#include "acls.h"
#include "connection.h"
#include "server.h"
#include "SecurityAgentClient.h"
#include <Security/acl_any.h>
#include <Security/acl_password.h>
#include <Security/acl_threshold.h>
SecurityServerAcl::~SecurityServerAcl()
{ }
const Database *SecurityServerAcl::relatedDatabase() const
{ return NULL; }
void SecurityServerAcl::cssmGetAcl(const char *tag, uint32 &count, AclEntryInfo * &acls)
{
instantiateAcl();
return ObjectAcl::cssmGetAcl(tag, count, acls);
}
void SecurityServerAcl::cssmGetOwner(AclOwnerPrototype &owner)
{
instantiateAcl();
return ObjectAcl::cssmGetOwner(owner);
}
void SecurityServerAcl::cssmChangeAcl(const AclEdit &edit, const AccessCredentials *cred)
{
instantiateAcl();
SecurityServerEnvironment env(*this);
ObjectAcl::cssmChangeAcl(edit, cred, &env);
noticeAclChange();
}
void SecurityServerAcl::cssmChangeOwner(const AclOwnerPrototype &newOwner,
const AccessCredentials *cred)
{
instantiateAcl();
SecurityServerEnvironment env(*this);
ObjectAcl::cssmChangeOwner(newOwner, cred, &env);
noticeAclChange();
}
void SecurityServerAcl::validate(AclAuthorization auth, const AccessCredentials *cred) const
{
SecurityServerEnvironment env(*this);
ObjectAcl::validate(auth, cred, &env);
}
void SecurityServerAcl::validate(AclAuthorization auth, const Context &context) const
{
validate(auth,
context.get<AccessCredentials>(CSSM_ATTRIBUTE_ACCESS_CREDENTIALS));
}
bool SecurityServerAcl::getBatchPassphrase(const AccessCredentials *cred,
CSSM_SAMPLE_TYPE neededSampleType, CssmOwnedData &passphrase)
{
if (cred) {
const SampleGroup &samples = cred->samples();
for (uint32 n = 0; n < samples.length(); n++) {
TypedList sample = samples[n];
if (!sample.isProper())
CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE);
if (sample.type() == neededSampleType) {
sample.snip();
if (!sample.isProper())
CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE);
switch (sample.type()) {
case CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT:
return false;
case CSSM_SAMPLE_TYPE_PASSWORD:
if (sample.length() != 2)
CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE);
passphrase = sample[1];
return true;
default:
CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE);
}
}
}
}
return false;
}
uid_t SecurityServerEnvironment::getuid() const
{
return Server::connection().process.uid();
}
gid_t SecurityServerEnvironment::getgid() const
{
return Server::connection().process.gid();
}
pid_t SecurityServerEnvironment::getpid() const
{
return Server::connection().process.pid();
}
bool SecurityServerEnvironment::verifyCodeSignature(const CodeSigning::Signature *signature)
{
return Server::connection().process.verifyCodeSignature(signature);
}