xref: /illumos-gate/usr/src/cmd/cmd-crypto/kmfcfg/install.c (revision 2a8bcb4e)

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 *
 * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#include <stdio.h>
#include <strings.h>
#include <ctype.h>
#include <libgen.h>
#include <libintl.h>
#include <errno.h>
#include <kmfapiP.h>
#include <sys/stat.h>
#include <sys/param.h>
#include <cryptoutil.h>
#include "util.h"

static int err; /* To store errno which may be overwritten by gettext() */

int
kc_install(int argc, char *argv[])
{
	int 		rv = KC_OK;
	int		opt;
	extern int	optind_av;
	extern char	*optarg_av;
	char 		*keystore_name = NULL;
	char 		*modulepath = NULL;
	char		*option_str = NULL;
	conf_entry_t	*entry = NULL;
	char		realpath[MAXPATHLEN];
	struct stat 	statbuf;
	FILE		*pfile = NULL;
	FILE		*pfile_tmp = NULL;
	char		tmpfile_name[MAXPATHLEN];
	int		found_count = 0;
	char		buffer[BUFSIZ];
	char		*ptr;
	boolean_t 	found;

	while ((opt = getopt_av(argc, argv, "k:(keystore)m:(modulepath)"
	    "o:(option)")) != EOF) {
		switch (opt) {
		case 'k':
			if (keystore_name != NULL)
				rv = KC_ERR_USAGE;
			else {
				keystore_name = get_string(optarg_av, &rv);
				if (keystore_name == NULL) {
					(void) fprintf(stderr, gettext(
					    "Error keystore input.\n"));
				}
			}
			break;
		case 'm':
			if (modulepath != NULL)
				rv = KC_ERR_USAGE;
			else {
				modulepath = get_string(optarg_av, &rv);
				if (modulepath == NULL) {
					(void) fprintf(stderr,
					    gettext("Error modulepath.\n"));
				}
			}
			break;
		case 'o':
			if (option_str != NULL) {
				rv = KC_ERR_USAGE;
			} else {
				option_str = get_string(optarg_av, &rv);
				if (option_str == NULL) {
					(void) fprintf(stderr,
					    gettext("Error option input.\n"));
				}
			}
			break;
		default:
			(void) fprintf(stderr,
			    gettext("Error input option.\n"));
			rv = KC_ERR_USAGE;
			break;
		}
		if (rv != KC_OK)
			goto out;
	}

	/* No additional args allowed. */
	argc -= optind_av;
	if (argc) {
		(void) fprintf(stderr,
		    gettext("Error input option\n"));
		rv = KC_ERR_USAGE;
		goto out;
	}

	if (keystore_name == NULL || modulepath == NULL) {
		(void) fprintf(stderr, gettext("Error input option\n"));
		rv = KC_ERR_USAGE;
		goto out;
	}

	if (strcasecmp(keystore_name, "nss") == 0 ||
	    strcasecmp(keystore_name, "pkcs11") == 0 ||
	    strcasecmp(keystore_name, "file") == 0) {
		(void) fprintf(stderr,
		    gettext("Can not use the built-in keystore name %s\n"),
		    keystore_name);
		rv = KC_ERR_USAGE;
		goto out;
	}

	entry = get_keystore_entry(keystore_name);
	if (entry != NULL) {
		(void) fprintf(stderr, gettext("%s exists already.\n"),
		    keystore_name);
		rv = KC_ERR_USAGE;
		goto out;
	}

	/*
	 * Find the absolute path of the module and check if it exists in
	 * the system.  If $ISA is in the path, will check the 32bit version
	 * only.
	 */
	if (strncmp(modulepath, "/", 1) != 0) {
		/*
		 * Only contain the base name; prepand it with
		 * KMF_PLUGIN_PATH
		 */
		(void) snprintf(realpath, MAXPATHLEN, "%s%s",
		    KMF_PLUGIN_PATH, modulepath);
	} else {
		char *buf = modulepath;
		char *isa;

		if ((isa = strstr(buf, PKCS11_ISA)) != NULL) {
			(void) strncpy(realpath, buf, isa - buf);
			isa += strlen(PKCS11_ISA) - 1;
			(void) strlcat(realpath, isa, MAXPATHLEN);
		} else {
			(void) strlcpy(realpath, modulepath, MAXPATHLEN);
		}
	}

	if (stat(realpath, &statbuf) != 0) {
		(void) fprintf(stderr, gettext("%s not found.\n"),
		    realpath);
		rv = KC_ERR_ACCESS;
		goto out;
	}

	if ((pfile = fopen(_PATH_KMF_CONF, "r+")) == NULL) {
		err = errno;
		(void) fprintf(stderr,
		    gettext("failed to update the configuration - %s\n"),
		    strerror(err));
		rv = KC_ERR_ACCESS;
		goto out;
	}

	if (lockf(fileno(pfile), F_TLOCK, 0) == -1) {
		err = errno;
		(void) fprintf(stderr,
		    gettext("failed to lock the configuration - %s\n"),
		    strerror(err));
		rv = KC_ERR_INSTALL;
		goto out;
	}

	/*
	 * Create a temporary file in the /etc/crypto directory.
	 */
	(void) strlcpy(tmpfile_name, CONF_TEMPFILE, sizeof (tmpfile_name));
	if (mkstemp(tmpfile_name) == -1) {
		err = errno;
		(void) fprintf(stderr,
		    gettext("failed to create a temporary file - %s\n"),
		    strerror(err));
		rv = KC_ERR_INSTALL;
		goto out;
	}

	if ((pfile_tmp = fopen(tmpfile_name, "w")) == NULL) {
		err = errno;
		(void) fprintf(stderr,
		    gettext("failed to open %s - %s\n"),
		    tmpfile_name, strerror(err));
		rv = KC_ERR_INSTALL;
		goto out;
	}

	/*
	 * Loop thru the config file. If the file was reserved within a
	 * package bracket, just uncomment it.  Other wise, append it at
	 * the end.  The resulting file will be saved in the temp file first.
	 */
	while (fgets(buffer, BUFSIZ, pfile) != NULL) {
		found = B_FALSE;
		if (buffer[0] == '#') {
			ptr = buffer;
			ptr++;
			while (*ptr == '#' || *ptr == ' ')
				ptr++;
			if (strncmp(keystore_name, ptr, strlen(keystore_name))
			    == 0) {
				found = B_TRUE;
				found_count++;
			}
		}

		if (found == B_FALSE) {
			if (fputs(buffer, pfile_tmp) == EOF) {
				rv = KC_ERR_INSTALL;
				goto out;
			}
		} else {
			if (found_count == 1) {
				if (fputs(ptr, pfile_tmp) == EOF) {
					rv = KC_ERR_INSTALL;
					goto out;
				}
			} else {
				/*
				 * Found a second entry with #keystore_name.
				 * This should not happen. The kmf.conf file
				 * is corrupted. Give a warning and skip
				 * this entry.
				 */
				(void) fprintf(stderr, gettext(
				    "(Warning) Found an additional reserved "
				    "entry for %s.\n"), keystore_name);
			}
		}
	}

	if (found_count == 0) {
		char buf[MAXPATHLEN];
		/*
		 * This entry was not in package before, append it to the
		 * end of the temp file.
		 */
		if (option_str == NULL)
			(void) snprintf(buf, MAXPATHLEN, "%s:%s%s\n",
			    keystore_name, CONF_MODULEPATH, modulepath);
		else
			(void) snprintf(buf, MAXPATHLEN, "%s:%s%s;%s%s\n",
			    keystore_name, CONF_MODULEPATH, modulepath,
			    CONF_OPTION, option_str);

		if (fputs(buf, pfile_tmp) == EOF) {
			err = errno;
			(void) fprintf(stderr, gettext(
			    "failed to write to %s: %s\n"), tmpfile_name,
			    strerror(err));
			rv = KC_ERR_INSTALL;
			goto out;
		}
	}

out:
	if (pfile != NULL)
		(void) fclose(pfile);

	if (rv != KC_OK && pfile_tmp != NULL)
		(void) unlink(tmpfile_name);

	if (pfile_tmp != NULL)
		(void) fclose(pfile_tmp);

	if (rv == KC_OK) {
		if (rename(tmpfile_name, _PATH_KMF_CONF) == -1) {
			err = errno;
			(void) fprintf(stderr, gettext(
			    "failed to update the configuration - %s"),
			    strerror(err));
			return (KC_ERR_INSTALL);
		}

		if (chmod(_PATH_KMF_CONF,
		    S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) == -1) {
			err = errno;
			(void) fprintf(stderr, gettext(
			    "failed to update the configuration - %s\n"),
			    strerror(err));
			return (KC_ERR_INSTALL);
		}
	}

	return (rv);
}