OSX/libsecurity_codesigning/lib/cs.h

   1 /*
   2  * Copyright (c) 2006,2011,2013-2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 //
  25 // cs.h - code signing core header
  26 //
  27 #ifndef _H_CS
  28 #define _H_CS
  29
  30 #include "cserror.h"
  31 #include "codesigning_dtrace.h"
  32 #include <Security/CSCommonPriv.h>
  33 #include <Security/SecCodePriv.h>
  34 #include <Security/SecStaticCodePriv.h>
  35 #include <Security/SecRequirementPriv.h>
  36 #include <Security/SecCodeSigner.h>
  37 #include <Security/SecBasePriv.h>
  38 #include <security_utilities/globalizer.h>
  39 #include <security_utilities/seccfobject.h>
  40 #include <security_utilities/cfclass.h>
  41 #include <security_utilities/errors.h>
  42 #include <security_utilities/sqlite++.h>
  43 #include <security_utilities/cfutilities.h>
  44 #include <security_utilities/logging.h>
  45
  46
  47 namespace Security {
  48 namespace CodeSigning {
  49
  50
  51 //
  52 // API per-thread globals
  53 //
  54 struct PerThread {
  55         SecCSFlags flags;                               // flags of pending API call
  56 };
  57
  58
  59 //
  60 // API globals
  61 //
  62 struct CFObjects {
  63         CFObjects();
  64         CFClass Code;
  65         CFClass StaticCode;
  66         CFClass Requirement;
  67         CFClass CodeSigner;
  68
  69         ThreadNexus<PerThread> perThread;
  70
  71         SecCSFlags &flags() { return perThread().flags; }
  72 };
  73
  74 extern ModuleNexus<CFObjects> gCFObjects;
  75
  76 OSStatus dbError(const SQLite3::Error &err);
  77
  78 // Embedded platform does not have this function so skip the conversion
  79 #if TARGET_OS_IPHONE
  80 #define SecKeychainErrFromOSStatus(status) (status)
  81 #endif
  82
  83
  84 //
  85 // Code Signing API brackets
  86 //
  87 #define BEGIN_CSAPI \
  88     try {
  89
  90 #define END_CSAPI \
  91     } \
  92         catch (const UnixError &err) { \
  93                 switch (err.error) { \
  94                 case ENOEXEC: return errSecCSBadObjectFormat; \
  95                 default: return err.osStatus(); \
  96                 }} \
  97     catch (const MacOSError &err) { return err.osStatus(); } \
  98     catch (const SQLite3::Error &err) { return dbError(err); } \
  99     catch (const CommonError &err) { return SecKeychainErrFromOSStatus(err.osStatus()); } \
 100     catch (const std::bad_alloc &) { return errSecAllocate; } \
 101     catch (...) { Syslog::notice("unknown exception in CSAPI"); return errSecCSInternalError; } \
 102         return errSecSuccess;
 103
 104 #define END_CSAPI_ERRORS \
 105         } \
 106         catch (const CSError &err) { return err.cfError(errors); } \
 107         catch (const UnixError &err) { \
 108                 switch (err.error) { \
 109                 case ENOEXEC: return CSError::cfError(errors, errSecCSBadObjectFormat); \
 110                 default: return CSError::cfError(errors, err.osStatus()); \
 111                 }} \
 112     catch (const MacOSError &err) { return CSError::cfError(errors, err.osStatus()); } \
 113     catch (const SQLite3::Error &err) { return CSError::cfError(errors, dbError(err)); } \
 114     catch (const CommonError &err) { return CSError::cfError(errors, SecKeychainErrFromOSStatus(err.osStatus())); } \
 115     catch (const std::bad_alloc &) { return CSError::cfError(errors, errSecAllocate); } \
 116     catch (...) { Syslog::notice("unknown exception in CSAPI"); return CSError::cfError(errors, errSecCSInternalError); } \
 117         return errSecSuccess;
 118
 119 #define END_CSAPI1(bad)    } catch (...) { return bad; }
 120
 121
 122 #define END_CSAPI_ERRORS1(bad) \
 123         } \
 124         catch (const CSError &err) { err.cfError(errors); } \
 125         catch (const UnixError &err) { \
 126                 switch (err.error) { \
 127                 case ENOEXEC: CSError::cfError(errors, errSecCSBadObjectFormat); \
 128                 default: CSError::cfError(errors, err.osStatus()); \
 129                 }} \
 130     catch (const MacOSError &err) { CSError::cfError(errors, err.osStatus()); } \
 131     catch (const SQLite3::Error &err) { CSError::cfError(errors, dbError(err)); } \
 132     catch (const CommonError &err) { CSError::cfError(errors, SecKeychainErrFromOSStatus(err.osStatus())); } \
 133     catch (const std::bad_alloc &) { CSError::cfError(errors, errSecAllocate); } \
 134     catch (...) { Syslog::notice("unknown exception in CSAPI"); CSError::cfError(errors, errSecCSInternalError); } \
 135         return bad;
 136
 137
 138 //
 139 // A version of CodeSigning::Required
 140 //
 141 template <class T>
 142 static inline T &Required(T *ptr)
 143 {
 144         if (ptr == NULL)
 145                 MacOSError::throwMe(errSecCSObjectRequired);
 146         return *ptr;
 147 }
 148
 149 static inline void Required(const void *ptr)
 150 {
 151         if (ptr == NULL)
 152                 MacOSError::throwMe(errSecCSObjectRequired);
 153 }
 154
 155
 156 //
 157 // Check flags against a validity mask
 158 //
 159 static inline void checkFlags(SecCSFlags flags, SecCSFlags acceptable = 0)
 160 {
 161         if (flags & ~acceptable)
 162                 MacOSError::throwMe(errSecCSInvalidFlags);
 163 }
 164
 165
 166 //
 167 // DTrace USDT function bracket.
 168 // Use like this:
 169 //      DTRACK(PROVIDER_PROBE_PREFIX, arguments-after-this);
 170 // which will call
 171 //      PROVIDER_PROBE_PREFIX_START(this, arguments-after-this)
 172 // and
 173 //      PROVIDER_PROBE_PREFIX_END(this)
 174 //
 175 #define DTRACK(_prefix, _obj, _args...) \
 176         if (_prefix ## _START_ENABLED()) _prefix ## _START((_obj), ## _args); \
 177         struct _DTFrame ## _prefix { void *me; \
 178                 _DTFrame ## _prefix(void *m) : me(m) { } \
 179                 ~_DTFrame ## _prefix() { _prefix ## _END(me); } \
 180         } _dtframe##_prefix((_obj));
 181
 182
 183 }       // CodeSigning
 184 }       // Security
 185
 186 #endif //_H_CS