OSDictionary is not well-suited to our needs and locking is quite expensive.
This commit:
+ Replaces all uses of OSDictionary with a new SantaCache class, which
is a size-limited array hash table with per-bucket locking. It works with
uint64_t keys, which is perfect for our needs.
+ Adds a unit test for SantaCache.
+ Removes SantaCachedDecision and SantaPIDAndPPID, which only existed
because OSDictionary can only store OSObject subclasses.
+ Removes a lot of locking logic from SantaDecisionManager as the
locking is now handled inside SantaCache and is therefore and is
much more granular.
+ Removes the timed cache expiration for ALLOW decisions. This was
originally to ensure executions were logged regularly but as we're
logging all executions nowadays this is longer particularly useful.
SantaCache's configured load factor and hashing function may need tweaking
over-time but this is already a little faster and uses less memory
than what existed before.
Move common request generating and performing code into a common
superclass.
Add code to handle XSSI in JSON responses and support XSRF
tokens via headers.
Adds tests, finally.
Changes preflight hostname to be long instead of short
Sometimes the GUI isn't running. Sometimes the user is using SSH. Either way, printing a message to the TTY of the parent of the just denied process is user-friendly.
Instead of having santad create a listener for SantaGUI to connect to
and then reverse the client-server relationship, have SantaGUI create an
anonymous listener that it sends to santad using the control interface.
Also add a queue for notifications so that blocks that occur while
SantaGUI isn't running will show up once it starts.
Put a R/W lock around vnode_pid_map_ to prevent use-after-free.
Create SantaPIDAndPPID to use instead of creating and then scanning strings.
Also rename SantaMessage -> SantaCachedDecision, as that's what it is.
This necessitated a large refactoring of a bunch of code, hence being a large commit. This moves all event logging into a separate class, moves logging of executions to be from FileOp events rather than Vnode events (so we can get the argv after the execve call has finished) and implements the logging of cached execs.
