X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/securityd/src/acls.h diff --git a/securityd/src/acls.h b/securityd/src/acls.h new file mode 100644 index 00000000..5df4ba25 --- /dev/null +++ b/securityd/src/acls.h @@ -0,0 +1,155 @@ +/* + * Copyright (c) 2000-2001,2003-2007,2011 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + + +// +// acls - securityd ACL implementation +// +// These classes implement securityd's local ACL machine in terms of the generic +// ObjectAcl model. In particular, they define securityd's AclValidationEnvironment, +// which hooks the real-world state into the abstract AclSubject submachines. +// +// Note that these classes are *complete* but *extendable*. The default implementation +// uses unmodified local ObjectAcl state. Subclasses (and certain AclSubjects) may delegate +// validation to outside agents (such as a tokend) and thus act as caching forwarding agents. +// Don't assume. +// +#ifndef _H_ACLS +#define _H_ACLS + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +using namespace SecurityServer; + + +class Connection; +class Database; + + +// +// ACL implementation as used by the SecurityServer +// +class SecurityServerAcl : public ObjectAcl { +public: + SecurityServerAcl() : ObjectAcl(Allocator::standard()), aclSequence(Mutex::recursive) { } + virtual ~SecurityServerAcl(); + + // validation calls restated + virtual void validate(AclAuthorization auth, const AccessCredentials *cred, Database *relatedDatabase); + void validate(AclAuthorization auth, const Context &context, Database *relatedDatabase); + + // CSSM layer ACL calls + virtual void getOwner(AclOwnerPrototype &owner); + virtual void getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls); + virtual void changeAcl(const AclEdit &edit, const AccessCredentials *cred, + Database *relatedDatabase); + virtual void changeOwner(const AclOwnerPrototype &newOwner, const AccessCredentials *cred, + Database *relatedDatabase); + + // to be provided by implementations + virtual AclKind aclKind() const = 0; + + // a helper to (try to) add an ACL to a "standard form" item ACL + static bool addToStandardACL(const AclValidationContext &context, AclSubject *subject); + static bool looksLikeLegacyDotMac(const AclValidationContext &context); + + // aclSequence is taken to serialize ACL validations to pick up mutual changes + Mutex aclSequence; +}; + + +// +// Our implementation of an ACL validation environment uses information +// derived from a Connection object. It implements context for a fair number +// of subject types (see the inheritance list below). +// +class SecurityServerEnvironment : public virtual AclValidationEnvironment, + public virtual ProcessAclSubject::Environment, + public virtual CodeSignatureAclSubject::Environment, + public virtual SecretAclSubject::Environment, + public virtual PromptedAclSubject::Environment, + public virtual PreAuthorizationAcls::Environment { +public: + SecurityServerEnvironment(SecurityServerAcl &baseAcl, Database *db) + : acl(baseAcl), database(db) { } + + SecurityServerAcl &acl; + Database * const database; + + // personalities + uid_t getuid() const; + gid_t getgid() const; + pid_t getpid() const; + bool verifyCodeSignature(const OSXVerifier &verifier, const AclValidationContext &context); + bool validateSecret(const SecretAclSubject *me, const AccessCredentials *cred); + bool getSecret(CssmOwnedData &secret, const CssmData &prompt) const; + ObjectAcl *preAuthSource(); + Adornable &store(const AclSubject *subject); + + // subject editing + ThresholdAclSubject *standardSubject(const AclValidationContext &context); +}; + + +// +// An abstract source of a SecurityServerAcl. +// There is a default implementation, which throws OBJECT_ACL_NOT_SUPPORTED. +// +class AclSource { +protected: + AclSource() { } + virtual ~AclSource(); + +public: + virtual SecurityServerAcl &acl(); // defaults to "no ACL; throw exception" + virtual Database *relatedDatabase(); // optionally, a Database related to me + + // + // Forward ACL calls, passing some locally obtained stuff along. + // These are virtual so an AclSource can override them. Such overrides + // should enhance/post-process rather than replace functionality. + // + virtual void getOwner(AclOwnerPrototype &owner) + { return acl().getOwner(owner); } + virtual void getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls) + { return acl().getAcl(tag, count, acls); } + virtual void changeAcl(const AclEdit &edit, const AccessCredentials *cred) + { return acl().changeAcl(edit, cred, relatedDatabase()); } + virtual void changeOwner(const AclOwnerPrototype &newOwner, const AccessCredentials *cred) + { return acl().changeOwner(newOwner, cred, relatedDatabase()); } + virtual void validate(AclAuthorization auth, const AccessCredentials *cred) + { acl().validate(auth, cred, relatedDatabase()); } + virtual void validate(AclAuthorization auth, const Context &context) + { acl().validate(auth, context, relatedDatabase()); } +}; + + +#endif //_H_ACLS