Security-59306.140.5.tar.gz

[apple/security.git] / OSX / libsecurity_keychain / lib / Access.cpp

diff --git a/OSX/libsecurity_keychain/lib/Access.cpp b/OSX/libsecurity_keychain/lib/Access.cpp
index 2aa23a18ef93e6544b0b20f616ac6c7403f77861..032bbb6ebd8d39166f357ad9c7852b9af08d1de2 100644 (file)
--- a/OSX/libsecurity_keychain/lib/Access.cpp
+++ b/OSX/libsecurity_keychain/lib/Access.cpp
@@ -27,11 +27,10 @@
 #include <security_keychain/Access.h>
 #include <Security/SecBase.h>
 #include "SecBridge.h"
-#include <security_utilities/devrandom.h>
-#include <security_cdsa_utilities/uniformrandom.h>
+#include <Security/SecRandom.h>
 #include <security_cdsa_client/aclclient.h>
 #include <vector>
-#include <SecBase.h>
+#include <Security/SecBase.h>
 using namespace KeychainCore;
 using namespace CssmClient;
 
@@ -270,7 +269,7 @@ void Access::removeAclsForRight(AclAuthorization right) {
     for (Map::const_iterator it = mAcls.begin(); it != mAcls.end(); ) {
         if (it->second->authorizesSpecifically(right)) {
             it = mAcls.erase(it);
-            secdebugfunc("SecAccess", "%p removed an acl, %d left", this, mAcls.size());
+            secinfo("SecAccess", "%p removed an acl, %lu left", this, mAcls.size());
         } else {
             it++;
         }
@@ -339,16 +338,16 @@ void Access::compile(const CSSM_ACL_OWNER_PROTOTYPE &owner,
        StLock<Mutex>_(mMutex);
        // add owner acl
        mAcls[ownerHandle] = new ACL(AclOwnerPrototype::overlay(owner));
-    secdebugfunc("SecAccess", "form of owner is: %d", mAcls[ownerHandle]->form());
+    secinfo("SecAccess", "form of owner is: %d", mAcls[ownerHandle]->form());
        
        // add acl entries
        const AclEntryInfo *acl = AclEntryInfo::overlay(acls);
        for (uint32 n = 0; n < aclCount; n++) {
-               secdebug("SecAccess", "%p compiling entry %ld", this, acl[n].handle());
+               secinfo("SecAccess", "%p compiling entry %ld", this, acl[n].handle());
                mAcls[acl[n].handle()] = new ACL(acl[n]);
-        secdebug("SecAccess", "form is: %d", mAcls[acl[n].handle()]->form());
+        secinfo("SecAccess", "form is: %d", mAcls[acl[n].handle()]->form());
        }
-       secdebug("SecAccess", "%p %ld entries compiled", this, mAcls.size());
+       secinfo("SecAccess", "%p %ld entries compiled", this, mAcls.size());
 }
 
 
@@ -364,14 +363,15 @@ Access::Maker::Maker(Allocator &alloc, MakerType makerType)
        {
                // generate random key
                mKey.malloc(keySize);
-               UniformRandomBlobs<DevRandomGenerator>().random(mKey.get());
-               
+        CssmData data = mKey.get();
+        MacOSError::check(SecRandomCopyBytes(kSecRandomDefault, data.length(), data.data()));
+        
                // create entry info for resource creation
                mInput = AclEntryPrototype(TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_PASSWORD,
                        new(allocator) ListElement(mKey.get())));
                mInput.proto().tag(creationEntryTag);
-        secdebugfunc("SecAccess", "made a CSSM_ACL_SUBJECT_TYPE_PASSWORD ACL entry for %p", this);
-        secdebugfunc("SecAccess", "mInput: %p, typedList %p", &mInput, mInput.Prototype.TypedSubject);
+        secinfo("SecAccess", "made a CSSM_ACL_SUBJECT_TYPE_PASSWORD ACL entry for %p", this);
+        secinfo("SecAccess", "mInput: %p, typedList %p", &mInput, &(mInput.Prototype.TypedSubject));
 
                // create credential sample for access
                mCreds += TypedList(allocator, CSSM_SAMPLE_TYPE_PASSWORD, new(allocator) ListElement(mKey.get()));
@@ -380,7 +380,7 @@ Access::Maker::Maker(Allocator &alloc, MakerType makerType)
        {
                // just make it an CSSM_ACL_SUBJECT_TYPE_ANY list
                mInput = AclEntryPrototype(TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_ANY));
-        secdebugfunc("SecAccess", "made a CSSM_ACL_SUBJECT_TYPE_ANY ACL entry for %p", this);
+        secinfo("SecAccess", "made a CSSM_ACL_SUBJECT_TYPE_ANY ACL entry for %p", this);
        }
 }