projects / apple / security.git / blame
| Commit | Line | Data |
|---|---|---|
| d8f41ccd A |
1 | /* |
| 2 | * Copyright (c) 2000-2010,2012-2013 Apple Inc. All Rights Reserved. | |
| 3 | * | |
| 4 | * @APPLE_LICENSE_HEADER_START@ | |
| 5 | * | |
| 6 | * This file contains Original Code and/or Modifications of Original Code | |
| 7 | * as defined in and that are subject to the Apple Public Source License | |
| 8 | * Version 2.0 (the 'License'). You may not use this file except in | |
| 9 | * compliance with the License. Please obtain a copy of the License at | |
| 10 | * http://www.opensource.apple.com/apsl/ and read it before using this | |
| 11 | * file. | |
| 12 | * | |
| 13 | * The Original Code and all software distributed under the License are | |
| 14 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER | |
| 15 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, | |
| 16 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, | |
| 17 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. | |
| 18 | * Please see the License for the specific language governing rights and | |
| 19 | * limitations under the License. | |
| 20 | * | |
| 21 | * @APPLE_LICENSE_HEADER_END@ | |
| 22 | */ | |
| 23 | ||
| 24 | ||
| 25 | // | |
| 26 | // session - authentication session domains | |
| 27 | // | |
| 28 | #ifndef _H_SESSION | |
| 29 | #define _H_SESSION | |
| 30 | ||
| 31 | #include "structure.h" | |
| 32 | #include "acls.h" | |
| 33 | #include "authority.h" | |
| 34 | #include "authhost.h" | |
| 35 | #include <Security/AuthSession.h> | |
| 36 | #include <security_utilities/ccaudit.h> | |
| 37 | #include <security_cdsa_utilities/handletemplates_defs.h> | |
| 38 | #include <security_cdsa_utilities/u32handleobject.h> | |
| 39 | #include <security_cdsa_utilities/cssmdb.h> | |
| 40 | #include <bsm/audit.h> | |
| 41 | #include <bsm/audit_session.h> | |
| 42 | #include <sys/event.h> | |
| 43 | #include "securityd_service/securityd_service/securityd_service_client.h" | |
| 44 | ||
| 45 | class Key; | |
| 46 | class Connection; | |
| 47 | class Server; | |
| 48 | class AuthHostInstance; | |
| 49 | ||
| 50 | enum { | |
| 51 | session_keybag_locked = 0, | |
| 52 | session_keybag_unlocked = 1 << 0, | |
| 53 | session_keybag_check_master_key = 1 << 1, | |
| 54 | session_keybag_loaded = 1 << 2, | |
| 55 | }; | |
| 56 | ||
| 57 | // | |
| 58 | // A Session object represents one or more Connections that are known to | |
| 59 | // belong to the same authentication domain. Informally this means just | |
| 60 | // about "the same user", for the right definition of "user." The upshot | |
| 61 | // is that global credentials can be shared by Connections of one Session | |
| 62 | // with a modicum of security, and so Sessions are the natural nexus of | |
| 63 | // single-sign-on functionality. | |
| 64 | // | |
| 65 | class Session : public PerSession { | |
| 66 | public: | |
| 67 | typedef au_asid_t SessionId; // internal session identifier (audit session id) | |
| 68 | ||
| 69 | Session(const CommonCriteria::AuditInfo &audit, Server &server); | |
| 70 | virtual ~Session(); | |
| 71 | ||
| 72 | Server &server() const; | |
| 73 | ||
| 74 | SessionId sessionId() const { return mAudit.sessionId(); } | |
| 75 | CommonCriteria::AuditInfo &auditInfo() { return mAudit; } | |
| 76 | ||
| 77 | IFDUMP(virtual void dumpNode()); | |
| 78 | ||
| 79 | public: | |
| 80 | static const SessionAttributeBits settableAttributes = | |
| 81 | sessionHasGraphicAccess | sessionHasTTY | sessionIsRemote | AU_SESSION_FLAG_HAS_AUTHENTICATED; | |
| 82 | ||
| 83 | SessionAttributeBits attributes() const { updateAudit(); return mAudit.ai_flags; } | |
| 84 | bool attribute(SessionAttributeBits bits) const { return attributes() & bits; } | |
| 85 | void setAttributes(SessionAttributeBits bits); | |
| 86 | ||
| 87 | virtual void setupAttributes(SessionCreationFlags flags, SessionAttributeBits attrs); | |
| 88 | ||
| 89 | virtual uid_t originatorUid(); | |
| 90 | ||
| 91 | virtual CFDataRef copyUserPrefs() = 0; | |
| 92 | ||
| 93 | static const char kUsername[]; | |
| 94 | static const char kRealname[]; | |
| 95 | ||
| 96 | public: | |
| 97 | const CredentialSet &authCredentials() const { return mSessionCreds; } | |
| 98 | ||
| 99 | // | |
| 100 | // For external Authorization clients | |
| 101 | // | |
| 102 | OSStatus authCreate(const AuthItemSet &rights, const AuthItemSet &environment, | |
| 103 | AuthorizationFlags flags, AuthorizationBlob &newHandle, const audit_token_t &auditToken); | |
| 104 | void authFree(const AuthorizationBlob &auth, AuthorizationFlags flags); | |
| 105 | static OSStatus authGetRights(const AuthorizationBlob &auth, | |
| 106 | const AuthItemSet &requestedRights, const AuthItemSet &environment, | |
| 107 | AuthorizationFlags flags, AuthItemSet &grantedRights); | |
| 108 | OSStatus authGetInfo(const AuthorizationBlob &auth, const char *tag, AuthItemSet &contextInfo); | |
| 109 | ||
| 110 | OSStatus authExternalize(const AuthorizationBlob &auth, AuthorizationExternalForm &extForm); | |
| 111 | OSStatus authInternalize(const AuthorizationExternalForm &extForm, AuthorizationBlob &auth); | |
| 112 | ||
| 113 | OSStatus authorizationdbGet(AuthorizationString inRightName, CFDictionaryRef *rightDict); | |
| 114 | OSStatus authorizationdbSet(const AuthorizationBlob &authBlob, AuthorizationString inRightName, CFDictionaryRef rightDict); | |
| 115 | OSStatus authorizationdbRemove(const AuthorizationBlob &authBlob, AuthorizationString inRightName); | |
| 116 | ||
| 117 | // | |
| 118 | // Authorization methods for securityd's internal use | |
| 119 | // | |
| 120 | OSStatus authCheckRight(string &rightName, Connection &connection, bool allowUI); | |
| 121 | // authCheckRight() with exception-handling and Boolean return semantics | |
| 122 | bool isRightAuthorized(string &rightName, Connection &connection, bool allowUI); | |
| 123 | ||
| 124 | protected: | |
| 125 | void updateAudit() const; | |
| 126 | ||
| 127 | private: | |
| 128 | struct AuthorizationExternalBlob { | |
| 129 | AuthorizationBlob blob; | |
| 130 | uint32_t session; | |
| 131 | }; | |
| 132 | ||
| 133 | protected: | |
| 134 | static AuthorizationToken &authorization(const AuthorizationBlob &blob); | |
| 135 | OSStatus authGetRights(AuthorizationToken &auth, | |
| 136 | const AuthItemSet &requestedRights, const AuthItemSet &environment, | |
| 137 | AuthorizationFlags flags, AuthItemSet &grantedRights); | |
| 138 | void mergeCredentials(CredentialSet &creds); | |
| 139 | ||
| 140 | public: | |
| 141 | void invalidateSessionAuthHosts(); // invalidate auth hosts in this session | |
| 142 | static void invalidateAuthHosts(); // invalidate auth hosts in all sessions | |
| 143 | ||
| 144 | static void processSystemSleep(); | |
| 145 | void processLockAll(); | |
| 146 | ||
| 147 | RefPointer<AuthHostInstance> authhost(const AuthHostType hostType = securityAgent, const bool restart = false); | |
| 148 | ||
| 149 | protected: | |
| 150 | mutable CommonCriteria::AuditInfo mAudit; | |
| 151 | ||
| 152 | mutable Mutex mCredsLock; // lock for mSessionCreds | |
| 153 | CredentialSet mSessionCreds; // shared session authorization credentials | |
| 154 | ||
| 155 | mutable Mutex mAuthHostLock; | |
| 156 | AuthHostInstance *mSecurityAgent; | |
| 157 | AuthHostInstance *mAuthHost; | |
| 158 | ||
| 159 | CFRef<CFDataRef> mSessionAgentPrefs; | |
| 160 | Credential mOriginatorCredential; | |
| 161 | ||
| 162 | void kill(); | |
| 163 | ||
| 164 | public: | |
| 165 | void verifyKeyStorePassphrase(int32_t retries); | |
| 166 | void changeKeyStorePassphrase(); | |
| 167 | void resetKeyStorePassphrase(const CssmData &passphrase); | |
| 168 | service_context_t get_current_service_context(); | |
| 169 | void keybagClearState(int state); | |
| 170 | void keybagSetState(int state); | |
| 171 | bool keybagGetState(int state); | |
| 172 | private: | |
| 173 | int mKeybagState; | |
| 174 | ||
| 175 | public: | |
| 176 | static Session &find(SessionId id, bool create); // find and optionally create | |
| 177 | template <class SessionType> static SessionType &find(SecuritySessionId id); | |
| 178 | static void destroy(SessionId id); | |
| 179 | ||
| 180 | protected: | |
| 181 | typedef std::map<SessionId, RefPointer<Session> > SessionMap; | |
| 182 | static SessionMap mSessions; | |
| 183 | static Mutex mSessionLock; | |
| 184 | }; | |
| 185 | ||
| 186 | ||
| 187 | template <class SessionType> | |
| 188 | SessionType &Session::find(SecuritySessionId id) | |
| 189 | { | |
| 190 | if (SessionType *ssn = dynamic_cast<SessionType *>(&find(id, false))) | |
| 191 | return *ssn; | |
| 192 | else | |
| 193 | MacOSError::throwMe(errSessionInvalidId); | |
| 194 | } | |
| 195 | ||
| 196 | ||
| 197 | // | |
| 198 | // The RootSession is the session of all code that originates from system startup processing | |
| 199 | // and does not belong to any particular login origin. (Or, if you prefer, whose login origin | |
| 200 | // is the system itself.) | |
| 201 | // | |
| 202 | class RootSession : public Session { | |
| 203 | public: | |
| 204 | RootSession(uint64_t attributes, Server &server); | |
| 205 | ||
| 206 | CFDataRef copyUserPrefs() { return NULL; } | |
| 207 | }; | |
| 208 | ||
| 209 | ||
| 210 | // | |
| 211 | // A DynamicSession object represents a session that is dynamically constructed | |
| 212 | // when we first encounter it. These sessions are actually created in client | |
| 213 | // space using the audit session APIs. | |
| 214 | // We tear down a DynamicSession when the system reports (via kevents) that the | |
| 215 | // kernel audit session object has been destroyed. | |
| 216 | // | |
| 217 | class DynamicSession : private ReceivePort, public Session { | |
| 218 | public: | |
| 219 | DynamicSession(const CommonCriteria::AuditInfo &audit); | |
| 220 | ||
| 221 | void setUserPrefs(CFDataRef userPrefsDict); | |
| 222 | CFDataRef copyUserPrefs(); | |
| 223 | }; | |
| 224 | ||
| 225 | ||
| 226 | #endif //_H_SESSION |