--- a/components/trousers/patches/svrside.c.patch Tue Apr 17 13:35:22 2012 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,210 +0,0 @@
---- src/tcsd/svrside.c Wed Jun 9 13:19:00 2010
-+++ src/tcsd/svrside.c.new Thu Dec 8 12:58:00 2011
-@@ -27,6 +27,14 @@
- #include <arpa/inet.h>
- #include <errno.h>
- #include <getopt.h>
-+#ifdef SOLARIS
-+#include <priv.h>
-+#include <fcntl.h>
-+#endif
-+#ifndef HAVE_DAEMON
-+#include <fcntl.h>
-+#endif
-+
- #include "trousers/tss.h"
- #include "trousers_types.h"
- #include "tcs_tsp.h"
-@@ -44,6 +52,11 @@
- static volatile int hup = 0, term = 0;
- extern char *optarg;
-
-+#ifdef SOLARIS
-+static int
-+get_event_log_from_kernel();
-+#endif
-+
- static void
- tcsd_shutdown(void)
- {
-@@ -170,6 +183,10 @@
- (void)req_mgr_final();
- return result;
- }
-+#ifdef SOLARIS
-+ /* Not fatal if this fails */
-+ (void) get_event_log_from_kernel();
-+#endif
-
- result = owner_evict_init();
- if (result != TSS_SUCCESS) {
-@@ -208,6 +225,147 @@
- }
-
-
-+#ifdef SOLARIS
-+
-+extern int get_device_fd();
-+
-+#define TPM_IOCTL_GETEVTABLE 1
-+struct tpm_evtable_ioblk {
-+ uint32_t buflen;
-+ caddr_t buf;
-+};
-+
-+static int
-+store_eventlog(char *filename, struct tpm_evtable_ioblk *evlog)
-+{
-+ int fd;
-+ int bytes = 0;
-+
-+ fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT, 0600);
-+ if (fd == -1) {
-+ LogError("Error opening logfile %s: %s", filename,
-+ strerror(errno));
-+ return (-1);
-+ }
-+ while (bytes < evlog->buflen) {
-+ int n;
-+ n = write(fd, evlog->buf, evlog->buflen - bytes);
-+ if (n == -1 && errno != EAGAIN) {
-+ LogError("Error writing logfile %s: %s",
-+ filename, strerror(errno));
-+ close(fd);
-+ return (-1);
-+ }
-+ if (n != -1)
-+ bytes += n;
-+ }
-+ close(fd);
-+
-+ return (0);
-+}
-+
-+static int
-+get_event_log_from_kernel()
-+{
-+ int fd = get_device_fd();
-+ struct tpm_evtable_ioblk ioblk;
-+
-+ if (fd == -1)
-+ return (-1);
-+
-+ (void) memset(&ioblk, 0, sizeof (ioblk));
-+ if (ioctl(fd, TPM_IOCTL_GETEVTABLE, &ioblk)) {
-+ LogDebug("Cannot get event log from kernel: %s",
-+ strerror(errno));
-+ return (-1);
-+ }
-+ if (ioblk.buflen == 0)
-+ return (0);
-+
-+ ioblk.buf = calloc(1, ioblk.buflen);
-+ if (ioblk.buf == NULL) {
-+ return (-1);
-+ }
-+ if (ioctl(fd, TPM_IOCTL_GETEVTABLE, &ioblk)) {
-+ free(ioblk.buf);
-+ LogDebug("Cannot get event log from kernel: %s",
-+ strerror(errno));
-+ return (-1);
-+ }
-+
-+ return (store_eventlog(tcsd_options.firmware_log_file, &ioblk));
-+}
-+/*
-+ * For Solaris, make the tcsd privilege aware and drop
-+ * risky privileges if they are not needed.
-+ */
-+static int
-+drop_privs()
-+{
-+ priv_set_t *myprivs;
-+ int rv;
-+
-+ /*
-+ * Drop unneeded privs such as fork/exec.
-+ *
-+ * Get "basic" privs and remove the ones we don't want.
-+ */
-+ if ((myprivs = priv_str_to_set("basic", ",", NULL)) == NULL) {
-+ LogError("priv_str_to_set failed: %s", strerror(errno));
-+ return (1);
-+ } else {
-+ (void) priv_delset(myprivs, PRIV_PROC_EXEC);
-+ (void) priv_delset(myprivs, PRIV_PROC_FORK);
-+ (void) priv_delset(myprivs, PRIV_FILE_LINK_ANY);
-+ (void) priv_delset(myprivs, PRIV_PROC_INFO);
-+ (void) priv_delset(myprivs, PRIV_PROC_SESSION);
-+ (void) priv_delset(myprivs, PRIV_PROC_SETID);
-+
-+ /* for auditing */
-+ (void) priv_addset(myprivs, PRIV_PROC_AUDIT);
-+
-+ if ((rv = setppriv(PRIV_SET, PRIV_PERMITTED, myprivs)))
-+ return (rv);
-+ if ((rv = setppriv(PRIV_SET, PRIV_LIMIT, myprivs)))
-+ return (rv);
-+ if ((rv = setppriv(PRIV_SET, PRIV_INHERITABLE, myprivs)))
-+ return (rv);
-+
-+ (void) priv_freeset(myprivs);
-+ }
-+ return (0);
-+}
-+#endif /* SOLARIS */
-+
-+#ifndef HAVE_DAEMON
-+static int
-+daemon(int nochdir, int noclose) {
-+ int rv, fd;
-+
-+ switch (fork()) {
-+ case -1:
-+ return (-1);
-+ case 0:
-+ break;
-+ default:
-+ exit (0);
-+ }
-+
-+ if (setsid() == -1)
-+ return (-1);
-+ if (!nochdir)
-+ (void) chdir("/");
-+ if (!noclose && (fd = open("/dev/null", O_RDWR, 0)) != -1) {
-+ (void) dup2(fd, STDIN_FILENO);
-+ (void) dup2(fd, STDOUT_FILENO);
-+ (void) dup2(fd, STDERR_FILENO);
-+ if (fd > 2)
-+ (void)close (fd);
-+ }
-+ return (0);
-+}
-+#endif /* !HAVE_DAEMON */
-+
- int
- main(int argc, char **argv)
- {
-@@ -223,6 +381,9 @@
- {"foreground", 0, NULL, 'f'},
- {0, 0, 0, 0}
- };
-+#ifdef SOLARIS
-+ int rv;
-+#endif
-
- unsetenv("TCSD_USE_TCP_DEVICE");
- while ((c = getopt_long(argc, argv, "fhe", long_options, &option_index)) != -1) {
-@@ -294,6 +455,11 @@
- return -1;
- }
- }
-+#ifdef SOLARIS
-+ /* For Solaris, drop privileges for security. */
-+ if ((rv = drop_privs()))
-+ return (rv);
-+#endif /* SOLARIS */
-
- LogInfo("%s: TCSD up and running.", PACKAGE_STRING);
- do {