Security/libsecurity_cdsa_utilities/lib/acl_threshold.h

   1 /*
   2  * Copyright (c) 2000-2004,2006,2011,2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24
  25 //
  26 // acl_threshold - Threshold-based group ACL subjects.
  27 //
  28 // This subject type implements threshold (k of n) subjects as per CSSM standard.
  29 // Subsubjects are stored and evaluated in the order received. Any subsubject
  30 // is presented with all subsamples of the corresponding threshold sample, but
  31 // not any other samples possibly present in the credentials. Subsubject evaluation
  32 // stops as soon as the threshold is satisfied, or as soon as it becomes numerically
  33 // impossible to satisfy the threshold with future matches.
  34 // Note that this subject will reject out of hand any threshold sample that
  35 // contains more than <n> subsamples. This defeats "sample stuffing" attacks
  36 // where the attacker provides thousands of samples in the hope that some may
  37 // match by accident. It will however accept threshold samples with fewer than
  38 // <n> subsamples, as long as there are at least <k> subsamples.
  39 //
  40 #ifndef _ACL_THRESHOLD
  41 #define _ACL_THRESHOLD
  42
  43 #include <security_cdsa_utilities/cssmacl.h>
  44 #include <vector>
  45
  46
  47 namespace Security {
  48
  49 class ThresholdAclSubject : public SimpleAclSubject {
  50     typedef ObjectAcl::AclSubjectPointer AclSubjectPointer;
  51     typedef vector<AclSubjectPointer> AclSubjectVector;
  52 public:
  53     bool validate(const AclValidationContext &baseCtx, const TypedList &sample) const;
  54     CssmList toList(Allocator &alloc) const;
  55
  56     ThresholdAclSubject(uint32 n, uint32 k, const AclSubjectVector &subSubjects);
  57
  58     void exportBlob(Writer::Counter &pub, Writer::Counter &priv);
  59     void exportBlob(Writer &pub, Writer &priv);
  60
  61         unsigned count() const { return totalSubjects; }
  62         AclSubject *subject(unsigned n) const { return elements[n]; }
  63         void add(AclSubject *subject, unsigned beforePosition);
  64
  65         IFDUMP(void debugDump() const);
  66
  67     class Maker : public AclSubject::Maker {
  68     public:
  69         Maker() : AclSubject::Maker(CSSM_ACL_SUBJECT_TYPE_THRESHOLD) { }
  70         ThresholdAclSubject *make(const TypedList &list) const;
  71         ThresholdAclSubject *make(Version, Reader &pub, Reader &priv) const;
  72     };
  73
  74 private:
  75     uint32 minimumNeeded;                               // number of matches needed
  76     uint32 totalSubjects;                               // number of subSubjects
  77     AclSubjectVector elements;                  // sub-subject vector
  78
  79     template <class Action>
  80     void exportBlobForm(Action &pub, Action &priv);
  81 };
  82
  83 } // namespace Security
  84
  85
  86 #endif //_ACL_THRESHOLD