void BELPICToken::getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls) { Allocator &alloc = Allocator::standard(); if (unsigned pin = pinFromAclTag(tag, "?")) { static AutoAclEntryInfoList acl; acl.clear(); acl.allocator(alloc); uint32_t status = this->pinStatus(pin); if (status == SCARD_SUCCESS) acl.addPinState(pin, CSSM_ACL_PREAUTH_TRACKING_AUTHORIZED); else acl.addPinState(pin, CSSM_ACL_PREAUTH_TRACKING_UNKNOWN); count = acl.size(); acls = acl.entries(); return; } // get pin list, then for each pin if (!mAclEntries) { mAclEntries.allocator(alloc); // Anyone can read the attributes and data of any record on this token // (it's further limited by the object itself). mAclEntries.add(CssmClient::AclFactory::AnySubject( mAclEntries.allocator()), AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0)); // We support PIN1 with either a passed in password // subject or a prompted password subject. mAclEntries.addPin(AclFactory::PWSubject(alloc), 1); mAclEntries.addPin(AclFactory::PromptPWSubject(alloc, CssmData()), 1); } count = mAclEntries.size(); acls = mAclEntries.entries(); }