1/* 2 * Copyright (c) 2000-2004,2006 Apple Computer, Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24 25// 26// sstransit - Securityd client side transition support. 27// 28#ifndef _H_SSTRANSIT 29#define _H_SSTRANSIT 30 31#include <securityd_client/ssclient.h> 32#include <security_cdsa_utilities/cssmwalkers.h> 33#include <security_cdsa_utilities/AuthorizationWalkers.h> 34#include <securityd_client/ucsp.h> 35#include <securityd_client/ucspNotify.h> 36 37namespace Security { 38namespace SecurityServer { 39 40 41// stock leading argument profile used by (almost) all calls 42#define UCSP_ARGS mGlobal().serverPort, mGlobal().thread().replyPort, &securitydCreds, &rcode 43 44// common invocation profile (don't use directly) 45#define IPCSTART(statement) \ 46 CSSM_RETURN rcode; security_token_t securitydCreds; check(statement) 47#define IPCEND \ 48 if (securitydCreds.val[0] != 0 IFDEBUG( && !getenv("SECURITYSERVER_NONROOT"))) \ 49 CssmError::throwMe(CSSM_ERRCODE_VERIFICATION_FAILURE) 50#define IPCEND_CHECK IPCEND; if (rcode != CSSM_OK) CssmError::throwMe(rcode); 51#define IPCN(statement) { \ 52 IPCSTART(statement); IPCEND_CHECK; \ 53 } 54#define IPC(statement) { activate(); IPCN(statement); } 55#define IPCKEY(statement, key, tag) { \ 56 activate(); IPCSTART(statement); IPCEND; \ 57 switch (rcode) { \ 58 case CSSMERR_CSP_APPLE_ADD_APPLICATION_ACL_SUBJECT: \ 59 notifyAclChange(key, tag); \ 60 case CSSM_OK: \ 61 break; \ 62 default: \ 63 CssmError::throwMe(rcode); \ 64 } \ 65} 66 67// pass mandatory or optional CssmData arguments into an IPC call 68#define DATA(arg) arg.data(), (mach_msg_type_number_t)(arg.length()) 69#define OPTIONALDATA(arg) (arg ? arg->data() : NULL), (mach_msg_type_number_t)(arg ? arg->length() : 0) 70 71// pass mandatory DataOutput argument into an IPC call 72#define DATA_OUT(arg) arg.data(), arg.length() 73 74// pass structured arguments in/out of IPC calls. See "data walkers" for details 75#define COPY(copy) copy, copy.length(), copy 76#define COPY_OUT(copy) ©, ©##Length, ©##Base 77#define COPY_OUT_DECL(type,name) type *name, *name##Base; mach_msg_type_number_t name##Length 78 79 80// 81// DataOutput manages an output CssmData argument. 82// 83class DataOutput { 84public: 85 DataOutput(CssmData &arg, Allocator &alloc) 86 : allocator(alloc), mTarget(&arg) { mData = NULL; mLength = 0; } 87 DataOutput(CssmData *arg, Allocator &alloc) 88 : allocator(alloc), mTarget(arg) { mData = NULL; mLength = 0; } 89 ~DataOutput(); 90 91 void **data() { return &mData; } 92 mach_msg_type_number_t *length() { return &mLength; } 93 94 Allocator &allocator; 95 96private: 97 CssmData *mTarget; 98 void *mData; 99 mach_msg_type_number_t mLength; 100}; 101 102 103// 104// Bundle up an AccessCredentials meant for a database, parsing it for 105// "special" samples that need extra evidence to be passed along. 106// 107class DatabaseAccessCredentials : public Copier<AccessCredentials> { 108public: 109 DatabaseAccessCredentials(const AccessCredentials *creds, Allocator &alloc); 110 111private: 112 void mapKeySample(CssmData &cspHandleData, CssmKey &key); 113}; 114 115 116// 117// Handle the standard CSSM data retrieval pattern (attribute vector+data) 118// 119class DataRetrieval : public Copier<CssmDbRecordAttributeData> { 120public: 121 DataRetrieval(CssmDbRecordAttributeData *&attrs, Allocator &alloc); 122 ~DataRetrieval(); 123 124 operator CssmDbRecordAttributeData **() { return &mAddr; } 125 operator mach_msg_type_number_t *() { return &mLength; } 126 CssmDbRecordAttributeData **base() { return &mBase; } 127 128private: 129 Allocator &mAllocator; 130 CssmDbRecordAttributeData *&mAttributes; 131 CssmDbRecordAttributeData *mAddr, *mBase; 132 mach_msg_type_number_t mLength; 133}; 134 135 136} // namespace SecurityServer 137} // namespace Security 138 139#endif //_H_SSTRANSIT 140