1 | /* |
2 | * Copyright (c) 2014-2021 Apple Inc. All rights reserved. |
3 | * |
4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
5 | * |
6 | * This file contains Original Code and/or Modifications of Original Code |
7 | * as defined in and that are subject to the Apple Public Source License |
8 | * Version 2.0 (the 'License'). You may not use this file except in |
9 | * compliance with the License. The rights granted to you under the License |
10 | * may not be used to create, or enable the creation or redistribution of, |
11 | * unlawful or unlicensed copies of an Apple operating system, or to |
12 | * circumvent, violate, or enable the circumvention or violation of, any |
13 | * terms of an Apple operating system software license agreement. |
14 | * |
15 | * Please obtain a copy of the License at |
16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
17 | * |
18 | * The Original Code and all software distributed under the License are |
19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
23 | * Please see the License for the specific language governing rights and |
24 | * limitations under the License. |
25 | * |
26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
27 | */ |
28 | |
29 | #include <string.h> |
30 | #include <sys/systm.h> |
31 | #include <sys/types.h> |
32 | #include <sys/syslog.h> |
33 | #include <sys/queue.h> |
34 | #include <sys/malloc.h> |
35 | #include <sys/kernel.h> |
36 | #include <sys/kern_control.h> |
37 | #include <sys/mbuf.h> |
38 | #include <sys/kpi_mbuf.h> |
39 | #include <sys/sysctl.h> |
40 | #include <sys/priv.h> |
41 | #include <sys/kern_event.h> |
42 | #include <sys/sysproto.h> |
43 | #include <net/network_agent.h> |
44 | #include <net/if_var.h> |
45 | #include <net/necp.h> |
46 | #include <os/log.h> |
47 | |
48 | u_int32_t netagent_debug = LOG_NOTICE; // 0=None, 1=Basic |
49 | |
50 | SYSCTL_NODE(_net, OID_AUTO, netagent, CTLFLAG_RW | CTLFLAG_LOCKED, 0, "NetworkAgent" ); |
51 | SYSCTL_INT(_net_netagent, OID_AUTO, debug, CTLFLAG_LOCKED | CTLFLAG_RW, &netagent_debug, 0, "" ); |
52 | |
53 | static int netagent_registered_count = 0; |
54 | SYSCTL_INT(_net_netagent, OID_AUTO, registered_count, CTLFLAG_RD | CTLFLAG_LOCKED, |
55 | &netagent_registered_count, 0, "" ); |
56 | |
57 | static int netagent_active_count = 0; |
58 | SYSCTL_INT(_net_netagent, OID_AUTO, active_count, CTLFLAG_RD | CTLFLAG_LOCKED, |
59 | &netagent_active_count, 0, "" ); |
60 | |
61 | #define NETAGENTLOG(level, format, ...) do { \ |
62 | if (level <= netagent_debug) { \ |
63 | if (level == LOG_ERR) { \ |
64 | os_log_error(OS_LOG_DEFAULT, "%s: " format "\n", __FUNCTION__, __VA_ARGS__); \ |
65 | } else { \ |
66 | os_log(OS_LOG_DEFAULT, "%s: " format "\n", __FUNCTION__, __VA_ARGS__); \ |
67 | } \ |
68 | } \ |
69 | } while (0) |
70 | |
71 | #define NETAGENTLOG0(level, msg) do { \ |
72 | if (level <= netagent_debug) { \ |
73 | if (level == LOG_ERR) { \ |
74 | os_log_error(OS_LOG_DEFAULT, "%s: %s\n", __FUNCTION__, msg); \ |
75 | } else { \ |
76 | os_log(OS_LOG_DEFAULT, "%s: %s\n", __FUNCTION__, msg); \ |
77 | } \ |
78 | } \ |
79 | } while (0) |
80 | |
81 | struct netagent_client { |
82 | LIST_ENTRY(netagent_client) client_chain; |
83 | uuid_t client_id; |
84 | uuid_t client_proc_uuid; |
85 | pid_t client_pid; |
86 | }; |
87 | |
88 | LIST_HEAD(netagent_client_list_s, netagent_client); |
89 | |
90 | struct netagent_token { |
91 | TAILQ_ENTRY(netagent_token) token_chain; |
92 | u_int32_t token_length; |
93 | u_int8_t *token_bytes; |
94 | }; |
95 | |
96 | TAILQ_HEAD(netagent_token_list_s, netagent_token); |
97 | |
98 | #define NETAGENT_MAX_CLIENT_ERROR_COUNT 32 |
99 | |
100 | struct netagent_wrapper { |
101 | LIST_ENTRY(netagent_wrapper) list_chain; |
102 | lck_rw_t agent_lock; |
103 | u_int32_t control_unit; |
104 | netagent_event_f event_handler; |
105 | void *event_context; |
106 | u_int32_t generation; |
107 | u_int64_t use_count; |
108 | u_int64_t need_tokens_event_deadline; |
109 | u_int32_t token_count; |
110 | u_int32_t token_low_water; |
111 | int32_t last_client_error; |
112 | u_int32_t client_error_count; |
113 | u_int8_t __pad_bytes[3]; |
114 | struct netagent_token_list_s token_list; |
115 | struct netagent_client_list_s pending_triggers_list; |
116 | struct netagent *netagent; |
117 | }; |
118 | |
119 | struct netagent_session { |
120 | u_int32_t control_unit; // A control unit of 0 indicates an agent owned by the kernel |
121 | lck_mtx_t session_lock; |
122 | struct netagent_wrapper *wrapper; |
123 | netagent_event_f event_handler; |
124 | void *event_context; |
125 | }; |
126 | |
127 | typedef enum { |
128 | kNetagentErrorDomainPOSIX = 0, |
129 | kNetagentErrorDomainUserDefined = 1, |
130 | } netagent_error_domain_t; |
131 | |
132 | static LIST_HEAD(_netagent_list, netagent_wrapper) shared_netagent_list = |
133 | LIST_HEAD_INITIALIZER(master_netagent_list); |
134 | |
135 | // Protected by netagent_list_lock |
136 | static u_int32_t g_next_generation = 1; |
137 | |
138 | static kern_ctl_ref netagent_kctlref; |
139 | static u_int32_t netagent_family; |
140 | static LCK_GRP_DECLARE(netagent_mtx_grp, NETAGENT_CONTROL_NAME); |
141 | static LCK_RW_DECLARE(netagent_list_lock, &netagent_mtx_grp); |
142 | |
143 | #define NETAGENT_LIST_LOCK_EXCLUSIVE() lck_rw_lock_exclusive(&netagent_list_lock) |
144 | #define NETAGENT_LIST_LOCK_SHARED() lck_rw_lock_shared(&netagent_list_lock) |
145 | #define NETAGENT_LIST_UNLOCK() lck_rw_done(&netagent_list_lock) |
146 | #define NETAGENT_LIST_ASSERT_LOCKED() LCK_RW_ASSERT(&netagent_list_lock, LCK_RW_ASSERT_HELD) |
147 | |
148 | #define NETAGENT_SESSION_LOCK(session) lck_mtx_lock(&session->session_lock) |
149 | #define NETAGENT_SESSION_UNLOCK(session) lck_mtx_unlock(&session->session_lock) |
150 | |
151 | #define NETAGENT_LOCK_EXCLUSIVE(wrapper) lck_rw_lock_exclusive(&wrapper->agent_lock) |
152 | #define NETAGENT_LOCK_SHARED(wrapper) lck_rw_lock_shared(&wrapper->agent_lock) |
153 | #define NETAGENT_LOCK_SHARED_TO_EXCLUSIVE(wrapper) lck_rw_lock_shared_to_exclusive(&wrapper->agent_lock) |
154 | #define NETAGENT_UNLOCK(wrapper) lck_rw_done(&wrapper->agent_lock) |
155 | #define NETAGENT_ASSERT_LOCKED(wrapper) LCK_RW_ASSERT(&wrapper->agent_lock, LCK_RW_ASSERT_HELD) |
156 | |
157 | // Locking Notes |
158 | |
159 | // Precedence, where 1 is the first lock that must be taken |
160 | // 1. NETAGENT_LIST_LOCK - protects shared_netagent_list |
161 | // 2. NETAGENT_SESSION_LOCK - protects the session->wrapper pointer |
162 | // 3. NETAGENT_LOCK -> protects values in a wrapper |
163 | |
164 | static errno_t netagent_register_control(void); |
165 | static errno_t netagent_ctl_connect(kern_ctl_ref kctlref, struct sockaddr_ctl *sac, |
166 | void **unitinfo); |
167 | static errno_t netagent_ctl_disconnect(kern_ctl_ref kctlref, u_int32_t unit, void *unitinfo); |
168 | static errno_t netagent_ctl_send(kern_ctl_ref kctlref, u_int32_t unit, void *unitinfo, |
169 | mbuf_t m, int flags); |
170 | static void netagent_ctl_rcvd(kern_ctl_ref kctlref, u_int32_t unit, void *unitinfo, int flags); |
171 | static errno_t netagent_ctl_getopt(kern_ctl_ref kctlref, u_int32_t unit, void *unitinfo, |
172 | int opt, void *data, size_t *len); |
173 | static errno_t netagent_ctl_setopt(kern_ctl_ref kctlref, u_int32_t unit, void *unitinfo, |
174 | int opt, void *data, size_t len); |
175 | |
176 | static int netagent_send_ctl_data(u_int32_t control_unit, u_int8_t *buffer, size_t buffer_size); |
177 | |
178 | static struct netagent_session *netagent_create_session(u_int32_t control_unit); |
179 | static void netagent_delete_session(struct netagent_session *session); |
180 | |
181 | // Register |
182 | static void netagent_handle_register_message(struct netagent_session *session, u_int32_t message_id, |
183 | size_t payload_length, mbuf_t packet, size_t offset); |
184 | static errno_t netagent_handle_register_setopt(struct netagent_session *session, u_int8_t *payload, |
185 | size_t payload_length); |
186 | |
187 | // Unregister |
188 | static void netagent_handle_unregister_message(struct netagent_session *session, u_int32_t message_id, |
189 | size_t payload_length, mbuf_t packet, size_t offset); |
190 | static errno_t netagent_handle_unregister_setopt(struct netagent_session *session, u_int8_t *payload, |
191 | size_t payload_length); |
192 | |
193 | // Update |
194 | static void netagent_handle_update_message(struct netagent_session *session, u_int32_t message_id, |
195 | size_t payload_length, mbuf_t packet, size_t offset); |
196 | static errno_t netagent_handle_update_setopt(struct netagent_session *session, u_int8_t *payload, |
197 | size_t payload_length); |
198 | |
199 | // Assign nexus |
200 | static void netagent_handle_assign_nexus_message(struct netagent_session *session, u_int32_t message_id, |
201 | size_t payload_length, mbuf_t packet, size_t offset); |
202 | static errno_t netagent_handle_assign_nexus_setopt(struct netagent_session *session, u_int8_t *payload, |
203 | size_t payload_length); |
204 | |
205 | // Assign group |
206 | static errno_t netagent_handle_assign_group_setopt(struct netagent_session *session, u_int8_t *payload, |
207 | size_t payload_length); |
208 | |
209 | // Set/get assert count |
210 | static errno_t netagent_handle_use_count_setopt(struct netagent_session *session, u_int8_t *payload, size_t payload_length); |
211 | static errno_t netagent_handle_use_count_getopt(struct netagent_session *session, u_int8_t *buffer, size_t *buffer_length); |
212 | |
213 | // Manage tokens |
214 | static errno_t netagent_handle_add_token_setopt(struct netagent_session *session, u_int8_t *payload, size_t payload_length); |
215 | static errno_t netagent_handle_flush_tokens_setopt(struct netagent_session *session, u_int8_t *payload, size_t payload_length); |
216 | static errno_t netagent_handle_token_count_getopt(struct netagent_session *session, u_int8_t *buffer, size_t *buffer_length); |
217 | static errno_t netagent_handle_token_low_water_setopt(struct netagent_session *session, u_int8_t *buffer, size_t buffer_length); |
218 | static errno_t netagent_handle_token_low_water_getopt(struct netagent_session *session, u_int8_t *buffer, size_t *buffer_length); |
219 | |
220 | // Client error |
221 | static errno_t netagent_handle_reset_client_error_setopt(struct netagent_session *session, u_int8_t *payload, size_t payload_length); |
222 | |
223 | static void netagent_handle_get(struct netagent_session *session, u_int32_t message_id, |
224 | size_t payload_length, mbuf_t packet, size_t offset); |
225 | |
226 | // Requires list lock being held |
227 | static struct netagent_wrapper *netagent_find_agent_with_uuid_and_lock(uuid_t uuid, bool exclusively, bool ignore_lock); |
228 | |
229 | errno_t |
230 | netagent_init(void) |
231 | { |
232 | return netagent_register_control(); |
233 | } |
234 | |
235 | static errno_t |
236 | netagent_register_control(void) |
237 | { |
238 | struct kern_ctl_reg kern_ctl; |
239 | errno_t result = 0; |
240 | |
241 | // Find a unique value for our interface family |
242 | result = mbuf_tag_id_find(NETAGENT_CONTROL_NAME, module_id: &netagent_family); |
243 | if (result != 0) { |
244 | NETAGENTLOG(LOG_ERR, "mbuf_tag_id_find_internal failed: %d" , result); |
245 | return result; |
246 | } |
247 | |
248 | bzero(s: &kern_ctl, n: sizeof(kern_ctl)); |
249 | strlcpy(dst: kern_ctl.ctl_name, NETAGENT_CONTROL_NAME, n: sizeof(kern_ctl.ctl_name)); |
250 | kern_ctl.ctl_name[sizeof(kern_ctl.ctl_name) - 1] = 0; |
251 | kern_ctl.ctl_flags = CTL_FLAG_PRIVILEGED; // Require root |
252 | kern_ctl.ctl_sendsize = 64 * 1024; |
253 | kern_ctl.ctl_recvsize = 64 * 1024; |
254 | kern_ctl.ctl_connect = netagent_ctl_connect; |
255 | kern_ctl.ctl_disconnect = netagent_ctl_disconnect; |
256 | kern_ctl.ctl_send = netagent_ctl_send; |
257 | kern_ctl.ctl_rcvd = netagent_ctl_rcvd; |
258 | kern_ctl.ctl_setopt = netagent_ctl_setopt; |
259 | kern_ctl.ctl_getopt = netagent_ctl_getopt; |
260 | |
261 | result = ctl_register(userkctl: &kern_ctl, kctlref: &netagent_kctlref); |
262 | if (result != 0) { |
263 | NETAGENTLOG(LOG_ERR, "ctl_register failed: %d" , result); |
264 | return result; |
265 | } |
266 | |
267 | return 0; |
268 | } |
269 | |
270 | static errno_t |
271 | netagent_ctl_connect(kern_ctl_ref kctlref, struct sockaddr_ctl *sac, void **unitinfo) |
272 | { |
273 | #pragma unused(kctlref) |
274 | *unitinfo = netagent_create_session(control_unit: sac->sc_unit); |
275 | if (*unitinfo == NULL) { |
276 | // Could not allocate session |
277 | return ENOBUFS; |
278 | } |
279 | |
280 | return 0; |
281 | } |
282 | |
283 | static errno_t |
284 | netagent_ctl_disconnect(kern_ctl_ref kctlref, u_int32_t unit, void *unitinfo) |
285 | { |
286 | #pragma unused(kctlref, unit) |
287 | struct netagent_session *session = (struct netagent_session *)unitinfo; |
288 | if (session != NULL) { |
289 | netagent_delete_session(session); |
290 | } |
291 | |
292 | return 0; |
293 | } |
294 | |
295 | // Kernel events |
296 | static void |
297 | netagent_post_event(uuid_t agent_uuid, u_int32_t event_code, bool update_necp, bool should_update_immediately) |
298 | { |
299 | if (update_necp) { |
300 | necp_update_all_clients_immediately_if_needed(should_update_immediately); |
301 | } |
302 | |
303 | struct kev_msg ev_msg; |
304 | memset(s: &ev_msg, c: 0, n: sizeof(ev_msg)); |
305 | |
306 | struct kev_netagent_data event_data; |
307 | |
308 | ev_msg.vendor_code = KEV_VENDOR_APPLE; |
309 | ev_msg.kev_class = KEV_NETWORK_CLASS; |
310 | ev_msg.kev_subclass = KEV_NETAGENT_SUBCLASS; |
311 | ev_msg.event_code = event_code; |
312 | |
313 | uuid_copy(dst: event_data.netagent_uuid, src: agent_uuid); |
314 | ev_msg.dv[0].data_ptr = &event_data; |
315 | ev_msg.dv[0].data_length = sizeof(event_data); |
316 | |
317 | kev_post_msg(event: &ev_msg); |
318 | } |
319 | |
320 | // Message handling |
321 | static u_int8_t * |
322 | (u_int8_t *buffer, u_int8_t message_type, u_int8_t flags, |
323 | u_int32_t message_id, u_int32_t error, size_t payload_length) |
324 | { |
325 | memset(s: buffer, c: 0, n: sizeof(struct netagent_message_header)); |
326 | ((struct netagent_message_header *)(void *)buffer)->message_type = message_type; |
327 | ((struct netagent_message_header *)(void *)buffer)->message_flags = flags; |
328 | ((struct netagent_message_header *)(void *)buffer)->message_id = message_id; |
329 | ((struct netagent_message_header *)(void *)buffer)->message_error = error; |
330 | ((struct netagent_message_header *)(void *)buffer)->message_payload_length = (u_int32_t)payload_length; |
331 | return buffer + sizeof(struct netagent_message_header); |
332 | } |
333 | |
334 | static int |
335 | netagent_send_ctl_data(u_int32_t control_unit, u_int8_t *buffer, size_t buffer_size) |
336 | { |
337 | if (netagent_kctlref == NULL || control_unit == 0 || buffer == NULL || buffer_size == 0) { |
338 | return EINVAL; |
339 | } |
340 | |
341 | return ctl_enqueuedata(kctlref: netagent_kctlref, unit: control_unit, data: buffer, len: buffer_size, CTL_DATA_EOR); |
342 | } |
343 | |
344 | static int |
345 | netagent_send_trigger(struct netagent_wrapper *wrapper, struct proc *p, u_int32_t flags, u_int8_t trigger_type) |
346 | { |
347 | int error = 0; |
348 | struct netagent_trigger_message *trigger_message = NULL; |
349 | u_int8_t *trigger = NULL; |
350 | size_t trigger_size = sizeof(struct netagent_message_header) + sizeof(struct netagent_trigger_message); |
351 | |
352 | trigger = (u_int8_t *)kalloc_data(trigger_size, Z_WAITOK); |
353 | if (trigger == NULL) { |
354 | return ENOMEM; |
355 | } |
356 | |
357 | (void)netagent_buffer_write_message_header(buffer: trigger, message_type: trigger_type, flags: 0, message_id: 0, error: 0, payload_length: sizeof(struct netagent_trigger_message)); |
358 | |
359 | trigger_message = (struct netagent_trigger_message *)(void *)(trigger + sizeof(struct netagent_message_header)); |
360 | trigger_message->trigger_flags = flags; |
361 | if (p != NULL) { |
362 | trigger_message->trigger_pid = proc_pid(p); |
363 | proc_getexecutableuuid(p, trigger_message->trigger_proc_uuid, sizeof(trigger_message->trigger_proc_uuid)); |
364 | } else { |
365 | trigger_message->trigger_pid = 0; |
366 | uuid_clear(uu: trigger_message->trigger_proc_uuid); |
367 | } |
368 | |
369 | if ((error = netagent_send_ctl_data(control_unit: wrapper->control_unit, buffer: trigger, buffer_size: trigger_size))) { |
370 | NETAGENTLOG(LOG_ERR, "Failed to send trigger message on control unit %d" , wrapper->control_unit); |
371 | } |
372 | |
373 | kfree_data(trigger, trigger_size); |
374 | return error; |
375 | } |
376 | |
377 | static int |
378 | netagent_send_client_message(struct netagent_wrapper *wrapper, uuid_t client_id, u_int8_t message_type) |
379 | { |
380 | int error = 0; |
381 | struct netagent_client_message *client_message = NULL; |
382 | u_int8_t *message = NULL; |
383 | size_t message_size = sizeof(struct netagent_message_header) + sizeof(struct netagent_client_message); |
384 | |
385 | message = (u_int8_t *)kalloc_data(message_size, Z_WAITOK); |
386 | if (message == NULL) { |
387 | return ENOMEM; |
388 | } |
389 | |
390 | (void)netagent_buffer_write_message_header(buffer: message, message_type, flags: 0, message_id: 0, error: 0, payload_length: sizeof(struct netagent_client_message)); |
391 | |
392 | client_message = (struct netagent_client_message *)(void *)(message + sizeof(struct netagent_message_header)); |
393 | uuid_copy(dst: client_message->client_id, src: client_id); |
394 | |
395 | if ((error = netagent_send_ctl_data(control_unit: wrapper->control_unit, buffer: message, buffer_size: message_size))) { |
396 | NETAGENTLOG(LOG_ERR, "Failed to send client message %d on control unit %d" , message_type, wrapper->control_unit); |
397 | } |
398 | |
399 | kfree_data(message, message_size); |
400 | return error; |
401 | } |
402 | |
403 | static int |
404 | netagent_send_error_message(struct netagent_wrapper *wrapper, uuid_t client_id, u_int8_t message_type, int32_t error_code) |
405 | { |
406 | int error = 0; |
407 | struct netagent_client_error_message *client_message = NULL; |
408 | u_int8_t *message = NULL; |
409 | size_t message_size = sizeof(struct netagent_message_header) + sizeof(struct netagent_client_error_message); |
410 | |
411 | message = (u_int8_t *)kalloc_data(message_size, Z_WAITOK); |
412 | if (message == NULL) { |
413 | return ENOMEM; |
414 | } |
415 | |
416 | (void)netagent_buffer_write_message_header(buffer: message, message_type, flags: 0, message_id: 0, error: 0, payload_length: sizeof(struct netagent_client_error_message)); |
417 | |
418 | client_message = (struct netagent_client_error_message *)(void *)(message + sizeof(struct netagent_message_header)); |
419 | uuid_copy(dst: client_message->client_id, src: client_id); |
420 | client_message->error_code = error_code; |
421 | |
422 | if ((error = netagent_send_ctl_data(control_unit: wrapper->control_unit, buffer: message, buffer_size: message_size))) { |
423 | NETAGENTLOG(LOG_ERR, "Failed to send client message %d on control unit %d" , message_type, wrapper->control_unit); |
424 | } |
425 | |
426 | kfree_data(message, message_size); |
427 | return error; |
428 | } |
429 | |
430 | static int |
431 | netagent_send_group_message(struct netagent_wrapper *wrapper, uuid_t client_id, u_int8_t message_type, struct necp_client_group_members *group_members) |
432 | { |
433 | int error = 0; |
434 | struct netagent_client_group_message *client_message = NULL; |
435 | u_int8_t *message = NULL; |
436 | size_t message_size = sizeof(struct netagent_message_header) + sizeof(struct netagent_client_group_message) + group_members->group_members_length; |
437 | |
438 | message = (u_int8_t *)kalloc_data(message_size, Z_WAITOK); |
439 | if (message == NULL) { |
440 | return ENOMEM; |
441 | } |
442 | |
443 | (void)netagent_buffer_write_message_header(buffer: message, message_type, flags: 0, message_id: 0, error: 0, payload_length: sizeof(struct netagent_client_group_message) + group_members->group_members_length); |
444 | |
445 | client_message = (struct netagent_client_group_message *)(void *)(message + sizeof(struct netagent_message_header)); |
446 | uuid_copy(dst: client_message->client_id, src: client_id); |
447 | memcpy(dst: client_message->group_members, src: group_members->group_members, n: group_members->group_members_length); |
448 | |
449 | if ((error = netagent_send_ctl_data(control_unit: wrapper->control_unit, buffer: message, buffer_size: message_size))) { |
450 | NETAGENTLOG(LOG_ERR, "Failed to send client group message %d on control unit %d" , message_type, wrapper->control_unit); |
451 | } |
452 | |
453 | kfree_data(message, message_size); |
454 | return error; |
455 | } |
456 | |
457 | static int |
458 | netagent_send_tokens_needed(struct netagent_wrapper *wrapper) |
459 | { |
460 | const u_int8_t message_type = NETAGENT_MESSAGE_TYPE_TOKENS_NEEDED; |
461 | int error = 0; |
462 | u_int8_t *message = NULL; |
463 | size_t message_size = sizeof(struct netagent_message_header); |
464 | |
465 | message = (u_int8_t *)kalloc_data(message_size, Z_WAITOK); |
466 | if (message == NULL) { |
467 | return ENOMEM; |
468 | } |
469 | |
470 | (void)netagent_buffer_write_message_header(buffer: message, message_type, flags: 0, message_id: 0, error: 0, payload_length: 0); |
471 | |
472 | if ((error = netagent_send_ctl_data(control_unit: wrapper->control_unit, buffer: message, buffer_size: message_size))) { |
473 | NETAGENTLOG(LOG_ERR, "Failed to send client tokens needed message on control unit %d" , wrapper->control_unit); |
474 | } |
475 | |
476 | kfree_data(message, message_size); |
477 | return error; |
478 | } |
479 | |
480 | static int |
481 | netagent_send_success_response(struct netagent_session *session, u_int8_t message_type, u_int32_t message_id) |
482 | { |
483 | int error = 0; |
484 | u_int8_t *response = NULL; |
485 | size_t response_size = sizeof(struct netagent_message_header); |
486 | response = (u_int8_t *)kalloc_data(response_size, Z_WAITOK); |
487 | if (response == NULL) { |
488 | return ENOMEM; |
489 | } |
490 | (void)netagent_buffer_write_message_header(buffer: response, message_type, NETAGENT_MESSAGE_FLAGS_RESPONSE, message_id, error: 0, payload_length: 0); |
491 | |
492 | if ((error = netagent_send_ctl_data(control_unit: session->control_unit, buffer: response, buffer_size: response_size))) { |
493 | NETAGENTLOG0(LOG_ERR, "Failed to send response" ); |
494 | } |
495 | |
496 | kfree_data(response, response_size); |
497 | return error; |
498 | } |
499 | |
500 | static errno_t |
501 | netagent_send_error_response(struct netagent_session *session, u_int8_t message_type, |
502 | u_int32_t message_id, u_int32_t error_code) |
503 | { |
504 | int error = 0; |
505 | u_int8_t *response = NULL; |
506 | size_t response_size = sizeof(struct netagent_message_header); |
507 | |
508 | if (session == NULL) { |
509 | NETAGENTLOG0(LOG_ERR, "Got a NULL session" ); |
510 | return EINVAL; |
511 | } |
512 | |
513 | response = (u_int8_t *)kalloc_data(response_size, Z_WAITOK); |
514 | if (response == NULL) { |
515 | return ENOMEM; |
516 | } |
517 | (void)netagent_buffer_write_message_header(buffer: response, message_type, NETAGENT_MESSAGE_FLAGS_RESPONSE, |
518 | message_id, error: error_code, payload_length: 0); |
519 | |
520 | if ((error = netagent_send_ctl_data(control_unit: session->control_unit, buffer: response, buffer_size: response_size))) { |
521 | NETAGENTLOG0(LOG_ERR, "Failed to send response" ); |
522 | } |
523 | |
524 | kfree_data(response, response_size); |
525 | return error; |
526 | } |
527 | |
528 | static errno_t |
529 | netagent_ctl_send(kern_ctl_ref kctlref, u_int32_t unit, void *unitinfo, mbuf_t packet, int flags) |
530 | { |
531 | #pragma unused(kctlref, unit, flags) |
532 | struct netagent_session *session = (struct netagent_session *)unitinfo; |
533 | struct netagent_message_header ; |
534 | int error = 0; |
535 | |
536 | if (session == NULL) { |
537 | NETAGENTLOG0(LOG_ERR, "Got a NULL session" ); |
538 | error = EINVAL; |
539 | goto done; |
540 | } |
541 | |
542 | if (mbuf_pkthdr_len(mbuf: packet) < sizeof(header)) { |
543 | NETAGENTLOG(LOG_ERR, "Got a bad packet, length (%lu) < sizeof header (%lu)" , |
544 | mbuf_pkthdr_len(packet), sizeof(header)); |
545 | error = EINVAL; |
546 | goto done; |
547 | } |
548 | |
549 | error = mbuf_copydata(mbuf: packet, offset: 0, length: sizeof(header), out_data: &header); |
550 | if (error) { |
551 | NETAGENTLOG(LOG_ERR, "mbuf_copydata failed for the header: %d" , error); |
552 | error = ENOBUFS; |
553 | goto done; |
554 | } |
555 | |
556 | switch (header.message_type) { |
557 | case NETAGENT_MESSAGE_TYPE_REGISTER: { |
558 | netagent_handle_register_message(session, message_id: header.message_id, payload_length: header.message_payload_length, |
559 | packet, offset: sizeof(header)); |
560 | break; |
561 | } |
562 | case NETAGENT_MESSAGE_TYPE_UNREGISTER: { |
563 | netagent_handle_unregister_message(session, message_id: header.message_id, payload_length: header.message_payload_length, |
564 | packet, offset: sizeof(header)); |
565 | break; |
566 | } |
567 | case NETAGENT_MESSAGE_TYPE_UPDATE: { |
568 | netagent_handle_update_message(session, message_id: header.message_id, payload_length: header.message_payload_length, |
569 | packet, offset: sizeof(header)); |
570 | break; |
571 | } |
572 | case NETAGENT_MESSAGE_TYPE_GET: { |
573 | netagent_handle_get(session, message_id: header.message_id, payload_length: header.message_payload_length, |
574 | packet, offset: sizeof(header)); |
575 | break; |
576 | } |
577 | case NETAGENT_MESSAGE_TYPE_ASSERT: { |
578 | NETAGENTLOG0(LOG_ERR, "NETAGENT_MESSAGE_TYPE_ASSERT no longer supported" ); |
579 | break; |
580 | } |
581 | case NETAGENT_MESSAGE_TYPE_UNASSERT: { |
582 | NETAGENTLOG0(LOG_ERR, "NETAGENT_MESSAGE_TYPE_UNASSERT no longer supported" ); |
583 | break; |
584 | } |
585 | case NETAGENT_MESSAGE_TYPE_ASSIGN_NEXUS: { |
586 | netagent_handle_assign_nexus_message(session, message_id: header.message_id, payload_length: header.message_payload_length, |
587 | packet, offset: sizeof(header)); |
588 | break; |
589 | } |
590 | default: { |
591 | NETAGENTLOG(LOG_ERR, "Received unknown message type %d" , header.message_type); |
592 | netagent_send_error_response(session, message_type: header.message_type, message_id: header.message_id, |
593 | NETAGENT_MESSAGE_ERROR_UNKNOWN_TYPE); |
594 | break; |
595 | } |
596 | } |
597 | |
598 | done: |
599 | mbuf_freem(mbuf: packet); |
600 | return error; |
601 | } |
602 | |
603 | static void |
604 | netagent_ctl_rcvd(kern_ctl_ref kctlref, u_int32_t unit, void *unitinfo, int flags) |
605 | { |
606 | #pragma unused(kctlref, unit, unitinfo, flags) |
607 | return; |
608 | } |
609 | |
610 | static errno_t |
611 | netagent_ctl_getopt(kern_ctl_ref kctlref, u_int32_t unit, void *unitinfo, int opt, |
612 | void *data, size_t *len) |
613 | { |
614 | #pragma unused(kctlref, unit) |
615 | struct netagent_session *session = (struct netagent_session *)unitinfo; |
616 | errno_t error; |
617 | |
618 | if (session == NULL) { |
619 | NETAGENTLOG0(LOG_ERR, "Received a NULL session" ); |
620 | error = EINVAL; |
621 | goto done; |
622 | } |
623 | |
624 | switch (opt) { |
625 | case NETAGENT_OPTION_TYPE_USE_COUNT: { |
626 | NETAGENTLOG0(LOG_DEBUG, "Request to get use count" ); |
627 | error = netagent_handle_use_count_getopt(session, buffer: data, buffer_length: len); |
628 | break; |
629 | } |
630 | case NETAGENT_OPTION_TYPE_TOKEN_COUNT: { |
631 | NETAGENTLOG0(LOG_DEBUG, "Request to get token count" ); |
632 | error = netagent_handle_token_count_getopt(session, buffer: data, buffer_length: len); |
633 | break; |
634 | } |
635 | case NETAGENT_OPTION_TYPE_TOKEN_LOW_WATER: { |
636 | NETAGENTLOG0(LOG_DEBUG, "Request to get token low water mark" ); |
637 | error = netagent_handle_token_low_water_getopt(session, buffer: data, buffer_length: len); |
638 | break; |
639 | } |
640 | default: |
641 | NETAGENTLOG0(LOG_ERR, "Received unknown option" ); |
642 | error = ENOPROTOOPT; |
643 | break; |
644 | } |
645 | |
646 | done: |
647 | return error; |
648 | } |
649 | |
650 | static errno_t |
651 | netagent_ctl_setopt(kern_ctl_ref kctlref, u_int32_t unit, void *unitinfo, int opt, |
652 | void *data, size_t len) |
653 | { |
654 | #pragma unused(kctlref, unit) |
655 | struct netagent_session *session = (struct netagent_session *)unitinfo; |
656 | errno_t error; |
657 | |
658 | if (session == NULL) { |
659 | NETAGENTLOG0(LOG_ERR, "Received a NULL session" ); |
660 | error = EINVAL; |
661 | goto done; |
662 | } |
663 | |
664 | switch (opt) { |
665 | case NETAGENT_OPTION_TYPE_REGISTER: { |
666 | NETAGENTLOG0(LOG_DEBUG, "Request for registration" ); |
667 | error = netagent_handle_register_setopt(session, payload: data, payload_length: len); |
668 | break; |
669 | } |
670 | case NETAGENT_OPTION_TYPE_UPDATE: { |
671 | NETAGENTLOG0(LOG_DEBUG, "Request for update" ); |
672 | error = netagent_handle_update_setopt(session, payload: data, payload_length: len); |
673 | break; |
674 | } |
675 | case NETAGENT_OPTION_TYPE_UNREGISTER: { |
676 | NETAGENTLOG0(LOG_DEBUG, "Request for unregistration" ); |
677 | error = netagent_handle_unregister_setopt(session, payload: data, payload_length: len); |
678 | break; |
679 | } |
680 | case NETAGENT_OPTION_TYPE_ASSIGN_NEXUS: { |
681 | NETAGENTLOG0(LOG_DEBUG, "Request for assigning nexus" ); |
682 | error = netagent_handle_assign_nexus_setopt(session, payload: data, payload_length: len); |
683 | break; |
684 | } |
685 | case NETAGENT_MESSAGE_TYPE_ASSIGN_GROUP_MEMBERS: { |
686 | NETAGENTLOG0(LOG_DEBUG, "Request for assigning group members" ); |
687 | error = netagent_handle_assign_group_setopt(session, payload: data, payload_length: len); |
688 | break; |
689 | } |
690 | case NETAGENT_OPTION_TYPE_USE_COUNT: { |
691 | NETAGENTLOG0(LOG_DEBUG, "Request to set use count" ); |
692 | error = netagent_handle_use_count_setopt(session, payload: data, payload_length: len); |
693 | break; |
694 | } |
695 | case NETAGENT_OPTION_TYPE_ADD_TOKEN: { |
696 | NETAGENTLOG0(LOG_DEBUG, "Request to add a token" ); |
697 | error = netagent_handle_add_token_setopt(session, payload: data, payload_length: len); |
698 | break; |
699 | } |
700 | case NETAGENT_OPTION_TYPE_FLUSH_TOKENS: { |
701 | NETAGENTLOG0(LOG_DEBUG, "Request to flush tokens" ); |
702 | error = netagent_handle_flush_tokens_setopt(session, payload: data, payload_length: len); |
703 | break; |
704 | } |
705 | case NETAGENT_OPTION_TYPE_TOKEN_LOW_WATER: { |
706 | NETAGENTLOG0(LOG_DEBUG, "Request to set token low water mark" ); |
707 | error = netagent_handle_token_low_water_setopt(session, buffer: data, buffer_length: len); |
708 | break; |
709 | } |
710 | case NETAGENT_OPTION_TYPE_RESET_CLIENT_ERROR: { |
711 | NETAGENTLOG0(LOG_DEBUG, "Request to reset client error" ); |
712 | error = netagent_handle_reset_client_error_setopt(session, payload: data, payload_length: len); |
713 | break; |
714 | } |
715 | default: |
716 | NETAGENTLOG0(LOG_ERR, "Received unknown option" ); |
717 | error = ENOPROTOOPT; |
718 | break; |
719 | } |
720 | |
721 | done: |
722 | return error; |
723 | } |
724 | |
725 | // Session Management |
726 | static struct netagent_session * |
727 | netagent_create_session(u_int32_t control_unit) |
728 | { |
729 | struct netagent_session *new_session = NULL; |
730 | |
731 | new_session = kalloc_type(struct netagent_session, |
732 | Z_WAITOK | Z_ZERO | Z_NOFAIL); |
733 | NETAGENTLOG(LOG_DEBUG, "Create agent session, control unit %d" , control_unit); |
734 | new_session->control_unit = control_unit; |
735 | lck_mtx_init(lck: &new_session->session_lock, grp: &netagent_mtx_grp, LCK_ATTR_NULL); |
736 | |
737 | return new_session; |
738 | } |
739 | |
740 | netagent_session_t |
741 | netagent_create(netagent_event_f event_handler, void *context) |
742 | { |
743 | struct netagent_session *session = netagent_create_session(control_unit: 0); |
744 | if (session == NULL) { |
745 | return NULL; |
746 | } |
747 | |
748 | session->event_handler = event_handler; |
749 | session->event_context = context; |
750 | return session; |
751 | } |
752 | |
753 | static void |
754 | netagent_token_free(struct netagent_token *token) |
755 | { |
756 | kfree_data(token->token_bytes, token->token_length); |
757 | kfree_type(struct netagent_token, token); |
758 | } |
759 | |
760 | static struct netagent_wrapper * |
761 | netagent_alloc_wrapper_memory(uint32_t data_size) |
762 | { |
763 | struct netagent_wrapper *new_wrapper; |
764 | |
765 | new_wrapper = kalloc_type(struct netagent_wrapper, |
766 | Z_WAITOK | Z_ZERO | Z_NOFAIL); |
767 | new_wrapper->netagent = kalloc_data(sizeof(struct netagent) + data_size, |
768 | Z_WAITOK | Z_NOFAIL); |
769 | |
770 | lck_rw_init(lck: &new_wrapper->agent_lock, grp: &netagent_mtx_grp, LCK_ATTR_NULL); |
771 | |
772 | return new_wrapper; |
773 | } |
774 | |
775 | static void |
776 | netagent_free_wrapper_memory(struct netagent_wrapper *wrapper) |
777 | { |
778 | // Before destroying the lock, take the lock exclusively and then |
779 | // drop it again. This ensures that no other thread was holding |
780 | // onto the lock at the time of destroying it. |
781 | // This can happen in netagent_client_message_with_params due |
782 | // to the fact that the wrapper lock needs to be held during the |
783 | // event callout, while the list lock has been released. Taking |
784 | // this lock here ensures that any such remaining thread completes |
785 | // before this object is released. Since the wrapper object has |
786 | // already been removed from any and all lists by this point, |
787 | // there isn't any way for a new thread to start referencing it. |
788 | NETAGENT_LOCK_EXCLUSIVE(wrapper); |
789 | NETAGENT_UNLOCK(wrapper); |
790 | lck_rw_destroy(lck: &wrapper->agent_lock, grp: &netagent_mtx_grp); |
791 | |
792 | kfree_data(wrapper->netagent, sizeof(struct netagent) + |
793 | wrapper->netagent->netagent_data_size); |
794 | kfree_type(struct netagent_wrapper, wrapper); |
795 | } |
796 | |
797 | static void |
798 | netagent_free_wrapper(struct netagent_wrapper *wrapper) |
799 | { |
800 | // Free any leftover tokens |
801 | struct netagent_token *search_token = NULL; |
802 | struct netagent_token *temp_token = NULL; |
803 | TAILQ_FOREACH_SAFE(search_token, &wrapper->token_list, token_chain, temp_token) { |
804 | TAILQ_REMOVE(&wrapper->token_list, search_token, token_chain); |
805 | netagent_token_free(token: search_token); |
806 | } |
807 | |
808 | // Free any pending client triggers |
809 | struct netagent_client *search_client = NULL; |
810 | struct netagent_client *temp_client = NULL; |
811 | LIST_FOREACH_SAFE(search_client, &wrapper->pending_triggers_list, client_chain, temp_client) { |
812 | LIST_REMOVE(search_client, client_chain); |
813 | kfree_type(struct netagent_client, search_client); |
814 | } |
815 | |
816 | // Free wrapper itself |
817 | netagent_free_wrapper_memory(wrapper); |
818 | } |
819 | |
820 | static void |
821 | netagent_unregister_session_wrapper(struct netagent_session *session) |
822 | { |
823 | bool unregistered = FALSE; |
824 | uuid_t unregistered_uuid; |
825 | struct netagent_wrapper *wrapper = NULL; |
826 | NETAGENT_LIST_LOCK_EXCLUSIVE(); |
827 | if (session != NULL) { |
828 | NETAGENT_SESSION_LOCK(session); |
829 | wrapper = session->wrapper; |
830 | if (wrapper != NULL) { |
831 | if (netagent_registered_count > 0) { |
832 | netagent_registered_count--; |
833 | } |
834 | if ((session->wrapper->netagent->netagent_flags & NETAGENT_FLAG_ACTIVE) && |
835 | netagent_active_count > 0) { |
836 | netagent_active_count--; |
837 | } |
838 | |
839 | LIST_REMOVE(wrapper, list_chain); |
840 | |
841 | unregistered = TRUE; |
842 | uuid_copy(dst: unregistered_uuid, src: session->wrapper->netagent->netagent_uuid); |
843 | |
844 | netagent_free_wrapper(wrapper: session->wrapper); |
845 | session->wrapper = NULL; |
846 | NETAGENTLOG0(LOG_DEBUG, "Unregistered agent" ); |
847 | } |
848 | NETAGENT_SESSION_UNLOCK(session); |
849 | } |
850 | NETAGENT_LIST_UNLOCK(); |
851 | |
852 | if (unregistered) { |
853 | ifnet_clear_netagent(unregistered_uuid); |
854 | netagent_post_event(agent_uuid: unregistered_uuid, KEV_NETAGENT_UNREGISTERED, TRUE, false); |
855 | } |
856 | } |
857 | |
858 | static void |
859 | netagent_delete_session(struct netagent_session *session) |
860 | { |
861 | if (session != NULL) { |
862 | netagent_unregister_session_wrapper(session); |
863 | lck_mtx_destroy(lck: &session->session_lock, grp: &netagent_mtx_grp); |
864 | kfree_type(struct netagent_session, session); |
865 | } |
866 | } |
867 | |
868 | void |
869 | netagent_destroy(netagent_session_t session) |
870 | { |
871 | return netagent_delete_session(session: (struct netagent_session *)session); |
872 | } |
873 | |
874 | static size_t |
875 | netagent_packet_get_netagent_data_size(mbuf_t packet, size_t offset, int *err) |
876 | { |
877 | int error = 0; |
878 | |
879 | struct netagent netagent_peek; |
880 | memset(s: &netagent_peek, c: 0, n: sizeof(netagent_peek)); |
881 | |
882 | *err = 0; |
883 | |
884 | error = mbuf_copydata(mbuf: packet, offset, length: sizeof(netagent_peek), out_data: &netagent_peek); |
885 | if (error) { |
886 | *err = ENOENT; |
887 | return 0; |
888 | } |
889 | |
890 | return netagent_peek.netagent_data_size; |
891 | } |
892 | |
893 | static errno_t |
894 | netagent_handle_register_inner(struct netagent_session *session, struct netagent_wrapper *new_wrapper) |
895 | { |
896 | NETAGENT_LIST_LOCK_EXCLUSIVE(); |
897 | |
898 | NETAGENT_SESSION_LOCK(session); |
899 | if (session->wrapper != NULL) { |
900 | NETAGENT_SESSION_UNLOCK(session); |
901 | NETAGENT_LIST_UNLOCK(); |
902 | return EINVAL; |
903 | } |
904 | |
905 | new_wrapper->control_unit = session->control_unit; |
906 | new_wrapper->event_handler = session->event_handler; |
907 | new_wrapper->event_context = session->event_context; |
908 | new_wrapper->generation = g_next_generation++; |
909 | |
910 | session->wrapper = new_wrapper; |
911 | LIST_INSERT_HEAD(&shared_netagent_list, new_wrapper, list_chain); |
912 | TAILQ_INIT(&new_wrapper->token_list); |
913 | LIST_INIT(&new_wrapper->pending_triggers_list); |
914 | |
915 | new_wrapper->netagent->netagent_flags |= NETAGENT_FLAG_REGISTERED; |
916 | netagent_registered_count++; |
917 | if (new_wrapper->netagent->netagent_flags & NETAGENT_FLAG_ACTIVE) { |
918 | netagent_active_count++; |
919 | } |
920 | |
921 | NETAGENT_SESSION_UNLOCK(session); |
922 | NETAGENT_LIST_UNLOCK(); |
923 | return 0; |
924 | } |
925 | |
926 | errno_t |
927 | netagent_register(netagent_session_t _session, struct netagent *agent) |
928 | { |
929 | struct netagent_wrapper *new_wrapper = NULL; |
930 | uuid_t registered_uuid; |
931 | |
932 | struct netagent_session *session = (struct netagent_session *)_session; |
933 | if (session == NULL) { |
934 | NETAGENTLOG0(LOG_ERR, "Cannot register agent on NULL session" ); |
935 | return EINVAL; |
936 | } |
937 | |
938 | if (agent == NULL) { |
939 | NETAGENTLOG0(LOG_ERR, "Cannot register NULL agent" ); |
940 | return EINVAL; |
941 | } |
942 | |
943 | size_t data_size = agent->netagent_data_size; |
944 | if (data_size > NETAGENT_MAX_DATA_SIZE) { |
945 | NETAGENTLOG(LOG_ERR, "Register message size could not be read, data_size %zu" , |
946 | data_size); |
947 | return EINVAL; |
948 | } |
949 | |
950 | new_wrapper = netagent_alloc_wrapper_memory(data_size); |
951 | |
952 | __nochk_memcpy(dst: new_wrapper->netagent, src: agent, n: sizeof(struct netagent) + data_size); |
953 | |
954 | uuid_copy(dst: registered_uuid, src: new_wrapper->netagent->netagent_uuid); |
955 | |
956 | errno_t error = netagent_handle_register_inner(session, new_wrapper); |
957 | if (error != 0) { |
958 | netagent_free_wrapper_memory(wrapper: new_wrapper); |
959 | return error; |
960 | } |
961 | |
962 | NETAGENTLOG0(LOG_DEBUG, "Registered new agent" ); |
963 | netagent_post_event(agent_uuid: registered_uuid, KEV_NETAGENT_REGISTERED, TRUE, false); |
964 | |
965 | return 0; |
966 | } |
967 | |
968 | static errno_t |
969 | netagent_handle_register_setopt(struct netagent_session *session, u_int8_t *payload, |
970 | size_t payload_length) |
971 | { |
972 | struct netagent_wrapper *new_wrapper = NULL; |
973 | errno_t response_error = 0; |
974 | struct netagent *register_netagent = (struct netagent *)(void *)payload; |
975 | uuid_t registered_uuid; |
976 | |
977 | if (session == NULL) { |
978 | NETAGENTLOG0(LOG_ERR, "Failed to find session" ); |
979 | response_error = EINVAL; |
980 | goto done; |
981 | } |
982 | |
983 | if (payload == NULL) { |
984 | NETAGENTLOG0(LOG_ERR, "No payload received" ); |
985 | response_error = EINVAL; |
986 | goto done; |
987 | } |
988 | |
989 | if (payload_length < sizeof(struct netagent)) { |
990 | NETAGENTLOG(LOG_ERR, "Register message size too small for agent: (%zu < %zu)" , |
991 | payload_length, sizeof(struct netagent)); |
992 | response_error = EINVAL; |
993 | goto done; |
994 | } |
995 | |
996 | size_t data_size = register_netagent->netagent_data_size; |
997 | if (data_size > NETAGENT_MAX_DATA_SIZE) { |
998 | NETAGENTLOG(LOG_ERR, "Register message size could not be read, data_size %zu" , data_size); |
999 | response_error = EINVAL; |
1000 | goto done; |
1001 | } |
1002 | |
1003 | if (payload_length != (sizeof(struct netagent) + data_size)) { |
1004 | NETAGENTLOG(LOG_ERR, "Mismatch between data size and payload length (%lu != %zu)" , (sizeof(struct netagent) + data_size), payload_length); |
1005 | response_error = EINVAL; |
1006 | goto done; |
1007 | } |
1008 | |
1009 | new_wrapper = netagent_alloc_wrapper_memory(data_size); |
1010 | |
1011 | __nochk_memcpy(dst: new_wrapper->netagent, src: register_netagent, n: sizeof(struct netagent) + data_size); |
1012 | |
1013 | uuid_copy(dst: registered_uuid, src: new_wrapper->netagent->netagent_uuid); |
1014 | |
1015 | response_error = netagent_handle_register_inner(session, new_wrapper); |
1016 | if (response_error != 0) { |
1017 | netagent_free_wrapper_memory(wrapper: new_wrapper); |
1018 | goto done; |
1019 | } |
1020 | |
1021 | NETAGENTLOG0(LOG_DEBUG, "Registered new agent" ); |
1022 | netagent_post_event(agent_uuid: registered_uuid, KEV_NETAGENT_REGISTERED, TRUE, false); |
1023 | |
1024 | done: |
1025 | return response_error; |
1026 | } |
1027 | |
1028 | static void |
1029 | netagent_handle_register_message(struct netagent_session *session, u_int32_t message_id, |
1030 | size_t payload_length, mbuf_t packet, size_t offset) |
1031 | { |
1032 | errno_t error; |
1033 | struct netagent_wrapper *new_wrapper = NULL; |
1034 | u_int32_t response_error = NETAGENT_MESSAGE_ERROR_INTERNAL; |
1035 | uuid_t registered_uuid; |
1036 | |
1037 | if (session == NULL) { |
1038 | NETAGENTLOG0(LOG_ERR, "Failed to find session" ); |
1039 | response_error = NETAGENT_MESSAGE_ERROR_INTERNAL; |
1040 | goto fail; |
1041 | } |
1042 | |
1043 | if (payload_length < sizeof(struct netagent)) { |
1044 | NETAGENTLOG(LOG_ERR, "Register message size too small for agent: (%zu < %zu)" , |
1045 | payload_length, sizeof(struct netagent)); |
1046 | response_error = NETAGENT_MESSAGE_ERROR_INVALID_DATA; |
1047 | goto fail; |
1048 | } |
1049 | |
1050 | size_t data_size = netagent_packet_get_netagent_data_size(packet, offset, err: &error); |
1051 | if (error || data_size > NETAGENT_MAX_DATA_SIZE) { |
1052 | NETAGENTLOG(LOG_ERR, "Register message size could not be read, error %d data_size %zu" , |
1053 | error, data_size); |
1054 | response_error = NETAGENT_MESSAGE_ERROR_INVALID_DATA; |
1055 | goto fail; |
1056 | } |
1057 | |
1058 | new_wrapper = netagent_alloc_wrapper_memory(data_size); |
1059 | |
1060 | error = mbuf_copydata(mbuf: packet, offset, length: sizeof(struct netagent) + data_size, |
1061 | out_data: new_wrapper->netagent); |
1062 | if (error) { |
1063 | NETAGENTLOG(LOG_ERR, "Failed to read data into agent structure: %d" , error); |
1064 | netagent_free_wrapper_memory(wrapper: new_wrapper); |
1065 | response_error = NETAGENT_MESSAGE_ERROR_INTERNAL; |
1066 | goto fail; |
1067 | } |
1068 | |
1069 | uuid_copy(dst: registered_uuid, src: new_wrapper->netagent->netagent_uuid); |
1070 | |
1071 | error = netagent_handle_register_inner(session, new_wrapper); |
1072 | if (error) { |
1073 | NETAGENTLOG(LOG_ERR, "Failed to register agent: %d" , error); |
1074 | netagent_free_wrapper_memory(wrapper: new_wrapper); |
1075 | response_error = NETAGENT_MESSAGE_ERROR_INTERNAL; |
1076 | goto fail; |
1077 | } |
1078 | |
1079 | NETAGENTLOG0(LOG_DEBUG, "Registered new agent" ); |
1080 | netagent_send_success_response(session, NETAGENT_MESSAGE_TYPE_REGISTER, message_id); |
1081 | netagent_post_event(agent_uuid: registered_uuid, KEV_NETAGENT_REGISTERED, TRUE, false); |
1082 | return; |
1083 | fail: |
1084 | netagent_send_error_response(session, NETAGENT_MESSAGE_TYPE_REGISTER, message_id, error_code: response_error); |
1085 | } |
1086 | |
1087 | errno_t |
1088 | netagent_unregister(netagent_session_t _session) |
1089 | { |
1090 | struct netagent_session *session = (struct netagent_session *)_session; |
1091 | if (session == NULL) { |
1092 | NETAGENTLOG0(LOG_ERR, "Cannot unregister NULL session" ); |
1093 | return EINVAL; |
1094 | } |
1095 | |
1096 | netagent_unregister_session_wrapper(session); |
1097 | return 0; |
1098 | } |
1099 | |
1100 | static errno_t |
1101 | netagent_handle_unregister_setopt(struct netagent_session *session, u_int8_t *payload, |
1102 | size_t payload_length) |
1103 | { |
1104 | #pragma unused(payload, payload_length) |
1105 | errno_t response_error = 0; |
1106 | |
1107 | if (session == NULL) { |
1108 | NETAGENTLOG0(LOG_ERR, "Failed to find session" ); |
1109 | response_error = EINVAL; |
1110 | goto done; |
1111 | } |
1112 | |
1113 | netagent_unregister_session_wrapper(session); |
1114 | |
1115 | done: |
1116 | return response_error; |
1117 | } |
1118 | |
1119 | static void |
1120 | netagent_handle_unregister_message(struct netagent_session *session, u_int32_t message_id, |
1121 | size_t payload_length, mbuf_t packet, size_t offset) |
1122 | { |
1123 | #pragma unused(payload_length, packet, offset) |
1124 | u_int32_t response_error = NETAGENT_MESSAGE_ERROR_INTERNAL; |
1125 | |
1126 | if (session == NULL) { |
1127 | NETAGENTLOG0(LOG_ERR, "Failed to find session" ); |
1128 | response_error = NETAGENT_MESSAGE_ERROR_INTERNAL; |
1129 | goto fail; |
1130 | } |
1131 | |
1132 | netagent_unregister_session_wrapper(session); |
1133 | |
1134 | netagent_send_success_response(session, NETAGENT_MESSAGE_TYPE_UNREGISTER, message_id); |
1135 | return; |
1136 | fail: |
1137 | netagent_send_error_response(session, NETAGENT_MESSAGE_TYPE_UNREGISTER, message_id, error_code: response_error); |
1138 | } |
1139 | |
1140 | static void |
1141 | netagent_send_cellular_failed_event(struct netagent_wrapper *wrapper, |
1142 | pid_t pid, uuid_t proc_uuid) |
1143 | { |
1144 | if (strncmp(s1: wrapper->netagent->netagent_domain, s2: "Cellular" , NETAGENT_DOMAINSIZE) != 0) { |
1145 | return; |
1146 | } |
1147 | |
1148 | struct kev_netpolicy_ifdenied ev_ifdenied; |
1149 | |
1150 | bzero(s: &ev_ifdenied, n: sizeof(ev_ifdenied)); |
1151 | |
1152 | ev_ifdenied.ev_data.epid = (u_int64_t)pid; |
1153 | uuid_copy(dst: ev_ifdenied.ev_data.euuid, src: proc_uuid); |
1154 | ev_ifdenied.ev_if_functional_type = IFRTYPE_FUNCTIONAL_CELLULAR; |
1155 | |
1156 | netpolicy_post_msg(KEV_NETPOLICY_IFFAILED, &ev_ifdenied.ev_data, sizeof(ev_ifdenied)); |
1157 | } |
1158 | |
1159 | static errno_t |
1160 | netagent_handle_update_inner(struct netagent_session *session, struct netagent_wrapper *new_wrapper, |
1161 | size_t data_size, u_int8_t *agent_changed, netagent_error_domain_t error_domain) |
1162 | { |
1163 | errno_t response_error = 0; |
1164 | |
1165 | if (agent_changed == NULL) { |
1166 | NETAGENTLOG0(LOG_ERR, "Invalid argument: agent_changed" ); |
1167 | return EINVAL; |
1168 | } |
1169 | |
1170 | NETAGENT_LIST_LOCK_EXCLUSIVE(); |
1171 | |
1172 | NETAGENT_SESSION_LOCK(session); |
1173 | if (session->wrapper == NULL) { |
1174 | NETAGENT_SESSION_UNLOCK(session); |
1175 | NETAGENT_LIST_UNLOCK(); |
1176 | response_error = ENOENT; |
1177 | return response_error; |
1178 | } |
1179 | |
1180 | NETAGENT_LOCK_EXCLUSIVE(session->wrapper); |
1181 | |
1182 | if (uuid_compare(uu1: session->wrapper->netagent->netagent_uuid, uu2: new_wrapper->netagent->netagent_uuid) != 0 || |
1183 | memcmp(s1: &session->wrapper->netagent->netagent_domain, s2: &new_wrapper->netagent->netagent_domain, |
1184 | n: sizeof(new_wrapper->netagent->netagent_domain)) != 0 || |
1185 | memcmp(s1: &session->wrapper->netagent->netagent_type, s2: &new_wrapper->netagent->netagent_type, |
1186 | n: sizeof(new_wrapper->netagent->netagent_type)) != 0) { |
1187 | NETAGENT_UNLOCK(session->wrapper); |
1188 | NETAGENT_SESSION_UNLOCK(session); |
1189 | NETAGENT_LIST_UNLOCK(); |
1190 | NETAGENTLOG0(LOG_ERR, "Basic agent parameters do not match, cannot update" ); |
1191 | if (error_domain == kNetagentErrorDomainPOSIX) { |
1192 | response_error = EINVAL; |
1193 | } else if (error_domain == kNetagentErrorDomainUserDefined) { |
1194 | response_error = NETAGENT_MESSAGE_ERROR_CANNOT_UPDATE; |
1195 | } |
1196 | return response_error; |
1197 | } |
1198 | |
1199 | new_wrapper->netagent->netagent_flags |= NETAGENT_FLAG_REGISTERED; |
1200 | if (session->wrapper->netagent->netagent_data_size == new_wrapper->netagent->netagent_data_size && |
1201 | memcmp(s1: session->wrapper->netagent, s2: new_wrapper->netagent, n: sizeof(struct netagent) + data_size) == 0) { |
1202 | // Agent is exactly identical, don't increment the generation count |
1203 | |
1204 | // Make a copy of the list of pending clients, and clear the current list |
1205 | struct netagent_client_list_s pending_triggers_list_copy; |
1206 | LIST_INIT(&pending_triggers_list_copy); |
1207 | struct netagent_client *search_client = NULL; |
1208 | struct netagent_client *temp_client = NULL; |
1209 | LIST_FOREACH_SAFE(search_client, &session->wrapper->pending_triggers_list, client_chain, temp_client) { |
1210 | LIST_REMOVE(search_client, client_chain); |
1211 | LIST_INSERT_HEAD(&pending_triggers_list_copy, search_client, client_chain); |
1212 | } |
1213 | NETAGENT_UNLOCK(session->wrapper); |
1214 | NETAGENT_SESSION_UNLOCK(session); |
1215 | NETAGENT_LIST_UNLOCK(); |
1216 | |
1217 | // Update pending client triggers without holding a lock |
1218 | search_client = NULL; |
1219 | temp_client = NULL; |
1220 | LIST_FOREACH_SAFE(search_client, &pending_triggers_list_copy, client_chain, temp_client) { |
1221 | necp_force_update_client(client_id: search_client->client_id, remove_netagent_uuid: session->wrapper->netagent->netagent_uuid, agent_generation: session->wrapper->generation); |
1222 | netagent_send_cellular_failed_event(wrapper: new_wrapper, pid: search_client->client_pid, proc_uuid: search_client->client_proc_uuid); |
1223 | LIST_REMOVE(search_client, client_chain); |
1224 | kfree_type(struct netagent_client, search_client); |
1225 | } |
1226 | NETAGENTLOG0(LOG_DEBUG, "Updated agent (no changes)" ); |
1227 | *agent_changed = FALSE; |
1228 | return response_error; |
1229 | } |
1230 | |
1231 | new_wrapper->generation = g_next_generation++; |
1232 | new_wrapper->use_count = session->wrapper->use_count; |
1233 | |
1234 | TAILQ_INIT(&new_wrapper->token_list); |
1235 | TAILQ_CONCAT(&new_wrapper->token_list, &session->wrapper->token_list, token_chain); |
1236 | new_wrapper->token_count = session->wrapper->token_count; |
1237 | new_wrapper->token_low_water = session->wrapper->token_low_water; |
1238 | new_wrapper->last_client_error = session->wrapper->last_client_error; |
1239 | new_wrapper->client_error_count = session->wrapper->client_error_count; |
1240 | |
1241 | if ((new_wrapper->netagent->netagent_flags & NETAGENT_FLAG_ACTIVE) && |
1242 | !(session->wrapper->netagent->netagent_flags & NETAGENT_FLAG_ACTIVE)) { |
1243 | netagent_active_count++; |
1244 | } else if (!(new_wrapper->netagent->netagent_flags & NETAGENT_FLAG_ACTIVE) && |
1245 | (session->wrapper->netagent->netagent_flags & NETAGENT_FLAG_ACTIVE) && |
1246 | netagent_active_count > 0) { |
1247 | netagent_active_count--; |
1248 | } |
1249 | |
1250 | LIST_REMOVE(session->wrapper, list_chain); |
1251 | NETAGENT_UNLOCK(session->wrapper); |
1252 | netagent_free_wrapper(wrapper: session->wrapper); |
1253 | session->wrapper = new_wrapper; |
1254 | new_wrapper->control_unit = session->control_unit; |
1255 | new_wrapper->event_handler = session->event_handler; |
1256 | new_wrapper->event_context = session->event_context; |
1257 | LIST_INSERT_HEAD(&shared_netagent_list, new_wrapper, list_chain); |
1258 | LIST_INIT(&new_wrapper->pending_triggers_list); |
1259 | |
1260 | NETAGENT_SESSION_UNLOCK(session); |
1261 | NETAGENT_LIST_UNLOCK(); |
1262 | |
1263 | NETAGENTLOG0(LOG_DEBUG, "Updated agent" ); |
1264 | *agent_changed = TRUE; |
1265 | |
1266 | return response_error; |
1267 | } |
1268 | |
1269 | errno_t |
1270 | netagent_update(netagent_session_t _session, struct netagent *agent) |
1271 | { |
1272 | u_int8_t agent_changed; |
1273 | struct netagent_wrapper *new_wrapper = NULL; |
1274 | bool should_update_immediately; |
1275 | uuid_t updated_uuid; |
1276 | |
1277 | struct netagent_session *session = (struct netagent_session *)_session; |
1278 | if (session == NULL) { |
1279 | NETAGENTLOG0(LOG_ERR, "Cannot update agent on NULL session" ); |
1280 | return EINVAL; |
1281 | } |
1282 | |
1283 | if (agent == NULL) { |
1284 | NETAGENTLOG0(LOG_ERR, "Cannot register NULL agent" ); |
1285 | return EINVAL; |
1286 | } |
1287 | |
1288 | size_t data_size = agent->netagent_data_size; |
1289 | if (data_size > NETAGENT_MAX_DATA_SIZE) { |
1290 | NETAGENTLOG(LOG_ERR, "Update message size (%zu > %u) too large" , data_size, NETAGENT_MAX_DATA_SIZE); |
1291 | return EINVAL; |
1292 | } |
1293 | |
1294 | new_wrapper = netagent_alloc_wrapper_memory(data_size); |
1295 | |
1296 | __nochk_memcpy(dst: new_wrapper->netagent, src: agent, n: sizeof(struct netagent) + data_size); |
1297 | |
1298 | uuid_copy(dst: updated_uuid, src: new_wrapper->netagent->netagent_uuid); |
1299 | should_update_immediately = (NETAGENT_FLAG_UPDATE_IMMEDIATELY == (new_wrapper->netagent->netagent_flags & NETAGENT_FLAG_UPDATE_IMMEDIATELY)); |
1300 | |
1301 | errno_t error = netagent_handle_update_inner(session, new_wrapper, data_size, agent_changed: &agent_changed, error_domain: kNetagentErrorDomainPOSIX); |
1302 | if (error == 0) { |
1303 | netagent_post_event(agent_uuid: updated_uuid, KEV_NETAGENT_UPDATED, update_necp: agent_changed, should_update_immediately); |
1304 | if (agent_changed == FALSE) { |
1305 | // The session wrapper does not need the "new_wrapper" as nothing changed |
1306 | netagent_free_wrapper_memory(wrapper: new_wrapper); |
1307 | } |
1308 | } else { |
1309 | netagent_free_wrapper_memory(wrapper: new_wrapper); |
1310 | return error; |
1311 | } |
1312 | |
1313 | return 0; |
1314 | } |
1315 | |
1316 | static errno_t |
1317 | netagent_handle_update_setopt(struct netagent_session *session, u_int8_t *payload, size_t payload_length) |
1318 | { |
1319 | struct netagent_wrapper *new_wrapper = NULL; |
1320 | errno_t response_error = 0; |
1321 | struct netagent *update_netagent = (struct netagent *)(void *)payload; |
1322 | u_int8_t agent_changed; |
1323 | bool should_update_immediately; |
1324 | uuid_t updated_uuid; |
1325 | |
1326 | if (session == NULL) { |
1327 | NETAGENTLOG0(LOG_ERR, "Failed to find session" ); |
1328 | response_error = EINVAL; |
1329 | goto done; |
1330 | } |
1331 | |
1332 | if (payload == NULL) { |
1333 | NETAGENTLOG0(LOG_ERR, "No payload received" ); |
1334 | response_error = EINVAL; |
1335 | goto done; |
1336 | } |
1337 | |
1338 | if (payload_length < sizeof(struct netagent)) { |
1339 | NETAGENTLOG(LOG_ERR, "Update message size too small for agent: (%zu < %zu)" , |
1340 | payload_length, sizeof(struct netagent)); |
1341 | response_error = EINVAL; |
1342 | goto done; |
1343 | } |
1344 | |
1345 | size_t data_size = update_netagent->netagent_data_size; |
1346 | if (data_size > NETAGENT_MAX_DATA_SIZE) { |
1347 | NETAGENTLOG(LOG_ERR, "Update message size (%zu > %u) too large" , data_size, NETAGENT_MAX_DATA_SIZE); |
1348 | response_error = EINVAL; |
1349 | goto done; |
1350 | } |
1351 | |
1352 | if (payload_length != (sizeof(struct netagent) + data_size)) { |
1353 | NETAGENTLOG(LOG_ERR, "Mismatch between data size and payload length (%lu != %zu)" , (sizeof(struct netagent) + data_size), payload_length); |
1354 | response_error = EINVAL; |
1355 | goto done; |
1356 | } |
1357 | |
1358 | new_wrapper = netagent_alloc_wrapper_memory(data_size); |
1359 | |
1360 | __nochk_memcpy(dst: new_wrapper->netagent, src: update_netagent, n: sizeof(struct netagent) + data_size); |
1361 | |
1362 | uuid_copy(dst: updated_uuid, src: new_wrapper->netagent->netagent_uuid); |
1363 | should_update_immediately = (NETAGENT_FLAG_UPDATE_IMMEDIATELY == (new_wrapper->netagent->netagent_flags & NETAGENT_FLAG_UPDATE_IMMEDIATELY)); |
1364 | |
1365 | response_error = netagent_handle_update_inner(session, new_wrapper, data_size, agent_changed: &agent_changed, error_domain: kNetagentErrorDomainPOSIX); |
1366 | if (response_error == 0) { |
1367 | netagent_post_event(agent_uuid: updated_uuid, KEV_NETAGENT_UPDATED, update_necp: agent_changed, should_update_immediately); |
1368 | if (agent_changed == FALSE) { |
1369 | // The session wrapper does not need the "new_wrapper" as nothing changed |
1370 | netagent_free_wrapper_memory(wrapper: new_wrapper); |
1371 | } |
1372 | } else { |
1373 | netagent_free_wrapper_memory(wrapper: new_wrapper); |
1374 | } |
1375 | |
1376 | done: |
1377 | return response_error; |
1378 | } |
1379 | |
1380 | static void |
1381 | netagent_handle_update_message(struct netagent_session *session, u_int32_t message_id, |
1382 | size_t payload_length, mbuf_t packet, size_t offset) |
1383 | { |
1384 | int error; |
1385 | struct netagent_wrapper *new_wrapper = NULL; |
1386 | u_int32_t response_error = NETAGENT_MESSAGE_ERROR_INTERNAL; |
1387 | u_int8_t agent_changed; |
1388 | uuid_t updated_uuid; |
1389 | bool should_update_immediately; |
1390 | |
1391 | if (session == NULL) { |
1392 | NETAGENTLOG0(LOG_ERR, "Failed to find session" ); |
1393 | response_error = NETAGENT_MESSAGE_ERROR_INTERNAL; |
1394 | goto fail; |
1395 | } |
1396 | |
1397 | if (payload_length < sizeof(struct netagent)) { |
1398 | NETAGENTLOG(LOG_ERR, "Update message size too small for agent: (%zu < %zu)" , |
1399 | payload_length, sizeof(struct netagent)); |
1400 | response_error = NETAGENT_MESSAGE_ERROR_INVALID_DATA; |
1401 | goto fail; |
1402 | } |
1403 | |
1404 | size_t data_size = netagent_packet_get_netagent_data_size(packet, offset, err: &error); |
1405 | if (error || data_size > NETAGENT_MAX_DATA_SIZE) { |
1406 | NETAGENTLOG(LOG_ERR, "Update message size could not be read, error %d data_size %zu" , |
1407 | error, data_size); |
1408 | response_error = NETAGENT_MESSAGE_ERROR_INVALID_DATA; |
1409 | goto fail; |
1410 | } |
1411 | |
1412 | new_wrapper = netagent_alloc_wrapper_memory(data_size); |
1413 | |
1414 | error = mbuf_copydata(mbuf: packet, offset, length: sizeof(struct netagent) + data_size, out_data: new_wrapper->netagent); |
1415 | if (error) { |
1416 | NETAGENTLOG(LOG_ERR, "Failed to read data into agent structure: %d" , error); |
1417 | netagent_free_wrapper_memory(wrapper: new_wrapper); |
1418 | response_error = NETAGENT_MESSAGE_ERROR_INTERNAL; |
1419 | goto fail; |
1420 | } |
1421 | |
1422 | uuid_copy(dst: updated_uuid, src: new_wrapper->netagent->netagent_uuid); |
1423 | should_update_immediately = (NETAGENT_FLAG_UPDATE_IMMEDIATELY == (new_wrapper->netagent->netagent_flags & NETAGENT_FLAG_UPDATE_IMMEDIATELY)); |
1424 | |
1425 | response_error = (u_int32_t)netagent_handle_update_inner(session, new_wrapper, data_size, agent_changed: &agent_changed, error_domain: kNetagentErrorDomainUserDefined); |
1426 | if (response_error != 0) { |
1427 | if (response_error == ENOENT) { |
1428 | response_error = NETAGENT_MESSAGE_ERROR_NOT_REGISTERED; |
1429 | } |
1430 | netagent_free_wrapper_memory(wrapper: new_wrapper); |
1431 | goto fail; |
1432 | } |
1433 | |
1434 | netagent_send_success_response(session, NETAGENT_MESSAGE_TYPE_UPDATE, message_id); |
1435 | |
1436 | netagent_post_event(agent_uuid: updated_uuid, KEV_NETAGENT_UPDATED, update_necp: agent_changed, should_update_immediately); |
1437 | |
1438 | if (agent_changed == FALSE) { |
1439 | // The session wrapper does not need the "new_wrapper" as nothing changed |
1440 | netagent_free_wrapper_memory(wrapper: new_wrapper); |
1441 | } |
1442 | |
1443 | return; |
1444 | fail: |
1445 | netagent_send_error_response(session, NETAGENT_MESSAGE_TYPE_UPDATE, message_id, error_code: response_error); |
1446 | } |
1447 | |
1448 | static void |
1449 | netagent_handle_get(struct netagent_session *session, u_int32_t message_id, |
1450 | size_t payload_length, mbuf_t packet, size_t offset) |
1451 | { |
1452 | #pragma unused(payload_length, packet, offset) |
1453 | u_int8_t *response = NULL; |
1454 | u_int8_t *cursor = NULL; |
1455 | u_int32_t response_error = NETAGENT_MESSAGE_ERROR_INTERNAL; |
1456 | |
1457 | if (session == NULL) { |
1458 | NETAGENTLOG0(LOG_ERR, "Failed to find session" ); |
1459 | response_error = NETAGENT_MESSAGE_ERROR_INTERNAL; |
1460 | goto fail; |
1461 | } |
1462 | |
1463 | NETAGENT_SESSION_LOCK(session); |
1464 | if (session->wrapper == NULL) { |
1465 | NETAGENT_SESSION_UNLOCK(session); |
1466 | NETAGENTLOG0(LOG_ERR, "Session has no agent to get" ); |
1467 | response_error = NETAGENT_MESSAGE_ERROR_NOT_REGISTERED; |
1468 | goto fail; |
1469 | } |
1470 | |
1471 | NETAGENT_LOCK_SHARED(session->wrapper); |
1472 | |
1473 | size_t response_size = sizeof(struct netagent_message_header) |
1474 | + sizeof(struct netagent) |
1475 | + session->wrapper->netagent->netagent_data_size; |
1476 | response = (u_int8_t *)kalloc_data(response_size, Z_WAITOK); |
1477 | if (response == NULL) { |
1478 | NETAGENT_UNLOCK(session->wrapper); |
1479 | NETAGENT_SESSION_UNLOCK(session); |
1480 | goto fail; |
1481 | } |
1482 | |
1483 | cursor = response; |
1484 | cursor = netagent_buffer_write_message_header(buffer: cursor, NETAGENT_MESSAGE_TYPE_GET, |
1485 | NETAGENT_MESSAGE_FLAGS_RESPONSE, message_id, error: 0, |
1486 | payload_length: response_size - sizeof(struct netagent_message_header)); |
1487 | memcpy(dst: cursor, src: session->wrapper->netagent, n: sizeof(struct netagent) + |
1488 | session->wrapper->netagent->netagent_data_size); |
1489 | |
1490 | NETAGENT_UNLOCK(session->wrapper); |
1491 | NETAGENT_SESSION_UNLOCK(session); |
1492 | |
1493 | if (!netagent_send_ctl_data(control_unit: session->control_unit, buffer: response, buffer_size: response_size)) { |
1494 | NETAGENTLOG0(LOG_ERR, "Failed to send response" ); |
1495 | } |
1496 | kfree_data(response, response_size); |
1497 | return; |
1498 | fail: |
1499 | netagent_send_error_response(session, NETAGENT_MESSAGE_TYPE_GET, message_id, error_code: response_error); |
1500 | } |
1501 | |
1502 | errno_t |
1503 | netagent_assign_nexus(netagent_session_t _session, uuid_t necp_client_uuid, |
1504 | void *assign_message, size_t assigned_results_length) |
1505 | { |
1506 | struct netagent_session *session = (struct netagent_session *)_session; |
1507 | uuid_t netagent_uuid; |
1508 | if (session == NULL) { |
1509 | NETAGENTLOG0(LOG_ERR, "Cannot assign nexus from NULL session" ); |
1510 | return EINVAL; |
1511 | } |
1512 | |
1513 | NETAGENT_SESSION_LOCK(session); |
1514 | if (session->wrapper == NULL) { |
1515 | NETAGENT_SESSION_UNLOCK(session); |
1516 | NETAGENTLOG0(LOG_ERR, "Session has no agent" ); |
1517 | return ENOENT; |
1518 | } |
1519 | NETAGENT_LOCK_SHARED(session->wrapper); |
1520 | uuid_copy(dst: netagent_uuid, src: session->wrapper->netagent->netagent_uuid); |
1521 | NETAGENT_UNLOCK(session->wrapper); |
1522 | NETAGENT_SESSION_UNLOCK(session); |
1523 | |
1524 | // Note that if the error is 0, NECP has taken over our malloc'ed buffer |
1525 | int error = necp_assign_client_result(netagent_uuid, client_id: necp_client_uuid, assigned_results: assign_message, assigned_results_length); |
1526 | if (error) { |
1527 | // necp_assign_client_result returns POSIX errors; don't error for ENOENT |
1528 | NETAGENTLOG((error == ENOENT ? LOG_DEBUG : LOG_ERR), "Client assignment failed: %d" , error); |
1529 | return error; |
1530 | } |
1531 | |
1532 | NETAGENTLOG0(LOG_DEBUG, "Agent assigned nexus properties to client" ); |
1533 | return 0; |
1534 | } |
1535 | |
1536 | errno_t |
1537 | netagent_update_flow_protoctl_event(netagent_session_t _session, |
1538 | uuid_t client_id, uint32_t protoctl_event_code, |
1539 | uint32_t protoctl_event_val, uint32_t protoctl_event_tcp_seq_number) |
1540 | { |
1541 | struct netagent_session *session = (struct netagent_session *)_session; |
1542 | uuid_t netagent_uuid; |
1543 | int error = 0; |
1544 | |
1545 | if (session == NULL) { |
1546 | NETAGENTLOG0(LOG_ERR, "Cannot assign nexus from NULL session" ); |
1547 | return EINVAL; |
1548 | } |
1549 | |
1550 | NETAGENT_SESSION_LOCK(session); |
1551 | if (session->wrapper == NULL) { |
1552 | NETAGENT_SESSION_UNLOCK(session); |
1553 | NETAGENTLOG0(LOG_ERR, "Session has no agent" ); |
1554 | return ENOENT; |
1555 | } |
1556 | NETAGENT_LOCK_SHARED(session->wrapper); |
1557 | uuid_copy(dst: netagent_uuid, src: session->wrapper->netagent->netagent_uuid); |
1558 | NETAGENT_UNLOCK(session->wrapper); |
1559 | NETAGENT_SESSION_UNLOCK(session); |
1560 | |
1561 | error = necp_update_flow_protoctl_event(netagent_uuid, |
1562 | client_id, protoctl_event_code, protoctl_event_val, protoctl_event_tcp_seq_num: protoctl_event_tcp_seq_number); |
1563 | |
1564 | return error; |
1565 | } |
1566 | |
1567 | static errno_t |
1568 | netagent_handle_assign_nexus_setopt(struct netagent_session *session, u_int8_t *payload, |
1569 | size_t payload_length) |
1570 | { |
1571 | errno_t response_error = 0; |
1572 | struct netagent_assign_nexus_message *assign_nexus_netagent = (struct netagent_assign_nexus_message *)(void *)payload; |
1573 | uuid_t client_id; |
1574 | uuid_t netagent_uuid; |
1575 | u_int8_t *assigned_results = NULL; |
1576 | |
1577 | if (session == NULL) { |
1578 | NETAGENTLOG0(LOG_ERR, "Failed to find session" ); |
1579 | response_error = ENOENT; |
1580 | goto done; |
1581 | } |
1582 | |
1583 | if (payload == NULL) { |
1584 | NETAGENTLOG0(LOG_ERR, "No payload received" ); |
1585 | response_error = EINVAL; |
1586 | goto done; |
1587 | } |
1588 | |
1589 | NETAGENT_SESSION_LOCK(session); |
1590 | if (session->wrapper == NULL) { |
1591 | NETAGENT_SESSION_UNLOCK(session); |
1592 | NETAGENTLOG0(LOG_ERR, "Session has no agent to get" ); |
1593 | response_error = ENOENT; |
1594 | goto done; |
1595 | } |
1596 | |
1597 | NETAGENT_LOCK_SHARED(session->wrapper); |
1598 | uuid_copy(dst: netagent_uuid, src: session->wrapper->netagent->netagent_uuid); |
1599 | NETAGENT_UNLOCK(session->wrapper); |
1600 | NETAGENT_SESSION_UNLOCK(session); |
1601 | |
1602 | if (payload_length < sizeof(uuid_t)) { |
1603 | NETAGENTLOG0(LOG_ERR, "Assign message is too short" ); |
1604 | response_error = EINVAL; |
1605 | goto done; |
1606 | } |
1607 | |
1608 | memcpy(dst: client_id, src: assign_nexus_netagent->assign_client_id, n: sizeof(client_id)); |
1609 | size_t assigned_results_length = (payload_length - sizeof(client_id)); |
1610 | |
1611 | if (assigned_results_length > 0) { |
1612 | assigned_results = kalloc_data(assigned_results_length, Z_WAITOK); |
1613 | if (assigned_results == NULL) { |
1614 | NETAGENTLOG(LOG_ERR, "Failed to allocate assign message (%lu bytes)" , assigned_results_length); |
1615 | response_error = ENOMEM; |
1616 | goto done; |
1617 | } |
1618 | memcpy(dst: assigned_results, src: assign_nexus_netagent->assign_necp_results, n: assigned_results_length); |
1619 | } |
1620 | |
1621 | // Note that if the error is 0, NECP has taken over our malloc'ed buffer |
1622 | response_error = necp_assign_client_result(netagent_uuid, client_id, assigned_results, assigned_results_length); |
1623 | if (response_error) { |
1624 | // necp_assign_client_result returns POSIX errors |
1625 | kfree_data(assigned_results, assigned_results_length); |
1626 | NETAGENTLOG(LOG_ERR, "Client assignment failed: %d" , response_error); |
1627 | goto done; |
1628 | } |
1629 | |
1630 | NETAGENTLOG0(LOG_DEBUG, "Agent assigned nexus properties to client" ); |
1631 | done: |
1632 | return response_error; |
1633 | } |
1634 | |
1635 | |
1636 | static void |
1637 | netagent_handle_assign_nexus_message(struct netagent_session *session, u_int32_t message_id, |
1638 | size_t payload_length, mbuf_t packet, size_t offset) |
1639 | { |
1640 | int error = 0; |
1641 | u_int32_t response_error = NETAGENT_MESSAGE_ERROR_INTERNAL; |
1642 | uuid_t client_id; |
1643 | uuid_t netagent_uuid; |
1644 | u_int8_t *assigned_results = NULL; |
1645 | |
1646 | if (session == NULL) { |
1647 | NETAGENTLOG0(LOG_ERR, "Failed to find session" ); |
1648 | response_error = NETAGENT_MESSAGE_ERROR_INTERNAL; |
1649 | goto fail; |
1650 | } |
1651 | |
1652 | NETAGENT_SESSION_LOCK(session); |
1653 | if (session->wrapper == NULL) { |
1654 | NETAGENT_SESSION_UNLOCK(session); |
1655 | NETAGENTLOG0(LOG_ERR, "Session has no agent to get" ); |
1656 | response_error = NETAGENT_MESSAGE_ERROR_NOT_REGISTERED; |
1657 | goto fail; |
1658 | } |
1659 | NETAGENT_LOCK_SHARED(session->wrapper); |
1660 | uuid_copy(dst: netagent_uuid, src: session->wrapper->netagent->netagent_uuid); |
1661 | NETAGENT_UNLOCK(session->wrapper); |
1662 | NETAGENT_SESSION_UNLOCK(session); |
1663 | |
1664 | if (payload_length < sizeof(uuid_t)) { |
1665 | NETAGENTLOG0(LOG_ERR, "Assign message is too short" ); |
1666 | response_error = NETAGENT_MESSAGE_ERROR_INVALID_DATA; |
1667 | goto fail; |
1668 | } |
1669 | |
1670 | error = mbuf_copydata(mbuf: packet, offset, length: sizeof(client_id), out_data: &client_id); |
1671 | if (error) { |
1672 | NETAGENTLOG(LOG_ERR, "Failed to read uuid for assign message: %d" , error); |
1673 | response_error = NETAGENT_MESSAGE_ERROR_INTERNAL; |
1674 | goto fail; |
1675 | } |
1676 | |
1677 | size_t assigned_results_length = (payload_length - sizeof(client_id)); |
1678 | if (assigned_results_length > 0) { |
1679 | assigned_results = kalloc_data( assigned_results_length, Z_WAITOK); |
1680 | if (assigned_results == NULL) { |
1681 | NETAGENTLOG(LOG_ERR, "Failed to allocate assign message (%lu bytes)" , assigned_results_length); |
1682 | response_error = NETAGENT_MESSAGE_ERROR_INTERNAL; |
1683 | goto fail; |
1684 | } |
1685 | |
1686 | error = mbuf_copydata(mbuf: packet, offset: offset + sizeof(client_id), length: assigned_results_length, out_data: assigned_results); |
1687 | if (error) { |
1688 | kfree_data(assigned_results, assigned_results_length); |
1689 | NETAGENTLOG(LOG_ERR, "Failed to read assign message: %d" , error); |
1690 | response_error = NETAGENT_MESSAGE_ERROR_INTERNAL; |
1691 | goto fail; |
1692 | } |
1693 | } |
1694 | |
1695 | // Note that if the error is 0, NECP has taken over our malloc'ed buffer |
1696 | error = necp_assign_client_result(netagent_uuid, client_id, assigned_results, assigned_results_length); |
1697 | if (error) { |
1698 | kfree_data(assigned_results, assigned_results_length); |
1699 | NETAGENTLOG(LOG_ERR, "Client assignment failed: %d" , error); |
1700 | response_error = NETAGENT_MESSAGE_ERROR_CANNOT_ASSIGN; |
1701 | goto fail; |
1702 | } |
1703 | |
1704 | NETAGENTLOG0(LOG_DEBUG, "Agent assigned nexus properties to client" ); |
1705 | netagent_send_success_response(session, NETAGENT_MESSAGE_TYPE_ASSIGN_NEXUS, message_id); |
1706 | return; |
1707 | fail: |
1708 | netagent_send_error_response(session, NETAGENT_MESSAGE_TYPE_ASSIGN_NEXUS, message_id, error_code: response_error); |
1709 | } |
1710 | |
1711 | static errno_t |
1712 | netagent_handle_assign_group_setopt(struct netagent_session *session, u_int8_t *payload, |
1713 | size_t payload_length) |
1714 | { |
1715 | errno_t response_error = 0; |
1716 | struct netagent_assign_nexus_message *assign_message = (struct netagent_assign_nexus_message *)(void *)payload; |
1717 | uuid_t client_id; |
1718 | uuid_t netagent_uuid; |
1719 | u_int8_t *assigned_group_members = NULL; |
1720 | |
1721 | if (session == NULL) { |
1722 | NETAGENTLOG0(LOG_ERR, "Failed to find session" ); |
1723 | response_error = ENOENT; |
1724 | goto done; |
1725 | } |
1726 | |
1727 | if (payload == NULL) { |
1728 | NETAGENTLOG0(LOG_ERR, "No payload received" ); |
1729 | response_error = EINVAL; |
1730 | goto done; |
1731 | } |
1732 | |
1733 | NETAGENT_SESSION_LOCK(session); |
1734 | if (session->wrapper == NULL) { |
1735 | NETAGENT_SESSION_UNLOCK(session); |
1736 | NETAGENTLOG0(LOG_ERR, "Session has no agent to get" ); |
1737 | response_error = ENOENT; |
1738 | goto done; |
1739 | } |
1740 | |
1741 | NETAGENT_LOCK_SHARED(session->wrapper); |
1742 | uuid_copy(dst: netagent_uuid, src: session->wrapper->netagent->netagent_uuid); |
1743 | NETAGENT_UNLOCK(session->wrapper); |
1744 | NETAGENT_SESSION_UNLOCK(session); |
1745 | |
1746 | if (payload_length < sizeof(uuid_t)) { |
1747 | NETAGENTLOG0(LOG_ERR, "Group assign message is too short" ); |
1748 | response_error = EINVAL; |
1749 | goto done; |
1750 | } |
1751 | |
1752 | memcpy(dst: client_id, src: assign_message->assign_client_id, n: sizeof(client_id)); |
1753 | size_t assigned_group_members_length = (payload_length - sizeof(client_id)); |
1754 | |
1755 | if (assigned_group_members_length > 0) { |
1756 | assigned_group_members = (u_int8_t *)kalloc_data(assigned_group_members_length, Z_WAITOK); |
1757 | if (assigned_group_members == NULL) { |
1758 | NETAGENTLOG(LOG_ERR, "Failed to allocate group assign message (%lu bytes)" , assigned_group_members_length); |
1759 | response_error = ENOMEM; |
1760 | goto done; |
1761 | } |
1762 | memcpy(dst: assigned_group_members, src: assign_message->assign_necp_results, n: assigned_group_members_length); |
1763 | } |
1764 | |
1765 | // Note that if the error is 0, NECP has taken over our malloc'ed buffer |
1766 | response_error = necp_assign_client_group_members(netagent_uuid, client_id, assigned_group_members, assigned_group_members_length); |
1767 | if (response_error != 0) { |
1768 | // necp_assign_client_group_members returns POSIX errors |
1769 | if (assigned_group_members != NULL) { |
1770 | kfree_data(assigned_group_members, assigned_group_members_length); |
1771 | } |
1772 | NETAGENTLOG(LOG_ERR, "Client group assignment failed: %d" , response_error); |
1773 | goto done; |
1774 | } |
1775 | |
1776 | NETAGENTLOG0(LOG_DEBUG, "Agent assigned group members to client" ); |
1777 | done: |
1778 | return response_error; |
1779 | } |
1780 | |
1781 | |
1782 | errno_t |
1783 | netagent_handle_use_count_setopt(struct netagent_session *session, u_int8_t *payload, size_t payload_length) |
1784 | { |
1785 | errno_t response_error = 0; |
1786 | uint64_t use_count = 0; |
1787 | |
1788 | if (session == NULL) { |
1789 | NETAGENTLOG0(LOG_ERR, "Failed to find session" ); |
1790 | response_error = ENOENT; |
1791 | goto done; |
1792 | } |
1793 | |
1794 | if (payload == NULL) { |
1795 | NETAGENTLOG0(LOG_ERR, "No payload received" ); |
1796 | response_error = EINVAL; |
1797 | goto done; |
1798 | } |
1799 | |
1800 | if (payload_length != sizeof(use_count)) { |
1801 | NETAGENTLOG(LOG_ERR, "Payload length is invalid (%lu)" , payload_length); |
1802 | response_error = EINVAL; |
1803 | goto done; |
1804 | } |
1805 | |
1806 | memcpy(dst: &use_count, src: payload, n: sizeof(use_count)); |
1807 | |
1808 | NETAGENT_SESSION_LOCK(session); |
1809 | |
1810 | if (session->wrapper == NULL) { |
1811 | NETAGENT_SESSION_UNLOCK(session); |
1812 | NETAGENTLOG0(LOG_ERR, "Session has no agent registered" ); |
1813 | response_error = ENOENT; |
1814 | goto done; |
1815 | } |
1816 | |
1817 | NETAGENT_LOCK_EXCLUSIVE(session->wrapper); |
1818 | session->wrapper->use_count = use_count; |
1819 | NETAGENT_UNLOCK(session->wrapper); |
1820 | NETAGENT_SESSION_UNLOCK(session); |
1821 | |
1822 | done: |
1823 | return response_error; |
1824 | } |
1825 | |
1826 | errno_t |
1827 | netagent_handle_use_count_getopt(struct netagent_session *session, u_int8_t *buffer, size_t *buffer_length) |
1828 | { |
1829 | errno_t response_error = 0; |
1830 | uint64_t use_count = 0; |
1831 | |
1832 | if (session == NULL) { |
1833 | NETAGENTLOG0(LOG_ERR, "Failed to find session" ); |
1834 | response_error = ENOENT; |
1835 | goto done; |
1836 | } |
1837 | |
1838 | if (buffer == NULL) { |
1839 | NETAGENTLOG0(LOG_ERR, "No payload received" ); |
1840 | response_error = EINVAL; |
1841 | goto done; |
1842 | } |
1843 | |
1844 | if (*buffer_length != sizeof(use_count)) { |
1845 | NETAGENTLOG(LOG_ERR, "Buffer length is invalid (%lu)" , *buffer_length); |
1846 | response_error = EINVAL; |
1847 | goto done; |
1848 | } |
1849 | |
1850 | NETAGENT_SESSION_LOCK(session); |
1851 | |
1852 | if (session->wrapper == NULL) { |
1853 | NETAGENT_SESSION_UNLOCK(session); |
1854 | NETAGENTLOG0(LOG_ERR, "Session has no agent registered" ); |
1855 | response_error = ENOENT; |
1856 | goto done; |
1857 | } |
1858 | |
1859 | NETAGENT_LOCK_SHARED(session->wrapper); |
1860 | use_count = session->wrapper->use_count; |
1861 | NETAGENT_UNLOCK(session->wrapper); |
1862 | NETAGENT_SESSION_UNLOCK(session); |
1863 | |
1864 | memcpy(dst: buffer, src: &use_count, n: sizeof(use_count)); |
1865 | *buffer_length = sizeof(use_count); |
1866 | |
1867 | done: |
1868 | return response_error; |
1869 | } |
1870 | |
1871 | static errno_t |
1872 | netagent_handle_add_token_setopt(struct netagent_session *session, u_int8_t *token, size_t token_length) |
1873 | { |
1874 | errno_t response_error = 0; |
1875 | |
1876 | if (session == NULL) { |
1877 | NETAGENTLOG0(LOG_ERR, "Failed to find session" ); |
1878 | response_error = ENOENT; |
1879 | goto done; |
1880 | } |
1881 | |
1882 | if (token == NULL) { |
1883 | NETAGENTLOG0(LOG_ERR, "No token received" ); |
1884 | response_error = EINVAL; |
1885 | goto done; |
1886 | } |
1887 | |
1888 | if (token_length > NETAGENT_MAX_DATA_SIZE) { |
1889 | NETAGENTLOG(LOG_ERR, "Token length is invalid (%lu)" , token_length); |
1890 | response_error = EINVAL; |
1891 | goto done; |
1892 | } |
1893 | |
1894 | NETAGENT_SESSION_LOCK(session); |
1895 | if (session->wrapper == NULL) { |
1896 | NETAGENT_SESSION_UNLOCK(session); |
1897 | NETAGENTLOG0(LOG_ERR, "Session has no agent registered" ); |
1898 | response_error = ENOENT; |
1899 | goto done; |
1900 | } |
1901 | |
1902 | NETAGENT_LOCK_EXCLUSIVE(session->wrapper); |
1903 | if (session->wrapper->token_count >= NETAGENT_MAX_TOKEN_COUNT) { |
1904 | NETAGENT_UNLOCK(session->wrapper); |
1905 | NETAGENT_SESSION_UNLOCK(session); |
1906 | NETAGENTLOG0(LOG_ERR, "Session cannot add more tokens" ); |
1907 | response_error = EINVAL; |
1908 | goto done; |
1909 | } |
1910 | |
1911 | struct netagent_token *token_struct = NULL; |
1912 | |
1913 | token_struct = kalloc_type(struct netagent_token, Z_WAITOK | Z_ZERO | Z_NOFAIL); |
1914 | token_struct->token_bytes = kalloc_data(token_length, Z_WAITOK | Z_NOFAIL); |
1915 | token_struct->token_length = (u_int32_t)token_length; |
1916 | memcpy(dst: token_struct->token_bytes, src: token, n: token_length); |
1917 | |
1918 | TAILQ_INSERT_TAIL(&session->wrapper->token_list, token_struct, token_chain); |
1919 | |
1920 | session->wrapper->token_count++; |
1921 | |
1922 | // Reset deadline time, now that there are more than 0 tokens |
1923 | session->wrapper->need_tokens_event_deadline = 0; |
1924 | |
1925 | NETAGENT_UNLOCK(session->wrapper); |
1926 | NETAGENT_SESSION_UNLOCK(session); |
1927 | done: |
1928 | return response_error; |
1929 | } |
1930 | |
1931 | static errno_t |
1932 | netagent_handle_flush_tokens_setopt(struct netagent_session *session, __unused u_int8_t *buffer, __unused size_t buffer_length) |
1933 | { |
1934 | errno_t response_error = 0; |
1935 | |
1936 | if (session == NULL) { |
1937 | NETAGENTLOG0(LOG_ERR, "Failed to find session" ); |
1938 | response_error = ENOENT; |
1939 | goto done; |
1940 | } |
1941 | |
1942 | NETAGENT_SESSION_LOCK(session); |
1943 | if (session->wrapper == NULL) { |
1944 | NETAGENT_SESSION_UNLOCK(session); |
1945 | NETAGENTLOG0(LOG_ERR, "Session has no agent registered" ); |
1946 | response_error = ENOENT; |
1947 | goto done; |
1948 | } |
1949 | |
1950 | NETAGENT_LOCK_EXCLUSIVE(session->wrapper); |
1951 | struct netagent_token *search_token = NULL; |
1952 | struct netagent_token *temp_token = NULL; |
1953 | TAILQ_FOREACH_SAFE(search_token, &session->wrapper->token_list, token_chain, temp_token) { |
1954 | TAILQ_REMOVE(&session->wrapper->token_list, search_token, token_chain); |
1955 | netagent_token_free(token: search_token); |
1956 | } |
1957 | session->wrapper->token_count = 0; |
1958 | NETAGENT_UNLOCK(session->wrapper); |
1959 | NETAGENT_SESSION_UNLOCK(session); |
1960 | done: |
1961 | return response_error; |
1962 | } |
1963 | |
1964 | static errno_t |
1965 | netagent_handle_token_count_getopt(struct netagent_session *session, u_int8_t *buffer, size_t *buffer_length) |
1966 | { |
1967 | errno_t response_error = 0; |
1968 | uint32_t token_count = 0; |
1969 | |
1970 | if (session == NULL) { |
1971 | NETAGENTLOG0(LOG_ERR, "Failed to find session" ); |
1972 | response_error = ENOENT; |
1973 | goto done; |
1974 | } |
1975 | |
1976 | if (buffer == NULL) { |
1977 | NETAGENTLOG0(LOG_ERR, "No payload received" ); |
1978 | response_error = EINVAL; |
1979 | goto done; |
1980 | } |
1981 | |
1982 | if (*buffer_length != sizeof(token_count)) { |
1983 | NETAGENTLOG(LOG_ERR, "Buffer length is invalid (%lu)" , *buffer_length); |
1984 | response_error = EINVAL; |
1985 | goto done; |
1986 | } |
1987 | |
1988 | NETAGENT_SESSION_LOCK(session); |
1989 | if (session->wrapper == NULL) { |
1990 | NETAGENT_SESSION_UNLOCK(session); |
1991 | NETAGENTLOG0(LOG_ERR, "Session has no agent registered" ); |
1992 | response_error = ENOENT; |
1993 | goto done; |
1994 | } |
1995 | |
1996 | NETAGENT_LOCK_SHARED(session->wrapper); |
1997 | token_count = session->wrapper->token_count; |
1998 | NETAGENT_UNLOCK(session->wrapper); |
1999 | NETAGENT_SESSION_UNLOCK(session); |
2000 | |
2001 | memcpy(dst: buffer, src: &token_count, n: sizeof(token_count)); |
2002 | *buffer_length = sizeof(token_count); |
2003 | |
2004 | done: |
2005 | return response_error; |
2006 | } |
2007 | |
2008 | static errno_t |
2009 | netagent_handle_token_low_water_setopt(struct netagent_session *session, u_int8_t *buffer, size_t buffer_length) |
2010 | { |
2011 | errno_t response_error = 0; |
2012 | uint32_t token_low_water = 0; |
2013 | |
2014 | if (session == NULL) { |
2015 | NETAGENTLOG0(LOG_ERR, "Failed to find session" ); |
2016 | response_error = ENOENT; |
2017 | goto done; |
2018 | } |
2019 | |
2020 | if (buffer == NULL) { |
2021 | NETAGENTLOG0(LOG_ERR, "No payload received" ); |
2022 | response_error = EINVAL; |
2023 | goto done; |
2024 | } |
2025 | |
2026 | if (buffer_length != sizeof(token_low_water)) { |
2027 | NETAGENTLOG(LOG_ERR, "Buffer length is invalid (%lu)" , buffer_length); |
2028 | response_error = EINVAL; |
2029 | goto done; |
2030 | } |
2031 | |
2032 | memcpy(dst: &token_low_water, src: buffer, n: sizeof(token_low_water)); |
2033 | |
2034 | NETAGENT_SESSION_LOCK(session); |
2035 | if (session->wrapper == NULL) { |
2036 | NETAGENT_SESSION_UNLOCK(session); |
2037 | NETAGENTLOG0(LOG_ERR, "Session has no agent registered" ); |
2038 | response_error = ENOENT; |
2039 | goto done; |
2040 | } |
2041 | |
2042 | NETAGENT_LOCK_EXCLUSIVE(session->wrapper); |
2043 | session->wrapper->token_low_water = token_low_water; |
2044 | NETAGENT_UNLOCK(session->wrapper); |
2045 | NETAGENT_SESSION_UNLOCK(session); |
2046 | |
2047 | done: |
2048 | return response_error; |
2049 | } |
2050 | |
2051 | static errno_t |
2052 | netagent_handle_token_low_water_getopt(struct netagent_session *session, u_int8_t *buffer, size_t *buffer_length) |
2053 | { |
2054 | errno_t response_error = 0; |
2055 | uint32_t token_low_water = 0; |
2056 | |
2057 | if (session == NULL) { |
2058 | NETAGENTLOG0(LOG_ERR, "Failed to find session" ); |
2059 | response_error = ENOENT; |
2060 | goto done; |
2061 | } |
2062 | |
2063 | if (buffer == NULL) { |
2064 | NETAGENTLOG0(LOG_ERR, "No payload received" ); |
2065 | response_error = EINVAL; |
2066 | goto done; |
2067 | } |
2068 | |
2069 | if (*buffer_length != sizeof(token_low_water)) { |
2070 | NETAGENTLOG(LOG_ERR, "Buffer length is invalid (%lu)" , *buffer_length); |
2071 | response_error = EINVAL; |
2072 | goto done; |
2073 | } |
2074 | |
2075 | NETAGENT_SESSION_LOCK(session); |
2076 | if (session->wrapper == NULL) { |
2077 | NETAGENT_SESSION_UNLOCK(session); |
2078 | NETAGENTLOG0(LOG_ERR, "Session has no agent registered" ); |
2079 | response_error = ENOENT; |
2080 | goto done; |
2081 | } |
2082 | |
2083 | NETAGENT_LOCK_SHARED(session->wrapper); |
2084 | token_low_water = session->wrapper->token_low_water; |
2085 | NETAGENT_UNLOCK(session->wrapper); |
2086 | NETAGENT_SESSION_UNLOCK(session); |
2087 | |
2088 | memcpy(dst: buffer, src: &token_low_water, n: sizeof(token_low_water)); |
2089 | *buffer_length = sizeof(token_low_water); |
2090 | |
2091 | done: |
2092 | return response_error; |
2093 | } |
2094 | |
2095 | static errno_t |
2096 | netagent_handle_reset_client_error_setopt(struct netagent_session *session, __unused u_int8_t *payload, __unused size_t payload_length) |
2097 | { |
2098 | errno_t response_error = 0; |
2099 | |
2100 | if (session == NULL) { |
2101 | NETAGENTLOG0(LOG_ERR, "Failed to find session" ); |
2102 | response_error = ENOENT; |
2103 | goto done; |
2104 | } |
2105 | |
2106 | NETAGENT_SESSION_LOCK(session); |
2107 | if (session->wrapper == NULL) { |
2108 | NETAGENT_SESSION_UNLOCK(session); |
2109 | NETAGENTLOG0(LOG_ERR, "Session has no agent registered" ); |
2110 | response_error = ENOENT; |
2111 | goto done; |
2112 | } |
2113 | |
2114 | NETAGENT_LOCK_EXCLUSIVE(session->wrapper); |
2115 | struct netagent_token *search_token = NULL; |
2116 | struct netagent_token *temp_token = NULL; |
2117 | TAILQ_FOREACH_SAFE(search_token, &session->wrapper->token_list, token_chain, temp_token) { |
2118 | TAILQ_REMOVE(&session->wrapper->token_list, search_token, token_chain); |
2119 | netagent_token_free(token: search_token); |
2120 | } |
2121 | session->wrapper->last_client_error = 0; |
2122 | session->wrapper->client_error_count = 0; |
2123 | |
2124 | NETAGENT_UNLOCK(session->wrapper); |
2125 | NETAGENT_SESSION_UNLOCK(session); |
2126 | done: |
2127 | return response_error; |
2128 | } |
2129 | |
2130 | static struct netagent_wrapper * |
2131 | netagent_find_agent_with_uuid_and_lock(uuid_t uuid, bool exclusively, bool ignore_lock) |
2132 | { |
2133 | NETAGENT_LIST_ASSERT_LOCKED(); |
2134 | |
2135 | struct netagent_wrapper *search_netagent = NULL; |
2136 | |
2137 | LIST_FOREACH(search_netagent, &shared_netagent_list, list_chain) { |
2138 | if (uuid_compare(uu1: search_netagent->netagent->netagent_uuid, uu2: uuid) == 0) { |
2139 | if (!ignore_lock) { |
2140 | if (exclusively) { |
2141 | NETAGENT_LOCK_EXCLUSIVE(search_netagent); |
2142 | } else { |
2143 | NETAGENT_LOCK_SHARED(search_netagent); |
2144 | } |
2145 | } |
2146 | return search_netagent; |
2147 | } |
2148 | } |
2149 | |
2150 | return NULL; |
2151 | } |
2152 | |
2153 | void |
2154 | netagent_post_updated_interfaces(uuid_t uuid) |
2155 | { |
2156 | if (!uuid_is_null(uu: uuid)) { |
2157 | netagent_post_event(agent_uuid: uuid, KEV_NETAGENT_UPDATED_INTERFACES, true, false); |
2158 | } else { |
2159 | NETAGENTLOG0(LOG_DEBUG, "Interface event with no associated agent" ); |
2160 | } |
2161 | } |
2162 | |
2163 | static u_int32_t |
2164 | netagent_dump_get_data_size_locked() |
2165 | { |
2166 | NETAGENT_LIST_ASSERT_LOCKED(); |
2167 | |
2168 | struct netagent_wrapper *search_netagent = NULL; |
2169 | u_int32_t total_netagent_data_size = 0; |
2170 | // Traverse the shared list to know how much data the client needs to allocate to get the list of agent UUIDs |
2171 | LIST_FOREACH(search_netagent, &shared_netagent_list, list_chain) { |
2172 | total_netagent_data_size += sizeof(search_netagent->netagent->netagent_uuid); |
2173 | } |
2174 | return total_netagent_data_size; |
2175 | } |
2176 | |
2177 | static void |
2178 | netagent_dump_copy_data_locked(u_int8_t *buffer, u_int32_t buffer_length) |
2179 | { |
2180 | NETAGENT_LIST_ASSERT_LOCKED(); |
2181 | |
2182 | size_t response_size = 0; |
2183 | u_int8_t *cursor = NULL; |
2184 | struct netagent_wrapper *search_netagent = NULL; |
2185 | |
2186 | response_size = buffer_length; // We already know that buffer_length is the same as total_netagent_data_size. |
2187 | cursor = buffer; |
2188 | LIST_FOREACH(search_netagent, &shared_netagent_list, list_chain) { |
2189 | memcpy(dst: cursor, src: search_netagent->netagent->netagent_uuid, n: sizeof(search_netagent->netagent->netagent_uuid)); |
2190 | cursor += sizeof(search_netagent->netagent->netagent_uuid); |
2191 | } |
2192 | } |
2193 | |
2194 | int |
2195 | netagent_ioctl(u_long cmd, caddr_t data) |
2196 | { |
2197 | int error = 0; |
2198 | |
2199 | switch (cmd) { |
2200 | case SIOCGIFAGENTLIST32: |
2201 | case SIOCGIFAGENTLIST64: { |
2202 | /* Check entitlement if the client requests agent dump */ |
2203 | errno_t cred_result = priv_check_cred(cred: kauth_cred_get(), PRIV_NET_PRIVILEGED_NECP_POLICIES, flags: 0); |
2204 | if (cred_result != 0) { |
2205 | NETAGENTLOG0(LOG_ERR, "Client does not hold the necessary entitlement to get netagent information" ); |
2206 | return EINVAL; |
2207 | } |
2208 | break; |
2209 | } |
2210 | default: |
2211 | break; |
2212 | } |
2213 | |
2214 | NETAGENT_LIST_LOCK_SHARED(); |
2215 | switch (cmd) { |
2216 | case SIOCGIFAGENTDATA32: { |
2217 | struct netagent_req32 *ifsir32 = (struct netagent_req32 *)(void *)data; |
2218 | struct netagent_wrapper *wrapper = netagent_find_agent_with_uuid_and_lock(uuid: ifsir32->netagent_uuid, false, false); |
2219 | if (wrapper == NULL) { |
2220 | error = ENOENT; |
2221 | break; |
2222 | } |
2223 | uuid_copy(dst: ifsir32->netagent_uuid, src: wrapper->netagent->netagent_uuid); |
2224 | memcpy(dst: ifsir32->netagent_domain, src: wrapper->netagent->netagent_domain, n: sizeof(ifsir32->netagent_domain)); |
2225 | memcpy(dst: ifsir32->netagent_type, src: wrapper->netagent->netagent_type, n: sizeof(ifsir32->netagent_type)); |
2226 | memcpy(dst: ifsir32->netagent_desc, src: wrapper->netagent->netagent_desc, n: sizeof(ifsir32->netagent_desc)); |
2227 | ifsir32->netagent_flags = wrapper->netagent->netagent_flags; |
2228 | if (ifsir32->netagent_data_size == 0) { |
2229 | // First pass, client wants data size |
2230 | ifsir32->netagent_data_size = wrapper->netagent->netagent_data_size; |
2231 | } else if (ifsir32->netagent_data != USER_ADDR_NULL && |
2232 | ifsir32->netagent_data_size == wrapper->netagent->netagent_data_size) { |
2233 | // Second pass, client wants data buffer filled out |
2234 | error = copyout(wrapper->netagent->netagent_data, ifsir32->netagent_data, wrapper->netagent->netagent_data_size); |
2235 | } else { |
2236 | error = EINVAL; |
2237 | } |
2238 | NETAGENT_UNLOCK(wrapper); |
2239 | break; |
2240 | } |
2241 | case SIOCGIFAGENTDATA64: { |
2242 | struct netagent_req64 *ifsir64 = (struct netagent_req64 *)(void *)data; |
2243 | struct netagent_wrapper *wrapper = netagent_find_agent_with_uuid_and_lock(uuid: ifsir64->netagent_uuid, false, false); |
2244 | if (wrapper == NULL) { |
2245 | error = ENOENT; |
2246 | break; |
2247 | } |
2248 | uuid_copy(dst: ifsir64->netagent_uuid, src: wrapper->netagent->netagent_uuid); |
2249 | memcpy(dst: ifsir64->netagent_domain, src: wrapper->netagent->netagent_domain, n: sizeof(ifsir64->netagent_domain)); |
2250 | memcpy(dst: ifsir64->netagent_type, src: wrapper->netagent->netagent_type, n: sizeof(ifsir64->netagent_type)); |
2251 | memcpy(dst: ifsir64->netagent_desc, src: wrapper->netagent->netagent_desc, n: sizeof(ifsir64->netagent_desc)); |
2252 | ifsir64->netagent_flags = wrapper->netagent->netagent_flags; |
2253 | if (ifsir64->netagent_data_size == 0) { |
2254 | // First pass, client wants data size |
2255 | ifsir64->netagent_data_size = wrapper->netagent->netagent_data_size; |
2256 | } else if (ifsir64->netagent_data != USER_ADDR_NULL && |
2257 | ifsir64->netagent_data_size == wrapper->netagent->netagent_data_size) { |
2258 | // Second pass, client wants data buffer filled out |
2259 | error = copyout(wrapper->netagent->netagent_data, ifsir64->netagent_data, wrapper->netagent->netagent_data_size); |
2260 | } else { |
2261 | error = EINVAL; |
2262 | } |
2263 | NETAGENT_UNLOCK(wrapper); |
2264 | break; |
2265 | } |
2266 | case SIOCGIFAGENTLIST32: { |
2267 | struct netagentlist_req32 *ifsir32 = (struct netagentlist_req32 *)(void *)data; |
2268 | if (ifsir32->data_size == 0) { |
2269 | // First pass, client wants data size |
2270 | ifsir32->data_size = netagent_dump_get_data_size_locked(); |
2271 | } else if (ifsir32->data != USER_ADDR_NULL && |
2272 | ifsir32->data_size > 0 && |
2273 | ifsir32->data_size == netagent_dump_get_data_size_locked()) { |
2274 | // Second pass, client wants data buffer filled out |
2275 | u_int8_t *response = NULL; |
2276 | response = (u_int8_t *)kalloc_data(ifsir32->data_size, Z_NOWAIT | Z_ZERO); |
2277 | if (response == NULL) { |
2278 | error = ENOMEM; |
2279 | break; |
2280 | } |
2281 | |
2282 | netagent_dump_copy_data_locked(buffer: response, buffer_length: ifsir32->data_size); |
2283 | error = copyout(response, ifsir32->data, ifsir32->data_size); |
2284 | kfree_data(response, ifsir32->data_size); |
2285 | } else { |
2286 | error = EINVAL; |
2287 | } |
2288 | break; |
2289 | } |
2290 | case SIOCGIFAGENTLIST64: { |
2291 | struct netagentlist_req64 *ifsir64 = (struct netagentlist_req64 *)(void *)data; |
2292 | if (ifsir64->data_size == 0) { |
2293 | // First pass, client wants data size |
2294 | ifsir64->data_size = netagent_dump_get_data_size_locked(); |
2295 | } else if (ifsir64->data != USER_ADDR_NULL && |
2296 | ifsir64->data_size > 0 && |
2297 | ifsir64->data_size == netagent_dump_get_data_size_locked()) { |
2298 | // Second pass, client wants data buffer filled out |
2299 | u_int8_t *response = NULL; |
2300 | response = (u_int8_t *)kalloc_data(ifsir64->data_size, Z_NOWAIT | Z_ZERO); |
2301 | if (response == NULL) { |
2302 | error = ENOMEM; |
2303 | break; |
2304 | } |
2305 | |
2306 | netagent_dump_copy_data_locked(buffer: response, buffer_length: ifsir64->data_size); |
2307 | error = copyout(response, ifsir64->data, ifsir64->data_size); |
2308 | kfree_data(response, ifsir64->data_size); |
2309 | } else { |
2310 | error = EINVAL; |
2311 | } |
2312 | break; |
2313 | } |
2314 | default: { |
2315 | error = EINVAL; |
2316 | break; |
2317 | } |
2318 | } |
2319 | NETAGENT_LIST_UNLOCK(); |
2320 | return error; |
2321 | } |
2322 | |
2323 | u_int32_t |
2324 | netagent_get_flags(uuid_t uuid) |
2325 | { |
2326 | u_int32_t flags = 0; |
2327 | NETAGENT_LIST_LOCK_SHARED(); |
2328 | struct netagent_wrapper *wrapper = netagent_find_agent_with_uuid_and_lock(uuid, false, false); |
2329 | if (wrapper != NULL) { |
2330 | flags = wrapper->netagent->netagent_flags; |
2331 | NETAGENT_UNLOCK(wrapper); |
2332 | } else { |
2333 | NETAGENTLOG0(LOG_DEBUG, "Flags requested for invalid netagent" ); |
2334 | } |
2335 | NETAGENT_LIST_UNLOCK(); |
2336 | |
2337 | return flags; |
2338 | } |
2339 | |
2340 | errno_t |
2341 | netagent_set_flags(uuid_t uuid, u_int32_t flags) |
2342 | { |
2343 | errno_t error = 0; |
2344 | bool updated = false; |
2345 | |
2346 | NETAGENT_LIST_LOCK_SHARED(); |
2347 | struct netagent_wrapper *wrapper = netagent_find_agent_with_uuid_and_lock(uuid, true, false); |
2348 | if (wrapper != NULL) { |
2349 | // Don't allow the clients to clear |
2350 | // NETAGENT_FLAG_REGISTERED. |
2351 | uint32_t registered = |
2352 | wrapper->netagent->netagent_flags & NETAGENT_FLAG_REGISTERED; |
2353 | flags |= registered; |
2354 | if (wrapper->netagent->netagent_flags != flags) { |
2355 | wrapper->netagent->netagent_flags = flags; |
2356 | wrapper->generation = g_next_generation++; |
2357 | updated = true; |
2358 | } |
2359 | NETAGENT_UNLOCK(wrapper); |
2360 | } else { |
2361 | NETAGENTLOG0(LOG_DEBUG, |
2362 | "Attempt to set flags for invalid netagent" ); |
2363 | error = ENOENT; |
2364 | } |
2365 | NETAGENT_LIST_UNLOCK(); |
2366 | if (updated) { |
2367 | netagent_post_event(agent_uuid: uuid, KEV_NETAGENT_UPDATED, true, false); |
2368 | } |
2369 | |
2370 | return error; |
2371 | } |
2372 | |
2373 | u_int32_t |
2374 | netagent_get_generation(uuid_t uuid) |
2375 | { |
2376 | u_int32_t generation = 0; |
2377 | NETAGENT_LIST_LOCK_SHARED(); |
2378 | struct netagent_wrapper *wrapper = netagent_find_agent_with_uuid_and_lock(uuid, false, false); |
2379 | if (wrapper != NULL) { |
2380 | generation = wrapper->generation; |
2381 | NETAGENT_UNLOCK(wrapper); |
2382 | } else { |
2383 | NETAGENTLOG0(LOG_DEBUG, "Generation requested for invalid netagent" ); |
2384 | } |
2385 | NETAGENT_LIST_UNLOCK(); |
2386 | |
2387 | return generation; |
2388 | } |
2389 | |
2390 | bool |
2391 | netagent_get_agent_domain_and_type(uuid_t uuid, char *domain, char *type) |
2392 | { |
2393 | bool found = FALSE; |
2394 | if (domain == NULL || type == NULL) { |
2395 | NETAGENTLOG(LOG_ERR, "Invalid arguments for netagent_get_agent_domain_and_type %p %p" , domain, type); |
2396 | return FALSE; |
2397 | } |
2398 | |
2399 | NETAGENT_LIST_LOCK_SHARED(); |
2400 | struct netagent_wrapper *wrapper = netagent_find_agent_with_uuid_and_lock(uuid, false, false); |
2401 | if (wrapper != NULL) { |
2402 | found = TRUE; |
2403 | memcpy(dst: domain, src: wrapper->netagent->netagent_domain, NETAGENT_DOMAINSIZE); |
2404 | memcpy(dst: type, src: wrapper->netagent->netagent_type, NETAGENT_TYPESIZE); |
2405 | NETAGENT_UNLOCK(wrapper); |
2406 | } else { |
2407 | NETAGENTLOG0(LOG_ERR, "Type requested for invalid netagent" ); |
2408 | } |
2409 | NETAGENT_LIST_UNLOCK(); |
2410 | |
2411 | return found; |
2412 | } |
2413 | |
2414 | int |
2415 | netagent_kernel_trigger(uuid_t uuid) |
2416 | { |
2417 | int error = 0; |
2418 | |
2419 | NETAGENT_LIST_LOCK_SHARED(); |
2420 | struct netagent_wrapper *wrapper = netagent_find_agent_with_uuid_and_lock(uuid, false, false); |
2421 | if (wrapper == NULL) { |
2422 | NETAGENTLOG0(LOG_ERR, "Requested netagent for kernel trigger could not be found" ); |
2423 | error = ENOENT; |
2424 | goto done; |
2425 | } |
2426 | |
2427 | if ((wrapper->netagent->netagent_flags & NETAGENT_FLAG_KERNEL_ACTIVATED) == 0) { |
2428 | NETAGENTLOG0(LOG_ERR, "Requested netagent for kernel trigger is not kernel activated" ); |
2429 | // Agent does not accept kernel triggers |
2430 | error = EINVAL; |
2431 | goto done; |
2432 | } |
2433 | |
2434 | if ((wrapper->netagent->netagent_flags & NETAGENT_FLAG_ACTIVE)) { |
2435 | // Agent already active |
2436 | NETAGENTLOG0(LOG_INFO, "Requested netagent for kernel trigger is already active" ); |
2437 | error = 0; |
2438 | goto done; |
2439 | } |
2440 | |
2441 | error = netagent_send_trigger(wrapper, p: current_proc(), NETAGENT_TRIGGER_FLAG_KERNEL, NETAGENT_MESSAGE_TYPE_TRIGGER); |
2442 | NETAGENTLOG((error ? LOG_ERR : LOG_INFO), "Triggered netagent from kernel (error %d)" , error); |
2443 | done: |
2444 | if (wrapper != NULL) { |
2445 | NETAGENT_UNLOCK(wrapper); |
2446 | } |
2447 | NETAGENT_LIST_UNLOCK(); |
2448 | return error; |
2449 | } |
2450 | |
2451 | int |
2452 | netagent_client_message_with_params(uuid_t agent_uuid, |
2453 | uuid_t necp_client_uuid, |
2454 | pid_t pid, |
2455 | void *handle, |
2456 | u_int8_t message_type, |
2457 | struct necp_client_agent_parameters *parameters, |
2458 | void **assigned_results, |
2459 | size_t *assigned_results_length) |
2460 | { |
2461 | int error = 0; |
2462 | |
2463 | if (message_type != NETAGENT_MESSAGE_TYPE_CLIENT_TRIGGER && |
2464 | message_type != NETAGENT_MESSAGE_TYPE_CLIENT_ASSERT && |
2465 | message_type != NETAGENT_MESSAGE_TYPE_CLIENT_UNASSERT && |
2466 | message_type != NETAGENT_MESSAGE_TYPE_CLIENT_ERROR && |
2467 | message_type != NETAGENT_MESSAGE_TYPE_REQUEST_NEXUS && |
2468 | message_type != NETAGENT_MESSAGE_TYPE_CLOSE_NEXUS && |
2469 | message_type != NETAGENT_MESSAGE_TYPE_ABORT_NEXUS && |
2470 | message_type != NETAGENT_MESSAGE_TYPE_ADD_GROUP_MEMBERS && |
2471 | message_type != NETAGENT_MESSAGE_TYPE_REMOVE_GROUP_MEMBERS) { |
2472 | NETAGENTLOG(LOG_ERR, "Client netagent message type (%d) is invalid" , message_type); |
2473 | return EINVAL; |
2474 | } |
2475 | |
2476 | NETAGENT_LIST_LOCK_SHARED(); |
2477 | bool should_unlock_list = true; |
2478 | bool should_unlock_wrapper = true; |
2479 | struct netagent_wrapper *wrapper = netagent_find_agent_with_uuid_and_lock(uuid: agent_uuid, false, false); |
2480 | if (wrapper == NULL) { |
2481 | NETAGENTLOG0(LOG_DEBUG, "Requested netagent for nexus instance could not be found" ); |
2482 | error = ENOENT; |
2483 | goto done; |
2484 | } |
2485 | |
2486 | if (message_type == NETAGENT_MESSAGE_TYPE_CLIENT_TRIGGER) { |
2487 | if ((wrapper->netagent->netagent_flags & NETAGENT_FLAG_USER_ACTIVATED) == 0) { |
2488 | // Agent does not accept user triggers |
2489 | // Don't log, since this is a common case used to trigger events that cellular data is blocked, etc. |
2490 | error = ENOTSUP; |
2491 | |
2492 | |
2493 | pid_t report_pid = 0; |
2494 | uuid_t report_proc_uuid = {}; |
2495 | if (parameters != NULL) { |
2496 | report_pid = parameters->u.nexus_request.epid; |
2497 | uuid_copy(dst: report_proc_uuid, src: parameters->u.nexus_request.euuid); |
2498 | } else { |
2499 | struct proc *p = current_proc(); |
2500 | if (p != NULL) { |
2501 | report_pid = proc_pid(p); |
2502 | proc_getexecutableuuid(p, report_proc_uuid, sizeof(report_proc_uuid)); |
2503 | } |
2504 | } |
2505 | netagent_send_cellular_failed_event(wrapper, pid: report_pid, proc_uuid: report_proc_uuid); |
2506 | goto done; |
2507 | } |
2508 | } else if (message_type == NETAGENT_MESSAGE_TYPE_REQUEST_NEXUS || |
2509 | message_type == NETAGENT_MESSAGE_TYPE_CLOSE_NEXUS || |
2510 | message_type == NETAGENT_MESSAGE_TYPE_ABORT_NEXUS) { |
2511 | bool is_nexus_agent = ((wrapper->netagent->netagent_flags & |
2512 | (NETAGENT_FLAG_NEXUS_PROVIDER | |
2513 | NETAGENT_FLAG_NEXUS_LISTENER | |
2514 | NETAGENT_FLAG_CUSTOM_IP_NEXUS | |
2515 | NETAGENT_FLAG_CUSTOM_ETHER_NEXUS | |
2516 | NETAGENT_FLAG_INTERPOSE_NEXUS)) != 0); |
2517 | if (!is_nexus_agent) { |
2518 | NETAGENTLOG0(LOG_ERR, "Requested netagent for nexus instance is not a nexus provider" ); |
2519 | // Agent is not a nexus provider |
2520 | error = EINVAL; |
2521 | goto done; |
2522 | } |
2523 | |
2524 | if ((wrapper->netagent->netagent_flags & NETAGENT_FLAG_ACTIVE) == 0) { |
2525 | // Agent not active |
2526 | NETAGENTLOG0(LOG_INFO, "Requested netagent for nexus instance is not active" ); |
2527 | error = EINVAL; |
2528 | goto done; |
2529 | } |
2530 | } else if (message_type == NETAGENT_MESSAGE_TYPE_ADD_GROUP_MEMBERS || |
2531 | message_type == NETAGENT_MESSAGE_TYPE_REMOVE_GROUP_MEMBERS) { |
2532 | bool is_group_agent = ((wrapper->netagent->netagent_flags & (NETAGENT_FLAG_SUPPORTS_GROUPS)) != 0); |
2533 | if (!is_group_agent) { |
2534 | NETAGENTLOG0(LOG_ERR, "Requested netagent for group operation is not a group provider" ); |
2535 | error = EINVAL; |
2536 | goto done; |
2537 | } |
2538 | |
2539 | if ((wrapper->netagent->netagent_flags & NETAGENT_FLAG_ACTIVE) == 0) { |
2540 | // Agent not active |
2541 | NETAGENTLOG0(LOG_INFO, "Requested netagent for group operation is not active" ); |
2542 | error = EINVAL; |
2543 | goto done; |
2544 | } |
2545 | } |
2546 | |
2547 | if (wrapper->control_unit == 0) { |
2548 | if (wrapper->event_handler == NULL) { |
2549 | // No event handler registered for kernel agent |
2550 | error = EINVAL; |
2551 | } else { |
2552 | // We hold the wrapper lock during the event handler callout, so it is expected |
2553 | // that the event handler will not lead to any registrations or unregistrations |
2554 | // of network agents. |
2555 | // We release the list lock before calling the event handler to allow other threads |
2556 | // to access the list while the event is processing. |
2557 | NETAGENT_LIST_UNLOCK(); |
2558 | should_unlock_list = false; |
2559 | error = wrapper->event_handler(message_type, necp_client_uuid, pid, handle, |
2560 | wrapper->event_context, parameters, |
2561 | assigned_results, assigned_results_length); |
2562 | if (error != 0) { |
2563 | VERIFY(assigned_results == NULL || *assigned_results == NULL); |
2564 | VERIFY(assigned_results_length == NULL || *assigned_results_length == 0); |
2565 | } |
2566 | } |
2567 | } else { |
2568 | // ABORT_NEXUS is kernel-private, so translate it for userspace nexus |
2569 | if (message_type == NETAGENT_MESSAGE_TYPE_ABORT_NEXUS) { |
2570 | message_type = NETAGENT_MESSAGE_TYPE_CLOSE_NEXUS; |
2571 | } |
2572 | |
2573 | if (message_type == NETAGENT_MESSAGE_TYPE_CLIENT_ERROR) { |
2574 | const int32_t client_error = parameters->u.error.error; |
2575 | const bool force_report = parameters->u.error.force_report; |
2576 | if (wrapper->last_client_error != client_error || // Always notify for an error change |
2577 | force_report || // Always notify if force reporting was requested |
2578 | (client_error == 0 && wrapper->client_error_count == 0) || // Only notify once for no-error |
2579 | (client_error != 0 && wrapper->client_error_count < NETAGENT_MAX_CLIENT_ERROR_COUNT)) { |
2580 | if (NETAGENT_LOCK_SHARED_TO_EXCLUSIVE(wrapper)) { |
2581 | if (wrapper->last_client_error != client_error) { |
2582 | wrapper->last_client_error = client_error; |
2583 | wrapper->client_error_count = 1; |
2584 | } else { |
2585 | wrapper->client_error_count++; |
2586 | } |
2587 | error = netagent_send_error_message(wrapper, client_id: necp_client_uuid, message_type, error_code: client_error); |
2588 | } else { |
2589 | // If NETAGENT_LOCK_SHARED_TO_EXCLUSIVE fails, it unlocks automatically |
2590 | should_unlock_wrapper = false; |
2591 | } |
2592 | } |
2593 | } else if (message_type == NETAGENT_MESSAGE_TYPE_ADD_GROUP_MEMBERS || |
2594 | message_type == NETAGENT_MESSAGE_TYPE_REMOVE_GROUP_MEMBERS) { |
2595 | error = netagent_send_group_message(wrapper, client_id: necp_client_uuid, message_type, group_members: ¶meters->u.group_members); |
2596 | } else { |
2597 | error = netagent_send_client_message(wrapper, client_id: necp_client_uuid, message_type); |
2598 | } |
2599 | if (error == 0 && message_type == NETAGENT_MESSAGE_TYPE_CLIENT_TRIGGER) { |
2600 | if (NETAGENT_LOCK_SHARED_TO_EXCLUSIVE(wrapper)) { |
2601 | // Grab the lock exclusively to add a pending client to the list |
2602 | struct netagent_client *new_pending_client = NULL; |
2603 | new_pending_client = kalloc_type(struct netagent_client, Z_WAITOK); |
2604 | if (new_pending_client == NULL) { |
2605 | NETAGENTLOG0(LOG_ERR, "Failed to allocate client for trigger" ); |
2606 | } else { |
2607 | uuid_copy(dst: new_pending_client->client_id, src: necp_client_uuid); |
2608 | if (parameters != NULL) { |
2609 | new_pending_client->client_pid = parameters->u.nexus_request.epid; |
2610 | uuid_copy(dst: new_pending_client->client_proc_uuid, src: parameters->u.nexus_request.euuid); |
2611 | } else { |
2612 | struct proc *p = current_proc(); |
2613 | if (p != NULL) { |
2614 | new_pending_client->client_pid = proc_pid(p); |
2615 | proc_getexecutableuuid(p, new_pending_client->client_proc_uuid, sizeof(new_pending_client->client_proc_uuid)); |
2616 | } |
2617 | } |
2618 | LIST_INSERT_HEAD(&wrapper->pending_triggers_list, new_pending_client, client_chain); |
2619 | } |
2620 | } else { |
2621 | // If NETAGENT_LOCK_SHARED_TO_EXCLUSIVE fails, it unlocks automatically |
2622 | should_unlock_wrapper = false; |
2623 | } |
2624 | } |
2625 | } |
2626 | NETAGENTLOG(((error && error != ENOENT) ? LOG_ERR : LOG_INFO), "Send message %d for client (error %d)" , message_type, error); |
2627 | if (message_type == NETAGENT_MESSAGE_TYPE_CLIENT_TRIGGER) { |
2628 | uuid_string_t uuid_str; |
2629 | uuid_unparse(uu: agent_uuid, out: uuid_str); |
2630 | NETAGENTLOG(LOG_NOTICE, "Triggered network agent %s, error = %d" , uuid_str, error); |
2631 | } |
2632 | done: |
2633 | if (should_unlock_wrapper && wrapper != NULL) { |
2634 | NETAGENT_UNLOCK(wrapper); |
2635 | } |
2636 | if (should_unlock_list) { |
2637 | NETAGENT_LIST_UNLOCK(); |
2638 | } |
2639 | return error; |
2640 | } |
2641 | |
2642 | int |
2643 | netagent_client_message(uuid_t agent_uuid, uuid_t necp_client_uuid, pid_t pid, void *handle, u_int8_t message_type) |
2644 | { |
2645 | return netagent_client_message_with_params(agent_uuid, necp_client_uuid, pid, handle, message_type, NULL, NULL, NULL); |
2646 | } |
2647 | |
2648 | int |
2649 | netagent_use(uuid_t agent_uuid, uint64_t *out_use_count) |
2650 | { |
2651 | int error = 0; |
2652 | |
2653 | NETAGENT_LIST_LOCK_SHARED(); |
2654 | struct netagent_wrapper *wrapper = netagent_find_agent_with_uuid_and_lock(uuid: agent_uuid, true, false); |
2655 | if (wrapper == NULL) { |
2656 | NETAGENTLOG0(LOG_ERR, "netagent_assert: Requested netagent UUID is not registered" ); |
2657 | error = ENOENT; |
2658 | goto done; |
2659 | } |
2660 | |
2661 | uint64_t current_count = wrapper->use_count; |
2662 | wrapper->use_count++; |
2663 | |
2664 | if (out_use_count != NULL) { |
2665 | *out_use_count = current_count; |
2666 | } |
2667 | |
2668 | done: |
2669 | if (wrapper != NULL) { |
2670 | NETAGENT_UNLOCK(wrapper); |
2671 | } |
2672 | NETAGENT_LIST_UNLOCK(); |
2673 | return error; |
2674 | } |
2675 | |
2676 | int |
2677 | netagent_copyout(uuid_t agent_uuid, user_addr_t user_addr, u_int32_t user_size) |
2678 | { |
2679 | int error = 0; |
2680 | |
2681 | NETAGENT_LIST_LOCK_SHARED(); |
2682 | struct netagent_wrapper *wrapper = netagent_find_agent_with_uuid_and_lock(uuid: agent_uuid, false, false); |
2683 | if (wrapper == NULL) { |
2684 | NETAGENTLOG0(LOG_DEBUG, "Requested netagent for nexus instance could not be found" ); |
2685 | error = ENOENT; |
2686 | goto done; |
2687 | } |
2688 | |
2689 | u_int32_t total_size = (sizeof(struct netagent) + wrapper->netagent->netagent_data_size); |
2690 | if (user_size < total_size) { |
2691 | NETAGENTLOG(LOG_ERR, "Provided user buffer is too small (%u < %u)" , user_size, total_size); |
2692 | error = EINVAL; |
2693 | goto done; |
2694 | } |
2695 | |
2696 | error = copyout(wrapper->netagent, user_addr, total_size); |
2697 | |
2698 | NETAGENTLOG((error ? LOG_ERR : LOG_DEBUG), "Copied agent content (error %d)" , error); |
2699 | done: |
2700 | if (wrapper != NULL) { |
2701 | NETAGENT_UNLOCK(wrapper); |
2702 | } |
2703 | NETAGENT_LIST_UNLOCK(); |
2704 | return error; |
2705 | } |
2706 | |
2707 | #define NETAGENT_TOKEN_EVENT_INTERVAL_NSEC (NSEC_PER_SEC * 10) // Only fire repeated events up to once every 10 seconds |
2708 | |
2709 | int |
2710 | netagent_acquire_token(uuid_t agent_uuid, user_addr_t user_addr, u_int32_t user_size, int *retval) |
2711 | { |
2712 | int error = 0; |
2713 | |
2714 | NETAGENT_LIST_LOCK_SHARED(); |
2715 | struct netagent_wrapper *wrapper = netagent_find_agent_with_uuid_and_lock(uuid: agent_uuid, true, false); |
2716 | if (wrapper == NULL) { |
2717 | NETAGENTLOG0(LOG_DEBUG, "Network agent for request UUID could not be found" ); |
2718 | error = ENOENT; |
2719 | goto done; |
2720 | } |
2721 | |
2722 | struct netagent_token *token = TAILQ_FIRST(&wrapper->token_list); |
2723 | if (token == NULL) { |
2724 | NETAGENTLOG0(LOG_DEBUG, "Network agent does not have any tokens" ); |
2725 | if (wrapper->token_low_water != 0) { |
2726 | // Only fire an event if one hasn't occurred in the last 10 seconds |
2727 | if (mach_absolute_time() >= wrapper->need_tokens_event_deadline) { |
2728 | int event_error = netagent_send_tokens_needed(wrapper); |
2729 | if (event_error == 0) { |
2730 | // Reset the deadline |
2731 | uint64_t deadline = 0; |
2732 | nanoseconds_to_absolutetime(NETAGENT_TOKEN_EVENT_INTERVAL_NSEC, result: &deadline); |
2733 | clock_absolutetime_interval_to_deadline(abstime: deadline, result: &deadline); |
2734 | wrapper->need_tokens_event_deadline = deadline; |
2735 | } |
2736 | } |
2737 | } |
2738 | error = ENODATA; |
2739 | goto done; |
2740 | } |
2741 | |
2742 | if (user_size < token->token_length) { |
2743 | NETAGENTLOG(LOG_ERR, "Provided user buffer is too small (%u < %u)" , user_size, token->token_length); |
2744 | error = EMSGSIZE; |
2745 | goto done; |
2746 | } |
2747 | |
2748 | error = copyout(token->token_bytes, user_addr, token->token_length); |
2749 | if (error == 0) { |
2750 | *retval = (int)token->token_length; |
2751 | } |
2752 | |
2753 | NETAGENTLOG((error ? LOG_ERR : LOG_DEBUG), "Copied token content (error %d)" , error); |
2754 | |
2755 | TAILQ_REMOVE(&wrapper->token_list, token, token_chain); |
2756 | netagent_token_free(token); |
2757 | if (wrapper->token_count > 0) { |
2758 | wrapper->token_count--; |
2759 | } |
2760 | if (wrapper->token_count < wrapper->token_low_water) { |
2761 | (void)netagent_send_tokens_needed(wrapper); |
2762 | } |
2763 | done: |
2764 | if (wrapper != NULL) { |
2765 | NETAGENT_UNLOCK(wrapper); |
2766 | } |
2767 | NETAGENT_LIST_UNLOCK(); |
2768 | return error; |
2769 | } |
2770 | |
2771 | int |
2772 | netagent_trigger(struct proc *p, struct netagent_trigger_args *uap, int32_t *retval) |
2773 | { |
2774 | #pragma unused(p, retval) |
2775 | uuid_t agent_uuid = {}; |
2776 | int error = 0; |
2777 | |
2778 | if (uap == NULL) { |
2779 | NETAGENTLOG0(LOG_ERR, "uap == NULL" ); |
2780 | return EINVAL; |
2781 | } |
2782 | |
2783 | if (uap->agent_uuid) { |
2784 | if (uap->agent_uuidlen != sizeof(uuid_t)) { |
2785 | NETAGENTLOG(LOG_ERR, "Incorrect length (got %zu, expected %lu)" , |
2786 | (size_t)uap->agent_uuidlen, sizeof(uuid_t)); |
2787 | return ERANGE; |
2788 | } |
2789 | |
2790 | error = copyin(uap->agent_uuid, agent_uuid, sizeof(uuid_t)); |
2791 | if (error) { |
2792 | NETAGENTLOG(LOG_ERR, "copyin error (%d)" , error); |
2793 | return error; |
2794 | } |
2795 | } |
2796 | |
2797 | if (uuid_is_null(uu: agent_uuid)) { |
2798 | NETAGENTLOG0(LOG_ERR, "Requested netagent UUID is empty" ); |
2799 | return EINVAL; |
2800 | } |
2801 | |
2802 | NETAGENT_LIST_LOCK_SHARED(); |
2803 | struct netagent_wrapper *wrapper = netagent_find_agent_with_uuid_and_lock(uuid: agent_uuid, false, false); |
2804 | if (wrapper == NULL) { |
2805 | NETAGENTLOG0(LOG_ERR, "Requested netagent UUID is not registered" ); |
2806 | error = ENOENT; |
2807 | goto done; |
2808 | } |
2809 | |
2810 | if ((wrapper->netagent->netagent_flags & NETAGENT_FLAG_USER_ACTIVATED) == 0) { |
2811 | // Agent does not accept triggers |
2812 | NETAGENTLOG0(LOG_ERR, "Requested netagent UUID is not eligible for triggering" ); |
2813 | error = ENOTSUP; |
2814 | goto done; |
2815 | } |
2816 | |
2817 | if ((wrapper->netagent->netagent_flags & NETAGENT_FLAG_ACTIVE)) { |
2818 | // Agent already active |
2819 | NETAGENTLOG0(LOG_INFO, "Requested netagent UUID is already active" ); |
2820 | error = 0; |
2821 | goto done; |
2822 | } |
2823 | |
2824 | error = netagent_send_trigger(wrapper, p, NETAGENT_TRIGGER_FLAG_USER, NETAGENT_MESSAGE_TYPE_TRIGGER); |
2825 | NETAGENTLOG((error ? LOG_ERR : LOG_INFO), "Triggered netagent (error %d)" , error); |
2826 | done: |
2827 | if (wrapper != NULL) { |
2828 | NETAGENT_UNLOCK(wrapper); |
2829 | } |
2830 | NETAGENT_LIST_UNLOCK(); |
2831 | return error; |
2832 | } |
2833 | |