2 * Copyright (c) 2000-2001,2003-2007 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
26 // acls - securityd ACL implementation
28 // These classes implement securityd's local ACL machine in terms of the generic
29 // ObjectAcl model. In particular, they define securityd's AclValidationEnvironment,
30 // which hooks the real-world state into the abstract AclSubject submachines.
32 // Note that these classes are *complete* but *extendable*. The default implementation
33 // uses unmodified local ObjectAcl state. Subclasses (and certain AclSubjects) may delegate
34 // validation to outside agents (such as a tokend) and thus act as caching forwarding agents.
40 #include <securityd_client/sscommon.h>
41 #include <security_cdsa_utilities/cssmacl.h>
42 #include <security_cdsa_utilities/context.h>
43 #include <security_cdsa_utilities/acl_process.h>
44 #include <security_cdsa_utilities/acl_codesigning.h>
45 #include <security_cdsa_utilities/acl_secret.h>
46 #include <security_cdsa_utilities/acl_preauth.h>
47 #include <security_cdsa_utilities/acl_prompted.h>
48 #include <security_cdsa_utilities/acl_threshold.h>
50 using namespace SecurityServer
;
58 // ACL implementation as used by the SecurityServer
60 class SecurityServerAcl
: public ObjectAcl
{
62 SecurityServerAcl() : ObjectAcl(Allocator::standard()), aclSequence(Mutex::recursive
) { }
63 virtual ~SecurityServerAcl();
65 // validation calls restated
66 virtual void validate(AclAuthorization auth
, const AccessCredentials
*cred
, Database
*relatedDatabase
);
67 void validate(AclAuthorization auth
, const Context
&context
, Database
*relatedDatabase
);
69 // CSSM layer ACL calls
70 virtual void getOwner(AclOwnerPrototype
&owner
);
71 virtual void getAcl(const char *tag
, uint32
&count
, AclEntryInfo
*&acls
);
72 virtual void changeAcl(const AclEdit
&edit
, const AccessCredentials
*cred
,
73 Database
*relatedDatabase
);
74 virtual void changeOwner(const AclOwnerPrototype
&newOwner
, const AccessCredentials
*cred
,
75 Database
*relatedDatabase
);
77 // to be provided by implementations
78 virtual AclKind
aclKind() const = 0;
80 // a helper to (try to) add an ACL to a "standard form" item ACL
81 static bool addToStandardACL(const AclValidationContext
&context
, AclSubject
*subject
);
82 static bool looksLikeLegacyDotMac(const AclValidationContext
&context
);
84 // aclSequence is taken to serialize ACL validations to pick up mutual changes
90 // Our implementation of an ACL validation environment uses information
91 // derived from a Connection object. It implements context for a fair number
92 // of subject types (see the inheritance list below).
94 class SecurityServerEnvironment
: public virtual AclValidationEnvironment
,
95 public virtual ProcessAclSubject::Environment
,
96 public virtual CodeSignatureAclSubject::Environment
,
97 public virtual SecretAclSubject::Environment
,
98 public virtual PromptedAclSubject::Environment
,
99 public virtual PreAuthorizationAcls::Environment
{
101 SecurityServerEnvironment(SecurityServerAcl
&baseAcl
, Database
*db
)
102 : acl(baseAcl
), database(db
) { }
104 SecurityServerAcl
&acl
;
105 Database
* const database
;
108 uid_t
getuid() const;
109 gid_t
getgid() const;
110 pid_t
getpid() const;
111 bool verifyCodeSignature(const OSXVerifier
&verifier
, const AclValidationContext
&context
);
112 bool validateSecret(const SecretAclSubject
*me
, const AccessCredentials
*cred
);
113 bool getSecret(CssmOwnedData
&secret
, const CssmData
&prompt
) const;
114 ObjectAcl
*preAuthSource();
115 Adornable
&store(const AclSubject
*subject
);
118 ThresholdAclSubject
*standardSubject(const AclValidationContext
&context
);
123 // An abstract source of a SecurityServerAcl.
124 // There is a default implementation, which throws OBJECT_ACL_NOT_SUPPORTED.
129 virtual ~AclSource();
132 virtual SecurityServerAcl
&acl(); // defaults to "no ACL; throw exception"
133 virtual Database
*relatedDatabase(); // optionally, a Database related to me
136 // Forward ACL calls, passing some locally obtained stuff along.
137 // These are virtual so an AclSource can override them. Such overrides
138 // should enhance/post-process rather than replace functionality.
140 virtual void getOwner(AclOwnerPrototype
&owner
)
141 { return acl().getOwner(owner
); }
142 virtual void getAcl(const char *tag
, uint32
&count
, AclEntryInfo
*&acls
)
143 { return acl().getAcl(tag
, count
, acls
); }
144 virtual void changeAcl(const AclEdit
&edit
, const AccessCredentials
*cred
)
145 { return acl().changeAcl(edit
, cred
, relatedDatabase()); }
146 virtual void changeOwner(const AclOwnerPrototype
&newOwner
, const AccessCredentials
*cred
)
147 { return acl().changeOwner(newOwner
, cred
, relatedDatabase()); }
148 virtual void validate(AclAuthorization auth
, const AccessCredentials
*cred
)
149 { acl().validate(auth
, cred
, relatedDatabase()); }
150 virtual void validate(AclAuthorization auth
, const Context
&context
)
151 { acl().validate(auth
, context
, relatedDatabase()); }