1/*
2 * Copyright (c) 2000-2004,2006 Apple Computer, Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25//
26// sstransit - Securityd client side transition support.
27//
28#ifndef _H_SSTRANSIT
29#define _H_SSTRANSIT
30
31#include <securityd_client/ssclient.h>
32#include <security_cdsa_utilities/cssmwalkers.h>
33#include <security_cdsa_utilities/AuthorizationWalkers.h>
34#include <securityd_client/ucsp.h>
35#include <securityd_client/ucspNotify.h>
36
37namespace Security {
38namespace SecurityServer {
39
40
41// stock leading argument profile used by (almost) all calls
42#define UCSP_ARGS	mGlobal().serverPort, mGlobal().thread().replyPort, &securitydCreds, &rcode
43
44// common invocation profile (don't use directly)
45#define IPCSTART(statement) \
46	CSSM_RETURN rcode; security_token_t securitydCreds; check(statement)
47#define IPCEND \
48	if (securitydCreds.val[0] != 0   IFDEBUG( && !getenv("SECURITYSERVER_NONROOT"))) \
49		CssmError::throwMe(CSSM_ERRCODE_VERIFICATION_FAILURE)
50#define IPCEND_CHECK	IPCEND; if (rcode != CSSM_OK) CssmError::throwMe(rcode);
51#define IPCN(statement) { \
52	IPCSTART(statement); IPCEND_CHECK;  \
53	}
54#define IPC(statement)	{ activate(); IPCN(statement); }
55#define IPCKEY(statement, key, tag) { \
56	activate(); IPCSTART(statement); IPCEND; \
57	switch (rcode) { \
58	case CSSMERR_CSP_APPLE_ADD_APPLICATION_ACL_SUBJECT: \
59		notifyAclChange(key, tag); \
60	case CSSM_OK: \
61		break; \
62	default: \
63		CssmError::throwMe(rcode); \
64	} \
65}
66
67// pass mandatory or optional CssmData arguments into an IPC call
68#define DATA(arg)			arg.data(), (mach_msg_type_number_t)(arg.length())
69#define OPTIONALDATA(arg)	(arg ? arg->data() : NULL), (mach_msg_type_number_t)(arg ? arg->length() : 0)
70
71// pass mandatory DataOutput argument into an IPC call
72#define DATA_OUT(arg)                   arg.data(), arg.length()
73
74// pass structured arguments in/out of IPC calls. See "data walkers" for details
75#define COPY(copy)			copy, copy.length(), copy
76#define COPY_OUT(copy)		&copy, &copy##Length, &copy##Base
77#define COPY_OUT_DECL(type,name) type *name, *name##Base; mach_msg_type_number_t name##Length
78
79
80//
81// DataOutput manages an output CssmData argument.
82//
83class DataOutput {
84public:
85	DataOutput(CssmData &arg, Allocator &alloc)
86		: allocator(alloc), mTarget(&arg) { mData = NULL; mLength = 0; }
87	DataOutput(CssmData *arg, Allocator &alloc)
88		: allocator(alloc), mTarget(arg) { mData = NULL; mLength = 0; }
89	~DataOutput();
90
91	void **data() { return &mData; }
92	mach_msg_type_number_t *length() { return &mLength; }
93
94	Allocator &allocator;
95
96private:
97	CssmData *mTarget;
98	void *mData;
99	mach_msg_type_number_t mLength;
100};
101
102
103//
104// Bundle up an AccessCredentials meant for a database, parsing it for
105// "special" samples that need extra evidence to be passed along.
106//
107class DatabaseAccessCredentials : public Copier<AccessCredentials> {
108public:
109	DatabaseAccessCredentials(const AccessCredentials *creds, Allocator &alloc);
110
111private:
112	void mapKeySample(CssmData &cspHandleData, CssmKey &key);
113};
114
115
116//
117// Handle the standard CSSM data retrieval pattern (attribute vector+data)
118//
119class DataRetrieval : public Copier<CssmDbRecordAttributeData> {
120public:
121	DataRetrieval(CssmDbRecordAttributeData *&attrs, Allocator &alloc);
122	~DataRetrieval();
123
124	operator CssmDbRecordAttributeData **() { return &mAddr; }
125	operator mach_msg_type_number_t *() { return &mLength; }
126	CssmDbRecordAttributeData **base() { return &mBase; }
127
128private:
129	Allocator &mAllocator;
130	CssmDbRecordAttributeData *&mAttributes;
131	CssmDbRecordAttributeData *mAddr, *mBase;
132	mach_msg_type_number_t mLength;
133};
134
135
136} // namespace SecurityServer
137} // namespace Security
138
139#endif //_H_SSTRANSIT
140