tokend.cpp   [plain text]

/*
 * Copyright (c) 2004-2006 Apple Computer, Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */


//
// tokend - internal tracker for a tokend smartcard driver process
//
#include "tokend.h"
#include <security_utilities/logging.h>


//
// Construct a TokenDaemon.
// This will (try to) execute the actual tokend at 'path'; it will not communicate
// with it beyond the standard securityd checkin mechanism.
// The constructor will return if the tokend is either checked in and ready, or
// it has died (or been unable to start at all). It's then our owner's responsibility
// to manage us from there, including deleting us eventually.
//
TokenDaemon::TokenDaemon(RefPointer<Bundle> code,
		const string &reader, const PCSC::ReaderState &readerState, TokenCache &cache)
	: Tokend::ClientSession(Allocator::standard(), Allocator::standard()),
	  mMe(code), mReaderName(reader), mState(readerState),
	  mFaultRelay(NULL), mFaulted(false), mProbed(false),
	  mUid(cache.tokendUid()), mGid(cache.tokendGid())
{
	this->fork();
	switch (ServerChild::state()) {
	case alive:
		Tokend::ClientSession::servicePort(ServerChild::servicePort());
		secinfo("tokend", "%p (pid %d) %s has launched", this, pid(), bundlePath().c_str());
		break;
	case dead:
		// tokend died or quit before becoming ready
		secinfo("tokend", "%p (pid %d) %s failed on startup", this, pid(), bundlePath().c_str());
		break;
	default:
		assert(false);
	}
}


//
// The destructor for TokenDaemon *may* be called with tokend still alive.
// We rely on ServerChild's destructor to kill it for us.
// If we wanted to do something especally nice just for tokend (such as sending
// a "go die" message), we'd do it here.
//
TokenDaemon::~TokenDaemon()
{
	secinfo("tokend", "%p (pid %d) %s is being destroyed", this, pid(), bundlePath().c_str());
}


//
// Calculate a tokenUid as a concatenation of tokend identifier and uid
//
std::string TokenDaemon::tokenUid() const
{
	assert(hasTokenUid());
	return mTokenUid;
}


//
// Access to custom Info.plist fields
//
uint32 TokenDaemon::maxScore() const
{
	return cfNumber(CFNumberRef(mMe->infoPlistItem("TokendBestScore")), INT_MAX);
}


//
// Our childAction is to launch tokend after preparing its environment
//
void TokenDaemon::childAction()
{
	
	// permanently relinquish high privilege
#if defined(NDEBUG)
	UnixError::check(::setgid(mGid));
	UnixError::check(::setuid(mUid));
#else //NDEBUG
#ifndef __clang_analyzer__
	// best effort, okay if not
	::setgid(mGid);
	::setuid(mUid);
#endif // clang_analyzer
#endif //NDEBUG
	secinfo("tokend", "uid=%d gid=%d", getuid(), getgid());

	// go run the tokend
	char protocol[20]; snprintf(protocol, sizeof(protocol), "%d", TDPROTOVERSION);
	secinfo("tokend", "executing %s(\"%s\",%s)",
		mMe->executablePath().c_str(), mReaderName.c_str(), protocol);
	execl(mMe->executablePath().c_str(),
		mMe->executablePath().c_str(),
		protocol,									// #1: protocol version
		mReaderName.c_str(),						// #2: reader name
		CssmData::wrap(mState).toHex().c_str(),		// #3: PCSC reader state (hex)
		NULL);
}


//
// This will be called (by the UnixChild layer) when UNIX tells us that our tokend
// has died. That means it's quite dead (a Zombie) already.
//
void TokenDaemon::dying()
{
	ServerChild::dying();					// honor prior engagement
	fault(true, "token daemon has died");	// flag asynchronous fault
}


//
// Declare a fault.
//@@@ Semantics TBD.
//
void TokenDaemon::fault(bool async, const char *reason)
{
	if (!mFaulted) {
		secinfo("tokend", "%p declaring %s FAULT condition: %s",
			this, async ? "ASYNCHRONOUS" : "SYNCHRONOUS", reason);
		Syslog::notice("card in reader %s has faulted (%s)",
			mReaderName.c_str(), reason);
		mFaulted = true;
		if (mFaultRelay)
			mFaultRelay->relayFault(async);
	}
	if (!async)
		CssmError::throwMe(CSSM_ERRCODE_FUNCTION_FAILED);
}


//
// A fault signalled from the ClientSession layer is just a (synchronous) fault
// of TokenDaemon itself.
//
void TokenDaemon::fault()
{
	this->fault(false, "tokend service failed");
}


//
// Overridden Tokend::ClientSession methods (to siphon off some return data).
// Note that this does NOT include the Access magic; you still have to use
// TokenDaemon::Access to mediate the call.
//
bool TokenDaemon::probe()
{
	secinfo("tokend", "%p probing", this);
	ClientSession::probe(mScore, mTokenUid);
	secinfo("tokend", "%p probed score=%d tokenUid=\"%s\"", this, mScore, mTokenUid.c_str());
	mProbed = true;
	return mScore > 0;
}


//
// FaultRelay
//
FaultRelay::~FaultRelay()
{ /* virtual */ }


//
// Debug dump support
//
#if defined(DEBUGDUMP)

void TokenDaemon::dumpNode()
{
	PerGlobal::dumpNode();
	if (mFaulted)
		Debug::dump(" FAULT");
	Debug::dump(" service=%d/%d",
		ClientSession::servicePort().port(), ServerChild::servicePort().port());
}

#endif //DEBUGDUMP