--- /dev/null
+/*
+ * Copyright (c) 2000-2004,2006,2011-2012,2014 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+
+//
+// objectacl - core implementation of an ACL-bearing object
+//
+#ifndef _OBJECTACL
+#define _OBJECTACL
+
+#include <security_cdsa_utilities/aclsubject.h>
+#include <security_utilities/globalizer.h>
+#include <map>
+#include <set>
+#include <limits.h>
+
+
+namespace Security {
+
+
+//
+// An in-memory ACL object.
+// This class implements an ACL-for-a-protected-object. It is complete in that
+// it provides full ACL management functionality. You still need to (globally)
+// register makers for the ACL subject types you want to use.
+// Note that ObjectAcl does no integrity checking. ObjectAcl objects need to be
+// protected from hostile access (by e.g. address space separation), and exported
+// ACLs need to be protected somehow (by hiding, signing, or whatever works in
+// your situation).
+//
+class ObjectAcl {
+ friend AclSubject::Maker::Maker(CSSM_ACL_SUBJECT_TYPE);
+
+public:
+ typedef RefPointer<AclSubject> AclSubjectPointer;
+
+ typedef LowLevelMemoryUtilities::Writer Writer;
+ typedef LowLevelMemoryUtilities::Reader Reader;
+
+public:
+ ObjectAcl(Allocator &alloc);
+ ObjectAcl(const AclEntryPrototype &proto, Allocator &alloc);
+ virtual ~ObjectAcl();
+
+ Allocator &allocator;
+
+
+ //
+ // access control validation (evaluation)
+ //
+
+ // validate(): succeed or throw exception
+ void validate(AclAuthorization auth, const AccessCredentials *cred,
+ AclValidationEnvironment *env = NULL);
+ void validate(AclValidationContext &ctx);
+
+ // validates(): return true or false (or throw on error)
+ bool validates(AclAuthorization auth, const AccessCredentials *cred,
+ AclValidationEnvironment *env = NULL);
+ bool validates(AclValidationContext &ctx);
+
+ // owner validation (simpler)
+ void validateOwner(AclAuthorization authorizationHint, const AccessCredentials *cred,
+ AclValidationEnvironment *env = NULL);
+ void validateOwner(AclValidationContext &ctx);
+
+ // CSSM-style ACL access operations
+ // (Gets are not const because underlying implementations usually want them writable)
+ void cssmGetAcl(const char *tag, uint32 &count, AclEntryInfo * &acls);
+ void cssmChangeAcl(const AclEdit &edit, const AccessCredentials *cred,
+ AclValidationEnvironment *env = NULL);
+ void cssmGetOwner(AclOwnerPrototype &owner);
+ void cssmChangeOwner(const AclOwnerPrototype &newOwner, const AccessCredentials *cred,
+ AclValidationEnvironment *env = NULL);
+
+ void cssmSetInitial(const AclEntryPrototype &proto);
+ void cssmSetInitial(const AclSubjectPointer &subject);
+
+ // Acl I/O (to/from memory blobs)
+ void exportBlob(CssmData &publicBlob, CssmData &privateBlob);
+ void importBlob(const void *publicBlob, const void *privateBlob);
+
+ // clear everything from this ACL (return it to un-initialized state)
+ void clear();
+
+ // setup hooks (called to delayed-construct the contents before use) - empty defaults
+ virtual void instantiateAcl(); // called before ACL contents are used by external calls
+ virtual void changedAcl(); // called after an ACL has been (possibly) changed
+
+ // debug dump support (always there but stubbed out unless DEBUGDUMP)
+ virtual void debugDump(const char *what = NULL) const;
+
+public:
+ class Entry {
+ public:
+ AclSubjectPointer subject; // subject representation
+ bool delegate; // delegation flag
+
+ Entry() { } // make invalid Entry
+
+ void toOwnerInfo(CSSM_ACL_OWNER_PROTOTYPE &info,
+ Allocator &alloc) const; // encode copy in CSSM format
+
+ virtual bool authorizes(AclAuthorization auth) const = 0;
+ virtual bool validate(const AclValidationContext &ctx) const = 0;
+
+ template <class Action>
+ void exportBlob(Action &pub, Action &priv)
+ {
+ Endian<uint32> del = delegate; pub(del); // 4 bytes delegate flag
+ exportSubject(subject, pub, priv); // subject itself (polymorphic)
+ }
+ void importBlob(Reader &pub, Reader &priv);
+
+ IFDUMP(virtual void debugDump() const);
+
+ private:
+ void init(const AclSubjectPointer &subject, bool delegate = false);
+ void init(const TypedList &subject, bool delegate = false) { init(make(subject), delegate); }
+
+ protected:
+ Entry(const AclEntryPrototype &proto) { init(proto.subject(), proto.delegate()); }
+ Entry(const AclOwnerPrototype &proto) { init(proto.subject()); }
+ Entry(const AclSubjectPointer &subject) { init(subject); }
+ virtual ~Entry();
+ };
+
+ class OwnerEntry : public Entry {
+ public:
+ OwnerEntry() { } // invalid OwnerEntry
+ template <class Input>
+ OwnerEntry(const Input &owner) : Entry(owner) { }
+
+ bool authorizes(AclAuthorization auth) const;
+ bool validate(const AclValidationContext &ctx) const;
+ };
+
+ class AclEntry : public Entry {
+ public:
+ std::string tag; // entry tag
+ AclAuthorizationSet authorizations; // set of authorizations
+ bool authorizesAnything; // has the _ANY authorization tag
+ //@@@ time range not yet implemented
+ CSSM_ACL_HANDLE handle; // entry handle
+
+ AclEntry() { } // invalid AclEntry
+ AclEntry(const AclSubjectPointer &subject);
+ AclEntry(const AclEntryPrototype &proto);
+
+ void toEntryInfo(CSSM_ACL_ENTRY_PROTOTYPE &info,
+ Allocator &alloc) const; // encode copy in CSSM format
+
+ bool authorizes(AclAuthorization auth) const;
+ bool validate(const AclValidationContext &ctx) const;
+
+ template <class Action>
+ void exportBlob(Action &pub, Action &priv)
+ {
+ Entry::exportBlob(pub, priv);
+ const char *s = tag.c_str(); pub(s);
+ uint32 aa = authorizesAnything; pub(aa);
+ if (!authorizesAnything) {
+ Endian<uint32> count = (uint32)authorizations.size(); pub(count);
+ for (AclAuthorizationSet::iterator it = authorizations.begin();
+ it != authorizations.end(); it++) {
+ Endian<AclAuthorization> auth = *it; pub(auth);
+ }
+ }
+ //@@@ export time range
+ }
+ void importBlob(Reader &pub, Reader &priv);
+
+ IFDUMP(void debugDump() const);
+ };
+
+public:
+ // These helpers deal with transferring one subject from/to reader/writer streams.
+ // You'd usually only call those from complex subject implementations (e.g. threshold)
+ template <class Action>
+ static void exportSubject(AclSubject *subject, Action &pub, Action &priv)
+ {
+ Endian<uint32> typeAndVersion = subject->type() | subject->version() << AclSubject::versionShift;
+ pub(typeAndVersion);
+ subject->exportBlob(pub, priv);
+ }
+ static AclSubject *importSubject(Reader &pub, Reader &priv);
+
+public:
+ typedef std::multimap<string, AclEntry> EntryMap;
+
+ EntryMap::iterator begin() { return mEntries.begin(); }
+ EntryMap::iterator end() { return mEntries.end(); }
+ EntryMap::const_iterator begin() const { return mEntries.begin(); }
+ EntryMap::const_iterator end() const { return mEntries.end(); }
+
+ unsigned int getRange(const std::string &tag,
+ pair<EntryMap::const_iterator, EntryMap::const_iterator> &range) const;
+ EntryMap::iterator findEntryHandle(CSSM_ACL_HANDLE handle);
+
+ // construct an AclSubject through the Maker registry (by subject type)
+ static AclSubject *make(const TypedList &list); // make from CSSM form
+ static AclSubject *make(uint32 typeAndVersion,
+ Reader &pub, Reader &priv); // make from export form
+
+protected:
+ template <class Input>
+ void owner(const Input &input);
+ void entries(uint32 count, const AclEntryInfo *infos);
+
+private:
+ void add(const std::string &tag, const AclEntry &newEntry);
+ void add(const std::string &tag, AclEntry newEntry, CSSM_ACL_HANDLE handle);
+
+private:
+ EntryMap mEntries; // ACL entries indexed by tag
+ OwnerEntry mOwner; // ACL owner entry
+ CSSM_ACL_HANDLE mNextHandle; // next unused entry handle value
+
+private:
+ typedef map<CSSM_ACL_SUBJECT_TYPE, AclSubject::Maker *> MakerMap;
+ static ModuleNexus<MakerMap> makers; // registered subject Makers
+
+ static AclSubject::Maker &makerFor(CSSM_ACL_SUBJECT_TYPE type);
+};
+
+
+} // end namespace Security
+
+
+#endif //_OBJECTACL
projects / apple / security.git / blobdiff