#ifndef _SECURITY_ACCESS_H_
#define _SECURITY_ACCESS_H_
#include <security_keychain/ACL.h>
#include <security_utilities/trackingallocator.h>
#include <security_cdsa_utilities/cssmaclpod.h>
#include <security_cdsa_utilities/cssmacl.h>
#include <security_cdsa_client/aclclient.h>
#include <security_keychain/TrustedApplication.h>
#include <map>
namespace Security {
namespace KeychainCore {
using CssmClient::AclBearer;
class Access : public SecCFObject {
NOCOPY(Access)
public:
SECCFFUNCTIONS(Access, SecAccessRef, errSecInvalidItemRef, gTypes().Access)
class Maker {
NOCOPY(Maker)
static const size_t keySize = 16; friend class Access;
public:
enum MakerType {kStandardMakerType, kAnyMakerType};
Maker(Allocator &alloc = Allocator::standard(), MakerType makerType = kStandardMakerType);
void initialOwner(ResourceControlContext &ctx, const AccessCredentials *creds = NULL);
const AccessCredentials *cred();
TrackingAllocator allocator;
static const char creationEntryTag[];
MakerType makerType() {return mMakerType;}
private:
CssmAutoData mKey;
AclEntryInput mInput;
AutoCredentials mCreds;
MakerType mMakerType;
};
public:
Access(const string &description);
Access(const string &description, const ACL::ApplicationList &trusted);
Access(const string &description, const ACL::ApplicationList &trusted,
const AclAuthorizationSet &limitedRights, const AclAuthorizationSet &freeRights);
Access();
Access(AclBearer &source);
Access(const CSSM_ACL_OWNER_PROTOTYPE &owner,
uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls);
virtual ~Access();
public:
CFArrayRef copySecACLs() const;
CFArrayRef copySecACLs(CSSM_ACL_AUTHORIZATION_TAG action) const;
void add(ACL *newAcl);
void addOwner(ACL *newOwnerAcl);
void setAccess(AclBearer &target, bool update = false);
void setAccess(AclBearer &target, Maker &maker);
template <class Container>
void findAclsForRight(AclAuthorization right, Container &cont)
{
cont.clear();
for (Map::const_iterator it = mAcls.begin(); it != mAcls.end(); it++)
if (it->second->authorizes(right))
cont.push_back(it->second);
}
std::string promptDescription() const;
void addApplicationToRight(AclAuthorization right, TrustedApplication *app);
void copyOwnerAndAcl(CSSM_ACL_OWNER_PROTOTYPE * &owner,
uint32 &aclCount, CSSM_ACL_ENTRY_INFO * &acls);
protected:
void makeStandard(const string &description, const ACL::ApplicationList &trusted,
const AclAuthorizationSet &limitedRights = AclAuthorizationSet(),
const AclAuthorizationSet &freeRights = AclAuthorizationSet());
void compile(const CSSM_ACL_OWNER_PROTOTYPE &owner,
uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls);
void editAccess(AclBearer &target, bool update, const AccessCredentials *cred);
private:
static const CSSM_ACL_HANDLE ownerHandle = ACL::ownerHandle;
typedef map<CSSM_ACL_HANDLE, SecPointer<ACL> > Map;
Map mAcls; Mutex mMutex;
};
} }
#endif // !_SECURITY_ACCESS_H_