]>
Commit | Line | Data |
---|---|---|
29654253 A |
1 | /* |
2 | * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. | |
3 | * | |
4 | * The contents of this file constitute Original Code as defined in and are | |
5 | * subject to the Apple Public Source License Version 1.2 (the 'License'). | |
6 | * You may not use this file except in compliance with the License. Please obtain | |
7 | * a copy of the License at http://www.apple.com/publicsource and read it before | |
8 | * using this file. | |
9 | * | |
10 | * This Original Code and all software distributed under the License are | |
11 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS | |
12 | * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT | |
13 | * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR | |
14 | * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the | |
15 | * specific language governing rights and limitations under the License. | |
16 | */ | |
17 | ||
18 | // | |
19 | // Access.h - Access control wrappers | |
20 | // | |
21 | #ifndef _SECURITY_ACCESS_H_ | |
22 | #define _SECURITY_ACCESS_H_ | |
23 | ||
24 | #include <Security/SecRuntime.h> | |
25 | #include <Security/ACL.h> | |
26 | #include <Security/trackingallocator.h> | |
27 | #include <Security/cssmaclpod.h> | |
28 | #include <Security/cssmacl.h> | |
29 | #include <Security/aclclient.h> | |
30 | #include <Security/TrustedApplication.h> | |
31 | #include <map> | |
32 | ||
33 | namespace Security { | |
34 | namespace KeychainCore { | |
35 | ||
36 | using CssmClient::AclBearer; | |
37 | ||
38 | ||
39 | class Access : public SecCFObject { | |
40 | NOCOPY(Access) | |
41 | public: | |
df0e469f A |
42 | SECCFFUNCTIONS(Access, SecAccessRef, errSecInvalidItemRef) |
43 | ||
29654253 A |
44 | class Maker { |
45 | NOCOPY(Maker) | |
46 | static const size_t keySize = 16; // number of (random) bytes | |
47 | friend class Access; | |
48 | public: | |
49 | Maker(CssmAllocator &alloc = CssmAllocator::standard()); | |
50 | ||
51 | void initialOwner(ResourceControlContext &ctx, const AccessCredentials *creds = NULL); | |
52 | const AccessCredentials *cred(); | |
53 | ||
54 | TrackingAllocator allocator; | |
55 | ||
56 | static const char creationEntryTag[]; | |
57 | ||
58 | private: | |
59 | CssmAutoData mKey; | |
60 | AclEntryInput mInput; | |
61 | AutoCredentials mCreds; | |
62 | }; | |
63 | ||
64 | public: | |
5a719ac8 | 65 | // make default forms |
29654253 A |
66 | Access(const string &description); |
67 | Access(const string &description, const ACL::ApplicationList &trusted); | |
5a719ac8 A |
68 | Access(const string &description, const ACL::ApplicationList &trusted, |
69 | const AclAuthorizationSet &limitedRights, const AclAuthorizationSet &freeRights); | |
70 | ||
71 | // make a completely open Access (anyone can do anything) | |
72 | Access(); | |
73 | ||
74 | // retrieve from an existing AclBearer | |
29654253 | 75 | Access(AclBearer &source); |
5a719ac8 A |
76 | |
77 | // make from CSSM layer information (presumably retrieved by caller) | |
29654253 A |
78 | Access(const CSSM_ACL_OWNER_PROTOTYPE &owner, |
79 | uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls); | |
df0e469f | 80 | virtual ~Access() throw(); |
29654253 A |
81 | |
82 | public: | |
83 | CFArrayRef copySecACLs() const; | |
84 | CFArrayRef copySecACLs(CSSM_ACL_AUTHORIZATION_TAG action) const; | |
85 | ||
86 | void add(ACL *newAcl); | |
87 | void addOwner(ACL *newOwnerAcl); | |
88 | ||
89 | void setAccess(AclBearer &target, bool update = false); | |
90 | void setAccess(AclBearer &target, Maker &maker); | |
5a719ac8 | 91 | |
29654253 A |
92 | template <class Container> |
93 | void findAclsForRight(AclAuthorization right, Container &cont) | |
94 | { | |
95 | cont.clear(); | |
96 | for (Map::const_iterator it = mAcls.begin(); it != mAcls.end(); it++) | |
97 | if (it->second->authorizes(right)) | |
98 | cont.push_back(it->second); | |
99 | } | |
100 | ||
5a719ac8 A |
101 | std::string promptDescription() const; // from any one of the ACLs contained |
102 | ||
29654253 A |
103 | void addApplicationToRight(AclAuthorization right, TrustedApplication *app); |
104 | ||
df0e469f A |
105 | void copyOwnerAndAcl(CSSM_ACL_OWNER_PROTOTYPE * &owner, |
106 | uint32 &aclCount, CSSM_ACL_ENTRY_INFO * &acls); | |
107 | ||
29654253 | 108 | protected: |
5a719ac8 A |
109 | void makeStandard(const string &description, const ACL::ApplicationList &trusted, |
110 | const AclAuthorizationSet &limitedRights = AclAuthorizationSet(), | |
111 | const AclAuthorizationSet &freeRights = AclAuthorizationSet()); | |
29654253 A |
112 | void compile(const CSSM_ACL_OWNER_PROTOTYPE &owner, |
113 | uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls); | |
114 | ||
115 | void editAccess(AclBearer &target, bool update, const AccessCredentials *cred); | |
116 | ||
117 | private: | |
118 | static const CSSM_ACL_HANDLE ownerHandle = ACL::ownerHandle; | |
df0e469f | 119 | typedef map<CSSM_ACL_HANDLE, SecPointer<ACL> > Map; |
29654253 A |
120 | |
121 | Map mAcls; // set of ACL entries | |
122 | }; | |
123 | ||
124 | ||
125 | } // end namespace KeychainCore | |
126 | } // end namespace Security | |
127 | ||
128 | #endif // !_SECURITY_ACCESS_H_ |