src/process.h

   1 /*
   2  * Copyright (c) 2000-2004 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24
  25 //
  26 // process - track a single client process and its belongings
  27 //
  28 #ifndef _H_PROCESS
  29 #define _H_PROCESS
  30
  31 #include "structure.h"
  32 #include <security_agent_client/agentclient.h>
  33 #include <security_utilities/refcount.h>
  34 #include <security_utilities/ccaudit.h>
  35 #include "localkey.h"
  36 #include "codesigdb.h"
  37 #include "notifications.h"
  38 #include <string>
  39
  40 using MachPlusPlus::Port;
  41 using MachPlusPlus::TaskPort;
  42
  43 class Session;
  44 class LocalDatabase;
  45 class AuthorizationToken;
  46
  47
  48 //
  49 // A Process object represents a UNIX process (and associated Mach Task) that has
  50 // had contact with us and may have some state associated with it.
  51 //
  52 class Process : public PerProcess, public CodeSignatures::Identity {
  53 public:
  54         Process(Port servicePort, TaskPort tPort,
  55                 const ClientSetupInfo *info, const char *identity,
  56                 const CommonCriteria::AuditToken &audit);
  57         virtual ~Process();
  58
  59         void reset(Port servicePort, TaskPort tPort,
  60                 const ClientSetupInfo *info, const char *identity,
  61                 const CommonCriteria::AuditToken &audit);
  62
  63     uid_t uid() const                   { return mUid; }
  64     gid_t gid() const                   { return mGid; }
  65     pid_t pid() const                   { return mPid; }
  66     TaskPort taskPort() const   { return mTaskPort; }
  67         bool byteFlipped() const        { return mByteFlipped; }
  68
  69         OSXCode *clientCode() const { return (mClientIdent == unknown) ? NULL : mClientCode; }
  70
  71         void addAuthorization(AuthorizationToken *auth);
  72         void checkAuthorization(AuthorizationToken *auth);
  73         bool removeAuthorization(AuthorizationToken *auth);
  74
  75         using PerProcess::kill;
  76         void kill();
  77
  78         void changeSession(Port servicePort);   // very special indeed
  79
  80     void requestNotifications(Port port, NotificationDomain domain, NotificationMask events);
  81     void stopNotifications(Port port);
  82
  83         Session& session() const;
  84
  85         LocalDatabase &localStore();
  86         Key *makeTemporaryKey(const CssmKey &key, CSSM_KEYATTR_FLAGS moreAttributes,
  87                 const AclEntryPrototype *owner);
  88
  89         // aclSequence is taken to serialize ACL validations to pick up mutual changes
  90         Mutex aclSequence;
  91
  92         IFDUMP(void dumpNode());
  93
  94 protected:
  95         std::string getPath() const;
  96         const CssmData getHash(CodeSigning::OSXSigner &signer) const;
  97
  98         void setup(const ClientSetupInfo *info, const char *identity);
  99
 100 private:
 101         // peer state: established during connection startup; fixed thereafter
 102     TaskPort mTaskPort;                                 // task port
 103         bool mByteFlipped;                                      // client's byte order is reverse of ours
 104     pid_t mPid;                                                 // process id
 105     uid_t mUid;                                                 // UNIX uid credential
 106     gid_t mGid;                                                 // primary UNIX gid credential
 107
 108         RefPointer<OSXCode> mClientCode; // code object for client (NULL if unknown)
 109         mutable enum { deferred, known, unknown } mClientIdent; // state of client identity
 110         mutable auto_ptr<CodeSigning::Signature> mCachedSignature; // cached signature (if already known)
 111
 112         // authorization dictionary
 113         typedef multiset<AuthorizationToken *> AuthorizationSet;
 114         AuthorizationSet mAuthorizations;       // set of valid authorizations for process
 115
 116         // canonical local (transient) key store
 117         RefPointer<LocalDatabase> mLocalStore;
 118 };
 119
 120
 121 //
 122 // Convenience comparison
 123 //
 124 inline bool operator == (const Process &p1, const Process &p2)
 125 {
 126         return &p1 == &p2;
 127 }
 128
 129
 130 #endif //_H_PROCESS