#include "acls.h"
#include "connection.h"
#include "server.h"
#include "SecurityAgentClient.h"
#include <Security/acl_any.h>
#include <Security/acl_password.h>
#include <Security/acl_threshold.h>
SecurityServerAcl::~SecurityServerAcl()
{ }
const Database *SecurityServerAcl::relatedDatabase() const
{ return NULL; }
void SecurityServerAcl::cssmChangeAcl(const AclEdit &edit, const AccessCredentials *cred)
{
SecurityServerEnvironment env(*this);
ObjectAcl::cssmChangeAcl(edit, cred, &env);
}
void SecurityServerAcl::cssmChangeOwner(const AclOwnerPrototype &newOwner,
const AccessCredentials *cred)
{
SecurityServerEnvironment env(*this);
ObjectAcl::cssmChangeOwner(newOwner, cred, &env);
}
void SecurityServerAcl::validate(AclAuthorization auth, const AccessCredentials *cred)
{
SecurityServerEnvironment env(*this);
StLock<Mutex> objectSequence(aclSequence);
StLock<Mutex> processSequence(Server::connection().process.aclSequence);
ObjectAcl::validate(auth, cred, &env);
}
void SecurityServerAcl::validate(AclAuthorization auth, const Context &context)
{
validate(auth,
context.get<AccessCredentials>(CSSM_ATTRIBUTE_ACCESS_CREDENTIALS));
}
uid_t SecurityServerEnvironment::getuid() const
{
return Server::connection().process.uid();
}
gid_t SecurityServerEnvironment::getgid() const
{
return Server::connection().process.gid();
}
pid_t SecurityServerEnvironment::getpid() const
{
return Server::connection().process.pid();
}
bool SecurityServerEnvironment::verifyCodeSignature(const CodeSigning::Signature *signature,
const CssmData *comment)
{
return Server::codeSignatures().verify(Server::connection().process, signature, comment);
}