X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5dd5f9ec28f304ca377c42fd7f711d6cf12b90e1..5c19dc3ae3bd8e40a9c028b0deddd50ff337692c:/OSX/libsecurity_cdsa_utilities/lib/acl_password.cpp diff --git a/OSX/libsecurity_cdsa_utilities/lib/acl_password.cpp b/OSX/libsecurity_cdsa_utilities/lib/acl_password.cpp new file mode 100644 index 00000000..96801a94 --- /dev/null +++ b/OSX/libsecurity_cdsa_utilities/lib/acl_password.cpp @@ -0,0 +1,114 @@ +/* + * Copyright (c) 2000-2006,2011,2014 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + + +// +// acl_password - password-based ACL subject types +// +#include +#include +#include +#include + + +// +// PasswordAclSubject always pre-loads its secret, and thus never has to +// "get" its secret. If we ever try, it's a bug. +// +bool PasswordAclSubject::getSecret(const AclValidationContext &context, + const TypedList &sample, CssmOwnedData &secret) const +{ + switch (sample.length()) { + case 1: + return false; // no password in sample + case 2: + secret = sample[1]; + return true; + default: + CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE); + } +} + + +// +// Make a copy of this subject in CSSM_LIST form +// +CssmList PasswordAclSubject::toList(Allocator &alloc) const +{ + // the password itself is private and not exported to CSSM + return TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_PASSWORD); +} + + +// +// Create a PasswordAclSubject +// +PasswordAclSubject *PasswordAclSubject::Maker::make(const TypedList &list) const +{ + Allocator &alloc = Allocator::standard(Allocator::sensitive); + switch (list.length()) { + case 1: + return new PasswordAclSubject(alloc, true); + case 2: + { + ListElement *password; + crack(list, 1, &password, CSSM_LIST_ELEMENT_DATUM); + return new PasswordAclSubject(alloc, password->data()); + } + default: + CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE); + } +} + +PasswordAclSubject *PasswordAclSubject::Maker::make(Version, Reader &pub, Reader &priv) const +{ + Allocator &alloc = Allocator::standard(Allocator::sensitive); + const void *data; size_t length; priv.countedData(data, length); + CssmAutoData passwordData(alloc, data, length); + return new PasswordAclSubject(alloc, passwordData); +} + + +// +// Export the subject to a memory blob +// +void PasswordAclSubject::exportBlob(Writer::Counter &pub, Writer::Counter &priv) +{ + priv.countedData(secret()); +} + +void PasswordAclSubject::exportBlob(Writer &pub, Writer &priv) +{ + priv.countedData(secret()); +} + + +#ifdef DEBUGDUMP + +void PasswordAclSubject::debugDump() const +{ + Debug::dump("Password"); + SecretAclSubject::debugDump(); +} + +#endif //DEBUGDUMP