X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/SecurityTests/xdr_rpc/securityd_data_saver.cpp diff --git a/SecurityTests/xdr_rpc/securityd_data_saver.cpp b/SecurityTests/xdr_rpc/securityd_data_saver.cpp new file mode 100644 index 00000000..8c2b466e --- /dev/null +++ b/SecurityTests/xdr_rpc/securityd_data_saver.cpp @@ -0,0 +1,205 @@ +/* + * Copyright (c) 2006 Apple Computer, Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +#include "securityd_data_saver.h" + +/* + * Please don't use this as an exemplar for new write...() calls. This was + * the first, is messy, and probably should be rewritten. At the very + * least, its correctness should be revisited. + */ +void +SecuritydDataSave::writeContext(Context *context, intptr_t attraddr, + mach_msg_type_number_t attrSize) +{ + // finish the preamble + uint32_t dtype = CONTEXT; + writeAll(&dtype, sizeof(dtype)); + + // save size of a CSSM_CONTEXT (not strictly necessary) + uint32_t csize = sizeof(CSSM_CONTEXT); + writeAll(&csize, sizeof(csize)); // write the length first! + writeAll(context, csize); + + // save the original base address for relocation + csize = sizeof(attraddr); + writeAll(&csize, sizeof(csize)); + writeAll(&attraddr, csize); + + // finally, save off the attributes + csize = attrSize; + writeAll(&csize, sizeof(csize)); + writeAll(context->ContextAttributes, csize); +} + +void +SecuritydDataSave::writeAclEntryInfo(AclEntryInfo *acls, + mach_msg_type_number_t aclsLength) +{ + // finish the preamble + uint32_t dtype = ACL_ENTRY_INFO; + writeAll(&dtype, sizeof(dtype)); + + // write the base pointer, then the ACL itself + uint32_t ptrsize = sizeof(acls); + writeAll(&ptrsize, sizeof(ptrsize)); + writeAll(&acls, ptrsize); + writeAll(&aclsLength, sizeof(aclsLength)); + writeAll(acls, aclsLength); +} + +void +SecuritydDataSave::writeAclEntryInput(AclEntryInput *acl, + mach_msg_type_number_t aclLength) +{ + // finish the preamble + uint32_t dtype = ACL_ENTRY_INPUT; + writeAll(&dtype, sizeof(dtype)); + + // write the pointer, then the ACL itself + uint32_t ptrsize = sizeof(acl); + writeAll(&ptrsize, sizeof(ptrsize)); + writeAll(&acl, ptrsize); + writeAll(&aclLength, sizeof(aclLength)); + writeAll(acl, aclLength); +} + + +// +// Excerpts from securityd's transition.cpp showing where SecuritydDataSave +// is (to be) used +// + +#if 0 +kern_return_t ucsp_server_findFirst(UCSP_ARGS, DbHandle db, + COPY_IN(CssmQuery, query), + COPY_IN(CssmDbRecordAttributeData, inAttributes), + COPY_OUT(CssmDbRecordAttributeData, outAttributes), + boolean_t getData, + DATA_OUT(data), KeyHandle *hKey, SearchHandle *hSearch, RecordHandle *hRecord) +{ + BEGIN_IPC + relocate(query, queryBase, queryLength); + SecuritydDataSave sds("/var/tmp/Query_findFirst"); + sds.writeQuery(query, queryLength); + relocate(inAttributes, inAttributesBase, inAttributesLength); + + RefPointer search; + RefPointer record; + RefPointer key; + CssmData outData; //OutputData outData(data, dataLength); + CssmDbRecordAttributeData *outAttrs; mach_msg_type_number_t outAttrsLength; + Server::database(db)->findFirst(*query, inAttributes, inAttributesLength, + getData ? &outData : NULL, key, search, record, outAttrs, outAttrsLength); + + // handle nothing-found case without exceptions + if (!record) { + *hRecord = noRecord; + *hSearch = noSearch; + *hKey = noKey; + } else { + // return handles + *hRecord = record->handle(); + *hSearch = search->handle(); + *hKey = key ? key->handle() : noKey; + + // return attributes (assumes relocated flat blob) + flips(outAttrs, outAttributes, outAttributesBase); + *outAttributesLength = outAttrsLength; + + // return data (temporary fix) + if (getData) { + *data = outData.data(); + *dataLength = outData.length(); + } + } + END_IPC(DL) +} + +kern_return_t ucsp_server_decrypt(UCSP_ARGS, CONTEXT_ARGS, KeyHandle keyh, + DATA_IN(cipher), DATA_OUT(clear)) +{ + BEGIN_IPC + SecuritydDataSave td("/var/tmp/securityd_Context_decrypt"); // XXX/gh get sample Context for XDR testing + relocate(context, contextBase, attributes, attrSize); + // save attributes base addr for backwards compatibility + intptr_t attraddr = reinterpret_cast(&context->ContextAttributes); + td.writeContext(&context, attraddr, attrSize); + RefPointer key = Server::key(keyh); + OutputData clearOut(clear, clearLength); + key->database().decrypt(context, *key, DATA(cipher), clearOut); + END_IPC(CSP) +} + +// ... + +kern_return_t ucsp_server_getAcl(UCSP_ARGS, AclKind kind, KeyHandle key, + boolean_t haveTag, const char *tag, + uint32 *countp, COPY_OUT(AclEntryInfo, acls)) +{ + BEGIN_IPC + uint32 count; + AclEntryInfo *aclList; + Server::aclBearer(kind, key).getAcl(haveTag ? tag : NULL, count, aclList); + *countp = count; + Copier aclsOut(aclList, count); // make flat copy + + { // release the chunked memory originals + ChunkFreeWalker free; + for (uint32 n = 0; n < count; n++) + walk(free, aclList[n]); + + // release the memory allocated for the list itself when we are done + Allocator::standard().free (aclList); + } + + // set result (note: this is *almost* flips(), but on an array) + *aclsLength = aclsOut.length(); + *acls = *aclsBase = aclsOut; + if (flipClient()) { + FlipWalker w; + for (uint32 n = 0; n < count; n++) + walk(w, (*acls)[n]); + w.doFlips(); + Flippers::flip(*aclsBase); + } + SecuritydDataSave sds("/var/tmp/AclEntryInfo_getAcl"); + sds.writeAclEntryInfo(*acls, *aclsLength); + Server::releaseWhenDone(aclsOut.keep()); + END_IPC(CSP) +} + +kern_return_t ucsp_server_changeAcl(UCSP_ARGS, AclKind kind, KeyHandle key, + COPY_IN(AccessCredentials, cred), CSSM_ACL_EDIT_MODE mode, CSSM_ACL_HANDLE handle, + COPY_IN(AclEntryInput, acl)) +{ + BEGIN_IPC + relocate(cred, credBase, credLength); + relocate(acl, aclBase, aclLength); + SecuritydDataSave sds("/var/tmp/AclEntryInput_changeAcl"); + sds.writeAclEntryInput(acl, aclLength); + Server::aclBearer(kind, key).changeAcl(AclEdit(mode, handle, acl), cred); + END_IPC(CSP) +} + +#endif /* 0 -- example code */