--- /dev/null
+/*
+ * Copyright (c) 2000-2004,2006,2011,2014 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+
+//
+// acl_secret - secret-validation password ACLs framework.
+//
+#ifndef _ACL_SECRET
+#define _ACL_SECRET
+
+#include <security_cdsa_utilities/cssmdata.h>
+#include <security_cdsa_utilities/cssmacl.h>
+#include <string>
+
+
+namespace Security {
+
+
+//
+// SecretAclSubject implements AclSubjects that perform their validation by
+// passing their secret through some deterministic validation mechanism.
+// As a limiting case, the subject can contain the secret itself and validate
+// by comparing for equality.
+//
+// This is not a fully functional ACL subject. You must subclass it.
+//
+// There are three elements to consider here:
+// (1) How to OBTAIN the secret. This is the job of your subclass; SecretAclSubject
+// is agnostic (and abstract) in this respect.
+// (2) How to VALIDATE the secret. This is delegated to an environment method,
+// which gets this very subject passed as an argument for maximum flexibility.
+// (3) Whether to use a locally stored copy of the secret for validation (by equality)
+// or hand it off to the environment validator. This is fully implemented here.
+// This implementation assumes that the secret, whatever it may be, can be stored
+// as a (flat) data blob and can be compared for bit-wise equality. No other
+// interpretation is required at this level.
+//
+class SecretAclSubject : public SimpleAclSubject {
+public:
+ bool validate(const AclValidationContext &ctx, const TypedList &sample) const;
+
+ SecretAclSubject(Allocator &alloc, CSSM_ACL_SUBJECT_TYPE type, const CssmData &secret);
+ SecretAclSubject(Allocator &alloc, CSSM_ACL_SUBJECT_TYPE type, CssmManagedData &secret);
+ SecretAclSubject(Allocator &alloc, CSSM_ACL_SUBJECT_TYPE type, bool doCache);
+
+ bool haveSecret() const { return mSecretValid; }
+ bool cacheSecret() const { return mCacheSecret; }
+
+ void secret(const CssmData &secret) const;
+ void secret(CssmManagedData &secret) const;
+
+ Allocator &allocator;
+
+ IFDUMP(void debugDump() const);
+
+public:
+ class Environment : virtual public AclValidationEnvironment {
+ public:
+ virtual bool validateSecret(const SecretAclSubject *me,
+ const AccessCredentials *secret) = 0;
+ };
+
+protected:
+ // implement this to get your secret (somehow)
+ virtual bool getSecret(const AclValidationContext &context,
+ const TypedList &sample, CssmOwnedData &secret) const = 0;
+
+ const CssmData &secret() const { assert(mSecretValid); return mSecret; }
+
+private:
+ mutable CssmAutoData mSecret; // locally known secret
+ mutable bool mSecretValid; // mSecret is valid
+ bool mCacheSecret; // cache secret locally and validate from cache
+};
+
+} // end namespace Security
+
+
+#endif //_ACL_SECRET
projects / apple / security.git / blobdiff