1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
  23  * Copyright 2012 Milan Jurik. All rights reserved.
  24  */
  25 
  26 #include <stdio.h>
  27 #include <stdlib.h>
  28 #include <strings.h>
  29 #include <string.h>
  30 #include <libgen.h>
  31 #include <unistd.h>
  32 #include <fcntl.h>
  33 #include <errno.h>
  34 #include <netdb.h>
  35 #include <libnvpair.h>
  36 #include <sys/types.h>
  37 #include <sys/wait.h>
  38 #include <sys/stat.h>
  39 #include <sys/param.h>
  40 #include <sys/sysmacros.h>
  41 #include <sys/mman.h>
  42 #include <sys/socket.h>
  43 #include <sys/utsname.h>
  44 #include <sys/wanboot_impl.h>
  45 #include <netinet/in.h>
  46 #include <arpa/inet.h>
  47 
  48 #include <openssl/crypto.h>
  49 #include <openssl/x509.h>
  50 #include <openssl/x509v3.h>
  51 #include <openssl/pem.h>
  52 #include <openssl/pkcs12.h>
  53 #include <openssl/evp.h>
  54 #include <openssl/err.h>
  55 
  56 #include <p12aux.h>
  57 
  58 #include <parseURL.h>
  59 /*
  60  * These can be replaced with wanbootutil.h once the openssl interfaces
  61  * are moved to libwanboot.
  62  */
  63 #include <wanboot/key_util.h>
  64 #include <wanboot/key_xdr.h>
  65 #include <hmac_sha1.h>
  66 
  67 #include <netboot_paths.h>
  68 #include <wanboot_conf.h>
  69 
  70 /*
  71  * Exit status:
  72  */
  73 #define WBCGI_STATUS_OK         0
  74 #define WBCGI_STATUS_ERR        1
  75 
  76 #define WBCGI_FILE_EXISTS(file, statbuf) \
  77         (stat(file, &statbuf) == 0 && S_ISREG(statbuf.st_mode))
  78 
  79 #define WBCGI_DIR_EXISTS(dir, statbuf) \
  80         (stat(dir, &statbuf) == 0 && S_ISDIR(statbuf.st_mode))
  81 
  82 #define WBCGI_HMAC_PATH         "/usr/lib/inet/wanboot/hmac"
  83 #define WBCGI_ENCR_PATH         "/usr/lib/inet/wanboot/encr"
  84 #define WBCGI_KEYMGMT_PATH      "/usr/lib/inet/wanboot/keymgmt"
  85 #define WBCGI_MKISOFS_PATH      "/bin/mkisofs"
  86 
  87 #define WBCGI_DEV_URANDOM       "/dev/urandom"
  88 
  89 #define WBCGI_CONTENT_TYPE      "Content-Type: "
  90 #define WBCGI_CONTENT_LENGTH    "Content-Length: "
  91 #define WBCGI_WANBOOT_BNDTXT    "WANBoot_Part_Boundary"
  92 #define WBCGI_CRNL              "\r\n"
  93 
  94 #define WBCGI_CNSTR             "CN="
  95 #define WBCGI_CNSTR_LEN         (sizeof (WBCGI_CNSTR) - 1)
  96 #define WBCGI_NAMESEP           ",/\n\r"
  97 
  98 #define WBCGI_MAXBUF            256
  99 
 100 /*
 101  * Possible return values from netboot_ftw():
 102  */
 103 #define WBCGI_FTW_CBOK          2       /* CB terminated walk OK */
 104 #define WBCGI_FTW_CBCONT        1       /* CB wants walk should continue */
 105 #define WBCGI_FTW_DONE          0       /* Walk terminated without CBERR/CBOK */
 106 #define WBCGI_FTW_CBERR         -1      /* CB terminated walk with err */
 107 
 108 /*
 109  * getsubopt() is used to map one of the contents[] keywords
 110  * to one of these types
 111  */
 112 #define WBCGI_CONTENT_ERROR     -1
 113 #define WBCGI_CONTENT_BOOTFILE  0
 114 #define WBCGI_CONTENT_BOOTFS    1
 115 #define WBCGI_CONTENT_ROOTFS    2
 116 
 117 static char *contents[] =
 118         { "bootfile", "bootfs", "rootfs", NULL };
 119 
 120 /*
 121  * getsubopt() is used to parse the query string for
 122  * the keywords defined by queryopts[]
 123  */
 124 #define WBCGI_QUERYOPT_CONTENT  0
 125 #define WBCGI_QUERYOPT_NET      1
 126 #define WBCGI_QUERYOPT_CID      2
 127 #define WBCGI_QUERYOPT_NONCE    3
 128 
 129 static char *queryopts[] =
 130         { "CONTENT", "IP", "CID", "NONCE", NULL };
 131 
 132 static bc_handle_t      bc_handle;
 133 
 134 
 135 static char *
 136 status_msg(int status)
 137 {
 138         char    *msg;
 139 
 140         switch (status) {
 141         case 400:
 142                 msg = "Bad Request";
 143                 break;
 144         case 403:
 145                 msg = "Forbidden";
 146                 break;
 147         case 500:
 148                 msg = "Internal Server Error";
 149                 break;
 150         default:
 151                 msg = "Unknown status";
 152                 break;
 153         }
 154 
 155         return (msg);
 156 }
 157 
 158 static void
 159 print_status(int status, const char *spec_msg)
 160 {
 161         if (spec_msg == NULL) {
 162                 spec_msg = "";
 163         }
 164 
 165         (void) fprintf(stdout, "Status: %d %s %s%s", status,
 166             status_msg(status), spec_msg, WBCGI_CRNL);
 167 }
 168 
 169 static char *
 170 make_path(const char *root, const char *suffix)
 171 {
 172         char    path[MAXPATHLEN];
 173         char    *ptr = NULL;
 174         int     chars;
 175 
 176         if ((chars = snprintf(path, sizeof (path),
 177             "%s/%s", root, suffix)) < 0 || chars > sizeof (path) ||
 178             (ptr = strdup(path)) == NULL) {
 179                 print_status(500, "(error making path)");
 180         }
 181 
 182         return (ptr);
 183 }
 184 
 185 static void
 186 free_path(char **pathp)
 187 {
 188         if (*pathp != NULL) {
 189                 free(*pathp);
 190                 *pathp = NULL;
 191         }
 192 }
 193 
 194 static char *
 195 gen_tmppath(const char *prefix, const char *net, const char *cid)
 196 {
 197         pid_t   pid;
 198         time_t  secs;
 199         int     chars;
 200         char    path[MAXPATHLEN];
 201         char    *ptr = NULL;
 202 
 203         if ((pid = getpid()) < 0 || (secs = time(NULL)) < 0 ||
 204             (chars = snprintf(path, sizeof (path), "/tmp/%s_%s_%s_%ld_%ld",
 205             prefix, net, cid, pid, secs)) < 0 || chars > sizeof (path) ||
 206             (ptr = strdup(path)) == NULL) {
 207                 print_status(500, "(error creating temporary filename)");
 208         }
 209 
 210         return (ptr);
 211 }
 212 
 213 /*
 214  * File I/O stuff:
 215  */
 216 static boolean_t
 217 write_buffer(int fd, const void *buffer, size_t buflen)
 218 {
 219         size_t          nwritten;
 220         ssize_t         nbytes;
 221         const char      *buf = buffer;
 222 
 223         for (nwritten = 0; nwritten < buflen; nwritten += nbytes) {
 224                 nbytes = write(fd, &buf[nwritten], buflen - nwritten);
 225                 if (nbytes <= 0) {
 226                         return (B_FALSE);
 227                 }
 228         }
 229 
 230         return (B_TRUE);
 231 }
 232 
 233 static boolean_t
 234 write_file(int ofd, const char *filename, size_t size)
 235 {
 236         boolean_t       ret = B_TRUE;
 237         int             ifd;
 238         char            buf[1024];
 239         size_t          rlen;
 240         ssize_t         wlen;
 241 
 242         if ((ifd = open(filename, O_RDONLY)) < 0) {
 243                 return (B_FALSE);
 244         }
 245 
 246         for (; size != 0; size -= wlen) {
 247                 rlen = (size < sizeof (buf)) ? size : sizeof (buf);
 248 
 249                 if ((wlen = read(ifd, buf, rlen)) < 0 ||
 250                     !write_buffer(ofd, buf, wlen)) {
 251                         ret = B_FALSE;
 252                         break;
 253                 }
 254         }
 255         (void) close(ifd);
 256 
 257         return (ret);
 258 }
 259 
 260 static boolean_t
 261 copy_file(const char *src, const char *dest)
 262 {
 263         boolean_t       ret = B_FALSE;
 264         char            message[WBCGI_MAXBUF];
 265         const size_t    chunksize = 16 * PAGESIZE;
 266         size_t          validsize;
 267         size_t          nwritten = 0;
 268         size_t          nbytes = 0;
 269         off_t           roff;
 270         int             mflags = MAP_PRIVATE;
 271         char            *buf = NULL;
 272         struct stat     st;
 273         int             rfd = -1;
 274         int             wfd = -1;
 275         int             chars;
 276 
 277         if ((rfd = open(src, O_RDONLY)) < 0 ||
 278             (wfd = open(dest, O_CREAT|O_EXCL|O_RDWR, S_IRUSR|S_IWUSR)) < 0 ||
 279             fstat(rfd, &st) == -1) {
 280                 goto cleanup;
 281         }
 282 
 283         for (nbytes = st.st_size, roff = 0; nwritten < nbytes;
 284             nwritten += validsize, roff += validsize) {
 285                 buf = mmap(buf, chunksize, PROT_READ, mflags, rfd, roff);
 286                 if (buf == MAP_FAILED) {
 287                         goto cleanup;
 288                 }
 289                 mflags |= MAP_FIXED;
 290 
 291                 validsize = MIN(chunksize, nbytes - nwritten);
 292                 if (!write_buffer(wfd, buf, validsize)) {
 293                         (void) munmap(buf, chunksize);
 294                         goto cleanup;
 295                 }
 296 
 297         }
 298         if (buf != NULL) {
 299                 (void) munmap(buf, chunksize);
 300         }
 301 
 302         ret = B_TRUE;
 303 cleanup:
 304         if (ret == B_FALSE) {
 305                 if ((chars = snprintf(message, sizeof (message),
 306                     "error copying %s to %s", src, dest)) > 0 &&
 307                     chars <= sizeof (message)) {
 308                         print_status(500, message);
 309                 } else {
 310                         print_status(500, NULL);
 311                 }
 312         }
 313         if (rfd != -1) {
 314                 (void) close(rfd);
 315         }
 316         if (wfd != -1) {
 317                 (void) close(wfd);
 318         }
 319 
 320         return (ret);
 321 }
 322 
 323 static boolean_t
 324 create_nonce(const char *noncepath, const char *nonce)
 325 {
 326         boolean_t       ret = B_TRUE;
 327         int             fd;
 328 
 329         if ((fd = open(noncepath,
 330             O_WRONLY|O_CREAT|O_EXCL, S_IRUSR|S_IWUSR)) == -1 ||
 331             !write_buffer(fd, nonce, strlen(nonce))) {
 332                 print_status(500, "(error creating nonce file)");
 333                 ret = B_FALSE;
 334         }
 335         if (fd != -1) {
 336                 (void) close(fd);
 337         }
 338 
 339         return (ret);
 340 }
 341 
 342 static boolean_t
 343 create_timestamp(const char *timestamppath, const char *timestamp)
 344 {
 345         boolean_t       ret = B_TRUE;
 346         int             fd;
 347 
 348         if ((fd = open(timestamppath,
 349             O_WRONLY|O_CREAT|O_EXCL, S_IRUSR|S_IWUSR)) == -1 ||
 350             !write_buffer(fd, timestamp, strlen(timestamp))) {
 351                 print_status(500, "(error creating timestamp file)");
 352                 ret = B_FALSE;
 353         }
 354         if (fd != -1) {
 355                 (void) close(fd);
 356         }
 357 
 358         return (ret);
 359 }
 360 
 361 static boolean_t
 362 create_urandom(const char *urandompath)
 363 {
 364         boolean_t       ret = B_TRUE;
 365         int             fd;
 366 
 367         if ((fd = open(urandompath,
 368             O_WRONLY|O_CREAT|O_EXCL, S_IRUSR|S_IWUSR)) == -1 ||
 369             !write_file(fd, WBCGI_DEV_URANDOM, 32 * 1024)) {
 370                 print_status(500, "(error creating urandom file)");
 371                 ret = B_FALSE;
 372         }
 373         if (fd != -1) {
 374                 (void) close(fd);
 375         }
 376 
 377         return (ret);
 378 }
 379 
 380 static boolean_t
 381 create_null_hash(const char *hashpath)
 382 {
 383         boolean_t       ret = B_TRUE;
 384         int             fd;
 385         static char     null_hash[HMAC_DIGEST_LEN];
 386 
 387         if ((fd = open(hashpath,
 388             O_WRONLY|O_CREAT|O_EXCL, S_IRUSR|S_IWUSR)) == -1 ||
 389             !write_buffer(fd, null_hash, sizeof (null_hash))) {
 390                 print_status(500, "(error creating null hash)");
 391                 ret = B_FALSE;
 392         }
 393         if (fd != -1) {
 394                 (void) close(fd);
 395         }
 396 
 397         return (ret);
 398 }
 399 
 400 
 401 static char *
 402 determine_doc_root(void)
 403 {
 404         char    *doc_root;
 405 
 406         /*
 407          * If DOCUMENT_ROOT is valid, use that.
 408          */
 409         if ((doc_root = getenv("DOCUMENT_ROOT")) == NULL ||
 410             strlen(doc_root) == 0) {
 411                 /*
 412                  * No DOCUMENT_ROOT - try PATH_TRANSLATED.
 413                  */
 414                 if ((doc_root = getenv("PATH_TRANSLATED")) == NULL ||
 415                     strlen(doc_root) == 0) {
 416                         /*
 417                          * Can't determine the document root.
 418                          */
 419                         return (NULL);
 420                 }
 421         }
 422 
 423         return (doc_root);
 424 }
 425 
 426 static boolean_t
 427 get_request_info(int *contentp, char **netp, char **cidp, char **noncep,
 428     char **docrootp)
 429 {
 430         char    *method;
 431         char    *query_string;
 432         char    *value;
 433         char    *junk;
 434         int     i;
 435 
 436         if ((method = getenv("REQUEST_METHOD")) == NULL ||
 437             strncasecmp(method, "GET", strlen("GET") != 0)) {
 438                 print_status(403, "(GET method expected)");
 439                 return (B_FALSE);
 440         }
 441 
 442         if ((query_string = getenv("QUERY_STRING")) == NULL) {
 443                 print_status(400, "(empty query string)");
 444                 return (B_FALSE);
 445         }
 446 
 447         for (i = 0; i < strlen(query_string); i++) {
 448                 if (query_string[i] == '&') {
 449                         query_string[i] = ',';
 450                 }
 451         }
 452 
 453         *contentp = WBCGI_CONTENT_ERROR;
 454         *netp = *cidp = *noncep = NULL;
 455 
 456         if ((*docrootp = determine_doc_root()) == NULL) {
 457                 print_status(400, "(unable to determine document root)");
 458                 return (B_FALSE);
 459         }
 460 
 461         while (*query_string != '\0') {
 462                 switch (getsubopt(&query_string, queryopts, &value)) {
 463                 case WBCGI_QUERYOPT_CONTENT:
 464                         *contentp = getsubopt(&value, contents, &junk);
 465                         break;
 466                 case WBCGI_QUERYOPT_NET:
 467                         *netp = value;
 468                         break;
 469                 case WBCGI_QUERYOPT_CID:
 470                         *cidp = value;
 471                         break;
 472                 case WBCGI_QUERYOPT_NONCE:
 473                         *noncep = value;
 474                         break;
 475                 default:
 476                         print_status(400, "(illegal query string)");
 477                         return (B_FALSE);
 478                 }
 479         }
 480 
 481         switch (*contentp) {
 482         default:
 483                 print_status(400, "(missing or illegal CONTENT)");
 484                 return (B_FALSE);
 485 
 486         case WBCGI_CONTENT_BOOTFS:
 487                 if (*netp == NULL || *cidp == NULL || *noncep == NULL) {
 488                         print_status(400,
 489                             "(CONTENT, IP, CID and NONCE required)");
 490                         return (B_FALSE);
 491                 }
 492                 break;
 493 
 494         case WBCGI_CONTENT_BOOTFILE:
 495         case WBCGI_CONTENT_ROOTFS:
 496                 if (*netp == NULL || *cidp == NULL || *docrootp == NULL) {
 497                         print_status(400,
 498                             "(CONTENT, IP, CID and DOCUMENT_ROOT required)");
 499                         return (B_FALSE);
 500                 }
 501                 break;
 502         }
 503 
 504         return (B_TRUE);
 505 }
 506 
 507 static boolean_t
 508 encrypt_payload(const char *payload, const char *encr_payload,
 509     const char *keyfile, const char *encryption_type)
 510 {
 511         struct stat     sbuf;
 512         int             chars;
 513         char            cmd[MAXPATHLEN];
 514         FILE            *fp;
 515         int             status;
 516         char            msg[WBCGI_MAXBUF];
 517 
 518         if (!WBCGI_FILE_EXISTS(payload, sbuf)) {
 519                 print_status(500, "(encrypt_payload: missing payload)");
 520                 return (B_FALSE);
 521         }
 522 
 523         if ((chars = snprintf(cmd, sizeof (cmd),
 524             "%s -o type=%s -k %s < %s > %s", WBCGI_ENCR_PATH,
 525             encryption_type, keyfile, payload, encr_payload)) < 0 ||
 526             chars > sizeof (cmd)) {
 527                 print_status(500, "(encrypt_payload: buffer overflow)");
 528                 return (B_FALSE);
 529         }
 530 
 531         if ((fp = popen(cmd, "w")) == NULL) {
 532                 print_status(500, "(encrypt_payload: missing/file error)");
 533                 return (B_FALSE);
 534         }
 535         if ((status = WEXITSTATUS(pclose(fp))) != 0) {
 536                 (void) snprintf(msg, sizeof (msg),
 537                     "(encrypt_payload: failed, status=%d)", status);
 538                 print_status(500, msg);
 539                 return (B_FALSE);
 540         }
 541 
 542         if (!WBCGI_FILE_EXISTS(encr_payload, sbuf)) {
 543                 print_status(500, "(encrypt_payload: bad encrypted file)");
 544                 return (B_FALSE);
 545         }
 546 
 547         return (B_TRUE);
 548 }
 549 
 550 static boolean_t
 551 hash_payload(const char *payload, const char *payload_hash,
 552     const char *keyfile)
 553 {
 554         struct stat     sbuf;
 555         int             chars;
 556         char            cmd[MAXPATHLEN];
 557         FILE            *fp;
 558         int             status;
 559         char            msg[WBCGI_MAXBUF];
 560 
 561         if (!WBCGI_FILE_EXISTS(payload, sbuf)) {
 562                 print_status(500, "(hash_payload: missing payload)");
 563                 return (B_FALSE);
 564         }
 565 
 566         if ((chars = snprintf(cmd, sizeof (cmd), "%s -i %s -k %s > %s",
 567             WBCGI_HMAC_PATH, payload, keyfile, payload_hash)) < 0 ||
 568             chars > sizeof (cmd)) {
 569                 print_status(500, "(hash_payload: buffer overflow)");
 570                 return (B_FALSE);
 571         }
 572 
 573         if ((fp = popen(cmd, "w")) == NULL) {
 574                 print_status(500, "(hash_payload: missing/file error)");
 575                 return (B_FALSE);
 576         }
 577         if ((status = WEXITSTATUS(pclose(fp))) != 0) {
 578                 (void) snprintf(msg, sizeof (msg),
 579                     "(hash_payload: failed, status=%d)", status);
 580                 print_status(500, msg);
 581                 return (B_FALSE);
 582         }
 583 
 584         if (!WBCGI_FILE_EXISTS(payload_hash, sbuf) ||
 585             sbuf.st_size < HMAC_DIGEST_LEN) {
 586                 print_status(500, "(hash_payload: bad signature file)");
 587                 return (B_FALSE);
 588         }
 589 
 590         return (B_TRUE);
 591 }
 592 
 593 static boolean_t
 594 extract_keystore(const char *path, const char *keystorepath)
 595 {
 596         struct stat     sbuf;
 597         int             chars;
 598         char            cmd[MAXPATHLEN];
 599         FILE            *fp;
 600         int             status;
 601         char            msg[WBCGI_MAXBUF];
 602 
 603         if (!WBCGI_FILE_EXISTS(path, sbuf)) {
 604                 print_status(500, "(extract_keystore: missing keystore)");
 605                 return (B_FALSE);
 606         }
 607 
 608         if ((chars = snprintf(cmd, sizeof (cmd),
 609             "%s -x -f %s -s %s -o type=rsa",
 610             WBCGI_KEYMGMT_PATH, keystorepath, path)) < 0 ||
 611             chars > sizeof (cmd)) {
 612                 print_status(500, "(extract_keystore: buffer overflow)");
 613                 return (B_FALSE);
 614         }
 615 
 616         if ((fp = popen(cmd, "w")) == NULL) {
 617                 print_status(500, "(extract_keystore: missing/file error)");
 618                 return (B_FALSE);
 619         }
 620         if ((status = WEXITSTATUS(pclose(fp))) != 0) {
 621                 (void) snprintf(msg, sizeof (msg),
 622                     "(extract_keystore: failed, status=%d)", status);
 623                 print_status(500, msg);
 624                 return (B_FALSE);
 625         }
 626 
 627         if (!WBCGI_FILE_EXISTS(keystorepath, sbuf)) {
 628                 print_status(500, "(extract_keystore: failed to create)");
 629                 return (B_FALSE);
 630         }
 631 
 632         return (B_TRUE);
 633 }
 634 
 635 static boolean_t
 636 mkisofs(const char *image_dir, const char *image)
 637 {
 638         struct stat     sbuf;
 639         int             chars;
 640         char            cmd[MAXPATHLEN];
 641         FILE            *fp;
 642         int             status;
 643         char            msg[WBCGI_MAXBUF];
 644 
 645         if (!WBCGI_DIR_EXISTS(image_dir, sbuf)) {
 646                 print_status(500, "(mksiofs: missing image_dir)");
 647                 return (B_FALSE);
 648         }
 649 
 650         if ((chars = snprintf(cmd, sizeof (cmd), "%s -quiet -o %s -r %s",
 651             WBCGI_MKISOFS_PATH, image, image_dir)) < 0 ||
 652             chars > sizeof (cmd)) {
 653                 print_status(500, "(mkisofs: buffer overflow)");
 654                 return (B_FALSE);
 655         }
 656 
 657         if ((fp = popen(cmd, "w")) == NULL) {
 658                 print_status(500, "(mkisofs: missing/file error)");
 659                 return (B_FALSE);
 660         }
 661         if ((status = WEXITSTATUS(pclose(fp))) != 0) {
 662                 (void) snprintf(msg, sizeof (msg),
 663                     "(mkisofs: failed, status=%d)", status);
 664                 print_status(500, msg);
 665                 return (B_FALSE);
 666         }
 667 
 668         if (!WBCGI_FILE_EXISTS(image, sbuf)) {
 669                 print_status(500, "(mksiofs: failed to create image)");
 670                 return (B_FALSE);
 671         }
 672 
 673         return (B_TRUE);
 674 }
 675 
 676 /*
 677  * This function, when invoked with a file name, optional network and
 678  * client ID strings, and callback function will search for the file
 679  * in the following locations:
 680  *
 681  * NB_NETBOOT_ROOT/<network>/<client id>/<file>
 682  * NB_NETBOOT_ROOT/<client id>/<file>
 683  * NB_NETBOOT_ROOT/<network>/<file>
 684  * NB_NETBOOT_ROOT/<file>
 685  *
 686  * The callback function is invoked each time the file is found until
 687  * we have searched all of the above locations or the callback function
 688  * returns a value other than WBCGI_FTW_CBCONT.
 689  *
 690  * Arguments:
 691  *      filename - Name of file to search for.
 692  *      net      - Optional network number to include in search hierarchy.
 693  *      cid      - Optional client ID to include in search hierarchy.
 694  *      cb       - Callback function to be called when file is found.
 695  *      arg      - Argument to be supplied to the callback funtion.
 696  *
 697  * Returns:
 698  *      WBCGI_FTW_DONE, WBCGI_FTW_CBOK or WBCGI_FTW_CBERR.
 699  */
 700 static int
 701 netboot_ftw(const char *filename, const char *net, const char *cid,
 702     int (*cb)(const char *, void *arg), void *arg)
 703 {
 704         char            ckpath[4][MAXPATHLEN];
 705         int             ret;
 706         struct          stat buf;
 707         int             i = 0;
 708 
 709         if (snprintf(ckpath[i++], MAXPATHLEN, "%s%s", NB_NETBOOT_ROOT, filename)
 710             >= MAXPATHLEN)
 711                 return (WBCGI_FTW_CBERR);
 712 
 713         if (net != NULL && snprintf(ckpath[i++], MAXPATHLEN, "%s%s/%s",
 714             NB_NETBOOT_ROOT, net, filename) >= MAXPATHLEN)
 715                 return (WBCGI_FTW_CBERR);
 716 
 717         if (cid != NULL) {
 718                 if (snprintf(ckpath[i++], MAXPATHLEN, "%s%s/%s",
 719                     NB_NETBOOT_ROOT, cid, filename) >= MAXPATHLEN)
 720                         return (WBCGI_FTW_CBERR);
 721 
 722                 if (net != NULL && snprintf(ckpath[i++], MAXPATHLEN,
 723                     "%s%s/%s/%s", NB_NETBOOT_ROOT, net, cid, filename) >=
 724                     MAXPATHLEN)
 725                         return (WBCGI_FTW_CBERR);
 726         }
 727 
 728         /*
 729          * Loop through hierarchy and check for file existence.
 730          */
 731         while (i > 0) {
 732                 --i;
 733                 if (WBCGI_FILE_EXISTS(ckpath[i], buf)) {
 734                         if ((ret = cb(ckpath[i], arg)) != WBCGI_FTW_CBCONT)
 735                                 return (ret);
 736                 }
 737         }
 738         return (WBCGI_FTW_DONE);
 739 }
 740 
 741 /*ARGSUSED*/
 742 static int
 743 noact_cb(const char *path, void *arg)
 744 {
 745         return (WBCGI_FTW_CBOK);
 746 }
 747 
 748 static int
 749 set_pathname(const char *path, void *pathname)
 750 {
 751         *(char **)pathname = strdup((char *)path);
 752         return (WBCGI_FTW_CBOK);
 753 }
 754 
 755 static int
 756 create_keystore(const char *path, void *keystorepath)
 757 {
 758         if (!extract_keystore(path, (char *)keystorepath)) {
 759                 return (WBCGI_FTW_CBERR);
 760         }
 761         return (WBCGI_FTW_CBOK);
 762 }
 763 
 764 static int
 765 copy_certstore(const char *path, void *certstorepath)
 766 {
 767         if (!copy_file(path, (char *)certstorepath)) {
 768                 return (WBCGI_FTW_CBERR);
 769         }
 770         return (WBCGI_FTW_CBOK);
 771 }
 772 
 773 /*
 774  * Add the certs found in the trustfile found in path (a trust store) to
 775  * the file found at bootfs_dir/truststore.  If necessary, create the
 776  * output file.
 777  */
 778 static int
 779 build_trustfile(const char *path, void *truststorepath)
 780 {
 781         int             ret = WBCGI_FTW_CBERR;
 782         STACK_OF(X509)  *i_anchors = NULL;
 783         STACK_OF(X509)  *o_anchors = NULL;
 784         char            message[WBCGI_MAXBUF];
 785         PKCS12          *p12 = NULL;
 786         FILE            *rfp = NULL;
 787         FILE            *wfp = NULL;
 788         struct stat     i_st;
 789         struct stat     o_st;
 790         X509            *x = NULL;
 791         int             errtype = 0;
 792         int             wfd = -1;
 793         int             chars;
 794         int             i;
 795 
 796         if (!WBCGI_FILE_EXISTS(path, i_st)) {
 797                 goto cleanup;
 798         }
 799 
 800         if (WBCGI_FILE_EXISTS((char *)truststorepath, o_st)) {
 801                 /*
 802                  * If we are inadvertantly writing to the input file.
 803                  * return success.
 804                  * XXX Pete: how can this happen, and why success?
 805                  */
 806                 if (i_st.st_ino == o_st.st_ino) {
 807                         ret = WBCGI_FTW_CBCONT;
 808                         goto cleanup;
 809                 }
 810                 if ((wfp = fopen((char *)truststorepath, "r+")) == NULL) {
 811                         goto cleanup;
 812                 }
 813                 /*
 814                  * Read what's already there, so that new information
 815                  * can be added.
 816                  */
 817                 if ((p12 = d2i_PKCS12_fp(wfp, NULL)) == NULL) {
 818                         errtype = 1;
 819                         goto cleanup;
 820                 }
 821                 i = sunw_PKCS12_parse(p12, WANBOOT_PASSPHRASE, DO_NONE, NULL,
 822                     0, NULL, NULL, NULL, &o_anchors);
 823                 if (i <= 0) {
 824                         errtype = 1;
 825                         goto cleanup;
 826                 }
 827 
 828                 PKCS12_free(p12);
 829                 p12 = NULL;
 830         } else {
 831                 if (errno != ENOENT) {
 832                         chars = snprintf(message, sizeof (message),
 833                             "(error accessing file %s, error %s)",
 834                             path, strerror(errno));
 835                         if (chars > 0 && chars < sizeof (message))
 836                                 print_status(500, message);
 837                         else
 838                                 print_status(500, NULL);
 839                         return (WBCGI_FTW_CBERR);
 840                 }
 841 
 842                 /*
 843                  * Note: We could copy the file to the new trustfile, but
 844                  * we can't verify the password that way.  Therefore, copy
 845                  * it by reading it.
 846                  */
 847                 if ((wfd = open((char *)truststorepath,
 848                     O_CREAT|O_EXCL|O_RDWR, 0700)) < 0) {
 849                         goto cleanup;
 850                 }
 851                 if ((wfp = fdopen(wfd, "w+")) == NULL) {
 852                         goto cleanup;
 853                 }
 854                 o_anchors = sk_X509_new_null();
 855                 if (o_anchors == NULL) {
 856                         goto cleanup;
 857                 }
 858         }
 859 
 860         if ((rfp = fopen(path, "r")) == NULL) {
 861                 goto cleanup;
 862         }
 863         if ((p12 = d2i_PKCS12_fp(rfp, NULL)) == NULL) {
 864                 errtype = 1;
 865                 goto cleanup;
 866         }
 867         i = sunw_PKCS12_parse(p12, WANBOOT_PASSPHRASE, DO_NONE, NULL, 0, NULL,
 868             NULL, NULL, &i_anchors);
 869         if (i <= 0) {
 870                 errtype = 1;
 871                 goto cleanup;
 872         }
 873         PKCS12_free(p12);
 874         p12 = NULL;
 875 
 876         /*
 877          * Merge the two stacks of pkcs12 certs.
 878          */
 879         for (i = 0; i < sk_X509_num(i_anchors); i++) {
 880                 x = sk_X509_delete(i_anchors, i);
 881                 (void) sk_X509_push(o_anchors, x);
 882         }
 883 
 884         /*
 885          * Create the pkcs12 structure from the modified input stack and
 886          * then write out that structure.
 887          */
 888         p12 = sunw_PKCS12_create((const char *)WANBOOT_PASSPHRASE, NULL, NULL,
 889             o_anchors);
 890         if (p12 == NULL) {
 891                 goto cleanup;
 892         }
 893         rewind(wfp);
 894         if (i2d_PKCS12_fp(wfp, p12) == 0) {
 895                 goto cleanup;
 896         }
 897 
 898         ret = WBCGI_FTW_CBCONT;
 899 cleanup:
 900         if (ret == WBCGI_FTW_CBERR) {
 901                 if (errtype == 1) {
 902                         chars = snprintf(message, sizeof (message),
 903                             "(internal PKCS12 error while copying %s to %s)",
 904                             path, (char *)truststorepath);
 905                 } else {
 906                         chars = snprintf(message, sizeof (message),
 907                             "(error copying %s to %s)",
 908                             path, (char *)truststorepath);
 909                 }
 910                 if (chars > 0 && chars <= sizeof (message)) {
 911                         print_status(500, message);
 912                 } else {
 913                         print_status(500, NULL);
 914                 }
 915         }
 916         if (rfp != NULL) {
 917                 (void) fclose(rfp);
 918         }
 919         if (wfp != NULL) {
 920                 /* Will also close wfd */
 921                 (void) fclose(wfp);
 922         }
 923         if (p12 != NULL) {
 924                 PKCS12_free(p12);
 925         }
 926         if (i_anchors != NULL) {
 927                 sk_X509_pop_free(i_anchors, X509_free);
 928         }
 929         if (o_anchors != NULL) {
 930                 sk_X509_pop_free(o_anchors, X509_free);
 931         }
 932 
 933         return (ret);
 934 }
 935 
 936 static boolean_t
 937 check_key_type(const char *keyfile, const char *keytype, int flag)
 938 {
 939         boolean_t       ret = B_FALSE;
 940         FILE            *key_fp = NULL;
 941         wbku_key_attr_t ka;
 942 
 943         /*
 944          * Map keytype into the ka structure
 945          */
 946         if (wbku_str_to_keyattr(keytype, &ka, flag) != WBKU_SUCCESS) {
 947                 goto cleanup;
 948         }
 949 
 950         /*
 951          * Open the key file for reading.
 952          */
 953         if ((key_fp = fopen(keyfile, "r")) == NULL) {
 954                 goto cleanup;
 955         }
 956 
 957         /*
 958          * Find the valid client key, if it exists.
 959          */
 960         if (wbku_find_key(key_fp, NULL, &ka, NULL, B_FALSE) != WBKU_SUCCESS) {
 961                 goto cleanup;
 962         }
 963 
 964         ret = B_TRUE;
 965 cleanup:
 966         if (key_fp != NULL) {
 967                 (void) fclose(key_fp);
 968         }
 969 
 970         return (ret);
 971 }
 972 
 973 static boolean_t
 974 resolve_hostname(const char *hostname, nvlist_t *nvl, boolean_t may_be_crap)
 975 {
 976         struct sockaddr_in      sin;
 977         struct hostent          *hp;
 978         struct utsname          un;
 979         static char             myname[SYS_NMLN] = { '\0' };
 980         char                    *cp = NULL;
 981         char                    msg[WBCGI_MAXBUF];
 982 
 983         /*
 984          *  Initialize cached nodename
 985          */
 986         if (strlen(myname) == 0) {
 987                 if (uname(&un) == -1) {
 988                         (void) snprintf(msg, sizeof (msg),
 989                             "(unable to retrieve uname, errno %d)", errno);
 990                         print_status(500, msg);
 991                         return (B_FALSE);
 992                 }
 993                 (void) strcpy(myname, un.nodename);
 994         }
 995 
 996         /*
 997          * If hostname is local node name, return the address this
 998          * request came in on, which is supplied as SERVER_ADDR in the
 999          * cgi environment.  This ensures we don't send back a possible
1000          * alternate address that may be unreachable from the client's
1001          * network.  Otherwise, just resolve with nameservice.
1002          */
1003         if ((strcmp(hostname, myname) != 0) ||
1004             ((cp = getenv("SERVER_ADDR")) == NULL)) {
1005                 if (((hp = gethostbyname(hostname)) == NULL) ||
1006                     (hp->h_addrtype != AF_INET) ||
1007                     (hp->h_length != sizeof (struct in_addr))) {
1008                         if (!may_be_crap) {
1009                                 print_status(500, "(error resolving hostname)");
1010                         }
1011                         return (may_be_crap);
1012                 }
1013                 (void) memcpy(&sin.sin_addr, hp->h_addr, hp->h_length);
1014                 cp = inet_ntoa(sin.sin_addr);
1015         }
1016 
1017         if (nvlist_add_string(nvl, (char *)hostname, cp) != 0) {
1018                 print_status(500, "(error adding hostname to nvlist)");
1019                 return (B_FALSE);
1020         }
1021 
1022         return (B_TRUE);
1023 }
1024 
1025 /*
1026  * one_name() is called for each certificate found and is passed the string
1027  * that X509_NAME_oneline() returns.  Its job is to find the common name and
1028  * determine whether it is a host name; if it is then a line suitable for
1029  * inclusion in /etc/inet/hosts is written to that file.
1030  */
1031 static boolean_t
1032 one_name(const char *namestr, nvlist_t *nvl)
1033 {
1034         boolean_t       ret = B_TRUE;
1035         char            *p;
1036         char            *q;
1037         char            c;
1038 
1039         if (namestr != NULL &&
1040             (p = strstr(namestr, WBCGI_CNSTR)) != NULL) {
1041                 p += WBCGI_CNSTR_LEN;
1042 
1043                 if ((q = strpbrk(p, WBCGI_NAMESEP)) != NULL) {
1044                         c = *q;
1045                         *q = '\0';
1046                         ret = resolve_hostname(p, nvl, B_TRUE);
1047                         *q = c;
1048                 } else {
1049                         ret = resolve_hostname(p, nvl, B_TRUE);
1050                 }
1051         }
1052 
1053         return (ret);
1054 }
1055 
1056 /*
1057  * Loop through the certificates in a file
1058  */
1059 static int
1060 get_hostnames(const char *path, void *nvl)
1061 {
1062         int             ret = WBCGI_FTW_CBERR;
1063         STACK_OF(X509)  *certs = NULL;
1064         PKCS12          *p12 = NULL;
1065         char            message[WBCGI_MAXBUF];
1066         char            buf[WBCGI_MAXBUF + 1];
1067         FILE            *rfp = NULL;
1068         X509            *x = NULL;
1069         int             errtype = 0;
1070         int             chars;
1071         int             i;
1072 
1073         if ((rfp = fopen(path, "r")) == NULL) {
1074                 goto cleanup;
1075         }
1076 
1077         if ((p12 = d2i_PKCS12_fp(rfp, NULL)) == NULL) {
1078                 errtype = 1;
1079                 goto cleanup;
1080         }
1081         i = sunw_PKCS12_parse(p12, WANBOOT_PASSPHRASE, DO_NONE, NULL, 0, NULL,
1082             NULL, NULL, &certs);
1083         if (i <= 0) {
1084                 errtype = 1;
1085                 goto cleanup;
1086         }
1087 
1088         PKCS12_free(p12);
1089         p12 = NULL;
1090 
1091         for (i = 0; i < sk_X509_num(certs); i++) {
1092                 x = sk_X509_value(certs, i);
1093                 if (!one_name(sunw_issuer_attrs(x, buf, sizeof (buf) - 1),
1094                     nvl)) {
1095                         goto cleanup;
1096                 }
1097         }
1098 
1099         ret = WBCGI_FTW_CBCONT;
1100 cleanup:
1101         if (ret == WBCGI_FTW_CBERR) {
1102                 if (errtype == 1) {
1103                         chars = snprintf(message, sizeof (message),
1104                             "(internal PKCS12 error reading %s)", path);
1105                 } else {
1106                         chars = snprintf(message, sizeof (message),
1107                             "error reading %s", path);
1108                 }
1109                 if (chars > 0 && chars <= sizeof (message)) {
1110                         print_status(500, message);
1111                 } else {
1112                         print_status(500, NULL);
1113                 }
1114         }
1115         if (rfp != NULL) {
1116                 (void) fclose(rfp);
1117         }
1118         if (p12 != NULL) {
1119                 PKCS12_free(p12);
1120         }
1121         if (certs != NULL) {
1122                 sk_X509_pop_free(certs, X509_free);
1123         }
1124 
1125         return (ret);
1126 }
1127 
1128 /*
1129  * Create a hosts file by extracting hosts from client and truststore
1130  * files.  Use the CN. Then we should copy that file to the inet dir.
1131  */
1132 static boolean_t
1133 create_hostsfile(const char *hostsfile, const char *net, const char *cid)
1134 {
1135         boolean_t       ret = B_FALSE;
1136         nvlist_t        *nvl;
1137         nvpair_t        *nvp;
1138         FILE            *hostfp = NULL;
1139         int             hostfd = -1;
1140         int             i;
1141         char            *hostslist;
1142         const char      *bc_urls[] = { BC_ROOT_SERVER, BC_BOOT_LOGGER, NULL };
1143 
1144         /*
1145          * Allocate nvlist handle to store our hostname/IP pairs.
1146          */
1147         if (nvlist_alloc(&nvl, NV_UNIQUE_NAME, 0) != 0) {
1148                 print_status(500, "(error allocating hostname nvlist)");
1149                 goto cleanup;
1150         }
1151 
1152         /*
1153          * Extract and resolve hostnames from CNs.
1154          */
1155         if (netboot_ftw(NB_CLIENT_CERT, net, cid,
1156             get_hostnames, nvl) == WBCGI_FTW_CBERR ||
1157             netboot_ftw(NB_CA_CERT, net, cid,
1158             get_hostnames, nvl) == WBCGI_FTW_CBERR) {
1159                 goto cleanup;
1160         }
1161 
1162         /*
1163          * Extract and resolve hostnames from any URLs in bootconf.
1164          */
1165         for (i = 0; bc_urls[i] != NULL; ++i) {
1166                 char    *urlstr;
1167                 url_t   url;
1168 
1169                 if ((urlstr = bootconf_get(&bc_handle, bc_urls[i])) != NULL &&
1170                     url_parse(urlstr, &url) == URL_PARSE_SUCCESS) {
1171                         if (!resolve_hostname(url.hport.hostname,
1172                             nvl, B_FALSE)) {
1173                                 goto cleanup;
1174                         }
1175                 }
1176         }
1177 
1178         /*
1179          * If there is a resolve-hosts list in bootconf, resolve those
1180          * hostnames too.
1181          */
1182         if ((hostslist = bootconf_get(&bc_handle, BC_RESOLVE_HOSTS)) != NULL) {
1183                 char    *hostname;
1184 
1185                 for (hostname = strtok(hostslist, ","); hostname != NULL;
1186                     hostname = strtok(NULL, ",")) {
1187                         if (!resolve_hostname(hostname, nvl, B_FALSE)) {
1188                                 goto cleanup;
1189                         }
1190                 }
1191         }
1192 
1193         /*
1194          * Now write the hostname/IP pairs gathered to the hosts file.
1195          */
1196         if ((hostfd = open(hostsfile,
1197             O_RDWR|O_CREAT|O_EXCL, S_IRUSR|S_IWUSR)) == -1 ||
1198             (hostfp = fdopen(hostfd, "w+")) == NULL) {
1199                 print_status(500, "(error creating hosts file)");
1200                 goto cleanup;
1201         }
1202         for (nvp = nvlist_next_nvpair(nvl, NULL); nvp != NULL;
1203             nvp = nvlist_next_nvpair(nvl, nvp)) {
1204                 char    *hostname;
1205                 char    *ipstr;
1206 
1207                 hostname = nvpair_name(nvp);
1208                 if (nvpair_value_string(nvp, &ipstr) != 0) {
1209                         print_status(500, "(nvl error writing hosts file)");
1210                         goto cleanup;
1211                 }
1212 
1213                 if (fprintf(hostfp, "%s\t%s\n", ipstr, hostname) < 0) {
1214                         print_status(500, "(error writing hosts file)");
1215                         goto cleanup;
1216                 }
1217         }
1218 
1219         ret = B_TRUE;
1220 cleanup:
1221         if (nvl != NULL) {
1222                 nvlist_free(nvl);
1223         }
1224         if (hostfp != NULL) {
1225                 /*
1226                  * hostfd is automatically closed as well.
1227                  */
1228                 (void) fclose(hostfp);
1229         }
1230 
1231         return (ret);
1232 }
1233 
1234 static boolean_t
1235 bootfile_payload(const char *docroot, char **bootpathp)
1236 {
1237         boolean_t       ret = B_FALSE;
1238         char            *boot_file;
1239         struct stat     sbuf;
1240 
1241         if ((boot_file = bootconf_get(&bc_handle, BC_BOOT_FILE)) == NULL) {
1242                 print_status(500, "(boot_file must be specified)");
1243                 goto cleanup;
1244         }
1245         if ((*bootpathp = make_path(docroot, boot_file)) == NULL) {
1246                 goto cleanup;
1247         }
1248         if (!WBCGI_FILE_EXISTS(*bootpathp, sbuf)) {
1249                 print_status(500, "(boot_file missing)");
1250                 goto cleanup;
1251         }
1252 
1253         ret = B_TRUE;
1254 cleanup:
1255         return (ret);
1256 }
1257 
1258 /*
1259  * Create the wanboot file system whose contents are determined by the
1260  * security configuration specified in bootconf.
1261  */
1262 static boolean_t
1263 wanbootfs_payload(const char *net, const char *cid, const char *nonce,
1264     const char *bootconf, char **wanbootfs_imagep)
1265 {
1266         int             ret = B_FALSE;
1267 
1268         char            *server_authentication;
1269         char            *client_authentication;
1270         char            *scf;
1271 
1272         char            *bootfs_dir = NULL;
1273         char            *bootfs_etc_dir = NULL;
1274         char            *bootfs_etc_inet_dir = NULL;
1275         char            *bootfs_dev_dir = NULL;
1276 
1277         char            *systemconf = NULL;
1278         char            *keystorepath = NULL;
1279         char            *certstorepath = NULL;
1280         char            *truststorepath = NULL;
1281         char            *bootconfpath = NULL;
1282         char            *systemconfpath = NULL;
1283         char            *urandompath = NULL;
1284         char            *noncepath = NULL;
1285         char            *hostspath = NULL;
1286         char            *etc_hostspath = NULL;
1287         char            *timestamppath = NULL;
1288 
1289         boolean_t       authenticate_client;
1290         boolean_t       authenticate_server;
1291 
1292         struct stat     sbuf;
1293 
1294         /*
1295          * Initialize SSL stuff.
1296          */
1297         sunw_crypto_init();
1298 
1299         /*
1300          * Get the security strategy values.
1301          */
1302         client_authentication = bootconf_get(&bc_handle,
1303             BC_CLIENT_AUTHENTICATION);
1304         authenticate_client = (client_authentication != NULL &&
1305             strcmp(client_authentication, "yes") == 0);
1306         server_authentication = bootconf_get(&bc_handle,
1307             BC_SERVER_AUTHENTICATION);
1308         authenticate_server = (server_authentication != NULL &&
1309             strcmp(server_authentication, "yes") == 0);
1310 
1311         /*
1312          * Make a temporary directory structure for the wanboot file system.
1313          */
1314         if ((bootfs_dir = gen_tmppath("bootfs_dir", net, cid)) == NULL ||
1315             (bootfs_etc_dir = make_path(bootfs_dir, "etc")) == NULL ||
1316             (bootfs_etc_inet_dir = make_path(bootfs_etc_dir, "inet")) == NULL ||
1317             (bootfs_dev_dir = make_path(bootfs_dir, "dev")) == NULL) {
1318                 goto cleanup;
1319         }
1320         if (mkdirp(bootfs_dir, 0700) ||
1321             mkdirp(bootfs_etc_dir, 0700) ||
1322             mkdirp(bootfs_etc_inet_dir, 0700) ||
1323             mkdirp(bootfs_dev_dir, 0700)) {
1324                 print_status(500, "(error creating wanbootfs dir structure)");
1325                 goto cleanup;
1326         }
1327 
1328         if (authenticate_client) {
1329                 /*
1330                  * Add the client private key.
1331                  */
1332                 if ((keystorepath = make_path(bootfs_dir,
1333                     NB_CLIENT_KEY)) == NULL ||
1334                     netboot_ftw(NB_CLIENT_KEY, net, cid,
1335                     create_keystore, keystorepath) != WBCGI_FTW_CBOK) {
1336                         goto cleanup;
1337                 }
1338 
1339                 /*
1340                  * Add the client certificate.
1341                  */
1342                 if ((certstorepath = make_path(bootfs_dir,
1343                     NB_CLIENT_CERT)) == NULL ||
1344                     netboot_ftw(NB_CLIENT_CERT, net, cid,
1345                     copy_certstore, certstorepath) != WBCGI_FTW_CBOK) {
1346                         goto cleanup;
1347                 }
1348         }
1349 
1350         if (authenticate_client || authenticate_server) {
1351                 /*
1352                  * Add the trustfile; at least one truststore must exist.
1353                  */
1354                 if ((truststorepath = make_path(bootfs_dir,
1355                     NB_CA_CERT)) == NULL) {
1356                         goto cleanup;
1357                 }
1358                 if (netboot_ftw(NB_CA_CERT, net, cid,
1359                     noact_cb, NULL) != WBCGI_FTW_CBOK) {
1360                         print_status(500, "(truststore not found)");
1361                 }
1362                 if (netboot_ftw(NB_CA_CERT, net, cid,
1363                     build_trustfile, truststorepath) == WBCGI_FTW_CBERR) {
1364                         goto cleanup;
1365                 }
1366 
1367                 /*
1368                  * Create the /dev/urandom file.
1369                  */
1370                 if ((urandompath = make_path(bootfs_dev_dir,
1371                     "urandom")) == NULL ||
1372                     !create_urandom(urandompath)) {
1373                         goto cleanup;
1374                 }
1375         }
1376 
1377         /*
1378          * Add the wanboot.conf(4) file.
1379          */
1380         if ((bootconfpath = make_path(bootfs_dir, NB_WANBOOT_CONF)) == NULL ||
1381             !copy_file(bootconf, bootconfpath)) {
1382                 goto cleanup;
1383         }
1384 
1385         /*
1386          * Add the system_conf file if present.
1387          */
1388         if ((scf = bootconf_get(&bc_handle, BC_SYSTEM_CONF)) != NULL) {
1389                 if (netboot_ftw(scf, net, cid,
1390                     set_pathname, &systemconf) != WBCGI_FTW_CBOK) {
1391                         print_status(500, "(system_conf file not found)");
1392                         goto cleanup;
1393                 }
1394                 if ((systemconfpath = make_path(bootfs_dir,
1395                     NB_SYSTEM_CONF)) == NULL ||
1396                     !copy_file(systemconf, systemconfpath)) {
1397                         goto cleanup;
1398                 }
1399         }
1400 
1401         /*
1402          * Create the /nonce file.
1403          */
1404         if ((noncepath = make_path(bootfs_dir, "nonce")) == NULL ||
1405             !create_nonce(noncepath, nonce)) {
1406                 goto cleanup;
1407         }
1408 
1409         /*
1410          * Create an /etc/inet/hosts file by extracting hostnames from CN,
1411          * URLs in bootconf and resolve-hosts in bootconf.
1412          */
1413         if ((hostspath = make_path(bootfs_etc_inet_dir, "hosts")) == NULL ||
1414             !create_hostsfile(hostspath, net, cid)) {
1415                 goto cleanup;
1416         }
1417 
1418         /*
1419          * We would like to create a symbolic link etc/hosts -> etc/inet/hosts,
1420          * but unfortunately the HSFS support in the standalone doesn't handle
1421          * symlinks.
1422          */
1423         if ((etc_hostspath = make_path(bootfs_etc_dir, "hosts")) == NULL ||
1424             !copy_file(hostspath, etc_hostspath)) {
1425                 goto cleanup;
1426         }
1427 
1428         /*
1429          * Create the /timestamp file.
1430          */
1431         if ((timestamppath = make_path(bootfs_dir, "timestamp")) == NULL ||
1432             !create_timestamp(timestamppath, "timestamp")) {
1433                 goto cleanup;
1434         }
1435 
1436         /*
1437          * Create an HSFS file system for the directory.
1438          */
1439         if ((*wanbootfs_imagep = gen_tmppath("wanbootfs", net, cid)) == NULL ||
1440             !mkisofs(bootfs_dir, *wanbootfs_imagep)) {
1441                 goto cleanup;
1442         }
1443 
1444         ret = B_TRUE;
1445 cleanup:
1446         /*
1447          * Clean up temporary files and directories.
1448          */
1449         if (keystorepath != NULL &&
1450             WBCGI_FILE_EXISTS(keystorepath, sbuf)) {
1451                 (void) unlink(keystorepath);
1452         }
1453         if (certstorepath != NULL &&
1454             WBCGI_FILE_EXISTS(certstorepath, sbuf)) {
1455                 (void) unlink(certstorepath);
1456         }
1457         if (truststorepath != NULL &&
1458             WBCGI_FILE_EXISTS(truststorepath, sbuf)) {
1459                 (void) unlink(truststorepath);
1460         }
1461         if (bootconfpath != NULL &&
1462             WBCGI_FILE_EXISTS(bootconfpath, sbuf)) {
1463                 (void) unlink(bootconfpath);
1464         }
1465         if (systemconfpath != NULL &&
1466             WBCGI_FILE_EXISTS(systemconfpath, sbuf)) {
1467                 (void) unlink(systemconfpath);
1468         }
1469         if (urandompath != NULL &&
1470             WBCGI_FILE_EXISTS(urandompath, sbuf)) {
1471                 (void) unlink(urandompath);
1472         }
1473         if (noncepath != NULL &&
1474             WBCGI_FILE_EXISTS(noncepath, sbuf)) {
1475                 (void) unlink(noncepath);
1476         }
1477         if (hostspath != NULL &&
1478             WBCGI_FILE_EXISTS(hostspath, sbuf)) {
1479                 (void) unlink(hostspath);
1480         }
1481         if (etc_hostspath != NULL &&
1482             WBCGI_FILE_EXISTS(etc_hostspath, sbuf)) {
1483                 (void) unlink(etc_hostspath);
1484         }
1485         if (timestamppath != NULL &&
1486             WBCGI_FILE_EXISTS(timestamppath, sbuf)) {
1487                 (void) unlink(timestamppath);
1488         }
1489 
1490         if (bootfs_etc_inet_dir != NULL &&
1491             WBCGI_DIR_EXISTS(bootfs_etc_inet_dir, sbuf)) {
1492                 (void) rmdir(bootfs_etc_inet_dir);
1493         }
1494         if (bootfs_etc_dir != NULL &&
1495             WBCGI_DIR_EXISTS(bootfs_etc_dir, sbuf)) {
1496                 (void) rmdir(bootfs_etc_dir);
1497         }
1498         if (bootfs_dev_dir != NULL &&
1499             WBCGI_DIR_EXISTS(bootfs_dev_dir, sbuf)) {
1500                 (void) rmdir(bootfs_dev_dir);
1501         }
1502         if (bootfs_dir != NULL &&
1503             WBCGI_DIR_EXISTS(bootfs_dir, sbuf)) {
1504                 (void) rmdir(bootfs_dir);
1505         }
1506 
1507         /*
1508          * Free allocated memory.
1509          */
1510         free_path(&bootfs_dir);
1511         free_path(&bootfs_etc_dir);
1512         free_path(&bootfs_etc_inet_dir);
1513         free_path(&bootfs_dev_dir);
1514 
1515         free_path(&systemconf);
1516         free_path(&keystorepath);
1517         free_path(&certstorepath);
1518         free_path(&truststorepath);
1519         free_path(&bootconfpath);
1520         free_path(&systemconfpath);
1521         free_path(&urandompath);
1522         free_path(&noncepath);
1523         free_path(&hostspath);
1524         free_path(&etc_hostspath);
1525         free_path(&timestamppath);
1526 
1527         return (ret);
1528 }
1529 
1530 static boolean_t
1531 miniroot_payload(const char *net, const char *cid, const char *docroot,
1532     char **rootpathp, char **rootinfop, boolean_t *https_rootserverp)
1533 {
1534         boolean_t       ret = B_FALSE;
1535         char            *root_server;
1536         char            *root_file;
1537         url_t           url;
1538         struct stat     sbuf;
1539         char            sizebuf[WBCGI_MAXBUF];
1540         int             chars;
1541         int             fd = -1;
1542 
1543         if ((root_server = bootconf_get(&bc_handle, BC_ROOT_SERVER)) == NULL) {
1544                 print_status(500, "(root_server must be specified)");
1545                 goto cleanup;
1546         }
1547         if (url_parse(root_server, &url) != URL_PARSE_SUCCESS) {
1548                 print_status(500, "(root_server URL is invalid)");
1549         }
1550         *https_rootserverp = url.https;
1551 
1552         if ((root_file = bootconf_get(&bc_handle, BC_ROOT_FILE)) == NULL) {
1553                 print_status(500, "(rootfile must be specified)");
1554                 goto cleanup;
1555         }
1556         if ((*rootpathp = make_path(docroot, root_file)) == NULL) {
1557                 goto cleanup;
1558         }
1559         if (!WBCGI_FILE_EXISTS(*rootpathp, sbuf)) {
1560                 print_status(500, "(root filesystem image missing)");
1561                 goto cleanup;
1562         }
1563 
1564         if ((*rootinfop = gen_tmppath("mrinfo", net, cid)) == NULL) {
1565                 goto cleanup;
1566         }
1567         if ((chars = snprintf(sizebuf, sizeof (sizebuf), "%ld",
1568             sbuf.st_size)) < 0 || chars > sizeof (sizebuf) ||
1569             (fd = open(*rootinfop,
1570             O_RDWR|O_CREAT|O_EXCL, S_IRUSR|S_IWUSR)) == -1 ||
1571             !write_buffer(fd, sizebuf, strlen(sizebuf))) {
1572                 print_status(500, "(error creating miniroot info file)");
1573                 goto cleanup;
1574         }
1575 
1576         ret = B_TRUE;
1577 cleanup:
1578         if (fd != -1) {
1579                 (void) close(fd);
1580         }
1581 
1582         return (ret);
1583 }
1584 
1585 static boolean_t
1586 deliver_payload(const char *payload, const char *payload_hash)
1587 {
1588         int             fd = fileno(stdout);
1589         struct stat     payload_buf, hash_buf;
1590         int             chars;
1591         char            main_header[WBCGI_MAXBUF];
1592         char            multi_header[WBCGI_MAXBUF];
1593         char            multi_header1[WBCGI_MAXBUF];
1594         char            multi_header2[WBCGI_MAXBUF];
1595         char            multi_end[WBCGI_MAXBUF];
1596         size_t          msglen;
1597 
1598         if (!WBCGI_FILE_EXISTS(payload, payload_buf) ||
1599             !WBCGI_FILE_EXISTS(payload_hash, hash_buf)) {
1600                 print_status(500, "(payload/hash file(s) missing)");
1601                 return (B_FALSE);
1602         }
1603 
1604         /*
1605          * Multi-part header.
1606          */
1607         if ((chars = snprintf(multi_header, sizeof (multi_header),
1608             "%s--%s%s%sapplication/octet-stream%s%s", WBCGI_CRNL,
1609             WBCGI_WANBOOT_BNDTXT, WBCGI_CRNL, WBCGI_CONTENT_TYPE, WBCGI_CRNL,
1610             WBCGI_CONTENT_LENGTH)) < 0 || chars > sizeof (multi_header)) {
1611                 print_status(500, "(error creating multi_header)");
1612                 return (B_FALSE);
1613         }
1614 
1615         /*
1616          * Multi-part header for part one.
1617          */
1618         if ((chars = snprintf(multi_header1, sizeof (multi_header1),
1619             "%s%ld%s%s", multi_header, payload_buf.st_size, WBCGI_CRNL,
1620             WBCGI_CRNL)) < 0 || chars > sizeof (multi_header1)) {
1621                 print_status(500, "(error creating multi_header1)");
1622                 return (B_FALSE);
1623         }
1624 
1625         /*
1626          * Multi-part header for part two.
1627          */
1628         if ((chars = snprintf(multi_header2, sizeof (multi_header2),
1629             "%s%ld%s%s", multi_header, hash_buf.st_size, WBCGI_CRNL,
1630             WBCGI_CRNL)) < 0 || chars > sizeof (multi_header2)) {
1631                 print_status(500, "(error creating multi_header2)");
1632                 return (B_FALSE);
1633         }
1634 
1635         /*
1636          * End-of-parts Trailer.
1637          */
1638         if ((chars = snprintf(multi_end, sizeof (multi_end),
1639             "%s--%s--%s", WBCGI_CRNL, WBCGI_WANBOOT_BNDTXT,
1640             WBCGI_CRNL)) < 0 || chars > sizeof (multi_end)) {
1641                 print_status(500, "(error creating multi_end)");
1642                 return (B_FALSE);
1643         }
1644 
1645         /*
1646          * Message header.
1647          */
1648         msglen = payload_buf.st_size +  hash_buf.st_size +
1649             strlen(multi_header1) + strlen(multi_header2) + strlen(multi_end);
1650 
1651         if ((chars = snprintf(main_header, sizeof (main_header),
1652             "%s%u%s%smultipart/mixed; boundary=%s%s%s", WBCGI_CONTENT_LENGTH,
1653             msglen, WBCGI_CRNL, WBCGI_CONTENT_TYPE, WBCGI_WANBOOT_BNDTXT,
1654             WBCGI_CRNL, WBCGI_CRNL)) < 0 || chars > sizeof (main_header)) {
1655                 print_status(500, "(error creating main_header)");
1656                 return (B_FALSE);
1657         }
1658 
1659         /*
1660          * Write the message out.  If things fall apart during this then
1661          * there's no way to report the error back to the client.
1662          */
1663         if (!write_buffer(fd, main_header, strlen(main_header)) ||
1664             !write_buffer(fd, multi_header1, strlen(multi_header1)) ||
1665             !write_file(fd, payload, payload_buf.st_size) ||
1666             !write_buffer(fd, multi_header2, strlen(multi_header2)) ||
1667             !write_file(fd, payload_hash, hash_buf.st_size) ||
1668             !write_buffer(fileno(stdout), multi_end, strlen(multi_end))) {
1669                 return (B_FALSE);
1670         }
1671 
1672         return (B_TRUE);
1673 }
1674 
1675 
1676 /*ARGSUSED*/
1677 int
1678 main(int argc, char **argv)
1679 {
1680         int             ret = WBCGI_STATUS_ERR;
1681         struct stat     sbuf;
1682         int             content;
1683         char            *net;
1684         char            *cid;
1685         char            *nonce;
1686         char            *docroot;
1687         char            *payload;
1688         char            *signature_type;
1689         char            *encryption_type;
1690         char            *bootconf = NULL;
1691         char            *keyfile = NULL;
1692         char            *bootpath = NULL;
1693         char            *wanbootfs_image = NULL;
1694         char            *rootpath = NULL;
1695         char            *miniroot_info = NULL;
1696         char            *encr_payload = NULL;
1697         char            *payload_hash = NULL;
1698         boolean_t       https_rootserver;
1699 
1700         /*
1701          * Process the query string.
1702          */
1703         if (!get_request_info(&content, &net, &cid, &nonce, &docroot)) {
1704                 goto cleanup;
1705         }
1706 
1707         /*
1708          * Sanity check that the netboot directory exists.
1709          */
1710         if (!WBCGI_DIR_EXISTS(NB_NETBOOT_ROOT, sbuf)) {
1711                 print_status(500, "(" NB_NETBOOT_ROOT " does not exist)");
1712                 goto cleanup;
1713         }
1714 
1715         /*
1716          * Get absolute bootconf pathname.
1717          */
1718         if (netboot_ftw(NB_WANBOOT_CONF, net, cid,
1719             set_pathname, &bootconf) != WBCGI_FTW_CBOK) {
1720                 print_status(500, "(wanboot.conf not found)");
1721                 goto cleanup;
1722         }
1723 
1724         /*
1725          * Initialize bc_handle from the given wanboot.conf file.
1726          */
1727         if (bootconf_init(&bc_handle, bootconf) != BC_SUCCESS) {
1728                 char    message[WBCGI_MAXBUF];
1729                 int     chars;
1730 
1731                 chars = snprintf(message, sizeof (message),
1732                     "(wanboot.conf error: %s)", bootconf_errmsg(&bc_handle));
1733                 if (chars > 0 && chars < sizeof (message))
1734                         print_status(500, message);
1735                 else
1736                         print_status(500, "(wanboot.conf error)");
1737                 goto cleanup;
1738         }
1739 
1740         /*
1741          * Get and check signature and encryption types,
1742          * presence of helper utilities, keystore, etc.
1743          */
1744         if ((signature_type = bootconf_get(&bc_handle,
1745             BC_SIGNATURE_TYPE)) != NULL) {
1746                 if (!WBCGI_FILE_EXISTS(WBCGI_HMAC_PATH, sbuf)) {
1747                         print_status(500, "(hmac utility not found)");
1748                         goto cleanup;
1749                 }
1750                 if (keyfile == NULL && netboot_ftw(NB_CLIENT_KEY, net, cid,
1751                     set_pathname, &keyfile) != WBCGI_FTW_CBOK) {
1752                         print_status(500, "(keystore not found)");
1753                         goto cleanup;
1754                 }
1755                 if (!check_key_type(keyfile, signature_type, WBKU_HASH_KEY)) {
1756                         print_status(500, "(hash key not found)");
1757                         goto cleanup;
1758                 }
1759         }
1760         if ((encryption_type = bootconf_get(&bc_handle,
1761             BC_ENCRYPTION_TYPE)) != NULL) {
1762                 if (signature_type == NULL) {
1763                         print_status(500, "(encrypted but not signed)");
1764                         goto cleanup;
1765                 }
1766                 if (!WBCGI_FILE_EXISTS(WBCGI_ENCR_PATH, sbuf)) {
1767                         print_status(500, "(encr utility not found)");
1768                         goto cleanup;
1769                 }
1770                 if (keyfile == NULL && netboot_ftw(NB_CLIENT_KEY, net, cid,
1771                     set_pathname, &keyfile) != WBCGI_FTW_CBOK) {
1772                         print_status(500, "(keystore not found)");
1773                         goto cleanup;
1774                 }
1775                 if (!check_key_type(keyfile, encryption_type, WBKU_ENCR_KEY)) {
1776                         print_status(500, "(encr key not found)");
1777                         goto cleanup;
1778                 }
1779         }
1780 
1781         /*
1782          * Determine/create our payload.
1783          */
1784         switch (content) {
1785         case WBCGI_CONTENT_BOOTFILE:
1786                 if (!bootfile_payload(docroot, &bootpath)) {
1787                         goto cleanup;
1788                 }
1789                 payload = bootpath;
1790 
1791                 break;
1792 
1793         case WBCGI_CONTENT_BOOTFS:
1794                 if (!wanbootfs_payload(net, cid, nonce,
1795                     bootconf, &wanbootfs_image)) {
1796                         goto cleanup;
1797                 }
1798                 payload = wanbootfs_image;
1799 
1800                 break;
1801 
1802         case WBCGI_CONTENT_ROOTFS:
1803                 if (!miniroot_payload(net, cid, docroot,
1804                     &rootpath, &miniroot_info, &https_rootserver)) {
1805                         goto cleanup;
1806                 }
1807                 payload = rootpath;
1808 
1809                 break;
1810         }
1811 
1812         /*
1813          * Encrypt the payload if necessary.
1814          */
1815         if (content != WBCGI_CONTENT_BOOTFILE &&
1816             content != WBCGI_CONTENT_ROOTFS &&
1817             encryption_type != NULL) {
1818                 if ((encr_payload = gen_tmppath("encr", net, cid)) == NULL) {
1819                         goto cleanup;
1820                 }
1821 
1822                 if (!encrypt_payload(payload, encr_payload, keyfile,
1823                     encryption_type)) {
1824                         goto cleanup;
1825                 }
1826 
1827                 payload = encr_payload;
1828         }
1829 
1830         /*
1831          * Compute the hash (actual or null).
1832          */
1833         if ((payload_hash = gen_tmppath("hash", net, cid)) == NULL) {
1834                 goto cleanup;
1835         }
1836 
1837         if (signature_type != NULL &&
1838             (content != WBCGI_CONTENT_ROOTFS || !https_rootserver)) {
1839                 if (!hash_payload(payload, payload_hash, keyfile)) {
1840                         goto cleanup;
1841                 }
1842         } else {
1843                 if (!create_null_hash(payload_hash)) {
1844                         goto cleanup;
1845                 }
1846         }
1847 
1848         /*
1849          * For the rootfs the actual payload transmitted is the file
1850          * containing the size of the rootfs (as a string of ascii digits);
1851          * point payload at this instead.
1852          */
1853         if (content == WBCGI_CONTENT_ROOTFS) {
1854                 payload = miniroot_info;
1855         }
1856 
1857         /*
1858          * Finally, deliver the payload and hash as a multipart message.
1859          */
1860         if (!deliver_payload(payload, payload_hash)) {
1861                 goto cleanup;
1862         }
1863 
1864         ret = WBCGI_STATUS_OK;
1865 cleanup:
1866         /*
1867          * Clean up temporary files.
1868          */
1869         if (wanbootfs_image != NULL &&
1870             WBCGI_FILE_EXISTS(wanbootfs_image, sbuf)) {
1871                 (void) unlink(wanbootfs_image);
1872         }
1873         if (miniroot_info != NULL &&
1874             WBCGI_FILE_EXISTS(miniroot_info, sbuf)) {
1875                 (void) unlink(miniroot_info);
1876         }
1877         if (encr_payload != NULL &&
1878             WBCGI_FILE_EXISTS(encr_payload, sbuf)) {
1879                 (void) unlink(encr_payload);
1880         }
1881         if (payload_hash != NULL &&
1882             WBCGI_FILE_EXISTS(payload_hash, sbuf)) {
1883                 (void) unlink(payload_hash);
1884         }
1885 
1886         /*
1887          * Free up any allocated strings.
1888          */
1889         free_path(&bootconf);
1890         free_path(&keyfile);
1891         free_path(&bootpath);
1892         free_path(&wanbootfs_image);
1893         free_path(&rootpath);
1894         free_path(&miniroot_info);
1895         free_path(&encr_payload);
1896         free_path(&payload_hash);
1897 
1898         bootconf_end(&bc_handle);
1899 
1900         return (ret);
1901 }