Implement support for uid and gid parameters that allows us to set the file
ownership of a UnixIO socket.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement support for a mode parameter that allows us to set the file
mode bits on a UnixIO socket.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Create tpmlib_register_callbacks and call it to register the
libtpms callbacks a lot earlier. Before it was done in tpmlib_start,
which was invoked by CMD_INIT, which was after state blobs could
have been set already.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Validate the state blobs after they have been set (during
state migration) so that we can fall back to the migration
source in case they are not accepted by the TPM.
This patch requires the latest version of libtpms 0.6
from the master branch.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Avoid using the expect tool as much as possible. Use it only if
the user requested a special owner and/or SRK password.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use the passwords as specified by the user also when only temporarily
taking ownership. Use the zero password in case nothing has been
provided by the user. This is a first step to loosen the dependency
on expect, which pulls in too many dependencies.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
In case the poll() is interrupted by a signal handler and we
get EINTR, we loop again assuming that the signal handler will
send us a notification to end.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
POLLERR is indicated in some error cases when using the chardev with the
vtpm_proxy with runc. In case the flag is set, we terminate the client
connection rather than endlessly looping.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
File descriptors 0, 1, and 2, when used for file descriptor passing,
as is the case in some older version of runc/docker-ce (17.06), do
not work. So we refuse accepting these values and log the error message.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Only pass through the vmid parameter to the tool creating the cert
if this parameter was set. The tool creating the cert may require
it or ignore it and is supposed to be able to track certificates
for which it minted certs using this parameter.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The certificate chain could not be verified due to a wrong
API call for getting the authority key id where the key id
was gotten instead.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Determine the size of the unix_path parameter and then only copy
those number of bytes + terminating null into the destination.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Determine the size of the unix_path parameter and then only copy
those number of bytes + terminating null into the destination.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Check whether filename and input pointers are NULL pointers.
Per previous code this is currently not possibly but should
resolve some issues with Coverity.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use void * for the command rather than tpm_header *, which we do
not need. This addresses a few Coverity complaints.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Move some of the debugging output into its own function and
differentiate output by TPM Version number.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add options --overwrite and --not-overwrite to allow or prevent
overwriting of existing TPM state. If neiter of the options is
given and existing state is found, an error is returned.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement a command for setting and querying the buffer size the
TPM implementation (libtpms) is using. The setting of the
buffersize allows to reduce the size of the buffer to a size
that the interface can support so that these two sizes match
and the TPM will not produce larger responses than what the
interface can support.
Extend swtpm_ioctl with an option to set the buffersize.
Adapt the existing tests to reflect the newly supported command.
Implement a new test for getting/setting of the buffer size.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Changeset aa3999 introduced a segfault when calling
ctrlchannel_set_client_fd() with a NULL pointer. Like all the other
functions, we return with -1 in this case.
Since the segfault occurred on process shutdown no problems were
noticeable through bad test results or so.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Introduce another parameter to ctrlchannel_new and server_new
to pass the Unix socket's path. Implement ctrlchannel_free and
server_free to clean up and remove the Unix socket's path.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement ctrlchannel_set_client_fd() to set a new client
fd and return its current value.
Use this new function to set the file descriptor to -1 upon
closing its associate file descriptor in the main loop.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement server_set_fd() function to get the current file descriptor
and set a new one on the server structure.
Use this function to transfer the server file descriptor from the
server structure to the mainloop structure and have the main loop
close the file descriptor.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
On OpenBSD the socket's name would be cut short by one letter at the
end due to an off-by-one for the calculated sockaddr struct's length.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The control channel of a UnixIO socket is not supported
on Cygwin, so do not present this flag. Return an error
if this command is run.
Adapt the test case.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Cast the exponent to unsigned long int to avoid a compiler
error reporting comparison of signed and unsigned integers.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Consider TPM_PORT environment at the time of parsing server options. This way we
can avoid the code duplication, hence removed obslote code.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
As objected by QEMU upstream developers to use two different sockets for
starting/using of swtpm, This commit adds support for passing unix domain
socket over control channel.
The summary of the changes include:
- Defined new control command CMD_SET_DATAFD, using this clients can send data
socket.
- set mlp.fd and mlp.flags outside of the mainloop
- updated the testcases
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
In preparation for receiving control messages via UnixIO sockets,
switch to recvmsg() for receiving the first chunk of data.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Enable receiving control commands in small chnunks. Allow 500ms
for the whole control command to be received.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add the missing PTM_CAP_GET_CONFIG to the returned flags.
Fix the order of the flags on the way.
Fix the test cases that test for the flags.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Remove the check for the FUSE_IOCTL_COMPAT flag to make a 32bit
CUSE swtpm work on 64bit host.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Fix possible illegal buffer access in case a character device
is used via ioctl. In this case we have to make sure we only
access the number of bytes in the ioctl structure itself.
In case of a socket, make sure we received enough bytes to
be able to access the payload.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Change the startup behavior with respect to requiring an INIT command
via control channel. We change this for the socket and chardev
interfaces so that the behavior now is the same as that of the CUSE
interface.
Introduce the --flag not-need-init command line option for the socket
and chardev interfaces to allow the old behavior using this option.
Adapt some of the test cases and swtpm_setup.sh.in that now need this
command line flag.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Allow running swtpm_setup directly as tss user using the following
command lines as an example for how to do it:
mkdir /tmp/test-tss
chown tss:tss /tmp/test-tss
chmod 770 /tmp/test-tss
su -c "swtpm_setup --tpm-state /tmp/test-tss" -s /bin/sh tss
This change prevents us from requiring invocation under the root
user.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Replace the show_help variable with change_user varaible with
opposite logic. The name of the variable is better for upcoming
changes.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
If the return code from the command processing function is 0,
get the error code from the command response and return that one
instead. The problem was that clients though resetting the
establishment bit worked in locality 0 for example, while it did
not.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Return the number of bytes received in case ctrlcmd does not
use an ioctl because in this case we need to know how many bytes
we received in the response.
The receiving of the state blob also needs to take into account
how many bytes were received in the initial response so we write
the proper amount of bytes from that response into the file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
While parsing the options we modified the argv[] values and
the commas disappeared, which showed when checking for the
swtpm processes using 'ps'. So, work on a copy of the options
parameter.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
There was an offset bug in the code getting the state blobs
from a client.
Also fix an endianess bug in a control channel command.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement allow-set-locality for CUSE TPM and extend the existing
locality test case with commands that try to write the SetLocality
comamnd to the device.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement support for --locality allow-set-locality option that
is primarily useful in cases when the VTPM proxy access is enabled
by file descriptor passing.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add options for locality handling so that commands in locality
4 for example are rejected per command line parameter. This is
useful when the vTPM is used with containers.
Also implement the custom TPM/TPM2_SetLocality command to allow
the Linux vTPM proxy driver to set the locality in which subsequent
TPM commands will be executed.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Fix the missing check of return code from handle_server_options
to check for negative value like all the other checks also do.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use logprintf wherever possible. While the logging is not set up,
print error messages to stderr and prefix them with 'swtpm: '. After
the logging has been set up all error messages go into the log file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use a buffer for printing in TPM_PrintAll. Emit the buffer
upon a new line. This prepares for printing every line with
a prefix.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add MAIN_LOOP_FLAG_READALL for non SOCK_STREAM client sockets. This allows
reading all socket data once.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
swtpm server is closing the client data connection after serving a single
request, which shall not happen. Hence added MAIN_LOOP_FLAG_KEEP_CONNECTION
mainloop flag to keep the client data connection alive, till client is alive.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
New option '--ctrl clientfd=<fd>' is added to the control socket parameters.
The passed 'fd' is used as control channel client-fd and treated as single
client mode.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Initialize variables in ctrlchannel_return_state so that all error cases
are properly handled.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
