src/session.h

   1 /*
   2  * Copyright (c) 2000-2004,2008 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24
  25 //
  26 // session - authentication session domains
  27 //
  28 #ifndef _H_SESSION
  29 #define _H_SESSION
  30
  31 #include "structure.h"
  32 #include "acls.h"
  33 #include "authority.h"
  34 #include "authhost.h"
  35 #include <Security/AuthSession.h>
  36 #include <security_cdsa_utilities/handletemplates_defs.h>
  37 #include <security_cdsa_utilities/u32handleobject.h>
  38 #include <security_cdsa_utilities/cssmdb.h>
  39
  40 #if __GNUC__ > 2
  41 #include <ext/hash_map>
  42 using __gnu_cxx::hash_map;
  43 #else
  44 #include <hash_map>
  45 #endif
  46
  47
  48 class Key;
  49 class Connection;
  50 class Server;
  51 class AuthHostInstance;
  52
  53 //
  54 // A Session object represents one or more Connections that are known to
  55 // belong to the same authentication domain. Informally this means just
  56 // about "the same user", for the right definition of "user." The upshot
  57 // is that global credentials can be shared by Connections of one Session
  58 // with a modicum of security, and so Sessions are the natural nexus of
  59 // single-sign-on functionality.
  60 //
  61 class Session : public U32HandleObject, public PerSession {
  62 public:
  63     typedef MachPlusPlus::Bootstrap Bootstrap;
  64
  65     Session(Bootstrap bootstrap, Port servicePort, SessionAttributeBits attrs = 0);
  66         virtual ~Session();
  67
  68     Bootstrap bootstrapPort() const             { return mBootstrap; }
  69         Port servicePort() const                        { return mServicePort; }
  70
  71         IFDUMP(virtual void dumpNode());
  72
  73 public:
  74     static const SessionAttributeBits settableAttributes =
  75         sessionHasGraphicAccess | sessionHasTTY | sessionIsRemote;
  76
  77     SessionAttributeBits attributes() const                     { return mAttributes; }
  78     bool attribute(SessionAttributeBits bits) const     { return mAttributes & bits; }
  79
  80     virtual void setupAttributes(SessionCreationFlags flags, SessionAttributeBits attrs);
  81
  82         virtual bool haveOriginatorUid() const = 0;
  83         virtual uid_t originatorUid() const = 0;
  84     Credential originatorCredential() const { return mOriginatorCredential; }
  85
  86         virtual CFDataRef copyUserPrefs() = 0;
  87
  88         static std::string kUsername;
  89     static std::string kRealname;
  90
  91 protected:
  92     void setAttributes(SessionAttributeBits attrs)      { mAttributes |= attrs; }
  93
  94 public:
  95         const CredentialSet &authCredentials() const    { return mSessionCreds; }
  96
  97     //
  98     // For external Authorization clients
  99     //
 100         OSStatus authCreate(const AuthItemSet &rights, const AuthItemSet &environment,
 101                 AuthorizationFlags flags, AuthorizationBlob &newHandle, const audit_token_t &auditToken);
 102         void authFree(const AuthorizationBlob &auth, AuthorizationFlags flags);
 103         static OSStatus authGetRights(const AuthorizationBlob &auth,
 104                 const AuthItemSet &requestedRights, const AuthItemSet &environment,
 105                 AuthorizationFlags flags, AuthItemSet &grantedRights);
 106         OSStatus authGetInfo(const AuthorizationBlob &auth, const char *tag, AuthItemSet &contextInfo);
 107
 108         OSStatus authExternalize(const AuthorizationBlob &auth, AuthorizationExternalForm &extForm);
 109         OSStatus authInternalize(const AuthorizationExternalForm &extForm, AuthorizationBlob &auth);
 110
 111         OSStatus authorizationdbGet(AuthorizationString inRightName, CFDictionaryRef *rightDict);
 112         OSStatus authorizationdbSet(const AuthorizationBlob &authBlob, AuthorizationString inRightName, CFDictionaryRef rightDict);
 113         OSStatus authorizationdbRemove(const AuthorizationBlob &authBlob, AuthorizationString inRightName);
 114
 115     //
 116     // Authorization methods for securityd's internal use
 117     //
 118     OSStatus authCheckRight(string &rightName, Connection &connection, bool allowUI);
 119     // authCheckRight() with exception-handling and Boolean return semantics
 120     bool isRightAuthorized(string &rightName, Connection &connection, bool allowUI);
 121
 122 private:
 123     struct AuthorizationExternalBlob {
 124         AuthorizationBlob blob;
 125         mach_port_t session;
 126     };
 127
 128 protected:
 129     static AuthorizationToken &authorization(const AuthorizationBlob &blob);
 130         OSStatus authGetRights(AuthorizationToken &auth,
 131                 const AuthItemSet &requestedRights, const AuthItemSet &environment,
 132                 AuthorizationFlags flags, AuthItemSet &grantedRights);
 133         void mergeCredentials(CredentialSet &creds);
 134
 135 public:
 136     static Session &find(Port servPort);
 137     static Session &find(SecuritySessionId id);
 138         template <class SessionType> static SessionType &find(SecuritySessionId id);
 139     static void destroy(Port servPort);
 140     void invalidateSessionAuthHosts();      // invalidate auth hosts in this session
 141     static void invalidateAuthHosts();      // invalidate auth hosts in all sessions
 142
 143         static void processSystemSleep();
 144         void processLockAll();
 145
 146         RefPointer<AuthHostInstance> authhost(const AuthHostType hostType = securityAgent, const bool restart = false);
 147
 148 protected:
 149     Bootstrap mBootstrap;                       // session bootstrap port
 150         Port mServicePort;                              // SecurityServer service port for this session
 151     SessionAttributeBits mAttributes; // attribute bits (see AuthSession.h)
 152
 153     mutable Mutex mCredsLock;   // lock for mSessionCreds
 154         CredentialSet mSessionCreds;    // shared session authorization credentials
 155
 156         mutable Mutex mAuthHostLock;
 157         AuthHostInstance *mSecurityAgent;
 158         AuthHostInstance *mAuthHost;
 159
 160         CFRef<CFDataRef> mSessionAgentPrefs;
 161     Credential mOriginatorCredential;
 162
 163         void kill();
 164
 165 protected:
 166         static PortMap<Session> mSessions;
 167 };
 168
 169 template <class SessionType>
 170 SessionType &Session::find(SecuritySessionId id)
 171 {
 172         if (SessionType *ssn = dynamic_cast<SessionType *>(&find(id)))
 173                 return *ssn;
 174         else
 175                 MacOSError::throwMe(errSessionInvalidId);
 176 }
 177
 178
 179 //
 180 // The RootSession is the session (i.e. bootstrap dictionary) of system daemons that are
 181 // started early and don't belong to anything more restrictive. The RootSession is considered
 182 // immortal.
 183 // Currently, telnet sessions et al also default into this session, but this will change
 184 // (we hope).
 185 //
 186 class RootSession : public Session {
 187 public:
 188     RootSession(Server &server, SessionAttributeBits attrs = 0);
 189
 190         bool haveOriginatorUid() const          { return true; }
 191         uid_t originatorUid() const         { return 0; }
 192         CFDataRef copyUserPrefs()           { return NULL; }
 193 };
 194
 195
 196 //
 197 // A DynamicSession is the default type of session object. We create one when a new
 198 // Connection initializes whose bootstrap port we haven't seen before. These Sessions
 199 // are torn down when their bootstrap object disappears (which happens when mach_init
 200 // destroys it due to its requestor referent vanishing).
 201 //
 202 class DynamicSession : private ReceivePort, public Session {
 203 public:
 204     DynamicSession(TaskPort taskPort);
 205         ~DynamicSession();
 206
 207         void setupAttributes(SessionCreationFlags flags, SessionAttributeBits attrs);
 208
 209         bool haveOriginatorUid() const                                  { return mHaveOriginatorUid; }
 210         uid_t originatorUid() const;
 211         void originatorUid(uid_t uid);
 212         void setUserPrefs(CFDataRef userPrefsDict);
 213         CFDataRef copyUserPrefs();
 214
 215 protected:
 216         void checkOriginator();                 // fail unless current process is originator
 217         void kill();                                    // augment parent's kill
 218
 219 private:
 220         Port mOriginatorTask;                   // originating process's task port
 221         bool mHaveOriginatorUid;                // originator uid was set by session originator
 222         uid_t mOriginatorUid;                   // uid as set by session originator
 223 };
 224
 225
 226 #endif //_H_SESSION