securityd/src/csproxy.h

   1 /*
   2  * Copyright (c) 2006-2008,2010 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24
  25 //
  26 // csproxy - Code Signing Hosting Proxy
  27 //
  28 #ifndef _H_CSPROXY
  29 #define _H_CSPROXY
  30
  31 #include <security_utilities/casts.h>
  32 #include <security_utilities/cfutilities.h>
  33 #include <security_utilities/debugging_internal.h>
  34 #include <security_cdsa_utilities/handleobject.h>
  35 #include <security_utilities/mach++.h>
  36 #include <security_utilities/machserver.h>
  37 #include <security_cdsa_utilities/cssmdata.h>
  38 #include <securityd_client/cshosting.h>
  39 #include <Security/SecCodeHost.h>
  40 #include <string>
  41 #include <map>
  42
  43 using MachPlusPlus::Port;
  44 using MachPlusPlus::MachServer;
  45
  46
  47 //
  48 // CodeSigningHost is a mix-in for an object representing a primary
  49 // Code Signing host object. It performs two notionally separate functions:
  50 //  (1) Register a hosting port.
  51 //  (2) Optionally, maintain a guest registry to offload the host's work.
  52 //
  53 class CodeSigningHost : private MachServer::Handler {
  54 public:
  55         CodeSigningHost();
  56         ~CodeSigningHost();
  57         void reset();
  58
  59         enum HostingState {
  60                 noHosting,                                      // is not a host (yet), could go either way
  61                 dynamicHosting,                         // gave us its own hosting port to keep
  62                 proxyHosting                            // we act as a proxy for it
  63         };
  64
  65         enum GuestCheck {
  66                 strict,                                         // direct guest relationship required
  67                 loose                                           // indirect or identity is okay (prefix check)
  68         };
  69
  70         struct Guest : public RefCount, public HandleObject {
  71         public:
  72                 ~Guest();
  73                 std::vector<SecGuestRef> guestPath; // guest chain to this guest
  74                 uint32_t status;                        // dynamic status
  75                 std::string path;                       // canonical code path
  76                 CFRef<CFDictionaryRef> attributes; // matching attributes set
  77                 CFRef<CFDataRef> cdhash;        // hash of CodeDirectory as specified by host
  78                 bool dedicated;                         // host is dedicated (and this is the only guest)
  79
  80                 operator bool() const { return attributes; }  // exists
  81                 SecGuestRef guestRef() const { return int_cast<long, SecGuestRef>(handle()); }
  82                 void setAttributes(const CssmData &attrData);
  83                 CFDataRef attrData() const;
  84                 void setHash(const CssmData &given, bool generate);
  85
  86                 bool isGuestOf(Guest *host, GuestCheck check) const;
  87                 bool matches(CFIndex count, CFTypeRef keys[], CFTypeRef values[]) const;
  88
  89                 IFDUMP(void dump() const);
  90
  91         private:
  92                 mutable CFRef<CFDataRef> mAttrData; // XML form of attributes (must live until guest destruction)
  93         };
  94
  95         void registerCodeSigning(mach_port_t hostingPort, SecCSFlags flags);
  96         Port hostingPort() const { return mHostingPort; }
  97
  98         SecGuestRef createGuest(SecGuestRef guest,
  99                 uint32_t status, const char *path,
 100                 const CssmData &cdhash, const CssmData &attributes, SecCSFlags flags);
 101         void setGuestStatus(SecGuestRef guest, uint32_t status, const CssmData &attributes);
 102         void removeGuest(SecGuestRef host, SecGuestRef guest);
 103
 104 public:
 105         IFDUMP(void dump() const);
 106
 107 public:
 108         // internal use only (public for use by MIG handlers)
 109         Guest *findHost(SecGuestRef hostRef); // find most dedicated guest of this host
 110         Guest *findGuest(Guest *host, const CssmData &attrData); // by host and attributes
 111         Guest *findGuest(SecGuestRef guestRef, bool hostOk = false); // by guest reference
 112         Guest *findGuest(Guest *host);          // any guest of this host
 113
 114         class Lock;
 115         friend class Lock;
 116
 117 private:
 118         boolean_t handle(mach_msg_header_t *in, mach_msg_header_t *out);
 119         void eraseGuest(Guest *guest);
 120
 121 private:
 122         mutable Mutex mLock;                            // protects everything below
 123
 124         // host port registry
 125         HostingState mHostingState;                     // status of hosting support
 126         Port mHostingPort;                                      // his or ours or NULL
 127
 128         // guest map (only used if mHostingState == proxyHosting)
 129         typedef std::map<SecGuestRef, RefPointer<Guest> > GuestMap;
 130         GuestMap mGuests;
 131 };
 132
 133
 134 //
 135 // Proxy implementation of Code Signing Hosting protocol
 136 //
 137 #define CSH_ARGS        mach_port_t servicePort, mach_port_t replyPort, OSStatus *rcode
 138
 139 #define DATA_IN(base)   void *base, mach_msg_type_number_t base##Length
 140 #define DATA_OUT(base)  void **base, mach_msg_type_number_t *base##Length
 141 #define DATA(base)              CssmData(base, base##Length)
 142
 143 //
 144 // Find a guest by arbitrary attribute set.
 145 //
 146 // This returns an array of canonical guest references describing the path
 147 // from the host given to the guest found. If the host itself is returned
 148 // as a guest, this will be an empty array (zero length).
 149 //
 150 // The subhost return argument may in the future return the hosting port for
 151 // a guest who dynamically manages its hosting (thus breaking out of proxy mode),
 152 // but this is not yet implemented.
 153 //
 154 kern_return_t cshosting_server_findGuest(CSH_ARGS, SecGuestRef hostRef,
 155                                          DATA_IN(attributes),
 156                                          GuestChain *foundGuest, mach_msg_type_number_t *depth, mach_port_t *subhost);
 157
 158 //
 159 // Retrieve the path to a guest specified by canonical reference.
 160 //
 161 kern_return_t cshosting_server_identifyGuest(CSH_ARGS, SecGuestRef guestRef,
 162                                              char *path, char *hash, uint32_t *hashLength, DATA_OUT(attributes));
 163
 164 //
 165 // Retrieve the status word for a guest specified by canonical reference.
 166 //
 167 kern_return_t cshosting_server_guestStatus(CSH_ARGS, SecGuestRef guestRef, uint32_t *status);
 168
 169 #undef CSH_ARGS
 170 #undef DATA_IN
 171 #undef DATA_OUT
 172 #undef DATA
 173
 174 #endif //_H_CSPROXY