This patch adds support for a -c|--config <configfile> command line option that allows one to start the tcsd with a configuration file other than the default configuration file.
- TCSD_CONFIG_FILE was renamed to TCSD_DEFAULT_CONFIG_FILE - tcsd_config_file now holds the filename of the config file - all occurrences of TCSD_CONFIG_FILE were replaced with tcsd_config_file - a '-c|--config <configfile>' command line option was introduced and the optarg is stored in tcsd_config_file; if no such option is use, TCSD_DEFAULT_CONFIG_FILE is stored into tcsd_config_file There was a problem with the handling of the 'h' option which I fixed also -- it now again displays the usage. Signed-off-by: Stefan Berger <[email protected]> --- man/man8/tcsd.8.in | 5 +++ src/include/tcsd.h | 3 + src/tcs/tcsi_evlog.c | 8 ++--- src/tcsd/svrside.c | 19 +++++++++--- src/tcsd/tcsd_conf.c | 78 +++++++++++++++++++++++++-------------------------- 5 files changed, 64 insertions(+), 49 deletions(-) Index: trousers/man/man8/tcsd.8.in =================================================================== --- trousers.orig/man/man8/tcsd.8.in +++ trousers/man/man8/tcsd.8.in @@ -28,6 +28,7 @@ tcsd \- daemon that manages Trusted Comp .hy 0 .B tcsd .RB [ \-f ] +.RB [ \-c\ <configfile>\ ] .SH "DESCRIPTION" .PP @@ -46,6 +47,10 @@ resources and handles requests from TSP' \fB\-f\fR run the daemon in the foreground +.TP +\fB\-c <configfile>\fR +use the provided configuration file rather than the default configuration file + .SH "ACCESS CONTROL" .PP There are two types of access control for the \fBtcsd\fR, access to the Index: trousers/src/include/tcsd.h =================================================================== --- trousers.orig/src/include/tcsd.h +++ trousers/src/include/tcsd.h @@ -48,7 +48,8 @@ struct tcsd_config of this TCS System */ }; -#define TCSD_CONFIG_FILE ETC_PREFIX "/tcsd.conf" +#define TCSD_DEFAULT_CONFIG_FILE ETC_PREFIX "/tcsd.conf" +extern char *tcsd_config_file; #define TSS_USER_NAME "tss" #define TSS_GROUP_NAME "tss" Index: trousers/src/tcsd/svrside.c =================================================================== --- trousers.orig/src/tcsd/svrside.c +++ trousers/src/tcsd/svrside.c @@ -44,6 +44,7 @@ struct tpm_properties tpm_metrics; static volatile int hup = 0, term = 0; extern char *optarg; int sd; +char *tcsd_config_file; static void tcsd_shutdown(void) @@ -189,10 +190,11 @@ tcsd_startup(void) void usage(void) { - fprintf(stderr, "\tusage: tcsd [-f] [-h]\n\n"); + fprintf(stderr, "\tusage: tcsd [-f] [-e] [-c <config file> [-h]\n\n"); fprintf(stderr, "\t-f|--foreground\trun in the foreground. Logging goes to stderr " "instead of syslog.\n"); - fprintf(stderr, "\t-e| attempts to connect to software TPMs over TCP"); + fprintf(stderr, "\t-e| attempts to connect to software TPMs over TCP\n"); + fprintf(stderr, "\t-c|--config\tpath to configuration file\n"); fprintf(stderr, "\t-h|--help\tdisplay this help message\n"); fprintf(stderr, "\n"); } @@ -223,20 +225,24 @@ main(int argc, char **argv) struct option long_options[] = { {"help", 0, NULL, 'h'}, {"foreground", 0, NULL, 'f'}, + {"config", 1, NULL, 'c'}, {0, 0, 0, 0} }; unsetenv("TCSD_USE_TCP_DEVICE"); - while ((c = getopt_long(argc, argv, "fhe", long_options, &option_index)) != -1) { + while ((c = getopt_long(argc, argv, "fhec:", long_options, &option_index)) != -1) { switch (c) { case 'f': setenv("TCSD_FOREGROUND", "1", 1); break; - case 'h': - /* fall through */ + case 'c': + tcsd_config_file = optarg; + break; case 'e': setenv("TCSD_USE_TCP_DEVICE", "1", 1); break; + case 'h': + /* fall through */ default: usage(); return -1; @@ -244,6 +250,9 @@ main(int argc, char **argv) } } + if (!tcsd_config_file) + tcsd_config_file = TCSD_DEFAULT_CONFIG_FILE; + if ((result = tcsd_startup())) return (int)result; Index: trousers/src/tcsd/tcsd_conf.c =================================================================== --- trousers.orig/src/tcsd/tcsd_conf.c +++ trousers/src/tcsd/tcsd_conf.c @@ -286,7 +286,7 @@ read_conf_line(char *buf, int line_num, tmp_int = atoi(arg); if (tmp_int < 0 || tmp_int > 65535) { LogError("Config option \"port\" out of range. %s:%d: \"%d\"", - TCSD_CONFIG_FILE, line_num, tmp_int); + tcsd_config_file, line_num, tmp_int); return TCSERR(TSS_E_INTERNAL_ERROR); } else { conf->port = tmp_int; @@ -297,7 +297,7 @@ read_conf_line(char *buf, int line_num, tmp_int = atoi(arg); if (tmp_int <= 0) { LogError("Config option \"num_threads\" out of range. %s:%d: \"%d\"", - TCSD_CONFIG_FILE, line_num, tmp_int); + tcsd_config_file, line_num, tmp_int); return TCSERR(TSS_E_INTERNAL_ERROR); } else { conf->num_threads = tmp_int; @@ -319,7 +319,7 @@ read_conf_line(char *buf, int line_num, conf->firmware_pcrs |= (1 << tmp_int); else LogError("Config option \"firmware_pcrs\" is out of range." - "%s:%d: \"%d\"", TCSD_CONFIG_FILE, line_num, + "%s:%d: \"%d\"", tcsd_config_file, line_num, tmp_int); break; } @@ -330,7 +330,7 @@ read_conf_line(char *buf, int line_num, conf->firmware_pcrs |= (1 << tmp_int); else LogError("Config option \"firmware_pcrs\" is out of range. " - "%s:%d: \"%d\"", TCSD_CONFIG_FILE, line_num, tmp_int); + "%s:%d: \"%d\"", tcsd_config_file, line_num, tmp_int); } break; case opt_kernel_pcrs: @@ -348,7 +348,7 @@ read_conf_line(char *buf, int line_num, conf->kernel_pcrs |= (1 << tmp_int); else LogError("Config option \"kernel_pcrs\" is out of range. " - "%s:%d: \"%d\"", TCSD_CONFIG_FILE, line_num, + "%s:%d: \"%d\"", tcsd_config_file, line_num, tmp_int); break; } @@ -359,24 +359,24 @@ read_conf_line(char *buf, int line_num, conf->kernel_pcrs |= (1 << tmp_int); else LogError("Config option \"kernel_pcrs\" is out of range. " - "%s:%d: \"%d\"", TCSD_CONFIG_FILE, line_num, tmp_int); + "%s:%d: \"%d\"", tcsd_config_file, line_num, tmp_int); } break; case opt_system_ps_file: if (*arg != '/') { LogError("Config option \"system_ps_dir\" must be an absolute path name. " - "%s:%d: \"%s\"", TCSD_CONFIG_FILE, line_num, arg); + "%s:%d: \"%s\"", tcsd_config_file, line_num, arg); } else { char *dir_ptr; int rc; if ((rc = get_file_path(arg, &tmp_ptr)) < 0) { LogError("Config option \"system_ps_file\" is invalid." - " %s:%d: \"%s\"", TCSD_CONFIG_FILE, line_num, arg); + " %s:%d: \"%s\"", tcsd_config_file, line_num, arg); return TCSERR(TSS_E_INTERNAL_ERROR); } else if (rc > 0) { LogError("Config option \"system_ps_file\" is invalid. %s:%d:" - " \"%s\"", TCSD_CONFIG_FILE, line_num, tmp_ptr); + " \"%s\"", tcsd_config_file, line_num, tmp_ptr); return TCSERR(TSS_E_INTERNAL_ERROR); } if (tmp_ptr == NULL) @@ -408,17 +408,17 @@ read_conf_line(char *buf, int line_num, case opt_kernel_log: if (*arg != '/') { LogError("Config option \"kernel_log\" must be an absolute path name." - " %s:%d: \"%s\"", TCSD_CONFIG_FILE, line_num, arg); + " %s:%d: \"%s\"", tcsd_config_file, line_num, arg); } else { int rc; if ((rc = get_file_path(arg, &tmp_ptr)) < 0) { LogError("Config option \"kernel_log\" is invalid. %s:%d: \"%s\"", - TCSD_CONFIG_FILE, line_num, arg); + tcsd_config_file, line_num, arg); return TCSERR(TSS_E_INTERNAL_ERROR); } else if (rc > 0) { LogError("Config option \"kernel_log\" is invalid. %s:%d: \"%s\"", - TCSD_CONFIG_FILE, line_num, tmp_ptr); + tcsd_config_file, line_num, tmp_ptr); return TCSERR(TSS_E_INTERNAL_ERROR); } if (tmp_ptr == NULL) @@ -434,17 +434,17 @@ read_conf_line(char *buf, int line_num, case opt_firmware_log: if (*arg != '/') { LogError("Config option \"firmware_log\" must be an absolute path name." - " %s:%d: \"%s\"", TCSD_CONFIG_FILE, line_num, arg); + " %s:%d: \"%s\"", tcsd_config_file, line_num, arg); } else { int rc; if ((rc = get_file_path(arg, &tmp_ptr)) < 0) { LogError("Config option \"firmware_log\" is invalid. %s:%d: \"%s\"", - TCSD_CONFIG_FILE, line_num, arg); + tcsd_config_file, line_num, arg); return TCSERR(TSS_E_INTERNAL_ERROR); } else if (rc > 0) { LogError("Config option \"firmware_log\" is invalid. %s:%d: \"%s\"", - TCSD_CONFIG_FILE, line_num, tmp_ptr); + tcsd_config_file, line_num, tmp_ptr); return TCSERR(TSS_E_INTERNAL_ERROR); } if (tmp_ptr == NULL) @@ -460,17 +460,17 @@ read_conf_line(char *buf, int line_num, case opt_platform_cred: if (*arg != '/') { LogError("Config option \"platform_cred\" must be an absolute path name. " - "%s:%d: \"%s\"", TCSD_CONFIG_FILE, line_num, arg); + "%s:%d: \"%s\"", tcsd_config_file, line_num, arg); } else { int rc; if ((rc = get_file_path(arg, &tmp_ptr)) < 0) { LogError("Config option \"platform_cred\" is invalid. %s:%d: " - "\"%s\"", TCSD_CONFIG_FILE, line_num, arg); + "\"%s\"", tcsd_config_file, line_num, arg); return TCSERR(TSS_E_INTERNAL_ERROR); } else if (rc > 0) { LogError("Config option \"platform_cred\" is invalid. %s:%d: " - "\"%s\"", TCSD_CONFIG_FILE, line_num, tmp_ptr); + "\"%s\"", tcsd_config_file, line_num, tmp_ptr); return TCSERR(TSS_E_INTERNAL_ERROR); } if (tmp_ptr == NULL) @@ -486,17 +486,17 @@ read_conf_line(char *buf, int line_num, case opt_conformance_cred: if (*arg != '/') { LogError("Config option \"conformance_cred\" must be an absolute path name." - " %s:%d: \"%s\"", TCSD_CONFIG_FILE, line_num, arg); + " %s:%d: \"%s\"", tcsd_config_file, line_num, arg); } else { int rc; if ((rc = get_file_path(arg, &tmp_ptr)) < 0) { LogError("Config option \"conformance_cred\" is invalid. %s:%d: " - "\"%s\"", TCSD_CONFIG_FILE, line_num, arg); + "\"%s\"", tcsd_config_file, line_num, arg); return TCSERR(TSS_E_INTERNAL_ERROR); } else if (rc > 0) { LogError("Config option \"conformance_cred\" is invalid. %s:%d: " - "\"%s\"", TCSD_CONFIG_FILE, line_num, tmp_ptr); + "\"%s\"", tcsd_config_file, line_num, tmp_ptr); return TCSERR(TSS_E_INTERNAL_ERROR); } if (tmp_ptr == NULL) @@ -512,17 +512,17 @@ read_conf_line(char *buf, int line_num, case opt_endorsement_cred: if (*arg != '/') { LogError("Config option \"endorsement_cred\" must be an absolute path name." - " %s:%d: \"%s\"", TCSD_CONFIG_FILE, line_num, arg); + " %s:%d: \"%s\"", tcsd_config_file, line_num, arg); } else { int rc; if ((rc = get_file_path(arg, &tmp_ptr)) < 0) { LogError("Config option \"endorsement_cred\" is invalid. %s:%d: " - "\"%s\"", TCSD_CONFIG_FILE, line_num, arg); + "\"%s\"", tcsd_config_file, line_num, arg); return TCSERR(TSS_E_INTERNAL_ERROR); } else if (rc > 0) { LogError("Config option \"endorsement_cred\" is invalid. %s:%d: " - "\"%s\"", TCSD_CONFIG_FILE, line_num, tmp_ptr); + "\"%s\"", tcsd_config_file, line_num, tmp_ptr); return TCSERR(TSS_E_INTERNAL_ERROR); } if (tmp_ptr == NULL) @@ -548,7 +548,7 @@ read_conf_line(char *buf, int line_num, if (comma != NULL) { if (tcsd_set_remote_op(conf, comma)) { LogError("Config option \"remote_ops\" is invalid. " - "%s:%d: \"%s\"", TCSD_CONFIG_FILE, + "%s:%d: \"%s\"", tcsd_config_file, line_num, comma); } } @@ -558,7 +558,7 @@ read_conf_line(char *buf, int line_num, *comma++ = '\0'; if (tcsd_set_remote_op(conf, comma)) { LogError("Config option \"remote_ops\" is invalid. " - "%s:%d: \"%s\"", TCSD_CONFIG_FILE, line_num, comma); + "%s:%d: \"%s\"", tcsd_config_file, line_num, comma); } } break; @@ -566,7 +566,7 @@ read_conf_line(char *buf, int line_num, tmp_int = atoi(arg); if (tmp_int < 0 || tmp_int > 1) { LogError("Config option \"enforce_exclusive_transport\" out of range." - " %s:%d: \"%d\"", TCSD_CONFIG_FILE, line_num, tmp_int); + " %s:%d: \"%d\"", tcsd_config_file, line_num, tmp_int); return TCSERR(TSS_E_INTERNAL_ERROR); } else { conf->exclusive_transport = tmp_int; @@ -583,14 +583,14 @@ read_conf_line(char *buf, int line_num, /* At least one comma: error - more than one host class defined */ if (comma != NULL) { LogError("Config option \"host_platform_class\" error: more than one " - "defined. %s:%d: \"%s\"", TCSD_CONFIG_FILE, line_num, comma); + "defined. %s:%d: \"%s\"", tcsd_config_file, line_num, comma); return TCSERR(TSS_E_INTERNAL_ERROR); } else { comma = arg; /* Add the platform class on the list */ if ((result = platform_class_list_append(conf, comma, TRUE))){ LogError("Config option \"host_platform_class\" invalid. " - "%s:%d: \"%s\"", TCSD_CONFIG_FILE, line_num, comma); + "%s:%d: \"%s\"", tcsd_config_file, line_num, comma); return result; } } @@ -610,7 +610,7 @@ read_conf_line(char *buf, int line_num, if ((result = platform_class_list_append(conf, comma, FALSE))) { LogError("Config option \"all_platform_class\" " - "invalid. %s:%d: \"%s\"", TCSD_CONFIG_FILE, + "invalid. %s:%d: \"%s\"", tcsd_config_file, line_num, comma); return result; } @@ -621,14 +621,14 @@ read_conf_line(char *buf, int line_num, /* Add the platform class on the list */ if ((result = platform_class_list_append(conf, comma, FALSE))) { LogError("Config option \"all_platform_class\" invalid. " - "%s:%d: \"%s\"", TCSD_CONFIG_FILE, line_num, comma); + "%s:%d: \"%s\"", tcsd_config_file, line_num, comma); return result; } } break; default: /* bail out on any unknown option */ - LogError("Unknown config option %s:%d \"%s\"!", TCSD_CONFIG_FILE, line_num, arg); + LogError("Unknown config option %s:%d \"%s\"!", tcsd_config_file, line_num, arg); return TCSERR(TSS_E_INTERNAL_ERROR); } @@ -724,14 +724,14 @@ conf_file_init(struct tcsd_config *conf) */ #endif /* look for a config file, create if it doesn't exist */ - if (stat(TCSD_CONFIG_FILE, &stat_buf) == -1) { + if (stat(tcsd_config_file, &stat_buf) == -1) { if (errno == ENOENT) { /* no config file? use defaults */ config_set_defaults(conf); - LogInfo("Config file %s not found, using defaults.", TCSD_CONFIG_FILE); + LogInfo("Config file %s not found, using defaults.", tcsd_config_file); return TSS_SUCCESS; } else { - LogError("stat(%s): %s", TCSD_CONFIG_FILE, strerror(errno)); + LogError("stat(%s): %s", tcsd_config_file, strerror(errno)); return TCSERR(TSS_E_INTERNAL_ERROR); } } @@ -764,20 +764,20 @@ conf_file_init(struct tcsd_config *conf) /* make sure user/group TSS owns the conf file */ if (pw->pw_uid != stat_buf.st_uid || grp->gr_gid != stat_buf.st_gid) { - LogError("TCSD config file (%s) must be user/group %s/%s", TCSD_CONFIG_FILE, + LogError("TCSD config file (%s) must be user/group %s/%s", tcsd_config_file, TSS_USER_NAME, TSS_GROUP_NAME); return TCSERR(TSS_E_INTERNAL_ERROR); } /* make sure only the tss user can manipulate the config file */ if (((stat_buf.st_mode & 0777) ^ mode) != 0) { - LogError("TCSD config file (%s) must be mode 0600", TCSD_CONFIG_FILE); + LogError("TCSD config file (%s) must be mode 0600", tcsd_config_file); return TCSERR(TSS_E_INTERNAL_ERROR); } #endif /* SOLARIS */ - if ((f = fopen(TCSD_CONFIG_FILE, "r")) == NULL) { - LogError("fopen(%s): %s", TCSD_CONFIG_FILE, strerror(errno)); + if ((f = fopen(tcsd_config_file, "r")) == NULL) { + LogError("fopen(%s): %s", tcsd_config_file, strerror(errno)); return TCSERR(TSS_E_INTERNAL_ERROR); } Index: trousers/src/tcs/tcsi_evlog.c =================================================================== --- trousers.orig/src/tcs/tcsi_evlog.c +++ trousers/src/tcs/tcsi_evlog.c @@ -85,7 +85,7 @@ TCS_GetExternalPcrEvent(UINT32 PcrIndex, } else { LogError("No source for externel kernel events was compiled in, but " "the tcsd is configured to use one! (see %s)", - TCSD_CONFIG_FILE); + tcsd_config_file); return TCSERR(TSS_E_INTERNAL_ERROR); } } else if (tcsd_options.firmware_pcrs & (1 << PcrIndex)) { @@ -105,7 +105,7 @@ TCS_GetExternalPcrEvent(UINT32 PcrIndex, } else { LogError("No source for externel firmware events was compiled in, but " "the tcsd is configured to use one! (see %s)", - TCSD_CONFIG_FILE); + tcsd_config_file); return TCSERR(TSS_E_INTERNAL_ERROR); } } else { @@ -200,7 +200,7 @@ TCS_GetExternalPcrEventsByPcr(UINT32 Pcr } else { LogError("No source for externel kernel events was compiled in, but " "the tcsd is configured to use one! (see %s)", - TCSD_CONFIG_FILE); + tcsd_config_file); return TCSERR(TSS_E_INTERNAL_ERROR); } } else if (tcsd_options.firmware_pcrs & (1 << PcrIndex)) { @@ -220,7 +220,7 @@ TCS_GetExternalPcrEventsByPcr(UINT32 Pcr } else { LogError("No source for externel firmware events was compiled in, but " "the tcsd is configured to use one! (see %s)", - TCSD_CONFIG_FILE); + tcsd_config_file); return TCSERR(TSS_E_INTERNAL_ERROR); } } else { ------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev _______________________________________________ TrouSerS-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-tech
