X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/b1ab9ed8d0e0f1c3b66d7daa8fd5564444c56195..c2a06e2499a2998aca30764dd75ee8aee5c5bc09:/libsecurity_keychain/lib/StorageManager.cpp?ds=sidebyside

diff --git a/libsecurity_keychain/lib/StorageManager.cpp b/libsecurity_keychain/lib/StorageManager.cpp
index 54af54ee..4ecee452 100644
--- a/libsecurity_keychain/lib/StorageManager.cpp
+++ b/libsecurity_keychain/lib/StorageManager.cpp
@@ -51,6 +51,7 @@
 #include <Security/AuthorizationTagsPriv.h>
 #include <Security/SecTask.h>
 #include <security_keychain/SecCFTypes.h>
+#include "TrustSettingsSchema.h"
 
 //%%% add this to AuthorizationTagsPriv.h later
 #ifndef AGENT_HINT_LOGIN_KC_SUPPRESS_RESET_PANEL
@@ -134,11 +135,6 @@ StorageManager::keychain(const DLDbIdentifier &dLDbIdentifier)
 	if (!dLDbIdentifier)
 		return Keychain();
 
-	if (gServerMode) {
-		secdebug("servermode", "keychain reference in server mode");
-		return Keychain();
-	}
-
     KeychainMap::iterator it = mKeychains.find(dLDbIdentifier);
     if (it != mKeychains.end())
 	{
@@ -152,6 +148,13 @@ StorageManager::keychain(const DLDbIdentifier &dLDbIdentifier)
 		}
 	}
 
+	if (gServerMode) {
+		secdebug("servermode", "keychain reference in server mode");
+        const char *dbname = dLDbIdentifier.dbName();
+        if (!dbname || (strcmp(dbname, SYSTEM_ROOT_STORE_PATH)!=0))
+            return Keychain();
+	}
+
 	// The keychain is not in our cache.  Create it.
 	Module module(dLDbIdentifier.ssuid().guid());
 	DL dl;