#2824

Committed 13 May 2025 12:34PM UTC coverage: 72.964% (-0.5%) from 73.462%

Build # #2824

Build Type

push

travis-ci

Committed by

web-flow

Commit Message

Merge c2b02e9b2 into 1544c99ca

Coverage Stats

7033 of 9639 relevant lines covered (72.96%)

13748.12 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

81.25

/src/swtpm_setup/swtpm_backend_dir.c

/* SPDX-License-Identifier: BSD-3-Clause */
/*
 * swtpm_backend_dir.c: storage backend specific functions for dir://
 *
 * Originally by: Stefan Berger, stefanb@linux.ibm.com
 * Refactored as module: Stefan Reiter, stefan@pimaker.at
 */

#include <errno.h>
#include <string.h>
#include <unistd.h>
#include <sys/stat.h>

#include "swtpm.h"
#include "swtpm_utils.h"

struct dir_state {
    gchar* dir;
};

/* Parse a dir:// URI by removing the prefix if given. */
static void *parse_dir_state(const gchar* uri) {
    struct dir_state *ret;

    if (strncmp(uri, "dir://", 6) == 0) {
        uri += 6;
    }

    ret = g_malloc(sizeof(struct dir_state));
    ret->dir = g_strdup(uri);

    return (void*)ret;
}

/* Check user access in 'mode' to directory specified in backend state. */
static int check_access(void *state, int mode, const struct passwd *curr_user) {
    gchar *tpm_state_path = ((struct dir_state*)state)->dir;
    gchar *p;
    struct stat statbuf;
    char path[PATH_MAX];

    /* check lockfile */
    p = pathjoin(path, sizeof(path), tpm_state_path, ".lock", NULL);
    if (!p)
        return 1;
    if (stat(p, &statbuf) == 0 && access(p, R_OK|W_OK) != 0) {
        logerr(gl_LOGFILE, "User %s cannot read/write lockfile %s.\n",
               curr_user ? curr_user->pw_name : "<unknown>", p);
        return 1;
    }

    /* check access to state directory itself */
    return check_directory_access(tpm_state_path, mode, curr_user);
}

/* Delete swtpm's state file. Those are the files with suffixes
 * 'permall', 'volatilestate', and 'savestate'.
 */
static int delete_statefiles(void *state)
{
    gchar *tpm_state_path = ((struct dir_state*)state)->dir;
    GError *error = NULL;
    GDir *dir = g_dir_open(tpm_state_path, 0, &error);
    int ret = 1;

    if (dir == NULL) {
        logerr(gl_LOGFILE, "%s\n", error->message);
        g_error_free(error);
        return 1;
    }
    while (1) {
        const gchar *fn = g_dir_read_name(dir);

        if (fn == NULL) {
            if (errno != 0 && errno != ENOENT
#ifdef __FreeBSD__
                && errno != EINVAL
#endif
                ) {
                logerr(gl_LOGFILE, "Error getting next filename: %s\n", strerror(errno));
                break;
            } else {
                ret = 0;
                break;
            }
        }
        if (g_str_has_suffix(fn, "permall") ||
            g_str_has_suffix(fn, "volatilestate") ||
            g_str_has_suffix(fn, "savestate")) {
            g_autofree gchar *fullname = g_strjoin(G_DIR_SEPARATOR_S,
                                                   tpm_state_path, fn, NULL);
            if (unlink(fullname) != 0) {
                logerr(gl_LOGFILE, "Could not remove %s: %s\n", fn, strerror(errno));
                break;
            }
        }
    }

    g_dir_close(dir);

    return ret;
}

/* Free an instance of dir_state. */
static void free_dir_state(void *state) {
    if (state) {
        struct dir_state *dstate = (struct dir_state*)state;
        g_free(dstate->dir);
        g_free(dstate);
    }
}

struct swtpm_backend_ops swtpm_backend_dir = {
    .parse_backend = parse_dir_state,
    .check_access = check_access,
    .delete_state = delete_statefiles,
    .free_backend = free_dir_state,
};

1	/* SPDX-License-Identifier: BSD-3-Clause */
2	/*
3	* swtpm_backend_dir.c: storage backend specific functions for dir://
4	*
5	* Originally by: Stefan Berger, stefanb@linux.ibm.com
6	* Refactored as module: Stefan Reiter, stefan@pimaker.at
7	*/
8
9	#include <errno.h>
10	#include <string.h>
11	#include <unistd.h>
12	#include <sys/stat.h>
13
14	#include "swtpm.h"
15	#include "swtpm_utils.h"
16
17	struct dir_state {
18	gchar* dir;
19	};
20
21	/* Parse a dir:// URI by removing the prefix if given. */
22	static void parse_dir_state(const gchar uri) {	74✔
23	struct dir_state *ret;	74✔
24
25	if (strncmp(uri, "dir://", 6) == 0) {	74✔
26	uri += 6;	74✔
27	}
28
29	ret = g_malloc(sizeof(struct dir_state));	74✔
30	ret->dir = g_strdup(uri);	74✔
31
32	return (void*)ret;	74✔
33	}
34
35	/* Check user access in 'mode' to directory specified in backend state. */
36	static int check_access(void state, int mode, const struct passwd curr_user) {	74✔
37	gchar tpm_state_path = ((struct dir_state)state)->dir;	74✔
38	gchar *p;	74✔
39	struct stat statbuf;	74✔
40	char path[PATH_MAX];	74✔
41
42	/* check lockfile */
43	p = pathjoin(path, sizeof(path), tpm_state_path, ".lock", NULL);	74✔
44	if (!p)	74✔
45	return 1;
46	if (stat(p, &statbuf) == 0 && access(p, R_OK\|W_OK) != 0) {	74✔
47	logerr(gl_LOGFILE, "User %s cannot read/write lockfile %s.\n",	×
48	curr_user ? curr_user->pw_name : "<unknown>", p);
49	return 1;	×
50	}
51
52	/* check access to state directory itself */
53	return check_directory_access(tpm_state_path, mode, curr_user);	74✔
54	}
55
56	/* Delete swtpm's state file. Those are the files with suffixes
57	* 'permall', 'volatilestate', and 'savestate'.
58	*/
59	static int delete_statefiles(void *state)	64✔
60	{
61	gchar tpm_state_path = ((struct dir_state)state)->dir;	64✔
62	GError *error = NULL;	64✔
63	GDir *dir = g_dir_open(tpm_state_path, 0, &error);	64✔
64	int ret = 1;	64✔
65
66	if (dir == NULL) {	64✔
67	logerr(gl_LOGFILE, "%s\n", error->message);	×
68	g_error_free(error);	×
69	return 1;	×
70	}
71	while (1) {	160✔
72	const gchar *fn = g_dir_read_name(dir);	160✔
73
74	if (fn == NULL) {	160✔
75	if (errno != 0 && errno != ENOENT	64✔
76	#ifdef __FreeBSD__
77	&& errno != EINVAL
78	#endif
79	) {
80	logerr(gl_LOGFILE, "Error getting next filename: %s\n", strerror(errno));	×
81	break;	×
82	} else {
83	ret = 0;
84	break;
85	}
86	}
87	if (g_str_has_suffix(fn, "permall") \|\|	188✔
88	g_str_has_suffix(fn, "volatilestate") \|\|	184✔
89	g_str_has_suffix(fn, "savestate")) {	92✔
90	g_autofree gchar *fullname = g_strjoin(G_DIR_SEPARATOR_S,	8✔
91	tpm_state_path, fn, NULL);
92	if (unlink(fullname) != 0) {	4✔
93	logerr(gl_LOGFILE, "Could not remove %s: %s\n", fn, strerror(errno));	×
94	break;	×
95	}
96	}
97	}
98
99	g_dir_close(dir);	64✔
100
101	return ret;	64✔
102	}
103
104	/* Free an instance of dir_state. */
105	static void free_dir_state(void *state) {	74✔
106	if (state) {	74✔
107	struct dir_state dstate = (struct dir_state)state;	74✔
108	g_free(dstate->dir);	74✔
109	g_free(dstate);	74✔
110	}
111	}	74✔
112
113	struct swtpm_backend_ops swtpm_backend_dir = {
114	.parse_backend = parse_dir_state,
115	.check_access = check_access,
116	.delete_state = delete_statefiles,
117	.free_backend = free_dir_state,
118	};

stefanberger / swtpm / #2824

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous