+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-//
-// database - database session management
-//
-#include "xdatabase.h"
-#include "agentquery.h"
-#include "key.h"
-#include "server.h"
-#include "session.h"
-#include "cfnotifier.h" // legacy
-#include "notifications.h"
-#include "SecurityAgentClient.h"
-#include <Security/acl_any.h> // for default owner ACLs
-#include <Security/wrapkey.h>
-#include <Security/endian.h>
-
-
-//
-// Create a Database object from initial parameters (create operation)
-//
-Database::Database(const DLDbIdentifier &id, const DBParameters ¶ms, Process &proc,
- const AccessCredentials *cred, const AclEntryPrototype *owner)
- : SecurityServerAcl(dbAcl, CssmAllocator::standard()), process(proc),
- mValidData(false), version(0), mBlob(NULL)
-{
- // save a copy of the credentials for later access control
- mCred = DataWalkers::copy(cred, CssmAllocator::standard());
-
- // create a new random signature to complete the DLDbIdentifier
- Signature newSig;
- Server::active().random(newSig.bytes);
- DbIdentifier ident(id, newSig);
-
- // create common block and initialize
- CommonMap &commons = proc.session.databases();
- common = new Common(ident, commons);
- StLock<Mutex> _(*common);
- { StLock<Mutex> _(commons);
- assert(commons.find(ident) == commons.end()); // better be new!
- commons[ident] = common;
- common->useCount++;
- }
- // new common is now visible but we hold its lock
-
- // establish the new master secret
- establishNewSecrets(cred, SecurityAgent::newDatabase);
-
- // set initial database parameters
- common->mParams = params;
-
- // we're unlocked now
- common->makeNewSecrets();
-
- // establish initial ACL
- if (owner)
- cssmSetInitial(*owner);
- else
- cssmSetInitial(new AnyAclSubject());
- mValidData = true;
-
- // for now, create the blob immediately
- encode();
-
- // register with process
- process.addDatabase(this);
-
- secdebug("SSdb", "database %s(%p) created, common at %p",
- common->dbName(), this, common);
- IFDUMPING("SSdb", debugDump("creation complete"));
-}
-
-
-//
-// Create a Database object from a database blob (decoding)
-//
-Database::Database(const DLDbIdentifier &id, const DbBlob *blob, Process &proc,
- const AccessCredentials *cred)
- : SecurityServerAcl(dbAcl, CssmAllocator::standard()), process(proc),
- mValidData(false), version(0)
-{
- // perform basic validation on the incoming blob
- assert(blob);
- blob->validate(CSSMERR_APPLEDL_INVALID_DATABASE_BLOB);
- switch (blob->version()) {
-#if defined(COMPAT_OSX_10_0)
- case blob->version_MacOS_10_0:
- break;
-#endif
- case blob->version_MacOS_10_1:
- break;
- default:
- CssmError::throwMe(CSSMERR_APPLEDL_INCOMPATIBLE_DATABASE_BLOB);
- }
-
- // save a copy of the credentials for later access control
- mCred = DataWalkers::copy(cred, CssmAllocator::standard());
-
- // check to see if we already know about this database
- DbIdentifier ident(id, blob->randomSignature);
- CommonMap &commons = proc.session.databases();
- StLock<Mutex> mapLock(commons);
- CommonMap::iterator it = commons.find(ident);
- if (it != commons.end()) {
- // already there
- common = it->second; // reuse common component
- //@@@ arbitrate sequence number here, perhaps update common->mParams
- StLock<Mutex> _(*common); // lock common against other users
- common->useCount++;
- secdebug("SSdb",
- "open database %s(%p) version %lx at known common %p(%d)",
- common->dbName(), this, blob->version(), common, int(common->useCount));
- } else {
- // newly introduced
- commons[ident] = common = new Common(ident, commons);
- common->mParams = blob->params;
- common->useCount++;
- secdebug("SSdb", "open database %s(%p) version %lx with new common %p",
- common->dbName(), this, blob->version(), common);
- }
-
- // register with process
- process.addDatabase(this);
-
- mBlob = blob->copy();
- IFDUMPING("SSdb", debugDump("end of decode"));
-}
-
-
-//
-// Destroy a Database
-//
-Database::~Database()
-{
- secdebug("SSdb", "deleting database %s(%p) common %p (%d refs)",
- common->dbName(), this, common, int(common->useCount));
- IFDUMPING("SSdb", debugDump("deleting database instance"));
- process.removeDatabase(this);
- CssmAllocator::standard().free(mCred);
- CssmAllocator::standard().free(mBlob);
-
- // take the commonLock to avoid races against re-use of the common
- CommonMap &commons = process.session.databases();
- StLock<Mutex> __(commons);
- if (--common->useCount == 0 && common->isLocked()) {
- // last use of this database, and it's locked - discard
- IFDUMPING("SSdb", debugDump("discarding common"));
- discard(common);
- } else if (common->useCount == 0)
- IFDUMPING("SSdb", debugDump("retained because it's unlocked"));
-}
-
-
-//
-// (Re-)Authenticate the database. This changes the stored credentials.
-//
-void Database::authenticate(const AccessCredentials *cred)
-{
- StLock<Mutex> _(*common);
- AccessCredentials *newCred = DataWalkers::copy(cred, CssmAllocator::standard());
- CssmAllocator::standard().free(mCred);
- mCred = newCred;
-}
-
-
-//
-// Return the database blob, recalculating it as needed.
-//
-DbBlob *Database::blob()
-{
- StLock<Mutex> _(*common);
- if (!validBlob()) {
- makeUnlocked(); // unlock to get master secret
- encode(); // (re)encode blob if needed
- }
- activity(); // reset timeout
- assert(validBlob()); // better have a valid blob now...
- return mBlob;
-}
-
-
-//
-// Encode the current database as a blob.
-// Note that this returns memory we own and keep.
-// Caller must hold common lock.
-//
-void Database::encode()
-{
- DbBlob *blob = common->encode(*this);
- CssmAllocator::standard().free(mBlob);
- mBlob = blob;
- version = common->version;
- secdebug("SSdb", "encoded database %p common %p(%s) version %ld params=(%ld,%d)",
- this, common, dbName(), version,
- common->mParams.idleTimeout, common->mParams.lockOnSleep);
-}
-
-
-//
-// Change the passphrase on a database
-//
-void Database::changePassphrase(const AccessCredentials *cred)
-{
- // get and hold the common lock (don't let other threads break in here)
- StLock<Mutex> _(*common);
-
- // establish OLD secret - i.e. unlock the database
- //@@@ do we want to leave the final lock state alone?
- makeUnlocked(cred);
-
- // establish NEW secret
- establishNewSecrets(cred, SecurityAgent::changePassphrase);
- common->version++; // blob state changed
- secdebug("SSdb", "Database %s(%p) master secret changed", common->dbName(), this);
- encode(); // force rebuild of local blob
-
- // send out a notification
- KeychainNotifier::passphraseChanged(identifier());
-
- // I guess this counts as an activity
- activity();
-}
-
-
-//
-// Extract the database master key as a proper Key object.
-//
-Key *Database::extractMasterKey(Database *db,
- const AccessCredentials *cred, const AclEntryPrototype *owner,
- uint32 usage, uint32 attrs)
-{
- // get and hold common lock
- StLock<Mutex> _(*common);
-
- // unlock to establish master secret
- makeUnlocked(cred);
-
- // extract the raw cryptographic key
- CssmClient::WrapKey wrap(Server::csp(), CSSM_ALGID_NONE);
- CssmKey key;
- wrap(common->masterKey(), key);
-
- // make the key object and return it
- return new Key(db, key, attrs & Key::managedAttributes, owner);
-}
-
-
-//
-// Construct a binary blob of moderate size that is suitable for constructing
-// an index identifying this database.
-// We construct this from the database's marker blob, which is created with
-// the database is made, and stays stable thereafter.
-// Note: Ownership of the index blob passes to the caller.
-// @@@ This means that physical copies share this index.
-//
-void Database::getDbIndex(CssmData &indexData)
-{
- if (!mBlob)
- encode(); // force blob creation
- assert(mBlob);
- CssmData signature = CssmData::wrap(mBlob->randomSignature);
- indexData = CssmAutoData(CssmAllocator::standard(), signature).release();
-}
-
-
-//
-// Unlock this database (if needed) by obtaining the master secret in some
-// suitable way and then proceeding to unlock with it.
-// Does absolutely nothing if the database is already unlocked.
-// The makeUnlocked forms are identical except the assume the caller already
-// holds the common lock.
-//
-void Database::unlock()
-{
- StLock<Mutex> _(*common);
- makeUnlocked();
-}
-
-void Database::makeUnlocked()
-{
- return makeUnlocked(mCred);
-}
-
-void Database::makeUnlocked(const AccessCredentials *cred)
-{
- IFDUMPING("SSdb", debugDump("default procedures unlock"));
- if (isLocked()) {
- assert(mBlob || (mValidData && common->hasMaster()));
- establishOldSecrets(cred);
- activity(); // set timeout timer
- } else if (!mValidData) { // need to decode to get our ACLs, passphrase available
- if (!decode())
- CssmError::throwMe(CSSM_ERRCODE_OPERATION_AUTH_DENIED);
- }
- assert(!isLocked());
- assert(mValidData);
-}
-
-
-//
-// The following unlock given an explicit passphrase, rather than using
-// (special cred sample based) default procedures.
-//
-void Database::unlock(const CssmData &passphrase)
-{
- StLock<Mutex> _(*common);
- makeUnlocked(passphrase);
-}
-
-void Database::makeUnlocked(const CssmData &passphrase)
-{
- if (isLocked()) {
- if (decode(passphrase))
- return;
- else
- CssmError::throwMe(CSSM_ERRCODE_OPERATION_AUTH_DENIED);
- } else if (!mValidData) { // need to decode to get our ACLs, passphrase available
- if (!decode())
- CssmError::throwMe(CSSM_ERRCODE_OPERATION_AUTH_DENIED);
- }
- assert(!isLocked());
- assert(mValidData);
-}
-
-
-//
-// Nonthrowing passphrase-based unlock. This returns false if unlock failed.
-// Note that this requires an explicitly given passphrase.
-// Caller must hold common lock.
-//
-bool Database::decode(const CssmData &passphrase)
-{
- assert(mBlob);
- common->setup(mBlob, passphrase);
- return decode();
-}
-
-
-//
-// Given the established master secret, decode the working keys and other
-// functional secrets for this database. Return false (do NOT throw) if
-// the decode fails. Call this in low(er) level code once you established
-// the master key.
-//
-bool Database::decode()
-{
- assert(mBlob);
- assert(common->hasMaster());
- void *privateAclBlob;
- if (common->unlock(mBlob, &privateAclBlob)) {
- if (!mValidData) {
- importBlob(mBlob->publicAclBlob(), privateAclBlob);
- mValidData = true;
- }
- CssmAllocator::standard().free(privateAclBlob);
- return true;
- }
- secdebug("SSdb", "%p decode failed", this);
- return false;
-}
-
-
-//
-// Given an AccessCredentials for this database, wring out the existing primary
-// database secret by whatever means necessary.
-// On entry, caller must hold the database common lock. It will be held throughout.
-// On exit, the crypto core has its master secret. If things go wrong,
-// we will throw a suitable exception. Note that encountering any malformed
-// credential sample will throw, but this is not guaranteed -- don't assume
-// that NOT throwing means creds is entirely well-formed.
-//
-// How this works:
-// Walk through the creds. Fish out those credentials (in order) that
-// are for unlock processing (they have no ACL subject correspondents),
-// and (try to) obey each in turn, until one produces a valid secret
-// or you run out. If no special samples are found at all, interpret that as
-// "use the system global default," which happens to be hard-coded right here.
-//
-void Database::establishOldSecrets(const AccessCredentials *creds)
-{
- list<CssmSample> samples;
- if (creds && creds->samples().collect(CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK, samples)) {
- for (list<CssmSample>::iterator it = samples.begin(); it != samples.end(); it++) {
- TypedList &sample = *it;
- sample.checkProper();
- switch (sample.type()) {
- // interactively prompt the user - no additional data
- case CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT:
- {
- secdebug("SSdb", "%p attempting interactive unlock", this);
- QueryUnlock query(*this);
- if (query() == SecurityAgent::noReason)
- return;
- }
- break;
- // try to use an explicitly given passphrase - Data:passphrase
- case CSSM_SAMPLE_TYPE_PASSWORD:
- if (sample.length() != 2)
- CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE);
- secdebug("SSdb", "%p attempting passphrase unlock", this);
- if (decode(sample[1]))
- return;
- break;
- // try to open with a given master key - Data:CSP or KeyHandle, Data:CssmKey
- case CSSM_WORDID_SYMMETRIC_KEY:
- assert(mBlob);
- secdebug("SSdb", "%p attempting explicit key unlock", this);
- common->setup(mBlob, keyFromCreds(sample));
- if (decode())
- return;
- break;
- // explicitly defeat the default action but don't try anything in particular
- case CSSM_WORDID_CANCELED:
- secdebug("SSdb", "%p defeat default action", this);
- break;
- default:
- // Unknown sub-sample for unlocking.
- // If we wanted to be fascist, we could now do
- // CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED);
- // But instead we try to be tolerant and continue on.
- // This DOES however count as an explicit attempt at specifying unlock,
- // so we will no longer try the default case below...
- secdebug("SSdb", "%p unknown sub-sample unlock (%ld) ignored", this, sample.type());
- break;
- }
- }
- } else {
- // default action
- assert(mBlob);
- SystemKeychainKey systemKeychain(kSystemUnlockFile);
- if (systemKeychain.matches(mBlob->randomSignature)) {
- secdebug("SSdb", "%p attempting system unlock", this);
- common->setup(mBlob, CssmClient::Key(Server::csp(), systemKeychain.key(), true));
- if (decode())
- return;
- }
-
- QueryUnlock query(*this);
- if (query() == SecurityAgent::noReason)
- return;
- }
-
- // out of options - no secret obtained
- CssmError::throwMe(CSSM_ERRCODE_OPERATION_AUTH_DENIED);
-}
-
-
-//
-// Same thing, but obtain a new secret somehow and set it into the common.
-//
-void Database::establishNewSecrets(const AccessCredentials *creds, SecurityAgent::Reason reason)
-{
- list<CssmSample> samples;
- if (creds && creds->samples().collect(CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK, samples)) {
- for (list<CssmSample>::iterator it = samples.begin(); it != samples.end(); it++) {
- TypedList &sample = *it;
- sample.checkProper();
- switch (sample.type()) {
- // interactively prompt the user
- case CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT:
- {
- secdebug("SSdb", "%p specified interactive passphrase", this);
- QueryNewPassphrase query(*this, reason);
- CssmAutoData passphrase(CssmAllocator::standard(CssmAllocator::sensitive));
- if (query(passphrase) == SecurityAgent::noReason) {
- common->setup(NULL, passphrase);
- return;
- }
- }
- break;
- // try to use an explicitly given passphrase
- case CSSM_SAMPLE_TYPE_PASSWORD:
- secdebug("SSdb", "%p specified explicit passphrase", this);
- if (sample.length() != 2)
- CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE);
- common->setup(NULL, sample[1]);
- return;
- // try to open with a given master key
- case CSSM_WORDID_SYMMETRIC_KEY:
- secdebug("SSdb", "%p specified explicit master key", this);
- common->setup(NULL, keyFromCreds(sample));
- return;
- // explicitly defeat the default action but don't try anything in particular
- case CSSM_WORDID_CANCELED:
- secdebug("SSdb", "%p defeat default action", this);
- break;
- default:
- // Unknown sub-sample for acquiring new secret.
- // If we wanted to be fascist, we could now do
- // CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED);
- // But instead we try to be tolerant and continue on.
- // This DOES however count as an explicit attempt at specifying unlock,
- // so we will no longer try the default case below...
- secdebug("SSdb", "%p unknown sub-sample acquisition (%ld) ignored",
- this, sample.type());
- break;
- }
- }
- } else {
- // default action -- interactive (only)
- QueryNewPassphrase query(*this, reason);
- CssmAutoData passphrase(CssmAllocator::standard(CssmAllocator::sensitive));
- if (query(passphrase) == SecurityAgent::noReason) {
- common->setup(NULL, passphrase);
- return;
- }
- }
-
- // out of options - no secret obtained
- CssmError::throwMe(CSSM_ERRCODE_OPERATION_AUTH_DENIED);
-}
-
-
-//
-// Given a (truncated) Database credentials TypedList specifying a master key,
-// locate the key and return a reference to it.
-//
-CssmClient::Key Database::keyFromCreds(const TypedList &sample)
-{
- // decode TypedList structure (sample type; Data:CSPHandle; Data:CSSM_KEY)
- assert(sample.type() == CSSM_WORDID_SYMMETRIC_KEY);
- if (sample.length() != 3
- || sample[1].type() != CSSM_LIST_ELEMENT_DATUM
- || sample[2].type() != CSSM_LIST_ELEMENT_DATUM)
- CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE);
- CSSM_CSP_HANDLE &handle = *sample[1].data().interpretedAs<CSSM_CSP_HANDLE>(CSSM_ERRCODE_INVALID_SAMPLE_VALUE);
- CssmKey &key = *sample[2].data().interpretedAs<CssmKey>(CSSM_ERRCODE_INVALID_SAMPLE_VALUE);
-
- if (key.header().cspGuid() == gGuidAppleCSPDL) {
- // handleOrKey is a SecurityServer KeyHandle; ignore key argument
- return Server::key(handle);
- } else {
- // not a KeyHandle reference; use key as a raw key
- if (key.header().blobType() != CSSM_KEYBLOB_RAW)
- CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_REFERENCE);
- if (key.header().keyClass() != CSSM_KEYCLASS_SESSION_KEY)
- CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
- return CssmClient::Key(Server::csp(), key, true);
- }
-}
-
-
-//
-// Verify a putative database passphrase.
-// If the database is already unlocked, just check the passphrase.
-// Otherwise, unlock with that passphrase and report success.
-// Caller must hold the common lock.
-//
-bool Database::validatePassphrase(const CssmData &passphrase) const
-{
- if (common->hasMaster()) {
- // verify against known secret
- return common->validatePassphrase(passphrase);
- } else {
- // no master secret - perform "blind" unlock to avoid actual unlock
- try {
- DatabaseCryptoCore test;
- test.setup(mBlob, passphrase);
- test.decodeCore(mBlob, NULL);
- return true;
- } catch (...) {
- return false;
- }
- }
-}
-
-
-//
-// Lock this database
-//
-void Database::lock()
-{
- common->lock(false);
-}
-
-
-//
-// Lock all databases we know of.
-// This is an interim stop-gap measure, until we can work out how database
-// state should interact with true multi-session operation.
-//
-void Database::lockAllDatabases(CommonMap &commons, bool forSleep)
-{
- StLock<Mutex> _(commons); // hold all changes to Common map
- for (CommonMap::iterator it = commons.begin(); it != commons.end(); it++)
- it->second->lock(true, forSleep); // lock, already holding commonLock
-}
-
-
-//
-// Given a Key for this database, encode it into a blob and return it.
-//
-KeyBlob *Database::encodeKey(const CssmKey &key, const CssmData &pubAcl, const CssmData &privAcl)
-{
- unlock();
-
- // tell the cryptocore to form the key blob
- return common->encodeKeyCore(key, pubAcl, privAcl);
-}
-
-
-//
-// Given a "blobbed" key for this database, decode it into its real
-// key object and (re)populate its ACL.
-//
-void Database::decodeKey(KeyBlob *blob, CssmKey &key, void * &pubAcl, void * &privAcl)
-{
- unlock(); // we need our keys
-
- common->decodeKeyCore(blob, key, pubAcl, privAcl);
- // memory protocol: pubAcl points into blob; privAcl was allocated
-
- activity();
-}
-
-
-//
-// Modify database parameters
-//
-void Database::setParameters(const DBParameters ¶ms)
-{
- StLock<Mutex> _(*common);
- makeUnlocked();
- common->mParams = params;
- common->version++; // invalidate old blobs
- activity();
- secdebug("SSdb", "%p common %p(%s) set params=(%ld,%d)",
- this, common, dbName(), params.idleTimeout, params.lockOnSleep);
-}
-
-
-//
-// Retrieve database parameters
-//
-void Database::getParameters(DBParameters ¶ms)
-{
- StLock<Mutex> _(*common);
- makeUnlocked();
- params = common->mParams;
- //activity(); // getting parameters does not reset the idle timer
-}
-
-
-//
-// Intercept ACL change requests and reset blob validity
-//
-void Database::instantiateAcl()
-{
- StLock<Mutex> _(*common);
- makeUnlocked();
-}
-
-void Database::changedAcl()
-{
- StLock<Mutex> _(*common);
- version = 0;
-}
-
-const Database *Database::relatedDatabase() const
-{ return this; }
-
-
-//
-// Debugging support
-//
-#if defined(DEBUGDUMP)
-
-void Database::debugDump(const char *msg)
-{
- assert(common);
- const Signature &sig = common->identifier();
- uint32 sig4; memcpy(&sig4, sig.bytes, sizeof(sig4));
- Debug::dump("** %s(%8.8lx) common=%p(%ld) %s\n",
- common->dbName(), sig4, common, common->useCount, msg);
- if (isLocked())
- Debug::dump(" locked");
- else {
- Time::Absolute when = common->when();
- time_t whenTime = time_t(when);
- Debug::dump(" UNLOCKED(%24.24s/%.2g)", ctime(&whenTime),
- (when - Time::now()).seconds());
- }
- Debug::dump(" %s blobversion=%ld/%ld %svalidData",
- (common->isValid() ? "validkeys" : "!validkeys"),
- version, common->version,
- (mValidData ? "" : "!"));
- Debug::dump(" Params=(%ld %d)\n",
- common->mParams.idleTimeout, common->mParams.lockOnSleep);
-}
-
-#endif //DEBUGDUMP
-
-
-//
-// Database::Common basic features
-//
-Database::Common::Common(const DbIdentifier &id, CommonMap &commonPool)
-: pool(commonPool), mIdentifier(id), sequence(0), useCount(0), version(1),
- mIsLocked(true), mValidParams(false)
-{ }
-
-Database::Common::~Common()
-{
- // explicitly unschedule ourselves
- Server::active().clearTimer(this);
- pool.erase(identifier());
-}
-
-
-void Database::Common::makeNewSecrets()
-{
- // we already have a master key (right?)
- assert(hasMaster());
-
- // tell crypto core to generate the use keys
- DatabaseCryptoCore::generateNewSecrets();
-
- // we're now officially "unlocked"; set the timer
- mIsLocked = false;
- activity();
-}
-
-
-void Database::discard(Common *common)
-{
- // LOCKING: pool lock held, *common NOT held
- secdebug("SSdb", "discarding dbcommon %p (no users, locked)", common);
- delete common;
-}
-
-
-//
-// All unlocking activity ultimately funnels through this method.
-// This unlocks a Common using the secrets setup in its crypto core
-// component, and performs all the housekeeping needed to represent
-// the state change.
-//
-bool Database::Common::unlock(DbBlob *blob, void **privateAclBlob)
-{
- try {
- // Tell the cryptocore to (try to) decode itself. This will fail
- // in an astonishing variety of ways if the passphrase is wrong.
- assert(hasMaster());
- decodeCore(blob, privateAclBlob);
- secdebug("SSdb", "%p unlock successful", this);
- } catch (...) {
- secdebug("SSdb", "%p unlock failed", this);
- return false;
- }
-
- // get the database parameters only if we haven't got them yet
- if (!mValidParams) {
- mParams = blob->params;
- n2hi(mParams.idleTimeout);
- mValidParams = true; // sticky
- }
-
- // now successfully unlocked
- mIsLocked = false;
-
- // set timeout
- activity();
-
- // broadcast unlock notification
- KeychainNotifier::unlock(identifier());
- return true;
-}
-
-
-void Database::Common::lock(bool holdingCommonLock, bool forSleep)
-{
- StLock<Mutex> locker(*this);
- if (!isLocked()) {
- if (forSleep && !mParams.lockOnSleep)
- return; // it doesn't want to
-
- mIsLocked = true;
- DatabaseCryptoCore::invalidate();
- KeychainNotifier::lock(identifier());
- Server::active().clearTimer(this);
-
- // if no database refers to us now, we're history
- StLock<Mutex> _(pool, false);
- if (!holdingCommonLock)
- _.lock();
- if (useCount == 0) {
- locker.unlock(); // release object lock
- discard(this);
- }
- }
-}
-
-DbBlob *Database::Common::encode(Database &db)
-{
- assert(!isLocked()); // must have been unlocked by caller
-
- // export database ACL to blob form
- CssmData pubAcl, privAcl;
- db.exportBlob(pubAcl, privAcl);
-
- // tell the cryptocore to form the blob
- DbBlob form;
- form.randomSignature = identifier();
- form.sequence = sequence;
- form.params = mParams;
- h2ni(form.params.idleTimeout);
-
- assert(hasMaster());
- DbBlob *blob = encodeCore(form, pubAcl, privAcl);
-
- // clean up and go
- db.allocator.free(pubAcl);
- db.allocator.free(privAcl);
- return blob;
-}
-
-
-//
-// Perform deferred lock processing for a database.
-//
-void Database::Common::action()
-{
- secdebug("SSdb", "common %s(%p) locked by timer (%d refs)",
- dbName(), this, int(useCount));
- lock(false);
-}
-
-void Database::Common::activity()
-{
- if (!isLocked())
- Server::active().setTimer(this, Time::Interval(int(mParams.idleTimeout)));
-}
-
-
-//
-// Implementation of a "system keychain unlock key store"
-//
-SystemKeychainKey::SystemKeychainKey(const char *path)
- : mPath(path)
-{
- // explicitly set up a key header for a raw 3DES key
- CssmKey::Header &hdr = mKey.header();
- hdr.blobType(CSSM_KEYBLOB_RAW);
- hdr.blobFormat(CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING);
- hdr.keyClass(CSSM_KEYCLASS_SESSION_KEY);
- hdr.algorithm(CSSM_ALGID_3DES_3KEY_EDE);
- hdr.KeyAttr = 0;
- hdr.KeyUsage = CSSM_KEYUSE_ANY;
- mKey = CssmData::wrap(mBlob.masterKey);
-}
-
-SystemKeychainKey::~SystemKeychainKey()
-{
-}
-
-bool SystemKeychainKey::matches(const DbBlob::Signature &signature)
-{
- return update() && signature == mBlob.signature;
-}
-
-bool SystemKeychainKey::update()
-{
- // if we checked recently, just assume it's okay
- if (mUpdateThreshold > Time::now())
- return mValid;
-
- // check the file
- struct stat st;
- if (::stat(mPath.c_str(), &st)) {
- // something wrong with the file; can't use it
- mUpdateThreshold = Time::now() + Time::Interval(checkDelay);
- return mValid = false;
- }
- if (mValid && Time::Absolute(st.st_mtimespec) == mCachedDate)
- return true;
- mUpdateThreshold = Time::now() + Time::Interval(checkDelay);
-
- try {
- secdebug("syskc", "reading system unlock record from %s", mPath.c_str());
- AutoFileDesc fd(mPath, O_RDONLY);
- if (fd.read(mBlob) != sizeof(mBlob))
- return false;
- if (mBlob.isValid()) {
- mCachedDate = st.st_mtimespec;
- return mValid = true;
- } else
- return mValid = false;
- } catch (...) {
- secdebug("syskc", "system unlock record not available");
- return false;
- }
-}
projects / apple / security.git / blobdiff