cdsa/cdsa_client/aclclient.h

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 //
  20 // keyclient
  21 //
  22 #ifndef _H_CDSA_CLIENT_ACLCLIENT
  23 #define _H_CDSA_CLIENT_ACLCLIENT  1
  24
  25 #include <Security/cssmaclpod.h>
  26 #include <Security/cssmcred.h>
  27 #include <Security/refcount.h>
  28 #include <Security/globalizer.h>
  29
  30 namespace Security {
  31 namespace CssmClient {
  32
  33 class CSP;
  34
  35
  36 //
  37 // Any client-side object that has CSSM-layer ACLs shall be
  38 // derived from AclBearer and implement its methods accordingly.
  39 // Note the (shared/virtual) RefCount - you should handle AclBearer
  40 // references via RefPointers.
  41 //
  42 class AclBearer : public virtual RefCount {
  43 public:
  44         virtual ~AclBearer();
  45
  46         // Acl manipulation
  47         virtual void getAcl(AutoAclEntryInfoList &aclInfos,
  48                 const char *selectionTag = NULL) const = 0;
  49         virtual void changeAcl(const CSSM_ACL_EDIT &aclEdit,
  50                 const CSSM_ACCESS_CREDENTIALS *cred = NULL) = 0;
  51
  52         void addAcl(const AclEntryInput &input, const CSSM_ACCESS_CREDENTIALS *cred = NULL);
  53         void changeAcl(CSSM_ACL_HANDLE handle, const AclEntryInput &input,
  54                 const CSSM_ACCESS_CREDENTIALS *cred = NULL);
  55         void deleteAcl(CSSM_ACL_HANDLE handle, const CSSM_ACCESS_CREDENTIALS *cred = NULL);
  56         void deleteAcl(const char *tag = NULL, const CSSM_ACCESS_CREDENTIALS *cred = NULL);
  57
  58         // Acl owner manipulation
  59         virtual void getOwner(AutoAclOwnerPrototype &owner) const = 0;
  60         virtual void changeOwner(const CSSM_ACL_OWNER_PROTOTYPE &newOwner,
  61                 const CSSM_ACCESS_CREDENTIALS *cred = NULL) = 0;
  62 };
  63
  64
  65 //
  66 // An AclFactory helps create and maintain CSSM-layer AccessCredentials
  67 // and matching samples. There is state in an AclFactory, though simple
  68 // uses may not care about it.
  69 //
  70 class AclFactory {
  71 public:
  72         AclFactory();
  73         virtual ~AclFactory();
  74
  75         // these values are owned by the AclFactory and persist
  76         // until it is destroyed. You don't own the memory.
  77         const AccessCredentials *nullCred() const;
  78         const AccessCredentials *promptCred() const;
  79         const AccessCredentials *unlockCred() const;
  80
  81 public:
  82     // HHS password change credentials are used, amazingly enough, to change passwords...
  83     class PasswordChangeCredentials
  84     {
  85     protected:
  86         AutoCredentials* mCredentials;
  87         CssmAllocator& mAllocator;
  88
  89     public:
  90         PasswordChangeCredentials (const CssmData& password,
  91                                    CssmAllocator& allocator);
  92         ~PasswordChangeCredentials ();
  93
  94         operator const AccessCredentials* () {return mCredentials;}
  95     };
  96 };
  97
  98
  99 } // end namespace CssmClient
 100 } // end namespace Security
 101
 102 #endif // _H_CDSA_CLIENT_ACLCLIENT