]> git.saurik.com Git - apple/security.git/blobdiff - OSX/libsecurity_apple_cspdl/lib/SSCSPDLSession.cpp
Security-59306.61.1.tar.gz
[apple/security.git] / OSX / libsecurity_apple_cspdl / lib / SSCSPDLSession.cpp
index 3c6b24e4f0ae74dcfe533cf0c1d1c8a8a0c1108b..e4cbb8996f208ec06c56a66b9a432ca2f2a49b5c 100644 (file)
@@ -79,8 +79,14 @@ SSCSPDLSession::makeReferenceKey(SSCSPSession &session, KeyHandle inKeyHandle,
                                                                 CssmKey &outKey, SSDatabase &inSSDatabase,
                                                                 uint32 inKeyAttr, const CssmData *inKeyLabel)
 {
                                                                 CssmKey &outKey, SSDatabase &inSSDatabase,
                                                                 uint32 inKeyAttr, const CssmData *inKeyLabel)
 {
-       new SSKey(session, inKeyHandle, outKey, inSSDatabase, inKeyAttr,
+// The analyzer doesn't know what to do with the naked creation of an item
+#ifndef __clang_analyzer__
+       SSKey* sskey = new SSKey(session, inKeyHandle, outKey, inSSDatabase, inKeyAttr,
                          inKeyLabel);
                          inKeyLabel);
+    (void) sskey; // Compiler thinks this variable isn't used, but we want the side effects of creation. Tell the compiler it's okay.
+
+    secinfo("SecAccessReference", "made a new reference sskey with handle %d [%ld]", sskey->keyHandle(), sskey->keyReference());
+#endif
 }
 
 SSKey &
 }
 
 SSKey &
@@ -93,6 +99,8 @@ SSCSPDLSession::lookupKey(const CssmKey &inKey)
        
        /* fetch key (this is just mapping the value in inKey.KeyData to an SSKey) */
        SSKey &theKey = find<SSKey>(inKey);
        
        /* fetch key (this is just mapping the value in inKey.KeyData to an SSKey) */
        SSKey &theKey = find<SSKey>(inKey);
+
+    secinfo("SecAccessReference", "looked up a sskey with handle %d [%ld]", theKey.keyHandle(), theKey.keyReference());
        
        #ifdef someday 
        /* 
        
        #ifdef someday 
        /* 
@@ -117,6 +125,8 @@ void
 SSCSPDLSession::didChangeKeyAcl(SecurityServer::ClientSession &clientSession,
        KeyHandle keyHandle, CSSM_ACL_AUTHORIZATION_TAG tag)
 {
 SSCSPDLSession::didChangeKeyAcl(SecurityServer::ClientSession &clientSession,
        KeyHandle keyHandle, CSSM_ACL_AUTHORIZATION_TAG tag)
 {
+    StLock<Mutex> __(mKeyDeletionMutex);  // The key can't be deleted while we're poking at it, on pain of crashing
+
        SSKey *theKey = NULL;
 
        {
        SSKey *theKey = NULL;
 
        {
@@ -143,7 +153,7 @@ SSCSPDLSession::didChangeKeyAcl(SecurityServer::ClientSession &clientSession,
        else
        {
                // @@@ Should we really throw here or just continue without updating the ACL?  In reality this should never happen, so let's at least log it and throw.
        else
        {
                // @@@ Should we really throw here or just continue without updating the ACL?  In reality this should never happen, so let's at least log it and throw.
-               secdebug("keyacl", "SSCSPDLSession::didChangeKeyAcl() keyHandle: %lu not found in map", (unsigned long)keyHandle);
+               secinfo("keyacl", "SSCSPDLSession::didChangeKeyAcl() keyHandle: %lu not found in map", (unsigned long)keyHandle);
                CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_REFERENCE);
        }
 }
                CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_REFERENCE);
        }
 }
@@ -173,7 +183,7 @@ void
 ClientSessionKey::getAcl(AutoAclEntryInfoList &aclInfos,
        const char *selectionTag) const
 {
 ClientSessionKey::getAcl(AutoAclEntryInfoList &aclInfos,
        const char *selectionTag) const
 {
-       secdebug("keyacl", "ClientSessionKey::getAcl() keyHandle: %u", mKeyHandle);
+       secinfo("keyacl", "ClientSessionKey::getAcl() keyHandle: %u", mKeyHandle);
        aclInfos.allocator(mClientSession.returnAllocator);
        mClientSession.getKeyAcl(mKeyHandle, selectionTag,
                *static_cast<uint32 *>(aclInfos),
        aclInfos.allocator(mClientSession.returnAllocator);
        mClientSession.getKeyAcl(mKeyHandle, selectionTag,
                *static_cast<uint32 *>(aclInfos),
@@ -184,14 +194,14 @@ void
 ClientSessionKey::changeAcl(const CSSM_ACL_EDIT &aclEdit,
        const CSSM_ACCESS_CREDENTIALS *cred)
 {
 ClientSessionKey::changeAcl(const CSSM_ACL_EDIT &aclEdit,
        const CSSM_ACCESS_CREDENTIALS *cred)
 {
-       secdebug("keyacl", "ClientSessionKey::changeAcl() keyHandle: %u", mKeyHandle);
+       secinfo("keyacl", "ClientSessionKey::changeAcl() keyHandle: %u", mKeyHandle);
        mClientSession.changeKeyAcl(mKeyHandle, AccessCredentials::overlay(*cred), AclEdit::overlay(aclEdit));
 }
 
 void
 ClientSessionKey::getOwner(AutoAclOwnerPrototype &owner) const
 {
        mClientSession.changeKeyAcl(mKeyHandle, AccessCredentials::overlay(*cred), AclEdit::overlay(aclEdit));
 }
 
 void
 ClientSessionKey::getOwner(AutoAclOwnerPrototype &owner) const
 {
-       secdebug("keyacl", "ClientSessionKey::getOwner() keyHandle: %u", mKeyHandle);
+       secinfo("keyacl", "ClientSessionKey::getOwner() keyHandle: %u", mKeyHandle);
        owner.allocator(mClientSession.returnAllocator);
        mClientSession.getKeyOwner(mKeyHandle,
                *reinterpret_cast<AclOwnerPrototype *>(static_cast<CSSM_ACL_OWNER_PROTOTYPE *>(owner)));
        owner.allocator(mClientSession.returnAllocator);
        mClientSession.getKeyOwner(mKeyHandle,
                *reinterpret_cast<AclOwnerPrototype *>(static_cast<CSSM_ACL_OWNER_PROTOTYPE *>(owner)));
@@ -201,7 +211,7 @@ void
 ClientSessionKey::changeOwner(const CSSM_ACL_OWNER_PROTOTYPE &newOwner,
        const CSSM_ACCESS_CREDENTIALS *cred)
 {
 ClientSessionKey::changeOwner(const CSSM_ACL_OWNER_PROTOTYPE &newOwner,
        const CSSM_ACCESS_CREDENTIALS *cred)
 {
-       secdebug("keyacl", "ClientSessionKey::changeOwner() keyHandle: %u", mKeyHandle);
+       secinfo("keyacl", "ClientSessionKey::changeOwner() keyHandle: %u", mKeyHandle);
        mClientSession.changeKeyOwner(mKeyHandle, AccessCredentials::overlay(*cred), AclOwnerPrototype::overlay(newOwner));
 }
 
        mClientSession.changeKeyOwner(mKeyHandle, AccessCredentials::overlay(*cred), AclOwnerPrototype::overlay(newOwner));
 }