Richard Maciel
2013-10-04 17:32:19 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Trousers".
The branch, master has been updated
via 5656124f3b873d233a9818efa4490866c7726a19 (commit)
via 4acd8c8c6fd598a00fc24a12ea84ce6587276e38 (commit)
via 09eae2ff0386da3db8814946e663ac35012f22c1 (commit)
via 982c3ebe9d9a00284650a8745d3e8fb912f3d307 (commit)
from 90e611721429961767e358eb45a92a47a6d63e14 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers;a=commitdiff;h=5656124f3b873d233a9818efa4490866c7726a19
commit 5656124f3b873d233a9818efa4490866c7726a19
Author: Richard Maciel <***@linux.vnet.ibm.com>
Date: Wed Oct 2 17:34:50 2013 -0300
Fix access control function
access_control function for the server is able to handle addresses
generated by the get_tcsd_hostname function.
Signed-off-by: Richard Maciel <***@linux.vnet.ibm.com>
Acked-by: Joel Schopp <***@linux.vnet.ibm.com>
diff --git a/src/tcs/rpc/tcstp/rpc.c b/src/tcs/rpc/tcstp/rpc.c
index 7689769..0fc7e83 100644
--- a/src/tcs/rpc/tcstp/rpc.c
+++ b/src/tcs/rpc/tcstp/rpc.c
@@ -519,35 +519,36 @@ int
access_control(struct tcsd_thread_data *thread_data)
{
int i = 0;
- struct hostent *local_hostent = NULL;
- static char *localhostname = NULL;
- static int localhostname_len = 0;
-
- if (!localhostname) {
- if ((local_hostent = gethostbyname("localhost")) == NULL) {
- LogError("Error resolving localhost: %s", hstrerror(h_errno));
- return 1;
- }
-
- LogDebugFn("Cached local hostent:");
- LogDebugFn("h_name: %s", local_hostent->h_name);
- for (i = 0; local_hostent->h_aliases[i]; i++) {
- LogDebugFn("h_aliases[%d]: %s", i, local_hostent->h_aliases[i]);
- }
- LogDebugFn("h_addrtype: %s",
- (local_hostent->h_addrtype == AF_INET6 ? "AF_INET6" : "AF_INET"));
+ int is_localhost;
+ struct sockaddr_storage sas;
+ struct sockaddr *sa;
+ socklen_t sas_len = sizeof(sas);
+
+ if (!getpeername(thread_data->sock, (struct sockaddr *)&sas, &sas_len)) {
+ LogError("Error retrieving local socket address: %s", strerror(errno));
+ return 1;
+ }
- localhostname_len = strlen(local_hostent->h_name);
- if ((localhostname = strdup(local_hostent->h_name)) == NULL) {
- LogError("malloc of %d bytes failed.", localhostname_len);
- return TCSERR(TSS_E_OUTOFMEMORY);
- }
+ sa = (struct sockaddr *)&sas;
+
+ is_localhost = 0;
+ // Check if it's localhost for both inet protocols
+ if (sa->sa_family == AF_INET) {
+ struct sockaddr_in *sa_in = (struct sockaddr_in *)sa;
+ uint32_t nloopaddr = htonl(INADDR_LOOPBACK);
+ if (memcmp(&sa_in->sin_addr.s_addr, &nloopaddr,
+ sizeof(struct sockaddr_in)) == 0)
+ is_localhost = 1;
+ else if (sa->sa_family == AF_INET6) {
+ struct sockaddr_in6 *sa_in6 = (struct sockaddr_in6 *)sa;
+ if (memcmp(&sa_in6->sin6_addr.s6_addr, &in6addr_loopback,
+ sizeof(struct sockaddr_in6)) == 0)
+ is_localhost = 1;
}
/* if the request comes from localhost, or is in the accepted ops list,
* approve it */
- if (!strncmp(thread_data->hostname, localhostname,
- MIN((size_t)localhostname_len, strlen(thread_data->hostname)))) {
+ if (is_localhost)
return 0;
} else {
while (tcsd_options.remote_ops[i]) {
http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers;a=commitdiff;h=4acd8c8c6fd598a00fc24a12ea84ce6587276e38
commit 4acd8c8c6fd598a00fc24a12ea84ce6587276e38
Author: Richard Maciel <***@linux.vnet.ibm.com>
Date: Wed Oct 2 17:28:07 2013 -0300
New code to retrieve hostname to object contexts
This code uses the provided get_tcsd_hostname to retrieve hostname
information on the tcsd.
Signed-off-by: Richard Maciel <***@linux.vnet.ibm.com>
Acked-by: Joel Schopp <***@linux.vnet.ibm.com>
diff --git a/src/tspi/obj_context.c b/src/tspi/obj_context.c
index 75e4f6b..feb99ac 100644
--- a/src/tspi/obj_context.c
+++ b/src/tspi/obj_context.c
@@ -30,7 +30,6 @@ obj_context_add(TSS_HOBJECT *phObject)
{
TSS_RESULT result;
struct tr_context_obj *context = calloc(1, sizeof(struct tr_context_obj));
- unsigned len = strlen(TSS_LOCALHOST_STRING) + 1;
if (context == NULL) {
LogError("malloc of %zd bytes failed.", sizeof(struct tr_context_obj));
@@ -42,13 +41,13 @@ obj_context_add(TSS_HOBJECT *phObject)
#else
context->silentMode = TSS_TSPATTRIB_CONTEXT_SILENT;
#endif
- if ((context->machineName = calloc(1, len)) == NULL) {
- LogError("malloc of %u bytes failed", len);
+ if ((result = get_tcsd_hostname(&context->machineName,
+ &context->machineNameLength)) != TSS_SUCCESS) {
free(context);
- return TSPERR(TSS_E_OUTOFMEMORY);
+ return result;
}
- memcpy(context->machineName, TSS_LOCALHOST_STRING, len);
- context->machineNameLength = len;
+
+ LogDebug("Hostname to be used by the context is %s.", context->machineName);
context->hashMode = TSS_TSPATTRIB_HASH_MODE_NOT_NULL;
context->connection_policy = TSS_TSPATTRIB_CONTEXT_VERSION_V1_1;
@@ -186,6 +185,7 @@ obj_context_get_machine_name(TSS_HCONTEXT tspContext, UINT32 *size, BYTE **data)
if (context->machineNameLength == 0) {
*data = NULL;
*size = 0;
+ LogDebug("context->machineName is NULL.");
} else {
/*
* Don't use calloc_tspi because this memory is
@@ -199,6 +199,7 @@ obj_context_get_machine_name(TSS_HCONTEXT tspContext, UINT32 *size, BYTE **data)
goto done;
}
*size = context->machineNameLength;
+ LogDebug("context->machineName: %s.", context->machineName);
memcpy(*data, context->machineName, *size);
}
http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers;a=commitdiff;h=09eae2ff0386da3db8814946e663ac35012f22c1
commit 09eae2ff0386da3db8814946e663ac35012f22c1
Author: Richard Maciel <***@linux.vnet.ibm.com>
Date: Wed Oct 2 17:10:42 2013 -0300
New socket creation code to RPC calls
This code provides underlying sockets to the RPC calls.
It was remade to use the new function that gather port information and
to use new API to retrieve hostname data.
Signed-off-by: Richard Maciel <***@linux.vnet.ibm.com>
Acked-by: Joel Schopp <***@linux.vnet.ibm.com>
diff --git a/src/include/rpc_tcstp_tsp.h b/src/include/rpc_tcstp_tsp.h
index 79f5e9f..2d53a00 100644
--- a/src/include/rpc_tcstp_tsp.h
+++ b/src/include/rpc_tcstp_tsp.h
@@ -22,7 +22,9 @@ void initData(struct tcsd_comm_data *, int);
TSS_RESULT sendTCSDPacket(struct host_table_entry *);
TSS_RESULT send_init(struct host_table_entry *);
TSS_RESULT tcs_sendit(struct host_table_entry *);
-short get_port();
+
+/* Underlying socket-related calls */
+TSS_RESULT get_socket(struct host_table_entry *hte, int *sd);
/* Context commands always included */
TSS_RESULT RPC_OpenContext_TP(struct host_table_entry *, UINT32 *, TCS_CONTEXT_HANDLE *);
diff --git a/src/tspi/rpc/tcstp/rpc.c b/src/tspi/rpc/tcstp/rpc.c
index 3b4ed12..afe1844 100644
--- a/src/tspi/rpc/tcstp/rpc.c
+++ b/src/tspi/rpc/tcstp/rpc.c
@@ -31,6 +31,7 @@
#include "tcsd_wrap.h"
#include "obj.h"
#include "rpc_tcstp_tsp.h"
+#include "tsp_tcsi_param.h"
void
@@ -342,42 +343,9 @@ send_init(struct host_table_entry *hte)
BYTE *buffer;
TSS_RESULT result;
- struct sockaddr_in addr;
- struct hostent *hEnt = NULL;
-
- sd = socket(PF_INET, SOCK_STREAM, 0);
- if (sd == -1) {
- LogError("socket: %s", strerror(errno));
- result = TSPERR(TSS_E_COMM_FAILURE);
- goto err_exit;
- }
-
- __tspi_memset(&addr, 0, sizeof(addr));
- addr.sin_family = AF_INET;
- addr.sin_port = htons(get_port());
-
- LogDebug("Sending TSP packet to host %s.", hte->hostname);
-
- /* try to resolve by hostname first */
- hEnt = gethostbyname((char *)hte->hostname);
- if (hEnt == NULL) {
- /* if by hostname fails, try by dot notation */
- if (inet_aton((char *)hte->hostname, &addr.sin_addr) == 0) {
- LogError("hostname %s does not resolve to a valid address.", hte->hostname);
- result = TSPERR(TSS_E_CONNECTION_FAILED);
- goto err_exit;
- }
- } else {
- memcpy(&addr.sin_addr, hEnt->h_addr_list[0], 4);
- }
-
- LogDebug("Connecting to %s", inet_ntoa(addr.sin_addr));
-
- if (connect(sd, (struct sockaddr *) &addr, sizeof (addr))) {
- LogError("connect: %s", strerror(errno));
- result = TSPERR(TSS_E_COMM_FAILURE);
+ result = get_socket(hte, &sd);
+ if (result != TSS_SUCCESS)
goto err_exit;
- }
if (send_to_socket(sd, hte->comm.buf, hte->comm.hdr.packet_size) < 0) {
result = TSPERR(TSS_E_COMM_FAILURE);
@@ -489,23 +457,61 @@ err_exit:
return result;
}
-/* XXX this should be moved out of an RPC-specific file */
-short
-get_port(void)
+/* TODO: Future work - remove socket creation/manipulation from RPC-specific file */
+TSS_RESULT
+get_socket(struct host_table_entry *hte, int *sd)
{
- char *env_port;
- int port = 0;
+ char port_str[TCP_PORT_STR_MAX_LEN]; // To accomodate string 65535
+ struct addrinfo hints, *res, *p;
+ int rv;
+ TSS_RESULT result = TSS_SUCCESS;
- env_port = getenv("TSS_TCSD_PORT");
+ __tspi_memset(&hints, 0, sizeof(hints));
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_NUMERICSERV;
- if (env_port == NULL)
- return TCSD_DEFAULT_PORT;
+ __tspi_memset(&port_str, 0, sizeof(port_str));
- port = atoi(env_port);
+ if (get_tcsd_port(port_str) != TSS_SUCCESS) {
+ LogError("Could not retrieve TCP port information.");
+ goto exit;
+ }
+
+ LogDebug("Retrieving address information from host: %s", (char *)hte->hostname);
+ rv = getaddrinfo((char *)hte->hostname, port_str,
+ &hints, &res);
+ if (rv != 0) {
+ LogError("hostname %s does not resolve to a valid address.", hte->hostname);
+ result = TSPERR(TSS_E_CONNECTION_FAILED);
+ res = NULL;
+ goto exit;
+ }
- if (port == 0 || port > 65535)
- return TCSD_DEFAULT_PORT;
+ LogWarn("Got a list of valid IPs");
- return (short)port;
-}
+ for (p = res; p != NULL; p = p->ai_next) {
+ *sd = socket(p->ai_family, SOCK_STREAM, 0);
+ if (*sd == -1)
+ continue;
+
+ if (connect(*sd, p->ai_addr, p->ai_addrlen) != -1)
+ break; // Got a connection
+
+ LogWarn("Could not connect to machine: %s", (char*)hte->hostname);
+
+ close(*sd);
+ }
+
+ if (p == NULL) {
+ LogError("Could not connect to any machine in the list.");
+ result = TSPERR(TSS_E_COMM_FAILURE);
+ goto exit;
+ }
+
+exit:
+ if (res != NULL)
+ freeaddrinfo(res);
+
+ return result;
+}
http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers;a=commitdiff;h=982c3ebe9d9a00284650a8745d3e8fb912f3d307
commit 982c3ebe9d9a00284650a8745d3e8fb912f3d307
Author: Richard Maciel <***@linux.vnet.ibm.com>
Date: Wed Oct 2 16:56:22 2013 -0300
Add functions to fetch hostname and port info to clients
Modules included will be used by the next modifications to
retrieve hostname and port information to setup client
connections to the tcsd.
Signed-off-by: Richard Maciel <***@linux.vnet.ibm.com>
Acked-by: Joel Schopp <***@linux.vnet.ibm.com>
diff --git a/src/include/Makefile.am b/src/include/Makefile.am
index 2adec8a..7be09e7 100644
--- a/src/include/Makefile.am
+++ b/src/include/Makefile.am
@@ -39,5 +39,5 @@ noinst_HEADERS = auth_mgr.h authsess.h biosem.h capabilities.h \
tcslog.h tcsps.h tcs_tsp.h tcs_utils.h \
tddl.h threads.h trousers_types.h tsp_audit.h \
tsp_delegate.h tsplog.h tspps.h tsp_seal.h \
- linux/tpm.h
+ linux/tpm.h tsp_tcsi_param.h
diff --git a/src/include/tsp_tcsi_param.h b/src/include/tsp_tcsi_param.h
new file mode 100644
index 0000000..1628250
--- /dev/null
+++ b/src/include/tsp_tcsi_param.h
@@ -0,0 +1,19 @@
+
+/*
+ * Licensed Materials - Property of IBM
+ *
+ * trousers - An open source TCG Software Stack
+ *
+ * (C) Copyright International Business Machines Corp. 2005, 2007, 2013
+ *
+ */
+
+/* Defines which environment var is responsible for setting the port to
+ * which the client will connect */
+#define PORT_ENV_VAR "TSS_TCSD_PORT"
+
+/* Defines which envionment var is responsible for setting the hostname to
+ * which the client will connect */
+#define HOSTNAME_ENV_VAR "TSS_TCSD_HOSTNAME"
+
+#define TCP_PORT_STR_MAX_LEN 6
diff --git a/src/tspi/Makefile.am b/src/tspi/Makefile.am
index 6b31e51..0dd257b 100644
--- a/src/tspi/Makefile.am
+++ b/src/tspi/Makefile.am
@@ -33,7 +33,8 @@ libtspi_la_SOURCES=log.c \
rpc/@RPC@/rpc_context.c \
rpc/tcs_api.c \
rpc/hosttable.c \
- rpc/@RPC@/rpc.c
+ rpc/@RPC@/rpc.c \
+ tsp_tcsi_param.c
if TSS_BUILD_ASYM_CRYPTO
libtspi_la_SOURCES+=tsp_asym.c
diff --git a/src/tspi/tsp_tcsi_param.c b/src/tspi/tsp_tcsi_param.c
new file mode 100644
index 0000000..670f86f
--- /dev/null
+++ b/src/tspi/tsp_tcsi_param.c
@@ -0,0 +1,161 @@
+
+/*
+ * Licensed Materials - Property of IBM
+ *
+ * trousers - An open source TCG Software Stack
+ *
+ * (C) Copyright International Business Machines Corp. 2005, 2007, 2013
+ *
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include <bits/local_lim.h>
+#include "trousers/tss.h"
+#include "trousers/trousers.h"
+#include "trousers_types.h"
+#include "tsplog.h"
+#include "spi_utils.h"
+#include "tsp_tcsi_param.h"
+
+#define RV_OK 0
+#define RV_NO_VALUE -1
+#define RV_NO_MEM -2
+#define RV_WRONG_VALUE -3
+#define RV_UNKNOWN_ERR -4
+
+int
+get_port_from_env(int *port)
+{
+ char *env_port;
+ char *raw_port_str;
+
+ env_port = getenv(PORT_ENV_VAR);
+ if (env_port == NULL)
+ return RV_NO_VALUE;
+
+ raw_port_str = strdup(env_port);
+ if (raw_port_str == NULL)
+ return RV_NO_MEM;
+
+ LogDebug("Found data in %s environment var: %s", PORT_ENV_VAR, raw_port_str);
+
+ *port = atoi(raw_port_str);
+ free(raw_port_str);
+ if (*port < 0 || *port > 65535) {
+ LogError("Environment var %s contains invalid port value!", PORT_ENV_VAR);
+ return RV_WRONG_VALUE;
+ }
+
+ return RV_OK;
+}
+
+TSS_RESULT
+convert_port_to_str(int port, char port_str[TCP_PORT_STR_MAX_LEN])
+{
+ if (snprintf(port_str, TCP_PORT_STR_MAX_LEN, "%d", port) < 0)
+ return TSPERR(TSS_E_INTERNAL_ERROR);
+
+ return TSS_SUCCESS;
+}
+
+TSS_RESULT
+get_tcsd_port(char port_str[TCP_PORT_STR_MAX_LEN])
+{
+ int rv, port = 0;
+
+ // Retrieves port from env var first
+ rv = get_port_from_env(&port);
+ switch(rv) {
+ case RV_OK:
+ return convert_port_to_str(port, port_str);
+ case RV_WRONG_VALUE:
+ return TSPERR(TSS_E_BAD_PARAMETER);
+ case RV_NO_MEM:
+ return TSPERR(TSS_E_OUTOFMEMORY);
+ case RV_NO_VALUE:
+ break;
+ }
+
+ // TODO: Future work retrieves port from config file.
+
+ // Last case, retrieve default port used by server.
+ return convert_port_to_str(TCSD_DEFAULT_PORT, port_str);
+}
+
+/**
+ * Allocates a string with up to HOST_NAME_MAX chars which contains
+ * the hostname extracted from the env var
+ */
+int
+get_hostname_from_env(char **host_str, unsigned *len)
+{
+ char *env_host, *tmp_str = NULL;
+ unsigned env_len;
+
+ // Tries to retrieve from env var first.
+ env_host = getenv(HOSTNAME_ENV_VAR);
+ if (env_host == NULL) {
+ *host_str = NULL;
+ *len = 0;
+ LogDebug("Got no value inside environment var %s.", HOSTNAME_ENV_VAR);
+ return RV_NO_VALUE;
+ }
+
+ tmp_str = strdup(env_host);
+ if (tmp_str == NULL)
+ return RV_NO_MEM;
+
+ LogDebug("Environment var %s got value: %s", HOSTNAME_ENV_VAR, tmp_str);
+ env_len = strlen(tmp_str);
+ if (env_len > HOST_NAME_MAX) {
+ *len = HOST_NAME_MAX + 1;
+ } else {
+ *len = env_len + 1;
+ }
+
+ *host_str = (char *)malloc(*len);
+ if (*host_str == NULL) {
+ LogError("Not enough memory when allocating string to retrieve host name from environment var");
+ free(tmp_str);
+ return RV_NO_MEM;
+ }
+
+ strncpy(*host_str, tmp_str, *len);
+ free(tmp_str);
+ return RV_OK;
+}
+
+TSS_RESULT
+get_tcsd_hostname(char **host_str, unsigned *len)
+{
+ int rv;
+
+ // Retrieve from environment var
+ rv = get_hostname_from_env(host_str, len);
+ switch(rv) {
+ case RV_OK:
+ LogDebug("Hostname %s will be used", *host_str);
+ return TSS_SUCCESS;
+ case RV_NO_MEM:
+ return TSPERR(TSS_E_OUTOFMEMORY);
+ case RV_NO_VALUE: // Tente obter de outra maneira
+ break;
+ default:
+ return TSPERR(TSS_E_INTERNAL_ERROR);
+ }
+
+ // TODO: Future work - Retrieve from config file
+
+ // Use localhost in last case.
+ *host_str = strdup(TSS_LOCALHOST_STRING);
+ if (*host_str == NULL)
+ return TSPERR(TSS_E_OUTOFMEMORY);
+
+ *len = sizeof(TSS_LOCALHOST_STRING);
+
+ LogDebug("Hostname %s will be used", *host_str);
+ return TSS_SUCCESS;
+}
+
-----------------------------------------------------------------------
Summary of changes:
src/include/Makefile.am | 2 +-
src/include/rpc_tcstp_tsp.h | 4 +-
src/include/tsp_tcsi_param.h | 19 +++++
src/tcs/rpc/tcstp/rpc.c | 49 +++++++------
src/tspi/Makefile.am | 3 +-
src/tspi/obj_context.c | 13 ++--
src/tspi/rpc/tcstp/rpc.c | 102 ++++++++++++++-------------
src/tspi/tsp_tcsi_param.c | 161 ++++++++++++++++++++++++++++++++++++++++++
8 files changed, 272 insertions(+), 81 deletions(-)
create mode 100644 src/include/tsp_tcsi_param.h
create mode 100644 src/tspi/tsp_tcsi_param.c
hooks/post-receive
generated because a ref change was pushed to the repository containing
the project "Trousers".
The branch, master has been updated
via 5656124f3b873d233a9818efa4490866c7726a19 (commit)
via 4acd8c8c6fd598a00fc24a12ea84ce6587276e38 (commit)
via 09eae2ff0386da3db8814946e663ac35012f22c1 (commit)
via 982c3ebe9d9a00284650a8745d3e8fb912f3d307 (commit)
from 90e611721429961767e358eb45a92a47a6d63e14 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers;a=commitdiff;h=5656124f3b873d233a9818efa4490866c7726a19
commit 5656124f3b873d233a9818efa4490866c7726a19
Author: Richard Maciel <***@linux.vnet.ibm.com>
Date: Wed Oct 2 17:34:50 2013 -0300
Fix access control function
access_control function for the server is able to handle addresses
generated by the get_tcsd_hostname function.
Signed-off-by: Richard Maciel <***@linux.vnet.ibm.com>
Acked-by: Joel Schopp <***@linux.vnet.ibm.com>
diff --git a/src/tcs/rpc/tcstp/rpc.c b/src/tcs/rpc/tcstp/rpc.c
index 7689769..0fc7e83 100644
--- a/src/tcs/rpc/tcstp/rpc.c
+++ b/src/tcs/rpc/tcstp/rpc.c
@@ -519,35 +519,36 @@ int
access_control(struct tcsd_thread_data *thread_data)
{
int i = 0;
- struct hostent *local_hostent = NULL;
- static char *localhostname = NULL;
- static int localhostname_len = 0;
-
- if (!localhostname) {
- if ((local_hostent = gethostbyname("localhost")) == NULL) {
- LogError("Error resolving localhost: %s", hstrerror(h_errno));
- return 1;
- }
-
- LogDebugFn("Cached local hostent:");
- LogDebugFn("h_name: %s", local_hostent->h_name);
- for (i = 0; local_hostent->h_aliases[i]; i++) {
- LogDebugFn("h_aliases[%d]: %s", i, local_hostent->h_aliases[i]);
- }
- LogDebugFn("h_addrtype: %s",
- (local_hostent->h_addrtype == AF_INET6 ? "AF_INET6" : "AF_INET"));
+ int is_localhost;
+ struct sockaddr_storage sas;
+ struct sockaddr *sa;
+ socklen_t sas_len = sizeof(sas);
+
+ if (!getpeername(thread_data->sock, (struct sockaddr *)&sas, &sas_len)) {
+ LogError("Error retrieving local socket address: %s", strerror(errno));
+ return 1;
+ }
- localhostname_len = strlen(local_hostent->h_name);
- if ((localhostname = strdup(local_hostent->h_name)) == NULL) {
- LogError("malloc of %d bytes failed.", localhostname_len);
- return TCSERR(TSS_E_OUTOFMEMORY);
- }
+ sa = (struct sockaddr *)&sas;
+
+ is_localhost = 0;
+ // Check if it's localhost for both inet protocols
+ if (sa->sa_family == AF_INET) {
+ struct sockaddr_in *sa_in = (struct sockaddr_in *)sa;
+ uint32_t nloopaddr = htonl(INADDR_LOOPBACK);
+ if (memcmp(&sa_in->sin_addr.s_addr, &nloopaddr,
+ sizeof(struct sockaddr_in)) == 0)
+ is_localhost = 1;
+ else if (sa->sa_family == AF_INET6) {
+ struct sockaddr_in6 *sa_in6 = (struct sockaddr_in6 *)sa;
+ if (memcmp(&sa_in6->sin6_addr.s6_addr, &in6addr_loopback,
+ sizeof(struct sockaddr_in6)) == 0)
+ is_localhost = 1;
}
/* if the request comes from localhost, or is in the accepted ops list,
* approve it */
- if (!strncmp(thread_data->hostname, localhostname,
- MIN((size_t)localhostname_len, strlen(thread_data->hostname)))) {
+ if (is_localhost)
return 0;
} else {
while (tcsd_options.remote_ops[i]) {
http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers;a=commitdiff;h=4acd8c8c6fd598a00fc24a12ea84ce6587276e38
commit 4acd8c8c6fd598a00fc24a12ea84ce6587276e38
Author: Richard Maciel <***@linux.vnet.ibm.com>
Date: Wed Oct 2 17:28:07 2013 -0300
New code to retrieve hostname to object contexts
This code uses the provided get_tcsd_hostname to retrieve hostname
information on the tcsd.
Signed-off-by: Richard Maciel <***@linux.vnet.ibm.com>
Acked-by: Joel Schopp <***@linux.vnet.ibm.com>
diff --git a/src/tspi/obj_context.c b/src/tspi/obj_context.c
index 75e4f6b..feb99ac 100644
--- a/src/tspi/obj_context.c
+++ b/src/tspi/obj_context.c
@@ -30,7 +30,6 @@ obj_context_add(TSS_HOBJECT *phObject)
{
TSS_RESULT result;
struct tr_context_obj *context = calloc(1, sizeof(struct tr_context_obj));
- unsigned len = strlen(TSS_LOCALHOST_STRING) + 1;
if (context == NULL) {
LogError("malloc of %zd bytes failed.", sizeof(struct tr_context_obj));
@@ -42,13 +41,13 @@ obj_context_add(TSS_HOBJECT *phObject)
#else
context->silentMode = TSS_TSPATTRIB_CONTEXT_SILENT;
#endif
- if ((context->machineName = calloc(1, len)) == NULL) {
- LogError("malloc of %u bytes failed", len);
+ if ((result = get_tcsd_hostname(&context->machineName,
+ &context->machineNameLength)) != TSS_SUCCESS) {
free(context);
- return TSPERR(TSS_E_OUTOFMEMORY);
+ return result;
}
- memcpy(context->machineName, TSS_LOCALHOST_STRING, len);
- context->machineNameLength = len;
+
+ LogDebug("Hostname to be used by the context is %s.", context->machineName);
context->hashMode = TSS_TSPATTRIB_HASH_MODE_NOT_NULL;
context->connection_policy = TSS_TSPATTRIB_CONTEXT_VERSION_V1_1;
@@ -186,6 +185,7 @@ obj_context_get_machine_name(TSS_HCONTEXT tspContext, UINT32 *size, BYTE **data)
if (context->machineNameLength == 0) {
*data = NULL;
*size = 0;
+ LogDebug("context->machineName is NULL.");
} else {
/*
* Don't use calloc_tspi because this memory is
@@ -199,6 +199,7 @@ obj_context_get_machine_name(TSS_HCONTEXT tspContext, UINT32 *size, BYTE **data)
goto done;
}
*size = context->machineNameLength;
+ LogDebug("context->machineName: %s.", context->machineName);
memcpy(*data, context->machineName, *size);
}
http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers;a=commitdiff;h=09eae2ff0386da3db8814946e663ac35012f22c1
commit 09eae2ff0386da3db8814946e663ac35012f22c1
Author: Richard Maciel <***@linux.vnet.ibm.com>
Date: Wed Oct 2 17:10:42 2013 -0300
New socket creation code to RPC calls
This code provides underlying sockets to the RPC calls.
It was remade to use the new function that gather port information and
to use new API to retrieve hostname data.
Signed-off-by: Richard Maciel <***@linux.vnet.ibm.com>
Acked-by: Joel Schopp <***@linux.vnet.ibm.com>
diff --git a/src/include/rpc_tcstp_tsp.h b/src/include/rpc_tcstp_tsp.h
index 79f5e9f..2d53a00 100644
--- a/src/include/rpc_tcstp_tsp.h
+++ b/src/include/rpc_tcstp_tsp.h
@@ -22,7 +22,9 @@ void initData(struct tcsd_comm_data *, int);
TSS_RESULT sendTCSDPacket(struct host_table_entry *);
TSS_RESULT send_init(struct host_table_entry *);
TSS_RESULT tcs_sendit(struct host_table_entry *);
-short get_port();
+
+/* Underlying socket-related calls */
+TSS_RESULT get_socket(struct host_table_entry *hte, int *sd);
/* Context commands always included */
TSS_RESULT RPC_OpenContext_TP(struct host_table_entry *, UINT32 *, TCS_CONTEXT_HANDLE *);
diff --git a/src/tspi/rpc/tcstp/rpc.c b/src/tspi/rpc/tcstp/rpc.c
index 3b4ed12..afe1844 100644
--- a/src/tspi/rpc/tcstp/rpc.c
+++ b/src/tspi/rpc/tcstp/rpc.c
@@ -31,6 +31,7 @@
#include "tcsd_wrap.h"
#include "obj.h"
#include "rpc_tcstp_tsp.h"
+#include "tsp_tcsi_param.h"
void
@@ -342,42 +343,9 @@ send_init(struct host_table_entry *hte)
BYTE *buffer;
TSS_RESULT result;
- struct sockaddr_in addr;
- struct hostent *hEnt = NULL;
-
- sd = socket(PF_INET, SOCK_STREAM, 0);
- if (sd == -1) {
- LogError("socket: %s", strerror(errno));
- result = TSPERR(TSS_E_COMM_FAILURE);
- goto err_exit;
- }
-
- __tspi_memset(&addr, 0, sizeof(addr));
- addr.sin_family = AF_INET;
- addr.sin_port = htons(get_port());
-
- LogDebug("Sending TSP packet to host %s.", hte->hostname);
-
- /* try to resolve by hostname first */
- hEnt = gethostbyname((char *)hte->hostname);
- if (hEnt == NULL) {
- /* if by hostname fails, try by dot notation */
- if (inet_aton((char *)hte->hostname, &addr.sin_addr) == 0) {
- LogError("hostname %s does not resolve to a valid address.", hte->hostname);
- result = TSPERR(TSS_E_CONNECTION_FAILED);
- goto err_exit;
- }
- } else {
- memcpy(&addr.sin_addr, hEnt->h_addr_list[0], 4);
- }
-
- LogDebug("Connecting to %s", inet_ntoa(addr.sin_addr));
-
- if (connect(sd, (struct sockaddr *) &addr, sizeof (addr))) {
- LogError("connect: %s", strerror(errno));
- result = TSPERR(TSS_E_COMM_FAILURE);
+ result = get_socket(hte, &sd);
+ if (result != TSS_SUCCESS)
goto err_exit;
- }
if (send_to_socket(sd, hte->comm.buf, hte->comm.hdr.packet_size) < 0) {
result = TSPERR(TSS_E_COMM_FAILURE);
@@ -489,23 +457,61 @@ err_exit:
return result;
}
-/* XXX this should be moved out of an RPC-specific file */
-short
-get_port(void)
+/* TODO: Future work - remove socket creation/manipulation from RPC-specific file */
+TSS_RESULT
+get_socket(struct host_table_entry *hte, int *sd)
{
- char *env_port;
- int port = 0;
+ char port_str[TCP_PORT_STR_MAX_LEN]; // To accomodate string 65535
+ struct addrinfo hints, *res, *p;
+ int rv;
+ TSS_RESULT result = TSS_SUCCESS;
- env_port = getenv("TSS_TCSD_PORT");
+ __tspi_memset(&hints, 0, sizeof(hints));
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_NUMERICSERV;
- if (env_port == NULL)
- return TCSD_DEFAULT_PORT;
+ __tspi_memset(&port_str, 0, sizeof(port_str));
- port = atoi(env_port);
+ if (get_tcsd_port(port_str) != TSS_SUCCESS) {
+ LogError("Could not retrieve TCP port information.");
+ goto exit;
+ }
+
+ LogDebug("Retrieving address information from host: %s", (char *)hte->hostname);
+ rv = getaddrinfo((char *)hte->hostname, port_str,
+ &hints, &res);
+ if (rv != 0) {
+ LogError("hostname %s does not resolve to a valid address.", hte->hostname);
+ result = TSPERR(TSS_E_CONNECTION_FAILED);
+ res = NULL;
+ goto exit;
+ }
- if (port == 0 || port > 65535)
- return TCSD_DEFAULT_PORT;
+ LogWarn("Got a list of valid IPs");
- return (short)port;
-}
+ for (p = res; p != NULL; p = p->ai_next) {
+ *sd = socket(p->ai_family, SOCK_STREAM, 0);
+ if (*sd == -1)
+ continue;
+
+ if (connect(*sd, p->ai_addr, p->ai_addrlen) != -1)
+ break; // Got a connection
+
+ LogWarn("Could not connect to machine: %s", (char*)hte->hostname);
+
+ close(*sd);
+ }
+
+ if (p == NULL) {
+ LogError("Could not connect to any machine in the list.");
+ result = TSPERR(TSS_E_COMM_FAILURE);
+ goto exit;
+ }
+
+exit:
+ if (res != NULL)
+ freeaddrinfo(res);
+
+ return result;
+}
http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers;a=commitdiff;h=982c3ebe9d9a00284650a8745d3e8fb912f3d307
commit 982c3ebe9d9a00284650a8745d3e8fb912f3d307
Author: Richard Maciel <***@linux.vnet.ibm.com>
Date: Wed Oct 2 16:56:22 2013 -0300
Add functions to fetch hostname and port info to clients
Modules included will be used by the next modifications to
retrieve hostname and port information to setup client
connections to the tcsd.
Signed-off-by: Richard Maciel <***@linux.vnet.ibm.com>
Acked-by: Joel Schopp <***@linux.vnet.ibm.com>
diff --git a/src/include/Makefile.am b/src/include/Makefile.am
index 2adec8a..7be09e7 100644
--- a/src/include/Makefile.am
+++ b/src/include/Makefile.am
@@ -39,5 +39,5 @@ noinst_HEADERS = auth_mgr.h authsess.h biosem.h capabilities.h \
tcslog.h tcsps.h tcs_tsp.h tcs_utils.h \
tddl.h threads.h trousers_types.h tsp_audit.h \
tsp_delegate.h tsplog.h tspps.h tsp_seal.h \
- linux/tpm.h
+ linux/tpm.h tsp_tcsi_param.h
diff --git a/src/include/tsp_tcsi_param.h b/src/include/tsp_tcsi_param.h
new file mode 100644
index 0000000..1628250
--- /dev/null
+++ b/src/include/tsp_tcsi_param.h
@@ -0,0 +1,19 @@
+
+/*
+ * Licensed Materials - Property of IBM
+ *
+ * trousers - An open source TCG Software Stack
+ *
+ * (C) Copyright International Business Machines Corp. 2005, 2007, 2013
+ *
+ */
+
+/* Defines which environment var is responsible for setting the port to
+ * which the client will connect */
+#define PORT_ENV_VAR "TSS_TCSD_PORT"
+
+/* Defines which envionment var is responsible for setting the hostname to
+ * which the client will connect */
+#define HOSTNAME_ENV_VAR "TSS_TCSD_HOSTNAME"
+
+#define TCP_PORT_STR_MAX_LEN 6
diff --git a/src/tspi/Makefile.am b/src/tspi/Makefile.am
index 6b31e51..0dd257b 100644
--- a/src/tspi/Makefile.am
+++ b/src/tspi/Makefile.am
@@ -33,7 +33,8 @@ libtspi_la_SOURCES=log.c \
rpc/@RPC@/rpc_context.c \
rpc/tcs_api.c \
rpc/hosttable.c \
- rpc/@RPC@/rpc.c
+ rpc/@RPC@/rpc.c \
+ tsp_tcsi_param.c
if TSS_BUILD_ASYM_CRYPTO
libtspi_la_SOURCES+=tsp_asym.c
diff --git a/src/tspi/tsp_tcsi_param.c b/src/tspi/tsp_tcsi_param.c
new file mode 100644
index 0000000..670f86f
--- /dev/null
+++ b/src/tspi/tsp_tcsi_param.c
@@ -0,0 +1,161 @@
+
+/*
+ * Licensed Materials - Property of IBM
+ *
+ * trousers - An open source TCG Software Stack
+ *
+ * (C) Copyright International Business Machines Corp. 2005, 2007, 2013
+ *
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include <bits/local_lim.h>
+#include "trousers/tss.h"
+#include "trousers/trousers.h"
+#include "trousers_types.h"
+#include "tsplog.h"
+#include "spi_utils.h"
+#include "tsp_tcsi_param.h"
+
+#define RV_OK 0
+#define RV_NO_VALUE -1
+#define RV_NO_MEM -2
+#define RV_WRONG_VALUE -3
+#define RV_UNKNOWN_ERR -4
+
+int
+get_port_from_env(int *port)
+{
+ char *env_port;
+ char *raw_port_str;
+
+ env_port = getenv(PORT_ENV_VAR);
+ if (env_port == NULL)
+ return RV_NO_VALUE;
+
+ raw_port_str = strdup(env_port);
+ if (raw_port_str == NULL)
+ return RV_NO_MEM;
+
+ LogDebug("Found data in %s environment var: %s", PORT_ENV_VAR, raw_port_str);
+
+ *port = atoi(raw_port_str);
+ free(raw_port_str);
+ if (*port < 0 || *port > 65535) {
+ LogError("Environment var %s contains invalid port value!", PORT_ENV_VAR);
+ return RV_WRONG_VALUE;
+ }
+
+ return RV_OK;
+}
+
+TSS_RESULT
+convert_port_to_str(int port, char port_str[TCP_PORT_STR_MAX_LEN])
+{
+ if (snprintf(port_str, TCP_PORT_STR_MAX_LEN, "%d", port) < 0)
+ return TSPERR(TSS_E_INTERNAL_ERROR);
+
+ return TSS_SUCCESS;
+}
+
+TSS_RESULT
+get_tcsd_port(char port_str[TCP_PORT_STR_MAX_LEN])
+{
+ int rv, port = 0;
+
+ // Retrieves port from env var first
+ rv = get_port_from_env(&port);
+ switch(rv) {
+ case RV_OK:
+ return convert_port_to_str(port, port_str);
+ case RV_WRONG_VALUE:
+ return TSPERR(TSS_E_BAD_PARAMETER);
+ case RV_NO_MEM:
+ return TSPERR(TSS_E_OUTOFMEMORY);
+ case RV_NO_VALUE:
+ break;
+ }
+
+ // TODO: Future work retrieves port from config file.
+
+ // Last case, retrieve default port used by server.
+ return convert_port_to_str(TCSD_DEFAULT_PORT, port_str);
+}
+
+/**
+ * Allocates a string with up to HOST_NAME_MAX chars which contains
+ * the hostname extracted from the env var
+ */
+int
+get_hostname_from_env(char **host_str, unsigned *len)
+{
+ char *env_host, *tmp_str = NULL;
+ unsigned env_len;
+
+ // Tries to retrieve from env var first.
+ env_host = getenv(HOSTNAME_ENV_VAR);
+ if (env_host == NULL) {
+ *host_str = NULL;
+ *len = 0;
+ LogDebug("Got no value inside environment var %s.", HOSTNAME_ENV_VAR);
+ return RV_NO_VALUE;
+ }
+
+ tmp_str = strdup(env_host);
+ if (tmp_str == NULL)
+ return RV_NO_MEM;
+
+ LogDebug("Environment var %s got value: %s", HOSTNAME_ENV_VAR, tmp_str);
+ env_len = strlen(tmp_str);
+ if (env_len > HOST_NAME_MAX) {
+ *len = HOST_NAME_MAX + 1;
+ } else {
+ *len = env_len + 1;
+ }
+
+ *host_str = (char *)malloc(*len);
+ if (*host_str == NULL) {
+ LogError("Not enough memory when allocating string to retrieve host name from environment var");
+ free(tmp_str);
+ return RV_NO_MEM;
+ }
+
+ strncpy(*host_str, tmp_str, *len);
+ free(tmp_str);
+ return RV_OK;
+}
+
+TSS_RESULT
+get_tcsd_hostname(char **host_str, unsigned *len)
+{
+ int rv;
+
+ // Retrieve from environment var
+ rv = get_hostname_from_env(host_str, len);
+ switch(rv) {
+ case RV_OK:
+ LogDebug("Hostname %s will be used", *host_str);
+ return TSS_SUCCESS;
+ case RV_NO_MEM:
+ return TSPERR(TSS_E_OUTOFMEMORY);
+ case RV_NO_VALUE: // Tente obter de outra maneira
+ break;
+ default:
+ return TSPERR(TSS_E_INTERNAL_ERROR);
+ }
+
+ // TODO: Future work - Retrieve from config file
+
+ // Use localhost in last case.
+ *host_str = strdup(TSS_LOCALHOST_STRING);
+ if (*host_str == NULL)
+ return TSPERR(TSS_E_OUTOFMEMORY);
+
+ *len = sizeof(TSS_LOCALHOST_STRING);
+
+ LogDebug("Hostname %s will be used", *host_str);
+ return TSS_SUCCESS;
+}
+
-----------------------------------------------------------------------
Summary of changes:
src/include/Makefile.am | 2 +-
src/include/rpc_tcstp_tsp.h | 4 +-
src/include/tsp_tcsi_param.h | 19 +++++
src/tcs/rpc/tcstp/rpc.c | 49 +++++++------
src/tspi/Makefile.am | 3 +-
src/tspi/obj_context.c | 13 ++--
src/tspi/rpc/tcstp/rpc.c | 102 ++++++++++++++-------------
src/tspi/tsp_tcsi_param.c | 161 ++++++++++++++++++++++++++++++++++++++++++
8 files changed, 272 insertions(+), 81 deletions(-)
create mode 100644 src/include/tsp_tcsi_param.h
create mode 100644 src/tspi/tsp_tcsi_param.c
hooks/post-receive
--
Trousers
Trousers