2 * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
25 #include <utilities/SecCFError.h>
26 #include <utilities/SecCFRelease.h>
27 #include <utilities/debugging.h>
29 #include "keychain/SecureObjectSync/SOSInternal.h"
30 #include <Security/OTConstants.h>
33 // OSStatus values we magically know
36 parameterError
= -50, /* One or more parameters passed to a function were not valid. */
37 allocationError
= -108, /* Failed to allocate memory. */
40 bool SecKernError(kern_return_t result
, CFErrorRef
*error
, CFStringRef format
, ...) {
41 if (!result
) return true;
44 CFIndex code
= result
;
45 CFErrorRef previousError
= *error
;
48 va_start(args
, format
);
49 SecCFCreateErrorWithFormatAndArguments(code
, kSecKernDomain
, previousError
, error
, NULL
, format
, args
);
55 bool SecCheckErrno(int result
, CFErrorRef
*error
, CFStringRef format
, ...) {
56 if (result
== 0) return true;
60 CFIndex code
= errnum
;
61 CFErrorRef previousError
= *error
;
64 va_start(args
, format
);
65 CFStringRef message
= CFStringCreateWithFormatAndArguments(kCFAllocatorDefault
, NULL
, format
, args
);
67 SecCFCreateErrorWithFormat(code
, kSecErrnoDomain
, previousError
, error
, NULL
, CFSTR("%@: [%d] %s"), message
, errnum
, strerror(errnum
));
68 CFReleaseSafe(message
);
73 bool SecError(OSStatus status
, CFErrorRef
*error
, CFStringRef format
, ...) {
78 CFErrorRef localError
= NULL
;
80 CFIndex code
= status
;
81 va_start(args
, format
);
82 SecCFCreateErrorWithFormatAndArguments(code
, kSecErrorDomain
, error
? *error
: NULL
, &localError
, NULL
, format
, args
);
86 *error
= localError
; // Existing *error is consumed by SecCFCreateErrorWithFormatAndArguments
88 // This happens a bunch in our codebase, so this log can only really exist in debug builds
89 secdebug("secerror", "Error, but no out-parameter for error: %@", localError
);
90 CFReleaseNull(localError
);
97 bool SecRequirementError(bool requirement
, CFErrorRef
*error
, CFStringRef format
, ...) {
98 if (requirement
) return true;
101 CFErrorRef previousError
= *error
;
104 va_start(args
, format
);
105 SecCFCreateErrorWithFormatAndArguments(parameterError
, kSecErrorDomain
, previousError
, error
, NULL
, format
, args
);
111 // Allocation failure
112 bool SecAllocationError(const void *allocated
, CFErrorRef
*error
, CFStringRef format
, ...) {
113 if (allocated
) return true;
116 CFErrorRef previousError
= *error
;
119 va_start(args
, format
);
120 SecCFCreateErrorWithFormatAndArguments(allocationError
, kSecErrorDomain
, previousError
, error
, NULL
, format
, args
);
126 bool SecCFCreateErrorWithFormat(CFIndex errorCode
, CFStringRef domain
, CFErrorRef previousError
, CFErrorRef
*newError
,
127 CFDictionaryRef formatoptions
, CFStringRef format
, ...)
130 va_start(args
, format
);
132 bool result
= SecCFCreateErrorWithFormatAndArguments(errorCode
, domain
, previousError
, newError
, formatoptions
, format
, args
);
139 static bool SecCFErrorIsEqual(CFIndex errorCode
, CFStringRef domain
, CFStringRef description
, CFErrorRef previousError
)
141 bool isEqual
= false;
142 bool equalDescriptions
= false;
144 if (previousError
== NULL
) {
148 CFDictionaryRef previousUserInfo
= CFErrorCopyUserInfo(previousError
);
149 CFStringRef previousDescription
= CFDictionaryGetValue(previousUserInfo
, kCFErrorDescriptionKey
);
150 if (previousDescription
) {
151 equalDescriptions
= CFStringCompare(description
, previousDescription
, 0) == kCFCompareEqualTo
? true : false;
154 CFReleaseNull(previousUserInfo
);
155 bool equalCodes
= errorCode
== CFErrorGetCode(previousError
);
157 CFErrorDomain previousDomain
= CFErrorGetDomain(previousError
);
158 bool equalDomains
= CFStringCompare(domain
, previousDomain
, 0) == kCFCompareEqualTo
? true : false;
160 isEqual
= equalCodes
&& equalDomains
&& equalDescriptions
;
164 #define CAP_LIMIT 200
165 static bool SecCFErrorShouldCapNestedError(CFErrorRef previousError
, long *newCount
)
167 bool shouldCap
= false;
170 CFDictionaryRef userInfo
= CFErrorCopyUserInfo(previousError
);
171 if (userInfo
&& CFDictionaryContainsKey(userInfo
, kSOSCountKey
) == true) {
172 CFNumberRef previousCount
= CFDictionaryGetValue(userInfo
, kSOSCountKey
);
174 long previousLong
= 0;
175 CFNumberGetValue(previousCount
, kCFNumberLongType
, &previousLong
);
176 if (SecErrorIsNestedErrorCappingEnabled() && previousLong
>= CAP_LIMIT
) {
179 *newCount
= previousLong
+1;
183 CFReleaseNull(userInfo
);
190 // Also consumes whatever newError points to
191 bool SecCFCreateErrorWithFormatAndArguments(CFIndex errorCode
, CFStringRef domain
,
192 CF_CONSUMED CFErrorRef previousError
, CFErrorRef
*newError
,
193 CFDictionaryRef formatoptions
, CFStringRef format
, va_list args
)
195 if (newError
&& !(*newError
)) {
196 CFStringRef formattedString
= CFStringCreateWithFormatAndArguments(NULL
, formatoptions
, format
, args
);
198 long newDepthCount
= 0;
199 CFNumberRef newCount
= NULL
;
201 if (SecCFErrorIsEqual(errorCode
, domain
, formattedString
, previousError
) == true) {
202 secdebug("error_thee_well", "SecCFCreateErrorWithFormatAndArguments previous Error: %@ is equal to the new incoming error: domain: %@, error code: %ld, description: %@", previousError
, domain
, (long)errorCode
, formattedString
);
203 *newError
= CFRetainSafe(previousError
);
204 CFReleaseNull(previousError
);
205 CFReleaseNull(formattedString
);
207 } else if (SecCFErrorShouldCapNestedError(previousError
, &newDepthCount
) == true) {
208 secdebug("error_thee_well", "SecCFCreateErrorWithFormatAndArguments reached nested error limit, returning previous error: %@", previousError
);
209 *newError
= CFRetainSafe(previousError
);
210 CFReleaseNull(previousError
);
211 CFReleaseNull(formattedString
);
214 newCount
= CFNumberCreate(kCFAllocatorDefault
, kCFNumberLongType
, &newDepthCount
);
217 CFMutableDictionaryRef newUserInfo
= CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault
);
220 CFDictionaryAddValue(newUserInfo
, kCFErrorUnderlyingErrorKey
, previousError
);
223 CFDictionaryAddValue(newUserInfo
, kSOSCountKey
, newCount
);
225 if (formattedString
) {
226 CFDictionaryAddValue(newUserInfo
, kCFErrorDescriptionKey
, formattedString
);
229 *newError
= CFErrorCreate(kCFAllocatorDefault
, domain
, errorCode
, newUserInfo
);
232 secdebug("error_thee_well", "encapsulated %@ with new error: %@", previousError
, *newError
);
234 CFReleaseNull(newCount
);
235 CFReleaseNull(formattedString
);
236 CFReleaseNull(newUserInfo
);
237 CFReleaseNull(previousError
);
239 if (previousError
&& newError
&& (previousError
!= *newError
)) {
240 secdebug("error_thee_well", "dropping %@", previousError
);
241 CFReleaseNull(previousError
);
246 secdebug("error_thee_well", "SecError: %@", *newError
);