securityd/src/tokenacl.cpp

   1 /*
   2  * Copyright (c) 2004-2007,2013 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24
  25 //
  26 // tokenacl - Token-based ACL implementation
  27 //
  28 #include "tokenacl.h"
  29 #include "tokend.h"
  30 #include "token.h"
  31 #include "tokendatabase.h"
  32 #include "agentquery.h"
  33 #include <security_utilities/trackingallocator.h>
  34 #include <security_cdsa_utilities/cssmbridge.h>
  35
  36
  37 //
  38 // A TokenAcl initializes to "invalid, needs update".
  39 // Note how our Token will start its ResetGeneration at 1, while we start at zero.
  40 //
  41 TokenAcl::TokenAcl()
  42         : mLastReset(0)
  43 {
  44 }
  45
  46
  47 //
  48 // Instantiate is called (by the ACL machinery core) before this ACL object's
  49 // contents are used in any way. Here is where we fetch the ACL data from tokend
  50 // (if we haven't got it yet).
  51 //
  52 void TokenAcl::instantiateAcl()
  53 {
  54         if (token().resetGeneration(mLastReset))
  55                 return;
  56
  57         secinfo("tokenacl", "%p loading ACLs from tokend", this);
  58
  59         // read owner
  60         AclOwnerPrototype *owner = NULL;
  61         token().tokend().getOwner(aclKind(), tokenHandle(), owner);
  62         assert(owner);
  63
  64         // read entries
  65         uint32 count;
  66         AclEntryInfo *infos;
  67         token().tokend().getAcl(aclKind(), tokenHandle(), NULL, count, infos);
  68
  69         // commit to setting the ACL data
  70         ObjectAcl::owner(*owner);
  71         ObjectAcl::entries(count, infos);
  72
  73         // and if we actually made it to here...
  74         mLastReset = token().resetGeneration();
  75 }
  76
  77
  78 //
  79 // The ACL machinery core calls this after successfully making changes to our ACL.
  80 //
  81 void TokenAcl::changedAcl()
  82 {
  83 }
  84
  85
  86 //
  87 // CSSM-layer read gates. This accesses a cached version prepared in our instantiateAcl().
  88 //
  89 void TokenAcl::getOwner(AclOwnerPrototype &owner)
  90 {
  91         ObjectAcl::cssmGetOwner(owner);
  92 }
  93
  94 void TokenAcl::getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls)
  95 {
  96         ObjectAcl::cssmGetAcl(tag, count, acls);
  97 }
  98
  99
 100 //
 101 // CSSM-layer write gates.
 102 // This doesn't directly write to the local ObjectAcl at all. The call is relayed to
 103 // tokend, and the resulting ACL is being re-read when next needed.
 104 //
 105 void TokenAcl::changeAcl(const AclEdit &edit, const AccessCredentials *cred, Database *db)
 106 {
 107         // changeAcl from/to a PIN (source) ACL has special UI handling here
 108         // @@@ this is an ad-hoc hack; general solution awaits the ACL machinery rebuild later
 109         instantiateAcl();               // (redundant except in error cases)
 110         if (TokenDatabase *tokenDb = dynamic_cast<TokenDatabase *>(db))
 111                 if (edit.mode() == CSSM_ACL_EDIT_MODE_REPLACE)
 112                         if (const AclEntryInput *input = edit.newEntry()) {
 113                                 if (unsigned pin = pinFromAclTag(input->proto().tag())) {
 114                                         // assume this is a PIN change request
 115                                         pinChange(pin, edit.handle(), *tokenDb);
 116                                         invalidateAcl();
 117                                         return;
 118                                 }
 119                         }
 120
 121         // hand the request off to tokend to do as it will
 122         token().tokend().changeAcl(aclKind(), tokenHandle(), Required(cred), edit);
 123         invalidateAcl();
 124 }
 125
 126 void TokenAcl::changeOwner(const AclOwnerPrototype &newOwner,
 127         const AccessCredentials *cred, Database *db)
 128 {
 129         token().tokend().changeOwner(aclKind(), tokenHandle(), Required(cred), newOwner);
 130         invalidateAcl();
 131 }
 132
 133
 134 //
 135 // Ad-hoc PIN change processing.
 136 // This cooks a suitable changeAcl call to tokend, ad hoc.
 137 // It does NOT complete the originating request; it replaces it completely.
 138 // (Completion processing requires not-yet-implemented ACL machine UI coalescing features.)
 139 //
 140 class QueryNewPin : public QueryNewPassphrase {
 141 public:
 142         QueryNewPin(unsigned int pinn, CSSM_ACL_HANDLE h, TokenDatabase &db, Reason reason)
 143                 : QueryNewPassphrase(db, reason), pin(pinn), handle(h) { }
 144
 145         const unsigned int pin;
 146         const CSSM_ACL_HANDLE handle;
 147
 148         Reason accept(CssmManagedData &passphrase, CssmData *oldPassphrase);
 149 };
 150
 151 SecurityAgent::Reason QueryNewPin::accept(CssmManagedData &passphrase, CssmData *oldPassphrase)
 152 {
 153         assert(oldPassphrase);          // we don't handle the new-pin case (yet)
 154
 155         // form a changeAcl query and send it to tokend
 156         try {
 157                 TrackingAllocator alloc(Allocator::standard());
 158                 AclEntryPrototype proto(TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_PROMPTED_PASSWORD,
 159                         new(alloc) ListElement(passphrase)
 160                         ));
 161                 proto.authorization() = AuthorizationGroup(CSSM_ACL_AUTHORIZATION_PREAUTH(pin), alloc);
 162                 char pintag[20]; sprintf(pintag, "PIN%d", pin);
 163                 proto.tag(pintag);
 164                 AclEntryInput input(proto);
 165                 AclEdit edit(CSSM_ACL_EDIT_MODE_REPLACE, handle, &input);
 166                 AutoCredentials cred(alloc);
 167                 cred += TypedList(alloc, CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD,
 168                         new(alloc) ListElement(*oldPassphrase));
 169                 safer_cast<TokenDatabase &>(database).token().tokend().changeAcl(dbAcl, noDb, cred, edit);
 170                 return SecurityAgent::noReason;
 171         } catch (const CssmError &err) {
 172                 switch (err.error) {
 173                 default:
 174                         return SecurityAgent::unknownReason;
 175                 }
 176         } catch (...) {
 177                 return SecurityAgent::unknownReason;
 178         }
 179 }
 180
 181 void TokenAcl::pinChange(unsigned int pin, CSSM_ACL_HANDLE handle, TokenDatabase &database)
 182 {
 183         QueryNewPin query(pin, handle, database, SecurityAgent::changePassphrase);
 184         query.inferHints(Server::process());
 185         CssmAutoData newPin(Allocator::standard(Allocator::sensitive));
 186     CssmAutoData oldPin(Allocator::standard(Allocator::sensitive));
 187         switch (query(oldPin, newPin)) {
 188         case SecurityAgent::noReason:           // worked
 189                 return;
 190         default:
 191                 CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR);
 192         }
 193 }