X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/fa7225c82381bac4432a6edf16f53b5370238d85..7e6b461318c8a779d91381531435a68ee4e8b6ed:/securityd/src/server.cpp?ds=sidebyside diff --git a/securityd/src/server.cpp b/securityd/src/server.cpp index 58dd4b79..d510615c 100644 --- a/securityd/src/server.cpp +++ b/securityd/src/server.cpp @@ -100,8 +100,10 @@ Connection &Server::connection(bool tolerant) void Server::requestComplete(CSSM_RETURN &rcode) { + Server &server = active(); + StLock lock(server); // note: there may not be an active connection if connection setup failed - if (RefPointer &conn = active().mCurrentConnection()) { + if (RefPointer &conn = server.mCurrentConnection()) { conn->endWork(rcode); conn = NULL; } @@ -239,23 +241,6 @@ void Server::setupConnection(ConnectLevel type, Port replyPort, Port taskPort, notifyIfDead(replyPort); } - -// -// Synchronously end a Connection. -// This is due to a request from the client, so no thread races are possible. -// In practice, this is optional since the DPN for the client thread reply port -// will destroy the connection anyway when the thread dies. -// -void Server::endConnection(Port replyPort) -{ - StLock _(*this); - PortMap::iterator it = mConnections.find(replyPort); - assert(it != mConnections.end()); - it->second->terminate(); - mConnections.erase(it); -} - - // // Handling dead-port notifications. // This receives DPNs for all kinds of ports we're interested in. @@ -267,23 +252,21 @@ void Server::notifyDeadName(Port port) // unbounded time, including calls out to token daemons etc. StLock serverLock(*this); - secnotice("SSports", "port %d is dead", port.port()); - + // is it a connection? PortMap::iterator conIt = mConnections.find(port); if (conIt != mConnections.end()) { - secnotice("SS", "%p dead connection %d", this, port.port()); + secinfo("SecServer", "%p dead connection %d", this, port.port()); RefPointer con = conIt->second; mConnections.erase(conIt); serverLock.unlock(); - con->abort(); return; } // is it a process? PortMap::iterator procIt = mProcesses.find(port); if (procIt != mProcesses.end()) { - secnotice("SS", "%p dead process %d", this, port.port()); + secinfo("SecServer", "%p dead process %d", this, port.port()); RefPointer proc = procIt->second; mPids.erase(proc->pid()); mProcesses.erase(procIt); @@ -306,7 +289,7 @@ void Server::notifyDeadName(Port port) // void Server::notifyNoSenders(Port port, mach_port_mscount_t) { - secnotice("SS", "%p dead session %d", this, port.port()); + secinfo("SecServer", "%p dead session %d", this, port.port()); } @@ -319,9 +302,10 @@ kern_return_t self_server_handleSignal(mach_port_t sport, mach_port_t taskPort, int sig) { try { - secnotice("SS", "signal handled %d", sig); + secnotice("SecServer", "signal handled %d", sig); if (taskPort != mach_task_self()) { Syslog::error("handleSignal: received from someone other than myself"); + mach_port_deallocate(mach_task_self(), taskPort); return KERN_SUCCESS; } switch (sig) { @@ -329,7 +313,7 @@ kern_return_t self_server_handleSignal(mach_port_t sport, ServerChild::checkChildren(); break; case SIGINT: - secnotice("SS", "shutdown due to SIGINT"); + secnotice("SecServer", "shutdown due to SIGINT"); Syslog::notice("securityd terminated due to SIGINT"); _exit(0); case SIGTERM: @@ -356,7 +340,7 @@ kern_return_t self_server_handleSignal(mach_port_t sport, assert(false); } } catch(...) { - secnotice("SS", "exception handling a signal (ignored)"); + secnotice("SecServer", "exception handling a signal (ignored)"); } mach_port_deallocate(mach_task_self(), taskPort); return KERN_SUCCESS; @@ -369,12 +353,13 @@ kern_return_t self_server_handleSession(mach_port_t sport, try { if (taskPort != mach_task_self()) { Syslog::error("handleSession: received from someone other than myself"); + mach_port_deallocate(mach_task_self(), taskPort); return KERN_SUCCESS; } if (event == AUE_SESSION_END) Session::destroy(int_cast(ident)); } catch(...) { - secnotice("SS", "exception handling a signal (ignored)"); + secnotice("SecServer", "exception handling a signal (ignored)"); } mach_port_deallocate(mach_task_self(), taskPort); return KERN_SUCCESS; @@ -386,7 +371,7 @@ kern_return_t self_server_handleSession(mach_port_t sport, // void Server::SleepWatcher::systemWillSleep() { - secnotice("SS", "%p will sleep", this); + secnotice("SecServer", "%p will sleep", this); Session::processSystemSleep(); for (set::const_iterator it = mPowerClients.begin(); it != mPowerClients.end(); it++) (*it)->systemWillSleep(); @@ -394,14 +379,14 @@ void Server::SleepWatcher::systemWillSleep() void Server::SleepWatcher::systemIsWaking() { - secnotice("SS", "%p is waking", this); + secnotice("SecServer", "%p is waking", this); for (set::const_iterator it = mPowerClients.begin(); it != mPowerClients.end(); it++) (*it)->systemIsWaking(); } void Server::SleepWatcher::systemWillPowerOn() { - secnotice("SS", "%p will power on", this); + secnotice("SecServer", "%p will power on", this); Server::active().longTermActivity(); for (set::const_iterator it = mPowerClients.begin(); it != mPowerClients.end(); it++) (*it)->systemWillPowerOn(); @@ -450,16 +435,17 @@ void Server::beginShutdown() { StLock _(*this); if (!mWaitForClients) { - secnotice("SS", "%p shutting down now", this); + secnotice("SecServer", "%p shutting down now", this); _exit(0); } else { if (!mShuttingDown) { mShuttingDown = true; Session::invalidateAuthHosts(); - secnotice("SS", "%p beginning shutdown", this); - if (verbosity() >= 2) { + secnotice("SecServer", "%p beginning shutdown", this); + shutdownReport(); // always tell me about residual clients... + if (verbosity() >= 2) { // ...and if we really care write to the log, too reportFile = fopen("/var/log/securityd-shutdown.log", "w"); - shutdownSnitch(); + shutdownReport_file(); } } } @@ -474,19 +460,26 @@ void Server::beginShutdown() // void Server::eventDone() { + StLock lock(*this); if (this->shuttingDown()) { - StLock lazy(*this, false); // lazy lock acquisition + shutdownReport(); if (verbosity() >= 2) { - lazy.lock(); - secnotice("SS", "shutting down with %ld processes and %ld transactions", mProcesses.size(), VProc::Transaction::debugCount()); - shutdownSnitch(); + secnotice("SecServer", "shutting down with %ld processes", mProcesses.size()); + shutdownReport_file(); } - IFDUMPING("shutdown", NodeCore::dumpAll()); } } +void Server::shutdownReport() +{ + PidMap mPidsCopy = PidMap(mPids); + secnotice("shutdown", "Residual clients count: %d", int(mPidsCopy.size())); + for (PidMap::const_iterator it = mPidsCopy.begin(); it != mPidsCopy.end(); ++it) { + secnotice("shutdown", "Residual client: %d", it->first); + } +} -void Server::shutdownSnitch() +void Server::shutdownReport_file() { time_t now; time(&now); @@ -501,7 +494,11 @@ void Server::shutdownSnitch() bool Server::inDarkWake() { - return IOPMIsADarkWake(IOPMConnectionGetSystemCapabilities()); + bool inDarkWake = IOPMIsADarkWake(IOPMConnectionGetSystemCapabilities()); + if (inDarkWake) { + secnotice("SecServer", "Server::inDarkWake returned inDarkWake"); + } + return inDarkWake; } // @@ -514,18 +511,19 @@ void Server::loadCssm(bool mdsIsInstalled) { if (!mCssm->isActive()) { StLock _(*this); - VProc::Transaction xact; + xpc_transaction_begin(); if (!mCssm->isActive()) { if (!mdsIsInstalled) { // non-system securityd instance should not reinitialize MDS - secnotice("SS", "Installing MDS"); + secnotice("SecServer", "Installing MDS"); IFDEBUG(if (geteuid() == 0)) MDSClient::mds().install(); } - secnotice("SS", "CSSM initializing"); + secnotice("SecServer", "CSSM initializing"); mCssm->init(); mCSP->attach(); - secnotice("SS", "CSSM ready with CSP %s", mCSP->guid().toString().c_str()); + secnotice("SecServer", "CSSM ready with CSP %s", mCSP->guid().toString().c_str()); } + xpc_transaction_end(); } }