2 * Copyright (c) 2000-2009 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
26 // connection - manage connections to clients
33 #include "notifications.h"
34 #include <bsm/libbsm.h> // audit_token_t
37 using MachPlusPlus::Port
;
38 using MachPlusPlus::TaskPort
;
42 // Forward class declaration (defined in agentquery.h, avoid header circularity)
43 class SecurityAgentXPCConnection
;
46 // A Connection object represents an established connection between a client
47 // and securityd. There is a separate Connection object for each Mach reply port
48 // that was (ever) used to talk to securityd. In practice, this maps to one reply
49 // port (and thus one Connection) for each client thread that (ever) talks to securityd.
51 // If a client tricked us into using multiple reply ports from one thread, we'd treat
52 // them as distinct client threads (which really doesn't much matter to us). The standard
53 // client library (libsecurityd) won't let you do that.
55 class Connection
: public PerConnection
, public Listener::JitterBuffer
{
57 Connection(Process
&proc
, Port rPort
);
58 virtual ~Connection();
59 void terminate(); // normal termination
60 void abort(bool keepReplyPort
= false); // abnormal termination
62 Port
clientPort() const { return mClientPort
; }
64 // Code Signing guest management - tracks current guest id in client
65 SecGuestRef
guestRef() const { return mGuestRef
; }
66 void guestRef(SecGuestRef newGuest
, SecCSFlags flags
= 0);
68 audit_token_t
*auditToken() const { return mAuditToken
; }
70 // work framing - called as work threads pick up connection work
71 void beginWork(audit_token_t
&auditToken
); // I've got it
72 void checkWork(); // everything still okay?
73 void endWork(CSSM_RETURN
&rcode
); // Done with this
75 // notify that a SecurityAgent call may hang the active worker thread for a while
76 void useAgent(SecurityAgentXPCConnection
*client
)
77 { StLock
<Mutex
> _(*this); agentWait
= client
; }
79 // set an overriding CSSM_RETURN to return instead of success
80 void overrideReturn(CSSM_RETURN rc
) { mOverrideReturn
= rc
; }
82 Process
&process() const { return parent
<Process
>(); }
83 Session
&session() const { return process().session(); }
86 // peer state: established during connection startup; fixed thereafter
87 Port mClientPort
; // client's Mach reply port
88 SecGuestRef mGuestRef
; // last known Code Signing guest reference for this client thread
89 audit_token_t
*mAuditToken
; // in case auditing is required
90 CSSM_RETURN mOverrideReturn
; // override successful return code (only)
92 // transient state (altered as we go)
94 idle
, // no thread services us
95 busy
, // a thread is busy servicing us
96 dying
// busy and scheduled to die as soon as possible
98 SecurityAgentXPCConnection
*agentWait
; // SA connection we may be waiting on
102 #endif //_H_CONNECTION
projects / apple / security.git / blob