]> git.saurik.com Git - apple/configd.git/blob - SystemConfiguration.fproj/helper/SCHelper_server.c
projects / apple / configd.git / blob
? search:


62957bdd5374744f3a519330975480b23b598452
[apple/configd.git] / SystemConfiguration.fproj / helper / SCHelper_server.c
1 /*
2 * Copyright (c) 2005-2011 Apple Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 #include <getopt.h>
25 #include <grp.h>
26 #include <launch.h>
27 #include <pthread.h>
28 #include <stdlib.h>
29 #include <unistd.h>
30 #include <bsm/libbsm.h>
31 #include <sys/types.h>
32 #include <sysexits.h>
33
34 //#define DEBUG_MACH_PORT_ALLOCATIONS
35
36 #include <CoreFoundation/CoreFoundation.h>
37 #include <CoreFoundation/CFRuntime.h>
38 #include <SystemConfiguration/SystemConfiguration.h>
39 #include <SystemConfiguration/SCPrivate.h>
40 #include <SystemConfiguration/SCValidation.h>
41
42 #include "SCPreferencesInternal.h"
43 #include "SCHelper_client.h"
44 #include "helper_types.h"
45
46
47 #pragma mark -
48 #pragma mark SCHelper session managment
49
50
51 #if TARGET_OS_IPHONE
52
53 //
54 // entitlement used to control write access to a given "prefsID"
55 //
56 #define kSCWriteEntitlementName CFSTR("com.apple.SystemConfiguration.SCPreferences-write-access")
57
58 //
59 // entitlement used to allow limited [VPN configuration] write access to the "preferences.plist"
60 //
61 #define kSCVPNFilterEntitlementName CFSTR("com.apple.networking.vpn.configuration")
62
63 #endif // TARGET_OS_IPHONE
64
65
66 typedef enum { NO = 0, YES, UNKNOWN } lazyBoolean;
67
68 typedef const struct __SCHelperSession * SCHelperSessionRef;
69
70 typedef struct {
71
72 // base CFType information
73 CFRuntimeBase cfBase;
74
75 // per session lock
76 pthread_mutex_t lock;
77
78 // authorization
79 AuthorizationRef authorization;
80
81 // session mach port
82 mach_port_t port;
83 CFMachPortRef mp;
84
85 // Mach security audit trailer for evaluating credentials
86 audit_token_t auditToken;
87
88 // write access entitlement associated with this session
89 lazyBoolean callerWriteAccess;
90
91 // VPN configuration filtering
92 CFArrayRef vpnFilter;
93
94 // preferences
95 SCPreferencesRef prefs;
96
97 } SCHelperSessionPrivate, *SCHelperSessionPrivateRef;
98
99
100 static CFStringRef __SCHelperSessionCopyDescription (CFTypeRef cf);
101 static void __SCHelperSessionDeallocate (CFTypeRef cf);
102
103
104 static CFTypeID __kSCHelperSessionTypeID = _kCFRuntimeNotATypeID;
105 static Boolean debug = FALSE;
106 static pthread_once_t initialized = PTHREAD_ONCE_INIT;
107 static CFRunLoopRef main_runLoop = NULL;
108 static CFMutableSetRef sessions = NULL;
109 static int sessions_closed = 0; // count of sessions recently closed
110 static int sessions_generation = 0;
111 static pthread_mutex_t sessions_lock = PTHREAD_MUTEX_INITIALIZER;
112
113
114 #pragma mark -
115
116
117 static AuthorizationRef
118 __SCHelperSessionGetAuthorization(SCHelperSessionRef session)
119 {
120 SCHelperSessionPrivateRef sessionPrivate = (SCHelperSessionPrivateRef)session;
121
122 return sessionPrivate->authorization;
123 }
124
125
126 static Boolean
127 __SCHelperSessionSetAuthorization(SCHelperSessionRef session, CFTypeRef authorizationData)
128 {
129 Boolean ok = TRUE;
130 SCHelperSessionPrivateRef sessionPrivate = (SCHelperSessionPrivateRef)session;
131
132 pthread_mutex_lock(&sessionPrivate->lock);
133
134 #if !TARGET_OS_IPHONE
135 if (sessionPrivate->authorization != NULL) {
136 AuthorizationFree(sessionPrivate->authorization, kAuthorizationFlagDefaults);
137 // AuthorizationFree(sessionPrivate->authorization, kAuthorizationFlagDestroyRights);
138 sessionPrivate->authorization = NULL;
139 }
140
141 if (isA_CFData(authorizationData)) {
142 AuthorizationExternalForm extForm;
143
144 if (CFDataGetLength(authorizationData) == sizeof(extForm.bytes)) {
145 OSStatus err;
146
147 bcopy(CFDataGetBytePtr(authorizationData), extForm.bytes, sizeof(extForm.bytes));
148 err = AuthorizationCreateFromExternalForm(&extForm,
149 &sessionPrivate->authorization);
150 if (err != errAuthorizationSuccess) {
151 SCLog(TRUE, LOG_ERR,
152 CFSTR("AuthorizationCreateFromExternalForm() failed: status = %d"),
153 (int)err);
154 sessionPrivate->authorization = NULL;
155 ok = FALSE;
156 }
157 }
158 }
159 #else // !TARGET_OS_IPHONE
160 if (sessionPrivate->authorization != NULL) {
161 CFRelease(sessionPrivate->authorization);
162 sessionPrivate->authorization = NULL;
163 }
164
165 if (isA_CFString(authorizationData)) {
166 sessionPrivate->authorization = (void *)CFRetain(authorizationData);
167 }
168 #endif // !TARGET_OS_IPHONE
169
170 pthread_mutex_unlock(&sessionPrivate->lock);
171
172 return ok;
173 }
174
175
176 static SCPreferencesRef
177 __SCHelperSessionGetPreferences(SCHelperSessionRef session)
178 {
179 SCHelperSessionPrivateRef sessionPrivate = (SCHelperSessionPrivateRef)session;
180
181 return sessionPrivate->prefs;
182 }
183
184
185 static void
186 __SCHelperSessionSetThreadName(SCHelperSessionRef session)
187 {
188 char *caller = NULL;
189 char name[64];
190 char *path = NULL;
191 char *path_s = NULL;
192 SCHelperSessionPrivateRef sessionPrivate = (SCHelperSessionPrivateRef)session;
193
194
195 if (sessionPrivate->mp == NULL) {
196 return;
197 }
198
199 if (sessionPrivate->prefs != NULL) {
200 SCPreferencesPrivateRef prefsPrivate = (SCPreferencesPrivateRef)sessionPrivate->prefs;
201
202 if (prefsPrivate->name != NULL) {
203 caller = _SC_cfstring_to_cstring(prefsPrivate->name,
204 NULL,
205 0,
206 kCFStringEncodingUTF8);
207 }
208
209 path = (prefsPrivate->newPath != NULL) ? prefsPrivate->newPath : prefsPrivate->path;
210 if (path != NULL) {
211 path_s = strrchr(path, '/');
212 if (path_s != NULL) {
213 path = path_s;
214 }
215 }
216 }
217
218 if (caller != NULL) {
219 snprintf(name, sizeof(name), "SESSION|%p|%s|%s%s",
220 (void *)(uintptr_t)CFMachPortGetPort(sessionPrivate->mp),
221 (caller != NULL) ? caller : "?",
222 (path_s != NULL) ? "*/" : "",
223 (path != NULL) ? path : "?");
224 CFAllocatorDeallocate(NULL, caller);
225 } else {
226 snprintf(name, sizeof(name), "SESSION|%p",
227 (void *)(uintptr_t)CFMachPortGetPort(sessionPrivate->mp));
228 }
229
230 pthread_setname_np(name);
231
232 return;
233 }
234
235
236 static Boolean
237 __SCHelperSessionSetPreferences(SCHelperSessionRef session, SCPreferencesRef prefs)
238 {
239 SCHelperSessionPrivateRef sessionPrivate = (SCHelperSessionPrivateRef)session;
240
241 pthread_mutex_lock(&sessionPrivate->lock);
242
243 if (prefs != NULL) {
244 CFRetain(prefs);
245 }
246 if (sessionPrivate->prefs != NULL) {
247 SCLog(debug, LOG_DEBUG,
248 CFSTR("%p : close"),
249 session);
250 CFRelease(sessionPrivate->prefs);
251 }
252 if (prefs != NULL) {
253 SCLog(debug, LOG_DEBUG,
254 CFSTR("%p : open, prefs = %@"),
255 session,
256 prefs);
257 }
258 sessionPrivate->prefs = prefs;
259
260 __SCHelperSessionSetThreadName(session);
261
262 pthread_mutex_unlock(&sessionPrivate->lock);
263
264 return TRUE;
265 }
266
267
268 static CFArrayRef
269 __SCHelperSessionGetVPNFilter(SCHelperSessionRef session)
270 {
271 SCHelperSessionPrivateRef sessionPrivate = (SCHelperSessionPrivateRef)session;
272
273 return sessionPrivate->vpnFilter;
274 }
275
276
277 static Boolean
278 __SCHelperSessionSetVPNFilter(SCHelperSessionRef session, CFArrayRef vpnFilter)
279 {
280 SCHelperSessionPrivateRef sessionPrivate = (SCHelperSessionPrivateRef)session;
281
282 pthread_mutex_lock(&sessionPrivate->lock);
283
284 if (vpnFilter != NULL) {
285 CFRetain(vpnFilter);
286 }
287 if (sessionPrivate->vpnFilter != NULL) {
288 CFRelease(sessionPrivate->vpnFilter);
289 }
290 sessionPrivate->vpnFilter = vpnFilter;
291
292 pthread_mutex_unlock(&sessionPrivate->lock);
293
294 return TRUE;
295 }
296
297
298 static void
299 __SCHelperSessionLog(const void *value, void *context)
300 {
301 SCHelperSessionRef session = (SCHelperSessionRef)value;
302 SCHelperSessionPrivateRef sessionPrivate = (SCHelperSessionPrivateRef)session;
303
304 pthread_mutex_lock(&sessionPrivate->lock);
305
306 if ((sessionPrivate->mp != NULL) && (sessionPrivate->prefs != NULL)) {
307 SCPreferencesPrivateRef prefsPrivate = (SCPreferencesPrivateRef)sessionPrivate->prefs;
308
309 SCLog(TRUE, LOG_NOTICE,
310 CFSTR(" %p {port = %p, caller = %@, path = %s%s}"),
311 session,
312 CFMachPortGetPort(sessionPrivate->mp),
313 prefsPrivate->name,
314 prefsPrivate->newPath ? prefsPrivate->newPath : prefsPrivate->path,
315 prefsPrivate->locked ? ", locked" : "");
316 }
317
318 pthread_mutex_unlock(&sessionPrivate->lock);
319
320 return;
321 }
322
323
324 #pragma mark -
325
326
327 static const CFRuntimeClass __SCHelperSessionClass = {
328 0, // version
329 "SCHelperSession", // className
330 NULL, // init
331 NULL, // copy
332 __SCHelperSessionDeallocate, // dealloc
333 NULL, // equal
334 NULL, // hash
335 NULL, // copyFormattingDesc
336 __SCHelperSessionCopyDescription // copyDebugDesc
337 };
338
339
340 static CFStringRef
341 __SCHelperSessionCopyDescription(CFTypeRef cf)
342 {
343 CFAllocatorRef allocator = CFGetAllocator(cf);
344 CFMutableStringRef result;
345 SCHelperSessionPrivateRef sessionPrivate = (SCHelperSessionPrivateRef)cf;
346
347 pthread_mutex_lock(&sessionPrivate->lock);
348
349 result = CFStringCreateMutable(allocator, 0);
350 CFStringAppendFormat(result, NULL, CFSTR("<SCHelperSession %p [%p]> {"), cf, allocator);
351 CFStringAppendFormat(result, NULL, CFSTR("authorization = %p"), sessionPrivate->authorization);
352 if (sessionPrivate->mp != NULL) {
353 CFStringAppendFormat(result, NULL,
354 CFSTR(", mp = %p (port = %p)"),
355 sessionPrivate->mp,
356 CFMachPortGetPort(sessionPrivate->mp));
357 }
358 if (sessionPrivate->prefs != NULL) {
359 CFStringAppendFormat(result, NULL, CFSTR(", prefs = %@"), sessionPrivate->prefs);
360 }
361 CFStringAppendFormat(result, NULL, CFSTR("}"));
362
363 pthread_mutex_unlock(&sessionPrivate->lock);
364
365 return result;
366 }
367
368
369 static void
370 __SCHelperSessionDeallocate(CFTypeRef cf)
371 {
372 SCHelperSessionRef session = (SCHelperSessionRef)cf;
373 SCHelperSessionPrivateRef sessionPrivate = (SCHelperSessionPrivateRef)session;
374
375 // we're releasing "a" session so take the global lock...
376 pthread_mutex_lock(&sessions_lock);
377
378 // release resources
379 __SCHelperSessionSetAuthorization(session, NULL);
380 __SCHelperSessionSetPreferences (session, NULL);
381 __SCHelperSessionSetVPNFilter (session, NULL);
382 pthread_mutex_destroy(&sessionPrivate->lock);
383
384 // we no longer need/want to track this session
385 CFSetRemoveValue(sessions, sessionPrivate);
386 sessions_generation++;
387 sessions_closed++;
388
389 // release the global lock, wake up the main runloop, all done
390 pthread_mutex_unlock(&sessions_lock);
391 CFRunLoopWakeUp(main_runLoop);
392
393 return;
394 }
395
396
397 static void
398 __SCHelperSessionInitialize(void)
399 {
400 __kSCHelperSessionTypeID = _CFRuntimeRegisterClass(&__SCHelperSessionClass);
401 return;
402 }
403
404
405 static SCHelperSessionRef
406 __SCHelperSessionCreate(CFAllocatorRef allocator)
407 {
408 SCHelperSessionPrivateRef sessionPrivate;
409 uint32_t size;
410
411 // initialize runtime
412 pthread_once(&initialized, __SCHelperSessionInitialize);
413
414 // allocate session
415 size = sizeof(SCHelperSessionPrivate) - sizeof(CFRuntimeBase);
416 sessionPrivate = (SCHelperSessionPrivateRef)_CFRuntimeCreateInstance(allocator,
417 __kSCHelperSessionTypeID,
418 size,
419 NULL);
420 if (sessionPrivate == NULL) {
421 return NULL;
422 }
423
424 if (pthread_mutex_init(&sessionPrivate->lock, NULL) != 0) {
425 SCLog(TRUE, LOG_ERR, CFSTR("pthread_mutex_init(): failure to initialize per session lock"));
426 CFRelease(sessionPrivate);
427 return NULL;
428 }
429 sessionPrivate->authorization = NULL;
430 sessionPrivate->port = MACH_PORT_NULL;
431 sessionPrivate->mp = NULL;
432 sessionPrivate->callerWriteAccess = UNKNOWN;
433 sessionPrivate->vpnFilter = NULL;
434 sessionPrivate->prefs = NULL;
435
436 // keep track this session
437 pthread_mutex_lock(&sessions_lock);
438 if (sessions == NULL) {
439 const CFSetCallBacks mySetCallBacks = { 0, NULL, NULL, CFCopyDescription, CFEqual, CFHash };
440
441 // create a non-retaining set
442 sessions = CFSetCreateMutable(NULL, 0, &mySetCallBacks);
443 }
444 CFSetAddValue(sessions, sessionPrivate);
445 sessions_generation++;
446 pthread_mutex_unlock(&sessions_lock);
447
448 return (SCHelperSessionRef)sessionPrivate;
449 }
450
451
452 #pragma mark -
453
454
455 static SCHelperSessionRef
456 __SCHelperSessionFindWithPort(mach_port_t port)
457 {
458 SCHelperSessionRef session = NULL;
459
460 // keep track this session
461 pthread_mutex_lock(&sessions_lock);
462 if (sessions != NULL) {
463 CFIndex i;
464 CFIndex n = CFSetGetCount(sessions);
465 const void * vals_q[16];
466 const void ** vals = vals_q;
467
468 if (n > (CFIndex)(sizeof(vals_q) / sizeof(SCHelperSessionRef)))
469 vals = CFAllocatorAllocate(NULL, n * sizeof(CFStringRef), 0);
470 CFSetGetValues(sessions, vals);
471 for (i = 0; i < n; i++) {
472 SCHelperSessionPrivateRef sessionPrivate;
473
474 sessionPrivate = (SCHelperSessionPrivateRef)vals[i];
475 if (sessionPrivate->port == port) {
476 session = (SCHelperSessionRef)sessionPrivate;
477 break;
478 }
479 }
480 if (vals != vals_q)
481 CFAllocatorDeallocate(NULL, vals);
482 }
483 pthread_mutex_unlock(&sessions_lock);
484
485 return session;
486 }
487
488
489 #pragma mark -
490 #pragma mark Helpers
491
492
493 /*
494 * EXIT
495 * (in) data = N/A
496 * (out) status = SCError()
497 * (out) reply = N/A
498 */
499 static Boolean
500 do_Exit(SCHelperSessionRef session, void *info, CFDataRef data, uint32_t *status, CFDataRef *reply)
501 {
502 *status = -1;
503 return FALSE;
504 }
505
506
507 /*
508 * AUTHORIZE
509 * (in) data = AuthorizationExternalForm
510 * (out) status = OSStatus
511 * (out) reply = N/A
512 */
513 static Boolean
514 do_Auth(SCHelperSessionRef session, void *info, CFDataRef data, uint32_t *status, CFDataRef *reply)
515 {
516 Boolean ok;
517
518 #if !TARGET_OS_IPHONE
519
520 ok = __SCHelperSessionSetAuthorization(session, data);
521
522 #else //!TARGET_OS_IPHONE
523
524 CFStringRef authorizationInfo = NULL;
525
526 if ((data != NULL) && !_SCUnserializeString(&authorizationInfo, data, NULL, 0)) {
527 return FALSE;
528 }
529
530 if (!isA_CFString(authorizationInfo)) {
531 if (authorizationInfo != NULL) CFRelease(authorizationInfo);
532 return FALSE;
533 }
534
535 ok = __SCHelperSessionSetAuthorization(session, authorizationInfo);
536 if (authorizationInfo != NULL) CFRelease(authorizationInfo);
537
538 #endif // !TARGET_OS_IPHONE
539
540 *status = ok ? 0 : 1;
541 return TRUE;
542 }
543
544
545 #if !TARGET_OS_IPHONE
546
547
548 /*
549 * SCHELPER_MSG_KEYCHAIN_COPY
550 * (in) data = unique_id
551 * (out) status = SCError()
552 * (out) reply = password
553 */
554 static Boolean
555 do_keychain_copy(SCHelperSessionRef session, void *info, CFDataRef data, uint32_t *status, CFDataRef *reply)
556 {
557 Boolean ok = FALSE;
558 SCPreferencesRef prefs;
559 CFStringRef unique_id = NULL;
560
561 if ((data != NULL) && !_SCUnserializeString(&unique_id, data, NULL, 0)) {
562 return FALSE;
563 }
564
565 if (unique_id != NULL) {
566 if (isA_CFString(unique_id)) {
567 prefs = __SCHelperSessionGetPreferences(session);
568 *reply = _SCPreferencesSystemKeychainPasswordItemCopy(prefs, unique_id);
569 if (*reply == NULL) {
570 *status = SCError();
571 }
572 ok = TRUE;
573 }
574
575 CFRelease(unique_id);
576 }
577
578 return ok;
579 }
580
581
582 /*
583 * SCHELPER_MSG_KEYCHAIN_EXISTS
584 * (in) data = unique_id
585 * (out) status = SCError()
586 * (out) reply = N/A
587 */
588 static Boolean
589 do_keychain_exists(SCHelperSessionRef session, void *info, CFDataRef data, uint32_t *status, CFDataRef *reply)
590 {
591 Boolean ok = FALSE;
592 SCPreferencesRef prefs;
593 CFStringRef unique_id = NULL;
594
595 if ((data != NULL) && !_SCUnserializeString(&unique_id, data, NULL, 0)) {
596 return FALSE;
597 }
598
599 if (unique_id != NULL) {
600 if (isA_CFString(unique_id)) {
601 prefs = __SCHelperSessionGetPreferences(session);
602 ok = _SCPreferencesSystemKeychainPasswordItemExists(prefs, unique_id);
603 if (!ok) {
604 *status = SCError();
605 }
606 }
607
608 CFRelease(unique_id);
609 }
610
611 return ok;
612 }
613
614
615 /*
616 * SCHELPER_MSG_KEYCHAIN_REMOVE
617 * (in) data = unique_id
618 * (out) status = SCError()
619 * (out) reply = N/A
620 */
621 static Boolean
622 do_keychain_remove(SCHelperSessionRef session, void *info, CFDataRef data, uint32_t *status, CFDataRef *reply)
623 {
624 Boolean ok = FALSE;
625 SCPreferencesRef prefs;
626 CFStringRef unique_id = NULL;
627
628 if ((data != NULL) && !_SCUnserializeString(&unique_id, data, NULL, 0)) {
629 return FALSE;
630 }
631
632 if (unique_id != NULL) {
633 if (isA_CFString(unique_id)) {
634 prefs = __SCHelperSessionGetPreferences(session);
635 ok = _SCPreferencesSystemKeychainPasswordItemRemove(prefs, unique_id);
636 if (!ok) {
637 *status = SCError();
638 }
639 }
640
641 CFRelease(unique_id);
642 }
643
644 return ok;
645 }
646
647
648 /*
649 * SCHELPER_MSG_KEYCHAIN_SET
650 * (in) data = options dictionary
651 * (out) status = SCError()
652 * (out) reply = N/A
653 */
654 static Boolean
655 do_keychain_set(SCHelperSessionRef session, void *info, CFDataRef data, uint32_t *status, CFDataRef *reply)
656 {
657 CFStringRef account;
658 CFStringRef description;
659 CFArrayRef executablePaths = NULL;
660 CFStringRef label;
661 Boolean ok;
662 CFDictionaryRef options = NULL;
663 CFDataRef password;
664 SCPreferencesRef prefs;
665 CFStringRef unique_id;
666
667 if ((data != NULL) && !_SCUnserialize((CFPropertyListRef *)&options, data, NULL, 0)) {
668 return FALSE;
669 }
670
671 if (options != NULL) {
672 if (!isA_CFDictionary(options)) {
673 CFRelease(options);
674 return FALSE;
675 }
676 } else {
677 return FALSE;
678 }
679
680 if (CFDictionaryGetValueIfPresent(options,
681 kSCKeychainOptionsAllowedExecutables,
682 (const void **)&executablePaths)) {
683 CFMutableArrayRef executableURLs;
684 CFIndex i;
685 CFIndex n;
686 CFMutableDictionaryRef newOptions;
687
688 executableURLs = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
689 n = CFArrayGetCount(executablePaths);
690 for (i = 0; i < n; i++) {
691 CFDataRef path;
692 CFURLRef url;
693
694 path = CFArrayGetValueAtIndex(executablePaths, i);
695 url = CFURLCreateFromFileSystemRepresentation(NULL,
696 CFDataGetBytePtr(path),
697 CFDataGetLength(path),
698 FALSE);
699 if (url != NULL) {
700 CFArrayAppendValue(executableURLs, url);
701 CFRelease(url);
702 }
703 }
704
705 newOptions = CFDictionaryCreateMutableCopy(NULL, 0, options);
706 CFDictionarySetValue(newOptions, kSCKeychainOptionsAllowedExecutables, executableURLs);
707 CFRelease(executableURLs);
708
709 CFRelease(options);
710 options = newOptions;
711 }
712
713 unique_id = CFDictionaryGetValue(options, kSCKeychainOptionsUniqueID);
714 label = CFDictionaryGetValue(options, kSCKeychainOptionsLabel);
715 description = CFDictionaryGetValue(options, kSCKeychainOptionsDescription);
716 account = CFDictionaryGetValue(options, kSCKeychainOptionsAccount);
717 password = CFDictionaryGetValue(options, kSCKeychainOptionsPassword);
718
719 prefs = __SCHelperSessionGetPreferences(session);
720 ok = _SCPreferencesSystemKeychainPasswordItemSet(prefs,
721 unique_id,
722 label,
723 description,
724 account,
725 password,
726 options);
727 CFRelease(options);
728 if (!ok) {
729 *status = SCError();
730 }
731
732 return TRUE;
733 }
734
735
736 #endif // !TARGET_OS_IPHONE
737
738
739 /*
740 * SCHELPER_MSG_INTERFACE_REFRESH
741 * (in) data = ifName
742 * (out) status = SCError()
743 * (out) reply = N/A
744 */
745 static Boolean
746 do_interface_refresh(SCHelperSessionRef session, void *info, CFDataRef data, uint32_t *status, CFDataRef *reply)
747 {
748 CFStringRef ifName = NULL;
749 Boolean ok = FALSE;
750
751 if ((data != NULL) && !_SCUnserializeString(&ifName, data, NULL, 0)) {
752 SCLog(TRUE, LOG_ERR, CFSTR("interface name not valid"));
753 return FALSE;
754 }
755
756 if (ifName != NULL) {
757 if (isA_CFString(ifName)) {
758 ok = _SCNetworkInterfaceForceConfigurationRefresh(ifName);
759 if (!ok) {
760 *status = SCError();
761 }
762 }
763
764 CFRelease(ifName);
765 }
766
767 if (!ok) {
768 SCLog(TRUE, LOG_ERR, CFSTR("interface name not valid"));
769 }
770
771 return ok;
772 }
773
774
775 /*
776 * OPEN
777 * (in) data = prefsID
778 * (out) status = SCError()
779 * (out) reply = N/A
780 */
781 static Boolean
782 do_prefs_Open(SCHelperSessionRef session, void *info, CFDataRef data, uint32_t *status, CFDataRef *reply)
783 {
784 CFStringRef name;
785 CFDictionaryRef options;
786 CFNumberRef pid;
787 SCPreferencesRef prefs = __SCHelperSessionGetPreferences(session);
788 CFDictionaryRef prefsInfo = NULL;
789 CFStringRef prefsID;
790 CFStringRef prefsName;
791 CFStringRef proc_name;
792
793 if (prefs != NULL) {
794 return FALSE;
795 }
796
797 if ((data != NULL) && !_SCUnserialize((CFPropertyListRef *)&prefsInfo, data, NULL, 0)) {
798 SCLog(TRUE, LOG_ERR, CFSTR("data not valid, %@"), data);
799 return FALSE;
800 }
801
802 if ((prefsInfo == NULL) || !isA_CFDictionary(prefsInfo)) {
803 SCLog(TRUE, LOG_ERR, CFSTR("info not valid"));
804 if (prefsInfo != NULL) CFRelease(prefsInfo);
805 return FALSE;
806 }
807
808 // get [optional] prefsID
809 prefsID = CFDictionaryGetValue(prefsInfo, CFSTR("prefsID"));
810 prefsID = isA_CFString(prefsID);
811 if (prefsID != NULL) {
812 if (CFStringHasPrefix(prefsID, CFSTR("/")) ||
813 CFStringHasPrefix(prefsID, CFSTR("../")) ||
814 CFStringHasSuffix(prefsID, CFSTR("/..")) ||
815 (CFStringFind(prefsID, CFSTR("/../"), 0).location != kCFNotFound)) {
816 // if we're trying to escape from the preferences directory
817 SCLog(TRUE, LOG_ERR, CFSTR("prefsID (%@) not valid"), prefsID);
818 CFRelease(prefsInfo);
819 *status = kSCStatusInvalidArgument;
820 return TRUE;
821 }
822 }
823
824 // get [optional] options
825 options = CFDictionaryGetValue(prefsInfo, CFSTR("options"));
826 options = isA_CFDictionary(options);
827
828 // get preferences session "name"
829 name = CFDictionaryGetValue(prefsInfo, CFSTR("name"));
830 if (!isA_CFString(name)) {
831 SCLog(TRUE, LOG_ERR, CFSTR("session \"name\" not valid"));
832 CFRelease(prefsInfo);
833 return FALSE;
834 }
835
836 // get PID of caller
837 pid = CFDictionaryGetValue(prefsInfo, CFSTR("PID"));
838 if (!isA_CFNumber(pid)) {
839 SCLog(TRUE, LOG_ERR, CFSTR("PID not valid"));
840 CFRelease(prefsInfo);
841 return FALSE;
842 }
843
844 // get process name of caller
845 proc_name = CFDictionaryGetValue(prefsInfo, CFSTR("PROC_NAME"));
846 if (!isA_CFString(proc_name)) {
847 SCLog(TRUE, LOG_ERR, CFSTR("process name not valid"));
848 CFRelease(prefsInfo);
849 return FALSE;
850 }
851
852 // build [helper] preferences "name" (used for debugging) and estabish
853 // a preferences session.
854 prefsName = CFStringCreateWithFormat(NULL, NULL,
855 CFSTR("%@(%@):%@"),
856 proc_name,
857 pid,
858 name);
859
860 prefs = SCPreferencesCreateWithOptions(NULL, prefsName, prefsID, NULL, options);
861 CFRelease(prefsName);
862 CFRelease(prefsInfo);
863
864 __SCHelperSessionSetPreferences(session, prefs);
865
866 if (prefs != NULL) {
867 #ifdef NOTYET
868 Boolean ok;
869 CFRunLoopRef rl = CFRunLoopGetCurrent();
870
871 // [temporarily] schedule notifications to ensure that we can use
872 // the SCDynamicStore to track helper sessions
873 ok = SCPreferencesScheduleWithRunLoop(prefs, rl, kCFRunLoopDefaultMode);
874 if (ok) {
875 (void)SCPreferencesUnscheduleFromRunLoop(prefs, rl, kCFRunLoopDefaultMode);
876 }
877 #endif // NOTYET
878
879 // the session now holds a references to the SCPreferencesRef
880 CFRelease(prefs);
881 } else {
882 *status = SCError();
883 }
884
885 return TRUE;
886 }
887
888
889 /*
890 * ACCESS
891 * (in) data = N/A
892 * (out) status = SCError()
893 * (out) reply = current signature + current preferences
894 */
895 static Boolean
896 do_prefs_Access(SCHelperSessionRef session, void *info, CFDataRef data, uint32_t *status, CFDataRef *reply)
897 {
898 Boolean ok;
899 SCPreferencesRef prefs = __SCHelperSessionGetPreferences(session);
900 CFDataRef signature;
901
902 if (prefs == NULL) {
903 return FALSE;
904 }
905
906 signature = SCPreferencesGetSignature(prefs);
907 if (signature != NULL) {
908 const void * dictKeys[2];
909 const void * dictVals[2];
910 SCPreferencesPrivateRef prefsPrivate = (SCPreferencesPrivateRef)prefs;
911 CFDictionaryRef replyDict;
912
913 dictKeys[0] = CFSTR("signature");
914 dictVals[0] = signature;
915
916 dictKeys[1] = CFSTR("preferences");
917 dictVals[1] = prefsPrivate->prefs;
918
919 replyDict = CFDictionaryCreate(NULL,
920 (const void **)&dictKeys,
921 (const void **)&dictVals,
922 sizeof(dictKeys)/sizeof(dictKeys[0]),
923 &kCFTypeDictionaryKeyCallBacks,
924 &kCFTypeDictionaryValueCallBacks);
925
926 ok = _SCSerialize(replyDict, reply, NULL, NULL);
927 CFRelease(replyDict);
928 if (!ok) {
929 return FALSE;
930 }
931 } else {
932 *status = SCError();
933 }
934
935 return TRUE;
936 }
937
938
939 /*
940 * LOCK
941 * (in) data = client prefs signature (NULL if check not needed)
942 * (out) status = SCError()
943 * (out) reply = N/A
944 */
945 static Boolean
946 do_prefs_Lock(SCHelperSessionRef session, void *info, CFDataRef data, uint32_t *status, CFDataRef *reply)
947 {
948 CFDataRef clientSignature = (CFDataRef)data;
949 Boolean ok;
950 SCPreferencesRef prefs = __SCHelperSessionGetPreferences(session);
951 Boolean wait = (info == (void *)FALSE) ? FALSE : TRUE;
952
953 if (prefs == NULL) {
954 return FALSE;
955 }
956
957 ok = SCPreferencesLock(prefs, wait);
958 if (!ok) {
959 *status = SCError();
960 return TRUE;
961 }
962
963 if (clientSignature != NULL) {
964 CFDataRef serverSignature;
965
966 serverSignature = SCPreferencesGetSignature(prefs);
967 if (!CFEqual(clientSignature, serverSignature)) {
968 (void)SCPreferencesUnlock(prefs);
969 *status = kSCStatusStale;
970 }
971 }
972
973 return TRUE;
974 }
975
976
977 /*
978 * COMMIT
979 * (in) data = new preferences (NULL if commit w/no changes)
980 * (out) status = SCError()
981 * (out) reply = new signature
982 */
983 static Boolean
984 do_prefs_Commit(SCHelperSessionRef session, void *info, CFDataRef data, uint32_t *status, CFDataRef *reply)
985 {
986 Boolean ok;
987 SCPreferencesRef prefs = __SCHelperSessionGetPreferences(session);
988 CFPropertyListRef prefsData = NULL;
989 SCPreferencesPrivateRef prefsPrivate = (SCPreferencesPrivateRef)prefs;
990 CFArrayRef vpnFilter;
991
992 if (prefs == NULL) {
993 return FALSE;
994 }
995
996 if (data != NULL) {
997 ok = _SCUnserialize(&prefsData, data, NULL, 0);
998 if (!ok) {
999 return FALSE;
1000 }
1001
1002 if (!isA_CFDictionary(prefsData)) {
1003 *status = kSCStatusFailed;
1004 ok = FALSE;
1005 goto done;
1006 }
1007 }
1008
1009 vpnFilter = __SCHelperSessionGetVPNFilter(session);
1010 if (vpnFilter != NULL) {
1011 ok = FALSE;
1012
1013 if ((prefsPrivate->prefs != NULL) && (prefsData != NULL)) {
1014 CFIndex c;
1015 CFMutableDictionaryRef prefsNew = NULL;
1016 CFMutableDictionaryRef prefsOld = NULL;
1017 CFMutableDictionaryRef prefsSave = prefsPrivate->prefs;
1018 CFRange range = CFRangeMake(0, CFArrayGetCount(vpnFilter));
1019
1020 for (c = 0; c < 2; c++) {
1021 CFArrayRef services;
1022
1023 switch (c) {
1024 case 0 :
1025 prefsPrivate->prefs = CFDictionaryCreateMutableCopy(NULL, 0, prefsSave);
1026 break;
1027 case 1 :
1028 prefsPrivate->prefs = CFDictionaryCreateMutableCopy(NULL, 0, prefsData);
1029 break;
1030 }
1031
1032 // filter out VPN services of the specified type
1033 services = SCNetworkServiceCopyAll(prefs);
1034 if (services != NULL) {
1035 CFIndex i;
1036 CFIndex n = CFArrayGetCount(services);
1037
1038 for (i = 0; i < n; i++) {
1039 SCNetworkServiceRef service;
1040
1041 service = CFArrayGetValueAtIndex(services, i);
1042 if (_SCNetworkServiceIsVPN(service)) {
1043 SCNetworkInterfaceRef child;
1044 CFStringRef childType = NULL;
1045 SCNetworkInterfaceRef interface;
1046 CFStringRef interfaceType;
1047
1048 interface = SCNetworkServiceGetInterface(service);
1049 interfaceType = SCNetworkInterfaceGetInterfaceType(interface);
1050 child = SCNetworkInterfaceGetInterface(interface);
1051 if (child != NULL) {
1052 childType = SCNetworkInterfaceGetInterfaceType(child);
1053 }
1054 if (CFEqual(interfaceType, kSCNetworkInterfaceTypeVPN) &&
1055 (childType != NULL) &&
1056 CFArrayContainsValue(vpnFilter, range, childType)) {
1057 // filter out VPN service
1058 (void) SCNetworkServiceRemove(service);
1059 } else {
1060 // mark all other VPN services "enabled"
1061 (void) SCNetworkServiceSetEnabled(service, TRUE);
1062 }
1063 }
1064 }
1065
1066 CFRelease(services);
1067 }
1068
1069 switch (c) {
1070 case 0 :
1071 prefsOld = prefsPrivate->prefs;
1072 break;
1073 case 1 :
1074 prefsNew = prefsPrivate->prefs;
1075 break;
1076 }
1077 }
1078
1079 // compare the filtered configurations
1080 ok = _SC_CFEqual(prefsOld, prefsNew);
1081
1082 // clean up
1083 if (prefsOld != NULL) CFRelease(prefsOld);
1084 if (prefsNew != NULL) CFRelease(prefsNew);
1085 prefsPrivate->prefs = prefsSave;
1086 }
1087
1088 if (!ok) {
1089 *status = kSCStatusAccessError;
1090 goto done;
1091 }
1092 }
1093
1094 if (prefsData != NULL) {
1095 if (prefsPrivate->prefs != NULL) {
1096 CFRelease(prefsPrivate->prefs);
1097 }
1098 prefsPrivate->prefs = CFDictionaryCreateMutableCopy(NULL, 0, prefsData);
1099 prefsPrivate->accessed = TRUE;
1100 prefsPrivate->changed = TRUE;
1101 }
1102
1103 ok = SCPreferencesCommitChanges(prefs);
1104 if (ok) {
1105 *reply = SCPreferencesGetSignature(prefs);
1106 CFRetain(*reply);
1107 } else {
1108 *status = SCError();
1109 }
1110
1111 done :
1112
1113 if (prefsData != NULL) CFRelease(prefsData);
1114 return ok;
1115 }
1116
1117
1118 /*
1119 * APPLY
1120 * (in) data = N/A
1121 * (out) status = SCError()
1122 * (out) reply = N/A
1123 */
1124 static Boolean
1125 do_prefs_Apply(SCHelperSessionRef session, void *info, CFDataRef data, uint32_t *status, CFDataRef *reply)
1126 {
1127 Boolean ok;
1128 SCPreferencesRef prefs = __SCHelperSessionGetPreferences(session);
1129
1130 if (prefs == NULL) {
1131 return FALSE;
1132 }
1133
1134 ok = SCPreferencesApplyChanges(prefs);
1135 if (!ok) {
1136 *status = SCError();
1137 }
1138
1139 return TRUE;
1140 }
1141
1142
1143 /*
1144 * UNLOCK
1145 * (in) data = N/A
1146 * (out) status = SCError()
1147 * (out) reply = N/A
1148 */
1149 static Boolean
1150 do_prefs_Unlock(SCHelperSessionRef session, void *info, CFDataRef data, uint32_t *status, CFDataRef *reply)
1151 {
1152 Boolean ok;
1153 SCPreferencesRef prefs = __SCHelperSessionGetPreferences(session);
1154
1155 if (prefs == NULL) {
1156 return FALSE;
1157 }
1158
1159 ok = SCPreferencesUnlock(prefs);
1160 if (!ok) {
1161 *status = SCError();
1162 }
1163
1164 return TRUE;
1165 }
1166
1167
1168 /*
1169 * CLOSE
1170 * (in) data = N/A
1171 * (out) status = SCError()
1172 * (out) reply = N/A
1173 */
1174 static Boolean
1175 do_prefs_Close(SCHelperSessionRef session, void *info, CFDataRef data, uint32_t *status, CFDataRef *reply)
1176 {
1177 SCPreferencesRef prefs = __SCHelperSessionGetPreferences(session);
1178
1179 if (prefs == NULL) {
1180 return FALSE;
1181 }
1182
1183 __SCHelperSessionSetPreferences(session, NULL);
1184 *status = -1;
1185 return TRUE;
1186 }
1187
1188
1189 /*
1190 * SYNCHRONIZE
1191 * (in) data = N/A
1192 * (out) status = kSCStatusOK
1193 * (out) reply = N/A
1194 */
1195 static Boolean
1196 do_prefs_Synchronize(SCHelperSessionRef session, void *info, CFDataRef data, uint32_t *status, CFDataRef *reply)
1197 {
1198 SCPreferencesRef prefs = __SCHelperSessionGetPreferences(session);
1199
1200 if (prefs == NULL) {
1201 return FALSE;
1202 }
1203
1204 SCPreferencesSynchronize(prefs);
1205 *status = kSCStatusOK;
1206 return TRUE;
1207 }
1208
1209
1210 #pragma mark -
1211 #pragma mark Process commands
1212
1213
1214 #if TARGET_OS_IPHONE
1215
1216 #include <Security/Security.h>
1217 #include <Security/SecTask.h>
1218
1219 static CFStringRef
1220 sessionName(SCHelperSessionRef session)
1221 {
1222 CFStringRef name = NULL;
1223 SCPreferencesRef prefs;
1224
1225 prefs = __SCHelperSessionGetPreferences(session);
1226 if (prefs != NULL) {
1227 SCPreferencesPrivateRef prefsPrivate = (SCPreferencesPrivateRef)prefs;
1228
1229 name = prefsPrivate->name;
1230 }
1231
1232 return (name != NULL) ? name : CFSTR("???");
1233 }
1234
1235
1236 static CFTypeRef
1237 copyEntitlement(SCHelperSessionRef session, CFStringRef entitlement)
1238 {
1239 SCHelperSessionPrivateRef sessionPrivate = (SCHelperSessionPrivateRef)session;
1240 SecTaskRef task;
1241 CFTypeRef value = NULL;
1242
1243 // Create the security task from the audit token
1244 task = SecTaskCreateWithAuditToken(NULL, sessionPrivate->auditToken);
1245 if (task != NULL) {
1246 CFErrorRef error = NULL;
1247
1248 // Get the value for the entitlement
1249 value = SecTaskCopyValueForEntitlement(task, entitlement, &error);
1250 if ((value == NULL) && (error != NULL)) {
1251 CFIndex code = CFErrorGetCode(error);
1252 CFStringRef domain = CFErrorGetDomain(error);
1253
1254 if (!CFEqual(domain, kCFErrorDomainMach) ||
1255 ((code != kIOReturnInvalid) && (code != kIOReturnNotFound))) {
1256 // if unexpected error
1257 SCLog(TRUE, LOG_ERR,
1258 CFSTR("SecTaskCopyValueForEntitlement(,\"%@\",) failed, error = %@ : %@"),
1259 entitlement,
1260 error,
1261 sessionName(session));
1262 }
1263 CFRelease(error);
1264 }
1265
1266 CFRelease(task);
1267 } else {
1268 SCLog(TRUE, LOG_ERR,
1269 CFSTR("SecTaskCreateWithAuditToken() failed: %@"),
1270 sessionName(session));
1271 }
1272
1273 return value;
1274 }
1275
1276 #endif // TARGET_OS_IPHONE
1277
1278
1279
1280
1281 static Boolean
1282 hasAuthorization(SCHelperSessionRef session)
1283 {
1284 AuthorizationRef authorization = __SCHelperSessionGetAuthorization(session);
1285
1286 if (authorization == NULL) {
1287 return FALSE;
1288 }
1289
1290 #if !TARGET_OS_IPHONE
1291 AuthorizationFlags flags;
1292 AuthorizationItem items[1];
1293 AuthorizationRights rights;
1294 OSStatus status;
1295
1296 items[0].name = "system.preferences";
1297 items[0].value = NULL;
1298 items[0].valueLength = 0;
1299 items[0].flags = 0;
1300
1301 rights.count = sizeof(items) / sizeof(items[0]);
1302 rights.items = items;
1303
1304 flags = kAuthorizationFlagDefaults;
1305 flags |= kAuthorizationFlagExtendRights;
1306 flags |= kAuthorizationFlagInteractionAllowed;
1307 // flags |= kAuthorizationFlagPartialRights;
1308 // flags |= kAuthorizationFlagPreAuthorize;
1309
1310 status = AuthorizationCopyRights(authorization,
1311 &rights,
1312 kAuthorizationEmptyEnvironment,
1313 flags,
1314 NULL);
1315 if (status != errAuthorizationSuccess) {
1316 return FALSE;
1317 }
1318
1319 return TRUE;
1320 #else // !TARGET_OS_IPHONE
1321 SCHelperSessionPrivateRef sessionPrivate = (SCHelperSessionPrivateRef)session;
1322
1323 if (sessionPrivate->callerWriteAccess == UNKNOWN) {
1324 CFArrayRef entitlement;
1325 CFStringRef prefsID;
1326 SCPreferencesPrivateRef prefsPrivate;
1327
1328 // assume that the client DOES NOT have the entitlement
1329 sessionPrivate->callerWriteAccess = NO;
1330
1331 prefsPrivate = (SCPreferencesPrivateRef)sessionPrivate->prefs;
1332 prefsID = (prefsPrivate->prefsID != NULL) ? prefsPrivate->prefsID : PREFS_DEFAULT_CONFIG;
1333
1334 entitlement = copyEntitlement(session, kSCWriteEntitlementName);
1335 if (entitlement != NULL) {
1336 if (isA_CFArray(entitlement)) {
1337 if (CFArrayContainsValue(entitlement,
1338 CFRangeMake(0, CFArrayGetCount(entitlement)),
1339 prefsID)) {
1340 // if client DOES have entitlement
1341 sessionPrivate->callerWriteAccess = YES;
1342 }
1343 } else {
1344 SCLog(TRUE, LOG_ERR,
1345 CFSTR("hasAuthorization: entitlement not valid: %@"),
1346 sessionName(session));
1347 }
1348
1349 CFRelease(entitlement);
1350 }
1351
1352 // make an exception for VPN configuration management
1353 if (sessionPrivate->callerWriteAccess != YES) {
1354 entitlement = copyEntitlement(session, kSCVPNFilterEntitlementName);
1355 if (entitlement != NULL) {
1356 if (isA_CFArray(entitlement)) {
1357 if (CFEqual(prefsID, PREFS_DEFAULT_CONFIG)) {
1358 // save the VPN bundle identifiers
1359 __SCHelperSessionSetVPNFilter(session, entitlement);
1360
1361 // and grant a "filtered" exception
1362 sessionPrivate->callerWriteAccess = YES;
1363 } else if (CFStringHasPrefix(prefsID, CFSTR("VPN-")) &&
1364 CFStringHasSuffix(prefsID, CFSTR(".plist"))) {
1365 CFRange range;
1366 CFStringRef vpnID;
1367
1368 range.location = sizeof("VPN-") - 1;
1369 range.length = CFStringGetLength(prefsID)
1370 - (sizeof("VPN-") - 1) // trim VPN-
1371 - (sizeof(".plist") - 1); // trim .plist
1372 vpnID = CFStringCreateWithSubstring(NULL, prefsID, range);
1373 if (CFArrayContainsValue(entitlement,
1374 CFRangeMake(0, CFArrayGetCount(entitlement)),
1375 vpnID)) {
1376 // grant an exception
1377 sessionPrivate->callerWriteAccess = YES;
1378 }
1379 CFRelease(vpnID);
1380 }
1381 }
1382
1383 CFRelease(entitlement);
1384 }
1385 }
1386
1387 if (sessionPrivate->callerWriteAccess != YES) {
1388 SCLog(TRUE, LOG_ERR,
1389 CFSTR("SCPreferences write access to \"%@\" denied, no entitlement for \"%@\""),
1390 prefsID,
1391 sessionName(session));
1392 }
1393 }
1394
1395 return (sessionPrivate->callerWriteAccess == YES) ? TRUE : FALSE;
1396 #endif // TARGET_OS_IPHONE
1397 }
1398
1399
1400 typedef Boolean (*helperFunction) (SCHelperSessionRef session,
1401 void *info,
1402 CFDataRef data,
1403 uint32_t *status,
1404 CFDataRef *reply);
1405
1406
1407 static const struct helper {
1408 int command;
1409 const char *commandName;
1410 Boolean needsAuthorization;
1411 helperFunction func;
1412 void *info;
1413 } helpers[] = {
1414 { SCHELPER_MSG_AUTH, "AUTH", FALSE, do_Auth , NULL },
1415
1416 { SCHELPER_MSG_PREFS_OPEN, "PREFS open", FALSE, do_prefs_Open , NULL },
1417 { SCHELPER_MSG_PREFS_ACCESS, "PREFS access", TRUE, do_prefs_Access , NULL },
1418 { SCHELPER_MSG_PREFS_LOCK, "PREFS lock", TRUE, do_prefs_Lock , (void *)FALSE },
1419 { SCHELPER_MSG_PREFS_LOCKWAIT, "PREFS lock/wait", TRUE, do_prefs_Lock , (void *)TRUE },
1420 { SCHELPER_MSG_PREFS_COMMIT, "PREFS commit", TRUE, do_prefs_Commit , NULL },
1421 { SCHELPER_MSG_PREFS_APPLY, "PREFS apply", TRUE, do_prefs_Apply , NULL },
1422 { SCHELPER_MSG_PREFS_UNLOCK, "PREFS unlock", FALSE, do_prefs_Unlock , NULL },
1423 { SCHELPER_MSG_PREFS_CLOSE, "PREFS close", FALSE, do_prefs_Close , NULL },
1424 { SCHELPER_MSG_PREFS_SYNCHRONIZE, "PREFS synchronize", FALSE, do_prefs_Synchronize , NULL },
1425
1426 { SCHELPER_MSG_INTERFACE_REFRESH, "INTERFACE refresh", TRUE, do_interface_refresh , NULL },
1427
1428 #if !TARGET_OS_IPHONE
1429 { SCHELPER_MSG_KEYCHAIN_COPY, "KEYCHAIN copy", TRUE, do_keychain_copy , NULL },
1430 { SCHELPER_MSG_KEYCHAIN_EXISTS, "KEYCHAIN exists", TRUE, do_keychain_exists , NULL },
1431 { SCHELPER_MSG_KEYCHAIN_REMOVE, "KEYCHAIN remove", TRUE, do_keychain_remove , NULL },
1432 { SCHELPER_MSG_KEYCHAIN_SET, "KEYCHAIN set", TRUE, do_keychain_set , NULL },
1433 #endif // !TARGET_OS_IPHONE
1434
1435 { SCHELPER_MSG_EXIT, "EXIT", FALSE, do_Exit , NULL }
1436 };
1437 #define nHELPERS (sizeof(helpers)/sizeof(struct helper))
1438
1439
1440 static int
1441 findCommand(uint32_t command)
1442 {
1443 int i;
1444
1445 for (i = 0; i < (int)nHELPERS; i++) {
1446 if (helpers[i].command == command) {
1447 return i;
1448 }
1449 }
1450
1451 return -1;
1452 }
1453
1454
1455 static void *
1456 newHelper(void *arg)
1457 {
1458 CFRunLoopSourceRef rls = NULL;
1459 SCHelperSessionRef session = (SCHelperSessionRef)arg;
1460 SCHelperSessionPrivateRef sessionPrivate = (SCHelperSessionPrivateRef)session;
1461
1462 __SCHelperSessionSetThreadName(session);
1463
1464 rls = CFMachPortCreateRunLoopSource(NULL, sessionPrivate->mp, 0);
1465 CFRelease(sessionPrivate->mp);
1466
1467 if (rls != NULL) {
1468 CFRunLoopAddSource(CFRunLoopGetCurrent(), rls, kCFRunLoopDefaultMode);
1469 CFRelease(rls);
1470
1471 SCLog(debug, LOG_DEBUG, CFSTR("%p : start"), session);
1472 CFRunLoopRun();
1473 SCLog(debug, LOG_DEBUG, CFSTR("%p : stop"), session);
1474 }
1475
1476 return NULL;
1477 }
1478
1479
1480 #pragma mark -
1481 #pragma mark Main loop
1482
1483
1484 // MiG generated externals and functions
1485 extern struct mig_subsystem _helper_subsystem;
1486 extern boolean_t helper_server(mach_msg_header_t *, mach_msg_header_t *);
1487
1488
1489 static
1490 boolean_t
1491 notify_server(mach_msg_header_t *request, mach_msg_header_t *reply)
1492 {
1493 mach_no_senders_notification_t *Request = (mach_no_senders_notification_t *)request;
1494 mig_reply_error_t *Reply = (mig_reply_error_t *)reply;
1495
1496 reply->msgh_bits = MACH_MSGH_BITS(MACH_MSGH_BITS_REMOTE(request->msgh_bits), 0);
1497 reply->msgh_remote_port = request->msgh_remote_port;
1498 reply->msgh_size = sizeof(mig_reply_error_t); /* Minimal size: update as needed */
1499 reply->msgh_local_port = MACH_PORT_NULL;
1500 reply->msgh_id = request->msgh_id + 100;
1501
1502 if ((Request->not_header.msgh_id > MACH_NOTIFY_LAST) ||
1503 (Request->not_header.msgh_id < MACH_NOTIFY_FIRST)) {
1504 Reply->NDR = NDR_record;
1505 Reply->RetCode = MIG_BAD_ID;
1506 return FALSE; /* if this is not a notification message */
1507 }
1508
1509 switch (Request->not_header.msgh_id) {
1510 case MACH_NOTIFY_NO_SENDERS : {
1511 SCHelperSessionRef session;
1512
1513 __MACH_PORT_DEBUG(TRUE, "*** notify_server MACH_NOTIFY_NO_SENDERS", Request->not_header.msgh_local_port);
1514
1515 // clean up session
1516 session = __SCHelperSessionFindWithPort(Request->not_header.msgh_local_port);
1517 if (session != NULL) {
1518 SCHelperSessionPrivateRef sessionPrivate = (SCHelperSessionPrivateRef)session;
1519
1520 // release CFMachPort *and* SCHelperSession
1521 CFMachPortInvalidate(sessionPrivate->mp);
1522 }
1523
1524 __MACH_PORT_DEBUG(TRUE, "*** notify_server after invalidate", Request->not_header.msgh_local_port);
1525
1526 // and, lastly, remove our receive right.
1527 (void) mach_port_mod_refs(mach_task_self(),
1528 Request->not_header.msgh_local_port,
1529 MACH_PORT_RIGHT_RECEIVE, -1);
1530
1531 Reply->Head.msgh_bits = 0;
1532 Reply->Head.msgh_remote_port = MACH_PORT_NULL;
1533 Reply->RetCode = KERN_SUCCESS;
1534 return TRUE;
1535 }
1536
1537 default :
1538 break;
1539 }
1540
1541 SCLog(TRUE, LOG_ERR, CFSTR("HELP!, Received notification: port=%d, msgh_id=%d"),
1542 Request->not_header.msgh_local_port,
1543 Request->not_header.msgh_id);
1544
1545 Reply->NDR = NDR_record;
1546 Reply->RetCode = MIG_BAD_ID;
1547 return FALSE; /* if this is not a notification we are handling */
1548 }
1549
1550
1551 __private_extern__
1552 boolean_t
1553 helper_demux(mach_msg_header_t *request, mach_msg_header_t *reply)
1554 {
1555 Boolean processed = FALSE;
1556
1557 /*
1558 * (attempt to) process SCHelper requests.
1559 */
1560 processed = helper_server(request, reply);
1561 if (processed) {
1562 return TRUE;
1563 }
1564
1565 /*
1566 * (attempt to) process (NO MORE SENDERS) notification messages.
1567 */
1568 processed = notify_server(request, reply);
1569 if (processed) {
1570 return TRUE;
1571 }
1572
1573 /*
1574 * unknown message ID, log and return an error.
1575 */
1576 SCLog(TRUE, LOG_ERR, CFSTR("helper_demux(): unknown message ID (%d) received"), request->msgh_id);
1577 reply->msgh_bits = MACH_MSGH_BITS(MACH_MSGH_BITS_REMOTE(request->msgh_bits), 0);
1578 reply->msgh_remote_port = request->msgh_remote_port;
1579 reply->msgh_size = sizeof(mig_reply_error_t); /* Minimal size */
1580 reply->msgh_local_port = MACH_PORT_NULL;
1581 reply->msgh_id = request->msgh_id + 100;
1582 ((mig_reply_error_t *)reply)->NDR = NDR_record;
1583 ((mig_reply_error_t *)reply)->RetCode = MIG_BAD_ID;
1584
1585 return FALSE;
1586 }
1587
1588
1589 #define MACH_MSG_BUFFER_SIZE 128
1590
1591
1592 static void
1593 helperCallback(CFMachPortRef port, void *msg, CFIndex size, void *info)
1594 {
1595 mig_reply_error_t * bufRequest = msg;
1596 uint32_t bufReply_q[MACH_MSG_BUFFER_SIZE/sizeof(uint32_t)];
1597 mig_reply_error_t * bufReply = (mig_reply_error_t *)bufReply_q;
1598 static CFIndex bufSize = 0;
1599 mach_msg_return_t mr;
1600 int options;
1601
1602 if (bufSize == 0) {
1603 // get max size for MiG reply buffers
1604 bufSize = _helper_subsystem.maxsize;
1605
1606 // check if our on-the-stack reply buffer will be big enough
1607 if (bufSize > sizeof(bufReply_q)) {
1608 SCLog(TRUE, LOG_NOTICE,
1609 CFSTR("helperCallback(): buffer size should be increased > %d"),
1610 _helper_subsystem.maxsize);
1611 }
1612 }
1613
1614 if (bufSize > sizeof(bufReply_q)) {
1615 bufReply = CFAllocatorAllocate(NULL, _helper_subsystem.maxsize, 0);
1616 }
1617 bufReply->RetCode = 0;
1618
1619 /* we have a request message */
1620 (void) helper_demux(&bufRequest->Head, &bufReply->Head);
1621
1622 if (!(bufReply->Head.msgh_bits & MACH_MSGH_BITS_COMPLEX)) {
1623 if (bufReply->RetCode == MIG_NO_REPLY) {
1624 bufReply->Head.msgh_remote_port = MACH_PORT_NULL;
1625 } else if ((bufReply->RetCode != KERN_SUCCESS) &&
1626 (bufRequest->Head.msgh_bits & MACH_MSGH_BITS_COMPLEX)) {
1627 /*
1628 * destroy the request - but not the reply port
1629 */
1630 bufRequest->Head.msgh_remote_port = MACH_PORT_NULL;
1631 mach_msg_destroy(&bufRequest->Head);
1632 }
1633 }
1634
1635 if (bufReply->Head.msgh_remote_port != MACH_PORT_NULL) {
1636 /*
1637 * send reply.
1638 *
1639 * We don't want to block indefinitely because the client
1640 * isn't receiving messages from the reply port.
1641 * If we have a send-once right for the reply port, then
1642 * this isn't a concern because the send won't block.
1643 * If we have a send right, we need to use MACH_SEND_TIMEOUT.
1644 * To avoid falling off the kernel's fast RPC path unnecessarily,
1645 * we only supply MACH_SEND_TIMEOUT when absolutely necessary.
1646 */
1647
1648 options = MACH_SEND_MSG;
1649 if (MACH_MSGH_BITS_REMOTE(bufReply->Head.msgh_bits) != MACH_MSG_TYPE_MOVE_SEND_ONCE) {
1650 options |= MACH_SEND_TIMEOUT;
1651 }
1652 mr = mach_msg(&bufReply->Head, /* msg */
1653 options, /* option */
1654 bufReply->Head.msgh_size, /* send_size */
1655 0, /* rcv_size */
1656 MACH_PORT_NULL, /* rcv_name */
1657 MACH_MSG_TIMEOUT_NONE, /* timeout */
1658 MACH_PORT_NULL); /* notify */
1659
1660 /* Has a message error occurred? */
1661 switch (mr) {
1662 case MACH_SEND_INVALID_DEST:
1663 case MACH_SEND_TIMED_OUT:
1664 break;
1665 default :
1666 /* Includes success case. */
1667 goto done;
1668 }
1669 }
1670
1671 if (bufReply->Head.msgh_bits & MACH_MSGH_BITS_COMPLEX) {
1672 mach_msg_destroy(&bufReply->Head);
1673 }
1674
1675 done :
1676
1677 if (bufReply != (mig_reply_error_t *)bufReply_q)
1678 CFAllocatorDeallocate(NULL, bufReply);
1679 return;
1680 }
1681
1682
1683 static CFStringRef
1684 initMPCopyDescription(const void *info)
1685 {
1686 return CFStringCreateWithFormat(NULL, NULL, CFSTR("<SCHelper MP>"));
1687 }
1688
1689
1690 __private_extern__
1691 kern_return_t
1692 _helperinit(mach_port_t server,
1693 mach_port_t *newSession,
1694 uint32_t *status,
1695 audit_token_t audit_token)
1696 {
1697 CFMachPortContext context = { 0
1698 , NULL
1699 , CFRetain
1700 , CFRelease
1701 , initMPCopyDescription
1702 };
1703 kern_return_t kr;
1704 mach_port_t oldNotify;
1705 SCHelperSessionRef session;
1706 SCHelperSessionPrivateRef sessionPrivate;
1707 pthread_attr_t tattr;
1708 pthread_t tid;
1709
1710 session = __SCHelperSessionFindWithPort(server);
1711 if (session != NULL) {
1712 #ifdef DEBUG
1713 SCLog(TRUE, LOG_DEBUG, CFSTR("_helperinit(): session is already open."));
1714 #endif /* DEBUG */
1715 *status = kSCStatusFailed; /* you can't re-open an "open" session */
1716 return KERN_SUCCESS;
1717 }
1718
1719 session = __SCHelperSessionCreate(NULL);
1720 sessionPrivate = (SCHelperSessionPrivateRef)session;
1721
1722 // create per-session port
1723 (void) mach_port_allocate(mach_task_self(),
1724 MACH_PORT_RIGHT_RECEIVE,
1725 &sessionPrivate->port);
1726 *newSession = sessionPrivate->port;
1727
1728 //
1729 // Note: we create the CFMachPort *before* we insert a send
1730 // right present to ensure that CF does not establish
1731 // its dead name notification.
1732 //
1733 context.info = (void *)session;
1734 sessionPrivate->mp = _SC_CFMachPortCreateWithPort("SCHelper/session",
1735 *newSession,
1736 helperCallback,
1737 &context);
1738
1739 /* Request a notification when/if the client dies */
1740 kr = mach_port_request_notification(mach_task_self(),
1741 *newSession,
1742 MACH_NOTIFY_NO_SENDERS,
1743 1,
1744 *newSession,
1745 MACH_MSG_TYPE_MAKE_SEND_ONCE,
1746 &oldNotify);
1747 if (kr != KERN_SUCCESS) {
1748 SCLog(TRUE, LOG_ERR, CFSTR("_helperinit() mach_port_request_notification() failed: %s"), mach_error_string(kr));
1749
1750 // clean up CFMachPort, mach port rights
1751 CFMachPortInvalidate(sessionPrivate->mp);
1752 CFRelease(sessionPrivate->mp);
1753 sessionPrivate->mp = NULL;
1754 (void) mach_port_mod_refs(mach_task_self(), *newSession, MACH_PORT_RIGHT_RECEIVE, -1);
1755 *newSession = MACH_PORT_NULL;
1756 *status = kSCStatusFailed;
1757 goto done;
1758 }
1759
1760 if (oldNotify != MACH_PORT_NULL) {
1761 SCLog(TRUE, LOG_ERR, CFSTR("_helperinit(): oldNotify != MACH_PORT_NULL"));
1762 }
1763
1764 // add send right (that will be passed back to the client)
1765 (void) mach_port_insert_right(mach_task_self(),
1766 *newSession,
1767 *newSession,
1768 MACH_MSG_TYPE_MAKE_SEND);
1769
1770 // save audit token
1771 sessionPrivate->auditToken = audit_token;
1772
1773 //
1774 // Note: at this time we should be holding ONE send right and
1775 // ONE receive right to the server. The send right is
1776 // moved to the caller.
1777 //
1778
1779 // start per-session thread
1780 pthread_attr_init(&tattr);
1781 pthread_attr_setscope(&tattr, PTHREAD_SCOPE_SYSTEM);
1782 pthread_attr_setdetachstate(&tattr, PTHREAD_CREATE_DETACHED);
1783 pthread_attr_setstacksize(&tattr, 96 * 1024); // each thread gets a 96K stack
1784 pthread_create(&tid, &tattr, newHelper, (void *)session);
1785 pthread_attr_destroy(&tattr);
1786
1787 *status = kSCStatusOK;
1788
1789 done :
1790
1791 CFRelease(session);
1792 return KERN_SUCCESS;
1793 }
1794
1795
1796 __private_extern__
1797 kern_return_t
1798 _helperexec(mach_port_t server,
1799 uint32_t msgID,
1800 xmlData_t dataRef, /* raw XML bytes */
1801 mach_msg_type_number_t dataLen,
1802 uint32_t *status,
1803 xmlDataOut_t *replyRef, /* raw XML bytes */
1804 mach_msg_type_number_t *replyLen)
1805 {
1806 CFDataRef data = NULL;
1807 int i;
1808 CFDataRef reply = NULL;
1809 SCHelperSessionRef session;
1810
1811 *status = kSCStatusOK;
1812 *replyRef = NULL;
1813 *replyLen = 0;
1814
1815 if ((dataRef != NULL) && (dataLen > 0)) {
1816 if (!_SCUnserializeData(&data, (void *)dataRef, dataLen)) {
1817 *status = SCError();
1818 return KERN_SUCCESS;
1819 }
1820 }
1821
1822 session = __SCHelperSessionFindWithPort(server);
1823 if (session == NULL) {
1824 *status = kSCStatusFailed; /* you must have an open session to play */
1825 goto done;
1826 }
1827
1828 i = findCommand(msgID);
1829 if (i == -1) {
1830 SCLog(TRUE, LOG_ERR, CFSTR("received unknown command : %u"), msgID);
1831 *status = kSCStatusInvalidArgument;
1832 goto done;
1833 }
1834
1835 SCLog(debug, LOG_DEBUG,
1836 CFSTR("%p : processing command \"%s\"%s"),
1837 session,
1838 helpers[i].commandName,
1839 (data != NULL) ? " w/data" : "");
1840
1841 if (helpers[i].needsAuthorization && !hasAuthorization(session)) {
1842 SCLog(debug, LOG_DEBUG,
1843 CFSTR("%p : command \"%s\" : not authorized"),
1844 session,
1845 helpers[i].commandName);
1846 *status = kSCStatusAccessError;
1847 }
1848
1849 if (*status == kSCStatusOK) {
1850 (*helpers[i].func)(session, helpers[i].info, data, status, &reply);
1851 }
1852
1853 if ((*status != -1) || (reply != NULL)) {
1854 Boolean ok;
1855
1856 SCLog(debug, LOG_DEBUG,
1857 CFSTR("%p : sending status %u%s"),
1858 session,
1859 *status,
1860 (reply != NULL) ? " w/reply" : "");
1861
1862 /* serialize the data */
1863 if (reply != NULL) {
1864 ok = _SCSerializeData(reply, (void **)replyRef, (CFIndex *)replyLen);
1865 CFRelease(reply);
1866 reply = NULL;
1867 if (!ok) {
1868 *status = SCError();
1869 goto done;
1870 }
1871 }
1872 }
1873
1874 done :
1875
1876 if (data != NULL) CFRelease(data);
1877 if (reply != NULL) CFRelease(reply);
1878 return KERN_SUCCESS;
1879 }
1880
1881
1882 static CFStringRef
1883 helperMPCopyDescription(const void *info)
1884 {
1885 return CFStringCreateWithFormat(NULL, NULL, CFSTR("<main SCHelper MP>"));
1886 }
1887
1888
1889 static void
1890 init_MiG_1(const launch_data_t l_obj, const char *name, void *info)
1891 {
1892 CFMachPortContext context = { 0
1893 , (void *)1
1894 , NULL
1895 , NULL
1896 , helperMPCopyDescription
1897 };
1898 launch_data_type_t l_type;
1899 CFMachPortRef mp;
1900 int *n_listeners = (int *)info;
1901 CFRunLoopSourceRef rls;
1902 mach_port_t service_port;
1903
1904 // get the mach port
1905 l_type = (l_obj != NULL) ? launch_data_get_type(l_obj) : 0;
1906 if (l_type != LAUNCH_DATA_MACHPORT) {
1907 SCLog(TRUE, LOG_ERR,
1908 CFSTR("SCHelper: error w/MachServices \"%s\" port (%p, %d)"),
1909 (name != NULL) ? name : "?",
1910 l_obj,
1911 l_type);
1912 return;
1913 }
1914 service_port = launch_data_get_machport(l_obj);
1915
1916 // add a run loop source to listen for new requests
1917 mp = _SC_CFMachPortCreateWithPort("SCHelper/server",
1918 service_port,
1919 helperCallback,
1920 &context);
1921 rls = CFMachPortCreateRunLoopSource(NULL, mp, 0);
1922 CFRelease(mp);
1923 CFRunLoopAddSource(CFRunLoopGetCurrent(), rls, kCFRunLoopDefaultMode);
1924 CFRelease(rls);
1925
1926 *n_listeners = *n_listeners + 1;
1927
1928 return;
1929 }
1930
1931
1932 static int
1933 init_MiG(launch_data_t l_reply, int *n_listeners)
1934 {
1935 launch_data_t l_machservices;
1936 launch_data_type_t l_type;
1937
1938 l_machservices = launch_data_dict_lookup(l_reply, LAUNCH_JOBKEY_MACHSERVICES);
1939 l_type = (l_machservices != NULL) ? launch_data_get_type(l_machservices) : 0;
1940 if (l_type != LAUNCH_DATA_DICTIONARY) {
1941 SCLog(TRUE, LOG_ERR,
1942 CFSTR("SCHelper: error w/" LAUNCH_JOBKEY_MACHSERVICES " (%p, %d)"),
1943 l_machservices,
1944 l_type);
1945 return 1;
1946 }
1947
1948 launch_data_dict_iterate(l_machservices, init_MiG_1, (void *)n_listeners);
1949 return 0;
1950 }
1951
1952
1953 #pragma mark -
1954 #pragma mark Main
1955
1956
1957 static const struct option longopts[] = {
1958 { "debug", no_argument, 0, 'd' },
1959 { 0, 0, 0, 0 }
1960 };
1961
1962
1963 int
1964 main(int argc, char **argv)
1965 {
1966 Boolean done = FALSE;
1967 int err = 0;
1968 int gen_reported = 0;
1969 int idle = 0;
1970 launch_data_t l_msg;
1971 launch_data_t l_reply;
1972 launch_data_type_t l_type;
1973 int n_listeners = 0;
1974 extern int optind;
1975 int opt;
1976 int opti;
1977
1978 openlog("SCHelper", LOG_CONS|LOG_PID, LOG_DAEMON);
1979
1980 // process any arguments
1981 while ((opt = getopt_long(argc, argv, "d", longopts, &opti)) != -1) {
1982 switch(opt) {
1983 case 'd':
1984 debug = TRUE;
1985 break;
1986 case 0 :
1987 // if (strcmp(longopts[opti].name, "debug") == 1) {
1988 // }
1989 break;
1990 case '?':
1991 default :
1992 SCLog(TRUE, LOG_ERR,
1993 CFSTR("ignoring unknown or ambiguous command line option"));
1994 break;
1995 }
1996 }
1997 // argc -= optind;
1998 // argv += optind;
1999
2000 if (geteuid() != 0) {
2001 SCLog(TRUE, LOG_ERR, CFSTR("%s"), strerror(EACCES));
2002 exit(EACCES);
2003 }
2004
2005 main_runLoop = CFRunLoopGetCurrent();
2006
2007 l_msg = launch_data_new_string(LAUNCH_KEY_CHECKIN);
2008 l_reply = launch_msg(l_msg);
2009 launch_data_free(l_msg);
2010 l_type = (l_reply != NULL) ? launch_data_get_type(l_reply) : 0;
2011 if (l_type != LAUNCH_DATA_DICTIONARY) {
2012 SCLog(TRUE, LOG_ERR,
2013 CFSTR("SCHelper: error w/launchd " LAUNCH_KEY_CHECKIN " dictionary (%p, %d)"),
2014 l_reply,
2015 l_type);
2016 err = 1;
2017 goto done;
2018 }
2019
2020 err = init_MiG(l_reply, &n_listeners);
2021 if (err != 0) {
2022 goto done;
2023 }
2024
2025 done :
2026
2027 if (l_reply != NULL) launch_data_free(l_reply);
2028
2029 if ((err != 0) || (n_listeners == 0)) {
2030 exit(err);
2031 }
2032
2033 pthread_setname_np("SCHelper main thread");
2034
2035 while (!done) {
2036 SInt32 rlStatus;
2037 int gen_current;
2038
2039 rlStatus = CFRunLoopRunInMode(kCFRunLoopDefaultMode, 15.0, TRUE);
2040
2041 pthread_mutex_lock(&sessions_lock);
2042
2043 if (sessions != NULL) {
2044 if (rlStatus == kCFRunLoopRunTimedOut) {
2045 idle++;
2046
2047 if ((CFSetGetCount(sessions) == 0) && (sessions_closed == 0)) {
2048 // if we don't have any open sessions and no
2049 // sessions have recently been closed
2050 done = TRUE;
2051 }
2052 } else {
2053 idle = 0;
2054 }
2055 }
2056 gen_current = sessions_generation;
2057 sessions_closed = 0;
2058
2059 if (!done && (idle >= (2 * 60 / 15))) {
2060 if (gen_reported != gen_current) {
2061 SCLog(TRUE, LOG_NOTICE, CFSTR("active (but IDLE) sessions"));
2062 CFSetApplyFunction(sessions, __SCHelperSessionLog, NULL);
2063 gen_reported = gen_current;
2064 }
2065 idle = 0;
2066 }
2067
2068 pthread_mutex_unlock(&sessions_lock);
2069 }
2070
2071 exit(EX_OK);
2072 }
mirror of configd