]> git.saurik.com Git - apple/securityd.git/blob - src/connection.h
projects / apple / securityd.git / blob
? search:


03c7dbde2bb2f153745e45497d42133a1f9fe834
[apple/securityd.git] / src / connection.h
1 /*
2 * Copyright (c) 2000-2004 Apple Computer, Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved.
7 *
8 * This file contains Original Code and/or Modifications of Original Code
9 * as defined in and that are subject to the Apple Public Source License
10 * Version 2.0 (the 'License'). You may not use this file except in
11 * compliance with the License. Please obtain a copy of the License at
12 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * file.
14 *
15 * The Original Code and all software distributed under the License are
16 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
17 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
18 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
20 * Please see the License for the specific language governing rights and
21 * limitations under the License.
22 *
23 * @APPLE_LICENSE_HEADER_END@
24 */
25
26
27 //
28 // connection - manage connections to clients
29 //
30 #ifndef _H_CONNECTION
31 #define _H_CONNECTION
32
33 #include "securityserver.h"
34 #include <security_agent_client/agentclient.h>
35 #include <security_cdsa_client/osxsigning.h>
36 #include "process.h"
37 #include "session.h"
38 #include "key.h"
39 #include <string>
40
41 using MachPlusPlus::Port;
42 using MachPlusPlus::TaskPort;
43
44 class Session;
45
46
47 //
48 // A Connection object represents an established connection between a client
49 // and the SecurityServer. Note that in principle, a client process can have
50 // multiple Connections (each represented by an IPC channel), though there will
51 // usually be only one.
52 //
53 class Connection : public PerConnection {
54 typedef Key::Handle KeyHandle;
55 public:
56 Connection(Process &proc, Port rPort);
57 virtual ~Connection();
58 void terminate(); // normal termination
59 void abort(bool keepReplyPort = false); // abnormal termination
60
61 Port clientPort() const { return mClientPort; }
62
63 // work framing - called as work threads pick up connection work
64 void beginWork(); // I've got it
65 void checkWork(); // everything still okay?
66 void endWork(); // Done with this
67
68 // notify that a SecurityAgent call may hang the active worker thread for a while
69 void useAgent(SecurityAgent::Client *client)
70 { StLock<Mutex> _(*this); agentWait = client; }
71
72 // special UI convenience - set a don't-ask-again trigger for Keychain-style ACLs
73 void setAclUpdateTrigger(const SecurityServerAcl &object)
74 { aclUpdateTrigger = &object; aclUpdateTriggerCount = aclUpdateTriggerLimit + 1; }
75 bool aclWasSetForUpdateTrigger(const SecurityServerAcl &object) const
76 { return aclUpdateTriggerCount > 0 && aclUpdateTrigger == &object; }
77
78 Process &process() const { return parent<Process>(); }
79 Session &session() const { return process().session(); }
80
81 private:
82 // peer state: established during connection startup; fixed thereafter
83 Port mClientPort;
84
85 // transient state (altered as we go)
86 enum State {
87 idle, // no thread services us
88 busy, // a thread is busy servicing us
89 dying // busy and scheduled to die as soon as possible
90 } state;
91 SecurityAgent::Client *agentWait; // SA client session we may be waiting on
92
93 // see KeychainPromptAclSubject in acl_keychain.cpp for more information on this
94 const SecurityServerAcl *aclUpdateTrigger; // update trigger set for this (NULL if none)
95 uint8 aclUpdateTriggerCount; // number of back-to-back requests honored
96 static const uint8 aclUpdateTriggerLimit = 3; // 3 calls (getAcl+getOwner+changeAcl)
97 };
98
99
100 #endif //_H_CONNECTION
mirror of securityd