#include <securityd_client/ucsp.h>
#include "server.h"
-#include "entropy.h"
#include "session.h"
#include "notifications.h"
-#include "pcscmonitor.h"
#include "auditevents.h"
#include "self.h"
+#include "util.h"
#include <security_utilities/daemon.h>
#include <security_utilities/machserver.h>
#include "acl_keychain.h"
#include "acl_partition.h"
+#include <sandbox.h>
//
// Local functions of the main program driver
//
static void usage(const char *me) __attribute__((noreturn));
static void handleSignals(int sig);
-static PCSCMonitor::ServiceLevel scOptions(const char *optionString);
-
static Port gMainServerPort;
-PCSCMonitor *gPCSC;
//
//
int main(int argc, char *argv[])
{
+ DisableLocalization();
+
// clear the umask - we know what we're doing
- secnotice("SS", "starting umask was 0%o", ::umask(0));
+ secnotice("SecServer", "starting umask was 0%o", ::umask(0));
::umask(0);
// tell the keychain (client) layer to turn off the server interface
SecKeychainSetServerMode();
-
+
+ const char *params[] = {"LEGACY_TOKENS_ENABLED", "NO", NULL};
+ char* errorbuf = NULL;
+ if (sandbox_init_with_parameters("com.apple.securityd", SANDBOX_NAMED, params, &errorbuf)) {
+ seccritical("SecServer: unable to enter sandbox: %{public}s", errorbuf);
+ if (errorbuf) {
+ sandbox_free_error(errorbuf);
+ }
+ exit(1);
+ } else {
+ secnotice("SecServer", "entered sandbox");
+ }
+
// program arguments (preset to defaults)
bool debugMode = false;
- const char *bootstrapName = NULL;
- const char* messagingName = SECURITY_MESSAGES_NAME;
- bool doFork = false;
- bool reExecute = false;
int workerTimeout = 0;
int maxThreads = 0;
bool waitForClients = true;
bool mdsIsInstalled = false;
- const char *tokenCacheDir = "/var/db/TokenCache";
- const char *entropyFile = "/var/db/SystemEntropyCache";
- const char *smartCardOptions = getenv("SMARTCARDS");
uint32_t keychainAclDefault = CSSM_ACL_KEYCHAIN_PROMPT_INVALID | CSSM_ACL_KEYCHAIN_PROMPT_UNSIGNED;
unsigned int verbose = 0;
// check for the Installation-DVD environment and modify some default arguments if found
if (access("/etc/rc.cdrom", F_OK) == 0) { // /etc/rc.cdrom exists
- secnotice("SS", "starting in installmode");
- smartCardOptions = "off"; // needs writable directories that aren't
+ secnotice("SecServer", "starting in installmode");
}
// parse command line arguments
extern char *optarg;
extern int optind;
int arg;
- while ((arg = getopt(argc, argv, "c:dE:imN:s:t:T:uvWX")) != -1) {
+ while ((arg = getopt(argc, argv, ":dE:im:t:T:uvW")) != -1) {
switch (arg) {
- case 'c':
- tokenCacheDir = optarg;
- break;
case 'd':
debugMode = true;
break;
case 'E':
- entropyFile = optarg;
+ /* was entropyFile, kept to preserve ABI */
break;
case 'i':
keychainAclDefault &= ~CSSM_ACL_KEYCHAIN_PROMPT_INVALID;
case 'm':
mdsIsInstalled = true;
break;
- case 'N':
- bootstrapName = optarg;
- break;
- case 's':
- smartCardOptions = optarg;
- break;
case 't':
if ((maxThreads = atoi(optarg)) < 0)
maxThreads = 0;
case 'v':
verbose++;
break;
- case 'X':
- doFork = true;
- reExecute = true;
- break;
default:
usage(argv[0]);
}
}
// take no non-option arguments
- if (optind < argc)
+ if (optind < argc) {
usage(argv[0]);
-
- // figure out the bootstrap name
- if (!bootstrapName) {
- bootstrapName = getenv(SECURITYSERVER_BOOTSTRAP_ENV);
- if (!bootstrapName)
- {
- bootstrapName = SECURITYSERVER_BOOTSTRAP_NAME;
- }
- else
- {
- messagingName = bootstrapName;
- }
}
- else
- {
- messagingName = bootstrapName;
- }
-
+
+ const char *bootstrapName = SECURITYSERVER_BOOTSTRAP_NAME;
+ const char* messagingName = SharedMemoryCommon::kDefaultSecurityMessagesName;
+
// configure logging first
if (debugMode) {
Syslog::open(bootstrapName, LOG_AUTHPRIV, LOG_PERROR);
}
// turn into a properly diabolical daemon unless debugMode is on
- if (!debugMode && getppid() != 1) {
- if (!Daemon::incarnate(doFork))
- exit(1); // can't daemonize
-
- if (reExecute && !Daemon::executeSelf(argv))
- exit(1); // can't self-execute
+ if (!debugMode && getppid() != 1 && !Daemon::incarnate(false)) {
+ exit(1); // can't daemonize
}
// arm signal handlers; code below may generate signals we want to see
exit(1);
}
+// The clang static analyzer isn't a big fan of our "object creation hooks object into global pointer graph" model.
+// Tell it not to worry.
+#ifndef __clang_analyzer__
// introduce all supported ACL subject types
new AnyAclSubject::Maker();
new PasswordAclSubject::Maker();
new PartitionAclSubject::Maker();
new PreAuthorizationAcls::OriginMaker();
new PreAuthorizationAcls::SourceMaker();
-
+#endif
// establish the code equivalents database
CodeSignatures codeSignatures;
+
// create the main server object and register it
Server server(codeSignatures, bootstrapName);
server.floatingThread(true);
server.waitForClients(waitForClients);
server.verbosity(verbose);
-
- // add the RNG seed timer
-# if defined(NDEBUG)
- EntropyManager entropy(server, entropyFile);
-# else
- if (getuid() == 0) new EntropyManager(server, entropyFile);
-# endif
- // create a smartcard monitor to manage external token devices
- gPCSC = new PCSCMonitor(server, tokenCacheDir, scOptions(smartCardOptions));
-
// create the RootSession object (if -d, give it graphics and tty attributes)
RootSession rootSession(debugMode ? (sessionHasGraphicAccess | sessionHasTTY) : 0, server);
// install MDS (if needed) and initialize the local CSSM
server.loadCssm(mdsIsInstalled);
-
+
+#ifndef __clang_analyzer__
// create the shared memory notification hub
new SharedMemoryListener(messagingName, kSharedMemoryPoolSize);
+#endif
+
// okay, we're ready to roll
- secnotice("SS", "Entering service as %s", (char*)bootstrapName);
+ secnotice("SecServer", "Entering service as %s", (char*)bootstrapName);
Syslog::notice("Entering service");
// go
static void usage(const char *me)
{
fprintf(stderr, "Usage: %s [-dwX]"
- "\n\t[-c tokencache] smartcard token cache directory"
"\n\t[-e equivDatabase] path to code equivalence database"
- "\n\t[-N serviceName] MACH service name"
- "\n\t[-s off|on|conservative|aggressive] smartcard operation level"
"\n\t[-t maxthreads] [-T threadTimeout] server thread control"
"\n", me);
exit(2);
}
-
-//
-// Translate strings (e.g. "conservative") into PCSCMonitor service levels
-//
-static PCSCMonitor::ServiceLevel scOptions(const char *optionString)
-{
- if (optionString)
- if (!strcmp(optionString, "off"))
- return PCSCMonitor::forcedOff;
- else if (!strcmp(optionString, "on"))
- return PCSCMonitor::externalDaemon;
- else if (!strcmp(optionString, "conservative"))
- return PCSCMonitor::externalDaemon;
- else if (!strcmp(optionString, "aggressive"))
- return PCSCMonitor::externalDaemon;
- else if (!strcmp(optionString, "external"))
- return PCSCMonitor::externalDaemon;
- else
- usage("securityd");
- else
- return PCSCMonitor::externalDaemon;
-}
-
+const CFStringRef kTKSmartCardPreferencesDomain = CFSTR("com.apple.security.smartcard");
+const CFStringRef kTKLegacyTokendPreferencesKey = CFSTR("Legacy");
//
// Handle signals.
//
static void handleSignals(int sig)
{
- secnotice("SS", "signal received: %d", sig);
- if (kern_return_t rc = self_client_handleSignal(gMainServerPort, mach_task_self(), sig))
- Syslog::error("self-send failed (mach error %d)", rc);
+ (void)self_client_handleSignal(gMainServerPort, mach_task_self(), sig);
}
projects / apple / security.git / blobdiff