]> git.saurik.com Git - apple/security.git/blame - Keychain/Access.h
Security-177.tar.gz
[apple/security.git] / Keychain / Access.h
CommitLineData
29654253
A
1/*
2 * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18//
19// Access.h - Access control wrappers
20//
21#ifndef _SECURITY_ACCESS_H_
22#define _SECURITY_ACCESS_H_
23
24#include <Security/SecRuntime.h>
25#include <Security/ACL.h>
26#include <Security/trackingallocator.h>
27#include <Security/cssmaclpod.h>
28#include <Security/cssmacl.h>
29#include <Security/aclclient.h>
30#include <Security/TrustedApplication.h>
31#include <map>
32
33namespace Security {
34namespace KeychainCore {
35
36using CssmClient::AclBearer;
37
38
39class Access : public SecCFObject {
40 NOCOPY(Access)
41public:
df0e469f
A
42 SECCFFUNCTIONS(Access, SecAccessRef, errSecInvalidItemRef)
43
29654253
A
44 class Maker {
45 NOCOPY(Maker)
46 static const size_t keySize = 16; // number of (random) bytes
47 friend class Access;
48 public:
49 Maker(CssmAllocator &alloc = CssmAllocator::standard());
50
51 void initialOwner(ResourceControlContext &ctx, const AccessCredentials *creds = NULL);
52 const AccessCredentials *cred();
53
54 TrackingAllocator allocator;
55
56 static const char creationEntryTag[];
57
58 private:
59 CssmAutoData mKey;
60 AclEntryInput mInput;
61 AutoCredentials mCreds;
62 };
63
64public:
5a719ac8 65 // make default forms
29654253
A
66 Access(const string &description);
67 Access(const string &description, const ACL::ApplicationList &trusted);
5a719ac8
A
68 Access(const string &description, const ACL::ApplicationList &trusted,
69 const AclAuthorizationSet &limitedRights, const AclAuthorizationSet &freeRights);
70
71 // make a completely open Access (anyone can do anything)
72 Access();
73
74 // retrieve from an existing AclBearer
29654253 75 Access(AclBearer &source);
5a719ac8
A
76
77 // make from CSSM layer information (presumably retrieved by caller)
29654253
A
78 Access(const CSSM_ACL_OWNER_PROTOTYPE &owner,
79 uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls);
df0e469f 80 virtual ~Access() throw();
29654253
A
81
82public:
83 CFArrayRef copySecACLs() const;
84 CFArrayRef copySecACLs(CSSM_ACL_AUTHORIZATION_TAG action) const;
85
86 void add(ACL *newAcl);
87 void addOwner(ACL *newOwnerAcl);
88
89 void setAccess(AclBearer &target, bool update = false);
90 void setAccess(AclBearer &target, Maker &maker);
5a719ac8 91
29654253
A
92 template <class Container>
93 void findAclsForRight(AclAuthorization right, Container &cont)
94 {
95 cont.clear();
96 for (Map::const_iterator it = mAcls.begin(); it != mAcls.end(); it++)
97 if (it->second->authorizes(right))
98 cont.push_back(it->second);
99 }
100
5a719ac8
A
101 std::string promptDescription() const; // from any one of the ACLs contained
102
29654253
A
103 void addApplicationToRight(AclAuthorization right, TrustedApplication *app);
104
df0e469f
A
105 void copyOwnerAndAcl(CSSM_ACL_OWNER_PROTOTYPE * &owner,
106 uint32 &aclCount, CSSM_ACL_ENTRY_INFO * &acls);
107
29654253 108protected:
5a719ac8
A
109 void makeStandard(const string &description, const ACL::ApplicationList &trusted,
110 const AclAuthorizationSet &limitedRights = AclAuthorizationSet(),
111 const AclAuthorizationSet &freeRights = AclAuthorizationSet());
29654253
A
112 void compile(const CSSM_ACL_OWNER_PROTOTYPE &owner,
113 uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls);
114
115 void editAccess(AclBearer &target, bool update, const AccessCredentials *cred);
116
117private:
118 static const CSSM_ACL_HANDLE ownerHandle = ACL::ownerHandle;
df0e469f 119 typedef map<CSSM_ACL_HANDLE, SecPointer<ACL> > Map;
29654253
A
120
121 Map mAcls; // set of ACL entries
122};
123
124
125} // end namespace KeychainCore
126} // end namespace Security
127
128#endif // !_SECURITY_ACCESS_H_