Esempio n. 1
0
OSStatus SecACLSetSimpleContents(SecACLRef aclRef,
	CFArrayRef applicationList,
	CFStringRef description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector)
{
	BEGIN_SECAPI
	SecPointer<ACL> acl = ACL::required(aclRef);
    if(acl->form() == ACL::integrityForm) {
        // If this is an integrity ACL, route the (unhexified) promptDescription into the right place
        string hex = cfString(description);
        if(hex.length() %2 == 0) {
            // might be a valid hex string, try to set
            CssmAutoData data(Allocator::standard());
            data.malloc(hex.length() / 2);
            data.get().fromHex(hex.c_str());
            acl->setIntegrity(data);
        }
    } else {
        // Otherwise, put it in the promptDescription where it belongs
        acl->promptDescription() = description ? cfString(description) : "";
    }
	acl->promptSelector() = promptSelector ? *promptSelector : ACL::defaultSelector;
    if(acl->form() !=  ACL::integrityForm) {
        if (applicationList) {
            // application-list + prompt
            acl->form(ACL::appListForm);
            setApplications(acl, applicationList);
        } else {
            // allow-any
            acl->form(ACL::allowAllForm);
        }
	}
	acl->modify();
	END_SECAPI
}
Esempio n. 2
0
/*!
 */
OSStatus SecACLCopySimpleContents(SecACLRef aclRef,
	CFArrayRef *applicationList,
	CFStringRef *promptDescription, CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector)
{
	BEGIN_SECAPI
	SecPointer<ACL> acl = ACL::required(aclRef);
	switch (acl->form()) {
	case ACL::allowAllForm:
		Required(applicationList) = NULL;
		Required(promptDescription) =
			acl->promptDescription().empty() ? NULL
				: makeCFString(acl->promptDescription());
		Required(promptSelector) = acl->promptSelector();
		break;
	case ACL::appListForm:
		Required(applicationList) =
			makeCFArrayFrom(convert, acl->applications());
		Required(promptDescription) = makeCFString(acl->promptDescription());
		Required(promptSelector) = acl->promptSelector();
		break;
    case ACL::integrityForm:
        Required(applicationList) = NULL;
        Required(promptDescription) = makeCFString(acl->integrity().toHex());

        // We don't have a prompt selector. Nullify.
        Required(promptSelector).version = CSSM_ACL_KEYCHAIN_PROMPT_CURRENT_VERSION;
        Required(promptSelector).flags = 0;
        break;
	default:
		return errSecACLNotSimple;		// custom or unknown
	}
	END_SECAPI
}
Esempio n. 3
0
/*!
 */
OSStatus SecACLCreateFromSimpleContents(SecAccessRef accessRef,
	CFArrayRef applicationList,
	CFStringRef description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector,
	SecACLRef *newAcl)
{
	BEGIN_SECAPI
	SecPointer<Access> access = Access::required(accessRef);
	SecPointer<ACL> acl = new ACL(cfString(description), *promptSelector);
	if (applicationList) {
		// application-list + prompt
		acl->form(ACL::appListForm);
		setApplications(acl, applicationList);
	} else {
		// allow-any
		acl->form(ACL::allowAllForm);
	}
	access->add(acl.get());
	Required(newAcl) = acl->handle();
	END_SECAPI
}