void GemaltoToken::_addPinState(AutoAclEntryInfoList& acl, uint32 slot, uint32 status) { char tag[20]; snprintf(tag, sizeof(tag), "PIN%d?", (int) slot); TypedList subj(acl.allocator(), CSSM_WORDID_PIN, new(acl.allocator()) ListElement(slot), new(acl.allocator()) ListElement(status)); acl.add(subj, CSSM_WORDID_PIN, tag); }
void BELPICToken::getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls) { Allocator &alloc = Allocator::standard(); if (unsigned pin = pinFromAclTag(tag, "?")) { static AutoAclEntryInfoList acl; acl.clear(); acl.allocator(alloc); uint32_t status = this->pinStatus(pin); if (status == SCARD_SUCCESS) acl.addPinState(pin, CSSM_ACL_PREAUTH_TRACKING_AUTHORIZED); else acl.addPinState(pin, CSSM_ACL_PREAUTH_TRACKING_UNKNOWN); count = acl.size(); acls = acl.entries(); return; } // get pin list, then for each pin if (!mAclEntries) { mAclEntries.allocator(alloc); // Anyone can read the attributes and data of any record on this token // (it's further limited by the object itself). mAclEntries.add(CssmClient::AclFactory::AnySubject( mAclEntries.allocator()), AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0)); // We support PIN1 with either a passed in password // subject or a prompted password subject. mAclEntries.addPin(AclFactory::PWSubject(alloc), 1); mAclEntries.addPin(AclFactory::PromptPWSubject(alloc, CssmData()), 1); } count = mAclEntries.size(); acls = mAclEntries.entries(); }
void GemaltoToken::_aclClear(AutoAclEntryInfoList& acl) { if (acl == true) { DataWalkers::ChunkFreeWalker w(acl.allocator()); for (uint32 ix = 0; ix < acl.size(); ix++) walk(w, acl.at(ix)); acl.size(0); } }
void GemaltoToken::getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls) { log("\nGemaltoToken::getAcl <BEGIN>\n"); log("tag <%s> - count <%lu>\n", tag, count); Allocator &alloc = Allocator::standard(); if (uint32 pin = _pinFromAclTag(tag, "?")) { static AutoAclEntryInfoList acl; _aclClear(acl); acl.allocator(alloc); uint32_t status = this->pinStatus(pin); if (status == SCARD_SUCCESS) { _addPinState(acl, pin, CSSM_ACL_PREAUTH_TRACKING_AUTHORIZED); } else if (SCARD_AUTHENTICATION_BLOCKED == status) { _addPinState(acl, pin, CSSM_ACL_PREAUTH_TRACKING_BLOCKED); } else { _addPinState(acl, pin, CSSM_ACL_PREAUTH_TRACKING_UNKNOWN); } count = acl.size(); acls = acl.entries(); log("count <%lu>\n", count); log("GemaltoToken::getAcl <END>\n"); return; } // get pin list, then for each pin if (!mAclEntries) { mAclEntries.allocator(alloc); // Anyone can read the attributes and data of any record on this token // (it's further limited by the object itself). mAclEntries.add(CssmClient::AclFactory::AnySubject( mAclEntries.allocator()), AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0)); // We support PIN1 with either a passed in password subject or a prompted password subject. mAclEntries.addPin(AclFactory::PWSubject(mAclEntries.allocator()), 1); mAclEntries.addPin(AclFactory::PromptPWSubject(mAclEntries.allocator(), CssmData()), 1); mAclEntries.addPin(AclFactory::PinSubject(mAclEntries.allocator(), CssmData()), 1); } count = mAclEntries.size(); acls = mAclEntries.entries(); log("count <%lu>\n", count); log("GemaltoToken::getAcl <END>\n"); }
void KeyImpl::getAcl(AutoAclEntryInfoList &aclInfos, const char *selectionTag) const { aclInfos.allocator(allocator()); check(CSSM_GetKeyAcl(csp()->handle(), this, reinterpret_cast<const CSSM_STRING *>(selectionTag), aclInfos, aclInfos)); }