cdsa/cdsa_utilities/acl_password.cpp

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 //
  20 // acl_password - password-based ACL subject types
  21 //
  22 #ifdef __MWERKS__
  23 #define _CPP_ACL_PASSWORD
  24 #endif
  25
  26 #include <Security/acl_password.h>
  27 #include <Security/debugging.h>
  28 #include <Security/endian.h>
  29 #include <algorithm>
  30
  31
  32 //
  33 // Construct a password ACL subject
  34 //
  35 PasswordAclSubject::PasswordAclSubject(CssmAllocator &alloc, const CssmData &password)
  36     : SimpleAclSubject(CSSM_ACL_SUBJECT_TYPE_PASSWORD, CSSM_SAMPLE_TYPE_PASSWORD),
  37     allocator(alloc), mPassword(alloc, password)
  38 { }
  39
  40 PasswordAclSubject::PasswordAclSubject(CssmAllocator &alloc, CssmManagedData &password)
  41     : SimpleAclSubject(CSSM_ACL_SUBJECT_TYPE_PASSWORD, CSSM_SAMPLE_TYPE_PASSWORD),
  42     allocator(alloc), mPassword(alloc, password)
  43 { }
  44
  45
  46 //
  47 // Validate a credential set against this subject
  48 //
  49 bool PasswordAclSubject::validate(const AclValidationContext &context,
  50     const TypedList &sample) const
  51 {
  52         if (sample[1].type() != CSSM_LIST_ELEMENT_DATUM)
  53                 CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE);
  54     const CssmData &password = sample[1];
  55     return password == mPassword;
  56 }
  57
  58
  59 //
  60 // Make a copy of this subject in CSSM_LIST form
  61 //
  62 CssmList PasswordAclSubject::toList(CssmAllocator &alloc) const
  63 {
  64     // the password itself is private and not exported to CSSM
  65         return TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_PASSWORD);
  66 }
  67
  68
  69 //
  70 // Create a PasswordAclSubject
  71 //
  72 PasswordAclSubject *PasswordAclSubject::Maker::make(const TypedList &list) const
  73 {
  74         ListElement *password;
  75         crack(list, 1, &password, CSSM_LIST_ELEMENT_DATUM);
  76         return new PasswordAclSubject(CssmAllocator::standard(CssmAllocator::sensitive), *password);
  77 }
  78
  79 PasswordAclSubject *PasswordAclSubject::Maker::make(Version, Reader &pub, Reader &priv) const
  80 {
  81     CssmAllocator &alloc = CssmAllocator::standard(CssmAllocator::sensitive);
  82         const void *data; uint32 length; priv.countedData(data, length);
  83         return new PasswordAclSubject(alloc, CssmAutoData(alloc, data, length));
  84 }
  85
  86
  87 //
  88 // Export the subject to a memory blob
  89 //
  90 void PasswordAclSubject::exportBlob(Writer::Counter &pub, Writer::Counter &priv)
  91 {
  92         priv.countedData(mPassword);
  93 }
  94
  95 void PasswordAclSubject::exportBlob(Writer &pub, Writer &priv)
  96 {
  97         priv.countedData(mPassword);
  98 }
  99
 100
 101 #ifdef DEBUGDUMP
 102
 103 void PasswordAclSubject::debugDump() const
 104 {
 105         Debug::dump("Password ");
 106         Debug::dumpData(mPassword.data(), mPassword.length());
 107 }
 108
 109 #endif //DEBUGDUMP