author | Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM> |
Sat, 20 Oct 2012 00:06:08 -0700 | |
branch | s11-sru |
changeset 2391 | 811524a2620b |
parent 259 | components/trousers/patches/svrside.c.patch@520697a05dde |
permissions | -rw-r--r-- |
2391
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
1 |
--- src/tcsd/svrside.c 2010-06-09 13:19:00.000000000 -0700 |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
2 |
+++ src/tcsd/svrside.c 2012-04-19 11:27:31.232524632 -0700 |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
3 |
@@ -27,6 +27,15 @@ |
259
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
4 |
#include <arpa/inet.h> |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
5 |
#include <errno.h> |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
6 |
#include <getopt.h> |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
7 |
+#ifdef SOLARIS |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
8 |
+#include <priv.h> |
2391
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
9 |
+#include <fcntl.h> |
259
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
10 |
+#endif |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
11 |
+#ifndef HAVE_DAEMON |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
12 |
+#include <fcntl.h> |
2391
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
13 |
+#include <syslog.h> |
259
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
14 |
+#endif |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
15 |
+ |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
16 |
#include "trousers/tss.h" |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
17 |
#include "trousers_types.h" |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
18 |
#include "tcs_tsp.h" |
2391
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
19 |
@@ -44,6 +53,10 @@ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
20 |
static volatile int hup = 0, term = 0; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
21 |
extern char *optarg; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
22 |
|
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
23 |
+#ifdef SOLARIS |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
24 |
+static int get_event_log_from_kernel(void); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
25 |
+#endif |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
26 |
+ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
27 |
static void |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
28 |
tcsd_shutdown(void) |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
29 |
{ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
30 |
@@ -170,6 +183,10 @@ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
31 |
(void)req_mgr_final(); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
32 |
return result; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
33 |
} |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
34 |
+#ifdef SOLARIS |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
35 |
+ /* Not fatal if this fails */ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
36 |
+ (void) get_event_log_from_kernel(); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
37 |
+#endif |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
38 |
|
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
39 |
result = owner_evict_init(); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
40 |
if (result != TSS_SUCCESS) { |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
41 |
@@ -208,13 +225,169 @@ |
259
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
42 |
} |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
43 |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
44 |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
45 |
+#ifdef SOLARIS |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
46 |
+ |
2391
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
47 |
+extern int get_device_fd(void); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
48 |
+ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
49 |
+#define TPM_IOCTL_GETEVTABLE 1 |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
50 |
+struct tpm_evtable_ioblk { |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
51 |
+ uint32_t buflen; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
52 |
+ caddr_t buf; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
53 |
+}; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
54 |
+ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
55 |
+static int |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
56 |
+store_eventlog(char *filename, struct tpm_evtable_ioblk *evlog) |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
57 |
+{ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
58 |
+ int fd; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
59 |
+ int bytes = 0; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
60 |
+ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
61 |
+ fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT, 0600); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
62 |
+ if (fd == -1) { |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
63 |
+ LogError("Error opening logfile %s: %s", filename, |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
64 |
+ strerror(errno)); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
65 |
+ return (-1); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
66 |
+ } |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
67 |
+ while (bytes < evlog->buflen) { |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
68 |
+ int n; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
69 |
+ n = write(fd, evlog->buf, evlog->buflen - bytes); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
70 |
+ if (n == -1 && errno != EAGAIN) { |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
71 |
+ LogError("Error writing logfile %s: %s", |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
72 |
+ filename, strerror(errno)); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
73 |
+ close(fd); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
74 |
+ return (-1); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
75 |
+ } |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
76 |
+ if (n != -1) |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
77 |
+ bytes += n; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
78 |
+ } |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
79 |
+ close(fd); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
80 |
+ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
81 |
+ return (0); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
82 |
+} |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
83 |
+ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
84 |
+static int |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
85 |
+get_event_log_from_kernel(void) |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
86 |
+{ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
87 |
+ int fd = get_device_fd(); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
88 |
+ struct tpm_evtable_ioblk ioblk; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
89 |
+ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
90 |
+ if (fd == -1) |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
91 |
+ return (-1); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
92 |
+ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
93 |
+ (void) memset(&ioblk, 0, sizeof (ioblk)); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
94 |
+ if (ioctl(fd, TPM_IOCTL_GETEVTABLE, &ioblk)) { |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
95 |
+ LogDebug("Cannot get event log from kernel: %s", |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
96 |
+ strerror(errno)); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
97 |
+ return (-1); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
98 |
+ } |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
99 |
+ if (ioblk.buflen == 0) |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
100 |
+ return (0); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
101 |
+ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
102 |
+ ioblk.buf = calloc(1, ioblk.buflen); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
103 |
+ if (ioblk.buf == NULL) { |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
104 |
+ return (-1); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
105 |
+ } |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
106 |
+ if (ioctl(fd, TPM_IOCTL_GETEVTABLE, &ioblk)) { |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
107 |
+ free(ioblk.buf); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
108 |
+ LogDebug("Cannot get event log from kernel: %s", |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
109 |
+ strerror(errno)); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
110 |
+ return (-1); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
111 |
+ } |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
112 |
+ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
113 |
+ return (store_eventlog(tcsd_options.firmware_log_file, &ioblk)); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
114 |
+} |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
115 |
+ |
259
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
116 |
+/* |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
117 |
+ * For Solaris, make the tcsd privilege aware and drop |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
118 |
+ * risky privileges if they are not needed. |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
119 |
+ */ |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
120 |
+static int |
2391
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
121 |
+drop_privs(void) |
259
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
122 |
+{ |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
123 |
+ priv_set_t *myprivs; |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
124 |
+ int rv; |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
125 |
+ |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
126 |
+ /* |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
127 |
+ * Drop unneeded privs such as fork/exec. |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
128 |
+ * |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
129 |
+ * Get "basic" privs and remove the ones we don't want. |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
130 |
+ */ |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
131 |
+ if ((myprivs = priv_str_to_set("basic", ",", NULL)) == NULL) { |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
132 |
+ LogError("priv_str_to_set failed: %s", strerror(errno)); |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
133 |
+ return (1); |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
134 |
+ } else { |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
135 |
+ (void) priv_delset(myprivs, PRIV_PROC_EXEC); |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
136 |
+ (void) priv_delset(myprivs, PRIV_PROC_FORK); |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
137 |
+ (void) priv_delset(myprivs, PRIV_FILE_LINK_ANY); |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
138 |
+ (void) priv_delset(myprivs, PRIV_PROC_INFO); |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
139 |
+ (void) priv_delset(myprivs, PRIV_PROC_SESSION); |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
140 |
+ (void) priv_delset(myprivs, PRIV_PROC_SETID); |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
141 |
+ |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
142 |
+ /* for auditing */ |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
143 |
+ (void) priv_addset(myprivs, PRIV_PROC_AUDIT); |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
144 |
+ |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
145 |
+ if ((rv = setppriv(PRIV_SET, PRIV_PERMITTED, myprivs))) |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
146 |
+ return (rv); |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
147 |
+ if ((rv = setppriv(PRIV_SET, PRIV_LIMIT, myprivs))) |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
148 |
+ return (rv); |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
149 |
+ if ((rv = setppriv(PRIV_SET, PRIV_INHERITABLE, myprivs))) |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
150 |
+ return (rv); |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
151 |
+ |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
152 |
+ (void) priv_freeset(myprivs); |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
153 |
+ } |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
154 |
+ return (0); |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
155 |
+} |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
156 |
+#endif /* SOLARIS */ |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
157 |
+ |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
158 |
+#ifndef HAVE_DAEMON |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
159 |
+static int |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
160 |
+daemon(int nochdir, int noclose) { |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
161 |
+ int rv, fd; |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
162 |
+ |
2391
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
163 |
+ if (!noclose) { |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
164 |
+ closelog(); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
165 |
+ closefrom(0); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
166 |
+ } |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
167 |
+ |
259
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
168 |
+ switch (fork()) { |
2391
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
169 |
+ case -1: /* failure: parent process */ |
259
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
170 |
+ return (-1); |
2391
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
171 |
+ case 0: /* success: child process */ |
259
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
172 |
+ break; |
2391
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
173 |
+ default: /* success: parent process */ |
259
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
174 |
+ exit (0); |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
175 |
+ } |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
176 |
+ |
2391
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
177 |
+ /* Create a new SID for the child process */ |
259
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
178 |
+ if (setsid() == -1) |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
179 |
+ return (-1); |
2391
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
180 |
+ /* Prevent cwd from being left open and unremovable */ |
259
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
181 |
+ if (!nochdir) |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
182 |
+ (void) chdir("/"); |
2391
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
183 |
+ (void) umask(0); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
184 |
+ /* Redirect stdin, stdout, and stderr to /dev/null */ |
259
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
185 |
+ if (!noclose && (fd = open("/dev/null", O_RDWR, 0)) != -1) { |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
186 |
+ (void) dup2(fd, STDIN_FILENO); |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
187 |
+ (void) dup2(fd, STDOUT_FILENO); |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
188 |
+ (void) dup2(fd, STDERR_FILENO); |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
189 |
+ if (fd > 2) |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
190 |
+ (void)close (fd); |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
191 |
+ } |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
192 |
+ return (0); |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
193 |
+} |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
194 |
+#endif /* !HAVE_DAEMON */ |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
195 |
+ |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
196 |
int |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
197 |
main(int argc, char **argv) |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
198 |
{ |
2391
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
199 |
- struct sockaddr_in serv_addr, client_addr; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
200 |
+ typedef union { |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
201 |
+ struct sockaddr_in in; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
202 |
+ struct sockaddr_un un; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
203 |
+ } sockaddr_un_in_t; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
204 |
+ sockaddr_un_in_t serv_addr, client_addr; |
259
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
205 |
+ int rv; |
2391
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
206 |
TSS_RESULT result; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
207 |
int sd, newsd, c, option_index = 0; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
208 |
- unsigned client_len; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
209 |
+ unsigned client_len, serv_len; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
210 |
char *hostname = NULL; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
211 |
struct passwd *pwd; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
212 |
struct hostent *client_hostent = NULL; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
213 |
@@ -245,26 +418,50 @@ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
214 |
if ((result = tcsd_startup())) |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
215 |
return (int)result; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
216 |
|
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
217 |
- sd = socket(AF_INET, SOCK_STREAM, 0); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
218 |
- if (sd < 0) { |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
219 |
- LogError("Failed socket: %s", strerror(errno)); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
220 |
- return -1; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
221 |
- } |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
222 |
+ if (tcsd_options.port == 0) { /* UNIX Domain socket */ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
223 |
+ /* Use UNIX Domain socket instead of TCP/IP socket */ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
224 |
+ sd = socket(AF_UNIX, SOCK_STREAM, 0); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
225 |
+ if (sd < 0) { |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
226 |
+ LogError("Failed socket: %s", strerror(errno)); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
227 |
+ return -1; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
228 |
+ } |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
229 |
+ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
230 |
+ memset(&serv_addr, 0, sizeof (serv_addr)); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
231 |
+ serv_addr.un.sun_family = AF_UNIX; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
232 |
+ strncpy(serv_addr.un.sun_path, TCSD_DEFAULT_SOCKET, |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
233 |
+ sizeof (serv_addr.un.sun_path)); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
234 |
+ (void) unlink(TCSD_DEFAULT_SOCKET); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
235 |
+ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
236 |
+ } else { /* TCP socket */ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
237 |
+ sd = socket(AF_INET, SOCK_STREAM, 0); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
238 |
+ if (sd < 0) { |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
239 |
+ LogError("Failed socket: %s", strerror(errno)); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
240 |
+ return -1; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
241 |
+ } |
259
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
242 |
|
2391
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
243 |
- memset(&serv_addr, 0, sizeof (serv_addr)); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
244 |
- serv_addr.sin_family = AF_INET; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
245 |
- serv_addr.sin_port = htons(tcsd_options.port); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
246 |
- |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
247 |
- /* If no remote_ops are defined, restrict connections to localhost |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
248 |
- * only at the socket. */ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
249 |
- if (tcsd_options.remote_ops[0] == 0) |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
250 |
- serv_addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
251 |
- else |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
252 |
- serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
253 |
- |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
254 |
- c = 1; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
255 |
- setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &c, sizeof(c)); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
256 |
- if (bind(sd, (struct sockaddr *) &serv_addr, sizeof (serv_addr)) < 0) { |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
257 |
+ memset(&serv_addr, 0, sizeof (serv_addr)); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
258 |
+ serv_addr.in.sin_family = AF_INET; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
259 |
+ serv_addr.in.sin_port = htons(tcsd_options.port); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
260 |
+ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
261 |
+ /* If no remote_ops are defined, restrict connections to localhost |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
262 |
+ * only at the socket. */ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
263 |
+ if (tcsd_options.remote_ops[0] == 0) |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
264 |
+ serv_addr.in.sin_addr.s_addr = htonl(INADDR_LOOPBACK); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
265 |
+ else |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
266 |
+ serv_addr.in.sin_addr.s_addr = htonl(INADDR_ANY); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
267 |
+ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
268 |
+ c = 1; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
269 |
+ setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &c, sizeof(c)); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
270 |
+ } |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
271 |
+ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
272 |
+ if (tcsd_options.port == 0) { /* UNIX Domain socket */ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
273 |
+ serv_len = (unsigned)sizeof(serv_addr.un); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
274 |
+ client_len = (unsigned)sizeof(client_addr.un); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
275 |
+ } else { /* TCP socket */ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
276 |
+ serv_len = (unsigned)sizeof(serv_addr.in); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
277 |
+ client_len = (unsigned)sizeof(client_addr.in); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
278 |
+ } |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
279 |
+ if (bind(sd, (struct sockaddr *) &serv_addr, serv_len) < 0) { |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
280 |
LogError("Failed bind: %s", strerror(errno)); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
281 |
return -1; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
282 |
} |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
283 |
@@ -285,7 +482,6 @@ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
284 |
LogError("Failed listen: %s", strerror(errno)); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
285 |
return -1; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
286 |
} |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
287 |
- client_len = (unsigned)sizeof(client_addr); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
288 |
|
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
289 |
if (getenv("TCSD_FOREGROUND") == NULL) { |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
290 |
if (daemon(0, 0) == -1) { |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
291 |
@@ -295,6 +491,12 @@ |
259
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
292 |
} |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
293 |
} |
2391
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
294 |
|
259
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
295 |
+#ifdef SOLARIS |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
296 |
+ /* For Solaris, drop privileges for security. */ |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
297 |
+ if ((rv = drop_privs())) |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
298 |
+ return (rv); |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
299 |
+#endif /* SOLARIS */ |
2391
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
300 |
+ |
259
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
301 |
LogInfo("%s: TCSD up and running.", PACKAGE_STRING); |
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
302 |
do { |
2391
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
303 |
newsd = accept(sd, (struct sockaddr *) &client_addr, &client_len); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
304 |
@@ -314,20 +516,22 @@ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
305 |
} |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
306 |
LogDebug("accepted socket %i", newsd); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
307 |
|
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
308 |
- if ((client_hostent = gethostbyaddr((char *) &client_addr.sin_addr, |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
309 |
- sizeof(client_addr.sin_addr), |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
310 |
+ if (tcsd_options.port != 0) { /* TCP socket */ |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
311 |
+ if ((client_hostent = gethostbyaddr((char *) &client_addr.in.sin_addr, |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
312 |
+ sizeof(client_addr.in.sin_addr), |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
313 |
AF_INET)) == NULL) { |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
314 |
- char buf[16]; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
315 |
- uint32_t addr = htonl(client_addr.sin_addr.s_addr); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
316 |
+ char buf[16]; |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
317 |
+ uint32_t addr = htonl(client_addr.in.sin_addr.s_addr); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
318 |
|
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
319 |
- snprintf(buf, 16, "%d.%d.%d.%d", (addr & 0xff000000) >> 24, |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
320 |
- (addr & 0x00ff0000) >> 16, (addr & 0x0000ff00) >> 8, |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
321 |
- addr & 0x000000ff); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
322 |
+ snprintf(buf, 16, "%d.%d.%d.%d", (addr & 0xff000000) >> 24, |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
323 |
+ (addr & 0x00ff0000) >> 16, (addr & 0x0000ff00) >> 8, |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
324 |
+ addr & 0x000000ff); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
325 |
|
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
326 |
- LogWarn("Host name for connecting IP %s could not be resolved", buf); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
327 |
- hostname = strdup(buf); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
328 |
- } else { |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
329 |
- hostname = strdup(client_hostent->h_name); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
330 |
+ LogWarn("Host name for connecting IP %s could not be resolved", buf); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
331 |
+ hostname = strdup(buf); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
332 |
+ } else { |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
333 |
+ hostname = strdup(client_hostent->h_name); |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
334 |
+ } |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
335 |
} |
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
336 |
|
811524a2620b
7123028 Problem with crypto/tss
Tsu-Phong Wu <Tsu-Phong.Wu@oracle.COM>
parents:
259
diff
changeset
|
337 |
tcsd_thread_create(newsd, hostname); |