[apple/libsecurity_codesigning.git] / lib / SecCodeHostLib.c

/*
 * Copyright (c) 2007 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */
#include "SecCodeHost.h"
#include "SecCodeHostLib.h"
#include <Security/Security.h>
#include <Security/AuthSession.h>
#include <securityd_client/ucsp.h>
#include <servers/bootstrap.h>


//
// Global state
//
mach_port_t gServerPort;
SecCSFlags gInitFlags;


//
// Framing macros and facilities
//
#define UCSP_ARGS	gServerPort, mig_get_reply_port(), &securitydCreds, &rcode
#define ATTRDATA(attr) (void *)(attr), (attr) ? strlen((attr)) : 0

#define CALL(func) \
	security_token_t securitydCreds; \
	CSSM_RETURN rcode; \
	if (KERN_SUCCESS != func) \
		return errSecCSInternalError; \
	if (securitydCreds.val[0] != 0) \
		return CSSM_ERRCODE_VERIFICATION_FAILURE; \
	return rcode


//
// Mandatory initialization call
//
OSStatus SecHostLibInit(SecCSFlags flags)
{
	if (gServerPort != MACH_PORT_NULL)	// re-initialization attempt
		return errSecCSInternalError;

	mach_port_t bootstrapPort;
	if (KERN_SUCCESS != task_get_bootstrap_port(mach_task_self(), &bootstrapPort))
		return errSecCSInternalError;
	static char serverName[BOOTSTRAP_MAX_NAME_LEN] = SECURITYSERVER_BOOTSTRAP_NAME;
	if (KERN_SUCCESS != bootstrap_look_up(bootstrapPort, serverName, &gServerPort))
		return errSecCSInternalError;

	ClientSetupInfo info = { 0x1234, SSPROTOVERSION };
	CALL(ucsp_client_setup(UCSP_ARGS, mach_task_self(), info, "?:unspecified"));
}


//
// Guest creation.
// At this time, this ONLY supports the creation of (one) dedicated guest.
//
OSStatus SecHostLibCreateGuest(SecGuestRef host,
	uint32_t status, const char *path, const char *attributeXML,
	SecCSFlags flags, SecGuestRef *newGuest)
{
	return SecHostLibCreateGuest2(host, status, path, "", 0, attributeXML, flags, newGuest);
}

OSStatus SecHostLibCreateGuest2(SecGuestRef host,
	uint32_t status, const char *path, const void *cdhash, size_t cdhashLength, const char *attributeXML,
	SecCSFlags flags, SecGuestRef *newGuest)
{
	if (flags != kSecCSDedicatedHost)
		return errSecCSInvalidFlags;
	
	CALL(ucsp_client_createGuest(UCSP_ARGS, host, status, path,
		(void *)cdhash, cdhashLength, ATTRDATA(attributeXML), flags, newGuest));
}


//
// Update the status of a guest.
//
OSStatus SecHostLibSetGuestStatus(SecGuestRef guestRef,
	uint32_t status, const char *attributeXML,
	SecCSFlags flags)
{
	CALL(ucsp_client_setGuestStatus(UCSP_ARGS, guestRef, status, ATTRDATA(attributeXML)));
}


//
// Enable dynamic hosting mode.
//
OSStatus SecHostSetHostingPort(mach_port_t hostingPort, SecCSFlags flags)
{
	CALL(ucsp_client_registerHosting(UCSP_ARGS, hostingPort, flags));
}


//
// Helper for checked incorporation of code.
//
OSStatus SecHostLibCheckLoad(const char *path, SecRequirementType type)
{
	CALL(ucsp_client_helpCheckLoad(UCSP_ARGS, path, type));
}
Commit	Line	Data
7d31e928 A	1	/*
	2	* Copyright (c) 2007 Apple Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
d1c1ab47	23	#include "SecCodeHost.h"
7d31e928 A	24	#include "SecCodeHostLib.h"
	25	#include <Security/Security.h>
	26	#include <Security/AuthSession.h>
	27	#include <securityd_client/ucsp.h>
	28	#include <servers/bootstrap.h>
	29
	30
	31	//
	32	// Global state
	33	//
	34	mach_port_t gServerPort;
	35	SecCSFlags gInitFlags;
	36
	37
	38	//
	39	// Framing macros and facilities
	40	//
	41	#define UCSP_ARGS gServerPort, mig_get_reply_port(), &securitydCreds, &rcode
	42	#define ATTRDATA(attr) (void *)(attr), (attr) ? strlen((attr)) : 0
	43
	44	#define CALL(func) \
	45	security_token_t securitydCreds; \
	46	CSSM_RETURN rcode; \
	47	if (KERN_SUCCESS != func) \
	48	return errSecCSInternalError; \
	49	if (securitydCreds.val[0] != 0) \
	50	return CSSM_ERRCODE_VERIFICATION_FAILURE; \
	51	return rcode
	52
	53
	54
	55	//
	56	// Mandatory initialization call
	57	//
	58	OSStatus SecHostLibInit(SecCSFlags flags)
	59	{
	60	if (gServerPort != MACH_PORT_NULL) // re-initialization attempt
	61	return errSecCSInternalError;
	62
	63	mach_port_t bootstrapPort;
	64	if (KERN_SUCCESS != task_get_bootstrap_port(mach_task_self(), &bootstrapPort))
	65	return errSecCSInternalError;
	66	static char serverName[BOOTSTRAP_MAX_NAME_LEN] = SECURITYSERVER_BOOTSTRAP_NAME;
d1c1ab47	67	if (KERN_SUCCESS != bootstrap_look_up(bootstrapPort, serverName, &gServerPort))
7d31e928 A	68	return errSecCSInternalError;
	69
	70	ClientSetupInfo info = { 0x1234, SSPROTOVERSION };
	71	CALL(ucsp_client_setup(UCSP_ARGS, mach_task_self(), info, "?:unspecified"));
	72	}
	73
	74
	75	//
	76	// Guest creation.
	77	// At this time, this ONLY supports the creation of (one) dedicated guest.
	78	//
	79	OSStatus SecHostLibCreateGuest(SecGuestRef host,
	80	uint32_t status, const char path, const char attributeXML,
	81	SecCSFlags flags, SecGuestRef *newGuest)
d1c1ab47 A	82	{
	83	return SecHostLibCreateGuest2(host, status, path, "", 0, attributeXML, flags, newGuest);
	84	}
	85
	86	OSStatus SecHostLibCreateGuest2(SecGuestRef host,
	87	uint32_t status, const char path, const void cdhash, size_t cdhashLength, const char *attributeXML,
	88	SecCSFlags flags, SecGuestRef *newGuest)
7d31e928 A	89	{
	90	if (flags != kSecCSDedicatedHost)
	91	return errSecCSInvalidFlags;
	92
	93	CALL(ucsp_client_createGuest(UCSP_ARGS, host, status, path,
d1c1ab47	94	(void *)cdhash, cdhashLength, ATTRDATA(attributeXML), flags, newGuest));
7d31e928 A	95	}
	96
	97
	98	//
	99	// Update the status of a guest.
	100	//
	101	OSStatus SecHostLibSetGuestStatus(SecGuestRef guestRef,
	102	uint32_t status, const char *attributeXML,
	103	SecCSFlags flags)
	104	{
	105	CALL(ucsp_client_setGuestStatus(UCSP_ARGS, guestRef, status, ATTRDATA(attributeXML)));
	106	}
	107
	108
	109	//
	110	// Enable dynamic hosting mode.
	111	//
	112	OSStatus SecHostSetHostingPort(mach_port_t hostingPort, SecCSFlags flags)
	113	{
	114	CALL(ucsp_client_registerHosting(UCSP_ARGS, hostingPort, flags));
	115	}
d1c1ab47 A	116
	117
	118	//
	119	// Helper for checked incorporation of code.
	120	//
	121	OSStatus SecHostLibCheckLoad(const char *path, SecRequirementType type)
	122	{
	123	CALL(ucsp_client_helpCheckLoad(UCSP_ARGS, path, type));
	124	}