]> git.saurik.com Git - apple/security.git/blob - SecurityServer/connection.h
Security-30.1.tar.gz
[apple/security.git] / SecurityServer / connection.h
1 /*
2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 //
20 // connection - manage connections to clients
21 //
22 #ifndef _H_CONNECTION
23 #define _H_CONNECTION
24
25 #include "securityserver.h"
26 #include "SecurityAgentClient.h"
27 #include <Security/osxsigning.h>
28 #include "process.h"
29 #include "key.h"
30 #include <string>
31
32 using MachPlusPlus::Port;
33 using MachPlusPlus::TaskPort;
34
35 class Session;
36
37
38 //
39 // A Connection object represents an established connection between a client
40 // and the SecurityServer. Note that in principle, a client process can have
41 // multiple Connections (each represented by an IPC channel), though there will
42 // usually be only one.
43 //
44 class Connection {
45 typedef Key::Handle KeyHandle;
46 public:
47 Connection(Process &proc, Port rPort);
48 virtual ~Connection();
49 void terminate(); // normal termination
50 bool abort(bool keepReplyPort = false); // abnormal termination
51
52 Port clientPort() const { return mClientPort; }
53
54 // work framing - called as work threads pick up connection work
55 void beginWork(); // I've got it
56 void checkWork(); // everything still okay?
57 bool endWork(); // Done with this
58
59 // notify that a SecurityAgent call may hang the active worker thread for a while
60 void useAgent(SecurityAgent::Client *client)
61 { StLock<Mutex> _(lock); agentWait = client; }
62
63 // special UI convenience - set a don't-ask-again trigger for Keychain-style ACLs
64 void setAclUpdateTrigger(const SecurityServerAcl &object)
65 { aclUpdateTrigger = &object; aclUpdateTriggerCount = aclUpdateTriggerLimit + 1; }
66 bool aclWasSetForUpdateTrigger(const SecurityServerAcl &object) const
67 { return aclUpdateTriggerCount > 0 && aclUpdateTrigger == &object; }
68
69 Process &process;
70
71 public:
72 void releaseKey(KeyHandle key);
73
74 // service calls
75 void generateSignature(const Context &context, Key &key,
76 const CssmData &data, CssmData &signature);
77 void verifySignature(const Context &context, Key &key,
78 const CssmData &data, const CssmData &signature);
79 void generateMac(const Context &context, Key &key,
80 const CssmData &data, CssmData &mac);
81 void verifyMac(const Context &context, Key &key,
82 const CssmData &data, const CssmData &mac);
83
84 void encrypt(const Context &context, Key &key, const CssmData &clear, CssmData &cipher);
85 void decrypt(const Context &context, Key &key, const CssmData &cipher, CssmData &clear);
86
87 void generateKey(Database *db, const Context &context,
88 const AccessCredentials *cred, const AclEntryPrototype *owner,
89 uint32 usage, uint32 attrs, Key * &newKey);
90 void generateKey(Database *db, const Context &context,
91 const AccessCredentials *cred, const AclEntryPrototype *owner,
92 uint32 pubUsage, uint32 pubAttrs, uint32 privUsage, uint32 privAttrs,
93 Key * &publicKey, Key * &privateKey);
94
95 void wrapKey(const Context &context, Key *key,
96 Key &keyToBeWrapped, const AccessCredentials *cred,
97 const CssmData &descriptiveData, CssmKey &wrappedKey);
98 Key &unwrapKey(Database *db, const Context &context, Key *key,
99 const AccessCredentials *cred, const AclEntryPrototype *owner,
100 uint32 usage, uint32 attrs, const CssmKey wrappedKey,
101 Key *publicKey, CssmData *descriptiveData);
102
103 private:
104 // peer state: established during connection startup; fixed thereafter
105 Port mClientPort;
106
107 // transient state (altered as we go)
108 Mutex lock;
109 enum State {
110 idle, // no thread services us
111 busy, // a thread is busy servicing us
112 dying // busy and scheduled to die as soon as possible
113 } state;
114 SecurityAgent::Client *agentWait; // SA client session we may be waiting on
115
116 // see KeychainPromptAclSubject in acl_keychain.cpp for more information on this
117 const SecurityServerAcl *aclUpdateTrigger; // update trigger set for this (NULL if none)
118 uint8 aclUpdateTriggerCount; // number of back-to-back requests honored
119 static const uint8 aclUpdateTriggerLimit = 2; // two subsequent calls (getAcl + changeAcl)
120 };
121
122
123 #endif //_H_CONNECTION