X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5c19dc3ae3bd8e40a9c028b0deddd50ff337692c..7e6b461318c8a779d91381531435a68ee4e8b6ed:/OSX/libsecurity_filedb/lib/AppleDatabase.cpp?ds=inline diff --git a/OSX/libsecurity_filedb/lib/AppleDatabase.cpp b/OSX/libsecurity_filedb/lib/AppleDatabase.cpp index ddad1a74..60b47123 100644 --- a/OSX/libsecurity_filedb/lib/AppleDatabase.cpp +++ b/OSX/libsecurity_filedb/lib/AppleDatabase.cpp @@ -34,6 +34,7 @@ #include #include #include +#include static const char *kAppleDatabaseChanged = "com.apple.AppleDatabaseChanged"; @@ -1686,6 +1687,8 @@ DbModifier::commit() return; try { + secinfo("integrity", "committing to %s", mAtomicFile.path().c_str()); + WriteSection aHeaderSection(Allocator::standard(), size_t(HeaderSize)); // Set aHeaderSection to the correct size. aHeaderSection.size(HeaderSize); @@ -2291,40 +2294,6 @@ AppleDatabase::dataDelete(DbContext &inDbContext, { try { - // syslog if it's the .Mac password - CSSM_DB_RECORD_ATTRIBUTE_DATA attrData; - // we have to do this in two phases -- the first to get the record type, and the second to actually read the attributes. Otherwise, we might get - // an exception. - memset(&attrData, 0, sizeof(attrData)); - dataGetFromUniqueRecordId(inDbContext, inUniqueRecord, &attrData, NULL); - - if (attrData.DataRecordType == CSSM_DL_DB_RECORD_GENERIC_PASSWORD) - { - CSSM_DB_ATTRIBUTE_DATA attributes; - - // setup some attributes and see if we are indeed the .Mac password - attributes.Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER; - attributes.Info.Label.AttributeID = 'svce'; - attributes.Info.AttributeFormat = 0; - attributes.NumberOfValues = 1; - attributes.Value = NULL; - - attrData.NumberOfAttributes = 1; - attrData.AttributeData = &attributes; - - dataGetFromUniqueRecordId(inDbContext, inUniqueRecord, &attrData, NULL); - - // now check the results - std::string dataString((const char*) attrData.AttributeData[0].Value[0].Data, attrData.AttributeData[0].Value[0].Length); - if (dataString == "iTools") - { - syslog(LOG_WARNING, "Warning: Removed .Me password"); - } - - free(attrData.AttributeData[0].Value[0].Data); - free(attrData.AttributeData[0].Value); - } - StLock _(mWriteLock); Table::Id aTableId; const RecordId aRecordId(parseUniqueRecord(inUniqueRecord, aTableId)); @@ -2539,6 +2508,22 @@ AppleDatabase::passThrough(DbContext &dbContext, mDbModifier.rollback(); break; + case CSSM_APPLEFILEDL_TAKE_FILE_LOCK: + mDbModifier.modifyDatabase(); + break; + + case CSSM_APPLEFILEDL_MAKE_BACKUP: + dbMakeBackup(); + break; + + case CSSM_APPLEFILEDL_MAKE_COPY: + dbMakeCopy((const char *) inputParams); + break; + + case CSSM_APPLEFILEDL_DELETE_FILE: + dbDeleteFile(); + break; + case CSSM_APPLECSPDL_DB_RELATION_EXISTS: { CSSM_BOOL returnValue; @@ -2559,6 +2544,30 @@ AppleDatabase::passThrough(DbContext &dbContext, default: CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); - break; } } + +void +AppleDatabase::dbMakeBackup() { + // Make a backup copy next to the current keychain, with filename pattern original.keychain_XXXXXX_backup + char * filename_temp_cstr = tempnam( mAtomicFile.dir().c_str(), (mAtomicFile.file() + "_").c_str() ); + string filename_temp(filename_temp_cstr); + filename_temp += "_backup"; + + free(filename_temp_cstr); + + dbMakeCopy(filename_temp.c_str()); +} + +void +AppleDatabase::dbMakeCopy(const char* path) { + if(copyfile(mAtomicFile.path().c_str(), path, NULL, COPYFILE_UNLINK | COPYFILE_ALL) < 0) { + UnixError::throwMe(errno); + } +} + +void AppleDatabase::dbDeleteFile() { + if(unlink(mAtomicFile.path().c_str()) < 0) { + UnixError::throwMe(errno); + } +}