Print this page
6862532 "cryptoadm: failed to parse configuration" error
6353443 domestic (crypt) source build leaves stuff it shouldn't
6818180 mac(1) printed "invalid key" error message when user input an invalid passphrase
@@ -17,11 +17,11 @@
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
- * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#include <errno.h>
#include <fcntl.h>
@@ -40,11 +40,11 @@
static int build_entrylist(entry_t *, entrylist_t **);
static entry_t *dup_entry(entry_t *);
static mechlist_t *dup_mechlist(mechlist_t *);
static entry_t *getent(char *, entrylist_t *);
static int interpret(char *, entry_t **);
-static int parse_sup_dis_list(char *, entry_t *);
+static int parse_sup_dis_list(const char *buf, entry_t *pent);
/*
* Duplicate the mechanism list. A null pointer is returned if the storage
* space available is insufficient or the input argument is NULL.
@@ -176,11 +176,11 @@
* pent: the entry for the disabledlist. This is an IN/OUT argument.
*
* Return value: SUCCESS or FAILURE.
*/
static int
-parse_sup_dis_list(char *buf, entry_t *pent)
+parse_sup_dis_list(const char *buf, entry_t *pent)
{
mechlist_t *pmech = NULL;
mechlist_t *phead = NULL;
char *next_token;
char *value;
@@ -213,14 +213,26 @@
if ((pmech = create_mech(next_token)) == NULL) {
return (FAILURE);
}
if (supflag) {
+ if (pent->suplist != NULL) {
+ cryptodebug("multiple supportedlist entries "
+ "for a mechanism in file kcf.conf.");
+ return (FAILURE);
+ } else {
pent->suplist = phead = pmech;
+ }
} else if (disflag) {
+ if (pent->dislist != NULL) {
+ cryptodebug("multiple disabledlist entries "
+ "for a mechanism in file kcf.conf.");
+ return (FAILURE);
+ } else {
pent->dislist = phead = pmech;
}
+ }
count = 1;
while (next_token) {
if (next_token = strtok(NULL, SEP_COMMA)) {
if ((pmech = create_mech(next_token)) == NULL) {
@@ -249,10 +261,12 @@
/*
* Convert a char string containing a line about a provider
* from kcf.conf into an entry_t structure.
*
+ * Note: the input string, buf, may be modified by this function.
+ *
* See ent2str(), the reverse of this function, for the format of
* kcf.conf lines.
*/
static int
interpret(char *buf, entry_t **ppent)
@@ -280,33 +294,39 @@
return (FAILURE);
}
if (strncmp(token2, EF_UNLOAD, strlen(EF_UNLOAD)) == 0) {
pent->load = B_FALSE; /* cryptoadm unload */
- if ((token2 = strtok(NULL, SEP_SEMICOLON)) == NULL) {
- /* The entry contains a provider name:unload only */
- free_entry(pent);
- return (FAILURE);
+ token2 = strtok(NULL, SEP_SEMICOLON);
+ /*
+ * If token2 is NULL, the entry contains a
+ * provider name:unload only
+ */
}
- }
- /* need to get token3 first to satisfy nested strtok invocations */
+ if (token2 != NULL) {
+ /*
+ * Either supportedlist or disabledlist or both are present.
+ * Need to call strtok() to get token3 first, as function
+ * parse_sup_dis_list() makes strtok() calls on the
+ * token2 substring.
+ */
token3 = strtok(NULL, SEP_SEMICOLON); /* optional */
/* parse supportedlist (or disabledlist if no supportedlist) */
- if ((token2 != NULL) && ((rc = parse_sup_dis_list(token2, pent)) !=
- SUCCESS)) {
+ if ((rc = parse_sup_dis_list(token2, pent)) != SUCCESS) {
free_entry(pent);
return (rc);
}
/* parse disabledlist (if there's a supportedlist) */
- if ((token3 != NULL) && ((rc = parse_sup_dis_list(token3, pent)) !=
- SUCCESS)) {
+ if ((token3 != NULL) && ((rc = parse_sup_dis_list(token3,
+ pent)) != SUCCESS)) {
free_entry(pent);
return (rc);
}
+ }
*ppent = pent;
return (SUCCESS);
}
@@ -412,15 +432,16 @@
/*
* Convert an entry to a string. This routine builds a string for the entry
* to be inserted in the kcf.conf file. Based on the content of each entry,
- * the result string can be one of these 6 forms:
+ * the result string can be one of these 7 forms:
* - name:supportedlist=m1,m2,...,mj
* - name:disabledlist=m1,m2,...,mj
* - name:supportedlist=m1,...,mj;disabledlist=m1,m2,...,mk
*
+ * - name:unload
* - name:unload;supportedlist=m1,m2,...,mj
* - name:unload;disabledlist=m1,m2,...,mj
* - name:unload;supportedlist=m1,...,mj;disabledlist=m1,m2,...,mk
*
* Note that the caller is responsible for freeing the returned string