X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/fa7225c82381bac4432a6edf16f53b5370238d85..07691282a056c4efea71e1e505527601e8cc166b:/OSX/libsecurity_keychain/lib/SecIdentity.cpp

diff --git a/OSX/libsecurity_keychain/lib/SecIdentity.cpp b/OSX/libsecurity_keychain/lib/SecIdentity.cpp
index adfe8b74..5d21959b 100644
--- a/OSX/libsecurity_keychain/lib/SecIdentity.cpp
+++ b/OSX/libsecurity_keychain/lib/SecIdentity.cpp
@@ -35,8 +35,10 @@
 #include <security_keychain/KCCursor.h>
 #include <security_cdsa_utilities/Schema.h>
 #include <security_utilities/simpleprefs.h>
+#include <utilities/SecCFRelease.h>
 #include <sys/param.h>
 #include <syslog.h>
+#include <os/activity.h>
 
 /* private function declarations */
 OSStatus
@@ -120,6 +122,9 @@ SecIdentityCopyCertificate(
             SecCertificateRef *certificateRef)
 {
 	BEGIN_SECAPI
+    os_activity_t activity = os_activity_create("SecIdentityCopyCertificate", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT);
+    os_activity_scope(activity);
+    os_release(activity);
 
 	if (!identityRef || !certificateRef) {
 		return errSecParam;
@@ -128,7 +133,7 @@ SecIdentityCopyCertificate(
 	if (itemType == SecIdentityGetTypeID()) {
 		SecPointer<Certificate> certificatePtr(Identity::required(identityRef)->certificate());
 		Required(certificateRef) = certificatePtr->handle();
-#if SECTRUST_OSX
+
 		/* convert outgoing certificate item to a unified SecCertificateRef */
 		CssmData certData = certificatePtr->data();
 		CFDataRef data = NULL;
@@ -149,16 +154,12 @@ SecIdentityCopyCertificate(
 		if (tmpRef) {
 			CFRelease(tmpRef);
 		}
-#endif
 	}
 	else if (itemType == SecCertificateGetTypeID()) {
 		// rdar://24483382
 		// reconstituting a persistent identity reference could return the certificate
 		SecCertificateRef certificate = (SecCertificateRef)identityRef;
-#if !SECTRUST_OSX
-		SecPointer<Certificate> certificatePtr(Certificate::required(certificate));
-		Required(certificateRef) = certificatePtr->handle();
-#else
+
 		/* convert outgoing certificate item to a unified SecCertificateRef, if needed */
 		if (SecCertificateIsItemImplInstance(certificate)) {
 			*certificateRef = SecCertificateCreateFromItemImplInstance(certificate);
@@ -166,7 +167,6 @@ SecIdentityCopyCertificate(
 		else {
 			*certificateRef = (SecCertificateRef) CFRetain(certificate);
 		}
-#endif
 		return errSecSuccess;
 	}
 	else {
@@ -183,6 +183,9 @@ SecIdentityCopyPrivateKey(
             SecKeyRef *privateKeyRef)
 {
     BEGIN_SECAPI
+    os_activity_t activity = os_activity_create("SecIdentityCopyPrivateKey", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT);
+    os_activity_scope(activity);
+    os_release(activity);
 
 	Required(privateKeyRef) = (SecKeyRef)CFRetain(Identity::required(identityRef)->privateKeyRef());
 
@@ -257,19 +260,20 @@ SecIdentityCompare(
 			return kCFCompareGreaterThan;
 	}
 
-	BEGIN_SECAPI
-
-	SecPointer<Identity> id1(Identity::required(identity1));
-	SecPointer<Identity> id2(Identity::required(identity2));
-
-	if (id1 == id2)
-		return kCFCompareEqualTo;
-	else if (id1 < id2)
-		return kCFCompareLessThan;
-	else
-		return kCFCompareGreaterThan;
-
-	END_SECAPI1(kCFCompareGreaterThan);
+    try {
+        SecPointer<Identity> id1(Identity::required(identity1));
+        SecPointer<Identity> id2(Identity::required(identity2));
+
+        if (id1 == id2)
+            return kCFCompareEqualTo;
+        else if (id1 < id2)
+            return kCFCompareLessThan;
+        else
+            return kCFCompareGreaterThan;
+    } catch(...)
+    {}
+
+    return kCFCompareGreaterThan;
 }
 
 static
@@ -425,25 +429,12 @@ OSStatus _SecIdentityCopyPreferenceMatchingName(
     }
 
 	// create identity reference, given certificate
-#if SECTRUST_OSX
-    status = SecIdentityCreateWithCertificate(NULL, (SecCertificateRef)certItemRef, identity);
-#else
-    try {
-        Item certItem = ItemImpl::required(SecKeychainItemRef(certItemRef));
-        SecPointer<Certificate> certificate(static_cast<Certificate *>(certItem.get()));
-        SecPointer<Identity> identity_ptr(new Identity(keychains, certificate));
-        if (certItemRef) {
-            CFRelease(certItemRef); // retained by identity
-        }
-        Required(identity) = identity_ptr->handle();
-    }
-    catch (const MacOSError &err)   { status=err.osStatus(); }
-    catch (const CommonError &err)  { status=SecKeychainErrFromOSStatus(err.osStatus()); }
-    catch (const std::bad_alloc &)  { status=errSecAllocate; }
-    catch (...)                     { status=errSecInvalidItemRef; }
-#endif
+	status = SecIdentityCreateWithCertificate(NULL, (SecCertificateRef)certItemRef, identity);
+	if (certItemRef) {
+		CFRelease(certItemRef);
+	}
 
-    return status;
+	return status;
 }
 
 SecIdentityRef SecIdentityCopyPreferred(CFStringRef name, CFArrayRef keyUsage, CFArrayRef validIssuers)
@@ -477,16 +468,21 @@ OSStatus SecIdentityCopyPreference(
     // (Note that behavior is unchanged if the specified name is not a URL.)
 
     BEGIN_SECAPI
+    os_activity_t activity = os_activity_create("SecIdentityCopyPreference", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT);
+    os_activity_scope(activity);
+    os_release(activity);
 
     CFTypeRef val = (CFTypeRef)CFPreferencesCopyValue(CFSTR("LogIdentityPreferenceLookup"),
                     CFSTR("com.apple.security"),
                     kCFPreferencesCurrentUser,
                     kCFPreferencesAnyHost);
     Boolean logging = false;
-    if (val && CFGetTypeID(val) == CFBooleanGetTypeID()) {
-        logging = CFBooleanGetValue((CFBooleanRef)val);
-        CFRelease(val);
+    if (val) {
+        if (CFGetTypeID(val) == CFBooleanGetTypeID()) {
+            logging = CFBooleanGetValue((CFBooleanRef)val);
+        }
     }
+     CFReleaseNull(val);
 
     OSStatus status = errSecItemNotFound;
     CFArrayRef names = _SecIdentityCopyPossiblePaths(name);
@@ -572,8 +568,15 @@ OSStatus SecIdentitySetPreference(
 	}
 
     BEGIN_SECAPI
-
-	SecPointer<Certificate> certificate(Identity::required(identity)->certificate());
+    os_activity_t activity = os_activity_create("SecIdentitySetPreference", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT);
+    os_activity_scope(activity);
+    os_release(activity);
+
+    CFRef<SecCertificateRef>  certRef;
+    OSStatus status = SecIdentityCopyCertificate(identity, certRef.take());
+    if(status != errSecSuccess) {
+        MacOSError::throwMe(status);
+    }
 
 	// determine the account attribute
 	//
@@ -585,7 +588,7 @@ OSStatus SecIdentitySetPreference(
 	// If the key usage is 0 (i.e. the normal case), we omit the appended key usage string.
 	//
     CFStringRef labelStr = nil;
-	certificate->inferLabel(false, &labelStr);
+    SecCertificateInferLabel(certRef.get(), &labelStr);
 	if (!labelStr) {
         MacOSError::throwMe(errSecDataTooLarge); // data is "in a format which cannot be displayed"
 	}
@@ -593,21 +596,29 @@ OSStatus SecIdentitySetPreference(
 	const char *templateStr = "%s [key usage 0x%X]";
 	const int keyUsageMaxStrLen = 8;
 	accountUTF8Len += strlen(templateStr) + keyUsageMaxStrLen;
-	char accountUTF8[accountUTF8Len];
+	char *accountUTF8 = (char *)malloc(accountUTF8Len);
+	if (!accountUTF8) {
+		MacOSError::throwMe(errSecMemoryError);
+	}
     if (!CFStringGetCString(labelStr, accountUTF8, accountUTF8Len-1, kCFStringEncodingUTF8))
 		accountUTF8[0] = (char)'\0';
 	if (keyUsage)
 		snprintf(accountUTF8, accountUTF8Len-1, templateStr, accountUTF8, keyUsage);
 	snprintf(accountUTF8, accountUTF8Len-1, "%s ", accountUTF8);
-    CssmData account(const_cast<char *>(accountUTF8), strlen(accountUTF8));
+    CssmDataContainer account(const_cast<char *>(accountUTF8), strlen(accountUTF8));
+    free(accountUTF8);
     CFRelease(labelStr);
 
 	// service attribute (name provided by the caller)
 	CFIndex serviceUTF8Len = CFStringGetMaximumSizeForEncoding(CFStringGetLength(name), kCFStringEncodingUTF8) + 1;;
-	char serviceUTF8[serviceUTF8Len];
+	char *serviceUTF8 = (char *)malloc(serviceUTF8Len);
+	if (!serviceUTF8) {
+		MacOSError::throwMe(errSecMemoryError);
+	}
     if (!CFStringGetCString(name, serviceUTF8, serviceUTF8Len-1, kCFStringEncodingUTF8))
         serviceUTF8[0] = (char)'\0';
-    CssmData service(const_cast<char *>(serviceUTF8), strlen(serviceUTF8));
+    CssmDataContainer service(const_cast<char *>(serviceUTF8), strlen(serviceUTF8));
+    free(serviceUTF8);
 
     // look for existing identity preference item, in case this is an update
 	StorageManager::KeychainList keychains;
@@ -633,7 +644,7 @@ OSStatus SecIdentitySetPreference(
 
 	// generic attribute (store persistent certificate reference)
 	CFDataRef pItemRef = nil;
-    certificate->copyPersistentReference(pItemRef);
+    SecKeychainItemCreatePersistentReference((SecKeychainItemRef)certRef.get(), &pItemRef);
 	if (!pItemRef) {
 		MacOSError::throwMe(errSecInvalidItemRef);
     }
@@ -681,6 +692,9 @@ SecIdentityFindPreferenceItem(
 	SecKeychainItemRef *itemRef)
 {
     BEGIN_SECAPI
+    os_activity_t activity = os_activity_create("SecIdentityFindPreferenceItem", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT);
+    os_activity_scope(activity);
+    os_release(activity);
 
 	StorageManager::KeychainList keychains;
 	globals().storageManager.optionalSearchList(keychainOrArray, keychains);
@@ -719,6 +733,9 @@ SecIdentityFindPreferenceItemWithNameAndKeyUsage(
 	SecKeychainItemRef *itemRef)
 {
     BEGIN_SECAPI
+    os_activity_t activity = os_activity_create("SecIdentityFindPreferenceItemWithNameAndKeyUsage", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT);
+    os_activity_scope(activity);
+    os_release(activity);
 
 	StorageManager::KeychainList keychains;
 	globals().storageManager.optionalSearchList(keychainOrArray, keychains);
@@ -762,7 +779,7 @@ OSStatus SecIdentityDeletePreferenceItemWithNameAndKeyUsage(
 	// cut things off at that point if we're still finding items (if they can't
 	// be deleted for some reason, we'd never break out of the loop.)
 
-	OSStatus status;
+	OSStatus status = errSecInternalError;
 	SecKeychainItemRef item = NULL;
 	int count = 0, maxUsages = 12;
 	while (++count <= maxUsages &&
@@ -811,21 +828,29 @@ OSStatus _SecIdentityAddPreferenceItemWithName(
 	const char *templateStr = "%s [key usage 0x%X]";
 	const int keyUsageMaxStrLen = 8;
 	accountUTF8Len += strlen(templateStr) + keyUsageMaxStrLen;
-	char accountUTF8[accountUTF8Len];
+	char *accountUTF8 = (char *)malloc(accountUTF8Len);
+	if (!accountUTF8) {
+		MacOSError::throwMe(errSecMemoryError);
+	}
     if (!CFStringGetCString(labelStr, accountUTF8, accountUTF8Len-1, kCFStringEncodingUTF8))
 		accountUTF8[0] = (char)'\0';
 	if (keyUsage)
 		snprintf(accountUTF8, accountUTF8Len-1, templateStr, accountUTF8, keyUsage);
 	snprintf(accountUTF8, accountUTF8Len-1, "%s ", accountUTF8);
-    CssmData account(const_cast<char *>(accountUTF8), strlen(accountUTF8));
+    CssmDataContainer account(const_cast<char *>(accountUTF8), strlen(accountUTF8));
+    free(accountUTF8);
     CFRelease(labelStr);
 
 	// service attribute (name provided by the caller)
 	CFIndex serviceUTF8Len = CFStringGetMaximumSizeForEncoding(CFStringGetLength(idString), kCFStringEncodingUTF8) + 1;;
-	char serviceUTF8[serviceUTF8Len];
+	char *serviceUTF8 = (char *)malloc(serviceUTF8Len);
+	if (!serviceUTF8) {
+		MacOSError::throwMe(errSecMemoryError);
+	}
     if (!CFStringGetCString(idString, serviceUTF8, serviceUTF8Len-1, kCFStringEncodingUTF8))
         serviceUTF8[0] = (char)'\0';
-    CssmData service(const_cast<char *>(serviceUTF8), strlen(serviceUTF8));
+    CssmDataContainer service(const_cast<char *>(serviceUTF8), strlen(serviceUTF8));
+    free(serviceUTF8);
 
 	// set item attribute values
 	item->setAttribute(Schema::attributeInfo(kSecServiceItemAttr), service);
@@ -886,6 +911,9 @@ OSStatus SecIdentityAddPreferenceItem(
     // (Note that behavior is unchanged if the specified idString is not a URL.)
 
     BEGIN_SECAPI
+    os_activity_t activity = os_activity_create("SecIdentityAddPreferenceItem", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT);
+    os_activity_scope(activity);
+    os_release(activity);
 
     OSStatus status = errSecInternalComponent;
     CFArrayRef names = _SecIdentityCopyPossiblePaths(idString);
@@ -942,6 +970,9 @@ OSStatus SecIdentityUpdatePreferenceItem(
 			SecIdentityRef identityRef)
 {
     BEGIN_SECAPI
+    os_activity_t activity = os_activity_create("SecIdentityUpdatePreferenceItem", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT);
+    os_activity_scope(activity);
+    os_release(activity);
 
 	if (!itemRef || !identityRef)
 		MacOSError::throwMe(errSecParam);
@@ -977,15 +1008,19 @@ OSStatus SecIdentityUpdatePreferenceItem(
 	const char *templateStr = "%s [key usage 0x%X]";
 	const int keyUsageMaxStrLen = 8;
 	accountUTF8Len += strlen(templateStr) + keyUsageMaxStrLen;
-	char accountUTF8[accountUTF8Len];
-    if (!CFStringGetCString(labelStr, accountUTF8, accountUTF8Len-1, kCFStringEncodingUTF8))
+	char *accountUTF8 = (char *)malloc(accountUTF8Len);
+	if (!accountUTF8) {
+		MacOSError::throwMe(errSecMemoryError);
+	}
+	if (!CFStringGetCString(labelStr, accountUTF8, accountUTF8Len-1, kCFStringEncodingUTF8))
 		accountUTF8[0] = (char)'\0';
 	if (keyUsage)
 		snprintf(accountUTF8, accountUTF8Len-1, templateStr, accountUTF8, keyUsage);
 	snprintf(accountUTF8, accountUTF8Len-1, "%s ", accountUTF8);
-    CssmData account(const_cast<char *>(accountUTF8), strlen(accountUTF8));
+	CssmDataContainer account(const_cast<char *>(accountUTF8), strlen(accountUTF8));
 	prefItem->setAttribute(Schema::attributeInfo(kSecAccountItemAttr), account);
-    CFRelease(labelStr);
+	free(accountUTF8);
+	CFRelease(labelStr);
 
 	// generic attribute (store persistent certificate reference)
 	CFDataRef pItemRef = nil;
@@ -1010,6 +1045,9 @@ OSStatus SecIdentityCopyFromPreferenceItem(
 			SecIdentityRef *identityRef)
 {
     BEGIN_SECAPI
+    os_activity_t activity = os_activity_create("SecIdentityCopyFromPreferenceItem", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT);
+    os_activity_scope(activity);
+    os_release(activity);
 
 	if (!itemRef || !identityRef)
 		MacOSError::throwMe(errSecParam);
@@ -1071,6 +1109,9 @@ OSStatus SecIdentityCopySystemIdentity(
    CFStringRef *actualDomain) /* optional */
 {
     BEGIN_SECAPI
+    os_activity_t activity = os_activity_create("SecIdentityCopySystemIdentity", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT);
+    os_activity_scope(activity);
+    os_release(activity);
 
 	StLock<Mutex> _(systemIdentityLock());
 	auto_ptr<Dictionary> identDict;
@@ -1139,6 +1180,9 @@ OSStatus SecIdentitySetSystemIdentity(
    SecIdentityRef idRef)
 {
     BEGIN_SECAPI
+    os_activity_t activity = os_activity_create("SecIdentitySetSystemIdentity", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT);
+    os_activity_scope(activity);
+    os_release(activity);
 
 	StLock<Mutex> _(systemIdentityLock());
 	if(geteuid() != 0) {