]> git.saurik.com Git - apple/security.git/blob - libsecurity_cdsa_utilities/lib/objectacl.cpp
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-55179.11.tar.gz
[apple/security.git] / libsecurity_cdsa_utilities / lib / objectacl.cpp
1 /*
2 * Copyright (c) 2000-2004,2006 Apple Computer, Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 //
26 // objectacl - core implementation of an ACL-bearing object
27 //
28 #include <security_cdsa_utilities/objectacl.h>
29 #include <security_cdsa_utilities/cssmbridge.h>
30 #include <security_utilities/endian.h>
31 #include <security_utilities/debugging.h>
32 #include <algorithm>
33 #include <cstdarg>
34
35 #include <security_cdsa_utilities/acl_preauth.h> //@@@ impure - will be removed
36
37 using namespace DataWalkers;
38
39
40 //
41 // The static map of available ACL subject makers.
42 // These are the kinds of ACL subjects we can deal with.
43 //
44 ModuleNexus<ObjectAcl::MakerMap> ObjectAcl::makers;
45
46
47 //
48 // Create an ObjectAcl
49 //
50 ObjectAcl::ObjectAcl(Allocator &alloc) : allocator(alloc), mNextHandle(1)
51 {
52 }
53
54 ObjectAcl::ObjectAcl(const AclEntryPrototype &proto, Allocator &alloc)
55 : allocator(alloc), mNextHandle(1)
56 {
57 cssmSetInitial(proto);
58 }
59
60 ObjectAcl::~ObjectAcl()
61 { }
62
63
64 //
65 // Set an "initial ACL" from a CSSM-style initial ACL argument.
66 // This will replace the owner, as well as replace the entire ACL
67 // with a single-item slot, as per CSSM specification.
68 //
69 void ObjectAcl::cssmSetInitial(const AclEntryPrototype &proto)
70 {
71 mOwner = OwnerEntry(proto);
72 add(proto.s_tag(), proto);
73 IFDUMPING("acl", debugDump("create/proto"));
74 }
75
76 void ObjectAcl::cssmSetInitial(const AclSubjectPointer &subject)
77 {
78 mOwner = OwnerEntry(subject);
79 add("", subject);
80 IFDUMPING("acl", debugDump("create/subject"));
81 }
82
83 ObjectAcl::Entry::~Entry()
84 {
85 }
86
87
88 //
89 // ObjectAcl::validate validates an access authorization claim.
90 // Returns normally if 'auth' is granted to the bearer of 'cred'.
91 // Otherwise, throws a suitable (ACL-related) CssmError exception.
92 //
93 class BaseValidationContext : public AclValidationContext {
94 public:
95 BaseValidationContext(const AccessCredentials *cred,
96 AclAuthorization auth, AclValidationEnvironment *env)
97 : AclValidationContext(cred, auth, env) { }
98
99 uint32 count() const { return cred() ? cred()->samples().length() : 0; }
100 uint32 size() const { return count(); }
101 const TypedList &sample(uint32 n) const
102 { assert(n < count()); return cred()->samples()[n]; }
103
104 void matched(const TypedList *) const { } // ignore match info
105 };
106
107
108 bool ObjectAcl::validates(AclAuthorization auth, const AccessCredentials *cred,
109 AclValidationEnvironment *env)
110 {
111 BaseValidationContext ctx(cred, auth, env);
112 return validates(ctx);
113 }
114
115 bool ObjectAcl::validates(AclValidationContext &ctx)
116 {
117 // make sure we are ready to go
118 instantiateAcl();
119
120 IFDUMPING("acleval", Debug::dump("<<WANT(%d)<", ctx.authorization()));
121
122 //@@@ should pre-screen based on requested auth, maybe?
123
124 #if defined(ACL_OMNIPOTENT_OWNER)
125 // try owner (owner can do anything)
126 if (mOwner.validate(ctx))
127 return;
128 #endif //ACL_OMNIPOTENT_OWNER
129
130 // try applicable ACLs
131 pair<EntryMap::const_iterator, EntryMap::const_iterator> range;
132 if (getRange(ctx.s_credTag(), range) == 0) // no such tag
133 CssmError::throwMe(CSSM_ERRCODE_ACL_ENTRY_TAG_NOT_FOUND);
134 // try each entry in turn
135 for (EntryMap::const_iterator it = range.first; it != range.second; it++) {
136 const AclEntry &slot = it->second;
137 IFDUMPING("acleval", (Debug::dump(" EVAL["), slot.debugDump(), Debug::dump("]")));
138 if (slot.authorizes(ctx.authorization())) {
139 ctx.init(this, slot.subject);
140 ctx.entryTag(slot.tag);
141 if (slot.validate(ctx)) {
142 IFDUMPING("acleval", Debug::dump(">PASS>>\n"));
143 return true; // passed
144 }
145 IFDUMPING("acleval", Debug::dump(" NO"));
146 }
147 }
148 IFDUMPING("acleval", Debug::dump(">FAIL>>\n"));
149 return false; // no joy
150 }
151
152 void ObjectAcl::validate(AclAuthorization auth, const AccessCredentials *cred,
153 AclValidationEnvironment *env)
154 {
155 if (!validates(auth, cred, env))
156 CssmError::throwMe(CSSM_ERRCODE_OPERATION_AUTH_DENIED);
157 }
158
159 void ObjectAcl::validate(AclValidationContext &ctx)
160 {
161 if (!validates(ctx))
162 CssmError::throwMe(CSSM_ERRCODE_OPERATION_AUTH_DENIED);
163 }
164
165
166 void ObjectAcl::validateOwner(AclAuthorization authorizationHint,
167 const AccessCredentials *cred, AclValidationEnvironment *env)
168 {
169 BaseValidationContext ctx(cred, authorizationHint, env);
170 validateOwner(ctx);
171 }
172
173 void ObjectAcl::validateOwner(AclValidationContext &ctx)
174 {
175 instantiateAcl();
176 if (mOwner.validate(ctx))
177 return;
178 CssmError::throwMe(CSSM_ERRCODE_OPERATION_AUTH_DENIED);
179 }
180
181
182 //
183 // Export an ObjectAcl to two memory blobs: public and private data separated.
184 // This is a standard two-pass size+copy operation.
185 //
186 void ObjectAcl::exportBlob(CssmData &publicBlob, CssmData &privateBlob)
187 {
188 instantiateAcl();
189 Writer::Counter pubSize, privSize;
190 Endian<uint32> entryCount = mEntries.size();
191 mOwner.exportBlob(pubSize, privSize);
192 pubSize(entryCount);
193 for (EntryMap::iterator it = begin(); it != end(); it++)
194 it->second.exportBlob(pubSize, privSize);
195 publicBlob = CssmData(allocator.malloc(pubSize), pubSize);
196 privateBlob = CssmData(allocator.malloc(privSize), privSize);
197 Writer pubWriter(publicBlob), privWriter(privateBlob);
198 mOwner.exportBlob(pubWriter, privWriter);
199 pubWriter(entryCount);
200 for (EntryMap::iterator it = begin(); it != end(); it++)
201 it->second.exportBlob(pubWriter, privWriter);
202 IFDUMPING("acl", debugDump("exported"));
203 }
204
205
206 //
207 // Import an ObjectAcl's contents from two memory blobs representing public and
208 // private contents, respectively. These blobs must have been generated by the
209 // export method.
210 // Prior contents (if any) are deleted and replaced.
211 //
212 void ObjectAcl::importBlob(const void *publicBlob, const void *privateBlob)
213 {
214 Reader pubReader(publicBlob), privReader(privateBlob);
215 mOwner.importBlob(pubReader, privReader);
216 Endian<uint32> entryCountIn; pubReader(entryCountIn);
217 uint32 entryCount = entryCountIn;
218
219 mEntries.erase(begin(), end());
220 for (uint32 n = 0; n < entryCount; n++) {
221 AclEntry newEntry;
222 newEntry.importBlob(pubReader, privReader);
223 add(newEntry.tag, newEntry);
224 }
225 IFDUMPING("acl", debugDump("imported"));
226 }
227
228
229 //
230 // Import/export helpers for subjects.
231 // This is exported to (subject implementation) callers to maintain consistency
232 // in binary format handling.
233 //
234 AclSubject *ObjectAcl::importSubject(Reader &pub, Reader &priv)
235 {
236 Endian<uint32> typeAndVersion; pub(typeAndVersion);
237 return make(typeAndVersion, pub, priv);
238 }
239
240
241 //
242 // Setup/update hooks
243 //
244 void ObjectAcl::instantiateAcl()
245 {
246 // nothing by default
247 }
248
249 void ObjectAcl::changedAcl()
250 {
251 // nothing by default
252 }
253
254
255 //
256 // ACL utility methods
257 //
258 unsigned int ObjectAcl::getRange(const std::string &tag,
259 pair<EntryMap::const_iterator, EntryMap::const_iterator> &range) const
260 {
261 if (!tag.empty()) { // tag restriction in effect
262 range = mEntries.equal_range(tag);
263 uint32 count = mEntries.count(tag);
264 if (count == 0)
265 CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_ENTRY_TAG);
266 return count;
267 } else { // try all tags
268 range.first = mEntries.begin();
269 range.second = mEntries.end();
270 return mEntries.size();
271 }
272 }
273
274 ObjectAcl::EntryMap::iterator ObjectAcl::findEntryHandle(CSSM_ACL_HANDLE handle)
275 {
276 for (EntryMap::iterator it = mEntries.begin(); it != mEntries.end(); it++)
277 if (it->second.handle == handle)
278 return it;
279 CssmError::throwMe(CSSMERR_CSSM_INVALID_HANDLE_USAGE); //%%% imprecise error code
280 }
281
282
283 //
284 // CSSM style ACL access and modification functions.
285 //
286 void ObjectAcl::cssmGetAcl(const char *tag, uint32 &count, AclEntryInfo * &acls)
287 {
288 instantiateAcl();
289 pair<EntryMap::const_iterator, EntryMap::const_iterator> range;
290 count = getRange(tag ? tag : "", range);
291 acls = allocator.alloc<AclEntryInfo>(count);
292 uint32 n = 0;
293 for (EntryMap::const_iterator it = range.first; it != range.second; it++, n++) {
294 acls[n].EntryHandle = it->second.handle;
295 it->second.toEntryInfo(acls[n].EntryPublicInfo, allocator);
296 }
297 count = n;
298 }
299
300 void ObjectAcl::cssmChangeAcl(const AclEdit &edit,
301 const AccessCredentials *cred, AclValidationEnvironment *env)
302 {
303 IFDUMPING("acl", debugDump("acl-change-from"));
304
305 // make sure we're ready to go
306 instantiateAcl();
307
308 // validate access credentials
309 validateOwner(CSSM_ACL_AUTHORIZATION_CHANGE_ACL, cred, env);
310
311 // what is Thy wish, effendi?
312 switch (edit.EditMode) {
313 case CSSM_ACL_EDIT_MODE_ADD: {
314 const AclEntryInput &input = Required(edit.newEntry());
315 add(input.proto().s_tag(), input.proto());
316 }
317 break;
318 case CSSM_ACL_EDIT_MODE_REPLACE: {
319 // keep the handle, and try for some modicum of atomicity
320 EntryMap::iterator it = findEntryHandle(edit.handle());
321 AclEntryPrototype proto = Required(edit.newEntry()).proto(); // (bypassing callbacks)
322 add(proto.s_tag(), proto, edit.handle());
323 mEntries.erase(it);
324 }
325 break;
326 case CSSM_ACL_EDIT_MODE_DELETE:
327 mEntries.erase(findEntryHandle(edit.OldEntryHandle));
328 break;
329 default:
330 CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_EDIT_MODE);
331 }
332
333 // notify change
334 changedAcl();
335
336 IFDUMPING("acl", debugDump("acl-change-to"));
337 }
338
339 void ObjectAcl::cssmGetOwner(AclOwnerPrototype &outOwner)
340 {
341 instantiateAcl();
342 outOwner.TypedSubject = mOwner.subject->toList(allocator);
343 outOwner.Delegate = mOwner.delegate;
344 }
345
346 void ObjectAcl::cssmChangeOwner(const AclOwnerPrototype &newOwner,
347 const AccessCredentials *cred, AclValidationEnvironment *env)
348 {
349 IFDUMPING("acl", debugDump("owner-change-from"));
350
351 instantiateAcl();
352
353 // only the owner entry can match
354 validateOwner(CSSM_ACL_AUTHORIZATION_CHANGE_OWNER, cred, env);
355
356 // okay, replace it
357 mOwner = newOwner;
358
359 changedAcl();
360
361 IFDUMPING("acl", debugDump("owner-change-to"));
362 }
363
364
365 //
366 // Load a set of ACL entries from an AclEntryInfo array.
367 // This completely replaces the ACL's entries.
368 // Note that we will adopt the handles in the infos, so they better be proper
369 // (unique, nonzero).
370 //
371 template <class Input>
372 void ObjectAcl::owner(const Input &input)
373 {
374 IFDUMPING("acl", debugDump("owner-load-old"));
375 mOwner = OwnerEntry(input);
376 IFDUMPING("acl", debugDump("owner-load-new"));
377 }
378
379 template void ObjectAcl::owner(const AclOwnerPrototype &);
380 template void ObjectAcl::owner(const AclSubjectPointer &);
381
382
383 void ObjectAcl::entries(uint32 count, const AclEntryInfo *info)
384 {
385 IFDUMPING("acl", debugDump("entries-load-old"));
386 mEntries.erase(mEntries.begin(), mEntries.end());
387 for (uint32 n = 0; n < count; n++, info++)
388 add(info->proto().s_tag(), info->proto());
389 IFDUMPING("acl", debugDump("entries-load-new"));
390 }
391
392
393 //
394 // Clear out the ACL and return it to un-initialized state
395 //
396 void ObjectAcl::clear()
397 {
398 mOwner = OwnerEntry();
399 mEntries.erase(mEntries.begin(), mEntries.end());
400 secdebug("acl", "%p cleared", this);
401 }
402
403
404 //
405 // Common gate to add an ACL entry
406 //
407 void ObjectAcl::add(const std::string &tag, const AclEntry &newEntry)
408 {
409 add(tag, newEntry, mNextHandle++);
410 }
411
412 void ObjectAcl::add(const std::string &tag, AclEntry newEntry, CSSM_ACL_HANDLE handle)
413 {
414 //@@@ This should use a hook-registry mechanism. But for now, we are explicit:
415 if (!newEntry.authorizesAnything) {
416 for (AclAuthorizationSet::const_iterator it = newEntry.authorizations.begin();
417 it != newEntry.authorizations.end(); it++)
418 if (*it >= CSSM_ACL_AUTHORIZATION_PREAUTH_BASE &&
419 *it < CSSM_ACL_AUTHORIZATION_PREAUTH_END) {
420 // preauthorization right - special handling
421 if (newEntry.subject->type() != CSSM_ACL_SUBJECT_TYPE_PREAUTH_SOURCE)
422 newEntry.subject =
423 new PreAuthorizationAcls::SourceAclSubject(newEntry.subject);
424 }
425 }
426
427 mEntries.insert(make_pair(tag, newEntry))->second.handle = handle;
428 if (handle >= mNextHandle)
429 mNextHandle = handle + 1; // don't reuse this handle (in this ACL)
430 }
431
432
433 //
434 // Common features of ACL entries/owners
435 //
436 void ObjectAcl::Entry::init(const AclSubjectPointer &subject, bool delegate)
437 {
438 this->subject = subject;
439 this->delegate = delegate;
440 }
441
442 void ObjectAcl::Entry::importBlob(Reader &pub, Reader &priv)
443 {
444 // the delegation flag is 4 bytes for historic reasons
445 Endian<uint32> del;
446 pub(del);
447 delegate = del;
448
449 subject = importSubject(pub, priv);
450 }
451
452
453 //
454 // An OwnerEntry is a restricted EntryPrototype for use as the ACL owner.
455 //
456 bool ObjectAcl::OwnerEntry::authorizes(AclAuthorization) const
457 {
458 return true; // owner can do anything
459 }
460
461 bool ObjectAcl::OwnerEntry::validate(const AclValidationContext &ctx) const
462 {
463 return subject->validate(ctx); // simple subject match - no strings attached
464 }
465
466
467 //
468 // An AclEntry has some extra goodies
469 //
470 ObjectAcl::AclEntry::AclEntry(const AclEntryPrototype &proto) : Entry(proto)
471 {
472 tag = proto.s_tag();
473 if (proto.authorization().contains(CSSM_ACL_AUTHORIZATION_ANY))
474 authorizesAnything = true; // anything else wouldn't add anything
475 else if (proto.authorization().empty())
476 authorizesAnything = true; // not in standard, but common sense
477 else {
478 authorizesAnything = false;
479 authorizations = proto.authorization();
480 }
481 //@@@ not setting time range
482 // handle = not set here. Set by caller when the AclEntry is created.
483 }
484
485 ObjectAcl::AclEntry::AclEntry(const AclSubjectPointer &subject) : Entry(subject)
486 {
487 authorizesAnything = true; // by default, everything
488 //@@@ not setting time range
489 }
490
491 void ObjectAcl::AclEntry::toEntryInfo(CSSM_ACL_ENTRY_PROTOTYPE &info, Allocator &alloc) const
492 {
493 info.TypedSubject = subject->toList(alloc);
494 info.Delegate = delegate;
495 info.Authorization = authorizesAnything ?
496 AuthorizationGroup(CSSM_ACL_AUTHORIZATION_ANY, alloc) :
497 AuthorizationGroup(authorizations, alloc);
498 //@@@ info.TimeRange =
499 assert(tag.length() <= CSSM_MODULE_STRING_SIZE);
500 memcpy(info.EntryTag, tag.c_str(), tag.length() + 1);
501 }
502
503 bool ObjectAcl::AclEntry::authorizes(AclAuthorization auth) const
504 {
505 return authorizesAnything || authorizations.find(auth) != authorizations.end();
506 }
507
508 bool ObjectAcl::AclEntry::validate(const AclValidationContext &ctx) const
509 {
510 //@@@ not checking time ranges
511 return subject->validate(ctx);
512 }
513
514 void ObjectAcl::AclEntry::importBlob(Reader &pub, Reader &priv)
515 {
516 Entry::importBlob(pub, priv);
517 const char *s; pub(s); tag = s;
518
519 // authorizesAnything is on disk as a 4-byte flag
520 Endian<uint32> tmpAuthorizesAnything;
521 pub(tmpAuthorizesAnything);
522 authorizesAnything = tmpAuthorizesAnything;
523
524 authorizations.erase(authorizations.begin(), authorizations.end());
525 if (!authorizesAnything) {
526 Endian<uint32> countIn; pub(countIn);
527 uint32 count = countIn;
528
529 for (uint32 n = 0; n < count; n++) {
530 Endian<AclAuthorization> auth; pub(auth);
531 authorizations.insert(auth);
532 }
533 }
534 //@@@ import time range
535 }
536
537
538 //
539 // Subject factory and makers
540 //
541 AclSubject::Maker::Maker(CSSM_ACL_SUBJECT_TYPE type)
542 : mType(type)
543 {
544 ObjectAcl::makers()[type] = this;
545 }
546
547 AclSubject *ObjectAcl::make(const TypedList &list)
548 {
549 if (!list.isProper())
550 CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE);
551 return makerFor(list.type()).make(list);
552 }
553
554 AclSubject *ObjectAcl::make(uint32 typeAndVersion, Reader &pub, Reader &priv)
555 {
556 // this type is encoded as (version << 24) | type
557 return makerFor(typeAndVersion & ~AclSubject::versionMask).make(typeAndVersion >> AclSubject::versionShift, pub, priv);
558 }
559
560 AclSubject::Maker &ObjectAcl::makerFor(CSSM_ACL_SUBJECT_TYPE type)
561 {
562 AclSubject::Maker *maker = makers()[type];
563 if (maker == NULL)
564 CssmError::throwMe(CSSM_ERRCODE_ACL_SUBJECT_TYPE_NOT_SUPPORTED);
565 return *maker;
566 }
567
568
569 //
570 // Parsing helper for subject makers.
571 // Note that count/array exclude the first element of list, which is the subject type wordid.
572 //
573 void AclSubject::Maker::crack(const CssmList &list, uint32 count, ListElement **array, ...)
574 {
575 if (count != list.length() - 1)
576 CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE);
577 if (count > 0) {
578 va_list args;
579 va_start(args, array);
580 ListElement *elem = list.first()->next();
581 for (uint32 n = 0; n < count; n++, elem = elem->next()) {
582 CSSM_LIST_ELEMENT_TYPE expectedType = va_arg(args, CSSM_LIST_ELEMENT_TYPE);
583 if (elem->type() != expectedType)
584 CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE);
585 array[n] = elem;
586 }
587 va_end(args);
588 }
589 }
590
591 CSSM_WORDID_TYPE AclSubject::Maker::getWord(const ListElement &elem,
592 int min /*= 0*/, int max /*= INT_MAX*/)
593 {
594 if (elem.type() != CSSM_LIST_ELEMENT_WORDID)
595 CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE);
596 CSSM_WORDID_TYPE value = elem;
597 if (value < min || value > max)
598 CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE);
599 return value;
600 }
601
602
603 //
604 // Debug dumping support.
605 // Leave the ObjectAcl::debugDump method in (stubbed out)
606 // to keep the virtual table layout stable, and to allow
607 // proper linking in weird mix-and-match scenarios.
608 //
609 void ObjectAcl::debugDump(const char *what) const
610 {
611 #if defined(DEBUGDUMP)
612 if (!what)
613 what = "Dump";
614 Debug::dump("%p ACL %s: %d entries\n", this, what, int(mEntries.size()));
615 Debug::dump(" OWNER ["); mOwner.debugDump(); Debug::dump("]\n");
616 for (EntryMap::const_iterator it = begin(); it != end(); it++) {
617 const AclEntry &ent = it->second;
618 Debug::dump(" (%ld:%s) [", ent.handle, ent.tag.c_str());
619 ent.debugDump();
620 Debug::dump("]\n");
621 }
622 Debug::dump("%p ACL END\n", this);
623 #endif //DEBUGDUMP
624 }
625
626 #if defined(DEBUGDUMP)
627
628 void ObjectAcl::Entry::debugDump() const
629 {
630 if (subject) {
631 if (AclSubject::Version v = subject->version())
632 Debug::dump("V=%d ", v);
633 subject->debugDump();
634 } else {
635 Debug::dump("NULL subject");
636 }
637 if (delegate)
638 Debug::dump(" DELEGATE");
639 }
640
641 void ObjectAcl::AclEntry::debugDump() const
642 {
643 Entry::debugDump();
644 if (authorizesAnything) {
645 Debug::dump(" auth(ALL)");
646 } else {
647 Debug::dump(" auth(");
648 for (AclAuthorizationSet::iterator it = authorizations.begin();
649 it != authorizations.end(); it++) {
650 if (*it >= CSSM_ACL_AUTHORIZATION_PREAUTH_BASE
651 && *it < CSSM_ACL_AUTHORIZATION_PREAUTH_END)
652 Debug::dump(" PRE(%d)", *it - CSSM_ACL_AUTHORIZATION_PREAUTH_BASE);
653 else
654 Debug::dump(" %d", *it);
655 }
656 Debug::dump(")");
657 }
658 }
659
660 #endif //DEBUGDUMP
mirror of Security