--- /dev/null
+/*
+ * Copyright (c) 2000-2006,2011,2014 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+
+//
+// acl_password - password-based ACL subject types
+//
+#include <security_cdsa_utilities/acl_password.h>
+#include <security_utilities/debugging.h>
+#include <security_utilities/endian.h>
+#include <algorithm>
+
+
+//
+// PasswordAclSubject always pre-loads its secret, and thus never has to
+// "get" its secret. If we ever try, it's a bug.
+//
+bool PasswordAclSubject::getSecret(const AclValidationContext &context,
+ const TypedList &sample, CssmOwnedData &secret) const
+{
+ switch (sample.length()) {
+ case 1:
+ return false; // no password in sample
+ case 2:
+ secret = sample[1];
+ return true;
+ default:
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE);
+ }
+}
+
+
+//
+// Make a copy of this subject in CSSM_LIST form
+//
+CssmList PasswordAclSubject::toList(Allocator &alloc) const
+{
+ // the password itself is private and not exported to CSSM
+ return TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_PASSWORD);
+}
+
+
+//
+// Create a PasswordAclSubject
+//
+PasswordAclSubject *PasswordAclSubject::Maker::make(const TypedList &list) const
+{
+ Allocator &alloc = Allocator::standard(Allocator::sensitive);
+ switch (list.length()) {
+ case 1:
+ return new PasswordAclSubject(alloc, true);
+ case 2:
+ {
+ ListElement *password;
+ crack(list, 1, &password, CSSM_LIST_ELEMENT_DATUM);
+ return new PasswordAclSubject(alloc, password->data());
+ }
+ default:
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE);
+ }
+}
+
+PasswordAclSubject *PasswordAclSubject::Maker::make(Version, Reader &pub, Reader &priv) const
+{
+ Allocator &alloc = Allocator::standard(Allocator::sensitive);
+ const void *data; size_t length; priv.countedData(data, length);
+ CssmAutoData passwordData(alloc, data, length);
+ return new PasswordAclSubject(alloc, passwordData);
+}
+
+
+//
+// Export the subject to a memory blob
+//
+void PasswordAclSubject::exportBlob(Writer::Counter &pub, Writer::Counter &priv)
+{
+ priv.countedData(secret());
+}
+
+void PasswordAclSubject::exportBlob(Writer &pub, Writer &priv)
+{
+ priv.countedData(secret());
+}
+
+
+#ifdef DEBUGDUMP
+
+void PasswordAclSubject::debugDump() const
+{
+ Debug::dump("Password");
+ SecretAclSubject::debugDump();
+}
+
+#endif //DEBUGDUMP
projects / apple / security.git / blobdiff