securityd/src/csproxy.h

   1 /*
   2  * Copyright (c) 2006-2008,2010 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24
  25 //
  26 // csproxy - Code Signing Hosting Proxy
  27 //
  28 #ifndef _H_CSPROXY
  29 #define _H_CSPROXY
  30
  31 #include <security_utilities/casts.h>
  32 #include <security_utilities/cfutilities.h>
  33 #include <security_utilities/debugging_internal.h>
  34 #include <security_cdsa_utilities/handleobject.h>
  35 #include <security_utilities/mach++.h>
  36 #include <security_utilities/machserver.h>
  37 #include <security_cdsa_utilities/cssmdata.h>
  38 #include <securityd_client/cshosting.h>
  39 #include <Security/SecCodeHost.h>
  40 #include <string>
  41 #include <map>
  42
  43 using MachPlusPlus::Port;
  44 using MachPlusPlus::MachServer;
  45
  46
  47 //
  48 // CodeSigningHost is a mix-in for an object representing a primary
  49 // Code Signing host object. It performs two notionally separate functions:
  50 //  (1) Register a hosting port.
  51 //  (2) Optionally, maintain a guest registry to offload the host's work.
  52 //
  53 class CodeSigningHost : private MachServer::Handler {
  54 public:
  55         CodeSigningHost();
  56         ~CodeSigningHost();
  57         void reset();
  58
  59         enum HostingState {
  60                 noHosting,                                      // is not a host (yet), could go either way
  61                 dynamicHosting,                         // gave us its own hosting port to keep
  62                 proxyHosting                            // we act as a proxy for it
  63         };
  64
  65         enum GuestCheck {
  66                 strict,                                         // direct guest relationship required
  67                 loose                                           // indirect or identity is okay (prefix check)
  68         };
  69
  70         struct Guest : public RefCount, public HandleObject {
  71         public:
  72         Guest();
  73                 ~Guest();
  74                 std::vector<SecGuestRef> guestPath; // guest chain to this guest
  75                 uint32_t status;                        // dynamic status
  76                 std::string path;                       // canonical code path
  77                 CFRef<CFDictionaryRef> attributes; // matching attributes set
  78                 CFRef<CFDataRef> cdhash;        // hash of CodeDirectory as specified by host
  79                 bool dedicated;                         // host is dedicated (and this is the only guest)
  80
  81                 operator bool() const { return attributes; }  // exists
  82                 SecGuestRef guestRef() const { return int_cast<long, SecGuestRef>(handle()); }
  83                 void setAttributes(const CssmData &attrData);
  84         uint8_t const *attrData() const  { createAttrData(); return mAttrData; };
  85         CFIndex attrDataLength() const { createAttrData(); return mAttrDataLength; };
  86                 void setHash(const CssmData &given, bool generate);
  87
  88                 bool isGuestOf(Guest *host, GuestCheck check) const;
  89                 bool matches(CFIndex count, CFTypeRef keys[], CFTypeRef values[]) const;
  90
  91                 IFDUMP(void dump() const);
  92
  93         private:
  94         void createAttrData() const;
  95
  96                 mutable uint8_t *mAttrData; // XML form of attributes (vm_allocate'd, must live until guest destruction)
  97         mutable CFIndex mAttrDataLength;
  98         };
  99
 100         void registerCodeSigning(mach_port_t hostingPort, SecCSFlags flags);
 101         Port hostingPort() const { return mHostingPort; }
 102
 103         SecGuestRef createGuest(SecGuestRef guest,
 104                 uint32_t status, const char *path,
 105                 const CssmData &cdhash, const CssmData &attributes, SecCSFlags flags);
 106         void setGuestStatus(SecGuestRef guest, uint32_t status, const CssmData &attributes);
 107         void removeGuest(SecGuestRef host, SecGuestRef guest);
 108
 109 public:
 110         IFDUMP(void dump() const);
 111
 112 public:
 113         // internal use only (public for use by MIG handlers)
 114         Guest *findHost(SecGuestRef hostRef); // find most dedicated guest of this host
 115         Guest *findGuest(Guest *host, const CssmData &attrData); // by host and attributes
 116         Guest *findGuest(SecGuestRef guestRef, bool hostOk = false); // by guest reference
 117         Guest *findGuest(Guest *host);          // any guest of this host
 118
 119         class Lock;
 120         friend class Lock;
 121
 122 private:
 123         boolean_t handle(mach_msg_header_t *in, mach_msg_header_t *out);
 124         void eraseGuest(Guest *guest);
 125
 126 private:
 127         mutable Mutex mLock;                            // protects everything below
 128
 129         // host port registry
 130         HostingState mHostingState;                     // status of hosting support
 131         Port mHostingPort;                                      // his or ours or NULL
 132
 133         // guest map (only used if mHostingState == proxyHosting)
 134         typedef std::map<SecGuestRef, RefPointer<Guest> > GuestMap;
 135         GuestMap mGuests;
 136 };
 137
 138
 139 //
 140 // Proxy implementation of Code Signing Hosting protocol
 141 //
 142 #define CSH_ARGS        mach_port_t servicePort, mach_port_t replyPort, OSStatus *rcode
 143
 144 #define DATA_IN(base)   void *base, mach_msg_type_number_t base##Length
 145 #define DATA_OUT(base)  void **base, mach_msg_type_number_t *base##Length
 146 #define DATA(base)              CssmData(base, base##Length)
 147
 148 //
 149 // Find a guest by arbitrary attribute set.
 150 //
 151 // This returns an array of canonical guest references describing the path
 152 // from the host given to the guest found. If the host itself is returned
 153 // as a guest, this will be an empty array (zero length).
 154 //
 155 // The subhost return argument may in the future return the hosting port for
 156 // a guest who dynamically manages its hosting (thus breaking out of proxy mode),
 157 // but this is not yet implemented.
 158 //
 159 kern_return_t cshosting_server_findGuest(CSH_ARGS, SecGuestRef hostRef,
 160                                          DATA_IN(attributes),
 161                                          GuestChain *foundGuest, mach_msg_type_number_t *depth, mach_port_t *subhost);
 162
 163 //
 164 // Retrieve the path to a guest specified by canonical reference.
 165 //
 166 kern_return_t cshosting_server_identifyGuest(CSH_ARGS, SecGuestRef guestRef,
 167                                              char *path, char *hash, uint32_t *hashLength, DATA_OUT(attributes));
 168
 169 //
 170 // Retrieve the status word for a guest specified by canonical reference.
 171 //
 172 kern_return_t cshosting_server_guestStatus(CSH_ARGS, SecGuestRef guestRef, uint32_t *status);
 173
 174 #undef CSH_ARGS
 175 #undef DATA_IN
 176 #undef DATA_OUT
 177 #undef DATA
 178
 179 #endif //_H_CSPROXY