diff options
31 files changed, 1122 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile index cdf8f706cb73..f88f7ffca3ec 100644 --- a/security/Makefile +++ b/security/Makefile @@ -864,6 +864,7 @@ SUBDIR += tripwire SUBDIR += tripwire-131 SUBDIR += tripwire12 + SUBDIR += trousers SUBDIR += tthsum SUBDIR += tuntun SUBDIR += uberkey diff --git a/security/trousers/Makefile b/security/trousers/Makefile new file mode 100644 index 000000000000..ec55e05a502c --- /dev/null +++ b/security/trousers/Makefile @@ -0,0 +1,94 @@ +# New ports collection makefile for: trousers +# Date created: 18 Sep 2007 +# Whom: Sebastian Schuetz <sschuetz@fhm.edu> +# +# $FreeBSD$ +# + +PORTNAME= trousers +PORTVERSION= 0.3.6 +CATEGORIES= security +MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/${PORTVERSION} + +MAINTAINER= nork@FreeBSD.org +COMMENT= The open-source TCG Software Stack + +USE_GMAKE= YES +USE_ICONV= YES +USE_OPENSSL= YES +USE_LDCONFIG= YES +USE_AUTOTOOLS= autoconf:268 libtool:22 +GNU_CONFIGURE= YES +MAKE_JOBS_SAFE= YES + +USE_RC_SUBR= tcsd +SUB_FILES= pkg-message +SUB_LIST= USERS=${USERS} GROUPS=${GROUPS} + +USERS= _tss +GROUPS= _tss + +LICENSE= CPL +LICENSE_NAME= Common Public License +LICENSE_FILE= ${WRKSRC}/LICENSE +LICENSE_PERMS= ${_LICENSE_PERMS_DEFAULT} + +.include "Makefile.man" + +CONFIGURE_ARGS= --with-gui=none \ + --localstatedir=${PREFIX}/var \ + --with-tssuser=${USERS} --with-tssgroup=${GROUPS} + +OPTIONS= EMULATOR "Build for use with the tpm-emulator" off \ + DEBUG "Build with debugging flags" off + +WRKSRC= ${WRKDIR}/${DISTNAME} + +.include <bsd.port.pre.mk> + +.if defined(WITH_EMULATOR) +PKGNAMESUFFIX+= -no_tddl +LIB_DEPENDS+= tddl:${PORTSDIR}/security/tpm-emulator + +post-patch: + @${REINPLACE_CMD} -e 's|\.\./tddl/libtddl\.a|${LOCALBASE}/lib/libtddl\.a|g' ${WRKSRC}/src/tcs/Makefile.am + @${REINPLACE_CMD} -e 's|\.\./tddl/libtddl\.a|${LOCALBASE}/lib/libtddl\.a|g' ${WRKSRC}/src/tcs/Makefile.in + @${REINPLACE_CMD} -e 's|\.\./tddl/libtddl\.a|${LOCALBASE}/lib/libtddl\.a|g' ${WRKSRC}/src/tcsd/Makefile.am + @${REINPLACE_CMD} -e 's|\.\./tddl/libtddl\.a|${LOCALBASE}/lib/libtddl\.a|g' ${WRKSRC}/src/tcsd/Makefile.in + @${REINPLACE_CMD} -e 's|libtddl\.a||g' ${WRKSRC}/src/tddl/Makefile.in + @${REINPLACE_CMD} -e 's|libtddl\.a||g' ${WRKSRC}/src/tddl/Makefile.am + +# The emulator has already a libttddl.so, so comment out trousers' libtddl in the pkg-plist +PLIST_SUB+= TDDL="@comment " +.else +PKGNAMESUFFIX+= -tddl +CONFLICTS+= tpm-emulator-0* +PLIST_SUB+= TDDL="" +.endif + +.if defined(WITH_DEBUG) +PKGNAMESUFFIX+= -debug +CONFIGURE_ARGS+=--enable-debug +.endif + +pre-configure: + @cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} ${AUTORECONF} -i + +post-install: + @${MKDIR} ${EXAMPLESDIR} + @${INSTALL_DATA} -o ${USERS} -g ${GROUPS} -m 0600 \ + ${WRKSRC}/dist/tcsd.conf ${EXAMPLESDIR}/tcsd.conf + @[ -f ${PREFIX}/etc/tcsd.conf ] || \ + ${CP} -p ${EXAMPLESDIR}/tcsd.conf ${PREFIX}/etc/tcsd.conf + @${INSTALL} -d -o root -g ${GROUPS} -m 0700 /var/run/tpm + @${INSTALL} -d -o root -g ${GROUPS} -m 0700 /var/run/ima + @${INSTALL} -d -o root -g ${GROUPS} -m 0700 ${PREFIX}/var/lib/tpm + @${CAT} ${PKGMESSAGE} + +add-plist-post: + @${ECHO_CMD} "@unexec ${RMDIR} /var/run/tpm 2>/dev/null || true" >> ${TMPPLIST} + @${ECHO_CMD} "@exec ${INSTALL} -d -o root -g ${GROUPS} -m 0700 /var/run/tpm" >> ${TMPPLIST} + @${ECHO_CMD} "@unexec ${RMDIR} /var/run/ima 2>/dev/null || true" >> ${TMPPLIST} + @${ECHO_CMD} "@exec ${INSTALL} -d -o root -g ${GROUPS} -m 0700 /var/run/ima" >> ${TMPPLIST} + +.include <bsd.port.post.mk> diff --git a/security/trousers/Makefile.man b/security/trousers/Makefile.man new file mode 100644 index 000000000000..f7cca6323a16 --- /dev/null +++ b/security/trousers/Makefile.man @@ -0,0 +1,90 @@ +MAN3= Tspi_ChangeAuth.3 \ + Tspi_ChangeAuthAsym.3 \ + Tspi_Context_Close.3 \ + Tspi_Context_CloseObject.3 \ + Tspi_Context_Connect.3 \ + Tspi_Context_Create.3 \ + Tspi_Context_CreateObject.3 \ + Tspi_Context_FreeMemory.3 \ + Tspi_Context_GetCapability.3 \ + Tspi_Context_GetDefaultPolicy.3 \ + Tspi_Context_GetKeyByPublicInfo.3 \ + Tspi_Context_GetKeyByUUID.3 \ + Tspi_Context_GetRegisteredKeysByUUID.3 \ + Tspi_Context_GetRegisteredKeysByUUID2.3 \ + Tspi_Context_GetTpmObject.3 \ + Tspi_Context_LoadKeyByBlob.3 \ + Tspi_Context_LoadKeyByUUID.3 \ + Tspi_Context_RegisterKey.3 \ + Tspi_Context_UnregisterKey.3 \ + Tspi_DAA_IssueCredential.3 \ + Tspi_DAA_IssueInit.3 \ + Tspi_DAA_IssueSetup.3 \ + Tspi_DAA_IssuerKeyVerification.3 \ + Tspi_DAA_VerifyInit.3 \ + Tspi_DAA_VerifySignature.3 \ + Tspi_Data_Bind.3 \ + Tspi_Data_Seal.3 \ + Tspi_Data_Unbind.3 \ + Tspi_Data_Unseal.3 \ + Tspi_DecodeBER_TssBlob.3 \ + Tspi_EncodeDER_TssBlob.3 \ + Tspi_GetAttribData.3 \ + Tspi_GetAttribUint32.3 \ + Tspi_GetPolicyObject.3 \ + Tspi_Hash_GetHashValue.3 \ + Tspi_Hash_SetHashValue.3 \ + Tspi_Hash_Sign.3 \ + Tspi_Hash_UpdateHashValue.3 \ + Tspi_Hash_VerifySignature.3 \ + Tspi_Key_CertifyKey.3 \ + Tspi_Key_ConvertMigrationBlob.3 \ + Tspi_Key_CreateKey.3 \ + Tspi_Key_CreateMigrationBlob.3 \ + Tspi_Key_GetPubKey.3 \ + Tspi_Key_LoadKey.3 \ + Tspi_Key_UnloadKey.3 \ + Tspi_Key_WrapKey.3 \ + Tspi_PcrComposite_GetPcrValue.3 \ + Tspi_PcrComposite_SelectPcrIndex.3 \ + Tspi_PcrComposite_SetPcrValue.3 \ + Tspi_Policy_AssignToObject.3 \ + Tspi_Policy_FlushSecret.3 \ + Tspi_Policy_SetSecret.3 \ + Tspi_SetAttribData.3 \ + Tspi_SetAttribUint32.3 \ + Tspi_TPM_AuthorizeMigrationTicket.3 \ + Tspi_TPM_CertifySelfTest.3 \ + Tspi_TPM_CheckMaintenancePubKey.3 \ + Tspi_TPM_ClearOwner.3 \ + Tspi_TPM_CollateIdentityRequest.3 \ + Tspi_TPM_CreateEndorsementKey.3 \ + Tspi_TPM_CreateMaintenanceArchive.3 \ + Tspi_TPM_CMKSetRestrictions.3 \ + Tspi_TPM_DAA_JoinCreateDaaPubKey.3 \ + Tspi_TPM_DAA_JoinInit.3 \ + Tspi_TPM_DAA_JoinStoreCredential.3 \ + Tspi_TPM_DAA_Sign.3 \ + Tspi_TPM_DirRead.3 \ + Tspi_TPM_DirWrite.3 \ + Tspi_TPM_GetAuditDigest.3 \ + Tspi_TPM_GetCapability.3 \ + Tspi_TPM_GetEvent.3 \ + Tspi_TPM_GetEventLog.3 \ + Tspi_TPM_GetEvents.3 \ + Tspi_TPM_GetPubEndorsementKey.3 \ + Tspi_TPM_GetRandom.3 \ + Tspi_TPM_GetStatus.3 \ + Tspi_TPM_GetTestResult.3 \ + Tspi_TPM_KillMaintenanceFeature.3 \ + Tspi_TPM_LoadMaintenancePubKey.3 \ + Tspi_TPM_OwnerGetSRKPubKey.3 \ + Tspi_TPM_PcrExtend.3 \ + Tspi_TPM_PcrRead.3 \ + Tspi_TPM_Quote.3 \ + Tspi_TPM_SelfTestFull.3 \ + Tspi_TPM_SetStatus.3 \ + Tspi_TPM_StirRandom.3 \ + Tspi_TPM_TakeOwnership.3 +MAN5= tcsd.conf.5 +MAN8= tcsd.8 diff --git a/security/trousers/distinfo b/security/trousers/distinfo new file mode 100644 index 000000000000..ec38fc52a373 --- /dev/null +++ b/security/trousers/distinfo @@ -0,0 +1,2 @@ +SHA256 (trousers-0.3.6.tar.gz) = 91025f60248af44df192e8df16fa6b0c0f1e48c54f6dc51626567ed95758b0d6 +SIZE (trousers-0.3.6.tar.gz) = 1335084 diff --git a/security/trousers/files/patch-configure.in b/security/trousers/files/patch-configure.in new file mode 100644 index 000000000000..ecdaa1d4d749 --- /dev/null +++ b/security/trousers/files/patch-configure.in @@ -0,0 +1,41 @@ +--- configure.in.orig 2010-07-09 05:35:18.000000000 +0900 ++++ configure.in 2010-10-24 22:31:30.040556068 +0900 +@@ -75,6 +75,21 @@ + [CFLAGS="$CFLAGS -ftest-coverage -fprofile-arcs" + AC_MSG_RESULT([*** Enabling gcov at user request ***])],) + ++# Check for tss user ++AC_ARG_WITH(tssuser, ++ [ --with-tssuser[[=USER]] set tss user [[tss]]], ++ [tss_user=$withval], ++ [tss_user=tss] ++) ++# Check for tss group ++AC_ARG_WITH(tssgroup, ++ [ --with-tssgroup[[=GROUP]] set tss group [[tss]]], ++ [tss_group=$withval], ++ [tss_group=tss] ++) ++AC_SUBST(TSS_USER_NAME, $tss_user) ++AC_SUBST(TSS_GROUP_NAME, $tss_group) ++ + # profiling support + AC_ARG_ENABLE(gprof, + [AC_HELP_STRING([--enable-gprof], [enable profiling with gprof [default=off]])], +@@ -352,6 +367,8 @@ + AC_C_BIGENDIAN([AC_DEFINE(_BIG_ENDIAN, 1, [big-endian host])]) + AC_CHECK_DECL(htole32, [AC_DEFINE(HTOLE_DEFINED, 1, [htole32 function is available])]) + AC_CHECK_HEADER(sys/byteorder.h, [AC_DEFINE(HAVE_BYTEORDER_H, 1, [sys/byteorder.h header])]) ++AC_CHECK_HEADER(endian.h, [AC_DEFINE(HAVE_ENDIAN_H, 1, [endian.h header])]) ++AC_CHECK_HEADER(sys/endian.h, [AC_DEFINE(HAVE_SYS_ENDIAN_H, 1, [sys/endian.h header])]) + AC_CHECK_FUNC(daemon, [ AC_DEFINE(HAVE_DAEMON, 1, [daemon function is available]) ]) + + if test "x${GCC}" = "xyes"; then +@@ -359,6 +376,7 @@ + fi + + CFLAGS="$CFLAGS -I../include \ ++ -DTSS_USER_NAME=\\\"$tss_user\\\" -DTSS_GROUP_NAME=\\\"$tss_group\\\" \ + -DTCSD_DEFAULT_PORT=${TCSD_DEFAULT_PORT} -DTSS_VER_MAJOR=${TSS_VER_MAJOR} \ + -DTSS_VER_MINOR=${TSS_VER_MINOR} -DTSS_SPEC_MAJOR=${TSS_SPEC_MAJOR} \ + -DTSS_SPEC_MINOR=${TSS_SPEC_MINOR}" diff --git a/security/trousers/files/patch-dist-Makefile.am b/security/trousers/files/patch-dist-Makefile.am new file mode 100644 index 000000000000..2604e06a3909 --- /dev/null +++ b/security/trousers/files/patch-dist-Makefile.am @@ -0,0 +1,20 @@ +--- dist/Makefile.am.orig 2010-03-12 05:41:54.000000000 +0900 ++++ dist/Makefile.am 2010-10-24 21:04:04.818560844 +0900 +@@ -1,17 +1,7 @@ + EXTRA_DIST = system.data.auth system.data.noauth \ + fedora/fedora.initrd.tcsd + install: install-exec-hook +- if test ! -e ${DESTDIR}/@sysconfdir@/tcsd.conf; then mkdir -p ${DESTDIR}/@sysconfdir@ && cp tcsd.conf ${DESTDIR}/@sysconfdir@; fi +- /bin/chown tss:tss ${DESTDIR}/@sysconfdir@/tcsd.conf || true +- /bin/chmod 0600 ${DESTDIR}/@sysconfdir@/tcsd.conf + + install-exec-hook: +- /usr/sbin/groupadd tss || true +- /usr/sbin/useradd -r tss -g tss || true +- /bin/sh -c 'if [ ! -e ${DESTDIR}/@localstatedir@/lib/tpm ];then mkdir -p ${DESTDIR}/@localstatedir@/lib/tpm; fi' +- /bin/chown tss:tss ${DESTDIR}/@localstatedir@/lib/tpm || true +- /bin/chmod 0700 ${DESTDIR}/@localstatedir@/lib/tpm + + uninstall-hook: +- /usr/sbin/userdel tss || true +- /usr/sbin/groupdel tss || true diff --git a/security/trousers/files/patch-dist-tcsd.conf.in b/security/trousers/files/patch-dist-tcsd.conf.in new file mode 100644 index 000000000000..4a2f9326fb7b --- /dev/null +++ b/security/trousers/files/patch-dist-tcsd.conf.in @@ -0,0 +1,20 @@ +--- dist/tcsd.conf.in.orig 2010-01-29 01:27:50.000000000 +0900 ++++ dist/tcsd.conf.in 2010-10-25 00:06:25.565556476 +0900 +@@ -35,7 +35,7 @@ + # log data. The interface to this log is usually provided by the TPM + # device driver. + # +-# firmware_log_file = /sys/kernel/security/tpm0/binary_bios_measurements ++# firmware_log_file = /var/run/tpm/binary_bios_measurements + # + + # Option: kernel_log_file +@@ -46,7 +46,7 @@ + # http://sf.net/projects/linux-ima for more info on getting IMA. + # + # +-# kernel_log_file = /sys/kernel/security/ima/binary_runtime_measurements ++# kernel_log_file = /var/run/ima/binary_runtime_measurements + # + + # Option: firmware_pcrs diff --git a/security/trousers/files/patch-src-include-biosem.h b/security/trousers/files/patch-src-include-biosem.h new file mode 100644 index 000000000000..88930505a225 --- /dev/null +++ b/security/trousers/files/patch-src-include-biosem.h @@ -0,0 +1,11 @@ +--- src/include/biosem.h.orig 2010-03-12 05:22:36.000000000 +0900 ++++ src/include/biosem.h 2010-10-24 21:04:04.820558727 +0900 +@@ -26,7 +26,7 @@ + UINT32 eventType; + BYTE digest[20]; + UINT32 eventDataSize; +- BYTE event[0];/* (eventSize) bytes of event data follows */ ++ BYTE event[1];/* (eventSize) bytes of event data follows */ + } TCG_PCClientPCREventStruc; + + #define EVLOG_SOURCE_BIOS 1 diff --git a/security/trousers/files/patch-src-include-linux-tpm.h b/security/trousers/files/patch-src-include-linux-tpm.h new file mode 100644 index 000000000000..49046f6027b1 --- /dev/null +++ b/security/trousers/files/patch-src-include-linux-tpm.h @@ -0,0 +1,11 @@ +--- src/include/linux/tpm.h.orig 2010-01-29 01:27:51.000000000 +0900 ++++ src/include/linux/tpm.h 2010-10-24 21:04:04.821560671 +0900 +@@ -20,6 +20,8 @@ + #include <linux/ioctl.h> + #elif (defined (__OpenBSD__) || defined (__FreeBSD__)) + #include <sys/ioctl.h> ++#elif (defined (SOLARIS)) ++#include <sys/ioccom.h> + #endif + + /* ioctl commands */ diff --git a/security/trousers/files/patch-src-include-tcs_tsp.h b/security/trousers/files/patch-src-include-tcs_tsp.h new file mode 100644 index 000000000000..675769ac4960 --- /dev/null +++ b/security/trousers/files/patch-src-include-tcs_tsp.h @@ -0,0 +1,16 @@ +--- src/include/tcs_tsp.h.orig 2010-01-29 01:27:51.000000000 +0900 ++++ src/include/tcs_tsp.h 2010-10-24 21:04:04.822560729 +0900 +@@ -79,7 +79,13 @@ + /* XXX Get rid of this, there's no reason to set an arbitrary limit */ + #define MAX_KEY_CHILDREN 10 + ++#ifndef STRUCTURE_PACKING_ATTRIBUTE ++#ifdef __GCC + #define STRUCTURE_PACKING_ATTRIBUTE __attribute__((packed)) ++#else ++#define STRUCTURE_PACKING_ATTRIBUTE /* */ ++#endif ++#endif + + #ifdef TSS_DEBUG + #define DBG_ASSERT(x) assert(x) diff --git a/security/trousers/files/patch-src-include-tcs_utils.h b/security/trousers/files/patch-src-include-tcs_utils.h new file mode 100644 index 000000000000..fcbe1d2f9d1c --- /dev/null +++ b/security/trousers/files/patch-src-include-tcs_utils.h @@ -0,0 +1,23 @@ +--- src/include/tcs_utils.h.orig 2010-01-29 01:27:51.000000000 +0900 ++++ src/include/tcs_utils.h 2010-10-24 21:04:04.824555399 +0900 +@@ -18,6 +18,20 @@ + #include "tcs_tsp.h" + #include "trousers_types.h" + ++ ++ ++/* ++ * XXX malloc wrapper ++ * ++ * Linux: malloc(0) => '\0' ++ * *BSD: malloc(0) => invalid to dereference ++ * ++ * => so wrap malloc(0) => calloc(1, 16) to create ++ * a 16Byte array containing '\0' ++ * ++ */ ++#define malloc(x) ((x) == 0 ? calloc(1, 16) : calloc(1, (x))) ++ + struct key_mem_cache + { + TCPA_KEY_HANDLE tpm_handle; diff --git a/security/trousers/files/patch-src-include-tcsd.h b/security/trousers/files/patch-src-include-tcsd.h new file mode 100644 index 000000000000..612d1b22e32f --- /dev/null +++ b/security/trousers/files/patch-src-include-tcsd.h @@ -0,0 +1,29 @@ +--- src/include/tcsd.h.orig 2010-05-03 11:54:15.000000000 +0900 ++++ src/include/tcsd.h 2010-10-24 22:28:52.708555289 +0900 +@@ -50,14 +50,22 @@ + + #define TCSD_CONFIG_FILE ETC_PREFIX "/tcsd.conf" + ++#ifndef TSS_USER_NAME + #define TSS_USER_NAME "tss" ++#endif ++#ifndef TSS_GROUP_NAME + #define TSS_GROUP_NAME "tss" ++#endif ++ ++#ifndef TPM_PREFIX ++#define TPM_PREFIX "/lib/tpm" ++#endif + + #define TCSD_DEFAULT_MAX_THREADS 10 +-#define TCSD_DEFAULT_SYSTEM_PS_FILE VAR_PREFIX "/lib/tpm/system.data" +-#define TCSD_DEFAULT_SYSTEM_PS_DIR VAR_PREFIX "/lib/tpm" +-#define TCSD_DEFAULT_FIRMWARE_LOG_FILE "/sys/kernel/security/tpm0/binary_bios_measurements" +-#define TCSD_DEFAULT_KERNEL_LOG_FILE "/sys/kernel/security/ima/binary_runtime_measurements" ++#define TCSD_DEFAULT_SYSTEM_PS_FILE VAR_PREFIX TPM_PREFIX "/system.data" ++#define TCSD_DEFAULT_SYSTEM_PS_DIR VAR_PREFIX TPM_PREFIX ++#define TCSD_DEFAULT_FIRMWARE_LOG_FILE "/var/run/tpm/binary_bios_measurements" ++#define TCSD_DEFAULT_KERNEL_LOG_FILE "/var/run/ima/binary_runtime_measurements" + #define TCSD_DEFAULT_FIRMWARE_PCRS 0x00000000 + #define TCSD_DEFAULT_KERNEL_PCRS 0x00000000 + diff --git a/security/trousers/files/patch-src-include-tcsd_ops.h b/security/trousers/files/patch-src-include-tcsd_ops.h new file mode 100644 index 000000000000..f98f11737b6c --- /dev/null +++ b/security/trousers/files/patch-src-include-tcsd_ops.h @@ -0,0 +1,11 @@ +--- src/include/tcsd_ops.h.orig 2010-01-29 01:27:51.000000000 +0900 ++++ src/include/tcsd_ops.h 2010-10-24 21:04:04.827558718 +0900 +@@ -123,7 +123,7 @@ + + struct tcsd_op { + char *name; +- int op[]; ++ int op[20]; + }; + + struct tcsd_op tcsd_op_seal = {"seal", {TCSD_OP_SEAL}}; diff --git a/security/trousers/files/patch-src-include-threads.h b/security/trousers/files/patch-src-include-threads.h new file mode 100644 index 000000000000..d0c40e55e9e7 --- /dev/null +++ b/security/trousers/files/patch-src-include-threads.h @@ -0,0 +1,11 @@ +--- src/include/threads.h.orig 2010-05-03 11:54:15.000000000 +0900 ++++ src/include/threads.h 2010-10-24 21:04:04.828558009 +0900 +@@ -31,7 +31,7 @@ + #define COND_SIGNAL(c) pthread_cond_signal(c) + + /* thread abstractions */ +-#define THREAD_ID ((THREAD_TYPE)pthread_self()) ++#define THREAD_ID (long int)((THREAD_TYPE)pthread_self()) + #define THREAD_TYPE pthread_t + #define THREAD_JOIN pthread_join + #define THREAD_DETACH pthread_detach diff --git a/security/trousers/files/patch-src-include-trousers_types.h b/security/trousers/files/patch-src-include-trousers_types.h new file mode 100644 index 000000000000..3fb3302cbf42 --- /dev/null +++ b/security/trousers/files/patch-src-include-trousers_types.h @@ -0,0 +1,42 @@ +--- src/include/trousers_types.h.orig 2010-05-20 02:45:55.000000000 +0900 ++++ src/include/trousers_types.h 2010-10-24 21:04:04.829561420 +0900 +@@ -11,6 +11,14 @@ + #ifndef _TROUSERS_TYPES_H_ + #define _TROUSERS_TYPES_H_ + ++#ifndef STRUCTURE_PACKING_ATTRIBUTE ++#ifdef __GCC ++#define STRUCTURE_PACKING_ATTRIBUTE __attribute__((packed)) ++#else ++#define STRUCTURE_PACKING_ATTRIBUTE /* */ ++#endif ++#endif ++ + #define TCPA_NONCE_SIZE sizeof(TCPA_NONCE) + #define TCPA_DIGEST_SIZE sizeof(TCPA_DIGEST) + #define TCPA_ENCAUTH_SIZE sizeof(TCPA_ENCAUTH) +@@ -100,7 +108,7 @@ + typedef struct tdTSS_KEY12_HDR { + TPM_STRUCTURE_TAG tag; + UINT16 fill; +-} __attribute__((packed)) TSS_KEY12_HDR; ++} STRUCTURE_PACKING_ATTRIBUTE TSS_KEY12_HDR; + + typedef struct tdTSS_KEY { + union { +@@ -118,11 +126,10 @@ + BYTE *encData; + } TSS_KEY; + +-#if (defined (__linux) || defined (linux) || defined (SOLARIS) || defined (__GLIBC__)) +-#define BSD_CONST +-#elif (defined (__OpenBSD__) || defined (__FreeBSD__)) ++#if defined (__FreeBSD__) + #define BSD_CONST const +-#endif +- ++#else ++#define BSD_CONST /* */ ++#endif + + #endif diff --git a/security/trousers/files/patch-src-include-tss-platform.h b/security/trousers/files/patch-src-include-tss-platform.h new file mode 100644 index 000000000000..45f830d74fab --- /dev/null +++ b/security/trousers/files/patch-src-include-tss-platform.h @@ -0,0 +1,11 @@ +--- src/include/tss/platform.h.orig 2010-01-29 01:27:51.000000000 +0900 ++++ src/include/tss/platform.h 2010-10-24 21:04:04.830556101 +0900 +@@ -15,7 +15,7 @@ + #if !defined(WIN32)
+ #include <stdint.h>
+ typedef uint8_t BYTE;
+- typedef int8_t TSS_BOOL;
++ typedef uint8_t TSS_BOOL;
+ typedef uint16_t UINT16;
+ typedef uint32_t UINT32;
+ typedef uint64_t UINT64;
diff --git a/security/trousers/files/patch-src-tcs-ps-ps_utils.c b/security/trousers/files/patch-src-tcs-ps-ps_utils.c new file mode 100644 index 000000000000..50dacf86d1e1 --- /dev/null +++ b/security/trousers/files/patch-src-tcs-ps-ps_utils.c @@ -0,0 +1,46 @@ +--- src/tcs/ps/ps_utils.c.orig 2010-07-01 00:15:00.000000000 +0900 ++++ src/tcs/ps/ps_utils.c 2010-10-24 21:04:04.832556427 +0900 +@@ -16,10 +16,18 @@ + #if defined(HAVE_BYTEORDER_H) + #include <sys/byteorder.h> + #elif defined(HTOLE_DEFINED) ++#if defined(HAVE_ENDIAN_H) + #include <endian.h> + #define LE_16 htole16 + #define LE_32 htole32 + #define LE_64 htole64 ++#endif ++#if defined(HAVE_SYS_ENDIAN_H) ++#include <sys/endian.h> ++#define LE_16 htole16 ++#define LE_32 htole32 ++#define LE_64 htole64 ++#endif + #else + #define LE_16(x) (x) + #define LE_32(x) (x) +@@ -39,6 +47,24 @@ + #include "tcs_utils.h" + #include "tcslog.h" + ++#ifndef LE_16 ++static UINT16 htole16(UINT16 x) ++{ ++ BYTE *b = &x; ++ return (UINT16) (b[0] + (b[1] << 8)); ++} ++#define LE_16 htole16 ++#endif ++ ++#ifndef LE_32 ++static UINT32 htole32(UINT32 x) ++{ ++ BYTE *b = &x; ++ return (UINT32) (b[0] + (b[1] << 8) + (b[2] << 16) + (b[3] << 24)); ++} ++#define LE_32 htole32 ++#endif ++ + struct key_disk_cache *key_disk_cache_head = NULL; + + diff --git a/security/trousers/files/patch-src-tcs-ps-tcsps.c b/security/trousers/files/patch-src-tcs-ps-tcsps.c new file mode 100644 index 000000000000..df56d1883a7f --- /dev/null +++ b/security/trousers/files/patch-src-tcs-ps-tcsps.c @@ -0,0 +1,67 @@ +--- src/tcs/ps/tcsps.c.orig 2010-05-02 11:39:11.000000000 +0900 ++++ src/tcs/ps/tcsps.c 2010-10-24 21:04:04.833559489 +0900 +@@ -24,6 +24,11 @@ + #define LE_16 htole16 + #define LE_32 htole32 + #define LE_64 htole64 ++#elif defined (HAVE_SYS_ENDIAN_H) ++#include <sys/endian.h> ++#define LE_16 htole16 ++#define LE_32 htole32 ++#define LE_64 htole64 + #else + #define LE_16(x) (x) + #define LE_32(x) (x) +@@ -33,6 +38,26 @@ + #include <fcntl.h> + #include <limits.h> + ++#ifdef __sun ++#define LOCK_EX F_LOCK ++#define LOCK_UN F_ULOCK ++#define flock(fd, func) lockf(fd, func, 0) ++#endif ++ ++#ifndef LOCK_SH ++#define LOCK_SH 1 /* shared lock */ ++#endif ++#ifndef LOCK_EX ++#define LOCK_EX 2 /* exclusive lock */ ++#endif ++#ifndef LOCK_NB ++#define LOCK_NB 4 /* don't block when locking */ ++#endif ++#ifndef LOCK_UN ++#define LOCK_UN 8 /* unlock */ ++#endif ++ ++ + #include "trousers/tss.h" + #include "trousers_types.h" + #include "tcsps.h" +@@ -43,6 +68,25 @@ + #include "tcsd_wrap.h" + #include "tcsd.h" + ++#ifndef LE_16 ++static UINT16 htole16(UINT16 x) ++{ ++ BYTE *b = &x; ++ return (UINT16) (b[0] + (b[1] << 8)); ++} ++#define LE_16 htole16 ++#endif ++ ++#ifndef LE_32 ++static UINT32 htole32(UINT32 x) ++{ ++ BYTE *b = &x; ++ return (UINT32) (b[0] + (b[1] << 8) + (b[2] << 16) + (b[3] << 24)); ++} ++#define LE_32 htole32 ++#endif ++ ++ + int system_ps_fd = -1; + MUTEX_DECLARE(disk_cache_lock); + diff --git a/security/trousers/files/patch-src-tcs-tcs_aik.c b/security/trousers/files/patch-src-tcs-tcs_aik.c new file mode 100644 index 000000000000..9520bf69fb38 --- /dev/null +++ b/security/trousers/files/patch-src-tcs-tcs_aik.c @@ -0,0 +1,11 @@ +--- src/tcs/tcs_aik.c.orig 2010-06-10 05:20:44.000000000 +0900 ++++ src/tcs/tcs_aik.c 2010-10-24 21:04:04.834556754 +0900 +@@ -66,7 +66,7 @@ + UnloadBlob_UINT16(offset, &key->size, blob); + + if (key->size > 0) { +- key->data = (BYTE *)malloc(key->size); ++ key->data = malloc(key->size); + if (key->data == NULL) { + LogError("malloc of %hu bytes failed.", key->size); + key->size = 0; diff --git a/security/trousers/files/patch-src-tcs-tcs_auth_mgr.c b/security/trousers/files/patch-src-tcs-tcs_auth_mgr.c new file mode 100644 index 000000000000..558f26ce5eaf --- /dev/null +++ b/security/trousers/files/patch-src-tcs-tcs_auth_mgr.c @@ -0,0 +1,29 @@ +--- src/tcs/tcs_auth_mgr.c.orig 2010-06-10 05:21:32.000000000 +0900 ++++ src/tcs/tcs_auth_mgr.c 2010-10-24 21:04:04.836560084 +0900 +@@ -108,7 +108,7 @@ + auth_mgr_swap_in() + { + if (auth_mgr.overflow[auth_mgr.of_tail] != NULL) { +- LogDebug("waking up thread %lddd, auth slot has opened", THREAD_ID); ++ LogDebug("waking up thread %ld, auth slot has opened", THREAD_ID); + /* wake up the next sleeping thread in order and increment tail */ + COND_SIGNAL(auth_mgr.overflow[auth_mgr.of_tail]); + auth_mgr.overflow[auth_mgr.of_tail] = NULL; +@@ -149,7 +149,7 @@ + auth_mgr.overflow[auth_mgr.of_head] = cond; + auth_mgr.of_head = (auth_mgr.of_head + 1) % auth_mgr.overflow_size; + /* go to sleep */ +- LogDebug("thread %lddd going to sleep until auth slot opens", THREAD_ID); ++ LogDebug("thread %ld going to sleep until auth slot opens", THREAD_ID); + auth_mgr.sleeping_threads++; + COND_WAIT(cond, &tcsp_lock); + auth_mgr.sleeping_threads--; +@@ -180,7 +180,7 @@ + auth_mgr.of_tail = 0; + auth_mgr.overflow[auth_mgr.of_head] = cond; + auth_mgr.of_head = (auth_mgr.of_head + 1) % auth_mgr.overflow_size; +- LogDebug("thread %lddd going to sleep until auth slot opens", THREAD_ID); ++ LogDebug("thread %ld going to sleep until auth slot opens", THREAD_ID); + auth_mgr.sleeping_threads++; + COND_WAIT(cond, &tcsp_lock); + auth_mgr.sleeping_threads--; diff --git a/security/trousers/files/patch-src-tcsd-svrside.c b/security/trousers/files/patch-src-tcsd-svrside.c new file mode 100644 index 000000000000..1edc2996c65f --- /dev/null +++ b/security/trousers/files/patch-src-tcsd-svrside.c @@ -0,0 +1,240 @@ +--- src/tcsd/svrside.c.orig 2010-06-10 05:19:00.000000000 +0900 ++++ src/tcsd/svrside.c 2010-10-24 21:04:04.838555802 +0900 +@@ -20,7 +20,6 @@ + #include <sys/stat.h> + #include <sys/socket.h> + #include <netdb.h> +-#include <pwd.h> + #if (defined (__OpenBSD__) || defined (__FreeBSD__)) + #include <netinet/in.h> + #endif +@@ -41,11 +40,9 @@ + + struct tcsd_config tcsd_options; + struct tpm_properties tpm_metrics; +-static volatile int hup = 0, term = 0; +-extern char *optarg; + +-static void +-tcsd_shutdown(void) ++void ++tcsd_shutdown() + { + /* order is important here: + * allow all threads to complete their current request */ +@@ -57,27 +54,44 @@ + EVENT_LOG_final(); + } + +-static void +-tcsd_signal_term(int signal) ++void ++tcsd_signal_int(int signal) + { +- term = 1; ++ switch (signal) { ++ case SIGINT: ++ LogInfo("Caught SIGINT. Cleaning up and exiting."); ++ break; ++ case SIGHUP: ++ LogInfo("Caught SIGHUP. Cleaning up and exiting."); ++ break; ++ default: ++ LogError("Caught signal %d (which I didn't register for!)." ++ " Ignoring.", signal); ++ break; ++ } ++ tcsd_shutdown(); ++ exit(signal); + } + + void +-tcsd_signal_hup(int signal) ++tcsd_signal_chld(int signal) + { +- hup = 1; ++ /* kill zombies */ ++ wait3(NULL, WNOHANG, NULL); + } + +-static TSS_RESULT +-signals_init(void) ++TSS_RESULT ++signals_init() + { + int rc; + sigset_t sigmask; +- struct sigaction sa; + + sigemptyset(&sigmask); +- if ((rc = sigaddset(&sigmask, SIGTERM))) { ++ if ((rc = sigaddset(&sigmask, SIGCHLD))) { ++ LogError("sigaddset: %s", strerror(errno)); ++ return TCSERR(TSS_E_INTERNAL_ERROR); ++ } ++ if ((rc = sigaddset(&sigmask, SIGINT))) { + LogError("sigaddset: %s", strerror(errno)); + return TCSERR(TSS_E_INTERNAL_ERROR); + } +@@ -91,25 +105,30 @@ + return TCSERR(TSS_E_INTERNAL_ERROR); + } + +- sa.sa_flags = 0; +- sigemptyset(&sa.sa_mask); +- sa.sa_handler = tcsd_signal_term; +- if ((rc = sigaction(SIGTERM, &sa, NULL))) { +- LogError("signal SIGTERM not registered: %s", strerror(errno)); ++ tcsd_sa_int.sa_handler = tcsd_signal_int; ++ tcsd_sa_chld.sa_handler = tcsd_signal_chld; ++ tcsd_sa_chld.sa_flags = SA_RESTART; ++ ++ if ((rc = sigaction(SIGINT, &tcsd_sa_int, NULL))) { ++ LogError("signal SIGINT not registered: %s", strerror(errno)); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + +- sa.sa_handler = tcsd_signal_hup; +- if ((rc = sigaction(SIGHUP, &sa, NULL))) { ++ if ((rc = sigaction(SIGHUP, &tcsd_sa_int, NULL))) { + LogError("signal SIGHUP not registered: %s", strerror(errno)); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + ++ if ((rc = sigaction(SIGCHLD, &tcsd_sa_chld, NULL))) { ++ LogError("signal SIGCHLD not registered: %s", strerror(errno)); ++ return TCSERR(TSS_E_INTERNAL_ERROR); ++ } ++ + return TSS_SUCCESS; + } + +-static TSS_RESULT +-tcsd_startup(void) ++TSS_RESULT ++tcsd_startup() + { + TSS_RESULT result; + +@@ -183,7 +202,6 @@ + return TSS_SUCCESS; + } + +- + void + usage(void) + { +@@ -195,19 +213,6 @@ + fprintf(stderr, "\n"); + } + +-static TSS_RESULT +-reload_config(void) +-{ +- TSS_RESULT result; +- hup = 0; +- +- // FIXME: reload the config - work in progress +- result = TSS_SUCCESS; +- +- return result; +-} +- +- + int + main(int argc, char **argv) + { +@@ -216,7 +221,6 @@ + int sd, newsd, c, option_index = 0; + unsigned client_len; + char *hostname = NULL; +- struct passwd *pwd; + struct hostent *client_hostent = NULL; + struct option long_options[] = { + {"help", 0, NULL, 'h'}, +@@ -245,6 +249,14 @@ + if ((result = tcsd_startup())) + return (int)result; + ++ if (getenv("TCSD_FOREGROUND") == NULL) { ++ if (daemon(0, 0) == -1) { ++ perror("daemon"); ++ tcsd_shutdown(); ++ return -1; ++ } ++ } ++ + sd = socket(AF_INET, SOCK_STREAM, 0); + if (sd < 0) { + LogError("Failed socket: %s", strerror(errno)); +@@ -268,51 +280,20 @@ + LogError("Failed bind: %s", strerror(errno)); + return -1; + } +-#ifndef SOLARIS +- pwd = getpwnam(TSS_USER_NAME); +- if (pwd == NULL) { +- if (errno == 0) { +- LogError("User \"%s\" not found, please add this user" +- " manually.", TSS_USER_NAME); +- } else { +- LogError("getpwnam(%s): %s", TSS_USER_NAME, strerror(errno)); +- } +- return TCSERR(TSS_E_INTERNAL_ERROR); +- } +- setuid(pwd->pw_uid); +-#endif + if (listen(sd, TCSD_MAX_SOCKETS_QUEUED) < 0) { + LogError("Failed listen: %s", strerror(errno)); + return -1; + } + client_len = (unsigned)sizeof(client_addr); + +- if (getenv("TCSD_FOREGROUND") == NULL) { +- if (daemon(0, 0) == -1) { +- perror("daemon"); +- tcsd_shutdown(); +- return -1; +- } +- } +- + LogInfo("%s: TCSD up and running.", PACKAGE_STRING); + do { + newsd = accept(sd, (struct sockaddr *) &client_addr, &client_len); ++ LogDebug("accepted socket %i", newsd); + if (newsd < 0) { +- if (errno == EINTR) { +- if (term) +- break; +- else if (hup) { +- if (reload_config() != TSS_SUCCESS) +- LogError("Failed reloading config"); +- } +- continue; +- } else { +- LogError("Failed accept: %s", strerror(errno)); +- continue; +- } ++ LogError("Failed accept: %s", strerror(errno)); ++ break; + } +- LogDebug("accepted socket %i", newsd); + + if ((client_hostent = gethostbyaddr((char *) &client_addr.sin_addr, + sizeof(client_addr.sin_addr), +@@ -332,12 +313,8 @@ + + tcsd_thread_create(newsd, hostname); + hostname = NULL; +- if (hup) { +- if (reload_config() != TSS_SUCCESS) +- LogError("Failed reloading config"); +- } +- } while (term ==0); ++ } while (1); + +- /* To close correctly, we must receive a SIGTERM */ +- return 0; ++ /* To close correctly, we must recieve a SIGHUP */ ++ return -1; + } diff --git a/security/trousers/files/patch-src-trspi-Makefile.am b/security/trousers/files/patch-src-trspi-Makefile.am new file mode 100644 index 000000000000..ab16997c76ba --- /dev/null +++ b/security/trousers/files/patch-src-trspi-Makefile.am @@ -0,0 +1,12 @@ +--- src/trspi/Makefile.am.orig 2010-03-12 05:41:54.000000000 +0900 ++++ src/trspi/Makefile.am 2010-10-24 21:04:04.839558584 +0900 +@@ -1,7 +1,8 @@ + noinst_LTLIBRARIES=libtrousers.la + + libtrousers_la_SOURCES=trousers.c crypto/@CRYPTO_PACKAGE@/hash.c +-libtrousers_la_CFLAGS=-DAPPID=\"TSPI\" -I${top_srcdir}/src/include ++libtrousers_la_CFLAGS=-DAPPID=\"TSPI\" -I${top_srcdir}/src/include \ ++ -I${LOCALBASE}/include -I@prefix@/include + + if TSS_BUILD_ASYM_CRYPTO + libtrousers_la_SOURCES+=crypto/@CRYPTO_PACKAGE@/rsa.c diff --git a/security/trousers/files/patch-src-tspi-Makefile.am b/security/trousers/files/patch-src-tspi-Makefile.am new file mode 100644 index 000000000000..a9971a2ea021 --- /dev/null +++ b/security/trousers/files/patch-src-tspi-Makefile.am @@ -0,0 +1,11 @@ +--- src/tspi/Makefile.am.orig 2010-03-12 05:41:54.000000000 +0900 ++++ src/tspi/Makefile.am 2010-10-24 21:04:04.840556827 +0900 +@@ -17,7 +17,7 @@ + # 5. If any interfaces have been added since the last public release, then increment age. + # 6. If any interfaces have been removed since the last public release, then set age to 0. + +-libtspi_la_LDFLAGS=-version-info 2:3:1 -lpthread @CRYPTOLIB@ ++libtspi_la_LDFLAGS=-version-info 2:3:1 -lpthread @CRYPTOLIB@ -L@prefix@/lib -liconv + + libtspi_la_CFLAGS=-I$(top_srcdir)/src/include -DAPPID=\"TSPI\" -DVAR_PREFIX=\"@localstatedir@\" -DETC_PREFIX=\"@sysconfdir@\" + diff --git a/security/trousers/files/patch-src-tspi-ps-ps_utils.c b/security/trousers/files/patch-src-tspi-ps-ps_utils.c new file mode 100644 index 000000000000..30cd5c164200 --- /dev/null +++ b/security/trousers/files/patch-src-tspi-ps-ps_utils.c @@ -0,0 +1,20 @@ +--- src/tspi/ps/ps_utils.c.orig 2010-01-29 01:27:51.000000000 +0900 ++++ src/tspi/ps/ps_utils.c 2010-10-24 21:04:04.841558702 +0900 +@@ -22,7 +22,7 @@ + #include "tspps.h" + #include "tsplog.h" + +-inline TSS_RESULT ++TSS_RESULT + read_data(int fd, void *data, UINT32 size) + { + int rc; +@@ -39,7 +39,7 @@ + return TSS_SUCCESS; + } + +-inline TSS_RESULT ++TSS_RESULT + write_data(int fd, void *data, UINT32 size) + { + int rc; diff --git a/security/trousers/files/patch-src-tspi-ps-tspps.c b/security/trousers/files/patch-src-tspi-ps-tspps.c new file mode 100644 index 000000000000..248931c3d900 --- /dev/null +++ b/security/trousers/files/patch-src-tspi-ps-tspps.c @@ -0,0 +1,105 @@ +--- src/tspi/ps/tspps.c.orig 2010-05-02 11:39:11.000000000 +0900 ++++ src/tspi/ps/tspps.c 2010-10-24 21:04:04.843557352 +0900 +@@ -29,6 +29,11 @@ + #define LE_16 htole16 + #define LE_32 htole32 + #define LE_64 htole64 ++#elif defined(HAVE_SYS_ENDIAN_H) ++#include <sys/endian.h> ++#define LE_16 htole16 ++#define LE_32 htole32 ++#define LE_64 htole64 + #else + #define LE_16(x) (x) + #define LE_32(x) (x) +@@ -43,11 +48,26 @@ + #include "tspps.h" + #include "tsplog.h" + ++#ifndef LE_16 ++static UINT16 htole16(UINT16 x) ++{ ++ BYTE *b = &x; ++ return (UINT16) (b[0] + (b[1] << 8)); ++} ++#define LE_16 htole16 ++#endif ++ ++#ifndef LE_32 ++static UINT32 htole32(UINT32 x) ++{ ++ BYTE *b = &x; ++ return (UINT32) (b[0] + (b[1] << 8) + (b[2] << 16) + (b[3] << 24)); ++} ++#define LE_32 htole32 ++#endif ++ + static int user_ps_fd = -1; + static MUTEX_DECLARE_INIT(user_ps_lock); +-#if (defined (__FreeBSD__) || defined (__OpenBSD__)) +-static MUTEX_DECLARE_INIT(user_ps_path); +-#endif + #if defined (SOLARIS) + static struct flock fl = { + 0, +@@ -70,9 +90,7 @@ + TSS_RESULT result; + char *file_name = NULL, *home_dir = NULL; + struct passwd *pwp; +-#if (defined (__linux) || defined (linux) || defined(__GLIBC__)) + struct passwd pw; +-#endif + struct stat stat_buf; + char buf[PASSWD_BUFSIZE]; + uid_t euid; +@@ -82,10 +100,6 @@ + *file = strdup(file_name); + return (*file) ? TSS_SUCCESS : TSPERR(TSS_E_OUTOFMEMORY); + } +-#if (defined (__FreeBSD__) || defined (__OpenBSD__)) +- MUTEX_LOCK(user_ps_path); +-#endif +- + euid = geteuid(); + + #if defined (SOLARIS) +@@ -98,32 +112,14 @@ + */ + rc = snprintf(buf, sizeof (buf), "%s/%d", TSS_USER_PS_DIR, euid); + #else +- setpwent(); +- while (1) { +-#if (defined (__linux) || defined (linux) || defined(__GLIBC__)) +- rc = getpwent_r(&pw, buf, PASSWD_BUFSIZE, &pwp); +- if (rc) { +- LogDebugFn("USER PS: Error getting path to home directory: getpwent_r: %s", +- strerror(rc)); +- endpwent(); +- return TSPERR(TSS_E_INTERNAL_ERROR); +- } ++ rc = getpwuid_r(euid, &pw, buf, PASSWD_BUFSIZE, &pwp); ++ if (rc) { ++ LogDebugFn("USER PS: Error getting path to home directory: " ++ "getpwent_r: %s", strerror(rc)); ++ return TSPERR(TSS_E_INTERNAL_ERROR); ++ } + +-#elif (defined (__FreeBSD__) || defined (__OpenBSD__)) +- if ((pwp = getpwent()) == NULL) { +- LogDebugFn("USER PS: Error getting path to home directory: getpwent: %s", +- strerror(rc)); +- endpwent(); +- MUTEX_UNLOCK(user_ps_path); +- return TSPERR(TSS_E_INTERNAL_ERROR); +- } +-#endif +- if (euid == pwp->pw_uid) { +- home_dir = strdup(pwp->pw_dir); +- break; +- } +- } +- endpwent(); ++ home_dir = strdup(pwp->pw_dir); + + if (!home_dir) + return TSPERR(TSS_E_OUTOFMEMORY); diff --git a/security/trousers/files/patch-src-tspi-rpc-hosttable.c b/security/trousers/files/patch-src-tspi-rpc-hosttable.c new file mode 100644 index 000000000000..d86294d7a463 --- /dev/null +++ b/security/trousers/files/patch-src-tspi-rpc-hosttable.c @@ -0,0 +1,60 @@ +--- src/tspi/rpc/hosttable.c.orig 2010-05-02 11:39:11.000000000 +0900 ++++ src/tspi/rpc/hosttable.c 2010-10-24 21:04:04.845560543 +0900 +@@ -36,8 +36,8 @@ + } + + #ifdef SOLARIS +-#pragma init(_init) +-void _init(void) ++#pragma init(_init_hosttable) ++void _init_hosttable(void) + #else + void __attribute__ ((constructor)) my_init(void) + #endif +@@ -51,6 +51,8 @@ + { + struct host_table_entry *hte, *next = NULL; + ++ if( ht == NULL ) return; ++ + MUTEX_LOCK(ht->lock); + + for (hte = ht->entries; hte; hte = next) { +@@ -70,8 +72,8 @@ + } + + #ifdef SOLARIS +-#pragma fini(_fini) +-void _fini(void) ++#pragma fini(_fini_hosttable) ++void _fini_hosttable(void) + #else + void __attribute__ ((destructor)) my_fini(void) + #endif +@@ -84,6 +86,8 @@ + { + struct host_table_entry *entry, *tmp; + ++ if( ht == NULL ) return TSPERR(TSS_E_OUTOFMEMORY); ++ + entry = calloc(1, sizeof(struct host_table_entry)); + if (entry == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(struct host_table_entry)); +@@ -134,6 +138,8 @@ + { + struct host_table_entry *hte, *prev = NULL; + ++ if( ht == NULL ) return; ++ + MUTEX_LOCK(ht->lock); + + for (hte = ht->entries; hte; prev = hte, hte = hte->next) { +@@ -158,6 +164,8 @@ + { + struct host_table_entry *index = NULL; + ++ if( ht == NULL ) return NULL; ++ + MUTEX_LOCK(ht->lock); + + for (index = ht->entries; index; index = index->next) { diff --git a/security/trousers/files/patch-src-tspi-rpc-tcstp-rpc.c b/security/trousers/files/patch-src-tspi-rpc-tcstp-rpc.c new file mode 100644 index 000000000000..711938b712e0 --- /dev/null +++ b/security/trousers/files/patch-src-tspi-rpc-tcstp-rpc.c @@ -0,0 +1,11 @@ +--- src/tspi/rpc/tcstp/rpc.c.orig 2010-03-12 05:26:51.000000000 +0900 ++++ src/tspi/rpc/tcstp/rpc.c 2010-10-24 21:04:04.846552639 +0900 +@@ -306,7 +306,7 @@ + errno = 0; + if ((recv_size = recv(sock, buffer+recv_total, size-recv_total, 0)) <= 0) { + if (recv_size < 0) { +- if (errno == EINTR) ++ if (errno == EINTR || errno == EAGAIN) + continue; + LogError("Socket receive connection error: %s.", strerror(errno)); + } else { diff --git a/security/trousers/files/pkg-message.in b/security/trousers/files/pkg-message.in new file mode 100644 index 000000000000..733f02f0fb60 --- /dev/null +++ b/security/trousers/files/pkg-message.in @@ -0,0 +1,9 @@ +To run tcsd automatically, add the following line to /etc/rc.conf + +tcsd_enable="YES" + +You might want to edit %%PREFIX%%/etc/tcsd.conf to reflect your setup. + +To use TPM, add your_account to '%%GROUPS%%' group like following: + +# pw groupadd %%GROUPS%% -m your_account diff --git a/security/trousers/files/tcsd.in b/security/trousers/files/tcsd.in new file mode 100644 index 000000000000..0959bbe20225 --- /dev/null +++ b/security/trousers/files/tcsd.in @@ -0,0 +1,26 @@ +#!/bin/sh + +# $FreeBSD$ +# +# PROVIDE: tcsd +# REQUIRE: LOGIN +# KEYWORD: shutdown +# +# Add the following lines to /etc/rc.conf.local or /etc/rc.conf +# to enable this service: +# +# tcsd_enable (bool): Set to NO by default. +# Set it to YES to enable tcsd. + +. /etc/rc.subr + +name=tcsd +rcvar=`set_rcvar` +command="%%PREFIX%%/sbin/${name}" +required_files="%%PREFIX%%/etc/${name}.conf" + +load_rc_config $name + +: tcsd_enable=${tcsd_enable-"NO"} + +run_rc_command "$1" diff --git a/security/trousers/pkg-descr b/security/trousers/pkg-descr new file mode 100644 index 000000000000..087ba6dfa1b4 --- /dev/null +++ b/security/trousers/pkg-descr @@ -0,0 +1,2 @@ +TrouSerS is an CPL (Common Public License) licensed Trusted Computing +Software Stack. It is mostly compliant with the TSS 1.2 specification. diff --git a/security/trousers/pkg-plist b/security/trousers/pkg-plist new file mode 100644 index 000000000000..8cf41059b7e0 --- /dev/null +++ b/security/trousers/pkg-plist @@ -0,0 +1,40 @@ +@unexec cmp -s %D/etc/tcsd.conf %D/%%EXAMPLESDIR%%/tcsd.conf && rm -f %D/etc/tcsd.conf || true +%%EXAMPLESDIR%%/tcsd.conf +@exec [ -f %D/etc/tcsd.conf ] || cp -p %B/%f %D/etc/tcsd.conf +include/trousers/trousers.h +include/trousers/tss.h +include/tss/compat11b.h +include/tss/platform.h +include/tss/tcpa_defines.h +include/tss/tcpa_error.h +include/tss/tcpa_struct.h +include/tss/tcpa_typedef.h +include/tss/tcs.h +include/tss/tcs_defines.h +include/tss/tcs_error.h +include/tss/tcs_structs.h +include/tss/tcs_typedef.h +include/tss/tddl_error.h +include/tss/tddlapi_error.h +include/tss/tddli.h +include/tss/tpm.h +include/tss/tpm_error.h +include/tss/tpm_ordinal.h +include/tss/tspi.h +include/tss/tss_defines.h +include/tss/tss_error.h +include/tss/tss_error_basics.h +include/tss/tss_structs.h +include/tss/tss_typedef.h +%%TDDL%%lib/libtddl.a +lib/libtspi.a +lib/libtspi.la +lib/libtspi.so +lib/libtspi.so.2 +sbin/tcsd +@dirrm %%EXAMPLESDIR%% +@dirrmtry var/lib/tpm +@dirrmtry var/lib +@dirrmtry var +@dirrm include/tss +@dirrm include/trousers |