Commit 0743501d authored by Cody Cutler's avatar Cody Cutler Committed by Mike Hibler

Trusted disk loading support, merged from tpm-tmcd branch.

Add mechanism to verify TPM generated quotes, require them for the
"securestate" TMCD command, and add some testcases/helper programs in
tools/tspitests.  Add additional SECURE* state machines to stated for
tracking nodes through the secure load and secure boot processes.

See http://www.cs.utah.edu/flux/papers/tdls-cset10-base.html for details.
parents 22c50767 bf6ef45d
......@@ -1493,7 +1493,7 @@ PlayFrisbee(void)
if (!nodecompress) {
subtype = p->hdr.subtype = PKTSUBTYPE_JOIN;
p->hdr.datalen = sizeof(p->msg.join);
p->msg.join2.clientid = myid;
p->msg.join.clientid = myid;
} else {
subtype = p->hdr.subtype = PKTSUBTYPE_JOIN2;
p->hdr.datalen = sizeof(p->msg.join2);
......@@ -1514,6 +1514,12 @@ PlayFrisbee(void)
if (PacketReceive(p) == 0 &&
p->hdr.subtype == subtype &&
p->hdr.type == PKTTYPE_REPLY) {
if (subtype == PKTSUBTYPE_JOIN) {
p->msg.join2.chunksize = MAXCHUNKSIZE;
p->msg.join2.blocksize = MAXBLOCKSIZE;
p->msg.join2.bytecount =
p->msg.join.blockcount * MAXBLOCKSIZE;
}
CLEVENT(1, EV_CLIJOINREP,
CHUNKSIZE, BLOCKSIZE,
(p->msg.join2.bytecount >> 32),
......
......@@ -36,7 +36,7 @@ CREATE TABLE `geni_authorities` (
`uuid_prefix` varchar(12) NOT NULL default '',
`created` datetime default NULL,
`expires` datetime default NULL,
`type` enum('sa','ma','ch','cm','ses') NOT NULL default 'sa',
`type` enum('sa','ma','ch','cm','ses','am') NOT NULL default 'sa',
`disabled` tinyint(1) NOT NULL default '0',
`url` tinytext,
`urn` tinytext,
......
......@@ -208,7 +208,8 @@ sub Resolve($)
elsif (defined($hrn) && !($hrn =~ /^[-\w\.]*$/)) {
return GeniResponse->MalformedArgsResponse();
}
if (! (defined($type) && ($type =~ /^(SA|CM|MA|Component|Slice|User)$/i))){
if (! (defined($type) &&
($type =~ /^(SA|AM|CM|MA|Component|Slice|User)$/i))){
return GeniResponse->MalformedArgsResponse();
}
$type = lc($type);
......@@ -281,7 +282,7 @@ sub Resolve($)
};
return GeniResponse->Create(GENIRESPONSE_SUCCESS, $blob);
}
if ($type eq "cm") {
if ($type eq "cm" || $type eq "am") {
my $manager = GeniAuthority->Lookup($lookup_token);
if (!defined($manager)) {
return GeniResponse->Create(GENIRESPONSE_SEARCHFAILED, undef,
......@@ -339,7 +340,7 @@ sub Register($)
my $type = $argref->{'type'};
if (! (defined($type) &&
($type =~ /^(SA|MA|CM|SES|Component|Slice|User)$/i))){
($type =~ /^(SA|MA|AM|CM|SES|Component|Slice|User)$/i))){
return GeniResponse->MalformedArgsResponse();
}
$type = lc($type);
......@@ -614,7 +615,7 @@ sub Register($)
}
return GeniResponse->Create(GENIRESPONSE_SUCCESS);
}
if ($type eq "cm" || $type eq "sa" || $type eq "ses") {
if ($type eq "cm" || $type eq "sa" || $type eq "ses" || $type eq "am") {
my ($auth, $which, $type) = GeniHRN::Parse($certificate->urn());
my $url = $certificate->URL();
......@@ -661,7 +662,7 @@ sub Remove($)
my $type = $argref->{'type'};
my $token = $uuid || $urn;
if (! (defined($type) && ($type =~ /^(SA|MA|CM|Component|Slice|User)$/))) {
if (! (defined($type) && ($type =~ /^(Slice|User)$/))) {
return GeniResponse->MalformedArgsResponse();
}
if (! ((defined($uuid) || defined($urn)) && defined($cred))) {
......@@ -815,7 +816,7 @@ sub ListComponents($)
#
my @results = ();
my $query_result = DBQueryWarn("select uuid from geni_authorities ".
"where type='cm'");
"where type='cm' or type='am'");
return GeniResponse->Create(GENIRESPONSE_DBERROR)
if (!defined($query_result));
......
......@@ -10,8 +10,17 @@ sub DoUpdate($$$)
DBSetDefault($dbhandle);
#
# This is a fixup.
#
if (DBKeyExists("geni_authorities", "urn")) {
DBQueryFatal("ALTER TABLE `geni_authorities` drop key `urn`");
}
DBQueryFatal("ALTER TABLE `geni_authorities` " .
"add unique key `urn` (`urn`(255))");
DBQueryFatal( "ALTER TABLE `geni_authorities` " .
"MODIFY `type` enum( 'sa', 'ma', 'ch', 'cm', 'ses', 'am' ) " .
"MODIFY `type` enum( 'sa', 'ma', 'ch', 'cm', 'ses', 'am' ) ".
"NOT NULL DEFAULT 'sa'" );
return 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment