Tony,
I incorporated your comments and updated the webrev.
The updated version is at:
http://dan.drydog.com/reviews/6414175-kcfconf-1/
- Dan
> cryptoadm.c:1165
> I don't believe you need the in_kernel == B_FALSE check since there is
> one on line 1148 which causes a return(). I don't see any changes to
> in_kernel between the two lines. I think only !pent->load check is
> necessary.
FIXED.
> adm_kef.c.433
> Is it necessary to check again if the module is in_kernel=TRUE? It was
> checked at the beginning of the function, is it paranoia that the module
> could have been unloaded between the top of the function and the middle?
FIXED--I removed the extra check.
>
> A second related question to this section, why is it necessary to have
> the software module loaded to then disable it. I'm assuming at that
> point in the code (line 438 to be exact) we know the provider name the
> user entered is a valid one (valid meaning "aes", invalid meaning "blah")
I don't know. The code currently checks that the kernel module is loaded. The
comment there says:
* Check if the kernel software provider is currently unloaded.
* If it is unloaded, return FAILURE, because the disable subcommand
* can not perform on inactive (unloaded) providers.
> adm_kef_util.c:update_kcfconf
>
> I assume that a disabled provider (say software, md5) will have to be
> placed in kcf.conf for the system not to load it on reboot?
True. "cryptoadm disable" updates the disabledlist in kcf.conf file through
disable_kef_software() calling update_kcfconf()
> But when I
> look at the update_kcfconf function when it's called by uninstall_kcf, I
> don't see an entry for adding an entry in kcf.conf (aka !found_entry &&
> delete_it), am I missing something?
Uninstall is a different function from disable.
No entry is added to kcf.conf--any (optional) entries are removed if present.
The removal is done at the end of uninstall_kef() where it calls
update_kcfconf().
--
This message posted from opensolaris.org
