Security-55179.11.tar.gz

[apple/security.git] / libsecurity_keychain / lib / StorageManager.cpp

diff --git a/libsecurity_keychain/lib/StorageManager.cpp b/libsecurity_keychain/lib/StorageManager.cpp
index 54af54ee7e93fff77e5057e301ed857941678f6e..4ecee452dc1f81da9d7a6d2b5104a47f875c9a1c 100644 (file)
--- a/libsecurity_keychain/lib/StorageManager.cpp
+++ b/libsecurity_keychain/lib/StorageManager.cpp
@@ -51,6 +51,7 @@
 #include <Security/AuthorizationTagsPriv.h>
 #include <Security/SecTask.h>
 #include <security_keychain/SecCFTypes.h>
+#include "TrustSettingsSchema.h"
 
 //%%% add this to AuthorizationTagsPriv.h later
 #ifndef AGENT_HINT_LOGIN_KC_SUPPRESS_RESET_PANEL
@@ -134,11 +135,6 @@ StorageManager::keychain(const DLDbIdentifier &dLDbIdentifier)
        if (!dLDbIdentifier)
                return Keychain();
 
-       if (gServerMode) {
-               secdebug("servermode", "keychain reference in server mode");
-               return Keychain();
-       }
-
     KeychainMap::iterator it = mKeychains.find(dLDbIdentifier);
     if (it != mKeychains.end())
        {
@@ -152,6 +148,13 @@ StorageManager::keychain(const DLDbIdentifier &dLDbIdentifier)
                }
        }
 
+       if (gServerMode) {
+               secdebug("servermode", "keychain reference in server mode");
+        const char *dbname = dLDbIdentifier.dbName();
+        if (!dbname || (strcmp(dbname, SYSTEM_ROOT_STORE_PATH)!=0))
+            return Keychain();
+       }
+
        // The keychain is not in our cache.  Create it.
        Module module(dLDbIdentifier.ssuid().guid());
        DL dl;