SecurityServer/acls.h

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 //
  20 // acls - SecurityServer ACL implementation
  21 //
  22 #ifndef _H_ACLS
  23 #define _H_ACLS
  24
  25 #include "securityserver.h"
  26 #include <Security/cssmacl.h>
  27 #include <Security/acl_process.h>
  28 #include <Security/acl_codesigning.h>
  29
  30
  31 class Connection;
  32 class Database;
  33
  34
  35 //
  36 // ACL implementation as used by the SecurityServer
  37 //
  38 class SecurityServerAcl : public ObjectAcl {
  39 public:
  40         SecurityServerAcl(AclKind k, CssmAllocator &alloc) :ObjectAcl(alloc), mKind(k) { }
  41         virtual ~SecurityServerAcl();
  42
  43         AclKind kind() const { return mKind; }
  44
  45     // validation calls restated
  46         void validate(AclAuthorization auth, const AccessCredentials *cred) const;
  47         void validate(AclAuthorization auth, const Context &context) const;
  48
  49         void cssmGetAcl(const char *tag, uint32 &count, AclEntryInfo * &acls);
  50     void cssmGetOwner(AclOwnerPrototype &owner);
  51     void cssmChangeAcl(const AclEdit &edit, const AccessCredentials *cred);
  52     void cssmChangeOwner(const AclOwnerPrototype &newOwner, const AccessCredentials *cred);
  53
  54         virtual void instantiateAcl() = 0;
  55         virtual void noticeAclChange() = 0;
  56         virtual const Database *relatedDatabase() const;
  57
  58 public:
  59         static bool getBatchPassphrase(const AccessCredentials *cred,
  60                 CSSM_SAMPLE_TYPE neededSampleType, CssmOwnedData &passphrase);
  61
  62 private:
  63         AclKind mKind;
  64 };
  65
  66
  67 //
  68 // Our implementation of an ACL validation environment uses information
  69 // derived from a Connection object. It implements context for
  70 // -- ProcessAclSubjects (getuid/getgid)
  71 // -- KeychainPromptAclSubjects (connection link)
  72 //
  73 class SecurityServerEnvironment : public virtual AclValidationEnvironment,
  74     public virtual ProcessAclSubject::Environment,
  75         public virtual CodeSignatureAclSubject::Environment {
  76 public:
  77     SecurityServerEnvironment(const SecurityServerAcl &baseAcl)
  78     : acl(baseAcl) { }
  79
  80         const SecurityServerAcl &acl;
  81
  82         const Database *database() const                { return acl.relatedDatabase(); }
  83     uid_t getuid() const;
  84     gid_t getgid() const;
  85         pid_t getpid() const;
  86         bool verifyCodeSignature(const CodeSigning::Signature *signature);
  87 };
  88
  89
  90 #endif //_H_ACLS