2 * This file is part of the OpenPTS project.
4 * The Initial Developer of the Original Code is International
5 * Business Machines Corporation. Portions created by IBM
6 * Corporation are Copyright (C) 2010 International Business
7 * Machines Corporation. All Rights Reserved.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the Common Public License as published by
11 * IBM Corporation; either version 1 of the License, or (at your option)
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * Common Public License for more details.
19 * You should have received a copy of the Common Public License
20 * along with this program; if not, a copy can be viewed at
21 * http://www.opensource.org/licenses/cpl1.0.php.
26 * \brief read/write configuration file
28 * @author Seiji Munetoh <munetoh@users.sourceforge.jp>
30 * cleanup 2012-01-04 SM
32 * grep strncmp src/conf.c | gawk '{print $3}'
33 * grep strncmp src/conf.c | awk '{print " * " $3}' | sed -e "s/\"//g" -e "s/,//g"
35 * Also update man/man5/ptsc.conf.5
49 * create [target num + 1], [last] for new target
51 OPENPTS_TARGET_LIST *newTargetList(int num) {
52 OPENPTS_TARGET_LIST *list;
55 size = sizeof(OPENPTS_TARGET_LIST) + sizeof(OPENPTS_TARGET) * (num);
57 list = (OPENPTS_TARGET_LIST *) xmalloc(size);
61 memset(list, 0, size);
63 list->target_num = num - 1; // set actual number
71 void freeTargetList(OPENPTS_TARGET_LIST *list) {
74 OPENPTS_TARGET *target;
76 num = list->target_num;
79 for (i = 0; i < num; i++) {
80 target = &list->target[i];
82 LOG(LOG_ERR, "no memory cnt=%d\n", i);
84 if (target->uuid != NULL) freeUuid(target->uuid);
85 if (target->str_uuid != NULL) xfree(target->str_uuid);
86 if (target->time != NULL) xfree(target->time);
87 if (target->dir != NULL) xfree(target->dir);
88 if (target->target_conf_filename != NULL) xfree(target->target_conf_filename);
89 if (target->target_conf != NULL) {
90 // DEBUG("target->target_conf => free\n");
91 /* WORK NEEDED: freePtsConfig -> freeTargetList -> freePtsConfig .
92 Can we have cases where freePtsConfig is called twice on
93 the same structure?! This leads to double free errors. Set the
94 member variable to NULL before calling so we don't get circular
96 OPENPTS_CONFIG *conf = target->target_conf;
97 target->target_conf = NULL;
108 OPENPTS_CONFIG * newPtsConfig() {
109 OPENPTS_CONFIG * conf;
112 conf = (OPENPTS_CONFIG *) xmalloc(sizeof(OPENPTS_CONFIG));
116 memset(conf, 0, sizeof(OPENPTS_CONFIG));
118 // tpm_version. tss_version are set by ptscd.c
119 // set by configure.in
120 conf->pts_version.bMajor = PTS_SPEC_MAJOR;
121 conf->pts_version.bMinor = PTS_SPEC_MINOR;
122 conf->pts_version.bRevMajor = PTS_VER_MAJOR;
123 conf->pts_version.bRevMinor = PTS_VER_MINOR;
125 // set PCR used by openpts itself
126 // set by configure.in
127 conf->openpts_pcr_index = OPENPTS_PCR_INDEX;
136 int freePtsConfig(OPENPTS_CONFIG * conf) {
141 LOG(LOG_ERR, "null input");
145 if (conf->config_dir != NULL) {
146 xfree(conf->config_dir);
147 conf->config_dir = NULL;
150 if (conf->bios_iml_filename != NULL) {
151 xfree(conf->bios_iml_filename);
152 conf->bios_iml_filename = NULL;
155 if (conf->runtime_iml_filename != NULL) {
156 xfree(conf->runtime_iml_filename);
157 conf->runtime_iml_filename = NULL;
160 if (conf->pcrs_filename != NULL) {
161 xfree(conf->pcrs_filename);
162 conf->pcrs_filename = NULL;
165 if (conf->ir_filename != NULL) {
166 xfree(conf->ir_filename);
167 conf->ir_filename = NULL;
170 if (conf->ir_dir != NULL) {
175 if (conf->prop_filename != NULL) {
176 xfree(conf->prop_filename);
177 conf->prop_filename = NULL;
180 if (conf->model_dir != NULL) {
182 xfree(conf->model_dir);
183 conf->model_dir = NULL;
186 if (conf->verifier_logging_dir != NULL) {
188 xfree(conf->verifier_logging_dir);
189 conf->verifier_logging_dir = NULL;
192 if (conf->policy_filename != NULL) {
193 xfree(conf->policy_filename);
194 conf->policy_filename = NULL;
198 if (conf->aide_database_filename != NULL) {
199 xfree(conf->aide_database_filename);
200 conf->aide_database_filename = NULL;
203 if (conf->aide_sqlite_filename != NULL) {
204 xfree(conf->aide_sqlite_filename);
205 conf->aide_sqlite_filename = NULL;
207 #endif // CONFIG_SQLITE
208 if (conf->aide_ignorelist_filename != NULL) {
209 xfree(conf->aide_ignorelist_filename);
210 conf->aide_ignorelist_filename = NULL;
212 #endif // CONFIG_AIDE
214 if (conf->pubkey != NULL) {
219 if (conf->property_filename != NULL) {
220 xfree(conf->property_filename);
221 conf->property_filename = NULL;
224 /* OPENPTS_TARGET_LIST */
225 if (conf->target_list != NULL) {
226 // DEBUG("conf->target_list != NULL => free\n");
227 /* WORK NEEDED: freePtsConfig -> freeTargetList -> freePtsConfig .
228 Can we have cases where freePtsConfig is called twice on
229 the same structure?! This leads to double free errors. Set the
230 member variable to NULL before calling so we don't get circular
232 OPENPTS_TARGET_LIST *list = conf->target_list;
233 conf->target_list = NULL;
234 freeTargetList(list); // conf.c
238 if (conf->uuid != NULL) {
239 freeOpenptsUuid(conf->uuid);
243 if (conf->rm_uuid != NULL) {
244 freeOpenptsUuid(conf->rm_uuid);
245 conf->rm_uuid = NULL;
248 if (conf->newrm_uuid != NULL) {
249 freeOpenptsUuid(conf->newrm_uuid);
250 conf->newrm_uuid = NULL;
253 if (conf->oldrm_uuid != NULL) {
254 freeOpenptsUuid(conf->oldrm_uuid);
255 conf->oldrm_uuid = NULL;
259 if (conf->target_uuid != NULL) {
260 xfree(conf->target_uuid);
261 conf->target_uuid = NULL;
263 if (conf->str_target_uuid != NULL) {
264 xfree(conf->str_target_uuid);
265 conf->str_target_uuid = NULL;
270 for (i = 0; i< conf->rm_num; i++) {
271 if (conf->rm_filename[i] != NULL) {
272 xfree(conf->rm_filename[i]);
273 conf->rm_filename[i] = NULL;
276 for (i = 0; i< conf->newrm_num; i++) {
277 if (conf->newrm_filename[i] != NULL) {
278 xfree(conf->newrm_filename[i]);
279 conf->newrm_filename[i] = NULL;
285 if (conf->rm_basedir != NULL) {
286 xfree(conf->rm_basedir);
287 conf->rm_basedir = NULL;
291 if (conf->hostname != NULL) {
292 xfree(conf->hostname);
293 conf->hostname = NULL;
295 if (conf->ssh_username != NULL) {
296 xfree(conf->ssh_username);
297 conf->ssh_username = NULL;
299 if (conf->ssh_port != NULL) {
300 xfree(conf->ssh_port);
301 conf->ssh_port = NULL;
304 if (conf->config_file != NULL) {
305 // DEBUG("conf->config_file => free\n");
306 xfree(conf->config_file);
307 conf->config_file = NULL;
310 #ifdef CONFIG_AUTO_RM_UPDATE
311 if (conf->newRmSet != NULL) {
312 xfree(conf->newRmSet);
313 conf->newRmSet = NULL;
317 for (i = 0; i < MAX_RM_NUM; i++) {
318 if (conf->compIDs[i].SimpleName != NULL) xfree(conf->compIDs[i].SimpleName);
319 if (conf->compIDs[i].ModelName != NULL) xfree(conf->compIDs[i].ModelName);
320 if (conf->compIDs[i].ModelNumber != NULL) xfree(conf->compIDs[i].ModelNumber);
321 if (conf->compIDs[i].ModelSerialNumber != NULL) xfree(conf->compIDs[i].ModelSerialNumber);
322 if (conf->compIDs[i].ModelSystemClass != NULL) xfree(conf->compIDs[i].ModelSystemClass);
323 if (conf->compIDs[i].VersionMajor != NULL) xfree(conf->compIDs[i].VersionMajor);
324 if (conf->compIDs[i].VersionMinor != NULL) xfree(conf->compIDs[i].VersionMinor);
325 if (conf->compIDs[i].VersionBuild != NULL) xfree(conf->compIDs[i].VersionBuild);
326 if (conf->compIDs[i].VersionString != NULL) xfree(conf->compIDs[i].VersionString);
327 if (conf->compIDs[i].MfgDate != NULL) xfree(conf->compIDs[i].MfgDate);
328 if (conf->compIDs[i].PatchLevel != NULL) xfree(conf->compIDs[i].PatchLevel);
329 if (conf->compIDs[i].DiscretePatches != NULL) xfree(conf->compIDs[i].DiscretePatches);
330 if (conf->compIDs[i].VendorID_Name != NULL) xfree(conf->compIDs[i].VendorID_Name);
331 if (conf->compIDs[i].VendorID_Value != NULL) xfree(conf->compIDs[i].VendorID_Value);
334 if (conf->aik_storage_filename != NULL) {
335 free(conf->aik_storage_filename);
343 /* parse Component ID related properties */
344 static int readPtsConfig_CompID(
345 OPENPTS_CONFIG *conf,
350 const char *levelStr;
352 char **attributeValue;
359 // rm.compid.0.SimpleName
360 if (strncmp(name, "rm.compid.", 10) != 0) return PTS_SUCCESS;
362 levelStr = name + 10;
363 level = strtoul(levelStr, &attributeName, 10);
365 if (levelStr == attributeName) {
366 LOG(LOG_ERR, "readPtsConfig_CompID()- invalid level number ('%s')\n", name);
370 if (*attributeName != '.') {
371 LOG(LOG_ERR, "readPtsConfig_CompID()- missing '.' after level ('%s')\n", name);
381 if (level >= MAX_RM_NUM) {
383 "readPtsConfig_CompID()- trying to affect a CompID(%s) to a level(%d) greater than MAX_RM_NUM(%d)\n",
384 attributeName, level, MAX_RM_NUM);
388 if (strcmp(attributeName, "SimpleName") == 0)
389 attributeValue = &conf->compIDs[level].SimpleName;
390 else if (strcmp(attributeName, "ModelName") == 0)
391 attributeValue = &conf->compIDs[level].ModelName;
392 else if (strcmp(attributeName, "ModelNumber") == 0)
393 attributeValue = &conf->compIDs[level].ModelNumber;
394 else if (strcmp(attributeName, "ModelSerialNumber") == 0)
395 attributeValue = &conf->compIDs[level].ModelSerialNumber;
396 else if (strcmp(attributeName, "ModelSystemClass") == 0)
397 attributeValue = &conf->compIDs[level].ModelSystemClass;
398 else if (strcmp(attributeName, "VersionMajor") == 0)
399 attributeValue = &conf->compIDs[level].VersionMajor;
400 else if (strcmp(attributeName, "VersionMinor") == 0)
401 attributeValue = &conf->compIDs[level].VersionMinor;
402 else if (strcmp(attributeName, "VersionBuild") == 0)
403 attributeValue = &conf->compIDs[level].VersionBuild;
404 else if (strcmp(attributeName, "VersionString") == 0)
405 attributeValue = &conf->compIDs[level].VersionString;
406 else if (strcmp(attributeName, "MfgDate") == 0)
407 attributeValue = &conf->compIDs[level].MfgDate;
408 else if (strcmp(attributeName, "PatchLevel") == 0)
409 attributeValue = &conf->compIDs[level].PatchLevel;
410 else if (strcmp(attributeName, "DiscretePatches") == 0)
411 attributeValue = &conf->compIDs[level].DiscretePatches;
412 else if (strcmp(attributeName, "VendorID_Name") == 0)
413 attributeValue = &conf->compIDs[level].VendorID_Name;
414 else if (strcmp(attributeName, "TcgVendorId") == 0) {
415 conf->compIDs[level].VendorID_type = VENDORID_TYPE_TCG;
416 attributeValue = &conf->compIDs[level].VendorID_Value;
417 } else if (strcmp(attributeName, "SmiVendorId") == 0) {
418 conf->compIDs[level].VendorID_type = VENDORID_TYPE_SMI;
419 attributeValue = &conf->compIDs[level].VendorID_Value;
420 } else if (strcmp(attributeName, "VendorGUID") == 0) {
421 conf->compIDs[level].VendorID_type = VENDORID_TYPE_GUID;
422 attributeValue = &conf->compIDs[level].VendorID_Value;
424 LOG(LOG_ERR, "unknown Component ID attribute: '%s'\n", attributeName);
428 if (*attributeValue != NULL) {
429 xfree(*attributeValue);
431 *attributeValue = smalloc(value);
432 if (*attributeValue == NULL) {
440 * Read pts config file
444 * filename fullpath or PWD/filename
453 #define LINE_BUF_SIZE 512
455 int readPtsConfig(OPENPTS_CONFIG *conf, char *filename) {
456 int rc = PTS_SUCCESS;
458 char line[LINE_BUF_SIZE];
462 char *filename2 = NULL; // fullpath
465 int isFileIncorrect = 0;
468 char *aik_storage_filename = NULL;
471 DEBUG("readPtsConfig() : %s\n", filename);
473 if (filename == NULL) {
474 LOG(LOG_ERR, "readPtsConfig - filename is NULL\n");
475 return PTS_INTERNAL_ERROR;
478 /* config filename -> fullpath -> filename2 */
479 if (filename[0] != '/') {
480 /* => get fullpath */
481 path = getenv("PWD");
482 if (path[0] != '/') {
483 LOG(LOG_ERR, "readPtsConfig() - path, '%s' is not a full path", path);
485 filename2 = getFullpathName(path, filename);
487 /* started by /, seems full path */
488 filename2 = smalloc(filename);
490 if (filename2 == NULL) {
491 return PTS_INTERNAL_ERROR;
494 /* set config filename (fullpath) to conf*/
495 if (conf->config_file != NULL) {
496 /* replace, free old conf path */
497 xfree(conf->config_file);
499 conf->config_file = smalloc_assert(filename2);
501 /* dir where config file -> config_dir */
502 if (conf->config_dir != NULL) {
504 xfree(conf->config_dir);
506 conf->config_dir = getFullpathDir(filename2);
509 if ((fp = fopen(filename2, "r")) == NULL) {
510 DEBUG("readPtsConfig - File %s open was failed\n", filename2);
511 rc = PTS_INTERNAL_ERROR;
518 while (fgets(line, LINE_BUF_SIZE, fp) != NULL) { // read line
520 line_len = strlen(line);
522 /* check for line length */
523 if (line_len == LINE_BUF_SIZE) {
524 LOG(LOG_ERR, "Line too long in %s at line %d\n", filename2, cnt);
529 /* strip trailing CR */
530 if (line[line_len-1] == '\n') line[--line_len] = '\0';
532 if (line[0] == '#') {
534 } else if ((eq = strstr(line, "=")) != NULL) { /* name=value line */
543 replace the curent setting based on the location of config file
544 to path set by config file.
546 if (!strncmp(name, "config.dir", 10)) {
547 DEBUG("conf dir : %s\n", value);
548 if (value[0] != '/') {
549 /* => get fullpath */
550 path = getFullpathName(conf->config_dir, value);
551 xfree(conf->config_dir);
552 conf->config_dir = path;
554 /* started by /, seems full path, just replace */
555 xfree(conf->config_dir);
556 conf->config_dir = smalloc_assert(value);
560 /* openpts_pcr_index */
561 if (!strncmp(name, "openpts.pcr.index", 17)) {
562 conf->openpts_pcr_index = atoi(value);
563 DEBUG("openpts_pcr_index = %d\n", conf->openpts_pcr_index);
566 /* How to get the IML? 0: via tss, 1:securityfs */
567 if (!strncmp(name, "iml.mode", 8)) {
568 if (!strncmp(value, "securityfs", 10)) {
570 } else if (!strncmp(value, "tss", 3)) {
573 LOG(LOG_ERR, "iml.mode is neither 'securityfs' or 'tss'\n");
579 /* srk.password.mode */
580 if (!strncmp(name, "srk.password.mode", 17)) {
581 if (!strncmp(value, "null", 4)) {
582 conf->srk_password_mode = 0;
583 DEBUG("conf->srk_password_mode : null\n");
584 } else if (!strncmp(value, "known", 5)) {
585 conf->srk_password_mode = 1;
586 DEBUG("conf->srk_password_mode : known\n");
588 LOG(LOG_ERR, "Bad srk.password.mode flag '%s' in %s\n",
595 /* tpm.resetdalock */
596 if (!strncmp(name, "tpm.resetdalock", 15)) {
597 if (!strncmp(value, "on", 2)) {
598 conf->tpm_resetdalock = 1;
599 DEBUG("conf->tpm_resetdalock : on\n");
600 } else if (!strncmp(value, "off", 3)) {
601 conf->tpm_resetdalock = 0; // default
602 DEBUG("conf->tpm_resetdalock : off (default)\n");
604 LOG(LOG_ERR, "Bad tpm.resetdalock flag '%s' in %s\n",
612 if (!strncmp(name, "tpm.quote.type", 14)) {
613 if (!strncmp(value, "quote2", 6)) {
614 conf->tpm_quote_type = 0; // default
615 DEBUG("conf->tpm_quote_type : quote2 (default)\n");
616 } else if (!strncmp(value, "quote", 5)) {
617 conf->tpm_quote_type = 1;
618 DEBUG("conf->tpm_quote_type : quote\n");
620 LOG(LOG_ERR, "Bad tpm.quote.type flag %s\n", value);
626 /* Endian for cross platform debug */
627 if (!strncmp(name, "iml.endian", 10)) {
628 if (!strncmp(value, "little", 6)) {
630 conf->iml_endian = 2; // = mode option of getBiosIml()
631 DEBUG("convert endian mode\n");
633 conf->iml_endian = 0;
635 } else if (!strncmp(value, "big", 3)) {
637 conf->iml_endian = 0;
639 conf->iml_endian = 2;
640 DEBUG("endian mode : convert\n");
643 LOG(LOG_ERR, "iml.endian is neither 'big' or 'little'\n");
650 if (!strncmp(name, "iml.aligned", 11)) {
651 conf->iml_aligned = atoi(value);
656 if (!strncmp(name, "bios.iml.file", 13)) {
657 conf->bios_iml_filename = getFullpathName(conf->config_dir, value);
658 DEBUG("conf->bios_iml_filename : %s\n", conf->bios_iml_filename);
661 if (!strncmp(name, "runtime.iml.file", 16)) {
662 conf->runtime_iml_filename = getFullpathName(conf->config_dir, value);
663 DEBUG("conf->runtime_iml_filename : %s\n", conf->runtime_iml_filename);
665 if (!strncmp(name, "runtime.iml.type", 16)) {
666 if (!strncmp(value, "IMA31", 5)) {
667 conf->runtime_iml_type = BINARY_IML_TYPE_IMA_31;
668 } else if (!strncmp(value, "IMA32", 5)) {
669 conf->runtime_iml_type = BINARY_IML_TYPE_IMA;
670 } else if (!strncmp(value, "IMA", 3)) {
671 conf->runtime_iml_type = BINARY_IML_TYPE_IMA_ORIGINAL;
673 LOG(LOG_ERR, "unknown runtime.iml.type %s\n", value);
679 if (!strncmp(name, "pcrs.file", 9)) {
680 conf->pcrs_filename = getFullpathName(conf->config_dir, value);
681 DEBUG("conf->pcrs_filename : %s\n", conf->pcrs_filename);
684 // RM config - from 0.2.3
685 if (!strncmp(name, "rm.basedir", 10)) {
686 if (conf->rm_basedir != NULL) {
687 xfree(conf->rm_basedir);
689 conf->rm_basedir = getFullpathName(conf->config_dir, value);
691 if (!strncmp(name, "rm.num", 6)) {
692 conf->rm_num = atoi(value);
693 if (conf->rm_num > MAX_RM_NUM) {
695 "RM number rm.num=%d is larger than MAX_RM_NUM=%d - truncking\n",
696 conf->rm_num, MAX_RM_NUM);
697 conf->rm_num = MAX_RM_NUM;
699 DEBUG("conf->rm_num : %d\n", conf->rm_num);
702 /* IR file (verifier side) */
703 /* Depricated - we use a temporary file in /tmp on collector side */
704 if (!strncmp(name, "ir.file", 7)) {
705 if (conf->ir_filename != NULL) {
706 xfree(conf->ir_filename);
708 conf->ir_filename = getFullpathName(conf->config_dir, value);
709 DEBUG("conf->ir_filename : %s\n", conf->ir_filename);
711 /* IR dir (collector side) */
712 if (!strncmp(name, "ir.dir", 6)) {
713 if (conf->ir_dir != NULL) {
716 conf->ir_dir = getFullpathName(conf->config_dir, value);
717 DEBUG("conf->ir_dir : %s\n", conf->ir_dir);
719 if (!strncmp(name, "prop.file", 9)) {
720 if (conf->prop_filename != NULL) {
721 xfree(conf->prop_filename);
723 conf->prop_filename = getFullpathName(conf->config_dir, value);
725 if (!strncmp(name, "ir.quote", 8)) {
726 if (!strncmp(value, "WITHOUT_QUOTE", 13)) {
727 conf->ir_without_quote = 1;
728 LOG(LOG_TODO, "Generate IR without TPM_Quote signature\n");
733 if (!strncmp(name, "model.dir", 10)) {
734 conf->model_dir = getFullpathName(conf->config_dir, value);
738 if (!strncmp(name, "iml.ipl.maxcount", 16)) {
739 conf->iml_maxcount = atoi(value);
740 DEBUG("conf->iml_maxcount : %d\n", conf->iml_maxcount);
744 if (!strncmp(name, "verifier.logging.dir", 20)) {
745 if (conf->verifier_logging_dir != NULL) {
746 xfree(conf->verifier_logging_dir);
748 conf->verifier_logging_dir = getFullpathName(conf->config_dir, value);
751 if (!strncmp(name, "policy.file", 11)) {
752 if (conf->policy_filename != NULL) {
753 // DEBUG("realloc conf->policy_filename\n"); // TODO realloc happen
754 xfree(conf->policy_filename);
756 conf->policy_filename = getFullpathName(conf->config_dir, value);
760 if (!strncmp(name, "ima.validation.mode", 19)) {
761 if (!strncmp(value, "aide", 4)) {
762 conf->ima_validation_mode = OPENPTS_VALIDATION_MODE_AIDE;
763 } else if (!strncmp(value, "none", 4)) {
764 conf->ima_validation_mode = OPENPTS_VALIDATION_MODE_NONE;
766 LOG(LOG_ERR, "unknown ima.validation.mode [%s]\n", value);
772 if (!strncmp(name, "aide.database.file", 18)) {
773 if (conf->aide_database_filename != NULL) {
774 xfree(conf->aide_database_filename);
776 conf->aide_database_filename = getFullpathName(conf->config_dir, value);
779 if (!strncmp(name, "aide.sqlite.file", 18)) {
780 conf->aide_sqlite_filename = getFullpathName(conf->config_dir, value);
783 if (!strncmp(name, "aide.ignorelist.file", 20)) {
784 if (conf->aide_ignorelist_filename != NULL) {
785 xfree(conf->aide_ignorelist_filename);
787 conf->aide_ignorelist_filename = getFullpathName(conf->config_dir, value);
789 #endif // CONFIG_AIDE
792 if (!strncmp(name, "uuid.file", 9)) {
793 if (conf->uuid == NULL) {
794 conf->uuid = newOpenptsUuid();
796 conf->uuid->filename = getFullpathName(conf->config_dir, value);
797 conf->uuid->status = OPENPTS_UUID_FILENAME_ONLY;
798 rc = readOpenptsUuidFile(conf->uuid);
799 if (rc != PTS_SUCCESS) {
800 /* uuid file is missing */
802 // DEBUG("no UUID file %s\n", conf->uuid->filename);
803 conf->uuid->status = OPENPTS_UUID_FILENAME_ONLY;
804 DEBUG("conf->uuid : not initialized\n");
806 DEBUG("conf->uuid->str : %s\n", conf->uuid->str);
808 } else if (!strncmp(name, "uuid", 4)) {
809 LOG(LOG_ERR, "uuid=XXX is deprecated, in %s\n", filename);
810 if (conf->uuid == NULL) {
811 conf->uuid = newOpenptsUuid();
813 if (conf->uuid->uuid != NULL) {
814 LOG(LOG_TODO, "free conf->uuid \n");
815 xfree(conf->uuid->uuid);
818 conf->uuid->uuid = getUuidFromString(value);
819 if (conf->uuid->uuid == NULL) {
820 LOG(LOG_ERR, "read UUID fail\n");
822 conf->uuid->str = getStringOfUuid(conf->uuid->uuid);
823 if (conf->uuid->str == NULL) {
824 LOG(LOG_ERR, "read UUID fail\n");
828 /* RM UUID for RM set */
829 if (!strncmp(name, "rm.uuid.file", 12)) {
830 if (conf->rm_uuid == NULL) {
831 conf->rm_uuid = newOpenptsUuid();
833 if (conf->rm_uuid->filename != NULL) {
834 xfree(conf->rm_uuid->filename);
836 conf->rm_uuid->filename = getFullpathName(conf->config_dir, value);
837 conf->rm_uuid->status = OPENPTS_UUID_FILENAME_ONLY;
838 rc = readOpenptsUuidFile(conf->rm_uuid);
839 if (rc != PTS_SUCCESS) {
840 /* uuid file is missing */
841 conf->rm_uuid->status = OPENPTS_UUID_FILENAME_ONLY;
843 DEBUG("conf->rm_uuid->str : %s\n", conf->rm_uuid->str);
846 /* NEWRM UUID for next boot */
847 /* NEWRM UUID for RM set */
848 if (!strncmp(name, "newrm.uuid.file", 15)) {
849 if (conf->newrm_uuid == NULL) {
850 conf->newrm_uuid = newOpenptsUuid();
852 if (conf->newrm_uuid->filename != NULL) {
853 xfree(conf->newrm_uuid->filename);
855 conf->newrm_uuid->filename = getFullpathName(conf->config_dir, value);
856 conf->newrm_uuid->status = OPENPTS_UUID_FILENAME_ONLY;
857 rc = readOpenptsUuidFile(conf->newrm_uuid);
858 if (rc != PTS_SUCCESS) {
859 /* uuid file is missing */
860 conf->newrm_uuid->status = OPENPTS_UUID_FILENAME_ONLY;
862 conf->pts_flag[0] |= OPENPTS_FLAG0_NEWRM_EXIST;
863 DEBUG("Read new RM UUID from file %s, UUID=%s. New pts_flag[0]=0x%02x\n",
864 conf->newrm_uuid->filename, conf->newrm_uuid->str, conf->pts_flag[0]);
866 DEBUG("conf->newrm_uuid->str : %s\n", conf->newrm_uuid->str);
868 /* OLDRM UUID for RM set */
869 if (!strncmp(name, "oldrm.uuid.file", 15)) {
870 if (conf->oldrm_uuid == NULL) {
871 conf->oldrm_uuid = newOpenptsUuid();
873 if (conf->oldrm_uuid->filename != NULL) {
874 xfree(conf->oldrm_uuid->filename);
876 conf->oldrm_uuid->filename = getFullpathName(conf->config_dir, value);
877 conf->oldrm_uuid->status = OPENPTS_UUID_FILENAME_ONLY;
878 rc = readOpenptsUuidFile(conf->oldrm_uuid);
879 if (rc != PTS_SUCCESS) {
880 /* uuid file is missing */
881 conf->oldrm_uuid->status = OPENPTS_UUID_FILENAME_ONLY;
883 DEBUG("conf->oldrm_uuid->str : %s\n", conf->oldrm_uuid->str);
887 if (!strncmp(name, "target.uuid", 11)) {
888 if (conf->target_uuid != NULL) {
889 xfree(conf->target_uuid);
891 conf->target_uuid = getUuidFromString(value);
892 if (conf->target_uuid == NULL) {
893 LOG(LOG_ERR, "bad UUID ? %s\n", value);
896 if (conf->str_target_uuid != NULL) {
897 xfree(conf->str_target_uuid);
899 conf->str_target_uuid = getStringOfUuid(conf->target_uuid);
900 if (conf->str_target_uuid == NULL) {
901 LOG(LOG_ERR, "bad UUID ? %s\n", value);
907 if (!strncmp(name, "target.pubkey", 13)) {
908 if (conf->pubkey != NULL) {
911 conf->pubkey = decodeBase64(
915 if (conf->pubkey == NULL) {
916 LOG(LOG_ERR, "decodeBase64");
917 conf->pubkey_length = 0;
919 conf->pubkey_length = buf_len;
920 DEBUG("pubkey length : %d\n", conf->pubkey_length);
926 conf->ssh_username = NULL; // use default values
927 conf->ssh_port = NULL;
929 if (!strncmp(name, "ssh.username", 12)) {
930 conf->ssh_username = smalloc_assert(value);
931 DEBUG("conf->ssh_username : %s\n", conf->ssh_username);
933 if (!strncmp(name, "ssh.port", 8)) {
934 conf->ssh_port = smalloc_assert(value);
935 DEBUG("conf->ssh_port : %s\n", conf->ssh_port);
939 if (!strncmp(name, "hostname", 8)) {
940 if (conf->hostname != NULL) {
941 xfree(conf->hostname);
943 conf->hostname = smalloc_assert(value);
944 DEBUG("conf->hostname : %s\n", conf->hostname);
948 if (!strncmp(name, "selftest", 8)) {
949 if (!strncmp(value, "on", 2)) {
951 } else if (!strncmp(value, "off", 3)) {
952 conf->selftest = 0; // default
954 LOG(LOG_ERR, "unknown selftest %s\n", value);
960 if (!strncmp(name, "autoupdate", 10)) {
961 if (!strncmp(value, "on", 2)) {
962 conf->autoupdate = 1;
963 DEBUG("conf->autoupdate : on\n");
964 } else if (!strncmp(value, "off", 3)) {
965 conf->autoupdate = 0; // default
966 DEBUG("conf->autoupdate : off\n");
968 LOG(LOG_ERR, "unknown autoupdate %s\n", value); // TODO
975 if ((rc = readPtsConfig_CompID(conf, name, value)) != PTS_SUCCESS) {
980 /* PTSV Enrollment */
981 if (!strncmp(name, "enrollment", 10)) {
982 if (!strncmp(value, "none", 4)) {
983 conf->enrollment = IMV_ENROLLMENT_NONE;
984 DEBUG("conf->enrollment : none\n");
985 } else if (!strncmp(value, "credential", 10)) {
986 conf->enrollment = IMV_ENROLLMENT_CREDENTIAL;
987 DEBUG("conf->enrollment : credential\n");
988 } else if (!strncmp(value, "auto", 4)) {
989 conf->enrollment = IMV_ENROLLMENT_AUTO;
990 DEBUG("conf->enrollment : auto\n");
992 LOG(LOG_ERR, "unknown enrollment %s\n", value); // TODO
993 conf->enrollment = 0;
997 /* Atetstation(sign) key*/
998 if (!strncmp(name, "aik.storage.type", 16)) {
999 if (!strncmp(value, "tss", 3)) {
1000 conf->aik_storage_type = OPENPTS_AIK_STORAGE_TYPE_TSS;
1001 DEBUG("conf->aik_storage_type : none\n");
1002 } else if (!strncmp(value, "blob", 4)) {
1003 conf->aik_storage_type = OPENPTS_AIK_STORAGE_TYPE_BLOB;
1004 DEBUG("conf->aik_storage_type : blob\n");
1006 LOG(LOG_ERR, "unknown aik.storage.type %s\n", value); // TODO
1007 conf->aik_storage_type = 0;
1010 if (!strncmp(name, "aik.storage.filename", 20)) {
1011 if (aik_storage_filename != NULL) {
1012 free(aik_storage_filename);
1014 aik_storage_filename = smalloc(value);
1015 DEBUG("aik_storage_filename : CONF/%s\n", aik_storage_filename);
1017 if (!strncmp(name, "aik.auth.type", 13)) {
1018 if (!strncmp(value, "null", 4)) {
1019 conf->aik_auth_type = OPENPTS_AIK_AUTH_TYPE_NULL;
1020 DEBUG("conf->aik_auth_type : null\n");
1021 } else if (!strncmp(value, "common", 6)) {
1022 conf->aik_auth_type = OPENPTS_AIK_AUTH_TYPE_COMMON;
1023 DEBUG("conf->aik_auth_type : common\n");
1025 LOG(LOG_ERR, "unknown aik.auth.type %s\n", value); // TODO
1026 conf->aik_auth_type = 0;
1031 if (!strncmp(name, "verbose", 7)) {
1032 setVerbosity(atoi(value));
1033 DEBUG("Verbosity : %d (set by conf)\n", getVerbosity());
1035 if (!strncmp(name, "logging.location", 16)) {
1036 if (!strncmp(value, "syslog", 6)) {
1037 setLogLocation(OPENPTS_LOG_SYSLOG, NULL);
1038 DEBUG("Logging location : syslog\n");
1039 } else if (!strncmp(value, "console", 6)) {
1040 setLogLocation(OPENPTS_LOG_CONSOLE, NULL);
1041 DEBUG("Logging location : console\n");
1043 LOG(LOG_ERR, "unknown aik.storage.type %s\n", value); // TODO
1044 conf->aik_storage_type = 0;
1047 if (!strncmp(name, "logging.file", 12)) {
1049 log_filename = getFullpathName(conf->config_dir, value);
1050 setLogLocation(OPENPTS_LOG_FILE, log_filename);
1051 DEBUG("Logging location : file (%s)\n", log_filename);
1052 xfree(log_filename);
1054 if (!strncmp(name, "debug.mode", 11)) {
1055 debugBits = (int) strtol(value, NULL, 16);
1056 DEBUG("DEBUG mode : 0x%x\n", debugBits);
1061 /* accept only blank lines */
1065 while (*ptr != '\0') {
1066 if (!isspace(*ptr)) {
1067 LOG(LOG_ERR, "Syntax error in %s at line %d\n", filename2, cnt);
1068 isFileIncorrect = 1;
1076 if (conf->verifier_logging_dir == NULL) {
1077 /* set default logging dir */
1078 conf->verifier_logging_dir = smalloc_assert("~/.openpts");
1081 /* Atetstation(sign) key */
1082 if (conf->aik_storage_type == OPENPTS_AIK_STORAGE_TYPE_BLOB) {
1083 if (aik_storage_filename == NULL) {
1084 /* set the default filename if missed */
1085 conf->aik_storage_filename = getFullpathName(conf->config_dir, "key.blob");
1087 conf->aik_storage_filename =
1088 getFullpathName(conf->config_dir, aik_storage_filename);
1089 free(aik_storage_filename);
1091 DEBUG("conf->aik_storage_filename : %s\n", conf->aik_storage_filename);
1095 if (conf->uuid != NULL) {
1096 DEBUG("conf->uuid->filename : %s\n", conf->uuid->filename);
1098 // DEBUG("conf->uuid->filename : uuid is not initialized\n");
1100 if (conf->rm_uuid != NULL) {
1101 DEBUG("conf->rm_uuid->filename : %s\n", conf->rm_uuid->filename);
1103 // DEBUG("conf->rm_uuid->filename : rm_uuid is not initialized\n");
1111 if (isFileIncorrect) {
1112 OUTPUT(NLS(MS_OPENPTS, OPENPTS_COLLECTOR_BAD_CONFIG_FILE, "Bad configuration file\n"));
1113 rc = PTS_INTERNAL_ERROR;
1120 OUTPUT(NLS(MS_OPENPTS, OPENPTS_CONFIG_MISSING, "Cannot open config file '%s'\n"), filename2);
1121 rc = PTS_INTERNAL_ERROR;
1124 if (filename2 != NULL) xfree(filename2);
1130 static void writeTargetConf_CompID(OPENPTS_CONFIG *conf, FILE *fp) {
1133 for (level = 0; level < MAX_RM_NUM; level++) {
1134 if (conf->compIDs[level].SimpleName != NULL)
1135 fprintf(fp, "rm.compid.%d.SimpleName=%s\n", level, conf->compIDs[level].SimpleName);
1136 if (conf->compIDs[level].ModelName != NULL)
1137 fprintf(fp, "rm.compid.%d.ModelName=%s\n", level, conf->compIDs[level].ModelName);
1138 if (conf->compIDs[level].ModelNumber != NULL)
1139 fprintf(fp, "rm.compid.%d.ModelNumber=%s\n", level, conf->compIDs[level].ModelNumber);
1140 if (conf->compIDs[level].ModelSerialNumber != NULL)
1141 fprintf(fp, "rm.compid.%d.ModelSerialNumber=%s\n", level, conf->compIDs[level].ModelSerialNumber);
1142 if (conf->compIDs[level].ModelSystemClass != NULL)
1143 fprintf(fp, "rm.compid.%d.ModelSystemClass=%s\n", level, conf->compIDs[level].ModelSystemClass);
1144 if (conf->compIDs[level].VersionMajor != NULL)
1145 fprintf(fp, "rm.compid.%d.VersionMajor=%s\n", level, conf->compIDs[level].VersionMajor);
1146 if (conf->compIDs[level].VersionMinor != NULL)
1147 fprintf(fp, "rm.compid.%d.VersionMinor=%s\n", level, conf->compIDs[level].VersionMinor);
1148 if (conf->compIDs[level].VersionBuild != NULL)
1149 fprintf(fp, "rm.compid.%d.VersionBuild=%s\n", level, conf->compIDs[level].VersionBuild);
1150 if (conf->compIDs[level].VersionString != NULL)
1151 fprintf(fp, "rm.compid.%d.VersionString=%s\n", level, conf->compIDs[level].VersionString);
1152 if (conf->compIDs[level].MfgDate != NULL)
1153 fprintf(fp, "rm.compid.%d.MfgDate=%s\n", level, conf->compIDs[level].MfgDate);
1154 if (conf->compIDs[level].PatchLevel != NULL)
1155 fprintf(fp, "rm.compid.%d.PatchLevel=%s\n", level, conf->compIDs[level].PatchLevel);
1156 if (conf->compIDs[level].DiscretePatches != NULL)
1157 fprintf(fp, "rm.compid.%d.DiscretePatches=%s\n", level, conf->compIDs[level].DiscretePatches);
1158 if (conf->compIDs[level].VendorID_Name != NULL)
1159 fprintf(fp, "rm.compid.%d.VendorID_Name=%s\n", level, conf->compIDs[level].VendorID_Name);
1160 if (conf->compIDs[level].VendorID_Value != NULL) {
1161 fprintf(fp, "rm.compid.%d.", level);
1162 switch (conf->compIDs[level].VendorID_type) {
1163 case VENDORID_TYPE_TCG: fprintf(fp, "TcgVendorId="); break;
1164 case VENDORID_TYPE_SMI: fprintf(fp, "SmiVendorId="); break;
1165 case VENDORID_TYPE_GUID: fprintf(fp, "VendorGUID="); break;
1167 fprintf(fp, "%s\n", conf->compIDs[level].VendorID_Value);
1176 * HOME/.openpts/hostname/target.conf
1178 * IntegrationTest : check_ifm.c
1182 int writeTargetConf(OPENPTS_CONFIG *conf, PTS_UUID *uuid, char *filename) {
1187 DEBUG("writeTargetConf : %s\n", filename);
1190 if ((fp = fopen(filename, "w")) == NULL) {
1191 LOG(LOG_ERR, "writeTargetConf - Conf File %s open was failed\n", filename);
1195 str_uuid = getStringOfUuid(uuid);
1196 // TODO check 6 free
1198 fprintf(fp, "# generated by openpts. do not edit this file\n");
1199 fprintf(fp, "target.uuid=%s\n", str_uuid);
1201 if (conf->pubkey_length > 0) {
1206 (unsigned char *)conf->pubkey,
1207 conf->pubkey_length,
1209 fprintf(fp, "target.pubkey=%s\n", buf); // base64
1213 fprintf(fp, "verifier.logging.dir=./\n");
1214 fprintf(fp, "policy.file=./policy.conf\n");
1218 fprintf(fp, "rm.basedir=./\n");
1219 fprintf(fp, "rm.num=%d\n", conf->rm_num);
1221 fprintf(fp, "rm.uuid.file=./rm_uuid\n");
1222 fprintf(fp, "newrm.uuid.file=./newrm_uuid\n");
1223 fprintf(fp, "oldrm.uuid.file=./oldrm_uuid\n");
1224 fprintf(fp, "ir.file=./ir.xml\n");
1225 fprintf(fp, "prop.file=./vr.properties\n");
1228 if (conf->ima_validation_mode == OPENPTS_VALIDATION_MODE_AIDE) {
1229 fprintf(fp, "ima.validation.mode=aide\n");
1230 fprintf(fp, "aide.database.file=./aide.db.gz\n");
1231 #ifdef CONFIG_SQLITE
1232 fprintf(fp, "aide.sqlite.file=./aide.sqlite.db\n");
1234 fprintf(fp, "aide.ignorelist.file=./aide.ignore\n");
1236 fprintf(fp, "ima.validation.mode=none\n");
1240 // #ifdef CONFIG_AUTO_RM_UPDATE
1241 // fprintf(fp, "autoupdate=on\n");
1245 if (conf->ssh_username != NULL) {
1246 fprintf(fp, "ssh.username=%s\n", conf->ssh_username);
1248 if (conf->ssh_port != NULL) {
1249 fprintf(fp, "ssh.port=%s\n", conf->ssh_port);
1252 /* target hostname */
1253 // 20110117 move from dir name to conf, since the dir name uses UUID
1254 fprintf(fp, "hostname=%s\n", conf->hostname);
1265 * HOME/.openpts/hostname/target.conf
1267 int readTargetConf(OPENPTS_CONFIG *conf, char *filename) {
1270 DEBUG("readTargetConf : %s\n", filename);
1273 conf->iml_mode = 0; // set TSS
1276 rc = readPtsConfig(conf, filename);
1277 if (rc != PTS_SUCCESS) {
1278 LOG(LOG_ERR, "readTargetConf - fail, rc = %d\n", rc);
1286 * Write openpts (verifier) conf
1288 * HOME/.openpts/openpts.conf
1294 int writeOpenptsConf(OPENPTS_CONFIG *conf, char *filename) {
1298 // DEBUG("writeOpenptsConf %s\n", filename);
1301 if ((fp = fopen(filename, "w")) == NULL) {
1302 LOG(LOG_ERR, "writeOpenptsConf - Conf File %s open was failed\n", filename);
1303 return PTS_INTERNAL_ERROR;
1306 fprintf(fp, "# generated by openpts. do not edit this file\n");
1307 fprintf(fp, "uuid.file=./uuid\n");
1308 fprintf(fp, "verifier.logging.dir=./\n");
1320 * HOME/.openpts/openpts.conf
1322 int readOpenptsConf(OPENPTS_CONFIG *conf, char *filename) {
1325 DEBUG_CAL("readOpenptsConf %s\n", filename);
1329 LOG(LOG_ERR, "null input");
1332 if (filename == NULL) {
1333 LOG(LOG_ERR, "null input");
1337 rc = readPtsConfig(conf, filename);
1339 LOG(LOG_ERR, "readOpenptsConf - fail, rc = %d\n", rc);
1346 * Set Model Filename
1348 * level Snapshot level (0 or 1)
1350 int setModelFile(OPENPTS_CONFIG *conf, int index, int level, char *filename) {
1353 LOG(LOG_ERR, "null input");
1357 if (level >= MAX_RM_NUM) {
1359 "setModelFile()- PCR[%d] trying to affect a model file(%s) to a level(%d) greater than MAX_RM_NUM(%d)\n",
1360 index, filename, level, MAX_RM_NUM);
1364 if (conf->model_filename[level][index] != NULL) {
1365 xfree(conf->model_filename[level][index]);
1368 conf->model_filename[level][index] = smalloc(filename);
1370 if (conf->model_filename[level][index] == NULL) {