]> git.saurik.com Git - apple/security.git/blob - cdsa/cdsa_utilities/cssmaclpod.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-177.tar.gz
[apple/security.git] / cdsa / cdsa_utilities / cssmaclpod.h
1 /*
2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 //
20 // cssmaclpod - enhanced PodWrappers for ACL-related CSSM data structures
21 //
22 #ifndef _CSSMACLPOD
23 #define _CSSMACLPOD
24
25 #include <Security/utilities.h>
26 #include <Security/cssmlist.h>
27 #include <Security/cssmalloc.h>
28
29 namespace Security {
30
31 // a nicer name for an authorization tag
32 typedef CSSM_ACL_AUTHORIZATION_TAG AclAuthorization;
33 typedef std::set<AclAuthorization> AclAuthorizationSet;
34
35
36 //
37 // Enhanced POD Wrappers for the public ACL-related CSSM structures
38 //
39 class AuthorizationGroup : public PodWrapper<AuthorizationGroup, CSSM_AUTHORIZATIONGROUP> {
40 public:
41 AuthorizationGroup() { NumberOfAuthTags = 0; }
42 AuthorizationGroup(AclAuthorization auth);
43
44 explicit AuthorizationGroup(const AclAuthorizationSet &, CssmAllocator &alloc);
45 void destroy(CssmAllocator &alloc);
46
47 bool empty() const { return NumberOfAuthTags == 0; }
48 unsigned int count() const { return NumberOfAuthTags; }
49 CSSM_ACL_AUTHORIZATION_TAG operator [] (unsigned ix) const
50 { assert(ix < count()); return AuthTags[ix]; }
51
52 bool contains(CSSM_ACL_AUTHORIZATION_TAG tag) const;
53 operator AclAuthorizationSet () const;
54 };
55
56 class AclOwnerPrototype;
57
58 class AclEntryPrototype : public PodWrapper<AclEntryPrototype, CSSM_ACL_ENTRY_PROTOTYPE> {
59 public:
60 AclEntryPrototype() { clearPod(); }
61 explicit AclEntryPrototype(const AclOwnerPrototype &proto);
62 AclEntryPrototype(const CSSM_LIST &subj, bool delegate = false)
63 { clearPod(); TypedSubject = subj; Delegate = delegate; }
64
65 TypedList &subject() { return TypedList::overlay(TypedSubject); }
66 const TypedList &subject() const { return TypedList::overlay(TypedSubject); }
67 bool delegate() const { return Delegate; }
68 char *tag() { return EntryTag; }
69 const char *tag() const { return EntryTag; }
70 void tag(const char *tagString);
71 AuthorizationGroup &authorization() { return AuthorizationGroup::overlay(Authorization); }
72 const AuthorizationGroup &authorization() const
73 { return AuthorizationGroup::overlay(Authorization); }
74 };
75
76 class AclOwnerPrototype : public PodWrapper<AclOwnerPrototype, CSSM_ACL_OWNER_PROTOTYPE> {
77 public:
78 AclOwnerPrototype() { clearPod(); }
79 explicit AclOwnerPrototype(const AclEntryPrototype &proto)
80 { TypedSubject = proto.subject(); Delegate = proto.delegate(); }
81 AclOwnerPrototype(const CSSM_LIST &subj, bool delegate = false)
82 { TypedSubject = subj; Delegate = delegate; }
83
84 TypedList &subject() { return TypedList::overlay(TypedSubject); }
85 const TypedList &subject() const { return TypedList::overlay(TypedSubject); }
86 bool delegate() const { return Delegate; }
87 };
88
89 class AclEntryInfo : public PodWrapper<AclEntryInfo, CSSM_ACL_ENTRY_INFO> {
90 public:
91 AclEntryPrototype &proto() { return AclEntryPrototype::overlay(EntryPublicInfo); }
92 const AclEntryPrototype &proto() const
93 { return AclEntryPrototype::overlay(EntryPublicInfo); }
94
95 operator AclEntryPrototype &() { return proto(); }
96 operator const AclEntryPrototype &() const { return proto(); }
97
98 CSSM_ACL_HANDLE &handle() { return EntryHandle; }
99 const CSSM_ACL_HANDLE &handle() const { return EntryHandle; }
100 };
101
102 class AclEntryInput : public PodWrapper<AclEntryInput, CSSM_ACL_ENTRY_INPUT> {
103 public:
104 AclEntryInput() { clearPod(); }
105 AclEntryInput(const AclEntryPrototype &prot)
106 { Prototype = prot; Callback = NULL; CallerContext = NULL; }
107
108 AclEntryPrototype &proto() { return AclEntryPrototype::overlay(Prototype); }
109 const AclEntryPrototype &proto() const { return AclEntryPrototype::overlay(Prototype); }
110 //@@@ not supporting callback features (yet)
111 };
112
113 class AclEdit : public PodWrapper<AclEdit, CSSM_ACL_EDIT> {
114 public:
115 AclEdit(CSSM_ACL_EDIT_MODE m, CSSM_ACL_HANDLE h, const AclEntryInput *data)
116 { EditMode = m; OldEntryHandle = h; NewEntry = data; }
117 AclEdit(const AclEntryInput &add)
118 { EditMode = CSSM_ACL_EDIT_MODE_ADD; OldEntryHandle = CSSM_INVALID_HANDLE; NewEntry = &add; }
119 AclEdit(CSSM_ACL_HANDLE h, const AclEntryInput &modify)
120 { EditMode = CSSM_ACL_EDIT_MODE_REPLACE; OldEntryHandle = h; NewEntry = &modify; }
121 AclEdit(CSSM_ACL_HANDLE h)
122 { EditMode = CSSM_ACL_EDIT_MODE_DELETE; OldEntryHandle = h; NewEntry = NULL; }
123
124 CSSM_ACL_EDIT_MODE mode() const { return EditMode; }
125 CSSM_ACL_HANDLE handle() const { return OldEntryHandle; }
126 const AclEntryInput *newEntry() const { return AclEntryInput::overlay(NewEntry); }
127 };
128
129
130 //
131 // Allocating versions of Acl structures
132 //
133 class AutoAclOwnerPrototype {
134 NOCOPY(AutoAclOwnerPrototype)
135 public:
136 // allocator can be set after construction
137 AutoAclOwnerPrototype(CssmAllocator *allocator = NULL)
138 : mAclOwnerPrototype(NULL), mAllocator(allocator) { }
139 ~AutoAclOwnerPrototype();
140
141 operator CSSM_ACL_OWNER_PROTOTYPE *() { return make(); }
142 AclOwnerPrototype &operator * () { return *make(); }
143
144 void allocator(CssmAllocator &allocator);
145
146 private:
147 AclOwnerPrototype *mAclOwnerPrototype;
148 CssmAllocator *mAllocator;
149
150 AclOwnerPrototype *make();
151 };
152
153
154 class AutoAclEntryInfoList {
155 NOCOPY(AutoAclEntryInfoList)
156 public:
157 // allocator can be set after construction
158 AutoAclEntryInfoList(CssmAllocator *allocator = NULL)
159 : mAclEntryInfo(NULL), mNumberOfAclEntries(0), mAllocator(allocator) { }
160 ~AutoAclEntryInfoList();
161
162 operator CSSM_ACL_ENTRY_INFO_PTR *()
163 { return reinterpret_cast<CSSM_ACL_ENTRY_INFO_PTR *>(&mAclEntryInfo); }
164 operator uint32 *() { return &mNumberOfAclEntries; }
165
166 void allocator(CssmAllocator &allocator);
167
168 const AclEntryInfo &at(uint32 ix) const { return mAclEntryInfo[ix]; }
169 const AclEntryInfo &operator[](uint32 ix) const
170 { assert(ix < mNumberOfAclEntries); return mAclEntryInfo[ix]; }
171 AclEntryInfo &operator[](uint32 ix)
172 { assert(ix < mNumberOfAclEntries); return mAclEntryInfo[ix]; }
173
174 uint32 size() const { return mNumberOfAclEntries; } // obsolete
175 uint32 count() const { return mNumberOfAclEntries; }
176 AclEntryInfo *entries() const { return mAclEntryInfo; }
177
178 private:
179 AclEntryInfo *mAclEntryInfo;
180 uint32 mNumberOfAclEntries;
181 CssmAllocator *mAllocator;
182 };
183
184 class AutoAuthorizationGroup : public AuthorizationGroup {
185 public:
186 AutoAuthorizationGroup(CssmAllocator &alloc) : allocator(alloc) { }
187 explicit AutoAuthorizationGroup(const AclAuthorizationSet &set,
188 CssmAllocator &alloc) : AuthorizationGroup(set, alloc), allocator(alloc) { }
189 ~AutoAuthorizationGroup() { destroy(allocator); }
190
191 CssmAllocator &allocator;
192 };
193
194
195 //
196 // Walkers for the CSSM API structure types
197 //
198 namespace DataWalkers {
199
200 // AclEntryInput
201 template <class Action>
202 AclEntryInput *walk(Action &operate, AclEntryInput * &input)
203 {
204 operate(input);
205 walk(operate, input->proto());
206 return input;
207 }
208
209 template <class Action>
210 void walk(Action &operate, AclEntryInput &input)
211 {
212 operate(input);
213 walk(operate, input.proto());
214 }
215
216 // AclEntryInfo
217 template <class Action>
218 void walk(Action &operate, AclEntryInfo &info)
219 {
220 operate(info);
221 walk(operate, info.proto());
222 }
223
224 template <class Action>
225 void walk(Action &operate, const AclEntryInfo &info)
226 { walk(operate, const_cast<AclEntryInfo &>(info)); }
227
228 // AuthorizationGroup
229 template <class Action>
230 void walk(Action &operate, AuthorizationGroup &auth)
231 {
232 operate(auth);
233 uint32 count = auth.count();
234 operate.blob(auth.AuthTags, count * sizeof(AclAuthorization));
235 for (uint32 n = 0; n < count; n++)
236 walk(operate, auth.AuthTags[n]);
237 }
238
239 template <class Action>
240 void walk(Action &operate, CSSM_AUTHORIZATIONGROUP &auth)
241 { walk(operate, static_cast<CSSM_AUTHORIZATIONGROUP &>(auth)); }
242
243 // AclEntryPrototype
244 template <class Action>
245 void enumerate(Action &operate, AclEntryPrototype &proto)
246 {
247 walk(operate, proto.subject());
248 walk(operate, proto.authorization());
249 //@@@ ignoring validity period
250 }
251
252 template <class Action>
253 void walk(Action &operate, AclEntryPrototype &proto)
254 {
255 operate(proto);
256 enumerate(operate, proto);
257 }
258
259 template <class Action>
260 AclEntryPrototype *walk(Action &operate, AclEntryPrototype * &proto)
261 {
262 operate(proto);
263 enumerate(operate, *proto);
264 return proto;
265 }
266
267 // AclOwnerPrototype
268 template <class Action>
269 void walk(Action &operate, AclOwnerPrototype &proto)
270 {
271 operate(proto);
272 walk(operate, proto.subject());
273 }
274
275 template <class Action>
276 AclOwnerPrototype *walk(Action &operate, AclOwnerPrototype * &proto)
277 {
278 operate(proto);
279 walk(operate, proto->subject());
280 return proto;
281 }
282
283
284 } // end namespace DataWalkers
285
286 } // end namespace Security
287
288
289 #endif //_CSSMACLPOD
mirror of Security