#2827

Committed 13 May 2025 12:48PM UTC coverage: 73.203% (-0.09%) from 73.293%

Build # #2827

Build Type

push

travis-ci

Committed by

web-flow

Commit Message

Merge c4cda135b into 29d533fbf

Run Details

7149 of 9766 relevant lines covered (73.2%)

14116.95 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

22.22

/src/swtpm_setup/swtpm_setup_utils.c

/* SPDX-License-Identifier: BSD-3-Clause */
/*
 * swtpm_setup_utils.c: Utility functions for swtpm_setup
 *
 * Author: Stefan Berger, stefanb@linux.ibm.com
 *
 * Copyright (c) IBM Corporation, 2021
 */

#include "config.h"

#include <errno.h>
#include <regex.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/utsname.h>
#include <unistd.h>

#include <glib.h>

#include "swtpm_conf.h"
#include "swtpm_utils.h"
#include "swtpm_setup_utils.h"

/* Get a configuration value given its name */
gchar *get_config_value(gchar **config_file_lines, const gchar *configname)
{
    g_autofree gchar *regex = g_strdup_printf("^%s[[:space:]]*=[[:space:]]*([^#\n]*).*",
                                              configname);
    gchar *result = NULL;
    regmatch_t pmatch[2];
    regex_t preg;
    size_t idx;

    if (regcomp(&preg, regex, REG_EXTENDED) != 0) {
        logerr(gl_LOGFILE, "Internal error: Could not compile regex\n");
        return NULL;
    }

    for (idx = 0; config_file_lines[idx] != NULL; idx++) {
        const gchar *line = config_file_lines[idx];
        if (regexec(&preg, line, 2, pmatch, 0) == 0) {
            g_autofree gchar *tmp = NULL;

            tmp = g_strndup(&line[pmatch[1].rm_so],
                            pmatch[1].rm_eo - pmatch[1].rm_so);
            g_strchomp(tmp);
            result = resolve_string(tmp);
            break;
        }
    }

    regfree(&preg);

    return result;
}

/* Create swtpm_setup and swtpm-localca config files for a user
 *
 * @overwrite: TRUE:  overwrite any existing config files
 *             FALSE: return error if any file exists
 * @root_flag: TRUE:  create the config files under root's home
 *                    directory shadowing any existing config files in /etc/
 *             FALSE: refuse to create config files as root
 * @skip_if_exist: TRUE  if any one config files exists return with no error
 *
 */
int create_config_files(gboolean overwrite, gboolean root_flag,
                        gboolean skip_if_exist)
{
    enum {
        SWTPM_SETUP_CONF = 0,
        SWTPM_LOCALCA_CONF = 1,
        SWTPM_LOCALCA_OPTIONS = 2,
        NUM_FILES = 3,
    };
    const gchar *filenames[NUM_FILES] = {
        "swtpm_setup.conf",
        "swtpm-localca.conf",
        "swtpm-localca.options"
    };
    const gchar *configdir = g_get_user_config_dir();
    g_autofree gchar *create_certs_tool = NULL;
    g_autofree gchar *swtpm_localca_dir = NULL;
    g_autofree gchar *signkey = NULL;
    g_autofree gchar *issuercert = NULL;
    g_autofree gchar *certserial = NULL;
    g_autofree gchar *platform_manufacturer = NULL;
    g_autofree gchar *platform_version = NULL;
    g_autofree gchar *platform_model = NULL;
    g_autoptr(GError) error = NULL;
    gboolean delete_files = FALSE;
    g_auto(GStrv) configfiles = NULL;
    g_auto(GStrv) filedata = NULL;
    struct utsname utsname;
    int ret = 1;
    size_t i;

    if (getuid() == 0 && !root_flag) {
        fprintf(stderr, "Requiring the 'root' flag since the configuration "
                        "files will shadow those in %s.\n", SYSCONFDIR);
        goto error;
    }

    configfiles = g_new0(gchar *, NUM_FILES + 1);
    for (i = 0; i < NUM_FILES; i++) {
        configfiles[i] = g_build_filename(configdir, filenames[i], NULL);
        if (!overwrite && g_file_test(configfiles[i], G_FILE_TEST_EXISTS)) {
            if (skip_if_exist) {
                ret = 0;
            } else {
                fprintf(stderr, "File %s already exists. Refusing to overwrite.\n",
                        configfiles[i]);
            }
            goto out;
        }
    }

    swtpm_localca_dir = g_build_filename(configdir,
                                         "var", "lib", "swtpm-localca", NULL);
    if (g_mkdir_with_parents(swtpm_localca_dir, 0775) < 0) {
        fprintf(stderr, "Could not create %s: %s\n",
                swtpm_localca_dir, strerror(errno));
        goto error;
    }

    filedata = g_new0(gchar *, NUM_FILES + 1);

    /* setpm_setup.conf */
    create_certs_tool = g_build_filename(BINDIR,
                                         "swtpm_localca", NULL);
    filedata[SWTPM_SETUP_CONF] = g_strdup_printf(
        "create_certs_tool = %s\n"
        "create_certs_tool_config = %s\n"
        "create_certs_tool_options = %s\n"
        "# Comma-separated list (no spaces) of PCR banks to activate by default\n"
        "active_pcr_banks = %s\n",
        create_certs_tool,
        configfiles[SWTPM_LOCALCA_CONF],
        configfiles[SWTPM_LOCALCA_OPTIONS],
        DEFAULT_PCR_BANKS
    );

    /* swtpm-localca.conf */
    signkey = g_build_filename(swtpm_localca_dir, "signkey.pem", NULL);
    issuercert = g_build_filename(swtpm_localca_dir, "issuercert.pem", NULL);
    certserial = g_build_filename(swtpm_localca_dir, "certserial", NULL);
    filedata[SWTPM_LOCALCA_CONF] = g_strdup_printf(
        "statedir = %s\n"
        "signingkey = %s\n"
        "issuercert = %s\n"
        "certserial = %s\n",
        swtpm_localca_dir,
        signkey,
        issuercert,
        certserial
    );

    /* swtpm-localca.options */
    if (uname(&utsname) < 0) {
        fprintf(stderr, "uname failed: %s\n", strerror(errno));
        goto error;
    }

    platform_manufacturer = str_replace(utsname.sysname, " ", "_");
    platform_version = str_replace(utsname.version, " ", "_");
    platform_model = str_replace(utsname.sysname, " ", "_");

    filedata[SWTPM_LOCALCA_OPTIONS] = g_strdup_printf(
        "--platform-manufacturer %s\n"
        "--platform-version %s\n"
        "--platform-model %s\n",
        platform_manufacturer,
        platform_version,
        platform_model
    );

    for (i = 0; i < NUM_FILES; i++) {
        fprintf(stdout, "Writing %s.\n", configfiles[i]);
        if (!g_file_set_contents(configfiles[i], filedata[i], -1, &error)) {
            fprintf(stderr,
                    "Could not write to %s: %s\n",
                    configfiles[i], strerror(errno));
            delete_files = TRUE;
            goto error;
        }
    }

    ret = 0;

error:
    if (delete_files) {
        for (i = 0; i < NUM_FILES; i++)
            unlink(configfiles[i]);
    }

out:
    return ret;
}

1	/* SPDX-License-Identifier: BSD-3-Clause */
2	/*
3	* swtpm_setup_utils.c: Utility functions for swtpm_setup
4	*
5	* Author: Stefan Berger, stefanb@linux.ibm.com
6	*
7	* Copyright (c) IBM Corporation, 2021
8	*/
9
10	#include "config.h"
11
12	#include <errno.h>
13	#include <regex.h>
14	#include <stdio.h>
15	#include <stdlib.h>
16	#include <string.h>
17	#include <sys/utsname.h>
18	#include <unistd.h>
19
20	#include <glib.h>
21
22	#include "swtpm_conf.h"
23	#include "swtpm_utils.h"
24	#include "swtpm_setup_utils.h"
25
26	/* Get a configuration value given its name */
27	gchar get_config_value(gchar config_file_lines, const gchar configname)	289✔
28	{
29	g_autofree gchar regex = g_strdup_printf("^%s[[:space:]]=[[:space:]]([^#\n]).*",	289✔
30	configname);
31	gchar *result = NULL;	289✔
32	regmatch_t pmatch[2];	289✔
33	regex_t preg;	289✔
34	size_t idx;	289✔
35
36	if (regcomp(&preg, regex, REG_EXTENDED) != 0) {	289✔
37	logerr(gl_LOGFILE, "Internal error: Could not compile regex\n");	×
38	return NULL;	×
39	}
40
41	for (idx = 0; config_file_lines[idx] != NULL; idx++) {	858✔
42	const gchar *line = config_file_lines[idx];	687✔
43	if (regexec(&preg, line, 2, pmatch, 0) == 0) {	687✔
44	g_autofree gchar *tmp = NULL;	118✔
45
46	tmp = g_strndup(&line[pmatch[1].rm_so],	236✔
47	pmatch[1].rm_eo - pmatch[1].rm_so);	118✔
48	g_strchomp(tmp);	118✔
49	result = resolve_string(tmp);	118✔
50	break;	118✔
51	}
52	}
53
54	regfree(&preg);	289✔
55
56	return result;	289✔
57	}
58
59	/* Create swtpm_setup and swtpm-localca config files for a user
60	*
61	* @overwrite: TRUE: overwrite any existing config files
62	* FALSE: return error if any file exists
63	* @root_flag: TRUE: create the config files under root's home
64	* directory shadowing any existing config files in /etc/
65	* FALSE: refuse to create config files as root
66	* @skip_if_exist: TRUE if any one config files exists return with no error
67	*
68	*/
69	int create_config_files(gboolean overwrite, gboolean root_flag,	×
70	gboolean skip_if_exist)
71	{
72	enum {	×
73	SWTPM_SETUP_CONF = 0,
74	SWTPM_LOCALCA_CONF = 1,
75	SWTPM_LOCALCA_OPTIONS = 2,
76	NUM_FILES = 3,
77	};
78	const gchar *filenames[NUM_FILES] = {	×
79	"swtpm_setup.conf",
80	"swtpm-localca.conf",
81	"swtpm-localca.options"
82	};
83	const gchar *configdir = g_get_user_config_dir();	×
84	g_autofree gchar *create_certs_tool = NULL;	×
85	g_autofree gchar *swtpm_localca_dir = NULL;	×
86	g_autofree gchar *signkey = NULL;	×
87	g_autofree gchar *issuercert = NULL;	×
88	g_autofree gchar *certserial = NULL;	×
89	g_autofree gchar *platform_manufacturer = NULL;	×
90	g_autofree gchar *platform_version = NULL;	×
91	g_autofree gchar *platform_model = NULL;	×
92	g_autoptr(GError) error = NULL;	×
93	gboolean delete_files = FALSE;	×
94	g_auto(GStrv) configfiles = NULL;	×
95	g_auto(GStrv) filedata = NULL;	×
96	struct utsname utsname;	×
97	int ret = 1;	×
98	size_t i;	×
99
100	if (getuid() == 0 && !root_flag) {	×
101	fprintf(stderr, "Requiring the 'root' flag since the configuration "	×
102	"files will shadow those in %s.\n", SYSCONFDIR);
103	goto error;	×
104	}
105
106	configfiles = g_new0(gchar *, NUM_FILES + 1);	×
107	for (i = 0; i < NUM_FILES; i++) {	×
108	configfiles[i] = g_build_filename(configdir, filenames[i], NULL);	×
109	if (!overwrite && g_file_test(configfiles[i], G_FILE_TEST_EXISTS)) {	×
110	if (skip_if_exist) {	×
111	ret = 0;
112	} else {
113	fprintf(stderr, "File %s already exists. Refusing to overwrite.\n",	×
114	configfiles[i]);
115	}
116	goto out;	×
117	}
118	}
119
120	swtpm_localca_dir = g_build_filename(configdir,	×
121	"var", "lib", "swtpm-localca", NULL);
122	if (g_mkdir_with_parents(swtpm_localca_dir, 0775) < 0) {	×
123	fprintf(stderr, "Could not create %s: %s\n",	×
124	swtpm_localca_dir, strerror(errno));	×
125	goto error;	×
126	}
127
128	filedata = g_new0(gchar *, NUM_FILES + 1);	×
129
130	/* setpm_setup.conf */
131	create_certs_tool = g_build_filename(BINDIR,	×
132	"swtpm_localca", NULL);
133	filedata[SWTPM_SETUP_CONF] = g_strdup_printf(	×
134	"create_certs_tool = %s\n"
135	"create_certs_tool_config = %s\n"
136	"create_certs_tool_options = %s\n"
137	"# Comma-separated list (no spaces) of PCR banks to activate by default\n"
138	"active_pcr_banks = %s\n",
139	create_certs_tool,
140	configfiles[SWTPM_LOCALCA_CONF],
141	configfiles[SWTPM_LOCALCA_OPTIONS],
142	DEFAULT_PCR_BANKS
143	);
144
145	/* swtpm-localca.conf */
146	signkey = g_build_filename(swtpm_localca_dir, "signkey.pem", NULL);	×
147	issuercert = g_build_filename(swtpm_localca_dir, "issuercert.pem", NULL);	×
148	certserial = g_build_filename(swtpm_localca_dir, "certserial", NULL);	×
149	filedata[SWTPM_LOCALCA_CONF] = g_strdup_printf(	×
150	"statedir = %s\n"
151	"signingkey = %s\n"
152	"issuercert = %s\n"
153	"certserial = %s\n",
154	swtpm_localca_dir,
155	signkey,
156	issuercert,
157	certserial
158	);
159
160	/* swtpm-localca.options */
161	if (uname(&utsname) < 0) {	×
162	fprintf(stderr, "uname failed: %s\n", strerror(errno));	×
163	goto error;	×
164	}
165
166	platform_manufacturer = str_replace(utsname.sysname, " ", "_");	×
167	platform_version = str_replace(utsname.version, " ", "_");	×
168	platform_model = str_replace(utsname.sysname, " ", "_");	×
169
170	filedata[SWTPM_LOCALCA_OPTIONS] = g_strdup_printf(	×
171	"--platform-manufacturer %s\n"
172	"--platform-version %s\n"
173	"--platform-model %s\n",
174	platform_manufacturer,
175	platform_version,
176	platform_model
177	);
178
179	for (i = 0; i < NUM_FILES; i++) {	×
180	fprintf(stdout, "Writing %s.\n", configfiles[i]);	×
181	if (!g_file_set_contents(configfiles[i], filedata[i], -1, &error)) {	×
182	fprintf(stderr,	×
183	"Could not write to %s: %s\n",
184	configfiles[i], strerror(errno));	×
185	delete_files = TRUE;	×
186	goto error;	×
187	}
188	}
189
190	ret = 0;
191
192	error:	×
193	if (delete_files) {	×
194	for (i = 0; i < NUM_FILES; i++)	×
195	unlink(configfiles[i]);	×
196	}
197
198	out:	×
199	return ret;	×
200	}

stefanberger / swtpm / #2827

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous