2 * Copyright (c) 2000-2004 Apple Computer, Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved.
8 * This file contains Original Code and/or Modifications of Original Code
9 * as defined in and that are subject to the Apple Public Source License
10 * Version 2.0 (the 'License'). You may not use this file except in
11 * compliance with the License. Please obtain a copy of the License at
12 * http://www.opensource.apple.com/apsl/ and read it before using this
15 * The Original Code and all software distributed under the License are
16 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
17 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
18 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
20 * Please see the License for the specific language governing rights and
21 * limitations under the License.
23 * @APPLE_LICENSE_HEADER_END@
28 // session - authentication session domains
33 #include "securityserver.h"
34 #include "structure.h"
36 #include "authority.h"
37 #include <Security/AuthSession.h>
38 #include <security_cdsa_utilities/handleobject.h>
39 #include <security_cdsa_utilities/cssmdb.h>
42 #include <ext/hash_map>
43 using __gnu_cxx::hash_map
;
54 // A Session object represents one or more Connections that are known to
55 // belong to the same authentication domain. Informally this means just
56 // about "the same user", for the right definition of "user." The upshot
57 // is that global credentials can be shared by Connections of one Session
58 // with a modicum of security, and so Sessions are the natural nexus of
59 // single-sign-on functionality.
61 class Session
: public HandleObject
, public PerSession
{
63 typedef MachPlusPlus::Bootstrap Bootstrap
;
65 Session(Bootstrap bootstrap
, Port servicePort
, SessionAttributeBits attrs
= 0);
68 Bootstrap
bootstrapPort() const { return mBootstrap
; }
69 Port
servicePort() const { return mServicePort
; }
71 virtual void release();
73 IFDUMP(virtual void dumpNode());
76 static const SessionAttributeBits settableAttributes
=
77 sessionHasGraphicAccess
| sessionHasTTY
| sessionIsRemote
;
79 SessionAttributeBits
attributes() const { return mAttributes
; }
80 bool attribute(SessionAttributeBits bits
) const { return mAttributes
& bits
; }
82 static void setup(SessionCreationFlags flags
, SessionAttributeBits attrs
);
83 void setupAttributes(SessionAttributeBits attrs
);
86 void setAttributes(SessionAttributeBits attrs
) { mAttributes
|= attrs
; }
89 const CredentialSet
&authCredentials() const { return mSessionCreds
; }
91 OSStatus
authCreate(const AuthItemSet
&rights
, const AuthItemSet
&environment
,
92 AuthorizationFlags flags
, AuthorizationBlob
&newHandle
, const security_token_t
&securityToken
);
93 void authFree(const AuthorizationBlob
&auth
, AuthorizationFlags flags
);
94 OSStatus
authGetRights(const AuthorizationBlob
&auth
,
95 const AuthItemSet
&requestedRights
, const AuthItemSet
&environment
,
96 AuthorizationFlags flags
, AuthItemSet
&grantedRights
);
97 OSStatus
authGetInfo(const AuthorizationBlob
&auth
, const char *tag
, AuthItemSet
&contextInfo
);
99 OSStatus
authExternalize(const AuthorizationBlob
&auth
, AuthorizationExternalForm
&extForm
);
100 OSStatus
authInternalize(const AuthorizationExternalForm
&extForm
, AuthorizationBlob
&auth
);
102 OSStatus
authorizationdbGet(AuthorizationString inRightName
, CFDictionaryRef
*rightDict
);
103 OSStatus
authorizationdbSet(const AuthorizationBlob
&authBlob
, AuthorizationString inRightName
, CFDictionaryRef rightDict
);
104 OSStatus
authorizationdbRemove(const AuthorizationBlob
&authBlob
, AuthorizationString inRightName
);
107 struct AuthorizationExternalBlob
{
108 AuthorizationBlob blob
;
113 AuthorizationToken
&authorization(const AuthorizationBlob
&blob
);
114 void mergeCredentials(CredentialSet
&creds
);
117 static Session
&find(Port servPort
);
118 static Session
&find(SecuritySessionId id
);
119 static void destroy(Port servPort
);
121 static void processSystemSleep();
124 mutable Mutex mLock
; // object lock
126 Bootstrap mBootstrap
; // session bootstrap port
127 Port mServicePort
; // SecurityServer service port for this session
128 SessionAttributeBits mAttributes
; // attribute bits (see AuthSession.h)
129 bool mDying
; // session is dying
131 mutable Mutex mCredsLock
; // lock for mSessionCreds
132 CredentialSet mSessionCreds
; // shared session authorization credentials
137 static PortMap
<Session
> mSessions
;
142 // The RootSession is the session (i.e. bootstrap dictionary) of system daemons that are
143 // started early and don't belong to anything more restrictive. The RootSession is considered
145 // Currently, telnet sessions et al also default into this session, but this will change
148 class RootSession
: public Session
{
150 RootSession(Port servicePort
, SessionAttributeBits attrs
= 0);
155 // A DynamicSession is the default type of session object. We create one when a new
156 // Connection initializes whose bootstrap port we haven't seen before. These Sessions
157 // are torn down when their bootstrap object disappears (which happens when mach_init
158 // destroys it due to its requestor referent vanishing).
160 class DynamicSession
: private ReceivePort
, public Session
{
162 DynamicSession(const Bootstrap
&bootstrap
);
projects / apple / securityd.git / blob