xref: /titanic_51/usr/src/cmd/cmd-inet/usr.lib/wanboot/wanboot-cgi/wanboot-cgi.c (revision bbaa8b60dd95d714741fc474adad3cf710ef4efd)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
23  * Copyright 2012 Milan Jurik. All rights reserved.
24  */
25 
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <strings.h>
29 #include <string.h>
30 #include <libgen.h>
31 #include <unistd.h>
32 #include <fcntl.h>
33 #include <errno.h>
34 #include <netdb.h>
35 #include <libnvpair.h>
36 #include <sys/types.h>
37 #include <sys/wait.h>
38 #include <sys/stat.h>
39 #include <sys/param.h>
40 #include <sys/sysmacros.h>
41 #include <sys/mman.h>
42 #include <sys/socket.h>
43 #include <sys/utsname.h>
44 #include <sys/wanboot_impl.h>
45 #include <netinet/in.h>
46 #include <arpa/inet.h>
47 
48 #include <openssl/crypto.h>
49 #include <openssl/x509.h>
50 #include <openssl/x509v3.h>
51 #include <openssl/pem.h>
52 #include <openssl/pkcs12.h>
53 #include <openssl/evp.h>
54 #include <openssl/err.h>
55 
56 #include <p12aux.h>
57 
58 #include <parseURL.h>
59 /*
60  * These can be replaced with wanbootutil.h once the openssl interfaces
61  * are moved to libwanboot.
62  */
63 #include <wanboot/key_util.h>
64 #include <wanboot/key_xdr.h>
65 #include <hmac_sha1.h>
66 
67 #include <netboot_paths.h>
68 #include <wanboot_conf.h>
69 
70 /*
71  * Exit status:
72  */
73 #define	WBCGI_STATUS_OK		0
74 #define	WBCGI_STATUS_ERR	1
75 
76 #define	WBCGI_FILE_EXISTS(file, statbuf) \
77 	(stat(file, &statbuf) == 0 && S_ISREG(statbuf.st_mode))
78 
79 #define	WBCGI_DIR_EXISTS(dir, statbuf) \
80 	(stat(dir, &statbuf) == 0 && S_ISDIR(statbuf.st_mode))
81 
82 #define	WBCGI_HMAC_PATH		"/usr/lib/inet/wanboot/hmac"
83 #define	WBCGI_ENCR_PATH		"/usr/lib/inet/wanboot/encr"
84 #define	WBCGI_KEYMGMT_PATH	"/usr/lib/inet/wanboot/keymgmt"
85 #define	WBCGI_MKISOFS_PATH	"/bin/mkisofs"
86 
87 #define	WBCGI_DEV_URANDOM	"/dev/urandom"
88 
89 #define	WBCGI_CONTENT_TYPE	"Content-Type: "
90 #define	WBCGI_CONTENT_LENGTH	"Content-Length: "
91 #define	WBCGI_WANBOOT_BNDTXT	"WANBoot_Part_Boundary"
92 #define	WBCGI_CRNL		"\r\n"
93 
94 #define	WBCGI_CNSTR		"CN="
95 #define	WBCGI_CNSTR_LEN		(sizeof (WBCGI_CNSTR) - 1)
96 #define	WBCGI_NAMESEP		",/\n\r"
97 
98 #define	WBCGI_MAXBUF		256
99 
100 /*
101  * Possible return values from netboot_ftw():
102  */
103 #define	WBCGI_FTW_CBOK		2	/* CB terminated walk OK */
104 #define	WBCGI_FTW_CBCONT	1	/* CB wants walk should continue */
105 #define	WBCGI_FTW_DONE		0	/* Walk terminated without CBERR/CBOK */
106 #define	WBCGI_FTW_CBERR		-1	/* CB terminated walk with err */
107 
108 /*
109  * getsubopt() is used to map one of the contents[] keywords
110  * to one of these types
111  */
112 #define	WBCGI_CONTENT_ERROR	-1
113 #define	WBCGI_CONTENT_BOOTFILE	0
114 #define	WBCGI_CONTENT_BOOTFS	1
115 #define	WBCGI_CONTENT_ROOTFS	2
116 
117 static char *contents[] =
118 	{ "bootfile", "bootfs", "rootfs", NULL };
119 
120 /*
121  * getsubopt() is used to parse the query string for
122  * the keywords defined by queryopts[]
123  */
124 #define	WBCGI_QUERYOPT_CONTENT	0
125 #define	WBCGI_QUERYOPT_NET	1
126 #define	WBCGI_QUERYOPT_CID	2
127 #define	WBCGI_QUERYOPT_NONCE	3
128 
129 static char *queryopts[] =
130 	{ "CONTENT", "IP", "CID", "NONCE", NULL };
131 
132 static bc_handle_t	bc_handle;
133 
134 
135 static char *
136 status_msg(int status)
137 {
138 	char	*msg;
139 
140 	switch (status) {
141 	case 400:
142 		msg = "Bad Request";
143 		break;
144 	case 403:
145 		msg = "Forbidden";
146 		break;
147 	case 500:
148 		msg = "Internal Server Error";
149 		break;
150 	default:
151 		msg = "Unknown status";
152 		break;
153 	}
154 
155 	return (msg);
156 }
157 
158 static void
159 print_status(int status, const char *spec_msg)
160 {
161 	if (spec_msg == NULL) {
162 		spec_msg = "";
163 	}
164 
165 	(void) fprintf(stdout, "Status: %d %s %s%s", status,
166 	    status_msg(status), spec_msg, WBCGI_CRNL);
167 }
168 
169 static char *
170 make_path(const char *root, const char *suffix)
171 {
172 	char	path[MAXPATHLEN];
173 	char	*ptr = NULL;
174 	int	chars;
175 
176 	if ((chars = snprintf(path, sizeof (path),
177 	    "%s/%s", root, suffix)) < 0 || chars > sizeof (path) ||
178 	    (ptr = strdup(path)) == NULL) {
179 		print_status(500, "(error making path)");
180 	}
181 
182 	return (ptr);
183 }
184 
185 static void
186 free_path(char **pathp)
187 {
188 	if (*pathp != NULL) {
189 		free(*pathp);
190 		*pathp = NULL;
191 	}
192 }
193 
194 static char *
195 gen_tmppath(const char *prefix, const char *net, const char *cid)
196 {
197 	pid_t	pid;
198 	time_t	secs;
199 	int	chars;
200 	char	path[MAXPATHLEN];
201 	char	*ptr = NULL;
202 
203 	if ((pid = getpid()) < 0 || (secs = time(NULL)) < 0 ||
204 	    (chars = snprintf(path, sizeof (path), "/tmp/%s_%s_%s_%ld_%ld",
205 	    prefix, net, cid, pid, secs)) < 0 || chars > sizeof (path) ||
206 	    (ptr = strdup(path)) == NULL) {
207 		print_status(500, "(error creating temporary filename)");
208 	}
209 
210 	return (ptr);
211 }
212 
213 /*
214  * File I/O stuff:
215  */
216 static boolean_t
217 write_buffer(int fd, const void *buffer, size_t buflen)
218 {
219 	size_t		nwritten;
220 	ssize_t		nbytes;
221 	const char	*buf = buffer;
222 
223 	for (nwritten = 0; nwritten < buflen; nwritten += nbytes) {
224 		nbytes = write(fd, &buf[nwritten], buflen - nwritten);
225 		if (nbytes <= 0) {
226 			return (B_FALSE);
227 		}
228 	}
229 
230 	return (B_TRUE);
231 }
232 
233 static boolean_t
234 write_file(int ofd, const char *filename, size_t size)
235 {
236 	boolean_t	ret = B_TRUE;
237 	int		ifd;
238 	char		buf[1024];
239 	size_t		rlen;
240 	ssize_t		wlen;
241 
242 	if ((ifd = open(filename, O_RDONLY)) < 0) {
243 		return (B_FALSE);
244 	}
245 
246 	for (; size != 0; size -= wlen) {
247 		rlen = (size < sizeof (buf)) ? size : sizeof (buf);
248 
249 		if ((wlen = read(ifd, buf, rlen)) < 0 ||
250 		    !write_buffer(ofd, buf, wlen)) {
251 			ret = B_FALSE;
252 			break;
253 		}
254 	}
255 	(void) close(ifd);
256 
257 	return (ret);
258 }
259 
260 static boolean_t
261 copy_file(const char *src, const char *dest)
262 {
263 	boolean_t	ret = B_FALSE;
264 	char		message[WBCGI_MAXBUF];
265 	const size_t	chunksize = 16 * PAGESIZE;
266 	size_t		validsize;
267 	size_t		nwritten = 0;
268 	size_t		nbytes = 0;
269 	off_t		roff;
270 	int		mflags = MAP_PRIVATE;
271 	char		*buf = NULL;
272 	struct stat	st;
273 	int		rfd = -1;
274 	int		wfd = -1;
275 	int		chars;
276 
277 	if ((rfd = open(src, O_RDONLY)) < 0 ||
278 	    (wfd = open(dest, O_CREAT|O_EXCL|O_RDWR, S_IRUSR|S_IWUSR)) < 0 ||
279 	    fstat(rfd, &st) == -1) {
280 		goto cleanup;
281 	}
282 
283 	for (nbytes = st.st_size, roff = 0; nwritten < nbytes;
284 	    nwritten += validsize, roff += validsize) {
285 		buf = mmap(buf, chunksize, PROT_READ, mflags, rfd, roff);
286 		if (buf == MAP_FAILED) {
287 			goto cleanup;
288 		}
289 		mflags |= MAP_FIXED;
290 
291 		validsize = MIN(chunksize, nbytes - nwritten);
292 		if (!write_buffer(wfd, buf, validsize)) {
293 			(void) munmap(buf, chunksize);
294 			goto cleanup;
295 		}
296 
297 	}
298 	if (buf != NULL) {
299 		(void) munmap(buf, chunksize);
300 	}
301 
302 	ret = B_TRUE;
303 cleanup:
304 	if (ret == B_FALSE) {
305 		if ((chars = snprintf(message, sizeof (message),
306 		    "error copying %s to %s", src, dest)) > 0 &&
307 		    chars <= sizeof (message)) {
308 			print_status(500, message);
309 		} else {
310 			print_status(500, NULL);
311 		}
312 	}
313 	if (rfd != -1) {
314 		(void) close(rfd);
315 	}
316 	if (wfd != -1) {
317 		(void) close(wfd);
318 	}
319 
320 	return (ret);
321 }
322 
323 static boolean_t
324 create_nonce(const char *noncepath, const char *nonce)
325 {
326 	boolean_t	ret = B_TRUE;
327 	int		fd;
328 
329 	if ((fd = open(noncepath,
330 	    O_WRONLY|O_CREAT|O_EXCL, S_IRUSR|S_IWUSR)) == -1 ||
331 	    !write_buffer(fd, nonce, strlen(nonce))) {
332 		print_status(500, "(error creating nonce file)");
333 		ret = B_FALSE;
334 	}
335 	if (fd != -1) {
336 		(void) close(fd);
337 	}
338 
339 	return (ret);
340 }
341 
342 static boolean_t
343 create_timestamp(const char *timestamppath, const char *timestamp)
344 {
345 	boolean_t	ret = B_TRUE;
346 	int		fd;
347 
348 	if ((fd = open(timestamppath,
349 	    O_WRONLY|O_CREAT|O_EXCL, S_IRUSR|S_IWUSR)) == -1 ||
350 	    !write_buffer(fd, timestamp, strlen(timestamp))) {
351 		print_status(500, "(error creating timestamp file)");
352 		ret = B_FALSE;
353 	}
354 	if (fd != -1) {
355 		(void) close(fd);
356 	}
357 
358 	return (ret);
359 }
360 
361 static boolean_t
362 create_urandom(const char *urandompath)
363 {
364 	boolean_t	ret = B_TRUE;
365 	int		fd;
366 
367 	if ((fd = open(urandompath,
368 	    O_WRONLY|O_CREAT|O_EXCL, S_IRUSR|S_IWUSR)) == -1 ||
369 	    !write_file(fd, WBCGI_DEV_URANDOM, 32 * 1024)) {
370 		print_status(500, "(error creating urandom file)");
371 		ret = B_FALSE;
372 	}
373 	if (fd != -1) {
374 		(void) close(fd);
375 	}
376 
377 	return (ret);
378 }
379 
380 static boolean_t
381 create_null_hash(const char *hashpath)
382 {
383 	boolean_t	ret = B_TRUE;
384 	int		fd;
385 	static char	null_hash[HMAC_DIGEST_LEN];
386 
387 	if ((fd = open(hashpath,
388 	    O_WRONLY|O_CREAT|O_EXCL, S_IRUSR|S_IWUSR)) == -1 ||
389 	    !write_buffer(fd, null_hash, sizeof (null_hash))) {
390 		print_status(500, "(error creating null hash)");
391 		ret = B_FALSE;
392 	}
393 	if (fd != -1) {
394 		(void) close(fd);
395 	}
396 
397 	return (ret);
398 }
399 
400 
401 static char *
402 determine_doc_root(void)
403 {
404 	char	*doc_root;
405 
406 	/*
407 	 * If DOCUMENT_ROOT is valid, use that.
408 	 */
409 	if ((doc_root = getenv("DOCUMENT_ROOT")) == NULL ||
410 	    strlen(doc_root) == 0) {
411 		/*
412 		 * No DOCUMENT_ROOT - try PATH_TRANSLATED.
413 		 */
414 		if ((doc_root = getenv("PATH_TRANSLATED")) == NULL ||
415 		    strlen(doc_root) == 0) {
416 			/*
417 			 * Can't determine the document root.
418 			 */
419 			return (NULL);
420 		}
421 	}
422 
423 	return (doc_root);
424 }
425 
426 static boolean_t
427 get_request_info(int *contentp, char **netp, char **cidp, char **noncep,
428     char **docrootp)
429 {
430 	char	*method;
431 	char	*query_string;
432 	char	*value;
433 	char	*junk;
434 	int	i;
435 
436 	if ((method = getenv("REQUEST_METHOD")) == NULL ||
437 	    strncasecmp(method, "GET", strlen("GET") != 0)) {
438 		print_status(403, "(GET method expected)");
439 		return (B_FALSE);
440 	}
441 
442 	if ((query_string = getenv("QUERY_STRING")) == NULL) {
443 		print_status(400, "(empty query string)");
444 		return (B_FALSE);
445 	}
446 
447 	for (i = 0; i < strlen(query_string); i++) {
448 		if (query_string[i] == '&') {
449 			query_string[i] = ',';
450 		}
451 	}
452 
453 	*contentp = WBCGI_CONTENT_ERROR;
454 	*netp = *cidp = *noncep = NULL;
455 
456 	if ((*docrootp = determine_doc_root()) == NULL) {
457 		print_status(400, "(unable to determine document root)");
458 		return (B_FALSE);
459 	}
460 
461 	while (*query_string != '\0') {
462 		switch (getsubopt(&query_string, queryopts, &value)) {
463 		case WBCGI_QUERYOPT_CONTENT:
464 			*contentp = getsubopt(&value, contents, &junk);
465 			break;
466 		case WBCGI_QUERYOPT_NET:
467 			*netp = value;
468 			break;
469 		case WBCGI_QUERYOPT_CID:
470 			*cidp = value;
471 			break;
472 		case WBCGI_QUERYOPT_NONCE:
473 			*noncep = value;
474 			break;
475 		default:
476 			print_status(400, "(illegal query string)");
477 			return (B_FALSE);
478 		}
479 	}
480 
481 	switch (*contentp) {
482 	default:
483 		print_status(400, "(missing or illegal CONTENT)");
484 		return (B_FALSE);
485 
486 	case WBCGI_CONTENT_BOOTFS:
487 		if (*netp == NULL || *cidp == NULL || *noncep == NULL) {
488 			print_status(400,
489 			    "(CONTENT, IP, CID and NONCE required)");
490 			return (B_FALSE);
491 		}
492 		break;
493 
494 	case WBCGI_CONTENT_BOOTFILE:
495 	case WBCGI_CONTENT_ROOTFS:
496 		if (*netp == NULL || *cidp == NULL || *docrootp == NULL) {
497 			print_status(400,
498 			    "(CONTENT, IP, CID and DOCUMENT_ROOT required)");
499 			return (B_FALSE);
500 		}
501 		break;
502 	}
503 
504 	return (B_TRUE);
505 }
506 
507 static boolean_t
508 encrypt_payload(const char *payload, const char *encr_payload,
509     const char *keyfile, const char *encryption_type)
510 {
511 	struct stat	sbuf;
512 	int		chars;
513 	char		cmd[MAXPATHLEN];
514 	FILE		*fp;
515 	int		status;
516 	char		msg[WBCGI_MAXBUF];
517 
518 	if (!WBCGI_FILE_EXISTS(payload, sbuf)) {
519 		print_status(500, "(encrypt_payload: missing payload)");
520 		return (B_FALSE);
521 	}
522 
523 	if ((chars = snprintf(cmd, sizeof (cmd),
524 	    "%s -o type=%s -k %s < %s > %s", WBCGI_ENCR_PATH,
525 	    encryption_type, keyfile, payload, encr_payload)) < 0 ||
526 	    chars > sizeof (cmd)) {
527 		print_status(500, "(encrypt_payload: buffer overflow)");
528 		return (B_FALSE);
529 	}
530 
531 	if ((fp = popen(cmd, "w")) == NULL) {
532 		print_status(500, "(encrypt_payload: missing/file error)");
533 		return (B_FALSE);
534 	}
535 	if ((status = WEXITSTATUS(pclose(fp))) != 0) {
536 		(void) snprintf(msg, sizeof (msg),
537 		    "(encrypt_payload: failed, status=%d)", status);
538 		print_status(500, msg);
539 		return (B_FALSE);
540 	}
541 
542 	if (!WBCGI_FILE_EXISTS(encr_payload, sbuf)) {
543 		print_status(500, "(encrypt_payload: bad encrypted file)");
544 		return (B_FALSE);
545 	}
546 
547 	return (B_TRUE);
548 }
549 
550 static boolean_t
551 hash_payload(const char *payload, const char *payload_hash,
552     const char *keyfile)
553 {
554 	struct stat	sbuf;
555 	int		chars;
556 	char		cmd[MAXPATHLEN];
557 	FILE		*fp;
558 	int		status;
559 	char		msg[WBCGI_MAXBUF];
560 
561 	if (!WBCGI_FILE_EXISTS(payload, sbuf)) {
562 		print_status(500, "(hash_payload: missing payload)");
563 		return (B_FALSE);
564 	}
565 
566 	if ((chars = snprintf(cmd, sizeof (cmd), "%s -i %s -k %s > %s",
567 	    WBCGI_HMAC_PATH, payload, keyfile, payload_hash)) < 0 ||
568 	    chars > sizeof (cmd)) {
569 		print_status(500, "(hash_payload: buffer overflow)");
570 		return (B_FALSE);
571 	}
572 
573 	if ((fp = popen(cmd, "w")) == NULL) {
574 		print_status(500, "(hash_payload: missing/file error)");
575 		return (B_FALSE);
576 	}
577 	if ((status = WEXITSTATUS(pclose(fp))) != 0) {
578 		(void) snprintf(msg, sizeof (msg),
579 		    "(hash_payload: failed, status=%d)", status);
580 		print_status(500, msg);
581 		return (B_FALSE);
582 	}
583 
584 	if (!WBCGI_FILE_EXISTS(payload_hash, sbuf) ||
585 	    sbuf.st_size < HMAC_DIGEST_LEN) {
586 		print_status(500, "(hash_payload: bad signature file)");
587 		return (B_FALSE);
588 	}
589 
590 	return (B_TRUE);
591 }
592 
593 static boolean_t
594 extract_keystore(const char *path, const char *keystorepath)
595 {
596 	struct stat	sbuf;
597 	int		chars;
598 	char		cmd[MAXPATHLEN];
599 	FILE		*fp;
600 	int		status;
601 	char		msg[WBCGI_MAXBUF];
602 
603 	if (!WBCGI_FILE_EXISTS(path, sbuf)) {
604 		print_status(500, "(extract_keystore: missing keystore)");
605 		return (B_FALSE);
606 	}
607 
608 	if ((chars = snprintf(cmd, sizeof (cmd),
609 	    "%s -x -f %s -s %s -o type=rsa",
610 	    WBCGI_KEYMGMT_PATH, keystorepath, path)) < 0 ||
611 	    chars > sizeof (cmd)) {
612 		print_status(500, "(extract_keystore: buffer overflow)");
613 		return (B_FALSE);
614 	}
615 
616 	if ((fp = popen(cmd, "w")) == NULL) {
617 		print_status(500, "(extract_keystore: missing/file error)");
618 		return (B_FALSE);
619 	}
620 	if ((status = WEXITSTATUS(pclose(fp))) != 0) {
621 		(void) snprintf(msg, sizeof (msg),
622 		    "(extract_keystore: failed, status=%d)", status);
623 		print_status(500, msg);
624 		return (B_FALSE);
625 	}
626 
627 	if (!WBCGI_FILE_EXISTS(keystorepath, sbuf)) {
628 		print_status(500, "(extract_keystore: failed to create)");
629 		return (B_FALSE);
630 	}
631 
632 	return (B_TRUE);
633 }
634 
635 static boolean_t
636 mkisofs(const char *image_dir, const char *image)
637 {
638 	struct stat	sbuf;
639 	int		chars;
640 	char		cmd[MAXPATHLEN];
641 	FILE		*fp;
642 	int		status;
643 	char		msg[WBCGI_MAXBUF];
644 
645 	if (!WBCGI_DIR_EXISTS(image_dir, sbuf)) {
646 		print_status(500, "(mksiofs: missing image_dir)");
647 		return (B_FALSE);
648 	}
649 
650 	if ((chars = snprintf(cmd, sizeof (cmd), "%s -quiet -o %s -r %s",
651 	    WBCGI_MKISOFS_PATH, image, image_dir)) < 0 ||
652 	    chars > sizeof (cmd)) {
653 		print_status(500, "(mkisofs: buffer overflow)");
654 		return (B_FALSE);
655 	}
656 
657 	if ((fp = popen(cmd, "w")) == NULL) {
658 		print_status(500, "(mkisofs: missing/file error)");
659 		return (B_FALSE);
660 	}
661 	if ((status = WEXITSTATUS(pclose(fp))) != 0) {
662 		(void) snprintf(msg, sizeof (msg),
663 		    "(mkisofs: failed, status=%d)", status);
664 		print_status(500, msg);
665 		return (B_FALSE);
666 	}
667 
668 	if (!WBCGI_FILE_EXISTS(image, sbuf)) {
669 		print_status(500, "(mksiofs: failed to create image)");
670 		return (B_FALSE);
671 	}
672 
673 	return (B_TRUE);
674 }
675 
676 /*
677  * This function, when invoked with a file name, optional network and
678  * client ID strings, and callback function will search for the file
679  * in the following locations:
680  *
681  * NB_NETBOOT_ROOT/<network>/<client id>/<file>
682  * NB_NETBOOT_ROOT/<client id>/<file>
683  * NB_NETBOOT_ROOT/<network>/<file>
684  * NB_NETBOOT_ROOT/<file>
685  *
686  * The callback function is invoked each time the file is found until
687  * we have searched all of the above locations or the callback function
688  * returns a value other than WBCGI_FTW_CBCONT.
689  *
690  * Arguments:
691  *	filename - Name of file to search for.
692  *	net      - Optional network number to include in search hierarchy.
693  *	cid      - Optional client ID to include in search hierarchy.
694  *	cb       - Callback function to be called when file is found.
695  *	arg	 - Argument to be supplied to the callback funtion.
696  *
697  * Returns:
698  *	WBCGI_FTW_DONE, WBCGI_FTW_CBOK or WBCGI_FTW_CBERR.
699  */
700 static int
701 netboot_ftw(const char *filename, const char *net, const char *cid,
702     int (*cb)(const char *, void *arg), void *arg)
703 {
704 	char		ckpath[4][MAXPATHLEN];
705 	int		ret;
706 	struct		stat buf;
707 	int		i = 0;
708 
709 	if (snprintf(ckpath[i++], MAXPATHLEN, "%s%s", NB_NETBOOT_ROOT, filename)
710 	    >= MAXPATHLEN)
711 		return (WBCGI_FTW_CBERR);
712 
713 	if (net != NULL && snprintf(ckpath[i++], MAXPATHLEN, "%s%s/%s",
714 	    NB_NETBOOT_ROOT, net, filename) >= MAXPATHLEN)
715 		return (WBCGI_FTW_CBERR);
716 
717 	if (cid != NULL) {
718 		if (snprintf(ckpath[i++], MAXPATHLEN, "%s%s/%s",
719 		    NB_NETBOOT_ROOT, cid, filename) >= MAXPATHLEN)
720 			return (WBCGI_FTW_CBERR);
721 
722 		if (net != NULL && snprintf(ckpath[i++], MAXPATHLEN,
723 		    "%s%s/%s/%s", NB_NETBOOT_ROOT, net, cid, filename) >=
724 		    MAXPATHLEN)
725 			return (WBCGI_FTW_CBERR);
726 	}
727 
728 	/*
729 	 * Loop through hierarchy and check for file existence.
730 	 */
731 	while (i > 0) {
732 		--i;
733 		if (WBCGI_FILE_EXISTS(ckpath[i], buf)) {
734 			if ((ret = cb(ckpath[i], arg)) != WBCGI_FTW_CBCONT)
735 				return (ret);
736 		}
737 	}
738 	return (WBCGI_FTW_DONE);
739 }
740 
741 /*ARGSUSED*/
742 static int
743 noact_cb(const char *path, void *arg)
744 {
745 	return (WBCGI_FTW_CBOK);
746 }
747 
748 static int
749 set_pathname(const char *path, void *pathname)
750 {
751 	*(char **)pathname = strdup((char *)path);
752 	return (WBCGI_FTW_CBOK);
753 }
754 
755 static int
756 create_keystore(const char *path, void *keystorepath)
757 {
758 	if (!extract_keystore(path, (char *)keystorepath)) {
759 		return (WBCGI_FTW_CBERR);
760 	}
761 	return (WBCGI_FTW_CBOK);
762 }
763 
764 static int
765 copy_certstore(const char *path, void *certstorepath)
766 {
767 	if (!copy_file(path, (char *)certstorepath)) {
768 		return (WBCGI_FTW_CBERR);
769 	}
770 	return (WBCGI_FTW_CBOK);
771 }
772 
773 /*
774  * Add the certs found in the trustfile found in path (a trust store) to
775  * the file found at bootfs_dir/truststore.  If necessary, create the
776  * output file.
777  */
778 static int
779 build_trustfile(const char *path, void *truststorepath)
780 {
781 	int		ret = WBCGI_FTW_CBERR;
782 	STACK_OF(X509)	*i_anchors = NULL;
783 	STACK_OF(X509)	*o_anchors = NULL;
784 	char		message[WBCGI_MAXBUF];
785 	PKCS12		*p12 = NULL;
786 	FILE		*rfp = NULL;
787 	FILE		*wfp = NULL;
788 	struct stat	i_st;
789 	struct stat	o_st;
790 	X509		*x = NULL;
791 	int		errtype = 0;
792 	int		wfd = -1;
793 	int		chars;
794 	int		i;
795 
796 	if (!WBCGI_FILE_EXISTS(path, i_st)) {
797 		goto cleanup;
798 	}
799 
800 	if (WBCGI_FILE_EXISTS((char *)truststorepath, o_st)) {
801 		/*
802 		 * If we are inadvertantly writing to the input file.
803 		 * return success.
804 		 * XXX Pete: how can this happen, and why success?
805 		 */
806 		if (i_st.st_ino == o_st.st_ino) {
807 			ret = WBCGI_FTW_CBCONT;
808 			goto cleanup;
809 		}
810 		if ((wfp = fopen((char *)truststorepath, "r+")) == NULL) {
811 			goto cleanup;
812 		}
813 		/*
814 		 * Read what's already there, so that new information
815 		 * can be added.
816 		 */
817 		if ((p12 = d2i_PKCS12_fp(wfp, NULL)) == NULL) {
818 			errtype = 1;
819 			goto cleanup;
820 		}
821 		i = sunw_PKCS12_parse(p12, WANBOOT_PASSPHRASE, DO_NONE, NULL,
822 		    0, NULL, NULL, NULL, &o_anchors);
823 		if (i <= 0) {
824 			errtype = 1;
825 			goto cleanup;
826 		}
827 
828 		PKCS12_free(p12);
829 		p12 = NULL;
830 	} else {
831 		if (errno != ENOENT) {
832 			chars = snprintf(message, sizeof (message),
833 			    "(error accessing file %s, error %s)",
834 			    path, strerror(errno));
835 			if (chars > 0 && chars < sizeof (message))
836 				print_status(500, message);
837 			else
838 				print_status(500, NULL);
839 			return (WBCGI_FTW_CBERR);
840 		}
841 
842 		/*
843 		 * Note: We could copy the file to the new trustfile, but
844 		 * we can't verify the password that way.  Therefore, copy
845 		 * it by reading it.
846 		 */
847 		if ((wfd = open((char *)truststorepath,
848 		    O_CREAT|O_EXCL|O_RDWR, 0700)) < 0) {
849 			goto cleanup;
850 		}
851 		if ((wfp = fdopen(wfd, "w+")) == NULL) {
852 			goto cleanup;
853 		}
854 		o_anchors = sk_X509_new_null();
855 		if (o_anchors == NULL) {
856 			goto cleanup;
857 		}
858 	}
859 
860 	if ((rfp = fopen(path, "r")) == NULL) {
861 		goto cleanup;
862 	}
863 	if ((p12 = d2i_PKCS12_fp(rfp, NULL)) == NULL) {
864 		errtype = 1;
865 		goto cleanup;
866 	}
867 	i = sunw_PKCS12_parse(p12, WANBOOT_PASSPHRASE, DO_NONE, NULL, 0, NULL,
868 	    NULL, NULL, &i_anchors);
869 	if (i <= 0) {
870 		errtype = 1;
871 		goto cleanup;
872 	}
873 	PKCS12_free(p12);
874 	p12 = NULL;
875 
876 	/*
877 	 * Merge the two stacks of pkcs12 certs.
878 	 */
879 	for (i = 0; i < sk_X509_num(i_anchors); i++) {
880 		/* LINTED */
881 		x = sk_X509_delete(i_anchors, i);
882 		(void) sk_X509_push(o_anchors, x);
883 	}
884 
885 	/*
886 	 * Create the pkcs12 structure from the modified input stack and
887 	 * then write out that structure.
888 	 */
889 	p12 = sunw_PKCS12_create((const char *)WANBOOT_PASSPHRASE, NULL, NULL,
890 	    o_anchors);
891 	if (p12 == NULL) {
892 		goto cleanup;
893 	}
894 	rewind(wfp);
895 	if (i2d_PKCS12_fp(wfp, p12) == 0) {
896 		goto cleanup;
897 	}
898 
899 	ret = WBCGI_FTW_CBCONT;
900 cleanup:
901 	if (ret == WBCGI_FTW_CBERR) {
902 		if (errtype == 1) {
903 			chars = snprintf(message, sizeof (message),
904 			    "(internal PKCS12 error while copying %s to %s)",
905 			    path, (char *)truststorepath);
906 		} else {
907 			chars = snprintf(message, sizeof (message),
908 			    "(error copying %s to %s)",
909 			    path, (char *)truststorepath);
910 		}
911 		if (chars > 0 && chars <= sizeof (message)) {
912 			print_status(500, message);
913 		} else {
914 			print_status(500, NULL);
915 		}
916 	}
917 	if (rfp != NULL) {
918 		(void) fclose(rfp);
919 	}
920 	if (wfp != NULL) {
921 		/* Will also close wfd */
922 		(void) fclose(wfp);
923 	}
924 	if (p12 != NULL) {
925 		PKCS12_free(p12);
926 	}
927 	if (i_anchors != NULL) {
928 		sk_X509_pop_free(i_anchors, X509_free);
929 	}
930 	if (o_anchors != NULL) {
931 		sk_X509_pop_free(o_anchors, X509_free);
932 	}
933 
934 	return (ret);
935 }
936 
937 static boolean_t
938 check_key_type(const char *keyfile, const char *keytype, int flag)
939 {
940 	boolean_t	ret = B_FALSE;
941 	FILE		*key_fp = NULL;
942 	wbku_key_attr_t	ka;
943 
944 	/*
945 	 * Map keytype into the ka structure
946 	 */
947 	if (wbku_str_to_keyattr(keytype, &ka, flag) != WBKU_SUCCESS) {
948 		goto cleanup;
949 	}
950 
951 	/*
952 	 * Open the key file for reading.
953 	 */
954 	if ((key_fp = fopen(keyfile, "r")) == NULL) {
955 		goto cleanup;
956 	}
957 
958 	/*
959 	 * Find the valid client key, if it exists.
960 	 */
961 	if (wbku_find_key(key_fp, NULL, &ka, NULL, B_FALSE) != WBKU_SUCCESS) {
962 		goto cleanup;
963 	}
964 
965 	ret = B_TRUE;
966 cleanup:
967 	if (key_fp != NULL) {
968 		(void) fclose(key_fp);
969 	}
970 
971 	return (ret);
972 }
973 
974 static boolean_t
975 resolve_hostname(const char *hostname, nvlist_t *nvl, boolean_t may_be_crap)
976 {
977 	struct sockaddr_in	sin;
978 	struct hostent		*hp;
979 	struct utsname		un;
980 	static char 		myname[SYS_NMLN] = { '\0' };
981 	char			*cp = NULL;
982 	char			msg[WBCGI_MAXBUF];
983 
984 	/*
985 	 *  Initialize cached nodename
986 	 */
987 	if (strlen(myname) == 0) {
988 		if (uname(&un) == -1) {
989 			(void) snprintf(msg, sizeof (msg),
990 			    "(unable to retrieve uname, errno %d)", errno);
991 			print_status(500, msg);
992 			return (B_FALSE);
993 		}
994 		(void) strcpy(myname, un.nodename);
995 	}
996 
997 	/*
998 	 * If hostname is local node name, return the address this
999 	 * request came in on, which is supplied as SERVER_ADDR in the
1000 	 * cgi environment.  This ensures we don't send back a possible
1001 	 * alternate address that may be unreachable from the client's
1002 	 * network.  Otherwise, just resolve with nameservice.
1003 	 */
1004 	if ((strcmp(hostname, myname) != 0) ||
1005 	    ((cp = getenv("SERVER_ADDR")) == NULL)) {
1006 		if (((hp = gethostbyname(hostname)) == NULL) ||
1007 		    (hp->h_addrtype != AF_INET) ||
1008 		    (hp->h_length != sizeof (struct in_addr))) {
1009 			if (!may_be_crap) {
1010 				print_status(500, "(error resolving hostname)");
1011 			}
1012 			return (may_be_crap);
1013 		}
1014 		(void) memcpy(&sin.sin_addr, hp->h_addr, hp->h_length);
1015 		cp = inet_ntoa(sin.sin_addr);
1016 	}
1017 
1018 	if (nvlist_add_string(nvl, (char *)hostname, cp) != 0) {
1019 		print_status(500, "(error adding hostname to nvlist)");
1020 		return (B_FALSE);
1021 	}
1022 
1023 	return (B_TRUE);
1024 }
1025 
1026 /*
1027  * one_name() is called for each certificate found and is passed the string
1028  * that X509_NAME_oneline() returns.  Its job is to find the common name and
1029  * determine whether it is a host name; if it is then a line suitable for
1030  * inclusion in /etc/inet/hosts is written to that file.
1031  */
1032 static boolean_t
1033 one_name(const char *namestr, nvlist_t *nvl)
1034 {
1035 	boolean_t	ret = B_TRUE;
1036 	char		*p;
1037 	char		*q;
1038 	char		c;
1039 
1040 	if (namestr != NULL &&
1041 	    (p = strstr(namestr, WBCGI_CNSTR)) != NULL) {
1042 		p += WBCGI_CNSTR_LEN;
1043 
1044 		if ((q = strpbrk(p, WBCGI_NAMESEP)) != NULL) {
1045 			c = *q;
1046 			*q = '\0';
1047 			ret = resolve_hostname(p, nvl, B_TRUE);
1048 			*q = c;
1049 		} else {
1050 			ret = resolve_hostname(p, nvl, B_TRUE);
1051 		}
1052 	}
1053 
1054 	return (ret);
1055 }
1056 
1057 /*
1058  * Loop through the certificates in a file
1059  */
1060 static int
1061 get_hostnames(const char *path, void *nvl)
1062 {
1063 	int		ret = WBCGI_FTW_CBERR;
1064 	STACK_OF(X509)	*certs = NULL;
1065 	PKCS12		*p12 = NULL;
1066 	char		message[WBCGI_MAXBUF];
1067 	char		buf[WBCGI_MAXBUF + 1];
1068 	FILE		*rfp = NULL;
1069 	X509		*x = NULL;
1070 	int		errtype = 0;
1071 	int		chars;
1072 	int		i;
1073 
1074 	if ((rfp = fopen(path, "r")) == NULL) {
1075 		goto cleanup;
1076 	}
1077 
1078 	if ((p12 = d2i_PKCS12_fp(rfp, NULL)) == NULL) {
1079 		errtype = 1;
1080 		goto cleanup;
1081 	}
1082 	i = sunw_PKCS12_parse(p12, WANBOOT_PASSPHRASE, DO_NONE, NULL, 0, NULL,
1083 	    NULL, NULL, &certs);
1084 	if (i <= 0) {
1085 		errtype = 1;
1086 		goto cleanup;
1087 	}
1088 
1089 	PKCS12_free(p12);
1090 	p12 = NULL;
1091 
1092 	for (i = 0; i < sk_X509_num(certs); i++) {
1093 		/* LINTED */
1094 		x = sk_X509_value(certs, i);
1095 		if (!one_name(sunw_issuer_attrs(x, buf, sizeof (buf) - 1),
1096 		    nvl)) {
1097 			goto cleanup;
1098 		}
1099 	}
1100 
1101 	ret = WBCGI_FTW_CBCONT;
1102 cleanup:
1103 	if (ret == WBCGI_FTW_CBERR) {
1104 		if (errtype == 1) {
1105 			chars = snprintf(message, sizeof (message),
1106 			    "(internal PKCS12 error reading %s)", path);
1107 		} else {
1108 			chars = snprintf(message, sizeof (message),
1109 			    "error reading %s", path);
1110 		}
1111 		if (chars > 0 && chars <= sizeof (message)) {
1112 			print_status(500, message);
1113 		} else {
1114 			print_status(500, NULL);
1115 		}
1116 	}
1117 	if (rfp != NULL) {
1118 		(void) fclose(rfp);
1119 	}
1120 	if (p12 != NULL) {
1121 		PKCS12_free(p12);
1122 	}
1123 	if (certs != NULL) {
1124 		sk_X509_pop_free(certs, X509_free);
1125 	}
1126 
1127 	return (ret);
1128 }
1129 
1130 /*
1131  * Create a hosts file by extracting hosts from client and truststore
1132  * files.  Use the CN. Then we should copy that file to the inet dir.
1133  */
1134 static boolean_t
1135 create_hostsfile(const char *hostsfile, const char *net, const char *cid)
1136 {
1137 	boolean_t	ret = B_FALSE;
1138 	nvlist_t	*nvl;
1139 	nvpair_t	*nvp;
1140 	FILE		*hostfp = NULL;
1141 	int		hostfd = -1;
1142 	int		i;
1143 	char		*hostslist;
1144 	const char	*bc_urls[] = { BC_ROOT_SERVER, BC_BOOT_LOGGER, NULL };
1145 
1146 	/*
1147 	 * Allocate nvlist handle to store our hostname/IP pairs.
1148 	 */
1149 	if (nvlist_alloc(&nvl, NV_UNIQUE_NAME, 0) != 0) {
1150 		print_status(500, "(error allocating hostname nvlist)");
1151 		goto cleanup;
1152 	}
1153 
1154 	/*
1155 	 * Extract and resolve hostnames from CNs.
1156 	 */
1157 	if (netboot_ftw(NB_CLIENT_CERT, net, cid,
1158 	    get_hostnames, nvl) == WBCGI_FTW_CBERR ||
1159 	    netboot_ftw(NB_CA_CERT, net, cid,
1160 	    get_hostnames, nvl) == WBCGI_FTW_CBERR) {
1161 		goto cleanup;
1162 	}
1163 
1164 	/*
1165 	 * Extract and resolve hostnames from any URLs in bootconf.
1166 	 */
1167 	for (i = 0; bc_urls[i] != NULL; ++i) {
1168 		char	*urlstr;
1169 		url_t	url;
1170 
1171 		if ((urlstr = bootconf_get(&bc_handle, bc_urls[i])) != NULL &&
1172 		    url_parse(urlstr, &url) == URL_PARSE_SUCCESS) {
1173 			if (!resolve_hostname(url.hport.hostname,
1174 			    nvl, B_FALSE)) {
1175 				goto cleanup;
1176 			}
1177 		}
1178 	}
1179 
1180 	/*
1181 	 * If there is a resolve-hosts list in bootconf, resolve those
1182 	 * hostnames too.
1183 	 */
1184 	if ((hostslist = bootconf_get(&bc_handle, BC_RESOLVE_HOSTS)) != NULL) {
1185 		char	*hostname;
1186 
1187 		for (hostname = strtok(hostslist, ","); hostname != NULL;
1188 		    hostname = strtok(NULL, ",")) {
1189 			if (!resolve_hostname(hostname, nvl, B_FALSE)) {
1190 				goto cleanup;
1191 			}
1192 		}
1193 	}
1194 
1195 	/*
1196 	 * Now write the hostname/IP pairs gathered to the hosts file.
1197 	 */
1198 	if ((hostfd = open(hostsfile,
1199 	    O_RDWR|O_CREAT|O_EXCL, S_IRUSR|S_IWUSR)) == -1 ||
1200 	    (hostfp = fdopen(hostfd, "w+")) == NULL) {
1201 		print_status(500, "(error creating hosts file)");
1202 		goto cleanup;
1203 	}
1204 	for (nvp = nvlist_next_nvpair(nvl, NULL); nvp != NULL;
1205 	    nvp = nvlist_next_nvpair(nvl, nvp)) {
1206 		char	*hostname;
1207 		char	*ipstr;
1208 
1209 		hostname = nvpair_name(nvp);
1210 		if (nvpair_value_string(nvp, &ipstr) != 0) {
1211 			print_status(500, "(nvl error writing hosts file)");
1212 			goto cleanup;
1213 		}
1214 
1215 		if (fprintf(hostfp, "%s\t%s\n", ipstr, hostname) < 0) {
1216 			print_status(500, "(error writing hosts file)");
1217 			goto cleanup;
1218 		}
1219 	}
1220 
1221 	ret = B_TRUE;
1222 cleanup:
1223 	if (nvl != NULL) {
1224 		nvlist_free(nvl);
1225 	}
1226 	if (hostfp != NULL) {
1227 		/*
1228 		 * hostfd is automatically closed as well.
1229 		 */
1230 		(void) fclose(hostfp);
1231 	}
1232 
1233 	return (ret);
1234 }
1235 
1236 static boolean_t
1237 bootfile_payload(const char *docroot, char **bootpathp)
1238 {
1239 	boolean_t	ret = B_FALSE;
1240 	char		*boot_file;
1241 	struct stat	sbuf;
1242 
1243 	if ((boot_file = bootconf_get(&bc_handle, BC_BOOT_FILE)) == NULL) {
1244 		print_status(500, "(boot_file must be specified)");
1245 		goto cleanup;
1246 	}
1247 	if ((*bootpathp = make_path(docroot, boot_file)) == NULL) {
1248 		goto cleanup;
1249 	}
1250 	if (!WBCGI_FILE_EXISTS(*bootpathp, sbuf)) {
1251 		print_status(500, "(boot_file missing)");
1252 		goto cleanup;
1253 	}
1254 
1255 	ret = B_TRUE;
1256 cleanup:
1257 	return (ret);
1258 }
1259 
1260 /*
1261  * Create the wanboot file system whose contents are determined by the
1262  * security configuration specified in bootconf.
1263  */
1264 static boolean_t
1265 wanbootfs_payload(const char *net, const char *cid, const char *nonce,
1266     const char *bootconf, char **wanbootfs_imagep)
1267 {
1268 	int		ret = B_FALSE;
1269 
1270 	char		*server_authentication;
1271 	char		*client_authentication;
1272 	char		*scf;
1273 
1274 	char		*bootfs_dir = NULL;
1275 	char		*bootfs_etc_dir = NULL;
1276 	char		*bootfs_etc_inet_dir = NULL;
1277 	char		*bootfs_dev_dir = NULL;
1278 
1279 	char		*systemconf = NULL;
1280 	char		*keystorepath = NULL;
1281 	char		*certstorepath = NULL;
1282 	char		*truststorepath = NULL;
1283 	char		*bootconfpath = NULL;
1284 	char		*systemconfpath = NULL;
1285 	char		*urandompath = NULL;
1286 	char		*noncepath = NULL;
1287 	char		*hostspath = NULL;
1288 	char		*etc_hostspath = NULL;
1289 	char		*timestamppath = NULL;
1290 
1291 	boolean_t	authenticate_client;
1292 	boolean_t	authenticate_server;
1293 
1294 	struct stat	sbuf;
1295 
1296 	/*
1297 	 * Initialize SSL stuff.
1298 	 */
1299 	sunw_crypto_init();
1300 
1301 	/*
1302 	 * Get the security strategy values.
1303 	 */
1304 	client_authentication = bootconf_get(&bc_handle,
1305 	    BC_CLIENT_AUTHENTICATION);
1306 	authenticate_client = (client_authentication != NULL &&
1307 	    strcmp(client_authentication, "yes") == 0);
1308 	server_authentication = bootconf_get(&bc_handle,
1309 	    BC_SERVER_AUTHENTICATION);
1310 	authenticate_server = (server_authentication != NULL &&
1311 	    strcmp(server_authentication, "yes") == 0);
1312 
1313 	/*
1314 	 * Make a temporary directory structure for the wanboot file system.
1315 	 */
1316 	if ((bootfs_dir = gen_tmppath("bootfs_dir", net, cid)) == NULL ||
1317 	    (bootfs_etc_dir = make_path(bootfs_dir, "etc")) == NULL ||
1318 	    (bootfs_etc_inet_dir = make_path(bootfs_etc_dir, "inet")) == NULL ||
1319 	    (bootfs_dev_dir = make_path(bootfs_dir, "dev")) == NULL) {
1320 		goto cleanup;
1321 	}
1322 	if (mkdirp(bootfs_dir, 0700) ||
1323 	    mkdirp(bootfs_etc_dir, 0700) ||
1324 	    mkdirp(bootfs_etc_inet_dir, 0700) ||
1325 	    mkdirp(bootfs_dev_dir, 0700)) {
1326 		print_status(500, "(error creating wanbootfs dir structure)");
1327 		goto cleanup;
1328 	}
1329 
1330 	if (authenticate_client) {
1331 		/*
1332 		 * Add the client private key.
1333 		 */
1334 		if ((keystorepath = make_path(bootfs_dir,
1335 		    NB_CLIENT_KEY)) == NULL ||
1336 		    netboot_ftw(NB_CLIENT_KEY, net, cid,
1337 		    create_keystore, keystorepath) != WBCGI_FTW_CBOK) {
1338 			goto cleanup;
1339 		}
1340 
1341 		/*
1342 		 * Add the client certificate.
1343 		 */
1344 		if ((certstorepath = make_path(bootfs_dir,
1345 		    NB_CLIENT_CERT)) == NULL ||
1346 		    netboot_ftw(NB_CLIENT_CERT, net, cid,
1347 		    copy_certstore, certstorepath) != WBCGI_FTW_CBOK) {
1348 			goto cleanup;
1349 		}
1350 	}
1351 
1352 	if (authenticate_client || authenticate_server) {
1353 		/*
1354 		 * Add the trustfile; at least one truststore must exist.
1355 		 */
1356 		if ((truststorepath = make_path(bootfs_dir,
1357 		    NB_CA_CERT)) == NULL) {
1358 			goto cleanup;
1359 		}
1360 		if (netboot_ftw(NB_CA_CERT, net, cid,
1361 		    noact_cb, NULL) != WBCGI_FTW_CBOK) {
1362 			print_status(500, "(truststore not found)");
1363 		}
1364 		if (netboot_ftw(NB_CA_CERT, net, cid,
1365 		    build_trustfile, truststorepath) == WBCGI_FTW_CBERR) {
1366 			goto cleanup;
1367 		}
1368 
1369 		/*
1370 		 * Create the /dev/urandom file.
1371 		 */
1372 		if ((urandompath = make_path(bootfs_dev_dir,
1373 		    "urandom")) == NULL ||
1374 		    !create_urandom(urandompath)) {
1375 			goto cleanup;
1376 		}
1377 	}
1378 
1379 	/*
1380 	 * Add the wanboot.conf(4) file.
1381 	 */
1382 	if ((bootconfpath = make_path(bootfs_dir, NB_WANBOOT_CONF)) == NULL ||
1383 	    !copy_file(bootconf, bootconfpath)) {
1384 		goto cleanup;
1385 	}
1386 
1387 	/*
1388 	 * Add the system_conf file if present.
1389 	 */
1390 	if ((scf = bootconf_get(&bc_handle, BC_SYSTEM_CONF)) != NULL) {
1391 		if (netboot_ftw(scf, net, cid,
1392 		    set_pathname, &systemconf) != WBCGI_FTW_CBOK) {
1393 			print_status(500, "(system_conf file not found)");
1394 			goto cleanup;
1395 		}
1396 		if ((systemconfpath = make_path(bootfs_dir,
1397 		    NB_SYSTEM_CONF)) == NULL ||
1398 		    !copy_file(systemconf, systemconfpath)) {
1399 			goto cleanup;
1400 		}
1401 	}
1402 
1403 	/*
1404 	 * Create the /nonce file.
1405 	 */
1406 	if ((noncepath = make_path(bootfs_dir, "nonce")) == NULL ||
1407 	    !create_nonce(noncepath, nonce)) {
1408 		goto cleanup;
1409 	}
1410 
1411 	/*
1412 	 * Create an /etc/inet/hosts file by extracting hostnames from CN,
1413 	 * URLs in bootconf and resolve-hosts in bootconf.
1414 	 */
1415 	if ((hostspath = make_path(bootfs_etc_inet_dir, "hosts")) == NULL ||
1416 	    !create_hostsfile(hostspath, net, cid)) {
1417 		goto cleanup;
1418 	}
1419 
1420 	/*
1421 	 * We would like to create a symbolic link etc/hosts -> etc/inet/hosts,
1422 	 * but unfortunately the HSFS support in the standalone doesn't handle
1423 	 * symlinks.
1424 	 */
1425 	if ((etc_hostspath = make_path(bootfs_etc_dir, "hosts")) == NULL ||
1426 	    !copy_file(hostspath, etc_hostspath)) {
1427 		goto cleanup;
1428 	}
1429 
1430 	/*
1431 	 * Create the /timestamp file.
1432 	 */
1433 	if ((timestamppath = make_path(bootfs_dir, "timestamp")) == NULL ||
1434 	    !create_timestamp(timestamppath, "timestamp")) {
1435 		goto cleanup;
1436 	}
1437 
1438 	/*
1439 	 * Create an HSFS file system for the directory.
1440 	 */
1441 	if ((*wanbootfs_imagep = gen_tmppath("wanbootfs", net, cid)) == NULL ||
1442 	    !mkisofs(bootfs_dir, *wanbootfs_imagep)) {
1443 		goto cleanup;
1444 	}
1445 
1446 	ret = B_TRUE;
1447 cleanup:
1448 	/*
1449 	 * Clean up temporary files and directories.
1450 	 */
1451 	if (keystorepath != NULL &&
1452 	    WBCGI_FILE_EXISTS(keystorepath, sbuf)) {
1453 		(void) unlink(keystorepath);
1454 	}
1455 	if (certstorepath != NULL &&
1456 	    WBCGI_FILE_EXISTS(certstorepath, sbuf)) {
1457 		(void) unlink(certstorepath);
1458 	}
1459 	if (truststorepath != NULL &&
1460 	    WBCGI_FILE_EXISTS(truststorepath, sbuf)) {
1461 		(void) unlink(truststorepath);
1462 	}
1463 	if (bootconfpath != NULL &&
1464 	    WBCGI_FILE_EXISTS(bootconfpath, sbuf)) {
1465 		(void) unlink(bootconfpath);
1466 	}
1467 	if (systemconfpath != NULL &&
1468 	    WBCGI_FILE_EXISTS(systemconfpath, sbuf)) {
1469 		(void) unlink(systemconfpath);
1470 	}
1471 	if (urandompath != NULL &&
1472 	    WBCGI_FILE_EXISTS(urandompath, sbuf)) {
1473 		(void) unlink(urandompath);
1474 	}
1475 	if (noncepath != NULL &&
1476 	    WBCGI_FILE_EXISTS(noncepath, sbuf)) {
1477 		(void) unlink(noncepath);
1478 	}
1479 	if (hostspath != NULL &&
1480 	    WBCGI_FILE_EXISTS(hostspath, sbuf)) {
1481 		(void) unlink(hostspath);
1482 	}
1483 	if (etc_hostspath != NULL &&
1484 	    WBCGI_FILE_EXISTS(etc_hostspath, sbuf)) {
1485 		(void) unlink(etc_hostspath);
1486 	}
1487 	if (timestamppath != NULL &&
1488 	    WBCGI_FILE_EXISTS(timestamppath, sbuf)) {
1489 		(void) unlink(timestamppath);
1490 	}
1491 
1492 	if (bootfs_etc_inet_dir != NULL &&
1493 	    WBCGI_DIR_EXISTS(bootfs_etc_inet_dir, sbuf)) {
1494 		(void) rmdir(bootfs_etc_inet_dir);
1495 	}
1496 	if (bootfs_etc_dir != NULL &&
1497 	    WBCGI_DIR_EXISTS(bootfs_etc_dir, sbuf)) {
1498 		(void) rmdir(bootfs_etc_dir);
1499 	}
1500 	if (bootfs_dev_dir != NULL &&
1501 	    WBCGI_DIR_EXISTS(bootfs_dev_dir, sbuf)) {
1502 		(void) rmdir(bootfs_dev_dir);
1503 	}
1504 	if (bootfs_dir != NULL &&
1505 	    WBCGI_DIR_EXISTS(bootfs_dir, sbuf)) {
1506 		(void) rmdir(bootfs_dir);
1507 	}
1508 
1509 	/*
1510 	 * Free allocated memory.
1511 	 */
1512 	free_path(&bootfs_dir);
1513 	free_path(&bootfs_etc_dir);
1514 	free_path(&bootfs_etc_inet_dir);
1515 	free_path(&bootfs_dev_dir);
1516 
1517 	free_path(&systemconf);
1518 	free_path(&keystorepath);
1519 	free_path(&certstorepath);
1520 	free_path(&truststorepath);
1521 	free_path(&bootconfpath);
1522 	free_path(&systemconfpath);
1523 	free_path(&urandompath);
1524 	free_path(&noncepath);
1525 	free_path(&hostspath);
1526 	free_path(&etc_hostspath);
1527 	free_path(&timestamppath);
1528 
1529 	return (ret);
1530 }
1531 
1532 static boolean_t
1533 miniroot_payload(const char *net, const char *cid, const char *docroot,
1534     char **rootpathp, char **rootinfop, boolean_t *https_rootserverp)
1535 {
1536 	boolean_t	ret = B_FALSE;
1537 	char		*root_server;
1538 	char		*root_file;
1539 	url_t		url;
1540 	struct stat	sbuf;
1541 	char		sizebuf[WBCGI_MAXBUF];
1542 	int		chars;
1543 	int		fd = -1;
1544 
1545 	if ((root_server = bootconf_get(&bc_handle, BC_ROOT_SERVER)) == NULL) {
1546 		print_status(500, "(root_server must be specified)");
1547 		goto cleanup;
1548 	}
1549 	if (url_parse(root_server, &url) != URL_PARSE_SUCCESS) {
1550 		print_status(500, "(root_server URL is invalid)");
1551 	}
1552 	*https_rootserverp = url.https;
1553 
1554 	if ((root_file = bootconf_get(&bc_handle, BC_ROOT_FILE)) == NULL) {
1555 		print_status(500, "(rootfile must be specified)");
1556 		goto cleanup;
1557 	}
1558 	if ((*rootpathp = make_path(docroot, root_file)) == NULL) {
1559 		goto cleanup;
1560 	}
1561 	if (!WBCGI_FILE_EXISTS(*rootpathp, sbuf)) {
1562 		print_status(500, "(root filesystem image missing)");
1563 		goto cleanup;
1564 	}
1565 
1566 	if ((*rootinfop = gen_tmppath("mrinfo", net, cid)) == NULL) {
1567 		goto cleanup;
1568 	}
1569 	if ((chars = snprintf(sizebuf, sizeof (sizebuf), "%ld",
1570 	    sbuf.st_size)) < 0 || chars > sizeof (sizebuf) ||
1571 	    (fd = open(*rootinfop,
1572 	    O_RDWR|O_CREAT|O_EXCL, S_IRUSR|S_IWUSR)) == -1 ||
1573 	    !write_buffer(fd, sizebuf, strlen(sizebuf))) {
1574 		print_status(500, "(error creating miniroot info file)");
1575 		goto cleanup;
1576 	}
1577 
1578 	ret = B_TRUE;
1579 cleanup:
1580 	if (fd != -1) {
1581 		(void) close(fd);
1582 	}
1583 
1584 	return (ret);
1585 }
1586 
1587 static boolean_t
1588 deliver_payload(const char *payload, const char *payload_hash)
1589 {
1590 	int		fd = fileno(stdout);
1591 	struct stat	payload_buf, hash_buf;
1592 	int		chars;
1593 	char		main_header[WBCGI_MAXBUF];
1594 	char		multi_header[WBCGI_MAXBUF];
1595 	char		multi_header1[WBCGI_MAXBUF];
1596 	char		multi_header2[WBCGI_MAXBUF];
1597 	char		multi_end[WBCGI_MAXBUF];
1598 	size_t		msglen;
1599 
1600 	if (!WBCGI_FILE_EXISTS(payload, payload_buf) ||
1601 	    !WBCGI_FILE_EXISTS(payload_hash, hash_buf)) {
1602 		print_status(500, "(payload/hash file(s) missing)");
1603 		return (B_FALSE);
1604 	}
1605 
1606 	/*
1607 	 * Multi-part header.
1608 	 */
1609 	if ((chars = snprintf(multi_header, sizeof (multi_header),
1610 	    "%s--%s%s%sapplication/octet-stream%s%s", WBCGI_CRNL,
1611 	    WBCGI_WANBOOT_BNDTXT, WBCGI_CRNL, WBCGI_CONTENT_TYPE, WBCGI_CRNL,
1612 	    WBCGI_CONTENT_LENGTH)) < 0 || chars > sizeof (multi_header)) {
1613 		print_status(500, "(error creating multi_header)");
1614 		return (B_FALSE);
1615 	}
1616 
1617 	/*
1618 	 * Multi-part header for part one.
1619 	 */
1620 	if ((chars = snprintf(multi_header1, sizeof (multi_header1),
1621 	    "%s%ld%s%s", multi_header, payload_buf.st_size, WBCGI_CRNL,
1622 	    WBCGI_CRNL)) < 0 || chars > sizeof (multi_header1)) {
1623 		print_status(500, "(error creating multi_header1)");
1624 		return (B_FALSE);
1625 	}
1626 
1627 	/*
1628 	 * Multi-part header for part two.
1629 	 */
1630 	if ((chars = snprintf(multi_header2, sizeof (multi_header2),
1631 	    "%s%ld%s%s", multi_header, hash_buf.st_size, WBCGI_CRNL,
1632 	    WBCGI_CRNL)) < 0 || chars > sizeof (multi_header2)) {
1633 		print_status(500, "(error creating multi_header2)");
1634 		return (B_FALSE);
1635 	}
1636 
1637 	/*
1638 	 * End-of-parts Trailer.
1639 	 */
1640 	if ((chars = snprintf(multi_end, sizeof (multi_end),
1641 	    "%s--%s--%s", WBCGI_CRNL, WBCGI_WANBOOT_BNDTXT,
1642 	    WBCGI_CRNL)) < 0 || chars > sizeof (multi_end)) {
1643 		print_status(500, "(error creating multi_end)");
1644 		return (B_FALSE);
1645 	}
1646 
1647 	/*
1648 	 * Message header.
1649 	 */
1650 	msglen = payload_buf.st_size +  hash_buf.st_size +
1651 	    strlen(multi_header1) + strlen(multi_header2) + strlen(multi_end);
1652 
1653 	if ((chars = snprintf(main_header, sizeof (main_header),
1654 	    "%s%u%s%smultipart/mixed; boundary=%s%s%s", WBCGI_CONTENT_LENGTH,
1655 	    msglen, WBCGI_CRNL, WBCGI_CONTENT_TYPE, WBCGI_WANBOOT_BNDTXT,
1656 	    WBCGI_CRNL, WBCGI_CRNL)) < 0 || chars > sizeof (main_header)) {
1657 		print_status(500, "(error creating main_header)");
1658 		return (B_FALSE);
1659 	}
1660 
1661 	/*
1662 	 * Write the message out.  If things fall apart during this then
1663 	 * there's no way to report the error back to the client.
1664 	 */
1665 	if (!write_buffer(fd, main_header, strlen(main_header)) ||
1666 	    !write_buffer(fd, multi_header1, strlen(multi_header1)) ||
1667 	    !write_file(fd, payload, payload_buf.st_size) ||
1668 	    !write_buffer(fd, multi_header2, strlen(multi_header2)) ||
1669 	    !write_file(fd, payload_hash, hash_buf.st_size) ||
1670 	    !write_buffer(fileno(stdout), multi_end, strlen(multi_end))) {
1671 		return (B_FALSE);
1672 	}
1673 
1674 	return (B_TRUE);
1675 }
1676 
1677 
1678 /*ARGSUSED*/
1679 int
1680 main(int argc, char **argv)
1681 {
1682 	int		ret = WBCGI_STATUS_ERR;
1683 	struct stat	sbuf;
1684 	int		content;
1685 	char		*net;
1686 	char		*cid;
1687 	char		*nonce;
1688 	char		*docroot;
1689 	char		*payload;
1690 	char		*signature_type;
1691 	char		*encryption_type;
1692 	char		*bootconf = NULL;
1693 	char		*keyfile = NULL;
1694 	char		*bootpath = NULL;
1695 	char		*wanbootfs_image = NULL;
1696 	char		*rootpath = NULL;
1697 	char		*miniroot_info = NULL;
1698 	char		*encr_payload = NULL;
1699 	char		*payload_hash = NULL;
1700 	boolean_t	https_rootserver;
1701 
1702 	/*
1703 	 * Process the query string.
1704 	 */
1705 	if (!get_request_info(&content, &net, &cid, &nonce, &docroot)) {
1706 		goto cleanup;
1707 	}
1708 
1709 	/*
1710 	 * Sanity check that the netboot directory exists.
1711 	 */
1712 	if (!WBCGI_DIR_EXISTS(NB_NETBOOT_ROOT, sbuf)) {
1713 		print_status(500, "(" NB_NETBOOT_ROOT " does not exist)");
1714 		goto cleanup;
1715 	}
1716 
1717 	/*
1718 	 * Get absolute bootconf pathname.
1719 	 */
1720 	if (netboot_ftw(NB_WANBOOT_CONF, net, cid,
1721 	    set_pathname, &bootconf) != WBCGI_FTW_CBOK) {
1722 		print_status(500, "(wanboot.conf not found)");
1723 		goto cleanup;
1724 	}
1725 
1726 	/*
1727 	 * Initialize bc_handle from the given wanboot.conf file.
1728 	 */
1729 	if (bootconf_init(&bc_handle, bootconf) != BC_SUCCESS) {
1730 		char	message[WBCGI_MAXBUF];
1731 		int	chars;
1732 
1733 		chars = snprintf(message, sizeof (message),
1734 		    "(wanboot.conf error: %s)", bootconf_errmsg(&bc_handle));
1735 		if (chars > 0 && chars < sizeof (message))
1736 			print_status(500, message);
1737 		else
1738 			print_status(500, "(wanboot.conf error)");
1739 		goto cleanup;
1740 	}
1741 
1742 	/*
1743 	 * Get and check signature and encryption types,
1744 	 * presence of helper utilities, keystore, etc.
1745 	 */
1746 	if ((signature_type = bootconf_get(&bc_handle,
1747 	    BC_SIGNATURE_TYPE)) != NULL) {
1748 		if (!WBCGI_FILE_EXISTS(WBCGI_HMAC_PATH, sbuf)) {
1749 			print_status(500, "(hmac utility not found)");
1750 			goto cleanup;
1751 		}
1752 		if (keyfile == NULL && netboot_ftw(NB_CLIENT_KEY, net, cid,
1753 		    set_pathname, &keyfile) != WBCGI_FTW_CBOK) {
1754 			print_status(500, "(keystore not found)");
1755 			goto cleanup;
1756 		}
1757 		if (!check_key_type(keyfile, signature_type, WBKU_HASH_KEY)) {
1758 			print_status(500, "(hash key not found)");
1759 			goto cleanup;
1760 		}
1761 	}
1762 	if ((encryption_type = bootconf_get(&bc_handle,
1763 	    BC_ENCRYPTION_TYPE)) != NULL) {
1764 		if (signature_type == NULL) {
1765 			print_status(500, "(encrypted but not signed)");
1766 			goto cleanup;
1767 		}
1768 		if (!WBCGI_FILE_EXISTS(WBCGI_ENCR_PATH, sbuf)) {
1769 			print_status(500, "(encr utility not found)");
1770 			goto cleanup;
1771 		}
1772 		if (keyfile == NULL && netboot_ftw(NB_CLIENT_KEY, net, cid,
1773 		    set_pathname, &keyfile) != WBCGI_FTW_CBOK) {
1774 			print_status(500, "(keystore not found)");
1775 			goto cleanup;
1776 		}
1777 		if (!check_key_type(keyfile, encryption_type, WBKU_ENCR_KEY)) {
1778 			print_status(500, "(encr key not found)");
1779 			goto cleanup;
1780 		}
1781 	}
1782 
1783 	/*
1784 	 * Determine/create our payload.
1785 	 */
1786 	switch (content) {
1787 	case WBCGI_CONTENT_BOOTFILE:
1788 		if (!bootfile_payload(docroot, &bootpath)) {
1789 			goto cleanup;
1790 		}
1791 		payload = bootpath;
1792 
1793 		break;
1794 
1795 	case WBCGI_CONTENT_BOOTFS:
1796 		if (!wanbootfs_payload(net, cid, nonce,
1797 		    bootconf, &wanbootfs_image)) {
1798 			goto cleanup;
1799 		}
1800 		payload = wanbootfs_image;
1801 
1802 		break;
1803 
1804 	case WBCGI_CONTENT_ROOTFS:
1805 		if (!miniroot_payload(net, cid, docroot,
1806 		    &rootpath, &miniroot_info, &https_rootserver)) {
1807 			goto cleanup;
1808 		}
1809 		payload = rootpath;
1810 
1811 		break;
1812 	}
1813 
1814 	/*
1815 	 * Encrypt the payload if necessary.
1816 	 */
1817 	if (content != WBCGI_CONTENT_BOOTFILE &&
1818 	    content != WBCGI_CONTENT_ROOTFS &&
1819 	    encryption_type != NULL) {
1820 		if ((encr_payload = gen_tmppath("encr", net, cid)) == NULL) {
1821 			goto cleanup;
1822 		}
1823 
1824 		if (!encrypt_payload(payload, encr_payload, keyfile,
1825 		    encryption_type)) {
1826 			goto cleanup;
1827 		}
1828 
1829 		payload = encr_payload;
1830 	}
1831 
1832 	/*
1833 	 * Compute the hash (actual or null).
1834 	 */
1835 	if ((payload_hash = gen_tmppath("hash", net, cid)) == NULL) {
1836 		goto cleanup;
1837 	}
1838 
1839 	if (signature_type != NULL &&
1840 	    (content != WBCGI_CONTENT_ROOTFS || !https_rootserver)) {
1841 		if (!hash_payload(payload, payload_hash, keyfile)) {
1842 			goto cleanup;
1843 		}
1844 	} else {
1845 		if (!create_null_hash(payload_hash)) {
1846 			goto cleanup;
1847 		}
1848 	}
1849 
1850 	/*
1851 	 * For the rootfs the actual payload transmitted is the file
1852 	 * containing the size of the rootfs (as a string of ascii digits);
1853 	 * point payload at this instead.
1854 	 */
1855 	if (content == WBCGI_CONTENT_ROOTFS) {
1856 		payload = miniroot_info;
1857 	}
1858 
1859 	/*
1860 	 * Finally, deliver the payload and hash as a multipart message.
1861 	 */
1862 	if (!deliver_payload(payload, payload_hash)) {
1863 		goto cleanup;
1864 	}
1865 
1866 	ret = WBCGI_STATUS_OK;
1867 cleanup:
1868 	/*
1869 	 * Clean up temporary files.
1870 	 */
1871 	if (wanbootfs_image != NULL &&
1872 	    WBCGI_FILE_EXISTS(wanbootfs_image, sbuf)) {
1873 		(void) unlink(wanbootfs_image);
1874 	}
1875 	if (miniroot_info != NULL &&
1876 	    WBCGI_FILE_EXISTS(miniroot_info, sbuf)) {
1877 		(void) unlink(miniroot_info);
1878 	}
1879 	if (encr_payload != NULL &&
1880 	    WBCGI_FILE_EXISTS(encr_payload, sbuf)) {
1881 		(void) unlink(encr_payload);
1882 	}
1883 	if (payload_hash != NULL &&
1884 	    WBCGI_FILE_EXISTS(payload_hash, sbuf)) {
1885 		(void) unlink(payload_hash);
1886 	}
1887 
1888 	/*
1889 	 * Free up any allocated strings.
1890 	 */
1891 	free_path(&bootconf);
1892 	free_path(&keyfile);
1893 	free_path(&bootpath);
1894 	free_path(&wanbootfs_image);
1895 	free_path(&rootpath);
1896 	free_path(&miniroot_info);
1897 	free_path(&encr_payload);
1898 	free_path(&payload_hash);
1899 
1900 	bootconf_end(&bc_handle);
1901 
1902 	return (ret);
1903 }
1904