This patch addresses CVE-2020-28407.
Use the open() call rather than the fopen() call when creating a pidfile.
Also prevent us from following symbolic links when opening the pidfile for
writing.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch addresses CVE-2020-28407.
Prevent us from following symliks when we open the lockfile
for writing.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Due to recent changes in tcsd, it doesn't accept 'tss:tss 0600' anymore
for the tcsd config file but we need to use 'root:tss 0640' for it.
So far only Fedora seems to be affected. It now depends on whether tcsd
has been patched what ownership is required. So we try first the old
configuration and then the new one.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Lift the code that sets up the vtpm proxy device out of the main
function and put it into its own function.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Since the config files created by the swtpm-create-user-config-files
script will shadow those typically installed in /etc, we now require the
option --root if 'root' runs this script so that root is aware what he is
doing.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
$ dpkg-buildpackage -us -uc
dpkg-buildpackage: info: source package swtpm
dpkg-buildpackage: info: source version 0.5.0-1
dpkg-buildpackage: info: source distribution RELEASED
dpkg-buildpackage: info: source changed by Stefan Berger <stefanb@linux.ibm.com>
dpkg-source: error: can't build with source format '3.0 (native)':
native package version may not have a revision
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Also fix an error in the man page on the way. 'startup-deactivated'
can only be used with a TPM 1.2, not a TPM 2.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
To force the installation of the python programs add a python-install
target. This solves an installation issue with non-standard prefix,
like not using /usr or /usr/local, as may be the case on OS X (Apple)
when using homebrew. It leaves the 'make distcheck' working, which also
uses a non-standard prefix and where we don't want to install the tools
due to issues with removing them afterwards where pip3 cannot be used.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch fixes the path to swtpm-localca to avoid this type of
error because of swtpm_localca_conf having been created in another
directory. This error occurred whan running
sudo bash -c "make -j32 distcheck"
Traceback (most recent call last):
File "/home/stefanb/tmp/swtpm/swtpm-0.5.0/samples/swtpm-localca", line 5, in <
from py_swtpm_localca.swtpm_localca import main
File "/home/stefanb/tmp/swtpm/swtpm-0.5.0/samples/py_swtpm_localca/swtpm_local
from py_swtpm_localca.swtpm_localca_conf import SYSCONFDIR
ModuleNotFoundError: No module named 'py_swtpm_localca.swtpm_localca_conf'
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
To support writing state files atomically we first write into
a temporary file and then rename it.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Some distros (openSUSE) have deprecated the 'net-tools' package,
so we allow for 'ss' as an alternative tool from the
iproute/iproute2 package. This is only relevant for test cases.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
To avoid clashes with libtpms print functions, prefix the print function
in swtpm with SWTPM_ rather than TPM_. This may matter on older systems
where libtpms could call into swtpm's TPM_PrintAll function due to it
having the same name as libtpms's function.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
When creating the user config files, fall back to using ${HOME}/.config
if XDG_CONFIG_HOME is not set on a system.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Start tpm2-abrmd for the test case 'test_tpm2_samples_create_tpmca' rather than
expecting it to be already running.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Pass the CA's private key password via the template file. Remove recently
added old GnuTLS support. Extend man page with a paragraph about short-
comings of certtool that doesn't seem to allow private key password being
passed either as environment variable or template file.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Older versions of GnuTLS need --password on the command line while
newer versions require GNUTLS_PIN to be set to pass the password.
So, this patch accomodates older versions of GnuTLS.
Older version of GnuTLS seem to NOT be able to handle a CA private
key needing a password and a signing key needing a password when
creating the intermediate CA. So this case of 2 passwords will
always fail.
The value of the local CA is not so high that passing passwords on
the command line would be an issue. Later on when using the CA the
password are set via environment variables, so not visible to other
users.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add support for pkcs11 module environment variables to the config file.
These variables may have the following format:
env:VARNAME=VALUE
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Extend the man pages with further locations for the options and config
files in ${XDG_CONFIG_HOME} or ${HOME}/.confg.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
During the rewrite the additonal "/.config/" got dropped from the
path when using ${HOME} for locating he default config file.
Re-add it.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Apply the password for the signing key and parent key when creating a
platform certificate. The bug was introduced in commit 961bb827
"samples: Use new pwd format option for secretly passing passwords"
Extend a test case to ensure that the passwords are always used.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
When the local CA was create the signing key of the intermediate CA
was not properly protected by the passwords. This patch fixes this.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
The only place where pip is required is in src/swtpm_setup/Makefile.am, l. 48,
to uninstall a manually built package. Most people will have pip already
installed, since it comes bundled with Python by default. It might not be
installed by default in minimal build environments used for distribution
packaging, but these rely on the file tracking by a package manager instead of
using "make uninstall".
In conclusion, I think requiring pip is only helpful for a very limited number
of people, and is just a superfluous build dependency for distribution
packagers. Issuing a warning that the package cannot be uninstalled cleanly if
pip is not found seems enough.
Signed-off-by: Jonas Witschel <diabonas@archlinux.org>
Distributions often have their own guidelines regarding installation of Python
modules (e.g. Arch Linux mandates using --optimize=1 for setup.py install,
which the Makefile in this project does not do). Add an option
"--disable-python-installation" (disabled by default) to allow skipping the
Python installation process entirely so that distributions can take care of
this process manually in their preferred way.
Signed-off-by: Jonas Witschel <diabonas@archlinux.org>
Clang complains if eiher one of those linker flags are used during compilation:
clang-9: error: -Wl,-z,relro: 'linker' input unused [-Werror,-Wunused-command-line-argument]
clang-9: error: -Wl,-z,now: 'linker' input unused [-Werror,-Wunused-command-line-argument]
This patch applies those flags only when linking.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Cygwin's linker does not support -Wl,-z,relro and -Wl,-z,now and
AC_COMPILE_IFELSE did only compile but not link, so it wouldn't detect
whether these flags are supported. So, use AC_LINK_IFELSE to detect
support for these flags.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Get rid of the 'c' code that only changed the user and add for support of
the --runas option to change to a different user in the python part.
To get 'make distcheck' to work I needed to name the swtpm_setup python
script with the suffix .in so that it gets copied to the build directory
as swtpm_setup. We need to change execute permissions on this file after
copying.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
