kssl/ksslcfg/ksslcfg_create.c

c28749e97052f09388969427adf7df641cdcdc22kais/*
c28749e97052f09388969427adf7df641cdcdc22kais * CDDL HEADER START
c28749e97052f09388969427adf7df641cdcdc22kais *
c28749e97052f09388969427adf7df641cdcdc22kais * The contents of this file are subject to the terms of the
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna * Common Development and Distribution License (the "License").
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna * You may not use this file except in compliance with the License.
c28749e97052f09388969427adf7df641cdcdc22kais *
c28749e97052f09388969427adf7df641cdcdc22kais * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
c28749e97052f09388969427adf7df641cdcdc22kais * or http://www.opensolaris.org/os/licensing.
c28749e97052f09388969427adf7df641cdcdc22kais * See the License for the specific language governing permissions
c28749e97052f09388969427adf7df641cdcdc22kais * and limitations under the License.
c28749e97052f09388969427adf7df641cdcdc22kais *
c28749e97052f09388969427adf7df641cdcdc22kais * When distributing Covered Code, include this CDDL HEADER in each
c28749e97052f09388969427adf7df641cdcdc22kais * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
c28749e97052f09388969427adf7df641cdcdc22kais * If applicable, add the following below this CDDL HEADER, with the
c28749e97052f09388969427adf7df641cdcdc22kais * fields enclosed by brackets "[]" replaced with your own identifying
c28749e97052f09388969427adf7df641cdcdc22kais * information: Portions Copyright [yyyy] [name of copyright owner]
c28749e97052f09388969427adf7df641cdcdc22kais *
c28749e97052f09388969427adf7df641cdcdc22kais * CDDL HEADER END
c28749e97052f09388969427adf7df641cdcdc22kais */
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna
c28749e97052f09388969427adf7df641cdcdc22kais/*
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
c28749e97052f09388969427adf7df641cdcdc22kais */
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais#include <libscf.h>
c28749e97052f09388969427adf7df641cdcdc22kais#include <netinet/in.h>
c28749e97052f09388969427adf7df641cdcdc22kais#include <stdio.h>
c28749e97052f09388969427adf7df641cdcdc22kais#include <stdlib.h>
c28749e97052f09388969427adf7df641cdcdc22kais#include <strings.h>
c28749e97052f09388969427adf7df641cdcdc22kais#include <sys/types.h>
c28749e97052f09388969427adf7df641cdcdc22kais#include "ksslcfg.h"
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kaisvoid
c28749e97052f09388969427adf7df641cdcdc22kaisusage_create(boolean_t do_print)
c28749e97052f09388969427adf7df641cdcdc22kais{
c28749e97052f09388969427adf7df641cdcdc22kais    if (do_print)
c28749e97052f09388969427adf7df641cdcdc22kais        (void) fprintf(stderr, gettext("Usage:\n"));
c28749e97052f09388969427adf7df641cdcdc22kais    (void) fprintf(stderr, "ksslcfg create"
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        " -f pkcs11 [-d softtoken_directory] -T <token_label>"
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        " -C <certificate_label> -x <proxy_port>"
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        " [-h <ca_certchain_file>]"
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        " [options] [<server_address>] <server_port>\n");
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    (void) fprintf(stderr, "ksslcfg create"
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        " -f pkcs12 -i <cert_and_key_pk12file> -x <proxy_port>"
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        " [options] [<server_address>] <server_port>\n");
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    (void) fprintf(stderr, "ksslcfg create"
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        " -f pem -i <cert_and_key_pemfile> -x <proxy_port>"
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        " [options] [<server_address>] <server_port>\n");
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    (void) fprintf(stderr, gettext("options are:\n"));
c28749e97052f09388969427adf7df641cdcdc22kais    (void) fprintf(stderr, "\t[-c <ciphersuites>]\n"
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        "\t[-p <password_file>]\n"
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        "\t[-t <ssl_session_cache_timeout>]\n"
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        "\t[-u <username>]\n"
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        "\t[-z <ssl_session_cache_size>]\n"
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        "\t[-v]\n");
c28749e97052f09388969427adf7df641cdcdc22kais}
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kaisstatic scf_propertygroup_t *
c28749e97052f09388969427adf7df641cdcdc22kaisadd_property_group_to_instance(scf_handle_t *handle, scf_instance_t *instance,
c28749e97052f09388969427adf7df641cdcdc22kais    const char *pg_name, const char *pg_type)
c28749e97052f09388969427adf7df641cdcdc22kais{
c28749e97052f09388969427adf7df641cdcdc22kais    scf_propertygroup_t *pg;
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    pg = scf_pg_create(handle);
c28749e97052f09388969427adf7df641cdcdc22kais    if (pg == NULL) {
c28749e97052f09388969427adf7df641cdcdc22kais        KSSL_DEBUG("scf_pg_create failed: %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais            scf_strerror(scf_error()));
c28749e97052f09388969427adf7df641cdcdc22kais        (void) fprintf(stderr, gettext(
c28749e97052f09388969427adf7df641cdcdc22kais            "Unexpected fatal libscf error: %s. Exiting.\n"),
c28749e97052f09388969427adf7df641cdcdc22kais            scf_strerror(scf_error()));
c28749e97052f09388969427adf7df641cdcdc22kais        return (NULL);
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    if (scf_instance_add_pg(instance, pg_name, pg_type, 0, pg) != 0) {
c28749e97052f09388969427adf7df641cdcdc22kais        KSSL_DEBUG("ERROR: scf_instance_add_pg failed: %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais            scf_strerror(scf_error()));
c28749e97052f09388969427adf7df641cdcdc22kais        if (scf_error() == SCF_ERROR_EXISTS)
c28749e97052f09388969427adf7df641cdcdc22kais            (void) fprintf(stderr, gettext(
c28749e97052f09388969427adf7df641cdcdc22kais                "Error: another process is modifying this instance."
c28749e97052f09388969427adf7df641cdcdc22kais                " Exiting.\n"));
c28749e97052f09388969427adf7df641cdcdc22kais        else
c28749e97052f09388969427adf7df641cdcdc22kais            (void) fprintf(stderr, gettext(
c28749e97052f09388969427adf7df641cdcdc22kais                "Unexpected fatal libscf error: %s. Exiting.\n"),
c28749e97052f09388969427adf7df641cdcdc22kais                scf_strerror(scf_error()));
c28749e97052f09388969427adf7df641cdcdc22kais        scf_pg_destroy(pg);
c28749e97052f09388969427adf7df641cdcdc22kais        return (NULL);
c28749e97052f09388969427adf7df641cdcdc22kais    } else {
c28749e97052f09388969427adf7df641cdcdc22kais        KSSL_DEBUG("property group created\n");
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    return (pg);
c28749e97052f09388969427adf7df641cdcdc22kais}
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kaisstatic int
c28749e97052f09388969427adf7df641cdcdc22kaisadd_new_property(scf_handle_t *handle, const char *prop_name,
c28749e97052f09388969427adf7df641cdcdc22kais    scf_type_t type, const char *val, scf_transaction_t *tx)
c28749e97052f09388969427adf7df641cdcdc22kais{
c28749e97052f09388969427adf7df641cdcdc22kais    scf_value_t *value = NULL;
c28749e97052f09388969427adf7df641cdcdc22kais    scf_transaction_entry_t *entry = NULL;
c28749e97052f09388969427adf7df641cdcdc22kais    int status = FAILURE;
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    entry = scf_entry_create(handle);
c28749e97052f09388969427adf7df641cdcdc22kais    if (entry == NULL) {
c28749e97052f09388969427adf7df641cdcdc22kais        KSSL_DEBUG("scf_entry_create failed: %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais            scf_strerror(scf_error()));
c28749e97052f09388969427adf7df641cdcdc22kais        goto out;
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais    KSSL_DEBUG("scf_entry_create succeeded\n");
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    value = scf_value_create(handle);
c28749e97052f09388969427adf7df641cdcdc22kais    if (value == NULL) {
c28749e97052f09388969427adf7df641cdcdc22kais        goto out;
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais    KSSL_DEBUG("scf_value_create succeeded\n");
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    if (scf_transaction_property_new(tx, entry, prop_name, type) != 0) {
c28749e97052f09388969427adf7df641cdcdc22kais        goto out;
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais    KSSL_DEBUG("scf_transaction_property_new succeeded\n");
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    if (scf_value_set_from_string(value, type, val) != 0) {
c28749e97052f09388969427adf7df641cdcdc22kais        goto out;
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais    KSSL_DEBUG("scf_value_set_from_string \'%s\' succeeded\n", val);
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    if (scf_entry_add_value(entry, value) != 0) {
c28749e97052f09388969427adf7df641cdcdc22kais        KSSL_DEBUG(
c28749e97052f09388969427adf7df641cdcdc22kais            "scf_entry_add_value failed: %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais            scf_strerror(scf_error()));
c28749e97052f09388969427adf7df641cdcdc22kais        goto out;
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais    KSSL_DEBUG("scf_entry_add_value succeeded\n");
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    status = SUCCESS;
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kaisout:
c28749e97052f09388969427adf7df641cdcdc22kais    if (status != SUCCESS)
c28749e97052f09388969427adf7df641cdcdc22kais        (void) fprintf(stderr, gettext(
c28749e97052f09388969427adf7df641cdcdc22kais            "Unexpected fatal libscf error: %s. Exiting.\n"),
c28749e97052f09388969427adf7df641cdcdc22kais            scf_strerror(scf_error()));
c28749e97052f09388969427adf7df641cdcdc22kais    return (status);
c28749e97052f09388969427adf7df641cdcdc22kais}
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kaisstatic int
c28749e97052f09388969427adf7df641cdcdc22kaisset_method_context(scf_handle_t *handle, scf_transaction_t *tran,
c28749e97052f09388969427adf7df641cdcdc22kais    const char *value_str)
c28749e97052f09388969427adf7df641cdcdc22kais{
c28749e97052f09388969427adf7df641cdcdc22kais    if ((add_new_property(handle, SCF_PROPERTY_USE_PROFILE,
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        SCF_TYPE_BOOLEAN, "false", tran) != SUCCESS) ||
c28749e97052f09388969427adf7df641cdcdc22kais        (add_new_property(handle, SCF_PROPERTY_USER, SCF_TYPE_ASTRING,
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        value_str, tran) != SUCCESS) ||
c28749e97052f09388969427adf7df641cdcdc22kais        (add_new_property(handle, SCF_PROPERTY_GROUP, SCF_TYPE_ASTRING,
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        ":default", tran) != SUCCESS) ||
c28749e97052f09388969427adf7df641cdcdc22kais        (add_new_property(handle, SCF_PROPERTY_LIMIT_PRIVILEGES,
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        SCF_TYPE_ASTRING, ":default", tran) != SUCCESS) ||
c28749e97052f09388969427adf7df641cdcdc22kais        (add_new_property(handle, SCF_PROPERTY_WORKING_DIRECTORY,
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        SCF_TYPE_ASTRING, ":default", tran) != SUCCESS) ||
c28749e97052f09388969427adf7df641cdcdc22kais        (add_new_property(handle, SCF_PROPERTY_SUPP_GROUPS,
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        SCF_TYPE_ASTRING, ":default", tran) != SUCCESS) ||
c28749e97052f09388969427adf7df641cdcdc22kais        (add_new_property(handle, SCF_PROPERTY_RESOURCE_POOL,
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        SCF_TYPE_ASTRING, ":default", tran) != SUCCESS) ||
c28749e97052f09388969427adf7df641cdcdc22kais        (add_new_property(handle, SCF_PROPERTY_PROJECT, SCF_TYPE_ASTRING,
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        ":default", tran) != SUCCESS) ||
c28749e97052f09388969427adf7df641cdcdc22kais        (add_new_property(handle, SCF_PROPERTY_PRIVILEGES,
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        SCF_TYPE_ASTRING, "basic,sys_net_config", tran) != SUCCESS))
c28749e97052f09388969427adf7df641cdcdc22kais        return (FAILURE);
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    return (SUCCESS);
c28749e97052f09388969427adf7df641cdcdc22kais}
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kaisstatic int
c28749e97052f09388969427adf7df641cdcdc22kaisadd_pg_method(scf_handle_t *handle, scf_instance_t *instance,
c28749e97052f09388969427adf7df641cdcdc22kais    const char *kssl_entry, const char *pg_name, const char *flags,
c28749e97052f09388969427adf7df641cdcdc22kais    const char *value_str)
c28749e97052f09388969427adf7df641cdcdc22kais{
c28749e97052f09388969427adf7df641cdcdc22kais    int len, rv;
c28749e97052f09388969427adf7df641cdcdc22kais    char *command;
c28749e97052f09388969427adf7df641cdcdc22kais    const char *base_command;
c28749e97052f09388969427adf7df641cdcdc22kais    int status = FAILURE;
c28749e97052f09388969427adf7df641cdcdc22kais    boolean_t errflag = B_FALSE;
c28749e97052f09388969427adf7df641cdcdc22kais    scf_transaction_t *tran;
c28749e97052f09388969427adf7df641cdcdc22kais    scf_propertygroup_t *pg;
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    pg = add_property_group_to_instance(handle, instance,
c28749e97052f09388969427adf7df641cdcdc22kais        pg_name, SCF_GROUP_METHOD);
c28749e97052f09388969427adf7df641cdcdc22kais    if (pg == NULL) {
c28749e97052f09388969427adf7df641cdcdc22kais        /* flag is false to suppress duplicate error messages */
c28749e97052f09388969427adf7df641cdcdc22kais        errflag = B_FALSE;
c28749e97052f09388969427adf7df641cdcdc22kais        goto out0;
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais    KSSL_DEBUG("%s method added\n", pg_name);
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    tran = scf_transaction_create(handle);
c28749e97052f09388969427adf7df641cdcdc22kais    if (tran == NULL) {
c28749e97052f09388969427adf7df641cdcdc22kais        KSSL_DEBUG("scf_transaction_create failed: %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais            scf_strerror(scf_error()));
c28749e97052f09388969427adf7df641cdcdc22kais        errflag = B_TRUE;
c28749e97052f09388969427adf7df641cdcdc22kais        goto out0;
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais    KSSL_DEBUG("scf_transaction_create succeeded\n");
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    do {
c28749e97052f09388969427adf7df641cdcdc22kais        if (scf_transaction_start(tran, pg) != 0) {
c28749e97052f09388969427adf7df641cdcdc22kais            KSSL_DEBUG("scf_transaction_start failed: %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais                scf_strerror(scf_error()));
c28749e97052f09388969427adf7df641cdcdc22kais            if (scf_error() == SCF_ERROR_PERMISSION_DENIED) {
c28749e97052f09388969427adf7df641cdcdc22kais                (void) fprintf(stderr, gettext(
c28749e97052f09388969427adf7df641cdcdc22kais                    "Error: Permission denied.\n"));
c28749e97052f09388969427adf7df641cdcdc22kais                errflag = B_FALSE;
c28749e97052f09388969427adf7df641cdcdc22kais            } else if (scf_error() ==  SCF_ERROR_DELETED) {
c28749e97052f09388969427adf7df641cdcdc22kais                (void) fprintf(stderr, gettext(
c28749e97052f09388969427adf7df641cdcdc22kais                    "Error: property group %s has"
c28749e97052f09388969427adf7df641cdcdc22kais                    " been deleted.\n"), pg_name);
c28749e97052f09388969427adf7df641cdcdc22kais                errflag = B_FALSE;
c28749e97052f09388969427adf7df641cdcdc22kais            } else
c28749e97052f09388969427adf7df641cdcdc22kais                errflag = B_TRUE;
c28749e97052f09388969427adf7df641cdcdc22kais            goto out1;
c28749e97052f09388969427adf7df641cdcdc22kais        }
c28749e97052f09388969427adf7df641cdcdc22kais        KSSL_DEBUG("scf_transaction_start succeeded\n");
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais        if (strcmp(pg_name, "stop") == 0)
c28749e97052f09388969427adf7df641cdcdc22kais            base_command = "/usr/lib/kssladm delete";
c28749e97052f09388969427adf7df641cdcdc22kais        else
c28749e97052f09388969427adf7df641cdcdc22kais            base_command = "/usr/lib/kssladm create";
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais        len = strlen(base_command) + strlen(flags) +
c28749e97052f09388969427adf7df641cdcdc22kais            strlen(kssl_entry) + 3;
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais        command = malloc(len);
c28749e97052f09388969427adf7df641cdcdc22kais        if (command == NULL) {
c28749e97052f09388969427adf7df641cdcdc22kais            goto out2;
c28749e97052f09388969427adf7df641cdcdc22kais        }
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais        (void) snprintf(command, len, "%s %s %s",
c28749e97052f09388969427adf7df641cdcdc22kais            base_command, flags, kssl_entry);
c28749e97052f09388969427adf7df641cdcdc22kais        KSSL_DEBUG("command=%s\n", command);
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais        if (add_new_property(handle, SCF_PROPERTY_EXEC,
c28749e97052f09388969427adf7df641cdcdc22kais            SCF_TYPE_ASTRING, command, tran) != SUCCESS) {
c28749e97052f09388969427adf7df641cdcdc22kais            free(command);
c28749e97052f09388969427adf7df641cdcdc22kais            goto out2;
c28749e97052f09388969427adf7df641cdcdc22kais        }
c28749e97052f09388969427adf7df641cdcdc22kais        free(command);
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais        if (add_new_property(handle, SCF_PROPERTY_TIMEOUT,
c28749e97052f09388969427adf7df641cdcdc22kais            SCF_TYPE_COUNT, "60", tran) != SUCCESS)
c28749e97052f09388969427adf7df641cdcdc22kais            goto out2;
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais        if (set_method_context(handle, tran, value_str) != SUCCESS)
c28749e97052f09388969427adf7df641cdcdc22kais            goto out2;
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais        rv = scf_transaction_commit(tran);
c28749e97052f09388969427adf7df641cdcdc22kais        switch (rv) {
c28749e97052f09388969427adf7df641cdcdc22kais        case 1:
c28749e97052f09388969427adf7df641cdcdc22kais            KSSL_DEBUG("scf_transaction_commit succeeded\n");
c28749e97052f09388969427adf7df641cdcdc22kais            status = SUCCESS;
c28749e97052f09388969427adf7df641cdcdc22kais            goto out2;
c28749e97052f09388969427adf7df641cdcdc22kais        case 0:
c28749e97052f09388969427adf7df641cdcdc22kais            scf_transaction_reset(tran);
c28749e97052f09388969427adf7df641cdcdc22kais            if (scf_pg_update(pg) == -1) {
c28749e97052f09388969427adf7df641cdcdc22kais                goto out2;
c28749e97052f09388969427adf7df641cdcdc22kais            }
c28749e97052f09388969427adf7df641cdcdc22kais            break;
c28749e97052f09388969427adf7df641cdcdc22kais        case -1:
c28749e97052f09388969427adf7df641cdcdc22kais        default:
c28749e97052f09388969427adf7df641cdcdc22kais            KSSL_DEBUG("ERROR: scf_transaction_commit failed: %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais                scf_strerror(scf_error()));
c28749e97052f09388969427adf7df641cdcdc22kais            if (scf_error() == SCF_ERROR_PERMISSION_DENIED) {
c28749e97052f09388969427adf7df641cdcdc22kais                (void) fprintf(stderr, gettext(
c28749e97052f09388969427adf7df641cdcdc22kais                    "Error: Permission denied.\n"));
c28749e97052f09388969427adf7df641cdcdc22kais                errflag = B_FALSE;
c28749e97052f09388969427adf7df641cdcdc22kais            } else {
c28749e97052f09388969427adf7df641cdcdc22kais                errflag = B_TRUE;
c28749e97052f09388969427adf7df641cdcdc22kais            }
c28749e97052f09388969427adf7df641cdcdc22kais            goto out2;
c28749e97052f09388969427adf7df641cdcdc22kais        }
c28749e97052f09388969427adf7df641cdcdc22kais    } while (rv == 0);
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kaisout2:
c28749e97052f09388969427adf7df641cdcdc22kais    scf_transaction_reset(tran);
c28749e97052f09388969427adf7df641cdcdc22kaisout1:
c28749e97052f09388969427adf7df641cdcdc22kais    scf_transaction_destroy_children(tran);
c28749e97052f09388969427adf7df641cdcdc22kais    scf_transaction_destroy(tran);
c28749e97052f09388969427adf7df641cdcdc22kaisout0:
c28749e97052f09388969427adf7df641cdcdc22kais    if (pg != NULL)
c28749e97052f09388969427adf7df641cdcdc22kais        scf_pg_destroy(pg);
c28749e97052f09388969427adf7df641cdcdc22kais    if (errflag)
c28749e97052f09388969427adf7df641cdcdc22kais        (void) fprintf(stderr, gettext(
c28749e97052f09388969427adf7df641cdcdc22kais            "Unexpected fatal libscf error: %s. Exiting.\n"),
c28749e97052f09388969427adf7df641cdcdc22kais            scf_strerror(scf_error()));
c28749e97052f09388969427adf7df641cdcdc22kais    return (status);
c28749e97052f09388969427adf7df641cdcdc22kais}
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kaisstatic int
c28749e97052f09388969427adf7df641cdcdc22kaiscreate_instance(scf_handle_t *handle, scf_service_t *svc,
c28749e97052f09388969427adf7df641cdcdc22kais    const char *instance_name, const char *kssl_entry, const char *command,
c28749e97052f09388969427adf7df641cdcdc22kais    const char *username, char *inaddr_any_name)
c28749e97052f09388969427adf7df641cdcdc22kais{
c28749e97052f09388969427adf7df641cdcdc22kais    int status = FAILURE;
c28749e97052f09388969427adf7df641cdcdc22kais    char *buf;
c28749e97052f09388969427adf7df641cdcdc22kais    boolean_t errflag = B_FALSE;
c28749e97052f09388969427adf7df641cdcdc22kais    ssize_t max_fmri_len;
c28749e97052f09388969427adf7df641cdcdc22kais    scf_instance_t *instance;
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    instance = scf_instance_create(handle);
c28749e97052f09388969427adf7df641cdcdc22kais    if (instance == NULL) {
c28749e97052f09388969427adf7df641cdcdc22kais        errflag = B_TRUE;
c28749e97052f09388969427adf7df641cdcdc22kais        KSSL_DEBUG("scf_instance_create failed: %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais            scf_strerror(scf_error()));
c28749e97052f09388969427adf7df641cdcdc22kais        goto out;
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais    KSSL_DEBUG("scf_instance_create succeeded\n");
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    if (scf_service_get_instance(svc, inaddr_any_name, instance) == 0) {
c28749e97052f09388969427adf7df641cdcdc22kais        /* Let the caller deal with the duplicate instance */
c28749e97052f09388969427adf7df641cdcdc22kais        status = INSTANCE_ANY_EXISTS;
c28749e97052f09388969427adf7df641cdcdc22kais        goto out;
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    if (scf_service_add_instance(svc, instance_name, instance) != 0) {
c28749e97052f09388969427adf7df641cdcdc22kais        if (scf_error() == SCF_ERROR_EXISTS) {
c28749e97052f09388969427adf7df641cdcdc22kais            /* Let the caller deal with the duplicate instance */
c28749e97052f09388969427adf7df641cdcdc22kais            status = INSTANCE_OTHER_EXISTS;
c28749e97052f09388969427adf7df641cdcdc22kais            goto out;
c28749e97052f09388969427adf7df641cdcdc22kais        }
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais        errflag = B_TRUE;
c28749e97052f09388969427adf7df641cdcdc22kais        KSSL_DEBUG("scf_service_add_instance failed: %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais            scf_strerror(scf_error()));
c28749e97052f09388969427adf7df641cdcdc22kais        goto out;
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais    KSSL_DEBUG("scf_service_add_instance succeeded\n");
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    if ((add_pg_method(handle, instance, kssl_entry, "start",
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        command, username) != SUCCESS) ||
c28749e97052f09388969427adf7df641cdcdc22kais        (add_pg_method(handle, instance, kssl_entry, "refresh",
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        command, username) != SUCCESS) ||
c28749e97052f09388969427adf7df641cdcdc22kais        (add_pg_method(handle, instance, kssl_entry, "stop",
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        "", username) != SUCCESS)) {
c28749e97052f09388969427adf7df641cdcdc22kais        scf_instance_destroy(instance);
c28749e97052f09388969427adf7df641cdcdc22kais        return (status);
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    /* enabling the instance */
c28749e97052f09388969427adf7df641cdcdc22kais    max_fmri_len = scf_limit(SCF_LIMIT_MAX_FMRI_LENGTH);
c28749e97052f09388969427adf7df641cdcdc22kais    if ((buf = malloc(max_fmri_len + 1)) == NULL)
c28749e97052f09388969427adf7df641cdcdc22kais        goto out;
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    if (scf_instance_to_fmri(instance, buf, max_fmri_len + 1) > 0) {
c28749e97052f09388969427adf7df641cdcdc22kais        KSSL_DEBUG("instance_fmri=%s\n", buf);
c28749e97052f09388969427adf7df641cdcdc22kais        if (smf_enable_instance(buf, 0) != 0) {
c28749e97052f09388969427adf7df641cdcdc22kais            errflag = B_TRUE;
c28749e97052f09388969427adf7df641cdcdc22kais            KSSL_DEBUG(
c28749e97052f09388969427adf7df641cdcdc22kais                "smf_enable_instance failed: %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais                scf_strerror(scf_error()));
c28749e97052f09388969427adf7df641cdcdc22kais            goto out;
c28749e97052f09388969427adf7df641cdcdc22kais        }
c28749e97052f09388969427adf7df641cdcdc22kais        status = SUCCESS;
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kaisout:
c28749e97052f09388969427adf7df641cdcdc22kais    if (instance != NULL)
c28749e97052f09388969427adf7df641cdcdc22kais        scf_instance_destroy(instance);
c28749e97052f09388969427adf7df641cdcdc22kais    if (errflag)
c28749e97052f09388969427adf7df641cdcdc22kais        (void) fprintf(stderr, gettext(
c28749e97052f09388969427adf7df641cdcdc22kais            "Unexpected fatal libscf error: %s. Exiting.\n"),
c28749e97052f09388969427adf7df641cdcdc22kais            scf_strerror(scf_error()));
c28749e97052f09388969427adf7df641cdcdc22kais    return (status);
c28749e97052f09388969427adf7df641cdcdc22kais}
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kaisstatic int
c28749e97052f09388969427adf7df641cdcdc22kaiscreate_service(const char *instance_name, const char *kssl_entry,
c28749e97052f09388969427adf7df641cdcdc22kais    const char *command, const char *username, char *inaddr_any_name)
c28749e97052f09388969427adf7df641cdcdc22kais{
c28749e97052f09388969427adf7df641cdcdc22kais    int status = FAILURE;
c28749e97052f09388969427adf7df641cdcdc22kais    scf_scope_t *scope;
c28749e97052f09388969427adf7df641cdcdc22kais    scf_service_t *svc;
c28749e97052f09388969427adf7df641cdcdc22kais    scf_handle_t *handle;
c28749e97052f09388969427adf7df641cdcdc22kais    boolean_t errflag = B_TRUE;
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    handle = scf_handle_create(SCF_VERSION);
c28749e97052f09388969427adf7df641cdcdc22kais    if (handle == NULL) {
c28749e97052f09388969427adf7df641cdcdc22kais        KSSL_DEBUG("scf_handle_create failed: %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais            scf_strerror(scf_error()));
c28749e97052f09388969427adf7df641cdcdc22kais        goto out1;
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais    KSSL_DEBUG("scf_handle_create succeeded\n");
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    if (scf_handle_bind(handle) == -1) {
c28749e97052f09388969427adf7df641cdcdc22kais        KSSL_DEBUG("scf_handle_bind failed: %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais            scf_strerror(scf_error()));
c28749e97052f09388969427adf7df641cdcdc22kais        goto out1;
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais    KSSL_DEBUG("scf_handle_bind succeeded\n");
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    if ((scope = scf_scope_create(handle)) == NULL) {
c28749e97052f09388969427adf7df641cdcdc22kais        KSSL_DEBUG("scf_scope_create failed: %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais            scf_strerror(scf_error()));
c28749e97052f09388969427adf7df641cdcdc22kais        goto out2;
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais    KSSL_DEBUG("scf_scope_create succeeded\n");
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    if ((svc = scf_service_create(handle)) == NULL) {
c28749e97052f09388969427adf7df641cdcdc22kais        KSSL_DEBUG("scf_service_create failed: %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais            scf_strerror(scf_error()));
c28749e97052f09388969427adf7df641cdcdc22kais        goto out3;
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais    KSSL_DEBUG("scf_service_create succeeded\n");
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    if (scf_handle_decode_fmri(handle, SERVICE_NAME, NULL, svc,
c28749e97052f09388969427adf7df641cdcdc22kais        NULL, NULL, NULL, SCF_DECODE_FMRI_EXACT) != 0) {
c28749e97052f09388969427adf7df641cdcdc22kais        KSSL_DEBUG("scf_handle_decode_fmri failed: %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais            scf_strerror(scf_error()));
c28749e97052f09388969427adf7df641cdcdc22kais        if (scf_error() == SCF_ERROR_NOT_FOUND) {
c28749e97052f09388969427adf7df641cdcdc22kais            (void) fprintf(stderr, gettext(
c28749e97052f09388969427adf7df641cdcdc22kais                "service %s not found in the repository."
c28749e97052f09388969427adf7df641cdcdc22kais                " Exiting.\n"), SERVICE_NAME);
c28749e97052f09388969427adf7df641cdcdc22kais            errflag = B_FALSE;
c28749e97052f09388969427adf7df641cdcdc22kais        }
c28749e97052f09388969427adf7df641cdcdc22kais        goto out4;
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    status = create_instance(handle, svc, instance_name, kssl_entry,
c28749e97052f09388969427adf7df641cdcdc22kais        command, username, inaddr_any_name);
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kaisout4:
c28749e97052f09388969427adf7df641cdcdc22kais    scf_service_destroy(svc);
c28749e97052f09388969427adf7df641cdcdc22kaisout3:
c28749e97052f09388969427adf7df641cdcdc22kais    scf_scope_destroy(scope);
c28749e97052f09388969427adf7df641cdcdc22kaisout2:
c28749e97052f09388969427adf7df641cdcdc22kais    (void) scf_handle_unbind(handle);
c28749e97052f09388969427adf7df641cdcdc22kaisout1:
c28749e97052f09388969427adf7df641cdcdc22kais    if (handle != NULL)
c28749e97052f09388969427adf7df641cdcdc22kais        scf_handle_destroy(handle);
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    if (status != SUCCESS && status != INSTANCE_OTHER_EXISTS &&
c28749e97052f09388969427adf7df641cdcdc22kais        status != INSTANCE_ANY_EXISTS && errflag)
c28749e97052f09388969427adf7df641cdcdc22kais        (void) fprintf(stderr, gettext(
c28749e97052f09388969427adf7df641cdcdc22kais            "Unexpected fatal libscf error: %s. Exiting.\n"),
c28749e97052f09388969427adf7df641cdcdc22kais            scf_strerror(scf_error()));
c28749e97052f09388969427adf7df641cdcdc22kais    return (status);
c28749e97052f09388969427adf7df641cdcdc22kais}
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kaisint
c28749e97052f09388969427adf7df641cdcdc22kaisdo_create(int argc, char *argv[])
c28749e97052f09388969427adf7df641cdcdc22kais{
c28749e97052f09388969427adf7df641cdcdc22kais    char c;
c28749e97052f09388969427adf7df641cdcdc22kais    char *buf, *ptr, *instance_name;
c28749e97052f09388969427adf7df641cdcdc22kais    char *inaddr_any_name = NULL;
c28749e97052f09388969427adf7df641cdcdc22kais    int i, status, len, pcnt;
c28749e97052f09388969427adf7df641cdcdc22kais    const char *token_label = NULL;
c28749e97052f09388969427adf7df641cdcdc22kais    const char *filename = NULL;
c28749e97052f09388969427adf7df641cdcdc22kais    const char *certname = NULL;
c28749e97052f09388969427adf7df641cdcdc22kais    const char *username = NULL;
c28749e97052f09388969427adf7df641cdcdc22kais    const char *proxy_port = NULL;
c28749e97052f09388969427adf7df641cdcdc22kais    char *format = NULL;
c28749e97052f09388969427adf7df641cdcdc22kais    boolean_t quote_next;
c28749e97052f09388969427adf7df641cdcdc22kais    char address_port[MAX_ADRPORT_LEN + 1];
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    argc -= 1;
c28749e97052f09388969427adf7df641cdcdc22kais    argv += 1;
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    /*
c28749e97052f09388969427adf7df641cdcdc22kais     * Many of these arguments are passed on to kssladm command
c28749e97052f09388969427adf7df641cdcdc22kais     * in the start method of the SMF instance created. So, we do only
c28749e97052f09388969427adf7df641cdcdc22kais     * the basic usage checks here and let kssladm check the validity
c28749e97052f09388969427adf7df641cdcdc22kais     * of the arguments. This is the reason we ignore optarg
c28749e97052f09388969427adf7df641cdcdc22kais     * for some of the cases below.
c28749e97052f09388969427adf7df641cdcdc22kais     */
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna    while ((c = getopt(argc, argv, "vT:d:f:h:i:p:c:C:t:u:x:z:")) != -1) {
c28749e97052f09388969427adf7df641cdcdc22kais        switch (c) {
c28749e97052f09388969427adf7df641cdcdc22kais        case 'd':
c28749e97052f09388969427adf7df641cdcdc22kais            break;
c28749e97052f09388969427adf7df641cdcdc22kais        case 'c':
c28749e97052f09388969427adf7df641cdcdc22kais            break;
c28749e97052f09388969427adf7df641cdcdc22kais        case 'C':
c28749e97052f09388969427adf7df641cdcdc22kais            certname = optarg;
c28749e97052f09388969427adf7df641cdcdc22kais            break;
c28749e97052f09388969427adf7df641cdcdc22kais        case 'f':
c28749e97052f09388969427adf7df641cdcdc22kais            format = optarg;
c28749e97052f09388969427adf7df641cdcdc22kais            break;
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna        case 'h':
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna            break;
c28749e97052f09388969427adf7df641cdcdc22kais        case 'i':
c28749e97052f09388969427adf7df641cdcdc22kais            filename = optarg;
c28749e97052f09388969427adf7df641cdcdc22kais            break;
c28749e97052f09388969427adf7df641cdcdc22kais        case 'T':
c28749e97052f09388969427adf7df641cdcdc22kais            token_label = optarg;
c28749e97052f09388969427adf7df641cdcdc22kais            break;
c28749e97052f09388969427adf7df641cdcdc22kais        case 'p':
c28749e97052f09388969427adf7df641cdcdc22kais            break;
c28749e97052f09388969427adf7df641cdcdc22kais        case 't':
c28749e97052f09388969427adf7df641cdcdc22kais            break;
c28749e97052f09388969427adf7df641cdcdc22kais        case 'u':
c28749e97052f09388969427adf7df641cdcdc22kais            username = optarg;
c28749e97052f09388969427adf7df641cdcdc22kais            break;
c28749e97052f09388969427adf7df641cdcdc22kais        case 'x':
c28749e97052f09388969427adf7df641cdcdc22kais            proxy_port = optarg;
c28749e97052f09388969427adf7df641cdcdc22kais            break;
c28749e97052f09388969427adf7df641cdcdc22kais        case 'v':
c28749e97052f09388969427adf7df641cdcdc22kais            verbose = B_TRUE;
c28749e97052f09388969427adf7df641cdcdc22kais            break;
c28749e97052f09388969427adf7df641cdcdc22kais        case 'z':
c28749e97052f09388969427adf7df641cdcdc22kais            break;
c28749e97052f09388969427adf7df641cdcdc22kais        default:
c28749e97052f09388969427adf7df641cdcdc22kais            goto err;
c28749e97052f09388969427adf7df641cdcdc22kais        }
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    if (format == NULL || proxy_port == NULL) {
c28749e97052f09388969427adf7df641cdcdc22kais        goto err;
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    if (get_portnum(proxy_port, NULL) == 0) {
c28749e97052f09388969427adf7df641cdcdc22kais        (void) fprintf(stderr,
c28749e97052f09388969427adf7df641cdcdc22kais            gettext("Error: Invalid proxy port value %s\n"),
c28749e97052f09388969427adf7df641cdcdc22kais            proxy_port);
c28749e97052f09388969427adf7df641cdcdc22kais        goto err;
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    if (strcmp(format, "pkcs11") == 0) {
c28749e97052f09388969427adf7df641cdcdc22kais        if (token_label == NULL || certname == NULL) {
c28749e97052f09388969427adf7df641cdcdc22kais            goto err;
c28749e97052f09388969427adf7df641cdcdc22kais        }
c28749e97052f09388969427adf7df641cdcdc22kais    } else if (strcmp(format, "pkcs12") == 0 ||
c28749e97052f09388969427adf7df641cdcdc22kais        strcmp(format, "pem") == 0) {
c28749e97052f09388969427adf7df641cdcdc22kais        if (filename == NULL) {
c28749e97052f09388969427adf7df641cdcdc22kais            goto err;
c28749e97052f09388969427adf7df641cdcdc22kais        }
c28749e97052f09388969427adf7df641cdcdc22kais    } else {
c28749e97052f09388969427adf7df641cdcdc22kais        goto err;
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    pcnt = argc - optind;
c28749e97052f09388969427adf7df641cdcdc22kais    if (pcnt == 1) {
c28749e97052f09388969427adf7df641cdcdc22kais        if (strlen(argv[optind]) < MAX_ADRPORT_LEN) {
c28749e97052f09388969427adf7df641cdcdc22kais            (void) strcpy(address_port, argv[optind]);
c28749e97052f09388969427adf7df641cdcdc22kais        } else {
c28749e97052f09388969427adf7df641cdcdc22kais            (void) fprintf(stderr, gettext(
c28749e97052f09388969427adf7df641cdcdc22kais                "argument too long -- %s\n"),
c28749e97052f09388969427adf7df641cdcdc22kais                argv[optind]);
c28749e97052f09388969427adf7df641cdcdc22kais            return (FAILURE);
c28749e97052f09388969427adf7df641cdcdc22kais        }
c28749e97052f09388969427adf7df641cdcdc22kais    } else if (pcnt == 2) {
c28749e97052f09388969427adf7df641cdcdc22kais        if ((len = strlen(argv[optind])) +
c28749e97052f09388969427adf7df641cdcdc22kais            (strlen(argv[optind + 1])) < MAX_ADRPORT_LEN) {
c28749e97052f09388969427adf7df641cdcdc22kais            (void) strcpy(address_port, argv[optind]);
c28749e97052f09388969427adf7df641cdcdc22kais            address_port[len] = ' ';
c28749e97052f09388969427adf7df641cdcdc22kais            (void) strcpy(address_port + len + 1, argv[optind + 1]);
c28749e97052f09388969427adf7df641cdcdc22kais        } else {
c28749e97052f09388969427adf7df641cdcdc22kais            (void) fprintf(stderr, gettext(
c28749e97052f09388969427adf7df641cdcdc22kais                "arguments too long -- %s %s\n"),
c28749e97052f09388969427adf7df641cdcdc22kais                argv[optind], argv[optind + 1]);
c28749e97052f09388969427adf7df641cdcdc22kais            return (FAILURE);
c28749e97052f09388969427adf7df641cdcdc22kais        }
c28749e97052f09388969427adf7df641cdcdc22kais    } else {
c28749e97052f09388969427adf7df641cdcdc22kais        goto err;
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    /*
c28749e97052f09388969427adf7df641cdcdc22kais     * We need to create the kssladm command line in
c28749e97052f09388969427adf7df641cdcdc22kais     * the SMF instance from the current arguments.
c28749e97052f09388969427adf7df641cdcdc22kais     *
c28749e97052f09388969427adf7df641cdcdc22kais     * Construct a buffer with all the arguments except
c28749e97052f09388969427adf7df641cdcdc22kais     * the -u argument. We have to quote the string arguments,
c28749e97052f09388969427adf7df641cdcdc22kais     * -T and -C, as they can contain white space.
c28749e97052f09388969427adf7df641cdcdc22kais     */
c28749e97052f09388969427adf7df641cdcdc22kais    len = 0;
c28749e97052f09388969427adf7df641cdcdc22kais    for (i = 1; i < optind; i++) {
c28749e97052f09388969427adf7df641cdcdc22kais        len += strlen(argv[i]) + 3;
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    if ((buf = malloc(len)) == NULL) {
c28749e97052f09388969427adf7df641cdcdc22kais        return (FAILURE);
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    ptr = buf;
c28749e97052f09388969427adf7df641cdcdc22kais    quote_next = B_FALSE;
c28749e97052f09388969427adf7df641cdcdc22kais    for (i = 1; i < optind; i++) {
c28749e97052f09388969427adf7df641cdcdc22kais        int arglen =  strlen(argv[i]) + 1;
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais        if (strncmp(argv[i], "-u", 2) == 0) {
c28749e97052f09388969427adf7df641cdcdc22kais            i++;
c28749e97052f09388969427adf7df641cdcdc22kais            continue;
c28749e97052f09388969427adf7df641cdcdc22kais        }
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais        if (quote_next) {
c28749e97052f09388969427adf7df641cdcdc22kais            (void) snprintf(ptr, len, "\"%s\" ", argv[i]);
c28749e97052f09388969427adf7df641cdcdc22kais            quote_next = B_FALSE;
c28749e97052f09388969427adf7df641cdcdc22kais            arglen += 2;
c28749e97052f09388969427adf7df641cdcdc22kais        } else {
c28749e97052f09388969427adf7df641cdcdc22kais            (void) snprintf(ptr, len, "%s ", argv[i]);
c28749e97052f09388969427adf7df641cdcdc22kais        }
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais        quote_next = (strncmp(argv[i], "-T", 2) == 0 ||
c28749e97052f09388969427adf7df641cdcdc22kais            strncmp(argv[i], "-C", 2) == 0);
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais        ptr += arglen;
c28749e97052f09388969427adf7df641cdcdc22kais        len -= arglen;
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais    KSSL_DEBUG("buf=%s\n", buf);
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    instance_name = create_instance_name(address_port,
c28749e97052f09388969427adf7df641cdcdc22kais        &inaddr_any_name, B_TRUE);
c28749e97052f09388969427adf7df641cdcdc22kais    if (instance_name == NULL || inaddr_any_name == NULL) {
c28749e97052f09388969427adf7df641cdcdc22kais        free(buf);
c28749e97052f09388969427adf7df641cdcdc22kais        return (FAILURE);
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais    KSSL_DEBUG("instance_name=%s\n", instance_name);
c28749e97052f09388969427adf7df641cdcdc22kais    KSSL_DEBUG("inaddr_any_name=%s\n", inaddr_any_name);
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais    if (username == NULL)
c28749e97052f09388969427adf7df641cdcdc22kais        username = "root";
c28749e97052f09388969427adf7df641cdcdc22kais    status = create_service(instance_name, address_port,
c28749e97052f09388969427adf7df641cdcdc22kais        buf, username, inaddr_any_name);
c28749e97052f09388969427adf7df641cdcdc22kais    if (status == INSTANCE_OTHER_EXISTS || status == INSTANCE_ANY_EXISTS) {
c28749e97052f09388969427adf7df641cdcdc22kais        if (status == INSTANCE_ANY_EXISTS &&
c28749e97052f09388969427adf7df641cdcdc22kais            (strcmp(instance_name, inaddr_any_name) != SUCCESS)) {
c28749e97052f09388969427adf7df641cdcdc22kais            /*
c28749e97052f09388969427adf7df641cdcdc22kais             * The following could result in a misconfiguration.
c28749e97052f09388969427adf7df641cdcdc22kais             * Better bail out with an error.
c28749e97052f09388969427adf7df641cdcdc22kais             */
c28749e97052f09388969427adf7df641cdcdc22kais            (void) fprintf(stderr,
c28749e97052f09388969427adf7df641cdcdc22kais                gettext("Error: INADDR_ANY instance exists."
c28749e97052f09388969427adf7df641cdcdc22kais                " Can not create a new instance %s.\n"),
c28749e97052f09388969427adf7df641cdcdc22kais                instance_name);
c28749e97052f09388969427adf7df641cdcdc22kais            free(instance_name);
c28749e97052f09388969427adf7df641cdcdc22kais            free(inaddr_any_name);
c28749e97052f09388969427adf7df641cdcdc22kais            free(buf);
c28749e97052f09388969427adf7df641cdcdc22kais            return (status);
c28749e97052f09388969427adf7df641cdcdc22kais        }
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kais        /*
c28749e97052f09388969427adf7df641cdcdc22kais         * Delete the existing instance and create a new instance
c28749e97052f09388969427adf7df641cdcdc22kais         * with the supplied arguments.
c28749e97052f09388969427adf7df641cdcdc22kais         */
c28749e97052f09388969427adf7df641cdcdc22kais        KSSL_DEBUG("Deleting duplicate instance\n");
c28749e97052f09388969427adf7df641cdcdc22kais        if (delete_instance(instance_name) != SUCCESS) {
c28749e97052f09388969427adf7df641cdcdc22kais            (void) fprintf(stderr,
c28749e97052f09388969427adf7df641cdcdc22kais                gettext(
c28749e97052f09388969427adf7df641cdcdc22kais                "Error: Can not delete existing instance %s.\n"),
c28749e97052f09388969427adf7df641cdcdc22kais                instance_name);
c28749e97052f09388969427adf7df641cdcdc22kais        } else {
c28749e97052f09388969427adf7df641cdcdc22kais            (void) fprintf(stdout, gettext(
c28749e97052f09388969427adf7df641cdcdc22kais                "Note: reconfiguring the existing instance %s.\n"),
c28749e97052f09388969427adf7df641cdcdc22kais                instance_name);
c28749e97052f09388969427adf7df641cdcdc22kais            status = create_service(instance_name, address_port,
c28749e97052f09388969427adf7df641cdcdc22kais                buf, username, inaddr_any_name);
c28749e97052f09388969427adf7df641cdcdc22kais        }
c28749e97052f09388969427adf7df641cdcdc22kais    }
c28749e97052f09388969427adf7df641cdcdc22kais
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson    /*
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson     * network/ssl/proxy depends on network/socket-filter:kssl;
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson     * enable that service now.
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson     */
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson    if (smf_enable_instance(KSSL_FILTER_SVC_NAME, 0) != 0) {
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        KSSL_DEBUG(
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson            "smf_enable_instance failed: %s\n" KSSL_FILTER_SVC_NAME);
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        (void) fprintf(stderr, gettext(
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson            "Unable to enable required service \"%s\". Error: %s"),
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson            KSSL_FILTER_SVC_NAME, scf_strerror(scf_error()));
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson        status = FAILURE;
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson    }
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson
c28749e97052f09388969427adf7df641cdcdc22kais    free(instance_name);
c28749e97052f09388969427adf7df641cdcdc22kais    free(inaddr_any_name);
c28749e97052f09388969427adf7df641cdcdc22kais    free(buf);
c28749e97052f09388969427adf7df641cdcdc22kais    return (status);
c28749e97052f09388969427adf7df641cdcdc22kais
c28749e97052f09388969427adf7df641cdcdc22kaiserr:
c28749e97052f09388969427adf7df641cdcdc22kais    usage_create(B_TRUE);
c28749e97052f09388969427adf7df641cdcdc22kais    return (ERROR_USAGE);
c28749e97052f09388969427adf7df641cdcdc22kais}