2 * Copyright (c) 2000-2006,2011,2014 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
26 // acl_protectedpw - protected-path password-based ACL subject types.
28 #include <security_cdsa_utilities/acl_protectedpw.h>
29 #include <security_utilities/debugging.h>
34 // Construct a password ACL subject
36 ProtectedPasswordAclSubject::ProtectedPasswordAclSubject(Allocator
&alloc
, const CssmData
&password
)
37 : SimpleAclSubject(CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD
),
38 allocator(alloc
), mPassword(alloc
, password
)
41 ProtectedPasswordAclSubject::ProtectedPasswordAclSubject(Allocator
&alloc
, CssmManagedData
&password
)
42 : SimpleAclSubject(CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD
),
43 allocator(alloc
), mPassword(alloc
, password
)
48 // Validate a credential set against this subject
50 bool ProtectedPasswordAclSubject::validates(const AclValidationContext
&context
,
51 const TypedList
&sample
) const
53 if (sample
.length() == 1) {
54 return true; //@@@ validate against PP
55 } else if (sample
.length() == 2 && sample
[1].type() == CSSM_LIST_ELEMENT_DATUM
) {
56 const CssmData
&password
= sample
[1];
57 return password
== mPassword
;
59 CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE
);
64 // Make a copy of this subject in CSSM_LIST form
66 CssmList
ProtectedPasswordAclSubject::toList(Allocator
&alloc
) const
68 // the password itself is private and not exported to CSSM
69 return TypedList(alloc
, CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD
);
74 // Create a ProtectedPasswordAclSubject
76 ProtectedPasswordAclSubject
*ProtectedPasswordAclSubject::Maker::make(const TypedList
&list
) const
78 CssmAutoData
password(Allocator::standard(Allocator::sensitive
));
79 if (list
.length() == 1) {
80 char pass
[] = "secret";
81 CssmData password
= CssmData::wrap(pass
, 6); //@@@ get password from PP
82 return new ProtectedPasswordAclSubject(Allocator::standard(Allocator::sensitive
), password
);
84 ListElement
*password
;
85 crack(list
, 1, &password
, CSSM_LIST_ELEMENT_DATUM
);
86 return new ProtectedPasswordAclSubject(Allocator::standard(Allocator::sensitive
), *password
);
90 ProtectedPasswordAclSubject
*ProtectedPasswordAclSubject::Maker::make(Version
,
91 Reader
&pub
, Reader
&priv
) const
93 Allocator
&alloc
= Allocator::standard(Allocator::sensitive
);
94 const void *data
; size_t length
; priv
.countedData(data
, length
);
95 return new ProtectedPasswordAclSubject(alloc
, CssmAutoData(alloc
, data
, length
));
100 // Export the subject to a memory blob
102 void ProtectedPasswordAclSubject::exportBlob(Writer::Counter
&pub
, Writer::Counter
&priv
)
104 priv
.countedData(mPassword
);
107 void ProtectedPasswordAclSubject::exportBlob(Writer
&pub
, Writer
&priv
)
109 priv
.countedData(mPassword
);
115 void ProtectedPasswordAclSubject::debugDump() const
117 Debug::dump("Protected Password ");
118 Debug::dumpData(mPassword
.data(), mPassword
.length());
projects / apple / security.git / blob