1/* 2 * Copyright (c) 2000-2004,2006,2011,2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24 25// 26// acl_protectedpw - protected-path password-based ACL subject types. 27// 28// This implements "protected path" password-based subject types as per CSSM standard. 29// A "protected path" is something that is outside the scope of the computer proper, 30// like e.g. a PINpad directly attached to a smartcard token. 31// Note: A password prompted through securityd/SecurityAgent is a "prompted password", 32// not a "protected password". See acl_prompted.h. 33// 34// @@@ Warning: This is not quite implemented. 35// 36#ifndef _ACL_PROTECTED_PASSWORD 37#define _ACL_PROTECTED_PASSWORD 38 39#include <security_cdsa_utilities/cssmdata.h> 40#include <security_cdsa_utilities/cssmacl.h> 41#include <string> 42 43 44namespace Security { 45 46class ProtectedPasswordAclSubject : public SimpleAclSubject { 47public: 48 bool validate(const AclValidationContext &baseCtx, const TypedList &sample) const; 49 CssmList toList(Allocator &alloc) const; 50 51 ProtectedPasswordAclSubject(Allocator &alloc, const CssmData &password); 52 ProtectedPasswordAclSubject(Allocator &alloc, CssmManagedData &password); 53 54 Allocator &allocator; 55 56 void exportBlob(Writer::Counter &pub, Writer::Counter &priv); 57 void exportBlob(Writer &pub, Writer &priv); 58 59 IFDUMP(void debugDump() const); 60 61 class Maker : public AclSubject::Maker { 62 public: 63 Maker() : AclSubject::Maker(CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD) { } 64 ProtectedPasswordAclSubject *make(const TypedList &list) const; 65 ProtectedPasswordAclSubject *make(Version, Reader &pub, Reader &priv) const; 66 }; 67 68private: 69 CssmAutoData mPassword; 70}; 71 72} // end namespace Security 73 74 75#endif //_ACL_PROTECTED_PASSWORD 76