5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland/*
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * CDDL HEADER START
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland *
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * The contents of this file are subject to the terms of the
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * Common Development and Distribution License (the "License").
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * You may not use this file except in compliance with the License.
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland *
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * or http://www.opensolaris.org/os/licensing.
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * See the License for the specific language governing permissions
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * and limitations under the License.
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland *
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * When distributing Covered Code, include this CDDL HEADER in each
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * If applicable, add the following below this CDDL HEADER, with the
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * fields enclosed by brackets "[]" replaced with your own identifying
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * information: Portions Copyright [yyyy] [name of copyright owner]
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland *
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * CDDL HEADER END
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland/*
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * Use is subject to license terms.
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland#include <stdio.h>
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland#include <stdarg.h>
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland#include <stdlib.h>
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland#include <string.h>
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland#include <sys/types.h>
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland#include <unistd.h>
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland#include <signal.h>
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland#include <locale.h>
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland#include <sys/param.h>
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland#include <openssl/bio.h>
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland#include <libinst.h>
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland#include <pkglib.h>
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland#include <pkgerr.h>
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland#include <keystore.h>
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland#include "pkgadm.h"
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland#include "pkgadm_msgs.h"
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland/*
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * Name: removecert
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * Desc: Removes a user certificate and associated private key,
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * or a trusted certificate, from the keystore.
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * Syntax: addcert [-a app] [-k keystore] -n name [-P passarg] [-R altroot]
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterlandint
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterlandremovecert(int argc, char **argv)
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland{
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland int i;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland char keystore_file[MAXPATHLEN] = "";
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland char *keystore_base = NULL;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland char *homedir;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland char *passarg = NULL;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland char *altroot = NULL;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland char *prog = NULL;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland char *alias = NULL;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland int ret = 1;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland PKG_ERR *err = NULL;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland keystore_handle_t keystore = NULL;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland while ((i = getopt(argc, argv, ":a:k:n:P:R:")) != EOF) {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland switch (i) {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland case 'a':
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland prog = optarg;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland break;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland case 'k':
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland keystore_base = optarg;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland break;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland case 'n':
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland alias = optarg;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland break;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland case 'P':
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland passarg = optarg;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland break;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland case 'R':
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland altroot = optarg;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland break;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland case ':':
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_msg(LOG_MSG_ERR, MSG_MISSING_OPERAND, optopt);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland /* fallthrough intentional */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland case '?':
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland default:
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_msg(LOG_MSG_ERR, MSG_USAGE);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland goto cleanup;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland }
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland }
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland /* we require a name */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland if (alias == NULL) {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_msg(LOG_MSG_ERR, MSG_USAGE);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland goto cleanup;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland }
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland /* should be no arguments left */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland if ((argc-optind) > 0) {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_msg(LOG_MSG_ERR, MSG_USAGE);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland goto cleanup;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland }
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland /* set up proper keystore */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland if (keystore_base == NULL) {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland if (geteuid() == 0 || altroot != NULL) {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland /*
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * If we have an alternate
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * root, then we have no choice but to use
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * root's keystore on that alternate root,
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * since there is no way to resolve a
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * user's home dir given an alternate root
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland if (strlcat(keystore_file, PKGSEC,
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland MAXPATHLEN) >= MAXPATHLEN) {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_msg(LOG_MSG_ERR, MSG_TOO_LONG,
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland keystore_file);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland goto cleanup;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland }
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland } else {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland if ((homedir = getenv("HOME")) == NULL) {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland /*
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * not superuser, but no home dir, so
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * use superuser's keystore
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland if (strlcat(keystore_file, PKGSEC,
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland MAXPATHLEN) >= MAXPATHLEN) {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_msg(LOG_MSG_ERR, MSG_TOO_LONG,
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland keystore_file);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland goto cleanup;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland }
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland } else {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland if (strlcat(keystore_file, homedir,
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland MAXPATHLEN) >= MAXPATHLEN) {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_msg(LOG_MSG_ERR, MSG_TOO_LONG,
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland homedir);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland goto cleanup;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland }
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland if (strlcat(keystore_file, "/.pkg/security",
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland MAXPATHLEN) >= MAXPATHLEN) {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_msg(LOG_MSG_ERR, MSG_TOO_LONG,
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland keystore_file);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland goto cleanup;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland }
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland }
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland }
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland } else {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland if (strlcat(keystore_file, keystore_base,
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland MAXPATHLEN) >= MAXPATHLEN) {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_msg(LOG_MSG_ERR, MSG_TOO_LONG,
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland keystore_base);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland goto cleanup;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland }
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland }
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland err = pkgerr_new();
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland /* now load the key store */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_msg(LOG_MSG_DEBUG, "Loading keystore <%s>", keystore_file);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland set_passphrase_prompt(MSG_KEYSTORE_PASSPROMPT);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland set_passphrase_passarg(passarg);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland if (open_keystore(err, keystore_file, prog, pkg_passphrase_cb,
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland KEYSTORE_ACCESS_READWRITE | KEYSTORE_PATH_HARD, &keystore) != 0) {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_pkgerr(LOG_MSG_ERR, err);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland goto cleanup;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland }
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland /* now remove the selected certs */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_msg(LOG_MSG_DEBUG, "Removing certificate(s) with name <%s>",
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland alias);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland if (delete_cert_and_keys(err, keystore, alias) != 0) {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_pkgerr(LOG_MSG_ERR, err);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_msg(LOG_MSG_ERR, MSG_NO_REMOVECERT, alias);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland goto cleanup;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland }
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland /* now write it back out */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_msg(LOG_MSG_DEBUG, "Closing keystore");
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland set_passphrase_prompt(MSG_KEYSTORE_PASSOUTPROMPT);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland set_passphrase_passarg(passarg);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland if (close_keystore(err, keystore, pkg_passphrase_cb) != 0) {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_pkgerr(LOG_MSG_ERR, err);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_msg(LOG_MSG_ERR, MSG_NO_REMOVECERT, alias);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland goto cleanup;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland }
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_msg(LOG_MSG_INFO, MSG_REMOVED, alias);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland ret = 0;
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland /* fallthrough intentional */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterlandcleanup:
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland if (err != NULL)
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland pkgerr_free(err);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland return (ret);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland}