From 2c71f428b608ff36ea99bb030094a182bba57473 Mon Sep 17 00:00:00 2001 From: Apple Date: Mon, 20 Feb 2006 21:39:56 +0000 Subject: [PATCH] securityd-26232.tar.gz --- securityd.xcode/project.pbxproj | 14 +++++----- src/acls.cpp | 3 +++ src/acls.h | 1 + src/agentquery.cpp | 18 ++++++------- src/codesigdb.cpp | 47 ++++++++++++++++++++++----------- src/dbcrypto.cpp | 12 ++++----- src/dbcrypto.h | 2 +- src/flippers.h | 3 +-- src/kcdatabase.cpp | 4 +-- src/kckey.cpp | 4 +-- src/main.cpp | 3 +-- src/notifications.cpp | 3 +-- src/server.h | 8 +++--- src/session.cpp | 6 +++-- src/session.h | 2 +- src/structure.h | 16 +++++------ src/token.cpp | 4 +-- src/tokend.cpp | 7 +++++ src/tokend.h | 1 + src/tokendatabase.cpp | 4 +-- src/tokendatabase.h | 2 +- 21 files changed, 96 insertions(+), 68 deletions(-) diff --git a/securityd.xcode/project.pbxproj b/securityd.xcode/project.pbxproj index b041ec5..8c2be87 100644 --- a/securityd.xcode/project.pbxproj +++ b/securityd.xcode/project.pbxproj @@ -838,21 +838,21 @@ ); buildSettings = { BUILD_VARIANTS = "normal debug"; - CURRENT_PROJECT_VERSION = 25991; + CURRENT_PROJECT_VERSION = 26232; FRAMEWORK_SEARCH_PATHS = "/usr/local/SecurityPieces/Frameworks /usr/local/SecurityPieces/Components/securityd $(SYSTEM_LIBRARY_DIR)/PrivateFrameworks"; INSTALL_PATH = /usr/sbin; - OPT_CPPXFLAGS = "$(OPT_CXFLAGS) -fno-enforce-eh-specs -fno-implement-inlines -fcoalesce-templates"; + OPT_CPPXFLAGS = "$(OPT_CXFLAGS)"; OPT_CXFLAGS = "-DNDEBUG $(OPT_INLINEXFLAGS)"; - OPT_INLINEXFLAGS = " -finline-functions --param max-inline-insns-single=150 --param max-inline-insns-auto=150 --param max-inline-insns=300 --param min-inline-insns=90"; + OPT_INLINEXFLAGS = "-finline-functions"; OPT_LDXFLAGS = "-dead_strip"; OPT_LDXNOPIC = ",_nopic"; OTHER_ASFLAGS_debug = "$(OTHER_CFLAGS)"; OTHER_ASFLAGS_normal = "-DNDEBUG $(OTHER_CFLAGS)"; OTHER_ASFLAGS_profile = "-DNDEBUG $(OTHER_CFLAGS) -pg"; - OTHER_CFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline"; + OTHER_CFLAGS_debug = "$(OTHER_CFLAGS) -O1 -fno-inline"; OTHER_CFLAGS_normal = "$(OPT_CXFLAGS) $(OTHER_CFLAGS)"; OTHER_CFLAGS_profile = "$(OPT_CXFLAGS) $(OTHER_CFLAGS) -pg"; - OTHER_CPLUSPLUSFLAGS_debug = "$(OTHER_CPLUSPLUSFLAGS) -O0 -fno-inline"; + OTHER_CPLUSPLUSFLAGS_debug = "$(OTHER_CPLUSPLUSFLAGS) -O1 -fno-inline"; OTHER_CPLUSPLUSFLAGS_normal = "$(OPT_CPPXFLAGS) $(OTHER_CPLUSPLUSFLAGS)"; OTHER_CPLUSPLUSFLAGS_profile = "$(OPT_CPPXFLAGS) $(OTHER_CPLUSPLUSFLAGS) -pg"; OTHER_LDFLAGS = "-lbsm"; @@ -1380,8 +1380,8 @@ OPT_LDFLAGS = ""; OPT_LDXFLAGS = ""; OPT_LDXNOPIC = ""; - OTHER_CFLAGS_normal = "$(OTHER_CFLAGS) -O0 -fno-inline"; - OTHER_CPLUSPLUSFLAGS_normal = "$(OTHER_CPLUSPLUSFLAGS) -O0 -fno-inline"; + OTHER_CFLAGS_normal = "$(OTHER_CFLAGS) -O1 -fno-inline"; + OTHER_CPLUSPLUSFLAGS_normal = "$(OTHER_CPLUSPLUSFLAGS) -O1 -fno-inline"; }; isa = PBXBuildStyle; name = "normal with debug"; diff --git a/src/acls.cpp b/src/acls.cpp index f820d00..aa2524a 100644 --- a/src/acls.cpp +++ b/src/acls.cpp @@ -187,6 +187,9 @@ ObjectAcl *SecurityServerEnvironment::preAuthSource() // // The default AclSource denies having an ACL at all // +AclSource::~AclSource() +{ /* virtual */ } + SecurityServerAcl &AclSource::acl() { CssmError::throwMe(CSSM_ERRCODE_OBJECT_ACL_NOT_SUPPORTED); diff --git a/src/acls.h b/src/acls.h index 3a8453e..daa5ed0 100644 --- a/src/acls.h +++ b/src/acls.h @@ -118,6 +118,7 @@ public: class AclSource { protected: AclSource() { } + virtual ~AclSource(); public: virtual SecurityServerAcl &acl(); // defaults to "no ACL; throw exception" diff --git a/src/agentquery.cpp b/src/agentquery.cpp index 1876642..9878249 100644 --- a/src/agentquery.cpp +++ b/src/agentquery.cpp @@ -242,7 +242,7 @@ Reason QueryKeychainUse::queryUser (const char *database, const char *descriptio if (mPassphraseCheck) { - create("builtin", "confirm-access-password", NULL); + create("builtin", "confirm-access-password", noSecuritySession); CssmAutoData data(Allocator::standard(Allocator::sensitive)); @@ -280,7 +280,7 @@ Reason QueryKeychainUse::queryUser (const char *database, const char *descriptio } else { - create("builtin", "confirm-access", NULL); + create("builtin", "confirm-access", noSecuritySession); setInput(hints, context); invoke(); } @@ -322,7 +322,7 @@ bool QueryCodeCheck::operator () (const char *aclPath) hints.insert(AuthItemRef(AGENT_HINT_APPLICATION_PATH, AuthValueOverlay(strlen(aclPath), const_cast(aclPath)))); - create("builtin", "code-identity", NULL); + create("builtin", "code-identity", noSecuritySession); setInput(hints, context); status = invoke(); @@ -366,7 +366,7 @@ Reason QueryOld::query() hints.insert(mClientHints.begin(), mClientHints.end()); - create("builtin", "unlock-keychain", NULL); + create("builtin", "unlock-keychain", noSecuritySession); do { @@ -478,10 +478,10 @@ Reason QueryNewPassphrase::query() switch (initialReason) { case SecurityAgent::newDatabase: - create("builtin", "new-passphrase", NULL); + create("builtin", "new-passphrase", noSecuritySession); break; case SecurityAgent::changePassphrase: - create("builtin", "change-passphrase", NULL); + create("builtin", "change-passphrase", noSecuritySession); break; default: assert(false); @@ -597,11 +597,11 @@ Reason QueryGenericPassphrase::query(const char *prompt, bool verify, // CSSM_ATTRIBUTE_ALERT_TITLE (optional alert panel title) if (false == verify) { // import - create("builtin", "generic-unlock", NULL); + create("builtin", "generic-unlock", noSecuritySession); } else { // verify passphrase (export) // new-passphrase-generic works with the pre-4 June 2004 agent; // generic-new-passphrase is required for the new agent - create("builtin", "generic-new-passphrase", NULL); + create("builtin", "generic-new-passphrase", noSecuritySession); } AuthItem *passwordItem; @@ -652,7 +652,7 @@ Reason QueryDBBlobSecret::query(DatabaseCryptoCore &dbCore, const DbBlob *secret hints.insert(mClientHints.begin(), mClientHints.end()); - create("builtin", "generic-unlock-kcblob", NULL); + create("builtin", "generic-unlock-kcblob", noSecuritySession); AuthItem *secretItem; diff --git a/src/codesigdb.cpp b/src/codesigdb.cpp index d8094fa..4ff3d64 100644 --- a/src/codesigdb.cpp +++ b/src/codesigdb.cpp @@ -116,7 +116,8 @@ CodeSignatures::~CodeSignatures() void CodeSignatures::open(const char *path) { mDb.open(path, O_RDWR | O_CREAT, 0644); - mDb.flush(); + if (mDb) + mDb.flush(); IFDUMPING("equiv", debugDump("reopen")); } @@ -144,6 +145,8 @@ string CodeSignatures::Identity::canonicalName(const string &path) // bool CodeSignatures::find(Identity &id, uid_t user) { + if (!mDb) + return false; if (id.mState != Identity::untried) return id.mState == Identity::valid; try { @@ -171,6 +174,8 @@ bool CodeSignatures::find(Identity &id, uid_t user) void CodeSignatures::makeLink(Identity &id, const string &ident, bool forUser, uid_t user) { + if (!mDb) + UnixError::throwMe(ENOENT); DbKey key('H', id.getHash(mSigner), forUser, user); if (!mDb.put(key, StringData(ident))) UnixError::throwMe(); @@ -214,6 +219,8 @@ void CodeSignatures::addLink(const CssmData &oldHash, const CssmData &newHash, void CodeSignatures::removeLink(const CssmData &hash, const char *name, bool forSystem) { + if (!mDb) + UnixError::throwMe(ENOENT); AclIdentity code(hash, name); uid_t user = Server::process().uid(); if (forSystem && user) // only root user can remove forSystem links @@ -252,6 +259,12 @@ bool CodeSignatures::verify(Process &process, return false; } + // don't bother the user if the db is MIA + if (!mDb) { + secdebug("codesign", "database not open; cannot verify"); + return false; + } + // ah well. Establish mediator objects for database signature links AclIdentity aclIdentity(trustedSignature, comment ? comment->interpretedAs() : NULL); @@ -302,7 +315,7 @@ bool CodeSignatures::verify(Process &process, return false; } } - + // ask the user QueryCodeCheck query; query.inferHints(process); @@ -357,20 +370,24 @@ void CodeSignatures::debugDump(const char *how) const if (!how) how = "dump"; CssmData key, value; - if (!mDb.first(key, value)) { - dump("CODE EQUIVALENTS DATABASE IS EMPTY (%s)\n", how); + if (!mDb) { + dump("CODE EQUIVALENTS DATABASE IS NOT OPEN (%s)", how); } else { - dump("CODE EQUIVALENTS DATABASE DUMP (%s)\n", how); - do { - const char *header = key.interpretedAs(); - size_t headerLength = strlen(header) + 1; - dump("%s:", header); - dumpData(key.at(headerLength), key.length() - headerLength); - dump(" => "); - dumpData(value); - dump("\n"); - } while (mDb.next(key, value)); - dump("END DUMP\n"); + if (!mDb.first(key, value)) { + dump("CODE EQUIVALENTS DATABASE IS EMPTY (%s)\n", how); + } else { + dump("CODE EQUIVALENTS DATABASE DUMP (%s)\n", how); + do { + const char *header = key.interpretedAs(); + size_t headerLength = strlen(header) + 1; + dump("%s:", header); + dumpData(key.at(headerLength), key.length() - headerLength); + dump(" => "); + dumpData(value); + dump("\n"); + } while (mDb.next(key, value)); + dump("END DUMP\n"); + } } } diff --git a/src/dbcrypto.cpp b/src/dbcrypto.cpp index b850653..5054f85 100644 --- a/src/dbcrypto.cpp +++ b/src/dbcrypto.cpp @@ -238,7 +238,7 @@ DbBlob *DatabaseCryptoCore::encodeCore(const DbBlob &blobTemplate, // Throws exceptions if decoding fails. // Memory returned in privateAclBlob is allocated and becomes owned by caller. // -void DatabaseCryptoCore::decodeCore(DbBlob *blob, void **privateAclBlob) +void DatabaseCryptoCore::decodeCore(const DbBlob *blob, void **privateAclBlob) { assert(mHaveMaster); // must have master key installed @@ -247,8 +247,8 @@ void DatabaseCryptoCore::decodeCore(DbBlob *blob, void **privateAclBlob) decryptor.mode(CSSM_ALGMODE_CBCPadIV8); decryptor.padding(CSSM_PADDING_PKCS1); decryptor.key(mMasterKey); - CssmData ivd(blob->iv, sizeof(blob->iv)); decryptor.initVector(ivd); - CssmData cryptoBlob(blob->cryptoBlob(), blob->cryptoBlobLength()); + CssmData ivd = CssmData::wrap(blob->iv); decryptor.initVector(ivd); + CssmData cryptoBlob = CssmData::wrap(blob->cryptoBlob(), blob->cryptoBlobLength()); CssmData decryptedBlob, remData; decryptor.decrypt(cryptoBlob, decryptedBlob, remData); DbBlob::PrivateBlob *privateBlob = decryptedBlob.interpretedAs(); @@ -263,8 +263,8 @@ void DatabaseCryptoCore::decodeCore(DbBlob *blob, void **privateAclBlob) // verify signature on the whole blob CssmData signChunk[] = { - CssmData(blob->data(), fieldOffsetOf(&DbBlob::blobSignature)), - CssmData(blob->publicAclBlob(), blob->publicAclBlobLength() + blob->cryptoBlobLength()) + CssmData::wrap(blob->data(), fieldOffsetOf(&DbBlob::blobSignature)), + CssmData::wrap(blob->publicAclBlob(), blob->publicAclBlobLength() + blob->cryptoBlobLength()) }; CSSM_ALGORITHMS verifyAlgorithm = CSSM_ALGID_SHA1HMAC; #if defined(COMPAT_OSX_10_0) @@ -273,7 +273,7 @@ void DatabaseCryptoCore::decodeCore(DbBlob *blob, void **privateAclBlob) #endif VerifyMac verifier(Server::csp(), verifyAlgorithm); verifier.key(mSigningKey); - verifier.verify(signChunk, 2, CssmData(blob->blobSignature, sizeof(blob->blobSignature))); + verifier.verify(signChunk, 2, CssmData::wrap(blob->blobSignature)); // all checks out; start extracting fields if (privateAclBlob) { diff --git a/src/dbcrypto.h b/src/dbcrypto.h index 3067b70..16d42e3 100644 --- a/src/dbcrypto.h +++ b/src/dbcrypto.h @@ -55,7 +55,7 @@ public: void setup(const DbBlob *blob, const CssmData &passphrase); void setup(const DbBlob *blob, CssmClient::Key master); - void decodeCore(DbBlob *blob, void **privateAclBlob = NULL); + void decodeCore(const DbBlob *blob, void **privateAclBlob = NULL); DbBlob *encodeCore(const DbBlob &blobTemplate, const CssmData &publicAcl, const CssmData &privateAcl) const; void importSecrets(const DatabaseCryptoCore &src); diff --git a/src/flippers.h b/src/flippers.h index 6e437c0..a3cc1ab 100644 --- a/src/flippers.h +++ b/src/flippers.h @@ -56,8 +56,7 @@ inline void flip(T &obj) // It's a bad idea to try to flip a const, so flag that // template -inline void flip(const T &) -{ tryingToFlipAConstWontWork(); } +inline void flip(const T &); // diff --git a/src/kcdatabase.cpp b/src/kcdatabase.cpp index 8f723c5..32160b5 100644 --- a/src/kcdatabase.cpp +++ b/src/kcdatabase.cpp @@ -878,10 +878,10 @@ void KeychainDatabase::validateBlob(const DbBlob *blob) blob->validate(CSSMERR_APPLEDL_INVALID_DATABASE_BLOB); switch (blob->version()) { #if defined(COMPAT_OSX_10_0) - case blob->version_MacOS_10_0: + case DbBlob::version_MacOS_10_0: break; #endif - case blob->version_MacOS_10_1: + case DbBlob::version_MacOS_10_1: break; default: CssmError::throwMe(CSSMERR_APPLEDL_INCOMPATIBLE_DATABASE_BLOB); diff --git a/src/kckey.cpp b/src/kckey.cpp index 780f8cc..3a5e8bd 100644 --- a/src/kckey.cpp +++ b/src/kckey.cpp @@ -43,10 +43,10 @@ KeychainKey::KeychainKey(Database &db, const KeyBlob *blob) blob->validate(CSSMERR_APPLEDL_INVALID_KEY_BLOB); switch (blob->version()) { #if defined(COMPAT_OSX_10_0) - case blob->version_MacOS_10_0: + case KeyBlob::version_MacOS_10_0: break; #endif - case blob->version_MacOS_10_1: + case KeyBlob::version_MacOS_10_1: break; default: CssmError::throwMe(CSSMERR_APPLEDL_INCOMPATIBLE_KEY_BLOB); diff --git a/src/main.cpp b/src/main.cpp index 2208882..5b47f5e 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -64,7 +64,6 @@ #include #include "acl_keychain.h" - // // Local functions of the main program driver // @@ -261,7 +260,7 @@ int main(int argc, char *argv[]) // install MDS and initialize the local CSSM server.loadCssm(); - + // okay, we're ready to roll Syslog::notice("Entering service"); secdebug("SS", "%s initialized", bootstrapName); diff --git a/src/notifications.cpp b/src/notifications.cpp index 0ac6a36..ebee947 100644 --- a/src/notifications.cpp +++ b/src/notifications.cpp @@ -29,7 +29,6 @@ #include "server.h" #include - Listener::ListenerMap Listener::listeners; Mutex Listener::setLock; @@ -116,7 +115,7 @@ void ProcessListener::notifyMe(NotificationDomain domain, { secdebug("notify", "%p sending domain %ld event 0x%lx to port %d process %d", this, domain, event, mPort.port(), process.pid()); - + // send mach message (via MIG simpleroutine) if (IFDEBUG(kern_return_t rc =) ucsp_notify_sender_notify(mPort, domain, event, data.data(), data.length(), diff --git a/src/server.h b/src/server.h index 80c0992..011a649 100644 --- a/src/server.h +++ b/src/server.h @@ -114,11 +114,11 @@ public: static AclSource &aclBearer(AclKind kind, CSSM_HANDLE handle); // Generic version of handle lookup - template - static RefPointer find(CSSM_HANDLE handle, CSSM_RETURN notFoundError) + template + static RefPointer find(CSSM_HANDLE handle, CSSM_RETURN notFoundError) { - RefPointer object = - HandleObject::findRef(handle, notFoundError); + RefPointer object = + HandleObject::findRef(handle, notFoundError); if (object->process() != Server::process()) CssmError::throwMe(notFoundError); return object; diff --git a/src/session.cpp b/src/session.cpp index 6bd0abf..7cabc91 100644 --- a/src/session.cpp +++ b/src/session.cpp @@ -485,6 +485,7 @@ OSStatus Session::authorizationdbRemove(const AuthorizationBlob &authBlob, Autho void Session::mergeCredentials(CredentialSet &creds) { secdebug("SSsession", "%p merge creds @%p", this, &creds); + CredentialSet updatedCredentials = creds; for (CredentialSet::const_iterator it = creds.begin(); it != creds.end(); it++) if (((*it)->isShared() && (*it)->isValid())) { CredentialSet::iterator old = mSessionCreds.find(*it); @@ -493,10 +494,11 @@ void Session::mergeCredentials(CredentialSet &creds) } else { // replace "new" with "old" in input set to retain synchronization (*old)->merge(**it); - creds.erase(it); - creds.insert(*old); + updatedCredentials.erase(*it); + updatedCredentials.insert(*old); } } + creds.swap(updatedCredentials); } diff --git a/src/session.h b/src/session.h index b252964..7799cc4 100644 --- a/src/session.h +++ b/src/session.h @@ -139,7 +139,7 @@ protected: void kill(); -private: +protected: static PortMap mSessions; }; diff --git a/src/structure.h b/src/structure.h index 2be7527..66f0d92 100644 --- a/src/structure.h +++ b/src/structure.h @@ -222,24 +222,24 @@ template class PortMap : public Mutex, public std::map > { typedef std::map > _Map; public: - bool contains(mach_port_t port) const { return find(port) != end(); } + bool contains(mach_port_t port) const { return this->find(port) != this->end(); } Node *getOpt(mach_port_t port) const { - typename _Map::const_iterator it = find(port); - return (it == end()) ? NULL : it->second; + typename _Map::const_iterator it = this->find(port); + return (it == this->end()) ? NULL : it->second; } Node *get(mach_port_t port) const { - typename _Map::const_iterator it = find(port); - assert(it != end()); + typename _Map::const_iterator it = this->find(port); + assert(it != this->end()); return it->second; } Node *get(mach_port_t port, OSStatus error) const { - typename _Map::const_iterator it = find(port); - if (it == end()) + typename _Map::const_iterator it = this->find(port); + if (it == this->end()) MacOSError::throwMe(error); return it->second; } @@ -250,7 +250,7 @@ public: template void PortMap::dump() { - for (typename _Map::const_iterator it = begin(); it != end(); it++) + for (typename _Map::const_iterator it = this->begin(); it != this->end(); it++) it->second->dump(); } diff --git a/src/token.cpp b/src/token.cpp index faf7172..1447bcf 100644 --- a/src/token.cpp +++ b/src/token.cpp @@ -149,8 +149,8 @@ void Token::resetAcls() mResetLevel++; secdebug("token", "%p reset (level=%d, propagating to %ld common(s)", this, mResetLevel, mCommons.size()); - for (CommonSet::const_iterator it = mCommons.begin(); it != mCommons.end(); it++) - RefPointer(*it)->resetAcls(); + for (CommonSet::const_iterator it = mCommons.begin(); it != mCommons.end(); ) + RefPointer(*it++)->resetAcls(); } void Token::addCommon(TokenDbCommon &dbc) diff --git a/src/tokend.cpp b/src/tokend.cpp index 1707618..350752f 100644 --- a/src/tokend.cpp +++ b/src/tokend.cpp @@ -177,6 +177,13 @@ bool TokenDaemon::probe() } +// +// FaultRelay +// +FaultRelay::~FaultRelay() +{ /* virtual */ } + + // // Debug dump support // diff --git a/src/tokend.h b/src/tokend.h index 6e407ab..e4b808a 100644 --- a/src/tokend.h +++ b/src/tokend.h @@ -41,6 +41,7 @@ // class FaultRelay { public: + virtual ~FaultRelay(); virtual void relayFault(bool async) = 0; }; diff --git a/src/tokendatabase.cpp b/src/tokendatabase.cpp index fcbee16..f53f401 100644 --- a/src/tokendatabase.cpp +++ b/src/tokendatabase.cpp @@ -48,9 +48,9 @@ Token &TokenDbCommon::token() const return parent(); } -string TokenDbCommon::dbName() const +const std::string &TokenDbCommon::dbName() const { - return token().printName().c_str(); + return token().printName(); } diff --git a/src/tokendatabase.h b/src/tokendatabase.h index fa177a9..60361c3 100644 --- a/src/tokendatabase.h +++ b/src/tokendatabase.h @@ -59,7 +59,7 @@ public: Token &token() const; uint32 subservice() const { return token().subservice(); } - std::string dbName() const; + const std::string &dbName() const; Adornable &store(); void resetAcls(); -- 2.45.2