+++ /dev/null
-/*
- * Copyright (c) 2000-2004,2006,2011,2014 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-
-//
-// acl_secret - secret-validation password ACLs framework.
-//
-#ifndef _ACL_SECRET
-#define _ACL_SECRET
-
-#include <security_cdsa_utilities/cssmdata.h>
-#include <security_cdsa_utilities/cssmacl.h>
-#include <string>
-
-
-namespace Security {
-
-
-//
-// SecretAclSubject implements AclSubjects that perform their validation by
-// passing their secret through some deterministic validation mechanism.
-// As a limiting case, the subject can contain the secret itself and validate
-// by comparing for equality.
-//
-// This is not a fully functional ACL subject. You must subclass it.
-//
-// There are three elements to consider here:
-// (1) How to OBTAIN the secret. This is the job of your subclass; SecretAclSubject
-// is agnostic (and abstract) in this respect.
-// (2) How to VALIDATE the secret. This is delegated to an environment method,
-// which gets this very subject passed as an argument for maximum flexibility.
-// (3) Whether to use a locally stored copy of the secret for validation (by equality)
-// or hand it off to the environment validator. This is fully implemented here.
-// This implementation assumes that the secret, whatever it may be, can be stored
-// as a (flat) data blob and can be compared for bit-wise equality. No other
-// interpretation is required at this level.
-//
-class SecretAclSubject : public SimpleAclSubject {
-public:
- bool validate(const AclValidationContext &ctx, const TypedList &sample) const;
-
- SecretAclSubject(Allocator &alloc, CSSM_ACL_SUBJECT_TYPE type, const CssmData &secret);
- SecretAclSubject(Allocator &alloc, CSSM_ACL_SUBJECT_TYPE type, CssmManagedData &secret);
- SecretAclSubject(Allocator &alloc, CSSM_ACL_SUBJECT_TYPE type, bool doCache);
-
- bool haveSecret() const { return mSecretValid; }
- bool cacheSecret() const { return mCacheSecret; }
-
- void secret(const CssmData &secret) const;
- void secret(CssmManagedData &secret) const;
-
- Allocator &allocator;
-
- IFDUMP(void debugDump() const);
-
-public:
- class Environment : virtual public AclValidationEnvironment {
- public:
- virtual bool validateSecret(const SecretAclSubject *me,
- const AccessCredentials *secret) = 0;
- };
-
-protected:
- // implement this to get your secret (somehow)
- virtual bool getSecret(const AclValidationContext &context,
- const TypedList &sample, CssmOwnedData &secret) const = 0;
-
- const CssmData &secret() const { assert(mSecretValid); return mSecret; }
-
-private:
- mutable CssmAutoData mSecret; // locally known secret
- mutable bool mSecretValid; // mSecret is valid
- bool mCacheSecret; // cache secret locally and validate from cache
-};
-
-} // end namespace Security
-
-
-#endif //_ACL_SECRET
projects / apple / security.git / blobdiff