X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/79b9da22a1f4b26279940d285c1bc28ce4e99252..refs/heads/master:/securityd/src/server.cpp

diff --git a/securityd/src/server.cpp b/securityd/src/server.cpp
index 6ebc34c9..81fb8fce 100644
--- a/securityd/src/server.cpp
+++ b/securityd/src/server.cpp
@@ -37,7 +37,6 @@
 #include <mach/mach_error.h>
 #include <security_utilities/ccaudit.h>
 #include <security_utilities/casts.h>
-#include "pcscmonitor.h"
 
 #include "agentquery.h"
 
@@ -241,23 +240,6 @@ void Server::setupConnection(ConnectLevel type, Port replyPort, Port taskPort,
 	notifyIfDead(replyPort);
 }
 
-
-//
-// Synchronously end a Connection.
-// This is due to a request from the client, so no thread races are possible.
-// In practice, this is optional since the DPN for the client thread reply port
-// will destroy the connection anyway when the thread dies.
-//
-void Server::endConnection(Port replyPort)
-{
-	StLock<Mutex> _(*this);
-	PortMap<Connection>::iterator it = mConnections.find(replyPort);
-	assert(it != mConnections.end());
-	it->second->terminate();
-	mConnections.erase(it);
-}
-
-
 //
 // Handling dead-port notifications.
 // This receives DPNs for all kinds of ports we're interested in.
@@ -277,7 +259,6 @@ void Server::notifyDeadName(Port port)
         RefPointer<Connection> con = conIt->second;
 		mConnections.erase(conIt);
         serverLock.unlock();
-		con->abort();        
         return;
     }
     
@@ -323,6 +304,7 @@ kern_return_t self_server_handleSignal(mach_port_t sport,
         secnotice("SecServer", "signal handled %d", sig);
         if (taskPort != mach_task_self()) {
             Syslog::error("handleSignal: received from someone other than myself");
+            mach_port_deallocate(mach_task_self(), taskPort);
 			return KERN_SUCCESS;
 		}
 		switch (sig) {
@@ -347,11 +329,8 @@ kern_return_t self_server_handleSignal(mach_port_t sport,
 #endif //DEBUGDUMP
 
 		case SIGUSR2:
-			{
-				extern PCSCMonitor *gPCSC;
-				gPCSC->startSoftTokens();
-				break;
-			}
+            fprintf(stderr, "securityd ignoring SIGUSR2 received");
+            break;
 
 		default:
 			assert(false);
@@ -459,9 +438,10 @@ void Server::beginShutdown()
 			mShuttingDown = true;
             Session::invalidateAuthHosts();
             secnotice("SecServer", "%p beginning shutdown", this);
-			if (verbosity() >= 2) {
+            shutdownReport();           // always tell me about residual clients...
+			if (verbosity() >= 2) {     // ...and if we really care write to the log, too
 				reportFile = fopen("/var/log/securityd-shutdown.log", "w");
-				shutdownSnitch();
+				shutdownReport_file();
 			}
 		}
 	}
@@ -478,16 +458,24 @@ void Server::eventDone()
 {
     StLock<Mutex> lock(*this);
 	if (this->shuttingDown()) {
+        shutdownReport();
 		if (verbosity() >= 2) {
-            secnotice("SecServer", "shutting down with %ld processes and %ld transactions", mProcesses.size(), VProc::Transaction::debugCount());
-			shutdownSnitch();
+            secnotice("SecServer", "shutting down with %ld processes", mProcesses.size());
+			shutdownReport_file();
 		}
-		IFDUMPING("shutdown", NodeCore::dumpAll());
 	}
 }
 
+void Server::shutdownReport()
+{
+    PidMap mPidsCopy = PidMap(mPids);
+    secnotice("shutdown", "Residual clients count: %d", int(mPidsCopy.size()));
+    for (PidMap::const_iterator it = mPidsCopy.begin(); it != mPidsCopy.end(); ++it) {
+        secnotice("shutdown", "Residual client: %d", it->first);
+    }
+}
 
-void Server::shutdownSnitch()
+void Server::shutdownReport_file()
 {
 	time_t now;
 	time(&now);
@@ -502,7 +490,11 @@ void Server::shutdownSnitch()
 
 bool Server::inDarkWake()
 {
-    return IOPMIsADarkWake(IOPMConnectionGetSystemCapabilities());
+    bool inDarkWake = IOPMIsADarkWake(IOPMConnectionGetSystemCapabilities());
+    if (inDarkWake) {
+        secnotice("SecServer", "Server::inDarkWake returned inDarkWake");
+    }
+    return inDarkWake;
 }
 
 //
@@ -513,9 +505,11 @@ bool Server::inDarkWake()
 //
 void Server::loadCssm(bool mdsIsInstalled)
 {
+    try {
+
 	if (!mCssm->isActive()) {
 		StLock<Mutex> _(*this);
-		VProc::Transaction xact;
+        xpc_transaction_begin();
 		if (!mCssm->isActive()) {
             if (!mdsIsInstalled) {  // non-system securityd instance should not reinitialize MDS
                 secnotice("SecServer", "Installing MDS");
@@ -527,7 +521,25 @@ void Server::loadCssm(bool mdsIsInstalled)
 			mCSP->attach();
 			secnotice("SecServer", "CSSM ready with CSP %s", mCSP->guid().toString().c_str());
 		}
+        xpc_transaction_end();
 	}
+    } catch (const UnixError& err) {
+        secerror("load cssm failed: %s", err.what());
+        if (err.unixError() == ENOSPC) {
+            _exit(1);
+        } else {
+            abort();
+        }
+    } catch (const MacOSError& err) {
+        secerror("load cssm failed: %s", err.what());
+        abort();
+    } catch (const CommonError& err) {
+        secerror("load cssm failed: %d/%d", (int)err.osStatus(), err.unixError());
+        abort();
+    } catch (const std::exception& err) {
+        secerror("load cssm failed: %s", err.what());
+        abort();
+    }
 }