Security-59754.80.3.tar.gz

[apple/security.git] / OSX / libsecurity_keychain / lib / Access.cpp

/*
 * Copyright (c) 2002-2004,2011-2014 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

//
// Access.cpp
//
#include <security_keychain/Access.h>
#include <Security/SecBase.h>
#include "SecBridge.h"
#include <Security/SecRandom.h>
#include <security_cdsa_client/aclclient.h>
#include <vector>
#include <Security/SecBase.h>
using namespace KeychainCore;
using namespace CssmClient;


//
// Access static constants
//
const CSSM_ACL_HANDLE Access::ownerHandle;


//
// Create a completely open Access (anyone can do anything)
// Note that this means anyone can *change* the ACL at will, too.
// These ACL entries contain no descriptor names.
//
Access::Access() : mMutex(Mutex::recursive)
{
	SecPointer<ACL> owner = new ACL();
	owner->setAuthorization(CSSM_ACL_AUTHORIZATION_CHANGE_ACL);
	addOwner(owner);
	
	SecPointer<ACL> any = new ACL();
	add(any);
}


//
// Create a default Access object.
// This construct an Access with "default form", whatever that happens to be
// in this release.
//
Access::Access(const string &descriptor, const ACL::ApplicationList &trusted) : mMutex(Mutex::recursive)
{
	makeStandard(descriptor, trusted);
}

Access::Access(const string &descriptor) : mMutex(Mutex::recursive)
{
	ACL::ApplicationList trusted;
	trusted.push_back(new TrustedApplication);
	makeStandard(descriptor, trusted);
}

Access::Access(const string &descriptor, const ACL::ApplicationList &trusted,
	const AclAuthorizationSet &limitedRights, const AclAuthorizationSet &freeRights) : mMutex(Mutex::recursive)
{
	makeStandard(descriptor, trusted, limitedRights, freeRights);
}

void Access::makeStandard(const string &descriptor, const ACL::ApplicationList &trusted,
	const AclAuthorizationSet &limitedRights, const AclAuthorizationSet &freeRights)
{
	StLock<Mutex>_(mMutex);

	// owner "entry"
	SecPointer<ACL> owner = new ACL(descriptor, ACL::defaultSelector);
	owner->setAuthorization(CSSM_ACL_AUTHORIZATION_CHANGE_ACL);
	addOwner(owner);

	// unlimited entry
	SecPointer<ACL> unlimited = new ACL(descriptor, ACL::defaultSelector);
	if (freeRights.empty()) {
		unlimited->authorizations().clear();
		unlimited->authorizations().insert(CSSM_ACL_AUTHORIZATION_ENCRYPT);
	} else
		unlimited->authorizations() = freeRights;
	unlimited->form(ACL::allowAllForm);
	add(unlimited);

	// limited entry
	SecPointer<ACL> limited = new ACL(descriptor, ACL::defaultSelector);
	if (limitedRights.empty()) {
		limited->authorizations().clear();
		limited->authorizations().insert(CSSM_ACL_AUTHORIZATION_DECRYPT);
		limited->authorizations().insert(CSSM_ACL_AUTHORIZATION_SIGN);
		limited->authorizations().insert(CSSM_ACL_AUTHORIZATION_MAC);
		limited->authorizations().insert(CSSM_ACL_AUTHORIZATION_DERIVE);
		limited->authorizations().insert(CSSM_ACL_AUTHORIZATION_EXPORT_CLEAR);
		limited->authorizations().insert(CSSM_ACL_AUTHORIZATION_EXPORT_WRAPPED);
	} else
		limited->authorizations() = limitedRights;
	limited->applications() = trusted;
	add(limited);
}


//
// Create an Access object whose initial value is taken
// from a CSSM ACL bearing object.
//
Access::Access(AclBearer &source) : mMutex(Mutex::recursive)
{
	// retrieve and set
	AutoAclOwnerPrototype owner;
	source.getOwner(owner);
	AutoAclEntryInfoList acls;
	source.getAcl(acls);
	compile(*owner, acls.count(), acls.entries());
}


//
// Create an Access object from CSSM-layer access controls
//
Access::Access(const CSSM_ACL_OWNER_PROTOTYPE &owner,
	uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls) : mMutex(Mutex::recursive)
{
	compile(owner, aclCount, acls);
}


Access::~Access() 
{
}


// Convert a SecPointer to a SecACLRef.
static SecACLRef
convert(const SecPointer<ACL> &acl)
{
	return *acl;
}

//
// Return all ACL components in a newly-made CFArray.
//
CFArrayRef Access::copySecACLs() const
{
	return makeCFArrayFrom(convert, mAcls);
}

CFArrayRef Access::copySecACLs(CSSM_ACL_AUTHORIZATION_TAG action) const
{
	list<ACL *> choices;
	for (Map::const_iterator it = mAcls.begin(); it != mAcls.end(); it++)
		if (it->second->authorizes(action))
			choices.push_back(it->second);
	return choices.empty() ? NULL : makeCFArrayFrom(convert, choices);
}


//
// Enter the complete access configuration into a AclBearer.
// If update, skip any part marked unchanged. (If not update, skip
// any part marked deleted.)
//
void Access::setAccess(AclBearer &target, bool update /* = false */)
{
	StLock<Mutex>_(mMutex);
	AclFactory factory;
	editAccess(target, update, factory.promptCred());
}

void Access::setAccess(AclBearer &target, Maker &maker)
{
	StLock<Mutex>_(mMutex);
	if (maker.makerType() == Maker::kStandardMakerType)
	{
		// remove initial-setup ACL
		target.deleteAcl(Maker::creationEntryTag, maker.cred());
		
		// insert our own ACL entries
		editAccess(target, false, maker.cred());
	}
}

void Access::editAccess(AclBearer &target, bool update, const AccessCredentials *cred)
{
	StLock<Mutex>_(mMutex);
	assert(mAcls[ownerHandle]);	// have owner
	
	// apply all non-owner ACLs first
	for (Map::iterator it = mAcls.begin(); it != mAcls.end(); it++)
		if (!it->second->isOwner())
			it->second->setAccess(target, update, cred);
	
	// finally, apply owner
	mAcls[ownerHandle]->setAccess(target, update, cred);
}


//
// A convenience function to add one application to a standard ("simple") form
// ACL entry. This will only work if
//  -- there is exactly one ACL entry authorizing the right
//  -- that entry is in simple form
//
void Access::addApplicationToRight(AclAuthorization right, TrustedApplication *app)
{
	StLock<Mutex>_(mMutex);
	vector<ACL *> acls;
	findAclsForRight(right, acls);
	if (acls.size() != 1)
		MacOSError::throwMe(errSecACLNotSimple);	// let's not guess here...
	(*acls.begin())->addApplication(app);
}


//
// Yield new (copied) CSSM level owner and acls values, presumably
// for use at CSSM layer operations.
// Caller is responsible for releasing the beasties when done.
//
void Access::copyOwnerAndAcl(CSSM_ACL_OWNER_PROTOTYPE * &ownerResult,
	uint32 &aclCount, CSSM_ACL_ENTRY_INFO * &aclsResult)
{
	StLock<Mutex>_(mMutex);
	Allocator& alloc = Allocator::standard();
	unsigned long count = mAcls.size() - 1;	// one will be owner, others are acls
	AclOwnerPrototype owner;
	CssmAutoPtr<AclEntryInfo> acls = new(alloc) AclEntryInfo[count];
	AclEntryInfo *aclp = acls;	// -> next unfilled acl element
	for (Map::const_iterator it = mAcls.begin(); it != mAcls.end(); it++) {
		SecPointer<ACL> acl = it->second;
		if (acl->isOwner()) {
			acl->copyAclOwner(owner, alloc);
		} else {
			aclp->handle() = acl->entryHandle();
			acl->copyAclEntry(*aclp, alloc);
			++aclp;
		}
	}
	assert((aclp - acls) == count);	// all ACL elements filled

	// commit output
	ownerResult = new(alloc) AclOwnerPrototype(owner);
	aclCount = (uint32)count;
	aclsResult = acls.release();
}


//
// Remove all ACLs that confer this right.
//
void Access::removeAclsForRight(AclAuthorization right) {
    for (Map::const_iterator it = mAcls.begin(); it != mAcls.end(); ) {
        if (it->second->authorizesSpecifically(right)) {
            it = mAcls.erase(it);
            secinfo("SecAccess", "%p removed an acl, %lu left", this, mAcls.size());
        } else {
            it++;
        }
    }
}

//
// Retrieve the description from a randomly chosen ACL within this Access.
// In the conventional case where all ACLs have the same descriptor, this
// is deterministic. But you have been warned.
//
string Access::promptDescription() const
{
	for (Map::const_iterator it = mAcls.begin(); it != mAcls.end(); it++) {
		ACL *acl = it->second;
		switch (acl->form()) {
		case ACL::allowAllForm:
		case ACL::appListForm:
			{
				string descr = acl->promptDescription();
				if (!descr.empty())
					return descr;
			}
		default:
			break;
		}
	}
	// couldn't find suitable ACL (no description anywhere)
	CssmError::throwMe(errSecACLNotSimple);
}


//
// Add a new ACL to the resident set. The ACL must have been
// newly made for this Access.
//
void Access::add(ACL *newAcl)
{
	StLock<Mutex>_(mMutex);
	assert(!mAcls[newAcl->entryHandle()]);
	mAcls[newAcl->entryHandle()] = newAcl;
}


//
// Add the owner ACL to the resident set. The ACL must have been
// newly made for this Access.
// Since an Access must have exactly one owner ACL, this call
// should only be made (exactly once) for a newly created Access.
//
void Access::addOwner(ACL *newAcl)
{
	StLock<Mutex>_(mMutex);
	newAcl->makeOwner();
	assert(mAcls.find(ownerHandle) == mAcls.end());	// no owner yet
	add(newAcl);
}


//
// Compile a set of ACL entries and owner into internal form.
//
void Access::compile(const CSSM_ACL_OWNER_PROTOTYPE &owner,
	uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls)
{
	StLock<Mutex>_(mMutex);
	// add owner acl
	mAcls[ownerHandle] = new ACL(AclOwnerPrototype::overlay(owner));
    secinfo("SecAccess", "form of owner is: %d", mAcls[ownerHandle]->form());
	
	// add acl entries
	const AclEntryInfo *acl = AclEntryInfo::overlay(acls);
	for (uint32 n = 0; n < aclCount; n++) {
		secinfo("SecAccess", "%p compiling entry %ld", this, acl[n].handle());
		mAcls[acl[n].handle()] = new ACL(acl[n]);
        secinfo("SecAccess", "form is: %d", mAcls[acl[n].handle()]->form());
	}
	secinfo("SecAccess", "%p %ld entries compiled", this, mAcls.size());
}


//
// Creation helper objects
//
const char Access::Maker::creationEntryTag[] = "___setup___";

Access::Maker::Maker(Allocator &alloc, MakerType makerType)
	: allocator(alloc), mKey(alloc), mCreds(allocator), mMakerType(makerType)
{
	if (makerType == kStandardMakerType)
	{
		// generate random key
		mKey.malloc(keySize);
        CssmData data = mKey.get();
        MacOSError::check(SecRandomCopyBytes(kSecRandomDefault, data.length(), data.data()));
        
		// create entry info for resource creation
		mInput = AclEntryPrototype(TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_PASSWORD,
			new(allocator) ListElement(mKey.get())));
		mInput.proto().tag(creationEntryTag);
        secinfo("SecAccess", "made a CSSM_ACL_SUBJECT_TYPE_PASSWORD ACL entry for %p", this);
        secinfo("SecAccess", "mInput: %p, typedList %p", &mInput, &(mInput.Prototype.TypedSubject));

		// create credential sample for access
		mCreds += TypedList(allocator, CSSM_SAMPLE_TYPE_PASSWORD, new(allocator) ListElement(mKey.get()));
	}
	else
	{
		// just make it an CSSM_ACL_SUBJECT_TYPE_ANY list
		mInput = AclEntryPrototype(TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_ANY));
        secinfo("SecAccess", "made a CSSM_ACL_SUBJECT_TYPE_ANY ACL entry for %p", this);
	}
}

void Access::Maker::initialOwner(ResourceControlContext &ctx, const AccessCredentials *creds)
{
	//@@@ make up ctx.entry-info
	ctx.input() = mInput;
	ctx.credentials(creds);
}

const AccessCredentials *Access::Maker::cred()
{
	return &mCreds;
}