2 * Copyright (c) 2000-2009,2014 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
26 // securityd - Apple security services daemon.
28 #include <securityd_client/ucsp.h>
32 #include "notifications.h"
33 #include "pcscmonitor.h"
34 #include "auditevents.h"
37 #include <security_utilities/daemon.h>
38 #include <security_utilities/machserver.h>
39 #include <security_utilities/logging.h>
41 #include <Security/SecKeychainPriv.h>
44 #include <sys/types.h>
48 // ACL subject types (their makers are instantiated here)
49 #include <security_cdsa_utilities/acl_any.h>
50 #include <security_cdsa_utilities/acl_password.h>
51 #include <security_cdsa_utilities/acl_prompted.h>
52 #include <security_cdsa_utilities/acl_protectedpw.h>
53 #include <security_cdsa_utilities/acl_threshold.h>
54 #include <security_cdsa_utilities/acl_codesigning.h>
55 #include <security_cdsa_utilities/acl_process.h>
56 #include <security_cdsa_utilities/acl_comment.h>
57 #include <security_cdsa_utilities/acl_preauth.h>
58 #include "acl_keychain.h"
59 #include "acl_partition.h"
63 // Local functions of the main program driver
65 static void usage(const char *me
) __attribute__((noreturn
));
66 static void handleSignals(int sig
);
67 static PCSCMonitor::ServiceLevel
scOptions(const char *optionString
);
70 static Port gMainServerPort
;
77 int main(int argc
, char *argv
[])
79 // clear the umask - we know what we're doing
80 secnotice("SS", "starting umask was 0%o", ::umask(0));
83 // tell the keychain (client) layer to turn off the server interface
84 SecKeychainSetServerMode();
86 // program arguments (preset to defaults)
87 bool debugMode
= false;
88 const char *bootstrapName
= NULL
;
89 const char* messagingName
= SharedMemoryCommon::kDefaultSecurityMessagesName
;
91 bool reExecute
= false;
92 int workerTimeout
= 0;
94 bool waitForClients
= true;
95 bool mdsIsInstalled
= false;
96 const char *tokenCacheDir
= "/var/db/TokenCache";
97 const char *smartCardOptions
= getenv("SMARTCARDS");
98 uint32_t keychainAclDefault
= CSSM_ACL_KEYCHAIN_PROMPT_INVALID
| CSSM_ACL_KEYCHAIN_PROMPT_UNSIGNED
;
99 unsigned int verbose
= 0;
101 // check for the Installation-DVD environment and modify some default arguments if found
102 if (access("/etc/rc.cdrom", F_OK
) == 0) { // /etc/rc.cdrom exists
103 secnotice("SS", "starting in installmode");
104 smartCardOptions
= "off"; // needs writable directories that aren't
107 // parse command line arguments
111 while ((arg
= getopt(argc
, argv
, "c:dE:imN:s:t:T:uvWX")) != -1) {
114 tokenCacheDir
= optarg
;
120 /* was entropyFile, kept to preserve ABI */
123 keychainAclDefault
&= ~CSSM_ACL_KEYCHAIN_PROMPT_INVALID
;
126 mdsIsInstalled
= true;
129 bootstrapName
= optarg
;
132 smartCardOptions
= optarg
;
135 if ((maxThreads
= atoi(optarg
)) < 0)
139 if ((workerTimeout
= atoi(optarg
)) < 0)
143 waitForClients
= false;
146 keychainAclDefault
&= ~CSSM_ACL_KEYCHAIN_PROMPT_UNSIGNED
;
160 // take no non-option arguments
164 // figure out the bootstrap name
165 if (!bootstrapName
) {
166 bootstrapName
= getenv(SECURITYSERVER_BOOTSTRAP_ENV
);
169 bootstrapName
= SECURITYSERVER_BOOTSTRAP_NAME
;
173 #ifndef __clang_analyzer__
174 messagingName
= bootstrapName
;
180 #ifndef __clang_analyzer__
181 messagingName
= bootstrapName
;
185 // configure logging first
187 Syslog::open(bootstrapName
, LOG_AUTHPRIV
, LOG_PERROR
);
188 Syslog::notice("%s started in debug mode", argv
[0]);
190 Syslog::open(bootstrapName
, LOG_AUTHPRIV
, LOG_CONS
);
193 // if we're not running as root in production mode, fail
194 // in debug mode, issue a warning
195 if (uid_t uid
= getuid()) {
197 Syslog::alert("Tried to run securityd as user %d: aborted", uid
);
198 fprintf(stderr
, "You are not allowed to run securityd\n");
201 fprintf(stderr
, "securityd is unprivileged (uid=%d); some features may not work.\n", uid
);
205 // turn into a properly diabolical daemon unless debugMode is on
206 if (!debugMode
&& getppid() != 1) {
207 if (!Daemon::incarnate(doFork
))
208 exit(1); // can't daemonize
210 if (reExecute
&& !Daemon::executeSelf(argv
))
211 exit(1); // can't self-execute
214 // arm signal handlers; code below may generate signals we want to see
215 if (signal(SIGCHLD
, handleSignals
) == SIG_ERR
216 || signal(SIGINT
, handleSignals
) == SIG_ERR
217 || signal(SIGTERM
, handleSignals
) == SIG_ERR
218 || signal(SIGPIPE
, handleSignals
) == SIG_ERR
220 || signal(SIGUSR1
, handleSignals
) == SIG_ERR
222 || signal(SIGUSR2
, handleSignals
) == SIG_ERR
) {
227 // The clang static analyzer isn't a big fan of our "object creation hooks object into global pointer graph" model.
228 // Tell it not to worry.
229 #ifndef __clang_analyzer__
230 // introduce all supported ACL subject types
231 new AnyAclSubject::Maker();
232 new PasswordAclSubject::Maker();
233 new ProtectedPasswordAclSubject::Maker();
234 new PromptedAclSubject::Maker();
235 new ThresholdAclSubject::Maker();
236 new CommentAclSubject::Maker();
237 new ProcessAclSubject::Maker();
238 new CodeSignatureAclSubject::Maker();
239 new KeychainPromptAclSubject::Maker(keychainAclDefault
);
240 new PartitionAclSubject::Maker();
241 new PreAuthorizationAcls::OriginMaker();
242 new PreAuthorizationAcls::SourceMaker();
244 // establish the code equivalents database
245 CodeSignatures codeSignatures
;
248 // create the main server object and register it
249 Server
server(codeSignatures
, bootstrapName
);
251 // Remember the primary service port to send signal events to
252 gMainServerPort
= server
.primaryServicePort();
254 // set server configuration from arguments, if specified
256 server
.timeout(workerTimeout
);
258 server
.maxThreads(maxThreads
);
259 server
.floatingThread(true);
260 server
.waitForClients(waitForClients
);
261 server
.verbosity(verbose
);
263 // create a smartcard monitor to manage external token devices
264 gPCSC
= new PCSCMonitor(server
, tokenCacheDir
, scOptions(smartCardOptions
));
266 // create the RootSession object (if -d, give it graphics and tty attributes)
267 RootSession
rootSession(debugMode
? (sessionHasGraphicAccess
| sessionHasTTY
) : 0, server
);
269 // create a monitor thread to watch for audit session events
270 AuditMonitor
audits(gMainServerPort
);
273 // install MDS (if needed) and initialize the local CSSM
274 server
.loadCssm(mdsIsInstalled
);
276 #ifndef __clang_analyzer__
277 // create the shared memory notification hub
278 new SharedMemoryListener(messagingName
, kSharedMemoryPoolSize
);
282 // okay, we're ready to roll
283 secnotice("SS", "Entering service as %s", (char*)bootstrapName
);
284 Syslog::notice("Entering service");
289 // fell out of runloop (should not happen)
290 Syslog::alert("Aborting");
296 // Issue usage message and die
298 static void usage(const char *me
)
300 fprintf(stderr
, "Usage: %s [-dwX]"
301 "\n\t[-c tokencache] smartcard token cache directory"
302 "\n\t[-e equivDatabase] path to code equivalence database"
303 "\n\t[-N serviceName] MACH service name"
304 "\n\t[-s off|on|conservative|aggressive] smartcard operation level"
305 "\n\t[-t maxthreads] [-T threadTimeout] server thread control"
312 // Translate strings (e.g. "conservative") into PCSCMonitor service levels
314 static PCSCMonitor::ServiceLevel
scOptions(const char *optionString
)
317 if (!strcmp(optionString
, "off"))
318 return PCSCMonitor::forcedOff
;
319 else if (!strcmp(optionString
, "on"))
320 return PCSCMonitor::externalDaemon
;
321 else if (!strcmp(optionString
, "conservative"))
322 return PCSCMonitor::externalDaemon
;
323 else if (!strcmp(optionString
, "aggressive"))
324 return PCSCMonitor::externalDaemon
;
325 else if (!strcmp(optionString
, "external"))
326 return PCSCMonitor::externalDaemon
;
330 return PCSCMonitor::externalDaemon
;
336 // We send ourselves a message (through the "self" service), so actual
337 // actions happen on the normal event loop path. Note that another thread
338 // may be picking up the message immediately.
340 static void handleSignals(int sig
)
342 (void)self_client_handleSignal(gMainServerPort
, mach_task_self(), sig
);