wanboot.c revision 694c35faa87b858ecdadfe4fc592615f4eefbb07
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#include <sys/bootconf.h>
#include <sys/wanboot_impl.h>
#include <boot_http.h>
#include <aes.h>
#include <des3.h>
#include <cbc.h>
#include <hmac_sha1.h>
#include <sys/sha1_consts.h>
#include <bootlog.h>
#include <parseURL.h>
#include <netboot_paths.h>
#include <netinet/inetutil.h>
#include <dhcp_impl.h>
#include <bootinfo.h>
#include <wanboot_conf.h>
#include "boot_plat.h"
#include "ramdisk.h"
#include "wbcli.h"
/*
* Types of downloads
*/
#define MINIINFO "miniinfo"
#define MINIROOT "miniroot"
#define WANBOOTFS "wanbootfs"
#define WANBOOT_RETRY_NOMAX -1
#define WANBOOT_RETRY_ROOT_MAX 50
#define WANBOOT_RETRY_MAX 5
#define WANBOOT_RETRY_SECS 5
#define WANBOOT_RETRY_MAX_SECS 30
/*
* Our read requests should timeout after 25 seconds
*/
#define SOCKET_READ_TIMEOUT 25
/*
* Experimentation has shown that an 8K download buffer is optimal
*/
#define HTTP_XFER_SIZE 8192
static char buffer[HTTP_XFER_SIZE];
extern int determine_fstype_and_mountroot(char *);
/*
* The following is used to determine whether the certs and private key
* files will be in PEM format or PKCS12 format. 'use_p12' is zero
* to use PEM format, and 1 when PKCS12 format is to be used. It is
* done this way, as a global, so that it can be patched if needs be
* using the OBP debugger.
*/
#define CONTENT_LENGTH "Content-Length"
#define WANBOOTFS_NONCE_FILE "/nonce"
enum URLtype {
URLtype_wanbootfs = 0,
URLtype_miniroot = 1
};
static char *URLtoCGIcontent[] = {
"bootfs",
"rootfs"
};
/* Encryption algorithms */
typedef enum {
} encr_type_t;
/* Hash algorithms */
typedef enum {
} hash_type_t;
/*
* Keys ...
*/
static unsigned char *g_encr_key = NULL;
static unsigned char *g_hash_key = NULL;
void
{
char const *msg;
}
}
/*
* This routine is called by a consumer to determine whether or not a
* retry should be attempted. If a retry is in order (depends upon the
* 'retry_cnt' and 'retry_max' arguments), then this routine will print a
* message indicating this is the case and will determine an appropriate
* "sleep" time before retrying. The "sleep" time will depend upon the
* 'retry_cnt' and will max out at WANBOOT_RETRY_MAX_SECS.
*
* Returns:
* B_TRUE = retry is in order
* B_FALSE = retry limit exceeded
*/
{
unsigned int seconds;
if (seconds > WANBOOT_RETRY_MAX_SECS) {
}
"Will retry in %d seconds ...", seconds);
return (B_TRUE);
} else {
"Maximum retries exceeded.");
return (B_FALSE);
}
}
/*
* Determine which encryption algorithm the client is configured to use.
* WAN boot determines which key to use by order of priority. That is
* multiple encryption keys may exist in the PROM, but the first one found
* (while searching in a preferred order) is the one that will be used.
*/
static void
init_encryption(void)
{
static unsigned char key[WANBOOT_MAXKEYLEN];
BI_E_SUCCESS) {
g_encr_key = key;
BI_E_SUCCESS) {
g_encr_key = key;
}
}
/*
* Determine whether the client is configured to use hashing.
*/
static void
init_hashing(void)
{
static unsigned char key[WANBOOT_HMAC_KEY_SIZE];
BI_E_SUCCESS) {
g_hash_key = key;
}
}
/*
* Read some CPU-specific rapidly-varying data (assumed to be of length
* sizeof (hrtime_t) in the non-SPARC case), and digestify it to further
* randomize the output.
*/
char *
generate_nonce(void)
{
uint64_t t;
SHA1_CTX c;
unsigned char digest[HMAC_DIGEST_LEN];
int err;
/*
* Read SPARC %tick register or x86 TSC
*/
t = get_ticks();
SHA1Init(&c);
SHA1Update(&c, (const uint8_t *)&t, sizeof (t));
if (err != 0) {
"cannot convert nonce to ASCII: error %d", err);
return (NULL);
}
return (nonce);
}
/*
* Given a server URL, builds a URL to request one of the wanboot
* datastreams.
*
* Returns:
* -1 = Non-recoverable error
* 0 = Success
*/
static int
{
char clid[WB_MAX_CID_LEN];
char *netstr;
char *ppath;
const char reqstr[] = "/?CONTENT=%s&IP=%s&CID=%s";
/*
* Initialize the request
*/
*req_url = *server_url;
/*
* Build the network number string
*/
ipv4_getipaddr(&ip);
/*
* Get the wan id
*/
"Cannot retrieve the client ID");
return (-1);
}
/*
* Build the request, making sure that the length of the
* constructed URL falls within the supported maximum.
*/
"The URL path length of the %s request is greater than "
return (-1);
}
/*
* If the URL type requires a nonce, then supply it.
* It will be returned in the reply to detect attempted
* replays.
*/
if (ut == URLtype_wanbootfs) {
char *n = generate_nonce();
if (n != NULL) {
if (plen > URL_MAX_PATHLEN)
return (-1);
}
}
return (0);
}
/*
* This routine reads data from an HTTP connection into a buffer.
*
* Returns:
* 0 = Success
* 1 = HTTP download error
*/
static int
{
int len;
size_t i;
if (len <= 0) {
return (1);
}
}
return (0);
}
/*
* This routine compares two hash digests, one computed by the server and
* the other computed by the client to verify that a transmitted message
* was received without corruption.
*
* Notes:
* The client only computes a digest if it is configured with a
* hash key. If it is not, then the server should not have a hash
* key for the client either and therefore should have sent a
* zero filled digest.
*
* Returns:
* B_TRUE = digest was verified
* B_FALSE = digest did not verify
*/
static boolean_t
{
static char null_digest[HMAC_DIGEST_LEN];
"%s: invalid hash digest", what);
"(client has key but wrong signature_type?)");
"(signature_type specified but no client key?)");
}
"or possible corruption of the image in transit");
return (B_FALSE);
}
return (B_TRUE);
}
/*
* This routine reads the part of a multipart message that contains a
* hash digest. Errors in reading the digest are differentiated from
* other kinds of errors so that the caller can decide whether or
* not a retry is worthwhile.
*
* Note:
* The hash digest can either be an HMAC digest or it can be
* a zero length message (representing no hash digest).
*
* Returns:
* -1 = Non-recoverable error
* 0 = Success
* 1 = HTTP download error
*/
static int
{
char *lenstr;
/*
* Process the HMAC digest header.
*/
return (1);
}
"%s: error getting digest length", what);
return (1);
}
/*
* Validate the HMAC digest length.
*/
if (digest_size != HMAC_DIGEST_LEN) {
"%s: error validating response - invalid digest size",
what);
return (-1);
}
/*
* Read the HMAC digest.
*/
"%s: error reading digest", what);
return (1);
}
return (0);
}
/*
* This routine reads data from an HTTP connection and writes the data
* to a ramdisk. It also, optionally computes a hash digest of the processed
* data. This routine may be called to continue writing a previously aborted
* write. If this is the case, then the offset will be non-zero and the write
* pointer into the ramdisk will be positioned correctly by the caller.
*
* Returns:
* -1 = Non-recoverable error
* 0 = Success
* 1 = HTTP download error
*/
static int
{
int len;
long nleft;
static int bootlog_message_interval;
static int bootlog_progress;
int ret;
/*
* Read the data and write it to the ramdisk.
*/
if (*offset == 0) {
bootlog_progress = 0;
if (bootlog_message_interval < 500)
bootlog_message_interval /= 5;
else
bootlog_message_interval /= 50;
"Reading %s file system (%ld kB)",
} else {
"Continuing read of %s file system (%ld kB)",
}
if (len <= 0) {
/*
* In the case of a partial failure, http_read_body()
* returns into 'len', 1 - the number of bytes read.
* So, a -65 means 64 bytes read and an error occurred.
*/
if (len != 0) {
}
ret = 1;
}
}
if (bootlog_progress == bootlog_message_interval) {
"%s: Read %ld of %ld kB (%ld%%)", what,
bootlog_progress = 0;
} else {
}
}
if (ret == 0) {
"%s: Read %ld of %ld kB (%ld%%)", what,
}
return (ret);
}
/*
* This routine is called with a bootinfo parameter name. If the parameter
* has a value it should be a URL, and this will be used to initialize the
* http_url structure.
*
* Returns:
* -1 = Non-recoverable error
* 0 = Success
* 1 = DHCP option not set
*/
static int
{
char buf[URL_MAX_STRLEN];
int ret;
return (1);
}
/*
* Parse the URL.
*/
if (ret != URL_PARSE_SUCCESS) {
"Unable to parse URL %s", buf);
return (-1);
}
return (0);
}
/*
* This routine initiates an HTTP request and returns a handle so that
* the caller can process the response.
*
* Notes:
* Requests may be either secure or not. If the request is secure, then
* this routine assumes that a wanboot file system exists and
* uses its contents to provide the HTTP library with the information
* that will be required by SSL.
*
* In order to facilitate transmission retries, this routine supports
* range requests. A caller may request a range by providing a non-zero
* offset. In which case, a range request is made that ranges from the
* offet to the end of the file.
*
* If the client is configured to use an HTTP proxy, then this routine
* will make the HTTP library aware of the proxy.
*
* Any HTTP errors encountered in downloading or processing the message
* are not deemed unrecoverable errors. The caller can simply try the
* request once again.
*
* Returns:
* -1 = Non-recoverable error
* 0 = Success
* 1 = HTTP download error
*/
static int
{
static url_hport_t proxy_hp;
char buf[URL_MAX_STRLEN];
int ret;
/* Check for HTTP proxy */
if (!is_proxy_init &&
/*
* Parse the hostport.
*/
if (ret == URL_PARSE_SUCCESS) {
} else {
"%s is not set to a valid hostport value",
return (-1);
}
}
/*
* Initialize the handle that will be used for the request.
*/
return (-1);
}
/*
* Is the request a secure one? If it is, then we need to do further
* setup. Search the wanboot file system for files that will be
* needed by SSL.
*/
char *cas;
(void) http_srv_close(*handlep);
return (-1);
}
/*
* We only need to initialize the CA once as it is not handle
* specific.
*/
if (!is_auth_file_init) {
< 0) {
"http_set_certificate_authority_file",
*handlep);
(void) http_srv_close(*handlep);
return (-1);
}
}
/*
* The client certificate and key will not exist unless
* client authentication has been configured. If it is
* configured then the webserver will have added these
* files to the wanboot file system and the HTTP library
* needs to be made aware of their existence.
*/
BC_CLIENT_AUTHENTICATION)) != NULL &&
NB_CLIENT_CERT_PATH) < 0) {
print_errors("http_set_client_certificate_file",
*handlep);
(void) http_srv_close(*handlep);
return (-1);
}
NB_CLIENT_KEY_PATH) < 0) {
print_errors("http_set_private_key_file",
*handlep);
(void) http_srv_close(*handlep);
return (-1);
}
}
/*
* We do not really need to set this unless client
* authentication is configured or unless pkcs12 files
* are used.
*/
if ((client_authentication || use_p12) &&
(void) http_srv_close(*handlep);
return (-1);
}
}
/*
* If the client is using a proxy, tell the library.
*/
if (proxy_exists) {
(void) http_srv_close(*handlep);
return (-1);
}
}
/*
* Ok, connect to the webserver.
*/
(void) http_srv_close(*handlep);
return (1);
}
/*
* If the offset is 0, then we assume that we want the entire
* message. If the offset is not 0, then we assume that we are
* retrying a previously interrupted transfer and thus we make
* a range request.
*/
if (offset == 0) {
"%s: http_get_request: sent", what);
} else {
(void) http_srv_close(*handlep);
return (1);
}
} else {
offset, 0)) == 0) {
"%s: http_get_range_request: sent", what);
} else {
(void) http_srv_close(*handlep);
return (1);
}
}
/*
* Tell the library to read in the response headers.
*/
if (ret == -1) {
(void) http_srv_close(*handlep);
return (1);
}
/*
* Check for a valid response code.
*/
(void) http_srv_close(*handlep);
return (1);
}
/*
* Success.
*/
return (0);
}
/*
* This routine is called by get_miniinfo() to receive the reply
* to the request for the miniroot metadata. The reply is a two
* part multipart message. The first part of the message contains
* the miniroot file size. The second part of the message contains
* a hash digest of the miniroot as computed by the server. This
* routine receives both message parts and returns them to the caller.
*
* Notes:
* If the miniroot is going to be downloaded securely or if the
* the server has no hash key for the client, then the hash digest
* downloaded contains all zeros.
*
* Any HTTP errors encountered in downloading or processing the message
* are not deemed unrecoverable errors. That is, get_miniinfo()
* tries re-requesting the message and tries processing it again.
*
* Returns:
* -1 = Non-recoverable error
* 0 = Success
* 1 = HTTP download error
*/
static int
unsigned char *sdigest)
{
char *lenstr;
/*
* Process the file size header.
*/
return (1);
}
"of first part of multipart message", MINIINFO);
return (1);
}
"of multipart message not a legal size", MINIINFO);
return (1);
}
"%s: error reading miniroot size", MINIINFO);
return (1);
}
if (*mini_size == 0) {
"of multipart message not a legal size", MINIINFO);
return (1);
}
}
/*
* This routine is called by get_miniroot() to retrieve the miniroot
* metadata (miniroot size and a hash digest). This routine sends an
* HTTP GET request to the webserver to request the download of the
* miniroot metadata and relies on process_miniinfo() to receive the
* reply, process it and ultimately return to it the miniroot size and
* the hash digest.
*
* Note:
* Any HTTP errors encountered in downloading or processing the message
* are not deemed unrecoverable errors. That is, get_miniinfo() should
* try re-requesting the message and try processing again.
*
* Returns:
* -1 = Non-recoverable error
* 0 = Success
*/
int
unsigned char *sdigest)
{
int retry_cnt = 0;
int retry_max = WANBOOT_RETRY_MAX;
int ret;
/*
* Build the URL to request the miniroot info.
*/
"Can't build the URL to make the %s request",
return (-1);
}
/*
* Go get the miniroot info. If we fail reading the
* response we re-request the info in its entirety.
*/
do {
&req_url, 0)) < 0) {
break;
} else if (ret > 0) {
continue;
} else {
break;
}
}
sdigest)) > 0) {
(void) http_srv_close(handle);
break;
}
}
(void) http_srv_close(handle);
} while (ret > 0);
/*
* Success.
*/
if (ret == 0) {
"Miniroot info download successful");
return (0);
} else {
"Miniroot info download aborted");
return (-1);
}
}
/*
* This routine is called by get_miniroot() to receive the reply to
* the request for the miniroot download. The miniroot is written
* to ramdisk as it is received and a hash digest is optionally computed
* as it does so. The miniroot is downloaded as one large message.
* Because the message is so large, this routine is prepared to deal
* with errors in the middle of download. If an error occurs during
* download, then this message processes all received data up to the
* point of the error and returns to get_miniroot() an error signifying
* that a download error has occurred. Presumably, get_miniroot()
* re-requests the remaining part of the miniroot not yet processed and
* calls this routine back to process the reply. When this routine
* returns succesfully, it returns a devpath to the ramdisk and the
* computed hash (if computed).
*
* Note:
* In order to facilitate reentry, the ramdisk is left open
* and the original miniroot_size and HMAC handle are kept
* static.
*
* Returns:
* -1 = Non-recoverable error
* 0 = Success
* 1 = HTTP download error
*/
static int
{
static size_t miniroot_size;
int ret;
if (miniroot_vaddr == NULL) {
if (htype == HASH_HMAC_SHA1) {
"%s: Authentication will use HMAC-SHA1", MINIROOT);
}
devpath);
}
miniroot_vaddr += *offset;
return (ret);
}
}
return (0);
}
/*
* This routine retrieves the miniroot from the webserver. The miniroot
* is retrieved in two steps. First a request is made to the server
* to retrieve miniroot metadata (miniroot size and a hash digest).
* The second request actually results in the download of the miniroot.
*
* This routine relies on get_miniinfo() to make and process
* the request for the miniroot metadata and returns the
* miniroot size and the hash digest of the miniroot as computed by
* the server.
*
* If get_miniinfo() returns successfully, then this routine sends
* an HTTP GET request to the webserver to request download of the
* miniroot. This routine relies on process_miniroot() to receive
* the reply, process it and ultimately return to it a device path to
* a ramdisk containing the miniroot and a client computed hash digest.
* This routine verifies that the client computed hash digest matches
* the one retrieved by get_miniinfo().
*
* If an error occurs in the transfer of the miniroot from the server
* to the client, then the client re-requests the download of the
* miniroot using a range request and only requests the part of the
* miniroot not previously downloaded and written to ramdisk. The
* process_miniroot() routine has the intelligence to recognize that
* it is processing a range request. Errors not related to the actual
* message download are deemed unrecoverable.
*
* Note:
* If the client request for the miniroot is a secure request or
* if the server is not configured with a hash key for the client,
* then the hash digest downloaded from the server will contain
* all zeros. This routine verifies that the server and client are
* in-sync with respect to the need for hash verification.
*
* Returns:
* -1 = Non-recoverable error
* 0 = Success
*/
int
get_miniroot(char **devpath)
{
unsigned char cdigest[HMAC_DIGEST_LEN];
unsigned char sdigest[HMAC_DIGEST_LEN];
char *urlstr;
int plen;
int retry_cnt = 0;
int retry_max = WANBOOT_RETRY_ROOT_MAX;
int ret;
/*
* Get the miniroot URL.
*/
"Missing root_server URL");
return (-1);
"Unable to parse URL %s", urlstr);
return (-1);
}
/*
* We must get the miniroot info before we can request
* the miniroot itself.
*/
return (-1);
}
"Cannot retrieve the miniroot path");
return (-1);
}
/*
* Go get the miniroot. If we fail reading the response
* then we re-request only the range we have yet to read,
* unless the error was "unrecoverable" in which case we
* re-request the entire file system.
*/
offset = 0;
do {
&server_url, offset)) < 0) {
break;
} else if (ret > 0) {
continue;
} else {
break;
}
}
(void) http_srv_close(handle);
break;
}
}
(void) http_srv_close(handle);
} while (ret > 0);
/*
* Validate the computed digest against the one received.
*/
"Miniroot download aborted");
return (-1);
}
return (0);
}
/*
* This routine is called to finish the decryption process.
* Its purpose is to free the resources allocated by the
* encryption init routines.
*/
static void
{
switch (etype) {
case ENCR_3DES:
break;
case ENCR_AES:
break;
default:
break;
}
}
/*
* This routine is called by process_wanbootfs() to decrypt the encrypted
* file system from ramdisk in place. The method of decryption
* (algorithm) will have already been determined by process_wanbootfs()
* and the cbc_handle passed to this routine will already have been
* initialized appropriately.
*
* Returns:
* -1 = Non-recoverable error
* 0 = Success
*/
static int
{
"%s: cbc decrypt error", WANBOOTFS);
return (-1);
}
return (0);
}
/*
* This routine is called by get_wanbootfs() to receive the reply to
* the request for the wanboot file system. The reply is a multipart message.
* The first part of the message is the file system (which may or may
* not be encrypted). If encrypted, then the first block of the message
* part is the CBC IV value used by the server to encrypt the remaining
* part of the message part and is used by the client to decrypt it. The
* second message part is a hash digest of the first part (the file
* system) as computed by the server. If no hash key is configured
* for the client, then the hash digest simply contains all zeros. This
* routine receives both message parts. The file system is written to ramdisk
* as it is received and simultaneously computes a hash digest (if a hash
* key exists). Once the entire part is received, if the file system is
* encrypted, it is read from ramdisk, decrypted and rewritten back to
* ramdisk. The server computed hash digest is then read and along with the
* ramdisk device path and the client computed hash digest is returned to the
* caller.
*
* Notes:
* In order to decrypt the file system and to compute the client
* hash digest, an encryption key and a hash key is retrieved from
* the PROM (or the wanboot interpreter). The non-existence of these
* keys has implications on how the message response is processed and
* it is assumed that the server is configured identically.
*
* Any HTTP errors encountered in downloading or processing the message
* are not deemed unrecoverable errors. That is, get_wanbootfs() will
* try re-requesting the message and will try processing it again.
*
* Returns:
* -1 = Non-recoverable error
* 0 = Success
* 1 = HTTP download error
*/
static int
{
/* iv[] must be sized to store the largest possible encryption block */
void *eh;
char *lenstr;
int ret;
switch (hash_type) {
case HASH_HMAC_SHA1:
"%s: Authentication will use HMAC-SHA1", WANBOOTFS);
break;
case HASH_NONE:
break;
default:
"%s: unrecognized hash type", WANBOOTFS);
return (-1);
}
switch (encr_type) {
case ENCR_3DES:
bootlog("wanboot",
return (-1);
}
break;
case ENCR_AES:
bootlog("wanboot",
return (-1);
}
break;
case ENCR_NONE:
break;
default:
"%s: unrecognized encryption type", WANBOOTFS);
return (-1);
}
/*
* Process the header.
*/
return (1);
}
"of first part of multipart message", WANBOOTFS);
return (1);
}
if (wanbootfs_size == 0) {
"of multipart message not a legal size", WANBOOTFS);
return (1);
}
/*
* If encrypted, then read the iv.
*/
"%s: error reading hash iv", WANBOOTFS);
return (1);
}
}
}
/*
* We can only create the ramdisk once. So, if we've
* already created it, then it means we've re-entered
* this routine from an earlier partial failure. Use
* the already existing ramdisk and seek back to the
* beginning of the file.
*/
if (bootfs_vaddr == NULL) {
devpath);
}
offset = 0;
!= 0) {
return (ret);
}
}
/*
* If encrypted, then decrypt it.
*/
if (ret != 0) {
return (-1);
}
}
}
/*
* This routine sends an HTTP GET request to the webserver to
* request the wanboot file system for the client. The server
* will reply by sending a multipart message. This routine will rely
* on process_wanbootfs() to receive the multipart message, process it
* and ultimately return to it a device path to a ramdisk containing
* the wanboot file system, a client computed hash digest and a
* server computed hash digest. This routine will verify that the
* client computed hash digest matches the one sent by the server. This
* routine will also verify that the nonce received in the reply matches
* the one sent in the request.
*
* If an error occurs in the transfer of the message from the server
* to the client, then the client re-requests the download in its
* entirety. Errors not related to the actual message download are
* deemed unrecoverable.
*
* Returns:
* -1 = Non-recoverable error
* 0 = Success
*/
int
{
unsigned char cdigest[HMAC_DIGEST_LEN];
unsigned char sdigest[HMAC_DIGEST_LEN];
char *devpath;
int ret;
int fd;
int retry_cnt = 0;
int retry_max = WANBOOT_RETRY_MAX;
/*
* Build the URL to request the wanboot file system. This URL
* will include the CGI script name and the IP, CID, and
* NONCE parameters.
*/
"Can't build the URL to make the %s request",
return (-1);
}
/*
* Go get the wanboot file system. If we fail reading the
* response we re-request the entire file system.
*/
do {
&req_url, 0)) < 0) {
break;
} else if (ret > 0) {
continue;
} else {
break;
}
}
(void) http_srv_close(handle);
break;
}
}
(void) http_srv_close(handle);
} while (ret > 0);
/*
* Validate the computed digest against the one received.
*/
if (ret != 0 ||
"The wanboot file system download aborted");
return (-1);
}
/*
* Mount the wanboot file system.
*/
"Could not mount the wanboot filesystem.");
"(client has key but wrong encryption_type?)");
} else {
"(encryption_type specified but no client key?)");
}
return (-1);
}
"The wanboot file system has been mounted");
/*
* The wanboot file system should contain a nonce. Read it
* and compare it against the nonce sent in the request.
*/
"No nonce found in the wanboot file system");
"The wanboot file system download aborted");
return (-1);
}
"Invalid nonce found in the wanboot file system");
"The wanboot file system download aborted");
return (-1);
}
"The wanboot file system download was successful");
return (0);
}
static boolean_t
init_netdev(char *bpath)
{
int proplen;
char netalias[OBP_MAXPATHLEN];
static char devpath[OBP_MAXPATHLEN];
char *p;
/*
* Wanboot will either have loaded over the network (in which case
* bpath will name a network device), or from CD-ROM or disk. In
* either case ensure that the 'net' alias corresponds to a network
* device, and that if a network boot was performed that it is
* identical to bpath. This is so that the interface name can always
* be determined for CD-ROM or disk boots, and for manually-configured
* network boots. The latter restriction may be relaxed in the future.
*/
anode = prom_alias_node();
goto error;
}
/*
* Strip boot arguments from the net device to form
* the boot device path, returned as netdev_path.
*/
goto error;
*p = '\0';
}
goto error;
}
/*
* If bpath is a network device path, then v2path
* will be a copy of this sans device arguments.
*/
"'net'=%s\n", netalias);
"wanboot requires that the 'net' alias refers to ");
"the network device path from which it loaded");
return (B_FALSE);
}
} else {
}
/*
* Configure the network and return the network device.
*/
return (B_TRUE);
/*
* If we haven't established a device path for a network interface,
* then we're doomed.
*/
"No network device available for wanboot!");
"(Ensure that the 'net' alias is set correctly)");
return (B_FALSE);
}
/*
* This implementation of bootprog() is used solely by wanboot.
*
* The basic algorithm is as follows:
*
* - The wanboot options (those specified using the "-o" flag) are processed,
* and if necessary the wanboot interpreter is invoked to collect other
* options.
*
* - The wanboot filesystem (containing certificates, wanboot.conf file, etc.)
* is then downloaded into the bootfs ramdisk, which is mounted for use
* by OpenSSL, access to wanboot.conf, etc.
*
* ramdisk. The bootfs filesystem is unmounted, and the rootfs filesystem
* is booted.
*/
/*ARGSUSED*/
int
{
char *miniroot_path;
int ret;
if (!init_netdev(bpath)) {
return (-1);
}
if (!bootinfo_init()) {
return (-1);
}
/*
* Get default values from PROM, etc., process any boot arguments
* (specified with the "-o" option), and initialize the interface.
*/
if (!wanboot_init_interface(wanboot_arguments)) {
return (-1);
}
/*
* Determine which encryption and hashing algorithms the client
* is configured to use.
*/
init_hashing();
/*
* Get the bootserver value. Should be of the form:
* http://host[:port]/abspath.
*/
if (ret != 0) {
"Unable to retrieve the bootserver URL");
return (-1);
}
/*
* Get the wanboot file system and mount it. Contains metdata
* needed by wanboot.
*/
if (get_wanbootfs(&server_url) != 0) {
return (-1);
}
/*
* Check that there is a valid wanboot.conf file in the wanboot
* file system.
*/
return (-1);
}
/*
* Set the time
*/
/*
* Verify that URLs in wanboot.conf can be reached, etc.
*/
if (!wanboot_verify_config()) {
return (-1);
}
/*
* Retrieve the miniroot.
*/
if (get_miniroot(&miniroot_path) != 0) {
return (-1);
}
/*
* We don't need the wanboot file system mounted anymore and
* should unmount it so that we can mount the miniroot.
*/
(void) unmountroot();
return (0);
}