#ifndef _SECURITY_ACL_H_
#define _SECURITY_ACL_H_
#include <Security/SecACL.h>
#include <security_cdsa_utilities/cssmaclpod.h>
#include <security_cdsa_client/aclclient.h>
#include <security_cdsa_utilities/cssmdata.h>
#include <security_utilities/seccfobject.h>
#include "SecCFTypes.h"
#include <vector>
namespace Security {
namespace KeychainCore {
using CssmClient::AclBearer;
class Access;
class TrustedApplication;
class ACL : public SecCFObject {
NOCOPY(ACL)
public:
SECCFFUNCTIONS(ACL, SecACLRef, errSecInvalidItemRef, gTypes().ACL)
ACL(const AclBearer &aclBearer, const char *selectionTag,
Allocator &alloc = Allocator::standard());
ACL(const AclEntryInfo &info,
Allocator &alloc = Allocator::standard());
ACL(const AclOwnerPrototype &owner,
Allocator &alloc = Allocator::standard());
ACL(Allocator &alloc = Allocator::standard());
ACL(string description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR &promptSelector,
Allocator &alloc = Allocator::standard());
ACL(const CssmData &digest, Allocator &alloc = Allocator::standard());
virtual ~ACL();
Allocator &allocator;
enum State {
unchanged, inserted, modified, deleted };
State state() const { return mState; }
enum Form {
invalidForm, customForm, allowAllForm, appListForm, integrityForm };
Form form() const { return mForm; }
void form(Form f) { mForm = f; }
void setIntegrity(const CssmData& integrity);
const CssmData& integrity();
public:
AclAuthorizationSet &authorizations() { return mAuthorizations; }
bool authorizes(AclAuthorization right);
bool authorizesSpecifically(AclAuthorization right);
void setAuthorization(CSSM_ACL_AUTHORIZATION_TAG auth)
{ mAuthorizations.clear(); mAuthorizations.insert(auth); }
typedef vector< SecPointer<TrustedApplication> > ApplicationList;
ApplicationList &applications()
{ assert(form() == appListForm); return mAppList; }
void addApplication(TrustedApplication *app);
CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR &promptSelector() { return mPromptSelector; }
string &promptDescription() { return mPromptDescription; }
CSSM_ACL_HANDLE entryHandle() const { return mCssmHandle; }
static const CSSM_ACL_HANDLE ownerHandle = 0xff0e2743; bool isOwner() const { return mCssmHandle == ownerHandle; }
void makeOwner() { mCssmHandle = ownerHandle; }
void modify(); void remove();
void copyAclEntry(AclEntryPrototype &proto, Allocator &alloc = Allocator::standard());
void copyAclOwner(AclOwnerPrototype &proto, Allocator &alloc = Allocator::standard());
public:
void setAccess(AclBearer &target, bool update = false,
const AccessCredentials *cred = NULL);
public:
struct ParseError { };
public:
static const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR defaultSelector;
private:
void parse(const TypedList &subject);
void parsePrompt(const TypedList &subject);
void makeSubject();
void clearSubjects(Form newForm);
private:
State mState; Form mForm;
CSSM_ACL_HANDLE mCssmHandle; string mEntryTag; bool mDelegate; AclAuthorizationSet mAuthorizations;
TypedList *mSubjectForm;
ApplicationList mAppList; CssmAutoData mIntegrity; CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR mPromptSelector; string mPromptDescription; Mutex mMutex;
};
} }
#endif // !_SECURITY_ACL_H_