+++ /dev/null
-/*
- * Copyright (c) 2000-2007,2011 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-
-//
-// cssmaclpod - enhanced PodWrappers for ACL-related CSSM data structures
-//
-#ifndef _CSSMACLPOD
-#define _CSSMACLPOD
-
-#include <security_utilities/utilities.h>
-#include <security_cdsa_utilities/cssmlist.h>
-#include <security_cdsa_utilities/cssmalloc.h>
-
-namespace Security {
-
-// a nicer name for an authorization tag
-typedef CSSM_ACL_AUTHORIZATION_TAG AclAuthorization;
-
-
-//
-// An STL set of authorization tags, with some convenience features
-//
-class AclAuthorizationSet : public std::set<AclAuthorization> {
-public:
- AclAuthorizationSet() { }
- AclAuthorizationSet(AclAuthorization auth) { insert(auth); }
- AclAuthorizationSet(AclAuthorization *authBegin, AclAuthorization *authEnd)
- : set<AclAuthorization>(authBegin, authEnd) { }
- AclAuthorizationSet(AclAuthorization a1, AclAuthorization a2, ...); // list of auths, end with zero
-};
-
-
-//
-// Enhanced POD Wrappers for the public ACL-related CSSM structures
-//
-class AuthorizationGroup : public PodWrapper<AuthorizationGroup, CSSM_AUTHORIZATIONGROUP> {
-public:
- AuthorizationGroup() { NumberOfAuthTags = 0; }
- AuthorizationGroup(const AclAuthorizationSet &, Allocator &alloc);
- AuthorizationGroup(AclAuthorization tag, Allocator &alloc);
- void destroy(Allocator &alloc);
-
- bool empty() const { return NumberOfAuthTags == 0; }
- unsigned int size() const { return NumberOfAuthTags; }
- unsigned int count() const { return NumberOfAuthTags; }
- CSSM_ACL_AUTHORIZATION_TAG operator [] (unsigned ix) const
- { assert(ix < size()); return AuthTags[ix]; }
-
- bool contains(CSSM_ACL_AUTHORIZATION_TAG tag) const;
- operator AclAuthorizationSet () const;
-};
-
-class AclOwnerPrototype;
-
-class AclEntryPrototype : public PodWrapper<AclEntryPrototype, CSSM_ACL_ENTRY_PROTOTYPE> {
-public:
- AclEntryPrototype() { clearPod(); }
- explicit AclEntryPrototype(const AclOwnerPrototype &proto);
- AclEntryPrototype(const CSSM_LIST &subj, bool delegate = false)
- { clearPod(); TypedSubject = subj; Delegate = delegate; }
-
- TypedList &subject() { return TypedList::overlay(TypedSubject); }
- const TypedList &subject() const { return TypedList::overlay(TypedSubject); }
-
- bool delegate() const { return Delegate; }
- void delegate(bool d) { Delegate = d; }
-
- char *tag() { return EntryTag[0] ? EntryTag : NULL; }
- void tag(const char *tagString);
- void tag(const std::string &tagString);
- const char *tag() const { return EntryTag[0] ? EntryTag : NULL; }
- std::string s_tag() const { return EntryTag; }
-
- AuthorizationGroup &authorization() { return AuthorizationGroup::overlay(Authorization); }
- const AuthorizationGroup &authorization() const
- { return AuthorizationGroup::overlay(Authorization); }
-};
-
-class AclOwnerPrototype : public PodWrapper<AclOwnerPrototype, CSSM_ACL_OWNER_PROTOTYPE> {
-public:
- AclOwnerPrototype() { clearPod(); }
- explicit AclOwnerPrototype(const AclEntryPrototype &proto)
- { TypedSubject = proto.subject(); delegate(proto.delegate()); }
- AclOwnerPrototype(const CSSM_LIST &subj, bool del = false)
- { TypedSubject = subj; delegate(del); }
-
- TypedList &subject() { return TypedList::overlay(TypedSubject); }
- const TypedList &subject() const { return TypedList::overlay(TypedSubject); }
- bool delegate() const { return Delegate; }
- void delegate(bool d) { Delegate = d; }
-};
-
-class AclEntryInfo : public PodWrapper<AclEntryInfo, CSSM_ACL_ENTRY_INFO> {
-public:
- AclEntryInfo() { clearPod(); }
- AclEntryInfo(const AclEntryPrototype &prot, CSSM_ACL_HANDLE h = 0)
- { proto() = prot; handle() = h; }
-
- AclEntryPrototype &proto() { return AclEntryPrototype::overlay(EntryPublicInfo); }
- const AclEntryPrototype &proto() const
- { return AclEntryPrototype::overlay(EntryPublicInfo); }
-
- operator AclEntryPrototype &() { return proto(); }
- operator const AclEntryPrototype &() const { return proto(); }
-
- CSSM_ACL_HANDLE &handle() { return EntryHandle; }
- const CSSM_ACL_HANDLE &handle() const { return EntryHandle; }
- void handle(CSSM_ACL_HANDLE h) { EntryHandle = h; }
-};
-
-class AclEntryInput : public PodWrapper<AclEntryInput, CSSM_ACL_ENTRY_INPUT> {
-public:
- AclEntryInput() { clearPod(); }
- AclEntryInput(const CSSM_ACL_ENTRY_PROTOTYPE &prot)
- { Prototype = prot; Callback = NULL; CallerContext = NULL; }
-
- AclEntryInput &operator = (const CSSM_ACL_ENTRY_PROTOTYPE &prot)
- { Prototype = prot; Callback = NULL; CallerContext = NULL; return *this; }
-
- AclEntryPrototype &proto() { return AclEntryPrototype::overlay(Prototype); }
- const AclEntryPrototype &proto() const { return AclEntryPrototype::overlay(Prototype); }
- //@@@ not supporting callback features (yet)
-};
-
-class AclEdit : public PodWrapper<AclEdit, CSSM_ACL_EDIT> {
-public:
- AclEdit(CSSM_ACL_EDIT_MODE m, CSSM_ACL_HANDLE h, const AclEntryInput *data)
- { EditMode = m; OldEntryHandle = h; NewEntry = data; }
- AclEdit(const AclEntryInput &add)
- { EditMode = CSSM_ACL_EDIT_MODE_ADD; OldEntryHandle = CSSM_INVALID_HANDLE; NewEntry = &add; }
- AclEdit(CSSM_ACL_HANDLE h, const AclEntryInput &modify)
- { EditMode = CSSM_ACL_EDIT_MODE_REPLACE; OldEntryHandle = h; NewEntry = &modify; }
- AclEdit(CSSM_ACL_HANDLE h)
- { EditMode = CSSM_ACL_EDIT_MODE_DELETE; OldEntryHandle = h; NewEntry = NULL; }
-
- CSSM_ACL_EDIT_MODE mode() const { return EditMode; }
- CSSM_ACL_HANDLE handle() const { return OldEntryHandle; }
- const AclEntryInput *newEntry() const { return AclEntryInput::overlay(NewEntry); }
-};
-
-
-//
-// Allocating versions of Acl structures
-//
-class AutoAclOwnerPrototype {
- NOCOPY(AutoAclOwnerPrototype)
-public:
- // allocator can be set after construction
- AutoAclOwnerPrototype(Allocator *allocator = NULL)
- : mAclOwnerPrototype(NULL), mAllocator(allocator) { }
- ~AutoAclOwnerPrototype();
-
- operator bool () const { return mAllocator; }
- bool operator ! () const { return !mAllocator; }
-
- operator AclOwnerPrototype * () { return make(); }
- operator AclOwnerPrototype & () { return *make(); }
- AclOwnerPrototype &operator * () { return *make(); }
-
- TypedList &subject() { return make()->subject(); }
- TypedList &subject() const
- { assert(mAclOwnerPrototype); return mAclOwnerPrototype->subject(); }
- bool delegate() const
- { assert(mAclOwnerPrototype); return mAclOwnerPrototype->delegate(); }
- void delegate(bool d) { make()->delegate(d); }
-
- void allocator(Allocator &allocator);
- Allocator &allocator() const { assert(mAllocator); return *mAllocator; }
-
- AclOwnerPrototype &operator = (const TypedList &subj)
- { make()->subject() = subj; make()->delegate(false); return *mAclOwnerPrototype; }
-
- const AclOwnerPrototype *release()
- { AclOwnerPrototype *r = mAclOwnerPrototype; mAclOwnerPrototype = NULL; return r; }
-
-private:
- AclOwnerPrototype *mAclOwnerPrototype;
- Allocator *mAllocator;
-
- AclOwnerPrototype *make();
-};
-
-
-class AutoAclEntryInfoList {
- NOCOPY(AutoAclEntryInfoList)
-public:
- // allocator can be set after construction
- AutoAclEntryInfoList(Allocator *allocator = NULL)
- : mEntries(NULL), mCount(0), mAllocator(allocator) { }
- ~AutoAclEntryInfoList() { clear(); }
-
- operator bool () const { return mAllocator; }
- bool operator ! () const { return !mAllocator; }
- operator uint32 *() { return &mCount; }
- operator CSSM_ACL_ENTRY_INFO ** () { return reinterpret_cast<CSSM_ACL_ENTRY_INFO **>(&mEntries); }
-
- void allocator(Allocator &allocator);
- Allocator &allocator() const { assert(mAllocator); return *mAllocator; }
-
- const AclEntryInfo &at(uint32 ix) const
- { assert(ix < mCount); return mEntries[ix]; }
- const AclEntryInfo &operator [] (uint32 ix) const { return at(ix); }
- AclEntryInfo &at(uint32 ix);
- AclEntryInfo &operator[] (uint32 ix) { return at(ix); }
-
- uint32 size() const { return mCount; }
- uint32 count() const { return mCount; }
- AclEntryInfo *entries() const { return mEntries; }
-
- void clear();
- void size(uint32 newSize);
-
- // structured adders. Inputs must be chunk-allocated with our Allocator
- void add(const TypedList &subj, const AclAuthorizationSet &auths, const char *tag = NULL);
- void addPin(const TypedList &subj, uint32 slot);
- void addPinState(uint32 slot, uint32 state);
- void addPinState(uint32 slot, uint32 state, uint32 count);
-
- void release() { mAllocator = NULL; }
-
-private:
- AclEntryInfo *mEntries;
- uint32 mCount;
- Allocator *mAllocator;
-};
-
-//
-// Extract the pin number from a "PIN%d?" tag.
-// Returns 0 if the tag isn't of that form.
-//
-uint32 pinFromAclTag(const char *tag, const char *suffix = NULL);
-
-
-class AutoAuthorizationGroup : public AuthorizationGroup {
-public:
- AutoAuthorizationGroup(Allocator &alloc) : allocator(alloc) { }
- explicit AutoAuthorizationGroup(const AclAuthorizationSet &set,
- Allocator &alloc) : AuthorizationGroup(set, alloc), allocator(alloc) { }
- ~AutoAuthorizationGroup() { destroy(allocator); }
-
- Allocator &allocator;
-};
-
-
-//
-// Walkers for the CSSM API structure types
-//
-namespace DataWalkers {
-
-// AclEntryInput
-template <class Action>
-AclEntryInput *walk(Action &operate, AclEntryInput * &input)
-{
- operate(input);
- walk(operate, input->proto());
- return input;
-}
-
-template <class Action>
-void walk(Action &operate, AclEntryInput &input)
-{
- operate(input);
- walk(operate, input.proto());
-}
-
-// AclEntryInfo
-template <class Action>
-void walk(Action &operate, AclEntryInfo &info)
-{
- operate(info);
- walk(operate, info.proto());
-}
-
-// AuthorizationGroup
-template <class Action>
-void walk(Action &operate, AuthorizationGroup &auth)
-{
- operate(auth);
- uint32 count = auth.count();
- operate.blob(auth.AuthTags, count * sizeof(auth.AuthTags[0]));
- for (uint32 n = 0; n < count; n++)
- operate(auth.AuthTags[n]);
-}
-
-template <class Action>
-void walk(Action &operate, CSSM_AUTHORIZATIONGROUP &auth)
-{ walk(operate, static_cast<CSSM_AUTHORIZATIONGROUP &>(auth)); }
-
-// AclEntryPrototype
-template <class Action>
-void enumerate(Action &operate, AclEntryPrototype &proto)
-{
- walk(operate, proto.subject());
- walk(operate, proto.authorization());
- //@@@ ignoring validity period
-}
-
-template <class Action>
-void walk(Action &operate, AclEntryPrototype &proto)
-{
- operate(proto);
- enumerate(operate, proto);
-}
-
-template <class Action>
-AclEntryPrototype *walk(Action &operate, AclEntryPrototype * &proto)
-{
- operate(proto);
- enumerate(operate, *proto);
- return proto;
-}
-
-// AclOwnerPrototype
-template <class Action>
-void walk(Action &operate, AclOwnerPrototype &proto)
-{
- operate(proto);
- walk(operate, proto.subject());
-}
-
-template <class Action>
-AclOwnerPrototype *walk(Action &operate, AclOwnerPrototype * &proto)
-{
- operate(proto);
- walk(operate, proto->subject());
- return proto;
-}
-
-
-} // end namespace DataWalkers
-
-} // end namespace Security
-
-
-#endif //_CSSMACLPOD
projects / apple / security.git / blobdiff