[apple/security.git] / OSX / libsecurity_cdsa_utilities / lib / aclsubject.cpp

/*
 * Copyright (c) 2000-2004,2006,2011,2014 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */


//
// aclsubject - abstract ACL subject implementation
//
#include <security_cdsa_utilities/cssmacl.h>
#include <security_cdsa_utilities/cssmbridge.h>
#include <security_utilities/endian.h>
#include <security_utilities/debugging.h>
#include <algorithm>
#include <cstdarg>


//
// Validation contexts
//
AclValidationContext::~AclValidationContext()
{ /* virtual */ }


void AclValidationContext::init(ObjectAcl *acl, AclSubject *subject)
{
	mAcl = acl;
	mSubject = subject;
}


const char *AclValidationContext::credTag() const
{
	return mCred ? mCred->tag() : NULL;
}

std::string AclValidationContext::s_credTag() const
{
	const char *s = this->credTag();
	return s ? s : "";
}

const char *AclValidationContext::entryTag() const
{
	return mEntryTag;
}

void AclValidationContext::entryTag(const char *tag)
{
	mEntryTag = (tag && tag[0]) ? tag : NULL;
}

void AclValidationContext::entryTag(const std::string &tag)
{
	mEntryTag = tag.empty() ? NULL : tag.c_str();
}


//
// Common (basic) features of AclSubjects
//
AclSubject::AclSubject(uint32 type, Version v /* = 0 */)
	: mType(type), mVersion(v)
{
	assert(!(type & versionMask));
}

AclSubject::~AclSubject()
{ }

AclValidationEnvironment::~AclValidationEnvironment()
{ }

Adornable &AclValidationEnvironment::store(const AclSubject *subject)
{
	CssmError::throwMe(CSSM_ERRCODE_ACL_SUBJECT_TYPE_NOT_SUPPORTED);
}

void AclSubject::exportBlob(Writer::Counter &, Writer::Counter &)
{ }

void AclSubject::exportBlob(Writer &, Writer &)
{ }

void AclSubject::importBlob(Reader &, Reader &)
{ }

void AclSubject::reset()
{ }

AclSubject::Maker::~Maker()
{
}


//
// A SimpleAclSubject accepts only a single type of sample, validates
// samples independently, and makes no use of certificates.
//
bool SimpleAclSubject::validates(const AclValidationContext &ctx) const
{
    for (uint32 n = 0; n < ctx.count(); n++) {
        const TypedList &sample = ctx[n];
        if (!sample.isProper())
            CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE);
        if (sample.type() == type() && validates(ctx, sample)) {
			ctx.matched(ctx[n]);
            return true;	// matched this sample; validation successful
		}
    }
    return false;
}


//
// AclSubjects always have a (virtual) dump method.
// It's empty unless DEBUGDUMP is enabled.
//
void AclSubject::debugDump() const
{
#if defined(DEBUGDUMP)
	switch (type()) {
	case CSSM_ACL_SUBJECT_TYPE_ANY:
		Debug::dump("ANY");
		break;
	default:
		Debug::dump("subject type=%d", type());
		break;
	}
#endif //DEBUGDUMP
}

#if defined(DEBUGDUMP)

void AclSubject::dump(const char *title) const
{
	Debug::dump(" ** %s ", title);
	this->debugDump();
	Debug::dump("\n");
}

#endif //DEBUGDUMP
Commit	Line	Data
b1ab9ed8	1	/*
d8f41ccd	2	* Copyright (c) 2000-2004,2006,2011,2014 Apple Inc. All Rights Reserved.
b1ab9ed8 A	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24
	25	//
	26	// aclsubject - abstract ACL subject implementation
	27	//
	28	#include <security_cdsa_utilities/cssmacl.h>
	29	#include <security_cdsa_utilities/cssmbridge.h>
	30	#include <security_utilities/endian.h>
	31	#include <security_utilities/debugging.h>
	32	#include <algorithm>
	33	#include <cstdarg>
	34
	35
	36	//
	37	// Validation contexts
	38	//
	39	AclValidationContext::~AclValidationContext()
	40	{ /* virtual */ }
	41
	42
	43	void AclValidationContext::init(ObjectAcl acl, AclSubject subject)
	44	{
	45	mAcl = acl;
	46	mSubject = subject;
	47	}
	48
	49
	50	const char *AclValidationContext::credTag() const
	51	{
	52	return mCred ? mCred->tag() : NULL;
	53	}
	54
	55	std::string AclValidationContext::s_credTag() const
	56	{
	57	const char *s = this->credTag();
	58	return s ? s : "";
	59	}
	60
	61	const char *AclValidationContext::entryTag() const
	62	{
	63	return mEntryTag;
	64	}
	65
	66	void AclValidationContext::entryTag(const char *tag)
67	{
68	mEntryTag = (tag && tag[0]) ? tag : NULL;
69	}
70
71	void AclValidationContext::entryTag(const std::string &tag)
72	{
73	mEntryTag = tag.empty() ? NULL : tag.c_str();
74	}
75
76
77	//
78	// Common (basic) features of AclSubjects
79	//
80	AclSubject::AclSubject(uint32 type, Version v /* = 0 */)
81	: mType(type), mVersion(v)
82	{
83	assert(!(type & versionMask));
84	}
85
86	AclSubject::~AclSubject()
87	{ }
88
89	AclValidationEnvironment::~AclValidationEnvironment()
90	{ }
91
92	Adornable &AclValidationEnvironment::store(const AclSubject *subject)
93	{
94	CssmError::throwMe(CSSM_ERRCODE_ACL_SUBJECT_TYPE_NOT_SUPPORTED);
95	}
96
97	void AclSubject::exportBlob(Writer::Counter &, Writer::Counter &)
98	{ }
99
100	void AclSubject::exportBlob(Writer &, Writer &)
101	{ }
102
103	void AclSubject::importBlob(Reader &, Reader &)
104	{ }
105
106	void AclSubject::reset()
107	{ }
108
109	AclSubject::Maker::~Maker()
110	{
111	}
112
113
114	//
115	// A SimpleAclSubject accepts only a single type of sample, validates
116	// samples independently, and makes no use of certificates.
117	//
e3d460c9	118	bool SimpleAclSubject::validates(const AclValidationContext &ctx) const
b1ab9ed8 A	119	{
	120	for (uint32 n = 0; n < ctx.count(); n++) {
	121	const TypedList &sample = ctx[n];
	122	if (!sample.isProper())
	123	CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE);
e3d460c9	124	if (sample.type() == type() && validates(ctx, sample)) {
b1ab9ed8 A	125	ctx.matched(ctx[n]);
	126	return true; // matched this sample; validation successful
	127	}
	128	}
	129	return false;
	130	}
	131
	132
	133	//
	134	// AclSubjects always have a (virtual) dump method.
	135	// It's empty unless DEBUGDUMP is enabled.
	136	//
	137	void AclSubject::debugDump() const
	138	{
	139	#if defined(DEBUGDUMP)
	140	switch (type()) {
	141	case CSSM_ACL_SUBJECT_TYPE_ANY:
	142	Debug::dump("ANY");
	143	break;
	144	default:
	145	Debug::dump("subject type=%d", type());
	146	break;
	147	}
	148	#endif //DEBUGDUMP
	149	}
	150
	151	#if defined(DEBUGDUMP)
	152
	153	void AclSubject::dump(const char *title) const
	154	{
	155	Debug::dump(" ** %s ", title);
	156	this->debugDump();
	157	Debug::dump("\n");
	158	}
	159
	160	#endif //DEBUGDUMP