Security-163.tar.gz

[apple/security.git] / cdsa / cdsa_client / aclclient.cpp

diff --git a/cdsa/cdsa_client/aclclient.cpp b/cdsa/cdsa_client/aclclient.cpp
index 15eceeb7bc52f61e384aea77784ab481545c8a4a..3195052acfa81777fcb240a04f242e3d11b85e43 100644 (file)
--- a/cdsa/cdsa_client/aclclient.cpp
+++ b/cdsa/cdsa_client/aclclient.cpp
@@ -21,7 +21,8 @@
 //
 #include <Security/aclclient.h>
 #include <Security/keychainacl.h>
-#include <Security/walkers.h>
+#include <Security/cssmwalkers.h>
+#include <Security/cssmdata.h>
 
 
 namespace Security {
@@ -133,23 +134,53 @@ const AccessCredentials *AclFactory::unlockCred() const
 { return &statics().unlockCred; }
 
 
-
-AclFactory::PasswordChangeCredentials::PasswordChangeCredentials (const CssmData& password, CssmAllocator& allocator) :
-    mAllocator (allocator)
+//
+// Manage the (pseudo) credentials used to explicitly provide a passphrase to a keychain.
+// Use the eternal unlockCred() for normal (protected prompt) unlocking.
+//
+AclFactory::KeychainCredentials::~KeychainCredentials ()
 {
-    mCredentials = new (allocator) AutoCredentials (allocator);;
-    mCredentials->sample(0) = TypedList(allocator, CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK, new (allocator) ListElement (CSSM_SAMPLE_TYPE_PASSWORD),
-                                        new (allocator) ListElement (password));
+    DataWalkers::chunkFree (mCredentials, allocator);
 }
 
+AclFactory::PassphraseUnlockCredentials::PassphraseUnlockCredentials (const CssmData& password,
+       CssmAllocator& allocator) : KeychainCredentials(allocator)
+{
+    mCredentials->sample(0) = TypedList(allocator, CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK,
+               new (allocator) ListElement (CSSM_SAMPLE_TYPE_PASSWORD),
+               new (allocator) ListElement (CssmAutoData(allocator, password).release()));
+}
 
 
-AclFactory::PasswordChangeCredentials::~PasswordChangeCredentials ()
+//
+// Manage the (pseudo) credentials used to explicitly change a keychain's passphrase
+//
+AclFactory::PasswordChangeCredentials::PasswordChangeCredentials (const CssmData& password,
+       CssmAllocator& allocator) : KeychainCredentials(allocator)
 {
-    DataWalkers::chunkFree (mCredentials, mAllocator);
+    mCredentials->sample(0) = TypedList(allocator, CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK,
+               new (allocator) ListElement (CSSM_SAMPLE_TYPE_PASSWORD),
+               new (allocator) ListElement (CssmAutoData(allocator, password).release()));
 }
 
 
+//
+// Create an ANY style AclEntryInput.
+// This can be used to explicitly request wide-open authorization on a new CSSM object.
+//
+AclFactory::AnyResourceContext::AnyResourceContext(const CSSM_ACCESS_CREDENTIALS *cred)
+       : mAny(CSSM_ACL_SUBJECT_TYPE_ANY), mTag(CSSM_ACL_AUTHORIZATION_ANY)
+{
+       // set up an ANY/EVERYTHING AclEntryInput
+       input().proto().subject() += &mAny;
+       AuthorizationGroup &authGroup = input().proto().authorization();
+       authGroup.NumberOfAuthTags = 1;
+       authGroup.AuthTags = &mTag;
+       
+       // install the cred (not copied)
+       credentials(cred);
+}
+
 
 } // end namespace CssmClient
 } // end namespace Security