1  /*
  2   * Copyright (c) 2000-2006,2011-2012,2014 Apple Inc. All Rights Reserved.
  3   * 
  4   * @APPLE_LICENSE_HEADER_START@
  5   * 
  6   * This file contains Original Code and/or Modifications of Original Code
  7   * as defined in and that are subject to the Apple Public Source License
  8   * Version 2.0 (the 'License'). You may not use this file except in
  9   * compliance with the License. Please obtain a copy of the License at
 10   * http://www.opensource.apple.com/apsl/ and read it before using this
 11   * file.
 12   * 
 13   * The Original Code and all software distributed under the License are
 14   * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 15   * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 16   * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 17   * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 18   * Please see the License for the specific language governing rights and
 19   * limitations under the License.
 20   * 
 21   * @APPLE_LICENSE_HEADER_END@
 22   */
 23  
 24  
 25  //
 26  // acl_partition - partition identifier store
 27  //
 28  // This ACL subject stores keychain partition data.
 29  // When evaluated, it always fails. Securityd explicitly
 30  //
 31  #include "acl_partition.h"
 32  #include <security_cdsa_utilities/cssmwalkers.h>
 33  #include <security_cdsa_utilities/cssmlist.h>
 34  #include <algorithm>
 35  
 36  using namespace DataWalkers;
 37  
 38  
 39  //
 40  // The dictionaryPayload is the payload blob interpreted as an XML dictionary, or NULL if that didn't work.
 41  //
 42  CFDictionaryRef PartitionAclSubject::createDictionaryPayload() const
 43  {
 44  	return makeCFDictionaryFrom(CFTempData(this->payload));
 45  }
 46  
 47  void PartitionAclSubject::setDictionaryPayload(Allocator& alloc, CFDictionaryRef dict)
 48  {
 49  	CFRef<CFDataRef> xmlData = makeCFData(dict);
 50  	this->payload = CssmAutoData(alloc, CFDataGetBytePtr(xmlData), CFDataGetLength(xmlData));
 51  }
 52  
 53  
 54  //
 55  // The partition subject matches nothing, no matter how pretty.
 56  //
 57  bool PartitionAclSubject::validates(const AclValidationContext &) const
 58  {
 59  	return false;
 60  }
 61  
 62  
 63  //
 64  // The list form has a simple CssmData payload.
 65  //
 66  CssmList PartitionAclSubject::toList(Allocator &alloc) const
 67  {
 68  	return TypedList(Allocator::standard(), CSSM_ACL_SUBJECT_TYPE_PARTITION,
 69  					 new(alloc) ListElement(alloc, this->payload));
 70  }
 71  
 72  
 73  //
 74  // Set payload from list input.
 75  //
 76  PartitionAclSubject *PartitionAclSubject::Maker::make(const TypedList &list) const
 77  {
 78  	Allocator &alloc = Allocator::standard();
 79  	if (list.length() != 2)
 80  		CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE);
 81  	ListElement *payloadItem;
 82  	crack(list, 1, &payloadItem, CSSM_LIST_ELEMENT_DATUM);
 83  	return new PartitionAclSubject(alloc, payloadItem->data());
 84  }
 85  
 86  
 87  //
 88  // A PartitionAclSubject is a "null" subject that contains out of band data
 89  // for further security evaluation. When evaluated as an ACL subject, it always fails.
 90  //
 91  PartitionAclSubject *PartitionAclSubject::Maker::make(Version, Reader &pub, Reader &) const
 92  {
 93  	Allocator& alloc = Allocator::standard();
 94  	const void* data; size_t length;
 95  	pub.countedData(data, length);
 96  	CssmAutoData payloadData(alloc, data, length);
 97  	return new PartitionAclSubject(alloc, payloadData);
 98  }
 99  
100  
101  //
102  // Export to blob form.
103  // This simply writes the smallest form consistent with the heuristic above.
104  //
105  void PartitionAclSubject::exportBlob(Writer::Counter &pub, Writer::Counter &)
106  {
107  	pub.countedData(this->payload);
108  }
109  
110  void PartitionAclSubject::exportBlob(Writer &pub, Writer &)
111  {
112  	pub.countedData(this->payload);
113  }