-/*
- * mdsLookup.cpp - demonstrate some MDS lookups
- */
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <Security/mds.h>
-#include <Security/mds_schema.h>
-#include <Security/oidsalg.h> // for TP OIDs
-#include "common.h"
-#include <strings.h>
-
-/* the memory functions themselves are in utilLib/common.c. */
-static CSSM_MEMORY_FUNCS memFuncs = {
- appMalloc,
- appFree,
- appRealloc,
- appCalloc,
- NULL
- };
-
-static void usage(char **argv)
-{
- printf("Usage: %s [options]\n", argv[0]);
- printf("Options:\n");
- printf(" k keep connected and go again\n");
- exit(1);
-}
-
-#define NORM_KEY_LEN 10
-
-/* print a key name, padding out to NORM_KEY_LEN columns */
-static void printName(
- const char *attrName)
-{
- printf(" %s", attrName);
- int len = strlen(attrName);
- if(len > NORM_KEY_LEN) {
- return;
- }
- int numSpaces = NORM_KEY_LEN - len;
- for(int i=0; i<numSpaces; i++) {
- putchar(' ');
- }
-
-}
-
-/* print value string, surrounded by single quotes, then a newline */
-static void printValue(
- const CSSM_DATA *attrValue)
-{
- printf("'");
- for(uint32 dex=0; dex<attrValue->Length; dex++) {
- printf("%c", attrValue->Data[dex]);
- }
- printf("'\n");
-}
-
-/* Print one attribute value */
-static void dumpAttr(
- CSSM_DB_ATTRIBUTE_FORMAT attrForm,
- const CSSM_DATA *attrData)
-{
- if((attrData == NULL) || (attrData->Data == NULL)) {
- printf("<NULL DATA>\n");
- return;
- }
- void *data = attrData->Data;
- switch(attrForm) {
- case CSSM_DB_ATTRIBUTE_FORMAT_STRING:
- printValue(attrData);
- break;
- case CSSM_DB_ATTRIBUTE_FORMAT_SINT32: // not really supported in MDS
- case CSSM_DB_ATTRIBUTE_FORMAT_UINT32:
- {
- unsigned val = *(unsigned *)data;
- printf("0x%x\n", val);
- break;
- }
- case CSSM_DB_ATTRIBUTE_FORMAT_BLOB:
- {
- printf("BLOB length %u : ", (unsigned)attrData->Length);
- for(unsigned i=0; i<attrData->Length; i++) {
- unsigned dat = attrData->Data[i];
- printf("%02X ", dat);
- }
- printf("\n");
- break;
- }
- case CSSM_DB_ATTRIBUTE_FORMAT_MULTI_UINT32:
- {
- printf("multi_int[");
- uint32 numInts = attrData->Length / sizeof(uint32);
- uint32 *uip = (uint32 *)data;
- for(unsigned i=0; i<numInts; i++) {
- if(i > 0) {
- printf(", ");
- }
- printf("0x%x", (unsigned)*uip++);
- }
- printf("]\n");
- break;
- }
- default:
- printf("***UNKNOWN FORMAT (%u), Length %u\n",
- (unsigned)attrForm, (unsigned)attrData->Length);
- break;
- }
-}
-
-/*
- * Vanilla "dump one record" routine. Assumes format of all attribute labels
- * as string.
- */
-static void dumpRecord(
- const CSSM_DB_RECORD_ATTRIBUTE_DATA *recordAttrs)
-{
- unsigned dex;
- for(dex=0; dex<recordAttrs->NumberOfAttributes; dex++) {
- const CSSM_DB_ATTRIBUTE_DATA *attrData = &recordAttrs->AttributeData[dex];
- if(attrData->Info.AttributeNameFormat !=
- CSSM_DB_ATTRIBUTE_NAME_AS_STRING) {
- printf("***BAD ATTR_NAME FORMAT (%u)\n",
- (unsigned)attrData->Info.AttributeNameFormat);
- continue;
- }
- const char *attrName = attrData->Info.Label.AttributeName;
- printName(attrName);
- printf(": ");
- for(unsigned attrNum=0; attrNum<attrData->NumberOfValues; attrNum++) {
- dumpAttr(attrData->Info.AttributeFormat,
- &attrData->Value[attrNum]);
- }
- if(attrData->NumberOfValues == 0) {
- printf("<<no values present>>\n");
- }
- }
-}
-
-/* free attribute(s) allocated by MDS */
-static void freeAttrs(
- CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR recordAttrs)
-{
- unsigned i;
-
- for(i=0; i<recordAttrs->NumberOfAttributes; i++) {
- CSSM_DB_ATTRIBUTE_DATA_PTR attrData = &recordAttrs->AttributeData[i];
- if(attrData == NULL) {
- /* fault of caller, who allocated the CSSM_DB_ATTRIBUTE_DATA */
- printf("***freeAttrs screwup: NULL attrData\n");
- return;
- }
- unsigned j;
- for(j=0; j<attrData->NumberOfValues; j++) {
- CSSM_DATA_PTR data = &attrData->Value[j];
- if(data == NULL) {
- /* fault of MDS, who said there was a value here */
- printf("***freeAttrs screwup: NULL data\n");
- return;
- }
- appFree(data->Data, NULL);
- data->Data = NULL;
- data->Length = 0;
- }
- appFree(attrData->Value, NULL);
- attrData->Value = NULL;
- }
-}
-
-/*
- * Core MDS lookup routine. Used in two situations. It's called by main() to perform
- * a lookup in the CDSA Directory Database based one one key/value pair; this
- * call fetches one attribute from the associated record - the GUID ("ModuleID"
- * in MDS lingo). Then the function calls itself to do a lookup in the Object DB,
- * based on that GUID, in order to fetch the path of the module associated with
- * that GUID. The first call (from main()) corresponds to an application's
- * typical use of MDS. The recursive call, which does a lookup in the Object
- * DB, corresponds to CSSM's typical use of MDS, which is to map a GUID to a
- * bundle path.
- *
- * The ModuleID and Path of all modules satisfying the initial search criteria
- * are displayed on stdout.
- *
- * Caller specifies one search attribute, by name, value,Êand value format.
- * Whether this is the first or second (recursive) call is indicated by the
- * cdsaLookup argument. That determines both the DB to search and the attribute
- * to fetch (ModuleID or Path).
- */
-static void doLookup(
- MDS_FUNCS *mdsFuncs,
-
- /* Two DBs and a flag indicating which one to use */
- MDS_DB_HANDLE objDlDb,
- MDS_DB_HANDLE cdsaDlDb,
- bool cdsaLookup, // true - use cdsaDlDb; false - objDlDb
-
- /* Record type, a.k.a. Relation, e.g. MDS_CDSADIR_CSP_PRIMARY_RECORDTYPE */
- CSSM_DB_RECORDTYPE recordType,
-
- /* key, value, valForm, and valOp are the thing we search on */
- /* Note CSSM_DB_ATTRIBUTE_NAME_FORMAT - the format of the attribute name -
- * is always CSSM_DB_ATTRIBUTE_NAME_AS_STRING for MDS. */
- const char *key, // e.g. "AlgType"
- const void *valPtr,
- unsigned valLen,
- CSSM_DB_ATTRIBUTE_FORMAT valForm, // CSSM_DB_ATTRIBUTE_FORMAT_STRING, etc.
- CSSM_DB_OPERATOR valOp, // normally CSSM_DB_EQUAL
-
- /* for display only */
- const char *srchStr)
-{
- CSSM_QUERY query;
- CSSM_DB_UNIQUE_RECORD_PTR record = NULL;
- CSSM_HANDLE resultHand;
- CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs;
- CSSM_SELECTION_PREDICATE predicate;
- CSSM_DATA predData;
- CSSM_DB_ATTRIBUTE_DATA outAttr;
- CSSM_DB_ATTRIBUTE_INFO_PTR attrInfo;
- CSSM_RETURN crtn;
- MDS_DB_HANDLE dlDb;
- const char *attrName;
-
- if(cdsaLookup) {
- /* first call, fetching guid from the CDSA Directory DB */
- dlDb = cdsaDlDb;
- attrName = "ModuleID";
- }
- else {
- /* recursive call, fetching path from Object DB */
- dlDb = objDlDb;
- attrName = "Path";
- }
-
- /* We want one attributes back, name and format specified by caller */
- recordAttrs.DataRecordType = recordType;
- recordAttrs.SemanticInformation = 0;
- recordAttrs.NumberOfAttributes = 1;
- recordAttrs.AttributeData = &outAttr;
-
- memset(&outAttr, 0, sizeof(CSSM_DB_ATTRIBUTE_DATA));
- attrInfo = &outAttr.Info;
- attrInfo->AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING;
- attrInfo->Label.AttributeName = (char *)attrName;
- attrInfo->AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_STRING;
-
- /* one predicate - the caller's key and CSSM_DB_OPERATOR */
- predicate.DbOperator = valOp;
- predicate.Attribute.Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING;
- predicate.Attribute.Info.Label.AttributeName = (char *)key;
- predicate.Attribute.Info.AttributeFormat = valForm;
- predData.Data = (uint8 *)valPtr;
- predData.Length = valLen;
- predicate.Attribute.Value = &predData;
- predicate.Attribute.NumberOfValues = 1;
-
- query.RecordType = recordType;
- query.Conjunctive = CSSM_DB_NONE;
- query.NumSelectionPredicates = 1;
- query.SelectionPredicate = &predicate;
- query.QueryLimits.TimeLimit = 0; // FIXME - meaningful?
- query.QueryLimits.SizeLimit = 1; // FIXME - meaningful?
- query.QueryFlags = 0; // CSSM_QUERY_RETURN_DATA...FIXME - used?
-
- crtn = mdsFuncs->DataGetFirst(dlDb,
- &query,
- &resultHand,
- &recordAttrs,
- NULL, // No data
- &record);
- switch(crtn) {
- case CSSM_OK:
- break; // proceed
- case CSSMERR_DL_ENDOFDATA:
- printf("%s: no record found\n", srchStr);
- return;
- default:
- printError("DataGetFirst", crtn);
- return;
- }
- /* dump this record, one attribute */
- if(srchStr) {
- /* not done on recursive call */
- printf("%s found:\n", srchStr);
- }
- dumpRecord(&recordAttrs);
- mdsFuncs->FreeUniqueRecord(dlDb, record);
-
- if(srchStr != NULL) {
- /*
- * Now do a lookup in Object DB of this guid, looking for path.
- * Apps normally don't do this; this is what CSSM does when given
- * the GUID of a module.
- */
- if(outAttr.Value == NULL) {
- printf("***Screwup: DataGetFirst worked, but no outAttr\n");
- return;
- }
- doLookup(mdsFuncs,
- objDlDb,
- cdsaDlDb,
- false, // use objDlDb
- MDS_OBJECT_RECORDTYPE,
- "ModuleID", // key
- outAttr.Value->Data, // valPtr, ModuleID, as string
- outAttr.Value->Length, // valLen
- CSSM_DB_ATTRIBUTE_FORMAT_STRING,
- CSSM_DB_EQUAL,
- NULL); // srchStr
- }
- freeAttrs(&recordAttrs);
-
- /* now the rest of them */
- for(;;) {
- crtn = mdsFuncs->DataGetNext(dlDb,
- resultHand,
- &recordAttrs,
- NULL,
- &record);
- switch(crtn) {
- case CSSM_OK:
- dumpRecord(&recordAttrs);
- mdsFuncs->FreeUniqueRecord(cdsaDlDb, record);
- if(srchStr != NULL) {
- if(outAttr.Value == NULL) {
- printf("***Screwup: DataGetNext worked, but no outAttr\n");
- return;
- }
- doLookup(mdsFuncs,
- objDlDb,
- cdsaDlDb,
- false, // use objDlDb
- MDS_OBJECT_RECORDTYPE,
- "ModuleID", // key
- outAttr.Value->Data, // valPtr, ModuleID, as string
- outAttr.Value->Length, // valLen
- CSSM_DB_ATTRIBUTE_FORMAT_STRING,
- CSSM_DB_EQUAL,
- NULL); // srchStr
- }
- freeAttrs(&recordAttrs);
- break; // and go again
- case CSSMERR_DL_ENDOFDATA:
- /* normal termination */
- break;
- default:
- printError("DataGetNext", crtn);
- break;
- }
- if(crtn != CSSM_OK) {
- break;
- }
- }
-}
-
-int main(int argc, char **argv)
-{
- MDS_FUNCS mdsFuncs;
- MDS_HANDLE mdsHand;
- CSSM_RETURN crtn;
- int arg;
- CSSM_DB_HANDLE dbHand = 0;
- MDS_DB_HANDLE objDlDb;
- MDS_DB_HANDLE cdsaDlDb;
- bool keepConnected = false;
- uint32 val;
-
- for(arg=2; arg<argc; arg++) {
- switch(argv[arg][0]) {
- case 'k':
- keepConnected = true;
- break;
- default:
- usage(argv);
- }
- }
- crtn = MDS_Initialize(NULL, // callerGuid
- &memFuncs,
- &mdsFuncs,
- &mdsHand);
- if(crtn) {
- printError("MDS_Initialize", crtn);
- exit(1);
- }
-
- do {
- /*
- * Open both MDS DBs - apps normally only have to open
- * MDS_CDSA_DIRECTORY_NAME.
- */
- crtn = mdsFuncs.DbOpen(mdsHand,
- MDS_OBJECT_DIRECTORY_NAME,
- NULL, // DbLocation
- CSSM_DB_ACCESS_READ,
- NULL, // AccessCred - hopefully optional
- NULL, // OpenParameters
- &dbHand);
- if(crtn) {
- printError("DbOpen(MDS_OBJECT_DIRECTORY_NAME)", crtn);
- exit(1);
- }
- objDlDb.DLHandle = mdsHand;
- objDlDb.DBHandle = dbHand;
-
- crtn = mdsFuncs.DbOpen(mdsHand,
- MDS_CDSA_DIRECTORY_NAME,
- NULL, // DbLocation
- CSSM_DB_ACCESS_READ,
- NULL, // AccessCred - hopefully optional
- NULL, // OpenParameters
- &dbHand);
- if(crtn) {
- printError("DbOpen(MDS_CDSA_DIRECTORY_NAME)", crtn);
- exit(1);
- }
- cdsaDlDb.DLHandle = mdsHand;
- cdsaDlDb.DBHandle = dbHand;
-
- /*
- * Do some typical lookups.
- */
-
- /* a CSP which can do SHA1 digest */
- val = CSSM_ALGID_SHA1;
- doLookup(&mdsFuncs,
- objDlDb,
- cdsaDlDb,
- true,
- MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE,
- "AlgType",
- &val,
- sizeof(uint32),
- CSSM_DB_ATTRIBUTE_FORMAT_UINT32,
- CSSM_DB_EQUAL,
- "CSP for SHA1 digest");
-
- /* a TP which can do iSign verification */
- doLookup(&mdsFuncs,
- objDlDb,
- cdsaDlDb,
- true,
- MDS_CDSADIR_TP_OIDS_RECORDTYPE,
- "OID",
- CSSMOID_APPLE_ISIGN.Data,
- CSSMOID_APPLE_ISIGN.Length,
- CSSM_DB_ATTRIBUTE_FORMAT_BLOB,
- CSSM_DB_EQUAL,
- "TP for CSSMOID_APPLE_ISIGN policy");
-
- /* an X509-savvy CL */
- /* Very weird data form - two fields in one 32-bit word */
- val = (CSSM_CERT_X_509v3 << 16) | CSSM_CERT_ENCODING_DER;
- doLookup(&mdsFuncs,
- objDlDb,
- cdsaDlDb,
- true,
- MDS_CDSADIR_CL_PRIMARY_RECORDTYPE,
- "CertTypeFormat",
- &val,
- sizeof(uint32),
- CSSM_DB_ATTRIBUTE_FORMAT_UINT32,
- CSSM_DB_EQUAL,
- "X509 CL");
-
- /* A DL which can do CSSM_DB_AND */
- val = CSSM_DB_AND;
- doLookup(&mdsFuncs,
- objDlDb,
- cdsaDlDb,
- true,
- MDS_CDSADIR_DL_PRIMARY_RECORDTYPE,
- "ConjunctiveOps",
- &val,
- sizeof(uint32),
- CSSM_DB_ATTRIBUTE_FORMAT_MULTI_UINT32,
- /* This is a multi-uint32, meaning we want to search for a
- * ConjunctiveOps which contains the specified value */
- CSSM_DB_CONTAINS,
- "DL with ConjunctiveOp CSSM_DB_AND");
-
- /* a CSP which can do CSSM_ALGID_IDEA, should fail */
- val = CSSM_ALGID_IDEA;
- doLookup(&mdsFuncs,
- objDlDb,
- cdsaDlDb,
- true,
- MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE,
- "AlgType",
- &val,
- sizeof(uint32),
- CSSM_DB_ATTRIBUTE_FORMAT_UINT32,
- CSSM_DB_EQUAL,
- "CSP for CSSM_ALGID_BLOWFISH, expect failure");
-
- /* a TP which can obtain a .mac signing certificate */
- doLookup(&mdsFuncs,
- objDlDb,
- cdsaDlDb,
- true,
- MDS_CDSADIR_TP_OIDS_RECORDTYPE,
- "OID",
- CSSMOID_DOTMAC_CERT_REQ_EMAIL_SIGN.Data,
- CSSMOID_DOTMAC_CERT_REQ_EMAIL_SIGN.Length,
- CSSM_DB_ATTRIBUTE_FORMAT_BLOB,
- CSSM_DB_EQUAL,
- "TP for .mac signing certificate policy");
-
- crtn = mdsFuncs.DbClose(objDlDb);
- if(crtn) {
- printError("DbClose(objDlDb)", crtn);
- }
- crtn = mdsFuncs.DbClose(cdsaDlDb);
- if(crtn) {
- printError("DbClose(cdsaDlDb)", crtn);
- }
- if(keepConnected) {
- printf("\n");
- fpurge(stdin);
- printf("Enter CR to go again: ");
- getchar();
- }
- } while(keepConnected);
- crtn = MDS_Terminate(mdsHand);
- if(crtn) {
- printError("MDS_Terminate", crtn);
- }
- return 0;
-}
projects / apple / security.git / blobdiff