]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurityd/lib/sstransit.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59306.41.2.tar.gz
[apple/security.git] / OSX / libsecurityd / lib / sstransit.h
1 /*
2 * Copyright (c) 2000-2004,2006,2011-2012,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 //
26 // sstransit - Securityd client side transition support.
27 //
28 #ifndef _H_SSTRANSIT
29 #define _H_SSTRANSIT
30
31 #include <securityd_client/ssclient.h>
32 #include <security_cdsa_utilities/cssmwalkers.h>
33 #include <security_cdsa_utilities/AuthorizationWalkers.h>
34 #include <securityd_client/ucsp.h>
35 #include <securityd_client/ucspNotify.h>
36
37 namespace Security {
38 namespace SecurityServer {
39
40
41 // stock leading argument profile used by (almost) all calls
42 #define UCSP_ARGS mGlobal().serverPort, mGlobal().thread().replyPort, &securitydCreds, &rcode
43
44 // common invocation profile (don't use directly)
45 #define IPCSTART \
46 CSSM_RETURN rcode = CSSM_ERRCODE_INTERNAL_ERROR; security_token_t securitydCreds = {};
47 #define IPCEVAL(statement) check(statement)
48 #define IPCEVALRESET(statement) { \
49 kern_return_t r = statement; \
50 if(r == MACH_SEND_INVALID_DEST) { \
51 ClientSession::reset(); \
52 } \
53 check(r); \
54 }
55
56 #define IPC_CHECK_VALIDITY \
57 if (securitydCreds.val[0] != 0 IFDEBUG( && !getenv("SECURITYSERVER_NONROOT"))) \
58 CssmError::throwMe(CSSM_ERRCODE_VERIFICATION_FAILURE)
59 #define IPC_CHECK_RETCODE if (rcode != CSSM_OK) CssmError::throwMe(rcode);
60
61 #define IPCBASIC(statement) { \
62 IPCSTART \
63 IPCEVAL(statement); \
64 IPC_CHECK_VALIDITY; \
65 IPC_CHECK_RETCODE; \
66 }
67 #define IPCN(statement) { \
68 IPCSTART \
69 IPCEVALRESET(statement); \
70 IPC_CHECK_VALIDITY; \
71 IPC_CHECK_RETCODE; \
72 }
73 #define IPC(statement) { activate(); IPCN(statement); }
74 #define IPCKEY(statement, key, tag) { \
75 IPCSTART \
76 activate(); \
77 IPCEVALRESET(statement); \
78 IPC_CHECK_VALIDITY; \
79 switch (rcode) { \
80 case CSSMERR_CSP_APPLE_ADD_APPLICATION_ACL_SUBJECT: \
81 notifyAclChange(key, tag); \
82 case CSSM_OK: \
83 break; \
84 default: \
85 CssmError::throwMe(rcode); \
86 } \
87 }
88
89 // pass mandatory or optional CssmData arguments into an IPC call
90 #define DATA(arg) arg.data(), (mach_msg_type_number_t)(arg.length())
91 #define OPTIONALDATA(arg) (arg ? arg->data() : NULL), (mach_msg_type_number_t)(arg ? arg->length() : 0)
92
93 // pass mandatory DataOutput argument into an IPC call
94 #define DATA_OUT(arg) arg.data(), arg.length()
95
96 // pass structured arguments in/out of IPC calls. See "data walkers" for details
97 #define COPY(copy) copy, copy.length(), copy
98 #define COPY_OUT(copy) &copy, &copy##Length, &copy##Base
99 #define COPY_OUT_DECL(type,name) type *name, *name##Base; mach_msg_type_number_t name##Length
100
101
102 //
103 // DataOutput manages an output CssmData argument.
104 //
105 class DataOutput {
106 public:
107 DataOutput(CssmData &arg, Allocator &alloc)
108 : allocator(alloc), mTarget(&arg) { mData = NULL; mLength = 0; }
109 DataOutput(CssmData *arg, Allocator &alloc)
110 : allocator(alloc), mTarget(arg) { mData = NULL; mLength = 0; }
111 ~DataOutput();
112
113 void **data() { return &mData; }
114 mach_msg_type_number_t *length() { return &mLength; }
115
116 Allocator &allocator;
117
118 private:
119 CssmData *mTarget;
120 void *mData;
121 mach_msg_type_number_t mLength;
122 };
123
124
125 //
126 // Bundle up an AccessCredentials meant for a database, parsing it for
127 // "special" samples that need extra evidence to be passed along.
128 //
129 class DatabaseAccessCredentials : public Copier<AccessCredentials> {
130 public:
131 DatabaseAccessCredentials(const AccessCredentials *creds, Allocator &alloc);
132
133 private:
134 void mapKeySample(CssmData &cspHandleData, CssmKey &key);
135 };
136
137
138 //
139 // Handle the standard CSSM data retrieval pattern (attribute vector+data)
140 //
141 class DataRetrieval : public Copier<CssmDbRecordAttributeData> {
142 public:
143 DataRetrieval(CssmDbRecordAttributeData *&attrs, Allocator &alloc);
144 ~DataRetrieval();
145
146 operator CssmDbRecordAttributeData **() { return &mAddr; }
147 operator mach_msg_type_number_t *() { return &mLength; }
148 CssmDbRecordAttributeData **base() { return &mBase; }
149
150 private:
151 Allocator &mAllocator;
152 CssmDbRecordAttributeData *&mAttributes;
153 CssmDbRecordAttributeData *mAddr, *mBase;
154 mach_msg_type_number_t mLength;
155 };
156
157
158 } // namespace SecurityServer
159 } // namespace Security
160
161 #endif //_H_SSTRANSIT
mirror of Security