]> git.saurik.com Git - apple/security.git/blob - SecurityServer/acls.cpp
Security-176.tar.gz
[apple/security.git] / SecurityServer / acls.cpp
1 /*
2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 //
20 // acls - SecurityServer ACL implementation
21 //
22 #include "acls.h"
23 #include "connection.h"
24 #include "server.h"
25 #include "SecurityAgentClient.h"
26 #include <Security/acl_any.h>
27 #include <Security/acl_password.h>
28 #include <Security/acl_threshold.h>
29
30
31 //
32 // SecurityServerAcl is virtual
33 //
34 SecurityServerAcl::~SecurityServerAcl()
35 { }
36
37
38 //
39 // Each SecurityServerAcl type must provide some indication of a database
40 // it is associated with. The default, naturally, is "none".
41 //
42 const Database *SecurityServerAcl::relatedDatabase() const
43 { return NULL; }
44
45
46 //
47 // Provide environmental information to get/change-ACL calls.
48 // Also make them virtual so our children can override them.
49 //
50 void SecurityServerAcl::cssmChangeAcl(const AclEdit &edit, const AccessCredentials *cred)
51 {
52 SecurityServerEnvironment env(*this);
53 ObjectAcl::cssmChangeAcl(edit, cred, &env);
54 }
55
56 void SecurityServerAcl::cssmChangeOwner(const AclOwnerPrototype &newOwner,
57 const AccessCredentials *cred)
58 {
59 SecurityServerEnvironment env(*this);
60 ObjectAcl::cssmChangeOwner(newOwner, cred, &env);
61 }
62
63
64 //
65 // Modified validate() methods to connect all the conduits...
66 //
67 void SecurityServerAcl::validate(AclAuthorization auth, const AccessCredentials *cred)
68 {
69 SecurityServerEnvironment env(*this);
70 StLock<Mutex> objectSequence(aclSequence);
71 StLock<Mutex> processSequence(Server::connection().process.aclSequence);
72 ObjectAcl::validate(auth, cred, &env);
73 }
74
75 void SecurityServerAcl::validate(AclAuthorization auth, const Context &context)
76 {
77 validate(auth,
78 context.get<AccessCredentials>(CSSM_ATTRIBUTE_ACCESS_CREDENTIALS));
79 }
80
81
82 //
83 // Implement our environment object
84 //
85 uid_t SecurityServerEnvironment::getuid() const
86 {
87 return Server::connection().process.uid();
88 }
89
90 gid_t SecurityServerEnvironment::getgid() const
91 {
92 return Server::connection().process.gid();
93 }
94
95 pid_t SecurityServerEnvironment::getpid() const
96 {
97 return Server::connection().process.pid();
98 }
99
100 bool SecurityServerEnvironment::verifyCodeSignature(const CodeSigning::Signature *signature,
101 const CssmData *comment)
102 {
103 return Server::codeSignatures().verify(Server::connection().process, signature, comment);
104 }