X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/ce3c8656732c924baf7e88df75eab50891bdc471..fa7225c82381bac4432a6edf16f53b5370238d85:/OSX/libsecurity_keychain/lib/Item.h diff --git a/OSX/libsecurity_keychain/lib/Item.h b/OSX/libsecurity_keychain/lib/Item.h index 26d7d7f2..8e9460dd 100644 --- a/OSX/libsecurity_keychain/lib/Item.h +++ b/OSX/libsecurity_keychain/lib/Item.h @@ -45,7 +45,10 @@ class Keychain; class ItemImpl : public SecCFObject { public: - SECCFFUNCTIONS(ItemImpl, SecKeychainItemRef, errSecInvalidItemRef, gTypes().ItemImpl) + SECCFFUNCTIONS_CREATABLE(ItemImpl, SecKeychainItemRef, gTypes().ItemImpl) + + static ItemImpl *required(SecKeychainItemRef ptr); + static ItemImpl *optional(SecKeychainItemRef ptr); friend class Item; friend class KeychainImpl; @@ -79,7 +82,7 @@ public: CFDataRef getPersistentRef(); PrimaryKey addWithCopyInfo(Keychain &keychain, bool isCopy); - Mutex* getMutexForObject(); + Mutex* getMutexForObject() const; // Return true iff the item integrity has not been compromised. virtual bool checkIntegrity(); @@ -194,6 +197,9 @@ protected: * the ACL will be copied from the old group, and the old group deleted. */ void updateSSGroup(Db& db, CSSM_DB_RECORDTYPE recordType, CssmDataContainer* data, Keychain keychain = NULL, SecPointer access = NULL); + // Helper function to abstract out error handling. Does not report any errors. + void deleteSSGroup(SSGroup & ssgroup, const AccessCredentials* nullCred); + void doChange(Keychain keychain, CSSM_DB_RECORDTYPE recordType, void (^tryChange) () ); // Add integrity acl entry to access. @@ -208,6 +214,12 @@ protected: // Set the integrity of this bearer to be whatever my attributes are now virtual void setIntegrity(AclBearer &bearer, bool force = false); + // Call this function to remove the integrity and partition_id ACLs from + // this item. You're not supposed to be able to do this, so force the issue + // by providing credentials to this keychain. + virtual void removeIntegrity(const AccessCredentials *cred); + virtual void removeIntegrity(AclBearer &bearer, const AccessCredentials *cred); + // new item members RefPointer mData; auto_ptr mDbAttributes;