From c0dc80181d9d06a47eb9526126db433fbd78a72f Mon Sep 17 00:00:00 2001 From: Apple Date: Thu, 21 Dec 2006 01:26:03 +0000 Subject: [PATCH] securityd-30544.tar.gz --- etc/CodeEquivalenceCandidates | 1 - securityd.xcode/project.pbxproj | 14 +++--- src/acls.cpp | 3 -- src/acls.h | 1 - src/agentquery.cpp | 18 ++++---- src/codesigdb.cpp | 47 +++++++------------- src/dbcrypto.cpp | 12 ++--- src/dbcrypto.h | 2 +- src/flippers.cpp | 44 +++---------------- src/flippers.h | 5 +-- src/generate.cf | 4 +- src/kcdatabase.cpp | 4 +- src/kckey.cpp | 4 +- src/main.cpp | 3 +- src/notifications.cpp | 3 +- src/server.h | 8 ++-- src/session.cpp | 4 +- src/session.h | 2 +- src/structure.h | 16 +++---- src/token.cpp | 55 ++++++++++++++--------- src/tokend.cpp | 7 --- src/tokend.h | 1 - src/tokendatabase.cpp | 10 ++++- src/tokendatabase.h | 5 ++- src/transition.cpp | 19 ++------ src/transwalkers.cpp | 77 --------------------------------- src/transwalkers.h | 21 +-------- 27 files changed, 120 insertions(+), 270 deletions(-) diff --git a/etc/CodeEquivalenceCandidates b/etc/CodeEquivalenceCandidates index 5404062..01914b6 100644 --- a/etc/CodeEquivalenceCandidates +++ b/etc/CodeEquivalenceCandidates @@ -58,7 +58,6 @@ /usr/bin/crlrefresh /usr/bin/security /usr/bin/smbutil -/usr/libexec/airportd /usr/local/bin/cmsutil /usr/sbin/configd /usr/sbin/pppd diff --git a/securityd.xcode/project.pbxproj b/securityd.xcode/project.pbxproj index 00bde5d..5461806 100644 --- a/securityd.xcode/project.pbxproj +++ b/securityd.xcode/project.pbxproj @@ -836,21 +836,21 @@ ); buildSettings = { BUILD_VARIANTS = "normal debug"; - CURRENT_PROJECT_VERSION = 29035; + CURRENT_PROJECT_VERSION = 30544; FRAMEWORK_SEARCH_PATHS = "/usr/local/SecurityPieces/Frameworks /usr/local/SecurityPieces/Components/securityd $(SYSTEM_LIBRARY_DIR)/PrivateFrameworks"; INSTALL_PATH = /usr/sbin; - OPT_CPPXFLAGS = "$(OPT_CXFLAGS)"; + OPT_CPPXFLAGS = "$(OPT_CXFLAGS) -fno-enforce-eh-specs -fno-implement-inlines -fcoalesce-templates"; OPT_CXFLAGS = "-DNDEBUG $(OPT_INLINEXFLAGS)"; - OPT_INLINEXFLAGS = "-finline-functions"; + OPT_INLINEXFLAGS = " -finline-functions --param max-inline-insns-single=150 --param max-inline-insns-auto=150 --param max-inline-insns=300 --param min-inline-insns=90"; OPT_LDXFLAGS = "-dead_strip"; OPT_LDXNOPIC = ",_nopic"; OTHER_ASFLAGS_debug = "$(OTHER_CFLAGS)"; OTHER_ASFLAGS_normal = "-DNDEBUG $(OTHER_CFLAGS)"; OTHER_ASFLAGS_profile = "-DNDEBUG $(OTHER_CFLAGS) -pg"; - OTHER_CFLAGS_debug = "$(OTHER_CFLAGS) -O1 -fno-inline"; + OTHER_CFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline"; OTHER_CFLAGS_normal = "$(OPT_CXFLAGS) $(OTHER_CFLAGS)"; OTHER_CFLAGS_profile = "$(OPT_CXFLAGS) $(OTHER_CFLAGS) -pg"; - OTHER_CPLUSPLUSFLAGS_debug = "$(OTHER_CPLUSPLUSFLAGS) -O1 -fno-inline"; + OTHER_CPLUSPLUSFLAGS_debug = "$(OTHER_CPLUSPLUSFLAGS) -O0 -fno-inline"; OTHER_CPLUSPLUSFLAGS_normal = "$(OPT_CPPXFLAGS) $(OTHER_CPLUSPLUSFLAGS)"; OTHER_CPLUSPLUSFLAGS_profile = "$(OPT_CPPXFLAGS) $(OTHER_CPLUSPLUSFLAGS) -pg"; OTHER_LDFLAGS = "-lbsm"; @@ -1378,8 +1378,8 @@ OPT_LDFLAGS = ""; OPT_LDXFLAGS = ""; OPT_LDXNOPIC = ""; - OTHER_CFLAGS_normal = "$(OTHER_CFLAGS) -O1 -fno-inline"; - OTHER_CPLUSPLUSFLAGS_normal = "$(OTHER_CPLUSPLUSFLAGS) -O1 -fno-inline"; + OTHER_CFLAGS_normal = "$(OTHER_CFLAGS) -O0 -fno-inline"; + OTHER_CPLUSPLUSFLAGS_normal = "$(OTHER_CPLUSPLUSFLAGS) -O0 -fno-inline"; }; isa = PBXBuildStyle; name = "normal with debug"; diff --git a/src/acls.cpp b/src/acls.cpp index aa2524a..f820d00 100644 --- a/src/acls.cpp +++ b/src/acls.cpp @@ -187,9 +187,6 @@ ObjectAcl *SecurityServerEnvironment::preAuthSource() // // The default AclSource denies having an ACL at all // -AclSource::~AclSource() -{ /* virtual */ } - SecurityServerAcl &AclSource::acl() { CssmError::throwMe(CSSM_ERRCODE_OBJECT_ACL_NOT_SUPPORTED); diff --git a/src/acls.h b/src/acls.h index ed8338b..0aad47f 100644 --- a/src/acls.h +++ b/src/acls.h @@ -118,7 +118,6 @@ public: class AclSource { protected: AclSource() { } - virtual ~AclSource(); public: virtual SecurityServerAcl &acl(); // defaults to "no ACL; throw exception" diff --git a/src/agentquery.cpp b/src/agentquery.cpp index 9878249..1876642 100644 --- a/src/agentquery.cpp +++ b/src/agentquery.cpp @@ -242,7 +242,7 @@ Reason QueryKeychainUse::queryUser (const char *database, const char *descriptio if (mPassphraseCheck) { - create("builtin", "confirm-access-password", noSecuritySession); + create("builtin", "confirm-access-password", NULL); CssmAutoData data(Allocator::standard(Allocator::sensitive)); @@ -280,7 +280,7 @@ Reason QueryKeychainUse::queryUser (const char *database, const char *descriptio } else { - create("builtin", "confirm-access", noSecuritySession); + create("builtin", "confirm-access", NULL); setInput(hints, context); invoke(); } @@ -322,7 +322,7 @@ bool QueryCodeCheck::operator () (const char *aclPath) hints.insert(AuthItemRef(AGENT_HINT_APPLICATION_PATH, AuthValueOverlay(strlen(aclPath), const_cast(aclPath)))); - create("builtin", "code-identity", noSecuritySession); + create("builtin", "code-identity", NULL); setInput(hints, context); status = invoke(); @@ -366,7 +366,7 @@ Reason QueryOld::query() hints.insert(mClientHints.begin(), mClientHints.end()); - create("builtin", "unlock-keychain", noSecuritySession); + create("builtin", "unlock-keychain", NULL); do { @@ -478,10 +478,10 @@ Reason QueryNewPassphrase::query() switch (initialReason) { case SecurityAgent::newDatabase: - create("builtin", "new-passphrase", noSecuritySession); + create("builtin", "new-passphrase", NULL); break; case SecurityAgent::changePassphrase: - create("builtin", "change-passphrase", noSecuritySession); + create("builtin", "change-passphrase", NULL); break; default: assert(false); @@ -597,11 +597,11 @@ Reason QueryGenericPassphrase::query(const char *prompt, bool verify, // CSSM_ATTRIBUTE_ALERT_TITLE (optional alert panel title) if (false == verify) { // import - create("builtin", "generic-unlock", noSecuritySession); + create("builtin", "generic-unlock", NULL); } else { // verify passphrase (export) // new-passphrase-generic works with the pre-4 June 2004 agent; // generic-new-passphrase is required for the new agent - create("builtin", "generic-new-passphrase", noSecuritySession); + create("builtin", "generic-new-passphrase", NULL); } AuthItem *passwordItem; @@ -652,7 +652,7 @@ Reason QueryDBBlobSecret::query(DatabaseCryptoCore &dbCore, const DbBlob *secret hints.insert(mClientHints.begin(), mClientHints.end()); - create("builtin", "generic-unlock-kcblob", noSecuritySession); + create("builtin", "generic-unlock-kcblob", NULL); AuthItem *secretItem; diff --git a/src/codesigdb.cpp b/src/codesigdb.cpp index 4ff3d64..d8094fa 100644 --- a/src/codesigdb.cpp +++ b/src/codesigdb.cpp @@ -116,8 +116,7 @@ CodeSignatures::~CodeSignatures() void CodeSignatures::open(const char *path) { mDb.open(path, O_RDWR | O_CREAT, 0644); - if (mDb) - mDb.flush(); + mDb.flush(); IFDUMPING("equiv", debugDump("reopen")); } @@ -145,8 +144,6 @@ string CodeSignatures::Identity::canonicalName(const string &path) // bool CodeSignatures::find(Identity &id, uid_t user) { - if (!mDb) - return false; if (id.mState != Identity::untried) return id.mState == Identity::valid; try { @@ -174,8 +171,6 @@ bool CodeSignatures::find(Identity &id, uid_t user) void CodeSignatures::makeLink(Identity &id, const string &ident, bool forUser, uid_t user) { - if (!mDb) - UnixError::throwMe(ENOENT); DbKey key('H', id.getHash(mSigner), forUser, user); if (!mDb.put(key, StringData(ident))) UnixError::throwMe(); @@ -219,8 +214,6 @@ void CodeSignatures::addLink(const CssmData &oldHash, const CssmData &newHash, void CodeSignatures::removeLink(const CssmData &hash, const char *name, bool forSystem) { - if (!mDb) - UnixError::throwMe(ENOENT); AclIdentity code(hash, name); uid_t user = Server::process().uid(); if (forSystem && user) // only root user can remove forSystem links @@ -259,12 +252,6 @@ bool CodeSignatures::verify(Process &process, return false; } - // don't bother the user if the db is MIA - if (!mDb) { - secdebug("codesign", "database not open; cannot verify"); - return false; - } - // ah well. Establish mediator objects for database signature links AclIdentity aclIdentity(trustedSignature, comment ? comment->interpretedAs() : NULL); @@ -315,7 +302,7 @@ bool CodeSignatures::verify(Process &process, return false; } } - + // ask the user QueryCodeCheck query; query.inferHints(process); @@ -370,24 +357,20 @@ void CodeSignatures::debugDump(const char *how) const if (!how) how = "dump"; CssmData key, value; - if (!mDb) { - dump("CODE EQUIVALENTS DATABASE IS NOT OPEN (%s)", how); + if (!mDb.first(key, value)) { + dump("CODE EQUIVALENTS DATABASE IS EMPTY (%s)\n", how); } else { - if (!mDb.first(key, value)) { - dump("CODE EQUIVALENTS DATABASE IS EMPTY (%s)\n", how); - } else { - dump("CODE EQUIVALENTS DATABASE DUMP (%s)\n", how); - do { - const char *header = key.interpretedAs(); - size_t headerLength = strlen(header) + 1; - dump("%s:", header); - dumpData(key.at(headerLength), key.length() - headerLength); - dump(" => "); - dumpData(value); - dump("\n"); - } while (mDb.next(key, value)); - dump("END DUMP\n"); - } + dump("CODE EQUIVALENTS DATABASE DUMP (%s)\n", how); + do { + const char *header = key.interpretedAs(); + size_t headerLength = strlen(header) + 1; + dump("%s:", header); + dumpData(key.at(headerLength), key.length() - headerLength); + dump(" => "); + dumpData(value); + dump("\n"); + } while (mDb.next(key, value)); + dump("END DUMP\n"); } } diff --git a/src/dbcrypto.cpp b/src/dbcrypto.cpp index 5054f85..b850653 100644 --- a/src/dbcrypto.cpp +++ b/src/dbcrypto.cpp @@ -238,7 +238,7 @@ DbBlob *DatabaseCryptoCore::encodeCore(const DbBlob &blobTemplate, // Throws exceptions if decoding fails. // Memory returned in privateAclBlob is allocated and becomes owned by caller. // -void DatabaseCryptoCore::decodeCore(const DbBlob *blob, void **privateAclBlob) +void DatabaseCryptoCore::decodeCore(DbBlob *blob, void **privateAclBlob) { assert(mHaveMaster); // must have master key installed @@ -247,8 +247,8 @@ void DatabaseCryptoCore::decodeCore(const DbBlob *blob, void **privateAclBlob) decryptor.mode(CSSM_ALGMODE_CBCPadIV8); decryptor.padding(CSSM_PADDING_PKCS1); decryptor.key(mMasterKey); - CssmData ivd = CssmData::wrap(blob->iv); decryptor.initVector(ivd); - CssmData cryptoBlob = CssmData::wrap(blob->cryptoBlob(), blob->cryptoBlobLength()); + CssmData ivd(blob->iv, sizeof(blob->iv)); decryptor.initVector(ivd); + CssmData cryptoBlob(blob->cryptoBlob(), blob->cryptoBlobLength()); CssmData decryptedBlob, remData; decryptor.decrypt(cryptoBlob, decryptedBlob, remData); DbBlob::PrivateBlob *privateBlob = decryptedBlob.interpretedAs(); @@ -263,8 +263,8 @@ void DatabaseCryptoCore::decodeCore(const DbBlob *blob, void **privateAclBlob) // verify signature on the whole blob CssmData signChunk[] = { - CssmData::wrap(blob->data(), fieldOffsetOf(&DbBlob::blobSignature)), - CssmData::wrap(blob->publicAclBlob(), blob->publicAclBlobLength() + blob->cryptoBlobLength()) + CssmData(blob->data(), fieldOffsetOf(&DbBlob::blobSignature)), + CssmData(blob->publicAclBlob(), blob->publicAclBlobLength() + blob->cryptoBlobLength()) }; CSSM_ALGORITHMS verifyAlgorithm = CSSM_ALGID_SHA1HMAC; #if defined(COMPAT_OSX_10_0) @@ -273,7 +273,7 @@ void DatabaseCryptoCore::decodeCore(const DbBlob *blob, void **privateAclBlob) #endif VerifyMac verifier(Server::csp(), verifyAlgorithm); verifier.key(mSigningKey); - verifier.verify(signChunk, 2, CssmData::wrap(blob->blobSignature)); + verifier.verify(signChunk, 2, CssmData(blob->blobSignature, sizeof(blob->blobSignature))); // all checks out; start extracting fields if (privateAclBlob) { diff --git a/src/dbcrypto.h b/src/dbcrypto.h index 16d42e3..3067b70 100644 --- a/src/dbcrypto.h +++ b/src/dbcrypto.h @@ -55,7 +55,7 @@ public: void setup(const DbBlob *blob, const CssmData &passphrase); void setup(const DbBlob *blob, CssmClient::Key master); - void decodeCore(const DbBlob *blob, void **privateAclBlob = NULL); + void decodeCore(DbBlob *blob, void **privateAclBlob = NULL); DbBlob *encodeCore(const DbBlob &blobTemplate, const CssmData &publicAcl, const CssmData &privateAcl) const; void importSecrets(const DatabaseCryptoCore &src); diff --git a/src/flippers.cpp b/src/flippers.cpp index 4f8fa31..6f67415 100644 --- a/src/flippers.cpp +++ b/src/flippers.cpp @@ -33,6 +33,13 @@ using namespace LowLevelMemoryUtilities; namespace Flippers { + +// +// Automatically generated flippers +// +#include "flip_gen.cpp" + + // // The raw byte reversal flipper // @@ -75,41 +82,4 @@ void flip(CSSM_CONTEXT_ATTRIBUTE &obj) } -// -// Flip a CSSM_DB_ATTRIBUTE_INFO, also very polymorphic -// -void flip(CSSM_DB_ATTRIBUTE_INFO &obj) -{ - bool flippedAttributeNameFormat = false; - // check and see if obj is in host byte order. If not, flip it now - if (obj.AttributeNameFormat > CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER) - { - flip(obj.AttributeNameFormat); - flippedAttributeNameFormat = true; - } - - switch (obj.AttributeNameFormat) - { - case CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER: - { - flip(obj.Label.AttributeID); - } - break; - } - - flip (obj.AttributeFormat); - - if (!flippedAttributeNameFormat) - { - flip(obj.AttributeNameFormat); - } - -} - -// -// Automatically generated flippers -// -#include "flip_gen.cpp" - - } // end namespace Flippers diff --git a/src/flippers.h b/src/flippers.h index 9d2fb8c..6e437c0 100644 --- a/src/flippers.h +++ b/src/flippers.h @@ -56,7 +56,8 @@ inline void flip(T &obj) // It's a bad idea to try to flip a const, so flag that // template -inline void flip(const T &); +inline void flip(const T &) +{ tryingToFlipAConstWontWork(); } // @@ -76,8 +77,6 @@ inline void flip(Base * &obj) { flip(&obj, sizeof(obj)); } // void flip(void *addr, size_t size); -void flip(CSSM_DB_ATTRIBUTE_INFO &obj); -inline void flip(CssmDbAttributeInfo &obj) { flip(static_cast(obj)); } // // Include automatically generated flipper declarations diff --git a/src/generate.cf b/src/generate.cf index fa387c5..8557c3e 100644 --- a/src/generate.cf +++ b/src/generate.cf @@ -33,9 +33,7 @@ CSSM_RANGE * CSSM_KEY_SIZE/CssmKeySize * CSSM_KEYHEADER/CssmKey::Header * CSSM_KEY/CssmKey KeyHeader -CSSM_QUERY/CssmQuery RecordType Conjunctive NumSelectionPredicates QueryLimits QueryFlags -CSSM_DB_ATTRIBUTE_DATA/CssmDbAttributeData NumberOfValues -CSSM_DB_RECORD_ATTRIBUTE_DATA/CssmDbRecordAttributeData DataRecordType SemanticInformation NumberOfAttributes + # # Authorization structures diff --git a/src/kcdatabase.cpp b/src/kcdatabase.cpp index 32160b5..8f723c5 100644 --- a/src/kcdatabase.cpp +++ b/src/kcdatabase.cpp @@ -878,10 +878,10 @@ void KeychainDatabase::validateBlob(const DbBlob *blob) blob->validate(CSSMERR_APPLEDL_INVALID_DATABASE_BLOB); switch (blob->version()) { #if defined(COMPAT_OSX_10_0) - case DbBlob::version_MacOS_10_0: + case blob->version_MacOS_10_0: break; #endif - case DbBlob::version_MacOS_10_1: + case blob->version_MacOS_10_1: break; default: CssmError::throwMe(CSSMERR_APPLEDL_INCOMPATIBLE_DATABASE_BLOB); diff --git a/src/kckey.cpp b/src/kckey.cpp index f6ed602..c5c825e 100644 --- a/src/kckey.cpp +++ b/src/kckey.cpp @@ -43,10 +43,10 @@ KeychainKey::KeychainKey(Database &db, const KeyBlob *blob) blob->validate(CSSMERR_APPLEDL_INVALID_KEY_BLOB); switch (blob->version()) { #if defined(COMPAT_OSX_10_0) - case KeyBlob::version_MacOS_10_0: + case blob->version_MacOS_10_0: break; #endif - case KeyBlob::version_MacOS_10_1: + case blob->version_MacOS_10_1: break; default: CssmError::throwMe(CSSMERR_APPLEDL_INCOMPATIBLE_KEY_BLOB); diff --git a/src/main.cpp b/src/main.cpp index 5b47f5e..2208882 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -64,6 +64,7 @@ #include #include "acl_keychain.h" + // // Local functions of the main program driver // @@ -260,7 +261,7 @@ int main(int argc, char *argv[]) // install MDS and initialize the local CSSM server.loadCssm(); - + // okay, we're ready to roll Syslog::notice("Entering service"); secdebug("SS", "%s initialized", bootstrapName); diff --git a/src/notifications.cpp b/src/notifications.cpp index ebee947..0ac6a36 100644 --- a/src/notifications.cpp +++ b/src/notifications.cpp @@ -29,6 +29,7 @@ #include "server.h" #include + Listener::ListenerMap Listener::listeners; Mutex Listener::setLock; @@ -115,7 +116,7 @@ void ProcessListener::notifyMe(NotificationDomain domain, { secdebug("notify", "%p sending domain %ld event 0x%lx to port %d process %d", this, domain, event, mPort.port(), process.pid()); - + // send mach message (via MIG simpleroutine) if (IFDEBUG(kern_return_t rc =) ucsp_notify_sender_notify(mPort, domain, event, data.data(), data.length(), diff --git a/src/server.h b/src/server.h index 011a649..80c0992 100644 --- a/src/server.h +++ b/src/server.h @@ -114,11 +114,11 @@ public: static AclSource &aclBearer(AclKind kind, CSSM_HANDLE handle); // Generic version of handle lookup - template - static RefPointer find(CSSM_HANDLE handle, CSSM_RETURN notFoundError) + template + static RefPointer find(CSSM_HANDLE handle, CSSM_RETURN notFoundError) { - RefPointer object = - HandleObject::findRef(handle, notFoundError); + RefPointer object = + HandleObject::findRef(handle, notFoundError); if (object->process() != Server::process()) CssmError::throwMe(notFoundError); return object; diff --git a/src/session.cpp b/src/session.cpp index 7cabc91..9f4854f 100644 --- a/src/session.cpp +++ b/src/session.cpp @@ -485,7 +485,7 @@ OSStatus Session::authorizationdbRemove(const AuthorizationBlob &authBlob, Autho void Session::mergeCredentials(CredentialSet &creds) { secdebug("SSsession", "%p merge creds @%p", this, &creds); - CredentialSet updatedCredentials = creds; + CredentialSet updatedCredentials = creds; for (CredentialSet::const_iterator it = creds.begin(); it != creds.end(); it++) if (((*it)->isShared() && (*it)->isValid())) { CredentialSet::iterator old = mSessionCreds.find(*it); @@ -498,7 +498,7 @@ void Session::mergeCredentials(CredentialSet &creds) updatedCredentials.insert(*old); } } - creds.swap(updatedCredentials); + creds.swap(updatedCredentials); } diff --git a/src/session.h b/src/session.h index 7799cc4..b252964 100644 --- a/src/session.h +++ b/src/session.h @@ -139,7 +139,7 @@ protected: void kill(); -protected: +private: static PortMap mSessions; }; diff --git a/src/structure.h b/src/structure.h index 66f0d92..2be7527 100644 --- a/src/structure.h +++ b/src/structure.h @@ -222,24 +222,24 @@ template class PortMap : public Mutex, public std::map > { typedef std::map > _Map; public: - bool contains(mach_port_t port) const { return this->find(port) != this->end(); } + bool contains(mach_port_t port) const { return find(port) != end(); } Node *getOpt(mach_port_t port) const { - typename _Map::const_iterator it = this->find(port); - return (it == this->end()) ? NULL : it->second; + typename _Map::const_iterator it = find(port); + return (it == end()) ? NULL : it->second; } Node *get(mach_port_t port) const { - typename _Map::const_iterator it = this->find(port); - assert(it != this->end()); + typename _Map::const_iterator it = find(port); + assert(it != end()); return it->second; } Node *get(mach_port_t port, OSStatus error) const { - typename _Map::const_iterator it = this->find(port); - if (it == this->end()) + typename _Map::const_iterator it = find(port); + if (it == end()) MacOSError::throwMe(error); return it->second; } @@ -250,7 +250,7 @@ public: template void PortMap::dump() { - for (typename _Map::const_iterator it = this->begin(); it != this->end(); it++) + for (typename _Map::const_iterator it = begin(); it != end(); it++) it->second->dump(); } diff --git a/src/token.cpp b/src/token.cpp index 17e405d..34944c3 100644 --- a/src/token.cpp +++ b/src/token.cpp @@ -145,23 +145,30 @@ Token::ResetGeneration Token::resetGeneration() const void Token::resetAcls() { - StLock _(*this); - mResetLevel++; - secdebug("token", "%p reset (level=%d, propagating to %ld common(s)", - this, mResetLevel, mCommons.size()); - for (CommonSet::const_iterator it = mCommons.begin(); it != mCommons.end(); ) - RefPointer(*it++)->resetAcls(); + CommonSet tmpCommons; + { + StLock _(*this); + mResetLevel++; + secdebug("token", "%p reset (level=%d, propagating to %ld common(s)", + this, mResetLevel, mCommons.size()); + // Make a copy to avoid deadlock with TokenDbCommon lock + tmpCommons = mCommons; + } + for (CommonSet::const_iterator it = tmpCommons.begin(); it != tmpCommons.end(); it++) + RefPointer(*it)->resetAcls(); } void Token::addCommon(TokenDbCommon &dbc) { + secdebug("token", "%p addCommon TokenDbCommon %p", this, &dbc); mCommons.insert(&dbc); } void Token::removeCommon(TokenDbCommon &dbc) { - assert(mCommons.find(&dbc) != mCommons.end()); - mCommons.erase(&dbc); + secdebug("token", "%p removeCommon TokenDbCommon %p", this, &dbc); + if (mCommons.find(&dbc) != mCommons.end()) + mCommons.erase(&dbc); } @@ -307,9 +314,11 @@ void Token::remove() this, &reader(), reader().name().c_str()); if (mTokend) mTokend->faultRelay(NULL); // unregister (no more faults, please) - notify(kNotificationCDSARemoval); mds().uninstall(mGuid.toString().c_str(), mSubservice); + secdebug("token", "%p mds uninstall complete", this); this->kill(); + secdebug("token", "%p kill complete", this); + notify(kNotificationCDSARemoval); secdebug("token", "%p removal complete", this); } @@ -357,18 +366,22 @@ void Token::relayFault(bool async) // void Token::kill() { - StLock _(*this); - if (mTokend) + // Avoid holding the lock across call to resetAcls + // This can cause deadlock on card removal { - mTokend = NULL; // cast loose our tokend (if any) - // Take us out of the map - StLock _(mSSIDLock); - SSIDMap::iterator it = mSubservices.find(mSubservice); - assert(it != mSubservices.end() && it->second == this); - if (it != mSubservices.end() && it->second == this) - mSubservices.erase(it); + StLock _(*this); + if (mTokend) + { + mTokend = NULL; // cast loose our tokend (if any) + // Take us out of the map + StLock _(mSSIDLock); + SSIDMap::iterator it = mSubservices.find(mSubservice); + assert(it != mSubservices.end() && it->second == this); + if (it != mSubservices.end() && it->second == this) + mSubservices.erase(it); + } } - + resetAcls(); // release our TokenDbCommons PerGlobal::kill(); // generic action @@ -382,8 +395,8 @@ void Token::kill() void Token::notify(NotificationEvent event) { NameValueDictionary nvd; - CssmSubserviceUid ssuid(mGuid, NULL, h2n (mSubservice), - h2n(CSSM_SERVICE_DL | CSSM_SERVICE_CSP)); + CssmSubserviceUid ssuid(mGuid, NULL, mSubservice, + CSSM_SERVICE_DL | CSSM_SERVICE_CSP); nvd.Insert(new NameValuePair(SSUID_KEY, CssmData::wrap(ssuid))); CssmData data; nvd.Export(data); diff --git a/src/tokend.cpp b/src/tokend.cpp index 350752f..1707618 100644 --- a/src/tokend.cpp +++ b/src/tokend.cpp @@ -177,13 +177,6 @@ bool TokenDaemon::probe() } -// -// FaultRelay -// -FaultRelay::~FaultRelay() -{ /* virtual */ } - - // // Debug dump support // diff --git a/src/tokend.h b/src/tokend.h index e4b808a..6e407ab 100644 --- a/src/tokend.h +++ b/src/tokend.h @@ -41,7 +41,6 @@ // class FaultRelay { public: - virtual ~FaultRelay(); virtual void relayFault(bool async) = 0; }; diff --git a/src/tokendatabase.cpp b/src/tokendatabase.cpp index 5d75cb6..8c9a087 100644 --- a/src/tokendatabase.cpp +++ b/src/tokendatabase.cpp @@ -40,9 +40,16 @@ TokenDbCommon::TokenDbCommon(Session &ssn, Token &tk, const char *name) : DbCommon(ssn), mDbName(name ? name : ""), mResetLevel(0) { + secdebug("tokendb", "creating tokendbcommon %p: with token %p", this, &tk); parent(tk); } +TokenDbCommon::~TokenDbCommon() +{ + secdebug("tokendb", "destroying tokendbcommon %p", this); + token().removeCommon(*this); // unregister from Token +} + Token &TokenDbCommon::token() const { return parent(); @@ -77,8 +84,8 @@ void TokenDbCommon::resetAcls() if (!mAdornments.empty()) { mAdornments.clearAdornments(); // clear ACL state session().removeReference(*this); // unhook from SSN - token().removeCommon(*this); // unregister from Token } + token().removeCommon(*this); // unregister from Token } @@ -94,7 +101,6 @@ void TokenDbCommon::lockProcessing() access().authenticate(CSSM_DB_ACCESS_RESET, NULL); } - // // Construct a TokenDatabase given subservice information. // We are currently ignoring the 'name' argument. diff --git a/src/tokendatabase.h b/src/tokendatabase.h index 60361c3..ee33030 100644 --- a/src/tokendatabase.h +++ b/src/tokendatabase.h @@ -55,7 +55,8 @@ class TokenDaemon; class TokenDbCommon : public DbCommon, public Adornable { public: TokenDbCommon(Session &ssn, Token &tk, const char *name); - + ~TokenDbCommon(); + Token &token() const; uint32 subservice() const { return token().subservice(); } @@ -65,7 +66,7 @@ public: void resetAcls(); void lockProcessing(); - + typedef Token::ResetGeneration ResetGeneration; private: diff --git a/src/transition.cpp b/src/transition.cpp index c83169b..63d12eb 100644 --- a/src/transition.cpp +++ b/src/transition.cpp @@ -189,8 +189,8 @@ kern_return_t ucsp_server_findFirst(UCSP_ARGS, DbHandle db, DATA_OUT(data), KeyHandle *hKey, SearchHandle *hSearch, RecordHandle *hRecord) { BEGIN_IPC - relocate (query, queryBase, queryLength); - relocate (inAttributes, inAttributesBase, inAttributesLength); + relocate(query, queryBase, queryLength); + relocate(inAttributes, inAttributesBase, inAttributesLength); RefPointer search; RefPointer record; @@ -212,16 +212,11 @@ kern_return_t ucsp_server_findFirst(UCSP_ARGS, DbHandle db, *hKey = key ? key->handle() : noKey; // return attributes (assumes relocated flat blob) - flips(outAttrs, outAttributes, outAttributesBase); - // flipCssmDbAttributeData(outAttrs, outAttributes, outAttributesBase); + flips(outAttrs, outAttributes, outAttributesBase); *outAttributesLength = outAttrsLength; // return data (temporary fix) if (getData) { - if (key) { - flip (*outData.interpretedAs()); - } - *data = outData.data(); *dataLength = outData.length(); } @@ -261,10 +256,6 @@ kern_return_t ucsp_server_findNext(UCSP_ARGS, SearchHandle hSearch, // return data (temporary fix) if (getData) { - if (key) { - flip (*outData.interpretedAs()); - } - *data = outData.data(); *dataLength = outData.length(); } @@ -296,10 +287,6 @@ kern_return_t ucsp_server_findRecordHandle(UCSP_ARGS, RecordHandle hRecord, // return data (temporary fix) if (getData) { - if (key) { - flip (*outData.interpretedAs()); - } - *data = outData.data(); *dataLength = outData.length(); } diff --git a/src/transwalkers.cpp b/src/transwalkers.cpp index 2a3055a..0d8fa4a 100644 --- a/src/transwalkers.cpp +++ b/src/transwalkers.cpp @@ -111,80 +111,3 @@ Database *pickDb(Database *db1, Database *db2) // none at all. use the canonical transient store return Server::optionalDatabase(noDb); } - - - -void fixDbAttributes (CssmDbAttributeData &data) -{ - /* - NOTE TO FUTURE MAINTAINERS OF THIS CODE: - - This code is called by two different routines; the relocation walker on the input attributes, and flips - on the output attributtes. This is bad, because the relocation walker flips the Info data structure, - and flips does not. We could fix this in flips, but flips is a template and does different things - depending on what its parameters are. As a result, the best place to do this is here. - */ - - // pull this data out first, so that it is unperverted once the flip occurs - unsigned limit = data.size (); - unsigned format = data.format (); - CssmData* values = data.values (); - - // flip if it is safe to do so - if (format > CSSM_DB_ATTRIBUTE_FORMAT_COMPLEX) // is the format screwed up? - { - flip (data.info ()); - limit = data.size (); - format = data.format (); - values = data.values (); - } - - unsigned i; - - for (i = 0; i < limit; ++i) - { - switch (format) - { - case CSSM_DB_ATTRIBUTE_FORMAT_UINT32: - Flippers::flip(*(uint32*) values[i].data ()); - break; - - case CSSM_DB_ATTRIBUTE_FORMAT_MULTI_UINT32: - { - CssmData& d = values[i]; - int numValues = d.length() / sizeof (UInt32); - int j; - UInt32* v = (UInt32*) d.data(); - for (j = 0; j < numValues; ++j) - { - Flippers::flip (v[j]); - } - } - break; - } - } -} - - - -void fixDbAttributes (CssmQuery &query) -{ - unsigned i; - unsigned numItems = query.size (); - for (i = 0; i < numItems; ++i) - { - fixDbAttributes(query.predicates()[i].attribute()); - } -} - - - -void fixDbAttributes (CssmDbRecordAttributeData &data) -{ - unsigned i; - unsigned numItems = data.size (); - for (i = 0; i < numItems; ++i) - { - fixDbAttributes(data.attributes()[i]); - } -} diff --git a/src/transwalkers.h b/src/transwalkers.h index e9476a7..148ed22 100644 --- a/src/transwalkers.h +++ b/src/transwalkers.h @@ -121,17 +121,6 @@ private: }; -// -// Fix DBAttributes, which have to be processed specially -// -void fixDbAttributes (CssmDbAttributeData &data); -void fixDbAttributes (CssmQuery &query); -void fixDbAttributes (CssmDbRecordAttributeData &data); - -template -void fixDbAttributes(T &n) {} // handle the default case - - // // Process an incoming (IPC) data blob of type T. // This relocates pointers to fit in the local address space, @@ -146,10 +135,6 @@ void relocate(T *obj, T *base, size_t size) CheckingReconstituteWalker relocator(obj, base, size, Server::process().byteFlipped()); walk(relocator, base); - - // resolve weird type interdependency in DB_ATTRIBUTE_DATA - if (Server::process().byteFlipped()) - fixDbAttributes(*obj); } } @@ -237,8 +222,6 @@ void flip(T &addr) } -void flipCssmDbAttributeData (CssmDbRecordAttributeData *value, CssmDbRecordAttributeData **&addr, CssmDbRecordAttributeData **&base); - // // Take an object at value, flip it, and return appropriately flipped // addr/base pointers ready to be returned through IPC. @@ -249,9 +232,6 @@ void flips(T *value, T ** &addr, T ** &base) { *addr = *base = value; if (flipClient()) { - // resolve weird type inter-dependency in DB_ATTRIBUTE_DATA - if (value) - fixDbAttributes(*value); FlipWalker w; // collector walk(w, value); // collect all flippings needed w.doFlips(); // execute flips (flips value but leaves addr alone) @@ -259,6 +239,7 @@ void flips(T *value, T ** &addr, T ** &base) } } + // // Take a DATA type RPC argument purportedly representing a Blob of some kind, // turn it into a Blob, and fail properly if it's not kosher. -- 2.45.2