2 * Copyright (c) 2000-2007 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
26 // connection - manage connections to clients
31 #include <security_agent_client/agentclient.h>
34 #include "notifications.h"
37 using MachPlusPlus::Port
;
38 using MachPlusPlus::TaskPort
;
44 // A Connection object represents an established connection between a client
45 // and securityd. There is a separate Connection object for each Mach reply port
46 // that was (ever) used to talk to securityd. In practice, this maps to one reply
47 // port (and thus one Connection) for each client thread that (ever) talks to securityd.
49 // If a client tricked us into using multiple reply ports from one thread, we'd treat
50 // them as distinct client threads (which really doesn't much matter to us). The standard
51 // client library (libsecurityd) won't let you do that.
53 class Connection
: public PerConnection
, public Listener::JitterBuffer
{
55 Connection(Process
&proc
, Port rPort
);
56 virtual ~Connection();
57 void terminate(); // normal termination
58 void abort(bool keepReplyPort
= false); // abnormal termination
60 Port
clientPort() const { return mClientPort
; }
62 // Code Signing guest management - tracks current guest id in client
63 SecGuestRef
guestRef() const { return mGuestRef
; }
64 void guestRef(SecGuestRef newGuest
, SecCSFlags flags
= 0);
66 // work framing - called as work threads pick up connection work
67 void beginWork(); // I've got it
68 void checkWork(); // everything still okay?
69 void endWork(CSSM_RETURN
&rcode
); // Done with this
71 // notify that a SecurityAgent call may hang the active worker thread for a while
72 void useAgent(SecurityAgent::Client
*client
)
73 { StLock
<Mutex
> _(*this); agentWait
= client
; }
75 // set an overriding CSSM_RETURN to return instead of success
76 void overrideReturn(CSSM_RETURN rc
) { mOverrideReturn
= rc
; }
78 Process
&process() const { return parent
<Process
>(); }
79 Session
&session() const { return process().session(); }
82 // peer state: established during connection startup; fixed thereafter
83 Port mClientPort
; // client's Mach reply port
84 SecGuestRef mGuestRef
; // last known Code Signing guest reference for this client thread
85 CSSM_RETURN mOverrideReturn
; // override successful return code (only)
87 // transient state (altered as we go)
89 idle
, // no thread services us
90 busy
, // a thread is busy servicing us
91 dying
// busy and scheduled to die as soon as possible
93 SecurityAgent::Client
*agentWait
; // SA client session we may be waiting on
97 #endif //_H_CONNECTION
projects / apple / securityd.git / blob