2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #pragma ident "%Z%%M% %I% %E% SMI"
27
28 #include <fcntl.h>
29 #include <stdio.h>
30 #include <stdlib.h>
31 #include <strings.h>
32 #include <unistd.h>
33 #include <locale.h>
34 #include <libgen.h>
35 #include <sys/types.h>
36 #include <sys/stat.h>
37 #include <sys/crypto/ioctladmin.h>
38 #include <signal.h>
39 #include <sys/crypto/elfsign.h>
40 #include "cryptoadm.h"
41
42 static int err; /* to store the value of errno in case being overwritten */
43 static int check_hardware_provider(char *, char *, int *, int *);
44
45 /*
46 * Display the mechanism list for a kernel software provider.
47 */
197
198 /*
199 * If the hardware provider has an entry in the kcf.conf file,
200 * some of its mechanisms must have been disabled. Print out
201 * the disabled list from the config file entry. Otherwise,
202 * if it is active, then all the mechanisms for it are enabled.
203 */
204 if ((pent = getent_kef(provname)) != NULL) {
205 print_kef_policy(pent, has_random, has_mechs);
206 free_entry(pent);
207 return (SUCCESS);
208 } else {
209 if (check_active_for_hard(provname, &is_active) ==
210 FAILURE) {
211 return (FAILURE);
212 } else if (is_active == B_TRUE) {
213 (void) printf(gettext(
214 "%s: all mechanisms are enabled."), provname);
215 if (has_random)
216 /*
217 * TRANSLATION_NOTE:
218 * "random" is a keyword and not to be
219 * translated.
220 */
221 (void) printf(gettext(" %s is enabled.\n"),
222 "random");
223 else
224 (void) printf("\n");
225 return (SUCCESS);
226 } else {
227 cryptoerror(LOG_STDERR,
228 gettext("%s does not exist."), provname);
229 return (FAILURE);
230 }
231 }
232 }
233
234
235
236 int
237 disable_kef_hardware(char *provname, boolean_t rndflag, boolean_t allflag,
370 return (FAILURE);
371 }
372
373 /* Get the entry of this provider from the config file. */
374 if ((pent = getent_kef(provname)) == NULL) {
375 cryptoerror(LOG_STDERR,
376 gettext("%s does not exist."), provname);
377 return (FAILURE);
378 }
379
380 /*
381 * Check if the kernel software provider is currently unloaded.
382 * If it is unloaded, return FAILURE, because the disable subcommand
383 * can not perform on inactive (unloaded) providers.
384 */
385 if (check_active_for_soft(provname, &is_active) == FAILURE) {
386 free_entry(pent);
387 return (FAILURE);
388 } else if (is_active == B_FALSE) {
389 /*
390 * TRANSLATION_NOTE:
391 * "disable" is a keyword and not to be translated.
392 */
393 cryptoerror(LOG_STDERR,
394 gettext("can not do %1$s on an unloaded "
395 "kernel software provider -- %2$s."), "disable", provname);
396 free_entry(pent);
397 return (FAILURE);
398 }
399
400 /* Get the mechanism list for the software provider */
401 if (get_soft_info(provname, &infolist) == FAILURE) {
402 free(pent);
403 return (FAILURE);
404 }
405
406 /* See comments in disable_kef_hardware() */
407 if (!rndflag) {
408 (void) filter_mechlist(&infolist, RANDOM);
409 }
410
1306
1307 /* Inform kernel to unload this software module */
1308 if ((punload_soft = setup_unload_soft(pent)) == NULL) {
1309 (void) close(fd);
1310 return (FAILURE);
1311 }
1312
1313 if (ioctl(fd, CRYPTO_UNLOAD_SOFT_MODULE, punload_soft) == -1) {
1314 cryptodebug("CRYPTO_UNLOAD_SOFT_MODULE ioctl failed: %s",
1315 strerror(errno));
1316 free_entry(pent);
1317 free(punload_soft);
1318 (void) close(fd);
1319 return (FAILURE);
1320 }
1321
1322 if (punload_soft->sm_return_value != CRYPTO_SUCCESS) {
1323 cryptodebug("CRYPTO_UNLOAD_SOFT_MODULE ioctl return_value = "
1324 "%d", punload_soft->sm_return_value);
1325 /*
1326 * If the return value is CRYPTO_UNKNOWN_PRIVDER, it means
1327 * that the provider is not registered yet. Should just
1328 * continue.
1329 */
1330 if (punload_soft->sm_return_value != CRYPTO_UNKNOWN_PROVIDER) {
1331 free_entry(pent);
1332 free(punload_soft);
1333 (void) close(fd);
1334 return (FAILURE);
1335 }
1336 }
1337
1338 free(punload_soft);
1339
1340 /*
1341 * Inform kernel to remove the configuration of this software
1342 * module.
1343 */
1344 free_mechlist(pent->suplist);
1345 pent->suplist = NULL;
1346 pent->sup_count = 0;
|
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #include <fcntl.h>
27 #include <stdio.h>
28 #include <stdlib.h>
29 #include <strings.h>
30 #include <unistd.h>
31 #include <locale.h>
32 #include <libgen.h>
33 #include <sys/types.h>
34 #include <sys/stat.h>
35 #include <sys/crypto/ioctladmin.h>
36 #include <signal.h>
37 #include <sys/crypto/elfsign.h>
38 #include "cryptoadm.h"
39
40 static int err; /* to store the value of errno in case being overwritten */
41 static int check_hardware_provider(char *, char *, int *, int *);
42
43 /*
44 * Display the mechanism list for a kernel software provider.
45 */
195
196 /*
197 * If the hardware provider has an entry in the kcf.conf file,
198 * some of its mechanisms must have been disabled. Print out
199 * the disabled list from the config file entry. Otherwise,
200 * if it is active, then all the mechanisms for it are enabled.
201 */
202 if ((pent = getent_kef(provname)) != NULL) {
203 print_kef_policy(pent, has_random, has_mechs);
204 free_entry(pent);
205 return (SUCCESS);
206 } else {
207 if (check_active_for_hard(provname, &is_active) ==
208 FAILURE) {
209 return (FAILURE);
210 } else if (is_active == B_TRUE) {
211 (void) printf(gettext(
212 "%s: all mechanisms are enabled."), provname);
213 if (has_random)
214 /*
215 * TRANSLATION_NOTE
216 * "random" is a keyword and not to be
217 * translated.
218 */
219 (void) printf(gettext(" %s is enabled.\n"),
220 "random");
221 else
222 (void) printf("\n");
223 return (SUCCESS);
224 } else {
225 cryptoerror(LOG_STDERR,
226 gettext("%s does not exist."), provname);
227 return (FAILURE);
228 }
229 }
230 }
231
232
233
234 int
235 disable_kef_hardware(char *provname, boolean_t rndflag, boolean_t allflag,
368 return (FAILURE);
369 }
370
371 /* Get the entry of this provider from the config file. */
372 if ((pent = getent_kef(provname)) == NULL) {
373 cryptoerror(LOG_STDERR,
374 gettext("%s does not exist."), provname);
375 return (FAILURE);
376 }
377
378 /*
379 * Check if the kernel software provider is currently unloaded.
380 * If it is unloaded, return FAILURE, because the disable subcommand
381 * can not perform on inactive (unloaded) providers.
382 */
383 if (check_active_for_soft(provname, &is_active) == FAILURE) {
384 free_entry(pent);
385 return (FAILURE);
386 } else if (is_active == B_FALSE) {
387 /*
388 * TRANSLATION_NOTE
389 * "disable" is a keyword and not to be translated.
390 */
391 cryptoerror(LOG_STDERR,
392 gettext("can not do %1$s on an unloaded "
393 "kernel software provider -- %2$s."), "disable", provname);
394 free_entry(pent);
395 return (FAILURE);
396 }
397
398 /* Get the mechanism list for the software provider */
399 if (get_soft_info(provname, &infolist) == FAILURE) {
400 free(pent);
401 return (FAILURE);
402 }
403
404 /* See comments in disable_kef_hardware() */
405 if (!rndflag) {
406 (void) filter_mechlist(&infolist, RANDOM);
407 }
408
1304
1305 /* Inform kernel to unload this software module */
1306 if ((punload_soft = setup_unload_soft(pent)) == NULL) {
1307 (void) close(fd);
1308 return (FAILURE);
1309 }
1310
1311 if (ioctl(fd, CRYPTO_UNLOAD_SOFT_MODULE, punload_soft) == -1) {
1312 cryptodebug("CRYPTO_UNLOAD_SOFT_MODULE ioctl failed: %s",
1313 strerror(errno));
1314 free_entry(pent);
1315 free(punload_soft);
1316 (void) close(fd);
1317 return (FAILURE);
1318 }
1319
1320 if (punload_soft->sm_return_value != CRYPTO_SUCCESS) {
1321 cryptodebug("CRYPTO_UNLOAD_SOFT_MODULE ioctl return_value = "
1322 "%d", punload_soft->sm_return_value);
1323 /*
1324 * If the return value is CRYPTO_UNKNOWN_PROVIDER, it means
1325 * that the provider is not registered yet. Should just
1326 * continue.
1327 */
1328 if (punload_soft->sm_return_value != CRYPTO_UNKNOWN_PROVIDER) {
1329 free_entry(pent);
1330 free(punload_soft);
1331 (void) close(fd);
1332 return (FAILURE);
1333 }
1334 }
1335
1336 free(punload_soft);
1337
1338 /*
1339 * Inform kernel to remove the configuration of this software
1340 * module.
1341 */
1342 free_mechlist(pent->suplist);
1343 pent->suplist = NULL;
1344 pent->sup_count = 0;
|