Security-59306.61.1.tar.gz

[apple/security.git] / securityd / src / process.cpp

diff --git a/securityd/src/process.cpp b/securityd/src/process.cpp
index 1206b157ecd0a1be07d82641ce5784eeaf2f4d43..9ab05df82cf75ed20e2f3bca061702bb09256366 100644 (file)
--- a/securityd/src/process.cpp
+++ b/securityd/src/process.cpp
@@ -40,29 +40,41 @@
 // Construct a Process object.
 //
 Process::Process(TaskPort taskPort,    const ClientSetupInfo *info, const CommonCriteria::AuditToken &audit)
 // Construct a Process object.
 //
 Process::Process(TaskPort taskPort,    const ClientSetupInfo *info, const CommonCriteria::AuditToken &audit)

- :  mTaskPort(taskPort), mByteFlipped(false), mPid(audit.pid()), mUid(audit.euid()), mGid(audit.egid())
+ :  mTaskPort(taskPort), mByteFlipped(false), mPid(audit.pid()), mUid(audit.euid()), mGid(audit.egid()), mAudit(audit)

 {
        StLock<Mutex> _(*this);
 {
        StLock<Mutex> _(*this);

-       
+    xpc_transaction_begin();

        // set parent session
        parent(Session::find(audit.sessionId(), true));
        // set parent session
        parent(Session::find(audit.sessionId(), true));

-
-    // let's take a look at our wannabe client...
+       
+       // let's take a look at our wannabe client...
+       
+       // Not enough to make sure we will get the right process, as
+       // pids get recycled. But we will later create the actual SecCode using
+       // the audit token, which is unique to the one instance of the process,
+       // so this just catches a pid mismatch early.

        if (mTaskPort.pid() != mPid) {
                secnotice("SecServer", "Task/pid setup mismatch pid=%d task=%d(%d)",
        if (mTaskPort.pid() != mPid) {
                secnotice("SecServer", "Task/pid setup mismatch pid=%d task=%d(%d)",

-                       mPid, mTaskPort.port(), mTaskPort.pid());
+                                 mPid, mTaskPort.port(), mTaskPort.pid());

                CssmError::throwMe(CSSMERR_CSSM_ADDIN_AUTHENTICATE_FAILED);     // you lied!
        }
                CssmError::throwMe(CSSMERR_CSSM_ADDIN_AUTHENTICATE_FAILED);     // you lied!
        }

-
+       

        setup(info);
        setup(info);

-       ClientIdentification::setup(this->pid());
-
+       ClientIdentification::setup(this->audit_token());
+       
+       if(!processCode()) {
+               // This can happen if the process died in the meantime.
+               secnotice("SecServer", "no process created in setup, old pid=%d old task=%d(%d)",
+                                 mPid, mTaskPort.port(), mTaskPort.pid());
+               CssmError::throwMe(CSSMERR_CSSM_ADDIN_AUTHENTICATE_FAILED);
+       }
+       

     // NB: ServerChild::find() should only be used to determine
     // *existence*.  Don't use the returned Child object for anything else, 
     // as it is not protected against its underlying process's destruction.  
        if (this->pid() == getpid() // called ourselves (through some API). Do NOT record this as a "dirty" transaction
         || ServerChild::find<ServerChild>(this->pid()))   // securityd's child; do not mark this txn dirty
     // NB: ServerChild::find() should only be used to determine
     // *existence*.  Don't use the returned Child object for anything else, 
     // as it is not protected against its underlying process's destruction.  
        if (this->pid() == getpid() // called ourselves (through some API). Do NOT record this as a "dirty" transaction
         || ServerChild::find<ServerChild>(this->pid()))   // securityd's child; do not mark this txn dirty

-               VProc::Transaction::deactivate();
+        xpc_transaction_end();

 
     secinfo("SecServer", "%p client new: pid:%d session:%d %s taskPort:%d uid:%d gid:%d", this, this->pid(), this->session().sessionId(),
              (char *)codePath(this->processCode()).c_str(), taskPort.port(), mUid, mGid);
 
     secinfo("SecServer", "%p client new: pid:%d session:%d %s taskPort:%d uid:%d gid:%d", this, this->pid(), this->session().sessionId(),
              (char *)codePath(this->processCode()).c_str(), taskPort.port(), mUid, mGid);


@@ -86,12 +98,11 @@ void Process::reset(TaskPort taskPort, const ClientSetupInfo *info, const Common
        setup(info);
        CFCopyRef<SecCodeRef> oldCode = processCode();
 
        setup(info);
        CFCopyRef<SecCodeRef> oldCode = processCode();
 

-       ClientIdentification::setup(this->pid());       // re-constructs processCode()
+       ClientIdentification::setup(this->audit_token());       // re-constructs processCode()

        if (CFEqual(oldCode, processCode())) {
         secnotice("SecServer", "%p Client reset amnesia", this);
        } else {
         secnotice("SecServer", "%p Client reset full", this);
        if (CFEqual(oldCode, processCode())) {
         secnotice("SecServer", "%p Client reset amnesia", this);
        } else {
         secnotice("SecServer", "%p Client reset full", this);

-               CodeSigningHost::reset();

        }
 }
 
        }
 }
 


@@ -127,8 +138,10 @@ Process::~Process()
     secinfo("SecServer", "%p client release: %d", this, this->pid());
 
     // release our name for the process's task port
     secinfo("SecServer", "%p client release: %d", this, this->pid());
 
     // release our name for the process's task port

-       if (mTaskPort)
-        mTaskPort.destroy();
+    if (mTaskPort) {
+        mTaskPort.deallocate();
+    }
+    xpc_transaction_end();

 }
 
 void Process::kill()
 }
 
 void Process::kill()


@@ -196,7 +209,6 @@ void Process::dumpNode()
                Debug::dump(" FLIPPED");
        Debug::dump(" task=%d pid=%d uid/gid=%d/%d",
                mTaskPort.port(), mPid, mUid, mGid);
                Debug::dump(" FLIPPED");
        Debug::dump(" task=%d pid=%d uid/gid=%d/%d",
                mTaskPort.port(), mPid, mUid, mGid);

-       CodeSigningHost::dump();

        ClientIdentification::dump();
 }
 
        ClientIdentification::dump();
 }