OSX/libsecurityd/lib/sstransit.h

   1 /*
   2  * Copyright (c) 2000-2004,2006,2011-2012,2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24
  25 //
  26 // sstransit - Securityd client side transition support.
  27 //
  28 #ifndef _H_SSTRANSIT
  29 #define _H_SSTRANSIT
  30
  31 #include <securityd_client/ssclient.h>
  32 #include <security_cdsa_utilities/cssmwalkers.h>
  33 #include <security_cdsa_utilities/AuthorizationWalkers.h>
  34 #include <securityd_client/ucsp.h>
  35 #include <securityd_client/ucspNotify.h>
  36
  37 namespace Security {
  38 namespace SecurityServer {
  39
  40
  41 // stock leading argument profile used by (almost) all calls
  42 #define UCSP_ARGS       mGlobal().serverPort, mGlobal().thread().replyPort, &securitydCreds, &rcode
  43
  44 // common invocation profile (don't use directly)
  45 #define IPCSTART(statement) \
  46         CSSM_RETURN rcode; security_token_t securitydCreds; check(statement)
  47 #define IPCEND \
  48         if (securitydCreds.val[0] != 0   IFDEBUG( && !getenv("SECURITYSERVER_NONROOT"))) \
  49                 CssmError::throwMe(CSSM_ERRCODE_VERIFICATION_FAILURE)
  50 #define IPCEND_CHECK    IPCEND; if (rcode != CSSM_OK) CssmError::throwMe(rcode);
  51 #define IPCN(statement) { \
  52         IPCSTART(statement); IPCEND_CHECK;  \
  53         }
  54 #define IPC(statement)  { activate(); IPCN(statement); }
  55 #define IPCKEY(statement, key, tag) { \
  56         activate(); IPCSTART(statement); IPCEND; \
  57         switch (rcode) { \
  58         case CSSMERR_CSP_APPLE_ADD_APPLICATION_ACL_SUBJECT: \
  59                 notifyAclChange(key, tag); \
  60         case CSSM_OK: \
  61                 break; \
  62         default: \
  63                 CssmError::throwMe(rcode); \
  64         } \
  65 }
  66
  67 // pass mandatory or optional CssmData arguments into an IPC call
  68 #define DATA(arg)                       arg.data(), (mach_msg_type_number_t)(arg.length())
  69 #define OPTIONALDATA(arg)       (arg ? arg->data() : NULL), (mach_msg_type_number_t)(arg ? arg->length() : 0)
  70
  71 // pass mandatory DataOutput argument into an IPC call
  72 #define DATA_OUT(arg)                   arg.data(), arg.length()
  73
  74 // pass structured arguments in/out of IPC calls. See "data walkers" for details
  75 #define COPY(copy)                      copy, copy.length(), copy
  76 #define COPY_OUT(copy)          &copy, &copy##Length, &copy##Base
  77 #define COPY_OUT_DECL(type,name) type *name, *name##Base; mach_msg_type_number_t name##Length
  78
  79
  80 //
  81 // DataOutput manages an output CssmData argument.
  82 //
  83 class DataOutput {
  84 public:
  85         DataOutput(CssmData &arg, Allocator &alloc)
  86                 : allocator(alloc), mTarget(&arg) { mData = NULL; mLength = 0; }
  87         DataOutput(CssmData *arg, Allocator &alloc)
  88                 : allocator(alloc), mTarget(arg) { mData = NULL; mLength = 0; }
  89         ~DataOutput();
  90
  91         void **data() { return &mData; }
  92         mach_msg_type_number_t *length() { return &mLength; }
  93
  94         Allocator &allocator;
  95
  96 private:
  97         CssmData *mTarget;
  98         void *mData;
  99         mach_msg_type_number_t mLength;
 100 };
 101
 102
 103 //
 104 // Bundle up an AccessCredentials meant for a database, parsing it for
 105 // "special" samples that need extra evidence to be passed along.
 106 //
 107 class DatabaseAccessCredentials : public Copier<AccessCredentials> {
 108 public:
 109         DatabaseAccessCredentials(const AccessCredentials *creds, Allocator &alloc);
 110
 111 private:
 112         void mapKeySample(CssmData &cspHandleData, CssmKey &key);
 113 };
 114
 115
 116 //
 117 // Handle the standard CSSM data retrieval pattern (attribute vector+data)
 118 //
 119 class DataRetrieval : public Copier<CssmDbRecordAttributeData> {
 120 public:
 121         DataRetrieval(CssmDbRecordAttributeData *&attrs, Allocator &alloc);
 122         ~DataRetrieval();
 123
 124         operator CssmDbRecordAttributeData **() { return &mAddr; }
 125         operator mach_msg_type_number_t *() { return &mLength; }
 126         CssmDbRecordAttributeData **base() { return &mBase; }
 127
 128 private:
 129         Allocator &mAllocator;
 130         CssmDbRecordAttributeData *&mAttributes;
 131         CssmDbRecordAttributeData *mAddr, *mBase;
 132         mach_msg_type_number_t mLength;
 133 };
 134
 135
 136 } // namespace SecurityServer
 137 } // namespace Security
 138
 139 #endif //_H_SSTRANSIT