void GemaltoToken::_aclClear(AutoAclEntryInfoList& acl)
{
if (acl == true)
{
DataWalkers::ChunkFreeWalker w(acl.allocator());
for (uint32 ix = 0; ix < acl.size(); ix++)
walk(w, acl.at(ix));
acl.size(0);
}
}
void
SDDLSession::PassThrough(CSSM_DB_HANDLE inDbHandle,
uint32 inPassThroughId,
const void *inInputParams,
void **outOutputParams)
{
switch (inPassThroughId)
{
case CSSM_APPLECSPDL_DB_LOCK:
mClientSession.lock(ClientSession::toIPCHandle(inDbHandle));
break;
case CSSM_APPLECSPDL_DB_UNLOCK:
{
TrackingAllocator track(Allocator::standard());
AutoCredentials creds(track);
creds.tag("PIN1");
if (inInputParams)
creds += TypedList(track, CSSM_SAMPLE_TYPE_PASSWORD,
new (track) ListElement(track,
*reinterpret_cast<const CssmData *>(inInputParams)));
else
creds += TypedList(track, CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD,
new (track) ListElement(track, CssmData()));
Authenticate(inDbHandle, CSSM_DB_ACCESS_READ, creds);
break;
}
case CSSM_APPLECSPDL_DB_IS_LOCKED:
{
if (!outOutputParams)
CssmError::throwMe(CSSM_ERRCODE_INVALID_OUTPUT_POINTER);
bool isLocked = mClientSession.isLocked(ClientSession::toIPCHandle(inDbHandle));
CSSM_APPLECSPDL_DB_IS_LOCKED_PARAMETERS_PTR params =
DatabaseSession::alloc<CSSM_APPLECSPDL_DB_IS_LOCKED_PARAMETERS>();
params->isLocked = isLocked;
*reinterpret_cast<CSSM_APPLECSPDL_DB_IS_LOCKED_PARAMETERS_PTR *>
(outOutputParams) = params;
break;
}
case CSSM_APPLECSPDL_DB_CHANGE_PASSWORD:
{
if (!inInputParams)
CssmError::throwMe(CSSM_ERRCODE_INVALID_INPUT_POINTER);
const CSSM_APPLECSPDL_DB_CHANGE_PASSWORD_PARAMETERS *params =
reinterpret_cast
<const CSSM_APPLECSPDL_DB_CHANGE_PASSWORD_PARAMETERS *>
(inInputParams);
AutoAclEntryInfoList acls /* (mClientSession.allocator()) */;
CSSM_STRING tag = { 'P', 'I', 'N', '1' };
GetDbAcl(inDbHandle, &tag,
*static_cast<uint32 *>(acls),
*static_cast<CSSM_ACL_ENTRY_INFO **>(acls));
if (acls.size() == 0)
CssmError::throwMe(CSSM_ERRCODE_ACL_ENTRY_TAG_NOT_FOUND);
const AclEntryInfo &slot = acls.at(0);
if (acls.size() > 1)
secinfo("acl",
"Using entry handle %ld from %d total candidates",
slot.handle(), acls.size());
AclEdit edit(slot.handle(), slot.proto());
ChangeDbAcl(inDbHandle,
AccessCredentials::required(params->accessCredentials), edit);
break;
}
case CSSM_APPLECSPDL_DB_RELATION_EXISTS:
{
// We always return true so that the individual tokend can decide
if (!outOutputParams)
CssmError::throwMe(CSSM_ERRCODE_INVALID_OUTPUT_POINTER);
*reinterpret_cast<CSSM_BOOL *>(outOutputParams) = true;
break;
}
default:
CssmError::throwMe(CSSM_ERRCODE_INVALID_PASSTHROUGH_ID);
}
}
