X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/e3d460c9de4426da6c630c3ae3f46173a99f82d8..refs/heads/master:/securityd/src/main.cpp

diff --git a/securityd/src/main.cpp b/securityd/src/main.cpp
index 722edac7..d2035631 100644
--- a/securityd/src/main.cpp
+++ b/securityd/src/main.cpp
@@ -28,13 +28,11 @@
 #include <securityd_client/ucsp.h>
 
 #include "server.h"
-#include "entropy.h"
-#include "authority.h"
 #include "session.h"
 #include "notifications.h"
-#include "pcscmonitor.h"
 #include "auditevents.h"
 #include "self.h"
+#include "util.h"
 
 #include <security_utilities/daemon.h>
 #include <security_utilities/machserver.h>
@@ -60,17 +58,15 @@
 #include "acl_keychain.h"
 #include "acl_partition.h"
 
+#include <sandbox.h>
 
 //
 // Local functions of the main program driver
 //
 static void usage(const char *me) __attribute__((noreturn));
 static void handleSignals(int sig);
-static PCSCMonitor::ServiceLevel scOptions(const char *optionString);
-
 
 static Port gMainServerPort;
-PCSCMonitor *gPCSC;
 
 
 //
@@ -78,53 +74,52 @@ PCSCMonitor *gPCSC;
 //
 int main(int argc, char *argv[])
 {
+	DisableLocalization();
+
 	// clear the umask - we know what we're doing
-	secdebug("SS", "starting umask was 0%o", ::umask(0));
+	secnotice("SecServer", "starting umask was 0%o", ::umask(0));
 	::umask(0);
 
 	// tell the keychain (client) layer to turn off the server interface
 	SecKeychainSetServerMode();
-	
+
+    const char *params[] = {"LEGACY_TOKENS_ENABLED", "NO", NULL};
+    char* errorbuf = NULL;
+    if (sandbox_init_with_parameters("com.apple.securityd", SANDBOX_NAMED, params, &errorbuf)) {
+        seccritical("SecServer: unable to enter sandbox: %{public}s", errorbuf);
+        if (errorbuf) {
+            sandbox_free_error(errorbuf);
+        }
+        exit(1);
+    } else {
+        secnotice("SecServer", "entered sandbox");
+    }
+
 	// program arguments (preset to defaults)
 	bool debugMode = false;
-	const char *bootstrapName = NULL;
-	const char* messagingName = SECURITY_MESSAGES_NAME;
-	bool doFork = false;
-	bool reExecute = false;
 	int workerTimeout = 0;
 	int maxThreads = 0;
 	bool waitForClients = true;
     bool mdsIsInstalled = false;
-	const char *authorizationConfig = "/etc/authorization";
-	const char *tokenCacheDir = "/var/db/TokenCache";
-    const char *entropyFile = "/var/db/SystemEntropyCache";
-	const char *smartCardOptions = getenv("SMARTCARDS");
 	uint32_t keychainAclDefault = CSSM_ACL_KEYCHAIN_PROMPT_INVALID | CSSM_ACL_KEYCHAIN_PROMPT_UNSIGNED;
 	unsigned int verbose = 0;
 	
 	// check for the Installation-DVD environment and modify some default arguments if found
 	if (access("/etc/rc.cdrom", F_OK) == 0) {	// /etc/rc.cdrom exists
-		SECURITYD_INSTALLMODE();
-		smartCardOptions = "off";	// needs writable directories that aren't
+        secnotice("SecServer", "starting in installmode");
 	}
 
 	// parse command line arguments
 	extern char *optarg;
 	extern int optind;
 	int arg;
-	while ((arg = getopt(argc, argv, "a:c:dE:imN:s:t:T:uvWX")) != -1) {
+	while ((arg = getopt(argc, argv, ":dE:im:t:T:uvW")) != -1) {
 		switch (arg) {
-		case 'a':
-			authorizationConfig = optarg;
-			break;
-		case 'c':
-			tokenCacheDir = optarg;
-			break;
 		case 'd':
 			debugMode = true;
 			break;
         case 'E':
-            entropyFile = optarg;
+            /* was entropyFile, kept to preserve ABI */
             break;
 		case 'i':
 			keychainAclDefault &= ~CSSM_ACL_KEYCHAIN_PROMPT_INVALID;
@@ -132,12 +127,6 @@ int main(int argc, char *argv[])
         case 'm':
             mdsIsInstalled = true;
             break;
-		case 'N':
-			bootstrapName = optarg;
-			break;
-		case 's':
-			smartCardOptions = optarg;
-			break;
 		case 't':
 			if ((maxThreads = atoi(optarg)) < 0)
 				maxThreads = 0;
@@ -155,36 +144,19 @@ int main(int argc, char *argv[])
 		case 'v':
 			verbose++;
 			break;
-		case 'X':
-			doFork = true;
-			reExecute = true;
-			break;
 		default:
 			usage(argv[0]);
 		}
 	}
 	
 	// take no non-option arguments
-	if (optind < argc)
+	if (optind < argc) {
 		usage(argv[0]);
-	
-	// figure out the bootstrap name
-    if (!bootstrapName) {
-		bootstrapName = getenv(SECURITYSERVER_BOOTSTRAP_ENV);
-		if (!bootstrapName)
-		{
-			bootstrapName = SECURITYSERVER_BOOTSTRAP_NAME;
-		}
-		else
-		{
-			messagingName = bootstrapName;
-		}
 	}
-	else
-	{
-		messagingName = bootstrapName;
-	}
-	
+
+	const char *bootstrapName = SECURITYSERVER_BOOTSTRAP_NAME;
+	const char* messagingName = SharedMemoryCommon::kDefaultSecurityMessagesName;
+
 	// configure logging first
 	if (debugMode) {
 		Syslog::open(bootstrapName, LOG_AUTHPRIV, LOG_PERROR);
@@ -206,12 +178,8 @@ int main(int argc, char *argv[])
     }
     
     // turn into a properly diabolical daemon unless debugMode is on
-    if (!debugMode && getppid() != 1) {
-		if (!Daemon::incarnate(doFork))
-			exit(1);	// can't daemonize
-		
-		if (reExecute && !Daemon::executeSelf(argv))
-			exit(1);	// can't self-execute
+    if (!debugMode && getppid() != 1 && !Daemon::incarnate(false)) {
+		exit(1);	// can't daemonize
 	}
         
     // arm signal handlers; code below may generate signals we want to see
@@ -227,9 +195,9 @@ int main(int argc, char *argv[])
 		exit(1);
 	}
 
-	// create an Authorization engine
-	Authority authority(authorizationConfig);
-	
+// The clang static analyzer isn't a big fan of our "object creation hooks object into global pointer graph" model.
+// Tell it not to worry.
+#ifndef __clang_analyzer__
 	// introduce all supported ACL subject types
 	new AnyAclSubject::Maker();
 	new PasswordAclSubject::Maker();
@@ -243,12 +211,13 @@ int main(int argc, char *argv[])
 	new PartitionAclSubject::Maker();
 	new PreAuthorizationAcls::OriginMaker();
     new PreAuthorizationAcls::SourceMaker();
-
+#endif
     // establish the code equivalents database
     CodeSignatures codeSignatures;
 
+
     // create the main server object and register it
- 	Server server(authority, codeSignatures, bootstrapName);
+ 	Server server(codeSignatures, bootstrapName);
 
     // Remember the primary service port to send signal events to
     gMainServerPort = server.primaryServicePort();
@@ -261,17 +230,7 @@ int main(int argc, char *argv[])
 	server.floatingThread(true);
 	server.waitForClients(waitForClients);
 	server.verbosity(verbose);
-    
-	// add the RNG seed timer
-# if defined(NDEBUG)
-    EntropyManager entropy(server, entropyFile);
-# else
-    if (getuid() == 0) new EntropyManager(server, entropyFile);
-# endif
 
-	// create a smartcard monitor to manage external token devices
-	gPCSC = new PCSCMonitor(server, tokenCacheDir, scOptions(smartCardOptions));
-    
     // create the RootSession object (if -d, give it graphics and tty attributes)
     RootSession rootSession(debugMode ? (sessionHasGraphicAccess | sessionHasTTY) : 0, server);
 	
@@ -281,12 +240,15 @@ int main(int argc, char *argv[])
     
     // install MDS (if needed) and initialize the local CSSM
     server.loadCssm(mdsIsInstalled);
-    
+
+#ifndef __clang_analyzer__
 	// create the shared memory notification hub
 	new SharedMemoryListener(messagingName, kSharedMemoryPoolSize);
+#endif
 	
+
 	// okay, we're ready to roll
-	SECURITYD_INITIALIZED((char*)bootstrapName);
+    secnotice("SecServer", "Entering service as %s", (char*)bootstrapName);
 	Syslog::notice("Entering service");
     
 	// go
@@ -304,39 +266,14 @@ int main(int argc, char *argv[])
 static void usage(const char *me)
 {
 	fprintf(stderr, "Usage: %s [-dwX]"
-		"\n\t[-a authConfigFile]                    Authorization configuration file"
-		"\n\t[-c tokencache]                        smartcard token cache directory"
 		"\n\t[-e equivDatabase] 					path to code equivalence database"
-		"\n\t[-N serviceName]                       MACH service name"
-		"\n\t[-s off|on|conservative|aggressive]    smartcard operation level"
 		"\n\t[-t maxthreads] [-T threadTimeout]     server thread control"
 		"\n", me);
 	exit(2);
 }
 
-
-//
-// Translate strings (e.g. "conservative") into PCSCMonitor service levels
-//
-static PCSCMonitor::ServiceLevel scOptions(const char *optionString)
-{
-	if (optionString)
-		if (!strcmp(optionString, "off"))
-			return PCSCMonitor::forcedOff;
-		else if (!strcmp(optionString, "on"))
-			return PCSCMonitor::externalDaemon;
-		else if (!strcmp(optionString, "conservative"))
-			return PCSCMonitor::externalDaemon;
-		else if (!strcmp(optionString, "aggressive"))
-			return PCSCMonitor::externalDaemon;
-		else if (!strcmp(optionString, "external"))
-			return PCSCMonitor::externalDaemon;
-		else
-			usage("securityd");
-	else
-		return PCSCMonitor::externalDaemon;
-}
-
+const CFStringRef kTKSmartCardPreferencesDomain = CFSTR("com.apple.security.smartcard");
+const CFStringRef kTKLegacyTokendPreferencesKey  = CFSTR("Legacy");
 
 //
 // Handle signals.
@@ -346,7 +283,5 @@ static PCSCMonitor::ServiceLevel scOptions(const char *optionString)
 //
 static void handleSignals(int sig)
 {
-	SECURITYD_SIGNAL_RECEIVED(sig);
-	if (kern_return_t rc = self_client_handleSignal(gMainServerPort, mach_task_self(), sig))
-		Syslog::error("self-send failed (mach error %d)", rc);
+	(void)self_client_handleSignal(gMainServerPort, mach_task_self(), sig);
 }