+++ /dev/null
-/*
- * Copyright (c) 2006 Apple Computer, Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-#include "securityd_data_saver.h"
-
-/*
- * Please don't use this as an exemplar for new write...() calls. This was
- * the first, is messy, and probably should be rewritten. At the very
- * least, its correctness should be revisited.
- */
-void
-SecuritydDataSave::writeContext(Context *context, intptr_t attraddr,
- mach_msg_type_number_t attrSize)
-{
- // finish the preamble
- uint32_t dtype = CONTEXT;
- writeAll(&dtype, sizeof(dtype));
-
- // save size of a CSSM_CONTEXT (not strictly necessary)
- uint32_t csize = sizeof(CSSM_CONTEXT);
- writeAll(&csize, sizeof(csize)); // write the length first!
- writeAll(context, csize);
-
- // save the original base address for relocation
- csize = sizeof(attraddr);
- writeAll(&csize, sizeof(csize));
- writeAll(&attraddr, csize);
-
- // finally, save off the attributes
- csize = attrSize;
- writeAll(&csize, sizeof(csize));
- writeAll(context->ContextAttributes, csize);
-}
-
-void
-SecuritydDataSave::writeAclEntryInfo(AclEntryInfo *acls,
- mach_msg_type_number_t aclsLength)
-{
- // finish the preamble
- uint32_t dtype = ACL_ENTRY_INFO;
- writeAll(&dtype, sizeof(dtype));
-
- // write the base pointer, then the ACL itself
- uint32_t ptrsize = sizeof(acls);
- writeAll(&ptrsize, sizeof(ptrsize));
- writeAll(&acls, ptrsize);
- writeAll(&aclsLength, sizeof(aclsLength));
- writeAll(acls, aclsLength);
-}
-
-void
-SecuritydDataSave::writeAclEntryInput(AclEntryInput *acl,
- mach_msg_type_number_t aclLength)
-{
- // finish the preamble
- uint32_t dtype = ACL_ENTRY_INPUT;
- writeAll(&dtype, sizeof(dtype));
-
- // write the pointer, then the ACL itself
- uint32_t ptrsize = sizeof(acl);
- writeAll(&ptrsize, sizeof(ptrsize));
- writeAll(&acl, ptrsize);
- writeAll(&aclLength, sizeof(aclLength));
- writeAll(acl, aclLength);
-}
-
-
-//
-// Excerpts from securityd's transition.cpp showing where SecuritydDataSave
-// is (to be) used
-//
-
-#if 0
-kern_return_t ucsp_server_findFirst(UCSP_ARGS, DbHandle db,
- COPY_IN(CssmQuery, query),
- COPY_IN(CssmDbRecordAttributeData, inAttributes),
- COPY_OUT(CssmDbRecordAttributeData, outAttributes),
- boolean_t getData,
- DATA_OUT(data), KeyHandle *hKey, SearchHandle *hSearch, RecordHandle *hRecord)
-{
- BEGIN_IPC
- relocate(query, queryBase, queryLength);
- SecuritydDataSave sds("/var/tmp/Query_findFirst");
- sds.writeQuery(query, queryLength);
- relocate(inAttributes, inAttributesBase, inAttributesLength);
-
- RefPointer<Database::Search> search;
- RefPointer<Database::Record> record;
- RefPointer<Key> key;
- CssmData outData; //OutputData outData(data, dataLength);
- CssmDbRecordAttributeData *outAttrs; mach_msg_type_number_t outAttrsLength;
- Server::database(db)->findFirst(*query, inAttributes, inAttributesLength,
- getData ? &outData : NULL, key, search, record, outAttrs, outAttrsLength);
-
- // handle nothing-found case without exceptions
- if (!record) {
- *hRecord = noRecord;
- *hSearch = noSearch;
- *hKey = noKey;
- } else {
- // return handles
- *hRecord = record->handle();
- *hSearch = search->handle();
- *hKey = key ? key->handle() : noKey;
-
- // return attributes (assumes relocated flat blob)
- flips(outAttrs, outAttributes, outAttributesBase);
- *outAttributesLength = outAttrsLength;
-
- // return data (temporary fix)
- if (getData) {
- *data = outData.data();
- *dataLength = outData.length();
- }
- }
- END_IPC(DL)
-}
-
-kern_return_t ucsp_server_decrypt(UCSP_ARGS, CONTEXT_ARGS, KeyHandle keyh,
- DATA_IN(cipher), DATA_OUT(clear))
-{
- BEGIN_IPC
- SecuritydDataSave td("/var/tmp/securityd_Context_decrypt"); // XXX/gh get sample Context for XDR testing
- relocate(context, contextBase, attributes, attrSize);
- // save attributes base addr for backwards compatibility
- intptr_t attraddr = reinterpret_cast<intptr_t>(&context->ContextAttributes);
- td.writeContext(&context, attraddr, attrSize);
- RefPointer<Key> key = Server::key(keyh);
- OutputData clearOut(clear, clearLength);
- key->database().decrypt(context, *key, DATA(cipher), clearOut);
- END_IPC(CSP)
-}
-
-// ...
-
-kern_return_t ucsp_server_getAcl(UCSP_ARGS, AclKind kind, KeyHandle key,
- boolean_t haveTag, const char *tag,
- uint32 *countp, COPY_OUT(AclEntryInfo, acls))
-{
- BEGIN_IPC
- uint32 count;
- AclEntryInfo *aclList;
- Server::aclBearer(kind, key).getAcl(haveTag ? tag : NULL, count, aclList);
- *countp = count;
- Copier<AclEntryInfo> aclsOut(aclList, count); // make flat copy
-
- { // release the chunked memory originals
- ChunkFreeWalker free;
- for (uint32 n = 0; n < count; n++)
- walk(free, aclList[n]);
-
- // release the memory allocated for the list itself when we are done
- Allocator::standard().free (aclList);
- }
-
- // set result (note: this is *almost* flips(), but on an array)
- *aclsLength = aclsOut.length();
- *acls = *aclsBase = aclsOut;
- if (flipClient()) {
- FlipWalker w;
- for (uint32 n = 0; n < count; n++)
- walk(w, (*acls)[n]);
- w.doFlips();
- Flippers::flip(*aclsBase);
- }
- SecuritydDataSave sds("/var/tmp/AclEntryInfo_getAcl");
- sds.writeAclEntryInfo(*acls, *aclsLength);
- Server::releaseWhenDone(aclsOut.keep());
- END_IPC(CSP)
-}
-
-kern_return_t ucsp_server_changeAcl(UCSP_ARGS, AclKind kind, KeyHandle key,
- COPY_IN(AccessCredentials, cred), CSSM_ACL_EDIT_MODE mode, CSSM_ACL_HANDLE handle,
- COPY_IN(AclEntryInput, acl))
-{
- BEGIN_IPC
- relocate(cred, credBase, credLength);
- relocate(acl, aclBase, aclLength);
- SecuritydDataSave sds("/var/tmp/AclEntryInput_changeAcl");
- sds.writeAclEntryInput(acl, aclLength);
- Server::aclBearer(kind, key).changeAcl(AclEdit(mode, handle, acl), cred);
- END_IPC(CSP)
-}
-
-#endif /* 0 -- example code */
projects / apple / security.git / blobdiff