Hi people? How have you been? I started to use TrouSers some days ago to make a remote connection with TPM. For while I am using TPM Emulator.
I uncommented the line remote_ops in the file tcsd.conf and I enabled some commands to be accepted. However, during the development I have had some problems to establish the connection using the function Tspi_Context_Connect(hContext, host). The return message was: Tspi_Context_Connect failed: 0x00002002 - layer=tcs, code=0002 (2), General failure I took a look in tcsd log and the message was: TCSD TCS ERROR: Error retrieving local socket address: Success TCSD TCS Denied OpenContext operation from localhost To make sure that this problem was not in my program, I made some tests with the program tpm_version. The same problem was being happened. I searched for a lot in the internet to see whether someone had the same problem but I didn't have success. So the only thing that rest to me was to take a look in the source code to understand what was the problem. Unfortunately analyzing the source code I found two problems in the file "trousers-trousers/src/tcs/rpc/tcstp/rpc.c" inside of the function access_control. The first one was in the line 527 where the return of the function getpeername() is treated of wrong way. This function return zero to success otherwise error. In the source code this part is inverted. The second one was after line 541 and in the line 551 where was missing to close the brace and open the brace. With that, if we enable the remote connection uncommenting the line remote_ops in the file tcsd.conf, the function access_control will always return 1 denying the operation. I fixed all and made some tests with my program and also with the program tpm_version. the result was success as shown below. $ tpm_version TPM 1.2 Version Info: Chip Version: 1.2.0.7 Spec Level: 2 Errata Revision: 1 TPM Vendor ID: ETHZ TPM Version: 01010000 Manufacturer Info: 4554485a TCSD trousers 0.3.13: TCSD up and running. TCSD TCS Accepted OpenContext operation from localhost TCSD TCS Accepted GetCapability operation from localhost TCSD TCS Accepted GetCapability operation from localhost TCSD TCS Accepted GetCapability operation from localhost TCSD TCS Accepted CloseContext operation from localhost I know that, I don't work with the development of the TrouSers and I wouldn't like to bother anyone with these problems. I just would like to help the development, improve it and I wouldn't like more people facing the same problem. It is an excellent project. Because of that I did this analyze and also I created a patch that solve these problems. I don't know if this patch follow the development standard of the TrouSers (for example: branch name and name of the file). I just want to show with this file where are the problems. I would like to thanks if someone could analyze that and make some comments regarding what I did whether is correct or wrong. However, I just want to help. If someone has some doubts or needs more information, feel free to contact me. I hope to have helped. Best regards, -- Anderson Fonseca http://buildall.wordpress.com http://twitter.com/andersonfonseca
From 7cd5568d02ee075601222e5e68bee9d20b8db1a5 Mon Sep 17 00:00:00 2001 From: Anderson Fonseca <[email protected]> Date: Wed, 6 Aug 2014 23:58:13 -0300 Subject: [PATCH] - Fixed the checking getpeername returning. When success was returning as error. - Fixed missing braces. - Fixed the problem with remote connection. Trousers was working just to local connection. --- src/tcs/rpc/tcstp/rpc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/tcs/rpc/tcstp/rpc.c b/src/tcs/rpc/tcstp/rpc.c index 0fc7e83..7ddcad4 100644 --- a/src/tcs/rpc/tcstp/rpc.c +++ b/src/tcs/rpc/tcstp/rpc.c @@ -524,7 +524,7 @@ access_control(struct tcsd_thread_data *thread_data) struct sockaddr *sa; socklen_t sas_len = sizeof(sas); - if (!getpeername(thread_data->sock, (struct sockaddr *)&sas, &sas_len)) { + if (getpeername(thread_data->sock, (struct sockaddr *)&sas, &sas_len) != 0) { LogError("Error retrieving local socket address: %s", strerror(errno)); return 1; } @@ -539,6 +539,7 @@ access_control(struct tcsd_thread_data *thread_data) if (memcmp(&sa_in->sin_addr.s_addr, &nloopaddr, sizeof(struct sockaddr_in)) == 0) is_localhost = 1; + } else if (sa->sa_family == AF_INET6) { struct sockaddr_in6 *sa_in6 = (struct sockaddr_in6 *)sa; if (memcmp(&sa_in6->sin6_addr.s6_addr, &in6addr_loopback, @@ -548,7 +549,7 @@ access_control(struct tcsd_thread_data *thread_data) /* if the request comes from localhost, or is in the accepted ops list, * approve it */ - if (is_localhost) + if (is_localhost) { return 0; } else { while (tcsd_options.remote_ops[i]) { -- 1.9.1
------------------------------------------------------------------------------
_______________________________________________ TrouSerS-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-tech
