Print this page
6414175 kcf.conf's supportedlist not providing much usefulness
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.c
+++ new/usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 24 */
25 25
26 26
27 27 #include <fcntl.h>
28 28 #include <stdio.h>
29 29 #include <stdlib.h>
30 30 #include <strings.h>
31 31 #include <unistd.h>
32 32 #include <locale.h>
33 33 #include <libgen.h>
34 34 #include <sys/types.h>
35 35 #include <zone.h>
36 36 #include <sys/crypto/ioctladmin.h>
37 37 #include <cryptoutil.h>
38 38 #include "cryptoadm.h"
39 39
40 40 #define REQ_ARG_CNT 2
41 41
42 42 /* subcommand index */
43 43 enum subcommand_index {
44 44 CRYPTO_LIST,
45 45 CRYPTO_DISABLE,
46 46 CRYPTO_ENABLE,
47 47 CRYPTO_INSTALL,
48 48 CRYPTO_UNINSTALL,
49 49 CRYPTO_UNLOAD,
50 50 CRYPTO_REFRESH,
51 51 CRYPTO_START,
52 52 CRYPTO_STOP,
53 53 CRYPTO_HELP };
54 54
55 55 /*
56 56 * TRANSLATION_NOTE
57 57 * Command keywords are not to be translated.
58 58 */
59 59 static char *cmd_table[] = {
60 60 "list",
61 61 "disable",
62 62 "enable",
63 63 "install",
64 64 "uninstall",
65 65 "unload",
66 66 "refresh",
67 67 "start",
68 68 "stop",
69 69 "--help" };
70 70
71 71 /* provider type */
72 72 enum provider_type_index {
73 73 PROV_UEF_LIB,
74 74 PROV_KEF_SOFT,
75 75 PROV_KEF_HARD,
76 76 METASLOT,
77 77 PROV_BADNAME };
78 78
79 79 typedef struct {
80 80 char cp_name[MAXPATHLEN];
81 81 enum provider_type_index cp_type;
82 82 } cryptoadm_provider_t;
83 83
84 84 /*
85 85 * TRANSLATION_NOTE
86 86 * Operand keywords are not to be translated.
87 87 */
88 88 static const char *KN_PROVIDER = "provider=";
89 89 static const char *KN_MECH = "mechanism=";
90 90 static const char *KN_ALL = "all";
91 91 static const char *KN_TOKEN = "token=";
92 92 static const char *KN_SLOT = "slot=";
93 93 static const char *KN_DEFAULT_KS = "default-keystore";
94 94 static const char *KN_AUTO_KEY_MIGRATE = "auto-key-migrate";
95 95
96 96 /* static variables */
97 97 static boolean_t allflag = B_FALSE;
98 98 static boolean_t rndflag = B_FALSE;
99 99 static mechlist_t *mecharglist = NULL;
100 100
101 101 /* static functions */
102 102 static void usage(void);
103 103 static int get_provider_type(char *);
104 104 static int process_mech_operands(int, char **, boolean_t);
105 105 static int do_list(int, char **);
106 106 static int do_disable(int, char **);
107 107 static int do_enable(int, char **);
108 108 static int do_install(int, char **);
109 109 static int do_uninstall(int, char **);
110 110 static int do_unload(int, char **);
111 111 static int do_refresh(int);
112 112 static int do_start(int);
113 113 static int do_stop(int);
114 114 static int list_simple_for_all(boolean_t);
115 115 static int list_mechlist_for_all(boolean_t);
116 116 static int list_policy_for_all(void);
117 117
118 118 int
119 119 main(int argc, char *argv[])
120 120 {
121 121 char *subcmd;
122 122 int cmdnum;
123 123 int cmd_index = 0;
124 124 int rc = SUCCESS;
125 125
126 126 (void) setlocale(LC_ALL, "");
127 127
128 128 #if !defined(TEXT_DOMAIN) /* Should be defined by cc -D */
129 129 #define TEXT_DOMAIN "SYS_TEST" /* Use this only if it weren't */
130 130 #endif
131 131 (void) textdomain(TEXT_DOMAIN);
132 132
133 133 cryptodebug_init(basename(argv[0]));
134 134
135 135 if (argc < REQ_ARG_CNT) {
136 136 usage();
137 137 return (ERROR_USAGE);
138 138 }
139 139
140 140 /* get the subcommand index */
141 141 cmd_index = 0;
142 142 subcmd = argv[1];
143 143 cmdnum = sizeof (cmd_table)/sizeof (cmd_table[0]);
144 144
145 145 while ((cmd_index < cmdnum) &&
146 146 (strcmp(subcmd, cmd_table[cmd_index]) != 0)) {
147 147 cmd_index++;
148 148 }
149 149 if (cmd_index >= cmdnum) {
150 150 usage();
151 151 return (ERROR_USAGE);
152 152 }
153 153
154 154 /* do the subcommand */
155 155 switch (cmd_index) {
156 156 case CRYPTO_LIST:
157 157 rc = do_list(argc, argv);
158 158 break;
159 159 case CRYPTO_DISABLE:
160 160 rc = do_disable(argc, argv);
161 161 break;
162 162 case CRYPTO_ENABLE:
163 163 rc = do_enable(argc, argv);
164 164 break;
165 165 case CRYPTO_INSTALL:
166 166 rc = do_install(argc, argv);
167 167 break;
168 168 case CRYPTO_UNINSTALL:
169 169 rc = do_uninstall(argc, argv);
170 170 break;
171 171 case CRYPTO_UNLOAD:
172 172 rc = do_unload(argc, argv);
173 173 break;
174 174 case CRYPTO_REFRESH:
175 175 rc = do_refresh(argc);
176 176 break;
177 177 case CRYPTO_START:
178 178 rc = do_start(argc);
179 179 break;
180 180 case CRYPTO_STOP:
181 181 rc = do_stop(argc);
182 182 break;
183 183 case CRYPTO_HELP:
184 184 usage();
185 185 rc = SUCCESS;
186 186 break;
187 187 default: /* should not come here */
188 188 usage();
189 189 rc = ERROR_USAGE;
190 190 break;
191 191 }
192 192 return (rc);
193 193 }
194 194
195 195
196 196 static void
197 197 usage(void)
198 198 {
199 199 /*
200 200 * TRANSLATION_NOTE
201 201 * Command usage is not to be translated. Only the word "Usage:"
202 202 * along with localized expressions indicating what kind of value
203 203 * is expected for arguments.
204 204 */
205 205 (void) fprintf(stderr, gettext("Usage:\n"));
206 206 (void) fprintf(stderr,
207 207 " cryptoadm list [-mpv] [provider=<%s> | metaslot]"
208 208 " [mechanism=<%s>]\n",
209 209 gettext("provider-name"), gettext("mechanism-list"));
210 210 (void) fprintf(stderr,
211 211 " cryptoadm disable provider=<%s>"
212 212 " mechanism=<%s> | random | all\n",
213 213 gettext("provider-name"), gettext("mechanism-list"));
214 214 (void) fprintf(stderr,
215 215 " cryptoadm disable metaslot"
216 216 " [auto-key-migrate] [mechanism=<%s>]\n",
217 217 gettext("mechanism-list"));
218 218 (void) fprintf(stderr,
219 219 " cryptoadm enable provider=<%s>"
220 220 " mechanism=<%s> | random | all\n",
221 221 gettext("provider-name"), gettext("mechanism-list"));
222 222 (void) fprintf(stderr,
223 223 " cryptoadm enable metaslot [mechanism=<%s>]"
224 224 " [[token=<%s>] [slot=<%s>]"
225 225 " | [default-keystore]] | [auto-key-migrate]\n",
226 226 gettext("mechanism-list"), gettext("token-label"),
227 227 gettext("slot-description"));
228 228 (void) fprintf(stderr,
229 229 " cryptoadm install provider=<%s>\n",
230 230 gettext("provider-name"));
231 231 (void) fprintf(stderr,
232 232 " cryptoadm install provider=<%s> [mechanism=<%s>]\n",
233 233 gettext("provider-name"), gettext("mechanism-list"));
234 234 (void) fprintf(stderr,
235 235 " cryptoadm uninstall provider=<%s>\n",
236 236 gettext("provider-name"));
237 237 (void) fprintf(stderr,
238 238 " cryptoadm unload provider=<%s>\n",
239 239 gettext("provider-name"));
240 240 (void) fprintf(stderr,
|
↓ open down ↓ |
240 lines elided |
↑ open up ↑ |
241 241 " cryptoadm refresh\n"
242 242 " cryptoadm start\n"
243 243 " cryptoadm stop\n"
244 244 " cryptoadm --help\n");
245 245 }
246 246
247 247
248 248 /*
249 249 * Get the provider type. This function returns
250 250 * - PROV_UEF_LIB if provname contains an absolute path name
251 - * - PROV_KEF_SOFT if provname is a base name only
251 + * - PROV_KEF_SOFT if provname is a base name only (e.g., "aes").
252 252 * - PROV_KEF_HARD if provname contains one slash only and the slash is not
253 - * the 1st character.
253 + * the 1st character (e.g., "mca/0").
254 254 * - PROV_BADNAME otherwise.
255 255 */
256 256 static int
257 257 get_provider_type(char *provname)
258 258 {
259 259 char *pslash1;
260 260 char *pslash2;
261 261
262 262 if (provname == NULL) {
263 263 return (FAILURE);
264 264 }
265 265
266 266 if (provname[0] == '/') {
267 267 return (PROV_UEF_LIB);
268 268 } else if ((pslash1 = strchr(provname, SEP_SLASH)) == NULL) {
269 269 /* no slash */
270 270 return (PROV_KEF_SOFT);
271 271 } else {
272 272 pslash2 = strrchr(provname, SEP_SLASH);
273 273 if (pslash1 == pslash2) {
274 274 return (PROV_KEF_HARD);
275 275 } else {
276 276 return (PROV_BADNAME);
277 277 }
278 278 }
279 279 }
|
↓ open down ↓ |
16 lines elided |
↑ open up ↑ |
280 280
281 281 /*
282 282 * Get the provider structure. This function returns NULL if no valid
283 283 * provider= is found in argv[], otherwise a cryptoadm_provider_t is returned.
284 284 * If provider= is found but has no argument, then a cryptoadm_provider_t
285 285 * with cp_type = PROV_BADNAME is returned.
286 286 */
287 287 static cryptoadm_provider_t *
288 288 get_provider(int argc, char **argv)
289 289 {
290 - int c = 0;
291 - boolean_t found = B_FALSE;
292 - cryptoadm_provider_t *provider = NULL;
293 - char *provstr = NULL, *savstr;
294 - boolean_t is_metaslot = B_FALSE;
290 + int c = 0;
291 + boolean_t found = B_FALSE;
292 + cryptoadm_provider_t *provider = NULL;
293 + char *provstr = NULL, *savstr;
294 + boolean_t is_metaslot = B_FALSE;
295 295
296 296 while (!found && ++c < argc) {
297 297 if (strncmp(argv[c], METASLOT_KEYWORD,
298 298 strlen(METASLOT_KEYWORD)) == 0) {
299 299 is_metaslot = B_TRUE;
300 300 found = B_TRUE;
301 301 } else if (strncmp(argv[c], KN_PROVIDER,
302 302 strlen(KN_PROVIDER)) == 0 &&
303 303 strlen(argv[c]) > strlen(KN_PROVIDER)) {
304 304 if ((provstr = strdup(argv[c])) == NULL) {
305 305 int err = errno;
306 306 /*
307 307 * TRANSLATION_NOTE
308 308 * "get_provider" is a function name and should
309 309 * not be translated.
310 310 */
311 311 cryptoerror(LOG_STDERR, "get_provider: %s.",
312 312 strerror(err));
313 313 return (NULL);
314 314 }
315 315 found = B_TRUE;
316 316 }
317 317 }
318 318 if (!found)
319 319 return (NULL);
320 320
321 321 provider = malloc(sizeof (cryptoadm_provider_t));
322 322 if (provider == NULL) {
323 323 cryptoerror(LOG_STDERR, gettext("out of memory."));
324 324 if (provstr) {
325 325 free(provstr);
326 326 }
327 327 return (NULL);
328 328 }
329 329
330 330 if (is_metaslot) {
331 331 (void) strlcpy(provider->cp_name, METASLOT_KEYWORD,
332 332 strlen(METASLOT_KEYWORD));
333 333 provider->cp_type = METASLOT;
334 334 } else {
335 335
336 336 savstr = provstr;
337 337 (void) strtok(provstr, "=");
338 338 provstr = strtok(NULL, "=");
339 339 if (provstr == NULL) {
340 340 cryptoerror(LOG_STDERR, gettext("bad provider name."));
341 341 provider->cp_type = PROV_BADNAME;
342 342 free(savstr);
343 343 return (provider);
344 344 }
345 345
346 346 (void) strlcpy(provider->cp_name, provstr,
347 347 sizeof (provider->cp_name));
348 348 provider->cp_type = get_provider_type(provider->cp_name);
349 349
350 350 free(savstr);
351 351 }
352 352 return (provider);
353 353 }
354 354
355 355 /*
356 356 * Process the "feature" operands.
357 357 *
358 358 * "argc" and "argv" contain values specified on the command line.
359 359 * All other arguments are used for returning parsing results.
360 360 * If any of these arguments are NULL, that keyword is not expected,
361 361 * and FAILURE will be returned.
362 362 */
363 363 static int
364 364 process_metaslot_operands(int argc, char **argv, char **meta_ks_token,
365 365 char **meta_ks_slot, boolean_t *use_default,
366 366 boolean_t *auto_key_migrate_flag)
367 367 {
368 368 int c = 2;
369 369 int rc = SUCCESS;
370 370
371 371 while (++c < argc) {
372 372 if ((strncmp(argv[c], KN_MECH, strlen(KN_MECH)) == 0) &&
373 373 strlen(argv[c]) > strlen(KN_MECH)) {
374 374
375 375 /* process mechanism operands */
376 376 if ((rc = process_mech_operands(argc, argv, B_TRUE))
377 377 != SUCCESS) {
378 378 goto finish;
379 379 }
380 380
381 381 } else if ((strncmp(argv[c], KN_TOKEN,
382 382 strlen(KN_TOKEN)) == 0) &&
383 383 strlen(argv[c]) > strlen(KN_TOKEN)) {
384 384 if ((meta_ks_token) && (strtok(argv[c], "=") != NULL)) {
385 385 char *tmp;
386 386 if ((tmp = strtok(NULL, "=")) != NULL) {
387 387 *meta_ks_token = strdup(tmp);
388 388 } else {
389 389 return (FAILURE);
390 390 }
391 391 } else {
392 392 return (FAILURE);
393 393 }
394 394
395 395 } else if ((strncmp(argv[c], KN_SLOT,
396 396 strlen(KN_SLOT)) == 0) &&
397 397 strlen(argv[c]) > strlen(KN_SLOT)) {
398 398
399 399 if ((meta_ks_slot) && (strtok(argv[c], "=") != NULL)) {
400 400 char *tmp;
401 401 if ((tmp = strtok(NULL, "=")) != NULL) {
402 402 *meta_ks_slot = strdup(tmp);
403 403 } else {
404 404 return (FAILURE);
405 405 }
406 406 } else {
407 407 return (FAILURE);
408 408 }
409 409
410 410 } else if (strncmp(argv[c], KN_DEFAULT_KS,
411 411 strlen(KN_DEFAULT_KS)) == 0) {
412 412
413 413 if (use_default) {
414 414 *use_default = B_TRUE;
415 415 } else {
416 416 return (FAILURE);
417 417 }
418 418 } else if (strncmp(argv[c], KN_AUTO_KEY_MIGRATE,
419 419 strlen(KN_AUTO_KEY_MIGRATE)) == 0) {
420 420
421 421 if (auto_key_migrate_flag) {
422 422 *auto_key_migrate_flag = B_TRUE;
423 423 } else {
424 424 return (FAILURE);
425 425 }
426 426 } else {
427 427 return (FAILURE);
428 428 }
429 429 }
430 430 finish:
431 431 return (rc);
432 432 }
433 433
434 434 /*
435 435 * Process the "feature" operands.
436 436 */
437 437 static int
438 438 process_feature_operands(int argc, char **argv)
439 439 {
440 440 int c = 2;
441 441
442 442 while (++c < argc) {
443 443 if (strcmp(argv[c], KN_ALL) == 0) {
444 444 allflag = B_TRUE;
445 445 rndflag = B_TRUE; /* all includes random also. */
446 446 } else if (strcmp(argv[c], RANDOM) == 0) {
447 447 rndflag = B_TRUE;
448 448 }
449 449 }
|
↓ open down ↓ |
145 lines elided |
↑ open up ↑ |
450 450 return (SUCCESS);
451 451 }
452 452
453 453 /*
454 454 * Process the mechanism operands for the disable, enable and install
455 455 * subcommands. This function sets the static variable allflag to be B_TRUE
456 456 * if the keyword "all" is specified, otherwise builds a link list of the
457 457 * mechanism operands and save it in the static variable mecharglist.
458 458 *
459 459 * This function returns
460 - * ERROR_USAGE: mechanism operand is missing.
461 - * FAILURE: out of memory.
462 - * SUCCESS: otherwise.
460 + * ERROR_USAGE: mechanism operand is missing.
461 + * FAILURE: out of memory.
462 + * SUCCESS: otherwise.
463 463 */
464 464 static int
465 465 process_mech_operands(int argc, char **argv, boolean_t quiet)
466 466 {
467 - mechlist_t *pmech;
468 - mechlist_t *pcur = NULL;
469 - mechlist_t *phead = NULL;
470 - boolean_t found = B_FALSE;
471 - char *mechliststr = NULL;
472 - char *curmech = NULL;
473 - int c = -1;
474 - int rc = SUCCESS;
467 + mechlist_t *pmech;
468 + mechlist_t *pcur = NULL;
469 + mechlist_t *phead = NULL;
470 + boolean_t found = B_FALSE;
471 + char *mechliststr = NULL;
472 + char *curmech = NULL;
473 + int c = -1;
474 + int rc = SUCCESS;
475 475
476 476 while (!found && ++c < argc) {
477 477 if ((strncmp(argv[c], KN_MECH, strlen(KN_MECH)) == 0) &&
478 478 strlen(argv[c]) > strlen(KN_MECH)) {
479 479 found = B_TRUE;
480 480 }
481 481 }
482 482 if (!found) {
483 483 if (!quiet)
484 484 /*
485 485 * TRANSLATION_NOTE
486 486 * "mechanism" could be either a literal keyword
487 487 * and hence not to be translated, or a descriptive
488 488 * word and translatable. A choice was made to
489 489 * view it as a literal keyword.
490 490 */
491 491 cryptoerror(LOG_STDERR,
492 - gettext("the %s operand is missing.\n"),
493 - "mechanism");
492 + gettext("the %s operand is missing.\n"),
493 + "mechanism");
494 494 return (ERROR_USAGE);
495 495 }
496 496 (void) strtok(argv[c], "=");
497 497 mechliststr = strtok(NULL, "=");
498 498
499 499 if (strcmp(mechliststr, "all") == 0) {
500 500 allflag = B_TRUE;
501 501 mecharglist = NULL;
502 502 return (SUCCESS);
503 503 }
504 504
505 505 curmech = strtok(mechliststr, ",");
506 506 do {
507 507 if ((pmech = create_mech(curmech)) == NULL) {
508 508 rc = FAILURE;
509 509 break;
510 510 } else {
511 511 if (phead == NULL) {
512 512 phead = pcur = pmech;
513 513 } else {
514 514 pcur->next = pmech;
515 515 pcur = pmech;
516 516 }
517 517 }
518 518 } while ((curmech = strtok(NULL, ",")) != NULL);
519 519
520 520 if (rc == FAILURE) {
521 521 cryptoerror(LOG_STDERR, gettext("out of memory."));
522 522 free_mechlist(phead);
|
↓ open down ↓ |
19 lines elided |
↑ open up ↑ |
523 523 } else {
524 524 mecharglist = phead;
525 525 rc = SUCCESS;
526 526 }
527 527 return (rc);
528 528 }
529 529
530 530
531 531
532 532 /*
533 - * The top level function for the list subcommand and options.
533 + * The top level function for the "cryptoadm list" subcommand and options.
534 534 */
535 535 static int
536 536 do_list(int argc, char **argv)
537 537 {
538 - boolean_t mflag = B_FALSE;
539 - boolean_t pflag = B_FALSE;
540 - boolean_t vflag = B_FALSE;
541 - char ch;
542 - cryptoadm_provider_t *prov = NULL;
543 - int rc = SUCCESS;
538 + boolean_t mflag = B_FALSE;
539 + boolean_t pflag = B_FALSE;
540 + boolean_t vflag = B_FALSE;
541 + char ch;
542 + cryptoadm_provider_t *prov = NULL;
543 + int rc = SUCCESS;
544 544
545 545 argc -= 1;
546 546 argv += 1;
547 547
548 548 if (argc == 1) {
549 549 rc = list_simple_for_all(B_FALSE);
550 550 goto out;
551 551 }
552 552
553 553 /*
554 - * [-v] [-m] [-p] [provider=<>] [mechanism=<>]
554 + * cryptoadm list [-v] [-m] [-p] [provider=<>] [mechanism=<>]
555 555 */
556 556 if (argc > 5) {
557 557 usage();
558 558 return (rc);
559 559 }
560 560
561 561 while ((ch = getopt(argc, argv, "mpv")) != EOF) {
562 562 switch (ch) {
563 563 case 'm':
564 564 mflag = B_TRUE;
565 565 if (pflag) {
566 566 rc = ERROR_USAGE;
567 567 }
568 568 break;
569 569 case 'p':
570 570 pflag = B_TRUE;
571 571 if (mflag || vflag) {
572 572 rc = ERROR_USAGE;
573 573 }
574 574 break;
575 575 case 'v':
576 576 vflag = B_TRUE;
577 577 if (pflag)
578 578 rc = ERROR_USAGE;
579 579 break;
580 580 default:
581 581 rc = ERROR_USAGE;
582 582 break;
583 583 }
584 584 }
585 585
586 586 if (rc == ERROR_USAGE) {
587 587 usage();
588 588 return (rc);
589 589 }
590 590
591 591 if ((rc = process_feature_operands(argc, argv)) != SUCCESS) {
592 592 goto out;
593 593 }
594 594
595 595 prov = get_provider(argc, argv);
596 596
597 597 if (mflag || vflag) {
598 598 if (argc > 0) {
599 599 rc = process_mech_operands(argc, argv, B_TRUE);
600 600 if (rc == FAILURE)
601 601 goto out;
602 602 /* "-m" is implied when a mechanism list is given */
603 603 if (mecharglist != NULL || allflag)
604 604 mflag = B_TRUE;
605 605 }
606 606 }
607 607
608 608 if (prov == NULL) {
609 609 if (mflag) {
610 610 rc = list_mechlist_for_all(vflag);
611 611 } else if (pflag) {
612 612 rc = list_policy_for_all();
613 613 } else if (vflag) {
614 614 rc = list_simple_for_all(vflag);
615 615 }
616 616 } else if (prov->cp_type == METASLOT) {
617 617 if ((!mflag) && (!vflag) && (!pflag)) {
618 618 /* no flag is specified, just list metaslot status */
619 619 rc = list_metaslot_info(mflag, vflag, mecharglist);
620 620 } else if (mflag || vflag) {
621 621 rc = list_metaslot_info(mflag, vflag, mecharglist);
622 622 } else if (pflag) {
623 623 rc = list_metaslot_policy();
|
↓ open down ↓ |
59 lines elided |
↑ open up ↑ |
624 624 } else {
625 625 /* error message */
626 626 usage();
627 627 rc = ERROR_USAGE;
628 628 }
629 629 } else if (prov->cp_type == PROV_BADNAME) {
630 630 usage();
631 631 rc = ERROR_USAGE;
632 632 goto out;
633 633 } else { /* do the listing for a provider only */
634 + char *provname = prov->cp_name;
635 +
634 636 if (mflag || vflag) {
635 637 if (vflag)
636 638 (void) printf(gettext("Provider: %s\n"),
637 - prov->cp_name);
639 + provname);
638 640 switch (prov->cp_type) {
639 641 case PROV_UEF_LIB:
640 - rc = list_mechlist_for_lib(prov->cp_name,
641 - mecharglist, NULL, B_FALSE,
642 - vflag, mflag);
642 + rc = list_mechlist_for_lib(provname,
643 + mecharglist, NULL, B_FALSE, vflag, mflag);
643 644 break;
644 645 case PROV_KEF_SOFT:
645 - rc = list_mechlist_for_soft(prov->cp_name);
646 + rc = list_mechlist_for_soft(provname,
647 + NULL, NULL);
646 648 break;
647 649 case PROV_KEF_HARD:
648 - rc = list_mechlist_for_hard(prov->cp_name);
650 + rc = list_mechlist_for_hard(provname);
649 651 break;
650 652 default: /* should not come here */
651 653 rc = FAILURE;
652 654 break;
653 655 }
654 656 } else if (pflag) {
655 657 switch (prov->cp_type) {
656 658 case PROV_UEF_LIB:
657 - rc = list_policy_for_lib(prov->cp_name);
659 + rc = list_policy_for_lib(provname);
658 660 break;
659 661 case PROV_KEF_SOFT:
660 662 if (getzoneid() == GLOBAL_ZONEID) {
661 - rc = list_policy_for_soft(
662 - prov->cp_name);
663 + rc = list_policy_for_soft(provname,
664 + NULL, NULL);
663 665 } else {
664 666 /*
665 667 * TRANSLATION_NOTE
666 668 * "global" is keyword and not to
667 669 * be translated.
668 670 */
669 671 cryptoerror(LOG_STDERR, gettext(
670 672 "policy information for kernel "
671 673 "providers is available "
672 674 "in the %s zone only"), "global");
673 675 rc = FAILURE;
674 676 }
675 677 break;
676 678 case PROV_KEF_HARD:
677 679 if (getzoneid() == GLOBAL_ZONEID) {
678 680 rc = list_policy_for_hard(
679 - prov->cp_name);
681 + provname, NULL, NULL, NULL);
680 682 } else {
681 683 /*
682 684 * TRANSLATION_NOTE
683 685 * "global" is keyword and not to
684 686 * be translated.
685 687 */
686 688 cryptoerror(LOG_STDERR, gettext(
687 689 "policy information for kernel "
688 690 "providers is available "
689 691 "in the %s zone only"), "global");
690 692 rc = FAILURE;
691 693 }
692 694
693 695 break;
694 696 default: /* should not come here */
695 697 rc = FAILURE;
696 698 break;
697 699 }
698 700 } else {
699 701 /* error message */
700 702 usage();
701 703 rc = ERROR_USAGE;
702 704 }
703 705 }
704 706
705 707 out:
|
↓ open down ↓ |
16 lines elided |
↑ open up ↑ |
706 708 if (prov != NULL)
707 709 free(prov);
708 710
709 711 if (mecharglist != NULL)
710 712 free_mechlist(mecharglist);
711 713 return (rc);
712 714 }
713 715
714 716
715 717 /*
716 - * The top level function for the disable subcommand.
718 + * The top level function for the "cryptoadm disable" subcommand.
717 719 */
718 720 static int
719 721 do_disable(int argc, char **argv)
720 722 {
721 723 cryptoadm_provider_t *prov = NULL;
722 - int rc = SUCCESS;
723 - boolean_t auto_key_migrate_flag = B_FALSE;
724 + int rc = SUCCESS;
725 + boolean_t auto_key_migrate_flag = B_FALSE;
724 726
725 727 if ((argc < 3) || (argc > 5)) {
726 728 usage();
727 729 return (ERROR_USAGE);
728 730 }
729 731
730 732 prov = get_provider(argc, argv);
731 733 if (prov == NULL) {
732 734 usage();
733 735 return (ERROR_USAGE);
734 736 }
735 737 if (prov->cp_type == PROV_BADNAME) {
736 738 return (FAILURE);
737 739 }
738 740
739 741 if ((rc = process_feature_operands(argc, argv)) != SUCCESS) {
740 742 goto out;
741 743 }
742 744
743 745 /*
744 746 * If allflag or rndflag has already been set there is no reason to
|
↓ open down ↓ |
11 lines elided |
↑ open up ↑ |
745 747 * process mech=
746 748 */
747 749 if (prov->cp_type == METASLOT) {
748 750 if ((argc > 3) &&
749 751 (rc = process_metaslot_operands(argc, argv,
750 752 NULL, NULL, NULL, &auto_key_migrate_flag)) != SUCCESS) {
751 753 usage();
752 754 return (rc);
753 755 }
754 756 } else if (!allflag && !rndflag &&
755 - (rc = process_mech_operands(argc, argv, B_FALSE)) != SUCCESS) {
757 + (rc = process_mech_operands(argc, argv, B_FALSE)) != SUCCESS) {
756 758 return (rc);
757 759 }
758 760
759 761 switch (prov->cp_type) {
760 762 case METASLOT:
761 763 rc = disable_metaslot(mecharglist, allflag,
762 764 auto_key_migrate_flag);
763 765 break;
764 766 case PROV_UEF_LIB:
765 767 rc = disable_uef_lib(prov->cp_name, rndflag, allflag,
766 768 mecharglist);
767 769 break;
768 770 case PROV_KEF_SOFT:
769 771 if (rndflag && !allflag) {
770 772 if ((mecharglist = create_mech(RANDOM)) == NULL) {
771 773 rc = FAILURE;
772 774 break;
773 775 }
774 776 }
775 777 if (getzoneid() == GLOBAL_ZONEID) {
776 778 rc = disable_kef_software(prov->cp_name, rndflag,
777 779 allflag, mecharglist);
778 780 } else {
779 781 /*
780 782 * TRANSLATION_NOTE
781 783 * "disable" could be either a literal keyword
782 784 * and hence not to be translated, or a verb and
783 785 * translatable. A choice was made to view it as
784 786 * a literal keyword. "global" is keyword and not
785 787 * to be translated.
786 788 */
787 789 cryptoerror(LOG_STDERR, gettext("%1$s for kernel "
788 790 "providers is supported in the %2$s zone only"),
789 791 "disable", "global");
790 792 rc = FAILURE;
791 793 }
792 794 break;
793 795 case PROV_KEF_HARD:
794 796 if (rndflag && !allflag) {
795 797 if ((mecharglist = create_mech(RANDOM)) == NULL) {
796 798 rc = FAILURE;
797 799 break;
798 800 }
799 801 }
800 802 if (getzoneid() == GLOBAL_ZONEID) {
801 803 rc = disable_kef_hardware(prov->cp_name, rndflag,
802 804 allflag, mecharglist);
803 805 } else {
804 806 /*
805 807 * TRANSLATION_NOTE
806 808 * "disable" could be either a literal keyword
807 809 * and hence not to be translated, or a verb and
808 810 * translatable. A choice was made to view it as
809 811 * a literal keyword. "global" is keyword and not
810 812 * to be translated.
811 813 */
812 814 cryptoerror(LOG_STDERR, gettext("%1$s for kernel "
813 815 "providers is supported in the %2$s zone only"),
814 816 "disable", "global");
815 817 rc = FAILURE;
816 818 }
817 819 break;
818 820 default: /* should not come here */
819 821 rc = FAILURE;
820 822 break;
821 823 }
822 824
|
↓ open down ↓ |
57 lines elided |
↑ open up ↑ |
823 825 out:
824 826 free(prov);
825 827 if (mecharglist != NULL) {
826 828 free_mechlist(mecharglist);
827 829 }
828 830 return (rc);
829 831 }
830 832
831 833
832 834 /*
833 - * The top level function fo the enable subcommand.
835 + * The top level function for the "cryptoadm enable" subcommand.
834 836 */
835 837 static int
836 838 do_enable(int argc, char **argv)
837 839 {
838 - cryptoadm_provider_t *prov = NULL;
839 - int rc = SUCCESS;
840 - char *alt_token = NULL, *alt_slot = NULL;
841 - boolean_t use_default = B_FALSE, auto_key_migrate_flag = B_FALSE;
840 + cryptoadm_provider_t *prov = NULL;
841 + int rc = SUCCESS;
842 + char *alt_token = NULL, *alt_slot = NULL;
843 + boolean_t use_default = B_FALSE;
844 + boolean_t auto_key_migrate_flag = B_FALSE;
842 845
843 846 if ((argc < 3) || (argc > 6)) {
844 847 usage();
845 848 return (ERROR_USAGE);
846 849 }
847 850
848 851 prov = get_provider(argc, argv);
849 852 if (prov == NULL) {
850 853 usage();
851 854 return (ERROR_USAGE);
852 855 }
853 856 if ((prov->cp_type != METASLOT) && (argc != 4)) {
854 857 usage();
855 858 return (ERROR_USAGE);
856 859 }
857 860 if (prov->cp_type == PROV_BADNAME) {
858 861 rc = FAILURE;
859 862 goto out;
860 863 }
861 864
862 865
863 866 if (prov->cp_type == METASLOT) {
864 867 if ((rc = process_metaslot_operands(argc, argv, &alt_token,
865 868 &alt_slot, &use_default, &auto_key_migrate_flag))
866 869 != SUCCESS) {
867 870 usage();
868 871 goto out;
869 872 }
870 873 if ((alt_slot || alt_token) && use_default) {
871 874 usage();
872 875 rc = FAILURE;
873 876 goto out;
874 877 }
875 878 } else {
876 879 if ((rc = process_feature_operands(argc, argv)) != SUCCESS) {
877 880 goto out;
878 881 }
879 882
880 883 /*
881 884 * If allflag or rndflag has already been set there is
882 885 * no reason to process mech=
883 886 */
884 887 if (!allflag && !rndflag &&
885 888 (rc = process_mech_operands(argc, argv, B_FALSE))
886 889 != SUCCESS) {
887 890 goto out;
888 891 }
889 892 }
890 893
891 894 switch (prov->cp_type) {
892 895 case METASLOT:
893 896 rc = enable_metaslot(alt_token, alt_slot, use_default,
894 897 mecharglist, allflag, auto_key_migrate_flag);
895 898 break;
896 899 case PROV_UEF_LIB:
897 900 rc = enable_uef_lib(prov->cp_name, rndflag, allflag,
898 901 mecharglist);
899 902 break;
900 903 case PROV_KEF_SOFT:
901 904 case PROV_KEF_HARD:
902 905 if (rndflag && !allflag) {
903 906 if ((mecharglist = create_mech(RANDOM)) == NULL) {
904 907 rc = FAILURE;
905 908 break;
906 909 }
907 910 }
908 911 if (getzoneid() == GLOBAL_ZONEID) {
909 912 rc = enable_kef(prov->cp_name, rndflag, allflag,
910 913 mecharglist);
911 914 } else {
912 915 /*
913 916 * TRANSLATION_NOTE
914 917 * "enable" could be either a literal keyword
915 918 * and hence not to be translated, or a verb and
916 919 * translatable. A choice was made to view it as
917 920 * a literal keyword. "global" is keyword and not
918 921 * to be translated.
919 922 */
920 923 cryptoerror(LOG_STDERR, gettext("%1$s for kernel "
921 924 "providers is supported in the %2$s zone only"),
922 925 "enable", "global");
923 926 rc = FAILURE;
924 927 }
925 928 break;
926 929 default: /* should not come here */
927 930 rc = FAILURE;
928 931 break;
929 932 }
930 933 out:
931 934 free(prov);
932 935 if (mecharglist != NULL) {
933 936 free_mechlist(mecharglist);
934 937 }
935 938 if (alt_token != NULL) {
936 939 free(alt_token);
|
↓ open down ↓ |
85 lines elided |
↑ open up ↑ |
937 940 }
938 941 if (alt_slot != NULL) {
939 942 free(alt_slot);
940 943 }
941 944 return (rc);
942 945 }
943 946
944 947
945 948
946 949 /*
947 - * The top level function fo the install subcommand.
950 + * The top level function for the "cryptoadm install" subcommand.
948 951 */
949 952 static int
950 953 do_install(int argc, char **argv)
951 954 {
952 - cryptoadm_provider_t *prov = NULL;
955 + cryptoadm_provider_t *prov = NULL;
953 956 int rc;
954 957
955 958 if (argc < 3) {
956 959 usage();
957 960 return (ERROR_USAGE);
958 961 }
959 962
960 963 prov = get_provider(argc, argv);
961 964 if (prov == NULL ||
962 965 prov->cp_type == PROV_BADNAME || prov->cp_type == PROV_KEF_HARD) {
963 966 /*
964 967 * TRANSLATION_NOTE
965 968 * "install" could be either a literal keyword and hence
966 969 * not to be translated, or a verb and translatable. A
967 970 * choice was made to view it as a literal keyword.
968 971 */
969 972 cryptoerror(LOG_STDERR,
970 973 gettext("bad provider name for %s."), "install");
971 974 rc = FAILURE;
972 975 goto out;
973 976 }
974 977
975 978 if (prov->cp_type == PROV_UEF_LIB) {
976 979 rc = install_uef_lib(prov->cp_name);
977 980 goto out;
978 981 }
979 982
980 983 /* It is the PROV_KEF_SOFT type now */
981 984
982 985 /* check if there are mechanism operands */
983 986 if (argc < 4) {
984 987 /*
985 988 * TRANSLATION_NOTE
986 989 * "mechanism" could be either a literal keyword and hence
987 990 * not to be translated, or a descriptive word and
988 991 * translatable. A choice was made to view it as a literal
989 992 * keyword.
990 993 */
991 994 cryptoerror(LOG_STDERR,
992 995 gettext("need %s operands for installing a"
993 996 " kernel software provider."), "mechanism");
994 997 rc = ERROR_USAGE;
995 998 goto out;
996 999 }
997 1000
998 1001 if ((rc = process_mech_operands(argc, argv, B_FALSE)) != SUCCESS) {
999 1002 goto out;
1000 1003 }
1001 1004
1002 1005 if (allflag == B_TRUE) {
1003 1006 /*
1004 1007 * TRANSLATION_NOTE
1005 1008 * "all", "mechanism", and "install" are all keywords and
1006 1009 * not to be translated.
1007 1010 */
1008 1011 cryptoerror(LOG_STDERR,
1009 1012 gettext("can not use the %1$s keyword for %2$s "
1010 1013 "in the %3$s subcommand."), "all", "mechanism", "install");
1011 1014 rc = ERROR_USAGE;
1012 1015 goto out;
1013 1016 }
1014 1017
1015 1018 if (getzoneid() == GLOBAL_ZONEID) {
1016 1019 rc = install_kef(prov->cp_name, mecharglist);
1017 1020 } else {
1018 1021 /*
1019 1022 * TRANSLATION_NOTE
1020 1023 * "install" could be either a literal keyword and hence
1021 1024 * not to be translated, or a verb and translatable. A
1022 1025 * choice was made to view it as a literal keyword.
1023 1026 * "global" is keyword and not to be translated.
1024 1027 */
1025 1028 cryptoerror(LOG_STDERR, gettext("%1$s for kernel providers "
1026 1029 "is supported in the %2$s zone only"), "install", "global");
|
↓ open down ↓ |
64 lines elided |
↑ open up ↑ |
1027 1030 rc = FAILURE;
1028 1031 }
1029 1032 out:
1030 1033 free(prov);
1031 1034 return (rc);
1032 1035 }
1033 1036
1034 1037
1035 1038
1036 1039 /*
1037 - * The top level function for the uninstall subcommand.
1040 + * The top level function for the "cryptoadm uninstall" subcommand.
1038 1041 */
1039 1042 static int
1040 1043 do_uninstall(int argc, char **argv)
1041 1044 {
1042 - cryptoadm_provider_t *prov = NULL;
1045 + cryptoadm_provider_t *prov = NULL;
1043 1046 int rc = SUCCESS;
1044 1047
1045 1048 if (argc != 3) {
1046 1049 usage();
1047 1050 return (ERROR_USAGE);
1048 1051 }
1049 1052
1050 1053 prov = get_provider(argc, argv);
1051 1054 if (prov == NULL ||
1052 1055 prov->cp_type == PROV_BADNAME || prov->cp_type == PROV_KEF_HARD) {
1053 1056 /*
1054 1057 * TRANSLATION_NOTE
1055 1058 * "uninstall" could be either a literal keyword and hence
1056 1059 * not to be translated, or a verb and translatable. A
|
↓ open down ↓ |
4 lines elided |
↑ open up ↑ |
1057 1060 * choice was made to view it as a literal keyword.
1058 1061 */
1059 1062 cryptoerror(LOG_STDERR,
1060 1063 gettext("bad provider name for %s."), "uninstall");
1061 1064 free(prov);
1062 1065 return (FAILURE);
1063 1066 }
1064 1067
1065 1068 if (prov->cp_type == PROV_UEF_LIB) {
1066 1069 rc = uninstall_uef_lib(prov->cp_name);
1070 +
1067 1071 } else if (prov->cp_type == PROV_KEF_SOFT) {
1068 1072 if (getzoneid() == GLOBAL_ZONEID) {
1073 + /* unload and remove from kcf.conf */
1069 1074 rc = uninstall_kef(prov->cp_name);
1070 1075 } else {
1071 1076 /*
1072 1077 * TRANSLATION_NOTE
1073 1078 * "uninstall" could be either a literal keyword and
1074 1079 * hence not to be translated, or a verb and
1075 1080 * translatable. A choice was made to view it as a
1076 1081 * literal keyword. "global" is keyword and not to
1077 1082 * be translated.
1078 1083 */
1079 1084 cryptoerror(LOG_STDERR, gettext("%1$s for kernel "
1080 1085 "providers is supported in the %2$s zone only"),
1081 1086 "uninstall", "global");
|
↓ open down ↓ |
3 lines elided |
↑ open up ↑ |
1082 1087 rc = FAILURE;
1083 1088 }
1084 1089 }
1085 1090
1086 1091 free(prov);
1087 1092 return (rc);
1088 1093 }
1089 1094
1090 1095
1091 1096 /*
1092 - * The top level function for the unload subcommand.
1097 + * The top level function for the "cryptoadm unload" subcommand.
1093 1098 */
1094 1099 static int
1095 1100 do_unload(int argc, char **argv)
1096 1101 {
1097 - cryptoadm_provider_t *prov = NULL;
1098 - entry_t *pent;
1099 - boolean_t is_active;
1100 - int rc = SUCCESS;
1102 + cryptoadm_provider_t *prov = NULL;
1103 + entry_t *pent = NULL;
1104 + boolean_t in_kernel = B_FALSE;
1105 + int rc = SUCCESS;
1106 + char *provname = NULL;
1101 1107
1102 1108 if (argc != 3) {
1103 1109 usage();
1104 1110 return (ERROR_USAGE);
1105 1111 }
1106 1112
1107 1113 /* check if it is a kernel software provider */
1108 1114 prov = get_provider(argc, argv);
1109 1115 if (prov == NULL) {
1110 1116 cryptoerror(LOG_STDERR,
1111 1117 gettext("unable to determine provider name."));
1112 1118 goto out;
1113 1119 }
1120 + provname = prov->cp_name;
1114 1121 if (prov->cp_type != PROV_KEF_SOFT) {
1115 1122 cryptoerror(LOG_STDERR,
1116 1123 gettext("%s is not a valid kernel software provider."),
1117 - prov->cp_name);
1124 + provname);
1118 1125 rc = FAILURE;
1119 1126 goto out;
1120 1127 }
1121 1128
1122 1129 if (getzoneid() != GLOBAL_ZONEID) {
1123 1130 /*
1124 1131 * TRANSLATION_NOTE
1125 1132 * "unload" could be either a literal keyword and hence
1126 1133 * not to be translated, or a verb and translatable.
1127 1134 * A choice was made to view it as a literal keyword.
1128 1135 * "global" is keyword and not to be translated.
1129 1136 */
1130 1137 cryptoerror(LOG_STDERR, gettext("%1$s for kernel providers "
1131 1138 "is supported in the %2$s zone only"), "unload", "global");
1132 1139 rc = FAILURE;
1133 1140 goto out;
1134 1141 }
1135 1142
1136 - /* Check if it is in the kcf.conf file first */
1137 - if ((pent = getent_kef(prov->cp_name)) == NULL) {
1143 + if (check_kernel_for_soft(provname, NULL, &in_kernel) == FAILURE) {
1144 + cryptodebug("internal error");
1145 + rc = FAILURE;
1146 + goto out;
1147 + } else if (in_kernel == B_FALSE) {
1138 1148 cryptoerror(LOG_STDERR,
1139 - gettext("provider %s does not exist."), prov->cp_name);
1149 + gettext("provider %s is not loaded or does not exist."),
1150 + provname);
1140 1151 rc = FAILURE;
1141 1152 goto out;
1142 1153 }
1143 - free_entry(pent);
1144 1154
1155 + /* Get kcf.conf entry. If none, build a new entry */
1156 + if ((pent = getent_kef(provname, NULL, NULL)) == NULL) {
1157 + if ((pent = create_entry(provname)) == NULL) {
1158 + cryptoerror(LOG_STDERR, gettext("out of memory."));
1159 + rc = FAILURE;
1160 + goto out;
1161 + }
1162 + }
1163 +
1145 1164 /* If it is unloaded already, return */
1146 - if (check_active_for_soft(prov->cp_name, &is_active) == FAILURE) {
1147 - cryptodebug("internal error");
1165 + if (!pent->load) { /* unloaded already */
1148 1166 cryptoerror(LOG_STDERR,
1149 - gettext("failed to unload %s."), prov->cp_name);
1167 + gettext("failed to unload %s."), provname);
1150 1168 rc = FAILURE;
1151 1169 goto out;
1152 - }
1153 -
1154 - if (is_active == B_FALSE) { /* unloaded already */
1155 - rc = SUCCESS;
1156 - goto out;
1157 - } else if (unload_kef_soft(prov->cp_name, B_TRUE) == FAILURE) {
1170 + } else if (unload_kef_soft(provname) != FAILURE) {
1171 + /* Mark as unloaded in kcf.conf */
1172 + pent->load = B_FALSE;
1173 + rc = update_kcfconf(pent, MODIFY_MODE);
1174 + } else {
1158 1175 cryptoerror(LOG_STDERR,
1159 - gettext("failed to unload %s."), prov->cp_name);
1176 + gettext("failed to unload %s."), provname);
1160 1177 rc = FAILURE;
1161 - } else {
1162 - rc = SUCCESS;
1163 1178 }
1164 1179 out:
1165 1180 free(prov);
1181 + free_entry(pent);
1166 1182 return (rc);
1167 1183 }
1168 1184
1169 1185
1170 1186
1171 1187 /*
1172 - * The top level function for the refresh subcommand.
1188 + * The top level function for the "cryptoadm refresh" subcommand.
1173 1189 */
1174 1190 static int
1175 1191 do_refresh(int argc)
1176 1192 {
1177 1193 if (argc != 2) {
1178 1194 usage();
1179 1195 return (ERROR_USAGE);
1180 1196 }
1181 1197
1182 - /*
1183 - * Note: in non-global zone, this must silently return SUCCESS
1184 - * due to integration with SMF, for "svcadm refresh cryptosvc"
1185 - */
1186 - if (getzoneid() != GLOBAL_ZONEID)
1198 + if (getzoneid() == GLOBAL_ZONEID) {
1199 + return (refresh());
1200 + } else { /* non-global zone */
1201 + /*
1202 + * Note: in non-global zone, this must silently return SUCCESS
1203 + * due to integration with SMF, for "svcadm refresh cryptosvc"
1204 + */
1187 1205 return (SUCCESS);
1188 -
1189 - return (refresh());
1206 + }
1190 1207 }
1191 1208
1192 1209
1193 1210 /*
1194 - * The top level function for the start subcommand.
1211 + * The top level function for the "cryptoadm start" subcommand.
1195 1212 */
1196 1213 static int
1197 1214 do_start(int argc)
1198 1215 {
1199 1216 int ret;
1200 1217
1201 1218 if (argc != 2) {
1202 1219 usage();
1203 1220 return (ERROR_USAGE);
1204 1221 }
1205 1222
1206 1223 ret = do_refresh(argc);
1207 1224 if (ret != SUCCESS)
1208 1225 return (ret);
1209 1226
1210 1227 return (start_daemon());
1211 1228 }
1212 1229
1213 1230 /*
1214 - * The top level function for the stop subcommand.
1231 + * The top level function for the "cryptoadm stop" subcommand.
1215 1232 */
1216 1233 static int
1217 1234 do_stop(int argc)
1218 1235 {
1219 1236 if (argc != 2) {
1220 1237 usage();
1221 1238 return (ERROR_USAGE);
1222 1239 }
1223 1240
1224 1241 return (stop_daemon());
1225 1242 }
1226 1243
1227 1244
1228 1245
1229 1246 /*
1230 - * List all the providers.
1247 + * Print a list all the the providers.
1248 + * Called for "cryptoadm list" or "cryptoadm list -v" (no -m or -p).
1231 1249 */
1232 1250 static int
1233 1251 list_simple_for_all(boolean_t verbose)
1234 1252 {
1235 - uentrylist_t *pliblist;
1236 - uentrylist_t *plibptr;
1237 - entrylist_t *pdevlist_conf;
1238 - entrylist_t *psoftlist_conf;
1239 - entrylist_t *pdevlist_zone;
1240 - entrylist_t *psoftlist_zone;
1241 - entrylist_t *ptr;
1253 + uentrylist_t *pliblist = NULL;
1254 + uentrylist_t *plibptr = NULL;
1255 + entry_t *pent = NULL;
1242 1256 crypto_get_dev_list_t *pdevlist_kernel = NULL;
1243 - boolean_t is_active;
1244 - int ru = SUCCESS;
1245 - int rs = SUCCESS;
1246 - int rd = SUCCESS;
1247 - int i;
1257 + int rc = SUCCESS;
1258 + int i;
1248 1259
1249 1260 /* get user-level providers */
1250 1261 (void) printf(gettext("\nUser-level providers:\n"));
1251 1262 if (get_pkcs11conf_info(&pliblist) != SUCCESS) {
1252 1263 cryptoerror(LOG_STDERR, gettext(
1253 1264 "failed to retrieve the list of user-level providers."));
1254 - ru = FAILURE;
1265 + rc = FAILURE;
1255 1266 }
1256 - plibptr = pliblist;
1257 - while (plibptr != NULL) {
1267 +
1268 + for (plibptr = pliblist; plibptr != NULL; plibptr = plibptr->next) {
1258 1269 if (strcmp(plibptr->puent->name, METASLOT_KEYWORD) != 0) {
1259 1270 (void) printf(gettext("Provider: %s\n"),
1260 1271 plibptr->puent->name);
1261 1272 if (verbose) {
1262 1273 (void) list_mechlist_for_lib(
1263 1274 plibptr->puent->name, mecharglist, NULL,
1264 1275 B_FALSE, verbose, B_FALSE);
1265 1276 (void) printf("\n");
1266 1277 }
1267 1278 }
1268 - plibptr = plibptr->next;
1269 1279 }
1270 1280 free_uentrylist(pliblist);
1271 1281
1272 1282 /* get kernel software providers */
1273 1283 (void) printf(gettext("\nKernel software providers:\n"));
1274 1284
1275 1285 if (getzoneid() == GLOBAL_ZONEID) {
1276 - /* use kcf.conf for kernel software providers in global zone */
1277 - pdevlist_conf = NULL;
1278 - psoftlist_conf = NULL;
1286 + /* get kernel software providers from kernel ioctl */
1287 + crypto_get_soft_list_t *psoftlist_kernel = NULL;
1288 + uint_t sl_soft_count;
1289 + char *psoftname;
1290 + entrylist_t *pdevlist_conf = NULL;
1291 + entrylist_t *psoftlist_conf = NULL;
1279 1292
1280 - if (get_kcfconf_info(&pdevlist_conf, &psoftlist_conf) !=
1281 - SUCCESS) {
1282 - cryptoerror(LOG_STDERR,
1283 - gettext("failed to retrieve the "
1284 - "list of kernel software providers.\n"));
1285 - rs = FAILURE;
1286 - }
1293 + if (get_soft_list(&psoftlist_kernel) == FAILURE) {
1294 + cryptoerror(LOG_ERR, gettext("Failed to retrieve the "
1295 + "software provider list from kernel."));
1296 + rc = FAILURE;
1297 + } else {
1298 + sl_soft_count = psoftlist_kernel->sl_soft_count;
1287 1299
1288 - ptr = psoftlist_conf;
1289 - while (ptr != NULL) {
1290 - if (check_active_for_soft(ptr->pent->name, &is_active)
1300 + if (get_kcfconf_info(&pdevlist_conf, &psoftlist_conf)
1291 1301 == FAILURE) {
1292 - rs = FAILURE;
1293 - cryptoerror(LOG_STDERR, gettext("failed to "
1294 - "get the state of a kernel software "
1295 - "providers.\n"));
1296 - break;
1297 - }
1298 -
1299 - (void) printf("\t%s", ptr->pent->name);
1300 - if (is_active == B_FALSE) {
1301 - (void) printf(gettext(" (inactive)\n"));
1302 + cryptoerror(LOG_ERR,
1303 + "failed to retrieve the providers' "
1304 + "information from file kcf.conf - %s.",
1305 + _PATH_KCF_CONF);
1306 + free(psoftlist_kernel);
1307 + rc = FAILURE;
1302 1308 } else {
1303 - (void) printf("\n");
1309 +
1310 + for (i = 0,
1311 + psoftname = psoftlist_kernel->sl_soft_names;
1312 + i < sl_soft_count;
1313 + ++i, psoftname += strlen(psoftname) + 1) {
1314 + pent = getent_kef(psoftname,
1315 + pdevlist_conf, psoftlist_conf);
1316 + (void) printf("\t%s%s\n", psoftname,
1317 + (pent == NULL) || (pent->load) ?
1318 + "" : gettext(" (inactive)"));
1319 + }
1320 + free_entrylist(pdevlist_conf);
1321 + free_entrylist(psoftlist_conf);
1304 1322 }
1305 - ptr = ptr->next;
1323 + free(psoftlist_kernel);
1306 1324 }
1307 1325
1308 - free_entrylist(pdevlist_conf);
1309 - free_entrylist(psoftlist_conf);
1310 1326 } else {
1311 1327 /* kcf.conf not there in non-global zone, use /dev/cryptoadm */
1312 - pdevlist_zone = NULL;
1313 - psoftlist_zone = NULL;
1328 + entrylist_t *pdevlist_zone = NULL;
1329 + entrylist_t *psoftlist_zone = NULL;
1330 + entrylist_t *ptr;
1314 1331
1315 1332 if (get_admindev_info(&pdevlist_zone, &psoftlist_zone) !=
1316 1333 SUCCESS) {
1317 1334 cryptoerror(LOG_STDERR,
1318 1335 gettext("failed to retrieve the "
1319 1336 "list of kernel software providers.\n"));
1320 - rs = FAILURE;
1337 + rc = FAILURE;
1321 1338 }
1322 1339
1323 1340 ptr = psoftlist_zone;
1324 1341 while (ptr != NULL) {
1325 1342 (void) printf("\t%s\n", ptr->pent->name);
1326 1343 ptr = ptr->next;
1327 1344 }
1328 1345
1329 1346 free_entrylist(pdevlist_zone);
1330 1347 free_entrylist(psoftlist_zone);
1331 1348 }
1332 1349
1333 1350 /* get kernel hardware providers */
1334 1351 (void) printf(gettext("\nKernel hardware providers:\n"));
1335 1352 if (get_dev_list(&pdevlist_kernel) == FAILURE) {
1336 1353 cryptoerror(LOG_STDERR, gettext("failed to retrieve "
1337 1354 "the list of kernel hardware providers.\n"));
1338 - rd = FAILURE;
1355 + rc = FAILURE;
1339 1356 } else {
1340 1357 for (i = 0; i < pdevlist_kernel->dl_dev_count; i++) {
1341 1358 (void) printf("\t%s/%d\n",
1342 1359 pdevlist_kernel->dl_devs[i].le_dev_name,
1343 1360 pdevlist_kernel->dl_devs[i].le_dev_instance);
1344 1361 }
1345 1362 }
1346 1363 free(pdevlist_kernel);
1347 1364
1348 - if (ru == FAILURE || rs == FAILURE || rd == FAILURE) {
1349 - return (FAILURE);
1350 - } else {
1351 - return (SUCCESS);
1352 - }
1365 + return (rc);
1353 1366 }
1354 1367
1355 1368
1356 1369
1357 1370 /*
1358 1371 * List all the providers. And for each provider, list the mechanism list.
1372 + * Called for "cryptoadm list -m" or "cryptoadm list -mv" .
1359 1373 */
1360 1374 static int
1361 1375 list_mechlist_for_all(boolean_t verbose)
1362 1376 {
1363 - crypto_get_dev_list_t *pdevlist_kernel;
1364 - uentrylist_t *pliblist;
1365 - uentrylist_t *plibptr;
1366 - entrylist_t *pdevlist_conf;
1367 - entrylist_t *psoftlist_conf;
1368 - entrylist_t *pdevlist_zone;
1369 - entrylist_t *psoftlist_zone;
1370 - entrylist_t *ptr;
1371 - mechlist_t *pmechlist;
1372 - boolean_t is_active;
1373 - char provname[MAXNAMELEN];
1374 - char devname[MAXNAMELEN];
1375 - int inst_num;
1376 - int count;
1377 - int i;
1378 - int rv;
1379 - int rc = SUCCESS;
1377 + crypto_get_dev_list_t *pdevlist_kernel = NULL;
1378 + uentrylist_t *pliblist = NULL;
1379 + uentrylist_t *plibptr = NULL;
1380 + entry_t *pent = NULL;
1381 + mechlist_t *pmechlist = NULL;
1382 + char provname[MAXNAMELEN];
1383 + char devname[MAXNAMELEN];
1384 + int inst_num;
1385 + int count;
1386 + int i;
1387 + int rv;
1388 + int rc = SUCCESS;
1380 1389
1381 1390 /* get user-level providers */
1382 1391 (void) printf(gettext("\nUser-level providers:\n"));
1383 1392 /*
1384 1393 * TRANSLATION_NOTE
1385 1394 * Strictly for appearance's sake, this line should be as long as
1386 1395 * the length of the translated text above.
1387 1396 */
1388 1397 (void) printf(gettext("=====================\n"));
1389 1398 if (get_pkcs11conf_info(&pliblist) != SUCCESS) {
1390 1399 cryptoerror(LOG_STDERR, gettext("failed to retrieve "
1391 1400 "the list of user-level providers.\n"));
1392 1401 rc = FAILURE;
1393 1402 }
1394 1403
1395 1404 plibptr = pliblist;
1396 1405 while (plibptr != NULL) {
1397 1406 /* skip metaslot entry */
1398 1407 if (strcmp(plibptr->puent->name, METASLOT_KEYWORD) != 0) {
1399 1408 (void) printf(gettext("\nProvider: %s\n"),
1400 1409 plibptr->puent->name);
1401 1410 rv = list_mechlist_for_lib(plibptr->puent->name,
1402 1411 mecharglist, NULL, B_FALSE, verbose, B_TRUE);
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
1403 1412 if (rv == FAILURE) {
1404 1413 rc = FAILURE;
1405 1414 }
1406 1415 }
1407 1416 plibptr = plibptr->next;
1408 1417 }
1409 1418 free_uentrylist(pliblist);
1410 1419
1411 1420 /* get kernel software providers */
1412 1421 (void) printf(gettext("\nKernel software providers:\n"));
1422 +
1413 1423 /*
1414 1424 * TRANSLATION_NOTE
1415 1425 * Strictly for appearance's sake, this line should be as long as
1416 1426 * the length of the translated text above.
1417 1427 */
1418 1428 (void) printf(gettext("==========================\n"));
1419 1429 if (getzoneid() == GLOBAL_ZONEID) {
1420 - /* use kcf.conf for kernel software providers in global zone */
1421 - pdevlist_conf = NULL;
1422 - psoftlist_conf = NULL;
1430 + /* get kernel software providers from kernel ioctl */
1431 + crypto_get_soft_list_t *psoftlist_kernel = NULL;
1432 + uint_t sl_soft_count;
1433 + char *psoftname;
1434 + int i;
1435 + entrylist_t *pdevlist_conf = NULL;
1436 + entrylist_t *psoftlist_conf = NULL;
1423 1437
1424 - if (get_kcfconf_info(&pdevlist_conf, &psoftlist_conf) !=
1425 - SUCCESS) {
1426 - cryptoerror(LOG_STDERR, gettext("failed to retrieve "
1427 - "the list of kernel software providers.\n"));
1428 - rc = FAILURE;
1438 + if (get_soft_list(&psoftlist_kernel) == FAILURE) {
1439 + cryptoerror(LOG_ERR, gettext("Failed to retrieve the "
1440 + "software provider list from kernel."));
1441 + return (FAILURE);
1429 1442 }
1443 + sl_soft_count = psoftlist_kernel->sl_soft_count;
1430 1444
1431 - ptr = psoftlist_conf;
1432 - while (ptr != NULL) {
1433 - if (check_active_for_soft(ptr->pent->name, &is_active)
1434 - == SUCCESS) {
1435 - if (is_active) {
1436 - rv = list_mechlist_for_soft(
1437 - ptr->pent->name);
1438 - if (rv == FAILURE) {
1439 - rc = FAILURE;
1440 - }
1441 - } else {
1442 - (void) printf(gettext(
1443 - "%s: (inactive)\n"),
1444 - ptr->pent->name);
1445 + if (get_kcfconf_info(&pdevlist_conf, &psoftlist_conf)
1446 + == FAILURE) {
1447 + cryptoerror(LOG_ERR,
1448 + "failed to retrieve the providers' "
1449 + "information from file kcf.conf - %s.",
1450 + _PATH_KCF_CONF);
1451 + free(psoftlist_kernel);
1452 + return (FAILURE);
1453 + }
1454 +
1455 + for (i = 0, psoftname = psoftlist_kernel->sl_soft_names;
1456 + i < sl_soft_count;
1457 + ++i, psoftname += strlen(psoftname) + 1) {
1458 + pent = getent_kef(psoftname, pdevlist_conf,
1459 + psoftlist_conf);
1460 + if ((pent == NULL) || (pent->load)) {
1461 + rv = list_mechlist_for_soft(psoftname,
1462 + NULL, NULL);
1463 + if (rv == FAILURE) {
1464 + rc = FAILURE;
1445 1465 }
1446 1466 } else {
1447 - /* should not happen */
1448 - (void) printf(gettext(
1449 - "%s: failed to get the mechanism list.\n"),
1450 - ptr->pent->name);
1451 - rc = FAILURE;
1467 + (void) printf(gettext("%s: (inactive)\n"),
1468 + psoftname);
1452 1469 }
1453 - ptr = ptr->next;
1454 1470 }
1455 1471
1472 + free(psoftlist_kernel);
1456 1473 free_entrylist(pdevlist_conf);
1457 1474 free_entrylist(psoftlist_conf);
1475 +
1458 1476 } else {
1459 1477 /* kcf.conf not there in non-global zone, use /dev/cryptoadm */
1460 - pdevlist_zone = NULL;
1461 - psoftlist_zone = NULL;
1478 + entrylist_t *pdevlist_zone = NULL;
1479 + entrylist_t *psoftlist_zone = NULL;
1480 + entrylist_t *ptr;
1462 1481
1463 1482 if (get_admindev_info(&pdevlist_zone, &psoftlist_zone) !=
1464 1483 SUCCESS) {
1465 1484 cryptoerror(LOG_STDERR, gettext("failed to retrieve "
1466 1485 "the list of kernel software providers.\n"));
1467 1486 rc = FAILURE;
1468 1487 }
1469 1488
1470 - ptr = psoftlist_zone;
1471 - while (ptr != NULL) {
1472 - rv = list_mechlist_for_soft(ptr->pent->name);
1489 + for (ptr = psoftlist_zone; ptr != NULL; ptr = ptr->next) {
1490 + rv = list_mechlist_for_soft(ptr->pent->name,
1491 + pdevlist_zone, psoftlist_zone);
1473 1492 if (rv == FAILURE) {
1474 1493 (void) printf(gettext(
1475 1494 "%s: failed to get the mechanism list.\n"),
1476 1495 ptr->pent->name);
1477 1496 rc = FAILURE;
1478 1497 }
1479 - ptr = ptr->next;
1480 1498 }
1481 1499
1482 1500 free_entrylist(pdevlist_zone);
1483 1501 free_entrylist(psoftlist_zone);
1484 1502 }
1485 1503
1486 1504 /* Get kernel hardware providers and their mechanism lists */
1487 1505 (void) printf(gettext("\nKernel hardware providers:\n"));
1488 1506 /*
1489 1507 * TRANSLATION_NOTE
1490 1508 * Strictly for appearance's sake, this line should be as long as
1491 1509 * the length of the translated text above.
1492 1510 */
1493 1511 (void) printf(gettext("==========================\n"));
1494 1512 if (get_dev_list(&pdevlist_kernel) != SUCCESS) {
1495 1513 cryptoerror(LOG_STDERR, gettext("failed to retrieve "
1496 1514 "the list of hardware providers.\n"));
1497 1515 return (FAILURE);
1498 1516 }
1499 1517
1500 1518 for (i = 0; i < pdevlist_kernel->dl_dev_count; i++) {
1501 1519 (void) strlcpy(devname,
1502 1520 pdevlist_kernel->dl_devs[i].le_dev_name, MAXNAMELEN);
1503 1521 inst_num = pdevlist_kernel->dl_devs[i].le_dev_instance;
1504 1522 count = pdevlist_kernel->dl_devs[i].le_mechanism_count;
1505 1523 (void) snprintf(provname, sizeof (provname), "%s/%d", devname,
1506 1524 inst_num);
1507 1525 if (get_dev_info(devname, inst_num, count, &pmechlist) ==
1508 1526 SUCCESS) {
1509 1527 (void) filter_mechlist(&pmechlist, RANDOM);
1510 1528 print_mechlist(provname, pmechlist);
1511 1529 free_mechlist(pmechlist);
1512 1530 } else {
1513 1531 (void) printf(gettext("%s: failed to get the mechanism"
1514 1532 " list.\n"), provname);
|
↓ open down ↓ |
25 lines elided |
↑ open up ↑ |
1515 1533 rc = FAILURE;
1516 1534 }
1517 1535 }
1518 1536 free(pdevlist_kernel);
1519 1537 return (rc);
1520 1538 }
1521 1539
1522 1540
1523 1541 /*
1524 1542 * List all the providers. And for each provider, list the policy information.
1543 + * Called for "cryptoadm list -p".
1525 1544 */
1526 1545 static int
1527 1546 list_policy_for_all(void)
1528 1547 {
1529 - crypto_get_dev_list_t *pdevlist_kernel;
1530 - uentrylist_t *pliblist;
1531 - uentrylist_t *plibptr;
1532 - entrylist_t *pdevlist_conf;
1533 - entrylist_t *psoftlist_conf;
1534 - entrylist_t *ptr;
1535 - entrylist_t *phead;
1536 - boolean_t found;
1537 - char provname[MAXNAMELEN];
1538 - int i;
1539 - int rc = SUCCESS;
1548 + crypto_get_dev_list_t *pdevlist_kernel = NULL;
1549 + uentrylist_t *pliblist = NULL;
1550 + entrylist_t *pdevlist_conf = NULL;
1551 + entrylist_t *psoftlist_conf = NULL;
1552 + entrylist_t *ptr = NULL;
1553 + entrylist_t *phead = NULL;
1554 + boolean_t found = B_FALSE;
1555 + char provname[MAXNAMELEN];
1556 + int i;
1557 + int rc = SUCCESS;
1540 1558
1541 1559 /* Get user-level providers */
1542 1560 (void) printf(gettext("\nUser-level providers:\n"));
1543 1561 /*
1544 1562 * TRANSLATION_NOTE
1545 1563 * Strictly for appearance's sake, this line should be as long as
1546 1564 * the length of the translated text above.
1547 1565 */
1548 1566 (void) printf(gettext("=====================\n"));
1549 1567 if (get_pkcs11conf_info(&pliblist) == FAILURE) {
1550 1568 cryptoerror(LOG_STDERR, gettext("failed to retrieve "
1551 1569 "the list of user-level providers.\n"));
1570 + rc = FAILURE;
1552 1571 } else {
1553 - plibptr = pliblist;
1572 + uentrylist_t *plibptr = pliblist;
1573 +
1554 1574 while (plibptr != NULL) {
1555 1575 /* skip metaslot entry */
1556 1576 if (strcmp(plibptr->puent->name,
1557 1577 METASLOT_KEYWORD) != 0) {
1558 1578 if (print_uef_policy(plibptr->puent)
1559 1579 == FAILURE) {
1560 1580 rc = FAILURE;
1561 1581 }
1562 1582 }
1563 1583 plibptr = plibptr->next;
1564 1584 }
1565 1585 free_uentrylist(pliblist);
1566 1586 }
|
↓ open down ↓ |
3 lines elided |
↑ open up ↑ |
1567 1587
1568 1588 /* kernel software providers */
1569 1589 (void) printf(gettext("\nKernel software providers:\n"));
1570 1590 /*
1571 1591 * TRANSLATION_NOTE
1572 1592 * Strictly for appearance's sake, this line should be as long as
1573 1593 * the length of the translated text above.
1574 1594 */
1575 1595 (void) printf(gettext("==========================\n"));
1576 1596
1577 - /* Get all entries from the kcf.conf file */
1578 - pdevlist_conf = NULL;
1597 + /* Get all entries from the kernel */
1579 1598 if (getzoneid() == GLOBAL_ZONEID) {
1580 - /* use kcf.conf for kernel software providers in global zone */
1581 - psoftlist_conf = NULL;
1599 + /* get kernel software providers from kernel ioctl */
1600 + crypto_get_soft_list_t *psoftlist_kernel = NULL;
1601 + uint_t sl_soft_count;
1602 + char *psoftname;
1603 + int i;
1582 1604
1583 - if (get_kcfconf_info(&pdevlist_conf, &psoftlist_conf) ==
1584 - FAILURE) {
1585 - cryptoerror(LOG_STDERR, gettext(
1586 - "failed to retrieve the list of kernel "
1587 - "providers.\n"));
1588 - return (FAILURE);
1589 - }
1605 + if (get_soft_list(&psoftlist_kernel) == FAILURE) {
1606 + cryptoerror(LOG_ERR, gettext("Failed to retrieve the "
1607 + "software provider list from kernel."));
1608 + rc = FAILURE;
1609 + } else {
1610 + sl_soft_count = psoftlist_kernel->sl_soft_count;
1590 1611
1591 - ptr = psoftlist_conf;
1592 - while (ptr != NULL) {
1593 - (void) list_policy_for_soft(ptr->pent->name);
1594 - ptr = ptr->next;
1612 + for (i = 0, psoftname = psoftlist_kernel->sl_soft_names;
1613 + i < sl_soft_count;
1614 + ++i, psoftname += strlen(psoftname) + 1) {
1615 + (void) list_policy_for_soft(psoftname,
1616 + pdevlist_conf, psoftlist_conf);
1617 + }
1618 + free(psoftlist_kernel);
1595 1619 }
1596 1620
1597 - free_entrylist(psoftlist_conf);
1598 1621 } else {
1599 1622 /* kcf.conf not there in non-global zone, no policy info */
1600 1623
1601 1624 /*
1602 1625 * TRANSLATION_NOTE
1603 1626 * "global" is keyword and not to be translated.
1604 1627 */
1605 1628 cryptoerror(LOG_STDERR, gettext(
1606 1629 "policy information for kernel software providers is "
1607 1630 "available in the %s zone only"), "global");
1608 1631 }
1609 1632
1610 1633 /* Kernel hardware providers */
1611 1634 (void) printf(gettext("\nKernel hardware providers:\n"));
1612 1635 /*
1613 1636 * TRANSLATION_NOTE
1614 1637 * Strictly for appearance's sake, this line should be as long as
1615 1638 * the length of the translated text above.
1616 1639 */
1617 1640 (void) printf(gettext("==========================\n"));
1618 1641
1619 1642 if (getzoneid() != GLOBAL_ZONEID) {
1620 1643 /*
1621 1644 * TRANSLATION_NOTE
1622 1645 * "global" is keyword and not to be translated.
1623 1646 */
|
↓ open down ↓ |
16 lines elided |
↑ open up ↑ |
1624 1647 cryptoerror(LOG_STDERR, gettext(
1625 1648 "policy information for kernel hardware providers is "
1626 1649 "available in the %s zone only"), "global");
1627 1650 return (FAILURE);
1628 1651 }
1629 1652
1630 1653 /* Get the hardware provider list from kernel */
1631 1654 if (get_dev_list(&pdevlist_kernel) != SUCCESS) {
1632 1655 cryptoerror(LOG_STDERR, gettext(
1633 1656 "failed to retrieve the list of hardware providers.\n"));
1634 - free_entrylist(pdevlist_conf);
1635 1657 return (FAILURE);
1636 1658 }
1637 1659
1660 + if (get_kcfconf_info(&pdevlist_conf, &psoftlist_conf) == FAILURE) {
1661 + cryptoerror(LOG_ERR, "failed to retrieve the providers' "
1662 + "information from file kcf.conf - %s.",
1663 + _PATH_KCF_CONF);
1664 + return (FAILURE);
1665 + }
1666 +
1667 +
1638 1668 /*
1639 1669 * For each hardware provider from kernel, check if it has an entry
1640 1670 * in the config file. If it has an entry, print out the policy from
1641 1671 * config file and remove the entry from the hardware provider list
1642 1672 * of the config file. If it does not have an entry in the config
1643 1673 * file, no mechanisms of it have been disabled. But, we still call
1644 1674 * list_policy_for_hard() to account for the "random" feature.
1645 1675 */
1646 1676 for (i = 0; i < pdevlist_kernel->dl_dev_count; i++) {
1647 1677 (void) snprintf(provname, sizeof (provname), "%s/%d",
1648 1678 pdevlist_kernel->dl_devs[i].le_dev_name,
1649 1679 pdevlist_kernel->dl_devs[i].le_dev_instance);
1680 +
1650 1681 found = B_FALSE;
1651 1682 phead = ptr = pdevlist_conf;
1652 1683 while (!found && ptr) {
1653 1684 if (strcmp(ptr->pent->name, provname) == 0) {
1654 1685 found = B_TRUE;
1655 1686 } else {
1656 1687 phead = ptr;
1657 1688 ptr = ptr->next;
1658 1689 }
1659 1690 }
1660 1691
1661 1692 if (found) {
1662 - (void) list_policy_for_hard(ptr->pent->name);
1693 + (void) list_policy_for_hard(ptr->pent->name,
1694 + pdevlist_conf, psoftlist_conf, pdevlist_kernel);
1663 1695 if (phead == ptr) {
1664 1696 pdevlist_conf = pdevlist_conf->next;
1665 1697 } else {
1666 1698 phead->next = ptr->next;
1667 1699 }
1668 1700 free_entry(ptr->pent);
1669 1701 free(ptr);
1670 1702 } else {
1671 - (void) list_policy_for_hard(provname);
1703 + (void) list_policy_for_hard(provname, pdevlist_conf,
1704 + psoftlist_conf, pdevlist_kernel);
1672 1705 }
1673 1706 }
1674 1707
1675 1708 /*
1676 1709 * If there are still entries left in the pdevlist_conf list from
1677 1710 * the config file, these providers must have been detached.
1678 1711 * Should print out their policy information also.
1679 1712 */
1680 - ptr = pdevlist_conf;
1681 - while (ptr != NULL) {
1682 - print_kef_policy(ptr->pent, B_FALSE, B_TRUE);
1683 - ptr = ptr->next;
1713 + for (ptr = pdevlist_conf; ptr != NULL; ptr = ptr->next) {
1714 + print_kef_policy(ptr->pent->name, ptr->pent, B_FALSE, B_TRUE);
1684 1715 }
1685 1716
1686 1717 free_entrylist(pdevlist_conf);
1718 + free_entrylist(psoftlist_conf);
1687 1719 free(pdevlist_kernel);
1688 1720
1689 1721 return (rc);
1690 1722 }
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX