#ifndef _H_SESSION
#define _H_SESSION
#include "securityserver.h"
#include "acls.h"
#include "authority.h"
#include <Security/AuthSession.h>
#include <Security/utilities.h>
#include <Security/handleobject.h>
#include <Security/cssmdb.h>
#if __GNUC__ > 2
#include <ext/hash_map>
using __gnu_cxx::hash_map;
#else
#include <hash_map>
#endif
class Key;
class Connection;
class Database;
class Database::CommonMap;
class Session : public HandleObject {
public:
typedef MachPlusPlus::Bootstrap Bootstrap;
Session(Bootstrap bootstrap, Port servicePort, SessionAttributeBits attrs = 0);
virtual ~Session();
Bootstrap bootstrapPort() const { return mBootstrap; }
Port servicePort() const { return mServicePort; }
void addProcess(Process *proc);
bool removeProcess(Process *proc);
virtual void release();
void addAuthorization(AuthorizationToken *auth);
bool removeAuthorization(AuthorizationToken *auth);
public:
static const SessionAttributeBits settableAttributes =
sessionHasGraphicAccess | sessionHasTTY | sessionIsRemote;
SessionAttributeBits attributes() const { return mAttributes; }
bool attribute(SessionAttributeBits bits) const { return mAttributes & bits; }
static void setup(SessionCreationFlags flags, SessionAttributeBits attrs);
void setupAttributes(SessionAttributeBits attrs);
protected:
void setAttributes(SessionAttributeBits attrs) { mAttributes |= attrs; }
public:
const CredentialSet &authCredentials() const { return mSessionCreds; }
OSStatus authCreate(const AuthItemSet &rights, const AuthItemSet &environment,
AuthorizationFlags flags, AuthorizationBlob &newHandle, const audit_token_t &auditToken);
void authFree(const AuthorizationBlob &auth, AuthorizationFlags flags);
OSStatus authGetRights(const AuthorizationBlob &auth,
const AuthItemSet &requestedRights, const AuthItemSet &environment,
AuthorizationFlags flags, AuthItemSet &grantedRights);
OSStatus authGetInfo(const AuthorizationBlob &auth, const char *tag, AuthItemSet &contextInfo);
OSStatus authExternalize(const AuthorizationBlob &auth, AuthorizationExternalForm &extForm);
OSStatus authInternalize(const AuthorizationExternalForm &extForm, AuthorizationBlob &auth);
OSStatus authorizationdbGet(AuthorizationString inRightName, CFDictionaryRef *rightDict);
OSStatus authorizationdbSet(const AuthorizationBlob &authBlob, AuthorizationString inRightName, CFDictionaryRef rightDict);
OSStatus authorizationdbRemove(const AuthorizationBlob &authBlob, AuthorizationString inRightName);
private:
struct AuthorizationExternalBlob {
AuthorizationBlob blob;
mach_port_t session;
};
protected:
AuthorizationToken &authorization(const AuthorizationBlob &blob);
void mergeCredentials(CredentialSet &creds);
bool clearResources();
public:
static Session &find(Port servPort);
static Session &find(SecuritySessionId id);
static void eliminate(Port servPort);
static void lockAllDatabases(bool forSleep = false);
protected:
mutable Mutex mLock;
Bootstrap mBootstrap; Port mServicePort; SessionAttributeBits mAttributes; unsigned int mProcessCount; unsigned int mAuthCount; bool mDying;
mutable Mutex mCredsLock; CredentialSet mSessionCreds;
private:
typedef map<mach_port_t, Session *> SessionMap;
static SessionMap sessionMap;
static Mutex sessionMapLock;
public:
typedef SessionMap::iterator Iterator;
static Iterator begin() { return sessionMap.begin(); }
static Iterator end() { return sessionMap.end(); }
private:
Database::CommonMap mCommons;
public:
Database::CommonMap &databases()
{ return mCommons; }
};
class RootSession : public Session {
public:
RootSession(Port servicePort, SessionAttributeBits attrs = 0);
};
class DynamicSession : private ReceivePort, public Session {
public:
DynamicSession(const Bootstrap &bootstrap);
~DynamicSession();
protected:
void release();
};
#endif //_H_SESSION