonic-gate 15417c478bd9Sstevel@tonic-gate /* 15427c478bd9Sstevel@tonic-gate * List all the providers. And for each provider, list the policy information. 15431b22764fSDaniel OpenSolaris Anderson * Called for "cryptoadm list -p". 15447c478bd9Sstevel@tonic-gate */ 15457c478bd9Sstevel@tonic-gate static int 15467c478bd9Sstevel@tonic-gate list_policy_for_all(void) 15477c478bd9Sstevel@tonic-gate { 15481b22764fSDaniel OpenSolaris Anderson crypto_get_dev_list_t *pdevlist_kernel = NULL; 15491b22764fSDaniel OpenSolaris Anderson uentrylist_t *pliblist = NULL; 15501b22764fSDaniel OpenSolaris Anderson entrylist_t *pdevlist_conf = NULL; 15511b22764fSDaniel OpenSolaris Anderson entrylist_t *psoftlist_conf = NULL; 15521b22764fSDaniel OpenSolaris Anderson entrylist_t *ptr = NULL; 15531b22764fSDaniel OpenSolaris Anderson entrylist_t *phead = NULL; 15541b22764fSDaniel OpenSolaris Anderson boolean_t found = B_FALSE; 15557c478bd9Sstevel@tonic-gate char provname[MAXNAMELEN]; 15567c478bd9Sstevel@tonic-gate int i; 15577c478bd9Sstevel@tonic-gate int rc = SUCCESS; 15587c478bd9Sstevel@tonic-gate 15597c478bd9Sstevel@tonic-gate /* Get user-level providers */ 15607c478bd9Sstevel@tonic-gate (void) printf(gettext("\nUser-level providers:\n")); 15617c478bd9Sstevel@tonic-gate /* 15620a85b835SDaniel Anderson * TRANSLATION_NOTE 15637c478bd9Sstevel@tonic-gate * Strictly for appearance's sake, this line should be as long as 15647c478bd9Sstevel@tonic-gate * the length of the translated text above. 15657c478bd9Sstevel@tonic-gate */ 15667c478bd9Sstevel@tonic-gate (void) printf(gettext("=====================\n")); 15677c478bd9Sstevel@tonic-gate if (get_pkcs11conf_info(&pliblist) == FAILURE) { 15687c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("failed to retrieve " 15697c478bd9Sstevel@tonic-gate "the list of user-level providers.\n")); 15701b22764fSDaniel OpenSolaris Anderson rc = FAILURE; 15717c478bd9Sstevel@tonic-gate } else { 15721b22764fSDaniel OpenSolaris Anderson uentrylist_t *plibptr = pliblist; 15731b22764fSDaniel OpenSolaris Anderson 15747c478bd9Sstevel@tonic-gate while (plibptr != NULL) { 1575d616ad8eSHai-May Chao /* skip metaslot and fips-140 entry */ 1576d616ad8eSHai-May Chao if ((strcmp(plibptr->puent->name, 1577d616ad8eSHai-May Chao METASLOT_KEYWORD) != 0) && 1578d616ad8eSHai-May Chao (strcmp(plibptr->puent->name, 1579d616ad8eSHai-May Chao FIPS_KEYWORD) != 0)) { 15807c478bd9Sstevel@tonic-gate if (print_uef_policy(plibptr->puent) 15817c478bd9Sstevel@tonic-gate == FAILURE) { 15827c478bd9Sstevel@tonic-gate rc = FAILURE; 15837c478bd9Sstevel@tonic-gate } 15847c478bd9Sstevel@tonic-gate } 15857c478bd9Sstevel@tonic-gate plibptr = plibptr->next; 15867c478bd9Sstevel@tonic-gate } 15877c478bd9Sstevel@tonic-gate free_uentrylist(pliblist); 15887c478bd9Sstevel@tonic-gate } 15897c478bd9Sstevel@tonic-gate 15907c478bd9Sstevel@tonic-gate /* kernel software providers */ 15917c478bd9Sstevel@tonic-gate (void) printf(gettext("\nKernel software providers:\n")); 15927c478bd9Sstevel@tonic-gate /* 15930a85b835SDaniel Anderson * TRANSLATION_NOTE 15947c478bd9Sstevel@tonic-gate * Strictly for appearance's sake, this line should be as long as 15957c478bd9Sstevel@tonic-gate * the length of the translated text above. 15967c478bd9Sstevel@tonic-gate */ 15977c478bd9Sstevel@tonic-gate (void) printf(gettext("==========================\n")); 15987c478bd9Sstevel@tonic-gate 15991b22764fSDaniel OpenSolaris Anderson /* Get all entries from the kernel */ 16007c478bd9Sstevel@tonic-gate if (getzoneid() == GLOBAL_ZONEID) { 16011b22764fSDaniel OpenSolaris Anderson /* get kernel software providers from kernel ioctl */ 16021b22764fSDaniel OpenSolaris Anderson crypto_get_soft_list_t *psoftlist_kernel = NULL; 16031b22764fSDaniel OpenSolaris Anderson uint_t sl_soft_count; 16041b22764fSDaniel OpenSolaris Anderson char *psoftname; 16051b22764fSDaniel OpenSolaris Anderson int i; 16067c478bd9Sstevel@tonic-gate 16071b22764fSDaniel OpenSolaris Anderson if (get_soft_list(&psoftlist_kernel) == FAILURE) { 16081b22764fSDaniel OpenSolaris Anderson cryptoerror(LOG_ERR, gettext("Failed to retrieve the " 16091b22764fSDaniel OpenSolaris Anderson "software provider list from kernel.")); 16101b22764fSDaniel OpenSolaris Anderson rc = FAILURE; 16111b22764fSDaniel OpenSolaris Anderson } else { 16121b22764fSDaniel OpenSolaris Anderson sl_soft_count = psoftlist_kernel->sl_soft_count; 16131b22764fSDaniel OpenSolaris Anderson 16141b22764fSDaniel OpenSolaris Anderson for (i = 0, psoftname = psoftlist_kernel->sl_soft_names; 16151b22764fSDaniel OpenSolaris Anderson i < sl_soft_count; 16161b22764fSDaniel OpenSolaris Anderson ++i, psoftname += strlen(psoftname) + 1) { 16171b22764fSDaniel OpenSolaris Anderson (void) list_policy_for_soft(psoftname, 1618d616ad8eSHai-May Chao pdevlist_conf, psoftlist_conf); 16191b22764fSDaniel OpenSolaris Anderson } 16201b22764fSDaniel OpenSolaris Anderson free(psoftlist_kernel); 16217c478bd9Sstevel@tonic-gate } 16227c478bd9Sstevel@tonic-gate 16237c478bd9Sstevel@tonic-gate } else { 16247c478bd9Sstevel@tonic-gate /* kcf.conf not there in non-global zone, no policy info */ 16257c478bd9Sstevel@tonic-gate 16267c478bd9Sstevel@tonic-gate /* 16270a85b835SDaniel Anderson * TRANSLATION_NOTE 16287c478bd9Sstevel@tonic-gate * "global" is keyword and not to be translated. 16297c478bd9Sstevel@tonic-gate */ 16307c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext( 16317c478bd9Sstevel@tonic-gate "policy information for kernel software providers is " 16327c478bd9Sstevel@tonic-gate "available in the %s zone only"), "global"); 16337c478bd9Sstevel@tonic-gate } 16347c478bd9Sstevel@tonic-gate 16357c478bd9Sstevel@tonic-gate /* Kernel hardware providers */ 16367c478bd9Sstevel@tonic-gate (void) printf(gettext("\nKernel hardware providers:\n")); 16377c478bd9Sstevel@tonic-gate /* 16380a85b835SDaniel Anderson * TRANSLATION_NOTE 16397c478bd9Sstevel@tonic-gate * Strictly for appearance's sake, this line should be as long as 16407c478bd9Sstevel@tonic-gate * the length of the translated text above. 16417c478bd9Sstevel@tonic-gate */ 16427c478bd9Sstevel@tonic-gate (void) printf(gettext("==========================\n")); 16437c478bd9Sstevel@tonic-gate 16447c478bd9Sstevel@tonic-gate if (getzoneid() != GLOBAL_ZONEID) { 16457c478bd9Sstevel@tonic-gate /* 16460a85b835SDaniel Anderson * TRANSLATION_NOTE 16477c478bd9Sstevel@tonic-gate * "global" is keyword and not to be translated. 16487c478bd9Sstevel@tonic-gate */ 16497c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext( 16507c478bd9Sstevel@tonic-gate "policy information for kernel hardware providers is " 16517c478bd9Sstevel@tonic-gate "available in the %s zone only"), "global"); 16527c478bd9Sstevel@tonic-gate return (FAILURE); 16537c478bd9Sstevel@tonic-gate } 16547c478bd9Sstevel@tonic-gate 16557c478bd9Sstevel@tonic-gate /* Get the hardware provider list from kernel */ 16567c478bd9Sstevel@tonic-gate if (get_dev_list(&pdevlist_kernel) != SUCCESS) { 16577c478bd9Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext( 16587c478bd9Sstevel@tonic-gate "failed to retrieve the list of hardware providers.\n")); 16597c478bd9Sstevel@tonic-gate return (FAILURE); 16607c478bd9Sstevel@tonic-gate } 16617c478bd9Sstevel@tonic-gate 1662d616ad8eSHai-May Chao if (get_kcfconf_info(&pdevlist_conf, &psoftlist_conf) == FAILURE) { 16631b22764fSDaniel OpenSolaris Anderson cryptoerror(LOG_ERR, "failed to retrieve the providers' " 16641b22764fSDaniel OpenSolaris Anderson "information from file kcf.conf - %s.", 16651b22764fSDaniel OpenSolaris Anderson _PATH_KCF_CONF); 16661b22764fSDaniel OpenSolaris Anderson return (FAILURE); 16671b22764fSDaniel OpenSolaris Anderson } 16681b22764fSDaniel OpenSolaris Anderson 16691b22764fSDaniel OpenSolaris Anderson 16707c478bd9Sstevel@tonic-gate /* 16717c478bd9Sstevel@tonic-gate * For each hardware provider from kernel, check if it has an entry 16727c478bd9Sstevel@tonic-gate * in the config file. If it has an entry, print out the policy from 16737c478bd9Sstevel@tonic-gate * config file and remove the entry from the hardware provider list 16747c478bd9Sstevel@tonic-gate * of the config file. If it does not have an entry in the config 16757c478bd9Sstevel@tonic-gate * file, no mechanisms of it have been disabled. But, we still call 16767c478bd9Sstevel@tonic-gate * list_policy_for_hard() to account for the "random" feature. 16777c478bd9Sstevel@tonic-gate */ 16787c478bd9Sstevel@tonic-gate for (i = 0; i < pdevlist_kernel->dl_dev_count; i++) { 16797c478bd9Sstevel@tonic-gate (void) snprintf(provname, sizeof (provname), "%s/%d", 16807c478bd9Sstevel@tonic-gate pdevlist_kernel->dl_devs[i].le_dev_name, 16817c478bd9Sstevel@tonic-gate pdevlist_kernel->dl_devs[i].le_dev_instance); 16821b22764fSDaniel OpenSolaris Anderson 16837c478bd9Sstevel@tonic-gate found = B_FALSE; 16847c478bd9Sstevel@tonic-gate phead = ptr = pdevlist_conf; 16857c478bd9Sstevel@tonic-gate while (!found && ptr) { 16867c478bd9Sstevel@tonic-gate if (strcmp(ptr->pent->name, provname) == 0) { 16877c478bd9Sstevel@tonic-gate found = B_TRUE; 16887c478bd9Sstevel@tonic-gate } else { 16897c478bd9Sstevel@tonic-gate phead = ptr; 16907c478bd9Sstevel@tonic-gate ptr = ptr->next; 16917c478bd9Sstevel@tonic-gate } 16927c478bd9Sstevel@tonic-gate } 16937c478bd9Sstevel@tonic-gate 16947c478bd9Sstevel@tonic-gate if (found) { 16951b22764fSDaniel OpenSolaris Anderson (void) list_policy_for_hard(ptr->pent->name, 1696d616ad8eSHai-May Chao pdevlist_conf, psoftlist_conf, pdevlist_kernel); 16977c478bd9Sstevel@tonic-gate if (phead == ptr) { 16987c478bd9Sstevel@tonic-gate pdevlist_conf = pdevlist_conf->next; 16997c478bd9Sstevel@tonic-gate } else { 17007c478bd9Sstevel@tonic-gate phead->next = ptr->next; 17017c478bd9Sstevel@tonic-gate } 17027c478bd9Sstevel@tonic-gate free_entry(ptr->pent); 17037c478bd9Sstevel@tonic-gate free(ptr); 17047c478bd9Sstevel@tonic-gate } else { 17051b22764fSDaniel OpenSolaris Anderson (void) list_policy_for_hard(provname, pdevlist_conf, 1706d616ad8eSHai-May Chao psoftlist_conf, pdevlist_kernel); 17077c478bd9Sstevel@tonic-gate } 17087c478bd9Sstevel@tonic-gate } 17097c478bd9Sstevel@tonic-gate 17107c478bd9Sstevel@tonic-gate /* 17117c478bd9Sstevel@tonic-gate * If there are still entries left in the pdevlist_conf list from 17127c478bd9Sstevel@tonic-gate * the config file, these providers must have been detached. 17137c478bd9Sstevel@tonic-gate * Should print out their policy information also. 17147c478bd9Sstevel@tonic-gate */ 17151b22764fSDaniel OpenSolaris Anderson for (ptr = pdevlist_conf; ptr != NULL; ptr = ptr->next) { 17161b22764fSDaniel OpenSolaris Anderson print_kef_policy(ptr->pent->name, ptr->pent, B_FALSE, B_TRUE); 17177c478bd9Sstevel@tonic-gate } 17187c478bd9Sstevel@tonic-gate 17197c478bd9Sstevel@tonic-gate free_entrylist(pdevlist_conf); 17201b22764fSDaniel OpenSolaris Anderson free_entrylist(psoftlist_conf); 17217c478bd9Sstevel@tonic-gate free(pdevlist_kernel); 17227c478bd9Sstevel@tonic-gate 17237c478bd9Sstevel@tonic-gate return (rc); 17247c478bd9Sstevel@tonic-gate } 1725