projects / apple / security.git / blame
| Commit | Line | Data |
|---|---|---|
| bac41a7b A |
1 | /* |
| 2 | * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. | |
| 3 | * | |
| 4 | * The contents of this file constitute Original Code as defined in and are | |
| 5 | * subject to the Apple Public Source License Version 1.2 (the 'License'). | |
| 6 | * You may not use this file except in compliance with the License. Please obtain | |
| 7 | * a copy of the License at http://www.apple.com/publicsource and read it before | |
| 8 | * using this file. | |
| 9 | * | |
| 10 | * This Original Code and all software distributed under the License are | |
| 11 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS | |
| 12 | * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT | |
| 13 | * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR | |
| 14 | * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the | |
| 15 | * specific language governing rights and limitations under the License. | |
| 16 | */ | |
| 17 | ||
| 18 | ||
| 19 | // | |
| 20 | // aclsupport.h - support for special Keychain style acls | |
| 21 | // | |
| 22 | ||
| 23 | #ifndef _ACLSUPPORT_H_ | |
| 24 | #define _ACLSUPPORT_H_ | |
| 25 | ||
| 26 | #include <Security/cssmdata.h> | |
| 27 | #include <Security/threading.h> | |
| 28 | #include <Security/cssmalloc.h> | |
| 29 | #include <Security/refcount.h> | |
| 30 | #include <Security/keyclient.h> | |
| 31 | #include <vector> | |
| 32 | ||
| 33 | ||
| 34 | namespace Security | |
| 35 | { | |
| 36 | ||
| 37 | namespace CssmClient | |
| 38 | { | |
| 39 | ||
| 40 | class TrustedApplicationImpl : public RefCount | |
| 41 | { | |
| 42 | public: | |
| 43 | TrustedApplicationImpl(const CssmData &signature, const CssmData &comment, bool enabled); | |
| 44 | TrustedApplicationImpl(const char *path, const CssmData &comment, bool enabled); | |
| 45 | ||
| 46 | const CssmData &signature() const; | |
| 47 | const CssmData &comment() const; | |
| 48 | bool enabled() const; | |
| 49 | void enabled(bool enabled); | |
| 50 | ||
| 51 | bool sameSignature(const char *path); // return true if object at path has same signature | |
| 52 | CssmAutoData calcSignature(const char *path); // generate a signature | |
| 53 | ||
| 54 | private: | |
| 55 | CssmAutoData mSignature; | |
| 56 | CssmAutoData mComment; | |
| 57 | bool mEnabled; | |
| 58 | }; | |
| 59 | ||
| 60 | class TrustedApplication : public RefPointer<TrustedApplicationImpl> | |
| 61 | { | |
| 62 | public: | |
| 63 | TrustedApplication(); | |
| 64 | TrustedApplication(const CssmData &signature, const CssmData &comment, bool enabled = true); | |
| 65 | TrustedApplication(const char *path, const CssmData &comment, bool enabled = true); | |
| 66 | }; | |
| 67 | ||
| 68 | class KeychainACL : public vector<TrustedApplication> | |
| 69 | { | |
| 70 | public: | |
| 71 | KeychainACL(const Key &key); | |
| 72 | void commit(); | |
| 73 | ||
| 74 | void anyAllow(bool allow); | |
| 75 | bool anyAllow() const; | |
| 76 | ||
| 77 | void alwaysAskUser(bool allow); | |
| 78 | bool alwaysAskUser() const; | |
| 79 | bool isCustomACL() const; | |
| 80 | void label(const CssmData &label); | |
| 81 | ||
| 82 | private: | |
| 83 | void initialize(); | |
| 84 | Key mKey; | |
| 85 | bool mAnyAllow; | |
| 86 | bool mAlwaysAskUser; | |
| 87 | bool mIsCustomACL; | |
| 88 | CssmAutoData mLabel; | |
| 89 | ||
| 90 | CSSM_ACL_HANDLE mHandle; | |
| 91 | }; | |
| 92 | ||
| 93 | }; // end namespace CssmClient | |
| 94 | ||
| 95 | } // end namespace Security | |
| 96 | ||
| 97 | #endif // _ACLSUPPORT_H_ |