When developing with tcsd it is currently required to create the user/group TSS:TSS since tcsd will switch to it and check that config and state files are owned by it. This can be troublesome in development environments where you want to run tcsd as a user and not mess with global system settings.
Add configure switch --disable-usercheck for disable the TSS:TSS need of tcsd: - No tcsd.conf and /var/lib/tpm owner-checking - No switching to user by tcsd - No useradd/groupadd and userdel/groupdel - No chowns and chmods - Warning at start of tcsd about this behaviour Signed-off-by: Andreas Fuchs <[email protected]> --- configure.in | 7 +++++++ dist/Makefile.am | 13 ++++++++++--- src/tcsd/svrside.c | 5 +++++ src/tcsd/tcsd_conf.c | 2 ++ 4 files changed, 24 insertions(+), 3 deletions(-) diff --git a/configure.in b/configure.in index c37177f..8dda289 100644 --- a/configure.in +++ b/configure.in @@ -86,6 +86,13 @@ AC_ARG_ENABLE(strict-spec-compliance, SPEC_COMP=1 AC_MSG_RESULT([*** Enabling spec compliance at user request ***])],) +# user+group checking +AC_ARG_ENABLE(usercheck, + [AC_HELP_STRING([--disable-usercheck], [build TrouSerS without checking and setting of user/group tss [default=on] (Caution: This is intended for development purposes only.)])], + [AS_IF([test "x$enableval" = "xno"], [CFLAGS="$CFLAGS -DNOUSERCHECK" + AC_MSG_RESULT([*** Disabling user checking at user request ***])])],) +AM_CONDITIONAL(NOUSERCHECK, [test "x$enable_usercheck" = "xno"]) + # daa math lib: gmp or openssl (default openssl) MATH_DEFINE=BI_OPENSSL AC_ARG_WITH([gmp], diff --git a/dist/Makefile.am b/dist/Makefile.am index 09448fd..372736a 100644 --- a/dist/Makefile.am +++ b/dist/Makefile.am @@ -1,19 +1,26 @@ EXTRA_DIST = system.data.auth system.data.noauth \ fedora/fedora.initrd.tcsd + install: install-exec-hook if test ! -e ${DESTDIR}/@sysconfdir@/tcsd.conf; then mkdir -p ${DESTDIR}/@sysconfdir@ && cp tcsd.conf ${DESTDIR}/@sysconfdir@; fi +if !NOUSERCHECK /bin/chown tss:tss ${DESTDIR}/@sysconfdir@/tcsd.conf || true /bin/chmod 0600 ${DESTDIR}/@sysconfdir@/tcsd.conf +endif install-exec-hook: + /bin/sh -c 'if [ ! -e ${DESTDIR}/@localstatedir@/lib/tpm ];then mkdir -p ${DESTDIR}/@localstatedir@/lib/tpm; fi' +if !NOUSERCHECK /usr/sbin/groupadd tss || true /usr/sbin/useradd -r tss -g tss || true - /bin/sh -c 'if [ ! -e ${DESTDIR}/@localstatedir@/lib/tpm ];then mkdir -p ${DESTDIR}/@localstatedir@/lib/tpm; fi' /bin/chown tss:tss ${DESTDIR}/@localstatedir@/lib/tpm || true /bin/chmod 0700 ${DESTDIR}/@localstatedir@/lib/tpm +endif uninstall-hook: - /usr/sbin/userdel tss || true - /usr/sbin/groupdel tss || true rm ${DESTDIR}/@sysconfdir@/tcsd.conf rmdir ${DESTDIR}/@localstatedir@/lib/tpm +if !NOUSERCHECK + /usr/sbin/userdel tss || true + /usr/sbin/groupdel tss || true +endif diff --git a/src/tcsd/svrside.c b/src/tcsd/svrside.c index fca9d18..807d1ea 100644 --- a/src/tcsd/svrside.c +++ b/src/tcsd/svrside.c @@ -441,6 +441,10 @@ main(int argc, char **argv) if ((result = tcsd_startup())) return (int)result; +#ifdef NOUSERCHECK + LogWarn("will not switch user or check for file permissions. " + "(Compiled with --disable-usercheck)"); +#else #ifndef SOLARIS pwd = getpwnam(TSS_USER_NAME); if (pwd == NULL) { @@ -454,6 +458,7 @@ main(int argc, char **argv) } setuid(pwd->pw_uid); #endif +#endif if (setup_server_sockets(socks_info) == -1) { LogError("Could not create sockets to listen to connections. Aborting..."); diff --git a/src/tcsd/tcsd_conf.c b/src/tcsd/tcsd_conf.c index 587f933..a31503d 100644 --- a/src/tcsd/tcsd_conf.c +++ b/src/tcsd/tcsd_conf.c @@ -770,6 +770,7 @@ conf_file_init(struct tcsd_config *conf) } } +#ifndef NOUSERCHECK #ifndef SOLARIS /* find the gid that owns the conf file */ errno = 0; @@ -809,6 +810,7 @@ conf_file_init(struct tcsd_config *conf) return TCSERR(TSS_E_INTERNAL_ERROR); } #endif /* SOLARIS */ +#endif /* NOUSERCHECK */ if ((f = fopen(tcsd_config_file, "r")) == NULL) { LogError("fopen(%s): %s", tcsd_config_file, strerror(errno)); -- 1.7.10.4 ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk _______________________________________________ TrouSerS-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-tech
