#2807

Committed 28 Apr 2025 05:29PM UTC coverage: 73.433%. Remained the same

Build # #2807

Build Type

push

travis-ci

Committed by

web-flow

Commit Message

Merge f0502547c into 9bdd62d1e

Coverage Stats

8046 of 10957 relevant lines covered (73.43%)

13597.31 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

85.42

/src/swtpm_setup/swtpm_backend_dir.c

/* SPDX-License-Identifier: BSD-3-Clause */
/*
 * swtpm_backend_dir.c: storage backend specific functions for dir://
 *
 * Originally by: Stefan Berger, stefanb@linux.ibm.com
 * Refactored as module: Stefan Reiter, stefan@pimaker.at
 */

#include "config.h"

#include <errno.h>
#include <string.h>
#include <unistd.h>
#include <sys/stat.h>

#ifdef __gnu_hurd__
# define PATH_MAX 4096 /* no limit on GNU/Hurd systems */
#endif

#include "swtpm.h"
#include "swtpm_utils.h"

struct dir_state {
    gchar* dir;
};

/* Parse a dir:// URI by removing the prefix if given. */
static void *parse_dir_state(const gchar* uri) {
    struct dir_state *ret;

    if (strncmp(uri, "dir://", 6) == 0) {
        uri += 6;
    }

    ret = g_malloc(sizeof(struct dir_state));
    ret->dir = g_strdup(uri);

    return (void*)ret;
}

/* Check user access in 'mode' to directory specified in backend state. */
static int check_access(void *state, int mode, const struct passwd *curr_user) {
    gchar *tpm_state_path = ((struct dir_state*)state)->dir;
    gchar *p;
    struct stat statbuf;
    char path[PATH_MAX];

    /* check lockfile */
    p = pathjoin(path, sizeof(path), tpm_state_path, ".lock", NULL);
    if (!p)
        return 1;
    if (stat(p, &statbuf) == 0 && access(p, R_OK|W_OK) != 0) {
        logerr(gl_LOGFILE, "User %s cannot read/write lockfile %s.\n",
               curr_user ? curr_user->pw_name : "<unknown>", p);
        return 1;
    }

    /* check access to state directory itself */
    return check_directory_access(tpm_state_path, mode, curr_user);
}

/* Delete swtpm's state file. Those are the files with suffixes
 * 'permall', 'volatilestate', and 'savestate'.
 */
static int delete_statefiles(void *state)
{
    gchar *tpm_state_path = ((struct dir_state*)state)->dir;
    GError *error = NULL;
    GDir *dir = g_dir_open(tpm_state_path, 0, &error);
    int ret = 1;

    if (dir == NULL) {
        logerr(gl_LOGFILE, "%s\n", error->message);
        g_error_free(error);
        return 1;
    }
    while (1) {
        const gchar *fn = g_dir_read_name(dir);

        if (fn == NULL) {
            if (errno != 0 && errno != ENOENT
#ifdef __FreeBSD__
                && errno != EINVAL
#endif
                ) {
                logerr(gl_LOGFILE, "Error getting next filename: %s\n", strerror(errno));
                break;
            } else {
                ret = 0;
                break;
            }
        }
        if (g_str_has_suffix(fn, "permall") ||
            g_str_has_suffix(fn, "volatilestate") ||
            g_str_has_suffix(fn, "savestate")) {
            g_autofree gchar *fullname = g_strjoin(G_DIR_SEPARATOR_S,
                                                   tpm_state_path, fn, NULL);
            if (unlink(fullname) != 0) {
                logerr(gl_LOGFILE, "Could not remove %s: %s\n", fn, strerror(errno));
                break;
            }
        }
    }

    g_dir_close(dir);

    return ret;
}

/* Free an instance of dir_state. */
static void free_dir_state(void *state) {
    if (state) {
        struct dir_state *dstate = (struct dir_state*)state;
        g_free(dstate->dir);
        g_free(dstate);
    }
}

struct swtpm_backend_ops swtpm_backend_dir = {
    .parse_backend = parse_dir_state,
    .check_access = check_access,
    .delete_state = delete_statefiles,
    .free_backend = free_dir_state,
};

1	/* SPDX-License-Identifier: BSD-3-Clause */
2	/*
3	* swtpm_backend_dir.c: storage backend specific functions for dir://
4	*
5	* Originally by: Stefan Berger, stefanb@linux.ibm.com
6	* Refactored as module: Stefan Reiter, stefan@pimaker.at
7	*/
8
9	#include "config.h"
10
11	#include <errno.h>
12	#include <string.h>
13	#include <unistd.h>
14	#include <sys/stat.h>
15
16	#ifdef __gnu_hurd__
17	# define PATH_MAX 4096 /* no limit on GNU/Hurd systems */
18	#endif
19
20	#include "swtpm.h"
21	#include "swtpm_utils.h"
22
23	struct dir_state {
24	gchar* dir;
25	};
26
27	/* Parse a dir:// URI by removing the prefix if given. */
28	static void parse_dir_state(const gchar uri) {	144✔
29	struct dir_state *ret;	144✔
30
31	if (strncmp(uri, "dir://", 6) == 0) {	144✔
32	uri += 6;	144✔
33	}
34
35	ret = g_malloc(sizeof(struct dir_state));	144✔
36	ret->dir = g_strdup(uri);	144✔
37
38	return (void*)ret;	144✔
39	}
40
41	/* Check user access in 'mode' to directory specified in backend state. */
42	static int check_access(void state, int mode, const struct passwd curr_user) {	144✔
43	gchar tpm_state_path = ((struct dir_state)state)->dir;	144✔
44	gchar *p;	144✔
45	struct stat statbuf;	144✔
46	char path[PATH_MAX];	144✔
47
48	/* check lockfile */
49	p = pathjoin(path, sizeof(path), tpm_state_path, ".lock", NULL);	144✔
50	if (!p)	144✔
51	return 1;
52	if (stat(p, &statbuf) == 0 && access(p, R_OK\|W_OK) != 0) {	144✔
53	logerr(gl_LOGFILE, "User %s cannot read/write lockfile %s.\n",	×
54	curr_user ? curr_user->pw_name : "<unknown>", p);
55	return 1;	×
56	}
57
58	/* check access to state directory itself */
59	return check_directory_access(tpm_state_path, mode, curr_user);	144✔
60	}
61
62	/* Delete swtpm's state file. Those are the files with suffixes
63	* 'permall', 'volatilestate', and 'savestate'.
64	*/
65	static int delete_statefiles(void *state)	142✔
66	{
67	gchar tpm_state_path = ((struct dir_state)state)->dir;	142✔
68	GError *error = NULL;	142✔
69	GDir *dir = g_dir_open(tpm_state_path, 0, &error);	142✔
70	int ret = 1;	142✔
71
72	if (dir == NULL) {	142✔
73	logerr(gl_LOGFILE, "%s\n", error->message);	×
74	g_error_free(error);	×
75	return 1;	×
76	}
77	while (1) {	626✔
78	const gchar *fn = g_dir_read_name(dir);	626✔
79
80	if (fn == NULL) {	626✔
81	if (errno != 0 && errno != ENOENT	142✔
82	#ifdef __FreeBSD__
83	&& errno != EINVAL
84	#endif
85	) {
86	logerr(gl_LOGFILE, "Error getting next filename: %s\n", strerror(errno));	4✔
87	break;	4✔
88	} else {
89	ret = 0;
90	break;
91	}
92	}
93	if (g_str_has_suffix(fn, "permall") \|\|	902✔
94	g_str_has_suffix(fn, "volatilestate") \|\|	836✔
95	g_str_has_suffix(fn, "savestate")) {	418✔
96	g_autofree gchar *fullname = g_strjoin(G_DIR_SEPARATOR_S,	132✔
97	tpm_state_path, fn, NULL);
98	if (unlink(fullname) != 0) {	66✔
99	logerr(gl_LOGFILE, "Could not remove %s: %s\n", fn, strerror(errno));	×
100	break;	×
101	}
102	}
103	}
104
105	g_dir_close(dir);	142✔
106
107	return ret;	142✔
108	}
109
110	/* Free an instance of dir_state. */
111	static void free_dir_state(void *state) {	144✔
112	if (state) {	144✔
113	struct dir_state dstate = (struct dir_state)state;	144✔
114	g_free(dstate->dir);	144✔
115	g_free(dstate);	144✔
116	}
117	}	144✔
118
119	struct swtpm_backend_ops swtpm_backend_dir = {
120	.parse_backend = parse_dir_state,
121	.check_access = check_access,
122	.delete_state = delete_statefiles,
123	.free_backend = free_dir_state,
124	};

stefanberger / swtpm / #2807

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous