case CSSM_APPLE_UNLOCK_TYPE_WRAPPED_PRIVATE:
keyReferral(**it);
break;
+ case CSSM_APPLE_UNLOCK_TYPE_KEYBAG:
+ keybagReferral(**it);
+ break;
default:
- secdebug("kcreferral", "referral type %lu (to %s) not supported",
+ secinfo("kcreferral", "referral type %lu (to %s) not supported",
(unsigned long)(*it)->type(), (*it)->dbName().c_str());
break;
}
}
}
- secdebug("kcreferral", "%lu samples generated", (unsigned long)size());
+ secinfo("kcreferral", "%lu samples generated", (unsigned long)size());
} catch (...) {
- secdebug("kcreferral", "exception setting default credentials for %s; using standard value", database->name());
+ secinfo("kcreferral", "exception setting default credentials for %s; using standard value", database->name());
}
mMade = true;
}
//
// Process a single referral record. This will handle all known types
-// of referrals.
+// of referrals, other than keybag (see keybagReferral).
//
void DefaultCredentials::keyReferral(const UnlockReferralRecord &ref)
{
- secdebug("kcreferral", "processing type %ld referral to %s",
+ secinfo("kcreferral", "processing type %ld referral to %s",
(long)ref.type(), ref.dbName().c_str());
DLDbIdentifier identifier(ref.dbName().c_str(), ref.dbGuid(), ref.dbSSID(), ref.dbSSType());
// try the entire search list (just in case)
try {
- secdebug("kcreferral", "no joy with %s; trying the entire keychain list for guid %s",
+ secinfo("kcreferral", "no joy with %s; trying the entire keychain list for guid %s",
ref.dbName().c_str(), ref.dbGuid().toString().c_str());
unlockKey(ref, fallbackSearchList(identifier));
return;
} catch (...) { }
- secdebug("kcreferral", "no luck at all; we'll skip this record");
+ secinfo("kcreferral", "no luck at all; we'll skip this record");
}
CSSM_DB_RECORDTYPE recordType =
(ref.type() == CSSM_APPLE_UNLOCK_TYPE_KEY_DIRECT) ?
CSSM_DL_DB_RECORD_SYMMETRIC_KEY : CSSM_DL_DB_RECORD_PRIVATE_KEY;
- KCCursor cursor(list, recordType, &search);
+ KCCursor cursor(list, (SecItemClass) recordType, &search);
Item keyItem;
while (cursor->next(keyItem)) {
- secdebug("kcreferral", "located source key in %s", keyItem->keychain()->name());
+ secinfo("kcreferral", "located source key in %s", keyItem->keychain()->name());
// get a reference to the key in the provider keychain
CssmClient::Key key = dynamic_cast<KeyItem &>(*keyItem).key();
return foundSome;
}
+void
+DefaultCredentials::keybagReferral(const UnlockReferralRecord &ref)
+{
+ secinfo("kcreferral", "processing type %ld referral", (long)ref.type());
+
+ try {
+ // assemble and add CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK item
+ append(TypedList(allocator, CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK,
+ new(allocator) ListElement(CSSM_WORDID_KEYBAG_KEY),
+ new(allocator) ListElement(allocator, CssmData::wrap(ref.dbGuid())),
+ new(allocator) ListElement(allocator, ref.get())
+ ));
+ } catch (...) {
+ }
+}
//
// Take the official keychain search list, and return those keychains whose
projects / apple / security.git / blobdiff