]> git.saurik.com Git - apple/securityd.git/blob - src/acls.h
securityd-55137.5.tar.gz
[apple/securityd.git] / src / acls.h
1 /*
2 * Copyright (c) 2000-2001,2003-2007 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 //
26 // acls - securityd ACL implementation
27 //
28 // These classes implement securityd's local ACL machine in terms of the generic
29 // ObjectAcl model. In particular, they define securityd's AclValidationEnvironment,
30 // which hooks the real-world state into the abstract AclSubject submachines.
31 //
32 // Note that these classes are *complete* but *extendable*. The default implementation
33 // uses unmodified local ObjectAcl state. Subclasses (and certain AclSubjects) may delegate
34 // validation to outside agents (such as a tokend) and thus act as caching forwarding agents.
35 // Don't assume.
36 //
37 #ifndef _H_ACLS
38 #define _H_ACLS
39
40 #include <securityd_client/sscommon.h>
41 #include <security_cdsa_utilities/cssmacl.h>
42 #include <security_cdsa_utilities/context.h>
43 #include <security_cdsa_utilities/acl_process.h>
44 #include <security_cdsa_utilities/acl_codesigning.h>
45 #include <security_cdsa_utilities/acl_secret.h>
46 #include <security_cdsa_utilities/acl_preauth.h>
47 #include <security_cdsa_utilities/acl_prompted.h>
48 #include <security_cdsa_utilities/acl_threshold.h>
49
50 using namespace SecurityServer;
51
52
53 class Connection;
54 class Database;
55
56
57 //
58 // ACL implementation as used by the SecurityServer
59 //
60 class SecurityServerAcl : public ObjectAcl {
61 public:
62 SecurityServerAcl() : ObjectAcl(Allocator::standard()), aclSequence(Mutex::recursive) { }
63 virtual ~SecurityServerAcl();
64
65 // validation calls restated
66 virtual void validate(AclAuthorization auth, const AccessCredentials *cred, Database *relatedDatabase);
67 void validate(AclAuthorization auth, const Context &context, Database *relatedDatabase);
68
69 // CSSM layer ACL calls
70 virtual void getOwner(AclOwnerPrototype &owner);
71 virtual void getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls);
72 virtual void changeAcl(const AclEdit &edit, const AccessCredentials *cred,
73 Database *relatedDatabase);
74 virtual void changeOwner(const AclOwnerPrototype &newOwner, const AccessCredentials *cred,
75 Database *relatedDatabase);
76
77 // to be provided by implementations
78 virtual AclKind aclKind() const = 0;
79
80 // a helper to (try to) add an ACL to a "standard form" item ACL
81 static bool addToStandardACL(const AclValidationContext &context, AclSubject *subject);
82 static bool looksLikeLegacyDotMac(const AclValidationContext &context);
83
84 // aclSequence is taken to serialize ACL validations to pick up mutual changes
85 Mutex aclSequence;
86 };
87
88
89 //
90 // Our implementation of an ACL validation environment uses information
91 // derived from a Connection object. It implements context for a fair number
92 // of subject types (see the inheritance list below).
93 //
94 class SecurityServerEnvironment : public virtual AclValidationEnvironment,
95 public virtual ProcessAclSubject::Environment,
96 public virtual CodeSignatureAclSubject::Environment,
97 public virtual SecretAclSubject::Environment,
98 public virtual PromptedAclSubject::Environment,
99 public virtual PreAuthorizationAcls::Environment {
100 public:
101 SecurityServerEnvironment(SecurityServerAcl &baseAcl, Database *db)
102 : acl(baseAcl), database(db) { }
103
104 SecurityServerAcl &acl;
105 Database * const database;
106
107 // personalities
108 uid_t getuid() const;
109 gid_t getgid() const;
110 pid_t getpid() const;
111 bool verifyCodeSignature(const OSXVerifier &verifier, const AclValidationContext &context);
112 bool validateSecret(const SecretAclSubject *me, const AccessCredentials *cred);
113 bool getSecret(CssmOwnedData &secret, const CssmData &prompt) const;
114 ObjectAcl *preAuthSource();
115 Adornable &store(const AclSubject *subject);
116
117 // subject editing
118 ThresholdAclSubject *standardSubject(const AclValidationContext &context);
119 };
120
121
122 //
123 // An abstract source of a SecurityServerAcl.
124 // There is a default implementation, which throws OBJECT_ACL_NOT_SUPPORTED.
125 //
126 class AclSource {
127 protected:
128 AclSource() { }
129 virtual ~AclSource();
130
131 public:
132 virtual SecurityServerAcl &acl(); // defaults to "no ACL; throw exception"
133 virtual Database *relatedDatabase(); // optionally, a Database related to me
134
135 //
136 // Forward ACL calls, passing some locally obtained stuff along.
137 // These are virtual so an AclSource can override them. Such overrides
138 // should enhance/post-process rather than replace functionality.
139 //
140 virtual void getOwner(AclOwnerPrototype &owner)
141 { return acl().getOwner(owner); }
142 virtual void getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls)
143 { return acl().getAcl(tag, count, acls); }
144 virtual void changeAcl(const AclEdit &edit, const AccessCredentials *cred)
145 { return acl().changeAcl(edit, cred, relatedDatabase()); }
146 virtual void changeOwner(const AclOwnerPrototype &newOwner, const AccessCredentials *cred)
147 { return acl().changeOwner(newOwner, cred, relatedDatabase()); }
148 virtual void validate(AclAuthorization auth, const AccessCredentials *cred)
149 { acl().validate(auth, cred, relatedDatabase()); }
150 virtual void validate(AclAuthorization auth, const Context &context)
151 { acl().validate(auth, context, relatedDatabase()); }
152 };
153
154
155 #endif //_H_ACLS