+++ /dev/null
-/*
- * Copyright (c) 2000-2004,2006-2007,2011-2012 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-
-//
-// cssmaclpod - enhanced PodWrappers for ACL-related CSSM data structures
-//
-#include <security_cdsa_utilities/cssmaclpod.h>
-#include <security_cdsa_utilities/cssmwalkers.h>
-#include <cstdarg>
-
-
-namespace Security {
-
-
-//
-// AclAuthorizationSets
-//
-AclAuthorizationSet::AclAuthorizationSet(AclAuthorization auth0, AclAuthorization auth, ...)
-{
- insert(auth0);
-
- va_list args;
- va_start(args, auth);
- while (auth) {
- insert(auth);
- auth = va_arg(args, AclAuthorization);
- }
- va_end(args);
-}
-
-
-//
-// AclAuthorizationGroups
-//
-AuthorizationGroup::AuthorizationGroup(const AclAuthorizationSet &auths, Allocator &alloc)
-{
- NumberOfAuthTags = (uint32)auths.size();
- AuthTags = alloc.alloc<CSSM_ACL_AUTHORIZATION_TAG>(NumberOfAuthTags);
- copy(auths.begin(), auths.end(), AuthTags); // happens to be sorted
-}
-
-AuthorizationGroup::AuthorizationGroup(CSSM_ACL_AUTHORIZATION_TAG tag, Allocator &alloc)
-{
- AuthTags = alloc.alloc<CSSM_ACL_AUTHORIZATION_TAG>(1);
- AuthTags[0] = tag;
- NumberOfAuthTags = 1;
-}
-
-void AuthorizationGroup::destroy(Allocator &alloc)
-{
- alloc.free(AuthTags);
-}
-
-bool AuthorizationGroup::contains(CSSM_ACL_AUTHORIZATION_TAG tag) const
-{
- return find(AuthTags, &AuthTags[NumberOfAuthTags], tag) != &AuthTags[NumberOfAuthTags];
-}
-
-
-AuthorizationGroup::operator AclAuthorizationSet() const
-{
- return AclAuthorizationSet(AuthTags, &AuthTags[NumberOfAuthTags]);
-}
-
-AclEntryPrototype::AclEntryPrototype(const AclOwnerPrototype &proto)
-{
- memset(this, 0, sizeof(*this));
- TypedSubject = proto.subject(); Delegate = proto.delegate();
- //@@@ set authorization to "is owner" pseudo-auth? See cssmacl.h
-}
-
-void AclEntryPrototype::tag(const char *tagString)
-{
- if (tagString == NULL)
- EntryTag[0] = '\0';
- else if (strlen(tagString) > CSSM_MODULE_STRING_SIZE)
- CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_ENTRY_TAG);
- else
- strcpy(EntryTag, tagString);
-}
-
-void AclEntryPrototype::tag(const string &tagString)
-{
- if (tagString.length() > CSSM_MODULE_STRING_SIZE)
- CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_ENTRY_TAG);
- else
- memcpy(EntryTag, tagString.c_str(), tagString.length() + 1);
-}
-
-
-AclOwnerPrototype *AutoAclOwnerPrototype::make()
-{
- if (!mAclOwnerPrototype) {
- mAclOwnerPrototype = (AclOwnerPrototype*) mAllocator->malloc(sizeof(AclOwnerPrototype));
- new (mAclOwnerPrototype) AclOwnerPrototype;
- mAclOwnerPrototype->clearPod();
- }
- return mAclOwnerPrototype;
-}
-
-AutoAclOwnerPrototype::~AutoAclOwnerPrototype()
-{
- if (mAllocator)
- DataWalkers::chunkFree(mAclOwnerPrototype, *mAllocator);
-}
-
-void
-AutoAclOwnerPrototype::allocator(Allocator &allocator)
-{
- mAllocator = &allocator;
-}
-
-
-void AutoAclEntryInfoList::size(uint32 newSize)
-{
- assert(mAllocator);
- mEntries = mAllocator->alloc<AclEntryInfo>(mEntries, newSize);
- for (uint32 n = mCount; n < newSize; n++)
- mEntries[n].clearPod();
- mCount = newSize;
-}
-
-
-AclEntryInfo &AutoAclEntryInfoList::at(uint32 ix)
-{
- if (ix >= mCount)
- size(ix + 1); // expand vector
- return mEntries[ix];
-}
-
-
-void AutoAclEntryInfoList::clear()
-{
- if (mAllocator)
- {
- DataWalkers::ChunkFreeWalker w(*mAllocator);
- for (uint32 ix = 0; ix < mCount; ix++)
- walk(w, mEntries[ix]);
- mAllocator->free(mEntries);
- mEntries = NULL;
- mCount = 0;
- }
-}
-
-void AutoAclEntryInfoList::allocator(Allocator &allocator)
-{
- mAllocator = &allocator;
-}
-
-
-void AutoAclEntryInfoList::add(const TypedList &subj, const AclAuthorizationSet &auths, const char *tag /* = NULL */)
-{
- AclEntryInfo &info = at(size());
- info.proto() = AclEntryPrototype(subj);
- info.proto().authorization() = AuthorizationGroup(auths, allocator());
- info.proto().tag(tag);
- info.handle(size());
-}
-
-void AutoAclEntryInfoList::addPin(const TypedList &subj, uint32 slot)
-{
- char tag[20];
- snprintf(tag, sizeof(tag), "PIN%d", slot);
- add(subj, CSSM_ACL_AUTHORIZATION_PREAUTH(slot), tag);
-}
-
-void AutoAclEntryInfoList::addPinState(uint32 slot, uint32 status)
-{
- char tag[20];
- snprintf(tag, sizeof(tag), "PIN%d?", slot);
- TypedList subj(allocator(), CSSM_WORDID_PIN,
- new(allocator()) ListElement(slot),
- new(allocator()) ListElement(status));
- add(subj, CSSM_WORDID_PIN, tag);
-}
-
-void AutoAclEntryInfoList::addPinState(uint32 slot, uint32 status, uint32 count)
-{
- char tag[20];
- snprintf(tag, sizeof(tag), "PIN%d?", slot);
- TypedList subj(allocator(), CSSM_WORDID_PIN,
- new(allocator()) ListElement(slot),
- new(allocator()) ListElement(status),
- new(allocator()) ListElement(count));
- add(subj, CSSM_WORDID_PIN, tag);
-}
-
-uint32 pinFromAclTag(const char *tag, const char *suffix /* = NULL */)
-{
- if (tag) {
- char format[20];
- snprintf(format, sizeof(format), "PIN%%d%s%%n", suffix ? suffix : "");
- uint32 pin;
- unsigned consumed;
- sscanf(tag, format, &pin, &consumed);
- if (consumed == strlen(tag)) // complete and sufficient
- return pin;
- }
- return 0;
-}
-
-} // namespace Security
projects / apple / security.git / blobdiff