1/* 2 * Copyright (c) 2002-2004 Apple Computer, Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24// 25// Access.h - Access control wrappers 26// 27#ifndef _SECURITY_ACCESS_H_ 28#define _SECURITY_ACCESS_H_ 29 30#include <security_keychain/ACL.h> 31#include <security_utilities/trackingallocator.h> 32#include <security_cdsa_utilities/cssmaclpod.h> 33#include <security_cdsa_utilities/cssmacl.h> 34#include <security_cdsa_client/aclclient.h> 35#include <security_keychain/TrustedApplication.h> 36#include <map> 37 38namespace Security { 39namespace KeychainCore { 40 41using CssmClient::AclBearer; 42 43 44class Access : public SecCFObject { 45 NOCOPY(Access) 46public: 47 SECCFFUNCTIONS(Access, SecAccessRef, errSecInvalidItemRef, gTypes().Access) 48 49 class Maker { 50 NOCOPY(Maker) 51 static const size_t keySize = 16; // number of (random) bytes 52 friend class Access; 53 public: 54 enum MakerType {kStandardMakerType, kAnyMakerType}; 55 56 Maker(Allocator &alloc = Allocator::standard(), MakerType makerType = kStandardMakerType); 57 58 void initialOwner(ResourceControlContext &ctx, const AccessCredentials *creds = NULL); 59 const AccessCredentials *cred(); 60 61 TrackingAllocator allocator; 62 63 static const char creationEntryTag[]; 64 65 MakerType makerType() {return mMakerType;} 66 67 private: 68 CssmAutoData mKey; 69 AclEntryInput mInput; 70 AutoCredentials mCreds; 71 MakerType mMakerType; 72 }; 73 74public: 75 // make default forms 76 Access(const string &description); 77 Access(const string &description, const ACL::ApplicationList &trusted); 78 Access(const string &description, const ACL::ApplicationList &trusted, 79 const AclAuthorizationSet &limitedRights, const AclAuthorizationSet &freeRights); 80 81 // make a completely open Access (anyone can do anything) 82 Access(); 83 84 // retrieve from an existing AclBearer 85 Access(AclBearer &source); 86 87 // make from CSSM layer information (presumably retrieved by caller) 88 Access(const CSSM_ACL_OWNER_PROTOTYPE &owner, 89 uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls); 90 virtual ~Access(); 91 92public: 93 CFArrayRef copySecACLs() const; 94 CFArrayRef copySecACLs(CSSM_ACL_AUTHORIZATION_TAG action) const; 95 96 void add(ACL *newAcl); 97 void addOwner(ACL *newOwnerAcl); 98 99 void setAccess(AclBearer &target, bool update = false); 100 void setAccess(AclBearer &target, Maker &maker); 101 102 template <class Container> 103 void findAclsForRight(AclAuthorization right, Container &cont) 104 { 105 cont.clear(); 106 for (Map::const_iterator it = mAcls.begin(); it != mAcls.end(); it++) 107 if (it->second->authorizes(right)) 108 cont.push_back(it->second); 109 } 110 111 std::string promptDescription() const; // from any one of the ACLs contained 112 113 void addApplicationToRight(AclAuthorization right, TrustedApplication *app); 114 115 void copyOwnerAndAcl(CSSM_ACL_OWNER_PROTOTYPE * &owner, 116 uint32 &aclCount, CSSM_ACL_ENTRY_INFO * &acls); 117 118protected: 119 void makeStandard(const string &description, const ACL::ApplicationList &trusted, 120 const AclAuthorizationSet &limitedRights = AclAuthorizationSet(), 121 const AclAuthorizationSet &freeRights = AclAuthorizationSet()); 122 void compile(const CSSM_ACL_OWNER_PROTOTYPE &owner, 123 uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls); 124 125 void editAccess(AclBearer &target, bool update, const AccessCredentials *cred); 126 127private: 128 static const CSSM_ACL_HANDLE ownerHandle = ACL::ownerHandle; 129 typedef map<CSSM_ACL_HANDLE, SecPointer<ACL> > Map; 130 131 Map mAcls; // set of ACL entries 132 Mutex mMutex; 133}; 134 135 136} // end namespace KeychainCore 137} // end namespace Security 138 139#endif // !_SECURITY_ACCESS_H_ 140