* DB files when they are the source of these copies; this is the same mechanism
* used by the underlying AtomicFile.
*
- * The sticky bit in /var/db/mds ensures that users cannot modify other userss private
+ * The sticky bit in /var/db/mds ensures that users cannot modify other users' private
* MDS directories.
*/
namespace Security
#define MDS_SCAN_INTERVAL 5
/* trace file I/O */
-#define MSIoDbg(args...) secdebug("MDS_IO", ## args)
+#define MSIoDbg(args...) secinfo("MDS_IO", ## args)
/* Trace cleanDir() */
-#define MSCleanDirDbg(args...) secdebug("MDS_CleanDir", ## args)
+#define MSCleanDirDbg(args...) secinfo("MDS_CleanDir", ## args)
static std::string GetMDSBaseDBDir(bool isRoot)
{
if (result == 0)
{
// we have an error, log it
- syslog(LOG_CRIT, "confstr on _CS_DARWIN_USER_CACHE_DIR returned an error.");
- CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR);
+ syslog(LOG_CRIT, "confstr on _CS_DARWIN_USER_CACHE_DIR returned an error: %d", errno);
+ CssmError::throwMeNoLogging(CSSM_ERRCODE_MDS_ERROR);
}
retValue = strBuffer;
}
if(purge) {
/* If we can't stat it we sure can't delete it. */
- CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR);
+ CssmError::throwMeNoLogging(CSSM_ERRCODE_MDS_ERROR);
}
return false;
}
if(fileType == S_IFDIR) {
/* directory: clean then remove */
if(cleanDir(filePath, NULL, 0)) {
- CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR);
+ CssmError::throwMeNoLogging(CSSM_ERRCODE_MDS_ERROR);
}
if(rmdir(filePath)) {
MSDebug("rmdir(%s) returned %d", filePath, errno);
- CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR);
+ CssmError::throwMeNoLogging(CSSM_ERRCODE_MDS_ERROR);
}
}
else {
if(unlink(filePath)) {
MSDebug("unlink(%s) returned %d", filePath, errno);
- CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR);
+ CssmError::throwMeNoLogging(CSSM_ERRCODE_MDS_ERROR);
}
}
if(objectExist) {
if(unlink(objDbFile)) {
MSDebug("unlink(%s) returned %d", objDbFile, errno);
- CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR);
+ CssmError::throwMeNoLogging(CSSM_ERRCODE_MDS_ERROR);
}
}
if(directExist) {
if(unlink(directDbFile)) {
MSDebug("unlink(%s) returned %d", directDbFile, errno);
- CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR);
+ CssmError::throwMeNoLogging(CSSM_ERRCODE_MDS_ERROR);
}
}
return false;
// Installation requires root
//
if(geteuid() != (uid_t)0) {
- CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR);
+ CssmError::throwMeNoLogging(CSSM_ERRCODE_MDS_ERROR);
}
//
/* ensure MDS base directory exists with correct permissions */
if(createDir(MDS_BASE_DB_DIR, MDS_SYSTEM_UID, MDS_BASE_DB_DIR_MODE)) {
MSDebug("Error creating base MDS dir; aborting.");
- CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR);
+ CssmError::throwMeNoLogging(CSSM_ERRCODE_MDS_ERROR);
}
/* ensure the the system MDS DB directory exists with correct permissions */
if(createDir(MDS_SYSTEM_DB_DIR, MDS_SYSTEM_UID, MDS_SYSTEM_DB_DIR_MODE)) {
MSDebug("Error creating system MDS dir; aborting.");
- CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR);
+ CssmError::throwMeNoLogging(CSSM_ERRCODE_MDS_ERROR);
}
LockHelper lh;
if(!lh.obtainLock(MDS_INSTALL_LOCK_PATH, DB_LOCK_TIMEOUT)) {
- CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR);
+ CssmError::throwMeNoLogging(CSSM_ERRCODE_MDS_ERROR);
}
/*
const char *savedFile = MDS_INSTALL_LOCK_NAME;
if(cleanDir(MDS_SYSTEM_DB_DIR, &savedFile, 1)) {
/* this should never happen - we're root */
- CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR);
+ CssmError::throwMeNoLogging(CSSM_ERRCODE_MDS_ERROR);
}
const char *savedFiles[] = {MDS_SYSTEM_DB_COMP, kExceptionDeletePath};
if(cleanDir(MDS_BASE_DB_DIR, savedFiles, 2)) {
/* this should never happen - we're root */
- CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR);
+ CssmError::throwMeNoLogging(CSSM_ERRCODE_MDS_ERROR);
}
/*
void
MDSSession::uninstall ()
{
- CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+ CssmError::throwMeNoLogging(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
}
/*
* a system MDS DB file or a per-user MDS DB file).
*/
if(DbName == NULL) {
- CssmError::throwMe(CSSMERR_DL_INVALID_DB_NAME);
+ CssmError::throwMeNoLogging(CSSMERR_DL_INVALID_DB_NAME);
}
const char *dbName;
if(!strcmp(DbName, MDS_OBJECT_DIRECTORY_NAME)) {
dbName = MDS_DIRECT_DB_NAME;
}
else {
- CssmError::throwMe(CSSMERR_DL_INVALID_DB_NAME);
+ CssmError::throwMeNoLogging(CSSMERR_DL_INVALID_DB_NAME);
}
char fullPath[MAXPATHLEN];
dbFullPath(dbName, fullPath);
char **DbName)
{
printf("GetDbNameFromHandle: code on demand\n");
- CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR);
+ CssmError::throwMeNoLogging(CSSM_ERRCODE_MDS_ERROR);
}
//
{
mFD = -1;
for(;;) {
- secdebug("mdslock", "obtainLock: calling open(%s)", lockFile);
+ secinfo("mdslock", "obtainLock: calling open(%s)", lockFile);
mFD = open(lockFile, O_EXLOCK | O_CREAT | O_RDWR, 0644);
if(mFD == -1) {
int err = errno;
- secdebug("mdslock", "obtainLock: open error %d", errno);
+ secinfo("mdslock", "obtainLock: open error %d", errno);
if(err == EINTR) {
/* got a signal, go again */
continue;
}
}
else {
- secdebug("mdslock", "obtainLock: success");
+ secinfo("mdslock", "obtainLock: success");
return true;
}
}
-
- /* not reached */
- return false;
}
//
MDSSession::LockHelper::~LockHelper()
{
- secdebug("mdslock", "releaseLock");
+ secinfo("mdslock", "releaseLock");
if (mFD == -1)
{
return;
if(!doesFileExist(fromPath, fromUid, false, sb)) {
MSDebug("safeCopyFile: bad system DB file %s", fromPath);
- CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR);
+ CssmError::throwMeNoLogging(CSSM_ERRCODE_MDS_ERROR);
}
/* create temp destination */
if(destFd < 0) {
error = errno;
MSDebug("Error %d opening user DB file %s\n", error, tmpToPath);
- UnixError::throwMe(error);
+ UnixError::throwMeNoLogging(error);
}
struct flock fl;
if(fchmod(destFd, toMode)) {
error = errno;
MSDebug("Error %d chmoding user DB file %s\n", error, tmpToPath);
- UnixError::throwMe(error);
+ UnixError::throwMeNoLogging(error);
}
/* open source for reading */
if(srcFd < 0) {
error = errno;
MSDebug("Error %d opening system DB file %s\n", error, fromPath);
- UnixError::throwMe(error);
+ UnixError::throwMeNoLogging(error);
}
/* acquire the same kind of lock AtomicFile uses */
continue;
}
MSDebug("Error %d locking system DB file %s\n", error, fromPath);
- UnixError::throwMe(error);
+ UnixError::throwMeNoLogging(error);
}
else {
break;
- haveLock = true;
+ //haveLock = true;
}
}
delete [] buf;
error = errno;
MSDebug("Error %d reading system DB file %s\n", error, fromPath);
- UnixError::throwMe(error);
+ UnixError::throwMeNoLogging(error);
}
ssize_t bytesWritten;
delete [] buf;
error = errno;
MSDebug("Error %d writing user DB file %s\n", error, tmpToPath);
- UnixError::throwMe(error);
+ UnixError::throwMeNoLogging(error);
}
}
delete [] buf;
}
}
if(error) {
- UnixError::throwMe(error);
+ UnixError::throwMeNoLogging(error);
}
}
LockHelper lh;
if(!lh.obtainLock(userDbLockPath.c_str(), DB_LOCK_TIMEOUT)) {
- CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR);
+ CssmError::throwMeNoLogging(CSSM_ERRCODE_MDS_ERROR);
}
try {
if(!isRoot) {
free(dbInfoP->DefaultParsingModules);
free(dbInfoP->RecordAttributeNames);
free(dbInfoP->RecordIndexes);
- CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR);
+ CssmError::throwMeNoLogging(CSSM_ERRCODE_MDS_ERROR);
}
free(dbInfoP->DefaultParsingModules);
free(dbInfoP->RecordAttributeNames);
if(rtn) {
int error = errno;
MSDebug("Error %d statting DB file %s", error, path);
- UnixError::throwMe(error);
+ UnixError::throwMeNoLogging(error);
}
mLaterTimestamp = sb.st_mtimespec.tv_sec;
sprintf(path, "%s/%s", mDbPath, MDS_DIRECT_DB_NAME);
if(rtn) {
int error = errno;
MSDebug("Error %d statting DB file %s", error, path);
- UnixError::throwMe(error);
+ UnixError::throwMeNoLogging(error);
}
if(sb.st_mtimespec.tv_sec > mLaterTimestamp) {
mLaterTimestamp = sb.st_mtimespec.tv_sec;
MDSSession::DbFilesInfo::TbdRecord::TbdRecord(
const CSSM_DATA &guid)
{
- assert(guid.Length <= MAX_GUID_LEN);
- assert(guid.Length != 0);
- memmove(mGuid, guid.Data, guid.Length);
- if(mGuid[guid.Length - 1] != '\0') {
- mGuid[guid.Length] = '\0';
- }
+ if (guid.Length != 0 && guid.Length < MAX_GUID_LEN) {
+ memmove(mGuid, guid.Data, guid.Length);
+ // mGuid is treated as a string elsewhere; terminate
+ mGuid[guid.Length] = '\0';
+ }
}
/*
obsolete = true;
}
if(obsolete) {
- TbdRecord *tbdRecord = new TbdRecord(guidValue);
- tbdVector.push_back(tbdRecord);
- MSDebug("checkOutdatedPlugin: flagging %s obsolete", path.c_str());
+ if (guidValue.Length != 0 && guidValue.Length < MAX_GUID_LEN) {
+ TbdRecord *tbdRecord = new TbdRecord(guidValue);
+ tbdVector.push_back(tbdRecord);
+ MSDebug("checkOutdatedPlugin: flagging %s obsolete", path.c_str());
+ } else {
+ MSDebug("checkOutdatedPlugin: flagging %s obsolete, but guid length is invalid (%zu)", path.c_str(), guidValue.Length);
+ }
}
}
projects / apple / security.git / blobdiff