Print this page
6621176 $SRC/cmd/cmd-crypto/cryptoadm/*.c seem to have syntax errors in the translation notes
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.c
+++ new/usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
|
↓ open down ↓ |
11 lines elided |
↑ open up ↑ |
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 - * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
22 + * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 24 */
25 25
26 -#pragma ident "%Z%%M% %I% %E% SMI"
27 26
28 27 #include <fcntl.h>
29 28 #include <stdio.h>
30 29 #include <stdlib.h>
31 30 #include <strings.h>
32 31 #include <unistd.h>
33 32 #include <locale.h>
34 33 #include <libgen.h>
35 34 #include <sys/types.h>
36 35 #include <zone.h>
37 36 #include <sys/crypto/ioctladmin.h>
38 37 #include <cryptoutil.h>
39 38 #include "cryptoadm.h"
40 39
41 40 #define REQ_ARG_CNT 2
42 41
43 42 /* subcommand index */
44 43 enum subcommand_index {
45 44 CRYPTO_LIST,
46 45 CRYPTO_DISABLE,
|
↓ open down ↓ |
10 lines elided |
↑ open up ↑ |
47 46 CRYPTO_ENABLE,
48 47 CRYPTO_INSTALL,
49 48 CRYPTO_UNINSTALL,
50 49 CRYPTO_UNLOAD,
51 50 CRYPTO_REFRESH,
52 51 CRYPTO_START,
53 52 CRYPTO_STOP,
54 53 CRYPTO_HELP };
55 54
56 55 /*
57 - * TRANSLATION_NOTE:
56 + * TRANSLATION_NOTE
58 57 * Command keywords are not to be translated.
59 58 */
60 59 static char *cmd_table[] = {
61 60 "list",
62 61 "disable",
63 62 "enable",
64 63 "install",
65 64 "uninstall",
66 65 "unload",
67 66 "refresh",
68 67 "start",
69 68 "stop",
70 69 "--help" };
71 70
72 71 /* provider type */
73 72 enum provider_type_index {
74 73 PROV_UEF_LIB,
75 74 PROV_KEF_SOFT,
|
↓ open down ↓ |
8 lines elided |
↑ open up ↑ |
76 75 PROV_KEF_HARD,
77 76 METASLOT,
78 77 PROV_BADNAME };
79 78
80 79 typedef struct {
81 80 char cp_name[MAXPATHLEN];
82 81 enum provider_type_index cp_type;
83 82 } cryptoadm_provider_t;
84 83
85 84 /*
86 - * TRANSLATION_NOTE:
85 + * TRANSLATION_NOTE
87 86 * Operand keywords are not to be translated.
88 87 */
89 88 static const char *KN_PROVIDER = "provider=";
90 89 static const char *KN_MECH = "mechanism=";
91 90 static const char *KN_ALL = "all";
92 91 static const char *KN_TOKEN = "token=";
93 92 static const char *KN_SLOT = "slot=";
94 93 static const char *KN_DEFAULT_KS = "default-keystore";
95 94 static const char *KN_AUTO_KEY_MIGRATE = "auto-key-migrate";
96 95
97 96 /* static variables */
98 97 static boolean_t allflag = B_FALSE;
99 98 static boolean_t rndflag = B_FALSE;
100 99 static mechlist_t *mecharglist = NULL;
101 100
102 101 /* static functions */
103 102 static void usage(void);
104 103 static int get_provider_type(char *);
105 104 static int process_mech_operands(int, char **, boolean_t);
106 105 static int do_list(int, char **);
107 106 static int do_disable(int, char **);
108 107 static int do_enable(int, char **);
109 108 static int do_install(int, char **);
110 109 static int do_uninstall(int, char **);
111 110 static int do_unload(int, char **);
112 111 static int do_refresh(int);
113 112 static int do_start(int);
114 113 static int do_stop(int);
115 114 static int list_simple_for_all(boolean_t);
116 115 static int list_mechlist_for_all(boolean_t);
117 116 static int list_policy_for_all(void);
118 117
119 118 int
120 119 main(int argc, char *argv[])
121 120 {
122 121 char *subcmd;
123 122 int cmdnum;
124 123 int cmd_index = 0;
125 124 int rc = SUCCESS;
126 125
127 126 (void) setlocale(LC_ALL, "");
128 127
129 128 #if !defined(TEXT_DOMAIN) /* Should be defined by cc -D */
130 129 #define TEXT_DOMAIN "SYS_TEST" /* Use this only if it weren't */
131 130 #endif
132 131 (void) textdomain(TEXT_DOMAIN);
133 132
134 133 cryptodebug_init(basename(argv[0]));
135 134
136 135 if (argc < REQ_ARG_CNT) {
137 136 usage();
138 137 return (ERROR_USAGE);
139 138 }
140 139
141 140 /* get the subcommand index */
142 141 cmd_index = 0;
143 142 subcmd = argv[1];
144 143 cmdnum = sizeof (cmd_table)/sizeof (cmd_table[0]);
145 144
146 145 while ((cmd_index < cmdnum) &&
147 146 (strcmp(subcmd, cmd_table[cmd_index]) != 0)) {
148 147 cmd_index++;
149 148 }
150 149 if (cmd_index >= cmdnum) {
151 150 usage();
152 151 return (ERROR_USAGE);
153 152 }
154 153
155 154 /* do the subcommand */
156 155 switch (cmd_index) {
157 156 case CRYPTO_LIST:
158 157 rc = do_list(argc, argv);
159 158 break;
160 159 case CRYPTO_DISABLE:
161 160 rc = do_disable(argc, argv);
162 161 break;
163 162 case CRYPTO_ENABLE:
164 163 rc = do_enable(argc, argv);
165 164 break;
166 165 case CRYPTO_INSTALL:
167 166 rc = do_install(argc, argv);
168 167 break;
169 168 case CRYPTO_UNINSTALL:
170 169 rc = do_uninstall(argc, argv);
171 170 break;
172 171 case CRYPTO_UNLOAD:
173 172 rc = do_unload(argc, argv);
174 173 break;
175 174 case CRYPTO_REFRESH:
176 175 rc = do_refresh(argc);
177 176 break;
178 177 case CRYPTO_START:
179 178 rc = do_start(argc);
180 179 break;
181 180 case CRYPTO_STOP:
182 181 rc = do_stop(argc);
183 182 break;
184 183 case CRYPTO_HELP:
185 184 usage();
186 185 rc = SUCCESS;
187 186 break;
188 187 default: /* should not come here */
189 188 usage();
190 189 rc = ERROR_USAGE;
|
↓ open down ↓ |
94 lines elided |
↑ open up ↑ |
191 190 break;
192 191 }
193 192 return (rc);
194 193 }
195 194
196 195
197 196 static void
198 197 usage(void)
199 198 {
200 199 /*
201 - * TRANSLATION_NOTE:
200 + * TRANSLATION_NOTE
202 201 * Command usage is not to be translated. Only the word "Usage:"
203 202 * along with localized expressions indicating what kind of value
204 203 * is expected for arguments.
205 204 */
206 205 (void) fprintf(stderr, gettext("Usage:\n"));
207 206 (void) fprintf(stderr,
208 207 " cryptoadm list [-mpv] [provider=<%s> | metaslot]"
209 208 " [mechanism=<%s>]\n",
210 209 gettext("provider-name"), gettext("mechanism-list"));
211 210 (void) fprintf(stderr,
212 211 " cryptoadm disable provider=<%s>"
213 212 " mechanism=<%s> | random | all\n",
214 213 gettext("provider-name"), gettext("mechanism-list"));
215 214 (void) fprintf(stderr,
216 215 " cryptoadm disable metaslot"
217 216 " [auto-key-migrate] [mechanism=<%s>]\n",
218 217 gettext("mechanism-list"));
219 218 (void) fprintf(stderr,
220 219 " cryptoadm enable provider=<%s>"
221 220 " mechanism=<%s> | random | all\n",
222 221 gettext("provider-name"), gettext("mechanism-list"));
223 222 (void) fprintf(stderr,
224 223 " cryptoadm enable metaslot [mechanism=<%s>]"
225 224 " [[token=<%s>] [slot=<%s>]"
226 225 " | [default-keystore]] | [auto-key-migrate]\n",
227 226 gettext("mechanism-list"), gettext("token-label"),
228 227 gettext("slot-description"));
229 228 (void) fprintf(stderr,
230 229 " cryptoadm install provider=<%s>\n",
231 230 gettext("provider-name"));
232 231 (void) fprintf(stderr,
233 232 " cryptoadm install provider=<%s> [mechanism=<%s>]\n",
234 233 gettext("provider-name"), gettext("mechanism-list"));
235 234 (void) fprintf(stderr,
236 235 " cryptoadm uninstall provider=<%s>\n",
237 236 gettext("provider-name"));
238 237 (void) fprintf(stderr,
239 238 " cryptoadm unload provider=<%s>\n",
240 239 gettext("provider-name"));
241 240 (void) fprintf(stderr,
242 241 " cryptoadm refresh\n"
243 242 " cryptoadm start\n"
244 243 " cryptoadm stop\n"
|
↓ open down ↓ |
33 lines elided |
↑ open up ↑ |
245 244 " cryptoadm --help\n");
246 245 }
247 246
248 247
249 248 /*
250 249 * Get the provider type. This function returns
251 250 * - PROV_UEF_LIB if provname contains an absolute path name
252 251 * - PROV_KEF_SOFT if provname is a base name only
253 252 * - PROV_KEF_HARD if provname contains one slash only and the slash is not
254 253 * the 1st character.
255 - * - PROV_BADNAME othewise.
254 + * - PROV_BADNAME otherwise.
256 255 */
257 256 static int
258 257 get_provider_type(char *provname)
259 258 {
260 259 char *pslash1;
261 260 char *pslash2;
262 261
263 262 if (provname == NULL) {
264 263 return (FAILURE);
265 264 }
266 265
267 266 if (provname[0] == '/') {
268 267 return (PROV_UEF_LIB);
269 268 } else if ((pslash1 = strchr(provname, SEP_SLASH)) == NULL) {
270 269 /* no slash */
271 270 return (PROV_KEF_SOFT);
272 271 } else {
273 272 pslash2 = strrchr(provname, SEP_SLASH);
274 273 if (pslash1 == pslash2) {
275 274 return (PROV_KEF_HARD);
276 275 } else {
277 276 return (PROV_BADNAME);
278 277 }
279 278 }
280 279 }
281 280
282 281 /*
283 282 * Get the provider structure. This function returns NULL if no valid
284 283 * provider= is found in argv[], otherwise a cryptoadm_provider_t is returned.
285 284 * If provider= is found but has no argument, then a cryptoadm_provider_t
286 285 * with cp_type = PROV_BADNAME is returned.
287 286 */
288 287 static cryptoadm_provider_t *
289 288 get_provider(int argc, char **argv)
290 289 {
291 290 int c = 0;
292 291 boolean_t found = B_FALSE;
293 292 cryptoadm_provider_t *provider = NULL;
294 293 char *provstr = NULL, *savstr;
295 294 boolean_t is_metaslot = B_FALSE;
296 295
297 296 while (!found && ++c < argc) {
|
↓ open down ↓ |
32 lines elided |
↑ open up ↑ |
298 297 if (strncmp(argv[c], METASLOT_KEYWORD,
299 298 strlen(METASLOT_KEYWORD)) == 0) {
300 299 is_metaslot = B_TRUE;
301 300 found = B_TRUE;
302 301 } else if (strncmp(argv[c], KN_PROVIDER,
303 302 strlen(KN_PROVIDER)) == 0 &&
304 303 strlen(argv[c]) > strlen(KN_PROVIDER)) {
305 304 if ((provstr = strdup(argv[c])) == NULL) {
306 305 int err = errno;
307 306 /*
308 - * TRANSLATION_NOTE:
307 + * TRANSLATION_NOTE
309 308 * "get_provider" is a function name and should
310 309 * not be translated.
311 310 */
312 311 cryptoerror(LOG_STDERR, "get_provider: %s.",
313 312 strerror(err));
314 313 return (NULL);
315 314 }
316 315 found = B_TRUE;
317 316 }
318 317 }
319 318 if (!found)
320 319 return (NULL);
321 320
322 321 provider = malloc(sizeof (cryptoadm_provider_t));
323 322 if (provider == NULL) {
324 323 cryptoerror(LOG_STDERR, gettext("out of memory."));
325 324 if (provstr) {
326 325 free(provstr);
327 326 }
328 327 return (NULL);
329 328 }
330 329
331 330 if (is_metaslot) {
332 331 (void) strlcpy(provider->cp_name, METASLOT_KEYWORD,
333 332 strlen(METASLOT_KEYWORD));
334 333 provider->cp_type = METASLOT;
335 334 } else {
336 335
337 336 savstr = provstr;
338 337 (void) strtok(provstr, "=");
339 338 provstr = strtok(NULL, "=");
340 339 if (provstr == NULL) {
341 340 cryptoerror(LOG_STDERR, gettext("bad provider name."));
342 341 provider->cp_type = PROV_BADNAME;
343 342 free(savstr);
344 343 return (provider);
345 344 }
346 345
347 346 (void) strlcpy(provider->cp_name, provstr,
348 347 sizeof (provider->cp_name));
349 348 provider->cp_type = get_provider_type(provider->cp_name);
350 349
351 350 free(savstr);
352 351 }
353 352 return (provider);
354 353 }
355 354
356 355 /*
357 356 * Process the "feature" operands.
358 357 *
359 358 * "argc" and "argv" contain values specified on the command line.
360 359 * All other arguments are used for returning parsing results.
361 360 * If any of these arguments are NULL, that keyword is not expected,
362 361 * and FAILURE will be returned.
363 362 */
364 363 static int
365 364 process_metaslot_operands(int argc, char **argv, char **meta_ks_token,
366 365 char **meta_ks_slot, boolean_t *use_default,
367 366 boolean_t *auto_key_migrate_flag)
368 367 {
369 368 int c = 2;
370 369 int rc = SUCCESS;
371 370
372 371 while (++c < argc) {
373 372 if ((strncmp(argv[c], KN_MECH, strlen(KN_MECH)) == 0) &&
374 373 strlen(argv[c]) > strlen(KN_MECH)) {
375 374
376 375 /* process mechanism operands */
377 376 if ((rc = process_mech_operands(argc, argv, B_TRUE))
378 377 != SUCCESS) {
379 378 goto finish;
380 379 }
381 380
382 381 } else if ((strncmp(argv[c], KN_TOKEN,
383 382 strlen(KN_TOKEN)) == 0) &&
384 383 strlen(argv[c]) > strlen(KN_TOKEN)) {
385 384 if ((meta_ks_token) && (strtok(argv[c], "=") != NULL)) {
386 385 char *tmp;
387 386 if ((tmp = strtok(NULL, "=")) != NULL) {
388 387 *meta_ks_token = strdup(tmp);
389 388 } else {
390 389 return (FAILURE);
391 390 }
392 391 } else {
393 392 return (FAILURE);
394 393 }
395 394
396 395 } else if ((strncmp(argv[c], KN_SLOT,
397 396 strlen(KN_SLOT)) == 0) &&
398 397 strlen(argv[c]) > strlen(KN_SLOT)) {
399 398
400 399 if ((meta_ks_slot) && (strtok(argv[c], "=") != NULL)) {
401 400 char *tmp;
402 401 if ((tmp = strtok(NULL, "=")) != NULL) {
403 402 *meta_ks_slot = strdup(tmp);
404 403 } else {
405 404 return (FAILURE);
406 405 }
407 406 } else {
408 407 return (FAILURE);
409 408 }
410 409
411 410 } else if (strncmp(argv[c], KN_DEFAULT_KS,
412 411 strlen(KN_DEFAULT_KS)) == 0) {
413 412
414 413 if (use_default) {
415 414 *use_default = B_TRUE;
416 415 } else {
417 416 return (FAILURE);
418 417 }
419 418 } else if (strncmp(argv[c], KN_AUTO_KEY_MIGRATE,
420 419 strlen(KN_AUTO_KEY_MIGRATE)) == 0) {
421 420
422 421 if (auto_key_migrate_flag) {
423 422 *auto_key_migrate_flag = B_TRUE;
424 423 } else {
425 424 return (FAILURE);
426 425 }
427 426 } else {
428 427 return (FAILURE);
429 428 }
430 429 }
431 430 finish:
432 431 return (rc);
433 432 }
434 433
435 434 /*
436 435 * Process the "feature" operands.
437 436 */
438 437 static int
439 438 process_feature_operands(int argc, char **argv)
440 439 {
441 440 int c = 2;
442 441
443 442 while (++c < argc) {
444 443 if (strcmp(argv[c], KN_ALL) == 0) {
445 444 allflag = B_TRUE;
446 445 rndflag = B_TRUE; /* all includes random also. */
447 446 } else if (strcmp(argv[c], RANDOM) == 0) {
448 447 rndflag = B_TRUE;
449 448 }
450 449 }
451 450 return (SUCCESS);
452 451 }
453 452
454 453 /*
455 454 * Process the mechanism operands for the disable, enable and install
456 455 * subcommands. This function sets the static variable allflag to be B_TRUE
457 456 * if the keyword "all" is specified, otherwise builds a link list of the
458 457 * mechanism operands and save it in the static variable mecharglist.
459 458 *
460 459 * This function returns
461 460 * ERROR_USAGE: mechanism operand is missing.
462 461 * FAILURE: out of memory.
463 462 * SUCCESS: otherwise.
464 463 */
465 464 static int
466 465 process_mech_operands(int argc, char **argv, boolean_t quiet)
467 466 {
468 467 mechlist_t *pmech;
469 468 mechlist_t *pcur = NULL;
470 469 mechlist_t *phead = NULL;
471 470 boolean_t found = B_FALSE;
472 471 char *mechliststr = NULL;
473 472 char *curmech = NULL;
474 473 int c = -1;
475 474 int rc = SUCCESS;
|
↓ open down ↓ |
157 lines elided |
↑ open up ↑ |
476 475
477 476 while (!found && ++c < argc) {
478 477 if ((strncmp(argv[c], KN_MECH, strlen(KN_MECH)) == 0) &&
479 478 strlen(argv[c]) > strlen(KN_MECH)) {
480 479 found = B_TRUE;
481 480 }
482 481 }
483 482 if (!found) {
484 483 if (!quiet)
485 484 /*
486 - * TRANSLATION_NOTE:
485 + * TRANSLATION_NOTE
487 486 * "mechanism" could be either a literal keyword
488 487 * and hence not to be translated, or a descriptive
489 488 * word and translatable. A choice was made to
490 489 * view it as a literal keyword.
491 490 */
492 491 cryptoerror(LOG_STDERR,
493 492 gettext("the %s operand is missing.\n"),
494 493 "mechanism");
495 494 return (ERROR_USAGE);
496 495 }
497 496 (void) strtok(argv[c], "=");
498 497 mechliststr = strtok(NULL, "=");
499 498
500 499 if (strcmp(mechliststr, "all") == 0) {
501 500 allflag = B_TRUE;
502 501 mecharglist = NULL;
503 502 return (SUCCESS);
504 503 }
505 504
506 505 curmech = strtok(mechliststr, ",");
507 506 do {
508 507 if ((pmech = create_mech(curmech)) == NULL) {
509 508 rc = FAILURE;
510 509 break;
511 510 } else {
512 511 if (phead == NULL) {
513 512 phead = pcur = pmech;
514 513 } else {
515 514 pcur->next = pmech;
516 515 pcur = pmech;
517 516 }
518 517 }
519 518 } while ((curmech = strtok(NULL, ",")) != NULL);
520 519
521 520 if (rc == FAILURE) {
522 521 cryptoerror(LOG_STDERR, gettext("out of memory."));
523 522 free_mechlist(phead);
524 523 } else {
525 524 mecharglist = phead;
526 525 rc = SUCCESS;
527 526 }
528 527 return (rc);
529 528 }
530 529
531 530
532 531
533 532 /*
534 533 * The top level function for the list subcommand and options.
535 534 */
536 535 static int
537 536 do_list(int argc, char **argv)
538 537 {
539 538 boolean_t mflag = B_FALSE;
540 539 boolean_t pflag = B_FALSE;
541 540 boolean_t vflag = B_FALSE;
542 541 char ch;
543 542 cryptoadm_provider_t *prov = NULL;
544 543 int rc = SUCCESS;
545 544
546 545 argc -= 1;
547 546 argv += 1;
548 547
549 548 if (argc == 1) {
550 549 rc = list_simple_for_all(B_FALSE);
551 550 goto out;
552 551 }
553 552
554 553 /*
555 554 * [-v] [-m] [-p] [provider=<>] [mechanism=<>]
556 555 */
557 556 if (argc > 5) {
558 557 usage();
559 558 return (rc);
560 559 }
561 560
562 561 while ((ch = getopt(argc, argv, "mpv")) != EOF) {
563 562 switch (ch) {
564 563 case 'm':
565 564 mflag = B_TRUE;
566 565 if (pflag) {
567 566 rc = ERROR_USAGE;
568 567 }
569 568 break;
570 569 case 'p':
571 570 pflag = B_TRUE;
572 571 if (mflag || vflag) {
573 572 rc = ERROR_USAGE;
574 573 }
575 574 break;
576 575 case 'v':
577 576 vflag = B_TRUE;
578 577 if (pflag)
579 578 rc = ERROR_USAGE;
580 579 break;
581 580 default:
582 581 rc = ERROR_USAGE;
583 582 break;
584 583 }
585 584 }
586 585
587 586 if (rc == ERROR_USAGE) {
588 587 usage();
589 588 return (rc);
590 589 }
591 590
592 591 if ((rc = process_feature_operands(argc, argv)) != SUCCESS) {
593 592 goto out;
594 593 }
595 594
596 595 prov = get_provider(argc, argv);
597 596
598 597 if (mflag || vflag) {
599 598 if (argc > 0) {
600 599 rc = process_mech_operands(argc, argv, B_TRUE);
601 600 if (rc == FAILURE)
602 601 goto out;
603 602 /* "-m" is implied when a mechanism list is given */
604 603 if (mecharglist != NULL || allflag)
605 604 mflag = B_TRUE;
606 605 }
607 606 }
608 607
609 608 if (prov == NULL) {
610 609 if (mflag) {
611 610 rc = list_mechlist_for_all(vflag);
612 611 } else if (pflag) {
613 612 rc = list_policy_for_all();
614 613 } else if (vflag) {
615 614 rc = list_simple_for_all(vflag);
616 615 }
617 616 } else if (prov->cp_type == METASLOT) {
618 617 if ((!mflag) && (!vflag) && (!pflag)) {
619 618 /* no flag is specified, just list metaslot status */
620 619 rc = list_metaslot_info(mflag, vflag, mecharglist);
621 620 } else if (mflag || vflag) {
622 621 rc = list_metaslot_info(mflag, vflag, mecharglist);
623 622 } else if (pflag) {
624 623 rc = list_metaslot_policy();
625 624 } else {
626 625 /* error message */
627 626 usage();
628 627 rc = ERROR_USAGE;
629 628 }
630 629 } else if (prov->cp_type == PROV_BADNAME) {
631 630 usage();
632 631 rc = ERROR_USAGE;
633 632 goto out;
634 633 } else { /* do the listing for a provider only */
635 634 if (mflag || vflag) {
636 635 if (vflag)
637 636 (void) printf(gettext("Provider: %s\n"),
638 637 prov->cp_name);
639 638 switch (prov->cp_type) {
640 639 case PROV_UEF_LIB:
641 640 rc = list_mechlist_for_lib(prov->cp_name,
642 641 mecharglist, NULL, B_FALSE,
643 642 vflag, mflag);
644 643 break;
645 644 case PROV_KEF_SOFT:
646 645 rc = list_mechlist_for_soft(prov->cp_name);
647 646 break;
648 647 case PROV_KEF_HARD:
649 648 rc = list_mechlist_for_hard(prov->cp_name);
650 649 break;
651 650 default: /* should not come here */
652 651 rc = FAILURE;
653 652 break;
654 653 }
655 654 } else if (pflag) {
|
↓ open down ↓ |
159 lines elided |
↑ open up ↑ |
656 655 switch (prov->cp_type) {
657 656 case PROV_UEF_LIB:
658 657 rc = list_policy_for_lib(prov->cp_name);
659 658 break;
660 659 case PROV_KEF_SOFT:
661 660 if (getzoneid() == GLOBAL_ZONEID) {
662 661 rc = list_policy_for_soft(
663 662 prov->cp_name);
664 663 } else {
665 664 /*
666 - * TRANSLATION_NOTE:
665 + * TRANSLATION_NOTE
667 666 * "global" is keyword and not to
668 667 * be translated.
669 668 */
670 669 cryptoerror(LOG_STDERR, gettext(
671 670 "policy information for kernel "
672 671 "providers is available "
673 672 "in the %s zone only"), "global");
674 673 rc = FAILURE;
675 674 }
676 675 break;
677 676 case PROV_KEF_HARD:
678 677 if (getzoneid() == GLOBAL_ZONEID) {
679 678 rc = list_policy_for_hard(
680 679 prov->cp_name);
681 680 } else {
682 681 /*
683 - * TRANSLATION_NOTE:
682 + * TRANSLATION_NOTE
684 683 * "global" is keyword and not to
685 684 * be translated.
686 685 */
687 686 cryptoerror(LOG_STDERR, gettext(
688 687 "policy information for kernel "
689 688 "providers is available "
690 689 "in the %s zone only"), "global");
691 690 rc = FAILURE;
692 691 }
693 692
694 693 break;
695 694 default: /* should not come here */
696 695 rc = FAILURE;
697 696 break;
698 697 }
699 698 } else {
700 699 /* error message */
701 700 usage();
702 701 rc = ERROR_USAGE;
703 702 }
704 703 }
705 704
706 705 out:
707 706 if (prov != NULL)
708 707 free(prov);
709 708
710 709 if (mecharglist != NULL)
711 710 free_mechlist(mecharglist);
712 711 return (rc);
713 712 }
714 713
715 714
716 715 /*
717 716 * The top level function for the disable subcommand.
718 717 */
719 718 static int
720 719 do_disable(int argc, char **argv)
721 720 {
722 721 cryptoadm_provider_t *prov = NULL;
723 722 int rc = SUCCESS;
724 723 boolean_t auto_key_migrate_flag = B_FALSE;
725 724
726 725 if ((argc < 3) || (argc > 5)) {
727 726 usage();
728 727 return (ERROR_USAGE);
729 728 }
730 729
731 730 prov = get_provider(argc, argv);
732 731 if (prov == NULL) {
733 732 usage();
734 733 return (ERROR_USAGE);
735 734 }
736 735 if (prov->cp_type == PROV_BADNAME) {
737 736 return (FAILURE);
738 737 }
739 738
740 739 if ((rc = process_feature_operands(argc, argv)) != SUCCESS) {
741 740 goto out;
742 741 }
743 742
744 743 /*
745 744 * If allflag or rndflag has already been set there is no reason to
746 745 * process mech=
747 746 */
748 747 if (prov->cp_type == METASLOT) {
749 748 if ((argc > 3) &&
750 749 (rc = process_metaslot_operands(argc, argv,
751 750 NULL, NULL, NULL, &auto_key_migrate_flag)) != SUCCESS) {
752 751 usage();
753 752 return (rc);
754 753 }
755 754 } else if (!allflag && !rndflag &&
756 755 (rc = process_mech_operands(argc, argv, B_FALSE)) != SUCCESS) {
757 756 return (rc);
758 757 }
759 758
760 759 switch (prov->cp_type) {
761 760 case METASLOT:
762 761 rc = disable_metaslot(mecharglist, allflag,
763 762 auto_key_migrate_flag);
764 763 break;
765 764 case PROV_UEF_LIB:
766 765 rc = disable_uef_lib(prov->cp_name, rndflag, allflag,
767 766 mecharglist);
768 767 break;
769 768 case PROV_KEF_SOFT:
770 769 if (rndflag && !allflag) {
|
↓ open down ↓ |
77 lines elided |
↑ open up ↑ |
771 770 if ((mecharglist = create_mech(RANDOM)) == NULL) {
772 771 rc = FAILURE;
773 772 break;
774 773 }
775 774 }
776 775 if (getzoneid() == GLOBAL_ZONEID) {
777 776 rc = disable_kef_software(prov->cp_name, rndflag,
778 777 allflag, mecharglist);
779 778 } else {
780 779 /*
781 - * TRANSLATION_NOTE:
780 + * TRANSLATION_NOTE
782 781 * "disable" could be either a literal keyword
783 782 * and hence not to be translated, or a verb and
784 783 * translatable. A choice was made to view it as
785 784 * a literal keyword. "global" is keyword and not
786 785 * to be translated.
787 786 */
788 787 cryptoerror(LOG_STDERR, gettext("%1$s for kernel "
789 788 "providers is supported in the %2$s zone only"),
790 789 "disable", "global");
791 790 rc = FAILURE;
792 791 }
793 792 break;
794 793 case PROV_KEF_HARD:
795 794 if (rndflag && !allflag) {
|
↓ open down ↓ |
4 lines elided |
↑ open up ↑ |
796 795 if ((mecharglist = create_mech(RANDOM)) == NULL) {
797 796 rc = FAILURE;
798 797 break;
799 798 }
800 799 }
801 800 if (getzoneid() == GLOBAL_ZONEID) {
802 801 rc = disable_kef_hardware(prov->cp_name, rndflag,
803 802 allflag, mecharglist);
804 803 } else {
805 804 /*
806 - * TRANSLATION_NOTE:
805 + * TRANSLATION_NOTE
807 806 * "disable" could be either a literal keyword
808 807 * and hence not to be translated, or a verb and
809 808 * translatable. A choice was made to view it as
810 809 * a literal keyword. "global" is keyword and not
811 810 * to be translated.
812 811 */
813 812 cryptoerror(LOG_STDERR, gettext("%1$s for kernel "
814 813 "providers is supported in the %2$s zone only"),
815 814 "disable", "global");
816 815 rc = FAILURE;
817 816 }
818 817 break;
819 818 default: /* should not come here */
820 819 rc = FAILURE;
821 820 break;
822 821 }
823 822
824 823 out:
825 824 free(prov);
826 825 if (mecharglist != NULL) {
827 826 free_mechlist(mecharglist);
828 827 }
829 828 return (rc);
830 829 }
831 830
832 831
833 832 /*
834 833 * The top level function fo the enable subcommand.
835 834 */
836 835 static int
837 836 do_enable(int argc, char **argv)
838 837 {
839 838 cryptoadm_provider_t *prov = NULL;
840 839 int rc = SUCCESS;
841 840 char *alt_token = NULL, *alt_slot = NULL;
842 841 boolean_t use_default = B_FALSE, auto_key_migrate_flag = B_FALSE;
843 842
844 843 if ((argc < 3) || (argc > 6)) {
845 844 usage();
846 845 return (ERROR_USAGE);
847 846 }
848 847
849 848 prov = get_provider(argc, argv);
850 849 if (prov == NULL) {
851 850 usage();
852 851 return (ERROR_USAGE);
853 852 }
854 853 if ((prov->cp_type != METASLOT) && (argc != 4)) {
855 854 usage();
856 855 return (ERROR_USAGE);
857 856 }
858 857 if (prov->cp_type == PROV_BADNAME) {
859 858 rc = FAILURE;
860 859 goto out;
861 860 }
862 861
863 862
864 863 if (prov->cp_type == METASLOT) {
865 864 if ((rc = process_metaslot_operands(argc, argv, &alt_token,
866 865 &alt_slot, &use_default, &auto_key_migrate_flag))
867 866 != SUCCESS) {
868 867 usage();
869 868 goto out;
870 869 }
871 870 if ((alt_slot || alt_token) && use_default) {
872 871 usage();
873 872 rc = FAILURE;
874 873 goto out;
875 874 }
876 875 } else {
877 876 if ((rc = process_feature_operands(argc, argv)) != SUCCESS) {
878 877 goto out;
879 878 }
880 879
881 880 /*
882 881 * If allflag or rndflag has already been set there is
883 882 * no reason to process mech=
884 883 */
885 884 if (!allflag && !rndflag &&
886 885 (rc = process_mech_operands(argc, argv, B_FALSE))
887 886 != SUCCESS) {
888 887 goto out;
889 888 }
890 889 }
891 890
892 891 switch (prov->cp_type) {
893 892 case METASLOT:
894 893 rc = enable_metaslot(alt_token, alt_slot, use_default,
895 894 mecharglist, allflag, auto_key_migrate_flag);
896 895 break;
897 896 case PROV_UEF_LIB:
898 897 rc = enable_uef_lib(prov->cp_name, rndflag, allflag,
899 898 mecharglist);
900 899 break;
901 900 case PROV_KEF_SOFT:
902 901 case PROV_KEF_HARD:
903 902 if (rndflag && !allflag) {
|
↓ open down ↓ |
87 lines elided |
↑ open up ↑ |
904 903 if ((mecharglist = create_mech(RANDOM)) == NULL) {
905 904 rc = FAILURE;
906 905 break;
907 906 }
908 907 }
909 908 if (getzoneid() == GLOBAL_ZONEID) {
910 909 rc = enable_kef(prov->cp_name, rndflag, allflag,
911 910 mecharglist);
912 911 } else {
913 912 /*
914 - * TRANSLATION_NOTE:
913 + * TRANSLATION_NOTE
915 914 * "enable" could be either a literal keyword
916 915 * and hence not to be translated, or a verb and
917 916 * translatable. A choice was made to view it as
918 917 * a literal keyword. "global" is keyword and not
919 918 * to be translated.
920 919 */
921 920 cryptoerror(LOG_STDERR, gettext("%1$s for kernel "
922 921 "providers is supported in the %2$s zone only"),
923 922 "enable", "global");
924 923 rc = FAILURE;
925 924 }
926 925 break;
927 926 default: /* should not come here */
928 927 rc = FAILURE;
929 928 break;
930 929 }
931 930 out:
932 931 free(prov);
933 932 if (mecharglist != NULL) {
934 933 free_mechlist(mecharglist);
935 934 }
936 935 if (alt_token != NULL) {
937 936 free(alt_token);
938 937 }
939 938 if (alt_slot != NULL) {
940 939 free(alt_slot);
941 940 }
942 941 return (rc);
943 942 }
944 943
945 944
946 945
947 946 /*
948 947 * The top level function fo the install subcommand.
949 948 */
950 949 static int
951 950 do_install(int argc, char **argv)
952 951 {
953 952 cryptoadm_provider_t *prov = NULL;
954 953 int rc;
|
↓ open down ↓ |
30 lines elided |
↑ open up ↑ |
955 954
956 955 if (argc < 3) {
957 956 usage();
958 957 return (ERROR_USAGE);
959 958 }
960 959
961 960 prov = get_provider(argc, argv);
962 961 if (prov == NULL ||
963 962 prov->cp_type == PROV_BADNAME || prov->cp_type == PROV_KEF_HARD) {
964 963 /*
965 - * TRANSLATION_NOTE:
964 + * TRANSLATION_NOTE
966 965 * "install" could be either a literal keyword and hence
967 966 * not to be translated, or a verb and translatable. A
968 967 * choice was made to view it as a literal keyword.
969 968 */
970 969 cryptoerror(LOG_STDERR,
971 970 gettext("bad provider name for %s."), "install");
972 971 rc = FAILURE;
973 972 goto out;
974 973 }
975 974
976 975 if (prov->cp_type == PROV_UEF_LIB) {
977 976 rc = install_uef_lib(prov->cp_name);
978 977 goto out;
979 978 }
980 979
981 980 /* It is the PROV_KEF_SOFT type now */
982 981
983 982 /* check if there are mechanism operands */
984 983 if (argc < 4) {
985 984 /*
986 - * TRANSLATION_NOTE:
985 + * TRANSLATION_NOTE
987 986 * "mechanism" could be either a literal keyword and hence
988 987 * not to be translated, or a descriptive word and
989 988 * translatable. A choice was made to view it as a literal
990 989 * keyword.
991 990 */
992 991 cryptoerror(LOG_STDERR,
993 992 gettext("need %s operands for installing a"
994 993 " kernel software provider."), "mechanism");
995 994 rc = ERROR_USAGE;
996 995 goto out;
997 996 }
998 997
999 998 if ((rc = process_mech_operands(argc, argv, B_FALSE)) != SUCCESS) {
1000 999 goto out;
1001 1000 }
1002 1001
1003 1002 if (allflag == B_TRUE) {
1004 1003 /*
1005 - * TRANSLATION_NOTE:
1004 + * TRANSLATION_NOTE
1006 1005 * "all", "mechanism", and "install" are all keywords and
1007 1006 * not to be translated.
1008 1007 */
1009 1008 cryptoerror(LOG_STDERR,
1010 1009 gettext("can not use the %1$s keyword for %2$s "
1011 1010 "in the %3$s subcommand."), "all", "mechanism", "install");
1012 1011 rc = ERROR_USAGE;
1013 1012 goto out;
1014 1013 }
1015 1014
1016 1015 if (getzoneid() == GLOBAL_ZONEID) {
1017 1016 rc = install_kef(prov->cp_name, mecharglist);
1018 1017 } else {
1019 1018 /*
1020 - * TRANSLATION_NOTE:
1019 + * TRANSLATION_NOTE
1021 1020 * "install" could be either a literal keyword and hence
1022 1021 * not to be translated, or a verb and translatable. A
1023 1022 * choice was made to view it as a literal keyword.
1024 1023 * "global" is keyword and not to be translated.
1025 1024 */
1026 1025 cryptoerror(LOG_STDERR, gettext("%1$s for kernel providers "
1027 1026 "is supported in the %2$s zone only"), "install", "global");
1028 1027 rc = FAILURE;
1029 1028 }
1030 1029 out:
1031 1030 free(prov);
1032 1031 return (rc);
1033 1032 }
1034 1033
1035 1034
1036 1035
1037 1036 /*
1038 1037 * The top level function for the uninstall subcommand.
1039 1038 */
1040 1039 static int
1041 1040 do_uninstall(int argc, char **argv)
1042 1041 {
1043 1042 cryptoadm_provider_t *prov = NULL;
1044 1043 int rc = SUCCESS;
|
↓ open down ↓ |
14 lines elided |
↑ open up ↑ |
1045 1044
1046 1045 if (argc != 3) {
1047 1046 usage();
1048 1047 return (ERROR_USAGE);
1049 1048 }
1050 1049
1051 1050 prov = get_provider(argc, argv);
1052 1051 if (prov == NULL ||
1053 1052 prov->cp_type == PROV_BADNAME || prov->cp_type == PROV_KEF_HARD) {
1054 1053 /*
1055 - * TRANSLATION_NOTE:
1054 + * TRANSLATION_NOTE
1056 1055 * "uninstall" could be either a literal keyword and hence
1057 1056 * not to be translated, or a verb and translatable. A
1058 1057 * choice was made to view it as a literal keyword.
1059 1058 */
1060 1059 cryptoerror(LOG_STDERR,
1061 1060 gettext("bad provider name for %s."), "uninstall");
1062 1061 free(prov);
1063 1062 return (FAILURE);
1064 1063 }
1065 1064
1066 1065 if (prov->cp_type == PROV_UEF_LIB) {
1067 1066 rc = uninstall_uef_lib(prov->cp_name);
1068 1067 } else if (prov->cp_type == PROV_KEF_SOFT) {
1069 1068 if (getzoneid() == GLOBAL_ZONEID) {
1070 1069 rc = uninstall_kef(prov->cp_name);
1071 1070 } else {
1072 1071 /*
1073 - * TRANSLATION_NOTE:
1072 + * TRANSLATION_NOTE
1074 1073 * "uninstall" could be either a literal keyword and
1075 1074 * hence not to be translated, or a verb and
1076 1075 * translatable. A choice was made to view it as a
1077 1076 * literal keyword. "global" is keyword and not to
1078 1077 * be translated.
1079 1078 */
1080 1079 cryptoerror(LOG_STDERR, gettext("%1$s for kernel "
1081 1080 "providers is supported in the %2$s zone only"),
1082 1081 "uninstall", "global");
1083 1082 rc = FAILURE;
1084 1083 }
1085 1084 }
1086 1085
1087 1086 free(prov);
1088 1087 return (rc);
1089 1088 }
1090 1089
1091 1090
1092 1091 /*
1093 1092 * The top level function for the unload subcommand.
1094 1093 */
1095 1094 static int
1096 1095 do_unload(int argc, char **argv)
1097 1096 {
1098 1097 cryptoadm_provider_t *prov = NULL;
1099 1098 entry_t *pent;
1100 1099 boolean_t is_active;
1101 1100 int rc = SUCCESS;
1102 1101
1103 1102 if (argc != 3) {
1104 1103 usage();
1105 1104 return (ERROR_USAGE);
1106 1105 }
1107 1106
1108 1107 /* check if it is a kernel software provider */
1109 1108 prov = get_provider(argc, argv);
1110 1109 if (prov == NULL) {
1111 1110 cryptoerror(LOG_STDERR,
1112 1111 gettext("unable to determine provider name."));
1113 1112 goto out;
1114 1113 }
|
↓ open down ↓ |
31 lines elided |
↑ open up ↑ |
1115 1114 if (prov->cp_type != PROV_KEF_SOFT) {
1116 1115 cryptoerror(LOG_STDERR,
1117 1116 gettext("%s is not a valid kernel software provider."),
1118 1117 prov->cp_name);
1119 1118 rc = FAILURE;
1120 1119 goto out;
1121 1120 }
1122 1121
1123 1122 if (getzoneid() != GLOBAL_ZONEID) {
1124 1123 /*
1125 - * TRANSLATION_NOTE:
1124 + * TRANSLATION_NOTE
1126 1125 * "unload" could be either a literal keyword and hence
1127 1126 * not to be translated, or a verb and translatable.
1128 1127 * A choice was made to view it as a literal keyword.
1129 1128 * "global" is keyword and not to be translated.
1130 1129 */
1131 1130 cryptoerror(LOG_STDERR, gettext("%1$s for kernel providers "
1132 1131 "is supported in the %2$s zone only"), "unload", "global");
1133 1132 rc = FAILURE;
1134 1133 goto out;
1135 1134 }
1136 1135
1137 1136 /* Check if it is in the kcf.conf file first */
1138 1137 if ((pent = getent_kef(prov->cp_name)) == NULL) {
1139 1138 cryptoerror(LOG_STDERR,
1140 1139 gettext("provider %s does not exist."), prov->cp_name);
1141 1140 rc = FAILURE;
1142 1141 goto out;
1143 1142 }
1144 1143 free_entry(pent);
1145 1144
1146 1145 /* If it is unloaded already, return */
1147 1146 if (check_active_for_soft(prov->cp_name, &is_active) == FAILURE) {
1148 1147 cryptodebug("internal error");
1149 1148 cryptoerror(LOG_STDERR,
1150 1149 gettext("failed to unload %s."), prov->cp_name);
1151 1150 rc = FAILURE;
1152 1151 goto out;
1153 1152 }
1154 1153
1155 1154 if (is_active == B_FALSE) { /* unloaded already */
1156 1155 rc = SUCCESS;
1157 1156 goto out;
1158 1157 } else if (unload_kef_soft(prov->cp_name, B_TRUE) == FAILURE) {
1159 1158 cryptoerror(LOG_STDERR,
1160 1159 gettext("failed to unload %s."), prov->cp_name);
1161 1160 rc = FAILURE;
1162 1161 } else {
1163 1162 rc = SUCCESS;
1164 1163 }
1165 1164 out:
1166 1165 free(prov);
1167 1166 return (rc);
1168 1167 }
1169 1168
1170 1169
1171 1170
1172 1171 /*
1173 1172 * The top level function for the refresh subcommand.
1174 1173 */
1175 1174 static int
1176 1175 do_refresh(int argc)
1177 1176 {
1178 1177 if (argc != 2) {
1179 1178 usage();
1180 1179 return (ERROR_USAGE);
1181 1180 }
1182 1181
1183 1182 /*
1184 1183 * Note: in non-global zone, this must silently return SUCCESS
1185 1184 * due to integration with SMF, for "svcadm refresh cryptosvc"
1186 1185 */
1187 1186 if (getzoneid() != GLOBAL_ZONEID)
1188 1187 return (SUCCESS);
1189 1188
1190 1189 return (refresh());
1191 1190 }
1192 1191
1193 1192
1194 1193 /*
1195 1194 * The top level function for the start subcommand.
1196 1195 */
1197 1196 static int
1198 1197 do_start(int argc)
1199 1198 {
1200 1199 int ret;
1201 1200
1202 1201 if (argc != 2) {
1203 1202 usage();
1204 1203 return (ERROR_USAGE);
1205 1204 }
1206 1205
1207 1206 ret = do_refresh(argc);
1208 1207 if (ret != SUCCESS)
1209 1208 return (ret);
1210 1209
1211 1210 return (start_daemon());
1212 1211 }
1213 1212
1214 1213 /*
1215 1214 * The top level function for the stop subcommand.
1216 1215 */
1217 1216 static int
1218 1217 do_stop(int argc)
1219 1218 {
1220 1219 if (argc != 2) {
1221 1220 usage();
1222 1221 return (ERROR_USAGE);
1223 1222 }
1224 1223
1225 1224 return (stop_daemon());
1226 1225 }
1227 1226
1228 1227
1229 1228
1230 1229 /*
1231 1230 * List all the providers.
1232 1231 */
1233 1232 static int
1234 1233 list_simple_for_all(boolean_t verbose)
1235 1234 {
1236 1235 uentrylist_t *pliblist;
1237 1236 uentrylist_t *plibptr;
1238 1237 entrylist_t *pdevlist_conf;
1239 1238 entrylist_t *psoftlist_conf;
1240 1239 entrylist_t *pdevlist_zone;
1241 1240 entrylist_t *psoftlist_zone;
1242 1241 entrylist_t *ptr;
1243 1242 crypto_get_dev_list_t *pdevlist_kernel = NULL;
1244 1243 boolean_t is_active;
1245 1244 int ru = SUCCESS;
1246 1245 int rs = SUCCESS;
1247 1246 int rd = SUCCESS;
1248 1247 int i;
1249 1248
1250 1249 /* get user-level providers */
1251 1250 (void) printf(gettext("\nUser-level providers:\n"));
1252 1251 if (get_pkcs11conf_info(&pliblist) != SUCCESS) {
1253 1252 cryptoerror(LOG_STDERR, gettext(
1254 1253 "failed to retrieve the list of user-level providers."));
1255 1254 ru = FAILURE;
1256 1255 }
1257 1256 plibptr = pliblist;
1258 1257 while (plibptr != NULL) {
1259 1258 if (strcmp(plibptr->puent->name, METASLOT_KEYWORD) != 0) {
1260 1259 (void) printf(gettext("Provider: %s\n"),
1261 1260 plibptr->puent->name);
1262 1261 if (verbose) {
1263 1262 (void) list_mechlist_for_lib(
1264 1263 plibptr->puent->name, mecharglist, NULL,
1265 1264 B_FALSE, verbose, B_FALSE);
1266 1265 (void) printf("\n");
1267 1266 }
1268 1267 }
1269 1268 plibptr = plibptr->next;
1270 1269 }
1271 1270 free_uentrylist(pliblist);
1272 1271
1273 1272 /* get kernel software providers */
1274 1273 (void) printf(gettext("\nKernel software providers:\n"));
1275 1274
1276 1275 if (getzoneid() == GLOBAL_ZONEID) {
1277 1276 /* use kcf.conf for kernel software providers in global zone */
1278 1277 pdevlist_conf = NULL;
1279 1278 psoftlist_conf = NULL;
1280 1279
1281 1280 if (get_kcfconf_info(&pdevlist_conf, &psoftlist_conf) !=
1282 1281 SUCCESS) {
1283 1282 cryptoerror(LOG_STDERR,
1284 1283 gettext("failed to retrieve the "
1285 1284 "list of kernel software providers.\n"));
1286 1285 rs = FAILURE;
1287 1286 }
1288 1287
1289 1288 ptr = psoftlist_conf;
1290 1289 while (ptr != NULL) {
1291 1290 if (check_active_for_soft(ptr->pent->name, &is_active)
1292 1291 == FAILURE) {
1293 1292 rs = FAILURE;
1294 1293 cryptoerror(LOG_STDERR, gettext("failed to "
1295 1294 "get the state of a kernel software "
1296 1295 "providers.\n"));
1297 1296 break;
1298 1297 }
1299 1298
1300 1299 (void) printf("\t%s", ptr->pent->name);
1301 1300 if (is_active == B_FALSE) {
1302 1301 (void) printf(gettext(" (inactive)\n"));
1303 1302 } else {
1304 1303 (void) printf("\n");
1305 1304 }
1306 1305 ptr = ptr->next;
1307 1306 }
1308 1307
1309 1308 free_entrylist(pdevlist_conf);
1310 1309 free_entrylist(psoftlist_conf);
1311 1310 } else {
1312 1311 /* kcf.conf not there in non-global zone, use /dev/cryptoadm */
1313 1312 pdevlist_zone = NULL;
1314 1313 psoftlist_zone = NULL;
1315 1314
1316 1315 if (get_admindev_info(&pdevlist_zone, &psoftlist_zone) !=
1317 1316 SUCCESS) {
1318 1317 cryptoerror(LOG_STDERR,
1319 1318 gettext("failed to retrieve the "
1320 1319 "list of kernel software providers.\n"));
1321 1320 rs = FAILURE;
1322 1321 }
1323 1322
1324 1323 ptr = psoftlist_zone;
1325 1324 while (ptr != NULL) {
1326 1325 (void) printf("\t%s\n", ptr->pent->name);
1327 1326 ptr = ptr->next;
1328 1327 }
1329 1328
1330 1329 free_entrylist(pdevlist_zone);
1331 1330 free_entrylist(psoftlist_zone);
1332 1331 }
1333 1332
1334 1333 /* get kernel hardware providers */
1335 1334 (void) printf(gettext("\nKernel hardware providers:\n"));
1336 1335 if (get_dev_list(&pdevlist_kernel) == FAILURE) {
1337 1336 cryptoerror(LOG_STDERR, gettext("failed to retrieve "
1338 1337 "the list of kernel hardware providers.\n"));
1339 1338 rd = FAILURE;
1340 1339 } else {
1341 1340 for (i = 0; i < pdevlist_kernel->dl_dev_count; i++) {
1342 1341 (void) printf("\t%s/%d\n",
1343 1342 pdevlist_kernel->dl_devs[i].le_dev_name,
1344 1343 pdevlist_kernel->dl_devs[i].le_dev_instance);
1345 1344 }
1346 1345 }
1347 1346 free(pdevlist_kernel);
1348 1347
1349 1348 if (ru == FAILURE || rs == FAILURE || rd == FAILURE) {
1350 1349 return (FAILURE);
1351 1350 } else {
1352 1351 return (SUCCESS);
1353 1352 }
1354 1353 }
1355 1354
1356 1355
1357 1356
1358 1357 /*
1359 1358 * List all the providers. And for each provider, list the mechanism list.
1360 1359 */
1361 1360 static int
1362 1361 list_mechlist_for_all(boolean_t verbose)
1363 1362 {
1364 1363 crypto_get_dev_list_t *pdevlist_kernel;
1365 1364 uentrylist_t *pliblist;
1366 1365 uentrylist_t *plibptr;
1367 1366 entrylist_t *pdevlist_conf;
1368 1367 entrylist_t *psoftlist_conf;
1369 1368 entrylist_t *pdevlist_zone;
1370 1369 entrylist_t *psoftlist_zone;
1371 1370 entrylist_t *ptr;
1372 1371 mechlist_t *pmechlist;
1373 1372 boolean_t is_active;
1374 1373 char provname[MAXNAMELEN];
|
↓ open down ↓ |
239 lines elided |
↑ open up ↑ |
1375 1374 char devname[MAXNAMELEN];
1376 1375 int inst_num;
1377 1376 int count;
1378 1377 int i;
1379 1378 int rv;
1380 1379 int rc = SUCCESS;
1381 1380
1382 1381 /* get user-level providers */
1383 1382 (void) printf(gettext("\nUser-level providers:\n"));
1384 1383 /*
1385 - * TRANSLATION_NOTE:
1384 + * TRANSLATION_NOTE
1386 1385 * Strictly for appearance's sake, this line should be as long as
1387 1386 * the length of the translated text above.
1388 1387 */
1389 1388 (void) printf(gettext("=====================\n"));
1390 1389 if (get_pkcs11conf_info(&pliblist) != SUCCESS) {
1391 1390 cryptoerror(LOG_STDERR, gettext("failed to retrieve "
1392 1391 "the list of user-level providers.\n"));
1393 1392 rc = FAILURE;
1394 1393 }
1395 1394
1396 1395 plibptr = pliblist;
1397 1396 while (plibptr != NULL) {
1398 1397 /* skip metaslot entry */
1399 1398 if (strcmp(plibptr->puent->name, METASLOT_KEYWORD) != 0) {
1400 1399 (void) printf(gettext("\nProvider: %s\n"),
1401 1400 plibptr->puent->name);
1402 1401 rv = list_mechlist_for_lib(plibptr->puent->name,
1403 1402 mecharglist, NULL, B_FALSE, verbose, B_TRUE);
1404 1403 if (rv == FAILURE) {
|
↓ open down ↓ |
9 lines elided |
↑ open up ↑ |
1405 1404 rc = FAILURE;
1406 1405 }
1407 1406 }
1408 1407 plibptr = plibptr->next;
1409 1408 }
1410 1409 free_uentrylist(pliblist);
1411 1410
1412 1411 /* get kernel software providers */
1413 1412 (void) printf(gettext("\nKernel software providers:\n"));
1414 1413 /*
1415 - * TRANSLATION_NOTE:
1414 + * TRANSLATION_NOTE
1416 1415 * Strictly for appearance's sake, this line should be as long as
1417 1416 * the length of the translated text above.
1418 1417 */
1419 1418 (void) printf(gettext("==========================\n"));
1420 1419 if (getzoneid() == GLOBAL_ZONEID) {
1421 1420 /* use kcf.conf for kernel software providers in global zone */
1422 1421 pdevlist_conf = NULL;
1423 1422 psoftlist_conf = NULL;
1424 1423
1425 1424 if (get_kcfconf_info(&pdevlist_conf, &psoftlist_conf) !=
1426 1425 SUCCESS) {
1427 1426 cryptoerror(LOG_STDERR, gettext("failed to retrieve "
1428 1427 "the list of kernel software providers.\n"));
1429 1428 rc = FAILURE;
1430 1429 }
1431 1430
1432 1431 ptr = psoftlist_conf;
1433 1432 while (ptr != NULL) {
1434 1433 if (check_active_for_soft(ptr->pent->name, &is_active)
1435 1434 == SUCCESS) {
1436 1435 if (is_active) {
1437 1436 rv = list_mechlist_for_soft(
1438 1437 ptr->pent->name);
1439 1438 if (rv == FAILURE) {
1440 1439 rc = FAILURE;
1441 1440 }
1442 1441 } else {
1443 1442 (void) printf(gettext(
1444 1443 "%s: (inactive)\n"),
1445 1444 ptr->pent->name);
1446 1445 }
1447 1446 } else {
1448 1447 /* should not happen */
1449 1448 (void) printf(gettext(
1450 1449 "%s: failed to get the mechanism list.\n"),
1451 1450 ptr->pent->name);
1452 1451 rc = FAILURE;
1453 1452 }
1454 1453 ptr = ptr->next;
1455 1454 }
1456 1455
1457 1456 free_entrylist(pdevlist_conf);
1458 1457 free_entrylist(psoftlist_conf);
1459 1458 } else {
1460 1459 /* kcf.conf not there in non-global zone, use /dev/cryptoadm */
1461 1460 pdevlist_zone = NULL;
1462 1461 psoftlist_zone = NULL;
1463 1462
1464 1463 if (get_admindev_info(&pdevlist_zone, &psoftlist_zone) !=
1465 1464 SUCCESS) {
1466 1465 cryptoerror(LOG_STDERR, gettext("failed to retrieve "
1467 1466 "the list of kernel software providers.\n"));
1468 1467 rc = FAILURE;
1469 1468 }
1470 1469
1471 1470 ptr = psoftlist_zone;
1472 1471 while (ptr != NULL) {
1473 1472 rv = list_mechlist_for_soft(ptr->pent->name);
1474 1473 if (rv == FAILURE) {
1475 1474 (void) printf(gettext(
1476 1475 "%s: failed to get the mechanism list.\n"),
1477 1476 ptr->pent->name);
1478 1477 rc = FAILURE;
1479 1478 }
|
↓ open down ↓ |
54 lines elided |
↑ open up ↑ |
1480 1479 ptr = ptr->next;
1481 1480 }
1482 1481
1483 1482 free_entrylist(pdevlist_zone);
1484 1483 free_entrylist(psoftlist_zone);
1485 1484 }
1486 1485
1487 1486 /* Get kernel hardware providers and their mechanism lists */
1488 1487 (void) printf(gettext("\nKernel hardware providers:\n"));
1489 1488 /*
1490 - * TRANSLATION_NOTE:
1489 + * TRANSLATION_NOTE
1491 1490 * Strictly for appearance's sake, this line should be as long as
1492 1491 * the length of the translated text above.
1493 1492 */
1494 1493 (void) printf(gettext("==========================\n"));
1495 1494 if (get_dev_list(&pdevlist_kernel) != SUCCESS) {
1496 1495 cryptoerror(LOG_STDERR, gettext("failed to retrieve "
1497 1496 "the list of hardware providers.\n"));
1498 1497 return (FAILURE);
1499 1498 }
1500 1499
1501 1500 for (i = 0; i < pdevlist_kernel->dl_dev_count; i++) {
1502 1501 (void) strlcpy(devname,
1503 1502 pdevlist_kernel->dl_devs[i].le_dev_name, MAXNAMELEN);
1504 1503 inst_num = pdevlist_kernel->dl_devs[i].le_dev_instance;
1505 1504 count = pdevlist_kernel->dl_devs[i].le_mechanism_count;
1506 1505 (void) snprintf(provname, sizeof (provname), "%s/%d", devname,
1507 1506 inst_num);
1508 1507 if (get_dev_info(devname, inst_num, count, &pmechlist) ==
1509 1508 SUCCESS) {
1510 1509 (void) filter_mechlist(&pmechlist, RANDOM);
1511 1510 print_mechlist(provname, pmechlist);
1512 1511 free_mechlist(pmechlist);
1513 1512 } else {
1514 1513 (void) printf(gettext("%s: failed to get the mechanism"
1515 1514 " list.\n"), provname);
1516 1515 rc = FAILURE;
1517 1516 }
1518 1517 }
1519 1518 free(pdevlist_kernel);
1520 1519 return (rc);
1521 1520 }
1522 1521
1523 1522
1524 1523 /*
1525 1524 * List all the providers. And for each provider, list the policy information.
1526 1525 */
1527 1526 static int
1528 1527 list_policy_for_all(void)
1529 1528 {
1530 1529 crypto_get_dev_list_t *pdevlist_kernel;
1531 1530 uentrylist_t *pliblist;
1532 1531 uentrylist_t *plibptr;
1533 1532 entrylist_t *pdevlist_conf;
1534 1533 entrylist_t *psoftlist_conf;
|
↓ open down ↓ |
34 lines elided |
↑ open up ↑ |
1535 1534 entrylist_t *ptr;
1536 1535 entrylist_t *phead;
1537 1536 boolean_t found;
1538 1537 char provname[MAXNAMELEN];
1539 1538 int i;
1540 1539 int rc = SUCCESS;
1541 1540
1542 1541 /* Get user-level providers */
1543 1542 (void) printf(gettext("\nUser-level providers:\n"));
1544 1543 /*
1545 - * TRANSLATION_NOTE:
1544 + * TRANSLATION_NOTE
1546 1545 * Strictly for appearance's sake, this line should be as long as
1547 1546 * the length of the translated text above.
1548 1547 */
1549 1548 (void) printf(gettext("=====================\n"));
1550 1549 if (get_pkcs11conf_info(&pliblist) == FAILURE) {
1551 1550 cryptoerror(LOG_STDERR, gettext("failed to retrieve "
1552 1551 "the list of user-level providers.\n"));
1553 1552 } else {
1554 1553 plibptr = pliblist;
1555 1554 while (plibptr != NULL) {
1556 1555 /* skip metaslot entry */
1557 1556 if (strcmp(plibptr->puent->name,
1558 1557 METASLOT_KEYWORD) != 0) {
1559 1558 if (print_uef_policy(plibptr->puent)
1560 1559 == FAILURE) {
1561 1560 rc = FAILURE;
|
↓ open down ↓ |
6 lines elided |
↑ open up ↑ |
1562 1561 }
1563 1562 }
1564 1563 plibptr = plibptr->next;
1565 1564 }
1566 1565 free_uentrylist(pliblist);
1567 1566 }
1568 1567
1569 1568 /* kernel software providers */
1570 1569 (void) printf(gettext("\nKernel software providers:\n"));
1571 1570 /*
1572 - * TRANSLATION_NOTE:
1571 + * TRANSLATION_NOTE
1573 1572 * Strictly for appearance's sake, this line should be as long as
1574 1573 * the length of the translated text above.
1575 1574 */
1576 1575 (void) printf(gettext("==========================\n"));
1577 1576
1578 1577 /* Get all entries from the kcf.conf file */
1579 1578 pdevlist_conf = NULL;
1580 1579 if (getzoneid() == GLOBAL_ZONEID) {
1581 1580 /* use kcf.conf for kernel software providers in global zone */
1582 1581 psoftlist_conf = NULL;
1583 1582
1584 1583 if (get_kcfconf_info(&pdevlist_conf, &psoftlist_conf) ==
1585 1584 FAILURE) {
1586 1585 cryptoerror(LOG_STDERR, gettext(
1587 1586 "failed to retrieve the list of kernel "
1588 1587 "providers.\n"));
1589 1588 return (FAILURE);
1590 1589 }
1591 1590
1592 1591 ptr = psoftlist_conf;
|
↓ open down ↓ |
10 lines elided |
↑ open up ↑ |
1593 1592 while (ptr != NULL) {
1594 1593 (void) list_policy_for_soft(ptr->pent->name);
1595 1594 ptr = ptr->next;
1596 1595 }
1597 1596
1598 1597 free_entrylist(psoftlist_conf);
1599 1598 } else {
1600 1599 /* kcf.conf not there in non-global zone, no policy info */
1601 1600
1602 1601 /*
1603 - * TRANSLATION_NOTE:
1602 + * TRANSLATION_NOTE
1604 1603 * "global" is keyword and not to be translated.
1605 1604 */
1606 1605 cryptoerror(LOG_STDERR, gettext(
1607 1606 "policy information for kernel software providers is "
1608 1607 "available in the %s zone only"), "global");
1609 1608 }
1610 1609
1611 1610 /* Kernel hardware providers */
1612 1611 (void) printf(gettext("\nKernel hardware providers:\n"));
1613 1612 /*
1614 - * TRANSLATION_NOTE:
1613 + * TRANSLATION_NOTE
1615 1614 * Strictly for appearance's sake, this line should be as long as
1616 1615 * the length of the translated text above.
1617 1616 */
1618 1617 (void) printf(gettext("==========================\n"));
1619 1618
1620 1619 if (getzoneid() != GLOBAL_ZONEID) {
1621 1620 /*
1622 - * TRANSLATION_NOTE:
1621 + * TRANSLATION_NOTE
1623 1622 * "global" is keyword and not to be translated.
1624 1623 */
1625 1624 cryptoerror(LOG_STDERR, gettext(
1626 1625 "policy information for kernel hardware providers is "
1627 1626 "available in the %s zone only"), "global");
1628 1627 return (FAILURE);
1629 1628 }
1630 1629
1631 1630 /* Get the hardware provider list from kernel */
1632 1631 if (get_dev_list(&pdevlist_kernel) != SUCCESS) {
1633 1632 cryptoerror(LOG_STDERR, gettext(
1634 1633 "failed to retrieve the list of hardware providers.\n"));
1635 1634 free_entrylist(pdevlist_conf);
1636 1635 return (FAILURE);
1637 1636 }
1638 1637
1639 1638 /*
1640 1639 * For each hardware provider from kernel, check if it has an entry
1641 1640 * in the config file. If it has an entry, print out the policy from
1642 1641 * config file and remove the entry from the hardware provider list
1643 1642 * of the config file. If it does not have an entry in the config
1644 1643 * file, no mechanisms of it have been disabled. But, we still call
1645 1644 * list_policy_for_hard() to account for the "random" feature.
1646 1645 */
1647 1646 for (i = 0; i < pdevlist_kernel->dl_dev_count; i++) {
1648 1647 (void) snprintf(provname, sizeof (provname), "%s/%d",
1649 1648 pdevlist_kernel->dl_devs[i].le_dev_name,
1650 1649 pdevlist_kernel->dl_devs[i].le_dev_instance);
1651 1650 found = B_FALSE;
1652 1651 phead = ptr = pdevlist_conf;
1653 1652 while (!found && ptr) {
1654 1653 if (strcmp(ptr->pent->name, provname) == 0) {
1655 1654 found = B_TRUE;
1656 1655 } else {
1657 1656 phead = ptr;
1658 1657 ptr = ptr->next;
1659 1658 }
1660 1659 }
1661 1660
1662 1661 if (found) {
1663 1662 (void) list_policy_for_hard(ptr->pent->name);
1664 1663 if (phead == ptr) {
1665 1664 pdevlist_conf = pdevlist_conf->next;
1666 1665 } else {
1667 1666 phead->next = ptr->next;
1668 1667 }
1669 1668 free_entry(ptr->pent);
1670 1669 free(ptr);
1671 1670 } else {
1672 1671 (void) list_policy_for_hard(provname);
1673 1672 }
1674 1673 }
1675 1674
1676 1675 /*
1677 1676 * If there are still entries left in the pdevlist_conf list from
1678 1677 * the config file, these providers must have been detached.
1679 1678 * Should print out their policy information also.
1680 1679 */
1681 1680 ptr = pdevlist_conf;
1682 1681 while (ptr != NULL) {
1683 1682 print_kef_policy(ptr->pent, B_FALSE, B_TRUE);
1684 1683 ptr = ptr->next;
1685 1684 }
1686 1685
1687 1686 free_entrylist(pdevlist_conf);
1688 1687 free(pdevlist_kernel);
1689 1688
1690 1689 return (rc);
1691 1690 }
|
↓ open down ↓ |
59 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX