X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5c19dc3ae3bd8e40a9c028b0deddd50ff337692c..dd5fb164cf5b32c462296bc65e289e100f74b59a:/OSX/libsecurity_cdsa_utilities/lib/cssmcred.cpp

diff --git a/OSX/libsecurity_cdsa_utilities/lib/cssmcred.cpp b/OSX/libsecurity_cdsa_utilities/lib/cssmcred.cpp
index ff7d0925..5f877bbc 100644
--- a/OSX/libsecurity_cdsa_utilities/lib/cssmcred.cpp
+++ b/OSX/libsecurity_cdsa_utilities/lib/cssmcred.cpp
@@ -77,6 +77,35 @@ void AccessCredentials::tag(const char *tagString)
 		strcpy(EntryTag, tagString);
 }
 
+bool AccessCredentials::authorizesUI() const {
+    list<CssmSample> uisamples;
+
+    if(samples().collect(CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT, uisamples)) {
+        // The existence of a lone keychain prompt gives UI access
+        return true;
+    }
+
+    samples().collect(CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK, uisamples);
+    samples().collect(CSSM_SAMPLE_TYPE_THRESHOLD, uisamples);
+
+    for (list<CssmSample>::iterator it = uisamples.begin(); it != uisamples.end(); it++) {
+        TypedList &sample = *it;
+
+        if(!sample.isProper()) {
+            secnotice("integrity", "found a non-proper sample, skipping...");
+            continue;
+        }
+
+        switch (sample.type()) {
+            case CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT:
+                // these credentials allow UI
+                return true;
+        }
+    }
+
+    // no interesting credential found; no UI for you
+    return false;
+}
 
 //
 // AutoCredentials self-constructing credentials structure