]> git.saurik.com Git - apple/security.git/blob - SecurityServer/Authorization/Authorization.cpp
Security-54.1.tar.gz
[apple/security.git] / SecurityServer / Authorization / Authorization.cpp
1 /*
2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 //
20 // Authorization.cpp
21 //
22 // This file is the unified implementation of the Authorization and AuthSession APIs.
23 //
24 #include <Security/Authorization.h>
25 #include <Security/AuthSession.h>
26 #include "AuthorizationWalkers.h"
27 #include <Security/mach++.h>
28 #include <Security/globalizer.h>
29 #include <Security/cssmalloc.h>
30 #include <Security/ssclient.h>
31
32 using namespace SecurityServer;
33 using namespace MachPlusPlus;
34
35
36 //
37 // Shared cached client object
38 //
39 class AuthClient : public SecurityServer::ClientSession {
40 public:
41 AuthClient()
42 : SecurityServer::ClientSession(CssmAllocator::standard(), CssmAllocator::standard())
43 { }
44 };
45
46 static ModuleNexus<AuthClient> server;
47
48
49 //
50 // Create an Authorization
51 //
52 OSStatus AuthorizationCreate(const AuthorizationRights *rights,
53 const AuthorizationEnvironment *environment,
54 AuthorizationFlags flags,
55 AuthorizationRef *authorization)
56 {
57 BEGIN_API
58 AuthorizationBlob result;
59 server().authCreate(rights, environment, flags, result);
60 if (authorization)
61 {
62 *authorization =
63 (AuthorizationRef) new(server().returnAllocator) AuthorizationBlob(result);
64 }
65 else
66 {
67 // If no authorizationRef is desired free the one we just created.
68 server().authRelease(result, flags);
69 }
70 END_API(CSSM)
71 }
72
73
74 //
75 // Free an authorization reference
76 //
77 OSStatus AuthorizationFree(AuthorizationRef authorization, AuthorizationFlags flags)
78 {
79 BEGIN_API
80 AuthorizationBlob *auth = (AuthorizationBlob *)authorization;
81 server().authRelease(Required(auth), flags);
82 server().returnAllocator.free(auth);
83 END_API(CSSM)
84 }
85
86
87 //
88 // Augment and/or interrogate an authorization
89 //
90 OSStatus AuthorizationCopyRights(AuthorizationRef authorization,
91 const AuthorizationRights *rights,
92 const AuthorizationEnvironment *environment,
93 AuthorizationFlags flags,
94 AuthorizationRights **authorizedRights)
95 {
96 BEGIN_API
97 AuthorizationBlob *auth = (AuthorizationBlob *)authorization;
98 server().authCopyRights(Required(auth), rights, environment, flags, authorizedRights);
99 END_API(CSSM)
100 }
101
102
103 //
104 // Retrieve side-band information from an authorization
105 //
106 OSStatus AuthorizationCopyInfo(AuthorizationRef authorization,
107 AuthorizationString tag,
108 AuthorizationItemSet **info)
109 {
110 BEGIN_API
111 AuthorizationBlob *auth = (AuthorizationBlob *)authorization;
112 server().authCopyInfo(Required(auth), tag, Required(info));
113 END_API(CSSM)
114 }
115
116
117 //
118 // Externalize and internalize authorizations
119 //
120 OSStatus AuthorizationMakeExternalForm(AuthorizationRef authorization,
121 AuthorizationExternalForm *extForm)
122 {
123 BEGIN_API
124 AuthorizationBlob *auth = (AuthorizationBlob *)authorization;
125 server().authExternalize(Required(auth), *extForm);
126 END_API(CSSM)
127 }
128
129 OSStatus AuthorizationCreateFromExternalForm(const AuthorizationExternalForm *extForm,
130 AuthorizationRef *authorization)
131 {
132 BEGIN_API
133 AuthorizationBlob result;
134 server().authInternalize(*extForm, result);
135 Required(authorization) =
136 (AuthorizationRef) new(server().returnAllocator) AuthorizationBlob(result);
137 END_API(CSSM)
138 }
139
140
141 //
142 // Free an ItemSet structure returned from an API call. This is a local operation.
143 // Since we allocate returned ItemSets as compact blobs, this is just a simple
144 // free() call.
145 //
146 OSStatus AuthorizationFreeItemSet(AuthorizationItemSet *set)
147 {
148 BEGIN_API
149 server().returnAllocator.free(set);
150 return errAuthorizationSuccess;
151 END_API(CSSM)
152 }
153
154
155 //
156 // Get session information
157 //
158 OSStatus SessionGetInfo(SecuritySessionId session,
159 SecuritySessionId *sessionId,
160 SessionAttributeBits *attributes)
161 {
162 BEGIN_API
163 SecuritySessionId sid = session;
164 server().getSessionInfo(sid, *attributes);
165 if (sessionId)
166 *sessionId = sid;
167 END_API(CSSM)
168 }
169
170
171 //
172 // Create a new session
173 //
174 OSStatus SessionCreate(SessionCreationFlags flags,
175 SessionAttributeBits attributes)
176 {
177 BEGIN_API
178
179 // unless the (expert) caller has already done so, create a sub-bootstrap and set it
180 // note that this is inherently thread-unfriendly; we can't do anything about that
181 // (caller's responsibility)
182 Bootstrap bootstrap;
183 if (!(flags & sessionKeepCurrentBootstrap)) {
184 TaskPort self;
185 bootstrap = bootstrap.subset(TaskPort());
186 self.bootstrap(bootstrap);
187 }
188
189 // now call the SecurityServer and tell it to initialize the (new) session
190 server().setupSession(flags, attributes);
191
192 END_API(CSSM)
193 }