[apple/security.git] / OSX / include / security_cdsa_client / aclclient.h

/*
 * Copyright (c) 2000-2001,2007,2011 Apple Inc. All Rights Reserved.
 * 
 * The contents of this file constitute Original Code as defined in and are
 * subject to the Apple Public Source License Version 1.2 (the 'License').
 * You may not use this file except in compliance with the License. Please obtain
 * a copy of the License at http://www.apple.com/publicsource and read it before
 * using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
 * specific language governing rights and limitations under the License.
 */


//
// aclclient 
//
#ifndef _H_CDSA_CLIENT_ACLCLIENT
#define _H_CDSA_CLIENT_ACLCLIENT  1

#include <security_cdsa_utilities/cssmaclpod.h>
#include <security_cdsa_utilities/cssmacl.h>
#include <security_cdsa_utilities/cssmcred.h>
#include <security_utilities/refcount.h>
#include <security_utilities/globalizer.h>

namespace Security {
namespace CssmClient {

class CSP;


//
// Any client-side object that has CSSM-layer ACLs shall be
// derived from AclBearer and implement its methods accordingly.
// Note the (shared/virtual) RefCount - you should handle AclBearer
// references via RefPointers.
// All the non-pure methods are implemented (in AclBearer) in terms of
// the pure virtual methods; they just restate the problem in various ways.
//
class AclBearer : public virtual RefCount {
public:
	virtual ~AclBearer();

	// Acl manipulation
	virtual void getAcl(AutoAclEntryInfoList &aclInfos,
		const char *selectionTag = NULL) const = 0;
	virtual void changeAcl(const CSSM_ACL_EDIT &aclEdit,
		const CSSM_ACCESS_CREDENTIALS *cred = NULL) = 0;
	
	void addAcl(const AclEntryInput &input, const CSSM_ACCESS_CREDENTIALS *cred = NULL);
	void changeAcl(CSSM_ACL_HANDLE handle, const AclEntryInput &input,
		const CSSM_ACCESS_CREDENTIALS *cred = NULL);
	void deleteAcl(CSSM_ACL_HANDLE handle, const CSSM_ACCESS_CREDENTIALS *cred = NULL);
	void deleteAcl(const char *tag = NULL, const CSSM_ACCESS_CREDENTIALS *cred = NULL);

	// Acl owner manipulation
	virtual void getOwner(AutoAclOwnerPrototype &owner) const = 0;
	virtual void changeOwner(const CSSM_ACL_OWNER_PROTOTYPE &newOwner,
		const CSSM_ACCESS_CREDENTIALS *cred = NULL) = 0;
};


//
// An AclBearer applied to a raw CSSM key
//
class KeyAclBearer : public AclBearer {
public:
	KeyAclBearer(CSSM_CSP_HANDLE cspH, CSSM_KEY &theKey, Allocator &alloc)
		: csp(cspH), key(theKey), allocator(alloc) { }
	
	const CSSM_CSP_HANDLE csp;
	CSSM_KEY &key;
	Allocator &allocator;
	
protected:
	void getAcl(AutoAclEntryInfoList &aclInfos,
		const char *selectionTag = NULL) const;
	void changeAcl(const CSSM_ACL_EDIT &aclEdit,
		const CSSM_ACCESS_CREDENTIALS *cred = NULL);
	void getOwner(AutoAclOwnerPrototype &owner) const;
	void changeOwner(const CSSM_ACL_OWNER_PROTOTYPE &newOwner,
		const CSSM_ACCESS_CREDENTIALS *cred = NULL);
};


//
// An AclFactory helps create and maintain CSSM-layer AccessCredentials
// and matching samples. There is state in an AclFactory, though simple
// uses may not care about it.
//
class AclFactory {
public:
	AclFactory();
	virtual ~AclFactory();
	
	// these values are owned by the AclFactory and persist
	// until it is destroyed. You don't own the memory.
	const AccessCredentials *nullCred() const;			// conforming empty
	const AccessCredentials *promptCred() const;		// enable interactive prompting
	const AccessCredentials *unlockCred() const;
	const AccessCredentials *cancelCred() const;
	const AccessCredentials *promptedPINCred() const;
	const AccessCredentials *promptedPINItemCred() const;

	const AclOwnerPrototype &anyOwner() const;			// wide-open owner
	const AclEntryInfo &anyAcl() const;					// wide-open ACL entry (authorizes anything)

protected:
	class KeychainCredentials {
	public:
		KeychainCredentials(Allocator &alloc)
			: allocator(alloc), mCredentials(new AutoCredentials(alloc)) { }
		virtual ~KeychainCredentials();

		Allocator &allocator;

        operator const AccessCredentials* () const { return mCredentials; }
	
    protected:
		AutoCredentials *mCredentials;
	};
    
public:
    // create a self-managed AccessCredentials to explicitly provide a keychain passphrase
    class PassphraseUnlockCredentials : public KeychainCredentials {
    public:
        PassphraseUnlockCredentials (const CssmData& password, Allocator& allocator);
    };
        
	// create a self-managed AccessCredentials to change a keychain passphrase
    class PasswordChangeCredentials : public KeychainCredentials {
    public:
        PasswordChangeCredentials (const CssmData& password, Allocator& allocator);
    };

public:
	class AnyResourceContext : public ResourceControlContext {
	public:
		AnyResourceContext(const CSSM_ACCESS_CREDENTIALS *cred = NULL);
		
	private:
		ListElement mAny;
		CSSM_ACL_AUTHORIZATION_TAG mTag;
	};

public:
	//
	// Subject makers. Contents are chunk-allocated with the Allocator given
	//
	struct Subject : public TypedList {
		Subject(Allocator &alloc, CSSM_ACL_SUBJECT_TYPE type);
	};
	
	// an ANY subject, allocated dynamically for you
	struct AnySubject : public Subject {
		AnySubject(Allocator &alloc) : Subject(alloc, CSSM_ACL_SUBJECT_TYPE_ANY) { }
	};
	
	// a "nobody" subject (something guaranteed never to match)
	struct NobodySubject : public Subject {
		NobodySubject(Allocator &alloc) : Subject(alloc, CSSM_ACL_SUBJECT_TYPE_COMMENT) { }
	};

	// password subjects
	struct PWSubject : public Subject {
		PWSubject(Allocator &alloc);							// no secret
		PWSubject(Allocator &alloc, const CssmData &secret);	// this secret
	};

	struct PromptPWSubject : public Subject {
		PromptPWSubject(Allocator &alloc, const CssmData &prompt);
		PromptPWSubject(Allocator &alloc, const CssmData &prompt, const CssmData &secret);
	};

	struct ProtectedPWSubject : public Subject {
		ProtectedPWSubject(Allocator &alloc);
	};
	
	// PIN (pre-auth) reference, origin side
	struct PinSubject : public Subject {
		PinSubject(Allocator &alloc, uint32 slot);
	};
	
	// PIN (pre-auth) source site
	struct PinSourceSubject : public Subject {
		PinSourceSubject(Allocator &alloc, const TypedList &form);
	};
};


} // end namespace CssmClient
} // end namespace Security

#endif // _H_CDSA_CLIENT_ACLCLIENT
Commit	Line	Data
b1ab9ed8	1	/*
d8f41ccd	2	* Copyright (c) 2000-2001,2007,2011 Apple Inc. All Rights Reserved.
b1ab9ed8 A	3	*
	4	* The contents of this file constitute Original Code as defined in and are
	5	* subject to the Apple Public Source License Version 1.2 (the 'License').
	6	* You may not use this file except in compliance with the License. Please obtain
	7	* a copy of the License at http://www.apple.com/publicsource and read it before
	8	* using this file.
	9	*
	10	* This Original Code and all software distributed under the License are
	11	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
	12	* OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
	13	* LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
	14	* PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
	15	* specific language governing rights and limitations under the License.
	16	*/
	17
	18
	19	//
	20	// aclclient
	21	//
	22	#ifndef _H_CDSA_CLIENT_ACLCLIENT
	23	#define _H_CDSA_CLIENT_ACLCLIENT 1
	24
	25	#include <security_cdsa_utilities/cssmaclpod.h>
	26	#include <security_cdsa_utilities/cssmacl.h>
	27	#include <security_cdsa_utilities/cssmcred.h>
	28	#include <security_utilities/refcount.h>
	29	#include <security_utilities/globalizer.h>
	30
	31	namespace Security {
	32	namespace CssmClient {
	33
	34	class CSP;
	35
	36
	37	//
	38	// Any client-side object that has CSSM-layer ACLs shall be
	39	// derived from AclBearer and implement its methods accordingly.
	40	// Note the (shared/virtual) RefCount - you should handle AclBearer
	41	// references via RefPointers.
	42	// All the non-pure methods are implemented (in AclBearer) in terms of
	43	// the pure virtual methods; they just restate the problem in various ways.
	44	//
	45	class AclBearer : public virtual RefCount {
	46	public:
	47	virtual ~AclBearer();
	48
	49	// Acl manipulation
	50	virtual void getAcl(AutoAclEntryInfoList &aclInfos,
	51	const char *selectionTag = NULL) const = 0;
	52	virtual void changeAcl(const CSSM_ACL_EDIT &aclEdit,
	53	const CSSM_ACCESS_CREDENTIALS *cred = NULL) = 0;
	54
	55	void addAcl(const AclEntryInput &input, const CSSM_ACCESS_CREDENTIALS *cred = NULL);
	56	void changeAcl(CSSM_ACL_HANDLE handle, const AclEntryInput &input,
	57	const CSSM_ACCESS_CREDENTIALS *cred = NULL);
	58	void deleteAcl(CSSM_ACL_HANDLE handle, const CSSM_ACCESS_CREDENTIALS *cred = NULL);
	59	void deleteAcl(const char tag = NULL, const CSSM_ACCESS_CREDENTIALS cred = NULL);
	60
	61	// Acl owner manipulation
	62	virtual void getOwner(AutoAclOwnerPrototype &owner) const = 0;
	63	virtual void changeOwner(const CSSM_ACL_OWNER_PROTOTYPE &newOwner,
	64	const CSSM_ACCESS_CREDENTIALS *cred = NULL) = 0;
	65	};
	66
67
68	//
69	// An AclBearer applied to a raw CSSM key
70	//
71	class KeyAclBearer : public AclBearer {
72	public:
73	KeyAclBearer(CSSM_CSP_HANDLE cspH, CSSM_KEY &theKey, Allocator &alloc)
74	: csp(cspH), key(theKey), allocator(alloc) { }
75
76	const CSSM_CSP_HANDLE csp;
77	CSSM_KEY &key;
78	Allocator &allocator;
79
80	protected:
81	void getAcl(AutoAclEntryInfoList &aclInfos,
82	const char *selectionTag = NULL) const;
83	void changeAcl(const CSSM_ACL_EDIT &aclEdit,
84	const CSSM_ACCESS_CREDENTIALS *cred = NULL);
85	void getOwner(AutoAclOwnerPrototype &owner) const;
86	void changeOwner(const CSSM_ACL_OWNER_PROTOTYPE &newOwner,
87	const CSSM_ACCESS_CREDENTIALS *cred = NULL);
88	};
89
90
91	//
92	// An AclFactory helps create and maintain CSSM-layer AccessCredentials
93	// and matching samples. There is state in an AclFactory, though simple
94	// uses may not care about it.
95	//
96	class AclFactory {
97	public:
98	AclFactory();
99	virtual ~AclFactory();
100
101	// these values are owned by the AclFactory and persist
102	// until it is destroyed. You don't own the memory.
103	const AccessCredentials *nullCred() const; // conforming empty
104	const AccessCredentials *promptCred() const; // enable interactive prompting
105	const AccessCredentials *unlockCred() const;
106	const AccessCredentials *cancelCred() const;
107	const AccessCredentials *promptedPINCred() const;
108	const AccessCredentials *promptedPINItemCred() const;
109
110	const AclOwnerPrototype &anyOwner() const; // wide-open owner
111	const AclEntryInfo &anyAcl() const; // wide-open ACL entry (authorizes anything)
112
113	protected:
114	class KeychainCredentials {
115	public:
116	KeychainCredentials(Allocator &alloc)
117	: allocator(alloc), mCredentials(new AutoCredentials(alloc)) { }
118	virtual ~KeychainCredentials();
119
120	Allocator &allocator;
121
122	operator const AccessCredentials* () const { return mCredentials; }
123
124	protected:
125	AutoCredentials *mCredentials;
126	};
127
128	public:
129	// create a self-managed AccessCredentials to explicitly provide a keychain passphrase
130	class PassphraseUnlockCredentials : public KeychainCredentials {
131	public:
132	PassphraseUnlockCredentials (const CssmData& password, Allocator& allocator);
133	};
134
135	// create a self-managed AccessCredentials to change a keychain passphrase
136	class PasswordChangeCredentials : public KeychainCredentials {
137	public:
138	PasswordChangeCredentials (const CssmData& password, Allocator& allocator);
139	};
140
141	public:
142	class AnyResourceContext : public ResourceControlContext {
143	public:
144	AnyResourceContext(const CSSM_ACCESS_CREDENTIALS *cred = NULL);
145
146	private:
147	ListElement mAny;
148	CSSM_ACL_AUTHORIZATION_TAG mTag;
149	};
150
151	public:
152	//
153	// Subject makers. Contents are chunk-allocated with the Allocator given
154	//
155	struct Subject : public TypedList {
156	Subject(Allocator &alloc, CSSM_ACL_SUBJECT_TYPE type);
157	};
158
159	// an ANY subject, allocated dynamically for you
160	struct AnySubject : public Subject {
161	AnySubject(Allocator &alloc) : Subject(alloc, CSSM_ACL_SUBJECT_TYPE_ANY) { }
162	};
163
164	// a "nobody" subject (something guaranteed never to match)
165	struct NobodySubject : public Subject {
166	NobodySubject(Allocator &alloc) : Subject(alloc, CSSM_ACL_SUBJECT_TYPE_COMMENT) { }
167	};
168
169	// password subjects
170	struct PWSubject : public Subject {
171	PWSubject(Allocator &alloc); // no secret
172	PWSubject(Allocator &alloc, const CssmData &secret); // this secret
173	};
174
175	struct PromptPWSubject : public Subject {
176	PromptPWSubject(Allocator &alloc, const CssmData &prompt);
177	PromptPWSubject(Allocator &alloc, const CssmData &prompt, const CssmData &secret);
178	};
179
180	struct ProtectedPWSubject : public Subject {
181	ProtectedPWSubject(Allocator &alloc);
182	};
183
184	// PIN (pre-auth) reference, origin side
185	struct PinSubject : public Subject {
186	PinSubject(Allocator &alloc, uint32 slot);
187	};
188
189	// PIN (pre-auth) source site
190	struct PinSourceSubject : public Subject {
191	PinSourceSubject(Allocator &alloc, const TypedList &form);
192	};
193	};
194
195
196	} // end namespace CssmClient
197	} // end namespace Security
198
199	#endif // _H_CDSA_CLIENT_ACLCLIENT