#ifndef _ACLSUBJECT
#define _ACLSUBJECT
#include <security_cdsa_utilities/cssmaclpod.h>
#include <security_cdsa_utilities/cssmcred.h>
#include <security_utilities/refcount.h>
#include <security_utilities/globalizer.h>
#include <security_utilities/memutils.h>
#include <security_utilities/adornments.h>
#include <map>
#include <set>
#include <string>
#include <limits.h>
namespace Security {
class ObjectAcl;
class AclValidationContext;
class AclSubject;
class AclValidationEnvironment {
friend class AclValidationContext;
public:
virtual ~AclValidationEnvironment();
virtual Adornable &store(const AclSubject *subject);
};
class AclValidationContext {
friend class ObjectAcl;
public:
AclValidationContext(const AccessCredentials *cred,
AclAuthorization auth, AclValidationEnvironment *env = NULL)
: mAcl((ObjectAcl*) 0xDEADDEADDEADDEAD), mSubject((AclSubject*) 0xDEADDEADDEADDEAD), mCred(cred),
mAuth(auth), mEnv(env), mEntryTag(NULL) { }
AclValidationContext(const AclValidationContext &ctx)
: mAcl(ctx.mAcl), mSubject(ctx.mSubject), mCred(ctx.mCred),
mAuth(ctx.mAuth), mEnv(ctx.mEnv), mEntryTag(NULL) { }
virtual ~AclValidationContext();
virtual uint32 count() const = 0; uint32 size() const { return count(); } virtual const TypedList &sample(uint32 n) const = 0; const TypedList &operator [] (uint32 n) const { return sample(n); }
AclAuthorization authorization() const { return mAuth; }
const AccessCredentials *cred() const { return mCred; }
AclValidationEnvironment *environment() const { return mEnv; }
template <class Env> Env *environment() const { return dynamic_cast<Env *>(mEnv); }
AclSubject *subject() const { return mSubject; }
ObjectAcl *acl() const { return mAcl; }
virtual const char *credTag() const;
virtual const char *entryTag() const;
std::string s_credTag() const;
void entryTag(const char *tag);
void entryTag(const std::string &tag);
virtual void matched(const TypedList *match) const = 0;
void matched(const TypedList &match) const { return matched(&match); }
private:
void init(ObjectAcl *acl, AclSubject *subject);
private:
ObjectAcl *mAcl; AclSubject *mSubject; const AccessCredentials *mCred; AclAuthorization mAuth; AclValidationEnvironment *mEnv; const char *mEntryTag; };
class AclSubject : public RefCount {
public:
typedef LowLevelMemoryUtilities::Writer Writer;
typedef LowLevelMemoryUtilities::Reader Reader;
typedef uint8 Version; static const int versionShift = 24; static const uint32 versionMask = 0xff000000;
public:
explicit AclSubject(uint32 type, Version v = 0);
virtual ~AclSubject();
CSSM_ACL_SUBJECT_TYPE type() const { return mType; }
virtual bool validate(const AclValidationContext &ctx) const = 0;
virtual CssmList toList(Allocator &alloc) const = 0;
virtual void exportBlob(Writer::Counter &pub, Writer::Counter &priv);
virtual void exportBlob(Writer &pub, Writer &priv);
virtual void importBlob(Reader &pub, Reader &priv);
Version version() const { return mVersion; }
virtual void reset();
virtual void debugDump() const;
IFDUMP(void dump(const char *title) const);
protected:
void version(Version v) { mVersion = v; }
private:
CSSM_ACL_SUBJECT_TYPE mType;
Version mVersion;
public:
class Maker {
public:
Maker(CSSM_ACL_SUBJECT_TYPE type);
virtual ~Maker();
uint32 type() const { return mType; }
virtual AclSubject *make(const TypedList &list) const = 0;
virtual AclSubject *make(Version version, Reader &pub, Reader &priv) const = 0;
protected:
static void crack(const CssmList &list, uint32 count,
ListElement **array = NULL, ...);
static CSSM_WORDID_TYPE getWord(const ListElement &list,
int min = 0, int max = INT_MAX);
private:
CSSM_ACL_SUBJECT_TYPE mType;
};
};
class SimpleAclSubject : public AclSubject {
public:
SimpleAclSubject(CSSM_ACL_SUBJECT_TYPE type) : AclSubject(type) { }
bool validate(const AclValidationContext &ctx) const;
virtual bool validate(const AclValidationContext &baseCtx,
const TypedList &sample) const = 0;
};
}
#endif //_ACLSUBJECT