| author | Alan Coopersmith <Alan.Coopersmith@Oracle.COM> |
| Sun, 26 Mar 2017 13:26:42 -0700 | |
| changeset 7803 | bab5480f2396 |
| parent 5941 | db8aa9865e9f |
| permissions | -rw-r--r-- |
|
5941
db8aa9865e9f
15776792 Upgrade TrouSerS TPM library to 0.3.13
Dan Anderson <dan.anderson@oracle.com>
parents:
777
diff
changeset
|
1 |
# Add Solaris-specific code to verify the socket peer credential when |
|
db8aa9865e9f
15776792 Upgrade TrouSerS TPM library to 0.3.13
Dan Anderson <dan.anderson@oracle.com>
parents:
777
diff
changeset
|
2 |
# a key is registered. |
|
db8aa9865e9f
15776792 Upgrade TrouSerS TPM library to 0.3.13
Dan Anderson <dan.anderson@oracle.com>
parents:
777
diff
changeset
|
3 |
# This change was developed in-house and is not suitable for upstream use. |
|
db8aa9865e9f
15776792 Upgrade TrouSerS TPM library to 0.3.13
Dan Anderson <dan.anderson@oracle.com>
parents:
777
diff
changeset
|
4 |
# |
|
db8aa9865e9f
15776792 Upgrade TrouSerS TPM library to 0.3.13
Dan Anderson <dan.anderson@oracle.com>
parents:
777
diff
changeset
|
5 |
--- src/tcs/rpc/tcstp/rpc_ps.c 2014-04-24 11:05:44.000000000 -0700 |
|
db8aa9865e9f
15776792 Upgrade TrouSerS TPM library to 0.3.13
Dan Anderson <dan.anderson@oracle.com>
parents:
777
diff
changeset
|
6 |
+++ src/tcs/rpc/tcstp/rpc_ps.c 2016-04-18 13:55:57.830151412 -0700 |
|
259
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
7 |
@@ -26,6 +26,29 @@ |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
8 |
#include "tcs_utils.h" |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
9 |
#include "rpc_tcstp_tcs.h" |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
10 |
|
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
11 |
+#ifdef SOLARIS |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
12 |
+#include <ucred.h> |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
13 |
+#include <errno.h> |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
14 |
+ |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
15 |
+static TSS_RESULT |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
16 |
+verify_peer(struct tcsd_thread_data *data) |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
17 |
+{
|
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
18 |
+ ucred_t *uc = NULL; |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
19 |
+ if (getpeerucred(data->sock, &uc)) {
|
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
20 |
+ LogError("Failed to get peer credential (%s)",
|
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
21 |
+ strerror(errno)); |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
22 |
+ return TCSERR(TSS_E_TSP_AUTHFAIL); |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
23 |
+ } |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
24 |
+ if (ucred_geteuid(uc) != 0) {
|
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
25 |
+ LogError("Unauthorized attempt to modify a system key",
|
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
26 |
+ strerror(errno)); |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
27 |
+ ucred_free(uc); |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
28 |
+ return TCSERR(TSS_E_TSP_AUTHFAIL); |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
29 |
+ } |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
30 |
+ ucred_free(uc); |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
31 |
+ return (TSS_SUCCESS); |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
32 |
+} |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
33 |
+#endif |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
34 |
|
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
35 |
TSS_RESULT |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
36 |
tcs_wrap_RegisterKey(struct tcsd_thread_data *data) |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
37 |
@@ -38,6 +61,10 @@ |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
38 |
UINT32 cVendorData; |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
39 |
BYTE *gbVendorData; |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
40 |
TSS_RESULT result; |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
41 |
+#ifdef SOLARIS |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
42 |
+ if ( (result = verify_peer(data)) != TSS_SUCCESS) |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
43 |
+ return (result); |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
44 |
+#endif |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
45 |
|
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
46 |
if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
47 |
return TCSERR(TSS_E_INTERNAL_ERROR); |
|
5941
db8aa9865e9f
15776792 Upgrade TrouSerS TPM library to 0.3.13
Dan Anderson <dan.anderson@oracle.com>
parents:
777
diff
changeset
|
48 |
@@ -102,6 +129,10 @@ |
|
259
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
49 |
TCS_CONTEXT_HANDLE hContext; |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
50 |
TSS_UUID uuid; |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
51 |
TSS_RESULT result; |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
52 |
+#ifdef SOLARIS |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
53 |
+ if ( (result = verify_peer(data)) != TSS_SUCCESS) |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
54 |
+ return (result); |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
55 |
+#endif |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
56 |
|
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
57 |
if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) |
|
520697a05dde
7045320 Move trousers from SFW to Userland
Wyllys Ingersoll <Wyllys.Ingersoll@Oracle.COM>
parents:
diff
changeset
|
58 |
return TCSERR(TSS_E_INTERNAL_ERROR); |