OSX/libsecurity_apple_cspdl/lib/SSDatabase.h

   1 /*
   2  * Copyright (c) 2000-2001,2011-2014 Apple Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 //
  20 // SSDatabase.h - Security Server database object
  21 //
  22 #ifndef _H_SSDATABASE_
  23 #define _H_SSDATABASE_
  24
  25 #include <security_cdsa_client/dlclient.h>
  26 #include <security_utilities/unix++.h>
  27 #include <securityd_client/ssclient.h>
  28 #include <securityd_client/ssblob.h>
  29 #include <security_utilities/CSPDLTransaction.h>
  30
  31 class SSCSPDLSession;
  32 class SSUniqueRecord;
  33
  34 //
  35 // Protected please ignore this class unless subclassing SSDatabase.
  36 //
  37 class SSDatabase;
  38
  39 class SSDatabaseImpl : public CssmClient::DbImpl
  40 {
  41 public:
  42         static const char *const DBBlobRelationName;
  43         static const CSSM_DB_RECORDTYPE DBBlobRelationID =
  44                 CSSM_DB_RECORDTYPE_APP_DEFINED_START + 0x8000;
  45
  46 public:
  47         SSDatabaseImpl(SecurityServer::ClientSession &inClientSession,
  48                                    const CssmClient::DL &dl,
  49                                    const char *inDbName, const CSSM_NET_ADDRESS *inDbLocation);
  50         virtual ~SSDatabaseImpl();
  51
  52         void create(const DLDbIdentifier &dlDbIdentifier);
  53         void createWithBlob(const DLDbIdentifier &dlDbIdentifier, const CSSM_DATA &blob);
  54         void open(const DLDbIdentifier &dlDbIdentifier);
  55         SSUniqueRecord insert(CSSM_DB_RECORDTYPE recordType,
  56                                                   const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes,
  57                                                   const CSSM_DATA *data, bool);
  58         void authenticate(CSSM_DB_ACCESS_TYPE inAccessRequest,
  59                                                 const CSSM_ACCESS_CREDENTIALS *inAccessCredentials);
  60
  61         // Passthrough functions (only implemented by AppleCSPDL).
  62         void lock();
  63         void unlock();
  64         void unlock(const CSSM_DATA &password);
  65     void stash();
  66     void stashCheck();
  67         void getSettings(uint32 &outIdleTimeout, bool &outLockOnSleep);
  68         void setSettings(uint32 inIdleTimeout, bool inLockOnSleep);
  69         bool isLocked();
  70         void changePassphrase(const CSSM_ACCESS_CREDENTIALS *cred);
  71         void recode(const CssmData &data, const CssmData &extraData);
  72
  73
  74
  75     // Attempt to recode this database to the new blob version
  76     // Returns new version
  77     uint32 recodeDbToVersion(uint32 newBlobVersion);
  78
  79     // Try to take or release the file lock on the underlying database.
  80     // You _must_ call these as a pair. They start a transaction on the
  81     // underlying DL object, and that transaction is only finished when release
  82     // is called. Pass success=true if you want the transaction to commit; otherwise
  83     // it will roll back.
  84     void takeFileLock();
  85     void releaseFileLock(bool success);
  86
  87
  88         // DbUniqueRecordMaker
  89         CssmClient::DbUniqueRecordImpl *newDbUniqueRecord();
  90
  91         // New methods not inherited from DbImpl
  92         SecurityServer::DbHandle dbHandle();
  93
  94         void getRecordIdentifier(const CSSM_DB_UNIQUE_RECORD_PTR uniqueRecord, CSSM_DATA &data);
  95         void copyBlob(CSSM_DATA &blob);
  96
  97     // Get the version of this database's encoding
  98     uint32 dbBlobVersion();
  99
 100     // Try to make a backup copy of this database on the filesystem
 101     void makeBackup();
 102
 103 protected:
 104         CssmClient::DbUniqueRecord getDbBlobId(CssmDataContainer *dbb = NULL);
 105         void commonCreate (const DLDbIdentifier &dlDbIdentifier, bool &autocommit);
 106
 107     static uint32 getDbVersionFromBlob(const CssmData& dbb);
 108     uint32 recodeHelper(SecurityServer::DbHandle clonedDbHandle, CssmClient::DbUniqueRecord& dbBlobId);
 109
 110 private:
 111         // 5 minute default autolock time
 112         static const uint32 kDefaultIdleTimeout = 5 * 60;
 113         static const uint8 kDefaultLockOnSleep = true;
 114         static const unsigned kNumIDWords = 4;
 115
 116         DLDbIdentifier mIdentifier;
 117         UnixPlusPlus::ForkMonitor mForked;
 118
 119         SecurityServer::ClientSession &mClientSession;
 120         SecurityServer::DbHandle mSSDbHandle;
 121
 122     // Transaction for remembering if we've taken the file lock
 123     DLTransaction* mTransaction;
 124 };
 125
 126
 127 //
 128 // SSDatabase --  A Security Server aware Db object.
 129 //
 130 class SSDatabase : public CssmClient::Db
 131 {
 132 public:
 133         typedef SSDatabaseImpl Impl;
 134
 135         explicit SSDatabase(SSDatabaseImpl *impl) : CssmClient::Db(impl) {}
 136         SSDatabase() : CssmClient::Db(NULL) {}
 137         SSDatabase(SecurityServer::ClientSession &inClientSession,
 138                            const CssmClient::DL &dl,
 139                            const char *inDbName, const CSSM_NET_ADDRESS *inDbLocation)
 140         : CssmClient::Db(new SSDatabaseImpl(inClientSession, dl, inDbName, inDbLocation)) {}
 141
 142         SSDatabaseImpl *operator ->() const { return &impl<SSDatabaseImpl>(); }
 143         SSDatabaseImpl &operator *() const { return impl<SSDatabaseImpl>(); }
 144
 145         // For convinience only
 146         SecurityServer::DbHandle dbHandle() { return (*this) ? (*this)->dbHandle() : SecurityServer::noDb; }
 147 };
 148
 149
 150 class SSUniqueRecordImpl : public CssmClient::DbUniqueRecordImpl
 151 {
 152 public:
 153         SSUniqueRecordImpl(const SSDatabase &db);
 154         virtual ~SSUniqueRecordImpl();
 155
 156         SSDatabase database() const;
 157 };
 158
 159
 160 class SSUniqueRecord : public CssmClient::DbUniqueRecord
 161 {
 162 public:
 163         typedef SSUniqueRecordImpl Impl;
 164
 165         explicit SSUniqueRecord(SSUniqueRecordImpl *impl) : CssmClient::DbUniqueRecord(impl) {}
 166         SSUniqueRecord() : CssmClient::DbUniqueRecord(NULL) {}
 167         SSUniqueRecord(const SSDatabase &db) : CssmClient::DbUniqueRecord(new SSUniqueRecordImpl(db)) {}
 168
 169         SSUniqueRecordImpl *operator ->() const { return &impl<SSUniqueRecordImpl>(); }
 170         SSUniqueRecordImpl &operator *() const { return impl<SSUniqueRecordImpl>(); }
 171 };
 172
 173
 174 #endif  // _H_SSDATABASE_