[apple/security.git] / securityd / src / connection.h

/*
 * Copyright (c) 2000-2009 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */


//
// connection - manage connections to clients
//
#ifndef _H_CONNECTION
#define _H_CONNECTION

#include "process.h"
#include "session.h"
#include "notifications.h"
#include <bsm/libbsm.h>     // audit_token_t
#include <string>

using MachPlusPlus::Port;
using MachPlusPlus::TaskPort;

class Session;

// Forward class declaration (defined in agentquery.h, avoid header circularity)
class SecurityAgentXPCConnection;

//
// A Connection object represents an established connection between a client
// and securityd. There is a separate Connection object for each Mach reply port
// that was (ever) used to talk to securityd. In practice, this maps to one reply
// port (and thus one Connection) for each client thread that (ever) talks to securityd.
//
// If a client tricked us into using multiple reply ports from one thread, we'd treat
// them as distinct client threads (which really doesn't much matter to us). The standard
// client library (libsecurityd) won't let you do that.
//
class Connection : public PerConnection, public Listener::JitterBuffer {
public:
	Connection(Process &proc, Port rPort);
	virtual ~Connection();
	void terminate();		// normal termination
	void abort(bool keepReplyPort = false); // abnormal termination
	
    Port clientPort() const	{ return mClientPort; }
	
	// Code Signing guest management - tracks current guest id in client
	SecGuestRef guestRef() const { return mGuestRef; }
	void guestRef(SecGuestRef newGuest, SecCSFlags flags = 0);
    
    audit_token_t *auditToken() const { return mAuditToken; }

	// work framing - called as work threads pick up connection work
	void beginWork(audit_token_t &auditToken);		// I've got it
	void checkWork();		// everything still okay?
	void endWork(CSSM_RETURN &rcode); // Done with this
	
	// notify that a SecurityAgent call may hang the active worker thread for a while
	void useAgent(SecurityAgentXPCConnection *client)
	{ StLock<Mutex> _(*this); agentWait = client; }
	
	// set an overriding CSSM_RETURN to return instead of success
	void overrideReturn(CSSM_RETURN rc) { mOverrideReturn = rc; }
	
	Process &process() const { return parent<Process>(); }
	Session &session() const { return process().session(); }
	
private:
	// peer state: established during connection startup; fixed thereafter
	Port mClientPort;			// client's Mach reply port
	SecGuestRef mGuestRef;		// last known Code Signing guest reference for this client thread
    audit_token_t *mAuditToken;  // in case auditing is required
	CSSM_RETURN mOverrideReturn; // override successful return code (only)
	
	// transient state (altered as we go)
	enum State {
		idle,					// no thread services us
		busy,					// a thread is busy servicing us
		dying					// busy and scheduled to die as soon as possible
	} state;
	SecurityAgentXPCConnection *agentWait;	// SA connection we may be waiting on
};


#endif //_H_CONNECTION
Commit	Line	Data
d8f41ccd A	1	/*
	2	* Copyright (c) 2000-2009 Apple Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24
	25	//
	26	// connection - manage connections to clients
	27	//
	28	#ifndef _H_CONNECTION
	29	#define _H_CONNECTION
	30
	31	#include "process.h"
	32	#include "session.h"
	33	#include "notifications.h"
	34	#include <bsm/libbsm.h> // audit_token_t
	35	#include <string>
	36
	37	using MachPlusPlus::Port;
	38	using MachPlusPlus::TaskPort;
	39
	40	class Session;
	41
fa7225c8 A	42	// Forward class declaration (defined in agentquery.h, avoid header circularity)
fa7225c8 A	43	class SecurityAgentXPCConnection;
d8f41ccd A	44
	45	//
	46	// A Connection object represents an established connection between a client
	47	// and securityd. There is a separate Connection object for each Mach reply port
	48	// that was (ever) used to talk to securityd. In practice, this maps to one reply
	49	// port (and thus one Connection) for each client thread that (ever) talks to securityd.
	50	//
	51	// If a client tricked us into using multiple reply ports from one thread, we'd treat
	52	// them as distinct client threads (which really doesn't much matter to us). The standard
	53	// client library (libsecurityd) won't let you do that.
	54	//
	55	class Connection : public PerConnection, public Listener::JitterBuffer {
	56	public:
	57	Connection(Process &proc, Port rPort);
	58	virtual ~Connection();
	59	void terminate(); // normal termination
	60	void abort(bool keepReplyPort = false); // abnormal termination
	61
	62	Port clientPort() const { return mClientPort; }
	63
	64	// Code Signing guest management - tracks current guest id in client
	65	SecGuestRef guestRef() const { return mGuestRef; }
	66	void guestRef(SecGuestRef newGuest, SecCSFlags flags = 0);
	67
	68	audit_token_t *auditToken() const { return mAuditToken; }
	69
	70	// work framing - called as work threads pick up connection work
	71	void beginWork(audit_token_t &auditToken); // I've got it
	72	void checkWork(); // everything still okay?
	73	void endWork(CSSM_RETURN &rcode); // Done with this
	74
	75	// notify that a SecurityAgent call may hang the active worker thread for a while
fa7225c8	76	void useAgent(SecurityAgentXPCConnection *client)
d8f41ccd A	77	{ StLock<Mutex> _(*this); agentWait = client; }
	78
	79	// set an overriding CSSM_RETURN to return instead of success
	80	void overrideReturn(CSSM_RETURN rc) { mOverrideReturn = rc; }
	81
	82	Process &process() const { return parent<Process>(); }
	83	Session &session() const { return process().session(); }
	84
	85	private:
	86	// peer state: established during connection startup; fixed thereafter
	87	Port mClientPort; // client's Mach reply port
	88	SecGuestRef mGuestRef; // last known Code Signing guest reference for this client thread
	89	audit_token_t *mAuditToken; // in case auditing is required
	90	CSSM_RETURN mOverrideReturn; // override successful return code (only)
	91
	92	// transient state (altered as we go)
	93	enum State {
	94	idle, // no thread services us
	95	busy, // a thread is busy servicing us
	96	dying // busy and scheduled to die as soon as possible
	97	} state;
fa7225c8	98	SecurityAgentXPCConnection *agentWait; // SA connection we may be waiting on
d8f41ccd A	99	};
	100
	101
	102	#endif //_H_CONNECTION