Security-57337.60.2.tar.gz

[apple/security.git] / OSX / libsecurity_cdsa_client / lib / securestorage.cpp

diff --git a/OSX/libsecurity_cdsa_client/lib/securestorage.cpp b/OSX/libsecurity_cdsa_client/lib/securestorage.cpp
index 6fb56f0d4bb2135a420270ac177ea4f32f68db09..40b1c0edecc31dfbac8efe86a3c44a37c5e13ec0 100644 (file)
--- a/OSX/libsecurity_cdsa_client/lib/securestorage.cpp
+++ b/OSX/libsecurity_cdsa_client/lib/securestorage.cpp
@@ -411,12 +411,16 @@ SSDbCursorImpl::next(DbAttributes *attributes, ::CssmDataContainer *data,
                                         DbUniqueRecord &uniqueId,
                                         const CSSM_ACCESS_CREDENTIALS *cred)
 {
-       if (!data)
-               return DbDbCursorImpl::next(attributes, data, uniqueId);
+    if (!data) {
+        return DbDbCursorImpl::next(attributes, data, uniqueId);
+    }
 
        DbAttributes noAttrs, *attrs;
        attrs = attributes ? attributes : &noAttrs;
 
+       // To comply with previous behavior, this method will not find symmetric or public/private keys
+       // if you ask for the data of each item.
+
        // Get the datablob for this record
        CssmDataContainer dataBlob(allocator());
        for (;;)
@@ -424,36 +428,42 @@ SSDbCursorImpl::next(DbAttributes *attributes, ::CssmDataContainer *data,
                if (!DbDbCursorImpl::next(attrs, &dataBlob, uniqueId))
                        return false;
 
-               // Keep going until we find a non key type record.
                CSSM_DB_RECORDTYPE rt = attrs->recordType();
-               if (rt != CSSM_DL_DB_RECORD_SYMMETRIC_KEY
-                       && rt != CSSM_DL_DB_RECORD_PRIVATE_KEY
-                       && rt != CSSM_DL_DB_RECORD_PUBLIC_KEY)
+               if (rt == CSSM_DL_DB_RECORD_SYMMETRIC_KEY ||
+                   rt == CSSM_DL_DB_RECORD_PRIVATE_KEY ||
+                   rt == CSSM_DL_DB_RECORD_PUBLIC_KEY)
                {
-                       // @@@ Check the label and if it doesn't start with the magic for a SSKey return the key.
+                       // This is a key. Free it, and then check if we should return the item (but not the data)
+                       database()->csp()->freeKey(*reinterpret_cast<CssmKey *>(dataBlob.Data));
+
+                       if(!data) {
+                               break;
+                       }
+               } else {
+                       // This is a non-key item. Return it.
                        break;
                }
-               else
+       }
+
+       // If the caller requested any data, return the data.
+       if(data) {
+               if (!SSGroupImpl::isGroup(dataBlob))
                {
-                       // Free the key we just retrieved
-                       database()->csp()->freeKey(*reinterpret_cast<CssmKey *>(dataBlob.Data));
+                       data->Data = dataBlob.Data;
+                       data->Length = dataBlob.Length;
+                       dataBlob.Data = NULL;
+                       dataBlob.Length = 0;
+                       return true;
                }
-       }
 
-       if (!SSGroupImpl::isGroup(dataBlob))
-       {
-               data->Data = dataBlob.Data;
-               data->Length = dataBlob.Length;
-               dataBlob.Data = NULL;
-               dataBlob.Length = 0;
-               return true;
-       }
+               // Get the group for dataBlob
+               SSGroup group(database(), dataBlob);
 
-       // Get the group for dataBlob
-       SSGroup group(database(), dataBlob);
+        // TODO: Add attrs to cred
 
-       // Decode the dataBlob, pass in the DL allocator.
-       group->decodeDataBlob(dataBlob, cred, database()->allocator(), *data);
+               // Decode the dataBlob, pass in the DL allocator.
+               group->decodeDataBlob(dataBlob, cred, database()->allocator(), *data);
+       }
        return true;
 }