1/* 2 * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24#ifndef _SECURITY_MANIFEST_H_ 25#define _SECURITY_MANIFEST_H_ 26 27 28#include <Security/Security.h> 29#include <security_utilities/security_utilities.h> 30#include <security_utilities/cfclass.h> 31#include <security_cdsa_client/cspclient.h> 32#include "SecManifest.h" 33#include <vector> 34#include <set> 35 36 37// note: The error range for the file signing library is -22040 through -22079 38 39class ManifestItem; 40 41class CSSMInitializer 42{ 43protected: 44 static ModuleNexus<CSSMInitializer> mInstance; 45 46 CssmClient::Module mModule; 47 CssmClient::CSP mCSP; 48 49public: 50 CSSMInitializer (); 51 ~CSSMInitializer (); 52 53 static CssmClient::CSP* GetCSP (); 54}; 55 56 57 58const int kSHA1DigestSize = 20; 59typedef unsigned char SHA1Digest[kSHA1DigestSize]; 60 61typedef std::set<std::string> StringSet; 62 63class ManifestItemList : private std::vector<ManifestItem*> 64{ 65private: 66 67friend class FileSystemItemList; 68 69 typedef std::vector<ManifestItem*> ParentClass; 70 71 void ConvertToStringSet (const char* path, CFArrayRef array, StringSet& stringSet); 72 73protected: 74 void DecodeURL (CFURLRef url, char *pathBuffer, CFIndex maxBufLen); 75 void AddDataObject (CFDataRef data); 76 77public: 78 ManifestItemList (); 79 ~ManifestItemList (); 80 81 void AddFileSystemObject (char* path, StringSet& exceptions, bool isRoot, bool hasAppleDoubleResourceFork); 82 void AddObject (CFTypeRef object, CFArrayRef exceptionList); 83 84 using ParentClass::push_back; 85 using ParentClass::size; 86 // using ParentClass::operator[]; 87 88 ManifestItem* operator[] (int n) {return ParentClass::operator[] (n);} 89}; 90 91 92 93class FileSystemItemList : public ManifestItemList 94{ 95public: 96 void Compare (FileSystemItemList &itemList, bool compareOwnerAndGroup); 97}; 98 99 100 101class RootItemList : public ManifestItemList 102{ 103public: 104 void Compare (RootItemList& itemList, bool compareOwnerAndGroup); 105}; 106 107 108 109class ManifestInternal 110{ 111protected: 112 RootItemList mManifestItems; 113 114public: 115 ManifestInternal (); 116 117 virtual ~ManifestInternal (); 118 119 ManifestItemList& GetItemList () {return mManifestItems;} 120 121 static void CompareManifests (ManifestInternal& m1, ManifestInternal& m2, SecManifestCompareOptions options); 122}; 123 124 125 126enum ManifestItemType {kManifestDataBlobItemType, kManifestFileItemType, kManifestDirectoryItemType, kManifestSymLinkItemType, 127 kManifestOtherType}; 128 129// base class for our internal object representation 130class ManifestItem 131{ 132public: 133 virtual ~ManifestItem (); 134 135 virtual ManifestItemType GetItemType () = 0; 136 virtual void Compare (ManifestItem *manifestItem, bool compareOwnerAndGroup) = 0; 137}; 138 139 140 141class ManifestDataBlobItem : public ManifestItem 142{ 143protected: 144 SHA1Digest mSHA1Digest; 145 size_t mLength; 146 147public: 148 ManifestDataBlobItem (); 149 virtual ~ManifestDataBlobItem (); 150 151 ManifestItemType GetItemType (); 152 153 const SHA1Digest* GetDigest (); 154 void SetDigest (const SHA1Digest *sha1Digest); 155 size_t GetLength (); 156 void SetLength (size_t length); 157 void Compare (ManifestItem* item, bool compareOwnerAndGroup); 158}; 159 160 161 162class FileSystemEntryItem : public ManifestItem 163{ 164protected: 165 std::string mPath, mName; 166 uid_t mUserID; 167 gid_t mGroupID; 168 mode_t mMode; 169 170public: 171 FileSystemEntryItem (); 172 virtual ~FileSystemEntryItem (); 173 174 void SetName (char* name); 175 void SetPath (char* path); 176 void SetUID (uid_t uid); 177 void SetGID (gid_t gid); 178 void SetMode (mode_t mode); 179 180 const char* GetName () const; 181 const std::string& GetNameAsString () const {return mName;} 182 uid_t GetUID () const; 183 gid_t GetGID () const; 184 mode_t GetMode () const; 185 186 void Compare (ManifestItem *manifestItem, bool compareOwnerAndGroup); 187}; 188 189 190 191const int kMaxForks = 2; 192 193class ManifestFileItem : public FileSystemEntryItem 194{ 195protected: 196 SHA1Digest mDigest[kMaxForks]; 197 size_t mFileLengths[kMaxForks]; 198 199 bool FileSystemHasTrueForks (char* pathToFile); 200 bool HasResourceFork (char* path, std::string &pathName, struct stat &st); 201 std::string ResourceFileName (char* path); 202 bool FileIsMachOBinary (char* path); 203 void ComputeDigestForFile (char* path, SHA1Digest &digest, size_t &length, struct stat &st); 204 void ComputeDigestForAppleDoubleResourceFork (char* path, SHA1Digest &digest, size_t &length); 205 206 int mNumForks; 207 208public: 209 ManifestFileItem (); 210 virtual ~ManifestFileItem (); 211 212 u_int32_t GetNumberOfForks (); 213 void SetNumberOfForks (u_int32_t numForks); 214 void ComputeRepresentations (struct stat &st, bool hasAppleDoubleResourceFork); 215 void GetItemRepresentation (int whichFork, void* &itemRep, size_t &size); 216 void SetItemRepresentation (int whichFork, const void* itemRep, size_t size); 217 void SetForkLength (int whichFork, size_t length); 218 size_t GetForkLength (int whichFork); 219 220 ManifestItemType GetItemType (); 221 222 void Compare (ManifestItem *manifestItem, bool compareOwnerAndGroup); 223}; 224 225 226 227class ManifestDirectoryItem : public FileSystemEntryItem 228{ 229protected: 230 FileSystemItemList mDirectoryItems; 231 232public: 233 ManifestDirectoryItem (); 234 virtual ~ManifestDirectoryItem (); 235 236 void SetPath (char* path, StringSet &exceptions, bool isRoot); 237 ManifestItemType GetItemType (); 238 ManifestItemList& GetItemList () {return mDirectoryItems;} 239 240 void Compare (ManifestItem *manifestItem, bool compareOwnerAndGroup); 241}; 242 243 244 245class ManifestSymLinkItem : public FileSystemEntryItem 246{ 247protected: 248 std::string mContent; 249 SHA1Digest mDigest; 250 251public: 252 ManifestSymLinkItem (); 253 virtual ~ManifestSymLinkItem (); 254 255 const SHA1Digest* GetDigest (); 256 void SetDigest (const SHA1Digest* sha1Digest); 257 void ComputeRepresentation (); 258 ManifestItemType GetItemType (); 259 260 void Compare (ManifestItem *manifestItem, bool compareOwnerAndGroup); 261}; 262 263 264 265class ManifestOtherItem : public FileSystemEntryItem 266{ 267protected: 268 std::string mPath, mName; 269 270public: 271 ManifestOtherItem (); 272 virtual ~ManifestOtherItem (); 273 274 ManifestItemType GetItemType (); 275 276 void Compare (ManifestItem *manifestItem, bool compareOwnerAndGroup); 277}; 278 279#endif 280