2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
22 #include <Security/aclclient.h>
23 #include <Security/keychainacl.h>
24 #include <Security/walkers.h>
28 namespace CssmClient
{
32 // AclBearer methods (trivial)
34 AclBearer::~AclBearer()
39 // Delete an ACL by handle
41 void AclBearer::addAcl(const AclEntryInput
&input
, const CSSM_ACCESS_CREDENTIALS
*cred
)
43 changeAcl(AclEdit(input
), cred
);
46 void AclBearer::changeAcl(CSSM_ACL_HANDLE handle
, const AclEntryInput
&input
,
47 const CSSM_ACCESS_CREDENTIALS
*cred
)
49 changeAcl(AclEdit(handle
, input
), cred
);
52 void AclBearer::deleteAcl(CSSM_ACL_HANDLE handle
, const CSSM_ACCESS_CREDENTIALS
*cred
)
54 changeAcl(AclEdit(handle
), cred
);
57 void AclBearer::deleteAcl(const char *tag
, const CSSM_ACCESS_CREDENTIALS
*cred
)
59 AutoAclEntryInfoList entries
;
61 for (uint32 n
= 0; n
< entries
.count(); n
++)
62 deleteAcl(entries
[n
].handle(), cred
);
67 // A single global structure containing pseudo-static data
73 AutoCredentials nullCred
;
74 AutoCredentials promptCred
;
75 AutoCredentials unlockCred
;
79 ModuleNexus
<Statics
> statics
;
84 // Make pseudo-statics.
85 // Note: This is an eternal object. It is not currently destroyed
86 // if the containing code is unloaded. But then, the containing
87 // code is Security.framework, which never unloads anyway.
90 : alloc(CssmAllocator::standard()),
95 // nullCred: nothing at all
97 // an empty THRESHOLD sample to match threshold subjects with "free" subjects
98 nullCred
.sample(0) = TypedList(alloc
, CSSM_SAMPLE_TYPE_THRESHOLD
);
100 // promptCred: a credential permitting user prompt confirmations
102 // a KEYCHAIN_PROMPT sample, both by itself and in a THRESHOLD
103 promptCred
.sample(0) = TypedList(alloc
, CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT
);
104 promptCred
.sample(1) = TypedList(alloc
, CSSM_SAMPLE_TYPE_THRESHOLD
,
105 new(alloc
) ListElement(TypedList(alloc
, CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT
)));
108 unlockCred
.sample(0) = TypedList(alloc
, CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK
,
109 new(alloc
) ListElement(CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT
));
114 // Make and break AclFactories
116 AclFactory::AclFactory()
119 AclFactory::~AclFactory()
124 // Return basic pseudo-static values
126 const AccessCredentials
*AclFactory::nullCred() const
127 { return &statics().nullCred
; }
129 const AccessCredentials
*AclFactory::promptCred() const
130 { return &statics().promptCred
; }
132 const AccessCredentials
*AclFactory::unlockCred() const
133 { return &statics().unlockCred
; }
137 AclFactory::PasswordChangeCredentials::PasswordChangeCredentials (const CssmData
& password
, CssmAllocator
& allocator
) :
138 mAllocator (allocator
)
140 mCredentials
= new (allocator
) AutoCredentials (allocator
);;
141 mCredentials
->sample(0) = TypedList(allocator
, CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK
, new (allocator
) ListElement (CSSM_SAMPLE_TYPE_PASSWORD
),
142 new (allocator
) ListElement (password
));
147 AclFactory::PasswordChangeCredentials::~PasswordChangeCredentials ()
149 DataWalkers::chunkFree (mCredentials
, mAllocator
);
154 } // end namespace CssmClient
155 } // end namespace Security
projects / apple / security.git / blob