]> git.saurik.com Git - apple/security.git/blame - OSX/libsecurity_cdsa_utilities/lib/acl_password.cpp
projects / apple / security.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Security-58286.41.2.tar.gz
[apple/security.git] / OSX / libsecurity_cdsa_utilities / lib / acl_password.cpp
CommitLineData
b1ab9ed8 1/*
d8f41ccd 2 * Copyright (c) 2000-2006,2011,2014 Apple Inc. All Rights Reserved.
b1ab9ed8
A		 3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25//
26// acl_password - password-based ACL subject types
27//
28#include <security_cdsa_utilities/acl_password.h>
29#include <security_utilities/debugging.h>
30#include <security_utilities/endian.h>
31#include <algorithm>
32
33
34//
35// PasswordAclSubject always pre-loads its secret, and thus never has to
36// "get" its secret. If we ever try, it's a bug.
37//
38bool PasswordAclSubject::getSecret(const AclValidationContext &context,
39 const TypedList &sample, CssmOwnedData &secret) const
40{
41 switch (sample.length()) {
42 case 1:
43 return false; // no password in sample
44 case 2:
45 secret = sample[1];
46 return true;
47 default:
48 CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE);
49 }
50}
51
52
53//
54// Make a copy of this subject in CSSM_LIST form
55//
56CssmList PasswordAclSubject::toList(Allocator &alloc) const
57{
58 // the password itself is private and not exported to CSSM
59 return TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_PASSWORD);
60}
61
62
63//
64// Create a PasswordAclSubject
65//
66PasswordAclSubject *PasswordAclSubject::Maker::make(const TypedList &list) const
67{
68 Allocator &alloc = Allocator::standard(Allocator::sensitive);
69 switch (list.length()) {
70 case 1:
71 return new PasswordAclSubject(alloc, true);
72 case 2:
73 {
74 ListElement *password;
75 crack(list, 1, &password, CSSM_LIST_ELEMENT_DATUM);
76 return new PasswordAclSubject(alloc, password->data());
77 }
78 default:
79 CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE);
80 }
81}
82
83PasswordAclSubject *PasswordAclSubject::Maker::make(Version, Reader &pub, Reader &priv) const
84{
85 Allocator &alloc = Allocator::standard(Allocator::sensitive);
86 const void *data; size_t length; priv.countedData(data, length);
87 CssmAutoData passwordData(alloc, data, length);
88 return new PasswordAclSubject(alloc, passwordData);
89}
90
91
92//
93// Export the subject to a memory blob
94//
95void PasswordAclSubject::exportBlob(Writer::Counter &pub, Writer::Counter &priv)
96{
97 priv.countedData(secret());
98}
99
100void PasswordAclSubject::exportBlob(Writer &pub, Writer &priv)
101{
102 priv.countedData(secret());
103}
104
105
106#ifdef DEBUGDUMP
107
108void PasswordAclSubject::debugDump() const
109{
110 Debug::dump("Password");
111 SecretAclSubject::debugDump();
112}
113
114#endif //DEBUGDUMP
mirror of Security