X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/libsecurity_keychain/lib/Access.h diff --git a/libsecurity_keychain/lib/Access.h b/libsecurity_keychain/lib/Access.h deleted file mode 100644 index 1d57909a..00000000 --- a/libsecurity_keychain/lib/Access.h +++ /dev/null @@ -1,139 +0,0 @@ -/* - * Copyright (c) 2002-2004 Apple Computer, Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -// -// Access.h - Access control wrappers -// -#ifndef _SECURITY_ACCESS_H_ -#define _SECURITY_ACCESS_H_ - -#include -#include -#include -#include -#include -#include -#include - -namespace Security { -namespace KeychainCore { - -using CssmClient::AclBearer; - - -class Access : public SecCFObject { - NOCOPY(Access) -public: - SECCFFUNCTIONS(Access, SecAccessRef, errSecInvalidItemRef, gTypes().Access) - - class Maker { - NOCOPY(Maker) - static const size_t keySize = 16; // number of (random) bytes - friend class Access; - public: - enum MakerType {kStandardMakerType, kAnyMakerType}; - - Maker(Allocator &alloc = Allocator::standard(), MakerType makerType = kStandardMakerType); - - void initialOwner(ResourceControlContext &ctx, const AccessCredentials *creds = NULL); - const AccessCredentials *cred(); - - TrackingAllocator allocator; - - static const char creationEntryTag[]; - - MakerType makerType() {return mMakerType;} - - private: - CssmAutoData mKey; - AclEntryInput mInput; - AutoCredentials mCreds; - MakerType mMakerType; - }; - -public: - // make default forms - Access(const string &description); - Access(const string &description, const ACL::ApplicationList &trusted); - Access(const string &description, const ACL::ApplicationList &trusted, - const AclAuthorizationSet &limitedRights, const AclAuthorizationSet &freeRights); - - // make a completely open Access (anyone can do anything) - Access(); - - // retrieve from an existing AclBearer - Access(AclBearer &source); - - // make from CSSM layer information (presumably retrieved by caller) - Access(const CSSM_ACL_OWNER_PROTOTYPE &owner, - uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls); - virtual ~Access(); - -public: - CFArrayRef copySecACLs() const; - CFArrayRef copySecACLs(CSSM_ACL_AUTHORIZATION_TAG action) const; - - void add(ACL *newAcl); - void addOwner(ACL *newOwnerAcl); - - void setAccess(AclBearer &target, bool update = false); - void setAccess(AclBearer &target, Maker &maker); - - template - void findAclsForRight(AclAuthorization right, Container &cont) - { - cont.clear(); - for (Map::const_iterator it = mAcls.begin(); it != mAcls.end(); it++) - if (it->second->authorizes(right)) - cont.push_back(it->second); - } - - std::string promptDescription() const; // from any one of the ACLs contained - - void addApplicationToRight(AclAuthorization right, TrustedApplication *app); - - void copyOwnerAndAcl(CSSM_ACL_OWNER_PROTOTYPE * &owner, - uint32 &aclCount, CSSM_ACL_ENTRY_INFO * &acls); - -protected: - void makeStandard(const string &description, const ACL::ApplicationList &trusted, - const AclAuthorizationSet &limitedRights = AclAuthorizationSet(), - const AclAuthorizationSet &freeRights = AclAuthorizationSet()); - void compile(const CSSM_ACL_OWNER_PROTOTYPE &owner, - uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls); - - void editAccess(AclBearer &target, bool update, const AccessCredentials *cred); - -private: - static const CSSM_ACL_HANDLE ownerHandle = ACL::ownerHandle; - typedef map > Map; - - Map mAcls; // set of ACL entries - Mutex mMutex; -}; - - -} // end namespace KeychainCore -} // end namespace Security - -#endif // !_SECURITY_ACCESS_H_