]> git.saurik.com Git - apple/security.git/blob - SecurityTests/xdr_rpc/securityd_data_saver.cpp
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57031.10.10.tar.gz
[apple/security.git] / SecurityTests / xdr_rpc / securityd_data_saver.cpp
1 /*
2 * Copyright (c) 2006 Apple Computer, Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 #include "securityd_data_saver.h"
25
26 /*
27 * Please don't use this as an exemplar for new write...() calls. This was
28 * the first, is messy, and probably should be rewritten. At the very
29 * least, its correctness should be revisited.
30 */
31 void
32 SecuritydDataSave::writeContext(Context *context, intptr_t attraddr,
33 mach_msg_type_number_t attrSize)
34 {
35 // finish the preamble
36 uint32_t dtype = CONTEXT;
37 writeAll(&dtype, sizeof(dtype));
38
39 // save size of a CSSM_CONTEXT (not strictly necessary)
40 uint32_t csize = sizeof(CSSM_CONTEXT);
41 writeAll(&csize, sizeof(csize)); // write the length first!
42 writeAll(context, csize);
43
44 // save the original base address for relocation
45 csize = sizeof(attraddr);
46 writeAll(&csize, sizeof(csize));
47 writeAll(&attraddr, csize);
48
49 // finally, save off the attributes
50 csize = attrSize;
51 writeAll(&csize, sizeof(csize));
52 writeAll(context->ContextAttributes, csize);
53 }
54
55 void
56 SecuritydDataSave::writeAclEntryInfo(AclEntryInfo *acls,
57 mach_msg_type_number_t aclsLength)
58 {
59 // finish the preamble
60 uint32_t dtype = ACL_ENTRY_INFO;
61 writeAll(&dtype, sizeof(dtype));
62
63 // write the base pointer, then the ACL itself
64 uint32_t ptrsize = sizeof(acls);
65 writeAll(&ptrsize, sizeof(ptrsize));
66 writeAll(&acls, ptrsize);
67 writeAll(&aclsLength, sizeof(aclsLength));
68 writeAll(acls, aclsLength);
69 }
70
71 void
72 SecuritydDataSave::writeAclEntryInput(AclEntryInput *acl,
73 mach_msg_type_number_t aclLength)
74 {
75 // finish the preamble
76 uint32_t dtype = ACL_ENTRY_INPUT;
77 writeAll(&dtype, sizeof(dtype));
78
79 // write the pointer, then the ACL itself
80 uint32_t ptrsize = sizeof(acl);
81 writeAll(&ptrsize, sizeof(ptrsize));
82 writeAll(&acl, ptrsize);
83 writeAll(&aclLength, sizeof(aclLength));
84 writeAll(acl, aclLength);
85 }
86
87
88 //
89 // Excerpts from securityd's transition.cpp showing where SecuritydDataSave
90 // is (to be) used
91 //
92
93 #if 0
94 kern_return_t ucsp_server_findFirst(UCSP_ARGS, DbHandle db,
95 COPY_IN(CssmQuery, query),
96 COPY_IN(CssmDbRecordAttributeData, inAttributes),
97 COPY_OUT(CssmDbRecordAttributeData, outAttributes),
98 boolean_t getData,
99 DATA_OUT(data), KeyHandle *hKey, SearchHandle *hSearch, RecordHandle *hRecord)
100 {
101 BEGIN_IPC
102 relocate(query, queryBase, queryLength);
103 SecuritydDataSave sds("/var/tmp/Query_findFirst");
104 sds.writeQuery(query, queryLength);
105 relocate(inAttributes, inAttributesBase, inAttributesLength);
106
107 RefPointer<Database::Search> search;
108 RefPointer<Database::Record> record;
109 RefPointer<Key> key;
110 CssmData outData; //OutputData outData(data, dataLength);
111 CssmDbRecordAttributeData *outAttrs; mach_msg_type_number_t outAttrsLength;
112 Server::database(db)->findFirst(*query, inAttributes, inAttributesLength,
113 getData ? &outData : NULL, key, search, record, outAttrs, outAttrsLength);
114
115 // handle nothing-found case without exceptions
116 if (!record) {
117 *hRecord = noRecord;
118 *hSearch = noSearch;
119 *hKey = noKey;
120 } else {
121 // return handles
122 *hRecord = record->handle();
123 *hSearch = search->handle();
124 *hKey = key ? key->handle() : noKey;
125
126 // return attributes (assumes relocated flat blob)
127 flips(outAttrs, outAttributes, outAttributesBase);
128 *outAttributesLength = outAttrsLength;
129
130 // return data (temporary fix)
131 if (getData) {
132 *data = outData.data();
133 *dataLength = outData.length();
134 }
135 }
136 END_IPC(DL)
137 }
138
139 kern_return_t ucsp_server_decrypt(UCSP_ARGS, CONTEXT_ARGS, KeyHandle keyh,
140 DATA_IN(cipher), DATA_OUT(clear))
141 {
142 BEGIN_IPC
143 SecuritydDataSave td("/var/tmp/securityd_Context_decrypt"); // XXX/gh get sample Context for XDR testing
144 relocate(context, contextBase, attributes, attrSize);
145 // save attributes base addr for backwards compatibility
146 intptr_t attraddr = reinterpret_cast<intptr_t>(&context->ContextAttributes);
147 td.writeContext(&context, attraddr, attrSize);
148 RefPointer<Key> key = Server::key(keyh);
149 OutputData clearOut(clear, clearLength);
150 key->database().decrypt(context, *key, DATA(cipher), clearOut);
151 END_IPC(CSP)
152 }
153
154 // ...
155
156 kern_return_t ucsp_server_getAcl(UCSP_ARGS, AclKind kind, KeyHandle key,
157 boolean_t haveTag, const char *tag,
158 uint32 *countp, COPY_OUT(AclEntryInfo, acls))
159 {
160 BEGIN_IPC
161 uint32 count;
162 AclEntryInfo *aclList;
163 Server::aclBearer(kind, key).getAcl(haveTag ? tag : NULL, count, aclList);
164 *countp = count;
165 Copier<AclEntryInfo> aclsOut(aclList, count); // make flat copy
166
167 { // release the chunked memory originals
168 ChunkFreeWalker free;
169 for (uint32 n = 0; n < count; n++)
170 walk(free, aclList[n]);
171
172 // release the memory allocated for the list itself when we are done
173 Allocator::standard().free (aclList);
174 }
175
176 // set result (note: this is *almost* flips(), but on an array)
177 *aclsLength = aclsOut.length();
178 *acls = *aclsBase = aclsOut;
179 if (flipClient()) {
180 FlipWalker w;
181 for (uint32 n = 0; n < count; n++)
182 walk(w, (*acls)[n]);
183 w.doFlips();
184 Flippers::flip(*aclsBase);
185 }
186 SecuritydDataSave sds("/var/tmp/AclEntryInfo_getAcl");
187 sds.writeAclEntryInfo(*acls, *aclsLength);
188 Server::releaseWhenDone(aclsOut.keep());
189 END_IPC(CSP)
190 }
191
192 kern_return_t ucsp_server_changeAcl(UCSP_ARGS, AclKind kind, KeyHandle key,
193 COPY_IN(AccessCredentials, cred), CSSM_ACL_EDIT_MODE mode, CSSM_ACL_HANDLE handle,
194 COPY_IN(AclEntryInput, acl))
195 {
196 BEGIN_IPC
197 relocate(cred, credBase, credLength);
198 relocate(acl, aclBase, aclLength);
199 SecuritydDataSave sds("/var/tmp/AclEntryInput_changeAcl");
200 sds.writeAclEntryInput(acl, aclLength);
201 Server::aclBearer(kind, key).changeAcl(AclEdit(mode, handle, acl), cred);
202 END_IPC(CSP)
203 }
204
205 #endif /* 0 -- example code */
mirror of Security