X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/fa7225c82381bac4432a6edf16f53b5370238d85..refs/heads/master:/OSX/libsecurity_keychain/lib/SecAccess.cpp

diff --git a/OSX/libsecurity_keychain/lib/SecAccess.cpp b/OSX/libsecurity_keychain/lib/SecAccess.cpp
index ba74e379..44368992 100644
--- a/OSX/libsecurity_keychain/lib/SecAccess.cpp
+++ b/OSX/libsecurity_keychain/lib/SecAccess.cpp
@@ -21,17 +21,20 @@
  * @APPLE_LICENSE_HEADER_END@
  */
 
-#include <SecBase.h>
+#include <Security/SecBase.h>
 #include <Security/SecAccess.h>
 #include <Security/SecAccessPriv.h>
 #include <Security/SecTrustedApplication.h>
 #include <Security/SecTrustedApplicationPriv.h>
 #include <security_keychain/Access.h>
+#include <security_utilities/casts.h>
+#include <utilities/SecCFRelease.h>
 #include "SecBridge.h"
 #include <sys/param.h>
 
 #include <utilities/SecCFWrappers.h>
 
+#include "LegacyAPICounts.h"
 
 /* No restrictions. Permission to perform all operations on
    the resource or available to an ACL owner.  */
@@ -230,6 +233,7 @@ CFStringRef GetAuthStringFromACLAuthorizationTag(sint32 tag)
 	{
 		result = (CFStringRef)CFDictionaryGetValue(gTagMapping, aNum);
 	}
+    CFReleaseSafe(aNum);
 	return result;
 }
 
@@ -286,12 +290,13 @@ OSStatus SecAccessCreateFromOwnerAndACL(const CSSM_ACL_OWNER_PROTOTYPE *owner,
 
 SecAccessRef SecAccessCreateWithOwnerAndACL(uid_t userId, gid_t groupId, SecAccessOwnerType ownerType, CFArrayRef acls, CFErrorRef *error)
 {
+	COUNTLEGACYAPI
 	SecAccessRef result = NULL;
 
 	CSSM_ACL_PROCESS_SUBJECT_SELECTOR selector =
 	{
 		CSSM_ACL_PROCESS_SELECTOR_CURRENT_VERSION,	// selector version
-		ownerType,
+		int_cast<UInt32, uint16>(ownerType),
 		userId,
 		groupId
 	};
@@ -318,8 +323,7 @@ SecAccessRef SecAccessCreateWithOwnerAndACL(uid_t userId, gid_t groupId, SecAcce
 	CFRelease(debugStr);
 #endif
 
-	CSSM_ACL_AUTHORIZATION_TAG rights[numAcls];
-	memset(rights, 0, sizeof(rights));
+	std::vector<CSSM_ACL_AUTHORIZATION_TAG> rights(numAcls);
 
 	for (CFIndex iCnt = 0; iCnt < numAcls; iCnt++)
 	{
@@ -379,7 +383,7 @@ SecAccessRef SecAccessCreateWithOwnerAndACL(uid_t userId, gid_t groupId, SecAcce
 				{ CSSM_LIST_TYPE_UNKNOWN, &subject1, &subject2 },
 				false,	// Delegate
 				// rights for this entry
-				{ (uint32)(sizeof(rights) / sizeof(rights[0])), rights },
+				{ (uint32)numAcls, rights.data() },
 				// rest is defaulted
 			}
 		}
@@ -414,6 +418,7 @@ OSStatus SecAccessGetOwnerAndACL(SecAccessRef accessRef,
 
 OSStatus SecAccessCopyOwnerAndACL(SecAccessRef accessRef, uid_t* userId, gid_t* groupId, SecAccessOwnerType* ownerType, CFArrayRef* aclList)
 {
+	COUNTLEGACYAPI
 	CSSM_ACL_OWNER_PROTOTYPE_PTR owner = NULL;
 	CSSM_ACL_ENTRY_INFO_PTR acls = NULL;
 	uint32 aclCount = 0;
@@ -530,6 +535,7 @@ OSStatus SecAccessCopySelectedACLList(SecAccessRef accessRef,
 
 CFArrayRef SecAccessCopyMatchingACLList(SecAccessRef accessRef, CFTypeRef authorizationTag)
 {
+	COUNTLEGACYAPI
 	CFArrayRef result = NULL;
 	CSSM_ACL_AUTHORIZATION_TAG tag = GetACLAuthorizationTagFromString((CFStringRef)authorizationTag);
 	OSStatus err = SecAccessCopySelectedACLList(accessRef, tag, &result);
@@ -562,8 +568,9 @@ CFArrayRef copyTrustedAppListFromBundle(CFStringRef bundlePath, CFStringRef trus
 
     // Make a bundle instance using the URLRef.
     secBundle = CFBundleCreate(kCFAllocatorDefault,bundleURL);
-    if (!secBundle)
+    if (!secBundle) {
         goto xit;
+    }
 
 	trustedAppListFileNameWithoutExtension =
 		CFStringCreateMutableCopy(NULL,CFStringGetLength(trustedAppListFileName),trustedAppListFileName);
@@ -573,19 +580,19 @@ CFArrayRef copyTrustedAppListFromBundle(CFStringRef bundlePath, CFStringRef trus
 
     // Look for a resource in the bundle by name and type
     trustedAppsURL = CFBundleCopyResourceURL(secBundle,trustedAppListFileNameWithoutExtension,CFSTR("plist"),NULL);
-    if (!trustedAppsURL)
+    if (!trustedAppsURL) {
         goto xit;
+    }
 
-    if ( trustedAppListFileNameWithoutExtension )
-		CFRelease(trustedAppListFileNameWithoutExtension);
-
-	if (!CFURLCreateDataAndPropertiesFromResource(kCFAllocatorDefault,trustedAppsURL,&xmlDataRef,NULL,NULL,&errorCode))
+    if (!CFURLCreateDataAndPropertiesFromResource(kCFAllocatorDefault,trustedAppsURL,&xmlDataRef,NULL,NULL,&errorCode)) {
         goto xit;
+    }
 
 	trustedAppsPlist = CFPropertyListCreateFromXMLData(kCFAllocatorDefault,xmlDataRef,kCFPropertyListImmutable,&errorString);
     trustedAppList = (CFArrayRef)trustedAppsPlist;
 
 xit:
+    CFReleaseNull(trustedAppListFileNameWithoutExtension);
     if (bundleURL)
         CFRelease(bundleURL);
     if (secBundle)
@@ -602,6 +609,7 @@ xit:
 
 OSStatus SecAccessCreateWithTrustedApplications(CFStringRef trustedApplicationsPListPath, CFStringRef accessLabel, Boolean allowAny, SecAccessRef* returnedAccess)
 {
+	COUNTLEGACYAPI
 	OSStatus err = errSecSuccess;
 	SecAccessRef accessToReturn=nil;
 	CFMutableArrayRef trustedApplications=nil;