]>
git.saurik.com Git - apple/security.git/blob - SecurityServer/ssclient.cpp
2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
20 // ssclient - SecurityServer client interface library
22 #include "sstransit.h"
23 #include <servers/netname.h>
24 #include <Security/debugging.h>
26 using MachPlusPlus::check
;
27 using MachPlusPlus::Bootstrap
;
28 using CodeSigning::OSXCode
;
32 namespace SecurityServer
{
36 // The process-global object
38 ModuleNexus
<ClientSession::Global
> ClientSession::mGlobal
;
39 bool ClientSession::mSetupSession
;
43 // Construct a client session
45 ClientSession::ClientSession(CssmAllocator
&std
, CssmAllocator
&rtn
)
46 : internalAllocator(std
), returnAllocator(rtn
)
53 ClientSession::~ClientSession()
58 // Activate a client session: This connects to the SecurityServer and executes
59 // application authentication
61 void ClientSession::activate()
63 Global
&global
= mGlobal();
64 Thread
&thread
= global
.thread();
66 // first time for this thread - use abbreviated registration
67 IPCN(ucsp_client_setup(UCSP_ARGS
, mach_task_self(), ""));
68 thread
.registered
= true;
69 global
.serverPort
.requestNotify(thread
.replyPort
, MACH_NOTIFY_DEAD_NAME
, true);
70 debug("SSclnt", "Thread registered with SecurityServer");
76 // Construct the process-global state object.
77 // The ModuleNexus construction magic will ensure that this happens uniquely
78 // even if the face of multithreaded attack.
79 // Do note that the mSetupSession (session creation) case is gated by a global flag,
80 // and it's the caller's responsibility not to multithread-race it.
82 ClientSession::Global::Global()
85 Bootstrap myBootstrap
;
86 serverPort
= myBootstrap
.lookup("SecurityServer");
87 debug("SSclnt", "contacting SecurityServer at port %d", serverPort
.port());
89 // send identification/setup message
92 myself
= OSXCode::main();
93 extForm
= myself
->encode();
94 debug("SSclnt", "my OSXCode extForm=%s", extForm
.c_str());
96 // leave extForm empty
97 debug("SSclnt", "failed to obtain my own OSXCode");
99 // cannot use UCSP_ARGS here because it uses mGlobal() -> deadlock
100 Thread
&thread
= this->thread();
103 debug("SSclnt", "sending session setup request");
104 mSetupSession
= false;
105 IPCN(ucsp_client_setupNew(serverPort
, thread
.replyPort
, &rcode
,
106 mach_task_self(), extForm
.c_str(), &serverPort
.port()));
107 debug("SSclnt", "new session server port is %d", serverPort
.port());
109 IPCN(ucsp_client_setup(serverPort
, thread
.replyPort
, &rcode
,
110 mach_task_self(), extForm
.c_str()));
112 thread
.registered
= true; // as a side-effect of setup call above
113 serverPort
.requestNotify(thread
.replyPort
, MACH_NOTIFY_DEAD_NAME
, true);
114 debug("SSclnt", "contact with SecurityServer established");
119 // Terminate a session. This is called by the session destructor, or explicitly.
121 void ClientSession::terminate()
124 debug("SSclnt", "ClientSession::terminate() call ignored");
128 } // end namespace SecurityServer
130 } // end namespace Security