*/
#include "SecBridge.h"
-#include "SecCertificatePriv.h"
-#include "SecTrustSettings.h"
-#include "SecTrustSettingsPriv.h"
+#include <Security/SecCertificatePriv.h>
+#include <Security/SecTrustSettings.h>
+#include <Security/SecTrustSettingsPriv.h>
#include "SecTrustSettingsCertificates.h"
#include "SecCFRelease.h"
#include "TrustSettingsUtils.h"
#include <security_utilities/simpleprefs.h>
#include <securityd_client/dictionary.h>
#include <securityd_client/ssclient.h>
-#include <assert.h>
+#include <security_utilities/simulatecrash_assert.h>
#include <dlfcn.h>
#include <libproc.h>
#include <syslog.h>
Dictionary* dictionary = Dictionary::CreateDictionary(kSecTrustSettingsPrefsDomain, Dictionary::US_System);
if (dictionary)
{
- auto_ptr<Dictionary> prefsDict(dictionary);
+ unique_ptr<Dictionary> prefsDict(dictionary);
/* this returns false if the pref isn't there, just like we want */
tsUserTrustDisable = prefsDict->getBoolValue(kSecTrustSettingsDisableUserTrustSettings);
}
static void tsTrustSettingsChanged()
{
tsPurgeCache();
+ SecTrustSettingsPurgeUserAdminCertsCache();
/* The only interesting data is our pid */
NameValueDictionary nvd;
return result;
}
- auto_ptr<TrustSettings>_(ts); // make sure this gets deleted just in case something throws underneath
+ unique_ptr<TrustSettings>_(ts); // make sure this gets deleted just in case something throws underneath
if(trustSettings) {
*trustSettings = ts->copyTrustSettings(cert);
END_RCSAPI
}
+/*
+ * Common code for SecTrustSettingsCopyTrustSettings(),
+ * SecTrustSettingsCopyModificationDate().
+ */
+static OSStatus tsCopyTrustSettings_cached(
+ SecCertificateRef cert,
+ SecTrustSettingsDomain domain,
+ CFArrayRef CF_RETURNS_RETAINED *trustSettings)
+{
+ BEGIN_RCSAPI
+
+ TS_REQUIRED(cert)
+
+ StLock<Mutex> _(sutCacheLock());
+ TrustSettings* ts = tsGetGlobalTrustSettings(domain);
+
+ // rather than throw these results, just return them because we are at the top level
+ if (ts == NULL) {
+ return errSecItemNotFound;
+ }
+
+ if(trustSettings) {
+ *trustSettings = ts->copyTrustSettings(cert);
+ }
+
+ END_RCSAPI
+}
+
+static OSStatus tsContains(
+ SecCertificateRef cert,
+ SecTrustSettingsDomain domain)
+{
+ BEGIN_RCSAPI
+
+ TS_REQUIRED(cert)
+
+ StLock<Mutex> _(sutCacheLock());
+ TrustSettings* ts = tsGetGlobalTrustSettings(domain);
+
+ // rather than throw these results, just return them because we are at the top level
+ if (ts == NULL) {
+ return errSecItemNotFound;
+ }
+
+ if (ts->contains(cert)) {
+ return errSecSuccess;
+ } else {
+ return errSecItemNotFound;
+ }
+
+ END_RCSAPI
+}
+
static void tsAddConditionalCerts(CFMutableArrayRef certArray);
/*
return result;
}
- auto_ptr<TrustSettings>_(ts);
+ unique_ptr<TrustSettings>_(ts);
if(certRef != NULL) {
ts->setTrustSettings(certRef, trustSettingsDictOrArray);
END_RCSAPI
}
+void SecTrustSettingsPurgeCache(void) {
+ tsPurgeCache();
+}
+
+OSStatus SecTrustSettingsCopyTrustSettings_Cached(
+ SecCertificateRef certRef,
+ SecTrustSettingsDomain domain,
+ CFArrayRef CF_RETURNS_RETAINED *trustSettings) /* RETURNED */
+{
+ TS_REQUIRED(certRef)
+ TS_REQUIRED(trustSettings)
+
+ OSStatus result = tsCopyTrustSettings_cached(certRef, domain, trustSettings);
+ if (result == errSecSuccess && *trustSettings == NULL) {
+ result = errSecItemNotFound; /* documented result if no trust settings exist */
+ }
+ return result;
+}
+
#pragma mark --- API functions ---
OSStatus SecTrustSettingsCopyTrustSettings(
return result;
}
- auto_ptr<TrustSettings>_(ts);
+ unique_ptr<TrustSettings>_(ts);
ts->setTrustSettings(certRef, trustSettingsDictOrArray);
ts->flushToDisk();
return result;
}
- auto_ptr<TrustSettings>_(ts);
+ unique_ptr<TrustSettings>_(ts);
/* deleteTrustSettings throws if record not found */
trustSettingsDbg("SecTrustSettingsRemoveTrustSettings: deleting from domain %d",
return status;
}
- auto_ptr<TrustSettings>_(ts);
+ unique_ptr<TrustSettings>_(ts);
CFMutableArrayRef outArray = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
return result;
}
+bool SecTrustSettingsUserAdminDomainsContain(SecCertificateRef certRef)
+{
+ TS_REQUIRED(certRef)
+ if (tsContains(certRef, kSecTrustSettingsDomainAdmin) == errSecSuccess ||
+ tsContains(certRef, kSecTrustSettingsDomainUser) == errSecSuccess) {
+ return true;
+ }
+ return false;
+}
+
/*
* Obtain an external, portable representation of the specified
* domain's TrustSettings. Caller must CFRelease the returned data.
return result;
}
- auto_ptr<TrustSettings>_(ts);
+ unique_ptr<TrustSettings>_(ts);
*trustSettings = ts->createExternal();
return errSecSuccess;
return result;
}
- auto_ptr<TrustSettings>_(ts);
+ unique_ptr<TrustSettings>_(ts);
ts->flushToDisk();
tsTrustSettingsChanged();
projects / apple / security.git / blobdiff