2 * Copyright (c) 2000-2004 Apple Computer, Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
26 // process - track a single client process and its belongings
31 #include "tempdatabase.h"
32 #include "authority.h"
33 #include "child.h" // ServerChild (really UnixPlusPlus::Child)::find()
35 #include <security_utilities/logging.h> //@@@ debug only
36 #include "agentquery.h"
40 // Construct a Process object.
42 Process::Process(TaskPort taskPort
, const ClientSetupInfo
*info
, const CommonCriteria::AuditToken
&audit
)
43 : mTaskPort(taskPort
), mByteFlipped(false), mPid(audit
.pid()), mUid(audit
.euid()), mGid(audit
.egid())
45 StLock
<Mutex
> _(*this);
48 parent(Session::find(audit
.sessionId(), true));
50 // let's take a look at our wannabe client...
51 if (mTaskPort
.pid() != mPid
) {
52 secdebug("SS", "Task/pid setup mismatch pid=%d task=%d(%d)",
53 mPid
, mTaskPort
.port(), mTaskPort
.pid());
54 CssmError::throwMe(CSSMERR_CSSM_ADDIN_AUTHENTICATE_FAILED
); // you lied!
58 ClientIdentification::setup(this->pid());
60 // NB: ServerChild::find() should only be used to determine
61 // *existence*. Don't use the returned Child object for anything else,
62 // as it is not protected against its underlying process's destruction.
63 if (this->pid() == getpid() // called ourselves (through some API). Do NOT record this as a "dirty" transaction
64 || ServerChild::find
<ServerChild
>(this->pid())) // securityd's child; do not mark this txn dirty
65 VProc::Transaction::deactivate();
67 if (SECURITYD_CLIENT_NEW_ENABLED())
68 SECURITYD_CLIENT_NEW(this, this->pid(), &this->session(),
69 (char *)codePath(this->processCode()).c_str(), taskPort
, mUid
, mGid
, mByteFlipped
);
74 // Screen a process setup request for an existing process.
75 // This means the client has requested intialization even though we remember having
76 // talked to it in the past. This could either be an exec(2), or the client could just
77 // have forgotten all about its securityd client state. Or it could be an attack...
79 void Process::reset(TaskPort taskPort
, const ClientSetupInfo
*info
, const CommonCriteria::AuditToken
&audit
)
81 StLock
<Mutex
> _(*this);
82 if (taskPort
!= mTaskPort
) {
83 secdebug("SS", "Process %p(%d) reset mismatch (tp %d-%d)",
84 this, pid(), taskPort
.port(), mTaskPort
.port());
85 //@@@ CssmError::throwMe(CSSM_ERRCODE_VERIFICATION_FAILURE); // liar
88 CFCopyRef
<SecCodeRef
> oldCode
= processCode();
90 ClientIdentification::setup(this->pid()); // re-constructs processCode()
91 if (CFEqual(oldCode
, processCode())) {
92 SECURITYD_CLIENT_RESET_AMNESIA(this);
94 SECURITYD_CLIENT_RESET_FULL(this);
95 CodeSigningHost::reset();
101 // Common set processing
103 void Process::setup(const ClientSetupInfo
*info
)
105 // process setup info
108 if (info
->order
== 0x1234) { // right side up
109 pversion
= info
->version
;
110 mByteFlipped
= false;
111 } else if (info
->order
== 0x34120000) { // flip side up
112 pversion
= flip(info
->version
);
114 } else // non comprende
115 CssmError::throwMe(CSSM_ERRCODE_INCOMPATIBLE_VERSION
);
117 // check wire protocol version
118 if (pversion
!= SSPROTOVERSION
)
119 CssmError::throwMe(CSSM_ERRCODE_INCOMPATIBLE_VERSION
);
124 // Clean up a Process object
128 SECURITYD_CLIENT_RELEASE(this, this->pid());
130 // tell all our authorizations that we're gone
131 IFDEBUG(if (!mAuthorizations
.empty())
132 secdebug("SS", "Process %p(%d) clearing %d authorizations",
133 this, mPid
, int(mAuthorizations
.size())));
134 for (AuthorizationSet::iterator it
= mAuthorizations
.begin();
135 it
!= mAuthorizations
.end(); ) {
136 AuthorizationToken
*auth
= *it
;
137 while (++it
!= mAuthorizations
.end() && *it
== auth
) ; // Skip duplicates
138 if (auth
->endProcess(*this))
142 // release our name for the process's task port
149 StLock
<Mutex
> _(*this);
151 // release local temp store
154 // standard kill processing
159 Session
& Process::session() const
161 return parent
<Session
>();
165 void Process::checkSession(const audit_token_t
&auditToken
)
167 AuditToken
audit(auditToken
);
168 if (audit
.sessionId() != this->session().sessionId())
169 this->changeSession(audit
.sessionId());
173 LocalDatabase
&Process::localStore()
175 StLock
<Mutex
> _(*this);
177 mLocalStore
= new TempDatabase(*this);
181 Key
*Process::makeTemporaryKey(const CssmKey
&key
, CSSM_KEYATTR_FLAGS moreAttributes
,
182 const AclEntryPrototype
*owner
)
184 return safer_cast
<TempDatabase
&>(localStore()).makeKey(key
, moreAttributes
, owner
);
189 // Change the session of a process.
190 // This is the result of SessionCreate from a known process client.
192 void Process::changeSession(Session::SessionId sessionId
)
195 parent(Session::find(sessionId
, true));
196 SECURITYD_CLIENT_CHANGE_SESSION(this, &this->session());
201 // Authorization set maintainance
203 void Process::addAuthorization(AuthorizationToken
*auth
)
206 StLock
<Mutex
> _(*this);
207 mAuthorizations
.insert(auth
);
208 auth
->addProcess(*this);
211 void Process::checkAuthorization(AuthorizationToken
*auth
)
214 StLock
<Mutex
> _(*this);
215 if (mAuthorizations
.find(auth
) == mAuthorizations
.end())
216 MacOSError::throwMe(errAuthorizationInvalidRef
);
219 bool Process::removeAuthorization(AuthorizationToken
*auth
)
222 StLock
<Mutex
> _(*this);
223 // we do everything with a single set lookup call...
224 typedef AuthorizationSet::iterator Iter
;
225 Iter it
= mAuthorizations
.lower_bound(auth
);
227 if (it
== mAuthorizations
.end() || auth
!= *it
) {
230 Iter next
= it
; ++next
; // following element
231 isLast
= (next
== mAuthorizations
.end()) || auth
!= *next
;
232 mAuthorizations
.erase(it
); // remove first match
235 if (auth
->endProcess(*this)) // ... tell it to remove us,
236 return true; // ... and tell the caller
238 return false; // keep the auth; it's still in use
243 // Debug dump support
245 #if defined(DEBUGDUMP)
247 void Process::dumpNode()
249 PerProcess::dumpNode();
251 Debug::dump(" FLIPPED");
252 Debug::dump(" task=%d pid=%d uid/gid=%d/%d",
253 mTaskPort
.port(), mPid
, mUid
, mGid
);
254 CodeSigningHost::dump();
255 ClientIdentification::dump();