void BELPICToken::getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls)
{
Allocator &alloc = Allocator::standard();
if (unsigned pin = pinFromAclTag(tag, "?")) {
static AutoAclEntryInfoList acl;
acl.clear();
acl.allocator(alloc);
uint32_t status = this->pinStatus(pin);
if (status == SCARD_SUCCESS)
acl.addPinState(pin, CSSM_ACL_PREAUTH_TRACKING_AUTHORIZED);
else
acl.addPinState(pin, CSSM_ACL_PREAUTH_TRACKING_UNKNOWN);
count = acl.size();
acls = acl.entries();
return;
}
// get pin list, then for each pin
if (!mAclEntries)
{
mAclEntries.allocator(alloc);
// Anyone can read the attributes and data of any record on this token
// (it's further limited by the object itself).
mAclEntries.add(CssmClient::AclFactory::AnySubject(
mAclEntries.allocator()),
AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0));
// We support PIN1 with either a passed in password
// subject or a prompted password subject.
mAclEntries.addPin(AclFactory::PWSubject(alloc), 1);
mAclEntries.addPin(AclFactory::PromptPWSubject(alloc, CssmData()), 1);
}
count = mAclEntries.size();
acls = mAclEntries.entries();
}
