X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5c19dc3ae3bd8e40a9c028b0deddd50ff337692c..7e6b461318c8a779d91381531435a68ee4e8b6ed:/OSX/libsecurity_keychain/lib/defaultcreds.cpp?ds=inline diff --git a/OSX/libsecurity_keychain/lib/defaultcreds.cpp b/OSX/libsecurity_keychain/lib/defaultcreds.cpp index 5188b0e0..d1b862d7 100644 --- a/OSX/libsecurity_keychain/lib/defaultcreds.cpp +++ b/OSX/libsecurity_keychain/lib/defaultcreds.cpp @@ -77,16 +77,19 @@ bool DefaultCredentials::operator () (Db database) case CSSM_APPLE_UNLOCK_TYPE_WRAPPED_PRIVATE: keyReferral(**it); break; + case CSSM_APPLE_UNLOCK_TYPE_KEYBAG: + keybagReferral(**it); + break; default: - secdebug("kcreferral", "referral type %lu (to %s) not supported", + secinfo("kcreferral", "referral type %lu (to %s) not supported", (unsigned long)(*it)->type(), (*it)->dbName().c_str()); break; } } } - secdebug("kcreferral", "%lu samples generated", (unsigned long)size()); + secinfo("kcreferral", "%lu samples generated", (unsigned long)size()); } catch (...) { - secdebug("kcreferral", "exception setting default credentials for %s; using standard value", database->name()); + secinfo("kcreferral", "exception setting default credentials for %s; using standard value", database->name()); } mMade = true; } @@ -97,11 +100,11 @@ bool DefaultCredentials::operator () (Db database) // // Process a single referral record. This will handle all known types -// of referrals. +// of referrals, other than keybag (see keybagReferral). // void DefaultCredentials::keyReferral(const UnlockReferralRecord &ref) { - secdebug("kcreferral", "processing type %ld referral to %s", + secinfo("kcreferral", "processing type %ld referral to %s", (long)ref.type(), ref.dbName().c_str()); DLDbIdentifier identifier(ref.dbName().c_str(), ref.dbGuid(), ref.dbSSID(), ref.dbSSType()); @@ -115,12 +118,12 @@ void DefaultCredentials::keyReferral(const UnlockReferralRecord &ref) // try the entire search list (just in case) try { - secdebug("kcreferral", "no joy with %s; trying the entire keychain list for guid %s", + secinfo("kcreferral", "no joy with %s; trying the entire keychain list for guid %s", ref.dbName().c_str(), ref.dbGuid().toString().c_str()); unlockKey(ref, fallbackSearchList(identifier)); return; } catch (...) { } - secdebug("kcreferral", "no luck at all; we'll skip this record"); + secinfo("kcreferral", "no luck at all; we'll skip this record"); } @@ -136,11 +139,11 @@ bool DefaultCredentials::unlockKey(const UnlockReferralRecord &ref, const Keycha CSSM_DB_RECORDTYPE recordType = (ref.type() == CSSM_APPLE_UNLOCK_TYPE_KEY_DIRECT) ? CSSM_DL_DB_RECORD_SYMMETRIC_KEY : CSSM_DL_DB_RECORD_PRIVATE_KEY; - KCCursor cursor(list, recordType, &search); + KCCursor cursor(list, (SecItemClass) recordType, &search); Item keyItem; while (cursor->next(keyItem)) { - secdebug("kcreferral", "located source key in %s", keyItem->keychain()->name()); + secinfo("kcreferral", "located source key in %s", keyItem->keychain()->name()); // get a reference to the key in the provider keychain CssmClient::Key key = dynamic_cast(*keyItem).key(); @@ -170,6 +173,21 @@ bool DefaultCredentials::unlockKey(const UnlockReferralRecord &ref, const Keycha return foundSome; } +void +DefaultCredentials::keybagReferral(const UnlockReferralRecord &ref) +{ + secinfo("kcreferral", "processing type %ld referral", (long)ref.type()); + + try { + // assemble and add CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK item + append(TypedList(allocator, CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK, + new(allocator) ListElement(CSSM_WORDID_KEYBAG_KEY), + new(allocator) ListElement(allocator, CssmData::wrap(ref.dbGuid())), + new(allocator) ListElement(allocator, ref.get()) + )); + } catch (...) { + } +} // // Take the official keychain search list, and return those keychains whose