OSX/libsecurity_cdsa_utilities/lib/cssmcred.cpp

   1 /*
   2  * Copyright (c) 2000-2001,2003-2004,2006,2011,2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24
  25 //
  26 // cssmcred - enhanced PodWrappers and construction aids for ACL credentials
  27 //
  28 #include <security_cdsa_utilities/cssmcred.h>
  29
  30
  31 namespace Security {
  32
  33
  34 //
  35 // The null credential constant.
  36 //
  37 static const CSSM_ACCESS_CREDENTIALS null_credentials = { "" }; // and more nulls
  38 #if BUG_GCC
  39 const AccessCredentials &AccessCredentials::null =
  40     *static_cast<const AccessCredentials *>(&null_credentials);
  41 #else
  42 const AccessCredentials &AccessCredentials::null =
  43     static_cast<const AccessCredentials &>(null_credentials);
  44 #endif
  45
  46
  47 //
  48 // Scan a SampleGroup for samples with a given CSSM_SAMPLE_TYPE.
  49 // Collect all matching samples into a list (which is cleared to begin with).
  50 // Return true if any were found, false if none.
  51 // Throw if any of the samples are obviously malformed.
  52 //
  53 bool SampleGroup::collect(CSSM_SAMPLE_TYPE sampleType, list<CssmSample> &matches) const
  54 {
  55         for (uint32 n = 0; n < length(); n++) {
  56                 TypedList sample = (*this)[n];
  57                 sample.checkProper();
  58                 if (sample.type() == sampleType) {
  59                         sample.snip();  // skip sample type
  60                         matches.push_back(sample);
  61                 }
  62         }
  63         return !matches.empty();
  64 }
  65
  66
  67 //
  68 // AccessCredentials
  69 //
  70 void AccessCredentials::tag(const char *tagString)
  71 {
  72         if (tagString == NULL)
  73                 EntryTag[0] = '\0';
  74         else if (strlen(tagString) > CSSM_MODULE_STRING_SIZE)
  75                 CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_ENTRY_TAG);
  76         else
  77                 strcpy(EntryTag, tagString);
  78 }
  79
  80 bool AccessCredentials::authorizesUI() const {
  81     list<CssmSample> uisamples;
  82
  83     if(samples().collect(CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT, uisamples)) {
  84         // The existence of a lone keychain prompt gives UI access
  85         return true;
  86     }
  87
  88     samples().collect(CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK, uisamples);
  89     samples().collect(CSSM_SAMPLE_TYPE_THRESHOLD, uisamples);
  90
  91     for (list<CssmSample>::iterator it = uisamples.begin(); it != uisamples.end(); it++) {
  92         TypedList &sample = *it;
  93
  94         if(!sample.isProper()) {
  95             secnotice("integrity", "found a non-proper sample, skipping...");
  96             continue;
  97         }
  98
  99         switch (sample.type()) {
 100             case CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT:
 101                 // these credentials allow UI
 102                 return true;
 103         }
 104     }
 105
 106     // no interesting credential found; no UI for you
 107     return false;
 108 }
 109
 110 //
 111 // AutoCredentials self-constructing credentials structure
 112 //
 113 AutoCredentials::AutoCredentials(Allocator &alloc) : allocator(alloc)
 114 {
 115         init();
 116 }
 117
 118 AutoCredentials::AutoCredentials(Allocator &alloc, uint32 nSamples) : allocator(alloc)
 119 {
 120         init();
 121         getSample(nSamples - 1);        // extend array to nSamples elements
 122 }
 123
 124 void AutoCredentials::init()
 125 {
 126         sampleArray = NULL;
 127         nSamples = 0;
 128 }
 129
 130
 131 CssmSample &AutoCredentials::getSample(uint32 n)
 132 {
 133         if (n >= nSamples) {
 134                 sampleArray = allocator.alloc<CssmSample>(sampleArray, nSamples = n + 1);
 135                 Samples.Samples = sampleArray;
 136                 Samples.NumberOfSamples = nSamples;
 137         }
 138         return sampleArray[n];
 139 }
 140
 141 }       // end namespace Security