1/* 2 * Copyright (c) 2000-2006,2011,2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24 25// 26// acl_password - password-based ACL subject types 27// 28#include <security_cdsa_utilities/acl_password.h> 29#include <security_utilities/debugging.h> 30#include <security_utilities/endian.h> 31#include <algorithm> 32 33 34// 35// PasswordAclSubject always pre-loads its secret, and thus never has to 36// "get" its secret. If we ever try, it's a bug. 37// 38bool PasswordAclSubject::getSecret(const AclValidationContext &context, 39 const TypedList &sample, CssmOwnedData &secret) const 40{ 41 switch (sample.length()) { 42 case 1: 43 return false; // no password in sample 44 case 2: 45 secret = sample[1]; 46 return true; 47 default: 48 CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE); 49 } 50} 51 52 53// 54// Make a copy of this subject in CSSM_LIST form 55// 56CssmList PasswordAclSubject::toList(Allocator &alloc) const 57{ 58 // the password itself is private and not exported to CSSM 59 return TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_PASSWORD); 60} 61 62 63// 64// Create a PasswordAclSubject 65// 66PasswordAclSubject *PasswordAclSubject::Maker::make(const TypedList &list) const 67{ 68 Allocator &alloc = Allocator::standard(Allocator::sensitive); 69 switch (list.length()) { 70 case 1: 71 return new PasswordAclSubject(alloc, true); 72 case 2: 73 { 74 ListElement *password; 75 crack(list, 1, &password, CSSM_LIST_ELEMENT_DATUM); 76 return new PasswordAclSubject(alloc, password->data()); 77 } 78 default: 79 CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE); 80 } 81} 82 83PasswordAclSubject *PasswordAclSubject::Maker::make(Version, Reader &pub, Reader &priv) const 84{ 85 Allocator &alloc = Allocator::standard(Allocator::sensitive); 86 const void *data; size_t length; priv.countedData(data, length); 87 CssmAutoData passwordData(alloc, data, length); 88 return new PasswordAclSubject(alloc, passwordData); 89} 90 91 92// 93// Export the subject to a memory blob 94// 95void PasswordAclSubject::exportBlob(Writer::Counter &pub, Writer::Counter &priv) 96{ 97 priv.countedData(secret()); 98} 99 100void PasswordAclSubject::exportBlob(Writer &pub, Writer &priv) 101{ 102 priv.countedData(secret()); 103} 104 105 106#ifdef DEBUGDUMP 107 108void PasswordAclSubject::debugDump() const 109{ 110 Debug::dump("Password"); 111 SecretAclSubject::debugDump(); 112} 113 114#endif //DEBUGDUMP 115