securityd-55199.3.tar.gz

[apple/securityd.git] / src / connection.cpp

diff --git a/src/connection.cpp b/src/connection.cpp
index ba2e64cba9e0a58aa1aaa9c2427e1ebeaea5a732..ec973d843044faa0f81a415811aa8acd7f3b00c0 100644 (file)
--- a/src/connection.cpp
+++ b/src/connection.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000-2004 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2009 Apple Inc. All Rights Reserved.
  * 
  * @APPLE_LICENSE_HEADER_START@
  * 
@@ -49,16 +49,14 @@
 // Construct a Connection object.
 //
 Connection::Connection(Process &proc, Port rPort)
- : mClientPort(rPort), state(idle), agentWait(NULL),
-   aclUpdateTrigger(NULL)
+ : mClientPort(rPort), mGuestRef(kSecNoGuest), state(idle), agentWait(NULL)
 {
        parent(proc);
        
        // bump the send-rights count on the reply port so we keep the right after replying
        mClientPort.modRefs(MACH_PORT_RIGHT_SEND, +1);
        
-       secdebug("SS", "New connection %p for process %d clientport=%d",
-               this, process().pid(), int(rPort));
+       SECURITYD_CLIENT_CONNECTION_NEW(this, rPort, &proc);
 }
 
 
@@ -68,11 +66,21 @@ Connection::Connection(Process &proc, Port rPort)
 //
 Connection::~Connection()
 {
-       secdebug("SS", "Connection %p destroyed", this);
+       SECURITYD_CLIENT_CONNECTION_RELEASE(this);
        assert(!agentWait);
 }
 
 
+//
+// Set the (last known) guest handle for this connection.
+//
+void Connection::guestRef(SecGuestRef newGuest, SecCSFlags flags)
+{
+       secdebug("SS", "Connection %p switches to guest 0x%x", this, newGuest);
+       mGuestRef = newGuest;
+}
+
+
 //
 // Terminate a Connection normally.
 // This is assumed to be properly sequenced, so no thread races are possible.
@@ -104,7 +112,7 @@ void Connection::abort(bool keepReplyPort)
        case busy:
                state = dying;                          // shoot me soon, please
                if (agentWait)
-                       agentWait->destroy();
+                       agentWait->disconnect();
                secdebug("SS", "Connection %p abort deferred (busy)", this);
                break;
        default:
@@ -120,11 +128,15 @@ void Connection::abort(bool keepReplyPort)
 // into the Big Bad Void as Connections and processes drop out from
 // under them.
 //
-void Connection::beginWork()
+void Connection::beginWork(audit_token_t &auditToken)
 {
+    // assume the audit token will be valid for the Connection's lifetime 
+    // (but no longer)
+    mAuditToken = &auditToken;
        switch (state) {
        case idle:
                state = busy;
+               mOverrideReturn = CSSM_OK;      // clear override
                break;
        case busy:
                secdebug("SS", "Attempt to re-enter connection %p(port %d)", this, mClientPort.port());
@@ -148,20 +160,14 @@ void Connection::checkWork()
        }
 }
 
-void Connection::endWork()
+void Connection::endWork(CSSM_RETURN &rcode)
 {
+    mAuditToken = NULL;
+
        switch (state) {
        case busy:
-               // process the n-step aclUpdateTrigger
-               if (aclUpdateTrigger) {
-            if (--aclUpdateTriggerCount == 0) {
-                aclUpdateTrigger = NULL;
-                secdebug("kcacl", "acl update trigger expires");
-            } else
-                secdebug("kcacl", "acl update trigger armed for %d calls",
-                    aclUpdateTriggerCount);
-        }
-               // end involvement
+               if (mOverrideReturn && rcode == CSSM_OK)
+                       rcode = mOverrideReturn;
                state = idle;
                return;
        case dying: