]> git.saurik.com Git - apple/security.git/blob - SecurityServer/ssclient.cpp
Security-54.1.3.tar.gz
[apple/security.git] / SecurityServer / ssclient.cpp
1 /*
2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 //
20 // ssclient - SecurityServer client interface library
21 //
22 #include "sstransit.h"
23 #include <servers/netname.h>
24 #include <Security/debugging.h>
25
26 using MachPlusPlus::check;
27 using MachPlusPlus::Bootstrap;
28 using CodeSigning::OSXCode;
29
30
31 namespace Security {
32 namespace SecurityServer {
33
34
35 //
36 // The process-global object
37 //
38 UnixPlusPlus::StaticForkMonitor ClientSession::mHasForked;
39 ModuleNexus<ClientSession::Global> ClientSession::mGlobal;
40 bool ClientSession::mSetupSession;
41
42
43 //
44 // Construct a client session
45 //
46 ClientSession::ClientSession(CssmAllocator &std, CssmAllocator &rtn)
47 : internalAllocator(std), returnAllocator(rtn)
48 { }
49
50
51 //
52 // Destroy a session
53 //
54 ClientSession::~ClientSession()
55 { }
56
57
58 //
59 // Activate a client session: This connects to the SecurityServer and executes
60 // application authentication
61 //
62 void ClientSession::activate()
63 {
64 // Guard against fork-without-exec. If we are the child of a fork
65 // (that has not exec'ed), our apparent connection to SecurityServer
66 // is just a mirage, and we better reset it.
67 if (mHasForked()) {
68 debug("SSclnt", "process has forked (now pid=%d) - resetting connection object", getpid());
69 mGlobal.reset();
70 }
71
72 // now pick up the (new or existing) connection state
73 Global &global = mGlobal();
74 Thread &thread = global.thread();
75 if (!thread) {
76 // first time for this thread - use abbreviated registration
77 IPCN(ucsp_client_setup(UCSP_ARGS, mach_task_self(), ""));
78 thread.registered = true;
79 global.serverPort.requestNotify(thread.replyPort, MACH_NOTIFY_DEAD_NAME, true);
80 debug("SSclnt", "Thread registered with SecurityServer");
81 }
82 }
83
84
85 //
86 // Construct the process-global state object.
87 // The ModuleNexus construction magic will ensure that this happens uniquely
88 // even if the face of multithreaded attack.
89 // Do note that the mSetupSession (session creation) case is gated by a global flag,
90 // and it's the caller's responsibility not to multithread-race it.
91 //
92 ClientSession::Global::Global()
93 {
94 // find server port
95 Bootstrap myBootstrap;
96 serverPort = myBootstrap.lookup("SecurityServer");
97 debug("SSclnt", "contacting SecurityServer at port %d", serverPort.port());
98
99 // send identification/setup message
100 string extForm;
101 try {
102 myself = OSXCode::main();
103 extForm = myself->encode();
104 debug("SSclnt", "my OSXCode extForm=%s", extForm.c_str());
105 } catch (...) {
106 // leave extForm empty
107 debug("SSclnt", "failed to obtain my own OSXCode");
108 }
109 // cannot use UCSP_ARGS here because it uses mGlobal() -> deadlock
110 Thread &thread = this->thread();
111
112 if (mSetupSession) {
113 debug("SSclnt", "sending session setup request");
114 mSetupSession = false;
115 IPCN(ucsp_client_setupNew(serverPort, thread.replyPort, &rcode,
116 mach_task_self(), extForm.c_str(), &serverPort.port()));
117 debug("SSclnt", "new session server port is %d", serverPort.port());
118 } else {
119 IPCN(ucsp_client_setup(serverPort, thread.replyPort, &rcode,
120 mach_task_self(), extForm.c_str()));
121 }
122 thread.registered = true; // as a side-effect of setup call above
123 serverPort.requestNotify(thread.replyPort, MACH_NOTIFY_DEAD_NAME, true);
124 debug("SSclnt", "contact with SecurityServer established");
125 }
126
127
128 //
129 // Terminate a session. This is called by the session destructor, or explicitly.
130 //
131 void ClientSession::terminate()
132 {
133 // currently defunct
134 debug("SSclnt", "ClientSession::terminate() call ignored");
135 }
136
137
138 } // end namespace SecurityServer
139
140 } // end namespace Security