2 * Copyright (c) 2000, 2001, 2003-2005, 2007-2013 Apple Inc. All rights reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
25 * Modification History
27 * June 1, 2001 Allan Nathanson <ajn@apple.com>
28 * - public API conversion
30 * March 24, 2000 Allan Nathanson <ajn@apple.com>
34 #include <SystemConfiguration/SystemConfiguration.h>
36 #include "configd_server.h"
41 #include <bsm/libbsm.h>
44 #if !TARGET_IPHONE_SIMULATOR || (defined(IPHONE_SIMULATOR_HOST_MIN_VERSION_REQUIRED) && (IPHONE_SIMULATOR_HOST_MIN_VERSION_REQUIRED >= 1090))
45 #define HAVE_MACHPORT_GUARDS
49 /* information maintained for each active session */
50 static serverSessionRef
*sessions
= NULL
;
51 static int nSessions
= 0; /* # of allocated sessions */
52 static int lastSession
= -1; /* # of last used session */
54 /* CFMachPortInvalidation runloop */
55 static CFRunLoopRef sessionRunLoop
= NULL
;
58 static serverSessionRef temp_session
= NULL
;
63 getSession(mach_port_t server
)
67 if (server
== MACH_PORT_NULL
) {
68 SCLog(TRUE
, LOG_ERR
, CFSTR("Excuse me, why is getSession() being called with an invalid port?"));
72 /* look for matching session (note: slot 0 is the "server" port) */
73 for (i
= 1; i
<= lastSession
; i
++) {
74 serverSessionRef thisSession
= sessions
[i
];
76 if (thisSession
== NULL
) {
77 /* found an empty slot, skip it */
81 if (thisSession
->key
== server
) {
82 /* we've seen this server before */
86 if ((thisSession
->store
!= NULL
) &&
87 (((SCDynamicStorePrivateRef
)thisSession
->store
)->notifySignalTask
== server
)) {
88 /* we've seen this task port before */
93 /* no sessions available */
100 tempSession(mach_port_t server
, CFStringRef name
, audit_token_t auditToken
)
102 static dispatch_once_t once
;
103 SCDynamicStorePrivateRef storePrivate
;
105 if (sessions
[0]->key
!= server
) {
106 // if not SCDynamicStore "server" port
110 dispatch_once(&once
, ^{
111 temp_session
= sessions
[0]; /* use "server" session */
112 (void) __SCDynamicStoreOpen(&temp_session
->store
, NULL
);
115 /* save audit token, caller entitlements */
116 temp_session
->auditToken
= auditToken
;
117 temp_session
->callerEUID
= 1; /* not "root" */
118 temp_session
->callerRootAccess
= UNKNOWN
;
119 #if TARGET_OS_IPHONE || (__MAC_OS_X_VERSION_MIN_REQUIRED >= 1080/*FIXME*/)
120 if ((temp_session
->callerWriteEntitlement
!= NULL
) &&
121 (temp_session
->callerWriteEntitlement
!= kCFNull
)) {
122 CFRelease(temp_session
->callerWriteEntitlement
);
124 temp_session
->callerWriteEntitlement
= kCFNull
; /* UNKNOWN */
125 #endif // TARGET_OS_IPHONE || (__MAC_OS_X_VERSION_MIN_REQUIRED >= 1080/*FIXME*/)
128 storePrivate
= (SCDynamicStorePrivateRef
)temp_session
->store
;
129 if (storePrivate
->name
!= NULL
) CFRelease(storePrivate
->name
);
130 storePrivate
->name
= CFRetain(name
);
138 addSession(mach_port_t server
, CFStringRef (*copyDescription
)(const void *info
))
140 CFMachPortContext context
= { 0, NULL
, NULL
, NULL
, NULL
};
142 mach_port_t mp
= server
;
144 serverSessionRef newSession
= NULL
;
146 /* save current (SCDynamicStore) runloop */
147 if (sessionRunLoop
== NULL
) {
148 sessionRunLoop
= CFRunLoopGetCurrent();
151 if (nSessions
<= 0) {
152 /* if first session (the "server" port) */
153 n
= 0; /* use slot "0" */
154 lastSession
= 0; /* last used slot */
157 sessions
= malloc(nSessions
* sizeof(serverSessionRef
));
159 // allocate a new session for "the" server
160 newSession
= calloc(1, sizeof(serverSession
));
163 #ifdef HAVE_MACHPORT_GUARDS
164 mach_port_options_t opts
;
165 #endif // HAVE_MACHPORT_GUARDS
167 /* check to see if we already have an open session (note: slot 0 is the "server" port) */
168 for (i
= 1; i
<= lastSession
; i
++) {
169 serverSessionRef thisSession
= sessions
[i
];
171 if (thisSession
== NULL
) {
172 /* found an empty slot */
174 /* keep track of the first [empty] slot */
178 /* and keep looking for a matching session */
182 if (thisSession
->key
== server
) {
183 /* we've seen this server before */
187 if ((thisSession
->store
!= NULL
) &&
188 (((SCDynamicStorePrivateRef
)thisSession
->store
)->notifySignalTask
== server
)) {
189 /* we've seen this task port before */
194 /* add a new session */
196 /* if no empty slots */
198 if (lastSession
>= nSessions
) {
199 /* expand the session list */
201 sessions
= reallocf(sessions
, (nSessions
* sizeof(serverSessionRef
)));
205 // allocate a session for this client
206 newSession
= calloc(1, sizeof(serverSession
));
208 // create mach port for SCDynamicStore client
213 #ifdef HAVE_MACHPORT_GUARDS
214 bzero(&opts
, sizeof(opts
));
215 opts
.flags
= MPO_CONTEXT_AS_GUARD
;
217 kr
= mach_port_construct(mach_task_self(), &opts
, newSession
, &mp
);
218 #else // HAVE_MACHPORT_GUARDS
219 kr
= mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE
, &mp
);
220 #endif // HAVE_MACHPORT_GUARDS
222 if (kr
!= KERN_SUCCESS
) {
225 SCLog(TRUE
, LOG_ERR
, CFSTR("addSession: could not allocate mach port: %s"), mach_error_string(kr
));
226 if ((kr
== KERN_NO_SPACE
) || (kr
== KERN_RESOURCE_SHORTAGE
)) {
231 (void) asprintf(&err
, "addSession: could not allocate mach port: %s", mach_error_string(kr
));
232 _SC_crash(err
!= NULL
? err
: "addSession: could not allocate mach port",
235 if (err
!= NULL
) free(err
);
242 // create server port
243 context
.info
= newSession
;
244 context
.copyDescription
= copyDescription
;
247 // Note: we create the CFMachPort *before* we insert a send
248 // right present to ensure that CF does not establish
249 // its dead name notification.
251 newSession
->serverPort
= _SC_CFMachPortCreateWithPort("SCDynamicStore/session",
257 // insert send right that will be moved to the client
258 kr
= mach_port_insert_right(mach_task_self(),
261 MACH_MSG_TYPE_MAKE_SEND
);
262 if (kr
!= KERN_SUCCESS
) {
264 * We can't insert a send right into our own port! This should
265 * only happen if someone stomped on OUR port (so let's leave
268 SCLog(TRUE
, LOG_ERR
, CFSTR("addSession mach_port_insert_right(): %s"), mach_error_string(kr
));
275 sessions
[n
] = newSession
;
276 sessions
[n
]->key
= mp
;
277 // sessions[n]->serverRunLoopSource = NULL;
278 // sessions[n]->store = NULL;
279 sessions
[n
]->callerEUID
= 1; /* not "root" */
280 sessions
[n
]->callerRootAccess
= UNKNOWN
;
281 #if TARGET_OS_IPHONE || (__MAC_OS_X_VERSION_MIN_REQUIRED >= 1080/*FIXME*/)
282 sessions
[n
]->callerWriteEntitlement
= kCFNull
; /* UNKNOWN */
283 #endif // TARGET_OS_IPHONE || (__MAC_OS_X_VERSION_MIN_REQUIRED >= 1080/*FIXME*/)
291 cleanupSession(mach_port_t server
)
295 for (i
= 1; i
<= lastSession
; i
++) {
296 CFStringRef sessionKey
;
297 serverSessionRef thisSession
= sessions
[i
];
299 if (thisSession
== NULL
) {
300 /* found an empty slot, skip it */
304 if (thisSession
->key
== server
) {
306 * session entry still exists.
309 if (_configd_trace
) {
310 SCTrace(TRUE
, _configd_trace
, CFSTR("cleanup : %5d\n"), server
);
314 * Close any open connections including cancelling any outstanding
315 * notification requests and releasing any locks.
317 __MACH_PORT_DEBUG(TRUE
, "*** cleanupSession", server
);
318 (void) __SCDynamicStoreClose(&thisSession
->store
);
319 __MACH_PORT_DEBUG(TRUE
, "*** cleanupSession (after __SCDynamicStoreClose)", server
);
322 * Our send right has already been removed. Remove our receive right.
324 #ifdef HAVE_MACHPORT_GUARDS
325 (void) mach_port_destruct(mach_task_self(), server
, 0, thisSession
);
326 #else // HAVE_MACHPORT_GUARDS
327 (void) mach_port_mod_refs(mach_task_self(), server
, MACH_PORT_RIGHT_RECEIVE
, -1);
328 #endif // HAVE_MACHPORT_GUARDS
330 #if TARGET_OS_IPHONE || (__MAC_OS_X_VERSION_MIN_REQUIRED >= 1080/*FIXME*/)
332 * release any entitlement info
334 if ((thisSession
->callerWriteEntitlement
!= NULL
) &&
335 (thisSession
->callerWriteEntitlement
!= kCFNull
)) {
336 CFRelease(thisSession
->callerWriteEntitlement
);
338 #endif // TARGET_OS_IPHONE || (__MAC_OS_X_VERSION_MIN_REQUIRED >= 1080/*FIXME*/)
341 * We don't need any remaining information in the
342 * sessionData dictionary, remove it.
344 sessionKey
= CFStringCreateWithFormat(NULL
, NULL
, CFSTR("%d"), server
);
345 CFDictionaryRemoveValue(sessionData
, sessionKey
);
346 CFRelease(sessionKey
);
349 * get rid of the per-session structure.
354 if (i
== lastSession
) {
355 /* we are removing the last session, update last used slot */
356 while (--lastSession
> 0) {
357 if (sessions
[lastSession
] != NULL
) {
367 SCLog(TRUE
, LOG_ERR
, CFSTR("MACH_NOTIFY_NO_SENDERS w/no session, port = %d"), server
);
368 __MACH_PORT_DEBUG(TRUE
, "*** cleanupSession w/no session", server
);
375 listSessions(FILE *f
)
379 SCPrint(TRUE
, f
, CFSTR("Current sessions :\n"));
380 for (i
= 0; i
<= lastSession
; i
++) {
381 serverSessionRef thisSession
= sessions
[i
];
383 if (thisSession
== NULL
) {
387 SCPrint(TRUE
, f
, CFSTR("\t%d : port = 0x%x"), i
, thisSession
->key
);
389 if (thisSession
->store
!= NULL
) {
390 SCDynamicStorePrivateRef storePrivate
= (SCDynamicStorePrivateRef
)thisSession
->store
;
392 if (storePrivate
->notifySignalTask
!= TASK_NULL
) {
393 SCPrint(TRUE
, f
, CFSTR(", task = %d"), storePrivate
->notifySignalTask
);
397 if (sessionData
!= NULL
) {
398 CFDictionaryRef info
;
401 key
= CFStringCreateWithFormat(NULL
, NULL
, CFSTR("%d"), thisSession
->key
);
402 info
= CFDictionaryGetValue(sessionData
, key
);
407 name
= CFDictionaryGetValue(info
, kSCDName
);
409 SCPrint(TRUE
, f
, CFSTR(", name = %@"), name
);
414 if (thisSession
->serverPort
!= NULL
) {
415 SCPrint(TRUE
, f
, CFSTR("\n\t\t%@"), thisSession
->serverPort
);
418 if (thisSession
->serverRunLoopSource
!= NULL
) {
419 SCPrint(TRUE
, f
, CFSTR("\n\t\t%@"), thisSession
->serverRunLoopSource
);
422 SCPrint(TRUE
, f
, CFSTR("\n"));
425 SCPrint(TRUE
, f
, CFSTR("\n"));
430 #if TARGET_OS_IPHONE || (__MAC_OS_X_VERSION_MIN_REQUIRED >= 1080/*FIXME*/)
432 #include <Security/Security.h>
433 #include <Security/SecTask.h>
436 sessionName(serverSessionRef session
)
438 CFDictionaryRef info
;
439 CFStringRef name
= NULL
;
440 CFStringRef sessionKey
;
442 sessionKey
= CFStringCreateWithFormat(NULL
, NULL
, CFSTR("%d"), session
->key
);
443 info
= CFDictionaryGetValue(sessionData
, sessionKey
);
444 CFRelease(sessionKey
);
447 name
= CFDictionaryGetValue(info
, kSCDName
);
450 return (name
!= NULL
) ? name
: CFSTR("???");
454 copyEntitlement(serverSessionRef session
, CFStringRef entitlement
)
457 CFTypeRef value
= NULL
;
459 // Create the security task from the audit token
460 task
= SecTaskCreateWithAuditToken(NULL
, session
->auditToken
);
462 CFErrorRef error
= NULL
;
464 // Get the value for the entitlement
465 value
= SecTaskCopyValueForEntitlement(task
, entitlement
, &error
);
466 if ((value
== NULL
) && (error
!= NULL
)) {
467 CFIndex code
= CFErrorGetCode(error
);
468 CFStringRef domain
= CFErrorGetDomain(error
);
470 if (!CFEqual(domain
, kCFErrorDomainMach
) ||
471 ((code
!= kIOReturnInvalid
) && (code
!= kIOReturnNotFound
))) {
472 // if unexpected error
474 CFSTR("SecTaskCopyValueForEntitlement(,\"%@\",) failed, error = %@ : %@"),
477 sessionName(session
));
485 CFSTR("SecTaskCreateWithAuditToken() failed: %@"),
486 sessionName(session
));
492 #endif // TARGET_OS_IPHONE || (__MAC_OS_X_VERSION_MIN_REQUIRED >= 1080/*FIXME*/)
496 sessionPid(serverSessionRef session
)
500 #if (__MAC_OS_X_VERSION_MIN_REQUIRED >= 1080) && !TARGET_OS_IPHONE
501 caller_pid
= audit_token_to_pid(session
->auditToken
);
502 #else // (__MAC_OS_X_VERSION_MIN_REQUIRED >= 1080) && !TARGET_OS_IPHONE
503 audit_token_to_au32(session
->auditToken
,
512 #endif // (__MAC_OS_X_VERSION_MIN_REQUIRED >= 1080) && !TARGET_OS_IPHONE
520 hasRootAccess(serverSessionRef session
)
522 #if !TARGET_IPHONE_SIMULATOR
524 if (session
->callerRootAccess
== UNKNOWN
) {
525 #if (__MAC_OS_X_VERSION_MIN_REQUIRED >= 1080) && !TARGET_OS_IPHONE
526 session
->callerEUID
= audit_token_to_euid(session
->auditToken
);
527 #else // (__MAC_OS_X_VERSION_MIN_REQUIRED >= 1080) && !TARGET_OS_IPHONE
528 audit_token_to_au32(session
->auditToken
,
530 &session
->callerEUID
, // euid
537 #endif // (__MAC_OS_X_VERSION_MIN_REQUIRED >= 1080) && !TARGET_OS_IPHONE
538 session
->callerRootAccess
= (session
->callerEUID
== 0) ? YES
: NO
;
541 return (session
->callerRootAccess
== YES
) ? TRUE
: FALSE
;
543 #else // !TARGET_IPHONE_SIMULATOR
546 * assume that all processes interacting with
547 * the iOS Simulator "configd" are OK.
551 #endif // !TARGET_IPHONE_SIMULATOR
557 hasWriteAccess(serverSessionRef session
, CFStringRef key
)
561 // need to special case writing "Setup:" keys
562 isSetup
= CFStringHasPrefix(key
, kSCDynamicStoreDomainSetup
);
564 if (hasRootAccess(session
)) {
567 // grant write access to eUID==0 processes
569 pid
= sessionPid(session
);
570 if (isSetup
&& (pid
!= getpid())) {
574 * This is NOT configd (or a plugin) trying to
575 * write to an SCDynamicStore "Setup:" key. In
576 * general, this is unwise and we should at the
577 * very least complain.
580 CFSTR("*** Non-configd process (pid=%d) attempting to modify \"%@\" ***"),
592 * This is a non-root process trying to write to
593 * an SCDynamicStore "Setup:" key. This is not
594 * something we should ever allow (regardless of
598 CFSTR("*** Non-root process (pid=%d) attempting to modify \"%@\" ***"),
602 //return FALSE; // return FALSE when rdar://9811832 has beed fixed
605 #if TARGET_OS_IPHONE || (__MAC_OS_X_VERSION_MIN_REQUIRED >= 1080/*FIXME*/)
606 if (session
->callerWriteEntitlement
== kCFNull
) {
607 session
->callerWriteEntitlement
= copyEntitlement(session
,
608 kSCWriteEntitlementName
);
611 if (session
->callerWriteEntitlement
== NULL
) {
615 if (isA_CFBoolean(session
->callerWriteEntitlement
) &&
616 CFBooleanGetValue(session
->callerWriteEntitlement
)) {
617 // grant write access to "entitled" processes
621 if (isA_CFDictionary(session
->callerWriteEntitlement
)) {
625 keys
= CFDictionaryGetValue(session
->callerWriteEntitlement
, CFSTR("keys"));
626 if (isA_CFArray(keys
)) {
627 if (CFArrayContainsValue(keys
,
628 CFRangeMake(0, CFArrayGetCount(keys
)),
630 // if key matches one of the entitlement "keys", grant
636 patterns
= CFDictionaryGetValue(session
->callerWriteEntitlement
, CFSTR("patterns"));
637 if (isA_CFArray(patterns
)) {
639 CFIndex n
= CFArrayGetCount(patterns
);
641 for (i
= 0; i
< n
; i
++) {
644 pattern
= CFArrayGetValueAtIndex(patterns
, i
);
645 if (isA_CFString(pattern
)) {
646 if (patternKeyMatches(pattern
, key
)) {
647 // if key matches one of the entitlement
648 // "patterns", grant write access
655 #endif // TARGET_OS_IPHONE || (__MAC_OS_X_VERSION_MIN_REQUIRED >= 1080/*FIXME*/)
663 hasPathAccess(serverSessionRef session
, const char *path
)
666 char realPath
[PATH_MAX
];
668 if (realpath(path
, realPath
) == NULL
) {
669 SCLog(TRUE
, LOG_DEBUG
, CFSTR("hasPathAccess realpath() failed: %s"), strerror(errno
));
673 #if (__MAC_OS_X_VERSION_MIN_REQUIRED >= 1080) && !TARGET_OS_IPHONE
674 pid
= audit_token_to_pid(session
->auditToken
);
675 #else // (__MAC_OS_X_VERSION_MIN_REQUIRED >= 1080) && !TARGET_OS_IPHONE
676 audit_token_to_au32(session
->auditToken
,
685 #endif // (__MAC_OS_X_VERSION_MIN_REQUIRED >= 1080) && !TARGET_OS_IPHONE
686 if (sandbox_check(pid
, // pid
687 "file-write-data", // operation
688 SANDBOX_FILTER_PATH
| SANDBOX_CHECK_NO_REPORT
, // sandbox_filter_type
689 realPath
) > 0) { // ...
690 SCLog(TRUE
, LOG_DEBUG
, CFSTR("hasPathAccess sandbox access denied: %s"), strerror(errno
));