X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5dd5f9ec28f304ca377c42fd7f711d6cf12b90e1..5c19dc3ae3bd8e40a9c028b0deddd50ff337692c:/Security/libsecurity_cdsa_utilities/lib/acl_preauth.h?ds=inline diff --git a/Security/libsecurity_cdsa_utilities/lib/acl_preauth.h b/Security/libsecurity_cdsa_utilities/lib/acl_preauth.h deleted file mode 100644 index ee56b95e..00000000 --- a/Security/libsecurity_cdsa_utilities/lib/acl_preauth.h +++ /dev/null @@ -1,132 +0,0 @@ -/* - * Copyright (c) 2004,2006-2007,2011 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - - -// -// acl_preauth - a subject type for modeling PINs and similar slot-specific -// pre-authentication schemes. -// -#ifndef _ACL_PREAUTH -#define _ACL_PREAUTH - -#include -#include - - -namespace Security { -namespace PreAuthorizationAcls { - - -class OriginMaker : public AclSubject::Maker { -protected: - typedef LowLevelMemoryUtilities::Reader Reader; - typedef LowLevelMemoryUtilities::Writer Writer; -public: - OriginMaker() : AclSubject::Maker(CSSM_ACL_SUBJECT_TYPE_PREAUTH) { } - AclSubject *make(const TypedList &list) const; - AclSubject *make(AclSubject::Version version, Reader &pub, Reader &priv) const; -}; - -class SourceMaker : public AclSubject::Maker { -protected: - typedef LowLevelMemoryUtilities::Reader Reader; - typedef LowLevelMemoryUtilities::Writer Writer; -public: - SourceMaker() : AclSubject::Maker(CSSM_ACL_SUBJECT_TYPE_PREAUTH_SOURCE) { } - AclSubject *make(const TypedList &list) const; - AclSubject *make(AclSubject::Version version, Reader &pub, Reader &priv) const; -}; - - -// -// The actual designation of the PreAuth source AclBearer is provide by the environment. -// -class Environment : public virtual AclValidationEnvironment { -public: - virtual ObjectAcl *preAuthSource() = 0; -}; - - -// -// This is the object that is being "attached" (as an Adornment) to hold -// the pre-authorization state of a SourceAclSubject. -// The Adornable used for storage is determined by the Environment's store() method. -// -struct AclState { - AclState() : accepted(false) { } - bool accepted; // was previously accepted by upstream -}; - - -// -// This is the "origin" subject class that gets created the usual way. -// It models a pre-auth "origin" - i.e. it points at a preauth slot and accepts -// its verdict on validation. Think of it as the "come from" part of the link. -// -class OriginAclSubject : public AclSubject { -public: - bool validate(const AclValidationContext &ctx) const; - CssmList toList(Allocator &alloc) const; - - OriginAclSubject(AclAuthorization auth); - - void exportBlob(Writer::Counter &pub, Writer::Counter &priv); - void exportBlob(Writer &pub, Writer &priv); - - IFDUMP(void debugDump() const); - -private: - AclAuthorization mAuthTag; // authorization tag referred to (origin only) -}; - - -// -// The "source" subject class describes the other end of the link; the "go to" part -// if you will. Its sourceSubject is consulted for actual validation; and prior validation -// state is remembered (through the environment store facility) so that future validation -// attempts will automaticaly succeed (that's the "pre" in PreAuth). -// -class SourceAclSubject : public AclSubject { -public: - bool validate(const AclValidationContext &ctx) const; - CssmList toList(Allocator &alloc) const; - - SourceAclSubject(AclSubject *subSubject, - CSSM_ACL_PREAUTH_TRACKING_STATE state = CSSM_ACL_PREAUTH_TRACKING_UNKNOWN); - - void exportBlob(Writer::Counter &pub, Writer::Counter &priv); - void exportBlob(Writer &pub, Writer &priv); - - IFDUMP(void debugDump() const); - -private: - RefPointer mSourceSubject; // subject determining outcome (source only) -}; - - - -} // namespace PreAuthorizationAcls -} // namespace Security - - -#endif //_ACL_PREAUTH