Acked-by: Joel Schopp <[email protected]> On 10/09/2013 02:29 AM, Fuchs, Andreas wrote: > When developing with tcsd it is currently required to create the user/group > TSS:TSS since tcsd will switch to it and check that config and state files > are owned by it. This can be troublesome in development environments where > you want to run tcsd as a user and not mess with global system settings. > > Add configure switch --disable-usercheck for disable the TSS:TSS need of tcsd: > - No tcsd.conf and /var/lib/tpm owner-checking > - No switching to user by tcsd > - No useradd/groupadd and userdel/groupdel > - No chowns and chmods > - Warning at start of tcsd about this behaviour > > Signed-off-by: Andreas Fuchs <[email protected]> > --- > configure.in | 7 +++++++ > dist/Makefile.am | 13 ++++++++++--- > src/tcsd/svrside.c | 5 +++++ > src/tcsd/tcsd_conf.c | 2 ++ > 4 files changed, 24 insertions(+), 3 deletions(-) > > diff --git a/configure.in b/configure.in > index c37177f..8dda289 100644 > --- a/configure.in > +++ b/configure.in > @@ -86,6 +86,13 @@ AC_ARG_ENABLE(strict-spec-compliance, > SPEC_COMP=1 > AC_MSG_RESULT([*** Enabling spec compliance at user request > ***])],) > > +# user+group checking > +AC_ARG_ENABLE(usercheck, > + [AC_HELP_STRING([--disable-usercheck], [build TrouSerS without > checking and setting of user/group tss [default=on] (Caution: This is > intended for development purposes only.)])], > + [AS_IF([test "x$enableval" = "xno"], [CFLAGS="$CFLAGS > -DNOUSERCHECK" > + AC_MSG_RESULT([*** Disabling user checking at user request > ***])])],) > +AM_CONDITIONAL(NOUSERCHECK, [test "x$enable_usercheck" = "xno"]) > + > # daa math lib: gmp or openssl (default openssl) > MATH_DEFINE=BI_OPENSSL > AC_ARG_WITH([gmp], > diff --git a/dist/Makefile.am b/dist/Makefile.am > index 09448fd..372736a 100644 > --- a/dist/Makefile.am > +++ b/dist/Makefile.am > @@ -1,19 +1,26 @@ > EXTRA_DIST = system.data.auth system.data.noauth \ > fedora/fedora.initrd.tcsd > + > install: install-exec-hook > if test ! -e ${DESTDIR}/@sysconfdir@/tcsd.conf; then mkdir -p > ${DESTDIR}/@sysconfdir@ && cp tcsd.conf ${DESTDIR}/@sysconfdir@; fi > +if !NOUSERCHECK > /bin/chown tss:tss ${DESTDIR}/@sysconfdir@/tcsd.conf || true > /bin/chmod 0600 ${DESTDIR}/@sysconfdir@/tcsd.conf > +endif > > install-exec-hook: > + /bin/sh -c 'if [ ! -e ${DESTDIR}/@localstatedir@/lib/tpm ];then mkdir > -p ${DESTDIR}/@localstatedir@/lib/tpm; fi' > +if !NOUSERCHECK > /usr/sbin/groupadd tss || true > /usr/sbin/useradd -r tss -g tss || true > - /bin/sh -c 'if [ ! -e ${DESTDIR}/@localstatedir@/lib/tpm ];then mkdir > -p ${DESTDIR}/@localstatedir@/lib/tpm; fi' > /bin/chown tss:tss ${DESTDIR}/@localstatedir@/lib/tpm || true > /bin/chmod 0700 ${DESTDIR}/@localstatedir@/lib/tpm > +endif > > uninstall-hook: > - /usr/sbin/userdel tss || true > - /usr/sbin/groupdel tss || true > rm ${DESTDIR}/@sysconfdir@/tcsd.conf > rmdir ${DESTDIR}/@localstatedir@/lib/tpm > +if !NOUSERCHECK > + /usr/sbin/userdel tss || true > + /usr/sbin/groupdel tss || true > +endif > diff --git a/src/tcsd/svrside.c b/src/tcsd/svrside.c > index fca9d18..807d1ea 100644 > --- a/src/tcsd/svrside.c > +++ b/src/tcsd/svrside.c > @@ -441,6 +441,10 @@ main(int argc, char **argv) > if ((result = tcsd_startup())) > return (int)result; > > +#ifdef NOUSERCHECK > + LogWarn("will not switch user or check for file permissions. " > + "(Compiled with --disable-usercheck)"); > +#else > #ifndef SOLARIS > pwd = getpwnam(TSS_USER_NAME); > if (pwd == NULL) { > @@ -454,6 +458,7 @@ main(int argc, char **argv) > } > setuid(pwd->pw_uid); > #endif > +#endif > > if (setup_server_sockets(socks_info) == -1) { > LogError("Could not create sockets to listen to connections. > Aborting..."); > diff --git a/src/tcsd/tcsd_conf.c b/src/tcsd/tcsd_conf.c > index 587f933..a31503d 100644 > --- a/src/tcsd/tcsd_conf.c > +++ b/src/tcsd/tcsd_conf.c > @@ -770,6 +770,7 @@ conf_file_init(struct tcsd_config *conf) > } > } > > +#ifndef NOUSERCHECK > #ifndef SOLARIS > /* find the gid that owns the conf file */ > errno = 0; > @@ -809,6 +810,7 @@ conf_file_init(struct tcsd_config *conf) > return TCSERR(TSS_E_INTERNAL_ERROR); > } > #endif /* SOLARIS */ > +#endif /* NOUSERCHECK */ > > if ((f = fopen(tcsd_config_file, "r")) == NULL) { > LogError("fopen(%s): %s", tcsd_config_file, strerror(errno)); >
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk _______________________________________________ TrouSerS-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-tech
