1/* 2 * Copyright (c) 2000-2001,2011,2014 Apple Inc. All Rights Reserved. 3 * 4 * The contents of this file constitute Original Code as defined in and are 5 * subject to the Apple Public Source License Version 1.2 (the 'License'). 6 * You may not use this file except in compliance with the License. Please obtain 7 * a copy of the License at http://www.apple.com/publicsource and read it before 8 * using this file. 9 * 10 * This Original Code and all software distributed under the License are 11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS 12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT 13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the 15 * specific language governing rights and limitations under the License. 16 */ 17 18 19// 20// keychainacl - Keychain-related ACL and credential forms 21// 22#ifdef __MWERKS__ 23#define _CPP_KEYCHAINACL 24#endif 25 26#include "keychainacl.h" 27#include <security_cdsa_utilities/cssmwalkers.h> 28 29using namespace CssmClient; 30 31 32// 33// Construct the factory. 34// @@@ Leaks. 35// 36KeychainAclFactory::KeychainAclFactory(Allocator &alloc) 37: allocator(alloc), nullCred(alloc, 1), kcCred(alloc, 2), kcUnlockCred(alloc, 1) 38{ 39 // the credential objects self-initialize to empty 40 nullCred.sample(0) = TypedList(alloc, CSSM_SAMPLE_TYPE_THRESHOLD); 41 42 kcCred.sample(0) = TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT); 43 kcCred.sample(1) = TypedList(alloc, CSSM_SAMPLE_TYPE_THRESHOLD, 44 new(alloc) ListElement(TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT))); 45 46 // @@@ This leaks a ListElement(CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT) 47 kcUnlockCred.sample(0) = TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK, 48 new(alloc) ListElement(CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT)); 49} 50 51KeychainAclFactory::~KeychainAclFactory() 52{ 53} 54 55 56// 57// Produce credentials. 58// These are constants that don't need to be allocated per use. 59// 60const AccessCredentials *KeychainAclFactory::nullCredentials() 61{ 62 return &nullCred; 63} 64 65const AccessCredentials *KeychainAclFactory::keychainPromptCredentials() 66{ 67 return &kcCred; 68} 69 70const AccessCredentials *KeychainAclFactory::keychainPromptUnlockCredentials() 71{ 72 return &kcUnlockCred; 73} 74 75const AutoCredentials *KeychainAclFactory::passwordChangeCredentials(const CssmData &password) 76{ 77 AutoCredentials *cred = new AutoCredentials(allocator, 1); 78 // @@@ This leaks a ListElement(CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT) and ListElement(password) 79 cred->sample(0) = TypedList(allocator, CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK, 80 new(allocator) ListElement(CSSM_SAMPLE_TYPE_PASSWORD), 81 new(allocator) ListElement(password)); 82 return cred; 83} 84 85const AutoCredentials *KeychainAclFactory::passwordUnlockCredentials(const CssmData &password) 86{ 87 AutoCredentials *cred = new AutoCredentials(allocator, 1); 88 // @@@ This leaks a ListElement(CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT) and ListElement(password) 89 cred->sample(0) = TypedList(allocator, CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK, 90 new(allocator) ListElement(CSSM_SAMPLE_TYPE_PASSWORD), 91 new(allocator) ListElement(password)); 92 return cred; 93} 94 95 96// 97// 98AclEntryInput *KeychainAclFactory::keychainPromptOwner(const CssmData &description) 99{ 100 // @@@ Make sure this works for a NULL description 101 AclEntryPrototype proto(TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT, 102 new(allocator) ListElement(allocator, description))); 103 return new(allocator) AclEntryInput(proto); 104} 105 106AclEntryInput *KeychainAclFactory::anyOwner() 107{ 108 AclEntryPrototype proto(TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_ANY)); 109 return new(allocator) AclEntryInput(proto); 110} 111 112void KeychainAclFactory::release(AclEntryInput *input) 113{ 114 DataWalkers::chunkFree(input, allocator); 115} 116 117 118// 119// ACL editing 120// 121void KeychainAclFactory::comment(TypedList &subject) 122{ 123 subject.insert(new(allocator) ListElement(CSSM_ACL_SUBJECT_TYPE_COMMENT), 124 subject.first()); 125} 126 127void KeychainAclFactory::uncomment(TypedList &subject) 128{ 129 ListElement *first = subject.first(); 130 assert(*first == CSSM_ACL_SUBJECT_TYPE_COMMENT); 131 subject -= first; 132 destroy(first, allocator); 133} 134