[apple/security.git] / OSX / libsecurity_cdsa_utilities / lib / cssmaclpod.cpp

/*
 * Copyright (c) 2000-2004,2006-2007,2011-2012 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */


//
// cssmaclpod - enhanced PodWrappers for ACL-related CSSM data structures
//
#include <security_cdsa_utilities/cssmaclpod.h>
#include <security_cdsa_utilities/cssmwalkers.h>
#include <cstdarg>


namespace Security {


//
// AclAuthorizationSets
//
AclAuthorizationSet::AclAuthorizationSet(AclAuthorization auth0, AclAuthorization auth, ...)
{
	insert(auth0);

	va_list args;
	va_start(args, auth);
	while (auth) {
		insert(auth);
		auth = va_arg(args, AclAuthorization);
	}
	va_end(args);
}


//
// AclAuthorizationGroups
//
AuthorizationGroup::AuthorizationGroup(const AclAuthorizationSet &auths, Allocator &alloc)
{
	NumberOfAuthTags = (uint32)auths.size();
	AuthTags = alloc.alloc<CSSM_ACL_AUTHORIZATION_TAG>(NumberOfAuthTags);
	copy(auths.begin(), auths.end(), AuthTags);	// happens to be sorted
}

AuthorizationGroup::AuthorizationGroup(CSSM_ACL_AUTHORIZATION_TAG tag, Allocator &alloc)
{
	AuthTags = alloc.alloc<CSSM_ACL_AUTHORIZATION_TAG>(1);
	AuthTags[0] = tag;
	NumberOfAuthTags = 1;
}

void AuthorizationGroup::destroy(Allocator &alloc)
{
	alloc.free(AuthTags);
}
	
bool AuthorizationGroup::contains(CSSM_ACL_AUTHORIZATION_TAG tag) const
{
	return find(AuthTags, &AuthTags[NumberOfAuthTags], tag) != &AuthTags[NumberOfAuthTags];
}

bool AuthorizationGroup::containsOnly(CSSM_ACL_AUTHORIZATION_TAG tag) const
{
	return count() == 1 && (*this)[0] == tag;
}


AuthorizationGroup::operator AclAuthorizationSet() const
{
	return AclAuthorizationSet(AuthTags, &AuthTags[NumberOfAuthTags]);
}

AclEntryPrototype::AclEntryPrototype(const AclOwnerPrototype &proto)
{
	memset(this, 0, sizeof(*this));
	TypedSubject = proto.subject(); Delegate = proto.delegate();
	//@@@ set authorization to "is owner" pseudo-auth? See cssmacl.h
}

void AclEntryPrototype::tag(const char *tagString)
{
	if (tagString == NULL)
		EntryTag[0] = '\0';
	else if (strlen(tagString) > CSSM_MODULE_STRING_SIZE)
		CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_ENTRY_TAG);
	else
		strcpy(EntryTag, tagString);
}

void AclEntryPrototype::tag(const string &tagString)
{
	if (tagString.length() > CSSM_MODULE_STRING_SIZE)
		CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_ENTRY_TAG);
	else
		memcpy(EntryTag, tagString.c_str(), tagString.length() + 1);
}


AclOwnerPrototype *AutoAclOwnerPrototype::make()
{
	if (!mAclOwnerPrototype) {
		mAclOwnerPrototype = (AclOwnerPrototype*) mAllocator->malloc(sizeof(AclOwnerPrototype));
        new (mAclOwnerPrototype) AclOwnerPrototype;
		mAclOwnerPrototype->clearPod();
	}
	return mAclOwnerPrototype;
}

AutoAclOwnerPrototype::~AutoAclOwnerPrototype()
{
	if (mAllocator)
		DataWalkers::chunkFree(mAclOwnerPrototype, *mAllocator);
}

void
AutoAclOwnerPrototype::allocator(Allocator &allocator)
{
	mAllocator = &allocator;
}


void AutoAclEntryInfoList::size(uint32 newSize)
{
	assert(mAllocator);
	mEntries = mAllocator->alloc<AclEntryInfo>(mEntries, newSize);
	for (uint32 n = mCount; n < newSize; n++)
		mEntries[n].clearPod();
	mCount = newSize;
}


AclEntryInfo &AutoAclEntryInfoList::at(uint32 ix)
{
	if (ix >= mCount)
		size(ix + 1);	// expand vector
	return mEntries[ix];
}


void AutoAclEntryInfoList::clear()
{
	if (mAllocator)
	{
		DataWalkers::ChunkFreeWalker w(*mAllocator);
		for (uint32 ix = 0; ix < mCount; ix++)
			walk(w, mEntries[ix]);
		mAllocator->free(mEntries);
		mEntries = NULL;
		mCount = 0;
	}
}

void AutoAclEntryInfoList::allocator(Allocator &allocator)
{
	mAllocator = &allocator;
}


void AutoAclEntryInfoList::add(const TypedList &subj, const AclAuthorizationSet &auths, const char *tag /* = NULL */)
{
	AclEntryInfo &info = at(size());
	info.proto() = AclEntryPrototype(subj);
	info.proto().authorization() = AuthorizationGroup(auths, allocator());
	info.proto().tag(tag);
	info.handle(size());
}

void AutoAclEntryInfoList::addPin(const TypedList &subj, uint32 slot)
{
	char tag[20];
	snprintf(tag, sizeof(tag), "PIN%d", slot);
	add(subj, CSSM_ACL_AUTHORIZATION_PREAUTH(slot), tag);
}

void AutoAclEntryInfoList::addPinState(uint32 slot, uint32 status)
{
	char tag[20];
	snprintf(tag, sizeof(tag), "PIN%d?", slot);
	TypedList subj(allocator(), CSSM_WORDID_PIN,
		new(allocator()) ListElement(slot),
		new(allocator()) ListElement(status));
	add(subj, CSSM_WORDID_PIN, tag);
}

void AutoAclEntryInfoList::addPinState(uint32 slot, uint32 status, uint32 count)
{
	char tag[20];
	snprintf(tag, sizeof(tag), "PIN%d?", slot);
	TypedList subj(allocator(), CSSM_WORDID_PIN,
		new(allocator()) ListElement(slot),
		new(allocator()) ListElement(status),
		new(allocator()) ListElement(count));
	add(subj, CSSM_WORDID_PIN, tag);
}

uint32 pinFromAclTag(const char *tag, const char *suffix /* = NULL */)
{
	if (tag) {
		char format[20];
		snprintf(format, sizeof(format), "PIN%%d%s%%n", suffix ? suffix : "");
		uint32 pin;
		unsigned consumed;
		sscanf(tag, format, &pin, &consumed);
		if (consumed == strlen(tag))	// complete and sufficient
			return pin;
	}
	return 0;
}

}	// namespace Security
Commit	Line	Data
b1ab9ed8	1	/*
d8f41ccd	2	* Copyright (c) 2000-2004,2006-2007,2011-2012 Apple Inc. All Rights Reserved.
b1ab9ed8 A	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24
	25	//
	26	// cssmaclpod - enhanced PodWrappers for ACL-related CSSM data structures
	27	//
	28	#include <security_cdsa_utilities/cssmaclpod.h>
	29	#include <security_cdsa_utilities/cssmwalkers.h>
	30	#include <cstdarg>
	31
	32
	33	namespace Security {
	34
	35
	36	//
	37	// AclAuthorizationSets
	38	//
	39	AclAuthorizationSet::AclAuthorizationSet(AclAuthorization auth0, AclAuthorization auth, ...)
	40	{
	41	insert(auth0);
	42
	43	va_list args;
	44	va_start(args, auth);
	45	while (auth) {
	46	insert(auth);
	47	auth = va_arg(args, AclAuthorization);
	48	}
	49	va_end(args);
	50	}
	51
	52
	53	//
	54	// AclAuthorizationGroups
	55	//
	56	AuthorizationGroup::AuthorizationGroup(const AclAuthorizationSet &auths, Allocator &alloc)
	57	{
427c49bc	58	NumberOfAuthTags = (uint32)auths.size();
b1ab9ed8 A	59	AuthTags = alloc.alloc<CSSM_ACL_AUTHORIZATION_TAG>(NumberOfAuthTags);
	60	copy(auths.begin(), auths.end(), AuthTags); // happens to be sorted
	61	}
	62
	63	AuthorizationGroup::AuthorizationGroup(CSSM_ACL_AUTHORIZATION_TAG tag, Allocator &alloc)
	64	{
	65	AuthTags = alloc.alloc<CSSM_ACL_AUTHORIZATION_TAG>(1);
	66	AuthTags[0] = tag;
	67	NumberOfAuthTags = 1;
	68	}
	69
	70	void AuthorizationGroup::destroy(Allocator &alloc)
	71	{
	72	alloc.free(AuthTags);
	73	}
e3d460c9	74
b1ab9ed8 A	75	bool AuthorizationGroup::contains(CSSM_ACL_AUTHORIZATION_TAG tag) const
	76	{
	77	return find(AuthTags, &AuthTags[NumberOfAuthTags], tag) != &AuthTags[NumberOfAuthTags];
	78	}
	79
e3d460c9 A	80	bool AuthorizationGroup::containsOnly(CSSM_ACL_AUTHORIZATION_TAG tag) const
	81	{
	82	return count() == 1 && (*this)[0] == tag;
	83	}
	84
b1ab9ed8 A	85
	86	AuthorizationGroup::operator AclAuthorizationSet() const
	87	{
	88	return AclAuthorizationSet(AuthTags, &AuthTags[NumberOfAuthTags]);
	89	}
	90
	91	AclEntryPrototype::AclEntryPrototype(const AclOwnerPrototype &proto)
	92	{
	93	memset(this, 0, sizeof(*this));
	94	TypedSubject = proto.subject(); Delegate = proto.delegate();
	95	//@@@ set authorization to "is owner" pseudo-auth? See cssmacl.h
	96	}
	97
	98	void AclEntryPrototype::tag(const char *tagString)
	99	{
	100	if (tagString == NULL)
	101	EntryTag[0] = '\0';
	102	else if (strlen(tagString) > CSSM_MODULE_STRING_SIZE)
	103	CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_ENTRY_TAG);
	104	else
	105	strcpy(EntryTag, tagString);
	106	}
	107
	108	void AclEntryPrototype::tag(const string &tagString)
	109	{
	110	if (tagString.length() > CSSM_MODULE_STRING_SIZE)
	111	CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_ENTRY_TAG);
	112	else
	113	memcpy(EntryTag, tagString.c_str(), tagString.length() + 1);
	114	}
	115
	116
	117	AclOwnerPrototype *AutoAclOwnerPrototype::make()
	118	{
	119	if (!mAclOwnerPrototype) {
427c49bc A	120	mAclOwnerPrototype = (AclOwnerPrototype*) mAllocator->malloc(sizeof(AclOwnerPrototype));
427c49bc A	121	new (mAclOwnerPrototype) AclOwnerPrototype;
b1ab9ed8 A	122	mAclOwnerPrototype->clearPod();
	123	}
	124	return mAclOwnerPrototype;
	125	}
	126
	127	AutoAclOwnerPrototype::~AutoAclOwnerPrototype()
	128	{
	129	if (mAllocator)
	130	DataWalkers::chunkFree(mAclOwnerPrototype, *mAllocator);
	131	}
	132
	133	void
	134	AutoAclOwnerPrototype::allocator(Allocator &allocator)
	135	{
	136	mAllocator = &allocator;
	137	}
	138
	139
	140	void AutoAclEntryInfoList::size(uint32 newSize)
	141	{
	142	assert(mAllocator);
	143	mEntries = mAllocator->alloc<AclEntryInfo>(mEntries, newSize);
	144	for (uint32 n = mCount; n < newSize; n++)
	145	mEntries[n].clearPod();
	146	mCount = newSize;
	147	}
	148
	149
	150	AclEntryInfo &AutoAclEntryInfoList::at(uint32 ix)
	151	{
	152	if (ix >= mCount)
	153	size(ix + 1); // expand vector
	154	return mEntries[ix];
	155	}
	156
	157
	158	void AutoAclEntryInfoList::clear()
	159	{
	160	if (mAllocator)
	161	{
	162	DataWalkers::ChunkFreeWalker w(*mAllocator);
	163	for (uint32 ix = 0; ix < mCount; ix++)
	164	walk(w, mEntries[ix]);
	165	mAllocator->free(mEntries);
	166	mEntries = NULL;
	167	mCount = 0;
	168	}
	169	}
	170
	171	void AutoAclEntryInfoList::allocator(Allocator &allocator)
	172	{
	173	mAllocator = &allocator;
	174	}
	175
	176
	177	void AutoAclEntryInfoList::add(const TypedList &subj, const AclAuthorizationSet &auths, const char tag / = NULL */)
	178	{
	179	AclEntryInfo &info = at(size());
	180	info.proto() = AclEntryPrototype(subj);
	181	info.proto().authorization() = AuthorizationGroup(auths, allocator());
	182	info.proto().tag(tag);
	183	info.handle(size());
	184	}
	185
186	void AutoAclEntryInfoList::addPin(const TypedList &subj, uint32 slot)
187	{
188	char tag[20];
189	snprintf(tag, sizeof(tag), "PIN%d", slot);
190	add(subj, CSSM_ACL_AUTHORIZATION_PREAUTH(slot), tag);
191	}
192
193	void AutoAclEntryInfoList::addPinState(uint32 slot, uint32 status)
194	{
195	char tag[20];
196	snprintf(tag, sizeof(tag), "PIN%d?", slot);
197	TypedList subj(allocator(), CSSM_WORDID_PIN,
198	new(allocator()) ListElement(slot),
199	new(allocator()) ListElement(status));
200	add(subj, CSSM_WORDID_PIN, tag);
201	}
202
203	void AutoAclEntryInfoList::addPinState(uint32 slot, uint32 status, uint32 count)
204	{
205	char tag[20];
206	snprintf(tag, sizeof(tag), "PIN%d?", slot);
207	TypedList subj(allocator(), CSSM_WORDID_PIN,
208	new(allocator()) ListElement(slot),
209	new(allocator()) ListElement(status),
210	new(allocator()) ListElement(count));
211	add(subj, CSSM_WORDID_PIN, tag);
212	}
213
214	uint32 pinFromAclTag(const char tag, const char suffix /* = NULL */)
215	{
216	if (tag) {
217	char format[20];
218	snprintf(format, sizeof(format), "PIN%%d%s%%n", suffix ? suffix : "");
219	uint32 pin;
220	unsigned consumed;
221	sscanf(tag, format, &pin, &consumed);
222	if (consumed == strlen(tag)) // complete and sufficient
223	return pin;
224	}
225	return 0;
226	}
227
228	} // namespace Security