diff -r e524216b0586 -r e2e604cdbd6a components/trousers/patches/svrside.c.patch --- a/components/trousers/patches/svrside.c.patch Tue Apr 17 13:35:22 2012 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,210 +0,0 @@ ---- src/tcsd/svrside.c Wed Jun 9 13:19:00 2010 -+++ src/tcsd/svrside.c.new Thu Dec 8 12:58:00 2011 -@@ -27,6 +27,14 @@ - #include - #include - #include -+#ifdef SOLARIS -+#include -+#include -+#endif -+#ifndef HAVE_DAEMON -+#include -+#endif -+ - #include "trousers/tss.h" - #include "trousers_types.h" - #include "tcs_tsp.h" -@@ -44,6 +52,11 @@ - static volatile int hup = 0, term = 0; - extern char *optarg; - -+#ifdef SOLARIS -+static int -+get_event_log_from_kernel(); -+#endif -+ - static void - tcsd_shutdown(void) - { -@@ -170,6 +183,10 @@ - (void)req_mgr_final(); - return result; - } -+#ifdef SOLARIS -+ /* Not fatal if this fails */ -+ (void) get_event_log_from_kernel(); -+#endif - - result = owner_evict_init(); - if (result != TSS_SUCCESS) { -@@ -208,6 +225,147 @@ - } - - -+#ifdef SOLARIS -+ -+extern int get_device_fd(); -+ -+#define TPM_IOCTL_GETEVTABLE 1 -+struct tpm_evtable_ioblk { -+ uint32_t buflen; -+ caddr_t buf; -+}; -+ -+static int -+store_eventlog(char *filename, struct tpm_evtable_ioblk *evlog) -+{ -+ int fd; -+ int bytes = 0; -+ -+ fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT, 0600); -+ if (fd == -1) { -+ LogError("Error opening logfile %s: %s", filename, -+ strerror(errno)); -+ return (-1); -+ } -+ while (bytes < evlog->buflen) { -+ int n; -+ n = write(fd, evlog->buf, evlog->buflen - bytes); -+ if (n == -1 && errno != EAGAIN) { -+ LogError("Error writing logfile %s: %s", -+ filename, strerror(errno)); -+ close(fd); -+ return (-1); -+ } -+ if (n != -1) -+ bytes += n; -+ } -+ close(fd); -+ -+ return (0); -+} -+ -+static int -+get_event_log_from_kernel() -+{ -+ int fd = get_device_fd(); -+ struct tpm_evtable_ioblk ioblk; -+ -+ if (fd == -1) -+ return (-1); -+ -+ (void) memset(&ioblk, 0, sizeof (ioblk)); -+ if (ioctl(fd, TPM_IOCTL_GETEVTABLE, &ioblk)) { -+ LogDebug("Cannot get event log from kernel: %s", -+ strerror(errno)); -+ return (-1); -+ } -+ if (ioblk.buflen == 0) -+ return (0); -+ -+ ioblk.buf = calloc(1, ioblk.buflen); -+ if (ioblk.buf == NULL) { -+ return (-1); -+ } -+ if (ioctl(fd, TPM_IOCTL_GETEVTABLE, &ioblk)) { -+ free(ioblk.buf); -+ LogDebug("Cannot get event log from kernel: %s", -+ strerror(errno)); -+ return (-1); -+ } -+ -+ return (store_eventlog(tcsd_options.firmware_log_file, &ioblk)); -+} -+/* -+ * For Solaris, make the tcsd privilege aware and drop -+ * risky privileges if they are not needed. -+ */ -+static int -+drop_privs() -+{ -+ priv_set_t *myprivs; -+ int rv; -+ -+ /* -+ * Drop unneeded privs such as fork/exec. -+ * -+ * Get "basic" privs and remove the ones we don't want. -+ */ -+ if ((myprivs = priv_str_to_set("basic", ",", NULL)) == NULL) { -+ LogError("priv_str_to_set failed: %s", strerror(errno)); -+ return (1); -+ } else { -+ (void) priv_delset(myprivs, PRIV_PROC_EXEC); -+ (void) priv_delset(myprivs, PRIV_PROC_FORK); -+ (void) priv_delset(myprivs, PRIV_FILE_LINK_ANY); -+ (void) priv_delset(myprivs, PRIV_PROC_INFO); -+ (void) priv_delset(myprivs, PRIV_PROC_SESSION); -+ (void) priv_delset(myprivs, PRIV_PROC_SETID); -+ -+ /* for auditing */ -+ (void) priv_addset(myprivs, PRIV_PROC_AUDIT); -+ -+ if ((rv = setppriv(PRIV_SET, PRIV_PERMITTED, myprivs))) -+ return (rv); -+ if ((rv = setppriv(PRIV_SET, PRIV_LIMIT, myprivs))) -+ return (rv); -+ if ((rv = setppriv(PRIV_SET, PRIV_INHERITABLE, myprivs))) -+ return (rv); -+ -+ (void) priv_freeset(myprivs); -+ } -+ return (0); -+} -+#endif /* SOLARIS */ -+ -+#ifndef HAVE_DAEMON -+static int -+daemon(int nochdir, int noclose) { -+ int rv, fd; -+ -+ switch (fork()) { -+ case -1: -+ return (-1); -+ case 0: -+ break; -+ default: -+ exit (0); -+ } -+ -+ if (setsid() == -1) -+ return (-1); -+ if (!nochdir) -+ (void) chdir("/"); -+ if (!noclose && (fd = open("/dev/null", O_RDWR, 0)) != -1) { -+ (void) dup2(fd, STDIN_FILENO); -+ (void) dup2(fd, STDOUT_FILENO); -+ (void) dup2(fd, STDERR_FILENO); -+ if (fd > 2) -+ (void)close (fd); -+ } -+ return (0); -+} -+#endif /* !HAVE_DAEMON */ -+ - int - main(int argc, char **argv) - { -@@ -223,6 +381,9 @@ - {"foreground", 0, NULL, 'f'}, - {0, 0, 0, 0} - }; -+#ifdef SOLARIS -+ int rv; -+#endif - - unsetenv("TCSD_USE_TCP_DEVICE"); - while ((c = getopt_long(argc, argv, "fhe", long_options, &option_index)) != -1) { -@@ -294,6 +455,11 @@ - return -1; - } - } -+#ifdef SOLARIS -+ /* For Solaris, drop privileges for security. */ -+ if ((rv = drop_privs())) -+ return (rv); -+#endif /* SOLARIS */ - - LogInfo("%s: TCSD up and running.", PACKAGE_STRING); - do {