int
do_create(int argc, char *argv[])
{
char c;
char *buf, *ptr, *instance_name;
char *inaddr_any_name = NULL;
int i, status, len, pcnt;
const char *token_label = NULL;
const char *filename = NULL;
const char *certname = NULL;
const char *username = NULL;
const char *proxy_port = NULL;
char *format = NULL;
boolean_t quote_next;
char address_port[MAX_ADRPORT_LEN + 1];
argc -= 1;
argv += 1;
/*
* Many of these arguments are passed on to kssladm command
* in the start method of the SMF instance created. So, we do only
* the basic usage checks here and let kssladm check the validity
* of the arguments. This is the reason we ignore optarg
* for some of the cases below.
*/
while ((c = getopt(argc, argv, "vT:d:f:h:i:p:c:C:t:u:x:z:")) != -1) {
switch (c) {
case 'd':
break;
case 'c':
break;
case 'C':
certname = optarg;
break;
case 'f':
format = optarg;
break;
case 'h':
break;
case 'i':
filename = optarg;
break;
case 'T':
token_label = optarg;
break;
case 'p':
break;
case 't':
break;
case 'u':
username = optarg;
break;
case 'x':
proxy_port = optarg;
break;
case 'v':
verbose = B_TRUE;
break;
case 'z':
break;
default:
goto err;
}
}
if (format == NULL || proxy_port == NULL) {
goto err;
}
if (get_portnum(proxy_port, NULL) == 0) {
(void) fprintf(stderr,
gettext("Error: Invalid proxy port value %s\n"),
proxy_port);
goto err;
}
if (strcmp(format, "pkcs11") == 0) {
if (token_label == NULL || certname == NULL) {
goto err;
}
} else if (strcmp(format, "pkcs12") == 0 ||
strcmp(format, "pem") == 0) {
if (filename == NULL) {
goto err;
}
} else {
goto err;
}
pcnt = argc - optind;
if (pcnt == 1) {
if (strlen(argv[optind]) < MAX_ADRPORT_LEN) {
(void) strcpy(address_port, argv[optind]);
} else {
(void) fprintf(stderr, gettext(
"argument too long -- %s\n"),
argv[optind]);
return (FAILURE);
}
} else if (pcnt == 2) {
if ((len = strlen(argv[optind])) +
(strlen(argv[optind + 1])) < MAX_ADRPORT_LEN) {
(void) strcpy(address_port, argv[optind]);
address_port[len] = ' ';
(void) strcpy(address_port + len + 1, argv[optind + 1]);
} else {
(void) fprintf(stderr, gettext(
"arguments too long -- %s %s\n"),
argv[optind], argv[optind + 1]);
return (FAILURE);
}
} else {
goto err;
}
/*
* We need to create the kssladm command line in
* the SMF instance from the current arguments.
*
* Construct a buffer with all the arguments except
* the -u argument. We have to quote the string arguments,
* -T and -C, as they can contain white space.
*/
len = 0;
for (i = 1; i < optind; i++) {
len += strlen(argv[i]) + 3;
}
if ((buf = malloc(len)) == NULL) {
return (FAILURE);
}
ptr = buf;
quote_next = B_FALSE;
for (i = 1; i < optind; i++) {
int arglen = strlen(argv[i]) + 1;
if (strncmp(argv[i], "-u", 2) == 0) {
i++;
continue;
}
if (quote_next) {
(void) snprintf(ptr, len, "\"%s\" ", argv[i]);
quote_next = B_FALSE;
arglen += 2;
} else {
(void) snprintf(ptr, len, "%s ", argv[i]);
}
quote_next = (strncmp(argv[i], "-T", 2) == 0 ||
strncmp(argv[i], "-C", 2) == 0);
ptr += arglen;
len -= arglen;
}
KSSL_DEBUG("buf=%s\n", buf);
instance_name = create_instance_name(address_port,
&inaddr_any_name, B_TRUE);
if (instance_name == NULL || inaddr_any_name == NULL) {
free(buf);
return (FAILURE);
}
KSSL_DEBUG("instance_name=%s\n", instance_name);
KSSL_DEBUG("inaddr_any_name=%s\n", inaddr_any_name);
if (username == NULL)
username = "******";
status = create_service(instance_name, address_port,
buf, username, inaddr_any_name);
if (status == INSTANCE_OTHER_EXISTS || status == INSTANCE_ANY_EXISTS) {
if (status == INSTANCE_ANY_EXISTS &&
(strcmp(instance_name, inaddr_any_name) != SUCCESS)) {
/*
* The following could result in a misconfiguration.
* Better bail out with an error.
*/
(void) fprintf(stderr,
gettext("Error: INADDR_ANY instance exists."
" Can not create a new instance %s.\n"),
instance_name);
free(instance_name);
free(inaddr_any_name);
free(buf);
return (status);
}
/*
* Delete the existing instance and create a new instance
* with the supplied arguments.
*/
KSSL_DEBUG("Deleting duplicate instance\n");
if (delete_instance(instance_name) != SUCCESS) {
(void) fprintf(stderr,
gettext(
"Error: Can not delete existing instance %s.\n"),
instance_name);
} else {
(void) fprintf(stdout, gettext(
"Note: reconfiguring the existing instance %s.\n"),
instance_name);
status = create_service(instance_name, address_port,
buf, username, inaddr_any_name);
}
}
free(instance_name);
free(inaddr_any_name);
free(buf);
return (status);
err:
usage_create(B_TRUE);
return (ERROR_USAGE);
}
/*
* An instance name is formed using either the host name in the fully
* qualified domain name form (FQDN) which should map to a specific IP address
* or using INADDR_ANY which means all IP addresses.
*
* We do a lookup or reverse lookup to get the host name. It is assumed that
* the returned name is in the FQDN form. i.e. DNS is used.
*/
char *
create_instance_name(const char *arg, char **inaddr_any_name,
boolean_t is_create)
{
int len;
uint16_t port;
char *cname;
char *instance_name;
const char *prefix = "kssl-";
char *first_space;
first_space = strchr(arg, ' ');
if (first_space == NULL) { /* No host name. Use INADDR_ANY. */
if (get_portnum(arg, &port) == 0) {
(void) fprintf(stderr,
gettext("Error: Invalid port value -- %s\n"),
arg);
return (NULL);
}
KSSL_DEBUG("port=%d\n", port);
if ((cname = strdup(ANY_ADDR)) == NULL)
return (NULL);
} else {
char *temp_str;
char *ptr;
struct hostent *hp;
boolean_t do_warn;
int error_num;
in_addr_t v4addr;
in6_addr_t v6addr;
if (get_portnum(first_space + 1, &port) == 0) {
(void) fprintf(stderr,
gettext("Error: Invalid port value -- %s\n"),
first_space + 1);
return (NULL);
}
KSSL_DEBUG("port=%d\n", port);
if ((temp_str = strdup(arg)) == NULL)
return (NULL);
*(strchr(temp_str, ' ')) = '\0';
if (inet_pton(AF_INET6, temp_str, &v6addr) == 1) {
/* Do a reverse lookup for the IPv6 address */
hp = getipnodebyaddr(&v6addr, sizeof (v6addr),
AF_INET6, &error_num);
} else if (inet_pton(AF_INET, temp_str, &v4addr) == 1) {
/* Do a reverse lookup for the IPv4 address */
hp = getipnodebyaddr(&v4addr, sizeof (v4addr),
AF_INET, &error_num);
} else {
/* Do a lookup for the host name */
hp = getipnodebyname(temp_str, AF_INET6, AI_DEFAULT,
&error_num);
}
if (hp == NULL) {
(void) fprintf(stderr,
gettext("Error: Unknown host -- %s\n"), temp_str);
free(temp_str);
return (NULL);
}
if ((ptr = cname = strdup(hp->h_name)) == NULL) {
freehostent(hp);
free(temp_str);
return (NULL);
}
freehostent(hp);
do_warn = B_TRUE;
/* "s/./-/g" */
while ((ptr = strchr(ptr, '.')) != NULL) {
if (do_warn)
do_warn = B_FALSE;
*ptr = '-';
ptr++;
}
if (do_warn && is_create) {
(void) fprintf(stderr,
gettext("Warning: %s does not appear to have a"
" registered DNS name.\n"), temp_str);
}
free(temp_str);
}
KSSL_DEBUG("Cannonical host name =%s\n", cname);
len = strlen(prefix) + strlen(cname) + 10;
if ((instance_name = malloc(len)) == NULL) {
(void) fprintf(stderr,
gettext("Error: memory allocation failure.\n"));
return (NULL);
}
(void) snprintf(instance_name, len, "%s%s-%d", prefix, cname, port);
if (is_create) {
len = strlen(prefix) + strlen(ANY_ADDR) + 10;
if ((*inaddr_any_name = malloc(len)) == NULL) {
(void) fprintf(stderr,
gettext("Error: memory allocation failure.\n"));
free(instance_name);
free(cname);
return (NULL);
}
(void) snprintf(*inaddr_any_name, len,
"%s%s-%d", prefix, ANY_ADDR, port);
}
free(cname);
KSSL_DEBUG("instance_name=%s\n", instance_name);
return (instance_name);
}
