# HG changeset patch # User Wyllys Ingersoll # Date 1306187905 25200 # Node ID 520697a05ddee61a9a8d1b834ab9fc3127a14b24 # Parent 2bbb3ea903a8a5f73ec71e2445f03d99ac5efe97 7045320 Move trousers from SFW to Userland diff -r 2bbb3ea903a8 -r 520697a05dde components/meta-packages/history/SUNWtrousers.p5m --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/meta-packages/history/SUNWtrousers.p5m Mon May 23 14:58:25 2011 -0700 @@ -0,0 +1,30 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. +# +# Legacy package information for renamed SUNWtss/SUNWtss-root package +# +set name=pkg.fmri value=pkg:/SUNWtss@0.3.2,5.11-0.133 +set name=pkg.renamed value=true + +set name=org.opensolaris.consolidation value=$(CONSOLIDATION) + +depend fmri=library/security/trousers@0.3.2-0.133 type=require diff -r 2bbb3ea903a8 -r 520697a05dde components/trousers/Makefile --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/trousers/Makefile Mon May 23 14:58:25 2011 -0700 @@ -0,0 +1,89 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. +# + +include ../../make-rules/shared-macros.mk + +COMPONENT_NAME= trousers +COMPONENT_VERSION= 0.3.6 +COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION) +COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz +COMPONENT_PROJECT_URL= http://sourceforge.net/projects/trousers/files/trousers +COMPONENT_ARCHIVE_HASH= sha1:1bb65fe1a031f9606d871562ead35fa5909ae584 +COMPONENT_ARCHIVE_URL= $(COMPONENT_PROJECT_URL)/$(COMPONENT_VERSION)/$(COMPONENT_ARCHIVE) + +include ../../make-rules/prep.mk +include ../../make-rules/configure.mk +include ../../make-rules/ips.mk +include ../../make-rules/lint-libraries.mk + +PATCH_LEVEL=0 + +LIBS=-lnsl -lsocket -lgen + +CONFIGURE_OPTIONS += --with-gui=openssl +CONFIGURE_OPTIONS += CC="$(CC)" +CONFIGURE_OPTIONS += LD="$(CC)" +CONFIGURE_OPTIONS += CFLAGS="$(CFLAGS)" +CONFIGURE_OPTIONS += LDFLAGS="$(LDFLAGS)" +CONFIGURE_OPTIONS += LIBS="$(LIBS)" + +COMPONENT_POST_CONFIGURE_ACTION = (cd $(COMPONENT_SRC); \ + for f in `ls src/include/tss/*.h` ; do \ + /usr/bin/dos2unix $$f $$f; \ + done; \ + for f in `ls src/include/trousers/*.h` ; do \ + /usr/bin/dos2unix $$f $$f; \ + done; \ + for f in `ls src/include/*.h` ; do \ + /usr/bin/dos2unix $$f $$f; \ + done; \ + /usr/bin/libtoolize -f; \ + $(ACLOCAL); \ + $(AUTOMAKE) src/tspi/Makefile; \ + $(AUTOCONF)) + +# +# We had to use cc as the linker (see CONFIGURE_OPTIONS above) so the +# .init and .fini sections get set correctly. Because we use cc, we +# must pass the -m64 flag through cc to the linker when building 64 bit +# libraries. We can't just add it to LDFLAGS because then it gets used +# when creating executables and static libs and generates lots of noise +# in the build logs. LDARCHFLAG is only recognized by the Makefile in +# the src/tspi directory. +# +COMPONENT_BUILD_ENV.64 += LDARCHFLAG="-Wl,$(CC_BITS)" + +COMPONENT_TEST_TARGETS = + +COMPONENT_BUILD_TARGETS = all + +# common targets +build: $(BUILD_32_and_64) + +install: $(INSTALL_32_and_64) + +test: $(NO_TESTS) + +BUILD_PKG_DEPENDENCIES = $(BUILD_TOOLS) + +include ../../make-rules/depend.mk diff -r 2bbb3ea903a8 -r 520697a05dde components/trousers/auth_attr --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/trousers/auth_attr Mon May 23 14:58:25 2011 -0700 @@ -0,0 +1,2 @@ +solaris.smf.value.tcsd:::Change TPM Administation value properties:: +solaris.smf.manage.tcsd:::Manage TPM Administration service states:: diff -r 2bbb3ea903a8 -r 520697a05dde components/trousers/llib-ltspi --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/trousers/llib-ltspi Mon May 23 14:58:25 2011 -0700 @@ -0,0 +1,54 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + * + * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. + */ + +/* LINTLIBRARY */ +/* PROTOLIB1 */ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include diff -r 2bbb3ea903a8 -r 520697a05dde components/trousers/patches/Makefile.in.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/trousers/patches/Makefile.in.patch Mon May 23 14:58:25 2011 -0700 @@ -0,0 +1,30 @@ +--- src/tcsd/Makefile.in.old Thu Jan 28 13:56:46 2010 ++++ src/tcsd/Makefile.in Wed Mar 3 16:35:23 2010 +@@ -47,7 +47,7 @@ + mkinstalldirs = $(install_sh) -d + CONFIG_CLEAN_FILES = + CONFIG_CLEAN_VPATH_FILES = +-am__installdirs = "$(DESTDIR)$(sbindir)" ++am__installdirs = "$(DESTDIR)$(libdir)" + PROGRAMS = $(sbin_PROGRAMS) + am_tcsd_OBJECTS = tcsd-svrside.$(OBJEXT) tcsd-tcsd_conf.$(OBJEXT) \ + tcsd-tcsd_threads.$(OBJEXT) tcsd-platform.$(OBJEXT) +@@ -185,7 +185,7 @@ + prefix = @prefix@ + program_transform_name = @program_transform_name@ + psdir = @psdir@ +-sbindir = @sbindir@ ++sbindir = @libdir@ + sharedstatedir = @sharedstatedir@ + srcdir = @srcdir@ + sysconfdir = @sysconfdir@ +@@ -200,7 +200,8 @@ + tcsd_CFLAGS = -DAPPID=\"TCSD\" -DVAR_PREFIX=\"@localstatedir@\" \ + -DETC_PREFIX=\"@sysconfdir@\" -I${top_srcdir}/src/include \ + $(am__append_1) $(am__append_2) +-tcsd_LDADD = ${top_builddir}/src/tcs/libtcs.a ${top_builddir}/src/tddl/libtddl.a -lpthread @CRYPTOLIB@ ++tcsd_LDADD = ${top_builddir}/src/tcs/libtcs.a ${top_builddir}/src/tddl/libtddl.a \ ++ -lpthread -lbsm -lscf -lresolv @CRYPTOLIB@ + tcsd_SOURCES = svrside.c tcsd_conf.c tcsd_threads.c platform.c + all: all-am + diff -r 2bbb3ea903a8 -r 520697a05dde components/trousers/patches/configure.in.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/trousers/patches/configure.in.patch Mon May 23 14:58:25 2011 -0700 @@ -0,0 +1,10 @@ +--- configure.in.orig Thu Jan 28 13:56:20 2010 ++++ configure.in Wed Mar 3 16:40:12 2010 +@@ -351,6 +351,7 @@ + + AC_C_BIGENDIAN([AC_DEFINE(_BIG_ENDIAN, 1, [big-endian host])]) + AC_CHECK_DECL(htole32, [AC_DEFINE(HTOLE_DEFINED, 1, [htole32 function is available])]) ++AC_CHECK_HEADER(endian.h, [AC_DEFINE(HAVE_ENDIAN_H, 1, [endian.h header])]) + AC_CHECK_HEADER(sys/byteorder.h, [AC_DEFINE(HAVE_BYTEORDER_H, 1, [sys/byteorder.h header])]) + AC_CHECK_FUNC(daemon, [ AC_DEFINE(HAVE_DAEMON, 1, [daemon function is available]) ]) + diff -r 2bbb3ea903a8 -r 520697a05dde components/trousers/patches/dist_Makefile.in.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/trousers/patches/dist_Makefile.in.patch Mon May 23 14:58:25 2011 -0700 @@ -0,0 +1,22 @@ +--- dist/Makefile.in.old 2010-07-08 13:35:29.000000000 -0700 ++++ dist/Makefile.in 2011-05-19 11:42:08.747116771 -0700 +@@ -364,19 +364,13 @@ + + install: install-exec-hook + if test ! -e ${DESTDIR}/@sysconfdir@/tcsd.conf; then mkdir -p ${DESTDIR}/@sysconfdir@ && cp tcsd.conf ${DESTDIR}/@sysconfdir@; fi +- /bin/chown tss:tss ${DESTDIR}/@sysconfdir@/tcsd.conf || true + /bin/chmod 0600 ${DESTDIR}/@sysconfdir@/tcsd.conf + + install-exec-hook: +- /usr/sbin/groupadd tss || true +- /usr/sbin/useradd -r tss -g tss || true + /bin/sh -c 'if [ ! -e ${DESTDIR}/@localstatedir@/lib/tpm ];then mkdir -p ${DESTDIR}/@localstatedir@/lib/tpm; fi' +- /bin/chown tss:tss ${DESTDIR}/@localstatedir@/lib/tpm || true + /bin/chmod 0700 ${DESTDIR}/@localstatedir@/lib/tpm + + uninstall-hook: +- /usr/sbin/userdel tss || true +- /usr/sbin/groupdel tss || true + + # Tell versions [3.59,3.63) of GNU make to not export all variables. + # Otherwise a system limit (for SysV at least) may be exceeded. diff -r 2bbb3ea903a8 -r 520697a05dde components/trousers/patches/hash.c.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/trousers/patches/hash.c.patch Mon May 23 14:58:25 2011 -0700 @@ -0,0 +1,87 @@ +--- src/trspi/crypto/openssl/hash.c.old 2011-05-09 06:20:09.505021734 -0700 ++++ src/trspi/crypto/openssl/hash.c 2011-05-09 06:19:04.603252090 -0700 +@@ -56,45 +56,21 @@ + TSS_RESULT + Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest) + { +- EVP_MD_CTX md_ctx; +- unsigned int result_size; +- int rv; ++ Trspi_HashCtx ctx; ++ TSS_RESULT rv; + +- switch (HashType) { +- case TSS_HASH_SHA1: +- rv = EVP_DigestInit(&md_ctx, EVP_sha1()); +- break; +- default: +- rv = TSPERR(TSS_E_BAD_PARAMETER); +- goto out; +- break; +- } ++ rv = Trspi_HashInit(&ctx, HashType); ++ if (rv != TSS_SUCCESS) ++ return rv; + +- if (rv != EVP_SUCCESS) { +- rv = TSPERR(TSS_E_INTERNAL_ERROR); +- goto err; +- } +- +- rv = EVP_DigestUpdate(&md_ctx, Buf, BufSize); +- if (rv != EVP_SUCCESS) { +- rv = TSPERR(TSS_E_INTERNAL_ERROR); +- goto err; ++ rv = Trspi_HashUpdate(&ctx, BufSize, Buf); ++ if (rv != TSS_SUCCESS) { ++ EVP_MD_CTX_destroy(ctx.ctx); ++ return rv; + } ++ rv = Trspi_HashFinal(&ctx, Digest); + +- result_size = EVP_MD_CTX_size(&md_ctx); +- rv = EVP_DigestFinal(&md_ctx, Digest, &result_size); +- if (rv != EVP_SUCCESS) { +- rv = TSPERR(TSS_E_INTERNAL_ERROR); +- goto err; +- } else +- rv = TSS_SUCCESS; +- +- goto out; +- +-err: +- DEBUG_print_openssl_errors(); +-out: +- return rv; ++ return (rv); + } + + TSS_RESULT +@@ -112,7 +88,8 @@ + break; + } + +- if ((ctx->ctx = malloc(sizeof(EVP_MD_CTX))) == NULL) ++ ctx->ctx = EVP_MD_CTX_create(); ++ if (ctx->ctx == NULL) + return TSPERR(TSS_E_OUTOFMEMORY); + + rv = EVP_DigestInit((EVP_MD_CTX *)ctx->ctx, (const EVP_MD *)md); +@@ -142,7 +119,7 @@ + rv = EVP_DigestUpdate(ctx->ctx, data, size); + if (rv != EVP_SUCCESS) { + DEBUG_print_openssl_errors(); +- free(ctx->ctx); ++ EVP_MD_CTX_destroy(ctx->ctx); + ctx->ctx = NULL; + return TSPERR(TSS_E_INTERNAL_ERROR); + } +@@ -164,7 +141,7 @@ + if (rv != EVP_SUCCESS) + return TSPERR(TSS_E_INTERNAL_ERROR); + +- free(ctx->ctx); ++ EVP_MD_CTX_destroy(ctx->ctx); + ctx->ctx = NULL; + + return TSS_SUCCESS; diff -r 2bbb3ea903a8 -r 520697a05dde components/trousers/patches/hosttable.c.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/trousers/patches/hosttable.c.patch Mon May 23 14:58:25 2011 -0700 @@ -0,0 +1,53 @@ +--- src/tspi/rpc/hosttable.c.old Thu Jan 28 13:27:59 2010 ++++ src/tspi/rpc/hosttable.c Thu Aug 5 14:24:00 2010 +@@ -22,7 +22,7 @@ + struct host_table *ht = NULL; + + TSS_RESULT +-host_table_init() ++static host_table_init() + { + ht = calloc(1, sizeof(struct host_table)); + if (ht == NULL) { +@@ -36,8 +36,7 @@ + } + + #ifdef SOLARIS +-#pragma init(_init) +-void _init(void) ++static void my_init(void) + #else + void __attribute__ ((constructor)) my_init(void) + #endif +@@ -46,7 +45,7 @@ + __tspi_obj_list_init(); + } + +-void ++static void + host_table_final() + { + struct host_table_entry *hte, *next = NULL; +@@ -70,8 +69,7 @@ + } + + #ifdef SOLARIS +-#pragma fini(_fini) +-void _fini(void) ++static void my_fini(void) + #else + void __attribute__ ((destructor)) my_fini(void) + #endif +@@ -79,6 +77,11 @@ + host_table_final(); + } + ++#ifdef SOLARIS ++#pragma init(my_init) ++#pragma fini(my_fini) ++#endif ++ + TSS_RESULT + __tspi_add_table_entry(TSS_HCONTEXT tspContext, BYTE *host, int type, struct host_table_entry **ret) + { + diff -r 2bbb3ea903a8 -r 520697a05dde components/trousers/patches/rpc_ps.c.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/trousers/patches/rpc_ps.c.patch Mon May 23 14:58:25 2011 -0700 @@ -0,0 +1,54 @@ +--- src/tcs/rpc/tcstp/rpc_ps.c.orig 2011-03-23 11:01:54.707428173 -0700 ++++ src/tcs/rpc/tcstp/rpc_ps.c 2011-03-23 11:27:00.753845441 -0700 +@@ -26,6 +26,29 @@ + #include "tcs_utils.h" + #include "rpc_tcstp_tcs.h" + ++#ifdef SOLARIS ++#include ++#include ++ ++static TSS_RESULT ++verify_peer(struct tcsd_thread_data *data) ++{ ++ ucred_t *uc = NULL; ++ if (getpeerucred(data->sock, &uc)) { ++ LogError("Failed to get peer credential (%s)", ++ strerror(errno)); ++ return TCSERR(TSS_E_TSP_AUTHFAIL); ++ } ++ if (ucred_geteuid(uc) != 0) { ++ LogError("Unauthorized attempt to modify a system key", ++ strerror(errno)); ++ ucred_free(uc); ++ return TCSERR(TSS_E_TSP_AUTHFAIL); ++ } ++ ucred_free(uc); ++ return (TSS_SUCCESS); ++} ++#endif + + TSS_RESULT + tcs_wrap_RegisterKey(struct tcsd_thread_data *data) +@@ -38,6 +61,10 @@ + UINT32 cVendorData; + BYTE *gbVendorData; + TSS_RESULT result; ++#ifdef SOLARIS ++ if ( (result = verify_peer(data)) != TSS_SUCCESS) ++ return (result); ++#endif + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); +@@ -99,6 +126,10 @@ + TCS_CONTEXT_HANDLE hContext; + TSS_UUID uuid; + TSS_RESULT result; ++#ifdef SOLARIS ++ if ( (result = verify_peer(data)) != TSS_SUCCESS) ++ return (result); ++#endif + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); diff -r 2bbb3ea903a8 -r 520697a05dde components/trousers/patches/svrside.c.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/trousers/patches/svrside.c.patch Mon May 23 14:58:25 2011 -0700 @@ -0,0 +1,118 @@ +--- src/tcsd/svrside.c.orig Thu Jan 21 15:18:55 2010 ++++ src/tcsd/svrside.c Thu Jan 28 17:37:07 2010 +@@ -27,6 +27,13 @@ + #include + #include + #include ++#ifdef SOLARIS ++#include ++#endif ++#ifndef HAVE_DAEMON ++#include ++#endif ++ + #include "trousers/tss.h" + #include "trousers_types.h" + #include "tcs_tsp.h" +@@ -207,6 +214,79 @@ + } + + ++#ifdef SOLARIS ++ ++/* ++ * For Solaris, make the tcsd privilege aware and drop ++ * risky privileges if they are not needed. ++ */ ++static int ++drop_privs() ++{ ++ priv_set_t *myprivs; ++ int rv; ++ ++ /* ++ * Drop unneeded privs such as fork/exec. ++ * ++ * Get "basic" privs and remove the ones we don't want. ++ */ ++ if ((myprivs = priv_str_to_set("basic", ",", NULL)) == NULL) { ++ LogError("priv_str_to_set failed: %s", strerror(errno)); ++ return (1); ++ } else { ++ (void) priv_delset(myprivs, PRIV_PROC_EXEC); ++ (void) priv_delset(myprivs, PRIV_PROC_FORK); ++ (void) priv_delset(myprivs, PRIV_FILE_LINK_ANY); ++ (void) priv_delset(myprivs, PRIV_PROC_INFO); ++ (void) priv_delset(myprivs, PRIV_PROC_SESSION); ++ (void) priv_delset(myprivs, PRIV_PROC_SETID); ++ ++ /* for auditing */ ++ (void) priv_addset(myprivs, PRIV_PROC_AUDIT); ++ ++ if ((rv = setppriv(PRIV_SET, PRIV_PERMITTED, myprivs))) ++ return (rv); ++ if ((rv = setppriv(PRIV_SET, PRIV_LIMIT, myprivs))) ++ return (rv); ++ if ((rv = setppriv(PRIV_SET, PRIV_INHERITABLE, myprivs))) ++ return (rv); ++ ++ (void) priv_freeset(myprivs); ++ } ++ return (0); ++} ++#endif /* SOLARIS */ ++ ++#ifndef HAVE_DAEMON ++static int ++daemon(int nochdir, int noclose) { ++ int rv, fd; ++ ++ switch (fork()) { ++ case -1: ++ return (-1); ++ case 0: ++ break; ++ default: ++ exit (0); ++ } ++ ++ if (setsid() == -1) ++ return (-1); ++ if (!nochdir) ++ (void) chdir("/"); ++ if (!noclose && (fd = open("/dev/null", O_RDWR, 0)) != -1) { ++ (void) dup2(fd, STDIN_FILENO); ++ (void) dup2(fd, STDOUT_FILENO); ++ (void) dup2(fd, STDERR_FILENO); ++ if (fd > 2) ++ (void)close (fd); ++ } ++ return (0); ++} ++#endif /* !HAVE_DAEMON */ ++ + int + main(int argc, char **argv) + { +@@ -222,6 +302,9 @@ + {"foreground", 0, NULL, 'f'}, + {0, 0, 0, 0} + }; ++#ifdef SOLARIS ++ int rv; ++#endif + + while ((c = getopt_long(argc, argv, "fh", long_options, &option_index)) != -1) { + switch (c) { +@@ -287,6 +372,11 @@ + return -1; + } + } ++#ifdef SOLARIS ++ /* For Solaris, drop privileges for security. */ ++ if ((rv = drop_privs())) ++ return (rv); ++#endif /* SOLARIS */ + + LogInfo("%s: TCSD up and running.", PACKAGE_STRING); + do { diff -r 2bbb3ea903a8 -r 520697a05dde components/trousers/patches/tcsd.8.in.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/trousers/patches/tcsd.8.in.patch Mon May 23 14:58:25 2011 -0700 @@ -0,0 +1,76 @@ +--- man/man8/tcsd.8.in 2009-09-08 07:39:30.000000000 -0700 ++++ man/man8/tcsd.8.in.new 2010-09-16 08:13:25.613336616 -0700 +@@ -74,12 +74,32 @@ + the TCS and stays valid across application lifetimes, \fBtcsd\fR restarts and + system resets. Data registered in system PS stays valid until an application + requests that it be removed. User PS files are by default stored as +-/var/tpm/user.{pid} and the system PS file by default is /var/tpm/system.data. +-The system PS file is initially created when ownership of the TPM is first +-taken. ++/var/user/$USERNAME/tpm/userps/user.data and the system PS file by default is ++/var/tpm/system/system.data. The system PS file is initially created when ++ownership of the TPM is first taken. ++.PP ++\fB/var/tpm/system/system.data\fR ++.ad ++.RS 4n ++Contains the system PS (persistent storage) data controlled by the TCS. By default, ++the SRK key is installed in PS and does not require owner authorization to use. If the ++TPM has previously been provisioned and owner-auth is required to load the SRK, ++then the /var/tpm/system/system.data.auth file should be moved to ++/var/tpm/system/system.data before starting the TCS (See NOTES). ++.RE ++.sp ++.PP ++\fB/var/tpm/system/system.data.auth\fR ++.ad ++.RS 4n ++This is the default PS data file to use if the TPM has been previously ++configured to require owner-auth to access the SRK. Copy this file ++to /var/tpm/system/system.data prior to starting the TCS if owner-auth is ++needed, otherwise this file can be ignored. ++.RE + + .SH "CONFIGURATION" +-\fBtcsd\fR configuration is stored by default in /etc/tcsd.conf ++\fBtcsd\fR configuration is stored by default in /etc/security/tcsd.conf + + .SH "DEBUG OUTPUT" + If TrouSerS has been compiled with debugging enabled, the debugging output +@@ -88,8 +108,9 @@ + .SH "DEVICE DRIVERS" + .PP + \fBtcsd\fR is compatible with the IBM Research TPM device driver available +-from http://www.research.ibm.com/gsal/tcpa and the TPM device driver available +-from http://sf.net/projects/tmpdd ++from http://www.research.ibm.com/gsal/tcpa and the TPM device driver for ++Linux available from http://sf.net/projects/tmpdd. It is also compatible ++with the TPM device driver for Solaris which is available in the driver/crypto/tpm package. + + .SH "CONFORMING TO" + .PP +@@ -98,7 +119,23 @@ + + .SH "SEE ALSO" + .PP +-\fBtcsd.conf\fR(5) ++\fBtcsd.conf\fR(5), \fBsvcadm\fR(1M), \fBsmf\fR(5) ++ ++.SH "NOTES" ++.sp ++.LP ++The \fBtcsd\fR service is managed by the service management facility, \fBsmf\fR(5), under ++the service identifier: ++.sp ++.in +2 ++.nf ++svc:/application/security/tcsd:default ++.fi ++.in -2 ++.sp ++.LP ++Administrative actions on this service, such as enabling, disabling, or requesting restart, can be ++performed using \fBsvcadm\fR(1M). The service's status can be queried using the \fBsvcs\fR(1) command. + + .SH "AUTHOR" + Kent Yoder diff -r 2bbb3ea903a8 -r 520697a05dde components/trousers/patches/tcsd.conf.in.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/trousers/patches/tcsd.conf.in.patch Mon May 23 14:58:25 2011 -0700 @@ -0,0 +1,11 @@ +--- dist/tcsd.conf.in.old Thu Apr 7 07:53:52 2011 ++++ dist/tcsd.conf.in Thu Apr 7 07:55:18 2011 +@@ -54,7 +54,7 @@ + # Description: A list of PCR indices that are manipulated only by the system + # firmware and therefore are not extended or logged by the TCSD. + # +-# firmware_pcrs = ++firmware_pcrs =0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 + # + + # Option: kernel_pcrs diff -r 2bbb3ea903a8 -r 520697a05dde components/trousers/patches/tcsd.h.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/trousers/patches/tcsd.h.patch Mon May 23 14:58:25 2011 -0700 @@ -0,0 +1,28 @@ +*** src/include/tcsd.h.old Fri Dec 5 07:47:11 2008 +--- src/include/tcsd.h Fri Dec 5 07:48:44 2008 +*************** +*** 48,61 **** +--- 48,70 ---- + of this TCS System */ + }; + ++ #ifdef SOLARIS ++ #define TCSD_CONFIG_FILE "/etc/security/tcsd.conf" ++ #else + #define TCSD_CONFIG_FILE ETC_PREFIX "/tcsd.conf" ++ #endif + + #define TSS_USER_NAME "tss" + #define TSS_GROUP_NAME "tss" + + #define TCSD_DEFAULT_MAX_THREADS 10 ++ #ifdef SOLARIS ++ #define TCSD_DEFAULT_SYSTEM_PS_FILE "/var/tpm/system/system.data" ++ #define TCSD_DEFAULT_SYSTEM_PS_DIR "/var/tpm/system" ++ #else + #define TCSD_DEFAULT_SYSTEM_PS_FILE VAR_PREFIX "/lib/tpm/system.data" + #define TCSD_DEFAULT_SYSTEM_PS_DIR VAR_PREFIX "/lib/tpm" ++ #endif /* SOLARIS */ + #define TCSD_DEFAULT_FIRMWARE_LOG_FILE "/sys/kernel/security/tpm0/binary_bios_measurements" + #define TCSD_DEFAULT_KERNEL_LOG_FILE "/sys/kernel/security/ima/binary_runtime_measurements" + #define TCSD_DEFAULT_FIRMWARE_PCRS 0x00000000 diff -r 2bbb3ea903a8 -r 520697a05dde components/trousers/patches/tcstp_rpc.c.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/trousers/patches/tcstp_rpc.c.patch Mon May 23 14:58:25 2011 -0700 @@ -0,0 +1,473 @@ +--- src/tcs/rpc/tcstp/rpc.c.orig Fri Jun 5 12:45:50 2009 ++++ src/tcs/rpc/tcstp/rpc.c Thu Sep 10 13:05:33 2009 +@@ -385,134 +385,134 @@ + typedef struct tdDispatchTable { + TSS_RESULT (*Func) (struct tcsd_thread_data *); + const char *name; ++ UINT32 ordinal; + } DispatchTable; + + DispatchTable tcs_func_table[TCSD_MAX_NUM_ORDS] = { +- {tcs_wrap_Error,"Error"}, /* 0 */ +- {tcs_wrap_OpenContext,"OpenContext"}, +- {tcs_wrap_CloseContext,"CloseContext"}, +- {tcs_wrap_Error,"Error"}, +- {tcs_wrap_TCSGetCapability,"TCSGetCapability"}, +- {tcs_wrap_RegisterKey,"RegisterKey"}, /* 5 */ +- {tcs_wrap_UnregisterKey,"UnregisterKey"}, +- {tcs_wrap_EnumRegisteredKeys,"EnumRegisteredKeys"}, +- {tcs_wrap_Error,"Error"}, +- {tcs_wrap_GetRegisteredKeyBlob,"GetRegisteredKeyBlob"}, +- {tcs_wrap_GetRegisteredKeyByPublicInfo,"GetRegisteredKeyByPublicInfo"}, /* 10 */ +- {tcs_wrap_LoadKeyByBlob,"LoadKeyByBlob"}, +- {tcs_wrap_LoadKeyByUUID,"LoadKeyByUUID"}, +- {tcs_wrap_EvictKey,"EvictKey"}, +- {tcs_wrap_CreateWrapKey,"CreateWrapKey"}, +- {tcs_wrap_GetPubkey,"GetPubkey"}, /* 15 */ +- {tcs_wrap_MakeIdentity,"MakeIdentity"}, +- {tcs_wrap_LogPcrEvent,"LogPcrEvent"}, +- {tcs_wrap_GetPcrEvent,"GetPcrEvent"}, +- {tcs_wrap_GetPcrEventsByPcr,"GetPcrEventsByPcr"}, +- {tcs_wrap_GetPcrEventLog,"GetPcrEventLog"}, /* 20 */ +- {tcs_wrap_SetOwnerInstall,"SetOwnerInstall"}, +- {tcs_wrap_TakeOwnership,"TakeOwnership"}, +- {tcs_wrap_OIAP,"OIAP"}, +- {tcs_wrap_OSAP,"OSAP"}, +- {tcs_wrap_ChangeAuth,"ChangeAuth"}, /* 25 */ +- {tcs_wrap_ChangeAuthOwner,"ChangeAuthOwner"}, +- {tcs_wrap_Error,"Error"}, +- {tcs_wrap_Error,"Error"}, +- {tcs_wrap_TerminateHandle,"TerminateHandle"}, +- {tcs_wrap_ActivateIdentity,"ActivateIdentity"}, /* 30 */ +- {tcs_wrap_Extend,"Extend"}, +- {tcs_wrap_PcrRead,"PcrRead"}, +- {tcs_wrap_Quote,"Quote"}, +- {tcs_wrap_DirWriteAuth,"DirWriteAuth"}, +- {tcs_wrap_DirRead,"DirRead"}, /* 35 */ +- {tcs_wrap_Seal,"Seal"}, +- {tcs_wrap_UnSeal,"UnSeal"}, +- {tcs_wrap_UnBind,"UnBind"}, +- {tcs_wrap_CreateMigrationBlob,"CreateMigrationBlob"}, +- {tcs_wrap_ConvertMigrationBlob,"ConvertMigrationBlob"}, /* 40 */ +- {tcs_wrap_AuthorizeMigrationKey,"AuthorizeMigrationKey"}, +- {tcs_wrap_CertifyKey,"CertifyKey"}, +- {tcs_wrap_Sign,"Sign"}, +- {tcs_wrap_GetRandom,"GetRandom"}, +- {tcs_wrap_StirRandom,"StirRandom"}, /* 45 */ +- {tcs_wrap_GetCapability,"GetCapability"}, +- {tcs_wrap_Error,"Error"}, +- {tcs_wrap_GetCapabilityOwner,"GetCapabilityOwner"}, +- {tcs_wrap_CreateEndorsementKeyPair,"CreateEndorsementKeyPair"}, +- {tcs_wrap_ReadPubek,"ReadPubek"}, /* 50 */ +- {tcs_wrap_DisablePubekRead,"DisablePubekRead"}, +- {tcs_wrap_OwnerReadPubek,"OwnerReadPubek"}, +- {tcs_wrap_SelfTestFull,"SelfTestFull"}, +- {tcs_wrap_CertifySelfTest,"CertifySelfTest"}, +- {tcs_wrap_Error,"Error"}, /* 55 */ +- {tcs_wrap_GetTestResult,"GetTestResult"}, +- {tcs_wrap_OwnerSetDisable,"OwnerSetDisable"}, +- {tcs_wrap_OwnerClear,"OwnerClear"}, +- {tcs_wrap_DisableOwnerClear,"DisableOwnerClear"}, +- {tcs_wrap_ForceClear,"ForceClear"}, /* 60 */ +- {tcs_wrap_DisableForceClear,"DisableForceClear"}, +- {tcs_wrap_PhysicalDisable,"PhysicalDisable"}, +- {tcs_wrap_PhysicalEnable,"PhysicalEnable"}, +- {tcs_wrap_PhysicalSetDeactivated,"PhysicalSetDeactivated"}, +- {tcs_wrap_SetTempDeactivated,"SetTempDeactivated"}, /* 65 */ +- {tcs_wrap_PhysicalPresence,"PhysicalPresence"}, +- {tcs_wrap_Error,"Error"}, +- {tcs_wrap_Error,"Error"}, +- {tcs_wrap_CreateMaintenanceArchive,"CreateMaintenanceArchive"}, +- {tcs_wrap_LoadMaintenanceArchive,"LoadMaintenanceArchive"}, /* 70 */ +- {tcs_wrap_KillMaintenanceFeature,"KillMaintenanceFeature"}, +- {tcs_wrap_LoadManuMaintPub,"LoadManuMaintPub"}, +- {tcs_wrap_ReadManuMaintPub,"ReadManuMaintPub"}, +- {tcs_wrap_DaaJoin,"DaaJoin"}, +- {tcs_wrap_DaaSign,"DaaSign"}, /* 75 */ +- {tcs_wrap_SetCapability,"SetCapability"}, +- {tcs_wrap_ResetLockValue,"ResetLockValue"}, +- {tcs_wrap_PcrReset,"PcrReset"}, +- {tcs_wrap_ReadCounter,"ReadCounter"}, +- {tcs_wrap_CreateCounter,"CreateCounter"}, /* 80 */ +- {tcs_wrap_IncrementCounter,"IncrementCounter"}, +- {tcs_wrap_ReleaseCounter,"ReleaseCounter"}, +- {tcs_wrap_ReleaseCounterOwner,"ReleaseCounterOwner"}, +- {tcs_wrap_ReadCurrentTicks,"ReadCurrentTicks"}, +- {tcs_wrap_TickStampBlob,"TicksStampBlob"}, /* 85 */ +- {tcs_wrap_GetCredential,"GetCredential"}, +- {tcs_wrap_NV_DefineOrReleaseSpace,"NVDefineOrReleaseSpace"}, +- {tcs_wrap_NV_WriteValue,"NVWriteValue"}, +- {tcs_wrap_NV_WriteValueAuth,"NVWriteValueAuth"}, +- {tcs_wrap_NV_ReadValue,"NVReadValue"}, /* 90 */ +- {tcs_wrap_NV_ReadValueAuth,"NVReadValueAuth"}, +- {tcs_wrap_EstablishTransport,"EstablishTransport"}, +- {tcs_wrap_ExecuteTransport,"ExecuteTransport"}, +- {tcs_wrap_ReleaseTransportSigned,"ReleaseTransportSigned"}, +- {tcs_wrap_SetOrdinalAuditStatus,"SetOrdinalAuditStatus"}, /* 95 */ +- {tcs_wrap_GetAuditDigest,"GetAuditDigest"}, +- {tcs_wrap_GetAuditDigestSigned,"GetAuditDigestSigned"}, +- {tcs_wrap_Sealx,"Sealx"}, +- {tcs_wrap_SetOperatorAuth,"SetOperatorAuth"}, +- {tcs_wrap_OwnerReadInternalPub,"OwnerReadInternalPub"}, /* 100 */ +- {tcs_wrap_EnumRegisteredKeys2,"EnumRegisteredKeys2"}, +- {tcs_wrap_SetTempDeactivated2,"SetTempDeactivated2"}, +- {tcs_wrap_Delegate_Manage,"Delegate_Manage"}, +- {tcs_wrap_Delegate_CreateKeyDelegation,"Delegate_CreateKeyDelegation"}, +- {tcs_wrap_Delegate_CreateOwnerDelegation,"Delegate_CreateOwnerDelegation"}, /* 105 */ +- {tcs_wrap_Delegate_LoadOwnerDelegation,"Delegate_LoadOwnerDelegation"}, +- {tcs_wrap_Delegate_ReadTable,"Delegate_ReadTable"}, +- {tcs_wrap_Delegate_UpdateVerificationCount,"Delegate_UpdateVerificationCount"}, +- {tcs_wrap_Delegate_VerifyDelegation,"Delegate_VerifyDelegation"}, +- {tcs_wrap_CreateRevocableEndorsementKeyPair,"CreateRevocableEndorsementKeyPair"}, /* 110 */ +- {tcs_wrap_RevokeEndorsementKeyPair,"RevokeEndorsementKeyPair"}, +- {tcs_wrap_Error,"Error - was MakeIdentity2"}, +- {tcs_wrap_Quote2,"Quote2"}, +- {tcs_wrap_CMK_SetRestrictions,"CMK_SetRestrictions"}, +- {tcs_wrap_CMK_ApproveMA,"CMK_ApproveMA"}, /* 115 */ +- {tcs_wrap_CMK_CreateKey,"CMK_CreateKey"}, +- {tcs_wrap_CMK_CreateTicket,"CMK_CreateTicket"}, +- {tcs_wrap_CMK_CreateBlob,"CMK_CreateBlob"}, +- {tcs_wrap_CMK_ConvertMigration,"CMK_ConvertMigration"}, +- {tcs_wrap_FlushSpecific,"FlushSpecific"}, /* 120 */ +- {tcs_wrap_KeyControlOwner, "KeyControlOwner"}, +- {tcs_wrap_DSAP, "DSAP"} +-}; +- ++ {tcs_wrap_Error,"Error", 0}, /* 0 */ ++ {tcs_wrap_OpenContext,"OpenContext", 0}, ++ {tcs_wrap_CloseContext,"CloseContext", 0}, ++ {tcs_wrap_Error,"Error", 0}, ++ {tcs_wrap_TCSGetCapability,"TCSGetCapability", 0}, ++ {tcs_wrap_RegisterKey,"RegisterKey", 0}, /* 5 */ ++ {tcs_wrap_UnregisterKey,"UnregisterKey", 0}, ++ {tcs_wrap_EnumRegisteredKeys,"EnumRegisteredKeys", 0}, ++ {tcs_wrap_Error,"Error", 0}, ++ {tcs_wrap_GetRegisteredKeyBlob,"GetRegisteredKeyBlob", 0}, ++ {tcs_wrap_GetRegisteredKeyByPublicInfo,"GetRegisteredKeyByPublicInfo", 0}, /* 10 */ ++ {tcs_wrap_LoadKeyByBlob,"LoadKeyByBlob", 0}, ++ {tcs_wrap_LoadKeyByUUID,"LoadKeyByUUID", 0}, ++ {tcs_wrap_EvictKey,"EvictKey", 0}, ++ {tcs_wrap_CreateWrapKey,"CreateWrapKey", 0}, ++ {tcs_wrap_GetPubkey,"GetPubkey", 0}, /* 15 */ ++ {tcs_wrap_MakeIdentity,"MakeIdentity", 0}, ++ {tcs_wrap_LogPcrEvent,"LogPcrEvent", 0}, ++ {tcs_wrap_GetPcrEvent,"GetPcrEvent", 0}, ++ {tcs_wrap_GetPcrEventsByPcr,"GetPcrEventsByPcr", 0}, ++ {tcs_wrap_GetPcrEventLog,"GetPcrEventLog", 0}, /* 20 */ ++ {tcs_wrap_SetOwnerInstall,"SetOwnerInstall", TPM_ORD_SetOwnerInstall}, ++ {tcs_wrap_TakeOwnership,"TakeOwnership", TPM_ORD_TakeOwnership}, ++ {tcs_wrap_OIAP,"OIAP", 0}, ++ {tcs_wrap_OSAP,"OSAP", 0}, ++ {tcs_wrap_ChangeAuth,"ChangeAuth", 0}, /* 25 */ ++ {tcs_wrap_ChangeAuthOwner,"ChangeAuthOwner", 0}, ++ {tcs_wrap_Error,"Error", 0}, ++ {tcs_wrap_Error,"Error", 0}, ++ {tcs_wrap_TerminateHandle,"TerminateHandle", 0}, ++ {tcs_wrap_ActivateIdentity,"ActivateIdentity", 0}, /* 30 */ ++ {tcs_wrap_Extend,"Extend", 0}, ++ {tcs_wrap_PcrRead,"PcrRead", 0}, ++ {tcs_wrap_Quote,"Quote", 0}, ++ {tcs_wrap_DirWriteAuth,"DirWriteAuth", 0}, ++ {tcs_wrap_DirRead,"DirRead", 0}, /* 35 */ ++ {tcs_wrap_Seal,"Seal", 0}, ++ {tcs_wrap_UnSeal,"UnSeal", 0}, ++ {tcs_wrap_UnBind,"UnBind", 0}, ++ {tcs_wrap_CreateMigrationBlob,"CreateMigrationBlob", 0}, ++ {tcs_wrap_ConvertMigrationBlob,"ConvertMigrationBlob", 0}, /* 40 */ ++ {tcs_wrap_AuthorizeMigrationKey,"AuthorizeMigrationKey", 0}, ++ {tcs_wrap_CertifyKey,"CertifyKey", 0}, ++ {tcs_wrap_Sign,"Sign", 0}, ++ {tcs_wrap_GetRandom,"GetRandom", 0}, ++ {tcs_wrap_StirRandom,"StirRandom", 0}, /* 45 */ ++ {tcs_wrap_GetCapability,"GetCapability", 0}, ++ {tcs_wrap_Error,"Error", 0}, ++ {tcs_wrap_GetCapabilityOwner,"GetCapabilityOwner", 0}, ++ {tcs_wrap_CreateEndorsementKeyPair,"CreateEndorsementKeyPair", 0}, ++ {tcs_wrap_ReadPubek,"ReadPubek", 0}, /* 50 */ ++ {tcs_wrap_DisablePubekRead,"DisablePubekRead", 0}, ++ {tcs_wrap_OwnerReadPubek,"OwnerReadPubek", 0}, ++ {tcs_wrap_SelfTestFull,"SelfTestFull", TPM_ORD_SelfTestFull}, ++ {tcs_wrap_CertifySelfTest,"CertifySelfTest", TPM_ORD_CertifySelfTest}, ++ {tcs_wrap_Error,"Error", 0}, /* 55 */ ++ {tcs_wrap_GetTestResult,"GetTestResult", 0}, ++ {tcs_wrap_OwnerSetDisable,"OwnerSetDisable", TPM_ORD_OwnerSetDisable}, ++ {tcs_wrap_OwnerClear,"OwnerClear", TPM_ORD_OwnerClear}, ++ {tcs_wrap_DisableOwnerClear,"DisableOwnerClear", TPM_ORD_DisableOwnerClear}, ++ {tcs_wrap_ForceClear,"ForceClear", TPM_ORD_ForceClear}, /* 60 */ ++ {tcs_wrap_DisableForceClear,"DisableForceClear", TPM_ORD_DisableForceClear}, ++ {tcs_wrap_PhysicalDisable,"PhysicalDisable", TPM_ORD_PhysicalDisable}, ++ {tcs_wrap_PhysicalEnable,"PhysicalEnable", TPM_ORD_PhysicalEnable}, ++ {tcs_wrap_PhysicalSetDeactivated,"PhysicalSetDeactivated", TPM_ORD_PhysicalSetDeactivated}, ++ {tcs_wrap_SetTempDeactivated,"SetTempDeactivated", TPM_ORD_SetTempDeactivated}, /* 65 */ ++ {tcs_wrap_PhysicalPresence,"PhysicalPresence", TSC_ORD_PhysicalPresence}, ++ {tcs_wrap_Error,"Error", 0}, ++ {tcs_wrap_Error,"Error", 0}, ++ {tcs_wrap_CreateMaintenanceArchive,"CreateMaintenanceArchive", 0}, ++ {tcs_wrap_LoadMaintenanceArchive,"LoadMaintenanceArchive", 0}, /* 70 */ ++ {tcs_wrap_KillMaintenanceFeature,"KillMaintenanceFeature", 0}, ++ {tcs_wrap_LoadManuMaintPub,"LoadManuMaintPub", 0}, ++ {tcs_wrap_ReadManuMaintPub,"ReadManuMaintPub", 0}, ++ {tcs_wrap_DaaJoin,"DaaJoin", 0}, ++ {tcs_wrap_DaaSign,"DaaSign", 0}, /* 75 */ ++ {tcs_wrap_SetCapability,"SetCapability", 0}, ++ {tcs_wrap_ResetLockValue,"ResetLockValue", TPM_ORD_ResetLockValue}, ++ {tcs_wrap_PcrReset,"PcrReset", 0}, ++ {tcs_wrap_ReadCounter,"ReadCounter", 0}, ++ {tcs_wrap_CreateCounter,"CreateCounter", 0}, /* 80 */ ++ {tcs_wrap_IncrementCounter,"IncrementCounter", 0}, ++ {tcs_wrap_ReleaseCounter,"ReleaseCounter", 0}, ++ {tcs_wrap_ReleaseCounterOwner,"ReleaseCounterOwner", 0}, ++ {tcs_wrap_ReadCurrentTicks,"ReadCurrentTicks", 0}, ++ {tcs_wrap_TickStampBlob,"TicksStampBlob", 0}, /* 85 */ ++ {tcs_wrap_GetCredential,"GetCredential", 0}, ++ {tcs_wrap_NV_DefineOrReleaseSpace,"NVDefineOrReleaseSpace", 0}, ++ {tcs_wrap_NV_WriteValue,"NVWriteValue", 0}, ++ {tcs_wrap_NV_WriteValueAuth,"NVWriteValueAuth", 0}, ++ {tcs_wrap_NV_ReadValue,"NVReadValue", 0}, /* 90 */ ++ {tcs_wrap_NV_ReadValueAuth,"NVReadValueAuth", 0}, ++ {tcs_wrap_EstablishTransport,"EstablishTransport", 0}, ++ {tcs_wrap_ExecuteTransport,"ExecuteTransport", 0}, ++ {tcs_wrap_ReleaseTransportSigned,"ReleaseTransportSigned", 0}, ++ {tcs_wrap_SetOrdinalAuditStatus,"SetOrdinalAuditStatus", 0}, /* 95 */ ++ {tcs_wrap_GetAuditDigest,"GetAuditDigest", 0}, ++ {tcs_wrap_GetAuditDigestSigned,"GetAuditDigestSigned", 0}, ++ {tcs_wrap_Sealx,"Sealx", 0}, ++ {tcs_wrap_SetOperatorAuth,"SetOperatorAuth", TPM_ORD_SetOperatorAuth}, ++ {tcs_wrap_OwnerReadInternalPub,"OwnerReadInternalPub", 0}, /* 100 */ ++ {tcs_wrap_EnumRegisteredKeys2,"EnumRegisteredKeys2", 0}, ++ {tcs_wrap_SetTempDeactivated2,"SetTempDeactivated2", 0}, ++ {tcs_wrap_Delegate_Manage,"Delegate_Manage", 0}, ++ {tcs_wrap_Delegate_CreateKeyDelegation,"Delegate_CreateKeyDelegation", 0}, ++ {tcs_wrap_Delegate_CreateOwnerDelegation,"Delegate_CreateOwnerDelegation", 0}, /* 105 */ ++ {tcs_wrap_Delegate_LoadOwnerDelegation,"Delegate_LoadOwnerDelegation", 0}, ++ {tcs_wrap_Delegate_ReadTable,"Delegate_ReadTable", 0}, ++ {tcs_wrap_Delegate_UpdateVerificationCount,"Delegate_UpdateVerificationCount", 0}, ++ {tcs_wrap_Delegate_VerifyDelegation,"Delegate_VerifyDelegation", 0}, ++ {tcs_wrap_CreateRevocableEndorsementKeyPair,"CreateRevocableEndorsementKeyPair", 0}, /* 110 */ ++ {tcs_wrap_RevokeEndorsementKeyPair,"RevokeEndorsementKeyPair", 0}, ++ {tcs_wrap_Error,"Error - was MakeIdentity2", 0}, ++ {tcs_wrap_Quote2,"Quote2", 0}, ++ {tcs_wrap_CMK_SetRestrictions,"CMK_SetRestrictions", 0}, ++ {tcs_wrap_CMK_ApproveMA,"CMK_ApproveMA", 0}, /* 115 */ ++ {tcs_wrap_CMK_CreateKey,"CMK_CreateKey", 0}, ++ {tcs_wrap_CMK_CreateTicket,"CMK_CreateTicket", 0}, ++ {tcs_wrap_CMK_CreateBlob,"CMK_CreateBlob", 0}, ++ {tcs_wrap_CMK_ConvertMigration,"CMK_ConvertMigration", 0}, ++ {tcs_wrap_FlushSpecific,"FlushSpecific", 0}, /* 120 */ ++ {tcs_wrap_KeyControlOwner, "KeyControlOwner", 0}, ++ {tcs_wrap_DSAP, "DSAP", 0} ++ }; + int + access_control(struct tcsd_thread_data *thread_data) + { +@@ -562,11 +562,190 @@ + return 1; + } + ++#if defined (SOLARIS) ++ ++#include ++#include ++#include ++ ++static void ++audit_tpm(UINT32 cmd, struct tcsd_thread_data *data) ++{ ++ adt_session_data_t *ah = NULL; ++ adt_event_data_t *event = NULL; ++ ucred_t *uc = NULL; ++ int adterr, msgid; ++ int adtstatus = ADT_FAILURE; ++ ++ if (getpeerucred(data->sock, &uc)) { ++ LogError("Audit Failed - getpeerucred failed (%s)", ++ strerror(errno)); ++ return; ++ } ++ if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0) { ++ LogError("Audit Failed - adt_start_session failed (%s)", ++ strerror(errno)); ++ goto end; ++ } ++ ++ if (adt_set_from_ucred(ah, uc, ADT_NEW) != 0) { ++ LogError("Audit Failed - adt_set_from_ucred failed (%s)", ++ strerror(errno)); ++ goto end; ++ } ++ ++ /* ++ * NOTE: It is important that the ordering of the ++ * error message definitions in the adt.xml IDL from the ++ * libbsm library source matches the numerical ordering of ++ * the TPM_E_* error codes in /usr/include/tss/tpm_error.h ++ */ ++ if (data->comm.hdr.u.result == TSS_SUCCESS) { ++ adtstatus = ADT_SUCCESS; ++ adterr = ADT_SUCCESS; ++ /* ++ * Use literal value here until the ++ * build system is updated with latest adt_event.h ++ * 4102 = ADT_TPM_E_NO_MSG (build 123). ++ * Change this later. ++ */ ++ msgid = 4102; ++ } else if (data->comm.hdr.u.result & TPM_E_NON_FATAL) { ++ /* ++ * NON_FATAL TPM errors are masked (0x800) so they are not in numerical ++ * sequence with the rest of the TPM errors. ++ */ ++ msgid = ADT_TPM_E_RETRY + ++ (data->comm.hdr.u.result - TPM_E_RETRY); ++ adterr = ADT_FAIL_VALUE_PROGRAM; ++ } else { ++ msgid = ADT_TPM_E_AUTHFAIL + ++ (data->comm.hdr.u.result - TPM_E_AUTHFAIL); ++ adterr = ADT_FAIL_VALUE_PROGRAM; ++ } ++ switch(cmd) { ++ case TPM_ORD_CertifySelfTest: ++ event = adt_alloc_event(ah, ADT_tpm_certifyselftest); ++ if (event != NULL) ++ event->adt_tpm_certifyselftest.message = msgid; ++ break; ++ case TPM_ORD_OwnerClear: ++ event = adt_alloc_event(ah, ADT_tpm_ownerclear); ++ if (event != NULL) ++ event->adt_tpm_ownerclear.message = msgid; ++ break; ++ case TPM_ORD_ContinueSelfTest: ++ event = adt_alloc_event(ah, ADT_tpm_continueselftest); ++ if (event != NULL) ++ event->adt_tpm_continueselftest.message = msgid; ++ break; ++ case TPM_ORD_DisableForceClear: ++ event = adt_alloc_event(ah, ADT_tpm_disableforceclear); ++ if (event != NULL) ++ event->adt_tpm_disableforceclear.message = msgid; ++ break; ++ case TPM_ORD_DisableOwnerClear: ++ event = adt_alloc_event(ah, ADT_tpm_disableownerclear); ++ if (event != NULL) ++ event->adt_tpm_disableownerclear.message = msgid; ++ break; ++ case TPM_ORD_FieldUpgrade: ++ event = adt_alloc_event(ah, ADT_tpm_fieldupgrade); ++ if (event != NULL) ++ event->adt_tpm_fieldupgrade.message = msgid; ++ break; ++ case TPM_ORD_ForceClear: ++ event = adt_alloc_event(ah, ADT_tpm_forceclear); ++ if (event != NULL) ++ event->adt_tpm_forceclear.message = msgid; ++ break; ++ case TPM_ORD_OwnerSetDisable: ++ event = adt_alloc_event(ah, ADT_tpm_ownersetdisable); ++ if (event != NULL) ++ event->adt_tpm_ownersetdisable.message = msgid; ++ break; ++ case TPM_ORD_PhysicalEnable: ++ event = adt_alloc_event(ah, ADT_tpm_physicalenable); ++ if (event != NULL) ++ event->adt_tpm_physicalenable.message = msgid; ++ break; ++ case TPM_ORD_PhysicalDisable: ++ event = adt_alloc_event(ah, ADT_tpm_physicaldisable); ++ if (event != NULL) ++ event->adt_tpm_physicaldisable.message = msgid; ++ break; ++ case TPM_ORD_PhysicalSetDeactivated: ++ event = adt_alloc_event(ah, ADT_tpm_physicaldeactivate); ++ if (event != NULL) ++ event->adt_tpm_physicaldeactivate.message = msgid; ++ break; ++ case TSC_ORD_PhysicalPresence: ++ event = adt_alloc_event(ah, ADT_tpm_physicalpresence); ++ if (event != NULL) ++ event->adt_tpm_physicalpresence.message = msgid; ++ break; ++ case TPM_ORD_ResetLockValue: ++ event = adt_alloc_event(ah, ADT_tpm_resetlockvalue); ++ if (event != NULL) ++ event->adt_tpm_resetlockvalue.message = msgid; ++ break; ++ case TPM_ORD_SelfTestFull: ++ event = adt_alloc_event(ah, ADT_tpm_selftestfull); ++ if (event != NULL) ++ event->adt_tpm_selftestfull.message = msgid; ++ break; ++ case TPM_ORD_SetOperatorAuth: ++ event = adt_alloc_event(ah, ADT_tpm_setoperatorauth); ++ if (event != NULL) ++ event->adt_tpm_setoperatorauth.message = msgid; ++ break; ++ case TPM_ORD_SetOwnerInstall: ++ event = adt_alloc_event(ah, ADT_tpm_setownerinstall); ++ if (event != NULL) ++ event->adt_tpm_setownerinstall.message = msgid; ++ break; ++ case TPM_ORD_SetTempDeactivated: ++ event = adt_alloc_event(ah, ADT_tpm_settempdeactivated); ++ if (event != NULL) ++ event->adt_tpm_settempdeactivated.message = msgid; ++ break; ++ case TPM_ORD_TakeOwnership: ++ event = adt_alloc_event(ah, ADT_tpm_takeownership); ++ if (event != NULL) ++ event->adt_tpm_takeownership.message = msgid; ++ break; ++ default: ++ /* command not audited */ ++ goto end; ++ } ++ if (event == NULL) { ++ LogError("Audit Failed - Failed to allocate event (%s)", ++ strerror(errno)); ++ goto end; ++ } ++ ++ if (adt_put_event(event, adtstatus, adterr)) { ++ LogError("Audit Failed - Failed to put audit event (%s)", ++ strerror(errno)); ++ } ++ ++end: ++ ucred_free(uc); ++ adt_free_event(event); ++ (void) adt_end_session(ah); ++ ++ return; ++} ++#endif /* SOLARIS */ ++ + TSS_RESULT + dispatchCommand(struct tcsd_thread_data *data) + { + UINT64 offset; + TSS_RESULT result; ++#if defined (SOLARIS) ++ UINT32 cmd; ++#endif + + /* First, check the ordinal bounds */ + if (data->comm.hdr.u.ordinal >= TCSD_MAX_NUM_ORDS) { +@@ -596,6 +775,9 @@ + } + + /* Now, dispatch */ ++#if defined (SOLARIS) ++ cmd = tcs_func_table[data->comm.hdr.u.ordinal].ordinal; ++#endif + if ((result = tcs_func_table[data->comm.hdr.u.ordinal].Func(data)) == TSS_SUCCESS) { + /* set the comm buffer */ + offset = 0; +@@ -607,6 +789,9 @@ + LoadBlob_UINT32(&offset, data->comm.hdr.parm_size, data->comm.buf); + LoadBlob_UINT32(&offset, data->comm.hdr.parm_offset, data->comm.buf); + } ++#if defined (SOLARIS) ++ audit_tpm(cmd, data); ++#endif + + return result; + diff -r 2bbb3ea903a8 -r 520697a05dde components/trousers/patches/tddl.c.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/trousers/patches/tddl.c.patch Mon May 23 14:58:25 2011 -0700 @@ -0,0 +1,63 @@ +*** src/tddl/tddl.c.old Fri Dec 5 08:13:11 2008 +--- src/tddl/tddl.c Fri Dec 5 08:16:20 2008 +@@ -18,13 +18,17 @@ + + #include "trousers/tss.h" + #include "trousers_types.h" ++#ifndef SOLARIS + #include "linux/tpm.h" ++#endif + #include "tcslog.h" + #include "tddl.h" + + struct tpm_device_node tpm_device_nodes[] = { ++#ifndef SOLARIS + {"/dev/tpm0", TDDL_UNDEF, TDDL_UNDEF}, + {"/udev/tpm0", TDDL_UNDEF, TDDL_UNDEF}, ++#endif + {"/dev/tpm", TDDL_UNDEF, TDDL_UNDEF}, + {NULL, 0, 0} + }; +@@ -105,8 +109,11 @@ + /* tpm_device_paths is filled out in tddl.h */ + for (i = 0; tpm_device_nodes[i].path != NULL; i++) { + errno = 0; +- if ((fd = open(tpm_device_nodes[i].path, O_RDWR)) >= 0) ++ if ((fd = open(tpm_device_nodes[i].path, O_RDWR)) >= 0) { ++ fprintf(stderr, "Error opening %s: %s\n", ++ tpm_device_nodes[i].path, strerror(errno)); + break; ++ } + } + } + +@@ -181,11 +188,13 @@ + /* fall through */ + case TDDL_TRANSMIT_IOCTL: + errno = 0; ++#ifndef SOLARIS + if ((sizeResult = ioctl(opened_device->fd, TPMIOC_TRANSMIT, txBuffer)) != -1) { + opened_device->transmit = TDDL_TRANSMIT_IOCTL; + break; + } + LogWarn("ioctl: (%d) %s", errno, strerror(errno)); ++#endif + LogInfo("Falling back to Read/Write device support."); + /* fall through */ + case TDDL_TRANSMIT_RW: +@@ -255,6 +264,7 @@ + + TSS_RESULT Tddli_Cancel(void) + { ++#ifndef SOLARIS + int rc; + + if (opened_device->transmit == TDDL_TRANSMIT_IOCTL) { +@@ -270,4 +280,7 @@ + } else { + return TDDLERR(TSS_E_NOTIMPL); + } ++#else ++ return TDDLERR(TSS_E_NOTIMPL); ++#endif /* SOLARIS */ + } diff -r 2bbb3ea903a8 -r 520697a05dde components/trousers/patches/tspi_Makefile.am.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/trousers/patches/tspi_Makefile.am.patch Mon May 23 14:58:25 2011 -0700 @@ -0,0 +1,19 @@ +--- src/tspi/Makefile.am.old Thu Jan 28 13:45:54 2010 ++++ src/tspi/Makefile.am Fri May 28 14:00:42 2010 +@@ -17,7 +17,7 @@ + # 5. If any interfaces have been added since the last public release, then increment age. + # 6. If any interfaces have been removed since the last public release, then set age to 0. + +-libtspi_la_LDFLAGS=-version-info 2:3:1 -lpthread @CRYPTOLIB@ ++libtspi_la_LDFLAGS=$(LDARCHFLAG) -version-info 2:3:1 @CRYPTOLIB@ + + libtspi_la_CFLAGS=-I$(top_srcdir)/src/include -DAPPID=\"TSPI\" -DVAR_PREFIX=\"@localstatedir@\" -DETC_PREFIX=\"@sysconfdir@\" + +@@ -217,7 +217,6 @@ + libtspi_la_SOURCES+=gtk/main.c gtk/support.c gtk/interface.c gtk/callbacks.c + endif + if OPENSSL_UI +-libtspi_la_LDFLAGS+=-lssl + libtspi_la_SOURCES+=ssl_ui.c + endif + diff -r 2bbb3ea903a8 -r 520697a05dde components/trousers/patches/tspi_context.c.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/trousers/patches/tspi_context.c.patch Mon May 23 14:58:25 2011 -0700 @@ -0,0 +1,11 @@ +--- src/tspi/tspi_context.c.orig Wed Feb 3 07:39:06 2010 ++++ src/tspi/tspi_context.c Wed Feb 3 07:39:22 2010 +@@ -55,6 +55,8 @@ + /* Destroy all objects */ + obj_close_context(tspContext); + ++ __tspi_freeTable(tspContext); ++ + /* close the ps file */ + PS_close(); + diff -r 2bbb3ea903a8 -r 520697a05dde components/trousers/patches/tspps.c.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/trousers/patches/tspps.c.patch Mon May 23 14:58:25 2011 -0700 @@ -0,0 +1,55 @@ +--- src/tspi/ps/tspps.c.orig 2011-03-24 13:06:14.607907754 -0700 ++++ src/tspi/ps/tspps.c 2011-03-24 13:07:30.668528209 -0700 +@@ -70,9 +70,12 @@ + TSS_RESULT result; + char *file_name = NULL, *home_dir = NULL; + struct passwd *pwp; +-#if (defined (__linux) || defined (linux) || defined(__GLIBC__)) ++#if (defined (__linux) || defined (linux) || defined(__GLIBC__) || defined(SOLARIS)) + struct passwd pw; + #endif ++#ifdef SOLARIS ++ char pwbuf[PASSWD_BUFSIZE]; ++#endif + struct stat stat_buf; + char buf[PASSWD_BUFSIZE]; + uid_t euid; +@@ -94,9 +97,16 @@ + * in the user's home directory, which may be shared + * by multiple systems. + * +- * The directory path on Solaris is /var/tpm/userps/[EUID]/ ++ * The directory path on Solaris is /var/user[USERNAME]/tpm/userps + */ +- rc = snprintf(buf, sizeof (buf), "%s/%d", TSS_USER_PS_DIR, euid); ++ ++ pwp = getpwuid_r(euid, &pw, pwbuf, sizeof (pwbuf)); ++ if (pwp != NULL) { ++ rc = snprintf(buf, sizeof (buf), "/var/user/%s/tpm/userps", ++ pwp->pw_name); ++ } else { ++ return TSPERR(TSS_E_INTERNAL_ERROR); ++ } + #else + setpwent(); + while (1) { +@@ -142,7 +152,7 @@ + if (errno == ENOENT) { + errno = 0; + /* Create the user's ps directory if it is not there. */ +- if ((rc = mkdir(buf, 0700)) == -1) { ++ if ((rc = mkdirp(buf, 0700)) == -1) { + LogDebugFn("USER PS: Error creating dir: %s: %s", buf, + strerror(errno)); + result = TSPERR(TSS_E_INTERNAL_ERROR); +@@ -157,8 +167,8 @@ + + /* Directory exists or has been created, return the path to the file */ + #if defined (SOLARIS) +- rc = snprintf(buf, sizeof (buf), "%s/%d/%s", TSS_USER_PS_DIR, euid, +- TSS_USER_PS_FILE); ++ rc = snprintf(buf, sizeof (buf), "/var/user/%s/tpm/userps/%s", ++ pwp->pw_name, TSS_USER_PS_FILE); + #else + rc = snprintf(buf, sizeof (buf), "%s/%s/%s", home_dir, TSS_USER_PS_DIR, + TSS_USER_PS_FILE); diff -r 2bbb3ea903a8 -r 520697a05dde components/trousers/patches/tspps.h.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/trousers/patches/tspps.h.patch Mon May 23 14:58:25 2011 -0700 @@ -0,0 +1,22 @@ +--- src/include/tspps.h.old 2009-09-08 07:39:30.000000000 -0700 ++++ src/include/tspps.h 2010-09-16 08:09:37.980051068 -0700 +@@ -13,13 +13,17 @@ + + #define PASSWD_BUFSIZE 4096 + ++#ifdef SOLARIS ++#define TSS_USER_PS_DIR "/var/user/" ++#else + #define TSS_USER_PS_DIR ".trousers" ++#endif + #define TSS_USER_PS_FILE "user.data" + + TSS_RESULT get_file(int *); + int put_file(int); +-inline TSS_RESULT read_data(int, void *, UINT32); +-inline TSS_RESULT write_data(int, void *, UINT32); ++TSS_RESULT read_data(int, void *, UINT32); ++TSS_RESULT write_data(int, void *, UINT32); + UINT32 psfile_get_num_keys(int); + TSS_RESULT psfile_get_parent_uuid_by_uuid(int, TSS_UUID *, TSS_UUID *); + TSS_RESULT psfile_remove_key_by_uuid(int, TSS_UUID *); diff -r 2bbb3ea903a8 -r 520697a05dde components/trousers/prof_attr --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/trousers/prof_attr Mon May 23 14:58:25 2011 -0700 @@ -0,0 +1,1 @@ +TPM Administration:RO::Administer Privileged TPM Operations:auths=solaris.smf.manage.tcsd,solaris.smf.value.tcsd diff -r 2bbb3ea903a8 -r 520697a05dde components/trousers/tcsd.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/trousers/tcsd.sh Mon May 23 14:58:25 2011 -0700 @@ -0,0 +1,60 @@ +#!/sbin/sh +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved. +# + +. /lib/svc/share/smf_include.sh + +# SMF_FMRI is the name of the target service. This allows multiple instances +# to use the same script. + +if [ -z "$SMF_FMRI" ]; then + echo "SMF framework variables are not initialized." + exit $SMF_EXIT_ERR +fi + +tcsd_start() { + echo /usr/lib/tcsd + /usr/lib/tcsd 2>&1 > /dev/null & +} + +tcsd_stop() { + /usr/bin/pkill -x tcsd 2>&1 > /dev/null +} + +case "$1" in +'start') + tcsd_start + ;; + +'stop') + tcsd_stop + ;; + + +*) + echo "Usage: $0 {start|stop}" + exit 1 + ;; + +esac +exit $SMF_EXIT_OK diff -r 2bbb3ea903a8 -r 520697a05dde components/trousers/tcsd.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/trousers/tcsd.xml Mon May 23 14:58:25 2011 -0700 @@ -0,0 +1,107 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff -r 2bbb3ea903a8 -r 520697a05dde components/trousers/trousers.license --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/trousers/trousers.license Mon May 23 14:58:25 2011 -0700 @@ -0,0 +1,88 @@ +License: CPL + +THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS COMMON PUBLIC LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT. + +1. DEFINITIONS + +"Contribution" means: + + a) in the case of the initial Contributor, the initial code and documentation distributed under this Agreement, and + + b) in the case of each subsequent Contributor: + + i) changes to the Program, and + + ii) additions to the Program; + + where such changes and/or additions to the Program originate from and are distributed by that particular Contributor. A Contribution 'originates' from a Contributor if it was added to the Program by such Contributor itself or anyone acting on such Contributor's behalf. Contributions do not include additions to the Program which: (i) are separate modules of software distributed in conjunction with the Program under their own license agreement, and (ii) are not derivative works of the Program. + +"Contributor" means any person or entity that distributes the Program. + +"Licensed Patents " mean patent claims licensable by a Contributor which are necessarily infringed by the use or sale of its Contribution alone or when combined with the Program. + +"Program" means the Contributions distributed in accordance with this Agreement. + +"Recipient" means anyone who receives the Program under this Agreement, including all Contributors. + +2. GRANT OF RIGHTS + + a) Subject to the terms of this Agreement, each Contributor hereby grants Recipient a non-exclusive, worldwide, royalty-free copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, distribute and sublicense the Contribution of such Contributor, if any, and such derivative works, in source code and object code form. + + b) Subject to the terms of this Agreement, each Contributor hereby grants Recipient a non-exclusive, worldwide, royalty-free patent license under Licensed Patents to make, use, sell, offer to sell, import and otherwise transfer the Contribution of such Contributor, if any, in source code and object code form. This patent license shall apply to the combination of the Contribution and the Program if, at the time the Contribution is added by the Contributor, such addition of the Contribution causes such combination to be covered by the Licensed Patents. The patent license shall not apply to any other combinations which include the Contribution. No hardware per se is licensed hereunder. + + c) Recipient understands that although each Contributor grants the licenses to its Contributions set forth herein, no assurances are provided by any Contributor that the Program does not infringe the patent or other intellectual property rights of any other entity. Each Contributor disclaims any liability to Recipient for claims brought by any other entity based on infringement of intellectual property rights or otherwise. As a condition to exercising the rights and licenses granted hereunder, each Recipient hereby assumes sole responsibility to secure any other intellectual property rights needed, if any. For example, if a third party patent license is required to allow Recipient to distribute the Program, it is Recipient's responsibility to acquire that license before distributing the Program. + + d) Each Contributor represents that to its knowledge it has sufficient copyright rights in its Contribution, if any, to grant the copyright license set forth in this Agreement. + +3. REQUIREMENTS + +A Contributor may choose to distribute the Program in object code form under its own license agreement, provided that: + + a) it complies with the terms and conditions of this Agreement; and + + b) its license agreement: + + i) effectively disclaims on behalf of all Contributors all warranties and conditions, express and implied, including warranties or conditions of title and non-infringement, and implied warranties or conditions of merchantability and fitness for a particular purpose; + + ii) effectively excludes on behalf of all Contributors all liability for damages, including direct, indirect, special, incidental and consequential damages, such as lost profits; + + iii) states that any provisions which differ from this Agreement are offered by that Contributor alone and not by any other party; and + + iv) states that source code for the Program is available from such Contributor, and informs licensees how to obtain it in a reasonable manner on or through a medium customarily used for software exchange. + +When the Program is made available in source code form: + + a) it must be made available under this Agreement; and + + b) a copy of this Agreement must be included with each copy of the Program. + +Contributors may not remove or alter any copyright notices contained within the Program. + +Each Contributor must identify itself as the originator of its Contribution, if any, in a manner that reasonably allows subsequent Recipients to identify the originator of the Contribution. + +4. COMMERCIAL DISTRIBUTION + +Commercial distributors of software may accept certain responsibilities with respect to end users, business partners and the like. While this license is intended to facilitate the commercial use of the Program, the Contributor who includes the Program in a commercial product offering should do so in a manner which does not create potential liability for other Contributors. Therefore, if a Contributor includes the Program in a commercial product offering, such Contributor ("Commercial Contributor") hereby agrees to defend and indemnify every other Contributor ("Indemnified Contributor") against any losses, damages and costs (collectively "Losses") arising from claims, lawsuits and other legal actions brought by a third party against the Indemnified Contributor to the extent caused by the acts or omissions of such Commercial Contributor in connection with its distribution of the Program in a commercial product offering. The obligations in this section do not apply to any claims or Losses relating to any actual or alleged intellectual property infringement. In order to qualify, an Indemnified Contributor must: a) promptly notify the Commercial Contributor in writing of such claim, and b) allow the Commercial Contributor to control, and cooperate with the Commercial Contributor in, the defense and any related settlement negotiations. The Indemnified Contributor may participate in any such claim at its own expense. + +For example, a Contributor might include the Program in a commercial product offering, Product X. That Contributor is then a Commercial Contributor. If that Commercial Contributor then makes performance claims, or offers warranties related to Product X, those performance claims and warranties are such Commercial Contributor's responsibility alone. Under this section, the Commercial Contributor would have to defend claims against the other Contributors related to those performance claims and warranties, and if a court requires any other Contributor to pay any damages as a result, the Commercial Contributor must pay those damages. + +5. NO WARRANTY + +EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely responsible for determining the appropriateness of using and distributing the Program and assumes all risks associated with its exercise of rights under this Agreement, including but not limited to the risks and costs of program errors, compliance with applicable laws, damage to or loss of data, programs or equipment, and unavailability or interruption of operations. + +6. DISCLAIMER OF LIABILITY + +EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +7. GENERAL + +If any provision of this Agreement is invalid or unenforceable under applicable law, it shall not affect the validity or enforceability of the remainder of the terms of this Agreement, and without further action by the parties hereto, such provision shall be reformed to the minimum extent necessary to make such provision valid and enforceable. + +If Recipient institutes patent litigation against a Contributor with respect to a patent applicable to software (including a cross-claim or counterclaim in a lawsuit), then any patent licenses granted by that Contributor to such Recipient under this Agreement shall terminate as of the date such litigation is filed. In addition, if Recipient institutes patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Program itself (excluding combinations of the Program with other software or hardware) infringes such Recipient's patent(s), then such Recipient's rights granted under Section 2(b) shall terminate as of the date such litigation is filed. + +All Recipient's rights under this Agreement shall terminate if it fails to comply with any of the material terms or conditions of this Agreement and does not cure such failure in a reasonable period of time after becoming aware of such noncompliance. If all Recipient's rights under this Agreement terminate, Recipient agrees to cease use and distribution of the Program as soon as reasonably practicable. However, Recipient's obligations under this Agreement and any licenses granted by Recipient relating to the Program shall continue and survive. + +Everyone is permitted to copy and distribute copies of this Agreement, but in order to avoid inconsistency the Agreement is copyrighted and may only be modified in the following manner. The Agreement Steward reserves the right to publish new versions (including revisions) of this Agreement from time to time. No one other than the Agreement Steward has the right to modify this Agreement. IBM is the initial Agreement Steward. IBM may assign the responsibility to serve as the Agreement Steward to a suitable separate entity. Each new version of the Agreement will be given a distinguishing version number. The Program (including Contributions) may always be distributed subject to the version of the Agreement under which it was received. In addition, after a new version of the Agreement is published, Contributor may elect to distribute the Program (including its Contributions) under the new version. Except as expressly stated in Sections 2(a) and 2(b) above, Recipient receives no rights or licenses to the intellectual property of any Contributor under this Agreement, whether expressly, by implication, estoppel or otherwise. All rights in the Program not expressly granted under this Agreement are reserved. + +This Agreement is governed by the laws of the State of New York and the intellectual property laws of the United States of America. No party to this Agreement will bring a legal action under this Agreement more than one year after the cause of action arose. Each party waives its rights to a jury trial in any resulting litigation. + diff -r 2bbb3ea903a8 -r 520697a05dde components/trousers/trousers.p5m --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/trousers/trousers.p5m Mon May 23 14:58:25 2011 -0700 @@ -0,0 +1,195 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. +# + + default mangler.man.stability uncommitted> +set name=pkg.fmri \ + value=pkg:/library/security/trousers@$(IPS_COMPONENT_VERSION),$(BUILD_VERSION) +set name=pkg.summary \ + value="TCG Software Stack - software for accessing a TPM device" +set name=info.classification \ + value=org.opensolaris.category.2008:System/Security +set name=info.source_url value=$(COMPONENT_ARCHIVE_URL) +set name=info.upstream_url value=$(COMPONENT_PROJECT_URL) +set name=org.opensolaris.consolidation value=$(CONSOLIDATION) +set name=opensolaris.arc_url \ + value=http://arc.opensolaris.org/caselog/PSARC/2008/725 +dir path=etc +dir path=etc/security +dir path=usr +dir path=usr/include +dir path=usr/include/trousers +dir path=usr/include/tss +dir path=usr/lib +dir path=usr/lib/$(MACH64) +dir path=usr/share +dir path=usr/share/man +dir path=usr/share/man/man3 +dir path=usr/share/man/man5 +dir path=usr/share/man/man8 +dir path=var +dir path=var/tpm +dir path=var/tpm/pkcs11 group=sys mode=1777 owner=root +dir path=var/tpm/system group=sys mode=0700 owner=root +dir path=var/tpm/userps group=sys mode=1777 owner=root +file auth_attr path=etc/security/auth_attr.d/trousers +file prof_attr path=etc/security/prof_attr.d/trousers +file etc/tcsd.conf path=etc/security/tcsd.conf mode=0644 preserve=true original_name=SUNWtss-root:etc/security/tcsd.conf +file tcsd.xml path=lib/svc/manifest/application/security/tcsd.xml +file tcsd.sh path=lib/svc/method/tcsd.sh mode=555 +file path=usr/include/trousers/trousers.h +file path=usr/include/trousers/tss.h +file path=usr/include/tss/compat11b.h +file path=usr/include/tss/platform.h +file path=usr/include/tss/tcpa_defines.h +file path=usr/include/tss/tcpa_error.h +file path=usr/include/tss/tcpa_struct.h +file path=usr/include/tss/tcpa_typedef.h +file path=usr/include/tss/tcs.h +file path=usr/include/tss/tcs_defines.h +file path=usr/include/tss/tcs_error.h +file path=usr/include/tss/tcs_structs.h +file path=usr/include/tss/tcs_typedef.h +file path=usr/include/tss/tddl_error.h +file path=usr/include/tss/tddlapi_error.h +file path=usr/include/tss/tddli.h +file path=usr/include/tss/tpm.h +file path=usr/include/tss/tpm_error.h +file path=usr/include/tss/tpm_ordinal.h +file path=usr/include/tss/tspi.h +file path=usr/include/tss/tss_defines.h +file path=usr/include/tss/tss_error.h +file path=usr/include/tss/tss_error_basics.h +file path=usr/include/tss/tss_structs.h +file path=usr/include/tss/tss_typedef.h +file path=usr/lib/$(MACH64)/libtspi.so.1.1.3 +file path=usr/lib/$(MACH64)/tcsd mode=555 owner=root +file path=usr/lib/libtspi.so.1.1.3 +file path=usr/lib/llib-ltspi +file path=usr/lib/llib-ltspi.ln +file path=usr/lib/$(MACH64)/llib-ltspi.ln +file path=usr/lib/tcsd mode=555 owner=root +file path=usr/share/man/man3/Tspi_ChangeAuth.3 +file path=usr/share/man/man3/Tspi_ChangeAuthAsym.3 +file path=usr/share/man/man3/Tspi_Context_Close.3 +file path=usr/share/man/man3/Tspi_Context_CloseObject.3 +file path=usr/share/man/man3/Tspi_Context_Connect.3 +file path=usr/share/man/man3/Tspi_Context_Create.3 +file path=usr/share/man/man3/Tspi_Context_CreateObject.3 +file path=usr/share/man/man3/Tspi_Context_FreeMemory.3 +file path=usr/share/man/man3/Tspi_Context_GetCapability.3 +file path=usr/share/man/man3/Tspi_Context_GetDefaultPolicy.3 +file path=usr/share/man/man3/Tspi_Context_GetKeyByPublicInfo.3 +file path=usr/share/man/man3/Tspi_Context_GetKeyByUUID.3 +file path=usr/share/man/man3/Tspi_Context_GetRegisteredKeysByUUID.3 +file path=usr/share/man/man3/Tspi_Context_GetRegisteredKeysByUUID2.3 +file path=usr/share/man/man3/Tspi_Context_GetTpmObject.3 +file path=usr/share/man/man3/Tspi_Context_LoadKeyByBlob.3 +file path=usr/share/man/man3/Tspi_Context_LoadKeyByUUID.3 +file path=usr/share/man/man3/Tspi_Context_RegisterKey.3 +file path=usr/share/man/man3/Tspi_Context_UnregisterKey.3 +file path=usr/share/man/man3/Tspi_DAA_IssueCredential.3 +file path=usr/share/man/man3/Tspi_DAA_IssueInit.3 +file path=usr/share/man/man3/Tspi_DAA_IssueSetup.3 +file path=usr/share/man/man3/Tspi_DAA_IssuerKeyVerification.3 +file path=usr/share/man/man3/Tspi_DAA_VerifyInit.3 +file path=usr/share/man/man3/Tspi_DAA_VerifySignature.3 +file path=usr/share/man/man3/Tspi_Data_Bind.3 +file path=usr/share/man/man3/Tspi_Data_Seal.3 +file path=usr/share/man/man3/Tspi_Data_Unbind.3 +file path=usr/share/man/man3/Tspi_Data_Unseal.3 +file path=usr/share/man/man3/Tspi_DecodeBER_TssBlob.3 +file path=usr/share/man/man3/Tspi_EncodeDER_TssBlob.3 +file path=usr/share/man/man3/Tspi_GetAttribData.3 +file path=usr/share/man/man3/Tspi_GetAttribUint32.3 +file path=usr/share/man/man3/Tspi_GetPolicyObject.3 +file path=usr/share/man/man3/Tspi_Hash_GetHashValue.3 +file path=usr/share/man/man3/Tspi_Hash_SetHashValue.3 +file path=usr/share/man/man3/Tspi_Hash_Sign.3 +file path=usr/share/man/man3/Tspi_Hash_UpdateHashValue.3 +file path=usr/share/man/man3/Tspi_Hash_VerifySignature.3 +file path=usr/share/man/man3/Tspi_Key_CertifyKey.3 +file path=usr/share/man/man3/Tspi_Key_ConvertMigrationBlob.3 +file path=usr/share/man/man3/Tspi_Key_CreateKey.3 +file path=usr/share/man/man3/Tspi_Key_CreateMigrationBlob.3 +file path=usr/share/man/man3/Tspi_Key_GetPubKey.3 +file path=usr/share/man/man3/Tspi_Key_LoadKey.3 +file path=usr/share/man/man3/Tspi_Key_UnloadKey.3 +file path=usr/share/man/man3/Tspi_Key_WrapKey.3 +file path=usr/share/man/man3/Tspi_PcrComposite_GetPcrValue.3 +file path=usr/share/man/man3/Tspi_PcrComposite_SelectPcrIndex.3 +file path=usr/share/man/man3/Tspi_PcrComposite_SetPcrValue.3 +file path=usr/share/man/man3/Tspi_Policy_AssignToObject.3 +file path=usr/share/man/man3/Tspi_Policy_FlushSecret.3 +file path=usr/share/man/man3/Tspi_Policy_SetSecret.3 +file path=usr/share/man/man3/Tspi_SetAttribData.3 +file path=usr/share/man/man3/Tspi_SetAttribUint32.3 +file path=usr/share/man/man3/Tspi_TPM_AuthorizeMigrationTicket.3 +file path=usr/share/man/man3/Tspi_TPM_CMKSetRestrictions.3 +file path=usr/share/man/man3/Tspi_TPM_CertifySelfTest.3 +file path=usr/share/man/man3/Tspi_TPM_CheckMaintenancePubKey.3 +file path=usr/share/man/man3/Tspi_TPM_ClearOwner.3 +file path=usr/share/man/man3/Tspi_TPM_CollateIdentityRequest.3 +file path=usr/share/man/man3/Tspi_TPM_CreateEndorsementKey.3 +file path=usr/share/man/man3/Tspi_TPM_CreateMaintenanceArchive.3 +file path=usr/share/man/man3/Tspi_TPM_DAA_JoinCreateDaaPubKey.3 +file path=usr/share/man/man3/Tspi_TPM_DAA_JoinInit.3 +file path=usr/share/man/man3/Tspi_TPM_DAA_JoinStoreCredential.3 +file path=usr/share/man/man3/Tspi_TPM_DAA_Sign.3 +file path=usr/share/man/man3/Tspi_TPM_DirRead.3 +file path=usr/share/man/man3/Tspi_TPM_DirWrite.3 +file path=usr/share/man/man3/Tspi_TPM_GetAuditDigest.3 +file path=usr/share/man/man3/Tspi_TPM_GetCapability.3 +file path=usr/share/man/man3/Tspi_TPM_GetEvent.3 +file path=usr/share/man/man3/Tspi_TPM_GetEventLog.3 +file path=usr/share/man/man3/Tspi_TPM_GetEvents.3 +file path=usr/share/man/man3/Tspi_TPM_GetPubEndorsementKey.3 +file path=usr/share/man/man3/Tspi_TPM_GetRandom.3 +file path=usr/share/man/man3/Tspi_TPM_GetStatus.3 +file path=usr/share/man/man3/Tspi_TPM_GetTestResult.3 +file path=usr/share/man/man3/Tspi_TPM_KillMaintenanceFeature.3 +file path=usr/share/man/man3/Tspi_TPM_LoadMaintenancePubKey.3 +file path=usr/share/man/man3/Tspi_TPM_OwnerGetSRKPubKey.3 +file path=usr/share/man/man3/Tspi_TPM_PcrExtend.3 +file path=usr/share/man/man3/Tspi_TPM_PcrRead.3 +file path=usr/share/man/man3/Tspi_TPM_Quote.3 +file path=usr/share/man/man3/Tspi_TPM_SelfTestFull.3 +file path=usr/share/man/man3/Tspi_TPM_SetStatus.3 +file path=usr/share/man/man3/Tspi_TPM_StirRandom.3 +file path=usr/share/man/man3/Tspi_TPM_TakeOwnership.3 +file path=usr/share/man/man5/tcsd.conf.5 +file path=usr/share/man/man8/tcsd.8 +file dist/system.data.auth path=var/tpm/system/system.data.auth mode=0400 owner=root group=sys +file dist/system.data.noauth path=var/tpm/system/system.data.noauth mode=0400 owner=root group=sys +license trousers.license license=CPL +link path=var/tpm/system/system.data target=system.data.auth +link path=usr/lib/$(MACH64)/libtspi.so target=libtspi.so.1.1.3 +link path=usr/lib/$(MACH64)/libtspi.so.1 target=libtspi.so.1.1.3 +link path=usr/lib/libtspi.so target=libtspi.so.1.1.3 +link path=usr/lib/libtspi.so.1 target=libtspi.so.1.1.3 +legacy pkg=SUNWtss-root \ + name="TCG Software Stack - software for accessing a TPM device" \ + desc="Trousers - TCG software stack (0.3.6)" +legacy pkg=SUNWtss \ + name="TCG Software Stack - software for accessing a TPM device" \ + desc="Trousers - TCG software stack (0.3.6)" +