]> git.saurik.com Git - apple/security.git/blob - securityd/src/process.cpp
Security-59306.11.20.tar.gz
[apple/security.git] / securityd / src / process.cpp
1 /*
2 * Copyright (c) 2000-2009,2012 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 //
26 // process - track a single client process and its belongings
27 //
28 #include "process.h"
29 #include "server.h"
30 #include "session.h"
31 #include "tempdatabase.h"
32 #include "child.h" // ServerChild (really UnixPlusPlus::Child)::find()
33
34 #include <security_utilities/ccaudit.h>
35 #include <security_utilities/logging.h> //@@@ debug only
36 #include "agentquery.h"
37
38
39 //
40 // Construct a Process object.
41 //
42 Process::Process(TaskPort taskPort, const ClientSetupInfo *info, const CommonCriteria::AuditToken &audit)
43 : mTaskPort(taskPort), mByteFlipped(false), mPid(audit.pid()), mUid(audit.euid()), mGid(audit.egid()), mAudit(audit)
44 {
45 StLock<Mutex> _(*this);
46 xpc_transaction_begin();
47 // set parent session
48 parent(Session::find(audit.sessionId(), true));
49
50 // let's take a look at our wannabe client...
51
52 // Not enough to make sure we will get the right process, as
53 // pids get recycled. But we will later create the actual SecCode using
54 // the audit token, which is unique to the one instance of the process,
55 // so this just catches a pid mismatch early.
56 if (mTaskPort.pid() != mPid) {
57 secnotice("SecServer", "Task/pid setup mismatch pid=%d task=%d(%d)",
58 mPid, mTaskPort.port(), mTaskPort.pid());
59 CssmError::throwMe(CSSMERR_CSSM_ADDIN_AUTHENTICATE_FAILED); // you lied!
60 }
61
62 setup(info);
63 ClientIdentification::setup(this->audit_token());
64
65 if(!processCode()) {
66 // This can happen if the process died in the meantime.
67 secnotice("SecServer", "no process created in setup, old pid=%d old task=%d(%d)",
68 mPid, mTaskPort.port(), mTaskPort.pid());
69 CssmError::throwMe(CSSMERR_CSSM_ADDIN_AUTHENTICATE_FAILED);
70 }
71
72 // NB: ServerChild::find() should only be used to determine
73 // *existence*. Don't use the returned Child object for anything else,
74 // as it is not protected against its underlying process's destruction.
75 if (this->pid() == getpid() // called ourselves (through some API). Do NOT record this as a "dirty" transaction
76 || ServerChild::find<ServerChild>(this->pid())) // securityd's child; do not mark this txn dirty
77 xpc_transaction_end();
78
79 secinfo("SecServer", "%p client new: pid:%d session:%d %s taskPort:%d uid:%d gid:%d", this, this->pid(), this->session().sessionId(),
80 (char *)codePath(this->processCode()).c_str(), taskPort.port(), mUid, mGid);
81 }
82
83
84 //
85 // Screen a process setup request for an existing process.
86 // This means the client has requested intialization even though we remember having
87 // talked to it in the past. This could either be an exec(2), or the client could just
88 // have forgotten all about its securityd client state. Or it could be an attack...
89 //
90 void Process::reset(TaskPort taskPort, const ClientSetupInfo *info, const CommonCriteria::AuditToken &audit)
91 {
92 StLock<Mutex> _(*this);
93 if (taskPort != mTaskPort) {
94 secnotice("SecServer", "Process %p(%d) reset mismatch (tp %d-%d)",
95 this, pid(), taskPort.port(), mTaskPort.port());
96 //@@@ CssmError::throwMe(CSSM_ERRCODE_VERIFICATION_FAILURE); // liar
97 }
98 setup(info);
99 CFCopyRef<SecCodeRef> oldCode = processCode();
100
101 ClientIdentification::setup(this->audit_token()); // re-constructs processCode()
102 if (CFEqual(oldCode, processCode())) {
103 secnotice("SecServer", "%p Client reset amnesia", this);
104 } else {
105 secnotice("SecServer", "%p Client reset full", this);
106 }
107 }
108
109
110 //
111 // Common set processing
112 //
113 void Process::setup(const ClientSetupInfo *info)
114 {
115 // process setup info
116 assert(info);
117 uint32 pversion;
118 if (info->order == 0x1234) { // right side up
119 pversion = info->version;
120 mByteFlipped = false;
121 } else if (info->order == 0x34120000) { // flip side up
122 pversion = flip(info->version);
123 mByteFlipped = true;
124 } else // non comprende
125 CssmError::throwMe(CSSM_ERRCODE_INCOMPATIBLE_VERSION);
126
127 // check wire protocol version
128 if (pversion != SSPROTOVERSION)
129 CssmError::throwMe(CSSM_ERRCODE_INCOMPATIBLE_VERSION);
130 }
131
132
133 //
134 // Clean up a Process object
135 //
136 Process::~Process()
137 {
138 secinfo("SecServer", "%p client release: %d", this, this->pid());
139
140 // release our name for the process's task port
141 if (mTaskPort) {
142 mTaskPort.deallocate();
143 }
144 xpc_transaction_end();
145 }
146
147 void Process::kill()
148 {
149 StLock<Mutex> _(*this);
150
151 // release local temp store
152 mLocalStore = NULL;
153
154 // standard kill processing
155 PerProcess::kill();
156 }
157
158
159 Session& Process::session() const
160 {
161 return parent<Session>();
162 }
163
164
165 void Process::checkSession(const audit_token_t &auditToken)
166 {
167 Security::CommonCriteria::AuditToken audit(auditToken);
168 if (audit.sessionId() != this->session().sessionId())
169 this->changeSession(audit.sessionId());
170 }
171
172
173 LocalDatabase &Process::localStore()
174 {
175 StLock<Mutex> _(*this);
176 if (!mLocalStore)
177 mLocalStore = new TempDatabase(*this);
178 return *mLocalStore;
179 }
180
181 Key *Process::makeTemporaryKey(const CssmKey &key, CSSM_KEYATTR_FLAGS moreAttributes,
182 const AclEntryPrototype *owner)
183 {
184 return safer_cast<TempDatabase&>(localStore()).makeKey(key, moreAttributes, owner);
185 }
186
187
188 //
189 // Change the session of a process.
190 // This is the result of SessionCreate from a known process client.
191 //
192 void Process::changeSession(Session::SessionId sessionId)
193 {
194 // re-parent
195 parent(Session::find(sessionId, true));
196 secnotice("SecServer", "%p client change session to %d", this, this->session().sessionId());
197 }
198
199
200 //
201 // Debug dump support
202 //
203 #if defined(DEBUGDUMP)
204
205 void Process::dumpNode()
206 {
207 PerProcess::dumpNode();
208 if (mByteFlipped)
209 Debug::dump(" FLIPPED");
210 Debug::dump(" task=%d pid=%d uid/gid=%d/%d",
211 mTaskPort.port(), mPid, mUid, mGid);
212 ClientIdentification::dump();
213 }
214
215 #endif //DEBUGDUMP