1/* 2 * Copyright (c) 2007 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23#include "SecCodeHost.h" 24#include "SecCodeHostLib.h" 25#include <Security/Security.h> 26#include <Security/AuthSession.h> 27#include <securityd_client/ucsp.h> 28#include <servers/bootstrap.h> 29 30 31// 32// Global state 33// 34mach_port_t gServerPort; 35SecCSFlags gInitFlags; 36 37 38// 39// Framing macros and facilities 40// 41#define UCSP_ARGS gServerPort, mig_get_reply_port(), &securitydCreds, &rcode 42#define ATTRDATA(attr) (void *)(attr), (attr) ? strlen((attr)) : 0 43 44#define CALL(func) \ 45 security_token_t securitydCreds; \ 46 CSSM_RETURN rcode; \ 47 if (KERN_SUCCESS != func) \ 48 return errSecCSInternalError; \ 49 if (securitydCreds.val[0] != 0) \ 50 return CSSM_ERRCODE_VERIFICATION_FAILURE; \ 51 return rcode 52 53 54 55// 56// Mandatory initialization call 57// 58OSStatus SecHostLibInit(SecCSFlags flags) 59{ 60 if (gServerPort != MACH_PORT_NULL) // re-initialization attempt 61 return errSecCSInternalError; 62 63 mach_port_t bootstrapPort; 64 if (KERN_SUCCESS != task_get_bootstrap_port(mach_task_self(), &bootstrapPort)) 65 return errSecCSInternalError; 66 static char serverName[BOOTSTRAP_MAX_NAME_LEN] = SECURITYSERVER_BOOTSTRAP_NAME; 67 if (KERN_SUCCESS != bootstrap_look_up(bootstrapPort, serverName, &gServerPort)) 68 return errSecCSInternalError; 69 70 ClientSetupInfo info = { 0x1234, SSPROTOVERSION }; 71 CALL(ucsp_client_setup(UCSP_ARGS, mach_task_self(), info, "?:unspecified")); 72} 73 74 75// 76// Guest creation. 77// At this time, this ONLY supports the creation of (one) dedicated guest. 78// 79OSStatus SecHostLibCreateGuest(SecGuestRef host, 80 uint32_t status, const char *path, const char *attributeXML, 81 SecCSFlags flags, SecGuestRef *newGuest) 82{ 83 return SecHostLibCreateGuest2(host, status, path, "", 0, attributeXML, flags, newGuest); 84} 85 86OSStatus SecHostLibCreateGuest2(SecGuestRef host, 87 uint32_t status, const char *path, const void *cdhash, size_t cdhashLength, const char *attributeXML, 88 SecCSFlags flags, SecGuestRef *newGuest) 89{ 90 if (flags != kSecCSDedicatedHost) 91 return errSecCSInvalidFlags; 92 93 CALL(ucsp_client_createGuest(UCSP_ARGS, host, status, path, 94 (void *)cdhash, cdhashLength, ATTRDATA(attributeXML), flags, newGuest)); 95} 96 97 98// 99// Update the status of a guest. 100// 101OSStatus SecHostLibSetGuestStatus(SecGuestRef guestRef, 102 uint32_t status, const char *attributeXML, 103 SecCSFlags flags) 104{ 105 CALL(ucsp_client_setGuestStatus(UCSP_ARGS, guestRef, status, ATTRDATA(attributeXML))); 106} 107 108 109// 110// Enable dynamic hosting mode. 111// 112OSStatus SecHostSetHostingPort(mach_port_t hostingPort, SecCSFlags flags) 113{ 114 CALL(ucsp_client_registerHosting(UCSP_ARGS, hostingPort, flags)); 115} 116 117 118// 119// Helper for checked incorporation of code. 120// 121OSStatus SecHostLibCheckLoad(const char *path, SecRequirementType type) 122{ 123 CALL(ucsp_client_helpCheckLoad(UCSP_ARGS, path, type)); 124} 125