c28749e97052f09388969427adf7df641cdcdc22kais * CDDL HEADER START
c28749e97052f09388969427adf7df641cdcdc22kais * The contents of this file are subject to the terms of the
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna * Common Development and Distribution License (the "License").
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna * You may not use this file except in compliance with the License.
c28749e97052f09388969427adf7df641cdcdc22kais * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
c28749e97052f09388969427adf7df641cdcdc22kais * See the License for the specific language governing permissions
c28749e97052f09388969427adf7df641cdcdc22kais * and limitations under the License.
c28749e97052f09388969427adf7df641cdcdc22kais * When distributing Covered Code, include this CDDL HEADER in each
c28749e97052f09388969427adf7df641cdcdc22kais * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
c28749e97052f09388969427adf7df641cdcdc22kais * If applicable, add the following below this CDDL HEADER, with the
c28749e97052f09388969427adf7df641cdcdc22kais * fields enclosed by brackets "[]" replaced with your own identifying
c28749e97052f09388969427adf7df641cdcdc22kais * information: Portions Copyright [yyyy] [name of copyright owner]
c28749e97052f09388969427adf7df641cdcdc22kais * CDDL HEADER END
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson " -f pkcs11 [-d softtoken_directory] -T <token_label>"
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson " -C <certificate_label> -x <proxy_port>"
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson " [-h <ca_certchain_file>]"
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson " [options] [<server_address>] <server_port>\n");
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson " -f pkcs12 -i <cert_and_key_pk12file> -x <proxy_port>"
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson " [options] [<server_address>] <server_port>\n");
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson " -f pem -i <cert_and_key_pemfile> -x <proxy_port>"
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson " [options] [<server_address>] <server_port>\n");
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson "\t[-p <password_file>]\n"
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson "\t[-t <ssl_session_cache_timeout>]\n"
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson "\t[-u <username>]\n"
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson "\t[-z <ssl_session_cache_size>]\n"
c28749e97052f09388969427adf7df641cdcdc22kaisadd_property_group_to_instance(scf_handle_t *handle, scf_instance_t *instance,
c28749e97052f09388969427adf7df641cdcdc22kais "Unexpected fatal libscf error: %s. Exiting.\n"),
c28749e97052f09388969427adf7df641cdcdc22kais if (scf_instance_add_pg(instance, pg_name, pg_type, 0, pg) != 0) {
c28749e97052f09388969427adf7df641cdcdc22kais "Error: another process is modifying this instance."
c28749e97052f09388969427adf7df641cdcdc22kais " Exiting.\n"));
c28749e97052f09388969427adf7df641cdcdc22kais "Unexpected fatal libscf error: %s. Exiting.\n"),
c28749e97052f09388969427adf7df641cdcdc22kaisadd_new_property(scf_handle_t *handle, const char *prop_name,
c28749e97052f09388969427adf7df641cdcdc22kais scf_type_t type, const char *val, scf_transaction_t *tx)
c28749e97052f09388969427adf7df641cdcdc22kais if (scf_transaction_property_new(tx, entry, prop_name, type) != 0) {
c28749e97052f09388969427adf7df641cdcdc22kais KSSL_DEBUG("scf_transaction_property_new succeeded\n");
c28749e97052f09388969427adf7df641cdcdc22kais if (scf_value_set_from_string(value, type, val) != 0) {
c28749e97052f09388969427adf7df641cdcdc22kais KSSL_DEBUG("scf_value_set_from_string \'%s\' succeeded\n", val);
c28749e97052f09388969427adf7df641cdcdc22kais "scf_entry_add_value failed: %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais "Unexpected fatal libscf error: %s. Exiting.\n"),
c28749e97052f09388969427adf7df641cdcdc22kaisset_method_context(scf_handle_t *handle, scf_transaction_t *tran,
c28749e97052f09388969427adf7df641cdcdc22kais const char *value_str)
c28749e97052f09388969427adf7df641cdcdc22kais if ((add_new_property(handle, SCF_PROPERTY_USE_PROFILE,
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson SCF_TYPE_BOOLEAN, "false", tran) != SUCCESS) ||
c28749e97052f09388969427adf7df641cdcdc22kais (add_new_property(handle, SCF_PROPERTY_USER, SCF_TYPE_ASTRING,
c28749e97052f09388969427adf7df641cdcdc22kais (add_new_property(handle, SCF_PROPERTY_GROUP, SCF_TYPE_ASTRING,
c28749e97052f09388969427adf7df641cdcdc22kais (add_new_property(handle, SCF_PROPERTY_LIMIT_PRIVILEGES,
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson SCF_TYPE_ASTRING, ":default", tran) != SUCCESS) ||
c28749e97052f09388969427adf7df641cdcdc22kais (add_new_property(handle, SCF_PROPERTY_WORKING_DIRECTORY,
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson SCF_TYPE_ASTRING, ":default", tran) != SUCCESS) ||
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson SCF_TYPE_ASTRING, ":default", tran) != SUCCESS) ||
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson SCF_TYPE_ASTRING, ":default", tran) != SUCCESS) ||
c28749e97052f09388969427adf7df641cdcdc22kais (add_new_property(handle, SCF_PROPERTY_PROJECT, SCF_TYPE_ASTRING,
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson SCF_TYPE_ASTRING, "basic,sys_net_config", tran) != SUCCESS))
c28749e97052f09388969427adf7df641cdcdc22kaisadd_pg_method(scf_handle_t *handle, scf_instance_t *instance,
c28749e97052f09388969427adf7df641cdcdc22kais const char *kssl_entry, const char *pg_name, const char *flags,
c28749e97052f09388969427adf7df641cdcdc22kais const char *value_str)
c28749e97052f09388969427adf7df641cdcdc22kais /* flag is false to suppress duplicate error messages */
c28749e97052f09388969427adf7df641cdcdc22kais "Error: Permission denied.\n"));
c28749e97052f09388969427adf7df641cdcdc22kais "Error: property group %s has"
c28749e97052f09388969427adf7df641cdcdc22kais if (set_method_context(handle, tran, value_str) != SUCCESS)
c28749e97052f09388969427adf7df641cdcdc22kais switch (rv) {
c28749e97052f09388969427adf7df641cdcdc22kais KSSL_DEBUG("ERROR: scf_transaction_commit failed: %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais "Error: Permission denied.\n"));
c28749e97052f09388969427adf7df641cdcdc22kais } while (rv == 0);
c28749e97052f09388969427adf7df641cdcdc22kais "Unexpected fatal libscf error: %s. Exiting.\n"),
c28749e97052f09388969427adf7df641cdcdc22kaiscreate_instance(scf_handle_t *handle, scf_service_t *svc,
c28749e97052f09388969427adf7df641cdcdc22kais const char *instance_name, const char *kssl_entry, const char *command,
c28749e97052f09388969427adf7df641cdcdc22kais if (scf_service_get_instance(svc, inaddr_any_name, instance) == 0) {
c28749e97052f09388969427adf7df641cdcdc22kais /* Let the caller deal with the duplicate instance */
c28749e97052f09388969427adf7df641cdcdc22kais if (scf_service_add_instance(svc, instance_name, instance) != 0) {
c28749e97052f09388969427adf7df641cdcdc22kais /* Let the caller deal with the duplicate instance */
c28749e97052f09388969427adf7df641cdcdc22kais if ((add_pg_method(handle, instance, kssl_entry, "start",
c28749e97052f09388969427adf7df641cdcdc22kais (add_pg_method(handle, instance, kssl_entry, "refresh",
c28749e97052f09388969427adf7df641cdcdc22kais /* enabling the instance */
c28749e97052f09388969427adf7df641cdcdc22kais if (scf_instance_to_fmri(instance, buf, max_fmri_len + 1) > 0) {
c28749e97052f09388969427adf7df641cdcdc22kais "smf_enable_instance failed: %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais "Unexpected fatal libscf error: %s. Exiting.\n"),
c28749e97052f09388969427adf7df641cdcdc22kaiscreate_service(const char *instance_name, const char *kssl_entry,
c28749e97052f09388969427adf7df641cdcdc22kais const char *command, const char *username, char *inaddr_any_name)
c28749e97052f09388969427adf7df641cdcdc22kais if (scf_handle_decode_fmri(handle, SERVICE_NAME, NULL, svc,
c28749e97052f09388969427adf7df641cdcdc22kais "service %s not found in the repository."
c28749e97052f09388969427adf7df641cdcdc22kais status = create_instance(handle, svc, instance_name, kssl_entry,
c28749e97052f09388969427adf7df641cdcdc22kais if (status != SUCCESS && status != INSTANCE_OTHER_EXISTS &&
c28749e97052f09388969427adf7df641cdcdc22kais "Unexpected fatal libscf error: %s. Exiting.\n"),
c28749e97052f09388969427adf7df641cdcdc22kais * Many of these arguments are passed on to kssladm command
c28749e97052f09388969427adf7df641cdcdc22kais * in the start method of the SMF instance created. So, we do only
c28749e97052f09388969427adf7df641cdcdc22kais * the basic usage checks here and let kssladm check the validity
c28749e97052f09388969427adf7df641cdcdc22kais * of the arguments. This is the reason we ignore optarg
c28749e97052f09388969427adf7df641cdcdc22kais * for some of the cases below.
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna while ((c = getopt(argc, argv, "vT:d:f:h:i:p:c:C:t:u:x:z:")) != -1) {
c28749e97052f09388969427adf7df641cdcdc22kais switch (c) {
c28749e97052f09388969427adf7df641cdcdc22kais "argument too long -- %s\n"),
c28749e97052f09388969427adf7df641cdcdc22kais (void) strcpy(address_port + len + 1, argv[optind + 1]);
c28749e97052f09388969427adf7df641cdcdc22kais "arguments too long -- %s %s\n"),
c28749e97052f09388969427adf7df641cdcdc22kais * We need to create the kssladm command line in
c28749e97052f09388969427adf7df641cdcdc22kais * the SMF instance from the current arguments.
c28749e97052f09388969427adf7df641cdcdc22kais * Construct a buffer with all the arguments except
c28749e97052f09388969427adf7df641cdcdc22kais * the -u argument. We have to quote the string arguments,
c28749e97052f09388969427adf7df641cdcdc22kais * -T and -C, as they can contain white space.
c28749e97052f09388969427adf7df641cdcdc22kais if (instance_name == NULL || inaddr_any_name == NULL) {
c28749e97052f09388969427adf7df641cdcdc22kais if (status == INSTANCE_OTHER_EXISTS || status == INSTANCE_ANY_EXISTS) {
c28749e97052f09388969427adf7df641cdcdc22kais * The following could result in a misconfiguration.
c28749e97052f09388969427adf7df641cdcdc22kais * Better bail out with an error.
c28749e97052f09388969427adf7df641cdcdc22kais " Can not create a new instance %s.\n"),
c28749e97052f09388969427adf7df641cdcdc22kais * Delete the existing instance and create a new instance
c28749e97052f09388969427adf7df641cdcdc22kais * with the supplied arguments.
c28749e97052f09388969427adf7df641cdcdc22kais "Error: Can not delete existing instance %s.\n"),
c28749e97052f09388969427adf7df641cdcdc22kais "Note: reconfiguring the existing instance %s.\n"),
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson * network/ssl/proxy depends on network/socket-filter:kssl;
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson * enable that service now.
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson if (smf_enable_instance(KSSL_FILTER_SVC_NAME, 0) != 0) {
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson "smf_enable_instance failed: %s\n" KSSL_FILTER_SVC_NAME);
dd49f125507979bb2ab505a8daf2a46d1be27051Anders Persson "Unable to enable required service \"%s\". Error: %s"),