OSX/libsecurityd/lib/SharedMemoryClient.cpp

   1 #include <sys/mman.h>
   2 #include <sys/types.h>
   3 #include <sys/stat.h>
   4 #include <unistd.h>
   5 #include <fcntl.h>
   6 #include <architecture/byte_order.h>
   7 #include <security_cdsa_utilities/cssmdb.h>
   8 #include "SharedMemoryClient.h"
   9 #include <string>
  10 #include <security_utilities/crc.h>
  11 #include <securityd_client/ssnotify.h>
  12 #include <Security/SecKeychain.h>
  13
  14 using namespace Security;
  15
  16 //=================================================================================
  17 //                          SharedMemoryClient
  18 //=================================================================================
  19
  20 static std::string unixerrorstr(int errnum) {
  21     string errstr;
  22     char buf[1024];
  23     // might return ERANGE
  24     /* int rx = */ strerror_r(errnum, buf, sizeof(buf));
  25     errstr = string(buf);
  26     errstr += "(" + to_string(errnum) + ")";
  27     return errstr;
  28 }
  29
  30 SharedMemoryClient::SharedMemoryClient (const char* segmentName, SegmentOffsetType segmentSize, uid_t uid)
  31 {
  32         StLock<Mutex> _(mMutex);
  33
  34         mSegmentName = segmentName;
  35         mSegmentSize = segmentSize;
  36     mSegment = (u_int8_t*) MAP_FAILED;
  37     mDataArea = mDataPtr = 0;
  38     mUID = uid;
  39
  40     secdebug("MDSPRIVACY","[%03d] creating SharedMemoryClient with segmentName %s, size: %d", mUID, segmentName, segmentSize);
  41
  42     if (segmentSize < sizeof(u_int32_t))
  43                 return;
  44
  45         // make the name
  46         int segmentDescriptor;
  47         {
  48         std::string name(SharedMemoryCommon::SharedMemoryFilePath(mSegmentName.c_str(), mUID));
  49
  50                 // make a connection to the shared memory block
  51                 segmentDescriptor = open (name.c_str(), O_RDONLY, S_IROTH);
  52                 if (segmentDescriptor < 0) // error on opening the shared memory segment?
  53                 {
  54             secdebug("MDSPRIVACY","[%03d] SharedMemoryClient open of %s failed: %s", mUID, name.c_str(), unixerrorstr(errno).c_str());
  55                         // CssmError::throwMe (CSSM_ERRCODE_INTERNAL_ERROR);
  56                         return;
  57                 }
  58         }
  59
  60     // check that the file size is large enough to support operations
  61     struct stat statResult = {};
  62     int result = fstat(segmentDescriptor, &statResult);
  63     if(result) {
  64         secdebug("MDSPRIVACY","[%03d] SharedMemoryClient fstat failed: %d/%s", mUID, result, unixerrorstr(errno).c_str());
  65         UnixError::throwMe(errno);
  66     }
  67
  68     off_t sz = statResult.st_size;
  69     if(sz < sizeof(SegmentOffsetType)) {
  70         close(segmentDescriptor);
  71         return;
  72     }
  73
  74     if(sz > 4*segmentSize) {
  75         // File is too ridiculously large. Quit.
  76         close(segmentDescriptor);
  77         return;
  78     }
  79
  80         // map the segment into place
  81         mSegment = (u_int8_t*) mmap (NULL, segmentSize, PROT_READ, MAP_SHARED, segmentDescriptor, 0);
  82         close (segmentDescriptor);
  83
  84         if (mSegment == MAP_FAILED)
  85         {
  86         secdebug("MDSPRIVACY","[%03d] SharedMemoryClient mmap failed: %d", mUID, errno);
  87                 return;
  88         }
  89
  90         mDataArea = mSegment + sizeof (SegmentOffsetType);
  91         mDataMax = mSegment + sz;
  92         mDataPtr = mDataArea + GetProducerCount ();
  93 }
  94
  95
  96
  97 SharedMemoryClient::~SharedMemoryClient ()
  98 {
  99     if (!uninitialized()) {
 100         StLock<Mutex> _(mMutex);
 101         munmap (mSegment, mSegmentSize);
 102     }
 103 }
 104
 105
 106 SegmentOffsetType SharedMemoryClient::GetProducerCount ()
 107 {
 108     if (uninitialized()) {
 109         secdebug("MDSPRIVACY","[%03d] SharedMemoryClient::GetProducerCount uninitialized", mUID);
 110                 CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR);
 111         }
 112     if( ((u_int8_t*) (((u_int32_t*) mSegment) + 1)) > mDataMax) {
 113         // Check we can actually read this u_int32_t
 114         secdebug("MDSPRIVACY","[%03d] SharedMemoryClient::GetProducerCount uint > mDataMax", mUID);
 115         CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR);
 116     }
 117
 118         SegmentOffsetType offset = OSSwapBigToHostInt32 (*(u_int32_t*) mSegment);
 119     if (&mSegment[offset] >= mDataMax) {
 120         secdebug("MDSPRIVACY","[%03d] SharedMemoryClient::GetProducerCount offset > mDataMax", mUID);
 121                 CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR);
 122     }
 123
 124     return offset;
 125 }
 126
 127 void SharedMemoryClient::ReadData (void* buffer, SegmentOffsetType length)
 128 {
 129     if (uninitialized()) {
 130         secdebug("MDSPRIVACY","[%03d] ReadData mSegment fail uninitialized: %p", mUID, mSegment);
 131         CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR);
 132     }
 133
 134         u_int8_t* bptr = (u_int8_t*) buffer;
 135
 136         SegmentOffsetType bytesToEnd = (SegmentOffsetType)(mDataMax - mDataPtr);
 137
 138         // figure out how many bytes we can read
 139         SegmentOffsetType bytesToRead = (length <= bytesToEnd) ? length : bytesToEnd;
 140
 141         // move the first part of the data
 142         memcpy (bptr, mDataPtr, bytesToRead);
 143         bptr += bytesToRead;
 144
 145         // see if we have anything else to read
 146         mDataPtr += bytesToRead;
 147
 148         length -= bytesToRead;
 149         if (length != 0)
 150         {
 151                 mDataPtr = mDataArea;
 152                 memcpy(bptr, mDataPtr, length);
 153                 mDataPtr += length;
 154         }
 155 }
 156
 157
 158
 159 SegmentOffsetType SharedMemoryClient::ReadOffset()
 160 {
 161         SegmentOffsetType offset;
 162         ReadData(&offset, sizeof(SegmentOffsetType));
 163         offset = OSSwapBigToHostInt32 (offset);
 164         return offset;
 165 }
 166
 167
 168
 169 bool SharedMemoryClient::ReadMessage (void* message, SegmentOffsetType &length, UnavailableReason &ur)
 170 {
 171         StLock<Mutex> _(mMutex);
 172
 173     if (uninitialized()) {
 174                 secdebug("MDSPRIVACY","[%03d] ReadMessage mSegment fail uninitialized: %p", mUID, mSegment);
 175                 CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR);
 176         }
 177
 178         ur = kURNone;
 179
 180         size_t offset = mDataPtr - mDataArea;
 181         if (offset == GetProducerCount())
 182         {
 183         secdebug("MDSPRIVACY","[%03d] ReadMessage GetProducerCount()", mUID);
 184                 ur = kURNoMessage;
 185                 return false;
 186         }
 187
 188         // get the length of the message in the buffer
 189         length = ReadOffset();
 190
 191         // we have the possibility that data is correct, figure out where the data is actually located
 192         // get the length of the message stored there
 193         if (length == 0 || length >= kPoolAvailableForData)
 194         {
 195         secdebug("MDSPRIVACY","[%03d] ReadMessage length error: %d", mUID, length);
 196         ur = (length == 0) ? kURNoMessage : kURBufferCorrupt;
 197
 198                 // something's gone wrong, reset.
 199                 mDataPtr = mDataArea + GetProducerCount ();
 200                 return false;
 201         }
 202
 203         // read the crc
 204         SegmentOffsetType crc = ReadOffset();
 205
 206         // read the data into the buffer
 207         ReadData (message, length);
 208
 209         // calculate the CRC
 210         SegmentOffsetType crc2 = CalculateCRC((u_int8_t*) message, length);
 211         if (crc != crc2)
 212         {
 213                 ur = kURBufferCorrupt;
 214                 mDataPtr = mDataArea + GetProducerCount ();
 215                 return false;
 216         }
 217
 218         return true;
 219 }
 220
 221 //=================================================================================
 222 //                          SharedMemoryCommon
 223 //=================================================================================
 224
 225 std::string SharedMemoryCommon::SharedMemoryFilePath(const char *segmentName, uid_t uid) {
 226     std::string path;
 227     uid = SharedMemoryCommon::fixUID(uid);
 228     path = SharedMemoryCommon::kMDSMessagesDirectory;   // i.e. /private/var/db/mds/messages/
 229     if (uid != 0) {
 230         path += std::to_string(uid) + "/";              // e.g. /private/var/db/mds/messages/501/
 231     }
 232
 233     path += SharedMemoryCommon::kUserPrefix;            // e.g. /var/db/mds/messages/se_
 234     path += segmentName;                                // e.g. /var/db/mds/messages/501/se_SecurityMessages
 235     return path;
 236 }
 237
 238 std::string SharedMemoryCommon::notificationDescription(int domain, int event) {
 239     string domainstr, eventstr;
 240
 241     switch (domain) {
 242         case Security::SecurityServer::kNotificationDomainAll:        domainstr = "all";      break;
 243         case Security::SecurityServer::kNotificationDomainDatabase:   domainstr = "database"; break;
 244         case Security::SecurityServer::kNotificationDomainPCSC:       domainstr = "pcsc";     break;
 245         case Security::SecurityServer::kNotificationDomainCDSA:       domainstr = "CDSA";     break;
 246         default:
 247             domainstr = "unknown";
 248             break;
 249     }
 250
 251     switch (event) {
 252         case kSecLockEvent:                 eventstr = "lock";              break;
 253         case kSecUnlockEvent:               eventstr = "unlock";            break;
 254         case kSecAddEvent:                  eventstr = "add";               break;
 255         case kSecDeleteEvent:               eventstr = "delete";            break;
 256         case kSecUpdateEvent:               eventstr = "update";            break;
 257         case kSecPasswordChangedEvent:      eventstr = "passwordChange";    break;
 258         case kSecDefaultChangedEvent:       eventstr = "defaultChange";     break;
 259         case kSecDataAccessEvent:           eventstr = "dataAccess";        break;
 260         case kSecKeychainListChangedEvent:  eventstr = "listChange";        break;
 261         case kSecTrustSettingsChangedEvent: eventstr = "trustSettings";     break;
 262         default:
 263             domainstr = "unknown";
 264             break;
 265     }
 266
 267     return "Domain: " + domainstr + ", Event: " + eventstr;
 268 }