1/*
2 * Copyright (c) 2000-2004 Apple Computer, Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25//
26// process - track a single client process and its belongings
27//
28#ifndef _H_PROCESS
29#define _H_PROCESS
30
31#include "structure.h"
32#include "session.h"
33#include <security_agent_client/agentclient.h>
34#include <security_utilities/refcount.h>
35#include <security_utilities/ccaudit.h>
36#include <security_utilities/vproc++.h>
37#include "clientid.h"
38#include "csproxy.h"
39#include "localkey.h"
40#include "notifications.h"
41#include <string>
42
43using MachPlusPlus::Port;
44using MachPlusPlus::TaskPort;
45
46class Session;
47class LocalDatabase;
48class AuthorizationToken;
49
50
51//
52// A Process object represents a UNIX process (and associated Mach Task) that has
53// had contact with us and may have some state associated with it. It primarily tracks
54// the process nature of the client. Individual threads in the client are tracked by
55// Connection objects.
56//
57// Code Signing-style Guest identities are managed in two of our mix-ins. The two play
58// distinct but related roles:
59// * CodeSigningHost manages the public identity of guests within the client.
60//   In this relationship, securityd provides registry and proxy services to the client.
61// * ClientIdentification tracks the identity of guests in the client *as securityd clients*.
62//   It is concerned with which guest is asking for securityd services, and whether this
63//   should be granted.
64// Often, the two form a loop: ClientIdentification uses CodeSigningHost to determine
65// the guest client identity, but it does so through public (Mach IPC) interfaces, because
66// clients may implement their own proxy (though currently not registry) services.
67// We could short-circuit the IPC leg in those cases where securityd serves itself,
68// but there's no evidence (yet) that this is worth the trouble.
69//
70class Process : public PerProcess,
71				public CodeSigningHost,
72				public ClientIdentification,
73				private VProc::Transaction {
74public:
75	Process(TaskPort tPort, const ClientSetupInfo *info, const CommonCriteria::AuditToken &audit);
76	virtual ~Process();
77
78	void reset(TaskPort tPort, const ClientSetupInfo *info, const CommonCriteria::AuditToken &audit);
79
80    uid_t uid() const			{ return mUid; }
81    gid_t gid() const			{ return mGid; }
82    pid_t pid() const			{ return mPid; }
83    TaskPort taskPort() const	{ return mTaskPort; }
84	bool byteFlipped() const	{ return mByteFlipped; }
85
86	void addAuthorization(AuthorizationToken *auth);
87	void checkAuthorization(AuthorizationToken *auth);
88	bool removeAuthorization(AuthorizationToken *auth);
89
90	using PerProcess::kill;
91	void kill();
92
93	void changeSession(Session::SessionId sessionId);
94
95	Session& session() const;
96	void checkSession(const audit_token_t &auditToken);
97
98	LocalDatabase &localStore();
99	Key *makeTemporaryKey(const CssmKey &key, CSSM_KEYATTR_FLAGS moreAttributes,
100		const AclEntryPrototype *owner);
101
102	// aclSequence is taken to serialize ACL validations to pick up mutual changes
103	Mutex aclSequence;
104
105	IFDUMP(void dumpNode());
106
107private:
108	void setup(const ClientSetupInfo *info);
109
110private:
111	// peer state: established during connection startup; fixed thereafter
112    TaskPort mTaskPort;					// task port
113	bool mByteFlipped;					// client's byte order is reverse of ours
114    pid_t mPid;							// process id
115    uid_t mUid;							// UNIX uid credential
116    gid_t mGid;							// primary UNIX gid credential
117
118	// authorization dictionary
119	typedef multiset<AuthorizationToken *> AuthorizationSet;
120	AuthorizationSet mAuthorizations;	// set of valid authorizations for process
121
122	// canonical local (transient) key store
123	RefPointer<LocalDatabase> mLocalStore;
124};
125
126
127//
128// Convenience comparison
129//
130inline bool operator == (const Process &p1, const Process &p2)
131{
132	return &p1 == &p2;
133}
134
135
136#endif //_H_PROCESS
137