// Construct a CodeSigningHost
//
CodeSigningHost::CodeSigningHost()
- : mHostingState(noHosting)
+ : mLock(Mutex::recursive), mHostingState(noHosting)
{
}
//
void CodeSigningHost::reset()
{
+ StLock<Mutex> _(mLock);
switch (mHostingState) {
case noHosting:
break; // nothing to do
//
// Look up guest by guestRef.
-// Throws if they we don't have a guest by that ref.
+// Throws if we don't have a guest by that ref.
//
CodeSigningHost::Guest *CodeSigningHost::findGuest(SecGuestRef guestRef, bool hostOk /* = false */)
{
//
void CodeSigningHost::registerCodeSigning(mach_port_t hostingPort, SecCSFlags flags)
{
+ StLock<Mutex> _(mLock);
switch (mHostingState) {
case noHosting:
mHostingPort = hostingPort;
uint32_t status, const char *path,
const CssmData &cdhash, const CssmData &attributes, SecCSFlags flags)
{
+ StLock<Mutex> _(mLock);
if (path[0] != '/') // relative path (relative to what? :-)
MacOSError::throwMe(errSecCSHostProtocolRelativePath);
if (cdhash.length() > maxUcspHashLength)
guest->setHash(cdhash, flags & kSecCSGenerateGuestHash);
guest->dedicated = (flags & kSecCSDedicatedHost);
mGuests[guest->guestRef()] = guest;
- SECURITYD_GUEST_CREATE(DTSELF, hostRef, guest->guestRef(), guest->status, flags, (char *)guest->path.c_str());
+ SECURITYD_GUEST_CREATE(DTSELF, hostRef, guest->guestRef(), guest->status, flags, guest->path.c_str());
if (SECURITYD_GUEST_CDHASH_ENABLED())
SECURITYD_GUEST_CDHASH(DTSELF, guest->guestRef(),
(void*)CFDataGetBytePtr(guest->cdhash), CFDataGetLength(guest->cdhash));
void CodeSigningHost::setGuestStatus(SecGuestRef guestRef, uint32_t status, const CssmData &attributes)
{
+ StLock<Mutex> _(mLock);
if (mHostingState != proxyHosting)
MacOSError::throwMe(errSecCSHostProtocolNotProxy);
Guest *guest = findGuest(guestRef);
//
void CodeSigningHost::removeGuest(SecGuestRef hostRef, SecGuestRef guestRef)
{
+ StLock<Mutex> _(mLock);
if (mHostingState != proxyHosting)
MacOSError::throwMe(errSecCSHostProtocolNotProxy);
RefPointer<Guest> host = findHost(hostRef);
//
// The MachServer dispatch handler for proxy hosting.
//
+
+// give MIG handlers access to the object lock
+struct CodeSigningHost::Lock : private StLock<Mutex> {
+ Lock(CodeSigningHost *host) : StLock<Mutex>(host->mLock) { }
+};
+
+
boolean_t cshosting_server(mach_msg_header_t *, mach_msg_header_t *);
static ThreadNexus<CodeSigningHost *> context;
boolean_t CodeSigningHost::handle(mach_msg_header_t *in, mach_msg_header_t *out)
{
+ CodeSigningHost::Lock _(this);
context() = this;
return cshosting_server(in, out);
}
void CodeSigningHost::dump() const
{
+ StLock<Mutex> _(mLock);
switch (mHostingState) {
case noHosting:
break;