SecurityServer/server.h

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 //
  20 // server - the actual Server object
  21 //
  22 #ifndef _H_SERVER
  23 #define _H_SERVER
  24
  25 #include "securityserver.h"
  26 #include <Security/machserver.h>
  27 #include <Security/powerwatch.h>
  28 #include <Security/cssmclient.h>
  29 #include <Security/cspclient.h>
  30 #include <Security/osxsigner.h>
  31 #include <Security/devrandom.h>
  32 #include <Security/uniformrandom.h>
  33 #include "codesigdb.h"
  34 #include "connection.h"
  35 #include "key.h"
  36 #include "xdatabase.h"
  37 #include "authority.h"
  38 #include <map>
  39 #include "ccaudit.h"
  40
  41 #define EQUIVALENCEDBPATH "/var/db/CodeEquivalenceDatabase"
  42
  43
  44 class Server : public MachPlusPlus::MachServer,
  45                public UniformRandomBlobs<DevRandomGenerator> {
  46 public:
  47         Server(Authority &myAuthority, CodeSignatures &signatures, const char *bootstrapName);
  48         ~Server();
  49
  50     // run the server until it shuts down
  51         void run();
  52
  53     //
  54     // Retrieve pieces of the Server's object web.
  55     // These are all static methods that use the active() Server of this thread.
  56     //
  57         static Server &active() { return safer_cast<Server &>(MachServer::active()); }
  58         static const char *bootstrapName() { return active().mBootstrapName.c_str(); }
  59
  60         static Connection &connection(mach_port_t replyPort);
  61         static Connection &connection(bool tolerant = false);
  62         static void requestComplete();
  63
  64         static Key &key(KeyHandle key)
  65         { return findHandle<Key>(key, CSSMERR_CSP_INVALID_KEY_REFERENCE); }
  66     static Key *optionalKey(KeyHandle k) { return (k == noKey) ? NULL : &key(k); }
  67         static Database &database(DbHandle db)
  68         { return findHandle<Database>(db, CSSMERR_DL_INVALID_DB_HANDLE); }
  69         static Database *optionalDatabase(DbHandle db) { return db ? &database(db) : NULL; }
  70     static Authority &authority() { return active().mAuthority; }
  71         static CodeSignatures &codeSignatures() { return active().mCodeSignatures; }
  72         static SecurityServerAcl &aclBearer(AclKind kind, CSSM_HANDLE handle);
  73         static CssmClient::CSP &csp() { return active().getCsp(); }
  74
  75         void loadCssm();
  76
  77 public:
  78         // set up a new connection
  79         enum ConnectLevel {
  80                 connectNewSession,
  81                 connectNewProcess,
  82                 connectNewThread
  83         };
  84         void setupConnection(ConnectLevel type, Port servicePort, Port replyPort, Port taskPort,
  85         const audit_token_t &auditToken,
  86         const ClientSetupInfo *info = NULL, const char *executablePath = NULL);
  87
  88         void endConnection(Port replyPort);
  89
  90         static void releaseWhenDone(CssmAllocator &alloc, void *memory)
  91         { MachServer::active().releaseWhenDone(alloc, memory); }
  92         static void releaseWhenDone(void *memory)
  93         { releaseWhenDone(CssmAllocator::standard(), memory); }
  94
  95 protected:
  96     // implementation methods of MachServer
  97         boolean_t handle(mach_msg_header_t *in, mach_msg_header_t *out);
  98         void notifyDeadName(Port port);
  99         void notifyNoSenders(Port port, mach_port_mscount_t);
 100
 101 private:
 102     class SleepWatcher : public MachPlusPlus::PortPowerWatcher {
 103     public:
 104         void systemWillSleep();
 105     };
 106     SleepWatcher sleepWatcher;
 107
 108     void initAudit(void);
 109
 110 private:
 111         Mutex lock;                                     // master lock
 112
 113         // mach bootstrap registration name
 114         std::string mBootstrapName;
 115
 116         // map of connections (by client reply port)
 117         typedef map<mach_port_t, Connection *> ConnectionMap;
 118         ConnectionMap connections;
 119
 120         // map of processes (by process task port)
 121         typedef map<mach_port_t, Process *> ProcessMap;
 122         ProcessMap processes;
 123
 124         // Current connection, if any (per thread).
 125         // Set as a side effect of calling connection(mach_port_t)
 126         // and returned by connection(bool).
 127         PerThreadPointer<Connection> mCurrentConnection;
 128
 129     // CSSM components
 130     CssmClient::Cssm mCssm;                             // CSSM instance
 131     CssmClient::Module mCSPModule;              // CSP module
 132         CssmClient::CSP mCSP;                           // CSP attachment
 133     CssmClient::CSP &getCsp();                  // lazily initialize, then return CSP attachment
 134
 135         Authority &mAuthority;
 136         CodeSignatures &mCodeSignatures;
 137
 138     // Per-process audit initialization.
 139     CommonCriteria::AuditSession mAudit;
 140 };
 141
 142 #endif //_H_SERVER