cdsa/cdsa_utilities/acl_password.cpp

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 //
  20 // acl_password - password-based ACL subject types
  21 //
  22 #ifdef __MWERKS__
  23 #define _CPP_ACL_PASSWORD
  24 #endif
  25
  26 #include <Security/acl_password.h>
  27 #include <Security/debugging.h>
  28 #include <algorithm>
  29
  30
  31 //
  32 // Construct a password ACL subject
  33 //
  34 PasswordAclSubject::PasswordAclSubject(CssmAllocator &alloc, const CssmData &password)
  35     : SimpleAclSubject(CSSM_ACL_SUBJECT_TYPE_PASSWORD, CSSM_SAMPLE_TYPE_PASSWORD),
  36     allocator(alloc), mPassword(alloc, password)
  37 { }
  38
  39 PasswordAclSubject::PasswordAclSubject(CssmAllocator &alloc, CssmManagedData &password)
  40     : SimpleAclSubject(CSSM_ACL_SUBJECT_TYPE_PASSWORD, CSSM_SAMPLE_TYPE_PASSWORD),
  41     allocator(alloc), mPassword(alloc, password)
  42 { }
  43
  44
  45 //
  46 // Validate a credential set against this subject
  47 //
  48 bool PasswordAclSubject::validate(const AclValidationContext &context,
  49     const TypedList &sample) const
  50 {
  51         if (sample[1].type() != CSSM_LIST_ELEMENT_DATUM)
  52                 CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE);
  53     const CssmData &password = sample[1];
  54     return password == mPassword;
  55 }
  56
  57
  58 //
  59 // Make a copy of this subject in CSSM_LIST form
  60 //
  61 CssmList PasswordAclSubject::toList(CssmAllocator &alloc) const
  62 {
  63     // the password itself is private and not exported to CSSM
  64         return TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_PASSWORD);
  65 }
  66
  67
  68 //
  69 // Create a PasswordAclSubject
  70 //
  71 PasswordAclSubject *PasswordAclSubject::Maker::make(const TypedList &list) const
  72 {
  73         ListElement *password;
  74         crack(list, 1, &password, CSSM_LIST_ELEMENT_DATUM);
  75         return new PasswordAclSubject(CssmAllocator::standard(CssmAllocator::sensitive), *password);
  76 }
  77
  78 PasswordAclSubject *PasswordAclSubject::Maker::make(Version, Reader &pub, Reader &priv) const
  79 {
  80     CssmAllocator &alloc = CssmAllocator::standard(CssmAllocator::sensitive);
  81         const void *data; uint32 length; priv.countedData(data, length);
  82         return new PasswordAclSubject(alloc, CssmAutoData(alloc, data, length));
  83 }
  84
  85
  86 //
  87 // Export the subject to a memory blob
  88 //
  89 void PasswordAclSubject::exportBlob(Writer::Counter &pub, Writer::Counter &priv)
  90 {
  91         priv.countedData(mPassword);
  92 }
  93
  94 void PasswordAclSubject::exportBlob(Writer &pub, Writer &priv)
  95 {
  96         priv.countedData(mPassword);
  97 }
  98
  99
 100 #ifdef DEBUGDUMP
 101
 102 void PasswordAclSubject::debugDump() const
 103 {
 104         Debug::dump("Password ");
 105         Debug::dumpData(mPassword.data(), mPassword.length());
 106 }
 107
 108 #endif //DEBUGDUMP