1/* 2 * Copyright (c) 2000-2004,2008 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24 25// 26// session - authentication session domains 27// 28#ifndef _H_SESSION 29#define _H_SESSION 30 31#include "structure.h" 32#include "acls.h" 33#include "authority.h" 34#include "authhost.h" 35#include <Security/AuthSession.h> 36#include <security_utilities/ccaudit.h> 37#include <security_cdsa_utilities/handletemplates_defs.h> 38#include <security_cdsa_utilities/u32handleobject.h> 39#include <security_cdsa_utilities/cssmdb.h> 40#include <bsm/audit.h> 41#include <bsm/audit_session.h> 42#include <sys/event.h> 43#include "securityd_service/securityd_service/securityd_service_client.h" 44 45class Key; 46class Connection; 47class Server; 48class AuthHostInstance; 49 50enum { 51 session_keybag_locked = 0, 52 session_keybag_unlocked = 1 << 0, 53 session_keybag_check_master_key = 1 << 1, 54 session_keybag_loaded = 1 << 2, 55}; 56 57// 58// A Session object represents one or more Connections that are known to 59// belong to the same authentication domain. Informally this means just 60// about "the same user", for the right definition of "user." The upshot 61// is that global credentials can be shared by Connections of one Session 62// with a modicum of security, and so Sessions are the natural nexus of 63// single-sign-on functionality. 64// 65class Session : public PerSession { 66public: 67 typedef au_asid_t SessionId; // internal session identifier (audit session id) 68 69 Session(const CommonCriteria::AuditInfo &audit, Server &server); 70 virtual ~Session(); 71 72 Server &server() const; 73 74 SessionId sessionId() const { return mAudit.sessionId(); } 75 CommonCriteria::AuditInfo &auditInfo() { return mAudit; } 76 77 IFDUMP(virtual void dumpNode()); 78 79public: 80 static const SessionAttributeBits settableAttributes = 81 sessionHasGraphicAccess | sessionHasTTY | sessionIsRemote | AU_SESSION_FLAG_HAS_AUTHENTICATED; 82 83 SessionAttributeBits attributes() const { updateAudit(); return mAudit.ai_flags; } 84 bool attribute(SessionAttributeBits bits) const { return attributes() & bits; } 85 void setAttributes(SessionAttributeBits bits); 86 87 virtual void setupAttributes(SessionCreationFlags flags, SessionAttributeBits attrs); 88 89 virtual uid_t originatorUid(); 90 91 virtual CFDataRef copyUserPrefs() = 0; 92 93 static const char kUsername[]; 94 static const char kRealname[]; 95 96public: 97 const CredentialSet &authCredentials() const { return mSessionCreds; } 98 99 // 100 // For external Authorization clients 101 // 102 OSStatus authCreate(const AuthItemSet &rights, const AuthItemSet &environment, 103 AuthorizationFlags flags, AuthorizationBlob &newHandle, const audit_token_t &auditToken); 104 void authFree(const AuthorizationBlob &auth, AuthorizationFlags flags); 105 static OSStatus authGetRights(const AuthorizationBlob &auth, 106 const AuthItemSet &requestedRights, const AuthItemSet &environment, 107 AuthorizationFlags flags, AuthItemSet &grantedRights); 108 OSStatus authGetInfo(const AuthorizationBlob &auth, const char *tag, AuthItemSet &contextInfo); 109 110 OSStatus authExternalize(const AuthorizationBlob &auth, AuthorizationExternalForm &extForm); 111 OSStatus authInternalize(const AuthorizationExternalForm &extForm, AuthorizationBlob &auth); 112 113 OSStatus authorizationdbGet(AuthorizationString inRightName, CFDictionaryRef *rightDict); 114 OSStatus authorizationdbSet(const AuthorizationBlob &authBlob, AuthorizationString inRightName, CFDictionaryRef rightDict); 115 OSStatus authorizationdbRemove(const AuthorizationBlob &authBlob, AuthorizationString inRightName); 116 117 // 118 // Authorization methods for securityd's internal use 119 // 120 OSStatus authCheckRight(string &rightName, Connection &connection, bool allowUI); 121 // authCheckRight() with exception-handling and Boolean return semantics 122 bool isRightAuthorized(string &rightName, Connection &connection, bool allowUI); 123 124protected: 125 void updateAudit() const; 126 127private: 128 struct AuthorizationExternalBlob { 129 AuthorizationBlob blob; 130 uint32_t session; 131 }; 132 133protected: 134 static AuthorizationToken &authorization(const AuthorizationBlob &blob); 135 OSStatus authGetRights(AuthorizationToken &auth, 136 const AuthItemSet &requestedRights, const AuthItemSet &environment, 137 AuthorizationFlags flags, AuthItemSet &grantedRights); 138 void mergeCredentials(CredentialSet &creds); 139 140public: 141 void invalidateSessionAuthHosts(); // invalidate auth hosts in this session 142 static void invalidateAuthHosts(); // invalidate auth hosts in all sessions 143 144 static void processSystemSleep(); 145 void processLockAll(); 146 147 RefPointer<AuthHostInstance> authhost(const AuthHostType hostType = securityAgent, const bool restart = false); 148 149protected: 150 mutable CommonCriteria::AuditInfo mAudit; 151 152 mutable Mutex mCredsLock; // lock for mSessionCreds 153 CredentialSet mSessionCreds; // shared session authorization credentials 154 155 mutable Mutex mAuthHostLock; 156 AuthHostInstance *mSecurityAgent; 157 AuthHostInstance *mAuthHost; 158 159 CFRef<CFDataRef> mSessionAgentPrefs; 160 Credential mOriginatorCredential; 161 162 void kill(); 163 164public: 165 void verifyKeyStorePassphrase(int32_t retries); 166 void changeKeyStorePassphrase(); 167 void resetKeyStorePassphrase(const CssmData &passphrase); 168 service_context_t get_current_service_context(); 169 void keybagClearState(int state); 170 void keybagSetState(int state); 171 bool keybagGetState(int state); 172private: 173 int mKeybagState; 174 175public: 176 static Session &find(SessionId id, bool create); // find and optionally create 177 template <class SessionType> static SessionType &find(SecuritySessionId id); 178 static void destroy(SessionId id); 179 180protected: 181 typedef std::map<SessionId, RefPointer<Session> > SessionMap; 182 static SessionMap mSessions; 183 static Mutex mSessionLock; 184}; 185 186 187template <class SessionType> 188SessionType &Session::find(SecuritySessionId id) 189{ 190 if (SessionType *ssn = dynamic_cast<SessionType *>(&find(id, false))) 191 return *ssn; 192 else 193 MacOSError::throwMe(errSessionInvalidId); 194} 195 196 197// 198// The RootSession is the session of all code that originates from system startup processing 199// and does not belong to any particular login origin. (Or, if you prefer, whose login origin 200// is the system itself.) 201// 202class RootSession : public Session { 203public: 204 RootSession(uint64_t attributes, Server &server); 205 206 CFDataRef copyUserPrefs() { return NULL; } 207}; 208 209 210// 211// A DynamicSession object represents a session that is dynamically constructed 212// when we first encounter it. These sessions are actually created in client 213// space using the audit session APIs. 214// We tear down a DynamicSession when the system reports (via kevents) that the 215// kernel audit session object has been destroyed. 216// 217class DynamicSession : private ReceivePort, public Session { 218public: 219 DynamicSession(const CommonCriteria::AuditInfo &audit); 220 221 void setUserPrefs(CFDataRef userPrefsDict); 222 CFDataRef copyUserPrefs(); 223}; 224 225 226#endif //_H_SESSION 227