Security-58286.60.28.tar.gz

[apple/security.git] / OSX / libsecurity_cdsa_utilities / lib / cssmcred.cpp

diff --git a/OSX/libsecurity_cdsa_utilities/lib/cssmcred.cpp b/OSX/libsecurity_cdsa_utilities/lib/cssmcred.cpp
index ff7d0925c00969429503d972cbfe4268acb9c7b4..5f877bbccda87756bc048a5deac4826d67dddbea 100644 (file)
--- a/OSX/libsecurity_cdsa_utilities/lib/cssmcred.cpp
+++ b/OSX/libsecurity_cdsa_utilities/lib/cssmcred.cpp
@@ -77,6 +77,35 @@ void AccessCredentials::tag(const char *tagString)
                strcpy(EntryTag, tagString);
 }
 
+bool AccessCredentials::authorizesUI() const {
+    list<CssmSample> uisamples;
+
+    if(samples().collect(CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT, uisamples)) {
+        // The existence of a lone keychain prompt gives UI access
+        return true;
+    }
+
+    samples().collect(CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK, uisamples);
+    samples().collect(CSSM_SAMPLE_TYPE_THRESHOLD, uisamples);
+
+    for (list<CssmSample>::iterator it = uisamples.begin(); it != uisamples.end(); it++) {
+        TypedList &sample = *it;
+
+        if(!sample.isProper()) {
+            secnotice("integrity", "found a non-proper sample, skipping...");
+            continue;
+        }
+
+        switch (sample.type()) {
+            case CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT:
+                // these credentials allow UI
+                return true;
+        }
+    }
+
+    // no interesting credential found; no UI for you
+    return false;
+}
 
 //
 // AutoCredentials self-constructing credentials structure