OSX/libsecurity_apple_cspdl/lib/SSDatabase.h

   1 /*
   2  * Copyright (c) 2000-2001,2011-2014 Apple Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 //
  20 // SSDatabase.h - Security Server database object
  21 //
  22 #ifndef _H_SSDATABASE_
  23 #define _H_SSDATABASE_
  24
  25 #include <security_cdsa_client/dlclient.h>
  26 #include <security_utilities/unix++.h>
  27 #include <securityd_client/ssclient.h>
  28 #include <securityd_client/ssblob.h>
  29 #include <security_utilities/CSPDLTransaction.h>
  30
  31 class SSCSPDLSession;
  32 class SSUniqueRecord;
  33
  34 //
  35 // Protected please ignore this class unless subclassing SSDatabase.
  36 //
  37 class SSDatabase;
  38
  39 class SSDatabaseImpl : public CssmClient::DbImpl
  40 {
  41 public:
  42         static const char *const DBBlobRelationName;
  43         static const CSSM_DB_RECORDTYPE DBBlobRelationID =
  44                 CSSM_DB_RECORDTYPE_APP_DEFINED_START + 0x8000;
  45
  46 public:
  47         SSDatabaseImpl(SecurityServer::ClientSession &inClientSession,
  48                                    const CssmClient::DL &dl,
  49                                    const char *inDbName, const CSSM_NET_ADDRESS *inDbLocation);
  50         virtual ~SSDatabaseImpl();
  51
  52         void ssCreate(const DLDbIdentifier &dlDbIdentifier);
  53         void ssCreateWithBlob(const DLDbIdentifier &dlDbIdentifier, const CSSM_DATA &blob);
  54         void ssOpen(const DLDbIdentifier &dlDbIdentifier);
  55         SSUniqueRecord ssInsert(CSSM_DB_RECORDTYPE recordType,
  56                                                   const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes,
  57                                                   const CSSM_DATA *data);
  58         void authenticate(CSSM_DB_ACCESS_TYPE inAccessRequest,
  59                                                 const CSSM_ACCESS_CREDENTIALS *inAccessCredentials);
  60
  61         // Passthrough functions (only implemented by AppleCSPDL).
  62         void lock();
  63         void unlock();
  64         void unlock(const CSSM_DATA &password);
  65     void stash();
  66     void stashCheck();
  67         void getSettings(uint32 &outIdleTimeout, bool &outLockOnSleep);
  68         void setSettings(uint32 inIdleTimeout, bool inLockOnSleep);
  69         bool isLocked();
  70         void changePassphrase(const CSSM_ACCESS_CREDENTIALS *cred);
  71         void ssRecode(const CssmData &data, const CssmData &extraData);
  72
  73
  74
  75     // Attempt to recode this database to the new blob version
  76     // Returns new version
  77     uint32 recodeDbToVersion(uint32 newBlobVersion);
  78
  79     // Tell securityd that we're done with the upgrade operation
  80     void recodeFinished();
  81
  82     // Try to take or release the file lock on the underlying database.
  83     // You _must_ call these as a pair. They start a transaction on the
  84     // underlying DL object, and that transaction is only finished when release
  85     // is called. Pass success=true if you want the transaction to commit; otherwise
  86     // it will roll back.
  87     void takeFileLock();
  88     void releaseFileLock(bool success);
  89
  90
  91         // DbUniqueRecordMaker
  92         CssmClient::DbUniqueRecordImpl *newDbUniqueRecord();
  93
  94         // New methods not inherited from DbImpl
  95         SecurityServer::DbHandle dbHandle();
  96
  97         void getRecordIdentifier(const CSSM_DB_UNIQUE_RECORD_PTR uniqueRecord, CSSM_DATA &data);
  98         void ssCopyBlob(CSSM_DATA& blob);
  99
 100     // Get the version of this database's encoding
 101     uint32 dbBlobVersion();
 102
 103     // Try to make a backup copy of this database on the filesystem
 104     void makeBackup();
 105
 106     // Try to make a backup copy of this database on the filesystem
 107     void makeCopy(const char* path);
 108
 109     // Try to delete the backing file of this database
 110     // AFter you've done this, operations might fail in strange ways.
 111     void deleteFile();
 112
 113     // Duplicate this database to this location, and return the clone.
 114     // For best results, use on an unlocked SSDatabase, but it should work on a locked one as well.
 115     SSDatabase ssCloneTo(const DLDbIdentifier& dldbidentifier);
 116
 117 protected:
 118         CssmClient::DbUniqueRecord getDbBlobId(CssmDataContainer *dbb = NULL);
 119         void commonCreate (const DLDbIdentifier &dlDbIdentifier, bool &autocommit);
 120
 121     // Load the database from disk, but don't talk with securityd about it
 122     void load(const DLDbIdentifier &dlDbIdentifier);
 123
 124     static uint32 getDbVersionFromBlob(const CssmData& dbb);
 125     uint32 recodeHelper(SecurityServer::DbHandle clonedDbHandle, CssmClient::DbUniqueRecord& dbBlobId);
 126
 127 private:
 128         // 5 minute default autolock time
 129         static const uint32 kDefaultIdleTimeout = 5 * 60;
 130         static const uint8 kDefaultLockOnSleep = true;
 131         static const unsigned kNumIDWords = 4;
 132
 133         DLDbIdentifier mIdentifier;
 134         UnixPlusPlus::ForkMonitor mForked;
 135
 136         SecurityServer::ClientSession &mClientSession;
 137         SecurityServer::DbHandle mSSDbHandle;
 138
 139     // Transaction for remembering if we've taken the file lock
 140     DLTransaction* mTransaction;
 141 };
 142
 143
 144 //
 145 // SSDatabase --  A Security Server aware Db object.
 146 //
 147 class SSDatabase : public CssmClient::Db
 148 {
 149 public:
 150         typedef SSDatabaseImpl Impl;
 151
 152         explicit SSDatabase(SSDatabaseImpl *impl) : CssmClient::Db(impl) {}
 153         SSDatabase() : CssmClient::Db(NULL) {}
 154         SSDatabase(SecurityServer::ClientSession &inClientSession,
 155                            const CssmClient::DL &dl,
 156                            const char *inDbName, const CSSM_NET_ADDRESS *inDbLocation)
 157         : CssmClient::Db(new SSDatabaseImpl(inClientSession, dl, inDbName, inDbLocation)) {}
 158
 159         SSDatabaseImpl *operator ->() const { return &impl<SSDatabaseImpl>(); }
 160         SSDatabaseImpl &operator *() const { return impl<SSDatabaseImpl>(); }
 161
 162         // For convinience only
 163         SecurityServer::DbHandle dbHandle() { return (*this) ? (*this)->dbHandle() : SecurityServer::noDb; }
 164 };
 165
 166
 167 class SSUniqueRecordImpl : public CssmClient::DbUniqueRecordImpl
 168 {
 169 public:
 170         SSUniqueRecordImpl(const SSDatabase &db);
 171         virtual ~SSUniqueRecordImpl();
 172
 173         SSDatabase database() const;
 174 };
 175
 176
 177 class SSUniqueRecord : public CssmClient::DbUniqueRecord
 178 {
 179 public:
 180         typedef SSUniqueRecordImpl Impl;
 181
 182         explicit SSUniqueRecord(SSUniqueRecordImpl *impl) : CssmClient::DbUniqueRecord(impl) {}
 183         SSUniqueRecord() : CssmClient::DbUniqueRecord(NULL) {}
 184         SSUniqueRecord(const SSDatabase &db) : CssmClient::DbUniqueRecord(new SSUniqueRecordImpl(db)) {}
 185
 186         SSUniqueRecordImpl *operator ->() const { return &impl<SSUniqueRecordImpl>(); }
 187         SSUniqueRecordImpl &operator *() const { return impl<SSUniqueRecordImpl>(); }
 188 };
 189
 190
 191 #endif  // _H_SSDATABASE_