mSessions[audit.sessionId()] = this;
// log it
- secnotice("SS", "%p Session %d created, uid:%d sessionId:%d", this, this->sessionId(), mAudit.uid(), mAudit.sessionId());
+ secnotice("SecServer", "%p Session %d created, uid:%d sessionId:%d", this, this->sessionId(), mAudit.uid(), mAudit.sessionId());
Syslog::notice("Session %d created", this->sessionId());
}
//
Session::~Session()
{
- secnotice("SS", "%p Session %d destroyed", this, this->sessionId());
+ secnotice("SecServer", "%p Session %d destroyed", this, this->sessionId());
Syslog::notice("Session %d destroyed", this->sessionId());
}
void Session::kill()
{
StLock<Mutex> _(*this); // do we need to take this so early?
- secnotice("SS", "%p killing session %d", this, this->sessionId());
+ secnotice("SecServer", "%p killing session %d", this, this->sessionId());
invalidateSessionAuthHosts();
// base kill processing
mAudit = info;
}
-void Session::verifyKeyStorePassphrase(int32_t retries)
+// Second and third arguments defaults to false
+void Session::verifyKeyStorePassphrase(int32_t retries, bool useForACLFallback, const char *itemname)
{
QueryKeybagPassphrase keybagQuery(*this, retries);
keybagQuery.inferHints(Server::process());
+
+ // Parasitic takeover to enable user confirmation when ACL validation ends up without a database
+ if (useForACLFallback) {
+ keybagQuery.addHint("acl-fallback", &useForACLFallback, sizeof(useForACLFallback));
+ keybagQuery.addHint("keychain-item-name", itemname, itemname ? (uint32_t)strlen(itemname) : 0, 0);
+ }
+
if (keybagQuery.query() != SecurityAgent::noReason) {
CssmError::throwMe(CSSM_ERRCODE_OPERATION_AUTH_DENIED);
}
service_context_t Session::get_current_service_context()
{
- service_context_t context = { sessionId(), originatorUid(), *Server::connection().auditToken() };
+ service_context_t context = { sessionId(), originatorUid(), *Server::connection().auditToken(), 0 };
return context;
}
projects / apple / security.git / blobdiff