#include "process.h"
#include "server.h"
#include "session.h"
#include "tempdatabase.h"
#include "authority.h"
#include "child.h" // ServerChild (really UnixPlusPlus::Child)::find()
#include <security_utilities/logging.h> //@@@ debug only
#include "agentquery.h"
Process::Process(TaskPort taskPort, const ClientSetupInfo *info, const CommonCriteria::AuditToken &audit)
: mTaskPort(taskPort), mByteFlipped(false), mPid(audit.pid()), mUid(audit.euid()), mGid(audit.egid())
{
StLock<Mutex> _(*this);
parent(Session::find(audit.sessionId(), true));
if (mTaskPort.pid() != mPid) {
secdebug("SS", "Task/pid setup mismatch pid=%d task=%d(%d)",
mPid, mTaskPort.port(), mTaskPort.pid());
CssmError::throwMe(CSSMERR_CSSM_ADDIN_AUTHENTICATE_FAILED); }
setup(info);
ClientIdentification::setup(this->pid());
if (this->pid() == getpid() || ServerChild::find<ServerChild>(this->pid())) VProc::Transaction::deactivate();
if (SECURITYD_CLIENT_NEW_ENABLED())
SECURITYD_CLIENT_NEW(this, this->pid(), &this->session(),
(char *)codePath(this->processCode()).c_str(), taskPort, mUid, mGid, mByteFlipped);
}
void Process::reset(TaskPort taskPort, const ClientSetupInfo *info, const CommonCriteria::AuditToken &audit)
{
StLock<Mutex> _(*this);
if (taskPort != mTaskPort) {
secdebug("SS", "Process %p(%d) reset mismatch (tp %d-%d)",
this, pid(), taskPort.port(), mTaskPort.port());
}
setup(info);
CFCopyRef<SecCodeRef> oldCode = processCode();
ClientIdentification::setup(this->pid()); if (CFEqual(oldCode, processCode())) {
SECURITYD_CLIENT_RESET_AMNESIA(this);
} else {
SECURITYD_CLIENT_RESET_FULL(this);
CodeSigningHost::reset();
}
}
void Process::setup(const ClientSetupInfo *info)
{
assert(info);
uint32 pversion;
if (info->order == 0x1234) { pversion = info->version;
mByteFlipped = false;
} else if (info->order == 0x34120000) { pversion = flip(info->version);
mByteFlipped = true;
} else CssmError::throwMe(CSSM_ERRCODE_INCOMPATIBLE_VERSION);
if (pversion != SSPROTOVERSION)
CssmError::throwMe(CSSM_ERRCODE_INCOMPATIBLE_VERSION);
}
Process::~Process()
{
SECURITYD_CLIENT_RELEASE(this, this->pid());
IFDEBUG(if (!mAuthorizations.empty())
secdebug("SS", "Process %p(%d) clearing %d authorizations",
this, mPid, int(mAuthorizations.size())));
for (AuthorizationSet::iterator it = mAuthorizations.begin();
it != mAuthorizations.end(); ) {
AuthorizationToken *auth = *it;
while (++it != mAuthorizations.end() && *it == auth) ; if (auth->endProcess(*this))
delete auth;
}
if (mTaskPort)
mTaskPort.destroy();
}
void Process::kill()
{
StLock<Mutex> _(*this);
mLocalStore = NULL;
PerProcess::kill();
}
Session& Process::session() const
{
return parent<Session>();
}
void Process::checkSession(const audit_token_t &auditToken)
{
AuditToken audit(auditToken);
if (audit.sessionId() != this->session().sessionId())
this->changeSession(audit.sessionId());
}
LocalDatabase &Process::localStore()
{
StLock<Mutex> _(*this);
if (!mLocalStore)
mLocalStore = new TempDatabase(*this);
return *mLocalStore;
}
Key *Process::makeTemporaryKey(const CssmKey &key, CSSM_KEYATTR_FLAGS moreAttributes,
const AclEntryPrototype *owner)
{
return safer_cast<TempDatabase&>(localStore()).makeKey(key, moreAttributes, owner);
}
void Process::changeSession(Session::SessionId sessionId)
{
parent(Session::find(sessionId, true));
SECURITYD_CLIENT_CHANGE_SESSION(this, &this->session());
}
void Process::addAuthorization(AuthorizationToken *auth)
{
assert(auth);
StLock<Mutex> _(*this);
mAuthorizations.insert(auth);
auth->addProcess(*this);
}
void Process::checkAuthorization(AuthorizationToken *auth)
{
assert(auth);
StLock<Mutex> _(*this);
if (mAuthorizations.find(auth) == mAuthorizations.end())
MacOSError::throwMe(errAuthorizationInvalidRef);
}
bool Process::removeAuthorization(AuthorizationToken *auth)
{
assert(auth);
StLock<Mutex> _(*this);
typedef AuthorizationSet::iterator Iter;
Iter it = mAuthorizations.lower_bound(auth);
bool isLast;
if (it == mAuthorizations.end() || auth != *it) {
isLast = true;
} else {
Iter next = it; ++next; isLast = (next == mAuthorizations.end()) || auth != *next;
mAuthorizations.erase(it); }
if (isLast) {
if (auth->endProcess(*this)) return true; }
return false; }
#if defined(DEBUGDUMP)
void Process::dumpNode()
{
PerProcess::dumpNode();
if (mByteFlipped)
Debug::dump(" FLIPPED");
Debug::dump(" task=%d pid=%d uid/gid=%d/%d",
mTaskPort.port(), mPid, mUid, mGid);
CodeSigningHost::dump();
ClientIdentification::dump();
}
#endif //DEBUGDUMP