X-Git-Url: https://git.saurik.com/apple/securityd.git/blobdiff_plain/eeadf2e6470f45ea0275a6019635573f2a7b5a2c..4cd1cad0dea00daa03e1b54fdf2797a02373ad5b:/src/database.cpp diff --git a/src/database.cpp b/src/database.cpp index a7b7242..25a7d41 100644 --- a/src/database.cpp +++ b/src/database.cpp @@ -1,10 +1,8 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2000-2007 Apple Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ * - * Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved. - * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in @@ -32,11 +30,15 @@ #include "key.h" #include "server.h" #include "session.h" +#include "notifications.h" #include +#include #include // for default owner ACLs #include #include +using namespace UnixPlusPlus; + // // DbCommon basics @@ -56,7 +58,6 @@ Session &DbCommon::session() const // Database basics // Database::Database(Process &proc) - : SecurityServerAcl(dbAcl, Allocator::standard()) { referent(proc); } @@ -66,6 +67,25 @@ Process& Database::process() const { return referent(); } + + +// +// Send a keychain-related notification event about this database +// +void DbCommon::notify(NotificationEvent event, const DLDbIdentifier &ident) +{ + // form the data (encoded DLDbIdentifier) + NameValueDictionary nvd; + NameValueDictionary::MakeNameValueDictionaryFromDLDbIdentifier(ident, nvd); + CssmData data; + nvd.Export(data); + + // inject notification into Security event system + Listener::notify(kNotificationDomainDatabase, event, data); + + // clean up + free (data.data()); +} // @@ -76,10 +96,130 @@ void DbCommon::sleepProcessing() // nothing } +void DbCommon::lockProcessing() +{ + // nothing +} + +bool DbCommon::belongsToSystem() const +{ + return false; +} + void Database::releaseKey(Key &key) { - removeReference(key); + kill(key); +} + +void Database::releaseSearch(Search &search) +{ + kill(search); +} + +void Database::releaseRecord(Record &record) +{ + kill(record); +} + +void Database::dbName(const char *name) +{ + CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); +} + + +// +// Functions that aren't implemented at the Database level but can stay that way +// +void Database::findFirst(const CssmQuery &query, + CssmDbRecordAttributeData *inAttributes, mach_msg_type_number_t inAttributesLength, + CssmData *data, RefPointer &key, RefPointer &search, RefPointer &record, + CssmDbRecordAttributeData * &outAttributes, mach_msg_type_number_t &outAttributesLength) +{ + secdebug("database", "%p calling unimplemented findFirst", this); + CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); +} + +void Database::findNext(Search *search, + CssmDbRecordAttributeData *inAttributes, mach_msg_type_number_t inAttributesLength, + CssmData *data, RefPointer &key, RefPointer &record, + CssmDbRecordAttributeData * &outAttributes, mach_msg_type_number_t &outAttributesLength) +{ + secdebug("database", "%p calling unimplemented findNext", this); + CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); +} + +void Database::findRecordHandle(Record *record, + CssmDbRecordAttributeData *inAttributes, mach_msg_type_number_t inAttributesLength, + CssmData *data, RefPointer &key, + CssmDbRecordAttributeData * &outAttributes, mach_msg_type_number_t &outAttributesLength) +{ + secdebug("database", "%p calling unimplemented findRecordHandle", this); + CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); +} + +void Database::insertRecord(CSSM_DB_RECORDTYPE recordtype, + const CssmDbRecordAttributeData *attributes, mach_msg_type_number_t inAttributesLength, + const CssmData &data, RecordHandle &record) +{ + secdebug("database", "%p calling unimplemented insertRecord", this); + CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); +} + +void Database::modifyRecord(CSSM_DB_RECORDTYPE recordtype, Record *record, + const CssmDbRecordAttributeData *attributes, mach_msg_type_number_t inAttributesLength, + const CssmData *data, CSSM_DB_MODIFY_MODE modifyMode) +{ + secdebug("database", "%p calling unimplemented modifyRecord", this); + CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); +} + +void Database::deleteRecord(Database::Record *record) +{ + secdebug("database", "%p calling unimplemented deleteRecord", this); + CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); +} + +void Database::authenticate(CSSM_DB_ACCESS_TYPE, const AccessCredentials *) +{ + secdebug("database", "%p calling unimplemented authenticate", this); + CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); +} + +SecurityServerAcl &Database::acl() +{ + secdebug("database", "%p has no ACL implementation", this); + CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); +} + +bool Database::isLocked() +{ + secdebug("database", "%p calling unimplemented isLocked", this); + CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); +} + + +// +// SecurityServerAcl personality implementation. +// This is the trivial (type coding) stuff. The hard stuff is virtually mixed in. +// +Database *Database::relatedDatabase() +{ + return this; +} + +AclKind Database::aclKind() const +{ + return dbAcl; +} + + +// +// Remote validation is not, by default, supported +// +bool Database::validateSecret(const AclSubject *, const AccessCredentials *) +{ + return false; } @@ -87,7 +227,7 @@ void Database::releaseKey(Key &key) // Implementation of a "system keychain unlock key store" // SystemKeychainKey::SystemKeychainKey(const char *path) - : mPath(path) + : mPath(path), mValid(false) { // explicitly set up a key header for a raw 3DES key CssmKey::Header &hdr = mKey.header(); @@ -112,7 +252,7 @@ bool SystemKeychainKey::matches(const DbBlob::Signature &signature) bool SystemKeychainKey::update() { // if we checked recently, just assume it's okay - if (mUpdateThreshold > Time::now()) + if (mValid && mUpdateThreshold > Time::now()) return mValid; // check the file