+++ /dev/null
-/*
- * Copyright (c) 2000-2004,2006,2011-2012,2014 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-
-//
-// sstransit - Securityd client side transition support.
-//
-#ifndef _H_SSTRANSIT
-#define _H_SSTRANSIT
-
-#include <securityd_client/ssclient.h>
-#include <security_cdsa_utilities/cssmwalkers.h>
-#include <security_cdsa_utilities/AuthorizationWalkers.h>
-#include <securityd_client/ucsp.h>
-#include <securityd_client/ucspNotify.h>
-
-namespace Security {
-namespace SecurityServer {
-
-
-// stock leading argument profile used by (almost) all calls
-#define UCSP_ARGS mGlobal().serverPort, mGlobal().thread().replyPort, &securitydCreds, &rcode
-
-// common invocation profile (don't use directly)
-#define IPCSTART(statement) \
- CSSM_RETURN rcode; security_token_t securitydCreds; check(statement)
-#define IPCEND \
- if (securitydCreds.val[0] != 0 IFDEBUG( && !getenv("SECURITYSERVER_NONROOT"))) \
- CssmError::throwMe(CSSM_ERRCODE_VERIFICATION_FAILURE)
-#define IPCEND_CHECK IPCEND; if (rcode != CSSM_OK) CssmError::throwMe(rcode);
-#define IPCN(statement) { \
- IPCSTART(statement); IPCEND_CHECK; \
- }
-#define IPC(statement) { activate(); IPCN(statement); }
-#define IPCKEY(statement, key, tag) { \
- activate(); IPCSTART(statement); IPCEND; \
- switch (rcode) { \
- case CSSMERR_CSP_APPLE_ADD_APPLICATION_ACL_SUBJECT: \
- notifyAclChange(key, tag); \
- case CSSM_OK: \
- break; \
- default: \
- CssmError::throwMe(rcode); \
- } \
-}
-
-// pass mandatory or optional CssmData arguments into an IPC call
-#define DATA(arg) arg.data(), (mach_msg_type_number_t)(arg.length())
-#define OPTIONALDATA(arg) (arg ? arg->data() : NULL), (mach_msg_type_number_t)(arg ? arg->length() : 0)
-
-// pass mandatory DataOutput argument into an IPC call
-#define DATA_OUT(arg) arg.data(), arg.length()
-
-// pass structured arguments in/out of IPC calls. See "data walkers" for details
-#define COPY(copy) copy, copy.length(), copy
-#define COPY_OUT(copy) ©, ©##Length, ©##Base
-#define COPY_OUT_DECL(type,name) type *name, *name##Base; mach_msg_type_number_t name##Length
-
-
-//
-// DataOutput manages an output CssmData argument.
-//
-class DataOutput {
-public:
- DataOutput(CssmData &arg, Allocator &alloc)
- : allocator(alloc), mTarget(&arg) { mData = NULL; mLength = 0; }
- DataOutput(CssmData *arg, Allocator &alloc)
- : allocator(alloc), mTarget(arg) { mData = NULL; mLength = 0; }
- ~DataOutput();
-
- void **data() { return &mData; }
- mach_msg_type_number_t *length() { return &mLength; }
-
- Allocator &allocator;
-
-private:
- CssmData *mTarget;
- void *mData;
- mach_msg_type_number_t mLength;
-};
-
-
-//
-// Bundle up an AccessCredentials meant for a database, parsing it for
-// "special" samples that need extra evidence to be passed along.
-//
-class DatabaseAccessCredentials : public Copier<AccessCredentials> {
-public:
- DatabaseAccessCredentials(const AccessCredentials *creds, Allocator &alloc);
-
-private:
- void mapKeySample(CssmData &cspHandleData, CssmKey &key);
-};
-
-
-//
-// Handle the standard CSSM data retrieval pattern (attribute vector+data)
-//
-class DataRetrieval : public Copier<CssmDbRecordAttributeData> {
-public:
- DataRetrieval(CssmDbRecordAttributeData *&attrs, Allocator &alloc);
- ~DataRetrieval();
-
- operator CssmDbRecordAttributeData **() { return &mAddr; }
- operator mach_msg_type_number_t *() { return &mLength; }
- CssmDbRecordAttributeData **base() { return &mBase; }
-
-private:
- Allocator &mAllocator;
- CssmDbRecordAttributeData *&mAttributes;
- CssmDbRecordAttributeData *mAddr, *mBase;
- mach_msg_type_number_t mLength;
-};
-
-
-} // namespace SecurityServer
-} // namespace Security
-
-#endif //_H_SSTRANSIT
projects / apple / security.git / blobdiff