#include "SSDLSession.h"
#include <security_cdsa_utilities/KeySchema.h>
#include <security_cdsa_plugin/cssmplugin.h>
+#include <security_utilities/threading.h>
using namespace CssmClient;
using namespace SecurityServer;
mAllocator(session), mKeyHandle(keyHandle),
mClientSession(session.clientSession())
{
+ StLock<Mutex> _ (mMutex); // In the constructor??? Yes. Our handlers aren't thread safe in the slightest...
CssmKey::Header &header = ioKey.header();
if (inKeyAttr & CSSM_KEYATTR_PERMANENT)
{
attributes.add(KeySchema::Unwrap,
header.useFor(CSSM_KEYUSE_ANY | CSSM_KEYUSE_UNWRAP));
- // @@@ Fixme
- mUniqueId = inSSDatabase->insert(mRecordType, &attributes, &blob,
- true);
+ mUniqueId = inSSDatabase->ssInsert(mRecordType, &attributes, &blob);
}
header.cspGuid(session.plugin.myGuid()); // Set the csp guid to me.
mRecordType(recordType),
mClientSession(session.clientSession())
{
+ StLock<Mutex> _ (mMutex);
CssmKey::Header &header = ioKey.header();
memset(&header, 0, sizeof(header)); // Clear key header
}
SSKey::~SSKey()
-{
+try {
+ StLock<Mutex> _(mMutex); // In the destructor too??? Yes. See SSCSPSession.cpp:354 for an explanation of this code's policy on threads.
if (mKeyHandle != noKey)
clientSession().releaseKey(mKeyHandle);
+} catch (...) {
+ /*
+ * If the key handle have been invalidated, releaseKey will throw an exception
+ */
+ return;
}
+
void
SSKey::free(const AccessCredentials *accessCred, CssmKey &ioKey,
CSSM_BOOL deleteKey)
{
+ StLock<Mutex> _(mMutex);
freeReferenceKey(mAllocator, ioKey);
if (deleteKey)
{
SecurityServer::ClientSession &
SSKey::clientSession()
{
+ StLock<Mutex> _(mMutex);
return mClientSession;
}
KeyHandle SSKey::optionalKeyHandle() const
{
+ StLock<Mutex> _(mMutex);
return mKeyHandle;
}
KeyHandle
SSKey::keyHandle()
{
+ StLock<Mutex> _(mMutex);
if (mKeyHandle == noKey)
{
// Deal with uninstantiated keys.
clientSession().decodeKey(mUniqueId->database().dbHandle(), blob,
dummyHeader);
- secdebugfunc("SecAccessReference", "decoded a new key into handle %d [reference %d]", mKeyHandle, keyReference());
+ secinfo("SecAccessReference", "decoded a new key into handle %d [reference %ld]", mKeyHandle, keyReference());
// @@@ Check decoded header against returned header
}
void
SSKey::getOwner(CSSM_ACL_OWNER_PROTOTYPE &owner, Allocator &allocator)
{
+ StLock<Mutex> _ (mMutex);
clientSession().getKeyOwner(keyHandle(), AclOwnerPrototype::overlay(owner),
allocator);
}
SSKey::changeOwner(const AccessCredentials &accessCred,
const AclOwnerPrototype &newOwner)
{
+ StLock<Mutex> _ (mMutex);
clientSession().changeKeyOwner(keyHandle(), accessCred, newOwner);
didChangeAcl();
}
SSKey::getAcl(const char *selectionTag, uint32 &numberOfAclInfos,
AclEntryInfo *&aclInfos, Allocator &allocator)
{
+ StLock<Mutex> _ (mMutex);
clientSession().getKeyAcl(keyHandle(), selectionTag, numberOfAclInfos,
aclInfos, allocator);
}
void
SSKey::changeAcl(const AccessCredentials &accessCred, const AclEdit &aclEdit)
{
+ StLock<Mutex> _ (mMutex);
clientSession().changeKeyAcl(keyHandle(), accessCred, aclEdit);
didChangeAcl();
}
{
if (mUniqueId == true)
{
- secdebug("keyacl", "SSKey::didChangeAcl() keyHandle: %lu updating DL entry", (unsigned long)mKeyHandle);
+ secinfo("keyacl", "SSKey::didChangeAcl() keyHandle: %lu updating DL entry", (unsigned long)mKeyHandle);
// The key is persistent, make the change on disk.
CssmDataContainer keyBlob(mAllocator);
clientSession().encodeKey(keyHandle(), keyBlob);
}
else
{
- secdebug("keyacl", "SSKey::didChangeAcl() keyHandle: %lu transient key no update done", (unsigned long)mKeyHandle);
+ secinfo("keyacl", "SSKey::didChangeAcl() keyHandle: %lu transient key no update done", (unsigned long)mKeyHandle);
}
}
projects / apple / security.git / blobdiff