/* * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). * You may not use this file except in compliance with the License. Please obtain * a copy of the License at http://www.apple.com/publicsource and read it before * using this file. * * This Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the * specific language governing rights and limitations under the License. */ // // cssmplugin - adapter framework for C++-based CDSA plugin modules // // A note on locking: Attachments are effectively reference counted in CSSM. // CSSM will not let a client detach an attachment that has a(nother) thread // active in its code. Thus, our locks merely protect global maps; they do not // need (or try) to close the classic use-and-delete window. // #include <security_cdsa_plugin/cssmplugin.h> #include <security_cdsa_plugin/pluginsession.h> #include <memory> ModuleNexus<CssmPlugin::SessionMap> CssmPlugin::sessionMap; CssmPlugin::CssmPlugin() : mLoaded(false) { } CssmPlugin::~CssmPlugin() { // Note: if mLoaded, we're being unloaded forcibly. // (CSSM wouldn't do this to us in normal operation.) } // // Load processing. // CSSM only calls this once for a module, and multiplexes any additional // CSSM_ModuleLoad calls internally. So this is only called when we have just // been loaded (and not yet attached). // void CssmPlugin::moduleLoad(const Guid &cssmGuid, const Guid &moduleGuid, const ModuleCallback &newCallback) { if (mLoaded) CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); mMyGuid = moduleGuid; // let the implementation know that we're loading this->load(); // commit mCallback = newCallback; mLoaded = true; } // // Unload processing. // The callback passed here will be the same passed to load. // CSSM only calls this on a "final" CSSM_ModuleUnload, after all attachments // are destroyed and (just) before we are physically unloaded. // void CssmPlugin::moduleUnload(const Guid &cssmGuid, const Guid &moduleGuid, const ModuleCallback &oldCallback) { // check the callback vector if (!mLoaded || oldCallback != mCallback) CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); // tell our subclass that we're closing down this->unload(); // commit closure mLoaded = false; } // // Create one attachment session. This is what CSSM calls to process // a CSSM_ModuleAttach call. moduleLoad() has already been called and has // returned successfully. // void CssmPlugin::moduleAttach(CSSM_MODULE_HANDLE theHandle, const Guid &newCssmGuid, const Guid &moduleGuid, const Guid &moduleManagerGuid, const Guid &callerGuid, const CSSM_VERSION &version, uint32 subserviceId, CSSM_SERVICE_TYPE subserviceType, CSSM_ATTACH_FLAGS attachFlags, CSSM_KEY_HIERARCHY keyHierarchy, const CSSM_UPCALLS &upcalls, CSSM_MODULE_FUNCS_PTR &funcTbl) { // basic (in)sanity checks if (moduleGuid != mMyGuid) CssmError::throwMe(CSSM_ERRCODE_INVALID_GUID); // make the new session object, hanging in thin air auto_ptr<PluginSession> session(this->makeSession(theHandle, version, subserviceId, subserviceType, attachFlags, upcalls)); // haggle with the implementor funcTbl = session->construct(); // commit this session creation StLock<Mutex> _(sessionMap()); sessionMap()[theHandle] = session.release(); } // // Undo a (single) module attachment. This calls the detach() method on // the Session object representing the attachment. This is only called // if session->construct() has succeeded previously. // If session->detach() fails, we do not destroy the session and it continues // to live, though its handle may have (briefly) been invalid. This is for // desperate "mustn't go right now" situations and should not be abused. // CSSM always has the ability to ditch you without your consent if you are // obstreporous. // void CssmPlugin::moduleDetach(CSSM_MODULE_HANDLE handle) { // locate the plugin and hold the sessionMapLock PluginSession *session; { StLock<Mutex> _(sessionMap()); SessionMap::iterator it = sessionMap().find(handle); if (it == sessionMap().end()) CssmError::throwMe(CSSMERR_CSSM_INVALID_ADDIN_HANDLE); session = it->second; sessionMap().erase(it); } // let the session know it is going away try { session->detach(); delete session; } catch (...) { // session detach failed - put the plugin back and fail StLock<Mutex> _(sessionMap()); sessionMap()[handle] = session; throw; } } // // Send an official CSSM module callback message upstream // void CssmPlugin::sendCallback(CSSM_MODULE_EVENT event, uint32 ssid, CSSM_SERVICE_TYPE serviceType) const { assert(mLoaded); mCallback(event, mMyGuid, ssid, serviceType); } // // Default subclass hooks. // The default implementations succeed without doing anything. // void CssmPlugin::load() { } void CssmPlugin::unload() { }