libsecurityd/lib/sstransit.h

   1 /*
   2  * Copyright (c) 2000-2004,2006 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24
  25 //
  26 // sstransit - Securityd client side transition support.
  27 //
  28 #ifndef _H_SSTRANSIT
  29 #define _H_SSTRANSIT
  30
  31 #include <securityd_client/ssclient.h>
  32 #include <security_cdsa_utilities/cssmwalkers.h>
  33 #include <security_cdsa_utilities/AuthorizationWalkers.h>
  34 #include <securityd_client/ucsp.h>
  35 #include <securityd_client/ucspNotify.h>
  36
  37 namespace Security {
  38 namespace SecurityServer {
  39
  40
  41 // stock leading argument profile used by (almost) all calls
  42 #define UCSP_ARGS       mGlobal().serverPort, mGlobal().thread().replyPort, &securitydCreds, &rcode
  43
  44 // common invocation profile (don't use directly)
  45 #define IPCSTART(statement) \
  46         CSSM_RETURN rcode; security_token_t securitydCreds; check(statement)
  47 #define IPCEND \
  48         if (securitydCreds.val[0] != 0   IFDEBUG( && !getenv("SECURITYSERVER_NONROOT"))) \
  49                 CssmError::throwMe(CSSM_ERRCODE_VERIFICATION_FAILURE)
  50 #define IPCEND_CHECK    IPCEND; if (rcode != CSSM_OK) CssmError::throwMe(rcode);
  51 #define IPCN(statement) { \
  52         IPCSTART(statement); IPCEND_CHECK;  \
  53         }
  54 #define IPC(statement)  { activate(); IPCN(statement); }
  55 #define IPCKEY(statement, key, tag) { \
  56         activate(); IPCSTART(statement); IPCEND; \
  57         switch (rcode) { \
  58         case CSSMERR_CSP_APPLE_ADD_APPLICATION_ACL_SUBJECT: \
  59                 notifyAclChange(key, tag); \
  60         case CSSM_OK: \
  61                 break; \
  62         default: \
  63                 CssmError::throwMe(rcode); \
  64         } \
  65 }
  66
  67 // pass mandatory or optional CssmData arguments into an IPC call
  68 #define DATA(arg)                       arg.data(), arg.length()
  69 #define OPTIONALDATA(arg)       (arg ? arg->data() : NULL), (arg ? arg->length() : 0)
  70
  71 // pass structured arguments in/out of IPC calls. See "data walkers" for details
  72 #define COPY(copy)                      copy, copy.length(), copy
  73 #define COPY_OUT(copy)          &copy, &copy##Length, &copy##Base
  74 #define COPY_OUT_DECL(type,name) type *name, *name##Base; mach_msg_type_number_t name##Length
  75
  76
  77 //
  78 // DataOutput manages an output CssmData argument.
  79 //
  80 class DataOutput {
  81 public:
  82         DataOutput(CssmData &arg, Allocator &alloc)
  83                 : allocator(alloc), mTarget(&arg) { mData = NULL; mLength = 0; }
  84         DataOutput(CssmData *arg, Allocator &alloc)
  85                 : allocator(alloc), mTarget(arg) { mData = NULL; mLength = 0; }
  86         ~DataOutput();
  87
  88         void **data() { return &mData; }
  89         mach_msg_type_number_t *length() { return &mLength; }
  90
  91         Allocator &allocator;
  92
  93 private:
  94         CssmData *mTarget;
  95         void *mData;
  96         mach_msg_type_number_t mLength;
  97 };
  98
  99
 100 //
 101 // Bundle up an AccessCredentials meant for a database, parsing it for
 102 // "special" samples that need extra evidence to be passed along.
 103 //
 104 class DatabaseAccessCredentials : public Copier<AccessCredentials> {
 105 public:
 106         DatabaseAccessCredentials(const AccessCredentials *creds, Allocator &alloc);
 107
 108 private:
 109         void mapKeySample(CssmData &cspHandleData, CssmKey &key);
 110 };
 111
 112
 113 //
 114 // Handle the standard CSSM data retrieval pattern (attribute vector+data)
 115 //
 116 class DataRetrieval : public Copier<CssmDbRecordAttributeData> {
 117 public:
 118         DataRetrieval(CssmDbRecordAttributeData *&attrs, Allocator &alloc);
 119         ~DataRetrieval();
 120
 121         operator CssmDbRecordAttributeData **() { return &mAddr; }
 122         operator mach_msg_type_number_t *() { return &mLength; }
 123         CssmDbRecordAttributeData **base() { return &mBase; }
 124
 125 private:
 126         Allocator &mAllocator;
 127         CssmDbRecordAttributeData *&mAttributes;
 128         CssmDbRecordAttributeData *mAddr, *mBase;
 129         mach_msg_type_number_t mLength;
 130 };
 131
 132
 133 } // namespace SecurityServer
 134 } // namespace Security
 135
 136 #endif //_H_SSTRANSIT