]> git.saurik.com Git - apple/securityd.git/blob - src/database.cpp
projects / apple / securityd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
securityd-29035.tar.gz
[apple/securityd.git] / src / database.cpp
1 /*
2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 //
26 // database - database session management
27 //
28 #include "database.h"
29 #include "agentquery.h"
30 #include "key.h"
31 #include "server.h"
32 #include "session.h"
33 #include <security_agent_client/agentclient.h>
34 #include <security_cdsa_utilities/acl_any.h> // for default owner ACLs
35 #include <security_cdsa_client/wrapkey.h>
36 #include <security_utilities/endian.h>
37
38 using namespace UnixPlusPlus;
39
40
41 //
42 // DbCommon basics
43 //
44 DbCommon::DbCommon(Session &session)
45 {
46 referent(session);
47 }
48
49 Session &DbCommon::session() const
50 {
51 return referent<Session>();
52 }
53
54
55 //
56 // Database basics
57 //
58 Database::Database(Process &proc)
59 {
60 referent(proc);
61 }
62
63
64 Process& Database::process() const
65 {
66 return referent<Process>();
67 }
68
69
70 //
71 // Default behaviors
72 //
73 void DbCommon::sleepProcessing()
74 {
75 // nothing
76 }
77
78 void DbCommon::lockProcessing()
79 {
80 // nothing
81 }
82
83
84 void Database::releaseKey(Key &key)
85 {
86 kill(key);
87 }
88
89 void Database::releaseSearch(Search &search)
90 {
91 kill(search);
92 }
93
94 void Database::releaseRecord(Record &record)
95 {
96 kill(record);
97 }
98
99 void Database::dbName(const char *name)
100 {
101 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
102 }
103
104
105 //
106 // Functions that aren't implemented at the Database level but can stay that way
107 //
108 void Database::findFirst(const CssmQuery &query,
109 CssmDbRecordAttributeData *inAttributes, mach_msg_type_number_t inAttributesLength,
110 CssmData *data, RefPointer<Key> &key, RefPointer<Search> &search, RefPointer<Record> &record,
111 CssmDbRecordAttributeData * &outAttributes, mach_msg_type_number_t &outAttributesLength)
112 {
113 secdebug("database", "%p calling unimplemented findFirst", this);
114 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
115 }
116
117 void Database::findNext(Search *search,
118 CssmDbRecordAttributeData *inAttributes, mach_msg_type_number_t inAttributesLength,
119 CssmData *data, RefPointer<Key> &key, RefPointer<Record> &record,
120 CssmDbRecordAttributeData * &outAttributes, mach_msg_type_number_t &outAttributesLength)
121 {
122 secdebug("database", "%p calling unimplemented findNext", this);
123 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
124 }
125
126 void Database::findRecordHandle(Record *record,
127 CssmDbRecordAttributeData *inAttributes, mach_msg_type_number_t inAttributesLength,
128 CssmData *data, RefPointer<Key> &key,
129 CssmDbRecordAttributeData * &outAttributes, mach_msg_type_number_t &outAttributesLength)
130 {
131 secdebug("database", "%p calling unimplemented findRecordHandle", this);
132 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
133 }
134
135 void Database::insertRecord(CSSM_DB_RECORDTYPE recordtype,
136 const CssmDbRecordAttributeData *attributes, mach_msg_type_number_t inAttributesLength,
137 const CssmData &data, RecordHandle &record)
138 {
139 secdebug("database", "%p calling unimplemented insertRecord", this);
140 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
141 }
142
143 void Database::modifyRecord(CSSM_DB_RECORDTYPE recordtype, Record *record,
144 const CssmDbRecordAttributeData *attributes, mach_msg_type_number_t inAttributesLength,
145 const CssmData *data, CSSM_DB_MODIFY_MODE modifyMode)
146 {
147 secdebug("database", "%p calling unimplemented modifyRecord", this);
148 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
149 }
150
151 void Database::deleteRecord(Database::Record *record)
152 {
153 secdebug("database", "%p calling unimplemented deleteRecord", this);
154 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
155 }
156
157 void Database::authenticate(CSSM_DB_ACCESS_TYPE, const AccessCredentials *)
158 {
159 secdebug("database", "%p calling unimplemented authenticate", this);
160 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
161 }
162
163 SecurityServerAcl &Database::acl()
164 {
165 secdebug("database", "%p has no ACL implementation", this);
166 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
167 }
168
169 bool Database::isLocked() const
170 {
171 secdebug("database", "%p calling unimplemented isLocked", this);
172 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
173 }
174
175
176 //
177 // SecurityServerAcl personality implementation.
178 // This is the trivial (type coding) stuff. The hard stuff is virtually mixed in.
179 //
180 Database *Database::relatedDatabase()
181 {
182 return this;
183 }
184
185 AclKind Database::aclKind() const
186 {
187 return dbAcl;
188 }
189
190 GenericHandle Database::aclHandle() const
191 {
192 return HandleObject::handle();
193 }
194
195
196 //
197 // Remote validation is not, by default, supported
198 //
199 bool Database::validateSecret(const AclSubject *, const AccessCredentials *)
200 {
201 return false;
202 }
203
204
205 //
206 // Implementation of a "system keychain unlock key store"
207 //
208 SystemKeychainKey::SystemKeychainKey(const char *path)
209 : mPath(path), mValid(false)
210 {
211 // explicitly set up a key header for a raw 3DES key
212 CssmKey::Header &hdr = mKey.header();
213 hdr.blobType(CSSM_KEYBLOB_RAW);
214 hdr.blobFormat(CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING);
215 hdr.keyClass(CSSM_KEYCLASS_SESSION_KEY);
216 hdr.algorithm(CSSM_ALGID_3DES_3KEY_EDE);
217 hdr.KeyAttr = 0;
218 hdr.KeyUsage = CSSM_KEYUSE_ANY;
219 mKey = CssmData::wrap(mBlob.masterKey);
220 }
221
222 SystemKeychainKey::~SystemKeychainKey()
223 {
224 }
225
226 bool SystemKeychainKey::matches(const DbBlob::Signature &signature)
227 {
228 return update() && signature == mBlob.signature;
229 }
230
231 bool SystemKeychainKey::update()
232 {
233 // if we checked recently, just assume it's okay
234 if (mValid && mUpdateThreshold > Time::now())
235 return mValid;
236
237 // check the file
238 struct stat st;
239 if (::stat(mPath.c_str(), &st)) {
240 // something wrong with the file; can't use it
241 mUpdateThreshold = Time::now() + Time::Interval(checkDelay);
242 return mValid = false;
243 }
244 if (mValid && Time::Absolute(st.st_mtimespec) == mCachedDate)
245 return true;
246 mUpdateThreshold = Time::now() + Time::Interval(checkDelay);
247
248 try {
249 secdebug("syskc", "reading system unlock record from %s", mPath.c_str());
250 AutoFileDesc fd(mPath, O_RDONLY);
251 if (fd.read(mBlob) != sizeof(mBlob))
252 return false;
253 if (mBlob.isValid()) {
254 mCachedDate = st.st_mtimespec;
255 return mValid = true;
256 } else
257 return mValid = false;
258 } catch (...) {
259 secdebug("syskc", "system unlock record not available");
260 return false;
261 }
262 }
mirror of securityd