]> git.saurik.com Git - apple/security.git/blob - Keychain/ACL.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-176.tar.gz
[apple/security.git] / Keychain / ACL.h
1 /*
2 * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18 //
19 // ACL.h - ACL control wrappers
20 //
21 #ifndef _SECURITY_ACL_H_
22 #define _SECURITY_ACL_H_
23
24 #include <Security/SecRuntime.h>
25 #include <Security/SecACL.h>
26 #include <Security/cssmaclpod.h>
27 #include <Security/aclclient.h>
28 #include <Security/cssmdata.h>
29 #include <vector>
30
31 namespace Security {
32 namespace KeychainCore {
33
34 using CssmClient::AclBearer;
35
36 class Access;
37 class TrustedApplication;
38
39
40 //
41 // An ACL Entry for an Access object
42 //
43 class ACL : public SecCFObject {
44 NOCOPY(ACL)
45 public:
46 SECCFFUNCTIONS(ACL, SecACLRef, errSecInvalidItemRef)
47
48 // create from CSSM layer ACL entry
49 ACL(Access &acc, const AclEntryInfo &info,
50 CssmAllocator &alloc = CssmAllocator::standard());
51 // create from CSSM layer owner prototype
52 ACL(Access &acc, const AclOwnerPrototype &owner,
53 CssmAllocator &alloc = CssmAllocator::standard());
54 // create an "any" ACL
55 ACL(Access &acc, CssmAllocator &alloc = CssmAllocator::standard());
56 // create from "standard form" arguments (with empty application list)
57 ACL(Access &acc, string description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR &promptSelector,
58 CssmAllocator &alloc = CssmAllocator::standard());
59 virtual ~ACL() throw();
60
61 CssmAllocator &allocator;
62
63 enum State {
64 unchanged, // unchanged from source
65 inserted, // new
66 modified, // was changed (replace)
67 deleted // was deleted (now invalid)
68 };
69 State state() const { return mState; }
70
71 enum Form {
72 invalidForm, // invalid
73 customForm, // not a recognized format (but valid)
74 allowAllForm, // indiscriminate
75 appListForm // list of apps + prompt confirm
76 };
77 Form form() const { return mForm; }
78 void form(Form f) { mForm = f; }
79
80 Access &access; // we belong to this Access
81
82 public:
83 AclAuthorizationSet &authorizations() { return mAuthorizations; }
84 bool authorizes(AclAuthorization right) const;
85 void setAuthorization(CSSM_ACL_AUTHORIZATION_TAG auth)
86 { mAuthorizations.clear(); mAuthorizations.insert(auth); }
87
88 typedef vector< SecPointer<TrustedApplication> > ApplicationList;
89 ApplicationList &applications()
90 { assert(form() == appListForm); return mAppList; }
91 void addApplication(TrustedApplication *app);
92
93 CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR &promptSelector() { return mPromptSelector; }
94 string &promptDescription() { return mPromptDescription; }
95
96 CSSM_ACL_HANDLE entryHandle() const { return mCssmHandle; }
97
98 static const CSSM_ACL_HANDLE ownerHandle = 0xff0e2743; // pseudo-handle for owner ACL
99 bool isOwner() const { return mCssmHandle == ownerHandle; }
100 void makeOwner() { mCssmHandle = ownerHandle; }
101
102 void modify(); // mark modified (update on commit)
103 void remove(); // mark removed (delete on commit)
104
105 // produce chunk copies of CSSM forms; caller takes ownership
106 void copyAclEntry(AclEntryPrototype &proto, CssmAllocator &alloc = CssmAllocator::standard());
107 void copyAclOwner(AclOwnerPrototype &proto, CssmAllocator &alloc = CssmAllocator::standard());
108
109 public:
110 void setAccess(AclBearer &target, bool update = false,
111 const AccessCredentials *cred = NULL);
112
113 public:
114 struct ParseError { };
115
116 public:
117 static const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR defaultSelector;
118
119 private:
120 void parse(const TypedList &subject);
121 void parsePrompt(const TypedList &subject);
122 void makeSubject();
123 void clearSubjects(Form newForm);
124
125 private:
126 State mState; // change state
127 Form mForm; // format type
128
129 // AclEntryPrototype fields (minus subject, which is virtually constructed)
130 CSSM_ACL_HANDLE mCssmHandle; // CSSM entry handle (for updates)
131 string mEntryTag; // CSSM entry tag (64 bytes or so, they say)
132 bool mDelegate; // CSSM delegate flag
133 AclAuthorizationSet mAuthorizations; // rights for this ACL entry
134
135 // composite AclEntryPrototype (constructed when needed)
136 TypedList *mSubjectForm;
137
138 // following values valid only if form() == appListForm
139 ApplicationList mAppList; // list of trusted applications
140 CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR mPromptSelector; // selector field of PROMPT subject
141 string mPromptDescription; // description field of PROMPT subject
142 };
143
144
145 } // end namespace KeychainCore
146 } // end namespace Security
147
148 #endif // !_SECURITY_ACL_H_
mirror of Security