X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/07691282a056c4efea71e1e505527601e8cc166b..refs/heads/master:/securityd/src/transition.cpp?ds=sidebyside diff --git a/securityd/src/transition.cpp b/securityd/src/transition.cpp index 20f8b182..b2bd64d1 100644 --- a/securityd/src/transition.cpp +++ b/securityd/src/transition.cpp @@ -42,6 +42,7 @@ #include "child.h" #include #include +#include "SecRandom.h" #include #include #include @@ -49,6 +50,8 @@ #include #include #include +#include +#include #include #include @@ -63,7 +66,7 @@ #define BEGIN_IPCN *rcode = CSSM_OK; try { #define BEGIN_IPC(name) BEGIN_IPCN RefPointer connRef(&Server::connection(replyPort, auditToken)); \ Connection &connection __attribute__((unused)) = *connRef; \ - secinfo("SecServer", "request entry " #name " (pid:%d ession:%d)", connection.process().pid(), connection.session().sessionId()); + secinfo("SecServer", "request entry " #name " (pid:%d session:%d)", connection.process().pid(), connection.session().sessionId()); #define END_IPC(base) END_IPCN(base) Server::requestComplete(*rcode); return KERN_SUCCESS; #define END_IPCN(base) secinfo("SecServer", "request return: %d", *(rcode)); \ @@ -242,6 +245,7 @@ kern_return_t ucsp_server_setup(UCSP_ARGS, mach_port_t taskPort, ClientSetupInfo END_IPCN(CSSM) if (*rcode) Syslog::notice("setup(%s) failed rcode=%d", identity ? identity : "", *rcode); + mach_port_deallocate(mach_task_self(), taskPort); return KERN_SUCCESS; } @@ -254,16 +258,7 @@ kern_return_t ucsp_server_setupThread(UCSP_ARGS, mach_port_t taskPort) END_IPCN(CSSM) if (*rcode) Syslog::notice("setupThread failed rcode=%d", *rcode); - return KERN_SUCCESS; -} - - -kern_return_t ucsp_server_teardown(UCSP_ARGS) -{ - BEGIN_IPCN - secinfo("SecServer", "request entry: teardown"); - Server::active().endConnection(replyPort); - END_IPCN(CSSM) + mach_port_deallocate(mach_task_self(), taskPort); return KERN_SUCCESS; } @@ -743,7 +738,7 @@ static void check_stash_entitlement(Process & proc) } require(entitlements != NULL, done); - if (CFDictionaryGetValueIfPresent(entitlements, CFSTR("com.apple.private.securityd.stash"), &value)) { + if (CFDictionaryGetValueIfPresent(entitlements, kSecEntitlementPrivateStash, &value)) { if (CFGetTypeID(value) && CFBooleanGetTypeID()) { entitled = CFBooleanGetValue((CFBooleanRef)value); } @@ -1131,30 +1126,6 @@ kern_return_t ucsp_server_deriveKey(UCSP_ARGS, DbHandle db, DATA_IN(context), Ke END_IPC(CSP) } - -// -// Random generation -// -kern_return_t ucsp_server_generateRandom(UCSP_ARGS, uint32 ssid, DATA_IN(context), DATA_OUT(data)) -{ - BEGIN_IPC(generateRandom) - CopyOutContext ctx(context, contextLength); - if (ssid) - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); - - // default version (use /dev/random) - Allocator &allocator = Allocator::standard(Allocator::sensitive); - if (size_t bytes = ctx.context().getInt(CSSM_ATTRIBUTE_OUTPUT_SIZE)) { - void *buffer = allocator.malloc(bytes); - Server::active().random(buffer, bytes); - *data = buffer; - *dataLength = int_cast(bytes); - Server::releaseWhenDone(allocator, buffer); - } - END_IPC(CSP) -} - - // // ACL management. // Watch out for the memory-management tap-dance. @@ -1350,78 +1321,16 @@ kern_return_t ucsp_server_postNotification(UCSP_ARGS, uint32 domain, uint32 even // Child check-in service. // Note that this isn't using the standard argument pattern. // -kern_return_t ucsp_server_childCheckIn(mach_port_t serverPort, +kern_return_t ucsp_server_childCheckIn(audit_token_t auditToken, mach_port_t serverPort, mach_port_t servicePort, mach_port_t taskPort) { BEGIN_IPCS - ServerChild::checkIn(servicePort, TaskPort(taskPort).pid()); + ServerChild::checkIn(servicePort, audit_token_to_pid(auditToken)); + // Will be NULL from newer frameworks, but mach_port_deallocate doesn't seem to mind END_IPCS(mach_port_deallocate(mach_task_self(), taskPort)) } -// -// Code Signing Hosting registration. -// Note that the Code Signing Proxy facility (implementing the "cshosting" -// IPC protocol) is elsewhere. -// -kern_return_t ucsp_server_registerHosting(UCSP_ARGS, mach_port_t hostingPort, uint32 flags) -{ - BEGIN_IPC(registerHosting) - connection.process().registerCodeSigning(hostingPort, flags); - END_IPC(CSSM) -} - -kern_return_t ucsp_server_hostingPort(UCSP_ARGS, pid_t hostPid, mach_port_t *hostingPort) -{ - BEGIN_IPC(hostingPort) - if (RefPointer process = Server::active().findPid(hostPid)) - *hostingPort = process->hostingPort(); - else - *hostingPort = MACH_PORT_NULL; - secinfo("hosting", "hosting port for for pid=%d is port %d", hostPid, *hostingPort); - END_IPC(CSSM) -} - - -kern_return_t ucsp_server_setGuest(UCSP_ARGS, SecGuestRef guest, SecCSFlags flags) -{ - BEGIN_IPC(setGuest) - connection.guestRef(guest, flags); - END_IPC(CSSM) -} - - -kern_return_t ucsp_server_createGuest(UCSP_ARGS, SecGuestRef host, - uint32_t status, const char *path, DATA_IN(cdhash), DATA_IN(attributes), - SecCSFlags flags, SecGuestRef *newGuest) -{ - BEGIN_IPC(createGuest) - checkPathLength(path); - *newGuest = connection.process().createGuest(host, status, path, DATA(cdhash), DATA(attributes), flags); - END_IPC(CSSM) -} - -kern_return_t ucsp_server_setGuestStatus(UCSP_ARGS, SecGuestRef guest, - uint32_t status, DATA_IN(attributes)) -{ - BEGIN_IPC(setGuestStatus) - connection.process().setGuestStatus(guest, status, DATA(attributes)); - END_IPC(CSSM) -} - -kern_return_t ucsp_server_removeGuest(UCSP_ARGS, SecGuestRef host, SecGuestRef guest) -{ - BEGIN_IPC(removeGuest) - connection.process().removeGuest(host, guest); - END_IPC(CSSM) -} - -kern_return_t ucsp_server_helpCheckLoad(UCSP_ARGS, const char path[PATH_MAX], uint32_t type) -{ - BEGIN_IPC(helpCheckLoad) - END_IPC(CSSM) -} - // // Testing-related RPCs //