X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/79b9da22a1f4b26279940d285c1bc28ce4e99252..7e6b461318c8a779d91381531435a68ee4e8b6ed:/securityd/src/process.cpp diff --git a/securityd/src/process.cpp b/securityd/src/process.cpp index 1206b157..9ab05df8 100644 --- a/securityd/src/process.cpp +++ b/securityd/src/process.cpp @@ -40,29 +40,41 @@ // Construct a Process object. // Process::Process(TaskPort taskPort, const ClientSetupInfo *info, const CommonCriteria::AuditToken &audit) - : mTaskPort(taskPort), mByteFlipped(false), mPid(audit.pid()), mUid(audit.euid()), mGid(audit.egid()) + : mTaskPort(taskPort), mByteFlipped(false), mPid(audit.pid()), mUid(audit.euid()), mGid(audit.egid()), mAudit(audit) { StLock _(*this); - + xpc_transaction_begin(); // set parent session parent(Session::find(audit.sessionId(), true)); - - // let's take a look at our wannabe client... + + // let's take a look at our wannabe client... + + // Not enough to make sure we will get the right process, as + // pids get recycled. But we will later create the actual SecCode using + // the audit token, which is unique to the one instance of the process, + // so this just catches a pid mismatch early. if (mTaskPort.pid() != mPid) { secnotice("SecServer", "Task/pid setup mismatch pid=%d task=%d(%d)", - mPid, mTaskPort.port(), mTaskPort.pid()); + mPid, mTaskPort.port(), mTaskPort.pid()); CssmError::throwMe(CSSMERR_CSSM_ADDIN_AUTHENTICATE_FAILED); // you lied! } - + setup(info); - ClientIdentification::setup(this->pid()); - + ClientIdentification::setup(this->audit_token()); + + if(!processCode()) { + // This can happen if the process died in the meantime. + secnotice("SecServer", "no process created in setup, old pid=%d old task=%d(%d)", + mPid, mTaskPort.port(), mTaskPort.pid()); + CssmError::throwMe(CSSMERR_CSSM_ADDIN_AUTHENTICATE_FAILED); + } + // NB: ServerChild::find() should only be used to determine // *existence*. Don't use the returned Child object for anything else, // as it is not protected against its underlying process's destruction. if (this->pid() == getpid() // called ourselves (through some API). Do NOT record this as a "dirty" transaction || ServerChild::find(this->pid())) // securityd's child; do not mark this txn dirty - VProc::Transaction::deactivate(); + xpc_transaction_end(); secinfo("SecServer", "%p client new: pid:%d session:%d %s taskPort:%d uid:%d gid:%d", this, this->pid(), this->session().sessionId(), (char *)codePath(this->processCode()).c_str(), taskPort.port(), mUid, mGid); @@ -86,12 +98,11 @@ void Process::reset(TaskPort taskPort, const ClientSetupInfo *info, const Common setup(info); CFCopyRef oldCode = processCode(); - ClientIdentification::setup(this->pid()); // re-constructs processCode() + ClientIdentification::setup(this->audit_token()); // re-constructs processCode() if (CFEqual(oldCode, processCode())) { secnotice("SecServer", "%p Client reset amnesia", this); } else { secnotice("SecServer", "%p Client reset full", this); - CodeSigningHost::reset(); } } @@ -127,8 +138,10 @@ Process::~Process() secinfo("SecServer", "%p client release: %d", this, this->pid()); // release our name for the process's task port - if (mTaskPort) - mTaskPort.destroy(); + if (mTaskPort) { + mTaskPort.deallocate(); + } + xpc_transaction_end(); } void Process::kill() @@ -196,7 +209,6 @@ void Process::dumpNode() Debug::dump(" FLIPPED"); Debug::dump(" task=%d pid=%d uid/gid=%d/%d", mTaskPort.port(), mPid, mUid, mGid); - CodeSigningHost::dump(); ClientIdentification::dump(); }