Keychain/Access.h

   1 /*
   2  * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18 //
  19 // Access.h - Access control wrappers
  20 //
  21 #ifndef _SECURITY_ACCESS_H_
  22 #define _SECURITY_ACCESS_H_
  23
  24 #include <Security/SecRuntime.h>
  25 #include <Security/ACL.h>
  26 #include <Security/trackingallocator.h>
  27 #include <Security/cssmaclpod.h>
  28 #include <Security/cssmacl.h>
  29 #include <Security/aclclient.h>
  30 #include <Security/TrustedApplication.h>
  31 #include <map>
  32
  33 namespace Security {
  34 namespace KeychainCore {
  35
  36 using CssmClient::AclBearer;
  37
  38
  39 class Access : public SecCFObject {
  40         NOCOPY(Access)
  41 public:
  42         SECCFFUNCTIONS(Access, SecAccessRef, errSecInvalidItemRef)
  43
  44         class Maker {
  45                 NOCOPY(Maker)
  46                 static const size_t keySize = 16;       // number of (random) bytes
  47                 friend class Access;
  48         public:
  49                 Maker(CssmAllocator &alloc = CssmAllocator::standard());
  50
  51                 void initialOwner(ResourceControlContext &ctx, const AccessCredentials *creds = NULL);
  52                 const AccessCredentials *cred();
  53
  54                 TrackingAllocator allocator;
  55
  56                 static const char creationEntryTag[];
  57
  58         private:
  59                 CssmAutoData mKey;
  60                 AclEntryInput mInput;
  61                 AutoCredentials mCreds;
  62         };
  63
  64 public:
  65         // make default forms
  66     Access(const string &description);
  67     Access(const string &description, const ACL::ApplicationList &trusted);
  68     Access(const string &description, const ACL::ApplicationList &trusted,
  69                 const AclAuthorizationSet &limitedRights, const AclAuthorizationSet &freeRights);
  70
  71         // make a completely open Access (anyone can do anything)
  72         Access();
  73
  74         // retrieve from an existing AclBearer
  75         Access(AclBearer &source);
  76
  77         // make from CSSM layer information (presumably retrieved by caller)
  78         Access(const CSSM_ACL_OWNER_PROTOTYPE &owner,
  79                 uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls);
  80     virtual ~Access() throw();
  81
  82 public:
  83         CFArrayRef copySecACLs() const;
  84         CFArrayRef copySecACLs(CSSM_ACL_AUTHORIZATION_TAG action) const;
  85
  86         void add(ACL *newAcl);
  87         void addOwner(ACL *newOwnerAcl);
  88
  89         void setAccess(AclBearer &target, bool update = false);
  90         void setAccess(AclBearer &target, Maker &maker);
  91
  92         template <class Container>
  93         void findAclsForRight(AclAuthorization right, Container &cont)
  94         {
  95                 cont.clear();
  96                 for (Map::const_iterator it = mAcls.begin(); it != mAcls.end(); it++)
  97                         if (it->second->authorizes(right))
  98                                 cont.push_back(it->second);
  99         }
 100
 101         std::string promptDescription() const;  // from any one of the ACLs contained
 102
 103         void addApplicationToRight(AclAuthorization right, TrustedApplication *app);
 104
 105         void copyOwnerAndAcl(CSSM_ACL_OWNER_PROTOTYPE * &owner,
 106                 uint32 &aclCount, CSSM_ACL_ENTRY_INFO * &acls);
 107
 108 protected:
 109     void makeStandard(const string &description, const ACL::ApplicationList &trusted,
 110                 const AclAuthorizationSet &limitedRights = AclAuthorizationSet(),
 111                 const AclAuthorizationSet &freeRights = AclAuthorizationSet());
 112     void compile(const CSSM_ACL_OWNER_PROTOTYPE &owner,
 113         uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls);
 114
 115         void editAccess(AclBearer &target, bool update, const AccessCredentials *cred);
 116
 117 private:
 118         static const CSSM_ACL_HANDLE ownerHandle = ACL::ownerHandle;
 119         typedef map<CSSM_ACL_HANDLE, SecPointer<ACL> > Map;
 120
 121         Map mAcls;                      // set of ACL entries
 122 };
 123
 124
 125 } // end namespace KeychainCore
 126 } // end namespace Security
 127
 128 #endif // !_SECURITY_ACCESS_H_