1/*
2 * Copyright (c) 2007 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23#include "SecCodeHost.h"
24#include "SecCodeHostLib.h"
25#include <Security/Security.h>
26#include <Security/AuthSession.h>
27#include <securityd_client/ucsp.h>
28#include <servers/bootstrap.h>
29
30
31//
32// Global state
33//
34mach_port_t gServerPort;
35SecCSFlags gInitFlags;
36
37
38//
39// Framing macros and facilities
40//
41#define UCSP_ARGS	gServerPort, mig_get_reply_port(), &securitydCreds, &rcode
42#define ATTRDATA(attr) (void *)(attr), (attr) ? strlen((attr)) : 0
43
44#define CALL(func) \
45	security_token_t securitydCreds; \
46	CSSM_RETURN rcode; \
47	if (KERN_SUCCESS != func) \
48		return errSecCSInternalError; \
49	if (securitydCreds.val[0] != 0) \
50		return CSSM_ERRCODE_VERIFICATION_FAILURE; \
51	return rcode
52
53
54
55//
56// Mandatory initialization call
57//
58OSStatus SecHostLibInit(SecCSFlags flags)
59{
60	if (gServerPort != MACH_PORT_NULL)	// re-initialization attempt
61		return errSecCSInternalError;
62
63	mach_port_t bootstrapPort;
64	if (KERN_SUCCESS != task_get_bootstrap_port(mach_task_self(), &bootstrapPort))
65		return errSecCSInternalError;
66	static char serverName[BOOTSTRAP_MAX_NAME_LEN] = SECURITYSERVER_BOOTSTRAP_NAME;
67	if (KERN_SUCCESS != bootstrap_look_up(bootstrapPort, serverName, &gServerPort))
68		return errSecCSInternalError;
69
70	ClientSetupInfo info = { 0x1234, SSPROTOVERSION };
71	CALL(ucsp_client_setup(UCSP_ARGS, mach_task_self(), info, "?:unspecified"));
72}
73
74
75//
76// Guest creation.
77// At this time, this ONLY supports the creation of (one) dedicated guest.
78//
79OSStatus SecHostLibCreateGuest(SecGuestRef host,
80	uint32_t status, const char *path, const char *attributeXML,
81	SecCSFlags flags, SecGuestRef *newGuest)
82{
83	return SecHostLibCreateGuest2(host, status, path, "", 0, attributeXML, flags, newGuest);
84}
85
86OSStatus SecHostLibCreateGuest2(SecGuestRef host,
87	uint32_t status, const char *path, const void *cdhash, size_t cdhashLength, const char *attributeXML,
88	SecCSFlags flags, SecGuestRef *newGuest)
89{
90	if (flags != kSecCSDedicatedHost)
91		return errSecCSInvalidFlags;
92
93	CALL(ucsp_client_createGuest(UCSP_ARGS, host, status, path,
94		(void *)cdhash, cdhashLength, ATTRDATA(attributeXML), flags, newGuest));
95}
96
97
98//
99// Update the status of a guest.
100//
101OSStatus SecHostLibSetGuestStatus(SecGuestRef guestRef,
102	uint32_t status, const char *attributeXML,
103	SecCSFlags flags)
104{
105	CALL(ucsp_client_setGuestStatus(UCSP_ARGS, guestRef, status, ATTRDATA(attributeXML)));
106}
107
108
109//
110// Enable dynamic hosting mode.
111//
112OSStatus SecHostSetHostingPort(mach_port_t hostingPort, SecCSFlags flags)
113{
114	CALL(ucsp_client_registerHosting(UCSP_ARGS, hostingPort, flags));
115}
116
117
118//
119// Helper for checked incorporation of code.
120//
121OSStatus SecHostLibCheckLoad(const char *path, SecRequirementType type)
122{
123	CALL(ucsp_client_helpCheckLoad(UCSP_ARGS, path, type));
124}
125