1/*
2 * Copyright (c) 2000-2001,2007 Apple Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19//
20// aclclient
21//
22#ifndef _H_CDSA_CLIENT_ACLCLIENT
23#define _H_CDSA_CLIENT_ACLCLIENT  1
24
25#include <security_cdsa_utilities/cssmaclpod.h>
26#include <security_cdsa_utilities/cssmacl.h>
27#include <security_cdsa_utilities/cssmcred.h>
28#include <security_utilities/refcount.h>
29#include <security_utilities/globalizer.h>
30
31namespace Security {
32namespace CssmClient {
33
34class CSP;
35
36
37//
38// Any client-side object that has CSSM-layer ACLs shall be
39// derived from AclBearer and implement its methods accordingly.
40// Note the (shared/virtual) RefCount - you should handle AclBearer
41// references via RefPointers.
42// All the non-pure methods are implemented (in AclBearer) in terms of
43// the pure virtual methods; they just restate the problem in various ways.
44//
45class AclBearer : public virtual RefCount {
46public:
47	virtual ~AclBearer();
48
49	// Acl manipulation
50	virtual void getAcl(AutoAclEntryInfoList &aclInfos,
51		const char *selectionTag = NULL) const = 0;
52	virtual void changeAcl(const CSSM_ACL_EDIT &aclEdit,
53		const CSSM_ACCESS_CREDENTIALS *cred = NULL) = 0;
54
55	void addAcl(const AclEntryInput &input, const CSSM_ACCESS_CREDENTIALS *cred = NULL);
56	void changeAcl(CSSM_ACL_HANDLE handle, const AclEntryInput &input,
57		const CSSM_ACCESS_CREDENTIALS *cred = NULL);
58	void deleteAcl(CSSM_ACL_HANDLE handle, const CSSM_ACCESS_CREDENTIALS *cred = NULL);
59	void deleteAcl(const char *tag = NULL, const CSSM_ACCESS_CREDENTIALS *cred = NULL);
60
61	// Acl owner manipulation
62	virtual void getOwner(AutoAclOwnerPrototype &owner) const = 0;
63	virtual void changeOwner(const CSSM_ACL_OWNER_PROTOTYPE &newOwner,
64		const CSSM_ACCESS_CREDENTIALS *cred = NULL) = 0;
65};
66
67
68//
69// An AclBearer applied to a raw CSSM key
70//
71class KeyAclBearer : public AclBearer {
72public:
73	KeyAclBearer(CSSM_CSP_HANDLE cspH, CSSM_KEY &theKey, Allocator &alloc)
74		: csp(cspH), key(theKey), allocator(alloc) { }
75
76	const CSSM_CSP_HANDLE csp;
77	CSSM_KEY &key;
78	Allocator &allocator;
79
80protected:
81	void getAcl(AutoAclEntryInfoList &aclInfos,
82		const char *selectionTag = NULL) const;
83	void changeAcl(const CSSM_ACL_EDIT &aclEdit,
84		const CSSM_ACCESS_CREDENTIALS *cred = NULL);
85	void getOwner(AutoAclOwnerPrototype &owner) const;
86	void changeOwner(const CSSM_ACL_OWNER_PROTOTYPE &newOwner,
87		const CSSM_ACCESS_CREDENTIALS *cred = NULL);
88};
89
90
91//
92// An AclFactory helps create and maintain CSSM-layer AccessCredentials
93// and matching samples. There is state in an AclFactory, though simple
94// uses may not care about it.
95//
96class AclFactory {
97public:
98	AclFactory();
99	virtual ~AclFactory();
100
101	// these values are owned by the AclFactory and persist
102	// until it is destroyed. You don't own the memory.
103	const AccessCredentials *nullCred() const;			// conforming empty
104	const AccessCredentials *promptCred() const;		// enable interactive prompting
105	const AccessCredentials *unlockCred() const;
106	const AccessCredentials *cancelCred() const;
107	const AccessCredentials *promptedPINCred() const;
108	const AccessCredentials *promptedPINItemCred() const;
109
110	const AclOwnerPrototype &anyOwner() const;			// wide-open owner
111	const AclEntryInfo &anyAcl() const;					// wide-open ACL entry (authorizes anything)
112
113protected:
114	class KeychainCredentials {
115	public:
116		KeychainCredentials(Allocator &alloc)
117			: allocator(alloc), mCredentials(new AutoCredentials(alloc)) { }
118		virtual ~KeychainCredentials();
119
120		Allocator &allocator;
121
122        operator const AccessCredentials* () const { return mCredentials; }
123
124    protected:
125		AutoCredentials *mCredentials;
126	};
127
128public:
129    // create a self-managed AccessCredentials to explicitly provide a keychain passphrase
130    class PassphraseUnlockCredentials : public KeychainCredentials {
131    public:
132        PassphraseUnlockCredentials (const CssmData& password, Allocator& allocator);
133    };
134
135	// create a self-managed AccessCredentials to change a keychain passphrase
136    class PasswordChangeCredentials : public KeychainCredentials {
137    public:
138        PasswordChangeCredentials (const CssmData& password, Allocator& allocator);
139    };
140
141public:
142	class AnyResourceContext : public ResourceControlContext {
143	public:
144		AnyResourceContext(const CSSM_ACCESS_CREDENTIALS *cred = NULL);
145
146	private:
147		ListElement mAny;
148		CSSM_ACL_AUTHORIZATION_TAG mTag;
149	};
150
151public:
152	//
153	// Subject makers. Contents are chunk-allocated with the Allocator given
154	//
155	struct Subject : public TypedList {
156		Subject(Allocator &alloc, CSSM_ACL_SUBJECT_TYPE type);
157	};
158
159	// an ANY subject, allocated dynamically for you
160	struct AnySubject : public Subject {
161		AnySubject(Allocator &alloc) : Subject(alloc, CSSM_ACL_SUBJECT_TYPE_ANY) { }
162	};
163
164	// a "nobody" subject (something guaranteed never to match)
165	struct NobodySubject : public Subject {
166		NobodySubject(Allocator &alloc) : Subject(alloc, CSSM_ACL_SUBJECT_TYPE_COMMENT) { }
167	};
168
169	// password subjects
170	struct PWSubject : public Subject {
171		PWSubject(Allocator &alloc);							// no secret
172		PWSubject(Allocator &alloc, const CssmData &secret);	// this secret
173	};
174
175	struct PromptPWSubject : public Subject {
176		PromptPWSubject(Allocator &alloc, const CssmData &prompt);
177		PromptPWSubject(Allocator &alloc, const CssmData &prompt, const CssmData &secret);
178	};
179
180	struct ProtectedPWSubject : public Subject {
181		ProtectedPWSubject(Allocator &alloc);
182	};
183
184	// PIN (pre-auth) reference, origin side
185	struct PinSubject : public Subject {
186		PinSubject(Allocator &alloc, uint32 slot);
187	};
188
189	// PIN (pre-auth) source site
190	struct PinSourceSubject : public Subject {
191		PinSourceSubject(Allocator &alloc, const TypedList &form);
192	};
193};
194
195
196} // end namespace CssmClient
197} // end namespace Security
198
199#endif // _H_CDSA_CLIENT_ACLCLIENT
200