These new configuration options will provide information for tcsd related to IP protocol usage. Former indicates that the daemon must not bind itself to IPv4 local addresses, while the latter refer to IPv6 local addresses.
Signed-off-by: Richard Maciel <[email protected]> --- dist/tcsd.conf.in | 21 +++++++++++++++++++++ src/include/tcsd.h | 10 +++++++++- src/tcsd/tcsd_conf.c | 33 +++++++++++++++++++++++++++++++++ 3 files changed, 63 insertions(+), 1 deletion(-) diff --git a/dist/tcsd.conf.in b/dist/tcsd.conf.in index 215c23f..2bf23e0 100644 --- a/dist/tcsd.conf.in +++ b/dist/tcsd.conf.in @@ -168,3 +168,24 @@ # all_platform_classes = PC_11,PDA_12,SERVER_12,MOBILE_12 # +# +# Option: disable_ipv4 +# Values: 0 or 1 +# Description: This options determines if the TCSD will bind itself to the +# machine's local IPv4 addresses in order to receive requisitions through +# its TCP port. Value of 1 disables IPv4 support, so clients cannot reach +# TCSD using that protocol. +# +# disable_ipv4 = 0 +# + +# +# Option: disable_ipv6 +# Values: 0 or 1 +# Description: This options determines if the TCSD will bind itself to the +# machine's local IPv6 addresses in order to receive requisitions through +# its TCP port. Value of 1 disables IPv6 support, so clients cannot reach +# TCSD using that protocol. +# +# disable_ipv6 = 0 +# diff --git a/src/include/tcsd.h b/src/include/tcsd.h index e5a8852..a7387ee 100644 --- a/src/include/tcsd.h +++ b/src/include/tcsd.h @@ -46,6 +46,8 @@ struct tcsd_config struct platform_class *host_platform_class; /* Host platform class of this TCS System */ struct platform_class *all_platform_classes; /* List of platform classes of this TCS System */ + int disable_ipv4; + int disable_ipv6; }; #define TCSD_DEFAULT_CONFIG_FILE ETC_PREFIX "/tcsd.conf" @@ -61,6 +63,8 @@ extern char *tcsd_config_file; #define TCSD_DEFAULT_KERNEL_LOG_FILE "/sys/kernel/security/ima/binary_runtime_measurements" #define TCSD_DEFAULT_FIRMWARE_PCRS 0x00000000 #define TCSD_DEFAULT_KERNEL_PCRS 0x00000000 +#define TCSD_DEFAULT_DISABLE_IPV4 0 +#define TCSD_DEFAULT_DISABLE_IPV6 0 /* This will change when a system with more than 32 PCR's exists */ #define TCSD_MAX_PCRS 32 @@ -97,6 +101,8 @@ struct tcg_platform_spec { #define TCSD_OPTION_REMOTE_OPS 0x0400 #define TCSD_OPTION_EXCLUSIVE_TRANSPORT 0x0800 #define TCSD_OPTION_HOST_PLATFORM_CLASS 0x1000 +#define TCSD_OPTION_DISABLE_IPV4 0x2000 +#define TCSD_OPTION_DISABLE_IPV6 0x4000 #define TSS_TCP_RPC_MAX_DATA_LEN 1048576 #define TSS_TCP_RPC_BAD_PACKET_TYPE 0x10000000 @@ -115,7 +121,9 @@ enum tcsd_config_option_code { opt_remote_ops, opt_exclusive_transport, opt_host_platform_class, - opt_all_platform_classes + opt_all_platform_classes, + opt_disable_ipv4, + opt_disable_ipv6 }; struct tcsd_config_options { diff --git a/src/tcsd/tcsd_conf.c b/src/tcsd/tcsd_conf.c index 292df39..587f933 100644 --- a/src/tcsd/tcsd_conf.c +++ b/src/tcsd/tcsd_conf.c @@ -51,6 +51,8 @@ struct tcsd_config_options options_list[] = { {"enforce_exclusive_transport", opt_exclusive_transport}, {"host_platform_class", opt_host_platform_class}, {"all_platform_classes", opt_all_platform_classes}, + {"disable_ipv4", opt_disable_ipv4}, + {"disable_ipv6", opt_disable_ipv6}, {NULL, 0} }; @@ -83,6 +85,8 @@ init_tcsd_config(struct tcsd_config *conf) conf->exclusive_transport = 0; conf->host_platform_class = NULL; conf->all_platform_classes = NULL; + conf->disable_ipv4 = 0; + conf->disable_ipv6 = 0; } TSS_RESULT @@ -162,6 +166,12 @@ config_set_defaults(struct tcsd_config *conf) if (conf->unset & TCSD_OPTION_HOST_PLATFORM_CLASS) platform_class_list_append(conf, "PC_12", TRUE); + + if (conf->unset & TCSD_OPTION_DISABLE_IPV4) + conf->disable_ipv4 = TCSD_DEFAULT_DISABLE_IPV4; + + if (conf->unset & TCSD_OPTION_DISABLE_IPV6) + conf->disable_ipv6 = TCSD_DEFAULT_DISABLE_IPV6; } int @@ -627,6 +637,29 @@ read_conf_line(char *buf, int line_num, struct tcsd_config *conf) } } break; + case opt_disable_ipv4: + tmp_int = atoi(arg); + if (tmp_int < 0 || tmp_int > 1) { + LogError("Config option \"disable_ipv4\" out of range." + " %s:%d: \"%d\"", tcsd_config_file, line_num, tmp_int); + return TCSERR(TSS_E_INTERNAL_ERROR); + } else { + conf->disable_ipv4 = tmp_int; + conf->unset &= ~TCSD_OPTION_DISABLE_IPV4; + } + + break; + case opt_disable_ipv6: + tmp_int = atoi(arg); + if (tmp_int < 0 || tmp_int > 1) { + LogError("Config option \"disable_ipv6\" out of range." + " %s:%d: \"%d\"", tcsd_config_file, line_num, tmp_int); + return TCSERR(TSS_E_INTERNAL_ERROR); + } else { + conf->disable_ipv6 = tmp_int; + conf->unset &= ~TCSD_OPTION_DISABLE_IPV6; + } + break; default: /* bail out on any unknown option */ LogError("Unknown config option %s:%d \"%s\"!", tcsd_config_file, line_num, arg); -- 1.8.1.4 ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ TrouSerS-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-tech
