2 * Copyright (c) 2000-2004 Apple Computer, Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved.
8 * This file contains Original Code and/or Modifications of Original Code
9 * as defined in and that are subject to the Apple Public Source License
10 * Version 2.0 (the 'License'). You may not use this file except in
11 * compliance with the License. Please obtain a copy of the License at
12 * http://www.opensource.apple.com/apsl/ and read it before using this
15 * The Original Code and all software distributed under the License are
16 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
17 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
18 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
20 * Please see the License for the specific language governing rights and
21 * limitations under the License.
23 * @APPLE_LICENSE_HEADER_END@
28 // process - track a single client process and its belongings
33 #include "securityserver.h"
34 #include "structure.h"
35 #include <security_agent_client/agentclient.h>
36 #include <security_utilities/refcount.h>
38 #include "codesigdb.h"
39 #include "notifications.h"
42 using MachPlusPlus::Port
;
43 using MachPlusPlus::TaskPort
;
47 class AuthorizationToken
;
51 // A Process object represents a UNIX process (and associated Mach Task) that has
52 // had contact with us and may have some state associated with it.
54 class Process
: public PerProcess
, public CodeSignatures::Identity
{
56 Process(Port servicePort
, TaskPort tPort
,
57 const ClientSetupInfo
*info
, const char *identity
,
58 uid_t uid
, gid_t gid
);
61 uid_t
uid() const { return mUid
; }
62 gid_t
gid() const { return mGid
; }
63 pid_t
pid() const { return mPid
; }
64 TaskPort
taskPort() const { return mTaskPort
; }
65 bool byteFlipped() const { return mByteFlipped
; }
67 CodeSigning::OSXCode
*clientCode() const { return (mClientIdent
== unknown
) ? NULL
: mClientCode
; }
69 void addAuthorization(AuthorizationToken
*auth
);
70 void checkAuthorization(AuthorizationToken
*auth
);
71 bool removeAuthorization(AuthorizationToken
*auth
);
74 void changeSession(Port servicePort
);
76 void requestNotifications(Port port
, NotificationDomain domain
, NotificationMask events
);
77 void stopNotifications(Port port
);
79 Session
& session() const;
81 Database
&localStore();
83 // aclSequence is taken to serialize ACL validations to pick up mutual changes
86 IFDUMP(void dumpNode());
89 std::string
getPath() const;
90 const CssmData
getHash(CodeSigning::OSXSigner
&signer
) const;
93 // peer state: established during connection startup; fixed thereafter
94 TaskPort mTaskPort
; // task port
95 bool mByteFlipped
; // client's byte order is reverse of ours
96 pid_t mPid
; // process id
97 uid_t mUid
; // UNIX uid credential
98 gid_t mGid
; // primary UNIX gid credential
100 RefPointer
<CodeSigning::OSXCode
> mClientCode
; // code object for client (NULL if unknown)
101 mutable enum { deferred
, known
, unknown
} mClientIdent
; // state of client identity
102 mutable auto_ptr
<CodeSigning::Signature
> mCachedSignature
; // cached signature (if already known)
104 // authorization dictionary
105 typedef multiset
<AuthorizationToken
*> AuthorizationSet
;
106 AuthorizationSet mAuthorizations
; // set of valid authorizations for process
108 // canonical local (transient) key store
109 RefPointer
<LocalDatabase
> mLocalStore
;
114 // Convenience comparison
116 inline bool operator == (Process
&p1
, Process
&p2
)
projects / apple / securityd.git / blob