2 * Copyright (c) 2000-2009,2012-2013,2016 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
26 // transition - securityd IPC-to-class-methods transition layer
28 // This file contains all server-side MIG implementations for the main
29 // securityd protocol ("ucsp"). It dispatches them into the vast object
30 // conspiracy that is securityd, anchored in the Server object.
32 #include <securityd_client/ss_types.h>
33 #include <securityd_client/ucsp.h>
36 #include "agentquery.h"
38 #include "kcdatabase.h"
39 #include "tokendatabase.h"
40 #include "acl_keychain.h"
44 #include <mach/mach_error.h>
45 #include <securityd_client/xdr_cssm.h>
46 #include <securityd_client/xdr_auth.h>
47 #include <securityd_client/xdr_dldb.h>
48 #include <security_utilities/logging.h>
49 #include <security_utilities/casts.h>
50 #include <Security/AuthorizationTagsPriv.h>
51 #include <AssertMacros.h>
53 #include <CoreFoundation/CFNumber.h>
54 #include <CoreFoundation/CFDictionary.h>
55 #include <CoreFoundation/CFPropertyList.h>
60 #define UCSP_ARGS mach_port_t servicePort, mach_port_t replyPort, \
61 audit_token_t auditToken, CSSM_RETURN *rcode
63 #define BEGIN_IPCN *rcode = CSSM_OK; try {
64 #define BEGIN_IPC(name) BEGIN_IPCN RefPointer<Connection> connRef(&Server::connection(replyPort, auditToken)); \
65 Connection &connection __attribute__((unused)) = *connRef; \
66 secinfo("SecServer", "request entry " #name " (pid:%d ession:%d)", connection.process().pid(), connection.session().sessionId());
68 #define END_IPC(base) END_IPCN(base) Server::requestComplete(*rcode); return KERN_SUCCESS;
69 #define END_IPCN(base) secinfo("SecServer", "request return: %d", *(rcode)); \
71 catch (const CommonError &err) { *rcode = CssmError::cssmError(err, CSSM_ ## base ## _BASE_ERROR); } \
72 catch (const std::bad_alloc &) { *rcode = CssmError::merge(CSSM_ERRCODE_MEMORY_ERROR, CSSM_ ## base ## _BASE_ERROR); } \
73 catch (Connection *conn) { *rcode = 0; } \
74 catch (...) { *rcode = CssmError::merge(CSSM_ERRCODE_INTERNAL_ERROR, CSSM_ ## base ## _BASE_ERROR); }
76 #define BEGIN_IPCS try {
77 #define END_IPCS(more) } catch (...) { } \
78 mach_port_deallocate(mach_task_self(), servicePort); more; return KERN_SUCCESS;
80 #define DATA_IN(base) void *base, mach_msg_type_number_t base##Length
81 #define DATA_OUT(base) void **base, mach_msg_type_number_t *base##Length
82 #define DATA(base) CssmData(base, base##Length)
84 #define SSBLOB(Type, name) makeBlob<Type>(DATA(name))
86 using LowLevelMemoryUtilities::increment
;
87 using LowLevelMemoryUtilities::difference
;
89 class CopyOutAccessCredentials
: public CopyOut
{
91 CopyOutAccessCredentials(void *copy
, size_t size
) : CopyOut(copy
, size
+ sizeof(CSSM_ACCESS_CREDENTIALS
), reinterpret_cast<xdrproc_t
>(xdr_CSSM_ACCESS_CREDENTIALS_PTR
)) { }
92 operator AccessCredentials
*() { return static_cast<AccessCredentials
*>(reinterpret_cast<CSSM_ACCESS_CREDENTIALS_PTR
>(data())); }
96 class CopyOutEntryAcl
: public CopyOut
{
98 CopyOutEntryAcl(void *copy
, size_t size
) : CopyOut(copy
, size
+ sizeof(CSSM_ACL_ENTRY_PROTOTYPE
), reinterpret_cast<xdrproc_t
>(xdr_CSSM_ACL_ENTRY_PROTOTYPE_PTR
)) { }
99 operator AclEntryPrototype
*() { return static_cast<AclEntryPrototype
*>(reinterpret_cast<CSSM_ACL_ENTRY_PROTOTYPE_PTR
>(data())); }
102 class CopyOutOwnerAcl
: public CopyOut
{
104 CopyOutOwnerAcl(void *copy
, size_t size
) : CopyOut(copy
, size
+ sizeof(CSSM_ACL_OWNER_PROTOTYPE
), reinterpret_cast<xdrproc_t
>(xdr_CSSM_ACL_OWNER_PROTOTYPE_PTR
)) { }
105 operator AclOwnerPrototype
*() { return static_cast<AclOwnerPrototype
*>(reinterpret_cast<CSSM_ACL_OWNER_PROTOTYPE_PTR
>(data())); }
108 class CopyOutAclEntryInput
: public CopyOut
{
110 CopyOutAclEntryInput(void *copy
, size_t size
) : CopyOut(copy
, size
+ sizeof(CSSM_ACL_ENTRY_INPUT
), reinterpret_cast<xdrproc_t
>(xdr_CSSM_ACL_ENTRY_INPUT_PTR
)) { }
111 operator AclEntryInput
*() { return static_cast<AclEntryInput
*>(reinterpret_cast<CSSM_ACL_ENTRY_INPUT_PTR
>(data())); }
115 class CopyOutDeriveData
: public CopyOut
{
117 CopyOutDeriveData(void *copy
, size_t size
) : CopyOut(copy
, size
+ sizeof(CSSM_DERIVE_DATA
), reinterpret_cast<xdrproc_t
>(xdr_CSSM_DERIVE_DATA_PTR
)) { }
118 CSSM_DERIVE_DATA
* derive_data() { return reinterpret_cast<CSSM_DERIVE_DATA
*>(data()); }
119 CSSM_DATA
&cssm_data() { return derive_data()->baseData
; }
120 CSSM_ALGORITHMS
algorithm() { return derive_data()->algorithm
; }
124 class CopyOutContext
: public CopyOut
{
126 CopyOutContext(void *copy
, size_t size
) : CopyOut(copy
, size
+ sizeof(CSSM_CONTEXT
), reinterpret_cast<xdrproc_t
>(xdr_CSSM_CONTEXT_PTR
)) { }
127 operator Context
*() { return static_cast<Context
*>(reinterpret_cast<CSSM_CONTEXT_PTR
>(data())); }
128 Context
&context() { return *static_cast<Context
*>(reinterpret_cast<CSSM_CONTEXT_PTR
>(data())); }
131 class CopyOutKey
: public CopyOut
{
133 CopyOutKey(void *copy
, size_t size
) : CopyOut(copy
, size
+ sizeof(CSSM_KEY
), reinterpret_cast<xdrproc_t
>(xdr_CSSM_KEY_PTR
)) { }
134 operator CssmKey
*() { return static_cast<CssmKey
*>(reinterpret_cast<CSSM_KEY_PTR
>(data())); }
135 CssmKey
&key() { return *static_cast<CssmKey
*>(reinterpret_cast<CSSM_KEY_PTR
>(data())); }
138 class CopyOutDbRecordAttributes
: public CopyOut
{
140 CopyOutDbRecordAttributes(void *copy
, size_t size
) : CopyOut(copy
, size
+ sizeof(CSSM_DB_RECORD_ATTRIBUTE_DATA
), reinterpret_cast<xdrproc_t
>(xdr_CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR
)) { }
141 CssmDbRecordAttributeData
*attribute_data() { return static_cast<CssmDbRecordAttributeData
*>(reinterpret_cast<CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR
>(data())); }
144 class CopyOutQuery
: public CopyOut
{
146 CopyOutQuery(void *copy
, size_t size
) : CopyOut(copy
, size
, reinterpret_cast<xdrproc_t
>(xdr_CSSM_QUERY_PTR
)) { }
147 operator CssmQuery
*() { return static_cast<CssmQuery
*>(reinterpret_cast<CSSM_QUERY_PTR
>(data())); }
151 // Take a DATA type RPC argument purportedly representing a Blob of some kind,
152 // turn it into a Blob, and fail properly if it's not kosher.
154 template <class BlobType
>
155 const BlobType
*makeBlob(const CssmData
&blobData
, CSSM_RETURN error
= CSSM_ERRCODE_INVALID_DATA
)
157 if (!blobData
.data() || blobData
.length() < sizeof(BlobType
))
158 CssmError::throwMe(error
);
159 const BlobType
*blob
= static_cast<const BlobType
*>(blobData
.data());
160 if (blob
->totalLength
!= blobData
.length())
161 CssmError::throwMe(error
);
166 // An OutputData object will take memory allocated within securityd,
167 // hand it to the MIG return-output parameters, and schedule it to be released
168 // after the MIG reply has been sent. It will also get rid of it in case of
171 class OutputData
: public CssmData
{
173 OutputData(void **outP
, mach_msg_type_number_t
*outLength
)
174 : mData(*outP
), mLength(*outLength
) { }
176 { mData
= data(); mLength
= int_cast
<size_t, mach_msg_type_number_t
>(length()); Server::releaseWhenDone(mData
); }
178 void operator = (const CssmData
&source
)
179 { CssmData::operator = (source
); }
183 mach_msg_type_number_t
&mLength
;
187 // Choose a Database from a choice of two sources, giving preference
188 // to persistent stores and to earlier sources.
190 Database
*pickDb(Database
*db1
, Database
*db2
);
192 static inline Database
*dbOf(Key
*key
) { return key
? &key
->database() : NULL
; }
194 inline Database
*pickDb(Key
*k1
, Key
*k2
) { return pickDb(dbOf(k1
), dbOf(k2
)); }
195 inline Database
*pickDb(Database
*db1
, Key
*k2
) { return pickDb(db1
, dbOf(k2
)); }
196 inline Database
*pickDb(Key
*k1
, Database
*db2
) { return pickDb(dbOf(k1
), db2
); }
199 // Choose a Database from a choice of two sources, giving preference
200 // to persistent stores and to earlier sources.
202 Database
*pickDb(Database
*db1
, Database
*db2
)
204 // persistent db1 always wins
205 if (db1
&& !db1
->transient())
208 // persistent db2 is next choice
209 if (db2
&& !db2
->transient())
212 // pick any existing transient database
218 // none at all. use the canonical transient store
219 return Server::optionalDatabase(noDb
);
222 static void checkPathLength(char const *str
) {
223 if (strlen(str
) >= PATH_MAX
) {
224 secerror("SecServer: path too long");
225 CssmError::throwMe(CSSMERR_CSSM_MEMORY_ERROR
);
230 // Setup/Teardown functions.
233 #pragma clang diagnostic push
234 #pragma clang diagnostic ignored "-Wmissing-prototypes"
236 kern_return_t
ucsp_server_setup(UCSP_ARGS
, mach_port_t taskPort
, ClientSetupInfo info
, const char *identity
)
239 secinfo("SecServer", "request entry: setup");
240 Server::active().setupConnection(Server::connectNewProcess
, replyPort
,
241 taskPort
, auditToken
, &info
);
244 Syslog::notice("setup(%s) failed rcode=%d", identity
? identity
: "<NULL>", *rcode
);
249 kern_return_t
ucsp_server_setupThread(UCSP_ARGS
, mach_port_t taskPort
)
251 secinfo("SecServer", "request entry: setupThread");
253 Server::active().setupConnection(Server::connectNewThread
, replyPort
, taskPort
, auditToken
);
256 Syslog::notice("setupThread failed rcode=%d", *rcode
);
261 kern_return_t
ucsp_server_teardown(UCSP_ARGS
)
264 secinfo("SecServer", "request entry: teardown");
265 Server::active().endConnection(replyPort
);
270 kern_return_t
ucsp_server_verifyPrivileged(UCSP_ARGS
)
273 secinfo("SecServer", "request entry: verifyPrivileged");
274 // doing nothing (we just want securityd's audit credentials returned)
279 kern_return_t
ucsp_server_verifyPrivileged2(UCSP_ARGS
, mach_port_t
*originPort
)
283 secinfo("SecServer", "request entry: verifyPrivileged2");
284 // send the port back to the sender to check for a MitM (6986198)
285 *originPort
= servicePort
;
291 // Common database operations
293 kern_return_t
ucsp_server_authenticateDb(UCSP_ARGS
, DbHandle db
,
294 CSSM_DB_ACCESS_TYPE accessType
, DATA_IN(cred
))
296 BEGIN_IPC(authenticateDb
)
297 secinfo("dl", "authenticateDb");
298 CopyOutAccessCredentials
creds(cred
, credLength
);
299 // ignoring accessType
300 Server::database(db
)->authenticate(accessType
, creds
);
304 kern_return_t
ucsp_server_releaseDb(UCSP_ARGS
, DbHandle db
)
307 connection
.process().kill(*Server::database(db
));
312 kern_return_t
ucsp_server_getDbName(UCSP_ARGS
, DbHandle db
, char name
[PATH_MAX
])
315 string result
= Server::database(db
)->dbName();
316 checkPathLength(result
.c_str());
317 memcpy(name
, result
.c_str(), result
.length() + 1);
321 kern_return_t
ucsp_server_setDbName(UCSP_ARGS
, DbHandle db
, const char *name
)
324 checkPathLength(name
);
325 Server::database(db
)->dbName(name
);
331 // External database interface
333 kern_return_t
ucsp_server_openToken(UCSP_ARGS
, uint32 ssid
, FilePath name
,
334 DATA_IN(accessCredentials
), DbHandle
*db
)
337 CopyOutAccessCredentials
creds(accessCredentials
, accessCredentialsLength
);
338 // The static analyzer is not a fan of this "create object, send handle to foreign process" model. Tell it not to worry.
339 #ifndef __clang_analyzer__
340 *db
= (new TokenDatabase(ssid
, connection
.process(), name
, creds
))->handle();
345 kern_return_t
ucsp_server_findFirst(UCSP_ARGS
, DbHandle db
,
346 DATA_IN(inQuery
), DATA_IN(inAttributes
), DATA_OUT(outAttributes
),
347 boolean_t getData
, DATA_OUT(data
),
348 KeyHandle
*hKey
, SearchHandle
*hSearch
, IPCRecordHandle
*hRecord
)
351 CopyOutQuery
query(inQuery
, inQueryLength
);
352 CopyOutDbRecordAttributes
attrs(inAttributes
, inAttributesLength
);
354 RefPointer
<Database::Search
> search
;
355 RefPointer
<Database::Record
> record
;
358 CssmDbRecordAttributeData
*outAttrs
= NULL
; mach_msg_type_number_t outAttrsLength
;
359 Server::database(db
)->findFirst(*query
,
360 attrs
.attribute_data(), attrs
.length(),
361 getData
? &outData
: NULL
, key
, search
, record
, outAttrs
, outAttrsLength
);
363 // handle nothing-found case without exceptions
370 *hRecord
= record
->handle();
371 *hSearch
= search
->handle();
372 *hKey
= key
? key
->handle() : noKey
;
374 if (outAttrsLength
&& outAttrs
) {
375 Server::releaseWhenDone(outAttrs
); // exception proof it against next line
376 if (!copyin(outAttrs
, reinterpret_cast<xdrproc_t
> (xdr_CSSM_DB_RECORD_ATTRIBUTE_DATA
), outAttributes
, outAttributesLength
))
377 CssmError::throwMe(CSSMERR_CSSM_MEMORY_ERROR
);
378 Server::releaseWhenDone(*outAttributes
);
381 // return data (temporary fix)
383 Server::releaseWhenDone(outData
.data());
384 xdrproc_t encode_proc
= reinterpret_cast<xdrproc_t
>(xdr_CSSM_NO_KEY_IN_DATA
);
386 encode_proc
= reinterpret_cast<xdrproc_t
>(xdr_CSSM_KEY_IN_DATA
);
387 if (!copyin(&outData
, encode_proc
, data
, dataLength
))
388 CssmError::throwMe(CSSMERR_CSSM_MEMORY_ERROR
);
389 Server::releaseWhenDone(*data
);
396 kern_return_t
ucsp_server_findNext(UCSP_ARGS
, SearchHandle hSearch
,
397 DATA_IN(inAttributes
),
398 DATA_OUT(outAttributes
),
399 boolean_t getData
, DATA_OUT(data
), KeyHandle
*hKey
,
400 IPCRecordHandle
*hRecord
)
403 CopyOutDbRecordAttributes
attrs(inAttributes
, inAttributesLength
);
404 RefPointer
<Database::Search
> search
=
405 Server::find
<Database::Search
>(hSearch
, CSSMERR_DL_INVALID_RESULTS_HANDLE
);
406 RefPointer
<Database::Record
> record
;
409 CssmDbRecordAttributeData
*outAttrs
= NULL
; mach_msg_type_number_t outAttrsLength
;
410 search
->database().findNext(search
, attrs
.attribute_data(), attrs
.length(),
411 getData
? &outData
: NULL
, key
, record
, outAttrs
, outAttrsLength
);
413 // handle nothing-found case without exceptions
419 *hRecord
= record
->handle();
420 *hKey
= key
? key
->handle() : noKey
;
422 if (outAttrsLength
&& outAttrs
) {
423 secinfo("attrmem", "Found attrs: %p of length: %d", outAttrs
, outAttrsLength
);
424 Server::releaseWhenDone(outAttrs
); // exception proof it against next line
425 if (!copyin(outAttrs
, reinterpret_cast<xdrproc_t
> (xdr_CSSM_DB_RECORD_ATTRIBUTE_DATA
), outAttributes
, outAttributesLength
))
426 CssmError::throwMe(CSSMERR_CSSM_MEMORY_ERROR
);
427 secinfo("attrmem", "Copied attrs: %p of length: %d", *outAttributes
, *outAttributesLength
);
428 Server::releaseWhenDone(*outAttributes
);
431 // return data (temporary fix)
433 Server::releaseWhenDone(outData
.data());
434 xdrproc_t encode_proc
= reinterpret_cast<xdrproc_t
>(xdr_CSSM_NO_KEY_IN_DATA
);
436 encode_proc
= reinterpret_cast<xdrproc_t
>(xdr_CSSM_KEY_IN_DATA
);
437 if (!copyin(&outData
, encode_proc
, data
, dataLength
))
438 CssmError::throwMe(CSSMERR_CSSM_MEMORY_ERROR
);
439 Server::releaseWhenDone(*data
);
445 kern_return_t
ucsp_server_findRecordHandle(UCSP_ARGS
, IPCRecordHandle hRecord
,
446 DATA_IN(inAttributes
), DATA_OUT(outAttributes
),
447 boolean_t getData
, DATA_OUT(data
), KeyHandle
*hKey
)
449 BEGIN_IPC(findRecordHandle
)
450 CopyOutDbRecordAttributes
attrs(inAttributes
, inAttributesLength
);
451 RefPointer
<Database::Record
> record
=
452 Server::find
<Database::Record
>(hRecord
, CSSMERR_DL_INVALID_RECORD_UID
);
455 CssmDbRecordAttributeData
*outAttrs
; mach_msg_type_number_t outAttrsLength
;
456 record
->database().findRecordHandle(record
, attrs
.attribute_data(), attrs
.length(),
457 getData
? &outData
: NULL
, key
, outAttrs
, outAttrsLength
);
460 *hKey
= key
? key
->handle() : noKey
;
462 if (outAttrsLength
&& outAttrs
) {
463 Server::releaseWhenDone(outAttrs
); // exception proof it against next line
464 if (!copyin(outAttrs
, reinterpret_cast<xdrproc_t
> (xdr_CSSM_DB_RECORD_ATTRIBUTE_DATA
), outAttributes
, outAttributesLength
))
465 CssmError::throwMe(CSSMERR_CSSM_MEMORY_ERROR
);
466 Server::releaseWhenDone(*outAttributes
);
469 // return data (temporary fix)
472 We can't release this with the usual allocator (which calls free(), since
473 it was VM allocated. Part of the fix for:
474 <rdar://problem/6738709> securityd leaks VM memory during certain smartcard operations
475 will be to call Server::releaseWhenDone below with a new vm allocator param
477 Server::releaseWhenDone(outData
.data());
478 xdrproc_t encode_proc
= reinterpret_cast<xdrproc_t
>(xdr_CSSM_NO_KEY_IN_DATA
);
480 encode_proc
= reinterpret_cast<xdrproc_t
>(xdr_CSSM_KEY_IN_DATA
);
481 if (!copyin(&outData
, encode_proc
, data
, dataLength
))
482 CssmError::throwMe(CSSMERR_CSSM_MEMORY_ERROR
);
483 Server::releaseWhenDone(*data
);
488 kern_return_t
ucsp_server_insertRecord(UCSP_ARGS
, DbHandle db
, CSSM_DB_RECORDTYPE recordType
,
489 DATA_IN(inAttributes
), DATA_IN(data
), IPCRecordHandle
*record
)
491 BEGIN_IPC(insertRecord
)
492 RecordHandle recordHandle
;
493 CopyOutDbRecordAttributes
attrs(inAttributes
, inAttributesLength
);
494 Server::database(db
)->insertRecord(recordType
, attrs
.attribute_data(), attrs
.length(),
495 DATA(data
), recordHandle
);
496 *record
= recordHandle
;
500 kern_return_t
ucsp_server_modifyRecord(UCSP_ARGS
, DbHandle db
, IPCRecordHandle
*hRecord
,
501 CSSM_DB_RECORDTYPE recordType
, DATA_IN(attributes
),
502 boolean_t setData
, DATA_IN(data
), CSSM_DB_MODIFY_MODE modifyMode
)
504 BEGIN_IPC(modifyRecord
)
505 CopyOutDbRecordAttributes
attrs(attributes
, attributesLength
);
506 CssmData
newData(DATA(data
));
507 RefPointer
<Database::Record
> record
=
508 Server::find
<Database::Record
>(*hRecord
, CSSMERR_DL_INVALID_RECORD_UID
);
509 Server::database(db
)->modifyRecord(recordType
, record
, attrs
.attribute_data(), attrs
.length(),
510 setData
? &newData
: NULL
, modifyMode
);
511 // note that the record handle presented to the client never changes here
512 // (we could, but have no reason to - our record handles are just always up to date)
516 kern_return_t
ucsp_server_deleteRecord(UCSP_ARGS
, DbHandle db
, IPCRecordHandle hRecord
)
518 BEGIN_IPC(deleteRecord
)
519 Server::database(db
)->deleteRecord(
520 Server::find
<Database::Record
>(hRecord
, CSSMERR_DL_INVALID_RECORD_UID
));
524 kern_return_t
ucsp_server_releaseSearch(UCSP_ARGS
, SearchHandle hSearch
)
526 BEGIN_IPC(releaseSearch
)
527 RefPointer
<Database::Search
> search
= Server::find
<Database::Search
>(hSearch
, 0);
528 search
->database().releaseSearch(*search
);
532 kern_return_t
ucsp_server_releaseRecord(UCSP_ARGS
, IPCRecordHandle hRecord
)
534 BEGIN_IPC(releaseRecord
)
535 RefPointer
<Database::Record
> record
= Server::find
<Database::Record
>(hRecord
, 0);
536 record
->database().releaseRecord(*record
);
542 // Internal database management
544 kern_return_t
ucsp_server_createDb(UCSP_ARGS
, DbHandle
*db
,
545 DATA_IN(ident
), DATA_IN(cred
), DATA_IN(owner
),
549 CopyOutAccessCredentials
creds(cred
, credLength
);
550 CopyOutEntryAcl
owneracl(owner
, ownerLength
);
551 CopyOut
flatident(ident
, identLength
, reinterpret_cast<xdrproc_t
>(xdr_DLDbFlatIdentifierRef
));
552 checkPathLength((*reinterpret_cast<DLDbFlatIdentifier
*>(flatident
.data())).name
);
553 #ifndef __clang_analyzer__
554 *db
= (new KeychainDatabase(*reinterpret_cast<DLDbFlatIdentifier
*>(flatident
.data()), params
, connection
.process(), creds
, owneracl
))->handle();
559 kern_return_t
ucsp_server_cloneDb(UCSP_ARGS
, DbHandle srcDb
, DATA_IN(ident
), DbHandle
*newDb
) {
562 secnotice("integrity", "cloning a db");
564 CopyOut
flatident(ident
, identLength
, reinterpret_cast<xdrproc_t
>(xdr_DLDbFlatIdentifierRef
));
566 checkPathLength((*reinterpret_cast<DLDbFlatIdentifier
*>(flatident
.data())).name
);
568 RefPointer
<KeychainDatabase
> srcKC
= Server::keychain(srcDb
);
569 secnotice("integrity", "cloning db %d", srcKC
->handle());
571 #ifndef __clang_analyzer__
572 KeychainDatabase
* newKC
= new KeychainDatabase(*reinterpret_cast<DLDbFlatIdentifier
*>(flatident
.data()), *srcKC
, connection
.process());
573 secnotice("integrity", "returning db %d", newKC
->handle());
574 *newDb
= newKC
->handle();
580 kern_return_t
ucsp_server_recodeDbForSync(UCSP_ARGS
, DbHandle dbToClone
,
581 DbHandle srcDb
, DbHandle
*newDb
)
583 BEGIN_IPC(recodeDbForSync
)
584 RefPointer
<KeychainDatabase
> srcKC
= Server::keychain(srcDb
);
585 #ifndef __clang_analyzer__
586 *newDb
= (new KeychainDatabase(*srcKC
, connection
.process(), dbToClone
))->handle();
591 kern_return_t
ucsp_server_recodeDbToVersion(UCSP_ARGS
, uint32 newVersion
, DbHandle srcDb
, DbHandle
*newDb
)
593 BEGIN_IPC(recodeDbToVersion
)
594 RefPointer
<KeychainDatabase
> srcKC
= Server::keychain(srcDb
);
596 // You can only recode an unlocked keychain, so let's make sure.
597 srcKC
->unlockDb(false);
599 KeychainDatabase
* newKC
= new KeychainDatabase(newVersion
, *srcKC
, connection
.process());
600 if(newKC
->blob()->version() != newVersion
) {
601 CssmError::throwMe(CSSM_ERRCODE_INCOMPATIBLE_VERSION
);
604 *newDb
= newKC
->handle();
609 kern_return_t
ucsp_server_recodeFinished(UCSP_ARGS
, DbHandle db
)
611 BEGIN_IPC(recodeDbToVersion
)
612 Server::keychain(db
)->recodeFinished();
617 kern_return_t
ucsp_server_authenticateDbsForSync(UCSP_ARGS
, DATA_IN(dbHandleArray
),
618 DATA_IN(agentData
), DbHandle
* authenticatedDBHandle
)
620 BEGIN_IPC(authenticateDbsForSync
)
621 QueryDBBlobSecret query
;
622 query
.inferHints(connection
.process());
623 query
.addHint(AGENT_HINT_KCSYNC_DICT
, agentData
, agentDataLength
);
624 CSSM_DATA dbData
= DATA(dbHandleArray
);
625 uint8 ipcDbHandleArrayCount
= *(dbData
.Data
);
626 DbHandle
*ipcDbHandleArray
= (DbHandle
*)Allocator::standard().malloc(ipcDbHandleArrayCount
* sizeof(DbHandle
));
627 if ( ipcDbHandleArray
== 0 )
628 CssmError::throwMe(CSSMERR_CSSM_MEMORY_ERROR
);
629 DbHandle
*currIPCDbHandleArrayPtr
= ipcDbHandleArray
;
630 DbHandle
*dbHandleArrayPtr
= (DbHandle
*)(dbData
.Data
+1);
632 for (index
=0; index
< ipcDbHandleArrayCount
; index
++)
634 *currIPCDbHandleArrayPtr
= *dbHandleArrayPtr
;
635 Server::keychain(*currIPCDbHandleArrayPtr
)->lockDb(); // lock this db if it was unlocked in the past (user could have deleted the kc, resetLogin, etc.)
636 currIPCDbHandleArrayPtr
++;
639 Server::releaseWhenDone(ipcDbHandleArray
);
640 if (query(ipcDbHandleArray
, ipcDbHandleArrayCount
, authenticatedDBHandle
) != SecurityAgent::noReason
)
641 CssmError::throwMe(CSSM_ERRCODE_OPERATION_AUTH_DENIED
);
645 kern_return_t
ucsp_server_commitDbForSync(UCSP_ARGS
, DbHandle srcDb
,
646 DbHandle cloneDb
, DATA_OUT(blob
))
648 BEGIN_IPC(commitDbForSync
)
649 RefPointer
<KeychainDatabase
> srcKC
= Server::keychain(srcDb
);
650 RefPointer
<KeychainDatabase
> cloneKC
= Server::keychain(cloneDb
);
651 srcKC
->commitSecretsForSync(*cloneKC
);
653 // re-encode blob for convenience
654 if (blob
&& blobLength
) {
655 DbBlob
*dbBlob
= srcKC
->blob();
657 *blobLength
= dbBlob
->length();
659 secinfo("kcrecode", "No blob can be returned to client");
664 kern_return_t
ucsp_server_decodeDb(UCSP_ARGS
, DbHandle
*db
,
665 DATA_IN(ident
), DATA_IN(cred
), DATA_IN(blob
))
668 CopyOutAccessCredentials
creds(cred
, credLength
);
669 CopyOut
flatident(ident
, identLength
, reinterpret_cast<xdrproc_t
>(xdr_DLDbFlatIdentifierRef
));
670 DLDbFlatIdentifier
* flatID
= (DLDbFlatIdentifier
*) flatident
.data();
671 DLDbIdentifier id
= *flatID
; // invokes a casting operator
673 checkPathLength(id
.dbName());
675 #ifndef __clang_analyzer__
676 *db
= (new KeychainDatabase(id
, SSBLOB(DbBlob
, blob
),
677 connection
.process(), creds
))->handle();
682 kern_return_t
ucsp_server_encodeDb(UCSP_ARGS
, DbHandle db
, DATA_OUT(blob
))
685 DbBlob
*dbBlob
= Server::keychain(db
)->blob(); // memory owned by database
687 *blobLength
= dbBlob
->length();
691 kern_return_t
ucsp_server_setDbParameters(UCSP_ARGS
, DbHandle db
, DBParameters params
)
693 BEGIN_IPC(setDbParameters
)
694 Server::keychain(db
)->setParameters(params
);
698 kern_return_t
ucsp_server_getDbParameters(UCSP_ARGS
, DbHandle db
, DBParameters
*params
)
700 BEGIN_IPC(getDbParameters
)
701 Server::keychain(db
)->getParameters(*params
);
705 kern_return_t
ucsp_server_changePassphrase(UCSP_ARGS
, DbHandle db
,
708 BEGIN_IPC(changePassphrase
)
709 CopyOutAccessCredentials
creds(cred
, credLength
);
710 Server::keychain(db
)->changePassphrase(creds
);
714 kern_return_t
ucsp_server_lockAll (UCSP_ARGS
, boolean_t
)
717 connection
.session().processLockAll();
721 kern_return_t
ucsp_server_unlockDb(UCSP_ARGS
, DbHandle db
)
724 Server::keychain(db
)->unlockDb(true);
728 static void check_stash_entitlement(Process
& proc
)
730 OSStatus status
= noErr
;
731 CFDictionaryRef code_info
= NULL
;
732 CFDictionaryRef entitlements
= NULL
;
733 CFTypeRef value
= NULL
;
734 bool entitled
= false;
736 status
= proc
.copySigningInfo(kSecCSRequirementInformation
, &code_info
);
737 require_noerr(status
, done
);
739 if (CFDictionaryGetValueIfPresent(code_info
, kSecCodeInfoEntitlementsDict
, &value
)) {
740 if (CFGetTypeID(value
) == CFDictionaryGetTypeID()) {
741 entitlements
= (CFDictionaryRef
)value
;
744 require(entitlements
!= NULL
, done
);
746 if (CFDictionaryGetValueIfPresent(entitlements
, CFSTR("com.apple.private.securityd.stash"), &value
)) {
747 if (CFGetTypeID(value
) && CFBooleanGetTypeID()) {
748 entitled
= CFBooleanGetValue((CFBooleanRef
)value
);
754 CFRelease(code_info
);
758 CssmError::throwMe(CSSM_ERRCODE_OS_ACCESS_DENIED
);
762 kern_return_t
ucsp_server_unlockDbWithPassphrase(UCSP_ARGS
, DbHandle db
, DATA_IN(passphrase
))
764 BEGIN_IPC(unlockDbWithPassphrase
)
765 Server::keychain(db
)->unlockDb(DATA(passphrase
), true);
769 kern_return_t
ucsp_server_stashDb(UCSP_ARGS
, DbHandle db
)
772 check_stash_entitlement(connection
.process());
773 Server::keychain(db
)->stashDb();
777 kern_return_t
ucsp_server_stashDbCheck(UCSP_ARGS
, DbHandle db
)
779 BEGIN_IPC(stashDbCheck
)
780 check_stash_entitlement(connection
.process());
781 Server::keychain(db
)->stashDbCheck();
785 kern_return_t
ucsp_server_isLocked(UCSP_ARGS
, DbHandle db
, boolean_t
*locked
)
788 // Must hold the DB's common's lock to safely determine if it's locked. Locking is a mess in there.
789 StLock
<Mutex
> _(Server::database(db
)->common());
790 *locked
= Server::database(db
)->isLocked();
794 kern_return_t
ucsp_server_verifyKeyStorePassphrase(UCSP_ARGS
, uint32_t retries
)
796 BEGIN_IPC(verifyKeyStorePassphrase
)
797 connection
.process().session().verifyKeyStorePassphrase(retries
);
801 kern_return_t
ucsp_server_changeKeyStorePassphrase(UCSP_ARGS
)
803 BEGIN_IPC(verifyKeyStorePassphrase
)
804 connection
.process().session().changeKeyStorePassphrase();
808 kern_return_t
ucsp_server_resetKeyStorePassphrase(UCSP_ARGS
, DATA_IN(passphrase
))
810 BEGIN_IPC(verifyKeyStorePassphrase
)
811 connection
.process().session().resetKeyStorePassphrase(DATA(passphrase
));
818 kern_return_t
ucsp_server_encodeKey(UCSP_ARGS
, KeyHandle keyh
, DATA_OUT(blob
),
819 boolean_t wantUid
, DATA_OUT(uid
))
822 RefPointer
<Key
> gKey
= Server::key(keyh
);
823 if (KeychainKey
*key
= dynamic_cast<KeychainKey
*>(gKey
.get())) {
824 KeyBlob
*keyBlob
= key
->blob(); // still owned by key
826 *blobLength
= keyBlob
->length();
827 if (wantUid
) { // uid generation is not implemented
828 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED
);
830 *uidLength
= 0; // do not return this
832 } else { // not a KeychainKey
833 CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_REFERENCE
);
838 kern_return_t
ucsp_server_decodeKey(UCSP_ARGS
, KeyHandle
*keyh
, DATA_OUT(keyHeader
),
839 DbHandle db
, DATA_IN(blob
))
842 RefPointer
<Key
> key
= new KeychainKey(*Server::keychain(db
), SSBLOB(KeyBlob
, blob
));
843 CssmKey::Header header
;
844 key
->returnKey(*keyh
, header
);
845 if (!copyin(&header
, reinterpret_cast<xdrproc_t
> (xdr_CSSM_KEYHEADER
), keyHeader
, keyHeaderLength
))
846 CssmError::throwMe(CSSMERR_CSSM_MEMORY_ERROR
);
847 Server::releaseWhenDone(*keyHeader
);
851 // keychain synchronization
852 kern_return_t
ucsp_server_recodeKey(UCSP_ARGS
, DbHandle oldDb
, KeyHandle keyh
,
853 DbHandle newDb
, DATA_OUT(newBlob
))
856 // If the old key is passed in as DATA_IN(oldBlob):
857 // RefPointer<KeychainKey> key = new KeychainKey(*Server::keychain(oldDb), SSBLOB(KeyBlob, oldBlob));
858 RefPointer
<Key
> key
= Server::key(keyh
);
859 if (KeychainKey
*kckey
= dynamic_cast<KeychainKey
*>(key
.get())) {
860 KeyBlob
*blob
= Server::keychain(newDb
)->recodeKey(*kckey
);
862 *newBlobLength
= blob
->length();
863 Server::releaseWhenDone(*newBlob
);
864 // @@@ stop leaking blob
865 } else { // not a KeychainKey
866 CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_REFERENCE
);
871 kern_return_t
ucsp_server_releaseKey(UCSP_ARGS
, KeyHandle keyh
)
873 BEGIN_IPC(releaseKey
)
874 RefPointer
<Key
> key
= Server::key(keyh
);
875 key
->database().releaseKey(*key
);
879 kern_return_t
ucsp_server_queryKeySizeInBits(UCSP_ARGS
, KeyHandle keyh
, CSSM_KEY_SIZE
*length
)
881 BEGIN_IPC(queryKeySizeInBits
)
882 RefPointer
<Key
> key
= Server::key(keyh
);
883 key
->database().queryKeySizeInBits(*key
, CssmKeySize::overlay(*length
));
887 kern_return_t
ucsp_server_getOutputSize(UCSP_ARGS
, DATA_IN(context
), KeyHandle keyh
,
888 uint32 inputSize
, boolean_t encrypt
, uint32
*outputSize
)
890 BEGIN_IPC(getOutputSize
)
891 CopyOutContext
ctx(context
, contextLength
);
892 RefPointer
<Key
> key
= Server::key(keyh
);
893 key
->database().getOutputSize(*ctx
, *key
, inputSize
, encrypt
, *outputSize
);
897 kern_return_t
ucsp_server_getKeyDigest(UCSP_ARGS
, KeyHandle key
, DATA_OUT(digest
))
899 BEGIN_IPC(getKeyDigest
)
900 CssmData digestData
= Server::key(key
)->canonicalDigest();
901 *digest
= digestData
.data();
902 *digestLength
= int_cast
<size_t, mach_msg_type_number_t
>(digestData
.length());
908 // Signatures and MACs
910 kern_return_t
ucsp_server_generateSignature(UCSP_ARGS
, DATA_IN(context
), KeyHandle keyh
,
911 CSSM_ALGORITHMS signOnlyAlgorithm
, DATA_IN(data
), DATA_OUT(signature
))
913 BEGIN_IPC(generateSignature
)
914 CopyOutContext
ctx(context
, contextLength
);
915 RefPointer
<Key
> key
= Server::key(keyh
);
916 OutputData
sigData(signature
, signatureLength
);
917 key
->database().generateSignature(*ctx
, *key
, signOnlyAlgorithm
,
918 DATA(data
), sigData
);
922 kern_return_t
ucsp_server_verifySignature(UCSP_ARGS
, DATA_IN(context
), KeyHandle keyh
,
923 CSSM_ALGORITHMS verifyOnlyAlgorithm
, DATA_IN(data
), DATA_IN(signature
))
925 BEGIN_IPC(verifySignature
)
926 CopyOutContext
ctx(context
, contextLength
);
927 RefPointer
<Key
> key
= Server::key(keyh
);
928 key
->database().verifySignature(*ctx
, *key
, verifyOnlyAlgorithm
,
929 DATA(data
), DATA(signature
));
933 kern_return_t
ucsp_server_generateMac(UCSP_ARGS
, DATA_IN(context
), KeyHandle keyh
,
934 DATA_IN(data
), DATA_OUT(mac
))
936 BEGIN_IPC(generateMac
)
937 CopyOutContext
ctx(context
, contextLength
);
938 RefPointer
<Key
> key
= Server::key(keyh
);
939 OutputData
macData(mac
, macLength
);
940 key
->database().generateMac(*ctx
, *key
, DATA(data
), macData
);
944 kern_return_t
ucsp_server_verifyMac(UCSP_ARGS
, DATA_IN(context
), KeyHandle keyh
,
945 DATA_IN(data
), DATA_IN(mac
))
948 CopyOutContext
ctx(context
, contextLength
);
949 RefPointer
<Key
> key
= Server::key(keyh
);
950 key
->database().verifyMac(*ctx
, *key
, DATA(data
), DATA(mac
));
956 // Encryption/Decryption
958 kern_return_t
ucsp_server_encrypt(UCSP_ARGS
, DATA_IN(context
), KeyHandle keyh
,
959 DATA_IN(clear
), DATA_OUT(cipher
))
962 CopyOutContext
ctx(context
, contextLength
);
963 RefPointer
<Key
> key
= Server::key(keyh
);
964 OutputData
cipherOut(cipher
, cipherLength
);
965 key
->database().encrypt(*ctx
, *key
, DATA(clear
), cipherOut
);
969 kern_return_t
ucsp_server_decrypt(UCSP_ARGS
, DATA_IN(context
), KeyHandle keyh
,
970 DATA_IN(cipher
), DATA_OUT(clear
))
973 CopyOutContext
ctx(context
, contextLength
);
974 RefPointer
<Key
> key
= Server::key(keyh
);
975 OutputData
clearOut(clear
, clearLength
);
976 key
->database().decrypt(*ctx
, *key
, DATA(cipher
), clearOut
);
984 kern_return_t
ucsp_server_generateKey(UCSP_ARGS
, DbHandle db
, DATA_IN(context
),
985 DATA_IN(cred
), DATA_IN(owner
),
986 uint32 usage
, uint32 attrs
, KeyHandle
*newKey
, DATA_OUT(keyHeader
))
988 BEGIN_IPC(generateKey
)
989 CopyOutContext
ctx(context
, contextLength
);
990 CopyOutAccessCredentials
creds(cred
, credLength
);
992 CopyOutEntryAcl
owneracl(owner
, ownerLength
);
993 //@@@ preliminary interpretation - will get "type handle"
994 RefPointer
<Database
> database
=
995 Server::optionalDatabase(db
, attrs
& CSSM_KEYATTR_PERMANENT
);
997 database
->generateKey(*ctx
, creds
, owneracl
, usage
, attrs
, key
);
998 CssmKey::Header newHeader
;
999 key
->returnKey(*newKey
, newHeader
);
1001 if (!copyin(&newHeader
, reinterpret_cast<xdrproc_t
> (xdr_CSSM_KEYHEADER
), keyHeader
, keyHeaderLength
))
1002 CssmError::throwMe(CSSMERR_CSSM_MEMORY_ERROR
);
1003 Server::releaseWhenDone(*keyHeader
);
1007 kern_return_t
ucsp_server_generateKeyPair(UCSP_ARGS
, DbHandle db
, DATA_IN(context
),
1008 DATA_IN(cred
), DATA_IN(owner
),
1009 uint32 pubUsage
, uint32 pubAttrs
, uint32 privUsage
, uint32 privAttrs
,
1010 KeyHandle
*pubKey
, DATA_OUT(pubHeader
), KeyHandle
*privKey
, DATA_OUT(privHeader
))
1012 BEGIN_IPC(generateKeyPair
)
1013 CopyOutContext
ctx(context
, contextLength
);
1014 CopyOutAccessCredentials
creds(cred
, credLength
);
1015 CopyOutEntryAcl
owneracl(owner
, ownerLength
);
1016 RefPointer
<Database
> database
=
1017 Server::optionalDatabase(db
, (privAttrs
| pubAttrs
) & CSSM_KEYATTR_PERMANENT
);
1018 RefPointer
<Key
> pub
, priv
;
1019 database
->generateKey(*ctx
, creds
, owneracl
,
1020 pubUsage
, pubAttrs
, privUsage
, privAttrs
, pub
, priv
);
1021 CssmKey::Header tmpPubHeader
, tmpPrivHeader
;
1023 pub
->returnKey(*pubKey
, tmpPubHeader
);
1024 if (!copyin(&tmpPubHeader
, reinterpret_cast<xdrproc_t
> (xdr_CSSM_KEYHEADER
), pubHeader
, pubHeaderLength
))
1025 CssmError::throwMe(CSSMERR_CSSM_MEMORY_ERROR
);
1026 Server::releaseWhenDone(*pubHeader
);
1028 priv
->returnKey(*privKey
, tmpPrivHeader
);
1029 if (!copyin(&tmpPrivHeader
, reinterpret_cast<xdrproc_t
> (xdr_CSSM_KEYHEADER
), privHeader
, privHeaderLength
))
1030 CssmError::throwMe(CSSMERR_CSSM_MEMORY_ERROR
);
1031 Server::releaseWhenDone(*privHeader
);
1038 // Key wrapping and unwrapping
1040 kern_return_t
ucsp_server_wrapKey(UCSP_ARGS
, DATA_IN(context
), KeyHandle hWrappingKey
,
1041 DATA_IN(cred
), KeyHandle hKeyToBeWrapped
,
1042 DATA_IN(descriptiveData
), DATA_OUT(wrappedKeyData
))
1046 CopyOutContext
ctx(context
, contextLength
);
1047 CopyOutAccessCredentials
creds(cred
, credLength
);
1048 RefPointer
<Key
> subjectKey
= Server::key(hKeyToBeWrapped
);
1049 RefPointer
<Key
> wrappingKey
= Server::optionalKey(hWrappingKey
);
1050 if ((ctx
.context().algorithm() == CSSM_ALGID_NONE
&& subjectKey
->attribute(CSSM_KEYATTR_SENSITIVE
))
1051 || !subjectKey
->attribute(CSSM_KEYATTR_EXTRACTABLE
))
1052 CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK
);
1053 pickDb(subjectKey
, wrappingKey
)->wrapKey(*ctx
, creds
, wrappingKey
, *subjectKey
, DATA(descriptiveData
), wrappedKey
);
1054 Server::releaseWhenDone(wrappedKey
.keyData().data());
1056 if (!copyin(&wrappedKey
, reinterpret_cast<xdrproc_t
> (xdr_CSSM_KEY
), wrappedKeyData
, wrappedKeyDataLength
))
1057 CssmError::throwMe(CSSMERR_CSSM_MEMORY_ERROR
);
1059 Server::releaseWhenDone(*wrappedKeyData
);
1063 kern_return_t
ucsp_server_unwrapKey(UCSP_ARGS
, DbHandle db
, DATA_IN(context
),
1064 KeyHandle hWrappingKey
, DATA_IN(cred
), DATA_IN(owner
),
1065 KeyHandle hPublicKey
, DATA_IN(wrappedKeyData
),
1066 CSSM_KEYUSE usage
, CSSM_KEYATTR_FLAGS attrs
, DATA_OUT(descriptiveData
),
1067 KeyHandle
*newKey
, DATA_OUT(keyHeader
)/*CssmKey::Header *newHeader*/)
1069 BEGIN_IPC(unwrapKey
)
1070 CopyOutContext
ctx(context
, contextLength
);
1071 CopyOutKey
wrappedKey(wrappedKeyData
, wrappedKeyDataLength
);
1072 CopyOutAccessCredentials
creds(cred
, credLength
);
1073 CopyOutEntryAcl
owneracl(owner
, ownerLength
);
1074 OutputData
descriptiveDatas(descriptiveData
, descriptiveDataLength
);
1075 RefPointer
<Key
> wrappingKey
= Server::optionalKey(hWrappingKey
);
1076 RefPointer
<Key
> unwrappedKey
;
1077 pickDb(Server::optionalDatabase(db
), wrappingKey
)->unwrapKey(*ctx
, creds
, owneracl
,
1078 wrappingKey
, Server::optionalKey(hPublicKey
),
1079 usage
, attrs
, wrappedKey
.key(), unwrappedKey
, descriptiveDatas
);
1081 CssmKey::Header newHeader
;
1082 unwrappedKey
->returnKey(*newKey
, newHeader
);
1083 if (!copyin(&newHeader
, reinterpret_cast<xdrproc_t
> (xdr_CSSM_KEYHEADER
), keyHeader
, keyHeaderLength
))
1084 CssmError::throwMe(CSSMERR_CSSM_MEMORY_ERROR
);
1085 Server::releaseWhenDone(*keyHeader
);
1094 // Note that the "param" argument can have structure. The walker for the
1095 // (artificial) POD CssmDeriveData handles those that are known; if you add
1096 // an algorithm with structured param, you need to add a case there.
1098 kern_return_t
ucsp_server_deriveKey(UCSP_ARGS
, DbHandle db
, DATA_IN(context
), KeyHandle hKey
,
1099 DATA_IN(cred
), DATA_IN(owner
),
1100 DATA_IN(paramInput
), DATA_OUT(paramOutput
),
1101 uint32 usage
, uint32 attrs
, KeyHandle
*newKey
, DATA_OUT(keyHeader
))
1103 BEGIN_IPC(deriveKey
)
1104 CopyOutContext
ctx(context
, contextLength
);
1105 CopyOutAccessCredentials
creds(cred
, credLength
);
1106 CopyOutEntryAcl
owneracl(owner
, ownerLength
);
1107 CopyOutDeriveData
deriveParam(paramInput
, paramInputLength
);
1108 if (deriveParam
.algorithm() != ctx
.context().algorithm())
1109 CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR
); // client layer fault
1111 RefPointer
<Database
> database
=
1112 Server::optionalDatabase(db
, attrs
& CSSM_KEYATTR_PERMANENT
);
1113 RefPointer
<Key
> key
= Server::optionalKey(hKey
);
1114 CSSM_DATA param
= deriveParam
.cssm_data();
1115 RefPointer
<Key
> derivedKey
;
1116 pickDb(Server::optionalDatabase(db
, attrs
& CSSM_KEYATTR_PERMANENT
),
1117 key
)->deriveKey(*ctx
, key
, creds
, owneracl
, static_cast<CssmData
*>(¶m
), usage
, attrs
, derivedKey
);
1119 CssmKey::Header newHeader
;
1120 derivedKey
->returnKey(*newKey
, newHeader
);
1122 if (!copyin(&newHeader
, reinterpret_cast<xdrproc_t
> (xdr_CSSM_KEYHEADER
), keyHeader
, keyHeaderLength
))
1123 CssmError::throwMe(CSSMERR_CSSM_MEMORY_ERROR
);
1124 Server::releaseWhenDone(*keyHeader
);
1127 if (!param
.Data
) // CSP screwed up
1128 CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR
);
1129 OutputData(paramOutput
, paramOutputLength
) = CssmAutoData(Server::csp().allocator(), param
).release();
1136 // Random generation
1138 kern_return_t
ucsp_server_generateRandom(UCSP_ARGS
, uint32 ssid
, DATA_IN(context
), DATA_OUT(data
))
1140 BEGIN_IPC(generateRandom
)
1141 CopyOutContext
ctx(context
, contextLength
);
1143 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED
);
1145 // default version (use /dev/random)
1146 Allocator
&allocator
= Allocator::standard(Allocator::sensitive
);
1147 if (size_t bytes
= ctx
.context().getInt(CSSM_ATTRIBUTE_OUTPUT_SIZE
)) {
1148 void *buffer
= allocator
.malloc(bytes
);
1149 Server::active().random(buffer
, bytes
);
1151 *dataLength
= int_cast
<size_t, mach_msg_type_number_t
>(bytes
);
1152 Server::releaseWhenDone(allocator
, buffer
);
1160 // Watch out for the memory-management tap-dance.
1162 kern_return_t
ucsp_server_getOwner(UCSP_ARGS
, AclKind kind
, KeyHandle key
,
1166 AclOwnerPrototype owner
;
1167 Server::aclBearer(kind
, key
).getOwner(owner
); // allocates memory in owner
1168 void *owners_data
; u_int owners_length
;
1169 if (!::copyin(&owner
, reinterpret_cast<xdrproc_t
>(xdr_CSSM_ACL_OWNER_PROTOTYPE
), &owners_data
, &owners_length
))
1170 CssmError::throwMe(CSSM_ERRCODE_MEMORY_ERROR
);
1172 { ChunkFreeWalker free
; walk(free
, owner
); } // release chunked original
1173 Server::releaseWhenDone(owners_data
); // throw flat copy out when done
1174 *ownerOut
= owners_data
;
1175 *ownerOutLength
= owners_length
;
1179 kern_return_t
ucsp_server_setOwner(UCSP_ARGS
, AclKind kind
, KeyHandle key
,
1180 DATA_IN(cred
), DATA_IN(owner
))
1183 CopyOutAccessCredentials
creds(cred
, credLength
);
1184 CopyOutOwnerAcl
owneracl(owner
, ownerLength
);
1185 Server::aclBearer(kind
, key
).changeOwner(*owneracl
, creds
);
1189 kern_return_t
ucsp_server_getAcl(UCSP_ARGS
, AclKind kind
, KeyHandle key
,
1190 boolean_t haveTag
, const char *tag
,
1191 uint32
*countp
, DATA_OUT(acls
))
1195 AclEntryInfo
*aclList
;
1197 AclSource
& aclRef
= Server::aclBearer(kind
, key
);
1198 secinfo("SecAccess", "getting the ACL for handle %d [%d] (%p)", key
, (uint32_t) kind
, &aclRef
);
1199 aclRef
.getAcl(haveTag
? tag
: NULL
, count
, aclList
);
1201 CSSM_ACL_ENTRY_INFO_ARRAY aclsArray
= { count
, aclList
};
1202 void *acls_data
; u_int acls_length
;
1203 if (!::copyin(&aclsArray
, reinterpret_cast<xdrproc_t
>(xdr_CSSM_ACL_ENTRY_INFO_ARRAY
), &acls_data
, &acls_length
))
1204 CssmError::throwMe(CSSM_ERRCODE_MEMORY_ERROR
);
1206 { // release the chunked memory originals
1207 ChunkFreeWalker free
;
1208 for (uint32 n
= 0; n
< count
; n
++)
1209 walk(free
, aclList
[n
]);
1211 // release the memory allocated for the list itself when we are done
1212 Allocator::standard().free (aclList
);
1216 *countp
= count
; // XXX/cs count becomes part of the blob
1217 *aclsLength
= acls_length
;
1219 Server::releaseWhenDone(acls_data
);
1223 kern_return_t
ucsp_server_changeAcl(UCSP_ARGS
, AclKind kind
, KeyHandle key
,
1224 DATA_IN(cred
), CSSM_ACL_EDIT_MODE mode
, GenericHandle handle
,
1227 BEGIN_IPC(changeAcl
)
1228 CopyOutAccessCredentials
creds(cred
, credLength
);
1229 CopyOutAclEntryInput
entryacl(acl
, aclLength
);
1231 AclSource
& aclRef
= Server::aclBearer(kind
, key
);
1232 secinfo("SecAccess", "changing the ACL for handle %d [%d] (%p)", key
, (uint32_t) kind
, &aclRef
);
1233 aclRef
.changeAcl(AclEdit(mode
, handle
, entryacl
), creds
);
1242 kern_return_t
ucsp_server_login(UCSP_ARGS
, DATA_IN(cred
), DATA_IN(name
))
1245 CopyOutAccessCredentials
creds(cred
, credLength
);
1246 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED
);
1250 kern_return_t
ucsp_server_logout(UCSP_ARGS
)
1253 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED
);
1259 // Miscellaneous CSP-related calls
1261 kern_return_t
ucsp_server_getStatistics(UCSP_ARGS
, uint32 ssid
, CSSM_CSP_OPERATIONAL_STATISTICS
*statistics
)
1263 BEGIN_IPC(getStatistics
)
1264 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED
);
1268 kern_return_t
ucsp_server_getTime(UCSP_ARGS
, uint32 ssid
, CSSM_ALGORITHMS algorithm
, DATA_OUT(data
))
1271 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED
);
1275 kern_return_t
ucsp_server_getCounter(UCSP_ARGS
, uint32 ssid
, DATA_OUT(data
))
1277 BEGIN_IPC(getCounter
)
1278 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED
);
1282 kern_return_t
ucsp_server_selfVerify(UCSP_ARGS
, uint32 ssid
)
1284 BEGIN_IPC(selfVerify
)
1285 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED
);
1291 // Passthrough calls (separate for CSP and DL passthroughs)
1293 kern_return_t
ucsp_server_cspPassThrough(UCSP_ARGS
, uint32 ssid
, uint32 id
, DATA_IN(context
),
1294 KeyHandle hKey
, DATA_IN(inData
), DATA_OUT(outData
))
1296 BEGIN_IPC(cspPassThrough
)
1297 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED
);
1301 kern_return_t
ucsp_server_dlPassThrough(UCSP_ARGS
, uint32 ssid
, uint32 id
,
1302 DATA_IN(inData
), DATA_OUT(outData
))
1304 BEGIN_IPC(dlPassThrough
)
1305 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED
);
1311 // Database key management.
1312 // ExtractMasterKey looks vaguely like a key derivation operation, and is in fact
1313 // presented by the CSPDL's CSSM layer as such.
1315 kern_return_t
ucsp_server_extractMasterKey(UCSP_ARGS
, DbHandle db
, DATA_IN(context
), DbHandle sourceDb
,
1316 DATA_IN(cred
), DATA_IN(owner
),
1317 uint32 usage
, uint32 attrs
, KeyHandle
*newKey
, DATA_OUT(keyHeader
))
1319 BEGIN_IPC(extractMasterKey
)
1320 CopyOutAccessCredentials
creds(cred
, credLength
);
1321 CopyOutEntryAcl
owneracl(owner
, ownerLength
);
1322 CopyOutContext
ctx(context
, contextLength
);
1323 RefPointer
<KeychainDatabase
> keychain
= Server::keychain(sourceDb
);
1324 RefPointer
<Key
> masterKey
= keychain
->extractMasterKey(
1325 *Server::optionalDatabase(db
, attrs
& CSSM_KEYATTR_PERMANENT
),
1326 creds
, owneracl
, usage
, attrs
);
1327 CssmKey::Header header
;
1328 masterKey
->returnKey(*newKey
, header
);
1329 if (!copyin(&header
, reinterpret_cast<xdrproc_t
> (xdr_CSSM_KEYHEADER
), keyHeader
, keyHeaderLength
))
1330 CssmError::throwMe(CSSMERR_CSSM_MEMORY_ERROR
);
1331 Server::releaseWhenDone(*keyHeader
);
1337 // Notification core subsystem
1340 kern_return_t
ucsp_server_postNotification(UCSP_ARGS
, uint32 domain
, uint32 event
,
1341 DATA_IN(data
), uint32 sequence
)
1343 BEGIN_IPC(postNotification
)
1344 Listener::notify(domain
, event
, sequence
, DATA(data
), auditToken
);
1350 // Child check-in service.
1351 // Note that this isn't using the standard argument pattern.
1353 kern_return_t
ucsp_server_childCheckIn(mach_port_t serverPort
,
1354 mach_port_t servicePort
, mach_port_t taskPort
)
1357 ServerChild::checkIn(servicePort
, TaskPort(taskPort
).pid());
1358 END_IPCS(mach_port_deallocate(mach_task_self(), taskPort
))
1363 // Code Signing Hosting registration.
1364 // Note that the Code Signing Proxy facility (implementing the "cshosting"
1365 // IPC protocol) is elsewhere.
1367 kern_return_t
ucsp_server_registerHosting(UCSP_ARGS
, mach_port_t hostingPort
, uint32 flags
)
1369 BEGIN_IPC(registerHosting
)
1370 connection
.process().registerCodeSigning(hostingPort
, flags
);
1374 kern_return_t
ucsp_server_hostingPort(UCSP_ARGS
, pid_t hostPid
, mach_port_t
*hostingPort
)
1376 BEGIN_IPC(hostingPort
)
1377 if (RefPointer
<Process
> process
= Server::active().findPid(hostPid
))
1378 *hostingPort
= process
->hostingPort();
1380 *hostingPort
= MACH_PORT_NULL
;
1381 secinfo("hosting", "hosting port for for pid=%d is port %d", hostPid
, *hostingPort
);
1386 kern_return_t
ucsp_server_setGuest(UCSP_ARGS
, SecGuestRef guest
, SecCSFlags flags
)
1389 connection
.guestRef(guest
, flags
);
1394 kern_return_t
ucsp_server_createGuest(UCSP_ARGS
, SecGuestRef host
,
1395 uint32_t status
, const char *path
, DATA_IN(cdhash
), DATA_IN(attributes
),
1396 SecCSFlags flags
, SecGuestRef
*newGuest
)
1398 BEGIN_IPC(createGuest
)
1399 checkPathLength(path
);
1400 *newGuest
= connection
.process().createGuest(host
, status
, path
, DATA(cdhash
), DATA(attributes
), flags
);
1404 kern_return_t
ucsp_server_setGuestStatus(UCSP_ARGS
, SecGuestRef guest
,
1405 uint32_t status
, DATA_IN(attributes
))
1407 BEGIN_IPC(setGuestStatus
)
1408 connection
.process().setGuestStatus(guest
, status
, DATA(attributes
));
1412 kern_return_t
ucsp_server_removeGuest(UCSP_ARGS
, SecGuestRef host
, SecGuestRef guest
)
1414 BEGIN_IPC(removeGuest
)
1415 connection
.process().removeGuest(host
, guest
);
1419 kern_return_t
ucsp_server_helpCheckLoad(UCSP_ARGS
, const char path
[PATH_MAX
], uint32_t type
)
1421 BEGIN_IPC(helpCheckLoad
)
1426 // Testing-related RPCs
1428 kern_return_t
ucsp_server_getUserPromptAttempts(UCSP_ARGS
, uint32
* attempts
)
1430 BEGIN_IPC(keychainPromptAttempts
)
1432 *attempts
= KeychainPromptAclSubject::getPromptAttempts() + KeychainDatabase::getInteractiveUnlockAttempts();
1437 #pragma clang diagnostic pop