]> git.saurik.com Git - apple/security.git/blobdiff - OSX/libsecurity_cdsa_utilities/lib/cssmcred.cpp
projects / apple / security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security-59754.80.3.tar.gz
[apple/security.git] / OSX / libsecurity_cdsa_utilities / lib / cssmcred.cpp
diff --git a/OSX/libsecurity_cdsa_utilities/lib/cssmcred.cpp b/OSX/libsecurity_cdsa_utilities/lib/cssmcred.cpp
index ff7d0925c00969429503d972cbfe4268acb9c7b4..ee66a633f00965a28a16fe0a763deef7121871e8 100644 (file)
--- a/OSX/libsecurity_cdsa_utilities/lib/cssmcred.cpp
+++ b/OSX/libsecurity_cdsa_utilities/lib/cssmcred.cpp
@@ -30,20 +30,6 @@
 
 namespace Security {
 
 
 namespace Security {
 
-
-//
-// The null credential constant.
-//
-static const CSSM_ACCESS_CREDENTIALS null_credentials = { "" };        // and more nulls
-#if BUG_GCC
-const AccessCredentials &AccessCredentials::null =
-    *static_cast<const AccessCredentials *>(&null_credentials);
-#else
-const AccessCredentials &AccessCredentials::null =
-    static_cast<const AccessCredentials &>(null_credentials);
-#endif
-
-
 //
 // Scan a SampleGroup for samples with a given CSSM_SAMPLE_TYPE.
 // Collect all matching samples into a list (which is cleared to begin with).
 //
 // Scan a SampleGroup for samples with a given CSSM_SAMPLE_TYPE.
 // Collect all matching samples into a list (which is cleared to begin with).
@@ -67,6 +53,12 @@ bool SampleGroup::collect(CSSM_SAMPLE_TYPE sampleType, list<CssmSample> &matches
 //
 // AccessCredentials
 //
 //
 // AccessCredentials
 //
+const AccessCredentials& AccessCredentials::null_credential()
+{
+    static const CSSM_ACCESS_CREDENTIALS null_credentials = { "" };    // and more nulls
+    return AccessCredentials::overlay(null_credentials);
+}
+
 void AccessCredentials::tag(const char *tagString)
 {
        if (tagString == NULL)
 void AccessCredentials::tag(const char *tagString)
 {
        if (tagString == NULL)
@@ -77,6 +69,35 @@ void AccessCredentials::tag(const char *tagString)
                strcpy(EntryTag, tagString);
 }
 
                strcpy(EntryTag, tagString);
 }
 
+bool AccessCredentials::authorizesUI() const {
+    list<CssmSample> uisamples;
+
+    if(samples().collect(CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT, uisamples)) {
+        // The existence of a lone keychain prompt gives UI access
+        return true;
+    }
+
+    samples().collect(CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK, uisamples);
+    samples().collect(CSSM_SAMPLE_TYPE_THRESHOLD, uisamples);
+
+    for (list<CssmSample>::iterator it = uisamples.begin(); it != uisamples.end(); it++) {
+        TypedList &sample = *it;
+
+        if(!sample.isProper()) {
+            secnotice("integrity", "found a non-proper sample, skipping...");
+            continue;
+        }
+
+        switch (sample.type()) {
+            case CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT:
+                // these credentials allow UI
+                return true;
+        }
+    }
+
+    // no interesting credential found; no UI for you
+    return false;
+}
 
 //
 // AutoCredentials self-constructing credentials structure
 
 //
 // AutoCredentials self-constructing credentials structure
mirror of Security