SecurityServer/main.cpp

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 //
  20 // SecurityServer - Apple security services daemon.
  21 //
  22 #include "securityserver.h"
  23 #include "server.h"
  24 #include <MacYarrow/yarrowseed.h>
  25
  26 #include <Security/daemon.h>
  27 #include <Security/osxsigner.h>
  28 #include "authority.h"
  29 #include "session.h"
  30
  31 #include <unistd.h>
  32 #include <Security/machserver.h>
  33
  34 #include <sys/types.h>
  35 #include <sys/wait.h>
  36 #include <signal.h>
  37
  38 // ACL subject types (their makers are instantiated here)
  39 #include <Security/acl_any.h>
  40 #include <Security/acl_password.h>
  41 #include <Security/acl_threshold.h>
  42 #include <Security/acl_codesigning.h>
  43 #include <Security/acl_comment.h>
  44 #include "acl_keychain.h"
  45
  46
  47 namespace Security
  48 {
  49
  50 //
  51 // Program options (set by argument scan and environment)
  52 //
  53 uint32 debugMode = 0;
  54
  55 } // end namespace Security
  56
  57
  58 //
  59 // Local functions of the main program driver
  60 //
  61 static void usage(const char *me);
  62 static void handleSIGCHLD(int);
  63 static void handleSIGOther(int);
  64
  65
  66 //
  67 // Main driver
  68 //
  69 int main(int argc, char *argv[])
  70 {
  71         // program arguments (preset to defaults)
  72         bool forceCssmInit = false;
  73         int workerTimeout = 0;
  74         int maxThreads = 0;
  75         const char *authorizationConfig = "/etc/authorization";
  76         const char *bootstrapName = "SecurityServer";
  77
  78         // parse command line arguments
  79         extern char *optarg;
  80         extern int optind;
  81         int arg;
  82         while ((arg = getopt(argc, argv, "a:dfN:t:T:")) != -1) {
  83                 switch (arg) {
  84                 case 'a':
  85                         authorizationConfig = optarg;
  86                         break;
  87                 case 'd':
  88                         debugMode++;
  89                         break;
  90         case 'f':
  91             forceCssmInit = true;
  92             break;
  93                 case 'N':
  94                         bootstrapName = optarg;
  95                         break;
  96                 case 't':
  97                         if ((maxThreads = atoi(optarg)) < 0)
  98                                 maxThreads = 0;
  99                         break;
 100                 case 'T':
 101                         if ((workerTimeout = atoi(optarg)) < 0)
 102                                 workerTimeout = 0;
 103                         break;
 104                 default:
 105                         usage(argv[0]);
 106                 }
 107         }
 108
 109         // take no non-option arguments
 110         if (optind < argc)
 111                 usage(argv[0]);
 112
 113         // configure logging
 114         if (debugMode) {
 115                 Syslog::open(argv[0], LOG_AUTHPRIV, LOG_PERROR);
 116                 Syslog::notice("SecurityServer started in debug mode");
 117         } else {
 118                 Syslog::open(argv[0], LOG_AUTHPRIV, LOG_CONS);
 119         }
 120
 121     // if we're not running as root in production mode, fail
 122     // in debug mode, issue a warning
 123     if (uid_t uid = getuid()) {
 124 #if defined(NDEBUG)
 125         Syslog::alert("Unprivileged SecurityServer aborted (uid=%d)", uid);
 126         fprintf(stderr, "You are not allowed to run SecurityServer\n");
 127         exit(1);
 128 #else
 129         debug("SS", "Running unprivileged (uid=%d); some features may not work", uid);
 130 #endif //NDEBUG
 131     }
 132
 133     // turn into a properly diabolical daemon unless debugMode is on
 134     if (!debugMode && !Daemon::incarnate())
 135         exit(1);
 136
 137         // create a code signing engine
 138         CodeSigning::OSXSigner signer;
 139
 140         // create an Authorization engine
 141         Authority authority(authorizationConfig);
 142
 143         // establish the ACL machinery
 144         new AnyAclSubject::Maker();
 145         new PasswordAclSubject::Maker();
 146         new ThresholdAclSubject::Maker();
 147     new KeychainPromptAclSubject::Maker();
 148     new CommentAclSubject::Maker();
 149     new CodeSignatureAclSubject::Maker(signer);
 150
 151     // create the RootSession object
 152     RootSession rootSession;
 153
 154     // create the main server object and register it
 155         Server server(authority, bootstrapName);
 156
 157     // set server configuration from arguments, if specified
 158         if (workerTimeout)
 159                 server.timeout(workerTimeout);
 160         if (maxThreads)
 161                 server.maxThreads(maxThreads);
 162
 163         // add the RNG seed timer to it
 164     YarrowTimer yarrow(server);
 165
 166     // set up signal handlers
 167     if (signal(SIGCHLD, handleSIGCHLD) == SIG_ERR)
 168         debug("SS", "Cannot ignore SIGCHLD: errno=%d", errno);
 169     if (signal(SIGINT, handleSIGOther) == SIG_ERR)
 170         debug("SS", "Cannot handle SIGINT: errno=%d", errno);
 171     if (signal(SIGTERM, handleSIGOther) == SIG_ERR)
 172         debug("SS", "Cannot handle SIGTERM: errno=%d", errno);
 173
 174     // initialize CSSM now if requested
 175     if (forceCssmInit)
 176         server.loadCssm();
 177
 178         Syslog::notice("Entering service");
 179         debug("SS", "Entering service run loop");
 180         server.run();
 181
 182         // fell out of runloop (should not happen)
 183         Syslog::alert("Aborting");
 184     return 1;
 185 }
 186
 187
 188 //
 189 // Issue usage message and die
 190 //
 191 static void usage(const char *me)
 192 {
 193         fprintf(stderr, "Usage: %s [-df] [-t maxthreads] [-T threadTimeout]"
 194                 "\t[-N bootstrapName] [-a authConfigFile]\n", me);
 195         exit(2);
 196 }
 197
 198
 199 //
 200 // Handle SIGCHLD signals to reap our children (zombie cleanup)
 201 //
 202 static void handleSIGCHLD(int)
 203 {
 204     int status;
 205     switch (pid_t pid = waitpid(-1, &status, WNOHANG)) {
 206     case 0:
 207         debug("SS", "Spurious SIGCHLD ignored");
 208         return;
 209     case -1:
 210         debug("SS", "waitpid after SIGCHLD failed: errno=%d", errno);
 211         return;
 212     default:
 213         debug("SS", "Reaping child pid=%d", pid);
 214         return;
 215     }
 216 }
 217
 218
 219 //
 220 // Handle some other signals to shut down cleanly (and with logging)
 221 //
 222 static void handleSIGOther(int sig)
 223 {
 224     switch (sig) {
 225     case SIGINT:
 226         debug("SS", "Interrupt signal; terminating");
 227         exit(0);
 228     case SIGTERM:
 229         debug("SS", "Termination signal; terminating");
 230         exit(0);
 231     }
 232 }