securityd-55199.3.tar.gz

[apple/securityd.git] / src / database.cpp
diff --git a/src/database.cpp b/src/database.cpp

index a7b724232058ba1bf0f586beabb63f531258f48a..25a7d413977a8262a1343adff332f9c839db033d 100644 (file)
--- a/src/database.cpp
+++ b/src/database.cpp
@@ -1,10 +1,8 @@
  /*
  /*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2007 Apple Inc. All Rights Reserved.
   * 
   * @APPLE_LICENSE_HEADER_START@
   * 
   * 
   * @APPLE_LICENSE_HEADER_START@
   * 
- * Copyright (c) 1999-2003 Apple Computer, Inc.  All Rights Reserved.
- * 
   * This file contains Original Code and/or Modifications of Original Code
   * as defined in and that are subject to the Apple Public Source License
   * Version 2.0 (the 'License'). You may not use this file except in
   * This file contains Original Code and/or Modifications of Original Code
   * as defined in and that are subject to the Apple Public Source License
   * Version 2.0 (the 'License'). You may not use this file except in
@@ -32,11 +30,15 @@
  #include "key.h"
  #include "server.h"
  #include "session.h"
  #include "key.h"
  #include "server.h"
  #include "session.h"
+#include "notifications.h"
  #include <security_agent_client/agentclient.h>
  #include <security_agent_client/agentclient.h>
+#include <securityd_client/dictionary.h>
  #include <security_cdsa_utilities/acl_any.h>   // for default owner ACLs
  #include <security_cdsa_client/wrapkey.h>
  #include <security_utilities/endian.h>
  
  #include <security_cdsa_utilities/acl_any.h>   // for default owner ACLs
  #include <security_cdsa_client/wrapkey.h>
  #include <security_utilities/endian.h>
  
+using namespace UnixPlusPlus;
+
  
  //
  // DbCommon basics
  
  //
  // DbCommon basics
@@ -56,7 +58,6 @@ Session &DbCommon::session() const
  // Database basics
  //
  Database::Database(Process &proc)
  // Database basics
  //
  Database::Database(Process &proc)
-       : SecurityServerAcl(dbAcl, Allocator::standard())
  {
         referent(proc);
  }
  {
         referent(proc);
  }
@@ -66,6 +67,25 @@ Process& Database::process() const
  {
         return referent<Process>();
  }
  {
         return referent<Process>();
  }
+       
+
+//
+// Send a keychain-related notification event about this database
+//
+void DbCommon::notify(NotificationEvent event, const DLDbIdentifier &ident)
+{
+       // form the data (encoded DLDbIdentifier)
+    NameValueDictionary nvd;
+    NameValueDictionary::MakeNameValueDictionaryFromDLDbIdentifier(ident, nvd);
+    CssmData data;
+    nvd.Export(data);
+
+       // inject notification into Security event system
+    Listener::notify(kNotificationDomainDatabase, event, data);
+       
+       // clean up
+    free (data.data());
+}
  
  
  //
  
  
  //
@@ -76,10 +96,130 @@ void DbCommon::sleepProcessing()
         // nothing
  }
  
         // nothing
  }
  
+void DbCommon::lockProcessing()
+{
+       // nothing
+}
+
+bool DbCommon::belongsToSystem() const
+{
+       return false;
+}
+
  
  void Database::releaseKey(Key &key)
  {
  
  void Database::releaseKey(Key &key)
  {
-       removeReference(key);
+       kill(key);
+}
+
+void Database::releaseSearch(Search &search)
+{
+       kill(search);
+}
+
+void Database::releaseRecord(Record &record)
+{
+       kill(record);
+}
+
+void Database::dbName(const char *name)
+{
+       CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+
+//
+// Functions that aren't implemented at the Database level but can stay that way
+//
+void Database::findFirst(const CssmQuery &query,
+       CssmDbRecordAttributeData *inAttributes, mach_msg_type_number_t inAttributesLength,
+       CssmData *data, RefPointer<Key> &key, RefPointer<Search> &search, RefPointer<Record> &record,
+       CssmDbRecordAttributeData * &outAttributes, mach_msg_type_number_t &outAttributesLength)
+{
+       secdebug("database", "%p calling unimplemented findFirst", this);
+       CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void Database::findNext(Search *search,
+       CssmDbRecordAttributeData *inAttributes, mach_msg_type_number_t inAttributesLength,
+       CssmData *data, RefPointer<Key> &key, RefPointer<Record> &record,
+       CssmDbRecordAttributeData * &outAttributes, mach_msg_type_number_t &outAttributesLength)
+{
+       secdebug("database", "%p calling unimplemented findNext", this);
+       CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void Database::findRecordHandle(Record *record,
+       CssmDbRecordAttributeData *inAttributes, mach_msg_type_number_t inAttributesLength,
+       CssmData *data, RefPointer<Key> &key,
+       CssmDbRecordAttributeData * &outAttributes, mach_msg_type_number_t &outAttributesLength)
+{
+       secdebug("database", "%p calling unimplemented findRecordHandle", this);
+       CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void Database::insertRecord(CSSM_DB_RECORDTYPE recordtype,
+       const CssmDbRecordAttributeData *attributes, mach_msg_type_number_t inAttributesLength,
+       const CssmData &data, RecordHandle &record)
+{
+       secdebug("database", "%p calling unimplemented insertRecord", this);
+       CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void Database::modifyRecord(CSSM_DB_RECORDTYPE recordtype, Record *record,
+       const CssmDbRecordAttributeData *attributes, mach_msg_type_number_t inAttributesLength,
+       const CssmData *data, CSSM_DB_MODIFY_MODE modifyMode)
+{
+       secdebug("database", "%p calling unimplemented modifyRecord", this);
+       CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void Database::deleteRecord(Database::Record *record)
+{
+       secdebug("database", "%p calling unimplemented deleteRecord", this);
+       CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void Database::authenticate(CSSM_DB_ACCESS_TYPE, const AccessCredentials *)
+{
+       secdebug("database", "%p calling unimplemented authenticate", this);
+       CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+SecurityServerAcl &Database::acl()
+{
+       secdebug("database", "%p has no ACL implementation", this);
+       CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+bool Database::isLocked()
+{
+       secdebug("database", "%p calling unimplemented isLocked", this);
+       CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+
+//
+// SecurityServerAcl personality implementation.
+// This is the trivial (type coding) stuff. The hard stuff is virtually mixed in.
+//
+Database *Database::relatedDatabase()
+{
+       return this;
+}
+
+AclKind Database::aclKind() const
+{
+       return dbAcl;
+}
+
+
+//
+// Remote validation is not, by default, supported
+//
+bool Database::validateSecret(const AclSubject *, const AccessCredentials *)
+{
+       return false;
  }
  
  
  }
  
  
@@ -87,7 +227,7 @@ void Database::releaseKey(Key &key)
  // Implementation of a "system keychain unlock key store"
  //
  SystemKeychainKey::SystemKeychainKey(const char *path)
  // Implementation of a "system keychain unlock key store"
  //
  SystemKeychainKey::SystemKeychainKey(const char *path)
-       : mPath(path)
+       : mPath(path), mValid(false)
  {
         // explicitly set up a key header for a raw 3DES key
         CssmKey::Header &hdr = mKey.header();
  {
         // explicitly set up a key header for a raw 3DES key
         CssmKey::Header &hdr = mKey.header();
@@ -112,7 +252,7 @@ bool SystemKeychainKey::matches(const DbBlob::Signature &signature)
  bool SystemKeychainKey::update()
  {
         // if we checked recently, just assume it's okay
  bool SystemKeychainKey::update()
  {
         // if we checked recently, just assume it's okay
-       if (mUpdateThreshold > Time::now())
+       if (mValid && mUpdateThreshold > Time::now())
                 return mValid;
                 
         // check the file
                 return mValid;
                 
         // check the file