Security-59306.61.1.tar.gz

[apple/security.git] / OSX / libsecurity_filedb / lib / AppleDatabase.cpp

diff --git a/OSX/libsecurity_filedb/lib/AppleDatabase.cpp b/OSX/libsecurity_filedb/lib/AppleDatabase.cpp
index ddad1a74be58123b1ddc4c39d0088a6271b0345e..60b47123f3d34337ec2f08cee985ce5b48a30d76 100644 (file)
--- a/OSX/libsecurity_filedb/lib/AppleDatabase.cpp
+++ b/OSX/libsecurity_filedb/lib/AppleDatabase.cpp
@@ -34,6 +34,7 @@
 #include <fcntl.h>
 #include <Security/cssmapplePriv.h>
 #include <syslog.h>
 #include <fcntl.h>
 #include <Security/cssmapplePriv.h>
 #include <syslog.h>

+#include <copyfile.h>

 
 static const char *kAppleDatabaseChanged = "com.apple.AppleDatabaseChanged";
 
 
 static const char *kAppleDatabaseChanged = "com.apple.AppleDatabaseChanged";
 


@@ -1686,6 +1687,8 @@ DbModifier::commit()
         return;
     try
     {
         return;
     try
     {

+        secinfo("integrity", "committing to %s", mAtomicFile.path().c_str());
+

                WriteSection aHeaderSection(Allocator::standard(), size_t(HeaderSize));
                // Set aHeaderSection to the correct size.
                aHeaderSection.size(HeaderSize);
                WriteSection aHeaderSection(Allocator::standard(), size_t(HeaderSize));
                // Set aHeaderSection to the correct size.
                aHeaderSection.size(HeaderSize);


@@ -2291,40 +2294,6 @@ AppleDatabase::dataDelete(DbContext &inDbContext,
 {
     try
     {
 {
     try
     {

-               // syslog if it's the .Mac password
-               CSSM_DB_RECORD_ATTRIBUTE_DATA attrData;
-               // we have to do this in two phases -- the first to get the record type, and the second to actually read the attributes.  Otherwise, we might get
-               // an exception.
-               memset(&attrData, 0, sizeof(attrData));
-               dataGetFromUniqueRecordId(inDbContext, inUniqueRecord, &attrData, NULL);
-
-               if (attrData.DataRecordType == CSSM_DL_DB_RECORD_GENERIC_PASSWORD)
-               {
-                       CSSM_DB_ATTRIBUTE_DATA attributes;
-
-                       // setup some attributes and see if we are indeed the .Mac password
-                       attributes.Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER;
-                       attributes.Info.Label.AttributeID = 'svce';
-                       attributes.Info.AttributeFormat = 0;
-                       attributes.NumberOfValues = 1;
-                       attributes.Value = NULL;
-
-                       attrData.NumberOfAttributes = 1;
-                       attrData.AttributeData = &attributes;
-
-                       dataGetFromUniqueRecordId(inDbContext, inUniqueRecord, &attrData, NULL);
-
-                       // now check the results
-                       std::string dataString((const char*) attrData.AttributeData[0].Value[0].Data, attrData.AttributeData[0].Value[0].Length);
-                       if (dataString == "iTools")
-                       {
-                               syslog(LOG_WARNING, "Warning: Removed .Me password");
-                       }
-
-                       free(attrData.AttributeData[0].Value[0].Data);
-                       free(attrData.AttributeData[0].Value);
-               }
-

                StLock<Mutex> _(mWriteLock);
                Table::Id aTableId;
                const RecordId aRecordId(parseUniqueRecord(inUniqueRecord, aTableId));
                StLock<Mutex> _(mWriteLock);
                Table::Id aTableId;
                const RecordId aRecordId(parseUniqueRecord(inUniqueRecord, aTableId));


@@ -2539,6 +2508,22 @@ AppleDatabase::passThrough(DbContext &dbContext,
                mDbModifier.rollback();
                break;
 
                mDbModifier.rollback();
                break;
 

+    case CSSM_APPLEFILEDL_TAKE_FILE_LOCK:
+        mDbModifier.modifyDatabase();
+        break;
+
+    case CSSM_APPLEFILEDL_MAKE_BACKUP:
+        dbMakeBackup();
+        break;
+
+    case CSSM_APPLEFILEDL_MAKE_COPY:
+        dbMakeCopy((const char *) inputParams);
+        break;
+
+    case CSSM_APPLEFILEDL_DELETE_FILE:
+        dbDeleteFile();
+        break;
+

        case CSSM_APPLECSPDL_DB_RELATION_EXISTS:
        {
                CSSM_BOOL returnValue;
        case CSSM_APPLECSPDL_DB_RELATION_EXISTS:
        {
                CSSM_BOOL returnValue;


@@ -2559,6 +2544,30 @@ AppleDatabase::passThrough(DbContext &dbContext,
 
        default:
                CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
 
        default:
                CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);

-               break;

        }
 }
        }
 }

+
+void
+AppleDatabase::dbMakeBackup() {
+    // Make a backup copy next to the current keychain, with filename pattern original.keychain_XXXXXX_backup
+    char * filename_temp_cstr = tempnam( mAtomicFile.dir().c_str(), (mAtomicFile.file() + "_").c_str() );
+    string filename_temp(filename_temp_cstr);
+    filename_temp += "_backup";
+
+    free(filename_temp_cstr);
+
+    dbMakeCopy(filename_temp.c_str());
+}
+
+void
+AppleDatabase::dbMakeCopy(const char* path) {
+    if(copyfile(mAtomicFile.path().c_str(), path, NULL, COPYFILE_UNLINK | COPYFILE_ALL) < 0) {
+        UnixError::throwMe(errno);
+    }
+}
+
+void AppleDatabase::dbDeleteFile() {
+    if(unlink(mAtomicFile.path().c_str()) < 0) {
+        UnixError::throwMe(errno);
+    }
+}