lib/SecCodeHostLib.c

   1 /*
   2  * Copyright (c) 2007 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23 //#include <Security/SecCodeHostLib.h>
  24 #include "SecCodeHostLib.h"
  25 #include <Security/Security.h>
  26 #include <Security/AuthSession.h>
  27 #include <securityd_client/ucsp.h>
  28 #include <servers/bootstrap.h>
  29
  30
  31 //
  32 // Global state
  33 //
  34 mach_port_t gServerPort;
  35 SecCSFlags gInitFlags;
  36
  37
  38 //
  39 // Framing macros and facilities
  40 //
  41 #define UCSP_ARGS       gServerPort, mig_get_reply_port(), &securitydCreds, &rcode
  42 #define ATTRDATA(attr) (void *)(attr), (attr) ? strlen((attr)) : 0
  43
  44 #define CALL(func) \
  45         security_token_t securitydCreds; \
  46         CSSM_RETURN rcode; \
  47         if (KERN_SUCCESS != func) \
  48                 return errSecCSInternalError; \
  49         if (securitydCreds.val[0] != 0) \
  50                 return CSSM_ERRCODE_VERIFICATION_FAILURE; \
  51         return rcode
  52
  53
  54
  55 //
  56 // Mandatory initialization call
  57 //
  58 OSStatus SecHostLibInit(SecCSFlags flags)
  59 {
  60         if (gServerPort != MACH_PORT_NULL)      // re-initialization attempt
  61                 return errSecCSInternalError;
  62
  63         mach_port_t bootstrapPort;
  64         if (KERN_SUCCESS != task_get_bootstrap_port(mach_task_self(), &bootstrapPort))
  65                 return errSecCSInternalError;
  66         static char serverName[BOOTSTRAP_MAX_NAME_LEN] = SECURITYSERVER_BOOTSTRAP_NAME;
  67         if (KERN_SUCCESS != bootstrap_look_up(bootstrapPort,
  68                 serverName, &gServerPort))
  69                 return errSecCSInternalError;
  70
  71         ClientSetupInfo info = { 0x1234, SSPROTOVERSION };
  72         CALL(ucsp_client_setup(UCSP_ARGS, mach_task_self(), info, "?:unspecified"));
  73 }
  74
  75
  76 //
  77 // Guest creation.
  78 // At this time, this ONLY supports the creation of (one) dedicated guest.
  79 //
  80 OSStatus SecHostLibCreateGuest(SecGuestRef host,
  81         uint32_t status, const char *path, const char *attributeXML,
  82         SecCSFlags flags, SecGuestRef *newGuest)
  83 {
  84         if (flags != kSecCSDedicatedHost)
  85                 return errSecCSInvalidFlags;
  86
  87         CALL(ucsp_client_createGuest(UCSP_ARGS, host, status, path,
  88                 ATTRDATA(attributeXML), flags, newGuest));
  89 }
  90
  91
  92 //
  93 // Update the status of a guest.
  94 //
  95 OSStatus SecHostLibSetGuestStatus(SecGuestRef guestRef,
  96         uint32_t status, const char *attributeXML,
  97         SecCSFlags flags)
  98 {
  99         CALL(ucsp_client_setGuestStatus(UCSP_ARGS, guestRef, status, ATTRDATA(attributeXML)));
 100 }
 101
 102
 103 //
 104 // Enable dynamic hosting mode.
 105 //
 106 OSStatus SecHostSetHostingPort(mach_port_t hostingPort, SecCSFlags flags)
 107 {
 108         CALL(ucsp_client_registerHosting(UCSP_ARGS, hostingPort, flags));
 109 }