Applied. http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers;a=commitdiff;h=4c8ecb654be842fc9cefbab0696b5aee042fe9cf
Thanks, Rajiv Andrade Security Development IBM Linux Technology Center On 21-06-2011 21:17, Stefan Berger wrote: > This patch adds support for a -c|--config <configfile> command line > option that allows one to start the tcsd with a configuration file other > than the default configuration file. > > - TCSD_CONFIG_FILE was renamed to TCSD_DEFAULT_CONFIG_FILE > - tcsd_config_file now holds the filename of the config file > - all occurrences of TCSD_CONFIG_FILE were replaced with > tcsd_config_file > - a '-c|--config <configfile>' command line option was introduced and > the optarg is stored in tcsd_config_file; if no such option is use, > TCSD_DEFAULT_CONFIG_FILE is stored into tcsd_config_file > > There was a problem with the handling of the 'h' option which I fixed > also -- it now again displays the usage. > > > Signed-off-by: Stefan Berger <[email protected]> > > > --- > man/man8/tcsd.8.in | 5 +++ > src/include/tcsd.h | 3 + > src/tcs/tcsi_evlog.c | 8 ++--- > src/tcsd/svrside.c | 19 +++++++++--- > src/tcsd/tcsd_conf.c | 78 > +++++++++++++++++++++++++-------------------------- > 5 files changed, 64 insertions(+), 49 deletions(-) > > Index: trousers/man/man8/tcsd.8.in > =================================================================== > --- trousers.orig/man/man8/tcsd.8.in > +++ trousers/man/man8/tcsd.8.in > @@ -28,6 +28,7 @@ tcsd \- daemon that manages Trusted Comp > .hy 0 > .B tcsd > .RB [ \-f ] > +.RB [ \-c\ <configfile>\ ] > > .SH "DESCRIPTION" > .PP > @@ -46,6 +47,10 @@ resources and handles requests from TSP' > \fB\-f\fR > run the daemon in the foreground > > +.TP > +\fB\-c <configfile>\fR > +use the provided configuration file rather than the default configuration > file > + > .SH "ACCESS CONTROL" > .PP > There are two types of access control for the \fBtcsd\fR, access to the > Index: trousers/src/include/tcsd.h > =================================================================== > --- trousers.orig/src/include/tcsd.h > +++ trousers/src/include/tcsd.h > @@ -48,7 +48,8 @@ struct tcsd_config > of this TCS System */ > }; > > -#define TCSD_CONFIG_FILE ETC_PREFIX "/tcsd.conf" > +#define TCSD_DEFAULT_CONFIG_FILE ETC_PREFIX "/tcsd.conf" > +extern char *tcsd_config_file; > > #define TSS_USER_NAME "tss" > #define TSS_GROUP_NAME "tss" > Index: trousers/src/tcsd/svrside.c > =================================================================== > --- trousers.orig/src/tcsd/svrside.c > +++ trousers/src/tcsd/svrside.c > @@ -44,6 +44,7 @@ struct tpm_properties tpm_metrics; > static volatile int hup = 0, term = 0; > extern char *optarg; > int sd; > +char *tcsd_config_file; > > static void > tcsd_shutdown(void) > @@ -189,10 +190,11 @@ tcsd_startup(void) > void > usage(void) > { > - fprintf(stderr, "\tusage: tcsd [-f] [-h]\n\n"); > + fprintf(stderr, "\tusage: tcsd [-f] [-e] [-c <config file> [-h]\n\n"); > fprintf(stderr, "\t-f|--foreground\trun in the foreground. Logging goes > to stderr " > "instead of syslog.\n"); > - fprintf(stderr, "\t-e| attempts to connect to software TPMs over TCP"); > + fprintf(stderr, "\t-e| attempts to connect to software TPMs over > TCP\n"); > + fprintf(stderr, "\t-c|--config\tpath to configuration file\n"); > fprintf(stderr, "\t-h|--help\tdisplay this help message\n"); > fprintf(stderr, "\n"); > } > @@ -223,20 +225,24 @@ main(int argc, char **argv) > struct option long_options[] = { > {"help", 0, NULL, 'h'}, > {"foreground", 0, NULL, 'f'}, > + {"config", 1, NULL, 'c'}, > {0, 0, 0, 0} > }; > > unsetenv("TCSD_USE_TCP_DEVICE"); > - while ((c = getopt_long(argc, argv, "fhe", long_options, > &option_index)) != -1) { > + while ((c = getopt_long(argc, argv, "fhec:", long_options, > &option_index)) != -1) { > switch (c) { > case 'f': > setenv("TCSD_FOREGROUND", "1", 1); > break; > - case 'h': > - /* fall through */ > + case 'c': > + tcsd_config_file = optarg; > + break; > case 'e': > setenv("TCSD_USE_TCP_DEVICE", "1", 1); > break; > + case 'h': > + /* fall through */ > default: > usage(); > return -1; > @@ -244,6 +250,9 @@ main(int argc, char **argv) > } > } > > + if (!tcsd_config_file) > + tcsd_config_file = TCSD_DEFAULT_CONFIG_FILE; > + > if ((result = tcsd_startup())) > return (int)result; > > Index: trousers/src/tcsd/tcsd_conf.c > =================================================================== > --- trousers.orig/src/tcsd/tcsd_conf.c > +++ trousers/src/tcsd/tcsd_conf.c > @@ -286,7 +286,7 @@ read_conf_line(char *buf, int line_num, > tmp_int = atoi(arg); > if (tmp_int < 0 || tmp_int > 65535) { > LogError("Config option \"port\" out of range. %s:%d: > \"%d\"", > - TCSD_CONFIG_FILE, line_num, tmp_int); > + tcsd_config_file, line_num, tmp_int); > return TCSERR(TSS_E_INTERNAL_ERROR); > } else { > conf->port = tmp_int; > @@ -297,7 +297,7 @@ read_conf_line(char *buf, int line_num, > tmp_int = atoi(arg); > if (tmp_int <= 0) { > LogError("Config option \"num_threads\" out of range. > %s:%d: \"%d\"", > - TCSD_CONFIG_FILE, line_num, tmp_int); > + tcsd_config_file, line_num, tmp_int); > return TCSERR(TSS_E_INTERNAL_ERROR); > } else { > conf->num_threads = tmp_int; > @@ -319,7 +319,7 @@ read_conf_line(char *buf, int line_num, > conf->firmware_pcrs |= (1 << tmp_int); > else > LogError("Config option > \"firmware_pcrs\" is out of range." > - "%s:%d: \"%d\"", > TCSD_CONFIG_FILE, line_num, > + "%s:%d: \"%d\"", > tcsd_config_file, line_num, > tmp_int); > break; > } > @@ -330,7 +330,7 @@ read_conf_line(char *buf, int line_num, > conf->firmware_pcrs |= (1 << tmp_int); > else > LogError("Config option \"firmware_pcrs\" is > out of range. " > - "%s:%d: \"%d\"", TCSD_CONFIG_FILE, > line_num, tmp_int); > + "%s:%d: \"%d\"", tcsd_config_file, > line_num, tmp_int); > } > break; > case opt_kernel_pcrs: > @@ -348,7 +348,7 @@ read_conf_line(char *buf, int line_num, > conf->kernel_pcrs |= (1 << tmp_int); > else > LogError("Config option \"kernel_pcrs\" > is out of range. " > - "%s:%d: \"%d\"", > TCSD_CONFIG_FILE, line_num, > + "%s:%d: \"%d\"", > tcsd_config_file, line_num, > tmp_int); > break; > } > @@ -359,24 +359,24 @@ read_conf_line(char *buf, int line_num, > conf->kernel_pcrs |= (1 << tmp_int); > else > LogError("Config option \"kernel_pcrs\" is out > of range. " > - "%s:%d: \"%d\"", TCSD_CONFIG_FILE, > line_num, tmp_int); > + "%s:%d: \"%d\"", tcsd_config_file, > line_num, tmp_int); > } > break; > case opt_system_ps_file: > if (*arg != '/') { > LogError("Config option \"system_ps_dir\" must be an > absolute path name. " > - "%s:%d: \"%s\"", TCSD_CONFIG_FILE, line_num, > arg); > + "%s:%d: \"%s\"", tcsd_config_file, line_num, > arg); > } else { > char *dir_ptr; > int rc; > > if ((rc = get_file_path(arg, &tmp_ptr)) < 0) { > LogError("Config option \"system_ps_file\" is > invalid." > - " %s:%d: \"%s\"", TCSD_CONFIG_FILE, > line_num, arg); > + " %s:%d: \"%s\"", tcsd_config_file, > line_num, arg); > return TCSERR(TSS_E_INTERNAL_ERROR); > } else if (rc > 0) { > LogError("Config option \"system_ps_file\" is > invalid. %s:%d:" > - " \"%s\"", TCSD_CONFIG_FILE, line_num, > tmp_ptr); > + " \"%s\"", tcsd_config_file, line_num, > tmp_ptr); > return TCSERR(TSS_E_INTERNAL_ERROR); > } > if (tmp_ptr == NULL) > @@ -408,17 +408,17 @@ read_conf_line(char *buf, int line_num, > case opt_kernel_log: > if (*arg != '/') { > LogError("Config option \"kernel_log\" must be an > absolute path name." > - " %s:%d: \"%s\"", TCSD_CONFIG_FILE, line_num, > arg); > + " %s:%d: \"%s\"", tcsd_config_file, line_num, > arg); > } else { > int rc; > > if ((rc = get_file_path(arg, &tmp_ptr)) < 0) { > LogError("Config option \"kernel_log\" is > invalid. %s:%d: \"%s\"", > - TCSD_CONFIG_FILE, line_num, arg); > + tcsd_config_file, line_num, arg); > return TCSERR(TSS_E_INTERNAL_ERROR); > } else if (rc > 0) { > LogError("Config option \"kernel_log\" is > invalid. %s:%d: \"%s\"", > - TCSD_CONFIG_FILE, line_num, tmp_ptr); > + tcsd_config_file, line_num, tmp_ptr); > return TCSERR(TSS_E_INTERNAL_ERROR); > } > if (tmp_ptr == NULL) > @@ -434,17 +434,17 @@ read_conf_line(char *buf, int line_num, > case opt_firmware_log: > if (*arg != '/') { > LogError("Config option \"firmware_log\" must be an > absolute path name." > - " %s:%d: \"%s\"", TCSD_CONFIG_FILE, line_num, > arg); > + " %s:%d: \"%s\"", tcsd_config_file, line_num, > arg); > } else { > int rc; > > if ((rc = get_file_path(arg, &tmp_ptr)) < 0) { > LogError("Config option \"firmware_log\" is > invalid. %s:%d: \"%s\"", > - TCSD_CONFIG_FILE, line_num, arg); > + tcsd_config_file, line_num, arg); > return TCSERR(TSS_E_INTERNAL_ERROR); > } else if (rc > 0) { > LogError("Config option \"firmware_log\" is > invalid. %s:%d: \"%s\"", > - TCSD_CONFIG_FILE, line_num, tmp_ptr); > + tcsd_config_file, line_num, tmp_ptr); > return TCSERR(TSS_E_INTERNAL_ERROR); > } > if (tmp_ptr == NULL) > @@ -460,17 +460,17 @@ read_conf_line(char *buf, int line_num, > case opt_platform_cred: > if (*arg != '/') { > LogError("Config option \"platform_cred\" must be an > absolute path name. " > - "%s:%d: \"%s\"", TCSD_CONFIG_FILE, > line_num, arg); > + "%s:%d: \"%s\"", tcsd_config_file, > line_num, arg); > } else { > int rc; > > if ((rc = get_file_path(arg, &tmp_ptr)) < 0) { > LogError("Config option \"platform_cred\" is > invalid. %s:%d: " > - "\"%s\"", TCSD_CONFIG_FILE, > line_num, arg); > + "\"%s\"", tcsd_config_file, > line_num, arg); > return TCSERR(TSS_E_INTERNAL_ERROR); > } else if (rc > 0) { > LogError("Config option \"platform_cred\" is > invalid. %s:%d: " > - "\"%s\"", TCSD_CONFIG_FILE, > line_num, tmp_ptr); > + "\"%s\"", tcsd_config_file, > line_num, tmp_ptr); > return TCSERR(TSS_E_INTERNAL_ERROR); > } > if (tmp_ptr == NULL) > @@ -486,17 +486,17 @@ read_conf_line(char *buf, int line_num, > case opt_conformance_cred: > if (*arg != '/') { > LogError("Config option \"conformance_cred\" must be an > absolute path name." > - " %s:%d: \"%s\"", TCSD_CONFIG_FILE, > line_num, arg); > + " %s:%d: \"%s\"", tcsd_config_file, > line_num, arg); > } else { > int rc; > > if ((rc = get_file_path(arg, &tmp_ptr)) < 0) { > LogError("Config option \"conformance_cred\" is > invalid. %s:%d: " > - "\"%s\"", TCSD_CONFIG_FILE, > line_num, arg); > + "\"%s\"", tcsd_config_file, > line_num, arg); > return TCSERR(TSS_E_INTERNAL_ERROR); > } else if (rc > 0) { > LogError("Config option \"conformance_cred\" is > invalid. %s:%d: " > - "\"%s\"", TCSD_CONFIG_FILE, > line_num, tmp_ptr); > + "\"%s\"", tcsd_config_file, > line_num, tmp_ptr); > return TCSERR(TSS_E_INTERNAL_ERROR); > } > if (tmp_ptr == NULL) > @@ -512,17 +512,17 @@ read_conf_line(char *buf, int line_num, > case opt_endorsement_cred: > if (*arg != '/') { > LogError("Config option \"endorsement_cred\" must be an > absolute path name." > - " %s:%d: \"%s\"", TCSD_CONFIG_FILE, > line_num, arg); > + " %s:%d: \"%s\"", tcsd_config_file, > line_num, arg); > } else { > int rc; > > if ((rc = get_file_path(arg, &tmp_ptr)) < 0) { > LogError("Config option \"endorsement_cred\" is > invalid. %s:%d: " > - "\"%s\"", TCSD_CONFIG_FILE, > line_num, arg); > + "\"%s\"", tcsd_config_file, > line_num, arg); > return TCSERR(TSS_E_INTERNAL_ERROR); > } else if (rc > 0) { > LogError("Config option \"endorsement_cred\" is > invalid. %s:%d: " > - "\"%s\"", TCSD_CONFIG_FILE, > line_num, tmp_ptr); > + "\"%s\"", tcsd_config_file, > line_num, tmp_ptr); > return TCSERR(TSS_E_INTERNAL_ERROR); > } > if (tmp_ptr == NULL) > @@ -548,7 +548,7 @@ read_conf_line(char *buf, int line_num, > if (comma != NULL) { > if (tcsd_set_remote_op(conf, comma)) { > LogError("Config option > \"remote_ops\" is invalid. " > - "%s:%d: \"%s\"", > TCSD_CONFIG_FILE, > + "%s:%d: \"%s\"", > tcsd_config_file, > line_num, comma); > } > } > @@ -558,7 +558,7 @@ read_conf_line(char *buf, int line_num, > *comma++ = '\0'; > if (tcsd_set_remote_op(conf, comma)) { > LogError("Config option \"remote_ops\" is > invalid. " > - "%s:%d: \"%s\"", TCSD_CONFIG_FILE, > line_num, comma); > + "%s:%d: \"%s\"", tcsd_config_file, > line_num, comma); > } > } > break; > @@ -566,7 +566,7 @@ read_conf_line(char *buf, int line_num, > tmp_int = atoi(arg); > if (tmp_int < 0 || tmp_int > 1) { > LogError("Config option \"enforce_exclusive_transport\" > out of range." > - " %s:%d: \"%d\"", TCSD_CONFIG_FILE, line_num, > tmp_int); > + " %s:%d: \"%d\"", tcsd_config_file, line_num, > tmp_int); > return TCSERR(TSS_E_INTERNAL_ERROR); > } else { > conf->exclusive_transport = tmp_int; > @@ -583,14 +583,14 @@ read_conf_line(char *buf, int line_num, > /* At least one comma: error - more than one host class defined > */ > if (comma != NULL) { > LogError("Config option \"host_platform_class\" error: > more than one " > - "defined. %s:%d: \"%s\"", TCSD_CONFIG_FILE, > line_num, comma); > + "defined. %s:%d: \"%s\"", tcsd_config_file, > line_num, comma); > return TCSERR(TSS_E_INTERNAL_ERROR); > } else { > comma = arg; > /* Add the platform class on the list */ > if ((result = platform_class_list_append(conf, comma, > TRUE))){ > LogError("Config option \"host_platform_class\" > invalid. " > - "%s:%d: \"%s\"", TCSD_CONFIG_FILE, > line_num, comma); > + "%s:%d: \"%s\"", tcsd_config_file, > line_num, comma); > return result; > } > } > @@ -610,7 +610,7 @@ read_conf_line(char *buf, int line_num, > if ((result = > platform_class_list_append(conf, comma, > > FALSE))) { > LogError("Config option > \"all_platform_class\" " > - "invalid. %s:%d: > \"%s\"", TCSD_CONFIG_FILE, > + "invalid. %s:%d: > \"%s\"", tcsd_config_file, > line_num, comma); > return result; > } > @@ -621,14 +621,14 @@ read_conf_line(char *buf, int line_num, > /* Add the platform class on the list */ > if ((result = platform_class_list_append(conf, comma, > FALSE))) { > LogError("Config option \"all_platform_class\" > invalid. " > - "%s:%d: \"%s\"", TCSD_CONFIG_FILE, > line_num, comma); > + "%s:%d: \"%s\"", tcsd_config_file, > line_num, comma); > return result; > } > } > break; > default: > /* bail out on any unknown option */ > - LogError("Unknown config option %s:%d \"%s\"!", > TCSD_CONFIG_FILE, line_num, arg); > + LogError("Unknown config option %s:%d \"%s\"!", > tcsd_config_file, line_num, arg); > return TCSERR(TSS_E_INTERNAL_ERROR); > } > > @@ -724,14 +724,14 @@ conf_file_init(struct tcsd_config *conf) > */ > #endif > /* look for a config file, create if it doesn't exist */ > - if (stat(TCSD_CONFIG_FILE, &stat_buf) == -1) { > + if (stat(tcsd_config_file, &stat_buf) == -1) { > if (errno == ENOENT) { > /* no config file? use defaults */ > config_set_defaults(conf); > - LogInfo("Config file %s not found, using defaults.", > TCSD_CONFIG_FILE); > + LogInfo("Config file %s not found, using defaults.", > tcsd_config_file); > return TSS_SUCCESS; > } else { > - LogError("stat(%s): %s", TCSD_CONFIG_FILE, > strerror(errno)); > + LogError("stat(%s): %s", tcsd_config_file, > strerror(errno)); > return TCSERR(TSS_E_INTERNAL_ERROR); > } > } > @@ -764,20 +764,20 @@ conf_file_init(struct tcsd_config *conf) > > /* make sure user/group TSS owns the conf file */ > if (pw->pw_uid != stat_buf.st_uid || grp->gr_gid != stat_buf.st_gid) { > - LogError("TCSD config file (%s) must be user/group %s/%s", > TCSD_CONFIG_FILE, > + LogError("TCSD config file (%s) must be user/group %s/%s", > tcsd_config_file, > TSS_USER_NAME, TSS_GROUP_NAME); > return TCSERR(TSS_E_INTERNAL_ERROR); > } > > /* make sure only the tss user can manipulate the config file */ > if (((stat_buf.st_mode & 0777) ^ mode) != 0) { > - LogError("TCSD config file (%s) must be mode 0600", > TCSD_CONFIG_FILE); > + LogError("TCSD config file (%s) must be mode 0600", > tcsd_config_file); > return TCSERR(TSS_E_INTERNAL_ERROR); > } > #endif /* SOLARIS */ > > - if ((f = fopen(TCSD_CONFIG_FILE, "r")) == NULL) { > - LogError("fopen(%s): %s", TCSD_CONFIG_FILE, strerror(errno)); > + if ((f = fopen(tcsd_config_file, "r")) == NULL) { > + LogError("fopen(%s): %s", tcsd_config_file, strerror(errno)); > return TCSERR(TSS_E_INTERNAL_ERROR); > } > > Index: trousers/src/tcs/tcsi_evlog.c > =================================================================== > --- trousers.orig/src/tcs/tcsi_evlog.c > +++ trousers/src/tcs/tcsi_evlog.c > @@ -85,7 +85,7 @@ TCS_GetExternalPcrEvent(UINT32 PcrIndex, > } else { > LogError("No source for externel kernel events was > compiled in, but " > "the tcsd is configured to use one! > (see %s)", > - TCSD_CONFIG_FILE); > + tcsd_config_file); > return TCSERR(TSS_E_INTERNAL_ERROR); > } > } else if (tcsd_options.firmware_pcrs & (1 << PcrIndex)) { > @@ -105,7 +105,7 @@ TCS_GetExternalPcrEvent(UINT32 PcrIndex, > } else { > LogError("No source for externel firmware events was > compiled in, but " > "the tcsd is configured to use one! > (see %s)", > - TCSD_CONFIG_FILE); > + tcsd_config_file); > return TCSERR(TSS_E_INTERNAL_ERROR); > } > } else { > @@ -200,7 +200,7 @@ TCS_GetExternalPcrEventsByPcr(UINT32 Pcr > } else { > LogError("No source for externel kernel events was > compiled in, but " > "the tcsd is configured to use one! > (see %s)", > - TCSD_CONFIG_FILE); > + tcsd_config_file); > return TCSERR(TSS_E_INTERNAL_ERROR); > } > } else if (tcsd_options.firmware_pcrs & (1 << PcrIndex)) { > @@ -220,7 +220,7 @@ TCS_GetExternalPcrEventsByPcr(UINT32 Pcr > } else { > LogError("No source for externel firmware events was > compiled in, but " > "the tcsd is configured to use one! > (see %s)", > - TCSD_CONFIG_FILE); > + tcsd_config_file); > return TCSERR(TSS_E_INTERNAL_ERROR); > } > } else { > > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > TrouSerS-tech mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/trousers-tech ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ TrouSerS-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-tech
