SecurityServer/process.cpp

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 //
  20 // process - track a single client process and its belongings
  21 //
  22 #include "process.h"
  23 #include "server.h"
  24 #include "session.h"
  25 #include "authority.h"
  26
  27
  28 //
  29 // Construct a Process object.
  30 //
  31 Process::Process(TaskPort taskPort, const char *identity, uid_t uid, gid_t gid)
  32  :  session(Session::find(taskPort.bootstrap())), mBusyCount(0), mDying(false),
  33         mTaskPort(taskPort), mUid(uid), mGid(gid)
  34 {
  35     // let's take a look at our wannabe client...
  36     mPid = mTaskPort.pid();
  37
  38     // register with the session
  39     session.addProcess(this);
  40
  41         // identify the client-on-disk
  42         // @@@ do this lazily on first use?
  43         // @@@ note that the paradigm will shift here when kernel-supported id happens
  44         mClientCode = CodeSigning::OSXCode::decode(identity);
  45
  46         debug("SS", "New process %p(%d) uid=%d gid=%d session=%p TP=%d for %s",
  47                 this, mPid, mUid, mGid, &session,
  48         mTaskPort.port(), identity ? identity : "(unknown)");
  49 }
  50
  51 Process::Process(Process &prior)
  52  :      session(Session::find(prior.mTaskPort.bootstrap())), mBusyCount(0), mDying(false),
  53     mTaskPort(prior.mTaskPort), mUid(prior.mUid), mGid(prior.mGid)
  54 {
  55     // copy more
  56     mPid = prior.mPid;
  57
  58     // register with the session
  59     session.addProcess(this);
  60
  61     // copy the client-code id (and clear it in the prior so it doesn't get destroyed there)
  62     mClientCode = prior.mClientCode;
  63     prior.mClientCode = NULL;
  64     prior.mTaskPort = Port();
  65
  66     debug("SS", "Process %p(%d) recloned uid=%d gid=%d session=%p",
  67         this, mPid, mUid, mGid, &session);
  68 }
  69
  70
  71 Process::~Process()
  72 {
  73         assert(mBusyCount == 0);        // mustn't die with Connections referencing us
  74
  75         // tell all our authorizations that we're gone
  76         IFDEBUG(if (!mAuthorizations.empty())
  77                 debug("SS", "Process %p(%d) clearing %d authorizations",
  78                         this, mPid, int(mAuthorizations.size())));
  79         for (AuthorizationSet::iterator it = mAuthorizations.begin();
  80                         it != mAuthorizations.end(); it++) {
  81         AuthorizationToken *auth = *it;
  82         if (removeAuthorization(auth))
  83             delete auth;
  84     }
  85
  86     // remove all database handles that belong to this process
  87     IFDEBUG(if (!mDatabases.empty())
  88         debug("SS", "Process %p(%d) clearing %d database handles",
  89             this, mPid, int(mDatabases.size())));
  90     for (DatabaseSet::iterator it = mDatabases.begin();
  91             it != mDatabases.end(); it++)
  92         delete *it;
  93
  94         // no need to lock here; the client process has no more active threads
  95         debug("SS", "Process %p(%d) has died", this, mPid);
  96
  97         if (mTaskPort)
  98         mTaskPort.destroy();    // either dead or taken by reclone
  99         delete mClientCode;
 100
 101     // deregister from session
 102     if (session.removeProcess(this))
 103         delete &session;
 104 }
 105
 106 bool Process::kill()
 107 {
 108         if (mBusyCount == 0) {
 109                 return true;    // destroy me now
 110         } else {
 111                 debug("SS", "Process %p(%d) destruction deferred for %d busy connections",
 112                         this, mPid, int(mBusyCount));
 113                 mDying = true;
 114                 return false;   // destroy me later
 115         }
 116 }
 117
 118
 119 //
 120 // Given a task port, determine which session it belongs to.
 121 // @@@ Very preliminary, pending true session implementation.
 122 //
 123 Session &Process::sessionForPort(TaskPort taskPort)
 124 {
 125     return Session::find(taskPort.bootstrap());
 126 }
 127
 128
 129 //
 130 // Connection management
 131 //
 132 void Process::beginConnection(Connection &)
 133 {
 134         StLock<Mutex> _(mLock);
 135         mBusyCount++;
 136 }
 137
 138 bool Process::endConnection(Connection &)
 139 {
 140         StLock<Mutex> _(mLock);
 141         return --mBusyCount == 0 && mDying;
 142 }
 143
 144
 145 //
 146 // Database management
 147 //
 148 void Process::addDatabase(Database *database)
 149 {
 150     StLock<Mutex> _(mLock);
 151     mDatabases.insert(database);
 152 }
 153
 154 void Process::removeDatabase(Database *database)
 155 {
 156     StLock<Mutex> _(mLock);
 157     assert(mDatabases.find(database) != mDatabases.end());
 158     mDatabases.erase(database);
 159 }
 160
 161
 162 //
 163 // Verify the code signature of the a process's on-disk source.
 164 // @@@ In a truly secure solution, we would ask the OS to verify this.
 165 // @@@ Only the OS knows for sure what disk file (if any) originated a process.
 166 // @@@ In the meantime, we fake it.
 167 //
 168 bool Process::verifyCodeSignature(const CodeSigning::Signature *signature)
 169 {
 170         if (mClientCode)
 171                 return Server::signer().verify(*mClientCode, signature);
 172         else
 173                 return false;   // identity not known; can't verify
 174 }
 175
 176
 177 //
 178 // Authorization set maintainance
 179 //
 180 void Process::addAuthorization(AuthorizationToken *auth)
 181 {
 182         assert(auth);
 183         StLock<Mutex> _(mLock);
 184         mAuthorizations.insert(auth);
 185         auth->addProcess(*this);
 186 }
 187
 188 bool Process::removeAuthorization(AuthorizationToken *auth)
 189 {
 190         assert(auth);
 191         StLock<Mutex> _(mLock);
 192         // we do everything with a single set lookup call...
 193         typedef AuthorizationSet::iterator Iter;
 194         pair<Iter, Iter> range = mAuthorizations.equal_range(auth);
 195         assert(range.first != mAuthorizations.end());
 196         Iter next = range.first; next++;        // next element after first hit
 197         mAuthorizations.erase(range.first);     // erase first hit
 198         if (next == range.second) {                     // if no more hits...
 199                 if (auth->endProcess(*this))    // ... tell it to remove us,
 200                         return true;                            // ... and tell the caller
 201         }
 202         return false;                                           // keep the auth; it's still in use
 203 }