X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5c19dc3ae3bd8e40a9c028b0deddd50ff337692c..HEAD:/OSX/libsecurity_cdsa_utilities/lib/cssmcred.cpp

diff --git a/OSX/libsecurity_cdsa_utilities/lib/cssmcred.cpp b/OSX/libsecurity_cdsa_utilities/lib/cssmcred.cpp
index ff7d0925..ee66a633 100644
--- a/OSX/libsecurity_cdsa_utilities/lib/cssmcred.cpp
+++ b/OSX/libsecurity_cdsa_utilities/lib/cssmcred.cpp
@@ -30,20 +30,6 @@
 
 namespace Security {
 
-
-//
-// The null credential constant.
-//
-static const CSSM_ACCESS_CREDENTIALS null_credentials = { "" };	// and more nulls
-#if BUG_GCC
-const AccessCredentials &AccessCredentials::null =
-    *static_cast<const AccessCredentials *>(&null_credentials);
-#else
-const AccessCredentials &AccessCredentials::null =
-    static_cast<const AccessCredentials &>(null_credentials);
-#endif
-
-
 //
 // Scan a SampleGroup for samples with a given CSSM_SAMPLE_TYPE.
 // Collect all matching samples into a list (which is cleared to begin with).
@@ -67,6 +53,12 @@ bool SampleGroup::collect(CSSM_SAMPLE_TYPE sampleType, list<CssmSample> &matches
 //
 // AccessCredentials
 //
+const AccessCredentials& AccessCredentials::null_credential()
+{
+    static const CSSM_ACCESS_CREDENTIALS null_credentials = { "" };    // and more nulls
+    return AccessCredentials::overlay(null_credentials);
+}
+
 void AccessCredentials::tag(const char *tagString)
 {
 	if (tagString == NULL)
@@ -77,6 +69,35 @@ void AccessCredentials::tag(const char *tagString)
 		strcpy(EntryTag, tagString);
 }
 
+bool AccessCredentials::authorizesUI() const {
+    list<CssmSample> uisamples;
+
+    if(samples().collect(CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT, uisamples)) {
+        // The existence of a lone keychain prompt gives UI access
+        return true;
+    }
+
+    samples().collect(CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK, uisamples);
+    samples().collect(CSSM_SAMPLE_TYPE_THRESHOLD, uisamples);
+
+    for (list<CssmSample>::iterator it = uisamples.begin(); it != uisamples.end(); it++) {
+        TypedList &sample = *it;
+
+        if(!sample.isProper()) {
+            secnotice("integrity", "found a non-proper sample, skipping...");
+            continue;
+        }
+
+        switch (sample.type()) {
+            case CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT:
+                // these credentials allow UI
+                return true;
+        }
+    }
+
+    // no interesting credential found; no UI for you
+    return false;
+}
 
 //
 // AutoCredentials self-constructing credentials structure