projects / apple / security.git / blame
| Commit | Line | Data |
|---|---|---|
| b1ab9ed8 | 1 | /* |
| d8f41ccd | 2 | * Copyright (c) 2000-2001,2011,2014 Apple Inc. All Rights Reserved. |
| b1ab9ed8 A |
3 | * |
| 4 | * The contents of this file constitute Original Code as defined in and are | |
| 5 | * subject to the Apple Public Source License Version 1.2 (the 'License'). | |
| 6 | * You may not use this file except in compliance with the License. Please obtain | |
| 7 | * a copy of the License at http://www.apple.com/publicsource and read it before | |
| 8 | * using this file. | |
| 9 | * | |
| 10 | * This Original Code and all software distributed under the License are | |
| 11 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS | |
| 12 | * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT | |
| 13 | * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR | |
| 14 | * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the | |
| 15 | * specific language governing rights and limitations under the License. | |
| 16 | */ | |
| 17 | ||
| 18 | ||
| 19 | // | |
| 20 | // keychainacl - Keychain-related ACL and credential forms | |
| 21 | // | |
| 22 | #ifdef __MWERKS__ | |
| 23 | #define _CPP_KEYCHAINACL | |
| 24 | #endif | |
| 25 | ||
| 26 | #include "keychainacl.h" | |
| 27 | #include <security_cdsa_utilities/cssmwalkers.h> | |
| 28 | ||
| 29 | using namespace CssmClient; | |
| 30 | ||
| 31 | ||
| 32 | // | |
| 33 | // Construct the factory. | |
| 34 | // @@@ Leaks. | |
| 35 | // | |
| 36 | KeychainAclFactory::KeychainAclFactory(Allocator &alloc) | |
| 37 | : allocator(alloc), nullCred(alloc, 1), kcCred(alloc, 2), kcUnlockCred(alloc, 1) | |
| 38 | { | |
| 39 | // the credential objects self-initialize to empty | |
| 40 | nullCred.sample(0) = TypedList(alloc, CSSM_SAMPLE_TYPE_THRESHOLD); | |
| 41 | ||
| 42 | kcCred.sample(0) = TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT); | |
| 43 | kcCred.sample(1) = TypedList(alloc, CSSM_SAMPLE_TYPE_THRESHOLD, | |
| 44 | new(alloc) ListElement(TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT))); | |
| 45 | ||
| 46 | // @@@ This leaks a ListElement(CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT) | |
| 47 | kcUnlockCred.sample(0) = TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK, | |
| 48 | new(alloc) ListElement(CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT)); | |
| 49 | } | |
| 50 | ||
| 51 | KeychainAclFactory::~KeychainAclFactory() | |
| 52 | { | |
| 53 | } | |
| 54 | ||
| 55 | ||
| 56 | // | |
| 57 | // Produce credentials. | |
| 58 | // These are constants that don't need to be allocated per use. | |
| 59 | // | |
| 60 | const AccessCredentials *KeychainAclFactory::nullCredentials() | |
| 61 | { | |
| 62 | return &nullCred; | |
| 63 | } | |
| 64 | ||
| 65 | const AccessCredentials *KeychainAclFactory::keychainPromptCredentials() | |
| 66 | { | |
| 67 | return &kcCred; | |
| 68 | } | |
| 69 | ||
| 70 | const AccessCredentials *KeychainAclFactory::keychainPromptUnlockCredentials() | |
| 71 | { | |
| 72 | return &kcUnlockCred; | |
| 73 | } | |
| 74 | ||
| 75 | const AutoCredentials *KeychainAclFactory::passwordChangeCredentials(const CssmData &password) | |
| 76 | { | |
| 77 | AutoCredentials *cred = new AutoCredentials(allocator, 1); | |
| 78 | // @@@ This leaks a ListElement(CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT) and ListElement(password) | |
| 79 | cred->sample(0) = TypedList(allocator, CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK, | |
| 80 | new(allocator) ListElement(CSSM_SAMPLE_TYPE_PASSWORD), | |
| 81 | new(allocator) ListElement(password)); | |
| 82 | return cred; | |
| 83 | } | |
| 84 | ||
| 85 | const AutoCredentials *KeychainAclFactory::passwordUnlockCredentials(const CssmData &password) | |
| 86 | { | |
| 87 | AutoCredentials *cred = new AutoCredentials(allocator, 1); | |
| 88 | // @@@ This leaks a ListElement(CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT) and ListElement(password) | |
| 89 | cred->sample(0) = TypedList(allocator, CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK, | |
| 90 | new(allocator) ListElement(CSSM_SAMPLE_TYPE_PASSWORD), | |
| 91 | new(allocator) ListElement(password)); | |
| 92 | return cred; | |
| 93 | } | |
| 94 | ||
| 95 | ||
| 96 | // | |
| 97 | // | |
| 98 | AclEntryInput *KeychainAclFactory::keychainPromptOwner(const CssmData &description) | |
| 99 | { | |
| 100 | // @@@ Make sure this works for a NULL description | |
| 101 | AclEntryPrototype proto(TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT, | |
| 102 | new(allocator) ListElement(allocator, description))); | |
| 103 | return new(allocator) AclEntryInput(proto); | |
| 104 | } | |
| 105 | ||
| 106 | AclEntryInput *KeychainAclFactory::anyOwner() | |
| 107 | { | |
| 108 | AclEntryPrototype proto(TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_ANY)); | |
| 109 | return new(allocator) AclEntryInput(proto); | |
| 110 | } | |
| 111 | ||
| 112 | void KeychainAclFactory::release(AclEntryInput *input) | |
| 113 | { | |
| 114 | DataWalkers::chunkFree(input, allocator); | |
| 115 | } | |
| 116 | ||
| 117 | ||
| 118 | // | |
| 119 | // ACL editing | |
| 120 | // | |
| 121 | void KeychainAclFactory::comment(TypedList &subject) | |
| 122 | { | |
| 123 | subject.insert(new(allocator) ListElement(CSSM_ACL_SUBJECT_TYPE_COMMENT), | |
| 124 | subject.first()); | |
| 125 | } | |
| 126 | ||
| 127 | void KeychainAclFactory::uncomment(TypedList &subject) | |
| 128 | { | |
| 129 | ListElement *first = subject.first(); | |
| 130 | assert(*first == CSSM_ACL_SUBJECT_TYPE_COMMENT); | |
| 131 | subject -= first; | |
| 132 | destroy(first, allocator); | |
| 133 | } |