securityd/src/csproxy.h

   1 /*
   2  * Copyright (c) 2006-2008,2010 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24
  25 //
  26 // csproxy - Code Signing Hosting Proxy
  27 //
  28 #ifndef _H_CSPROXY
  29 #define _H_CSPROXY
  30
  31 #include <security_utilities/cfutilities.h>
  32 #include <security_cdsa_utilities/handleobject.h>
  33 #include <security_utilities/mach++.h>
  34 #include <security_utilities/machserver.h>
  35 #include <security_cdsa_utilities/cssmdata.h>
  36 #include <Security/SecCodeHost.h>
  37 #include <string>
  38 #include <map>
  39
  40 using MachPlusPlus::Port;
  41 using MachPlusPlus::MachServer;
  42
  43
  44 //
  45 // CodeSigningHost is a mix-in for an object representing a primary
  46 // Code Signing host object. It performs two notionally separate functions:
  47 //  (1) Register a hosting port.
  48 //  (2) Optionally, maintain a guest registry to offload the host's work.
  49 //
  50 class CodeSigningHost : private MachServer::Handler {
  51 public:
  52         CodeSigningHost();
  53         ~CodeSigningHost();
  54         void reset();
  55
  56         enum HostingState {
  57                 noHosting,                                      // is not a host (yet), could go either way
  58                 dynamicHosting,                         // gave us its own hosting port to keep
  59                 proxyHosting                            // we act as a proxy for it
  60         };
  61
  62         enum GuestCheck {
  63                 strict,                                         // direct guest relationship required
  64                 loose                                           // indirect or identity is okay (prefix check)
  65         };
  66
  67         struct Guest : public RefCount, public HandleObject {
  68         public:
  69                 ~Guest();
  70                 std::vector<SecGuestRef> guestPath; // guest chain to this guest
  71                 uint32_t status;                        // dynamic status
  72                 std::string path;                       // canonical code path
  73                 CFRef<CFDictionaryRef> attributes; // matching attributes set
  74                 CFRef<CFDataRef> cdhash;        // hash of CodeDirectory as specified by host
  75                 bool dedicated;                         // host is dedicated (and this is the only guest)
  76
  77                 operator bool() const { return attributes; }  // exists
  78                 SecGuestRef guestRef() const { return handle(); }
  79                 void setAttributes(const CssmData &attrData);
  80                 CFDataRef attrData() const;
  81                 void setHash(const CssmData &given, bool generate);
  82
  83                 bool isGuestOf(Guest *host, GuestCheck check) const;
  84                 bool matches(CFIndex count, CFTypeRef keys[], CFTypeRef values[]) const;
  85
  86                 IFDUMP(void dump() const);
  87
  88         private:
  89                 mutable CFRef<CFDataRef> mAttrData; // XML form of attributes (must live until guest destruction)
  90         };
  91
  92         void registerCodeSigning(mach_port_t hostingPort, SecCSFlags flags);
  93         Port hostingPort() const { return mHostingPort; }
  94
  95         SecGuestRef createGuest(SecGuestRef guest,
  96                 uint32_t status, const char *path,
  97                 const CssmData &cdhash, const CssmData &attributes, SecCSFlags flags);
  98         void setGuestStatus(SecGuestRef guest, uint32_t status, const CssmData &attributes);
  99         void removeGuest(SecGuestRef host, SecGuestRef guest);
 100
 101 public:
 102         IFDUMP(void dump() const);
 103
 104 public:
 105         // internal use only (public for use by MIG handlers)
 106         Guest *findHost(SecGuestRef hostRef); // find most dedicated guest of this host
 107         Guest *findGuest(Guest *host, const CssmData &attrData); // by host and attributes
 108         Guest *findGuest(SecGuestRef guestRef, bool hostOk = false); // by guest reference
 109         Guest *findGuest(Guest *host);          // any guest of this host
 110
 111         class Lock;
 112         friend class Lock;
 113
 114 private:
 115         boolean_t handle(mach_msg_header_t *in, mach_msg_header_t *out);
 116         void eraseGuest(Guest *guest);
 117
 118 private:
 119         mutable Mutex mLock;                            // protects everything below
 120
 121         // host port registry
 122         HostingState mHostingState;                     // status of hosting support
 123         Port mHostingPort;                                      // his or ours or NULL
 124
 125         // guest map (only used if mHostingState == proxyHosting)
 126         typedef std::map<SecGuestRef, RefPointer<Guest> > GuestMap;
 127         GuestMap mGuests;
 128 };
 129
 130
 131 #endif //_H_CSPROXY