2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
22 #ifndef _H_CDSA_CLIENT_ACLCLIENT
23 #define _H_CDSA_CLIENT_ACLCLIENT 1
25 #include <Security/cssmaclpod.h>
26 #include <Security/cssmacl.h>
27 #include <Security/cssmcred.h>
28 #include <Security/refcount.h>
29 #include <Security/globalizer.h>
32 namespace CssmClient
{
38 // Any client-side object that has CSSM-layer ACLs shall be
39 // derived from AclBearer and implement its methods accordingly.
40 // Note the (shared/virtual) RefCount - you should handle AclBearer
41 // references via RefPointers.
43 class AclBearer
: public virtual RefCount
{
48 virtual void getAcl(AutoAclEntryInfoList
&aclInfos
,
49 const char *selectionTag
= NULL
) const = 0;
50 virtual void changeAcl(const CSSM_ACL_EDIT
&aclEdit
,
51 const CSSM_ACCESS_CREDENTIALS
*cred
= NULL
) = 0;
53 void addAcl(const AclEntryInput
&input
, const CSSM_ACCESS_CREDENTIALS
*cred
= NULL
);
54 void changeAcl(CSSM_ACL_HANDLE handle
, const AclEntryInput
&input
,
55 const CSSM_ACCESS_CREDENTIALS
*cred
= NULL
);
56 void deleteAcl(CSSM_ACL_HANDLE handle
, const CSSM_ACCESS_CREDENTIALS
*cred
= NULL
);
57 void deleteAcl(const char *tag
= NULL
, const CSSM_ACCESS_CREDENTIALS
*cred
= NULL
);
59 // Acl owner manipulation
60 virtual void getOwner(AutoAclOwnerPrototype
&owner
) const = 0;
61 virtual void changeOwner(const CSSM_ACL_OWNER_PROTOTYPE
&newOwner
,
62 const CSSM_ACCESS_CREDENTIALS
*cred
= NULL
) = 0;
67 // An AclFactory helps create and maintain CSSM-layer AccessCredentials
68 // and matching samples. There is state in an AclFactory, though simple
69 // uses may not care about it.
74 virtual ~AclFactory();
76 // these values are owned by the AclFactory and persist
77 // until it is destroyed. You don't own the memory.
78 const AccessCredentials
*nullCred() const;
79 const AccessCredentials
*promptCred() const;
80 const AccessCredentials
*unlockCred() const;
83 class KeychainCredentials
{
85 KeychainCredentials(CssmAllocator
&alloc
)
86 : allocator(alloc
), mCredentials(new AutoCredentials(alloc
)) { }
87 virtual ~KeychainCredentials();
89 CssmAllocator
&allocator
;
91 operator const AccessCredentials
* () { return mCredentials
; }
94 AutoCredentials
*mCredentials
;
98 // create a self-managed AccessCredentials to explicitly provide a keychain passphrase
99 class PassphraseUnlockCredentials
: public KeychainCredentials
{
101 PassphraseUnlockCredentials (const CssmData
& password
, CssmAllocator
& allocator
);
104 // create a self-managed AccessCredentials to change a keychain passphrase
105 class PasswordChangeCredentials
: public KeychainCredentials
{
107 PasswordChangeCredentials (const CssmData
& password
, CssmAllocator
& allocator
);
111 class AnyResourceContext
: public ResourceControlContext
{
113 AnyResourceContext(const CSSM_ACCESS_CREDENTIALS
*cred
= NULL
);
117 CSSM_ACL_AUTHORIZATION_TAG mTag
;
122 } // end namespace CssmClient
123 } // end namespace Security
125 #endif // _H_CDSA_CLIENT_ACLCLIENT
projects / apple / security.git / blob