OSX/libsecurity_cdsa_utilities/lib/acl_password.cpp

   1 /*
   2  * Copyright (c) 2000-2006,2011,2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24
  25 //
  26 // acl_password - password-based ACL subject types
  27 //
  28 #include <security_cdsa_utilities/acl_password.h>
  29 #include <security_utilities/debugging.h>
  30 #include <security_utilities/endian.h>
  31 #include <algorithm>
  32
  33
  34 //
  35 // PasswordAclSubject always pre-loads its secret, and thus never has to
  36 // "get" its secret. If we ever try, it's a bug.
  37 //
  38 bool PasswordAclSubject::getSecret(const AclValidationContext &context,
  39         const TypedList &sample, CssmOwnedData &secret) const
  40 {
  41         switch (sample.length()) {
  42         case 1:
  43                 return false;   // no password in sample
  44         case 2:
  45                 secret = sample[1];
  46                 return true;
  47         default:
  48                 CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE);
  49         }
  50 }
  51
  52
  53 //
  54 // Make a copy of this subject in CSSM_LIST form
  55 //
  56 CssmList PasswordAclSubject::toList(Allocator &alloc) const
  57 {
  58     // the password itself is private and not exported to CSSM
  59         return TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_PASSWORD);
  60 }
  61
  62
  63 //
  64 // Create a PasswordAclSubject
  65 //
  66 PasswordAclSubject *PasswordAclSubject::Maker::make(const TypedList &list) const
  67 {
  68     Allocator &alloc = Allocator::standard(Allocator::sensitive);
  69         switch (list.length()) {
  70         case 1:
  71                 return new PasswordAclSubject(alloc, true);
  72         case 2:
  73                 {
  74                         ListElement *password;
  75                         crack(list, 1, &password, CSSM_LIST_ELEMENT_DATUM);
  76                         return new PasswordAclSubject(alloc, password->data());
  77                 }
  78         default:
  79                 CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE);
  80         }
  81 }
  82
  83 PasswordAclSubject *PasswordAclSubject::Maker::make(Version, Reader &pub, Reader &priv) const
  84 {
  85     Allocator &alloc = Allocator::standard(Allocator::sensitive);
  86         const void *data; size_t length; priv.countedData(data, length);
  87         CssmAutoData passwordData(alloc, data, length);
  88         return new PasswordAclSubject(alloc, passwordData);
  89 }
  90
  91
  92 //
  93 // Export the subject to a memory blob
  94 //
  95 void PasswordAclSubject::exportBlob(Writer::Counter &pub, Writer::Counter &priv)
  96 {
  97         priv.countedData(secret());
  98 }
  99
 100 void PasswordAclSubject::exportBlob(Writer &pub, Writer &priv)
 101 {
 102         priv.countedData(secret());
 103 }
 104
 105
 106 #ifdef DEBUGDUMP
 107
 108 void PasswordAclSubject::debugDump() const
 109 {
 110         Debug::dump("Password");
 111         SecretAclSubject::debugDump();
 112 }
 113
 114 #endif //DEBUGDUMP