#include <openpts.h>
+// verifier.c
+void global_lock(int type);
+int getDefaultConfigfile(OPENPTS_CONFIG *conf);
+// log.c
+
/* Well defined return values that can be interpreted by the GUI */
#define RETVAL_OK_TRUSTED 0
#define RETVAL_NOTTRUSTED 1
// TODO
extern char *ptsc_command;
-
/**
* Usage
*/
void usage(void) {
-#if 0
- fprintf(stderr, "OpenPTS command\n\n");
- fprintf(stderr, "Usage: openpts [options] {-i [-f]|[-v]|-D} <target>\n");
- fprintf(stderr, " openpts -D\n\n");
- fprintf(stderr, "Commands:\n");
- fprintf(stderr, " -i [-f] Initialize [forcibly] the PTS verifier with the target(collector).\n");
- fprintf(stderr, " [-v] Verify target(collector) integrity against know measure.\n");
- fprintf(stderr, " -D Display the configuration (target/ALL)\n");
- fprintf(stderr, "\n");
- fprintf(stderr, "Miscellaneous:\n");
- fprintf(stderr, " -h Show this help message\n");
- fprintf(stderr, " -V Verbose mode. Multiple -V options increase the verbosity.\n");
- fprintf(stderr, "\n");
- fprintf(stderr, "Options:\n");
-#ifdef CONFIG_AUTO_RM_UPDATE
- fprintf(stderr, " -u "
- "Selects 'yes' as the the default answer when an update is available [no]\n");
-#endif
- fprintf(stderr, " -l username ssh username [ssh default]\n");
- fprintf(stderr, " -p port ssh port number [ssh default]\n");
- fprintf(stderr, " -c configfile Set configuration file [~/.openpts/openpts.conf]\n");
- fprintf(stderr, "\n");
-#endif
- fprintf(stderr, NLS(MS_OPENPTS, OPENPTS_USAGE, "OpenPTS command\n\n"
+ OUTPUT(NLS(MS_OPENPTS, OPENPTS_USAGE_1,
+ "OpenPTS command\n\n"
"Usage: openpts [options] {-i [-f]|[-v]||-r|-D} <target>\n"
" openpts -D\n\n"
"Commands:\n"
" -h Show this help message\n"
" -V Verbose mode. Multiple -V options increase the verbosity.\n"
"\n"
- "Options:\n"
- " -u Accept a measurement update during attestation, if there are any available.\n"
+ "Options:\n"));
+#ifdef CONFIG_AUTO_RM_UPDATE
+ OUTPUT(NLS(MS_OPENPTS, OPENPTS_USAGE_2,
+ " -u Accept a measurement update during attestation, if there are any available.\n"));
+#endif
+ OUTPUT(NLS(MS_OPENPTS, OPENPTS_USAGE_3,
" -l username ssh username [ssh default]\n"
" -p port ssh port number [ssh default]\n"
" -c configfile Set configuration file [~/.openpts/openpts.conf]\n"
"\n"));
+
+ // TODO -g option
}
#define INIT 0
#define VERIFY 1
-#define UPDATE 2
+// #define UPDATE 2
#define REMOVE 3
#define DISPLAY 4
#define NONE 5
-/**
- * get Default Config File
- */
-int getDefaultConfigfile(OPENPTS_CONFIG *conf) {
- int rc = -1; // TODO
- /* use system default config file */
- int createBasicConfig = 0;
- int configDirExists;
-
- char dirbuf[BUF_SIZE];
- char confbuf[BUF_SIZE];
- char uuidbuf[BUF_SIZE];
- char *homeDir = getenv("HOME");
-
-
- snprintf(dirbuf, BUF_SIZE, "%s/.openpts", homeDir);
- snprintf(confbuf, BUF_SIZE, "%s/.openpts/openpts.conf", homeDir);
- snprintf(uuidbuf, BUF_SIZE, "%s/.openpts/uuid", homeDir);
-
- /* check dir */
- configDirExists = (checkDir(dirbuf) == PTS_SUCCESS);
-
- if (!configDirExists) {
- // create and initialize the $HOME/.openpts directory
- rc = mkdir(dirbuf, S_IRUSR | S_IWUSR | S_IXUSR);
- if (rc != 0) {
- ERROR("mkdir on $HOME/.openpts failed (errno=%d)", errno);
- perror(dirbuf);
- goto error;
- }
- createBasicConfig = 1;
- } else {
- struct stat statBuf;
- if (-1 == stat(confbuf, &statBuf) && ENOENT == errno) {
- ERROR("Found openpts dir '%s', but no config file - will create one.", dirbuf);
- createBasicConfig = 1;
- }
- }
-
- if (createBasicConfig) {
- /* new UUID */
- conf->uuid = newOpenptsUuid();
- conf->uuid->filename = smalloc_assert(uuidbuf);
- conf->uuid->status = OPENPTS_UUID_FILENAME_ONLY;
-
- genOpenptsUuid(conf->uuid);
- rc = writeOpenptsUuidFile(conf->uuid, 1);
- if (rc != 0) {
- // rollback
- if (configDirExists) {
- unlink(dirbuf); // will fail if log file exists
- }
- goto error;
- }
-
- rc = writeOpenptsConf(conf, confbuf);
- if (rc != 0) {
- // rollback
- unlink(uuidbuf);
- if (configDirExists) {
- unlink(dirbuf); // will fail if log file exists
- }
- goto error;
- }
- }
-
-
+#define OPENPTS_LOG_FILENAME "~/.openpts/openpts.log"
-#if 0
- if (checkDir(dirbuf) != PTS_SUCCESS) {
- char ans;
- if (isatty(STDIN_FILENO)) {
- // Console
- char buf[256];
- char *s;
- printf("%s is missing. create [Y/n]:", dirbuf);
- s = fgets(buf, sizeof(buf), stdin);
- if (s !=NULL) {
- ans = buf[0];
- } else {
- printf("bad input?");
- goto error;
- }
- } else {
- ans = 'Y';
- }
- /* new UUID */
- conf->uuid = newOpenptsUuid();
- conf->uuid->filename = smalloc(uuidbuf);
- conf->uuid->status = OPENPTS_UUID_FILENAME_ONLY;
- genOpenptsUuid(conf->uuid);
-
- /* Y,y and just enter => create ~/.openpts */
- if ((ans == 'Y') || (ans == 'y') || (ans == 0x0a)) {
- rc = mkdir(dirbuf, S_IRUSR | S_IWUSR | S_IXUSR);
- rc = writeOpenptsUuidFile(conf->uuid, 1);
- if (rc != PTS_SUCCESS) {
- ERROR("writeOpenptsUuidFile fail\n");
- }
- rc = writeOpenptsConf(conf, confbuf);
-
- } else {
- printf("Bad answer %c, exit\n", ans);
- rc = -1;
- goto error;
- }
- }
-#endif
- /* check conf */
-
- DEBUG("read conf file : %s\n", confbuf);
- rc = readOpenptsConf(conf, confbuf);
- if (rc != 0) {
- ERROR("readOpenptsConf() failed\n");
- }
-
- error:
-
- return rc;
-}
-
-void global_lock(int type) {
- int fd;
- struct flock fl;
- char *home, path[PATH_MAX];
-
- home = getenv("HOME");
- if (home == NULL) {
- ERROR("HOME environment variable not defined\n");
- exit(1);
- }
- snprintf(path, PATH_MAX, "%s/.openpts", home);
- if (mkdir(path, 0700) < 0 && errno != EEXIST) {
- perror(path);
- exit(1);
- }
- snprintf(path, PATH_MAX, "%s/.openpts/rwlock", home);
- fd = open(path, O_RDWR | O_CREAT | O_TRUNC, 0666);
- if (fd < 0) {
- perror(path);
- exit(1);
- }
- fl.l_start = 0;
- fl.l_len = 0;
- fl.l_whence = SEEK_SET;
- fl.l_type = type;
- if (fcntl(fd, F_SETLKW, &fl) < 0) {
- perror(path);
- exit(1);
- }
-}
/**
* main of "openpts" command
char * config_filename = NULL;
char * cmdline_hostname = NULL;
char * target_hostname = NULL;
- int initialized = 0; // 0 -> 1 -> 2
char * target_conf_dir = NULL;
char * target_conf_filename = NULL;
int force = 0;
OPENPTS_TARGET *target_collector = NULL;
OPENPTS_CONFIG *target_conf = NULL; // conf for target
int new_target = 0; // indicate new target
+
+ /* set custom ptsc command and conf for test */
char *ptsc_path = NULL;
char *ptsc_conf = NULL;
initCatalog();
+ setSyslogCommandName("openpts");
/* args */
+ /* verbose level */
while ((opt = getopt(argc, argv, "givruDVc:dfuyl:p:P:C:h")) != -1) {
switch (opt) {
case 'i':
case 'p':
ssh_port = optarg;
break;
- case 'P':
+ case 'P': // for test
ptsc_path = optarg;
break;
- case 'C':
+ case 'C': // for test
ptsc_conf = optarg;
break;
- case 'g':
+ case 'g': // print reason with verbose message
print_pcr_hints = 1;
break;
case 'h':
cmdline_hostname = argv[0];
+ /* default logging scheme */
+ debugBits = 0;
+ setLogLocation(OPENPTS_LOG_FILE, OPENPTS_LOG_FILENAME);
+
/* check */
if ((ptsc_path != NULL) && (ptsc_conf != NULL)) {
int len;
// char ptsc_command[PATH_MAX];
- INFO("ptsc debug mode\n");
+ LOG(LOG_INFO, "ptsc debug mode\n");
// len = strlen(ptsc_path) + strlen(ptsc_conf) + 13;
// snprintf(ptsc_command, PATH_MAX - 1, "%s -m -v -c %s", ptsc_path, ptsc_conf);
len = strlen(ptsc_path) + strlen(ptsc_conf) + 13;
ptsc_command = xmalloc(len);
snprintf(ptsc_command, len, "%s -m -v -c %s", ptsc_path, ptsc_conf);
- INFO("command: %s\n", ptsc_command);
+ LOG(LOG_INFO, "command: %s\n", ptsc_command);
}
/* default command is to verify */
if (command == NONE) command = VERIFY;
-#ifdef OPENPTS_DEBUG
- setDebugFlags(DEBUG_FLAG | DEBUG_FSM_FLAG | DEBUG_IFM_FLAG);
-#else
- /* set the DEBUG level, 1,2,3
- WORK NEEDED - should have a debug flag too. */
- if (getVerbosity() > 2) {
- setDebugFlags(DEBUG_FLAG | DEBUG_FSM_FLAG | DEBUG_IFM_FLAG);
- } else if (getVerbosity() > 1) {
- setDebugFlags(DEBUG_FLAG | DEBUG_IFM_FLAG);
- } else if (getVerbosity() > 0) {
- setDebugFlags(DEBUG_FLAG);
- }
-#endif
+ /* Set logging (location,filename) by ENV */
+ determineLogLocationByEnv();
+ // TODO lock and config management should be integrated
/* global locks solve concurrency issues */
if (command == VERIFY || command == DISPLAY) {
global_lock(F_RDLCK);
}
/* check/create config file - HOME./openpts/openpts.conf */
+ /* Also load logging setting */
if (config_filename == NULL) {
/* use default config file, HOME./openpts/openpts.conf */
- DEBUG("Using system default config file\n");
rc = getDefaultConfigfile(conf);
} else {
/* use given config file */
- DEBUG("read conf file : %s\n", config_filename);
rc = readOpenptsConf(conf, config_filename);
}
-
- if (rc != 0) {
- ERROR("Failed to read config file\n");
+ if (rc != PTS_SUCCESS) {
+ DEBUG("Failed to read config file, %s\n", conf->config_file);
retVal = RETVAL_GLOBAL_ERROR;
goto out_free;
- } else {
- initialized++; // 0->1
}
- DEBUG("VERBOSITY (%d), DEBUG mode (0x%x)\n", getVerbosity(), getDebugFlags());
+ // setLogLocation(OPENPTS_LOG_CONSOLE, NULL);
+
+ VERBOSE(2, NLS(MS_OPENPTS, OPENPTS_VERIFIER_CONFIG_FILE,
+ "Config file : %s\n"), conf->config_file);
+ VERBOSE(2, NLS(MS_OPENPTS, OPENPTS_VERIFIER_VERBOSITY,
+ "Verbosity : %d\n"), getVerbosity());
+ VERBOSE(2, NLS(MS_OPENPTS, OPENPTS_VERIFIER_DEBUG_OUT,
+ "Logging location : %s\n"), getLogLocationString());
+ VERBOSE(2, NLS(MS_OPENPTS, OPENPTS_VERIFIER_DEBUG_MODE,
+ "Logging(debig) mode : 0x%x\n"), getDebugFlags());
/* we always need the target list */
rc = getTargetList(conf, conf->config_dir);
/* look up the conf of target(hostname) */
/* set the target hostname:port and search */
if (conf->hostname != NULL) {
- TODO("realloc conf->hostname\n");
+ LOG(LOG_TODO, "realloc conf->hostname\n");
xfree(conf->hostname);
}
conf->hostname = smalloc_assert(cmdline_hostname);
}
} else {
/* HIT exist */
- target_conf_dir = getTargetConfDir(conf); // HOME/.openpts/UUID
+ target_conf_dir = getTargetConfDir(conf); // HOME/.openpts/UUID/
target_conf_filename = smalloc_assert(target_collector->target_conf_filename);
target_conf = (OPENPTS_CONFIG*)target_collector->target_conf;
}
/* look up */
if (target_collector != NULL) {
// WORK NEEDED: Please use NLS for i18n output
- printf("hostname : %s\n", target_hostname);
- printf("UUID : %s\n", target_collector->str_uuid);
- printf("State : %d\n", target_collector->state);
- printf("Dir : %s\n", target_collector->dir);
- printf("Manifests :\n");
+ OUTPUT("hostname : %s\n", target_hostname);
+ OUTPUT("UUID : %s\n", target_collector->str_uuid);
+ OUTPUT("State : %d\n", target_collector->state);
+ OUTPUT("Dir : %s\n", target_collector->dir);
+ OUTPUT("Manifests :\n");
getRmList(target_conf, target_conf->config_dir);
printRmList(target_conf, "");
goto out_free; // exit
} else {
/* all target (simple) */
- printTargetList(conf, "");
+ printTargetList(conf, ""); // target.c
goto out_free; // exit
}
} else if ( NULL == target_hostname ) {
goto out_free;
}
- if (command == REMOVE) {
+ /* check the target */
+ if ((command == REMOVE) || (command == VERIFY)) {
if (target_conf_dir == NULL) {
+ DEBUG("target_conf_dir == NULL\n");
OUTPUT(NLS(MS_OPENPTS, OPENPTS_TARGET_NOT_INITIALIZED,
"The target %s is not initialized yet. Please enroll with '%s' first\n\n"),
target_hostname, target_hostname);
retVal = RETVAL_NOTENROLLED;
goto out_free;
}
+ }
+
+ /* Remove the target */
+ if (command == REMOVE) {
+ /* delete */
if (unlinkDir(target_conf_dir) != 0) {
+ LOG(LOG_ERR, "unlinkDir(%s) failed", target_conf_dir);
retVal = RETVAL_TARGET_ERROR;
goto out_free;
}
+ OUTPUT(NLS(MS_OPENPTS, OPENPTS_TARGET_DELETED,
+ "The target %s is deleted\n\n"),
+ target_hostname);
retVal = RETVAL_NOTENROLLED;
goto out_free;
}
- /* verify -> read target conf */
- if (command == VERIFY) {
- /* check the target dir */
- if (checkDir(target_conf_dir) == PTS_SUCCESS) {
- initialized++; // 1->2
- } else {
- ERROR("target_conf_dir, %s is missing", target_conf_dir);
- retVal = RETVAL_GLOBAL_ERROR;
- goto out_free;
- }
- }
+ /* INIT VERIFY UPDATE */
/* check for an overriding ssh username */
if (ssh_username != NULL) {
target_conf->ssh_username = strdup(ssh_username);
if (target_conf->ssh_username == NULL) {
- ERROR("No memory");
+ LOG(LOG_ERR, "No memory");
retVal = RETVAL_GLOBAL_ERROR;
goto out_free;
}
DEBUG("conf->config_dir %s\n", conf->config_dir);
rc = enroll(ctx, target_hostname, ssh_username, ssh_port, conf->config_dir, force); // verifier.c
if (rc != 0) {
- ERROR("enroll was failed, rc = %d\n", rc);
+ ERROR( // TODO NLS
+ "enroll was failed, rc = %d\n", rc);
printReason(ctx, print_pcr_hints);
retVal = RETVAL_NOTENROLLED;
goto out_free;
DEBUG("conf->config_dir %s\n", conf->config_dir);
rc = verifier(ctx, target_hostname, ssh_username, ssh_port, conf->config_dir, 1); // init
if (rc != OPENPTS_RESULT_VALID) {
- ERROR("initial verification was failed, rc = %d\n", rc);
+ LOG(LOG_ERR, "initial verification was failed, rc = %d\n", rc);
+ ERROR( // TODO NLS
+ "initial verification was failed, rc = %d\n", rc);
printReason(ctx, print_pcr_hints);
retVal = RETVAL_NOTTRUSTED;
goto out_free;
retVal = RETVAL_OK_TRUSTED;
/* message */
- printf(NLS(MS_OPENPTS, OPENPTS_INIT_TARGET, "Target: %s\n"), target_hostname);
+ VERBOSE(1, NLS(MS_OPENPTS, OPENPTS_INIT_TARGET,
+ "Target: %s\n"), target_hostname);
if (ctx->target_conf != NULL) {
if (ctx->target_conf->rm_uuid != NULL) {
- printf(NLS(MS_OPENPTS, OPENPTS_INIT_MANIFEST_UUID,
+ VERBOSE(1, NLS(MS_OPENPTS, OPENPTS_INIT_MANIFEST_UUID,
"Manifest UUID: %s\n"), ctx->target_conf->rm_uuid->str);
for (i = 0; i< ctx->conf->rm_num; i ++) {
- printf(NLS(MS_OPENPTS, OPENPTS_INIT_MANIFEST,
+ VERBOSE(1, NLS(MS_OPENPTS, OPENPTS_INIT_MANIFEST,
"Manifest[%d]: %s\n"), i, ctx->target_conf->rm_filename[i]);
}
}
/* having indentation specific to one language will make the
translated versions (i.e. french, japanese) look ugly */
- printf(NLS(MS_OPENPTS, OPENPTS_INIT_COLLECTOR_UUID,
+ VERBOSE(1, NLS(MS_OPENPTS, OPENPTS_INIT_COLLECTOR_UUID,
"Collector UUID: %s\n"), ctx->target_conf->uuid->str);
- printf(NLS(MS_OPENPTS, OPENPTS_INIT_CONFIG,
+ VERBOSE(1, NLS(MS_OPENPTS, OPENPTS_INIT_CONFIG,
"Configuration: %s\n"), ctx->target_conf->config_file);
- printf(NLS(MS_OPENPTS, OPENPTS_INIT_VALIDATION,
+ VERBOSE(1, NLS(MS_OPENPTS, OPENPTS_INIT_VALIDATION,
"Validation policy: %s\n"), ctx->target_conf->policy_filename);
} else {
// TODO never happen?
- printf(NLS(MS_OPENPTS, OPENPTS_INIT_NEW_CONFIG, "Configuration: new target\n"));
+ OUTPUT(NLS(MS_OPENPTS, OPENPTS_INIT_NEW_CONFIG,
+ "Configuration: new target\n"));
}
break;
}
case VERIFY:
{
- /* verify */
- if (initialized < 2) {
- OUTPUT(NLS(MS_OPENPTS, OPENPTS_TARGET_NOT_INITIALIZED,
- "The target %s is not initialized yet. Please enroll with '%s' first\n\n"),
- target_hostname, target_hostname);
- retVal = RETVAL_NOTENROLLED;
- goto out_free;
- }
-
// TODO(munetoh) control by policy? or conf?
ctx->conf->ima_validation_unknown = 1;
rc = verifier(ctx, target_hostname, ssh_username, ssh_port, conf->config_dir, 0); // normal
/* messages */
- // printf("target : %s\n", argv[0]);
- printf(NLS(MS_OPENPTS, OPENPTS_VERIFY_TARGET, "Target: %s\n"), target_hostname);
+ VERBOSE(1, NLS(MS_OPENPTS, OPENPTS_VERIFY_TARGET,
+ "Target: %s\n"), target_hostname);
if (target_conf != NULL) {
- printf(NLS(MS_OPENPTS, OPENPTS_VERIFY_COLLECTOR_UUID, "Collector UUID: %s "), target_conf->uuid->str);
+ VERBOSE(1, NLS(MS_OPENPTS, OPENPTS_VERIFY_COLLECTOR_UUID, "Collector UUID: %s "), target_conf->uuid->str);
// TODO set this when load the uuid
if (target_conf->uuid->time == NULL) {
target_conf->uuid->time = getDateTimeOfUuid(target_conf->uuid->uuid);
}
- printf(NLS(MS_OPENPTS, OPENPTS_VERIFY_DATE, "(date: %04d-%02d-%02d-%02d:%02d:%02d)\n"),
+ VERBOSE(1, NLS(MS_OPENPTS, OPENPTS_VERIFY_DATE,
+ "(date: %04d-%02d-%02d-%02d:%02d:%02d)\n"),
target_conf->uuid->time->year + 1900,
target_conf->uuid->time->mon + 1,
target_conf->uuid->time->mday,
target_conf->uuid->time->hour,
target_conf->uuid->time->min,
target_conf->uuid->time->sec);
- printf(NLS(MS_OPENPTS, OPENPTS_VERIFY_MANIFEST_UUID,
+ VERBOSE(1, NLS(MS_OPENPTS, OPENPTS_VERIFY_MANIFEST_UUID,
"Manifest UUID: %s "), target_conf->rm_uuid->str);
- printf(NLS(MS_OPENPTS, OPENPTS_VERIFY_DATE, "(date: %04d-%02d-%02d-%02d:%02d:%02d)\n"),
+ VERBOSE(1, NLS(MS_OPENPTS, OPENPTS_VERIFY_DATE,
+ "(date: %04d-%02d-%02d-%02d:%02d:%02d)\n"),
target_conf->rm_uuid->time->year + 1900,
target_conf->rm_uuid->time->mon + 1,
target_conf->rm_uuid->time->mday,
target_conf->rm_uuid->time->min,
target_conf->rm_uuid->time->sec);
- printf(NLS(MS_OPENPTS, OPENPTS_VERIFY_USERNAME, "username(ssh): %s\n"),
+ VERBOSE(1, NLS(MS_OPENPTS, OPENPTS_VERIFY_USERNAME,
+ "username(ssh): %s\n"),
conf->ssh_username ? conf->ssh_username : "default");
- printf(NLS(MS_OPENPTS, OPENPTS_VERIFY_PORT, "port(ssh): %s\n"),
+ VERBOSE(1, NLS(MS_OPENPTS, OPENPTS_VERIFY_PORT,
+ "port(ssh): %s\n"),
conf->ssh_port ? conf->ssh_port : "default");
- printf(NLS(MS_OPENPTS, OPENPTS_VERIFY_POLICY, "policy file: %s\n"), target_conf->policy_filename);
- printf(NLS(MS_OPENPTS, OPENPTS_VERIFY_PROPERTY,
+ VERBOSE(1, NLS(MS_OPENPTS, OPENPTS_VERIFY_POLICY,
+ "policy file: %s\n"), target_conf->policy_filename);
+ VERBOSE(1, NLS(MS_OPENPTS, OPENPTS_VERIFY_PROPERTY,
"property file: %s\n"), target_conf->prop_filename); // TODO property or prop
} else {
retVal = RETVAL_GLOBAL_ERROR;
}
if (rc == OPENPTS_RESULT_VALID) {
- printf(NLS(MS_OPENPTS, OPENPTS_VERIFY_VALID, "integrity: valid\n"));
+ OUTPUT(NLS(MS_OPENPTS, OPENPTS_VERIFY_VALID, "integrity: valid\n"));
retVal = RETVAL_OK_TRUSTED;
} else if (rc == OPENPTS_RESULT_INVALID ||
rc == PTS_VERIFY_FAILED ||
rc == PTS_NOT_INITIALIZED || // <-- happens when a target changed its UUID (re-init)
rc == PTS_RULE_NOT_FOUND) { // <-- happens when a target has updated its RM
// (failed selftest using -s)
- printf(NLS(MS_OPENPTS, OPENPTS_VERIFY_INVALID, "integrity: invalid\n"));
+ ERROR(NLS(MS_OPENPTS, OPENPTS_VERIFY_INVALID,
+ "integrity: invalid\n"));
printReason(ctx, print_pcr_hints);
retVal = RETVAL_NOTTRUSTED;
goto out_free;
} else if (rc == OPENPTS_RESULT_UNKNOWN) {
- printf(NLS(MS_OPENPTS, OPENPTS_VERIFY_UNKNOWN, "integrity: unknown\n"));
+ ERROR(NLS(MS_OPENPTS, OPENPTS_VERIFY_UNKNOWN,
+ "integrity: unknown\n"));
printReason(ctx, print_pcr_hints);
retVal = RETVAL_TARGET_ERROR;
goto out_free;
} else {
- printf(NLS(MS_OPENPTS, OPENPTS_VERIFY_ERROR, "integrity: unknown (INTERNAL ERROR) rc=%d\n"), rc);
+ ERROR(NLS(MS_OPENPTS, OPENPTS_VERIFY_ERROR,
+ "integrity: unknown (INTERNAL ERROR) rc=%d\n"), rc);
printReason(ctx, print_pcr_hints);
retVal = RETVAL_TARGET_ERROR;
goto out_free;
printHex(NLS(MS_OPENPTS, OPENPTS_VERIFY_NEW_UUID_LOCAL,
"NEWRM UUID (local): "), (BYTE*)target_conf->newrm_uuid->uuid, 16, "\n");
} else {
- printf(NLS(MS_OPENPTS, OPENPTS_VERIFY_NEW_UUID_MISSING, "NEWRM UUID (local): missing\n"));
+ OUTPUT(NLS(MS_OPENPTS, OPENPTS_VERIFY_NEW_UUID_MISSING,
+ "NEWRM UUID (local): missing\n"));
}
}
(BYTE*)target_conf->newrm_uuid->uuid, 16) &&
0 == isNewRmStillValid(ctx, conf->config_dir) ) {
/* HIT */
- printf("---------------------------------------------------------\n");
- printf(NLS(MS_OPENPTS, OPENPTS_VERIFY_NEW_MANIFEST_UUID,
+ OUTPUT("---------------------------------------------------------\n");
+ OUTPUT(NLS(MS_OPENPTS, OPENPTS_VERIFY_NEW_MANIFEST_UUID,
"New Manifest UUID: %s "), target_conf->newrm_uuid->str);
- printf(NLS(MS_OPENPTS, OPENPTS_VERIFY_DATE, "(date: %04d-%02d-%02d-%02d:%02d:%02d)\n"),
+ OUTPUT(NLS(MS_OPENPTS, OPENPTS_VERIFY_DATE,
+ "(date: %04d-%02d-%02d-%02d:%02d:%02d)\n"),
target_conf->newrm_uuid->time->year + 1900,
target_conf->newrm_uuid->time->mon + 1,
target_conf->newrm_uuid->time->mday,
goto out_free;
} else {
/* local is old? */
- printf(NLS(MS_OPENPTS, OPENPTS_VERIFY_NEW_MANIFEST_ALREADY_EXISTS,
+ OUTPUT(NLS(MS_OPENPTS, OPENPTS_VERIFY_NEW_MANIFEST_ALREADY_EXISTS,
"A new reference manifest has been received, but an update exists\n"));
}
}
/* msg */
- printf("---------------------------------------------------------\n");
+ OUTPUT("---------------------------------------------------------\n");
uuid_time = getDateTimeOfUuid(conf->target_newrm_uuid);
uuid_str = getStringOfUuid(conf->target_newrm_uuid);
- printf(NLS(MS_OPENPTS, OPENPTS_VERIFY_NEW_MANIFEST_UUID, "New Manifest UUID: %s "), uuid_str);
- printf(NLS(MS_OPENPTS, OPENPTS_VERIFY_DATE, "(date: %04d-%02d-%02d-%02d:%02d:%02d)\n"),
+ OUTPUT(NLS(MS_OPENPTS, OPENPTS_VERIFY_NEW_MANIFEST_UUID,
+ "New Manifest UUID: %s "), uuid_str);
+ OUTPUT(NLS(MS_OPENPTS, OPENPTS_VERIFY_DATE,
+ "(date: %04d-%02d-%02d-%02d:%02d:%02d)\n"),
uuid_time->year + 1900,
uuid_time->mon + 1,
uuid_time->mday,
if (isatty(STDIN_FILENO) && !update_by_default) {
char *lineFeed;
- printf(NLS(MS_OPENPTS, OPENPTS_VERIFY_NEW_MANIFEST_UPDATE,
+ OUTPUT(NLS(MS_OPENPTS, OPENPTS_VERIFY_NEW_MANIFEST_UPDATE,
"A new reference manifest exists. Update? [Y/n]\n"));
if ( NULL != fgets(ans, 32, stdin) ) {
// strip the ending line-feed
if (ansIsYes) {
rc = updateNewRm(ctx, target_hostname, conf->config_dir); // aru.c
if (rc == PTS_SUCCESS) {
- printf(NLS(MS_OPENPTS, OPENPTS_VERIFY_SAVE_NEW_MANIFEST, "Save new reference manifest\n"));
+ OUTPUT(NLS(MS_OPENPTS, OPENPTS_VERIFY_SAVE_NEW_MANIFEST,
+ "Save new reference manifest\n"));
// TODO UUID
retVal = RETVAL_OK_TRUSTED;
} else {
retVal = RETVAL_TARGET_ERROR;
}
} else if (ansIsNo) {
- printf(NLS(MS_OPENPTS, OPENPTS_VERIFY_KEEP_CURRENT_MANIFEST, "Keep current manifest\n"));
+ OUTPUT(NLS(MS_OPENPTS, OPENPTS_VERIFY_KEEP_CURRENT_MANIFEST,
+ "Keep current manifest\n"));
retVal = RETVAL_OK_PENDINGUPDATE;
} else {
- ERROR("Bad answer %s, exit\n", ans);
+ LOG(LOG_ERR, "Bad answer %s, exit\n", ans);
retVal = RETVAL_GLOBAL_ERROR;
goto out_free;
}
// TODO validate new RM
// TODO e.g. gen new RM by verifier and compare both
} else if (rc == PTS_RULE_NOT_FOUND) {
- printf(NLS(MS_OPENPTS, OPENPTS_VERIFY_RUN_OPENPTS,
+ OUTPUT(NLS(MS_OPENPTS, OPENPTS_VERIFY_RUN_OPENPTS,
"A new reference manifest exists. If this is expected, "
"please update the manifest with 'openpts -i -f'\n"));
retVal = RETVAL_NOTENROLLED;
}
#else
if (rc == PTS_RULE_NOT_FOUND) {
- printf(NLS(MS_OPENPTS, OPENPTS_VERIFY_RUN_OPENPTS,
+ OUTPUT(NLS(MS_OPENPTS, OPENPTS_VERIFY_RUN_OPENPTS,
"A new reference manifest exists. If this is expected, "
"please update the manifest with 'openpts -i -f'\n"));
retVal = RETVAL_NOTENROLLED;
#endif
break;
}
- case UPDATE:
- TODO("TBD\n");
- retVal = RETVAL_GLOBAL_ERROR;
- break;
default:
usage();
retVal = RETVAL_GLOBAL_ERROR;
OSDN Git Service
