]> git.saurik.com Git - apple/securityd.git/blob - src/acls.h
projects / apple / securityd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
securityd-26674.tar.gz
[apple/securityd.git] / src / acls.h
1 /*
2 * Copyright (c) 2000-2001,2003-2004 Apple Computer, Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 //
26 // acls - securityd ACL implementation
27 //
28 // These classes implement securityd's local ACL machine in terms of the generic
29 // ObjectAcl model. In particular, they define securityd's AclValidationEnvironment,
30 // which hooks the real-world state into the abstract AclSubject submachines.
31 //
32 // Note that these classes are *complete* but *extendable*. The default implementation
33 // uses unmodified local ObjectAcl state. Subclasses (and certain AclSubjects) may delegate
34 // validation to outside agents (such as a tokend) and thus act as caching forwarding agents.
35 // Don't assume.
36 //
37 #ifndef _H_ACLS
38 #define _H_ACLS
39
40 #include <securityd_server/sscommon.h>
41 #include <security_cdsa_utilities/cssmacl.h>
42 #include <security_cdsa_utilities/context.h>
43 #include <security_cdsa_utilities/acl_process.h>
44 #include <security_cdsa_utilities/acl_codesigning.h>
45 #include <security_cdsa_utilities/acl_secret.h>
46 #include <security_cdsa_utilities/acl_preauth.h>
47 #include <security_cdsa_utilities/acl_prompted.h>
48
49 using namespace SecurityServer;
50
51
52 class Connection;
53 class Database;
54
55
56 //
57 // ACL implementation as used by the SecurityServer
58 //
59 class SecurityServerAcl : public ObjectAcl {
60 public:
61 SecurityServerAcl() : ObjectAcl(Allocator::standard()) { }
62 virtual ~SecurityServerAcl();
63
64 // validation calls restated
65 void validate(AclAuthorization auth, const AccessCredentials *cred, Database *relatedDatabase);
66 void validate(AclAuthorization auth, const Context &context, Database *relatedDatabase);
67
68 // CSSM layer ACL calls
69 virtual void getOwner(AclOwnerPrototype &owner);
70 virtual void getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls);
71 virtual void changeAcl(const AclEdit &edit, const AccessCredentials *cred,
72 Database *relatedDatabase);
73 virtual void changeOwner(const AclOwnerPrototype &newOwner, const AccessCredentials *cred,
74 Database *relatedDatabase);
75
76 // to be provided by implementations
77 virtual AclKind aclKind() const = 0;
78
79 // aclSequence is taken to serialize ACL validations to pick up mutual changes
80 Mutex aclSequence;
81 };
82
83
84 //
85 // Our implementation of an ACL validation environment uses information
86 // derived from a Connection object. It implements context for
87 // -- ProcessAclSubjects (getuid/getgid)
88 // -- KeychainPromptAclSubjects (connection link)
89 //
90 class SecurityServerEnvironment : public virtual AclValidationEnvironment,
91 public virtual ProcessAclSubject::Environment,
92 public virtual CodeSignatureAclSubject::Environment,
93 public virtual SecretAclSubject::Environment,
94 public virtual PromptedAclSubject::Environment,
95 public virtual PreAuthorizationAcls::Environment {
96 public:
97 SecurityServerEnvironment(SecurityServerAcl &baseAcl, Database *db)
98 : acl(baseAcl), database(db) { }
99
100 SecurityServerAcl &acl;
101 Database * const database;
102
103 uid_t getuid() const;
104 gid_t getgid() const;
105 pid_t getpid() const;
106 bool verifyCodeSignature(const CodeSigning::Signature *signature, const CssmData *comment);
107 bool validateSecret(const SecretAclSubject *me, const AccessCredentials *cred);
108 bool getSecret(CssmOwnedData &secret, const CssmData &prompt) const;
109 ObjectAcl *preAuthSource();
110 Adornable &store(const AclSubject *subject);
111 };
112
113
114 //
115 // An abstract source of a SecurityServerAcl.
116 // There is a default implementation, which throws OBJECT_ACL_NOT_SUPPORTED.
117 //
118 class AclSource {
119 protected:
120 AclSource() { }
121 virtual ~AclSource();
122
123 public:
124 virtual SecurityServerAcl &acl(); // defaults to "no ACL; throw exception"
125 virtual Database *relatedDatabase(); // optionally, a Database related to me
126
127 // forward ACL calls, passing some locally obtained stuff along
128
129 void getOwner(AclOwnerPrototype &owner)
130 { return acl().getOwner(owner); }
131 void getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls)
132 { return acl().getAcl(tag, count, acls); }
133 void changeAcl(const AclEdit &edit, const AccessCredentials *cred)
134 { return acl().changeAcl(edit, cred, relatedDatabase()); }
135 void changeOwner(const AclOwnerPrototype &newOwner, const AccessCredentials *cred)
136 { return acl().changeOwner(newOwner, cred, relatedDatabase()); }
137 void validate(AclAuthorization auth, const AccessCredentials *cred)
138 { acl().validate(auth, cred, relatedDatabase()); }
139 void validate(AclAuthorization auth, const Context &context)
140 { acl().validate(auth, context, relatedDatabase()); }
141 };
142
143
144 #endif //_H_ACLS
mirror of securityd