#include <mach/mach_error.h>
#include <security_utilities/ccaudit.h>
#include <security_utilities/casts.h>
-#include "pcscmonitor.h"
#include "agentquery.h"
void Server::requestComplete(CSSM_RETURN &rcode)
{
+ Server &server = active();
+ StLock<Mutex> lock(server);
// note: there may not be an active connection if connection setup failed
- if (RefPointer<Connection> &conn = active().mCurrentConnection()) {
+ if (RefPointer<Connection> &conn = server.mCurrentConnection()) {
conn->endWork(rcode);
conn = NULL;
}
notifyIfDead(replyPort);
}
-
-//
-// Synchronously end a Connection.
-// This is due to a request from the client, so no thread races are possible.
-// In practice, this is optional since the DPN for the client thread reply port
-// will destroy the connection anyway when the thread dies.
-//
-void Server::endConnection(Port replyPort)
-{
- StLock<Mutex> _(*this);
- PortMap<Connection>::iterator it = mConnections.find(replyPort);
- assert(it != mConnections.end());
- it->second->terminate();
- mConnections.erase(it);
-}
-
-
//
// Handling dead-port notifications.
// This receives DPNs for all kinds of ports we're interested in.
// unbounded time, including calls out to token daemons etc.
StLock<Mutex> serverLock(*this);
- secnotice("SSports", "port %d is dead", port.port());
-
+
// is it a connection?
PortMap<Connection>::iterator conIt = mConnections.find(port);
if (conIt != mConnections.end()) {
- secnotice("SS", "%p dead connection %d", this, port.port());
+ secinfo("SecServer", "%p dead connection %d", this, port.port());
RefPointer<Connection> con = conIt->second;
mConnections.erase(conIt);
serverLock.unlock();
- con->abort();
return;
}
// is it a process?
PortMap<Process>::iterator procIt = mProcesses.find(port);
if (procIt != mProcesses.end()) {
- secnotice("SS", "%p dead process %d", this, port.port());
+ secinfo("SecServer", "%p dead process %d", this, port.port());
RefPointer<Process> proc = procIt->second;
mPids.erase(proc->pid());
mProcesses.erase(procIt);
//
void Server::notifyNoSenders(Port port, mach_port_mscount_t)
{
- secnotice("SS", "%p dead session %d", this, port.port());
+ secinfo("SecServer", "%p dead session %d", this, port.port());
}
mach_port_t taskPort, int sig)
{
try {
- secnotice("SS", "signal handled %d", sig);
+ secnotice("SecServer", "signal handled %d", sig);
if (taskPort != mach_task_self()) {
Syslog::error("handleSignal: received from someone other than myself");
+ mach_port_deallocate(mach_task_self(), taskPort);
return KERN_SUCCESS;
}
switch (sig) {
ServerChild::checkChildren();
break;
case SIGINT:
- secnotice("SS", "shutdown due to SIGINT");
+ secnotice("SecServer", "shutdown due to SIGINT");
Syslog::notice("securityd terminated due to SIGINT");
_exit(0);
case SIGTERM:
#endif //DEBUGDUMP
case SIGUSR2:
- {
- extern PCSCMonitor *gPCSC;
- gPCSC->startSoftTokens();
- break;
- }
+ fprintf(stderr, "securityd ignoring SIGUSR2 received");
+ break;
default:
assert(false);
}
} catch(...) {
- secnotice("SS", "exception handling a signal (ignored)");
+ secnotice("SecServer", "exception handling a signal (ignored)");
}
mach_port_deallocate(mach_task_self(), taskPort);
return KERN_SUCCESS;
try {
if (taskPort != mach_task_self()) {
Syslog::error("handleSession: received from someone other than myself");
+ mach_port_deallocate(mach_task_self(), taskPort);
return KERN_SUCCESS;
}
if (event == AUE_SESSION_END)
Session::destroy(int_cast<uint64_t, Session::SessionId>(ident));
} catch(...) {
- secnotice("SS", "exception handling a signal (ignored)");
+ secnotice("SecServer", "exception handling a signal (ignored)");
}
mach_port_deallocate(mach_task_self(), taskPort);
return KERN_SUCCESS;
//
void Server::SleepWatcher::systemWillSleep()
{
- secnotice("SS", "%p will sleep", this);
+ secnotice("SecServer", "%p will sleep", this);
Session::processSystemSleep();
for (set<PowerWatcher *>::const_iterator it = mPowerClients.begin(); it != mPowerClients.end(); it++)
(*it)->systemWillSleep();
void Server::SleepWatcher::systemIsWaking()
{
- secnotice("SS", "%p is waking", this);
+ secnotice("SecServer", "%p is waking", this);
for (set<PowerWatcher *>::const_iterator it = mPowerClients.begin(); it != mPowerClients.end(); it++)
(*it)->systemIsWaking();
}
void Server::SleepWatcher::systemWillPowerOn()
{
- secnotice("SS", "%p will power on", this);
+ secnotice("SecServer", "%p will power on", this);
Server::active().longTermActivity();
for (set<PowerWatcher *>::const_iterator it = mPowerClients.begin(); it != mPowerClients.end(); it++)
(*it)->systemWillPowerOn();
{
StLock<Mutex> _(*this);
if (!mWaitForClients) {
- secnotice("SS", "%p shutting down now", this);
+ secnotice("SecServer", "%p shutting down now", this);
_exit(0);
} else {
if (!mShuttingDown) {
mShuttingDown = true;
Session::invalidateAuthHosts();
- secnotice("SS", "%p beginning shutdown", this);
- if (verbosity() >= 2) {
+ secnotice("SecServer", "%p beginning shutdown", this);
+ shutdownReport(); // always tell me about residual clients...
+ if (verbosity() >= 2) { // ...and if we really care write to the log, too
reportFile = fopen("/var/log/securityd-shutdown.log", "w");
- shutdownSnitch();
+ shutdownReport_file();
}
}
}
//
void Server::eventDone()
{
+ StLock<Mutex> lock(*this);
if (this->shuttingDown()) {
- StLock<Mutex> lazy(*this, false); // lazy lock acquisition
+ shutdownReport();
if (verbosity() >= 2) {
- lazy.lock();
- secnotice("SS", "shutting down with %ld processes and %ld transactions", mProcesses.size(), VProc::Transaction::debugCount());
- shutdownSnitch();
+ secnotice("SecServer", "shutting down with %ld processes", mProcesses.size());
+ shutdownReport_file();
}
- IFDUMPING("shutdown", NodeCore::dumpAll());
}
}
+void Server::shutdownReport()
+{
+ PidMap mPidsCopy = PidMap(mPids);
+ secnotice("shutdown", "Residual clients count: %d", int(mPidsCopy.size()));
+ for (PidMap::const_iterator it = mPidsCopy.begin(); it != mPidsCopy.end(); ++it) {
+ secnotice("shutdown", "Residual client: %d", it->first);
+ }
+}
-void Server::shutdownSnitch()
+void Server::shutdownReport_file()
{
time_t now;
time(&now);
bool Server::inDarkWake()
{
- return IOPMIsADarkWake(IOPMConnectionGetSystemCapabilities());
+ bool inDarkWake = IOPMIsADarkWake(IOPMConnectionGetSystemCapabilities());
+ if (inDarkWake) {
+ secnotice("SecServer", "Server::inDarkWake returned inDarkWake");
+ }
+ return inDarkWake;
}
//
//
void Server::loadCssm(bool mdsIsInstalled)
{
+ try {
+
if (!mCssm->isActive()) {
StLock<Mutex> _(*this);
- VProc::Transaction xact;
+ xpc_transaction_begin();
if (!mCssm->isActive()) {
if (!mdsIsInstalled) { // non-system securityd instance should not reinitialize MDS
- secnotice("SS", "Installing MDS");
+ secnotice("SecServer", "Installing MDS");
IFDEBUG(if (geteuid() == 0))
MDSClient::mds().install();
}
- secnotice("SS", "CSSM initializing");
+ secnotice("SecServer", "CSSM initializing");
mCssm->init();
mCSP->attach();
- secnotice("SS", "CSSM ready with CSP %s", mCSP->guid().toString().c_str());
+ secnotice("SecServer", "CSSM ready with CSP %s", mCSP->guid().toString().c_str());
}
+ xpc_transaction_end();
}
+ } catch (const UnixError& err) {
+ secerror("load cssm failed: %s", err.what());
+ if (err.unixError() == ENOSPC) {
+ _exit(1);
+ } else {
+ abort();
+ }
+ } catch (const MacOSError& err) {
+ secerror("load cssm failed: %s", err.what());
+ abort();
+ } catch (const CommonError& err) {
+ secerror("load cssm failed: %d/%d", (int)err.osStatus(), err.unixError());
+ abort();
+ } catch (const std::exception& err) {
+ secerror("load cssm failed: %s", err.what());
+ abort();
+ }
}
projects / apple / security.git / blobdiff