#ifndef _SECURITY_ACL_H_
#define _SECURITY_ACL_H_
#include <Security/SecRuntime.h>
#include <Security/SecACL.h>
#include <Security/cssmaclpod.h>
#include <Security/aclclient.h>
#include <Security/cssmdata.h>
#include <vector>
namespace Security {
namespace KeychainCore {
using CssmClient::AclBearer;
class Access;
class TrustedApplication;
class ACL : public SecCFObject {
NOCOPY(ACL)
public:
SECCFFUNCTIONS(ACL, SecACLRef, errSecInvalidItemRef)
ACL(Access &acc, const AclEntryInfo &info,
CssmAllocator &alloc = CssmAllocator::standard());
ACL(Access &acc, const AclOwnerPrototype &owner,
CssmAllocator &alloc = CssmAllocator::standard());
ACL(Access &acc, CssmAllocator &alloc = CssmAllocator::standard());
ACL(Access &acc, string description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR &promptSelector,
CssmAllocator &alloc = CssmAllocator::standard());
virtual ~ACL() throw();
CssmAllocator &allocator;
enum State {
unchanged, inserted, modified, deleted };
State state() const { return mState; }
enum Form {
invalidForm, customForm, allowAllForm, appListForm };
Form form() const { return mForm; }
void form(Form f) { mForm = f; }
Access &access;
public:
AclAuthorizationSet &authorizations() { return mAuthorizations; }
bool authorizes(AclAuthorization right) const;
void setAuthorization(CSSM_ACL_AUTHORIZATION_TAG auth)
{ mAuthorizations.clear(); mAuthorizations.insert(auth); }
typedef vector< SecPointer<TrustedApplication> > ApplicationList;
ApplicationList &applications()
{ assert(form() == appListForm); return mAppList; }
void addApplication(TrustedApplication *app);
CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR &promptSelector() { return mPromptSelector; }
string &promptDescription() { return mPromptDescription; }
CSSM_ACL_HANDLE entryHandle() const { return mCssmHandle; }
static const CSSM_ACL_HANDLE ownerHandle = 0xff0e2743; bool isOwner() const { return mCssmHandle == ownerHandle; }
void makeOwner() { mCssmHandle = ownerHandle; }
void modify(); void remove();
void copyAclEntry(AclEntryPrototype &proto, CssmAllocator &alloc = CssmAllocator::standard());
void copyAclOwner(AclOwnerPrototype &proto, CssmAllocator &alloc = CssmAllocator::standard());
public:
void setAccess(AclBearer &target, bool update = false,
const AccessCredentials *cred = NULL);
public:
struct ParseError { };
public:
static const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR defaultSelector;
private:
void parse(const TypedList &subject);
void parsePrompt(const TypedList &subject);
void makeSubject();
void clearSubjects(Form newForm);
private:
State mState; Form mForm;
CSSM_ACL_HANDLE mCssmHandle; string mEntryTag; bool mDelegate; AclAuthorizationSet mAuthorizations;
TypedList *mSubjectForm;
ApplicationList mAppList; CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR mPromptSelector; string mPromptDescription; };
} }
#endif // !_SECURITY_ACL_H_