[TrouSerS-tech] Patch for tcs

Wed, 23 Mar 2011 11:40:49 -0700 

Rajiv -
  Below is a patch for the tcs so it does some basic authorization checks 
before allowing
modifications to the system PS database.  If you accept it, go ahead and strip 
out the
"ifdef SOLARIS" parts.

-Wyllys Ingersoll

--- tcs/rpc/tcstp/rpc_ps.c.orig 2011-03-23 11:01:54.707428173 -0700
+++ tcs/rpc/tcstp/rpc_ps.c      2011-03-23 11:27:00.753845441 -0700
@@ -26,6 +26,29 @@
 #include "tcs_utils.h"
 #include "rpc_tcstp_tcs.h"

+#ifdef SOLARIS
+#include <ucred.h>
+#include <errno.h>
+
+static TSS_RESULT
+verify_peer(struct tcsd_thread_data *data)
+{
+       ucred_t *uc = NULL;
+       if (getpeerucred(data->sock, &uc)) {
+               LogError("Failed to get peer credential (%s)",
+                   strerror(errno));
+               return TCSERR(TSS_E_TSP_AUTHFAIL);
+       }
+       if (ucred_geteuid(uc) != 0) {
+               LogError("Unauthorized attempt to modify a system key",
+                   strerror(errno));
+               ucred_free(uc);
+               return TCSERR(TSS_E_TSP_AUTHFAIL);
+       }
+       ucred_free(uc);
+       return (TSS_SUCCESS);
+}
+#endif

 TSS_RESULT
 tcs_wrap_RegisterKey(struct tcsd_thread_data *data)
@@ -38,6 +61,10 @@
        UINT32 cVendorData;
        BYTE *gbVendorData;
        TSS_RESULT result;
+#ifdef SOLARIS
+       if ( (result = verify_peer(data)) != TSS_SUCCESS)
+               return (result);
+#endif

        if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm))
                return TCSERR(TSS_E_INTERNAL_ERROR);
@@ -99,6 +126,10 @@
        TCS_CONTEXT_HANDLE hContext;
        TSS_UUID uuid;
        TSS_RESULT result;
+#ifdef SOLARIS
+       if ( (result = verify_peer(data)) != TSS_SUCCESS)
+               return (result);
+#endif

        if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm))
                return TCSERR(TSS_E_INTERNAL_ERROR);


------------------------------------------------------------------------------
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software 
be a part of the solution? Download the Intel(R) Manageability Checker 
today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________
TrouSerS-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-tech

Reply via email to