7123028 Problem with crypto/tss
authorDan Anderson <dan.anderson@oracle.com>
Wed, 18 Apr 2012 10:38:45 -0700
changeset 777 e2e604cdbd6a
parent 776 e524216b0586
child 778 9d5e4d6466cd
7123028 Problem with crypto/tss 7041927 tcsd and libtspi should not use TCP/IP sockets 7002966 libtspi can segv in .fini section 7160939 trousers should depend on iconv/utf-8 instead of iconv/unicode-core
components/trousers/Makefile
components/trousers/patches/Makefile.in.patch
components/trousers/patches/configure.in.patch
components/trousers/patches/dist_tcsd.conf.in.patch
components/trousers/patches/hash.c.patch
components/trousers/patches/hosttable.c.patch
components/trousers/patches/include_tcsd.h.patch
components/trousers/patches/include_tspps.h.patch
components/trousers/patches/include_tss_tss_defines.h.patch
components/trousers/patches/man_man5_tcsd.conf.5.in.patch
components/trousers/patches/man_man8_tcsd.8.in.patch
components/trousers/patches/rpc_ps.c.patch
components/trousers/patches/svrside.c.patch
components/trousers/patches/tcs_caps.c.patch
components/trousers/patches/tcs_rpc_tcstp_rpc.c.patch
components/trousers/patches/tcs_rpc_tcstp_rpc_ps.c.patch
components/trousers/patches/tcs_tcs_caps.c.patch
components/trousers/patches/tcsd.8.in.patch
components/trousers/patches/tcsd.conf.in.patch
components/trousers/patches/tcsd.h.patch
components/trousers/patches/tcsd_Makefile.in.patch
components/trousers/patches/tcsd_svrside.c.patch
components/trousers/patches/tcstp_rpc.c.patch
components/trousers/patches/tddl.c.patch
components/trousers/patches/tddl_tddl.c.patch
components/trousers/patches/trspi_crypto_openssl_hash.c.patch
components/trousers/patches/tspi_ps_tspps.c.patch
components/trousers/patches/tspi_rpc_hosttable.c.patch
components/trousers/patches/tspi_rpc_tcstp_rpc.c.patch
components/trousers/patches/tspps.c.patch
components/trousers/patches/tspps.h.patch
components/trousers/patches/tss_defines.h.patch
components/trousers/tcsd.xml
components/trousers/trousers.p5m
--- a/components/trousers/Makefile	Tue Apr 17 13:35:22 2012 -0700
+++ b/components/trousers/Makefile	Wed Apr 18 10:38:45 2012 -0700
@@ -18,7 +18,7 @@
 #
 # CDDL HEADER END
 #
-# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
 #
 
 include ../../make-rules/shared-macros.mk
@@ -28,7 +28,8 @@
 COMPONENT_SRC=		$(COMPONENT_NAME)-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE=	$(COMPONENT_SRC).tar.gz
 COMPONENT_PROJECT_URL=	http://sourceforge.net/projects/trousers/files/trousers/
-COMPONENT_ARCHIVE_HASH=	sha1:1bb65fe1a031f9606d871562ead35fa5909ae584
+COMPONENT_ARCHIVE_HASH=	\
+	sha256:91025f60248af44df192e8df16fa6b0c0f1e48c54f6dc51626567ed95758b0d6
 COMPONENT_ARCHIVE_URL=	$(COMPONENT_PROJECT_URL)$(COMPONENT_VERSION)/$(COMPONENT_ARCHIVE)
 
 include ../../make-rules/prep.mk
--- a/components/trousers/patches/Makefile.in.patch	Tue Apr 17 13:35:22 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,30 +0,0 @@
---- src/tcsd/Makefile.in.old	Thu Jan 28 13:56:46 2010
-+++ src/tcsd/Makefile.in	Wed Mar  3 16:35:23 2010
[email protected]@ -47,7 +47,7 @@
- mkinstalldirs = $(install_sh) -d
- CONFIG_CLEAN_FILES =
- CONFIG_CLEAN_VPATH_FILES =
--am__installdirs = "$(DESTDIR)$(sbindir)"
-+am__installdirs = "$(DESTDIR)$(libdir)"
- PROGRAMS = $(sbin_PROGRAMS)
- am_tcsd_OBJECTS = tcsd-svrside.$(OBJEXT) tcsd-tcsd_conf.$(OBJEXT) \
- 	tcsd-tcsd_threads.$(OBJEXT) tcsd-platform.$(OBJEXT)
[email protected]@ -185,7 +185,7 @@
- prefix = @[email protected]
- program_transform_name = @[email protected]
- psdir = @[email protected]
--sbindir = @[email protected]
-+sbindir = @[email protected]
- sharedstatedir = @[email protected]
- srcdir = @[email protected]
- sysconfdir = @[email protected]
[email protected]@ -200,7 +200,8 @@
- tcsd_CFLAGS = -DAPPID=\"TCSD\" -DVAR_PREFIX=\"@[email protected]\" \
- 	-DETC_PREFIX=\"@[email protected]\" -I${top_srcdir}/src/include \
- 	$(am__append_1) $(am__append_2)
--tcsd_LDADD = ${top_builddir}/src/tcs/libtcs.a ${top_builddir}/src/tddl/libtddl.a -lpthread @[email protected]
-+tcsd_LDADD = ${top_builddir}/src/tcs/libtcs.a ${top_builddir}/src/tddl/libtddl.a \
-+	-lpthread -lbsm -lscf -lresolv @[email protected]
- tcsd_SOURCES = svrside.c tcsd_conf.c tcsd_threads.c platform.c
- all: all-am
- 
--- a/components/trousers/patches/configure.in.patch	Tue Apr 17 13:35:22 2012 -0700
+++ b/components/trousers/patches/configure.in.patch	Wed Apr 18 10:38:45 2012 -0700
@@ -1,10 +1,21 @@
---- configure.in.orig	Thu Jan 28 13:56:20 2010
-+++ configure.in	Wed Mar  3 16:40:12 2010
[email protected]@ -351,6 +351,7 @@
+--- configure.in	2010-07-08 13:35:18.000000000 -0700
++++ configure.in	2012-04-10 17:37:23.820532000 -0700
[email protected]@ -143,7 +143,9 @@
+ #
+ # The default port that the TCS daemon listens on
+ #
+-AC_SUBST(TCSD_DEFAULT_PORT, 30003)
++#AC_SUBST(TCSD_DEFAULT_PORT, 30003)
++# 0 designates UNIX Domain socket. For TCP sockets, 30003 is the traditional TCP port.
++AC_SUBST(TCSD_DEFAULT_PORT, 0)
+ #
+ # The RPC mechanism to build into both libtspi and the tcsd
+ #
[email protected]@ -351,6 +353,7 @@
  
  AC_C_BIGENDIAN([AC_DEFINE(_BIG_ENDIAN, 1, [big-endian host])])
  AC_CHECK_DECL(htole32, [AC_DEFINE(HTOLE_DEFINED, 1, [htole32 function is available])])
 +AC_CHECK_HEADER(endian.h, [AC_DEFINE(HAVE_ENDIAN_H, 1, [endian.h header])])
  AC_CHECK_HEADER(sys/byteorder.h, [AC_DEFINE(HAVE_BYTEORDER_H, 1, [sys/byteorder.h header])])
  AC_CHECK_FUNC(daemon, [ AC_DEFINE(HAVE_DAEMON, 1, [daemon function is available]) ])
-
+  
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/trousers/patches/dist_tcsd.conf.in.patch	Wed Apr 18 10:38:45 2012 -0700
@@ -0,0 +1,38 @@
+--- dist/tcsd.conf.in	2010-01-28 08:27:50.000000000 -0800
++++ dist/tcsd.conf.in	2012-04-12 14:52:21.154590000 -0700
[email protected]@ -9,10 +9,16 @@
+ #
+ 
+ # Option: port
+-# Values: 1 - 65535
++# Values: 0 - 65535
+ # Description: The port that the tcsd will listen on.
++# If 0, use UNIX Domain socket /var/tpm/system/tcsd-socket,
++# otherwise use the specified TCP port (30003 is the traditional tcsd TCP port).
+ #
+-# port = 30003
++# If using a TCP Port (that is, port is not 0), clients such as tpmadm must set
++# the port with shell environment variable TSS_TCSD_PORT. For example,
++#	export TSS_TCSD_PORT=30003
++# 
++# port = 0
+ #
+ 
+ # Option: num_threads
[email protected]@ -37,6 +43,7 @@
+ #
+ # firmware_log_file = /sys/kernel/security/tpm0/binary_bios_measurements
+ #
++firmware_log_file=/var/tpm/system/pcrevent.log
+ 
+ # Option: kernel_log_file
+ # Values: Any absolute directory path
[email protected]@ -54,7 +61,7 @@
+ # Description: A list of PCR indices that are manipulated only by the system
+ #  firmware and therefore are not extended or logged by the TCSD.
+ #
+-# firmware_pcrs =
++firmware_pcrs =0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,20,21
+ #
+ 
+ # Option: kernel_pcrs
--- a/components/trousers/patches/hash.c.patch	Tue Apr 17 13:35:22 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,87 +0,0 @@
---- src/trspi/crypto/openssl/hash.c.old	2011-05-09 06:20:09.505021734 -0700
-+++ src/trspi/crypto/openssl/hash.c	2011-05-09 06:19:04.603252090 -0700
[email protected]@ -56,45 +56,21 @@
- TSS_RESULT
- Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
- {
--	EVP_MD_CTX md_ctx;
--	unsigned int result_size;
--	int rv;
-+	Trspi_HashCtx ctx;
-+	TSS_RESULT rv;
- 
--	switch (HashType) {
--		case TSS_HASH_SHA1:
--			rv = EVP_DigestInit(&md_ctx, EVP_sha1());
--			break;
--		default:
--			rv = TSPERR(TSS_E_BAD_PARAMETER);
--			goto out;
--			break;
--	}
-+	rv = Trspi_HashInit(&ctx, HashType);
-+	if (rv != TSS_SUCCESS)
-+		return rv;
- 
--	if (rv != EVP_SUCCESS) {
--		rv = TSPERR(TSS_E_INTERNAL_ERROR);
--		goto err;
--	}
--
--	rv = EVP_DigestUpdate(&md_ctx, Buf, BufSize);
--	if (rv != EVP_SUCCESS) {
--		rv = TSPERR(TSS_E_INTERNAL_ERROR);
--		goto err;
-+	rv = Trspi_HashUpdate(&ctx, BufSize, Buf);
-+	if (rv != TSS_SUCCESS) {
-+		EVP_MD_CTX_destroy(ctx.ctx);
-+		return rv;
- 	}
-+	rv = Trspi_HashFinal(&ctx, Digest);
- 
--	result_size = EVP_MD_CTX_size(&md_ctx);
--	rv = EVP_DigestFinal(&md_ctx, Digest, &result_size);
--	if (rv != EVP_SUCCESS) {
--		rv = TSPERR(TSS_E_INTERNAL_ERROR);
--		goto err;
--	} else
--		rv = TSS_SUCCESS;
--
--	goto out;
--
--err:
--	DEBUG_print_openssl_errors();
--out:
--        return rv;
-+	return (rv);
- }
- 
- TSS_RESULT
[email protected]@ -112,7 +88,8 @@
- 			break;
- 	}
- 
--	if ((ctx->ctx = malloc(sizeof(EVP_MD_CTX))) == NULL)
-+	ctx->ctx = EVP_MD_CTX_create();
-+	if (ctx->ctx == NULL)
- 		return TSPERR(TSS_E_OUTOFMEMORY);
- 
- 	rv = EVP_DigestInit((EVP_MD_CTX *)ctx->ctx, (const EVP_MD *)md);
[email protected]@ -142,7 +119,7 @@
- 	rv = EVP_DigestUpdate(ctx->ctx, data, size);
- 	if (rv != EVP_SUCCESS) {
- 		DEBUG_print_openssl_errors();
--		free(ctx->ctx);
-+		EVP_MD_CTX_destroy(ctx->ctx);
- 		ctx->ctx = NULL;
- 		return TSPERR(TSS_E_INTERNAL_ERROR);
- 	}
[email protected]@ -164,7 +141,7 @@
- 	if (rv != EVP_SUCCESS)
- 		return TSPERR(TSS_E_INTERNAL_ERROR);
- 
--	free(ctx->ctx);
-+	EVP_MD_CTX_destroy(ctx->ctx);
- 	ctx->ctx = NULL;
- 
- 	return TSS_SUCCESS;
--- a/components/trousers/patches/hosttable.c.patch	Tue Apr 17 13:35:22 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,53 +0,0 @@
---- src/tspi/rpc/hosttable.c.old	Thu Jan 28 13:27:59 2010
-+++ src/tspi/rpc/hosttable.c	Thu Aug  5 14:24:00 2010
[email protected]@ -22,7 +22,7 @@
- struct host_table *ht = NULL;
- 
- TSS_RESULT
--host_table_init()
-+static host_table_init()
- {
- 	ht = calloc(1, sizeof(struct host_table));
- 	if (ht == NULL) {
[email protected]@ -36,8 +36,7 @@
- }
- 
- #ifdef SOLARIS
--#pragma init(_init)
--void _init(void)
-+static void my_init(void)
- #else
- void __attribute__ ((constructor)) my_init(void)
- #endif
[email protected]@ -46,7 +45,7 @@
- 	__tspi_obj_list_init();
- }
- 
--void
-+static void
- host_table_final()
- {
- 	struct host_table_entry *hte, *next = NULL;
[email protected]@ -70,8 +69,7 @@
- }
- 
- #ifdef SOLARIS
--#pragma fini(_fini)
--void _fini(void)
-+static void my_fini(void)
- #else
- void __attribute__ ((destructor)) my_fini(void)
- #endif
[email protected]@ -79,6 +77,11 @@
- 	host_table_final();
- }
- 
-+#ifdef SOLARIS
-+#pragma init(my_init)
-+#pragma fini(my_fini)
-+#endif
-+
- TSS_RESULT
- __tspi_add_table_entry(TSS_HCONTEXT tspContext, BYTE *host, int type, struct host_table_entry **ret)
- {
-
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/trousers/patches/include_tcsd.h.patch	Wed Apr 18 10:38:45 2012 -0700
@@ -0,0 +1,27 @@
+--- src/include/tcsd.h	2010-05-02 19:54:15.000000000 -0700
++++ src/include/tcsd.h	2012-04-11 12:43:21.508009000 -0700
[email protected]@ -48,14 +48,24 @@
+ 							of this TCS System */
+ };
+ 
++#ifdef SOLARIS
++#define	TCSD_CONFIG_FILE	"/etc/security/tcsd.conf"
++#else
+ #define TCSD_CONFIG_FILE	ETC_PREFIX "/tcsd.conf"
++#endif
+ 
+ #define TSS_USER_NAME		"tss"
+ #define TSS_GROUP_NAME		"tss"
+ 
+ #define TCSD_DEFAULT_MAX_THREADS	10
++#ifdef SOLARIS
++#define	TCSD_DEFAULT_SYSTEM_PS_DIR	"/var/tpm/system"
++#define	TCSD_DEFAULT_SYSTEM_PS_FILE	"/var/tpm/system/system.data"
++#define	TCSD_DEFAULT_SOCKET		"/var/tpm/system/tcsd-socket"
++#else
+ #define TCSD_DEFAULT_SYSTEM_PS_FILE	VAR_PREFIX "/lib/tpm/system.data"
+ #define TCSD_DEFAULT_SYSTEM_PS_DIR	VAR_PREFIX "/lib/tpm"
++#endif /* SOLARIS */
+ #define TCSD_DEFAULT_FIRMWARE_LOG_FILE	"/sys/kernel/security/tpm0/binary_bios_measurements"
+ #define TCSD_DEFAULT_KERNEL_LOG_FILE	"/sys/kernel/security/ima/binary_runtime_measurements"
+ #define TCSD_DEFAULT_FIRMWARE_PCRS	0x00000000
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/trousers/patches/include_tspps.h.patch	Wed Apr 18 10:38:45 2012 -0700
@@ -0,0 +1,22 @@
+--- src/include/tspps.h.old	2009-09-08 07:39:30.000000000 -0700
++++ src/include/tspps.h	2010-09-16 08:09:37.980051068 -0700
[email protected]@ -13,13 +13,17 @@
+ 
+ #define PASSWD_BUFSIZE		4096
+ 
++#ifdef SOLARIS
++#define TSS_USER_PS_DIR		"/var/user/"
++#else
+ #define TSS_USER_PS_DIR		".trousers"
++#endif
+ #define TSS_USER_PS_FILE	"user.data"
+ 
+ TSS_RESULT	   get_file(int *);
+ int		   put_file(int);
+-inline TSS_RESULT  read_data(int, void *, UINT32);
+-inline TSS_RESULT  write_data(int, void *, UINT32);
++TSS_RESULT         read_data(int, void *, UINT32);
++TSS_RESULT         write_data(int, void *, UINT32);
+ UINT32		   psfile_get_num_keys(int);
+ TSS_RESULT	   psfile_get_parent_uuid_by_uuid(int, TSS_UUID *, TSS_UUID *);
+ TSS_RESULT	   psfile_remove_key_by_uuid(int, TSS_UUID *);
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/trousers/patches/include_tss_tss_defines.h.patch	Wed Apr 18 10:38:45 2012 -0700
@@ -0,0 +1,12 @@
+--- src/include/tss/tss_defines.h.old	Tue May 31 07:39:12 2011
++++ src/include/tss/tss_defines.h	Tue May 31 07:39:52 2011
[email protected]@ -1214,6 +1214,9 @@
+ #define TSS_UUID_USK5 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 9}} // user storage key 5
+ #define TSS_UUID_USK6 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 10}}// user storage key 6
+ 
++/* SOLARIS: Migratable Root Key UUID */
++#define TSS_UUID_MRK {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 11}}
++
+ // macro to derive UUIDs for keys whose "OwnerEvict" key is set.
+ #define TSS_UUID_OWNEREVICT(i) {0, 0, 0, 0, 0, {0, 0, 0, 0, 1, (i)}}
+ 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/trousers/patches/man_man5_tcsd.conf.5.in.patch	Wed Apr 18 10:38:45 2012 -0700
@@ -0,0 +1,29 @@
+--- man/man5/tcsd.conf.5.in	2010-01-28 08:27:51.000000000 -0800
++++ man/man5/tcsd.conf.5.in	2012-04-12 14:52:28.257160000 -0700
[email protected]@ -32,8 +32,16 @@
+ .SH "OPTIONS"
+ .PP
+ .BI port
+-The port that TCSD will listen on for connections, local and remote, from
++The TCP port that TCSD will listen on for connections, local and remote, from
+ applications.
++If 0, TCSD uses UNIX Domain socket /var/tpm/system/tcsd-socket,
++otherwise TCSD uses the TCP port specified
++(30003 is the traditional tcsd TCP port).
++If using a TCP Port (that is, port is not 0), clients such as tpmadm must set
++the port with shell environment variable TSS_TCSD_PORT. For example,
++.nf
++export TSS_TCSD_PORT=30003
++.fi
+ 
+ .BI num_threads
+ The maximum number of threads that the TCSD will spawn simultaneously to service
[email protected]@ -106,7 +114,7 @@
+ .PP
+ .IP
+ .nf
+-port = 30003
++port = 0
+ num_threads = 10
+ system_ps_file = /usr/local/var/tpm/system.data
+ firmware_log_file = /proc/tpm/firmware_events
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/trousers/patches/man_man8_tcsd.8.in.patch	Wed Apr 18 10:38:45 2012 -0700
@@ -0,0 +1,92 @@
+--- man/man8/tcsd.8.in	2010-01-28 08:27:51.000000000 -0800
++++ man/man8/tcsd.8.in	2012-04-16 17:46:52.763527000 -0700
[email protected]@ -51,10 +51,11 @@
+ There are two types of access control for the \fBtcsd\fR, access to the
+ daemon's socket itself and access to specific commands internal to the
+ \fBtcsd\fR. Access to the \fBtcsd\fR's port should be controlled by the system
+-administrator using firewall rules.  If using iptables, the following rule
+-will allow a specific host access to the tcsd:
+-
+-# iptables -A INPUT -s $IP_ADDRESS -p tcp --destination-port @[email protected] -j ACCEPT
++administrator using firewall rules.
++If port = 0 in /etc/security/tcsd.conf, \fBtcsd\R uses a UNIX Domain socket.
++Otherwise, \fBtcsd\fR uses a TCP port.
++By default the TCP port, when enabled, is accessible only from localhost,
++unless "remote_ops" in tcsd.conf is not empty.
+ 
+ Access to individual commands internal to the tcsd is configured by the
+ \fBtcsd\fR configuration file's "remote_ops" directive. Each function call
[email protected]@ -74,12 +75,32 @@
+ the TCS and stays valid across application lifetimes, \fBtcsd\fR restarts and 
+ system resets. Data registered in system PS stays valid until an application 
+ requests that it be removed. User PS files are by default stored as 
+-/var/tpm/user.{pid} and the system PS file by default is /var/tpm/system.data. 
+-The system PS file is initially created when ownership of the TPM is first 
+-taken.
++/var/user/$USERNAME/tpm/userps/user.data and the system PS file by default is
++/var/tpm/system/system.data.  The system PS file is initially created when 
++ownership of the TPM is first taken.
++.PP
++\fB/var/tpm/system/system.data\fR
++.ad
++.RS 4n
++Contains the system PS (persistent storage) data controlled by the TCS.  By default,
++the SRK key is installed in PS and does not require owner authorization to use.  If the
++TPM has previously been provisioned and owner-auth is required to load the SRK,
++then the /var/tpm/system/system.data.auth file should be moved to 
++/var/tpm/system/system.data before starting the TCS (See NOTES).
++.RE
++.sp
++.PP
++\fB/var/tpm/system/system.data.auth\fR
++.ad
++.RS 4n
++This is the default PS data file to use if the TPM has been previously 
++configured to require owner-auth to access the SRK.  Copy this file 
++to /var/tpm/system/system.data prior to starting the TCS if owner-auth is
++needed, otherwise this file can be ignored.
++.RE
+ 
+ .SH "CONFIGURATION"
+-\fBtcsd\fR configuration is stored by default in /etc/tcsd.conf
++\fBtcsd\fR configuration is stored by default in /etc/security/tcsd.conf
+ 
+ .SH "DEBUG OUTPUT"
+ If TrouSerS has been compiled with debugging enabled, the debugging output
[email protected]@ -88,8 +109,9 @@
+ .SH "DEVICE DRIVERS"
+ .PP
+ \fBtcsd\fR is compatible with the IBM Research TPM device driver available
+-from http://www.research.ibm.com/gsal/tcpa and the TPM device driver available
+-from http://sf.net/projects/tmpdd
++from http://www.research.ibm.com/gsal/tcpa and the TPM device driver for 
++Linux available from http://sf.net/projects/tmpdd.  It is also compatible 
++with the TPM device driver for Solaris which is available in the driver/crypto/tpm package.
+ 
+ .SH "CONFORMING TO"
+ .PP
[email protected]@ -98,7 +120,23 @@
+ 
+ .SH "SEE ALSO"
+ .PP
+-\fBtcsd.conf\fR(5)
++\fBtcsd.conf\fR(5), \fBsvcadm\fR(1M), \fBsmf\fR(5)
++
++.SH "NOTES"
++.sp
++.LP
++The \fBtcsd\fR service is managed by the service management facility, \fBsmf\fR(5), under
++the service identifier:
++.sp
++.in +2
++.nf
++svc:/application/security/tcsd:default
++.fi
++.in -2
++.sp
++.LP
++Administrative actions on this service, such as enabling, disabling, or requesting restart, can be
++performed using \fBsvcadm\fR(1M). The service's status can be queried using the \fBsvcs\fR(1) command.
+ 
+ .SH "AUTHOR"
+ Kent Yoder
--- a/components/trousers/patches/rpc_ps.c.patch	Tue Apr 17 13:35:22 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,54 +0,0 @@
---- src/tcs/rpc/tcstp/rpc_ps.c.orig	2011-03-23 11:01:54.707428173 -0700
-+++ src/tcs/rpc/tcstp/rpc_ps.c	2011-03-23 11:27:00.753845441 -0700
[email protected]@ -26,6 +26,29 @@
- #include "tcs_utils.h"
- #include "rpc_tcstp_tcs.h"
- 
-+#ifdef SOLARIS
-+#include <ucred.h>
-+#include <errno.h>
-+
-+static TSS_RESULT
-+verify_peer(struct tcsd_thread_data *data)
-+{
-+	ucred_t *uc = NULL;
-+	if (getpeerucred(data->sock, &uc)) {
-+		LogError("Failed to get peer credential (%s)",
-+		    strerror(errno));
-+		return TCSERR(TSS_E_TSP_AUTHFAIL);
-+	}
-+	if (ucred_geteuid(uc) != 0) {
-+		LogError("Unauthorized attempt to modify a system key",
-+		    strerror(errno));
-+		ucred_free(uc);
-+		return TCSERR(TSS_E_TSP_AUTHFAIL);
-+	}
-+	ucred_free(uc);
-+	return (TSS_SUCCESS);
-+}
-+#endif
- 
- TSS_RESULT
- tcs_wrap_RegisterKey(struct tcsd_thread_data *data)
[email protected]@ -38,6 +61,10 @@
- 	UINT32 cVendorData;
- 	BYTE *gbVendorData;
- 	TSS_RESULT result;
-+#ifdef SOLARIS
-+	if ( (result = verify_peer(data)) != TSS_SUCCESS)
-+		return (result);
-+#endif
- 
- 	if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm))
- 		return TCSERR(TSS_E_INTERNAL_ERROR);
[email protected]@ -99,6 +126,10 @@
- 	TCS_CONTEXT_HANDLE hContext;
- 	TSS_UUID uuid;
- 	TSS_RESULT result;
-+#ifdef SOLARIS
-+	if ( (result = verify_peer(data)) != TSS_SUCCESS)
-+		return (result);
-+#endif
- 
- 	if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm))
- 		return TCSERR(TSS_E_INTERNAL_ERROR);
--- a/components/trousers/patches/svrside.c.patch	Tue Apr 17 13:35:22 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,210 +0,0 @@
---- src/tcsd/svrside.c	Wed Jun  9 13:19:00 2010
-+++ src/tcsd/svrside.c.new	Thu Dec  8 12:58:00 2011
[email protected]@ -27,6 +27,14 @@
- #include <arpa/inet.h>
- #include <errno.h>
- #include <getopt.h>
-+#ifdef SOLARIS
-+#include <priv.h>
-+#include <fcntl.h>
-+#endif
-+#ifndef HAVE_DAEMON
-+#include <fcntl.h>
-+#endif
-+
- #include "trousers/tss.h"
- #include "trousers_types.h"
- #include "tcs_tsp.h"
[email protected]@ -44,6 +52,11 @@
- static volatile int hup = 0, term = 0;
- extern char *optarg;
- 
-+#ifdef SOLARIS
-+static int
-+get_event_log_from_kernel();
-+#endif
-+
- static void
- tcsd_shutdown(void)
- {
[email protected]@ -170,6 +183,10 @@
- 		(void)req_mgr_final();
- 		return result;
- 	}
-+#ifdef SOLARIS
-+	/* Not fatal if this fails */
-+	(void) get_event_log_from_kernel();
-+#endif
- 
- 	result = owner_evict_init();
- 	if (result != TSS_SUCCESS) {
[email protected]@ -208,6 +225,147 @@
- }
- 
- 
-+#ifdef SOLARIS
-+
-+extern int get_device_fd();
-+
-+#define TPM_IOCTL_GETEVTABLE    1
-+struct tpm_evtable_ioblk {
-+	uint32_t	buflen;
-+	caddr_t		buf;
-+};
-+
-+static int
-+store_eventlog(char *filename, struct tpm_evtable_ioblk *evlog)
-+{
-+	int fd;
-+	int bytes = 0;
-+
-+	fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT, 0600);
-+	if (fd == -1) {
-+		LogError("Error opening logfile %s: %s", filename,
-+		    strerror(errno));
-+		return (-1);
-+	}
-+	while (bytes < evlog->buflen) {
-+		int n;
-+		n = write(fd, evlog->buf, evlog->buflen - bytes);
-+		if (n == -1 && errno != EAGAIN) {
-+			LogError("Error writing logfile %s: %s",
-+			    filename, strerror(errno));
-+			close(fd);
-+			return (-1);
-+		}
-+		if (n != -1)
-+			bytes += n;
-+	}
-+	close(fd);
-+
-+	return (0);
-+}
-+
-+static int
-+get_event_log_from_kernel()
-+{
-+	int fd = get_device_fd();
-+	struct tpm_evtable_ioblk ioblk;
-+
-+	if (fd == -1)
-+		return (-1);
-+
-+	(void) memset(&ioblk, 0, sizeof (ioblk));
-+	if (ioctl(fd, TPM_IOCTL_GETEVTABLE, &ioblk)) {
-+		LogDebug("Cannot get event log from kernel: %s",
-+		    strerror(errno));
-+		return (-1);
-+	}
-+	if (ioblk.buflen == 0)
-+		return (0);
-+
-+	ioblk.buf = calloc(1, ioblk.buflen);
-+	if (ioblk.buf == NULL) {
-+		return (-1);
-+	}
-+	if (ioctl(fd, TPM_IOCTL_GETEVTABLE, &ioblk)) {
-+		free(ioblk.buf);
-+		LogDebug("Cannot get event log from kernel: %s",
-+		    strerror(errno));
-+		return (-1);
-+	}
-+
-+	return (store_eventlog(tcsd_options.firmware_log_file, &ioblk));
-+}
-+/*
-+ * For Solaris, make the tcsd privilege aware and drop
-+ * risky privileges if they are not needed.
-+ */
-+static int
-+drop_privs()
-+{
-+	priv_set_t *myprivs;
-+	int rv;
-+
-+	/*
-+	 * Drop unneeded privs such as fork/exec.
-+	 *
-+	 * Get "basic" privs and remove the ones we don't want.
-+	 */
-+	if ((myprivs = priv_str_to_set("basic", ",", NULL)) == NULL) {
-+		LogError("priv_str_to_set failed: %s", strerror(errno));
-+		return (1);
-+	} else {
-+		(void) priv_delset(myprivs, PRIV_PROC_EXEC);
-+		(void) priv_delset(myprivs, PRIV_PROC_FORK);
-+		(void) priv_delset(myprivs, PRIV_FILE_LINK_ANY);
-+		(void) priv_delset(myprivs, PRIV_PROC_INFO);
-+		(void) priv_delset(myprivs, PRIV_PROC_SESSION);
-+		(void) priv_delset(myprivs, PRIV_PROC_SETID);
-+
-+		/* for auditing */
-+		(void) priv_addset(myprivs, PRIV_PROC_AUDIT);
-+
-+		if ((rv = setppriv(PRIV_SET, PRIV_PERMITTED, myprivs)))
-+			return (rv);
-+		if ((rv = setppriv(PRIV_SET, PRIV_LIMIT, myprivs)))
-+			return (rv);
-+		if ((rv = setppriv(PRIV_SET, PRIV_INHERITABLE, myprivs)))
-+			return (rv);
-+
-+		(void) priv_freeset(myprivs);
-+	}
-+	return (0);
-+}
-+#endif /* SOLARIS */
-+
-+#ifndef HAVE_DAEMON
-+static int
-+daemon(int nochdir, int noclose) {
-+	int rv, fd;
-+
-+	switch (fork()) {
-+		case -1:
-+			return (-1);
-+		case 0:
-+			break;
-+		default:
-+		exit (0);
-+	}
-+
-+	if (setsid() == -1)
-+		return (-1);
-+	if (!nochdir)
-+		(void) chdir("/");
-+	if (!noclose && (fd = open("/dev/null", O_RDWR, 0)) != -1) {
-+		(void) dup2(fd, STDIN_FILENO);
-+		(void) dup2(fd, STDOUT_FILENO);
-+		(void) dup2(fd, STDERR_FILENO);
-+		if (fd > 2)
-+			(void)close (fd);
-+	}
-+	return (0);
-+}
-+#endif /* !HAVE_DAEMON */
-+
- int
- main(int argc, char **argv)
- {
[email protected]@ -223,6 +381,9 @@
- 		{"foreground", 0, NULL, 'f'},
- 		{0, 0, 0, 0}
- 	};
-+#ifdef SOLARIS
-+	int rv;
-+#endif
- 
- 	unsetenv("TCSD_USE_TCP_DEVICE");
- 	while ((c = getopt_long(argc, argv, "fhe", long_options, &option_index)) != -1) {
[email protected]@ -294,6 +455,11 @@
- 			return -1;
- 		}
- 	}
-+#ifdef SOLARIS
-+	/* For Solaris, drop privileges for security. */
-+	if ((rv = drop_privs()))
-+		return (rv);
-+#endif /* SOLARIS */
- 
- 	LogInfo("%s: TCSD up and running.", PACKAGE_STRING);
- 	do {
--- a/components/trousers/patches/tcs_caps.c.patch	Tue Apr 17 13:35:22 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,21 +0,0 @@
---- src/tcs/tcs_caps.c.old	Wed Jun  9 13:20:44 2010
-+++ src/tcs/tcs_caps.c	Fri Jul  1 16:26:51 2011
[email protected]@ -149,6 +149,7 @@
- {
- 	TSS_RESULT result;
- 	UINT32 subCap, rv = 0;
-+	UINT32 manuf;
- 
- 	if ((result = get_current_version(&p->version)))
- 		goto err;
[email protected]@ -181,8 +182,9 @@
- 
- 	UINT32ToArray(TPM_CAP_PROP_MANUFACTURER, (BYTE *)&subCap);
- 	if ((result = get_cap_uint32(TCPA_CAP_PROPERTY, (BYTE *)&subCap, sizeof(UINT32),
--					(UINT32 *)&p->manufacturer)))
-+					(UINT32 *)&manuf)))
- 		goto err;
-+	(void) memcpy(p->manufacturer, &manuf, sizeof (UINT32));
- 
- 	result = get_max_auths(&(p->num_auths));
- 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/trousers/patches/tcs_rpc_tcstp_rpc.c.patch	Wed Apr 18 10:38:45 2012 -0700
@@ -0,0 +1,473 @@
+--- src/tcs/rpc/tcstp/rpc.c.orig	Fri Jun  5 12:45:50 2009
++++ src/tcs/rpc/tcstp/rpc.c	Thu Sep 10 13:05:33 2009
[email protected]@ -385,134 +385,134 @@
+ typedef struct tdDispatchTable {
+ 	TSS_RESULT (*Func) (struct tcsd_thread_data *);
+ 	const char *name;
++	UINT32 ordinal;
+ } DispatchTable;
+ 
+ DispatchTable tcs_func_table[TCSD_MAX_NUM_ORDS] = {
+-	{tcs_wrap_Error,"Error"},   /* 0 */
+-	{tcs_wrap_OpenContext,"OpenContext"},
+-	{tcs_wrap_CloseContext,"CloseContext"},
+-	{tcs_wrap_Error,"Error"},
+-	{tcs_wrap_TCSGetCapability,"TCSGetCapability"},
+-	{tcs_wrap_RegisterKey,"RegisterKey"}, /* 5 */
+-	{tcs_wrap_UnregisterKey,"UnregisterKey"},
+-	{tcs_wrap_EnumRegisteredKeys,"EnumRegisteredKeys"},
+-	{tcs_wrap_Error,"Error"},
+-	{tcs_wrap_GetRegisteredKeyBlob,"GetRegisteredKeyBlob"},
+-	{tcs_wrap_GetRegisteredKeyByPublicInfo,"GetRegisteredKeyByPublicInfo"}, /* 10 */
+-	{tcs_wrap_LoadKeyByBlob,"LoadKeyByBlob"},
+-	{tcs_wrap_LoadKeyByUUID,"LoadKeyByUUID"},
+-	{tcs_wrap_EvictKey,"EvictKey"},
+-	{tcs_wrap_CreateWrapKey,"CreateWrapKey"},
+-	{tcs_wrap_GetPubkey,"GetPubkey"}, /* 15 */
+-	{tcs_wrap_MakeIdentity,"MakeIdentity"},
+-	{tcs_wrap_LogPcrEvent,"LogPcrEvent"},
+-	{tcs_wrap_GetPcrEvent,"GetPcrEvent"},
+-	{tcs_wrap_GetPcrEventsByPcr,"GetPcrEventsByPcr"},
+-	{tcs_wrap_GetPcrEventLog,"GetPcrEventLog"}, /* 20 */
+-	{tcs_wrap_SetOwnerInstall,"SetOwnerInstall"},
+-	{tcs_wrap_TakeOwnership,"TakeOwnership"},
+-	{tcs_wrap_OIAP,"OIAP"},
+-	{tcs_wrap_OSAP,"OSAP"},
+-	{tcs_wrap_ChangeAuth,"ChangeAuth"}, /* 25 */
+-	{tcs_wrap_ChangeAuthOwner,"ChangeAuthOwner"},
+-	{tcs_wrap_Error,"Error"},
+-	{tcs_wrap_Error,"Error"},
+-	{tcs_wrap_TerminateHandle,"TerminateHandle"},
+-	{tcs_wrap_ActivateIdentity,"ActivateIdentity"}, /* 30 */
+-	{tcs_wrap_Extend,"Extend"},
+-	{tcs_wrap_PcrRead,"PcrRead"},
+-	{tcs_wrap_Quote,"Quote"},
+-	{tcs_wrap_DirWriteAuth,"DirWriteAuth"},
+-	{tcs_wrap_DirRead,"DirRead"}, /* 35 */
+-	{tcs_wrap_Seal,"Seal"},
+-	{tcs_wrap_UnSeal,"UnSeal"},
+-	{tcs_wrap_UnBind,"UnBind"},
+-	{tcs_wrap_CreateMigrationBlob,"CreateMigrationBlob"},
+-	{tcs_wrap_ConvertMigrationBlob,"ConvertMigrationBlob"}, /* 40 */
+-	{tcs_wrap_AuthorizeMigrationKey,"AuthorizeMigrationKey"},
+-	{tcs_wrap_CertifyKey,"CertifyKey"},
+-	{tcs_wrap_Sign,"Sign"},
+-	{tcs_wrap_GetRandom,"GetRandom"},
+-	{tcs_wrap_StirRandom,"StirRandom"}, /* 45 */
+-	{tcs_wrap_GetCapability,"GetCapability"},
+-	{tcs_wrap_Error,"Error"},
+-	{tcs_wrap_GetCapabilityOwner,"GetCapabilityOwner"},
+-	{tcs_wrap_CreateEndorsementKeyPair,"CreateEndorsementKeyPair"},
+-	{tcs_wrap_ReadPubek,"ReadPubek"}, /* 50 */
+-	{tcs_wrap_DisablePubekRead,"DisablePubekRead"},
+-	{tcs_wrap_OwnerReadPubek,"OwnerReadPubek"},
+-	{tcs_wrap_SelfTestFull,"SelfTestFull"},
+-	{tcs_wrap_CertifySelfTest,"CertifySelfTest"},
+-	{tcs_wrap_Error,"Error"}, /* 55 */
+-	{tcs_wrap_GetTestResult,"GetTestResult"},
+-	{tcs_wrap_OwnerSetDisable,"OwnerSetDisable"},
+-	{tcs_wrap_OwnerClear,"OwnerClear"},
+-	{tcs_wrap_DisableOwnerClear,"DisableOwnerClear"},
+-	{tcs_wrap_ForceClear,"ForceClear"}, /* 60 */
+-	{tcs_wrap_DisableForceClear,"DisableForceClear"},
+-	{tcs_wrap_PhysicalDisable,"PhysicalDisable"},
+-	{tcs_wrap_PhysicalEnable,"PhysicalEnable"},
+-	{tcs_wrap_PhysicalSetDeactivated,"PhysicalSetDeactivated"},
+-	{tcs_wrap_SetTempDeactivated,"SetTempDeactivated"}, /* 65 */
+-	{tcs_wrap_PhysicalPresence,"PhysicalPresence"},
+-	{tcs_wrap_Error,"Error"},
+-	{tcs_wrap_Error,"Error"},
+-	{tcs_wrap_CreateMaintenanceArchive,"CreateMaintenanceArchive"},
+-	{tcs_wrap_LoadMaintenanceArchive,"LoadMaintenanceArchive"}, /* 70 */
+-	{tcs_wrap_KillMaintenanceFeature,"KillMaintenanceFeature"},
+-	{tcs_wrap_LoadManuMaintPub,"LoadManuMaintPub"},
+-	{tcs_wrap_ReadManuMaintPub,"ReadManuMaintPub"},
+-	{tcs_wrap_DaaJoin,"DaaJoin"},
+-	{tcs_wrap_DaaSign,"DaaSign"}, /* 75 */
+-	{tcs_wrap_SetCapability,"SetCapability"},
+-	{tcs_wrap_ResetLockValue,"ResetLockValue"},
+-	{tcs_wrap_PcrReset,"PcrReset"},
+-	{tcs_wrap_ReadCounter,"ReadCounter"},
+-	{tcs_wrap_CreateCounter,"CreateCounter"}, /* 80 */
+-	{tcs_wrap_IncrementCounter,"IncrementCounter"},
+-	{tcs_wrap_ReleaseCounter,"ReleaseCounter"},
+-	{tcs_wrap_ReleaseCounterOwner,"ReleaseCounterOwner"},
+-	{tcs_wrap_ReadCurrentTicks,"ReadCurrentTicks"},
+-	{tcs_wrap_TickStampBlob,"TicksStampBlob"}, /* 85 */
+-	{tcs_wrap_GetCredential,"GetCredential"},
+-	{tcs_wrap_NV_DefineOrReleaseSpace,"NVDefineOrReleaseSpace"},
+-	{tcs_wrap_NV_WriteValue,"NVWriteValue"},
+-	{tcs_wrap_NV_WriteValueAuth,"NVWriteValueAuth"},
+-	{tcs_wrap_NV_ReadValue,"NVReadValue"}, /* 90 */
+-	{tcs_wrap_NV_ReadValueAuth,"NVReadValueAuth"},
+-	{tcs_wrap_EstablishTransport,"EstablishTransport"},
+-	{tcs_wrap_ExecuteTransport,"ExecuteTransport"},
+-	{tcs_wrap_ReleaseTransportSigned,"ReleaseTransportSigned"},
+-	{tcs_wrap_SetOrdinalAuditStatus,"SetOrdinalAuditStatus"}, /* 95 */
+-	{tcs_wrap_GetAuditDigest,"GetAuditDigest"},
+-	{tcs_wrap_GetAuditDigestSigned,"GetAuditDigestSigned"},
+-	{tcs_wrap_Sealx,"Sealx"},
+-	{tcs_wrap_SetOperatorAuth,"SetOperatorAuth"},
+-	{tcs_wrap_OwnerReadInternalPub,"OwnerReadInternalPub"}, /* 100 */
+-	{tcs_wrap_EnumRegisteredKeys2,"EnumRegisteredKeys2"},
+-	{tcs_wrap_SetTempDeactivated2,"SetTempDeactivated2"},
+-	{tcs_wrap_Delegate_Manage,"Delegate_Manage"},
+-	{tcs_wrap_Delegate_CreateKeyDelegation,"Delegate_CreateKeyDelegation"},
+-	{tcs_wrap_Delegate_CreateOwnerDelegation,"Delegate_CreateOwnerDelegation"}, /* 105 */
+-	{tcs_wrap_Delegate_LoadOwnerDelegation,"Delegate_LoadOwnerDelegation"},
+-	{tcs_wrap_Delegate_ReadTable,"Delegate_ReadTable"},
+-	{tcs_wrap_Delegate_UpdateVerificationCount,"Delegate_UpdateVerificationCount"},
+-	{tcs_wrap_Delegate_VerifyDelegation,"Delegate_VerifyDelegation"},
+-	{tcs_wrap_CreateRevocableEndorsementKeyPair,"CreateRevocableEndorsementKeyPair"}, /* 110 */
+-	{tcs_wrap_RevokeEndorsementKeyPair,"RevokeEndorsementKeyPair"},
+-	{tcs_wrap_Error,"Error - was MakeIdentity2"},
+-	{tcs_wrap_Quote2,"Quote2"},
+-	{tcs_wrap_CMK_SetRestrictions,"CMK_SetRestrictions"},
+-	{tcs_wrap_CMK_ApproveMA,"CMK_ApproveMA"}, /* 115 */
+-	{tcs_wrap_CMK_CreateKey,"CMK_CreateKey"},
+-	{tcs_wrap_CMK_CreateTicket,"CMK_CreateTicket"},
+-	{tcs_wrap_CMK_CreateBlob,"CMK_CreateBlob"},
+-	{tcs_wrap_CMK_ConvertMigration,"CMK_ConvertMigration"},
+-	{tcs_wrap_FlushSpecific,"FlushSpecific"}, /* 120 */
+-	{tcs_wrap_KeyControlOwner, "KeyControlOwner"},
+-	{tcs_wrap_DSAP, "DSAP"}
+-};
+-
++ 	{tcs_wrap_Error,"Error", 0},   /* 0 */
++ 	{tcs_wrap_OpenContext,"OpenContext", 0},
++ 	{tcs_wrap_CloseContext,"CloseContext", 0},
++ 	{tcs_wrap_Error,"Error", 0},
++ 	{tcs_wrap_TCSGetCapability,"TCSGetCapability", 0},
++ 	{tcs_wrap_RegisterKey,"RegisterKey", 0}, /* 5 */
++ 	{tcs_wrap_UnregisterKey,"UnregisterKey", 0},
++ 	{tcs_wrap_EnumRegisteredKeys,"EnumRegisteredKeys", 0},
++ 	{tcs_wrap_Error,"Error", 0},
++ 	{tcs_wrap_GetRegisteredKeyBlob,"GetRegisteredKeyBlob", 0},
++ 	{tcs_wrap_GetRegisteredKeyByPublicInfo,"GetRegisteredKeyByPublicInfo", 0}, /* 10 */
++ 	{tcs_wrap_LoadKeyByBlob,"LoadKeyByBlob", 0},
++ 	{tcs_wrap_LoadKeyByUUID,"LoadKeyByUUID", 0},
++ 	{tcs_wrap_EvictKey,"EvictKey", 0},
++ 	{tcs_wrap_CreateWrapKey,"CreateWrapKey", 0},
++ 	{tcs_wrap_GetPubkey,"GetPubkey", 0}, /* 15 */
++ 	{tcs_wrap_MakeIdentity,"MakeIdentity", 0},
++ 	{tcs_wrap_LogPcrEvent,"LogPcrEvent", 0},
++ 	{tcs_wrap_GetPcrEvent,"GetPcrEvent", 0},
++ 	{tcs_wrap_GetPcrEventsByPcr,"GetPcrEventsByPcr", 0},
++ 	{tcs_wrap_GetPcrEventLog,"GetPcrEventLog", 0}, /* 20 */
++ 	{tcs_wrap_SetOwnerInstall,"SetOwnerInstall", TPM_ORD_SetOwnerInstall},
++ 	{tcs_wrap_TakeOwnership,"TakeOwnership", TPM_ORD_TakeOwnership},
++ 	{tcs_wrap_OIAP,"OIAP", 0},
++ 	{tcs_wrap_OSAP,"OSAP", 0},
++ 	{tcs_wrap_ChangeAuth,"ChangeAuth", 0}, /* 25 */
++ 	{tcs_wrap_ChangeAuthOwner,"ChangeAuthOwner", 0},
++ 	{tcs_wrap_Error,"Error", 0},
++ 	{tcs_wrap_Error,"Error", 0},
++ 	{tcs_wrap_TerminateHandle,"TerminateHandle", 0},
++ 	{tcs_wrap_ActivateIdentity,"ActivateIdentity", 0}, /* 30 */
++ 	{tcs_wrap_Extend,"Extend", 0},
++ 	{tcs_wrap_PcrRead,"PcrRead", 0},
++ 	{tcs_wrap_Quote,"Quote", 0},
++ 	{tcs_wrap_DirWriteAuth,"DirWriteAuth", 0},
++ 	{tcs_wrap_DirRead,"DirRead", 0}, /* 35 */
++ 	{tcs_wrap_Seal,"Seal", 0},
++ 	{tcs_wrap_UnSeal,"UnSeal", 0},
++ 	{tcs_wrap_UnBind,"UnBind", 0},
++ 	{tcs_wrap_CreateMigrationBlob,"CreateMigrationBlob", 0},
++ 	{tcs_wrap_ConvertMigrationBlob,"ConvertMigrationBlob", 0}, /* 40 */
++ 	{tcs_wrap_AuthorizeMigrationKey,"AuthorizeMigrationKey", 0},
++ 	{tcs_wrap_CertifyKey,"CertifyKey", 0},
++ 	{tcs_wrap_Sign,"Sign", 0},
++ 	{tcs_wrap_GetRandom,"GetRandom", 0},
++ 	{tcs_wrap_StirRandom,"StirRandom", 0}, /* 45 */
++ 	{tcs_wrap_GetCapability,"GetCapability", 0},
++ 	{tcs_wrap_Error,"Error", 0},
++ 	{tcs_wrap_GetCapabilityOwner,"GetCapabilityOwner", 0},
++ 	{tcs_wrap_CreateEndorsementKeyPair,"CreateEndorsementKeyPair", 0},
++ 	{tcs_wrap_ReadPubek,"ReadPubek", 0}, /* 50 */
++ 	{tcs_wrap_DisablePubekRead,"DisablePubekRead", 0},
++ 	{tcs_wrap_OwnerReadPubek,"OwnerReadPubek", 0},
++ 	{tcs_wrap_SelfTestFull,"SelfTestFull", TPM_ORD_SelfTestFull},
++ 	{tcs_wrap_CertifySelfTest,"CertifySelfTest", TPM_ORD_CertifySelfTest},
++ 	{tcs_wrap_Error,"Error", 0}, /* 55 */
++ 	{tcs_wrap_GetTestResult,"GetTestResult", 0},
++ 	{tcs_wrap_OwnerSetDisable,"OwnerSetDisable", TPM_ORD_OwnerSetDisable},
++ 	{tcs_wrap_OwnerClear,"OwnerClear", TPM_ORD_OwnerClear},
++ 	{tcs_wrap_DisableOwnerClear,"DisableOwnerClear", TPM_ORD_DisableOwnerClear},
++ 	{tcs_wrap_ForceClear,"ForceClear", TPM_ORD_ForceClear}, /* 60 */
++ 	{tcs_wrap_DisableForceClear,"DisableForceClear", TPM_ORD_DisableForceClear},
++ 	{tcs_wrap_PhysicalDisable,"PhysicalDisable", TPM_ORD_PhysicalDisable},
++ 	{tcs_wrap_PhysicalEnable,"PhysicalEnable", TPM_ORD_PhysicalEnable},
++ 	{tcs_wrap_PhysicalSetDeactivated,"PhysicalSetDeactivated", TPM_ORD_PhysicalSetDeactivated},
++ 	{tcs_wrap_SetTempDeactivated,"SetTempDeactivated", TPM_ORD_SetTempDeactivated}, /* 65 */
++ 	{tcs_wrap_PhysicalPresence,"PhysicalPresence", TSC_ORD_PhysicalPresence},
++ 	{tcs_wrap_Error,"Error", 0},
++ 	{tcs_wrap_Error,"Error", 0},
++ 	{tcs_wrap_CreateMaintenanceArchive,"CreateMaintenanceArchive", 0},
++ 	{tcs_wrap_LoadMaintenanceArchive,"LoadMaintenanceArchive", 0}, /* 70 */
++ 	{tcs_wrap_KillMaintenanceFeature,"KillMaintenanceFeature", 0},
++ 	{tcs_wrap_LoadManuMaintPub,"LoadManuMaintPub", 0},
++ 	{tcs_wrap_ReadManuMaintPub,"ReadManuMaintPub", 0},
++ 	{tcs_wrap_DaaJoin,"DaaJoin", 0},
++ 	{tcs_wrap_DaaSign,"DaaSign", 0}, /* 75 */
++ 	{tcs_wrap_SetCapability,"SetCapability", 0},
++ 	{tcs_wrap_ResetLockValue,"ResetLockValue", TPM_ORD_ResetLockValue},
++ 	{tcs_wrap_PcrReset,"PcrReset", 0},
++ 	{tcs_wrap_ReadCounter,"ReadCounter", 0},
++ 	{tcs_wrap_CreateCounter,"CreateCounter", 0}, /* 80 */
++ 	{tcs_wrap_IncrementCounter,"IncrementCounter", 0},
++ 	{tcs_wrap_ReleaseCounter,"ReleaseCounter", 0},
++ 	{tcs_wrap_ReleaseCounterOwner,"ReleaseCounterOwner", 0},
++ 	{tcs_wrap_ReadCurrentTicks,"ReadCurrentTicks", 0},
++ 	{tcs_wrap_TickStampBlob,"TicksStampBlob", 0}, /* 85 */
++ 	{tcs_wrap_GetCredential,"GetCredential", 0},
++ 	{tcs_wrap_NV_DefineOrReleaseSpace,"NVDefineOrReleaseSpace", 0},
++ 	{tcs_wrap_NV_WriteValue,"NVWriteValue", 0},
++ 	{tcs_wrap_NV_WriteValueAuth,"NVWriteValueAuth", 0},
++ 	{tcs_wrap_NV_ReadValue,"NVReadValue", 0}, /* 90 */
++ 	{tcs_wrap_NV_ReadValueAuth,"NVReadValueAuth", 0},
++ 	{tcs_wrap_EstablishTransport,"EstablishTransport", 0},
++ 	{tcs_wrap_ExecuteTransport,"ExecuteTransport", 0},
++ 	{tcs_wrap_ReleaseTransportSigned,"ReleaseTransportSigned", 0},
++ 	{tcs_wrap_SetOrdinalAuditStatus,"SetOrdinalAuditStatus", 0}, /* 95 */
++ 	{tcs_wrap_GetAuditDigest,"GetAuditDigest", 0},
++ 	{tcs_wrap_GetAuditDigestSigned,"GetAuditDigestSigned", 0},
++ 	{tcs_wrap_Sealx,"Sealx", 0},
++ 	{tcs_wrap_SetOperatorAuth,"SetOperatorAuth", TPM_ORD_SetOperatorAuth},
++ 	{tcs_wrap_OwnerReadInternalPub,"OwnerReadInternalPub", 0}, /* 100 */
++ 	{tcs_wrap_EnumRegisteredKeys2,"EnumRegisteredKeys2", 0},
++ 	{tcs_wrap_SetTempDeactivated2,"SetTempDeactivated2", 0},
++ 	{tcs_wrap_Delegate_Manage,"Delegate_Manage", 0},
++ 	{tcs_wrap_Delegate_CreateKeyDelegation,"Delegate_CreateKeyDelegation", 0},
++ 	{tcs_wrap_Delegate_CreateOwnerDelegation,"Delegate_CreateOwnerDelegation", 0}, /* 105 */
++ 	{tcs_wrap_Delegate_LoadOwnerDelegation,"Delegate_LoadOwnerDelegation", 0},
++ 	{tcs_wrap_Delegate_ReadTable,"Delegate_ReadTable", 0},
++ 	{tcs_wrap_Delegate_UpdateVerificationCount,"Delegate_UpdateVerificationCount", 0},
++ 	{tcs_wrap_Delegate_VerifyDelegation,"Delegate_VerifyDelegation", 0},
++ 	{tcs_wrap_CreateRevocableEndorsementKeyPair,"CreateRevocableEndorsementKeyPair", 0}, /* 110 */
++ 	{tcs_wrap_RevokeEndorsementKeyPair,"RevokeEndorsementKeyPair", 0},
++	{tcs_wrap_Error,"Error - was MakeIdentity2", 0},
++ 	{tcs_wrap_Quote2,"Quote2", 0},
++ 	{tcs_wrap_CMK_SetRestrictions,"CMK_SetRestrictions", 0},
++ 	{tcs_wrap_CMK_ApproveMA,"CMK_ApproveMA", 0}, /* 115 */
++ 	{tcs_wrap_CMK_CreateKey,"CMK_CreateKey", 0},
++ 	{tcs_wrap_CMK_CreateTicket,"CMK_CreateTicket", 0},
++ 	{tcs_wrap_CMK_CreateBlob,"CMK_CreateBlob", 0},
++ 	{tcs_wrap_CMK_ConvertMigration,"CMK_ConvertMigration", 0},
++ 	{tcs_wrap_FlushSpecific,"FlushSpecific", 0}, /* 120 */
++ 	{tcs_wrap_KeyControlOwner, "KeyControlOwner", 0},
++ 	{tcs_wrap_DSAP, "DSAP", 0}
++  };
+ int
+ access_control(struct tcsd_thread_data *thread_data)
+ {
[email protected]@ -562,11 +562,190 @@
+ 	return 1;
+ }
+ 
++#if defined (SOLARIS)
++
++#include <ucred.h>
++#include <bsm/adt.h>
++#include <bsm/adt_event.h>
++
++static void
++audit_tpm(UINT32 cmd, struct tcsd_thread_data *data)
++{
++	adt_session_data_t *ah = NULL;
++	adt_event_data_t *event = NULL;
++	ucred_t *uc = NULL;
++	int adterr, msgid;
++	int adtstatus = ADT_FAILURE;
++
++	if (getpeerucred(data->sock, &uc)) {
++		LogError("Audit Failed - getpeerucred failed (%s)",
++		    strerror(errno));
++		return;
++	}
++	if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0) {
++		LogError("Audit Failed - adt_start_session failed (%s)",
++		    strerror(errno));
++		goto end;
++	}
++
++	if (adt_set_from_ucred(ah, uc, ADT_NEW) != 0) {
++		LogError("Audit Failed - adt_set_from_ucred failed (%s)",
++		    strerror(errno));
++		goto end;
++	}
++
++	/*
++	 * NOTE: It is important that the ordering of the
++	 * error message definitions in the adt.xml IDL from the
++	 * libbsm library source matches the numerical ordering of
++	 * the TPM_E_* error codes in /usr/include/tss/tpm_error.h
++	 */
++	if (data->comm.hdr.u.result == TSS_SUCCESS) {
++		adtstatus = ADT_SUCCESS;
++		adterr = ADT_SUCCESS;
++		/*
++		 * Use literal value here until the
++		 * build system is updated with latest adt_event.h
++		 * 4102 = ADT_TPM_E_NO_MSG (build 123).
++		 * Change this later.
++		 */
++		msgid = 4102;
++	} else if (data->comm.hdr.u.result & TPM_E_NON_FATAL) {
++		/*
++		 * NON_FATAL TPM errors are masked (0x800) so they are not in numerical
++		 * sequence with the rest of the TPM errors.
++		 */
++		msgid = ADT_TPM_E_RETRY +
++		    (data->comm.hdr.u.result - TPM_E_RETRY);
++		adterr = ADT_FAIL_VALUE_PROGRAM;
++	} else {
++		msgid = ADT_TPM_E_AUTHFAIL +
++		    (data->comm.hdr.u.result - TPM_E_AUTHFAIL);
++		adterr = ADT_FAIL_VALUE_PROGRAM;
++	}
++	switch(cmd) {
++		case TPM_ORD_CertifySelfTest:
++			event = adt_alloc_event(ah, ADT_tpm_certifyselftest);
++			if (event != NULL)
++				event->adt_tpm_certifyselftest.message = msgid;
++			break;
++		case TPM_ORD_OwnerClear:
++			event = adt_alloc_event(ah, ADT_tpm_ownerclear);
++			if (event != NULL)
++				event->adt_tpm_ownerclear.message = msgid;
++			break;
++		case TPM_ORD_ContinueSelfTest:
++			event = adt_alloc_event(ah, ADT_tpm_continueselftest);
++			if (event != NULL)
++				event->adt_tpm_continueselftest.message = msgid;
++			break;
++		case TPM_ORD_DisableForceClear:
++			event = adt_alloc_event(ah, ADT_tpm_disableforceclear);
++			if (event != NULL)
++				event->adt_tpm_disableforceclear.message = msgid;
++			break;
++		case TPM_ORD_DisableOwnerClear:
++			event = adt_alloc_event(ah, ADT_tpm_disableownerclear);
++			if (event != NULL)
++				event->adt_tpm_disableownerclear.message = msgid;
++			break;
++		case TPM_ORD_FieldUpgrade:
++			event = adt_alloc_event(ah, ADT_tpm_fieldupgrade);
++			if (event != NULL)
++				event->adt_tpm_fieldupgrade.message = msgid;
++			break;
++		case TPM_ORD_ForceClear:
++			event = adt_alloc_event(ah, ADT_tpm_forceclear);
++			if (event != NULL)
++				event->adt_tpm_forceclear.message = msgid;
++			break;
++		case TPM_ORD_OwnerSetDisable:
++			event = adt_alloc_event(ah, ADT_tpm_ownersetdisable);
++			if (event != NULL)
++				event->adt_tpm_ownersetdisable.message = msgid;
++			break;
++		case TPM_ORD_PhysicalEnable:
++			event = adt_alloc_event(ah, ADT_tpm_physicalenable);
++			if (event != NULL)
++				event->adt_tpm_physicalenable.message = msgid;
++			break;
++		case TPM_ORD_PhysicalDisable:
++			event = adt_alloc_event(ah, ADT_tpm_physicaldisable);
++			if (event != NULL)
++				event->adt_tpm_physicaldisable.message = msgid;
++			break;
++		case TPM_ORD_PhysicalSetDeactivated:
++			event = adt_alloc_event(ah, ADT_tpm_physicaldeactivate);
++			if (event != NULL)
++				event->adt_tpm_physicaldeactivate.message = msgid;
++			break;
++		case TSC_ORD_PhysicalPresence:
++			event = adt_alloc_event(ah, ADT_tpm_physicalpresence);
++			if (event != NULL)
++				event->adt_tpm_physicalpresence.message = msgid;
++			break;
++		case TPM_ORD_ResetLockValue:
++			event = adt_alloc_event(ah, ADT_tpm_resetlockvalue);
++			if (event != NULL)
++				event->adt_tpm_resetlockvalue.message = msgid;
++			break;
++		case TPM_ORD_SelfTestFull:
++			event = adt_alloc_event(ah, ADT_tpm_selftestfull);
++			if (event != NULL)
++				event->adt_tpm_selftestfull.message = msgid;
++			break;
++		case TPM_ORD_SetOperatorAuth:
++			event = adt_alloc_event(ah, ADT_tpm_setoperatorauth);
++			if (event != NULL)
++				event->adt_tpm_setoperatorauth.message = msgid;
++			break;
++		case TPM_ORD_SetOwnerInstall:
++			event = adt_alloc_event(ah, ADT_tpm_setownerinstall);
++			if (event != NULL)
++				event->adt_tpm_setownerinstall.message = msgid;
++			break;
++		case TPM_ORD_SetTempDeactivated:
++			event = adt_alloc_event(ah, ADT_tpm_settempdeactivated);
++			if (event != NULL)
++				event->adt_tpm_settempdeactivated.message = msgid;
++			break;
++		case TPM_ORD_TakeOwnership:
++			event = adt_alloc_event(ah, ADT_tpm_takeownership);
++			if (event != NULL)
++				event->adt_tpm_takeownership.message = msgid;
++			break;
++		default:
++			/* command not audited */
++			goto end;	
++	}
++	if (event == NULL) {
++		LogError("Audit Failed - Failed to allocate event (%s)",
++		    strerror(errno));
++		goto end;
++	}
++
++	if (adt_put_event(event, adtstatus, adterr)) {
++		LogError("Audit Failed - Failed to put audit event (%s)",
++		    strerror(errno));
++	}
++
++end:
++	ucred_free(uc);
++	adt_free_event(event);
++	(void) adt_end_session(ah);
++	
++	return;
++}
++#endif /* SOLARIS */
++
+ TSS_RESULT
+ dispatchCommand(struct tcsd_thread_data *data)
+ {
+ 	UINT64 offset;
+ 	TSS_RESULT result;
++#if defined (SOLARIS)
++	UINT32 cmd;
++#endif
+ 
+ 	/* First, check the ordinal bounds */
+ 	if (data->comm.hdr.u.ordinal >= TCSD_MAX_NUM_ORDS) {
[email protected]@ -596,6 +775,9 @@
+ 	}
+ 
+ 	/* Now, dispatch */
++#if defined (SOLARIS)
++	cmd = tcs_func_table[data->comm.hdr.u.ordinal].ordinal;
++#endif
+ 	if ((result = tcs_func_table[data->comm.hdr.u.ordinal].Func(data)) == TSS_SUCCESS) {
+ 		/* set the comm buffer */
+ 		offset = 0;
[email protected]@ -607,6 +789,9 @@
+ 		LoadBlob_UINT32(&offset, data->comm.hdr.parm_size, data->comm.buf);
+ 		LoadBlob_UINT32(&offset, data->comm.hdr.parm_offset, data->comm.buf);
+ 	}
++#if defined (SOLARIS)
++	audit_tpm(cmd, data);
++#endif
+ 
+ 	return result;
+ 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/trousers/patches/tcs_rpc_tcstp_rpc_ps.c.patch	Wed Apr 18 10:38:45 2012 -0700
@@ -0,0 +1,54 @@
+--- src/tcs/rpc/tcstp/rpc_ps.c.orig	2011-03-23 11:01:54.707428173 -0700
++++ src/tcs/rpc/tcstp/rpc_ps.c	2011-03-23 11:27:00.753845441 -0700
[email protected]@ -26,6 +26,29 @@
+ #include "tcs_utils.h"
+ #include "rpc_tcstp_tcs.h"
+ 
++#ifdef SOLARIS
++#include <ucred.h>
++#include <errno.h>
++
++static TSS_RESULT
++verify_peer(struct tcsd_thread_data *data)
++{
++	ucred_t *uc = NULL;
++	if (getpeerucred(data->sock, &uc)) {
++		LogError("Failed to get peer credential (%s)",
++		    strerror(errno));
++		return TCSERR(TSS_E_TSP_AUTHFAIL);
++	}
++	if (ucred_geteuid(uc) != 0) {
++		LogError("Unauthorized attempt to modify a system key",
++		    strerror(errno));
++		ucred_free(uc);
++		return TCSERR(TSS_E_TSP_AUTHFAIL);
++	}
++	ucred_free(uc);
++	return (TSS_SUCCESS);
++}
++#endif
+ 
+ TSS_RESULT
+ tcs_wrap_RegisterKey(struct tcsd_thread_data *data)
[email protected]@ -38,6 +61,10 @@
+ 	UINT32 cVendorData;
+ 	BYTE *gbVendorData;
+ 	TSS_RESULT result;
++#ifdef SOLARIS
++	if ( (result = verify_peer(data)) != TSS_SUCCESS)
++		return (result);
++#endif
+ 
+ 	if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm))
+ 		return TCSERR(TSS_E_INTERNAL_ERROR);
[email protected]@ -99,6 +126,10 @@
+ 	TCS_CONTEXT_HANDLE hContext;
+ 	TSS_UUID uuid;
+ 	TSS_RESULT result;
++#ifdef SOLARIS
++	if ( (result = verify_peer(data)) != TSS_SUCCESS)
++		return (result);
++#endif
+ 
+ 	if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm))
+ 		return TCSERR(TSS_E_INTERNAL_ERROR);
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/trousers/patches/tcs_tcs_caps.c.patch	Wed Apr 18 10:38:45 2012 -0700
@@ -0,0 +1,21 @@
+--- src/tcs/tcs_caps.c.old	Wed Jun  9 13:20:44 2010
++++ src/tcs/tcs_caps.c	Fri Jul  1 16:26:51 2011
[email protected]@ -149,6 +149,7 @@
+ {
+ 	TSS_RESULT result;
+ 	UINT32 subCap, rv = 0;
++	UINT32 manuf;
+ 
+ 	if ((result = get_current_version(&p->version)))
+ 		goto err;
[email protected]@ -181,8 +182,9 @@
+ 
+ 	UINT32ToArray(TPM_CAP_PROP_MANUFACTURER, (BYTE *)&subCap);
+ 	if ((result = get_cap_uint32(TCPA_CAP_PROPERTY, (BYTE *)&subCap, sizeof(UINT32),
+-					(UINT32 *)&p->manufacturer)))
++					(UINT32 *)&manuf)))
+ 		goto err;
++	(void) memcpy(p->manufacturer, &manuf, sizeof (UINT32));
+ 
+ 	result = get_max_auths(&(p->num_auths));
+ 
--- a/components/trousers/patches/tcsd.8.in.patch	Tue Apr 17 13:35:22 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,76 +0,0 @@
---- man/man8/tcsd.8.in	2009-09-08 07:39:30.000000000 -0700
-+++ man/man8/tcsd.8.in.new	2010-09-16 08:13:25.613336616 -0700
[email protected]@ -74,12 +74,32 @@
- the TCS and stays valid across application lifetimes, \fBtcsd\fR restarts and 
- system resets. Data registered in system PS stays valid until an application 
- requests that it be removed. User PS files are by default stored as 
--/var/tpm/user.{pid} and the system PS file by default is /var/tpm/system.data. 
--The system PS file is initially created when ownership of the TPM is first 
--taken.
-+/var/user/$USERNAME/tpm/userps/user.data and the system PS file by default is
-+/var/tpm/system/system.data.  The system PS file is initially created when 
-+ownership of the TPM is first taken.
-+.PP
-+\fB/var/tpm/system/system.data\fR
-+.ad
-+.RS 4n
-+Contains the system PS (persistent storage) data controlled by the TCS.  By default,
-+the SRK key is installed in PS and does not require owner authorization to use.  If the
-+TPM has previously been provisioned and owner-auth is required to load the SRK,
-+then the /var/tpm/system/system.data.auth file should be moved to 
-+/var/tpm/system/system.data before starting the TCS (See NOTES).
-+.RE
-+.sp
-+.PP
-+\fB/var/tpm/system/system.data.auth\fR
-+.ad
-+.RS 4n
-+This is the default PS data file to use if the TPM has been previously 
-+configured to require owner-auth to access the SRK.  Copy this file 
-+to /var/tpm/system/system.data prior to starting the TCS if owner-auth is
-+needed, otherwise this file can be ignored.
-+.RE
- 
- .SH "CONFIGURATION"
--\fBtcsd\fR configuration is stored by default in /etc/tcsd.conf
-+\fBtcsd\fR configuration is stored by default in /etc/security/tcsd.conf
- 
- .SH "DEBUG OUTPUT"
- If TrouSerS has been compiled with debugging enabled, the debugging output
[email protected]@ -88,8 +108,9 @@
- .SH "DEVICE DRIVERS"
- .PP
- \fBtcsd\fR is compatible with the IBM Research TPM device driver available
--from http://www.research.ibm.com/gsal/tcpa and the TPM device driver available
--from http://sf.net/projects/tmpdd
-+from http://www.research.ibm.com/gsal/tcpa and the TPM device driver for 
-+Linux available from http://sf.net/projects/tmpdd.  It is also compatible 
-+with the TPM device driver for Solaris which is available in the driver/crypto/tpm package.
- 
- .SH "CONFORMING TO"
- .PP
[email protected]@ -98,7 +119,23 @@
- 
- .SH "SEE ALSO"
- .PP
--\fBtcsd.conf\fR(5)
-+\fBtcsd.conf\fR(5), \fBsvcadm\fR(1M), \fBsmf\fR(5)
-+
-+.SH "NOTES"
-+.sp
-+.LP
-+The \fBtcsd\fR service is managed by the service management facility, \fBsmf\fR(5), under
-+the service identifier:
-+.sp
-+.in +2
-+.nf
-+svc:/application/security/tcsd:default
-+.fi
-+.in -2
-+.sp
-+.LP
-+Administrative actions on this service, such as enabling, disabling, or requesting restart, can be
-+performed using \fBsvcadm\fR(1M). The service's status can be queried using the \fBsvcs\fR(1) command.
- 
- .SH "AUTHOR"
- Kent Yoder
--- a/components/trousers/patches/tcsd.conf.in.patch	Tue Apr 17 13:35:22 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,19 +0,0 @@
---- dist/tcsd.conf.in	Thu Jan 28 08:27:50 2010
-+++ dist/tcsd.conf.in.new	Fri Nov 18 10:35:22 2011
[email protected]@ -37,6 +37,7 @@
- #
- # firmware_log_file = /sys/kernel/security/tpm0/binary_bios_measurements
- #
-+firmware_log_file=/var/tpm/system/pcrevent.log
- 
- # Option: kernel_log_file
- # Values: Any absolute directory path
[email protected]@ -54,7 +55,7 @@
- # Description: A list of PCR indices that are manipulated only by the system
- #  firmware and therefore are not extended or logged by the TCSD.
- #
--# firmware_pcrs =
-+firmware_pcrs =0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,20,21
- #
- 
- # Option: kernel_pcrs
--- a/components/trousers/patches/tcsd.h.patch	Tue Apr 17 13:35:22 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,28 +0,0 @@
-*** src/include/tcsd.h.old	Fri Dec  5 07:47:11 2008
---- src/include/tcsd.h	Fri Dec  5 07:48:44 2008
-***************
-*** 48,61 ****
---- 48,70 ----
-  							of this TCS System */
-  };
-  
-+ #ifdef SOLARIS
-+ #define TCSD_CONFIG_FILE	"/etc/security/tcsd.conf"
-+ #else
-  #define TCSD_CONFIG_FILE	ETC_PREFIX "/tcsd.conf"
-+ #endif
-  
-  #define TSS_USER_NAME		"tss"
-  #define TSS_GROUP_NAME		"tss"
-  
-  #define TCSD_DEFAULT_MAX_THREADS	10
-+ #ifdef SOLARIS
-+ #define TCSD_DEFAULT_SYSTEM_PS_FILE	"/var/tpm/system/system.data"
-+ #define TCSD_DEFAULT_SYSTEM_PS_DIR	"/var/tpm/system"
-+ #else
-  #define TCSD_DEFAULT_SYSTEM_PS_FILE	VAR_PREFIX "/lib/tpm/system.data"
-  #define TCSD_DEFAULT_SYSTEM_PS_DIR	VAR_PREFIX "/lib/tpm"
-+ #endif /* SOLARIS */
-  #define TCSD_DEFAULT_FIRMWARE_LOG_FILE	"/sys/kernel/security/tpm0/binary_bios_measurements"
-  #define TCSD_DEFAULT_KERNEL_LOG_FILE	"/sys/kernel/security/ima/binary_runtime_measurements"
-  #define TCSD_DEFAULT_FIRMWARE_PCRS	0x00000000
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/trousers/patches/tcsd_Makefile.in.patch	Wed Apr 18 10:38:45 2012 -0700
@@ -0,0 +1,30 @@
+--- src/tcsd/Makefile.in.old	Thu Jan 28 13:56:46 2010
++++ src/tcsd/Makefile.in	Wed Mar  3 16:35:23 2010
[email protected]@ -47,7 +47,7 @@
+ mkinstalldirs = $(install_sh) -d
+ CONFIG_CLEAN_FILES =
+ CONFIG_CLEAN_VPATH_FILES =
+-am__installdirs = "$(DESTDIR)$(sbindir)"
++am__installdirs = "$(DESTDIR)$(libdir)"
+ PROGRAMS = $(sbin_PROGRAMS)
+ am_tcsd_OBJECTS = tcsd-svrside.$(OBJEXT) tcsd-tcsd_conf.$(OBJEXT) \
+ 	tcsd-tcsd_threads.$(OBJEXT) tcsd-platform.$(OBJEXT)
[email protected]@ -185,7 +185,7 @@
+ prefix = @[email protected]
+ program_transform_name = @[email protected]
+ psdir = @[email protected]
+-sbindir = @[email protected]
++sbindir = @[email protected]
+ sharedstatedir = @[email protected]
+ srcdir = @[email protected]
+ sysconfdir = @[email protected]
[email protected]@ -200,7 +200,8 @@
+ tcsd_CFLAGS = -DAPPID=\"TCSD\" -DVAR_PREFIX=\"@[email protected]\" \
+ 	-DETC_PREFIX=\"@[email protected]\" -I${top_srcdir}/src/include \
+ 	$(am__append_1) $(am__append_2)
+-tcsd_LDADD = ${top_builddir}/src/tcs/libtcs.a ${top_builddir}/src/tddl/libtddl.a -lpthread @[email protected]
++tcsd_LDADD = ${top_builddir}/src/tcs/libtcs.a ${top_builddir}/src/tddl/libtddl.a \
++	-lpthread -lbsm -lscf -lresolv @[email protected]
+ tcsd_SOURCES = svrside.c tcsd_conf.c tcsd_threads.c platform.c
+ all: all-am
+ 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/trousers/patches/tcsd_svrside.c.patch	Wed Apr 18 10:38:45 2012 -0700
@@ -0,0 +1,336 @@
+--- src/tcsd/svrside.c	2010-06-09 13:19:00.000000000 -0700
++++ src/tcsd/svrside.c	2012-04-11 14:37:28.993408000 -0700
[email protected]@ -27,6 +27,15 @@
+ #include <arpa/inet.h>
+ #include <errno.h>
+ #include <getopt.h>
++#ifdef SOLARIS
++#include <priv.h>
++#include <fcntl.h>
++#endif
++#ifndef HAVE_DAEMON
++#include <fcntl.h>
++#include <syslog.h>
++#endif
++
+ #include "trousers/tss.h"
+ #include "trousers_types.h"
+ #include "tcs_tsp.h"
[email protected]@ -44,6 +53,10 @@
+ static volatile int hup = 0, term = 0;
+ extern char *optarg;
+ 
++#ifdef SOLARIS
++static int get_event_log_from_kernel(void);
++#endif
++
+ static void
+ tcsd_shutdown(void)
+ {
[email protected]@ -170,6 +183,10 @@
+ 		(void)req_mgr_final();
+ 		return result;
+ 	}
++#ifdef SOLARIS
++	/* Not fatal if this fails */
++	(void) get_event_log_from_kernel();
++#endif
+ 
+ 	result = owner_evict_init();
+ 	if (result != TSS_SUCCESS) {
[email protected]@ -208,13 +225,169 @@
+ }
+ 
+ 
++#ifdef SOLARIS
++
++extern int get_device_fd(void);
++
++#define TPM_IOCTL_GETEVTABLE    1
++struct tpm_evtable_ioblk {
++	uint32_t	buflen;
++	caddr_t		buf;
++};
++
++static int
++store_eventlog(char *filename, struct tpm_evtable_ioblk *evlog)
++{
++	int fd;
++	int bytes = 0;
++
++	fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT, 0600);
++	if (fd == -1) {
++		LogError("Error opening logfile %s: %s", filename,
++		    strerror(errno));
++		return (-1);
++	}
++	while (bytes < evlog->buflen) {
++		int n;
++		n = write(fd, evlog->buf, evlog->buflen - bytes);
++		if (n == -1 && errno != EAGAIN) {
++			LogError("Error writing logfile %s: %s",
++			    filename, strerror(errno));
++			close(fd);
++			return (-1);
++		}
++		if (n != -1)
++			bytes += n;
++	}
++	close(fd);
++
++	return (0);
++}
++
++static int
++get_event_log_from_kernel(void)
++{
++	int fd = get_device_fd();
++	struct tpm_evtable_ioblk ioblk;
++
++	if (fd == -1)
++		return (-1);
++
++	(void) memset(&ioblk, 0, sizeof (ioblk));
++	if (ioctl(fd, TPM_IOCTL_GETEVTABLE, &ioblk)) {
++		LogDebug("Cannot get event log from kernel: %s",
++		    strerror(errno));
++		return (-1);
++	}
++	if (ioblk.buflen == 0)
++		return (0);
++
++	ioblk.buf = calloc(1, ioblk.buflen);
++	if (ioblk.buf == NULL) {
++		return (-1);
++	}
++	if (ioctl(fd, TPM_IOCTL_GETEVTABLE, &ioblk)) {
++		free(ioblk.buf);
++		LogDebug("Cannot get event log from kernel: %s",
++		    strerror(errno));
++		return (-1);
++	}
++
++	return (store_eventlog(tcsd_options.firmware_log_file, &ioblk));
++}
++
++/*
++ * For Solaris, make the tcsd privilege aware and drop
++ * risky privileges if they are not needed.
++ */
++static int
++drop_privs(void)
++{
++	priv_set_t *myprivs;
++	int rv;
++
++	/*
++	 * Drop unneeded privs such as fork/exec.
++	 *
++	 * Get "basic" privs and remove the ones we don't want.
++	 */
++	if ((myprivs = priv_str_to_set("basic", ",", NULL)) == NULL) {
++		LogError("priv_str_to_set failed: %s", strerror(errno));
++		return (1);
++	} else {
++		(void) priv_delset(myprivs, PRIV_PROC_EXEC);
++		(void) priv_delset(myprivs, PRIV_PROC_FORK);
++		(void) priv_delset(myprivs, PRIV_FILE_LINK_ANY);
++		(void) priv_delset(myprivs, PRIV_PROC_INFO);
++		(void) priv_delset(myprivs, PRIV_PROC_SESSION);
++		(void) priv_delset(myprivs, PRIV_PROC_SETID);
++
++		/* for auditing */
++		(void) priv_addset(myprivs, PRIV_PROC_AUDIT);
++
++		if ((rv = setppriv(PRIV_SET, PRIV_PERMITTED, myprivs)))
++			return (rv);
++		if ((rv = setppriv(PRIV_SET, PRIV_LIMIT, myprivs)))
++			return (rv);
++		if ((rv = setppriv(PRIV_SET, PRIV_INHERITABLE, myprivs)))
++			return (rv);
++
++		(void) priv_freeset(myprivs);
++	}
++	return (0);
++}
++#endif /* SOLARIS */
++
++#ifndef HAVE_DAEMON
++static int
++daemon(int nochdir, int noclose) {
++	int rv, fd;
++
++	if (!noclose) {
++		closelog();
++		closefrom(0);
++	}
++
++	switch (fork()) {
++		case -1: /* failure: parent process */
++			return (-1);
++		case 0: /* success: child process */
++			break;
++		default: /* success: parent process */
++		exit (0);
++	}
++
++	/* Create a new SID for the child process */
++	if (setsid() == -1)
++		return (-1);
++	/* Prevent cwd from being left open and unremovable */
++	if (!nochdir)
++		(void) chdir("/");
++	(void) umask(0);
++	/* Redirect stdin, stdout, and stderr to /dev/null */
++	if (!noclose && (fd = open("/dev/null", O_RDWR, 0)) != -1) {
++		(void) dup2(fd, STDIN_FILENO);
++		(void) dup2(fd, STDOUT_FILENO);
++		(void) dup2(fd, STDERR_FILENO);
++		if (fd > 2)
++			(void)close (fd);
++	}
++	return (0);
++}
++#endif /* !HAVE_DAEMON */
++
+ int
+ main(int argc, char **argv)
+ {
+-	struct sockaddr_in serv_addr, client_addr;
++	typedef union {
++		struct sockaddr_in in;
++		struct sockaddr_un un;
++	} sockaddr_un_in_t;
++	sockaddr_un_in_t serv_addr, client_addr;
++	int rv;
+ 	TSS_RESULT result;
+ 	int sd, newsd, c, option_index = 0;
+-	unsigned client_len;
++	unsigned client_len, serv_len;
+ 	char *hostname = NULL;
+ 	struct passwd *pwd;
+ 	struct hostent *client_hostent = NULL;
[email protected]@ -245,26 +418,49 @@
+ 	if ((result = tcsd_startup()))
+ 		return (int)result;
+ 
+-	sd = socket(AF_INET, SOCK_STREAM, 0);
+-	if (sd < 0) {
+-		LogError("Failed socket: %s", strerror(errno));
+-		return -1;
+-	}
++	if (tcsd_options.port == 0) { /* UNIX Domain socket */
++		/* Use UNIX Domain socket instead of TCP/IP socket */
++		sd = socket(AF_UNIX, SOCK_STREAM, 0);
++		if (sd < 0) {
++			LogError("Failed socket: %s", strerror(errno));
++			return -1;
++		}
++
++		memset(&serv_addr, 0, sizeof (serv_addr));
++		serv_addr.un.sun_family = AF_UNIX;
++		strncpy(serv_addr.un.sun_path, TCSD_DEFAULT_SOCKET,
++			sizeof (serv_addr.un.sun_path));
++
++	} else { /* TCP socket */
++		sd = socket(AF_INET, SOCK_STREAM, 0);
++		if (sd < 0) {
++			LogError("Failed socket: %s", strerror(errno));
++			return -1;
++		}
+ 
+-	memset(&serv_addr, 0, sizeof (serv_addr));
+-	serv_addr.sin_family = AF_INET;
+-	serv_addr.sin_port = htons(tcsd_options.port);
+-
+-	/* If no remote_ops are defined, restrict connections to localhost
+-	 * only at the socket. */
+-	if (tcsd_options.remote_ops[0] == 0)
+-		serv_addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+-	else
+-		serv_addr.sin_addr.s_addr = htonl(INADDR_ANY);
+-
+-	c = 1;
+-	setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &c, sizeof(c));
+-	if (bind(sd, (struct sockaddr *) &serv_addr, sizeof (serv_addr)) < 0) {
++		memset(&serv_addr, 0, sizeof (serv_addr));
++		serv_addr.in.sin_family = AF_INET;
++		serv_addr.in.sin_port = htons(tcsd_options.port);
++
++		/* If no remote_ops are defined, restrict connections to localhost
++		 * only at the socket. */
++		if (tcsd_options.remote_ops[0] == 0)
++			serv_addr.in.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
++		else
++			serv_addr.in.sin_addr.s_addr = htonl(INADDR_ANY);
++
++		c = 1;
++		setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &c, sizeof(c));
++	}
++
++	if (tcsd_options.port == 0) { /* UNIX Domain socket */
++		serv_len = (unsigned)sizeof(serv_addr.un);
++		client_len = (unsigned)sizeof(client_addr.un);
++	} else { /* TCP socket */
++		serv_len = (unsigned)sizeof(serv_addr.in);
++		client_len = (unsigned)sizeof(client_addr.in);
++	}
++	if (bind(sd, (struct sockaddr *) &serv_addr, serv_len) < 0) {
+ 		LogError("Failed bind: %s", strerror(errno));
+ 		return -1;
+ 	}
[email protected]@ -285,7 +481,6 @@
+ 		LogError("Failed listen: %s", strerror(errno));
+ 		return -1;
+ 	}
+-	client_len = (unsigned)sizeof(client_addr);
+ 	
+ 	if (getenv("TCSD_FOREGROUND") == NULL) {
+ 		if (daemon(0, 0) == -1) {
[email protected]@ -295,6 +490,12 @@
+ 		}
+ 	}
+ 
++#ifdef SOLARIS
++	/* For Solaris, drop privileges for security. */
++	if ((rv = drop_privs()))
++		return (rv);
++#endif /* SOLARIS */
++
+ 	LogInfo("%s: TCSD up and running.", PACKAGE_STRING);
+ 	do {
+ 		newsd = accept(sd, (struct sockaddr *) &client_addr, &client_len);
[email protected]@ -314,20 +515,22 @@
+ 		}
+ 		LogDebug("accepted socket %i", newsd);
+ 
+-		if ((client_hostent = gethostbyaddr((char *) &client_addr.sin_addr,
+-						    sizeof(client_addr.sin_addr),
++		if (tcsd_options.port != 0) { /* TCP socket */
++			if ((client_hostent = gethostbyaddr((char *) &client_addr.in.sin_addr,
++						    sizeof(client_addr.in.sin_addr),
+ 						    AF_INET)) == NULL) {
+-			char buf[16];
+-                        uint32_t addr = htonl(client_addr.sin_addr.s_addr);
++				char buf[16];
++				uint32_t addr = htonl(client_addr.in.sin_addr.s_addr);
+ 
+-                        snprintf(buf, 16, "%d.%d.%d.%d", (addr & 0xff000000) >> 24,
+-                                 (addr & 0x00ff0000) >> 16, (addr & 0x0000ff00) >> 8,
+-                                 addr & 0x000000ff);
++				snprintf(buf, 16, "%d.%d.%d.%d", (addr & 0xff000000) >> 24,
++					(addr & 0x00ff0000) >> 16, (addr & 0x0000ff00) >> 8,
++					addr & 0x000000ff);
+ 
+-			LogWarn("Host name for connecting IP %s could not be resolved", buf);
+-			hostname = strdup(buf);
+-		} else {
+-			hostname = strdup(client_hostent->h_name);
++				LogWarn("Host name for connecting IP %s could not be resolved", buf);
++				hostname = strdup(buf);
++			} else {
++				hostname = strdup(client_hostent->h_name);
++			}
+ 		}
+ 
+ 		tcsd_thread_create(newsd, hostname);
--- a/components/trousers/patches/tcstp_rpc.c.patch	Tue Apr 17 13:35:22 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,473 +0,0 @@
---- src/tcs/rpc/tcstp/rpc.c.orig	Fri Jun  5 12:45:50 2009
-+++ src/tcs/rpc/tcstp/rpc.c	Thu Sep 10 13:05:33 2009
[email protected]@ -385,134 +385,134 @@
- typedef struct tdDispatchTable {
- 	TSS_RESULT (*Func) (struct tcsd_thread_data *);
- 	const char *name;
-+	UINT32 ordinal;
- } DispatchTable;
- 
- DispatchTable tcs_func_table[TCSD_MAX_NUM_ORDS] = {
--	{tcs_wrap_Error,"Error"},   /* 0 */
--	{tcs_wrap_OpenContext,"OpenContext"},
--	{tcs_wrap_CloseContext,"CloseContext"},
--	{tcs_wrap_Error,"Error"},
--	{tcs_wrap_TCSGetCapability,"TCSGetCapability"},
--	{tcs_wrap_RegisterKey,"RegisterKey"}, /* 5 */
--	{tcs_wrap_UnregisterKey,"UnregisterKey"},
--	{tcs_wrap_EnumRegisteredKeys,"EnumRegisteredKeys"},
--	{tcs_wrap_Error,"Error"},
--	{tcs_wrap_GetRegisteredKeyBlob,"GetRegisteredKeyBlob"},
--	{tcs_wrap_GetRegisteredKeyByPublicInfo,"GetRegisteredKeyByPublicInfo"}, /* 10 */
--	{tcs_wrap_LoadKeyByBlob,"LoadKeyByBlob"},
--	{tcs_wrap_LoadKeyByUUID,"LoadKeyByUUID"},
--	{tcs_wrap_EvictKey,"EvictKey"},
--	{tcs_wrap_CreateWrapKey,"CreateWrapKey"},
--	{tcs_wrap_GetPubkey,"GetPubkey"}, /* 15 */
--	{tcs_wrap_MakeIdentity,"MakeIdentity"},
--	{tcs_wrap_LogPcrEvent,"LogPcrEvent"},
--	{tcs_wrap_GetPcrEvent,"GetPcrEvent"},
--	{tcs_wrap_GetPcrEventsByPcr,"GetPcrEventsByPcr"},
--	{tcs_wrap_GetPcrEventLog,"GetPcrEventLog"}, /* 20 */
--	{tcs_wrap_SetOwnerInstall,"SetOwnerInstall"},
--	{tcs_wrap_TakeOwnership,"TakeOwnership"},
--	{tcs_wrap_OIAP,"OIAP"},
--	{tcs_wrap_OSAP,"OSAP"},
--	{tcs_wrap_ChangeAuth,"ChangeAuth"}, /* 25 */
--	{tcs_wrap_ChangeAuthOwner,"ChangeAuthOwner"},
--	{tcs_wrap_Error,"Error"},
--	{tcs_wrap_Error,"Error"},
--	{tcs_wrap_TerminateHandle,"TerminateHandle"},
--	{tcs_wrap_ActivateIdentity,"ActivateIdentity"}, /* 30 */
--	{tcs_wrap_Extend,"Extend"},
--	{tcs_wrap_PcrRead,"PcrRead"},
--	{tcs_wrap_Quote,"Quote"},
--	{tcs_wrap_DirWriteAuth,"DirWriteAuth"},
--	{tcs_wrap_DirRead,"DirRead"}, /* 35 */
--	{tcs_wrap_Seal,"Seal"},
--	{tcs_wrap_UnSeal,"UnSeal"},
--	{tcs_wrap_UnBind,"UnBind"},
--	{tcs_wrap_CreateMigrationBlob,"CreateMigrationBlob"},
--	{tcs_wrap_ConvertMigrationBlob,"ConvertMigrationBlob"}, /* 40 */
--	{tcs_wrap_AuthorizeMigrationKey,"AuthorizeMigrationKey"},
--	{tcs_wrap_CertifyKey,"CertifyKey"},
--	{tcs_wrap_Sign,"Sign"},
--	{tcs_wrap_GetRandom,"GetRandom"},
--	{tcs_wrap_StirRandom,"StirRandom"}, /* 45 */
--	{tcs_wrap_GetCapability,"GetCapability"},
--	{tcs_wrap_Error,"Error"},
--	{tcs_wrap_GetCapabilityOwner,"GetCapabilityOwner"},
--	{tcs_wrap_CreateEndorsementKeyPair,"CreateEndorsementKeyPair"},
--	{tcs_wrap_ReadPubek,"ReadPubek"}, /* 50 */
--	{tcs_wrap_DisablePubekRead,"DisablePubekRead"},
--	{tcs_wrap_OwnerReadPubek,"OwnerReadPubek"},
--	{tcs_wrap_SelfTestFull,"SelfTestFull"},
--	{tcs_wrap_CertifySelfTest,"CertifySelfTest"},
--	{tcs_wrap_Error,"Error"}, /* 55 */
--	{tcs_wrap_GetTestResult,"GetTestResult"},
--	{tcs_wrap_OwnerSetDisable,"OwnerSetDisable"},
--	{tcs_wrap_OwnerClear,"OwnerClear"},
--	{tcs_wrap_DisableOwnerClear,"DisableOwnerClear"},
--	{tcs_wrap_ForceClear,"ForceClear"}, /* 60 */
--	{tcs_wrap_DisableForceClear,"DisableForceClear"},
--	{tcs_wrap_PhysicalDisable,"PhysicalDisable"},
--	{tcs_wrap_PhysicalEnable,"PhysicalEnable"},
--	{tcs_wrap_PhysicalSetDeactivated,"PhysicalSetDeactivated"},
--	{tcs_wrap_SetTempDeactivated,"SetTempDeactivated"}, /* 65 */
--	{tcs_wrap_PhysicalPresence,"PhysicalPresence"},
--	{tcs_wrap_Error,"Error"},
--	{tcs_wrap_Error,"Error"},
--	{tcs_wrap_CreateMaintenanceArchive,"CreateMaintenanceArchive"},
--	{tcs_wrap_LoadMaintenanceArchive,"LoadMaintenanceArchive"}, /* 70 */
--	{tcs_wrap_KillMaintenanceFeature,"KillMaintenanceFeature"},
--	{tcs_wrap_LoadManuMaintPub,"LoadManuMaintPub"},
--	{tcs_wrap_ReadManuMaintPub,"ReadManuMaintPub"},
--	{tcs_wrap_DaaJoin,"DaaJoin"},
--	{tcs_wrap_DaaSign,"DaaSign"}, /* 75 */
--	{tcs_wrap_SetCapability,"SetCapability"},
--	{tcs_wrap_ResetLockValue,"ResetLockValue"},
--	{tcs_wrap_PcrReset,"PcrReset"},
--	{tcs_wrap_ReadCounter,"ReadCounter"},
--	{tcs_wrap_CreateCounter,"CreateCounter"}, /* 80 */
--	{tcs_wrap_IncrementCounter,"IncrementCounter"},
--	{tcs_wrap_ReleaseCounter,"ReleaseCounter"},
--	{tcs_wrap_ReleaseCounterOwner,"ReleaseCounterOwner"},
--	{tcs_wrap_ReadCurrentTicks,"ReadCurrentTicks"},
--	{tcs_wrap_TickStampBlob,"TicksStampBlob"}, /* 85 */
--	{tcs_wrap_GetCredential,"GetCredential"},
--	{tcs_wrap_NV_DefineOrReleaseSpace,"NVDefineOrReleaseSpace"},
--	{tcs_wrap_NV_WriteValue,"NVWriteValue"},
--	{tcs_wrap_NV_WriteValueAuth,"NVWriteValueAuth"},
--	{tcs_wrap_NV_ReadValue,"NVReadValue"}, /* 90 */
--	{tcs_wrap_NV_ReadValueAuth,"NVReadValueAuth"},
--	{tcs_wrap_EstablishTransport,"EstablishTransport"},
--	{tcs_wrap_ExecuteTransport,"ExecuteTransport"},
--	{tcs_wrap_ReleaseTransportSigned,"ReleaseTransportSigned"},
--	{tcs_wrap_SetOrdinalAuditStatus,"SetOrdinalAuditStatus"}, /* 95 */
--	{tcs_wrap_GetAuditDigest,"GetAuditDigest"},
--	{tcs_wrap_GetAuditDigestSigned,"GetAuditDigestSigned"},
--	{tcs_wrap_Sealx,"Sealx"},
--	{tcs_wrap_SetOperatorAuth,"SetOperatorAuth"},
--	{tcs_wrap_OwnerReadInternalPub,"OwnerReadInternalPub"}, /* 100 */
--	{tcs_wrap_EnumRegisteredKeys2,"EnumRegisteredKeys2"},
--	{tcs_wrap_SetTempDeactivated2,"SetTempDeactivated2"},
--	{tcs_wrap_Delegate_Manage,"Delegate_Manage"},
--	{tcs_wrap_Delegate_CreateKeyDelegation,"Delegate_CreateKeyDelegation"},
--	{tcs_wrap_Delegate_CreateOwnerDelegation,"Delegate_CreateOwnerDelegation"}, /* 105 */
--	{tcs_wrap_Delegate_LoadOwnerDelegation,"Delegate_LoadOwnerDelegation"},
--	{tcs_wrap_Delegate_ReadTable,"Delegate_ReadTable"},
--	{tcs_wrap_Delegate_UpdateVerificationCount,"Delegate_UpdateVerificationCount"},
--	{tcs_wrap_Delegate_VerifyDelegation,"Delegate_VerifyDelegation"},
--	{tcs_wrap_CreateRevocableEndorsementKeyPair,"CreateRevocableEndorsementKeyPair"}, /* 110 */
--	{tcs_wrap_RevokeEndorsementKeyPair,"RevokeEndorsementKeyPair"},
--	{tcs_wrap_Error,"Error - was MakeIdentity2"},
--	{tcs_wrap_Quote2,"Quote2"},
--	{tcs_wrap_CMK_SetRestrictions,"CMK_SetRestrictions"},
--	{tcs_wrap_CMK_ApproveMA,"CMK_ApproveMA"}, /* 115 */
--	{tcs_wrap_CMK_CreateKey,"CMK_CreateKey"},
--	{tcs_wrap_CMK_CreateTicket,"CMK_CreateTicket"},
--	{tcs_wrap_CMK_CreateBlob,"CMK_CreateBlob"},
--	{tcs_wrap_CMK_ConvertMigration,"CMK_ConvertMigration"},
--	{tcs_wrap_FlushSpecific,"FlushSpecific"}, /* 120 */
--	{tcs_wrap_KeyControlOwner, "KeyControlOwner"},
--	{tcs_wrap_DSAP, "DSAP"}
--};
--
-+ 	{tcs_wrap_Error,"Error", 0},   /* 0 */
-+ 	{tcs_wrap_OpenContext,"OpenContext", 0},
-+ 	{tcs_wrap_CloseContext,"CloseContext", 0},
-+ 	{tcs_wrap_Error,"Error", 0},
-+ 	{tcs_wrap_TCSGetCapability,"TCSGetCapability", 0},
-+ 	{tcs_wrap_RegisterKey,"RegisterKey", 0}, /* 5 */
-+ 	{tcs_wrap_UnregisterKey,"UnregisterKey", 0},
-+ 	{tcs_wrap_EnumRegisteredKeys,"EnumRegisteredKeys", 0},
-+ 	{tcs_wrap_Error,"Error", 0},
-+ 	{tcs_wrap_GetRegisteredKeyBlob,"GetRegisteredKeyBlob", 0},
-+ 	{tcs_wrap_GetRegisteredKeyByPublicInfo,"GetRegisteredKeyByPublicInfo", 0}, /* 10 */
-+ 	{tcs_wrap_LoadKeyByBlob,"LoadKeyByBlob", 0},
-+ 	{tcs_wrap_LoadKeyByUUID,"LoadKeyByUUID", 0},
-+ 	{tcs_wrap_EvictKey,"EvictKey", 0},
-+ 	{tcs_wrap_CreateWrapKey,"CreateWrapKey", 0},
-+ 	{tcs_wrap_GetPubkey,"GetPubkey", 0}, /* 15 */
-+ 	{tcs_wrap_MakeIdentity,"MakeIdentity", 0},
-+ 	{tcs_wrap_LogPcrEvent,"LogPcrEvent", 0},
-+ 	{tcs_wrap_GetPcrEvent,"GetPcrEvent", 0},
-+ 	{tcs_wrap_GetPcrEventsByPcr,"GetPcrEventsByPcr", 0},
-+ 	{tcs_wrap_GetPcrEventLog,"GetPcrEventLog", 0}, /* 20 */
-+ 	{tcs_wrap_SetOwnerInstall,"SetOwnerInstall", TPM_ORD_SetOwnerInstall},
-+ 	{tcs_wrap_TakeOwnership,"TakeOwnership", TPM_ORD_TakeOwnership},
-+ 	{tcs_wrap_OIAP,"OIAP", 0},
-+ 	{tcs_wrap_OSAP,"OSAP", 0},
-+ 	{tcs_wrap_ChangeAuth,"ChangeAuth", 0}, /* 25 */
-+ 	{tcs_wrap_ChangeAuthOwner,"ChangeAuthOwner", 0},
-+ 	{tcs_wrap_Error,"Error", 0},
-+ 	{tcs_wrap_Error,"Error", 0},
-+ 	{tcs_wrap_TerminateHandle,"TerminateHandle", 0},
-+ 	{tcs_wrap_ActivateIdentity,"ActivateIdentity", 0}, /* 30 */
-+ 	{tcs_wrap_Extend,"Extend", 0},
-+ 	{tcs_wrap_PcrRead,"PcrRead", 0},
-+ 	{tcs_wrap_Quote,"Quote", 0},
-+ 	{tcs_wrap_DirWriteAuth,"DirWriteAuth", 0},
-+ 	{tcs_wrap_DirRead,"DirRead", 0}, /* 35 */
-+ 	{tcs_wrap_Seal,"Seal", 0},
-+ 	{tcs_wrap_UnSeal,"UnSeal", 0},
-+ 	{tcs_wrap_UnBind,"UnBind", 0},
-+ 	{tcs_wrap_CreateMigrationBlob,"CreateMigrationBlob", 0},
-+ 	{tcs_wrap_ConvertMigrationBlob,"ConvertMigrationBlob", 0}, /* 40 */
-+ 	{tcs_wrap_AuthorizeMigrationKey,"AuthorizeMigrationKey", 0},
-+ 	{tcs_wrap_CertifyKey,"CertifyKey", 0},
-+ 	{tcs_wrap_Sign,"Sign", 0},
-+ 	{tcs_wrap_GetRandom,"GetRandom", 0},
-+ 	{tcs_wrap_StirRandom,"StirRandom", 0}, /* 45 */
-+ 	{tcs_wrap_GetCapability,"GetCapability", 0},
-+ 	{tcs_wrap_Error,"Error", 0},
-+ 	{tcs_wrap_GetCapabilityOwner,"GetCapabilityOwner", 0},
-+ 	{tcs_wrap_CreateEndorsementKeyPair,"CreateEndorsementKeyPair", 0},
-+ 	{tcs_wrap_ReadPubek,"ReadPubek", 0}, /* 50 */
-+ 	{tcs_wrap_DisablePubekRead,"DisablePubekRead", 0},
-+ 	{tcs_wrap_OwnerReadPubek,"OwnerReadPubek", 0},
-+ 	{tcs_wrap_SelfTestFull,"SelfTestFull", TPM_ORD_SelfTestFull},
-+ 	{tcs_wrap_CertifySelfTest,"CertifySelfTest", TPM_ORD_CertifySelfTest},
-+ 	{tcs_wrap_Error,"Error", 0}, /* 55 */
-+ 	{tcs_wrap_GetTestResult,"GetTestResult", 0},
-+ 	{tcs_wrap_OwnerSetDisable,"OwnerSetDisable", TPM_ORD_OwnerSetDisable},
-+ 	{tcs_wrap_OwnerClear,"OwnerClear", TPM_ORD_OwnerClear},
-+ 	{tcs_wrap_DisableOwnerClear,"DisableOwnerClear", TPM_ORD_DisableOwnerClear},
-+ 	{tcs_wrap_ForceClear,"ForceClear", TPM_ORD_ForceClear}, /* 60 */
-+ 	{tcs_wrap_DisableForceClear,"DisableForceClear", TPM_ORD_DisableForceClear},
-+ 	{tcs_wrap_PhysicalDisable,"PhysicalDisable", TPM_ORD_PhysicalDisable},
-+ 	{tcs_wrap_PhysicalEnable,"PhysicalEnable", TPM_ORD_PhysicalEnable},
-+ 	{tcs_wrap_PhysicalSetDeactivated,"PhysicalSetDeactivated", TPM_ORD_PhysicalSetDeactivated},
-+ 	{tcs_wrap_SetTempDeactivated,"SetTempDeactivated", TPM_ORD_SetTempDeactivated}, /* 65 */
-+ 	{tcs_wrap_PhysicalPresence,"PhysicalPresence", TSC_ORD_PhysicalPresence},
-+ 	{tcs_wrap_Error,"Error", 0},
-+ 	{tcs_wrap_Error,"Error", 0},
-+ 	{tcs_wrap_CreateMaintenanceArchive,"CreateMaintenanceArchive", 0},
-+ 	{tcs_wrap_LoadMaintenanceArchive,"LoadMaintenanceArchive", 0}, /* 70 */
-+ 	{tcs_wrap_KillMaintenanceFeature,"KillMaintenanceFeature", 0},
-+ 	{tcs_wrap_LoadManuMaintPub,"LoadManuMaintPub", 0},
-+ 	{tcs_wrap_ReadManuMaintPub,"ReadManuMaintPub", 0},
-+ 	{tcs_wrap_DaaJoin,"DaaJoin", 0},
-+ 	{tcs_wrap_DaaSign,"DaaSign", 0}, /* 75 */
-+ 	{tcs_wrap_SetCapability,"SetCapability", 0},
-+ 	{tcs_wrap_ResetLockValue,"ResetLockValue", TPM_ORD_ResetLockValue},
-+ 	{tcs_wrap_PcrReset,"PcrReset", 0},
-+ 	{tcs_wrap_ReadCounter,"ReadCounter", 0},
-+ 	{tcs_wrap_CreateCounter,"CreateCounter", 0}, /* 80 */
-+ 	{tcs_wrap_IncrementCounter,"IncrementCounter", 0},
-+ 	{tcs_wrap_ReleaseCounter,"ReleaseCounter", 0},
-+ 	{tcs_wrap_ReleaseCounterOwner,"ReleaseCounterOwner", 0},
-+ 	{tcs_wrap_ReadCurrentTicks,"ReadCurrentTicks", 0},
-+ 	{tcs_wrap_TickStampBlob,"TicksStampBlob", 0}, /* 85 */
-+ 	{tcs_wrap_GetCredential,"GetCredential", 0},
-+ 	{tcs_wrap_NV_DefineOrReleaseSpace,"NVDefineOrReleaseSpace", 0},
-+ 	{tcs_wrap_NV_WriteValue,"NVWriteValue", 0},
-+ 	{tcs_wrap_NV_WriteValueAuth,"NVWriteValueAuth", 0},
-+ 	{tcs_wrap_NV_ReadValue,"NVReadValue", 0}, /* 90 */
-+ 	{tcs_wrap_NV_ReadValueAuth,"NVReadValueAuth", 0},
-+ 	{tcs_wrap_EstablishTransport,"EstablishTransport", 0},
-+ 	{tcs_wrap_ExecuteTransport,"ExecuteTransport", 0},
-+ 	{tcs_wrap_ReleaseTransportSigned,"ReleaseTransportSigned", 0},
-+ 	{tcs_wrap_SetOrdinalAuditStatus,"SetOrdinalAuditStatus", 0}, /* 95 */
-+ 	{tcs_wrap_GetAuditDigest,"GetAuditDigest", 0},
-+ 	{tcs_wrap_GetAuditDigestSigned,"GetAuditDigestSigned", 0},
-+ 	{tcs_wrap_Sealx,"Sealx", 0},
-+ 	{tcs_wrap_SetOperatorAuth,"SetOperatorAuth", TPM_ORD_SetOperatorAuth},
-+ 	{tcs_wrap_OwnerReadInternalPub,"OwnerReadInternalPub", 0}, /* 100 */
-+ 	{tcs_wrap_EnumRegisteredKeys2,"EnumRegisteredKeys2", 0},
-+ 	{tcs_wrap_SetTempDeactivated2,"SetTempDeactivated2", 0},
-+ 	{tcs_wrap_Delegate_Manage,"Delegate_Manage", 0},
-+ 	{tcs_wrap_Delegate_CreateKeyDelegation,"Delegate_CreateKeyDelegation", 0},
-+ 	{tcs_wrap_Delegate_CreateOwnerDelegation,"Delegate_CreateOwnerDelegation", 0}, /* 105 */
-+ 	{tcs_wrap_Delegate_LoadOwnerDelegation,"Delegate_LoadOwnerDelegation", 0},
-+ 	{tcs_wrap_Delegate_ReadTable,"Delegate_ReadTable", 0},
-+ 	{tcs_wrap_Delegate_UpdateVerificationCount,"Delegate_UpdateVerificationCount", 0},
-+ 	{tcs_wrap_Delegate_VerifyDelegation,"Delegate_VerifyDelegation", 0},
-+ 	{tcs_wrap_CreateRevocableEndorsementKeyPair,"CreateRevocableEndorsementKeyPair", 0}, /* 110 */
-+ 	{tcs_wrap_RevokeEndorsementKeyPair,"RevokeEndorsementKeyPair", 0},
-+	{tcs_wrap_Error,"Error - was MakeIdentity2", 0},
-+ 	{tcs_wrap_Quote2,"Quote2", 0},
-+ 	{tcs_wrap_CMK_SetRestrictions,"CMK_SetRestrictions", 0},
-+ 	{tcs_wrap_CMK_ApproveMA,"CMK_ApproveMA", 0}, /* 115 */
-+ 	{tcs_wrap_CMK_CreateKey,"CMK_CreateKey", 0},
-+ 	{tcs_wrap_CMK_CreateTicket,"CMK_CreateTicket", 0},
-+ 	{tcs_wrap_CMK_CreateBlob,"CMK_CreateBlob", 0},
-+ 	{tcs_wrap_CMK_ConvertMigration,"CMK_ConvertMigration", 0},
-+ 	{tcs_wrap_FlushSpecific,"FlushSpecific", 0}, /* 120 */
-+ 	{tcs_wrap_KeyControlOwner, "KeyControlOwner", 0},
-+ 	{tcs_wrap_DSAP, "DSAP", 0}
-+  };
- int
- access_control(struct tcsd_thread_data *thread_data)
- {
[email protected]@ -562,11 +562,190 @@
- 	return 1;
- }
- 
-+#if defined (SOLARIS)
-+
-+#include <ucred.h>
-+#include <bsm/adt.h>
-+#include <bsm/adt_event.h>
-+
-+static void
-+audit_tpm(UINT32 cmd, struct tcsd_thread_data *data)
-+{
-+	adt_session_data_t *ah = NULL;
-+	adt_event_data_t *event = NULL;
-+	ucred_t *uc = NULL;
-+	int adterr, msgid;
-+	int adtstatus = ADT_FAILURE;
-+
-+	if (getpeerucred(data->sock, &uc)) {
-+		LogError("Audit Failed - getpeerucred failed (%s)",
-+		    strerror(errno));
-+		return;
-+	}
-+	if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0) {
-+		LogError("Audit Failed - adt_start_session failed (%s)",
-+		    strerror(errno));
-+		goto end;
-+	}
-+
-+	if (adt_set_from_ucred(ah, uc, ADT_NEW) != 0) {
-+		LogError("Audit Failed - adt_set_from_ucred failed (%s)",
-+		    strerror(errno));
-+		goto end;
-+	}
-+
-+	/*
-+	 * NOTE: It is important that the ordering of the
-+	 * error message definitions in the adt.xml IDL from the
-+	 * libbsm library source matches the numerical ordering of
-+	 * the TPM_E_* error codes in /usr/include/tss/tpm_error.h
-+	 */
-+	if (data->comm.hdr.u.result == TSS_SUCCESS) {
-+		adtstatus = ADT_SUCCESS;
-+		adterr = ADT_SUCCESS;
-+		/*
-+		 * Use literal value here until the
-+		 * build system is updated with latest adt_event.h
-+		 * 4102 = ADT_TPM_E_NO_MSG (build 123).
-+		 * Change this later.
-+		 */
-+		msgid = 4102;
-+	} else if (data->comm.hdr.u.result & TPM_E_NON_FATAL) {
-+		/*
-+		 * NON_FATAL TPM errors are masked (0x800) so they are not in numerical
-+		 * sequence with the rest of the TPM errors.
-+		 */
-+		msgid = ADT_TPM_E_RETRY +
-+		    (data->comm.hdr.u.result - TPM_E_RETRY);
-+		adterr = ADT_FAIL_VALUE_PROGRAM;
-+	} else {
-+		msgid = ADT_TPM_E_AUTHFAIL +
-+		    (data->comm.hdr.u.result - TPM_E_AUTHFAIL);
-+		adterr = ADT_FAIL_VALUE_PROGRAM;
-+	}
-+	switch(cmd) {
-+		case TPM_ORD_CertifySelfTest:
-+			event = adt_alloc_event(ah, ADT_tpm_certifyselftest);
-+			if (event != NULL)
-+				event->adt_tpm_certifyselftest.message = msgid;
-+			break;
-+		case TPM_ORD_OwnerClear:
-+			event = adt_alloc_event(ah, ADT_tpm_ownerclear);
-+			if (event != NULL)
-+				event->adt_tpm_ownerclear.message = msgid;
-+			break;
-+		case TPM_ORD_ContinueSelfTest:
-+			event = adt_alloc_event(ah, ADT_tpm_continueselftest);
-+			if (event != NULL)
-+				event->adt_tpm_continueselftest.message = msgid;
-+			break;
-+		case TPM_ORD_DisableForceClear:
-+			event = adt_alloc_event(ah, ADT_tpm_disableforceclear);
-+			if (event != NULL)
-+				event->adt_tpm_disableforceclear.message = msgid;
-+			break;
-+		case TPM_ORD_DisableOwnerClear:
-+			event = adt_alloc_event(ah, ADT_tpm_disableownerclear);
-+			if (event != NULL)
-+				event->adt_tpm_disableownerclear.message = msgid;
-+			break;
-+		case TPM_ORD_FieldUpgrade:
-+			event = adt_alloc_event(ah, ADT_tpm_fieldupgrade);
-+			if (event != NULL)
-+				event->adt_tpm_fieldupgrade.message = msgid;
-+			break;
-+		case TPM_ORD_ForceClear:
-+			event = adt_alloc_event(ah, ADT_tpm_forceclear);
-+			if (event != NULL)
-+				event->adt_tpm_forceclear.message = msgid;
-+			break;
-+		case TPM_ORD_OwnerSetDisable:
-+			event = adt_alloc_event(ah, ADT_tpm_ownersetdisable);
-+			if (event != NULL)
-+				event->adt_tpm_ownersetdisable.message = msgid;
-+			break;
-+		case TPM_ORD_PhysicalEnable:
-+			event = adt_alloc_event(ah, ADT_tpm_physicalenable);
-+			if (event != NULL)
-+				event->adt_tpm_physicalenable.message = msgid;
-+			break;
-+		case TPM_ORD_PhysicalDisable:
-+			event = adt_alloc_event(ah, ADT_tpm_physicaldisable);
-+			if (event != NULL)
-+				event->adt_tpm_physicaldisable.message = msgid;
-+			break;
-+		case TPM_ORD_PhysicalSetDeactivated:
-+			event = adt_alloc_event(ah, ADT_tpm_physicaldeactivate);
-+			if (event != NULL)
-+				event->adt_tpm_physicaldeactivate.message = msgid;
-+			break;
-+		case TSC_ORD_PhysicalPresence:
-+			event = adt_alloc_event(ah, ADT_tpm_physicalpresence);
-+			if (event != NULL)
-+				event->adt_tpm_physicalpresence.message = msgid;
-+			break;
-+		case TPM_ORD_ResetLockValue:
-+			event = adt_alloc_event(ah, ADT_tpm_resetlockvalue);
-+			if (event != NULL)
-+				event->adt_tpm_resetlockvalue.message = msgid;
-+			break;
-+		case TPM_ORD_SelfTestFull:
-+			event = adt_alloc_event(ah, ADT_tpm_selftestfull);
-+			if (event != NULL)
-+				event->adt_tpm_selftestfull.message = msgid;
-+			break;
-+		case TPM_ORD_SetOperatorAuth:
-+			event = adt_alloc_event(ah, ADT_tpm_setoperatorauth);
-+			if (event != NULL)
-+				event->adt_tpm_setoperatorauth.message = msgid;
-+			break;
-+		case TPM_ORD_SetOwnerInstall:
-+			event = adt_alloc_event(ah, ADT_tpm_setownerinstall);
-+			if (event != NULL)
-+				event->adt_tpm_setownerinstall.message = msgid;
-+			break;
-+		case TPM_ORD_SetTempDeactivated:
-+			event = adt_alloc_event(ah, ADT_tpm_settempdeactivated);
-+			if (event != NULL)
-+				event->adt_tpm_settempdeactivated.message = msgid;
-+			break;
-+		case TPM_ORD_TakeOwnership:
-+			event = adt_alloc_event(ah, ADT_tpm_takeownership);
-+			if (event != NULL)
-+				event->adt_tpm_takeownership.message = msgid;
-+			break;
-+		default:
-+			/* command not audited */
-+			goto end;	
-+	}
-+	if (event == NULL) {
-+		LogError("Audit Failed - Failed to allocate event (%s)",
-+		    strerror(errno));
-+		goto end;
-+	}
-+
-+	if (adt_put_event(event, adtstatus, adterr)) {
-+		LogError("Audit Failed - Failed to put audit event (%s)",
-+		    strerror(errno));
-+	}
-+
-+end:
-+	ucred_free(uc);
-+	adt_free_event(event);
-+	(void) adt_end_session(ah);
-+	
-+	return;
-+}
-+#endif /* SOLARIS */
-+
- TSS_RESULT
- dispatchCommand(struct tcsd_thread_data *data)
- {
- 	UINT64 offset;
- 	TSS_RESULT result;
-+#if defined (SOLARIS)
-+	UINT32 cmd;
-+#endif
- 
- 	/* First, check the ordinal bounds */
- 	if (data->comm.hdr.u.ordinal >= TCSD_MAX_NUM_ORDS) {
[email protected]@ -596,6 +775,9 @@
- 	}
- 
- 	/* Now, dispatch */
-+#if defined (SOLARIS)
-+	cmd = tcs_func_table[data->comm.hdr.u.ordinal].ordinal;
-+#endif
- 	if ((result = tcs_func_table[data->comm.hdr.u.ordinal].Func(data)) == TSS_SUCCESS) {
- 		/* set the comm buffer */
- 		offset = 0;
[email protected]@ -607,6 +789,9 @@
- 		LoadBlob_UINT32(&offset, data->comm.hdr.parm_size, data->comm.buf);
- 		LoadBlob_UINT32(&offset, data->comm.hdr.parm_offset, data->comm.buf);
- 	}
-+#if defined (SOLARIS)
-+	audit_tpm(cmd, data);
-+#endif
- 
- 	return result;
- 
--- a/components/trousers/patches/tddl.c.patch	Tue Apr 17 13:35:22 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,93 +0,0 @@
---- src/tddl/tddl.c	Mon Apr 12 22:24:21 2010
-+++ src/tddl/tddl.c.new	Thu Sep 22 12:28:25 2011
[email protected]@ -18,13 +18,17 @@
- 
- #include "trousers/tss.h"
- #include "trousers_types.h"
-+#ifndef SOLARIS
- #include "linux/tpm.h"
-+#endif
- #include "tcslog.h"
- #include "tddl.h"
- 
- struct tpm_device_node tpm_device_nodes[] = {
-+#ifndef SOLARIS
- 	{"/dev/tpm0", TDDL_UNDEF, TDDL_UNDEF},
- 	{"/udev/tpm0", TDDL_UNDEF, TDDL_UNDEF},
-+#endif
- 	{"/dev/tpm", TDDL_UNDEF, TDDL_UNDEF},
- 	{NULL, 0, 0}
- };
[email protected]@ -42,6 +46,13 @@
- #include <netdb.h>
- #include <fcntl.h>
- 
-+#ifdef SOLARIS
-+int
-+get_device_fd()
-+{
-+	return (opened_device->fd);
-+}
-+#endif
- 
- int
- open_device()
[email protected]@ -63,7 +74,7 @@
- 	 
- 		
- 		fd = socket(AF_INET, SOCK_STREAM, 0);
--		if (fd > 0) {
-+		if (fd >= 0) {
- 			struct hostent *host = gethostbyname(tcp_device_hostname);
- 			if (host != NULL) {   
- 				struct sockaddr_in addr;
[email protected]@ -105,12 +116,16 @@
- 		/* tpm_device_paths is filled out in tddl.h */
- 		for (i = 0; tpm_device_nodes[i].path != NULL; i++) {
- 			errno = 0;
--			if ((fd = open(tpm_device_nodes[i].path, O_RDWR)) >= 0)
-+			if ((fd = open(tpm_device_nodes[i].path, O_RDWR)) >= 0) {
- 				break;
-+			} else {
-+				fprintf(stderr, "Error opening %s: %s\n",
-+				    tpm_device_nodes[i].path, strerror(errno));
-+			}
- 		}
- 	}
--	
--	if (fd > 0) {
-+
-+	if (fd >= 0) {
- 		opened_device = &(tpm_device_nodes[i]);
- 		tpm_device_nodes[i].fd = fd;
- 	}
[email protected]@ -181,11 +196,13 @@
- 			/* fall through */
- 		case TDDL_TRANSMIT_IOCTL:
- 			errno = 0;
-+#ifndef SOLARIS
- 			if ((sizeResult = ioctl(opened_device->fd, TPMIOC_TRANSMIT, txBuffer)) != -1) {
- 				opened_device->transmit = TDDL_TRANSMIT_IOCTL;
- 				break;
- 			}
- 			LogWarn("ioctl: (%d) %s", errno, strerror(errno));
-+#endif
- 			LogInfo("Falling back to Read/Write device support.");
- 			/* fall through */
- 		case TDDL_TRANSMIT_RW:
[email protected]@ -255,6 +272,7 @@
- 
- TSS_RESULT Tddli_Cancel(void)
- {
-+#ifndef SOLARIS
- 	int rc;
- 
- 	if (opened_device->transmit == TDDL_TRANSMIT_IOCTL) {
[email protected]@ -270,4 +288,7 @@
- 	} else {
- 		return TDDLERR(TSS_E_NOTIMPL);
- 	}
-+#else
-+	return TDDLERR(TSS_E_NOTIMPL);
-+#endif /* SOLARIS */
- }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/trousers/patches/tddl_tddl.c.patch	Wed Apr 18 10:38:45 2012 -0700
@@ -0,0 +1,93 @@
+--- src/tddl/tddl.c	Mon Apr 12 22:24:21 2010
++++ src/tddl/tddl.c.new	Thu Sep 22 12:28:25 2011
[email protected]@ -18,13 +18,17 @@
+ 
+ #include "trousers/tss.h"
+ #include "trousers_types.h"
++#ifndef SOLARIS
+ #include "linux/tpm.h"
++#endif
+ #include "tcslog.h"
+ #include "tddl.h"
+ 
+ struct tpm_device_node tpm_device_nodes[] = {
++#ifndef SOLARIS
+ 	{"/dev/tpm0", TDDL_UNDEF, TDDL_UNDEF},
+ 	{"/udev/tpm0", TDDL_UNDEF, TDDL_UNDEF},
++#endif
+ 	{"/dev/tpm", TDDL_UNDEF, TDDL_UNDEF},
+ 	{NULL, 0, 0}
+ };
[email protected]@ -42,6 +46,13 @@
+ #include <netdb.h>
+ #include <fcntl.h>
+ 
++#ifdef SOLARIS
++int
++get_device_fd()
++{
++	return (opened_device->fd);
++}
++#endif
+ 
+ int
+ open_device()
[email protected]@ -63,7 +74,7 @@
+ 	 
+ 		
+ 		fd = socket(AF_INET, SOCK_STREAM, 0);
+-		if (fd > 0) {
++		if (fd >= 0) {
+ 			struct hostent *host = gethostbyname(tcp_device_hostname);
+ 			if (host != NULL) {   
+ 				struct sockaddr_in addr;
[email protected]@ -105,12 +116,16 @@
+ 		/* tpm_device_paths is filled out in tddl.h */
+ 		for (i = 0; tpm_device_nodes[i].path != NULL; i++) {
+ 			errno = 0;
+-			if ((fd = open(tpm_device_nodes[i].path, O_RDWR)) >= 0)
++			if ((fd = open(tpm_device_nodes[i].path, O_RDWR)) >= 0) {
+ 				break;
++			} else {
++				fprintf(stderr, "Error opening %s: %s\n",
++				    tpm_device_nodes[i].path, strerror(errno));
++			}
+ 		}
+ 	}
+-	
+-	if (fd > 0) {
++
++	if (fd >= 0) {
+ 		opened_device = &(tpm_device_nodes[i]);
+ 		tpm_device_nodes[i].fd = fd;
+ 	}
[email protected]@ -181,11 +196,13 @@
+ 			/* fall through */
+ 		case TDDL_TRANSMIT_IOCTL:
+ 			errno = 0;
++#ifndef SOLARIS
+ 			if ((sizeResult = ioctl(opened_device->fd, TPMIOC_TRANSMIT, txBuffer)) != -1) {
+ 				opened_device->transmit = TDDL_TRANSMIT_IOCTL;
+ 				break;
+ 			}
+ 			LogWarn("ioctl: (%d) %s", errno, strerror(errno));
++#endif
+ 			LogInfo("Falling back to Read/Write device support.");
+ 			/* fall through */
+ 		case TDDL_TRANSMIT_RW:
[email protected]@ -255,6 +272,7 @@
+ 
+ TSS_RESULT Tddli_Cancel(void)
+ {
++#ifndef SOLARIS
+ 	int rc;
+ 
+ 	if (opened_device->transmit == TDDL_TRANSMIT_IOCTL) {
[email protected]@ -270,4 +288,7 @@
+ 	} else {
+ 		return TDDLERR(TSS_E_NOTIMPL);
+ 	}
++#else
++	return TDDLERR(TSS_E_NOTIMPL);
++#endif /* SOLARIS */
+ }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/trousers/patches/trspi_crypto_openssl_hash.c.patch	Wed Apr 18 10:38:45 2012 -0700
@@ -0,0 +1,87 @@
+--- src/trspi/crypto/openssl/hash.c.old	2011-05-09 06:20:09.505021734 -0700
++++ src/trspi/crypto/openssl/hash.c	2011-05-09 06:19:04.603252090 -0700
[email protected]@ -56,45 +56,21 @@
+ TSS_RESULT
+ Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
+ {
+-	EVP_MD_CTX md_ctx;
+-	unsigned int result_size;
+-	int rv;
++	Trspi_HashCtx ctx;
++	TSS_RESULT rv;
+ 
+-	switch (HashType) {
+-		case TSS_HASH_SHA1:
+-			rv = EVP_DigestInit(&md_ctx, EVP_sha1());
+-			break;
+-		default:
+-			rv = TSPERR(TSS_E_BAD_PARAMETER);
+-			goto out;
+-			break;
+-	}
++	rv = Trspi_HashInit(&ctx, HashType);
++	if (rv != TSS_SUCCESS)
++		return rv;
+ 
+-	if (rv != EVP_SUCCESS) {
+-		rv = TSPERR(TSS_E_INTERNAL_ERROR);
+-		goto err;
+-	}
+-
+-	rv = EVP_DigestUpdate(&md_ctx, Buf, BufSize);
+-	if (rv != EVP_SUCCESS) {
+-		rv = TSPERR(TSS_E_INTERNAL_ERROR);
+-		goto err;
++	rv = Trspi_HashUpdate(&ctx, BufSize, Buf);
++	if (rv != TSS_SUCCESS) {
++		EVP_MD_CTX_destroy(ctx.ctx);
++		return rv;
+ 	}
++	rv = Trspi_HashFinal(&ctx, Digest);
+ 
+-	result_size = EVP_MD_CTX_size(&md_ctx);
+-	rv = EVP_DigestFinal(&md_ctx, Digest, &result_size);
+-	if (rv != EVP_SUCCESS) {
+-		rv = TSPERR(TSS_E_INTERNAL_ERROR);
+-		goto err;
+-	} else
+-		rv = TSS_SUCCESS;
+-
+-	goto out;
+-
+-err:
+-	DEBUG_print_openssl_errors();
+-out:
+-        return rv;
++	return (rv);
+ }
+ 
+ TSS_RESULT
[email protected]@ -112,7 +88,8 @@
+ 			break;
+ 	}
+ 
+-	if ((ctx->ctx = malloc(sizeof(EVP_MD_CTX))) == NULL)
++	ctx->ctx = EVP_MD_CTX_create();
++	if (ctx->ctx == NULL)
+ 		return TSPERR(TSS_E_OUTOFMEMORY);
+ 
+ 	rv = EVP_DigestInit((EVP_MD_CTX *)ctx->ctx, (const EVP_MD *)md);
[email protected]@ -142,7 +119,7 @@
+ 	rv = EVP_DigestUpdate(ctx->ctx, data, size);
+ 	if (rv != EVP_SUCCESS) {
+ 		DEBUG_print_openssl_errors();
+-		free(ctx->ctx);
++		EVP_MD_CTX_destroy(ctx->ctx);
+ 		ctx->ctx = NULL;
+ 		return TSPERR(TSS_E_INTERNAL_ERROR);
+ 	}
[email protected]@ -164,7 +141,7 @@
+ 	if (rv != EVP_SUCCESS)
+ 		return TSPERR(TSS_E_INTERNAL_ERROR);
+ 
+-	free(ctx->ctx);
++	EVP_MD_CTX_destroy(ctx->ctx);
+ 	ctx->ctx = NULL;
+ 
+ 	return TSS_SUCCESS;
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/trousers/patches/tspi_ps_tspps.c.patch	Wed Apr 18 10:38:45 2012 -0700
@@ -0,0 +1,55 @@
+--- src/tspi/ps/tspps.c.orig	2011-03-24 13:06:14.607907754 -0700
++++ src/tspi/ps/tspps.c	2011-03-24 13:07:30.668528209 -0700
[email protected]@ -70,9 +70,12 @@
+ 	TSS_RESULT result;
+ 	char *file_name = NULL, *home_dir = NULL;
+ 	struct passwd *pwp;
+-#if (defined (__linux) || defined (linux) || defined(__GLIBC__))
++#if (defined (__linux) || defined (linux) || defined(__GLIBC__) || defined(SOLARIS))
+ 	struct passwd pw;
+ #endif
++#ifdef SOLARIS
++	char pwbuf[PASSWD_BUFSIZE];
++#endif
+ 	struct stat stat_buf;
+ 	char buf[PASSWD_BUFSIZE];
+ 	uid_t euid;
[email protected]@ -94,9 +97,16 @@
+          * in the user's home directory, which may be shared
+          * by multiple systems.
+          *
+-         * The directory path on Solaris is /var/tpm/userps/[EUID]/
++         * The directory path on Solaris is /var/user[USERNAME]/tpm/userps
+          */
+-        rc = snprintf(buf, sizeof (buf), "%s/%d", TSS_USER_PS_DIR, euid);
++
++	pwp = getpwuid_r(euid, &pw, pwbuf, sizeof (pwbuf));
++	if (pwp != NULL) {
++		rc = snprintf(buf, sizeof (buf), "/var/user/%s/tpm/userps",
++		    pwp->pw_name);
++	} else {
++		return TSPERR(TSS_E_INTERNAL_ERROR);
++	}
+ #else
+ 	setpwent();
+ 	while (1) {
[email protected]@ -142,7 +152,7 @@
+ 		if (errno == ENOENT) {
+ 			errno = 0;
+ 			/* Create the user's ps directory if it is not there. */
+-			if ((rc = mkdir(buf, 0700)) == -1) {
++			if ((rc = mkdirp(buf, 0700)) == -1) {
+ 				LogDebugFn("USER PS: Error creating dir: %s: %s", buf,
+ 					   strerror(errno));
+ 				result = TSPERR(TSS_E_INTERNAL_ERROR);
[email protected]@ -157,8 +167,8 @@
+ 
+ 	/* Directory exists or has been created, return the path to the file */
+ #if defined (SOLARIS)
+-	rc = snprintf(buf, sizeof (buf), "%s/%d/%s", TSS_USER_PS_DIR, euid,
+-		      TSS_USER_PS_FILE);
++	rc = snprintf(buf, sizeof (buf), "/var/user/%s/tpm/userps/%s",
++	    pwp->pw_name, TSS_USER_PS_FILE);
+ #else
+ 	rc = snprintf(buf, sizeof (buf), "%s/%s/%s", home_dir, TSS_USER_PS_DIR,
+ 		      TSS_USER_PS_FILE);
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/trousers/patches/tspi_rpc_hosttable.c.patch	Wed Apr 18 10:38:45 2012 -0700
@@ -0,0 +1,59 @@
+--- src/tspi/rpc/hosttable.c	2010-05-01 19:39:11.000000000 -0700
++++ src/tspi/rpc/hosttable.c	2012-03-23 16:21:30.018582000 -0700
[email protected]@ -22,7 +22,7 @@
+ struct host_table *ht = NULL;
+ 
+ TSS_RESULT
+-host_table_init()
++static host_table_init(void)
+ {
+ 	ht = calloc(1, sizeof(struct host_table));
+ 	if (ht == NULL) {
[email protected]@ -36,8 +36,7 @@
+ }
+ 
+ #ifdef SOLARIS
+-#pragma init(_init)
+-void _init(void)
++static void my_init(void)
+ #else
+ void __attribute__ ((constructor)) my_init(void)
+ #endif
[email protected]@ -46,11 +45,14 @@
+ 	__tspi_obj_list_init();
+ }
+ 
+-void
++static void
+ host_table_final()
+ {
+ 	struct host_table_entry *hte, *next = NULL;
+ 
++	if (ht == NULL) /* no host table to free */
++		return;
++
+ 	MUTEX_LOCK(ht->lock);
+ 
+ 	for (hte = ht->entries; hte; hte = next) {
[email protected]@ -70,8 +72,7 @@
+ }
+ 
+ #ifdef SOLARIS
+-#pragma fini(_fini)
+-void _fini(void)
++static void my_fini(void)
+ #else
+ void __attribute__ ((destructor)) my_fini(void)
+ #endif
[email protected]@ -79,6 +80,11 @@
+ 	host_table_final();
+ }
+ 
++#ifdef SOLARIS
++#pragma init(my_init)
++#pragma fini(my_fini)
++#endif
++
+ TSS_RESULT
+ __tspi_add_table_entry(TSS_HCONTEXT tspContext, BYTE *host, int type, struct host_table_entry **ret)
+ {
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/trousers/patches/tspi_rpc_tcstp_rpc.c.patch	Wed Apr 18 10:38:45 2012 -0700
@@ -0,0 +1,98 @@
+--- src/tspi/rpc/tcstp/rpc.c	2010-03-11 12:26:51.000000000 -0800
++++ src/tspi/rpc/tcstp/rpc.c	2012-04-11 14:28:08.181630000 -0700
[email protected]@ -345,41 +345,67 @@
+ 	BYTE *buffer;
+ 	TSS_RESULT result;
+ 
+-	struct sockaddr_in addr;
+-	struct hostent *hEnt = NULL;
++	if (get_port() == 0) { /* use UNIX Domain socket */
++		struct sockaddr_un addr;
+ 
+-	sd = socket(PF_INET, SOCK_STREAM, 0);
+-	if (sd == -1) {
+-		LogError("socket: %s", strerror(errno));
+-		result = TSPERR(TSS_E_COMM_FAILURE);
+-		goto err_exit;
+-	}
+-
+-	memset(&addr, 0, sizeof(addr));
+-	addr.sin_family = AF_INET;
+-	addr.sin_port = htons(get_port());
++		sd = socket(PF_UNIX, SOCK_STREAM, 0);
++		if (sd == -1) {
++			LogError("socket(PF_UNIX): %s", strerror(errno));
++			result = TSPERR(TSS_E_COMM_FAILURE);
++			goto err_exit;
++		}
+ 
+-	LogDebug("Sending TSP packet to host %s.", hte->hostname);
++		memset(&addr, 0, sizeof(addr));
++		addr.sun_family = AF_UNIX;
++		strncpy(addr.sun_path, TCSD_DEFAULT_SOCKET,
++			sizeof(addr.sun_path));
++
++		LogDebug("Connecting to UNIX Domain socket %s",
++			TCSD_DEFAULT_SOCKET);
++
++		if (connect(sd, (struct sockaddr *) &addr, sizeof (addr))) {
++			LogError("connect: %s", strerror(errno));
++			result = TSPERR(TSS_E_COMM_FAILURE);
++			goto err_exit;
++		}
+ 
+-	/* try to resolve by hostname first */
+-	hEnt = gethostbyname((char *)hte->hostname);
+-	if (hEnt == NULL) {
+-		/* if by hostname fails, try by dot notation */
+-		if (inet_aton((char *)hte->hostname, &addr.sin_addr) == 0) {
+-			LogError("hostname %s does not resolve to a valid address.", hte->hostname);
+-			result = TSPERR(TSS_E_CONNECTION_FAILED);
++	} else { /* use TCP socket */
++		struct sockaddr_in addr;
++		struct hostent *hEnt = NULL;
++
++		sd = socket(PF_INET, SOCK_STREAM, 0);
++		if (sd == -1) {
++			LogError("socket: %s", strerror(errno));
++			result = TSPERR(TSS_E_COMM_FAILURE);
+ 			goto err_exit;
+ 		}
+-	} else {
+-		memcpy(&addr.sin_addr, hEnt->h_addr_list[0], 4);
+-	}
+ 
+-	LogDebug("Connecting to %s", inet_ntoa(addr.sin_addr));
++		memset(&addr, 0, sizeof(addr));
++		addr.sin_family = AF_INET;
++		addr.sin_port = htons(get_port());
++
++		LogDebug("Sending TSP packet to host %s.", hte->hostname);
++
++		/* try to resolve by hostname first */
++		hEnt = gethostbyname((char *)hte->hostname);
++		if (hEnt == NULL) {
++			/* if by hostname fails, try by dot notation */
++			if (inet_aton((char *)hte->hostname, &addr.sin_addr) == 0) {
++				LogError("hostname %s does not resolve to a valid address.", hte->hostname);
++				result = TSPERR(TSS_E_CONNECTION_FAILED);
++				goto err_exit;
++			}
++		} else {
++			memcpy(&addr.sin_addr, hEnt->h_addr_list[0], 4);
++		}
+ 
+-	if (connect(sd, (struct sockaddr *) &addr, sizeof (addr))) {
+-		LogError("connect: %s", strerror(errno));
+-		result = TSPERR(TSS_E_COMM_FAILURE);
+-		goto err_exit;
++		LogDebug("Connecting to %s", inet_ntoa(addr.sin_addr));
++
++		if (connect(sd, (struct sockaddr *) &addr, sizeof (addr))) {
++			LogError("connect: %s", strerror(errno));
++			result = TSPERR(TSS_E_COMM_FAILURE);
++			goto err_exit;
++		}
+ 	}
+ 
+ 	if (send_to_socket(sd, hte->comm.buf, hte->comm.hdr.packet_size) < 0) {
--- a/components/trousers/patches/tspps.c.patch	Tue Apr 17 13:35:22 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,55 +0,0 @@
---- src/tspi/ps/tspps.c.orig	2011-03-24 13:06:14.607907754 -0700
-+++ src/tspi/ps/tspps.c	2011-03-24 13:07:30.668528209 -0700
[email protected]@ -70,9 +70,12 @@
- 	TSS_RESULT result;
- 	char *file_name = NULL, *home_dir = NULL;
- 	struct passwd *pwp;
--#if (defined (__linux) || defined (linux) || defined(__GLIBC__))
-+#if (defined (__linux) || defined (linux) || defined(__GLIBC__) || defined(SOLARIS))
- 	struct passwd pw;
- #endif
-+#ifdef SOLARIS
-+	char pwbuf[PASSWD_BUFSIZE];
-+#endif
- 	struct stat stat_buf;
- 	char buf[PASSWD_BUFSIZE];
- 	uid_t euid;
[email protected]@ -94,9 +97,16 @@
-          * in the user's home directory, which may be shared
-          * by multiple systems.
-          *
--         * The directory path on Solaris is /var/tpm/userps/[EUID]/
-+         * The directory path on Solaris is /var/user[USERNAME]/tpm/userps
-          */
--        rc = snprintf(buf, sizeof (buf), "%s/%d", TSS_USER_PS_DIR, euid);
-+
-+	pwp = getpwuid_r(euid, &pw, pwbuf, sizeof (pwbuf));
-+	if (pwp != NULL) {
-+		rc = snprintf(buf, sizeof (buf), "/var/user/%s/tpm/userps",
-+		    pwp->pw_name);
-+	} else {
-+		return TSPERR(TSS_E_INTERNAL_ERROR);
-+	}
- #else
- 	setpwent();
- 	while (1) {
[email protected]@ -142,7 +152,7 @@
- 		if (errno == ENOENT) {
- 			errno = 0;
- 			/* Create the user's ps directory if it is not there. */
--			if ((rc = mkdir(buf, 0700)) == -1) {
-+			if ((rc = mkdirp(buf, 0700)) == -1) {
- 				LogDebugFn("USER PS: Error creating dir: %s: %s", buf,
- 					   strerror(errno));
- 				result = TSPERR(TSS_E_INTERNAL_ERROR);
[email protected]@ -157,8 +167,8 @@
- 
- 	/* Directory exists or has been created, return the path to the file */
- #if defined (SOLARIS)
--	rc = snprintf(buf, sizeof (buf), "%s/%d/%s", TSS_USER_PS_DIR, euid,
--		      TSS_USER_PS_FILE);
-+	rc = snprintf(buf, sizeof (buf), "/var/user/%s/tpm/userps/%s",
-+	    pwp->pw_name, TSS_USER_PS_FILE);
- #else
- 	rc = snprintf(buf, sizeof (buf), "%s/%s/%s", home_dir, TSS_USER_PS_DIR,
- 		      TSS_USER_PS_FILE);
--- a/components/trousers/patches/tspps.h.patch	Tue Apr 17 13:35:22 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
---- src/include/tspps.h.old	2009-09-08 07:39:30.000000000 -0700
-+++ src/include/tspps.h	2010-09-16 08:09:37.980051068 -0700
[email protected]@ -13,13 +13,17 @@
- 
- #define PASSWD_BUFSIZE		4096
- 
-+#ifdef SOLARIS
-+#define TSS_USER_PS_DIR		"/var/user/"
-+#else
- #define TSS_USER_PS_DIR		".trousers"
-+#endif
- #define TSS_USER_PS_FILE	"user.data"
- 
- TSS_RESULT	   get_file(int *);
- int		   put_file(int);
--inline TSS_RESULT  read_data(int, void *, UINT32);
--inline TSS_RESULT  write_data(int, void *, UINT32);
-+TSS_RESULT         read_data(int, void *, UINT32);
-+TSS_RESULT         write_data(int, void *, UINT32);
- UINT32		   psfile_get_num_keys(int);
- TSS_RESULT	   psfile_get_parent_uuid_by_uuid(int, TSS_UUID *, TSS_UUID *);
- TSS_RESULT	   psfile_remove_key_by_uuid(int, TSS_UUID *);
--- a/components/trousers/patches/tss_defines.h.patch	Tue Apr 17 13:35:22 2012 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
---- src/include/tss/tss_defines.h.old	Tue May 31 07:39:12 2011
-+++ src/include/tss/tss_defines.h	Tue May 31 07:39:52 2011
[email protected]@ -1214,6 +1214,9 @@
- #define TSS_UUID_USK5 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 9}} // user storage key 5
- #define TSS_UUID_USK6 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 10}}// user storage key 6
- 
-+/* SOLARIS: Migratable Root Key UUID */
-+#define TSS_UUID_MRK {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 11}}
-+
- // macro to derive UUIDs for keys whose "OwnerEvict" key is set.
- #define TSS_UUID_OWNEREVICT(i) {0, 0, 0, 0, 0, {0, 0, 0, 0, 1, (i)}}
- 
--- a/components/trousers/tcsd.xml	Tue Apr 17 13:35:22 2012 -0700
+++ b/components/trousers/tcsd.xml	Wed Apr 18 10:38:45 2012 -0700
@@ -21,7 +21,7 @@
 
  CDDL HEADER END
 
- Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved.
 
         NOTE:  This service manifest is not editable; its contents will
         be overwritten by package or patch operations, including
@@ -38,20 +38,25 @@
 
 	<create_default_instance enabled='false' />
 	<single_instance/>
-	<!--
-	   Wait for network interfaces to be initialized.
-	-->
-        <dependency
-                name='network'
-                grouping='require_all'
-                restart_on='none'
-                type='service'>
-                <service_fmri value='svc:/milestone/network:default' />
-        </dependency> 
+
+	<!-- Wait for network interfaces to be initialized. -->
+	<dependency
+		name='network'
+		grouping='require_all'
+		restart_on='none'
+		type='service'>
+		<service_fmri value='svc:/milestone/network:default' />
+	</dependency>
 
-	<!--
-	   Wait for all local filesystems to be mounted.
-	-->
+	<!-- Need / & /usr filesystems mounted, /var mounted read/write -->
+	<dependency
+		name='filesystem'
+		grouping='require_all'
+		restart_on='none'
+		type='service'>
+		<service_fmri value='svc:/system/filesystem/minimal' />
+	</dependency>
+
         <exec_method
                 type='method'
                 name='stop'
@@ -77,8 +82,7 @@
 			value='solaris.smf.manage.tcsd' />
 		<propval name='value_authorization' type='astring'
 			value='solaris.smf.manage.tcsd' />
-        </property_group>
-
+	</property_group>
 
 	<property_group name='config' type='application'>
 		<propval
@@ -91,17 +95,17 @@
 			value='solaris.smf.value.tcsd' />
 	</property_group>
 
-        <stability value='Unstable' />
+	<stability value='Unstable' />
 
-        <template>
-                <common_name>
-                        <loctext xml:lang='C'>
-                                TCS Daemon
-                        </loctext>
-                </common_name>
-                <documentation>
-                        <manpage title='tcsd' section='8' />
-                </documentation>
-        </template>
+	<template>
+		<common_name>
+			<loctext xml:lang='C'>
+				TCS Daemon
+			</loctext>
+		</common_name>
+		<documentation>
+			<manpage title='tcsd' section='8' />
+		</documentation>
+	</template>
 </service>
 </service_bundle>
--- a/components/trousers/trousers.p5m	Tue Apr 17 13:35:22 2012 -0700
+++ b/components/trousers/trousers.p5m	Wed Apr 18 10:38:45 2012 -0700
@@ -189,7 +189,7 @@
 link path=usr/lib/libtspi.so target=libtspi.so.1.1.3
 link path=usr/lib/libtspi.so.1 target=libtspi.so.1.1.3
 #
-# libtspi requires 646%UTF-8.so in package unicode-core. This is for function
+# libtspi requires 646%UTF-8.so in package utf-8. This is for function
 # Trspi_Native_To_UNICODE() which calls iconv_open() to open this library.
 #
-depend fmri=pkg:/system/library/iconv/unicode-core type=require
+depend fmri=pkg:/system/library/iconv/utf-8 type=require