--- /dev/null
+/*
+ * Copyright (c) 2000-2008,2011,2013 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+
+//
+// ssclient - SecurityServer client interface library
+//
+#include "sstransit.h"
+#include <servers/netname.h>
+#include <security_utilities/debugging.h>
+
+using MachPlusPlus::check;
+using MachPlusPlus::Bootstrap;
+
+
+namespace Security {
+namespace SecurityServer {
+
+
+//
+// The process-global object
+//
+UnixPlusPlus::StaticForkMonitor ClientSession::mHasForked;
+ModuleNexus<ClientSession::Global> ClientSession::mGlobal;
+const char *ClientSession::mContactName;
+SecGuestRef ClientSession::mDedicatedGuest = kSecNoGuest;
+
+
+//
+// Construct a client session
+//
+ClientSession::ClientSession(Allocator &std, Allocator &rtn)
+: ClientCommon(std, rtn), mCallback(NULL), mCallbackContext(NULL)
+{ }
+
+
+//
+// Destroy a session
+//
+ClientSession::~ClientSession()
+{ }
+
+
+void
+ClientSession::registerForAclEdits(DidChangeKeyAclCallback *callback, void *context)
+{
+ mCallback = callback;
+ mCallbackContext = context;
+}
+
+//
+// Perform any preambles required to be a securityd client in good standing.
+// This includes initial setup calls, thread registration, fork management,
+// and (Code Signing) guest status.
+//
+void ClientSession::activate()
+{
+ // Guard against fork-without-exec. If we are the child of a fork
+ // (that has not exec'ed), our apparent connection to SecurityServer
+ // is just a mirage, and we better reset it.
+ if (mHasForked()) {
+ secdebug("SSclnt", "process has forked (now pid=%d) - resetting connection object", getpid());
+ mGlobal.reset();
+ }
+
+ // now pick up the (new or existing) connection state
+ Global &global = mGlobal();
+ Thread &thread = global.thread();
+ if (!thread) {
+ // first time for this thread - use abbreviated registration
+ IPCN(ucsp_client_setupThread(UCSP_ARGS, mach_task_self()));
+ thread.registered = true;
+ secdebug("SSclnt", "Thread registered with %s", mContactName);
+ }
+
+ // if the thread's guest state has changed, tell securityd
+ if (thread.currentGuest != thread.lastGuest) {
+ IPCN(ucsp_client_setGuest(UCSP_ARGS, thread.currentGuest, kSecCSDefaultFlags));
+ thread.lastGuest = thread.currentGuest;
+ secdebug("SSclnt", "switched guest state to 0x%x", thread.currentGuest);
+ }
+}
+
+
+//
+// The contactName method allows the caller to explicitly override the bootstrap
+// name under which SecurityServer is located. Use this only with great caution,
+// and probably only for debugging.
+// Note that no explicit locking is done here. It is the caller's responsibility
+// to make sure this is called from thread-safe context before the real dance begins.
+//
+void ClientSession::contactName(const char *name)
+{
+ mContactName = name;
+}
+
+const char *ClientSession::contactName() const
+{
+ return mContactName;
+}
+
+
+//
+// Construct the process-global state object.
+// The ModuleNexus construction magic will ensure that this happens uniquely
+// even if the face of multithreaded attack.
+//
+ClientSession::Global::Global()
+{
+ // find server port
+ serverPort = findSecurityd();
+
+ mach_port_t originPort = MACH_PORT_NULL;
+ IPCN(ucsp_client_verifyPrivileged2(serverPort.port(), mig_get_reply_port(), &securitydCreds, &rcode, &originPort));
+ if (originPort != serverPort.port())
+ CssmError::throwMe(CSSM_ERRCODE_VERIFICATION_FAILURE);
+ mach_port_mod_refs(mach_task_self(), originPort, MACH_PORT_RIGHT_SEND, -1);
+
+ // send identification/setup message
+ static const char extForm[] = "?:obsolete";
+ ClientSetupInfo info = { 0x1234, SSPROTOVERSION };
+
+ // cannot use UCSP_ARGS here because it uses mGlobal() -> deadlock
+ Thread &thread = this->thread();
+
+ IPCN(ucsp_client_setup(serverPort, thread.replyPort, &securitydCreds, &rcode,
+ mach_task_self(), info, extForm));
+ thread.registered = true; // as a side-effect of setup call above
+ IFDEBUG(serverPort.requestNotify(thread.replyPort));
+ secdebug("SSclnt", "contact with %s established", mContactName);
+}
+
+
+//
+// Reset the connection.
+// This discards all client state accumulated for the securityd link.
+// Existing connections will go stale and fail; new connections will
+// re-establish the link. This is an expert tool ONLY. If you don't know
+// exactly how this gig is danced, you don't want to call this. Really.
+//
+void ClientSession::reset()
+{
+ secdebug("SSclnt", "resetting client state (OUCH)");
+ mGlobal.reset();
+}
+
+
+//
+// Common utility for finding the registered securityd port for the current
+// session. This does not cache the port anywhere, though it does effectively
+// cache the name.
+//
+Port ClientSession::findSecurityd()
+{
+ if (!mContactName)
+ {
+ mContactName = getenv(SECURITYSERVER_BOOTSTRAP_ENV);
+ if (!mContactName)
+ mContactName = SECURITYSERVER_BOOTSTRAP_NAME;
+ }
+
+ secdebug("SSclnt", "Locating %s", mContactName);
+ Port serverPort = Bootstrap().lookup2(mContactName);
+ secdebug("SSclnt", "contacting %s at port %d (version %d)",
+ mContactName, serverPort.port(), SSPROTOVERSION);
+ return serverPort;
+}
+
+
+//
+// Subsidiary process management.
+// This does not go through the generic securityd-client setup.
+//
+void ClientSession::childCheckIn(Port serverPort, Port taskPort)
+{
+ Port securitydPort = findSecurityd();
+ mach_port_t originPort = MACH_PORT_NULL;
+ IPCN(ucsp_client_verifyPrivileged2(securitydPort.port(), mig_get_reply_port(), &securitydCreds, &rcode, &originPort));
+ if (originPort != securitydPort.port())
+ CssmError::throwMe(CSSM_ERRCODE_VERIFICATION_FAILURE);
+ mach_port_mod_refs(mach_task_self(), originPort, MACH_PORT_RIGHT_SEND, -1);
+ check(ucsp_client_childCheckIn(securitydPort, serverPort, taskPort));
+}
+
+
+//
+// Notify an (interested) caller that a securityd-mediated ACL change
+// MAY have happened on a key object involved in an operation. This allows
+// such callers to re-encode key blobs for storage.
+//
+void ClientSession::notifyAclChange(KeyHandle key, CSSM_ACL_AUTHORIZATION_TAG tag)
+{
+ if (mCallback) {
+ secdebug("keyacl", "ACL change key %u operation %u", key, tag);
+ mCallback(mCallbackContext, *this, key, tag);
+ } else
+ secdebug("keyacl", "dropped ACL change notice for key %u operation %u",
+ key, tag);
+}
+
+
+} // end namespace SecurityServer
+} // end namespace Security
projects / apple / security.git / blobdiff