#ifndef _H_SERVER
#define _H_SERVER
#include "securityserver.h"
#include <Security/machserver.h>
#include <Security/powerwatch.h>
#include <Security/cssmclient.h>
#include <Security/cspclient.h>
#include <Security/osxsigner.h>
#include <Security/devrandom.h>
#include <Security/uniformrandom.h>
#include "codesigdb.h"
#include "connection.h"
#include "key.h"
#include "xdatabase.h"
#include "authority.h"
#include <map>
#define EQUIVALENCEDBPATH "/var/db/CodeEquivalenceDatabase"
class Server : public MachPlusPlus::MachServer,
public UniformRandomBlobs<DevRandomGenerator> {
public:
Server(Authority &myAuthority, CodeSignatures &signatures, const char *bootstrapName);
~Server();
void run();
static Server &active() { return safer_cast<Server &>(MachServer::active()); }
static const char *bootstrapName() { return active().mBootstrapName.c_str(); }
static Connection &connection(mach_port_t replyPort);
static Connection &connection(bool tolerant = false);
static void requestComplete();
static Key &key(KeyHandle key)
{ return findHandle<Key>(key, CSSMERR_CSP_INVALID_KEY_REFERENCE); }
static Key *optionalKey(KeyHandle k) { return (k == noKey) ? NULL : &key(k); }
static Database &database(DbHandle db)
{ return findHandle<Database>(db, CSSMERR_DL_INVALID_DB_HANDLE); }
static Database *optionalDatabase(DbHandle db) { return db ? &database(db) : NULL; }
static Authority &authority() { return active().mAuthority; }
static CodeSignatures &codeSignatures() { return active().mCodeSignatures; }
static SecurityServerAcl &aclBearer(AclKind kind, CSSM_HANDLE handle);
static CssmClient::CSP &csp() { return active().getCsp(); }
void loadCssm();
public:
enum ConnectLevel {
connectNewSession,
connectNewProcess,
connectNewThread
};
void setupConnection(ConnectLevel type, Port servicePort, Port replyPort, Port taskPort,
const security_token_t &securityToken,
const ClientSetupInfo *info = NULL, const char *executablePath = NULL);
void endConnection(Port replyPort);
static void releaseWhenDone(CssmAllocator &alloc, void *memory)
{ MachServer::active().releaseWhenDone(alloc, memory); }
static void releaseWhenDone(void *memory)
{ releaseWhenDone(CssmAllocator::standard(), memory); }
protected:
boolean_t handle(mach_msg_header_t *in, mach_msg_header_t *out);
void notifyDeadName(Port port);
void notifyNoSenders(Port port, mach_port_mscount_t);
private:
class SleepWatcher : public MachPlusPlus::PortPowerWatcher {
public:
void systemWillSleep();
};
SleepWatcher sleepWatcher;
private:
Mutex lock;
std::string mBootstrapName;
typedef map<mach_port_t, Connection *> ConnectionMap;
ConnectionMap connections;
typedef map<mach_port_t, Process *> ProcessMap;
ProcessMap processes;
PerThreadPointer<Connection> mCurrentConnection;
CssmClient::Cssm mCssm; CssmClient::Module mCSPModule; CssmClient::CSP mCSP; CssmClient::CSP &getCsp();
Authority &mAuthority;
CodeSignatures &mCodeSignatures;
};
#endif //_H_SERVER