SecurityServer/acls.cpp

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 //
  20 // acls - SecurityServer ACL implementation
  21 //
  22 #include "acls.h"
  23 #include "connection.h"
  24 #include "server.h"
  25 #include "SecurityAgentClient.h"
  26 #include <Security/acl_any.h>
  27 #include <Security/acl_password.h>
  28 #include <Security/acl_threshold.h>
  29
  30
  31 //
  32 // SecurityServerAcl is virtual
  33 //
  34 SecurityServerAcl::~SecurityServerAcl()
  35 { }
  36
  37
  38 //
  39 // Each SecurityServerAcl type must provide some indication of a database
  40 // it is associated with. The default, naturally, is "none".
  41 //
  42 const Database *SecurityServerAcl::relatedDatabase() const
  43 { return NULL; }
  44
  45
  46 //
  47 // Provide environmental information to get/change-ACL calls.
  48 // Also make them virtual so our children can override them.
  49 //
  50 void SecurityServerAcl::cssmChangeAcl(const AclEdit &edit, const AccessCredentials *cred)
  51 {
  52         SecurityServerEnvironment env(*this);
  53         ObjectAcl::cssmChangeAcl(edit, cred, &env);
  54 }
  55
  56 void SecurityServerAcl::cssmChangeOwner(const AclOwnerPrototype &newOwner,
  57         const AccessCredentials *cred)
  58 {
  59         SecurityServerEnvironment env(*this);
  60         ObjectAcl::cssmChangeOwner(newOwner, cred, &env);
  61 }
  62
  63
  64 //
  65 // Modified validate() methods to connect all the conduits...
  66 //
  67 void SecurityServerAcl::validate(AclAuthorization auth, const AccessCredentials *cred)
  68 {
  69     SecurityServerEnvironment env(*this);
  70         StLock<Mutex> objectSequence(aclSequence);
  71         StLock<Mutex> processSequence(Server::connection().process.aclSequence);
  72     ObjectAcl::validate(auth, cred, &env);
  73 }
  74
  75 void SecurityServerAcl::validate(AclAuthorization auth, const Context &context)
  76 {
  77         validate(auth,
  78                 context.get<AccessCredentials>(CSSM_ATTRIBUTE_ACCESS_CREDENTIALS));
  79 }
  80
  81
  82 //
  83 // Implement our environment object
  84 //
  85 uid_t SecurityServerEnvironment::getuid() const
  86 {
  87     return Server::connection().process.uid();
  88 }
  89
  90 gid_t SecurityServerEnvironment::getgid() const
  91 {
  92     return Server::connection().process.gid();
  93 }
  94
  95 pid_t SecurityServerEnvironment::getpid() const
  96 {
  97     return Server::connection().process.pid();
  98 }
  99
 100 bool SecurityServerEnvironment::verifyCodeSignature(const CodeSigning::Signature *signature,
 101         const CssmData *comment)
 102 {
 103         return Server::codeSignatures().verify(Server::connection().process, signature, comment);
 104 }