cdsa/cdsa_client/aclclient.h

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 //
  20 // keyclient
  21 //
  22 #ifndef _H_CDSA_CLIENT_ACLCLIENT
  23 #define _H_CDSA_CLIENT_ACLCLIENT  1
  24
  25 #include <Security/cssmaclpod.h>
  26 #include <Security/cssmacl.h>
  27 #include <Security/cssmcred.h>
  28 #include <Security/refcount.h>
  29 #include <Security/globalizer.h>
  30
  31 namespace Security {
  32 namespace CssmClient {
  33
  34 class CSP;
  35
  36
  37 //
  38 // Any client-side object that has CSSM-layer ACLs shall be
  39 // derived from AclBearer and implement its methods accordingly.
  40 // Note the (shared/virtual) RefCount - you should handle AclBearer
  41 // references via RefPointers.
  42 //
  43 class AclBearer : public virtual RefCount {
  44 public:
  45         virtual ~AclBearer();
  46
  47         // Acl manipulation
  48         virtual void getAcl(AutoAclEntryInfoList &aclInfos,
  49                 const char *selectionTag = NULL) const = 0;
  50         virtual void changeAcl(const CSSM_ACL_EDIT &aclEdit,
  51                 const CSSM_ACCESS_CREDENTIALS *cred = NULL) = 0;
  52
  53         void addAcl(const AclEntryInput &input, const CSSM_ACCESS_CREDENTIALS *cred = NULL);
  54         void changeAcl(CSSM_ACL_HANDLE handle, const AclEntryInput &input,
  55                 const CSSM_ACCESS_CREDENTIALS *cred = NULL);
  56         void deleteAcl(CSSM_ACL_HANDLE handle, const CSSM_ACCESS_CREDENTIALS *cred = NULL);
  57         void deleteAcl(const char *tag = NULL, const CSSM_ACCESS_CREDENTIALS *cred = NULL);
  58
  59         // Acl owner manipulation
  60         virtual void getOwner(AutoAclOwnerPrototype &owner) const = 0;
  61         virtual void changeOwner(const CSSM_ACL_OWNER_PROTOTYPE &newOwner,
  62                 const CSSM_ACCESS_CREDENTIALS *cred = NULL) = 0;
  63 };
  64
  65
  66 //
  67 // An AclBearer applied to a raw CSSM key
  68 //
  69 class KeyAclBearer : public AclBearer {
  70 public:
  71         KeyAclBearer(CSSM_CSP_HANDLE cspH, CSSM_KEY &theKey, CssmAllocator &alloc)
  72                 : csp(cspH), key(theKey), allocator(alloc) { }
  73
  74         const CSSM_CSP_HANDLE csp;
  75         CSSM_KEY &key;
  76         CssmAllocator &allocator;
  77
  78 protected:
  79         void getAcl(AutoAclEntryInfoList &aclInfos,
  80                 const char *selectionTag = NULL) const;
  81         void changeAcl(const CSSM_ACL_EDIT &aclEdit,
  82                 const CSSM_ACCESS_CREDENTIALS *cred = NULL);
  83         void getOwner(AutoAclOwnerPrototype &owner) const;
  84         void changeOwner(const CSSM_ACL_OWNER_PROTOTYPE &newOwner,
  85                 const CSSM_ACCESS_CREDENTIALS *cred = NULL);
  86 };
  87
  88
  89 //
  90 // An AclFactory helps create and maintain CSSM-layer AccessCredentials
  91 // and matching samples. There is state in an AclFactory, though simple
  92 // uses may not care about it.
  93 //
  94 class AclFactory {
  95 public:
  96         AclFactory();
  97         virtual ~AclFactory();
  98
  99         // these values are owned by the AclFactory and persist
 100         // until it is destroyed. You don't own the memory.
 101         const AccessCredentials *nullCred() const;
 102         const AccessCredentials *promptCred() const;
 103         const AccessCredentials *unlockCred() const;
 104
 105 protected:
 106         class KeychainCredentials {
 107         public:
 108                 KeychainCredentials(CssmAllocator &alloc)
 109                         : allocator(alloc), mCredentials(new AutoCredentials(alloc)) { }
 110                 virtual ~KeychainCredentials();
 111
 112                 CssmAllocator &allocator;
 113
 114         operator const AccessCredentials* () { return mCredentials; }
 115
 116     protected:
 117                 AutoCredentials *mCredentials;
 118         };
 119
 120 public:
 121     // create a self-managed AccessCredentials to explicitly provide a keychain passphrase
 122     class PassphraseUnlockCredentials : public KeychainCredentials {
 123     public:
 124         PassphraseUnlockCredentials (const CssmData& password, CssmAllocator& allocator);
 125     };
 126
 127         // create a self-managed AccessCredentials to change a keychain passphrase
 128     class PasswordChangeCredentials : public KeychainCredentials {
 129     public:
 130         PasswordChangeCredentials (const CssmData& password, CssmAllocator& allocator);
 131     };
 132
 133 public:
 134         class AnyResourceContext : public ResourceControlContext {
 135         public:
 136                 AnyResourceContext(const CSSM_ACCESS_CREDENTIALS *cred = NULL);
 137
 138         private:
 139                 ListElement mAny;
 140                 CSSM_ACL_AUTHORIZATION_TAG mTag;
 141         };
 142 };
 143
 144
 145 } // end namespace CssmClient
 146 } // end namespace Security
 147
 148 #endif // _H_CDSA_CLIENT_ACLCLIENT