[apple/security.git] / Keychain / Access.h

/*
 * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
 * 
 * The contents of this file constitute Original Code as defined in and are
 * subject to the Apple Public Source License Version 1.2 (the 'License').
 * You may not use this file except in compliance with the License. Please obtain
 * a copy of the License at http://www.apple.com/publicsource and read it before
 * using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
 * specific language governing rights and limitations under the License.
 */

//
// Access.h - Access control wrappers
//
#ifndef _SECURITY_ACCESS_H_
#define _SECURITY_ACCESS_H_

#include <Security/SecRuntime.h>
#include <Security/ACL.h>
#include <Security/trackingallocator.h>
#include <Security/cssmaclpod.h>
#include <Security/cssmacl.h>
#include <Security/aclclient.h>
#include <Security/TrustedApplication.h>
#include <map>

namespace Security {
namespace KeychainCore {

using CssmClient::AclBearer;


class Access : public SecCFObject {
	NOCOPY(Access)
public:
	SECCFFUNCTIONS(Access, SecAccessRef, errSecInvalidItemRef)

	class Maker {
		NOCOPY(Maker)
		static const size_t keySize = 16;	// number of (random) bytes
		friend class Access;
	public:
		Maker(CssmAllocator &alloc = CssmAllocator::standard());
		
		void initialOwner(ResourceControlContext &ctx, const AccessCredentials *creds = NULL);
		const AccessCredentials *cred();
		
		TrackingAllocator allocator;
		
		static const char creationEntryTag[];

	private:
		CssmAutoData mKey;
		AclEntryInput mInput;
		AutoCredentials mCreds;
	};

public:
	// make default forms
    Access(const string &description);
    Access(const string &description, const ACL::ApplicationList &trusted);
    Access(const string &description, const ACL::ApplicationList &trusted,
		const AclAuthorizationSet &limitedRights, const AclAuthorizationSet &freeRights);
	
	// make a completely open Access (anyone can do anything)
	Access();
	
	// retrieve from an existing AclBearer
	Access(AclBearer &source);
	
	// make from CSSM layer information (presumably retrieved by caller)
	Access(const CSSM_ACL_OWNER_PROTOTYPE &owner,
		uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls);
    virtual ~Access() throw();

public:
	CFArrayRef copySecACLs() const;
	CFArrayRef copySecACLs(CSSM_ACL_AUTHORIZATION_TAG action) const;
	
	void add(ACL *newAcl);
	void addOwner(ACL *newOwnerAcl);
	
	void setAccess(AclBearer &target, bool update = false);
	void setAccess(AclBearer &target, Maker &maker);

	template <class Container>
	void findAclsForRight(AclAuthorization right, Container &cont)
	{
		cont.clear();
		for (Map::const_iterator it = mAcls.begin(); it != mAcls.end(); it++)
			if (it->second->authorizes(right))
				cont.push_back(it->second);
	}
	
	std::string promptDescription() const;	// from any one of the ACLs contained
	
	void addApplicationToRight(AclAuthorization right, TrustedApplication *app);
	
	void copyOwnerAndAcl(CSSM_ACL_OWNER_PROTOTYPE * &owner,
		uint32 &aclCount, CSSM_ACL_ENTRY_INFO * &acls);
	
protected:
    void makeStandard(const string &description, const ACL::ApplicationList &trusted,
		const AclAuthorizationSet &limitedRights = AclAuthorizationSet(),
		const AclAuthorizationSet &freeRights = AclAuthorizationSet());
    void compile(const CSSM_ACL_OWNER_PROTOTYPE &owner,
        uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls);
	
	void editAccess(AclBearer &target, bool update, const AccessCredentials *cred);

private:
	static const CSSM_ACL_HANDLE ownerHandle = ACL::ownerHandle;
	typedef map<CSSM_ACL_HANDLE, SecPointer<ACL> > Map;

	Map mAcls;			// set of ACL entries
};


} // end namespace KeychainCore
} // end namespace Security

#endif // !_SECURITY_ACCESS_H_
Commit	Line	Data
29654253 A	1	/*
	2	* Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
	3	*
	4	* The contents of this file constitute Original Code as defined in and are
	5	* subject to the Apple Public Source License Version 1.2 (the 'License').
	6	* You may not use this file except in compliance with the License. Please obtain
	7	* a copy of the License at http://www.apple.com/publicsource and read it before
	8	* using this file.
	9	*
	10	* This Original Code and all software distributed under the License are
	11	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
	12	* OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
	13	* LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
	14	* PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
	15	* specific language governing rights and limitations under the License.
	16	*/
	17
	18	//
	19	// Access.h - Access control wrappers
	20	//
	21	#ifndef _SECURITY_ACCESS_H_
	22	#define _SECURITY_ACCESS_H_
	23
	24	#include <Security/SecRuntime.h>
	25	#include <Security/ACL.h>
	26	#include <Security/trackingallocator.h>
	27	#include <Security/cssmaclpod.h>
	28	#include <Security/cssmacl.h>
	29	#include <Security/aclclient.h>
	30	#include <Security/TrustedApplication.h>
	31	#include <map>
	32
	33	namespace Security {
	34	namespace KeychainCore {
	35
	36	using CssmClient::AclBearer;
	37
	38
	39	class Access : public SecCFObject {
	40	NOCOPY(Access)
	41	public:
df0e469f A	42	SECCFFUNCTIONS(Access, SecAccessRef, errSecInvalidItemRef)
df0e469f A	43
29654253 A	44	class Maker {
	45	NOCOPY(Maker)
	46	static const size_t keySize = 16; // number of (random) bytes
	47	friend class Access;
	48	public:
	49	Maker(CssmAllocator &alloc = CssmAllocator::standard());
	50
	51	void initialOwner(ResourceControlContext &ctx, const AccessCredentials *creds = NULL);
	52	const AccessCredentials *cred();
	53
	54	TrackingAllocator allocator;
	55
	56	static const char creationEntryTag[];
	57
	58	private:
	59	CssmAutoData mKey;
	60	AclEntryInput mInput;
	61	AutoCredentials mCreds;
	62	};
	63
	64	public:
5a719ac8	65	// make default forms
29654253 A	66	Access(const string &description);
29654253 A	67	Access(const string &description, const ACL::ApplicationList &trusted);
5a719ac8 A	68	Access(const string &description, const ACL::ApplicationList &trusted,
	69	const AclAuthorizationSet &limitedRights, const AclAuthorizationSet &freeRights);
	70
	71	// make a completely open Access (anyone can do anything)
	72	Access();
	73
	74	// retrieve from an existing AclBearer
29654253	75	Access(AclBearer &source);
5a719ac8 A	76
5a719ac8 A	77	// make from CSSM layer information (presumably retrieved by caller)
29654253 A	78	Access(const CSSM_ACL_OWNER_PROTOTYPE &owner,
29654253 A	79	uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls);
df0e469f	80	virtual ~Access() throw();
29654253 A	81
	82	public:
	83	CFArrayRef copySecACLs() const;
	84	CFArrayRef copySecACLs(CSSM_ACL_AUTHORIZATION_TAG action) const;
	85
	86	void add(ACL *newAcl);
	87	void addOwner(ACL *newOwnerAcl);
	88
	89	void setAccess(AclBearer &target, bool update = false);
	90	void setAccess(AclBearer &target, Maker &maker);
5a719ac8	91
29654253 A	92	template <class Container>
	93	void findAclsForRight(AclAuthorization right, Container &cont)
	94	{
	95	cont.clear();
	96	for (Map::const_iterator it = mAcls.begin(); it != mAcls.end(); it++)
	97	if (it->second->authorizes(right))
	98	cont.push_back(it->second);
	99	}
	100
5a719ac8 A	101	std::string promptDescription() const; // from any one of the ACLs contained
5a719ac8 A	102
29654253 A	103	void addApplicationToRight(AclAuthorization right, TrustedApplication *app);
29654253 A	104
df0e469f A	105	void copyOwnerAndAcl(CSSM_ACL_OWNER_PROTOTYPE * &owner,
	106	uint32 &aclCount, CSSM_ACL_ENTRY_INFO * &acls);
	107
29654253	108	protected:
5a719ac8 A	109	void makeStandard(const string &description, const ACL::ApplicationList &trusted,
	110	const AclAuthorizationSet &limitedRights = AclAuthorizationSet(),
	111	const AclAuthorizationSet &freeRights = AclAuthorizationSet());
29654253 A	112	void compile(const CSSM_ACL_OWNER_PROTOTYPE &owner,
	113	uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls);
	114
	115	void editAccess(AclBearer &target, bool update, const AccessCredentials *cred);
	116
	117	private:
	118	static const CSSM_ACL_HANDLE ownerHandle = ACL::ownerHandle;
df0e469f	119	typedef map<CSSM_ACL_HANDLE, SecPointer<ACL> > Map;
29654253 A	120
	121	Map mAcls; // set of ACL entries
	122	};
	123
	124
	125	} // end namespace KeychainCore
	126	} // end namespace Security
	127
	128	#endif // !_SECURITY_ACCESS_H_