X-Git-Url: https://git.saurik.com/apple/securityd.git/blobdiff_plain/f7aa9f666a1c7ab343b4ce8f1677ea253c4e126e..4cd1cad0dea00daa03e1b54fdf2797a02373ad5b:/src/token.cpp diff --git a/src/token.cpp b/src/token.cpp index 9b3de21..55198c1 100644 --- a/src/token.cpp +++ b/src/token.cpp @@ -200,11 +200,21 @@ void Token::removeCommon(TokenDbCommon &dbc) // we're analyzing the token, determine its characteristics, and get ready to // use it. // -void Token::insert(::Reader &slot) +void Token::insert(::Reader &slot, RefPointer tokend) { try { // this might take a while... Server::active().longTermActivity(); + referent(slot); + mState = slot.pcscState(); + + if (tokend == NULL) { + // no pre-determined Tokend - search for one + if (!(tokend = chooseTokend())) { + secdebug("token", "%p no token daemons available - faulting this card", this); + fault(false); // throws + } + } // take Token lock and hold throughout insertion StLock _(*this); @@ -212,26 +222,18 @@ void Token::insert(::Reader &slot) Syslog::debug("token inserted into reader %s", slot.name().c_str()); secdebug("token", "%p begin insertion into slot %p (reader %s)", this, &slot, slot.name().c_str()); - referent(slot); - mState = slot.pcscState(); - - RefPointer tokend = chooseTokend(); - if (!tokend) { - secdebug("token", "%p no token daemons available - faulting this card", this); - fault(false); - } // tell the tokend object to relay faults to us tokend->faultRelay(this); // locate or establish cache directories if (tokend->hasTokenUid()) { - secdebug("token", "%p CHOOSING %s (score=%d, uid=\"%s\")", + secdebug("token", "%p using %s (score=%d, uid=\"%s\")", this, tokend->bundlePath().c_str(), tokend->score(), tokend->tokenUid().c_str()); mCache = new TokenCache::Token(reader().cache, tokend->bundleIdentifier() + ":" + tokend->tokenUid()); } else { - secdebug("token", "%p CHOOSING %s (score=%d, temporary)", + secdebug("token", "%p using %s (score=%d, temporary)", this, tokend->bundlePath().c_str(), tokend->score()); mCache = new TokenCache::Token(reader().cache); } @@ -268,12 +270,16 @@ void Token::insert(::Reader &slot) secdebug("token", "%p installing MDS from %s(%s)", this, tokend->bundlePath().c_str(), mdsDirectory[0] ? mdsDirectory : "ALL"); - string holdGuid = mGuid.toString(); // extend lifetime of .toString() + string holdGuid = mGuid.toString(); // extend lifetime of std::string + string holdTokenUid; + if (tokend->hasTokenUid()) + holdTokenUid = tokend->tokenUid(); + string holdPrintName = this->printName(); MDS_InstallDefaults mdsDefaults = { holdGuid.c_str(), mSubservice, - tokend->hasTokenUid() ? tokend->tokenUid().c_str() : "", - this->printName().c_str() + holdTokenUid.c_str(), + holdPrintName.c_str() }; mds().install(&mdsDefaults, tokend->bundlePath().c_str(), @@ -448,10 +454,15 @@ RefPointer Token::chooseTokend() RefPointer leader; for (CodeRepository::const_iterator it = candidates.begin(); it != candidates.end(); it++) { + RefPointer candidate = *it; try { - // any pre-launch screening of candidate *it goes here - - RefPointer tokend = new TokenDaemon(*it, + // skip software token daemons - ineligible for automatic choosing + if (CFTypeRef type = (*it)->infoPlistItem("TokendType")) + if (CFEqual(type, CFSTR("software"))) + continue; + + // okay, launch it and let it try + RefPointer tokend = new TokenDaemon(candidate, reader().name(), reader().pcscState(), reader().cache); if (tokend->state() == ServerChild::dead) // ah well, this one's no good @@ -465,7 +476,7 @@ RefPointer Token::chooseTokend() if (!leader || tokend->score() > leader->score()) leader = tokend; // a new front runner, he is... } catch (...) { - secdebug("token", "exception setting up %s (moving on)", (*it)->canonicalPath().c_str()); + secdebug("token", "exception setting up %s (moving on)", candidate->canonicalPath().c_str()); } } return leader;