#ifndef _H_SESSION
#define _H_SESSION
#include "securityserver.h"
#include "acls.h"
#include "authority.h"
#include <Security/AuthSession.h>
#include <Security/utilities.h>
#include <Security/handleobject.h>
#include <Security/cssmdb.h>
#include <hash_map>
class Key;
class Connection;
class Session : public HandleObject {
typedef MachPlusPlus::Bootstrap Bootstrap;
public:
Session(Bootstrap bootstrap, SessionAttributeBits attrs = 0);
virtual ~Session();
Bootstrap bootstrapPort() const { return mBootstrap; }
void addProcess(Process *proc);
bool removeProcess(Process *proc);
void addAuthorization(AuthorizationToken *auth);
bool removeAuthorization(AuthorizationToken *auth);
public:
static const SessionAttributeBits settableAttributes =
sessionHasGraphicAccess | sessionHasTTY | sessionIsRemote;
SessionAttributeBits attributes() const { return mAttributes; }
bool attribute(SessionAttributeBits bits) const { return mAttributes & bits; }
static void setup(SessionCreationFlags flags, SessionAttributeBits attrs);
void setupAttributes(SessionAttributeBits attrs);
protected:
void setAttributes(SessionAttributeBits attrs) { mAttributes |= attrs; }
public:
const CredentialSet &authCredentials() const { return mSessionCreds; }
OSStatus authCreate(const RightSet &rights, const AuthorizationEnvironment *environment,
AuthorizationFlags flags, AuthorizationBlob &newHandle);
void authFree(const AuthorizationBlob &auth, AuthorizationFlags flags);
OSStatus authGetRights(const AuthorizationBlob &auth,
const RightSet &requestedRights, const AuthorizationEnvironment *environment,
AuthorizationFlags flags, MutableRightSet &grantedRights);
OSStatus authGetInfo(const AuthorizationBlob &auth, const char *tag, MutableRightSet &info);
OSStatus authExternalize(const AuthorizationBlob &auth, AuthorizationExternalForm &extForm);
OSStatus authInternalize(const AuthorizationExternalForm &extForm, AuthorizationBlob &auth);
private:
struct AuthorizationExternalBlob {
AuthorizationBlob blob;
mach_port_t session;
};
protected:
AuthorizationToken &authorization(const AuthorizationBlob &blob);
void mergeCredentials(CredentialSet &creds);
bool clearResources();
public:
static Session &find(Bootstrap bootstrap, bool makeNew = true);
static Session &find(SecuritySessionId id);
static void eliminate(Bootstrap bootstrap);
protected:
mutable Mutex mLock;
Bootstrap mBootstrap; SessionAttributeBits mAttributes; unsigned int mProcessCount; unsigned int mAuthCount; bool mDying;
CredentialSet mSessionCreds;
private:
typedef map<mach_port_t, Session *> SessionMap;
static SessionMap sessionMap;
static Mutex sessionMapLock;
public:
typedef SessionMap::iterator Iterator;
static Iterator begin() { return sessionMap.begin(); }
static Iterator end() { return sessionMap.end(); }
};
class RootSession : public Session {
public:
RootSession();
};
class DynamicSession : public Session {
public:
DynamicSession(Bootstrap bootstrap);
};
#endif //_H_SESSION