]> git.saurik.com Git - apple/securityd.git/blob - src/server.h
projects / apple / securityd.git / blob
? search:


64a137358adcfa9765f9b735fdc5931bc370e784
[apple/securityd.git] / src / server.h
1 /*
2 * Copyright (c) 2000-2004 Apple Computer, Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved.
7 *
8 * This file contains Original Code and/or Modifications of Original Code
9 * as defined in and that are subject to the Apple Public Source License
10 * Version 2.0 (the 'License'). You may not use this file except in
11 * compliance with the License. Please obtain a copy of the License at
12 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * file.
14 *
15 * The Original Code and all software distributed under the License are
16 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
17 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
18 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
20 * Please see the License for the specific language governing rights and
21 * limitations under the License.
22 *
23 * @APPLE_LICENSE_HEADER_END@
24 */
25
26
27 //
28 // server - the actual Server object
29 //
30 #ifndef _H_SERVER
31 #define _H_SERVER
32
33 #include "securityserver.h"
34 #include "structure.h"
35 #include <security_utilities/machserver.h>
36 #include <security_utilities/powerwatch.h>
37 #include <security_cdsa_client/cssmclient.h>
38 #include <security_cdsa_client/cspclient.h>
39 #include <security_cdsa_client/osxsigner.h>
40 #include <security_utilities/devrandom.h>
41 #include <security_cdsa_utilities/uniformrandom.h>
42 #include "codesigdb.h"
43 #include "connection.h"
44 #include "key.h"
45 #include "database.h"
46 #include "localdatabase.h"
47 #include "kcdatabase.h"
48 #include "authority.h"
49 #include "AuthorizationEngine.h"
50 #include <map>
51
52 #define EQUIVALENCEDBPATH "/var/db/CodeEquivalenceDatabase"
53
54 //
55 // The authority itself. You will usually only have one of these.
56 //
57 class Authority : public Authorization::Engine {
58 public:
59 Authority(const char *configFile);
60 ~Authority();
61 };
62
63 class Server : public PerGlobal,
64 public MachPlusPlus::MachServer,
65 public UniformRandomBlobs<DevRandomGenerator> {
66 public:
67 Server(Authority &myAuthority, CodeSignatures &signatures, const char *bootstrapName);
68 ~Server();
69
70 // run the server until it shuts down
71 void run();
72
73 //
74 // Retrieve pieces of the Server's object web.
75 // These are all static methods that use the active() Server of this thread.
76 //
77 static Server &active() { return safer_cast<Server &>(MachServer::active()); }
78 static const char *bootstrapName() { return active().mBootstrapName.c_str(); }
79
80 static Connection &connection(mach_port_t replyPort);
81 static Connection &connection(bool tolerant = false);
82 static void requestComplete();
83
84 static Process &process();
85 static Session &session();
86
87 static RefPointer<Key> key(KeyHandle key);
88 static RefPointer<Key> optionalKey(KeyHandle k) { return (k == noKey) ? NULL : key(k); }
89 static RefPointer<Database> database(DbHandle db);
90 static RefPointer<KeychainDatabase> keychain(DbHandle db);
91 static RefPointer<Database> optionalDatabase(DbHandle db);
92 static Authority &authority() { return active().mAuthority; }
93 static CodeSignatures &codeSignatures() { return active().mCodeSignatures; }
94 static SecurityServerAcl &aclBearer(AclKind kind, CSSM_HANDLE handle);
95 static CssmClient::CSP &csp() { return active().getCsp(); }
96
97 void loadCssm();
98
99 public:
100 // set up a new connection
101 enum ConnectLevel {
102 connectNewSession,
103 connectNewProcess,
104 connectNewThread
105 };
106 void setupConnection(ConnectLevel type, Port servicePort, Port replyPort, Port taskPort,
107 const security_token_t &securityToken,
108 const ClientSetupInfo *info = NULL, const char *executablePath = NULL);
109
110 void endConnection(Port replyPort);
111
112 static void releaseWhenDone(Allocator &alloc, void *memory)
113 { MachServer::active().releaseWhenDone(alloc, memory); }
114 static void releaseWhenDone(void *memory)
115 { releaseWhenDone(Allocator::standard(), memory); }
116
117 protected:
118 // implementation methods of MachServer
119 boolean_t handle(mach_msg_header_t *in, mach_msg_header_t *out);
120 void notifyDeadName(Port port);
121 void notifyNoSenders(Port port, mach_port_mscount_t);
122
123 private:
124 class SleepWatcher : public MachPlusPlus::PortPowerWatcher {
125 public:
126 void systemWillSleep();
127 };
128 SleepWatcher sleepWatcher;
129
130 private:
131 // mach bootstrap registration name
132 std::string mBootstrapName;
133
134 // connection map (by client reply port)
135 PortMap<Connection> mConnections;
136
137 // process map (by process task port)
138 PortMap<Process> mProcesses;
139
140 // Current connection, if any (per thread).
141 // Set as a side effect of calling connection(mach_port_t)
142 // and returned by connection(bool).
143 ThreadNexus<RefPointer<Connection> > mCurrentConnection;
144
145 // CSSM components
146 CssmClient::Cssm mCssm; // CSSM instance
147 CssmClient::Module mCSPModule; // CSP module
148 CssmClient::CSP mCSP; // CSP attachment
149 CssmClient::CSP &getCsp(); // lazily initialize, then return CSP attachment
150
151 Authority &mAuthority;
152 CodeSignatures &mCodeSignatures;
153 };
154
155 #endif //_H_SERVER
mirror of securityd