<key>comment</key>
<string>wildcard right for deleting system rights.</string>
</dict>
+ <key>com.apple.</key>
+ <dict>
+ <key>rule</key>
+ <string>default</string>
+ </dict>
+ <key>system.</key>
+ <dict>
+ <key>rule</key>
+ <string>default</string>
+ </dict>
<key>sys.openfile.</key>
<dict>
<key>class</key>
);
buildSettings = {
BUILD_VARIANTS = "normal debug";
- CURRENT_PROJECT_VERSION = 67;
+ CURRENT_PROJECT_VERSION = 25481;
FRAMEWORK_SEARCH_PATHS = "/usr/local/SecurityPieces/Frameworks /usr/local/SecurityPieces/Components/securityd $(SYSTEM_LIBRARY_DIR)/PrivateFrameworks";
INSTALL_PATH = /usr/sbin;
OPT_CPPXFLAGS = "$(OPT_CXFLAGS) -fno-enforce-eh-specs -fno-implement-inlines -fcoalesce-templates";
bool
AuthorizationDBPlist::existRule(string &ruleName) const
{
- map<string,Rule>::const_iterator rule = mRules.find(ruleName);
- if (rule != mRules.end())
+ AuthItemRef candidateRule(ruleName.c_str());
+ string ruleForCandidate = getRule(candidateRule)->name();
+ // same name or covered by wildcard right -> modification.
+ if ( (ruleName == ruleForCandidate) ||
+ (*(ruleForCandidate.rbegin()) == '.') )
return true;
-
+
return false;
}
//@@@ ignoring prompt - not used right now
if (database) {
QueryPIN query(*database);
+ query.inferHints(Server::process());
if (!query()) { // success
secret = query.pin();
return true;
SecurityAgentQuery::SecurityAgentQuery(const AuthHostType type, Session &session) : mAuthHostType(type), mHostInstance(session.authhost(mAuthHostType)), mConnection(&Server::connection())
{
+ // this may take a while
+ Server::active().longTermActivity();
secdebug("SecurityAgentQuery", "new SecurityAgentQuery(%p)", this);
}
void
SecurityAgentQuery::activate()
{
- // this may take a while
- Server::active().longTermActivity();
mConnection->useAgent(this);
try {
case CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT:
{
secdebug("KCdb", "%p attempting interactive unlock", this);
+ QueryUnlock query(*this);
// Holding DB common lock during UI will deadlock securityd
StSyncLock<Mutex, Mutex> uisync(common().uiLock(), common());
- QueryUnlock query(*this);
query.inferHints(Server::process());
if (query() == SecurityAgent::noReason)
return;
return;
}
+ QueryUnlock query(*this);
// attempt interactive unlock
StSyncLock<Mutex, Mutex> uisync(common().uiLock(), common());
- QueryUnlock query(*this);
query.inferHints(Server::process());
if (query() == SecurityAgent::noReason)
return;
case CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT:
{
secdebug("KCdb", "%p specified interactive passphrase", this);
- StSyncLock<Mutex, Mutex> uisync(common().uiLock(), common());
QueryNewPassphrase query(*this, reason);
+ StSyncLock<Mutex, Mutex> uisync(common().uiLock(), common());
query.inferHints(Server::process());
CssmAutoData passphrase(Allocator::standard(Allocator::sensitive));
if (query(passphrase) == SecurityAgent::noReason) {
}
} else {
// default action -- interactive (only)
- StSyncLock<Mutex, Mutex> uisync(common().uiLock(), common());
QueryNewPassphrase query(*this, reason);
+ StSyncLock<Mutex, Mutex> uisync(common().uiLock(), common());
query.inferHints(Server::process());
CssmAutoData passphrase(Allocator::standard(Allocator::sensitive));
if (query(passphrase) == SecurityAgent::noReason) {
if (const char *s = getenv("TOKENCACHE"))
tokenCacheDir = s;
#endif //NDEBUG
- TokenCache tokenCache(tokenCacheDir);
// create a smartcard monitor to manage external token devices
- PCSCMonitor secureCards(server, tokenCache, scOptions(smartCardOptions));
+ PCSCMonitor secureCards(server, tokenCacheDir, scOptions(smartCardOptions));
// create the RootSession object (if -d, give it graphics and tty attributes)
RootSession rootSession(server,
// In fact, you should push all the hard work into a timer, so as not to hold up the
// general startup process.
//
-PCSCMonitor::PCSCMonitor(Server &srv, TokenCache &tc, ServiceLevel level)
+PCSCMonitor::PCSCMonitor(Server &server, const char* pathToCache, ServiceLevel level)
: Listener(kNotificationDomainPCSC, SecurityServer::kNotificationAllEvents),
MachServer::Timer(true), // "heavy" timer task
- server(srv), cache(tc),
+ server(server),
+ cache (NULL),
+ cachePath (pathToCache),
mServiceLevel(level),
mTimerAction(&PCSCMonitor::initialSetup),
mGoingToSleep(false)
// accounted for this reader
current.erase(reader);
} else {
- RefPointer<Reader> newReader = new Reader(cache, state);
+ RefPointer<Reader> newReader = new Reader(getTokenCache (), state);
mReaders.insert(make_pair(state.name(), newReader));
Syslog::notice("Token reader %s inserted into system", state.name());
newReader->update(state); // initial state setup
}
+TokenCache& PCSCMonitor::getTokenCache ()
+{
+ if (cache == NULL) {
+ cache = new TokenCache(cachePath.c_str ());
+ }
+
+ return *cache;
+}
+
+
+
void PCSCMonitor::launchPcscd()
{
// launch pcscd
externalDaemon // use externally launched daemon if present (do not manage pcscd)
};
- PCSCMonitor(Server &server, TokenCache &cache, ServiceLevel level = conservative);
+ PCSCMonitor(Server &server, const char* pathToCache, ServiceLevel level = conservative);
protected:
void pollReaders();
Server &server;
- TokenCache &cache;
-
+ TokenCache *cache;
+ std::string cachePath;
+ TokenCache& getTokenCache ();
+
protected:
// Listener
void notifyMe(SecurityServer::NotificationDomain domain,
void TokenAcl::pinChange(unsigned int pin, CSSM_ACL_HANDLE handle, TokenDatabase &database)
{
QueryNewPin query(pin, handle, database, SecurityAgent::changePassphrase);
+ query.inferHints(Server::process());
CssmAutoData newPin(Allocator::standard(Allocator::sensitive));
switch (query(newPin)) {
case SecurityAgent::noReason: // worked
projects / apple / securityd.git / commitdiff
